From 038ac13df4fb95651c753e8144fb2a5712a907d2 Mon Sep 17 00:00:00 2001 From: Davide Salerno Date: Wed, 4 Feb 2026 17:47:54 +0100 Subject: [PATCH 1/7] NE-2334: Implement enhancement in OpenShift API to support for TLS curves in TLSProfile Signed-off-by: Davide Salerno --- .../TLSCurvePreferences.yaml | 311 + config/v1/types_tlssecurityprofile.go | 78 +- ...tor_01_apiservers-CustomNoUpgrade.crd.yaml | 80 +- ...ig-operator_01_apiservers-Default.crd.yaml | 48 +- ...01_apiservers-DevPreviewNoUpgrade.crd.yaml | 80 +- ...config-operator_01_apiservers-OKD.crd.yaml | 48 +- ...1_apiservers-TechPreviewNoUpgrade.crd.yaml | 80 +- config/v1/zz_generated.deepcopy.go | 5 + ..._generated.featuregated-crd-manifests.yaml | 8 +- .../AAA_ungated.yaml | 48 +- .../KMSEncryption.yaml | 48 +- .../KMSEncryptionProvider.yaml | 48 +- .../TLSCurvePreferences.yaml | 420 + .../v1/zz_generated.swagger_doc_generated.go | 13 +- features.md | 31 +- features/features.go | 22 +- .../TLSCurvePreferences.yaml | 291 + ...01_kubeletconfigs-CustomNoUpgrade.crd.yaml | 344 + ...-config_01_kubeletconfigs-Default.crd.yaml | 312 + ...ubeletconfigs-DevPreviewNoUpgrade.crd.yaml | 344 + ...ine-config_01_kubeletconfigs-OKD.crd.yaml} | 49 +- ...beletconfigs-TechPreviewNoUpgrade.crd.yaml | 344 + ..._generated.featuregated-crd-manifests.yaml | 3 +- .../AAA_ungated.yaml | 48 +- .../TLSCurvePreferences.yaml | 344 + .../generated_openapi/zz_generated.openapi.go | 20430 +++-- openapi/openapi.json | 69484 ++++++++-------- .../TLSCurvePreferences.yaml | 384 + ...ngresscontrollers-CustomNoUpgrade.crd.yaml | 155 +- ...ess_00_ingresscontrollers-Default.crd.yaml | 60 +- ...sscontrollers-DevPreviewNoUpgrade.crd.yaml | 155 +- ...ingress_00_ingresscontrollers-OKD.crd.yaml | 57 +- ...scontrollers-TechPreviewNoUpgrade.crd.yaml | 155 +- ..._generated.featuregated-crd-manifests.yaml | 9 +- .../AAA_ungated.yaml | 57 +- .../TLSCurvePreferences.yaml | 3346 + ...tor_01_apiservers-CustomNoUpgrade.crd.yaml | 80 +- ...ig-operator_01_apiservers-Default.crd.yaml | 48 +- ...01_apiservers-DevPreviewNoUpgrade.crd.yaml | 80 +- ...config-operator_01_apiservers-OKD.crd.yaml | 48 +- ...1_apiservers-TechPreviewNoUpgrade.crd.yaml | 80 +- ...01_kubeletconfigs-CustomNoUpgrade.crd.yaml | 344 + ...-config_01_kubeletconfigs-Default.crd.yaml | 312 + ...ubeletconfigs-DevPreviewNoUpgrade.crd.yaml | 344 + ...ine-config_01_kubeletconfigs-OKD.crd.yaml} | 49 +- ...beletconfigs-TechPreviewNoUpgrade.crd.yaml | 344 + .../featureGate-4-10-Hypershift-Default.yaml | 65 +- ...e-4-10-Hypershift-DevPreviewNoUpgrade.yaml | 49 +- .../featureGate-4-10-Hypershift-OKD.yaml | 65 +- ...-4-10-Hypershift-TechPreviewNoUpgrade.yaml | 59 +- ...eatureGate-4-10-SelfManagedHA-Default.yaml | 81 +- ...-10-SelfManagedHA-DevPreviewNoUpgrade.yaml | 49 +- .../featureGate-4-10-SelfManagedHA-OKD.yaml | 81 +- ...10-SelfManagedHA-TechPreviewNoUpgrade.yaml | 59 +- 54 files changed, 53371 insertions(+), 46605 deletions(-) create mode 100644 config/v1/tests/apiservers.config.openshift.io/TLSCurvePreferences.yaml create mode 100644 config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSCurvePreferences.yaml create mode 100644 machineconfiguration/v1/tests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml create mode 100644 machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml create mode 100644 machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml create mode 100644 machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml rename machineconfiguration/v1/zz_generated.crd-manifests/{0000_80_machine-config_01_kubeletconfigs.crd.yaml => 0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml} (87%) create mode 100644 machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml create mode 100644 machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml create mode 100644 operator/v1/tests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml create mode 100644 operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml create mode 100644 payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml create mode 100644 payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml create mode 100644 payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml rename payload-manifests/crds/{0000_80_machine-config_01_kubeletconfigs.crd.yaml => 0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml} (87%) create mode 100644 payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml diff --git a/config/v1/tests/apiservers.config.openshift.io/TLSCurvePreferences.yaml b/config/v1/tests/apiservers.config.openshift.io/TLSCurvePreferences.yaml new file mode 100644 index 00000000000..8c64e86f331 --- /dev/null +++ b/config/v1/tests/apiservers.config.openshift.io/TLSCurvePreferences.yaml @@ -0,0 +1,311 @@ +apiVersion: apiextensions.k8s.io/v1 +name: "APIServer" +crdName: apiservers.config.openshift.io +featureGates: + - TLSCurvePreferences +tests: + onCreate: + - name: Should be able to create with Custom TLS profile and curves + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + curves: + - X25519 + - SecP256r1 + expected: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + audit: + profile: Default + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + curves: + - X25519 + - SecP256r1 + - name: Should be able to create with all supported curves + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + expected: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + audit: + profile: Default + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + - name: Should fail to create with Custom TLS profile and empty curves + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: [] + expectedError: "spec.tlsSecurityProfile.custom.curves in body should have at least 1 items" + - name: Should be able to create with Custom TLS profile and curves omitted + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + expected: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + audit: + profile: Default + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + - name: Should be able to create with Custom TLS profile VersionTLS10 and curves + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS10 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - SecP256r1 + - SecP384r1 + expected: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + audit: + profile: Default + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS10 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - SecP256r1 + - SecP384r1 + - name: Should be able to create with Custom TLS profile VersionTLS11 and curves + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS11 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - SecP384r1 + expected: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + audit: + profile: Default + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS11 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - SecP384r1 + - name: Should fail to create with more than 5 curves + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + - X25519 + expectedError: "spec.tlsSecurityProfile.custom.curves: Too many: 6: must have at most 5 items" + - name: Should fail to create with invalid curve value + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - InvalidCurve + expectedError: "spec.tlsSecurityProfile.custom.curves[0]: Unsupported value: \"InvalidCurve\": supported values: \"X25519\", \"SecP256r1\", \"SecP384r1\", \"SecP521r1\", \"X25519MLKEM768\"" + onUpdate: + - name: Should be able to add curves to existing Custom TLS profile + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + updated: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + audit: + profile: Default + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - X25519 + - SecP256r1 + expected: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + audit: + profile: Default + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - X25519 + - SecP256r1 + - name: Should be able to update curves in existing Custom TLS profile + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - X25519 + updated: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + audit: + profile: Default + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - SecP256r1 + - SecP384r1 + expected: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + audit: + profile: Default + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - SecP256r1 + - SecP384r1 + - name: Should fail to remove all curves from existing Custom TLS profile + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - X25519 + - SecP256r1 + updated: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + audit: + profile: Default + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: [] + expectedError: "spec.tlsSecurityProfile.custom.curves in body should have at least 1 items" diff --git a/config/v1/types_tlssecurityprofile.go b/config/v1/types_tlssecurityprofile.go index 48657b08947..33fab07827c 100644 --- a/config/v1/types_tlssecurityprofile.go +++ b/config/v1/types_tlssecurityprofile.go @@ -23,6 +23,9 @@ type TLSSecurityProfile struct { // old is a TLS profile for use when services need to be accessed by very old // clients or libraries and should be used only as a last resort. // + // The curve list includes by default the following curves: + // X25519, SecP256r1, SecP384r1, X25519MLKEM768. + // // This profile is equivalent to a Custom profile specified as: // minTLSVersion: VersionTLS10 // ciphers: @@ -56,6 +59,9 @@ type TLSSecurityProfile struct { // legacy clients and want to remain highly secure while being compatible with // most clients currently in use. // + // The curve list includes by default the following curves: + // X25519, SecP256r1, SecP384r1, X25519MLKEM768. + // // This profile is equivalent to a Custom profile specified as: // minTLSVersion: VersionTLS12 // ciphers: @@ -75,7 +81,8 @@ type TLSSecurityProfile struct { // modern is a TLS security profile for use with clients that support TLS 1.3 and // do not need backward compatibility for older clients. - // + // The curve list includes by default the following curves: + // X25519, SecP256r1, SecP384r1, X25519MLKEM768. // This profile is equivalent to a Custom profile specified as: // minTLSVersion: VersionTLS13 // ciphers: @@ -88,8 +95,11 @@ type TLSSecurityProfile struct { Modern *ModernTLSProfile `json:"modern,omitempty"` // custom is a user-defined TLS security profile. Be extremely careful using a custom - // profile as invalid configurations can be catastrophic. An example custom profile - // looks like this: + // profile as invalid configurations can be catastrophic. + // + // The curve list for this profile is empty by default. + // + // An example custom profile looks like this: // // minTLSVersion: VersionTLS11 // ciphers: @@ -142,6 +152,27 @@ const ( TLSProfileCustomType TLSProfileType = "Custom" ) +// TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. +// There is a one-to-one mapping between these names and the curve IDs defined +// in crypto/tls package based on IANA's "TLS Supported Groups" registry: +// https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 +// +// +kubebuilder:validation:Enum=X25519;SecP256r1;SecP384r1;SecP521r1;X25519MLKEM768 +type TLSCurve string + +const ( + // TLSCurveX25519 represents X25519. + TLSCurveX25519 TLSCurve = "X25519" + // TLSCurveSecp256r1 represents P-256 (secp256r1). + TLSCurveSecp256r1 TLSCurve = "SecP256r1" + // TLSCurveSecp384r1 represents P-384 (secp384r1). + TLSCurveSecp384r1 TLSCurve = "SecP384r1" + // TLSCurveSecp521r1 represents P-521 (secp521r1). + TLSCurveSecp521r1 TLSCurve = "SecP521r1" + // TLSCurveX25519MLKEM768 represents X25519MLKEM768. + TLSCurveX25519MLKEM768 TLSCurve = "X25519MLKEM768" +) + // TLSProfileSpec is the desired behavior of a TLSSecurityProfile. type TLSProfileSpec struct { // ciphers is used to specify the cipher algorithms that are negotiated @@ -155,6 +186,26 @@ type TLSProfileSpec struct { // and are always enabled when TLS 1.3 is negotiated. // +listType=atomic Ciphers []string `json:"ciphers"` + // curves is an optional field used to specify the elliptic curves that are used during + // the TLS handshake. Operators may remove entries their operands do + // not support. + // + // When omitted, this means no opinion and the platform is left to choose reasonable defaults which are + // subject to change over time and may be different per platform component depending on the underlying TLS + // libraries they use. If specified, the list must contain at least one curve. + // + // For example, to use X25519 and SecP256r1 (yaml): + // + // curves: + // - X25519 + // - SecP256r1 + // + // +optional + // +listType=set + // +kubebuilder:validation:MaxItems=5 + // +kubebuilder:validation:MinItems=1 + // +openshift:enable:FeatureGate=TLSCurvePreferences + Curves []TLSCurve `json:"curves,omitempty"` // minTLSVersion is used to specify the minimal version of the TLS protocol // that is negotiated during the TLS handshake. For example, to use TLS // versions 1.1, 1.2 and 1.3 (yaml): @@ -193,6 +244,9 @@ const ( // Each Ciphers slice is the configuration's "ciphersuites" followed by the // Go-specific "ciphers" from the guidelines JSON. // +// TLSProfiles Old, Intermediate, Modern include by default the following +// curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768 +// // NOTE: The caller needs to make sure to check that these constants are valid // for their binary. Not all entries map to values for all binaries. In the case // of ties, the kube-apiserver wins. Do not fail, just be sure to include only @@ -222,6 +276,12 @@ var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ "AES256-SHA", "DES-CBC3-SHA", }, + Curves: []TLSCurve{ + TLSCurveX25519, + TLSCurveSecp256r1, + TLSCurveSecp384r1, + TLSCurveX25519MLKEM768, + }, MinTLSVersion: VersionTLS10, }, TLSProfileIntermediateType: { @@ -236,6 +296,12 @@ var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ "ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-CHACHA20-POLY1305", }, + Curves: []TLSCurve{ + TLSCurveX25519, + TLSCurveSecp256r1, + TLSCurveSecp384r1, + TLSCurveX25519MLKEM768, + }, MinTLSVersion: VersionTLS12, }, TLSProfileModernType: { @@ -244,6 +310,12 @@ var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ "TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256", }, + Curves: []TLSCurve{ + TLSCurveX25519, + TLSCurveSecp256r1, + TLSCurveSecp384r1, + TLSCurveX25519MLKEM768, + }, MinTLSVersion: VersionTLS13, }, } diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml index d2ba7fc3253..12e5d935da3 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml @@ -338,8 +338,11 @@ spec: custom: description: |- custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: minTLSVersion: VersionTLS11 ciphers: @@ -352,18 +355,47 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is an optional field used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. + + When omitted, this means no opinion and the platform is left to choose reasonable defaults which are + subject to change over time and may be different per platform component depending on the underlying TLS + libraries they use. If specified, the list must contain at least one curve. + + For example, to use X25519 and SecP256r1 (yaml): + + curves: + - X25519 + - SecP256r1 + items: + description: |- + TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. + There is a one-to-one mapping between these names and the curve IDs defined + in crypto/tls package based on IANA's "TLS Supported Groups" registry: + https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + enum: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + type: string + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: set minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol @@ -384,6 +416,12 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 ciphers: @@ -396,13 +434,16 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -416,6 +457,12 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 ciphers: @@ -428,15 +475,23 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 + - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -447,10 +502,9 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml index 272d49db0e3..32e3cf9b8bd 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml @@ -233,8 +233,11 @@ spec: custom: description: |- custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: minTLSVersion: VersionTLS11 ciphers: @@ -247,14 +250,11 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array @@ -279,6 +279,12 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 ciphers: @@ -291,13 +297,16 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -311,6 +320,12 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 ciphers: @@ -323,15 +338,23 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 + - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -342,10 +365,9 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml index cabbd04bb71..9bc55b2073c 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml @@ -338,8 +338,11 @@ spec: custom: description: |- custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: minTLSVersion: VersionTLS11 ciphers: @@ -352,18 +355,47 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is an optional field used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. + + When omitted, this means no opinion and the platform is left to choose reasonable defaults which are + subject to change over time and may be different per platform component depending on the underlying TLS + libraries they use. If specified, the list must contain at least one curve. + + For example, to use X25519 and SecP256r1 (yaml): + + curves: + - X25519 + - SecP256r1 + items: + description: |- + TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. + There is a one-to-one mapping between these names and the curve IDs defined + in crypto/tls package based on IANA's "TLS Supported Groups" registry: + https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + enum: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + type: string + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: set minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol @@ -384,6 +416,12 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 ciphers: @@ -396,13 +434,16 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -416,6 +457,12 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 ciphers: @@ -428,15 +475,23 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 + - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -447,10 +502,9 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml index 3c81a12e872..a5677d9b594 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml @@ -233,8 +233,11 @@ spec: custom: description: |- custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: minTLSVersion: VersionTLS11 ciphers: @@ -247,14 +250,11 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array @@ -279,6 +279,12 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 ciphers: @@ -291,13 +297,16 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -311,6 +320,12 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 ciphers: @@ -323,15 +338,23 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 + - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -342,10 +365,9 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml index b21c31dd439..809806f3720 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml @@ -270,8 +270,11 @@ spec: custom: description: |- custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: minTLSVersion: VersionTLS11 ciphers: @@ -284,18 +287,47 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is an optional field used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. + + When omitted, this means no opinion and the platform is left to choose reasonable defaults which are + subject to change over time and may be different per platform component depending on the underlying TLS + libraries they use. If specified, the list must contain at least one curve. + + For example, to use X25519 and SecP256r1 (yaml): + + curves: + - X25519 + - SecP256r1 + items: + description: |- + TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. + There is a one-to-one mapping between these names and the curve IDs defined + in crypto/tls package based on IANA's "TLS Supported Groups" registry: + https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + enum: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + type: string + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: set minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol @@ -316,6 +348,12 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 ciphers: @@ -328,13 +366,16 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -348,6 +389,12 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 ciphers: @@ -360,15 +407,23 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 + - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -379,10 +434,9 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/config/v1/zz_generated.deepcopy.go b/config/v1/zz_generated.deepcopy.go index a604d2f634a..35267e8489b 100644 --- a/config/v1/zz_generated.deepcopy.go +++ b/config/v1/zz_generated.deepcopy.go @@ -6246,6 +6246,11 @@ func (in *TLSProfileSpec) DeepCopyInto(out *TLSProfileSpec) { *out = make([]string, len(*in)) copy(*out, *in) } + if in.Curves != nil { + in, out := &in.Curves, &out.Curves + *out = make([]TLSCurve, len(*in)) + copy(*out, *in) + } return } diff --git a/config/v1/zz_generated.featuregated-crd-manifests.yaml b/config/v1/zz_generated.featuregated-crd-manifests.yaml index 173dd1daf28..bac1ac4c831 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests.yaml @@ -8,7 +8,7 @@ apiservers.config.openshift.io: FeatureGates: - KMSEncryption - KMSEncryptionProvider - - TLSAdherence + - TLSCurvePreferences FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" @@ -145,7 +145,6 @@ clusterversions.config.openshift.io: Category: "" FeatureGates: - ClusterUpdateAcceptRisks - - ClusterUpdatePreflight - ImageStreamImportMode - SignatureStores FilenameOperatorName: cluster-version-operator @@ -206,8 +205,7 @@ dnses.config.openshift.io: CRDName: dnses.config.openshift.io Capability: "" Category: "" - FeatureGates: - - AWSEuropeanSovereignCloudInstall + FeatureGates: [] FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" @@ -374,6 +372,8 @@ infrastructures.config.openshift.io: - DualReplica - DyanmicServiceEndpointIBMCloud - GCPClusterHostedDNSInstall + - HighlyAvailableArbiter + - HighlyAvailableArbiter+DualReplica - NutanixMultiSubnets - OnPremDNSRecords - VSphereHostVMGroupZonal diff --git a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/AAA_ungated.yaml b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/AAA_ungated.yaml index cf5221c2f45..14dccbabaf1 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/AAA_ungated.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/AAA_ungated.yaml @@ -233,8 +233,11 @@ spec: custom: description: |- custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: minTLSVersion: VersionTLS11 ciphers: @@ -247,14 +250,11 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array @@ -279,6 +279,12 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 ciphers: @@ -291,13 +297,16 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -311,6 +320,12 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 ciphers: @@ -323,15 +338,23 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 + - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -342,10 +365,9 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryption.yaml b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryption.yaml index a2ef296269b..e879458c8ce 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryption.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryption.yaml @@ -234,8 +234,11 @@ spec: custom: description: |- custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: minTLSVersion: VersionTLS11 ciphers: @@ -248,14 +251,11 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array @@ -280,6 +280,12 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 ciphers: @@ -292,13 +298,16 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -312,6 +321,12 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 ciphers: @@ -324,15 +339,23 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 + - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -343,10 +366,9 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml index 0a9b213ea67..ddd39480293 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml @@ -302,8 +302,11 @@ spec: custom: description: |- custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: minTLSVersion: VersionTLS11 ciphers: @@ -316,14 +319,11 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array @@ -348,6 +348,12 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 ciphers: @@ -360,13 +366,16 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -380,6 +389,12 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 ciphers: @@ -392,15 +407,23 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 + - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -411,10 +434,9 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSCurvePreferences.yaml b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSCurvePreferences.yaml new file mode 100644 index 00000000000..5ca0e619e3d --- /dev/null +++ b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSCurvePreferences.yaml @@ -0,0 +1,420 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/470 + api.openshift.io/filename-cvo-runlevel: "0000_10" + api.openshift.io/filename-operator: config-operator + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/TLSCurvePreferences: "true" + release.openshift.io/bootstrap-required: "true" + name: apiservers.config.openshift.io +spec: + group: config.openshift.io + names: + kind: APIServer + listKind: APIServerList + plural: apiservers + singular: apiserver + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + APIServer holds configuration (like serving certificates, client CA and CORS domains) + shared by all API servers in the system, among them especially kube-apiserver + and openshift-apiserver. The canonical name of an instance is 'cluster'. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + properties: + additionalCORSAllowedOrigins: + description: |- + additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the + API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth + server from JavaScript applications. + The values are regular expressions that correspond to the Golang regular expression language. + items: + type: string + type: array + x-kubernetes-list-type: atomic + audit: + default: + profile: Default + description: |- + audit specifies the settings for audit configuration to be applied to all OpenShift-provided + API servers in the cluster. + properties: + customRules: + description: |- + customRules specify profiles per group. These profile take precedence over the + top-level profile field if they apply. They are evaluation from top to bottom and + the first one that matches, applies. + items: + description: |- + AuditCustomRule describes a custom rule for an audit profile that takes precedence over + the top-level profile. + properties: + group: + description: group is a name of group a request user must + be member of in order to this profile to apply. + minLength: 1 + type: string + profile: + description: |- + profile specifies the name of the desired audit policy configuration to be deployed to + all OpenShift-provided API servers in the cluster. + + The following profiles are provided: + - Default: the existing default policy. + - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for + write requests (create, update, patch). + - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response + HTTP payloads for read requests (get, list). + - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. + + If unset, the 'Default' profile is used as the default. + enum: + - Default + - WriteRequestBodies + - AllRequestBodies + - None + type: string + required: + - group + - profile + type: object + type: array + x-kubernetes-list-map-keys: + - group + x-kubernetes-list-type: map + profile: + default: Default + description: |- + profile specifies the name of the desired top-level audit profile to be applied to all requests + sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, + openshift-apiserver and oauth-apiserver), with the exception of those requests that match + one or more of the customRules. + + The following profiles are provided: + - Default: default policy which means MetaData level logging with the exception of events + (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody + level). + - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for + write requests (create, update, patch). + - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response + HTTP payloads for read requests (get, list). + - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens. + + Warning: It is not recommended to disable audit logging by using the `None` profile unless you + are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. + If you disable audit logging and a support situation arises, you might need to enable audit logging + and reproduce the issue in order to troubleshoot properly. + + If unset, the 'Default' profile is used as the default. + enum: + - Default + - WriteRequestBodies + - AllRequestBodies + - None + type: string + type: object + clientCA: + description: |- + clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for + incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. + You usually only have to set this if you have your own PKI you wish to honor client certificates from. + The ConfigMap must exist in the openshift-config namespace and contain the following required fields: + - ConfigMap.Data["ca-bundle.crt"] - CA bundle. + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + required: + - name + type: object + encryption: + description: encryption allows the configuration of encryption of + resources at the datastore layer. + properties: + type: + description: |- + type defines what encryption type should be used to encrypt resources at the datastore layer. + When this field is unset (i.e. when it is set to the empty string), identity is implied. + The behavior of unset can and will change over time. Even if encryption is enabled by default, + the meaning of unset may change to a different encryption type based on changes in best practices. + + When encryption is enabled, all sensitive resources shipped with the platform are encrypted. + This list of sensitive resources can and will change over time. The current authoritative list is: + + 1. secrets + 2. configmaps + 3. routes.route.openshift.io + 4. oauthaccesstokens.oauth.openshift.io + 5. oauthauthorizetokens.oauth.openshift.io + type: string + type: object + servingCerts: + description: |- + servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates + will be used for serving secure traffic. + properties: + namedCertificates: + description: |- + namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. + If no named certificates are provided, or no named certificates match the server name as understood by a client, + the defaultServingCertificate will be used. + items: + description: APIServerNamedServingCert maps a server DNS name, + as understood by a client, to a certificate. + properties: + names: + description: |- + names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to + serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. + Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names. + items: + type: string + maxItems: 64 + type: array + x-kubernetes-list-type: atomic + servingCertificate: + description: |- + servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. + The secret must exist in the openshift-config namespace and contain the following required fields: + - Secret.Data["tls.key"] - TLS private key. + - Secret.Data["tls.crt"] - TLS certificate. + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + required: + - name + type: object + type: object + maxItems: 32 + type: array + x-kubernetes-list-type: atomic + type: object + tlsSecurityProfile: + description: |- + tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. + + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is the Intermediate profile. + properties: + custom: + description: |- + custom is a user-defined TLS security profile. Be extremely careful using a custom + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: + + minTLSVersion: VersionTLS11 + ciphers: + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + nullable: true + properties: + ciphers: + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + ciphers: + - DES-CBC3-SHA + items: + type: string + type: array + x-kubernetes-list-type: atomic + curves: + description: |- + curves is an optional field used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. + + When omitted, this means no opinion and the platform is left to choose reasonable defaults which are + subject to change over time and may be different per platform component depending on the underlying TLS + libraries they use. If specified, the list must contain at least one curve. + + For example, to use X25519 and SecP256r1 (yaml): + + curves: + - X25519 + - SecP256r1 + items: + description: |- + TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. + There is a one-to-one mapping between these names and the curve IDs defined + in crypto/tls package based on IANA's "TLS Supported Groups" registry: + https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + enum: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + type: string + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: set + minTLSVersion: + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + minTLSVersion: VersionTLS11 + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + intermediate: + description: |- + intermediate is a TLS profile for use when you do not need compatibility with + legacy clients and want to remain highly secure while being compatible with + most clients currently in use. + + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + nullable: true + type: object + modern: + description: |- + modern is a TLS security profile for use with clients that support TLS 1.3 and + do not need backward compatibility for older clients. + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS13 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + nullable: true + type: object + old: + description: |- + old is a TLS profile for use when services need to be accessed by very old + clients or libraries and should be used only as a last resort. + + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS10 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 + - ECDHE-ECDSA-AES128-SHA256 + - ECDHE-RSA-AES128-SHA256 + - ECDHE-ECDSA-AES128-SHA + - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 + - ECDHE-ECDSA-AES256-SHA + - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 + - AES128-GCM-SHA256 + - AES256-GCM-SHA384 + - AES128-SHA256 + - AES256-SHA256 + - AES128-SHA + - AES256-SHA + - DES-CBC3-SHA + nullable: true + type: object + type: + description: |- + type is one of Old, Intermediate, Modern or Custom. Custom provides the + ability to specify individual TLS security profile parameters. + + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + + The profiles are intent based, so they may change over time as new ciphers are + developed and existing ciphers are found to be insecure. Depending on + precisely which ciphers are available to a process, the list may be reduced. + enum: + - Old + - Intermediate + - Modern + - Custom + type: string + type: object + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/v1/zz_generated.swagger_doc_generated.go b/config/v1/zz_generated.swagger_doc_generated.go index 4a5346dba88..f19eecdec90 100644 --- a/config/v1/zz_generated.swagger_doc_generated.go +++ b/config/v1/zz_generated.swagger_doc_generated.go @@ -3008,7 +3008,8 @@ func (OldTLSProfile) SwaggerDoc() map[string]string { var map_TLSProfileSpec = map[string]string{ "": "TLSProfileSpec is the desired behavior of a TLSSecurityProfile.", - "ciphers": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries that their operands do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml):\n\n ciphers:\n - ECDHE-RSA-AES128-GCM-SHA256\n\nTLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable and are always enabled when TLS 1.3 is negotiated.", + "ciphers": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", + "curves": "curves is an optional field used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one curve.\n\nFor example, to use X25519 and SecP256r1 (yaml):\n\n curves:\n - X25519\n - SecP256r1", "minTLSVersion": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11", } @@ -3018,11 +3019,11 @@ func (TLSProfileSpec) SwaggerDoc() map[string]string { var map_TLSSecurityProfile = map[string]string{ "": "TLSSecurityProfile defines the schema for a TLS security profile. This object is used by operators to apply TLS security settings to operands.", - "type": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe profiles are based on version 5.7 of the Mozilla Server Side TLS configuration guidelines. The cipher lists consist of the configuration's \"ciphersuites\" followed by the Go-specific \"ciphers\" from the guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.", - "old": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", - "intermediate": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305", - "modern": "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256", - "custom": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this:\n\n minTLSVersion: VersionTLS11\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256", + "type": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe profiles are currently based on version 5.0 of the Mozilla Server Side TLS configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.", + "old": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe cipher list includes TLS 1.3 ciphers for forward compatibility, followed by the \"old\" profile ciphers.\n\nThe curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n - DHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - DHE-RSA-AES128-SHA256\n - DHE-RSA-AES256-SHA256\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", + "intermediate": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe cipher list includes TLS 1.3 ciphers for forward compatibility, followed by the \"intermediate\" profile ciphers.\n\nThe curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384", + "modern": "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256", + "custom": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic.\n\nThe curve list for this profile is empty by default.\n\nAn example custom profile looks like this:\n\n minTLSVersion: VersionTLS11\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256", } func (TLSSecurityProfile) SwaggerDoc() map[string]string { diff --git a/features.md b/features.md index 0746864de9d..c1827b5aae2 100644 --- a/features.md +++ b/features.md @@ -8,32 +8,26 @@ | ShortCertRotation| | | | | | | | | | ClusterAPIComputeInstall| | | Enabled | Enabled | | | | | | ClusterAPIControlPlaneInstall| | | Enabled | Enabled | | | | | -| ClusterUpdatePreflight| | | Enabled | Enabled | | | | | -| ConfidentialCluster| | | Enabled | Enabled | | | | | | Example2| | | Enabled | Enabled | | | | | -| ExternalOIDCExternalClaimsSourcing| | | Enabled | Enabled | | | | | | ExternalSnapshotMetadata| | | Enabled | Enabled | | | | | | KMSEncryptionProvider| | | Enabled | Enabled | | | | | -| MachineAPIMigrationVSphere| | | Enabled | Enabled | | | | | | NetworkConnect| | | Enabled | Enabled | | | | | | NewOLMBoxCutterRuntime| | | | Enabled | | | | Enabled | | NewOLMCatalogdAPIV1Metas| | | | Enabled | | | | Enabled | -| NewOLMConfigAPI| | | | Enabled | | | | Enabled | -| NewOLMOwnSingleNamespace| | | | Enabled | | | | Enabled | | NewOLMPreflightPermissionChecks| | | | Enabled | | | | Enabled | | NoRegistryClusterInstall| | | | Enabled | | | | Enabled | | ProvisioningRequestAvailable| | | Enabled | Enabled | | | | | -| VSphereMultiVCenterDay2| | | Enabled | Enabled | | | | | | AWSClusterHostedDNS| | | Enabled | Enabled | | | Enabled | Enabled | | AWSClusterHostedDNSInstall| | | Enabled | Enabled | | | Enabled | Enabled | | AWSDedicatedHosts| | | Enabled | Enabled | | | Enabled | Enabled | | AWSDualStackInstall| | | Enabled | Enabled | | | Enabled | Enabled | -| AWSEuropeanSovereignCloudInstall| | | Enabled | Enabled | | | Enabled | Enabled | -| AdditionalStorageConfig| | | Enabled | Enabled | | | Enabled | Enabled | +| AWSServiceLBNetworkSecurityGroup| | | Enabled | Enabled | | | Enabled | Enabled | | AutomatedEtcdBackup| | | Enabled | Enabled | | | Enabled | Enabled | +| AzureClusterHostedDNSInstall| | | Enabled | Enabled | | | Enabled | Enabled | | AzureDedicatedHosts| | | Enabled | Enabled | | | Enabled | Enabled | | AzureDualStackInstall| | | Enabled | Enabled | | | Enabled | Enabled | | AzureMultiDisk| | | Enabled | Enabled | | | Enabled | Enabled | +| BootImageSkewEnforcement| | | Enabled | Enabled | | | Enabled | Enabled | | BootcNodeManagement| | | Enabled | Enabled | | | Enabled | Enabled | | CBORServingAndStorage| | | Enabled | Enabled | | | Enabled | Enabled | | CRDCompatibilityRequirementOperator| | | Enabled | Enabled | | | Enabled | Enabled | @@ -80,35 +74,43 @@ | MultiDiskSetup| | | Enabled | Enabled | | | Enabled | Enabled | | MutatingAdmissionPolicy| | | Enabled | Enabled | | | Enabled | Enabled | | NewOLM| | Enabled | | Enabled | | Enabled | | Enabled | +| NewOLMOwnSingleNamespace| | Enabled | | Enabled | | Enabled | | Enabled | | NewOLMWebhookProviderOpenshiftServiceCA| | Enabled | | Enabled | | Enabled | | Enabled | -| NoOverlayMode| | | Enabled | Enabled | | | Enabled | Enabled | | NutanixMultiSubnets| | | Enabled | Enabled | | | Enabled | Enabled | | OSStreams| | | Enabled | Enabled | | | Enabled | Enabled | | OVNObservability| | | Enabled | Enabled | | | Enabled | Enabled | | OnPremDNSRecords| | | Enabled | Enabled | | | Enabled | Enabled | | SELinuxMount| | | Enabled | Enabled | | | Enabled | Enabled | | SignatureStores| | | Enabled | Enabled | | | Enabled | Enabled | -| TLSAdherence| | | Enabled | Enabled | | | Enabled | Enabled | +| TLSCurvePreferences| | | Enabled | Enabled | | | Enabled | Enabled | | VSphereConfigurableMaxAllowedBlockVolumesPerNode| | | Enabled | Enabled | | | Enabled | Enabled | +| VSphereHostVMGroupZonal| | | Enabled | Enabled | | | Enabled | Enabled | | VSphereMixedNodeEnv| | | Enabled | Enabled | | | Enabled | Enabled | | VolumeGroupSnapshot| | | Enabled | Enabled | | | Enabled | Enabled | -| AWSServiceLBNetworkSecurityGroup| | Enabled | Enabled | Enabled | | Enabled | Enabled | Enabled | -| AzureClusterHostedDNSInstall| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | AzureWorkloadIdentity| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| BootImageSkewEnforcement| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | BuildCSIVolumes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ConsolePluginContentSecurityPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ExternalOIDC| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ExternalOIDCWithUIDAndExtraClaimMappings| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | GCPClusterHostedDNSInstall| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| GatewayAPI| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| GatewayAPIController| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| HighlyAvailableArbiter| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ImageStreamImportMode| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| ImageVolume| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | InsightsConfig| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | InsightsOnDemandDataGather| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | KMSv1| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| MachineConfigNodes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| ManagedBootImages| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| ManagedBootImagesAWS| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| ManagedBootImagesAzure| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ManagedBootImagesCPMS| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| ManagedBootImagesvSphere| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | MetricsCollectionProfiles| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | MutableCSINodeAllocatableCount| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | OpenShiftPodSecurityAdmission| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| PinnedImages| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | RouteExternalCertificate| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ServiceAccountTokenNodeBinding| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | SigstoreImageVerification| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | @@ -117,6 +119,5 @@ | UpgradeStatus| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | UserNamespacesPodSecurityStandards| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | UserNamespacesSupport| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| VSphereHostVMGroupZonal| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | VSphereMultiDisk| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | VSphereMultiNetworks| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | diff --git a/features/features.go b/features/features.go index 9b56faf67df..2d7d25f6b37 100644 --- a/features/features.go +++ b/features/features.go @@ -1021,11 +1021,19 @@ var ( enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). mustRegister() - FeatureGateConfidentialCluster = newFeatureGate("ConfidentialCluster"). - reportProblemsToJiraComponent("ConfidentialClusters"). - contactPerson("fjin"). - productScope(ocpSpecific). - enhancementPR("https://github.com/openshift/enhancements/pull/1962"). - enable(inDevPreviewNoUpgrade()). - mustRegister() + FeatureGateConfidentialCluster = newFeatureGate("ConfidentialCluster"). + reportProblemsToJiraComponent("ConfidentialClusters"). + contactPerson("fjin"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1962"). + enable(inDevPreviewNoUpgrade()). + mustRegister() + + FeatureGateTLSCurvePreferences = newFeatureGate("TLSCurvePreferences"). + reportProblemsToJiraComponent("Networking"). + contactPerson("davidesalerno"). + productScope(ocpSpecific). + enhancementPR("https://github.com/openshift/enhancements/pull/1894"). + enable(inDevPreviewNoUpgrade(), inTechPreviewNoUpgrade()). + mustRegister() ) diff --git a/machineconfiguration/v1/tests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml b/machineconfiguration/v1/tests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml new file mode 100644 index 00000000000..91c35ef490e --- /dev/null +++ b/machineconfiguration/v1/tests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml @@ -0,0 +1,291 @@ +apiVersion: apiextensions.k8s.io/v1 +name: "KubeletConfig" +crdName: kubeletconfigs.machineconfiguration.openshift.io +featureGates: + - TLSCurvePreferences +tests: + onCreate: + - name: Should be able to create with Custom TLS profile and curves + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + curves: + - X25519 + - SecP256r1 + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + curves: + - X25519 + - SecP256r1 + - name: Should be able to create with all supported curves + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + - name: Should fail to create with Custom TLS profile and empty curves + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: [] + expectedError: "spec.tlsSecurityProfile.custom.curves in body should have at least 1 items" + - name: Should be able to create with Custom TLS profile and curves omitted + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + - name: Should be able to create with Custom TLS profile VersionTLS10 and curves + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS10 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - SecP256r1 + - SecP384r1 + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS10 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - SecP256r1 + - SecP384r1 + - name: Should be able to create with Custom TLS profile VersionTLS11 and curves + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS11 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - SecP384r1 + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS11 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - SecP384r1 + - name: Should fail to create with more than 5 curves + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + - X25519 + expectedError: "spec.tlsSecurityProfile.custom.curves: Too many: 6: must have at most 5 items" + - name: Should fail to create with invalid curve value + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - InvalidCurve + expectedError: "spec.tlsSecurityProfile.custom.curves[0]: Unsupported value: \"InvalidCurve\": supported values: \"X25519\", \"SecP256r1\", \"SecP384r1\", \"SecP521r1\", \"X25519MLKEM768\"" + onUpdate: + - name: Should be able to add curves to existing Custom TLS profile + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + updated: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - X25519 + - SecP256r1 + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - X25519 + - SecP256r1 + - name: Should be able to update curves in existing Custom TLS profile + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - X25519 + updated: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - SecP256r1 + - SecP384r1 + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - SecP256r1 + - SecP384r1 + - name: Should fail to remove all curves from existing Custom TLS profile + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - X25519 + - SecP256r1 + updated: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: [] + expectedError: "spec.tlsSecurityProfile.custom.curves in body should have at least 1 items" diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml new file mode 100644 index 00000000000..70203c6c034 --- /dev/null +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml @@ -0,0 +1,344 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: CustomNoUpgrade + labels: + openshift.io/operator-managed: "" + name: kubeletconfigs.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: KubeletConfig + listKind: KubeletConfigList + plural: kubeletconfigs + singular: kubeletconfig + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + KubeletConfig describes a customized Kubelet configuration. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec contains the desired kubelet configuration. + properties: + autoSizingReserved: + type: boolean + kubeletConfig: + description: |- + kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by + OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from + upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes + for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable. + type: object + x-kubernetes-preserve-unknown-fields: true + logLevel: + format: int32 + type: integer + machineConfigPoolSelector: + description: |- + machineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. + A nil selector will result in no pools being selected. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + tlsSecurityProfile: + description: |- + If unset, the default is based on the apiservers.config.openshift.io/cluster resource. + Note that only Old and Intermediate profiles are currently supported, and + the maximum available minTLSVersion is VersionTLS12. + properties: + custom: + description: |- + custom is a user-defined TLS security profile. Be extremely careful using a custom + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: + + minTLSVersion: VersionTLS11 + ciphers: + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + nullable: true + properties: + ciphers: + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + ciphers: + - DES-CBC3-SHA + items: + type: string + type: array + x-kubernetes-list-type: atomic + curves: + description: |- + curves is an optional field used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. + + When omitted, this means no opinion and the platform is left to choose reasonable defaults which are + subject to change over time and may be different per platform component depending on the underlying TLS + libraries they use. If specified, the list must contain at least one curve. + + For example, to use X25519 and SecP256r1 (yaml): + + curves: + - X25519 + - SecP256r1 + items: + description: |- + TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. + There is a one-to-one mapping between these names and the curve IDs defined + in crypto/tls package based on IANA's "TLS Supported Groups" registry: + https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + enum: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + type: string + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: set + minTLSVersion: + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + minTLSVersion: VersionTLS11 + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + intermediate: + description: |- + intermediate is a TLS profile for use when you do not need compatibility with + legacy clients and want to remain highly secure while being compatible with + most clients currently in use. + + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + nullable: true + type: object + modern: + description: |- + modern is a TLS security profile for use with clients that support TLS 1.3 and + do not need backward compatibility for older clients. + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS13 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + nullable: true + type: object + old: + description: |- + old is a TLS profile for use when services need to be accessed by very old + clients or libraries and should be used only as a last resort. + + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS10 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 + - ECDHE-ECDSA-AES128-SHA256 + - ECDHE-RSA-AES128-SHA256 + - ECDHE-ECDSA-AES128-SHA + - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 + - ECDHE-ECDSA-AES256-SHA + - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 + - AES128-GCM-SHA256 + - AES256-GCM-SHA384 + - AES128-SHA256 + - AES256-SHA256 + - AES128-SHA + - AES256-SHA + - DES-CBC3-SHA + nullable: true + type: object + type: + description: |- + type is one of Old, Intermediate, Modern or Custom. Custom provides the + ability to specify individual TLS security profile parameters. + + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + + The profiles are intent based, so they may change over time as new ciphers are + developed and existing ciphers are found to be insecure. Depending on + precisely which ciphers are available to a process, the list may be reduced. + enum: + - Old + - Intermediate + - Modern + - Custom + type: string + type: object + type: object + status: + description: status contains observed information about the kubelet configuration. + properties: + conditions: + description: conditions represents the latest available observations + of current state. + items: + description: KubeletConfigCondition defines the state of the KubeletConfig + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status object. + format: date-time + nullable: true + type: string + message: + description: |- + message provides additional information about the current condition. + This is only to be consumed by humans. + type: string + reason: + description: reason is the reason for the condition's last transition. Reasons + are PascalCase + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the state of the operator's reconciliation + functionality. + type: string + type: object + type: array + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml new file mode 100644 index 00000000000..4f4862bef74 --- /dev/null +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml @@ -0,0 +1,312 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: Default + labels: + openshift.io/operator-managed: "" + name: kubeletconfigs.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: KubeletConfig + listKind: KubeletConfigList + plural: kubeletconfigs + singular: kubeletconfig + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + KubeletConfig describes a customized Kubelet configuration. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec contains the desired kubelet configuration. + properties: + autoSizingReserved: + type: boolean + kubeletConfig: + description: |- + kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by + OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from + upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes + for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable. + type: object + x-kubernetes-preserve-unknown-fields: true + logLevel: + format: int32 + type: integer + machineConfigPoolSelector: + description: |- + machineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. + A nil selector will result in no pools being selected. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + tlsSecurityProfile: + description: |- + If unset, the default is based on the apiservers.config.openshift.io/cluster resource. + Note that only Old and Intermediate profiles are currently supported, and + the maximum available minTLSVersion is VersionTLS12. + properties: + custom: + description: |- + custom is a user-defined TLS security profile. Be extremely careful using a custom + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: + + minTLSVersion: VersionTLS11 + ciphers: + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + nullable: true + properties: + ciphers: + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + ciphers: + - DES-CBC3-SHA + items: + type: string + type: array + x-kubernetes-list-type: atomic + minTLSVersion: + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + minTLSVersion: VersionTLS11 + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + intermediate: + description: |- + intermediate is a TLS profile for use when you do not need compatibility with + legacy clients and want to remain highly secure while being compatible with + most clients currently in use. + + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + nullable: true + type: object + modern: + description: |- + modern is a TLS security profile for use with clients that support TLS 1.3 and + do not need backward compatibility for older clients. + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS13 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + nullable: true + type: object + old: + description: |- + old is a TLS profile for use when services need to be accessed by very old + clients or libraries and should be used only as a last resort. + + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS10 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 + - ECDHE-ECDSA-AES128-SHA256 + - ECDHE-RSA-AES128-SHA256 + - ECDHE-ECDSA-AES128-SHA + - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 + - ECDHE-ECDSA-AES256-SHA + - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 + - AES128-GCM-SHA256 + - AES256-GCM-SHA384 + - AES128-SHA256 + - AES256-SHA256 + - AES128-SHA + - AES256-SHA + - DES-CBC3-SHA + nullable: true + type: object + type: + description: |- + type is one of Old, Intermediate, Modern or Custom. Custom provides the + ability to specify individual TLS security profile parameters. + + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + + The profiles are intent based, so they may change over time as new ciphers are + developed and existing ciphers are found to be insecure. Depending on + precisely which ciphers are available to a process, the list may be reduced. + enum: + - Old + - Intermediate + - Modern + - Custom + type: string + type: object + type: object + status: + description: status contains observed information about the kubelet configuration. + properties: + conditions: + description: conditions represents the latest available observations + of current state. + items: + description: KubeletConfigCondition defines the state of the KubeletConfig + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status object. + format: date-time + nullable: true + type: string + message: + description: |- + message provides additional information about the current condition. + This is only to be consumed by humans. + type: string + reason: + description: reason is the reason for the condition's last transition. Reasons + are PascalCase + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the state of the operator's reconciliation + functionality. + type: string + type: object + type: array + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..309a946b023 --- /dev/null +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,344 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + labels: + openshift.io/operator-managed: "" + name: kubeletconfigs.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: KubeletConfig + listKind: KubeletConfigList + plural: kubeletconfigs + singular: kubeletconfig + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + KubeletConfig describes a customized Kubelet configuration. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec contains the desired kubelet configuration. + properties: + autoSizingReserved: + type: boolean + kubeletConfig: + description: |- + kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by + OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from + upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes + for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable. + type: object + x-kubernetes-preserve-unknown-fields: true + logLevel: + format: int32 + type: integer + machineConfigPoolSelector: + description: |- + machineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. + A nil selector will result in no pools being selected. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + tlsSecurityProfile: + description: |- + If unset, the default is based on the apiservers.config.openshift.io/cluster resource. + Note that only Old and Intermediate profiles are currently supported, and + the maximum available minTLSVersion is VersionTLS12. + properties: + custom: + description: |- + custom is a user-defined TLS security profile. Be extremely careful using a custom + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: + + minTLSVersion: VersionTLS11 + ciphers: + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + nullable: true + properties: + ciphers: + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + ciphers: + - DES-CBC3-SHA + items: + type: string + type: array + x-kubernetes-list-type: atomic + curves: + description: |- + curves is an optional field used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. + + When omitted, this means no opinion and the platform is left to choose reasonable defaults which are + subject to change over time and may be different per platform component depending on the underlying TLS + libraries they use. If specified, the list must contain at least one curve. + + For example, to use X25519 and SecP256r1 (yaml): + + curves: + - X25519 + - SecP256r1 + items: + description: |- + TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. + There is a one-to-one mapping between these names and the curve IDs defined + in crypto/tls package based on IANA's "TLS Supported Groups" registry: + https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + enum: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + type: string + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: set + minTLSVersion: + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + minTLSVersion: VersionTLS11 + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + intermediate: + description: |- + intermediate is a TLS profile for use when you do not need compatibility with + legacy clients and want to remain highly secure while being compatible with + most clients currently in use. + + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + nullable: true + type: object + modern: + description: |- + modern is a TLS security profile for use with clients that support TLS 1.3 and + do not need backward compatibility for older clients. + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS13 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + nullable: true + type: object + old: + description: |- + old is a TLS profile for use when services need to be accessed by very old + clients or libraries and should be used only as a last resort. + + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS10 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 + - ECDHE-ECDSA-AES128-SHA256 + - ECDHE-RSA-AES128-SHA256 + - ECDHE-ECDSA-AES128-SHA + - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 + - ECDHE-ECDSA-AES256-SHA + - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 + - AES128-GCM-SHA256 + - AES256-GCM-SHA384 + - AES128-SHA256 + - AES256-SHA256 + - AES128-SHA + - AES256-SHA + - DES-CBC3-SHA + nullable: true + type: object + type: + description: |- + type is one of Old, Intermediate, Modern or Custom. Custom provides the + ability to specify individual TLS security profile parameters. + + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + + The profiles are intent based, so they may change over time as new ciphers are + developed and existing ciphers are found to be insecure. Depending on + precisely which ciphers are available to a process, the list may be reduced. + enum: + - Old + - Intermediate + - Modern + - Custom + type: string + type: object + type: object + status: + description: status contains observed information about the kubelet configuration. + properties: + conditions: + description: conditions represents the latest available observations + of current state. + items: + description: KubeletConfigCondition defines the state of the KubeletConfig + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status object. + format: date-time + nullable: true + type: string + message: + description: |- + message provides additional information about the current condition. + This is only to be consumed by humans. + type: string + reason: + description: reason is the reason for the condition's last transition. Reasons + are PascalCase + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the state of the operator's reconciliation + functionality. + type: string + type: object + type: array + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml similarity index 87% rename from machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs.crd.yaml rename to machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml index 4be92099f4f..f108c4f6d98 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml @@ -6,6 +6,7 @@ metadata: api.openshift.io/merged-by-featuregates: "true" include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: OKD labels: openshift.io/operator-managed: "" name: kubeletconfigs.machineconfiguration.openshift.io @@ -131,8 +132,11 @@ spec: custom: description: |- custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: minTLSVersion: VersionTLS11 ciphers: @@ -145,14 +149,11 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array @@ -177,6 +178,12 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 ciphers: @@ -189,13 +196,16 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -209,6 +219,12 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 ciphers: @@ -221,15 +237,23 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 + - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -240,10 +264,9 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..faf7987cd1d --- /dev/null +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,344 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + labels: + openshift.io/operator-managed: "" + name: kubeletconfigs.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: KubeletConfig + listKind: KubeletConfigList + plural: kubeletconfigs + singular: kubeletconfig + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + KubeletConfig describes a customized Kubelet configuration. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec contains the desired kubelet configuration. + properties: + autoSizingReserved: + type: boolean + kubeletConfig: + description: |- + kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by + OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from + upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes + for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable. + type: object + x-kubernetes-preserve-unknown-fields: true + logLevel: + format: int32 + type: integer + machineConfigPoolSelector: + description: |- + machineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. + A nil selector will result in no pools being selected. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + tlsSecurityProfile: + description: |- + If unset, the default is based on the apiservers.config.openshift.io/cluster resource. + Note that only Old and Intermediate profiles are currently supported, and + the maximum available minTLSVersion is VersionTLS12. + properties: + custom: + description: |- + custom is a user-defined TLS security profile. Be extremely careful using a custom + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: + + minTLSVersion: VersionTLS11 + ciphers: + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + nullable: true + properties: + ciphers: + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + ciphers: + - DES-CBC3-SHA + items: + type: string + type: array + x-kubernetes-list-type: atomic + curves: + description: |- + curves is an optional field used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. + + When omitted, this means no opinion and the platform is left to choose reasonable defaults which are + subject to change over time and may be different per platform component depending on the underlying TLS + libraries they use. If specified, the list must contain at least one curve. + + For example, to use X25519 and SecP256r1 (yaml): + + curves: + - X25519 + - SecP256r1 + items: + description: |- + TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. + There is a one-to-one mapping between these names and the curve IDs defined + in crypto/tls package based on IANA's "TLS Supported Groups" registry: + https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + enum: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + type: string + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: set + minTLSVersion: + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + minTLSVersion: VersionTLS11 + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + intermediate: + description: |- + intermediate is a TLS profile for use when you do not need compatibility with + legacy clients and want to remain highly secure while being compatible with + most clients currently in use. + + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + nullable: true + type: object + modern: + description: |- + modern is a TLS security profile for use with clients that support TLS 1.3 and + do not need backward compatibility for older clients. + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS13 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + nullable: true + type: object + old: + description: |- + old is a TLS profile for use when services need to be accessed by very old + clients or libraries and should be used only as a last resort. + + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS10 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 + - ECDHE-ECDSA-AES128-SHA256 + - ECDHE-RSA-AES128-SHA256 + - ECDHE-ECDSA-AES128-SHA + - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 + - ECDHE-ECDSA-AES256-SHA + - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 + - AES128-GCM-SHA256 + - AES256-GCM-SHA384 + - AES128-SHA256 + - AES256-SHA256 + - AES128-SHA + - AES256-SHA + - DES-CBC3-SHA + nullable: true + type: object + type: + description: |- + type is one of Old, Intermediate, Modern or Custom. Custom provides the + ability to specify individual TLS security profile parameters. + + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + + The profiles are intent based, so they may change over time as new ciphers are + developed and existing ciphers are found to be insecure. Depending on + precisely which ciphers are available to a process, the list may be reduced. + enum: + - Old + - Intermediate + - Modern + - Custom + type: string + type: object + type: object + status: + description: status contains observed information about the kubelet configuration. + properties: + conditions: + description: conditions represents the latest available observations + of current state. + items: + description: KubeletConfigCondition defines the state of the KubeletConfig + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status object. + format: date-time + nullable: true + type: string + message: + description: |- + message provides additional information about the current condition. + This is only to be consumed by humans. + type: string + reason: + description: reason is the reason for the condition's last transition. Reasons + are PascalCase + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the state of the operator's reconciliation + functionality. + type: string + type: object + type: array + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml index 7c95bd45af5..47c8aa68135 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml @@ -62,7 +62,8 @@ kubeletconfigs.machineconfiguration.openshift.io: CRDName: kubeletconfigs.machineconfiguration.openshift.io Capability: "" Category: "" - FeatureGates: [] + FeatureGates: + - TLSCurvePreferences FilenameOperatorName: machine-config FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_80" diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml index 7364c357a2f..ea3ef5f4e5d 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml @@ -132,8 +132,11 @@ spec: custom: description: |- custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: minTLSVersion: VersionTLS11 ciphers: @@ -146,14 +149,11 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array @@ -178,6 +178,12 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 ciphers: @@ -190,13 +196,16 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -210,6 +219,12 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 ciphers: @@ -222,15 +237,23 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 + - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -241,10 +264,9 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml new file mode 100644 index 00000000000..b349b320971 --- /dev/null +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml @@ -0,0 +1,344 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/filename-cvo-runlevel: "0000_80" + api.openshift.io/filename-operator: machine-config + api.openshift.io/filename-ordering: "01" + feature-gate.release.openshift.io/TLSCurvePreferences: "true" + labels: + openshift.io/operator-managed: "" + name: kubeletconfigs.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: KubeletConfig + listKind: KubeletConfigList + plural: kubeletconfigs + singular: kubeletconfig + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + KubeletConfig describes a customized Kubelet configuration. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec contains the desired kubelet configuration. + properties: + autoSizingReserved: + type: boolean + kubeletConfig: + description: |- + kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by + OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from + upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes + for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable. + type: object + x-kubernetes-preserve-unknown-fields: true + logLevel: + format: int32 + type: integer + machineConfigPoolSelector: + description: |- + machineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. + A nil selector will result in no pools being selected. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + tlsSecurityProfile: + description: |- + If unset, the default is based on the apiservers.config.openshift.io/cluster resource. + Note that only Old and Intermediate profiles are currently supported, and + the maximum available minTLSVersion is VersionTLS12. + properties: + custom: + description: |- + custom is a user-defined TLS security profile. Be extremely careful using a custom + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: + + minTLSVersion: VersionTLS11 + ciphers: + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + nullable: true + properties: + ciphers: + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + ciphers: + - DES-CBC3-SHA + items: + type: string + type: array + x-kubernetes-list-type: atomic + curves: + description: |- + curves is an optional field used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. + + When omitted, this means no opinion and the platform is left to choose reasonable defaults which are + subject to change over time and may be different per platform component depending on the underlying TLS + libraries they use. If specified, the list must contain at least one curve. + + For example, to use X25519 and SecP256r1 (yaml): + + curves: + - X25519 + - SecP256r1 + items: + description: |- + TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. + There is a one-to-one mapping between these names and the curve IDs defined + in crypto/tls package based on IANA's "TLS Supported Groups" registry: + https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + enum: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + type: string + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: set + minTLSVersion: + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + minTLSVersion: VersionTLS11 + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + intermediate: + description: |- + intermediate is a TLS profile for use when you do not need compatibility with + legacy clients and want to remain highly secure while being compatible with + most clients currently in use. + + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + nullable: true + type: object + modern: + description: |- + modern is a TLS security profile for use with clients that support TLS 1.3 and + do not need backward compatibility for older clients. + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS13 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + nullable: true + type: object + old: + description: |- + old is a TLS profile for use when services need to be accessed by very old + clients or libraries and should be used only as a last resort. + + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS10 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 + - ECDHE-ECDSA-AES128-SHA256 + - ECDHE-RSA-AES128-SHA256 + - ECDHE-ECDSA-AES128-SHA + - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 + - ECDHE-ECDSA-AES256-SHA + - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 + - AES128-GCM-SHA256 + - AES256-GCM-SHA384 + - AES128-SHA256 + - AES256-SHA256 + - AES128-SHA + - AES256-SHA + - DES-CBC3-SHA + nullable: true + type: object + type: + description: |- + type is one of Old, Intermediate, Modern or Custom. Custom provides the + ability to specify individual TLS security profile parameters. + + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + + The profiles are intent based, so they may change over time as new ciphers are + developed and existing ciphers are found to be insecure. Depending on + precisely which ciphers are available to a process, the list may be reduced. + enum: + - Old + - Intermediate + - Modern + - Custom + type: string + type: object + type: object + status: + description: status contains observed information about the kubelet configuration. + properties: + conditions: + description: conditions represents the latest available observations + of current state. + items: + description: KubeletConfigCondition defines the state of the KubeletConfig + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status object. + format: date-time + nullable: true + type: string + message: + description: |- + message provides additional information about the current condition. + This is only to be consumed by humans. + type: string + reason: + description: reason is the reason for the condition's last transition. Reasons + are PascalCase + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the state of the operator's reconciliation + functionality. + type: string + type: object + type: array + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index 967c191d6be..48bfdc64a99 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -6,13 +6,9 @@ package generated_openapi import ( - v1 "k8s.io/api/admissionregistration/v1" - authorizationv1 "k8s.io/api/authorization/v1" - corev1 "k8s.io/api/core/v1" - rbacv1 "k8s.io/api/rbac/v1" + v1 "k8s.io/api/core/v1" resource "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" intstr "k8s.io/apimachinery/pkg/util/intstr" common "k8s.io/kube-openapi/pkg/common" spec "k8s.io/kube-openapi/pkg/validation/spec" @@ -20,1713 +16,1693 @@ import ( func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition { return map[string]common.OpenAPIDefinition{ - "github.com/openshift/api/apiextensions/v1alpha1.APIExcludedField": schema_openshift_api_apiextensions_v1alpha1_APIExcludedField(ref), - "github.com/openshift/api/apiextensions/v1alpha1.APIVersions": schema_openshift_api_apiextensions_v1alpha1_APIVersions(ref), - "github.com/openshift/api/apiextensions/v1alpha1.CRDData": schema_openshift_api_apiextensions_v1alpha1_CRDData(ref), - "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirement": schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirement(ref), - "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirementList": schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirementList(ref), - "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirementSpec": schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirementSpec(ref), - "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirementStatus": schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirementStatus(ref), - "github.com/openshift/api/apiextensions/v1alpha1.CompatibilitySchema": schema_openshift_api_apiextensions_v1alpha1_CompatibilitySchema(ref), - "github.com/openshift/api/apiextensions/v1alpha1.CustomResourceDefinitionSchemaValidation": schema_openshift_api_apiextensions_v1alpha1_CustomResourceDefinitionSchemaValidation(ref), - "github.com/openshift/api/apiextensions/v1alpha1.ObjectSchemaValidation": schema_openshift_api_apiextensions_v1alpha1_ObjectSchemaValidation(ref), - "github.com/openshift/api/apiextensions/v1alpha1.ObservedCRD": schema_openshift_api_apiextensions_v1alpha1_ObservedCRD(ref), - "github.com/openshift/api/apiserver/v1.APIRequestCount": schema_openshift_api_apiserver_v1_APIRequestCount(ref), - "github.com/openshift/api/apiserver/v1.APIRequestCountList": schema_openshift_api_apiserver_v1_APIRequestCountList(ref), - "github.com/openshift/api/apiserver/v1.APIRequestCountSpec": schema_openshift_api_apiserver_v1_APIRequestCountSpec(ref), - "github.com/openshift/api/apiserver/v1.APIRequestCountStatus": schema_openshift_api_apiserver_v1_APIRequestCountStatus(ref), - "github.com/openshift/api/apiserver/v1.PerNodeAPIRequestLog": schema_openshift_api_apiserver_v1_PerNodeAPIRequestLog(ref), - "github.com/openshift/api/apiserver/v1.PerResourceAPIRequestLog": schema_openshift_api_apiserver_v1_PerResourceAPIRequestLog(ref), - "github.com/openshift/api/apiserver/v1.PerUserAPIRequestCount": schema_openshift_api_apiserver_v1_PerUserAPIRequestCount(ref), - "github.com/openshift/api/apiserver/v1.PerVerbAPIRequestCount": schema_openshift_api_apiserver_v1_PerVerbAPIRequestCount(ref), - "github.com/openshift/api/apps/v1.CustomDeploymentStrategyParams": schema_openshift_api_apps_v1_CustomDeploymentStrategyParams(ref), - "github.com/openshift/api/apps/v1.DeploymentCause": schema_openshift_api_apps_v1_DeploymentCause(ref), - "github.com/openshift/api/apps/v1.DeploymentCauseImageTrigger": schema_openshift_api_apps_v1_DeploymentCauseImageTrigger(ref), - "github.com/openshift/api/apps/v1.DeploymentCondition": schema_openshift_api_apps_v1_DeploymentCondition(ref), - "github.com/openshift/api/apps/v1.DeploymentConfig": schema_openshift_api_apps_v1_DeploymentConfig(ref), - "github.com/openshift/api/apps/v1.DeploymentConfigList": schema_openshift_api_apps_v1_DeploymentConfigList(ref), - "github.com/openshift/api/apps/v1.DeploymentConfigRollback": schema_openshift_api_apps_v1_DeploymentConfigRollback(ref), - "github.com/openshift/api/apps/v1.DeploymentConfigRollbackSpec": schema_openshift_api_apps_v1_DeploymentConfigRollbackSpec(ref), - "github.com/openshift/api/apps/v1.DeploymentConfigSpec": schema_openshift_api_apps_v1_DeploymentConfigSpec(ref), - "github.com/openshift/api/apps/v1.DeploymentConfigStatus": schema_openshift_api_apps_v1_DeploymentConfigStatus(ref), - "github.com/openshift/api/apps/v1.DeploymentDetails": schema_openshift_api_apps_v1_DeploymentDetails(ref), - "github.com/openshift/api/apps/v1.DeploymentLog": schema_openshift_api_apps_v1_DeploymentLog(ref), - "github.com/openshift/api/apps/v1.DeploymentLogOptions": schema_openshift_api_apps_v1_DeploymentLogOptions(ref), - "github.com/openshift/api/apps/v1.DeploymentRequest": schema_openshift_api_apps_v1_DeploymentRequest(ref), - "github.com/openshift/api/apps/v1.DeploymentStrategy": schema_openshift_api_apps_v1_DeploymentStrategy(ref), - "github.com/openshift/api/apps/v1.DeploymentTriggerImageChangeParams": schema_openshift_api_apps_v1_DeploymentTriggerImageChangeParams(ref), - "github.com/openshift/api/apps/v1.DeploymentTriggerPolicy": schema_openshift_api_apps_v1_DeploymentTriggerPolicy(ref), - "github.com/openshift/api/apps/v1.ExecNewPodHook": schema_openshift_api_apps_v1_ExecNewPodHook(ref), - "github.com/openshift/api/apps/v1.LifecycleHook": schema_openshift_api_apps_v1_LifecycleHook(ref), - "github.com/openshift/api/apps/v1.RecreateDeploymentStrategyParams": schema_openshift_api_apps_v1_RecreateDeploymentStrategyParams(ref), - "github.com/openshift/api/apps/v1.RollingDeploymentStrategyParams": schema_openshift_api_apps_v1_RollingDeploymentStrategyParams(ref), - "github.com/openshift/api/apps/v1.TagImageHook": schema_openshift_api_apps_v1_TagImageHook(ref), - "github.com/openshift/api/authorization/v1.Action": schema_openshift_api_authorization_v1_Action(ref), - "github.com/openshift/api/authorization/v1.ClusterRole": schema_openshift_api_authorization_v1_ClusterRole(ref), - "github.com/openshift/api/authorization/v1.ClusterRoleBinding": schema_openshift_api_authorization_v1_ClusterRoleBinding(ref), - "github.com/openshift/api/authorization/v1.ClusterRoleBindingList": schema_openshift_api_authorization_v1_ClusterRoleBindingList(ref), - "github.com/openshift/api/authorization/v1.ClusterRoleList": schema_openshift_api_authorization_v1_ClusterRoleList(ref), - "github.com/openshift/api/authorization/v1.GroupRestriction": schema_openshift_api_authorization_v1_GroupRestriction(ref), - "github.com/openshift/api/authorization/v1.IsPersonalSubjectAccessReview": schema_openshift_api_authorization_v1_IsPersonalSubjectAccessReview(ref), - "github.com/openshift/api/authorization/v1.LocalResourceAccessReview": schema_openshift_api_authorization_v1_LocalResourceAccessReview(ref), - "github.com/openshift/api/authorization/v1.LocalSubjectAccessReview": schema_openshift_api_authorization_v1_LocalSubjectAccessReview(ref), - "github.com/openshift/api/authorization/v1.NamedClusterRole": schema_openshift_api_authorization_v1_NamedClusterRole(ref), - "github.com/openshift/api/authorization/v1.NamedClusterRoleBinding": schema_openshift_api_authorization_v1_NamedClusterRoleBinding(ref), - "github.com/openshift/api/authorization/v1.NamedRole": schema_openshift_api_authorization_v1_NamedRole(ref), - "github.com/openshift/api/authorization/v1.NamedRoleBinding": schema_openshift_api_authorization_v1_NamedRoleBinding(ref), - "github.com/openshift/api/authorization/v1.PolicyRule": schema_openshift_api_authorization_v1_PolicyRule(ref), - "github.com/openshift/api/authorization/v1.ResourceAccessReview": schema_openshift_api_authorization_v1_ResourceAccessReview(ref), - "github.com/openshift/api/authorization/v1.ResourceAccessReviewResponse": schema_openshift_api_authorization_v1_ResourceAccessReviewResponse(ref), - "github.com/openshift/api/authorization/v1.Role": schema_openshift_api_authorization_v1_Role(ref), - "github.com/openshift/api/authorization/v1.RoleBinding": schema_openshift_api_authorization_v1_RoleBinding(ref), - "github.com/openshift/api/authorization/v1.RoleBindingList": schema_openshift_api_authorization_v1_RoleBindingList(ref), - "github.com/openshift/api/authorization/v1.RoleBindingRestriction": schema_openshift_api_authorization_v1_RoleBindingRestriction(ref), - "github.com/openshift/api/authorization/v1.RoleBindingRestrictionList": schema_openshift_api_authorization_v1_RoleBindingRestrictionList(ref), - "github.com/openshift/api/authorization/v1.RoleBindingRestrictionSpec": schema_openshift_api_authorization_v1_RoleBindingRestrictionSpec(ref), - "github.com/openshift/api/authorization/v1.RoleList": schema_openshift_api_authorization_v1_RoleList(ref), - "github.com/openshift/api/authorization/v1.SelfSubjectRulesReview": schema_openshift_api_authorization_v1_SelfSubjectRulesReview(ref), - "github.com/openshift/api/authorization/v1.SelfSubjectRulesReviewSpec": schema_openshift_api_authorization_v1_SelfSubjectRulesReviewSpec(ref), - "github.com/openshift/api/authorization/v1.ServiceAccountReference": schema_openshift_api_authorization_v1_ServiceAccountReference(ref), - "github.com/openshift/api/authorization/v1.ServiceAccountRestriction": schema_openshift_api_authorization_v1_ServiceAccountRestriction(ref), - "github.com/openshift/api/authorization/v1.SubjectAccessReview": schema_openshift_api_authorization_v1_SubjectAccessReview(ref), - "github.com/openshift/api/authorization/v1.SubjectAccessReviewResponse": schema_openshift_api_authorization_v1_SubjectAccessReviewResponse(ref), - "github.com/openshift/api/authorization/v1.SubjectRulesReview": schema_openshift_api_authorization_v1_SubjectRulesReview(ref), - "github.com/openshift/api/authorization/v1.SubjectRulesReviewSpec": schema_openshift_api_authorization_v1_SubjectRulesReviewSpec(ref), - "github.com/openshift/api/authorization/v1.SubjectRulesReviewStatus": schema_openshift_api_authorization_v1_SubjectRulesReviewStatus(ref), - "github.com/openshift/api/authorization/v1.UserRestriction": schema_openshift_api_authorization_v1_UserRestriction(ref), - "github.com/openshift/api/build/v1.BinaryBuildRequestOptions": schema_openshift_api_build_v1_BinaryBuildRequestOptions(ref), - "github.com/openshift/api/build/v1.BinaryBuildSource": schema_openshift_api_build_v1_BinaryBuildSource(ref), - "github.com/openshift/api/build/v1.BitbucketWebHookCause": schema_openshift_api_build_v1_BitbucketWebHookCause(ref), - "github.com/openshift/api/build/v1.Build": schema_openshift_api_build_v1_Build(ref), - "github.com/openshift/api/build/v1.BuildCondition": schema_openshift_api_build_v1_BuildCondition(ref), - "github.com/openshift/api/build/v1.BuildConfig": schema_openshift_api_build_v1_BuildConfig(ref), - "github.com/openshift/api/build/v1.BuildConfigList": schema_openshift_api_build_v1_BuildConfigList(ref), - "github.com/openshift/api/build/v1.BuildConfigSpec": schema_openshift_api_build_v1_BuildConfigSpec(ref), - "github.com/openshift/api/build/v1.BuildConfigStatus": schema_openshift_api_build_v1_BuildConfigStatus(ref), - "github.com/openshift/api/build/v1.BuildList": schema_openshift_api_build_v1_BuildList(ref), - "github.com/openshift/api/build/v1.BuildLog": schema_openshift_api_build_v1_BuildLog(ref), - "github.com/openshift/api/build/v1.BuildLogOptions": schema_openshift_api_build_v1_BuildLogOptions(ref), - "github.com/openshift/api/build/v1.BuildOutput": schema_openshift_api_build_v1_BuildOutput(ref), - "github.com/openshift/api/build/v1.BuildPostCommitSpec": schema_openshift_api_build_v1_BuildPostCommitSpec(ref), - "github.com/openshift/api/build/v1.BuildRequest": schema_openshift_api_build_v1_BuildRequest(ref), - "github.com/openshift/api/build/v1.BuildSource": schema_openshift_api_build_v1_BuildSource(ref), - "github.com/openshift/api/build/v1.BuildSpec": schema_openshift_api_build_v1_BuildSpec(ref), - "github.com/openshift/api/build/v1.BuildStatus": schema_openshift_api_build_v1_BuildStatus(ref), - "github.com/openshift/api/build/v1.BuildStatusOutput": schema_openshift_api_build_v1_BuildStatusOutput(ref), - "github.com/openshift/api/build/v1.BuildStatusOutputTo": schema_openshift_api_build_v1_BuildStatusOutputTo(ref), - "github.com/openshift/api/build/v1.BuildStrategy": schema_openshift_api_build_v1_BuildStrategy(ref), - "github.com/openshift/api/build/v1.BuildTriggerCause": schema_openshift_api_build_v1_BuildTriggerCause(ref), - "github.com/openshift/api/build/v1.BuildTriggerPolicy": schema_openshift_api_build_v1_BuildTriggerPolicy(ref), - "github.com/openshift/api/build/v1.BuildVolume": schema_openshift_api_build_v1_BuildVolume(ref), - "github.com/openshift/api/build/v1.BuildVolumeMount": schema_openshift_api_build_v1_BuildVolumeMount(ref), - "github.com/openshift/api/build/v1.BuildVolumeSource": schema_openshift_api_build_v1_BuildVolumeSource(ref), - "github.com/openshift/api/build/v1.CommonSpec": schema_openshift_api_build_v1_CommonSpec(ref), - "github.com/openshift/api/build/v1.CommonWebHookCause": schema_openshift_api_build_v1_CommonWebHookCause(ref), - "github.com/openshift/api/build/v1.ConfigMapBuildSource": schema_openshift_api_build_v1_ConfigMapBuildSource(ref), - "github.com/openshift/api/build/v1.CustomBuildStrategy": schema_openshift_api_build_v1_CustomBuildStrategy(ref), - "github.com/openshift/api/build/v1.DockerBuildStrategy": schema_openshift_api_build_v1_DockerBuildStrategy(ref), - "github.com/openshift/api/build/v1.DockerStrategyOptions": schema_openshift_api_build_v1_DockerStrategyOptions(ref), - "github.com/openshift/api/build/v1.GenericWebHookCause": schema_openshift_api_build_v1_GenericWebHookCause(ref), - "github.com/openshift/api/build/v1.GenericWebHookEvent": schema_openshift_api_build_v1_GenericWebHookEvent(ref), - "github.com/openshift/api/build/v1.GitBuildSource": schema_openshift_api_build_v1_GitBuildSource(ref), - "github.com/openshift/api/build/v1.GitHubWebHookCause": schema_openshift_api_build_v1_GitHubWebHookCause(ref), - "github.com/openshift/api/build/v1.GitInfo": schema_openshift_api_build_v1_GitInfo(ref), - "github.com/openshift/api/build/v1.GitLabWebHookCause": schema_openshift_api_build_v1_GitLabWebHookCause(ref), - "github.com/openshift/api/build/v1.GitRefInfo": schema_openshift_api_build_v1_GitRefInfo(ref), - "github.com/openshift/api/build/v1.GitSourceRevision": schema_openshift_api_build_v1_GitSourceRevision(ref), - "github.com/openshift/api/build/v1.ImageChangeCause": schema_openshift_api_build_v1_ImageChangeCause(ref), - "github.com/openshift/api/build/v1.ImageChangeTrigger": schema_openshift_api_build_v1_ImageChangeTrigger(ref), - "github.com/openshift/api/build/v1.ImageChangeTriggerStatus": schema_openshift_api_build_v1_ImageChangeTriggerStatus(ref), - "github.com/openshift/api/build/v1.ImageLabel": schema_openshift_api_build_v1_ImageLabel(ref), - "github.com/openshift/api/build/v1.ImageSource": schema_openshift_api_build_v1_ImageSource(ref), - "github.com/openshift/api/build/v1.ImageSourcePath": schema_openshift_api_build_v1_ImageSourcePath(ref), - "github.com/openshift/api/build/v1.ImageStreamTagReference": schema_openshift_api_build_v1_ImageStreamTagReference(ref), - "github.com/openshift/api/build/v1.JenkinsPipelineBuildStrategy": schema_openshift_api_build_v1_JenkinsPipelineBuildStrategy(ref), - "github.com/openshift/api/build/v1.ProxyConfig": schema_openshift_api_build_v1_ProxyConfig(ref), - "github.com/openshift/api/build/v1.SecretBuildSource": schema_openshift_api_build_v1_SecretBuildSource(ref), - "github.com/openshift/api/build/v1.SecretLocalReference": schema_openshift_api_build_v1_SecretLocalReference(ref), - "github.com/openshift/api/build/v1.SecretSpec": schema_openshift_api_build_v1_SecretSpec(ref), - "github.com/openshift/api/build/v1.SourceBuildStrategy": schema_openshift_api_build_v1_SourceBuildStrategy(ref), - "github.com/openshift/api/build/v1.SourceControlUser": schema_openshift_api_build_v1_SourceControlUser(ref), - "github.com/openshift/api/build/v1.SourceRevision": schema_openshift_api_build_v1_SourceRevision(ref), - "github.com/openshift/api/build/v1.SourceStrategyOptions": schema_openshift_api_build_v1_SourceStrategyOptions(ref), - "github.com/openshift/api/build/v1.StageInfo": schema_openshift_api_build_v1_StageInfo(ref), - "github.com/openshift/api/build/v1.StepInfo": schema_openshift_api_build_v1_StepInfo(ref), - "github.com/openshift/api/build/v1.WebHookTrigger": schema_openshift_api_build_v1_WebHookTrigger(ref), - "github.com/openshift/api/cloudnetwork/v1.CloudPrivateIPConfig": schema_openshift_api_cloudnetwork_v1_CloudPrivateIPConfig(ref), - "github.com/openshift/api/cloudnetwork/v1.CloudPrivateIPConfigSpec": schema_openshift_api_cloudnetwork_v1_CloudPrivateIPConfigSpec(ref), - "github.com/openshift/api/cloudnetwork/v1.CloudPrivateIPConfigStatus": schema_openshift_api_cloudnetwork_v1_CloudPrivateIPConfigStatus(ref), - "github.com/openshift/api/config/v1.APIServer": schema_openshift_api_config_v1_APIServer(ref), - "github.com/openshift/api/config/v1.APIServerEncryption": schema_openshift_api_config_v1_APIServerEncryption(ref), - "github.com/openshift/api/config/v1.APIServerList": schema_openshift_api_config_v1_APIServerList(ref), - "github.com/openshift/api/config/v1.APIServerNamedServingCert": schema_openshift_api_config_v1_APIServerNamedServingCert(ref), - "github.com/openshift/api/config/v1.APIServerServingCerts": schema_openshift_api_config_v1_APIServerServingCerts(ref), - "github.com/openshift/api/config/v1.APIServerSpec": schema_openshift_api_config_v1_APIServerSpec(ref), - "github.com/openshift/api/config/v1.APIServerStatus": schema_openshift_api_config_v1_APIServerStatus(ref), - "github.com/openshift/api/config/v1.AWSDNSSpec": schema_openshift_api_config_v1_AWSDNSSpec(ref), - "github.com/openshift/api/config/v1.AWSIngressSpec": schema_openshift_api_config_v1_AWSIngressSpec(ref), - "github.com/openshift/api/config/v1.AWSKMSConfig": schema_openshift_api_config_v1_AWSKMSConfig(ref), - "github.com/openshift/api/config/v1.AWSPlatformSpec": schema_openshift_api_config_v1_AWSPlatformSpec(ref), - "github.com/openshift/api/config/v1.AWSPlatformStatus": schema_openshift_api_config_v1_AWSPlatformStatus(ref), - "github.com/openshift/api/config/v1.AWSResourceTag": schema_openshift_api_config_v1_AWSResourceTag(ref), - "github.com/openshift/api/config/v1.AWSServiceEndpoint": schema_openshift_api_config_v1_AWSServiceEndpoint(ref), - "github.com/openshift/api/config/v1.AcceptRisk": schema_openshift_api_config_v1_AcceptRisk(ref), - "github.com/openshift/api/config/v1.AdmissionConfig": schema_openshift_api_config_v1_AdmissionConfig(ref), - "github.com/openshift/api/config/v1.AdmissionPluginConfig": schema_openshift_api_config_v1_AdmissionPluginConfig(ref), - "github.com/openshift/api/config/v1.AlibabaCloudPlatformSpec": schema_openshift_api_config_v1_AlibabaCloudPlatformSpec(ref), - "github.com/openshift/api/config/v1.AlibabaCloudPlatformStatus": schema_openshift_api_config_v1_AlibabaCloudPlatformStatus(ref), - "github.com/openshift/api/config/v1.AlibabaCloudResourceTag": schema_openshift_api_config_v1_AlibabaCloudResourceTag(ref), - "github.com/openshift/api/config/v1.Audit": schema_openshift_api_config_v1_Audit(ref), - "github.com/openshift/api/config/v1.AuditConfig": schema_openshift_api_config_v1_AuditConfig(ref), - "github.com/openshift/api/config/v1.AuditCustomRule": schema_openshift_api_config_v1_AuditCustomRule(ref), - "github.com/openshift/api/config/v1.Authentication": schema_openshift_api_config_v1_Authentication(ref), - "github.com/openshift/api/config/v1.AuthenticationList": schema_openshift_api_config_v1_AuthenticationList(ref), - "github.com/openshift/api/config/v1.AuthenticationSpec": schema_openshift_api_config_v1_AuthenticationSpec(ref), - "github.com/openshift/api/config/v1.AuthenticationStatus": schema_openshift_api_config_v1_AuthenticationStatus(ref), - "github.com/openshift/api/config/v1.AzurePlatformSpec": schema_openshift_api_config_v1_AzurePlatformSpec(ref), - "github.com/openshift/api/config/v1.AzurePlatformStatus": schema_openshift_api_config_v1_AzurePlatformStatus(ref), - "github.com/openshift/api/config/v1.AzureResourceTag": schema_openshift_api_config_v1_AzureResourceTag(ref), - "github.com/openshift/api/config/v1.BareMetalPlatformLoadBalancer": schema_openshift_api_config_v1_BareMetalPlatformLoadBalancer(ref), - "github.com/openshift/api/config/v1.BareMetalPlatformSpec": schema_openshift_api_config_v1_BareMetalPlatformSpec(ref), - "github.com/openshift/api/config/v1.BareMetalPlatformStatus": schema_openshift_api_config_v1_BareMetalPlatformStatus(ref), - "github.com/openshift/api/config/v1.BasicAuthIdentityProvider": schema_openshift_api_config_v1_BasicAuthIdentityProvider(ref), - "github.com/openshift/api/config/v1.Build": schema_openshift_api_config_v1_Build(ref), - "github.com/openshift/api/config/v1.BuildDefaults": schema_openshift_api_config_v1_BuildDefaults(ref), - "github.com/openshift/api/config/v1.BuildList": schema_openshift_api_config_v1_BuildList(ref), - "github.com/openshift/api/config/v1.BuildOverrides": schema_openshift_api_config_v1_BuildOverrides(ref), - "github.com/openshift/api/config/v1.BuildSpec": schema_openshift_api_config_v1_BuildSpec(ref), - "github.com/openshift/api/config/v1.CertInfo": schema_openshift_api_config_v1_CertInfo(ref), - "github.com/openshift/api/config/v1.ClientConnectionOverrides": schema_openshift_api_config_v1_ClientConnectionOverrides(ref), - "github.com/openshift/api/config/v1.CloudControllerManagerStatus": schema_openshift_api_config_v1_CloudControllerManagerStatus(ref), - "github.com/openshift/api/config/v1.CloudLoadBalancerConfig": schema_openshift_api_config_v1_CloudLoadBalancerConfig(ref), - "github.com/openshift/api/config/v1.CloudLoadBalancerIPs": schema_openshift_api_config_v1_CloudLoadBalancerIPs(ref), - "github.com/openshift/api/config/v1.ClusterCondition": schema_openshift_api_config_v1_ClusterCondition(ref), - "github.com/openshift/api/config/v1.ClusterImagePolicy": schema_openshift_api_config_v1_ClusterImagePolicy(ref), - "github.com/openshift/api/config/v1.ClusterImagePolicyList": schema_openshift_api_config_v1_ClusterImagePolicyList(ref), - "github.com/openshift/api/config/v1.ClusterImagePolicySpec": schema_openshift_api_config_v1_ClusterImagePolicySpec(ref), - "github.com/openshift/api/config/v1.ClusterImagePolicyStatus": schema_openshift_api_config_v1_ClusterImagePolicyStatus(ref), - "github.com/openshift/api/config/v1.ClusterNetworkEntry": schema_openshift_api_config_v1_ClusterNetworkEntry(ref), - "github.com/openshift/api/config/v1.ClusterOperator": schema_openshift_api_config_v1_ClusterOperator(ref), - "github.com/openshift/api/config/v1.ClusterOperatorList": schema_openshift_api_config_v1_ClusterOperatorList(ref), - "github.com/openshift/api/config/v1.ClusterOperatorSpec": schema_openshift_api_config_v1_ClusterOperatorSpec(ref), - "github.com/openshift/api/config/v1.ClusterOperatorStatus": schema_openshift_api_config_v1_ClusterOperatorStatus(ref), - "github.com/openshift/api/config/v1.ClusterOperatorStatusCondition": schema_openshift_api_config_v1_ClusterOperatorStatusCondition(ref), - "github.com/openshift/api/config/v1.ClusterVersion": schema_openshift_api_config_v1_ClusterVersion(ref), - "github.com/openshift/api/config/v1.ClusterVersionCapabilitiesSpec": schema_openshift_api_config_v1_ClusterVersionCapabilitiesSpec(ref), - "github.com/openshift/api/config/v1.ClusterVersionCapabilitiesStatus": schema_openshift_api_config_v1_ClusterVersionCapabilitiesStatus(ref), - "github.com/openshift/api/config/v1.ClusterVersionList": schema_openshift_api_config_v1_ClusterVersionList(ref), - "github.com/openshift/api/config/v1.ClusterVersionSpec": schema_openshift_api_config_v1_ClusterVersionSpec(ref), - "github.com/openshift/api/config/v1.ClusterVersionStatus": schema_openshift_api_config_v1_ClusterVersionStatus(ref), - "github.com/openshift/api/config/v1.ComponentOverride": schema_openshift_api_config_v1_ComponentOverride(ref), - "github.com/openshift/api/config/v1.ComponentRouteSpec": schema_openshift_api_config_v1_ComponentRouteSpec(ref), - "github.com/openshift/api/config/v1.ComponentRouteStatus": schema_openshift_api_config_v1_ComponentRouteStatus(ref), - "github.com/openshift/api/config/v1.ConditionalUpdate": schema_openshift_api_config_v1_ConditionalUpdate(ref), - "github.com/openshift/api/config/v1.ConditionalUpdateRisk": schema_openshift_api_config_v1_ConditionalUpdateRisk(ref), - "github.com/openshift/api/config/v1.ConfigMapFileReference": schema_openshift_api_config_v1_ConfigMapFileReference(ref), - "github.com/openshift/api/config/v1.ConfigMapNameReference": schema_openshift_api_config_v1_ConfigMapNameReference(ref), - "github.com/openshift/api/config/v1.Console": schema_openshift_api_config_v1_Console(ref), - "github.com/openshift/api/config/v1.ConsoleAuthentication": schema_openshift_api_config_v1_ConsoleAuthentication(ref), - "github.com/openshift/api/config/v1.ConsoleList": schema_openshift_api_config_v1_ConsoleList(ref), - "github.com/openshift/api/config/v1.ConsoleSpec": schema_openshift_api_config_v1_ConsoleSpec(ref), - "github.com/openshift/api/config/v1.ConsoleStatus": schema_openshift_api_config_v1_ConsoleStatus(ref), - "github.com/openshift/api/config/v1.Custom": schema_openshift_api_config_v1_Custom(ref), - "github.com/openshift/api/config/v1.CustomFeatureGates": schema_openshift_api_config_v1_CustomFeatureGates(ref), - "github.com/openshift/api/config/v1.CustomTLSProfile": schema_openshift_api_config_v1_CustomTLSProfile(ref), - "github.com/openshift/api/config/v1.DNS": schema_openshift_api_config_v1_DNS(ref), - "github.com/openshift/api/config/v1.DNSList": schema_openshift_api_config_v1_DNSList(ref), - "github.com/openshift/api/config/v1.DNSPlatformSpec": schema_openshift_api_config_v1_DNSPlatformSpec(ref), - "github.com/openshift/api/config/v1.DNSSpec": schema_openshift_api_config_v1_DNSSpec(ref), - "github.com/openshift/api/config/v1.DNSStatus": schema_openshift_api_config_v1_DNSStatus(ref), - "github.com/openshift/api/config/v1.DNSZone": schema_openshift_api_config_v1_DNSZone(ref), - "github.com/openshift/api/config/v1.DelegatedAuthentication": schema_openshift_api_config_v1_DelegatedAuthentication(ref), - "github.com/openshift/api/config/v1.DelegatedAuthorization": schema_openshift_api_config_v1_DelegatedAuthorization(ref), - "github.com/openshift/api/config/v1.DeprecatedWebhookTokenAuthenticator": schema_openshift_api_config_v1_DeprecatedWebhookTokenAuthenticator(ref), - "github.com/openshift/api/config/v1.EquinixMetalPlatformSpec": schema_openshift_api_config_v1_EquinixMetalPlatformSpec(ref), - "github.com/openshift/api/config/v1.EquinixMetalPlatformStatus": schema_openshift_api_config_v1_EquinixMetalPlatformStatus(ref), - "github.com/openshift/api/config/v1.EtcdConnectionInfo": schema_openshift_api_config_v1_EtcdConnectionInfo(ref), - "github.com/openshift/api/config/v1.EtcdStorageConfig": schema_openshift_api_config_v1_EtcdStorageConfig(ref), - "github.com/openshift/api/config/v1.ExternalIPConfig": schema_openshift_api_config_v1_ExternalIPConfig(ref), - "github.com/openshift/api/config/v1.ExternalIPPolicy": schema_openshift_api_config_v1_ExternalIPPolicy(ref), - "github.com/openshift/api/config/v1.ExternalPlatformSpec": schema_openshift_api_config_v1_ExternalPlatformSpec(ref), - "github.com/openshift/api/config/v1.ExternalPlatformStatus": schema_openshift_api_config_v1_ExternalPlatformStatus(ref), - "github.com/openshift/api/config/v1.ExtraMapping": schema_openshift_api_config_v1_ExtraMapping(ref), - "github.com/openshift/api/config/v1.FeatureGate": schema_openshift_api_config_v1_FeatureGate(ref), - "github.com/openshift/api/config/v1.FeatureGateAttributes": schema_openshift_api_config_v1_FeatureGateAttributes(ref), - "github.com/openshift/api/config/v1.FeatureGateDetails": schema_openshift_api_config_v1_FeatureGateDetails(ref), - "github.com/openshift/api/config/v1.FeatureGateList": schema_openshift_api_config_v1_FeatureGateList(ref), - "github.com/openshift/api/config/v1.FeatureGateSelection": schema_openshift_api_config_v1_FeatureGateSelection(ref), - "github.com/openshift/api/config/v1.FeatureGateSpec": schema_openshift_api_config_v1_FeatureGateSpec(ref), - "github.com/openshift/api/config/v1.FeatureGateStatus": schema_openshift_api_config_v1_FeatureGateStatus(ref), - "github.com/openshift/api/config/v1.FeatureGateTests": schema_openshift_api_config_v1_FeatureGateTests(ref), - "github.com/openshift/api/config/v1.GCPPlatformSpec": schema_openshift_api_config_v1_GCPPlatformSpec(ref), - "github.com/openshift/api/config/v1.GCPPlatformStatus": schema_openshift_api_config_v1_GCPPlatformStatus(ref), - "github.com/openshift/api/config/v1.GCPResourceLabel": schema_openshift_api_config_v1_GCPResourceLabel(ref), - "github.com/openshift/api/config/v1.GCPResourceTag": schema_openshift_api_config_v1_GCPResourceTag(ref), - "github.com/openshift/api/config/v1.GatherConfig": schema_openshift_api_config_v1_GatherConfig(ref), - "github.com/openshift/api/config/v1.GathererConfig": schema_openshift_api_config_v1_GathererConfig(ref), - "github.com/openshift/api/config/v1.Gatherers": schema_openshift_api_config_v1_Gatherers(ref), - "github.com/openshift/api/config/v1.GenericAPIServerConfig": schema_openshift_api_config_v1_GenericAPIServerConfig(ref), - "github.com/openshift/api/config/v1.GenericControllerConfig": schema_openshift_api_config_v1_GenericControllerConfig(ref), - "github.com/openshift/api/config/v1.GitHubIdentityProvider": schema_openshift_api_config_v1_GitHubIdentityProvider(ref), - "github.com/openshift/api/config/v1.GitLabIdentityProvider": schema_openshift_api_config_v1_GitLabIdentityProvider(ref), - "github.com/openshift/api/config/v1.GoogleIdentityProvider": schema_openshift_api_config_v1_GoogleIdentityProvider(ref), - "github.com/openshift/api/config/v1.HTPasswdIdentityProvider": schema_openshift_api_config_v1_HTPasswdIdentityProvider(ref), - "github.com/openshift/api/config/v1.HTTPServingInfo": schema_openshift_api_config_v1_HTTPServingInfo(ref), - "github.com/openshift/api/config/v1.HubSource": schema_openshift_api_config_v1_HubSource(ref), - "github.com/openshift/api/config/v1.HubSourceStatus": schema_openshift_api_config_v1_HubSourceStatus(ref), - "github.com/openshift/api/config/v1.IBMCloudPlatformSpec": schema_openshift_api_config_v1_IBMCloudPlatformSpec(ref), - "github.com/openshift/api/config/v1.IBMCloudPlatformStatus": schema_openshift_api_config_v1_IBMCloudPlatformStatus(ref), - "github.com/openshift/api/config/v1.IBMCloudServiceEndpoint": schema_openshift_api_config_v1_IBMCloudServiceEndpoint(ref), - "github.com/openshift/api/config/v1.IdentityProvider": schema_openshift_api_config_v1_IdentityProvider(ref), - "github.com/openshift/api/config/v1.IdentityProviderConfig": schema_openshift_api_config_v1_IdentityProviderConfig(ref), - "github.com/openshift/api/config/v1.Image": schema_openshift_api_config_v1_Image(ref), - "github.com/openshift/api/config/v1.ImageContentPolicy": schema_openshift_api_config_v1_ImageContentPolicy(ref), - "github.com/openshift/api/config/v1.ImageContentPolicyList": schema_openshift_api_config_v1_ImageContentPolicyList(ref), - "github.com/openshift/api/config/v1.ImageContentPolicySpec": schema_openshift_api_config_v1_ImageContentPolicySpec(ref), - "github.com/openshift/api/config/v1.ImageDigestMirrorSet": schema_openshift_api_config_v1_ImageDigestMirrorSet(ref), - "github.com/openshift/api/config/v1.ImageDigestMirrorSetList": schema_openshift_api_config_v1_ImageDigestMirrorSetList(ref), - "github.com/openshift/api/config/v1.ImageDigestMirrorSetSpec": schema_openshift_api_config_v1_ImageDigestMirrorSetSpec(ref), - "github.com/openshift/api/config/v1.ImageDigestMirrorSetStatus": schema_openshift_api_config_v1_ImageDigestMirrorSetStatus(ref), - "github.com/openshift/api/config/v1.ImageDigestMirrors": schema_openshift_api_config_v1_ImageDigestMirrors(ref), - "github.com/openshift/api/config/v1.ImageLabel": schema_openshift_api_config_v1_ImageLabel(ref), - "github.com/openshift/api/config/v1.ImageList": schema_openshift_api_config_v1_ImageList(ref), - "github.com/openshift/api/config/v1.ImagePolicy": schema_openshift_api_config_v1_ImagePolicy(ref), - "github.com/openshift/api/config/v1.ImagePolicyFulcioCAWithRekorRootOfTrust": schema_openshift_api_config_v1_ImagePolicyFulcioCAWithRekorRootOfTrust(ref), - "github.com/openshift/api/config/v1.ImagePolicyList": schema_openshift_api_config_v1_ImagePolicyList(ref), - "github.com/openshift/api/config/v1.ImagePolicyPKIRootOfTrust": schema_openshift_api_config_v1_ImagePolicyPKIRootOfTrust(ref), - "github.com/openshift/api/config/v1.ImagePolicyPublicKeyRootOfTrust": schema_openshift_api_config_v1_ImagePolicyPublicKeyRootOfTrust(ref), - "github.com/openshift/api/config/v1.ImagePolicySpec": schema_openshift_api_config_v1_ImagePolicySpec(ref), - "github.com/openshift/api/config/v1.ImagePolicyStatus": schema_openshift_api_config_v1_ImagePolicyStatus(ref), - "github.com/openshift/api/config/v1.ImageSigstoreVerificationPolicy": schema_openshift_api_config_v1_ImageSigstoreVerificationPolicy(ref), - "github.com/openshift/api/config/v1.ImageSpec": schema_openshift_api_config_v1_ImageSpec(ref), - "github.com/openshift/api/config/v1.ImageStatus": schema_openshift_api_config_v1_ImageStatus(ref), - "github.com/openshift/api/config/v1.ImageTagMirrorSet": schema_openshift_api_config_v1_ImageTagMirrorSet(ref), - "github.com/openshift/api/config/v1.ImageTagMirrorSetList": schema_openshift_api_config_v1_ImageTagMirrorSetList(ref), - "github.com/openshift/api/config/v1.ImageTagMirrorSetSpec": schema_openshift_api_config_v1_ImageTagMirrorSetSpec(ref), - "github.com/openshift/api/config/v1.ImageTagMirrorSetStatus": schema_openshift_api_config_v1_ImageTagMirrorSetStatus(ref), - "github.com/openshift/api/config/v1.ImageTagMirrors": schema_openshift_api_config_v1_ImageTagMirrors(ref), - "github.com/openshift/api/config/v1.Infrastructure": schema_openshift_api_config_v1_Infrastructure(ref), - "github.com/openshift/api/config/v1.InfrastructureList": schema_openshift_api_config_v1_InfrastructureList(ref), - "github.com/openshift/api/config/v1.InfrastructureSpec": schema_openshift_api_config_v1_InfrastructureSpec(ref), - "github.com/openshift/api/config/v1.InfrastructureStatus": schema_openshift_api_config_v1_InfrastructureStatus(ref), - "github.com/openshift/api/config/v1.Ingress": schema_openshift_api_config_v1_Ingress(ref), - "github.com/openshift/api/config/v1.IngressList": schema_openshift_api_config_v1_IngressList(ref), - "github.com/openshift/api/config/v1.IngressPlatformSpec": schema_openshift_api_config_v1_IngressPlatformSpec(ref), - "github.com/openshift/api/config/v1.IngressSpec": schema_openshift_api_config_v1_IngressSpec(ref), - "github.com/openshift/api/config/v1.IngressStatus": schema_openshift_api_config_v1_IngressStatus(ref), - "github.com/openshift/api/config/v1.InsightsDataGather": schema_openshift_api_config_v1_InsightsDataGather(ref), - "github.com/openshift/api/config/v1.InsightsDataGatherList": schema_openshift_api_config_v1_InsightsDataGatherList(ref), - "github.com/openshift/api/config/v1.InsightsDataGatherSpec": schema_openshift_api_config_v1_InsightsDataGatherSpec(ref), - "github.com/openshift/api/config/v1.IntermediateTLSProfile": schema_openshift_api_config_v1_IntermediateTLSProfile(ref), - "github.com/openshift/api/config/v1.KMSConfig": schema_openshift_api_config_v1_KMSConfig(ref), - "github.com/openshift/api/config/v1.KeystoneIdentityProvider": schema_openshift_api_config_v1_KeystoneIdentityProvider(ref), - "github.com/openshift/api/config/v1.KubeClientConfig": schema_openshift_api_config_v1_KubeClientConfig(ref), - "github.com/openshift/api/config/v1.KubevirtPlatformSpec": schema_openshift_api_config_v1_KubevirtPlatformSpec(ref), - "github.com/openshift/api/config/v1.KubevirtPlatformStatus": schema_openshift_api_config_v1_KubevirtPlatformStatus(ref), - "github.com/openshift/api/config/v1.LDAPAttributeMapping": schema_openshift_api_config_v1_LDAPAttributeMapping(ref), - "github.com/openshift/api/config/v1.LDAPIdentityProvider": schema_openshift_api_config_v1_LDAPIdentityProvider(ref), - "github.com/openshift/api/config/v1.LeaderElection": schema_openshift_api_config_v1_LeaderElection(ref), - "github.com/openshift/api/config/v1.LoadBalancer": schema_openshift_api_config_v1_LoadBalancer(ref), - "github.com/openshift/api/config/v1.MTUMigration": schema_openshift_api_config_v1_MTUMigration(ref), - "github.com/openshift/api/config/v1.MTUMigrationValues": schema_openshift_api_config_v1_MTUMigrationValues(ref), - "github.com/openshift/api/config/v1.MaxAgePolicy": schema_openshift_api_config_v1_MaxAgePolicy(ref), - "github.com/openshift/api/config/v1.ModernTLSProfile": schema_openshift_api_config_v1_ModernTLSProfile(ref), - "github.com/openshift/api/config/v1.NamedCertificate": schema_openshift_api_config_v1_NamedCertificate(ref), - "github.com/openshift/api/config/v1.Network": schema_openshift_api_config_v1_Network(ref), - "github.com/openshift/api/config/v1.NetworkDiagnostics": schema_openshift_api_config_v1_NetworkDiagnostics(ref), - "github.com/openshift/api/config/v1.NetworkDiagnosticsSourcePlacement": schema_openshift_api_config_v1_NetworkDiagnosticsSourcePlacement(ref), - "github.com/openshift/api/config/v1.NetworkDiagnosticsTargetPlacement": schema_openshift_api_config_v1_NetworkDiagnosticsTargetPlacement(ref), - "github.com/openshift/api/config/v1.NetworkList": schema_openshift_api_config_v1_NetworkList(ref), - "github.com/openshift/api/config/v1.NetworkMigration": schema_openshift_api_config_v1_NetworkMigration(ref), - "github.com/openshift/api/config/v1.NetworkSpec": schema_openshift_api_config_v1_NetworkSpec(ref), - "github.com/openshift/api/config/v1.NetworkStatus": schema_openshift_api_config_v1_NetworkStatus(ref), - "github.com/openshift/api/config/v1.Node": schema_openshift_api_config_v1_Node(ref), - "github.com/openshift/api/config/v1.NodeList": schema_openshift_api_config_v1_NodeList(ref), - "github.com/openshift/api/config/v1.NodeSpec": schema_openshift_api_config_v1_NodeSpec(ref), - "github.com/openshift/api/config/v1.NodeStatus": schema_openshift_api_config_v1_NodeStatus(ref), - "github.com/openshift/api/config/v1.NutanixFailureDomain": schema_openshift_api_config_v1_NutanixFailureDomain(ref), - "github.com/openshift/api/config/v1.NutanixPlatformLoadBalancer": schema_openshift_api_config_v1_NutanixPlatformLoadBalancer(ref), - "github.com/openshift/api/config/v1.NutanixPlatformSpec": schema_openshift_api_config_v1_NutanixPlatformSpec(ref), - "github.com/openshift/api/config/v1.NutanixPlatformStatus": schema_openshift_api_config_v1_NutanixPlatformStatus(ref), - "github.com/openshift/api/config/v1.NutanixPrismElementEndpoint": schema_openshift_api_config_v1_NutanixPrismElementEndpoint(ref), - "github.com/openshift/api/config/v1.NutanixPrismEndpoint": schema_openshift_api_config_v1_NutanixPrismEndpoint(ref), - "github.com/openshift/api/config/v1.NutanixResourceIdentifier": schema_openshift_api_config_v1_NutanixResourceIdentifier(ref), - "github.com/openshift/api/config/v1.OAuth": schema_openshift_api_config_v1_OAuth(ref), - "github.com/openshift/api/config/v1.OAuthList": schema_openshift_api_config_v1_OAuthList(ref), - "github.com/openshift/api/config/v1.OAuthRemoteConnectionInfo": schema_openshift_api_config_v1_OAuthRemoteConnectionInfo(ref), - "github.com/openshift/api/config/v1.OAuthSpec": schema_openshift_api_config_v1_OAuthSpec(ref), - "github.com/openshift/api/config/v1.OAuthStatus": schema_openshift_api_config_v1_OAuthStatus(ref), - "github.com/openshift/api/config/v1.OAuthTemplates": schema_openshift_api_config_v1_OAuthTemplates(ref), - "github.com/openshift/api/config/v1.OIDCClientConfig": schema_openshift_api_config_v1_OIDCClientConfig(ref), - "github.com/openshift/api/config/v1.OIDCClientReference": schema_openshift_api_config_v1_OIDCClientReference(ref), - "github.com/openshift/api/config/v1.OIDCClientStatus": schema_openshift_api_config_v1_OIDCClientStatus(ref), - "github.com/openshift/api/config/v1.OIDCProvider": schema_openshift_api_config_v1_OIDCProvider(ref), - "github.com/openshift/api/config/v1.ObjectReference": schema_openshift_api_config_v1_ObjectReference(ref), - "github.com/openshift/api/config/v1.OldTLSProfile": schema_openshift_api_config_v1_OldTLSProfile(ref), - "github.com/openshift/api/config/v1.OpenIDClaims": schema_openshift_api_config_v1_OpenIDClaims(ref), - "github.com/openshift/api/config/v1.OpenIDIdentityProvider": schema_openshift_api_config_v1_OpenIDIdentityProvider(ref), - "github.com/openshift/api/config/v1.OpenStackPlatformLoadBalancer": schema_openshift_api_config_v1_OpenStackPlatformLoadBalancer(ref), - "github.com/openshift/api/config/v1.OpenStackPlatformSpec": schema_openshift_api_config_v1_OpenStackPlatformSpec(ref), - "github.com/openshift/api/config/v1.OpenStackPlatformStatus": schema_openshift_api_config_v1_OpenStackPlatformStatus(ref), - "github.com/openshift/api/config/v1.OperandVersion": schema_openshift_api_config_v1_OperandVersion(ref), - "github.com/openshift/api/config/v1.OperatorHub": schema_openshift_api_config_v1_OperatorHub(ref), - "github.com/openshift/api/config/v1.OperatorHubList": schema_openshift_api_config_v1_OperatorHubList(ref), - "github.com/openshift/api/config/v1.OperatorHubSpec": schema_openshift_api_config_v1_OperatorHubSpec(ref), - "github.com/openshift/api/config/v1.OperatorHubStatus": schema_openshift_api_config_v1_OperatorHubStatus(ref), - "github.com/openshift/api/config/v1.OvirtPlatformLoadBalancer": schema_openshift_api_config_v1_OvirtPlatformLoadBalancer(ref), - "github.com/openshift/api/config/v1.OvirtPlatformSpec": schema_openshift_api_config_v1_OvirtPlatformSpec(ref), - "github.com/openshift/api/config/v1.OvirtPlatformStatus": schema_openshift_api_config_v1_OvirtPlatformStatus(ref), - "github.com/openshift/api/config/v1.PKICertificateSubject": schema_openshift_api_config_v1_PKICertificateSubject(ref), - "github.com/openshift/api/config/v1.PersistentVolumeClaimReference": schema_openshift_api_config_v1_PersistentVolumeClaimReference(ref), - "github.com/openshift/api/config/v1.PersistentVolumeConfig": schema_openshift_api_config_v1_PersistentVolumeConfig(ref), - "github.com/openshift/api/config/v1.PlatformSpec": schema_openshift_api_config_v1_PlatformSpec(ref), - "github.com/openshift/api/config/v1.PlatformStatus": schema_openshift_api_config_v1_PlatformStatus(ref), - "github.com/openshift/api/config/v1.PolicyFulcioSubject": schema_openshift_api_config_v1_PolicyFulcioSubject(ref), - "github.com/openshift/api/config/v1.PolicyIdentity": schema_openshift_api_config_v1_PolicyIdentity(ref), - "github.com/openshift/api/config/v1.PolicyMatchExactRepository": schema_openshift_api_config_v1_PolicyMatchExactRepository(ref), - "github.com/openshift/api/config/v1.PolicyMatchRemapIdentity": schema_openshift_api_config_v1_PolicyMatchRemapIdentity(ref), - "github.com/openshift/api/config/v1.PolicyRootOfTrust": schema_openshift_api_config_v1_PolicyRootOfTrust(ref), - "github.com/openshift/api/config/v1.PowerVSPlatformSpec": schema_openshift_api_config_v1_PowerVSPlatformSpec(ref), - "github.com/openshift/api/config/v1.PowerVSPlatformStatus": schema_openshift_api_config_v1_PowerVSPlatformStatus(ref), - "github.com/openshift/api/config/v1.PowerVSServiceEndpoint": schema_openshift_api_config_v1_PowerVSServiceEndpoint(ref), - "github.com/openshift/api/config/v1.PrefixedClaimMapping": schema_openshift_api_config_v1_PrefixedClaimMapping(ref), - "github.com/openshift/api/config/v1.ProfileCustomizations": schema_openshift_api_config_v1_ProfileCustomizations(ref), - "github.com/openshift/api/config/v1.Project": schema_openshift_api_config_v1_Project(ref), - "github.com/openshift/api/config/v1.ProjectList": schema_openshift_api_config_v1_ProjectList(ref), - "github.com/openshift/api/config/v1.ProjectSpec": schema_openshift_api_config_v1_ProjectSpec(ref), - "github.com/openshift/api/config/v1.ProjectStatus": schema_openshift_api_config_v1_ProjectStatus(ref), - "github.com/openshift/api/config/v1.PromQLClusterCondition": schema_openshift_api_config_v1_PromQLClusterCondition(ref), - "github.com/openshift/api/config/v1.Proxy": schema_openshift_api_config_v1_Proxy(ref), - "github.com/openshift/api/config/v1.ProxyList": schema_openshift_api_config_v1_ProxyList(ref), - "github.com/openshift/api/config/v1.ProxySpec": schema_openshift_api_config_v1_ProxySpec(ref), - "github.com/openshift/api/config/v1.ProxyStatus": schema_openshift_api_config_v1_ProxyStatus(ref), - "github.com/openshift/api/config/v1.RegistryLocation": schema_openshift_api_config_v1_RegistryLocation(ref), - "github.com/openshift/api/config/v1.RegistrySources": schema_openshift_api_config_v1_RegistrySources(ref), - "github.com/openshift/api/config/v1.Release": schema_openshift_api_config_v1_Release(ref), - "github.com/openshift/api/config/v1.RemoteConnectionInfo": schema_openshift_api_config_v1_RemoteConnectionInfo(ref), - "github.com/openshift/api/config/v1.RepositoryDigestMirrors": schema_openshift_api_config_v1_RepositoryDigestMirrors(ref), - "github.com/openshift/api/config/v1.RequestHeaderIdentityProvider": schema_openshift_api_config_v1_RequestHeaderIdentityProvider(ref), - "github.com/openshift/api/config/v1.RequiredHSTSPolicy": schema_openshift_api_config_v1_RequiredHSTSPolicy(ref), - "github.com/openshift/api/config/v1.Scheduler": schema_openshift_api_config_v1_Scheduler(ref), - "github.com/openshift/api/config/v1.SchedulerList": schema_openshift_api_config_v1_SchedulerList(ref), - "github.com/openshift/api/config/v1.SchedulerSpec": schema_openshift_api_config_v1_SchedulerSpec(ref), - "github.com/openshift/api/config/v1.SchedulerStatus": schema_openshift_api_config_v1_SchedulerStatus(ref), - "github.com/openshift/api/config/v1.SecretNameReference": schema_openshift_api_config_v1_SecretNameReference(ref), - "github.com/openshift/api/config/v1.ServingInfo": schema_openshift_api_config_v1_ServingInfo(ref), - "github.com/openshift/api/config/v1.SignatureStore": schema_openshift_api_config_v1_SignatureStore(ref), - "github.com/openshift/api/config/v1.Storage": schema_openshift_api_config_v1_Storage(ref), - "github.com/openshift/api/config/v1.StringSource": schema_openshift_api_config_v1_StringSource(ref), - "github.com/openshift/api/config/v1.StringSourceSpec": schema_openshift_api_config_v1_StringSourceSpec(ref), - "github.com/openshift/api/config/v1.TLSProfileSpec": schema_openshift_api_config_v1_TLSProfileSpec(ref), - "github.com/openshift/api/config/v1.TLSSecurityProfile": schema_openshift_api_config_v1_TLSSecurityProfile(ref), - "github.com/openshift/api/config/v1.TemplateReference": schema_openshift_api_config_v1_TemplateReference(ref), - "github.com/openshift/api/config/v1.TestDetails": schema_openshift_api_config_v1_TestDetails(ref), - "github.com/openshift/api/config/v1.TestReporting": schema_openshift_api_config_v1_TestReporting(ref), - "github.com/openshift/api/config/v1.TestReportingSpec": schema_openshift_api_config_v1_TestReportingSpec(ref), - "github.com/openshift/api/config/v1.TestReportingStatus": schema_openshift_api_config_v1_TestReportingStatus(ref), - "github.com/openshift/api/config/v1.TokenClaimMapping": schema_openshift_api_config_v1_TokenClaimMapping(ref), - "github.com/openshift/api/config/v1.TokenClaimMappings": schema_openshift_api_config_v1_TokenClaimMappings(ref), - "github.com/openshift/api/config/v1.TokenClaimOrExpressionMapping": schema_openshift_api_config_v1_TokenClaimOrExpressionMapping(ref), - "github.com/openshift/api/config/v1.TokenClaimValidationCELRule": schema_openshift_api_config_v1_TokenClaimValidationCELRule(ref), - "github.com/openshift/api/config/v1.TokenClaimValidationRule": schema_openshift_api_config_v1_TokenClaimValidationRule(ref), - "github.com/openshift/api/config/v1.TokenConfig": schema_openshift_api_config_v1_TokenConfig(ref), - "github.com/openshift/api/config/v1.TokenIssuer": schema_openshift_api_config_v1_TokenIssuer(ref), - "github.com/openshift/api/config/v1.TokenRequiredClaim": schema_openshift_api_config_v1_TokenRequiredClaim(ref), - "github.com/openshift/api/config/v1.TokenUserValidationRule": schema_openshift_api_config_v1_TokenUserValidationRule(ref), - "github.com/openshift/api/config/v1.Update": schema_openshift_api_config_v1_Update(ref), - "github.com/openshift/api/config/v1.UpdateHistory": schema_openshift_api_config_v1_UpdateHistory(ref), - "github.com/openshift/api/config/v1.UsernameClaimMapping": schema_openshift_api_config_v1_UsernameClaimMapping(ref), - "github.com/openshift/api/config/v1.UsernamePrefix": schema_openshift_api_config_v1_UsernamePrefix(ref), - "github.com/openshift/api/config/v1.VSphereFailureDomainHostGroup": schema_openshift_api_config_v1_VSphereFailureDomainHostGroup(ref), - "github.com/openshift/api/config/v1.VSphereFailureDomainRegionAffinity": schema_openshift_api_config_v1_VSphereFailureDomainRegionAffinity(ref), - "github.com/openshift/api/config/v1.VSphereFailureDomainZoneAffinity": schema_openshift_api_config_v1_VSphereFailureDomainZoneAffinity(ref), - "github.com/openshift/api/config/v1.VSpherePlatformFailureDomainSpec": schema_openshift_api_config_v1_VSpherePlatformFailureDomainSpec(ref), - "github.com/openshift/api/config/v1.VSpherePlatformLoadBalancer": schema_openshift_api_config_v1_VSpherePlatformLoadBalancer(ref), - "github.com/openshift/api/config/v1.VSpherePlatformNodeNetworking": schema_openshift_api_config_v1_VSpherePlatformNodeNetworking(ref), - "github.com/openshift/api/config/v1.VSpherePlatformNodeNetworkingSpec": schema_openshift_api_config_v1_VSpherePlatformNodeNetworkingSpec(ref), - "github.com/openshift/api/config/v1.VSpherePlatformSpec": schema_openshift_api_config_v1_VSpherePlatformSpec(ref), - "github.com/openshift/api/config/v1.VSpherePlatformStatus": schema_openshift_api_config_v1_VSpherePlatformStatus(ref), - "github.com/openshift/api/config/v1.VSpherePlatformTopology": schema_openshift_api_config_v1_VSpherePlatformTopology(ref), - "github.com/openshift/api/config/v1.VSpherePlatformVCenterSpec": schema_openshift_api_config_v1_VSpherePlatformVCenterSpec(ref), - "github.com/openshift/api/config/v1.WebhookTokenAuthenticator": schema_openshift_api_config_v1_WebhookTokenAuthenticator(ref), - "github.com/openshift/api/config/v1alpha1.AdditionalAlertmanagerConfig": schema_openshift_api_config_v1alpha1_AdditionalAlertmanagerConfig(ref), - "github.com/openshift/api/config/v1alpha1.AlertmanagerConfig": schema_openshift_api_config_v1alpha1_AlertmanagerConfig(ref), - "github.com/openshift/api/config/v1alpha1.AlertmanagerCustomConfig": schema_openshift_api_config_v1alpha1_AlertmanagerCustomConfig(ref), - "github.com/openshift/api/config/v1alpha1.Audit": schema_openshift_api_config_v1alpha1_Audit(ref), - "github.com/openshift/api/config/v1alpha1.AuthorizationConfig": schema_openshift_api_config_v1alpha1_AuthorizationConfig(ref), - "github.com/openshift/api/config/v1alpha1.Backup": schema_openshift_api_config_v1alpha1_Backup(ref), - "github.com/openshift/api/config/v1alpha1.BackupList": schema_openshift_api_config_v1alpha1_BackupList(ref), - "github.com/openshift/api/config/v1alpha1.BackupSpec": schema_openshift_api_config_v1alpha1_BackupSpec(ref), - "github.com/openshift/api/config/v1alpha1.BackupStatus": schema_openshift_api_config_v1alpha1_BackupStatus(ref), - "github.com/openshift/api/config/v1alpha1.BasicAuth": schema_openshift_api_config_v1alpha1_BasicAuth(ref), - "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfig": schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfig(ref), - "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigList": schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigList(ref), - "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigSpec": schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigSpec(ref), - "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigStatus": schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigStatus(ref), - "github.com/openshift/api/config/v1alpha1.CertificateConfig": schema_openshift_api_config_v1alpha1_CertificateConfig(ref), - "github.com/openshift/api/config/v1alpha1.ClusterMonitoring": schema_openshift_api_config_v1alpha1_ClusterMonitoring(ref), - "github.com/openshift/api/config/v1alpha1.ClusterMonitoringList": schema_openshift_api_config_v1alpha1_ClusterMonitoringList(ref), - "github.com/openshift/api/config/v1alpha1.ClusterMonitoringSpec": schema_openshift_api_config_v1alpha1_ClusterMonitoringSpec(ref), - "github.com/openshift/api/config/v1alpha1.ClusterMonitoringStatus": schema_openshift_api_config_v1alpha1_ClusterMonitoringStatus(ref), - "github.com/openshift/api/config/v1alpha1.ContainerResource": schema_openshift_api_config_v1alpha1_ContainerResource(ref), - "github.com/openshift/api/config/v1alpha1.CustomPKIPolicy": schema_openshift_api_config_v1alpha1_CustomPKIPolicy(ref), - "github.com/openshift/api/config/v1alpha1.DefaultCertificateConfig": schema_openshift_api_config_v1alpha1_DefaultCertificateConfig(ref), - "github.com/openshift/api/config/v1alpha1.DropEqualActionConfig": schema_openshift_api_config_v1alpha1_DropEqualActionConfig(ref), - "github.com/openshift/api/config/v1alpha1.ECDSAKeyConfig": schema_openshift_api_config_v1alpha1_ECDSAKeyConfig(ref), - "github.com/openshift/api/config/v1alpha1.EtcdBackupSpec": schema_openshift_api_config_v1alpha1_EtcdBackupSpec(ref), - "github.com/openshift/api/config/v1alpha1.GatherConfig": schema_openshift_api_config_v1alpha1_GatherConfig(ref), - "github.com/openshift/api/config/v1alpha1.HashModActionConfig": schema_openshift_api_config_v1alpha1_HashModActionConfig(ref), - "github.com/openshift/api/config/v1alpha1.InsightsDataGather": schema_openshift_api_config_v1alpha1_InsightsDataGather(ref), - "github.com/openshift/api/config/v1alpha1.InsightsDataGatherList": schema_openshift_api_config_v1alpha1_InsightsDataGatherList(ref), - "github.com/openshift/api/config/v1alpha1.InsightsDataGatherSpec": schema_openshift_api_config_v1alpha1_InsightsDataGatherSpec(ref), - "github.com/openshift/api/config/v1alpha1.InsightsDataGatherStatus": schema_openshift_api_config_v1alpha1_InsightsDataGatherStatus(ref), - "github.com/openshift/api/config/v1alpha1.KeepEqualActionConfig": schema_openshift_api_config_v1alpha1_KeepEqualActionConfig(ref), - "github.com/openshift/api/config/v1alpha1.KeyConfig": schema_openshift_api_config_v1alpha1_KeyConfig(ref), - "github.com/openshift/api/config/v1alpha1.Label": schema_openshift_api_config_v1alpha1_Label(ref), - "github.com/openshift/api/config/v1alpha1.LabelMapActionConfig": schema_openshift_api_config_v1alpha1_LabelMapActionConfig(ref), - "github.com/openshift/api/config/v1alpha1.LowercaseActionConfig": schema_openshift_api_config_v1alpha1_LowercaseActionConfig(ref), - "github.com/openshift/api/config/v1alpha1.MetadataConfig": schema_openshift_api_config_v1alpha1_MetadataConfig(ref), - "github.com/openshift/api/config/v1alpha1.MetadataConfigCustom": schema_openshift_api_config_v1alpha1_MetadataConfigCustom(ref), - "github.com/openshift/api/config/v1alpha1.MetricsServerConfig": schema_openshift_api_config_v1alpha1_MetricsServerConfig(ref), - "github.com/openshift/api/config/v1alpha1.OAuth2": schema_openshift_api_config_v1alpha1_OAuth2(ref), - "github.com/openshift/api/config/v1alpha1.OAuth2EndpointParam": schema_openshift_api_config_v1alpha1_OAuth2EndpointParam(ref), - "github.com/openshift/api/config/v1alpha1.OpenShiftStateMetricsConfig": schema_openshift_api_config_v1alpha1_OpenShiftStateMetricsConfig(ref), - "github.com/openshift/api/config/v1alpha1.PKI": schema_openshift_api_config_v1alpha1_PKI(ref), - "github.com/openshift/api/config/v1alpha1.PKICertificateManagement": schema_openshift_api_config_v1alpha1_PKICertificateManagement(ref), - "github.com/openshift/api/config/v1alpha1.PKIList": schema_openshift_api_config_v1alpha1_PKIList(ref), - "github.com/openshift/api/config/v1alpha1.PKIProfile": schema_openshift_api_config_v1alpha1_PKIProfile(ref), - "github.com/openshift/api/config/v1alpha1.PKISpec": schema_openshift_api_config_v1alpha1_PKISpec(ref), - "github.com/openshift/api/config/v1alpha1.PersistentVolumeClaimReference": schema_openshift_api_config_v1alpha1_PersistentVolumeClaimReference(ref), - "github.com/openshift/api/config/v1alpha1.PersistentVolumeConfig": schema_openshift_api_config_v1alpha1_PersistentVolumeConfig(ref), - "github.com/openshift/api/config/v1alpha1.PrometheusConfig": schema_openshift_api_config_v1alpha1_PrometheusConfig(ref), - "github.com/openshift/api/config/v1alpha1.PrometheusOperatorAdmissionWebhookConfig": schema_openshift_api_config_v1alpha1_PrometheusOperatorAdmissionWebhookConfig(ref), - "github.com/openshift/api/config/v1alpha1.PrometheusOperatorConfig": schema_openshift_api_config_v1alpha1_PrometheusOperatorConfig(ref), - "github.com/openshift/api/config/v1alpha1.PrometheusRemoteWriteHeader": schema_openshift_api_config_v1alpha1_PrometheusRemoteWriteHeader(ref), - "github.com/openshift/api/config/v1alpha1.QueueConfig": schema_openshift_api_config_v1alpha1_QueueConfig(ref), - "github.com/openshift/api/config/v1alpha1.RSAKeyConfig": schema_openshift_api_config_v1alpha1_RSAKeyConfig(ref), - "github.com/openshift/api/config/v1alpha1.RelabelActionConfig": schema_openshift_api_config_v1alpha1_RelabelActionConfig(ref), - "github.com/openshift/api/config/v1alpha1.RelabelConfig": schema_openshift_api_config_v1alpha1_RelabelConfig(ref), - "github.com/openshift/api/config/v1alpha1.RemoteWriteAuthorization": schema_openshift_api_config_v1alpha1_RemoteWriteAuthorization(ref), - "github.com/openshift/api/config/v1alpha1.RemoteWriteSpec": schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref), - "github.com/openshift/api/config/v1alpha1.ReplaceActionConfig": schema_openshift_api_config_v1alpha1_ReplaceActionConfig(ref), - "github.com/openshift/api/config/v1alpha1.Retention": schema_openshift_api_config_v1alpha1_Retention(ref), - "github.com/openshift/api/config/v1alpha1.RetentionNumberConfig": schema_openshift_api_config_v1alpha1_RetentionNumberConfig(ref), - "github.com/openshift/api/config/v1alpha1.RetentionPolicy": schema_openshift_api_config_v1alpha1_RetentionPolicy(ref), - "github.com/openshift/api/config/v1alpha1.RetentionSizeConfig": schema_openshift_api_config_v1alpha1_RetentionSizeConfig(ref), - "github.com/openshift/api/config/v1alpha1.SecretKeySelector": schema_openshift_api_config_v1alpha1_SecretKeySelector(ref), - "github.com/openshift/api/config/v1alpha1.Sigv4": schema_openshift_api_config_v1alpha1_Sigv4(ref), - "github.com/openshift/api/config/v1alpha1.Storage": schema_openshift_api_config_v1alpha1_Storage(ref), - "github.com/openshift/api/config/v1alpha1.TLSConfig": schema_openshift_api_config_v1alpha1_TLSConfig(ref), - "github.com/openshift/api/config/v1alpha1.TelemeterClientConfig": schema_openshift_api_config_v1alpha1_TelemeterClientConfig(ref), - "github.com/openshift/api/config/v1alpha1.UppercaseActionConfig": schema_openshift_api_config_v1alpha1_UppercaseActionConfig(ref), - "github.com/openshift/api/config/v1alpha1.UserDefinedMonitoring": schema_openshift_api_config_v1alpha1_UserDefinedMonitoring(ref), - "github.com/openshift/api/config/v1alpha2.Custom": schema_openshift_api_config_v1alpha2_Custom(ref), - "github.com/openshift/api/config/v1alpha2.GatherConfig": schema_openshift_api_config_v1alpha2_GatherConfig(ref), - "github.com/openshift/api/config/v1alpha2.GathererConfig": schema_openshift_api_config_v1alpha2_GathererConfig(ref), - "github.com/openshift/api/config/v1alpha2.Gatherers": schema_openshift_api_config_v1alpha2_Gatherers(ref), - "github.com/openshift/api/config/v1alpha2.InsightsDataGather": schema_openshift_api_config_v1alpha2_InsightsDataGather(ref), - "github.com/openshift/api/config/v1alpha2.InsightsDataGatherList": schema_openshift_api_config_v1alpha2_InsightsDataGatherList(ref), - "github.com/openshift/api/config/v1alpha2.InsightsDataGatherSpec": schema_openshift_api_config_v1alpha2_InsightsDataGatherSpec(ref), - "github.com/openshift/api/config/v1alpha2.InsightsDataGatherStatus": schema_openshift_api_config_v1alpha2_InsightsDataGatherStatus(ref), - "github.com/openshift/api/config/v1alpha2.PersistentVolumeClaimReference": schema_openshift_api_config_v1alpha2_PersistentVolumeClaimReference(ref), - "github.com/openshift/api/config/v1alpha2.PersistentVolumeConfig": schema_openshift_api_config_v1alpha2_PersistentVolumeConfig(ref), - "github.com/openshift/api/config/v1alpha2.Storage": schema_openshift_api_config_v1alpha2_Storage(ref), - "github.com/openshift/api/console/v1.ApplicationMenuSpec": schema_openshift_api_console_v1_ApplicationMenuSpec(ref), - "github.com/openshift/api/console/v1.CLIDownloadLink": schema_openshift_api_console_v1_CLIDownloadLink(ref), - "github.com/openshift/api/console/v1.ConsoleCLIDownload": schema_openshift_api_console_v1_ConsoleCLIDownload(ref), - "github.com/openshift/api/console/v1.ConsoleCLIDownloadList": schema_openshift_api_console_v1_ConsoleCLIDownloadList(ref), - "github.com/openshift/api/console/v1.ConsoleCLIDownloadSpec": schema_openshift_api_console_v1_ConsoleCLIDownloadSpec(ref), - "github.com/openshift/api/console/v1.ConsoleExternalLogLink": schema_openshift_api_console_v1_ConsoleExternalLogLink(ref), - "github.com/openshift/api/console/v1.ConsoleExternalLogLinkList": schema_openshift_api_console_v1_ConsoleExternalLogLinkList(ref), - "github.com/openshift/api/console/v1.ConsoleExternalLogLinkSpec": schema_openshift_api_console_v1_ConsoleExternalLogLinkSpec(ref), - "github.com/openshift/api/console/v1.ConsoleLink": schema_openshift_api_console_v1_ConsoleLink(ref), - "github.com/openshift/api/console/v1.ConsoleLinkList": schema_openshift_api_console_v1_ConsoleLinkList(ref), - "github.com/openshift/api/console/v1.ConsoleLinkSpec": schema_openshift_api_console_v1_ConsoleLinkSpec(ref), - "github.com/openshift/api/console/v1.ConsoleNotification": schema_openshift_api_console_v1_ConsoleNotification(ref), - "github.com/openshift/api/console/v1.ConsoleNotificationList": schema_openshift_api_console_v1_ConsoleNotificationList(ref), - "github.com/openshift/api/console/v1.ConsoleNotificationSpec": schema_openshift_api_console_v1_ConsoleNotificationSpec(ref), - "github.com/openshift/api/console/v1.ConsolePlugin": schema_openshift_api_console_v1_ConsolePlugin(ref), - "github.com/openshift/api/console/v1.ConsolePluginBackend": schema_openshift_api_console_v1_ConsolePluginBackend(ref), - "github.com/openshift/api/console/v1.ConsolePluginCSP": schema_openshift_api_console_v1_ConsolePluginCSP(ref), - "github.com/openshift/api/console/v1.ConsolePluginI18n": schema_openshift_api_console_v1_ConsolePluginI18n(ref), - "github.com/openshift/api/console/v1.ConsolePluginList": schema_openshift_api_console_v1_ConsolePluginList(ref), - "github.com/openshift/api/console/v1.ConsolePluginProxy": schema_openshift_api_console_v1_ConsolePluginProxy(ref), - "github.com/openshift/api/console/v1.ConsolePluginProxyEndpoint": schema_openshift_api_console_v1_ConsolePluginProxyEndpoint(ref), - "github.com/openshift/api/console/v1.ConsolePluginProxyServiceConfig": schema_openshift_api_console_v1_ConsolePluginProxyServiceConfig(ref), - "github.com/openshift/api/console/v1.ConsolePluginService": schema_openshift_api_console_v1_ConsolePluginService(ref), - "github.com/openshift/api/console/v1.ConsolePluginSpec": schema_openshift_api_console_v1_ConsolePluginSpec(ref), - "github.com/openshift/api/console/v1.ConsoleQuickStart": schema_openshift_api_console_v1_ConsoleQuickStart(ref), - "github.com/openshift/api/console/v1.ConsoleQuickStartList": schema_openshift_api_console_v1_ConsoleQuickStartList(ref), - "github.com/openshift/api/console/v1.ConsoleQuickStartSpec": schema_openshift_api_console_v1_ConsoleQuickStartSpec(ref), - "github.com/openshift/api/console/v1.ConsoleQuickStartTask": schema_openshift_api_console_v1_ConsoleQuickStartTask(ref), - "github.com/openshift/api/console/v1.ConsoleQuickStartTaskReview": schema_openshift_api_console_v1_ConsoleQuickStartTaskReview(ref), - "github.com/openshift/api/console/v1.ConsoleQuickStartTaskSummary": schema_openshift_api_console_v1_ConsoleQuickStartTaskSummary(ref), - "github.com/openshift/api/console/v1.ConsoleSample": schema_openshift_api_console_v1_ConsoleSample(ref), - "github.com/openshift/api/console/v1.ConsoleSampleContainerImportSource": schema_openshift_api_console_v1_ConsoleSampleContainerImportSource(ref), - "github.com/openshift/api/console/v1.ConsoleSampleContainerImportSourceService": schema_openshift_api_console_v1_ConsoleSampleContainerImportSourceService(ref), - "github.com/openshift/api/console/v1.ConsoleSampleGitImportSource": schema_openshift_api_console_v1_ConsoleSampleGitImportSource(ref), - "github.com/openshift/api/console/v1.ConsoleSampleGitImportSourceRepository": schema_openshift_api_console_v1_ConsoleSampleGitImportSourceRepository(ref), - "github.com/openshift/api/console/v1.ConsoleSampleGitImportSourceService": schema_openshift_api_console_v1_ConsoleSampleGitImportSourceService(ref), - "github.com/openshift/api/console/v1.ConsoleSampleList": schema_openshift_api_console_v1_ConsoleSampleList(ref), - "github.com/openshift/api/console/v1.ConsoleSampleSource": schema_openshift_api_console_v1_ConsoleSampleSource(ref), - "github.com/openshift/api/console/v1.ConsoleSampleSpec": schema_openshift_api_console_v1_ConsoleSampleSpec(ref), - "github.com/openshift/api/console/v1.ConsoleYAMLSample": schema_openshift_api_console_v1_ConsoleYAMLSample(ref), - "github.com/openshift/api/console/v1.ConsoleYAMLSampleList": schema_openshift_api_console_v1_ConsoleYAMLSampleList(ref), - "github.com/openshift/api/console/v1.ConsoleYAMLSampleSpec": schema_openshift_api_console_v1_ConsoleYAMLSampleSpec(ref), - "github.com/openshift/api/console/v1.Link": schema_openshift_api_console_v1_Link(ref), - "github.com/openshift/api/console/v1.NamespaceDashboardSpec": schema_openshift_api_console_v1_NamespaceDashboardSpec(ref), - "github.com/openshift/api/etcd/v1alpha1.PacemakerCluster": schema_openshift_api_etcd_v1alpha1_PacemakerCluster(ref), - "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterFencingAgentStatus": schema_openshift_api_etcd_v1alpha1_PacemakerClusterFencingAgentStatus(ref), - "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterList": schema_openshift_api_etcd_v1alpha1_PacemakerClusterList(ref), - "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterNodeStatus": schema_openshift_api_etcd_v1alpha1_PacemakerClusterNodeStatus(ref), - "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterResourceStatus": schema_openshift_api_etcd_v1alpha1_PacemakerClusterResourceStatus(ref), - "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterStatus": schema_openshift_api_etcd_v1alpha1_PacemakerClusterStatus(ref), - "github.com/openshift/api/etcd/v1alpha1.PacemakerNodeAddress": schema_openshift_api_etcd_v1alpha1_PacemakerNodeAddress(ref), - "github.com/openshift/api/example/v1.CELUnion": schema_openshift_api_example_v1_CELUnion(ref), - "github.com/openshift/api/example/v1.EvolvingUnion": schema_openshift_api_example_v1_EvolvingUnion(ref), - "github.com/openshift/api/example/v1.FormatMarkerExamples": schema_openshift_api_example_v1_FormatMarkerExamples(ref), - "github.com/openshift/api/example/v1.StableConfigType": schema_openshift_api_example_v1_StableConfigType(ref), - "github.com/openshift/api/example/v1.StableConfigTypeList": schema_openshift_api_example_v1_StableConfigTypeList(ref), - "github.com/openshift/api/example/v1.StableConfigTypeSpec": schema_openshift_api_example_v1_StableConfigTypeSpec(ref), - "github.com/openshift/api/example/v1.StableConfigTypeStatus": schema_openshift_api_example_v1_StableConfigTypeStatus(ref), - "github.com/openshift/api/example/v1.SubnetsWithExclusions": schema_openshift_api_example_v1_SubnetsWithExclusions(ref), - "github.com/openshift/api/example/v1alpha1.NotStableConfigType": schema_openshift_api_example_v1alpha1_NotStableConfigType(ref), - "github.com/openshift/api/example/v1alpha1.NotStableConfigTypeList": schema_openshift_api_example_v1alpha1_NotStableConfigTypeList(ref), - "github.com/openshift/api/example/v1alpha1.NotStableConfigTypeSpec": schema_openshift_api_example_v1alpha1_NotStableConfigTypeSpec(ref), - "github.com/openshift/api/example/v1alpha1.NotStableConfigTypeStatus": schema_openshift_api_example_v1alpha1_NotStableConfigTypeStatus(ref), - "github.com/openshift/api/helm/v1beta1.ConnectionConfig": schema_openshift_api_helm_v1beta1_ConnectionConfig(ref), - "github.com/openshift/api/helm/v1beta1.ConnectionConfigNamespaceScoped": schema_openshift_api_helm_v1beta1_ConnectionConfigNamespaceScoped(ref), - "github.com/openshift/api/helm/v1beta1.HelmChartRepository": schema_openshift_api_helm_v1beta1_HelmChartRepository(ref), - "github.com/openshift/api/helm/v1beta1.HelmChartRepositoryList": schema_openshift_api_helm_v1beta1_HelmChartRepositoryList(ref), - "github.com/openshift/api/helm/v1beta1.HelmChartRepositorySpec": schema_openshift_api_helm_v1beta1_HelmChartRepositorySpec(ref), - "github.com/openshift/api/helm/v1beta1.HelmChartRepositoryStatus": schema_openshift_api_helm_v1beta1_HelmChartRepositoryStatus(ref), - "github.com/openshift/api/helm/v1beta1.ProjectHelmChartRepository": schema_openshift_api_helm_v1beta1_ProjectHelmChartRepository(ref), - "github.com/openshift/api/helm/v1beta1.ProjectHelmChartRepositoryList": schema_openshift_api_helm_v1beta1_ProjectHelmChartRepositoryList(ref), - "github.com/openshift/api/helm/v1beta1.ProjectHelmChartRepositorySpec": schema_openshift_api_helm_v1beta1_ProjectHelmChartRepositorySpec(ref), - "github.com/openshift/api/image/v1.DockerImageReference": schema_openshift_api_image_v1_DockerImageReference(ref), - "github.com/openshift/api/image/v1.Image": schema_openshift_api_image_v1_Image(ref), - "github.com/openshift/api/image/v1.ImageBlobReferences": schema_openshift_api_image_v1_ImageBlobReferences(ref), - "github.com/openshift/api/image/v1.ImageImportSpec": schema_openshift_api_image_v1_ImageImportSpec(ref), - "github.com/openshift/api/image/v1.ImageImportStatus": schema_openshift_api_image_v1_ImageImportStatus(ref), - "github.com/openshift/api/image/v1.ImageLayer": schema_openshift_api_image_v1_ImageLayer(ref), - "github.com/openshift/api/image/v1.ImageLayerData": schema_openshift_api_image_v1_ImageLayerData(ref), - "github.com/openshift/api/image/v1.ImageList": schema_openshift_api_image_v1_ImageList(ref), - "github.com/openshift/api/image/v1.ImageLookupPolicy": schema_openshift_api_image_v1_ImageLookupPolicy(ref), - "github.com/openshift/api/image/v1.ImageManifest": schema_openshift_api_image_v1_ImageManifest(ref), - "github.com/openshift/api/image/v1.ImageSignature": schema_openshift_api_image_v1_ImageSignature(ref), - "github.com/openshift/api/image/v1.ImageStream": schema_openshift_api_image_v1_ImageStream(ref), - "github.com/openshift/api/image/v1.ImageStreamImage": schema_openshift_api_image_v1_ImageStreamImage(ref), - "github.com/openshift/api/image/v1.ImageStreamImport": schema_openshift_api_image_v1_ImageStreamImport(ref), - "github.com/openshift/api/image/v1.ImageStreamImportSpec": schema_openshift_api_image_v1_ImageStreamImportSpec(ref), - "github.com/openshift/api/image/v1.ImageStreamImportStatus": schema_openshift_api_image_v1_ImageStreamImportStatus(ref), - "github.com/openshift/api/image/v1.ImageStreamLayers": schema_openshift_api_image_v1_ImageStreamLayers(ref), - "github.com/openshift/api/image/v1.ImageStreamList": schema_openshift_api_image_v1_ImageStreamList(ref), - "github.com/openshift/api/image/v1.ImageStreamMapping": schema_openshift_api_image_v1_ImageStreamMapping(ref), - "github.com/openshift/api/image/v1.ImageStreamSpec": schema_openshift_api_image_v1_ImageStreamSpec(ref), - "github.com/openshift/api/image/v1.ImageStreamStatus": schema_openshift_api_image_v1_ImageStreamStatus(ref), - "github.com/openshift/api/image/v1.ImageStreamTag": schema_openshift_api_image_v1_ImageStreamTag(ref), - "github.com/openshift/api/image/v1.ImageStreamTagList": schema_openshift_api_image_v1_ImageStreamTagList(ref), - "github.com/openshift/api/image/v1.ImageTag": schema_openshift_api_image_v1_ImageTag(ref), - "github.com/openshift/api/image/v1.ImageTagList": schema_openshift_api_image_v1_ImageTagList(ref), - "github.com/openshift/api/image/v1.NamedTagEventList": schema_openshift_api_image_v1_NamedTagEventList(ref), - "github.com/openshift/api/image/v1.RepositoryImportSpec": schema_openshift_api_image_v1_RepositoryImportSpec(ref), - "github.com/openshift/api/image/v1.RepositoryImportStatus": schema_openshift_api_image_v1_RepositoryImportStatus(ref), - "github.com/openshift/api/image/v1.SecretList": schema_openshift_api_image_v1_SecretList(ref), - "github.com/openshift/api/image/v1.SignatureCondition": schema_openshift_api_image_v1_SignatureCondition(ref), - "github.com/openshift/api/image/v1.SignatureGenericEntity": schema_openshift_api_image_v1_SignatureGenericEntity(ref), - "github.com/openshift/api/image/v1.SignatureIssuer": schema_openshift_api_image_v1_SignatureIssuer(ref), - "github.com/openshift/api/image/v1.SignatureSubject": schema_openshift_api_image_v1_SignatureSubject(ref), - "github.com/openshift/api/image/v1.TagEvent": schema_openshift_api_image_v1_TagEvent(ref), - "github.com/openshift/api/image/v1.TagEventCondition": schema_openshift_api_image_v1_TagEventCondition(ref), - "github.com/openshift/api/image/v1.TagImportPolicy": schema_openshift_api_image_v1_TagImportPolicy(ref), - "github.com/openshift/api/image/v1.TagReference": schema_openshift_api_image_v1_TagReference(ref), - "github.com/openshift/api/image/v1.TagReferencePolicy": schema_openshift_api_image_v1_TagReferencePolicy(ref), - "github.com/openshift/api/insights/v1.Custom": schema_openshift_api_insights_v1_Custom(ref), - "github.com/openshift/api/insights/v1.DataGather": schema_openshift_api_insights_v1_DataGather(ref), - "github.com/openshift/api/insights/v1.DataGatherList": schema_openshift_api_insights_v1_DataGatherList(ref), - "github.com/openshift/api/insights/v1.DataGatherSpec": schema_openshift_api_insights_v1_DataGatherSpec(ref), - "github.com/openshift/api/insights/v1.DataGatherStatus": schema_openshift_api_insights_v1_DataGatherStatus(ref), - "github.com/openshift/api/insights/v1.GathererConfig": schema_openshift_api_insights_v1_GathererConfig(ref), - "github.com/openshift/api/insights/v1.GathererStatus": schema_openshift_api_insights_v1_GathererStatus(ref), - "github.com/openshift/api/insights/v1.Gatherers": schema_openshift_api_insights_v1_Gatherers(ref), - "github.com/openshift/api/insights/v1.HealthCheck": schema_openshift_api_insights_v1_HealthCheck(ref), - "github.com/openshift/api/insights/v1.InsightsReport": schema_openshift_api_insights_v1_InsightsReport(ref), - "github.com/openshift/api/insights/v1.ObjectReference": schema_openshift_api_insights_v1_ObjectReference(ref), - "github.com/openshift/api/insights/v1.PersistentVolumeClaimReference": schema_openshift_api_insights_v1_PersistentVolumeClaimReference(ref), - "github.com/openshift/api/insights/v1.PersistentVolumeConfig": schema_openshift_api_insights_v1_PersistentVolumeConfig(ref), - "github.com/openshift/api/insights/v1.Storage": schema_openshift_api_insights_v1_Storage(ref), - "github.com/openshift/api/insights/v1alpha1.DataGather": schema_openshift_api_insights_v1alpha1_DataGather(ref), - "github.com/openshift/api/insights/v1alpha1.DataGatherList": schema_openshift_api_insights_v1alpha1_DataGatherList(ref), - "github.com/openshift/api/insights/v1alpha1.DataGatherSpec": schema_openshift_api_insights_v1alpha1_DataGatherSpec(ref), - "github.com/openshift/api/insights/v1alpha1.DataGatherStatus": schema_openshift_api_insights_v1alpha1_DataGatherStatus(ref), - "github.com/openshift/api/insights/v1alpha1.GathererConfig": schema_openshift_api_insights_v1alpha1_GathererConfig(ref), - "github.com/openshift/api/insights/v1alpha1.GathererStatus": schema_openshift_api_insights_v1alpha1_GathererStatus(ref), - "github.com/openshift/api/insights/v1alpha1.HealthCheck": schema_openshift_api_insights_v1alpha1_HealthCheck(ref), - "github.com/openshift/api/insights/v1alpha1.InsightsReport": schema_openshift_api_insights_v1alpha1_InsightsReport(ref), - "github.com/openshift/api/insights/v1alpha1.ObjectReference": schema_openshift_api_insights_v1alpha1_ObjectReference(ref), - "github.com/openshift/api/insights/v1alpha1.PersistentVolumeClaimReference": schema_openshift_api_insights_v1alpha1_PersistentVolumeClaimReference(ref), - "github.com/openshift/api/insights/v1alpha1.PersistentVolumeConfig": schema_openshift_api_insights_v1alpha1_PersistentVolumeConfig(ref), - "github.com/openshift/api/insights/v1alpha1.Storage": schema_openshift_api_insights_v1alpha1_Storage(ref), - "github.com/openshift/api/insights/v1alpha2.Custom": schema_openshift_api_insights_v1alpha2_Custom(ref), - "github.com/openshift/api/insights/v1alpha2.DataGather": schema_openshift_api_insights_v1alpha2_DataGather(ref), - "github.com/openshift/api/insights/v1alpha2.DataGatherList": schema_openshift_api_insights_v1alpha2_DataGatherList(ref), - "github.com/openshift/api/insights/v1alpha2.DataGatherSpec": schema_openshift_api_insights_v1alpha2_DataGatherSpec(ref), - "github.com/openshift/api/insights/v1alpha2.DataGatherStatus": schema_openshift_api_insights_v1alpha2_DataGatherStatus(ref), - "github.com/openshift/api/insights/v1alpha2.GathererConfig": schema_openshift_api_insights_v1alpha2_GathererConfig(ref), - "github.com/openshift/api/insights/v1alpha2.GathererStatus": schema_openshift_api_insights_v1alpha2_GathererStatus(ref), - "github.com/openshift/api/insights/v1alpha2.Gatherers": schema_openshift_api_insights_v1alpha2_Gatherers(ref), - "github.com/openshift/api/insights/v1alpha2.HealthCheck": schema_openshift_api_insights_v1alpha2_HealthCheck(ref), - "github.com/openshift/api/insights/v1alpha2.InsightsReport": schema_openshift_api_insights_v1alpha2_InsightsReport(ref), - "github.com/openshift/api/insights/v1alpha2.ObjectReference": schema_openshift_api_insights_v1alpha2_ObjectReference(ref), - "github.com/openshift/api/insights/v1alpha2.PersistentVolumeClaimReference": schema_openshift_api_insights_v1alpha2_PersistentVolumeClaimReference(ref), - "github.com/openshift/api/insights/v1alpha2.PersistentVolumeConfig": schema_openshift_api_insights_v1alpha2_PersistentVolumeConfig(ref), - "github.com/openshift/api/insights/v1alpha2.Storage": schema_openshift_api_insights_v1alpha2_Storage(ref), - "github.com/openshift/api/kubecontrolplane/v1.AggregatorConfig": schema_openshift_api_kubecontrolplane_v1_AggregatorConfig(ref), - "github.com/openshift/api/kubecontrolplane/v1.KubeAPIServerConfig": schema_openshift_api_kubecontrolplane_v1_KubeAPIServerConfig(ref), - "github.com/openshift/api/kubecontrolplane/v1.KubeAPIServerImagePolicyConfig": schema_openshift_api_kubecontrolplane_v1_KubeAPIServerImagePolicyConfig(ref), - "github.com/openshift/api/kubecontrolplane/v1.KubeAPIServerProjectConfig": schema_openshift_api_kubecontrolplane_v1_KubeAPIServerProjectConfig(ref), - "github.com/openshift/api/kubecontrolplane/v1.KubeControllerManagerConfig": schema_openshift_api_kubecontrolplane_v1_KubeControllerManagerConfig(ref), - "github.com/openshift/api/kubecontrolplane/v1.KubeControllerManagerProjectConfig": schema_openshift_api_kubecontrolplane_v1_KubeControllerManagerProjectConfig(ref), - "github.com/openshift/api/kubecontrolplane/v1.KubeletConnectionInfo": schema_openshift_api_kubecontrolplane_v1_KubeletConnectionInfo(ref), - "github.com/openshift/api/kubecontrolplane/v1.MasterAuthConfig": schema_openshift_api_kubecontrolplane_v1_MasterAuthConfig(ref), - "github.com/openshift/api/kubecontrolplane/v1.RequestHeaderAuthenticationOptions": schema_openshift_api_kubecontrolplane_v1_RequestHeaderAuthenticationOptions(ref), - "github.com/openshift/api/kubecontrolplane/v1.ServiceServingCert": schema_openshift_api_kubecontrolplane_v1_ServiceServingCert(ref), - "github.com/openshift/api/kubecontrolplane/v1.UserAgentDenyRule": schema_openshift_api_kubecontrolplane_v1_UserAgentDenyRule(ref), - "github.com/openshift/api/kubecontrolplane/v1.UserAgentMatchRule": schema_openshift_api_kubecontrolplane_v1_UserAgentMatchRule(ref), - "github.com/openshift/api/kubecontrolplane/v1.UserAgentMatchingConfig": schema_openshift_api_kubecontrolplane_v1_UserAgentMatchingConfig(ref), - "github.com/openshift/api/kubecontrolplane/v1.WebhookTokenAuthenticator": schema_openshift_api_kubecontrolplane_v1_WebhookTokenAuthenticator(ref), - "github.com/openshift/api/legacyconfig/v1.ActiveDirectoryConfig": schema_openshift_api_legacyconfig_v1_ActiveDirectoryConfig(ref), - "github.com/openshift/api/legacyconfig/v1.AdmissionConfig": schema_openshift_api_legacyconfig_v1_AdmissionConfig(ref), - "github.com/openshift/api/legacyconfig/v1.AdmissionPluginConfig": schema_openshift_api_legacyconfig_v1_AdmissionPluginConfig(ref), - "github.com/openshift/api/legacyconfig/v1.AggregatorConfig": schema_openshift_api_legacyconfig_v1_AggregatorConfig(ref), - "github.com/openshift/api/legacyconfig/v1.AllowAllPasswordIdentityProvider": schema_openshift_api_legacyconfig_v1_AllowAllPasswordIdentityProvider(ref), - "github.com/openshift/api/legacyconfig/v1.AuditConfig": schema_openshift_api_legacyconfig_v1_AuditConfig(ref), - "github.com/openshift/api/legacyconfig/v1.AugmentedActiveDirectoryConfig": schema_openshift_api_legacyconfig_v1_AugmentedActiveDirectoryConfig(ref), - "github.com/openshift/api/legacyconfig/v1.BasicAuthPasswordIdentityProvider": schema_openshift_api_legacyconfig_v1_BasicAuthPasswordIdentityProvider(ref), - "github.com/openshift/api/legacyconfig/v1.BuildDefaultsConfig": schema_openshift_api_legacyconfig_v1_BuildDefaultsConfig(ref), - "github.com/openshift/api/legacyconfig/v1.BuildOverridesConfig": schema_openshift_api_legacyconfig_v1_BuildOverridesConfig(ref), - "github.com/openshift/api/legacyconfig/v1.CertInfo": schema_openshift_api_legacyconfig_v1_CertInfo(ref), - "github.com/openshift/api/legacyconfig/v1.ClientConnectionOverrides": schema_openshift_api_legacyconfig_v1_ClientConnectionOverrides(ref), - "github.com/openshift/api/legacyconfig/v1.ClusterNetworkEntry": schema_openshift_api_legacyconfig_v1_ClusterNetworkEntry(ref), - "github.com/openshift/api/legacyconfig/v1.ControllerConfig": schema_openshift_api_legacyconfig_v1_ControllerConfig(ref), - "github.com/openshift/api/legacyconfig/v1.ControllerElectionConfig": schema_openshift_api_legacyconfig_v1_ControllerElectionConfig(ref), - "github.com/openshift/api/legacyconfig/v1.DNSConfig": schema_openshift_api_legacyconfig_v1_DNSConfig(ref), - "github.com/openshift/api/legacyconfig/v1.DefaultAdmissionConfig": schema_openshift_api_legacyconfig_v1_DefaultAdmissionConfig(ref), - "github.com/openshift/api/legacyconfig/v1.DenyAllPasswordIdentityProvider": schema_openshift_api_legacyconfig_v1_DenyAllPasswordIdentityProvider(ref), - "github.com/openshift/api/legacyconfig/v1.DockerConfig": schema_openshift_api_legacyconfig_v1_DockerConfig(ref), - "github.com/openshift/api/legacyconfig/v1.EtcdConfig": schema_openshift_api_legacyconfig_v1_EtcdConfig(ref), - "github.com/openshift/api/legacyconfig/v1.EtcdConnectionInfo": schema_openshift_api_legacyconfig_v1_EtcdConnectionInfo(ref), - "github.com/openshift/api/legacyconfig/v1.EtcdStorageConfig": schema_openshift_api_legacyconfig_v1_EtcdStorageConfig(ref), - "github.com/openshift/api/legacyconfig/v1.GitHubIdentityProvider": schema_openshift_api_legacyconfig_v1_GitHubIdentityProvider(ref), - "github.com/openshift/api/legacyconfig/v1.GitLabIdentityProvider": schema_openshift_api_legacyconfig_v1_GitLabIdentityProvider(ref), - "github.com/openshift/api/legacyconfig/v1.GoogleIdentityProvider": schema_openshift_api_legacyconfig_v1_GoogleIdentityProvider(ref), - "github.com/openshift/api/legacyconfig/v1.GrantConfig": schema_openshift_api_legacyconfig_v1_GrantConfig(ref), - "github.com/openshift/api/legacyconfig/v1.GroupResource": schema_openshift_api_legacyconfig_v1_GroupResource(ref), - "github.com/openshift/api/legacyconfig/v1.HTPasswdPasswordIdentityProvider": schema_openshift_api_legacyconfig_v1_HTPasswdPasswordIdentityProvider(ref), - "github.com/openshift/api/legacyconfig/v1.HTTPServingInfo": schema_openshift_api_legacyconfig_v1_HTTPServingInfo(ref), - "github.com/openshift/api/legacyconfig/v1.IdentityProvider": schema_openshift_api_legacyconfig_v1_IdentityProvider(ref), - "github.com/openshift/api/legacyconfig/v1.ImageConfig": schema_openshift_api_legacyconfig_v1_ImageConfig(ref), - "github.com/openshift/api/legacyconfig/v1.ImagePolicyConfig": schema_openshift_api_legacyconfig_v1_ImagePolicyConfig(ref), - "github.com/openshift/api/legacyconfig/v1.JenkinsPipelineConfig": schema_openshift_api_legacyconfig_v1_JenkinsPipelineConfig(ref), - "github.com/openshift/api/legacyconfig/v1.KeystonePasswordIdentityProvider": schema_openshift_api_legacyconfig_v1_KeystonePasswordIdentityProvider(ref), - "github.com/openshift/api/legacyconfig/v1.KubeletConnectionInfo": schema_openshift_api_legacyconfig_v1_KubeletConnectionInfo(ref), - "github.com/openshift/api/legacyconfig/v1.KubernetesMasterConfig": schema_openshift_api_legacyconfig_v1_KubernetesMasterConfig(ref), - "github.com/openshift/api/legacyconfig/v1.LDAPAttributeMapping": schema_openshift_api_legacyconfig_v1_LDAPAttributeMapping(ref), - "github.com/openshift/api/legacyconfig/v1.LDAPPasswordIdentityProvider": schema_openshift_api_legacyconfig_v1_LDAPPasswordIdentityProvider(ref), - "github.com/openshift/api/legacyconfig/v1.LDAPQuery": schema_openshift_api_legacyconfig_v1_LDAPQuery(ref), - "github.com/openshift/api/legacyconfig/v1.LDAPSyncConfig": schema_openshift_api_legacyconfig_v1_LDAPSyncConfig(ref), - "github.com/openshift/api/legacyconfig/v1.LocalQuota": schema_openshift_api_legacyconfig_v1_LocalQuota(ref), - "github.com/openshift/api/legacyconfig/v1.MasterAuthConfig": schema_openshift_api_legacyconfig_v1_MasterAuthConfig(ref), - "github.com/openshift/api/legacyconfig/v1.MasterClients": schema_openshift_api_legacyconfig_v1_MasterClients(ref), - "github.com/openshift/api/legacyconfig/v1.MasterConfig": schema_openshift_api_legacyconfig_v1_MasterConfig(ref), - "github.com/openshift/api/legacyconfig/v1.MasterNetworkConfig": schema_openshift_api_legacyconfig_v1_MasterNetworkConfig(ref), - "github.com/openshift/api/legacyconfig/v1.MasterVolumeConfig": schema_openshift_api_legacyconfig_v1_MasterVolumeConfig(ref), - "github.com/openshift/api/legacyconfig/v1.NamedCertificate": schema_openshift_api_legacyconfig_v1_NamedCertificate(ref), - "github.com/openshift/api/legacyconfig/v1.NodeAuthConfig": schema_openshift_api_legacyconfig_v1_NodeAuthConfig(ref), - "github.com/openshift/api/legacyconfig/v1.NodeConfig": schema_openshift_api_legacyconfig_v1_NodeConfig(ref), - "github.com/openshift/api/legacyconfig/v1.NodeNetworkConfig": schema_openshift_api_legacyconfig_v1_NodeNetworkConfig(ref), - "github.com/openshift/api/legacyconfig/v1.NodeVolumeConfig": schema_openshift_api_legacyconfig_v1_NodeVolumeConfig(ref), - "github.com/openshift/api/legacyconfig/v1.OAuthConfig": schema_openshift_api_legacyconfig_v1_OAuthConfig(ref), - "github.com/openshift/api/legacyconfig/v1.OAuthTemplates": schema_openshift_api_legacyconfig_v1_OAuthTemplates(ref), - "github.com/openshift/api/legacyconfig/v1.OpenIDClaims": schema_openshift_api_legacyconfig_v1_OpenIDClaims(ref), - "github.com/openshift/api/legacyconfig/v1.OpenIDIdentityProvider": schema_openshift_api_legacyconfig_v1_OpenIDIdentityProvider(ref), - "github.com/openshift/api/legacyconfig/v1.OpenIDURLs": schema_openshift_api_legacyconfig_v1_OpenIDURLs(ref), - "github.com/openshift/api/legacyconfig/v1.PodManifestConfig": schema_openshift_api_legacyconfig_v1_PodManifestConfig(ref), - "github.com/openshift/api/legacyconfig/v1.PolicyConfig": schema_openshift_api_legacyconfig_v1_PolicyConfig(ref), - "github.com/openshift/api/legacyconfig/v1.ProjectConfig": schema_openshift_api_legacyconfig_v1_ProjectConfig(ref), - "github.com/openshift/api/legacyconfig/v1.RFC2307Config": schema_openshift_api_legacyconfig_v1_RFC2307Config(ref), - "github.com/openshift/api/legacyconfig/v1.RegistryLocation": schema_openshift_api_legacyconfig_v1_RegistryLocation(ref), - "github.com/openshift/api/legacyconfig/v1.RemoteConnectionInfo": schema_openshift_api_legacyconfig_v1_RemoteConnectionInfo(ref), - "github.com/openshift/api/legacyconfig/v1.RequestHeaderAuthenticationOptions": schema_openshift_api_legacyconfig_v1_RequestHeaderAuthenticationOptions(ref), - "github.com/openshift/api/legacyconfig/v1.RequestHeaderIdentityProvider": schema_openshift_api_legacyconfig_v1_RequestHeaderIdentityProvider(ref), - "github.com/openshift/api/legacyconfig/v1.RoutingConfig": schema_openshift_api_legacyconfig_v1_RoutingConfig(ref), - "github.com/openshift/api/legacyconfig/v1.SecurityAllocator": schema_openshift_api_legacyconfig_v1_SecurityAllocator(ref), - "github.com/openshift/api/legacyconfig/v1.ServiceAccountConfig": schema_openshift_api_legacyconfig_v1_ServiceAccountConfig(ref), - "github.com/openshift/api/legacyconfig/v1.ServiceServingCert": schema_openshift_api_legacyconfig_v1_ServiceServingCert(ref), - "github.com/openshift/api/legacyconfig/v1.ServingInfo": schema_openshift_api_legacyconfig_v1_ServingInfo(ref), - "github.com/openshift/api/legacyconfig/v1.SessionConfig": schema_openshift_api_legacyconfig_v1_SessionConfig(ref), - "github.com/openshift/api/legacyconfig/v1.SessionSecret": schema_openshift_api_legacyconfig_v1_SessionSecret(ref), - "github.com/openshift/api/legacyconfig/v1.SessionSecrets": schema_openshift_api_legacyconfig_v1_SessionSecrets(ref), - "github.com/openshift/api/legacyconfig/v1.SourceStrategyDefaultsConfig": schema_openshift_api_legacyconfig_v1_SourceStrategyDefaultsConfig(ref), - "github.com/openshift/api/legacyconfig/v1.StringSource": schema_openshift_api_legacyconfig_v1_StringSource(ref), - "github.com/openshift/api/legacyconfig/v1.StringSourceSpec": schema_openshift_api_legacyconfig_v1_StringSourceSpec(ref), - "github.com/openshift/api/legacyconfig/v1.TokenConfig": schema_openshift_api_legacyconfig_v1_TokenConfig(ref), - "github.com/openshift/api/legacyconfig/v1.UserAgentDenyRule": schema_openshift_api_legacyconfig_v1_UserAgentDenyRule(ref), - "github.com/openshift/api/legacyconfig/v1.UserAgentMatchRule": schema_openshift_api_legacyconfig_v1_UserAgentMatchRule(ref), - "github.com/openshift/api/legacyconfig/v1.UserAgentMatchingConfig": schema_openshift_api_legacyconfig_v1_UserAgentMatchingConfig(ref), - "github.com/openshift/api/legacyconfig/v1.WebhookTokenAuthenticator": schema_openshift_api_legacyconfig_v1_WebhookTokenAuthenticator(ref), - "github.com/openshift/api/machine/v1.AWSFailureDomain": schema_openshift_api_machine_v1_AWSFailureDomain(ref), - "github.com/openshift/api/machine/v1.AWSFailureDomainPlacement": schema_openshift_api_machine_v1_AWSFailureDomainPlacement(ref), - "github.com/openshift/api/machine/v1.AWSResourceFilter": schema_openshift_api_machine_v1_AWSResourceFilter(ref), - "github.com/openshift/api/machine/v1.AWSResourceReference": schema_openshift_api_machine_v1_AWSResourceReference(ref), - "github.com/openshift/api/machine/v1.AlibabaCloudMachineProviderConfig": schema_openshift_api_machine_v1_AlibabaCloudMachineProviderConfig(ref), - "github.com/openshift/api/machine/v1.AlibabaCloudMachineProviderConfigList": schema_openshift_api_machine_v1_AlibabaCloudMachineProviderConfigList(ref), - "github.com/openshift/api/machine/v1.AlibabaCloudMachineProviderStatus": schema_openshift_api_machine_v1_AlibabaCloudMachineProviderStatus(ref), - "github.com/openshift/api/machine/v1.AlibabaResourceReference": schema_openshift_api_machine_v1_AlibabaResourceReference(ref), - "github.com/openshift/api/machine/v1.AzureFailureDomain": schema_openshift_api_machine_v1_AzureFailureDomain(ref), - "github.com/openshift/api/machine/v1.BandwidthProperties": schema_openshift_api_machine_v1_BandwidthProperties(ref), - "github.com/openshift/api/machine/v1.ControlPlaneMachineSet": schema_openshift_api_machine_v1_ControlPlaneMachineSet(ref), - "github.com/openshift/api/machine/v1.ControlPlaneMachineSetList": schema_openshift_api_machine_v1_ControlPlaneMachineSetList(ref), - "github.com/openshift/api/machine/v1.ControlPlaneMachineSetSpec": schema_openshift_api_machine_v1_ControlPlaneMachineSetSpec(ref), - "github.com/openshift/api/machine/v1.ControlPlaneMachineSetStatus": schema_openshift_api_machine_v1_ControlPlaneMachineSetStatus(ref), - "github.com/openshift/api/machine/v1.ControlPlaneMachineSetStrategy": schema_openshift_api_machine_v1_ControlPlaneMachineSetStrategy(ref), - "github.com/openshift/api/machine/v1.ControlPlaneMachineSetTemplate": schema_openshift_api_machine_v1_ControlPlaneMachineSetTemplate(ref), - "github.com/openshift/api/machine/v1.ControlPlaneMachineSetTemplateObjectMeta": schema_openshift_api_machine_v1_ControlPlaneMachineSetTemplateObjectMeta(ref), - "github.com/openshift/api/machine/v1.DataDiskProperties": schema_openshift_api_machine_v1_DataDiskProperties(ref), - "github.com/openshift/api/machine/v1.FailureDomains": schema_openshift_api_machine_v1_FailureDomains(ref), - "github.com/openshift/api/machine/v1.GCPFailureDomain": schema_openshift_api_machine_v1_GCPFailureDomain(ref), - "github.com/openshift/api/machine/v1.LoadBalancerReference": schema_openshift_api_machine_v1_LoadBalancerReference(ref), - "github.com/openshift/api/machine/v1.NutanixCategory": schema_openshift_api_machine_v1_NutanixCategory(ref), - "github.com/openshift/api/machine/v1.NutanixFailureDomainReference": schema_openshift_api_machine_v1_NutanixFailureDomainReference(ref), - "github.com/openshift/api/machine/v1.NutanixGPU": schema_openshift_api_machine_v1_NutanixGPU(ref), - "github.com/openshift/api/machine/v1.NutanixMachineProviderConfig": schema_openshift_api_machine_v1_NutanixMachineProviderConfig(ref), - "github.com/openshift/api/machine/v1.NutanixMachineProviderStatus": schema_openshift_api_machine_v1_NutanixMachineProviderStatus(ref), - "github.com/openshift/api/machine/v1.NutanixResourceIdentifier": schema_openshift_api_machine_v1_NutanixResourceIdentifier(ref), - "github.com/openshift/api/machine/v1.NutanixStorageResourceIdentifier": schema_openshift_api_machine_v1_NutanixStorageResourceIdentifier(ref), - "github.com/openshift/api/machine/v1.NutanixVMDisk": schema_openshift_api_machine_v1_NutanixVMDisk(ref), - "github.com/openshift/api/machine/v1.NutanixVMDiskDeviceProperties": schema_openshift_api_machine_v1_NutanixVMDiskDeviceProperties(ref), - "github.com/openshift/api/machine/v1.NutanixVMStorageConfig": schema_openshift_api_machine_v1_NutanixVMStorageConfig(ref), - "github.com/openshift/api/machine/v1.OpenShiftMachineV1Beta1MachineTemplate": schema_openshift_api_machine_v1_OpenShiftMachineV1Beta1MachineTemplate(ref), - "github.com/openshift/api/machine/v1.OpenStackFailureDomain": schema_openshift_api_machine_v1_OpenStackFailureDomain(ref), - "github.com/openshift/api/machine/v1.PowerVSMachineProviderConfig": schema_openshift_api_machine_v1_PowerVSMachineProviderConfig(ref), - "github.com/openshift/api/machine/v1.PowerVSMachineProviderStatus": schema_openshift_api_machine_v1_PowerVSMachineProviderStatus(ref), - "github.com/openshift/api/machine/v1.PowerVSResource": schema_openshift_api_machine_v1_PowerVSResource(ref), - "github.com/openshift/api/machine/v1.PowerVSSecretReference": schema_openshift_api_machine_v1_PowerVSSecretReference(ref), - "github.com/openshift/api/machine/v1.RootVolume": schema_openshift_api_machine_v1_RootVolume(ref), - "github.com/openshift/api/machine/v1.SystemDiskProperties": schema_openshift_api_machine_v1_SystemDiskProperties(ref), - "github.com/openshift/api/machine/v1.Tag": schema_openshift_api_machine_v1_Tag(ref), - "github.com/openshift/api/machine/v1.VSphereFailureDomain": schema_openshift_api_machine_v1_VSphereFailureDomain(ref), - "github.com/openshift/api/machine/v1alpha1.AdditionalBlockDevice": schema_openshift_api_machine_v1alpha1_AdditionalBlockDevice(ref), - "github.com/openshift/api/machine/v1alpha1.AddressPair": schema_openshift_api_machine_v1alpha1_AddressPair(ref), - "github.com/openshift/api/machine/v1alpha1.BlockDeviceStorage": schema_openshift_api_machine_v1alpha1_BlockDeviceStorage(ref), - "github.com/openshift/api/machine/v1alpha1.BlockDeviceVolume": schema_openshift_api_machine_v1alpha1_BlockDeviceVolume(ref), - "github.com/openshift/api/machine/v1alpha1.Filter": schema_openshift_api_machine_v1alpha1_Filter(ref), - "github.com/openshift/api/machine/v1alpha1.FixedIPs": schema_openshift_api_machine_v1alpha1_FixedIPs(ref), - "github.com/openshift/api/machine/v1alpha1.NetworkParam": schema_openshift_api_machine_v1alpha1_NetworkParam(ref), - "github.com/openshift/api/machine/v1alpha1.OpenstackProviderSpec": schema_openshift_api_machine_v1alpha1_OpenstackProviderSpec(ref), - "github.com/openshift/api/machine/v1alpha1.PortOpts": schema_openshift_api_machine_v1alpha1_PortOpts(ref), - "github.com/openshift/api/machine/v1alpha1.RootVolume": schema_openshift_api_machine_v1alpha1_RootVolume(ref), - "github.com/openshift/api/machine/v1alpha1.SecurityGroupFilter": schema_openshift_api_machine_v1alpha1_SecurityGroupFilter(ref), - "github.com/openshift/api/machine/v1alpha1.SecurityGroupParam": schema_openshift_api_machine_v1alpha1_SecurityGroupParam(ref), - "github.com/openshift/api/machine/v1alpha1.SubnetFilter": schema_openshift_api_machine_v1alpha1_SubnetFilter(ref), - "github.com/openshift/api/machine/v1alpha1.SubnetParam": schema_openshift_api_machine_v1alpha1_SubnetParam(ref), - "github.com/openshift/api/machine/v1beta1.AWSMachineProviderConfig": schema_openshift_api_machine_v1beta1_AWSMachineProviderConfig(ref), - "github.com/openshift/api/machine/v1beta1.AWSMachineProviderConfigList": schema_openshift_api_machine_v1beta1_AWSMachineProviderConfigList(ref), - "github.com/openshift/api/machine/v1beta1.AWSMachineProviderStatus": schema_openshift_api_machine_v1beta1_AWSMachineProviderStatus(ref), - "github.com/openshift/api/machine/v1beta1.AWSResourceReference": schema_openshift_api_machine_v1beta1_AWSResourceReference(ref), - "github.com/openshift/api/machine/v1beta1.AddressesFromPool": schema_openshift_api_machine_v1beta1_AddressesFromPool(ref), - "github.com/openshift/api/machine/v1beta1.AzureBootDiagnostics": schema_openshift_api_machine_v1beta1_AzureBootDiagnostics(ref), - "github.com/openshift/api/machine/v1beta1.AzureCustomerManagedBootDiagnostics": schema_openshift_api_machine_v1beta1_AzureCustomerManagedBootDiagnostics(ref), - "github.com/openshift/api/machine/v1beta1.AzureDiagnostics": schema_openshift_api_machine_v1beta1_AzureDiagnostics(ref), - "github.com/openshift/api/machine/v1beta1.AzureMachineProviderSpec": schema_openshift_api_machine_v1beta1_AzureMachineProviderSpec(ref), - "github.com/openshift/api/machine/v1beta1.AzureMachineProviderStatus": schema_openshift_api_machine_v1beta1_AzureMachineProviderStatus(ref), - "github.com/openshift/api/machine/v1beta1.BlockDeviceMappingSpec": schema_openshift_api_machine_v1beta1_BlockDeviceMappingSpec(ref), - "github.com/openshift/api/machine/v1beta1.CPUOptions": schema_openshift_api_machine_v1beta1_CPUOptions(ref), - "github.com/openshift/api/machine/v1beta1.Condition": schema_openshift_api_machine_v1beta1_Condition(ref), - "github.com/openshift/api/machine/v1beta1.ConfidentialVM": schema_openshift_api_machine_v1beta1_ConfidentialVM(ref), - "github.com/openshift/api/machine/v1beta1.DataDisk": schema_openshift_api_machine_v1beta1_DataDisk(ref), - "github.com/openshift/api/machine/v1beta1.DataDiskManagedDiskParameters": schema_openshift_api_machine_v1beta1_DataDiskManagedDiskParameters(ref), - "github.com/openshift/api/machine/v1beta1.DedicatedHost": schema_openshift_api_machine_v1beta1_DedicatedHost(ref), - "github.com/openshift/api/machine/v1beta1.DedicatedHostStatus": schema_openshift_api_machine_v1beta1_DedicatedHostStatus(ref), - "github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters": schema_openshift_api_machine_v1beta1_DiskEncryptionSetParameters(ref), - "github.com/openshift/api/machine/v1beta1.DiskSettings": schema_openshift_api_machine_v1beta1_DiskSettings(ref), - "github.com/openshift/api/machine/v1beta1.DynamicHostAllocationSpec": schema_openshift_api_machine_v1beta1_DynamicHostAllocationSpec(ref), - "github.com/openshift/api/machine/v1beta1.EBSBlockDeviceSpec": schema_openshift_api_machine_v1beta1_EBSBlockDeviceSpec(ref), - "github.com/openshift/api/machine/v1beta1.Filter": schema_openshift_api_machine_v1beta1_Filter(ref), - "github.com/openshift/api/machine/v1beta1.GCPDisk": schema_openshift_api_machine_v1beta1_GCPDisk(ref), - "github.com/openshift/api/machine/v1beta1.GCPEncryptionKeyReference": schema_openshift_api_machine_v1beta1_GCPEncryptionKeyReference(ref), - "github.com/openshift/api/machine/v1beta1.GCPGPUConfig": schema_openshift_api_machine_v1beta1_GCPGPUConfig(ref), - "github.com/openshift/api/machine/v1beta1.GCPKMSKeyReference": schema_openshift_api_machine_v1beta1_GCPKMSKeyReference(ref), - "github.com/openshift/api/machine/v1beta1.GCPMachineProviderSpec": schema_openshift_api_machine_v1beta1_GCPMachineProviderSpec(ref), - "github.com/openshift/api/machine/v1beta1.GCPMachineProviderStatus": schema_openshift_api_machine_v1beta1_GCPMachineProviderStatus(ref), - "github.com/openshift/api/machine/v1beta1.GCPMetadata": schema_openshift_api_machine_v1beta1_GCPMetadata(ref), - "github.com/openshift/api/machine/v1beta1.GCPNetworkInterface": schema_openshift_api_machine_v1beta1_GCPNetworkInterface(ref), - "github.com/openshift/api/machine/v1beta1.GCPServiceAccount": schema_openshift_api_machine_v1beta1_GCPServiceAccount(ref), - "github.com/openshift/api/machine/v1beta1.GCPShieldedInstanceConfig": schema_openshift_api_machine_v1beta1_GCPShieldedInstanceConfig(ref), - "github.com/openshift/api/machine/v1beta1.HostPlacement": schema_openshift_api_machine_v1beta1_HostPlacement(ref), - "github.com/openshift/api/machine/v1beta1.Image": schema_openshift_api_machine_v1beta1_Image(ref), - "github.com/openshift/api/machine/v1beta1.LastOperation": schema_openshift_api_machine_v1beta1_LastOperation(ref), - "github.com/openshift/api/machine/v1beta1.LifecycleHook": schema_openshift_api_machine_v1beta1_LifecycleHook(ref), - "github.com/openshift/api/machine/v1beta1.LifecycleHooks": schema_openshift_api_machine_v1beta1_LifecycleHooks(ref), - "github.com/openshift/api/machine/v1beta1.LoadBalancerReference": schema_openshift_api_machine_v1beta1_LoadBalancerReference(ref), - "github.com/openshift/api/machine/v1beta1.Machine": schema_openshift_api_machine_v1beta1_Machine(ref), - "github.com/openshift/api/machine/v1beta1.MachineHealthCheck": schema_openshift_api_machine_v1beta1_MachineHealthCheck(ref), - "github.com/openshift/api/machine/v1beta1.MachineHealthCheckList": schema_openshift_api_machine_v1beta1_MachineHealthCheckList(ref), - "github.com/openshift/api/machine/v1beta1.MachineHealthCheckSpec": schema_openshift_api_machine_v1beta1_MachineHealthCheckSpec(ref), - "github.com/openshift/api/machine/v1beta1.MachineHealthCheckStatus": schema_openshift_api_machine_v1beta1_MachineHealthCheckStatus(ref), - "github.com/openshift/api/machine/v1beta1.MachineList": schema_openshift_api_machine_v1beta1_MachineList(ref), - "github.com/openshift/api/machine/v1beta1.MachineSet": schema_openshift_api_machine_v1beta1_MachineSet(ref), - "github.com/openshift/api/machine/v1beta1.MachineSetList": schema_openshift_api_machine_v1beta1_MachineSetList(ref), - "github.com/openshift/api/machine/v1beta1.MachineSetSpec": schema_openshift_api_machine_v1beta1_MachineSetSpec(ref), - "github.com/openshift/api/machine/v1beta1.MachineSetStatus": schema_openshift_api_machine_v1beta1_MachineSetStatus(ref), - "github.com/openshift/api/machine/v1beta1.MachineSpec": schema_openshift_api_machine_v1beta1_MachineSpec(ref), - "github.com/openshift/api/machine/v1beta1.MachineStatus": schema_openshift_api_machine_v1beta1_MachineStatus(ref), - "github.com/openshift/api/machine/v1beta1.MachineTemplateSpec": schema_openshift_api_machine_v1beta1_MachineTemplateSpec(ref), - "github.com/openshift/api/machine/v1beta1.MetadataServiceOptions": schema_openshift_api_machine_v1beta1_MetadataServiceOptions(ref), - "github.com/openshift/api/machine/v1beta1.NetworkDeviceSpec": schema_openshift_api_machine_v1beta1_NetworkDeviceSpec(ref), - "github.com/openshift/api/machine/v1beta1.NetworkSpec": schema_openshift_api_machine_v1beta1_NetworkSpec(ref), - "github.com/openshift/api/machine/v1beta1.OSDisk": schema_openshift_api_machine_v1beta1_OSDisk(ref), - "github.com/openshift/api/machine/v1beta1.OSDiskManagedDiskParameters": schema_openshift_api_machine_v1beta1_OSDiskManagedDiskParameters(ref), - "github.com/openshift/api/machine/v1beta1.ObjectMeta": schema_openshift_api_machine_v1beta1_ObjectMeta(ref), - "github.com/openshift/api/machine/v1beta1.Placement": schema_openshift_api_machine_v1beta1_Placement(ref), - "github.com/openshift/api/machine/v1beta1.ProviderSpec": schema_openshift_api_machine_v1beta1_ProviderSpec(ref), - "github.com/openshift/api/machine/v1beta1.ResourceManagerTag": schema_openshift_api_machine_v1beta1_ResourceManagerTag(ref), - "github.com/openshift/api/machine/v1beta1.SecurityProfile": schema_openshift_api_machine_v1beta1_SecurityProfile(ref), - "github.com/openshift/api/machine/v1beta1.SecuritySettings": schema_openshift_api_machine_v1beta1_SecuritySettings(ref), - "github.com/openshift/api/machine/v1beta1.SpotMarketOptions": schema_openshift_api_machine_v1beta1_SpotMarketOptions(ref), - "github.com/openshift/api/machine/v1beta1.SpotVMOptions": schema_openshift_api_machine_v1beta1_SpotVMOptions(ref), - "github.com/openshift/api/machine/v1beta1.TagSpecification": schema_openshift_api_machine_v1beta1_TagSpecification(ref), - "github.com/openshift/api/machine/v1beta1.TrustedLaunch": schema_openshift_api_machine_v1beta1_TrustedLaunch(ref), - "github.com/openshift/api/machine/v1beta1.UEFISettings": schema_openshift_api_machine_v1beta1_UEFISettings(ref), - "github.com/openshift/api/machine/v1beta1.UnhealthyCondition": schema_openshift_api_machine_v1beta1_UnhealthyCondition(ref), - "github.com/openshift/api/machine/v1beta1.VMDiskSecurityProfile": schema_openshift_api_machine_v1beta1_VMDiskSecurityProfile(ref), - "github.com/openshift/api/machine/v1beta1.VSphereDisk": schema_openshift_api_machine_v1beta1_VSphereDisk(ref), - "github.com/openshift/api/machine/v1beta1.VSphereMachineProviderSpec": schema_openshift_api_machine_v1beta1_VSphereMachineProviderSpec(ref), - "github.com/openshift/api/machine/v1beta1.VSphereMachineProviderStatus": schema_openshift_api_machine_v1beta1_VSphereMachineProviderStatus(ref), - "github.com/openshift/api/machine/v1beta1.Workspace": schema_openshift_api_machine_v1beta1_Workspace(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImage": schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImage(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageBundleStatus": schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageBundleStatus(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageList": schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageList(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageRef": schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageRef(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageSpec": schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageSpec(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageStatus": schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageStatus(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStream": schema_openshift_api_machineconfiguration_v1alpha1_OSImageStream(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamList": schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamList(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamSet": schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamSet(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamSpec": schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamSpec(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamStatus": schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamStatus(ref), - "github.com/openshift/api/monitoring/v1.AlertRelabelConfig": schema_openshift_api_monitoring_v1_AlertRelabelConfig(ref), - "github.com/openshift/api/monitoring/v1.AlertRelabelConfigList": schema_openshift_api_monitoring_v1_AlertRelabelConfigList(ref), - "github.com/openshift/api/monitoring/v1.AlertRelabelConfigSpec": schema_openshift_api_monitoring_v1_AlertRelabelConfigSpec(ref), - "github.com/openshift/api/monitoring/v1.AlertRelabelConfigStatus": schema_openshift_api_monitoring_v1_AlertRelabelConfigStatus(ref), - "github.com/openshift/api/monitoring/v1.AlertingRule": schema_openshift_api_monitoring_v1_AlertingRule(ref), - "github.com/openshift/api/monitoring/v1.AlertingRuleList": schema_openshift_api_monitoring_v1_AlertingRuleList(ref), - "github.com/openshift/api/monitoring/v1.AlertingRuleSpec": schema_openshift_api_monitoring_v1_AlertingRuleSpec(ref), - "github.com/openshift/api/monitoring/v1.AlertingRuleStatus": schema_openshift_api_monitoring_v1_AlertingRuleStatus(ref), - "github.com/openshift/api/monitoring/v1.PrometheusRuleRef": schema_openshift_api_monitoring_v1_PrometheusRuleRef(ref), - "github.com/openshift/api/monitoring/v1.RelabelConfig": schema_openshift_api_monitoring_v1_RelabelConfig(ref), - "github.com/openshift/api/monitoring/v1.Rule": schema_openshift_api_monitoring_v1_Rule(ref), - "github.com/openshift/api/monitoring/v1.RuleGroup": schema_openshift_api_monitoring_v1_RuleGroup(ref), - "github.com/openshift/api/network/v1.ClusterNetwork": schema_openshift_api_network_v1_ClusterNetwork(ref), - "github.com/openshift/api/network/v1.ClusterNetworkEntry": schema_openshift_api_network_v1_ClusterNetworkEntry(ref), - "github.com/openshift/api/network/v1.ClusterNetworkList": schema_openshift_api_network_v1_ClusterNetworkList(ref), - "github.com/openshift/api/network/v1.EgressNetworkPolicy": schema_openshift_api_network_v1_EgressNetworkPolicy(ref), - "github.com/openshift/api/network/v1.EgressNetworkPolicyList": schema_openshift_api_network_v1_EgressNetworkPolicyList(ref), - "github.com/openshift/api/network/v1.EgressNetworkPolicyPeer": schema_openshift_api_network_v1_EgressNetworkPolicyPeer(ref), - "github.com/openshift/api/network/v1.EgressNetworkPolicyRule": schema_openshift_api_network_v1_EgressNetworkPolicyRule(ref), - "github.com/openshift/api/network/v1.EgressNetworkPolicySpec": schema_openshift_api_network_v1_EgressNetworkPolicySpec(ref), - "github.com/openshift/api/network/v1.HostSubnet": schema_openshift_api_network_v1_HostSubnet(ref), - "github.com/openshift/api/network/v1.HostSubnetList": schema_openshift_api_network_v1_HostSubnetList(ref), - "github.com/openshift/api/network/v1.NetNamespace": schema_openshift_api_network_v1_NetNamespace(ref), - "github.com/openshift/api/network/v1.NetNamespaceList": schema_openshift_api_network_v1_NetNamespaceList(ref), - "github.com/openshift/api/network/v1alpha1.DNSNameResolver": schema_openshift_api_network_v1alpha1_DNSNameResolver(ref), - "github.com/openshift/api/network/v1alpha1.DNSNameResolverList": schema_openshift_api_network_v1alpha1_DNSNameResolverList(ref), - "github.com/openshift/api/network/v1alpha1.DNSNameResolverResolvedAddress": schema_openshift_api_network_v1alpha1_DNSNameResolverResolvedAddress(ref), - "github.com/openshift/api/network/v1alpha1.DNSNameResolverResolvedName": schema_openshift_api_network_v1alpha1_DNSNameResolverResolvedName(ref), - "github.com/openshift/api/network/v1alpha1.DNSNameResolverSpec": schema_openshift_api_network_v1alpha1_DNSNameResolverSpec(ref), - "github.com/openshift/api/network/v1alpha1.DNSNameResolverStatus": schema_openshift_api_network_v1alpha1_DNSNameResolverStatus(ref), - "github.com/openshift/api/networkoperator/v1.EgressRouter": schema_openshift_api_networkoperator_v1_EgressRouter(ref), - "github.com/openshift/api/networkoperator/v1.EgressRouterSpec": schema_openshift_api_networkoperator_v1_EgressRouterSpec(ref), - "github.com/openshift/api/oauth/v1.ClusterRoleScopeRestriction": schema_openshift_api_oauth_v1_ClusterRoleScopeRestriction(ref), - "github.com/openshift/api/oauth/v1.OAuthAccessToken": schema_openshift_api_oauth_v1_OAuthAccessToken(ref), - "github.com/openshift/api/oauth/v1.OAuthAccessTokenList": schema_openshift_api_oauth_v1_OAuthAccessTokenList(ref), - "github.com/openshift/api/oauth/v1.OAuthAuthorizeToken": schema_openshift_api_oauth_v1_OAuthAuthorizeToken(ref), - "github.com/openshift/api/oauth/v1.OAuthAuthorizeTokenList": schema_openshift_api_oauth_v1_OAuthAuthorizeTokenList(ref), - "github.com/openshift/api/oauth/v1.OAuthClient": schema_openshift_api_oauth_v1_OAuthClient(ref), - "github.com/openshift/api/oauth/v1.OAuthClientAuthorization": schema_openshift_api_oauth_v1_OAuthClientAuthorization(ref), - "github.com/openshift/api/oauth/v1.OAuthClientAuthorizationList": schema_openshift_api_oauth_v1_OAuthClientAuthorizationList(ref), - "github.com/openshift/api/oauth/v1.OAuthClientList": schema_openshift_api_oauth_v1_OAuthClientList(ref), - "github.com/openshift/api/oauth/v1.OAuthRedirectReference": schema_openshift_api_oauth_v1_OAuthRedirectReference(ref), - "github.com/openshift/api/oauth/v1.RedirectReference": schema_openshift_api_oauth_v1_RedirectReference(ref), - "github.com/openshift/api/oauth/v1.ScopeRestriction": schema_openshift_api_oauth_v1_ScopeRestriction(ref), - "github.com/openshift/api/oauth/v1.UserOAuthAccessToken": schema_openshift_api_oauth_v1_UserOAuthAccessToken(ref), - "github.com/openshift/api/oauth/v1.UserOAuthAccessTokenList": schema_openshift_api_oauth_v1_UserOAuthAccessTokenList(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.APIServers": schema_openshift_api_openshiftcontrolplane_v1_APIServers(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.BuildControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_BuildControllerConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.BuildDefaultsConfig": schema_openshift_api_openshiftcontrolplane_v1_BuildDefaultsConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.BuildOverridesConfig": schema_openshift_api_openshiftcontrolplane_v1_BuildOverridesConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.ClusterNetworkEntry": schema_openshift_api_openshiftcontrolplane_v1_ClusterNetworkEntry(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.DeployerControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_DeployerControllerConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.DockerPullSecretControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_DockerPullSecretControllerConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.FrontProxyConfig": schema_openshift_api_openshiftcontrolplane_v1_FrontProxyConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.ImageConfig": schema_openshift_api_openshiftcontrolplane_v1_ImageConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.ImageImportControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_ImageImportControllerConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.ImagePolicyConfig": schema_openshift_api_openshiftcontrolplane_v1_ImagePolicyConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.IngressControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_IngressControllerConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.JenkinsPipelineConfig": schema_openshift_api_openshiftcontrolplane_v1_JenkinsPipelineConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.NetworkControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_NetworkControllerConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.OpenShiftAPIServerConfig": schema_openshift_api_openshiftcontrolplane_v1_OpenShiftAPIServerConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.OpenShiftControllerManagerConfig": schema_openshift_api_openshiftcontrolplane_v1_OpenShiftControllerManagerConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.PerGroupOptions": schema_openshift_api_openshiftcontrolplane_v1_PerGroupOptions(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.ProjectConfig": schema_openshift_api_openshiftcontrolplane_v1_ProjectConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.RegistryLocation": schema_openshift_api_openshiftcontrolplane_v1_RegistryLocation(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.ResourceQuotaControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_ResourceQuotaControllerConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.RoutingConfig": schema_openshift_api_openshiftcontrolplane_v1_RoutingConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.SecurityAllocator": schema_openshift_api_openshiftcontrolplane_v1_SecurityAllocator(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.ServiceAccountControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_ServiceAccountControllerConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.ServiceServingCert": schema_openshift_api_openshiftcontrolplane_v1_ServiceServingCert(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.SourceStrategyDefaultsConfig": schema_openshift_api_openshiftcontrolplane_v1_SourceStrategyDefaultsConfig(ref), - "github.com/openshift/api/operator/v1.AWSCSIDriverConfigSpec": schema_openshift_api_operator_v1_AWSCSIDriverConfigSpec(ref), - "github.com/openshift/api/operator/v1.AWSClassicLoadBalancerParameters": schema_openshift_api_operator_v1_AWSClassicLoadBalancerParameters(ref), - "github.com/openshift/api/operator/v1.AWSEFSVolumeMetrics": schema_openshift_api_operator_v1_AWSEFSVolumeMetrics(ref), - "github.com/openshift/api/operator/v1.AWSEFSVolumeMetricsRecursiveWalkConfig": schema_openshift_api_operator_v1_AWSEFSVolumeMetricsRecursiveWalkConfig(ref), - "github.com/openshift/api/operator/v1.AWSLoadBalancerParameters": schema_openshift_api_operator_v1_AWSLoadBalancerParameters(ref), - "github.com/openshift/api/operator/v1.AWSNetworkLoadBalancerParameters": schema_openshift_api_operator_v1_AWSNetworkLoadBalancerParameters(ref), - "github.com/openshift/api/operator/v1.AWSSubnets": schema_openshift_api_operator_v1_AWSSubnets(ref), - "github.com/openshift/api/operator/v1.AccessLogging": schema_openshift_api_operator_v1_AccessLogging(ref), - "github.com/openshift/api/operator/v1.AddPage": schema_openshift_api_operator_v1_AddPage(ref), - "github.com/openshift/api/operator/v1.AdditionalNetworkDefinition": schema_openshift_api_operator_v1_AdditionalNetworkDefinition(ref), - "github.com/openshift/api/operator/v1.AdditionalRoutingCapabilities": schema_openshift_api_operator_v1_AdditionalRoutingCapabilities(ref), - "github.com/openshift/api/operator/v1.Authentication": schema_openshift_api_operator_v1_Authentication(ref), - "github.com/openshift/api/operator/v1.AuthenticationList": schema_openshift_api_operator_v1_AuthenticationList(ref), - "github.com/openshift/api/operator/v1.AuthenticationSpec": schema_openshift_api_operator_v1_AuthenticationSpec(ref), - "github.com/openshift/api/operator/v1.AuthenticationStatus": schema_openshift_api_operator_v1_AuthenticationStatus(ref), - "github.com/openshift/api/operator/v1.AzureCSIDriverConfigSpec": schema_openshift_api_operator_v1_AzureCSIDriverConfigSpec(ref), - "github.com/openshift/api/operator/v1.AzureDiskEncryptionSet": schema_openshift_api_operator_v1_AzureDiskEncryptionSet(ref), - "github.com/openshift/api/operator/v1.BGPManagedConfig": schema_openshift_api_operator_v1_BGPManagedConfig(ref), - "github.com/openshift/api/operator/v1.BootImageSkewEnforcementConfig": schema_openshift_api_operator_v1_BootImageSkewEnforcementConfig(ref), - "github.com/openshift/api/operator/v1.BootImageSkewEnforcementStatus": schema_openshift_api_operator_v1_BootImageSkewEnforcementStatus(ref), - "github.com/openshift/api/operator/v1.CSIDriverConfigSpec": schema_openshift_api_operator_v1_CSIDriverConfigSpec(ref), - "github.com/openshift/api/operator/v1.CSISnapshotController": schema_openshift_api_operator_v1_CSISnapshotController(ref), - "github.com/openshift/api/operator/v1.CSISnapshotControllerList": schema_openshift_api_operator_v1_CSISnapshotControllerList(ref), - "github.com/openshift/api/operator/v1.CSISnapshotControllerSpec": schema_openshift_api_operator_v1_CSISnapshotControllerSpec(ref), - "github.com/openshift/api/operator/v1.CSISnapshotControllerStatus": schema_openshift_api_operator_v1_CSISnapshotControllerStatus(ref), - "github.com/openshift/api/operator/v1.Capability": schema_openshift_api_operator_v1_Capability(ref), - "github.com/openshift/api/operator/v1.CapabilityVisibility": schema_openshift_api_operator_v1_CapabilityVisibility(ref), - "github.com/openshift/api/operator/v1.ClientTLS": schema_openshift_api_operator_v1_ClientTLS(ref), - "github.com/openshift/api/operator/v1.CloudCredential": schema_openshift_api_operator_v1_CloudCredential(ref), - "github.com/openshift/api/operator/v1.CloudCredentialList": schema_openshift_api_operator_v1_CloudCredentialList(ref), - "github.com/openshift/api/operator/v1.CloudCredentialSpec": schema_openshift_api_operator_v1_CloudCredentialSpec(ref), - "github.com/openshift/api/operator/v1.CloudCredentialStatus": schema_openshift_api_operator_v1_CloudCredentialStatus(ref), - "github.com/openshift/api/operator/v1.ClusterBootImageAutomatic": schema_openshift_api_operator_v1_ClusterBootImageAutomatic(ref), - "github.com/openshift/api/operator/v1.ClusterBootImageManual": schema_openshift_api_operator_v1_ClusterBootImageManual(ref), - "github.com/openshift/api/operator/v1.ClusterCSIDriver": schema_openshift_api_operator_v1_ClusterCSIDriver(ref), - "github.com/openshift/api/operator/v1.ClusterCSIDriverList": schema_openshift_api_operator_v1_ClusterCSIDriverList(ref), - "github.com/openshift/api/operator/v1.ClusterCSIDriverSpec": schema_openshift_api_operator_v1_ClusterCSIDriverSpec(ref), - "github.com/openshift/api/operator/v1.ClusterCSIDriverStatus": schema_openshift_api_operator_v1_ClusterCSIDriverStatus(ref), - "github.com/openshift/api/operator/v1.ClusterNetworkEntry": schema_openshift_api_operator_v1_ClusterNetworkEntry(ref), - "github.com/openshift/api/operator/v1.Config": schema_openshift_api_operator_v1_Config(ref), - "github.com/openshift/api/operator/v1.ConfigList": schema_openshift_api_operator_v1_ConfigList(ref), - "github.com/openshift/api/operator/v1.ConfigMapFileReference": schema_openshift_api_operator_v1_ConfigMapFileReference(ref), - "github.com/openshift/api/operator/v1.ConfigSpec": schema_openshift_api_operator_v1_ConfigSpec(ref), - "github.com/openshift/api/operator/v1.ConfigStatus": schema_openshift_api_operator_v1_ConfigStatus(ref), - "github.com/openshift/api/operator/v1.Console": schema_openshift_api_operator_v1_Console(ref), - "github.com/openshift/api/operator/v1.ConsoleConfigRoute": schema_openshift_api_operator_v1_ConsoleConfigRoute(ref), - "github.com/openshift/api/operator/v1.ConsoleCustomization": schema_openshift_api_operator_v1_ConsoleCustomization(ref), - "github.com/openshift/api/operator/v1.ConsoleList": schema_openshift_api_operator_v1_ConsoleList(ref), - "github.com/openshift/api/operator/v1.ConsoleProviders": schema_openshift_api_operator_v1_ConsoleProviders(ref), - "github.com/openshift/api/operator/v1.ConsoleSpec": schema_openshift_api_operator_v1_ConsoleSpec(ref), - "github.com/openshift/api/operator/v1.ConsoleStatus": schema_openshift_api_operator_v1_ConsoleStatus(ref), - "github.com/openshift/api/operator/v1.ContainerLoggingDestinationParameters": schema_openshift_api_operator_v1_ContainerLoggingDestinationParameters(ref), - "github.com/openshift/api/operator/v1.DNS": schema_openshift_api_operator_v1_DNS(ref), - "github.com/openshift/api/operator/v1.DNSCache": schema_openshift_api_operator_v1_DNSCache(ref), - "github.com/openshift/api/operator/v1.DNSList": schema_openshift_api_operator_v1_DNSList(ref), - "github.com/openshift/api/operator/v1.DNSNodePlacement": schema_openshift_api_operator_v1_DNSNodePlacement(ref), - "github.com/openshift/api/operator/v1.DNSOverTLSConfig": schema_openshift_api_operator_v1_DNSOverTLSConfig(ref), - "github.com/openshift/api/operator/v1.DNSSpec": schema_openshift_api_operator_v1_DNSSpec(ref), - "github.com/openshift/api/operator/v1.DNSStatus": schema_openshift_api_operator_v1_DNSStatus(ref), - "github.com/openshift/api/operator/v1.DNSTransportConfig": schema_openshift_api_operator_v1_DNSTransportConfig(ref), - "github.com/openshift/api/operator/v1.DefaultNetworkDefinition": schema_openshift_api_operator_v1_DefaultNetworkDefinition(ref), - "github.com/openshift/api/operator/v1.DeveloperConsoleCatalogCategory": schema_openshift_api_operator_v1_DeveloperConsoleCatalogCategory(ref), - "github.com/openshift/api/operator/v1.DeveloperConsoleCatalogCategoryMeta": schema_openshift_api_operator_v1_DeveloperConsoleCatalogCategoryMeta(ref), - "github.com/openshift/api/operator/v1.DeveloperConsoleCatalogCustomization": schema_openshift_api_operator_v1_DeveloperConsoleCatalogCustomization(ref), - "github.com/openshift/api/operator/v1.DeveloperConsoleCatalogTypes": schema_openshift_api_operator_v1_DeveloperConsoleCatalogTypes(ref), - "github.com/openshift/api/operator/v1.EgressIPConfig": schema_openshift_api_operator_v1_EgressIPConfig(ref), - "github.com/openshift/api/operator/v1.EndpointPublishingStrategy": schema_openshift_api_operator_v1_EndpointPublishingStrategy(ref), - "github.com/openshift/api/operator/v1.Etcd": schema_openshift_api_operator_v1_Etcd(ref), - "github.com/openshift/api/operator/v1.EtcdList": schema_openshift_api_operator_v1_EtcdList(ref), - "github.com/openshift/api/operator/v1.EtcdSpec": schema_openshift_api_operator_v1_EtcdSpec(ref), - "github.com/openshift/api/operator/v1.EtcdStatus": schema_openshift_api_operator_v1_EtcdStatus(ref), - "github.com/openshift/api/operator/v1.ExportNetworkFlows": schema_openshift_api_operator_v1_ExportNetworkFlows(ref), - "github.com/openshift/api/operator/v1.FeaturesMigration": schema_openshift_api_operator_v1_FeaturesMigration(ref), - "github.com/openshift/api/operator/v1.FileReferenceSource": schema_openshift_api_operator_v1_FileReferenceSource(ref), - "github.com/openshift/api/operator/v1.ForwardPlugin": schema_openshift_api_operator_v1_ForwardPlugin(ref), - "github.com/openshift/api/operator/v1.GCPCSIDriverConfigSpec": schema_openshift_api_operator_v1_GCPCSIDriverConfigSpec(ref), - "github.com/openshift/api/operator/v1.GCPKMSKeyReference": schema_openshift_api_operator_v1_GCPKMSKeyReference(ref), - "github.com/openshift/api/operator/v1.GCPLoadBalancerParameters": schema_openshift_api_operator_v1_GCPLoadBalancerParameters(ref), - "github.com/openshift/api/operator/v1.GatewayConfig": schema_openshift_api_operator_v1_GatewayConfig(ref), - "github.com/openshift/api/operator/v1.GatherStatus": schema_openshift_api_operator_v1_GatherStatus(ref), - "github.com/openshift/api/operator/v1.GathererStatus": schema_openshift_api_operator_v1_GathererStatus(ref), - "github.com/openshift/api/operator/v1.GenerationStatus": schema_openshift_api_operator_v1_GenerationStatus(ref), - "github.com/openshift/api/operator/v1.HTTPCompressionPolicy": schema_openshift_api_operator_v1_HTTPCompressionPolicy(ref), - "github.com/openshift/api/operator/v1.HealthCheck": schema_openshift_api_operator_v1_HealthCheck(ref), - "github.com/openshift/api/operator/v1.HostNetworkStrategy": schema_openshift_api_operator_v1_HostNetworkStrategy(ref), - "github.com/openshift/api/operator/v1.HybridOverlayConfig": schema_openshift_api_operator_v1_HybridOverlayConfig(ref), - "github.com/openshift/api/operator/v1.IBMCloudCSIDriverConfigSpec": schema_openshift_api_operator_v1_IBMCloudCSIDriverConfigSpec(ref), - "github.com/openshift/api/operator/v1.IBMLoadBalancerParameters": schema_openshift_api_operator_v1_IBMLoadBalancerParameters(ref), - "github.com/openshift/api/operator/v1.IPAMConfig": schema_openshift_api_operator_v1_IPAMConfig(ref), - "github.com/openshift/api/operator/v1.IPFIXConfig": schema_openshift_api_operator_v1_IPFIXConfig(ref), - "github.com/openshift/api/operator/v1.IPsecConfig": schema_openshift_api_operator_v1_IPsecConfig(ref), - "github.com/openshift/api/operator/v1.IPsecFullModeConfig": schema_openshift_api_operator_v1_IPsecFullModeConfig(ref), - "github.com/openshift/api/operator/v1.IPv4GatewayConfig": schema_openshift_api_operator_v1_IPv4GatewayConfig(ref), - "github.com/openshift/api/operator/v1.IPv4OVNKubernetesConfig": schema_openshift_api_operator_v1_IPv4OVNKubernetesConfig(ref), - "github.com/openshift/api/operator/v1.IPv6GatewayConfig": schema_openshift_api_operator_v1_IPv6GatewayConfig(ref), - "github.com/openshift/api/operator/v1.IPv6OVNKubernetesConfig": schema_openshift_api_operator_v1_IPv6OVNKubernetesConfig(ref), - "github.com/openshift/api/operator/v1.Ingress": schema_openshift_api_operator_v1_Ingress(ref), - "github.com/openshift/api/operator/v1.IngressController": schema_openshift_api_operator_v1_IngressController(ref), - "github.com/openshift/api/operator/v1.IngressControllerCaptureHTTPCookie": schema_openshift_api_operator_v1_IngressControllerCaptureHTTPCookie(ref), - "github.com/openshift/api/operator/v1.IngressControllerCaptureHTTPCookieUnion": schema_openshift_api_operator_v1_IngressControllerCaptureHTTPCookieUnion(ref), - "github.com/openshift/api/operator/v1.IngressControllerCaptureHTTPHeader": schema_openshift_api_operator_v1_IngressControllerCaptureHTTPHeader(ref), - "github.com/openshift/api/operator/v1.IngressControllerCaptureHTTPHeaders": schema_openshift_api_operator_v1_IngressControllerCaptureHTTPHeaders(ref), - "github.com/openshift/api/operator/v1.IngressControllerHTTPHeader": schema_openshift_api_operator_v1_IngressControllerHTTPHeader(ref), - "github.com/openshift/api/operator/v1.IngressControllerHTTPHeaderActionUnion": schema_openshift_api_operator_v1_IngressControllerHTTPHeaderActionUnion(ref), - "github.com/openshift/api/operator/v1.IngressControllerHTTPHeaderActions": schema_openshift_api_operator_v1_IngressControllerHTTPHeaderActions(ref), - "github.com/openshift/api/operator/v1.IngressControllerHTTPHeaders": schema_openshift_api_operator_v1_IngressControllerHTTPHeaders(ref), - "github.com/openshift/api/operator/v1.IngressControllerHTTPUniqueIdHeaderPolicy": schema_openshift_api_operator_v1_IngressControllerHTTPUniqueIdHeaderPolicy(ref), - "github.com/openshift/api/operator/v1.IngressControllerList": schema_openshift_api_operator_v1_IngressControllerList(ref), - "github.com/openshift/api/operator/v1.IngressControllerLogging": schema_openshift_api_operator_v1_IngressControllerLogging(ref), - "github.com/openshift/api/operator/v1.IngressControllerSetHTTPHeader": schema_openshift_api_operator_v1_IngressControllerSetHTTPHeader(ref), - "github.com/openshift/api/operator/v1.IngressControllerSpec": schema_openshift_api_operator_v1_IngressControllerSpec(ref), - "github.com/openshift/api/operator/v1.IngressControllerStatus": schema_openshift_api_operator_v1_IngressControllerStatus(ref), - "github.com/openshift/api/operator/v1.IngressControllerTuningOptions": schema_openshift_api_operator_v1_IngressControllerTuningOptions(ref), - "github.com/openshift/api/operator/v1.InsightsOperator": schema_openshift_api_operator_v1_InsightsOperator(ref), - "github.com/openshift/api/operator/v1.InsightsOperatorList": schema_openshift_api_operator_v1_InsightsOperatorList(ref), - "github.com/openshift/api/operator/v1.InsightsOperatorSpec": schema_openshift_api_operator_v1_InsightsOperatorSpec(ref), - "github.com/openshift/api/operator/v1.InsightsOperatorStatus": schema_openshift_api_operator_v1_InsightsOperatorStatus(ref), - "github.com/openshift/api/operator/v1.InsightsReport": schema_openshift_api_operator_v1_InsightsReport(ref), - "github.com/openshift/api/operator/v1.IrreconcilableValidationOverrides": schema_openshift_api_operator_v1_IrreconcilableValidationOverrides(ref), - "github.com/openshift/api/operator/v1.KubeAPIServer": schema_openshift_api_operator_v1_KubeAPIServer(ref), - "github.com/openshift/api/operator/v1.KubeAPIServerList": schema_openshift_api_operator_v1_KubeAPIServerList(ref), - "github.com/openshift/api/operator/v1.KubeAPIServerSpec": schema_openshift_api_operator_v1_KubeAPIServerSpec(ref), - "github.com/openshift/api/operator/v1.KubeAPIServerStatus": schema_openshift_api_operator_v1_KubeAPIServerStatus(ref), - "github.com/openshift/api/operator/v1.KubeControllerManager": schema_openshift_api_operator_v1_KubeControllerManager(ref), - "github.com/openshift/api/operator/v1.KubeControllerManagerList": schema_openshift_api_operator_v1_KubeControllerManagerList(ref), - "github.com/openshift/api/operator/v1.KubeControllerManagerSpec": schema_openshift_api_operator_v1_KubeControllerManagerSpec(ref), - "github.com/openshift/api/operator/v1.KubeControllerManagerStatus": schema_openshift_api_operator_v1_KubeControllerManagerStatus(ref), - "github.com/openshift/api/operator/v1.KubeScheduler": schema_openshift_api_operator_v1_KubeScheduler(ref), - "github.com/openshift/api/operator/v1.KubeSchedulerList": schema_openshift_api_operator_v1_KubeSchedulerList(ref), - "github.com/openshift/api/operator/v1.KubeSchedulerSpec": schema_openshift_api_operator_v1_KubeSchedulerSpec(ref), - "github.com/openshift/api/operator/v1.KubeSchedulerStatus": schema_openshift_api_operator_v1_KubeSchedulerStatus(ref), - "github.com/openshift/api/operator/v1.KubeStorageVersionMigrator": schema_openshift_api_operator_v1_KubeStorageVersionMigrator(ref), - "github.com/openshift/api/operator/v1.KubeStorageVersionMigratorList": schema_openshift_api_operator_v1_KubeStorageVersionMigratorList(ref), - "github.com/openshift/api/operator/v1.KubeStorageVersionMigratorSpec": schema_openshift_api_operator_v1_KubeStorageVersionMigratorSpec(ref), - "github.com/openshift/api/operator/v1.KubeStorageVersionMigratorStatus": schema_openshift_api_operator_v1_KubeStorageVersionMigratorStatus(ref), - "github.com/openshift/api/operator/v1.LoadBalancerStrategy": schema_openshift_api_operator_v1_LoadBalancerStrategy(ref), - "github.com/openshift/api/operator/v1.LoggingDestination": schema_openshift_api_operator_v1_LoggingDestination(ref), - "github.com/openshift/api/operator/v1.Logo": schema_openshift_api_operator_v1_Logo(ref), - "github.com/openshift/api/operator/v1.MTUMigration": schema_openshift_api_operator_v1_MTUMigration(ref), - "github.com/openshift/api/operator/v1.MTUMigrationValues": schema_openshift_api_operator_v1_MTUMigrationValues(ref), - "github.com/openshift/api/operator/v1.MachineConfiguration": schema_openshift_api_operator_v1_MachineConfiguration(ref), - "github.com/openshift/api/operator/v1.MachineConfigurationList": schema_openshift_api_operator_v1_MachineConfigurationList(ref), - "github.com/openshift/api/operator/v1.MachineConfigurationSpec": schema_openshift_api_operator_v1_MachineConfigurationSpec(ref), - "github.com/openshift/api/operator/v1.MachineConfigurationStatus": schema_openshift_api_operator_v1_MachineConfigurationStatus(ref), - "github.com/openshift/api/operator/v1.MachineManager": schema_openshift_api_operator_v1_MachineManager(ref), - "github.com/openshift/api/operator/v1.MachineManagerSelector": schema_openshift_api_operator_v1_MachineManagerSelector(ref), - "github.com/openshift/api/operator/v1.ManagedBootImages": schema_openshift_api_operator_v1_ManagedBootImages(ref), - "github.com/openshift/api/operator/v1.MyOperatorResource": schema_openshift_api_operator_v1_MyOperatorResource(ref), - "github.com/openshift/api/operator/v1.MyOperatorResourceSpec": schema_openshift_api_operator_v1_MyOperatorResourceSpec(ref), - "github.com/openshift/api/operator/v1.MyOperatorResourceStatus": schema_openshift_api_operator_v1_MyOperatorResourceStatus(ref), - "github.com/openshift/api/operator/v1.NetFlowConfig": schema_openshift_api_operator_v1_NetFlowConfig(ref), - "github.com/openshift/api/operator/v1.Network": schema_openshift_api_operator_v1_Network(ref), - "github.com/openshift/api/operator/v1.NetworkList": schema_openshift_api_operator_v1_NetworkList(ref), - "github.com/openshift/api/operator/v1.NetworkMigration": schema_openshift_api_operator_v1_NetworkMigration(ref), - "github.com/openshift/api/operator/v1.NetworkSpec": schema_openshift_api_operator_v1_NetworkSpec(ref), - "github.com/openshift/api/operator/v1.NetworkStatus": schema_openshift_api_operator_v1_NetworkStatus(ref), - "github.com/openshift/api/operator/v1.NoOverlayConfig": schema_openshift_api_operator_v1_NoOverlayConfig(ref), - "github.com/openshift/api/operator/v1.NodeDisruptionPolicyClusterStatus": schema_openshift_api_operator_v1_NodeDisruptionPolicyClusterStatus(ref), - "github.com/openshift/api/operator/v1.NodeDisruptionPolicyConfig": schema_openshift_api_operator_v1_NodeDisruptionPolicyConfig(ref), - "github.com/openshift/api/operator/v1.NodeDisruptionPolicySpecAction": schema_openshift_api_operator_v1_NodeDisruptionPolicySpecAction(ref), - "github.com/openshift/api/operator/v1.NodeDisruptionPolicySpecFile": schema_openshift_api_operator_v1_NodeDisruptionPolicySpecFile(ref), - "github.com/openshift/api/operator/v1.NodeDisruptionPolicySpecSSHKey": schema_openshift_api_operator_v1_NodeDisruptionPolicySpecSSHKey(ref), - "github.com/openshift/api/operator/v1.NodeDisruptionPolicySpecUnit": schema_openshift_api_operator_v1_NodeDisruptionPolicySpecUnit(ref), - "github.com/openshift/api/operator/v1.NodeDisruptionPolicyStatus": schema_openshift_api_operator_v1_NodeDisruptionPolicyStatus(ref), - "github.com/openshift/api/operator/v1.NodeDisruptionPolicyStatusAction": schema_openshift_api_operator_v1_NodeDisruptionPolicyStatusAction(ref), - "github.com/openshift/api/operator/v1.NodeDisruptionPolicyStatusFile": schema_openshift_api_operator_v1_NodeDisruptionPolicyStatusFile(ref), - "github.com/openshift/api/operator/v1.NodeDisruptionPolicyStatusSSHKey": schema_openshift_api_operator_v1_NodeDisruptionPolicyStatusSSHKey(ref), - "github.com/openshift/api/operator/v1.NodeDisruptionPolicyStatusUnit": schema_openshift_api_operator_v1_NodeDisruptionPolicyStatusUnit(ref), - "github.com/openshift/api/operator/v1.NodePlacement": schema_openshift_api_operator_v1_NodePlacement(ref), - "github.com/openshift/api/operator/v1.NodePortStrategy": schema_openshift_api_operator_v1_NodePortStrategy(ref), - "github.com/openshift/api/operator/v1.NodeStatus": schema_openshift_api_operator_v1_NodeStatus(ref), - "github.com/openshift/api/operator/v1.OAuthAPIServerStatus": schema_openshift_api_operator_v1_OAuthAPIServerStatus(ref), - "github.com/openshift/api/operator/v1.OLM": schema_openshift_api_operator_v1_OLM(ref), - "github.com/openshift/api/operator/v1.OLMList": schema_openshift_api_operator_v1_OLMList(ref), - "github.com/openshift/api/operator/v1.OLMSpec": schema_openshift_api_operator_v1_OLMSpec(ref), - "github.com/openshift/api/operator/v1.OLMStatus": schema_openshift_api_operator_v1_OLMStatus(ref), - "github.com/openshift/api/operator/v1.OVNKubernetesConfig": schema_openshift_api_operator_v1_OVNKubernetesConfig(ref), - "github.com/openshift/api/operator/v1.OpenShiftAPIServer": schema_openshift_api_operator_v1_OpenShiftAPIServer(ref), - "github.com/openshift/api/operator/v1.OpenShiftAPIServerList": schema_openshift_api_operator_v1_OpenShiftAPIServerList(ref), - "github.com/openshift/api/operator/v1.OpenShiftAPIServerSpec": schema_openshift_api_operator_v1_OpenShiftAPIServerSpec(ref), - "github.com/openshift/api/operator/v1.OpenShiftAPIServerStatus": schema_openshift_api_operator_v1_OpenShiftAPIServerStatus(ref), - "github.com/openshift/api/operator/v1.OpenShiftControllerManager": schema_openshift_api_operator_v1_OpenShiftControllerManager(ref), - "github.com/openshift/api/operator/v1.OpenShiftControllerManagerList": schema_openshift_api_operator_v1_OpenShiftControllerManagerList(ref), - "github.com/openshift/api/operator/v1.OpenShiftControllerManagerSpec": schema_openshift_api_operator_v1_OpenShiftControllerManagerSpec(ref), - "github.com/openshift/api/operator/v1.OpenShiftControllerManagerStatus": schema_openshift_api_operator_v1_OpenShiftControllerManagerStatus(ref), - "github.com/openshift/api/operator/v1.OpenShiftSDNConfig": schema_openshift_api_operator_v1_OpenShiftSDNConfig(ref), - "github.com/openshift/api/operator/v1.OpenStackLoadBalancerParameters": schema_openshift_api_operator_v1_OpenStackLoadBalancerParameters(ref), - "github.com/openshift/api/operator/v1.OperatorCondition": schema_openshift_api_operator_v1_OperatorCondition(ref), - "github.com/openshift/api/operator/v1.OperatorSpec": schema_openshift_api_operator_v1_OperatorSpec(ref), - "github.com/openshift/api/operator/v1.OperatorStatus": schema_openshift_api_operator_v1_OperatorStatus(ref), - "github.com/openshift/api/operator/v1.PartialSelector": schema_openshift_api_operator_v1_PartialSelector(ref), - "github.com/openshift/api/operator/v1.Perspective": schema_openshift_api_operator_v1_Perspective(ref), - "github.com/openshift/api/operator/v1.PerspectiveVisibility": schema_openshift_api_operator_v1_PerspectiveVisibility(ref), - "github.com/openshift/api/operator/v1.PinnedResourceReference": schema_openshift_api_operator_v1_PinnedResourceReference(ref), - "github.com/openshift/api/operator/v1.PolicyAuditConfig": schema_openshift_api_operator_v1_PolicyAuditConfig(ref), - "github.com/openshift/api/operator/v1.PrivateStrategy": schema_openshift_api_operator_v1_PrivateStrategy(ref), - "github.com/openshift/api/operator/v1.ProjectAccess": schema_openshift_api_operator_v1_ProjectAccess(ref), - "github.com/openshift/api/operator/v1.ProviderLoadBalancerParameters": schema_openshift_api_operator_v1_ProviderLoadBalancerParameters(ref), - "github.com/openshift/api/operator/v1.ProxyConfig": schema_openshift_api_operator_v1_ProxyConfig(ref), - "github.com/openshift/api/operator/v1.QuickStarts": schema_openshift_api_operator_v1_QuickStarts(ref), - "github.com/openshift/api/operator/v1.ReloadService": schema_openshift_api_operator_v1_ReloadService(ref), - "github.com/openshift/api/operator/v1.ResourceAttributesAccessReview": schema_openshift_api_operator_v1_ResourceAttributesAccessReview(ref), - "github.com/openshift/api/operator/v1.RestartService": schema_openshift_api_operator_v1_RestartService(ref), - "github.com/openshift/api/operator/v1.RouteAdmissionPolicy": schema_openshift_api_operator_v1_RouteAdmissionPolicy(ref), - "github.com/openshift/api/operator/v1.SFlowConfig": schema_openshift_api_operator_v1_SFlowConfig(ref), - "github.com/openshift/api/operator/v1.Server": schema_openshift_api_operator_v1_Server(ref), - "github.com/openshift/api/operator/v1.ServiceAccountIssuerStatus": schema_openshift_api_operator_v1_ServiceAccountIssuerStatus(ref), - "github.com/openshift/api/operator/v1.ServiceCA": schema_openshift_api_operator_v1_ServiceCA(ref), - "github.com/openshift/api/operator/v1.ServiceCAList": schema_openshift_api_operator_v1_ServiceCAList(ref), - "github.com/openshift/api/operator/v1.ServiceCASpec": schema_openshift_api_operator_v1_ServiceCASpec(ref), - "github.com/openshift/api/operator/v1.ServiceCAStatus": schema_openshift_api_operator_v1_ServiceCAStatus(ref), - "github.com/openshift/api/operator/v1.ServiceCatalogAPIServer": schema_openshift_api_operator_v1_ServiceCatalogAPIServer(ref), - "github.com/openshift/api/operator/v1.ServiceCatalogAPIServerList": schema_openshift_api_operator_v1_ServiceCatalogAPIServerList(ref), - "github.com/openshift/api/operator/v1.ServiceCatalogAPIServerSpec": schema_openshift_api_operator_v1_ServiceCatalogAPIServerSpec(ref), - "github.com/openshift/api/operator/v1.ServiceCatalogAPIServerStatus": schema_openshift_api_operator_v1_ServiceCatalogAPIServerStatus(ref), - "github.com/openshift/api/operator/v1.ServiceCatalogControllerManager": schema_openshift_api_operator_v1_ServiceCatalogControllerManager(ref), - "github.com/openshift/api/operator/v1.ServiceCatalogControllerManagerList": schema_openshift_api_operator_v1_ServiceCatalogControllerManagerList(ref), - "github.com/openshift/api/operator/v1.ServiceCatalogControllerManagerSpec": schema_openshift_api_operator_v1_ServiceCatalogControllerManagerSpec(ref), - "github.com/openshift/api/operator/v1.ServiceCatalogControllerManagerStatus": schema_openshift_api_operator_v1_ServiceCatalogControllerManagerStatus(ref), - "github.com/openshift/api/operator/v1.SimpleMacvlanConfig": schema_openshift_api_operator_v1_SimpleMacvlanConfig(ref), - "github.com/openshift/api/operator/v1.StaticIPAMAddresses": schema_openshift_api_operator_v1_StaticIPAMAddresses(ref), - "github.com/openshift/api/operator/v1.StaticIPAMConfig": schema_openshift_api_operator_v1_StaticIPAMConfig(ref), - "github.com/openshift/api/operator/v1.StaticIPAMDNS": schema_openshift_api_operator_v1_StaticIPAMDNS(ref), - "github.com/openshift/api/operator/v1.StaticIPAMRoutes": schema_openshift_api_operator_v1_StaticIPAMRoutes(ref), - "github.com/openshift/api/operator/v1.StaticPodOperatorSpec": schema_openshift_api_operator_v1_StaticPodOperatorSpec(ref), - "github.com/openshift/api/operator/v1.StaticPodOperatorStatus": schema_openshift_api_operator_v1_StaticPodOperatorStatus(ref), - "github.com/openshift/api/operator/v1.StatuspageProvider": schema_openshift_api_operator_v1_StatuspageProvider(ref), - "github.com/openshift/api/operator/v1.Storage": schema_openshift_api_operator_v1_Storage(ref), - "github.com/openshift/api/operator/v1.StorageList": schema_openshift_api_operator_v1_StorageList(ref), - "github.com/openshift/api/operator/v1.StorageSpec": schema_openshift_api_operator_v1_StorageSpec(ref), - "github.com/openshift/api/operator/v1.StorageStatus": schema_openshift_api_operator_v1_StorageStatus(ref), - "github.com/openshift/api/operator/v1.SyslogLoggingDestinationParameters": schema_openshift_api_operator_v1_SyslogLoggingDestinationParameters(ref), - "github.com/openshift/api/operator/v1.Theme": schema_openshift_api_operator_v1_Theme(ref), - "github.com/openshift/api/operator/v1.Upstream": schema_openshift_api_operator_v1_Upstream(ref), - "github.com/openshift/api/operator/v1.UpstreamResolvers": schema_openshift_api_operator_v1_UpstreamResolvers(ref), - "github.com/openshift/api/operator/v1.VSphereCSIDriverConfigSpec": schema_openshift_api_operator_v1_VSphereCSIDriverConfigSpec(ref), - "github.com/openshift/api/operator/v1alpha1.BackupJobReference": schema_openshift_api_operator_v1alpha1_BackupJobReference(ref), - "github.com/openshift/api/operator/v1alpha1.ClusterAPI": schema_openshift_api_operator_v1alpha1_ClusterAPI(ref), - "github.com/openshift/api/operator/v1alpha1.ClusterAPIInstallerComponent": schema_openshift_api_operator_v1alpha1_ClusterAPIInstallerComponent(ref), - "github.com/openshift/api/operator/v1alpha1.ClusterAPIInstallerComponentImage": schema_openshift_api_operator_v1alpha1_ClusterAPIInstallerComponentImage(ref), - "github.com/openshift/api/operator/v1alpha1.ClusterAPIInstallerRevision": schema_openshift_api_operator_v1alpha1_ClusterAPIInstallerRevision(ref), - "github.com/openshift/api/operator/v1alpha1.ClusterAPIList": schema_openshift_api_operator_v1alpha1_ClusterAPIList(ref), - "github.com/openshift/api/operator/v1alpha1.ClusterAPISpec": schema_openshift_api_operator_v1alpha1_ClusterAPISpec(ref), - "github.com/openshift/api/operator/v1alpha1.ClusterAPIStatus": schema_openshift_api_operator_v1alpha1_ClusterAPIStatus(ref), - "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperator": schema_openshift_api_operator_v1alpha1_ClusterVersionOperator(ref), - "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperatorList": schema_openshift_api_operator_v1alpha1_ClusterVersionOperatorList(ref), - "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperatorSpec": schema_openshift_api_operator_v1alpha1_ClusterVersionOperatorSpec(ref), - "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperatorStatus": schema_openshift_api_operator_v1alpha1_ClusterVersionOperatorStatus(ref), - "github.com/openshift/api/operator/v1alpha1.DelegatedAuthentication": schema_openshift_api_operator_v1alpha1_DelegatedAuthentication(ref), - "github.com/openshift/api/operator/v1alpha1.DelegatedAuthorization": schema_openshift_api_operator_v1alpha1_DelegatedAuthorization(ref), - "github.com/openshift/api/operator/v1alpha1.EtcdBackup": schema_openshift_api_operator_v1alpha1_EtcdBackup(ref), - "github.com/openshift/api/operator/v1alpha1.EtcdBackupList": schema_openshift_api_operator_v1alpha1_EtcdBackupList(ref), - "github.com/openshift/api/operator/v1alpha1.EtcdBackupSpec": schema_openshift_api_operator_v1alpha1_EtcdBackupSpec(ref), - "github.com/openshift/api/operator/v1alpha1.EtcdBackupStatus": schema_openshift_api_operator_v1alpha1_EtcdBackupStatus(ref), - "github.com/openshift/api/operator/v1alpha1.GenerationHistory": schema_openshift_api_operator_v1alpha1_GenerationHistory(ref), - "github.com/openshift/api/operator/v1alpha1.GenericOperatorConfig": schema_openshift_api_operator_v1alpha1_GenericOperatorConfig(ref), - "github.com/openshift/api/operator/v1alpha1.ImageContentSourcePolicy": schema_openshift_api_operator_v1alpha1_ImageContentSourcePolicy(ref), - "github.com/openshift/api/operator/v1alpha1.ImageContentSourcePolicyList": schema_openshift_api_operator_v1alpha1_ImageContentSourcePolicyList(ref), - "github.com/openshift/api/operator/v1alpha1.ImageContentSourcePolicySpec": schema_openshift_api_operator_v1alpha1_ImageContentSourcePolicySpec(ref), - "github.com/openshift/api/operator/v1alpha1.LoggingConfig": schema_openshift_api_operator_v1alpha1_LoggingConfig(ref), - "github.com/openshift/api/operator/v1alpha1.NodeStatus": schema_openshift_api_operator_v1alpha1_NodeStatus(ref), - "github.com/openshift/api/operator/v1alpha1.OLM": schema_openshift_api_operator_v1alpha1_OLM(ref), - "github.com/openshift/api/operator/v1alpha1.OLMList": schema_openshift_api_operator_v1alpha1_OLMList(ref), - "github.com/openshift/api/operator/v1alpha1.OLMSpec": schema_openshift_api_operator_v1alpha1_OLMSpec(ref), - "github.com/openshift/api/operator/v1alpha1.OLMStatus": schema_openshift_api_operator_v1alpha1_OLMStatus(ref), - "github.com/openshift/api/operator/v1alpha1.OperatorCondition": schema_openshift_api_operator_v1alpha1_OperatorCondition(ref), - "github.com/openshift/api/operator/v1alpha1.OperatorSpec": schema_openshift_api_operator_v1alpha1_OperatorSpec(ref), - "github.com/openshift/api/operator/v1alpha1.OperatorStatus": schema_openshift_api_operator_v1alpha1_OperatorStatus(ref), - "github.com/openshift/api/operator/v1alpha1.RepositoryDigestMirrors": schema_openshift_api_operator_v1alpha1_RepositoryDigestMirrors(ref), - "github.com/openshift/api/operator/v1alpha1.StaticPodOperatorStatus": schema_openshift_api_operator_v1alpha1_StaticPodOperatorStatus(ref), - "github.com/openshift/api/operator/v1alpha1.VersionAvailability": schema_openshift_api_operator_v1alpha1_VersionAvailability(ref), - "github.com/openshift/api/operatorcontrolplane/v1alpha1.LogEntry": schema_openshift_api_operatorcontrolplane_v1alpha1_LogEntry(ref), - "github.com/openshift/api/operatorcontrolplane/v1alpha1.OutageEntry": schema_openshift_api_operatorcontrolplane_v1alpha1_OutageEntry(ref), - "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheck": schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheck(ref), - "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckCondition": schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheckCondition(ref), - "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckList": schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheckList(ref), - "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckSpec": schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheckSpec(ref), - "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckStatus": schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheckStatus(ref), - "github.com/openshift/api/operatoringress/v1.DNSRecord": schema_openshift_api_operatoringress_v1_DNSRecord(ref), - "github.com/openshift/api/operatoringress/v1.DNSRecordList": schema_openshift_api_operatoringress_v1_DNSRecordList(ref), - "github.com/openshift/api/operatoringress/v1.DNSRecordSpec": schema_openshift_api_operatoringress_v1_DNSRecordSpec(ref), - "github.com/openshift/api/operatoringress/v1.DNSRecordStatus": schema_openshift_api_operatoringress_v1_DNSRecordStatus(ref), - "github.com/openshift/api/operatoringress/v1.DNSZoneCondition": schema_openshift_api_operatoringress_v1_DNSZoneCondition(ref), - "github.com/openshift/api/operatoringress/v1.DNSZoneStatus": schema_openshift_api_operatoringress_v1_DNSZoneStatus(ref), - "github.com/openshift/api/osin/v1.AllowAllPasswordIdentityProvider": schema_openshift_api_osin_v1_AllowAllPasswordIdentityProvider(ref), - "github.com/openshift/api/osin/v1.BasicAuthPasswordIdentityProvider": schema_openshift_api_osin_v1_BasicAuthPasswordIdentityProvider(ref), - "github.com/openshift/api/osin/v1.DenyAllPasswordIdentityProvider": schema_openshift_api_osin_v1_DenyAllPasswordIdentityProvider(ref), - "github.com/openshift/api/osin/v1.GitHubIdentityProvider": schema_openshift_api_osin_v1_GitHubIdentityProvider(ref), - "github.com/openshift/api/osin/v1.GitLabIdentityProvider": schema_openshift_api_osin_v1_GitLabIdentityProvider(ref), - "github.com/openshift/api/osin/v1.GoogleIdentityProvider": schema_openshift_api_osin_v1_GoogleIdentityProvider(ref), - "github.com/openshift/api/osin/v1.GrantConfig": schema_openshift_api_osin_v1_GrantConfig(ref), - "github.com/openshift/api/osin/v1.HTPasswdPasswordIdentityProvider": schema_openshift_api_osin_v1_HTPasswdPasswordIdentityProvider(ref), - "github.com/openshift/api/osin/v1.IdentityProvider": schema_openshift_api_osin_v1_IdentityProvider(ref), - "github.com/openshift/api/osin/v1.KeystonePasswordIdentityProvider": schema_openshift_api_osin_v1_KeystonePasswordIdentityProvider(ref), - "github.com/openshift/api/osin/v1.LDAPAttributeMapping": schema_openshift_api_osin_v1_LDAPAttributeMapping(ref), - "github.com/openshift/api/osin/v1.LDAPPasswordIdentityProvider": schema_openshift_api_osin_v1_LDAPPasswordIdentityProvider(ref), - "github.com/openshift/api/osin/v1.OAuthConfig": schema_openshift_api_osin_v1_OAuthConfig(ref), - "github.com/openshift/api/osin/v1.OAuthTemplates": schema_openshift_api_osin_v1_OAuthTemplates(ref), - "github.com/openshift/api/osin/v1.OpenIDClaims": schema_openshift_api_osin_v1_OpenIDClaims(ref), - "github.com/openshift/api/osin/v1.OpenIDIdentityProvider": schema_openshift_api_osin_v1_OpenIDIdentityProvider(ref), - "github.com/openshift/api/osin/v1.OpenIDURLs": schema_openshift_api_osin_v1_OpenIDURLs(ref), - "github.com/openshift/api/osin/v1.OsinServerConfig": schema_openshift_api_osin_v1_OsinServerConfig(ref), - "github.com/openshift/api/osin/v1.RequestHeaderIdentityProvider": schema_openshift_api_osin_v1_RequestHeaderIdentityProvider(ref), - "github.com/openshift/api/osin/v1.SessionConfig": schema_openshift_api_osin_v1_SessionConfig(ref), - "github.com/openshift/api/osin/v1.SessionSecret": schema_openshift_api_osin_v1_SessionSecret(ref), - "github.com/openshift/api/osin/v1.SessionSecrets": schema_openshift_api_osin_v1_SessionSecrets(ref), - "github.com/openshift/api/osin/v1.TokenConfig": schema_openshift_api_osin_v1_TokenConfig(ref), - "github.com/openshift/api/project/v1.Project": schema_openshift_api_project_v1_Project(ref), - "github.com/openshift/api/project/v1.ProjectList": schema_openshift_api_project_v1_ProjectList(ref), - "github.com/openshift/api/project/v1.ProjectRequest": schema_openshift_api_project_v1_ProjectRequest(ref), - "github.com/openshift/api/project/v1.ProjectSpec": schema_openshift_api_project_v1_ProjectSpec(ref), - "github.com/openshift/api/project/v1.ProjectStatus": schema_openshift_api_project_v1_ProjectStatus(ref), - "github.com/openshift/api/quota/v1.AppliedClusterResourceQuota": schema_openshift_api_quota_v1_AppliedClusterResourceQuota(ref), - "github.com/openshift/api/quota/v1.AppliedClusterResourceQuotaList": schema_openshift_api_quota_v1_AppliedClusterResourceQuotaList(ref), - "github.com/openshift/api/quota/v1.ClusterResourceQuota": schema_openshift_api_quota_v1_ClusterResourceQuota(ref), - "github.com/openshift/api/quota/v1.ClusterResourceQuotaList": schema_openshift_api_quota_v1_ClusterResourceQuotaList(ref), - "github.com/openshift/api/quota/v1.ClusterResourceQuotaSelector": schema_openshift_api_quota_v1_ClusterResourceQuotaSelector(ref), - "github.com/openshift/api/quota/v1.ClusterResourceQuotaSpec": schema_openshift_api_quota_v1_ClusterResourceQuotaSpec(ref), - "github.com/openshift/api/quota/v1.ClusterResourceQuotaStatus": schema_openshift_api_quota_v1_ClusterResourceQuotaStatus(ref), - "github.com/openshift/api/quota/v1.ResourceQuotaStatusByNamespace": schema_openshift_api_quota_v1_ResourceQuotaStatusByNamespace(ref), - "github.com/openshift/api/route/v1.LocalObjectReference": schema_openshift_api_route_v1_LocalObjectReference(ref), - "github.com/openshift/api/route/v1.Route": schema_openshift_api_route_v1_Route(ref), - "github.com/openshift/api/route/v1.RouteHTTPHeader": schema_openshift_api_route_v1_RouteHTTPHeader(ref), - "github.com/openshift/api/route/v1.RouteHTTPHeaderActionUnion": schema_openshift_api_route_v1_RouteHTTPHeaderActionUnion(ref), - "github.com/openshift/api/route/v1.RouteHTTPHeaderActions": schema_openshift_api_route_v1_RouteHTTPHeaderActions(ref), - "github.com/openshift/api/route/v1.RouteHTTPHeaders": schema_openshift_api_route_v1_RouteHTTPHeaders(ref), - "github.com/openshift/api/route/v1.RouteIngress": schema_openshift_api_route_v1_RouteIngress(ref), - "github.com/openshift/api/route/v1.RouteIngressCondition": schema_openshift_api_route_v1_RouteIngressCondition(ref), - "github.com/openshift/api/route/v1.RouteList": schema_openshift_api_route_v1_RouteList(ref), - "github.com/openshift/api/route/v1.RoutePort": schema_openshift_api_route_v1_RoutePort(ref), - "github.com/openshift/api/route/v1.RouteSetHTTPHeader": schema_openshift_api_route_v1_RouteSetHTTPHeader(ref), - "github.com/openshift/api/route/v1.RouteSpec": schema_openshift_api_route_v1_RouteSpec(ref), - "github.com/openshift/api/route/v1.RouteStatus": schema_openshift_api_route_v1_RouteStatus(ref), - "github.com/openshift/api/route/v1.RouteTargetReference": schema_openshift_api_route_v1_RouteTargetReference(ref), - "github.com/openshift/api/route/v1.RouterShard": schema_openshift_api_route_v1_RouterShard(ref), - "github.com/openshift/api/route/v1.TLSConfig": schema_openshift_api_route_v1_TLSConfig(ref), - "github.com/openshift/api/samples/v1.Config": schema_openshift_api_samples_v1_Config(ref), - "github.com/openshift/api/samples/v1.ConfigCondition": schema_openshift_api_samples_v1_ConfigCondition(ref), - "github.com/openshift/api/samples/v1.ConfigList": schema_openshift_api_samples_v1_ConfigList(ref), - "github.com/openshift/api/samples/v1.ConfigSpec": schema_openshift_api_samples_v1_ConfigSpec(ref), - "github.com/openshift/api/samples/v1.ConfigStatus": schema_openshift_api_samples_v1_ConfigStatus(ref), - "github.com/openshift/api/security/v1.AllowedFlexVolume": schema_openshift_api_security_v1_AllowedFlexVolume(ref), - "github.com/openshift/api/security/v1.FSGroupStrategyOptions": schema_openshift_api_security_v1_FSGroupStrategyOptions(ref), - "github.com/openshift/api/security/v1.IDRange": schema_openshift_api_security_v1_IDRange(ref), - "github.com/openshift/api/security/v1.PodSecurityPolicyReview": schema_openshift_api_security_v1_PodSecurityPolicyReview(ref), - "github.com/openshift/api/security/v1.PodSecurityPolicyReviewSpec": schema_openshift_api_security_v1_PodSecurityPolicyReviewSpec(ref), - "github.com/openshift/api/security/v1.PodSecurityPolicyReviewStatus": schema_openshift_api_security_v1_PodSecurityPolicyReviewStatus(ref), - "github.com/openshift/api/security/v1.PodSecurityPolicySelfSubjectReview": schema_openshift_api_security_v1_PodSecurityPolicySelfSubjectReview(ref), - "github.com/openshift/api/security/v1.PodSecurityPolicySelfSubjectReviewSpec": schema_openshift_api_security_v1_PodSecurityPolicySelfSubjectReviewSpec(ref), - "github.com/openshift/api/security/v1.PodSecurityPolicySubjectReview": schema_openshift_api_security_v1_PodSecurityPolicySubjectReview(ref), - "github.com/openshift/api/security/v1.PodSecurityPolicySubjectReviewSpec": schema_openshift_api_security_v1_PodSecurityPolicySubjectReviewSpec(ref), - "github.com/openshift/api/security/v1.PodSecurityPolicySubjectReviewStatus": schema_openshift_api_security_v1_PodSecurityPolicySubjectReviewStatus(ref), - "github.com/openshift/api/security/v1.RangeAllocation": schema_openshift_api_security_v1_RangeAllocation(ref), - "github.com/openshift/api/security/v1.RangeAllocationList": schema_openshift_api_security_v1_RangeAllocationList(ref), - "github.com/openshift/api/security/v1.RunAsUserStrategyOptions": schema_openshift_api_security_v1_RunAsUserStrategyOptions(ref), - "github.com/openshift/api/security/v1.SELinuxContextStrategyOptions": schema_openshift_api_security_v1_SELinuxContextStrategyOptions(ref), - "github.com/openshift/api/security/v1.SecurityContextConstraints": schema_openshift_api_security_v1_SecurityContextConstraints(ref), - "github.com/openshift/api/security/v1.SecurityContextConstraintsList": schema_openshift_api_security_v1_SecurityContextConstraintsList(ref), - "github.com/openshift/api/security/v1.ServiceAccountPodSecurityPolicyReviewStatus": schema_openshift_api_security_v1_ServiceAccountPodSecurityPolicyReviewStatus(ref), - "github.com/openshift/api/security/v1.SupplementalGroupsStrategyOptions": schema_openshift_api_security_v1_SupplementalGroupsStrategyOptions(ref), - "github.com/openshift/api/securityinternal/v1.RangeAllocation": schema_openshift_api_securityinternal_v1_RangeAllocation(ref), - "github.com/openshift/api/securityinternal/v1.RangeAllocationList": schema_openshift_api_securityinternal_v1_RangeAllocationList(ref), - "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfig": schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorConfig(ref), - "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfigList": schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorConfigList(ref), - "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfigSpec": schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorConfigSpec(ref), - "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfigStatus": schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorConfigStatus(ref), - "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMap": schema_openshift_api_sharedresource_v1alpha1_SharedConfigMap(ref), - "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMapList": schema_openshift_api_sharedresource_v1alpha1_SharedConfigMapList(ref), - "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMapReference": schema_openshift_api_sharedresource_v1alpha1_SharedConfigMapReference(ref), - "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMapSpec": schema_openshift_api_sharedresource_v1alpha1_SharedConfigMapSpec(ref), - "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMapStatus": schema_openshift_api_sharedresource_v1alpha1_SharedConfigMapStatus(ref), - "github.com/openshift/api/sharedresource/v1alpha1.SharedSecret": schema_openshift_api_sharedresource_v1alpha1_SharedSecret(ref), - "github.com/openshift/api/sharedresource/v1alpha1.SharedSecretList": schema_openshift_api_sharedresource_v1alpha1_SharedSecretList(ref), - "github.com/openshift/api/sharedresource/v1alpha1.SharedSecretReference": schema_openshift_api_sharedresource_v1alpha1_SharedSecretReference(ref), - "github.com/openshift/api/sharedresource/v1alpha1.SharedSecretSpec": schema_openshift_api_sharedresource_v1alpha1_SharedSecretSpec(ref), - "github.com/openshift/api/sharedresource/v1alpha1.SharedSecretStatus": schema_openshift_api_sharedresource_v1alpha1_SharedSecretStatus(ref), - "github.com/openshift/api/template/v1.BrokerTemplateInstance": schema_openshift_api_template_v1_BrokerTemplateInstance(ref), - "github.com/openshift/api/template/v1.BrokerTemplateInstanceList": schema_openshift_api_template_v1_BrokerTemplateInstanceList(ref), - "github.com/openshift/api/template/v1.BrokerTemplateInstanceSpec": schema_openshift_api_template_v1_BrokerTemplateInstanceSpec(ref), - "github.com/openshift/api/template/v1.Parameter": schema_openshift_api_template_v1_Parameter(ref), - "github.com/openshift/api/template/v1.Template": schema_openshift_api_template_v1_Template(ref), - "github.com/openshift/api/template/v1.TemplateInstance": schema_openshift_api_template_v1_TemplateInstance(ref), - "github.com/openshift/api/template/v1.TemplateInstanceCondition": schema_openshift_api_template_v1_TemplateInstanceCondition(ref), - "github.com/openshift/api/template/v1.TemplateInstanceList": schema_openshift_api_template_v1_TemplateInstanceList(ref), - "github.com/openshift/api/template/v1.TemplateInstanceObject": schema_openshift_api_template_v1_TemplateInstanceObject(ref), - "github.com/openshift/api/template/v1.TemplateInstanceRequester": schema_openshift_api_template_v1_TemplateInstanceRequester(ref), - "github.com/openshift/api/template/v1.TemplateInstanceSpec": schema_openshift_api_template_v1_TemplateInstanceSpec(ref), - "github.com/openshift/api/template/v1.TemplateInstanceStatus": schema_openshift_api_template_v1_TemplateInstanceStatus(ref), - "github.com/openshift/api/template/v1.TemplateList": schema_openshift_api_template_v1_TemplateList(ref), - "github.com/openshift/api/user/v1.Group": schema_openshift_api_user_v1_Group(ref), - "github.com/openshift/api/user/v1.GroupList": schema_openshift_api_user_v1_GroupList(ref), - "github.com/openshift/api/user/v1.Identity": schema_openshift_api_user_v1_Identity(ref), - "github.com/openshift/api/user/v1.IdentityList": schema_openshift_api_user_v1_IdentityList(ref), - "github.com/openshift/api/user/v1.User": schema_openshift_api_user_v1_User(ref), - "github.com/openshift/api/user/v1.UserIdentityMapping": schema_openshift_api_user_v1_UserIdentityMapping(ref), - "github.com/openshift/api/user/v1.UserList": schema_openshift_api_user_v1_UserList(ref), - v1.AuditAnnotation{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_AuditAnnotation(ref), - v1.ExpressionWarning{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ExpressionWarning(ref), - v1.MatchCondition{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_MatchCondition(ref), - v1.MatchResources{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_MatchResources(ref), - v1.MutatingWebhook{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_MutatingWebhook(ref), - v1.MutatingWebhookConfiguration{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_MutatingWebhookConfiguration(ref), - v1.MutatingWebhookConfigurationList{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_MutatingWebhookConfigurationList(ref), - v1.NamedRuleWithOperations{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_NamedRuleWithOperations(ref), - v1.ParamKind{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ParamKind(ref), - v1.ParamRef{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ParamRef(ref), - v1.Rule{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_Rule(ref), - v1.RuleWithOperations{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_RuleWithOperations(ref), - v1.ServiceReference{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ServiceReference(ref), - v1.TypeChecking{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_TypeChecking(ref), - v1.ValidatingAdmissionPolicy{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicy(ref), - v1.ValidatingAdmissionPolicyBinding{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyBinding(ref), - v1.ValidatingAdmissionPolicyBindingList{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyBindingList(ref), - v1.ValidatingAdmissionPolicyBindingSpec{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyBindingSpec(ref), - v1.ValidatingAdmissionPolicyList{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyList(ref), - v1.ValidatingAdmissionPolicySpec{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicySpec(ref), - v1.ValidatingAdmissionPolicyStatus{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyStatus(ref), - v1.ValidatingWebhook{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ValidatingWebhook(ref), - v1.ValidatingWebhookConfiguration{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ValidatingWebhookConfiguration(ref), - v1.ValidatingWebhookConfigurationList{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ValidatingWebhookConfigurationList(ref), - v1.Validation{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_Validation(ref), - v1.Variable{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_Variable(ref), - v1.WebhookClientConfig{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_WebhookClientConfig(ref), - authorizationv1.FieldSelectorAttributes{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_FieldSelectorAttributes(ref), - authorizationv1.LabelSelectorAttributes{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_LabelSelectorAttributes(ref), - authorizationv1.LocalSubjectAccessReview{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_LocalSubjectAccessReview(ref), - authorizationv1.NonResourceAttributes{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_NonResourceAttributes(ref), - authorizationv1.NonResourceRule{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_NonResourceRule(ref), - authorizationv1.ResourceAttributes{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_ResourceAttributes(ref), - authorizationv1.ResourceRule{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_ResourceRule(ref), - authorizationv1.SelfSubjectAccessReview{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_SelfSubjectAccessReview(ref), - authorizationv1.SelfSubjectAccessReviewSpec{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_SelfSubjectAccessReviewSpec(ref), - authorizationv1.SelfSubjectRulesReview{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_SelfSubjectRulesReview(ref), - authorizationv1.SelfSubjectRulesReviewSpec{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_SelfSubjectRulesReviewSpec(ref), - authorizationv1.SubjectAccessReview{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_SubjectAccessReview(ref), - authorizationv1.SubjectAccessReviewSpec{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_SubjectAccessReviewSpec(ref), - authorizationv1.SubjectAccessReviewStatus{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_SubjectAccessReviewStatus(ref), - authorizationv1.SubjectRulesReviewStatus{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_SubjectRulesReviewStatus(ref), - corev1.AWSElasticBlockStoreVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_AWSElasticBlockStoreVolumeSource(ref), - corev1.Affinity{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Affinity(ref), - corev1.AppArmorProfile{}.OpenAPIModelName(): schema_k8sio_api_core_v1_AppArmorProfile(ref), - corev1.AttachedVolume{}.OpenAPIModelName(): schema_k8sio_api_core_v1_AttachedVolume(ref), - corev1.AvoidPods{}.OpenAPIModelName(): schema_k8sio_api_core_v1_AvoidPods(ref), - corev1.AzureDiskVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_AzureDiskVolumeSource(ref), - corev1.AzureFilePersistentVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_AzureFilePersistentVolumeSource(ref), - corev1.AzureFileVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_AzureFileVolumeSource(ref), - corev1.Binding{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Binding(ref), - corev1.CSIPersistentVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_CSIPersistentVolumeSource(ref), - corev1.CSIVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_CSIVolumeSource(ref), - corev1.Capabilities{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Capabilities(ref), - corev1.CephFSPersistentVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_CephFSPersistentVolumeSource(ref), - corev1.CephFSVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_CephFSVolumeSource(ref), - corev1.CinderPersistentVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_CinderPersistentVolumeSource(ref), - corev1.CinderVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_CinderVolumeSource(ref), - corev1.ClientIPConfig{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ClientIPConfig(ref), - corev1.ClusterTrustBundleProjection{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ClusterTrustBundleProjection(ref), - corev1.ComponentCondition{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ComponentCondition(ref), - corev1.ComponentStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ComponentStatus(ref), - corev1.ComponentStatusList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ComponentStatusList(ref), - corev1.ConfigMap{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ConfigMap(ref), - corev1.ConfigMapEnvSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ConfigMapEnvSource(ref), - corev1.ConfigMapKeySelector{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ConfigMapKeySelector(ref), - corev1.ConfigMapList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ConfigMapList(ref), - corev1.ConfigMapNodeConfigSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ConfigMapNodeConfigSource(ref), - corev1.ConfigMapProjection{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ConfigMapProjection(ref), - corev1.ConfigMapVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ConfigMapVolumeSource(ref), - corev1.Container{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Container(ref), - corev1.ContainerExtendedResourceRequest{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ContainerExtendedResourceRequest(ref), - corev1.ContainerImage{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ContainerImage(ref), - corev1.ContainerPort{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ContainerPort(ref), - corev1.ContainerResizePolicy{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ContainerResizePolicy(ref), - corev1.ContainerRestartRule{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ContainerRestartRule(ref), - corev1.ContainerRestartRuleOnExitCodes{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ContainerRestartRuleOnExitCodes(ref), - corev1.ContainerState{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ContainerState(ref), - corev1.ContainerStateRunning{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ContainerStateRunning(ref), - corev1.ContainerStateTerminated{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ContainerStateTerminated(ref), - corev1.ContainerStateWaiting{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ContainerStateWaiting(ref), - corev1.ContainerStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ContainerStatus(ref), - corev1.ContainerUser{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ContainerUser(ref), - corev1.DaemonEndpoint{}.OpenAPIModelName(): schema_k8sio_api_core_v1_DaemonEndpoint(ref), - corev1.DownwardAPIProjection{}.OpenAPIModelName(): schema_k8sio_api_core_v1_DownwardAPIProjection(ref), - corev1.DownwardAPIVolumeFile{}.OpenAPIModelName(): schema_k8sio_api_core_v1_DownwardAPIVolumeFile(ref), - corev1.DownwardAPIVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_DownwardAPIVolumeSource(ref), - corev1.EmptyDirVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EmptyDirVolumeSource(ref), - corev1.EndpointAddress{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EndpointAddress(ref), - corev1.EndpointPort{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EndpointPort(ref), - corev1.EndpointSubset{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EndpointSubset(ref), - corev1.Endpoints{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Endpoints(ref), - corev1.EndpointsList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EndpointsList(ref), - corev1.EnvFromSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EnvFromSource(ref), - corev1.EnvVar{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EnvVar(ref), - corev1.EnvVarSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EnvVarSource(ref), - corev1.EphemeralContainer{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EphemeralContainer(ref), - corev1.EphemeralContainerCommon{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EphemeralContainerCommon(ref), - corev1.EphemeralVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EphemeralVolumeSource(ref), - corev1.Event{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Event(ref), - corev1.EventList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EventList(ref), - corev1.EventSeries{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EventSeries(ref), - corev1.EventSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EventSource(ref), - corev1.ExecAction{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ExecAction(ref), - corev1.FCVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_FCVolumeSource(ref), - corev1.FileKeySelector{}.OpenAPIModelName(): schema_k8sio_api_core_v1_FileKeySelector(ref), - corev1.FlexPersistentVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_FlexPersistentVolumeSource(ref), - corev1.FlexVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_FlexVolumeSource(ref), - corev1.FlockerVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_FlockerVolumeSource(ref), - corev1.GCEPersistentDiskVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_GCEPersistentDiskVolumeSource(ref), - corev1.GRPCAction{}.OpenAPIModelName(): schema_k8sio_api_core_v1_GRPCAction(ref), - corev1.GitRepoVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_GitRepoVolumeSource(ref), - corev1.GlusterfsPersistentVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_GlusterfsPersistentVolumeSource(ref), - corev1.GlusterfsVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_GlusterfsVolumeSource(ref), - corev1.HTTPGetAction{}.OpenAPIModelName(): schema_k8sio_api_core_v1_HTTPGetAction(ref), - corev1.HTTPHeader{}.OpenAPIModelName(): schema_k8sio_api_core_v1_HTTPHeader(ref), - corev1.HostAlias{}.OpenAPIModelName(): schema_k8sio_api_core_v1_HostAlias(ref), - corev1.HostIP{}.OpenAPIModelName(): schema_k8sio_api_core_v1_HostIP(ref), - corev1.HostPathVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_HostPathVolumeSource(ref), - corev1.ISCSIPersistentVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ISCSIPersistentVolumeSource(ref), - corev1.ISCSIVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ISCSIVolumeSource(ref), - corev1.ImageVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ImageVolumeSource(ref), - corev1.KeyToPath{}.OpenAPIModelName(): schema_k8sio_api_core_v1_KeyToPath(ref), - corev1.Lifecycle{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Lifecycle(ref), - corev1.LifecycleHandler{}.OpenAPIModelName(): schema_k8sio_api_core_v1_LifecycleHandler(ref), - corev1.LimitRange{}.OpenAPIModelName(): schema_k8sio_api_core_v1_LimitRange(ref), - corev1.LimitRangeItem{}.OpenAPIModelName(): schema_k8sio_api_core_v1_LimitRangeItem(ref), - corev1.LimitRangeList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_LimitRangeList(ref), - corev1.LimitRangeSpec{}.OpenAPIModelName(): schema_k8sio_api_core_v1_LimitRangeSpec(ref), - corev1.LinuxContainerUser{}.OpenAPIModelName(): schema_k8sio_api_core_v1_LinuxContainerUser(ref), - corev1.List{}.OpenAPIModelName(): schema_k8sio_api_core_v1_List(ref), - corev1.LoadBalancerIngress{}.OpenAPIModelName(): schema_k8sio_api_core_v1_LoadBalancerIngress(ref), - corev1.LoadBalancerStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_LoadBalancerStatus(ref), - corev1.LocalObjectReference{}.OpenAPIModelName(): schema_k8sio_api_core_v1_LocalObjectReference(ref), - corev1.LocalVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_LocalVolumeSource(ref), - corev1.ModifyVolumeStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ModifyVolumeStatus(ref), - corev1.NFSVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NFSVolumeSource(ref), - corev1.Namespace{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Namespace(ref), - corev1.NamespaceCondition{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NamespaceCondition(ref), - corev1.NamespaceList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NamespaceList(ref), - corev1.NamespaceSpec{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NamespaceSpec(ref), - corev1.NamespaceStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NamespaceStatus(ref), - corev1.Node{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Node(ref), - corev1.NodeAddress{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeAddress(ref), - corev1.NodeAffinity{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeAffinity(ref), - corev1.NodeCondition{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeCondition(ref), - corev1.NodeConfigSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeConfigSource(ref), - corev1.NodeConfigStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeConfigStatus(ref), - corev1.NodeDaemonEndpoints{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeDaemonEndpoints(ref), - corev1.NodeFeatures{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeFeatures(ref), - corev1.NodeList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeList(ref), - corev1.NodeProxyOptions{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeProxyOptions(ref), - corev1.NodeRuntimeHandler{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeRuntimeHandler(ref), - corev1.NodeRuntimeHandlerFeatures{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeRuntimeHandlerFeatures(ref), - corev1.NodeSelector{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeSelector(ref), - corev1.NodeSelectorRequirement{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeSelectorRequirement(ref), - corev1.NodeSelectorTerm{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeSelectorTerm(ref), - corev1.NodeSpec{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeSpec(ref), - corev1.NodeStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeStatus(ref), - corev1.NodeSwapStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeSwapStatus(ref), - corev1.NodeSystemInfo{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeSystemInfo(ref), - corev1.ObjectFieldSelector{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ObjectFieldSelector(ref), - corev1.ObjectReference{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ObjectReference(ref), - corev1.PersistentVolume{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PersistentVolume(ref), - corev1.PersistentVolumeClaim{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PersistentVolumeClaim(ref), - corev1.PersistentVolumeClaimCondition{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PersistentVolumeClaimCondition(ref), - corev1.PersistentVolumeClaimList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PersistentVolumeClaimList(ref), - corev1.PersistentVolumeClaimSpec{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PersistentVolumeClaimSpec(ref), - corev1.PersistentVolumeClaimStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PersistentVolumeClaimStatus(ref), - corev1.PersistentVolumeClaimTemplate{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PersistentVolumeClaimTemplate(ref), - corev1.PersistentVolumeClaimVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PersistentVolumeClaimVolumeSource(ref), - corev1.PersistentVolumeList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PersistentVolumeList(ref), - corev1.PersistentVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PersistentVolumeSource(ref), - corev1.PersistentVolumeSpec{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PersistentVolumeSpec(ref), - corev1.PersistentVolumeStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PersistentVolumeStatus(ref), - corev1.PhotonPersistentDiskVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PhotonPersistentDiskVolumeSource(ref), - corev1.Pod{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Pod(ref), - corev1.PodAffinity{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodAffinity(ref), - corev1.PodAffinityTerm{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodAffinityTerm(ref), - corev1.PodAntiAffinity{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodAntiAffinity(ref), - corev1.PodAttachOptions{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodAttachOptions(ref), - corev1.PodCertificateProjection{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodCertificateProjection(ref), - corev1.PodCondition{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodCondition(ref), - corev1.PodDNSConfig{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodDNSConfig(ref), - corev1.PodDNSConfigOption{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodDNSConfigOption(ref), - corev1.PodExecOptions{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodExecOptions(ref), - corev1.PodExtendedResourceClaimStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodExtendedResourceClaimStatus(ref), - corev1.PodIP{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodIP(ref), - corev1.PodList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodList(ref), - corev1.PodLogOptions{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodLogOptions(ref), - corev1.PodOS{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodOS(ref), - corev1.PodPortForwardOptions{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodPortForwardOptions(ref), - corev1.PodProxyOptions{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodProxyOptions(ref), - corev1.PodReadinessGate{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodReadinessGate(ref), - corev1.PodResourceClaim{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodResourceClaim(ref), - corev1.PodResourceClaimStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodResourceClaimStatus(ref), - corev1.PodSchedulingGate{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodSchedulingGate(ref), - corev1.PodSecurityContext{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodSecurityContext(ref), - corev1.PodSignature{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodSignature(ref), - corev1.PodSpec{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodSpec(ref), - corev1.PodStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodStatus(ref), - corev1.PodStatusResult{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodStatusResult(ref), - corev1.PodTemplate{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodTemplate(ref), - corev1.PodTemplateList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodTemplateList(ref), - corev1.PodTemplateSpec{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodTemplateSpec(ref), - corev1.PortStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PortStatus(ref), - corev1.PortworxVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PortworxVolumeSource(ref), - corev1.PreferAvoidPodsEntry{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PreferAvoidPodsEntry(ref), - corev1.PreferredSchedulingTerm{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PreferredSchedulingTerm(ref), - corev1.Probe{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Probe(ref), - corev1.ProbeHandler{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ProbeHandler(ref), - corev1.ProjectedVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ProjectedVolumeSource(ref), - corev1.QuobyteVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_QuobyteVolumeSource(ref), - corev1.RBDPersistentVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_RBDPersistentVolumeSource(ref), - corev1.RBDVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_RBDVolumeSource(ref), - corev1.RangeAllocation{}.OpenAPIModelName(): schema_k8sio_api_core_v1_RangeAllocation(ref), - corev1.ReplicationController{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ReplicationController(ref), - corev1.ReplicationControllerCondition{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ReplicationControllerCondition(ref), - corev1.ReplicationControllerList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ReplicationControllerList(ref), - corev1.ReplicationControllerSpec{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ReplicationControllerSpec(ref), - corev1.ReplicationControllerStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ReplicationControllerStatus(ref), - corev1.ResourceClaim{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ResourceClaim(ref), - corev1.ResourceFieldSelector{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ResourceFieldSelector(ref), - corev1.ResourceHealth{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ResourceHealth(ref), - corev1.ResourceQuota{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ResourceQuota(ref), - corev1.ResourceQuotaList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ResourceQuotaList(ref), - corev1.ResourceQuotaSpec{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ResourceQuotaSpec(ref), - corev1.ResourceQuotaStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ResourceQuotaStatus(ref), - corev1.ResourceRequirements{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ResourceRequirements(ref), - corev1.ResourceStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ResourceStatus(ref), - corev1.SELinuxOptions{}.OpenAPIModelName(): schema_k8sio_api_core_v1_SELinuxOptions(ref), - corev1.ScaleIOPersistentVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ScaleIOPersistentVolumeSource(ref), - corev1.ScaleIOVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ScaleIOVolumeSource(ref), - corev1.ScopeSelector{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ScopeSelector(ref), - corev1.ScopedResourceSelectorRequirement{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ScopedResourceSelectorRequirement(ref), - corev1.SeccompProfile{}.OpenAPIModelName(): schema_k8sio_api_core_v1_SeccompProfile(ref), - corev1.Secret{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Secret(ref), - corev1.SecretEnvSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_SecretEnvSource(ref), - corev1.SecretKeySelector{}.OpenAPIModelName(): schema_k8sio_api_core_v1_SecretKeySelector(ref), - corev1.SecretList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_SecretList(ref), - corev1.SecretProjection{}.OpenAPIModelName(): schema_k8sio_api_core_v1_SecretProjection(ref), - corev1.SecretReference{}.OpenAPIModelName(): schema_k8sio_api_core_v1_SecretReference(ref), - corev1.SecretVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_SecretVolumeSource(ref), - corev1.SecurityContext{}.OpenAPIModelName(): schema_k8sio_api_core_v1_SecurityContext(ref), - corev1.SerializedReference{}.OpenAPIModelName(): schema_k8sio_api_core_v1_SerializedReference(ref), - corev1.Service{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Service(ref), - corev1.ServiceAccount{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ServiceAccount(ref), - corev1.ServiceAccountList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ServiceAccountList(ref), - corev1.ServiceAccountTokenProjection{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ServiceAccountTokenProjection(ref), - corev1.ServiceList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ServiceList(ref), - corev1.ServicePort{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ServicePort(ref), - corev1.ServiceProxyOptions{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ServiceProxyOptions(ref), - corev1.ServiceSpec{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ServiceSpec(ref), - corev1.ServiceStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ServiceStatus(ref), - corev1.SessionAffinityConfig{}.OpenAPIModelName(): schema_k8sio_api_core_v1_SessionAffinityConfig(ref), - corev1.SleepAction{}.OpenAPIModelName(): schema_k8sio_api_core_v1_SleepAction(ref), - corev1.StorageOSPersistentVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_StorageOSPersistentVolumeSource(ref), - corev1.StorageOSVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_StorageOSVolumeSource(ref), - corev1.Sysctl{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Sysctl(ref), - corev1.TCPSocketAction{}.OpenAPIModelName(): schema_k8sio_api_core_v1_TCPSocketAction(ref), - corev1.Taint{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Taint(ref), - corev1.Toleration{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Toleration(ref), - corev1.TopologySelectorLabelRequirement{}.OpenAPIModelName(): schema_k8sio_api_core_v1_TopologySelectorLabelRequirement(ref), - corev1.TopologySelectorTerm{}.OpenAPIModelName(): schema_k8sio_api_core_v1_TopologySelectorTerm(ref), - corev1.TopologySpreadConstraint{}.OpenAPIModelName(): schema_k8sio_api_core_v1_TopologySpreadConstraint(ref), - corev1.TypedLocalObjectReference{}.OpenAPIModelName(): schema_k8sio_api_core_v1_TypedLocalObjectReference(ref), - corev1.TypedObjectReference{}.OpenAPIModelName(): schema_k8sio_api_core_v1_TypedObjectReference(ref), - corev1.Volume{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Volume(ref), - corev1.VolumeDevice{}.OpenAPIModelName(): schema_k8sio_api_core_v1_VolumeDevice(ref), - corev1.VolumeMount{}.OpenAPIModelName(): schema_k8sio_api_core_v1_VolumeMount(ref), - corev1.VolumeMountStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_VolumeMountStatus(ref), - corev1.VolumeNodeAffinity{}.OpenAPIModelName(): schema_k8sio_api_core_v1_VolumeNodeAffinity(ref), - corev1.VolumeProjection{}.OpenAPIModelName(): schema_k8sio_api_core_v1_VolumeProjection(ref), - corev1.VolumeResourceRequirements{}.OpenAPIModelName(): schema_k8sio_api_core_v1_VolumeResourceRequirements(ref), - corev1.VolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_VolumeSource(ref), - corev1.VsphereVirtualDiskVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_VsphereVirtualDiskVolumeSource(ref), - corev1.WeightedPodAffinityTerm{}.OpenAPIModelName(): schema_k8sio_api_core_v1_WeightedPodAffinityTerm(ref), - corev1.WindowsSecurityContextOptions{}.OpenAPIModelName(): schema_k8sio_api_core_v1_WindowsSecurityContextOptions(ref), - corev1.WorkloadReference{}.OpenAPIModelName(): schema_k8sio_api_core_v1_WorkloadReference(ref), - rbacv1.AggregationRule{}.OpenAPIModelName(): schema_k8sio_api_rbac_v1_AggregationRule(ref), - rbacv1.ClusterRole{}.OpenAPIModelName(): schema_k8sio_api_rbac_v1_ClusterRole(ref), - rbacv1.ClusterRoleBinding{}.OpenAPIModelName(): schema_k8sio_api_rbac_v1_ClusterRoleBinding(ref), - rbacv1.ClusterRoleBindingList{}.OpenAPIModelName(): schema_k8sio_api_rbac_v1_ClusterRoleBindingList(ref), - rbacv1.ClusterRoleList{}.OpenAPIModelName(): schema_k8sio_api_rbac_v1_ClusterRoleList(ref), - rbacv1.PolicyRule{}.OpenAPIModelName(): schema_k8sio_api_rbac_v1_PolicyRule(ref), - rbacv1.Role{}.OpenAPIModelName(): schema_k8sio_api_rbac_v1_Role(ref), - rbacv1.RoleBinding{}.OpenAPIModelName(): schema_k8sio_api_rbac_v1_RoleBinding(ref), - rbacv1.RoleBindingList{}.OpenAPIModelName(): schema_k8sio_api_rbac_v1_RoleBindingList(ref), - rbacv1.RoleList{}.OpenAPIModelName(): schema_k8sio_api_rbac_v1_RoleList(ref), - rbacv1.RoleRef{}.OpenAPIModelName(): schema_k8sio_api_rbac_v1_RoleRef(ref), - rbacv1.Subject{}.OpenAPIModelName(): schema_k8sio_api_rbac_v1_Subject(ref), - resource.Quantity{}.OpenAPIModelName(): schema_apimachinery_pkg_api_resource_Quantity(ref), - metav1.APIGroup{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_APIGroup(ref), - metav1.APIGroupList{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_APIGroupList(ref), - metav1.APIResource{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_APIResource(ref), - metav1.APIResourceList{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_APIResourceList(ref), - metav1.APIVersions{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_APIVersions(ref), - metav1.ApplyOptions{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_ApplyOptions(ref), - metav1.Condition{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_Condition(ref), - metav1.CreateOptions{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_CreateOptions(ref), - metav1.DeleteOptions{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_DeleteOptions(ref), - metav1.Duration{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_Duration(ref), - metav1.FieldSelectorRequirement{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_FieldSelectorRequirement(ref), - metav1.FieldsV1{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_FieldsV1(ref), - metav1.GetOptions{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_GetOptions(ref), - metav1.GroupKind{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_GroupKind(ref), - metav1.GroupResource{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_GroupResource(ref), - metav1.GroupVersion{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_GroupVersion(ref), - metav1.GroupVersionForDiscovery{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_GroupVersionForDiscovery(ref), - metav1.GroupVersionKind{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_GroupVersionKind(ref), - metav1.GroupVersionResource{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_GroupVersionResource(ref), - metav1.InternalEvent{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_InternalEvent(ref), - metav1.LabelSelector{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_LabelSelector(ref), - metav1.LabelSelectorRequirement{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_LabelSelectorRequirement(ref), - metav1.List{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_List(ref), - metav1.ListMeta{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_ListMeta(ref), - metav1.ListOptions{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_ListOptions(ref), - metav1.ManagedFieldsEntry{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_ManagedFieldsEntry(ref), - metav1.MicroTime{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_MicroTime(ref), - metav1.ObjectMeta{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_ObjectMeta(ref), - metav1.OwnerReference{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_OwnerReference(ref), - metav1.PartialObjectMetadata{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_PartialObjectMetadata(ref), - metav1.PartialObjectMetadataList{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_PartialObjectMetadataList(ref), - metav1.Patch{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_Patch(ref), - metav1.PatchOptions{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_PatchOptions(ref), - metav1.Preconditions{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_Preconditions(ref), - metav1.RootPaths{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_RootPaths(ref), - metav1.ServerAddressByClientCIDR{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_ServerAddressByClientCIDR(ref), - metav1.Status{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_Status(ref), - metav1.StatusCause{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_StatusCause(ref), - metav1.StatusDetails{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_StatusDetails(ref), - metav1.Table{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_Table(ref), - metav1.TableColumnDefinition{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_TableColumnDefinition(ref), - metav1.TableOptions{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_TableOptions(ref), - metav1.TableRow{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_TableRow(ref), - metav1.TableRowCondition{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_TableRowCondition(ref), - metav1.Time{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_Time(ref), - metav1.Timestamp{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_Timestamp(ref), - metav1.TypeMeta{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_TypeMeta(ref), - metav1.UpdateOptions{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_UpdateOptions(ref), - metav1.WatchEvent{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_WatchEvent(ref), - runtime.RawExtension{}.OpenAPIModelName(): schema_k8sio_apimachinery_pkg_runtime_RawExtension(ref), - runtime.TypeMeta{}.OpenAPIModelName(): schema_k8sio_apimachinery_pkg_runtime_TypeMeta(ref), - runtime.Unknown{}.OpenAPIModelName(): schema_k8sio_apimachinery_pkg_runtime_Unknown(ref), - intstr.IntOrString{}.OpenAPIModelName(): schema_apimachinery_pkg_util_intstr_IntOrString(ref), + "github.com/openshift/api/apiextensions/v1alpha1.APIExcludedField": schema_openshift_api_apiextensions_v1alpha1_APIExcludedField(ref), + "github.com/openshift/api/apiextensions/v1alpha1.APIVersions": schema_openshift_api_apiextensions_v1alpha1_APIVersions(ref), + "github.com/openshift/api/apiextensions/v1alpha1.CRDData": schema_openshift_api_apiextensions_v1alpha1_CRDData(ref), + "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirement": schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirement(ref), + "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirementList": schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirementList(ref), + "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirementSpec": schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirementSpec(ref), + "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirementStatus": schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirementStatus(ref), + "github.com/openshift/api/apiextensions/v1alpha1.CompatibilitySchema": schema_openshift_api_apiextensions_v1alpha1_CompatibilitySchema(ref), + "github.com/openshift/api/apiextensions/v1alpha1.CustomResourceDefinitionSchemaValidation": schema_openshift_api_apiextensions_v1alpha1_CustomResourceDefinitionSchemaValidation(ref), + "github.com/openshift/api/apiextensions/v1alpha1.ObjectSchemaValidation": schema_openshift_api_apiextensions_v1alpha1_ObjectSchemaValidation(ref), + "github.com/openshift/api/apiextensions/v1alpha1.ObservedCRD": schema_openshift_api_apiextensions_v1alpha1_ObservedCRD(ref), + "github.com/openshift/api/apiserver/v1.APIRequestCount": schema_openshift_api_apiserver_v1_APIRequestCount(ref), + "github.com/openshift/api/apiserver/v1.APIRequestCountList": schema_openshift_api_apiserver_v1_APIRequestCountList(ref), + "github.com/openshift/api/apiserver/v1.APIRequestCountSpec": schema_openshift_api_apiserver_v1_APIRequestCountSpec(ref), + "github.com/openshift/api/apiserver/v1.APIRequestCountStatus": schema_openshift_api_apiserver_v1_APIRequestCountStatus(ref), + "github.com/openshift/api/apiserver/v1.PerNodeAPIRequestLog": schema_openshift_api_apiserver_v1_PerNodeAPIRequestLog(ref), + "github.com/openshift/api/apiserver/v1.PerResourceAPIRequestLog": schema_openshift_api_apiserver_v1_PerResourceAPIRequestLog(ref), + "github.com/openshift/api/apiserver/v1.PerUserAPIRequestCount": schema_openshift_api_apiserver_v1_PerUserAPIRequestCount(ref), + "github.com/openshift/api/apiserver/v1.PerVerbAPIRequestCount": schema_openshift_api_apiserver_v1_PerVerbAPIRequestCount(ref), + "github.com/openshift/api/apps/v1.CustomDeploymentStrategyParams": schema_openshift_api_apps_v1_CustomDeploymentStrategyParams(ref), + "github.com/openshift/api/apps/v1.DeploymentCause": schema_openshift_api_apps_v1_DeploymentCause(ref), + "github.com/openshift/api/apps/v1.DeploymentCauseImageTrigger": schema_openshift_api_apps_v1_DeploymentCauseImageTrigger(ref), + "github.com/openshift/api/apps/v1.DeploymentCondition": schema_openshift_api_apps_v1_DeploymentCondition(ref), + "github.com/openshift/api/apps/v1.DeploymentConfig": schema_openshift_api_apps_v1_DeploymentConfig(ref), + "github.com/openshift/api/apps/v1.DeploymentConfigList": schema_openshift_api_apps_v1_DeploymentConfigList(ref), + "github.com/openshift/api/apps/v1.DeploymentConfigRollback": schema_openshift_api_apps_v1_DeploymentConfigRollback(ref), + "github.com/openshift/api/apps/v1.DeploymentConfigRollbackSpec": schema_openshift_api_apps_v1_DeploymentConfigRollbackSpec(ref), + "github.com/openshift/api/apps/v1.DeploymentConfigSpec": schema_openshift_api_apps_v1_DeploymentConfigSpec(ref), + "github.com/openshift/api/apps/v1.DeploymentConfigStatus": schema_openshift_api_apps_v1_DeploymentConfigStatus(ref), + "github.com/openshift/api/apps/v1.DeploymentDetails": schema_openshift_api_apps_v1_DeploymentDetails(ref), + "github.com/openshift/api/apps/v1.DeploymentLog": schema_openshift_api_apps_v1_DeploymentLog(ref), + "github.com/openshift/api/apps/v1.DeploymentLogOptions": schema_openshift_api_apps_v1_DeploymentLogOptions(ref), + "github.com/openshift/api/apps/v1.DeploymentRequest": schema_openshift_api_apps_v1_DeploymentRequest(ref), + "github.com/openshift/api/apps/v1.DeploymentStrategy": schema_openshift_api_apps_v1_DeploymentStrategy(ref), + "github.com/openshift/api/apps/v1.DeploymentTriggerImageChangeParams": schema_openshift_api_apps_v1_DeploymentTriggerImageChangeParams(ref), + "github.com/openshift/api/apps/v1.DeploymentTriggerPolicy": schema_openshift_api_apps_v1_DeploymentTriggerPolicy(ref), + "github.com/openshift/api/apps/v1.ExecNewPodHook": schema_openshift_api_apps_v1_ExecNewPodHook(ref), + "github.com/openshift/api/apps/v1.LifecycleHook": schema_openshift_api_apps_v1_LifecycleHook(ref), + "github.com/openshift/api/apps/v1.RecreateDeploymentStrategyParams": schema_openshift_api_apps_v1_RecreateDeploymentStrategyParams(ref), + "github.com/openshift/api/apps/v1.RollingDeploymentStrategyParams": schema_openshift_api_apps_v1_RollingDeploymentStrategyParams(ref), + "github.com/openshift/api/apps/v1.TagImageHook": schema_openshift_api_apps_v1_TagImageHook(ref), + "github.com/openshift/api/authorization/v1.Action": schema_openshift_api_authorization_v1_Action(ref), + "github.com/openshift/api/authorization/v1.ClusterRole": schema_openshift_api_authorization_v1_ClusterRole(ref), + "github.com/openshift/api/authorization/v1.ClusterRoleBinding": schema_openshift_api_authorization_v1_ClusterRoleBinding(ref), + "github.com/openshift/api/authorization/v1.ClusterRoleBindingList": schema_openshift_api_authorization_v1_ClusterRoleBindingList(ref), + "github.com/openshift/api/authorization/v1.ClusterRoleList": schema_openshift_api_authorization_v1_ClusterRoleList(ref), + "github.com/openshift/api/authorization/v1.GroupRestriction": schema_openshift_api_authorization_v1_GroupRestriction(ref), + "github.com/openshift/api/authorization/v1.IsPersonalSubjectAccessReview": schema_openshift_api_authorization_v1_IsPersonalSubjectAccessReview(ref), + "github.com/openshift/api/authorization/v1.LocalResourceAccessReview": schema_openshift_api_authorization_v1_LocalResourceAccessReview(ref), + "github.com/openshift/api/authorization/v1.LocalSubjectAccessReview": schema_openshift_api_authorization_v1_LocalSubjectAccessReview(ref), + "github.com/openshift/api/authorization/v1.NamedClusterRole": schema_openshift_api_authorization_v1_NamedClusterRole(ref), + "github.com/openshift/api/authorization/v1.NamedClusterRoleBinding": schema_openshift_api_authorization_v1_NamedClusterRoleBinding(ref), + "github.com/openshift/api/authorization/v1.NamedRole": schema_openshift_api_authorization_v1_NamedRole(ref), + "github.com/openshift/api/authorization/v1.NamedRoleBinding": schema_openshift_api_authorization_v1_NamedRoleBinding(ref), + "github.com/openshift/api/authorization/v1.PolicyRule": schema_openshift_api_authorization_v1_PolicyRule(ref), + "github.com/openshift/api/authorization/v1.ResourceAccessReview": schema_openshift_api_authorization_v1_ResourceAccessReview(ref), + "github.com/openshift/api/authorization/v1.ResourceAccessReviewResponse": schema_openshift_api_authorization_v1_ResourceAccessReviewResponse(ref), + "github.com/openshift/api/authorization/v1.Role": schema_openshift_api_authorization_v1_Role(ref), + "github.com/openshift/api/authorization/v1.RoleBinding": schema_openshift_api_authorization_v1_RoleBinding(ref), + "github.com/openshift/api/authorization/v1.RoleBindingList": schema_openshift_api_authorization_v1_RoleBindingList(ref), + "github.com/openshift/api/authorization/v1.RoleBindingRestriction": schema_openshift_api_authorization_v1_RoleBindingRestriction(ref), + "github.com/openshift/api/authorization/v1.RoleBindingRestrictionList": schema_openshift_api_authorization_v1_RoleBindingRestrictionList(ref), + "github.com/openshift/api/authorization/v1.RoleBindingRestrictionSpec": schema_openshift_api_authorization_v1_RoleBindingRestrictionSpec(ref), + "github.com/openshift/api/authorization/v1.RoleList": schema_openshift_api_authorization_v1_RoleList(ref), + "github.com/openshift/api/authorization/v1.SelfSubjectRulesReview": schema_openshift_api_authorization_v1_SelfSubjectRulesReview(ref), + "github.com/openshift/api/authorization/v1.SelfSubjectRulesReviewSpec": schema_openshift_api_authorization_v1_SelfSubjectRulesReviewSpec(ref), + "github.com/openshift/api/authorization/v1.ServiceAccountReference": schema_openshift_api_authorization_v1_ServiceAccountReference(ref), + "github.com/openshift/api/authorization/v1.ServiceAccountRestriction": schema_openshift_api_authorization_v1_ServiceAccountRestriction(ref), + "github.com/openshift/api/authorization/v1.SubjectAccessReview": schema_openshift_api_authorization_v1_SubjectAccessReview(ref), + "github.com/openshift/api/authorization/v1.SubjectAccessReviewResponse": schema_openshift_api_authorization_v1_SubjectAccessReviewResponse(ref), + "github.com/openshift/api/authorization/v1.SubjectRulesReview": schema_openshift_api_authorization_v1_SubjectRulesReview(ref), + "github.com/openshift/api/authorization/v1.SubjectRulesReviewSpec": schema_openshift_api_authorization_v1_SubjectRulesReviewSpec(ref), + "github.com/openshift/api/authorization/v1.SubjectRulesReviewStatus": schema_openshift_api_authorization_v1_SubjectRulesReviewStatus(ref), + "github.com/openshift/api/authorization/v1.UserRestriction": schema_openshift_api_authorization_v1_UserRestriction(ref), + "github.com/openshift/api/build/v1.BinaryBuildRequestOptions": schema_openshift_api_build_v1_BinaryBuildRequestOptions(ref), + "github.com/openshift/api/build/v1.BinaryBuildSource": schema_openshift_api_build_v1_BinaryBuildSource(ref), + "github.com/openshift/api/build/v1.BitbucketWebHookCause": schema_openshift_api_build_v1_BitbucketWebHookCause(ref), + "github.com/openshift/api/build/v1.Build": schema_openshift_api_build_v1_Build(ref), + "github.com/openshift/api/build/v1.BuildCondition": schema_openshift_api_build_v1_BuildCondition(ref), + "github.com/openshift/api/build/v1.BuildConfig": schema_openshift_api_build_v1_BuildConfig(ref), + "github.com/openshift/api/build/v1.BuildConfigList": schema_openshift_api_build_v1_BuildConfigList(ref), + "github.com/openshift/api/build/v1.BuildConfigSpec": schema_openshift_api_build_v1_BuildConfigSpec(ref), + "github.com/openshift/api/build/v1.BuildConfigStatus": schema_openshift_api_build_v1_BuildConfigStatus(ref), + "github.com/openshift/api/build/v1.BuildList": schema_openshift_api_build_v1_BuildList(ref), + "github.com/openshift/api/build/v1.BuildLog": schema_openshift_api_build_v1_BuildLog(ref), + "github.com/openshift/api/build/v1.BuildLogOptions": schema_openshift_api_build_v1_BuildLogOptions(ref), + "github.com/openshift/api/build/v1.BuildOutput": schema_openshift_api_build_v1_BuildOutput(ref), + "github.com/openshift/api/build/v1.BuildPostCommitSpec": schema_openshift_api_build_v1_BuildPostCommitSpec(ref), + "github.com/openshift/api/build/v1.BuildRequest": schema_openshift_api_build_v1_BuildRequest(ref), + "github.com/openshift/api/build/v1.BuildSource": schema_openshift_api_build_v1_BuildSource(ref), + "github.com/openshift/api/build/v1.BuildSpec": schema_openshift_api_build_v1_BuildSpec(ref), + "github.com/openshift/api/build/v1.BuildStatus": schema_openshift_api_build_v1_BuildStatus(ref), + "github.com/openshift/api/build/v1.BuildStatusOutput": schema_openshift_api_build_v1_BuildStatusOutput(ref), + "github.com/openshift/api/build/v1.BuildStatusOutputTo": schema_openshift_api_build_v1_BuildStatusOutputTo(ref), + "github.com/openshift/api/build/v1.BuildStrategy": schema_openshift_api_build_v1_BuildStrategy(ref), + "github.com/openshift/api/build/v1.BuildTriggerCause": schema_openshift_api_build_v1_BuildTriggerCause(ref), + "github.com/openshift/api/build/v1.BuildTriggerPolicy": schema_openshift_api_build_v1_BuildTriggerPolicy(ref), + "github.com/openshift/api/build/v1.BuildVolume": schema_openshift_api_build_v1_BuildVolume(ref), + "github.com/openshift/api/build/v1.BuildVolumeMount": schema_openshift_api_build_v1_BuildVolumeMount(ref), + "github.com/openshift/api/build/v1.BuildVolumeSource": schema_openshift_api_build_v1_BuildVolumeSource(ref), + "github.com/openshift/api/build/v1.CommonSpec": schema_openshift_api_build_v1_CommonSpec(ref), + "github.com/openshift/api/build/v1.CommonWebHookCause": schema_openshift_api_build_v1_CommonWebHookCause(ref), + "github.com/openshift/api/build/v1.ConfigMapBuildSource": schema_openshift_api_build_v1_ConfigMapBuildSource(ref), + "github.com/openshift/api/build/v1.CustomBuildStrategy": schema_openshift_api_build_v1_CustomBuildStrategy(ref), + "github.com/openshift/api/build/v1.DockerBuildStrategy": schema_openshift_api_build_v1_DockerBuildStrategy(ref), + "github.com/openshift/api/build/v1.DockerStrategyOptions": schema_openshift_api_build_v1_DockerStrategyOptions(ref), + "github.com/openshift/api/build/v1.GenericWebHookCause": schema_openshift_api_build_v1_GenericWebHookCause(ref), + "github.com/openshift/api/build/v1.GenericWebHookEvent": schema_openshift_api_build_v1_GenericWebHookEvent(ref), + "github.com/openshift/api/build/v1.GitBuildSource": schema_openshift_api_build_v1_GitBuildSource(ref), + "github.com/openshift/api/build/v1.GitHubWebHookCause": schema_openshift_api_build_v1_GitHubWebHookCause(ref), + "github.com/openshift/api/build/v1.GitInfo": schema_openshift_api_build_v1_GitInfo(ref), + "github.com/openshift/api/build/v1.GitLabWebHookCause": schema_openshift_api_build_v1_GitLabWebHookCause(ref), + "github.com/openshift/api/build/v1.GitRefInfo": schema_openshift_api_build_v1_GitRefInfo(ref), + "github.com/openshift/api/build/v1.GitSourceRevision": schema_openshift_api_build_v1_GitSourceRevision(ref), + "github.com/openshift/api/build/v1.ImageChangeCause": schema_openshift_api_build_v1_ImageChangeCause(ref), + "github.com/openshift/api/build/v1.ImageChangeTrigger": schema_openshift_api_build_v1_ImageChangeTrigger(ref), + "github.com/openshift/api/build/v1.ImageChangeTriggerStatus": schema_openshift_api_build_v1_ImageChangeTriggerStatus(ref), + "github.com/openshift/api/build/v1.ImageLabel": schema_openshift_api_build_v1_ImageLabel(ref), + "github.com/openshift/api/build/v1.ImageSource": schema_openshift_api_build_v1_ImageSource(ref), + "github.com/openshift/api/build/v1.ImageSourcePath": schema_openshift_api_build_v1_ImageSourcePath(ref), + "github.com/openshift/api/build/v1.ImageStreamTagReference": schema_openshift_api_build_v1_ImageStreamTagReference(ref), + "github.com/openshift/api/build/v1.JenkinsPipelineBuildStrategy": schema_openshift_api_build_v1_JenkinsPipelineBuildStrategy(ref), + "github.com/openshift/api/build/v1.ProxyConfig": schema_openshift_api_build_v1_ProxyConfig(ref), + "github.com/openshift/api/build/v1.SecretBuildSource": schema_openshift_api_build_v1_SecretBuildSource(ref), + "github.com/openshift/api/build/v1.SecretLocalReference": schema_openshift_api_build_v1_SecretLocalReference(ref), + "github.com/openshift/api/build/v1.SecretSpec": schema_openshift_api_build_v1_SecretSpec(ref), + "github.com/openshift/api/build/v1.SourceBuildStrategy": schema_openshift_api_build_v1_SourceBuildStrategy(ref), + "github.com/openshift/api/build/v1.SourceControlUser": schema_openshift_api_build_v1_SourceControlUser(ref), + "github.com/openshift/api/build/v1.SourceRevision": schema_openshift_api_build_v1_SourceRevision(ref), + "github.com/openshift/api/build/v1.SourceStrategyOptions": schema_openshift_api_build_v1_SourceStrategyOptions(ref), + "github.com/openshift/api/build/v1.StageInfo": schema_openshift_api_build_v1_StageInfo(ref), + "github.com/openshift/api/build/v1.StepInfo": schema_openshift_api_build_v1_StepInfo(ref), + "github.com/openshift/api/build/v1.WebHookTrigger": schema_openshift_api_build_v1_WebHookTrigger(ref), + "github.com/openshift/api/cloudnetwork/v1.CloudPrivateIPConfig": schema_openshift_api_cloudnetwork_v1_CloudPrivateIPConfig(ref), + "github.com/openshift/api/cloudnetwork/v1.CloudPrivateIPConfigSpec": schema_openshift_api_cloudnetwork_v1_CloudPrivateIPConfigSpec(ref), + "github.com/openshift/api/cloudnetwork/v1.CloudPrivateIPConfigStatus": schema_openshift_api_cloudnetwork_v1_CloudPrivateIPConfigStatus(ref), + "github.com/openshift/api/config/v1.APIServer": schema_openshift_api_config_v1_APIServer(ref), + "github.com/openshift/api/config/v1.APIServerEncryption": schema_openshift_api_config_v1_APIServerEncryption(ref), + "github.com/openshift/api/config/v1.APIServerList": schema_openshift_api_config_v1_APIServerList(ref), + "github.com/openshift/api/config/v1.APIServerNamedServingCert": schema_openshift_api_config_v1_APIServerNamedServingCert(ref), + "github.com/openshift/api/config/v1.APIServerServingCerts": schema_openshift_api_config_v1_APIServerServingCerts(ref), + "github.com/openshift/api/config/v1.APIServerSpec": schema_openshift_api_config_v1_APIServerSpec(ref), + "github.com/openshift/api/config/v1.APIServerStatus": schema_openshift_api_config_v1_APIServerStatus(ref), + "github.com/openshift/api/config/v1.AWSDNSSpec": schema_openshift_api_config_v1_AWSDNSSpec(ref), + "github.com/openshift/api/config/v1.AWSIngressSpec": schema_openshift_api_config_v1_AWSIngressSpec(ref), + "github.com/openshift/api/config/v1.AWSKMSConfig": schema_openshift_api_config_v1_AWSKMSConfig(ref), + "github.com/openshift/api/config/v1.AWSPlatformSpec": schema_openshift_api_config_v1_AWSPlatformSpec(ref), + "github.com/openshift/api/config/v1.AWSPlatformStatus": schema_openshift_api_config_v1_AWSPlatformStatus(ref), + "github.com/openshift/api/config/v1.AWSResourceTag": schema_openshift_api_config_v1_AWSResourceTag(ref), + "github.com/openshift/api/config/v1.AWSServiceEndpoint": schema_openshift_api_config_v1_AWSServiceEndpoint(ref), + "github.com/openshift/api/config/v1.AcceptRisk": schema_openshift_api_config_v1_AcceptRisk(ref), + "github.com/openshift/api/config/v1.AdmissionConfig": schema_openshift_api_config_v1_AdmissionConfig(ref), + "github.com/openshift/api/config/v1.AdmissionPluginConfig": schema_openshift_api_config_v1_AdmissionPluginConfig(ref), + "github.com/openshift/api/config/v1.AlibabaCloudPlatformSpec": schema_openshift_api_config_v1_AlibabaCloudPlatformSpec(ref), + "github.com/openshift/api/config/v1.AlibabaCloudPlatformStatus": schema_openshift_api_config_v1_AlibabaCloudPlatformStatus(ref), + "github.com/openshift/api/config/v1.AlibabaCloudResourceTag": schema_openshift_api_config_v1_AlibabaCloudResourceTag(ref), + "github.com/openshift/api/config/v1.Audit": schema_openshift_api_config_v1_Audit(ref), + "github.com/openshift/api/config/v1.AuditConfig": schema_openshift_api_config_v1_AuditConfig(ref), + "github.com/openshift/api/config/v1.AuditCustomRule": schema_openshift_api_config_v1_AuditCustomRule(ref), + "github.com/openshift/api/config/v1.Authentication": schema_openshift_api_config_v1_Authentication(ref), + "github.com/openshift/api/config/v1.AuthenticationList": schema_openshift_api_config_v1_AuthenticationList(ref), + "github.com/openshift/api/config/v1.AuthenticationSpec": schema_openshift_api_config_v1_AuthenticationSpec(ref), + "github.com/openshift/api/config/v1.AuthenticationStatus": schema_openshift_api_config_v1_AuthenticationStatus(ref), + "github.com/openshift/api/config/v1.AzurePlatformSpec": schema_openshift_api_config_v1_AzurePlatformSpec(ref), + "github.com/openshift/api/config/v1.AzurePlatformStatus": schema_openshift_api_config_v1_AzurePlatformStatus(ref), + "github.com/openshift/api/config/v1.AzureResourceTag": schema_openshift_api_config_v1_AzureResourceTag(ref), + "github.com/openshift/api/config/v1.BareMetalPlatformLoadBalancer": schema_openshift_api_config_v1_BareMetalPlatformLoadBalancer(ref), + "github.com/openshift/api/config/v1.BareMetalPlatformSpec": schema_openshift_api_config_v1_BareMetalPlatformSpec(ref), + "github.com/openshift/api/config/v1.BareMetalPlatformStatus": schema_openshift_api_config_v1_BareMetalPlatformStatus(ref), + "github.com/openshift/api/config/v1.BasicAuthIdentityProvider": schema_openshift_api_config_v1_BasicAuthIdentityProvider(ref), + "github.com/openshift/api/config/v1.Build": schema_openshift_api_config_v1_Build(ref), + "github.com/openshift/api/config/v1.BuildDefaults": schema_openshift_api_config_v1_BuildDefaults(ref), + "github.com/openshift/api/config/v1.BuildList": schema_openshift_api_config_v1_BuildList(ref), + "github.com/openshift/api/config/v1.BuildOverrides": schema_openshift_api_config_v1_BuildOverrides(ref), + "github.com/openshift/api/config/v1.BuildSpec": schema_openshift_api_config_v1_BuildSpec(ref), + "github.com/openshift/api/config/v1.CertInfo": schema_openshift_api_config_v1_CertInfo(ref), + "github.com/openshift/api/config/v1.ClientConnectionOverrides": schema_openshift_api_config_v1_ClientConnectionOverrides(ref), + "github.com/openshift/api/config/v1.CloudControllerManagerStatus": schema_openshift_api_config_v1_CloudControllerManagerStatus(ref), + "github.com/openshift/api/config/v1.CloudLoadBalancerConfig": schema_openshift_api_config_v1_CloudLoadBalancerConfig(ref), + "github.com/openshift/api/config/v1.CloudLoadBalancerIPs": schema_openshift_api_config_v1_CloudLoadBalancerIPs(ref), + "github.com/openshift/api/config/v1.ClusterCondition": schema_openshift_api_config_v1_ClusterCondition(ref), + "github.com/openshift/api/config/v1.ClusterImagePolicy": schema_openshift_api_config_v1_ClusterImagePolicy(ref), + "github.com/openshift/api/config/v1.ClusterImagePolicyList": schema_openshift_api_config_v1_ClusterImagePolicyList(ref), + "github.com/openshift/api/config/v1.ClusterImagePolicySpec": schema_openshift_api_config_v1_ClusterImagePolicySpec(ref), + "github.com/openshift/api/config/v1.ClusterImagePolicyStatus": schema_openshift_api_config_v1_ClusterImagePolicyStatus(ref), + "github.com/openshift/api/config/v1.ClusterNetworkEntry": schema_openshift_api_config_v1_ClusterNetworkEntry(ref), + "github.com/openshift/api/config/v1.ClusterOperator": schema_openshift_api_config_v1_ClusterOperator(ref), + "github.com/openshift/api/config/v1.ClusterOperatorList": schema_openshift_api_config_v1_ClusterOperatorList(ref), + "github.com/openshift/api/config/v1.ClusterOperatorSpec": schema_openshift_api_config_v1_ClusterOperatorSpec(ref), + "github.com/openshift/api/config/v1.ClusterOperatorStatus": schema_openshift_api_config_v1_ClusterOperatorStatus(ref), + "github.com/openshift/api/config/v1.ClusterOperatorStatusCondition": schema_openshift_api_config_v1_ClusterOperatorStatusCondition(ref), + "github.com/openshift/api/config/v1.ClusterVersion": schema_openshift_api_config_v1_ClusterVersion(ref), + "github.com/openshift/api/config/v1.ClusterVersionCapabilitiesSpec": schema_openshift_api_config_v1_ClusterVersionCapabilitiesSpec(ref), + "github.com/openshift/api/config/v1.ClusterVersionCapabilitiesStatus": schema_openshift_api_config_v1_ClusterVersionCapabilitiesStatus(ref), + "github.com/openshift/api/config/v1.ClusterVersionList": schema_openshift_api_config_v1_ClusterVersionList(ref), + "github.com/openshift/api/config/v1.ClusterVersionSpec": schema_openshift_api_config_v1_ClusterVersionSpec(ref), + "github.com/openshift/api/config/v1.ClusterVersionStatus": schema_openshift_api_config_v1_ClusterVersionStatus(ref), + "github.com/openshift/api/config/v1.ComponentOverride": schema_openshift_api_config_v1_ComponentOverride(ref), + "github.com/openshift/api/config/v1.ComponentRouteSpec": schema_openshift_api_config_v1_ComponentRouteSpec(ref), + "github.com/openshift/api/config/v1.ComponentRouteStatus": schema_openshift_api_config_v1_ComponentRouteStatus(ref), + "github.com/openshift/api/config/v1.ConditionalUpdate": schema_openshift_api_config_v1_ConditionalUpdate(ref), + "github.com/openshift/api/config/v1.ConditionalUpdateRisk": schema_openshift_api_config_v1_ConditionalUpdateRisk(ref), + "github.com/openshift/api/config/v1.ConfigMapFileReference": schema_openshift_api_config_v1_ConfigMapFileReference(ref), + "github.com/openshift/api/config/v1.ConfigMapNameReference": schema_openshift_api_config_v1_ConfigMapNameReference(ref), + "github.com/openshift/api/config/v1.Console": schema_openshift_api_config_v1_Console(ref), + "github.com/openshift/api/config/v1.ConsoleAuthentication": schema_openshift_api_config_v1_ConsoleAuthentication(ref), + "github.com/openshift/api/config/v1.ConsoleList": schema_openshift_api_config_v1_ConsoleList(ref), + "github.com/openshift/api/config/v1.ConsoleSpec": schema_openshift_api_config_v1_ConsoleSpec(ref), + "github.com/openshift/api/config/v1.ConsoleStatus": schema_openshift_api_config_v1_ConsoleStatus(ref), + "github.com/openshift/api/config/v1.Custom": schema_openshift_api_config_v1_Custom(ref), + "github.com/openshift/api/config/v1.CustomFeatureGates": schema_openshift_api_config_v1_CustomFeatureGates(ref), + "github.com/openshift/api/config/v1.CustomTLSProfile": schema_openshift_api_config_v1_CustomTLSProfile(ref), + "github.com/openshift/api/config/v1.DNS": schema_openshift_api_config_v1_DNS(ref), + "github.com/openshift/api/config/v1.DNSList": schema_openshift_api_config_v1_DNSList(ref), + "github.com/openshift/api/config/v1.DNSPlatformSpec": schema_openshift_api_config_v1_DNSPlatformSpec(ref), + "github.com/openshift/api/config/v1.DNSSpec": schema_openshift_api_config_v1_DNSSpec(ref), + "github.com/openshift/api/config/v1.DNSStatus": schema_openshift_api_config_v1_DNSStatus(ref), + "github.com/openshift/api/config/v1.DNSZone": schema_openshift_api_config_v1_DNSZone(ref), + "github.com/openshift/api/config/v1.DelegatedAuthentication": schema_openshift_api_config_v1_DelegatedAuthentication(ref), + "github.com/openshift/api/config/v1.DelegatedAuthorization": schema_openshift_api_config_v1_DelegatedAuthorization(ref), + "github.com/openshift/api/config/v1.DeprecatedWebhookTokenAuthenticator": schema_openshift_api_config_v1_DeprecatedWebhookTokenAuthenticator(ref), + "github.com/openshift/api/config/v1.EquinixMetalPlatformSpec": schema_openshift_api_config_v1_EquinixMetalPlatformSpec(ref), + "github.com/openshift/api/config/v1.EquinixMetalPlatformStatus": schema_openshift_api_config_v1_EquinixMetalPlatformStatus(ref), + "github.com/openshift/api/config/v1.EtcdConnectionInfo": schema_openshift_api_config_v1_EtcdConnectionInfo(ref), + "github.com/openshift/api/config/v1.EtcdStorageConfig": schema_openshift_api_config_v1_EtcdStorageConfig(ref), + "github.com/openshift/api/config/v1.ExternalIPConfig": schema_openshift_api_config_v1_ExternalIPConfig(ref), + "github.com/openshift/api/config/v1.ExternalIPPolicy": schema_openshift_api_config_v1_ExternalIPPolicy(ref), + "github.com/openshift/api/config/v1.ExternalPlatformSpec": schema_openshift_api_config_v1_ExternalPlatformSpec(ref), + "github.com/openshift/api/config/v1.ExternalPlatformStatus": schema_openshift_api_config_v1_ExternalPlatformStatus(ref), + "github.com/openshift/api/config/v1.ExtraMapping": schema_openshift_api_config_v1_ExtraMapping(ref), + "github.com/openshift/api/config/v1.FeatureGate": schema_openshift_api_config_v1_FeatureGate(ref), + "github.com/openshift/api/config/v1.FeatureGateAttributes": schema_openshift_api_config_v1_FeatureGateAttributes(ref), + "github.com/openshift/api/config/v1.FeatureGateDetails": schema_openshift_api_config_v1_FeatureGateDetails(ref), + "github.com/openshift/api/config/v1.FeatureGateList": schema_openshift_api_config_v1_FeatureGateList(ref), + "github.com/openshift/api/config/v1.FeatureGateSelection": schema_openshift_api_config_v1_FeatureGateSelection(ref), + "github.com/openshift/api/config/v1.FeatureGateSpec": schema_openshift_api_config_v1_FeatureGateSpec(ref), + "github.com/openshift/api/config/v1.FeatureGateStatus": schema_openshift_api_config_v1_FeatureGateStatus(ref), + "github.com/openshift/api/config/v1.FeatureGateTests": schema_openshift_api_config_v1_FeatureGateTests(ref), + "github.com/openshift/api/config/v1.GCPPlatformSpec": schema_openshift_api_config_v1_GCPPlatformSpec(ref), + "github.com/openshift/api/config/v1.GCPPlatformStatus": schema_openshift_api_config_v1_GCPPlatformStatus(ref), + "github.com/openshift/api/config/v1.GCPResourceLabel": schema_openshift_api_config_v1_GCPResourceLabel(ref), + "github.com/openshift/api/config/v1.GCPResourceTag": schema_openshift_api_config_v1_GCPResourceTag(ref), + "github.com/openshift/api/config/v1.GatherConfig": schema_openshift_api_config_v1_GatherConfig(ref), + "github.com/openshift/api/config/v1.GathererConfig": schema_openshift_api_config_v1_GathererConfig(ref), + "github.com/openshift/api/config/v1.Gatherers": schema_openshift_api_config_v1_Gatherers(ref), + "github.com/openshift/api/config/v1.GenericAPIServerConfig": schema_openshift_api_config_v1_GenericAPIServerConfig(ref), + "github.com/openshift/api/config/v1.GenericControllerConfig": schema_openshift_api_config_v1_GenericControllerConfig(ref), + "github.com/openshift/api/config/v1.GitHubIdentityProvider": schema_openshift_api_config_v1_GitHubIdentityProvider(ref), + "github.com/openshift/api/config/v1.GitLabIdentityProvider": schema_openshift_api_config_v1_GitLabIdentityProvider(ref), + "github.com/openshift/api/config/v1.GoogleIdentityProvider": schema_openshift_api_config_v1_GoogleIdentityProvider(ref), + "github.com/openshift/api/config/v1.HTPasswdIdentityProvider": schema_openshift_api_config_v1_HTPasswdIdentityProvider(ref), + "github.com/openshift/api/config/v1.HTTPServingInfo": schema_openshift_api_config_v1_HTTPServingInfo(ref), + "github.com/openshift/api/config/v1.HubSource": schema_openshift_api_config_v1_HubSource(ref), + "github.com/openshift/api/config/v1.HubSourceStatus": schema_openshift_api_config_v1_HubSourceStatus(ref), + "github.com/openshift/api/config/v1.IBMCloudPlatformSpec": schema_openshift_api_config_v1_IBMCloudPlatformSpec(ref), + "github.com/openshift/api/config/v1.IBMCloudPlatformStatus": schema_openshift_api_config_v1_IBMCloudPlatformStatus(ref), + "github.com/openshift/api/config/v1.IBMCloudServiceEndpoint": schema_openshift_api_config_v1_IBMCloudServiceEndpoint(ref), + "github.com/openshift/api/config/v1.IdentityProvider": schema_openshift_api_config_v1_IdentityProvider(ref), + "github.com/openshift/api/config/v1.IdentityProviderConfig": schema_openshift_api_config_v1_IdentityProviderConfig(ref), + "github.com/openshift/api/config/v1.Image": schema_openshift_api_config_v1_Image(ref), + "github.com/openshift/api/config/v1.ImageContentPolicy": schema_openshift_api_config_v1_ImageContentPolicy(ref), + "github.com/openshift/api/config/v1.ImageContentPolicyList": schema_openshift_api_config_v1_ImageContentPolicyList(ref), + "github.com/openshift/api/config/v1.ImageContentPolicySpec": schema_openshift_api_config_v1_ImageContentPolicySpec(ref), + "github.com/openshift/api/config/v1.ImageDigestMirrorSet": schema_openshift_api_config_v1_ImageDigestMirrorSet(ref), + "github.com/openshift/api/config/v1.ImageDigestMirrorSetList": schema_openshift_api_config_v1_ImageDigestMirrorSetList(ref), + "github.com/openshift/api/config/v1.ImageDigestMirrorSetSpec": schema_openshift_api_config_v1_ImageDigestMirrorSetSpec(ref), + "github.com/openshift/api/config/v1.ImageDigestMirrorSetStatus": schema_openshift_api_config_v1_ImageDigestMirrorSetStatus(ref), + "github.com/openshift/api/config/v1.ImageDigestMirrors": schema_openshift_api_config_v1_ImageDigestMirrors(ref), + "github.com/openshift/api/config/v1.ImageLabel": schema_openshift_api_config_v1_ImageLabel(ref), + "github.com/openshift/api/config/v1.ImageList": schema_openshift_api_config_v1_ImageList(ref), + "github.com/openshift/api/config/v1.ImagePolicy": schema_openshift_api_config_v1_ImagePolicy(ref), + "github.com/openshift/api/config/v1.ImagePolicyFulcioCAWithRekorRootOfTrust": schema_openshift_api_config_v1_ImagePolicyFulcioCAWithRekorRootOfTrust(ref), + "github.com/openshift/api/config/v1.ImagePolicyList": schema_openshift_api_config_v1_ImagePolicyList(ref), + "github.com/openshift/api/config/v1.ImagePolicyPKIRootOfTrust": schema_openshift_api_config_v1_ImagePolicyPKIRootOfTrust(ref), + "github.com/openshift/api/config/v1.ImagePolicyPublicKeyRootOfTrust": schema_openshift_api_config_v1_ImagePolicyPublicKeyRootOfTrust(ref), + "github.com/openshift/api/config/v1.ImagePolicySpec": schema_openshift_api_config_v1_ImagePolicySpec(ref), + "github.com/openshift/api/config/v1.ImagePolicyStatus": schema_openshift_api_config_v1_ImagePolicyStatus(ref), + "github.com/openshift/api/config/v1.ImageSigstoreVerificationPolicy": schema_openshift_api_config_v1_ImageSigstoreVerificationPolicy(ref), + "github.com/openshift/api/config/v1.ImageSpec": schema_openshift_api_config_v1_ImageSpec(ref), + "github.com/openshift/api/config/v1.ImageStatus": schema_openshift_api_config_v1_ImageStatus(ref), + "github.com/openshift/api/config/v1.ImageTagMirrorSet": schema_openshift_api_config_v1_ImageTagMirrorSet(ref), + "github.com/openshift/api/config/v1.ImageTagMirrorSetList": schema_openshift_api_config_v1_ImageTagMirrorSetList(ref), + "github.com/openshift/api/config/v1.ImageTagMirrorSetSpec": schema_openshift_api_config_v1_ImageTagMirrorSetSpec(ref), + "github.com/openshift/api/config/v1.ImageTagMirrorSetStatus": schema_openshift_api_config_v1_ImageTagMirrorSetStatus(ref), + "github.com/openshift/api/config/v1.ImageTagMirrors": schema_openshift_api_config_v1_ImageTagMirrors(ref), + "github.com/openshift/api/config/v1.Infrastructure": schema_openshift_api_config_v1_Infrastructure(ref), + "github.com/openshift/api/config/v1.InfrastructureList": schema_openshift_api_config_v1_InfrastructureList(ref), + "github.com/openshift/api/config/v1.InfrastructureSpec": schema_openshift_api_config_v1_InfrastructureSpec(ref), + "github.com/openshift/api/config/v1.InfrastructureStatus": schema_openshift_api_config_v1_InfrastructureStatus(ref), + "github.com/openshift/api/config/v1.Ingress": schema_openshift_api_config_v1_Ingress(ref), + "github.com/openshift/api/config/v1.IngressList": schema_openshift_api_config_v1_IngressList(ref), + "github.com/openshift/api/config/v1.IngressPlatformSpec": schema_openshift_api_config_v1_IngressPlatformSpec(ref), + "github.com/openshift/api/config/v1.IngressSpec": schema_openshift_api_config_v1_IngressSpec(ref), + "github.com/openshift/api/config/v1.IngressStatus": schema_openshift_api_config_v1_IngressStatus(ref), + "github.com/openshift/api/config/v1.InsightsDataGather": schema_openshift_api_config_v1_InsightsDataGather(ref), + "github.com/openshift/api/config/v1.InsightsDataGatherList": schema_openshift_api_config_v1_InsightsDataGatherList(ref), + "github.com/openshift/api/config/v1.InsightsDataGatherSpec": schema_openshift_api_config_v1_InsightsDataGatherSpec(ref), + "github.com/openshift/api/config/v1.IntermediateTLSProfile": schema_openshift_api_config_v1_IntermediateTLSProfile(ref), + "github.com/openshift/api/config/v1.KMSConfig": schema_openshift_api_config_v1_KMSConfig(ref), + "github.com/openshift/api/config/v1.KeystoneIdentityProvider": schema_openshift_api_config_v1_KeystoneIdentityProvider(ref), + "github.com/openshift/api/config/v1.KubeClientConfig": schema_openshift_api_config_v1_KubeClientConfig(ref), + "github.com/openshift/api/config/v1.KubevirtPlatformSpec": schema_openshift_api_config_v1_KubevirtPlatformSpec(ref), + "github.com/openshift/api/config/v1.KubevirtPlatformStatus": schema_openshift_api_config_v1_KubevirtPlatformStatus(ref), + "github.com/openshift/api/config/v1.LDAPAttributeMapping": schema_openshift_api_config_v1_LDAPAttributeMapping(ref), + "github.com/openshift/api/config/v1.LDAPIdentityProvider": schema_openshift_api_config_v1_LDAPIdentityProvider(ref), + "github.com/openshift/api/config/v1.LeaderElection": schema_openshift_api_config_v1_LeaderElection(ref), + "github.com/openshift/api/config/v1.LoadBalancer": schema_openshift_api_config_v1_LoadBalancer(ref), + "github.com/openshift/api/config/v1.MTUMigration": schema_openshift_api_config_v1_MTUMigration(ref), + "github.com/openshift/api/config/v1.MTUMigrationValues": schema_openshift_api_config_v1_MTUMigrationValues(ref), + "github.com/openshift/api/config/v1.MaxAgePolicy": schema_openshift_api_config_v1_MaxAgePolicy(ref), + "github.com/openshift/api/config/v1.ModernTLSProfile": schema_openshift_api_config_v1_ModernTLSProfile(ref), + "github.com/openshift/api/config/v1.NamedCertificate": schema_openshift_api_config_v1_NamedCertificate(ref), + "github.com/openshift/api/config/v1.Network": schema_openshift_api_config_v1_Network(ref), + "github.com/openshift/api/config/v1.NetworkDiagnostics": schema_openshift_api_config_v1_NetworkDiagnostics(ref), + "github.com/openshift/api/config/v1.NetworkDiagnosticsSourcePlacement": schema_openshift_api_config_v1_NetworkDiagnosticsSourcePlacement(ref), + "github.com/openshift/api/config/v1.NetworkDiagnosticsTargetPlacement": schema_openshift_api_config_v1_NetworkDiagnosticsTargetPlacement(ref), + "github.com/openshift/api/config/v1.NetworkList": schema_openshift_api_config_v1_NetworkList(ref), + "github.com/openshift/api/config/v1.NetworkMigration": schema_openshift_api_config_v1_NetworkMigration(ref), + "github.com/openshift/api/config/v1.NetworkSpec": schema_openshift_api_config_v1_NetworkSpec(ref), + "github.com/openshift/api/config/v1.NetworkStatus": schema_openshift_api_config_v1_NetworkStatus(ref), + "github.com/openshift/api/config/v1.Node": schema_openshift_api_config_v1_Node(ref), + "github.com/openshift/api/config/v1.NodeList": schema_openshift_api_config_v1_NodeList(ref), + "github.com/openshift/api/config/v1.NodeSpec": schema_openshift_api_config_v1_NodeSpec(ref), + "github.com/openshift/api/config/v1.NodeStatus": schema_openshift_api_config_v1_NodeStatus(ref), + "github.com/openshift/api/config/v1.NutanixFailureDomain": schema_openshift_api_config_v1_NutanixFailureDomain(ref), + "github.com/openshift/api/config/v1.NutanixPlatformLoadBalancer": schema_openshift_api_config_v1_NutanixPlatformLoadBalancer(ref), + "github.com/openshift/api/config/v1.NutanixPlatformSpec": schema_openshift_api_config_v1_NutanixPlatformSpec(ref), + "github.com/openshift/api/config/v1.NutanixPlatformStatus": schema_openshift_api_config_v1_NutanixPlatformStatus(ref), + "github.com/openshift/api/config/v1.NutanixPrismElementEndpoint": schema_openshift_api_config_v1_NutanixPrismElementEndpoint(ref), + "github.com/openshift/api/config/v1.NutanixPrismEndpoint": schema_openshift_api_config_v1_NutanixPrismEndpoint(ref), + "github.com/openshift/api/config/v1.NutanixResourceIdentifier": schema_openshift_api_config_v1_NutanixResourceIdentifier(ref), + "github.com/openshift/api/config/v1.OAuth": schema_openshift_api_config_v1_OAuth(ref), + "github.com/openshift/api/config/v1.OAuthList": schema_openshift_api_config_v1_OAuthList(ref), + "github.com/openshift/api/config/v1.OAuthRemoteConnectionInfo": schema_openshift_api_config_v1_OAuthRemoteConnectionInfo(ref), + "github.com/openshift/api/config/v1.OAuthSpec": schema_openshift_api_config_v1_OAuthSpec(ref), + "github.com/openshift/api/config/v1.OAuthStatus": schema_openshift_api_config_v1_OAuthStatus(ref), + "github.com/openshift/api/config/v1.OAuthTemplates": schema_openshift_api_config_v1_OAuthTemplates(ref), + "github.com/openshift/api/config/v1.OIDCClientConfig": schema_openshift_api_config_v1_OIDCClientConfig(ref), + "github.com/openshift/api/config/v1.OIDCClientReference": schema_openshift_api_config_v1_OIDCClientReference(ref), + "github.com/openshift/api/config/v1.OIDCClientStatus": schema_openshift_api_config_v1_OIDCClientStatus(ref), + "github.com/openshift/api/config/v1.OIDCProvider": schema_openshift_api_config_v1_OIDCProvider(ref), + "github.com/openshift/api/config/v1.ObjectReference": schema_openshift_api_config_v1_ObjectReference(ref), + "github.com/openshift/api/config/v1.OldTLSProfile": schema_openshift_api_config_v1_OldTLSProfile(ref), + "github.com/openshift/api/config/v1.OpenIDClaims": schema_openshift_api_config_v1_OpenIDClaims(ref), + "github.com/openshift/api/config/v1.OpenIDIdentityProvider": schema_openshift_api_config_v1_OpenIDIdentityProvider(ref), + "github.com/openshift/api/config/v1.OpenStackPlatformLoadBalancer": schema_openshift_api_config_v1_OpenStackPlatformLoadBalancer(ref), + "github.com/openshift/api/config/v1.OpenStackPlatformSpec": schema_openshift_api_config_v1_OpenStackPlatformSpec(ref), + "github.com/openshift/api/config/v1.OpenStackPlatformStatus": schema_openshift_api_config_v1_OpenStackPlatformStatus(ref), + "github.com/openshift/api/config/v1.OperandVersion": schema_openshift_api_config_v1_OperandVersion(ref), + "github.com/openshift/api/config/v1.OperatorHub": schema_openshift_api_config_v1_OperatorHub(ref), + "github.com/openshift/api/config/v1.OperatorHubList": schema_openshift_api_config_v1_OperatorHubList(ref), + "github.com/openshift/api/config/v1.OperatorHubSpec": schema_openshift_api_config_v1_OperatorHubSpec(ref), + "github.com/openshift/api/config/v1.OperatorHubStatus": schema_openshift_api_config_v1_OperatorHubStatus(ref), + "github.com/openshift/api/config/v1.OvirtPlatformLoadBalancer": schema_openshift_api_config_v1_OvirtPlatformLoadBalancer(ref), + "github.com/openshift/api/config/v1.OvirtPlatformSpec": schema_openshift_api_config_v1_OvirtPlatformSpec(ref), + "github.com/openshift/api/config/v1.OvirtPlatformStatus": schema_openshift_api_config_v1_OvirtPlatformStatus(ref), + "github.com/openshift/api/config/v1.PKICertificateSubject": schema_openshift_api_config_v1_PKICertificateSubject(ref), + "github.com/openshift/api/config/v1.PersistentVolumeClaimReference": schema_openshift_api_config_v1_PersistentVolumeClaimReference(ref), + "github.com/openshift/api/config/v1.PersistentVolumeConfig": schema_openshift_api_config_v1_PersistentVolumeConfig(ref), + "github.com/openshift/api/config/v1.PlatformSpec": schema_openshift_api_config_v1_PlatformSpec(ref), + "github.com/openshift/api/config/v1.PlatformStatus": schema_openshift_api_config_v1_PlatformStatus(ref), + "github.com/openshift/api/config/v1.PolicyFulcioSubject": schema_openshift_api_config_v1_PolicyFulcioSubject(ref), + "github.com/openshift/api/config/v1.PolicyIdentity": schema_openshift_api_config_v1_PolicyIdentity(ref), + "github.com/openshift/api/config/v1.PolicyMatchExactRepository": schema_openshift_api_config_v1_PolicyMatchExactRepository(ref), + "github.com/openshift/api/config/v1.PolicyMatchRemapIdentity": schema_openshift_api_config_v1_PolicyMatchRemapIdentity(ref), + "github.com/openshift/api/config/v1.PolicyRootOfTrust": schema_openshift_api_config_v1_PolicyRootOfTrust(ref), + "github.com/openshift/api/config/v1.PowerVSPlatformSpec": schema_openshift_api_config_v1_PowerVSPlatformSpec(ref), + "github.com/openshift/api/config/v1.PowerVSPlatformStatus": schema_openshift_api_config_v1_PowerVSPlatformStatus(ref), + "github.com/openshift/api/config/v1.PowerVSServiceEndpoint": schema_openshift_api_config_v1_PowerVSServiceEndpoint(ref), + "github.com/openshift/api/config/v1.PrefixedClaimMapping": schema_openshift_api_config_v1_PrefixedClaimMapping(ref), + "github.com/openshift/api/config/v1.ProfileCustomizations": schema_openshift_api_config_v1_ProfileCustomizations(ref), + "github.com/openshift/api/config/v1.Project": schema_openshift_api_config_v1_Project(ref), + "github.com/openshift/api/config/v1.ProjectList": schema_openshift_api_config_v1_ProjectList(ref), + "github.com/openshift/api/config/v1.ProjectSpec": schema_openshift_api_config_v1_ProjectSpec(ref), + "github.com/openshift/api/config/v1.ProjectStatus": schema_openshift_api_config_v1_ProjectStatus(ref), + "github.com/openshift/api/config/v1.PromQLClusterCondition": schema_openshift_api_config_v1_PromQLClusterCondition(ref), + "github.com/openshift/api/config/v1.Proxy": schema_openshift_api_config_v1_Proxy(ref), + "github.com/openshift/api/config/v1.ProxyList": schema_openshift_api_config_v1_ProxyList(ref), + "github.com/openshift/api/config/v1.ProxySpec": schema_openshift_api_config_v1_ProxySpec(ref), + "github.com/openshift/api/config/v1.ProxyStatus": schema_openshift_api_config_v1_ProxyStatus(ref), + "github.com/openshift/api/config/v1.RegistryLocation": schema_openshift_api_config_v1_RegistryLocation(ref), + "github.com/openshift/api/config/v1.RegistrySources": schema_openshift_api_config_v1_RegistrySources(ref), + "github.com/openshift/api/config/v1.Release": schema_openshift_api_config_v1_Release(ref), + "github.com/openshift/api/config/v1.RemoteConnectionInfo": schema_openshift_api_config_v1_RemoteConnectionInfo(ref), + "github.com/openshift/api/config/v1.RepositoryDigestMirrors": schema_openshift_api_config_v1_RepositoryDigestMirrors(ref), + "github.com/openshift/api/config/v1.RequestHeaderIdentityProvider": schema_openshift_api_config_v1_RequestHeaderIdentityProvider(ref), + "github.com/openshift/api/config/v1.RequiredHSTSPolicy": schema_openshift_api_config_v1_RequiredHSTSPolicy(ref), + "github.com/openshift/api/config/v1.Scheduler": schema_openshift_api_config_v1_Scheduler(ref), + "github.com/openshift/api/config/v1.SchedulerList": schema_openshift_api_config_v1_SchedulerList(ref), + "github.com/openshift/api/config/v1.SchedulerSpec": schema_openshift_api_config_v1_SchedulerSpec(ref), + "github.com/openshift/api/config/v1.SchedulerStatus": schema_openshift_api_config_v1_SchedulerStatus(ref), + "github.com/openshift/api/config/v1.SecretNameReference": schema_openshift_api_config_v1_SecretNameReference(ref), + "github.com/openshift/api/config/v1.ServingInfo": schema_openshift_api_config_v1_ServingInfo(ref), + "github.com/openshift/api/config/v1.SignatureStore": schema_openshift_api_config_v1_SignatureStore(ref), + "github.com/openshift/api/config/v1.Storage": schema_openshift_api_config_v1_Storage(ref), + "github.com/openshift/api/config/v1.StringSource": schema_openshift_api_config_v1_StringSource(ref), + "github.com/openshift/api/config/v1.StringSourceSpec": schema_openshift_api_config_v1_StringSourceSpec(ref), + "github.com/openshift/api/config/v1.TLSProfileSpec": schema_openshift_api_config_v1_TLSProfileSpec(ref), + "github.com/openshift/api/config/v1.TLSSecurityProfile": schema_openshift_api_config_v1_TLSSecurityProfile(ref), + "github.com/openshift/api/config/v1.TemplateReference": schema_openshift_api_config_v1_TemplateReference(ref), + "github.com/openshift/api/config/v1.TestDetails": schema_openshift_api_config_v1_TestDetails(ref), + "github.com/openshift/api/config/v1.TestReporting": schema_openshift_api_config_v1_TestReporting(ref), + "github.com/openshift/api/config/v1.TestReportingSpec": schema_openshift_api_config_v1_TestReportingSpec(ref), + "github.com/openshift/api/config/v1.TestReportingStatus": schema_openshift_api_config_v1_TestReportingStatus(ref), + "github.com/openshift/api/config/v1.TokenClaimMapping": schema_openshift_api_config_v1_TokenClaimMapping(ref), + "github.com/openshift/api/config/v1.TokenClaimMappings": schema_openshift_api_config_v1_TokenClaimMappings(ref), + "github.com/openshift/api/config/v1.TokenClaimOrExpressionMapping": schema_openshift_api_config_v1_TokenClaimOrExpressionMapping(ref), + "github.com/openshift/api/config/v1.TokenClaimValidationCELRule": schema_openshift_api_config_v1_TokenClaimValidationCELRule(ref), + "github.com/openshift/api/config/v1.TokenClaimValidationRule": schema_openshift_api_config_v1_TokenClaimValidationRule(ref), + "github.com/openshift/api/config/v1.TokenConfig": schema_openshift_api_config_v1_TokenConfig(ref), + "github.com/openshift/api/config/v1.TokenIssuer": schema_openshift_api_config_v1_TokenIssuer(ref), + "github.com/openshift/api/config/v1.TokenRequiredClaim": schema_openshift_api_config_v1_TokenRequiredClaim(ref), + "github.com/openshift/api/config/v1.TokenUserValidationRule": schema_openshift_api_config_v1_TokenUserValidationRule(ref), + "github.com/openshift/api/config/v1.Update": schema_openshift_api_config_v1_Update(ref), + "github.com/openshift/api/config/v1.UpdateHistory": schema_openshift_api_config_v1_UpdateHistory(ref), + "github.com/openshift/api/config/v1.UsernameClaimMapping": schema_openshift_api_config_v1_UsernameClaimMapping(ref), + "github.com/openshift/api/config/v1.UsernamePrefix": schema_openshift_api_config_v1_UsernamePrefix(ref), + "github.com/openshift/api/config/v1.VSphereFailureDomainHostGroup": schema_openshift_api_config_v1_VSphereFailureDomainHostGroup(ref), + "github.com/openshift/api/config/v1.VSphereFailureDomainRegionAffinity": schema_openshift_api_config_v1_VSphereFailureDomainRegionAffinity(ref), + "github.com/openshift/api/config/v1.VSphereFailureDomainZoneAffinity": schema_openshift_api_config_v1_VSphereFailureDomainZoneAffinity(ref), + "github.com/openshift/api/config/v1.VSpherePlatformFailureDomainSpec": schema_openshift_api_config_v1_VSpherePlatformFailureDomainSpec(ref), + "github.com/openshift/api/config/v1.VSpherePlatformLoadBalancer": schema_openshift_api_config_v1_VSpherePlatformLoadBalancer(ref), + "github.com/openshift/api/config/v1.VSpherePlatformNodeNetworking": schema_openshift_api_config_v1_VSpherePlatformNodeNetworking(ref), + "github.com/openshift/api/config/v1.VSpherePlatformNodeNetworkingSpec": schema_openshift_api_config_v1_VSpherePlatformNodeNetworkingSpec(ref), + "github.com/openshift/api/config/v1.VSpherePlatformSpec": schema_openshift_api_config_v1_VSpherePlatformSpec(ref), + "github.com/openshift/api/config/v1.VSpherePlatformStatus": schema_openshift_api_config_v1_VSpherePlatformStatus(ref), + "github.com/openshift/api/config/v1.VSpherePlatformTopology": schema_openshift_api_config_v1_VSpherePlatformTopology(ref), + "github.com/openshift/api/config/v1.VSpherePlatformVCenterSpec": schema_openshift_api_config_v1_VSpherePlatformVCenterSpec(ref), + "github.com/openshift/api/config/v1.WebhookTokenAuthenticator": schema_openshift_api_config_v1_WebhookTokenAuthenticator(ref), + "github.com/openshift/api/config/v1alpha1.AlertmanagerConfig": schema_openshift_api_config_v1alpha1_AlertmanagerConfig(ref), + "github.com/openshift/api/config/v1alpha1.AlertmanagerCustomConfig": schema_openshift_api_config_v1alpha1_AlertmanagerCustomConfig(ref), + "github.com/openshift/api/config/v1alpha1.Audit": schema_openshift_api_config_v1alpha1_Audit(ref), + "github.com/openshift/api/config/v1alpha1.Backup": schema_openshift_api_config_v1alpha1_Backup(ref), + "github.com/openshift/api/config/v1alpha1.BackupList": schema_openshift_api_config_v1alpha1_BackupList(ref), + "github.com/openshift/api/config/v1alpha1.BackupSpec": schema_openshift_api_config_v1alpha1_BackupSpec(ref), + "github.com/openshift/api/config/v1alpha1.BackupStatus": schema_openshift_api_config_v1alpha1_BackupStatus(ref), + "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfig": schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfig(ref), + "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigList": schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigList(ref), + "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigSpec": schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigSpec(ref), + "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigStatus": schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigStatus(ref), + "github.com/openshift/api/config/v1alpha1.ClusterImagePolicy": schema_openshift_api_config_v1alpha1_ClusterImagePolicy(ref), + "github.com/openshift/api/config/v1alpha1.ClusterImagePolicyList": schema_openshift_api_config_v1alpha1_ClusterImagePolicyList(ref), + "github.com/openshift/api/config/v1alpha1.ClusterImagePolicySpec": schema_openshift_api_config_v1alpha1_ClusterImagePolicySpec(ref), + "github.com/openshift/api/config/v1alpha1.ClusterImagePolicyStatus": schema_openshift_api_config_v1alpha1_ClusterImagePolicyStatus(ref), + "github.com/openshift/api/config/v1alpha1.ClusterMonitoring": schema_openshift_api_config_v1alpha1_ClusterMonitoring(ref), + "github.com/openshift/api/config/v1alpha1.ClusterMonitoringList": schema_openshift_api_config_v1alpha1_ClusterMonitoringList(ref), + "github.com/openshift/api/config/v1alpha1.ClusterMonitoringSpec": schema_openshift_api_config_v1alpha1_ClusterMonitoringSpec(ref), + "github.com/openshift/api/config/v1alpha1.ClusterMonitoringStatus": schema_openshift_api_config_v1alpha1_ClusterMonitoringStatus(ref), + "github.com/openshift/api/config/v1alpha1.ContainerResource": schema_openshift_api_config_v1alpha1_ContainerResource(ref), + "github.com/openshift/api/config/v1alpha1.EtcdBackupSpec": schema_openshift_api_config_v1alpha1_EtcdBackupSpec(ref), + "github.com/openshift/api/config/v1alpha1.GatherConfig": schema_openshift_api_config_v1alpha1_GatherConfig(ref), + "github.com/openshift/api/config/v1alpha1.ImagePolicy": schema_openshift_api_config_v1alpha1_ImagePolicy(ref), + "github.com/openshift/api/config/v1alpha1.ImagePolicyFulcioCAWithRekorRootOfTrust": schema_openshift_api_config_v1alpha1_ImagePolicyFulcioCAWithRekorRootOfTrust(ref), + "github.com/openshift/api/config/v1alpha1.ImagePolicyList": schema_openshift_api_config_v1alpha1_ImagePolicyList(ref), + "github.com/openshift/api/config/v1alpha1.ImagePolicyPKIRootOfTrust": schema_openshift_api_config_v1alpha1_ImagePolicyPKIRootOfTrust(ref), + "github.com/openshift/api/config/v1alpha1.ImagePolicyPublicKeyRootOfTrust": schema_openshift_api_config_v1alpha1_ImagePolicyPublicKeyRootOfTrust(ref), + "github.com/openshift/api/config/v1alpha1.ImagePolicySpec": schema_openshift_api_config_v1alpha1_ImagePolicySpec(ref), + "github.com/openshift/api/config/v1alpha1.ImagePolicyStatus": schema_openshift_api_config_v1alpha1_ImagePolicyStatus(ref), + "github.com/openshift/api/config/v1alpha1.ImageSigstoreVerificationPolicy": schema_openshift_api_config_v1alpha1_ImageSigstoreVerificationPolicy(ref), + "github.com/openshift/api/config/v1alpha1.InsightsDataGather": schema_openshift_api_config_v1alpha1_InsightsDataGather(ref), + "github.com/openshift/api/config/v1alpha1.InsightsDataGatherList": schema_openshift_api_config_v1alpha1_InsightsDataGatherList(ref), + "github.com/openshift/api/config/v1alpha1.InsightsDataGatherSpec": schema_openshift_api_config_v1alpha1_InsightsDataGatherSpec(ref), + "github.com/openshift/api/config/v1alpha1.InsightsDataGatherStatus": schema_openshift_api_config_v1alpha1_InsightsDataGatherStatus(ref), + "github.com/openshift/api/config/v1alpha1.MetricsServerConfig": schema_openshift_api_config_v1alpha1_MetricsServerConfig(ref), + "github.com/openshift/api/config/v1alpha1.PKICertificateSubject": schema_openshift_api_config_v1alpha1_PKICertificateSubject(ref), + "github.com/openshift/api/config/v1alpha1.PersistentVolumeClaimReference": schema_openshift_api_config_v1alpha1_PersistentVolumeClaimReference(ref), + "github.com/openshift/api/config/v1alpha1.PersistentVolumeConfig": schema_openshift_api_config_v1alpha1_PersistentVolumeConfig(ref), + "github.com/openshift/api/config/v1alpha1.PolicyFulcioSubject": schema_openshift_api_config_v1alpha1_PolicyFulcioSubject(ref), + "github.com/openshift/api/config/v1alpha1.PolicyIdentity": schema_openshift_api_config_v1alpha1_PolicyIdentity(ref), + "github.com/openshift/api/config/v1alpha1.PolicyMatchExactRepository": schema_openshift_api_config_v1alpha1_PolicyMatchExactRepository(ref), + "github.com/openshift/api/config/v1alpha1.PolicyMatchRemapIdentity": schema_openshift_api_config_v1alpha1_PolicyMatchRemapIdentity(ref), + "github.com/openshift/api/config/v1alpha1.PolicyRootOfTrust": schema_openshift_api_config_v1alpha1_PolicyRootOfTrust(ref), + "github.com/openshift/api/config/v1alpha1.PrometheusOperatorConfig": schema_openshift_api_config_v1alpha1_PrometheusOperatorConfig(ref), + "github.com/openshift/api/config/v1alpha1.RetentionNumberConfig": schema_openshift_api_config_v1alpha1_RetentionNumberConfig(ref), + "github.com/openshift/api/config/v1alpha1.RetentionPolicy": schema_openshift_api_config_v1alpha1_RetentionPolicy(ref), + "github.com/openshift/api/config/v1alpha1.RetentionSizeConfig": schema_openshift_api_config_v1alpha1_RetentionSizeConfig(ref), + "github.com/openshift/api/config/v1alpha1.Storage": schema_openshift_api_config_v1alpha1_Storage(ref), + "github.com/openshift/api/config/v1alpha1.UserDefinedMonitoring": schema_openshift_api_config_v1alpha1_UserDefinedMonitoring(ref), + "github.com/openshift/api/config/v1alpha2.Custom": schema_openshift_api_config_v1alpha2_Custom(ref), + "github.com/openshift/api/config/v1alpha2.GatherConfig": schema_openshift_api_config_v1alpha2_GatherConfig(ref), + "github.com/openshift/api/config/v1alpha2.GathererConfig": schema_openshift_api_config_v1alpha2_GathererConfig(ref), + "github.com/openshift/api/config/v1alpha2.Gatherers": schema_openshift_api_config_v1alpha2_Gatherers(ref), + "github.com/openshift/api/config/v1alpha2.InsightsDataGather": schema_openshift_api_config_v1alpha2_InsightsDataGather(ref), + "github.com/openshift/api/config/v1alpha2.InsightsDataGatherList": schema_openshift_api_config_v1alpha2_InsightsDataGatherList(ref), + "github.com/openshift/api/config/v1alpha2.InsightsDataGatherSpec": schema_openshift_api_config_v1alpha2_InsightsDataGatherSpec(ref), + "github.com/openshift/api/config/v1alpha2.InsightsDataGatherStatus": schema_openshift_api_config_v1alpha2_InsightsDataGatherStatus(ref), + "github.com/openshift/api/config/v1alpha2.PersistentVolumeClaimReference": schema_openshift_api_config_v1alpha2_PersistentVolumeClaimReference(ref), + "github.com/openshift/api/config/v1alpha2.PersistentVolumeConfig": schema_openshift_api_config_v1alpha2_PersistentVolumeConfig(ref), + "github.com/openshift/api/config/v1alpha2.Storage": schema_openshift_api_config_v1alpha2_Storage(ref), + "github.com/openshift/api/console/v1.ApplicationMenuSpec": schema_openshift_api_console_v1_ApplicationMenuSpec(ref), + "github.com/openshift/api/console/v1.CLIDownloadLink": schema_openshift_api_console_v1_CLIDownloadLink(ref), + "github.com/openshift/api/console/v1.ConsoleCLIDownload": schema_openshift_api_console_v1_ConsoleCLIDownload(ref), + "github.com/openshift/api/console/v1.ConsoleCLIDownloadList": schema_openshift_api_console_v1_ConsoleCLIDownloadList(ref), + "github.com/openshift/api/console/v1.ConsoleCLIDownloadSpec": schema_openshift_api_console_v1_ConsoleCLIDownloadSpec(ref), + "github.com/openshift/api/console/v1.ConsoleExternalLogLink": schema_openshift_api_console_v1_ConsoleExternalLogLink(ref), + "github.com/openshift/api/console/v1.ConsoleExternalLogLinkList": schema_openshift_api_console_v1_ConsoleExternalLogLinkList(ref), + "github.com/openshift/api/console/v1.ConsoleExternalLogLinkSpec": schema_openshift_api_console_v1_ConsoleExternalLogLinkSpec(ref), + "github.com/openshift/api/console/v1.ConsoleLink": schema_openshift_api_console_v1_ConsoleLink(ref), + "github.com/openshift/api/console/v1.ConsoleLinkList": schema_openshift_api_console_v1_ConsoleLinkList(ref), + "github.com/openshift/api/console/v1.ConsoleLinkSpec": schema_openshift_api_console_v1_ConsoleLinkSpec(ref), + "github.com/openshift/api/console/v1.ConsoleNotification": schema_openshift_api_console_v1_ConsoleNotification(ref), + "github.com/openshift/api/console/v1.ConsoleNotificationList": schema_openshift_api_console_v1_ConsoleNotificationList(ref), + "github.com/openshift/api/console/v1.ConsoleNotificationSpec": schema_openshift_api_console_v1_ConsoleNotificationSpec(ref), + "github.com/openshift/api/console/v1.ConsolePlugin": schema_openshift_api_console_v1_ConsolePlugin(ref), + "github.com/openshift/api/console/v1.ConsolePluginBackend": schema_openshift_api_console_v1_ConsolePluginBackend(ref), + "github.com/openshift/api/console/v1.ConsolePluginCSP": schema_openshift_api_console_v1_ConsolePluginCSP(ref), + "github.com/openshift/api/console/v1.ConsolePluginI18n": schema_openshift_api_console_v1_ConsolePluginI18n(ref), + "github.com/openshift/api/console/v1.ConsolePluginList": schema_openshift_api_console_v1_ConsolePluginList(ref), + "github.com/openshift/api/console/v1.ConsolePluginProxy": schema_openshift_api_console_v1_ConsolePluginProxy(ref), + "github.com/openshift/api/console/v1.ConsolePluginProxyEndpoint": schema_openshift_api_console_v1_ConsolePluginProxyEndpoint(ref), + "github.com/openshift/api/console/v1.ConsolePluginProxyServiceConfig": schema_openshift_api_console_v1_ConsolePluginProxyServiceConfig(ref), + "github.com/openshift/api/console/v1.ConsolePluginService": schema_openshift_api_console_v1_ConsolePluginService(ref), + "github.com/openshift/api/console/v1.ConsolePluginSpec": schema_openshift_api_console_v1_ConsolePluginSpec(ref), + "github.com/openshift/api/console/v1.ConsoleQuickStart": schema_openshift_api_console_v1_ConsoleQuickStart(ref), + "github.com/openshift/api/console/v1.ConsoleQuickStartList": schema_openshift_api_console_v1_ConsoleQuickStartList(ref), + "github.com/openshift/api/console/v1.ConsoleQuickStartSpec": schema_openshift_api_console_v1_ConsoleQuickStartSpec(ref), + "github.com/openshift/api/console/v1.ConsoleQuickStartTask": schema_openshift_api_console_v1_ConsoleQuickStartTask(ref), + "github.com/openshift/api/console/v1.ConsoleQuickStartTaskReview": schema_openshift_api_console_v1_ConsoleQuickStartTaskReview(ref), + "github.com/openshift/api/console/v1.ConsoleQuickStartTaskSummary": schema_openshift_api_console_v1_ConsoleQuickStartTaskSummary(ref), + "github.com/openshift/api/console/v1.ConsoleSample": schema_openshift_api_console_v1_ConsoleSample(ref), + "github.com/openshift/api/console/v1.ConsoleSampleContainerImportSource": schema_openshift_api_console_v1_ConsoleSampleContainerImportSource(ref), + "github.com/openshift/api/console/v1.ConsoleSampleContainerImportSourceService": schema_openshift_api_console_v1_ConsoleSampleContainerImportSourceService(ref), + "github.com/openshift/api/console/v1.ConsoleSampleGitImportSource": schema_openshift_api_console_v1_ConsoleSampleGitImportSource(ref), + "github.com/openshift/api/console/v1.ConsoleSampleGitImportSourceRepository": schema_openshift_api_console_v1_ConsoleSampleGitImportSourceRepository(ref), + "github.com/openshift/api/console/v1.ConsoleSampleGitImportSourceService": schema_openshift_api_console_v1_ConsoleSampleGitImportSourceService(ref), + "github.com/openshift/api/console/v1.ConsoleSampleList": schema_openshift_api_console_v1_ConsoleSampleList(ref), + "github.com/openshift/api/console/v1.ConsoleSampleSource": schema_openshift_api_console_v1_ConsoleSampleSource(ref), + "github.com/openshift/api/console/v1.ConsoleSampleSpec": schema_openshift_api_console_v1_ConsoleSampleSpec(ref), + "github.com/openshift/api/console/v1.ConsoleYAMLSample": schema_openshift_api_console_v1_ConsoleYAMLSample(ref), + "github.com/openshift/api/console/v1.ConsoleYAMLSampleList": schema_openshift_api_console_v1_ConsoleYAMLSampleList(ref), + "github.com/openshift/api/console/v1.ConsoleYAMLSampleSpec": schema_openshift_api_console_v1_ConsoleYAMLSampleSpec(ref), + "github.com/openshift/api/console/v1.Link": schema_openshift_api_console_v1_Link(ref), + "github.com/openshift/api/console/v1.NamespaceDashboardSpec": schema_openshift_api_console_v1_NamespaceDashboardSpec(ref), + "github.com/openshift/api/etcd/v1alpha1.PacemakerCluster": schema_openshift_api_etcd_v1alpha1_PacemakerCluster(ref), + "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterFencingAgentStatus": schema_openshift_api_etcd_v1alpha1_PacemakerClusterFencingAgentStatus(ref), + "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterList": schema_openshift_api_etcd_v1alpha1_PacemakerClusterList(ref), + "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterNodeStatus": schema_openshift_api_etcd_v1alpha1_PacemakerClusterNodeStatus(ref), + "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterResourceStatus": schema_openshift_api_etcd_v1alpha1_PacemakerClusterResourceStatus(ref), + "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterStatus": schema_openshift_api_etcd_v1alpha1_PacemakerClusterStatus(ref), + "github.com/openshift/api/etcd/v1alpha1.PacemakerNodeAddress": schema_openshift_api_etcd_v1alpha1_PacemakerNodeAddress(ref), + "github.com/openshift/api/example/v1.CELUnion": schema_openshift_api_example_v1_CELUnion(ref), + "github.com/openshift/api/example/v1.EvolvingUnion": schema_openshift_api_example_v1_EvolvingUnion(ref), + "github.com/openshift/api/example/v1.FormatMarkerExamples": schema_openshift_api_example_v1_FormatMarkerExamples(ref), + "github.com/openshift/api/example/v1.StableConfigType": schema_openshift_api_example_v1_StableConfigType(ref), + "github.com/openshift/api/example/v1.StableConfigTypeList": schema_openshift_api_example_v1_StableConfigTypeList(ref), + "github.com/openshift/api/example/v1.StableConfigTypeSpec": schema_openshift_api_example_v1_StableConfigTypeSpec(ref), + "github.com/openshift/api/example/v1.StableConfigTypeStatus": schema_openshift_api_example_v1_StableConfigTypeStatus(ref), + "github.com/openshift/api/example/v1.SubnetsWithExclusions": schema_openshift_api_example_v1_SubnetsWithExclusions(ref), + "github.com/openshift/api/example/v1alpha1.NotStableConfigType": schema_openshift_api_example_v1alpha1_NotStableConfigType(ref), + "github.com/openshift/api/example/v1alpha1.NotStableConfigTypeList": schema_openshift_api_example_v1alpha1_NotStableConfigTypeList(ref), + "github.com/openshift/api/example/v1alpha1.NotStableConfigTypeSpec": schema_openshift_api_example_v1alpha1_NotStableConfigTypeSpec(ref), + "github.com/openshift/api/example/v1alpha1.NotStableConfigTypeStatus": schema_openshift_api_example_v1alpha1_NotStableConfigTypeStatus(ref), + "github.com/openshift/api/helm/v1beta1.ConnectionConfig": schema_openshift_api_helm_v1beta1_ConnectionConfig(ref), + "github.com/openshift/api/helm/v1beta1.ConnectionConfigNamespaceScoped": schema_openshift_api_helm_v1beta1_ConnectionConfigNamespaceScoped(ref), + "github.com/openshift/api/helm/v1beta1.HelmChartRepository": schema_openshift_api_helm_v1beta1_HelmChartRepository(ref), + "github.com/openshift/api/helm/v1beta1.HelmChartRepositoryList": schema_openshift_api_helm_v1beta1_HelmChartRepositoryList(ref), + "github.com/openshift/api/helm/v1beta1.HelmChartRepositorySpec": schema_openshift_api_helm_v1beta1_HelmChartRepositorySpec(ref), + "github.com/openshift/api/helm/v1beta1.HelmChartRepositoryStatus": schema_openshift_api_helm_v1beta1_HelmChartRepositoryStatus(ref), + "github.com/openshift/api/helm/v1beta1.ProjectHelmChartRepository": schema_openshift_api_helm_v1beta1_ProjectHelmChartRepository(ref), + "github.com/openshift/api/helm/v1beta1.ProjectHelmChartRepositoryList": schema_openshift_api_helm_v1beta1_ProjectHelmChartRepositoryList(ref), + "github.com/openshift/api/helm/v1beta1.ProjectHelmChartRepositorySpec": schema_openshift_api_helm_v1beta1_ProjectHelmChartRepositorySpec(ref), + "github.com/openshift/api/image/v1.DockerImageReference": schema_openshift_api_image_v1_DockerImageReference(ref), + "github.com/openshift/api/image/v1.Image": schema_openshift_api_image_v1_Image(ref), + "github.com/openshift/api/image/v1.ImageBlobReferences": schema_openshift_api_image_v1_ImageBlobReferences(ref), + "github.com/openshift/api/image/v1.ImageImportSpec": schema_openshift_api_image_v1_ImageImportSpec(ref), + "github.com/openshift/api/image/v1.ImageImportStatus": schema_openshift_api_image_v1_ImageImportStatus(ref), + "github.com/openshift/api/image/v1.ImageLayer": schema_openshift_api_image_v1_ImageLayer(ref), + "github.com/openshift/api/image/v1.ImageLayerData": schema_openshift_api_image_v1_ImageLayerData(ref), + "github.com/openshift/api/image/v1.ImageList": schema_openshift_api_image_v1_ImageList(ref), + "github.com/openshift/api/image/v1.ImageLookupPolicy": schema_openshift_api_image_v1_ImageLookupPolicy(ref), + "github.com/openshift/api/image/v1.ImageManifest": schema_openshift_api_image_v1_ImageManifest(ref), + "github.com/openshift/api/image/v1.ImageSignature": schema_openshift_api_image_v1_ImageSignature(ref), + "github.com/openshift/api/image/v1.ImageStream": schema_openshift_api_image_v1_ImageStream(ref), + "github.com/openshift/api/image/v1.ImageStreamImage": schema_openshift_api_image_v1_ImageStreamImage(ref), + "github.com/openshift/api/image/v1.ImageStreamImport": schema_openshift_api_image_v1_ImageStreamImport(ref), + "github.com/openshift/api/image/v1.ImageStreamImportSpec": schema_openshift_api_image_v1_ImageStreamImportSpec(ref), + "github.com/openshift/api/image/v1.ImageStreamImportStatus": schema_openshift_api_image_v1_ImageStreamImportStatus(ref), + "github.com/openshift/api/image/v1.ImageStreamLayers": schema_openshift_api_image_v1_ImageStreamLayers(ref), + "github.com/openshift/api/image/v1.ImageStreamList": schema_openshift_api_image_v1_ImageStreamList(ref), + "github.com/openshift/api/image/v1.ImageStreamMapping": schema_openshift_api_image_v1_ImageStreamMapping(ref), + "github.com/openshift/api/image/v1.ImageStreamSpec": schema_openshift_api_image_v1_ImageStreamSpec(ref), + "github.com/openshift/api/image/v1.ImageStreamStatus": schema_openshift_api_image_v1_ImageStreamStatus(ref), + "github.com/openshift/api/image/v1.ImageStreamTag": schema_openshift_api_image_v1_ImageStreamTag(ref), + "github.com/openshift/api/image/v1.ImageStreamTagList": schema_openshift_api_image_v1_ImageStreamTagList(ref), + "github.com/openshift/api/image/v1.ImageTag": schema_openshift_api_image_v1_ImageTag(ref), + "github.com/openshift/api/image/v1.ImageTagList": schema_openshift_api_image_v1_ImageTagList(ref), + "github.com/openshift/api/image/v1.NamedTagEventList": schema_openshift_api_image_v1_NamedTagEventList(ref), + "github.com/openshift/api/image/v1.RepositoryImportSpec": schema_openshift_api_image_v1_RepositoryImportSpec(ref), + "github.com/openshift/api/image/v1.RepositoryImportStatus": schema_openshift_api_image_v1_RepositoryImportStatus(ref), + "github.com/openshift/api/image/v1.SecretList": schema_openshift_api_image_v1_SecretList(ref), + "github.com/openshift/api/image/v1.SignatureCondition": schema_openshift_api_image_v1_SignatureCondition(ref), + "github.com/openshift/api/image/v1.SignatureGenericEntity": schema_openshift_api_image_v1_SignatureGenericEntity(ref), + "github.com/openshift/api/image/v1.SignatureIssuer": schema_openshift_api_image_v1_SignatureIssuer(ref), + "github.com/openshift/api/image/v1.SignatureSubject": schema_openshift_api_image_v1_SignatureSubject(ref), + "github.com/openshift/api/image/v1.TagEvent": schema_openshift_api_image_v1_TagEvent(ref), + "github.com/openshift/api/image/v1.TagEventCondition": schema_openshift_api_image_v1_TagEventCondition(ref), + "github.com/openshift/api/image/v1.TagImportPolicy": schema_openshift_api_image_v1_TagImportPolicy(ref), + "github.com/openshift/api/image/v1.TagReference": schema_openshift_api_image_v1_TagReference(ref), + "github.com/openshift/api/image/v1.TagReferencePolicy": schema_openshift_api_image_v1_TagReferencePolicy(ref), + "github.com/openshift/api/insights/v1.Custom": schema_openshift_api_insights_v1_Custom(ref), + "github.com/openshift/api/insights/v1.DataGather": schema_openshift_api_insights_v1_DataGather(ref), + "github.com/openshift/api/insights/v1.DataGatherList": schema_openshift_api_insights_v1_DataGatherList(ref), + "github.com/openshift/api/insights/v1.DataGatherSpec": schema_openshift_api_insights_v1_DataGatherSpec(ref), + "github.com/openshift/api/insights/v1.DataGatherStatus": schema_openshift_api_insights_v1_DataGatherStatus(ref), + "github.com/openshift/api/insights/v1.GathererConfig": schema_openshift_api_insights_v1_GathererConfig(ref), + "github.com/openshift/api/insights/v1.GathererStatus": schema_openshift_api_insights_v1_GathererStatus(ref), + "github.com/openshift/api/insights/v1.Gatherers": schema_openshift_api_insights_v1_Gatherers(ref), + "github.com/openshift/api/insights/v1.HealthCheck": schema_openshift_api_insights_v1_HealthCheck(ref), + "github.com/openshift/api/insights/v1.InsightsReport": schema_openshift_api_insights_v1_InsightsReport(ref), + "github.com/openshift/api/insights/v1.ObjectReference": schema_openshift_api_insights_v1_ObjectReference(ref), + "github.com/openshift/api/insights/v1.PersistentVolumeClaimReference": schema_openshift_api_insights_v1_PersistentVolumeClaimReference(ref), + "github.com/openshift/api/insights/v1.PersistentVolumeConfig": schema_openshift_api_insights_v1_PersistentVolumeConfig(ref), + "github.com/openshift/api/insights/v1.Storage": schema_openshift_api_insights_v1_Storage(ref), + "github.com/openshift/api/insights/v1alpha1.DataGather": schema_openshift_api_insights_v1alpha1_DataGather(ref), + "github.com/openshift/api/insights/v1alpha1.DataGatherList": schema_openshift_api_insights_v1alpha1_DataGatherList(ref), + "github.com/openshift/api/insights/v1alpha1.DataGatherSpec": schema_openshift_api_insights_v1alpha1_DataGatherSpec(ref), + "github.com/openshift/api/insights/v1alpha1.DataGatherStatus": schema_openshift_api_insights_v1alpha1_DataGatherStatus(ref), + "github.com/openshift/api/insights/v1alpha1.GathererConfig": schema_openshift_api_insights_v1alpha1_GathererConfig(ref), + "github.com/openshift/api/insights/v1alpha1.GathererStatus": schema_openshift_api_insights_v1alpha1_GathererStatus(ref), + "github.com/openshift/api/insights/v1alpha1.HealthCheck": schema_openshift_api_insights_v1alpha1_HealthCheck(ref), + "github.com/openshift/api/insights/v1alpha1.InsightsReport": schema_openshift_api_insights_v1alpha1_InsightsReport(ref), + "github.com/openshift/api/insights/v1alpha1.ObjectReference": schema_openshift_api_insights_v1alpha1_ObjectReference(ref), + "github.com/openshift/api/insights/v1alpha1.PersistentVolumeClaimReference": schema_openshift_api_insights_v1alpha1_PersistentVolumeClaimReference(ref), + "github.com/openshift/api/insights/v1alpha1.PersistentVolumeConfig": schema_openshift_api_insights_v1alpha1_PersistentVolumeConfig(ref), + "github.com/openshift/api/insights/v1alpha1.Storage": schema_openshift_api_insights_v1alpha1_Storage(ref), + "github.com/openshift/api/insights/v1alpha2.Custom": schema_openshift_api_insights_v1alpha2_Custom(ref), + "github.com/openshift/api/insights/v1alpha2.DataGather": schema_openshift_api_insights_v1alpha2_DataGather(ref), + "github.com/openshift/api/insights/v1alpha2.DataGatherList": schema_openshift_api_insights_v1alpha2_DataGatherList(ref), + "github.com/openshift/api/insights/v1alpha2.DataGatherSpec": schema_openshift_api_insights_v1alpha2_DataGatherSpec(ref), + "github.com/openshift/api/insights/v1alpha2.DataGatherStatus": schema_openshift_api_insights_v1alpha2_DataGatherStatus(ref), + "github.com/openshift/api/insights/v1alpha2.GathererConfig": schema_openshift_api_insights_v1alpha2_GathererConfig(ref), + "github.com/openshift/api/insights/v1alpha2.GathererStatus": schema_openshift_api_insights_v1alpha2_GathererStatus(ref), + "github.com/openshift/api/insights/v1alpha2.Gatherers": schema_openshift_api_insights_v1alpha2_Gatherers(ref), + "github.com/openshift/api/insights/v1alpha2.HealthCheck": schema_openshift_api_insights_v1alpha2_HealthCheck(ref), + "github.com/openshift/api/insights/v1alpha2.InsightsReport": schema_openshift_api_insights_v1alpha2_InsightsReport(ref), + "github.com/openshift/api/insights/v1alpha2.ObjectReference": schema_openshift_api_insights_v1alpha2_ObjectReference(ref), + "github.com/openshift/api/insights/v1alpha2.PersistentVolumeClaimReference": schema_openshift_api_insights_v1alpha2_PersistentVolumeClaimReference(ref), + "github.com/openshift/api/insights/v1alpha2.PersistentVolumeConfig": schema_openshift_api_insights_v1alpha2_PersistentVolumeConfig(ref), + "github.com/openshift/api/insights/v1alpha2.Storage": schema_openshift_api_insights_v1alpha2_Storage(ref), + "github.com/openshift/api/kubecontrolplane/v1.AggregatorConfig": schema_openshift_api_kubecontrolplane_v1_AggregatorConfig(ref), + "github.com/openshift/api/kubecontrolplane/v1.KubeAPIServerConfig": schema_openshift_api_kubecontrolplane_v1_KubeAPIServerConfig(ref), + "github.com/openshift/api/kubecontrolplane/v1.KubeAPIServerImagePolicyConfig": schema_openshift_api_kubecontrolplane_v1_KubeAPIServerImagePolicyConfig(ref), + "github.com/openshift/api/kubecontrolplane/v1.KubeAPIServerProjectConfig": schema_openshift_api_kubecontrolplane_v1_KubeAPIServerProjectConfig(ref), + "github.com/openshift/api/kubecontrolplane/v1.KubeControllerManagerConfig": schema_openshift_api_kubecontrolplane_v1_KubeControllerManagerConfig(ref), + "github.com/openshift/api/kubecontrolplane/v1.KubeControllerManagerProjectConfig": schema_openshift_api_kubecontrolplane_v1_KubeControllerManagerProjectConfig(ref), + "github.com/openshift/api/kubecontrolplane/v1.KubeletConnectionInfo": schema_openshift_api_kubecontrolplane_v1_KubeletConnectionInfo(ref), + "github.com/openshift/api/kubecontrolplane/v1.MasterAuthConfig": schema_openshift_api_kubecontrolplane_v1_MasterAuthConfig(ref), + "github.com/openshift/api/kubecontrolplane/v1.RequestHeaderAuthenticationOptions": schema_openshift_api_kubecontrolplane_v1_RequestHeaderAuthenticationOptions(ref), + "github.com/openshift/api/kubecontrolplane/v1.ServiceServingCert": schema_openshift_api_kubecontrolplane_v1_ServiceServingCert(ref), + "github.com/openshift/api/kubecontrolplane/v1.UserAgentDenyRule": schema_openshift_api_kubecontrolplane_v1_UserAgentDenyRule(ref), + "github.com/openshift/api/kubecontrolplane/v1.UserAgentMatchRule": schema_openshift_api_kubecontrolplane_v1_UserAgentMatchRule(ref), + "github.com/openshift/api/kubecontrolplane/v1.UserAgentMatchingConfig": schema_openshift_api_kubecontrolplane_v1_UserAgentMatchingConfig(ref), + "github.com/openshift/api/kubecontrolplane/v1.WebhookTokenAuthenticator": schema_openshift_api_kubecontrolplane_v1_WebhookTokenAuthenticator(ref), + "github.com/openshift/api/legacyconfig/v1.ActiveDirectoryConfig": schema_openshift_api_legacyconfig_v1_ActiveDirectoryConfig(ref), + "github.com/openshift/api/legacyconfig/v1.AdmissionConfig": schema_openshift_api_legacyconfig_v1_AdmissionConfig(ref), + "github.com/openshift/api/legacyconfig/v1.AdmissionPluginConfig": schema_openshift_api_legacyconfig_v1_AdmissionPluginConfig(ref), + "github.com/openshift/api/legacyconfig/v1.AggregatorConfig": schema_openshift_api_legacyconfig_v1_AggregatorConfig(ref), + "github.com/openshift/api/legacyconfig/v1.AllowAllPasswordIdentityProvider": schema_openshift_api_legacyconfig_v1_AllowAllPasswordIdentityProvider(ref), + "github.com/openshift/api/legacyconfig/v1.AuditConfig": schema_openshift_api_legacyconfig_v1_AuditConfig(ref), + "github.com/openshift/api/legacyconfig/v1.AugmentedActiveDirectoryConfig": schema_openshift_api_legacyconfig_v1_AugmentedActiveDirectoryConfig(ref), + "github.com/openshift/api/legacyconfig/v1.BasicAuthPasswordIdentityProvider": schema_openshift_api_legacyconfig_v1_BasicAuthPasswordIdentityProvider(ref), + "github.com/openshift/api/legacyconfig/v1.BuildDefaultsConfig": schema_openshift_api_legacyconfig_v1_BuildDefaultsConfig(ref), + "github.com/openshift/api/legacyconfig/v1.BuildOverridesConfig": schema_openshift_api_legacyconfig_v1_BuildOverridesConfig(ref), + "github.com/openshift/api/legacyconfig/v1.CertInfo": schema_openshift_api_legacyconfig_v1_CertInfo(ref), + "github.com/openshift/api/legacyconfig/v1.ClientConnectionOverrides": schema_openshift_api_legacyconfig_v1_ClientConnectionOverrides(ref), + "github.com/openshift/api/legacyconfig/v1.ClusterNetworkEntry": schema_openshift_api_legacyconfig_v1_ClusterNetworkEntry(ref), + "github.com/openshift/api/legacyconfig/v1.ControllerConfig": schema_openshift_api_legacyconfig_v1_ControllerConfig(ref), + "github.com/openshift/api/legacyconfig/v1.ControllerElectionConfig": schema_openshift_api_legacyconfig_v1_ControllerElectionConfig(ref), + "github.com/openshift/api/legacyconfig/v1.DNSConfig": schema_openshift_api_legacyconfig_v1_DNSConfig(ref), + "github.com/openshift/api/legacyconfig/v1.DefaultAdmissionConfig": schema_openshift_api_legacyconfig_v1_DefaultAdmissionConfig(ref), + "github.com/openshift/api/legacyconfig/v1.DenyAllPasswordIdentityProvider": schema_openshift_api_legacyconfig_v1_DenyAllPasswordIdentityProvider(ref), + "github.com/openshift/api/legacyconfig/v1.DockerConfig": schema_openshift_api_legacyconfig_v1_DockerConfig(ref), + "github.com/openshift/api/legacyconfig/v1.EtcdConfig": schema_openshift_api_legacyconfig_v1_EtcdConfig(ref), + "github.com/openshift/api/legacyconfig/v1.EtcdConnectionInfo": schema_openshift_api_legacyconfig_v1_EtcdConnectionInfo(ref), + "github.com/openshift/api/legacyconfig/v1.EtcdStorageConfig": schema_openshift_api_legacyconfig_v1_EtcdStorageConfig(ref), + "github.com/openshift/api/legacyconfig/v1.GitHubIdentityProvider": schema_openshift_api_legacyconfig_v1_GitHubIdentityProvider(ref), + "github.com/openshift/api/legacyconfig/v1.GitLabIdentityProvider": schema_openshift_api_legacyconfig_v1_GitLabIdentityProvider(ref), + "github.com/openshift/api/legacyconfig/v1.GoogleIdentityProvider": schema_openshift_api_legacyconfig_v1_GoogleIdentityProvider(ref), + "github.com/openshift/api/legacyconfig/v1.GrantConfig": schema_openshift_api_legacyconfig_v1_GrantConfig(ref), + "github.com/openshift/api/legacyconfig/v1.GroupResource": schema_openshift_api_legacyconfig_v1_GroupResource(ref), + "github.com/openshift/api/legacyconfig/v1.HTPasswdPasswordIdentityProvider": schema_openshift_api_legacyconfig_v1_HTPasswdPasswordIdentityProvider(ref), + "github.com/openshift/api/legacyconfig/v1.HTTPServingInfo": schema_openshift_api_legacyconfig_v1_HTTPServingInfo(ref), + "github.com/openshift/api/legacyconfig/v1.IdentityProvider": schema_openshift_api_legacyconfig_v1_IdentityProvider(ref), + "github.com/openshift/api/legacyconfig/v1.ImageConfig": schema_openshift_api_legacyconfig_v1_ImageConfig(ref), + "github.com/openshift/api/legacyconfig/v1.ImagePolicyConfig": schema_openshift_api_legacyconfig_v1_ImagePolicyConfig(ref), + "github.com/openshift/api/legacyconfig/v1.JenkinsPipelineConfig": schema_openshift_api_legacyconfig_v1_JenkinsPipelineConfig(ref), + "github.com/openshift/api/legacyconfig/v1.KeystonePasswordIdentityProvider": schema_openshift_api_legacyconfig_v1_KeystonePasswordIdentityProvider(ref), + "github.com/openshift/api/legacyconfig/v1.KubeletConnectionInfo": schema_openshift_api_legacyconfig_v1_KubeletConnectionInfo(ref), + "github.com/openshift/api/legacyconfig/v1.KubernetesMasterConfig": schema_openshift_api_legacyconfig_v1_KubernetesMasterConfig(ref), + "github.com/openshift/api/legacyconfig/v1.LDAPAttributeMapping": schema_openshift_api_legacyconfig_v1_LDAPAttributeMapping(ref), + "github.com/openshift/api/legacyconfig/v1.LDAPPasswordIdentityProvider": schema_openshift_api_legacyconfig_v1_LDAPPasswordIdentityProvider(ref), + "github.com/openshift/api/legacyconfig/v1.LDAPQuery": schema_openshift_api_legacyconfig_v1_LDAPQuery(ref), + "github.com/openshift/api/legacyconfig/v1.LDAPSyncConfig": schema_openshift_api_legacyconfig_v1_LDAPSyncConfig(ref), + "github.com/openshift/api/legacyconfig/v1.LocalQuota": schema_openshift_api_legacyconfig_v1_LocalQuota(ref), + "github.com/openshift/api/legacyconfig/v1.MasterAuthConfig": schema_openshift_api_legacyconfig_v1_MasterAuthConfig(ref), + "github.com/openshift/api/legacyconfig/v1.MasterClients": schema_openshift_api_legacyconfig_v1_MasterClients(ref), + "github.com/openshift/api/legacyconfig/v1.MasterConfig": schema_openshift_api_legacyconfig_v1_MasterConfig(ref), + "github.com/openshift/api/legacyconfig/v1.MasterNetworkConfig": schema_openshift_api_legacyconfig_v1_MasterNetworkConfig(ref), + "github.com/openshift/api/legacyconfig/v1.MasterVolumeConfig": schema_openshift_api_legacyconfig_v1_MasterVolumeConfig(ref), + "github.com/openshift/api/legacyconfig/v1.NamedCertificate": schema_openshift_api_legacyconfig_v1_NamedCertificate(ref), + "github.com/openshift/api/legacyconfig/v1.NodeAuthConfig": schema_openshift_api_legacyconfig_v1_NodeAuthConfig(ref), + "github.com/openshift/api/legacyconfig/v1.NodeConfig": schema_openshift_api_legacyconfig_v1_NodeConfig(ref), + "github.com/openshift/api/legacyconfig/v1.NodeNetworkConfig": schema_openshift_api_legacyconfig_v1_NodeNetworkConfig(ref), + "github.com/openshift/api/legacyconfig/v1.NodeVolumeConfig": schema_openshift_api_legacyconfig_v1_NodeVolumeConfig(ref), + "github.com/openshift/api/legacyconfig/v1.OAuthConfig": schema_openshift_api_legacyconfig_v1_OAuthConfig(ref), + "github.com/openshift/api/legacyconfig/v1.OAuthTemplates": schema_openshift_api_legacyconfig_v1_OAuthTemplates(ref), + "github.com/openshift/api/legacyconfig/v1.OpenIDClaims": schema_openshift_api_legacyconfig_v1_OpenIDClaims(ref), + "github.com/openshift/api/legacyconfig/v1.OpenIDIdentityProvider": schema_openshift_api_legacyconfig_v1_OpenIDIdentityProvider(ref), + "github.com/openshift/api/legacyconfig/v1.OpenIDURLs": schema_openshift_api_legacyconfig_v1_OpenIDURLs(ref), + "github.com/openshift/api/legacyconfig/v1.PodManifestConfig": schema_openshift_api_legacyconfig_v1_PodManifestConfig(ref), + "github.com/openshift/api/legacyconfig/v1.PolicyConfig": schema_openshift_api_legacyconfig_v1_PolicyConfig(ref), + "github.com/openshift/api/legacyconfig/v1.ProjectConfig": schema_openshift_api_legacyconfig_v1_ProjectConfig(ref), + "github.com/openshift/api/legacyconfig/v1.RFC2307Config": schema_openshift_api_legacyconfig_v1_RFC2307Config(ref), + "github.com/openshift/api/legacyconfig/v1.RegistryLocation": schema_openshift_api_legacyconfig_v1_RegistryLocation(ref), + "github.com/openshift/api/legacyconfig/v1.RemoteConnectionInfo": schema_openshift_api_legacyconfig_v1_RemoteConnectionInfo(ref), + "github.com/openshift/api/legacyconfig/v1.RequestHeaderAuthenticationOptions": schema_openshift_api_legacyconfig_v1_RequestHeaderAuthenticationOptions(ref), + "github.com/openshift/api/legacyconfig/v1.RequestHeaderIdentityProvider": schema_openshift_api_legacyconfig_v1_RequestHeaderIdentityProvider(ref), + "github.com/openshift/api/legacyconfig/v1.RoutingConfig": schema_openshift_api_legacyconfig_v1_RoutingConfig(ref), + "github.com/openshift/api/legacyconfig/v1.SecurityAllocator": schema_openshift_api_legacyconfig_v1_SecurityAllocator(ref), + "github.com/openshift/api/legacyconfig/v1.ServiceAccountConfig": schema_openshift_api_legacyconfig_v1_ServiceAccountConfig(ref), + "github.com/openshift/api/legacyconfig/v1.ServiceServingCert": schema_openshift_api_legacyconfig_v1_ServiceServingCert(ref), + "github.com/openshift/api/legacyconfig/v1.ServingInfo": schema_openshift_api_legacyconfig_v1_ServingInfo(ref), + "github.com/openshift/api/legacyconfig/v1.SessionConfig": schema_openshift_api_legacyconfig_v1_SessionConfig(ref), + "github.com/openshift/api/legacyconfig/v1.SessionSecret": schema_openshift_api_legacyconfig_v1_SessionSecret(ref), + "github.com/openshift/api/legacyconfig/v1.SessionSecrets": schema_openshift_api_legacyconfig_v1_SessionSecrets(ref), + "github.com/openshift/api/legacyconfig/v1.SourceStrategyDefaultsConfig": schema_openshift_api_legacyconfig_v1_SourceStrategyDefaultsConfig(ref), + "github.com/openshift/api/legacyconfig/v1.StringSource": schema_openshift_api_legacyconfig_v1_StringSource(ref), + "github.com/openshift/api/legacyconfig/v1.StringSourceSpec": schema_openshift_api_legacyconfig_v1_StringSourceSpec(ref), + "github.com/openshift/api/legacyconfig/v1.TokenConfig": schema_openshift_api_legacyconfig_v1_TokenConfig(ref), + "github.com/openshift/api/legacyconfig/v1.UserAgentDenyRule": schema_openshift_api_legacyconfig_v1_UserAgentDenyRule(ref), + "github.com/openshift/api/legacyconfig/v1.UserAgentMatchRule": schema_openshift_api_legacyconfig_v1_UserAgentMatchRule(ref), + "github.com/openshift/api/legacyconfig/v1.UserAgentMatchingConfig": schema_openshift_api_legacyconfig_v1_UserAgentMatchingConfig(ref), + "github.com/openshift/api/legacyconfig/v1.WebhookTokenAuthenticator": schema_openshift_api_legacyconfig_v1_WebhookTokenAuthenticator(ref), + "github.com/openshift/api/machine/v1.AWSFailureDomain": schema_openshift_api_machine_v1_AWSFailureDomain(ref), + "github.com/openshift/api/machine/v1.AWSFailureDomainPlacement": schema_openshift_api_machine_v1_AWSFailureDomainPlacement(ref), + "github.com/openshift/api/machine/v1.AWSResourceFilter": schema_openshift_api_machine_v1_AWSResourceFilter(ref), + "github.com/openshift/api/machine/v1.AWSResourceReference": schema_openshift_api_machine_v1_AWSResourceReference(ref), + "github.com/openshift/api/machine/v1.AlibabaCloudMachineProviderConfig": schema_openshift_api_machine_v1_AlibabaCloudMachineProviderConfig(ref), + "github.com/openshift/api/machine/v1.AlibabaCloudMachineProviderConfigList": schema_openshift_api_machine_v1_AlibabaCloudMachineProviderConfigList(ref), + "github.com/openshift/api/machine/v1.AlibabaCloudMachineProviderStatus": schema_openshift_api_machine_v1_AlibabaCloudMachineProviderStatus(ref), + "github.com/openshift/api/machine/v1.AlibabaResourceReference": schema_openshift_api_machine_v1_AlibabaResourceReference(ref), + "github.com/openshift/api/machine/v1.AzureFailureDomain": schema_openshift_api_machine_v1_AzureFailureDomain(ref), + "github.com/openshift/api/machine/v1.BandwidthProperties": schema_openshift_api_machine_v1_BandwidthProperties(ref), + "github.com/openshift/api/machine/v1.ControlPlaneMachineSet": schema_openshift_api_machine_v1_ControlPlaneMachineSet(ref), + "github.com/openshift/api/machine/v1.ControlPlaneMachineSetList": schema_openshift_api_machine_v1_ControlPlaneMachineSetList(ref), + "github.com/openshift/api/machine/v1.ControlPlaneMachineSetSpec": schema_openshift_api_machine_v1_ControlPlaneMachineSetSpec(ref), + "github.com/openshift/api/machine/v1.ControlPlaneMachineSetStatus": schema_openshift_api_machine_v1_ControlPlaneMachineSetStatus(ref), + "github.com/openshift/api/machine/v1.ControlPlaneMachineSetStrategy": schema_openshift_api_machine_v1_ControlPlaneMachineSetStrategy(ref), + "github.com/openshift/api/machine/v1.ControlPlaneMachineSetTemplate": schema_openshift_api_machine_v1_ControlPlaneMachineSetTemplate(ref), + "github.com/openshift/api/machine/v1.ControlPlaneMachineSetTemplateObjectMeta": schema_openshift_api_machine_v1_ControlPlaneMachineSetTemplateObjectMeta(ref), + "github.com/openshift/api/machine/v1.DataDiskProperties": schema_openshift_api_machine_v1_DataDiskProperties(ref), + "github.com/openshift/api/machine/v1.FailureDomains": schema_openshift_api_machine_v1_FailureDomains(ref), + "github.com/openshift/api/machine/v1.GCPFailureDomain": schema_openshift_api_machine_v1_GCPFailureDomain(ref), + "github.com/openshift/api/machine/v1.LoadBalancerReference": schema_openshift_api_machine_v1_LoadBalancerReference(ref), + "github.com/openshift/api/machine/v1.NutanixCategory": schema_openshift_api_machine_v1_NutanixCategory(ref), + "github.com/openshift/api/machine/v1.NutanixFailureDomainReference": schema_openshift_api_machine_v1_NutanixFailureDomainReference(ref), + "github.com/openshift/api/machine/v1.NutanixGPU": schema_openshift_api_machine_v1_NutanixGPU(ref), + "github.com/openshift/api/machine/v1.NutanixMachineProviderConfig": schema_openshift_api_machine_v1_NutanixMachineProviderConfig(ref), + "github.com/openshift/api/machine/v1.NutanixMachineProviderStatus": schema_openshift_api_machine_v1_NutanixMachineProviderStatus(ref), + "github.com/openshift/api/machine/v1.NutanixResourceIdentifier": schema_openshift_api_machine_v1_NutanixResourceIdentifier(ref), + "github.com/openshift/api/machine/v1.NutanixStorageResourceIdentifier": schema_openshift_api_machine_v1_NutanixStorageResourceIdentifier(ref), + "github.com/openshift/api/machine/v1.NutanixVMDisk": schema_openshift_api_machine_v1_NutanixVMDisk(ref), + "github.com/openshift/api/machine/v1.NutanixVMDiskDeviceProperties": schema_openshift_api_machine_v1_NutanixVMDiskDeviceProperties(ref), + "github.com/openshift/api/machine/v1.NutanixVMStorageConfig": schema_openshift_api_machine_v1_NutanixVMStorageConfig(ref), + "github.com/openshift/api/machine/v1.OpenShiftMachineV1Beta1MachineTemplate": schema_openshift_api_machine_v1_OpenShiftMachineV1Beta1MachineTemplate(ref), + "github.com/openshift/api/machine/v1.OpenStackFailureDomain": schema_openshift_api_machine_v1_OpenStackFailureDomain(ref), + "github.com/openshift/api/machine/v1.PowerVSMachineProviderConfig": schema_openshift_api_machine_v1_PowerVSMachineProviderConfig(ref), + "github.com/openshift/api/machine/v1.PowerVSMachineProviderStatus": schema_openshift_api_machine_v1_PowerVSMachineProviderStatus(ref), + "github.com/openshift/api/machine/v1.PowerVSResource": schema_openshift_api_machine_v1_PowerVSResource(ref), + "github.com/openshift/api/machine/v1.PowerVSSecretReference": schema_openshift_api_machine_v1_PowerVSSecretReference(ref), + "github.com/openshift/api/machine/v1.RootVolume": schema_openshift_api_machine_v1_RootVolume(ref), + "github.com/openshift/api/machine/v1.SystemDiskProperties": schema_openshift_api_machine_v1_SystemDiskProperties(ref), + "github.com/openshift/api/machine/v1.Tag": schema_openshift_api_machine_v1_Tag(ref), + "github.com/openshift/api/machine/v1.VSphereFailureDomain": schema_openshift_api_machine_v1_VSphereFailureDomain(ref), + "github.com/openshift/api/machine/v1alpha1.AdditionalBlockDevice": schema_openshift_api_machine_v1alpha1_AdditionalBlockDevice(ref), + "github.com/openshift/api/machine/v1alpha1.AddressPair": schema_openshift_api_machine_v1alpha1_AddressPair(ref), + "github.com/openshift/api/machine/v1alpha1.BlockDeviceStorage": schema_openshift_api_machine_v1alpha1_BlockDeviceStorage(ref), + "github.com/openshift/api/machine/v1alpha1.BlockDeviceVolume": schema_openshift_api_machine_v1alpha1_BlockDeviceVolume(ref), + "github.com/openshift/api/machine/v1alpha1.Filter": schema_openshift_api_machine_v1alpha1_Filter(ref), + "github.com/openshift/api/machine/v1alpha1.FixedIPs": schema_openshift_api_machine_v1alpha1_FixedIPs(ref), + "github.com/openshift/api/machine/v1alpha1.NetworkParam": schema_openshift_api_machine_v1alpha1_NetworkParam(ref), + "github.com/openshift/api/machine/v1alpha1.OpenstackProviderSpec": schema_openshift_api_machine_v1alpha1_OpenstackProviderSpec(ref), + "github.com/openshift/api/machine/v1alpha1.PortOpts": schema_openshift_api_machine_v1alpha1_PortOpts(ref), + "github.com/openshift/api/machine/v1alpha1.RootVolume": schema_openshift_api_machine_v1alpha1_RootVolume(ref), + "github.com/openshift/api/machine/v1alpha1.SecurityGroupFilter": schema_openshift_api_machine_v1alpha1_SecurityGroupFilter(ref), + "github.com/openshift/api/machine/v1alpha1.SecurityGroupParam": schema_openshift_api_machine_v1alpha1_SecurityGroupParam(ref), + "github.com/openshift/api/machine/v1alpha1.SubnetFilter": schema_openshift_api_machine_v1alpha1_SubnetFilter(ref), + "github.com/openshift/api/machine/v1alpha1.SubnetParam": schema_openshift_api_machine_v1alpha1_SubnetParam(ref), + "github.com/openshift/api/machine/v1beta1.AWSMachineProviderConfig": schema_openshift_api_machine_v1beta1_AWSMachineProviderConfig(ref), + "github.com/openshift/api/machine/v1beta1.AWSMachineProviderConfigList": schema_openshift_api_machine_v1beta1_AWSMachineProviderConfigList(ref), + "github.com/openshift/api/machine/v1beta1.AWSMachineProviderStatus": schema_openshift_api_machine_v1beta1_AWSMachineProviderStatus(ref), + "github.com/openshift/api/machine/v1beta1.AWSResourceReference": schema_openshift_api_machine_v1beta1_AWSResourceReference(ref), + "github.com/openshift/api/machine/v1beta1.AddressesFromPool": schema_openshift_api_machine_v1beta1_AddressesFromPool(ref), + "github.com/openshift/api/machine/v1beta1.AzureBootDiagnostics": schema_openshift_api_machine_v1beta1_AzureBootDiagnostics(ref), + "github.com/openshift/api/machine/v1beta1.AzureCustomerManagedBootDiagnostics": schema_openshift_api_machine_v1beta1_AzureCustomerManagedBootDiagnostics(ref), + "github.com/openshift/api/machine/v1beta1.AzureDiagnostics": schema_openshift_api_machine_v1beta1_AzureDiagnostics(ref), + "github.com/openshift/api/machine/v1beta1.AzureMachineProviderSpec": schema_openshift_api_machine_v1beta1_AzureMachineProviderSpec(ref), + "github.com/openshift/api/machine/v1beta1.AzureMachineProviderStatus": schema_openshift_api_machine_v1beta1_AzureMachineProviderStatus(ref), + "github.com/openshift/api/machine/v1beta1.BlockDeviceMappingSpec": schema_openshift_api_machine_v1beta1_BlockDeviceMappingSpec(ref), + "github.com/openshift/api/machine/v1beta1.CPUOptions": schema_openshift_api_machine_v1beta1_CPUOptions(ref), + "github.com/openshift/api/machine/v1beta1.Condition": schema_openshift_api_machine_v1beta1_Condition(ref), + "github.com/openshift/api/machine/v1beta1.ConfidentialVM": schema_openshift_api_machine_v1beta1_ConfidentialVM(ref), + "github.com/openshift/api/machine/v1beta1.DataDisk": schema_openshift_api_machine_v1beta1_DataDisk(ref), + "github.com/openshift/api/machine/v1beta1.DataDiskManagedDiskParameters": schema_openshift_api_machine_v1beta1_DataDiskManagedDiskParameters(ref), + "github.com/openshift/api/machine/v1beta1.DedicatedHost": schema_openshift_api_machine_v1beta1_DedicatedHost(ref), + "github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters": schema_openshift_api_machine_v1beta1_DiskEncryptionSetParameters(ref), + "github.com/openshift/api/machine/v1beta1.DiskSettings": schema_openshift_api_machine_v1beta1_DiskSettings(ref), + "github.com/openshift/api/machine/v1beta1.EBSBlockDeviceSpec": schema_openshift_api_machine_v1beta1_EBSBlockDeviceSpec(ref), + "github.com/openshift/api/machine/v1beta1.Filter": schema_openshift_api_machine_v1beta1_Filter(ref), + "github.com/openshift/api/machine/v1beta1.GCPDisk": schema_openshift_api_machine_v1beta1_GCPDisk(ref), + "github.com/openshift/api/machine/v1beta1.GCPEncryptionKeyReference": schema_openshift_api_machine_v1beta1_GCPEncryptionKeyReference(ref), + "github.com/openshift/api/machine/v1beta1.GCPGPUConfig": schema_openshift_api_machine_v1beta1_GCPGPUConfig(ref), + "github.com/openshift/api/machine/v1beta1.GCPKMSKeyReference": schema_openshift_api_machine_v1beta1_GCPKMSKeyReference(ref), + "github.com/openshift/api/machine/v1beta1.GCPMachineProviderSpec": schema_openshift_api_machine_v1beta1_GCPMachineProviderSpec(ref), + "github.com/openshift/api/machine/v1beta1.GCPMachineProviderStatus": schema_openshift_api_machine_v1beta1_GCPMachineProviderStatus(ref), + "github.com/openshift/api/machine/v1beta1.GCPMetadata": schema_openshift_api_machine_v1beta1_GCPMetadata(ref), + "github.com/openshift/api/machine/v1beta1.GCPNetworkInterface": schema_openshift_api_machine_v1beta1_GCPNetworkInterface(ref), + "github.com/openshift/api/machine/v1beta1.GCPServiceAccount": schema_openshift_api_machine_v1beta1_GCPServiceAccount(ref), + "github.com/openshift/api/machine/v1beta1.GCPShieldedInstanceConfig": schema_openshift_api_machine_v1beta1_GCPShieldedInstanceConfig(ref), + "github.com/openshift/api/machine/v1beta1.HostPlacement": schema_openshift_api_machine_v1beta1_HostPlacement(ref), + "github.com/openshift/api/machine/v1beta1.Image": schema_openshift_api_machine_v1beta1_Image(ref), + "github.com/openshift/api/machine/v1beta1.LastOperation": schema_openshift_api_machine_v1beta1_LastOperation(ref), + "github.com/openshift/api/machine/v1beta1.LifecycleHook": schema_openshift_api_machine_v1beta1_LifecycleHook(ref), + "github.com/openshift/api/machine/v1beta1.LifecycleHooks": schema_openshift_api_machine_v1beta1_LifecycleHooks(ref), + "github.com/openshift/api/machine/v1beta1.LoadBalancerReference": schema_openshift_api_machine_v1beta1_LoadBalancerReference(ref), + "github.com/openshift/api/machine/v1beta1.Machine": schema_openshift_api_machine_v1beta1_Machine(ref), + "github.com/openshift/api/machine/v1beta1.MachineHealthCheck": schema_openshift_api_machine_v1beta1_MachineHealthCheck(ref), + "github.com/openshift/api/machine/v1beta1.MachineHealthCheckList": schema_openshift_api_machine_v1beta1_MachineHealthCheckList(ref), + "github.com/openshift/api/machine/v1beta1.MachineHealthCheckSpec": schema_openshift_api_machine_v1beta1_MachineHealthCheckSpec(ref), + "github.com/openshift/api/machine/v1beta1.MachineHealthCheckStatus": schema_openshift_api_machine_v1beta1_MachineHealthCheckStatus(ref), + "github.com/openshift/api/machine/v1beta1.MachineList": schema_openshift_api_machine_v1beta1_MachineList(ref), + "github.com/openshift/api/machine/v1beta1.MachineSet": schema_openshift_api_machine_v1beta1_MachineSet(ref), + "github.com/openshift/api/machine/v1beta1.MachineSetList": schema_openshift_api_machine_v1beta1_MachineSetList(ref), + "github.com/openshift/api/machine/v1beta1.MachineSetSpec": schema_openshift_api_machine_v1beta1_MachineSetSpec(ref), + "github.com/openshift/api/machine/v1beta1.MachineSetStatus": schema_openshift_api_machine_v1beta1_MachineSetStatus(ref), + "github.com/openshift/api/machine/v1beta1.MachineSpec": schema_openshift_api_machine_v1beta1_MachineSpec(ref), + "github.com/openshift/api/machine/v1beta1.MachineStatus": schema_openshift_api_machine_v1beta1_MachineStatus(ref), + "github.com/openshift/api/machine/v1beta1.MachineTemplateSpec": schema_openshift_api_machine_v1beta1_MachineTemplateSpec(ref), + "github.com/openshift/api/machine/v1beta1.MetadataServiceOptions": schema_openshift_api_machine_v1beta1_MetadataServiceOptions(ref), + "github.com/openshift/api/machine/v1beta1.NetworkDeviceSpec": schema_openshift_api_machine_v1beta1_NetworkDeviceSpec(ref), + "github.com/openshift/api/machine/v1beta1.NetworkSpec": schema_openshift_api_machine_v1beta1_NetworkSpec(ref), + "github.com/openshift/api/machine/v1beta1.OSDisk": schema_openshift_api_machine_v1beta1_OSDisk(ref), + "github.com/openshift/api/machine/v1beta1.OSDiskManagedDiskParameters": schema_openshift_api_machine_v1beta1_OSDiskManagedDiskParameters(ref), + "github.com/openshift/api/machine/v1beta1.ObjectMeta": schema_openshift_api_machine_v1beta1_ObjectMeta(ref), + "github.com/openshift/api/machine/v1beta1.Placement": schema_openshift_api_machine_v1beta1_Placement(ref), + "github.com/openshift/api/machine/v1beta1.ProviderSpec": schema_openshift_api_machine_v1beta1_ProviderSpec(ref), + "github.com/openshift/api/machine/v1beta1.ResourceManagerTag": schema_openshift_api_machine_v1beta1_ResourceManagerTag(ref), + "github.com/openshift/api/machine/v1beta1.SecurityProfile": schema_openshift_api_machine_v1beta1_SecurityProfile(ref), + "github.com/openshift/api/machine/v1beta1.SecuritySettings": schema_openshift_api_machine_v1beta1_SecuritySettings(ref), + "github.com/openshift/api/machine/v1beta1.SpotMarketOptions": schema_openshift_api_machine_v1beta1_SpotMarketOptions(ref), + "github.com/openshift/api/machine/v1beta1.SpotVMOptions": schema_openshift_api_machine_v1beta1_SpotVMOptions(ref), + "github.com/openshift/api/machine/v1beta1.TagSpecification": schema_openshift_api_machine_v1beta1_TagSpecification(ref), + "github.com/openshift/api/machine/v1beta1.TrustedLaunch": schema_openshift_api_machine_v1beta1_TrustedLaunch(ref), + "github.com/openshift/api/machine/v1beta1.UEFISettings": schema_openshift_api_machine_v1beta1_UEFISettings(ref), + "github.com/openshift/api/machine/v1beta1.UnhealthyCondition": schema_openshift_api_machine_v1beta1_UnhealthyCondition(ref), + "github.com/openshift/api/machine/v1beta1.VMDiskSecurityProfile": schema_openshift_api_machine_v1beta1_VMDiskSecurityProfile(ref), + "github.com/openshift/api/machine/v1beta1.VSphereDisk": schema_openshift_api_machine_v1beta1_VSphereDisk(ref), + "github.com/openshift/api/machine/v1beta1.VSphereMachineProviderSpec": schema_openshift_api_machine_v1beta1_VSphereMachineProviderSpec(ref), + "github.com/openshift/api/machine/v1beta1.VSphereMachineProviderStatus": schema_openshift_api_machine_v1beta1_VSphereMachineProviderStatus(ref), + "github.com/openshift/api/machine/v1beta1.Workspace": schema_openshift_api_machine_v1beta1_Workspace(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImage": schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImage(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageBundleStatus": schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageBundleStatus(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageList": schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageList(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageRef": schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageRef(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageSpec": schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageSpec(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageStatus": schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageStatus(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.MCOObjectReference": schema_openshift_api_machineconfiguration_v1alpha1_MCOObjectReference(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNode": schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNode(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeList": schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeList(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeSpec": schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeSpec(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeSpecMachineConfigVersion": schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeSpecMachineConfigVersion(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeStatus": schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeStatus(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeStatusMachineConfigVersion": schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeStatusMachineConfigVersion(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeStatusPinnedImageSet": schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeStatusPinnedImageSet(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStream": schema_openshift_api_machineconfiguration_v1alpha1_OSImageStream(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamList": schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamList(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamSet": schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamSet(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamSpec": schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamSpec(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamStatus": schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamStatus(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageRef": schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageRef(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSet": schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSet(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetList": schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetList(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetSpec": schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetSpec(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetStatus": schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetStatus(ref), + "github.com/openshift/api/monitoring/v1.AlertRelabelConfig": schema_openshift_api_monitoring_v1_AlertRelabelConfig(ref), + "github.com/openshift/api/monitoring/v1.AlertRelabelConfigList": schema_openshift_api_monitoring_v1_AlertRelabelConfigList(ref), + "github.com/openshift/api/monitoring/v1.AlertRelabelConfigSpec": schema_openshift_api_monitoring_v1_AlertRelabelConfigSpec(ref), + "github.com/openshift/api/monitoring/v1.AlertRelabelConfigStatus": schema_openshift_api_monitoring_v1_AlertRelabelConfigStatus(ref), + "github.com/openshift/api/monitoring/v1.AlertingRule": schema_openshift_api_monitoring_v1_AlertingRule(ref), + "github.com/openshift/api/monitoring/v1.AlertingRuleList": schema_openshift_api_monitoring_v1_AlertingRuleList(ref), + "github.com/openshift/api/monitoring/v1.AlertingRuleSpec": schema_openshift_api_monitoring_v1_AlertingRuleSpec(ref), + "github.com/openshift/api/monitoring/v1.AlertingRuleStatus": schema_openshift_api_monitoring_v1_AlertingRuleStatus(ref), + "github.com/openshift/api/monitoring/v1.PrometheusRuleRef": schema_openshift_api_monitoring_v1_PrometheusRuleRef(ref), + "github.com/openshift/api/monitoring/v1.RelabelConfig": schema_openshift_api_monitoring_v1_RelabelConfig(ref), + "github.com/openshift/api/monitoring/v1.Rule": schema_openshift_api_monitoring_v1_Rule(ref), + "github.com/openshift/api/monitoring/v1.RuleGroup": schema_openshift_api_monitoring_v1_RuleGroup(ref), + "github.com/openshift/api/network/v1.ClusterNetwork": schema_openshift_api_network_v1_ClusterNetwork(ref), + "github.com/openshift/api/network/v1.ClusterNetworkEntry": schema_openshift_api_network_v1_ClusterNetworkEntry(ref), + "github.com/openshift/api/network/v1.ClusterNetworkList": schema_openshift_api_network_v1_ClusterNetworkList(ref), + "github.com/openshift/api/network/v1.EgressNetworkPolicy": schema_openshift_api_network_v1_EgressNetworkPolicy(ref), + "github.com/openshift/api/network/v1.EgressNetworkPolicyList": schema_openshift_api_network_v1_EgressNetworkPolicyList(ref), + "github.com/openshift/api/network/v1.EgressNetworkPolicyPeer": schema_openshift_api_network_v1_EgressNetworkPolicyPeer(ref), + "github.com/openshift/api/network/v1.EgressNetworkPolicyRule": schema_openshift_api_network_v1_EgressNetworkPolicyRule(ref), + "github.com/openshift/api/network/v1.EgressNetworkPolicySpec": schema_openshift_api_network_v1_EgressNetworkPolicySpec(ref), + "github.com/openshift/api/network/v1.HostSubnet": schema_openshift_api_network_v1_HostSubnet(ref), + "github.com/openshift/api/network/v1.HostSubnetList": schema_openshift_api_network_v1_HostSubnetList(ref), + "github.com/openshift/api/network/v1.NetNamespace": schema_openshift_api_network_v1_NetNamespace(ref), + "github.com/openshift/api/network/v1.NetNamespaceList": schema_openshift_api_network_v1_NetNamespaceList(ref), + "github.com/openshift/api/network/v1alpha1.DNSNameResolver": schema_openshift_api_network_v1alpha1_DNSNameResolver(ref), + "github.com/openshift/api/network/v1alpha1.DNSNameResolverList": schema_openshift_api_network_v1alpha1_DNSNameResolverList(ref), + "github.com/openshift/api/network/v1alpha1.DNSNameResolverResolvedAddress": schema_openshift_api_network_v1alpha1_DNSNameResolverResolvedAddress(ref), + "github.com/openshift/api/network/v1alpha1.DNSNameResolverResolvedName": schema_openshift_api_network_v1alpha1_DNSNameResolverResolvedName(ref), + "github.com/openshift/api/network/v1alpha1.DNSNameResolverSpec": schema_openshift_api_network_v1alpha1_DNSNameResolverSpec(ref), + "github.com/openshift/api/network/v1alpha1.DNSNameResolverStatus": schema_openshift_api_network_v1alpha1_DNSNameResolverStatus(ref), + "github.com/openshift/api/networkoperator/v1.EgressRouter": schema_openshift_api_networkoperator_v1_EgressRouter(ref), + "github.com/openshift/api/networkoperator/v1.EgressRouterSpec": schema_openshift_api_networkoperator_v1_EgressRouterSpec(ref), + "github.com/openshift/api/oauth/v1.ClusterRoleScopeRestriction": schema_openshift_api_oauth_v1_ClusterRoleScopeRestriction(ref), + "github.com/openshift/api/oauth/v1.OAuthAccessToken": schema_openshift_api_oauth_v1_OAuthAccessToken(ref), + "github.com/openshift/api/oauth/v1.OAuthAccessTokenList": schema_openshift_api_oauth_v1_OAuthAccessTokenList(ref), + "github.com/openshift/api/oauth/v1.OAuthAuthorizeToken": schema_openshift_api_oauth_v1_OAuthAuthorizeToken(ref), + "github.com/openshift/api/oauth/v1.OAuthAuthorizeTokenList": schema_openshift_api_oauth_v1_OAuthAuthorizeTokenList(ref), + "github.com/openshift/api/oauth/v1.OAuthClient": schema_openshift_api_oauth_v1_OAuthClient(ref), + "github.com/openshift/api/oauth/v1.OAuthClientAuthorization": schema_openshift_api_oauth_v1_OAuthClientAuthorization(ref), + "github.com/openshift/api/oauth/v1.OAuthClientAuthorizationList": schema_openshift_api_oauth_v1_OAuthClientAuthorizationList(ref), + "github.com/openshift/api/oauth/v1.OAuthClientList": schema_openshift_api_oauth_v1_OAuthClientList(ref), + "github.com/openshift/api/oauth/v1.OAuthRedirectReference": schema_openshift_api_oauth_v1_OAuthRedirectReference(ref), + "github.com/openshift/api/oauth/v1.RedirectReference": schema_openshift_api_oauth_v1_RedirectReference(ref), + "github.com/openshift/api/oauth/v1.ScopeRestriction": schema_openshift_api_oauth_v1_ScopeRestriction(ref), + "github.com/openshift/api/oauth/v1.UserOAuthAccessToken": schema_openshift_api_oauth_v1_UserOAuthAccessToken(ref), + "github.com/openshift/api/oauth/v1.UserOAuthAccessTokenList": schema_openshift_api_oauth_v1_UserOAuthAccessTokenList(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.APIServers": schema_openshift_api_openshiftcontrolplane_v1_APIServers(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.BuildControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_BuildControllerConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.BuildDefaultsConfig": schema_openshift_api_openshiftcontrolplane_v1_BuildDefaultsConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.BuildOverridesConfig": schema_openshift_api_openshiftcontrolplane_v1_BuildOverridesConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.ClusterNetworkEntry": schema_openshift_api_openshiftcontrolplane_v1_ClusterNetworkEntry(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.DeployerControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_DeployerControllerConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.DockerPullSecretControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_DockerPullSecretControllerConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.FrontProxyConfig": schema_openshift_api_openshiftcontrolplane_v1_FrontProxyConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.ImageConfig": schema_openshift_api_openshiftcontrolplane_v1_ImageConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.ImageImportControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_ImageImportControllerConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.ImagePolicyConfig": schema_openshift_api_openshiftcontrolplane_v1_ImagePolicyConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.IngressControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_IngressControllerConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.JenkinsPipelineConfig": schema_openshift_api_openshiftcontrolplane_v1_JenkinsPipelineConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.NetworkControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_NetworkControllerConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.OpenShiftAPIServerConfig": schema_openshift_api_openshiftcontrolplane_v1_OpenShiftAPIServerConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.OpenShiftControllerManagerConfig": schema_openshift_api_openshiftcontrolplane_v1_OpenShiftControllerManagerConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.PerGroupOptions": schema_openshift_api_openshiftcontrolplane_v1_PerGroupOptions(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.ProjectConfig": schema_openshift_api_openshiftcontrolplane_v1_ProjectConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.RegistryLocation": schema_openshift_api_openshiftcontrolplane_v1_RegistryLocation(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.ResourceQuotaControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_ResourceQuotaControllerConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.RoutingConfig": schema_openshift_api_openshiftcontrolplane_v1_RoutingConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.SecurityAllocator": schema_openshift_api_openshiftcontrolplane_v1_SecurityAllocator(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.ServiceAccountControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_ServiceAccountControllerConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.ServiceServingCert": schema_openshift_api_openshiftcontrolplane_v1_ServiceServingCert(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.SourceStrategyDefaultsConfig": schema_openshift_api_openshiftcontrolplane_v1_SourceStrategyDefaultsConfig(ref), + "github.com/openshift/api/operator/v1.AWSCSIDriverConfigSpec": schema_openshift_api_operator_v1_AWSCSIDriverConfigSpec(ref), + "github.com/openshift/api/operator/v1.AWSClassicLoadBalancerParameters": schema_openshift_api_operator_v1_AWSClassicLoadBalancerParameters(ref), + "github.com/openshift/api/operator/v1.AWSEFSVolumeMetrics": schema_openshift_api_operator_v1_AWSEFSVolumeMetrics(ref), + "github.com/openshift/api/operator/v1.AWSEFSVolumeMetricsRecursiveWalkConfig": schema_openshift_api_operator_v1_AWSEFSVolumeMetricsRecursiveWalkConfig(ref), + "github.com/openshift/api/operator/v1.AWSLoadBalancerParameters": schema_openshift_api_operator_v1_AWSLoadBalancerParameters(ref), + "github.com/openshift/api/operator/v1.AWSNetworkLoadBalancerParameters": schema_openshift_api_operator_v1_AWSNetworkLoadBalancerParameters(ref), + "github.com/openshift/api/operator/v1.AWSSubnets": schema_openshift_api_operator_v1_AWSSubnets(ref), + "github.com/openshift/api/operator/v1.AccessLogging": schema_openshift_api_operator_v1_AccessLogging(ref), + "github.com/openshift/api/operator/v1.AddPage": schema_openshift_api_operator_v1_AddPage(ref), + "github.com/openshift/api/operator/v1.AdditionalNetworkDefinition": schema_openshift_api_operator_v1_AdditionalNetworkDefinition(ref), + "github.com/openshift/api/operator/v1.AdditionalRoutingCapabilities": schema_openshift_api_operator_v1_AdditionalRoutingCapabilities(ref), + "github.com/openshift/api/operator/v1.Authentication": schema_openshift_api_operator_v1_Authentication(ref), + "github.com/openshift/api/operator/v1.AuthenticationList": schema_openshift_api_operator_v1_AuthenticationList(ref), + "github.com/openshift/api/operator/v1.AuthenticationSpec": schema_openshift_api_operator_v1_AuthenticationSpec(ref), + "github.com/openshift/api/operator/v1.AuthenticationStatus": schema_openshift_api_operator_v1_AuthenticationStatus(ref), + "github.com/openshift/api/operator/v1.AzureCSIDriverConfigSpec": schema_openshift_api_operator_v1_AzureCSIDriverConfigSpec(ref), + "github.com/openshift/api/operator/v1.AzureDiskEncryptionSet": schema_openshift_api_operator_v1_AzureDiskEncryptionSet(ref), + "github.com/openshift/api/operator/v1.BootImageSkewEnforcementConfig": schema_openshift_api_operator_v1_BootImageSkewEnforcementConfig(ref), + "github.com/openshift/api/operator/v1.BootImageSkewEnforcementStatus": schema_openshift_api_operator_v1_BootImageSkewEnforcementStatus(ref), + "github.com/openshift/api/operator/v1.CSIDriverConfigSpec": schema_openshift_api_operator_v1_CSIDriverConfigSpec(ref), + "github.com/openshift/api/operator/v1.CSISnapshotController": schema_openshift_api_operator_v1_CSISnapshotController(ref), + "github.com/openshift/api/operator/v1.CSISnapshotControllerList": schema_openshift_api_operator_v1_CSISnapshotControllerList(ref), + "github.com/openshift/api/operator/v1.CSISnapshotControllerSpec": schema_openshift_api_operator_v1_CSISnapshotControllerSpec(ref), + "github.com/openshift/api/operator/v1.CSISnapshotControllerStatus": schema_openshift_api_operator_v1_CSISnapshotControllerStatus(ref), + "github.com/openshift/api/operator/v1.Capability": schema_openshift_api_operator_v1_Capability(ref), + "github.com/openshift/api/operator/v1.CapabilityVisibility": schema_openshift_api_operator_v1_CapabilityVisibility(ref), + "github.com/openshift/api/operator/v1.ClientTLS": schema_openshift_api_operator_v1_ClientTLS(ref), + "github.com/openshift/api/operator/v1.CloudCredential": schema_openshift_api_operator_v1_CloudCredential(ref), + "github.com/openshift/api/operator/v1.CloudCredentialList": schema_openshift_api_operator_v1_CloudCredentialList(ref), + "github.com/openshift/api/operator/v1.CloudCredentialSpec": schema_openshift_api_operator_v1_CloudCredentialSpec(ref), + "github.com/openshift/api/operator/v1.CloudCredentialStatus": schema_openshift_api_operator_v1_CloudCredentialStatus(ref), + "github.com/openshift/api/operator/v1.ClusterBootImageAutomatic": schema_openshift_api_operator_v1_ClusterBootImageAutomatic(ref), + "github.com/openshift/api/operator/v1.ClusterBootImageManual": schema_openshift_api_operator_v1_ClusterBootImageManual(ref), + "github.com/openshift/api/operator/v1.ClusterCSIDriver": schema_openshift_api_operator_v1_ClusterCSIDriver(ref), + "github.com/openshift/api/operator/v1.ClusterCSIDriverList": schema_openshift_api_operator_v1_ClusterCSIDriverList(ref), + "github.com/openshift/api/operator/v1.ClusterCSIDriverSpec": schema_openshift_api_operator_v1_ClusterCSIDriverSpec(ref), + "github.com/openshift/api/operator/v1.ClusterCSIDriverStatus": schema_openshift_api_operator_v1_ClusterCSIDriverStatus(ref), + "github.com/openshift/api/operator/v1.ClusterNetworkEntry": schema_openshift_api_operator_v1_ClusterNetworkEntry(ref), + "github.com/openshift/api/operator/v1.Config": schema_openshift_api_operator_v1_Config(ref), + "github.com/openshift/api/operator/v1.ConfigList": schema_openshift_api_operator_v1_ConfigList(ref), + "github.com/openshift/api/operator/v1.ConfigMapFileReference": schema_openshift_api_operator_v1_ConfigMapFileReference(ref), + "github.com/openshift/api/operator/v1.ConfigSpec": schema_openshift_api_operator_v1_ConfigSpec(ref), + "github.com/openshift/api/operator/v1.ConfigStatus": schema_openshift_api_operator_v1_ConfigStatus(ref), + "github.com/openshift/api/operator/v1.Console": schema_openshift_api_operator_v1_Console(ref), + "github.com/openshift/api/operator/v1.ConsoleConfigRoute": schema_openshift_api_operator_v1_ConsoleConfigRoute(ref), + "github.com/openshift/api/operator/v1.ConsoleCustomization": schema_openshift_api_operator_v1_ConsoleCustomization(ref), + "github.com/openshift/api/operator/v1.ConsoleList": schema_openshift_api_operator_v1_ConsoleList(ref), + "github.com/openshift/api/operator/v1.ConsoleProviders": schema_openshift_api_operator_v1_ConsoleProviders(ref), + "github.com/openshift/api/operator/v1.ConsoleSpec": schema_openshift_api_operator_v1_ConsoleSpec(ref), + "github.com/openshift/api/operator/v1.ConsoleStatus": schema_openshift_api_operator_v1_ConsoleStatus(ref), + "github.com/openshift/api/operator/v1.ContainerLoggingDestinationParameters": schema_openshift_api_operator_v1_ContainerLoggingDestinationParameters(ref), + "github.com/openshift/api/operator/v1.DNS": schema_openshift_api_operator_v1_DNS(ref), + "github.com/openshift/api/operator/v1.DNSCache": schema_openshift_api_operator_v1_DNSCache(ref), + "github.com/openshift/api/operator/v1.DNSList": schema_openshift_api_operator_v1_DNSList(ref), + "github.com/openshift/api/operator/v1.DNSNodePlacement": schema_openshift_api_operator_v1_DNSNodePlacement(ref), + "github.com/openshift/api/operator/v1.DNSOverTLSConfig": schema_openshift_api_operator_v1_DNSOverTLSConfig(ref), + "github.com/openshift/api/operator/v1.DNSSpec": schema_openshift_api_operator_v1_DNSSpec(ref), + "github.com/openshift/api/operator/v1.DNSStatus": schema_openshift_api_operator_v1_DNSStatus(ref), + "github.com/openshift/api/operator/v1.DNSTransportConfig": schema_openshift_api_operator_v1_DNSTransportConfig(ref), + "github.com/openshift/api/operator/v1.DefaultNetworkDefinition": schema_openshift_api_operator_v1_DefaultNetworkDefinition(ref), + "github.com/openshift/api/operator/v1.DeveloperConsoleCatalogCategory": schema_openshift_api_operator_v1_DeveloperConsoleCatalogCategory(ref), + "github.com/openshift/api/operator/v1.DeveloperConsoleCatalogCategoryMeta": schema_openshift_api_operator_v1_DeveloperConsoleCatalogCategoryMeta(ref), + "github.com/openshift/api/operator/v1.DeveloperConsoleCatalogCustomization": schema_openshift_api_operator_v1_DeveloperConsoleCatalogCustomization(ref), + "github.com/openshift/api/operator/v1.DeveloperConsoleCatalogTypes": schema_openshift_api_operator_v1_DeveloperConsoleCatalogTypes(ref), + "github.com/openshift/api/operator/v1.EgressIPConfig": schema_openshift_api_operator_v1_EgressIPConfig(ref), + "github.com/openshift/api/operator/v1.EndpointPublishingStrategy": schema_openshift_api_operator_v1_EndpointPublishingStrategy(ref), + "github.com/openshift/api/operator/v1.Etcd": schema_openshift_api_operator_v1_Etcd(ref), + "github.com/openshift/api/operator/v1.EtcdList": schema_openshift_api_operator_v1_EtcdList(ref), + "github.com/openshift/api/operator/v1.EtcdSpec": schema_openshift_api_operator_v1_EtcdSpec(ref), + "github.com/openshift/api/operator/v1.EtcdStatus": schema_openshift_api_operator_v1_EtcdStatus(ref), + "github.com/openshift/api/operator/v1.ExportNetworkFlows": schema_openshift_api_operator_v1_ExportNetworkFlows(ref), + "github.com/openshift/api/operator/v1.FeaturesMigration": schema_openshift_api_operator_v1_FeaturesMigration(ref), + "github.com/openshift/api/operator/v1.FileReferenceSource": schema_openshift_api_operator_v1_FileReferenceSource(ref), + "github.com/openshift/api/operator/v1.ForwardPlugin": schema_openshift_api_operator_v1_ForwardPlugin(ref), + "github.com/openshift/api/operator/v1.GCPCSIDriverConfigSpec": schema_openshift_api_operator_v1_GCPCSIDriverConfigSpec(ref), + "github.com/openshift/api/operator/v1.GCPKMSKeyReference": schema_openshift_api_operator_v1_GCPKMSKeyReference(ref), + "github.com/openshift/api/operator/v1.GCPLoadBalancerParameters": schema_openshift_api_operator_v1_GCPLoadBalancerParameters(ref), + "github.com/openshift/api/operator/v1.GatewayConfig": schema_openshift_api_operator_v1_GatewayConfig(ref), + "github.com/openshift/api/operator/v1.GatherStatus": schema_openshift_api_operator_v1_GatherStatus(ref), + "github.com/openshift/api/operator/v1.GathererStatus": schema_openshift_api_operator_v1_GathererStatus(ref), + "github.com/openshift/api/operator/v1.GenerationStatus": schema_openshift_api_operator_v1_GenerationStatus(ref), + "github.com/openshift/api/operator/v1.HTTPCompressionPolicy": schema_openshift_api_operator_v1_HTTPCompressionPolicy(ref), + "github.com/openshift/api/operator/v1.HealthCheck": schema_openshift_api_operator_v1_HealthCheck(ref), + "github.com/openshift/api/operator/v1.HostNetworkStrategy": schema_openshift_api_operator_v1_HostNetworkStrategy(ref), + "github.com/openshift/api/operator/v1.HybridOverlayConfig": schema_openshift_api_operator_v1_HybridOverlayConfig(ref), + "github.com/openshift/api/operator/v1.IBMCloudCSIDriverConfigSpec": schema_openshift_api_operator_v1_IBMCloudCSIDriverConfigSpec(ref), + "github.com/openshift/api/operator/v1.IBMLoadBalancerParameters": schema_openshift_api_operator_v1_IBMLoadBalancerParameters(ref), + "github.com/openshift/api/operator/v1.IPAMConfig": schema_openshift_api_operator_v1_IPAMConfig(ref), + "github.com/openshift/api/operator/v1.IPFIXConfig": schema_openshift_api_operator_v1_IPFIXConfig(ref), + "github.com/openshift/api/operator/v1.IPsecConfig": schema_openshift_api_operator_v1_IPsecConfig(ref), + "github.com/openshift/api/operator/v1.IPsecFullModeConfig": schema_openshift_api_operator_v1_IPsecFullModeConfig(ref), + "github.com/openshift/api/operator/v1.IPv4GatewayConfig": schema_openshift_api_operator_v1_IPv4GatewayConfig(ref), + "github.com/openshift/api/operator/v1.IPv4OVNKubernetesConfig": schema_openshift_api_operator_v1_IPv4OVNKubernetesConfig(ref), + "github.com/openshift/api/operator/v1.IPv6GatewayConfig": schema_openshift_api_operator_v1_IPv6GatewayConfig(ref), + "github.com/openshift/api/operator/v1.IPv6OVNKubernetesConfig": schema_openshift_api_operator_v1_IPv6OVNKubernetesConfig(ref), + "github.com/openshift/api/operator/v1.Ingress": schema_openshift_api_operator_v1_Ingress(ref), + "github.com/openshift/api/operator/v1.IngressController": schema_openshift_api_operator_v1_IngressController(ref), + "github.com/openshift/api/operator/v1.IngressControllerCaptureHTTPCookie": schema_openshift_api_operator_v1_IngressControllerCaptureHTTPCookie(ref), + "github.com/openshift/api/operator/v1.IngressControllerCaptureHTTPCookieUnion": schema_openshift_api_operator_v1_IngressControllerCaptureHTTPCookieUnion(ref), + "github.com/openshift/api/operator/v1.IngressControllerCaptureHTTPHeader": schema_openshift_api_operator_v1_IngressControllerCaptureHTTPHeader(ref), + "github.com/openshift/api/operator/v1.IngressControllerCaptureHTTPHeaders": schema_openshift_api_operator_v1_IngressControllerCaptureHTTPHeaders(ref), + "github.com/openshift/api/operator/v1.IngressControllerHTTPHeader": schema_openshift_api_operator_v1_IngressControllerHTTPHeader(ref), + "github.com/openshift/api/operator/v1.IngressControllerHTTPHeaderActionUnion": schema_openshift_api_operator_v1_IngressControllerHTTPHeaderActionUnion(ref), + "github.com/openshift/api/operator/v1.IngressControllerHTTPHeaderActions": schema_openshift_api_operator_v1_IngressControllerHTTPHeaderActions(ref), + "github.com/openshift/api/operator/v1.IngressControllerHTTPHeaders": schema_openshift_api_operator_v1_IngressControllerHTTPHeaders(ref), + "github.com/openshift/api/operator/v1.IngressControllerHTTPUniqueIdHeaderPolicy": schema_openshift_api_operator_v1_IngressControllerHTTPUniqueIdHeaderPolicy(ref), + "github.com/openshift/api/operator/v1.IngressControllerList": schema_openshift_api_operator_v1_IngressControllerList(ref), + "github.com/openshift/api/operator/v1.IngressControllerLogging": schema_openshift_api_operator_v1_IngressControllerLogging(ref), + "github.com/openshift/api/operator/v1.IngressControllerSetHTTPHeader": schema_openshift_api_operator_v1_IngressControllerSetHTTPHeader(ref), + "github.com/openshift/api/operator/v1.IngressControllerSpec": schema_openshift_api_operator_v1_IngressControllerSpec(ref), + "github.com/openshift/api/operator/v1.IngressControllerStatus": schema_openshift_api_operator_v1_IngressControllerStatus(ref), + "github.com/openshift/api/operator/v1.IngressControllerTuningOptions": schema_openshift_api_operator_v1_IngressControllerTuningOptions(ref), + "github.com/openshift/api/operator/v1.InsightsOperator": schema_openshift_api_operator_v1_InsightsOperator(ref), + "github.com/openshift/api/operator/v1.InsightsOperatorList": schema_openshift_api_operator_v1_InsightsOperatorList(ref), + "github.com/openshift/api/operator/v1.InsightsOperatorSpec": schema_openshift_api_operator_v1_InsightsOperatorSpec(ref), + "github.com/openshift/api/operator/v1.InsightsOperatorStatus": schema_openshift_api_operator_v1_InsightsOperatorStatus(ref), + "github.com/openshift/api/operator/v1.InsightsReport": schema_openshift_api_operator_v1_InsightsReport(ref), + "github.com/openshift/api/operator/v1.IrreconcilableValidationOverrides": schema_openshift_api_operator_v1_IrreconcilableValidationOverrides(ref), + "github.com/openshift/api/operator/v1.KubeAPIServer": schema_openshift_api_operator_v1_KubeAPIServer(ref), + "github.com/openshift/api/operator/v1.KubeAPIServerList": schema_openshift_api_operator_v1_KubeAPIServerList(ref), + "github.com/openshift/api/operator/v1.KubeAPIServerSpec": schema_openshift_api_operator_v1_KubeAPIServerSpec(ref), + "github.com/openshift/api/operator/v1.KubeAPIServerStatus": schema_openshift_api_operator_v1_KubeAPIServerStatus(ref), + "github.com/openshift/api/operator/v1.KubeControllerManager": schema_openshift_api_operator_v1_KubeControllerManager(ref), + "github.com/openshift/api/operator/v1.KubeControllerManagerList": schema_openshift_api_operator_v1_KubeControllerManagerList(ref), + "github.com/openshift/api/operator/v1.KubeControllerManagerSpec": schema_openshift_api_operator_v1_KubeControllerManagerSpec(ref), + "github.com/openshift/api/operator/v1.KubeControllerManagerStatus": schema_openshift_api_operator_v1_KubeControllerManagerStatus(ref), + "github.com/openshift/api/operator/v1.KubeScheduler": schema_openshift_api_operator_v1_KubeScheduler(ref), + "github.com/openshift/api/operator/v1.KubeSchedulerList": schema_openshift_api_operator_v1_KubeSchedulerList(ref), + "github.com/openshift/api/operator/v1.KubeSchedulerSpec": schema_openshift_api_operator_v1_KubeSchedulerSpec(ref), + "github.com/openshift/api/operator/v1.KubeSchedulerStatus": schema_openshift_api_operator_v1_KubeSchedulerStatus(ref), + "github.com/openshift/api/operator/v1.KubeStorageVersionMigrator": schema_openshift_api_operator_v1_KubeStorageVersionMigrator(ref), + "github.com/openshift/api/operator/v1.KubeStorageVersionMigratorList": schema_openshift_api_operator_v1_KubeStorageVersionMigratorList(ref), + "github.com/openshift/api/operator/v1.KubeStorageVersionMigratorSpec": schema_openshift_api_operator_v1_KubeStorageVersionMigratorSpec(ref), + "github.com/openshift/api/operator/v1.KubeStorageVersionMigratorStatus": schema_openshift_api_operator_v1_KubeStorageVersionMigratorStatus(ref), + "github.com/openshift/api/operator/v1.LoadBalancerStrategy": schema_openshift_api_operator_v1_LoadBalancerStrategy(ref), + "github.com/openshift/api/operator/v1.LoggingDestination": schema_openshift_api_operator_v1_LoggingDestination(ref), + "github.com/openshift/api/operator/v1.Logo": schema_openshift_api_operator_v1_Logo(ref), + "github.com/openshift/api/operator/v1.MTUMigration": schema_openshift_api_operator_v1_MTUMigration(ref), + "github.com/openshift/api/operator/v1.MTUMigrationValues": schema_openshift_api_operator_v1_MTUMigrationValues(ref), + "github.com/openshift/api/operator/v1.MachineConfiguration": schema_openshift_api_operator_v1_MachineConfiguration(ref), + "github.com/openshift/api/operator/v1.MachineConfigurationList": schema_openshift_api_operator_v1_MachineConfigurationList(ref), + "github.com/openshift/api/operator/v1.MachineConfigurationSpec": schema_openshift_api_operator_v1_MachineConfigurationSpec(ref), + "github.com/openshift/api/operator/v1.MachineConfigurationStatus": schema_openshift_api_operator_v1_MachineConfigurationStatus(ref), + "github.com/openshift/api/operator/v1.MachineManager": schema_openshift_api_operator_v1_MachineManager(ref), + "github.com/openshift/api/operator/v1.MachineManagerSelector": schema_openshift_api_operator_v1_MachineManagerSelector(ref), + "github.com/openshift/api/operator/v1.ManagedBootImages": schema_openshift_api_operator_v1_ManagedBootImages(ref), + "github.com/openshift/api/operator/v1.MyOperatorResource": schema_openshift_api_operator_v1_MyOperatorResource(ref), + "github.com/openshift/api/operator/v1.MyOperatorResourceSpec": schema_openshift_api_operator_v1_MyOperatorResourceSpec(ref), + "github.com/openshift/api/operator/v1.MyOperatorResourceStatus": schema_openshift_api_operator_v1_MyOperatorResourceStatus(ref), + "github.com/openshift/api/operator/v1.NetFlowConfig": schema_openshift_api_operator_v1_NetFlowConfig(ref), + "github.com/openshift/api/operator/v1.Network": schema_openshift_api_operator_v1_Network(ref), + "github.com/openshift/api/operator/v1.NetworkList": schema_openshift_api_operator_v1_NetworkList(ref), + "github.com/openshift/api/operator/v1.NetworkMigration": schema_openshift_api_operator_v1_NetworkMigration(ref), + "github.com/openshift/api/operator/v1.NetworkSpec": schema_openshift_api_operator_v1_NetworkSpec(ref), + "github.com/openshift/api/operator/v1.NetworkStatus": schema_openshift_api_operator_v1_NetworkStatus(ref), + "github.com/openshift/api/operator/v1.NodeDisruptionPolicyClusterStatus": schema_openshift_api_operator_v1_NodeDisruptionPolicyClusterStatus(ref), + "github.com/openshift/api/operator/v1.NodeDisruptionPolicyConfig": schema_openshift_api_operator_v1_NodeDisruptionPolicyConfig(ref), + "github.com/openshift/api/operator/v1.NodeDisruptionPolicySpecAction": schema_openshift_api_operator_v1_NodeDisruptionPolicySpecAction(ref), + "github.com/openshift/api/operator/v1.NodeDisruptionPolicySpecFile": schema_openshift_api_operator_v1_NodeDisruptionPolicySpecFile(ref), + "github.com/openshift/api/operator/v1.NodeDisruptionPolicySpecSSHKey": schema_openshift_api_operator_v1_NodeDisruptionPolicySpecSSHKey(ref), + "github.com/openshift/api/operator/v1.NodeDisruptionPolicySpecUnit": schema_openshift_api_operator_v1_NodeDisruptionPolicySpecUnit(ref), + "github.com/openshift/api/operator/v1.NodeDisruptionPolicyStatus": schema_openshift_api_operator_v1_NodeDisruptionPolicyStatus(ref), + "github.com/openshift/api/operator/v1.NodeDisruptionPolicyStatusAction": schema_openshift_api_operator_v1_NodeDisruptionPolicyStatusAction(ref), + "github.com/openshift/api/operator/v1.NodeDisruptionPolicyStatusFile": schema_openshift_api_operator_v1_NodeDisruptionPolicyStatusFile(ref), + "github.com/openshift/api/operator/v1.NodeDisruptionPolicyStatusSSHKey": schema_openshift_api_operator_v1_NodeDisruptionPolicyStatusSSHKey(ref), + "github.com/openshift/api/operator/v1.NodeDisruptionPolicyStatusUnit": schema_openshift_api_operator_v1_NodeDisruptionPolicyStatusUnit(ref), + "github.com/openshift/api/operator/v1.NodePlacement": schema_openshift_api_operator_v1_NodePlacement(ref), + "github.com/openshift/api/operator/v1.NodePortStrategy": schema_openshift_api_operator_v1_NodePortStrategy(ref), + "github.com/openshift/api/operator/v1.NodeStatus": schema_openshift_api_operator_v1_NodeStatus(ref), + "github.com/openshift/api/operator/v1.OAuthAPIServerStatus": schema_openshift_api_operator_v1_OAuthAPIServerStatus(ref), + "github.com/openshift/api/operator/v1.OLM": schema_openshift_api_operator_v1_OLM(ref), + "github.com/openshift/api/operator/v1.OLMList": schema_openshift_api_operator_v1_OLMList(ref), + "github.com/openshift/api/operator/v1.OLMSpec": schema_openshift_api_operator_v1_OLMSpec(ref), + "github.com/openshift/api/operator/v1.OLMStatus": schema_openshift_api_operator_v1_OLMStatus(ref), + "github.com/openshift/api/operator/v1.OVNKubernetesConfig": schema_openshift_api_operator_v1_OVNKubernetesConfig(ref), + "github.com/openshift/api/operator/v1.OpenShiftAPIServer": schema_openshift_api_operator_v1_OpenShiftAPIServer(ref), + "github.com/openshift/api/operator/v1.OpenShiftAPIServerList": schema_openshift_api_operator_v1_OpenShiftAPIServerList(ref), + "github.com/openshift/api/operator/v1.OpenShiftAPIServerSpec": schema_openshift_api_operator_v1_OpenShiftAPIServerSpec(ref), + "github.com/openshift/api/operator/v1.OpenShiftAPIServerStatus": schema_openshift_api_operator_v1_OpenShiftAPIServerStatus(ref), + "github.com/openshift/api/operator/v1.OpenShiftControllerManager": schema_openshift_api_operator_v1_OpenShiftControllerManager(ref), + "github.com/openshift/api/operator/v1.OpenShiftControllerManagerList": schema_openshift_api_operator_v1_OpenShiftControllerManagerList(ref), + "github.com/openshift/api/operator/v1.OpenShiftControllerManagerSpec": schema_openshift_api_operator_v1_OpenShiftControllerManagerSpec(ref), + "github.com/openshift/api/operator/v1.OpenShiftControllerManagerStatus": schema_openshift_api_operator_v1_OpenShiftControllerManagerStatus(ref), + "github.com/openshift/api/operator/v1.OpenShiftSDNConfig": schema_openshift_api_operator_v1_OpenShiftSDNConfig(ref), + "github.com/openshift/api/operator/v1.OpenStackLoadBalancerParameters": schema_openshift_api_operator_v1_OpenStackLoadBalancerParameters(ref), + "github.com/openshift/api/operator/v1.OperatorCondition": schema_openshift_api_operator_v1_OperatorCondition(ref), + "github.com/openshift/api/operator/v1.OperatorSpec": schema_openshift_api_operator_v1_OperatorSpec(ref), + "github.com/openshift/api/operator/v1.OperatorStatus": schema_openshift_api_operator_v1_OperatorStatus(ref), + "github.com/openshift/api/operator/v1.PartialSelector": schema_openshift_api_operator_v1_PartialSelector(ref), + "github.com/openshift/api/operator/v1.Perspective": schema_openshift_api_operator_v1_Perspective(ref), + "github.com/openshift/api/operator/v1.PerspectiveVisibility": schema_openshift_api_operator_v1_PerspectiveVisibility(ref), + "github.com/openshift/api/operator/v1.PinnedResourceReference": schema_openshift_api_operator_v1_PinnedResourceReference(ref), + "github.com/openshift/api/operator/v1.PolicyAuditConfig": schema_openshift_api_operator_v1_PolicyAuditConfig(ref), + "github.com/openshift/api/operator/v1.PrivateStrategy": schema_openshift_api_operator_v1_PrivateStrategy(ref), + "github.com/openshift/api/operator/v1.ProjectAccess": schema_openshift_api_operator_v1_ProjectAccess(ref), + "github.com/openshift/api/operator/v1.ProviderLoadBalancerParameters": schema_openshift_api_operator_v1_ProviderLoadBalancerParameters(ref), + "github.com/openshift/api/operator/v1.ProxyConfig": schema_openshift_api_operator_v1_ProxyConfig(ref), + "github.com/openshift/api/operator/v1.QuickStarts": schema_openshift_api_operator_v1_QuickStarts(ref), + "github.com/openshift/api/operator/v1.ReloadService": schema_openshift_api_operator_v1_ReloadService(ref), + "github.com/openshift/api/operator/v1.ResourceAttributesAccessReview": schema_openshift_api_operator_v1_ResourceAttributesAccessReview(ref), + "github.com/openshift/api/operator/v1.RestartService": schema_openshift_api_operator_v1_RestartService(ref), + "github.com/openshift/api/operator/v1.RouteAdmissionPolicy": schema_openshift_api_operator_v1_RouteAdmissionPolicy(ref), + "github.com/openshift/api/operator/v1.SFlowConfig": schema_openshift_api_operator_v1_SFlowConfig(ref), + "github.com/openshift/api/operator/v1.Server": schema_openshift_api_operator_v1_Server(ref), + "github.com/openshift/api/operator/v1.ServiceAccountIssuerStatus": schema_openshift_api_operator_v1_ServiceAccountIssuerStatus(ref), + "github.com/openshift/api/operator/v1.ServiceCA": schema_openshift_api_operator_v1_ServiceCA(ref), + "github.com/openshift/api/operator/v1.ServiceCAList": schema_openshift_api_operator_v1_ServiceCAList(ref), + "github.com/openshift/api/operator/v1.ServiceCASpec": schema_openshift_api_operator_v1_ServiceCASpec(ref), + "github.com/openshift/api/operator/v1.ServiceCAStatus": schema_openshift_api_operator_v1_ServiceCAStatus(ref), + "github.com/openshift/api/operator/v1.ServiceCatalogAPIServer": schema_openshift_api_operator_v1_ServiceCatalogAPIServer(ref), + "github.com/openshift/api/operator/v1.ServiceCatalogAPIServerList": schema_openshift_api_operator_v1_ServiceCatalogAPIServerList(ref), + "github.com/openshift/api/operator/v1.ServiceCatalogAPIServerSpec": schema_openshift_api_operator_v1_ServiceCatalogAPIServerSpec(ref), + "github.com/openshift/api/operator/v1.ServiceCatalogAPIServerStatus": schema_openshift_api_operator_v1_ServiceCatalogAPIServerStatus(ref), + "github.com/openshift/api/operator/v1.ServiceCatalogControllerManager": schema_openshift_api_operator_v1_ServiceCatalogControllerManager(ref), + "github.com/openshift/api/operator/v1.ServiceCatalogControllerManagerList": schema_openshift_api_operator_v1_ServiceCatalogControllerManagerList(ref), + "github.com/openshift/api/operator/v1.ServiceCatalogControllerManagerSpec": schema_openshift_api_operator_v1_ServiceCatalogControllerManagerSpec(ref), + "github.com/openshift/api/operator/v1.ServiceCatalogControllerManagerStatus": schema_openshift_api_operator_v1_ServiceCatalogControllerManagerStatus(ref), + "github.com/openshift/api/operator/v1.SimpleMacvlanConfig": schema_openshift_api_operator_v1_SimpleMacvlanConfig(ref), + "github.com/openshift/api/operator/v1.StaticIPAMAddresses": schema_openshift_api_operator_v1_StaticIPAMAddresses(ref), + "github.com/openshift/api/operator/v1.StaticIPAMConfig": schema_openshift_api_operator_v1_StaticIPAMConfig(ref), + "github.com/openshift/api/operator/v1.StaticIPAMDNS": schema_openshift_api_operator_v1_StaticIPAMDNS(ref), + "github.com/openshift/api/operator/v1.StaticIPAMRoutes": schema_openshift_api_operator_v1_StaticIPAMRoutes(ref), + "github.com/openshift/api/operator/v1.StaticPodOperatorSpec": schema_openshift_api_operator_v1_StaticPodOperatorSpec(ref), + "github.com/openshift/api/operator/v1.StaticPodOperatorStatus": schema_openshift_api_operator_v1_StaticPodOperatorStatus(ref), + "github.com/openshift/api/operator/v1.StatuspageProvider": schema_openshift_api_operator_v1_StatuspageProvider(ref), + "github.com/openshift/api/operator/v1.Storage": schema_openshift_api_operator_v1_Storage(ref), + "github.com/openshift/api/operator/v1.StorageList": schema_openshift_api_operator_v1_StorageList(ref), + "github.com/openshift/api/operator/v1.StorageSpec": schema_openshift_api_operator_v1_StorageSpec(ref), + "github.com/openshift/api/operator/v1.StorageStatus": schema_openshift_api_operator_v1_StorageStatus(ref), + "github.com/openshift/api/operator/v1.SyslogLoggingDestinationParameters": schema_openshift_api_operator_v1_SyslogLoggingDestinationParameters(ref), + "github.com/openshift/api/operator/v1.Theme": schema_openshift_api_operator_v1_Theme(ref), + "github.com/openshift/api/operator/v1.Upstream": schema_openshift_api_operator_v1_Upstream(ref), + "github.com/openshift/api/operator/v1.UpstreamResolvers": schema_openshift_api_operator_v1_UpstreamResolvers(ref), + "github.com/openshift/api/operator/v1.VSphereCSIDriverConfigSpec": schema_openshift_api_operator_v1_VSphereCSIDriverConfigSpec(ref), + "github.com/openshift/api/operator/v1alpha1.BackupJobReference": schema_openshift_api_operator_v1alpha1_BackupJobReference(ref), + "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperator": schema_openshift_api_operator_v1alpha1_ClusterVersionOperator(ref), + "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperatorList": schema_openshift_api_operator_v1alpha1_ClusterVersionOperatorList(ref), + "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperatorSpec": schema_openshift_api_operator_v1alpha1_ClusterVersionOperatorSpec(ref), + "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperatorStatus": schema_openshift_api_operator_v1alpha1_ClusterVersionOperatorStatus(ref), + "github.com/openshift/api/operator/v1alpha1.DelegatedAuthentication": schema_openshift_api_operator_v1alpha1_DelegatedAuthentication(ref), + "github.com/openshift/api/operator/v1alpha1.DelegatedAuthorization": schema_openshift_api_operator_v1alpha1_DelegatedAuthorization(ref), + "github.com/openshift/api/operator/v1alpha1.EtcdBackup": schema_openshift_api_operator_v1alpha1_EtcdBackup(ref), + "github.com/openshift/api/operator/v1alpha1.EtcdBackupList": schema_openshift_api_operator_v1alpha1_EtcdBackupList(ref), + "github.com/openshift/api/operator/v1alpha1.EtcdBackupSpec": schema_openshift_api_operator_v1alpha1_EtcdBackupSpec(ref), + "github.com/openshift/api/operator/v1alpha1.EtcdBackupStatus": schema_openshift_api_operator_v1alpha1_EtcdBackupStatus(ref), + "github.com/openshift/api/operator/v1alpha1.GenerationHistory": schema_openshift_api_operator_v1alpha1_GenerationHistory(ref), + "github.com/openshift/api/operator/v1alpha1.GenericOperatorConfig": schema_openshift_api_operator_v1alpha1_GenericOperatorConfig(ref), + "github.com/openshift/api/operator/v1alpha1.ImageContentSourcePolicy": schema_openshift_api_operator_v1alpha1_ImageContentSourcePolicy(ref), + "github.com/openshift/api/operator/v1alpha1.ImageContentSourcePolicyList": schema_openshift_api_operator_v1alpha1_ImageContentSourcePolicyList(ref), + "github.com/openshift/api/operator/v1alpha1.ImageContentSourcePolicySpec": schema_openshift_api_operator_v1alpha1_ImageContentSourcePolicySpec(ref), + "github.com/openshift/api/operator/v1alpha1.LoggingConfig": schema_openshift_api_operator_v1alpha1_LoggingConfig(ref), + "github.com/openshift/api/operator/v1alpha1.NodeStatus": schema_openshift_api_operator_v1alpha1_NodeStatus(ref), + "github.com/openshift/api/operator/v1alpha1.OLM": schema_openshift_api_operator_v1alpha1_OLM(ref), + "github.com/openshift/api/operator/v1alpha1.OLMList": schema_openshift_api_operator_v1alpha1_OLMList(ref), + "github.com/openshift/api/operator/v1alpha1.OLMSpec": schema_openshift_api_operator_v1alpha1_OLMSpec(ref), + "github.com/openshift/api/operator/v1alpha1.OLMStatus": schema_openshift_api_operator_v1alpha1_OLMStatus(ref), + "github.com/openshift/api/operator/v1alpha1.OperatorCondition": schema_openshift_api_operator_v1alpha1_OperatorCondition(ref), + "github.com/openshift/api/operator/v1alpha1.OperatorSpec": schema_openshift_api_operator_v1alpha1_OperatorSpec(ref), + "github.com/openshift/api/operator/v1alpha1.OperatorStatus": schema_openshift_api_operator_v1alpha1_OperatorStatus(ref), + "github.com/openshift/api/operator/v1alpha1.RepositoryDigestMirrors": schema_openshift_api_operator_v1alpha1_RepositoryDigestMirrors(ref), + "github.com/openshift/api/operator/v1alpha1.StaticPodOperatorStatus": schema_openshift_api_operator_v1alpha1_StaticPodOperatorStatus(ref), + "github.com/openshift/api/operator/v1alpha1.VersionAvailability": schema_openshift_api_operator_v1alpha1_VersionAvailability(ref), + "github.com/openshift/api/operatorcontrolplane/v1alpha1.LogEntry": schema_openshift_api_operatorcontrolplane_v1alpha1_LogEntry(ref), + "github.com/openshift/api/operatorcontrolplane/v1alpha1.OutageEntry": schema_openshift_api_operatorcontrolplane_v1alpha1_OutageEntry(ref), + "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheck": schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheck(ref), + "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckCondition": schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheckCondition(ref), + "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckList": schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheckList(ref), + "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckSpec": schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheckSpec(ref), + "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckStatus": schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheckStatus(ref), + "github.com/openshift/api/operatoringress/v1.DNSRecord": schema_openshift_api_operatoringress_v1_DNSRecord(ref), + "github.com/openshift/api/operatoringress/v1.DNSRecordList": schema_openshift_api_operatoringress_v1_DNSRecordList(ref), + "github.com/openshift/api/operatoringress/v1.DNSRecordSpec": schema_openshift_api_operatoringress_v1_DNSRecordSpec(ref), + "github.com/openshift/api/operatoringress/v1.DNSRecordStatus": schema_openshift_api_operatoringress_v1_DNSRecordStatus(ref), + "github.com/openshift/api/operatoringress/v1.DNSZoneCondition": schema_openshift_api_operatoringress_v1_DNSZoneCondition(ref), + "github.com/openshift/api/operatoringress/v1.DNSZoneStatus": schema_openshift_api_operatoringress_v1_DNSZoneStatus(ref), + "github.com/openshift/api/osin/v1.AllowAllPasswordIdentityProvider": schema_openshift_api_osin_v1_AllowAllPasswordIdentityProvider(ref), + "github.com/openshift/api/osin/v1.BasicAuthPasswordIdentityProvider": schema_openshift_api_osin_v1_BasicAuthPasswordIdentityProvider(ref), + "github.com/openshift/api/osin/v1.DenyAllPasswordIdentityProvider": schema_openshift_api_osin_v1_DenyAllPasswordIdentityProvider(ref), + "github.com/openshift/api/osin/v1.GitHubIdentityProvider": schema_openshift_api_osin_v1_GitHubIdentityProvider(ref), + "github.com/openshift/api/osin/v1.GitLabIdentityProvider": schema_openshift_api_osin_v1_GitLabIdentityProvider(ref), + "github.com/openshift/api/osin/v1.GoogleIdentityProvider": schema_openshift_api_osin_v1_GoogleIdentityProvider(ref), + "github.com/openshift/api/osin/v1.GrantConfig": schema_openshift_api_osin_v1_GrantConfig(ref), + "github.com/openshift/api/osin/v1.HTPasswdPasswordIdentityProvider": schema_openshift_api_osin_v1_HTPasswdPasswordIdentityProvider(ref), + "github.com/openshift/api/osin/v1.IdentityProvider": schema_openshift_api_osin_v1_IdentityProvider(ref), + "github.com/openshift/api/osin/v1.KeystonePasswordIdentityProvider": schema_openshift_api_osin_v1_KeystonePasswordIdentityProvider(ref), + "github.com/openshift/api/osin/v1.LDAPAttributeMapping": schema_openshift_api_osin_v1_LDAPAttributeMapping(ref), + "github.com/openshift/api/osin/v1.LDAPPasswordIdentityProvider": schema_openshift_api_osin_v1_LDAPPasswordIdentityProvider(ref), + "github.com/openshift/api/osin/v1.OAuthConfig": schema_openshift_api_osin_v1_OAuthConfig(ref), + "github.com/openshift/api/osin/v1.OAuthTemplates": schema_openshift_api_osin_v1_OAuthTemplates(ref), + "github.com/openshift/api/osin/v1.OpenIDClaims": schema_openshift_api_osin_v1_OpenIDClaims(ref), + "github.com/openshift/api/osin/v1.OpenIDIdentityProvider": schema_openshift_api_osin_v1_OpenIDIdentityProvider(ref), + "github.com/openshift/api/osin/v1.OpenIDURLs": schema_openshift_api_osin_v1_OpenIDURLs(ref), + "github.com/openshift/api/osin/v1.OsinServerConfig": schema_openshift_api_osin_v1_OsinServerConfig(ref), + "github.com/openshift/api/osin/v1.RequestHeaderIdentityProvider": schema_openshift_api_osin_v1_RequestHeaderIdentityProvider(ref), + "github.com/openshift/api/osin/v1.SessionConfig": schema_openshift_api_osin_v1_SessionConfig(ref), + "github.com/openshift/api/osin/v1.SessionSecret": schema_openshift_api_osin_v1_SessionSecret(ref), + "github.com/openshift/api/osin/v1.SessionSecrets": schema_openshift_api_osin_v1_SessionSecrets(ref), + "github.com/openshift/api/osin/v1.TokenConfig": schema_openshift_api_osin_v1_TokenConfig(ref), + "github.com/openshift/api/project/v1.Project": schema_openshift_api_project_v1_Project(ref), + "github.com/openshift/api/project/v1.ProjectList": schema_openshift_api_project_v1_ProjectList(ref), + "github.com/openshift/api/project/v1.ProjectRequest": schema_openshift_api_project_v1_ProjectRequest(ref), + "github.com/openshift/api/project/v1.ProjectSpec": schema_openshift_api_project_v1_ProjectSpec(ref), + "github.com/openshift/api/project/v1.ProjectStatus": schema_openshift_api_project_v1_ProjectStatus(ref), + "github.com/openshift/api/quota/v1.AppliedClusterResourceQuota": schema_openshift_api_quota_v1_AppliedClusterResourceQuota(ref), + "github.com/openshift/api/quota/v1.AppliedClusterResourceQuotaList": schema_openshift_api_quota_v1_AppliedClusterResourceQuotaList(ref), + "github.com/openshift/api/quota/v1.ClusterResourceQuota": schema_openshift_api_quota_v1_ClusterResourceQuota(ref), + "github.com/openshift/api/quota/v1.ClusterResourceQuotaList": schema_openshift_api_quota_v1_ClusterResourceQuotaList(ref), + "github.com/openshift/api/quota/v1.ClusterResourceQuotaSelector": schema_openshift_api_quota_v1_ClusterResourceQuotaSelector(ref), + "github.com/openshift/api/quota/v1.ClusterResourceQuotaSpec": schema_openshift_api_quota_v1_ClusterResourceQuotaSpec(ref), + "github.com/openshift/api/quota/v1.ClusterResourceQuotaStatus": schema_openshift_api_quota_v1_ClusterResourceQuotaStatus(ref), + "github.com/openshift/api/quota/v1.ResourceQuotaStatusByNamespace": schema_openshift_api_quota_v1_ResourceQuotaStatusByNamespace(ref), + "github.com/openshift/api/route/v1.LocalObjectReference": schema_openshift_api_route_v1_LocalObjectReference(ref), + "github.com/openshift/api/route/v1.Route": schema_openshift_api_route_v1_Route(ref), + "github.com/openshift/api/route/v1.RouteHTTPHeader": schema_openshift_api_route_v1_RouteHTTPHeader(ref), + "github.com/openshift/api/route/v1.RouteHTTPHeaderActionUnion": schema_openshift_api_route_v1_RouteHTTPHeaderActionUnion(ref), + "github.com/openshift/api/route/v1.RouteHTTPHeaderActions": schema_openshift_api_route_v1_RouteHTTPHeaderActions(ref), + "github.com/openshift/api/route/v1.RouteHTTPHeaders": schema_openshift_api_route_v1_RouteHTTPHeaders(ref), + "github.com/openshift/api/route/v1.RouteIngress": schema_openshift_api_route_v1_RouteIngress(ref), + "github.com/openshift/api/route/v1.RouteIngressCondition": schema_openshift_api_route_v1_RouteIngressCondition(ref), + "github.com/openshift/api/route/v1.RouteList": schema_openshift_api_route_v1_RouteList(ref), + "github.com/openshift/api/route/v1.RoutePort": schema_openshift_api_route_v1_RoutePort(ref), + "github.com/openshift/api/route/v1.RouteSetHTTPHeader": schema_openshift_api_route_v1_RouteSetHTTPHeader(ref), + "github.com/openshift/api/route/v1.RouteSpec": schema_openshift_api_route_v1_RouteSpec(ref), + "github.com/openshift/api/route/v1.RouteStatus": schema_openshift_api_route_v1_RouteStatus(ref), + "github.com/openshift/api/route/v1.RouteTargetReference": schema_openshift_api_route_v1_RouteTargetReference(ref), + "github.com/openshift/api/route/v1.RouterShard": schema_openshift_api_route_v1_RouterShard(ref), + "github.com/openshift/api/route/v1.TLSConfig": schema_openshift_api_route_v1_TLSConfig(ref), + "github.com/openshift/api/samples/v1.Config": schema_openshift_api_samples_v1_Config(ref), + "github.com/openshift/api/samples/v1.ConfigCondition": schema_openshift_api_samples_v1_ConfigCondition(ref), + "github.com/openshift/api/samples/v1.ConfigList": schema_openshift_api_samples_v1_ConfigList(ref), + "github.com/openshift/api/samples/v1.ConfigSpec": schema_openshift_api_samples_v1_ConfigSpec(ref), + "github.com/openshift/api/samples/v1.ConfigStatus": schema_openshift_api_samples_v1_ConfigStatus(ref), + "github.com/openshift/api/security/v1.AllowedFlexVolume": schema_openshift_api_security_v1_AllowedFlexVolume(ref), + "github.com/openshift/api/security/v1.FSGroupStrategyOptions": schema_openshift_api_security_v1_FSGroupStrategyOptions(ref), + "github.com/openshift/api/security/v1.IDRange": schema_openshift_api_security_v1_IDRange(ref), + "github.com/openshift/api/security/v1.PodSecurityPolicyReview": schema_openshift_api_security_v1_PodSecurityPolicyReview(ref), + "github.com/openshift/api/security/v1.PodSecurityPolicyReviewSpec": schema_openshift_api_security_v1_PodSecurityPolicyReviewSpec(ref), + "github.com/openshift/api/security/v1.PodSecurityPolicyReviewStatus": schema_openshift_api_security_v1_PodSecurityPolicyReviewStatus(ref), + "github.com/openshift/api/security/v1.PodSecurityPolicySelfSubjectReview": schema_openshift_api_security_v1_PodSecurityPolicySelfSubjectReview(ref), + "github.com/openshift/api/security/v1.PodSecurityPolicySelfSubjectReviewSpec": schema_openshift_api_security_v1_PodSecurityPolicySelfSubjectReviewSpec(ref), + "github.com/openshift/api/security/v1.PodSecurityPolicySubjectReview": schema_openshift_api_security_v1_PodSecurityPolicySubjectReview(ref), + "github.com/openshift/api/security/v1.PodSecurityPolicySubjectReviewSpec": schema_openshift_api_security_v1_PodSecurityPolicySubjectReviewSpec(ref), + "github.com/openshift/api/security/v1.PodSecurityPolicySubjectReviewStatus": schema_openshift_api_security_v1_PodSecurityPolicySubjectReviewStatus(ref), + "github.com/openshift/api/security/v1.RangeAllocation": schema_openshift_api_security_v1_RangeAllocation(ref), + "github.com/openshift/api/security/v1.RangeAllocationList": schema_openshift_api_security_v1_RangeAllocationList(ref), + "github.com/openshift/api/security/v1.RunAsUserStrategyOptions": schema_openshift_api_security_v1_RunAsUserStrategyOptions(ref), + "github.com/openshift/api/security/v1.SELinuxContextStrategyOptions": schema_openshift_api_security_v1_SELinuxContextStrategyOptions(ref), + "github.com/openshift/api/security/v1.SecurityContextConstraints": schema_openshift_api_security_v1_SecurityContextConstraints(ref), + "github.com/openshift/api/security/v1.SecurityContextConstraintsList": schema_openshift_api_security_v1_SecurityContextConstraintsList(ref), + "github.com/openshift/api/security/v1.ServiceAccountPodSecurityPolicyReviewStatus": schema_openshift_api_security_v1_ServiceAccountPodSecurityPolicyReviewStatus(ref), + "github.com/openshift/api/security/v1.SupplementalGroupsStrategyOptions": schema_openshift_api_security_v1_SupplementalGroupsStrategyOptions(ref), + "github.com/openshift/api/securityinternal/v1.RangeAllocation": schema_openshift_api_securityinternal_v1_RangeAllocation(ref), + "github.com/openshift/api/securityinternal/v1.RangeAllocationList": schema_openshift_api_securityinternal_v1_RangeAllocationList(ref), + "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfig": schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorConfig(ref), + "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfigList": schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorConfigList(ref), + "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfigSpec": schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorConfigSpec(ref), + "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfigStatus": schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorConfigStatus(ref), + "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMap": schema_openshift_api_sharedresource_v1alpha1_SharedConfigMap(ref), + "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMapList": schema_openshift_api_sharedresource_v1alpha1_SharedConfigMapList(ref), + "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMapReference": schema_openshift_api_sharedresource_v1alpha1_SharedConfigMapReference(ref), + "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMapSpec": schema_openshift_api_sharedresource_v1alpha1_SharedConfigMapSpec(ref), + "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMapStatus": schema_openshift_api_sharedresource_v1alpha1_SharedConfigMapStatus(ref), + "github.com/openshift/api/sharedresource/v1alpha1.SharedSecret": schema_openshift_api_sharedresource_v1alpha1_SharedSecret(ref), + "github.com/openshift/api/sharedresource/v1alpha1.SharedSecretList": schema_openshift_api_sharedresource_v1alpha1_SharedSecretList(ref), + "github.com/openshift/api/sharedresource/v1alpha1.SharedSecretReference": schema_openshift_api_sharedresource_v1alpha1_SharedSecretReference(ref), + "github.com/openshift/api/sharedresource/v1alpha1.SharedSecretSpec": schema_openshift_api_sharedresource_v1alpha1_SharedSecretSpec(ref), + "github.com/openshift/api/sharedresource/v1alpha1.SharedSecretStatus": schema_openshift_api_sharedresource_v1alpha1_SharedSecretStatus(ref), + "github.com/openshift/api/template/v1.BrokerTemplateInstance": schema_openshift_api_template_v1_BrokerTemplateInstance(ref), + "github.com/openshift/api/template/v1.BrokerTemplateInstanceList": schema_openshift_api_template_v1_BrokerTemplateInstanceList(ref), + "github.com/openshift/api/template/v1.BrokerTemplateInstanceSpec": schema_openshift_api_template_v1_BrokerTemplateInstanceSpec(ref), + "github.com/openshift/api/template/v1.Parameter": schema_openshift_api_template_v1_Parameter(ref), + "github.com/openshift/api/template/v1.Template": schema_openshift_api_template_v1_Template(ref), + "github.com/openshift/api/template/v1.TemplateInstance": schema_openshift_api_template_v1_TemplateInstance(ref), + "github.com/openshift/api/template/v1.TemplateInstanceCondition": schema_openshift_api_template_v1_TemplateInstanceCondition(ref), + "github.com/openshift/api/template/v1.TemplateInstanceList": schema_openshift_api_template_v1_TemplateInstanceList(ref), + "github.com/openshift/api/template/v1.TemplateInstanceObject": schema_openshift_api_template_v1_TemplateInstanceObject(ref), + "github.com/openshift/api/template/v1.TemplateInstanceRequester": schema_openshift_api_template_v1_TemplateInstanceRequester(ref), + "github.com/openshift/api/template/v1.TemplateInstanceSpec": schema_openshift_api_template_v1_TemplateInstanceSpec(ref), + "github.com/openshift/api/template/v1.TemplateInstanceStatus": schema_openshift_api_template_v1_TemplateInstanceStatus(ref), + "github.com/openshift/api/template/v1.TemplateList": schema_openshift_api_template_v1_TemplateList(ref), + "github.com/openshift/api/user/v1.Group": schema_openshift_api_user_v1_Group(ref), + "github.com/openshift/api/user/v1.GroupList": schema_openshift_api_user_v1_GroupList(ref), + "github.com/openshift/api/user/v1.Identity": schema_openshift_api_user_v1_Identity(ref), + "github.com/openshift/api/user/v1.IdentityList": schema_openshift_api_user_v1_IdentityList(ref), + "github.com/openshift/api/user/v1.User": schema_openshift_api_user_v1_User(ref), + "github.com/openshift/api/user/v1.UserIdentityMapping": schema_openshift_api_user_v1_UserIdentityMapping(ref), + "github.com/openshift/api/user/v1.UserList": schema_openshift_api_user_v1_UserList(ref), + "k8s.io/api/admissionregistration/v1.AuditAnnotation": schema_k8sio_api_admissionregistration_v1_AuditAnnotation(ref), + "k8s.io/api/admissionregistration/v1.ExpressionWarning": schema_k8sio_api_admissionregistration_v1_ExpressionWarning(ref), + "k8s.io/api/admissionregistration/v1.MatchCondition": schema_k8sio_api_admissionregistration_v1_MatchCondition(ref), + "k8s.io/api/admissionregistration/v1.MatchResources": schema_k8sio_api_admissionregistration_v1_MatchResources(ref), + "k8s.io/api/admissionregistration/v1.MutatingWebhook": schema_k8sio_api_admissionregistration_v1_MutatingWebhook(ref), + "k8s.io/api/admissionregistration/v1.MutatingWebhookConfiguration": schema_k8sio_api_admissionregistration_v1_MutatingWebhookConfiguration(ref), + "k8s.io/api/admissionregistration/v1.MutatingWebhookConfigurationList": schema_k8sio_api_admissionregistration_v1_MutatingWebhookConfigurationList(ref), + "k8s.io/api/admissionregistration/v1.NamedRuleWithOperations": schema_k8sio_api_admissionregistration_v1_NamedRuleWithOperations(ref), + "k8s.io/api/admissionregistration/v1.ParamKind": schema_k8sio_api_admissionregistration_v1_ParamKind(ref), + "k8s.io/api/admissionregistration/v1.ParamRef": schema_k8sio_api_admissionregistration_v1_ParamRef(ref), + "k8s.io/api/admissionregistration/v1.Rule": schema_k8sio_api_admissionregistration_v1_Rule(ref), + "k8s.io/api/admissionregistration/v1.RuleWithOperations": schema_k8sio_api_admissionregistration_v1_RuleWithOperations(ref), + "k8s.io/api/admissionregistration/v1.ServiceReference": schema_k8sio_api_admissionregistration_v1_ServiceReference(ref), + "k8s.io/api/admissionregistration/v1.TypeChecking": schema_k8sio_api_admissionregistration_v1_TypeChecking(ref), + "k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicy": schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicy(ref), + "k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicyBinding": schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyBinding(ref), + "k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicyBindingList": schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyBindingList(ref), + "k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicyBindingSpec": schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyBindingSpec(ref), + "k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicyList": schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyList(ref), + "k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicySpec": schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicySpec(ref), + "k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicyStatus": schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyStatus(ref), + "k8s.io/api/admissionregistration/v1.ValidatingWebhook": schema_k8sio_api_admissionregistration_v1_ValidatingWebhook(ref), + "k8s.io/api/admissionregistration/v1.ValidatingWebhookConfiguration": schema_k8sio_api_admissionregistration_v1_ValidatingWebhookConfiguration(ref), + "k8s.io/api/admissionregistration/v1.ValidatingWebhookConfigurationList": schema_k8sio_api_admissionregistration_v1_ValidatingWebhookConfigurationList(ref), + "k8s.io/api/admissionregistration/v1.Validation": schema_k8sio_api_admissionregistration_v1_Validation(ref), + "k8s.io/api/admissionregistration/v1.Variable": schema_k8sio_api_admissionregistration_v1_Variable(ref), + "k8s.io/api/admissionregistration/v1.WebhookClientConfig": schema_k8sio_api_admissionregistration_v1_WebhookClientConfig(ref), + "k8s.io/api/authorization/v1.FieldSelectorAttributes": schema_k8sio_api_authorization_v1_FieldSelectorAttributes(ref), + "k8s.io/api/authorization/v1.LabelSelectorAttributes": schema_k8sio_api_authorization_v1_LabelSelectorAttributes(ref), + "k8s.io/api/authorization/v1.LocalSubjectAccessReview": schema_k8sio_api_authorization_v1_LocalSubjectAccessReview(ref), + "k8s.io/api/authorization/v1.NonResourceAttributes": schema_k8sio_api_authorization_v1_NonResourceAttributes(ref), + "k8s.io/api/authorization/v1.NonResourceRule": schema_k8sio_api_authorization_v1_NonResourceRule(ref), + "k8s.io/api/authorization/v1.ResourceAttributes": schema_k8sio_api_authorization_v1_ResourceAttributes(ref), + "k8s.io/api/authorization/v1.ResourceRule": schema_k8sio_api_authorization_v1_ResourceRule(ref), + "k8s.io/api/authorization/v1.SelfSubjectAccessReview": schema_k8sio_api_authorization_v1_SelfSubjectAccessReview(ref), + "k8s.io/api/authorization/v1.SelfSubjectAccessReviewSpec": schema_k8sio_api_authorization_v1_SelfSubjectAccessReviewSpec(ref), + "k8s.io/api/authorization/v1.SelfSubjectRulesReview": schema_k8sio_api_authorization_v1_SelfSubjectRulesReview(ref), + "k8s.io/api/authorization/v1.SelfSubjectRulesReviewSpec": schema_k8sio_api_authorization_v1_SelfSubjectRulesReviewSpec(ref), + "k8s.io/api/authorization/v1.SubjectAccessReview": schema_k8sio_api_authorization_v1_SubjectAccessReview(ref), + "k8s.io/api/authorization/v1.SubjectAccessReviewSpec": schema_k8sio_api_authorization_v1_SubjectAccessReviewSpec(ref), + "k8s.io/api/authorization/v1.SubjectAccessReviewStatus": schema_k8sio_api_authorization_v1_SubjectAccessReviewStatus(ref), + "k8s.io/api/authorization/v1.SubjectRulesReviewStatus": schema_k8sio_api_authorization_v1_SubjectRulesReviewStatus(ref), + "k8s.io/api/core/v1.AWSElasticBlockStoreVolumeSource": schema_k8sio_api_core_v1_AWSElasticBlockStoreVolumeSource(ref), + "k8s.io/api/core/v1.Affinity": schema_k8sio_api_core_v1_Affinity(ref), + "k8s.io/api/core/v1.AppArmorProfile": schema_k8sio_api_core_v1_AppArmorProfile(ref), + "k8s.io/api/core/v1.AttachedVolume": schema_k8sio_api_core_v1_AttachedVolume(ref), + "k8s.io/api/core/v1.AvoidPods": schema_k8sio_api_core_v1_AvoidPods(ref), + "k8s.io/api/core/v1.AzureDiskVolumeSource": schema_k8sio_api_core_v1_AzureDiskVolumeSource(ref), + "k8s.io/api/core/v1.AzureFilePersistentVolumeSource": schema_k8sio_api_core_v1_AzureFilePersistentVolumeSource(ref), + "k8s.io/api/core/v1.AzureFileVolumeSource": schema_k8sio_api_core_v1_AzureFileVolumeSource(ref), + "k8s.io/api/core/v1.Binding": schema_k8sio_api_core_v1_Binding(ref), + "k8s.io/api/core/v1.CSIPersistentVolumeSource": schema_k8sio_api_core_v1_CSIPersistentVolumeSource(ref), + "k8s.io/api/core/v1.CSIVolumeSource": schema_k8sio_api_core_v1_CSIVolumeSource(ref), + "k8s.io/api/core/v1.Capabilities": schema_k8sio_api_core_v1_Capabilities(ref), + "k8s.io/api/core/v1.CephFSPersistentVolumeSource": schema_k8sio_api_core_v1_CephFSPersistentVolumeSource(ref), + "k8s.io/api/core/v1.CephFSVolumeSource": schema_k8sio_api_core_v1_CephFSVolumeSource(ref), + "k8s.io/api/core/v1.CinderPersistentVolumeSource": schema_k8sio_api_core_v1_CinderPersistentVolumeSource(ref), + "k8s.io/api/core/v1.CinderVolumeSource": schema_k8sio_api_core_v1_CinderVolumeSource(ref), + "k8s.io/api/core/v1.ClientIPConfig": schema_k8sio_api_core_v1_ClientIPConfig(ref), + "k8s.io/api/core/v1.ClusterTrustBundleProjection": schema_k8sio_api_core_v1_ClusterTrustBundleProjection(ref), + "k8s.io/api/core/v1.ComponentCondition": schema_k8sio_api_core_v1_ComponentCondition(ref), + "k8s.io/api/core/v1.ComponentStatus": schema_k8sio_api_core_v1_ComponentStatus(ref), + "k8s.io/api/core/v1.ComponentStatusList": schema_k8sio_api_core_v1_ComponentStatusList(ref), + "k8s.io/api/core/v1.ConfigMap": schema_k8sio_api_core_v1_ConfigMap(ref), + "k8s.io/api/core/v1.ConfigMapEnvSource": schema_k8sio_api_core_v1_ConfigMapEnvSource(ref), + "k8s.io/api/core/v1.ConfigMapKeySelector": schema_k8sio_api_core_v1_ConfigMapKeySelector(ref), + "k8s.io/api/core/v1.ConfigMapList": schema_k8sio_api_core_v1_ConfigMapList(ref), + "k8s.io/api/core/v1.ConfigMapNodeConfigSource": schema_k8sio_api_core_v1_ConfigMapNodeConfigSource(ref), + "k8s.io/api/core/v1.ConfigMapProjection": schema_k8sio_api_core_v1_ConfigMapProjection(ref), + "k8s.io/api/core/v1.ConfigMapVolumeSource": schema_k8sio_api_core_v1_ConfigMapVolumeSource(ref), + "k8s.io/api/core/v1.Container": schema_k8sio_api_core_v1_Container(ref), + "k8s.io/api/core/v1.ContainerExtendedResourceRequest": schema_k8sio_api_core_v1_ContainerExtendedResourceRequest(ref), + "k8s.io/api/core/v1.ContainerImage": schema_k8sio_api_core_v1_ContainerImage(ref), + "k8s.io/api/core/v1.ContainerPort": schema_k8sio_api_core_v1_ContainerPort(ref), + "k8s.io/api/core/v1.ContainerResizePolicy": schema_k8sio_api_core_v1_ContainerResizePolicy(ref), + "k8s.io/api/core/v1.ContainerRestartRule": schema_k8sio_api_core_v1_ContainerRestartRule(ref), + "k8s.io/api/core/v1.ContainerRestartRuleOnExitCodes": schema_k8sio_api_core_v1_ContainerRestartRuleOnExitCodes(ref), + "k8s.io/api/core/v1.ContainerState": schema_k8sio_api_core_v1_ContainerState(ref), + "k8s.io/api/core/v1.ContainerStateRunning": schema_k8sio_api_core_v1_ContainerStateRunning(ref), + "k8s.io/api/core/v1.ContainerStateTerminated": schema_k8sio_api_core_v1_ContainerStateTerminated(ref), + "k8s.io/api/core/v1.ContainerStateWaiting": schema_k8sio_api_core_v1_ContainerStateWaiting(ref), + "k8s.io/api/core/v1.ContainerStatus": schema_k8sio_api_core_v1_ContainerStatus(ref), + "k8s.io/api/core/v1.ContainerUser": schema_k8sio_api_core_v1_ContainerUser(ref), + "k8s.io/api/core/v1.DaemonEndpoint": schema_k8sio_api_core_v1_DaemonEndpoint(ref), + "k8s.io/api/core/v1.DownwardAPIProjection": schema_k8sio_api_core_v1_DownwardAPIProjection(ref), + "k8s.io/api/core/v1.DownwardAPIVolumeFile": schema_k8sio_api_core_v1_DownwardAPIVolumeFile(ref), + "k8s.io/api/core/v1.DownwardAPIVolumeSource": schema_k8sio_api_core_v1_DownwardAPIVolumeSource(ref), + "k8s.io/api/core/v1.EmptyDirVolumeSource": schema_k8sio_api_core_v1_EmptyDirVolumeSource(ref), + "k8s.io/api/core/v1.EndpointAddress": schema_k8sio_api_core_v1_EndpointAddress(ref), + "k8s.io/api/core/v1.EndpointPort": schema_k8sio_api_core_v1_EndpointPort(ref), + "k8s.io/api/core/v1.EndpointSubset": schema_k8sio_api_core_v1_EndpointSubset(ref), + "k8s.io/api/core/v1.Endpoints": schema_k8sio_api_core_v1_Endpoints(ref), + "k8s.io/api/core/v1.EndpointsList": schema_k8sio_api_core_v1_EndpointsList(ref), + "k8s.io/api/core/v1.EnvFromSource": schema_k8sio_api_core_v1_EnvFromSource(ref), + "k8s.io/api/core/v1.EnvVar": schema_k8sio_api_core_v1_EnvVar(ref), + "k8s.io/api/core/v1.EnvVarSource": schema_k8sio_api_core_v1_EnvVarSource(ref), + "k8s.io/api/core/v1.EphemeralContainer": schema_k8sio_api_core_v1_EphemeralContainer(ref), + "k8s.io/api/core/v1.EphemeralContainerCommon": schema_k8sio_api_core_v1_EphemeralContainerCommon(ref), + "k8s.io/api/core/v1.EphemeralVolumeSource": schema_k8sio_api_core_v1_EphemeralVolumeSource(ref), + "k8s.io/api/core/v1.Event": schema_k8sio_api_core_v1_Event(ref), + "k8s.io/api/core/v1.EventList": schema_k8sio_api_core_v1_EventList(ref), + "k8s.io/api/core/v1.EventSeries": schema_k8sio_api_core_v1_EventSeries(ref), + "k8s.io/api/core/v1.EventSource": schema_k8sio_api_core_v1_EventSource(ref), + "k8s.io/api/core/v1.ExecAction": schema_k8sio_api_core_v1_ExecAction(ref), + "k8s.io/api/core/v1.FCVolumeSource": schema_k8sio_api_core_v1_FCVolumeSource(ref), + "k8s.io/api/core/v1.FileKeySelector": schema_k8sio_api_core_v1_FileKeySelector(ref), + "k8s.io/api/core/v1.FlexPersistentVolumeSource": schema_k8sio_api_core_v1_FlexPersistentVolumeSource(ref), + "k8s.io/api/core/v1.FlexVolumeSource": schema_k8sio_api_core_v1_FlexVolumeSource(ref), + "k8s.io/api/core/v1.FlockerVolumeSource": schema_k8sio_api_core_v1_FlockerVolumeSource(ref), + "k8s.io/api/core/v1.GCEPersistentDiskVolumeSource": schema_k8sio_api_core_v1_GCEPersistentDiskVolumeSource(ref), + "k8s.io/api/core/v1.GRPCAction": schema_k8sio_api_core_v1_GRPCAction(ref), + "k8s.io/api/core/v1.GitRepoVolumeSource": schema_k8sio_api_core_v1_GitRepoVolumeSource(ref), + "k8s.io/api/core/v1.GlusterfsPersistentVolumeSource": schema_k8sio_api_core_v1_GlusterfsPersistentVolumeSource(ref), + "k8s.io/api/core/v1.GlusterfsVolumeSource": schema_k8sio_api_core_v1_GlusterfsVolumeSource(ref), + "k8s.io/api/core/v1.HTTPGetAction": schema_k8sio_api_core_v1_HTTPGetAction(ref), + "k8s.io/api/core/v1.HTTPHeader": schema_k8sio_api_core_v1_HTTPHeader(ref), + "k8s.io/api/core/v1.HostAlias": schema_k8sio_api_core_v1_HostAlias(ref), + "k8s.io/api/core/v1.HostIP": schema_k8sio_api_core_v1_HostIP(ref), + "k8s.io/api/core/v1.HostPathVolumeSource": schema_k8sio_api_core_v1_HostPathVolumeSource(ref), + "k8s.io/api/core/v1.ISCSIPersistentVolumeSource": schema_k8sio_api_core_v1_ISCSIPersistentVolumeSource(ref), + "k8s.io/api/core/v1.ISCSIVolumeSource": schema_k8sio_api_core_v1_ISCSIVolumeSource(ref), + "k8s.io/api/core/v1.ImageVolumeSource": schema_k8sio_api_core_v1_ImageVolumeSource(ref), + "k8s.io/api/core/v1.KeyToPath": schema_k8sio_api_core_v1_KeyToPath(ref), + "k8s.io/api/core/v1.Lifecycle": schema_k8sio_api_core_v1_Lifecycle(ref), + "k8s.io/api/core/v1.LifecycleHandler": schema_k8sio_api_core_v1_LifecycleHandler(ref), + "k8s.io/api/core/v1.LimitRange": schema_k8sio_api_core_v1_LimitRange(ref), + "k8s.io/api/core/v1.LimitRangeItem": schema_k8sio_api_core_v1_LimitRangeItem(ref), + "k8s.io/api/core/v1.LimitRangeList": schema_k8sio_api_core_v1_LimitRangeList(ref), + "k8s.io/api/core/v1.LimitRangeSpec": schema_k8sio_api_core_v1_LimitRangeSpec(ref), + "k8s.io/api/core/v1.LinuxContainerUser": schema_k8sio_api_core_v1_LinuxContainerUser(ref), + "k8s.io/api/core/v1.List": schema_k8sio_api_core_v1_List(ref), + "k8s.io/api/core/v1.LoadBalancerIngress": schema_k8sio_api_core_v1_LoadBalancerIngress(ref), + "k8s.io/api/core/v1.LoadBalancerStatus": schema_k8sio_api_core_v1_LoadBalancerStatus(ref), + "k8s.io/api/core/v1.LocalObjectReference": schema_k8sio_api_core_v1_LocalObjectReference(ref), + "k8s.io/api/core/v1.LocalVolumeSource": schema_k8sio_api_core_v1_LocalVolumeSource(ref), + "k8s.io/api/core/v1.ModifyVolumeStatus": schema_k8sio_api_core_v1_ModifyVolumeStatus(ref), + "k8s.io/api/core/v1.NFSVolumeSource": schema_k8sio_api_core_v1_NFSVolumeSource(ref), + "k8s.io/api/core/v1.Namespace": schema_k8sio_api_core_v1_Namespace(ref), + "k8s.io/api/core/v1.NamespaceCondition": schema_k8sio_api_core_v1_NamespaceCondition(ref), + "k8s.io/api/core/v1.NamespaceList": schema_k8sio_api_core_v1_NamespaceList(ref), + "k8s.io/api/core/v1.NamespaceSpec": schema_k8sio_api_core_v1_NamespaceSpec(ref), + "k8s.io/api/core/v1.NamespaceStatus": schema_k8sio_api_core_v1_NamespaceStatus(ref), + "k8s.io/api/core/v1.Node": schema_k8sio_api_core_v1_Node(ref), + "k8s.io/api/core/v1.NodeAddress": schema_k8sio_api_core_v1_NodeAddress(ref), + "k8s.io/api/core/v1.NodeAffinity": schema_k8sio_api_core_v1_NodeAffinity(ref), + "k8s.io/api/core/v1.NodeCondition": schema_k8sio_api_core_v1_NodeCondition(ref), + "k8s.io/api/core/v1.NodeConfigSource": schema_k8sio_api_core_v1_NodeConfigSource(ref), + "k8s.io/api/core/v1.NodeConfigStatus": schema_k8sio_api_core_v1_NodeConfigStatus(ref), + "k8s.io/api/core/v1.NodeDaemonEndpoints": schema_k8sio_api_core_v1_NodeDaemonEndpoints(ref), + "k8s.io/api/core/v1.NodeFeatures": schema_k8sio_api_core_v1_NodeFeatures(ref), + "k8s.io/api/core/v1.NodeList": schema_k8sio_api_core_v1_NodeList(ref), + "k8s.io/api/core/v1.NodeProxyOptions": schema_k8sio_api_core_v1_NodeProxyOptions(ref), + "k8s.io/api/core/v1.NodeRuntimeHandler": schema_k8sio_api_core_v1_NodeRuntimeHandler(ref), + "k8s.io/api/core/v1.NodeRuntimeHandlerFeatures": schema_k8sio_api_core_v1_NodeRuntimeHandlerFeatures(ref), + "k8s.io/api/core/v1.NodeSelector": schema_k8sio_api_core_v1_NodeSelector(ref), + "k8s.io/api/core/v1.NodeSelectorRequirement": schema_k8sio_api_core_v1_NodeSelectorRequirement(ref), + "k8s.io/api/core/v1.NodeSelectorTerm": schema_k8sio_api_core_v1_NodeSelectorTerm(ref), + "k8s.io/api/core/v1.NodeSpec": schema_k8sio_api_core_v1_NodeSpec(ref), + "k8s.io/api/core/v1.NodeStatus": schema_k8sio_api_core_v1_NodeStatus(ref), + "k8s.io/api/core/v1.NodeSwapStatus": schema_k8sio_api_core_v1_NodeSwapStatus(ref), + "k8s.io/api/core/v1.NodeSystemInfo": schema_k8sio_api_core_v1_NodeSystemInfo(ref), + "k8s.io/api/core/v1.ObjectFieldSelector": schema_k8sio_api_core_v1_ObjectFieldSelector(ref), + "k8s.io/api/core/v1.ObjectReference": schema_k8sio_api_core_v1_ObjectReference(ref), + "k8s.io/api/core/v1.PersistentVolume": schema_k8sio_api_core_v1_PersistentVolume(ref), + "k8s.io/api/core/v1.PersistentVolumeClaim": schema_k8sio_api_core_v1_PersistentVolumeClaim(ref), + "k8s.io/api/core/v1.PersistentVolumeClaimCondition": schema_k8sio_api_core_v1_PersistentVolumeClaimCondition(ref), + "k8s.io/api/core/v1.PersistentVolumeClaimList": schema_k8sio_api_core_v1_PersistentVolumeClaimList(ref), + "k8s.io/api/core/v1.PersistentVolumeClaimSpec": schema_k8sio_api_core_v1_PersistentVolumeClaimSpec(ref), + "k8s.io/api/core/v1.PersistentVolumeClaimStatus": schema_k8sio_api_core_v1_PersistentVolumeClaimStatus(ref), + "k8s.io/api/core/v1.PersistentVolumeClaimTemplate": schema_k8sio_api_core_v1_PersistentVolumeClaimTemplate(ref), + "k8s.io/api/core/v1.PersistentVolumeClaimVolumeSource": schema_k8sio_api_core_v1_PersistentVolumeClaimVolumeSource(ref), + "k8s.io/api/core/v1.PersistentVolumeList": schema_k8sio_api_core_v1_PersistentVolumeList(ref), + "k8s.io/api/core/v1.PersistentVolumeSource": schema_k8sio_api_core_v1_PersistentVolumeSource(ref), + "k8s.io/api/core/v1.PersistentVolumeSpec": schema_k8sio_api_core_v1_PersistentVolumeSpec(ref), + "k8s.io/api/core/v1.PersistentVolumeStatus": schema_k8sio_api_core_v1_PersistentVolumeStatus(ref), + "k8s.io/api/core/v1.PhotonPersistentDiskVolumeSource": schema_k8sio_api_core_v1_PhotonPersistentDiskVolumeSource(ref), + "k8s.io/api/core/v1.Pod": schema_k8sio_api_core_v1_Pod(ref), + "k8s.io/api/core/v1.PodAffinity": schema_k8sio_api_core_v1_PodAffinity(ref), + "k8s.io/api/core/v1.PodAffinityTerm": schema_k8sio_api_core_v1_PodAffinityTerm(ref), + "k8s.io/api/core/v1.PodAntiAffinity": schema_k8sio_api_core_v1_PodAntiAffinity(ref), + "k8s.io/api/core/v1.PodAttachOptions": schema_k8sio_api_core_v1_PodAttachOptions(ref), + "k8s.io/api/core/v1.PodCertificateProjection": schema_k8sio_api_core_v1_PodCertificateProjection(ref), + "k8s.io/api/core/v1.PodCondition": schema_k8sio_api_core_v1_PodCondition(ref), + "k8s.io/api/core/v1.PodDNSConfig": schema_k8sio_api_core_v1_PodDNSConfig(ref), + "k8s.io/api/core/v1.PodDNSConfigOption": schema_k8sio_api_core_v1_PodDNSConfigOption(ref), + "k8s.io/api/core/v1.PodExecOptions": schema_k8sio_api_core_v1_PodExecOptions(ref), + "k8s.io/api/core/v1.PodExtendedResourceClaimStatus": schema_k8sio_api_core_v1_PodExtendedResourceClaimStatus(ref), + "k8s.io/api/core/v1.PodIP": schema_k8sio_api_core_v1_PodIP(ref), + "k8s.io/api/core/v1.PodList": schema_k8sio_api_core_v1_PodList(ref), + "k8s.io/api/core/v1.PodLogOptions": schema_k8sio_api_core_v1_PodLogOptions(ref), + "k8s.io/api/core/v1.PodOS": schema_k8sio_api_core_v1_PodOS(ref), + "k8s.io/api/core/v1.PodPortForwardOptions": schema_k8sio_api_core_v1_PodPortForwardOptions(ref), + "k8s.io/api/core/v1.PodProxyOptions": schema_k8sio_api_core_v1_PodProxyOptions(ref), + "k8s.io/api/core/v1.PodReadinessGate": schema_k8sio_api_core_v1_PodReadinessGate(ref), + "k8s.io/api/core/v1.PodResourceClaim": schema_k8sio_api_core_v1_PodResourceClaim(ref), + "k8s.io/api/core/v1.PodResourceClaimStatus": schema_k8sio_api_core_v1_PodResourceClaimStatus(ref), + "k8s.io/api/core/v1.PodSchedulingGate": schema_k8sio_api_core_v1_PodSchedulingGate(ref), + "k8s.io/api/core/v1.PodSecurityContext": schema_k8sio_api_core_v1_PodSecurityContext(ref), + "k8s.io/api/core/v1.PodSignature": schema_k8sio_api_core_v1_PodSignature(ref), + "k8s.io/api/core/v1.PodSpec": schema_k8sio_api_core_v1_PodSpec(ref), + "k8s.io/api/core/v1.PodStatus": schema_k8sio_api_core_v1_PodStatus(ref), + "k8s.io/api/core/v1.PodStatusResult": schema_k8sio_api_core_v1_PodStatusResult(ref), + "k8s.io/api/core/v1.PodTemplate": schema_k8sio_api_core_v1_PodTemplate(ref), + "k8s.io/api/core/v1.PodTemplateList": schema_k8sio_api_core_v1_PodTemplateList(ref), + "k8s.io/api/core/v1.PodTemplateSpec": schema_k8sio_api_core_v1_PodTemplateSpec(ref), + "k8s.io/api/core/v1.PortStatus": schema_k8sio_api_core_v1_PortStatus(ref), + "k8s.io/api/core/v1.PortworxVolumeSource": schema_k8sio_api_core_v1_PortworxVolumeSource(ref), + "k8s.io/api/core/v1.PreferAvoidPodsEntry": schema_k8sio_api_core_v1_PreferAvoidPodsEntry(ref), + "k8s.io/api/core/v1.PreferredSchedulingTerm": schema_k8sio_api_core_v1_PreferredSchedulingTerm(ref), + "k8s.io/api/core/v1.Probe": schema_k8sio_api_core_v1_Probe(ref), + "k8s.io/api/core/v1.ProbeHandler": schema_k8sio_api_core_v1_ProbeHandler(ref), + "k8s.io/api/core/v1.ProjectedVolumeSource": schema_k8sio_api_core_v1_ProjectedVolumeSource(ref), + "k8s.io/api/core/v1.QuobyteVolumeSource": schema_k8sio_api_core_v1_QuobyteVolumeSource(ref), + "k8s.io/api/core/v1.RBDPersistentVolumeSource": schema_k8sio_api_core_v1_RBDPersistentVolumeSource(ref), + "k8s.io/api/core/v1.RBDVolumeSource": schema_k8sio_api_core_v1_RBDVolumeSource(ref), + "k8s.io/api/core/v1.RangeAllocation": schema_k8sio_api_core_v1_RangeAllocation(ref), + "k8s.io/api/core/v1.ReplicationController": schema_k8sio_api_core_v1_ReplicationController(ref), + "k8s.io/api/core/v1.ReplicationControllerCondition": schema_k8sio_api_core_v1_ReplicationControllerCondition(ref), + "k8s.io/api/core/v1.ReplicationControllerList": schema_k8sio_api_core_v1_ReplicationControllerList(ref), + "k8s.io/api/core/v1.ReplicationControllerSpec": schema_k8sio_api_core_v1_ReplicationControllerSpec(ref), + "k8s.io/api/core/v1.ReplicationControllerStatus": schema_k8sio_api_core_v1_ReplicationControllerStatus(ref), + "k8s.io/api/core/v1.ResourceClaim": schema_k8sio_api_core_v1_ResourceClaim(ref), + "k8s.io/api/core/v1.ResourceFieldSelector": schema_k8sio_api_core_v1_ResourceFieldSelector(ref), + "k8s.io/api/core/v1.ResourceHealth": schema_k8sio_api_core_v1_ResourceHealth(ref), + "k8s.io/api/core/v1.ResourceQuota": schema_k8sio_api_core_v1_ResourceQuota(ref), + "k8s.io/api/core/v1.ResourceQuotaList": schema_k8sio_api_core_v1_ResourceQuotaList(ref), + "k8s.io/api/core/v1.ResourceQuotaSpec": schema_k8sio_api_core_v1_ResourceQuotaSpec(ref), + "k8s.io/api/core/v1.ResourceQuotaStatus": schema_k8sio_api_core_v1_ResourceQuotaStatus(ref), + "k8s.io/api/core/v1.ResourceRequirements": schema_k8sio_api_core_v1_ResourceRequirements(ref), + "k8s.io/api/core/v1.ResourceStatus": schema_k8sio_api_core_v1_ResourceStatus(ref), + "k8s.io/api/core/v1.SELinuxOptions": schema_k8sio_api_core_v1_SELinuxOptions(ref), + "k8s.io/api/core/v1.ScaleIOPersistentVolumeSource": schema_k8sio_api_core_v1_ScaleIOPersistentVolumeSource(ref), + "k8s.io/api/core/v1.ScaleIOVolumeSource": schema_k8sio_api_core_v1_ScaleIOVolumeSource(ref), + "k8s.io/api/core/v1.ScopeSelector": schema_k8sio_api_core_v1_ScopeSelector(ref), + "k8s.io/api/core/v1.ScopedResourceSelectorRequirement": schema_k8sio_api_core_v1_ScopedResourceSelectorRequirement(ref), + "k8s.io/api/core/v1.SeccompProfile": schema_k8sio_api_core_v1_SeccompProfile(ref), + "k8s.io/api/core/v1.Secret": schema_k8sio_api_core_v1_Secret(ref), + "k8s.io/api/core/v1.SecretEnvSource": schema_k8sio_api_core_v1_SecretEnvSource(ref), + "k8s.io/api/core/v1.SecretKeySelector": schema_k8sio_api_core_v1_SecretKeySelector(ref), + "k8s.io/api/core/v1.SecretList": schema_k8sio_api_core_v1_SecretList(ref), + "k8s.io/api/core/v1.SecretProjection": schema_k8sio_api_core_v1_SecretProjection(ref), + "k8s.io/api/core/v1.SecretReference": schema_k8sio_api_core_v1_SecretReference(ref), + "k8s.io/api/core/v1.SecretVolumeSource": schema_k8sio_api_core_v1_SecretVolumeSource(ref), + "k8s.io/api/core/v1.SecurityContext": schema_k8sio_api_core_v1_SecurityContext(ref), + "k8s.io/api/core/v1.SerializedReference": schema_k8sio_api_core_v1_SerializedReference(ref), + "k8s.io/api/core/v1.Service": schema_k8sio_api_core_v1_Service(ref), + "k8s.io/api/core/v1.ServiceAccount": schema_k8sio_api_core_v1_ServiceAccount(ref), + "k8s.io/api/core/v1.ServiceAccountList": schema_k8sio_api_core_v1_ServiceAccountList(ref), + "k8s.io/api/core/v1.ServiceAccountTokenProjection": schema_k8sio_api_core_v1_ServiceAccountTokenProjection(ref), + "k8s.io/api/core/v1.ServiceList": schema_k8sio_api_core_v1_ServiceList(ref), + "k8s.io/api/core/v1.ServicePort": schema_k8sio_api_core_v1_ServicePort(ref), + "k8s.io/api/core/v1.ServiceProxyOptions": schema_k8sio_api_core_v1_ServiceProxyOptions(ref), + "k8s.io/api/core/v1.ServiceSpec": schema_k8sio_api_core_v1_ServiceSpec(ref), + "k8s.io/api/core/v1.ServiceStatus": schema_k8sio_api_core_v1_ServiceStatus(ref), + "k8s.io/api/core/v1.SessionAffinityConfig": schema_k8sio_api_core_v1_SessionAffinityConfig(ref), + "k8s.io/api/core/v1.SleepAction": schema_k8sio_api_core_v1_SleepAction(ref), + "k8s.io/api/core/v1.StorageOSPersistentVolumeSource": schema_k8sio_api_core_v1_StorageOSPersistentVolumeSource(ref), + "k8s.io/api/core/v1.StorageOSVolumeSource": schema_k8sio_api_core_v1_StorageOSVolumeSource(ref), + "k8s.io/api/core/v1.Sysctl": schema_k8sio_api_core_v1_Sysctl(ref), + "k8s.io/api/core/v1.TCPSocketAction": schema_k8sio_api_core_v1_TCPSocketAction(ref), + "k8s.io/api/core/v1.Taint": schema_k8sio_api_core_v1_Taint(ref), + "k8s.io/api/core/v1.Toleration": schema_k8sio_api_core_v1_Toleration(ref), + "k8s.io/api/core/v1.TopologySelectorLabelRequirement": schema_k8sio_api_core_v1_TopologySelectorLabelRequirement(ref), + "k8s.io/api/core/v1.TopologySelectorTerm": schema_k8sio_api_core_v1_TopologySelectorTerm(ref), + "k8s.io/api/core/v1.TopologySpreadConstraint": schema_k8sio_api_core_v1_TopologySpreadConstraint(ref), + "k8s.io/api/core/v1.TypedLocalObjectReference": schema_k8sio_api_core_v1_TypedLocalObjectReference(ref), + "k8s.io/api/core/v1.TypedObjectReference": schema_k8sio_api_core_v1_TypedObjectReference(ref), + "k8s.io/api/core/v1.Volume": schema_k8sio_api_core_v1_Volume(ref), + "k8s.io/api/core/v1.VolumeDevice": schema_k8sio_api_core_v1_VolumeDevice(ref), + "k8s.io/api/core/v1.VolumeMount": schema_k8sio_api_core_v1_VolumeMount(ref), + "k8s.io/api/core/v1.VolumeMountStatus": schema_k8sio_api_core_v1_VolumeMountStatus(ref), + "k8s.io/api/core/v1.VolumeNodeAffinity": schema_k8sio_api_core_v1_VolumeNodeAffinity(ref), + "k8s.io/api/core/v1.VolumeProjection": schema_k8sio_api_core_v1_VolumeProjection(ref), + "k8s.io/api/core/v1.VolumeResourceRequirements": schema_k8sio_api_core_v1_VolumeResourceRequirements(ref), + "k8s.io/api/core/v1.VolumeSource": schema_k8sio_api_core_v1_VolumeSource(ref), + "k8s.io/api/core/v1.VsphereVirtualDiskVolumeSource": schema_k8sio_api_core_v1_VsphereVirtualDiskVolumeSource(ref), + "k8s.io/api/core/v1.WeightedPodAffinityTerm": schema_k8sio_api_core_v1_WeightedPodAffinityTerm(ref), + "k8s.io/api/core/v1.WindowsSecurityContextOptions": schema_k8sio_api_core_v1_WindowsSecurityContextOptions(ref), + "k8s.io/api/rbac/v1.AggregationRule": schema_k8sio_api_rbac_v1_AggregationRule(ref), + "k8s.io/api/rbac/v1.ClusterRole": schema_k8sio_api_rbac_v1_ClusterRole(ref), + "k8s.io/api/rbac/v1.ClusterRoleBinding": schema_k8sio_api_rbac_v1_ClusterRoleBinding(ref), + "k8s.io/api/rbac/v1.ClusterRoleBindingList": schema_k8sio_api_rbac_v1_ClusterRoleBindingList(ref), + "k8s.io/api/rbac/v1.ClusterRoleList": schema_k8sio_api_rbac_v1_ClusterRoleList(ref), + "k8s.io/api/rbac/v1.PolicyRule": schema_k8sio_api_rbac_v1_PolicyRule(ref), + "k8s.io/api/rbac/v1.Role": schema_k8sio_api_rbac_v1_Role(ref), + "k8s.io/api/rbac/v1.RoleBinding": schema_k8sio_api_rbac_v1_RoleBinding(ref), + "k8s.io/api/rbac/v1.RoleBindingList": schema_k8sio_api_rbac_v1_RoleBindingList(ref), + "k8s.io/api/rbac/v1.RoleList": schema_k8sio_api_rbac_v1_RoleList(ref), + "k8s.io/api/rbac/v1.RoleRef": schema_k8sio_api_rbac_v1_RoleRef(ref), + "k8s.io/api/rbac/v1.Subject": schema_k8sio_api_rbac_v1_Subject(ref), + "k8s.io/apimachinery/pkg/api/resource.Quantity": schema_apimachinery_pkg_api_resource_Quantity(ref), + "k8s.io/apimachinery/pkg/api/resource.int64Amount": schema_apimachinery_pkg_api_resource_int64Amount(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroup": schema_pkg_apis_meta_v1_APIGroup(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroupList": schema_pkg_apis_meta_v1_APIGroupList(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIResource": schema_pkg_apis_meta_v1_APIResource(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIResourceList": schema_pkg_apis_meta_v1_APIResourceList(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.APIVersions": schema_pkg_apis_meta_v1_APIVersions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ApplyOptions": schema_pkg_apis_meta_v1_ApplyOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition": schema_pkg_apis_meta_v1_Condition(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.CreateOptions": schema_pkg_apis_meta_v1_CreateOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.DeleteOptions": schema_pkg_apis_meta_v1_DeleteOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Duration": schema_pkg_apis_meta_v1_Duration(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.FieldSelectorRequirement": schema_pkg_apis_meta_v1_FieldSelectorRequirement(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.FieldsV1": schema_pkg_apis_meta_v1_FieldsV1(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GetOptions": schema_pkg_apis_meta_v1_GetOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupKind": schema_pkg_apis_meta_v1_GroupKind(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupResource": schema_pkg_apis_meta_v1_GroupResource(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersion": schema_pkg_apis_meta_v1_GroupVersion(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionForDiscovery": schema_pkg_apis_meta_v1_GroupVersionForDiscovery(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionKind": schema_pkg_apis_meta_v1_GroupVersionKind(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionResource": schema_pkg_apis_meta_v1_GroupVersionResource(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.InternalEvent": schema_pkg_apis_meta_v1_InternalEvent(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector": schema_pkg_apis_meta_v1_LabelSelector(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement": schema_pkg_apis_meta_v1_LabelSelectorRequirement(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.List": schema_pkg_apis_meta_v1_List(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta": schema_pkg_apis_meta_v1_ListMeta(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ListOptions": schema_pkg_apis_meta_v1_ListOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ManagedFieldsEntry": schema_pkg_apis_meta_v1_ManagedFieldsEntry(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime": schema_pkg_apis_meta_v1_MicroTime(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta": schema_pkg_apis_meta_v1_ObjectMeta(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference": schema_pkg_apis_meta_v1_OwnerReference(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadata": schema_pkg_apis_meta_v1_PartialObjectMetadata(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadataList": schema_pkg_apis_meta_v1_PartialObjectMetadataList(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Patch": schema_pkg_apis_meta_v1_Patch(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.PatchOptions": schema_pkg_apis_meta_v1_PatchOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Preconditions": schema_pkg_apis_meta_v1_Preconditions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.RootPaths": schema_pkg_apis_meta_v1_RootPaths(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.ServerAddressByClientCIDR": schema_pkg_apis_meta_v1_ServerAddressByClientCIDR(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Status": schema_pkg_apis_meta_v1_Status(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.StatusCause": schema_pkg_apis_meta_v1_StatusCause(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.StatusDetails": schema_pkg_apis_meta_v1_StatusDetails(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Table": schema_pkg_apis_meta_v1_Table(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableColumnDefinition": schema_pkg_apis_meta_v1_TableColumnDefinition(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableOptions": schema_pkg_apis_meta_v1_TableOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableRow": schema_pkg_apis_meta_v1_TableRow(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TableRowCondition": schema_pkg_apis_meta_v1_TableRowCondition(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Time": schema_pkg_apis_meta_v1_Time(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.Timestamp": schema_pkg_apis_meta_v1_Timestamp(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.TypeMeta": schema_pkg_apis_meta_v1_TypeMeta(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.UpdateOptions": schema_pkg_apis_meta_v1_UpdateOptions(ref), + "k8s.io/apimachinery/pkg/apis/meta/v1.WatchEvent": schema_pkg_apis_meta_v1_WatchEvent(ref), + "k8s.io/apimachinery/pkg/runtime.RawExtension": schema_k8sio_apimachinery_pkg_runtime_RawExtension(ref), + "k8s.io/apimachinery/pkg/runtime.TypeMeta": schema_k8sio_apimachinery_pkg_runtime_TypeMeta(ref), + "k8s.io/apimachinery/pkg/runtime.Unknown": schema_k8sio_apimachinery_pkg_runtime_Unknown(ref), + "k8s.io/apimachinery/pkg/util/intstr.IntOrString": schema_apimachinery_pkg_util_intstr_IntOrString(ref), } } @@ -1765,7 +1741,7 @@ func schema_openshift_api_apiextensions_v1alpha1_APIExcludedField(ref common.Ref }, }, }, - Required: []string{"path", "versions"}, + Required: []string{"path"}, }, }, } @@ -1865,7 +1841,7 @@ func schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirement(ref co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -1887,7 +1863,7 @@ func schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirement(ref co }, }, Dependencies: []string{ - "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirementSpec", "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirementStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirementSpec", "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirementStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -1916,7 +1892,7 @@ func schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirementList(re SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -1937,7 +1913,7 @@ func schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirementList(re }, }, Dependencies: []string{ - "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirement", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirement", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -2001,7 +1977,7 @@ func schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirementStatus( Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -2025,7 +2001,7 @@ func schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirementStatus( }, }, Dependencies: []string{ - "github.com/openshift/api/apiextensions/v1alpha1.ObservedCRD", metav1.Condition{}.OpenAPIModelName()}, + "github.com/openshift/api/apiextensions/v1alpha1.ObservedCRD", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -2057,7 +2033,7 @@ func schema_openshift_api_apiextensions_v1alpha1_CompatibilitySchema(ref common. }, }, SchemaProps: spec.SchemaProps{ - Description: "excludedFields is a set of fields in the schema which will not be validated by crdSchemaValidation or objectSchemaValidation. The list may contain at most 64 fields. Each path in the list must be unique. When not specified, all fields in the schema will be validated.", + Description: "excludedFields is a set of fields in the schema which will not be validated by crdSchemaValidation or objectSchemaValidation. The list may contain at most 64 fields. When not specified, all fields in the schema will be validated.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -2119,14 +2095,14 @@ func schema_openshift_api_apiextensions_v1alpha1_ObjectSchemaValidation(ref comm SchemaProps: spec.SchemaProps{ Description: "namespaceSelector defines a label selector for namespaces. If defined, only objects in a namespace with matching labels will be subject to validation. When not specified, objects for validation will not be filtered by namespace.", Default: map[string]interface{}{}, - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, "objectSelector": { SchemaProps: spec.SchemaProps{ Description: "objectSelector defines a label selector for objects. If defined, only objects with matching labels will be subject to validation. When not specified, objects for validation will not be filtered by label.", Default: map[string]interface{}{}, - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, "matchConditions": { @@ -2145,7 +2121,7 @@ func schema_openshift_api_apiextensions_v1alpha1_ObjectSchemaValidation(ref comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(v1.MatchCondition{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.MatchCondition"), }, }, }, @@ -2156,7 +2132,7 @@ func schema_openshift_api_apiextensions_v1alpha1_ObjectSchemaValidation(ref comm }, }, Dependencies: []string{ - v1.MatchCondition{}.OpenAPIModelName(), metav1.LabelSelector{}.OpenAPIModelName()}, + "k8s.io/api/admissionregistration/v1.MatchCondition", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -2213,7 +2189,7 @@ func schema_openshift_api_apiserver_v1_APIRequestCount(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -2235,7 +2211,7 @@ func schema_openshift_api_apiserver_v1_APIRequestCount(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/apiserver/v1.APIRequestCountSpec", "github.com/openshift/api/apiserver/v1.APIRequestCountStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/apiserver/v1.APIRequestCountSpec", "github.com/openshift/api/apiserver/v1.APIRequestCountStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -2264,7 +2240,7 @@ func schema_openshift_api_apiserver_v1_APIRequestCountList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -2285,7 +2261,7 @@ func schema_openshift_api_apiserver_v1_APIRequestCountList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/apiserver/v1.APIRequestCount", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/apiserver/v1.APIRequestCount", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -2331,7 +2307,7 @@ func schema_openshift_api_apiserver_v1_APIRequestCountStatus(ref common.Referenc Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -2378,7 +2354,7 @@ func schema_openshift_api_apiserver_v1_APIRequestCountStatus(ref common.Referenc }, }, Dependencies: []string{ - "github.com/openshift/api/apiserver/v1.PerResourceAPIRequestLog", metav1.Condition{}.OpenAPIModelName()}, + "github.com/openshift/api/apiserver/v1.PerResourceAPIRequestLog", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -2572,7 +2548,7 @@ func schema_openshift_api_apps_v1_CustomDeploymentStrategyParams(ref common.Refe Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EnvVar"), }, }, }, @@ -2597,7 +2573,7 @@ func schema_openshift_api_apps_v1_CustomDeploymentStrategyParams(ref common.Refe }, }, Dependencies: []string{ - corev1.EnvVar{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.EnvVar"}, } } @@ -2642,7 +2618,7 @@ func schema_openshift_api_apps_v1_DeploymentCauseImageTrigger(ref common.Referen SchemaProps: spec.SchemaProps{ Description: "from is a reference to the changed object which triggered a deployment. The field may have the kinds DockerImage, ImageStreamTag, or ImageStreamImage.", Default: map[string]interface{}{}, - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, }, @@ -2650,7 +2626,7 @@ func schema_openshift_api_apps_v1_DeploymentCauseImageTrigger(ref common.Referen }, }, Dependencies: []string{ - corev1.ObjectReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ObjectReference"}, } } @@ -2680,13 +2656,13 @@ func schema_openshift_api_apps_v1_DeploymentCondition(ref common.ReferenceCallba "lastUpdateTime": { SchemaProps: spec.SchemaProps{ Description: "The last time this condition was updated.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "The last time the condition transitioned from one status to another.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "reason": { @@ -2708,7 +2684,7 @@ func schema_openshift_api_apps_v1_DeploymentCondition(ref common.ReferenceCallba }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -2737,7 +2713,7 @@ func schema_openshift_api_apps_v1_DeploymentConfig(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -2759,7 +2735,7 @@ func schema_openshift_api_apps_v1_DeploymentConfig(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/apps/v1.DeploymentConfigSpec", "github.com/openshift/api/apps/v1.DeploymentConfigStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/apps/v1.DeploymentConfigSpec", "github.com/openshift/api/apps/v1.DeploymentConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -2788,7 +2764,7 @@ func schema_openshift_api_apps_v1_DeploymentConfigList(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -2810,7 +2786,7 @@ func schema_openshift_api_apps_v1_DeploymentConfigList(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/apps/v1.DeploymentConfig", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/apps/v1.DeploymentConfig", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -2886,7 +2862,7 @@ func schema_openshift_api_apps_v1_DeploymentConfigRollbackSpec(ref common.Refere SchemaProps: spec.SchemaProps{ Description: "from points to a ReplicationController which is a deployment.", Default: map[string]interface{}{}, - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, "revision": { @@ -2933,7 +2909,7 @@ func schema_openshift_api_apps_v1_DeploymentConfigRollbackSpec(ref common.Refere }, }, Dependencies: []string{ - corev1.ObjectReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ObjectReference"}, } } @@ -3021,14 +2997,14 @@ func schema_openshift_api_apps_v1_DeploymentConfigSpec(ref common.ReferenceCallb "template": { SchemaProps: spec.SchemaProps{ Description: "template is the object that describes the pod that will be created if insufficient replicas are detected.", - Ref: ref(corev1.PodTemplateSpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodTemplateSpec"), }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/apps/v1.DeploymentStrategy", "github.com/openshift/api/apps/v1.DeploymentTriggerPolicy", corev1.PodTemplateSpec{}.OpenAPIModelName()}, + "github.com/openshift/api/apps/v1.DeploymentStrategy", "github.com/openshift/api/apps/v1.DeploymentTriggerPolicy", "k8s.io/api/core/v1.PodTemplateSpec"}, } } @@ -3244,7 +3220,7 @@ func schema_openshift_api_apps_v1_DeploymentLogOptions(ref common.ReferenceCallb "sinceTime": { SchemaProps: spec.SchemaProps{ Description: "An RFC3339 timestamp from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "timestamps": { @@ -3286,7 +3262,7 @@ func schema_openshift_api_apps_v1_DeploymentLogOptions(ref common.ReferenceCallb }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -3393,7 +3369,7 @@ func schema_openshift_api_apps_v1_DeploymentStrategy(ref common.ReferenceCallbac SchemaProps: spec.SchemaProps{ Description: "resources contains resource requirements to execute the deployment and any hooks.", Default: map[string]interface{}{}, - Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), }, }, "labels": { @@ -3439,7 +3415,7 @@ func schema_openshift_api_apps_v1_DeploymentStrategy(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "github.com/openshift/api/apps/v1.CustomDeploymentStrategyParams", "github.com/openshift/api/apps/v1.RecreateDeploymentStrategyParams", "github.com/openshift/api/apps/v1.RollingDeploymentStrategyParams", corev1.ResourceRequirements{}.OpenAPIModelName()}, + "github.com/openshift/api/apps/v1.CustomDeploymentStrategyParams", "github.com/openshift/api/apps/v1.RecreateDeploymentStrategyParams", "github.com/openshift/api/apps/v1.RollingDeploymentStrategyParams", "k8s.io/api/core/v1.ResourceRequirements"}, } } @@ -3476,7 +3452,7 @@ func schema_openshift_api_apps_v1_DeploymentTriggerImageChangeParams(ref common. SchemaProps: spec.SchemaProps{ Description: "from is a reference to an image stream tag to watch for changes. From.Name is the only required subfield - if From.Namespace is blank, the namespace of the current deployment trigger will be used.", Default: map[string]interface{}{}, - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, "lastTriggeredImage": { @@ -3491,7 +3467,7 @@ func schema_openshift_api_apps_v1_DeploymentTriggerImageChangeParams(ref common. }, }, Dependencies: []string{ - corev1.ObjectReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ObjectReference"}, } } @@ -3553,7 +3529,7 @@ func schema_openshift_api_apps_v1_ExecNewPodHook(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EnvVar"), }, }, }, @@ -3587,7 +3563,7 @@ func schema_openshift_api_apps_v1_ExecNewPodHook(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - corev1.EnvVar{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.EnvVar"}, } } @@ -3706,13 +3682,13 @@ func schema_openshift_api_apps_v1_RollingDeploymentStrategyParams(ref common.Ref "maxUnavailable": { SchemaProps: spec.SchemaProps{ Description: "maxUnavailable is the maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total pods at the start of update (ex: 10%). Absolute number is calculated from percentage by rounding down.\n\nThis cannot be 0 if MaxSurge is 0. By default, 25% is used.\n\nExample: when this is set to 30%, the old RC can be scaled down by 30% immediately when the rolling update starts. Once new pods are ready, old RC can be scaled down further, followed by scaling up the new RC, ensuring that at least 70% of original number of pods are available at all times during the update.", - Ref: ref(intstr.IntOrString{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/util/intstr.IntOrString"), }, }, "maxSurge": { SchemaProps: spec.SchemaProps{ Description: "maxSurge is the maximum number of pods that can be scheduled above the original number of pods. Value can be an absolute number (ex: 5) or a percentage of total pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up.\n\nThis cannot be 0 if MaxUnavailable is 0. By default, 25% is used.\n\nExample: when this is set to 30%, the new RC can be scaled up by 30% immediately when the rolling update starts. Once old pods have been killed, new RC can be scaled up further, ensuring that total number of pods running at any time during the update is atmost 130% of original pods.", - Ref: ref(intstr.IntOrString{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/util/intstr.IntOrString"), }, }, "pre": { @@ -3731,7 +3707,7 @@ func schema_openshift_api_apps_v1_RollingDeploymentStrategyParams(ref common.Ref }, }, Dependencies: []string{ - "github.com/openshift/api/apps/v1.LifecycleHook", intstr.IntOrString{}.OpenAPIModelName()}, + "github.com/openshift/api/apps/v1.LifecycleHook", "k8s.io/apimachinery/pkg/util/intstr.IntOrString"}, } } @@ -3754,7 +3730,7 @@ func schema_openshift_api_apps_v1_TagImageHook(ref common.ReferenceCallback) com SchemaProps: spec.SchemaProps{ Description: "to is the target ImageStreamTag to set the container's image onto.", Default: map[string]interface{}{}, - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, }, @@ -3762,7 +3738,7 @@ func schema_openshift_api_apps_v1_TagImageHook(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - corev1.ObjectReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ObjectReference"}, } } @@ -3840,7 +3816,7 @@ func schema_openshift_api_authorization_v1_Action(ref common.ReferenceCallback) "content": { SchemaProps: spec.SchemaProps{ Description: "content is the actual content of the request for create and update", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -3848,7 +3824,7 @@ func schema_openshift_api_authorization_v1_Action(ref common.ReferenceCallback) }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -3877,7 +3853,7 @@ func schema_openshift_api_authorization_v1_ClusterRole(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "rules": { @@ -3897,7 +3873,7 @@ func schema_openshift_api_authorization_v1_ClusterRole(ref common.ReferenceCallb "aggregationRule": { SchemaProps: spec.SchemaProps{ Description: "aggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller.", - Ref: ref(rbacv1.AggregationRule{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/rbac/v1.AggregationRule"), }, }, }, @@ -3905,7 +3881,7 @@ func schema_openshift_api_authorization_v1_ClusterRole(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/authorization/v1.PolicyRule", rbacv1.AggregationRule{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/authorization/v1.PolicyRule", "k8s.io/api/rbac/v1.AggregationRule", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -3934,7 +3910,7 @@ func schema_openshift_api_authorization_v1_ClusterRoleBinding(ref common.Referen SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "userNames": { @@ -3975,7 +3951,7 @@ func schema_openshift_api_authorization_v1_ClusterRoleBinding(ref common.Referen Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, }, @@ -3985,7 +3961,7 @@ func schema_openshift_api_authorization_v1_ClusterRoleBinding(ref common.Referen SchemaProps: spec.SchemaProps{ Description: "roleRef can only reference the current namespace and the global namespace. If the ClusterRoleRef cannot be resolved, the Authorizer must return an error. Since Policy is a singleton, this is sufficient knowledge to locate a role.", Default: map[string]interface{}{}, - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, }, @@ -3993,7 +3969,7 @@ func schema_openshift_api_authorization_v1_ClusterRoleBinding(ref common.Referen }, }, Dependencies: []string{ - corev1.ObjectReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -4022,7 +3998,7 @@ func schema_openshift_api_authorization_v1_ClusterRoleBindingList(ref common.Ref SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -4044,7 +4020,7 @@ func schema_openshift_api_authorization_v1_ClusterRoleBindingList(ref common.Ref }, }, Dependencies: []string{ - "github.com/openshift/api/authorization/v1.ClusterRoleBinding", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/authorization/v1.ClusterRoleBinding", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -4073,7 +4049,7 @@ func schema_openshift_api_authorization_v1_ClusterRoleList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -4095,7 +4071,7 @@ func schema_openshift_api_authorization_v1_ClusterRoleList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/authorization/v1.ClusterRole", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/authorization/v1.ClusterRole", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -4129,7 +4105,7 @@ func schema_openshift_api_authorization_v1_GroupRestriction(ref common.Reference Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, }, @@ -4140,7 +4116,7 @@ func schema_openshift_api_authorization_v1_GroupRestriction(ref common.Reference }, }, Dependencies: []string{ - metav1.LabelSelector{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -4196,7 +4172,7 @@ func schema_openshift_api_authorization_v1_LocalResourceAccessReview(ref common. SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "namespace": { @@ -4266,7 +4242,7 @@ func schema_openshift_api_authorization_v1_LocalResourceAccessReview(ref common. "content": { SchemaProps: spec.SchemaProps{ Description: "content is the actual content of the request for create and update", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -4274,7 +4250,7 @@ func schema_openshift_api_authorization_v1_LocalResourceAccessReview(ref common. }, }, Dependencies: []string{ - metav1.ObjectMeta{}.OpenAPIModelName(), runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -4303,7 +4279,7 @@ func schema_openshift_api_authorization_v1_LocalSubjectAccessReview(ref common.R SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "namespace": { @@ -4373,7 +4349,7 @@ func schema_openshift_api_authorization_v1_LocalSubjectAccessReview(ref common.R "content": { SchemaProps: spec.SchemaProps{ Description: "content is the actual content of the request for create and update", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "user": { @@ -4419,7 +4395,7 @@ func schema_openshift_api_authorization_v1_LocalSubjectAccessReview(ref common.R }, }, Dependencies: []string{ - metav1.ObjectMeta{}.OpenAPIModelName(), runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -4572,7 +4548,7 @@ func schema_openshift_api_authorization_v1_PolicyRule(ref common.ReferenceCallba "attributeRestrictions": { SchemaProps: spec.SchemaProps{ Description: "attributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder pair supports. If the Authorizer does not recognize how to handle the AttributeRestrictions, the Authorizer should report an error.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "apiGroups": { @@ -4640,7 +4616,7 @@ func schema_openshift_api_authorization_v1_PolicyRule(ref common.ReferenceCallba }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -4669,7 +4645,7 @@ func schema_openshift_api_authorization_v1_ResourceAccessReview(ref common.Refer SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "namespace": { @@ -4739,7 +4715,7 @@ func schema_openshift_api_authorization_v1_ResourceAccessReview(ref common.Refer "content": { SchemaProps: spec.SchemaProps{ Description: "content is the actual content of the request for create and update", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -4747,7 +4723,7 @@ func schema_openshift_api_authorization_v1_ResourceAccessReview(ref common.Refer }, }, Dependencies: []string{ - metav1.ObjectMeta{}.OpenAPIModelName(), runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -4849,7 +4825,7 @@ func schema_openshift_api_authorization_v1_Role(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "rules": { @@ -4871,7 +4847,7 @@ func schema_openshift_api_authorization_v1_Role(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/authorization/v1.PolicyRule", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/authorization/v1.PolicyRule", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -4900,7 +4876,7 @@ func schema_openshift_api_authorization_v1_RoleBinding(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "userNames": { @@ -4941,7 +4917,7 @@ func schema_openshift_api_authorization_v1_RoleBinding(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, }, @@ -4951,7 +4927,7 @@ func schema_openshift_api_authorization_v1_RoleBinding(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "roleRef can only reference the current namespace and the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. Since Policy is a singleton, this is sufficient knowledge to locate a role.", Default: map[string]interface{}{}, - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, }, @@ -4959,7 +4935,7 @@ func schema_openshift_api_authorization_v1_RoleBinding(ref common.ReferenceCallb }, }, Dependencies: []string{ - corev1.ObjectReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -4988,7 +4964,7 @@ func schema_openshift_api_authorization_v1_RoleBindingList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -5010,7 +4986,7 @@ func schema_openshift_api_authorization_v1_RoleBindingList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/authorization/v1.RoleBinding", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/authorization/v1.RoleBinding", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -5039,7 +5015,7 @@ func schema_openshift_api_authorization_v1_RoleBindingRestriction(ref common.Ref SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -5054,7 +5030,7 @@ func schema_openshift_api_authorization_v1_RoleBindingRestriction(ref common.Ref }, }, Dependencies: []string{ - "github.com/openshift/api/authorization/v1.RoleBindingRestrictionSpec", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/authorization/v1.RoleBindingRestrictionSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -5083,7 +5059,7 @@ func schema_openshift_api_authorization_v1_RoleBindingRestrictionList(ref common SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -5105,7 +5081,7 @@ func schema_openshift_api_authorization_v1_RoleBindingRestrictionList(ref common }, }, Dependencies: []string{ - "github.com/openshift/api/authorization/v1.RoleBindingRestriction", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/authorization/v1.RoleBindingRestriction", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -5168,7 +5144,7 @@ func schema_openshift_api_authorization_v1_RoleList(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -5190,7 +5166,7 @@ func schema_openshift_api_authorization_v1_RoleList(ref common.ReferenceCallback }, }, Dependencies: []string{ - "github.com/openshift/api/authorization/v1.Role", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/authorization/v1.Role", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -5219,7 +5195,7 @@ func schema_openshift_api_authorization_v1_SelfSubjectRulesReview(ref common.Ref SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -5241,7 +5217,7 @@ func schema_openshift_api_authorization_v1_SelfSubjectRulesReview(ref common.Ref }, }, Dependencies: []string{ - "github.com/openshift/api/authorization/v1.SelfSubjectRulesReviewSpec", "github.com/openshift/api/authorization/v1.SubjectRulesReviewStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/authorization/v1.SelfSubjectRulesReviewSpec", "github.com/openshift/api/authorization/v1.SubjectRulesReviewStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -5374,7 +5350,7 @@ func schema_openshift_api_authorization_v1_SubjectAccessReview(ref common.Refere SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "namespace": { @@ -5444,7 +5420,7 @@ func schema_openshift_api_authorization_v1_SubjectAccessReview(ref common.Refere "content": { SchemaProps: spec.SchemaProps{ Description: "content is the actual content of the request for create and update", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "user": { @@ -5490,7 +5466,7 @@ func schema_openshift_api_authorization_v1_SubjectAccessReview(ref common.Refere }, }, Dependencies: []string{ - metav1.ObjectMeta{}.OpenAPIModelName(), runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -5576,7 +5552,7 @@ func schema_openshift_api_authorization_v1_SubjectRulesReview(ref common.Referen SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -5598,7 +5574,7 @@ func schema_openshift_api_authorization_v1_SubjectRulesReview(ref common.Referen }, }, Dependencies: []string{ - "github.com/openshift/api/authorization/v1.SubjectRulesReviewSpec", "github.com/openshift/api/authorization/v1.SubjectRulesReviewStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/authorization/v1.SubjectRulesReviewSpec", "github.com/openshift/api/authorization/v1.SubjectRulesReviewStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -5735,7 +5711,7 @@ func schema_openshift_api_authorization_v1_UserRestriction(ref common.ReferenceC Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, }, @@ -5746,7 +5722,7 @@ func schema_openshift_api_authorization_v1_UserRestriction(ref common.ReferenceC }, }, Dependencies: []string{ - metav1.LabelSelector{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -5775,7 +5751,7 @@ func schema_openshift_api_build_v1_BinaryBuildRequestOptions(ref common.Referenc SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "asFile": { @@ -5831,7 +5807,7 @@ func schema_openshift_api_build_v1_BinaryBuildRequestOptions(ref common.Referenc }, }, Dependencies: []string{ - metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -5908,7 +5884,7 @@ func schema_openshift_api_build_v1_Build(ref common.ReferenceCallback) common.Op SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -5929,7 +5905,7 @@ func schema_openshift_api_build_v1_Build(ref common.ReferenceCallback) common.Op }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.BuildSpec", "github.com/openshift/api/build/v1.BuildStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/build/v1.BuildSpec", "github.com/openshift/api/build/v1.BuildStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -5959,13 +5935,13 @@ func schema_openshift_api_build_v1_BuildCondition(ref common.ReferenceCallback) "lastUpdateTime": { SchemaProps: spec.SchemaProps{ Description: "The last time this condition was updated.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "The last time the condition transitioned from one status to another.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "reason": { @@ -5987,7 +5963,7 @@ func schema_openshift_api_build_v1_BuildCondition(ref common.ReferenceCallback) }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -6016,7 +5992,7 @@ func schema_openshift_api_build_v1_BuildConfig(ref common.ReferenceCallback) com SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -6038,7 +6014,7 @@ func schema_openshift_api_build_v1_BuildConfig(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.BuildConfigSpec", "github.com/openshift/api/build/v1.BuildConfigStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/build/v1.BuildConfigSpec", "github.com/openshift/api/build/v1.BuildConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -6067,7 +6043,7 @@ func schema_openshift_api_build_v1_BuildConfigList(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -6089,7 +6065,7 @@ func schema_openshift_api_build_v1_BuildConfigList(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.BuildConfig", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/build/v1.BuildConfig", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -6159,7 +6135,7 @@ func schema_openshift_api_build_v1_BuildConfigSpec(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "resources computes resource requirements to execute the build.", Default: map[string]interface{}{}, - Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), }, }, "postCommit": { @@ -6218,7 +6194,7 @@ func schema_openshift_api_build_v1_BuildConfigSpec(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.BuildOutput", "github.com/openshift/api/build/v1.BuildPostCommitSpec", "github.com/openshift/api/build/v1.BuildSource", "github.com/openshift/api/build/v1.BuildStrategy", "github.com/openshift/api/build/v1.BuildTriggerPolicy", "github.com/openshift/api/build/v1.SourceRevision", corev1.ResourceRequirements{}.OpenAPIModelName()}, + "github.com/openshift/api/build/v1.BuildOutput", "github.com/openshift/api/build/v1.BuildPostCommitSpec", "github.com/openshift/api/build/v1.BuildSource", "github.com/openshift/api/build/v1.BuildStrategy", "github.com/openshift/api/build/v1.BuildTriggerPolicy", "github.com/openshift/api/build/v1.SourceRevision", "k8s.io/api/core/v1.ResourceRequirements"}, } } @@ -6284,7 +6260,7 @@ func schema_openshift_api_build_v1_BuildList(ref common.ReferenceCallback) commo SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -6306,7 +6282,7 @@ func schema_openshift_api_build_v1_BuildList(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.Build", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/build/v1.Build", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -6389,7 +6365,7 @@ func schema_openshift_api_build_v1_BuildLogOptions(ref common.ReferenceCallback) "sinceTime": { SchemaProps: spec.SchemaProps{ Description: "sinceTime is an RFC3339 timestamp from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "timestamps": { @@ -6438,7 +6414,7 @@ func schema_openshift_api_build_v1_BuildLogOptions(ref common.ReferenceCallback) }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -6452,13 +6428,13 @@ func schema_openshift_api_build_v1_BuildOutput(ref common.ReferenceCallback) com "to": { SchemaProps: spec.SchemaProps{ Description: "to defines an optional location to push the output of this build to. Kind must be one of 'ImageStreamTag' or 'DockerImage'. This value will be used to look up a container image repository to push to. In the case of an ImageStreamTag, the ImageStreamTag will be looked for in the namespace of the build unless Namespace is specified.", - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, "pushSecret": { SchemaProps: spec.SchemaProps{ Description: "pushSecret is the name of a Secret that would be used for setting up the authentication for executing the Docker push to authentication enabled Docker Registry (or Docker Hub).", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, "imageLabels": { @@ -6479,7 +6455,7 @@ func schema_openshift_api_build_v1_BuildOutput(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.ImageLabel", corev1.LocalObjectReference{}.OpenAPIModelName(), corev1.ObjectReference{}.OpenAPIModelName()}, + "github.com/openshift/api/build/v1.ImageLabel", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.ObjectReference"}, } } @@ -6558,7 +6534,7 @@ func schema_openshift_api_build_v1_BuildRequest(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "revision": { @@ -6570,13 +6546,13 @@ func schema_openshift_api_build_v1_BuildRequest(ref common.ReferenceCallback) co "triggeredByImage": { SchemaProps: spec.SchemaProps{ Description: "triggeredByImage is the Image that triggered this build.", - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, "from": { SchemaProps: spec.SchemaProps{ Description: "from is the reference to the ImageStreamTag that triggered the build.", - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, "binary": { @@ -6600,7 +6576,7 @@ func schema_openshift_api_build_v1_BuildRequest(ref common.ReferenceCallback) co Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EnvVar"), }, }, }, @@ -6636,7 +6612,7 @@ func schema_openshift_api_build_v1_BuildRequest(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.BinaryBuildSource", "github.com/openshift/api/build/v1.BuildTriggerCause", "github.com/openshift/api/build/v1.DockerStrategyOptions", "github.com/openshift/api/build/v1.SourceRevision", "github.com/openshift/api/build/v1.SourceStrategyOptions", corev1.EnvVar{}.OpenAPIModelName(), corev1.ObjectReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/build/v1.BinaryBuildSource", "github.com/openshift/api/build/v1.BuildTriggerCause", "github.com/openshift/api/build/v1.DockerStrategyOptions", "github.com/openshift/api/build/v1.SourceRevision", "github.com/openshift/api/build/v1.SourceStrategyOptions", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -6697,7 +6673,7 @@ func schema_openshift_api_build_v1_BuildSource(ref common.ReferenceCallback) com "sourceSecret": { SchemaProps: spec.SchemaProps{ Description: "sourceSecret is the name of a Secret that would be used for setting up the authentication for cloning private repository. The secret contains valid credentials for remote repository, where the data's key represent the authentication method to be used and value is the base64 encoded credentials. Supported auth methods are: ssh-privatekey.", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, "secrets": { @@ -6732,7 +6708,7 @@ func schema_openshift_api_build_v1_BuildSource(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.BinaryBuildSource", "github.com/openshift/api/build/v1.ConfigMapBuildSource", "github.com/openshift/api/build/v1.GitBuildSource", "github.com/openshift/api/build/v1.ImageSource", "github.com/openshift/api/build/v1.SecretBuildSource", corev1.LocalObjectReference{}.OpenAPIModelName()}, + "github.com/openshift/api/build/v1.BinaryBuildSource", "github.com/openshift/api/build/v1.ConfigMapBuildSource", "github.com/openshift/api/build/v1.GitBuildSource", "github.com/openshift/api/build/v1.ImageSource", "github.com/openshift/api/build/v1.SecretBuildSource", "k8s.io/api/core/v1.LocalObjectReference"}, } } @@ -6781,7 +6757,7 @@ func schema_openshift_api_build_v1_BuildSpec(ref common.ReferenceCallback) commo SchemaProps: spec.SchemaProps{ Description: "resources computes resource requirements to execute the build.", Default: map[string]interface{}{}, - Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), }, }, "postCommit": { @@ -6840,7 +6816,7 @@ func schema_openshift_api_build_v1_BuildSpec(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.BuildOutput", "github.com/openshift/api/build/v1.BuildPostCommitSpec", "github.com/openshift/api/build/v1.BuildSource", "github.com/openshift/api/build/v1.BuildStrategy", "github.com/openshift/api/build/v1.BuildTriggerCause", "github.com/openshift/api/build/v1.SourceRevision", corev1.ResourceRequirements{}.OpenAPIModelName()}, + "github.com/openshift/api/build/v1.BuildOutput", "github.com/openshift/api/build/v1.BuildPostCommitSpec", "github.com/openshift/api/build/v1.BuildSource", "github.com/openshift/api/build/v1.BuildStrategy", "github.com/openshift/api/build/v1.BuildTriggerCause", "github.com/openshift/api/build/v1.SourceRevision", "k8s.io/api/core/v1.ResourceRequirements"}, } } @@ -6883,13 +6859,13 @@ func schema_openshift_api_build_v1_BuildStatus(ref common.ReferenceCallback) com "startTimestamp": { SchemaProps: spec.SchemaProps{ Description: "startTimestamp is a timestamp representing the server time when this Build started running in a Pod. It is represented in RFC3339 form and is in UTC.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "completionTimestamp": { SchemaProps: spec.SchemaProps{ Description: "completionTimestamp is a timestamp representing the server time when this Build was finished, whether that build failed or succeeded. It reflects the time at which the Pod running the Build terminated. It is represented in RFC3339 form and is in UTC.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "duration": { @@ -6909,7 +6885,7 @@ func schema_openshift_api_build_v1_BuildStatus(ref common.ReferenceCallback) com "config": { SchemaProps: spec.SchemaProps{ Description: "config is an ObjectReference to the BuildConfig this Build is based on.", - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, "output": { @@ -6964,7 +6940,7 @@ func schema_openshift_api_build_v1_BuildStatus(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.BuildCondition", "github.com/openshift/api/build/v1.BuildStatusOutput", "github.com/openshift/api/build/v1.StageInfo", corev1.ObjectReference{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, + "github.com/openshift/api/build/v1.BuildCondition", "github.com/openshift/api/build/v1.BuildStatusOutput", "github.com/openshift/api/build/v1.StageInfo", "k8s.io/api/core/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -7256,19 +7232,19 @@ func schema_openshift_api_build_v1_BuildVolumeSource(ref common.ReferenceCallbac "secret": { SchemaProps: spec.SchemaProps{ Description: "secret represents a Secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - Ref: ref(corev1.SecretVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SecretVolumeSource"), }, }, "configMap": { SchemaProps: spec.SchemaProps{ Description: "configMap represents a ConfigMap that should populate this volume", - Ref: ref(corev1.ConfigMapVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ConfigMapVolumeSource"), }, }, "csi": { SchemaProps: spec.SchemaProps{ Description: "csi represents ephemeral storage provided by external CSI drivers which support this capability", - Ref: ref(corev1.CSIVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.CSIVolumeSource"), }, }, }, @@ -7276,7 +7252,7 @@ func schema_openshift_api_build_v1_BuildVolumeSource(ref common.ReferenceCallbac }, }, Dependencies: []string{ - corev1.CSIVolumeSource{}.OpenAPIModelName(), corev1.ConfigMapVolumeSource{}.OpenAPIModelName(), corev1.SecretVolumeSource{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.CSIVolumeSource", "k8s.io/api/core/v1.ConfigMapVolumeSource", "k8s.io/api/core/v1.SecretVolumeSource"}, } } @@ -7325,7 +7301,7 @@ func schema_openshift_api_build_v1_CommonSpec(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "resources computes resource requirements to execute the build.", Default: map[string]interface{}{}, - Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), }, }, "postCommit": { @@ -7370,7 +7346,7 @@ func schema_openshift_api_build_v1_CommonSpec(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.BuildOutput", "github.com/openshift/api/build/v1.BuildPostCommitSpec", "github.com/openshift/api/build/v1.BuildSource", "github.com/openshift/api/build/v1.BuildStrategy", "github.com/openshift/api/build/v1.SourceRevision", corev1.ResourceRequirements{}.OpenAPIModelName()}, + "github.com/openshift/api/build/v1.BuildOutput", "github.com/openshift/api/build/v1.BuildPostCommitSpec", "github.com/openshift/api/build/v1.BuildSource", "github.com/openshift/api/build/v1.BuildStrategy", "github.com/openshift/api/build/v1.SourceRevision", "k8s.io/api/core/v1.ResourceRequirements"}, } } @@ -7413,7 +7389,7 @@ func schema_openshift_api_build_v1_ConfigMapBuildSource(ref common.ReferenceCall SchemaProps: spec.SchemaProps{ Description: "configMap is a reference to an existing configmap that you want to use in your build.", Default: map[string]interface{}{}, - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, "destinationDir": { @@ -7428,7 +7404,7 @@ func schema_openshift_api_build_v1_ConfigMapBuildSource(ref common.ReferenceCall }, }, Dependencies: []string{ - corev1.LocalObjectReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.LocalObjectReference"}, } } @@ -7443,13 +7419,13 @@ func schema_openshift_api_build_v1_CustomBuildStrategy(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "from is reference to an DockerImage, ImageStreamTag, or ImageStreamImage from which the container image should be pulled", Default: map[string]interface{}{}, - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, "pullSecret": { SchemaProps: spec.SchemaProps{ Description: "pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, "env": { @@ -7460,7 +7436,7 @@ func schema_openshift_api_build_v1_CustomBuildStrategy(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EnvVar"), }, }, }, @@ -7506,7 +7482,7 @@ func schema_openshift_api_build_v1_CustomBuildStrategy(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.SecretSpec", corev1.EnvVar{}.OpenAPIModelName(), corev1.LocalObjectReference{}.OpenAPIModelName(), corev1.ObjectReference{}.OpenAPIModelName()}, + "github.com/openshift/api/build/v1.SecretSpec", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.ObjectReference"}, } } @@ -7520,13 +7496,13 @@ func schema_openshift_api_build_v1_DockerBuildStrategy(ref common.ReferenceCallb "from": { SchemaProps: spec.SchemaProps{ Description: "from is a reference to an DockerImage, ImageStreamTag, or ImageStreamImage which overrides the FROM image in the Dockerfile for the build. If the Dockerfile uses multi-stage builds, this will replace the image in the last FROM directive of the file.", - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, "pullSecret": { SchemaProps: spec.SchemaProps{ Description: "pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, "noCache": { @@ -7544,7 +7520,7 @@ func schema_openshift_api_build_v1_DockerBuildStrategy(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EnvVar"), }, }, }, @@ -7572,7 +7548,7 @@ func schema_openshift_api_build_v1_DockerBuildStrategy(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EnvVar"), }, }, }, @@ -7613,7 +7589,7 @@ func schema_openshift_api_build_v1_DockerBuildStrategy(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.BuildVolume", corev1.EnvVar{}.OpenAPIModelName(), corev1.LocalObjectReference{}.OpenAPIModelName(), corev1.ObjectReference{}.OpenAPIModelName()}, + "github.com/openshift/api/build/v1.BuildVolume", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.ObjectReference"}, } } @@ -7632,7 +7608,7 @@ func schema_openshift_api_build_v1_DockerStrategyOptions(ref common.ReferenceCal Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EnvVar"), }, }, }, @@ -7649,7 +7625,7 @@ func schema_openshift_api_build_v1_DockerStrategyOptions(ref common.ReferenceCal }, }, Dependencies: []string{ - corev1.EnvVar{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.EnvVar"}, } } @@ -7709,7 +7685,7 @@ func schema_openshift_api_build_v1_GenericWebHookEvent(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EnvVar"), }, }, }, @@ -7725,7 +7701,7 @@ func schema_openshift_api_build_v1_GenericWebHookEvent(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.DockerStrategyOptions", "github.com/openshift/api/build/v1.GitInfo", corev1.EnvVar{}.OpenAPIModelName()}, + "github.com/openshift/api/build/v1.DockerStrategyOptions", "github.com/openshift/api/build/v1.GitInfo", "k8s.io/api/core/v1.EnvVar"}, } } @@ -8069,14 +8045,14 @@ func schema_openshift_api_build_v1_ImageChangeCause(ref common.ReferenceCallback "fromRef": { SchemaProps: spec.SchemaProps{ Description: "fromRef contains detailed information about an image that triggered a build.", - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, }, }, }, Dependencies: []string{ - corev1.ObjectReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ObjectReference"}, } } @@ -8097,7 +8073,7 @@ func schema_openshift_api_build_v1_ImageChangeTrigger(ref common.ReferenceCallba "from": { SchemaProps: spec.SchemaProps{ Description: "from is a reference to an ImageStreamTag that will trigger a build when updated It is optional. If no From is specified, the From image from the build strategy will be used. Only one ImageChangeTrigger with an empty From reference is allowed in a build configuration.", - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, "paused": { @@ -8111,7 +8087,7 @@ func schema_openshift_api_build_v1_ImageChangeTrigger(ref common.ReferenceCallba }, }, Dependencies: []string{ - corev1.ObjectReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ObjectReference"}, } } @@ -8139,14 +8115,14 @@ func schema_openshift_api_build_v1_ImageChangeTriggerStatus(ref common.Reference "lastTriggerTime": { SchemaProps: spec.SchemaProps{ Description: "lastTriggerTime is the last time this particular ImageStreamTag triggered a Build to start. This field is only updated when this trigger specifically started a Build.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.ImageStreamTagReference", metav1.Time{}.OpenAPIModelName()}, + "github.com/openshift/api/build/v1.ImageStreamTagReference", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -8190,7 +8166,7 @@ func schema_openshift_api_build_v1_ImageSource(ref common.ReferenceCallback) com SchemaProps: spec.SchemaProps{ Description: "from is a reference to an ImageStreamTag, ImageStreamImage, or DockerImage to copy source from.", Default: map[string]interface{}{}, - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, "as": { @@ -8225,7 +8201,7 @@ func schema_openshift_api_build_v1_ImageSource(ref common.ReferenceCallback) com "pullSecret": { SchemaProps: spec.SchemaProps{ Description: "pullSecret is a reference to a secret to be used to pull the image from a registry If the image is pulled from the OpenShift registry, this field does not need to be set.", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, }, @@ -8233,7 +8209,7 @@ func schema_openshift_api_build_v1_ImageSource(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.ImageSourcePath", corev1.LocalObjectReference{}.OpenAPIModelName(), corev1.ObjectReference{}.OpenAPIModelName()}, + "github.com/openshift/api/build/v1.ImageSourcePath", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.ObjectReference"}, } } @@ -8323,7 +8299,7 @@ func schema_openshift_api_build_v1_JenkinsPipelineBuildStrategy(ref common.Refer Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EnvVar"), }, }, }, @@ -8333,7 +8309,7 @@ func schema_openshift_api_build_v1_JenkinsPipelineBuildStrategy(ref common.Refer }, }, Dependencies: []string{ - corev1.EnvVar{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.EnvVar"}, } } @@ -8382,7 +8358,7 @@ func schema_openshift_api_build_v1_SecretBuildSource(ref common.ReferenceCallbac SchemaProps: spec.SchemaProps{ Description: "secret is a reference to an existing secret that you want to use in your build.", Default: map[string]interface{}{}, - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, "destinationDir": { @@ -8397,7 +8373,7 @@ func schema_openshift_api_build_v1_SecretBuildSource(ref common.ReferenceCallbac }, }, Dependencies: []string{ - corev1.LocalObjectReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.LocalObjectReference"}, } } @@ -8434,7 +8410,7 @@ func schema_openshift_api_build_v1_SecretSpec(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "secretSource is a reference to the secret", Default: map[string]interface{}{}, - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, "mountPath": { @@ -8450,7 +8426,7 @@ func schema_openshift_api_build_v1_SecretSpec(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - corev1.LocalObjectReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.LocalObjectReference"}, } } @@ -8465,13 +8441,13 @@ func schema_openshift_api_build_v1_SourceBuildStrategy(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "from is reference to an DockerImage, ImageStreamTag, or ImageStreamImage from which the container image should be pulled", Default: map[string]interface{}{}, - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, "pullSecret": { SchemaProps: spec.SchemaProps{ Description: "pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, "env": { @@ -8482,7 +8458,7 @@ func schema_openshift_api_build_v1_SourceBuildStrategy(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EnvVar"), }, }, }, @@ -8538,7 +8514,7 @@ func schema_openshift_api_build_v1_SourceBuildStrategy(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.BuildVolume", corev1.EnvVar{}.OpenAPIModelName(), corev1.LocalObjectReference{}.OpenAPIModelName(), corev1.ObjectReference{}.OpenAPIModelName()}, + "github.com/openshift/api/build/v1.BuildVolume", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.ObjectReference"}, } } @@ -8636,7 +8612,7 @@ func schema_openshift_api_build_v1_StageInfo(ref common.ReferenceCallback) commo "startTime": { SchemaProps: spec.SchemaProps{ Description: "startTime is a timestamp representing the server time when this Stage started. It is represented in RFC3339 form and is in UTC.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "durationMilliseconds": { @@ -8664,7 +8640,7 @@ func schema_openshift_api_build_v1_StageInfo(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.StepInfo", metav1.Time{}.OpenAPIModelName()}, + "github.com/openshift/api/build/v1.StepInfo", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -8685,7 +8661,7 @@ func schema_openshift_api_build_v1_StepInfo(ref common.ReferenceCallback) common "startTime": { SchemaProps: spec.SchemaProps{ Description: "startTime is a timestamp representing the server time when this Step started. it is represented in RFC3339 form and is in UTC.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "durationMilliseconds": { @@ -8699,7 +8675,7 @@ func schema_openshift_api_build_v1_StepInfo(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -8763,7 +8739,7 @@ func schema_openshift_api_cloudnetwork_v1_CloudPrivateIPConfig(ref common.Refere SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -8785,7 +8761,7 @@ func schema_openshift_api_cloudnetwork_v1_CloudPrivateIPConfig(ref common.Refere }, }, Dependencies: []string{ - "github.com/openshift/api/cloudnetwork/v1.CloudPrivateIPConfigSpec", "github.com/openshift/api/cloudnetwork/v1.CloudPrivateIPConfigStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/cloudnetwork/v1.CloudPrivateIPConfigSpec", "github.com/openshift/api/cloudnetwork/v1.CloudPrivateIPConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -8843,7 +8819,7 @@ func schema_openshift_api_cloudnetwork_v1_CloudPrivateIPConfigStatus(ref common. Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -8854,7 +8830,7 @@ func schema_openshift_api_cloudnetwork_v1_CloudPrivateIPConfigStatus(ref common. }, }, Dependencies: []string{ - metav1.Condition{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -8883,7 +8859,7 @@ func schema_openshift_api_config_v1_APIServer(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -8905,7 +8881,7 @@ func schema_openshift_api_config_v1_APIServer(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.APIServerSpec", "github.com/openshift/api/config/v1.APIServerStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.APIServerSpec", "github.com/openshift/api/config/v1.APIServerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -8974,7 +8950,7 @@ func schema_openshift_api_config_v1_APIServerList(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -8995,7 +8971,7 @@ func schema_openshift_api_config_v1_APIServerList(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.APIServer", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.APIServer", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -9128,13 +9104,6 @@ func schema_openshift_api_config_v1_APIServerSpec(ref common.ReferenceCallback) Ref: ref("github.com/openshift/api/config/v1.TLSSecurityProfile"), }, }, - "tlsAdherence": { - SchemaProps: spec.SchemaProps{ - Description: "tlsAdherence controls if components in the cluster adhere to the TLS security profile configured on this APIServer resource.\n\nValid values are \"LegacyAdheringComponentsOnly\" and \"StrictAllComponents\".\n\nWhen set to \"LegacyAdheringComponentsOnly\", components that already honor the cluster-wide TLS profile continue to do so. Components that do not already honor it continue to use their individual TLS configurations.\n\nWhen set to \"StrictAllComponents\", all components must honor the configured TLS profile unless they have a component-specific TLS configuration that overrides it. This mode is recommended for security-conscious deployments and is required for certain compliance frameworks.\n\nNote: Some components such as Kubelet and IngressController have their own dedicated TLS configuration mechanisms via KubeletConfig and IngressController CRs respectively. When these component-specific TLS configurations are set, they take precedence over the cluster-wide tlsSecurityProfile. When not set, these components fall back to the cluster-wide default.\n\nComponents that encounter an unknown value for tlsAdherence should treat it as \"StrictAllComponents\" and log a warning to ensure forward compatibility while defaulting to the more secure behavior.\n\nThis field is optional. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is LegacyAdheringComponentsOnly.\n\nOnce set, this field may be changed to a different value, but may not be removed.", - Type: []string{"string"}, - Format: "", - }, - }, "audit": { SchemaProps: spec.SchemaProps{ Description: "audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster.", @@ -9169,7 +9138,7 @@ func schema_openshift_api_config_v1_AWSDNSSpec(ref common.ReferenceCallback) com Properties: map[string]spec.Schema{ "privateZoneIAMRole": { SchemaProps: spec.SchemaProps{ - Description: "privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed.\n\nThe ARN must follow the format: arn::iam:::role/, where: is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc), is a 12-digit numeric identifier for the AWS account, is the IAM role name.", + Description: "privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed.", Default: "", Type: []string{"string"}, Format: "", @@ -9511,7 +9480,7 @@ func schema_openshift_api_config_v1_AdmissionPluginConfig(ref common.ReferenceCa "configuration": { SchemaProps: spec.SchemaProps{ Description: "configuration is an embedded configuration object to be used as the plugin's configuration. If present, it will be used instead of the path to the configuration file.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -9519,7 +9488,7 @@ func schema_openshift_api_config_v1_AdmissionPluginConfig(ref common.ReferenceCa }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -9718,7 +9687,7 @@ func schema_openshift_api_config_v1_AuditConfig(ref common.ReferenceCallback) co "policyConfiguration": { SchemaProps: spec.SchemaProps{ Description: "policyConfiguration is an embedded policy configuration object to be used as the audit policy configuration. If present, it will be used instead of the path to the policy file.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "logFormat": { @@ -9750,7 +9719,7 @@ func schema_openshift_api_config_v1_AuditConfig(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -9809,7 +9778,7 @@ func schema_openshift_api_config_v1_Authentication(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -9831,7 +9800,7 @@ func schema_openshift_api_config_v1_Authentication(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.AuthenticationSpec", "github.com/openshift/api/config/v1.AuthenticationStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.AuthenticationSpec", "github.com/openshift/api/config/v1.AuthenticationStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -9860,7 +9829,7 @@ func schema_openshift_api_config_v1_AuthenticationList(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -9881,7 +9850,7 @@ func schema_openshift_api_config_v1_AuthenticationList(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.Authentication", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.Authentication", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -10419,7 +10388,7 @@ func schema_openshift_api_config_v1_Build(ref common.ReferenceCallback) common.O SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -10434,7 +10403,7 @@ func schema_openshift_api_config_v1_Build(ref common.ReferenceCallback) common.O }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.BuildSpec", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.BuildSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -10464,7 +10433,7 @@ func schema_openshift_api_config_v1_BuildDefaults(ref common.ReferenceCallback) Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EnvVar"), }, }, }, @@ -10488,14 +10457,14 @@ func schema_openshift_api_config_v1_BuildDefaults(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "resources defines resource requirements to execute the build.", Default: map[string]interface{}{}, - Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ImageLabel", "github.com/openshift/api/config/v1.ProxySpec", corev1.EnvVar{}.OpenAPIModelName(), corev1.ResourceRequirements{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ImageLabel", "github.com/openshift/api/config/v1.ProxySpec", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.ResourceRequirements"}, } } @@ -10524,7 +10493,7 @@ func schema_openshift_api_config_v1_BuildList(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -10545,7 +10514,7 @@ func schema_openshift_api_config_v1_BuildList(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.Build", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.Build", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -10593,7 +10562,7 @@ func schema_openshift_api_config_v1_BuildOverrides(ref common.ReferenceCallback) Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.Toleration{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Toleration"), }, }, }, @@ -10610,7 +10579,7 @@ func schema_openshift_api_config_v1_BuildOverrides(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ImageLabel", corev1.Toleration{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ImageLabel", "k8s.io/api/core/v1.Toleration"}, } } @@ -10914,7 +10883,7 @@ func schema_openshift_api_config_v1_ClusterImagePolicy(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -10936,7 +10905,7 @@ func schema_openshift_api_config_v1_ClusterImagePolicy(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ClusterImagePolicySpec", "github.com/openshift/api/config/v1.ClusterImagePolicyStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ClusterImagePolicySpec", "github.com/openshift/api/config/v1.ClusterImagePolicyStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -10965,7 +10934,7 @@ func schema_openshift_api_config_v1_ClusterImagePolicyList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -10987,7 +10956,7 @@ func schema_openshift_api_config_v1_ClusterImagePolicyList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ClusterImagePolicy", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ClusterImagePolicy", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -11056,7 +11025,7 @@ func schema_openshift_api_config_v1_ClusterImagePolicyStatus(ref common.Referenc Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -11066,7 +11035,7 @@ func schema_openshift_api_config_v1_ClusterImagePolicyStatus(ref common.Referenc }, }, Dependencies: []string{ - metav1.Condition{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -11124,7 +11093,7 @@ func schema_openshift_api_config_v1_ClusterOperator(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -11146,7 +11115,7 @@ func schema_openshift_api_config_v1_ClusterOperator(ref common.ReferenceCallback }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ClusterOperatorSpec", "github.com/openshift/api/config/v1.ClusterOperatorStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ClusterOperatorSpec", "github.com/openshift/api/config/v1.ClusterOperatorStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -11175,7 +11144,7 @@ func schema_openshift_api_config_v1_ClusterOperatorList(ref common.ReferenceCall SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -11196,7 +11165,7 @@ func schema_openshift_api_config_v1_ClusterOperatorList(ref common.ReferenceCall }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ClusterOperator", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ClusterOperator", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -11273,14 +11242,14 @@ func schema_openshift_api_config_v1_ClusterOperatorStatus(ref common.ReferenceCa "extension": { SchemaProps: spec.SchemaProps{ Description: "extension contains any additional status information specific to the operator which owns this status object.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ClusterOperatorStatusCondition", "github.com/openshift/api/config/v1.ObjectReference", "github.com/openshift/api/config/v1.OperandVersion", runtime.RawExtension{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ClusterOperatorStatusCondition", "github.com/openshift/api/config/v1.ObjectReference", "github.com/openshift/api/config/v1.OperandVersion", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -11310,7 +11279,7 @@ func schema_openshift_api_config_v1_ClusterOperatorStatusCondition(ref common.Re "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "lastTransitionTime is the time of the last update to the current status property.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "reason": { @@ -11332,7 +11301,7 @@ func schema_openshift_api_config_v1_ClusterOperatorStatusCondition(ref common.Re }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -11361,7 +11330,7 @@ func schema_openshift_api_config_v1_ClusterVersion(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -11383,7 +11352,7 @@ func schema_openshift_api_config_v1_ClusterVersion(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ClusterVersionSpec", "github.com/openshift/api/config/v1.ClusterVersionStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ClusterVersionSpec", "github.com/openshift/api/config/v1.ClusterVersionStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -11505,7 +11474,7 @@ func schema_openshift_api_config_v1_ClusterVersionList(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -11526,7 +11495,7 @@ func schema_openshift_api_config_v1_ClusterVersionList(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ClusterVersion", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ClusterVersion", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -11954,7 +11923,7 @@ func schema_openshift_api_config_v1_ComponentRouteStatus(ref common.ReferenceCal Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -11979,7 +11948,7 @@ func schema_openshift_api_config_v1_ComponentRouteStatus(ref common.ReferenceCal }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ObjectReference", metav1.Condition{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -12057,7 +12026,7 @@ func schema_openshift_api_config_v1_ConditionalUpdate(ref common.ReferenceCallba Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -12068,7 +12037,7 @@ func schema_openshift_api_config_v1_ConditionalUpdate(ref common.ReferenceCallba }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ConditionalUpdateRisk", "github.com/openshift/api/config/v1.Release", metav1.Condition{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ConditionalUpdateRisk", "github.com/openshift/api/config/v1.Release", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -12095,7 +12064,7 @@ func schema_openshift_api_config_v1_ConditionalUpdateRisk(ref common.ReferenceCa Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -12149,7 +12118,7 @@ func schema_openshift_api_config_v1_ConditionalUpdateRisk(ref common.ReferenceCa }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ClusterCondition", metav1.Condition{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ClusterCondition", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -12228,7 +12197,7 @@ func schema_openshift_api_config_v1_Console(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -12250,7 +12219,7 @@ func schema_openshift_api_config_v1_Console(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ConsoleSpec", "github.com/openshift/api/config/v1.ConsoleStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ConsoleSpec", "github.com/openshift/api/config/v1.ConsoleStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -12299,7 +12268,7 @@ func schema_openshift_api_config_v1_ConsoleList(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -12320,7 +12289,7 @@ func schema_openshift_api_config_v1_ConsoleList(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.Console", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.Console", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -12460,7 +12429,27 @@ func schema_openshift_api_config_v1_CustomTLSProfile(ref common.ReferenceCallbac }, }, SchemaProps: spec.SchemaProps{ - Description: "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries that their operands do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml):\n\n ciphers:\n - ECDHE-RSA-AES128-GCM-SHA256\n\nTLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable and are always enabled when TLS 1.3 is negotiated.", + Description: "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "curves": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "set", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "curves is an optional field used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one curve.\n\nFor example, to use X25519 and SecP256r1 (yaml):\n\n curves:\n - X25519\n - SecP256r1", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -12513,7 +12502,7 @@ func schema_openshift_api_config_v1_DNS(ref common.ReferenceCallback) common.Ope SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -12535,7 +12524,7 @@ func schema_openshift_api_config_v1_DNS(ref common.ReferenceCallback) common.Ope }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.DNSSpec", "github.com/openshift/api/config/v1.DNSStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.DNSSpec", "github.com/openshift/api/config/v1.DNSStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -12564,7 +12553,7 @@ func schema_openshift_api_config_v1_DNSList(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -12585,7 +12574,7 @@ func schema_openshift_api_config_v1_DNSList(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.DNS", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.DNS", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -13125,7 +13114,7 @@ func schema_openshift_api_config_v1_FeatureGate(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -13147,7 +13136,7 @@ func schema_openshift_api_config_v1_FeatureGate(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.FeatureGateSpec", "github.com/openshift/api/config/v1.FeatureGateStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.FeatureGateSpec", "github.com/openshift/api/config/v1.FeatureGateStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -13248,7 +13237,7 @@ func schema_openshift_api_config_v1_FeatureGateList(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -13269,7 +13258,7 @@ func schema_openshift_api_config_v1_FeatureGateList(ref common.ReferenceCallback }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.FeatureGate", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.FeatureGate", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -13373,7 +13362,7 @@ func schema_openshift_api_config_v1_FeatureGateStatus(ref common.ReferenceCallba Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -13405,7 +13394,7 @@ func schema_openshift_api_config_v1_FeatureGateStatus(ref common.ReferenceCallba }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.FeatureGateDetails", metav1.Condition{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.FeatureGateDetails", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -14534,7 +14523,7 @@ func schema_openshift_api_config_v1_Image(ref common.ReferenceCallback) common.O SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -14556,7 +14545,7 @@ func schema_openshift_api_config_v1_Image(ref common.ReferenceCallback) common.O }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ImageSpec", "github.com/openshift/api/config/v1.ImageStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ImageSpec", "github.com/openshift/api/config/v1.ImageStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -14585,7 +14574,7 @@ func schema_openshift_api_config_v1_ImageContentPolicy(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -14600,7 +14589,7 @@ func schema_openshift_api_config_v1_ImageContentPolicy(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ImageContentPolicySpec", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ImageContentPolicySpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -14629,7 +14618,7 @@ func schema_openshift_api_config_v1_ImageContentPolicyList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -14650,7 +14639,7 @@ func schema_openshift_api_config_v1_ImageContentPolicyList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ImageContentPolicy", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ImageContentPolicy", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -14716,7 +14705,7 @@ func schema_openshift_api_config_v1_ImageDigestMirrorSet(ref common.ReferenceCal SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -14738,7 +14727,7 @@ func schema_openshift_api_config_v1_ImageDigestMirrorSet(ref common.ReferenceCal }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ImageDigestMirrorSetSpec", "github.com/openshift/api/config/v1.ImageDigestMirrorSetStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ImageDigestMirrorSetSpec", "github.com/openshift/api/config/v1.ImageDigestMirrorSetStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -14767,7 +14756,7 @@ func schema_openshift_api_config_v1_ImageDigestMirrorSetList(ref common.Referenc SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -14788,7 +14777,7 @@ func schema_openshift_api_config_v1_ImageDigestMirrorSetList(ref common.Referenc }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ImageDigestMirrorSet", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ImageDigestMirrorSet", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -14938,7 +14927,7 @@ func schema_openshift_api_config_v1_ImageList(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -14959,7 +14948,7 @@ func schema_openshift_api_config_v1_ImageList(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.Image", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.Image", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -14988,7 +14977,7 @@ func schema_openshift_api_config_v1_ImagePolicy(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -15010,7 +14999,7 @@ func schema_openshift_api_config_v1_ImagePolicy(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ImagePolicySpec", "github.com/openshift/api/config/v1.ImagePolicyStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ImagePolicySpec", "github.com/openshift/api/config/v1.ImagePolicyStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -15076,7 +15065,7 @@ func schema_openshift_api_config_v1_ImagePolicyList(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -15098,7 +15087,7 @@ func schema_openshift_api_config_v1_ImagePolicyList(ref common.ReferenceCallback }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ImagePolicy", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ImagePolicy", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -15232,7 +15221,7 @@ func schema_openshift_api_config_v1_ImagePolicyStatus(ref common.ReferenceCallba Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -15242,7 +15231,7 @@ func schema_openshift_api_config_v1_ImagePolicyStatus(ref common.ReferenceCallba }, }, Dependencies: []string{ - metav1.Condition{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -15423,7 +15412,7 @@ func schema_openshift_api_config_v1_ImageTagMirrorSet(ref common.ReferenceCallba SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -15445,7 +15434,7 @@ func schema_openshift_api_config_v1_ImageTagMirrorSet(ref common.ReferenceCallba }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ImageTagMirrorSetSpec", "github.com/openshift/api/config/v1.ImageTagMirrorSetStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ImageTagMirrorSetSpec", "github.com/openshift/api/config/v1.ImageTagMirrorSetStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -15474,7 +15463,7 @@ func schema_openshift_api_config_v1_ImageTagMirrorSetList(ref common.ReferenceCa SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -15495,7 +15484,7 @@ func schema_openshift_api_config_v1_ImageTagMirrorSetList(ref common.ReferenceCa }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ImageTagMirrorSet", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ImageTagMirrorSet", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -15617,7 +15606,7 @@ func schema_openshift_api_config_v1_Infrastructure(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -15639,7 +15628,7 @@ func schema_openshift_api_config_v1_Infrastructure(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.InfrastructureSpec", "github.com/openshift/api/config/v1.InfrastructureStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.InfrastructureSpec", "github.com/openshift/api/config/v1.InfrastructureStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -15668,7 +15657,7 @@ func schema_openshift_api_config_v1_InfrastructureList(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -15689,7 +15678,7 @@ func schema_openshift_api_config_v1_InfrastructureList(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.Infrastructure", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.Infrastructure", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -15776,7 +15765,7 @@ func schema_openshift_api_config_v1_InfrastructureStatus(ref common.ReferenceCal }, "controlPlaneTopology": { SchemaProps: spec.SchemaProps{ - Description: "controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster. The 'HighlyAvailableArbiter' mode indicates that the control plane will consist of 2 control-plane nodes that run conventional services and 1 smaller sized arbiter node that runs a bare minimum of services to maintain quorum.", + Description: "controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster.", Default: "", Type: []string{"string"}, Format: "", @@ -15830,7 +15819,7 @@ func schema_openshift_api_config_v1_Ingress(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -15852,7 +15841,7 @@ func schema_openshift_api_config_v1_Ingress(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.IngressSpec", "github.com/openshift/api/config/v1.IngressStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.IngressSpec", "github.com/openshift/api/config/v1.IngressStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -15881,7 +15870,7 @@ func schema_openshift_api_config_v1_IngressList(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -15902,7 +15891,7 @@ func schema_openshift_api_config_v1_IngressList(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.Ingress", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.Ingress", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -16092,7 +16081,7 @@ func schema_openshift_api_config_v1_InsightsDataGather(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -16107,7 +16096,7 @@ func schema_openshift_api_config_v1_InsightsDataGather(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.InsightsDataGatherSpec", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.InsightsDataGatherSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -16136,7 +16125,7 @@ func schema_openshift_api_config_v1_InsightsDataGatherList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the required standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -16158,7 +16147,7 @@ func schema_openshift_api_config_v1_InsightsDataGatherList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.InsightsDataGather", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.InsightsDataGather", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -16525,19 +16514,19 @@ func schema_openshift_api_config_v1_LeaderElection(ref common.ReferenceCallback) "leaseDuration": { SchemaProps: spec.SchemaProps{ Description: "leaseDuration is the duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate. This is only applicable if leader election is enabled.", - Ref: ref(metav1.Duration{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, "renewDeadline": { SchemaProps: spec.SchemaProps{ Description: "renewDeadline is the interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. This is only applicable if leader election is enabled.", - Ref: ref(metav1.Duration{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, "retryPeriod": { SchemaProps: spec.SchemaProps{ Description: "retryPeriod is the duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled.", - Ref: ref(metav1.Duration{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, }, @@ -16545,7 +16534,7 @@ func schema_openshift_api_config_v1_LeaderElection(ref common.ReferenceCallback) }, }, Dependencies: []string{ - metav1.Duration{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, } } @@ -16733,7 +16722,7 @@ func schema_openshift_api_config_v1_Network(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -16755,7 +16744,7 @@ func schema_openshift_api_config_v1_Network(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.NetworkSpec", "github.com/openshift/api/config/v1.NetworkStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.NetworkSpec", "github.com/openshift/api/config/v1.NetworkStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -16831,7 +16820,7 @@ func schema_openshift_api_config_v1_NetworkDiagnosticsSourcePlacement(ref common Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.Toleration{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Toleration"), }, }, }, @@ -16841,7 +16830,7 @@ func schema_openshift_api_config_v1_NetworkDiagnosticsSourcePlacement(ref common }, }, Dependencies: []string{ - corev1.Toleration{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.Toleration"}, } } @@ -16881,7 +16870,7 @@ func schema_openshift_api_config_v1_NetworkDiagnosticsTargetPlacement(ref common Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.Toleration{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Toleration"), }, }, }, @@ -16891,7 +16880,7 @@ func schema_openshift_api_config_v1_NetworkDiagnosticsTargetPlacement(ref common }, }, Dependencies: []string{ - corev1.Toleration{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.Toleration"}, } } @@ -16920,7 +16909,7 @@ func schema_openshift_api_config_v1_NetworkList(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -16941,7 +16930,7 @@ func schema_openshift_api_config_v1_NetworkList(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.Network", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.Network", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -17138,7 +17127,7 @@ func schema_openshift_api_config_v1_NetworkStatus(ref common.ReferenceCallback) Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -17148,7 +17137,7 @@ func schema_openshift_api_config_v1_NetworkStatus(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ClusterNetworkEntry", "github.com/openshift/api/config/v1.NetworkMigration", metav1.Condition{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ClusterNetworkEntry", "github.com/openshift/api/config/v1.NetworkMigration", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -17177,7 +17166,7 @@ func schema_openshift_api_config_v1_Node(ref common.ReferenceCallback) common.Op SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -17199,7 +17188,7 @@ func schema_openshift_api_config_v1_Node(ref common.ReferenceCallback) common.Op }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.NodeSpec", "github.com/openshift/api/config/v1.NodeStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.NodeSpec", "github.com/openshift/api/config/v1.NodeStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -17228,7 +17217,7 @@ func schema_openshift_api_config_v1_NodeList(ref common.ReferenceCallback) commo SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -17249,7 +17238,7 @@ func schema_openshift_api_config_v1_NodeList(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.Node", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.Node", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -17309,7 +17298,7 @@ func schema_openshift_api_config_v1_NodeStatus(ref common.ReferenceCallback) com Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -17319,7 +17308,7 @@ func schema_openshift_api_config_v1_NodeStatus(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - metav1.Condition{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -17691,7 +17680,7 @@ func schema_openshift_api_config_v1_OAuth(ref common.ReferenceCallback) common.O SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -17713,7 +17702,7 @@ func schema_openshift_api_config_v1_OAuth(ref common.ReferenceCallback) common.O }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.OAuthSpec", "github.com/openshift/api/config/v1.OAuthStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.OAuthSpec", "github.com/openshift/api/config/v1.OAuthStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -17742,7 +17731,7 @@ func schema_openshift_api_config_v1_OAuthList(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -17763,7 +17752,7 @@ func schema_openshift_api_config_v1_OAuthList(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.OAuth", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.OAuth", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -18095,7 +18084,7 @@ func schema_openshift_api_config_v1_OIDCClientStatus(ref common.ReferenceCallbac Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -18106,7 +18095,7 @@ func schema_openshift_api_config_v1_OIDCClientStatus(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.OIDCClientReference", metav1.Condition{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.OIDCClientReference", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -18721,7 +18710,7 @@ func schema_openshift_api_config_v1_OperatorHub(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -18741,7 +18730,7 @@ func schema_openshift_api_config_v1_OperatorHub(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.OperatorHubSpec", "github.com/openshift/api/config/v1.OperatorHubStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.OperatorHubSpec", "github.com/openshift/api/config/v1.OperatorHubStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -18770,7 +18759,7 @@ func schema_openshift_api_config_v1_OperatorHubList(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -18791,7 +18780,7 @@ func schema_openshift_api_config_v1_OperatorHubList(ref common.ReferenceCallback }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.OperatorHub", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.OperatorHub", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -19625,28 +19614,22 @@ func schema_openshift_api_config_v1_PrefixedClaimMapping(ref common.ReferenceCal Properties: map[string]spec.Schema{ "claim": { SchemaProps: spec.SchemaProps{ - Description: "claim is an optional field for specifying the JWT token claim that is used in the mapping. The value of this claim will be assigned to the field in which this mapping is associated. claim must not exceed 256 characters in length. When set to the empty string `\"\"`, this means that no named claim should be used for the group mapping. claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled.", + Description: "claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping.", Default: "", Type: []string{"string"}, Format: "", }, }, - "expression": { - SchemaProps: spec.SchemaProps{ - Description: "expression is an optional CEL expression used to derive group values from JWT claims.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length .\n\nWhen specified, claim must not be set or be explicitly set to the empty string (`\"\"`).", - Type: []string{"string"}, - Format: "", - }, - }, "prefix": { SchemaProps: spec.SchemaProps{ - Description: "prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes.\n\nWhen omitted or set to an empty string (\"\"), no prefix is applied to the cluster identity attribute. Must not be set to a non-empty value when expression is set.\n\nExample: if `prefix` is set to \"myoidc:\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\".", + Description: "prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes.\n\nWhen omitted (\"\"), no prefix is applied to the cluster identity attribute.\n\nExample: if `prefix` is set to \"myoidc:\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\".", Default: "", Type: []string{"string"}, Format: "", }, }, }, + Required: []string{"claim"}, }, }, } @@ -19698,7 +19681,7 @@ func schema_openshift_api_config_v1_Project(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -19720,7 +19703,7 @@ func schema_openshift_api_config_v1_Project(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ProjectSpec", "github.com/openshift/api/config/v1.ProjectStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ProjectSpec", "github.com/openshift/api/config/v1.ProjectStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -19749,7 +19732,7 @@ func schema_openshift_api_config_v1_ProjectList(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -19770,7 +19753,7 @@ func schema_openshift_api_config_v1_ProjectList(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.Project", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.Project", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -19861,7 +19844,7 @@ func schema_openshift_api_config_v1_Proxy(ref common.ReferenceCallback) common.O SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -19883,7 +19866,7 @@ func schema_openshift_api_config_v1_Proxy(ref common.ReferenceCallback) common.O }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ProxySpec", "github.com/openshift/api/config/v1.ProxyStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ProxySpec", "github.com/openshift/api/config/v1.ProxyStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -19912,7 +19895,7 @@ func schema_openshift_api_config_v1_ProxyList(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -19933,7 +19916,7 @@ func schema_openshift_api_config_v1_ProxyList(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.Proxy", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.Proxy", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -20433,7 +20416,7 @@ func schema_openshift_api_config_v1_RequiredHSTSPolicy(ref common.ReferenceCallb "namespaceSelector": { SchemaProps: spec.SchemaProps{ Description: "namespaceSelector specifies a label selector such that the policy applies only to those routes that are in namespaces with labels that match the selector, and are in one of the DomainPatterns. Defaults to the empty LabelSelector, which matches everything.", - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, "domainPatterns": { @@ -20477,7 +20460,7 @@ func schema_openshift_api_config_v1_RequiredHSTSPolicy(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.MaxAgePolicy", metav1.LabelSelector{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.MaxAgePolicy", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -20506,7 +20489,7 @@ func schema_openshift_api_config_v1_Scheduler(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -20528,7 +20511,7 @@ func schema_openshift_api_config_v1_Scheduler(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.SchedulerSpec", "github.com/openshift/api/config/v1.SchedulerStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.SchedulerSpec", "github.com/openshift/api/config/v1.SchedulerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -20557,7 +20540,7 @@ func schema_openshift_api_config_v1_SchedulerList(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -20578,7 +20561,7 @@ func schema_openshift_api_config_v1_SchedulerList(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.Scheduler", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.Scheduler", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -20934,7 +20917,27 @@ func schema_openshift_api_config_v1_TLSProfileSpec(ref common.ReferenceCallback) }, }, SchemaProps: spec.SchemaProps{ - Description: "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries that their operands do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml):\n\n ciphers:\n - ECDHE-RSA-AES128-GCM-SHA256\n\nTLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable and are always enabled when TLS 1.3 is negotiated.", + Description: "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "curves": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "set", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "curves is an optional field used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one curve.\n\nFor example, to use X25519 and SecP256r1 (yaml):\n\n curves:\n - X25519\n - SecP256r1", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -20971,7 +20974,7 @@ func schema_openshift_api_config_v1_TLSSecurityProfile(ref common.ReferenceCallb Properties: map[string]spec.Schema{ "type": { SchemaProps: spec.SchemaProps{ - Description: "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe profiles are based on version 5.7 of the Mozilla Server Side TLS configuration guidelines. The cipher lists consist of the configuration's \"ciphersuites\" followed by the Go-specific \"ciphers\" from the guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.", + Description: "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe profiles are currently based on version 5.0 of the Mozilla Server Side TLS configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.", Default: "", Type: []string{"string"}, Format: "", @@ -20979,25 +20982,25 @@ func schema_openshift_api_config_v1_TLSSecurityProfile(ref common.ReferenceCallb }, "old": { SchemaProps: spec.SchemaProps{ - Description: "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", + Description: "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe cipher list includes TLS 1.3 ciphers for forward compatibility, followed by the \"old\" profile ciphers.\n\nThe curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n - DHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - DHE-RSA-AES128-SHA256\n - DHE-RSA-AES256-SHA256\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", Ref: ref("github.com/openshift/api/config/v1.OldTLSProfile"), }, }, "intermediate": { SchemaProps: spec.SchemaProps{ - Description: "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305", + Description: "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe cipher list includes TLS 1.3 ciphers for forward compatibility, followed by the \"intermediate\" profile ciphers.\n\nThe curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384", Ref: ref("github.com/openshift/api/config/v1.IntermediateTLSProfile"), }, }, "modern": { SchemaProps: spec.SchemaProps{ - Description: "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256", + Description: "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256", Ref: ref("github.com/openshift/api/config/v1.ModernTLSProfile"), }, }, "custom": { SchemaProps: spec.SchemaProps{ - Description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this:\n\n minTLSVersion: VersionTLS11\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256", + Description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic.\n\nThe curve list for this profile is empty by default.\n\nAn example custom profile looks like this:\n\n minTLSVersion: VersionTLS11\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256", Ref: ref("github.com/openshift/api/config/v1.CustomTLSProfile"), }, }, @@ -21092,7 +21095,7 @@ func schema_openshift_api_config_v1_TestReporting(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -21113,7 +21116,7 @@ func schema_openshift_api_config_v1_TestReporting(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.TestReportingSpec", "github.com/openshift/api/config/v1.TestReportingStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.TestReportingSpec", "github.com/openshift/api/config/v1.TestReportingStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -21165,20 +21168,14 @@ func schema_openshift_api_config_v1_TokenClaimMapping(ref common.ReferenceCallba Properties: map[string]spec.Schema{ "claim": { SchemaProps: spec.SchemaProps{ - Description: "claim is an optional field for specifying the JWT token claim that is used in the mapping. The value of this claim will be assigned to the field in which this mapping is associated. claim must not exceed 256 characters in length. When set to the empty string `\"\"`, this means that no named claim should be used for the group mapping. claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled.", + Description: "claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping.", Default: "", Type: []string{"string"}, Format: "", }, }, - "expression": { - SchemaProps: spec.SchemaProps{ - Description: "expression is an optional CEL expression used to derive group values from JWT claims.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length .\n\nWhen specified, claim must not be set or be explicitly set to the empty string (`\"\"`).", - Type: []string{"string"}, - Format: "", - }, - }, }, + Required: []string{"claim"}, }, }, } @@ -21357,14 +21354,14 @@ func schema_openshift_api_config_v1_TokenConfig(ref common.ReferenceCallback) co "accessTokenInactivityTimeout": { SchemaProps: spec.SchemaProps{ Description: "accessTokenInactivityTimeout defines the token inactivity timeout for tokens granted by any client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Takes valid time duration string such as \"5m\", \"1.5h\" or \"2h45m\". The minimum allowed value for duration is 300s (5 minutes). If the timeout is configured per client, then that value takes precedence. If the timeout value is not specified and the client does not override the value, then tokens are valid until their lifetime.\n\nWARNING: existing tokens' timeout will not be affected (lowered) by changing this value", - Ref: ref(metav1.Duration{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, }, }, }, Dependencies: []string{ - metav1.Duration{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, } } @@ -21543,14 +21540,6 @@ func schema_openshift_api_config_v1_Update(ref common.ReferenceCallback) common. }, }, }, - "mode": { - SchemaProps: spec.SchemaProps{ - Description: "mode determines how an update should be processed. The only valid value is \"Preflight\". When omitted, the cluster performs a normal update by applying the specified version or image to the cluster. This is the standard update behavior. When set to \"Preflight\", the cluster runs compatibility checks against the target release without performing an actual update. Compatibility results, including any detected risks, are reported in status.conditionalUpdates and status.conditionalUpdateRisks alongside risks from the update recommendation service. This allows administrators to assess update readiness and address issues before committing to the update. Preflight mode is particularly useful for skip-level updates where upgrade compatibility needs to be verified across multiple minor versions. When mode is set to \"Preflight\", the same rules for version, image, and architecture apply as for normal updates.\n\nPossible enum values:\n - `\"Preflight\"` allows an update to be checked for compatibility without committing to updating the cluster.", - Type: []string{"string"}, - Format: "", - Enum: []interface{}{"Preflight"}, - }, - }, }, }, }, @@ -21577,13 +21566,13 @@ func schema_openshift_api_config_v1_UpdateHistory(ref common.ReferenceCallback) "startedTime": { SchemaProps: spec.SchemaProps{ Description: "startedTime is the time at which the update was started.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "completionTime": { SchemaProps: spec.SchemaProps{ Description: "completionTime, if set, is when the update was fully applied. The update that is currently being applied will have a null completion time. Completion time will always be set for entries that are not the current update (usually to the started time of the next update).", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "version": { @@ -21622,7 +21611,7 @@ func schema_openshift_api_config_v1_UpdateHistory(ref common.ReferenceCallback) }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -21634,21 +21623,15 @@ func schema_openshift_api_config_v1_UsernameClaimMapping(ref common.ReferenceCal Properties: map[string]spec.Schema{ "claim": { SchemaProps: spec.SchemaProps{ - Description: "claim is an optional field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. When the ExternalOIDCWithUpstreamParity feature gate is enabled, claim must not be set when expression is set.\n\nclaim must not be an empty string (\"\") and must not exceed 256 characters.", - Type: []string{"string"}, - Format: "", - }, - }, - "expression": { - SchemaProps: spec.SchemaProps{ - Description: "expression is an optional CEL expression used to derive the username from JWT claims.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length. expression must not be set when claim is set.", + Description: "claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping.\n\nclaim must not be an empty string (\"\") and must not exceed 256 characters.", + Default: "", Type: []string{"string"}, Format: "", }, }, "prefixPolicy": { SchemaProps: spec.SchemaProps{ - Description: "prefixPolicy is an optional field that configures how a prefix should be applied to the value of the JWT claim specified in the 'claim' field.\n\nAllowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string).\n\nWhen set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim. The prefix field must be set when prefixPolicy is 'Prefix'. Must not be set to 'Prefix' when expression is set. When set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim. When omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'.\n\nAs an example, consider the following scenario:\n\n `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`,\n the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\",\n and `claim` is set to:\n - \"username\": the mapped value will be \"https://myoidc.tld#userA\"\n - \"email\": the mapped value will be \"userA@myoidc.tld\"", + Description: "prefixPolicy is an optional field that configures how a prefix should be applied to the value of the JWT claim specified in the 'claim' field.\n\nAllowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string).\n\nWhen set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim.\n\nThe prefix field must be set when prefixPolicy is 'Prefix'.\n\nWhen set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim.\n\nWhen omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'.\n\nAs an example, consider the following scenario:\n\n `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`,\n the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\",\n and `claim` is set to:\n - \"username\": the mapped value will be \"https://myoidc.tld#userA\"\n - \"email\": the mapped value will be \"userA@myoidc.tld\"", Default: "", Type: []string{"string"}, Format: "", @@ -21662,6 +21645,7 @@ func schema_openshift_api_config_v1_UsernameClaimMapping(ref common.ReferenceCal }, }, }, + Required: []string{"claim"}, }, VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ @@ -21669,9 +21653,8 @@ func schema_openshift_api_config_v1_UsernameClaimMapping(ref common.ReferenceCal map[string]interface{}{ "discriminator": "prefixPolicy", "fields-to-discriminateBy": map[string]interface{}{ - "claim": "Claim", - "expression": "Expression", - "prefix": "Prefix", + "claim": "Claim", + "prefix": "Prefix", }, }, }, @@ -22392,84 +22375,6 @@ func schema_openshift_api_config_v1_WebhookTokenAuthenticator(ref common.Referen } } -func schema_openshift_api_config_v1alpha1_AdditionalAlertmanagerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. The `AdditionalAlertmanagerConfig` resource defines settings for how a component communicates with additional Alertmanager instances.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "name": { - SchemaProps: spec.SchemaProps{ - Description: "name is a unique identifier for this Alertmanager configuration entry. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. Minimum length is 1 character (empty string is invalid). Maximum length is 253 characters.", - Type: []string{"string"}, - Format: "", - }, - }, - "authorization": { - SchemaProps: spec.SchemaProps{ - Description: "authorization configures the authentication method for Alertmanager connections. Supports bearer token authentication. When omitted, no authentication is used.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.AuthorizationConfig"), - }, - }, - "pathPrefix": { - SchemaProps: spec.SchemaProps{ - Description: "pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. For example, if your Alertmanager is behind a reverse proxy at \"/alertmanager/\", set this to \"/alertmanager\" so requests go to \"/alertmanager/api/v1/alerts\" instead of \"/api/v1/alerts\". This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. When no prefix is needed, omit this field; do not set it to \"/\" as that would produce paths with double slashes (e.g. \"//api/v1/alerts\"). Must start with \"/\", must not end with \"/\", and must not be exactly \"/\". Must not contain query strings (\"?\") or fragments (\"#\").", - Type: []string{"string"}, - Format: "", - }, - }, - "scheme": { - SchemaProps: spec.SchemaProps{ - Description: "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `HTTP`.", - Type: []string{"string"}, - Format: "", - }, - }, - "staticConfigs": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "set", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "staticConfigs is a list of statically configured Alertmanager endpoints in the form of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address (in brackets) followed by a colon and a valid port number (1-65535). Examples: \"alertmanager.example.com:9093\", \"192.168.1.100:9093\", \"[::1]:9093\" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). Each entry must be unique and non-empty (empty string is invalid).", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "timeoutSeconds": { - SchemaProps: spec.SchemaProps{ - Description: "timeoutSeconds defines the timeout in seconds for requests to Alertmanager. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Currently the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", - Type: []string{"integer"}, - Format: "int32", - }, - }, - "tlsConfig": { - SchemaProps: spec.SchemaProps{ - Description: "tlsConfig defines the TLS settings to use for Alertmanager connections. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.TLSConfig"), - }, - }, - }, - Required: []string{"name", "staticConfigs"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.AuthorizationConfig", "github.com/openshift/api/config/v1alpha1.TLSConfig"}, - } -} - func schema_openshift_api_config_v1alpha1_AlertmanagerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -22540,7 +22445,7 @@ func schema_openshift_api_config_v1alpha1_AlertmanagerCustomConfig(ref common.Re }, }, SchemaProps: spec.SchemaProps{ - Description: "resources defines the compute resource requests and limits for the Alertmanager container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + Description: "resources defines the compute resource requests and limits for the Alertmanager container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -22585,7 +22490,7 @@ func schema_openshift_api_config_v1alpha1_AlertmanagerCustomConfig(ref common.Re Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.Toleration{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Toleration"), }, }, }, @@ -22608,7 +22513,7 @@ func schema_openshift_api_config_v1alpha1_AlertmanagerCustomConfig(ref common.Re Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.TopologySpreadConstraint{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.TopologySpreadConstraint"), }, }, }, @@ -22616,15 +22521,15 @@ func schema_openshift_api_config_v1alpha1_AlertmanagerCustomConfig(ref common.Re }, "volumeClaimTemplate": { SchemaProps: spec.SchemaProps{ - Description: "volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts.", - Ref: ref(corev1.PersistentVolumeClaim{}.OpenAPIModelName()), + Description: "volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class, volume size, and name. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. This field is optional.", + Ref: ref("k8s.io/api/core/v1.PersistentVolumeClaim"), }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.ContainerResource", corev1.PersistentVolumeClaim{}.OpenAPIModelName(), corev1.Toleration{}.OpenAPIModelName(), corev1.TopologySpreadConstraint{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1alpha1.ContainerResource", "k8s.io/api/core/v1.PersistentVolumeClaim", "k8s.io/api/core/v1.Toleration", "k8s.io/api/core/v1.TopologySpreadConstraint"}, } } @@ -22649,53 +22554,144 @@ func schema_openshift_api_config_v1alpha1_Audit(ref common.ReferenceCallback) co } } -func schema_openshift_api_config_v1alpha1_AuthorizationConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_Backup(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "AuthorizationConfig defines the authentication method for Alertmanager connections.", + Description: "Backup provides configuration for performing backups of the openshift cluster.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "type": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "type specifies the authentication type to use. Valid value is \"BearerToken\" (bearer token authentication). When set to BearerToken, the bearerToken field must be specified.", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "bearerToken": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", and forbidden otherwise. The secret must exist in the openshift-monitoring namespace.", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Description: "spec holds user settable values for configuration", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.BackupSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "status holds observed values from the cluster. They may not be overridden.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.BackupStatus"), }, }, }, - Required: []string{"type"}, + Required: []string{"spec"}, }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "type", - "fields-to-discriminateBy": map[string]interface{}{ - "bearerToken": "BearerToken", + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.BackupSpec", "github.com/openshift/api/config/v1alpha1.BackupStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_openshift_api_config_v1alpha1_BackupList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "BackupList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.Backup"), + }, + }, }, }, }, }, + Required: []string{"metadata", "items"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.SecretKeySelector"}, + "github.com/openshift/api/config/v1alpha1.Backup", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_config_v1alpha1_Backup(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_BackupSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "Backup provides configuration for performing backups of the openshift cluster.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "etcd": { + SchemaProps: spec.SchemaProps{ + Description: "etcd specifies the configuration for periodic backups of the etcd cluster", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.EtcdBackupSpec"), + }, + }, + }, + Required: []string{"etcd"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.EtcdBackupSpec"}, + } +} + +func schema_openshift_api_config_v1alpha1_BackupStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is \"cluster\". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -22716,21 +22712,20 @@ func schema_openshift_api_config_v1alpha1_Backup(ref common.ReferenceCallback) c SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ - Description: "spec holds user settable values for configuration", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.BackupSpec"), + Description: "spec defines the desired configuration of the CRI-O Credential Provider. This field is required and must be provided when creating the resource.", + Ref: ref("github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ - Description: "status holds observed values from the cluster. They may not be overridden.", + Description: "status represents the current state of the CRIOCredentialProviderConfig. When omitted or nil, it indicates that the status has not yet been set by the controller. The controller will populate this field with validation conditions and operational state.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.BackupStatus"), + Ref: ref("github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigStatus"), }, }, }, @@ -22738,15 +22733,15 @@ func schema_openshift_api_config_v1alpha1_Backup(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.BackupSpec", "github.com/openshift/api/config/v1alpha1.BackupStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigSpec", "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_config_v1alpha1_BackupList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "BackupList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "CRIOCredentialProviderConfigList contains a list of CRIOCredentialProviderConfig resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -22767,7 +22762,7 @@ func schema_openshift_api_config_v1alpha1_BackupList(ref common.ReferenceCallbac SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -22777,7 +22772,7 @@ func schema_openshift_api_config_v1alpha1_BackupList(ref common.ReferenceCallbac Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.Backup"), + Ref: ref("github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfig"), }, }, }, @@ -22788,77 +22783,85 @@ func schema_openshift_api_config_v1alpha1_BackupList(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.Backup", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfig", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_config_v1alpha1_BackupSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "etcd": { + "matchImages": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "set", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "etcd specifies the configuration for periodic backups of the etcd cluster", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.EtcdBackupSpec"), + Description: "matchImages is a list of string patterns used to determine whether the CRI-O credential provider should be invoked for a given image. This list is passed to the kubelet CredentialProviderConfig, and if any pattern matches the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling that image or its mirrors. Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider. Conflicts between the existing platform specific provider image match configuration and this list will be handled by the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those from the CRIOCredentialProviderConfig when both match the same image. To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml). You can check the resource's Status conditions to see if any entries were ignored due to exact matches with known built-in provider patterns.\n\nThis field is optional, the items of the list must contain between 1 and 50 entries. The list is treated as a set, so duplicate entries are not allowed.\n\nFor more details, see: https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/ https://github.com/cri-o/crio-credential-provider#architecture\n\nEach entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters. Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io', and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net'). A global wildcard '*' (matching any domain) is not allowed. Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path. For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not. Each wildcard matches only a single domain label, so '*.io' does **not** match '*.k8s.io'.\n\nA match exists between an image and a matchImage when all of the below are true: Both contain the same number of domain parts and each part matches. The URL path of an matchImages must be a prefix of the target image URL path. If the matchImages contains a port, then the port must match in the image as well.\n\nExample values of matchImages: - 123456789.dkr.ecr.us-east-1.amazonaws.com - *.azurecr.io - gcr.io - *.*.registry.io - registry.io:8080/path", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, }, - Required: []string{"etcd"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.EtcdBackupSpec"}, } } -func schema_openshift_api_config_v1alpha1_BackupStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, - }, - }, - } -} - -func schema_openshift_api_config_v1alpha1_BasicAuth(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "BasicAuth defines basic authentication settings for the remote write endpoint URL.", + Description: "CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "username": { - SchemaProps: spec.SchemaProps{ - Description: "username defines the secret reference containing the username for basic authentication. The secret must exist in the openshift-monitoring namespace.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + }, }, - }, - "password": { SchemaProps: spec.SchemaProps{ - Description: "password defines the secret reference containing the password for basic authentication. The secret must exist in the openshift-monitoring namespace.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + Description: "conditions represent the latest available observations of the configuration state. When omitted, it indicates that no conditions have been reported yet. The maximum number of conditions is 16. Conditions are stored as a map keyed by condition type, ensuring uniqueness.\n\nExpected condition types include: \"Validated\": indicates whether the matchImages configuration is valid", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + }, + }, + }, }, }, }, - Required: []string{"username", "password"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.SecretKeySelector"}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } -func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_ClusterImagePolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is \"cluster\". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "ClusterImagePolicy holds cluster-wide configuration for image signature verification\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -22879,20 +22882,21 @@ func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfig(ref commo SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ - Description: "spec defines the desired configuration of the CRI-O Credential Provider. This field is required and must be provided when creating the resource.", - Ref: ref("github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigSpec"), + Description: "spec contains the configuration for the cluster image policy.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.ClusterImagePolicySpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ - Description: "status represents the current state of the CRIOCredentialProviderConfig. When omitted or nil, it indicates that the status has not yet been set by the controller. The controller will populate this field with validation conditions and operational state.", + Description: "status contains the observed state of the resource.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigStatus"), + Ref: ref("github.com/openshift/api/config/v1alpha1.ClusterImagePolicyStatus"), }, }, }, @@ -22900,15 +22904,15 @@ func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfig(ref commo }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigSpec", "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1alpha1.ClusterImagePolicySpec", "github.com/openshift/api/config/v1alpha1.ClusterImagePolicyStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_ClusterImagePolicyList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "CRIOCredentialProviderConfigList contains a list of CRIOCredentialProviderConfig resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "ClusterImagePolicyList is a list of ClusterImagePolicy resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -22929,7 +22933,7 @@ func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigList(ref c SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -22939,7 +22943,7 @@ func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigList(ref c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfig"), + Ref: ref("github.com/openshift/api/config/v1alpha1.ClusterImagePolicy"), }, }, }, @@ -22950,25 +22954,25 @@ func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigList(ref c }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfig", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1alpha1.ClusterImagePolicy", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_ClusterImagePolicySpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider.", + Description: "CLusterImagePolicySpec is the specification of the ClusterImagePolicy custom resource.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "matchImages": { + "scopes": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ "x-kubernetes-list-type": "set", }, }, SchemaProps: spec.SchemaProps{ - Description: "matchImages is a list of string patterns used to determine whether the CRI-O credential provider should be invoked for a given image. This list is passed to the kubelet CredentialProviderConfig, and if any pattern matches the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling that image or its mirrors. Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider. Conflicts between the existing platform specific provider image match configuration and this list will be handled by the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those from the CRIOCredentialProviderConfig when both match the same image. To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml). You can check the resource's Status conditions to see if any entries were ignored due to exact matches with known built-in provider patterns.\n\nThis field is optional, the items of the list must contain between 1 and 50 entries. The list is treated as a set, so duplicate entries are not allowed.\n\nFor more details, see: https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/ https://github.com/cri-o/crio-credential-provider#architecture\n\nEach entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters. Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io', and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net'). A global wildcard '*' (matching any domain) is not allowed. Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path. For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not. Each wildcard matches only a single domain label, so '*.io' does **not** match '*.k8s.io'.\n\nA match exists between an image and a matchImage when all of the below are true: Both contain the same number of domain parts and each part matches. The URL path of an matchImages must be a prefix of the target image URL path. If the matchImages contains a port, then the port must match in the image as well.\n\nExample values of matchImages: - 123456789.dkr.ecr.us-east-1.amazonaws.com - *.azurecr.io - gcr.io - *.*.registry.io - registry.io:8080/path", + Description: "scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -22981,18 +22985,27 @@ func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigSpec(ref c }, }, }, + "policy": { + SchemaProps: spec.SchemaProps{ + Description: "policy contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.ImageSigstoreVerificationPolicy"), + }, + }, }, + Required: []string{"scopes", "policy"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.ImageSigstoreVerificationPolicy"}, } } -func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_ClusterImagePolicyStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig", - Type: []string{"object"}, + Type: []string{"object"}, Properties: map[string]spec.Schema{ "conditions": { VendorExtensible: spec.VendorExtensible{ @@ -23004,13 +23017,13 @@ func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigStatus(ref }, }, SchemaProps: spec.SchemaProps{ - Description: "conditions represent the latest available observations of the configuration state. When omitted, it indicates that no conditions have been reported yet. The maximum number of conditions is 16. Conditions are stored as a map keyed by condition type, ensuring uniqueness.\n\nExpected condition types include: \"Validated\": indicates whether the matchImages configuration is valid", + Description: "conditions provide details on the status of this API Resource.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -23020,29 +23033,7 @@ func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigStatus(ref }, }, Dependencies: []string{ - metav1.Condition{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_config_v1alpha1_CertificateConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "CertificateConfig specifies configuration parameters for certificates. At least one property must be specified.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "key": { - SchemaProps: spec.SchemaProps{ - Description: "key specifies the cryptographic parameters for the certificate's key pair. Currently this is the only configurable parameter. When omitted in an overrides entry, the key configuration from defaults is used.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.KeyConfig"), - }, - }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.KeyConfig"}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -23071,7 +23062,7 @@ func schema_openshift_api_config_v1alpha1_ClusterMonitoring(ref common.Reference SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object metadata.", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -23093,7 +23084,7 @@ func schema_openshift_api_config_v1alpha1_ClusterMonitoring(ref common.Reference }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.ClusterMonitoringSpec", "github.com/openshift/api/config/v1alpha1.ClusterMonitoringStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1alpha1.ClusterMonitoringSpec", "github.com/openshift/api/config/v1alpha1.ClusterMonitoringStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -23122,7 +23113,7 @@ func schema_openshift_api_config_v1alpha1_ClusterMonitoringList(ref common.Refer SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list metadata.", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -23143,7 +23134,7 @@ func schema_openshift_api_config_v1alpha1_ClusterMonitoringList(ref common.Refer }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.ClusterMonitoring", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1alpha1.ClusterMonitoring", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -23168,13 +23159,6 @@ func schema_openshift_api_config_v1alpha1_ClusterMonitoringSpec(ref common.Refer Ref: ref("github.com/openshift/api/config/v1alpha1.AlertmanagerConfig"), }, }, - "prometheusConfig": { - SchemaProps: spec.SchemaProps{ - Description: "prometheusConfig provides configuration options for the default platform Prometheus instance that runs in the `openshift-monitoring` namespace. This configuration applies only to the platform Prometheus instance; user-workload Prometheus instances are configured separately.\n\nThis field allows you to customize how the platform Prometheus is deployed and operated, including:\n - Pod scheduling (node selectors, tolerations, topology spread constraints)\n - Resource allocation (CPU, memory requests/limits)\n - Retention policies (how long metrics are stored)\n - External integrations (remote write, additional alertmanagers)\n\nThis field is optional. When omitted, the platform chooses reasonable defaults, which may change over time.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.PrometheusConfig"), - }, - }, "metricsServerConfig": { SchemaProps: spec.SchemaProps{ Description: "metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", @@ -23189,32 +23173,11 @@ func schema_openshift_api_config_v1alpha1_ClusterMonitoringSpec(ref common.Refer Ref: ref("github.com/openshift/api/config/v1alpha1.PrometheusOperatorConfig"), }, }, - "prometheusOperatorAdmissionWebhookConfig": { - SchemaProps: spec.SchemaProps{ - Description: "prometheusOperatorAdmissionWebhookConfig is an optional field that can be used to configure the admission webhook component of Prometheus Operator that runs in the openshift-monitoring namespace. The admission webhook validates PrometheusRule and AlertmanagerConfig objects to ensure they are semantically valid, mutates PrometheusRule annotations, and converts AlertmanagerConfig objects between API versions. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.PrometheusOperatorAdmissionWebhookConfig"), - }, - }, - "openShiftStateMetricsConfig": { - SchemaProps: spec.SchemaProps{ - Description: "openShiftStateMetricsConfig is an optional field that can be used to configure the openshift-state-metrics agent that runs in the openshift-monitoring namespace. The openshift-state-metrics agent generates metrics about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.OpenShiftStateMetricsConfig"), - }, - }, - "telemeterClientConfig": { - SchemaProps: spec.SchemaProps{ - Description: "telemeterClientConfig is an optional field that can be used to configure the Telemeter Client component that runs in the openshift-monitoring namespace. The Telemeter Client collects selected monitoring metrics and forwards them to Red Hat for telemetry purposes. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. When set, at least one field must be specified within telemeterClientConfig.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.TelemeterClientConfig"), - }, - }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.AlertmanagerConfig", "github.com/openshift/api/config/v1alpha1.MetricsServerConfig", "github.com/openshift/api/config/v1alpha1.OpenShiftStateMetricsConfig", "github.com/openshift/api/config/v1alpha1.PrometheusConfig", "github.com/openshift/api/config/v1alpha1.PrometheusOperatorAdmissionWebhookConfig", "github.com/openshift/api/config/v1alpha1.PrometheusOperatorConfig", "github.com/openshift/api/config/v1alpha1.TelemeterClientConfig", "github.com/openshift/api/config/v1alpha1.UserDefinedMonitoring"}, + "github.com/openshift/api/config/v1alpha1.AlertmanagerConfig", "github.com/openshift/api/config/v1alpha1.MetricsServerConfig", "github.com/openshift/api/config/v1alpha1.PrometheusOperatorConfig", "github.com/openshift/api/config/v1alpha1.UserDefinedMonitoring"}, } } @@ -23246,13 +23209,13 @@ func schema_openshift_api_config_v1alpha1_ContainerResource(ref common.Reference "request": { SchemaProps: spec.SchemaProps{ Description: "request is the minimum amount of the resource required (e.g. \"2Mi\", \"1Gi\"). This field is optional. When limit is specified, request cannot be greater than limit.", - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, "limit": { SchemaProps: spec.SchemaProps{ Description: "limit is the maximum amount of the resource allowed (e.g. \"2Mi\", \"1Gi\"). This field is optional. When request is specified, limit cannot be less than request. The value must be greater than 0 when specified.", - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -23260,116 +23223,7 @@ func schema_openshift_api_config_v1alpha1_ContainerResource(ref common.Reference }, }, Dependencies: []string{ - resource.Quantity{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_config_v1alpha1_CustomPKIPolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "CustomPKIPolicy contains administrator-specified cryptographic configuration. Administrators must specify defaults for all certificates and may optionally override specific categories of certificates.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "defaults": { - SchemaProps: spec.SchemaProps{ - Description: "defaults specifies the default certificate configuration that applies to all certificates unless overridden by a category override.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.DefaultCertificateConfig"), - }, - }, - "signerCertificates": { - SchemaProps: spec.SchemaProps{ - Description: "signerCertificates optionally overrides certificate parameters for certificate authority (CA) certificates that sign other certificates. When set, these parameters take precedence over defaults for all signer certificates. When omitted, the defaults are used for signer certificates.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.CertificateConfig"), - }, - }, - "servingCertificates": { - SchemaProps: spec.SchemaProps{ - Description: "servingCertificates optionally overrides certificate parameters for TLS server certificates used to serve HTTPS endpoints. When set, these parameters take precedence over defaults for all serving certificates. When omitted, the defaults are used for serving certificates.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.CertificateConfig"), - }, - }, - "clientCertificates": { - SchemaProps: spec.SchemaProps{ - Description: "clientCertificates optionally overrides certificate parameters for client authentication certificates used to authenticate to servers. When set, these parameters take precedence over defaults for all client certificates. When omitted, the defaults are used for client certificates.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.CertificateConfig"), - }, - }, - }, - Required: []string{"defaults"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.CertificateConfig", "github.com/openshift/api/config/v1alpha1.DefaultCertificateConfig"}, - } -} - -func schema_openshift_api_config_v1alpha1_DefaultCertificateConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "DefaultCertificateConfig specifies the default certificate configuration parameters. All fields are required to ensure that defaults are fully specified for all certificates.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "key": { - SchemaProps: spec.SchemaProps{ - Description: "key specifies the cryptographic parameters for the certificate's key pair. This field is required in defaults to ensure all certificates have a well-defined key configuration.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.KeyConfig"), - }, - }, - }, - Required: []string{"key"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.KeyConfig"}, - } -} - -func schema_openshift_api_config_v1alpha1_DropEqualActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "DropEqualActionConfig configures the DropEqual action. Drops targets for which the concatenated source_labels do match the value of target_label. Requires Prometheus >= v2.41.0.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "targetLabel": { - SchemaProps: spec.SchemaProps{ - Description: "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. Must be between 1 and 128 characters in length.", - Type: []string{"string"}, - Format: "", - }, - }, - }, - Required: []string{"targetLabel"}, - }, - }, - } -} - -func schema_openshift_api_config_v1alpha1_ECDSAKeyConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ECDSAKeyConfig specifies parameters for ECDSA key generation.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "curve": { - SchemaProps: spec.SchemaProps{ - Description: "curve specifies the NIST elliptic curve for ECDSA keys. Valid values are \"P256\", \"P384\", and \"P521\".\n\nWhen set to P256, the NIST P-256 curve (also known as secp256r1) is used, providing 128-bit security.\n\nWhen set to P384, the NIST P-384 curve (also known as secp384r1) is used, providing 192-bit security.\n\nWhen set to P521, the NIST P-521 curve (also known as secp521r1) is used, providing 256-bit security.", - Type: []string{"string"}, - Format: "", - }, - }, - }, - Required: []string{"curve"}, - }, - }, + "k8s.io/apimachinery/pkg/api/resource.Quantity"}, } } @@ -23434,11 +23288,6 @@ func schema_openshift_api_config_v1alpha1_GatherConfig(ref common.ReferenceCallb }, }, "disabledGatherers": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, SchemaProps: spec.SchemaProps{ Description: "disabledGatherers is a list of gatherers to be excluded from the gathering. All the gatherers can be disabled by providing \"all\" value. If all the gatherers are disabled, the Insights operator does not gather any data. The format for the disabledGatherer should be: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\" An example of disabling gatherers looks like this: `disabledGatherers: [\"clusterconfig/machine_configs\", \"workloads/workload_info\"]`", Type: []string{"array"}, @@ -23467,39 +23316,11 @@ func schema_openshift_api_config_v1alpha1_GatherConfig(ref common.ReferenceCallb } } -func schema_openshift_api_config_v1alpha1_HashModActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "HashModActionConfig configures the HashMod action. target_label is set to the modulus of a hash of the concatenated source_labels (target = hash % modulus).", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "targetLabel": { - SchemaProps: spec.SchemaProps{ - Description: "targetLabel is the label name where the hash modulus result is written. Must be between 1 and 128 characters in length.", - Type: []string{"string"}, - Format: "", - }, - }, - "modulus": { - SchemaProps: spec.SchemaProps{ - Description: "modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). Required when using the HashMod action so the intended behavior is explicit. Must be between 1 and 1000000.", - Type: []string{"integer"}, - Format: "int64", - }, - }, - }, - Required: []string{"targetLabel", "modulus"}, - }, - }, - } -} - -func schema_openshift_api_config_v1alpha1_InsightsDataGather(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_ImagePolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "InsightsDataGather provides data gather configuration options for the the Insights Operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "ImagePolicy holds namespace-wide configuration for image signature verification\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -23520,21 +23341,21 @@ func schema_openshift_api_config_v1alpha1_InsightsDataGather(ref common.Referenc SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "spec holds user settable values for configuration", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.InsightsDataGatherSpec"), + Ref: ref("github.com/openshift/api/config/v1alpha1.ImagePolicySpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ - Description: "status holds observed values from the cluster. They may not be overridden.", + Description: "status contains the observed state of the resource.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.InsightsDataGatherStatus"), + Ref: ref("github.com/openshift/api/config/v1alpha1.ImagePolicyStatus"), }, }, }, @@ -23542,15 +23363,52 @@ func schema_openshift_api_config_v1alpha1_InsightsDataGather(ref common.Referenc }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.InsightsDataGatherSpec", "github.com/openshift/api/config/v1alpha1.InsightsDataGatherStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1alpha1.ImagePolicySpec", "github.com/openshift/api/config/v1alpha1.ImagePolicyStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_config_v1alpha1_InsightsDataGatherList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_ImagePolicyFulcioCAWithRekorRootOfTrust(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "InsightsDataGatherList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "fulcioCAData": { + SchemaProps: spec.SchemaProps{ + Description: "fulcioCAData contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters.", + Type: []string{"string"}, + Format: "byte", + }, + }, + "rekorKeyData": { + SchemaProps: spec.SchemaProps{ + Description: "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", + Type: []string{"string"}, + Format: "byte", + }, + }, + "fulcioSubject": { + SchemaProps: spec.SchemaProps{ + Description: "fulcioSubject specifies OIDC issuer and the email of the Fulcio authentication configuration.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.PolicyFulcioSubject"), + }, + }, + }, + Required: []string{"fulcioCAData", "rekorKeyData", "fulcioSubject"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.PolicyFulcioSubject"}, + } +} + +func schema_openshift_api_config_v1alpha1_ImagePolicyList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ImagePolicyList is a list of ImagePolicy resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -23571,7 +23429,7 @@ func schema_openshift_api_config_v1alpha1_InsightsDataGatherList(ref common.Refe SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -23581,7 +23439,7 @@ func schema_openshift_api_config_v1alpha1_InsightsDataGatherList(ref common.Refe Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.InsightsDataGather"), + Ref: ref("github.com/openshift/api/config/v1alpha1.ImagePolicy"), }, }, }, @@ -23592,229 +23450,313 @@ func schema_openshift_api_config_v1alpha1_InsightsDataGatherList(ref common.Refe }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.InsightsDataGather", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1alpha1.ImagePolicy", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_config_v1alpha1_InsightsDataGatherSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_ImagePolicyPKIRootOfTrust(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "gatherConfig": { + "caRootsData": { SchemaProps: spec.SchemaProps{ - Description: "gatherConfig spec attribute includes all the configuration options related to gathering of the Insights data and its uploading to the ingress.", + Description: "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters.", + Type: []string{"string"}, + Format: "byte", + }, + }, + "caIntermediatesData": { + SchemaProps: spec.SchemaProps{ + Description: "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set.", + Type: []string{"string"}, + Format: "byte", + }, + }, + "pkiCertificateSubject": { + SchemaProps: spec.SchemaProps{ + Description: "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.GatherConfig"), + Ref: ref("github.com/openshift/api/config/v1alpha1.PKICertificateSubject"), }, }, }, + Required: []string{"caRootsData", "pkiCertificateSubject"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.GatherConfig"}, - } -} - -func schema_openshift_api_config_v1alpha1_InsightsDataGatherStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, - }, - }, + "github.com/openshift/api/config/v1alpha1.PKICertificateSubject"}, } } -func schema_openshift_api_config_v1alpha1_KeepEqualActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_ImagePolicyPublicKeyRootOfTrust(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "KeepEqualActionConfig configures the KeepEqual action. Drops targets for which the concatenated source_labels do not match the value of target_label. Requires Prometheus >= v2.41.0.", + Description: "ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "targetLabel": { + "keyData": { SchemaProps: spec.SchemaProps{ - Description: "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. Must be between 1 and 128 characters in length.", + Description: "keyData contains inline base64-encoded data for the PEM format public key. KeyData must be at most 8192 characters.", Type: []string{"string"}, - Format: "", + Format: "byte", + }, + }, + "rekorKeyData": { + SchemaProps: spec.SchemaProps{ + Description: "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", + Type: []string{"string"}, + Format: "byte", }, }, }, - Required: []string{"targetLabel"}, + Required: []string{"keyData"}, }, }, } } -func schema_openshift_api_config_v1alpha1_KeyConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_ImagePolicySpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "KeyConfig specifies cryptographic parameters for key generation.", + Description: "ImagePolicySpec is the specification of the ImagePolicy CRD.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "algorithm": { - SchemaProps: spec.SchemaProps{ - Description: "algorithm specifies the key generation algorithm. Valid values are \"RSA\" and \"ECDSA\".\n\nWhen set to RSA, the rsa field must be specified and the generated key will be an RSA key with the configured key size.\n\nWhen set to ECDSA, the ecdsa field must be specified and the generated key will be an ECDSA key using the configured elliptic curve.", - Type: []string{"string"}, - Format: "", + "scopes": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "set", + }, }, - }, - "rsa": { SchemaProps: spec.SchemaProps{ - Description: "rsa specifies RSA key parameters. Required when algorithm is RSA, and forbidden otherwise.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.RSAKeyConfig"), + Description: "scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "ecdsa": { + "policy": { SchemaProps: spec.SchemaProps{ - Description: "ecdsa specifies ECDSA key parameters. Required when algorithm is ECDSA, and forbidden otherwise.", + Description: "policy contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.ECDSAKeyConfig"), - }, - }, - }, - Required: []string{"algorithm"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "algorithm", - "fields-to-discriminateBy": map[string]interface{}{ - "ecdsa": "ECDSA", - "rsa": "RSA", - }, + Ref: ref("github.com/openshift/api/config/v1alpha1.ImageSigstoreVerificationPolicy"), }, }, }, + Required: []string{"scopes", "policy"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.ECDSAKeyConfig", "github.com/openshift/api/config/v1alpha1.RSAKeyConfig"}, + "github.com/openshift/api/config/v1alpha1.ImageSigstoreVerificationPolicy"}, } } -func schema_openshift_api_config_v1alpha1_Label(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_ImagePolicyStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "Label represents a key/value pair for external labels.", - Type: []string{"object"}, + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "key": { - SchemaProps: spec.SchemaProps{ - Description: "key is the name of the label. Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. Must be between 1 and 128 characters in length.", - Type: []string{"string"}, - Format: "", + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + }, }, - }, - "value": { SchemaProps: spec.SchemaProps{ - Description: "value is the value of the label. Must be between 1 and 128 characters in length.", - Type: []string{"string"}, - Format: "", + Description: "conditions provide details on the status of this API Resource.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + }, + }, + }, }, }, }, - Required: []string{"key", "value"}, }, }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } -func schema_openshift_api_config_v1alpha1_LabelMapActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_ImageSigstoreVerificationPolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "LabelMapActionConfig configures the LabelMap action. Regex is matched against all source label names (not just source_labels). Matching label values are copied to new label names given by replacement, with match group references (${1}, ${2}, ...) substituted.", + Description: "ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "replacement": { + "rootOfTrust": { SchemaProps: spec.SchemaProps{ - Description: "replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. Required when using the LabelMap action so the intended behavior is explicit and the platform does not need to apply defaults. Use \"$1\" for the first capture group, \"$2\" for the second, etc. Must be between 1 and 255 characters in length. Empty string is invalid as it would produce invalid label names.", - Type: []string{"string"}, - Format: "", + Description: "rootOfTrust specifies the root of trust for the policy.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.PolicyRootOfTrust"), + }, + }, + "signedIdentity": { + SchemaProps: spec.SchemaProps{ + Description: "signedIdentity specifies what image identity the signature claims about the image. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.PolicyIdentity"), }, }, }, - Required: []string{"replacement"}, + Required: []string{"rootOfTrust"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.PolicyIdentity", "github.com/openshift/api/config/v1alpha1.PolicyRootOfTrust"}, } } -func schema_openshift_api_config_v1alpha1_LowercaseActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_InsightsDataGather(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "LowercaseActionConfig configures the Lowercase action. Maps the concatenated source_labels to their lower case and writes to target_label. Requires Prometheus >= v2.36.0.", + Description: "InsightsDataGather provides data gather configuration options for the the Insights Operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "targetLabel": { + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "targetLabel is the label name where the lower-cased value is written. Must be between 1 and 128 characters in length.", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Description: "spec holds user settable values for configuration", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.InsightsDataGatherSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "status holds observed values from the cluster. They may not be overridden.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.InsightsDataGatherStatus"), + }, + }, }, - Required: []string{"targetLabel"}, + Required: []string{"spec"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.InsightsDataGatherSpec", "github.com/openshift/api/config/v1alpha1.InsightsDataGatherStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_config_v1alpha1_MetadataConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_InsightsDataGatherList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MetadataConfig defines whether and how to send series metadata to remote write storage.", + Description: "InsightsDataGatherList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "sendPolicy": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "sendPolicy specifies whether to send metadata and how it is configured. Default: send metadata using platform-chosen defaults (e.g. send interval 30 seconds). Custom: send metadata using the settings in the custom field.", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "custom": { + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "custom defines custom metadata send settings. Required when sendPolicy is Custom (must have at least one property), and forbidden when sendPolicy is Default.", + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.MetadataConfigCustom"), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.InsightsDataGather"), + }, + }, + }, }, }, }, - Required: []string{"sendPolicy"}, + Required: []string{"metadata", "items"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.MetadataConfigCustom"}, + "github.com/openshift/api/config/v1alpha1.InsightsDataGather", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_config_v1alpha1_MetadataConfigCustom(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_InsightsDataGatherSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MetadataConfigCustom defines custom settings for sending series metadata when sendPolicy is Custom. At least one property must be set when sendPolicy is Custom (e.g. sendIntervalSeconds).", - Type: []string{"object"}, + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "sendIntervalSeconds": { + "gatherConfig": { SchemaProps: spec.SchemaProps{ - Description: "sendIntervalSeconds is the interval in seconds at which metadata is sent. When omitted, the platform chooses a reasonable default (e.g. 30 seconds). Minimum value is 1 second. Maximum value is 86400 seconds (24 hours).", - Type: []string{"integer"}, - Format: "int32", + Description: "gatherConfig spec attribute includes all the configuration options related to gathering of the Insights data and its uploading to the ingress.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.GatherConfig"), }, }, }, }, }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.GatherConfig"}, + } +} + +func schema_openshift_api_config_v1alpha1_InsightsDataGatherStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + }, + }, } } @@ -23861,7 +23803,7 @@ func schema_openshift_api_config_v1alpha1_MetricsServerConfig(ref common.Referen Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.Toleration{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Toleration"), }, }, }, @@ -23884,7 +23826,7 @@ func schema_openshift_api_config_v1alpha1_MetricsServerConfig(ref common.Referen }, }, SchemaProps: spec.SchemaProps{ - Description: "resources defines the compute resource requests and limits for the Metrics Server container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + Description: "resources defines the compute resource requests and limits for the Metrics Server container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -23913,7 +23855,7 @@ func schema_openshift_api_config_v1alpha1_MetricsServerConfig(ref common.Referen Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.TopologySpreadConstraint{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.TopologySpreadConstraint"), }, }, }, @@ -23923,127 +23865,291 @@ func schema_openshift_api_config_v1alpha1_MetricsServerConfig(ref common.Referen }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.Audit", "github.com/openshift/api/config/v1alpha1.ContainerResource", corev1.Toleration{}.OpenAPIModelName(), corev1.TopologySpreadConstraint{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1alpha1.Audit", "github.com/openshift/api/config/v1alpha1.ContainerResource", "k8s.io/api/core/v1.Toleration", "k8s.io/api/core/v1.TopologySpreadConstraint"}, } } -func schema_openshift_api_config_v1alpha1_OAuth2(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_PKICertificateSubject(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "OAuth2 defines OAuth2 authentication settings for the remote write endpoint.", + Description: "PKICertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "clientId": { + "email": { SchemaProps: spec.SchemaProps{ - Description: "clientId defines the secret reference containing the OAuth2 client ID. The secret must exist in the openshift-monitoring namespace.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + Description: "email specifies the expected email address imposed on the subject to which the certificate was issued, and must match the email address listed in the Subject Alternative Name (SAN) field of the certificate. The email should be a valid email address and at most 320 characters in length.", + Type: []string{"string"}, + Format: "", }, }, - "clientSecret": { + "hostname": { + SchemaProps: spec.SchemaProps{ + Description: "hostname specifies the expected hostname imposed on the subject to which the certificate was issued, and it must match the hostname listed in the Subject Alternative Name (SAN) DNS field of the certificate. The hostname should be a valid dns 1123 subdomain name, optionally prefixed by '*.', and at most 253 characters in length. It should consist only of lowercase alphanumeric characters, hyphens, periods and the optional preceding asterisk.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_PersistentVolumeClaimReference(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"name"}, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_PersistentVolumeConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "persistentVolumeConfig provides configuration options for PersistentVolume storage.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "claim": { SchemaProps: spec.SchemaProps{ - Description: "clientSecret defines the secret reference containing the OAuth2 client secret. The secret must exist in the openshift-monitoring namespace.", + Description: "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + Ref: ref("github.com/openshift/api/config/v1alpha1.PersistentVolumeClaimReference"), }, }, - "tokenUrl": { + "mountPath": { SchemaProps: spec.SchemaProps{ - Description: "tokenUrl is the URL to fetch the token from. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + Description: "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", Type: []string{"string"}, Format: "", }, }, - "scopes": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, + }, + Required: []string{"claim"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.PersistentVolumeClaimReference"}, + } +} + +func schema_openshift_api_config_v1alpha1_PolicyFulcioSubject(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "PolicyFulcioSubject defines the OIDC issuer and the email of the Fulcio authentication configuration.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "oidcIssuer": { + SchemaProps: spec.SchemaProps{ + Description: "oidcIssuer contains the expected OIDC issuer. It will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL. When Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token. Example: \"https://expected.OIDC.issuer/\"", + Default: "", + Type: []string{"string"}, + Format: "", }, + }, + "signedEmail": { SchemaProps: spec.SchemaProps{ - Description: "scopes is a list of OAuth2 scopes to request. When omitted, no scopes are requested. Maximum of 20 scopes can be specified. Each scope must be between 1 and 256 characters.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "signedEmail holds the email address the the Fulcio certificate is issued for. Example: \"expected-signing-user@example.com\"", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "endpointParams": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, + }, + Required: []string{"oidcIssuer", "signedEmail"}, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_PolicyIdentity(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "PolicyIdentity defines image identity the signature claims about the image. When omitted, the default matchPolicy is \"MatchRepoDigestOrExact\".", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "matchPolicy": { + SchemaProps: spec.SchemaProps{ + Description: "matchPolicy sets the type of matching to be used. Valid values are \"MatchRepoDigestOrExact\", \"MatchRepository\", \"ExactRepository\", \"RemapIdentity\". When omitted, the default value is \"MatchRepoDigestOrExact\". If set matchPolicy to ExactRepository, then the exactRepository must be specified. If set matchPolicy to RemapIdentity, then the remapIdentity must be specified. \"MatchRepoDigestOrExact\" means that the identity in the signature must be in the same repository as the image identity if the image identity is referenced by a digest. Otherwise, the identity in the signature must be the same as the image identity. \"MatchRepository\" means that the identity in the signature must be in the same repository as the image identity. \"ExactRepository\" means that the identity in the signature must be in the same repository as a specific identity specified by \"repository\". \"RemapIdentity\" means that the signature must be in the same as the remapped image identity. Remapped image identity is obtained by replacing the \"prefix\" with the specified “signedPrefix” if the the image identity matches the specified remapPrefix.", + Default: "", + Type: []string{"string"}, + Format: "", }, + }, + "exactRepository": { SchemaProps: spec.SchemaProps{ - Description: "endpointParams defines additional parameters to append to the token URL. When omitted, no additional parameters are sent. Maximum of 20 parameters can be specified. Entries must have unique names (name is the list key).", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.OAuth2EndpointParam"), - }, - }, + Description: "exactRepository is required if matchPolicy is set to \"ExactRepository\".", + Ref: ref("github.com/openshift/api/config/v1alpha1.PolicyMatchExactRepository"), + }, + }, + "remapIdentity": { + SchemaProps: spec.SchemaProps{ + Description: "remapIdentity is required if matchPolicy is set to \"RemapIdentity\".", + Ref: ref("github.com/openshift/api/config/v1alpha1.PolicyMatchRemapIdentity"), + }, + }, + }, + Required: []string{"matchPolicy"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "matchPolicy", + "fields-to-discriminateBy": map[string]interface{}{ + "exactRepository": "PolicyMatchExactRepository", + "remapIdentity": "PolicyMatchRemapIdentity", }, }, }, }, - Required: []string{"clientId", "clientSecret", "tokenUrl"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.OAuth2EndpointParam", "github.com/openshift/api/config/v1alpha1.SecretKeySelector"}, + "github.com/openshift/api/config/v1alpha1.PolicyMatchExactRepository", "github.com/openshift/api/config/v1alpha1.PolicyMatchRemapIdentity"}, } } -func schema_openshift_api_config_v1alpha1_OAuth2EndpointParam(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_PolicyMatchExactRepository(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "OAuth2EndpointParam defines a name/value parameter for the OAuth2 token URL.", - Type: []string{"object"}, + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "repository": { SchemaProps: spec.SchemaProps{ - Description: "name is the parameter name. Must be between 1 and 256 characters.", + Description: "repository is the reference of the image identity to be matched. The value should be a repository name (by omitting the tag or digest) in a registry implementing the \"Docker Registry HTTP API V2\". For example, docker.io/library/busybox", + Default: "", Type: []string{"string"}, Format: "", }, }, - "value": { + }, + Required: []string{"repository"}, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_PolicyMatchRemapIdentity(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "prefix": { SchemaProps: spec.SchemaProps{ - Description: "value is the optional parameter value. When omitted, the query parameter is applied as ?name (no value). When set (including to the empty string), it is applied as ?name=value. Empty string may be used when the external system expects a parameter with an empty value (e.g. ?parameter=\"\"). Must be between 0 and 2048 characters when present (aligned with common URL length recommendations).", + Description: "prefix is the prefix of the image identity to be matched. If the image identity matches the specified prefix, that prefix is replaced by the specified “signedPrefix” (otherwise it is used as unchanged and no remapping takes place). This useful when verifying signatures for a mirror of some other repository namespace that preserves the vendor’s repository structure. The prefix and signedPrefix values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "signedPrefix": { + SchemaProps: spec.SchemaProps{ + Description: "signedPrefix is the prefix of the image identity to be matched in the signature. The format is the same as \"prefix\". The values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", + Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"name"}, + Required: []string{"prefix", "signedPrefix"}, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_PolicyRootOfTrust(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "PolicyRootOfTrust defines the root of trust based on the selected policyType.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "policyType": { + SchemaProps: spec.SchemaProps{ + Description: "policyType serves as the union's discriminator. Users are required to assign a value to this field, choosing one of the policy types that define the root of trust. \"PublicKey\" indicates that the policy relies on a sigstore publicKey and may optionally use a Rekor verification. \"FulcioCAWithRekor\" indicates that the policy is based on the Fulcio certification and incorporates a Rekor verification. \"PKI\" indicates that the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "publicKey": { + SchemaProps: spec.SchemaProps{ + Description: "publicKey defines the root of trust based on a sigstore public key.", + Ref: ref("github.com/openshift/api/config/v1alpha1.ImagePolicyPublicKeyRootOfTrust"), + }, + }, + "fulcioCAWithRekor": { + SchemaProps: spec.SchemaProps{ + Description: "fulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key. For more information about Fulcio and Rekor, please refer to the document at: https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor", + Ref: ref("github.com/openshift/api/config/v1alpha1.ImagePolicyFulcioCAWithRekorRootOfTrust"), + }, + }, + "pki": { + SchemaProps: spec.SchemaProps{ + Description: "pki defines the root of trust based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates.", + Ref: ref("github.com/openshift/api/config/v1alpha1.ImagePolicyPKIRootOfTrust"), + }, + }, + }, + Required: []string{"policyType"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "policyType", + "fields-to-discriminateBy": map[string]interface{}{ + "fulcioCAWithRekor": "FulcioCAWithRekor", + "pki": "PKI", + "publicKey": "PublicKey", + }, + }, + }, + }, }, }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.ImagePolicyFulcioCAWithRekorRootOfTrust", "github.com/openshift/api/config/v1alpha1.ImagePolicyPKIRootOfTrust", "github.com/openshift/api/config/v1alpha1.ImagePolicyPublicKeyRootOfTrust"}, } } -func schema_openshift_api_config_v1alpha1_OpenShiftStateMetricsConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_PrometheusOperatorConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "OpenShiftStateMetricsConfig provides configuration options for the openshift-state-metrics agent that runs in the `openshift-monitoring` namespace. The openshift-state-metrics agent generates metrics about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments.", + Description: "PrometheusOperatorConfig provides configuration options for the Prometheus Operator instance Use this configuration to control how the Prometheus Operator instance is deployed, how it logs, and how its pods are scheduled.", Type: []string{"object"}, Properties: map[string]spec.Schema{ + "logLevel": { + SchemaProps: spec.SchemaProps{ + Description: "logLevel defines the verbosity of logs emitted by Prometheus Operator. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + Type: []string{"string"}, + Format: "", + }, + }, "nodeSelector": { SchemaProps: spec.SchemaProps{ - Description: "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + Description: "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", Type: []string{"object"}, AdditionalProperties: &spec.SchemaOrBool{ Allows: true, @@ -24067,7 +24173,7 @@ func schema_openshift_api_config_v1alpha1_OpenShiftStateMetricsConfig(ref common }, }, SchemaProps: spec.SchemaProps{ - Description: "resources defines the compute resource requests and limits for the openshift-state-metrics container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 1m\n limit: null\n - name: memory\n request: 32Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + Description: "resources defines the compute resource requests and limits for the Prometheus Operator container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -24092,7 +24198,7 @@ func schema_openshift_api_config_v1alpha1_OpenShiftStateMetricsConfig(ref common Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.Toleration{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Toleration"), }, }, }, @@ -24109,13 +24215,13 @@ func schema_openshift_api_config_v1alpha1_OpenShiftStateMetricsConfig(ref common }, }, SchemaProps: spec.SchemaProps{ - Description: "topologySpreadConstraints defines rules for how openshift-state-metrics Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + Description: "topologySpreadConstraints defines rules for how Prometheus Operator Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.TopologySpreadConstraint{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.TopologySpreadConstraint"), }, }, }, @@ -24125,85 +24231,71 @@ func schema_openshift_api_config_v1alpha1_OpenShiftStateMetricsConfig(ref common }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.ContainerResource", corev1.Toleration{}.OpenAPIModelName(), corev1.TopologySpreadConstraint{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1alpha1.ContainerResource", "k8s.io/api/core/v1.Toleration", "k8s.io/api/core/v1.TopologySpreadConstraint"}, } } -func schema_openshift_api_config_v1alpha1_PKI(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_RetentionNumberConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PKI configures cryptographic parameters for certificates generated internally by OpenShift components.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "RetentionNumberConfig specifies the configuration of the retention policy on the number of backups", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), - }, - }, - "spec": { + "maxNumberOfBackups": { SchemaProps: spec.SchemaProps{ - Description: "spec holds user settable values for configuration", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.PKISpec"), + Description: "maxNumberOfBackups defines the maximum number of backups to retain. If the existing number of backups saved is equal to MaxNumberOfBackups then the oldest backup will be removed before a new backup is initiated.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, }, - Required: []string{"spec"}, + Required: []string{"maxNumberOfBackups"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.PKISpec", metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_config_v1alpha1_PKICertificateManagement(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_RetentionPolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PKICertificateManagement determines whether components use hardcoded defaults (Unmanaged), follow OpenShift best practices (Default), or use administrator-specified cryptographic parameters (Custom). This provides flexibility for organizations with specific compliance requirements or security policies while maintaining backwards compatibility for existing clusters.", + Description: "RetentionPolicy defines the retention policy for retaining and deleting existing backups. This struct is a discriminated union that allows users to select the type of retention policy from the supported types.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "mode": { + "retentionType": { SchemaProps: spec.SchemaProps{ - Description: "mode determines how PKI configuration is managed. Valid values are \"Unmanaged\", \"Default\", and \"Custom\".\n\nWhen set to Unmanaged, components use their existing hardcoded certificate generation behavior, exactly as if this feature did not exist. Each component generates certificates using whatever parameters it was using before this feature. While most components use RSA 2048, some may use different parameters. Use of this mode might prevent upgrading to the next major OpenShift release.\n\nWhen set to Default, OpenShift-recommended best practices for certificate generation are applied. The specific parameters may evolve across OpenShift releases to adopt improved cryptographic standards. In the initial release, this matches Unmanaged behavior for each component. In future releases, this may adopt ECDSA or larger RSA keys based on industry best practices. Recommended for most customers who want to benefit from security improvements automatically.\n\nWhen set to Custom, the certificate management parameters can be set explicitly. Use the custom field to specify certificate generation parameters.", + Description: "retentionType sets the type of retention policy. Currently, the only valid policies are retention by number of backups (RetentionNumber), by the size of backups (RetentionSize). More policies or types may be added in the future. Empty string means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. The current default is RetentionNumber with 15 backups kept.\n\nPossible enum values:\n - `\"RetentionNumber\"` sets the retention policy based on the number of backup files saved\n - `\"RetentionSize\"` sets the retention policy based on the total size of the backup files saved", + Default: "", Type: []string{"string"}, Format: "", + Enum: []interface{}{"RetentionNumber", "RetentionSize"}, }, }, - "custom": { + "retentionNumber": { SchemaProps: spec.SchemaProps{ - Description: "custom contains administrator-specified cryptographic configuration. Use the defaults and category override fields to specify certificate generation parameters. Required when mode is Custom, and forbidden otherwise.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.CustomPKIPolicy"), + Description: "retentionNumber configures the retention policy based on the number of backups", + Ref: ref("github.com/openshift/api/config/v1alpha1.RetentionNumberConfig"), + }, + }, + "retentionSize": { + SchemaProps: spec.SchemaProps{ + Description: "retentionSize configures the retention policy based on the size of backups", + Ref: ref("github.com/openshift/api/config/v1alpha1.RetentionSizeConfig"), }, }, }, - Required: []string{"mode"}, + Required: []string{"retentionType"}, }, VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ "x-kubernetes-unions": []interface{}{ map[string]interface{}{ - "discriminator": "mode", + "discriminator": "retentionType", "fields-to-discriminateBy": map[string]interface{}{ - "custom": "Custom", + "retentionNumber": "RetentionNumber", + "retentionSize": "RetentionSize", }, }, }, @@ -24211,188 +24303,93 @@ func schema_openshift_api_config_v1alpha1_PKICertificateManagement(ref common.Re }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.CustomPKIPolicy"}, + "github.com/openshift/api/config/v1alpha1.RetentionNumberConfig", "github.com/openshift/api/config/v1alpha1.RetentionSizeConfig"}, } } -func schema_openshift_api_config_v1alpha1_PKIList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_RetentionSizeConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PKIList is a collection of PKI resources.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "RetentionSizeConfig specifies the configuration of the retention policy on the total size of backups", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "maxSizeOfBackupsGb": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), - }, - }, - "items": { - SchemaProps: spec.SchemaProps{ - Description: "items is a list of PKI resources", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.PKI"), - }, - }, - }, + Description: "maxSizeOfBackupsGb defines the total size in GB of backups to retain. If the current total size backups exceeds MaxSizeOfBackupsGb then the oldest backup will be removed before a new backup is initiated.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, }, - Required: []string{"items"}, + Required: []string{"maxSizeOfBackupsGb"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.PKI", metav1.ListMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_config_v1alpha1_PKIProfile(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_Storage(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PKIProfile defines the certificate generation parameters that OpenShift components use to create certificates. Category overrides take precedence over defaults.", + Description: "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "defaults": { - SchemaProps: spec.SchemaProps{ - Description: "defaults specifies the default certificate configuration that applies to all certificates unless overridden by a category override.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.DefaultCertificateConfig"), - }, - }, - "signerCertificates": { - SchemaProps: spec.SchemaProps{ - Description: "signerCertificates optionally overrides certificate parameters for certificate authority (CA) certificates that sign other certificates. When set, these parameters take precedence over defaults for all signer certificates. When omitted, the defaults are used for signer certificates.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.CertificateConfig"), - }, - }, - "servingCertificates": { - SchemaProps: spec.SchemaProps{ - Description: "servingCertificates optionally overrides certificate parameters for TLS server certificates used to serve HTTPS endpoints. When set, these parameters take precedence over defaults for all serving certificates. When omitted, the defaults are used for serving certificates.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.CertificateConfig"), - }, - }, - "clientCertificates": { + "type": { SchemaProps: spec.SchemaProps{ - Description: "clientCertificates optionally overrides certificate parameters for client authentication certificates used to authenticate to servers. When set, these parameters take precedence over defaults for all client certificates. When omitted, the defaults are used for client certificates.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.CertificateConfig"), + Description: "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - }, - Required: []string{"defaults"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.CertificateConfig", "github.com/openshift/api/config/v1alpha1.DefaultCertificateConfig"}, - } -} - -func schema_openshift_api_config_v1alpha1_PKISpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "PKISpec holds the specification for PKI configuration.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "certificateManagement": { + "persistentVolume": { SchemaProps: spec.SchemaProps{ - Description: "certificateManagement specifies how PKI configuration is managed for internally-generated certificates. This controls the certificate generation approach for all OpenShift components that create certificates internally, including certificate authorities, serving certificates, and client certificates.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.PKICertificateManagement"), + Description: "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", + Ref: ref("github.com/openshift/api/config/v1alpha1.PersistentVolumeConfig"), }, }, }, - Required: []string{"certificateManagement"}, + Required: []string{"type"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.PKICertificateManagement"}, + "github.com/openshift/api/config/v1alpha1.PersistentVolumeConfig"}, } } -func schema_openshift_api_config_v1alpha1_PersistentVolumeClaimReference(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_UserDefinedMonitoring(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", + Description: "UserDefinedMonitoring config for user-defined projects.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "mode": { SchemaProps: spec.SchemaProps{ - Description: "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", + Description: "mode defines the different configurations of UserDefinedMonitoring Valid values are Disabled and NamespaceIsolated Disabled disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces. NamespaceIsolated enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level. The current default value is `Disabled`.\n\nPossible enum values:\n - `\"Disabled\"` disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces.\n - `\"NamespaceIsolated\"` enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level.", Default: "", Type: []string{"string"}, Format: "", + Enum: []interface{}{"Disabled", "NamespaceIsolated"}, }, }, }, - Required: []string{"name"}, - }, - }, - } -} - -func schema_openshift_api_config_v1alpha1_PersistentVolumeConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "persistentVolumeConfig provides configuration options for PersistentVolume storage.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "claim": { - SchemaProps: spec.SchemaProps{ - Description: "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.PersistentVolumeClaimReference"), - }, - }, - "mountPath": { - SchemaProps: spec.SchemaProps{ - Description: "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", - Type: []string{"string"}, - Format: "", - }, - }, - }, - Required: []string{"claim"}, + Required: []string{"mode"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.PersistentVolumeClaimReference"}, } } -func schema_openshift_api_config_v1alpha1_PrometheusConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha2_Custom(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PrometheusConfig provides configuration options for the Prometheus instance. Use this configuration to control Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations.", + Description: "custom provides the custom configuration of gatherers", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "additionalAlertmanagerConfigs": { + "configs": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ "x-kubernetes-list-map-keys": []interface{}{ @@ -24402,60 +24399,44 @@ func schema_openshift_api_config_v1alpha1_PrometheusConfig(ref common.ReferenceC }, }, SchemaProps: spec.SchemaProps{ - Description: "additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from the Prometheus component. This is useful for organizations that need to:\n - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks)\n - Route different types of alerts to different teams or systems\n - Integrate with existing enterprise alerting infrastructure\n - Maintain separate alert routing for compliance or organizational requirements\nWhen omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Entries must have unique names (name is the list key).", + Description: "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.AdditionalAlertmanagerConfig"), + Ref: ref("github.com/openshift/api/config/v1alpha2.GathererConfig"), }, }, }, }, }, - "enforcedBodySizeLimitBytes": { - SchemaProps: spec.SchemaProps{ - Description: "enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. If a scraped target's body response is larger than the limit, the scrape will fail. This helps protect Prometheus from targets that return excessively large responses. The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). When omitted, the Cluster Monitoring Operator automatically calculates an appropriate limit based on cluster capacity. Set an explicit value to override the automatic calculation. Minimum value is 10240 (10kB). Maximum value is 1073741824 (1GB).", - Type: []string{"integer"}, - Format: "int64", - }, - }, - "externalLabels": { + }, + Required: []string{"configs"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha2.GathererConfig"}, + } +} + +func schema_openshift_api_config_v1alpha2_GatherConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "gatherConfig provides data gathering configuration options.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "dataPolicy": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "key", - }, - "x-kubernetes-list-type": "map", + "x-kubernetes-list-type": "atomic", }, }, SchemaProps: spec.SchemaProps{ - Description: "externalLabels defines labels to be attached to time series and alerts when communicating with external systems such as federation, remote storage, and Alertmanager. These labels are not stored with metrics on disk; they are only added when data leaves Prometheus (e.g., during federation queries, remote write, or alert notifications). At least 1 label must be specified when set, with a maximum of 50 labels allowed. Each label key must be unique within this list. When omitted, no external labels are applied.", + Description: "dataPolicy is an optional list of DataPolicyOptions that allows user to enable additional obfuscation of the Insights archive data. It may not exceed 2 items and must not contain duplicates. Valid values are ObfuscateNetworking and WorkloadNames. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When set to WorkloadNames, the gathered data about cluster resources will not contain the workload names for your deployments. Resources UIDs will be used instead. When omitted no obfuscation is applied.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.Label"), - }, - }, - }, - }, - }, - "logLevel": { - SchemaProps: spec.SchemaProps{ - Description: "logLevel defines the verbosity of logs emitted by Prometheus. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", - Type: []string{"string"}, - Format: "", - }, - }, - "nodeSelector": { - SchemaProps: spec.SchemaProps{ - Description: "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least one key-value pair (minimum of 1) and must not contain more than 10 entries.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: "", @@ -24466,1410 +24447,1074 @@ func schema_openshift_api_config_v1alpha1_PrometheusConfig(ref common.ReferenceC }, }, }, - "queryLogFile": { - SchemaProps: spec.SchemaProps{ - Description: "queryLogFile specifies the file to which PromQL queries are logged. This setting can be either a filename, in which case the queries are saved to an `emptyDir` volume at `/var/log/prometheus`, or a full path to a location where an `emptyDir` volume will be mounted and the queries saved. Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but writing to any other `/dev/` path is not supported. Relative paths are also not supported. By default, PromQL queries are not logged. Must be an absolute path starting with `/` or a simple filename without path separators. Must not contain consecutive slashes, end with a slash, or include '..' path traversal. Must contain only alphanumeric characters, '.', '_', '-', or '/'. Must be between 1 and 255 characters in length.", - Type: []string{"string"}, - Format: "", - }, - }, - "remoteWrite": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. Remote write allows Prometheus to send metrics it collects to external long-term storage systems. When omitted, no remote write endpoints are configured. When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Entries must have unique names (name is the list key).", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.RemoteWriteSpec"), - }, - }, - }, - }, - }, - "resources": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, - }, + "gatherers": { SchemaProps: spec.SchemaProps{ - Description: "resources defines the compute resource requests and limits for the Prometheus container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.ContainerResource"), - }, - }, - }, + Description: "gatherers is a required field that specifies the configuration of the gatherers.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha2.Gatherers"), }, }, - "retention": { + "storage": { SchemaProps: spec.SchemaProps{ - Description: "retention configures how long Prometheus retains metrics data and how much storage it can use. When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit).", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.Retention"), + Description: "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", + Ref: ref("github.com/openshift/api/config/v1alpha2.Storage"), }, }, - "tolerations": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, + }, + Required: []string{"gatherers"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha2.Gatherers", "github.com/openshift/api/config/v1alpha2.Storage"}, + } +} + +func schema_openshift_api_config_v1alpha2_GathererConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "gathererConfig allows to configure specific gatherers", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { SchemaProps: spec.SchemaProps{ - Description: "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref(corev1.Toleration{}.OpenAPIModelName()), - }, - }, - }, + Description: "name is the required name of a specific gatherer It may not exceed 256 characters. The format for a gatherer name is: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "topologySpreadConstraints": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "topologyKey", - "whenUnsatisfiable", - }, - "x-kubernetes-list-type": "map", - }, - }, + "state": { SchemaProps: spec.SchemaProps{ - Description: "topologySpreadConstraints defines rules for how Prometheus Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref(corev1.TopologySpreadConstraint{}.OpenAPIModelName()), - }, - }, - }, + Description: "state is a required field that allows you to configure specific gatherer. Valid values are \"Enabled\" and \"Disabled\". When set to Enabled the gatherer will run. When set to Disabled the gatherer will not run.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "collectionProfile": { + }, + Required: []string{"name", "state"}, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha2_Gatherers(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "mode": { SchemaProps: spec.SchemaProps{ - Description: "collectionProfile defines the metrics collection profile that Prometheus uses to collect metrics from the platform components. Supported values are `Full` or `Minimal`. In the `Full` profile (default), Prometheus collects all metrics that are exposed by the platform components. In the `Minimal` profile, Prometheus only collects metrics necessary for the default platform alerts, recording rules, telemetry and console dashboards. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is `Full`.", + Description: "mode is a required field that specifies the mode for gatherers. Allowed values are All, None, and Custom. When set to All, all gatherers wil run and gather data. When set to None, all gatherers will be disabled and no data will be gathered. When set to Custom, the custom configuration from the custom field will be applied.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "volumeClaimTemplate": { + "custom": { SchemaProps: spec.SchemaProps{ - Description: "volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and Prometheus data will not persist across restarts.", - Ref: ref(corev1.PersistentVolumeClaim{}.OpenAPIModelName()), + Description: "custom provides gathering configuration. It is required when mode is Custom, and forbidden otherwise. Custom configuration allows user to disable only a subset of gatherers. Gatherers that are not explicitly disabled in custom configuration will run.", + Ref: ref("github.com/openshift/api/config/v1alpha2.Custom"), }, }, }, + Required: []string{"mode"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.AdditionalAlertmanagerConfig", "github.com/openshift/api/config/v1alpha1.ContainerResource", "github.com/openshift/api/config/v1alpha1.Label", "github.com/openshift/api/config/v1alpha1.RemoteWriteSpec", "github.com/openshift/api/config/v1alpha1.Retention", corev1.PersistentVolumeClaim{}.OpenAPIModelName(), corev1.Toleration{}.OpenAPIModelName(), corev1.TopologySpreadConstraint{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1alpha2.Custom"}, } } -func schema_openshift_api_config_v1alpha1_PrometheusOperatorAdmissionWebhookConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha2_InsightsDataGather(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PrometheusOperatorAdmissionWebhookConfig provides configuration options for the admission webhook component of Prometheus Operator that runs in the `openshift-monitoring` namespace. The admission webhook validates PrometheusRule and AlertmanagerConfig objects, mutates PrometheusRule annotations, and converts AlertmanagerConfig objects between API versions.", + Description: "InsightsDataGather provides data gather configuration options for the the Insights Operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "resources": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", }, + }, + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "resources defines the compute resource requests and limits for the prometheus-operator-admission-webhook container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 5m\n limit: null\n - name: memory\n request: 30Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.ContainerResource"), - }, - }, - }, + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", }, }, - "topologySpreadConstraints": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "topologyKey", - "whenUnsatisfiable", - }, - "x-kubernetes-list-type": "map", - }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, + }, + "spec": { SchemaProps: spec.SchemaProps{ - Description: "topologySpreadConstraints defines rules for how admission webhook Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref(corev1.TopologySpreadConstraint{}.OpenAPIModelName()), - }, - }, - }, + Description: "spec holds user settable values for configuration", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha2.InsightsDataGatherSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "status holds observed values from the cluster. They may not be overridden.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha2.InsightsDataGatherStatus"), }, }, }, + Required: []string{"spec"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.ContainerResource", corev1.TopologySpreadConstraint{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1alpha2.InsightsDataGatherSpec", "github.com/openshift/api/config/v1alpha2.InsightsDataGatherStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_config_v1alpha1_PrometheusOperatorConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha2_InsightsDataGatherList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PrometheusOperatorConfig provides configuration options for the Prometheus Operator instance Use this configuration to control how the Prometheus Operator instance is deployed, how it logs, and how its pods are scheduled.", + Description: "InsightsDataGatherList is a collection of items Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "logLevel": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "logLevel defines the verbosity of logs emitted by Prometheus Operator. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "nodeSelector": { - SchemaProps: spec.SchemaProps{ - Description: "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "resources": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, - }, + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "resources defines the compute resource requests and limits for the Prometheus Operator container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.ContainerResource"), - }, - }, - }, + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", }, }, - "tolerations": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref(corev1.Toleration{}.OpenAPIModelName()), - }, - }, - }, + Description: "metadata is the required standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, - "topologySpreadConstraints": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "topologyKey", - "whenUnsatisfiable", - }, - "x-kubernetes-list-type": "map", - }, - }, + "items": { SchemaProps: spec.SchemaProps{ - Description: "topologySpreadConstraints defines rules for how Prometheus Operator Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + Description: "items is the required list of InsightsDataGather objects it may not exceed 100 items", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.TopologySpreadConstraint{}.OpenAPIModelName()), + Ref: ref("github.com/openshift/api/config/v1alpha2.InsightsDataGather"), }, }, }, }, }, }, + Required: []string{"metadata", "items"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.ContainerResource", corev1.Toleration{}.OpenAPIModelName(), corev1.TopologySpreadConstraint{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1alpha2.InsightsDataGather", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_config_v1alpha1_PrometheusRemoteWriteHeader(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha2_InsightsDataGatherSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PrometheusRemoteWriteHeader defines a custom HTTP header for remote write requests. The header name must not be one of the reserved headers set by Prometheus (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). Header names must contain only case-insensitive alphanumeric characters, hyphens (-), and underscores (_); other characters (e.g. emoji) are rejected by validation. Validation is enforced on the Headers field in RemoteWriteSpec.", - Type: []string{"object"}, + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { - SchemaProps: spec.SchemaProps{ - Description: "name is the HTTP header name. Must not be a reserved header (see type documentation). Must contain only alphanumeric characters, hyphens, and underscores; invalid characters are rejected. Must be between 1 and 256 characters.", - Type: []string{"string"}, - Format: "", - }, - }, - "value": { + "gatherConfig": { SchemaProps: spec.SchemaProps{ - Description: "value is the HTTP header value. Must be at most 4096 characters.", - Type: []string{"string"}, - Format: "", + Description: "gatherConfig is an optional spec attribute that includes all the configuration options related to gathering of the Insights data and its uploading to the ingress.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha2.GatherConfig"), }, }, }, - Required: []string{"name", "value"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha2.GatherConfig"}, } } -func schema_openshift_api_config_v1alpha1_QueueConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha2_InsightsDataGatherStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "QueueConfig allows tuning configuration for remote write queue parameters. Configure this when you need to control throughput, backpressure, or retry behavior—for example to avoid overloading the remote endpoint, to reduce memory usage, or to tune for high-cardinality workloads. Consider capacity, maxShards, and batchSendDeadlineSeconds for throughput; minBackoffMilliseconds and maxBackoffMilliseconds for retries; and rateLimitedAction when the remote returns HTTP 429.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "capacity": { - SchemaProps: spec.SchemaProps{ - Description: "capacity is the number of samples to buffer per shard before we start dropping them. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 10000. Minimum value is 1. Maximum value is 1000000.", - Type: []string{"integer"}, - Format: "int32", - }, - }, - "maxShards": { - SchemaProps: spec.SchemaProps{ - Description: "maxShards is the maximum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 200. Minimum value is 1. Maximum value is 10000.", - Type: []string{"integer"}, - Format: "int32", - }, - }, - "minShards": { - SchemaProps: spec.SchemaProps{ - Description: "minShards is the minimum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1. Minimum value is 1. Maximum value is 10000.", - Type: []string{"integer"}, - Format: "int32", - }, - }, - "maxSamplesPerSend": { - SchemaProps: spec.SchemaProps{ - Description: "maxSamplesPerSend is the maximum number of samples per send. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1000. Minimum value is 1. Maximum value is 100000.", - Type: []string{"integer"}, - Format: "int32", - }, - }, - "batchSendDeadlineSeconds": { - SchemaProps: spec.SchemaProps{ - Description: "batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 3600 seconds (1 hour).", - Type: []string{"integer"}, - Format: "int32", - }, - }, - "minBackoffMilliseconds": { - SchemaProps: spec.SchemaProps{ - Description: "minBackoffMilliseconds is the minimum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", - Type: []string{"integer"}, - Format: "int32", - }, - }, - "maxBackoffMilliseconds": { - SchemaProps: spec.SchemaProps{ - Description: "maxBackoffMilliseconds is the maximum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", - Type: []string{"integer"}, - Format: "int32", - }, - }, - "rateLimitedAction": { - SchemaProps: spec.SchemaProps{ - Description: "rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). When omitted, no retries are performed on rate limit responses. When set to \"Retry\", Prometheus will retry such requests using the backoff settings above. Valid value when set is \"Retry\".", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Type: []string{"object"}, }, }, } } -func schema_openshift_api_config_v1alpha1_RSAKeyConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha2_PersistentVolumeClaimReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "RSAKeyConfig specifies parameters for RSA key generation.", + Description: "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "keySize": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "keySize specifies the size of RSA keys in bits. Valid values are multiples of 1024 from 2048 to 8192.", - Type: []string{"integer"}, - Format: "int32", + Description: "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"keySize"}, + Required: []string{"name"}, }, }, } } -func schema_openshift_api_config_v1alpha1_RelabelActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha2_PersistentVolumeConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "RelabelActionConfig represents the action to perform and its configuration. Exactly one action-specific configuration must be specified based on the action type.", + Description: "persistentVolumeConfig provides configuration options for PersistentVolume storage.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "type": { - SchemaProps: spec.SchemaProps{ - Description: "type specifies the action to perform on the matched labels. Allowed values are Replace, Lowercase, Uppercase, Keep, Drop, KeepEqual, DropEqual, HashMod, LabelMap, LabelDrop, LabelKeep.\n\nWhen set to Replace, regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place.\n\nWhen set to Lowercase, the concatenated source_labels are mapped to their lower case. Requires Prometheus >= v2.36.0.\n\nWhen set to Uppercase, the concatenated source_labels are mapped to their upper case. Requires Prometheus >= v2.36.0.\n\nWhen set to Keep, targets for which regex does not match the concatenated source_labels are dropped.\n\nWhen set to Drop, targets for which regex matches the concatenated source_labels are dropped.\n\nWhen set to KeepEqual, targets for which the concatenated source_labels do not match target_label are dropped. Requires Prometheus >= v2.41.0.\n\nWhen set to DropEqual, targets for which the concatenated source_labels do match target_label are dropped. Requires Prometheus >= v2.41.0.\n\nWhen set to HashMod, target_label is set to the modulus of a hash of the concatenated source_labels.\n\nWhen set to LabelMap, regex is matched against all source label names (not just source_labels); matching label values are copied to new names given by replacement with ${1}, ${2}, ... substituted.\n\nWhen set to LabelDrop, regex is matched against all label names; any label that matches is removed.\n\nWhen set to LabelKeep, regex is matched against all label names; any label that does not match is removed.", - Type: []string{"string"}, - Format: "", - }, - }, - "replace": { + "claim": { SchemaProps: spec.SchemaProps{ - Description: "replace configures the Replace action. Required when type is Replace, and forbidden otherwise.", + Description: "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.ReplaceActionConfig"), + Ref: ref("github.com/openshift/api/config/v1alpha2.PersistentVolumeClaimReference"), }, }, - "hashMod": { + "mountPath": { SchemaProps: spec.SchemaProps{ - Description: "hashMod configures the HashMod action. Required when type is HashMod, and forbidden otherwise.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.HashModActionConfig"), - }, - }, - "labelMap": { - SchemaProps: spec.SchemaProps{ - Description: "labelMap configures the LabelMap action. Required when type is LabelMap, and forbidden otherwise.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.LabelMapActionConfig"), - }, - }, - "lowercase": { - SchemaProps: spec.SchemaProps{ - Description: "lowercase configures the Lowercase action. Required when type is Lowercase, and forbidden otherwise. Requires Prometheus >= v2.36.0.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.LowercaseActionConfig"), - }, - }, - "uppercase": { - SchemaProps: spec.SchemaProps{ - Description: "uppercase configures the Uppercase action. Required when type is Uppercase, and forbidden otherwise. Requires Prometheus >= v2.36.0.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.UppercaseActionConfig"), + Description: "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", + Type: []string{"string"}, + Format: "", }, }, - "keepEqual": { + }, + Required: []string{"claim"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha2.PersistentVolumeClaimReference"}, + } +} + +func schema_openshift_api_config_v1alpha2_Storage(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { SchemaProps: spec.SchemaProps{ - Description: "keepEqual configures the KeepEqual action. Required when type is KeepEqual, and forbidden otherwise. Requires Prometheus >= v2.41.0.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.KeepEqualActionConfig"), + Description: "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "dropEqual": { + "persistentVolume": { SchemaProps: spec.SchemaProps{ - Description: "dropEqual configures the DropEqual action. Required when type is DropEqual, and forbidden otherwise. Requires Prometheus >= v2.41.0.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.DropEqualActionConfig"), + Description: "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", + Ref: ref("github.com/openshift/api/config/v1alpha2.PersistentVolumeConfig"), }, }, }, Required: []string{"type"}, }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "type", - "fields-to-discriminateBy": map[string]interface{}{ - "dropEqual": "DropEqual", - "hashMod": "HashMod", - "keepEqual": "KeepEqual", - "labelMap": "LabelMap", - "lowercase": "Lowercase", - "replace": "Replace", - "uppercase": "Uppercase", - }, - }, - }, - }, - }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.DropEqualActionConfig", "github.com/openshift/api/config/v1alpha1.HashModActionConfig", "github.com/openshift/api/config/v1alpha1.KeepEqualActionConfig", "github.com/openshift/api/config/v1alpha1.LabelMapActionConfig", "github.com/openshift/api/config/v1alpha1.LowercaseActionConfig", "github.com/openshift/api/config/v1alpha1.ReplaceActionConfig", "github.com/openshift/api/config/v1alpha1.UppercaseActionConfig"}, + "github.com/openshift/api/config/v1alpha2.PersistentVolumeConfig"}, } } -func schema_openshift_api_config_v1alpha1_RelabelConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ApplicationMenuSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "RelabelConfig represents a relabeling rule.", + Description: "ApplicationMenuSpec is the specification of the desired section and icon used for the link in the application menu.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "section": { SchemaProps: spec.SchemaProps{ - Description: "name is a unique identifier for this relabel configuration. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + Description: "section is the section of the application menu in which the link should appear. This can be any text that will appear as a subheading in the application menu dropdown. A new section will be created if the text does not match text of an existing section.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "sourceLabels": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "set", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "sourceLabels specifies which label names to extract from each series for this relabeling rule. The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with \"__\" (two underscores) are reserved for internal Prometheus use and are not allowed. Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.).", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "separator": { + "imageURL": { SchemaProps: spec.SchemaProps{ - Description: "separator is the character sequence used to join source label values. Common examples: \";\", \",\", \"::\", \"|||\". When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \";\". Must be between 1 and 5 characters in length when specified.", + Description: "imageURL is the URL for the icon used in front of the link in the application menu. The URL must be an HTTPS URL or a Data URI. The image should be square and will be shown at 24x24 pixels.", Type: []string{"string"}, Format: "", }, }, - "regex": { + }, + Required: []string{"section"}, + }, + }, + } +} + +func schema_openshift_api_console_v1_CLIDownloadLink(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "text": { SchemaProps: spec.SchemaProps{ - Description: "regex is the regular expression to match against the concatenated source label values. Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"(.*)\" to match everything. Must be between 1 and 1000 characters in length when specified.", + Description: "text is the display text for the link", + Default: "", Type: []string{"string"}, Format: "", }, }, - "action": { + "href": { SchemaProps: spec.SchemaProps{ - Description: "action defines the action to perform on the matched labels and its configuration. Exactly one action-specific configuration must be specified based on the action type.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.RelabelActionConfig"), + Description: "href is the absolute secure URL for the link (must use https)", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"name", "action"}, + Required: []string{"href"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.RelabelActionConfig"}, } } -func schema_openshift_api_config_v1alpha1_RemoteWriteAuthorization(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleCLIDownload(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "RemoteWriteAuthorization defines the authorization method for a remote write endpoint. Exactly one of the nested configs must be set according to the type discriminator.", + Description: "ConsoleCLIDownload is an extension for configuring openshift web console command line interface (CLI) downloads.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "type": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "type specifies the authorization method to use. Allowed values are BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, ServiceAccount.\n\nWhen set to BearerToken, the bearer token is read from a Secret referenced by the bearerToken field.\n\nWhen set to BasicAuth, HTTP basic authentication is used; the basicAuth field (username and password from Secrets) must be set.\n\nWhen set to OAuth2, OAuth2 client credentials flow is used; the oauth2 field (clientId, clientSecret, tokenUrl) must be set.\n\nWhen set to SigV4, AWS Signature Version 4 is used for authentication; the sigv4 field must be set.\n\nWhen set to SafeAuthorization, credentials are read from a single Secret key (Prometheus SafeAuthorization pattern). The secret key typically contains a Bearer token. Use the safeAuthorization field.\n\nWhen set to ServiceAccount, the pod's service account token is used for machine identity. No additional field is required; the operator configures the token path.", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "safeAuthorization": { - SchemaProps: spec.SchemaProps{ - Description: "safeAuthorization defines the secret reference containing the credentials for authentication (e.g. Bearer token). Required when type is \"SafeAuthorization\", and forbidden otherwise. Maps to Prometheus SafeAuthorization. The secret must exist in the openshift-monitoring namespace.", - Ref: ref(corev1.SecretKeySelector{}.OpenAPIModelName()), - }, - }, - "bearerToken": { - SchemaProps: spec.SchemaProps{ - Description: "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", and forbidden otherwise.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), - }, - }, - "basicAuth": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "basicAuth defines HTTP basic authentication credentials. Required when type is \"BasicAuth\", and forbidden otherwise.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.BasicAuth"), + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", }, }, - "oauth2": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "oauth2 defines OAuth2 client credentials authentication. Required when type is \"OAuth2\", and forbidden otherwise.", + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.OAuth2"), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, - "sigv4": { + "spec": { SchemaProps: spec.SchemaProps{ - Description: "sigv4 defines AWS Signature Version 4 authentication. Required when type is \"SigV4\", and forbidden otherwise.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.Sigv4"), - }, - }, - }, - Required: []string{"type"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "type", - "fields-to-discriminateBy": map[string]interface{}{ - "basicAuth": "BasicAuth", - "bearerToken": "BearerToken", - "oauth2": "OAuth2", - "safeAuthorization": "SafeAuthorization", - "sigv4": "Sigv4", - }, + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/console/v1.ConsoleCLIDownloadSpec"), }, }, }, + Required: []string{"spec"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.BasicAuth", "github.com/openshift/api/config/v1alpha1.OAuth2", "github.com/openshift/api/config/v1alpha1.SecretKeySelector", "github.com/openshift/api/config/v1alpha1.Sigv4", corev1.SecretKeySelector{}.OpenAPIModelName()}, + "github.com/openshift/api/console/v1.ConsoleCLIDownloadSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleCLIDownloadList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "RemoteWriteSpec represents configuration for remote write endpoints.", + Description: "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "url": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme and a non-empty hostname. Query parameters, fragments, and user information (e.g. user:password@host) are not allowed. Empty string is invalid. Must be between 1 and 2048 characters in length.", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "name": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "name is a required identifier for this remote write configuration (name is the list key for the remoteWrite list). This name is used in metrics and logging to differentiate remote write queues. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - "authorization": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "authorization defines the authorization method for the remote write endpoint. When omitted, no authorization is performed. When set, type must be one of BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, or ServiceAccount; the corresponding nested config must be set (ServiceAccount has no config).", + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.RemoteWriteAuthorization"), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, - "headers": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, - }, + "items": { SchemaProps: spec.SchemaProps{ - Description: "headers specifies the custom HTTP headers to be sent along with each remote write request. Sending custom headers makes the configuration of a proxy in between optional and helps the receiver recognize the given source better. Clients MAY allow users to send custom HTTP headers; they MUST NOT allow users to configure them in such a way as to send reserved headers. Headers set by Prometheus cannot be overwritten. When omitted, no custom headers are sent. Maximum of 50 headers can be specified. Each header name must be unique. Each header name must contain only alphanumeric characters, hyphens, and underscores, and must not be a reserved Prometheus header (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate).", - Type: []string{"array"}, + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.PrometheusRemoteWriteHeader"), + Ref: ref("github.com/openshift/api/console/v1.ConsoleCLIDownload"), }, }, }, }, }, - "metadataConfig": { - SchemaProps: spec.SchemaProps{ - Description: "metadataConfig configures the sending of series metadata to remote storage. When omitted, no metadata is sent. When set to sendPolicy: Default, metadata is sent using platform-chosen defaults (e.g. send interval 30 seconds). When set to sendPolicy: Custom, metadata is sent using the settings in the custom field (e.g. custom.sendIntervalSeconds).", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.MetadataConfig"), - }, - }, - "proxyUrl": { + }, + Required: []string{"metadata", "items"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/console/v1.ConsoleCLIDownload", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + } +} + +func schema_openshift_api_console_v1_ConsoleCLIDownloadSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ConsoleCLIDownloadSpec is the desired cli download configuration.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "displayName": { SchemaProps: spec.SchemaProps{ - Description: "proxyUrl defines an optional proxy URL. If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. When omitted, no proxy is used. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + Description: "displayName is the display name of the CLI download.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "queueConfig": { - SchemaProps: spec.SchemaProps{ - Description: "queueConfig allows tuning configuration for remote write queue parameters. When omitted, default queue configuration is used.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.QueueConfig"), - }, - }, - "remoteTimeoutSeconds": { - SchemaProps: spec.SchemaProps{ - Description: "remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", - Type: []string{"integer"}, - Format: "int32", - }, - }, - "exemplarsMode": { + "description": { SchemaProps: spec.SchemaProps{ - Description: "exemplarsMode controls whether exemplars are sent via remote write. Valid values are \"Send\", \"DoNotSend\" and omitted. When set to \"Send\", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. When omitted or set to \"DoNotSend\", exemplars are not sent.", + Description: "description is the description of the CLI download (can include markdown).", + Default: "", Type: []string{"string"}, Format: "", }, }, - "tlsConfig": { - SchemaProps: spec.SchemaProps{ - Description: "tlsConfig defines TLS authentication settings for the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.TLSConfig"), - }, - }, - "writeRelabelConfigs": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, - }, + "links": { SchemaProps: spec.SchemaProps{ - Description: "writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. When omitted, no relabeling is performed and all metrics are sent as-is. Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name.", + Description: "links is a list of objects that provide CLI download link details.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.RelabelConfig"), + Ref: ref("github.com/openshift/api/console/v1.CLIDownloadLink"), }, }, }, }, }, }, - Required: []string{"url", "name"}, + Required: []string{"displayName", "description", "links"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.MetadataConfig", "github.com/openshift/api/config/v1alpha1.PrometheusRemoteWriteHeader", "github.com/openshift/api/config/v1alpha1.QueueConfig", "github.com/openshift/api/config/v1alpha1.RelabelConfig", "github.com/openshift/api/config/v1alpha1.RemoteWriteAuthorization", "github.com/openshift/api/config/v1alpha1.TLSConfig"}, + "github.com/openshift/api/console/v1.CLIDownloadLink"}, } } -func schema_openshift_api_config_v1alpha1_ReplaceActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleExternalLogLink(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ReplaceActionConfig configures the Replace action. Regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. No replacement if regex does not match.", + Description: "ConsoleExternalLogLink is an extension for customizing OpenShift web console log links.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "targetLabel": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "targetLabel is the label name where the replacement result is written. Must be between 1 and 128 characters in length.", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "replacement": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. Required when using the Replace action so the intended behavior is explicit and the platform does not need to apply defaults. Use \"$1\" for the first capture group, \"$2\" for the second, etc. Use an empty string (\"\") to explicitly clear the target label value. Must be between 0 and 255 characters in length.", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - }, - Required: []string{"targetLabel", "replacement"}, - }, - }, - } -} - -func schema_openshift_api_config_v1alpha1_Retention(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "Retention configures how long Prometheus retains metrics data and how much storage it can use.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "durationInDays": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "durationInDays specifies how many days Prometheus will retain metrics data. Prometheus automatically deletes data older than this duration. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 15. Minimum value is 1 day. Maximum value is 365 days (1 year).", - Type: []string{"integer"}, - Format: "int32", + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, - "sizeInGiB": { + "spec": { SchemaProps: spec.SchemaProps{ - Description: "sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus can use for data blocks and the write-ahead log (WAL). When the limit is reached, Prometheus will delete oldest data first. When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. Minimum value is 1 GiB. Maximum value is 16384 GiB (16 TiB).", - Type: []string{"integer"}, - Format: "int32", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/console/v1.ConsoleExternalLogLinkSpec"), }, }, }, + Required: []string{"spec"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/console/v1.ConsoleExternalLogLinkSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_config_v1alpha1_RetentionNumberConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleExternalLogLinkList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "RetentionNumberConfig specifies the configuration of the retention policy on the number of backups", + Description: "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "maxNumberOfBackups": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "maxNumberOfBackups defines the maximum number of backups to retain. If the existing number of backups saved is equal to MaxNumberOfBackups then the oldest backup will be removed before a new backup is initiated.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/console/v1.ConsoleExternalLogLink"), + }, + }, + }, }, }, }, - Required: []string{"maxNumberOfBackups"}, + Required: []string{"metadata", "items"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/console/v1.ConsoleExternalLogLink", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_config_v1alpha1_RetentionPolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleExternalLogLinkSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "RetentionPolicy defines the retention policy for retaining and deleting existing backups. This struct is a discriminated union that allows users to select the type of retention policy from the supported types.", + Description: "ConsoleExternalLogLinkSpec is the desired log link configuration. The log link will appear on the logs tab of the pod details page.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "retentionType": { + "text": { SchemaProps: spec.SchemaProps{ - Description: "retentionType sets the type of retention policy. Currently, the only valid policies are retention by number of backups (RetentionNumber), by the size of backups (RetentionSize). More policies or types may be added in the future. Empty string means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. The current default is RetentionNumber with 15 backups kept.\n\nPossible enum values:\n - `\"RetentionNumber\"` sets the retention policy based on the number of backup files saved\n - `\"RetentionSize\"` sets the retention policy based on the total size of the backup files saved", + Description: "text is the display text for the link", Default: "", Type: []string{"string"}, Format: "", - Enum: []interface{}{"RetentionNumber", "RetentionSize"}, }, }, - "retentionNumber": { + "hrefTemplate": { SchemaProps: spec.SchemaProps{ - Description: "retentionNumber configures the retention policy based on the number of backups", - Ref: ref("github.com/openshift/api/config/v1alpha1.RetentionNumberConfig"), + Description: "hrefTemplate is an absolute secure URL (must use https) for the log link including variables to be replaced. Variables are specified in the URL with the format ${variableName}, for instance, ${containerName} and will be replaced with the corresponding values from the resource. Resource is a pod. Supported variables are: - ${resourceName} - name of the resource which containes the logs - ${resourceUID} - UID of the resource which contains the logs\n - e.g. `11111111-2222-3333-4444-555555555555`\n- ${containerName} - name of the resource's container that contains the logs - ${resourceNamespace} - namespace of the resource that contains the logs - ${resourceNamespaceUID} - namespace UID of the resource that contains the logs - ${podLabels} - JSON representation of labels matching the pod with the logs\n - e.g. `{\"key1\":\"value1\",\"key2\":\"value2\"}`\n\ne.g., https://example.com/logs?resourceName=${resourceName}&containerName=${containerName}&resourceNamespace=${resourceNamespace}&podLabels=${podLabels}", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "retentionSize": { + "namespaceFilter": { SchemaProps: spec.SchemaProps{ - Description: "retentionSize configures the retention policy based on the size of backups", - Ref: ref("github.com/openshift/api/config/v1alpha1.RetentionSizeConfig"), - }, - }, - }, - Required: []string{"retentionType"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "retentionType", - "fields-to-discriminateBy": map[string]interface{}{ - "retentionNumber": "RetentionNumber", - "retentionSize": "RetentionSize", - }, + Description: "namespaceFilter is a regular expression used to restrict a log link to a matching set of namespaces (e.g., `^openshift-`). The string is converted into a regular expression using the JavaScript RegExp constructor. If not specified, links will be displayed for all the namespaces.", + Type: []string{"string"}, + Format: "", }, }, }, + Required: []string{"text", "hrefTemplate"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.RetentionNumberConfig", "github.com/openshift/api/config/v1alpha1.RetentionSizeConfig"}, } } -func schema_openshift_api_config_v1alpha1_RetentionSizeConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleLink(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "RetentionSizeConfig specifies the configuration of the retention policy on the total size of backups", + Description: "ConsoleLink is an extension for customizing OpenShift web console links.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "maxSizeOfBackupsGb": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "maxSizeOfBackupsGb defines the total size in GB of backups to retain. If the current total size backups exceeds MaxSizeOfBackupsGb then the oldest backup will be removed before a new backup is initiated.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/console/v1.ConsoleLinkSpec"), }, }, }, - Required: []string{"maxSizeOfBackupsGb"}, + Required: []string{"spec"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/console/v1.ConsoleLinkSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_config_v1alpha1_SecretKeySelector(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleLinkList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace.", + Description: "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "name is the name of the secret in the `openshift-monitoring` namespace to select from. Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). Must be between 1 and 253 characters in length.", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "key": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "key is the key of the secret to select from. Must consist of alphanumeric characters, '-', '_', or '.'. Must be between 1 and 253 characters in length.", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/console/v1.ConsoleLink"), + }, + }, + }, + }, + }, }, - Required: []string{"name", "key"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-map-type": "atomic", - }, + Required: []string{"metadata", "items"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/console/v1.ConsoleLink", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_config_v1alpha1_Sigv4(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleLinkSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "Sigv4 defines AWS Signature Version 4 authentication settings. At least one of region, accessKey/secretKey, profile, or roleArn must be set so the platform can perform authentication.", + Description: "ConsoleLinkSpec is the desired console link configuration.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "region": { + "text": { SchemaProps: spec.SchemaProps{ - Description: "region is the AWS region. When omitted, the region is derived from the environment or instance metadata. Must be between 1 and 128 characters.", + Description: "text is the display text for the link", + Default: "", Type: []string{"string"}, Format: "", }, }, - "accessKey": { + "href": { SchemaProps: spec.SchemaProps{ - Description: "accessKey defines the secret reference containing the AWS access key ID. The secret must exist in the openshift-monitoring namespace. When omitted, the access key is derived from the environment or instance metadata.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + Description: "href is the absolute URL for the link. Must use https:// for web URLs or mailto: for email links.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "secretKey": { + "location": { SchemaProps: spec.SchemaProps{ - Description: "secretKey defines the secret reference containing the AWS secret access key. The secret must exist in the openshift-monitoring namespace. When omitted, the secret key is derived from the environment or instance metadata.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + Description: "location determines which location in the console the link will be appended to (ApplicationMenu, HelpMenu, UserMenu, NamespaceDashboard).", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "profile": { + "applicationMenu": { SchemaProps: spec.SchemaProps{ - Description: "profile is the named AWS profile used to authenticate. When omitted, the default profile is used. Must be between 1 and 128 characters.", - Type: []string{"string"}, - Format: "", + Description: "applicationMenu holds information about section and icon used for the link in the application menu, and it is applicable only when location is set to ApplicationMenu.", + Ref: ref("github.com/openshift/api/console/v1.ApplicationMenuSpec"), }, }, - "roleArn": { + "namespaceDashboard": { SchemaProps: spec.SchemaProps{ - Description: "roleArn is the AWS Role ARN, an alternative to using AWS API keys. When omitted, API keys are used for authentication. Must be a valid AWS ARN format (e.g., \"arn:aws:iam::123456789012:role/MyRole\"). Must be between 1 and 512 characters.", - Type: []string{"string"}, - Format: "", + Description: "namespaceDashboard holds information about namespaces in which the dashboard link should appear, and it is applicable only when location is set to NamespaceDashboard. If not specified, the link will appear in all namespaces.", + Ref: ref("github.com/openshift/api/console/v1.NamespaceDashboardSpec"), }, }, }, + Required: []string{"text", "href", "location"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.SecretKeySelector"}, + "github.com/openshift/api/console/v1.ApplicationMenuSpec", "github.com/openshift/api/console/v1.NamespaceDashboardSpec"}, } } -func schema_openshift_api_config_v1alpha1_Storage(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleNotification(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", + Description: "ConsoleNotification is the extension for configuring openshift web console notifications.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "type": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field.", - Default: "", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "persistentVolume": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", - Ref: ref("github.com/openshift/api/config/v1alpha1.PersistentVolumeConfig"), + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/console/v1.ConsoleNotificationSpec"), }, }, }, - Required: []string{"type"}, + Required: []string{"spec"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.PersistentVolumeConfig"}, + "github.com/openshift/api/console/v1.ConsoleNotificationSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_config_v1alpha1_TLSConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleNotificationList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "TLSConfig represents TLS configuration for Alertmanager connections. At least one TLS configuration option must be specified. For mutual TLS (mTLS), both cert and key must be specified together, or both omitted.", + Description: "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "ca": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "ca is an optional CA certificate to use for TLS connections. When omitted, the system's default CA bundle is used.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", }, }, - "cert": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "cert is an optional client certificate to use for mutual TLS connections. When omitted, no client certificate is presented.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", }, }, - "key": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "key is an optional client key to use for mutual TLS connections. When omitted, no client key is used.", + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), - }, - }, - "serverName": { - SchemaProps: spec.SchemaProps{ - Description: "serverName is an optional server name to use for TLS connections. When specified, must be a valid DNS subdomain as per RFC 1123. When omitted, the server name is derived from the URL. Must be between 1 and 253 characters in length.", - Type: []string{"string"}, - Format: "", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, - "certificateVerification": { + "items": { SchemaProps: spec.SchemaProps{ - Description: "certificateVerification determines the policy for TLS certificate verification. Allowed values are \"Verify\" (performs certificate verification, secure) and \"SkipVerify\" (skips verification, insecure). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"Verify\".", - Type: []string{"string"}, - Format: "", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/console/v1.ConsoleNotification"), + }, + }, + }, }, }, }, + Required: []string{"metadata", "items"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.SecretKeySelector"}, + "github.com/openshift/api/console/v1.ConsoleNotification", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_config_v1alpha1_TelemeterClientConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleNotificationSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "TelemeterClientConfig provides configuration options for the Telemeter Client component that runs in the `openshift-monitoring` namespace. The Telemeter Client collects selected monitoring metrics and forwards them to Red Hat for telemetry purposes. At least one field must be specified.", + Description: "ConsoleNotificationSpec is the desired console notification configuration.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "nodeSelector": { + "text": { SchemaProps: spec.SchemaProps{ - Description: "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "resources": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "resources defines the compute resource requests and limits for the Telemeter Client container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 1m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.ContainerResource"), - }, - }, - }, + Description: "text is the visible text of the notification.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "tolerations": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, + "location": { SchemaProps: spec.SchemaProps{ - Description: "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref(corev1.Toleration{}.OpenAPIModelName()), - }, - }, - }, + Description: "location is the location of the notification in the console. Valid values are: \"BannerTop\", \"BannerBottom\", \"BannerTopBottom\".", + Type: []string{"string"}, + Format: "", }, }, - "topologySpreadConstraints": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "topologyKey", - "whenUnsatisfiable", - }, - "x-kubernetes-list-type": "map", - }, - }, + "link": { SchemaProps: spec.SchemaProps{ - Description: "topologySpreadConstraints defines rules for how Telemeter Client Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref(corev1.TopologySpreadConstraint{}.OpenAPIModelName()), - }, - }, - }, + Description: "link is an object that holds notification link details.", + Ref: ref("github.com/openshift/api/console/v1.Link"), }, }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.ContainerResource", corev1.Toleration{}.OpenAPIModelName(), corev1.TopologySpreadConstraint{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_config_v1alpha1_UppercaseActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "UppercaseActionConfig configures the Uppercase action. Maps the concatenated source_labels to their upper case and writes to target_label. Requires Prometheus >= v2.36.0.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "targetLabel": { + "color": { SchemaProps: spec.SchemaProps{ - Description: "targetLabel is the label name where the upper-cased value is written. Must be between 1 and 128 characters in length.", + Description: "color is the color of the text for the notification as CSS data type color.", Type: []string{"string"}, Format: "", }, }, - }, - Required: []string{"targetLabel"}, - }, - }, - } -} - -func schema_openshift_api_config_v1alpha1_UserDefinedMonitoring(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "UserDefinedMonitoring config for user-defined projects.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "mode": { + "backgroundColor": { SchemaProps: spec.SchemaProps{ - Description: "mode defines the different configurations of UserDefinedMonitoring Valid values are Disabled and NamespaceIsolated Disabled disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces. NamespaceIsolated enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level. The current default value is `Disabled`.\n\nPossible enum values:\n - `\"Disabled\"` disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces.\n - `\"NamespaceIsolated\"` enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level.", - Default: "", + Description: "backgroundColor is the color of the background for the notification as CSS data type color.", Type: []string{"string"}, Format: "", - Enum: []interface{}{"Disabled", "NamespaceIsolated"}, }, }, }, - Required: []string{"mode"}, + Required: []string{"text"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/console/v1.Link"}, } } -func schema_openshift_api_config_v1alpha2_Custom(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsolePlugin(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "custom provides the custom configuration of gatherers", + Description: "ConsolePlugin is an extension for customizing OpenShift web console by dynamically loading code from another service running on the cluster.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "configs": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, - }, + "kind": { SchemaProps: spec.SchemaProps{ - Description: "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha2.GathererConfig"), - }, - }, - }, + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", }, }, - }, - Required: []string{"configs"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha2.GathererConfig"}, - } -} - -func schema_openshift_api_config_v1alpha2_GatherConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "gatherConfig provides data gathering configuration options.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "dataPolicy": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "dataPolicy is an optional list of DataPolicyOptions that allows user to enable additional obfuscation of the Insights archive data. It may not exceed 2 items and must not contain duplicates. Valid values are ObfuscateNetworking and WorkloadNames. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When set to WorkloadNames, the gathered data about cluster resources will not contain the workload names for your deployments. Resources UIDs will be used instead. When omitted no obfuscation is applied.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", }, }, - "gatherers": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "gatherers is a required field that specifies the configuration of the gatherers.", + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha2.Gatherers"), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, - "storage": { + "spec": { SchemaProps: spec.SchemaProps{ - Description: "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", - Ref: ref("github.com/openshift/api/config/v1alpha2.Storage"), + Description: "spec contains the desired configuration for the console plugin.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/console/v1.ConsolePluginSpec"), }, }, }, - Required: []string{"gatherers"}, + Required: []string{"metadata", "spec"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha2.Gatherers", "github.com/openshift/api/config/v1alpha2.Storage"}, + "github.com/openshift/api/console/v1.ConsolePluginSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_config_v1alpha2_GathererConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsolePluginBackend(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "gathererConfig allows to configure specific gatherers", + Description: "ConsolePluginBackend holds information about the endpoint which serves the console's plugin", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "type": { SchemaProps: spec.SchemaProps{ - Description: "name is the required name of a specific gatherer It may not exceed 256 characters. The format for a gatherer name is: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + Description: "type is the backend type which servers the console's plugin. Currently only \"Service\" is supported.", Default: "", Type: []string{"string"}, Format: "", }, }, - "state": { + "service": { SchemaProps: spec.SchemaProps{ - Description: "state is a required field that allows you to configure specific gatherer. Valid values are \"Enabled\" and \"Disabled\". When set to Enabled the gatherer will run. When set to Disabled the gatherer will not run.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "service is a Kubernetes Service that exposes the plugin using a deployment with an HTTP server. The Service must use HTTPS and Service serving certificate. The console backend will proxy the plugins assets from the Service using the service CA bundle.", + Ref: ref("github.com/openshift/api/console/v1.ConsolePluginService"), + }, + }, + }, + Required: []string{"type"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "type", + "fields-to-discriminateBy": map[string]interface{}{ + "service": "Service", + }, }, }, }, - Required: []string{"name", "state"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/console/v1.ConsolePluginService"}, } } -func schema_openshift_api_config_v1alpha2_Gatherers(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsolePluginCSP(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "ConsolePluginCSP holds configuration for a specific CSP directive", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "mode": { + "directive": { SchemaProps: spec.SchemaProps{ - Description: "mode is a required field that specifies the mode for gatherers. Allowed values are All, None, and Custom. When set to All, all gatherers wil run and gather data. When set to None, all gatherers will be disabled and no data will be gathered. When set to Custom, the custom configuration from the custom field will be applied.", + Description: "directive specifies which Content-Security-Policy directive to configure. Available directive types are DefaultSrc, ScriptSrc, StyleSrc, ImgSrc, FontSrc and ConnectSrc. DefaultSrc directive serves as a fallback for the other CSP fetch directives. For more information about the DefaultSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src ScriptSrc directive specifies valid sources for JavaScript. For more information about the ScriptSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src StyleSrc directive specifies valid sources for stylesheets. For more information about the StyleSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src ImgSrc directive specifies a valid sources of images and favicons. For more information about the ImgSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src FontSrc directive specifies valid sources for fonts loaded using @font-face. For more information about the FontSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src ConnectSrc directive restricts the URLs which can be loaded using script interfaces. For more information about the ConnectSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src\n\nPossible enum values:\n - `\"ConnectSrc\"` directive restricts the URLs which can be loaded using script interfaces. For more information about the ConnectSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src\n - `\"DefaultSrc\"` directive serves as a fallback for the other CSP fetch directives. For more information about the DefaultSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src\n - `\"FontSrc\"` directive specifies valid sources for fonts loaded using @font-face. For more information about the FontSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src\n - `\"ImgSrc\"` directive specifies a valid sources of images and favicons. For more information about the ImgSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src\n - `\"ScriptSrc\"` directive specifies valid sources for JavaScript. For more information about the ScriptSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src\n - `\"StyleSrc\"` directive specifies valid sources for stylesheets. For more information about the StyleSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src", Default: "", Type: []string{"string"}, Format: "", + Enum: []interface{}{"ConnectSrc", "DefaultSrc", "FontSrc", "ImgSrc", "ScriptSrc", "StyleSrc"}, }, }, - "custom": { + "values": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "custom provides gathering configuration. It is required when mode is Custom, and forbidden otherwise. Custom configuration allows user to disable only a subset of gatherers. Gatherers that are not explicitly disabled in custom configuration will run.", - Ref: ref("github.com/openshift/api/config/v1alpha2.Custom"), + Description: "values defines an array of values to append to the console defaults for this directive. Each ConsolePlugin may define their own directives with their values. These will be set by the OpenShift web console's backend, as part of its Content-Security-Policy header. The array can contain at most 16 values. Each directive value must have a maximum length of 1024 characters and must not contain whitespace, commas (,), semicolons (;) or single quotes ('). The value '*' is not permitted. Each value in the array must be unique.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, }, - Required: []string{"mode"}, + Required: []string{"directive", "values"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha2.Custom"}, } } -func schema_openshift_api_config_v1alpha2_InsightsDataGather(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsolePluginI18n(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "InsightsDataGather provides data gather configuration options for the the Insights Operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "ConsolePluginI18n holds information on localization resources that are served by the dynamic plugin.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { + "loadType": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "loadType indicates how the plugin's localization resource should be loaded. Valid values are Preload, Lazy and the empty string. When set to Preload, all localization resources are fetched when the plugin is loaded. When set to Lazy, localization resources are lazily loaded as and when they are required by the console. When omitted or set to the empty string, the behaviour is equivalent to Lazy type.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), - }, - }, - "spec": { - SchemaProps: spec.SchemaProps{ - Description: "spec holds user settable values for configuration", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha2.InsightsDataGatherSpec"), - }, - }, - "status": { - SchemaProps: spec.SchemaProps{ - Description: "status holds observed values from the cluster. They may not be overridden.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha2.InsightsDataGatherStatus"), - }, - }, }, - Required: []string{"spec"}, + Required: []string{"loadType"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha2.InsightsDataGatherSpec", "github.com/openshift/api/config/v1alpha2.InsightsDataGatherStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_config_v1alpha2_InsightsDataGatherList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsolePluginList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "InsightsDataGatherList is a collection of items Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -25888,20 +25533,19 @@ func schema_openshift_api_config_v1alpha2_InsightsDataGatherList(ref common.Refe }, "metadata": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the required standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { SchemaProps: spec.SchemaProps{ - Description: "items is the required list of InsightsDataGather objects it may not exceed 100 items", - Type: []string{"array"}, + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha2.InsightsDataGather"), + Ref: ref("github.com/openshift/api/console/v1.ConsolePlugin"), }, }, }, @@ -25912,325 +25556,264 @@ func schema_openshift_api_config_v1alpha2_InsightsDataGatherList(ref common.Refe }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha2.InsightsDataGather", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/console/v1.ConsolePlugin", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_config_v1alpha2_InsightsDataGatherSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsolePluginProxy(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "ConsolePluginProxy holds information on various service types to which console's backend will proxy the plugin's requests.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "gatherConfig": { + "endpoint": { SchemaProps: spec.SchemaProps{ - Description: "gatherConfig is an optional spec attribute that includes all the configuration options related to gathering of the Insights data and its uploading to the ingress.", + Description: "endpoint provides information about endpoint to which the request is proxied to.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha2.GatherConfig"), + Ref: ref("github.com/openshift/api/console/v1.ConsolePluginProxyEndpoint"), }, }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha2.GatherConfig"}, - } -} - -func schema_openshift_api_config_v1alpha2_InsightsDataGatherStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, - }, - }, - } -} - -func schema_openshift_api_config_v1alpha2_PersistentVolumeClaimReference(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "name": { + "alias": { SchemaProps: spec.SchemaProps{ - Description: "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", + Description: "alias is a proxy name that identifies the plugin's proxy. An alias name should be unique per plugin. The console backend exposes following proxy endpoint:\n\n/api/proxy/plugin///?\n\nRequest example path:\n\n/api/proxy/plugin/acm/search/pods?namespace=openshift-apiserver", Default: "", Type: []string{"string"}, Format: "", }, }, - }, - Required: []string{"name"}, - }, - }, - } -} - -func schema_openshift_api_config_v1alpha2_PersistentVolumeConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "persistentVolumeConfig provides configuration options for PersistentVolume storage.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "claim": { + "caCertificate": { SchemaProps: spec.SchemaProps{ - Description: "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha2.PersistentVolumeClaimReference"), + Description: "caCertificate provides the cert authority certificate contents, in case the proxied Service is using custom service CA. By default, the service CA bundle provided by the service-ca operator is used.", + Type: []string{"string"}, + Format: "", }, }, - "mountPath": { + "authorization": { SchemaProps: spec.SchemaProps{ - Description: "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", + Description: "authorization provides information about authorization type, which the proxied request should contain", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"claim"}, + Required: []string{"endpoint", "alias"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha2.PersistentVolumeClaimReference"}, + "github.com/openshift/api/console/v1.ConsolePluginProxyEndpoint"}, } } -func schema_openshift_api_config_v1alpha2_Storage(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsolePluginProxyEndpoint(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", + Description: "ConsolePluginProxyEndpoint holds information about the endpoint to which request will be proxied to.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "type": { SchemaProps: spec.SchemaProps{ - Description: "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field.", + Description: "type is the type of the console plugin's proxy. Currently only \"Service\" is supported.", Default: "", Type: []string{"string"}, Format: "", }, }, - "persistentVolume": { + "service": { SchemaProps: spec.SchemaProps{ - Description: "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", - Ref: ref("github.com/openshift/api/config/v1alpha2.PersistentVolumeConfig"), + Description: "service is an in-cluster Service that the plugin will connect to. The Service must use HTTPS. The console backend exposes an endpoint in order to proxy communication between the plugin and the Service. Note: service field is required for now, since currently only \"Service\" type is supported.", + Ref: ref("github.com/openshift/api/console/v1.ConsolePluginProxyServiceConfig"), }, }, }, Required: []string{"type"}, }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "type", + "fields-to-discriminateBy": map[string]interface{}{ + "service": "Service", + }, + }, + }, + }, + }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha2.PersistentVolumeConfig"}, + "github.com/openshift/api/console/v1.ConsolePluginProxyServiceConfig"}, } } -func schema_openshift_api_console_v1_ApplicationMenuSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsolePluginProxyServiceConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ApplicationMenuSpec is the specification of the desired section and icon used for the link in the application menu.", + Description: "ProxyTypeServiceConfig holds information on Service to which console's backend will proxy the plugin's requests.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "section": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "section is the section of the application menu in which the link should appear. This can be any text that will appear as a subheading in the application menu dropdown. A new section will be created if the text does not match text of an existing section.", + Description: "name of Service that the plugin needs to connect to.", Default: "", Type: []string{"string"}, Format: "", }, }, - "imageURL": { - SchemaProps: spec.SchemaProps{ - Description: "imageURL is the URL for the icon used in front of the link in the application menu. The URL must be an HTTPS URL or a Data URI. The image should be square and will be shown at 24x24 pixels.", - Type: []string{"string"}, - Format: "", - }, - }, - }, - Required: []string{"section"}, - }, - }, - } -} - -func schema_openshift_api_console_v1_CLIDownloadLink(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "text": { + "namespace": { SchemaProps: spec.SchemaProps{ - Description: "text is the display text for the link", + Description: "namespace of Service that the plugin needs to connect to", Default: "", Type: []string{"string"}, Format: "", }, }, - "href": { + "port": { SchemaProps: spec.SchemaProps{ - Description: "href is the absolute secure URL for the link (must use https)", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "port on which the Service that the plugin needs to connect to is listening on.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, }, - Required: []string{"href"}, + Required: []string{"name", "namespace", "port"}, }, }, } } -func schema_openshift_api_console_v1_ConsoleCLIDownload(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsolePluginService(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ConsoleCLIDownload is an extension for configuring openshift web console command line interface (CLI) downloads.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "ConsolePluginService holds information on Service that is serving console dynamic plugin assets.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "name of Service that is serving the plugin assets.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "namespace": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "namespace of Service that is serving the plugin assets.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "metadata": { + "port": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Description: "port on which the Service that is serving the plugin is listening to.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, - "spec": { + "basePath": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsoleCLIDownloadSpec"), + Description: "basePath is the path to the plugin's assets. The primary asset it the manifest file called `plugin-manifest.json`, which is a JSON document that contains metadata about the plugin and the extensions.", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"spec"}, + Required: []string{"name", "namespace", "port"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleCLIDownloadSpec", metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_console_v1_ConsoleCLIDownloadList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsolePluginSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "ConsolePluginSpec is the desired plugin configuration.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { + "displayName": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "displayName is the display name of the plugin. The dispalyName should be between 1 and 128 characters.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "metadata": { + "backend": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Description: "backend holds the configuration of backend which is serving console's plugin .", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("github.com/openshift/api/console/v1.ConsolePluginBackend"), }, }, - "items": { + "proxy": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, + Description: "proxy is a list of proxies that describe various service type to which the plugin needs to connect to.", + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsoleCLIDownload"), + Ref: ref("github.com/openshift/api/console/v1.ConsolePluginProxy"), }, }, }, }, }, - }, - Required: []string{"metadata", "items"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleCLIDownload", metav1.ListMeta{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_console_v1_ConsoleCLIDownloadSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ConsoleCLIDownloadSpec is the desired cli download configuration.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "displayName": { + "i18n": { SchemaProps: spec.SchemaProps{ - Description: "displayName is the display name of the CLI download.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "i18n is the configuration of plugin's localization resources.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/console/v1.ConsolePluginI18n"), }, }, - "description": { - SchemaProps: spec.SchemaProps{ - Description: "description is the description of the CLI download (can include markdown).", - Default: "", - Type: []string{"string"}, - Format: "", + "contentSecurityPolicy": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "directive", + }, + "x-kubernetes-list-type": "map", + }, }, - }, - "links": { SchemaProps: spec.SchemaProps{ - Description: "links is a list of objects that provide CLI download link details.", + Description: "contentSecurityPolicy is a list of Content-Security-Policy (CSP) directives for the plugin. Each directive specifies a list of values, appropriate for the given directive type, for example a list of remote endpoints for fetch directives such as ScriptSrc. Console web application uses CSP to detect and mitigate certain types of attacks, such as cross-site scripting (XSS) and data injection attacks. Dynamic plugins should specify this field if need to load assets from outside the cluster or if violation reports are observed. Dynamic plugins should always prefer loading their assets from within the cluster, either by vendoring them, or fetching from a cluster service. CSP violation reports can be viewed in the browser's console logs during development and testing of the plugin in the OpenShift web console. Available directive types are DefaultSrc, ScriptSrc, StyleSrc, ImgSrc, FontSrc and ConnectSrc. Each of the available directives may be defined only once in the list. The value 'self' is automatically included in all fetch directives by the OpenShift web console's backend. For more information about the CSP directives, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy\n\nThe OpenShift web console server aggregates the CSP directives and values across its own default values and all enabled ConsolePlugin CRs, merging them into a single policy string that is sent to the browser via `Content-Security-Policy` HTTP response header.\n\nExample:\n ConsolePlugin A directives:\n script-src: https://script1.com/, https://script2.com/\n font-src: https://font1.com/\n\n ConsolePlugin B directives:\n script-src: https://script2.com/, https://script3.com/\n font-src: https://font2.com/\n img-src: https://img1.com/\n\n Unified set of CSP directives, passed to the OpenShift web console server:\n script-src: https://script1.com/, https://script2.com/, https://script3.com/\n font-src: https://font1.com/, https://font2.com/\n img-src: https://img1.com/\n\n OpenShift web console server CSP response header:\n Content-Security-Policy: default-src 'self'; base-uri 'self'; script-src 'self' https://script1.com/ https://script2.com/ https://script3.com/; font-src 'self' https://font1.com/ https://font2.com/; img-src 'self' https://img1.com/; style-src 'self'; frame-src 'none'; object-src 'none'", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.CLIDownloadLink"), + Ref: ref("github.com/openshift/api/console/v1.ConsolePluginCSP"), }, }, }, }, }, }, - Required: []string{"displayName", "description", "links"}, + Required: []string{"displayName", "backend"}, }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.CLIDownloadLink"}, + "github.com/openshift/api/console/v1.ConsolePluginBackend", "github.com/openshift/api/console/v1.ConsolePluginCSP", "github.com/openshift/api/console/v1.ConsolePluginI18n", "github.com/openshift/api/console/v1.ConsolePluginProxy"}, } } -func schema_openshift_api_console_v1_ConsoleExternalLogLink(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleQuickStart(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ConsoleExternalLogLink is an extension for customizing OpenShift web console log links.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "ConsoleQuickStart is an extension for guiding user through various workflows in the OpenShift web console.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -26251,13 +25834,13 @@ func schema_openshift_api_console_v1_ConsoleExternalLogLink(ref common.Reference SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsoleExternalLogLinkSpec"), + Ref: ref("github.com/openshift/api/console/v1.ConsoleQuickStartSpec"), }, }, }, @@ -26265,11 +25848,11 @@ func schema_openshift_api_console_v1_ConsoleExternalLogLink(ref common.Reference }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleExternalLogLinkSpec", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/console/v1.ConsoleQuickStartSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_console_v1_ConsoleExternalLogLinkList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleQuickStartList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -26294,7 +25877,7 @@ func schema_openshift_api_console_v1_ConsoleExternalLogLinkList(ref common.Refer SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -26304,7 +25887,7 @@ func schema_openshift_api_console_v1_ConsoleExternalLogLinkList(ref common.Refer Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsoleExternalLogLink"), + Ref: ref("github.com/openshift/api/console/v1.ConsoleQuickStart"), }, }, }, @@ -26315,240 +25898,254 @@ func schema_openshift_api_console_v1_ConsoleExternalLogLinkList(ref common.Refer }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleExternalLogLink", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/console/v1.ConsoleQuickStart", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_console_v1_ConsoleExternalLogLinkSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleQuickStartSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ConsoleExternalLogLinkSpec is the desired log link configuration. The log link will appear on the logs tab of the pod details page.", + Description: "ConsoleQuickStartSpec is the desired quick start configuration.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "text": { + "displayName": { SchemaProps: spec.SchemaProps{ - Description: "text is the display text for the link", + Description: "displayName is the display name of the Quick Start.", Default: "", Type: []string{"string"}, Format: "", }, }, - "hrefTemplate": { + "icon": { SchemaProps: spec.SchemaProps{ - Description: "hrefTemplate is an absolute secure URL (must use https) for the log link including variables to be replaced. Variables are specified in the URL with the format ${variableName}, for instance, ${containerName} and will be replaced with the corresponding values from the resource. Resource is a pod. Supported variables are: - ${resourceName} - name of the resource which containes the logs - ${resourceUID} - UID of the resource which contains the logs\n - e.g. `11111111-2222-3333-4444-555555555555`\n- ${containerName} - name of the resource's container that contains the logs - ${resourceNamespace} - namespace of the resource that contains the logs - ${resourceNamespaceUID} - namespace UID of the resource that contains the logs - ${podLabels} - JSON representation of labels matching the pod with the logs\n - e.g. `{\"key1\":\"value1\",\"key2\":\"value2\"}`\n\ne.g., https://example.com/logs?resourceName=${resourceName}&containerName=${containerName}&resourceNamespace=${resourceNamespace}&podLabels=${podLabels}", - Default: "", + Description: "icon is a base64 encoded image that will be displayed beside the Quick Start display name. The icon should be an vector image for easy scaling. The size of the icon should be 40x40.", Type: []string{"string"}, Format: "", }, }, - "namespaceFilter": { + "tags": { SchemaProps: spec.SchemaProps{ - Description: "namespaceFilter is a regular expression used to restrict a log link to a matching set of namespaces (e.g., `^openshift-`). The string is converted into a regular expression using the JavaScript RegExp constructor. If not specified, links will be displayed for all the namespaces.", - Type: []string{"string"}, - Format: "", + Description: "tags is a list of strings that describe the Quick Start.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - }, - Required: []string{"text", "hrefTemplate"}, - }, - }, - } -} - -func schema_openshift_api_console_v1_ConsoleLink(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ConsoleLink is an extension for customizing OpenShift web console links.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { + "durationMinutes": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", + Description: "durationMinutes describes approximately how many minutes it will take to complete the Quick Start.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, - "apiVersion": { + "description": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "description is the description of the Quick Start. (includes markdown)", + Default: "", Type: []string{"string"}, Format: "", }, }, - "metadata": { + "prerequisites": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Description: "prerequisites contains all prerequisites that need to be met before taking a Quick Start. (includes markdown)", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "spec": { + "introduction": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsoleLinkSpec"), + Description: "introduction describes the purpose of the Quick Start. (includes markdown)", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - }, - Required: []string{"spec"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleLinkSpec", metav1.ObjectMeta{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_console_v1_ConsoleLinkList(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { + "tasks": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", + Description: "tasks is the list of steps the user has to perform to complete the Quick Start.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/console/v1.ConsoleQuickStartTask"), + }, + }, + }, }, }, - "apiVersion": { + "conclusion": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "conclusion sums up the Quick Start and suggests the possible next steps. (includes markdown)", Type: []string{"string"}, Format: "", }, }, - "metadata": { + "nextQuickStart": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Description: "nextQuickStart is a list of the following Quick Starts, suggested for the user to try.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "items": { + "accessReviewResources": { SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, + Description: "accessReviewResources contains a list of resources that the user's access will be reviewed against in order for the user to complete the Quick Start. The Quick Start will be hidden if any of the access reviews fail.", + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsoleLink"), + Ref: ref("k8s.io/api/authorization/v1.ResourceAttributes"), }, }, }, }, }, }, - Required: []string{"metadata", "items"}, + Required: []string{"displayName", "durationMinutes", "description", "introduction", "tasks"}, }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleLink", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/console/v1.ConsoleQuickStartTask", "k8s.io/api/authorization/v1.ResourceAttributes"}, } } -func schema_openshift_api_console_v1_ConsoleLinkSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleQuickStartTask(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ConsoleLinkSpec is the desired console link configuration.", + Description: "ConsoleQuickStartTask is a single step in a Quick Start.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "text": { - SchemaProps: spec.SchemaProps{ - Description: "text is the display text for the link", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "href": { + "title": { SchemaProps: spec.SchemaProps{ - Description: "href is the absolute URL for the link. Must use https:// for web URLs or mailto: for email links.", + Description: "title describes the task and is displayed as a step heading.", Default: "", Type: []string{"string"}, Format: "", }, }, - "location": { + "description": { SchemaProps: spec.SchemaProps{ - Description: "location determines which location in the console the link will be appended to (ApplicationMenu, HelpMenu, UserMenu, NamespaceDashboard).", + Description: "description describes the steps needed to complete the task. (includes markdown)", Default: "", Type: []string{"string"}, Format: "", }, }, - "applicationMenu": { + "review": { SchemaProps: spec.SchemaProps{ - Description: "applicationMenu holds information about section and icon used for the link in the application menu, and it is applicable only when location is set to ApplicationMenu.", - Ref: ref("github.com/openshift/api/console/v1.ApplicationMenuSpec"), + Description: "review contains instructions to validate the task is complete. The user will select 'Yes' or 'No'. using a radio button, which indicates whether the step was completed successfully.", + Ref: ref("github.com/openshift/api/console/v1.ConsoleQuickStartTaskReview"), }, }, - "namespaceDashboard": { + "summary": { SchemaProps: spec.SchemaProps{ - Description: "namespaceDashboard holds information about namespaces in which the dashboard link should appear, and it is applicable only when location is set to NamespaceDashboard. If not specified, the link will appear in all namespaces.", - Ref: ref("github.com/openshift/api/console/v1.NamespaceDashboardSpec"), + Description: "summary contains information about the passed step.", + Ref: ref("github.com/openshift/api/console/v1.ConsoleQuickStartTaskSummary"), }, }, }, - Required: []string{"text", "href", "location"}, + Required: []string{"title", "description"}, }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ApplicationMenuSpec", "github.com/openshift/api/console/v1.NamespaceDashboardSpec"}, + "github.com/openshift/api/console/v1.ConsoleQuickStartTaskReview", "github.com/openshift/api/console/v1.ConsoleQuickStartTaskSummary"}, } } -func schema_openshift_api_console_v1_ConsoleNotification(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleQuickStartTaskReview(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ConsoleNotification is the extension for configuring openshift web console notifications.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "ConsoleQuickStartTaskReview contains instructions that validate a task was completed successfully.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "instructions": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "instructions contains steps that user needs to take in order to validate his work after going through a task. (includes markdown)", + Default: "", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "failedTaskHelp": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "failedTaskHelp contains suggestions for a failed task review and is shown at the end of task. (includes markdown)", + Default: "", Type: []string{"string"}, Format: "", }, }, - "metadata": { + }, + Required: []string{"instructions", "failedTaskHelp"}, + }, + }, + } +} + +func schema_openshift_api_console_v1_ConsoleQuickStartTaskSummary(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ConsoleQuickStartTaskSummary contains information about a passed step.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "success": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Description: "success describes the succesfully passed task.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "spec": { + "failed": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsoleNotificationSpec"), + Description: "failed briefly describes the unsuccessfully passed task. (includes markdown)", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"spec"}, + Required: []string{"success", "failed"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleNotificationSpec", metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_console_v1_ConsoleNotificationList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleSample(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "ConsoleSample is an extension to customizing OpenShift web console by adding samples.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -26567,236 +26164,167 @@ func schema_openshift_api_console_v1_ConsoleNotificationList(ref common.Referenc }, "metadata": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, - "items": { + "spec": { SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsoleNotification"), - }, - }, - }, + Description: "spec contains configuration for a console sample.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/console/v1.ConsoleSampleSpec"), }, }, }, - Required: []string{"metadata", "items"}, + Required: []string{"metadata", "spec"}, }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleNotification", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/console/v1.ConsoleSampleSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_console_v1_ConsoleNotificationSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleSampleContainerImportSource(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ConsoleNotificationSpec is the desired console notification configuration.", + Description: "ConsoleSampleContainerImportSource let the user import a container image.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "text": { + "image": { SchemaProps: spec.SchemaProps{ - Description: "text is the visible text of the notification.", + Description: "reference to a container image that provides a HTTP service. The service must be exposed on the default port (8080) unless otherwise configured with the port field.\n\nSupported formats:\n - /\n - docker.io//\n - quay.io//\n - quay.io//@sha256:\n - quay.io//:", Default: "", Type: []string{"string"}, Format: "", }, }, - "location": { - SchemaProps: spec.SchemaProps{ - Description: "location is the location of the notification in the console. Valid values are: \"BannerTop\", \"BannerBottom\", \"BannerTopBottom\".", - Type: []string{"string"}, - Format: "", - }, - }, - "link": { - SchemaProps: spec.SchemaProps{ - Description: "link is an object that holds notification link details.", - Ref: ref("github.com/openshift/api/console/v1.Link"), - }, - }, - "color": { - SchemaProps: spec.SchemaProps{ - Description: "color is the color of the text for the notification as CSS data type color.", - Type: []string{"string"}, - Format: "", - }, - }, - "backgroundColor": { + "service": { SchemaProps: spec.SchemaProps{ - Description: "backgroundColor is the color of the background for the notification as CSS data type color.", - Type: []string{"string"}, - Format: "", + Description: "service contains configuration for the Service resource created for this sample.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/console/v1.ConsoleSampleContainerImportSourceService"), }, }, }, - Required: []string{"text"}, + Required: []string{"image"}, }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.Link"}, + "github.com/openshift/api/console/v1.ConsoleSampleContainerImportSourceService"}, } } -func schema_openshift_api_console_v1_ConsolePlugin(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleSampleContainerImportSourceService(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ConsolePlugin is an extension for customizing OpenShift web console by dynamically loading code from another service running on the cluster.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Description: "ConsoleSampleContainerImportSourceService let the samples author define defaults for the Service created for this sample.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), - }, - }, - "spec": { + "targetPort": { SchemaProps: spec.SchemaProps{ - Description: "spec contains the desired configuration for the console plugin.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsolePluginSpec"), + Description: "targetPort is the port that the service listens on for HTTP requests. This port will be used for Service and Route created for this sample. Port must be in the range 1 to 65535. Default port is 8080.", + Type: []string{"integer"}, + Format: "int32", }, }, }, - Required: []string{"metadata", "spec"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsolePluginSpec", metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_console_v1_ConsolePluginBackend(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleSampleGitImportSource(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ConsolePluginBackend holds information about the endpoint which serves the console's plugin", + Description: "ConsoleSampleGitImportSource let the user import code from a public Git repository.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "type": { + "repository": { SchemaProps: spec.SchemaProps{ - Description: "type is the backend type which servers the console's plugin. Currently only \"Service\" is supported.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "repository contains the reference to the actual Git repository.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/console/v1.ConsoleSampleGitImportSourceRepository"), }, }, "service": { SchemaProps: spec.SchemaProps{ - Description: "service is a Kubernetes Service that exposes the plugin using a deployment with an HTTP server. The Service must use HTTPS and Service serving certificate. The console backend will proxy the plugins assets from the Service using the service CA bundle.", - Ref: ref("github.com/openshift/api/console/v1.ConsolePluginService"), - }, - }, - }, - Required: []string{"type"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "type", - "fields-to-discriminateBy": map[string]interface{}{ - "service": "Service", - }, + Description: "service contains configuration for the Service resource created for this sample.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/console/v1.ConsoleSampleGitImportSourceService"), }, }, }, + Required: []string{"repository"}, }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsolePluginService"}, + "github.com/openshift/api/console/v1.ConsoleSampleGitImportSourceRepository", "github.com/openshift/api/console/v1.ConsoleSampleGitImportSourceService"}, } } -func schema_openshift_api_console_v1_ConsolePluginCSP(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleSampleGitImportSourceRepository(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ConsolePluginCSP holds configuration for a specific CSP directive", + Description: "ConsoleSampleGitImportSourceRepository let the user import code from a public git repository.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "directive": { + "url": { SchemaProps: spec.SchemaProps{ - Description: "directive specifies which Content-Security-Policy directive to configure. Available directive types are DefaultSrc, ScriptSrc, StyleSrc, ImgSrc, FontSrc and ConnectSrc. DefaultSrc directive serves as a fallback for the other CSP fetch directives. For more information about the DefaultSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src ScriptSrc directive specifies valid sources for JavaScript. For more information about the ScriptSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src StyleSrc directive specifies valid sources for stylesheets. For more information about the StyleSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src ImgSrc directive specifies a valid sources of images and favicons. For more information about the ImgSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src FontSrc directive specifies valid sources for fonts loaded using @font-face. For more information about the FontSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src ConnectSrc directive restricts the URLs which can be loaded using script interfaces. For more information about the ConnectSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src\n\nPossible enum values:\n - `\"ConnectSrc\"` directive restricts the URLs which can be loaded using script interfaces. For more information about the ConnectSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src\n - `\"DefaultSrc\"` directive serves as a fallback for the other CSP fetch directives. For more information about the DefaultSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src\n - `\"FontSrc\"` directive specifies valid sources for fonts loaded using @font-face. For more information about the FontSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src\n - `\"ImgSrc\"` directive specifies a valid sources of images and favicons. For more information about the ImgSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src\n - `\"ScriptSrc\"` directive specifies valid sources for JavaScript. For more information about the ScriptSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src\n - `\"StyleSrc\"` directive specifies valid sources for stylesheets. For more information about the StyleSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src", + Description: "url of the Git repository that contains a HTTP service. The HTTP service must be exposed on the default port (8080) unless otherwise configured with the port field.\n\nOnly public repositories on GitHub, GitLab and Bitbucket are currently supported:\n\n - https://github.com//\n - https://gitlab.com//\n - https://bitbucket.org//\n\nThe url must have a maximum length of 256 characters.", Default: "", Type: []string{"string"}, Format: "", - Enum: []interface{}{"ConnectSrc", "DefaultSrc", "FontSrc", "ImgSrc", "ScriptSrc", "StyleSrc"}, }, }, - "values": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, + "revision": { + SchemaProps: spec.SchemaProps{ + Description: "revision is the git revision at which to clone the git repository Can be used to clone a specific branch, tag or commit SHA. Must be at most 256 characters in length. When omitted the repository's default branch is used.", + Default: "", + Type: []string{"string"}, + Format: "", }, + }, + "contextDir": { SchemaProps: spec.SchemaProps{ - Description: "values defines an array of values to append to the console defaults for this directive. Each ConsolePlugin may define their own directives with their values. These will be set by the OpenShift web console's backend, as part of its Content-Security-Policy header. The array can contain at most 16 values. Each directive value must have a maximum length of 1024 characters and must not contain whitespace, commas (,), semicolons (;) or single quotes ('). The value '*' is not permitted. Each value in the array must be unique.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "contextDir is used to specify a directory within the repository to build the component. Must start with `/` and have a maximum length of 256 characters. When omitted, the default value is to build from the root of the repository.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"directive", "values"}, + Required: []string{"url"}, }, }, } } -func schema_openshift_api_console_v1_ConsolePluginI18n(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleSampleGitImportSourceService(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ConsolePluginI18n holds information on localization resources that are served by the dynamic plugin.", + Description: "ConsoleSampleGitImportSourceService let the samples author define defaults for the Service created for this sample.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "loadType": { + "targetPort": { SchemaProps: spec.SchemaProps{ - Description: "loadType indicates how the plugin's localization resource should be loaded. Valid values are Preload, Lazy and the empty string. When set to Preload, all localization resources are fetched when the plugin is loaded. When set to Lazy, localization resources are lazily loaded as and when they are required by the console. When omitted or set to the empty string, the behaviour is equivalent to Lazy type.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "targetPort is the port that the service listens on for HTTP requests. This port will be used for Service created for this sample. Port must be in the range 1 to 65535. Default port is 8080.", + Type: []string{"integer"}, + Format: "int32", }, }, }, - Required: []string{"loadType"}, }, }, } } -func schema_openshift_api_console_v1_ConsolePluginList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleSampleList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -26821,7 +26349,7 @@ func schema_openshift_api_console_v1_ConsolePluginList(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -26831,7 +26359,7 @@ func schema_openshift_api_console_v1_ConsolePluginList(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsolePlugin"), + Ref: ref("github.com/openshift/api/console/v1.ConsoleSample"), }, }, }, @@ -26842,264 +26370,156 @@ func schema_openshift_api_console_v1_ConsolePluginList(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsolePlugin", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/console/v1.ConsoleSample", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_console_v1_ConsolePluginProxy(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleSampleSource(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ConsolePluginProxy holds information on various service types to which console's backend will proxy the plugin's requests.", + Description: "ConsoleSampleSource is the actual sample definition and can hold different sample types. Unsupported sample types will be ignored in the web console.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "endpoint": { - SchemaProps: spec.SchemaProps{ - Description: "endpoint provides information about endpoint to which the request is proxied to.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsolePluginProxyEndpoint"), - }, - }, - "alias": { + "type": { SchemaProps: spec.SchemaProps{ - Description: "alias is a proxy name that identifies the plugin's proxy. An alias name should be unique per plugin. The console backend exposes following proxy endpoint:\n\n/api/proxy/plugin///?\n\nRequest example path:\n\n/api/proxy/plugin/acm/search/pods?namespace=openshift-apiserver", + Description: "type of the sample, currently supported: \"GitImport\";\"ContainerImport\"\n\nPossible enum values:\n - `\"ContainerImport\"` A sample that let the user import a container image.\n - `\"GitImport\"` A sample that let the user import code from a git repository.", Default: "", Type: []string{"string"}, Format: "", + Enum: []interface{}{"ContainerImport", "GitImport"}, }, }, - "caCertificate": { + "gitImport": { SchemaProps: spec.SchemaProps{ - Description: "caCertificate provides the cert authority certificate contents, in case the proxied Service is using custom service CA. By default, the service CA bundle provided by the service-ca operator is used.", - Type: []string{"string"}, - Format: "", + Description: "gitImport allows the user to import code from a git repository.", + Ref: ref("github.com/openshift/api/console/v1.ConsoleSampleGitImportSource"), }, }, - "authorization": { + "containerImport": { SchemaProps: spec.SchemaProps{ - Description: "authorization provides information about authorization type, which the proxied request should contain", - Type: []string{"string"}, - Format: "", + Description: "containerImport allows the user import a container image.", + Ref: ref("github.com/openshift/api/console/v1.ConsoleSampleContainerImportSource"), + }, + }, + }, + Required: []string{"type"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "type", + "fields-to-discriminateBy": map[string]interface{}{ + "containerImport": "ContainerImport", + "gitImport": "GitImport", + }, }, }, }, - Required: []string{"endpoint", "alias"}, }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsolePluginProxyEndpoint"}, + "github.com/openshift/api/console/v1.ConsoleSampleContainerImportSource", "github.com/openshift/api/console/v1.ConsoleSampleGitImportSource"}, } } -func schema_openshift_api_console_v1_ConsolePluginProxyEndpoint(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleSampleSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ConsolePluginProxyEndpoint holds information about the endpoint to which request will be proxied to.", + Description: "ConsoleSampleSpec is the desired sample for the web console. Samples will appear with their title, descriptions and a badge in a samples catalog.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "type": { + "title": { SchemaProps: spec.SchemaProps{ - Description: "type is the type of the console plugin's proxy. Currently only \"Service\" is supported.", + Description: "title is the display name of the sample.\n\nIt is required and must be no more than 50 characters in length.", Default: "", Type: []string{"string"}, Format: "", }, }, - "service": { - SchemaProps: spec.SchemaProps{ - Description: "service is an in-cluster Service that the plugin will connect to. The Service must use HTTPS. The console backend exposes an endpoint in order to proxy communication between the plugin and the Service. Note: service field is required for now, since currently only \"Service\" type is supported.", - Ref: ref("github.com/openshift/api/console/v1.ConsolePluginProxyServiceConfig"), - }, - }, - }, - Required: []string{"type"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "type", - "fields-to-discriminateBy": map[string]interface{}{ - "service": "Service", - }, - }, - }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsolePluginProxyServiceConfig"}, - } -} - -func schema_openshift_api_console_v1_ConsolePluginProxyServiceConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ProxyTypeServiceConfig holds information on Service to which console's backend will proxy the plugin's requests.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "name": { + "abstract": { SchemaProps: spec.SchemaProps{ - Description: "name of Service that the plugin needs to connect to.", + Description: "abstract is a short introduction to the sample.\n\nIt is required and must be no more than 100 characters in length.\n\nThe abstract is shown on the sample card tile below the title and provider and is limited to three lines of content.", Default: "", Type: []string{"string"}, Format: "", }, }, - "namespace": { + "description": { SchemaProps: spec.SchemaProps{ - Description: "namespace of Service that the plugin needs to connect to", + Description: "description is a long form explanation of the sample.\n\nIt is required and can have a maximum length of **4096** characters.\n\nIt is a README.md-like content for additional information, links, pre-conditions, and other instructions. It will be rendered as Markdown so that it can contain line breaks, links, and other simple formatting.", Default: "", Type: []string{"string"}, Format: "", }, }, - "port": { - SchemaProps: spec.SchemaProps{ - Description: "port on which the Service that the plugin needs to connect to is listening on.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", - }, - }, - }, - Required: []string{"name", "namespace", "port"}, - }, - }, - } -} - -func schema_openshift_api_console_v1_ConsolePluginService(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ConsolePluginService holds information on Service that is serving console dynamic plugin assets.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "name": { + "icon": { SchemaProps: spec.SchemaProps{ - Description: "name of Service that is serving the plugin assets.", + Description: "icon is an optional base64 encoded image and shown beside the sample title.\n\nThe format must follow the data: URL format and can have a maximum size of **10 KB**.\n\n data:[][;base64],\n\nFor example:\n\n data:image;base64, plus the base64 encoded image.\n\nVector images can also be used. SVG icons must start with:\n\n data:image/svg+xml;base64, plus the base64 encoded SVG image.\n\nAll sample catalog icons will be shown on a white background (also when the dark theme is used). The web console ensures that different aspect ratios work correctly. Currently, the surface of the icon is at most 40x100px.\n\nFor more information on the data URL format, please visit https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URLs.", Default: "", Type: []string{"string"}, Format: "", }, }, - "namespace": { + "type": { SchemaProps: spec.SchemaProps{ - Description: "namespace of Service that is serving the plugin assets.", + Description: "type is an optional label to group multiple samples.\n\nIt is optional and must be no more than 20 characters in length.\n\nRecommendation is a singular term like \"Builder Image\", \"Devfile\" or \"Serverless Function\".\n\nCurrently, the type is shown a badge on the sample card tile in the top right corner.", Default: "", Type: []string{"string"}, Format: "", }, }, - "port": { - SchemaProps: spec.SchemaProps{ - Description: "port on which the Service that is serving the plugin is listening to.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", - }, - }, - "basePath": { - SchemaProps: spec.SchemaProps{ - Description: "basePath is the path to the plugin's assets. The primary asset it the manifest file called `plugin-manifest.json`, which is a JSON document that contains metadata about the plugin and the extensions.", - Type: []string{"string"}, - Format: "", - }, - }, - }, - Required: []string{"name", "namespace", "port"}, - }, - }, - } -} - -func schema_openshift_api_console_v1_ConsolePluginSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ConsolePluginSpec is the desired plugin configuration.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "displayName": { + "provider": { SchemaProps: spec.SchemaProps{ - Description: "displayName is the display name of the plugin. The dispalyName should be between 1 and 128 characters.", + Description: "provider is an optional label to honor who provides the sample.\n\nIt is optional and must be no more than 50 characters in length.\n\nA provider can be a company like \"Red Hat\" or an organization like \"CNCF\" or \"Knative\".\n\nCurrently, the provider is only shown on the sample card tile below the title with the prefix \"Provided by \"", Default: "", Type: []string{"string"}, Format: "", }, }, - "backend": { - SchemaProps: spec.SchemaProps{ - Description: "backend holds the configuration of backend which is serving console's plugin .", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsolePluginBackend"), - }, - }, - "proxy": { + "tags": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", + "x-kubernetes-list-type": "set", }, }, SchemaProps: spec.SchemaProps{ - Description: "proxy is a list of proxies that describe various service type to which the plugin needs to connect to.", + Description: "tags are optional string values that can be used to find samples in the samples catalog.\n\nExamples of common tags may be \"Java\", \"Quarkus\", etc.\n\nThey will be displayed on the samples details page.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsolePluginProxy"), + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, }, }, - "i18n": { + "source": { SchemaProps: spec.SchemaProps{ - Description: "i18n is the configuration of plugin's localization resources.", + Description: "source defines where to deploy the sample service from. The sample may be sourced from an external git repository or container image.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsolePluginI18n"), - }, - }, - "contentSecurityPolicy": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "directive", - }, - "x-kubernetes-list-type": "map", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "contentSecurityPolicy is a list of Content-Security-Policy (CSP) directives for the plugin. Each directive specifies a list of values, appropriate for the given directive type, for example a list of remote endpoints for fetch directives such as ScriptSrc. Console web application uses CSP to detect and mitigate certain types of attacks, such as cross-site scripting (XSS) and data injection attacks. Dynamic plugins should specify this field if need to load assets from outside the cluster or if violation reports are observed. Dynamic plugins should always prefer loading their assets from within the cluster, either by vendoring them, or fetching from a cluster service. CSP violation reports can be viewed in the browser's console logs during development and testing of the plugin in the OpenShift web console. Available directive types are DefaultSrc, ScriptSrc, StyleSrc, ImgSrc, FontSrc and ConnectSrc. Each of the available directives may be defined only once in the list. The value 'self' is automatically included in all fetch directives by the OpenShift web console's backend. For more information about the CSP directives, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy\n\nThe OpenShift web console server aggregates the CSP directives and values across its own default values and all enabled ConsolePlugin CRs, merging them into a single policy string that is sent to the browser via `Content-Security-Policy` HTTP response header.\n\nExample:\n ConsolePlugin A directives:\n script-src: https://script1.com/, https://script2.com/\n font-src: https://font1.com/\n\n ConsolePlugin B directives:\n script-src: https://script2.com/, https://script3.com/\n font-src: https://font2.com/\n img-src: https://img1.com/\n\n Unified set of CSP directives, passed to the OpenShift web console server:\n script-src: https://script1.com/, https://script2.com/, https://script3.com/\n font-src: https://font1.com/, https://font2.com/\n img-src: https://img1.com/\n\n OpenShift web console server CSP response header:\n Content-Security-Policy: default-src 'self'; base-uri 'self'; script-src 'self' https://script1.com/ https://script2.com/ https://script3.com/; font-src 'self' https://font1.com/ https://font2.com/; img-src 'self' https://img1.com/; style-src 'self'; frame-src 'none'; object-src 'none'", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsolePluginCSP"), - }, - }, - }, + Ref: ref("github.com/openshift/api/console/v1.ConsoleSampleSource"), }, }, }, - Required: []string{"displayName", "backend"}, + Required: []string{"title", "abstract", "description", "source"}, }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsolePluginBackend", "github.com/openshift/api/console/v1.ConsolePluginCSP", "github.com/openshift/api/console/v1.ConsolePluginI18n", "github.com/openshift/api/console/v1.ConsolePluginProxy"}, + "github.com/openshift/api/console/v1.ConsoleSampleSource"}, } } -func schema_openshift_api_console_v1_ConsoleQuickStart(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleYAMLSample(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ConsoleQuickStart is an extension for guiding user through various workflows in the OpenShift web console.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "ConsoleYAMLSample is an extension for customizing OpenShift web console YAML samples.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -27120,25 +26540,25 @@ func schema_openshift_api_console_v1_ConsoleQuickStart(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsoleQuickStartSpec"), + Ref: ref("github.com/openshift/api/console/v1.ConsoleYAMLSampleSpec"), }, }, }, - Required: []string{"spec"}, + Required: []string{"metadata", "spec"}, }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleQuickStartSpec", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/console/v1.ConsoleYAMLSampleSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_console_v1_ConsoleQuickStartList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleYAMLSampleList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -27163,7 +26583,7 @@ func schema_openshift_api_console_v1_ConsoleQuickStartList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -27173,7 +26593,7 @@ func schema_openshift_api_console_v1_ConsoleQuickStartList(ref common.ReferenceC Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsoleQuickStart"), + Ref: ref("github.com/openshift/api/console/v1.ConsoleYAMLSample"), }, }, }, @@ -27184,254 +26604,136 @@ func schema_openshift_api_console_v1_ConsoleQuickStartList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleQuickStart", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/console/v1.ConsoleYAMLSample", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_console_v1_ConsoleQuickStartSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_ConsoleYAMLSampleSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ConsoleQuickStartSpec is the desired quick start configuration.", + Description: "ConsoleYAMLSampleSpec is the desired YAML sample configuration. Samples will appear with their descriptions in a samples sidebar when creating a resources in the web console.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "displayName": { - SchemaProps: spec.SchemaProps{ - Description: "displayName is the display name of the Quick Start.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "icon": { - SchemaProps: spec.SchemaProps{ - Description: "icon is a base64 encoded image that will be displayed beside the Quick Start display name. The icon should be an vector image for easy scaling. The size of the icon should be 40x40.", - Type: []string{"string"}, - Format: "", - }, - }, - "tags": { - SchemaProps: spec.SchemaProps{ - Description: "tags is a list of strings that describe the Quick Start.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "durationMinutes": { + "targetResource": { SchemaProps: spec.SchemaProps{ - Description: "durationMinutes describes approximately how many minutes it will take to complete the Quick Start.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "targetResource contains apiVersion and kind of the resource YAML sample is representating.", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.TypeMeta"), }, }, - "description": { + "title": { SchemaProps: spec.SchemaProps{ - Description: "description is the description of the Quick Start. (includes markdown)", + Description: "title of the YAML sample.", Default: "", Type: []string{"string"}, Format: "", }, }, - "prerequisites": { - SchemaProps: spec.SchemaProps{ - Description: "prerequisites contains all prerequisites that need to be met before taking a Quick Start. (includes markdown)", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "introduction": { + "description": { SchemaProps: spec.SchemaProps{ - Description: "introduction describes the purpose of the Quick Start. (includes markdown)", + Description: "description of the YAML sample.", Default: "", Type: []string{"string"}, Format: "", }, }, - "tasks": { - SchemaProps: spec.SchemaProps{ - Description: "tasks is the list of steps the user has to perform to complete the Quick Start.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsoleQuickStartTask"), - }, - }, - }, - }, - }, - "conclusion": { - SchemaProps: spec.SchemaProps{ - Description: "conclusion sums up the Quick Start and suggests the possible next steps. (includes markdown)", - Type: []string{"string"}, - Format: "", - }, - }, - "nextQuickStart": { - SchemaProps: spec.SchemaProps{ - Description: "nextQuickStart is a list of the following Quick Starts, suggested for the user to try.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "accessReviewResources": { - SchemaProps: spec.SchemaProps{ - Description: "accessReviewResources contains a list of resources that the user's access will be reviewed against in order for the user to complete the Quick Start. The Quick Start will be hidden if any of the access reviews fail.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref(authorizationv1.ResourceAttributes{}.OpenAPIModelName()), - }, - }, - }, - }, - }, - }, - Required: []string{"displayName", "durationMinutes", "description", "introduction", "tasks"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleQuickStartTask", authorizationv1.ResourceAttributes{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_console_v1_ConsoleQuickStartTask(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ConsoleQuickStartTask is a single step in a Quick Start.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "title": { + "yaml": { SchemaProps: spec.SchemaProps{ - Description: "title describes the task and is displayed as a step heading.", + Description: "yaml is the YAML sample to display.", Default: "", Type: []string{"string"}, Format: "", }, }, - "description": { + "snippet": { SchemaProps: spec.SchemaProps{ - Description: "description describes the steps needed to complete the task. (includes markdown)", - Default: "", - Type: []string{"string"}, + Description: "snippet indicates that the YAML sample is not the full YAML resource definition, but a fragment that can be inserted into the existing YAML document at the user's cursor.", + Default: false, + Type: []string{"boolean"}, Format: "", }, }, - "review": { - SchemaProps: spec.SchemaProps{ - Description: "review contains instructions to validate the task is complete. The user will select 'Yes' or 'No'. using a radio button, which indicates whether the step was completed successfully.", - Ref: ref("github.com/openshift/api/console/v1.ConsoleQuickStartTaskReview"), - }, - }, - "summary": { - SchemaProps: spec.SchemaProps{ - Description: "summary contains information about the passed step.", - Ref: ref("github.com/openshift/api/console/v1.ConsoleQuickStartTaskSummary"), - }, - }, }, - Required: []string{"title", "description"}, + Required: []string{"targetResource", "title", "description", "yaml"}, }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleQuickStartTaskReview", "github.com/openshift/api/console/v1.ConsoleQuickStartTaskSummary"}, + "k8s.io/apimachinery/pkg/apis/meta/v1.TypeMeta"}, } } -func schema_openshift_api_console_v1_ConsoleQuickStartTaskReview(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_Link(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ConsoleQuickStartTaskReview contains instructions that validate a task was completed successfully.", + Description: "Represents a standard link that could be generated in HTML", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "instructions": { + "text": { SchemaProps: spec.SchemaProps{ - Description: "instructions contains steps that user needs to take in order to validate his work after going through a task. (includes markdown)", + Description: "text is the display text for the link", Default: "", Type: []string{"string"}, Format: "", }, }, - "failedTaskHelp": { + "href": { SchemaProps: spec.SchemaProps{ - Description: "failedTaskHelp contains suggestions for a failed task review and is shown at the end of task. (includes markdown)", + Description: "href is the absolute URL for the link. Must use https:// for web URLs or mailto: for email links.", Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"instructions", "failedTaskHelp"}, + Required: []string{"text", "href"}, }, }, } } -func schema_openshift_api_console_v1_ConsoleQuickStartTaskSummary(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_console_v1_NamespaceDashboardSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ConsoleQuickStartTaskSummary contains information about a passed step.", + Description: "NamespaceDashboardSpec is a specification of namespaces in which the dashboard link should appear. If both namespaces and namespaceSelector are specified, the link will appear in namespaces that match either", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "success": { + "namespaces": { SchemaProps: spec.SchemaProps{ - Description: "success describes the succesfully passed task.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "namespaces is an array of namespace names in which the dashboard link should appear.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "failed": { + "namespaceSelector": { SchemaProps: spec.SchemaProps{ - Description: "failed briefly describes the unsuccessfully passed task. (includes markdown)", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "namespaceSelector is used to select the Namespaces that should contain dashboard link by label. If the namespace labels match, dashboard link will be shown for the namespaces.", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, }, - Required: []string{"success", "failed"}, }, }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } -func schema_openshift_api_console_v1_ConsoleSample(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_etcd_v1alpha1_PacemakerCluster(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ConsoleSample is an extension to customizing OpenShift web console by adding samples.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Description: "PacemakerCluster represents the current state of the pacemaker cluster as reported by the pcs status command. PacemakerCluster is a cluster-scoped singleton resource. The name of this instance is \"cluster\". This resource provides a view into the health and status of a pacemaker-managed cluster in Two Node OpenShift with Fencing deployments.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -27452,240 +26754,405 @@ func schema_openshift_api_console_v1_ConsoleSample(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, - "spec": { + "status": { SchemaProps: spec.SchemaProps{ - Description: "spec contains configuration for a console sample.", + Description: "status contains the actual pacemaker cluster status information collected from the cluster. The goal of this status is to be able to quickly identify if pacemaker is in a healthy state. In Two Node OpenShift with Fencing, a healthy pacemaker cluster has 2 nodes, both of which have healthy kubelet, etcd, and fencing resources. This field is optional on creation - the status collector populates it immediately after creating the resource via the status subresource.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsoleSampleSpec"), + Ref: ref("github.com/openshift/api/etcd/v1alpha1.PacemakerClusterStatus"), }, }, }, - Required: []string{"metadata", "spec"}, + Required: []string{"metadata"}, }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleSampleSpec", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_console_v1_ConsoleSampleContainerImportSource(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_etcd_v1alpha1_PacemakerClusterFencingAgentStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ConsoleSampleContainerImportSource let the user import a container image.", + Description: "PacemakerClusterFencingAgentStatus represents the status of a fencing agent that can fence a node. Fencing agents are STONITH (Shoot The Other Node In The Head) devices used to isolate failed nodes. Unlike regular pacemaker resources, fencing agents are mapped to their target node (the node they can fence), not the node where their monitoring operations are scheduled.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "image": { + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "reference to a container image that provides a HTTP service. The service must be exposed on the default port (8080) unless otherwise configured with the port field.\n\nSupported formats:\n - /\n - docker.io//\n - quay.io//\n - quay.io//@sha256:\n - quay.io//:", - Default: "", + Description: "conditions represent the observations of the fencing agent's current state. Known condition types are: \"Healthy\", \"InService\", \"Managed\", \"Enabled\", \"Operational\", \"Active\", \"Started\", \"Schedulable\". The \"Healthy\" condition is an aggregate that tracks the overall health of the fencing agent. The \"InService\" condition tracks whether the fencing agent is in service (not in maintenance mode). The \"Managed\" condition tracks whether the fencing agent is managed by pacemaker. The \"Enabled\" condition tracks whether the fencing agent is enabled. The \"Operational\" condition tracks whether the fencing agent is operational (not failed). The \"Active\" condition tracks whether the fencing agent is active (available to be used). The \"Started\" condition tracks whether the fencing agent is started. The \"Schedulable\" condition tracks whether the fencing agent is schedulable (not blocked). Each of these conditions is required, so the array must contain at least 8 items.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + }, + }, + }, + }, + }, + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is the unique identifier for this fencing agent (e.g., \"master-0_redfish\"). The name must be unique within the fencingAgents array for this node. It may contain alphanumeric characters, dots, hyphens, and underscores. Maximum length is 300 characters, providing headroom beyond the typical format of _ (253 for RFC 1123 node name + 1 underscore + type).", Type: []string{"string"}, Format: "", }, }, - "service": { + "method": { SchemaProps: spec.SchemaProps{ - Description: "service contains configuration for the Service resource created for this sample.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsoleSampleContainerImportSourceService"), + Description: "method is the fencing method used by this agent. Valid values are \"Redfish\" and \"IPMI\". Redfish is a standard RESTful API for server management. IPMI (Intelligent Platform Management Interface) is a hardware management interface.\n\nPossible enum values:\n - `\"IPMI\"` uses IPMI (Intelligent Platform Management Interface), a hardware management interface.\n - `\"Redfish\"` uses Redfish, a standard RESTful API for server management.", + Type: []string{"string"}, + Format: "", + Enum: []interface{}{"IPMI", "Redfish"}, }, }, }, - Required: []string{"image"}, + Required: []string{"conditions", "name", "method"}, }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleSampleContainerImportSourceService"}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } -func schema_openshift_api_console_v1_ConsoleSampleContainerImportSourceService(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_etcd_v1alpha1_PacemakerClusterList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ConsoleSampleContainerImportSourceService let the samples author define defaults for the Service created for this sample.", + Description: "PacemakerClusterList contains a list of PacemakerCluster objects. PacemakerCluster is a cluster-scoped singleton resource; only one instance named \"cluster\" may exist. This list type exists only to satisfy Kubernetes API conventions.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "targetPort": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "targetPort is the port that the service listens on for HTTP requests. This port will be used for Service and Route created for this sample. Port must be in the range 1 to 65535. Default port is 8080.", - Type: []string{"integer"}, - Format: "int32", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", }, }, - }, - }, - }, - } -} - -func schema_openshift_api_console_v1_ConsoleSampleGitImportSource(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ConsoleSampleGitImportSource let the user import code from a public Git repository.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "repository": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "repository contains the reference to the actual Git repository.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsoleSampleGitImportSourceRepository"), + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", }, }, - "service": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "service contains configuration for the Service resource created for this sample.", + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsoleSampleGitImportSourceService"), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Description: "items is a list of PacemakerCluster objects.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/etcd/v1alpha1.PacemakerCluster"), + }, + }, + }, }, }, }, - Required: []string{"repository"}, + Required: []string{"items"}, }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleSampleGitImportSourceRepository", "github.com/openshift/api/console/v1.ConsoleSampleGitImportSourceService"}, + "github.com/openshift/api/etcd/v1alpha1.PacemakerCluster", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_console_v1_ConsoleSampleGitImportSourceRepository(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_etcd_v1alpha1_PacemakerClusterNodeStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ConsoleSampleGitImportSourceRepository let the user import code from a public git repository.", + Description: "PacemakerClusterNodeStatus represents the status of a single node in the pacemaker cluster including the node's conditions and the health of critical resources running on that node.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "url": { + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "url of the Git repository that contains a HTTP service. The HTTP service must be exposed on the default port (8080) unless otherwise configured with the port field.\n\nOnly public repositories on GitHub, GitLab and Bitbucket are currently supported:\n\n - https://github.com//\n - https://gitlab.com//\n - https://bitbucket.org//\n\nThe url must have a maximum length of 256 characters.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "conditions represent the observations of the node's current state. Known condition types are: \"Healthy\", \"Online\", \"InService\", \"Active\", \"Ready\", \"Clean\", \"Member\", \"FencingAvailable\", \"FencingHealthy\". The \"Healthy\" condition is an aggregate that tracks the overall health of the node. The \"Online\" condition tracks whether the node is online. The \"InService\" condition tracks whether the node is in service (not in maintenance mode). The \"Active\" condition tracks whether the node is active (not in standby mode). The \"Ready\" condition tracks whether the node is ready (not in a pending state). The \"Clean\" condition tracks whether the node is in a clean (status known) state. The \"Member\" condition tracks whether the node is a member of the cluster. The \"FencingAvailable\" condition tracks whether this node can be fenced by at least one healthy agent. The \"FencingHealthy\" condition tracks whether all fencing agents for this node are healthy. Each of these conditions is required, so the array must contain at least 9 items.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + }, + }, + }, }, }, - "revision": { + "nodeName": { SchemaProps: spec.SchemaProps{ - Description: "revision is the git revision at which to clone the git repository Can be used to clone a specific branch, tag or commit SHA. Must be at most 256 characters in length. When omitted the repository's default branch is used.", - Default: "", + Description: "nodeName is the name of the node. This is expected to match the Kubernetes node's name, which must be a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length.", Type: []string{"string"}, Format: "", }, }, - "contextDir": { + "addresses": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "contextDir is used to specify a directory within the repository to build the component. Must start with `/` and have a maximum length of 256 characters. When omitted, the default value is to build from the root of the repository.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "addresses is a list of IP addresses for the node. Pacemaker allows multiple IP addresses for Corosync communication between nodes. The first address in this list is used for IP-based peer URLs for etcd membership. Each address must be a valid global unicast IPv4 or IPv6 address in canonical form (e.g., \"192.168.1.1\" not \"192.168.001.001\", or \"2001:db8::1\" not \"2001:0db8::1\"). This excludes loopback, link-local, and multicast addresses.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/etcd/v1alpha1.PacemakerNodeAddress"), + }, + }, + }, + }, + }, + "resources": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "resources contains the status of pacemaker resources scheduled on this node. Each resource entry includes the resource name and its health conditions. For Two Node OpenShift with Fencing, we track Kubelet and Etcd resources per node. Both resources are required to be present, so the array must contain at least 2 items. Valid resource names are \"Kubelet\" and \"Etcd\". Fencing agents are tracked separately in the fencingAgents field.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/etcd/v1alpha1.PacemakerClusterResourceStatus"), + }, + }, + }, + }, + }, + "fencingAgents": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "fencingAgents contains the status of fencing agents that can fence this node. Unlike resources (which are scheduled to run on this node), fencing agents are mapped to the node they can fence (their target), not the node where monitoring operations run. Each fencing agent entry includes a unique name, fencing type, target node, and health conditions. A node is considered fence-capable if at least one fencing agent is healthy. Expected to have 1 fencing agent per node, but up to 8 are supported for redundancy. Names must be unique within this array.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/etcd/v1alpha1.PacemakerClusterFencingAgentStatus"), + }, + }, + }, }, }, }, - Required: []string{"url"}, + Required: []string{"conditions", "nodeName", "addresses", "resources", "fencingAgents"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterFencingAgentStatus", "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterResourceStatus", "github.com/openshift/api/etcd/v1alpha1.PacemakerNodeAddress", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } -func schema_openshift_api_console_v1_ConsoleSampleGitImportSourceService(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_etcd_v1alpha1_PacemakerClusterResourceStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ConsoleSampleGitImportSourceService let the samples author define defaults for the Service created for this sample.", + Description: "PacemakerClusterResourceStatus represents the status of a pacemaker resource scheduled on a node. A pacemaker resource is a unit of work managed by pacemaker. In pacemaker terminology, resources are services or applications that pacemaker monitors, starts, stops, and moves between nodes to maintain high availability. For Two Node OpenShift with Fencing, we track two resources per node:\n - Kubelet (the Kubernetes node agent and a prerequisite for etcd)\n - Etcd (the distributed key-value store)\n\nFencing agents are tracked separately in the fencingAgents field because they are mapped to their target node (the node they can fence), not the node where monitoring operations are scheduled.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "targetPort": { + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "targetPort is the port that the service listens on for HTTP requests. This port will be used for Service created for this sample. Port must be in the range 1 to 65535. Default port is 8080.", - Type: []string{"integer"}, - Format: "int32", + Description: "conditions represent the observations of the resource's current state. Known condition types are: \"Healthy\", \"InService\", \"Managed\", \"Enabled\", \"Operational\", \"Active\", \"Started\", \"Schedulable\". The \"Healthy\" condition is an aggregate that tracks the overall health of the resource. The \"InService\" condition tracks whether the resource is in service (not in maintenance mode). The \"Managed\" condition tracks whether the resource is managed by pacemaker. The \"Enabled\" condition tracks whether the resource is enabled. The \"Operational\" condition tracks whether the resource is operational (not failed). The \"Active\" condition tracks whether the resource is active (available to be used). The \"Started\" condition tracks whether the resource is started. The \"Schedulable\" condition tracks whether the resource is schedulable (not blocked). Each of these conditions is required, so the array must contain at least 8 items.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + }, + }, + }, + }, + }, + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is the name of the pacemaker resource. Valid values are \"Kubelet\" and \"Etcd\". The Kubelet resource is a prerequisite for etcd in Two Node OpenShift with Fencing deployments. The Etcd resource may temporarily transition to stopped during pacemaker quorum-recovery operations. Fencing agents are tracked separately in the node's fencingAgents field.\n\nPossible enum values:\n - `\"Etcd\"` is the etcd pacemaker resource. The etcd resource may temporarily transition to stopped during pacemaker quorum-recovery operations.\n - `\"Kubelet\"` is the kubelet pacemaker resource. The kubelet resource is a prerequisite for etcd in Two Node OpenShift with Fencing deployments.", + Type: []string{"string"}, + Format: "", + Enum: []interface{}{"Etcd", "Kubelet"}, }, }, }, + Required: []string{"conditions", "name"}, }, }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } -func schema_openshift_api_console_v1_ConsoleSampleList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_etcd_v1alpha1_PacemakerClusterStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Description: "PacemakerClusterStatus contains the actual pacemaker cluster status information. As part of validating the status object, we need to ensure that the lastUpdated timestamp may not be set to an earlier timestamp than the current value. The validation rule checks if oldSelf has lastUpdated before comparing, to handle the initial status creation case.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + }, }, - }, - "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", + Description: "conditions represent the observations of the pacemaker cluster's current state. Known condition types are: \"Healthy\", \"InService\", \"NodeCountAsExpected\". The \"Healthy\" condition is an aggregate that tracks the overall health of the cluster. The \"InService\" condition tracks whether the cluster is in service (not in maintenance mode). The \"NodeCountAsExpected\" condition tracks whether the expected number of nodes are present. Each of these conditions is required, so the array must contain at least 3 items.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + }, + }, + }, }, }, - "metadata": { + "lastUpdated": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Description: "lastUpdated is the timestamp when this status was last updated. This is useful for identifying stale status reports. It must be a valid timestamp in RFC3339 format. Once set, this field cannot be removed and cannot be set to an earlier timestamp than the current value.", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, - "items": { + "nodes": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "nodeName", + }, + "x-kubernetes-list-type": "map", + }, + }, SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, + Description: "nodes provides detailed status for each control-plane node in the Pacemaker cluster. While Pacemaker supports up to 32 nodes, the limit is set to 5 (max OpenShift control-plane nodes). For Two Node OpenShift with Fencing, exactly 2 nodes are expected in a healthy cluster. An empty list indicates a catastrophic failure where Pacemaker reports no nodes.", + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsoleSample"), + Ref: ref("github.com/openshift/api/etcd/v1alpha1.PacemakerClusterNodeStatus"), }, }, }, }, }, }, - Required: []string{"metadata", "items"}, + Required: []string{"conditions", "lastUpdated", "nodes"}, }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleSample", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterNodeStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } -func schema_openshift_api_console_v1_ConsoleSampleSource(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_etcd_v1alpha1_PacemakerNodeAddress(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ConsoleSampleSource is the actual sample definition and can hold different sample types. Unsupported sample types will be ignored in the web console.", + Description: "PacemakerNodeAddress contains information for a node's address. This is similar to corev1.NodeAddress but adds validation for IP addresses.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "type": { SchemaProps: spec.SchemaProps{ - Description: "type of the sample, currently supported: \"GitImport\";\"ContainerImport\"\n\nPossible enum values:\n - `\"ContainerImport\"` A sample that let the user import a container image.\n - `\"GitImport\"` A sample that let the user import code from a git repository.", + Description: "type is the type of node address. Currently only \"InternalIP\" is supported.\n\nPossible enum values:\n - `\"InternalIP\"` is an internal IP address assigned to the node. This is typically the IP address used for intra-cluster communication.", + Type: []string{"string"}, + Format: "", + Enum: []interface{}{"InternalIP"}, + }, + }, + "address": { + SchemaProps: spec.SchemaProps{ + Description: "address is the node address. For InternalIP, this must be a valid global unicast IPv4 or IPv6 address in canonical form. Canonical form means the shortest standard representation (e.g., \"192.168.1.1\" not \"192.168.001.001\", or \"2001:db8::1\" not \"2001:0db8::1\"). Maximum length is 39 characters (full IPv6 address). Global unicast includes private/RFC1918 addresses but excludes loopback, link-local, and multicast.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"type", "address"}, + }, + }, + } +} + +func schema_openshift_api_example_v1_CELUnion(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "CELUnion demonstrates how to use a discriminated union and how to validate it using CEL.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { + SchemaProps: spec.SchemaProps{ + Description: "type determines which of the union members should be populated.", Default: "", Type: []string{"string"}, Format: "", - Enum: []interface{}{"ContainerImport", "GitImport"}, }, }, - "gitImport": { + "requiredMember": { SchemaProps: spec.SchemaProps{ - Description: "gitImport allows the user to import code from a git repository.", - Ref: ref("github.com/openshift/api/console/v1.ConsoleSampleGitImportSource"), + Description: "requiredMember is a union member that is required.", + Type: []string{"string"}, + Format: "", }, }, - "containerImport": { + "optionalMember": { SchemaProps: spec.SchemaProps{ - Description: "containerImport allows the user import a container image.", - Ref: ref("github.com/openshift/api/console/v1.ConsoleSampleContainerImportSource"), + Description: "optionalMember is a union member that is optional.", + Type: []string{"string"}, + Format: "", }, }, }, @@ -27697,115 +27164,168 @@ func schema_openshift_api_console_v1_ConsoleSampleSource(ref common.ReferenceCal map[string]interface{}{ "discriminator": "type", "fields-to-discriminateBy": map[string]interface{}{ - "containerImport": "ContainerImport", - "gitImport": "GitImport", + "optionalMember": "OptionalMember", + "requiredMember": "RequiredMember", }, }, }, }, }, }, - Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleSampleContainerImportSource", "github.com/openshift/api/console/v1.ConsoleSampleGitImportSource"}, } } -func schema_openshift_api_console_v1_ConsoleSampleSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_example_v1_EvolvingUnion(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ConsoleSampleSpec is the desired sample for the web console. Samples will appear with their title, descriptions and a badge in a samples catalog.", - Type: []string{"object"}, + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "title": { + "type": { SchemaProps: spec.SchemaProps{ - Description: "title is the display name of the sample.\n\nIt is required and must be no more than 50 characters in length.", + Description: "type is the discriminator. It has different values for Default and for TechPreviewNoUpgrade", Default: "", Type: []string{"string"}, Format: "", }, }, - "abstract": { + }, + Required: []string{"type"}, + }, + }, + } +} + +func schema_openshift_api_example_v1_FormatMarkerExamples(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "FormatMarkerExamples demonstrates all Kubebuilder Format markers supported as of Kubernetes 1.33. This struct provides a comprehensive reference for format marker validation. Each field uses a different format marker to validate its value.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "ipv4Address": { SchemaProps: spec.SchemaProps{ - Description: "abstract is a short introduction to the sample.\n\nIt is required and must be no more than 100 characters in length.\n\nThe abstract is shown on the sample card tile below the title and provider and is limited to three lines of content.", - Default: "", + Description: "ipv4Address must be a valid IPv4 address in dotted-quad notation. Valid values range from 0.0.0.0 to 255.255.255.255 (e.g., 192.168.1.1).\n\nUse of Format=ipv4 is not recommended due to CVE-2021-29923 and CVE-2024-24790. Instead, use the CEL expression `isIP(self) && ip(self).family() == 4` to validate IPv4 addresses.", Type: []string{"string"}, Format: "", }, }, - "description": { + "ipv6Address": { SchemaProps: spec.SchemaProps{ - Description: "description is a long form explanation of the sample.\n\nIt is required and can have a maximum length of **4096** characters.\n\nIt is a README.md-like content for additional information, links, pre-conditions, and other instructions. It will be rendered as Markdown so that it can contain line breaks, links, and other simple formatting.", - Default: "", + Description: "ipv6Address must be a valid IPv6 address. Valid examples include full form (2001:0db8:0000:0000:0000:0000:0000:0001) or compressed form (2001:db8::1 or ::1).\n\nUse of Format=ipv6 is not recommended due to CVE-2021-29923 and CVE-2024-24790. Instead, use the CEL expression `isIP(self) && ip(self).family() == 6` to validate IPv6 addresses.", Type: []string{"string"}, Format: "", }, }, - "icon": { + "cidrNotation": { SchemaProps: spec.SchemaProps{ - Description: "icon is an optional base64 encoded image and shown beside the sample title.\n\nThe format must follow the data: URL format and can have a maximum size of **10 KB**.\n\n data:[][;base64],\n\nFor example:\n\n data:image;base64, plus the base64 encoded image.\n\nVector images can also be used. SVG icons must start with:\n\n data:image/svg+xml;base64, plus the base64 encoded SVG image.\n\nAll sample catalog icons will be shown on a white background (also when the dark theme is used). The web console ensures that different aspect ratios work correctly. Currently, the surface of the icon is at most 40x100px.\n\nFor more information on the data URL format, please visit https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URLs.", - Default: "", + Description: "cidrNotation must be a valid CIDR notation IP address range. Valid examples include IPv4 CIDR (10.0.0.0/8, 192.168.1.0/24) or IPv6 CIDR (fd00::/8, 2001:db8::/32).\n\nUse of Format=cidr is not recommended due to CVE-2021-29923 and CVE-2024-24790. Instead, use the CEL expression `isCIDR(self)` to validate CIDR notation. Additionally, use `isCIDR(self) && cidr(self).ip().family() == X` to validate IPvX specifically.", Type: []string{"string"}, Format: "", }, }, - "type": { + "uriField": { SchemaProps: spec.SchemaProps{ - Description: "type is an optional label to group multiple samples.\n\nIt is optional and must be no more than 20 characters in length.\n\nRecommendation is a singular term like \"Builder Image\", \"Devfile\" or \"Serverless Function\".\n\nCurrently, the type is shown a badge on the sample card tile in the top right corner.", - Default: "", + Description: "uriField must be a valid URI following RFC 3986 syntax. Valid examples include https://example.com/path?query=value or /absolute-path.", Type: []string{"string"}, Format: "", }, }, - "provider": { + "emailAddress": { SchemaProps: spec.SchemaProps{ - Description: "provider is an optional label to honor who provides the sample.\n\nIt is optional and must be no more than 50 characters in length.\n\nA provider can be a company like \"Red Hat\" or an organization like \"CNCF\" or \"Knative\".\n\nCurrently, the provider is only shown on the sample card tile below the title with the prefix \"Provided by \"", - Default: "", + Description: "emailAddress must be a valid email address. Valid examples include user@example.com or firstname.lastname@company.co.uk.", Type: []string{"string"}, Format: "", }, }, - "tags": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "set", - }, + "hostnameField": { + SchemaProps: spec.SchemaProps{ + Description: "hostnameField must be a valid Internet hostname per RFC 1034. Valid examples include example.com, api.example.com, or my-service.", + Type: []string{"string"}, + Format: "", }, + }, + "macAddress": { SchemaProps: spec.SchemaProps{ - Description: "tags are optional string values that can be used to find samples in the samples catalog.\n\nExamples of common tags may be \"Java\", \"Quarkus\", etc.\n\nThey will be displayed on the samples details page.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "macAddress must be a valid MAC address. Valid examples include 00:1A:2B:3C:4D:5E or 00-1A-2B-3C-4D-5E.", + Type: []string{"string"}, + Format: "", }, }, - "source": { + "uuidField": { SchemaProps: spec.SchemaProps{ - Description: "source defines where to deploy the sample service from. The sample may be sourced from an external git repository or container image.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsoleSampleSource"), + Description: "uuidField must be a valid UUID (any version) in 8-4-4-4-12 format. Valid examples include 550e8400-e29b-41d4-a716-446655440000 or 123e4567-e89b-12d3-a456-426614174000.", + Type: []string{"string"}, + Format: "", + }, + }, + "uuid3Field": { + SchemaProps: spec.SchemaProps{ + Description: "uuid3Field must be a valid UUID version 3 (MD5 hash-based). Version 3 UUIDs are generated using MD5 hashing of a namespace and name. Valid example: a3bb189e-8bf9-3888-9912-ace4e6543002.", + Type: []string{"string"}, + Format: "", + }, + }, + "uuid4Field": { + SchemaProps: spec.SchemaProps{ + Description: "uuid4Field must be a valid UUID version 4 (random). Version 4 UUIDs are randomly generated. Valid example: 550e8400-e29b-41d4-a716-446655440000.", + Type: []string{"string"}, + Format: "", + }, + }, + "uuid5Field": { + SchemaProps: spec.SchemaProps{ + Description: "uuid5Field must be a valid UUID version 5 (SHA-1 hash-based). Version 5 UUIDs are generated using SHA-1 hashing of a namespace and name. Valid example: 74738ff5-5367-5958-9aee-98fffdcd1876.", + Type: []string{"string"}, + Format: "", + }, + }, + "dateField": { + SchemaProps: spec.SchemaProps{ + Description: "dateField must be a valid date in RFC 3339 full-date format (YYYY-MM-DD). Valid examples include 2024-01-15 or 2023-12-31.", + Type: []string{"string"}, + Format: "", + }, + }, + "dateTimeField": { + SchemaProps: spec.SchemaProps{ + Description: "dateTimeField must be a valid RFC 3339 date-time. Valid examples include 2024-01-15T14:30:00Z, 2024-01-15T14:30:00+00:00, or 2024-01-15T14:30:00.123Z.", + Type: []string{"string"}, + Format: "", + }, + }, + "durationField": { + SchemaProps: spec.SchemaProps{ + Description: "durationField must be a valid duration string parseable by Go's time.ParseDuration. Valid time units are ns, us (or µs), ms, s, m, h. Valid examples include 30s, 5m, 1h30m, 100ms, or 1h.", + Type: []string{"string"}, + Format: "", + }, + }, + "base64Data": { + SchemaProps: spec.SchemaProps{ + Description: "base64Data must be valid base64-encoded data. Valid examples include aGVsbG8= (encodes \"hello\") or SGVsbG8gV29ybGQh (encodes \"Hello World!\").", + Type: []string{"string"}, + Format: "", + }, + }, + "passwordField": { + SchemaProps: spec.SchemaProps{ + Description: "passwordField is a marker for sensitive data. Note that the password format marker does not perform any actual validation - it accepts any string value. This marker is primarily used to signal that the field contains sensitive information.", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"title", "abstract", "description", "source"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleSampleSource"}, } } -func schema_openshift_api_console_v1_ConsoleYAMLSample(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_example_v1_StableConfigType(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ConsoleYAMLSample is an extension for customizing OpenShift web console YAML samples.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "StableConfigType is a stable config type that may include TechPreviewNoUpgrade fields.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -27826,29 +27346,36 @@ func schema_openshift_api_console_v1_ConsoleYAMLSample(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsoleYAMLSampleSpec"), + Description: "spec is the specification of the desired behavior of the StableConfigType.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/example/v1.StableConfigTypeSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "status is the most recently observed status of the StableConfigType.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/example/v1.StableConfigTypeStatus"), }, }, }, - Required: []string{"metadata", "spec"}, }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleYAMLSampleSpec", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/example/v1.StableConfigTypeSpec", "github.com/openshift/api/example/v1.StableConfigTypeStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_console_v1_ConsoleYAMLSampleList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_example_v1_StableConfigTypeList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "StableConfigTypeList contains a list of StableConfigTypes.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -27869,7 +27396,7 @@ func schema_openshift_api_console_v1_ConsoleYAMLSampleList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -27879,116 +27406,90 @@ func schema_openshift_api_console_v1_ConsoleYAMLSampleList(ref common.ReferenceC Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/console/v1.ConsoleYAMLSample"), + Ref: ref("github.com/openshift/api/example/v1.StableConfigType"), }, }, }, }, }, }, - Required: []string{"metadata", "items"}, + Required: []string{"items"}, }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleYAMLSample", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/example/v1.StableConfigType", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_console_v1_ConsoleYAMLSampleSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_example_v1_StableConfigTypeSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ConsoleYAMLSampleSpec is the desired YAML sample configuration. Samples will appear with their descriptions in a samples sidebar when creating a resources in the web console.", + Description: "StableConfigTypeSpec is the desired state", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "targetResource": { + "coolNewField": { SchemaProps: spec.SchemaProps{ - Description: "targetResource contains apiVersion and kind of the resource YAML sample is representating.", - Default: map[string]interface{}{}, - Ref: ref(metav1.TypeMeta{}.OpenAPIModelName()), + Description: "coolNewField is a field that is for tech preview only. On normal clusters this shouldn't be present", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "title": { + "stableField": { SchemaProps: spec.SchemaProps{ - Description: "title of the YAML sample.", + Description: "stableField is a field that is present on default clusters and on tech preview clusters\n\nIf empty, the platform will choose a good default, which may change over time without notice.", Default: "", Type: []string{"string"}, Format: "", }, }, - "description": { + "immutableField": { SchemaProps: spec.SchemaProps{ - Description: "description of the YAML sample.", + Description: "immutableField is a field that is immutable once the object has been created. It is required at all times.", Default: "", Type: []string{"string"}, Format: "", }, }, - "yaml": { + "optionalImmutableField": { SchemaProps: spec.SchemaProps{ - Description: "yaml is the YAML sample to display.", + Description: "optionalImmutableField is a field that is immutable once set. It is optional but may not be changed once set.", Default: "", Type: []string{"string"}, Format: "", }, }, - "snippet": { + "evolvingUnion": { SchemaProps: spec.SchemaProps{ - Description: "snippet indicates that the YAML sample is not the full YAML resource definition, but a fragment that can be inserted into the existing YAML document at the user's cursor.", - Default: false, - Type: []string{"boolean"}, - Format: "", + Description: "evolvingUnion demonstrates how to phase in new values into discriminated union", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/example/v1.EvolvingUnion"), }, }, - }, - Required: []string{"targetResource", "title", "description", "yaml"}, - }, - }, - Dependencies: []string{ - metav1.TypeMeta{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_console_v1_Link(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "Represents a standard link that could be generated in HTML", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "text": { + "celUnion": { SchemaProps: spec.SchemaProps{ - Description: "text is the display text for the link", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "celUnion demonstrates how to validate a discrminated union using CEL", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/example/v1.CELUnion"), }, }, - "href": { + "nonZeroDefault": { SchemaProps: spec.SchemaProps{ - Description: "href is the absolute URL for the link. Must use https:// for web URLs or mailto: for email links.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "nonZeroDefault is a demonstration of creating an integer field that has a non zero default. It required two default tags (one for CRD generation, one for client generation) and must have `omitempty` and be optional. A minimum value is added to demonstrate that a zero value would not be accepted.", + Default: 8, + Type: []string{"integer"}, + Format: "int32", }, }, - }, - Required: []string{"text", "href"}, - }, - }, - } -} - -func schema_openshift_api_console_v1_NamespaceDashboardSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "NamespaceDashboardSpec is a specification of namespaces in which the dashboard link should appear. If both namespaces and namespaceSelector are specified, the link will appear in namespaces that match either", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "namespaces": { + "evolvingCollection": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "namespaces is an array of namespace names in which the dashboard link should appear.", + Description: "evolvingCollection demonstrates how to have a collection where the maximum number of items varies on cluster type. For default clusters, this will be \"1\" but on TechPreview clusters, this value will be \"3\".", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -28001,122 +27502,153 @@ func schema_openshift_api_console_v1_NamespaceDashboardSpec(ref common.Reference }, }, }, - "namespaceSelector": { + "set": { SchemaProps: spec.SchemaProps{ - Description: "namespaceSelector is used to select the Namespaces that should contain dashboard link by label. If the namespace labels match, dashboard link will be shown for the namespaces.", - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Description: "set demonstrates how to define and validate set of strings", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "subdomainNameField": { + SchemaProps: spec.SchemaProps{ + Description: "subdomainNameField represents a kubenetes name field. The intention is that it validates the name in the same way metadata.Name is validated. That is, it is a DNS-1123 subdomain.", + Type: []string{"string"}, + Format: "", + }, + }, + "subnetsWithExclusions": { + SchemaProps: spec.SchemaProps{ + Description: "subnetsWithExclusions demonstrates how to validate a list of subnets with exclusions", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/example/v1.SubnetsWithExclusions"), + }, + }, + "formatMarkerExamples": { + SchemaProps: spec.SchemaProps{ + Description: "formatMarkerExamples demonstrates all Kubebuilder Format markers supported as of Kubernetes 1.33. This field serves as a comprehensive reference for format marker validation.", + Ref: ref("github.com/openshift/api/example/v1.FormatMarkerExamples"), }, }, }, + Required: []string{"immutableField"}, }, }, Dependencies: []string{ - metav1.LabelSelector{}.OpenAPIModelName()}, + "github.com/openshift/api/example/v1.CELUnion", "github.com/openshift/api/example/v1.EvolvingUnion", "github.com/openshift/api/example/v1.FormatMarkerExamples", "github.com/openshift/api/example/v1.SubnetsWithExclusions"}, } } -func schema_openshift_api_etcd_v1alpha1_PacemakerCluster(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_example_v1_StableConfigTypeStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PacemakerCluster represents the current state of the pacemaker cluster as reported by the pcs status command. PacemakerCluster is a cluster-scoped singleton resource. The name of this instance is \"cluster\". This resource provides a view into the health and status of a pacemaker-managed cluster in Two Node OpenShift with Fencing deployments.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "StableConfigTypeStatus defines the observed status of the StableConfigType.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + }, }, - }, - "metadata": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Description: "Represents the observations of a foo's current state. Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + }, + }, + }, }, }, - "status": { + "immutableField": { SchemaProps: spec.SchemaProps{ - Description: "status contains the actual pacemaker cluster status information collected from the cluster. The goal of this status is to be able to quickly identify if pacemaker is in a healthy state. In Two Node OpenShift with Fencing, a healthy pacemaker cluster has 2 nodes, both of which have healthy kubelet, etcd, and fencing resources. This field is optional on creation - the status collector populates it immediately after creating the resource via the status subresource.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/etcd/v1alpha1.PacemakerClusterStatus"), + Description: "immutableField is a field that is immutable once the object has been created. It is required at all times.", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"metadata"}, }, }, Dependencies: []string{ - "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } -func schema_openshift_api_etcd_v1alpha1_PacemakerClusterFencingAgentStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_example_v1_SubnetsWithExclusions(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PacemakerClusterFencingAgentStatus represents the status of a fencing agent that can fence a node. Fencing agents are STONITH (Shoot The Other Node In The Head) devices used to isolate failed nodes. Unlike regular pacemaker resources, fencing agents are mapped to their target node (the node they can fence), not the node where their monitoring operations are scheduled.", + Description: "SubnetsWithExclusions is used to validate a list of subnets with exclusions. It demonstrates how exclusions should be validated as subnetworks of the networks listed in the subnets field.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "conditions": { + "subnets": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", - }, - "x-kubernetes-list-type": "map", + "x-kubernetes-list-type": "atomic", }, }, SchemaProps: spec.SchemaProps{ - Description: "conditions represent the observations of the fencing agent's current state. Known condition types are: \"Healthy\", \"InService\", \"Managed\", \"Enabled\", \"Operational\", \"Active\", \"Started\", \"Schedulable\". The \"Healthy\" condition is an aggregate that tracks the overall health of the fencing agent. The \"InService\" condition tracks whether the fencing agent is in service (not in maintenance mode). The \"Managed\" condition tracks whether the fencing agent is managed by pacemaker. The \"Enabled\" condition tracks whether the fencing agent is enabled. The \"Operational\" condition tracks whether the fencing agent is operational (not failed). The \"Active\" condition tracks whether the fencing agent is active (available to be used). The \"Started\" condition tracks whether the fencing agent is started. The \"Schedulable\" condition tracks whether the fencing agent is schedulable (not blocked). Each of these conditions is required, so the array must contain at least 8 items.", + Description: "subnets is a list of subnets. It may contain up to 2 subnets. The list may be either 1 IPv4 subnet, 1 IPv6 subnet, or 1 of each.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, }, }, - "name": { - SchemaProps: spec.SchemaProps{ - Description: "name is the unique identifier for this fencing agent (e.g., \"master-0_redfish\"). The name must be unique within the fencingAgents array for this node. It may contain alphanumeric characters, dots, hyphens, and underscores. Maximum length is 300 characters, providing headroom beyond the typical format of _ (253 for RFC 1123 node name + 1 underscore + type).", - Type: []string{"string"}, - Format: "", + "excludeSubnets": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, }, - }, - "method": { SchemaProps: spec.SchemaProps{ - Description: "method is the fencing method used by this agent. Valid values are \"Redfish\" and \"IPMI\". Redfish is a standard RESTful API for server management. IPMI (Intelligent Platform Management Interface) is a hardware management interface.\n\nPossible enum values:\n - `\"IPMI\"` uses IPMI (Intelligent Platform Management Interface), a hardware management interface.\n - `\"Redfish\"` uses Redfish, a standard RESTful API for server management.", - Type: []string{"string"}, - Format: "", - Enum: []interface{}{"IPMI", "Redfish"}, + Description: "excludeSubnets is a list of CIDR exclusions. The subnets in this list must be subnetworks of the subnets in the subnets list.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, }, - Required: []string{"conditions", "name", "method"}, + Required: []string{"subnets"}, }, }, - Dependencies: []string{ - metav1.Condition{}.OpenAPIModelName()}, } } -func schema_openshift_api_etcd_v1alpha1_PacemakerClusterList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_example_v1alpha1_NotStableConfigType(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PacemakerClusterList contains a list of PacemakerCluster objects. PacemakerCluster is a cluster-scoped singleton resource; only one instance named \"cluster\" may exist. This list type exists only to satisfy Kubernetes API conventions.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "NotStableConfigType is a stable config type that is TechPreviewNoUpgrade only.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -28135,193 +27667,110 @@ func schema_openshift_api_etcd_v1alpha1_PacemakerClusterList(ref common.Referenc }, "metadata": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, - "items": { + "spec": { SchemaProps: spec.SchemaProps{ - Description: "items is a list of PacemakerCluster objects.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/etcd/v1alpha1.PacemakerCluster"), - }, - }, - }, + Description: "spec is the specification of the desired behavior of the NotStableConfigType.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/example/v1alpha1.NotStableConfigTypeSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "status is the most recently observed status of the NotStableConfigType.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/example/v1alpha1.NotStableConfigTypeStatus"), }, }, }, - Required: []string{"items"}, }, }, Dependencies: []string{ - "github.com/openshift/api/etcd/v1alpha1.PacemakerCluster", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/example/v1alpha1.NotStableConfigTypeSpec", "github.com/openshift/api/example/v1alpha1.NotStableConfigTypeStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_etcd_v1alpha1_PacemakerClusterNodeStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_example_v1alpha1_NotStableConfigTypeList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PacemakerClusterNodeStatus represents the status of a single node in the pacemaker cluster including the node's conditions and the health of critical resources running on that node.", + Description: "NotStableConfigTypeList contains a list of NotStableConfigTypes.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", - }, - "x-kubernetes-list-type": "map", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "conditions represent the observations of the node's current state. Known condition types are: \"Healthy\", \"Online\", \"InService\", \"Active\", \"Ready\", \"Clean\", \"Member\", \"FencingAvailable\", \"FencingHealthy\". The \"Healthy\" condition is an aggregate that tracks the overall health of the node. The \"Online\" condition tracks whether the node is online. The \"InService\" condition tracks whether the node is in service (not in maintenance mode). The \"Active\" condition tracks whether the node is active (not in standby mode). The \"Ready\" condition tracks whether the node is ready (not in a pending state). The \"Clean\" condition tracks whether the node is in a clean (status known) state. The \"Member\" condition tracks whether the node is a member of the cluster. The \"FencingAvailable\" condition tracks whether this node can be fenced by at least one healthy agent. The \"FencingHealthy\" condition tracks whether all fencing agents for this node are healthy. Each of these conditions is required, so the array must contain at least 9 items.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), - }, - }, - }, - }, - }, - "nodeName": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "nodeName is the name of the node. This is expected to match the Kubernetes node's name, which must be a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length.", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "addresses": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "addresses is a list of IP addresses for the node. Pacemaker allows multiple IP addresses for Corosync communication between nodes. The first address in this list is used for IP-based peer URLs for etcd membership. Each address must be a valid global unicast IPv4 or IPv6 address in canonical form (e.g., \"192.168.1.1\" not \"192.168.001.001\", or \"2001:db8::1\" not \"2001:0db8::1\"). This excludes loopback, link-local, and multicast addresses.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/etcd/v1alpha1.PacemakerNodeAddress"), - }, - }, - }, + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", }, }, - "resources": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, - }, + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "resources contains the status of pacemaker resources scheduled on this node. Each resource entry includes the resource name and its health conditions. For Two Node OpenShift with Fencing, we track Kubelet and Etcd resources per node. Both resources are required to be present, so the array must contain at least 2 items. Valid resource names are \"Kubelet\" and \"Etcd\". Fencing agents are tracked separately in the fencingAgents field.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/etcd/v1alpha1.PacemakerClusterResourceStatus"), - }, - }, - }, + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, - "fencingAgents": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, - }, + "items": { SchemaProps: spec.SchemaProps{ - Description: "fencingAgents contains the status of fencing agents that can fence this node. Unlike resources (which are scheduled to run on this node), fencing agents are mapped to the node they can fence (their target), not the node where monitoring operations run. Each fencing agent entry includes a unique name, fencing type, target node, and health conditions. A node is considered fence-capable if at least one fencing agent is healthy. Expected to have 1 fencing agent per node, but up to 8 are supported for redundancy. Names must be unique within this array.", - Type: []string{"array"}, + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/etcd/v1alpha1.PacemakerClusterFencingAgentStatus"), + Ref: ref("github.com/openshift/api/example/v1alpha1.NotStableConfigType"), }, }, }, }, }, }, - Required: []string{"conditions", "nodeName", "addresses", "resources", "fencingAgents"}, + Required: []string{"items"}, }, }, Dependencies: []string{ - "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterFencingAgentStatus", "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterResourceStatus", "github.com/openshift/api/etcd/v1alpha1.PacemakerNodeAddress", metav1.Condition{}.OpenAPIModelName()}, + "github.com/openshift/api/example/v1alpha1.NotStableConfigType", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_etcd_v1alpha1_PacemakerClusterResourceStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_example_v1alpha1_NotStableConfigTypeSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PacemakerClusterResourceStatus represents the status of a pacemaker resource scheduled on a node. A pacemaker resource is a unit of work managed by pacemaker. In pacemaker terminology, resources are services or applications that pacemaker monitors, starts, stops, and moves between nodes to maintain high availability. For Two Node OpenShift with Fencing, we track two resources per node:\n - Kubelet (the Kubernetes node agent and a prerequisite for etcd)\n - Etcd (the distributed key-value store)\n\nFencing agents are tracked separately in the fencingAgents field because they are mapped to their target node (the node they can fence), not the node where monitoring operations are scheduled.", + Description: "NotStableConfigTypeSpec is the desired state", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", - }, - "x-kubernetes-list-type": "map", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "conditions represent the observations of the resource's current state. Known condition types are: \"Healthy\", \"InService\", \"Managed\", \"Enabled\", \"Operational\", \"Active\", \"Started\", \"Schedulable\". The \"Healthy\" condition is an aggregate that tracks the overall health of the resource. The \"InService\" condition tracks whether the resource is in service (not in maintenance mode). The \"Managed\" condition tracks whether the resource is managed by pacemaker. The \"Enabled\" condition tracks whether the resource is enabled. The \"Operational\" condition tracks whether the resource is operational (not failed). The \"Active\" condition tracks whether the resource is active (available to be used). The \"Started\" condition tracks whether the resource is started. The \"Schedulable\" condition tracks whether the resource is schedulable (not blocked). Each of these conditions is required, so the array must contain at least 8 items.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), - }, - }, - }, - }, - }, - "name": { + "newField": { SchemaProps: spec.SchemaProps{ - Description: "name is the name of the pacemaker resource. Valid values are \"Kubelet\" and \"Etcd\". The Kubelet resource is a prerequisite for etcd in Two Node OpenShift with Fencing deployments. The Etcd resource may temporarily transition to stopped during pacemaker quorum-recovery operations. Fencing agents are tracked separately in the node's fencingAgents field.\n\nPossible enum values:\n - `\"Etcd\"` is the etcd pacemaker resource. The etcd resource may temporarily transition to stopped during pacemaker quorum-recovery operations.\n - `\"Kubelet\"` is the kubelet pacemaker resource. The kubelet resource is a prerequisite for etcd in Two Node OpenShift with Fencing deployments.", + Description: "newField is a field that is tech preview, but because the entire type is gated, there is no marker on the field.", + Default: "", Type: []string{"string"}, Format: "", - Enum: []interface{}{"Etcd", "Kubelet"}, }, }, }, - Required: []string{"conditions", "name"}, + Required: []string{"newField"}, }, }, - Dependencies: []string{ - metav1.Condition{}.OpenAPIModelName()}, } } -func schema_openshift_api_etcd_v1alpha1_PacemakerClusterStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_example_v1alpha1_NotStableConfigTypeStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PacemakerClusterStatus contains the actual pacemaker cluster status information. As part of validating the status object, we need to ensure that the lastUpdated timestamp may not be set to an earlier timestamp than the current value. The validation rule checks if oldSelf has lastUpdated before comparing, to handle the initial status creation case.", + Description: "NotStableConfigTypeStatus defines the observed status of the NotStableConfigType.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "conditions": { @@ -28334,284 +27783,112 @@ func schema_openshift_api_etcd_v1alpha1_PacemakerClusterStatus(ref common.Refere }, }, SchemaProps: spec.SchemaProps{ - Description: "conditions represent the observations of the pacemaker cluster's current state. Known condition types are: \"Healthy\", \"InService\", \"NodeCountAsExpected\". The \"Healthy\" condition is an aggregate that tracks the overall health of the cluster. The \"InService\" condition tracks whether the cluster is in service (not in maintenance mode). The \"NodeCountAsExpected\" condition tracks whether the expected number of nodes are present. Each of these conditions is required, so the array must contain at least 3 items.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), - }, - }, - }, - }, - }, - "lastUpdated": { - SchemaProps: spec.SchemaProps{ - Description: "lastUpdated is the timestamp when this status was last updated. This is useful for identifying stale status reports. It must be a valid timestamp in RFC3339 format. Once set, this field cannot be removed and cannot be set to an earlier timestamp than the current value.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), - }, - }, - "nodes": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "nodeName", - }, - "x-kubernetes-list-type": "map", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "nodes provides detailed status for each control-plane node in the Pacemaker cluster. While Pacemaker supports up to 32 nodes, the limit is set to 5 (max OpenShift control-plane nodes). For Two Node OpenShift with Fencing, exactly 2 nodes are expected in a healthy cluster. An empty list indicates a catastrophic failure where Pacemaker reports no nodes.", + Description: "Represents the observations of a foo's current state. Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/etcd/v1alpha1.PacemakerClusterNodeStatus"), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, }, }, }, - Required: []string{"conditions", "lastUpdated", "nodes"}, }, }, Dependencies: []string{ - "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterNodeStatus", metav1.Condition{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_etcd_v1alpha1_PacemakerNodeAddress(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "PacemakerNodeAddress contains information for a node's address. This is similar to corev1.NodeAddress but adds validation for IP addresses.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "type": { - SchemaProps: spec.SchemaProps{ - Description: "type is the type of node address. Currently only \"InternalIP\" is supported.\n\nPossible enum values:\n - `\"InternalIP\"` is an internal IP address assigned to the node. This is typically the IP address used for intra-cluster communication.", - Type: []string{"string"}, - Format: "", - Enum: []interface{}{"InternalIP"}, - }, - }, - "address": { - SchemaProps: spec.SchemaProps{ - Description: "address is the node address. For InternalIP, this must be a valid global unicast IPv4 or IPv6 address in canonical form. Canonical form means the shortest standard representation (e.g., \"192.168.1.1\" not \"192.168.001.001\", or \"2001:db8::1\" not \"2001:0db8::1\"). Maximum length is 39 characters (full IPv6 address). Global unicast includes private/RFC1918 addresses but excludes loopback, link-local, and multicast.", - Type: []string{"string"}, - Format: "", - }, - }, - }, - Required: []string{"type", "address"}, - }, - }, + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } -func schema_openshift_api_example_v1_CELUnion(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_helm_v1beta1_ConnectionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "CELUnion demonstrates how to use a discriminated union and how to validate it using CEL.", - Type: []string{"object"}, + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "type": { + "url": { SchemaProps: spec.SchemaProps{ - Description: "type determines which of the union members should be populated.", + Description: "Chart repository URL", Default: "", Type: []string{"string"}, Format: "", }, }, - "requiredMember": { + "ca": { SchemaProps: spec.SchemaProps{ - Description: "requiredMember is a union member that is required.", - Type: []string{"string"}, - Format: "", + Description: "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca-bundle.crt\" is used to locate the data. If empty, the default system roots are used. The namespace for this config map is openshift-config.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1.ConfigMapNameReference"), }, }, - "optionalMember": { + "tlsClientConfig": { SchemaProps: spec.SchemaProps{ - Description: "optionalMember is a union member that is optional.", - Type: []string{"string"}, - Format: "", - }, - }, - }, - Required: []string{"type"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "type", - "fields-to-discriminateBy": map[string]interface{}{ - "optionalMember": "OptionalMember", - "requiredMember": "RequiredMember", - }, + Description: "tlsClientConfig is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate and private key to present when connecting to the server. The key \"tls.crt\" is used to locate the client certificate. The key \"tls.key\" is used to locate the private key. The namespace for this secret is openshift-config.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1.SecretNameReference"), }, }, }, + Required: []string{"url"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/config/v1.ConfigMapNameReference", "github.com/openshift/api/config/v1.SecretNameReference"}, } } -func schema_openshift_api_example_v1_EvolvingUnion(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_helm_v1beta1_ConnectionConfigNamespaceScoped(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ Type: []string{"object"}, Properties: map[string]spec.Schema{ - "type": { + "url": { SchemaProps: spec.SchemaProps{ - Description: "type is the discriminator. It has different values for Default and for TechPreviewNoUpgrade", + Description: "Chart repository URL", Default: "", Type: []string{"string"}, Format: "", }, }, - }, - Required: []string{"type"}, - }, - }, - } -} - -func schema_openshift_api_example_v1_FormatMarkerExamples(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "FormatMarkerExamples demonstrates all Kubebuilder Format markers supported as of Kubernetes 1.33. This struct provides a comprehensive reference for format marker validation. Each field uses a different format marker to validate its value.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "ipv4Address": { - SchemaProps: spec.SchemaProps{ - Description: "ipv4Address must be a valid IPv4 address in dotted-quad notation. Valid values range from 0.0.0.0 to 255.255.255.255 (e.g., 192.168.1.1).\n\nUse of Format=ipv4 is not recommended due to CVE-2021-29923 and CVE-2024-24790. Instead, use the CEL expression `isIP(self) && ip(self).family() == 4` to validate IPv4 addresses.", - Type: []string{"string"}, - Format: "", - }, - }, - "ipv6Address": { - SchemaProps: spec.SchemaProps{ - Description: "ipv6Address must be a valid IPv6 address. Valid examples include full form (2001:0db8:0000:0000:0000:0000:0000:0001) or compressed form (2001:db8::1 or ::1).\n\nUse of Format=ipv6 is not recommended due to CVE-2021-29923 and CVE-2024-24790. Instead, use the CEL expression `isIP(self) && ip(self).family() == 6` to validate IPv6 addresses.", - Type: []string{"string"}, - Format: "", - }, - }, - "cidrNotation": { - SchemaProps: spec.SchemaProps{ - Description: "cidrNotation must be a valid CIDR notation IP address range. Valid examples include IPv4 CIDR (10.0.0.0/8, 192.168.1.0/24) or IPv6 CIDR (fd00::/8, 2001:db8::/32).\n\nUse of Format=cidr is not recommended due to CVE-2021-29923 and CVE-2024-24790. Instead, use the CEL expression `isCIDR(self)` to validate CIDR notation. Additionally, use `isCIDR(self) && cidr(self).ip().family() == X` to validate IPvX specifically.", - Type: []string{"string"}, - Format: "", - }, - }, - "uriField": { - SchemaProps: spec.SchemaProps{ - Description: "uriField must be a valid URI following RFC 3986 syntax. Valid examples include https://example.com/path?query=value or /absolute-path.", - Type: []string{"string"}, - Format: "", - }, - }, - "emailAddress": { - SchemaProps: spec.SchemaProps{ - Description: "emailAddress must be a valid email address. Valid examples include user@example.com or firstname.lastname@company.co.uk.", - Type: []string{"string"}, - Format: "", - }, - }, - "hostnameField": { - SchemaProps: spec.SchemaProps{ - Description: "hostnameField must be a valid Internet hostname per RFC 1034. Valid examples include example.com, api.example.com, or my-service.", - Type: []string{"string"}, - Format: "", - }, - }, - "macAddress": { - SchemaProps: spec.SchemaProps{ - Description: "macAddress must be a valid MAC address. Valid examples include 00:1A:2B:3C:4D:5E or 00-1A-2B-3C-4D-5E.", - Type: []string{"string"}, - Format: "", - }, - }, - "uuidField": { - SchemaProps: spec.SchemaProps{ - Description: "uuidField must be a valid UUID (any version) in 8-4-4-4-12 format. Valid examples include 550e8400-e29b-41d4-a716-446655440000 or 123e4567-e89b-12d3-a456-426614174000.", - Type: []string{"string"}, - Format: "", - }, - }, - "uuid3Field": { - SchemaProps: spec.SchemaProps{ - Description: "uuid3Field must be a valid UUID version 3 (MD5 hash-based). Version 3 UUIDs are generated using MD5 hashing of a namespace and name. Valid example: a3bb189e-8bf9-3888-9912-ace4e6543002.", - Type: []string{"string"}, - Format: "", - }, - }, - "uuid4Field": { - SchemaProps: spec.SchemaProps{ - Description: "uuid4Field must be a valid UUID version 4 (random). Version 4 UUIDs are randomly generated. Valid example: 550e8400-e29b-41d4-a716-446655440000.", - Type: []string{"string"}, - Format: "", - }, - }, - "uuid5Field": { - SchemaProps: spec.SchemaProps{ - Description: "uuid5Field must be a valid UUID version 5 (SHA-1 hash-based). Version 5 UUIDs are generated using SHA-1 hashing of a namespace and name. Valid example: 74738ff5-5367-5958-9aee-98fffdcd1876.", - Type: []string{"string"}, - Format: "", - }, - }, - "dateField": { - SchemaProps: spec.SchemaProps{ - Description: "dateField must be a valid date in RFC 3339 full-date format (YYYY-MM-DD). Valid examples include 2024-01-15 or 2023-12-31.", - Type: []string{"string"}, - Format: "", - }, - }, - "dateTimeField": { - SchemaProps: spec.SchemaProps{ - Description: "dateTimeField must be a valid RFC 3339 date-time. Valid examples include 2024-01-15T14:30:00Z, 2024-01-15T14:30:00+00:00, or 2024-01-15T14:30:00.123Z.", - Type: []string{"string"}, - Format: "", - }, - }, - "durationField": { + "ca": { SchemaProps: spec.SchemaProps{ - Description: "durationField must be a valid duration string parseable by Go's time.ParseDuration. Valid time units are ns, us (or µs), ms, s, m, h. Valid examples include 30s, 5m, 1h30m, 100ms, or 1h.", - Type: []string{"string"}, - Format: "", + Description: "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca-bundle.crt\" is used to locate the data. If empty, the default system roots are used. The namespace for this configmap must be same as the namespace where the project helm chart repository is getting instantiated.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1.ConfigMapNameReference"), }, }, - "base64Data": { + "tlsClientConfig": { SchemaProps: spec.SchemaProps{ - Description: "base64Data must be valid base64-encoded data. Valid examples include aGVsbG8= (encodes \"hello\") or SGVsbG8gV29ybGQh (encodes \"Hello World!\").", - Type: []string{"string"}, - Format: "", + Description: "tlsClientConfig is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate and private key to present when connecting to the server. The key \"tls.crt\" is used to locate the client certificate. The key \"tls.key\" is used to locate the private key. The namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1.SecretNameReference"), }, }, - "passwordField": { + "basicAuthConfig": { SchemaProps: spec.SchemaProps{ - Description: "passwordField is a marker for sensitive data. Note that the password format marker does not perform any actual validation - it accepts any string value. This marker is primarily used to signal that the field contains sensitive information.", - Type: []string{"string"}, - Format: "", + Description: "basicAuthConfig is an optional reference to a secret by name that contains the basic authentication credentials to present when connecting to the server. The key \"username\" is used locate the username. The key \"password\" is used to locate the password. The namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1.SecretNameReference"), }, }, }, + Required: []string{"url"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/config/v1.ConfigMapNameReference", "github.com/openshift/api/config/v1.SecretNameReference"}, } } -func schema_openshift_api_example_v1_StableConfigType(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_helm_v1beta1_HelmChartRepository(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "StableConfigType is a stable config type that may include TechPreviewNoUpgrade fields.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Description: "HelmChartRepository holds cluster-wide configuration for proxied Helm chart repository\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -28632,36 +27909,37 @@ func schema_openshift_api_example_v1_StableConfigType(ref common.ReferenceCallba SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ - Description: "spec is the specification of the desired behavior of the StableConfigType.", + Description: "spec holds user settable values for configuration", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/example/v1.StableConfigTypeSpec"), + Ref: ref("github.com/openshift/api/helm/v1beta1.HelmChartRepositorySpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ - Description: "status is the most recently observed status of the StableConfigType.", + Description: "Observed status of the repository within the cluster..", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/example/v1.StableConfigTypeStatus"), + Ref: ref("github.com/openshift/api/helm/v1beta1.HelmChartRepositoryStatus"), }, }, }, + Required: []string{"spec"}, }, }, Dependencies: []string{ - "github.com/openshift/api/example/v1.StableConfigTypeSpec", "github.com/openshift/api/example/v1.StableConfigTypeStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/helm/v1beta1.HelmChartRepositorySpec", "github.com/openshift/api/helm/v1beta1.HelmChartRepositoryStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_example_v1_StableConfigTypeList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_helm_v1beta1_HelmChartRepositoryList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "StableConfigTypeList contains a list of StableConfigTypes.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Description: "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -28682,7 +27960,7 @@ func schema_openshift_api_example_v1_StableConfigTypeList(ref common.ReferenceCa SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -28692,152 +27970,70 @@ func schema_openshift_api_example_v1_StableConfigTypeList(ref common.ReferenceCa Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/example/v1.StableConfigType"), + Ref: ref("github.com/openshift/api/helm/v1beta1.HelmChartRepository"), }, }, }, }, }, }, - Required: []string{"items"}, + Required: []string{"metadata", "items"}, }, }, Dependencies: []string{ - "github.com/openshift/api/example/v1.StableConfigType", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/helm/v1beta1.HelmChartRepository", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_example_v1_StableConfigTypeSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_helm_v1beta1_HelmChartRepositorySpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "StableConfigTypeSpec is the desired state", + Description: "Helm chart repository exposed within the cluster", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "coolNewField": { + "disabled": { SchemaProps: spec.SchemaProps{ - Description: "coolNewField is a field that is for tech preview only. On normal clusters this shouldn't be present", - Default: "", - Type: []string{"string"}, + Description: "If set to true, disable the repo usage in the cluster/namespace", + Type: []string{"boolean"}, Format: "", }, }, - "stableField": { - SchemaProps: spec.SchemaProps{ - Description: "stableField is a field that is present on default clusters and on tech preview clusters\n\nIf empty, the platform will choose a good default, which may change over time without notice.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "immutableField": { - SchemaProps: spec.SchemaProps{ - Description: "immutableField is a field that is immutable once the object has been created. It is required at all times.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "optionalImmutableField": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "optionalImmutableField is a field that is immutable once set. It is optional but may not be changed once set.", - Default: "", + Description: "Optional associated human readable repository name, it can be used by UI for displaying purposes", Type: []string{"string"}, Format: "", }, }, - "evolvingUnion": { - SchemaProps: spec.SchemaProps{ - Description: "evolvingUnion demonstrates how to phase in new values into discriminated union", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/example/v1.EvolvingUnion"), - }, - }, - "celUnion": { - SchemaProps: spec.SchemaProps{ - Description: "celUnion demonstrates how to validate a discrminated union using CEL", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/example/v1.CELUnion"), - }, - }, - "nonZeroDefault": { - SchemaProps: spec.SchemaProps{ - Description: "nonZeroDefault is a demonstration of creating an integer field that has a non zero default. It required two default tags (one for CRD generation, one for client generation) and must have `omitempty` and be optional. A minimum value is added to demonstrate that a zero value would not be accepted.", - Default: 8, - Type: []string{"integer"}, - Format: "int32", - }, - }, - "evolvingCollection": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "evolvingCollection demonstrates how to have a collection where the maximum number of items varies on cluster type. For default clusters, this will be \"1\" but on TechPreview clusters, this value will be \"3\".", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "set": { - SchemaProps: spec.SchemaProps{ - Description: "set demonstrates how to define and validate set of strings", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "subdomainNameField": { + "description": { SchemaProps: spec.SchemaProps{ - Description: "subdomainNameField represents a kubenetes name field. The intention is that it validates the name in the same way metadata.Name is validated. That is, it is a DNS-1123 subdomain.", + Description: "Optional human readable repository description, it can be used by UI for displaying purposes", Type: []string{"string"}, Format: "", }, }, - "subnetsWithExclusions": { + "connectionConfig": { SchemaProps: spec.SchemaProps{ - Description: "subnetsWithExclusions demonstrates how to validate a list of subnets with exclusions", + Description: "Required configuration for connecting to the chart repo", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/example/v1.SubnetsWithExclusions"), - }, - }, - "formatMarkerExamples": { - SchemaProps: spec.SchemaProps{ - Description: "formatMarkerExamples demonstrates all Kubebuilder Format markers supported as of Kubernetes 1.33. This field serves as a comprehensive reference for format marker validation.", - Ref: ref("github.com/openshift/api/example/v1.FormatMarkerExamples"), + Ref: ref("github.com/openshift/api/helm/v1beta1.ConnectionConfig"), }, }, }, - Required: []string{"immutableField"}, + Required: []string{"connectionConfig"}, }, }, Dependencies: []string{ - "github.com/openshift/api/example/v1.CELUnion", "github.com/openshift/api/example/v1.EvolvingUnion", "github.com/openshift/api/example/v1.FormatMarkerExamples", "github.com/openshift/api/example/v1.SubnetsWithExclusions"}, + "github.com/openshift/api/helm/v1beta1.ConnectionConfig"}, } } -func schema_openshift_api_example_v1_StableConfigTypeStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_helm_v1beta1_HelmChartRepositoryStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "StableConfigTypeStatus defines the observed status of the StableConfigType.", - Type: []string{"object"}, + Type: []string{"object"}, Properties: map[string]spec.Schema{ "conditions": { VendorExtensible: spec.VendorExtensible{ @@ -28849,92 +28045,31 @@ func schema_openshift_api_example_v1_StableConfigTypeStatus(ref common.Reference }, }, SchemaProps: spec.SchemaProps{ - Description: "Represents the observations of a foo's current state. Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"", + Description: "conditions is a list of conditions and their statuses", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, }, }, - "immutableField": { - SchemaProps: spec.SchemaProps{ - Description: "immutableField is a field that is immutable once the object has been created. It is required at all times.", - Type: []string{"string"}, - Format: "", - }, - }, }, }, }, Dependencies: []string{ - metav1.Condition{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_example_v1_SubnetsWithExclusions(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "SubnetsWithExclusions is used to validate a list of subnets with exclusions. It demonstrates how exclusions should be validated as subnetworks of the networks listed in the subnets field.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "subnets": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "subnets is a list of subnets. It may contain up to 2 subnets. The list may be either 1 IPv4 subnet, 1 IPv6 subnet, or 1 of each.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "excludeSubnets": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "excludeSubnets is a list of CIDR exclusions. The subnets in this list must be subnetworks of the subnets in the subnets list.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - }, - Required: []string{"subnets"}, - }, - }, + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } -func schema_openshift_api_example_v1alpha1_NotStableConfigType(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_helm_v1beta1_ProjectHelmChartRepository(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "NotStableConfigType is a stable config type that is TechPreviewNoUpgrade only.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "ProjectHelmChartRepository holds namespace-wide configuration for proxied Helm chart repository\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -28955,36 +28090,37 @@ func schema_openshift_api_example_v1alpha1_NotStableConfigType(ref common.Refere SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ - Description: "spec is the specification of the desired behavior of the NotStableConfigType.", + Description: "spec holds user settable values for configuration", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/example/v1alpha1.NotStableConfigTypeSpec"), + Ref: ref("github.com/openshift/api/helm/v1beta1.ProjectHelmChartRepositorySpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ - Description: "status is the most recently observed status of the NotStableConfigType.", + Description: "Observed status of the repository within the namespace..", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/example/v1alpha1.NotStableConfigTypeStatus"), + Ref: ref("github.com/openshift/api/helm/v1beta1.HelmChartRepositoryStatus"), }, }, }, + Required: []string{"spec"}, }, }, Dependencies: []string{ - "github.com/openshift/api/example/v1alpha1.NotStableConfigTypeSpec", "github.com/openshift/api/example/v1alpha1.NotStableConfigTypeStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/helm/v1beta1.HelmChartRepositoryStatus", "github.com/openshift/api/helm/v1beta1.ProjectHelmChartRepositorySpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_example_v1alpha1_NotStableConfigTypeList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_helm_v1beta1_ProjectHelmChartRepositoryList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "NotStableConfigTypeList contains a list of NotStableConfigTypes.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -29005,7 +28141,7 @@ func schema_openshift_api_example_v1alpha1_NotStableConfigTypeList(ref common.Re SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -29015,166 +28151,124 @@ func schema_openshift_api_example_v1alpha1_NotStableConfigTypeList(ref common.Re Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/example/v1alpha1.NotStableConfigType"), + Ref: ref("github.com/openshift/api/helm/v1beta1.ProjectHelmChartRepository"), }, }, }, }, }, }, - Required: []string{"items"}, + Required: []string{"metadata", "items"}, }, }, Dependencies: []string{ - "github.com/openshift/api/example/v1alpha1.NotStableConfigType", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/helm/v1beta1.ProjectHelmChartRepository", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_example_v1alpha1_NotStableConfigTypeSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_helm_v1beta1_ProjectHelmChartRepositorySpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "NotStableConfigTypeSpec is the desired state", + Description: "Project Helm chart repository exposed within a namespace", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "newField": { + "disabled": { SchemaProps: spec.SchemaProps{ - Description: "newField is a field that is tech preview, but because the entire type is gated, there is no marker on the field.", - Default: "", - Type: []string{"string"}, + Description: "If set to true, disable the repo usage in the namespace", + Type: []string{"boolean"}, Format: "", }, }, - }, - Required: []string{"newField"}, - }, - }, - } -} - -func schema_openshift_api_example_v1alpha1_NotStableConfigTypeStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "NotStableConfigTypeStatus defines the observed status of the NotStableConfigType.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", - }, - "x-kubernetes-list-type": "map", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "Represents the observations of a foo's current state. Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), - }, - }, - }, - }, - }, - }, - }, - }, - Dependencies: []string{ - metav1.Condition{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_helm_v1beta1_ConnectionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "url": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "Chart repository URL", - Default: "", + Description: "Optional associated human readable repository name, it can be used by UI for displaying purposes", Type: []string{"string"}, Format: "", }, }, - "ca": { + "description": { SchemaProps: spec.SchemaProps{ - Description: "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca-bundle.crt\" is used to locate the data. If empty, the default system roots are used. The namespace for this config map is openshift-config.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1.ConfigMapNameReference"), + Description: "Optional human readable repository description, it can be used by UI for displaying purposes", + Type: []string{"string"}, + Format: "", }, }, - "tlsClientConfig": { + "connectionConfig": { SchemaProps: spec.SchemaProps{ - Description: "tlsClientConfig is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate and private key to present when connecting to the server. The key \"tls.crt\" is used to locate the client certificate. The key \"tls.key\" is used to locate the private key. The namespace for this secret is openshift-config.", + Description: "Required configuration for connecting to the chart repo", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1.SecretNameReference"), + Ref: ref("github.com/openshift/api/helm/v1beta1.ConnectionConfigNamespaceScoped"), }, }, }, - Required: []string{"url"}, + Required: []string{"connectionConfig"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ConfigMapNameReference", "github.com/openshift/api/config/v1.SecretNameReference"}, + "github.com/openshift/api/helm/v1beta1.ConnectionConfigNamespaceScoped"}, } } -func schema_openshift_api_helm_v1beta1_ConnectionConfigNamespaceScoped(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_DockerImageReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "DockerImageReference points to a container image.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "url": { + "Registry": { SchemaProps: spec.SchemaProps{ - Description: "Chart repository URL", + Description: "Registry is the registry that contains the container image", Default: "", Type: []string{"string"}, Format: "", }, }, - "ca": { + "Namespace": { SchemaProps: spec.SchemaProps{ - Description: "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca-bundle.crt\" is used to locate the data. If empty, the default system roots are used. The namespace for this configmap must be same as the namespace where the project helm chart repository is getting instantiated.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1.ConfigMapNameReference"), + Description: "Namespace is the namespace that contains the container image", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "tlsClientConfig": { + "Name": { SchemaProps: spec.SchemaProps{ - Description: "tlsClientConfig is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate and private key to present when connecting to the server. The key \"tls.crt\" is used to locate the client certificate. The key \"tls.key\" is used to locate the private key. The namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1.SecretNameReference"), + Description: "Name is the name of the container image", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "basicAuthConfig": { + "Tag": { SchemaProps: spec.SchemaProps{ - Description: "basicAuthConfig is an optional reference to a secret by name that contains the basic authentication credentials to present when connecting to the server. The key \"username\" is used locate the username. The key \"password\" is used to locate the password. The namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1.SecretNameReference"), + Description: "Tag is which tag of the container image is being referenced", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "ID": { + SchemaProps: spec.SchemaProps{ + Description: "ID is the identifier for the container image", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"url"}, + Required: []string{"Registry", "Namespace", "Name", "Tag", "ID"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/config/v1.ConfigMapNameReference", "github.com/openshift/api/config/v1.SecretNameReference"}, } } -func schema_openshift_api_helm_v1beta1_HelmChartRepository(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_Image(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "HelmChartRepository holds cluster-wide configuration for proxied Helm chart repository\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "Image is an immutable representation of a container image and its metadata at a point in time. Images are named by taking a hash of their contents (metadata and content) and any change in format, content, or metadata results in a new name. The images resource is primarily for use by cluster administrators and integrations like the cluster image registry - end users, instead, access images via the imagestreamtags or imagestreamimages resources. While image metadata is stored in the API, any integration that implements the container image registry API must provide its own storage for the raw manifest data, image config, and layer contents.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -29195,149 +28289,172 @@ func schema_openshift_api_helm_v1beta1_HelmChartRepository(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, - "spec": { + "dockerImageReference": { SchemaProps: spec.SchemaProps{ - Description: "spec holds user settable values for configuration", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/helm/v1beta1.HelmChartRepositorySpec"), + Description: "dockerImageReference is the string that can be used to pull this image.", + Type: []string{"string"}, + Format: "", }, }, - "status": { + "dockerImageMetadata": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-patch-strategy": "replace", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "Observed status of the repository within the cluster..", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/helm/v1beta1.HelmChartRepositoryStatus"), + Description: "dockerImageMetadata contains metadata about this image", + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, - }, - Required: []string{"spec"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/helm/v1beta1.HelmChartRepositorySpec", "github.com/openshift/api/helm/v1beta1.HelmChartRepositoryStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_helm_v1beta1_HelmChartRepositoryList(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { + "dockerImageMetadataVersion": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "dockerImageMetadataVersion conveys the version of the object, which if empty defaults to \"1.0\"", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "dockerImageManifest": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "dockerImageManifest is the raw JSON of the manifest", Type: []string{"string"}, Format: "", }, }, - "metadata": { + "dockerImageLayers": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Description: "dockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/image/v1.ImageLayer"), + }, + }, + }, }, }, - "items": { + "signatures": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge", + }, + }, SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, + Description: "signatures holds all signatures of the image.", + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/helm/v1beta1.HelmChartRepository"), + Ref: ref("github.com/openshift/api/image/v1.ImageSignature"), }, }, }, }, }, - }, - Required: []string{"metadata", "items"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/helm/v1beta1.HelmChartRepository", metav1.ListMeta{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_helm_v1beta1_HelmChartRepositorySpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "Helm chart repository exposed within the cluster", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "disabled": { + "dockerImageSignatures": { SchemaProps: spec.SchemaProps{ - Description: "If set to true, disable the repo usage in the cluster/namespace", - Type: []string{"boolean"}, - Format: "", + Description: "dockerImageSignatures provides the signatures as opaque blobs. This is a part of manifest schema v1.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "byte", + }, + }, + }, }, }, - "name": { + "dockerImageManifestMediaType": { SchemaProps: spec.SchemaProps{ - Description: "Optional associated human readable repository name, it can be used by UI for displaying purposes", + Description: "dockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2.", Type: []string{"string"}, Format: "", }, }, - "description": { + "dockerImageConfig": { SchemaProps: spec.SchemaProps{ - Description: "Optional human readable repository description, it can be used by UI for displaying purposes", + Description: "dockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. Will not be set when the image represents a manifest list.", Type: []string{"string"}, Format: "", }, }, - "connectionConfig": { + "dockerImageManifests": { SchemaProps: spec.SchemaProps{ - Description: "Required configuration for connecting to the chart repo", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/helm/v1beta1.ConnectionConfig"), + Description: "dockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/image/v1.ImageManifest"), + }, + }, + }, }, }, }, - Required: []string{"connectionConfig"}, }, }, Dependencies: []string{ - "github.com/openshift/api/helm/v1beta1.ConnectionConfig"}, + "github.com/openshift/api/image/v1.ImageLayer", "github.com/openshift/api/image/v1.ImageManifest", "github.com/openshift/api/image/v1.ImageSignature", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } -func schema_openshift_api_helm_v1beta1_HelmChartRepositoryStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_ImageBlobReferences(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "ImageBlobReferences describes the blob references within an image.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", + "imageMissing": { + SchemaProps: spec.SchemaProps{ + Description: "imageMissing is true if the image is referenced by the image stream but the image object has been deleted from the API by an administrator. When this field is set, layers and config fields may be empty and callers that depend on the image metadata should consider the image to be unavailable for download or viewing.", + Default: false, + Type: []string{"boolean"}, + Format: "", + }, + }, + "layers": { + SchemaProps: spec.SchemaProps{ + Description: "layers is the list of blobs that compose this image, from base layer to top layer. All layers referenced by this array will be defined in the blobs map. Some images may have zero layers.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, }, - "x-kubernetes-list-type": "map", }, }, + }, + "config": { SchemaProps: spec.SchemaProps{ - Description: "conditions is a list of conditions and their statuses", + Description: "config, if set, is the blob that contains the image config. Some images do not have separate config blobs and this field will be set to nil if so.", + Type: []string{"string"}, + Format: "", + }, + }, + "manifests": { + SchemaProps: spec.SchemaProps{ + Description: "manifests is the list of other image names that this image points to. For a single architecture image, it is empty. For a multi-arch image, it consists of the digests of single architecture images, such images shouldn't have layers nor config.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, @@ -29346,435 +28463,32 @@ func schema_openshift_api_helm_v1beta1_HelmChartRepositoryStatus(ref common.Refe }, }, }, - Dependencies: []string{ - metav1.Condition{}.OpenAPIModelName()}, } } -func schema_openshift_api_helm_v1beta1_ProjectHelmChartRepository(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_ImageImportSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ProjectHelmChartRepository holds namespace-wide configuration for proxied Helm chart repository\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "ImageImportSpec describes a request to import a specific image.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "from": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", + Description: "from is the source of an image to import; only kind DockerImage is allowed", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, - "apiVersion": { + "to": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", + Description: "to is a tag in the current image stream to assign the imported image to, if name is not specified the default tag from from.name will be used", + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, - "metadata": { + "importPolicy": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), - }, - }, - "spec": { - SchemaProps: spec.SchemaProps{ - Description: "spec holds user settable values for configuration", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/helm/v1beta1.ProjectHelmChartRepositorySpec"), - }, - }, - "status": { - SchemaProps: spec.SchemaProps{ - Description: "Observed status of the repository within the namespace..", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/helm/v1beta1.HelmChartRepositoryStatus"), - }, - }, - }, - Required: []string{"spec"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/helm/v1beta1.HelmChartRepositoryStatus", "github.com/openshift/api/helm/v1beta1.ProjectHelmChartRepositorySpec", metav1.ObjectMeta{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_helm_v1beta1_ProjectHelmChartRepositoryList(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), - }, - }, - "items": { - SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/helm/v1beta1.ProjectHelmChartRepository"), - }, - }, - }, - }, - }, - }, - Required: []string{"metadata", "items"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/helm/v1beta1.ProjectHelmChartRepository", metav1.ListMeta{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_helm_v1beta1_ProjectHelmChartRepositorySpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "Project Helm chart repository exposed within a namespace", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "disabled": { - SchemaProps: spec.SchemaProps{ - Description: "If set to true, disable the repo usage in the namespace", - Type: []string{"boolean"}, - Format: "", - }, - }, - "name": { - SchemaProps: spec.SchemaProps{ - Description: "Optional associated human readable repository name, it can be used by UI for displaying purposes", - Type: []string{"string"}, - Format: "", - }, - }, - "description": { - SchemaProps: spec.SchemaProps{ - Description: "Optional human readable repository description, it can be used by UI for displaying purposes", - Type: []string{"string"}, - Format: "", - }, - }, - "connectionConfig": { - SchemaProps: spec.SchemaProps{ - Description: "Required configuration for connecting to the chart repo", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/helm/v1beta1.ConnectionConfigNamespaceScoped"), - }, - }, - }, - Required: []string{"connectionConfig"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/helm/v1beta1.ConnectionConfigNamespaceScoped"}, - } -} - -func schema_openshift_api_image_v1_DockerImageReference(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "DockerImageReference points to a container image.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "Registry": { - SchemaProps: spec.SchemaProps{ - Description: "Registry is the registry that contains the container image", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "Namespace": { - SchemaProps: spec.SchemaProps{ - Description: "Namespace is the namespace that contains the container image", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "Name": { - SchemaProps: spec.SchemaProps{ - Description: "Name is the name of the container image", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "Tag": { - SchemaProps: spec.SchemaProps{ - Description: "Tag is which tag of the container image is being referenced", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "ID": { - SchemaProps: spec.SchemaProps{ - Description: "ID is the identifier for the container image", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - Required: []string{"Registry", "Namespace", "Name", "Tag", "ID"}, - }, - }, - } -} - -func schema_openshift_api_image_v1_Image(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "Image is an immutable representation of a container image and its metadata at a point in time. Images are named by taking a hash of their contents (metadata and content) and any change in format, content, or metadata results in a new name. The images resource is primarily for use by cluster administrators and integrations like the cluster image registry - end users, instead, access images via the imagestreamtags or imagestreamimages resources. While image metadata is stored in the API, any integration that implements the container image registry API must provide its own storage for the raw manifest data, image config, and layer contents.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), - }, - }, - "dockerImageReference": { - SchemaProps: spec.SchemaProps{ - Description: "dockerImageReference is the string that can be used to pull this image.", - Type: []string{"string"}, - Format: "", - }, - }, - "dockerImageMetadata": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-patch-strategy": "replace", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "dockerImageMetadata contains metadata about this image", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), - }, - }, - "dockerImageMetadataVersion": { - SchemaProps: spec.SchemaProps{ - Description: "dockerImageMetadataVersion conveys the version of the object, which if empty defaults to \"1.0\"", - Type: []string{"string"}, - Format: "", - }, - }, - "dockerImageManifest": { - SchemaProps: spec.SchemaProps{ - Description: "dockerImageManifest is the raw JSON of the manifest", - Type: []string{"string"}, - Format: "", - }, - }, - "dockerImageLayers": { - SchemaProps: spec.SchemaProps{ - Description: "dockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.ImageLayer"), - }, - }, - }, - }, - }, - "signatures": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "signatures holds all signatures of the image.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.ImageSignature"), - }, - }, - }, - }, - }, - "dockerImageSignatures": { - SchemaProps: spec.SchemaProps{ - Description: "dockerImageSignatures provides the signatures as opaque blobs. This is a part of manifest schema v1.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "byte", - }, - }, - }, - }, - }, - "dockerImageManifestMediaType": { - SchemaProps: spec.SchemaProps{ - Description: "dockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2.", - Type: []string{"string"}, - Format: "", - }, - }, - "dockerImageConfig": { - SchemaProps: spec.SchemaProps{ - Description: "dockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. Will not be set when the image represents a manifest list.", - Type: []string{"string"}, - Format: "", - }, - }, - "dockerImageManifests": { - SchemaProps: spec.SchemaProps{ - Description: "dockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.ImageManifest"), - }, - }, - }, - }, - }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/image/v1.ImageLayer", "github.com/openshift/api/image/v1.ImageManifest", "github.com/openshift/api/image/v1.ImageSignature", metav1.ObjectMeta{}.OpenAPIModelName(), runtime.RawExtension{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_image_v1_ImageBlobReferences(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ImageBlobReferences describes the blob references within an image.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "imageMissing": { - SchemaProps: spec.SchemaProps{ - Description: "imageMissing is true if the image is referenced by the image stream but the image object has been deleted from the API by an administrator. When this field is set, layers and config fields may be empty and callers that depend on the image metadata should consider the image to be unavailable for download or viewing.", - Default: false, - Type: []string{"boolean"}, - Format: "", - }, - }, - "layers": { - SchemaProps: spec.SchemaProps{ - Description: "layers is the list of blobs that compose this image, from base layer to top layer. All layers referenced by this array will be defined in the blobs map. Some images may have zero layers.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "config": { - SchemaProps: spec.SchemaProps{ - Description: "config, if set, is the blob that contains the image config. Some images do not have separate config blobs and this field will be set to nil if so.", - Type: []string{"string"}, - Format: "", - }, - }, - "manifests": { - SchemaProps: spec.SchemaProps{ - Description: "manifests is the list of other image names that this image points to. For a single architecture image, it is empty. For a multi-arch image, it consists of the digests of single architecture images, such images shouldn't have layers nor config.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - }, - }, - }, - } -} - -func schema_openshift_api_image_v1_ImageImportSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ImageImportSpec describes a request to import a specific image.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "from": { - SchemaProps: spec.SchemaProps{ - Description: "from is the source of an image to import; only kind DockerImage is allowed", - Default: map[string]interface{}{}, - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), - }, - }, - "to": { - SchemaProps: spec.SchemaProps{ - Description: "to is a tag in the current image stream to assign the imported image to, if name is not specified the default tag from from.name will be used", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), - }, - }, - "importPolicy": { - SchemaProps: spec.SchemaProps{ - Description: "importPolicy is the policy controlling how the image is imported", + Description: "importPolicy is the policy controlling how the image is imported", Default: map[string]interface{}{}, Ref: ref("github.com/openshift/api/image/v1.TagImportPolicy"), }, @@ -29798,7 +28512,7 @@ func schema_openshift_api_image_v1_ImageImportSpec(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.TagImportPolicy", "github.com/openshift/api/image/v1.TagReferencePolicy", corev1.LocalObjectReference{}.OpenAPIModelName(), corev1.ObjectReference{}.OpenAPIModelName()}, + "github.com/openshift/api/image/v1.TagImportPolicy", "github.com/openshift/api/image/v1.TagReferencePolicy", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.ObjectReference"}, } } @@ -29813,7 +28527,7 @@ func schema_openshift_api_image_v1_ImageImportStatus(ref common.ReferenceCallbac SchemaProps: spec.SchemaProps{ Description: "status is the status of the image import, including errors encountered while retrieving the image", Default: map[string]interface{}{}, - Ref: ref(metav1.Status{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Status"), }, }, "image": { @@ -29848,7 +28562,7 @@ func schema_openshift_api_image_v1_ImageImportStatus(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.Image", metav1.Status{}.OpenAPIModelName()}, + "github.com/openshift/api/image/v1.Image", "k8s.io/apimachinery/pkg/apis/meta/v1.Status"}, } } @@ -29944,7 +28658,7 @@ func schema_openshift_api_image_v1_ImageList(ref common.ReferenceCallback) commo SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -29966,7 +28680,7 @@ func schema_openshift_api_image_v1_ImageList(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.Image", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/image/v1.Image", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -30078,7 +28792,7 @@ func schema_openshift_api_image_v1_ImageSignature(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "type": { @@ -30142,7 +28856,7 @@ func schema_openshift_api_image_v1_ImageSignature(ref common.ReferenceCallback) "created": { SchemaProps: spec.SchemaProps{ Description: "If specified, it is the time of signature's creation.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "issuedBy": { @@ -30162,7 +28876,7 @@ func schema_openshift_api_image_v1_ImageSignature(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.SignatureCondition", "github.com/openshift/api/image/v1.SignatureIssuer", "github.com/openshift/api/image/v1.SignatureSubject", metav1.ObjectMeta{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, + "github.com/openshift/api/image/v1.SignatureCondition", "github.com/openshift/api/image/v1.SignatureIssuer", "github.com/openshift/api/image/v1.SignatureSubject", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -30191,7 +28905,7 @@ func schema_openshift_api_image_v1_ImageStream(ref common.ReferenceCallback) com SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -30212,7 +28926,7 @@ func schema_openshift_api_image_v1_ImageStream(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.ImageStreamSpec", "github.com/openshift/api/image/v1.ImageStreamStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/image/v1.ImageStreamSpec", "github.com/openshift/api/image/v1.ImageStreamStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -30241,7 +28955,7 @@ func schema_openshift_api_image_v1_ImageStreamImage(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "image": { @@ -30256,7 +28970,7 @@ func schema_openshift_api_image_v1_ImageStreamImage(ref common.ReferenceCallback }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.Image", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/image/v1.Image", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -30285,7 +28999,7 @@ func schema_openshift_api_image_v1_ImageStreamImport(ref common.ReferenceCallbac SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -30307,7 +29021,7 @@ func schema_openshift_api_image_v1_ImageStreamImport(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.ImageStreamImportSpec", "github.com/openshift/api/image/v1.ImageStreamImportStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/image/v1.ImageStreamImportSpec", "github.com/openshift/api/image/v1.ImageStreamImportStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -30421,7 +29135,7 @@ func schema_openshift_api_image_v1_ImageStreamLayers(ref common.ReferenceCallbac SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "blobs": { @@ -30459,7 +29173,7 @@ func schema_openshift_api_image_v1_ImageStreamLayers(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.ImageBlobReferences", "github.com/openshift/api/image/v1.ImageLayerData", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/image/v1.ImageBlobReferences", "github.com/openshift/api/image/v1.ImageLayerData", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -30488,7 +29202,7 @@ func schema_openshift_api_image_v1_ImageStreamList(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -30510,7 +29224,7 @@ func schema_openshift_api_image_v1_ImageStreamList(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.ImageStream", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/image/v1.ImageStream", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -30539,7 +29253,7 @@ func schema_openshift_api_image_v1_ImageStreamMapping(ref common.ReferenceCallba SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "image": { @@ -30562,7 +29276,7 @@ func schema_openshift_api_image_v1_ImageStreamMapping(ref common.ReferenceCallba }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.Image", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/image/v1.Image", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -30690,7 +29404,7 @@ func schema_openshift_api_image_v1_ImageStreamTag(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "tag": { @@ -30740,7 +29454,7 @@ func schema_openshift_api_image_v1_ImageStreamTag(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.Image", "github.com/openshift/api/image/v1.ImageLookupPolicy", "github.com/openshift/api/image/v1.TagEventCondition", "github.com/openshift/api/image/v1.TagReference", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/image/v1.Image", "github.com/openshift/api/image/v1.ImageLookupPolicy", "github.com/openshift/api/image/v1.TagEventCondition", "github.com/openshift/api/image/v1.TagReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -30769,7 +29483,7 @@ func schema_openshift_api_image_v1_ImageStreamTagList(ref common.ReferenceCallba SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -30791,7 +29505,7 @@ func schema_openshift_api_image_v1_ImageStreamTagList(ref common.ReferenceCallba }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.ImageStreamTag", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/image/v1.ImageStreamTag", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -30820,7 +29534,7 @@ func schema_openshift_api_image_v1_ImageTag(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -30846,7 +29560,7 @@ func schema_openshift_api_image_v1_ImageTag(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.Image", "github.com/openshift/api/image/v1.NamedTagEventList", "github.com/openshift/api/image/v1.TagReference", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/image/v1.Image", "github.com/openshift/api/image/v1.NamedTagEventList", "github.com/openshift/api/image/v1.TagReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -30875,7 +29589,7 @@ func schema_openshift_api_image_v1_ImageTagList(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -30897,7 +29611,7 @@ func schema_openshift_api_image_v1_ImageTagList(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.ImageTag", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/image/v1.ImageTag", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -30964,7 +29678,7 @@ func schema_openshift_api_image_v1_RepositoryImportSpec(ref common.ReferenceCall SchemaProps: spec.SchemaProps{ Description: "from is the source for the image repository to import; only kind DockerImage and a name of a container image repository is allowed", Default: map[string]interface{}{}, - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, "importPolicy": { @@ -30993,7 +29707,7 @@ func schema_openshift_api_image_v1_RepositoryImportSpec(ref common.ReferenceCall }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.TagImportPolicy", "github.com/openshift/api/image/v1.TagReferencePolicy", corev1.ObjectReference{}.OpenAPIModelName()}, + "github.com/openshift/api/image/v1.TagImportPolicy", "github.com/openshift/api/image/v1.TagReferencePolicy", "k8s.io/api/core/v1.ObjectReference"}, } } @@ -31008,7 +29722,7 @@ func schema_openshift_api_image_v1_RepositoryImportStatus(ref common.ReferenceCa SchemaProps: spec.SchemaProps{ Description: "status reflects whether any failure occurred during import", Default: map[string]interface{}{}, - Ref: ref(metav1.Status{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Status"), }, }, "images": { @@ -31044,7 +29758,7 @@ func schema_openshift_api_image_v1_RepositoryImportStatus(ref common.ReferenceCa }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.ImageImportStatus", metav1.Status{}.OpenAPIModelName()}, + "github.com/openshift/api/image/v1.ImageImportStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.Status"}, } } @@ -31073,7 +29787,7 @@ func schema_openshift_api_image_v1_SecretList(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -31084,7 +29798,7 @@ func schema_openshift_api_image_v1_SecretList(ref common.ReferenceCallback) comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.Secret{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Secret"), }, }, }, @@ -31095,7 +29809,7 @@ func schema_openshift_api_image_v1_SecretList(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - corev1.Secret{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.Secret", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -31125,13 +29839,13 @@ func schema_openshift_api_image_v1_SignatureCondition(ref common.ReferenceCallba "lastProbeTime": { SchemaProps: spec.SchemaProps{ Description: "Last time the condition was checked.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "Last time the condition transit from one status to another.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "reason": { @@ -31153,7 +29867,7 @@ func schema_openshift_api_image_v1_SignatureCondition(ref common.ReferenceCallba }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -31257,7 +29971,7 @@ func schema_openshift_api_image_v1_TagEvent(ref common.ReferenceCallback) common "created": { SchemaProps: spec.SchemaProps{ Description: "created holds the time the TagEvent was created", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "dockerImageReference": { @@ -31289,7 +30003,7 @@ func schema_openshift_api_image_v1_TagEvent(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -31319,7 +30033,7 @@ func schema_openshift_api_image_v1_TagEventCondition(ref common.ReferenceCallbac "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "lastTransitionTime is the time the condition transitioned from one status to another.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "reason": { @@ -31349,7 +30063,7 @@ func schema_openshift_api_image_v1_TagEventCondition(ref common.ReferenceCallbac }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -31421,7 +30135,7 @@ func schema_openshift_api_image_v1_TagReference(ref common.ReferenceCallback) co "from": { SchemaProps: spec.SchemaProps{ Description: "Optional; if specified, a reference to another image that this tag should point to. Valid values are ImageStreamTag, ImageStreamImage, and DockerImage. ImageStreamTag references can only reference a tag within this same ImageStream.", - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, "reference": { @@ -31457,7 +30171,7 @@ func schema_openshift_api_image_v1_TagReference(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.TagImportPolicy", "github.com/openshift/api/image/v1.TagReferencePolicy", corev1.ObjectReference{}.OpenAPIModelName()}, + "github.com/openshift/api/image/v1.TagImportPolicy", "github.com/openshift/api/image/v1.TagReferencePolicy", "k8s.io/api/core/v1.ObjectReference"}, } } @@ -31546,7 +30260,7 @@ func schema_openshift_api_insights_v1_DataGather(ref common.ReferenceCallback) c SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -31568,7 +30282,7 @@ func schema_openshift_api_insights_v1_DataGather(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1.DataGatherSpec", "github.com/openshift/api/insights/v1.DataGatherStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/insights/v1.DataGatherSpec", "github.com/openshift/api/insights/v1.DataGatherStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -31597,7 +30311,7 @@ func schema_openshift_api_insights_v1_DataGatherList(ref common.ReferenceCallbac SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -31623,7 +30337,7 @@ func schema_openshift_api_insights_v1_DataGatherList(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1.DataGather", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/insights/v1.DataGather", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -31700,7 +30414,7 @@ func schema_openshift_api_insights_v1_DataGatherStatus(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -31731,13 +30445,13 @@ func schema_openshift_api_insights_v1_DataGatherStatus(ref common.ReferenceCallb "startTime": { SchemaProps: spec.SchemaProps{ Description: "startTime is the time when Insights data gathering started.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "finishTime": { SchemaProps: spec.SchemaProps{ Description: "finishTime is the time when Insights data gathering finished.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "relatedObjects": { @@ -31781,7 +30495,7 @@ func schema_openshift_api_insights_v1_DataGatherStatus(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1.GathererStatus", "github.com/openshift/api/insights/v1.InsightsReport", "github.com/openshift/api/insights/v1.ObjectReference", metav1.Condition{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, + "github.com/openshift/api/insights/v1.GathererStatus", "github.com/openshift/api/insights/v1.InsightsReport", "github.com/openshift/api/insights/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -31836,7 +30550,7 @@ func schema_openshift_api_insights_v1_GathererStatus(ref common.ReferenceCallbac Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -31861,7 +30575,7 @@ func schema_openshift_api_insights_v1_GathererStatus(ref common.ReferenceCallbac }, }, Dependencies: []string{ - metav1.Condition{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -31952,7 +30666,7 @@ func schema_openshift_api_insights_v1_InsightsReport(ref common.ReferenceCallbac "downloadedTime": { SchemaProps: spec.SchemaProps{ Description: "downloadedTime is a required field that specifies when the Insights report was last downloaded.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "healthChecks": { @@ -31991,7 +30705,7 @@ func schema_openshift_api_insights_v1_InsightsReport(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1.HealthCheck", metav1.Time{}.OpenAPIModelName()}, + "github.com/openshift/api/insights/v1.HealthCheck", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -32155,7 +30869,7 @@ func schema_openshift_api_insights_v1alpha1_DataGather(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -32177,7 +30891,7 @@ func schema_openshift_api_insights_v1alpha1_DataGather(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1alpha1.DataGatherSpec", "github.com/openshift/api/insights/v1alpha1.DataGatherStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/insights/v1alpha1.DataGatherSpec", "github.com/openshift/api/insights/v1alpha1.DataGatherStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -32206,7 +30920,7 @@ func schema_openshift_api_insights_v1alpha1_DataGatherList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -32232,7 +30946,7 @@ func schema_openshift_api_insights_v1alpha1_DataGatherList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1alpha1.DataGather", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/insights/v1alpha1.DataGather", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -32252,14 +30966,6 @@ func schema_openshift_api_insights_v1alpha1_DataGatherSpec(ref common.ReferenceC }, }, "gatherers": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, - }, SchemaProps: spec.SchemaProps{ Description: "gatherers is an optional list of gatherers configurations. The list must not exceed 100 items. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", Type: []string{"array"}, @@ -32310,7 +31016,7 @@ func schema_openshift_api_insights_v1alpha1_DataGatherStatus(ref common.Referenc Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -32348,25 +31054,16 @@ func schema_openshift_api_insights_v1alpha1_DataGatherStatus(ref common.Referenc "startTime": { SchemaProps: spec.SchemaProps{ Description: "startTime is the time when Insights data gathering started.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "finishTime": { SchemaProps: spec.SchemaProps{ Description: "finishTime is the time when Insights data gathering finished.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "relatedObjects": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - "namespace", - }, - "x-kubernetes-list-type": "map", - }, - }, SchemaProps: spec.SchemaProps{ Description: "relatedObjects is a list of resources which are useful when debugging or inspecting the data gathering Pod", Type: []string{"array"}, @@ -32398,7 +31095,7 @@ func schema_openshift_api_insights_v1alpha1_DataGatherStatus(ref common.Referenc }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1alpha1.GathererStatus", "github.com/openshift/api/insights/v1alpha1.InsightsReport", "github.com/openshift/api/insights/v1alpha1.ObjectReference", metav1.Condition{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, + "github.com/openshift/api/insights/v1alpha1.GathererStatus", "github.com/openshift/api/insights/v1alpha1.InsightsReport", "github.com/openshift/api/insights/v1alpha1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -32455,7 +31152,7 @@ func schema_openshift_api_insights_v1alpha1_GathererStatus(ref common.ReferenceC Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -32472,7 +31169,7 @@ func schema_openshift_api_insights_v1alpha1_GathererStatus(ref common.ReferenceC "lastGatherDuration": { SchemaProps: spec.SchemaProps{ Description: "lastGatherDuration represents the time spent gathering.", - Ref: ref(metav1.Duration{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, }, @@ -32480,7 +31177,7 @@ func schema_openshift_api_insights_v1alpha1_GathererStatus(ref common.ReferenceC }, }, Dependencies: []string{ - metav1.Condition{}.OpenAPIModelName(), metav1.Duration{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition", "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, } } @@ -32540,7 +31237,7 @@ func schema_openshift_api_insights_v1alpha1_InsightsReport(ref common.ReferenceC "downloadedAt": { SchemaProps: spec.SchemaProps{ Description: "downloadedAt is the time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled).", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "healthChecks": { @@ -32573,7 +31270,7 @@ func schema_openshift_api_insights_v1alpha1_InsightsReport(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1alpha1.HealthCheck", metav1.Time{}.OpenAPIModelName()}, + "github.com/openshift/api/insights/v1alpha1.HealthCheck", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -32611,13 +31308,12 @@ func schema_openshift_api_insights_v1alpha1_ObjectReference(ref common.Reference "namespace": { SchemaProps: spec.SchemaProps{ Description: "namespace of the referent that follows the DNS1123 subdomain format. It must be at most 253 characters in length.", - Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"group", "resource", "name", "namespace"}, + Required: []string{"group", "resource", "name"}, }, }, } @@ -32768,7 +31464,7 @@ func schema_openshift_api_insights_v1alpha2_DataGather(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -32790,7 +31486,7 @@ func schema_openshift_api_insights_v1alpha2_DataGather(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1alpha2.DataGatherSpec", "github.com/openshift/api/insights/v1alpha2.DataGatherStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/insights/v1alpha2.DataGatherSpec", "github.com/openshift/api/insights/v1alpha2.DataGatherStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -32819,7 +31515,7 @@ func schema_openshift_api_insights_v1alpha2_DataGatherList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -32845,7 +31541,7 @@ func schema_openshift_api_insights_v1alpha2_DataGatherList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1alpha2.DataGather", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/insights/v1alpha2.DataGather", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -32919,7 +31615,7 @@ func schema_openshift_api_insights_v1alpha2_DataGatherStatus(ref common.Referenc Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -32950,13 +31646,13 @@ func schema_openshift_api_insights_v1alpha2_DataGatherStatus(ref common.Referenc "startTime": { SchemaProps: spec.SchemaProps{ Description: "startTime is the time when Insights data gathering started.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "finishTime": { SchemaProps: spec.SchemaProps{ Description: "finishTime is the time when Insights data gathering finished.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "relatedObjects": { @@ -33000,7 +31696,7 @@ func schema_openshift_api_insights_v1alpha2_DataGatherStatus(ref common.Referenc }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1alpha2.GathererStatus", "github.com/openshift/api/insights/v1alpha2.InsightsReport", "github.com/openshift/api/insights/v1alpha2.ObjectReference", metav1.Condition{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, + "github.com/openshift/api/insights/v1alpha2.GathererStatus", "github.com/openshift/api/insights/v1alpha2.InsightsReport", "github.com/openshift/api/insights/v1alpha2.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -33057,7 +31753,7 @@ func schema_openshift_api_insights_v1alpha2_GathererStatus(ref common.ReferenceC Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -33084,7 +31780,7 @@ func schema_openshift_api_insights_v1alpha2_GathererStatus(ref common.ReferenceC }, }, Dependencies: []string{ - metav1.Condition{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -33178,7 +31874,7 @@ func schema_openshift_api_insights_v1alpha2_InsightsReport(ref common.ReferenceC "downloadedTime": { SchemaProps: spec.SchemaProps{ Description: "downloadedTime is an optional time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled).", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "healthChecks": { @@ -33216,7 +31912,7 @@ func schema_openshift_api_insights_v1alpha2_InsightsReport(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1alpha2.HealthCheck", metav1.Time{}.OpenAPIModelName()}, + "github.com/openshift/api/insights/v1alpha2.HealthCheck", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -34198,7 +32894,7 @@ func schema_openshift_api_legacyconfig_v1_AdmissionPluginConfig(ref common.Refer "configuration": { SchemaProps: spec.SchemaProps{ Description: "configuration is an embedded configuration object to be used as the plugin's configuration. If present, it will be used instead of the path to the configuration file.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -34206,7 +32902,7 @@ func schema_openshift_api_legacyconfig_v1_AdmissionPluginConfig(ref common.Refer }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -34318,7 +33014,7 @@ func schema_openshift_api_legacyconfig_v1_AuditConfig(ref common.ReferenceCallba "policyConfiguration": { SchemaProps: spec.SchemaProps{ Description: "policyConfiguration is an embedded policy configuration object to be used as the audit policy configuration. If present, it will be used instead of the path to the policy file.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "logFormat": { @@ -34350,7 +33046,7 @@ func schema_openshift_api_legacyconfig_v1_AuditConfig(ref common.ReferenceCallba }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -34547,7 +33243,7 @@ func schema_openshift_api_legacyconfig_v1_BuildDefaultsConfig(ref common.Referen Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EnvVar"), }, }, }, @@ -34609,14 +33305,14 @@ func schema_openshift_api_legacyconfig_v1_BuildDefaultsConfig(ref common.Referen SchemaProps: spec.SchemaProps{ Description: "resources defines resource requirements to execute the build.", Default: map[string]interface{}{}, - Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.ImageLabel", "github.com/openshift/api/legacyconfig/v1.SourceStrategyDefaultsConfig", corev1.EnvVar{}.OpenAPIModelName(), corev1.ResourceRequirements{}.OpenAPIModelName()}, + "github.com/openshift/api/build/v1.ImageLabel", "github.com/openshift/api/legacyconfig/v1.SourceStrategyDefaultsConfig", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.ResourceRequirements"}, } } @@ -34703,7 +33399,7 @@ func schema_openshift_api_legacyconfig_v1_BuildOverridesConfig(ref common.Refere Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.Toleration{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Toleration"), }, }, }, @@ -34714,7 +33410,7 @@ func schema_openshift_api_legacyconfig_v1_BuildOverridesConfig(ref common.Refere }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.ImageLabel", corev1.Toleration{}.OpenAPIModelName()}, + "github.com/openshift/api/build/v1.ImageLabel", "k8s.io/api/core/v1.Toleration"}, } } @@ -35654,7 +34350,7 @@ func schema_openshift_api_legacyconfig_v1_IdentityProvider(ref common.ReferenceC "provider": { SchemaProps: spec.SchemaProps{ Description: "provider contains the information about how to set up a specific identity provider", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -35662,7 +34358,7 @@ func schema_openshift_api_legacyconfig_v1_IdentityProvider(ref common.ReferenceC }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -36463,7 +35159,7 @@ func schema_openshift_api_legacyconfig_v1_LocalQuota(ref common.ReferenceCallbac "perFSGroup": { SchemaProps: spec.SchemaProps{ Description: "FSGroup can be specified to enable a quota on local storage use per unique FSGroup ID. At present this is only implemented for emptyDir volumes, and if the underlying volumeDirectory is on an XFS filesystem.", - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -36471,7 +35167,7 @@ func schema_openshift_api_legacyconfig_v1_LocalQuota(ref common.ReferenceCallbac }, }, Dependencies: []string{ - resource.Quantity{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/api/resource.Quantity"}, } } @@ -38964,7 +37660,7 @@ func schema_openshift_api_machine_v1_AlibabaCloudMachineProviderConfig(ref commo SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "instanceType": { @@ -39080,13 +37776,13 @@ func schema_openshift_api_machine_v1_AlibabaCloudMachineProviderConfig(ref commo "userDataSecret": { SchemaProps: spec.SchemaProps{ Description: "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, "credentialsSecret": { SchemaProps: spec.SchemaProps{ Description: "credentialsSecret is a reference to the secret with alibabacloud credentials. Otherwise, defaults to permissions provided by attached RAM role where the actuator is running.", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, "tag": { @@ -39108,7 +37804,7 @@ func schema_openshift_api_machine_v1_AlibabaCloudMachineProviderConfig(ref commo }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1.AlibabaResourceReference", "github.com/openshift/api/machine/v1.BandwidthProperties", "github.com/openshift/api/machine/v1.DataDiskProperties", "github.com/openshift/api/machine/v1.SystemDiskProperties", "github.com/openshift/api/machine/v1.Tag", corev1.LocalObjectReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/machine/v1.AlibabaResourceReference", "github.com/openshift/api/machine/v1.BandwidthProperties", "github.com/openshift/api/machine/v1.DataDiskProperties", "github.com/openshift/api/machine/v1.SystemDiskProperties", "github.com/openshift/api/machine/v1.Tag", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -39137,7 +37833,7 @@ func schema_openshift_api_machine_v1_AlibabaCloudMachineProviderConfigList(ref c SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -39158,7 +37854,7 @@ func schema_openshift_api_machine_v1_AlibabaCloudMachineProviderConfigList(ref c }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1.AlibabaCloudMachineProviderConfig", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/machine/v1.AlibabaCloudMachineProviderConfig", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -39187,7 +37883,7 @@ func schema_openshift_api_machine_v1_AlibabaCloudMachineProviderStatus(ref commo SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "instanceId": { @@ -39220,7 +37916,7 @@ func schema_openshift_api_machine_v1_AlibabaCloudMachineProviderStatus(ref commo Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -39230,7 +37926,7 @@ func schema_openshift_api_machine_v1_AlibabaCloudMachineProviderStatus(ref commo }, }, Dependencies: []string{ - metav1.Condition{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -39367,7 +38063,7 @@ func schema_openshift_api_machine_v1_ControlPlaneMachineSet(ref common.Reference SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -39386,7 +38082,7 @@ func schema_openshift_api_machine_v1_ControlPlaneMachineSet(ref common.Reference }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1.ControlPlaneMachineSetSpec", "github.com/openshift/api/machine/v1.ControlPlaneMachineSetStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/machine/v1.ControlPlaneMachineSetSpec", "github.com/openshift/api/machine/v1.ControlPlaneMachineSetStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -39415,7 +38111,7 @@ func schema_openshift_api_machine_v1_ControlPlaneMachineSetList(ref common.Refer SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -39436,7 +38132,7 @@ func schema_openshift_api_machine_v1_ControlPlaneMachineSetList(ref common.Refer }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1.ControlPlaneMachineSet", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/machine/v1.ControlPlaneMachineSet", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -39480,7 +38176,7 @@ func schema_openshift_api_machine_v1_ControlPlaneMachineSetSpec(ref common.Refer SchemaProps: spec.SchemaProps{ Description: "Label selector for Machines. Existing Machines selected by this selector will be the ones affected by this ControlPlaneMachineSet. It must match the template's labels. This field is considered immutable after creation of the resource.", Default: map[string]interface{}{}, - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, "template": { @@ -39495,7 +38191,7 @@ func schema_openshift_api_machine_v1_ControlPlaneMachineSetSpec(ref common.Refer }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1.ControlPlaneMachineSetStrategy", "github.com/openshift/api/machine/v1.ControlPlaneMachineSetTemplate", metav1.LabelSelector{}.OpenAPIModelName()}, + "github.com/openshift/api/machine/v1.ControlPlaneMachineSetStrategy", "github.com/openshift/api/machine/v1.ControlPlaneMachineSetTemplate", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -39522,7 +38218,7 @@ func schema_openshift_api_machine_v1_ControlPlaneMachineSetStatus(ref common.Ref Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -39567,7 +38263,7 @@ func schema_openshift_api_machine_v1_ControlPlaneMachineSetStatus(ref common.Ref }, }, Dependencies: []string{ - metav1.Condition{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -40096,7 +38792,7 @@ func schema_openshift_api_machine_v1_NutanixMachineProviderConfig(ref common.Ref SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "cluster": { @@ -40146,13 +38842,13 @@ func schema_openshift_api_machine_v1_NutanixMachineProviderConfig(ref common.Ref "memorySize": { SchemaProps: spec.SchemaProps{ Description: "memorySize is the memory size (in Quantity format) of the VM The minimum memorySize is 2Gi bytes", - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, "systemDiskSize": { SchemaProps: spec.SchemaProps{ Description: "systemDiskSize is size (in Quantity format) of the system disk of the VM The minimum systemDiskSize is 20Gi bytes", - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, "bootType": { @@ -40233,13 +38929,13 @@ func schema_openshift_api_machine_v1_NutanixMachineProviderConfig(ref common.Ref "userDataSecret": { SchemaProps: spec.SchemaProps{ Description: "userDataSecret is a local reference to a secret that contains the UserData to apply to the VM", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, "credentialsSecret": { SchemaProps: spec.SchemaProps{ Description: "credentialsSecret is a local reference to a secret that contains the credentials data to access Nutanix PC client", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, "failureDomain": { @@ -40253,7 +38949,7 @@ func schema_openshift_api_machine_v1_NutanixMachineProviderConfig(ref common.Ref }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1.NutanixCategory", "github.com/openshift/api/machine/v1.NutanixFailureDomainReference", "github.com/openshift/api/machine/v1.NutanixGPU", "github.com/openshift/api/machine/v1.NutanixResourceIdentifier", "github.com/openshift/api/machine/v1.NutanixVMDisk", corev1.LocalObjectReference{}.OpenAPIModelName(), resource.Quantity{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/machine/v1.NutanixCategory", "github.com/openshift/api/machine/v1.NutanixFailureDomainReference", "github.com/openshift/api/machine/v1.NutanixGPU", "github.com/openshift/api/machine/v1.NutanixResourceIdentifier", "github.com/openshift/api/machine/v1.NutanixVMDisk", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/apimachinery/pkg/api/resource.Quantity", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -40294,7 +38990,7 @@ func schema_openshift_api_machine_v1_NutanixMachineProviderStatus(ref common.Ref Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -40311,7 +39007,7 @@ func schema_openshift_api_machine_v1_NutanixMachineProviderStatus(ref common.Ref }, }, Dependencies: []string{ - metav1.Condition{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -40415,7 +39111,7 @@ func schema_openshift_api_machine_v1_NutanixVMDisk(ref common.ReferenceCallback) "diskSize": { SchemaProps: spec.SchemaProps{ Description: "diskSize is size (in Quantity format) of the disk attached to the VM. See https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Format for the Quantity format and example documentation. The minimum diskSize is 1GB.", - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, "deviceProperties": { @@ -40441,7 +39137,7 @@ func schema_openshift_api_machine_v1_NutanixVMDisk(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1.NutanixResourceIdentifier", "github.com/openshift/api/machine/v1.NutanixVMDiskDeviceProperties", "github.com/openshift/api/machine/v1.NutanixVMStorageConfig", resource.Quantity{}.OpenAPIModelName()}, + "github.com/openshift/api/machine/v1.NutanixResourceIdentifier", "github.com/openshift/api/machine/v1.NutanixVMDiskDeviceProperties", "github.com/openshift/api/machine/v1.NutanixVMStorageConfig", "k8s.io/apimachinery/pkg/api/resource.Quantity"}, } } @@ -40600,7 +39296,7 @@ func schema_openshift_api_machine_v1_PowerVSMachineProviderConfig(ref common.Ref "metadata": { SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "userDataSecret": { @@ -40661,7 +39357,7 @@ func schema_openshift_api_machine_v1_PowerVSMachineProviderConfig(ref common.Ref "processors": { SchemaProps: spec.SchemaProps{ Description: "processors is the number of virtual processors in a virtual machine. when the processorType is selected as Dedicated the processors value cannot be fractional. maximum value for the Processors depends on the selected SystemType. when SystemType is set to e880 or e980 maximum Processors value is 143. when SystemType is set to s922 maximum Processors value is 15. minimum value for Processors depends on the selected ProcessorType. when ProcessorType is set as Shared or Capped, The minimum processors is 0.5. when ProcessorType is set as Dedicated, The minimum processors is 1. When omitted, this means that the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default is set based on the selected ProcessorType. when ProcessorType selected as Dedicated, the default is set to 1. when ProcessorType selected as Shared or Capped, the default is set to 0.5.", - Ref: ref(intstr.IntOrString{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/util/intstr.IntOrString"), }, }, "memoryGiB": { @@ -40690,7 +39386,7 @@ func schema_openshift_api_machine_v1_PowerVSMachineProviderConfig(ref common.Ref }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1.LoadBalancerReference", "github.com/openshift/api/machine/v1.PowerVSResource", "github.com/openshift/api/machine/v1.PowerVSSecretReference", metav1.ObjectMeta{}.OpenAPIModelName(), intstr.IntOrString{}.OpenAPIModelName()}, + "github.com/openshift/api/machine/v1.LoadBalancerReference", "github.com/openshift/api/machine/v1.PowerVSResource", "github.com/openshift/api/machine/v1.PowerVSSecretReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta", "k8s.io/apimachinery/pkg/util/intstr.IntOrString"}, } } @@ -40731,7 +39427,7 @@ func schema_openshift_api_machine_v1_PowerVSMachineProviderStatus(ref common.Ref Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -40762,7 +39458,7 @@ func schema_openshift_api_machine_v1_PowerVSMachineProviderStatus(ref common.Ref }, }, Dependencies: []string{ - metav1.Condition{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -40977,119 +39673,830 @@ func schema_openshift_api_machine_v1alpha1_AdditionalBlockDevice(ref common.Refe Properties: map[string]spec.Schema{ "name": { SchemaProps: spec.SchemaProps{ - Description: "name of the block device in the context of a machine. If the block device is a volume, the Cinder volume will be named as a combination of the machine name and this name. Also, this name will be used for tagging the block device. Information about the block device tag can be obtained from the OpenStack metadata API or the config drive.", - Default: "", - Type: []string{"string"}, + Description: "name of the block device in the context of a machine. If the block device is a volume, the Cinder volume will be named as a combination of the machine name and this name. Also, this name will be used for tagging the block device. Information about the block device tag can be obtained from the OpenStack metadata API or the config drive.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "sizeGiB": { + SchemaProps: spec.SchemaProps{ + Description: "sizeGiB is the size of the block device in gibibytes (GiB).", + Default: 0, + Type: []string{"integer"}, + Format: "int32", + }, + }, + "storage": { + SchemaProps: spec.SchemaProps{ + Description: "storage specifies the storage type of the block device and additional storage options.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1alpha1.BlockDeviceStorage"), + }, + }, + }, + Required: []string{"name", "sizeGiB", "storage"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1alpha1.BlockDeviceStorage"}, + } +} + +func schema_openshift_api_machine_v1alpha1_AddressPair(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "ipAddress": { + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, + "macAddress": { + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + +func schema_openshift_api_machine_v1alpha1_BlockDeviceStorage(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "blockDeviceStorage is the storage type of a block device to create and contains additional storage options.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { + SchemaProps: spec.SchemaProps{ + Description: "type is the type of block device to create. This can be either \"Volume\" or \"Local\".", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "volume": { + SchemaProps: spec.SchemaProps{ + Description: "volume contains additional storage options for a volume block device.", + Ref: ref("github.com/openshift/api/machine/v1alpha1.BlockDeviceVolume"), + }, + }, + }, + Required: []string{"type"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "type", + "fields-to-discriminateBy": map[string]interface{}{ + "volume": "Volume", + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1alpha1.BlockDeviceVolume"}, + } +} + +func schema_openshift_api_machine_v1alpha1_BlockDeviceVolume(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "blockDeviceVolume contains additional storage options for a volume block device.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { + SchemaProps: spec.SchemaProps{ + Description: "type is the Cinder volume type of the volume. If omitted, the default Cinder volume type that is configured in the OpenStack cloud will be used.", + Type: []string{"string"}, + Format: "", + }, + }, + "availabilityZone": { + SchemaProps: spec.SchemaProps{ + Description: "availabilityZone is the volume availability zone to create the volume in. If omitted, the availability zone of the server will be used. The availability zone must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + +func schema_openshift_api_machine_v1alpha1_Filter(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "id": { + SchemaProps: spec.SchemaProps{ + Description: "Deprecated: use NetworkParam.uuid instead. Ignored if NetworkParam.uuid is set.", + Type: []string{"string"}, + Format: "", + }, + }, + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name filters networks by name.", + Type: []string{"string"}, + Format: "", + }, + }, + "description": { + SchemaProps: spec.SchemaProps{ + Description: "description filters networks by description.", + Type: []string{"string"}, + Format: "", + }, + }, + "tenantId": { + SchemaProps: spec.SchemaProps{ + Description: "tenantId filters networks by tenant ID. Deprecated: use projectId instead. tenantId will be ignored if projectId is set.", + Type: []string{"string"}, + Format: "", + }, + }, + "projectId": { + SchemaProps: spec.SchemaProps{ + Description: "projectId filters networks by project ID.", + Type: []string{"string"}, + Format: "", + }, + }, + "tags": { + SchemaProps: spec.SchemaProps{ + Description: "tags filters by networks containing all specified tags. Multiple tags are comma separated.", + Type: []string{"string"}, + Format: "", + }, + }, + "tagsAny": { + SchemaProps: spec.SchemaProps{ + Description: "tagsAny filters by networks containing any specified tags. Multiple tags are comma separated.", + Type: []string{"string"}, + Format: "", + }, + }, + "notTags": { + SchemaProps: spec.SchemaProps{ + Description: "notTags filters by networks which don't match all specified tags. NOT (t1 AND t2...) Multiple tags are comma separated.", + Type: []string{"string"}, + Format: "", + }, + }, + "notTagsAny": { + SchemaProps: spec.SchemaProps{ + Description: "notTagsAny filters by networks which don't match any specified tags. NOT (t1 OR t2...) Multiple tags are comma separated.", + Type: []string{"string"}, + Format: "", + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "Deprecated: status is silently ignored. It has no replacement.", + Type: []string{"string"}, + Format: "", + }, + }, + "adminStateUp": { + SchemaProps: spec.SchemaProps{ + Description: "Deprecated: adminStateUp is silently ignored. It has no replacement.", + Type: []string{"boolean"}, + Format: "", + }, + }, + "shared": { + SchemaProps: spec.SchemaProps{ + Description: "Deprecated: shared is silently ignored. It has no replacement.", + Type: []string{"boolean"}, + Format: "", + }, + }, + "marker": { + SchemaProps: spec.SchemaProps{ + Description: "Deprecated: marker is silently ignored. It has no replacement.", + Type: []string{"string"}, + Format: "", + }, + }, + "limit": { + SchemaProps: spec.SchemaProps{ + Description: "Deprecated: limit is silently ignored. It has no replacement.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "sortKey": { + SchemaProps: spec.SchemaProps{ + Description: "Deprecated: sortKey is silently ignored. It has no replacement.", + Type: []string{"string"}, + Format: "", + }, + }, + "sortDir": { + SchemaProps: spec.SchemaProps{ + Description: "Deprecated: sortDir is silently ignored. It has no replacement.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + +func schema_openshift_api_machine_v1alpha1_FixedIPs(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "subnetID": { + SchemaProps: spec.SchemaProps{ + Description: "subnetID specifies the ID of the subnet where the fixed IP will be allocated.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "ipAddress": { + SchemaProps: spec.SchemaProps{ + Description: "ipAddress is a specific IP address to use in the given subnet. Port creation will fail if the address is not available. If not specified, an available IP from the given subnet will be selected automatically.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"subnetID"}, + }, + }, + } +} + +func schema_openshift_api_machine_v1alpha1_NetworkParam(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "uuid": { + SchemaProps: spec.SchemaProps{ + Description: "The UUID of the network. Required if you omit the port attribute.", + Type: []string{"string"}, + Format: "", + }, + }, + "fixedIp": { + SchemaProps: spec.SchemaProps{ + Description: "A fixed IPv4 address for the NIC. Deprecated: fixedIP is silently ignored. Use subnets instead.", + Type: []string{"string"}, + Format: "", + }, + }, + "filter": { + SchemaProps: spec.SchemaProps{ + Description: "Filters for optional network query", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1alpha1.Filter"), + }, + }, + "subnets": { + SchemaProps: spec.SchemaProps{ + Description: "Subnet within a network to use", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1alpha1.SubnetParam"), + }, + }, + }, + }, + }, + "noAllowedAddressPairs": { + SchemaProps: spec.SchemaProps{ + Description: "noAllowedAddressPairs disables creation of allowed address pairs for the network ports", + Type: []string{"boolean"}, + Format: "", + }, + }, + "portTags": { + SchemaProps: spec.SchemaProps{ + Description: "portTags allows users to specify a list of tags to add to ports created in a given network", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "vnicType": { + SchemaProps: spec.SchemaProps{ + Description: "The virtual network interface card (vNIC) type that is bound to the neutron port.", + Type: []string{"string"}, + Format: "", + }, + }, + "profile": { + SchemaProps: spec.SchemaProps{ + Description: "A dictionary that enables the application running on the specified host to pass and receive virtual network interface (VIF) port-specific information to the plug-in.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "portSecurity": { + SchemaProps: spec.SchemaProps{ + Description: "portSecurity optionally enables or disables security on ports managed by OpenStack", + Type: []string{"boolean"}, + Format: "", + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1alpha1.Filter", "github.com/openshift/api/machine/v1alpha1.SubnetParam"}, + } +} + +func schema_openshift_api_machine_v1alpha1_OpenstackProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "OpenstackProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an OpenStack Instance. It is used by the Openstack machine actuator to create a single machine instance. Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "cloudsSecret": { + SchemaProps: spec.SchemaProps{ + Description: "The name of the secret containing the openstack credentials", + Ref: ref("k8s.io/api/core/v1.SecretReference"), + }, + }, + "cloudName": { + SchemaProps: spec.SchemaProps{ + Description: "The name of the cloud to use from the clouds secret", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "flavor": { + SchemaProps: spec.SchemaProps{ + Description: "The flavor reference for the flavor for your server instance.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "image": { + SchemaProps: spec.SchemaProps{ + Description: "The name of the image to use for your server instance. If the RootVolume is specified, this will be ignored and use rootVolume directly.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "keyName": { + SchemaProps: spec.SchemaProps{ + Description: "The ssh key to inject in the instance", + Type: []string{"string"}, + Format: "", + }, + }, + "sshUserName": { + SchemaProps: spec.SchemaProps{ + Description: "The machine ssh username Deprecated: sshUserName is silently ignored.", + Type: []string{"string"}, + Format: "", + }, + }, + "networks": { + SchemaProps: spec.SchemaProps{ + Description: "A networks object. Required parameter when there are multiple networks defined for the tenant. When you do not specify the networks parameter, the server attaches to the only network created for the current tenant.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1alpha1.NetworkParam"), + }, + }, + }, + }, + }, + "ports": { + SchemaProps: spec.SchemaProps{ + Description: "Create and assign additional ports to instances", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1alpha1.PortOpts"), + }, + }, + }, + }, + }, + "floatingIP": { + SchemaProps: spec.SchemaProps{ + Description: "floatingIP specifies a floating IP to be associated with the machine. Note that it is not safe to use this parameter in a MachineSet, as only one Machine may be assigned the same floating IP.\n\nDeprecated: floatingIP will be removed in a future release as it cannot be implemented correctly.", + Type: []string{"string"}, + Format: "", + }, + }, + "availabilityZone": { + SchemaProps: spec.SchemaProps{ + Description: "The availability zone from which to launch the server.", + Type: []string{"string"}, + Format: "", + }, + }, + "securityGroups": { + SchemaProps: spec.SchemaProps{ + Description: "The names of the security groups to assign to the instance", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1alpha1.SecurityGroupParam"), + }, + }, + }, + }, + }, + "userDataSecret": { + SchemaProps: spec.SchemaProps{ + Description: "The name of the secret containing the user data (startup script in most cases)", + Ref: ref("k8s.io/api/core/v1.SecretReference"), + }, + }, + "trunk": { + SchemaProps: spec.SchemaProps{ + Description: "Whether the server instance is created on a trunk port or not.", + Type: []string{"boolean"}, + Format: "", + }, + }, + "tags": { + SchemaProps: spec.SchemaProps{ + Description: "Machine tags Requires Nova api 2.52 minimum!", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "serverMetadata": { + SchemaProps: spec.SchemaProps{ + Description: "Metadata mapping. Allows you to create a map of key value pairs to add to the server instance.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "configDrive": { + SchemaProps: spec.SchemaProps{ + Description: "Config Drive support", + Type: []string{"boolean"}, + Format: "", + }, + }, + "rootVolume": { + SchemaProps: spec.SchemaProps{ + Description: "The volume metadata to boot from", + Ref: ref("github.com/openshift/api/machine/v1alpha1.RootVolume"), + }, + }, + "additionalBlockDevices": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "additionalBlockDevices is a list of specifications for additional block devices to attach to the server instance", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1alpha1.AdditionalBlockDevice"), + }, + }, + }, + }, + }, + "serverGroupID": { + SchemaProps: spec.SchemaProps{ + Description: "The server group to assign the machine to.", + Type: []string{"string"}, + Format: "", + }, + }, + "serverGroupName": { + SchemaProps: spec.SchemaProps{ + Description: "The server group to assign the machine to. A server group with that name will be created if it does not exist. If both ServerGroupID and ServerGroupName are non-empty, they must refer to the same OpenStack resource.", + Type: []string{"string"}, + Format: "", + }, + }, + "primarySubnet": { + SchemaProps: spec.SchemaProps{ + Description: "The subnet that a set of machines will get ingress/egress traffic from Deprecated: primarySubnet is silently ignored. Use subnets instead.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"cloudsSecret", "cloudName", "flavor", "image"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1alpha1.AdditionalBlockDevice", "github.com/openshift/api/machine/v1alpha1.NetworkParam", "github.com/openshift/api/machine/v1alpha1.PortOpts", "github.com/openshift/api/machine/v1alpha1.RootVolume", "github.com/openshift/api/machine/v1alpha1.SecurityGroupParam", "k8s.io/api/core/v1.SecretReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_openshift_api_machine_v1alpha1_PortOpts(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "networkID": { + SchemaProps: spec.SchemaProps{ + Description: "networkID is the ID of the network the port will be created in. It is required.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "nameSuffix": { + SchemaProps: spec.SchemaProps{ + Description: "If nameSuffix is specified the created port will be named -. If not specified the port will be named -.", + Type: []string{"string"}, + Format: "", + }, + }, + "description": { + SchemaProps: spec.SchemaProps{ + Description: "description specifies the description of the created port.", + Type: []string{"string"}, + Format: "", + }, + }, + "adminStateUp": { + SchemaProps: spec.SchemaProps{ + Description: "adminStateUp sets the administrative state of the created port to up (true), or down (false).", + Type: []string{"boolean"}, + Format: "", + }, + }, + "macAddress": { + SchemaProps: spec.SchemaProps{ + Description: "macAddress specifies the MAC address of the created port.", + Type: []string{"string"}, + Format: "", + }, + }, + "fixedIPs": { + SchemaProps: spec.SchemaProps{ + Description: "fixedIPs specifies a set of fixed IPs to assign to the port. They must all be valid for the port's network.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1alpha1.FixedIPs"), + }, + }, + }, + }, + }, + "tenantID": { + SchemaProps: spec.SchemaProps{ + Description: "tenantID specifies the tenant ID of the created port. Note that this requires OpenShift to have administrative permissions, which is typically not the case. Use of this field is not recommended. Deprecated: tenantID is silently ignored.", + Type: []string{"string"}, + Format: "", + }, + }, + "projectID": { + SchemaProps: spec.SchemaProps{ + Description: "projectID specifies the project ID of the created port. Note that this requires OpenShift to have administrative permissions, which is typically not the case. Use of this field is not recommended. Deprecated: projectID is silently ignored.", + Type: []string{"string"}, + Format: "", + }, + }, + "securityGroups": { + SchemaProps: spec.SchemaProps{ + Description: "securityGroups specifies a set of security group UUIDs to use instead of the machine's default security groups. The default security groups will be used if this is left empty or not specified.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "allowedAddressPairs": { + SchemaProps: spec.SchemaProps{ + Description: "allowedAddressPairs specifies a set of allowed address pairs to add to the port.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1alpha1.AddressPair"), + }, + }, + }, + }, + }, + "tags": { + SchemaProps: spec.SchemaProps{ + Description: "tags species a set of tags to add to the port.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "vnicType": { + SchemaProps: spec.SchemaProps{ + Description: "The virtual network interface card (vNIC) type that is bound to the neutron port.", + Type: []string{"string"}, + Format: "", + }, + }, + "profile": { + SchemaProps: spec.SchemaProps{ + Description: "A dictionary that enables the application running on the specified host to pass and receive virtual network interface (VIF) port-specific information to the plug-in.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "portSecurity": { + SchemaProps: spec.SchemaProps{ + Description: "enable or disable security on a given port incompatible with securityGroups and allowedAddressPairs", + Type: []string{"boolean"}, Format: "", }, }, - "sizeGiB": { + "trunk": { SchemaProps: spec.SchemaProps{ - Description: "sizeGiB is the size of the block device in gibibytes (GiB).", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "Enables and disables trunk at port level. If not provided, openStackMachine.Spec.Trunk is inherited.", + Type: []string{"boolean"}, + Format: "", }, }, - "storage": { + "hostID": { SchemaProps: spec.SchemaProps{ - Description: "storage specifies the storage type of the block device and additional storage options.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1alpha1.BlockDeviceStorage"), + Description: "The ID of the host where the port is allocated. Do not use this field: it cannot be used correctly. Deprecated: hostID is silently ignored. It will be removed with no replacement.", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"name", "sizeGiB", "storage"}, + Required: []string{"networkID"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1alpha1.BlockDeviceStorage"}, + "github.com/openshift/api/machine/v1alpha1.AddressPair", "github.com/openshift/api/machine/v1alpha1.FixedIPs"}, } } -func schema_openshift_api_machine_v1alpha1_AddressPair(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1alpha1_RootVolume(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ Type: []string{"object"}, Properties: map[string]spec.Schema{ - "ipAddress": { - SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", - }, - }, - "macAddress": { + "sourceUUID": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "sourceUUID specifies the UUID of a glance image used to populate the root volume. Deprecated: set image in the platform spec instead. This will be ignored if image is set in the platform spec.", + Type: []string{"string"}, + Format: "", }, }, - }, - }, - }, - } -} - -func schema_openshift_api_machine_v1alpha1_BlockDeviceStorage(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "blockDeviceStorage is the storage type of a block device to create and contains additional storage options.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "type": { + "volumeType": { SchemaProps: spec.SchemaProps{ - Description: "type is the type of block device to create. This can be either \"Volume\" or \"Local\".", - Default: "", + Description: "volumeType specifies a volume type to use when creating the root volume. If not specified the default volume type will be used.", Type: []string{"string"}, Format: "", }, }, - "volume": { + "diskSize": { SchemaProps: spec.SchemaProps{ - Description: "volume contains additional storage options for a volume block device.", - Ref: ref("github.com/openshift/api/machine/v1alpha1.BlockDeviceVolume"), + Description: "diskSize specifies the size, in GiB, of the created root volume.", + Type: []string{"integer"}, + Format: "int32", }, }, - }, - Required: []string{"type"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "type", - "fields-to-discriminateBy": map[string]interface{}{ - "volume": "Volume", - }, + "availabilityZone": { + SchemaProps: spec.SchemaProps{ + Description: "availabilityZone specifies the Cinder availability where the root volume will be created.", + Type: []string{"string"}, + Format: "", }, }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1alpha1.BlockDeviceVolume"}, - } -} - -func schema_openshift_api_machine_v1alpha1_BlockDeviceVolume(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "blockDeviceVolume contains additional storage options for a volume block device.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "type": { + "sourceType": { SchemaProps: spec.SchemaProps{ - Description: "type is the Cinder volume type of the volume. If omitted, the default Cinder volume type that is configured in the OpenStack cloud will be used.", + Description: "Deprecated: sourceType will be silently ignored. There is no replacement.", Type: []string{"string"}, Format: "", }, }, - "availabilityZone": { + "deviceType": { SchemaProps: spec.SchemaProps{ - Description: "availabilityZone is the volume availability zone to create the volume in. If omitted, the availability zone of the server will be used. The availability zone must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information.", + Description: "Deprecated: deviceType will be silently ignored. There is no replacement.", Type: []string{"string"}, Format: "", }, @@ -41100,7 +40507,7 @@ func schema_openshift_api_machine_v1alpha1_BlockDeviceVolume(ref common.Referenc } } -func schema_openshift_api_machine_v1alpha1_Filter(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1alpha1_SecurityGroupFilter(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -41108,86 +40515,72 @@ func schema_openshift_api_machine_v1alpha1_Filter(ref common.ReferenceCallback) Properties: map[string]spec.Schema{ "id": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: use NetworkParam.uuid instead. Ignored if NetworkParam.uuid is set.", + Description: "id specifies the ID of a security group to use. If set, id will not be validated before use. An invalid id will result in failure to create a server with an appropriate error message.", Type: []string{"string"}, Format: "", }, }, "name": { SchemaProps: spec.SchemaProps{ - Description: "name filters networks by name.", + Description: "name filters security groups by name.", Type: []string{"string"}, Format: "", }, }, "description": { SchemaProps: spec.SchemaProps{ - Description: "description filters networks by description.", + Description: "description filters security groups by description.", Type: []string{"string"}, Format: "", }, }, "tenantId": { SchemaProps: spec.SchemaProps{ - Description: "tenantId filters networks by tenant ID. Deprecated: use projectId instead. tenantId will be ignored if projectId is set.", + Description: "tenantId filters security groups by tenant ID. Deprecated: use projectId instead. tenantId will be ignored if projectId is set.", Type: []string{"string"}, Format: "", }, }, "projectId": { SchemaProps: spec.SchemaProps{ - Description: "projectId filters networks by project ID.", + Description: "projectId filters security groups by project ID.", Type: []string{"string"}, Format: "", }, }, "tags": { SchemaProps: spec.SchemaProps{ - Description: "tags filters by networks containing all specified tags. Multiple tags are comma separated.", + Description: "tags filters by security groups containing all specified tags. Multiple tags are comma separated.", Type: []string{"string"}, Format: "", }, }, "tagsAny": { SchemaProps: spec.SchemaProps{ - Description: "tagsAny filters by networks containing any specified tags. Multiple tags are comma separated.", + Description: "tagsAny filters by security groups containing any specified tags. Multiple tags are comma separated.", Type: []string{"string"}, Format: "", }, }, "notTags": { SchemaProps: spec.SchemaProps{ - Description: "notTags filters by networks which don't match all specified tags. NOT (t1 AND t2...) Multiple tags are comma separated.", + Description: "notTags filters by security groups which don't match all specified tags. NOT (t1 AND t2...) Multiple tags are comma separated.", Type: []string{"string"}, Format: "", }, }, "notTagsAny": { SchemaProps: spec.SchemaProps{ - Description: "notTagsAny filters by networks which don't match any specified tags. NOT (t1 OR t2...) Multiple tags are comma separated.", - Type: []string{"string"}, - Format: "", - }, - }, - "status": { - SchemaProps: spec.SchemaProps{ - Description: "Deprecated: status is silently ignored. It has no replacement.", + Description: "notTagsAny filters by security groups which don't match any specified tags. NOT (t1 OR t2...) Multiple tags are comma separated.", Type: []string{"string"}, Format: "", }, }, - "adminStateUp": { - SchemaProps: spec.SchemaProps{ - Description: "Deprecated: adminStateUp is silently ignored. It has no replacement.", - Type: []string{"boolean"}, - Format: "", - }, - }, - "shared": { + "limit": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: shared is silently ignored. It has no replacement.", - Type: []string{"boolean"}, - Format: "", + Description: "Deprecated: limit is silently ignored. It has no replacement.", + Type: []string{"integer"}, + Format: "int32", }, }, "marker": { @@ -41197,13 +40590,6 @@ func schema_openshift_api_machine_v1alpha1_Filter(ref common.ReferenceCallback) Format: "", }, }, - "limit": { - SchemaProps: spec.SchemaProps{ - Description: "Deprecated: limit is silently ignored. It has no replacement.", - Type: []string{"integer"}, - Format: "int32", - }, - }, "sortKey": { SchemaProps: spec.SchemaProps{ Description: "Deprecated: sortKey is silently ignored. It has no replacement.", @@ -41224,279 +40610,223 @@ func schema_openshift_api_machine_v1alpha1_Filter(ref common.ReferenceCallback) } } -func schema_openshift_api_machine_v1alpha1_FixedIPs(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1alpha1_SecurityGroupParam(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ Type: []string{"object"}, Properties: map[string]spec.Schema{ - "subnetID": { + "uuid": { SchemaProps: spec.SchemaProps{ - Description: "subnetID specifies the ID of the subnet where the fixed IP will be allocated.", - Default: "", + Description: "Security Group UUID", Type: []string{"string"}, Format: "", }, }, - "ipAddress": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "ipAddress is a specific IP address to use in the given subnet. Port creation will fail if the address is not available. If not specified, an available IP from the given subnet will be selected automatically.", + Description: "Security Group name", Type: []string{"string"}, Format: "", }, }, + "filter": { + SchemaProps: spec.SchemaProps{ + Description: "Filters used to query security groups in openstack", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1alpha1.SecurityGroupFilter"), + }, + }, }, - Required: []string{"subnetID"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1alpha1.SecurityGroupFilter"}, } } -func schema_openshift_api_machine_v1alpha1_NetworkParam(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1alpha1_SubnetFilter(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ Type: []string{"object"}, Properties: map[string]spec.Schema{ - "uuid": { + "id": { SchemaProps: spec.SchemaProps{ - Description: "The UUID of the network. Required if you omit the port attribute.", + Description: "id is the uuid of a specific subnet to use. If specified, id will not be validated. Instead server creation will fail with an appropriate error.", Type: []string{"string"}, Format: "", }, }, - "fixedIp": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "A fixed IPv4 address for the NIC. Deprecated: fixedIP is silently ignored. Use subnets instead.", + Description: "name filters subnets by name.", Type: []string{"string"}, Format: "", }, }, - "filter": { - SchemaProps: spec.SchemaProps{ - Description: "Filters for optional network query", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1alpha1.Filter"), - }, - }, - "subnets": { + "description": { SchemaProps: spec.SchemaProps{ - Description: "Subnet within a network to use", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1alpha1.SubnetParam"), - }, - }, - }, + Description: "description filters subnets by description.", + Type: []string{"string"}, + Format: "", }, }, - "noAllowedAddressPairs": { + "networkId": { SchemaProps: spec.SchemaProps{ - Description: "noAllowedAddressPairs disables creation of allowed address pairs for the network ports", - Type: []string{"boolean"}, + Description: "Deprecated: networkId is silently ignored. Set uuid on the containing network definition instead.", + Type: []string{"string"}, Format: "", }, }, - "portTags": { + "tenantId": { SchemaProps: spec.SchemaProps{ - Description: "portTags allows users to specify a list of tags to add to ports created in a given network", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "tenantId filters subnets by tenant ID. Deprecated: use projectId instead. tenantId will be ignored if projectId is set.", + Type: []string{"string"}, + Format: "", }, }, - "vnicType": { + "projectId": { SchemaProps: spec.SchemaProps{ - Description: "The virtual network interface card (vNIC) type that is bound to the neutron port.", + Description: "projectId filters subnets by project ID.", Type: []string{"string"}, Format: "", }, }, - "profile": { + "ipVersion": { SchemaProps: spec.SchemaProps{ - Description: "A dictionary that enables the application running on the specified host to pass and receive virtual network interface (VIF) port-specific information to the plug-in.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "ipVersion filters subnets by IP version.", + Type: []string{"integer"}, + Format: "int32", }, }, - "portSecurity": { + "gateway_ip": { SchemaProps: spec.SchemaProps{ - Description: "portSecurity optionally enables or disables security on ports managed by OpenStack", - Type: []string{"boolean"}, + Description: "gateway_ip filters subnets by gateway IP.", + Type: []string{"string"}, Format: "", }, }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1alpha1.Filter", "github.com/openshift/api/machine/v1alpha1.SubnetParam"}, - } -} - -func schema_openshift_api_machine_v1alpha1_OpenstackProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "OpenstackProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an OpenStack Instance. It is used by the Openstack machine actuator to create a single machine instance. Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { + "cidr": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "cidr filters subnets by CIDR.", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "ipv6AddressMode": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "ipv6AddressMode filters subnets by IPv6 address mode.", Type: []string{"string"}, Format: "", }, }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), - }, - }, - "cloudsSecret": { + "ipv6RaMode": { SchemaProps: spec.SchemaProps{ - Description: "The name of the secret containing the openstack credentials", - Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), + Description: "ipv6RaMode filters subnets by IPv6 router adversiement mode.", + Type: []string{"string"}, + Format: "", }, }, - "cloudName": { + "subnetpoolId": { SchemaProps: spec.SchemaProps{ - Description: "The name of the cloud to use from the clouds secret", - Default: "", + Description: "subnetpoolId filters subnets by subnet pool ID. Deprecated: subnetpoolId is silently ignored.", Type: []string{"string"}, Format: "", }, }, - "flavor": { + "tags": { SchemaProps: spec.SchemaProps{ - Description: "The flavor reference for the flavor for your server instance.", - Default: "", + Description: "tags filters by subnets containing all specified tags. Multiple tags are comma separated.", Type: []string{"string"}, Format: "", }, }, - "image": { + "tagsAny": { SchemaProps: spec.SchemaProps{ - Description: "The name of the image to use for your server instance. If the RootVolume is specified, this will be ignored and use rootVolume directly.", - Default: "", + Description: "tagsAny filters by subnets containing any specified tags. Multiple tags are comma separated.", Type: []string{"string"}, Format: "", }, }, - "keyName": { + "notTags": { SchemaProps: spec.SchemaProps{ - Description: "The ssh key to inject in the instance", + Description: "notTags filters by subnets which don't match all specified tags. NOT (t1 AND t2...) Multiple tags are comma separated.", Type: []string{"string"}, Format: "", }, }, - "sshUserName": { + "notTagsAny": { SchemaProps: spec.SchemaProps{ - Description: "The machine ssh username Deprecated: sshUserName is silently ignored.", + Description: "notTagsAny filters by subnets which don't match any specified tags. NOT (t1 OR t2...) Multiple tags are comma separated.", Type: []string{"string"}, Format: "", }, }, - "networks": { + "enableDhcp": { SchemaProps: spec.SchemaProps{ - Description: "A networks object. Required parameter when there are multiple networks defined for the tenant. When you do not specify the networks parameter, the server attaches to the only network created for the current tenant.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1alpha1.NetworkParam"), - }, - }, - }, + Description: "Deprecated: enableDhcp is silently ignored. It has no replacement.", + Type: []string{"boolean"}, + Format: "", }, }, - "ports": { + "limit": { SchemaProps: spec.SchemaProps{ - Description: "Create and assign additional ports to instances", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1alpha1.PortOpts"), - }, - }, - }, + Description: "Deprecated: limit is silently ignored. It has no replacement.", + Type: []string{"integer"}, + Format: "int32", }, }, - "floatingIP": { + "marker": { SchemaProps: spec.SchemaProps{ - Description: "floatingIP specifies a floating IP to be associated with the machine. Note that it is not safe to use this parameter in a MachineSet, as only one Machine may be assigned the same floating IP.\n\nDeprecated: floatingIP will be removed in a future release as it cannot be implemented correctly.", + Description: "Deprecated: marker is silently ignored. It has no replacement.", Type: []string{"string"}, Format: "", }, }, - "availabilityZone": { + "sortKey": { SchemaProps: spec.SchemaProps{ - Description: "The availability zone from which to launch the server.", + Description: "Deprecated: sortKey is silently ignored. It has no replacement.", Type: []string{"string"}, Format: "", }, }, - "securityGroups": { + "sortDir": { SchemaProps: spec.SchemaProps{ - Description: "The names of the security groups to assign to the instance", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1alpha1.SecurityGroupParam"), - }, - }, - }, + Description: "Deprecated: sortDir is silently ignored. It has no replacement.", + Type: []string{"string"}, + Format: "", }, }, - "userDataSecret": { + }, + }, + }, + } +} + +func schema_openshift_api_machine_v1alpha1_SubnetParam(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "uuid": { SchemaProps: spec.SchemaProps{ - Description: "The name of the secret containing the user data (startup script in most cases)", - Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), + Description: "The UUID of the network. Required if you omit the port attribute.", + Type: []string{"string"}, + Format: "", }, }, - "trunk": { + "filter": { SchemaProps: spec.SchemaProps{ - Description: "Whether the server instance is created on a trunk port or not.", - Type: []string{"boolean"}, - Format: "", + Description: "Filters for optional network query", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1alpha1.SubnetFilter"), }, }, - "tags": { + "portTags": { SchemaProps: spec.SchemaProps{ - Description: "Machine tags Requires Nova api 2.52 minimum!", + Description: "portTags are tags that are added to ports created on this subnet", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -41509,660 +40839,776 @@ func schema_openshift_api_machine_v1alpha1_OpenstackProviderSpec(ref common.Refe }, }, }, - "serverMetadata": { + "portSecurity": { SchemaProps: spec.SchemaProps{ - Description: "Metadata mapping. Allows you to create a map of key value pairs to add to the server instance.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "portSecurity optionally enables or disables security on ports managed by OpenStack Deprecated: portSecurity is silently ignored. Set portSecurity on the parent network instead.", + Type: []string{"boolean"}, + Format: "", }, }, - "configDrive": { + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1alpha1.SubnetFilter"}, + } +} + +func schema_openshift_api_machine_v1beta1_AWSMachineProviderConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "AWSMachineProviderConfig is the Schema for the awsmachineproviderconfigs API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { SchemaProps: spec.SchemaProps{ - Description: "Config Drive support", - Type: []string{"boolean"}, + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, Format: "", }, }, - "rootVolume": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "The volume metadata to boot from", - Ref: ref("github.com/openshift/api/machine/v1alpha1.RootVolume"), + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", }, }, - "additionalBlockDevices": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, + }, + "ami": { SchemaProps: spec.SchemaProps{ - Description: "additionalBlockDevices is a list of specifications for additional block devices to attach to the server instance", + Description: "ami is the reference to the AMI from which to create the machine instance.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.AWSResourceReference"), + }, + }, + "instanceType": { + SchemaProps: spec.SchemaProps{ + Description: "instanceType is the type of instance to create. Example: m4.xlarge", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "cpuOptions": { + SchemaProps: spec.SchemaProps{ + Description: "cpuOptions defines CPU-related settings for the instance, including the confidential computing policy. When omitted, this means no opinion and the AWS platform is left to choose a reasonable default. More info: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CpuOptionsRequest.html, https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cpu-options-supported-instances-values.html", + Ref: ref("github.com/openshift/api/machine/v1beta1.CPUOptions"), + }, + }, + "tags": { + SchemaProps: spec.SchemaProps{ + Description: "tags is the set of tags to add to apply to an instance, in addition to the ones added by default by the actuator. These tags are additive. The actuator will ensure these tags are present, but will not remove any other tags that may exist on the instance.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1alpha1.AdditionalBlockDevice"), + Ref: ref("github.com/openshift/api/machine/v1beta1.TagSpecification"), }, }, }, }, }, - "serverGroupID": { - SchemaProps: spec.SchemaProps{ - Description: "The server group to assign the machine to.", - Type: []string{"string"}, - Format: "", - }, - }, - "serverGroupName": { + "iamInstanceProfile": { SchemaProps: spec.SchemaProps{ - Description: "The server group to assign the machine to. A server group with that name will be created if it does not exist. If both ServerGroupID and ServerGroupName are non-empty, they must refer to the same OpenStack resource.", - Type: []string{"string"}, - Format: "", + Description: "iamInstanceProfile is a reference to an IAM role to assign to the instance", + Ref: ref("github.com/openshift/api/machine/v1beta1.AWSResourceReference"), }, }, - "primarySubnet": { - SchemaProps: spec.SchemaProps{ - Description: "The subnet that a set of machines will get ingress/egress traffic from Deprecated: primarySubnet is silently ignored. Use subnets instead.", - Type: []string{"string"}, - Format: "", + "userDataSecret": { + SchemaProps: spec.SchemaProps{ + Description: "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, - }, - Required: []string{"cloudsSecret", "cloudName", "flavor", "image"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1alpha1.AdditionalBlockDevice", "github.com/openshift/api/machine/v1alpha1.NetworkParam", "github.com/openshift/api/machine/v1alpha1.PortOpts", "github.com/openshift/api/machine/v1alpha1.RootVolume", "github.com/openshift/api/machine/v1alpha1.SecurityGroupParam", corev1.SecretReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_machine_v1alpha1_PortOpts(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "networkID": { + "credentialsSecret": { SchemaProps: spec.SchemaProps{ - Description: "networkID is the ID of the network the port will be created in. It is required.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "credentialsSecret is a reference to the secret with AWS credentials. Otherwise, defaults to permissions provided by attached IAM role where the actuator is running.", + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, - "nameSuffix": { + "keyName": { SchemaProps: spec.SchemaProps{ - Description: "If nameSuffix is specified the created port will be named -. If not specified the port will be named -.", + Description: "keyName is the name of the KeyPair to use for SSH", Type: []string{"string"}, Format: "", }, }, - "description": { + "deviceIndex": { SchemaProps: spec.SchemaProps{ - Description: "description specifies the description of the created port.", - Type: []string{"string"}, - Format: "", + Description: "deviceIndex is the index of the device on the instance for the network interface attachment. Defaults to 0.", + Default: 0, + Type: []string{"integer"}, + Format: "int64", }, }, - "adminStateUp": { + "publicIp": { SchemaProps: spec.SchemaProps{ - Description: "adminStateUp sets the administrative state of the created port to up (true), or down (false).", + Description: "publicIp specifies whether the instance should get a public IP. If not present, it should use the default of its subnet.", Type: []string{"boolean"}, Format: "", }, }, - "macAddress": { + "networkInterfaceType": { SchemaProps: spec.SchemaProps{ - Description: "macAddress specifies the MAC address of the created port.", + Description: "networkInterfaceType specifies the type of network interface to be used for the primary network interface. Valid values are \"ENA\", \"EFA\", and omitted, which means no opinion and the platform chooses a good default which may change over time. The current default value is \"ENA\". Please visit https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html to learn more about the AWS Elastic Fabric Adapter interface option.", Type: []string{"string"}, Format: "", }, }, - "fixedIPs": { + "securityGroups": { SchemaProps: spec.SchemaProps{ - Description: "fixedIPs specifies a set of fixed IPs to assign to the port. They must all be valid for the port's network.", + Description: "securityGroups is an array of references to security groups that should be applied to the instance.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1alpha1.FixedIPs"), + Ref: ref("github.com/openshift/api/machine/v1beta1.AWSResourceReference"), }, }, }, }, }, - "tenantID": { + "subnet": { SchemaProps: spec.SchemaProps{ - Description: "tenantID specifies the tenant ID of the created port. Note that this requires OpenShift to have administrative permissions, which is typically not the case. Use of this field is not recommended. Deprecated: tenantID is silently ignored.", - Type: []string{"string"}, - Format: "", + Description: "subnet is a reference to the subnet to use for this instance", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.AWSResourceReference"), }, }, - "projectID": { + "placement": { SchemaProps: spec.SchemaProps{ - Description: "projectID specifies the project ID of the created port. Note that this requires OpenShift to have administrative permissions, which is typically not the case. Use of this field is not recommended. Deprecated: projectID is silently ignored.", - Type: []string{"string"}, - Format: "", + Description: "placement specifies where to create the instance in AWS", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.Placement"), }, }, - "securityGroups": { + "loadBalancers": { SchemaProps: spec.SchemaProps{ - Description: "securityGroups specifies a set of security group UUIDs to use instead of the machine's default security groups. The default security groups will be used if this is left empty or not specified.", + Description: "loadBalancers is the set of load balancers to which the new instance should be added once it is created.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.LoadBalancerReference"), }, }, }, }, }, - "allowedAddressPairs": { + "blockDevices": { SchemaProps: spec.SchemaProps{ - Description: "allowedAddressPairs specifies a set of allowed address pairs to add to the port.", + Description: "blockDevices is the set of block device mapping associated to this instance, block device without a name will be used as a root device and only one device without a name is allowed https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1alpha1.AddressPair"), + Ref: ref("github.com/openshift/api/machine/v1beta1.BlockDeviceMappingSpec"), }, }, }, }, }, - "tags": { + "spotMarketOptions": { SchemaProps: spec.SchemaProps{ - Description: "tags species a set of tags to add to the port.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "spotMarketOptions allows users to configure instances to be run using AWS Spot instances.", + Ref: ref("github.com/openshift/api/machine/v1beta1.SpotMarketOptions"), }, }, - "vnicType": { + "metadataServiceOptions": { SchemaProps: spec.SchemaProps{ - Description: "The virtual network interface card (vNIC) type that is bound to the neutron port.", - Type: []string{"string"}, - Format: "", + Description: "metadataServiceOptions allows users to configure instance metadata service interaction options. If nothing specified, default AWS IMDS settings will be applied. https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_InstanceMetadataOptionsRequest.html", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.MetadataServiceOptions"), }, }, - "profile": { + "placementGroupName": { SchemaProps: spec.SchemaProps{ - Description: "A dictionary that enables the application running on the specified host to pass and receive virtual network interface (VIF) port-specific information to the plug-in.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "placementGroupName specifies the name of the placement group in which to launch the instance. The placement group must already be created and may use any placement strategy. When omitted, no placement group is used when creating the EC2 instance.", + Type: []string{"string"}, + Format: "", }, }, - "portSecurity": { + "placementGroupPartition": { SchemaProps: spec.SchemaProps{ - Description: "enable or disable security on a given port incompatible with securityGroups and allowedAddressPairs", - Type: []string{"boolean"}, - Format: "", + Description: "placementGroupPartition is the partition number within the placement group in which to launch the instance. This must be an integer value between 1 and 7. It is only valid if the placement group, referred in `PlacementGroupName` was created with strategy set to partition.", + Type: []string{"integer"}, + Format: "int32", }, }, - "trunk": { + "capacityReservationId": { SchemaProps: spec.SchemaProps{ - Description: "Enables and disables trunk at port level. If not provided, openStackMachine.Spec.Trunk is inherited.", - Type: []string{"boolean"}, + Description: "capacityReservationId specifies the target Capacity Reservation into which the instance should be launched. The field size should be greater than 0 and the field input must start with cr-***", + Default: "", + Type: []string{"string"}, Format: "", }, }, - "hostID": { + "marketType": { SchemaProps: spec.SchemaProps{ - Description: "The ID of the host where the port is allocated. Do not use this field: it cannot be used correctly. Deprecated: hostID is silently ignored. It will be removed with no replacement.", + Description: "marketType specifies the type of market for the EC2 instance. Valid values are OnDemand, Spot, CapacityBlock and omitted.\n\nDefaults to OnDemand. When SpotMarketOptions is provided, the marketType defaults to \"Spot\".\n\nWhen set to OnDemand the instance runs as a standard OnDemand instance. When set to Spot the instance runs as a Spot instance. When set to CapacityBlock the instance utilizes pre-purchased compute capacity (capacity blocks) with AWS Capacity Reservations. If this value is selected, capacityReservationID must be specified to identify the target reservation.", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"networkID"}, + Required: []string{"ami", "instanceType", "deviceIndex", "subnet", "placement"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1alpha1.AddressPair", "github.com/openshift/api/machine/v1alpha1.FixedIPs"}, + "github.com/openshift/api/machine/v1beta1.AWSResourceReference", "github.com/openshift/api/machine/v1beta1.BlockDeviceMappingSpec", "github.com/openshift/api/machine/v1beta1.CPUOptions", "github.com/openshift/api/machine/v1beta1.LoadBalancerReference", "github.com/openshift/api/machine/v1beta1.MetadataServiceOptions", "github.com/openshift/api/machine/v1beta1.Placement", "github.com/openshift/api/machine/v1beta1.SpotMarketOptions", "github.com/openshift/api/machine/v1beta1.TagSpecification", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_machine_v1alpha1_RootVolume(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_AWSMachineProviderConfigList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "AWSMachineProviderConfigList contains a list of AWSMachineProviderConfig Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "sourceUUID": { - SchemaProps: spec.SchemaProps{ - Description: "sourceUUID specifies the UUID of a glance image used to populate the root volume. Deprecated: set image in the platform spec instead. This will be ignored if image is set in the platform spec.", - Type: []string{"string"}, - Format: "", - }, - }, - "volumeType": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "volumeType specifies a volume type to use when creating the root volume. If not specified the default volume type will be used.", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "diskSize": { - SchemaProps: spec.SchemaProps{ - Description: "diskSize specifies the size, in GiB, of the created root volume.", - Type: []string{"integer"}, - Format: "int32", - }, - }, - "availabilityZone": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "availabilityZone specifies the Cinder availability where the root volume will be created.", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - "sourceType": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: sourceType will be silently ignored. There is no replacement.", - Type: []string{"string"}, - Format: "", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, - "deviceType": { + "items": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: deviceType will be silently ignored. There is no replacement.", - Type: []string{"string"}, - Format: "", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.AWSMachineProviderConfig"), + }, + }, + }, }, }, }, + Required: []string{"items"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.AWSMachineProviderConfig", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_machine_v1alpha1_SecurityGroupFilter(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_AWSMachineProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "AWSMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains AWS-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "id": { - SchemaProps: spec.SchemaProps{ - Description: "id specifies the ID of a security group to use. If set, id will not be validated before use. An invalid id will result in failure to create a server with an appropriate error message.", - Type: []string{"string"}, - Format: "", - }, - }, - "name": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "name filters security groups by name.", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "description": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "description filters security groups by description.", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - "tenantId": { + "instanceId": { SchemaProps: spec.SchemaProps{ - Description: "tenantId filters security groups by tenant ID. Deprecated: use projectId instead. tenantId will be ignored if projectId is set.", + Description: "instanceId is the instance ID of the machine created in AWS", Type: []string{"string"}, Format: "", }, }, - "projectId": { + "instanceState": { SchemaProps: spec.SchemaProps{ - Description: "projectId filters security groups by project ID.", + Description: "instanceState is the state of the AWS instance for this machine", Type: []string{"string"}, Format: "", }, }, - "tags": { - SchemaProps: spec.SchemaProps{ - Description: "tags filters by security groups containing all specified tags. Multiple tags are comma separated.", - Type: []string{"string"}, - Format: "", + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + }, }, - }, - "tagsAny": { SchemaProps: spec.SchemaProps{ - Description: "tagsAny filters by security groups containing any specified tags. Multiple tags are comma separated.", - Type: []string{"string"}, - Format: "", + Description: "conditions is a set of conditions associated with the Machine to indicate errors or other status", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + }, + }, + }, }, }, - "notTags": { + }, + }, + }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + } +} + +func schema_openshift_api_machine_v1beta1_AWSResourceReference(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "AWSResourceReference is a reference to a specific AWS resource by ID, ARN, or filters. Only one of ID, ARN or Filters may be specified. Specifying more than one will result in a validation error.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "id": { SchemaProps: spec.SchemaProps{ - Description: "notTags filters by security groups which don't match all specified tags. NOT (t1 AND t2...) Multiple tags are comma separated.", + Description: "id of resource", Type: []string{"string"}, Format: "", }, }, - "notTagsAny": { + "arn": { SchemaProps: spec.SchemaProps{ - Description: "notTagsAny filters by security groups which don't match any specified tags. NOT (t1 OR t2...) Multiple tags are comma separated.", + Description: "arn of resource", Type: []string{"string"}, Format: "", }, }, - "limit": { + "filters": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: limit is silently ignored. It has no replacement.", - Type: []string{"integer"}, - Format: "int32", + Description: "filters is a set of filters used to identify a resource", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.Filter"), + }, + }, + }, }, }, - "marker": { + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.Filter"}, + } +} + +func schema_openshift_api_machine_v1beta1_AddressesFromPool(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "AddressesFromPool is an IPAddressPool that will be used to create IPAddressClaims for fulfillment by an external controller.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "group": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: marker is silently ignored. It has no replacement.", + Description: "group of the IP address pool type known to an external IPAM controller. This should be a fully qualified domain name, for example, externalipam.controller.io.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "sortKey": { + "resource": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: sortKey is silently ignored. It has no replacement.", + Description: "resource of the IP address pool type known to an external IPAM controller. It is normally the plural form of the resource kind in lowercase, for example, ippools.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "sortDir": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: sortDir is silently ignored. It has no replacement.", + Description: "name of an IP address pool, for example, pool-config-1.", + Default: "", Type: []string{"string"}, Format: "", }, }, }, + Required: []string{"group", "resource", "name"}, }, }, } } -func schema_openshift_api_machine_v1alpha1_SecurityGroupParam(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_AzureBootDiagnostics(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "AzureBootDiagnostics configures the boot diagnostics settings for the virtual machine. This allows you to configure capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "uuid": { + "storageAccountType": { SchemaProps: spec.SchemaProps{ - Description: "Security Group UUID", + Description: "storageAccountType determines if the storage account for storing the diagnostics data should be provisioned by Azure (AzureManaged) or by the customer (CustomerManaged).", + Default: "", Type: []string{"string"}, Format: "", }, }, - "name": { + "customerManaged": { SchemaProps: spec.SchemaProps{ - Description: "Security Group name", + Description: "customerManaged provides reference to the customer manager storage account.", + Ref: ref("github.com/openshift/api/machine/v1beta1.AzureCustomerManagedBootDiagnostics"), + }, + }, + }, + Required: []string{"storageAccountType"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "storageAccountType", + "fields-to-discriminateBy": map[string]interface{}{ + "customerManaged": "CustomerManaged", + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.AzureCustomerManagedBootDiagnostics"}, + } +} + +func schema_openshift_api_machine_v1beta1_AzureCustomerManagedBootDiagnostics(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "AzureCustomerManagedBootDiagnostics provides reference to a customer managed storage account.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "storageAccountURI": { + SchemaProps: spec.SchemaProps{ + Description: "storageAccountURI is the URI of the customer managed storage account. The URI typically will be `https://.blob.core.windows.net/` but may differ if you are using Azure DNS zone endpoints. You can find the correct endpoint by looking for the Blob Primary Endpoint in the endpoints tab in the Azure console.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "filter": { + }, + Required: []string{"storageAccountURI"}, + }, + }, + } +} + +func schema_openshift_api_machine_v1beta1_AzureDiagnostics(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "AzureDiagnostics is used to configure the diagnostic settings of the virtual machine.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "boot": { SchemaProps: spec.SchemaProps{ - Description: "Filters used to query security groups in openstack", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1alpha1.SecurityGroupFilter"), + Description: "AzureBootDiagnostics configures the boot diagnostics settings for the virtual machine. This allows you to configure capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", + Ref: ref("github.com/openshift/api/machine/v1beta1.AzureBootDiagnostics"), }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1alpha1.SecurityGroupFilter"}, + "github.com/openshift/api/machine/v1beta1.AzureBootDiagnostics"}, } } -func schema_openshift_api_machine_v1alpha1_SubnetFilter(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_AzureMachineProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "AzureMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an Azure virtual machine. It is used by the Azure machine actuator to create a single Machine. Required parameters such as location that are not specified by this configuration, will be defaulted by the actuator. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "id": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "id is the uuid of a specific subnet to use. If specified, id will not be validated. Instead server creation will fail with an appropriate error.", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "name": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "name filters subnets by name.", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - "description": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "description filters subnets by description.", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "userDataSecret": { + SchemaProps: spec.SchemaProps{ + Description: "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", + Ref: ref("k8s.io/api/core/v1.SecretReference"), + }, + }, + "credentialsSecret": { + SchemaProps: spec.SchemaProps{ + Description: "credentialsSecret is a reference to the secret with Azure credentials.", + Ref: ref("k8s.io/api/core/v1.SecretReference"), + }, + }, + "location": { + SchemaProps: spec.SchemaProps{ + Description: "location is the region to use to create the instance", Type: []string{"string"}, Format: "", }, }, - "networkId": { + "vmSize": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: networkId is silently ignored. Set uuid on the containing network definition instead.", + Description: "vmSize is the size of the VM to create.", Type: []string{"string"}, Format: "", }, }, - "tenantId": { + "image": { SchemaProps: spec.SchemaProps{ - Description: "tenantId filters subnets by tenant ID. Deprecated: use projectId instead. tenantId will be ignored if projectId is set.", + Description: "image is the OS image to use to create the instance.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.Image"), + }, + }, + "osDisk": { + SchemaProps: spec.SchemaProps{ + Description: "osDisk represents the parameters for creating the OS disk.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.OSDisk"), + }, + }, + "dataDisks": { + SchemaProps: spec.SchemaProps{ + Description: "DataDisk specifies the parameters that are used to add one or more data disks to the machine.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.DataDisk"), + }, + }, + }, + }, + }, + "sshPublicKey": { + SchemaProps: spec.SchemaProps{ + Description: "sshPublicKey is the public key to use to SSH to the virtual machine.", Type: []string{"string"}, Format: "", }, }, - "projectId": { + "publicIP": { SchemaProps: spec.SchemaProps{ - Description: "projectId filters subnets by project ID.", - Type: []string{"string"}, + Description: "publicIP if true a public IP will be used", + Default: false, + Type: []string{"boolean"}, Format: "", }, }, - "ipVersion": { + "tags": { SchemaProps: spec.SchemaProps{ - Description: "ipVersion filters subnets by IP version.", - Type: []string{"integer"}, - Format: "int32", + Description: "tags is a list of tags to apply to the machine.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "gateway_ip": { + "securityGroup": { SchemaProps: spec.SchemaProps{ - Description: "gateway_ip filters subnets by gateway IP.", + Description: "Network Security Group that needs to be attached to the machine's interface. No security group will be attached if empty.", Type: []string{"string"}, Format: "", }, }, - "cidr": { + "applicationSecurityGroups": { SchemaProps: spec.SchemaProps{ - Description: "cidr filters subnets by CIDR.", + Description: "Application Security Groups that need to be attached to the machine's interface. No application security groups will be attached if zero-length.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "subnet": { + SchemaProps: spec.SchemaProps{ + Description: "subnet to use for this instance", + Default: "", Type: []string{"string"}, Format: "", }, }, - "ipv6AddressMode": { + "publicLoadBalancer": { SchemaProps: spec.SchemaProps{ - Description: "ipv6AddressMode filters subnets by IPv6 address mode.", + Description: "publicLoadBalancer to use for this instance", Type: []string{"string"}, Format: "", }, }, - "ipv6RaMode": { + "internalLoadBalancer": { SchemaProps: spec.SchemaProps{ - Description: "ipv6RaMode filters subnets by IPv6 router adversiement mode.", + Description: "InternalLoadBalancerName to use for this instance", Type: []string{"string"}, Format: "", }, }, - "subnetpoolId": { + "natRule": { SchemaProps: spec.SchemaProps{ - Description: "subnetpoolId filters subnets by subnet pool ID. Deprecated: subnetpoolId is silently ignored.", - Type: []string{"string"}, - Format: "", + Description: "natRule to set inbound NAT rule of the load balancer", + Type: []string{"integer"}, + Format: "int64", }, }, - "tags": { + "managedIdentity": { SchemaProps: spec.SchemaProps{ - Description: "tags filters by subnets containing all specified tags. Multiple tags are comma separated.", + Description: "managedIdentity to set managed identity name", Type: []string{"string"}, Format: "", }, }, - "tagsAny": { + "vnet": { SchemaProps: spec.SchemaProps{ - Description: "tagsAny filters by subnets containing any specified tags. Multiple tags are comma separated.", + Description: "vnet to set virtual network name", Type: []string{"string"}, Format: "", }, }, - "notTags": { + "zone": { SchemaProps: spec.SchemaProps{ - Description: "notTags filters by subnets which don't match all specified tags. NOT (t1 AND t2...) Multiple tags are comma separated.", + Description: "Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone", Type: []string{"string"}, Format: "", }, }, - "notTagsAny": { + "networkResourceGroup": { SchemaProps: spec.SchemaProps{ - Description: "notTagsAny filters by subnets which don't match any specified tags. NOT (t1 OR t2...) Multiple tags are comma separated.", + Description: "networkResourceGroup is the resource group for the virtual machine's network", Type: []string{"string"}, Format: "", }, }, - "enableDhcp": { + "resourceGroup": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: enableDhcp is silently ignored. It has no replacement.", - Type: []string{"boolean"}, + Description: "resourceGroup is the resource group for the virtual machine", + Type: []string{"string"}, Format: "", }, }, - "limit": { + "spotVMOptions": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: limit is silently ignored. It has no replacement.", - Type: []string{"integer"}, - Format: "int32", + Description: "spotVMOptions allows the ability to specify the Machine should use a Spot VM", + Ref: ref("github.com/openshift/api/machine/v1beta1.SpotVMOptions"), }, }, - "marker": { + "securityProfile": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: marker is silently ignored. It has no replacement.", - Type: []string{"string"}, - Format: "", + Description: "securityProfile specifies the Security profile settings for a virtual machine.", + Ref: ref("github.com/openshift/api/machine/v1beta1.SecurityProfile"), }, }, - "sortKey": { + "ultraSSDCapability": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: sortKey is silently ignored. It has no replacement.", + Description: "ultraSSDCapability enables or disables Azure UltraSSD capability for a virtual machine. This can be used to allow/disallow binding of Azure UltraSSD to the Machine both as Data Disks or via Persistent Volumes. This Azure feature is subject to a specific scope and certain limitations. More informations on this can be found in the official Azure documentation for Ultra Disks: (https://docs.microsoft.com/en-us/azure/virtual-machines/disks-enable-ultra-ssd?tabs=azure-portal#ga-scope-and-limitations).\n\nWhen omitted, if at least one Data Disk of type UltraSSD is specified, the platform will automatically enable the capability. If a Perisistent Volume backed by an UltraSSD is bound to a Pod on the Machine, when this field is ommitted, the platform will *not* automatically enable the capability (unless already enabled by the presence of an UltraSSD as Data Disk). This may manifest in the Pod being stuck in `ContainerCreating` phase. This defaulting behaviour may be subject to change in future.\n\nWhen set to \"Enabled\", if the capability is available for the Machine based on the scope and limitations described above, the capability will be set on the Machine. This will thus allow UltraSSD both as Data Disks and Persistent Volumes. If set to \"Enabled\" when the capability can't be available due to scope and limitations, the Machine will go into \"Failed\" state.\n\nWhen set to \"Disabled\", UltraSSDs will not be allowed either as Data Disks nor as Persistent Volumes. In this case if any UltraSSDs are specified as Data Disks on a Machine, the Machine will go into a \"Failed\" state. If instead any UltraSSDs are backing the volumes (via Persistent Volumes) of any Pods scheduled on a Node which is backed by the Machine, the Pod may get stuck in `ContainerCreating` phase.", Type: []string{"string"}, Format: "", }, }, - "sortDir": { + "acceleratedNetworking": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: sortDir is silently ignored. It has no replacement.", - Type: []string{"string"}, + Description: "acceleratedNetworking enables or disables Azure accelerated networking feature. Set to false by default. If true, then this will depend on whether the requested VMSize is supported. If set to true with an unsupported VMSize, Azure will return an error.", + Type: []string{"boolean"}, Format: "", }, }, - }, - }, - }, - } -} - -func schema_openshift_api_machine_v1alpha1_SubnetParam(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "uuid": { + "availabilitySet": { SchemaProps: spec.SchemaProps{ - Description: "The UUID of the network. Required if you omit the port attribute.", + Description: "availabilitySet specifies the availability set to use for this instance. Availability set should be precreated, before using this field.", Type: []string{"string"}, Format: "", }, }, - "filter": { + "diagnostics": { SchemaProps: spec.SchemaProps{ - Description: "Filters for optional network query", + Description: "diagnostics configures the diagnostics settings for the virtual machine. This allows you to configure boot diagnostics such as capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1alpha1.SubnetFilter"), - }, - }, - "portTags": { - SchemaProps: spec.SchemaProps{ - Description: "portTags are tags that are added to ports created on this subnet", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Ref: ref("github.com/openshift/api/machine/v1beta1.AzureDiagnostics"), }, }, - "portSecurity": { + "capacityReservationGroupID": { SchemaProps: spec.SchemaProps{ - Description: "portSecurity optionally enables or disables security on ports managed by OpenStack Deprecated: portSecurity is silently ignored. Set portSecurity on the parent network instead.", - Type: []string{"boolean"}, + Description: "capacityReservationGroupID specifies the capacity reservation group resource id that should be used for allocating the virtual machine. The field size should be greater than 0 and the field input must start with '/'. The input for capacityReservationGroupID must be similar to '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/capacityReservationGroups/{capacityReservationGroupName}'. The keys which are used should be among 'subscriptions', 'providers' and 'resourcegroups' followed by valid ID or names respectively.", + Type: []string{"string"}, Format: "", }, }, }, + Required: []string{"image", "osDisk", "publicIP", "subnet"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1alpha1.SubnetFilter"}, + "github.com/openshift/api/machine/v1beta1.AzureDiagnostics", "github.com/openshift/api/machine/v1beta1.DataDisk", "github.com/openshift/api/machine/v1beta1.Image", "github.com/openshift/api/machine/v1beta1.OSDisk", "github.com/openshift/api/machine/v1beta1.SecurityProfile", "github.com/openshift/api/machine/v1beta1.SpotVMOptions", "k8s.io/api/core/v1.SecretReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_machine_v1beta1_AWSMachineProviderConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_AzureMachineProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "AWSMachineProviderConfig is the Schema for the awsmachineproviderconfigs API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "AzureMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains Azure-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -42182,489 +41628,637 @@ func schema_openshift_api_machine_v1beta1_AWSMachineProviderConfig(ref common.Re "metadata": { SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, - "ami": { + "vmId": { SchemaProps: spec.SchemaProps{ - Description: "ami is the reference to the AMI from which to create the machine instance.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.AWSResourceReference"), + Description: "vmId is the ID of the virtual machine created in Azure.", + Type: []string{"string"}, + Format: "", }, }, - "instanceType": { + "vmState": { SchemaProps: spec.SchemaProps{ - Description: "instanceType is the type of instance to create. Example: m4.xlarge", - Default: "", + Description: "vmState is the provisioning state of the Azure virtual machine.", Type: []string{"string"}, Format: "", }, }, - "cpuOptions": { - SchemaProps: spec.SchemaProps{ - Description: "cpuOptions defines CPU-related settings for the instance, including the confidential computing policy. When omitted, this means no opinion and the AWS platform is left to choose a reasonable default. More info: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CpuOptionsRequest.html, https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cpu-options-supported-instances-values.html", - Ref: ref("github.com/openshift/api/machine/v1beta1.CPUOptions"), + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + }, }, - }, - "tags": { SchemaProps: spec.SchemaProps{ - Description: "tags is the set of tags to add to apply to an instance, in addition to the ones added by default by the actuator. These tags are additive. The actuator will ensure these tags are present, but will not remove any other tags that may exist on the instance.", + Description: "conditions is a set of conditions associated with the Machine to indicate errors or other status.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.TagSpecification"), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, }, }, - "iamInstanceProfile": { + }, + }, + }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_openshift_api_machine_v1beta1_BlockDeviceMappingSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "BlockDeviceMappingSpec describes a block device mapping", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "deviceName": { SchemaProps: spec.SchemaProps{ - Description: "iamInstanceProfile is a reference to an IAM role to assign to the instance", - Ref: ref("github.com/openshift/api/machine/v1beta1.AWSResourceReference"), + Description: "The device name exposed to the machine (for example, /dev/sdh or xvdh).", + Type: []string{"string"}, + Format: "", }, }, - "userDataSecret": { + "ebs": { SchemaProps: spec.SchemaProps{ - Description: "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Description: "Parameters used to automatically set up EBS volumes when the machine is launched.", + Ref: ref("github.com/openshift/api/machine/v1beta1.EBSBlockDeviceSpec"), }, }, - "credentialsSecret": { + "noDevice": { SchemaProps: spec.SchemaProps{ - Description: "credentialsSecret is a reference to the secret with AWS credentials. Otherwise, defaults to permissions provided by attached IAM role where the actuator is running.", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Description: "Suppresses the specified device included in the block device mapping of the AMI.", + Type: []string{"string"}, + Format: "", }, }, - "keyName": { + "virtualName": { SchemaProps: spec.SchemaProps{ - Description: "keyName is the name of the KeyPair to use for SSH", + Description: "The virtual device name (ephemeralN). Machine store volumes are numbered starting from 0. An machine type with 2 available machine store volumes can specify mappings for ephemeral0 and ephemeral1.The number of available machine store volumes depends on the machine type. After you connect to the machine, you must mount the volume.\n\nConstraints: For M3 machines, you must specify machine store volumes in the block device mapping for the machine. When you launch an M3 machine, we ignore any machine store volumes specified in the block device mapping for the AMI.", Type: []string{"string"}, Format: "", }, }, - "deviceIndex": { + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.EBSBlockDeviceSpec"}, + } +} + +func schema_openshift_api_machine_v1beta1_CPUOptions(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "CPUOptions defines CPU-related settings for the instance, including the confidential computing policy. If provided, it must not be empty — at least one field must be set.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "confidentialCompute": { SchemaProps: spec.SchemaProps{ - Description: "deviceIndex is the index of the device on the instance for the network interface attachment. Defaults to 0.", - Default: 0, - Type: []string{"integer"}, - Format: "int64", + Description: "confidentialCompute specifies whether confidential computing should be enabled for the instance, and, if so, which confidential computing technology to use. Valid values are: Disabled, AMDEncryptedVirtualizationNestedPaging and omitted. When set to Disabled, confidential computing will be disabled for the instance. When set to AMDEncryptedVirtualizationNestedPaging, AMD SEV-SNP will be used as the confidential computing technology for the instance. In this case, ensure the following conditions are met: 1) The selected instance type supports AMD SEV-SNP. 2) The selected AWS region supports AMD SEV-SNP. 3) The selected AMI supports AMD SEV-SNP. More details can be checked at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html When omitted, this means no opinion and the AWS platform is left to choose a reasonable default, which is subject to change without notice. The current default is Disabled.", + Type: []string{"string"}, + Format: "", }, }, - "publicIp": { + }, + }, + }, + } +} + +func schema_openshift_api_machine_v1beta1_Condition(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Condition defines an observation of a Machine API resource operational state.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { SchemaProps: spec.SchemaProps{ - Description: "publicIp specifies whether the instance should get a public IP. If not present, it should use the default of its subnet.", - Type: []string{"boolean"}, + Description: "type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.", + Default: "", + Type: []string{"string"}, Format: "", }, }, - "networkInterfaceType": { + "status": { SchemaProps: spec.SchemaProps{ - Description: "networkInterfaceType specifies the type of network interface to be used for the primary network interface. Valid values are \"ENA\", \"EFA\", and omitted, which means no opinion and the platform chooses a good default which may change over time. The current default value is \"ENA\". Please visit https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html to learn more about the AWS Elastic Fabric Adapter interface option.", + Description: "status of the condition, one of True, False, Unknown.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "securityGroups": { + "severity": { SchemaProps: spec.SchemaProps{ - Description: "securityGroups is an array of references to security groups that should be applied to the instance.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.AWSResourceReference"), - }, - }, - }, + Description: "severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.", + Type: []string{"string"}, + Format: "", }, }, - "subnet": { + "lastTransitionTime": { SchemaProps: spec.SchemaProps{ - Description: "subnet is a reference to the subnet to use for this instance", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.AWSResourceReference"), + Description: "Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, - "placement": { + "reason": { SchemaProps: spec.SchemaProps{ - Description: "placement specifies where to create the instance in AWS", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.Placement"), + Description: "The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.", + Type: []string{"string"}, + Format: "", }, }, - "loadBalancers": { + "message": { SchemaProps: spec.SchemaProps{ - Description: "loadBalancers is the set of load balancers to which the new instance should be added once it is created.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.LoadBalancerReference"), - }, - }, - }, + Description: "A human readable message indicating details about the transition. This field may be empty.", + Type: []string{"string"}, + Format: "", }, }, - "blockDevices": { + }, + Required: []string{"type", "status", "lastTransitionTime"}, + }, + }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + } +} + +func schema_openshift_api_machine_v1beta1_ConfidentialVM(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ConfidentialVM defines the UEFI settings for the virtual machine.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "uefiSettings": { SchemaProps: spec.SchemaProps{ - Description: "blockDevices is the set of block device mapping associated to this instance, block device without a name will be used as a root device and only one device without a name is allowed https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.BlockDeviceMappingSpec"), - }, - }, - }, + Description: "uefiSettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.UEFISettings"), }, }, - "spotMarketOptions": { + }, + Required: []string{"uefiSettings"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.UEFISettings"}, + } +} + +func schema_openshift_api_machine_v1beta1_DataDisk(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "DataDisk specifies the parameters that are used to add one or more data disks to the machine. A Data Disk is a managed disk that's attached to a virtual machine to store application data. It differs from an OS Disk as it doesn't come with a pre-installed OS, and it cannot contain the boot volume. It is registered as SCSI drive and labeled with the chosen `lun`. e.g. for `lun: 0` the raw disk device will be available at `/dev/disk/azure/scsi1/lun0`.\n\nAs the Data Disk disk device is attached raw to the virtual machine, it will need to be partitioned, formatted with a filesystem and mounted, in order for it to be usable. This can be done by creating a custom userdata Secret with custom Ignition configuration to achieve the desired initialization. At this stage the previously defined `lun` is to be used as the \"device\" key for referencing the raw disk device to be initialized. Once the custom userdata Secret has been created, it can be referenced in the Machine's `.providerSpec.userDataSecret`. For further guidance and examples, please refer to the official OpenShift docs.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "nameSuffix": { SchemaProps: spec.SchemaProps{ - Description: "spotMarketOptions allows users to configure instances to be run using AWS Spot instances.", - Ref: ref("github.com/openshift/api/machine/v1beta1.SpotMarketOptions"), + Description: "nameSuffix is the suffix to be appended to the machine name to generate the disk name. Each disk name will be in format _. NameSuffix name must start and finish with an alphanumeric character and can only contain letters, numbers, underscores, periods or hyphens. The overall disk name must not exceed 80 chars in length.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "metadataServiceOptions": { + "diskSizeGB": { SchemaProps: spec.SchemaProps{ - Description: "metadataServiceOptions allows users to configure instance metadata service interaction options. If nothing specified, default AWS IMDS settings will be applied. https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_InstanceMetadataOptionsRequest.html", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.MetadataServiceOptions"), + Description: "diskSizeGB is the size in GB to assign to the data disk.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, - "placementGroupName": { + "managedDisk": { SchemaProps: spec.SchemaProps{ - Description: "placementGroupName specifies the name of the placement group in which to launch the instance. The placement group must already be created and may use any placement strategy. When omitted, no placement group is used when creating the EC2 instance.", - Type: []string{"string"}, - Format: "", + Description: "managedDisk specifies the Managed Disk parameters for the data disk. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is a ManagedDisk with with storageAccountType: \"Premium_LRS\" and diskEncryptionSet.id: \"Default\".", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.DataDiskManagedDiskParameters"), }, }, - "placementGroupPartition": { + "lun": { SchemaProps: spec.SchemaProps{ - Description: "placementGroupPartition is the partition number within the placement group in which to launch the instance. This must be an integer value between 1 and 7. It is only valid if the placement group, referred in `PlacementGroupName` was created with strategy set to partition.", + Description: "lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. This value is also needed for referencing the data disks devices within userdata to perform disk initialization through Ignition (e.g. partition/format/mount). The value must be between 0 and 63.", + Default: 0, Type: []string{"integer"}, Format: "int32", }, }, - "capacityReservationId": { + "cachingType": { SchemaProps: spec.SchemaProps{ - Description: "capacityReservationId specifies the target Capacity Reservation into which the instance should be launched. The field size should be greater than 0 and the field input must start with cr-***", - Default: "", + Description: "cachingType specifies the caching requirements. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is CachingTypeNone.", Type: []string{"string"}, Format: "", }, }, - "marketType": { + "deletionPolicy": { SchemaProps: spec.SchemaProps{ - Description: "marketType specifies the type of market for the EC2 instance. Valid values are OnDemand, Spot, CapacityBlock and omitted.\n\nDefaults to OnDemand. When SpotMarketOptions is provided, the marketType defaults to \"Spot\".\n\nWhen set to OnDemand the instance runs as a standard OnDemand instance. When set to Spot the instance runs as a Spot instance. When set to CapacityBlock the instance utilizes pre-purchased compute capacity (capacity blocks) with AWS Capacity Reservations. If this value is selected, capacityReservationID must be specified to identify the target reservation.", + Description: "deletionPolicy specifies the data disk deletion policy upon Machine deletion. Possible values are \"Delete\",\"Detach\". When \"Delete\" is used the data disk is deleted when the Machine is deleted. When \"Detach\" is used the data disk is detached from the Machine and retained when the Machine is deleted.", + Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"ami", "instanceType", "deviceIndex", "subnet", "placement"}, + Required: []string{"nameSuffix", "diskSizeGB", "lun", "deletionPolicy"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.AWSResourceReference", "github.com/openshift/api/machine/v1beta1.BlockDeviceMappingSpec", "github.com/openshift/api/machine/v1beta1.CPUOptions", "github.com/openshift/api/machine/v1beta1.LoadBalancerReference", "github.com/openshift/api/machine/v1beta1.MetadataServiceOptions", "github.com/openshift/api/machine/v1beta1.Placement", "github.com/openshift/api/machine/v1beta1.SpotMarketOptions", "github.com/openshift/api/machine/v1beta1.TagSpecification", corev1.LocalObjectReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/machine/v1beta1.DataDiskManagedDiskParameters"}, } } -func schema_openshift_api_machine_v1beta1_AWSMachineProviderConfigList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_DataDiskManagedDiskParameters(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "AWSMachineProviderConfigList contains a list of AWSMachineProviderConfig Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "DataDiskManagedDiskParameters is the parameters of a DataDisk managed disk.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "storageAccountType": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "storageAccountType is the storage account type to use. Possible values include \"Standard_LRS\", \"Premium_LRS\" and \"UltraSSD_LRS\".", + Default: "", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "diskEncryptionSet": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", + Description: "diskEncryptionSet is the disk encryption set properties. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is a DiskEncryptionSet with id: \"Default\".", + Ref: ref("github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters"), }, }, - "metadata": { + }, + Required: []string{"storageAccountType"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters"}, + } +} + +func schema_openshift_api_machine_v1beta1_DedicatedHost(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "DedicatedHost represents the configuration for the usage of dedicated host.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "id": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Description: "id identifies the AWS Dedicated Host on which the instance must run. The value must start with \"h-\" followed by either 8 or 17 lowercase hexadecimal characters (0-9 and a-f). The use of 8 lowercase hexadecimal characters is for older legacy hosts that may not have been migrated to newer format. Must be either 10 or 19 characters in length.", + Type: []string{"string"}, + Format: "", }, }, - "items": { + }, + Required: []string{"id"}, + }, + }, + } +} + +func schema_openshift_api_machine_v1beta1_DiskEncryptionSetParameters(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "DiskEncryptionSetParameters is the disk encryption set properties", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "id": { SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.AWSMachineProviderConfig"), - }, - }, - }, + Description: "id is the disk encryption set ID Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is: \"Default\".", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"items"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.AWSMachineProviderConfig", metav1.ListMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1beta1_AWSMachineProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_DiskSettings(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "AWSMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains AWS-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "DiskSettings describe ephemeral disk settings for the os disk.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "ephemeralStorageLocation": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "ephemeralStorageLocation enables ephemeral OS when set to 'Local'. Possible values include: 'Local'. See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks for full details. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is that disks are saved to remote Azure storage.", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + }, + }, + }, + } +} + +func schema_openshift_api_machine_v1beta1_EBSBlockDeviceSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "EBSBlockDeviceSpec describes a block device for an EBS volume. https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EbsBlockDevice", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "deleteOnTermination": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, + Description: "Indicates whether the EBS volume is deleted on machine termination.\n\nDeprecated: setting this field has no effect.", + Type: []string{"boolean"}, Format: "", }, }, - "instanceId": { + "encrypted": { SchemaProps: spec.SchemaProps{ - Description: "instanceId is the instance ID of the machine created in AWS", - Type: []string{"string"}, + Description: "Indicates whether the EBS volume is encrypted. Encrypted Amazon EBS volumes may only be attached to machines that support Amazon EBS encryption.", + Type: []string{"boolean"}, Format: "", }, }, - "instanceState": { + "kmsKey": { SchemaProps: spec.SchemaProps{ - Description: "instanceState is the state of the AWS instance for this machine", - Type: []string{"string"}, - Format: "", + Description: "Indicates the KMS key that should be used to encrypt the Amazon EBS volume.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.AWSResourceReference"), }, }, - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", - }, - "x-kubernetes-list-type": "map", - }, + "iops": { + SchemaProps: spec.SchemaProps{ + Description: "The number of I/O operations per second (IOPS) that the volume supports. For io1, this represents the number of IOPS that are provisioned for the volume. For gp2, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. For more information about General Purpose SSD baseline performance, I/O credits, and bursting, see Amazon EBS Volume Types (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the Amazon Elastic Compute Cloud User Guide.\n\nMinimal and maximal IOPS for io1 and gp2 are constrained. Please, check https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html for precise boundaries for individual volumes.\n\nCondition: This parameter is required for requests to create io1 volumes; it is not used in requests to create gp2, st1, sc1, or standard volumes.", + Type: []string{"integer"}, + Format: "int64", }, + }, + "throughputMib": { SchemaProps: spec.SchemaProps{ - Description: "conditions is a set of conditions associated with the Machine to indicate errors or other status", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), - }, - }, - }, + Description: "throughputMib to provision in MiB/s supported for the volume type. Not applicable to all types.\n\nThis parameter is valid only for gp3 volumes. Valid Range: Minimum value of 125. Maximum value of 2000.\n\nWhen omitted, this means no opinion, and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 125.", + Type: []string{"integer"}, + Format: "int32", }, }, - "dedicatedHost": { + "volumeSize": { SchemaProps: spec.SchemaProps{ - Description: "dedicatedHost tracks the dynamically allocated dedicated host. This field is populated when allocationStrategy is Dynamic (with or without DynamicHostAllocation). When omitted, this indicates that the dedicated host has not yet been allocated, or allocation is in progress.", - Ref: ref("github.com/openshift/api/machine/v1beta1.DedicatedHostStatus"), + Description: "The size of the volume, in GiB.\n\nConstraints: 1-16384 for General Purpose SSD (gp2), 4-16384 for Provisioned IOPS SSD (io1), 500-16384 for Throughput Optimized HDD (st1), 500-16384 for Cold HDD (sc1), and 1-1024 for Magnetic (standard) volumes. If you specify a snapshot, the volume size must be equal to or larger than the snapshot size.\n\nDefault: If you're creating the volume from a snapshot and don't specify a volume size, the default is the snapshot size.", + Type: []string{"integer"}, + Format: "int64", + }, + }, + "volumeType": { + SchemaProps: spec.SchemaProps{ + Description: "volumeType can be of type gp2, gp3, io1, st1, sc1, or standard. Default: standard", + Type: []string{"string"}, + Format: "", }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.DedicatedHostStatus", metav1.Condition{}.OpenAPIModelName()}, + "github.com/openshift/api/machine/v1beta1.AWSResourceReference"}, } } -func schema_openshift_api_machine_v1beta1_AWSResourceReference(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_Filter(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "AWSResourceReference is a reference to a specific AWS resource by ID, ARN, or filters. Only one of ID, ARN or Filters may be specified. Specifying more than one will result in a validation error.", + Description: "Filter is a filter used to identify an AWS resource", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "id": { - SchemaProps: spec.SchemaProps{ - Description: "id of resource", - Type: []string{"string"}, - Format: "", - }, - }, - "arn": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "arn of resource", + Description: "name of the filter. Filter names are case-sensitive.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "filters": { + "values": { SchemaProps: spec.SchemaProps{ - Description: "filters is a set of filters used to identify a resource", + Description: "values includes one or more filter values. Filter values are case-sensitive.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.Filter"), + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, }, }, }, + Required: []string{"name"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.Filter"}, } } -func schema_openshift_api_machine_v1beta1_AddressesFromPool(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_GCPDisk(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "AddressesFromPool is an IPAddressPool that will be used to create IPAddressClaims for fulfillment by an external controller.", + Description: "GCPDisk describes disks for GCP.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "group": { + "autoDelete": { SchemaProps: spec.SchemaProps{ - Description: "group of the IP address pool type known to an external IPAM controller. This should be a fully qualified domain name, for example, externalipam.controller.io.", - Default: "", - Type: []string{"string"}, + Description: "autoDelete indicates if the disk will be auto-deleted when the instance is deleted (default false).", + Default: false, + Type: []string{"boolean"}, Format: "", }, }, - "resource": { + "boot": { SchemaProps: spec.SchemaProps{ - Description: "resource of the IP address pool type known to an external IPAM controller. It is normally the plural form of the resource kind in lowercase, for example, ippools.", + Description: "boot indicates if this is a boot disk (default false).", + Default: false, + Type: []string{"boolean"}, + Format: "", + }, + }, + "sizeGb": { + SchemaProps: spec.SchemaProps{ + Description: "sizeGb is the size of the disk (in GB).", + Default: 0, + Type: []string{"integer"}, + Format: "int64", + }, + }, + "type": { + SchemaProps: spec.SchemaProps{ + Description: "type is the type of the disk (eg: pd-standard).", Default: "", Type: []string{"string"}, Format: "", }, }, - "name": { + "image": { SchemaProps: spec.SchemaProps{ - Description: "name of an IP address pool, for example, pool-config-1.", + Description: "image is the source image to create this disk.", Default: "", Type: []string{"string"}, Format: "", }, }, + "labels": { + SchemaProps: spec.SchemaProps{ + Description: "labels list of labels to apply to the disk.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "encryptionKey": { + SchemaProps: spec.SchemaProps{ + Description: "encryptionKey is the customer-supplied encryption key of the disk.", + Ref: ref("github.com/openshift/api/machine/v1beta1.GCPEncryptionKeyReference"), + }, + }, }, - Required: []string{"group", "resource", "name"}, + Required: []string{"autoDelete", "boot", "sizeGb", "type", "image", "labels"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.GCPEncryptionKeyReference"}, } } -func schema_openshift_api_machine_v1beta1_AzureBootDiagnostics(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_GCPEncryptionKeyReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "AzureBootDiagnostics configures the boot diagnostics settings for the virtual machine. This allows you to configure capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", + Description: "GCPEncryptionKeyReference describes the encryptionKey to use for a disk's encryption.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "storageAccountType": { + "kmsKey": { SchemaProps: spec.SchemaProps{ - Description: "storageAccountType determines if the storage account for storing the diagnostics data should be provisioned by Azure (AzureManaged) or by the customer (CustomerManaged).", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "KMSKeyName is the reference KMS key, in the format", + Ref: ref("github.com/openshift/api/machine/v1beta1.GCPKMSKeyReference"), }, }, - "customerManaged": { + "kmsKeyServiceAccount": { SchemaProps: spec.SchemaProps{ - Description: "customerManaged provides reference to the customer manager storage account.", - Ref: ref("github.com/openshift/api/machine/v1beta1.AzureCustomerManagedBootDiagnostics"), - }, - }, - }, - Required: []string{"storageAccountType"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "storageAccountType", - "fields-to-discriminateBy": map[string]interface{}{ - "customerManaged": "CustomerManaged", - }, + Description: "kmsKeyServiceAccount is the service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. See https://cloud.google.com/compute/docs/access/service-accounts#compute_engine_service_account for details on the default service account.", + Type: []string{"string"}, + Format: "", }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.AzureCustomerManagedBootDiagnostics"}, + "github.com/openshift/api/machine/v1beta1.GCPKMSKeyReference"}, } } -func schema_openshift_api_machine_v1beta1_AzureCustomerManagedBootDiagnostics(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_GCPGPUConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "AzureCustomerManagedBootDiagnostics provides reference to a customer managed storage account.", + Description: "GCPGPUConfig describes type and count of GPUs attached to the instance on GCP.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "storageAccountURI": { + "count": { SchemaProps: spec.SchemaProps{ - Description: "storageAccountURI is the URI of the customer managed storage account. The URI typically will be `https://.blob.core.windows.net/` but may differ if you are using Azure DNS zone endpoints. You can find the correct endpoint by looking for the Blob Primary Endpoint in the endpoints tab in the Azure console.", + Description: "count is the number of GPUs to be attached to an instance.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", + }, + }, + "type": { + SchemaProps: spec.SchemaProps{ + Description: "type is the type of GPU to be attached to an instance. Supported GPU types are: nvidia-tesla-k80, nvidia-tesla-p100, nvidia-tesla-v100, nvidia-tesla-p4, nvidia-tesla-t4", Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"storageAccountURI"}, + Required: []string{"count", "type"}, }, }, } } -func schema_openshift_api_machine_v1beta1_AzureDiagnostics(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_GCPKMSKeyReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "AzureDiagnostics is used to configure the diagnostic settings of the virtual machine.", + Description: "GCPKMSKeyReference gathers required fields for looking up a GCP KMS Key", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "boot": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "AzureBootDiagnostics configures the boot diagnostics settings for the virtual machine. This allows you to configure capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", - Ref: ref("github.com/openshift/api/machine/v1beta1.AzureBootDiagnostics"), + Description: "name is the name of the customer managed encryption key to be used for the disk encryption.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "keyRing": { + SchemaProps: spec.SchemaProps{ + Description: "keyRing is the name of the KMS Key Ring which the KMS Key belongs to.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "projectID": { + SchemaProps: spec.SchemaProps{ + Description: "projectID is the ID of the Project in which the KMS Key Ring exists. Defaults to the VM ProjectID if not set.", + Type: []string{"string"}, + Format: "", + }, + }, + "location": { + SchemaProps: spec.SchemaProps{ + Description: "location is the GCP location in which the Key Ring exists.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, + Required: []string{"name", "keyRing", "location"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.AzureBootDiagnostics"}, } } -func schema_openshift_api_machine_v1beta1_AzureMachineProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_GCPMachineProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "AzureMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an Azure virtual machine. It is used by the Azure machine actuator to create a single Machine. Required parameters such as location that are not specified by this configuration, will be defaulted by the actuator. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "GCPMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an GCP virtual machine. It is used by the GCP machine actuator to create a single Machine. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -42683,85 +42277,113 @@ func schema_openshift_api_machine_v1beta1_AzureMachineProviderSpec(ref common.Re }, "metadata": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "userDataSecret": { SchemaProps: spec.SchemaProps{ Description: "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", - Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, "credentialsSecret": { SchemaProps: spec.SchemaProps{ - Description: "credentialsSecret is a reference to the secret with Azure credentials.", - Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), + Description: "credentialsSecret is a reference to the secret with GCP credentials.", + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, - "location": { + "canIPForward": { SchemaProps: spec.SchemaProps{ - Description: "location is the region to use to create the instance", - Type: []string{"string"}, + Description: "canIPForward Allows this instance to send and receive packets with non-matching destination or source IPs. This is required if you plan to use this instance to forward routes.", + Default: false, + Type: []string{"boolean"}, Format: "", }, }, - "vmSize": { + "deletionProtection": { SchemaProps: spec.SchemaProps{ - Description: "vmSize is the size of the VM to create.", - Type: []string{"string"}, + Description: "deletionProtection whether the resource should be protected against deletion.", + Default: false, + Type: []string{"boolean"}, Format: "", }, }, - "image": { + "disks": { SchemaProps: spec.SchemaProps{ - Description: "image is the OS image to use to create the instance.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.Image"), + Description: "disks is a list of disks to be attached to the VM.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/openshift/api/machine/v1beta1.GCPDisk"), + }, + }, + }, }, }, - "osDisk": { + "labels": { SchemaProps: spec.SchemaProps{ - Description: "osDisk represents the parameters for creating the OS disk.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.OSDisk"), + Description: "labels list of labels to apply to the VM.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "dataDisks": { + "gcpMetadata": { SchemaProps: spec.SchemaProps{ - Description: "DataDisk specifies the parameters that are used to add one or more data disks to the machine.", + Description: "Metadata key/value pairs to apply to the VM.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.DataDisk"), + Ref: ref("github.com/openshift/api/machine/v1beta1.GCPMetadata"), }, }, }, }, }, - "sshPublicKey": { + "networkInterfaces": { SchemaProps: spec.SchemaProps{ - Description: "sshPublicKey is the public key to use to SSH to the virtual machine.", - Type: []string{"string"}, - Format: "", + Description: "networkInterfaces is a list of network interfaces to be attached to the VM.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/openshift/api/machine/v1beta1.GCPNetworkInterface"), + }, + }, + }, }, }, - "publicIP": { + "serviceAccounts": { SchemaProps: spec.SchemaProps{ - Description: "publicIP if true a public IP will be used", - Default: false, - Type: []string{"boolean"}, - Format: "", + Description: "serviceAccounts is a list of GCP service accounts to be used by the VM.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.GCPServiceAccount"), + }, + }, + }, }, }, "tags": { SchemaProps: spec.SchemaProps{ - Description: "tags is a list of tags to apply to the machine.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, + Description: "tags list of network tags to apply to the VM.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: "", @@ -42772,16 +42394,9 @@ func schema_openshift_api_machine_v1beta1_AzureMachineProviderSpec(ref common.Re }, }, }, - "securityGroup": { - SchemaProps: spec.SchemaProps{ - Description: "Network Security Group that needs to be attached to the machine's interface. No security group will be attached if empty.", - Type: []string{"string"}, - Format: "", - }, - }, - "applicationSecurityGroups": { + "targetPools": { SchemaProps: spec.SchemaProps{ - Description: "Application Security Groups that need to be attached to the machine's interface. No application security groups will be attached if zero-length.", + Description: "targetPools are used for network TCP/UDP load balancing. A target pool references member instances, an associated legacy HttpHealthCheck resource, and, optionally, a backup target pool", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -42794,534 +42409,326 @@ func schema_openshift_api_machine_v1beta1_AzureMachineProviderSpec(ref common.Re }, }, }, - "subnet": { + "machineType": { SchemaProps: spec.SchemaProps{ - Description: "subnet to use for this instance", + Description: "machineType is the machine type to use for the VM.", Default: "", Type: []string{"string"}, Format: "", }, }, - "publicLoadBalancer": { - SchemaProps: spec.SchemaProps{ - Description: "publicLoadBalancer to use for this instance", - Type: []string{"string"}, - Format: "", - }, - }, - "internalLoadBalancer": { - SchemaProps: spec.SchemaProps{ - Description: "InternalLoadBalancerName to use for this instance", - Type: []string{"string"}, - Format: "", - }, - }, - "natRule": { - SchemaProps: spec.SchemaProps{ - Description: "natRule to set inbound NAT rule of the load balancer", - Type: []string{"integer"}, - Format: "int64", - }, - }, - "managedIdentity": { - SchemaProps: spec.SchemaProps{ - Description: "managedIdentity to set managed identity name", - Type: []string{"string"}, - Format: "", - }, - }, - "vnet": { + "region": { SchemaProps: spec.SchemaProps{ - Description: "vnet to set virtual network name", + Description: "region is the region in which the GCP machine provider will create the VM.", + Default: "", Type: []string{"string"}, Format: "", }, }, "zone": { SchemaProps: spec.SchemaProps{ - Description: "Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone", - Type: []string{"string"}, - Format: "", - }, - }, - "networkResourceGroup": { - SchemaProps: spec.SchemaProps{ - Description: "networkResourceGroup is the resource group for the virtual machine's network", - Type: []string{"string"}, - Format: "", - }, - }, - "resourceGroup": { - SchemaProps: spec.SchemaProps{ - Description: "resourceGroup is the resource group for the virtual machine", - Type: []string{"string"}, - Format: "", - }, - }, - "spotVMOptions": { - SchemaProps: spec.SchemaProps{ - Description: "spotVMOptions allows the ability to specify the Machine should use a Spot VM", - Ref: ref("github.com/openshift/api/machine/v1beta1.SpotVMOptions"), - }, - }, - "securityProfile": { - SchemaProps: spec.SchemaProps{ - Description: "securityProfile specifies the Security profile settings for a virtual machine.", - Ref: ref("github.com/openshift/api/machine/v1beta1.SecurityProfile"), - }, - }, - "ultraSSDCapability": { - SchemaProps: spec.SchemaProps{ - Description: "ultraSSDCapability enables or disables Azure UltraSSD capability for a virtual machine. This can be used to allow/disallow binding of Azure UltraSSD to the Machine both as Data Disks or via Persistent Volumes. This Azure feature is subject to a specific scope and certain limitations. More informations on this can be found in the official Azure documentation for Ultra Disks: (https://docs.microsoft.com/en-us/azure/virtual-machines/disks-enable-ultra-ssd?tabs=azure-portal#ga-scope-and-limitations).\n\nWhen omitted, if at least one Data Disk of type UltraSSD is specified, the platform will automatically enable the capability. If a Perisistent Volume backed by an UltraSSD is bound to a Pod on the Machine, when this field is ommitted, the platform will *not* automatically enable the capability (unless already enabled by the presence of an UltraSSD as Data Disk). This may manifest in the Pod being stuck in `ContainerCreating` phase. This defaulting behaviour may be subject to change in future.\n\nWhen set to \"Enabled\", if the capability is available for the Machine based on the scope and limitations described above, the capability will be set on the Machine. This will thus allow UltraSSD both as Data Disks and Persistent Volumes. If set to \"Enabled\" when the capability can't be available due to scope and limitations, the Machine will go into \"Failed\" state.\n\nWhen set to \"Disabled\", UltraSSDs will not be allowed either as Data Disks nor as Persistent Volumes. In this case if any UltraSSDs are specified as Data Disks on a Machine, the Machine will go into a \"Failed\" state. If instead any UltraSSDs are backing the volumes (via Persistent Volumes) of any Pods scheduled on a Node which is backed by the Machine, the Pod may get stuck in `ContainerCreating` phase.", - Type: []string{"string"}, - Format: "", - }, - }, - "acceleratedNetworking": { - SchemaProps: spec.SchemaProps{ - Description: "acceleratedNetworking enables or disables Azure accelerated networking feature. Set to false by default. If true, then this will depend on whether the requested VMSize is supported. If set to true with an unsupported VMSize, Azure will return an error.", - Type: []string{"boolean"}, - Format: "", - }, - }, - "availabilitySet": { - SchemaProps: spec.SchemaProps{ - Description: "availabilitySet specifies the availability set to use for this instance. Availability set should be precreated, before using this field.", - Type: []string{"string"}, - Format: "", - }, - }, - "diagnostics": { - SchemaProps: spec.SchemaProps{ - Description: "diagnostics configures the diagnostics settings for the virtual machine. This allows you to configure boot diagnostics such as capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.AzureDiagnostics"), - }, - }, - "capacityReservationGroupID": { - SchemaProps: spec.SchemaProps{ - Description: "capacityReservationGroupID specifies the capacity reservation group resource id that should be used for allocating the virtual machine. The field size should be greater than 0 and the field input must start with '/'. The input for capacityReservationGroupID must be similar to '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/capacityReservationGroups/{capacityReservationGroupName}'. The keys which are used should be among 'subscriptions', 'providers' and 'resourcegroups' followed by valid ID or names respectively.", - Type: []string{"string"}, - Format: "", - }, - }, - }, - Required: []string{"image", "osDisk", "publicIP", "subnet"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.AzureDiagnostics", "github.com/openshift/api/machine/v1beta1.DataDisk", "github.com/openshift/api/machine/v1beta1.Image", "github.com/openshift/api/machine/v1beta1.OSDisk", "github.com/openshift/api/machine/v1beta1.SecurityProfile", "github.com/openshift/api/machine/v1beta1.SpotVMOptions", corev1.SecretReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_machine_v1beta1_AzureMachineProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "AzureMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains Azure-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), - }, - }, - "vmId": { - SchemaProps: spec.SchemaProps{ - Description: "vmId is the ID of the virtual machine created in Azure.", + Description: "zone is the zone in which the GCP machine provider will create the VM.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "vmState": { + "projectID": { SchemaProps: spec.SchemaProps{ - Description: "vmState is the provisioning state of the Azure virtual machine.", + Description: "projectID is the project in which the GCP machine provider will create the VM.", Type: []string{"string"}, Format: "", }, }, - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", - }, - "x-kubernetes-list-type": "map", - }, - }, + "gpus": { SchemaProps: spec.SchemaProps{ - Description: "conditions is a set of conditions associated with the Machine to indicate errors or other status.", + Description: "gpus is a list of GPUs to be attached to the VM.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("github.com/openshift/api/machine/v1beta1.GCPGPUConfig"), }, }, }, }, }, - }, - }, - }, - Dependencies: []string{ - metav1.Condition{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_machine_v1beta1_BlockDeviceMappingSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "BlockDeviceMappingSpec describes a block device mapping", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "deviceName": { - SchemaProps: spec.SchemaProps{ - Description: "The device name exposed to the machine (for example, /dev/sdh or xvdh).", - Type: []string{"string"}, - Format: "", - }, - }, - "ebs": { - SchemaProps: spec.SchemaProps{ - Description: "Parameters used to automatically set up EBS volumes when the machine is launched.", - Ref: ref("github.com/openshift/api/machine/v1beta1.EBSBlockDeviceSpec"), - }, - }, - "noDevice": { - SchemaProps: spec.SchemaProps{ - Description: "Suppresses the specified device included in the block device mapping of the AMI.", - Type: []string{"string"}, - Format: "", - }, - }, - "virtualName": { - SchemaProps: spec.SchemaProps{ - Description: "The virtual device name (ephemeralN). Machine store volumes are numbered starting from 0. An machine type with 2 available machine store volumes can specify mappings for ephemeral0 and ephemeral1.The number of available machine store volumes depends on the machine type. After you connect to the machine, you must mount the volume.\n\nConstraints: For M3 machines, you must specify machine store volumes in the block device mapping for the machine. When you launch an M3 machine, we ignore any machine store volumes specified in the block device mapping for the AMI.", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.EBSBlockDeviceSpec"}, - } -} - -func schema_openshift_api_machine_v1beta1_CPUOptions(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "CPUOptions defines CPU-related settings for the instance, including the confidential computing policy. If provided, it must not be empty — at least one field must be set.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "confidentialCompute": { - SchemaProps: spec.SchemaProps{ - Description: "confidentialCompute specifies whether confidential computing should be enabled for the instance, and, if so, which confidential computing technology to use. Valid values are: Disabled, AMDEncryptedVirtualizationNestedPaging and omitted. When set to Disabled, confidential computing will be disabled for the instance. When set to AMDEncryptedVirtualizationNestedPaging, AMD SEV-SNP will be used as the confidential computing technology for the instance. In this case, ensure the following conditions are met: 1) The selected instance type supports AMD SEV-SNP. 2) The selected AWS region supports AMD SEV-SNP. 3) The selected AMI supports AMD SEV-SNP. More details can be checked at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html When omitted, this means no opinion and the AWS platform is left to choose a reasonable default, which is subject to change without notice. The current default is Disabled.", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - } -} - -func schema_openshift_api_machine_v1beta1_Condition(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "Condition defines an observation of a Machine API resource operational state.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "type": { + "preemptible": { SchemaProps: spec.SchemaProps{ - Description: "type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.", - Default: "", - Type: []string{"string"}, + Description: "preemptible indicates if created instance is preemptible.", + Type: []string{"boolean"}, Format: "", }, }, - "status": { + "provisioningModel": { SchemaProps: spec.SchemaProps{ - Description: "status of the condition, one of True, False, Unknown.", - Default: "", + Description: "provisioningModel is an optional field that determines the provisioning model for the GCP machine instance. Valid values are \"Spot\" and omitted. When set to Spot, the instance runs as a Google Cloud Spot instance which provides significant cost savings but may be preempted by Google Cloud Platform when resources are needed elsewhere. When omitted, the machine will be provisioned as a standard on-demand instance. This field cannot be used together with the preemptible field.", Type: []string{"string"}, Format: "", }, }, - "severity": { + "onHostMaintenance": { SchemaProps: spec.SchemaProps{ - Description: "severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.", + Description: "onHostMaintenance determines the behavior when a maintenance event occurs that might cause the instance to reboot. This is required to be set to \"Terminate\" if you want to provision machine with attached GPUs. Otherwise, allowed values are \"Migrate\" and \"Terminate\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is \"Migrate\".", Type: []string{"string"}, Format: "", }, }, - "lastTransitionTime": { + "restartPolicy": { SchemaProps: spec.SchemaProps{ - Description: "Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Description: "restartPolicy determines the behavior when an instance crashes or the underlying infrastructure provider stops the instance as part of a maintenance event (default \"Always\"). Cannot be \"Always\" with preemptible instances. Otherwise, allowed values are \"Always\" and \"Never\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is \"Always\". RestartPolicy represents AutomaticRestart in GCP compute api", + Type: []string{"string"}, + Format: "", }, }, - "reason": { + "shieldedInstanceConfig": { SchemaProps: spec.SchemaProps{ - Description: "The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.", - Type: []string{"string"}, - Format: "", + Description: "shieldedInstanceConfig is the Shielded VM configuration for the VM", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.GCPShieldedInstanceConfig"), }, }, - "message": { + "confidentialCompute": { SchemaProps: spec.SchemaProps{ - Description: "A human readable message indicating details about the transition. This field may be empty.", + Description: "confidentialCompute is an optional field defining whether the instance should have confidential compute enabled or not, and the confidential computing technology of choice. Allowed values are omitted, Disabled, Enabled, AMDEncryptedVirtualization, AMDEncryptedVirtualizationNestedPaging, and IntelTrustedDomainExtensions When set to Disabled, the machine will not be configured to be a confidential computing instance. When set to Enabled, the machine will be configured as a confidential computing instance with no preference on the confidential compute policy used. In this mode, the platform chooses a default that is subject to change over time. Currently, the default is to use AMD Secure Encrypted Virtualization. When set to AMDEncryptedVirtualization, the machine will be configured as a confidential computing instance with AMD Secure Encrypted Virtualization (AMD SEV) as the confidential computing technology. When set to AMDEncryptedVirtualizationNestedPaging, the machine will be configured as a confidential computing instance with AMD Secure Encrypted Virtualization Secure Nested Paging (AMD SEV-SNP) as the confidential computing technology. When set to IntelTrustedDomainExtensions, the machine will be configured as a confidential computing instance with Intel Trusted Domain Extensions (Intel TDX) as the confidential computing technology. If any value other than Disabled is set the selected machine type must support that specific confidential computing technology. The machine series supporting confidential computing technologies can be checked at https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations#all-confidential-vm-instances Currently, AMDEncryptedVirtualization is supported in c2d, n2d, and c3d machines. AMDEncryptedVirtualizationNestedPaging is supported in n2d machines. IntelTrustedDomainExtensions is supported in c3 machines. If any value other than Disabled is set, the selected region must support that specific confidential computing technology. The list of regions supporting confidential computing technologies can be checked at https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations#supported-zones If any value other than Disabled is set onHostMaintenance is required to be set to \"Terminate\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled.", Type: []string{"string"}, Format: "", }, }, - }, - Required: []string{"type", "status", "lastTransitionTime"}, - }, - }, - Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_machine_v1beta1_ConfidentialVM(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ConfidentialVM defines the UEFI settings for the virtual machine.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "uefiSettings": { + "resourceManagerTags": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "key", + }, + "x-kubernetes-list-type": "map", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "uefiSettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.UEFISettings"), + Description: "resourceManagerTags is an optional list of tags to apply to the GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.ResourceManagerTag"), + }, + }, + }, }, }, }, - Required: []string{"uefiSettings"}, + Required: []string{"canIPForward", "deletionProtection", "serviceAccounts", "machineType", "region", "zone"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.UEFISettings"}, + "github.com/openshift/api/machine/v1beta1.GCPDisk", "github.com/openshift/api/machine/v1beta1.GCPGPUConfig", "github.com/openshift/api/machine/v1beta1.GCPMetadata", "github.com/openshift/api/machine/v1beta1.GCPNetworkInterface", "github.com/openshift/api/machine/v1beta1.GCPServiceAccount", "github.com/openshift/api/machine/v1beta1.GCPShieldedInstanceConfig", "github.com/openshift/api/machine/v1beta1.ResourceManagerTag", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_machine_v1beta1_DataDisk(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_GCPMachineProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "DataDisk specifies the parameters that are used to add one or more data disks to the machine. A Data Disk is a managed disk that's attached to a virtual machine to store application data. It differs from an OS Disk as it doesn't come with a pre-installed OS, and it cannot contain the boot volume. It is registered as SCSI drive and labeled with the chosen `lun`. e.g. for `lun: 0` the raw disk device will be available at `/dev/disk/azure/scsi1/lun0`.\n\nAs the Data Disk disk device is attached raw to the virtual machine, it will need to be partitioned, formatted with a filesystem and mounted, in order for it to be usable. This can be done by creating a custom userdata Secret with custom Ignition configuration to achieve the desired initialization. At this stage the previously defined `lun` is to be used as the \"device\" key for referencing the raw disk device to be initialized. Once the custom userdata Secret has been created, it can be referenced in the Machine's `.providerSpec.userDataSecret`. For further guidance and examples, please refer to the official OpenShift docs.", + Description: "GCPMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains GCP-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "nameSuffix": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "nameSuffix is the suffix to be appended to the machine name to generate the disk name. Each disk name will be in format _. NameSuffix name must start and finish with an alphanumeric character and can only contain letters, numbers, underscores, periods or hyphens. The overall disk name must not exceed 80 chars in length.", - Default: "", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "diskSizeGB": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "diskSizeGB is the size in GB to assign to the data disk.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", }, }, - "managedDisk": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "managedDisk specifies the Managed Disk parameters for the data disk. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is a ManagedDisk with with storageAccountType: \"Premium_LRS\" and diskEncryptionSet.id: \"Default\".", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.DataDiskManagedDiskParameters"), + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, - "lun": { + "instanceId": { SchemaProps: spec.SchemaProps{ - Description: "lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. This value is also needed for referencing the data disks devices within userdata to perform disk initialization through Ignition (e.g. partition/format/mount). The value must be between 0 and 63.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "instanceId is the ID of the instance in GCP", + Type: []string{"string"}, + Format: "", }, }, - "cachingType": { + "instanceState": { SchemaProps: spec.SchemaProps{ - Description: "cachingType specifies the caching requirements. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is CachingTypeNone.", + Description: "instanceState is the provisioning state of the GCP Instance.", Type: []string{"string"}, Format: "", }, }, - "deletionPolicy": { + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "deletionPolicy specifies the data disk deletion policy upon Machine deletion. Possible values are \"Delete\",\"Detach\". When \"Delete\" is used the data disk is deleted when the Machine is deleted. When \"Detach\" is used the data disk is detached from the Machine and retained when the Machine is deleted.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "conditions is a set of conditions associated with the Machine to indicate errors or other status", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + }, + }, + }, }, }, }, - Required: []string{"nameSuffix", "diskSizeGB", "lun", "deletionPolicy"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.DataDiskManagedDiskParameters"}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_machine_v1beta1_DataDiskManagedDiskParameters(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_GCPMetadata(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "DataDiskManagedDiskParameters is the parameters of a DataDisk managed disk.", + Description: "GCPMetadata describes metadata for GCP.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "storageAccountType": { + "key": { SchemaProps: spec.SchemaProps{ - Description: "storageAccountType is the storage account type to use. Possible values include \"Standard_LRS\", \"Premium_LRS\" and \"UltraSSD_LRS\".", + Description: "key is the metadata key.", Default: "", Type: []string{"string"}, Format: "", }, }, - "diskEncryptionSet": { + "value": { SchemaProps: spec.SchemaProps{ - Description: "diskEncryptionSet is the disk encryption set properties. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is a DiskEncryptionSet with id: \"Default\".", - Ref: ref("github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters"), + Description: "value is the metadata value.", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"storageAccountType"}, + Required: []string{"key", "value"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters"}, } } -func schema_openshift_api_machine_v1beta1_DedicatedHost(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_GCPNetworkInterface(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "DedicatedHost represents the configuration for the usage of dedicated host.", + Description: "GCPNetworkInterface describes network interfaces for GCP", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "allocationStrategy": { + "publicIP": { SchemaProps: spec.SchemaProps{ - Description: "allocationStrategy specifies if the dedicated host will be provided by the admin through the id field or if the host will be dynamically allocated. Valid values are UserProvided and Dynamic. When omitted, the value defaults to \"UserProvided\", which requires the id field to be set. When allocationStrategy is set to UserProvided, an ID of the dedicated host to assign must be provided. When allocationStrategy is set to Dynamic, a dedicated host will be allocated and used to assign instances. When allocationStrategy is set to Dynamic, and dynamicHostAllocation is configured, a dedicated host will be allocated and the tags in dynamicHostAllocation will be assigned to that host.\n\nPossible enum values:\n - `\"Dynamic\"` specifies that the system should dynamically allocate a dedicated host for instances.\n - `\"UserProvided\"` specifies that the system should assign instances to a user-provided dedicated host.", - Default: "UserProvided", - Type: []string{"string"}, + Description: "publicIP indicates if true a public IP will be used", + Type: []string{"boolean"}, Format: "", - Enum: []interface{}{"Dynamic", "UserProvided"}, }, }, - "id": { + "network": { SchemaProps: spec.SchemaProps{ - Description: "id identifies the AWS Dedicated Host on which the instance must run. The value must start with \"h-\" followed by either 8 or 17 lowercase hexadecimal characters (0-9 and a-f). The use of 8 lowercase hexadecimal characters is for older legacy hosts that may not have been migrated to newer format. Must be either 10 or 19 characters in length. This field is required when allocationStrategy is UserProvided, and forbidden otherwise. When omitted with allocationStrategy set to Dynamic, the platform will dynamically allocate a dedicated host.", + Description: "network is the network name.", Type: []string{"string"}, Format: "", }, }, - "dynamicHostAllocation": { + "projectID": { SchemaProps: spec.SchemaProps{ - Description: "dynamicHostAllocation specifies tags to apply to a dynamically allocated dedicated host. This field is only allowed when allocationStrategy is Dynamic, and is mutually exclusive with id. When specified, a dedicated host will be allocated with the provided tags applied. When omitted (and allocationStrategy is Dynamic), a dedicated host will be allocated without any additional tags.", - Ref: ref("github.com/openshift/api/machine/v1beta1.DynamicHostAllocationSpec"), + Description: "projectID is the project in which the GCP machine provider will create the VM.", + Type: []string{"string"}, + Format: "", }, }, - }, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "allocationStrategy", - "fields-to-discriminateBy": map[string]interface{}{ - "dynamicHostAllocation": "DynamicHostAllocation", - "id": "ID", - }, + "subnetwork": { + SchemaProps: spec.SchemaProps{ + Description: "subnetwork is the subnetwork name.", + Type: []string{"string"}, + Format: "", }, }, }, }, }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.DynamicHostAllocationSpec"}, } } -func schema_openshift_api_machine_v1beta1_DedicatedHostStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_GCPServiceAccount(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "DedicatedHostStatus defines the observed state of a dynamically allocated dedicated host associated with an AWSMachine. This struct is used to track the ID of the dedicated host.", + Description: "GCPServiceAccount describes service accounts for GCP.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "id": { + "email": { SchemaProps: spec.SchemaProps{ - Description: "id tracks the dynamically allocated dedicated host ID. This field is populated when allocationStrategy is Dynamic (with or without DynamicHostAllocation). The value must start with \"h-\" followed by either 8 or 17 lowercase hexadecimal characters (0-9 and a-f). The use of 8 lowercase hexadecimal characters is for older legacy hosts that may not have been migrated to newer format. Must be either 10 or 19 characters in length.", + Description: "email is the service account email.", + Default: "", Type: []string{"string"}, Format: "", }, }, + "scopes": { + SchemaProps: spec.SchemaProps{ + Description: "scopes list of scopes to be assigned to the service account.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, }, - Required: []string{"id"}, + Required: []string{"email", "scopes"}, }, }, } } -func schema_openshift_api_machine_v1beta1_DiskEncryptionSetParameters(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_GCPShieldedInstanceConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "DiskEncryptionSetParameters is the disk encryption set properties", + Description: "GCPShieldedInstanceConfig describes the shielded VM configuration of the instance on GCP. Shielded VM configuration allow users to enable and disable Secure Boot, vTPM, and Integrity Monitoring.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "id": { + "secureBoot": { SchemaProps: spec.SchemaProps{ - Description: "id is the disk encryption set ID Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is: \"Default\".", + Description: "secureBoot Defines whether the instance should have secure boot enabled. Secure Boot verify the digital signature of all boot components, and halting the boot process if signature verification fails. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled.", Type: []string{"string"}, Format: "", }, }, - }, - }, - }, - } -} - -func schema_openshift_api_machine_v1beta1_DiskSettings(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "DiskSettings describe ephemeral disk settings for the os disk.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "ephemeralStorageLocation": { + "virtualizedTrustedPlatformModule": { SchemaProps: spec.SchemaProps{ - Description: "ephemeralStorageLocation enables ephemeral OS when set to 'Local'. Possible values include: 'Local'. See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks for full details. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is that disks are saved to remote Azure storage.", + Description: "virtualizedTrustedPlatformModule enable virtualized trusted platform module measurements to create a known good boot integrity policy baseline. The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. This is required to be set to \"Enabled\" if IntegrityMonitoring is enabled. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled.", + Type: []string{"string"}, + Format: "", + }, + }, + "integrityMonitoring": { + SchemaProps: spec.SchemaProps{ + Description: "integrityMonitoring determines whether the instance should have integrity monitoring that verify the runtime boot integrity. Compares the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled.", Type: []string{"string"}, Format: "", }, @@ -43332,32 +42739,36 @@ func schema_openshift_api_machine_v1beta1_DiskSettings(ref common.ReferenceCallb } } -func schema_openshift_api_machine_v1beta1_DynamicHostAllocationSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_HostPlacement(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "DynamicHostAllocationSpec defines the configuration for dynamic dedicated host allocation. This specification always allocates exactly one dedicated host per machine. At least one property must be specified when this struct is used. Currently only Tags are available for configuring, but in the future more configs may become available.", + Description: "HostPlacement is the type that will be used to configure the placement of AWS instances.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "tags": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, + "affinity": { + SchemaProps: spec.SchemaProps{ + Description: "affinity specifies the affinity setting for the instance. Allowed values are AnyAvailable and DedicatedHost. When Affinity is set to DedicatedHost, an instance started onto a specific host always restarts on the same host if stopped. In this scenario, the `dedicatedHost` field must be set. When Affinity is set to AnyAvailable, and you stop and restart the instance, it can be restarted on any available host. When Affinity is set to AnyAvailable and the `dedicatedHost` field is defined, it runs on specified Dedicated Host, but may move if stopped.", + Type: []string{"string"}, + Format: "", }, + }, + "dedicatedHost": { SchemaProps: spec.SchemaProps{ - Description: "tags specifies a set of key-value pairs to apply to the allocated dedicated host. When omitted, no additional user-defined tags will be applied to the allocated host. A maximum of 50 tags can be specified.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.TagSpecification"), - }, - }, + Description: "dedicatedHost specifies the exact host that an instance should be restarted on if stopped. dedicatedHost is required when 'affinity' is set to DedicatedHost, and optional otherwise.", + Ref: ref("github.com/openshift/api/machine/v1beta1.DedicatedHost"), + }, + }, + }, + Required: []string{"affinity"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "affinity", + "fields-to-discriminateBy": map[string]interface{}{ + "dedicatedHost": "DedicatedHost", }, }, }, @@ -43365,297 +42776,283 @@ func schema_openshift_api_machine_v1beta1_DynamicHostAllocationSpec(ref common.R }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.TagSpecification"}, + "github.com/openshift/api/machine/v1beta1.DedicatedHost"}, } } -func schema_openshift_api_machine_v1beta1_EBSBlockDeviceSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_Image(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "EBSBlockDeviceSpec describes a block device for an EBS volume. https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EbsBlockDevice", + Description: "Image is a mirror of azure sdk compute.ImageReference", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "deleteOnTermination": { + "publisher": { SchemaProps: spec.SchemaProps{ - Description: "Indicates whether the EBS volume is deleted on machine termination.\n\nDeprecated: setting this field has no effect.", - Type: []string{"boolean"}, + Description: "publisher is the name of the organization that created the image", + Default: "", + Type: []string{"string"}, Format: "", }, }, - "encrypted": { + "offer": { SchemaProps: spec.SchemaProps{ - Description: "Indicates whether the EBS volume is encrypted. Encrypted Amazon EBS volumes may only be attached to machines that support Amazon EBS encryption.", - Type: []string{"boolean"}, + Description: "offer specifies the name of a group of related images created by the publisher. For example, UbuntuServer, WindowsServer", + Default: "", + Type: []string{"string"}, Format: "", }, }, - "kmsKey": { - SchemaProps: spec.SchemaProps{ - Description: "Indicates the KMS key that should be used to encrypt the Amazon EBS volume.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.AWSResourceReference"), - }, - }, - "iops": { + "sku": { SchemaProps: spec.SchemaProps{ - Description: "The number of I/O operations per second (IOPS) that the volume supports. For io1, this represents the number of IOPS that are provisioned for the volume. For gp2, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. For more information about General Purpose SSD baseline performance, I/O credits, and bursting, see Amazon EBS Volume Types (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the Amazon Elastic Compute Cloud User Guide.\n\nMinimal and maximal IOPS for io1 and gp2 are constrained. Please, check https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html for precise boundaries for individual volumes.\n\nCondition: This parameter is required for requests to create io1 volumes; it is not used in requests to create gp2, st1, sc1, or standard volumes.", - Type: []string{"integer"}, - Format: "int64", + Description: "sku specifies an instance of an offer, such as a major release of a distribution. For example, 18.04-LTS, 2019-Datacenter", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "throughputMib": { + "version": { SchemaProps: spec.SchemaProps{ - Description: "throughputMib to provision in MiB/s supported for the volume type. Not applicable to all types.\n\nThis parameter is valid only for gp3 volumes. Valid Range: Minimum value of 125. Maximum value of 2000.\n\nWhen omitted, this means no opinion, and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 125.", - Type: []string{"integer"}, - Format: "int32", + Description: "version specifies the version of an image sku. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "volumeSize": { + "resourceID": { SchemaProps: spec.SchemaProps{ - Description: "The size of the volume, in GiB.\n\nConstraints: 1-16384 for General Purpose SSD (gp2), 4-16384 for Provisioned IOPS SSD (io1), 500-16384 for Throughput Optimized HDD (st1), 500-16384 for Cold HDD (sc1), and 1-1024 for Magnetic (standard) volumes. If you specify a snapshot, the volume size must be equal to or larger than the snapshot size.\n\nDefault: If you're creating the volume from a snapshot and don't specify a volume size, the default is the snapshot size.", - Type: []string{"integer"}, - Format: "int64", + Description: "resourceID specifies an image to use by ID", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "volumeType": { + "type": { SchemaProps: spec.SchemaProps{ - Description: "volumeType can be of type gp2, gp3, io1, st1, sc1, or standard. Default: standard", + Description: "type identifies the source of the image and related information, such as purchase plans. Valid values are \"ID\", \"MarketplaceWithPlan\", \"MarketplaceNoPlan\", and omitted, which means no opinion and the platform chooses a good default which may change over time. Currently that default is \"MarketplaceNoPlan\" if publisher data is supplied, or \"ID\" if not. For more information about purchase plans, see: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/cli-ps-findimage#check-the-purchase-plan-information", Type: []string{"string"}, Format: "", }, }, }, + Required: []string{"publisher", "offer", "sku", "version", "resourceID"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.AWSResourceReference"}, } } -func schema_openshift_api_machine_v1beta1_Filter(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_LastOperation(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "Filter is a filter used to identify an AWS resource", + Description: "LastOperation represents the detail of the last performed operation on the MachineObject.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "description": { SchemaProps: spec.SchemaProps{ - Description: "name of the filter. Filter names are case-sensitive.", - Default: "", + Description: "description is the human-readable description of the last operation.", Type: []string{"string"}, Format: "", }, }, - "values": { + "lastUpdated": { SchemaProps: spec.SchemaProps{ - Description: "values includes one or more filter values. Filter values are case-sensitive.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "lastUpdated is the timestamp at which LastOperation API was last-updated.", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + }, + }, + "state": { + SchemaProps: spec.SchemaProps{ + Description: "state is the current status of the last performed operation. E.g. Processing, Failed, Successful etc", + Type: []string{"string"}, + Format: "", + }, + }, + "type": { + SchemaProps: spec.SchemaProps{ + Description: "type is the type of operation which was last performed. E.g. Create, Delete, Update etc", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"name"}, }, }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } -func schema_openshift_api_machine_v1beta1_GCPDisk(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_LifecycleHook(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "GCPDisk describes disks for GCP.", + Description: "LifecycleHook represents a single instance of a lifecycle hook", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "autoDelete": { - SchemaProps: spec.SchemaProps{ - Description: "autoDelete indicates if the disk will be auto-deleted when the instance is deleted (default false).", - Default: false, - Type: []string{"boolean"}, - Format: "", - }, - }, - "boot": { - SchemaProps: spec.SchemaProps{ - Description: "boot indicates if this is a boot disk (default false).", - Default: false, - Type: []string{"boolean"}, - Format: "", - }, - }, - "sizeGb": { - SchemaProps: spec.SchemaProps{ - Description: "sizeGb is the size of the disk (in GB).", - Default: 0, - Type: []string{"integer"}, - Format: "int64", - }, - }, - "type": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "type is the type of the disk (eg: pd-standard).", + Description: "name defines a unique name for the lifcycle hook. The name should be unique and descriptive, ideally 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. Names must be unique and should only be managed by a single entity.", Default: "", Type: []string{"string"}, Format: "", }, }, - "image": { + "owner": { SchemaProps: spec.SchemaProps{ - Description: "image is the source image to create this disk.", + Description: "owner defines the owner of the lifecycle hook. This should be descriptive enough so that users can identify who/what is responsible for blocking the lifecycle. This could be the name of a controller (e.g. clusteroperator/etcd) or an administrator managing the hook.", Default: "", Type: []string{"string"}, Format: "", }, }, - "labels": { - SchemaProps: spec.SchemaProps{ - Description: "labels list of labels to apply to the disk.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "encryptionKey": { - SchemaProps: spec.SchemaProps{ - Description: "encryptionKey is the customer-supplied encryption key of the disk.", - Ref: ref("github.com/openshift/api/machine/v1beta1.GCPEncryptionKeyReference"), - }, - }, }, - Required: []string{"autoDelete", "boot", "sizeGb", "type", "image", "labels"}, + Required: []string{"name", "owner"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.GCPEncryptionKeyReference"}, } } -func schema_openshift_api_machine_v1beta1_GCPEncryptionKeyReference(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_LifecycleHooks(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "GCPEncryptionKeyReference describes the encryptionKey to use for a disk's encryption.", + Description: "LifecycleHooks allow users to pause operations on the machine at certain prefedined points within the machine lifecycle.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kmsKey": { + "preDrain": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "KMSKeyName is the reference KMS key, in the format", - Ref: ref("github.com/openshift/api/machine/v1beta1.GCPKMSKeyReference"), + Description: "preDrain hooks prevent the machine from being drained. This also blocks further lifecycle events, such as termination.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.LifecycleHook"), + }, + }, + }, }, }, - "kmsKeyServiceAccount": { + "preTerminate": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "kmsKeyServiceAccount is the service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. See https://cloud.google.com/compute/docs/access/service-accounts#compute_engine_service_account for details on the default service account.", - Type: []string{"string"}, - Format: "", + Description: "preTerminate hooks prevent the machine from being terminated. PreTerminate hooks be actioned after the Machine has been drained.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.LifecycleHook"), + }, + }, + }, }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.GCPKMSKeyReference"}, + "github.com/openshift/api/machine/v1beta1.LifecycleHook"}, } } -func schema_openshift_api_machine_v1beta1_GCPGPUConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_LoadBalancerReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "GCPGPUConfig describes type and count of GPUs attached to the instance on GCP.", + Description: "LoadBalancerReference is a reference to a load balancer on AWS.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "count": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "count is the number of GPUs to be attached to an instance.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Default: "", + Type: []string{"string"}, + Format: "", }, }, "type": { SchemaProps: spec.SchemaProps{ - Description: "type is the type of GPU to be attached to an instance. Supported GPU types are: nvidia-tesla-k80, nvidia-tesla-p100, nvidia-tesla-v100, nvidia-tesla-p4, nvidia-tesla-t4", - Default: "", - Type: []string{"string"}, - Format: "", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"count", "type"}, + Required: []string{"name", "type"}, }, }, } } -func schema_openshift_api_machine_v1beta1_GCPKMSKeyReference(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_Machine(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "GCPKMSKeyReference gathers required fields for looking up a GCP KMS Key", + Description: "Machine is the Schema for the machines API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "name is the name of the customer managed encryption key to be used for the disk encryption.", - Default: "", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "keyRing": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "keyRing is the name of the KMS Key Ring which the KMS Key belongs to.", - Default: "", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - "projectID": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "projectID is the ID of the Project in which the KMS Key Ring exists. Defaults to the VM ProjectID if not set.", - Type: []string{"string"}, - Format: "", + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, - "location": { + "spec": { SchemaProps: spec.SchemaProps{ - Description: "location is the GCP location in which the Key Ring exists.", - Default: "", - Type: []string{"string"}, - Format: "", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.MachineSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.MachineStatus"), }, }, }, - Required: []string{"name", "keyRing", "location"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.MachineSpec", "github.com/openshift/api/machine/v1beta1.MachineStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_machine_v1beta1_GCPMachineProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_MachineHealthCheck(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "GCPMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an GCP virtual machine. It is used by the GCP machine actuator to create a single Machine. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "MachineHealthCheck is the Schema for the machinehealthchecks API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -43676,259 +43073,200 @@ func schema_openshift_api_machine_v1beta1_GCPMachineProviderSpec(ref common.Refe SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, - "userDataSecret": { + "spec": { SchemaProps: spec.SchemaProps{ - Description: "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Description: "Specification of machine health check policy", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.MachineHealthCheckSpec"), }, }, - "credentialsSecret": { + "status": { SchemaProps: spec.SchemaProps{ - Description: "credentialsSecret is a reference to the secret with GCP credentials.", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Description: "Most recently observed status of MachineHealthCheck resource", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.MachineHealthCheckStatus"), }, }, - "canIPForward": { + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.MachineHealthCheckSpec", "github.com/openshift/api/machine/v1beta1.MachineHealthCheckStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_openshift_api_machine_v1beta1_MachineHealthCheckList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "MachineHealthCheckList contains a list of MachineHealthCheck Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { SchemaProps: spec.SchemaProps{ - Description: "canIPForward Allows this instance to send and receive packets with non-matching destination or source IPs. This is required if you plan to use this instance to forward routes.", - Default: false, - Type: []string{"boolean"}, + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, Format: "", }, }, - "deletionProtection": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "deletionProtection whether the resource should be protected against deletion.", - Default: false, - Type: []string{"boolean"}, + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, Format: "", }, }, - "disks": { - SchemaProps: spec.SchemaProps{ - Description: "disks is a list of disks to be attached to the VM.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Ref: ref("github.com/openshift/api/machine/v1beta1.GCPDisk"), - }, - }, - }, - }, - }, - "labels": { - SchemaProps: spec.SchemaProps{ - Description: "labels list of labels to apply to the VM.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "gcpMetadata": { - SchemaProps: spec.SchemaProps{ - Description: "Metadata key/value pairs to apply to the VM.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Ref: ref("github.com/openshift/api/machine/v1beta1.GCPMetadata"), - }, - }, - }, - }, - }, - "networkInterfaces": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "networkInterfaces is a list of network interfaces to be attached to the VM.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Ref: ref("github.com/openshift/api/machine/v1beta1.GCPNetworkInterface"), - }, - }, - }, + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, - "serviceAccounts": { + "items": { SchemaProps: spec.SchemaProps{ - Description: "serviceAccounts is a list of GCP service accounts to be used by the VM.", - Type: []string{"array"}, + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.GCPServiceAccount"), - }, - }, - }, - }, - }, - "tags": { - SchemaProps: spec.SchemaProps{ - Description: "tags list of network tags to apply to the VM.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "targetPools": { - SchemaProps: spec.SchemaProps{ - Description: "targetPools are used for network TCP/UDP load balancing. A target pool references member instances, an associated legacy HttpHealthCheck resource, and, optionally, a backup target pool", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Ref: ref("github.com/openshift/api/machine/v1beta1.MachineHealthCheck"), }, }, }, }, }, - "machineType": { - SchemaProps: spec.SchemaProps{ - Description: "machineType is the machine type to use for the VM.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "region": { - SchemaProps: spec.SchemaProps{ - Description: "region is the region in which the GCP machine provider will create the VM.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "zone": { - SchemaProps: spec.SchemaProps{ - Description: "zone is the zone in which the GCP machine provider will create the VM.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "projectID": { + }, + Required: []string{"items"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.MachineHealthCheck", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + } +} + +func schema_openshift_api_machine_v1beta1_MachineHealthCheckSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "MachineHealthCheckSpec defines the desired state of MachineHealthCheck", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "selector": { SchemaProps: spec.SchemaProps{ - Description: "projectID is the project in which the GCP machine provider will create the VM.", - Type: []string{"string"}, - Format: "", + Description: "Label selector to match machines whose health will be exercised. Note: An empty selector will match all machines.", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, - "gpus": { + "unhealthyConditions": { SchemaProps: spec.SchemaProps{ - Description: "gpus is a list of GPUs to be attached to the VM.", + Description: "unhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.GCPGPUConfig"), + Ref: ref("github.com/openshift/api/machine/v1beta1.UnhealthyCondition"), }, }, }, }, }, - "preemptible": { + "maxUnhealthy": { SchemaProps: spec.SchemaProps{ - Description: "preemptible indicates if created instance is preemptible.", - Type: []string{"boolean"}, - Format: "", + Description: "Any farther remediation is only allowed if at most \"MaxUnhealthy\" machines selected by \"selector\" are not healthy. Expects either a postive integer value or a percentage value. Percentage values must be positive whole numbers and are capped at 100%. Both 0 and 0% are valid and will block all remediation. Defaults to 100% if not set.", + Ref: ref("k8s.io/apimachinery/pkg/util/intstr.IntOrString"), }, }, - "provisioningModel": { + "nodeStartupTimeout": { SchemaProps: spec.SchemaProps{ - Description: "provisioningModel is an optional field that determines the provisioning model for the GCP machine instance. Valid values are \"Spot\" and omitted. When set to Spot, the instance runs as a Google Cloud Spot instance which provides significant cost savings but may be preempted by Google Cloud Platform when resources are needed elsewhere. When omitted, the machine will be provisioned as a standard on-demand instance. This field cannot be used together with the preemptible field.", - Type: []string{"string"}, - Format: "", + Description: "Machines older than this duration without a node will be considered to have failed and will be remediated. To prevent Machines without Nodes from being removed, disable startup checks by setting this value explicitly to \"0\". Expects an unsigned duration string of decimal numbers each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, - "onHostMaintenance": { + "remediationTemplate": { SchemaProps: spec.SchemaProps{ - Description: "onHostMaintenance determines the behavior when a maintenance event occurs that might cause the instance to reboot. This is required to be set to \"Terminate\" if you want to provision machine with attached GPUs. Otherwise, allowed values are \"Migrate\" and \"Terminate\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is \"Migrate\".", - Type: []string{"string"}, - Format: "", + Description: "remediationTemplate is a reference to a remediation template provided by an infrastructure provider.\n\nThis field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Machine API Operator.", + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, - "restartPolicy": { + }, + Required: []string{"selector", "unhealthyConditions"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.UnhealthyCondition", "k8s.io/api/core/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.Duration", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector", "k8s.io/apimachinery/pkg/util/intstr.IntOrString"}, + } +} + +func schema_openshift_api_machine_v1beta1_MachineHealthCheckStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "MachineHealthCheckStatus defines the observed state of MachineHealthCheck", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "expectedMachines": { SchemaProps: spec.SchemaProps{ - Description: "restartPolicy determines the behavior when an instance crashes or the underlying infrastructure provider stops the instance as part of a maintenance event (default \"Always\"). Cannot be \"Always\" with preemptible instances. Otherwise, allowed values are \"Always\" and \"Never\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is \"Always\". RestartPolicy represents AutomaticRestart in GCP compute api", - Type: []string{"string"}, - Format: "", + Description: "total number of machines counted by this machine health check", + Type: []string{"integer"}, + Format: "int32", }, }, - "shieldedInstanceConfig": { + "currentHealthy": { SchemaProps: spec.SchemaProps{ - Description: "shieldedInstanceConfig is the Shielded VM configuration for the VM", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.GCPShieldedInstanceConfig"), + Description: "total number of machines counted by this machine health check", + Type: []string{"integer"}, + Format: "int32", }, }, - "confidentialCompute": { + "remediationsAllowed": { SchemaProps: spec.SchemaProps{ - Description: "confidentialCompute is an optional field defining whether the instance should have confidential compute enabled or not, and the confidential computing technology of choice. Allowed values are omitted, Disabled, Enabled, AMDEncryptedVirtualization, AMDEncryptedVirtualizationNestedPaging, and IntelTrustedDomainExtensions When set to Disabled, the machine will not be configured to be a confidential computing instance. When set to Enabled, the machine will be configured as a confidential computing instance with no preference on the confidential compute policy used. In this mode, the platform chooses a default that is subject to change over time. Currently, the default is to use AMD Secure Encrypted Virtualization. When set to AMDEncryptedVirtualization, the machine will be configured as a confidential computing instance with AMD Secure Encrypted Virtualization (AMD SEV) as the confidential computing technology. When set to AMDEncryptedVirtualizationNestedPaging, the machine will be configured as a confidential computing instance with AMD Secure Encrypted Virtualization Secure Nested Paging (AMD SEV-SNP) as the confidential computing technology. When set to IntelTrustedDomainExtensions, the machine will be configured as a confidential computing instance with Intel Trusted Domain Extensions (Intel TDX) as the confidential computing technology. If any value other than Disabled is set the selected machine type must support that specific confidential computing technology. The machine series supporting confidential computing technologies can be checked at https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations#all-confidential-vm-instances Currently, AMDEncryptedVirtualization is supported in c2d, n2d, and c3d machines. AMDEncryptedVirtualizationNestedPaging is supported in n2d machines. IntelTrustedDomainExtensions is supported in c3 machines. If any value other than Disabled is set, the selected region must support that specific confidential computing technology. The list of regions supporting confidential computing technologies can be checked at https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations#supported-zones If any value other than Disabled is set onHostMaintenance is required to be set to \"Terminate\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled.", - Type: []string{"string"}, - Format: "", + Description: "remediationsAllowed is the number of further remediations allowed by this machine health check before maxUnhealthy short circuiting will be applied", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, - "resourceManagerTags": { + "conditions": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ "x-kubernetes-list-map-keys": []interface{}{ - "key", + "type", }, "x-kubernetes-list-type": "map", }, }, SchemaProps: spec.SchemaProps{ - Description: "resourceManagerTags is an optional list of tags to apply to the GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", + Description: "conditions defines the current state of the MachineHealthCheck", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.ResourceManagerTag"), + Ref: ref("github.com/openshift/api/machine/v1beta1.Condition"), }, }, }, }, }, }, - Required: []string{"canIPForward", "deletionProtection", "serviceAccounts", "machineType", "region", "zone"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.GCPDisk", "github.com/openshift/api/machine/v1beta1.GCPGPUConfig", "github.com/openshift/api/machine/v1beta1.GCPMetadata", "github.com/openshift/api/machine/v1beta1.GCPNetworkInterface", "github.com/openshift/api/machine/v1beta1.GCPServiceAccount", "github.com/openshift/api/machine/v1beta1.GCPShieldedInstanceConfig", "github.com/openshift/api/machine/v1beta1.ResourceManagerTag", corev1.LocalObjectReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/machine/v1beta1.Condition"}, } } -func schema_openshift_api_machine_v1beta1_GCPMachineProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_MachineList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "GCPMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains GCP-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "MachineList contains a list of Machine Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -43947,705 +43285,809 @@ func schema_openshift_api_machine_v1beta1_GCPMachineProviderStatus(ref common.Re }, "metadata": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), - }, - }, - "instanceId": { - SchemaProps: spec.SchemaProps{ - Description: "instanceId is the ID of the instance in GCP", - Type: []string{"string"}, - Format: "", - }, - }, - "instanceState": { - SchemaProps: spec.SchemaProps{ - Description: "instanceState is the provisioning state of the GCP Instance.", - Type: []string{"string"}, - Format: "", + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", - }, - "x-kubernetes-list-type": "map", - }, - }, + "items": { SchemaProps: spec.SchemaProps{ - Description: "conditions is a set of conditions associated with the Machine to indicate errors or other status", - Type: []string{"array"}, + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("github.com/openshift/api/machine/v1beta1.Machine"), }, }, }, }, }, }, + Required: []string{"items"}, }, }, Dependencies: []string{ - metav1.Condition{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/machine/v1beta1.Machine", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_machine_v1beta1_GCPMetadata(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_MachineSet(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "GCPMetadata describes metadata for GCP.", + Description: "MachineSet ensures that a specified number of machines replicas are running at any given time. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "key": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "key is the metadata key.", - Default: "", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "value": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "value is the metadata value.", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.MachineSetSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.MachineSetStatus"), + }, + }, }, - Required: []string{"key", "value"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.MachineSetSpec", "github.com/openshift/api/machine/v1beta1.MachineSetStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_machine_v1beta1_GCPNetworkInterface(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_MachineSetList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "GCPNetworkInterface describes network interfaces for GCP", + Description: "MachineSetList contains a list of MachineSet Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "publicIP": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "publicIP indicates if true a public IP will be used", - Type: []string{"boolean"}, + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, Format: "", }, }, - "network": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "network is the network name.", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - "projectID": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "projectID is the project in which the GCP machine provider will create the VM.", - Type: []string{"string"}, - Format: "", + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, - "subnetwork": { + "items": { SchemaProps: spec.SchemaProps{ - Description: "subnetwork is the subnetwork name.", - Type: []string{"string"}, - Format: "", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.MachineSet"), + }, + }, + }, }, }, }, + Required: []string{"items"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.MachineSet", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_machine_v1beta1_GCPServiceAccount(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_MachineSetSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "GCPServiceAccount describes service accounts for GCP.", + Description: "MachineSetSpec defines the desired state of MachineSet", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "email": { + "replicas": { SchemaProps: spec.SchemaProps{ - Description: "email is the service account email.", - Default: "", + Description: "replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "minReadySeconds": { + SchemaProps: spec.SchemaProps{ + Description: "minReadySeconds is the minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready)", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "deletePolicy": { + SchemaProps: spec.SchemaProps{ + Description: "deletePolicy defines the policy used to identify nodes to delete when downscaling. Defaults to \"Random\". Valid values are \"Random, \"Newest\", \"Oldest\"", Type: []string{"string"}, Format: "", }, }, - "scopes": { + "selector": { SchemaProps: spec.SchemaProps{ - Description: "scopes list of scopes to be assigned to the service account.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "selector is a label query over machines that should match the replica count. Label keys and values that must match in order to be controlled by this MachineSet. It must match the machine template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + }, + }, + "template": { + SchemaProps: spec.SchemaProps{ + Description: "template is the object that describes the machine that will be created if insufficient replicas are detected.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.MachineTemplateSpec"), + }, + }, + "authoritativeAPI": { + SchemaProps: spec.SchemaProps{ + Description: "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI and ClusterAPI. When set to MachineAPI, writes to the spec of the machine.openshift.io copy of this resource will be reflected into the cluster.x-k8s.io copy. When set to ClusterAPI, writes to the spec of the cluster.x-k8s.io copy of this resource will be reflected into the machine.openshift.io copy. Updates to the status will be reflected in both copies of the resource, based on the controller implementing the functionality of the API. Currently the authoritative API determines which controller will manage the resource, this will change in a future release. To ensure the change has been accepted, please verify that the `status.authoritativeAPI` field has been updated to the desired value and that the `Synchronized` condition is present and set to `True`.", + Default: "MachineAPI", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"email", "scopes"}, + Required: []string{"selector"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.MachineTemplateSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } -func schema_openshift_api_machine_v1beta1_GCPShieldedInstanceConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_MachineSetStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "GCPShieldedInstanceConfig describes the shielded VM configuration of the instance on GCP. Shielded VM configuration allow users to enable and disable Secure Boot, vTPM, and Integrity Monitoring.", + Description: "MachineSetStatus defines the observed state of MachineSet", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "secureBoot": { + "replicas": { SchemaProps: spec.SchemaProps{ - Description: "secureBoot Defines whether the instance should have secure boot enabled. Secure Boot verify the digital signature of all boot components, and halting the boot process if signature verification fails. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled.", + Description: "replicas is the most recently observed number of replicas.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", + }, + }, + "fullyLabeledReplicas": { + SchemaProps: spec.SchemaProps{ + Description: "The number of replicas that have labels matching the labels of the machine template of the MachineSet.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "readyReplicas": { + SchemaProps: spec.SchemaProps{ + Description: "The number of ready replicas for this MachineSet. A machine is considered ready when the node has been created and is \"Ready\".", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "availableReplicas": { + SchemaProps: spec.SchemaProps{ + Description: "The number of available replicas (ready for at least minReadySeconds) for this MachineSet.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "observedGeneration": { + SchemaProps: spec.SchemaProps{ + Description: "observedGeneration reflects the generation of the most recently observed MachineSet.", + Type: []string{"integer"}, + Format: "int64", + }, + }, + "errorReason": { + SchemaProps: spec.SchemaProps{ + Description: "In the event that there is a terminal problem reconciling the replicas, both ErrorReason and ErrorMessage will be set. ErrorReason will be populated with a succinct value suitable for machine interpretation, while ErrorMessage will contain a more verbose string suitable for logging and human consumption.\n\nThese fields should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the MachineTemplate's spec or the configuration of the machine controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the machine controller, or the responsible machine controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines can be added as events to the MachineSet object and/or logged in the controller's output.", Type: []string{"string"}, Format: "", }, - }, - "virtualizedTrustedPlatformModule": { + }, + "errorMessage": { + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "virtualizedTrustedPlatformModule enable virtualized trusted platform module measurements to create a known good boot integrity policy baseline. The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. This is required to be set to \"Enabled\" if IntegrityMonitoring is enabled. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled.", - Type: []string{"string"}, - Format: "", + Description: "conditions defines the current state of the MachineSet", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.Condition"), + }, + }, + }, }, }, - "integrityMonitoring": { + "authoritativeAPI": { SchemaProps: spec.SchemaProps{ - Description: "integrityMonitoring determines whether the instance should have integrity monitoring that verify the runtime boot integrity. Compares the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled.", + Description: "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI, ClusterAPI and Migrating. This value is updated by the migration controller to reflect the authoritative API. Machine API and Cluster API controllers use this value to determine whether or not to reconcile the resource. When set to Migrating, the migration controller is currently performing the handover of authority from one API to the other.", Type: []string{"string"}, Format: "", }, }, - }, - }, - }, - } -} - -func schema_openshift_api_machine_v1beta1_HostPlacement(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "HostPlacement is the type that will be used to configure the placement of AWS instances.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "affinity": { + "synchronizedAPI": { SchemaProps: spec.SchemaProps{ - Description: "affinity specifies the affinity setting for the instance. Allowed values are AnyAvailable and DedicatedHost. When Affinity is set to DedicatedHost, an instance started onto a specific host always restarts on the same host if stopped. In this scenario, the `dedicatedHost` field must be set. When Affinity is set to AnyAvailable, and you stop and restart the instance, it can be restarted on any available host. When Affinity is set to AnyAvailable and the `dedicatedHost` field is defined, it runs on specified Dedicated Host, but may move if stopped.", + Description: "synchronizedAPI holds the last stable value of authoritativeAPI. It is used to detect migration cancellation requests and to restore the resource to its previous state. Valid values are \"MachineAPI\" and \"ClusterAPI\". When omitted, the resource has not yet been reconciled by the migration controller.", Type: []string{"string"}, Format: "", }, }, - "dedicatedHost": { + "synchronizedGeneration": { SchemaProps: spec.SchemaProps{ - Description: "dedicatedHost specifies the exact host that an instance should be restarted on if stopped. dedicatedHost is required when 'affinity' is set to DedicatedHost, and optional otherwise.", - Ref: ref("github.com/openshift/api/machine/v1beta1.DedicatedHost"), - }, - }, - }, - Required: []string{"affinity"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "affinity", - "fields-to-discriminateBy": map[string]interface{}{ - "dedicatedHost": "DedicatedHost", - }, + Description: "synchronizedGeneration is the generation of the authoritative resource that the non-authoritative resource is synchronised with. This field is set when the authoritative resource is updated and the sync controller has updated the non-authoritative resource to match.", + Type: []string{"integer"}, + Format: "int64", }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.DedicatedHost"}, + "github.com/openshift/api/machine/v1beta1.Condition"}, } } -func schema_openshift_api_machine_v1beta1_Image(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_MachineSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "Image is a mirror of azure sdk compute.ImageReference", + Description: "MachineSpec defines the desired state of Machine", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "publisher": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "publisher is the name of the organization that created the image", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "ObjectMeta will autopopulate the Node created. Use this to indicate what labels, annotations, name prefix, etc., should be used when creating the Node.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.ObjectMeta"), }, }, - "offer": { + "lifecycleHooks": { SchemaProps: spec.SchemaProps{ - Description: "offer specifies the name of a group of related images created by the publisher. For example, UbuntuServer, WindowsServer", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "lifecycleHooks allow users to pause operations on the machine at certain predefined points within the machine lifecycle.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.LifecycleHooks"), }, }, - "sku": { + "taints": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "sku specifies an instance of an offer, such as a major release of a distribution. For example, 18.04-LTS, 2019-Datacenter", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "The list of the taints to be applied to the corresponding Node in additive manner. This list will not overwrite any other taints added to the Node on an ongoing basis by other entities. These taints should be actively reconciled e.g. if you ask the machine controller to apply a taint and then manually remove the taint the machine controller will put it back) but not have the machine controller remove any taints", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/api/core/v1.Taint"), + }, + }, + }, }, }, - "version": { + "providerSpec": { SchemaProps: spec.SchemaProps{ - Description: "version specifies the version of an image sku. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "providerSpec details Provider-specific configuration to use during node creation.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.ProviderSpec"), }, }, - "resourceID": { + "providerID": { SchemaProps: spec.SchemaProps{ - Description: "resourceID specifies an image to use by ID", - Default: "", + Description: "providerID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider.", Type: []string{"string"}, Format: "", }, }, - "type": { + "authoritativeAPI": { SchemaProps: spec.SchemaProps{ - Description: "type identifies the source of the image and related information, such as purchase plans. Valid values are \"ID\", \"MarketplaceWithPlan\", \"MarketplaceNoPlan\", and omitted, which means no opinion and the platform chooses a good default which may change over time. Currently that default is \"MarketplaceNoPlan\" if publisher data is supplied, or \"ID\" if not. For more information about purchase plans, see: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/cli-ps-findimage#check-the-purchase-plan-information", + Description: "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI and ClusterAPI. When set to MachineAPI, writes to the spec of the machine.openshift.io copy of this resource will be reflected into the cluster.x-k8s.io copy. When set to ClusterAPI, writes to the spec of the cluster.x-k8s.io copy of this resource will be reflected into the machine.openshift.io copy. Updates to the status will be reflected in both copies of the resource, based on the controller implementing the functionality of the API. Currently the authoritative API determines which controller will manage the resource, this will change in a future release. To ensure the change has been accepted, please verify that the `status.authoritativeAPI` field has been updated to the desired value and that the `Synchronized` condition is present and set to `True`.", + Default: "MachineAPI", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"publisher", "offer", "sku", "version", "resourceID"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.LifecycleHooks", "github.com/openshift/api/machine/v1beta1.ObjectMeta", "github.com/openshift/api/machine/v1beta1.ProviderSpec", "k8s.io/api/core/v1.Taint"}, } } -func schema_openshift_api_machine_v1beta1_LastOperation(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_MachineStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "LastOperation represents the detail of the last performed operation on the MachineObject.", + Description: "MachineStatus defines the observed state of Machine", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "description": { + "nodeRef": { SchemaProps: spec.SchemaProps{ - Description: "description is the human-readable description of the last operation.", - Type: []string{"string"}, - Format: "", + Description: "nodeRef will point to the corresponding Node if it exists.", + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, "lastUpdated": { SchemaProps: spec.SchemaProps{ - Description: "lastUpdated is the timestamp at which LastOperation API was last-updated.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), - }, - }, - "state": { - SchemaProps: spec.SchemaProps{ - Description: "state is the current status of the last performed operation. E.g. Processing, Failed, Successful etc", - Type: []string{"string"}, - Format: "", + Description: "lastUpdated identifies when this status was last observed.", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, - "type": { + "errorReason": { SchemaProps: spec.SchemaProps{ - Description: "type is the type of operation which was last performed. E.g. Create, Delete, Update etc", + Description: "errorReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation.\n\nThis field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", Type: []string{"string"}, Format: "", }, }, - }, - }, - }, - Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_machine_v1beta1_LifecycleHook(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "LifecycleHook represents a single instance of a lifecycle hook", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "name": { + "errorMessage": { SchemaProps: spec.SchemaProps{ - Description: "name defines a unique name for the lifcycle hook. The name should be unique and descriptive, ideally 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. Names must be unique and should only be managed by a single entity.", - Default: "", + Description: "errorMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption.\n\nThis field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", Type: []string{"string"}, Format: "", }, }, - "owner": { + "providerStatus": { SchemaProps: spec.SchemaProps{ - Description: "owner defines the owner of the lifecycle hook. This should be descriptive enough so that users can identify who/what is responsible for blocking the lifecycle. This could be the name of a controller (e.g. clusteroperator/etcd) or an administrator managing the hook.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "providerStatus details a Provider-specific status. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field.", + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, - }, - Required: []string{"name", "owner"}, - }, - }, - } -} - -func schema_openshift_api_machine_v1beta1_LifecycleHooks(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "LifecycleHooks allow users to pause operations on the machine at certain prefedined points within the machine lifecycle.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "preDrain": { + "addresses": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", + "x-kubernetes-list-type": "atomic", }, }, SchemaProps: spec.SchemaProps{ - Description: "preDrain hooks prevent the machine from being drained. This also blocks further lifecycle events, such as termination.", + Description: "addresses is a list of addresses assigned to the machine. Queried from cloud provider, if available.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.LifecycleHook"), + Ref: ref("k8s.io/api/core/v1.NodeAddress"), }, }, }, }, }, - "preTerminate": { + "lastOperation": { + SchemaProps: spec.SchemaProps{ + Description: "lastOperation describes the last-operation performed by the machine-controller. This API should be useful as a history in terms of the latest operation performed on the specific machine. It should also convey the state of the latest-operation for example if it is still on-going, failed or completed successfully.", + Ref: ref("github.com/openshift/api/machine/v1beta1.LastOperation"), + }, + }, + "phase": { + SchemaProps: spec.SchemaProps{ + Description: "phase represents the current phase of machine actuation. One of: Failed, Provisioning, Provisioned, Running, Deleting", + Type: []string{"string"}, + Format: "", + }, + }, + "conditions": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ "x-kubernetes-list-map-keys": []interface{}{ - "name", + "type", }, "x-kubernetes-list-type": "map", }, }, SchemaProps: spec.SchemaProps{ - Description: "preTerminate hooks prevent the machine from being terminated. PreTerminate hooks be actioned after the Machine has been drained.", + Description: "conditions defines the current state of the Machine", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.LifecycleHook"), + Ref: ref("github.com/openshift/api/machine/v1beta1.Condition"), }, }, }, }, }, + "authoritativeAPI": { + SchemaProps: spec.SchemaProps{ + Description: "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI, ClusterAPI and Migrating. This value is updated by the migration controller to reflect the authoritative API. Machine API and Cluster API controllers use this value to determine whether or not to reconcile the resource. When set to Migrating, the migration controller is currently performing the handover of authority from one API to the other.", + Type: []string{"string"}, + Format: "", + }, + }, + "synchronizedAPI": { + SchemaProps: spec.SchemaProps{ + Description: "synchronizedAPI holds the last stable value of authoritativeAPI. It is used to detect migration cancellation requests and to restore the resource to its previous state. Valid values are \"MachineAPI\" and \"ClusterAPI\". When omitted, the resource has not yet been reconciled by the migration controller.", + Type: []string{"string"}, + Format: "", + }, + }, + "synchronizedGeneration": { + SchemaProps: spec.SchemaProps{ + Description: "synchronizedGeneration is the generation of the authoritative resource that the non-authoritative resource is synchronised with. This field is set when the authoritative resource is updated and the sync controller has updated the non-authoritative resource to match.", + Type: []string{"integer"}, + Format: "int64", + }, + }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.LifecycleHook"}, + "github.com/openshift/api/machine/v1beta1.Condition", "github.com/openshift/api/machine/v1beta1.LastOperation", "k8s.io/api/core/v1.NodeAddress", "k8s.io/api/core/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.Time", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } -func schema_openshift_api_machine_v1beta1_LoadBalancerReference(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_MachineTemplateSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "LoadBalancerReference is a reference to a load balancer on AWS.", + Description: "MachineTemplateSpec describes the data needed to create a Machine from a template", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "metadata": { SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.ObjectMeta"), }, }, - "type": { + "spec": { SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Description: "Specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.MachineSpec"), }, }, }, - Required: []string{"name", "type"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.MachineSpec", "github.com/openshift/api/machine/v1beta1.ObjectMeta"}, } } -func schema_openshift_api_machine_v1beta1_Machine(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_MetadataServiceOptions(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "Machine is the Schema for the machines API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "MetadataServiceOptions defines the options available to a user when configuring Instance Metadata Service (IMDS) Options.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { + "authentication": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "authentication determines whether or not the host requires the use of authentication when interacting with the metadata service. When using authentication, this enforces v2 interaction method (IMDSv2) with the metadata service. When omitted, this means the user has no opinion and the value is left to the platform to choose a good default, which is subject to change over time. The current default is optional. At this point this field represents `HttpTokens` parameter from `InstanceMetadataOptionsRequest` structure in AWS EC2 API https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_InstanceMetadataOptionsRequest.html", Type: []string{"string"}, Format: "", }, }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), - }, - }, - "spec": { - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.MachineSpec"), - }, - }, - "status": { - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.MachineStatus"), - }, - }, }, }, }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.MachineSpec", "github.com/openshift/api/machine/v1beta1.MachineStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1beta1_MachineHealthCheck(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_NetworkDeviceSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MachineHealthCheck is the Schema for the machinehealthchecks API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "NetworkDeviceSpec defines the network configuration for a virtual machine's network device.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "networkName": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "networkName is the name of the vSphere network or port group to which the network device will be connected, for example, port-group-1. When not provided, the vCenter API will attempt to select a default network. The available networks (port groups) can be listed using `govc ls 'network/*'`", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "gateway": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "gateway is an IPv4 or IPv6 address which represents the subnet gateway, for example, 192.168.1.1.", Type: []string{"string"}, Format: "", }, }, - "metadata": { + "ipAddrs": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Description: "ipAddrs is a list of one or more IPv4 and/or IPv6 addresses and CIDR to assign to this device, for example, 192.168.1.100/24. IP addresses provided via ipAddrs are intended to allow explicit assignment of a machine's IP address. IP pool configurations provided via addressesFromPool, however, defer IP address assignment to an external controller. If both addressesFromPool and ipAddrs are empty or not defined, DHCP will be used to assign an IP address. If both ipAddrs and addressesFromPools are defined, the IP addresses associated with ipAddrs will be applied first followed by IP addresses from addressesFromPools.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "spec": { + "nameservers": { SchemaProps: spec.SchemaProps{ - Description: "Specification of machine health check policy", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.MachineHealthCheckSpec"), + Description: "nameservers is a list of IPv4 and/or IPv6 addresses used as DNS nameservers, for example, 8.8.8.8. a nameserver is not provided by a fulfilled IPAddressClaim. If DHCP is not the source of IP addresses for this network device, nameservers should include a valid nameserver.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "status": { + "addressesFromPools": { SchemaProps: spec.SchemaProps{ - Description: "Most recently observed status of MachineHealthCheck resource", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.MachineHealthCheckStatus"), + Description: "addressesFromPools is a list of references to IP pool types and instances which are handled by an external controller. addressesFromPool configurations provided via addressesFromPools defer IP address assignment to an external controller. IP addresses provided via ipAddrs, however, are intended to allow explicit assignment of a machine's IP address. If both addressesFromPool and ipAddrs are empty or not defined, DHCP will assign an IP address. If both ipAddrs and addressesFromPools are defined, the IP addresses associated with ipAddrs will be applied first followed by IP addresses from addressesFromPools.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.AddressesFromPool"), + }, + }, + }, }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.MachineHealthCheckSpec", "github.com/openshift/api/machine/v1beta1.MachineHealthCheckStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/machine/v1beta1.AddressesFromPool"}, } } -func schema_openshift_api_machine_v1beta1_MachineHealthCheckList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_NetworkSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MachineHealthCheckList contains a list of MachineHealthCheck Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "NetworkSpec defines the virtual machine's network configuration.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), - }, - }, - "items": { + "devices": { SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, + Description: "devices defines the virtual machine's network interfaces.", + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.MachineHealthCheck"), + Ref: ref("github.com/openshift/api/machine/v1beta1.NetworkDeviceSpec"), }, }, }, }, }, }, - Required: []string{"items"}, + Required: []string{"devices"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.MachineHealthCheck", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/machine/v1beta1.NetworkDeviceSpec"}, } } -func schema_openshift_api_machine_v1beta1_MachineHealthCheckSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_OSDisk(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MachineHealthCheckSpec defines the desired state of MachineHealthCheck", - Type: []string{"object"}, + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "selector": { + "osType": { SchemaProps: spec.SchemaProps{ - Description: "Label selector to match machines whose health will be exercised. Note: An empty selector will match all machines.", + Description: "osType is the operating system type of the OS disk. Possible values include \"Linux\" and \"Windows\".", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "managedDisk": { + SchemaProps: spec.SchemaProps{ + Description: "managedDisk specifies the Managed Disk parameters for the OS disk.", Default: map[string]interface{}{}, - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("github.com/openshift/api/machine/v1beta1.OSDiskManagedDiskParameters"), }, }, - "unhealthyConditions": { + "diskSizeGB": { SchemaProps: spec.SchemaProps{ - Description: "unhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.UnhealthyCondition"), - }, - }, - }, + Description: "diskSizeGB is the size in GB to assign to the data disk.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, - "maxUnhealthy": { + "diskSettings": { SchemaProps: spec.SchemaProps{ - Description: "Any farther remediation is only allowed if at most \"MaxUnhealthy\" machines selected by \"selector\" are not healthy. Expects either a postive integer value or a percentage value. Percentage values must be positive whole numbers and are capped at 100%. Both 0 and 0% are valid and will block all remediation. Defaults to 100% if not set.", - Ref: ref(intstr.IntOrString{}.OpenAPIModelName()), + Description: "diskSettings describe ephemeral disk settings for the os disk.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.DiskSettings"), }, }, - "nodeStartupTimeout": { + "cachingType": { SchemaProps: spec.SchemaProps{ - Description: "Machines older than this duration without a node will be considered to have failed and will be remediated. To prevent Machines without Nodes from being removed, disable startup checks by setting this value explicitly to \"0\". Expects an unsigned duration string of decimal numbers each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".", - Ref: ref(metav1.Duration{}.OpenAPIModelName()), + Description: "cachingType specifies the caching requirements. Possible values include: 'None', 'ReadOnly', 'ReadWrite'. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is `None`.", + Type: []string{"string"}, + Format: "", }, }, - "remediationTemplate": { + }, + Required: []string{"osType", "managedDisk", "diskSizeGB"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.DiskSettings", "github.com/openshift/api/machine/v1beta1.OSDiskManagedDiskParameters"}, + } +} + +func schema_openshift_api_machine_v1beta1_OSDiskManagedDiskParameters(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "OSDiskManagedDiskParameters is the parameters of a OSDisk managed disk.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "storageAccountType": { SchemaProps: spec.SchemaProps{ - Description: "remediationTemplate is a reference to a remediation template provided by an infrastructure provider.\n\nThis field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Machine API Operator.", - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Description: "storageAccountType is the storage account type to use. Possible values include \"Standard_LRS\", \"Premium_LRS\".", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "diskEncryptionSet": { + SchemaProps: spec.SchemaProps{ + Description: "diskEncryptionSet is the disk encryption set properties", + Ref: ref("github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters"), + }, + }, + "securityProfile": { + SchemaProps: spec.SchemaProps{ + Description: "securityProfile specifies the security profile for the managed disk.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.VMDiskSecurityProfile"), }, }, }, - Required: []string{"selector", "unhealthyConditions"}, + Required: []string{"storageAccountType"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.UnhealthyCondition", corev1.ObjectReference{}.OpenAPIModelName(), metav1.Duration{}.OpenAPIModelName(), metav1.LabelSelector{}.OpenAPIModelName(), intstr.IntOrString{}.OpenAPIModelName()}, + "github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters", "github.com/openshift/api/machine/v1beta1.VMDiskSecurityProfile"}, } } -func schema_openshift_api_machine_v1beta1_MachineHealthCheckStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_ObjectMeta(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MachineHealthCheckStatus defines the observed state of MachineHealthCheck", + Description: "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. This is a copy of customizable fields from metav1.ObjectMeta.\n\nObjectMeta is embedded in `Machine.Spec`, `MachineDeployment.Template` and `MachineSet.Template`, which are not top-level Kubernetes objects. Given that metav1.ObjectMeta has lots of special cases and read-only fields which end up in the generated CRD validation, having it as a subset simplifies the API and some issues that can impact user experience.\n\nDuring the [upgrade to controller-tools@v2](https://github.com/kubernetes-sigs/cluster-api/pull/1054) for v1alpha2, we noticed a failure would occur running Cluster API test suite against the new CRDs, specifically `spec.metadata.creationTimestamp in body must be of type string: \"null\"`. The investigation showed that `controller-tools@v2` behaves differently than its previous version when handling types from [metav1](k8s.io/apimachinery/pkg/apis/meta/v1) package.\n\nIn more details, we found that embedded (non-top level) types that embedded `metav1.ObjectMeta` had validation properties, including for `creationTimestamp` (metav1.Time). The `metav1.Time` type specifies a custom json marshaller that, when IsZero() is true, returns `null` which breaks validation because the field isn't marked as nullable.\n\nIn future versions, controller-tools@v2 might allow overriding the type and validation for embedded types. When that happens, this hack should be revisited.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "expectedMachines": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "total number of machines counted by this machine health check", - Type: []string{"integer"}, - Format: "int32", + Description: "name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", + Type: []string{"string"}, + Format: "", }, }, - "currentHealthy": { + "generateName": { SchemaProps: spec.SchemaProps{ - Description: "total number of machines counted by this machine health check", - Type: []string{"integer"}, - Format: "int32", + Description: "generateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", + Type: []string{"string"}, + Format: "", + }, + }, + "namespace": { + SchemaProps: spec.SchemaProps{ + Description: "namespace defines the space within each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", + Type: []string{"string"}, + Format: "", + }, + }, + "labels": { + SchemaProps: spec.SchemaProps{ + Description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "remediationsAllowed": { + "annotations": { SchemaProps: spec.SchemaProps{ - Description: "remediationsAllowed is the number of further remediations allowed by this machine health check before maxUnhealthy short circuiting will be applied", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "conditions": { + "ownerReferences": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ "x-kubernetes-list-map-keys": []interface{}{ - "type", + "uid", }, - "x-kubernetes-list-type": "map", + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "uid", + "x-kubernetes-patch-strategy": "merge", }, }, SchemaProps: spec.SchemaProps{ - Description: "conditions defines the current state of the MachineHealthCheck", + Description: "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.Condition"), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference"), }, }, }, @@ -44655,1256 +44097,1300 @@ func schema_openshift_api_machine_v1beta1_MachineHealthCheckStatus(ref common.Re }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.Condition"}, + "k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference"}, } } -func schema_openshift_api_machine_v1beta1_MachineList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_Placement(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MachineList contains a list of Machine Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "Placement indicates where to create the instance in AWS", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "region": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "region is the region to use to create the instance", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "availabilityZone": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "availabilityZone is the availability zone of the instance", Type: []string{"string"}, Format: "", }, }, - "metadata": { + "tenancy": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Description: "tenancy indicates if instance should run on shared or single-tenant hardware. There are supported 3 options: default, dedicated and host. When set to default Runs on shared multi-tenant hardware. When dedicated Runs on single-tenant hardware (any dedicated instance hardware). When host and the host object is not provided: Runs on Dedicated Host; best-effort restart on same host. When `host` and `host` object is provided with affinity `dedicatedHost` defined: Runs on specified Dedicated Host.", + Type: []string{"string"}, + Format: "", }, }, - "items": { + "host": { SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.Machine"), - }, - }, - }, + Description: "host configures placement on AWS Dedicated Hosts. This allows admins to assign instances to specific host for a variety of needs including for regulatory compliance, to leverage existing per-socket or per-core software licenses (BYOL), and to gain visibility and control over instance placement on a physical server. When omitted, the instance is not constrained to a dedicated host.", + Ref: ref("github.com/openshift/api/machine/v1beta1.HostPlacement"), }, }, }, - Required: []string{"items"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.Machine", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/machine/v1beta1.HostPlacement"}, } } -func schema_openshift_api_machine_v1beta1_MachineSet(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_ProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MachineSet ensures that a specified number of machines replicas are running at any given time. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "ProviderSpec defines the configuration to use during node creation.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "value": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "value is an inlined, serialized representation of the resource configuration. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field, akin to component config.", + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + } +} + +func schema_openshift_api_machine_v1beta1_ResourceManagerTag(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ResourceManagerTag is a tag to apply to GCP resources created for the cluster.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "parentID": { + SchemaProps: spec.SchemaProps{ + Description: "parentID is the ID of the hierarchical resource where the tags are defined e.g. at the Organization or the Project level. To find the Organization or Project ID ref https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects An OrganizationID can have a maximum of 32 characters and must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "key": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "metadata": { + "value": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Description: "value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "spec": { + }, + Required: []string{"parentID", "key", "value"}, + }, + }, + } +} + +func schema_openshift_api_machine_v1beta1_SecurityProfile(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "SecurityProfile specifies the Security profile settings for a virtual machine or virtual machine scale set.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "encryptionAtHost": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.MachineSetSpec"), + Description: "encryptionAtHost indicates whether Host Encryption should be enabled or disabled for a virtual machine or virtual machine scale set. This should be disabled when SecurityEncryptionType is set to DiskWithVMGuestState. Default is disabled.", + Type: []string{"boolean"}, + Format: "", }, }, - "status": { + "settings": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.MachineSetStatus"), + Description: "settings specify the security type and the UEFI settings of the virtual machine. This field can be set for Confidential VMs and Trusted Launch for VMs.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.SecuritySettings"), }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.MachineSetSpec", "github.com/openshift/api/machine/v1beta1.MachineSetStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/machine/v1beta1.SecuritySettings"}, } } -func schema_openshift_api_machine_v1beta1_MachineSetList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_SecuritySettings(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MachineSetList contains a list of MachineSet Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "SecuritySettings define the security type and the UEFI settings of the virtual machine.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "securityType": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "securityType specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UEFISettings. The default behavior is: UEFISettings will not be enabled unless this property is set.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "confidentialVM": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", + Description: "confidentialVM specifies the security configuration of the virtual machine. For more information regarding Confidential VMs, please refer to: https://learn.microsoft.com/azure/confidential-computing/confidential-vm-overview", + Ref: ref("github.com/openshift/api/machine/v1beta1.ConfidentialVM"), }, }, - "metadata": { + "trustedLaunch": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Description: "trustedLaunch specifies the security configuration of the virtual machine. For more information regarding TrustedLaunch for VMs, please refer to: https://learn.microsoft.com/azure/virtual-machines/trusted-launch", + Ref: ref("github.com/openshift/api/machine/v1beta1.TrustedLaunch"), }, }, - "items": { - SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.MachineSet"), - }, - }, + }, + Required: []string{"securityType"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "securityType", + "fields-to-discriminateBy": map[string]interface{}{ + "confidentialVM": "ConfidentialVM", + "trustedLaunch": "TrustedLaunch", }, }, }, }, - Required: []string{"items"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.MachineSet", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/machine/v1beta1.ConfidentialVM", "github.com/openshift/api/machine/v1beta1.TrustedLaunch"}, } } -func schema_openshift_api_machine_v1beta1_MachineSetSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_SpotMarketOptions(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MachineSetSpec defines the desired state of MachineSet", + Description: "SpotMarketOptions defines the options available to a user when configuring Machines to run on Spot instances. Most users should provide an empty struct.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "replicas": { - SchemaProps: spec.SchemaProps{ - Description: "replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1.", - Type: []string{"integer"}, - Format: "int32", - }, - }, - "minReadySeconds": { - SchemaProps: spec.SchemaProps{ - Description: "minReadySeconds is the minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready)", - Type: []string{"integer"}, - Format: "int32", - }, - }, - "deletePolicy": { + "maxPrice": { SchemaProps: spec.SchemaProps{ - Description: "deletePolicy defines the policy used to identify nodes to delete when downscaling. Defaults to \"Random\". Valid values are \"Random, \"Newest\", \"Oldest\"", + Description: "The maximum price the user is willing to pay for their instances Default: On-Demand price", Type: []string{"string"}, Format: "", }, }, - "selector": { + }, + }, + }, + } +} + +func schema_openshift_api_machine_v1beta1_SpotVMOptions(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "SpotVMOptions defines the options relevant to running the Machine on Spot VMs", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "maxPrice": { SchemaProps: spec.SchemaProps{ - Description: "selector is a label query over machines that should match the replica count. Label keys and values that must match in order to be controlled by this MachineSet. It must match the machine template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors", - Default: map[string]interface{}{}, - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Description: "maxPrice defines the maximum price the user is willing to pay for Spot VM instances", + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, - "template": { + }, + }, + }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/api/resource.Quantity"}, + } +} + +func schema_openshift_api_machine_v1beta1_TagSpecification(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TagSpecification is the name/value pair for a tag", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { SchemaProps: spec.SchemaProps{ - Description: "template is the object that describes the machine that will be created if insufficient replicas are detected.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.MachineTemplateSpec"), + Description: "name of the tag", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "authoritativeAPI": { + "value": { SchemaProps: spec.SchemaProps{ - Description: "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI and ClusterAPI. When set to MachineAPI, writes to the spec of the machine.openshift.io copy of this resource will be reflected into the cluster.x-k8s.io copy. When set to ClusterAPI, writes to the spec of the cluster.x-k8s.io copy of this resource will be reflected into the machine.openshift.io copy. Updates to the status will be reflected in both copies of the resource, based on the controller implementing the functionality of the API. Currently the authoritative API determines which controller will manage the resource, this will change in a future release. To ensure the change has been accepted, please verify that the `status.authoritativeAPI` field has been updated to the desired value and that the `Synchronized` condition is present and set to `True`.", - Default: "MachineAPI", + Description: "value of the tag", + Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"selector"}, + Required: []string{"name", "value"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.MachineTemplateSpec", metav1.LabelSelector{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1beta1_MachineSetStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_TrustedLaunch(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MachineSetStatus defines the observed state of MachineSet", + Description: "TrustedLaunch defines the UEFI settings for the virtual machine.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "replicas": { - SchemaProps: spec.SchemaProps{ - Description: "replicas is the most recently observed number of replicas.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", - }, - }, - "fullyLabeledReplicas": { + "uefiSettings": { SchemaProps: spec.SchemaProps{ - Description: "The number of replicas that have labels matching the labels of the machine template of the MachineSet.", - Type: []string{"integer"}, - Format: "int32", + Description: "uefiSettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.UEFISettings"), }, }, - "readyReplicas": { + }, + Required: []string{"uefiSettings"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.UEFISettings"}, + } +} + +func schema_openshift_api_machine_v1beta1_UEFISettings(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "UEFISettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "secureBoot": { SchemaProps: spec.SchemaProps{ - Description: "The number of ready replicas for this MachineSet. A machine is considered ready when the node has been created and is \"Ready\".", - Type: []string{"integer"}, - Format: "int32", + Description: "secureBoot specifies whether secure boot should be enabled on the virtual machine. Secure Boot verifies the digital signature of all boot components and halts the boot process if signature verification fails. If omitted, the platform chooses a default, which is subject to change over time, currently that default is disabled.", + Type: []string{"string"}, + Format: "", }, }, - "availableReplicas": { + "virtualizedTrustedPlatformModule": { SchemaProps: spec.SchemaProps{ - Description: "The number of available replicas (ready for at least minReadySeconds) for this MachineSet.", - Type: []string{"integer"}, - Format: "int32", + Description: "virtualizedTrustedPlatformModule specifies whether vTPM should be enabled on the virtual machine. When enabled the virtualized trusted platform module measurements are used to create a known good boot integrity policy baseline. The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. This is required to be enabled if SecurityEncryptionType is defined. If omitted, the platform chooses a default, which is subject to change over time, currently that default is disabled.", + Type: []string{"string"}, + Format: "", }, }, - "observedGeneration": { + }, + }, + }, + } +} + +func schema_openshift_api_machine_v1beta1_UnhealthyCondition(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "UnhealthyCondition represents a Node condition type and value with a timeout specified as a duration. When the named condition has been in the given status for at least the timeout value, a node is considered unhealthy.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { SchemaProps: spec.SchemaProps{ - Description: "observedGeneration reflects the generation of the most recently observed MachineSet.", - Type: []string{"integer"}, - Format: "int64", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "errorReason": { + "status": { SchemaProps: spec.SchemaProps{ - Description: "In the event that there is a terminal problem reconciling the replicas, both ErrorReason and ErrorMessage will be set. ErrorReason will be populated with a succinct value suitable for machine interpretation, while ErrorMessage will contain a more verbose string suitable for logging and human consumption.\n\nThese fields should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the MachineTemplate's spec or the configuration of the machine controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the machine controller, or the responsible machine controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines can be added as events to the MachineSet object and/or logged in the controller's output.", - Type: []string{"string"}, - Format: "", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "errorMessage": { + "timeout": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "Expects an unsigned duration string of decimal numbers each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".", + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", - }, - "x-kubernetes-list-type": "map", - }, - }, + }, + Required: []string{"type", "status", "timeout"}, + }, + }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, + } +} + +func schema_openshift_api_machine_v1beta1_VMDiskSecurityProfile(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "VMDiskSecurityProfile specifies the security profile settings for the managed disk. It can be set only for Confidential VMs.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "diskEncryptionSet": { SchemaProps: spec.SchemaProps{ - Description: "conditions defines the current state of the MachineSet", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.Condition"), - }, - }, - }, + Description: "diskEncryptionSet specifies the customer managed disk encryption set resource id for the managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and VMGuest blob.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters"), }, }, - "authoritativeAPI": { + "securityEncryptionType": { SchemaProps: spec.SchemaProps{ - Description: "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI, ClusterAPI and Migrating. This value is updated by the migration controller to reflect the authoritative API. Machine API and Cluster API controllers use this value to determine whether or not to reconcile the resource. When set to Migrating, the migration controller is currently performing the handover of authority from one API to the other.", + Description: "securityEncryptionType specifies the encryption type of the managed disk. It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only. When set to VMGuestStateOnly, the vTPM should be enabled. When set to DiskWithVMGuestState, both SecureBoot and vTPM should be enabled. If the above conditions are not fulfilled, the VM will not be created and the respective error will be returned. It can be set only for Confidential VMs. Confidential VMs are defined by their SecurityProfile.SecurityType being set to ConfidentialVM, the SecurityEncryptionType of their OS disk being set to one of the allowed values and by enabling the respective SecurityProfile.UEFISettings of the VM (i.e. vTPM and SecureBoot), depending on the selected SecurityEncryptionType. For further details on Azure Confidential VMs, please refer to the respective documentation: https://learn.microsoft.com/azure/confidential-computing/confidential-vm-overview", Type: []string{"string"}, Format: "", }, }, - "synchronizedAPI": { + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters"}, + } +} + +func schema_openshift_api_machine_v1beta1_VSphereDisk(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "VSphereDisk describes additional disks for vSphere.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { SchemaProps: spec.SchemaProps{ - Description: "synchronizedAPI holds the last stable value of authoritativeAPI. It is used to detect migration cancellation requests and to restore the resource to its previous state. Valid values are \"MachineAPI\" and \"ClusterAPI\". When omitted, the resource has not yet been reconciled by the migration controller.", + Description: "name is used to identify the disk definition. name is required needs to be unique so that it can be used to clearly identify purpose of the disk. It must be at most 80 characters in length and must consist only of alphanumeric characters, hyphens and underscores, and must start and end with an alphanumeric character.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "synchronizedGeneration": { + "sizeGiB": { SchemaProps: spec.SchemaProps{ - Description: "synchronizedGeneration is the generation of the authoritative resource that the non-authoritative resource is synchronised with. This field is set when the authoritative resource is updated and the sync controller has updated the non-authoritative resource to match.", + Description: "sizeGiB is the size of the disk in GiB. The maximum supported size 16384 GiB.", + Default: 0, Type: []string{"integer"}, - Format: "int64", + Format: "int32", + }, + }, + "provisioningMode": { + SchemaProps: spec.SchemaProps{ + Description: "provisioningMode is an optional field that specifies the provisioning type to be used by this vSphere data disk. Allowed values are \"Thin\", \"Thick\", \"EagerlyZeroed\", and omitted. When set to Thin, the disk will be made using thin provisioning allocating the bare minimum space. When set to Thick, the full disk size will be allocated when disk is created. When set to EagerlyZeroed, the disk will be created using eager zero provisioning. An eager zeroed thick disk has all space allocated and wiped clean of any previous contents on the physical media at creation time. Such disks may take longer time during creation compared to other disk formats. When omitted, no setting will be applied to the data disk and the provisioning mode for the disk will be determined by the default storage policy configured for the datastore in vSphere.", + Type: []string{"string"}, + Format: "", }, }, }, + Required: []string{"name", "sizeGiB"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.Condition"}, } } -func schema_openshift_api_machine_v1beta1_MachineSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_VSphereMachineProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MachineSpec defines the desired state of Machine", + Description: "VSphereMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an VSphere virtual machine. It is used by the vSphere machine actuator to create a single Machine. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "metadata": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "ObjectMeta will autopopulate the Node created. Use this to indicate what labels, annotations, name prefix, etc., should be used when creating the Node.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.ObjectMeta"), + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", }, }, - "lifecycleHooks": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "lifecycleHooks allow users to pause operations on the machine at certain predefined points within the machine lifecycle.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.LifecycleHooks"), + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", }, }, - "taints": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, + }, + "userDataSecret": { SchemaProps: spec.SchemaProps{ - Description: "The list of the taints to be applied to the corresponding Node in additive manner. This list will not overwrite any other taints added to the Node on an ongoing basis by other entities. These taints should be actively reconciled e.g. if you ask the machine controller to apply a taint and then manually remove the taint the machine controller will put it back) but not have the machine controller remove any taints", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref(corev1.Taint{}.OpenAPIModelName()), - }, - }, - }, + Description: "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, - "providerSpec": { + "credentialsSecret": { SchemaProps: spec.SchemaProps{ - Description: "providerSpec details Provider-specific configuration to use during node creation.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.ProviderSpec"), + Description: "credentialsSecret is a reference to the secret with vSphere credentials.", + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, - "providerID": { + "template": { SchemaProps: spec.SchemaProps{ - Description: "providerID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider.", + Description: "template is the name, inventory path, or instance UUID of the template used to clone new machines.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "authoritativeAPI": { + "workspace": { SchemaProps: spec.SchemaProps{ - Description: "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI and ClusterAPI. When set to MachineAPI, writes to the spec of the machine.openshift.io copy of this resource will be reflected into the cluster.x-k8s.io copy. When set to ClusterAPI, writes to the spec of the cluster.x-k8s.io copy of this resource will be reflected into the machine.openshift.io copy. Updates to the status will be reflected in both copies of the resource, based on the controller implementing the functionality of the API. Currently the authoritative API determines which controller will manage the resource, this will change in a future release. To ensure the change has been accepted, please verify that the `status.authoritativeAPI` field has been updated to the desired value and that the `Synchronized` condition is present and set to `True`.", - Default: "MachineAPI", - Type: []string{"string"}, - Format: "", + Description: "workspace describes the workspace to use for the machine.", + Ref: ref("github.com/openshift/api/machine/v1beta1.Workspace"), }, }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.LifecycleHooks", "github.com/openshift/api/machine/v1beta1.ObjectMeta", "github.com/openshift/api/machine/v1beta1.ProviderSpec", corev1.Taint{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_machine_v1beta1_MachineStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "MachineStatus defines the observed state of Machine", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "nodeRef": { + "network": { SchemaProps: spec.SchemaProps{ - Description: "nodeRef will point to the corresponding Node if it exists.", - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Description: "network is the network configuration for this machine's VM.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.NetworkSpec"), }, }, - "lastUpdated": { + "numCPUs": { SchemaProps: spec.SchemaProps{ - Description: "lastUpdated identifies when this status was last observed.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Description: "numCPUs is the number of virtual processors in a virtual machine. Defaults to the analogue property value in the template from which this machine is cloned.", + Type: []string{"integer"}, + Format: "int32", }, }, - "errorReason": { + "numCoresPerSocket": { SchemaProps: spec.SchemaProps{ - Description: "errorReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation.\n\nThis field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", - Type: []string{"string"}, - Format: "", + Description: "NumCPUs is the number of cores among which to distribute CPUs in this virtual machine. Defaults to the analogue property value in the template from which this machine is cloned.", + Type: []string{"integer"}, + Format: "int32", }, }, - "errorMessage": { + "memoryMiB": { SchemaProps: spec.SchemaProps{ - Description: "errorMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption.\n\nThis field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", - Type: []string{"string"}, - Format: "", + Description: "memoryMiB is the size of a virtual machine's memory, in MiB. Defaults to the analogue property value in the template from which this machine is cloned.", + Type: []string{"integer"}, + Format: "int64", }, }, - "providerStatus": { + "diskGiB": { SchemaProps: spec.SchemaProps{ - Description: "providerStatus details a Provider-specific status. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Description: "diskGiB is the size of a virtual machine's disk, in GiB. Defaults to the analogue property value in the template from which this machine is cloned. This parameter will be ignored if 'LinkedClone' CloneMode is set.", + Type: []string{"integer"}, + Format: "int32", }, }, - "addresses": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, + "tagIDs": { SchemaProps: spec.SchemaProps{ - Description: "addresses is a list of addresses assigned to the machine. Queried from cloud provider, if available.", + Description: "tagIDs is an optional set of tags to add to an instance. Specified tagIDs must use URN-notation instead of display names. A maximum of 10 tag IDs may be specified.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref(corev1.NodeAddress{}.OpenAPIModelName()), + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, }, }, - "lastOperation": { + "snapshot": { SchemaProps: spec.SchemaProps{ - Description: "lastOperation describes the last-operation performed by the machine-controller. This API should be useful as a history in terms of the latest operation performed on the specific machine. It should also convey the state of the latest-operation for example if it is still on-going, failed or completed successfully.", - Ref: ref("github.com/openshift/api/machine/v1beta1.LastOperation"), + Description: "snapshot is the name of the snapshot from which the VM was cloned", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "phase": { + "cloneMode": { SchemaProps: spec.SchemaProps{ - Description: "phase represents the current phase of machine actuation. One of: Failed, Provisioning, Provisioned, Running, Deleting", + Description: "cloneMode specifies the type of clone operation. The LinkedClone mode is only support for templates that have at least one snapshot. If the template has no snapshots, then CloneMode defaults to FullClone. When LinkedClone mode is enabled the DiskGiB field is ignored as it is not possible to expand disks of linked clones. Defaults to FullClone. When using LinkedClone, if no snapshots exist for the source template, falls back to FullClone.", Type: []string{"string"}, Format: "", }, }, - "conditions": { + "dataDisks": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ "x-kubernetes-list-map-keys": []interface{}{ - "type", + "name", }, "x-kubernetes-list-type": "map", }, }, SchemaProps: spec.SchemaProps{ - Description: "conditions defines the current state of the Machine", + Description: "dataDisks is a list of non OS disks to be created and attached to the VM. The max number of disk allowed to be attached is currently 29. The max number of disks for any controller is 30, but VM template will always have OS disk so that will leave 29 disks on any controller type.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.Condition"), + Ref: ref("github.com/openshift/api/machine/v1beta1.VSphereDisk"), }, }, }, }, }, - "authoritativeAPI": { - SchemaProps: spec.SchemaProps{ - Description: "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI, ClusterAPI and Migrating. This value is updated by the migration controller to reflect the authoritative API. Machine API and Cluster API controllers use this value to determine whether or not to reconcile the resource. When set to Migrating, the migration controller is currently performing the handover of authority from one API to the other.", - Type: []string{"string"}, - Format: "", - }, - }, - "synchronizedAPI": { - SchemaProps: spec.SchemaProps{ - Description: "synchronizedAPI holds the last stable value of authoritativeAPI. It is used to detect migration cancellation requests and to restore the resource to its previous state. Valid values are \"MachineAPI\" and \"ClusterAPI\". When omitted, the resource has not yet been reconciled by the migration controller.", - Type: []string{"string"}, - Format: "", - }, - }, - "synchronizedGeneration": { - SchemaProps: spec.SchemaProps{ - Description: "synchronizedGeneration is the generation of the authoritative resource that the non-authoritative resource is synchronised with. This field is set when the authoritative resource is updated and the sync controller has updated the non-authoritative resource to match.", - Type: []string{"integer"}, - Format: "int64", - }, - }, }, + Required: []string{"template", "network"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.Condition", "github.com/openshift/api/machine/v1beta1.LastOperation", corev1.NodeAddress{}.OpenAPIModelName(), corev1.ObjectReference{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName(), runtime.RawExtension{}.OpenAPIModelName()}, + "github.com/openshift/api/machine/v1beta1.NetworkSpec", "github.com/openshift/api/machine/v1beta1.VSphereDisk", "github.com/openshift/api/machine/v1beta1.Workspace", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_machine_v1beta1_MachineTemplateSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_VSphereMachineProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MachineTemplateSpec describes the data needed to create a Machine from a template", + Description: "VSphereMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains VSphere-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.ObjectMeta"), - }, - }, - "spec": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "Specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.MachineSpec"), + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", }, }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.MachineSpec", "github.com/openshift/api/machine/v1beta1.ObjectMeta"}, - } -} - -func schema_openshift_api_machine_v1beta1_MetadataServiceOptions(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "MetadataServiceOptions defines the options available to a user when configuring Instance Metadata Service (IMDS) Options.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "authentication": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "authentication determines whether or not the host requires the use of authentication when interacting with the metadata service. When using authentication, this enforces v2 interaction method (IMDSv2) with the metadata service. When omitted, this means the user has no opinion and the value is left to the platform to choose a good default, which is subject to change over time. The current default is optional. At this point this field represents `HttpTokens` parameter from `InstanceMetadataOptionsRequest` structure in AWS EC2 API https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_InstanceMetadataOptionsRequest.html", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - }, - }, - }, - } -} - -func schema_openshift_api_machine_v1beta1_NetworkDeviceSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "NetworkDeviceSpec defines the network configuration for a virtual machine's network device.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "networkName": { + "instanceId": { SchemaProps: spec.SchemaProps{ - Description: "networkName is the name of the vSphere network or port group to which the network device will be connected, for example, port-group-1. When not provided, the vCenter API will attempt to select a default network. The available networks (port groups) can be listed using `govc ls 'network/*'`", + Description: "instanceId is the ID of the instance in VSphere", Type: []string{"string"}, Format: "", }, }, - "gateway": { + "instanceState": { SchemaProps: spec.SchemaProps{ - Description: "gateway is an IPv4 or IPv6 address which represents the subnet gateway, for example, 192.168.1.1.", + Description: "instanceState is the provisioning state of the VSphere Instance.", Type: []string{"string"}, Format: "", }, }, - "ipAddrs": { - SchemaProps: spec.SchemaProps{ - Description: "ipAddrs is a list of one or more IPv4 and/or IPv6 addresses and CIDR to assign to this device, for example, 192.168.1.100/24. IP addresses provided via ipAddrs are intended to allow explicit assignment of a machine's IP address. IP pool configurations provided via addressesFromPool, however, defer IP address assignment to an external controller. If both addressesFromPool and ipAddrs are empty or not defined, DHCP will be used to assign an IP address. If both ipAddrs and addressesFromPools are defined, the IP addresses associated with ipAddrs will be applied first followed by IP addresses from addressesFromPools.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", }, + "x-kubernetes-list-type": "map", }, }, - }, - "nameservers": { SchemaProps: spec.SchemaProps{ - Description: "nameservers is a list of IPv4 and/or IPv6 addresses used as DNS nameservers, for example, 8.8.8.8. a nameserver is not provided by a fulfilled IPAddressClaim. If DHCP is not the source of IP addresses for this network device, nameservers should include a valid nameserver.", + Description: "conditions is a set of conditions associated with the Machine to indicate errors or other status", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, }, }, - "addressesFromPools": { + "taskRef": { SchemaProps: spec.SchemaProps{ - Description: "addressesFromPools is a list of references to IP pool types and instances which are handled by an external controller. addressesFromPool configurations provided via addressesFromPools defer IP address assignment to an external controller. IP addresses provided via ipAddrs, however, are intended to allow explicit assignment of a machine's IP address. If both addressesFromPool and ipAddrs are empty or not defined, DHCP will assign an IP address. If both ipAddrs and addressesFromPools are defined, the IP addresses associated with ipAddrs will be applied first followed by IP addresses from addressesFromPools.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.AddressesFromPool"), - }, - }, - }, + Description: "taskRef is a managed object reference to a Task related to the machine. This value is set automatically at runtime and should not be set or modified by users.", + Type: []string{"string"}, + Format: "", }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.AddressesFromPool"}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } -func schema_openshift_api_machine_v1beta1_NetworkSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_Workspace(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "NetworkSpec defines the virtual machine's network configuration.", + Description: "WorkspaceConfig defines a workspace configuration for the vSphere cloud provider.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "devices": { + "server": { SchemaProps: spec.SchemaProps{ - Description: "devices defines the virtual machine's network interfaces.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.NetworkDeviceSpec"), - }, - }, - }, + Description: "server is the IP address or FQDN of the vSphere endpoint.", + Type: []string{"string"}, + Format: "", }, }, - }, - Required: []string{"devices"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.NetworkDeviceSpec"}, - } -} - -func schema_openshift_api_machine_v1beta1_OSDisk(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "osType": { + "datacenter": { SchemaProps: spec.SchemaProps{ - Description: "osType is the operating system type of the OS disk. Possible values include \"Linux\" and \"Windows\".", - Default: "", + Description: "datacenter is the datacenter in which VMs are created/located.", Type: []string{"string"}, Format: "", }, }, - "managedDisk": { + "folder": { SchemaProps: spec.SchemaProps{ - Description: "managedDisk specifies the Managed Disk parameters for the OS disk.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.OSDiskManagedDiskParameters"), + Description: "folder is the folder in which VMs are created/located.", + Type: []string{"string"}, + Format: "", }, }, - "diskSizeGB": { + "datastore": { SchemaProps: spec.SchemaProps{ - Description: "diskSizeGB is the size in GB to assign to the data disk.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "datastore is the datastore in which VMs are created/located.", + Type: []string{"string"}, + Format: "", }, }, - "diskSettings": { + "resourcePool": { SchemaProps: spec.SchemaProps{ - Description: "diskSettings describe ephemeral disk settings for the os disk.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.DiskSettings"), + Description: "resourcePool is the resource pool in which VMs are created/located.", + Type: []string{"string"}, + Format: "", }, }, - "cachingType": { + "vmGroup": { SchemaProps: spec.SchemaProps{ - Description: "cachingType specifies the caching requirements. Possible values include: 'None', 'ReadOnly', 'ReadWrite'. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is `None`.", + Description: "vmGroup is the cluster vm group in which virtual machines will be added for vm host group based zonal.", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"osType", "managedDisk", "diskSizeGB"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.DiskSettings", "github.com/openshift/api/machine/v1beta1.OSDiskManagedDiskParameters"}, } } -func schema_openshift_api_machine_v1beta1_OSDiskManagedDiskParameters(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImage(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "OSDiskManagedDiskParameters is the parameters of a OSDisk managed disk.", + Description: "InternalReleaseImage is used to keep track and manage a set of release bundles (OCP and OLM operators images) that are stored into the control planes nodes.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "storageAccountType": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "storageAccountType is the storage account type to use. Possible values include \"Standard_LRS\", \"Premium_LRS\".", - Default: "", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "diskEncryptionSet": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "diskEncryptionSet is the disk encryption set properties", - Ref: ref("github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters"), + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", }, }, - "securityProfile": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "securityProfile specifies the security profile for the managed disk.", + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.VMDiskSecurityProfile"), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Description: "spec describes the configuration of this internal release image.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "status describes the last observed state of this internal release image.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageStatus"), }, }, }, - Required: []string{"storageAccountType"}, + Required: []string{"metadata", "spec"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters", "github.com/openshift/api/machine/v1beta1.VMDiskSecurityProfile"}, + "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageSpec", "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_machine_v1beta1_ObjectMeta(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageBundleStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. This is a copy of customizable fields from metav1.ObjectMeta.\n\nObjectMeta is embedded in `Machine.Spec`, `MachineDeployment.Template` and `MachineSet.Template`, which are not top-level Kubernetes objects. Given that metav1.ObjectMeta has lots of special cases and read-only fields which end up in the generated CRD validation, having it as a subset simplifies the API and some issues that can impact user experience.\n\nDuring the [upgrade to controller-tools@v2](https://github.com/kubernetes-sigs/cluster-api/pull/1054) for v1alpha2, we noticed a failure would occur running Cluster API test suite against the new CRDs, specifically `spec.metadata.creationTimestamp in body must be of type string: \"null\"`. The investigation showed that `controller-tools@v2` behaves differently than its previous version when handling types from [metav1](k8s.io/apimachinery/pkg/apis/meta/v1) package.\n\nIn more details, we found that embedded (non-top level) types that embedded `metav1.ObjectMeta` had validation properties, including for `creationTimestamp` (metav1.Time). The `metav1.Time` type specifies a custom json marshaller that, when IsZero() is true, returns `null` which breaks validation because the field isn't marked as nullable.\n\nIn future versions, controller-tools@v2 might allow overriding the type and validation for embedded types. When that happens, this hack should be revisited.", - Type: []string{"object"}, + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { - SchemaProps: spec.SchemaProps{ - Description: "name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", - Type: []string{"string"}, - Format: "", - }, - }, - "generateName": { - SchemaProps: spec.SchemaProps{ - Description: "generateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", - Type: []string{"string"}, - Format: "", - }, - }, - "namespace": { - SchemaProps: spec.SchemaProps{ - Description: "namespace defines the space within each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", - Type: []string{"string"}, - Format: "", - }, - }, - "labels": { - SchemaProps: spec.SchemaProps{ - Description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "annotations": { - SchemaProps: spec.SchemaProps{ - Description: "annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "ownerReferences": { + "conditions": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ "x-kubernetes-list-map-keys": []interface{}{ - "uid", + "type", }, - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "uid", - "x-kubernetes-patch-strategy": "merge", + "x-kubernetes-list-type": "map", }, }, SchemaProps: spec.SchemaProps{ - Description: "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", + Description: "conditions represent the observations of an internal release image current state. Valid types are: Mounted, Installing, Available, Removing and Degraded.\n\nIf Mounted is true, that means that a valid ISO has been discovered and mounted on one of the cluster nodes. If Installing is true, that means that a new release bundle is currently being copied on one (or more) cluster nodes, and not yet completed. If Available is true, it means that the release has been previously installed on all the cluster nodes, and it can be used. If Removing is true, it means that a release deletion is in progress on one (or more) cluster nodes, and not yet completed. If Degraded is true, that means something has gone wrong (possibly on one or more cluster nodes).\n\nIn general, after installing a new release bundle, it is required to wait for the Conditions \"Available\" to become \"True\" (and all the other conditions to be equal to \"False\") before being able to pull its content.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.OwnerReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, }, }, + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. The expected name format is ocp-release-bundle--.", + Type: []string{"string"}, + Format: "", + }, + }, + "image": { + SchemaProps: spec.SchemaProps{ + Description: "image is an OCP release image referenced by digest. The format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters. The field is optional, and it will be provided after a release will be successfully installed.", + Type: []string{"string"}, + Format: "", + }, + }, }, + Required: []string{"name"}, }, }, Dependencies: []string{ - metav1.OwnerReference{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } -func schema_openshift_api_machine_v1beta1_Placement(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "Placement indicates where to create the instance in AWS", + Description: "InternalReleaseImageList is a list of InternalReleaseImage resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "region": { - SchemaProps: spec.SchemaProps{ - Description: "region is the region to use to create the instance", - Type: []string{"string"}, - Format: "", - }, - }, - "availabilityZone": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "availabilityZone is the availability zone of the instance", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "tenancy": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "tenancy indicates if instance should run on shared or single-tenant hardware. There are supported 3 options: default, dedicated and host. When set to default Runs on shared multi-tenant hardware. When dedicated Runs on single-tenant hardware (any dedicated instance hardware). When host and the host object is not provided: Runs on Dedicated Host; best-effort restart on same host. When `host` and `host` object is provided with affinity `dedicatedHost` defined: Runs on specified Dedicated Host.", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - "host": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "host configures placement on AWS Dedicated Hosts. This allows admins to assign instances to specific host for a variety of needs including for regulatory compliance, to leverage existing per-socket or per-core software licenses (BYOL), and to gain visibility and control over instance placement on a physical server. When omitted, the instance is not constrained to a dedicated host.", - Ref: ref("github.com/openshift/api/machine/v1beta1.HostPlacement"), + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.HostPlacement"}, - } -} - -func schema_openshift_api_machine_v1beta1_ProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ProviderSpec defines the configuration to use during node creation.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "value": { + "items": { SchemaProps: spec.SchemaProps{ - Description: "value is an inlined, serialized representation of the resource configuration. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field, akin to component config.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImage"), + }, + }, + }, }, }, }, + Required: []string{"metadata", "items"}, }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImage", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_machine_v1beta1_ResourceManagerTag(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageRef(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ResourceManagerTag is a tag to apply to GCP resources created for the cluster.", + Description: "InternalReleaseImageRef is used to provide a simple reference for a release bundle. Currently it contains only the name field.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "parentID": { - SchemaProps: spec.SchemaProps{ - Description: "parentID is the ID of the hierarchical resource where the tags are defined e.g. at the Organization or the Project level. To find the Organization or Project ID ref https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects An OrganizationID can have a maximum of 32 characters and must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "key": { - SchemaProps: spec.SchemaProps{ - Description: "key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "value": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces.", - Default: "", + Description: "name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. The expected name format is ocp-release-bundle--.", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"parentID", "key", "value"}, + Required: []string{"name"}, }, }, } } -func schema_openshift_api_machine_v1beta1_SecurityProfile(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "SecurityProfile specifies the Security profile settings for a virtual machine or virtual machine scale set.", + Description: "InternalReleaseImageSpec defines the desired state of a InternalReleaseImage.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "encryptionAtHost": { - SchemaProps: spec.SchemaProps{ - Description: "encryptionAtHost indicates whether Host Encryption should be enabled or disabled for a virtual machine or virtual machine scale set. This should be disabled when SecurityEncryptionType is set to DiskWithVMGuestState. Default is disabled.", - Type: []string{"boolean"}, - Format: "", + "releases": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, }, - }, - "settings": { SchemaProps: spec.SchemaProps{ - Description: "settings specify the security type and the UEFI settings of the virtual machine. This field can be set for Confidential VMs and Trusted Launch for VMs.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.SecuritySettings"), + Description: "releases is a list of release bundle identifiers that the user wants to add/remove to/from the control plane nodes. Entries must be unique, keyed on the name field. releases must contain at least one entry and must not exceed 16 entries.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageRef"), + }, + }, + }, }, }, }, + Required: []string{"releases"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.SecuritySettings"}, + "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageRef"}, } } -func schema_openshift_api_machine_v1beta1_SecuritySettings(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "SecuritySettings define the security type and the UEFI settings of the virtual machine.", + Description: "InternalReleaseImageStatus describes the current state of a InternalReleaseImage.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "securityType": { - SchemaProps: spec.SchemaProps{ - Description: "securityType specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UEFISettings. The default behavior is: UEFISettings will not be enabled unless this property is set.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "confidentialVM": { - SchemaProps: spec.SchemaProps{ - Description: "confidentialVM specifies the security configuration of the virtual machine. For more information regarding Confidential VMs, please refer to: https://learn.microsoft.com/azure/confidential-computing/confidential-vm-overview", - Ref: ref("github.com/openshift/api/machine/v1beta1.ConfidentialVM"), + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + }, }, - }, - "trustedLaunch": { SchemaProps: spec.SchemaProps{ - Description: "trustedLaunch specifies the security configuration of the virtual machine. For more information regarding TrustedLaunch for VMs, please refer to: https://learn.microsoft.com/azure/virtual-machines/trusted-launch", - Ref: ref("github.com/openshift/api/machine/v1beta1.TrustedLaunch"), + Description: "conditions represent the observations of the InternalReleaseImage controller current state. Valid types are: Degraded. If Degraded is true, that means something has gone wrong in the controller.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + }, + }, + }, }, }, - }, - Required: []string{"securityType"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "securityType", - "fields-to-discriminateBy": map[string]interface{}{ - "confidentialVM": "ConfidentialVM", - "trustedLaunch": "TrustedLaunch", + "releases": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "releases is a list of the release bundles currently owned and managed by the cluster. A release bundle content could be safely pulled only when its Conditions field contains at least an Available entry set to \"True\" and Degraded to \"False\". Entries must be unique, keyed on the name field. releases must contain at least one entry and must not exceed 32 entries.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageBundleStatus"), + }, + }, }, }, }, }, + Required: []string{"releases"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.ConfidentialVM", "github.com/openshift/api/machine/v1beta1.TrustedLaunch"}, + "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageBundleStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } -func schema_openshift_api_machine_v1beta1_SpotMarketOptions(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machineconfiguration_v1alpha1_MCOObjectReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "SpotMarketOptions defines the options available to a user when configuring Machines to run on Spot instances. Most users should provide an empty struct.", + Description: "MCOObjectReference holds information about an object the MCO either owns or modifies in some way", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "maxPrice": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "The maximum price the user is willing to pay for their instances Default: On-Demand price", + Description: "name is the name of the object being referenced. For example, this can represent a machine config pool or node name. Must be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting of only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end with an alphanumeric character, and be at most 253 characters in length.", + Default: "", Type: []string{"string"}, Format: "", }, }, }, + Required: []string{"name"}, }, }, } } -func schema_openshift_api_machine_v1beta1_SpotVMOptions(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNode(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "SpotVMOptions defines the options relevant to running the Machine on Spot VMs", + Description: "MachineConfigNode describes the health of the Machines on the system Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "maxPrice": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "maxPrice defines the maximum price the user is willing to pay for Spot VM instances", - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard object metadata.", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Description: "spec describes the configuration of the machine config node.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "status describes the last observed state of this machine config node.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeStatus"), }, }, }, + Required: []string{"spec"}, }, }, Dependencies: []string{ - resource.Quantity{}.OpenAPIModelName()}, + "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeSpec", "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_machine_v1beta1_TagSpecification(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "TagSpecification is the name/value pair for a tag", + Description: "MachineConfigNodeList describes all of the MachinesStates on the system\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "name of the tag. This field is required and must be a non-empty string. Must be between 1 and 128 characters in length.", - Default: "", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "value": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "value of the tag. When omitted, this creates a tag with an empty string as the value.", - Default: "", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard list metadata.", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Description: "items contains a collection of MachineConfigNode resources.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNode"), + }, + }, + }, + }, + }, }, - Required: []string{"name"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNode", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_machine_v1beta1_TrustedLaunch(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "TrustedLaunch defines the UEFI settings for the virtual machine.", + Description: "MachineConfigNodeSpec describes the MachineConfigNode we are managing.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "uefiSettings": { + "node": { SchemaProps: spec.SchemaProps{ - Description: "uefiSettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.", + Description: "node contains a reference to the node for this machine config node.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.UEFISettings"), + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.MCOObjectReference"), + }, + }, + "pool": { + SchemaProps: spec.SchemaProps{ + Description: "pool contains a reference to the machine config pool that this machine config node's referenced node belongs to.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.MCOObjectReference"), + }, + }, + "configVersion": { + SchemaProps: spec.SchemaProps{ + Description: "configVersion holds the desired config version for the node targeted by this machine config node resource. The desired version represents the machine config the node will attempt to update to and gets set before the machine config operator validates the new machine config against the current machine config.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeSpecMachineConfigVersion"), }, }, }, - Required: []string{"uefiSettings"}, + Required: []string{"node", "pool", "configVersion"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.UEFISettings"}, + "github.com/openshift/api/machineconfiguration/v1alpha1.MCOObjectReference", "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeSpecMachineConfigVersion"}, } } -func schema_openshift_api_machine_v1beta1_UEFISettings(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeSpecMachineConfigVersion(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "UEFISettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.", + Description: "MachineConfigNodeSpecMachineConfigVersion holds the desired config version for the current observed machine config node. When Current is not equal to Desired, the MachineConfigOperator is in an upgrade phase and the machine config node will take account of upgrade related events. Otherwise, they will be ignored given that certain operations happen both during the MCO's upgrade mode and the daily operations mode.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "secureBoot": { - SchemaProps: spec.SchemaProps{ - Description: "secureBoot specifies whether secure boot should be enabled on the virtual machine. Secure Boot verifies the digital signature of all boot components and halts the boot process if signature verification fails. If omitted, the platform chooses a default, which is subject to change over time, currently that default is disabled.", - Type: []string{"string"}, - Format: "", - }, - }, - "virtualizedTrustedPlatformModule": { + "desired": { SchemaProps: spec.SchemaProps{ - Description: "virtualizedTrustedPlatformModule specifies whether vTPM should be enabled on the virtual machine. When enabled the virtualized trusted platform module measurements are used to create a known good boot integrity policy baseline. The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. This is required to be enabled if SecurityEncryptionType is defined. If omitted, the platform chooses a default, which is subject to change over time, currently that default is disabled.", + Description: "desired is the name of the machine config that the the node should be upgraded to. This value is set when the machine config pool generates a new version of its rendered configuration. When this value is changed, the machine config daemon starts the node upgrade process. This value gets set in the machine config node spec once the machine config has been targeted for upgrade and before it is validated. Must be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting of only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end with an alphanumeric character, and be at most 253 characters in length.", + Default: "", Type: []string{"string"}, Format: "", }, }, }, + Required: []string{"desired"}, }, }, } } -func schema_openshift_api_machine_v1beta1_UnhealthyCondition(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "UnhealthyCondition represents a Node condition type and value with a timeout specified as a duration. When the named condition has been in the given status for at least the timeout value, a node is considered unhealthy.", + Description: "MachineConfigNodeStatus holds the reported information on a particular machine config node.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "type": { + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + }, + }, SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Description: "conditions represent the observations of a machine config node's current state.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + }, + }, + }, }, }, - "status": { + "observedGeneration": { SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Description: "observedGeneration represents the generation of the MachineConfigNode object observed by the Machine Config Operator's controller. This field is updated when the controller observes a change to the desiredConfig in the configVersion of the machine config node spec.", + Type: []string{"integer"}, + Format: "int64", }, }, - "timeout": { + "configVersion": { SchemaProps: spec.SchemaProps{ - Description: "Expects an unsigned duration string of decimal numbers each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".", - Ref: ref(metav1.Duration{}.OpenAPIModelName()), + Description: "configVersion describes the current and desired machine config version for this node.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeStatusMachineConfigVersion"), + }, + }, + "pinnedImageSets": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "pinnedImageSets describes the current and desired pinned image sets for this node.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeStatusPinnedImageSet"), + }, + }, + }, }, }, }, - Required: []string{"type", "status", "timeout"}, + Required: []string{"configVersion"}, }, }, Dependencies: []string{ - metav1.Duration{}.OpenAPIModelName()}, + "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeStatusMachineConfigVersion", "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeStatusPinnedImageSet", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } -func schema_openshift_api_machine_v1beta1_VMDiskSecurityProfile(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeStatusMachineConfigVersion(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "VMDiskSecurityProfile specifies the security profile settings for the managed disk. It can be set only for Confidential VMs.", + Description: "MachineConfigNodeStatusMachineConfigVersion holds the current and desired config versions as last updated in the MCN status. When the current and desired versions do not match, the machine config pool is processing an upgrade and the machine config node will monitor the upgrade process. When the current and desired versions do match, the machine config node will ignore these events given that certain operations happen both during the MCO's upgrade mode and the daily operations mode.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "diskEncryptionSet": { + "current": { SchemaProps: spec.SchemaProps{ - Description: "diskEncryptionSet specifies the customer managed disk encryption set resource id for the managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and VMGuest blob.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters"), + Description: "current is the name of the machine config currently in use on the node. This value is updated once the machine config daemon has completed the update of the configuration for the node. This value should match the desired version unless an upgrade is in progress. Must be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting of only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end with an alphanumeric character, and be at most 253 characters in length.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "securityEncryptionType": { + "desired": { SchemaProps: spec.SchemaProps{ - Description: "securityEncryptionType specifies the encryption type of the managed disk. It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only. When set to VMGuestStateOnly, the vTPM should be enabled. When set to DiskWithVMGuestState, both SecureBoot and vTPM should be enabled. If the above conditions are not fulfilled, the VM will not be created and the respective error will be returned. It can be set only for Confidential VMs. Confidential VMs are defined by their SecurityProfile.SecurityType being set to ConfidentialVM, the SecurityEncryptionType of their OS disk being set to one of the allowed values and by enabling the respective SecurityProfile.UEFISettings of the VM (i.e. vTPM and SecureBoot), depending on the selected SecurityEncryptionType. For further details on Azure Confidential VMs, please refer to the respective documentation: https://learn.microsoft.com/azure/confidential-computing/confidential-vm-overview", + Description: "desired is the MachineConfig the node wants to upgrade to. This value gets set in the machine config node status once the machine config has been validated against the current machine config. Must be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting of only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end with an alphanumeric character, and be at most 253 characters in length.", + Default: "", Type: []string{"string"}, Format: "", }, }, }, + Required: []string{"desired"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters"}, } } -func schema_openshift_api_machine_v1beta1_VSphereDisk(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeStatusPinnedImageSet(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "VSphereDisk describes additional disks for vSphere.", + Description: "MachineConfigNodeStatusPinnedImageSet holds information about the current, desired, and failed pinned image sets for the observed machine config node.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "name": { SchemaProps: spec.SchemaProps{ - Description: "name is used to identify the disk definition. name is required needs to be unique so that it can be used to clearly identify purpose of the disk. It must be at most 80 characters in length and must consist only of alphanumeric characters, hyphens and underscores, and must start and end with an alphanumeric character.", + Description: "name is the name of the pinned image set. Must be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting of only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end with an alphanumeric character, and be at most 253 characters in length.", Default: "", Type: []string{"string"}, Format: "", }, }, - "sizeGiB": { + "currentGeneration": { SchemaProps: spec.SchemaProps{ - Description: "sizeGiB is the size of the disk in GiB. The maximum supported size 16384 GiB.", - Default: 0, + Description: "currentGeneration is the generation of the pinned image set that has most recently been successfully pulled and pinned on this node.", Type: []string{"integer"}, Format: "int32", }, }, - "provisioningMode": { + "desiredGeneration": { SchemaProps: spec.SchemaProps{ - Description: "provisioningMode is an optional field that specifies the provisioning type to be used by this vSphere data disk. Allowed values are \"Thin\", \"Thick\", \"EagerlyZeroed\", and omitted. When set to Thin, the disk will be made using thin provisioning allocating the bare minimum space. When set to Thick, the full disk size will be allocated when disk is created. When set to EagerlyZeroed, the disk will be created using eager zero provisioning. An eager zeroed thick disk has all space allocated and wiped clean of any previous contents on the physical media at creation time. Such disks may take longer time during creation compared to other disk formats. When omitted, no setting will be applied to the data disk and the provisioning mode for the disk will be determined by the default storage policy configured for the datastore in vSphere.", + Description: "desiredGeneration is the generation of the pinned image set that is targeted to be pulled and pinned on this node.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "lastFailedGeneration": { + SchemaProps: spec.SchemaProps{ + Description: "lastFailedGeneration is the generation of the most recent pinned image set that failed to be pulled and pinned on this node.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "lastFailedGenerationError": { + SchemaProps: spec.SchemaProps{ + Description: "lastFailedGenerationError is the error explaining why the desired images failed to be pulled and pinned. The error is an empty string if the image pull and pin is successful.", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"name", "sizeGiB"}, + Required: []string{"name"}, }, }, } } -func schema_openshift_api_machine_v1beta1_VSphereMachineProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machineconfiguration_v1alpha1_OSImageStream(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "VSphereMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an VSphere virtual machine. It is used by the vSphere machine actuator to create a single Machine. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "OSImageStream describes a set of streams and associated images available for the MachineConfigPools to be used as base OS images.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -45923,264 +45409,198 @@ func schema_openshift_api_machine_v1beta1_VSphereMachineProviderSpec(ref common. }, "metadata": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, - "userDataSecret": { + "spec": { SchemaProps: spec.SchemaProps{ - Description: "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Description: "spec contains the desired OSImageStream config configuration.", + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamSpec"), }, }, - "credentialsSecret": { + "status": { SchemaProps: spec.SchemaProps{ - Description: "credentialsSecret is a reference to the secret with vSphere credentials.", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Description: "status describes the last observed state of this OSImageStream. Populated by the MachineConfigOperator after reading release metadata. When not present, the controller has not yet reconciled this resource.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamStatus"), }, }, - "template": { + }, + Required: []string{"spec"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamSpec", "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "OSImageStreamList is a list of OSImageStream resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { SchemaProps: spec.SchemaProps{ - Description: "template is the name, inventory path, or instance UUID of the template used to clone new machines.", - Default: "", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "workspace": { - SchemaProps: spec.SchemaProps{ - Description: "workspace describes the workspace to use for the machine.", - Ref: ref("github.com/openshift/api/machine/v1beta1.Workspace"), - }, - }, - "network": { - SchemaProps: spec.SchemaProps{ - Description: "network is the network configuration for this machine's VM.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.NetworkSpec"), - }, - }, - "numCPUs": { - SchemaProps: spec.SchemaProps{ - Description: "numCPUs is the number of virtual processors in a virtual machine. Defaults to the analogue property value in the template from which this machine is cloned.", - Type: []string{"integer"}, - Format: "int32", - }, - }, - "numCoresPerSocket": { - SchemaProps: spec.SchemaProps{ - Description: "NumCPUs is the number of cores among which to distribute CPUs in this virtual machine. Defaults to the analogue property value in the template from which this machine is cloned.", - Type: []string{"integer"}, - Format: "int32", - }, - }, - "memoryMiB": { - SchemaProps: spec.SchemaProps{ - Description: "memoryMiB is the size of a virtual machine's memory, in MiB. Defaults to the analogue property value in the template from which this machine is cloned.", - Type: []string{"integer"}, - Format: "int64", - }, - }, - "diskGiB": { - SchemaProps: spec.SchemaProps{ - Description: "diskGiB is the size of a virtual machine's disk, in GiB. Defaults to the analogue property value in the template from which this machine is cloned. This parameter will be ignored if 'LinkedClone' CloneMode is set.", - Type: []string{"integer"}, - Format: "int32", - }, - }, - "tagIDs": { - SchemaProps: spec.SchemaProps{ - Description: "tagIDs is an optional set of tags to add to an instance. Specified tagIDs must use URN-notation instead of display names. A maximum of 10 tag IDs may be specified.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "snapshot": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "snapshot is the name of the snapshot from which the VM was cloned", - Default: "", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - "cloneMode": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "cloneMode specifies the type of clone operation. The LinkedClone mode is only support for templates that have at least one snapshot. If the template has no snapshots, then CloneMode defaults to FullClone. When LinkedClone mode is enabled the DiskGiB field is ignored as it is not possible to expand disks of linked clones. Defaults to FullClone. When using LinkedClone, if no snapshots exist for the source template, falls back to FullClone.", - Type: []string{"string"}, - Format: "", + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, - "dataDisks": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, - }, + "items": { SchemaProps: spec.SchemaProps{ - Description: "dataDisks is a list of non OS disks to be created and attached to the VM. The max number of disk allowed to be attached is currently 29. The max number of disks for any controller is 30, but VM template will always have OS disk so that will leave 29 disks on any controller type.", - Type: []string{"array"}, + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.VSphereDisk"), + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStream"), }, }, }, }, }, }, - Required: []string{"template", "network"}, + Required: []string{"metadata", "items"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.NetworkSpec", "github.com/openshift/api/machine/v1beta1.VSphereDisk", "github.com/openshift/api/machine/v1beta1.Workspace", corev1.LocalObjectReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStream", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_machine_v1beta1_VSphereMachineProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamSet(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "VSphereMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains VSphere-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - Type: []string{"object"}, + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "name is the required identifier of the stream.\n\nname is determined by the operator based on the OCI label of the discovered OS or Extension Image.\n\nMust be a valid RFC 1123 subdomain between 1 and 253 characters in length, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.').", Type: []string{"string"}, Format: "", }, }, - "instanceId": { + "osImage": { SchemaProps: spec.SchemaProps{ - Description: "instanceId is the ID of the instance in VSphere", + Description: "osImage is a required OS Image referenced by digest.\n\nosImage contains the immutable, fundamental operating system components, including the kernel and base utilities, that define the core environment for the node's host operating system.\n\nThe format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters.", Type: []string{"string"}, Format: "", }, }, - "instanceState": { + "osExtensionsImage": { SchemaProps: spec.SchemaProps{ - Description: "instanceState is the provisioning state of the VSphere Instance.", + Description: "osExtensionsImage is a required OS Extensions Image referenced by digest.\n\nosExtensionsImage bundles the extra repositories used to enable extensions, augmenting the base operating system without modifying the underlying immutable osImage.\n\nThe format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters.", Type: []string{"string"}, Format: "", }, }, - "conditions": { + }, + Required: []string{"name", "osImage", "osExtensionsImage"}, + }, + }, + } +} + +func schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "OSImageStreamSpec defines the desired state of a OSImageStream.", + Type: []string{"object"}, + }, + }, + } +} + +func schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "OSImageStreamStatus describes the current state of a OSImageStream", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "availableStreams": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ "x-kubernetes-list-map-keys": []interface{}{ - "type", + "name", }, "x-kubernetes-list-type": "map", }, }, SchemaProps: spec.SchemaProps{ - Description: "conditions is a set of conditions associated with the Machine to indicate errors or other status", + Description: "availableStreams is a list of the available OS Image Streams that can be used as the base image for MachineConfigPools. availableStreams is required, must have at least one item, must not exceed 100 items, and must have unique entries keyed on the name field.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamSet"), }, }, }, }, }, - "taskRef": { + "defaultStream": { SchemaProps: spec.SchemaProps{ - Description: "taskRef is a managed object reference to a Task related to the machine. This value is set automatically at runtime and should not be set or modified by users.", + Description: "defaultStream is the name of the stream that should be used as the default when no specific stream is requested by a MachineConfigPool.\n\nIt must be a valid RFC 1123 subdomain between 1 and 253 characters in length, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.'), and must reference the name of one of the streams in availableStreams.", Type: []string{"string"}, Format: "", }, }, }, + Required: []string{"availableStreams", "defaultStream"}, }, }, Dependencies: []string{ - metav1.Condition{}.OpenAPIModelName()}, + "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamSet"}, } } -func schema_openshift_api_machine_v1beta1_Workspace(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageRef(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "WorkspaceConfig defines a workspace configuration for the vSphere cloud provider.", - Type: []string{"object"}, + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "server": { - SchemaProps: spec.SchemaProps{ - Description: "server is the IP address or FQDN of the vSphere endpoint.", - Type: []string{"string"}, - Format: "", - }, - }, - "datacenter": { - SchemaProps: spec.SchemaProps{ - Description: "datacenter is the datacenter in which VMs are created/located.", - Type: []string{"string"}, - Format: "", - }, - }, - "folder": { - SchemaProps: spec.SchemaProps{ - Description: "folder is the folder in which VMs are created/located.", - Type: []string{"string"}, - Format: "", - }, - }, - "datastore": { - SchemaProps: spec.SchemaProps{ - Description: "datastore is the datastore in which VMs are created/located.", - Type: []string{"string"}, - Format: "", - }, - }, - "resourcePool": { - SchemaProps: spec.SchemaProps{ - Description: "resourcePool is the resource pool in which VMs are created/located.", - Type: []string{"string"}, - Format: "", - }, - }, - "vmGroup": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "vmGroup is the cluster vm group in which virtual machines will be added for vm host group based zonal.", + Description: "name is an OCI Image referenced by digest. The format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters.", Type: []string{"string"}, Format: "", }, }, }, + Required: []string{"name"}, }, }, } } -func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImage(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSet(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "InternalReleaseImage is used to keep track and manage a set of release bundles (OCP and OLM operators images) that are stored into the control planes nodes.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "PinnedImageSet describes a set of images that should be pinned by CRI-O and pulled to the nodes which are members of the declared MachineConfigPools.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -46199,90 +45619,38 @@ func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImage(ref }, "metadata": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ - Description: "spec describes the configuration of this internal release image.", + Description: "spec describes the configuration of this pinned image set.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageSpec"), + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ - Description: "status describes the last observed state of this internal release image.", + Description: "status describes the last observed state of this pinned image set.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageStatus"), - }, - }, - }, - Required: []string{"metadata", "spec"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageSpec", "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageBundleStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", - }, - "x-kubernetes-list-type": "map", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "conditions represent the observations of an internal release image current state. Valid types are: Mounted, Installing, Available, Removing and Degraded.\n\nIf Mounted is true, that means that a valid ISO has been discovered and mounted on one of the cluster nodes. If Installing is true, that means that a new release bundle is currently being copied on one (or more) cluster nodes, and not yet completed. If Available is true, it means that the release has been previously installed on all the cluster nodes, and it can be used. If Removing is true, it means that a release deletion is in progress on one (or more) cluster nodes, and not yet completed. If Degraded is true, that means something has gone wrong (possibly on one or more cluster nodes).\n\nIn general, after installing a new release bundle, it is required to wait for the Conditions \"Available\" to become \"True\" (and all the other conditions to be equal to \"False\") before being able to pull its content.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), - }, - }, - }, - }, - }, - "name": { - SchemaProps: spec.SchemaProps{ - Description: "name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. The expected name format is ocp-release-bundle--.", - Type: []string{"string"}, - Format: "", - }, - }, - "image": { - SchemaProps: spec.SchemaProps{ - Description: "image is an OCP release image referenced by digest. The format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters. The field is optional, and it will be provided after a release will be successfully installed.", - Type: []string{"string"}, - Format: "", + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetStatus"), }, }, }, - Required: []string{"name"}, + Required: []string{"spec"}, }, }, Dependencies: []string{ - metav1.Condition{}.OpenAPIModelName()}, + "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetSpec", "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "InternalReleaseImageList is a list of InternalReleaseImage resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "PinnedImageSetList is a list of PinnedImageSet resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -46303,7 +45671,7 @@ func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageList SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -46313,7 +45681,7 @@ func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageList Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImage"), + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSet"), }, }, }, @@ -46324,39 +45692,18 @@ func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageList }, }, Dependencies: []string{ - "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImage", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSet", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageRef(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "InternalReleaseImageRef is used to provide a simple reference for a release bundle. Currently it contains only the name field.", + Description: "PinnedImageSetSpec defines the desired state of a PinnedImageSet.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { - SchemaProps: spec.SchemaProps{ - Description: "name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. The expected name format is ocp-release-bundle--.", - Type: []string{"string"}, - Format: "", - }, - }, - }, - Required: []string{"name"}, - }, - }, - } -} - -func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "InternalReleaseImageSpec defines the desired state of a InternalReleaseImage.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "releases": { + "pinnedImages": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ "x-kubernetes-list-map-keys": []interface{}{ @@ -46366,32 +45713,32 @@ func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageSpec }, }, SchemaProps: spec.SchemaProps{ - Description: "releases is a list of release bundle identifiers that the user wants to add/remove to/from the control plane nodes. Entries must be unique, keyed on the name field. releases must contain at least one entry and must not exceed 16 entries.", + Description: "pinnedImages is a list of OCI Image referenced by digest that should be pinned and pre-loaded by the nodes of a MachineConfigPool. Translates into a new file inside the /etc/crio/crio.conf.d directory with content similar to this:\n\n pinned_images = [\n \"quay.io/openshift-release-dev/ocp-release@sha256:...\",\n \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\",\n \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\",\n ...\n ]\n\nThese image references should all be by digest, tags aren't allowed.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageRef"), + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageRef"), }, }, }, }, }, }, - Required: []string{"releases"}, + Required: []string{"pinnedImages"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageRef"}, + "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageRef"}, } } -func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "InternalReleaseImageStatus describes the current state of a InternalReleaseImage.", + Description: "PinnedImageSetStatus describes the current state of a PinnedImageSet.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "conditions": { @@ -46404,245 +45751,23 @@ func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageStat }, }, SchemaProps: spec.SchemaProps{ - Description: "conditions represent the observations of the InternalReleaseImage controller current state. Valid types are: Degraded. If Degraded is true, that means something has gone wrong in the controller.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), - }, - }, - }, - }, - }, - "releases": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "releases is a list of the release bundles currently owned and managed by the cluster. A release bundle content could be safely pulled only when its Conditions field contains at least an Available entry set to \"True\" and Degraded to \"False\". Entries must be unique, keyed on the name field. releases must contain at least one entry and must not exceed 32 entries.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageBundleStatus"), - }, - }, - }, - }, - }, - }, - Required: []string{"releases"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageBundleStatus", metav1.Condition{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_machineconfiguration_v1alpha1_OSImageStream(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "OSImageStream describes a set of streams and associated images available for the MachineConfigPools to be used as base OS images.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), - }, - }, - "spec": { - SchemaProps: spec.SchemaProps{ - Description: "spec contains the desired OSImageStream config configuration.", - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamSpec"), - }, - }, - "status": { - SchemaProps: spec.SchemaProps{ - Description: "status describes the last observed state of this OSImageStream. Populated by the MachineConfigOperator after reading release metadata. When not present, the controller has not yet reconciled this resource.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamStatus"), - }, - }, - }, - Required: []string{"spec"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamSpec", "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamList(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "OSImageStreamList is a list of OSImageStream resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), - }, - }, - "items": { - SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStream"), - }, - }, - }, - }, - }, - }, - Required: []string{"metadata", "items"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStream", metav1.ListMeta{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamSet(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "name": { - SchemaProps: spec.SchemaProps{ - Description: "name is the required identifier of the stream.\n\nname is determined by the operator based on the OCI label of the discovered OS or Extension Image.\n\nMust be a valid RFC 1123 subdomain between 1 and 253 characters in length, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.').", - Type: []string{"string"}, - Format: "", - }, - }, - "osImage": { - SchemaProps: spec.SchemaProps{ - Description: "osImage is a required OS Image referenced by digest.\n\nosImage contains the immutable, fundamental operating system components, including the kernel and base utilities, that define the core environment for the node's host operating system.\n\nThe format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters.", - Type: []string{"string"}, - Format: "", - }, - }, - "osExtensionsImage": { - SchemaProps: spec.SchemaProps{ - Description: "osExtensionsImage is a required OS Extensions Image referenced by digest.\n\nosExtensionsImage bundles the extra repositories used to enable extensions, augmenting the base operating system without modifying the underlying immutable osImage.\n\nThe format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters.", - Type: []string{"string"}, - Format: "", - }, - }, - }, - Required: []string{"name", "osImage", "osExtensionsImage"}, - }, - }, - } -} - -func schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "OSImageStreamSpec defines the desired state of a OSImageStream.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "defaultStream": { - SchemaProps: spec.SchemaProps{ - Description: "defaultStream is the desired name of the stream that should be used as the default when no specific stream is requested by a MachineConfigPool.\n\nThis field is set by the installer during installation. Users may need to update it if the currently selected stream is no longer available, for example when the stream has reached its End of Life. The MachineConfigOperator uses this value to determine which stream from status.availableStreams to apply as the default for MachineConfigPools that do not specify a stream override.\n\nWhen status.availableStreams has been populated by the operator, updating this field requires that the new value references the name of one of the streams in status.availableStreams. Status-only updates by the operator are not subject to this constraint, allowing the operator to update availableStreams independently of this field. During initial creation, before the operator has populated status, any valid value is accepted.\n\nWhen omitted, the operator determines the default stream automatically. Once set, this field cannot be removed.\n\nIt must be a valid RFC 1123 subdomain between 1 and 253 characters in length, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.').", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - } -} - -func schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "OSImageStreamStatus describes the current state of a OSImageStream", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "availableStreams": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "availableStreams is a list of the available OS Image Streams that can be used as the base image for MachineConfigPools. availableStreams is required, must have at least one item, must not exceed 100 items, and must have unique entries keyed on the name field.", + Description: "conditions represent the observations of a pinned image set's current state.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamSet"), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, }, }, - "defaultStream": { - SchemaProps: spec.SchemaProps{ - Description: "defaultStream is the name of the stream that should be used as the default when no specific stream is requested by a MachineConfigPool.\n\nIt must be a valid RFC 1123 subdomain between 1 and 253 characters in length, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.'), and must reference the name of one of the streams in availableStreams.", - Type: []string{"string"}, - Format: "", - }, - }, }, - Required: []string{"availableStreams", "defaultStream"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamSet"}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -46671,7 +45796,7 @@ func schema_openshift_api_monitoring_v1_AlertRelabelConfig(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -46693,7 +45818,7 @@ func schema_openshift_api_monitoring_v1_AlertRelabelConfig(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/monitoring/v1.AlertRelabelConfigSpec", "github.com/openshift/api/monitoring/v1.AlertRelabelConfigStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/monitoring/v1.AlertRelabelConfigSpec", "github.com/openshift/api/monitoring/v1.AlertRelabelConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -46722,7 +45847,7 @@ func schema_openshift_api_monitoring_v1_AlertRelabelConfigList(ref common.Refere SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -46743,7 +45868,7 @@ func schema_openshift_api_monitoring_v1_AlertRelabelConfigList(ref common.Refere }, }, Dependencies: []string{ - "github.com/openshift/api/monitoring/v1.AlertRelabelConfig", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/monitoring/v1.AlertRelabelConfig", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -46800,7 +45925,7 @@ func schema_openshift_api_monitoring_v1_AlertRelabelConfigStatus(ref common.Refe Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -46810,7 +45935,7 @@ func schema_openshift_api_monitoring_v1_AlertRelabelConfigStatus(ref common.Refe }, }, Dependencies: []string{ - metav1.Condition{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -46839,7 +45964,7 @@ func schema_openshift_api_monitoring_v1_AlertingRule(ref common.ReferenceCallbac SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -46861,7 +45986,7 @@ func schema_openshift_api_monitoring_v1_AlertingRule(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "github.com/openshift/api/monitoring/v1.AlertingRuleSpec", "github.com/openshift/api/monitoring/v1.AlertingRuleStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/monitoring/v1.AlertingRuleSpec", "github.com/openshift/api/monitoring/v1.AlertingRuleStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -46890,7 +46015,7 @@ func schema_openshift_api_monitoring_v1_AlertingRuleList(ref common.ReferenceCal SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -46911,7 +46036,7 @@ func schema_openshift_api_monitoring_v1_AlertingRuleList(ref common.ReferenceCal }, }, Dependencies: []string{ - "github.com/openshift/api/monitoring/v1.AlertingRule", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/monitoring/v1.AlertingRule", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -47092,7 +46217,7 @@ func schema_openshift_api_monitoring_v1_Rule(ref common.ReferenceCallback) commo "expr": { SchemaProps: spec.SchemaProps{ Description: "expr is the PromQL expression to evaluate. Every evaluation cycle this is evaluated at the current time, and all resultant time series become pending or firing alerts. This is most often a string representing a PromQL expression, e.g.: mapi_current_pending_csr > mapi_max_pending_csr In rare cases this could be a simple integer, e.g. a simple \"1\" if the intent is to create an alert that is always firing. This is sometimes used to create an always-firing \"Watchdog\" alert in order to ensure the alerting pipeline is functional.", - Ref: ref(intstr.IntOrString{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/util/intstr.IntOrString"), }, }, "for": { @@ -47139,7 +46264,7 @@ func schema_openshift_api_monitoring_v1_Rule(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - intstr.IntOrString{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/util/intstr.IntOrString"}, } } @@ -47213,7 +46338,7 @@ func schema_openshift_api_network_v1_ClusterNetwork(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "network": { @@ -47278,7 +46403,7 @@ func schema_openshift_api_network_v1_ClusterNetwork(ref common.ReferenceCallback }, }, Dependencies: []string{ - "github.com/openshift/api/network/v1.ClusterNetworkEntry", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/network/v1.ClusterNetworkEntry", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -47337,7 +46462,7 @@ func schema_openshift_api_network_v1_ClusterNetworkList(ref common.ReferenceCall SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -47359,7 +46484,7 @@ func schema_openshift_api_network_v1_ClusterNetworkList(ref common.ReferenceCall }, }, Dependencies: []string{ - "github.com/openshift/api/network/v1.ClusterNetwork", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/network/v1.ClusterNetwork", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -47388,7 +46513,7 @@ func schema_openshift_api_network_v1_EgressNetworkPolicy(ref common.ReferenceCal SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -47403,7 +46528,7 @@ func schema_openshift_api_network_v1_EgressNetworkPolicy(ref common.ReferenceCal }, }, Dependencies: []string{ - "github.com/openshift/api/network/v1.EgressNetworkPolicySpec", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/network/v1.EgressNetworkPolicySpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -47432,7 +46557,7 @@ func schema_openshift_api_network_v1_EgressNetworkPolicyList(ref common.Referenc SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -47454,7 +46579,7 @@ func schema_openshift_api_network_v1_EgressNetworkPolicyList(ref common.Referenc }, }, Dependencies: []string{ - "github.com/openshift/api/network/v1.EgressNetworkPolicy", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/network/v1.EgressNetworkPolicy", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -47571,7 +46696,7 @@ func schema_openshift_api_network_v1_HostSubnet(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "host": { @@ -47633,7 +46758,7 @@ func schema_openshift_api_network_v1_HostSubnet(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -47662,7 +46787,7 @@ func schema_openshift_api_network_v1_HostSubnetList(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -47684,7 +46809,7 @@ func schema_openshift_api_network_v1_HostSubnetList(ref common.ReferenceCallback }, }, Dependencies: []string{ - "github.com/openshift/api/network/v1.HostSubnet", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/network/v1.HostSubnet", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -47713,7 +46838,7 @@ func schema_openshift_api_network_v1_NetNamespace(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "netname": { @@ -47752,7 +46877,7 @@ func schema_openshift_api_network_v1_NetNamespace(ref common.ReferenceCallback) }, }, Dependencies: []string{ - metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -47781,7 +46906,7 @@ func schema_openshift_api_network_v1_NetNamespaceList(ref common.ReferenceCallba SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -47803,7 +46928,7 @@ func schema_openshift_api_network_v1_NetNamespaceList(ref common.ReferenceCallba }, }, Dependencies: []string{ - "github.com/openshift/api/network/v1.NetNamespace", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/network/v1.NetNamespace", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -47832,7 +46957,7 @@ func schema_openshift_api_network_v1alpha1_DNSNameResolver(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -47854,7 +46979,7 @@ func schema_openshift_api_network_v1alpha1_DNSNameResolver(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/network/v1alpha1.DNSNameResolverSpec", "github.com/openshift/api/network/v1alpha1.DNSNameResolverStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/network/v1alpha1.DNSNameResolverSpec", "github.com/openshift/api/network/v1alpha1.DNSNameResolverStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -47883,7 +47008,7 @@ func schema_openshift_api_network_v1alpha1_DNSNameResolverList(ref common.Refere SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -47905,7 +47030,7 @@ func schema_openshift_api_network_v1alpha1_DNSNameResolverList(ref common.Refere }, }, Dependencies: []string{ - "github.com/openshift/api/network/v1alpha1.DNSNameResolver", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/network/v1alpha1.DNSNameResolver", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -47935,7 +47060,7 @@ func schema_openshift_api_network_v1alpha1_DNSNameResolverResolvedAddress(ref co "lastLookupTime": { SchemaProps: spec.SchemaProps{ Description: "lastLookupTime is the timestamp when the last DNS lookup was completed successfully. The validity of the IP address expires after lastLookupTime + ttlSeconds. The value of this field will be updated to the current time on a successful DNS lookup. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, }, @@ -47943,7 +47068,7 @@ func schema_openshift_api_network_v1alpha1_DNSNameResolverResolvedAddress(ref co }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -47970,7 +47095,7 @@ func schema_openshift_api_network_v1alpha1_DNSNameResolverResolvedName(ref commo Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -48018,7 +47143,7 @@ func schema_openshift_api_network_v1alpha1_DNSNameResolverResolvedName(ref commo }, }, Dependencies: []string{ - "github.com/openshift/api/network/v1alpha1.DNSNameResolverResolvedAddress", metav1.Condition{}.OpenAPIModelName()}, + "github.com/openshift/api/network/v1alpha1.DNSNameResolverResolvedAddress", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -48108,7 +47233,7 @@ func schema_openshift_api_networkoperator_v1_EgressRouter(ref common.ReferenceCa SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -48130,7 +47255,7 @@ func schema_openshift_api_networkoperator_v1_EgressRouter(ref common.ReferenceCa }, }, Dependencies: []string{ - "github.com/openshift/api/networkoperator/v1.EgressRouterSpec", "github.com/openshift/api/networkoperator/v1.EgressRouterStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/networkoperator/v1.EgressRouterSpec", "github.com/openshift/api/networkoperator/v1.EgressRouterStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -48262,7 +47387,7 @@ func schema_openshift_api_oauth_v1_OAuthAccessToken(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "clientName": { @@ -48340,7 +47465,7 @@ func schema_openshift_api_oauth_v1_OAuthAccessToken(ref common.ReferenceCallback }, }, Dependencies: []string{ - metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -48369,7 +47494,7 @@ func schema_openshift_api_oauth_v1_OAuthAccessTokenList(ref common.ReferenceCall SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -48391,7 +47516,7 @@ func schema_openshift_api_oauth_v1_OAuthAccessTokenList(ref common.ReferenceCall }, }, Dependencies: []string{ - "github.com/openshift/api/oauth/v1.OAuthAccessToken", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/oauth/v1.OAuthAccessToken", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -48420,7 +47545,7 @@ func schema_openshift_api_oauth_v1_OAuthAuthorizeToken(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "clientName": { @@ -48498,7 +47623,7 @@ func schema_openshift_api_oauth_v1_OAuthAuthorizeToken(ref common.ReferenceCallb }, }, Dependencies: []string{ - metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -48527,7 +47652,7 @@ func schema_openshift_api_oauth_v1_OAuthAuthorizeTokenList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -48549,7 +47674,7 @@ func schema_openshift_api_oauth_v1_OAuthAuthorizeTokenList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/oauth/v1.OAuthAuthorizeToken", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/oauth/v1.OAuthAuthorizeToken", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -48578,7 +47703,7 @@ func schema_openshift_api_oauth_v1_OAuthClient(ref common.ReferenceCallback) com SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "secret": { @@ -48669,7 +47794,7 @@ func schema_openshift_api_oauth_v1_OAuthClient(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "github.com/openshift/api/oauth/v1.ScopeRestriction", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/oauth/v1.ScopeRestriction", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -48698,7 +47823,7 @@ func schema_openshift_api_oauth_v1_OAuthClientAuthorization(ref common.Reference SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "clientName": { @@ -48741,7 +47866,7 @@ func schema_openshift_api_oauth_v1_OAuthClientAuthorization(ref common.Reference }, }, Dependencies: []string{ - metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -48770,7 +47895,7 @@ func schema_openshift_api_oauth_v1_OAuthClientAuthorizationList(ref common.Refer SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -48792,7 +47917,7 @@ func schema_openshift_api_oauth_v1_OAuthClientAuthorizationList(ref common.Refer }, }, Dependencies: []string{ - "github.com/openshift/api/oauth/v1.OAuthClientAuthorization", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/oauth/v1.OAuthClientAuthorization", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -48821,7 +47946,7 @@ func schema_openshift_api_oauth_v1_OAuthClientList(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -48843,7 +47968,7 @@ func schema_openshift_api_oauth_v1_OAuthClientList(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/oauth/v1.OAuthClient", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/oauth/v1.OAuthClient", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -48872,7 +47997,7 @@ func schema_openshift_api_oauth_v1_OAuthRedirectReference(ref common.ReferenceCa SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "reference": { @@ -48886,7 +48011,7 @@ func schema_openshift_api_oauth_v1_OAuthRedirectReference(ref common.ReferenceCa }, }, Dependencies: []string{ - "github.com/openshift/api/oauth/v1.RedirectReference", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/oauth/v1.RedirectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -48989,7 +48114,7 @@ func schema_openshift_api_oauth_v1_UserOAuthAccessToken(ref common.ReferenceCall SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "clientName": { @@ -49067,7 +48192,7 @@ func schema_openshift_api_oauth_v1_UserOAuthAccessToken(ref common.ReferenceCall }, }, Dependencies: []string{ - metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -49096,7 +48221,7 @@ func schema_openshift_api_oauth_v1_UserOAuthAccessTokenList(ref common.Reference SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -49117,7 +48242,7 @@ func schema_openshift_api_oauth_v1_UserOAuthAccessTokenList(ref common.Reference }, }, Dependencies: []string{ - "github.com/openshift/api/oauth/v1.UserOAuthAccessToken", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/oauth/v1.UserOAuthAccessToken", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -49239,7 +48364,7 @@ func schema_openshift_api_openshiftcontrolplane_v1_BuildDefaultsConfig(ref commo Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EnvVar"), }, }, }, @@ -49301,14 +48426,14 @@ func schema_openshift_api_openshiftcontrolplane_v1_BuildDefaultsConfig(ref commo SchemaProps: spec.SchemaProps{ Description: "resources defines resource requirements to execute the build.", Default: map[string]interface{}{}, - Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.ImageLabel", "github.com/openshift/api/openshiftcontrolplane/v1.SourceStrategyDefaultsConfig", corev1.EnvVar{}.OpenAPIModelName(), corev1.ResourceRequirements{}.OpenAPIModelName()}, + "github.com/openshift/api/build/v1.ImageLabel", "github.com/openshift/api/openshiftcontrolplane/v1.SourceStrategyDefaultsConfig", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.ResourceRequirements"}, } } @@ -49394,7 +48519,7 @@ func schema_openshift_api_openshiftcontrolplane_v1_BuildOverridesConfig(ref comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.Toleration{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Toleration"), }, }, }, @@ -49404,7 +48529,7 @@ func schema_openshift_api_openshiftcontrolplane_v1_BuildOverridesConfig(ref comm }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.ImageLabel", corev1.Toleration{}.OpenAPIModelName()}, + "github.com/openshift/api/build/v1.ImageLabel", "k8s.io/api/core/v1.Toleration"}, } } @@ -50277,12 +49402,12 @@ func schema_openshift_api_openshiftcontrolplane_v1_ResourceQuotaControllerConfig }, "syncPeriod": { SchemaProps: spec.SchemaProps{ - Ref: ref(metav1.Duration{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, "minResyncPeriod": { SchemaProps: spec.SchemaProps{ - Ref: ref(metav1.Duration{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, }, @@ -50290,7 +49415,7 @@ func schema_openshift_api_openshiftcontrolplane_v1_ResourceQuotaControllerConfig }, }, Dependencies: []string{ - metav1.Duration{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, } } @@ -50433,7 +49558,7 @@ func schema_openshift_api_operator_v1_AWSCSIDriverConfigSpec(ref common.Referenc Properties: map[string]spec.Schema{ "kmsKeyARN": { SchemaProps: spec.SchemaProps{ - Description: "kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, rather than the default KMS key used by AWS. The value may be either the ARN or Alias ARN of a KMS key.\n\nThe ARN must follow the format: arn::kms:::(key|alias)/, where: is the AWS partition (aws, aws-cn, aws-us-gov, aws-iso, aws-iso-b, aws-iso-e, aws-iso-f, or aws-eusc), is the AWS region, is a 12-digit numeric identifier for the AWS account, is the KMS key ID or alias name.", + Description: "kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, rather than the default KMS key used by AWS. The value may be either the ARN or Alias ARN of a KMS key.", Type: []string{"string"}, Format: "", }, @@ -50462,7 +49587,7 @@ func schema_openshift_api_operator_v1_AWSClassicLoadBalancerParameters(ref commo "connectionIdleTimeout": { SchemaProps: spec.SchemaProps{ Description: "connectionIdleTimeout specifies the maximum time period that a connection may be idle before the load balancer closes the connection. The value must be parseable as a time duration value; see . A nil or zero value means no opinion, in which case a default value is used. The default value for this field is 60s. This default is subject to change.", - Ref: ref(metav1.Duration{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, "subnets": { @@ -50475,7 +49600,7 @@ func schema_openshift_api_operator_v1_AWSClassicLoadBalancerParameters(ref commo }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.AWSSubnets", metav1.Duration{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.AWSSubnets", "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, } } @@ -50893,7 +50018,7 @@ func schema_openshift_api_operator_v1_Authentication(ref common.ReferenceCallbac SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -50913,7 +50038,7 @@ func schema_openshift_api_operator_v1_Authentication(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.AuthenticationSpec", "github.com/openshift/api/operator/v1.AuthenticationStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.AuthenticationSpec", "github.com/openshift/api/operator/v1.AuthenticationStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -50942,7 +50067,7 @@ func schema_openshift_api_operator_v1_AuthenticationList(ref common.ReferenceCal SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -50963,7 +50088,7 @@ func schema_openshift_api_operator_v1_AuthenticationList(ref common.ReferenceCal }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.Authentication", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.Authentication", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -50998,13 +50123,13 @@ func schema_openshift_api_operator_v1_AuthenticationSpec(ref common.ReferenceCal "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -51012,7 +50137,7 @@ func schema_openshift_api_operator_v1_AuthenticationSpec(ref common.ReferenceCal }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -51172,35 +50297,6 @@ func schema_openshift_api_operator_v1_AzureDiskEncryptionSet(ref common.Referenc } } -func schema_openshift_api_operator_v1_BGPManagedConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "BGPManagedConfig contains configuration options for BGP when routing is \"Managed\".", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "asNumber": { - SchemaProps: spec.SchemaProps{ - Description: "asNumber is the 2-byte or 4-byte Autonomous System Number (ASN) to be used in the generated FRR configuration. Valid values are 1 to 4294967295. When omitted, this defaults to 64512.", - Default: 64512, - Type: []string{"integer"}, - Format: "int64", - }, - }, - "bgpTopology": { - SchemaProps: spec.SchemaProps{ - Description: "bgpTopology defines the BGP topology to be used. Allowed values are \"FullMesh\". When set to \"FullMesh\", every node peers directly with every other node via BGP. This field is required when BGPManagedConfig is specified.", - Type: []string{"string"}, - Format: "", - }, - }, - }, - Required: []string{"bgpTopology"}, - }, - }, - } -} - func schema_openshift_api_operator_v1_BootImageSkewEnforcementConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -51388,7 +50484,7 @@ func schema_openshift_api_operator_v1_CSISnapshotController(ref common.Reference SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -51410,7 +50506,7 @@ func schema_openshift_api_operator_v1_CSISnapshotController(ref common.Reference }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.CSISnapshotControllerSpec", "github.com/openshift/api/operator/v1.CSISnapshotControllerStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.CSISnapshotControllerSpec", "github.com/openshift/api/operator/v1.CSISnapshotControllerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -51439,7 +50535,7 @@ func schema_openshift_api_operator_v1_CSISnapshotControllerList(ref common.Refer SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -51460,7 +50556,7 @@ func schema_openshift_api_operator_v1_CSISnapshotControllerList(ref common.Refer }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.CSISnapshotController", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.CSISnapshotController", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -51496,13 +50592,13 @@ func schema_openshift_api_operator_v1_CSISnapshotControllerSpec(ref common.Refer "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -51510,7 +50606,7 @@ func schema_openshift_api_operator_v1_CSISnapshotControllerSpec(ref common.Refer }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -51744,7 +50840,7 @@ func schema_openshift_api_operator_v1_CloudCredential(ref common.ReferenceCallba SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -51764,7 +50860,7 @@ func schema_openshift_api_operator_v1_CloudCredential(ref common.ReferenceCallba }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.CloudCredentialSpec", "github.com/openshift/api/operator/v1.CloudCredentialStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.CloudCredentialSpec", "github.com/openshift/api/operator/v1.CloudCredentialStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -51793,7 +50889,7 @@ func schema_openshift_api_operator_v1_CloudCredentialList(ref common.ReferenceCa SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -51814,7 +50910,7 @@ func schema_openshift_api_operator_v1_CloudCredentialList(ref common.ReferenceCa }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.CloudCredential", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.CloudCredential", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -51850,13 +50946,13 @@ func schema_openshift_api_operator_v1_CloudCredentialSpec(ref common.ReferenceCa "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "credentialsMode": { @@ -51871,7 +50967,7 @@ func schema_openshift_api_operator_v1_CloudCredentialSpec(ref common.ReferenceCa }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -52066,7 +51162,7 @@ func schema_openshift_api_operator_v1_ClusterCSIDriver(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -52088,7 +51184,7 @@ func schema_openshift_api_operator_v1_ClusterCSIDriver(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.ClusterCSIDriverSpec", "github.com/openshift/api/operator/v1.ClusterCSIDriverStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.ClusterCSIDriverSpec", "github.com/openshift/api/operator/v1.ClusterCSIDriverStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -52117,7 +51213,7 @@ func schema_openshift_api_operator_v1_ClusterCSIDriverList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -52138,7 +51234,7 @@ func schema_openshift_api_operator_v1_ClusterCSIDriverList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.ClusterCSIDriver", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.ClusterCSIDriver", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -52174,13 +51270,13 @@ func schema_openshift_api_operator_v1_ClusterCSIDriverSpec(ref common.ReferenceC "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "storageClassState": { @@ -52202,7 +51298,7 @@ func schema_openshift_api_operator_v1_ClusterCSIDriverSpec(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.CSIDriverConfigSpec", runtime.RawExtension{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.CSIDriverConfigSpec", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -52349,7 +51445,7 @@ func schema_openshift_api_operator_v1_Config(ref common.ReferenceCallback) commo SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -52371,7 +51467,7 @@ func schema_openshift_api_operator_v1_Config(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.ConfigSpec", "github.com/openshift/api/operator/v1.ConfigStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.ConfigSpec", "github.com/openshift/api/operator/v1.ConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -52400,7 +51496,7 @@ func schema_openshift_api_operator_v1_ConfigList(ref common.ReferenceCallback) c SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -52422,7 +51518,7 @@ func schema_openshift_api_operator_v1_ConfigList(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.Config", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.Config", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -52487,13 +51583,13 @@ func schema_openshift_api_operator_v1_ConfigSpec(ref common.ReferenceCallback) c "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -52501,7 +51597,7 @@ func schema_openshift_api_operator_v1_ConfigSpec(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -52620,7 +51716,7 @@ func schema_openshift_api_operator_v1_Console(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -52640,7 +51736,7 @@ func schema_openshift_api_operator_v1_Console(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.ConsoleSpec", "github.com/openshift/api/operator/v1.ConsoleStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.ConsoleSpec", "github.com/openshift/api/operator/v1.ConsoleStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -52837,7 +51933,7 @@ func schema_openshift_api_operator_v1_ConsoleList(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -52858,7 +51954,7 @@ func schema_openshift_api_operator_v1_ConsoleList(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.Console", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.Console", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -52915,13 +52011,13 @@ func schema_openshift_api_operator_v1_ConsoleSpec(ref common.ReferenceCallback) "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "customization": { @@ -52972,7 +52068,7 @@ func schema_openshift_api_operator_v1_ConsoleSpec(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.ConsoleConfigRoute", "github.com/openshift/api/operator/v1.ConsoleCustomization", "github.com/openshift/api/operator/v1.ConsoleProviders", "github.com/openshift/api/operator/v1.Ingress", runtime.RawExtension{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.ConsoleConfigRoute", "github.com/openshift/api/operator/v1.ConsoleCustomization", "github.com/openshift/api/operator/v1.ConsoleProviders", "github.com/openshift/api/operator/v1.Ingress", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -53112,7 +52208,7 @@ func schema_openshift_api_operator_v1_DNS(ref common.ReferenceCallback) common.O SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -53133,7 +52229,7 @@ func schema_openshift_api_operator_v1_DNS(ref common.ReferenceCallback) common.O }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.DNSSpec", "github.com/openshift/api/operator/v1.DNSStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.DNSSpec", "github.com/openshift/api/operator/v1.DNSStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -53147,20 +52243,20 @@ func schema_openshift_api_operator_v1_DNSCache(ref common.ReferenceCallback) com "positiveTTL": { SchemaProps: spec.SchemaProps{ Description: "positiveTTL is optional and specifies the amount of time that a positive response should be cached.\n\nIf configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"100s\", \"1m30s\", \"12h30m10s\". Values that are fractions of a second are rounded down to the nearest second. If the configured value is less than 1s, the default value will be used. If not configured, the value will be 0s and OpenShift will use a default value of 900 seconds unless noted otherwise in the respective Corefile for your version of OpenShift. The default value of 900 seconds is subject to change.", - Ref: ref(metav1.Duration{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, "negativeTTL": { SchemaProps: spec.SchemaProps{ Description: "negativeTTL is optional and specifies the amount of time that a negative response should be cached.\n\nIf configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"100s\", \"1m30s\", \"12h30m10s\". Values that are fractions of a second are rounded down to the nearest second. If the configured value is less than 1s, the default value will be used. If not configured, the value will be 0s and OpenShift will use a default value of 30 seconds unless noted otherwise in the respective Corefile for your version of OpenShift. The default value of 30 seconds is subject to change.", - Ref: ref(metav1.Duration{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, }, }, }, Dependencies: []string{ - metav1.Duration{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, } } @@ -53189,7 +52285,7 @@ func schema_openshift_api_operator_v1_DNSList(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -53210,7 +52306,7 @@ func schema_openshift_api_operator_v1_DNSList(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.DNS", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.DNS", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -53245,7 +52341,7 @@ func schema_openshift_api_operator_v1_DNSNodePlacement(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.Toleration{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Toleration"), }, }, }, @@ -53255,7 +52351,7 @@ func schema_openshift_api_operator_v1_DNSNodePlacement(ref common.ReferenceCallb }, }, Dependencies: []string{ - corev1.Toleration{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.Toleration"}, } } @@ -53814,7 +52910,7 @@ func schema_openshift_api_operator_v1_Etcd(ref common.ReferenceCallback) common. SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -53834,7 +52930,7 @@ func schema_openshift_api_operator_v1_Etcd(ref common.ReferenceCallback) common. }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.EtcdSpec", "github.com/openshift/api/operator/v1.EtcdStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.EtcdSpec", "github.com/openshift/api/operator/v1.EtcdStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -53863,7 +52959,7 @@ func schema_openshift_api_operator_v1_EtcdList(ref common.ReferenceCallback) com SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -53885,7 +52981,7 @@ func schema_openshift_api_operator_v1_EtcdList(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.Etcd", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.Etcd", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -53920,13 +53016,13 @@ func schema_openshift_api_operator_v1_EtcdSpec(ref common.ReferenceCallback) com "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "forceRedeploymentReason": { @@ -53973,7 +53069,7 @@ func schema_openshift_api_operator_v1_EtcdSpec(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -54393,13 +53489,13 @@ func schema_openshift_api_operator_v1_GatherStatus(ref common.ReferenceCallback) "lastGatherTime": { SchemaProps: spec.SchemaProps{ Description: "lastGatherTime is the last time when Insights data gathering finished. An empty value means that no data has been gathered yet.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "lastGatherDuration": { SchemaProps: spec.SchemaProps{ Description: "lastGatherDuration is the total time taken to process all gatherers during the last gather event.", - Ref: ref(metav1.Duration{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, "gatherers": { @@ -54425,7 +53521,7 @@ func schema_openshift_api_operator_v1_GatherStatus(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.GathererStatus", metav1.Duration{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.GathererStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.Duration", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -54449,7 +53545,7 @@ func schema_openshift_api_operator_v1_GathererStatus(ref common.ReferenceCallbac Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -54466,7 +53562,7 @@ func schema_openshift_api_operator_v1_GathererStatus(ref common.ReferenceCallbac "lastGatherDuration": { SchemaProps: spec.SchemaProps{ Description: "lastGatherDuration represents the time spent gathering.", - Ref: ref(metav1.Duration{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, }, @@ -54474,7 +53570,7 @@ func schema_openshift_api_operator_v1_GathererStatus(ref common.ReferenceCallbac }, }, Dependencies: []string{ - metav1.Condition{}.OpenAPIModelName(), metav1.Duration{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition", "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, } } @@ -55010,7 +54106,7 @@ func schema_openshift_api_operator_v1_IngressController(ref common.ReferenceCall SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -55031,7 +54127,7 @@ func schema_openshift_api_operator_v1_IngressController(ref common.ReferenceCall }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.IngressControllerSpec", "github.com/openshift/api/operator/v1.IngressControllerStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.IngressControllerSpec", "github.com/openshift/api/operator/v1.IngressControllerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -55468,7 +54564,7 @@ func schema_openshift_api_operator_v1_IngressControllerList(ref common.Reference SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -55489,7 +54585,7 @@ func schema_openshift_api_operator_v1_IngressControllerList(ref common.Reference }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.IngressController", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.IngressController", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -55573,19 +54669,19 @@ func schema_openshift_api_operator_v1_IngressControllerSpec(ref common.Reference "defaultCertificate": { SchemaProps: spec.SchemaProps{ Description: "defaultCertificate is a reference to a secret containing the default certificate served by the ingress controller. When Routes don't specify their own certificate, defaultCertificate is used.\n\nThe secret must contain the following keys and data:\n\n tls.crt: certificate file contents\n tls.key: key file contents\n\nIf unset, a wildcard certificate is automatically generated and used. The certificate is valid for the ingress controller domain (and subdomains) and the generated certificate's CA will be automatically integrated with the cluster's trust store.\n\nIf a wildcard certificate is used and shared by multiple HTTP/2 enabled routes (which implies ALPN) then clients (i.e., notably browsers) are at liberty to reuse open connections. This means a client can reuse a connection to another route and that is likely to fail. This behaviour is generally known as connection coalescing.\n\nThe in-use certificate (whether generated or user-specified) will be automatically integrated with OpenShift's built-in OAuth server.", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, "namespaceSelector": { SchemaProps: spec.SchemaProps{ Description: "namespaceSelector is used to filter the set of namespaces serviced by the ingress controller. This is useful for implementing shards.\n\nIf unset, the default is no filtering.", - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, "routeSelector": { SchemaProps: spec.SchemaProps{ Description: "routeSelector is used to filter the set of Routes serviced by the ingress controller. This is useful for implementing shards.\n\nIf unset, the default is no filtering.", - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, "nodePlacement": { @@ -55642,7 +54738,7 @@ func schema_openshift_api_operator_v1_IngressControllerSpec(ref common.Reference "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides allows specifying unsupported configuration options. Its use is unsupported.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "httpCompression": { @@ -55672,7 +54768,7 @@ func schema_openshift_api_operator_v1_IngressControllerSpec(ref common.Reference }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ConfigMapNameReference", "github.com/openshift/api/config/v1.TLSSecurityProfile", "github.com/openshift/api/operator/v1.ClientTLS", "github.com/openshift/api/operator/v1.EndpointPublishingStrategy", "github.com/openshift/api/operator/v1.HTTPCompressionPolicy", "github.com/openshift/api/operator/v1.IngressControllerHTTPHeaders", "github.com/openshift/api/operator/v1.IngressControllerLogging", "github.com/openshift/api/operator/v1.IngressControllerTuningOptions", "github.com/openshift/api/operator/v1.NodePlacement", "github.com/openshift/api/operator/v1.RouteAdmissionPolicy", corev1.LocalObjectReference{}.OpenAPIModelName(), metav1.LabelSelector{}.OpenAPIModelName(), runtime.RawExtension{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.ConfigMapNameReference", "github.com/openshift/api/config/v1.TLSSecurityProfile", "github.com/openshift/api/operator/v1.ClientTLS", "github.com/openshift/api/operator/v1.EndpointPublishingStrategy", "github.com/openshift/api/operator/v1.HTTPCompressionPolicy", "github.com/openshift/api/operator/v1.IngressControllerHTTPHeaders", "github.com/openshift/api/operator/v1.IngressControllerLogging", "github.com/openshift/api/operator/v1.IngressControllerTuningOptions", "github.com/openshift/api/operator/v1.NodePlacement", "github.com/openshift/api/operator/v1.RouteAdmissionPolicy", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -55751,20 +54847,20 @@ func schema_openshift_api_operator_v1_IngressControllerStatus(ref common.Referen "namespaceSelector": { SchemaProps: spec.SchemaProps{ Description: "namespaceSelector is the actual namespaceSelector in use.", - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, "routeSelector": { SchemaProps: spec.SchemaProps{ Description: "routeSelector is the actual routeSelector in use.", - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.TLSProfileSpec", "github.com/openshift/api/operator/v1.EndpointPublishingStrategy", "github.com/openshift/api/operator/v1.OperatorCondition", metav1.LabelSelector{}.OpenAPIModelName()}, + "github.com/openshift/api/config/v1.TLSProfileSpec", "github.com/openshift/api/operator/v1.EndpointPublishingStrategy", "github.com/openshift/api/operator/v1.OperatorCondition", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -55799,55 +54895,55 @@ func schema_openshift_api_operator_v1_IngressControllerTuningOptions(ref common. "clientTimeout": { SchemaProps: spec.SchemaProps{ Description: "clientTimeout defines how long a connection will be held open while waiting for a client response.\n\nIf unset, the default timeout is 30s", - Ref: ref(metav1.Duration{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, "clientFinTimeout": { SchemaProps: spec.SchemaProps{ Description: "clientFinTimeout defines how long a connection will be held open while waiting for the client response to the server/backend closing the connection.\n\nIf unset, the default timeout is 1s", - Ref: ref(metav1.Duration{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, "serverTimeout": { SchemaProps: spec.SchemaProps{ Description: "serverTimeout defines how long a connection will be held open while waiting for a server/backend response.\n\nIf unset, the default timeout is 30s", - Ref: ref(metav1.Duration{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, "serverFinTimeout": { SchemaProps: spec.SchemaProps{ Description: "serverFinTimeout defines how long a connection will be held open while waiting for the server/backend response to the client closing the connection.\n\nIf unset, the default timeout is 1s", - Ref: ref(metav1.Duration{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, "tunnelTimeout": { SchemaProps: spec.SchemaProps{ Description: "tunnelTimeout defines how long a tunnel connection (including websockets) will be held open while the tunnel is idle.\n\nIf unset, the default timeout is 1h", - Ref: ref(metav1.Duration{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, "connectTimeout": { SchemaProps: spec.SchemaProps{ Description: "connectTimeout defines the maximum time to wait for a connection attempt to a server/backend to succeed.\n\nThis field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a reasonable default. This default is subject to change over time. The current default is 5s.", - Ref: ref(metav1.Duration{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, "httpKeepAliveTimeout": { SchemaProps: spec.SchemaProps{ Description: "httpKeepAliveTimeout defines the maximum allowed time to wait for a new HTTP request to appear on a connection from the client to the router.\n\nThis field expects an unsigned duration string of a decimal number, with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5s\" or \"2m45s\". Valid time units are \"ms\", \"s\", \"m\". The allowed range is from 1 millisecond to 15 minutes.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a reasonable default. This default is subject to change over time. The current default is 300s.\n\nLow values (tens of milliseconds or less) can cause clients to close and reopen connections for each request, leading to reduced connection sharing. For HTTP/2, special care should be taken with low values. A few seconds is a reasonable starting point to avoid holding idle connections open while still allowing subsequent requests to reuse the connection.\n\nHigh values (minutes or more) favor connection reuse but may cause idle connections to linger longer.", - Ref: ref(metav1.Duration{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, "tlsInspectDelay": { SchemaProps: spec.SchemaProps{ Description: "tlsInspectDelay defines how long the router can hold data to find a matching route.\n\nSetting this too short can cause the router to fall back to the default certificate for edge-terminated or reencrypt routes even when a better matching certificate could be used.\n\nIf unset, the default inspect delay is 5s", - Ref: ref(metav1.Duration{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, "healthCheckInterval": { SchemaProps: spec.SchemaProps{ Description: "healthCheckInterval defines how long the router waits between two consecutive health checks on its configured backends. This value is applied globally as a default for all routes, but may be overridden per-route by the route annotation \"router.openshift.io/haproxy.health.check.interval\".\n\nExpects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nSetting this to less than 5s can cause excess traffic due to too frequent TCP health checks and accompanying SYN packet storms. Alternatively, setting this too high can result in increased latency, due to backend servers that are no longer available, but haven't yet been detected as such.\n\nAn empty or zero healthCheckInterval means no opinion and IngressController chooses a default, which is subject to change over time. Currently the default healthCheckInterval value is 5s.\n\nCurrently the minimum allowed value is 1s and the maximum allowed value is 2147483647ms (24.85 days). Both are subject to change over time.", - Ref: ref(metav1.Duration{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, "maxConnections": { @@ -55860,22 +54956,14 @@ func schema_openshift_api_operator_v1_IngressControllerTuningOptions(ref common. "reloadInterval": { SchemaProps: spec.SchemaProps{ Description: "reloadInterval defines the minimum interval at which the router is allowed to reload to accept new changes. Increasing this value can prevent the accumulation of HAProxy processes, depending on the scenario. Increasing this interval can also lessen load imbalance on a backend's servers when using the roundrobin balancing algorithm. Alternatively, decreasing this value may decrease latency since updates to HAProxy's configuration can take effect more quickly.\n\nThe value must be a time duration value; see . Currently, the minimum value allowed is 1s, and the maximum allowed value is 120s. Minimum and maximum allowed values may change in future versions of OpenShift. Note that if a duration outside of these bounds is provided, the value of reloadInterval will be capped/floored and not rejected (e.g. a duration of over 120s will be capped to 120s; the IngressController will not reject and replace this disallowed value with the default).\n\nA zero value for reloadInterval tells the IngressController to choose the default, which is currently 5s and subject to change without notice.\n\nThis field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nNote: Setting a value significantly larger than the default of 5s can cause latency in observing updates to routes and their endpoints. HAProxy's configuration will be reloaded less frequently, and newly created routes will not be served until the subsequent reload.", - Ref: ref(metav1.Duration{}.OpenAPIModelName()), - }, - }, - "configurationManagement": { - SchemaProps: spec.SchemaProps{ - Description: "configurationManagement specifies how OpenShift router should update the HAProxy configuration. The following values are valid for this field:\n\n* \"ForkAndReload\". * \"Dynamic\".\n\nOmitting this field means that the user has no opinion and the platform may choose a reasonable default. This default is subject to change over time. The current default is \"ForkAndReload\".\n\n\"ForkAndReload\" means that OpenShift router should rewrite the HAProxy configuration file and instruct HAProxy to fork and reload. This is OpenShift router's traditional approach.\n\n\"Dynamic\" means that OpenShift router may use HAProxy's control socket for some configuration updates and fall back to fork and reload for other configuration updates. This is a newer approach, which may be less mature than ForkAndReload. This setting can improve load-balancing fairness and metrics accuracy and reduce CPU and memory usage if HAProxy has frequent configuration updates for route and endpoints updates.\n\nNote: The \"Dynamic\" option is currently experimental and should not be enabled on production clusters.\n\n\nPossible enum values:\n - `\"Dynamic\"`\n - `\"ForkAndReload\"`", - Type: []string{"string"}, - Format: "", - Enum: []interface{}{"Dynamic", "ForkAndReload"}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, }, }, }, Dependencies: []string{ - metav1.Duration{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, } } @@ -55904,7 +54992,7 @@ func schema_openshift_api_operator_v1_InsightsOperator(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -55926,7 +55014,7 @@ func schema_openshift_api_operator_v1_InsightsOperator(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.InsightsOperatorSpec", "github.com/openshift/api/operator/v1.InsightsOperatorStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.InsightsOperatorSpec", "github.com/openshift/api/operator/v1.InsightsOperatorStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -55955,7 +55043,7 @@ func schema_openshift_api_operator_v1_InsightsOperatorList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -55976,7 +55064,7 @@ func schema_openshift_api_operator_v1_InsightsOperatorList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.InsightsOperator", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.InsightsOperator", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -56011,13 +55099,13 @@ func schema_openshift_api_operator_v1_InsightsOperatorSpec(ref common.ReferenceC "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -56025,7 +55113,7 @@ func schema_openshift_api_operator_v1_InsightsOperatorSpec(ref common.ReferenceC }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -56143,7 +55231,7 @@ func schema_openshift_api_operator_v1_InsightsReport(ref common.ReferenceCallbac "downloadedAt": { SchemaProps: spec.SchemaProps{ Description: "downloadedAt is the time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled).", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "healthChecks": { @@ -56169,7 +55257,7 @@ func schema_openshift_api_operator_v1_InsightsReport(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.HealthCheck", metav1.Time{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.HealthCheck", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -56231,7 +55319,7 @@ func schema_openshift_api_operator_v1_KubeAPIServer(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -56253,7 +55341,7 @@ func schema_openshift_api_operator_v1_KubeAPIServer(ref common.ReferenceCallback }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.KubeAPIServerSpec", "github.com/openshift/api/operator/v1.KubeAPIServerStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.KubeAPIServerSpec", "github.com/openshift/api/operator/v1.KubeAPIServerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -56282,7 +55370,7 @@ func schema_openshift_api_operator_v1_KubeAPIServerList(ref common.ReferenceCall SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -56304,7 +55392,7 @@ func schema_openshift_api_operator_v1_KubeAPIServerList(ref common.ReferenceCall }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.KubeAPIServer", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.KubeAPIServer", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -56339,13 +55427,13 @@ func schema_openshift_api_operator_v1_KubeAPIServerSpec(ref common.ReferenceCall "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "forceRedeploymentReason": { @@ -56382,7 +55470,7 @@ func schema_openshift_api_operator_v1_KubeAPIServerSpec(ref common.ReferenceCall }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -56549,7 +55637,7 @@ func schema_openshift_api_operator_v1_KubeControllerManager(ref common.Reference SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -56571,7 +55659,7 @@ func schema_openshift_api_operator_v1_KubeControllerManager(ref common.Reference }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.KubeControllerManagerSpec", "github.com/openshift/api/operator/v1.KubeControllerManagerStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.KubeControllerManagerSpec", "github.com/openshift/api/operator/v1.KubeControllerManagerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -56600,7 +55688,7 @@ func schema_openshift_api_operator_v1_KubeControllerManagerList(ref common.Refer SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -56622,7 +55710,7 @@ func schema_openshift_api_operator_v1_KubeControllerManagerList(ref common.Refer }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.KubeControllerManager", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.KubeControllerManager", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -56657,13 +55745,13 @@ func schema_openshift_api_operator_v1_KubeControllerManagerSpec(ref common.Refer "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "forceRedeploymentReason": { @@ -56701,7 +55789,7 @@ func schema_openshift_api_operator_v1_KubeControllerManagerSpec(ref common.Refer }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -56849,7 +55937,7 @@ func schema_openshift_api_operator_v1_KubeScheduler(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -56871,7 +55959,7 @@ func schema_openshift_api_operator_v1_KubeScheduler(ref common.ReferenceCallback }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.KubeSchedulerSpec", "github.com/openshift/api/operator/v1.KubeSchedulerStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.KubeSchedulerSpec", "github.com/openshift/api/operator/v1.KubeSchedulerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -56900,7 +55988,7 @@ func schema_openshift_api_operator_v1_KubeSchedulerList(ref common.ReferenceCall SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -56922,7 +56010,7 @@ func schema_openshift_api_operator_v1_KubeSchedulerList(ref common.ReferenceCall }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.KubeScheduler", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.KubeScheduler", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -56957,13 +56045,13 @@ func schema_openshift_api_operator_v1_KubeSchedulerSpec(ref common.ReferenceCall "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "forceRedeploymentReason": { @@ -56993,7 +56081,7 @@ func schema_openshift_api_operator_v1_KubeSchedulerSpec(ref common.ReferenceCall }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -57141,7 +56229,7 @@ func schema_openshift_api_operator_v1_KubeStorageVersionMigrator(ref common.Refe SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -57161,7 +56249,7 @@ func schema_openshift_api_operator_v1_KubeStorageVersionMigrator(ref common.Refe }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.KubeStorageVersionMigratorSpec", "github.com/openshift/api/operator/v1.KubeStorageVersionMigratorStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.KubeStorageVersionMigratorSpec", "github.com/openshift/api/operator/v1.KubeStorageVersionMigratorStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -57190,7 +56278,7 @@ func schema_openshift_api_operator_v1_KubeStorageVersionMigratorList(ref common. SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -57212,7 +56300,7 @@ func schema_openshift_api_operator_v1_KubeStorageVersionMigratorList(ref common. }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.KubeStorageVersionMigrator", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.KubeStorageVersionMigrator", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -57247,13 +56335,13 @@ func schema_openshift_api_operator_v1_KubeStorageVersionMigratorSpec(ref common. "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -57261,7 +56349,7 @@ func schema_openshift_api_operator_v1_KubeStorageVersionMigratorSpec(ref common. }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -57589,7 +56677,7 @@ func schema_openshift_api_operator_v1_MachineConfiguration(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -57611,7 +56699,7 @@ func schema_openshift_api_operator_v1_MachineConfiguration(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.MachineConfigurationSpec", "github.com/openshift/api/operator/v1.MachineConfigurationStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.MachineConfigurationSpec", "github.com/openshift/api/operator/v1.MachineConfigurationStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -57640,7 +56728,7 @@ func schema_openshift_api_operator_v1_MachineConfigurationList(ref common.Refere SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -57662,7 +56750,7 @@ func schema_openshift_api_operator_v1_MachineConfigurationList(ref common.Refere }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.MachineConfiguration", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.MachineConfiguration", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -57697,13 +56785,13 @@ func schema_openshift_api_operator_v1_MachineConfigurationSpec(ref common.Refere "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "forceRedeploymentReason": { @@ -57761,7 +56849,7 @@ func schema_openshift_api_operator_v1_MachineConfigurationSpec(ref common.Refere }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.BootImageSkewEnforcementConfig", "github.com/openshift/api/operator/v1.IrreconcilableValidationOverrides", "github.com/openshift/api/operator/v1.ManagedBootImages", "github.com/openshift/api/operator/v1.NodeDisruptionPolicyConfig", runtime.RawExtension{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.BootImageSkewEnforcementConfig", "github.com/openshift/api/operator/v1.IrreconcilableValidationOverrides", "github.com/openshift/api/operator/v1.ManagedBootImages", "github.com/openshift/api/operator/v1.NodeDisruptionPolicyConfig", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -57794,7 +56882,7 @@ func schema_openshift_api_operator_v1_MachineConfigurationStatus(ref common.Refe Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -57825,7 +56913,7 @@ func schema_openshift_api_operator_v1_MachineConfigurationStatus(ref common.Refe }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.BootImageSkewEnforcementStatus", "github.com/openshift/api/operator/v1.ManagedBootImages", "github.com/openshift/api/operator/v1.NodeDisruptionPolicyStatus", metav1.Condition{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.BootImageSkewEnforcementStatus", "github.com/openshift/api/operator/v1.ManagedBootImages", "github.com/openshift/api/operator/v1.NodeDisruptionPolicyStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -57971,7 +57059,7 @@ func schema_openshift_api_operator_v1_MyOperatorResource(ref common.ReferenceCal SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -57991,7 +57079,7 @@ func schema_openshift_api_operator_v1_MyOperatorResource(ref common.ReferenceCal }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.MyOperatorResourceSpec", "github.com/openshift/api/operator/v1.MyOperatorResourceStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.MyOperatorResourceSpec", "github.com/openshift/api/operator/v1.MyOperatorResourceStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -58026,13 +57114,13 @@ func schema_openshift_api_operator_v1_MyOperatorResourceSpec(ref common.Referenc "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -58040,7 +57128,7 @@ func schema_openshift_api_operator_v1_MyOperatorResourceSpec(ref common.Referenc }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -58191,7 +57279,7 @@ func schema_openshift_api_operator_v1_Network(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -58210,7 +57298,7 @@ func schema_openshift_api_operator_v1_Network(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.NetworkSpec", "github.com/openshift/api/operator/v1.NetworkStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.NetworkSpec", "github.com/openshift/api/operator/v1.NetworkStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -58239,7 +57327,7 @@ func schema_openshift_api_operator_v1_NetworkList(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -58260,7 +57348,7 @@ func schema_openshift_api_operator_v1_NetworkList(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.Network", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.Network", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -58337,13 +57425,13 @@ func schema_openshift_api_operator_v1_NetworkSpec(ref common.ReferenceCallback) "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "clusterNetwork": { @@ -58472,7 +57560,7 @@ func schema_openshift_api_operator_v1_NetworkSpec(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.AdditionalNetworkDefinition", "github.com/openshift/api/operator/v1.AdditionalRoutingCapabilities", "github.com/openshift/api/operator/v1.ClusterNetworkEntry", "github.com/openshift/api/operator/v1.DefaultNetworkDefinition", "github.com/openshift/api/operator/v1.ExportNetworkFlows", "github.com/openshift/api/operator/v1.NetworkMigration", "github.com/openshift/api/operator/v1.ProxyConfig", runtime.RawExtension{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.AdditionalNetworkDefinition", "github.com/openshift/api/operator/v1.AdditionalRoutingCapabilities", "github.com/openshift/api/operator/v1.ClusterNetworkEntry", "github.com/openshift/api/operator/v1.DefaultNetworkDefinition", "github.com/openshift/api/operator/v1.ExportNetworkFlows", "github.com/openshift/api/operator/v1.NetworkMigration", "github.com/openshift/api/operator/v1.ProxyConfig", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -58567,34 +57655,6 @@ func schema_openshift_api_operator_v1_NetworkStatus(ref common.ReferenceCallback } } -func schema_openshift_api_operator_v1_NoOverlayConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "NoOverlayConfig contains configuration options for networks operating in no-overlay mode.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "outboundSNAT": { - SchemaProps: spec.SchemaProps{ - Description: "outboundSNAT defines the SNAT behavior for outbound traffic from pods. Allowed values are \"Enabled\" and \"Disabled\". When set to \"Enabled\", SNAT is performed on outbound traffic from pods. When set to \"Disabled\", SNAT is not performed and pod IPs are preserved in outbound traffic. This field is required when the network operates in no-overlay mode. This field can be set to any value at installation time and can be changed afterwards.", - Type: []string{"string"}, - Format: "", - }, - }, - "routing": { - SchemaProps: spec.SchemaProps{ - Description: "routing specifies whether the pod network routing is managed by OVN-Kubernetes or users. Allowed values are \"Managed\" and \"Unmanaged\". When set to \"Managed\", OVN-Kubernetes manages the pod network routing configuration through BGP. When set to \"Unmanaged\", users are responsible for configuring the pod network routing. This field is required when the network operates in no-overlay mode. This field is immutable once set.", - Type: []string{"string"}, - Format: "", - }, - }, - }, - Required: []string{"outboundSNAT", "routing"}, - }, - }, - } -} - func schema_openshift_api_operator_v1_NodeDisruptionPolicyClusterStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -59096,7 +58156,7 @@ func schema_openshift_api_operator_v1_NodePlacement(ref common.ReferenceCallback "nodeSelector": { SchemaProps: spec.SchemaProps{ Description: "nodeSelector is the node selector applied to ingress controller deployments.\n\nIf set, the specified selector is used and replaces the default.\n\nIf unset, the default depends on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses status.\n\nWhen defaultPlacement is Workers, the default is:\n\n kubernetes.io/os: linux\n node-role.kubernetes.io/worker: ''\n\nWhen defaultPlacement is ControlPlane, the default is:\n\n kubernetes.io/os: linux\n node-role.kubernetes.io/master: ''\n\nThese defaults are subject to change.\n\nNote that using nodeSelector.matchExpressions is not supported. Only nodeSelector.matchLabels may be used. This is a limitation of the Kubernetes API: the pod spec does not allow complex expressions for node selectors.", - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, "tolerations": { @@ -59112,7 +58172,7 @@ func schema_openshift_api_operator_v1_NodePlacement(ref common.ReferenceCallback Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.Toleration{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Toleration"), }, }, }, @@ -59122,7 +58182,7 @@ func schema_openshift_api_operator_v1_NodePlacement(ref common.ReferenceCallback }, }, Dependencies: []string{ - corev1.Toleration{}.OpenAPIModelName(), metav1.LabelSelector{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.Toleration", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -59185,7 +58245,7 @@ func schema_openshift_api_operator_v1_NodeStatus(ref common.ReferenceCallback) c "lastFailedTime": { SchemaProps: spec.SchemaProps{ Description: "lastFailedTime is the time the last failed revision failed the last time.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "lastFailedReason": { @@ -59234,7 +58294,7 @@ func schema_openshift_api_operator_v1_NodeStatus(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -59282,7 +58342,7 @@ func schema_openshift_api_operator_v1_OLM(ref common.ReferenceCallback) common.O SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -59304,7 +58364,7 @@ func schema_openshift_api_operator_v1_OLM(ref common.ReferenceCallback) common.O }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.OLMSpec", "github.com/openshift/api/operator/v1.OLMStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.OLMSpec", "github.com/openshift/api/operator/v1.OLMStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -59333,7 +58393,7 @@ func schema_openshift_api_operator_v1_OLMList(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -59355,7 +58415,7 @@ func schema_openshift_api_operator_v1_OLMList(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.OLM", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.OLM", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -59390,13 +58450,13 @@ func schema_openshift_api_operator_v1_OLMSpec(ref common.ReferenceCallback) comm "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -59404,7 +58464,7 @@ func schema_openshift_api_operator_v1_OLMSpec(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -59584,32 +58644,11 @@ func schema_openshift_api_operator_v1_OVNKubernetesConfig(ref common.ReferenceCa Format: "", }, }, - "transport": { - SchemaProps: spec.SchemaProps{ - Description: "transport sets the transport mode for pods on the default network. Allowed values are \"NoOverlay\" and \"Geneve\". \"NoOverlay\" avoids tunnel encapsulation, routing pod traffic directly between nodes. \"Geneve\" encapsulates pod traffic using Geneve tunnels between nodes. When omitted, this means the user has no opinion and the platform chooses a reasonable default which is subject to change over time. The current default is \"Geneve\". \"NoOverlay\" can only be set at installation time and cannot be changed afterwards. \"Geneve\" may be set explicitly at any time to lock in the current default.", - Type: []string{"string"}, - Format: "", - }, - }, - "noOverlayConfig": { - SchemaProps: spec.SchemaProps{ - Description: "noOverlayConfig contains configuration for no-overlay mode. This configuration applies to the default network only. It is required when transport is \"NoOverlay\". When omitted, this means the user does not configure no-overlay mode options.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/operator/v1.NoOverlayConfig"), - }, - }, - "bgpManagedConfig": { - SchemaProps: spec.SchemaProps{ - Description: "bgpManagedConfig configures the BGP properties for networks (default network or CUDNs) in no-overlay mode that specify routing=\"Managed\" in their noOverlayConfig. It is required when noOverlayConfig.routing is set to \"Managed\". When omitted, this means the user does not configure BGP for managed routing. This field can be set at installation time or on day 2, and can be modified at any time.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/operator/v1.BGPManagedConfig"), - }, - }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.BGPManagedConfig", "github.com/openshift/api/operator/v1.EgressIPConfig", "github.com/openshift/api/operator/v1.GatewayConfig", "github.com/openshift/api/operator/v1.HybridOverlayConfig", "github.com/openshift/api/operator/v1.IPsecConfig", "github.com/openshift/api/operator/v1.IPv4OVNKubernetesConfig", "github.com/openshift/api/operator/v1.IPv6OVNKubernetesConfig", "github.com/openshift/api/operator/v1.NoOverlayConfig", "github.com/openshift/api/operator/v1.PolicyAuditConfig"}, + "github.com/openshift/api/operator/v1.EgressIPConfig", "github.com/openshift/api/operator/v1.GatewayConfig", "github.com/openshift/api/operator/v1.HybridOverlayConfig", "github.com/openshift/api/operator/v1.IPsecConfig", "github.com/openshift/api/operator/v1.IPv4OVNKubernetesConfig", "github.com/openshift/api/operator/v1.IPv6OVNKubernetesConfig", "github.com/openshift/api/operator/v1.PolicyAuditConfig"}, } } @@ -59638,7 +58677,7 @@ func schema_openshift_api_operator_v1_OpenShiftAPIServer(ref common.ReferenceCal SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -59660,7 +58699,7 @@ func schema_openshift_api_operator_v1_OpenShiftAPIServer(ref common.ReferenceCal }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.OpenShiftAPIServerSpec", "github.com/openshift/api/operator/v1.OpenShiftAPIServerStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.OpenShiftAPIServerSpec", "github.com/openshift/api/operator/v1.OpenShiftAPIServerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -59689,7 +58728,7 @@ func schema_openshift_api_operator_v1_OpenShiftAPIServerList(ref common.Referenc SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -59711,7 +58750,7 @@ func schema_openshift_api_operator_v1_OpenShiftAPIServerList(ref common.Referenc }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.OpenShiftAPIServer", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.OpenShiftAPIServer", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -59746,13 +58785,13 @@ func schema_openshift_api_operator_v1_OpenShiftAPIServerSpec(ref common.Referenc "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -59760,7 +58799,7 @@ func schema_openshift_api_operator_v1_OpenShiftAPIServerSpec(ref common.Referenc }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -59879,7 +58918,7 @@ func schema_openshift_api_operator_v1_OpenShiftControllerManager(ref common.Refe SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -59899,7 +58938,7 @@ func schema_openshift_api_operator_v1_OpenShiftControllerManager(ref common.Refe }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.OpenShiftControllerManagerSpec", "github.com/openshift/api/operator/v1.OpenShiftControllerManagerStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.OpenShiftControllerManagerSpec", "github.com/openshift/api/operator/v1.OpenShiftControllerManagerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -59928,7 +58967,7 @@ func schema_openshift_api_operator_v1_OpenShiftControllerManagerList(ref common. SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -59950,7 +58989,7 @@ func schema_openshift_api_operator_v1_OpenShiftControllerManagerList(ref common. }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.OpenShiftControllerManager", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.OpenShiftControllerManager", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -59985,13 +59024,13 @@ func schema_openshift_api_operator_v1_OpenShiftControllerManagerSpec(ref common. "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -59999,7 +59038,7 @@ func schema_openshift_api_operator_v1_OpenShiftControllerManagerSpec(ref common. }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -60189,7 +59228,7 @@ func schema_openshift_api_operator_v1_OperatorCondition(ref common.ReferenceCall "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "reason": { @@ -60209,7 +59248,7 @@ func schema_openshift_api_operator_v1_OperatorCondition(ref common.ReferenceCall }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -60245,13 +59284,13 @@ func schema_openshift_api_operator_v1_OperatorSpec(ref common.ReferenceCallback) "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -60259,7 +59298,7 @@ func schema_openshift_api_operator_v1_OperatorSpec(ref common.ReferenceCallback) }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -60363,7 +59402,7 @@ func schema_openshift_api_operator_v1_PartialSelector(ref common.ReferenceCallba "machineResourceSelector": { SchemaProps: spec.SchemaProps{ Description: "machineResourceSelector is a label selector that can be used to select machine resources like MachineSets.", - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, }, @@ -60371,7 +59410,7 @@ func schema_openshift_api_operator_v1_PartialSelector(ref common.ReferenceCallba }, }, Dependencies: []string{ - metav1.LabelSelector{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -60773,7 +59812,7 @@ func schema_openshift_api_operator_v1_ResourceAttributesAccessReview(ref common. Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(authorizationv1.ResourceAttributes{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/authorization/v1.ResourceAttributes"), }, }, }, @@ -60787,7 +59826,7 @@ func schema_openshift_api_operator_v1_ResourceAttributesAccessReview(ref common. Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(authorizationv1.ResourceAttributes{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/authorization/v1.ResourceAttributes"), }, }, }, @@ -60797,7 +59836,7 @@ func schema_openshift_api_operator_v1_ResourceAttributesAccessReview(ref common. }, }, Dependencies: []string{ - authorizationv1.ResourceAttributes{}.OpenAPIModelName()}, + "k8s.io/api/authorization/v1.ResourceAttributes"}, } } @@ -60945,7 +59984,7 @@ func schema_openshift_api_operator_v1_ServiceAccountIssuerStatus(ref common.Refe "expirationTime": { SchemaProps: spec.SchemaProps{ Description: "expirationTime is the time after which this service account issuer will be pruned and removed from the trusted list of service account issuers.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, }, @@ -60953,7 +59992,7 @@ func schema_openshift_api_operator_v1_ServiceAccountIssuerStatus(ref common.Refe }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -60982,7 +60021,7 @@ func schema_openshift_api_operator_v1_ServiceCA(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -61004,7 +60043,7 @@ func schema_openshift_api_operator_v1_ServiceCA(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.ServiceCASpec", "github.com/openshift/api/operator/v1.ServiceCAStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.ServiceCASpec", "github.com/openshift/api/operator/v1.ServiceCAStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -61033,7 +60072,7 @@ func schema_openshift_api_operator_v1_ServiceCAList(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -61055,7 +60094,7 @@ func schema_openshift_api_operator_v1_ServiceCAList(ref common.ReferenceCallback }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.ServiceCA", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.ServiceCA", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -61090,13 +60129,13 @@ func schema_openshift_api_operator_v1_ServiceCASpec(ref common.ReferenceCallback "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -61104,7 +60143,7 @@ func schema_openshift_api_operator_v1_ServiceCASpec(ref common.ReferenceCallback }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -61223,7 +60262,7 @@ func schema_openshift_api_operator_v1_ServiceCatalogAPIServer(ref common.Referen SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -61243,7 +60282,7 @@ func schema_openshift_api_operator_v1_ServiceCatalogAPIServer(ref common.Referen }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.ServiceCatalogAPIServerSpec", "github.com/openshift/api/operator/v1.ServiceCatalogAPIServerStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.ServiceCatalogAPIServerSpec", "github.com/openshift/api/operator/v1.ServiceCatalogAPIServerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -61272,7 +60311,7 @@ func schema_openshift_api_operator_v1_ServiceCatalogAPIServerList(ref common.Ref SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -61294,7 +60333,7 @@ func schema_openshift_api_operator_v1_ServiceCatalogAPIServerList(ref common.Ref }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.ServiceCatalogAPIServer", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.ServiceCatalogAPIServer", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -61329,13 +60368,13 @@ func schema_openshift_api_operator_v1_ServiceCatalogAPIServerSpec(ref common.Ref "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -61343,7 +60382,7 @@ func schema_openshift_api_operator_v1_ServiceCatalogAPIServerSpec(ref common.Ref }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -61462,7 +60501,7 @@ func schema_openshift_api_operator_v1_ServiceCatalogControllerManager(ref common SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -61482,7 +60521,7 @@ func schema_openshift_api_operator_v1_ServiceCatalogControllerManager(ref common }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.ServiceCatalogControllerManagerSpec", "github.com/openshift/api/operator/v1.ServiceCatalogControllerManagerStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.ServiceCatalogControllerManagerSpec", "github.com/openshift/api/operator/v1.ServiceCatalogControllerManagerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -61511,7 +60550,7 @@ func schema_openshift_api_operator_v1_ServiceCatalogControllerManagerList(ref co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -61533,7 +60572,7 @@ func schema_openshift_api_operator_v1_ServiceCatalogControllerManagerList(ref co }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.ServiceCatalogControllerManager", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.ServiceCatalogControllerManager", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -61568,13 +60607,13 @@ func schema_openshift_api_operator_v1_ServiceCatalogControllerManagerSpec(ref co "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -61582,7 +60621,7 @@ func schema_openshift_api_operator_v1_ServiceCatalogControllerManagerSpec(ref co }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -61926,13 +60965,13 @@ func schema_openshift_api_operator_v1_StaticPodOperatorSpec(ref common.Reference "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "forceRedeploymentReason": { @@ -61962,7 +61001,7 @@ func schema_openshift_api_operator_v1_StaticPodOperatorSpec(ref common.Reference }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -62133,7 +61172,7 @@ func schema_openshift_api_operator_v1_Storage(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -62155,7 +61194,7 @@ func schema_openshift_api_operator_v1_Storage(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.StorageSpec", "github.com/openshift/api/operator/v1.StorageStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.StorageSpec", "github.com/openshift/api/operator/v1.StorageStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -62184,7 +61223,7 @@ func schema_openshift_api_operator_v1_StorageList(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -62205,7 +61244,7 @@ func schema_openshift_api_operator_v1_StorageList(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.Storage", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1.Storage", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -62241,13 +61280,13 @@ func schema_openshift_api_operator_v1_StorageSpec(ref common.ReferenceCallback) "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "vsphereStorageDriver": { @@ -62263,7 +61302,7 @@ func schema_openshift_api_operator_v1_StorageSpec(ref common.ReferenceCallback) }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -62612,340 +61651,6 @@ func schema_openshift_api_operator_v1alpha1_BackupJobReference(ref common.Refere } } -func schema_openshift_api_operator_v1alpha1_ClusterAPI(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ClusterAPI provides configuration for the capi-operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), - }, - }, - "spec": { - SchemaProps: spec.SchemaProps{ - Description: "spec is the specification of the desired behavior of the capi-operator.", - Ref: ref("github.com/openshift/api/operator/v1alpha1.ClusterAPISpec"), - }, - }, - "status": { - SchemaProps: spec.SchemaProps{ - Description: "status defines the observed status of the capi-operator.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/operator/v1alpha1.ClusterAPIStatus"), - }, - }, - }, - Required: []string{"metadata", "spec"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/operator/v1alpha1.ClusterAPISpec", "github.com/openshift/api/operator/v1alpha1.ClusterAPIStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_operator_v1alpha1_ClusterAPIInstallerComponent(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ClusterAPIInstallerComponent defines a component which will be installed by this revision.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "type": { - SchemaProps: spec.SchemaProps{ - Description: "type is the source type of the component. The only valid value is Image. When set to Image, the image field must be set and will define an image source for the component.\n\nPossible enum values:\n - `\"Image\"` is an image source for a component.", - Type: []string{"string"}, - Format: "", - Enum: []interface{}{"Image"}, - }, - }, - "image": { - SchemaProps: spec.SchemaProps{ - Description: "image defines an image source for a component. The image must contain a /capi-operator-installer directory containing the component manifests.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/operator/v1alpha1.ClusterAPIInstallerComponentImage"), - }, - }, - }, - Required: []string{"type"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "type", - "fields-to-discriminateBy": map[string]interface{}{ - "image": "Image", - }, - }, - }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/operator/v1alpha1.ClusterAPIInstallerComponentImage"}, - } -} - -func schema_openshift_api_operator_v1alpha1_ClusterAPIInstallerComponentImage(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ClusterAPIInstallerComponentImage defines an image source for a component.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "ref": { - SchemaProps: spec.SchemaProps{ - Description: "ref is an image reference to the image containing the component manifests. The reference must be a valid image digest reference in the format host[:port][/namespace]/name@sha256:. The digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the field must be between 1 to 447 characters.", - Type: []string{"string"}, - Format: "", - }, - }, - "profile": { - SchemaProps: spec.SchemaProps{ - Description: "profile is the name of a profile to use from the image.\n\nA profile name may be up to 255 characters long. It must consist of alphanumeric characters, '-', or '_'.", - Type: []string{"string"}, - Format: "", - }, - }, - }, - Required: []string{"ref", "profile"}, - }, - }, - } -} - -func schema_openshift_api_operator_v1alpha1_ClusterAPIInstallerRevision(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "name": { - SchemaProps: spec.SchemaProps{ - Description: "name is the name of a revision.", - Type: []string{"string"}, - Format: "", - }, - }, - "revision": { - SchemaProps: spec.SchemaProps{ - Description: "revision is a monotonically increasing number that is assigned to a revision.", - Type: []string{"integer"}, - Format: "int64", - }, - }, - "contentID": { - SchemaProps: spec.SchemaProps{ - Description: "contentID uniquely identifies the content of this revision. The contentID must be between 1 and 255 characters long.", - Type: []string{"string"}, - Format: "", - }, - }, - "unmanagedCustomResourceDefinitions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "unmanagedCustomResourceDefinitions is a list of the names of ClusterResourceDefinition (CRD) objects which are included in this revision, but which should not be installed or updated. If not set, all CRDs in the revision will be managed by the CAPI operator.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "components": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "components is a list of components which will be installed by this revision. Components will be installed in the order they are listed. If omitted no components will be installed.\n\nThe maximum number of components is 32.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/operator/v1alpha1.ClusterAPIInstallerComponent"), - }, - }, - }, - }, - }, - }, - Required: []string{"name", "revision", "contentID"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-map-type": "atomic", - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/operator/v1alpha1.ClusterAPIInstallerComponent"}, - } -} - -func schema_openshift_api_operator_v1alpha1_ClusterAPIList(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ClusterAPIList contains a list of ClusterAPI configurations\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), - }, - }, - "items": { - SchemaProps: spec.SchemaProps{ - Description: "items contains the items", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/operator/v1alpha1.ClusterAPI"), - }, - }, - }, - }, - }, - }, - Required: []string{"metadata", "items"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/operator/v1alpha1.ClusterAPI", metav1.ListMeta{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_operator_v1alpha1_ClusterAPISpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ClusterAPISpec defines the desired configuration of the capi-operator. The spec is required but we deliberately allow it to be empty.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "unmanagedCustomResourceDefinitions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "set", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "unmanagedCustomResourceDefinitions is a list of ClusterResourceDefinition (CRD) names that should not be managed by the capi-operator installer controller. This allows external actors to own specific CRDs while capi-operator manages others.\n\nEach CRD name must be a valid DNS-1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character, with a maximum length of 253 characters. CRD names must contain at least two '.' characters. Example: \"clusters.cluster.x-k8s.io\"\n\nItems cannot be removed from this list once added.\n\nThe maximum number of unmanagedCustomResourceDefinitions is 128.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - }, - }, - }, - } -} - -func schema_openshift_api_operator_v1alpha1_ClusterAPIStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ClusterAPIStatus describes the current state of the capi-operator.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "currentRevision": { - SchemaProps: spec.SchemaProps{ - Description: "currentRevision is the name of the most recently fully applied revision. It is written by the installer controller. If it is absent, it indicates that no revision has been fully applied yet. If set, currentRevision must correspond to an entry in the revisions list.", - Type: []string{"string"}, - Format: "", - }, - }, - "desiredRevision": { - SchemaProps: spec.SchemaProps{ - Description: "desiredRevision is the name of the desired revision. It is written by the revision controller. It must be set to the name of the entry in the revisions list with the highest revision number.", - Type: []string{"string"}, - Format: "", - }, - }, - "revisions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "revisions is a list of all currently active revisions. A revision is active until the installer controller updates currentRevision to a later revision. It is written by the revision controller.\n\nThe maximum number of revisions is 16. All revisions must have a unique name. All revisions must have a unique revision number. When adding a revision, the revision number must be greater than the highest revision number in the list. Revisions are immutable, although they can be deleted.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/operator/v1alpha1.ClusterAPIInstallerRevision"), - }, - }, - }, - }, - }, - }, - Required: []string{"desiredRevision", "revisions"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/operator/v1alpha1.ClusterAPIInstallerRevision"}, - } -} - func schema_openshift_api_operator_v1alpha1_ClusterVersionOperator(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -62971,7 +61676,7 @@ func schema_openshift_api_operator_v1alpha1_ClusterVersionOperator(ref common.Re SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -62993,7 +61698,7 @@ func schema_openshift_api_operator_v1alpha1_ClusterVersionOperator(ref common.Re }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperatorSpec", "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperatorStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperatorSpec", "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperatorStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -63022,7 +61727,7 @@ func schema_openshift_api_operator_v1alpha1_ClusterVersionOperatorList(ref commo SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -63044,7 +61749,7 @@ func schema_openshift_api_operator_v1alpha1_ClusterVersionOperatorList(ref commo }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperator", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperator", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -63152,7 +61857,7 @@ func schema_openshift_api_operator_v1alpha1_EtcdBackup(ref common.ReferenceCallb "metadata": { SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -63174,7 +61879,7 @@ func schema_openshift_api_operator_v1alpha1_EtcdBackup(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1alpha1.EtcdBackupSpec", "github.com/openshift/api/operator/v1alpha1.EtcdBackupStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1alpha1.EtcdBackupSpec", "github.com/openshift/api/operator/v1alpha1.EtcdBackupStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -63202,7 +61907,7 @@ func schema_openshift_api_operator_v1alpha1_EtcdBackupList(ref common.ReferenceC "metadata": { SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -63223,7 +61928,7 @@ func schema_openshift_api_operator_v1alpha1_EtcdBackupList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1alpha1.EtcdBackup", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1alpha1.EtcdBackup", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -63269,7 +61974,7 @@ func schema_openshift_api_operator_v1alpha1_EtcdBackupStatus(ref common.Referenc Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -63285,7 +61990,7 @@ func schema_openshift_api_operator_v1alpha1_EtcdBackupStatus(ref common.Referenc }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1alpha1.BackupJobReference", metav1.Condition{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1alpha1.BackupJobReference", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -63425,7 +62130,7 @@ func schema_openshift_api_operator_v1alpha1_ImageContentSourcePolicy(ref common. SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -63440,7 +62145,7 @@ func schema_openshift_api_operator_v1alpha1_ImageContentSourcePolicy(ref common. }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1alpha1.ImageContentSourcePolicySpec", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1alpha1.ImageContentSourcePolicySpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -63469,7 +62174,7 @@ func schema_openshift_api_operator_v1alpha1_ImageContentSourcePolicyList(ref com SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -63490,7 +62195,7 @@ func schema_openshift_api_operator_v1alpha1_ImageContentSourcePolicyList(ref com }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1alpha1.ImageContentSourcePolicy", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1alpha1.ImageContentSourcePolicy", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -63639,7 +62344,7 @@ func schema_openshift_api_operator_v1alpha1_OLM(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -63661,7 +62366,7 @@ func schema_openshift_api_operator_v1alpha1_OLM(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1alpha1.OLMSpec", "github.com/openshift/api/operator/v1alpha1.OLMStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1alpha1.OLMSpec", "github.com/openshift/api/operator/v1alpha1.OLMStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -63690,7 +62395,7 @@ func schema_openshift_api_operator_v1alpha1_OLMList(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -63712,7 +62417,7 @@ func schema_openshift_api_operator_v1alpha1_OLMList(ref common.ReferenceCallback }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1alpha1.OLM", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operator/v1alpha1.OLM", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -63747,13 +62452,13 @@ func schema_openshift_api_operator_v1alpha1_OLMSpec(ref common.ReferenceCallback "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -63761,7 +62466,7 @@ func schema_openshift_api_operator_v1alpha1_OLMSpec(ref common.ReferenceCallback }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -63878,7 +62583,7 @@ func schema_openshift_api_operator_v1alpha1_OperatorCondition(ref common.Referen }, "lastTransitionTime": { SchemaProps: spec.SchemaProps{ - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "reason": { @@ -63898,7 +62603,7 @@ func schema_openshift_api_operator_v1alpha1_OperatorCondition(ref common.Referen }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -64220,7 +62925,7 @@ func schema_openshift_api_operatorcontrolplane_v1alpha1_LogEntry(ref common.Refe "time": { SchemaProps: spec.SchemaProps{ Description: "Start time of check action.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "success": { @@ -64248,7 +62953,7 @@ func schema_openshift_api_operatorcontrolplane_v1alpha1_LogEntry(ref common.Refe "latency": { SchemaProps: spec.SchemaProps{ Description: "latency records how long the action mentioned in the entry took.", - Ref: ref(metav1.Duration{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, }, @@ -64256,7 +62961,7 @@ func schema_openshift_api_operatorcontrolplane_v1alpha1_LogEntry(ref common.Refe }, }, Dependencies: []string{ - metav1.Duration{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Duration", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -64270,13 +62975,13 @@ func schema_openshift_api_operatorcontrolplane_v1alpha1_OutageEntry(ref common.R "start": { SchemaProps: spec.SchemaProps{ Description: "start of outage detected", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "end": { SchemaProps: spec.SchemaProps{ Description: "end of outage detected", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "startLogs": { @@ -64319,7 +63024,7 @@ func schema_openshift_api_operatorcontrolplane_v1alpha1_OutageEntry(ref common.R }, }, Dependencies: []string{ - "github.com/openshift/api/operatorcontrolplane/v1alpha1.LogEntry", metav1.Time{}.OpenAPIModelName()}, + "github.com/openshift/api/operatorcontrolplane/v1alpha1.LogEntry", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -64348,7 +63053,7 @@ func schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCh SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -64370,7 +63075,7 @@ func schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCh }, }, Dependencies: []string{ - "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckSpec", "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckSpec", "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -64414,7 +63119,7 @@ func schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCh "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "Last time the condition transitioned from one status to another.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, }, @@ -64422,7 +63127,7 @@ func schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCh }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -64451,231 +63156,226 @@ func schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCh SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), - }, - }, - "items": { - SchemaProps: spec.SchemaProps{ - Description: "items contains the items", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheck"), - }, - }, - }, - }, - }, - }, - Required: []string{"metadata", "items"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheck", metav1.ListMeta{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheckSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "sourcePod": { - SchemaProps: spec.SchemaProps{ - Description: "sourcePod names the pod from which the condition will be checked", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "targetEndpoint": { - SchemaProps: spec.SchemaProps{ - Description: "EndpointAddress to check. A TCP address of the form host:port. Note that if host is a DNS name, then the check would fail if the DNS name cannot be resolved. Specify an IP address for host to bypass DNS name lookup.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "tlsClientCert": { - SchemaProps: spec.SchemaProps{ - Description: "TLSClientCert, if specified, references a kubernetes.io/tls type secret with 'tls.crt' and 'tls.key' entries containing an optional TLS client certificate and key to be used when checking endpoints that require a client certificate in order to gracefully preform the scan without causing excessive logging in the endpoint process. The secret must exist in the same namespace as this resource.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1.SecretNameReference"), - }, - }, - }, - Required: []string{"sourcePod", "targetEndpoint"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/config/v1.SecretNameReference"}, - } -} - -func schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheckStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "successes": { - SchemaProps: spec.SchemaProps{ - Description: "successes contains logs successful check actions", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/operatorcontrolplane/v1alpha1.LogEntry"), - }, - }, - }, - }, - }, - "failures": { - SchemaProps: spec.SchemaProps{ - Description: "failures contains logs of unsuccessful check actions", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/operatorcontrolplane/v1alpha1.LogEntry"), - }, - }, - }, - }, - }, - "outages": { - SchemaProps: spec.SchemaProps{ - Description: "outages contains logs of time periods of outages", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/operatorcontrolplane/v1alpha1.OutageEntry"), - }, - }, - }, - }, - }, - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "conditions summarize the status of the check", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckCondition"), - }, - }, - }, - }, - }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/operatorcontrolplane/v1alpha1.LogEntry", "github.com/openshift/api/operatorcontrolplane/v1alpha1.OutageEntry", "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckCondition"}, - } -} - -func schema_openshift_api_operatoringress_v1_DNSRecord(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "DNSRecord is a DNS record managed in the zones defined by dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone.\n\nCluster admin manipulation of this resource is not supported. This resource is only for internal communication of OpenShift operators.\n\nIf DNSManagementPolicy is \"Unmanaged\", the operator will not be responsible for managing the DNS records on the cloud provider.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), - }, - }, - "spec": { - SchemaProps: spec.SchemaProps{ - Description: "spec is the specification of the desired behavior of the dnsRecord.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/operatoringress/v1.DNSRecordSpec"), - }, - }, - "status": { - SchemaProps: spec.SchemaProps{ - Description: "status is the most recently observed status of the dnsRecord.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/operatoringress/v1.DNSRecordStatus"), - }, - }, - }, - Required: []string{"spec", "status"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/operatoringress/v1.DNSRecordSpec", "github.com/openshift/api/operatoringress/v1.DNSRecordStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, - } -} - -func schema_openshift_api_operatoringress_v1_DNSRecordList(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "DNSRecordList contains a list of dnsrecords.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { + SchemaProps: spec.SchemaProps{ + Description: "items contains the items", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheck"), + }, + }, + }, + }, + }, + }, + Required: []string{"metadata", "items"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheck", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + } +} + +func schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheckSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "sourcePod": { + SchemaProps: spec.SchemaProps{ + Description: "sourcePod names the pod from which the condition will be checked", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "targetEndpoint": { + SchemaProps: spec.SchemaProps{ + Description: "EndpointAddress to check. A TCP address of the form host:port. Note that if host is a DNS name, then the check would fail if the DNS name cannot be resolved. Specify an IP address for host to bypass DNS name lookup.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "tlsClientCert": { + SchemaProps: spec.SchemaProps{ + Description: "TLSClientCert, if specified, references a kubernetes.io/tls type secret with 'tls.crt' and 'tls.key' entries containing an optional TLS client certificate and key to be used when checking endpoints that require a client certificate in order to gracefully preform the scan without causing excessive logging in the endpoint process. The secret must exist in the same namespace as this resource.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1.SecretNameReference"), + }, + }, + }, + Required: []string{"sourcePod", "targetEndpoint"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1.SecretNameReference"}, + } +} + +func schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheckStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "successes": { + SchemaProps: spec.SchemaProps{ + Description: "successes contains logs successful check actions", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/operatorcontrolplane/v1alpha1.LogEntry"), + }, + }, + }, + }, + }, + "failures": { + SchemaProps: spec.SchemaProps{ + Description: "failures contains logs of unsuccessful check actions", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/operatorcontrolplane/v1alpha1.LogEntry"), + }, + }, + }, + }, + }, + "outages": { + SchemaProps: spec.SchemaProps{ + Description: "outages contains logs of time periods of outages", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/operatorcontrolplane/v1alpha1.OutageEntry"), + }, + }, + }, + }, + }, + "conditions": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "conditions summarize the status of the check", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckCondition"), + }, + }, }, }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/operatorcontrolplane/v1alpha1.LogEntry", "github.com/openshift/api/operatorcontrolplane/v1alpha1.OutageEntry", "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckCondition"}, + } +} + +func schema_openshift_api_operatoringress_v1_DNSRecord(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "DNSRecord is a DNS record managed in the zones defined by dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone.\n\nCluster admin manipulation of this resource is not supported. This resource is only for internal communication of OpenShift operators.\n\nIf DNSManagementPolicy is \"Unmanaged\", the operator will not be responsible for managing the DNS records on the cloud provider.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Description: "spec is the specification of the desired behavior of the dnsRecord.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/operatoringress/v1.DNSRecordSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "status is the most recently observed status of the dnsRecord.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/operatoringress/v1.DNSRecordStatus"), + }, + }, + }, + Required: []string{"spec", "status"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/operatoringress/v1.DNSRecordSpec", "github.com/openshift/api/operatoringress/v1.DNSRecordStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_openshift_api_operatoringress_v1_DNSRecordList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "DNSRecordList contains a list of dnsrecords.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { SchemaProps: spec.SchemaProps{ Type: []string{"array"}, Items: &spec.SchemaOrArray{ @@ -64693,7 +63393,7 @@ func schema_openshift_api_operatoringress_v1_DNSRecordList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/operatoringress/v1.DNSRecord", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/operatoringress/v1.DNSRecord", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -64713,11 +63413,6 @@ func schema_openshift_api_operatoringress_v1_DNSRecordSpec(ref common.ReferenceC }, }, "targets": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, SchemaProps: spec.SchemaProps{ Description: "targets are record targets.", Type: []string{"array"}, @@ -64734,7 +63429,7 @@ func schema_openshift_api_operatoringress_v1_DNSRecordSpec(ref common.ReferenceC }, "recordType": { SchemaProps: spec.SchemaProps{ - Description: "recordType is the DNS record type. For example, \"A\", \"AAAA\", or \"CNAME\".", + Description: "recordType is the DNS record type. For example, \"A\" or \"CNAME\".", Default: "", Type: []string{"string"}, Format: "", @@ -64771,11 +63466,6 @@ func schema_openshift_api_operatoringress_v1_DNSRecordStatus(ref common.Referenc Type: []string{"object"}, Properties: map[string]spec.Schema{ "zones": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, SchemaProps: spec.SchemaProps{ Description: "zones are the status of the record in each zone.", Type: []string{"array"}, @@ -64827,7 +63517,7 @@ func schema_openshift_api_operatoringress_v1_DNSZoneCondition(ref common.Referen }, "lastTransitionTime": { SchemaProps: spec.SchemaProps{ - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "reason": { @@ -64847,7 +63537,7 @@ func schema_openshift_api_operatoringress_v1_DNSZoneCondition(ref common.Referen }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -64866,11 +63556,6 @@ func schema_openshift_api_operatoringress_v1_DNSZoneStatus(ref common.ReferenceC }, }, "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, SchemaProps: spec.SchemaProps{ Description: "conditions are any conditions associated with the record in the zone.\n\nIf publishing the record succeeds, the \"Published\" condition will be set with status \"True\" and upon failure it will be set to \"False\" along with the reason and message describing the cause of the failure.", Type: []string{"array"}, @@ -65324,7 +64009,7 @@ func schema_openshift_api_osin_v1_IdentityProvider(ref common.ReferenceCallback) "provider": { SchemaProps: spec.SchemaProps{ Description: "provider contains the information about how to set up a specific identity provider", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -65332,7 +64017,7 @@ func schema_openshift_api_osin_v1_IdentityProvider(ref common.ReferenceCallback) }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -66282,14 +64967,14 @@ func schema_openshift_api_osin_v1_TokenConfig(ref common.ReferenceCallback) comm "accessTokenInactivityTimeout": { SchemaProps: spec.SchemaProps{ Description: "accessTokenInactivityTimeout defines the token inactivity timeout for tokens granted by any client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Takes valid time duration string such as \"5m\", \"1.5h\" or \"2h45m\". The minimum allowed value for duration is 300s (5 minutes). If the timeout is configured per client, then that value takes precedence. If the timeout value is not specified and the client does not override the value, then tokens are valid until their lifetime.", - Ref: ref(metav1.Duration{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), }, }, }, }, }, Dependencies: []string{ - metav1.Duration{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, } } @@ -66318,7 +65003,7 @@ func schema_openshift_api_project_v1_Project(ref common.ReferenceCallback) commo SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -66339,7 +65024,7 @@ func schema_openshift_api_project_v1_Project(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - "github.com/openshift/api/project/v1.ProjectSpec", "github.com/openshift/api/project/v1.ProjectStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/project/v1.ProjectSpec", "github.com/openshift/api/project/v1.ProjectStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -66368,7 +65053,7 @@ func schema_openshift_api_project_v1_ProjectList(ref common.ReferenceCallback) c SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -66390,7 +65075,7 @@ func schema_openshift_api_project_v1_ProjectList(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - "github.com/openshift/api/project/v1.Project", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/project/v1.Project", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -66419,7 +65104,7 @@ func schema_openshift_api_project_v1_ProjectRequest(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "displayName": { @@ -66440,7 +65125,7 @@ func schema_openshift_api_project_v1_ProjectRequest(ref common.ReferenceCallback }, }, Dependencies: []string{ - metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -66501,7 +65186,7 @@ func schema_openshift_api_project_v1_ProjectStatus(ref common.ReferenceCallback) Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.NamespaceCondition{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NamespaceCondition"), }, }, }, @@ -66511,7 +65196,7 @@ func schema_openshift_api_project_v1_ProjectStatus(ref common.ReferenceCallback) }, }, Dependencies: []string{ - corev1.NamespaceCondition{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.NamespaceCondition"}, } } @@ -66540,7 +65225,7 @@ func schema_openshift_api_quota_v1_AppliedClusterResourceQuota(ref common.Refere SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -66562,7 +65247,7 @@ func schema_openshift_api_quota_v1_AppliedClusterResourceQuota(ref common.Refere }, }, Dependencies: []string{ - "github.com/openshift/api/quota/v1.ClusterResourceQuotaSpec", "github.com/openshift/api/quota/v1.ClusterResourceQuotaStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/quota/v1.ClusterResourceQuotaSpec", "github.com/openshift/api/quota/v1.ClusterResourceQuotaStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -66591,7 +65276,7 @@ func schema_openshift_api_quota_v1_AppliedClusterResourceQuotaList(ref common.Re SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -66613,7 +65298,7 @@ func schema_openshift_api_quota_v1_AppliedClusterResourceQuotaList(ref common.Re }, }, Dependencies: []string{ - "github.com/openshift/api/quota/v1.AppliedClusterResourceQuota", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/quota/v1.AppliedClusterResourceQuota", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -66642,7 +65327,7 @@ func schema_openshift_api_quota_v1_ClusterResourceQuota(ref common.ReferenceCall SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -66664,7 +65349,7 @@ func schema_openshift_api_quota_v1_ClusterResourceQuota(ref common.ReferenceCall }, }, Dependencies: []string{ - "github.com/openshift/api/quota/v1.ClusterResourceQuotaSpec", "github.com/openshift/api/quota/v1.ClusterResourceQuotaStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/quota/v1.ClusterResourceQuotaSpec", "github.com/openshift/api/quota/v1.ClusterResourceQuotaStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -66693,7 +65378,7 @@ func schema_openshift_api_quota_v1_ClusterResourceQuotaList(ref common.Reference SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -66715,7 +65400,7 @@ func schema_openshift_api_quota_v1_ClusterResourceQuotaList(ref common.Reference }, }, Dependencies: []string{ - "github.com/openshift/api/quota/v1.ClusterResourceQuota", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/quota/v1.ClusterResourceQuota", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -66729,7 +65414,7 @@ func schema_openshift_api_quota_v1_ClusterResourceQuotaSelector(ref common.Refer "labels": { SchemaProps: spec.SchemaProps{ Description: "LabelSelector is used to select projects by label.", - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, "annotations": { @@ -66752,7 +65437,7 @@ func schema_openshift_api_quota_v1_ClusterResourceQuotaSelector(ref common.Refer }, }, Dependencies: []string{ - metav1.LabelSelector{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -66774,7 +65459,7 @@ func schema_openshift_api_quota_v1_ClusterResourceQuotaSpec(ref common.Reference SchemaProps: spec.SchemaProps{ Description: "quota defines the desired quota", Default: map[string]interface{}{}, - Ref: ref(corev1.ResourceQuotaSpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ResourceQuotaSpec"), }, }, }, @@ -66782,7 +65467,7 @@ func schema_openshift_api_quota_v1_ClusterResourceQuotaSpec(ref common.Reference }, }, Dependencies: []string{ - "github.com/openshift/api/quota/v1.ClusterResourceQuotaSelector", corev1.ResourceQuotaSpec{}.OpenAPIModelName()}, + "github.com/openshift/api/quota/v1.ClusterResourceQuotaSelector", "k8s.io/api/core/v1.ResourceQuotaSpec"}, } } @@ -66797,7 +65482,7 @@ func schema_openshift_api_quota_v1_ClusterResourceQuotaStatus(ref common.Referen SchemaProps: spec.SchemaProps{ Description: "total defines the actual enforced quota and its current usage across all projects", Default: map[string]interface{}{}, - Ref: ref(corev1.ResourceQuotaStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ResourceQuotaStatus"), }, }, "namespaces": { @@ -66819,7 +65504,7 @@ func schema_openshift_api_quota_v1_ClusterResourceQuotaStatus(ref common.Referen }, }, Dependencies: []string{ - "github.com/openshift/api/quota/v1.ResourceQuotaStatusByNamespace", corev1.ResourceQuotaStatus{}.OpenAPIModelName()}, + "github.com/openshift/api/quota/v1.ResourceQuotaStatusByNamespace", "k8s.io/api/core/v1.ResourceQuotaStatus"}, } } @@ -66842,7 +65527,7 @@ func schema_openshift_api_quota_v1_ResourceQuotaStatusByNamespace(ref common.Ref SchemaProps: spec.SchemaProps{ Description: "status indicates how many resources have been consumed by this project", Default: map[string]interface{}{}, - Ref: ref(corev1.ResourceQuotaStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ResourceQuotaStatus"), }, }, }, @@ -66850,7 +65535,7 @@ func schema_openshift_api_quota_v1_ResourceQuotaStatusByNamespace(ref common.Ref }, }, Dependencies: []string{ - corev1.ResourceQuotaStatus{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ResourceQuotaStatus"}, } } @@ -66904,7 +65589,7 @@ func schema_openshift_api_route_v1_Route(ref common.ReferenceCallback) common.Op SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -66926,7 +65611,7 @@ func schema_openshift_api_route_v1_Route(ref common.ReferenceCallback) common.Op }, }, Dependencies: []string{ - "github.com/openshift/api/route/v1.RouteSpec", "github.com/openshift/api/route/v1.RouteStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/route/v1.RouteSpec", "github.com/openshift/api/route/v1.RouteStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -67189,7 +65874,7 @@ func schema_openshift_api_route_v1_RouteIngressCondition(ref common.ReferenceCal "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "RFC 3339 date and time when this condition last transitioned", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, }, @@ -67197,7 +65882,7 @@ func schema_openshift_api_route_v1_RouteIngressCondition(ref common.ReferenceCal }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -67226,7 +65911,7 @@ func schema_openshift_api_route_v1_RouteList(ref common.ReferenceCallback) commo SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -67248,7 +65933,7 @@ func schema_openshift_api_route_v1_RouteList(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - "github.com/openshift/api/route/v1.Route", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/route/v1.Route", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -67262,7 +65947,7 @@ func schema_openshift_api_route_v1_RoutePort(ref common.ReferenceCallback) commo "targetPort": { SchemaProps: spec.SchemaProps{ Description: "The target port on pods selected by the service this route points to. If this is a string, it will be looked up as a named port in the target endpoints port list. Required", - Ref: ref(intstr.IntOrString{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/util/intstr.IntOrString"), }, }, }, @@ -67270,7 +65955,7 @@ func schema_openshift_api_route_v1_RoutePort(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - intstr.IntOrString{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/util/intstr.IntOrString"}, } } @@ -67579,7 +66264,7 @@ func schema_openshift_api_samples_v1_Config(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -67599,7 +66284,7 @@ func schema_openshift_api_samples_v1_Config(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - "github.com/openshift/api/samples/v1.ConfigSpec", "github.com/openshift/api/samples/v1.ConfigStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/samples/v1.ConfigSpec", "github.com/openshift/api/samples/v1.ConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -67629,13 +66314,13 @@ func schema_openshift_api_samples_v1_ConfigCondition(ref common.ReferenceCallbac "lastUpdateTime": { SchemaProps: spec.SchemaProps{ Description: "lastUpdateTime is the last time this condition was updated.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "lastTransitionTime is the last time the condition transitioned from one status to another.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "reason": { @@ -67657,7 +66342,7 @@ func schema_openshift_api_samples_v1_ConfigCondition(ref common.ReferenceCallbac }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -67686,7 +66371,7 @@ func schema_openshift_api_samples_v1_ConfigList(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -67707,7 +66392,7 @@ func schema_openshift_api_samples_v1_ConfigList(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/samples/v1.Config", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/samples/v1.Config", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -68055,7 +66740,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicyReview(ref common.Referen SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -68077,7 +66762,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicyReview(ref common.Referen }, }, Dependencies: []string{ - "github.com/openshift/api/security/v1.PodSecurityPolicyReviewSpec", "github.com/openshift/api/security/v1.PodSecurityPolicyReviewStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/security/v1.PodSecurityPolicyReviewSpec", "github.com/openshift/api/security/v1.PodSecurityPolicyReviewStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -68092,7 +66777,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicyReviewSpec(ref common.Ref SchemaProps: spec.SchemaProps{ Description: "template is the PodTemplateSpec to check. The template.spec.serviceAccountName field is used if serviceAccountNames is empty, unless the template.spec.serviceAccountName is empty, in which case \"default\" is used. If serviceAccountNames is specified, template.spec.serviceAccountName is ignored.", Default: map[string]interface{}{}, - Ref: ref(corev1.PodTemplateSpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodTemplateSpec"), }, }, "serviceAccountNames": { @@ -68115,7 +66800,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicyReviewSpec(ref common.Ref }, }, Dependencies: []string{ - corev1.PodTemplateSpec{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.PodTemplateSpec"}, } } @@ -68173,7 +66858,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicySelfSubjectReview(ref com SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -68195,7 +66880,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicySelfSubjectReview(ref com }, }, Dependencies: []string{ - "github.com/openshift/api/security/v1.PodSecurityPolicySelfSubjectReviewSpec", "github.com/openshift/api/security/v1.PodSecurityPolicySubjectReviewStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/security/v1.PodSecurityPolicySelfSubjectReviewSpec", "github.com/openshift/api/security/v1.PodSecurityPolicySubjectReviewStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -68210,7 +66895,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicySelfSubjectReviewSpec(ref SchemaProps: spec.SchemaProps{ Description: "template is the PodTemplateSpec to check.", Default: map[string]interface{}{}, - Ref: ref(corev1.PodTemplateSpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodTemplateSpec"), }, }, }, @@ -68218,7 +66903,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicySelfSubjectReviewSpec(ref }, }, Dependencies: []string{ - corev1.PodTemplateSpec{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.PodTemplateSpec"}, } } @@ -68247,7 +66932,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicySubjectReview(ref common. SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -68269,7 +66954,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicySubjectReview(ref common. }, }, Dependencies: []string{ - "github.com/openshift/api/security/v1.PodSecurityPolicySubjectReviewSpec", "github.com/openshift/api/security/v1.PodSecurityPolicySubjectReviewStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/security/v1.PodSecurityPolicySubjectReviewSpec", "github.com/openshift/api/security/v1.PodSecurityPolicySubjectReviewStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -68284,7 +66969,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicySubjectReviewSpec(ref com SchemaProps: spec.SchemaProps{ Description: "template is the PodTemplateSpec to check. If template.spec.serviceAccountName is empty it will not be defaulted. If its non-empty, it will be checked.", Default: map[string]interface{}{}, - Ref: ref(corev1.PodTemplateSpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodTemplateSpec"), }, }, "user": { @@ -68314,7 +66999,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicySubjectReviewSpec(ref com }, }, Dependencies: []string{ - corev1.PodTemplateSpec{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.PodTemplateSpec"}, } } @@ -68328,7 +67013,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicySubjectReviewStatus(ref c "allowedBy": { SchemaProps: spec.SchemaProps{ Description: "allowedBy is a reference to the rule that allows the PodTemplateSpec. A rule can be a SecurityContextConstraint or a PodSecurityPolicy A `nil`, indicates that it was denied.", - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, "reason": { @@ -68342,14 +67027,14 @@ func schema_openshift_api_security_v1_PodSecurityPolicySubjectReviewStatus(ref c SchemaProps: spec.SchemaProps{ Description: "template is the PodTemplateSpec after the defaulting is applied.", Default: map[string]interface{}{}, - Ref: ref(corev1.PodTemplateSpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodTemplateSpec"), }, }, }, }, }, Dependencies: []string{ - corev1.ObjectReference{}.OpenAPIModelName(), corev1.PodTemplateSpec{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ObjectReference", "k8s.io/api/core/v1.PodTemplateSpec"}, } } @@ -68378,7 +67063,7 @@ func schema_openshift_api_security_v1_RangeAllocation(ref common.ReferenceCallba SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "range": { @@ -68401,7 +67086,7 @@ func schema_openshift_api_security_v1_RangeAllocation(ref common.ReferenceCallba }, }, Dependencies: []string{ - metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -68430,7 +67115,7 @@ func schema_openshift_api_security_v1_RangeAllocationList(ref common.ReferenceCa SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -68452,7 +67137,7 @@ func schema_openshift_api_security_v1_RangeAllocationList(ref common.ReferenceCa }, }, Dependencies: []string{ - "github.com/openshift/api/security/v1.RangeAllocation", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/security/v1.RangeAllocation", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -68514,14 +67199,14 @@ func schema_openshift_api_security_v1_SELinuxContextStrategyOptions(ref common.R "seLinuxOptions": { SchemaProps: spec.SchemaProps{ Description: "seLinuxOptions required to run as; required for MustRunAs", - Ref: ref(corev1.SELinuxOptions{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SELinuxOptions"), }, }, }, }, }, Dependencies: []string{ - corev1.SELinuxOptions{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.SELinuxOptions"}, } } @@ -68550,7 +67235,7 @@ func schema_openshift_api_security_v1_SecurityContextConstraints(ref common.Refe SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "priority": { @@ -68870,7 +67555,7 @@ func schema_openshift_api_security_v1_SecurityContextConstraints(ref common.Refe }, }, Dependencies: []string{ - "github.com/openshift/api/security/v1.AllowedFlexVolume", "github.com/openshift/api/security/v1.FSGroupStrategyOptions", "github.com/openshift/api/security/v1.RunAsUserStrategyOptions", "github.com/openshift/api/security/v1.SELinuxContextStrategyOptions", "github.com/openshift/api/security/v1.SupplementalGroupsStrategyOptions", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/security/v1.AllowedFlexVolume", "github.com/openshift/api/security/v1.FSGroupStrategyOptions", "github.com/openshift/api/security/v1.RunAsUserStrategyOptions", "github.com/openshift/api/security/v1.SELinuxContextStrategyOptions", "github.com/openshift/api/security/v1.SupplementalGroupsStrategyOptions", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -68899,7 +67584,7 @@ func schema_openshift_api_security_v1_SecurityContextConstraintsList(ref common. SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -68921,7 +67606,7 @@ func schema_openshift_api_security_v1_SecurityContextConstraintsList(ref common. }, }, Dependencies: []string{ - "github.com/openshift/api/security/v1.SecurityContextConstraints", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/security/v1.SecurityContextConstraints", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -68935,7 +67620,7 @@ func schema_openshift_api_security_v1_ServiceAccountPodSecurityPolicyReviewStatu "allowedBy": { SchemaProps: spec.SchemaProps{ Description: "allowedBy is a reference to the rule that allows the PodTemplateSpec. A rule can be a SecurityContextConstraint or a PodSecurityPolicy A `nil`, indicates that it was denied.", - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, "reason": { @@ -68949,7 +67634,7 @@ func schema_openshift_api_security_v1_ServiceAccountPodSecurityPolicyReviewStatu SchemaProps: spec.SchemaProps{ Description: "template is the PodTemplateSpec after the defaulting is applied.", Default: map[string]interface{}{}, - Ref: ref(corev1.PodTemplateSpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodTemplateSpec"), }, }, "name": { @@ -68965,7 +67650,7 @@ func schema_openshift_api_security_v1_ServiceAccountPodSecurityPolicyReviewStatu }, }, Dependencies: []string{ - corev1.ObjectReference{}.OpenAPIModelName(), corev1.PodTemplateSpec{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ObjectReference", "k8s.io/api/core/v1.PodTemplateSpec"}, } } @@ -69035,7 +67720,7 @@ func schema_openshift_api_securityinternal_v1_RangeAllocation(ref common.Referen SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "range": { @@ -69058,7 +67743,7 @@ func schema_openshift_api_securityinternal_v1_RangeAllocation(ref common.Referen }, }, Dependencies: []string{ - metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -69087,7 +67772,7 @@ func schema_openshift_api_securityinternal_v1_RangeAllocationList(ref common.Ref SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -69109,7 +67794,7 @@ func schema_openshift_api_securityinternal_v1_RangeAllocationList(ref common.Ref }, }, Dependencies: []string{ - "github.com/openshift/api/securityinternal/v1.RangeAllocation", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/securityinternal/v1.RangeAllocation", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -69138,7 +67823,7 @@ func schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorCo SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -69158,7 +67843,7 @@ func schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorCo }, }, Dependencies: []string{ - "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfigSpec", "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfigStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfigSpec", "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -69187,7 +67872,7 @@ func schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorCo SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -69209,7 +67894,7 @@ func schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorCo }, }, Dependencies: []string{ - "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfig", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfig", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -69244,13 +67929,13 @@ func schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorCo "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -69258,7 +67943,7 @@ func schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorCo }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -69377,7 +68062,7 @@ func schema_openshift_api_sharedresource_v1alpha1_SharedConfigMap(ref common.Ref SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -69399,7 +68084,7 @@ func schema_openshift_api_sharedresource_v1alpha1_SharedConfigMap(ref common.Ref }, }, Dependencies: []string{ - "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMapSpec", "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMapStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMapSpec", "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMapStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -69428,7 +68113,7 @@ func schema_openshift_api_sharedresource_v1alpha1_SharedConfigMapList(ref common SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -69449,7 +68134,7 @@ func schema_openshift_api_sharedresource_v1alpha1_SharedConfigMapList(ref common }, }, Dependencies: []string{ - "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMap", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMap", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -69536,7 +68221,7 @@ func schema_openshift_api_sharedresource_v1alpha1_SharedConfigMapStatus(ref comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -69546,7 +68231,7 @@ func schema_openshift_api_sharedresource_v1alpha1_SharedConfigMapStatus(ref comm }, }, Dependencies: []string{ - metav1.Condition{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -69575,7 +68260,7 @@ func schema_openshift_api_sharedresource_v1alpha1_SharedSecret(ref common.Refere SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -69597,7 +68282,7 @@ func schema_openshift_api_sharedresource_v1alpha1_SharedSecret(ref common.Refere }, }, Dependencies: []string{ - "github.com/openshift/api/sharedresource/v1alpha1.SharedSecretSpec", "github.com/openshift/api/sharedresource/v1alpha1.SharedSecretStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/sharedresource/v1alpha1.SharedSecretSpec", "github.com/openshift/api/sharedresource/v1alpha1.SharedSecretStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -69626,7 +68311,7 @@ func schema_openshift_api_sharedresource_v1alpha1_SharedSecretList(ref common.Re SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -69647,7 +68332,7 @@ func schema_openshift_api_sharedresource_v1alpha1_SharedSecretList(ref common.Re }, }, Dependencies: []string{ - "github.com/openshift/api/sharedresource/v1alpha1.SharedSecret", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/sharedresource/v1alpha1.SharedSecret", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -69734,7 +68419,7 @@ func schema_openshift_api_sharedresource_v1alpha1_SharedSecretStatus(ref common. Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -69744,7 +68429,7 @@ func schema_openshift_api_sharedresource_v1alpha1_SharedSecretStatus(ref common. }, }, Dependencies: []string{ - metav1.Condition{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -69773,7 +68458,7 @@ func schema_openshift_api_template_v1_BrokerTemplateInstance(ref common.Referenc SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -69788,7 +68473,7 @@ func schema_openshift_api_template_v1_BrokerTemplateInstance(ref common.Referenc }, }, Dependencies: []string{ - "github.com/openshift/api/template/v1.BrokerTemplateInstanceSpec", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/template/v1.BrokerTemplateInstanceSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -69817,7 +68502,7 @@ func schema_openshift_api_template_v1_BrokerTemplateInstanceList(ref common.Refe SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -69839,7 +68524,7 @@ func schema_openshift_api_template_v1_BrokerTemplateInstanceList(ref common.Refe }, }, Dependencies: []string{ - "github.com/openshift/api/template/v1.BrokerTemplateInstance", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/template/v1.BrokerTemplateInstance", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -69854,14 +68539,14 @@ func schema_openshift_api_template_v1_BrokerTemplateInstanceSpec(ref common.Refe SchemaProps: spec.SchemaProps{ Description: "templateInstance is a reference to a TemplateInstance object residing in a namespace.", Default: map[string]interface{}{}, - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, "secret": { SchemaProps: spec.SchemaProps{ Description: "secret is a reference to a Secret object residing in a namespace, containing the necessary template parameters.", Default: map[string]interface{}{}, - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, "bindingIDs": { @@ -69884,7 +68569,7 @@ func schema_openshift_api_template_v1_BrokerTemplateInstanceSpec(ref common.Refe }, }, Dependencies: []string{ - corev1.ObjectReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ObjectReference"}, } } @@ -69977,7 +68662,7 @@ func schema_openshift_api_template_v1_Template(ref common.ReferenceCallback) com SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "message": { @@ -69994,7 +68679,7 @@ func schema_openshift_api_template_v1_Template(ref common.ReferenceCallback) com Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -70035,7 +68720,7 @@ func schema_openshift_api_template_v1_Template(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "github.com/openshift/api/template/v1.Parameter", metav1.ObjectMeta{}.OpenAPIModelName(), runtime.RawExtension{}.OpenAPIModelName()}, + "github.com/openshift/api/template/v1.Parameter", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -70064,7 +68749,7 @@ func schema_openshift_api_template_v1_TemplateInstance(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { @@ -70086,7 +68771,7 @@ func schema_openshift_api_template_v1_TemplateInstance(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/template/v1.TemplateInstanceSpec", "github.com/openshift/api/template/v1.TemplateInstanceStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/template/v1.TemplateInstanceSpec", "github.com/openshift/api/template/v1.TemplateInstanceStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -70116,7 +68801,7 @@ func schema_openshift_api_template_v1_TemplateInstanceCondition(ref common.Refer "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "lastTransitionTime is the last time a condition status transitioned from one state to another.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "reason": { @@ -70140,7 +68825,7 @@ func schema_openshift_api_template_v1_TemplateInstanceCondition(ref common.Refer }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -70169,7 +68854,7 @@ func schema_openshift_api_template_v1_TemplateInstanceList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -70191,7 +68876,7 @@ func schema_openshift_api_template_v1_TemplateInstanceList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/template/v1.TemplateInstance", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/template/v1.TemplateInstance", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -70206,14 +68891,14 @@ func schema_openshift_api_template_v1_TemplateInstanceObject(ref common.Referenc SchemaProps: spec.SchemaProps{ Description: "ref is a reference to the created object. When used under .spec, only name and namespace are used; these can contain references to parameters which will be substituted following the usual rules.", Default: map[string]interface{}{}, - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, }, }, }, Dependencies: []string{ - corev1.ObjectReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ObjectReference"}, } } @@ -70299,7 +68984,7 @@ func schema_openshift_api_template_v1_TemplateInstanceSpec(ref common.ReferenceC "secret": { SchemaProps: spec.SchemaProps{ Description: "secret is a reference to a Secret object containing the necessary template parameters.", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, "requester": { @@ -70313,7 +68998,7 @@ func schema_openshift_api_template_v1_TemplateInstanceSpec(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/template/v1.Template", "github.com/openshift/api/template/v1.TemplateInstanceRequester", corev1.LocalObjectReference{}.OpenAPIModelName()}, + "github.com/openshift/api/template/v1.Template", "github.com/openshift/api/template/v1.TemplateInstanceRequester", "k8s.io/api/core/v1.LocalObjectReference"}, } } @@ -70385,7 +69070,7 @@ func schema_openshift_api_template_v1_TemplateList(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -70407,7 +69092,7 @@ func schema_openshift_api_template_v1_TemplateList(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/template/v1.Template", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/template/v1.Template", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -70436,7 +69121,7 @@ func schema_openshift_api_user_v1_Group(ref common.ReferenceCallback) common.Ope SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "users": { @@ -70459,7 +69144,7 @@ func schema_openshift_api_user_v1_Group(ref common.ReferenceCallback) common.Ope }, }, Dependencies: []string{ - metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -70488,7 +69173,7 @@ func schema_openshift_api_user_v1_GroupList(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -70510,7 +69195,7 @@ func schema_openshift_api_user_v1_GroupList(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - "github.com/openshift/api/user/v1.Group", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/user/v1.Group", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -70539,7 +69224,7 @@ func schema_openshift_api_user_v1_Identity(ref common.ReferenceCallback) common. SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "providerName": { @@ -70562,7 +69247,7 @@ func schema_openshift_api_user_v1_Identity(ref common.ReferenceCallback) common. SchemaProps: spec.SchemaProps{ Description: "user is a reference to the user this identity is associated with Both Name and UID must be set", Default: map[string]interface{}{}, - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, "extra": { @@ -70586,7 +69271,7 @@ func schema_openshift_api_user_v1_Identity(ref common.ReferenceCallback) common. }, }, Dependencies: []string{ - corev1.ObjectReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -70615,7 +69300,7 @@ func schema_openshift_api_user_v1_IdentityList(ref common.ReferenceCallback) com SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -70637,7 +69322,7 @@ func schema_openshift_api_user_v1_IdentityList(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "github.com/openshift/api/user/v1.Identity", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/user/v1.Identity", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -70666,7 +69351,7 @@ func schema_openshift_api_user_v1_User(ref common.ReferenceCallback) common.Open SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "fullName": { @@ -70711,7 +69396,7 @@ func schema_openshift_api_user_v1_User(ref common.ReferenceCallback) common.Open }, }, Dependencies: []string{ - metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -70740,28 +69425,28 @@ func schema_openshift_api_user_v1_UserIdentityMapping(ref common.ReferenceCallba SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "identity": { SchemaProps: spec.SchemaProps{ Description: "identity is a reference to an identity", Default: map[string]interface{}{}, - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, "user": { SchemaProps: spec.SchemaProps{ Description: "user is a reference to a user", Default: map[string]interface{}{}, - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, }, }, }, Dependencies: []string{ - corev1.ObjectReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -70790,7 +69475,7 @@ func schema_openshift_api_user_v1_UserList(ref common.ReferenceCallback) common. SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -70812,7 +69497,7 @@ func schema_openshift_api_user_v1_UserList(ref common.ReferenceCallback) common. }, }, Dependencies: []string{ - "github.com/openshift/api/user/v1.User", metav1.ListMeta{}.OpenAPIModelName()}, + "github.com/openshift/api/user/v1.User", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -70916,13 +69601,13 @@ func schema_k8sio_api_admissionregistration_v1_MatchResources(ref common.Referen "namespaceSelector": { SchemaProps: spec.SchemaProps{ Description: "NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"runlevel\",\n \"operator\": \"NotIn\",\n \"values\": [\n \"0\",\n \"1\"\n ]\n }\n ]\n}\n\nIf instead you want to only run the policy on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"environment\",\n \"operator\": \"In\",\n \"values\": [\n \"prod\",\n \"staging\"\n ]\n }\n ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything.", - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, "objectSelector": { SchemaProps: spec.SchemaProps{ Description: "ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.", - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, "resourceRules": { @@ -70938,7 +69623,7 @@ func schema_k8sio_api_admissionregistration_v1_MatchResources(ref common.Referen Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(v1.NamedRuleWithOperations{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.NamedRuleWithOperations"), }, }, }, @@ -70957,7 +69642,7 @@ func schema_k8sio_api_admissionregistration_v1_MatchResources(ref common.Referen Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(v1.NamedRuleWithOperations{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.NamedRuleWithOperations"), }, }, }, @@ -70980,7 +69665,7 @@ func schema_k8sio_api_admissionregistration_v1_MatchResources(ref common.Referen }, }, Dependencies: []string{ - v1.NamedRuleWithOperations{}.OpenAPIModelName(), metav1.LabelSelector{}.OpenAPIModelName()}, + "k8s.io/api/admissionregistration/v1.NamedRuleWithOperations", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -71003,7 +69688,7 @@ func schema_k8sio_api_admissionregistration_v1_MutatingWebhook(ref common.Refere SchemaProps: spec.SchemaProps{ Description: "ClientConfig defines how to communicate with the hook. Required", Default: map[string]interface{}{}, - Ref: ref(v1.WebhookClientConfig{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.WebhookClientConfig"), }, }, "rules": { @@ -71019,7 +69704,7 @@ func schema_k8sio_api_admissionregistration_v1_MutatingWebhook(ref common.Refere Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(v1.RuleWithOperations{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.RuleWithOperations"), }, }, }, @@ -71044,13 +69729,13 @@ func schema_k8sio_api_admissionregistration_v1_MutatingWebhook(ref common.Refere "namespaceSelector": { SchemaProps: spec.SchemaProps{ Description: "NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"runlevel\",\n \"operator\": \"NotIn\",\n \"values\": [\n \"0\",\n \"1\"\n ]\n }\n ]\n}\n\nIf instead you want to only run the webhook on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"environment\",\n \"operator\": \"In\",\n \"values\": [\n \"prod\",\n \"staging\"\n ]\n }\n ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything.", - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, "objectSelector": { SchemaProps: spec.SchemaProps{ Description: "ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.", - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, "sideEffects": { @@ -71090,7 +69775,7 @@ func schema_k8sio_api_admissionregistration_v1_MutatingWebhook(ref common.Refere }, "reinvocationPolicy": { SchemaProps: spec.SchemaProps{ - Description: "reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are \"Never\" and \"IfNeeded\".\n\nNever: the webhook will not be called more than once in a single admission evaluation.\n\nIfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.\n\nDefaults to \"Never\".\n\nPossible enum values:\n - `\"IfNeeded\"` indicates that the mutation may be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial mutation call.\n - `\"Never\"` indicates that the mutation must not be called more than once in a single admission evaluation.", + Description: "reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are \"Never\" and \"IfNeeded\".\n\nNever: the webhook will not be called more than once in a single admission evaluation.\n\nIfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.\n\nDefaults to \"Never\".\n\nPossible enum values:\n - `\"IfNeeded\"` indicates that the webhook may be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call.\n - `\"Never\"` indicates that the webhook must not be called more than once in a single admission evaluation.", Type: []string{"string"}, Format: "", Enum: []interface{}{"IfNeeded", "Never"}, @@ -71114,7 +69799,7 @@ func schema_k8sio_api_admissionregistration_v1_MutatingWebhook(ref common.Refere Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(v1.MatchCondition{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.MatchCondition"), }, }, }, @@ -71125,7 +69810,7 @@ func schema_k8sio_api_admissionregistration_v1_MutatingWebhook(ref common.Refere }, }, Dependencies: []string{ - v1.MatchCondition{}.OpenAPIModelName(), v1.RuleWithOperations{}.OpenAPIModelName(), v1.WebhookClientConfig{}.OpenAPIModelName(), metav1.LabelSelector{}.OpenAPIModelName()}, + "k8s.io/api/admissionregistration/v1.MatchCondition", "k8s.io/api/admissionregistration/v1.RuleWithOperations", "k8s.io/api/admissionregistration/v1.WebhookClientConfig", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -71154,7 +69839,7 @@ func schema_k8sio_api_admissionregistration_v1_MutatingWebhookConfiguration(ref SchemaProps: spec.SchemaProps{ Description: "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "webhooks": { @@ -71175,7 +69860,7 @@ func schema_k8sio_api_admissionregistration_v1_MutatingWebhookConfiguration(ref Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(v1.MutatingWebhook{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.MutatingWebhook"), }, }, }, @@ -71185,7 +69870,7 @@ func schema_k8sio_api_admissionregistration_v1_MutatingWebhookConfiguration(ref }, }, Dependencies: []string{ - v1.MutatingWebhook{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/admissionregistration/v1.MutatingWebhook", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -71214,7 +69899,7 @@ func schema_k8sio_api_admissionregistration_v1_MutatingWebhookConfigurationList( SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -71225,7 +69910,7 @@ func schema_k8sio_api_admissionregistration_v1_MutatingWebhookConfigurationList( Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(v1.MutatingWebhookConfiguration{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.MutatingWebhookConfiguration"), }, }, }, @@ -71236,7 +69921,7 @@ func schema_k8sio_api_admissionregistration_v1_MutatingWebhookConfigurationList( }, }, Dependencies: []string{ - v1.MutatingWebhookConfiguration{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + "k8s.io/api/admissionregistration/v1.MutatingWebhookConfiguration", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -71423,7 +70108,7 @@ func schema_k8sio_api_admissionregistration_v1_ParamRef(ref common.ReferenceCall "selector": { SchemaProps: spec.SchemaProps{ Description: "selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.\n\nIf multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.", - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, "parameterNotFoundAction": { @@ -71442,7 +70127,7 @@ func schema_k8sio_api_admissionregistration_v1_ParamRef(ref common.ReferenceCall }, }, Dependencies: []string{ - metav1.LabelSelector{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -71693,7 +70378,7 @@ func schema_k8sio_api_admissionregistration_v1_TypeChecking(ref common.Reference Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(v1.ExpressionWarning{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.ExpressionWarning"), }, }, }, @@ -71703,7 +70388,7 @@ func schema_k8sio_api_admissionregistration_v1_TypeChecking(ref common.Reference }, }, Dependencies: []string{ - v1.ExpressionWarning{}.OpenAPIModelName()}, + "k8s.io/api/admissionregistration/v1.ExpressionWarning"}, } } @@ -71732,28 +70417,28 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicy(ref com SchemaProps: spec.SchemaProps{ Description: "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Specification of the desired behavior of the ValidatingAdmissionPolicy.", Default: map[string]interface{}{}, - Ref: ref(v1.ValidatingAdmissionPolicySpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicySpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.", Default: map[string]interface{}{}, - Ref: ref(v1.ValidatingAdmissionPolicyStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicyStatus"), }, }, }, }, }, Dependencies: []string{ - v1.ValidatingAdmissionPolicySpec{}.OpenAPIModelName(), v1.ValidatingAdmissionPolicyStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicySpec", "k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicyStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -71782,21 +70467,21 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyBinding( SchemaProps: spec.SchemaProps{ Description: "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.", Default: map[string]interface{}{}, - Ref: ref(v1.ValidatingAdmissionPolicyBindingSpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicyBindingSpec"), }, }, }, }, }, Dependencies: []string{ - v1.ValidatingAdmissionPolicyBindingSpec{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicyBindingSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -71825,7 +70510,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyBindingL SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -71836,7 +70521,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyBindingL Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(v1.ValidatingAdmissionPolicyBinding{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicyBinding"), }, }, }, @@ -71847,7 +70532,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyBindingL }, }, Dependencies: []string{ - v1.ValidatingAdmissionPolicyBinding{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + "k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicyBinding", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -71868,13 +70553,13 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyBindingS "paramRef": { SchemaProps: spec.SchemaProps{ Description: "paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.", - Ref: ref(v1.ParamRef{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.ParamRef"), }, }, "matchResources": { SchemaProps: spec.SchemaProps{ Description: "MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.", - Ref: ref(v1.MatchResources{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.MatchResources"), }, }, "validationActions": { @@ -71902,7 +70587,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyBindingS }, }, Dependencies: []string{ - v1.MatchResources{}.OpenAPIModelName(), v1.ParamRef{}.OpenAPIModelName()}, + "k8s.io/api/admissionregistration/v1.MatchResources", "k8s.io/api/admissionregistration/v1.ParamRef"}, } } @@ -71931,7 +70616,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyList(ref SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -71942,7 +70627,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyList(ref Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(v1.ValidatingAdmissionPolicy{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicy"), }, }, }, @@ -71953,7 +70638,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyList(ref }, }, Dependencies: []string{ - v1.ValidatingAdmissionPolicy{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + "k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicy", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -71967,13 +70652,13 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicySpec(ref "paramKind": { SchemaProps: spec.SchemaProps{ Description: "ParamKind specifies the kind of resources used to parameterize this policy. If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.", - Ref: ref(v1.ParamKind{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.ParamKind"), }, }, "matchConstraints": { SchemaProps: spec.SchemaProps{ Description: "MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request if it matches _all_ Constraints. However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Required.", - Ref: ref(v1.MatchResources{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.MatchResources"), }, }, "validations": { @@ -71989,7 +70674,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicySpec(ref Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(v1.Validation{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.Validation"), }, }, }, @@ -72016,7 +70701,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicySpec(ref Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(v1.AuditAnnotation{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.AuditAnnotation"), }, }, }, @@ -72040,7 +70725,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicySpec(ref Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(v1.MatchCondition{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.MatchCondition"), }, }, }, @@ -72064,7 +70749,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicySpec(ref Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(v1.Variable{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.Variable"), }, }, }, @@ -72074,7 +70759,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicySpec(ref }, }, Dependencies: []string{ - v1.AuditAnnotation{}.OpenAPIModelName(), v1.MatchCondition{}.OpenAPIModelName(), v1.MatchResources{}.OpenAPIModelName(), v1.ParamKind{}.OpenAPIModelName(), v1.Validation{}.OpenAPIModelName(), v1.Variable{}.OpenAPIModelName()}, + "k8s.io/api/admissionregistration/v1.AuditAnnotation", "k8s.io/api/admissionregistration/v1.MatchCondition", "k8s.io/api/admissionregistration/v1.MatchResources", "k8s.io/api/admissionregistration/v1.ParamKind", "k8s.io/api/admissionregistration/v1.Validation", "k8s.io/api/admissionregistration/v1.Variable"}, } } @@ -72095,7 +70780,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyStatus(r "typeChecking": { SchemaProps: spec.SchemaProps{ Description: "The results of type checking for each expression. Presence of this field indicates the completion of the type checking.", - Ref: ref(v1.TypeChecking{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.TypeChecking"), }, }, "conditions": { @@ -72114,7 +70799,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyStatus(r Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -72124,7 +70809,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyStatus(r }, }, Dependencies: []string{ - v1.TypeChecking{}.OpenAPIModelName(), metav1.Condition{}.OpenAPIModelName()}, + "k8s.io/api/admissionregistration/v1.TypeChecking", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -72147,7 +70832,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingWebhook(ref common.Refe SchemaProps: spec.SchemaProps{ Description: "ClientConfig defines how to communicate with the hook. Required", Default: map[string]interface{}{}, - Ref: ref(v1.WebhookClientConfig{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.WebhookClientConfig"), }, }, "rules": { @@ -72163,7 +70848,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingWebhook(ref common.Refe Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(v1.RuleWithOperations{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.RuleWithOperations"), }, }, }, @@ -72188,13 +70873,13 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingWebhook(ref common.Refe "namespaceSelector": { SchemaProps: spec.SchemaProps{ Description: "NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"runlevel\",\n \"operator\": \"NotIn\",\n \"values\": [\n \"0\",\n \"1\"\n ]\n }\n ]\n}\n\nIf instead you want to only run the webhook on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"environment\",\n \"operator\": \"In\",\n \"values\": [\n \"prod\",\n \"staging\"\n ]\n }\n ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything.", - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, "objectSelector": { SchemaProps: spec.SchemaProps{ Description: "ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.", - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, "sideEffects": { @@ -72250,7 +70935,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingWebhook(ref common.Refe Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(v1.MatchCondition{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.MatchCondition"), }, }, }, @@ -72261,7 +70946,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingWebhook(ref common.Refe }, }, Dependencies: []string{ - v1.MatchCondition{}.OpenAPIModelName(), v1.RuleWithOperations{}.OpenAPIModelName(), v1.WebhookClientConfig{}.OpenAPIModelName(), metav1.LabelSelector{}.OpenAPIModelName()}, + "k8s.io/api/admissionregistration/v1.MatchCondition", "k8s.io/api/admissionregistration/v1.RuleWithOperations", "k8s.io/api/admissionregistration/v1.WebhookClientConfig", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -72290,7 +70975,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingWebhookConfiguration(re SchemaProps: spec.SchemaProps{ Description: "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "webhooks": { @@ -72311,7 +70996,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingWebhookConfiguration(re Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(v1.ValidatingWebhook{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.ValidatingWebhook"), }, }, }, @@ -72321,7 +71006,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingWebhookConfiguration(re }, }, Dependencies: []string{ - v1.ValidatingWebhook{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/admissionregistration/v1.ValidatingWebhook", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -72350,7 +71035,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingWebhookConfigurationLis SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -72361,7 +71046,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingWebhookConfigurationLis Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(v1.ValidatingWebhookConfiguration{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.ValidatingWebhookConfiguration"), }, }, }, @@ -72372,7 +71057,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingWebhookConfigurationLis }, }, Dependencies: []string{ - v1.ValidatingWebhookConfiguration{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + "k8s.io/api/admissionregistration/v1.ValidatingWebhookConfiguration", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -72471,7 +71156,7 @@ func schema_k8sio_api_admissionregistration_v1_WebhookClientConfig(ref common.Re "service": { SchemaProps: spec.SchemaProps{ Description: "`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.\n\nIf the webhook is running within the cluster, then you should use `service`.", - Ref: ref(v1.ServiceReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/admissionregistration/v1.ServiceReference"), }, }, "caBundle": { @@ -72485,7 +71170,7 @@ func schema_k8sio_api_admissionregistration_v1_WebhookClientConfig(ref common.Re }, }, Dependencies: []string{ - v1.ServiceReference{}.OpenAPIModelName()}, + "k8s.io/api/admissionregistration/v1.ServiceReference"}, } } @@ -72516,7 +71201,7 @@ func schema_k8sio_api_authorization_v1_FieldSelectorAttributes(ref common.Refere Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.FieldSelectorRequirement{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.FieldSelectorRequirement"), }, }, }, @@ -72526,7 +71211,7 @@ func schema_k8sio_api_authorization_v1_FieldSelectorAttributes(ref common.Refere }, }, Dependencies: []string{ - metav1.FieldSelectorRequirement{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.FieldSelectorRequirement"}, } } @@ -72557,7 +71242,7 @@ func schema_k8sio_api_authorization_v1_LabelSelectorAttributes(ref common.Refere Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.LabelSelectorRequirement{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement"), }, }, }, @@ -72567,7 +71252,7 @@ func schema_k8sio_api_authorization_v1_LabelSelectorAttributes(ref common.Refere }, }, Dependencies: []string{ - metav1.LabelSelectorRequirement{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement"}, } } @@ -72596,21 +71281,21 @@ func schema_k8sio_api_authorization_v1_LocalSubjectAccessReview(ref common.Refer SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace you made the request against. If empty, it is defaulted.", Default: map[string]interface{}{}, - Ref: ref(authorizationv1.SubjectAccessReviewSpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/authorization/v1.SubjectAccessReviewSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "Status is filled in by the server and indicates whether the request is allowed or not", Default: map[string]interface{}{}, - Ref: ref(authorizationv1.SubjectAccessReviewStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/authorization/v1.SubjectAccessReviewStatus"), }, }, }, @@ -72618,7 +71303,7 @@ func schema_k8sio_api_authorization_v1_LocalSubjectAccessReview(ref common.Refer }, }, Dependencies: []string{ - authorizationv1.SubjectAccessReviewSpec{}.OpenAPIModelName(), authorizationv1.SubjectAccessReviewStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/authorization/v1.SubjectAccessReviewSpec", "k8s.io/api/authorization/v1.SubjectAccessReviewStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -72762,20 +71447,20 @@ func schema_k8sio_api_authorization_v1_ResourceAttributes(ref common.ReferenceCa "fieldSelector": { SchemaProps: spec.SchemaProps{ Description: "fieldSelector describes the limitation on access based on field. It can only limit access, not broaden it.", - Ref: ref(authorizationv1.FieldSelectorAttributes{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/authorization/v1.FieldSelectorAttributes"), }, }, "labelSelector": { SchemaProps: spec.SchemaProps{ Description: "labelSelector describes the limitation on access based on labels. It can only limit access, not broaden it.", - Ref: ref(authorizationv1.LabelSelectorAttributes{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/authorization/v1.LabelSelectorAttributes"), }, }, }, }, }, Dependencies: []string{ - authorizationv1.FieldSelectorAttributes{}.OpenAPIModelName(), authorizationv1.LabelSelectorAttributes{}.OpenAPIModelName()}, + "k8s.io/api/authorization/v1.FieldSelectorAttributes", "k8s.io/api/authorization/v1.LabelSelectorAttributes"}, } } @@ -72898,21 +71583,21 @@ func schema_k8sio_api_authorization_v1_SelfSubjectAccessReview(ref common.Refere SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec holds information about the request being evaluated. user and groups must be empty", Default: map[string]interface{}{}, - Ref: ref(authorizationv1.SelfSubjectAccessReviewSpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/authorization/v1.SelfSubjectAccessReviewSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "Status is filled in by the server and indicates whether the request is allowed or not", Default: map[string]interface{}{}, - Ref: ref(authorizationv1.SubjectAccessReviewStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/authorization/v1.SubjectAccessReviewStatus"), }, }, }, @@ -72920,7 +71605,7 @@ func schema_k8sio_api_authorization_v1_SelfSubjectAccessReview(ref common.Refere }, }, Dependencies: []string{ - authorizationv1.SelfSubjectAccessReviewSpec{}.OpenAPIModelName(), authorizationv1.SubjectAccessReviewStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/authorization/v1.SelfSubjectAccessReviewSpec", "k8s.io/api/authorization/v1.SubjectAccessReviewStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -72934,20 +71619,20 @@ func schema_k8sio_api_authorization_v1_SelfSubjectAccessReviewSpec(ref common.Re "resourceAttributes": { SchemaProps: spec.SchemaProps{ Description: "ResourceAuthorizationAttributes describes information for a resource access request", - Ref: ref(authorizationv1.ResourceAttributes{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/authorization/v1.ResourceAttributes"), }, }, "nonResourceAttributes": { SchemaProps: spec.SchemaProps{ Description: "NonResourceAttributes describes information for a non-resource access request", - Ref: ref(authorizationv1.NonResourceAttributes{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/authorization/v1.NonResourceAttributes"), }, }, }, }, }, Dependencies: []string{ - authorizationv1.NonResourceAttributes{}.OpenAPIModelName(), authorizationv1.ResourceAttributes{}.OpenAPIModelName()}, + "k8s.io/api/authorization/v1.NonResourceAttributes", "k8s.io/api/authorization/v1.ResourceAttributes"}, } } @@ -72976,21 +71661,21 @@ func schema_k8sio_api_authorization_v1_SelfSubjectRulesReview(ref common.Referen SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec holds information about the request being evaluated.", Default: map[string]interface{}{}, - Ref: ref(authorizationv1.SelfSubjectRulesReviewSpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/authorization/v1.SelfSubjectRulesReviewSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "Status is filled in by the server and indicates the set of actions a user can perform.", Default: map[string]interface{}{}, - Ref: ref(authorizationv1.SubjectRulesReviewStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/authorization/v1.SubjectRulesReviewStatus"), }, }, }, @@ -72998,7 +71683,7 @@ func schema_k8sio_api_authorization_v1_SelfSubjectRulesReview(ref common.Referen }, }, Dependencies: []string{ - authorizationv1.SelfSubjectRulesReviewSpec{}.OpenAPIModelName(), authorizationv1.SubjectRulesReviewStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/authorization/v1.SelfSubjectRulesReviewSpec", "k8s.io/api/authorization/v1.SubjectRulesReviewStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -73047,21 +71732,21 @@ func schema_k8sio_api_authorization_v1_SubjectAccessReview(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec holds information about the request being evaluated", Default: map[string]interface{}{}, - Ref: ref(authorizationv1.SubjectAccessReviewSpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/authorization/v1.SubjectAccessReviewSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "Status is filled in by the server and indicates whether the request is allowed or not", Default: map[string]interface{}{}, - Ref: ref(authorizationv1.SubjectAccessReviewStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/authorization/v1.SubjectAccessReviewStatus"), }, }, }, @@ -73069,7 +71754,7 @@ func schema_k8sio_api_authorization_v1_SubjectAccessReview(ref common.ReferenceC }, }, Dependencies: []string{ - authorizationv1.SubjectAccessReviewSpec{}.OpenAPIModelName(), authorizationv1.SubjectAccessReviewStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/authorization/v1.SubjectAccessReviewSpec", "k8s.io/api/authorization/v1.SubjectAccessReviewStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -73083,13 +71768,13 @@ func schema_k8sio_api_authorization_v1_SubjectAccessReviewSpec(ref common.Refere "resourceAttributes": { SchemaProps: spec.SchemaProps{ Description: "ResourceAuthorizationAttributes describes information for a resource access request", - Ref: ref(authorizationv1.ResourceAttributes{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/authorization/v1.ResourceAttributes"), }, }, "nonResourceAttributes": { SchemaProps: spec.SchemaProps{ Description: "NonResourceAttributes describes information for a non-resource access request", - Ref: ref(authorizationv1.NonResourceAttributes{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/authorization/v1.NonResourceAttributes"), }, }, "user": { @@ -73153,7 +71838,7 @@ func schema_k8sio_api_authorization_v1_SubjectAccessReviewSpec(ref common.Refere }, }, Dependencies: []string{ - authorizationv1.NonResourceAttributes{}.OpenAPIModelName(), authorizationv1.ResourceAttributes{}.OpenAPIModelName()}, + "k8s.io/api/authorization/v1.NonResourceAttributes", "k8s.io/api/authorization/v1.ResourceAttributes"}, } } @@ -73220,7 +71905,7 @@ func schema_k8sio_api_authorization_v1_SubjectRulesReviewStatus(ref common.Refer Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(authorizationv1.ResourceRule{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/authorization/v1.ResourceRule"), }, }, }, @@ -73239,7 +71924,7 @@ func schema_k8sio_api_authorization_v1_SubjectRulesReviewStatus(ref common.Refer Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(authorizationv1.NonResourceRule{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/authorization/v1.NonResourceRule"), }, }, }, @@ -73265,7 +71950,7 @@ func schema_k8sio_api_authorization_v1_SubjectRulesReviewStatus(ref common.Refer }, }, Dependencies: []string{ - authorizationv1.NonResourceRule{}.OpenAPIModelName(), authorizationv1.ResourceRule{}.OpenAPIModelName()}, + "k8s.io/api/authorization/v1.NonResourceRule", "k8s.io/api/authorization/v1.ResourceRule"}, } } @@ -73322,26 +72007,26 @@ func schema_k8sio_api_core_v1_Affinity(ref common.ReferenceCallback) common.Open "nodeAffinity": { SchemaProps: spec.SchemaProps{ Description: "Describes node affinity scheduling rules for the pod.", - Ref: ref(corev1.NodeAffinity{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NodeAffinity"), }, }, "podAffinity": { SchemaProps: spec.SchemaProps{ Description: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - Ref: ref(corev1.PodAffinity{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodAffinity"), }, }, "podAntiAffinity": { SchemaProps: spec.SchemaProps{ Description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - Ref: ref(corev1.PodAntiAffinity{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodAntiAffinity"), }, }, }, }, }, Dependencies: []string{ - corev1.NodeAffinity{}.OpenAPIModelName(), corev1.PodAffinity{}.OpenAPIModelName(), corev1.PodAntiAffinity{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.NodeAffinity", "k8s.io/api/core/v1.PodAffinity", "k8s.io/api/core/v1.PodAntiAffinity"}, } } @@ -73437,7 +72122,7 @@ func schema_k8sio_api_core_v1_AvoidPods(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.PreferAvoidPodsEntry{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PreferAvoidPodsEntry"), }, }, }, @@ -73447,7 +72132,7 @@ func schema_k8sio_api_core_v1_AvoidPods(ref common.ReferenceCallback) common.Ope }, }, Dependencies: []string{ - corev1.PreferAvoidPodsEntry{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.PreferAvoidPodsEntry"}, } } @@ -73477,7 +72162,7 @@ func schema_k8sio_api_core_v1_AzureDiskVolumeSource(ref common.ReferenceCallback "cachingMode": { SchemaProps: spec.SchemaProps{ Description: "cachingMode is the Host Caching mode: None, Read Only, Read Write.\n\nPossible enum values:\n - `\"None\"`\n - `\"ReadOnly\"`\n - `\"ReadWrite\"`", - Default: corev1.AzureDataDiskCachingReadWrite, + Default: v1.AzureDataDiskCachingReadWrite, Type: []string{"string"}, Format: "", Enum: []interface{}{"None", "ReadOnly", "ReadWrite"}, @@ -73502,7 +72187,7 @@ func schema_k8sio_api_core_v1_AzureDiskVolumeSource(ref common.ReferenceCallback "kind": { SchemaProps: spec.SchemaProps{ Description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared\n\nPossible enum values:\n - `\"Dedicated\"`\n - `\"Managed\"`\n - `\"Shared\"`", - Default: corev1.AzureSharedBlobDisk, + Default: v1.AzureSharedBlobDisk, Type: []string{"string"}, Format: "", Enum: []interface{}{"Dedicated", "Managed", "Shared"}, @@ -73621,14 +72306,14 @@ func schema_k8sio_api_core_v1_Binding(ref common.ReferenceCallback) common.OpenA SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "target": { SchemaProps: spec.SchemaProps{ Description: "The target object that you want to bind to the standard object.", Default: map[string]interface{}{}, - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, }, @@ -73636,7 +72321,7 @@ func schema_k8sio_api_core_v1_Binding(ref common.ReferenceCallback) common.OpenA }, }, Dependencies: []string{ - corev1.ObjectReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -73696,31 +72381,31 @@ func schema_k8sio_api_core_v1_CSIPersistentVolumeSource(ref common.ReferenceCall "controllerPublishSecretRef": { SchemaProps: spec.SchemaProps{ Description: "controllerPublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerPublishVolume and ControllerUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", - Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SecretReference"), }, }, "nodeStageSecretRef": { SchemaProps: spec.SchemaProps{ Description: "nodeStageSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeStageVolume and NodeStageVolume and NodeUnstageVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", - Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SecretReference"), }, }, "nodePublishSecretRef": { SchemaProps: spec.SchemaProps{ Description: "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", - Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SecretReference"), }, }, "controllerExpandSecretRef": { SchemaProps: spec.SchemaProps{ Description: "controllerExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerExpandVolume call. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", - Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SecretReference"), }, }, "nodeExpandSecretRef": { SchemaProps: spec.SchemaProps{ Description: "nodeExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeExpandVolume call. This field is optional, may be omitted if no secret is required. If the secret object contains more than one secret, all secrets are passed.", - Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SecretReference"), }, }, }, @@ -73728,7 +72413,7 @@ func schema_k8sio_api_core_v1_CSIPersistentVolumeSource(ref common.ReferenceCall }, }, Dependencies: []string{ - corev1.SecretReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.SecretReference"}, } } @@ -73780,7 +72465,7 @@ func schema_k8sio_api_core_v1_CSIVolumeSource(ref common.ReferenceCallback) comm "nodePublishSecretRef": { SchemaProps: spec.SchemaProps{ Description: "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, }, @@ -73788,7 +72473,7 @@ func schema_k8sio_api_core_v1_CSIVolumeSource(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - corev1.LocalObjectReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.LocalObjectReference"}, } } @@ -73896,7 +72581,7 @@ func schema_k8sio_api_core_v1_CephFSPersistentVolumeSource(ref common.ReferenceC "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SecretReference"), }, }, "readOnly": { @@ -73911,7 +72596,7 @@ func schema_k8sio_api_core_v1_CephFSPersistentVolumeSource(ref common.ReferenceC }, }, Dependencies: []string{ - corev1.SecretReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.SecretReference"}, } } @@ -73966,7 +72651,7 @@ func schema_k8sio_api_core_v1_CephFSVolumeSource(ref common.ReferenceCallback) c "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, "readOnly": { @@ -73981,7 +72666,7 @@ func schema_k8sio_api_core_v1_CephFSVolumeSource(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - corev1.LocalObjectReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.LocalObjectReference"}, } } @@ -74017,7 +72702,7 @@ func schema_k8sio_api_core_v1_CinderPersistentVolumeSource(ref common.ReferenceC "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef is Optional: points to a secret object containing parameters used to connect to OpenStack.", - Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SecretReference"), }, }, }, @@ -74025,7 +72710,7 @@ func schema_k8sio_api_core_v1_CinderPersistentVolumeSource(ref common.ReferenceC }, }, Dependencies: []string{ - corev1.SecretReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.SecretReference"}, } } @@ -74061,7 +72746,7 @@ func schema_k8sio_api_core_v1_CinderVolumeSource(ref common.ReferenceCallback) c "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, }, @@ -74069,7 +72754,7 @@ func schema_k8sio_api_core_v1_CinderVolumeSource(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - corev1.LocalObjectReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.LocalObjectReference"}, } } @@ -74117,7 +72802,7 @@ func schema_k8sio_api_core_v1_ClusterTrustBundleProjection(ref common.ReferenceC "labelSelector": { SchemaProps: spec.SchemaProps{ Description: "Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as \"match nothing\". If set but empty, interpreted as \"match everything\".", - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, "optional": { @@ -74140,7 +72825,7 @@ func schema_k8sio_api_core_v1_ClusterTrustBundleProjection(ref common.ReferenceC }, }, Dependencies: []string{ - metav1.LabelSelector{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -74213,7 +72898,7 @@ func schema_k8sio_api_core_v1_ComponentStatus(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "conditions": { @@ -74234,7 +72919,7 @@ func schema_k8sio_api_core_v1_ComponentStatus(ref common.ReferenceCallback) comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ComponentCondition{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ComponentCondition"), }, }, }, @@ -74244,7 +72929,7 @@ func schema_k8sio_api_core_v1_ComponentStatus(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - corev1.ComponentCondition{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ComponentCondition", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -74273,7 +72958,7 @@ func schema_k8sio_api_core_v1_ComponentStatusList(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -74284,7 +72969,7 @@ func schema_k8sio_api_core_v1_ComponentStatusList(ref common.ReferenceCallback) Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ComponentStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ComponentStatus"), }, }, }, @@ -74295,7 +72980,7 @@ func schema_k8sio_api_core_v1_ComponentStatusList(ref common.ReferenceCallback) }, }, Dependencies: []string{ - corev1.ComponentStatus{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ComponentStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -74324,7 +73009,7 @@ func schema_k8sio_api_core_v1_ConfigMap(ref common.ReferenceCallback) common.Ope SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "immutable": { @@ -74369,7 +73054,7 @@ func schema_k8sio_api_core_v1_ConfigMap(ref common.ReferenceCallback) common.Ope }, }, Dependencies: []string{ - metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -74468,7 +73153,7 @@ func schema_k8sio_api_core_v1_ConfigMapList(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -74479,7 +73164,7 @@ func schema_k8sio_api_core_v1_ConfigMapList(ref common.ReferenceCallback) common Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ConfigMap{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ConfigMap"), }, }, }, @@ -74490,7 +73175,7 @@ func schema_k8sio_api_core_v1_ConfigMapList(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - corev1.ConfigMap{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ConfigMap", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -74574,7 +73259,7 @@ func schema_k8sio_api_core_v1_ConfigMapProjection(ref common.ReferenceCallback) Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.KeyToPath{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.KeyToPath"), }, }, }, @@ -74591,7 +73276,7 @@ func schema_k8sio_api_core_v1_ConfigMapProjection(ref common.ReferenceCallback) }, }, Dependencies: []string{ - corev1.KeyToPath{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.KeyToPath"}, } } @@ -74623,7 +73308,7 @@ func schema_k8sio_api_core_v1_ConfigMapVolumeSource(ref common.ReferenceCallback Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.KeyToPath{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.KeyToPath"), }, }, }, @@ -74647,7 +73332,7 @@ func schema_k8sio_api_core_v1_ConfigMapVolumeSource(ref common.ReferenceCallback }, }, Dependencies: []string{ - corev1.KeyToPath{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.KeyToPath"}, } } @@ -74739,7 +73424,7 @@ func schema_k8sio_api_core_v1_Container(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ContainerPort{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ContainerPort"), }, }, }, @@ -74758,7 +73443,7 @@ func schema_k8sio_api_core_v1_Container(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.EnvFromSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EnvFromSource"), }, }, }, @@ -74782,7 +73467,7 @@ func schema_k8sio_api_core_v1_Container(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EnvVar"), }, }, }, @@ -74792,7 +73477,7 @@ func schema_k8sio_api_core_v1_Container(ref common.ReferenceCallback) common.Ope SchemaProps: spec.SchemaProps{ Description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", Default: map[string]interface{}{}, - Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), }, }, "resizePolicy": { @@ -74802,13 +73487,13 @@ func schema_k8sio_api_core_v1_Container(ref common.ReferenceCallback) common.Ope }, }, SchemaProps: spec.SchemaProps{ - Description: "Resources resize policy for the container. This field cannot be set on ephemeral containers.", + Description: "Resources resize policy for the container.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ContainerResizePolicy{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ContainerResizePolicy"), }, }, }, @@ -74834,7 +73519,7 @@ func schema_k8sio_api_core_v1_Container(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ContainerRestartRule{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ContainerRestartRule"), }, }, }, @@ -74858,7 +73543,7 @@ func schema_k8sio_api_core_v1_Container(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.VolumeMount{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.VolumeMount"), }, }, }, @@ -74882,7 +73567,7 @@ func schema_k8sio_api_core_v1_Container(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.VolumeDevice{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.VolumeDevice"), }, }, }, @@ -74891,25 +73576,25 @@ func schema_k8sio_api_core_v1_Container(ref common.ReferenceCallback) common.Ope "livenessProbe": { SchemaProps: spec.SchemaProps{ Description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - Ref: ref(corev1.Probe{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Probe"), }, }, "readinessProbe": { SchemaProps: spec.SchemaProps{ Description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - Ref: ref(corev1.Probe{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Probe"), }, }, "startupProbe": { SchemaProps: spec.SchemaProps{ Description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - Ref: ref(corev1.Probe{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Probe"), }, }, "lifecycle": { SchemaProps: spec.SchemaProps{ Description: "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", - Ref: ref(corev1.Lifecycle{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Lifecycle"), }, }, "terminationMessagePath": { @@ -74938,7 +73623,7 @@ func schema_k8sio_api_core_v1_Container(ref common.ReferenceCallback) common.Ope "securityContext": { SchemaProps: spec.SchemaProps{ Description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", - Ref: ref(corev1.SecurityContext{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SecurityContext"), }, }, "stdin": { @@ -74967,7 +73652,7 @@ func schema_k8sio_api_core_v1_Container(ref common.ReferenceCallback) common.Ope }, }, Dependencies: []string{ - corev1.ContainerPort{}.OpenAPIModelName(), corev1.ContainerResizePolicy{}.OpenAPIModelName(), corev1.ContainerRestartRule{}.OpenAPIModelName(), corev1.EnvFromSource{}.OpenAPIModelName(), corev1.EnvVar{}.OpenAPIModelName(), corev1.Lifecycle{}.OpenAPIModelName(), corev1.Probe{}.OpenAPIModelName(), corev1.ResourceRequirements{}.OpenAPIModelName(), corev1.SecurityContext{}.OpenAPIModelName(), corev1.VolumeDevice{}.OpenAPIModelName(), corev1.VolumeMount{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ContainerPort", "k8s.io/api/core/v1.ContainerResizePolicy", "k8s.io/api/core/v1.ContainerRestartRule", "k8s.io/api/core/v1.EnvFromSource", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.Lifecycle", "k8s.io/api/core/v1.Probe", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.SecurityContext", "k8s.io/api/core/v1.VolumeDevice", "k8s.io/api/core/v1.VolumeMount"}, } } @@ -75148,7 +73833,7 @@ func schema_k8sio_api_core_v1_ContainerRestartRule(ref common.ReferenceCallback) "exitCodes": { SchemaProps: spec.SchemaProps{ Description: "Represents the exit codes to check on container exits.", - Ref: ref(corev1.ContainerRestartRuleOnExitCodes{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ContainerRestartRuleOnExitCodes"), }, }, }, @@ -75156,7 +73841,7 @@ func schema_k8sio_api_core_v1_ContainerRestartRule(ref common.ReferenceCallback) }, }, Dependencies: []string{ - corev1.ContainerRestartRuleOnExitCodes{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ContainerRestartRuleOnExitCodes"}, } } @@ -75211,26 +73896,26 @@ func schema_k8sio_api_core_v1_ContainerState(ref common.ReferenceCallback) commo "waiting": { SchemaProps: spec.SchemaProps{ Description: "Details about a waiting container", - Ref: ref(corev1.ContainerStateWaiting{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ContainerStateWaiting"), }, }, "running": { SchemaProps: spec.SchemaProps{ Description: "Details about a running container", - Ref: ref(corev1.ContainerStateRunning{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ContainerStateRunning"), }, }, "terminated": { SchemaProps: spec.SchemaProps{ Description: "Details about a terminated container", - Ref: ref(corev1.ContainerStateTerminated{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ContainerStateTerminated"), }, }, }, }, }, Dependencies: []string{ - corev1.ContainerStateRunning{}.OpenAPIModelName(), corev1.ContainerStateTerminated{}.OpenAPIModelName(), corev1.ContainerStateWaiting{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ContainerStateRunning", "k8s.io/api/core/v1.ContainerStateTerminated", "k8s.io/api/core/v1.ContainerStateWaiting"}, } } @@ -75244,14 +73929,14 @@ func schema_k8sio_api_core_v1_ContainerStateRunning(ref common.ReferenceCallback "startedAt": { SchemaProps: spec.SchemaProps{ Description: "Time at which the container was last (re-)started", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, }, }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -75294,13 +73979,13 @@ func schema_k8sio_api_core_v1_ContainerStateTerminated(ref common.ReferenceCallb "startedAt": { SchemaProps: spec.SchemaProps{ Description: "Time at which previous execution of the container started", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "finishedAt": { SchemaProps: spec.SchemaProps{ Description: "Time at which the container last terminated", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "containerID": { @@ -75315,7 +74000,7 @@ func schema_k8sio_api_core_v1_ContainerStateTerminated(ref common.ReferenceCallb }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -75365,14 +74050,14 @@ func schema_k8sio_api_core_v1_ContainerStatus(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "State holds details about the container's current condition.", Default: map[string]interface{}{}, - Ref: ref(corev1.ContainerState{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ContainerState"), }, }, "lastState": { SchemaProps: spec.SchemaProps{ Description: "LastTerminationState holds the last termination state of the container to help debug container crashes and restarts. This field is not populated if the container is still running and RestartCount is 0.", Default: map[string]interface{}{}, - Ref: ref(corev1.ContainerState{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ContainerState"), }, }, "ready": { @@ -75429,7 +74114,7 @@ func schema_k8sio_api_core_v1_ContainerStatus(ref common.ReferenceCallback) comm Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -75438,7 +74123,7 @@ func schema_k8sio_api_core_v1_ContainerStatus(ref common.ReferenceCallback) comm "resources": { SchemaProps: spec.SchemaProps{ Description: "Resources represents the compute resource requests and limits that have been successfully enacted on the running container after it has been started or has been successfully resized.", - Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), }, }, "volumeMounts": { @@ -75459,7 +74144,7 @@ func schema_k8sio_api_core_v1_ContainerStatus(ref common.ReferenceCallback) comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.VolumeMountStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.VolumeMountStatus"), }, }, }, @@ -75468,7 +74153,7 @@ func schema_k8sio_api_core_v1_ContainerStatus(ref common.ReferenceCallback) comm "user": { SchemaProps: spec.SchemaProps{ Description: "User represents user identity information initially attached to the first process of the container", - Ref: ref(corev1.ContainerUser{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ContainerUser"), }, }, "allocatedResourcesStatus": { @@ -75489,7 +74174,7 @@ func schema_k8sio_api_core_v1_ContainerStatus(ref common.ReferenceCallback) comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ResourceStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ResourceStatus"), }, }, }, @@ -75508,7 +74193,7 @@ func schema_k8sio_api_core_v1_ContainerStatus(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - corev1.ContainerState{}.OpenAPIModelName(), corev1.ContainerUser{}.OpenAPIModelName(), corev1.ResourceRequirements{}.OpenAPIModelName(), corev1.ResourceStatus{}.OpenAPIModelName(), corev1.VolumeMountStatus{}.OpenAPIModelName(), resource.Quantity{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ContainerState", "k8s.io/api/core/v1.ContainerUser", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.ResourceStatus", "k8s.io/api/core/v1.VolumeMountStatus", "k8s.io/apimachinery/pkg/api/resource.Quantity"}, } } @@ -75522,14 +74207,14 @@ func schema_k8sio_api_core_v1_ContainerUser(ref common.ReferenceCallback) common "linux": { SchemaProps: spec.SchemaProps{ Description: "Linux holds user identity information initially attached to the first process of the containers in Linux. Note that the actual running identity can be changed if the process has enough privilege to do so.", - Ref: ref(corev1.LinuxContainerUser{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LinuxContainerUser"), }, }, }, }, }, Dependencies: []string{ - corev1.LinuxContainerUser{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.LinuxContainerUser"}, } } @@ -75575,7 +74260,7 @@ func schema_k8sio_api_core_v1_DownwardAPIProjection(ref common.ReferenceCallback Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.DownwardAPIVolumeFile{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.DownwardAPIVolumeFile"), }, }, }, @@ -75585,7 +74270,7 @@ func schema_k8sio_api_core_v1_DownwardAPIProjection(ref common.ReferenceCallback }, }, Dependencies: []string{ - corev1.DownwardAPIVolumeFile{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.DownwardAPIVolumeFile"}, } } @@ -75607,13 +74292,13 @@ func schema_k8sio_api_core_v1_DownwardAPIVolumeFile(ref common.ReferenceCallback "fieldRef": { SchemaProps: spec.SchemaProps{ Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", - Ref: ref(corev1.ObjectFieldSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectFieldSelector"), }, }, "resourceFieldRef": { SchemaProps: spec.SchemaProps{ Description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", - Ref: ref(corev1.ResourceFieldSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ResourceFieldSelector"), }, }, "mode": { @@ -75628,7 +74313,7 @@ func schema_k8sio_api_core_v1_DownwardAPIVolumeFile(ref common.ReferenceCallback }, }, Dependencies: []string{ - corev1.ObjectFieldSelector{}.OpenAPIModelName(), corev1.ResourceFieldSelector{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ObjectFieldSelector", "k8s.io/api/core/v1.ResourceFieldSelector"}, } } @@ -75652,7 +74337,7 @@ func schema_k8sio_api_core_v1_DownwardAPIVolumeSource(ref common.ReferenceCallba Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.DownwardAPIVolumeFile{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.DownwardAPIVolumeFile"), }, }, }, @@ -75669,7 +74354,7 @@ func schema_k8sio_api_core_v1_DownwardAPIVolumeSource(ref common.ReferenceCallba }, }, Dependencies: []string{ - corev1.DownwardAPIVolumeFile{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.DownwardAPIVolumeFile"}, } } @@ -75690,14 +74375,14 @@ func schema_k8sio_api_core_v1_EmptyDirVolumeSource(ref common.ReferenceCallback) "sizeLimit": { SchemaProps: spec.SchemaProps{ Description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, }, }, Dependencies: []string{ - resource.Quantity{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/api/resource.Quantity"}, } } @@ -75733,7 +74418,7 @@ func schema_k8sio_api_core_v1_EndpointAddress(ref common.ReferenceCallback) comm "targetRef": { SchemaProps: spec.SchemaProps{ Description: "Reference to object providing the endpoint.", - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, }, @@ -75746,7 +74431,7 @@ func schema_k8sio_api_core_v1_EndpointAddress(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - corev1.ObjectReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ObjectReference"}, } } @@ -75819,7 +74504,7 @@ func schema_k8sio_api_core_v1_EndpointSubset(ref common.ReferenceCallback) commo Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.EndpointAddress{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EndpointAddress"), }, }, }, @@ -75838,7 +74523,7 @@ func schema_k8sio_api_core_v1_EndpointSubset(ref common.ReferenceCallback) commo Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.EndpointAddress{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EndpointAddress"), }, }, }, @@ -75857,7 +74542,7 @@ func schema_k8sio_api_core_v1_EndpointSubset(ref common.ReferenceCallback) commo Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.EndpointPort{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EndpointPort"), }, }, }, @@ -75867,7 +74552,7 @@ func schema_k8sio_api_core_v1_EndpointSubset(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - corev1.EndpointAddress{}.OpenAPIModelName(), corev1.EndpointPort{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.EndpointAddress", "k8s.io/api/core/v1.EndpointPort"}, } } @@ -75896,7 +74581,7 @@ func schema_k8sio_api_core_v1_Endpoints(ref common.ReferenceCallback) common.Ope SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "subsets": { @@ -75912,7 +74597,7 @@ func schema_k8sio_api_core_v1_Endpoints(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.EndpointSubset{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EndpointSubset"), }, }, }, @@ -75922,7 +74607,7 @@ func schema_k8sio_api_core_v1_Endpoints(ref common.ReferenceCallback) common.Ope }, }, Dependencies: []string{ - corev1.EndpointSubset{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.EndpointSubset", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -75951,7 +74636,7 @@ func schema_k8sio_api_core_v1_EndpointsList(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -75962,7 +74647,7 @@ func schema_k8sio_api_core_v1_EndpointsList(ref common.ReferenceCallback) common Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.Endpoints{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Endpoints"), }, }, }, @@ -75973,7 +74658,7 @@ func schema_k8sio_api_core_v1_EndpointsList(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - corev1.Endpoints{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.Endpoints", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -75994,20 +74679,20 @@ func schema_k8sio_api_core_v1_EnvFromSource(ref common.ReferenceCallback) common "configMapRef": { SchemaProps: spec.SchemaProps{ Description: "The ConfigMap to select from", - Ref: ref(corev1.ConfigMapEnvSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ConfigMapEnvSource"), }, }, "secretRef": { SchemaProps: spec.SchemaProps{ Description: "The Secret to select from", - Ref: ref(corev1.SecretEnvSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SecretEnvSource"), }, }, }, }, }, Dependencies: []string{ - corev1.ConfigMapEnvSource{}.OpenAPIModelName(), corev1.SecretEnvSource{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ConfigMapEnvSource", "k8s.io/api/core/v1.SecretEnvSource"}, } } @@ -76036,7 +74721,7 @@ func schema_k8sio_api_core_v1_EnvVar(ref common.ReferenceCallback) common.OpenAP "valueFrom": { SchemaProps: spec.SchemaProps{ Description: "Source for the environment variable's value. Cannot be used if value is not empty.", - Ref: ref(corev1.EnvVarSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EnvVarSource"), }, }, }, @@ -76044,7 +74729,7 @@ func schema_k8sio_api_core_v1_EnvVar(ref common.ReferenceCallback) common.OpenAP }, }, Dependencies: []string{ - corev1.EnvVarSource{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.EnvVarSource"}, } } @@ -76058,38 +74743,38 @@ func schema_k8sio_api_core_v1_EnvVarSource(ref common.ReferenceCallback) common. "fieldRef": { SchemaProps: spec.SchemaProps{ Description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - Ref: ref(corev1.ObjectFieldSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectFieldSelector"), }, }, "resourceFieldRef": { SchemaProps: spec.SchemaProps{ Description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - Ref: ref(corev1.ResourceFieldSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ResourceFieldSelector"), }, }, "configMapKeyRef": { SchemaProps: spec.SchemaProps{ Description: "Selects a key of a ConfigMap.", - Ref: ref(corev1.ConfigMapKeySelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ConfigMapKeySelector"), }, }, "secretKeyRef": { SchemaProps: spec.SchemaProps{ Description: "Selects a key of a secret in the pod's namespace", - Ref: ref(corev1.SecretKeySelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SecretKeySelector"), }, }, "fileKeyRef": { SchemaProps: spec.SchemaProps{ Description: "FileKeyRef selects a key of the env file. Requires the EnvFiles feature gate to be enabled.", - Ref: ref(corev1.FileKeySelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.FileKeySelector"), }, }, }, }, }, Dependencies: []string{ - corev1.ConfigMapKeySelector{}.OpenAPIModelName(), corev1.FileKeySelector{}.OpenAPIModelName(), corev1.ObjectFieldSelector{}.OpenAPIModelName(), corev1.ResourceFieldSelector{}.OpenAPIModelName(), corev1.SecretKeySelector{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ConfigMapKeySelector", "k8s.io/api/core/v1.FileKeySelector", "k8s.io/api/core/v1.ObjectFieldSelector", "k8s.io/api/core/v1.ResourceFieldSelector", "k8s.io/api/core/v1.SecretKeySelector"}, } } @@ -76181,7 +74866,7 @@ func schema_k8sio_api_core_v1_EphemeralContainer(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ContainerPort{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ContainerPort"), }, }, }, @@ -76200,7 +74885,7 @@ func schema_k8sio_api_core_v1_EphemeralContainer(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.EnvFromSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EnvFromSource"), }, }, }, @@ -76224,7 +74909,7 @@ func schema_k8sio_api_core_v1_EphemeralContainer(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EnvVar"), }, }, }, @@ -76234,7 +74919,7 @@ func schema_k8sio_api_core_v1_EphemeralContainer(ref common.ReferenceCallback) c SchemaProps: spec.SchemaProps{ Description: "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.", Default: map[string]interface{}{}, - Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), }, }, "resizePolicy": { @@ -76250,7 +74935,7 @@ func schema_k8sio_api_core_v1_EphemeralContainer(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ContainerResizePolicy{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ContainerResizePolicy"), }, }, }, @@ -76276,7 +74961,7 @@ func schema_k8sio_api_core_v1_EphemeralContainer(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ContainerRestartRule{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ContainerRestartRule"), }, }, }, @@ -76300,7 +74985,7 @@ func schema_k8sio_api_core_v1_EphemeralContainer(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.VolumeMount{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.VolumeMount"), }, }, }, @@ -76324,7 +75009,7 @@ func schema_k8sio_api_core_v1_EphemeralContainer(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.VolumeDevice{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.VolumeDevice"), }, }, }, @@ -76333,25 +75018,25 @@ func schema_k8sio_api_core_v1_EphemeralContainer(ref common.ReferenceCallback) c "livenessProbe": { SchemaProps: spec.SchemaProps{ Description: "Probes are not allowed for ephemeral containers.", - Ref: ref(corev1.Probe{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Probe"), }, }, "readinessProbe": { SchemaProps: spec.SchemaProps{ Description: "Probes are not allowed for ephemeral containers.", - Ref: ref(corev1.Probe{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Probe"), }, }, "startupProbe": { SchemaProps: spec.SchemaProps{ Description: "Probes are not allowed for ephemeral containers.", - Ref: ref(corev1.Probe{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Probe"), }, }, "lifecycle": { SchemaProps: spec.SchemaProps{ Description: "Lifecycle is not allowed for ephemeral containers.", - Ref: ref(corev1.Lifecycle{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Lifecycle"), }, }, "terminationMessagePath": { @@ -76380,7 +75065,7 @@ func schema_k8sio_api_core_v1_EphemeralContainer(ref common.ReferenceCallback) c "securityContext": { SchemaProps: spec.SchemaProps{ Description: "Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.", - Ref: ref(corev1.SecurityContext{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SecurityContext"), }, }, "stdin": { @@ -76416,7 +75101,7 @@ func schema_k8sio_api_core_v1_EphemeralContainer(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - corev1.ContainerPort{}.OpenAPIModelName(), corev1.ContainerResizePolicy{}.OpenAPIModelName(), corev1.ContainerRestartRule{}.OpenAPIModelName(), corev1.EnvFromSource{}.OpenAPIModelName(), corev1.EnvVar{}.OpenAPIModelName(), corev1.Lifecycle{}.OpenAPIModelName(), corev1.Probe{}.OpenAPIModelName(), corev1.ResourceRequirements{}.OpenAPIModelName(), corev1.SecurityContext{}.OpenAPIModelName(), corev1.VolumeDevice{}.OpenAPIModelName(), corev1.VolumeMount{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ContainerPort", "k8s.io/api/core/v1.ContainerResizePolicy", "k8s.io/api/core/v1.ContainerRestartRule", "k8s.io/api/core/v1.EnvFromSource", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.Lifecycle", "k8s.io/api/core/v1.Probe", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.SecurityContext", "k8s.io/api/core/v1.VolumeDevice", "k8s.io/api/core/v1.VolumeMount"}, } } @@ -76508,7 +75193,7 @@ func schema_k8sio_api_core_v1_EphemeralContainerCommon(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ContainerPort{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ContainerPort"), }, }, }, @@ -76527,7 +75212,7 @@ func schema_k8sio_api_core_v1_EphemeralContainerCommon(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.EnvFromSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EnvFromSource"), }, }, }, @@ -76551,7 +75236,7 @@ func schema_k8sio_api_core_v1_EphemeralContainerCommon(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EnvVar"), }, }, }, @@ -76561,7 +75246,7 @@ func schema_k8sio_api_core_v1_EphemeralContainerCommon(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.", Default: map[string]interface{}{}, - Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), }, }, "resizePolicy": { @@ -76577,7 +75262,7 @@ func schema_k8sio_api_core_v1_EphemeralContainerCommon(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ContainerResizePolicy{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ContainerResizePolicy"), }, }, }, @@ -76603,7 +75288,7 @@ func schema_k8sio_api_core_v1_EphemeralContainerCommon(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ContainerRestartRule{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ContainerRestartRule"), }, }, }, @@ -76627,7 +75312,7 @@ func schema_k8sio_api_core_v1_EphemeralContainerCommon(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.VolumeMount{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.VolumeMount"), }, }, }, @@ -76651,7 +75336,7 @@ func schema_k8sio_api_core_v1_EphemeralContainerCommon(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.VolumeDevice{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.VolumeDevice"), }, }, }, @@ -76660,25 +75345,25 @@ func schema_k8sio_api_core_v1_EphemeralContainerCommon(ref common.ReferenceCallb "livenessProbe": { SchemaProps: spec.SchemaProps{ Description: "Probes are not allowed for ephemeral containers.", - Ref: ref(corev1.Probe{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Probe"), }, }, "readinessProbe": { SchemaProps: spec.SchemaProps{ Description: "Probes are not allowed for ephemeral containers.", - Ref: ref(corev1.Probe{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Probe"), }, }, "startupProbe": { SchemaProps: spec.SchemaProps{ Description: "Probes are not allowed for ephemeral containers.", - Ref: ref(corev1.Probe{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Probe"), }, }, "lifecycle": { SchemaProps: spec.SchemaProps{ Description: "Lifecycle is not allowed for ephemeral containers.", - Ref: ref(corev1.Lifecycle{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Lifecycle"), }, }, "terminationMessagePath": { @@ -76707,7 +75392,7 @@ func schema_k8sio_api_core_v1_EphemeralContainerCommon(ref common.ReferenceCallb "securityContext": { SchemaProps: spec.SchemaProps{ Description: "Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.", - Ref: ref(corev1.SecurityContext{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SecurityContext"), }, }, "stdin": { @@ -76736,7 +75421,7 @@ func schema_k8sio_api_core_v1_EphemeralContainerCommon(ref common.ReferenceCallb }, }, Dependencies: []string{ - corev1.ContainerPort{}.OpenAPIModelName(), corev1.ContainerResizePolicy{}.OpenAPIModelName(), corev1.ContainerRestartRule{}.OpenAPIModelName(), corev1.EnvFromSource{}.OpenAPIModelName(), corev1.EnvVar{}.OpenAPIModelName(), corev1.Lifecycle{}.OpenAPIModelName(), corev1.Probe{}.OpenAPIModelName(), corev1.ResourceRequirements{}.OpenAPIModelName(), corev1.SecurityContext{}.OpenAPIModelName(), corev1.VolumeDevice{}.OpenAPIModelName(), corev1.VolumeMount{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ContainerPort", "k8s.io/api/core/v1.ContainerResizePolicy", "k8s.io/api/core/v1.ContainerRestartRule", "k8s.io/api/core/v1.EnvFromSource", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.Lifecycle", "k8s.io/api/core/v1.Probe", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.SecurityContext", "k8s.io/api/core/v1.VolumeDevice", "k8s.io/api/core/v1.VolumeMount"}, } } @@ -76750,14 +75435,14 @@ func schema_k8sio_api_core_v1_EphemeralVolumeSource(ref common.ReferenceCallback "volumeClaimTemplate": { SchemaProps: spec.SchemaProps{ Description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes to the PVC after it has been created.\n\nRequired, must not be nil.", - Ref: ref(corev1.PersistentVolumeClaimTemplate{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PersistentVolumeClaimTemplate"), }, }, }, }, }, Dependencies: []string{ - corev1.PersistentVolumeClaimTemplate{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.PersistentVolumeClaimTemplate"}, } } @@ -76786,14 +75471,14 @@ func schema_k8sio_api_core_v1_Event(ref common.ReferenceCallback) common.OpenAPI SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "involvedObject": { SchemaProps: spec.SchemaProps{ Description: "The object that this event is about.", Default: map[string]interface{}{}, - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, "reason": { @@ -76814,19 +75499,19 @@ func schema_k8sio_api_core_v1_Event(ref common.ReferenceCallback) common.OpenAPI SchemaProps: spec.SchemaProps{ Description: "The component reporting this event. Should be a short machine understandable string.", Default: map[string]interface{}{}, - Ref: ref(corev1.EventSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EventSource"), }, }, "firstTimestamp": { SchemaProps: spec.SchemaProps{ Description: "The time at which the event was first recorded. (Time of server receipt is in TypeMeta.)", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "lastTimestamp": { SchemaProps: spec.SchemaProps{ Description: "The time at which the most recent occurrence of this event was recorded.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "count": { @@ -76846,13 +75531,13 @@ func schema_k8sio_api_core_v1_Event(ref common.ReferenceCallback) common.OpenAPI "eventTime": { SchemaProps: spec.SchemaProps{ Description: "Time when this Event was first observed.", - Ref: ref(metav1.MicroTime{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime"), }, }, "series": { SchemaProps: spec.SchemaProps{ Description: "Data about the Event series this event represents or nil if it's a singleton Event.", - Ref: ref(corev1.EventSeries{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EventSeries"), }, }, "action": { @@ -76865,7 +75550,7 @@ func schema_k8sio_api_core_v1_Event(ref common.ReferenceCallback) common.OpenAPI "related": { SchemaProps: spec.SchemaProps{ Description: "Optional secondary object for more complex actions.", - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, "reportingComponent": { @@ -76889,7 +75574,7 @@ func schema_k8sio_api_core_v1_Event(ref common.ReferenceCallback) common.OpenAPI }, }, Dependencies: []string{ - corev1.EventSeries{}.OpenAPIModelName(), corev1.EventSource{}.OpenAPIModelName(), corev1.ObjectReference{}.OpenAPIModelName(), metav1.MicroTime{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.EventSeries", "k8s.io/api/core/v1.EventSource", "k8s.io/api/core/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -76918,7 +75603,7 @@ func schema_k8sio_api_core_v1_EventList(ref common.ReferenceCallback) common.Ope SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -76929,7 +75614,7 @@ func schema_k8sio_api_core_v1_EventList(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.Event{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Event"), }, }, }, @@ -76940,7 +75625,7 @@ func schema_k8sio_api_core_v1_EventList(ref common.ReferenceCallback) common.Ope }, }, Dependencies: []string{ - corev1.Event{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.Event", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -76961,14 +75646,14 @@ func schema_k8sio_api_core_v1_EventSeries(ref common.ReferenceCallback) common.O "lastObservedTime": { SchemaProps: spec.SchemaProps{ Description: "Time of the last occurrence observed", - Ref: ref(metav1.MicroTime{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime"), }, }, }, }, }, Dependencies: []string{ - metav1.MicroTime{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime"}, } } @@ -77182,7 +75867,7 @@ func schema_k8sio_api_core_v1_FlexPersistentVolumeSource(ref common.ReferenceCal "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef is Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.", - Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SecretReference"), }, }, "readOnly": { @@ -77213,7 +75898,7 @@ func schema_k8sio_api_core_v1_FlexPersistentVolumeSource(ref common.ReferenceCal }, }, Dependencies: []string{ - corev1.SecretReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.SecretReference"}, } } @@ -77242,7 +75927,7 @@ func schema_k8sio_api_core_v1_FlexVolumeSource(ref common.ReferenceCallback) com "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, "readOnly": { @@ -77273,7 +75958,7 @@ func schema_k8sio_api_core_v1_FlexVolumeSource(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - corev1.LocalObjectReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.LocalObjectReference"}, } } @@ -77511,7 +76196,7 @@ func schema_k8sio_api_core_v1_HTTPGetAction(ref common.ReferenceCallback) common "port": { SchemaProps: spec.SchemaProps{ Description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", - Ref: ref(intstr.IntOrString{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/util/intstr.IntOrString"), }, }, "host": { @@ -77542,7 +76227,7 @@ func schema_k8sio_api_core_v1_HTTPGetAction(ref common.ReferenceCallback) common Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.HTTPHeader{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.HTTPHeader"), }, }, }, @@ -77553,7 +76238,7 @@ func schema_k8sio_api_core_v1_HTTPGetAction(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - corev1.HTTPHeader{}.OpenAPIModelName(), intstr.IntOrString{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.HTTPHeader", "k8s.io/apimachinery/pkg/util/intstr.IntOrString"}, } } @@ -77771,7 +76456,7 @@ func schema_k8sio_api_core_v1_ISCSIPersistentVolumeSource(ref common.ReferenceCa "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication", - Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SecretReference"), }, }, "initiatorName": { @@ -77786,7 +76471,7 @@ func schema_k8sio_api_core_v1_ISCSIPersistentVolumeSource(ref common.ReferenceCa }, }, Dependencies: []string{ - corev1.SecretReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.SecretReference"}, } } @@ -77880,7 +76565,7 @@ func schema_k8sio_api_core_v1_ISCSIVolumeSource(ref common.ReferenceCallback) co "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, "initiatorName": { @@ -77895,7 +76580,7 @@ func schema_k8sio_api_core_v1_ISCSIVolumeSource(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - corev1.LocalObjectReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.LocalObjectReference"}, } } @@ -77974,13 +76659,13 @@ func schema_k8sio_api_core_v1_Lifecycle(ref common.ReferenceCallback) common.Ope "postStart": { SchemaProps: spec.SchemaProps{ Description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - Ref: ref(corev1.LifecycleHandler{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LifecycleHandler"), }, }, "preStop": { SchemaProps: spec.SchemaProps{ Description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - Ref: ref(corev1.LifecycleHandler{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LifecycleHandler"), }, }, "stopSignal": { @@ -77995,7 +76680,7 @@ func schema_k8sio_api_core_v1_Lifecycle(ref common.ReferenceCallback) common.Ope }, }, Dependencies: []string{ - corev1.LifecycleHandler{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.LifecycleHandler"}, } } @@ -78009,32 +76694,32 @@ func schema_k8sio_api_core_v1_LifecycleHandler(ref common.ReferenceCallback) com "exec": { SchemaProps: spec.SchemaProps{ Description: "Exec specifies a command to execute in the container.", - Ref: ref(corev1.ExecAction{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ExecAction"), }, }, "httpGet": { SchemaProps: spec.SchemaProps{ Description: "HTTPGet specifies an HTTP GET request to perform.", - Ref: ref(corev1.HTTPGetAction{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.HTTPGetAction"), }, }, "tcpSocket": { SchemaProps: spec.SchemaProps{ Description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified.", - Ref: ref(corev1.TCPSocketAction{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.TCPSocketAction"), }, }, "sleep": { SchemaProps: spec.SchemaProps{ Description: "Sleep represents a duration that the container should sleep.", - Ref: ref(corev1.SleepAction{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SleepAction"), }, }, }, }, }, Dependencies: []string{ - corev1.ExecAction{}.OpenAPIModelName(), corev1.HTTPGetAction{}.OpenAPIModelName(), corev1.SleepAction{}.OpenAPIModelName(), corev1.TCPSocketAction{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ExecAction", "k8s.io/api/core/v1.HTTPGetAction", "k8s.io/api/core/v1.SleepAction", "k8s.io/api/core/v1.TCPSocketAction"}, } } @@ -78063,21 +76748,21 @@ func schema_k8sio_api_core_v1_LimitRange(ref common.ReferenceCallback) common.Op SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec defines the limits enforced. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref(corev1.LimitRangeSpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LimitRangeSpec"), }, }, }, }, }, Dependencies: []string{ - corev1.LimitRangeSpec{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.LimitRangeSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -78104,7 +76789,7 @@ func schema_k8sio_api_core_v1_LimitRangeItem(ref common.ReferenceCallback) commo Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -78118,7 +76803,7 @@ func schema_k8sio_api_core_v1_LimitRangeItem(ref common.ReferenceCallback) commo Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -78132,7 +76817,7 @@ func schema_k8sio_api_core_v1_LimitRangeItem(ref common.ReferenceCallback) commo Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -78146,7 +76831,7 @@ func schema_k8sio_api_core_v1_LimitRangeItem(ref common.ReferenceCallback) commo Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -78160,7 +76845,7 @@ func schema_k8sio_api_core_v1_LimitRangeItem(ref common.ReferenceCallback) commo Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -78171,7 +76856,7 @@ func schema_k8sio_api_core_v1_LimitRangeItem(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - resource.Quantity{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/api/resource.Quantity"}, } } @@ -78200,7 +76885,7 @@ func schema_k8sio_api_core_v1_LimitRangeList(ref common.ReferenceCallback) commo SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -78211,7 +76896,7 @@ func schema_k8sio_api_core_v1_LimitRangeList(ref common.ReferenceCallback) commo Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.LimitRange{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LimitRange"), }, }, }, @@ -78222,7 +76907,7 @@ func schema_k8sio_api_core_v1_LimitRangeList(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - corev1.LimitRange{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.LimitRange", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -78246,7 +76931,7 @@ func schema_k8sio_api_core_v1_LimitRangeSpec(ref common.ReferenceCallback) commo Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.LimitRangeItem{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LimitRangeItem"), }, }, }, @@ -78257,7 +76942,7 @@ func schema_k8sio_api_core_v1_LimitRangeSpec(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - corev1.LimitRangeItem{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.LimitRangeItem"}, } } @@ -78336,7 +77021,7 @@ func schema_k8sio_api_core_v1_List(ref common.ReferenceCallback) common.OpenAPID SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -78346,7 +77031,7 @@ func schema_k8sio_api_core_v1_List(ref common.ReferenceCallback) common.OpenAPID Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -78357,7 +77042,7 @@ func schema_k8sio_api_core_v1_List(ref common.ReferenceCallback) common.OpenAPID }, }, Dependencies: []string{ - metav1.ListMeta{}.OpenAPIModelName(), runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -78402,7 +77087,7 @@ func schema_k8sio_api_core_v1_LoadBalancerIngress(ref common.ReferenceCallback) Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.PortStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PortStatus"), }, }, }, @@ -78412,7 +77097,7 @@ func schema_k8sio_api_core_v1_LoadBalancerIngress(ref common.ReferenceCallback) }, }, Dependencies: []string{ - corev1.PortStatus{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.PortStatus"}, } } @@ -78436,7 +77121,7 @@ func schema_k8sio_api_core_v1_LoadBalancerStatus(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.LoadBalancerIngress{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LoadBalancerIngress"), }, }, }, @@ -78446,7 +77131,7 @@ func schema_k8sio_api_core_v1_LoadBalancerStatus(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - corev1.LoadBalancerIngress{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.LoadBalancerIngress"}, } } @@ -78597,28 +77282,28 @@ func schema_k8sio_api_core_v1_Namespace(ref common.ReferenceCallback) common.Ope SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec defines the behavior of the Namespace. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref(corev1.NamespaceSpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NamespaceSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "Status describes the current status of a Namespace. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref(corev1.NamespaceStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NamespaceStatus"), }, }, }, }, }, Dependencies: []string{ - corev1.NamespaceSpec{}.OpenAPIModelName(), corev1.NamespaceStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.NamespaceSpec", "k8s.io/api/core/v1.NamespaceStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -78648,7 +77333,7 @@ func schema_k8sio_api_core_v1_NamespaceCondition(ref common.ReferenceCallback) c "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "Last time the condition transitioned from one status to another.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "reason": { @@ -78670,7 +77355,7 @@ func schema_k8sio_api_core_v1_NamespaceCondition(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -78699,7 +77384,7 @@ func schema_k8sio_api_core_v1_NamespaceList(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -78710,7 +77395,7 @@ func schema_k8sio_api_core_v1_NamespaceList(ref common.ReferenceCallback) common Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.Namespace{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Namespace"), }, }, }, @@ -78721,7 +77406,7 @@ func schema_k8sio_api_core_v1_NamespaceList(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - corev1.Namespace{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.Namespace", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -78791,7 +77476,7 @@ func schema_k8sio_api_core_v1_NamespaceStatus(ref common.ReferenceCallback) comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.NamespaceCondition{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NamespaceCondition"), }, }, }, @@ -78801,7 +77486,7 @@ func schema_k8sio_api_core_v1_NamespaceStatus(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - corev1.NamespaceCondition{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.NamespaceCondition"}, } } @@ -78830,28 +77515,28 @@ func schema_k8sio_api_core_v1_Node(ref common.ReferenceCallback) common.OpenAPID SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec defines the behavior of a node. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref(corev1.NodeSpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NodeSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "Most recently observed status of the node. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref(corev1.NodeStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NodeStatus"), }, }, }, }, }, Dependencies: []string{ - corev1.NodeSpec{}.OpenAPIModelName(), corev1.NodeStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.NodeSpec", "k8s.io/api/core/v1.NodeStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -78895,7 +77580,7 @@ func schema_k8sio_api_core_v1_NodeAffinity(ref common.ReferenceCallback) common. "requiredDuringSchedulingIgnoredDuringExecution": { SchemaProps: spec.SchemaProps{ Description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", - Ref: ref(corev1.NodeSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NodeSelector"), }, }, "preferredDuringSchedulingIgnoredDuringExecution": { @@ -78911,7 +77596,7 @@ func schema_k8sio_api_core_v1_NodeAffinity(ref common.ReferenceCallback) common. Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.PreferredSchedulingTerm{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PreferredSchedulingTerm"), }, }, }, @@ -78921,7 +77606,7 @@ func schema_k8sio_api_core_v1_NodeAffinity(ref common.ReferenceCallback) common. }, }, Dependencies: []string{ - corev1.NodeSelector{}.OpenAPIModelName(), corev1.PreferredSchedulingTerm{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.NodeSelector", "k8s.io/api/core/v1.PreferredSchedulingTerm"}, } } @@ -78951,13 +77636,13 @@ func schema_k8sio_api_core_v1_NodeCondition(ref common.ReferenceCallback) common "lastHeartbeatTime": { SchemaProps: spec.SchemaProps{ Description: "Last time we got an update on a given condition.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "Last time the condition transit from one status to another.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "reason": { @@ -78979,7 +77664,7 @@ func schema_k8sio_api_core_v1_NodeCondition(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -78993,14 +77678,14 @@ func schema_k8sio_api_core_v1_NodeConfigSource(ref common.ReferenceCallback) com "configMap": { SchemaProps: spec.SchemaProps{ Description: "ConfigMap is a reference to a Node's ConfigMap", - Ref: ref(corev1.ConfigMapNodeConfigSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ConfigMapNodeConfigSource"), }, }, }, }, }, Dependencies: []string{ - corev1.ConfigMapNodeConfigSource{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ConfigMapNodeConfigSource"}, } } @@ -79014,19 +77699,19 @@ func schema_k8sio_api_core_v1_NodeConfigStatus(ref common.ReferenceCallback) com "assigned": { SchemaProps: spec.SchemaProps{ Description: "Assigned reports the checkpointed config the node will try to use. When Node.Spec.ConfigSource is updated, the node checkpoints the associated config payload to local disk, along with a record indicating intended config. The node refers to this record to choose its config checkpoint, and reports this record in Assigned. Assigned only updates in the status after the record has been checkpointed to disk. When the Kubelet is restarted, it tries to make the Assigned config the Active config by loading and validating the checkpointed payload identified by Assigned.", - Ref: ref(corev1.NodeConfigSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NodeConfigSource"), }, }, "active": { SchemaProps: spec.SchemaProps{ Description: "Active reports the checkpointed config the node is actively using. Active will represent either the current version of the Assigned config, or the current LastKnownGood config, depending on whether attempting to use the Assigned config results in an error.", - Ref: ref(corev1.NodeConfigSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NodeConfigSource"), }, }, "lastKnownGood": { SchemaProps: spec.SchemaProps{ Description: "LastKnownGood reports the checkpointed config the node will fall back to when it encounters an error attempting to use the Assigned config. The Assigned config becomes the LastKnownGood config when the node determines that the Assigned config is stable and correct. This is currently implemented as a 10-minute soak period starting when the local record of Assigned config is updated. If the Assigned config is Active at the end of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, because the local default config is always assumed good. You should not make assumptions about the node's method of determining config stability and correctness, as this may change or become configurable in the future.", - Ref: ref(corev1.NodeConfigSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NodeConfigSource"), }, }, "error": { @@ -79040,7 +77725,7 @@ func schema_k8sio_api_core_v1_NodeConfigStatus(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - corev1.NodeConfigSource{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.NodeConfigSource"}, } } @@ -79055,14 +77740,14 @@ func schema_k8sio_api_core_v1_NodeDaemonEndpoints(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "Endpoint on which Kubelet is listening.", Default: map[string]interface{}{}, - Ref: ref(corev1.DaemonEndpoint{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.DaemonEndpoint"), }, }, }, }, }, Dependencies: []string{ - corev1.DaemonEndpoint{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.DaemonEndpoint"}, } } @@ -79111,7 +77796,7 @@ func schema_k8sio_api_core_v1_NodeList(ref common.ReferenceCallback) common.Open SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -79122,7 +77807,7 @@ func schema_k8sio_api_core_v1_NodeList(ref common.ReferenceCallback) common.Open Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.Node{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Node"), }, }, }, @@ -79133,7 +77818,7 @@ func schema_k8sio_api_core_v1_NodeList(ref common.ReferenceCallback) common.Open }, }, Dependencies: []string{ - corev1.Node{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.Node", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -79189,14 +77874,14 @@ func schema_k8sio_api_core_v1_NodeRuntimeHandler(ref common.ReferenceCallback) c "features": { SchemaProps: spec.SchemaProps{ Description: "Supported features.", - Ref: ref(corev1.NodeRuntimeHandlerFeatures{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NodeRuntimeHandlerFeatures"), }, }, }, }, }, Dependencies: []string{ - corev1.NodeRuntimeHandlerFeatures{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.NodeRuntimeHandlerFeatures"}, } } @@ -79247,7 +77932,7 @@ func schema_k8sio_api_core_v1_NodeSelector(ref common.ReferenceCallback) common. Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.NodeSelectorTerm{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NodeSelectorTerm"), }, }, }, @@ -79263,7 +77948,7 @@ func schema_k8sio_api_core_v1_NodeSelector(ref common.ReferenceCallback) common. }, }, Dependencies: []string{ - corev1.NodeSelectorTerm{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.NodeSelectorTerm"}, } } @@ -79338,7 +78023,7 @@ func schema_k8sio_api_core_v1_NodeSelectorTerm(ref common.ReferenceCallback) com Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.NodeSelectorRequirement{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NodeSelectorRequirement"), }, }, }, @@ -79357,7 +78042,7 @@ func schema_k8sio_api_core_v1_NodeSelectorTerm(ref common.ReferenceCallback) com Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.NodeSelectorRequirement{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NodeSelectorRequirement"), }, }, }, @@ -79372,7 +78057,7 @@ func schema_k8sio_api_core_v1_NodeSelectorTerm(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - corev1.NodeSelectorRequirement{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.NodeSelectorRequirement"}, } } @@ -79438,7 +78123,7 @@ func schema_k8sio_api_core_v1_NodeSpec(ref common.ReferenceCallback) common.Open Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.Taint{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Taint"), }, }, }, @@ -79447,7 +78132,7 @@ func schema_k8sio_api_core_v1_NodeSpec(ref common.ReferenceCallback) common.Open "configSource": { SchemaProps: spec.SchemaProps{ Description: "Deprecated: Previously used to specify the source of the node's configuration for the DynamicKubeletConfig feature. This feature is removed.", - Ref: ref(corev1.NodeConfigSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NodeConfigSource"), }, }, "externalID": { @@ -79461,7 +78146,7 @@ func schema_k8sio_api_core_v1_NodeSpec(ref common.ReferenceCallback) common.Open }, }, Dependencies: []string{ - corev1.NodeConfigSource{}.OpenAPIModelName(), corev1.Taint{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.NodeConfigSource", "k8s.io/api/core/v1.Taint"}, } } @@ -79480,7 +78165,7 @@ func schema_k8sio_api_core_v1_NodeStatus(ref common.ReferenceCallback) common.Op Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -79494,7 +78179,7 @@ func schema_k8sio_api_core_v1_NodeStatus(ref common.ReferenceCallback) common.Op Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -79526,7 +78211,7 @@ func schema_k8sio_api_core_v1_NodeStatus(ref common.ReferenceCallback) common.Op Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.NodeCondition{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NodeCondition"), }, }, }, @@ -79550,7 +78235,7 @@ func schema_k8sio_api_core_v1_NodeStatus(ref common.ReferenceCallback) common.Op Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.NodeAddress{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NodeAddress"), }, }, }, @@ -79560,14 +78245,14 @@ func schema_k8sio_api_core_v1_NodeStatus(ref common.ReferenceCallback) common.Op SchemaProps: spec.SchemaProps{ Description: "Endpoints of daemons running on the Node.", Default: map[string]interface{}{}, - Ref: ref(corev1.NodeDaemonEndpoints{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NodeDaemonEndpoints"), }, }, "nodeInfo": { SchemaProps: spec.SchemaProps{ Description: "Set of ids/uuids to uniquely identify the node. More info: https://kubernetes.io/docs/reference/node/node-status/#info", Default: map[string]interface{}{}, - Ref: ref(corev1.NodeSystemInfo{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NodeSystemInfo"), }, }, "images": { @@ -79583,7 +78268,7 @@ func schema_k8sio_api_core_v1_NodeStatus(ref common.ReferenceCallback) common.Op Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ContainerImage{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ContainerImage"), }, }, }, @@ -79622,7 +78307,7 @@ func schema_k8sio_api_core_v1_NodeStatus(ref common.ReferenceCallback) common.Op Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.AttachedVolume{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.AttachedVolume"), }, }, }, @@ -79631,7 +78316,7 @@ func schema_k8sio_api_core_v1_NodeStatus(ref common.ReferenceCallback) common.Op "config": { SchemaProps: spec.SchemaProps{ Description: "Status of the config assigned to the node via the dynamic Kubelet config feature.", - Ref: ref(corev1.NodeConfigStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NodeConfigStatus"), }, }, "runtimeHandlers": { @@ -79647,7 +78332,7 @@ func schema_k8sio_api_core_v1_NodeStatus(ref common.ReferenceCallback) common.Op Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.NodeRuntimeHandler{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NodeRuntimeHandler"), }, }, }, @@ -79656,34 +78341,14 @@ func schema_k8sio_api_core_v1_NodeStatus(ref common.ReferenceCallback) common.Op "features": { SchemaProps: spec.SchemaProps{ Description: "Features describes the set of features implemented by the CRI implementation.", - Ref: ref(corev1.NodeFeatures{}.OpenAPIModelName()), - }, - }, - "declaredFeatures": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "DeclaredFeatures represents the features related to feature gates that are declared by the node.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Ref: ref("k8s.io/api/core/v1.NodeFeatures"), }, }, }, }, }, Dependencies: []string{ - corev1.AttachedVolume{}.OpenAPIModelName(), corev1.ContainerImage{}.OpenAPIModelName(), corev1.NodeAddress{}.OpenAPIModelName(), corev1.NodeCondition{}.OpenAPIModelName(), corev1.NodeConfigStatus{}.OpenAPIModelName(), corev1.NodeDaemonEndpoints{}.OpenAPIModelName(), corev1.NodeFeatures{}.OpenAPIModelName(), corev1.NodeRuntimeHandler{}.OpenAPIModelName(), corev1.NodeSystemInfo{}.OpenAPIModelName(), resource.Quantity{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.AttachedVolume", "k8s.io/api/core/v1.ContainerImage", "k8s.io/api/core/v1.NodeAddress", "k8s.io/api/core/v1.NodeCondition", "k8s.io/api/core/v1.NodeConfigStatus", "k8s.io/api/core/v1.NodeDaemonEndpoints", "k8s.io/api/core/v1.NodeFeatures", "k8s.io/api/core/v1.NodeRuntimeHandler", "k8s.io/api/core/v1.NodeSystemInfo", "k8s.io/apimachinery/pkg/api/resource.Quantity"}, } } @@ -79797,7 +78462,7 @@ func schema_k8sio_api_core_v1_NodeSystemInfo(ref common.ReferenceCallback) commo "swap": { SchemaProps: spec.SchemaProps{ Description: "Swap Info reported by the node.", - Ref: ref(corev1.NodeSwapStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NodeSwapStatus"), }, }, }, @@ -79805,7 +78470,7 @@ func schema_k8sio_api_core_v1_NodeSystemInfo(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - corev1.NodeSwapStatus{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.NodeSwapStatus"}, } } @@ -79935,28 +78600,28 @@ func schema_k8sio_api_core_v1_PersistentVolume(ref common.ReferenceCallback) com SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "spec defines a specification of a persistent volume owned by the cluster. Provisioned by an administrator. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes", Default: map[string]interface{}{}, - Ref: ref(corev1.PersistentVolumeSpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PersistentVolumeSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "status represents the current information/status for the persistent volume. Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes", Default: map[string]interface{}{}, - Ref: ref(corev1.PersistentVolumeStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PersistentVolumeStatus"), }, }, }, }, }, Dependencies: []string{ - corev1.PersistentVolumeSpec{}.OpenAPIModelName(), corev1.PersistentVolumeStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.PersistentVolumeSpec", "k8s.io/api/core/v1.PersistentVolumeStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -79985,28 +78650,28 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaim(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", Default: map[string]interface{}{}, - Ref: ref(corev1.PersistentVolumeClaimSpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PersistentVolumeClaimSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", Default: map[string]interface{}{}, - Ref: ref(corev1.PersistentVolumeClaimStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PersistentVolumeClaimStatus"), }, }, }, }, }, Dependencies: []string{ - corev1.PersistentVolumeClaimSpec{}.OpenAPIModelName(), corev1.PersistentVolumeClaimStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.PersistentVolumeClaimSpec", "k8s.io/api/core/v1.PersistentVolumeClaimStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -80036,13 +78701,13 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimCondition(ref common.Referenc "lastProbeTime": { SchemaProps: spec.SchemaProps{ Description: "lastProbeTime is the time we probed the condition.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "lastTransitionTime is the time the condition transitioned from one status to another.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "reason": { @@ -80064,7 +78729,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimCondition(ref common.Referenc }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -80093,7 +78758,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimList(ref common.ReferenceCall SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -80104,7 +78769,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimList(ref common.ReferenceCall Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.PersistentVolumeClaim{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PersistentVolumeClaim"), }, }, }, @@ -80115,7 +78780,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimList(ref common.ReferenceCall }, }, Dependencies: []string{ - corev1.PersistentVolumeClaim{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.PersistentVolumeClaim", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -80150,14 +78815,14 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimSpec(ref common.ReferenceCall "selector": { SchemaProps: spec.SchemaProps{ Description: "selector is a label query over volumes to consider for binding.", - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, "resources": { SchemaProps: spec.SchemaProps{ - Description: "resources represents the minimum resources the volume should have. Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + Description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", Default: map[string]interface{}{}, - Ref: ref(corev1.VolumeResourceRequirements{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.VolumeResourceRequirements"), }, }, "volumeName": { @@ -80185,13 +78850,13 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimSpec(ref common.ReferenceCall "dataSource": { SchemaProps: spec.SchemaProps{ Description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.", - Ref: ref(corev1.TypedLocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.TypedLocalObjectReference"), }, }, "dataSourceRef": { SchemaProps: spec.SchemaProps{ Description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - Ref: ref(corev1.TypedObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.TypedObjectReference"), }, }, "volumeAttributesClassName": { @@ -80205,7 +78870,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimSpec(ref common.ReferenceCall }, }, Dependencies: []string{ - corev1.TypedLocalObjectReference{}.OpenAPIModelName(), corev1.TypedObjectReference{}.OpenAPIModelName(), corev1.VolumeResourceRequirements{}.OpenAPIModelName(), metav1.LabelSelector{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.TypedLocalObjectReference", "k8s.io/api/core/v1.TypedObjectReference", "k8s.io/api/core/v1.VolumeResourceRequirements", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -80253,7 +78918,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimStatus(ref common.ReferenceCa Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -80277,7 +78942,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimStatus(ref common.ReferenceCa Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.PersistentVolumeClaimCondition{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PersistentVolumeClaimCondition"), }, }, }, @@ -80285,13 +78950,13 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimStatus(ref common.ReferenceCa }, "allocatedResources": { SchemaProps: spec.SchemaProps{ - Description: "allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.", + Description: "allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", Type: []string{"object"}, AdditionalProperties: &spec.SchemaOrBool{ Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -80304,7 +78969,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimStatus(ref common.ReferenceCa }, }, SchemaProps: spec.SchemaProps{ - Description: "allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.", + Description: "allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", Type: []string{"object"}, AdditionalProperties: &spec.SchemaOrBool{ Allows: true, @@ -80329,14 +78994,14 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimStatus(ref common.ReferenceCa "modifyVolumeStatus": { SchemaProps: spec.SchemaProps{ Description: "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted.", - Ref: ref(corev1.ModifyVolumeStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ModifyVolumeStatus"), }, }, }, }, }, Dependencies: []string{ - corev1.ModifyVolumeStatus{}.OpenAPIModelName(), corev1.PersistentVolumeClaimCondition{}.OpenAPIModelName(), resource.Quantity{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ModifyVolumeStatus", "k8s.io/api/core/v1.PersistentVolumeClaimCondition", "k8s.io/apimachinery/pkg/api/resource.Quantity"}, } } @@ -80351,14 +79016,14 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimTemplate(ref common.Reference SchemaProps: spec.SchemaProps{ Description: "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.", Default: map[string]interface{}{}, - Ref: ref(corev1.PersistentVolumeClaimSpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PersistentVolumeClaimSpec"), }, }, }, @@ -80366,7 +79031,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimTemplate(ref common.Reference }, }, Dependencies: []string{ - corev1.PersistentVolumeClaimSpec{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.PersistentVolumeClaimSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -80424,7 +79089,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeList(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -80435,7 +79100,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeList(ref common.ReferenceCallback) Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.PersistentVolume{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PersistentVolume"), }, }, }, @@ -80446,7 +79111,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeList(ref common.ReferenceCallback) }, }, Dependencies: []string{ - corev1.PersistentVolume{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.PersistentVolume", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -80460,140 +79125,140 @@ func schema_k8sio_api_core_v1_PersistentVolumeSource(ref common.ReferenceCallbac "gcePersistentDisk": { SchemaProps: spec.SchemaProps{ Description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - Ref: ref(corev1.GCEPersistentDiskVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.GCEPersistentDiskVolumeSource"), }, }, "awsElasticBlockStore": { SchemaProps: spec.SchemaProps{ Description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - Ref: ref(corev1.AWSElasticBlockStoreVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.AWSElasticBlockStoreVolumeSource"), }, }, "hostPath": { SchemaProps: spec.SchemaProps{ Description: "hostPath represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - Ref: ref(corev1.HostPathVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.HostPathVolumeSource"), }, }, "glusterfs": { SchemaProps: spec.SchemaProps{ Description: "glusterfs represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md", - Ref: ref(corev1.GlusterfsPersistentVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.GlusterfsPersistentVolumeSource"), }, }, "nfs": { SchemaProps: spec.SchemaProps{ Description: "nfs represents an NFS mount on the host. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - Ref: ref(corev1.NFSVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NFSVolumeSource"), }, }, "rbd": { SchemaProps: spec.SchemaProps{ Description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md", - Ref: ref(corev1.RBDPersistentVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.RBDPersistentVolumeSource"), }, }, "iscsi": { SchemaProps: spec.SchemaProps{ Description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin.", - Ref: ref(corev1.ISCSIPersistentVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ISCSIPersistentVolumeSource"), }, }, "cinder": { SchemaProps: spec.SchemaProps{ Description: "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - Ref: ref(corev1.CinderPersistentVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.CinderPersistentVolumeSource"), }, }, "cephfs": { SchemaProps: spec.SchemaProps{ Description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", - Ref: ref(corev1.CephFSPersistentVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.CephFSPersistentVolumeSource"), }, }, "fc": { SchemaProps: spec.SchemaProps{ Description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", - Ref: ref(corev1.FCVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.FCVolumeSource"), }, }, "flocker": { SchemaProps: spec.SchemaProps{ Description: "flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", - Ref: ref(corev1.FlockerVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.FlockerVolumeSource"), }, }, "flexVolume": { SchemaProps: spec.SchemaProps{ Description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", - Ref: ref(corev1.FlexPersistentVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.FlexPersistentVolumeSource"), }, }, "azureFile": { SchemaProps: spec.SchemaProps{ Description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver.", - Ref: ref(corev1.AzureFilePersistentVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.AzureFilePersistentVolumeSource"), }, }, "vsphereVolume": { SchemaProps: spec.SchemaProps{ Description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver.", - Ref: ref(corev1.VsphereVirtualDiskVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.VsphereVirtualDiskVolumeSource"), }, }, "quobyte": { SchemaProps: spec.SchemaProps{ Description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", - Ref: ref(corev1.QuobyteVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.QuobyteVolumeSource"), }, }, "azureDisk": { SchemaProps: spec.SchemaProps{ Description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver.", - Ref: ref(corev1.AzureDiskVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.AzureDiskVolumeSource"), }, }, "photonPersistentDisk": { SchemaProps: spec.SchemaProps{ Description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", - Ref: ref(corev1.PhotonPersistentDiskVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PhotonPersistentDiskVolumeSource"), }, }, "portworxVolume": { SchemaProps: spec.SchemaProps{ Description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on.", - Ref: ref(corev1.PortworxVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PortworxVolumeSource"), }, }, "scaleIO": { SchemaProps: spec.SchemaProps{ Description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", - Ref: ref(corev1.ScaleIOPersistentVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ScaleIOPersistentVolumeSource"), }, }, "local": { SchemaProps: spec.SchemaProps{ Description: "local represents directly-attached storage with node affinity", - Ref: ref(corev1.LocalVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalVolumeSource"), }, }, "storageos": { SchemaProps: spec.SchemaProps{ Description: "storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. More info: https://examples.k8s.io/volumes/storageos/README.md", - Ref: ref(corev1.StorageOSPersistentVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.StorageOSPersistentVolumeSource"), }, }, "csi": { SchemaProps: spec.SchemaProps{ Description: "csi represents storage that is handled by an external CSI driver.", - Ref: ref(corev1.CSIPersistentVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.CSIPersistentVolumeSource"), }, }, }, }, }, Dependencies: []string{ - corev1.AWSElasticBlockStoreVolumeSource{}.OpenAPIModelName(), corev1.AzureDiskVolumeSource{}.OpenAPIModelName(), corev1.AzureFilePersistentVolumeSource{}.OpenAPIModelName(), corev1.CSIPersistentVolumeSource{}.OpenAPIModelName(), corev1.CephFSPersistentVolumeSource{}.OpenAPIModelName(), corev1.CinderPersistentVolumeSource{}.OpenAPIModelName(), corev1.FCVolumeSource{}.OpenAPIModelName(), corev1.FlexPersistentVolumeSource{}.OpenAPIModelName(), corev1.FlockerVolumeSource{}.OpenAPIModelName(), corev1.GCEPersistentDiskVolumeSource{}.OpenAPIModelName(), corev1.GlusterfsPersistentVolumeSource{}.OpenAPIModelName(), corev1.HostPathVolumeSource{}.OpenAPIModelName(), corev1.ISCSIPersistentVolumeSource{}.OpenAPIModelName(), corev1.LocalVolumeSource{}.OpenAPIModelName(), corev1.NFSVolumeSource{}.OpenAPIModelName(), corev1.PhotonPersistentDiskVolumeSource{}.OpenAPIModelName(), corev1.PortworxVolumeSource{}.OpenAPIModelName(), corev1.QuobyteVolumeSource{}.OpenAPIModelName(), corev1.RBDPersistentVolumeSource{}.OpenAPIModelName(), corev1.ScaleIOPersistentVolumeSource{}.OpenAPIModelName(), corev1.StorageOSPersistentVolumeSource{}.OpenAPIModelName(), corev1.VsphereVirtualDiskVolumeSource{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.AWSElasticBlockStoreVolumeSource", "k8s.io/api/core/v1.AzureDiskVolumeSource", "k8s.io/api/core/v1.AzureFilePersistentVolumeSource", "k8s.io/api/core/v1.CSIPersistentVolumeSource", "k8s.io/api/core/v1.CephFSPersistentVolumeSource", "k8s.io/api/core/v1.CinderPersistentVolumeSource", "k8s.io/api/core/v1.FCVolumeSource", "k8s.io/api/core/v1.FlexPersistentVolumeSource", "k8s.io/api/core/v1.FlockerVolumeSource", "k8s.io/api/core/v1.GCEPersistentDiskVolumeSource", "k8s.io/api/core/v1.GlusterfsPersistentVolumeSource", "k8s.io/api/core/v1.HostPathVolumeSource", "k8s.io/api/core/v1.ISCSIPersistentVolumeSource", "k8s.io/api/core/v1.LocalVolumeSource", "k8s.io/api/core/v1.NFSVolumeSource", "k8s.io/api/core/v1.PhotonPersistentDiskVolumeSource", "k8s.io/api/core/v1.PortworxVolumeSource", "k8s.io/api/core/v1.QuobyteVolumeSource", "k8s.io/api/core/v1.RBDPersistentVolumeSource", "k8s.io/api/core/v1.ScaleIOPersistentVolumeSource", "k8s.io/api/core/v1.StorageOSPersistentVolumeSource", "k8s.io/api/core/v1.VsphereVirtualDiskVolumeSource"}, } } @@ -80612,7 +79277,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeSpec(ref common.ReferenceCallback) Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -80621,133 +79286,133 @@ func schema_k8sio_api_core_v1_PersistentVolumeSpec(ref common.ReferenceCallback) "gcePersistentDisk": { SchemaProps: spec.SchemaProps{ Description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - Ref: ref(corev1.GCEPersistentDiskVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.GCEPersistentDiskVolumeSource"), }, }, "awsElasticBlockStore": { SchemaProps: spec.SchemaProps{ Description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - Ref: ref(corev1.AWSElasticBlockStoreVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.AWSElasticBlockStoreVolumeSource"), }, }, "hostPath": { SchemaProps: spec.SchemaProps{ Description: "hostPath represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - Ref: ref(corev1.HostPathVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.HostPathVolumeSource"), }, }, "glusterfs": { SchemaProps: spec.SchemaProps{ Description: "glusterfs represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md", - Ref: ref(corev1.GlusterfsPersistentVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.GlusterfsPersistentVolumeSource"), }, }, "nfs": { SchemaProps: spec.SchemaProps{ Description: "nfs represents an NFS mount on the host. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - Ref: ref(corev1.NFSVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NFSVolumeSource"), }, }, "rbd": { SchemaProps: spec.SchemaProps{ Description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md", - Ref: ref(corev1.RBDPersistentVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.RBDPersistentVolumeSource"), }, }, "iscsi": { SchemaProps: spec.SchemaProps{ Description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin.", - Ref: ref(corev1.ISCSIPersistentVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ISCSIPersistentVolumeSource"), }, }, "cinder": { SchemaProps: spec.SchemaProps{ Description: "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - Ref: ref(corev1.CinderPersistentVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.CinderPersistentVolumeSource"), }, }, "cephfs": { SchemaProps: spec.SchemaProps{ Description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", - Ref: ref(corev1.CephFSPersistentVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.CephFSPersistentVolumeSource"), }, }, "fc": { SchemaProps: spec.SchemaProps{ Description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", - Ref: ref(corev1.FCVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.FCVolumeSource"), }, }, "flocker": { SchemaProps: spec.SchemaProps{ Description: "flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", - Ref: ref(corev1.FlockerVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.FlockerVolumeSource"), }, }, "flexVolume": { SchemaProps: spec.SchemaProps{ Description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", - Ref: ref(corev1.FlexPersistentVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.FlexPersistentVolumeSource"), }, }, "azureFile": { SchemaProps: spec.SchemaProps{ Description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver.", - Ref: ref(corev1.AzureFilePersistentVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.AzureFilePersistentVolumeSource"), }, }, "vsphereVolume": { SchemaProps: spec.SchemaProps{ Description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver.", - Ref: ref(corev1.VsphereVirtualDiskVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.VsphereVirtualDiskVolumeSource"), }, }, "quobyte": { SchemaProps: spec.SchemaProps{ Description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", - Ref: ref(corev1.QuobyteVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.QuobyteVolumeSource"), }, }, "azureDisk": { SchemaProps: spec.SchemaProps{ Description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver.", - Ref: ref(corev1.AzureDiskVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.AzureDiskVolumeSource"), }, }, "photonPersistentDisk": { SchemaProps: spec.SchemaProps{ Description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", - Ref: ref(corev1.PhotonPersistentDiskVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PhotonPersistentDiskVolumeSource"), }, }, "portworxVolume": { SchemaProps: spec.SchemaProps{ Description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on.", - Ref: ref(corev1.PortworxVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PortworxVolumeSource"), }, }, "scaleIO": { SchemaProps: spec.SchemaProps{ Description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", - Ref: ref(corev1.ScaleIOPersistentVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ScaleIOPersistentVolumeSource"), }, }, "local": { SchemaProps: spec.SchemaProps{ Description: "local represents directly-attached storage with node affinity", - Ref: ref(corev1.LocalVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalVolumeSource"), }, }, "storageos": { SchemaProps: spec.SchemaProps{ Description: "storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. More info: https://examples.k8s.io/volumes/storageos/README.md", - Ref: ref(corev1.StorageOSPersistentVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.StorageOSPersistentVolumeSource"), }, }, "csi": { SchemaProps: spec.SchemaProps{ Description: "csi represents storage that is handled by an external CSI driver.", - Ref: ref(corev1.CSIPersistentVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.CSIPersistentVolumeSource"), }, }, "accessModes": { @@ -80779,7 +79444,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeSpec(ref common.ReferenceCallback) }, SchemaProps: spec.SchemaProps{ Description: "claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. claim.VolumeName is the authoritative bind between PV and PVC. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding", - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, "persistentVolumeReclaimPolicy": { @@ -80827,8 +79492,8 @@ func schema_k8sio_api_core_v1_PersistentVolumeSpec(ref common.ReferenceCallback) }, "nodeAffinity": { SchemaProps: spec.SchemaProps{ - Description: "nodeAffinity defines constraints that limit what nodes this volume can be accessed from. This field influences the scheduling of pods that use this volume. This field is mutable if MutablePVNodeAffinity feature gate is enabled.", - Ref: ref(corev1.VolumeNodeAffinity{}.OpenAPIModelName()), + Description: "nodeAffinity defines constraints that limit what nodes this volume can be accessed from. This field influences the scheduling of pods that use this volume.", + Ref: ref("k8s.io/api/core/v1.VolumeNodeAffinity"), }, }, "volumeAttributesClassName": { @@ -80842,7 +79507,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeSpec(ref common.ReferenceCallback) }, }, Dependencies: []string{ - corev1.AWSElasticBlockStoreVolumeSource{}.OpenAPIModelName(), corev1.AzureDiskVolumeSource{}.OpenAPIModelName(), corev1.AzureFilePersistentVolumeSource{}.OpenAPIModelName(), corev1.CSIPersistentVolumeSource{}.OpenAPIModelName(), corev1.CephFSPersistentVolumeSource{}.OpenAPIModelName(), corev1.CinderPersistentVolumeSource{}.OpenAPIModelName(), corev1.FCVolumeSource{}.OpenAPIModelName(), corev1.FlexPersistentVolumeSource{}.OpenAPIModelName(), corev1.FlockerVolumeSource{}.OpenAPIModelName(), corev1.GCEPersistentDiskVolumeSource{}.OpenAPIModelName(), corev1.GlusterfsPersistentVolumeSource{}.OpenAPIModelName(), corev1.HostPathVolumeSource{}.OpenAPIModelName(), corev1.ISCSIPersistentVolumeSource{}.OpenAPIModelName(), corev1.LocalVolumeSource{}.OpenAPIModelName(), corev1.NFSVolumeSource{}.OpenAPIModelName(), corev1.ObjectReference{}.OpenAPIModelName(), corev1.PhotonPersistentDiskVolumeSource{}.OpenAPIModelName(), corev1.PortworxVolumeSource{}.OpenAPIModelName(), corev1.QuobyteVolumeSource{}.OpenAPIModelName(), corev1.RBDPersistentVolumeSource{}.OpenAPIModelName(), corev1.ScaleIOPersistentVolumeSource{}.OpenAPIModelName(), corev1.StorageOSPersistentVolumeSource{}.OpenAPIModelName(), corev1.VolumeNodeAffinity{}.OpenAPIModelName(), corev1.VsphereVirtualDiskVolumeSource{}.OpenAPIModelName(), resource.Quantity{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.AWSElasticBlockStoreVolumeSource", "k8s.io/api/core/v1.AzureDiskVolumeSource", "k8s.io/api/core/v1.AzureFilePersistentVolumeSource", "k8s.io/api/core/v1.CSIPersistentVolumeSource", "k8s.io/api/core/v1.CephFSPersistentVolumeSource", "k8s.io/api/core/v1.CinderPersistentVolumeSource", "k8s.io/api/core/v1.FCVolumeSource", "k8s.io/api/core/v1.FlexPersistentVolumeSource", "k8s.io/api/core/v1.FlockerVolumeSource", "k8s.io/api/core/v1.GCEPersistentDiskVolumeSource", "k8s.io/api/core/v1.GlusterfsPersistentVolumeSource", "k8s.io/api/core/v1.HostPathVolumeSource", "k8s.io/api/core/v1.ISCSIPersistentVolumeSource", "k8s.io/api/core/v1.LocalVolumeSource", "k8s.io/api/core/v1.NFSVolumeSource", "k8s.io/api/core/v1.ObjectReference", "k8s.io/api/core/v1.PhotonPersistentDiskVolumeSource", "k8s.io/api/core/v1.PortworxVolumeSource", "k8s.io/api/core/v1.QuobyteVolumeSource", "k8s.io/api/core/v1.RBDPersistentVolumeSource", "k8s.io/api/core/v1.ScaleIOPersistentVolumeSource", "k8s.io/api/core/v1.StorageOSPersistentVolumeSource", "k8s.io/api/core/v1.VolumeNodeAffinity", "k8s.io/api/core/v1.VsphereVirtualDiskVolumeSource", "k8s.io/apimachinery/pkg/api/resource.Quantity"}, } } @@ -80878,14 +79543,14 @@ func schema_k8sio_api_core_v1_PersistentVolumeStatus(ref common.ReferenceCallbac "lastPhaseTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "lastPhaseTransitionTime is the time the phase transitioned from one to another and automatically resets to current time everytime a volume phase transitions.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, }, }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -80943,28 +79608,28 @@ func schema_k8sio_api_core_v1_Pod(ref common.ReferenceCallback) common.OpenAPIDe SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref(corev1.PodSpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "Most recently observed status of the pod. This data may not be up to date. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref(corev1.PodStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodStatus"), }, }, }, }, }, Dependencies: []string{ - corev1.PodSpec{}.OpenAPIModelName(), corev1.PodStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.PodSpec", "k8s.io/api/core/v1.PodStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -80988,7 +79653,7 @@ func schema_k8sio_api_core_v1_PodAffinity(ref common.ReferenceCallback) common.O Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.PodAffinityTerm{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodAffinityTerm"), }, }, }, @@ -81007,7 +79672,7 @@ func schema_k8sio_api_core_v1_PodAffinity(ref common.ReferenceCallback) common.O Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.WeightedPodAffinityTerm{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.WeightedPodAffinityTerm"), }, }, }, @@ -81017,7 +79682,7 @@ func schema_k8sio_api_core_v1_PodAffinity(ref common.ReferenceCallback) common.O }, }, Dependencies: []string{ - corev1.PodAffinityTerm{}.OpenAPIModelName(), corev1.WeightedPodAffinityTerm{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.PodAffinityTerm", "k8s.io/api/core/v1.WeightedPodAffinityTerm"}, } } @@ -81031,7 +79696,7 @@ func schema_k8sio_api_core_v1_PodAffinityTerm(ref common.ReferenceCallback) comm "labelSelector": { SchemaProps: spec.SchemaProps{ Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, "namespaces": { @@ -81065,7 +79730,7 @@ func schema_k8sio_api_core_v1_PodAffinityTerm(ref common.ReferenceCallback) comm "namespaceSelector": { SchemaProps: spec.SchemaProps{ Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, "matchLabelKeys": { @@ -81113,7 +79778,7 @@ func schema_k8sio_api_core_v1_PodAffinityTerm(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - metav1.LabelSelector{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -81137,7 +79802,7 @@ func schema_k8sio_api_core_v1_PodAntiAffinity(ref common.ReferenceCallback) comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.PodAffinityTerm{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodAffinityTerm"), }, }, }, @@ -81156,7 +79821,7 @@ func schema_k8sio_api_core_v1_PodAntiAffinity(ref common.ReferenceCallback) comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.WeightedPodAffinityTerm{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.WeightedPodAffinityTerm"), }, }, }, @@ -81166,7 +79831,7 @@ func schema_k8sio_api_core_v1_PodAntiAffinity(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - corev1.PodAffinityTerm{}.OpenAPIModelName(), corev1.WeightedPodAffinityTerm{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.PodAffinityTerm", "k8s.io/api/core/v1.WeightedPodAffinityTerm"}, } } @@ -81281,22 +79946,6 @@ func schema_k8sio_api_core_v1_PodCertificateProjection(ref common.ReferenceCallb Format: "", }, }, - "userAnnotations": { - SchemaProps: spec.SchemaProps{ - Description: "userAnnotations allow pod authors to pass additional information to the signer implementation. Kubernetes does not restrict or validate this metadata in any way.\n\nThese values are copied verbatim into the `spec.unverifiedUserAnnotations` field of the PodCertificateRequest objects that Kubelet creates.\n\nEntries are subject to the same validation as object metadata annotations, with the addition that all keys must be domain-prefixed. No restrictions are placed on values, except an overall size limitation on the entire field.\n\nSigners should document the keys and values they support. Signers should deny requests that contain keys they do not recognize.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, }, Required: []string{"signerName", "keyType"}, }, @@ -81321,7 +79970,7 @@ func schema_k8sio_api_core_v1_PodCondition(ref common.ReferenceCallback) common. }, "observedGeneration": { SchemaProps: spec.SchemaProps{ - Description: "If set, this represents the .metadata.generation that the pod condition was set based upon. The PodObservedGenerationTracking feature gate must be enabled to use this field.", + Description: "If set, this represents the .metadata.generation that the pod condition was set based upon. This is an alpha field. Enable PodObservedGenerationTracking to be able to use this field.", Type: []string{"integer"}, Format: "int64", }, @@ -81337,13 +79986,13 @@ func schema_k8sio_api_core_v1_PodCondition(ref common.ReferenceCallback) common. "lastProbeTime": { SchemaProps: spec.SchemaProps{ Description: "Last time we probed the condition.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "Last time the condition transitioned from one status to another.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "reason": { @@ -81365,7 +80014,7 @@ func schema_k8sio_api_core_v1_PodCondition(ref common.ReferenceCallback) common. }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -81429,7 +80078,7 @@ func schema_k8sio_api_core_v1_PodDNSConfig(ref common.ReferenceCallback) common. Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.PodDNSConfigOption{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodDNSConfigOption"), }, }, }, @@ -81439,7 +80088,7 @@ func schema_k8sio_api_core_v1_PodDNSConfig(ref common.ReferenceCallback) common. }, }, Dependencies: []string{ - corev1.PodDNSConfigOption{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.PodDNSConfigOption"}, } } @@ -81573,7 +80222,7 @@ func schema_k8sio_api_core_v1_PodExtendedResourceClaimStatus(ref common.Referenc Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ContainerExtendedResourceRequest{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ContainerExtendedResourceRequest"), }, }, }, @@ -81592,7 +80241,7 @@ func schema_k8sio_api_core_v1_PodExtendedResourceClaimStatus(ref common.Referenc }, }, Dependencies: []string{ - corev1.ContainerExtendedResourceRequest{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ContainerExtendedResourceRequest"}, } } @@ -81643,7 +80292,7 @@ func schema_k8sio_api_core_v1_PodList(ref common.ReferenceCallback) common.OpenA SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -81654,7 +80303,7 @@ func schema_k8sio_api_core_v1_PodList(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.Pod{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Pod"), }, }, }, @@ -81665,7 +80314,7 @@ func schema_k8sio_api_core_v1_PodList(ref common.ReferenceCallback) common.OpenA }, }, Dependencies: []string{ - corev1.Pod{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.Pod", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -81721,7 +80370,7 @@ func schema_k8sio_api_core_v1_PodLogOptions(ref common.ReferenceCallback) common "sinceTime": { SchemaProps: spec.SchemaProps{ Description: "An RFC3339 timestamp from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "timestamps": { @@ -81763,7 +80412,7 @@ func schema_k8sio_api_core_v1_PodLogOptions(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -81989,13 +80638,13 @@ func schema_k8sio_api_core_v1_PodSecurityContext(ref common.ReferenceCallback) c "seLinuxOptions": { SchemaProps: spec.SchemaProps{ Description: "The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", - Ref: ref(corev1.SELinuxOptions{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SELinuxOptions"), }, }, "windowsOptions": { SchemaProps: spec.SchemaProps{ Description: "The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", - Ref: ref(corev1.WindowsSecurityContextOptions{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.WindowsSecurityContextOptions"), }, }, "runAsUser": { @@ -82067,7 +80716,7 @@ func schema_k8sio_api_core_v1_PodSecurityContext(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.Sysctl{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Sysctl"), }, }, }, @@ -82084,13 +80733,13 @@ func schema_k8sio_api_core_v1_PodSecurityContext(ref common.ReferenceCallback) c "seccompProfile": { SchemaProps: spec.SchemaProps{ Description: "The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.", - Ref: ref(corev1.SeccompProfile{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SeccompProfile"), }, }, "appArmorProfile": { SchemaProps: spec.SchemaProps{ Description: "appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.", - Ref: ref(corev1.AppArmorProfile{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.AppArmorProfile"), }, }, "seLinuxChangePolicy": { @@ -82104,7 +80753,7 @@ func schema_k8sio_api_core_v1_PodSecurityContext(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - corev1.AppArmorProfile{}.OpenAPIModelName(), corev1.SELinuxOptions{}.OpenAPIModelName(), corev1.SeccompProfile{}.OpenAPIModelName(), corev1.Sysctl{}.OpenAPIModelName(), corev1.WindowsSecurityContextOptions{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.AppArmorProfile", "k8s.io/api/core/v1.SELinuxOptions", "k8s.io/api/core/v1.SeccompProfile", "k8s.io/api/core/v1.Sysctl", "k8s.io/api/core/v1.WindowsSecurityContextOptions"}, } } @@ -82118,14 +80767,14 @@ func schema_k8sio_api_core_v1_PodSignature(ref common.ReferenceCallback) common. "podController": { SchemaProps: spec.SchemaProps{ Description: "Reference to controller whose pods should avoid this node.", - Ref: ref(metav1.OwnerReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference"), }, }, }, }, }, Dependencies: []string{ - metav1.OwnerReference{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference"}, } } @@ -82154,7 +80803,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.Volume{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Volume"), }, }, }, @@ -82178,7 +80827,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.Container{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Container"), }, }, }, @@ -82202,7 +80851,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.Container{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Container"), }, }, }, @@ -82226,7 +80875,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.EphemeralContainer{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EphemeralContainer"), }, }, }, @@ -82342,7 +80991,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA "securityContext": { SchemaProps: spec.SchemaProps{ Description: "SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.", - Ref: ref(corev1.PodSecurityContext{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodSecurityContext"), }, }, "imagePullSecrets": { @@ -82363,7 +81012,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, }, @@ -82386,7 +81035,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA "affinity": { SchemaProps: spec.SchemaProps{ Description: "If specified, the pod's scheduling constraints", - Ref: ref(corev1.Affinity{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Affinity"), }, }, "schedulerName": { @@ -82409,7 +81058,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.Toleration{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Toleration"), }, }, }, @@ -82433,7 +81082,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.HostAlias{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.HostAlias"), }, }, }, @@ -82456,7 +81105,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA "dnsConfig": { SchemaProps: spec.SchemaProps{ Description: "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.", - Ref: ref(corev1.PodDNSConfig{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodDNSConfig"), }, }, "readinessGates": { @@ -82472,7 +81121,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.PodReadinessGate{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodReadinessGate"), }, }, }, @@ -82508,7 +81157,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -82533,7 +81182,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.TopologySpreadConstraint{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.TopologySpreadConstraint"), }, }, }, @@ -82549,7 +81198,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA "os": { SchemaProps: spec.SchemaProps{ Description: "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.resources - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.securityContext.supplementalGroupsPolicy - spec.containers[*].securityContext.appArmorProfile - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup", - Ref: ref(corev1.PodOS{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodOS"), }, }, "hostUsers": { @@ -82577,7 +81226,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.PodSchedulingGate{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodSchedulingGate"), }, }, }, @@ -82595,13 +81244,13 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA }, }, SchemaProps: spec.SchemaProps{ - Description: "ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name.\n\nThis is a stable field but requires that the DynamicResourceAllocation feature gate is enabled.\n\nThis field is immutable.", + Description: "ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.PodResourceClaim{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodResourceClaim"), }, }, }, @@ -82610,7 +81259,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA "resources": { SchemaProps: spec.SchemaProps{ Description: "Resources is the total amount of CPU and Memory resources required by all containers in the pod. It supports specifying Requests and Limits for \"cpu\", \"memory\" and \"hugepages-\" resource names only. ResourceClaims are not supported.\n\nThis field enables fine-grained control over resource allocation for the entire pod, allowing resource sharing among containers in a pod.\n\nThis is an alpha field and requires enabling the PodLevelResources feature gate.", - Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), }, }, "hostnameOverride": { @@ -82620,18 +81269,12 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Format: "", }, }, - "workloadRef": { - SchemaProps: spec.SchemaProps{ - Description: "WorkloadRef provides a reference to the Workload object that this Pod belongs to. This field is used by the scheduler to identify the PodGroup and apply the correct group scheduling policies. The Workload object referenced by this field may not exist at the time the Pod is created. This field is immutable, but a Workload object with the same name may be recreated with different policies. Doing this during pod scheduling may result in the placement not conforming to the expected policies.", - Ref: ref(corev1.WorkloadReference{}.OpenAPIModelName()), - }, - }, }, Required: []string{"containers"}, }, }, Dependencies: []string{ - corev1.Affinity{}.OpenAPIModelName(), corev1.Container{}.OpenAPIModelName(), corev1.EphemeralContainer{}.OpenAPIModelName(), corev1.HostAlias{}.OpenAPIModelName(), corev1.LocalObjectReference{}.OpenAPIModelName(), corev1.PodDNSConfig{}.OpenAPIModelName(), corev1.PodOS{}.OpenAPIModelName(), corev1.PodReadinessGate{}.OpenAPIModelName(), corev1.PodResourceClaim{}.OpenAPIModelName(), corev1.PodSchedulingGate{}.OpenAPIModelName(), corev1.PodSecurityContext{}.OpenAPIModelName(), corev1.ResourceRequirements{}.OpenAPIModelName(), corev1.Toleration{}.OpenAPIModelName(), corev1.TopologySpreadConstraint{}.OpenAPIModelName(), corev1.Volume{}.OpenAPIModelName(), corev1.WorkloadReference{}.OpenAPIModelName(), resource.Quantity{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.Affinity", "k8s.io/api/core/v1.Container", "k8s.io/api/core/v1.EphemeralContainer", "k8s.io/api/core/v1.HostAlias", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.PodDNSConfig", "k8s.io/api/core/v1.PodOS", "k8s.io/api/core/v1.PodReadinessGate", "k8s.io/api/core/v1.PodResourceClaim", "k8s.io/api/core/v1.PodSchedulingGate", "k8s.io/api/core/v1.PodSecurityContext", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.Toleration", "k8s.io/api/core/v1.TopologySpreadConstraint", "k8s.io/api/core/v1.Volume", "k8s.io/apimachinery/pkg/api/resource.Quantity"}, } } @@ -82644,7 +81287,7 @@ func schema_k8sio_api_core_v1_PodStatus(ref common.ReferenceCallback) common.Ope Properties: map[string]spec.Schema{ "observedGeneration": { SchemaProps: spec.SchemaProps{ - Description: "If set, this represents the .metadata.generation that the pod status was set based upon. The PodObservedGenerationTracking feature gate must be enabled to use this field.", + Description: "If set, this represents the .metadata.generation that the pod status was set based upon. This is an alpha field. Enable PodObservedGenerationTracking to be able to use this field.", Type: []string{"integer"}, Format: "int64", }, @@ -82675,7 +81318,7 @@ func schema_k8sio_api_core_v1_PodStatus(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.PodCondition{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodCondition"), }, }, }, @@ -82724,7 +81367,7 @@ func schema_k8sio_api_core_v1_PodStatus(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.HostIP{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.HostIP"), }, }, }, @@ -82755,7 +81398,7 @@ func schema_k8sio_api_core_v1_PodStatus(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.PodIP{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodIP"), }, }, }, @@ -82764,7 +81407,7 @@ func schema_k8sio_api_core_v1_PodStatus(ref common.ReferenceCallback) common.Ope "startTime": { SchemaProps: spec.SchemaProps{ Description: "RFC 3339 date and time at which the object was acknowledged by the Kubelet. This is before the Kubelet pulled the container image(s) for the pod.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "initContainerStatuses": { @@ -82780,7 +81423,7 @@ func schema_k8sio_api_core_v1_PodStatus(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ContainerStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ContainerStatus"), }, }, }, @@ -82799,7 +81442,7 @@ func schema_k8sio_api_core_v1_PodStatus(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ContainerStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ContainerStatus"), }, }, }, @@ -82826,7 +81469,7 @@ func schema_k8sio_api_core_v1_PodStatus(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ContainerStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ContainerStatus"), }, }, }, @@ -82857,7 +81500,7 @@ func schema_k8sio_api_core_v1_PodStatus(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.PodResourceClaimStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodResourceClaimStatus"), }, }, }, @@ -82866,34 +81509,14 @@ func schema_k8sio_api_core_v1_PodStatus(ref common.ReferenceCallback) common.Ope "extendedResourceClaimStatus": { SchemaProps: spec.SchemaProps{ Description: "Status of extended resource claim backed by DRA.", - Ref: ref(corev1.PodExtendedResourceClaimStatus{}.OpenAPIModelName()), - }, - }, - "allocatedResources": { - SchemaProps: spec.SchemaProps{ - Description: "AllocatedResources is the total requests allocated for this pod by the node. If pod-level requests are not set, this will be the total requests aggregated across containers in the pod.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Ref: ref(resource.Quantity{}.OpenAPIModelName()), - }, - }, - }, - }, - }, - "resources": { - SchemaProps: spec.SchemaProps{ - Description: "Resources represents the compute resource requests and limits that have been applied at the pod level if pod-level requests or limits are set in PodSpec.Resources", - Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodExtendedResourceClaimStatus"), }, }, }, }, }, Dependencies: []string{ - corev1.ContainerStatus{}.OpenAPIModelName(), corev1.HostIP{}.OpenAPIModelName(), corev1.PodCondition{}.OpenAPIModelName(), corev1.PodExtendedResourceClaimStatus{}.OpenAPIModelName(), corev1.PodIP{}.OpenAPIModelName(), corev1.PodResourceClaimStatus{}.OpenAPIModelName(), corev1.ResourceRequirements{}.OpenAPIModelName(), resource.Quantity{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ContainerStatus", "k8s.io/api/core/v1.HostIP", "k8s.io/api/core/v1.PodCondition", "k8s.io/api/core/v1.PodExtendedResourceClaimStatus", "k8s.io/api/core/v1.PodIP", "k8s.io/api/core/v1.PodResourceClaimStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -82922,21 +81545,21 @@ func schema_k8sio_api_core_v1_PodStatusResult(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "Most recently observed status of the pod. This data may not be up to date. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref(corev1.PodStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodStatus"), }, }, }, }, }, Dependencies: []string{ - corev1.PodStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.PodStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -82965,21 +81588,21 @@ func schema_k8sio_api_core_v1_PodTemplate(ref common.ReferenceCallback) common.O SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "template": { SchemaProps: spec.SchemaProps{ Description: "Template defines the pods that will be created from this pod template. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref(corev1.PodTemplateSpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodTemplateSpec"), }, }, }, }, }, Dependencies: []string{ - corev1.PodTemplateSpec{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.PodTemplateSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -83008,7 +81631,7 @@ func schema_k8sio_api_core_v1_PodTemplateList(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -83019,7 +81642,7 @@ func schema_k8sio_api_core_v1_PodTemplateList(ref common.ReferenceCallback) comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.PodTemplate{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodTemplate"), }, }, }, @@ -83030,7 +81653,7 @@ func schema_k8sio_api_core_v1_PodTemplateList(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - corev1.PodTemplate{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.PodTemplate", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -83045,21 +81668,21 @@ func schema_k8sio_api_core_v1_PodTemplateSpec(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref(corev1.PodSpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodSpec"), }, }, }, }, }, Dependencies: []string{ - corev1.PodSpec{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.PodSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -83148,13 +81771,13 @@ func schema_k8sio_api_core_v1_PreferAvoidPodsEntry(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "The class of pods.", Default: map[string]interface{}{}, - Ref: ref(corev1.PodSignature{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodSignature"), }, }, "evictionTime": { SchemaProps: spec.SchemaProps{ Description: "Time at which this entry was added to the list.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "reason": { @@ -83176,7 +81799,7 @@ func schema_k8sio_api_core_v1_PreferAvoidPodsEntry(ref common.ReferenceCallback) }, }, Dependencies: []string{ - corev1.PodSignature{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.PodSignature", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -83199,7 +81822,7 @@ func schema_k8sio_api_core_v1_PreferredSchedulingTerm(ref common.ReferenceCallba SchemaProps: spec.SchemaProps{ Description: "A node selector term, associated with the corresponding weight.", Default: map[string]interface{}{}, - Ref: ref(corev1.NodeSelectorTerm{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NodeSelectorTerm"), }, }, }, @@ -83207,7 +81830,7 @@ func schema_k8sio_api_core_v1_PreferredSchedulingTerm(ref common.ReferenceCallba }, }, Dependencies: []string{ - corev1.NodeSelectorTerm{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.NodeSelectorTerm"}, } } @@ -83221,25 +81844,25 @@ func schema_k8sio_api_core_v1_Probe(ref common.ReferenceCallback) common.OpenAPI "exec": { SchemaProps: spec.SchemaProps{ Description: "Exec specifies a command to execute in the container.", - Ref: ref(corev1.ExecAction{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ExecAction"), }, }, "httpGet": { SchemaProps: spec.SchemaProps{ Description: "HTTPGet specifies an HTTP GET request to perform.", - Ref: ref(corev1.HTTPGetAction{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.HTTPGetAction"), }, }, "tcpSocket": { SchemaProps: spec.SchemaProps{ Description: "TCPSocket specifies a connection to a TCP port.", - Ref: ref(corev1.TCPSocketAction{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.TCPSocketAction"), }, }, "grpc": { SchemaProps: spec.SchemaProps{ Description: "GRPC specifies a GRPC HealthCheckRequest.", - Ref: ref(corev1.GRPCAction{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.GRPCAction"), }, }, "initialDelaySeconds": { @@ -83288,7 +81911,7 @@ func schema_k8sio_api_core_v1_Probe(ref common.ReferenceCallback) common.OpenAPI }, }, Dependencies: []string{ - corev1.ExecAction{}.OpenAPIModelName(), corev1.GRPCAction{}.OpenAPIModelName(), corev1.HTTPGetAction{}.OpenAPIModelName(), corev1.TCPSocketAction{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ExecAction", "k8s.io/api/core/v1.GRPCAction", "k8s.io/api/core/v1.HTTPGetAction", "k8s.io/api/core/v1.TCPSocketAction"}, } } @@ -83302,32 +81925,32 @@ func schema_k8sio_api_core_v1_ProbeHandler(ref common.ReferenceCallback) common. "exec": { SchemaProps: spec.SchemaProps{ Description: "Exec specifies a command to execute in the container.", - Ref: ref(corev1.ExecAction{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ExecAction"), }, }, "httpGet": { SchemaProps: spec.SchemaProps{ Description: "HTTPGet specifies an HTTP GET request to perform.", - Ref: ref(corev1.HTTPGetAction{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.HTTPGetAction"), }, }, "tcpSocket": { SchemaProps: spec.SchemaProps{ Description: "TCPSocket specifies a connection to a TCP port.", - Ref: ref(corev1.TCPSocketAction{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.TCPSocketAction"), }, }, "grpc": { SchemaProps: spec.SchemaProps{ Description: "GRPC specifies a GRPC HealthCheckRequest.", - Ref: ref(corev1.GRPCAction{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.GRPCAction"), }, }, }, }, }, Dependencies: []string{ - corev1.ExecAction{}.OpenAPIModelName(), corev1.GRPCAction{}.OpenAPIModelName(), corev1.HTTPGetAction{}.OpenAPIModelName(), corev1.TCPSocketAction{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ExecAction", "k8s.io/api/core/v1.GRPCAction", "k8s.io/api/core/v1.HTTPGetAction", "k8s.io/api/core/v1.TCPSocketAction"}, } } @@ -83351,7 +81974,7 @@ func schema_k8sio_api_core_v1_ProjectedVolumeSource(ref common.ReferenceCallback Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.VolumeProjection{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.VolumeProjection"), }, }, }, @@ -83368,7 +81991,7 @@ func schema_k8sio_api_core_v1_ProjectedVolumeSource(ref common.ReferenceCallback }, }, Dependencies: []string{ - corev1.VolumeProjection{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.VolumeProjection"}, } } @@ -83499,7 +82122,7 @@ func schema_k8sio_api_core_v1_RBDPersistentVolumeSource(ref common.ReferenceCall "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SecretReference"), }, }, "readOnly": { @@ -83514,7 +82137,7 @@ func schema_k8sio_api_core_v1_RBDPersistentVolumeSource(ref common.ReferenceCall }, }, Dependencies: []string{ - corev1.SecretReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.SecretReference"}, } } @@ -83587,7 +82210,7 @@ func schema_k8sio_api_core_v1_RBDVolumeSource(ref common.ReferenceCallback) comm "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, "readOnly": { @@ -83602,7 +82225,7 @@ func schema_k8sio_api_core_v1_RBDVolumeSource(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - corev1.LocalObjectReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.LocalObjectReference"}, } } @@ -83631,7 +82254,7 @@ func schema_k8sio_api_core_v1_RangeAllocation(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "range": { @@ -83654,7 +82277,7 @@ func schema_k8sio_api_core_v1_RangeAllocation(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -83683,28 +82306,28 @@ func schema_k8sio_api_core_v1_ReplicationController(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "If the Labels of a ReplicationController are empty, they are defaulted to be the same as the Pod(s) that the replication controller manages. Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec defines the specification of the desired behavior of the replication controller. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref(corev1.ReplicationControllerSpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ReplicationControllerSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "Status is the most recently observed status of the replication controller. This data may be out of date by some window of time. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref(corev1.ReplicationControllerStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ReplicationControllerStatus"), }, }, }, }, }, Dependencies: []string{ - corev1.ReplicationControllerSpec{}.OpenAPIModelName(), corev1.ReplicationControllerStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ReplicationControllerSpec", "k8s.io/api/core/v1.ReplicationControllerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -83734,7 +82357,7 @@ func schema_k8sio_api_core_v1_ReplicationControllerCondition(ref common.Referenc "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "The last time the condition transitioned from one status to another.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "reason": { @@ -83756,7 +82379,7 @@ func schema_k8sio_api_core_v1_ReplicationControllerCondition(ref common.Referenc }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -83785,7 +82408,7 @@ func schema_k8sio_api_core_v1_ReplicationControllerList(ref common.ReferenceCall SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -83796,7 +82419,7 @@ func schema_k8sio_api_core_v1_ReplicationControllerList(ref common.ReferenceCall Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ReplicationController{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ReplicationController"), }, }, }, @@ -83807,7 +82430,7 @@ func schema_k8sio_api_core_v1_ReplicationControllerList(ref common.ReferenceCall }, }, Dependencies: []string{ - corev1.ReplicationController{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ReplicationController", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -83858,14 +82481,14 @@ func schema_k8sio_api_core_v1_ReplicationControllerSpec(ref common.ReferenceCall "template": { SchemaProps: spec.SchemaProps{ Description: "Template is the object that describes the pod that will be created if insufficient replicas are detected. This takes precedence over a TemplateRef. The only allowed template.spec.restartPolicy value is \"Always\". More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template", - Ref: ref(corev1.PodTemplateSpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodTemplateSpec"), }, }, }, }, }, Dependencies: []string{ - corev1.PodTemplateSpec{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.PodTemplateSpec"}, } } @@ -83930,7 +82553,7 @@ func schema_k8sio_api_core_v1_ReplicationControllerStatus(ref common.ReferenceCa Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ReplicationControllerCondition{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ReplicationControllerCondition"), }, }, }, @@ -83941,7 +82564,7 @@ func schema_k8sio_api_core_v1_ReplicationControllerStatus(ref common.ReferenceCa }, }, Dependencies: []string{ - corev1.ReplicationControllerCondition{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ReplicationControllerCondition"}, } } @@ -83999,7 +82622,7 @@ func schema_k8sio_api_core_v1_ResourceFieldSelector(ref common.ReferenceCallback "divisor": { SchemaProps: spec.SchemaProps{ Description: "Specifies the output format of the exposed resources, defaults to \"1\"", - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -84012,7 +82635,7 @@ func schema_k8sio_api_core_v1_ResourceFieldSelector(ref common.ReferenceCallback }, }, Dependencies: []string{ - resource.Quantity{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/api/resource.Quantity"}, } } @@ -84070,28 +82693,28 @@ func schema_k8sio_api_core_v1_ResourceQuota(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec defines the desired quota. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref(corev1.ResourceQuotaSpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ResourceQuotaSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "Status defines the actual enforced quota and its current usage. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref(corev1.ResourceQuotaStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ResourceQuotaStatus"), }, }, }, }, }, Dependencies: []string{ - corev1.ResourceQuotaSpec{}.OpenAPIModelName(), corev1.ResourceQuotaStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ResourceQuotaSpec", "k8s.io/api/core/v1.ResourceQuotaStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -84120,7 +82743,7 @@ func schema_k8sio_api_core_v1_ResourceQuotaList(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -84131,7 +82754,7 @@ func schema_k8sio_api_core_v1_ResourceQuotaList(ref common.ReferenceCallback) co Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ResourceQuota{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ResourceQuota"), }, }, }, @@ -84142,7 +82765,7 @@ func schema_k8sio_api_core_v1_ResourceQuotaList(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - corev1.ResourceQuota{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ResourceQuota", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -84161,7 +82784,7 @@ func schema_k8sio_api_core_v1_ResourceQuotaSpec(ref common.ReferenceCallback) co Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -84191,14 +82814,14 @@ func schema_k8sio_api_core_v1_ResourceQuotaSpec(ref common.ReferenceCallback) co "scopeSelector": { SchemaProps: spec.SchemaProps{ Description: "scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.", - Ref: ref(corev1.ScopeSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ScopeSelector"), }, }, }, }, }, Dependencies: []string{ - corev1.ScopeSelector{}.OpenAPIModelName(), resource.Quantity{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ScopeSelector", "k8s.io/apimachinery/pkg/api/resource.Quantity"}, } } @@ -84217,7 +82840,7 @@ func schema_k8sio_api_core_v1_ResourceQuotaStatus(ref common.ReferenceCallback) Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -84231,7 +82854,7 @@ func schema_k8sio_api_core_v1_ResourceQuotaStatus(ref common.ReferenceCallback) Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -84241,7 +82864,7 @@ func schema_k8sio_api_core_v1_ResourceQuotaStatus(ref common.ReferenceCallback) }, }, Dependencies: []string{ - resource.Quantity{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/api/resource.Quantity"}, } } @@ -84260,7 +82883,7 @@ func schema_k8sio_api_core_v1_ResourceRequirements(ref common.ReferenceCallback) Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -84274,7 +82897,7 @@ func schema_k8sio_api_core_v1_ResourceRequirements(ref common.ReferenceCallback) Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -84296,7 +82919,7 @@ func schema_k8sio_api_core_v1_ResourceRequirements(ref common.ReferenceCallback) Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ResourceClaim{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ResourceClaim"), }, }, }, @@ -84306,7 +82929,7 @@ func schema_k8sio_api_core_v1_ResourceRequirements(ref common.ReferenceCallback) }, }, Dependencies: []string{ - corev1.ResourceClaim{}.OpenAPIModelName(), resource.Quantity{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ResourceClaim", "k8s.io/apimachinery/pkg/api/resource.Quantity"}, } } @@ -84341,7 +82964,7 @@ func schema_k8sio_api_core_v1_ResourceStatus(ref common.ReferenceCallback) commo Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ResourceHealth{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ResourceHealth"), }, }, }, @@ -84352,7 +82975,7 @@ func schema_k8sio_api_core_v1_ResourceStatus(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - corev1.ResourceHealth{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ResourceHealth"}, } } @@ -84423,7 +83046,7 @@ func schema_k8sio_api_core_v1_ScaleIOPersistentVolumeSource(ref common.Reference "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.", - Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SecretReference"), }, }, "sslEnabled": { @@ -84482,7 +83105,7 @@ func schema_k8sio_api_core_v1_ScaleIOPersistentVolumeSource(ref common.Reference }, }, Dependencies: []string{ - corev1.SecretReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.SecretReference"}, } } @@ -84512,7 +83135,7 @@ func schema_k8sio_api_core_v1_ScaleIOVolumeSource(ref common.ReferenceCallback) "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, "sslEnabled": { @@ -84571,7 +83194,7 @@ func schema_k8sio_api_core_v1_ScaleIOVolumeSource(ref common.ReferenceCallback) }, }, Dependencies: []string{ - corev1.LocalObjectReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.LocalObjectReference"}, } } @@ -84595,7 +83218,7 @@ func schema_k8sio_api_core_v1_ScopeSelector(ref common.ReferenceCallback) common Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ScopedResourceSelectorRequirement{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ScopedResourceSelectorRequirement"), }, }, }, @@ -84610,7 +83233,7 @@ func schema_k8sio_api_core_v1_ScopeSelector(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - corev1.ScopedResourceSelectorRequirement{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ScopedResourceSelectorRequirement"}, } } @@ -84733,7 +83356,7 @@ func schema_k8sio_api_core_v1_Secret(ref common.ReferenceCallback) common.OpenAP SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "immutable": { @@ -84785,7 +83408,7 @@ func schema_k8sio_api_core_v1_Secret(ref common.ReferenceCallback) common.OpenAP }, }, Dependencies: []string{ - metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -84884,7 +83507,7 @@ func schema_k8sio_api_core_v1_SecretList(ref common.ReferenceCallback) common.Op SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -84895,7 +83518,7 @@ func schema_k8sio_api_core_v1_SecretList(ref common.ReferenceCallback) common.Op Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.Secret{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Secret"), }, }, }, @@ -84906,7 +83529,7 @@ func schema_k8sio_api_core_v1_SecretList(ref common.ReferenceCallback) common.Op }, }, Dependencies: []string{ - corev1.Secret{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.Secret", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -84938,7 +83561,7 @@ func schema_k8sio_api_core_v1_SecretProjection(ref common.ReferenceCallback) com Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.KeyToPath{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.KeyToPath"), }, }, }, @@ -84955,7 +83578,7 @@ func schema_k8sio_api_core_v1_SecretProjection(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - corev1.KeyToPath{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.KeyToPath"}, } } @@ -85018,7 +83641,7 @@ func schema_k8sio_api_core_v1_SecretVolumeSource(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.KeyToPath{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.KeyToPath"), }, }, }, @@ -85042,7 +83665,7 @@ func schema_k8sio_api_core_v1_SecretVolumeSource(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - corev1.KeyToPath{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.KeyToPath"}, } } @@ -85056,7 +83679,7 @@ func schema_k8sio_api_core_v1_SecurityContext(ref common.ReferenceCallback) comm "capabilities": { SchemaProps: spec.SchemaProps{ Description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", - Ref: ref(corev1.Capabilities{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Capabilities"), }, }, "privileged": { @@ -85069,13 +83692,13 @@ func schema_k8sio_api_core_v1_SecurityContext(ref common.ReferenceCallback) comm "seLinuxOptions": { SchemaProps: spec.SchemaProps{ Description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", - Ref: ref(corev1.SELinuxOptions{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SELinuxOptions"), }, }, "windowsOptions": { SchemaProps: spec.SchemaProps{ Description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", - Ref: ref(corev1.WindowsSecurityContextOptions{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.WindowsSecurityContextOptions"), }, }, "runAsUser": { @@ -85124,20 +83747,20 @@ func schema_k8sio_api_core_v1_SecurityContext(ref common.ReferenceCallback) comm "seccompProfile": { SchemaProps: spec.SchemaProps{ Description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", - Ref: ref(corev1.SeccompProfile{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SeccompProfile"), }, }, "appArmorProfile": { SchemaProps: spec.SchemaProps{ Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows.", - Ref: ref(corev1.AppArmorProfile{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.AppArmorProfile"), }, }, }, }, }, Dependencies: []string{ - corev1.AppArmorProfile{}.OpenAPIModelName(), corev1.Capabilities{}.OpenAPIModelName(), corev1.SELinuxOptions{}.OpenAPIModelName(), corev1.SeccompProfile{}.OpenAPIModelName(), corev1.WindowsSecurityContextOptions{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.AppArmorProfile", "k8s.io/api/core/v1.Capabilities", "k8s.io/api/core/v1.SELinuxOptions", "k8s.io/api/core/v1.SeccompProfile", "k8s.io/api/core/v1.WindowsSecurityContextOptions"}, } } @@ -85166,14 +83789,14 @@ func schema_k8sio_api_core_v1_SerializedReference(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "The reference to an object in the system.", Default: map[string]interface{}{}, - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, }, }, }, Dependencies: []string{ - corev1.ObjectReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ObjectReference"}, } } @@ -85202,28 +83825,28 @@ func schema_k8sio_api_core_v1_Service(ref common.ReferenceCallback) common.OpenA SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec defines the behavior of a service. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref(corev1.ServiceSpec{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ServiceSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "Most recently observed status of the service. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref(corev1.ServiceStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ServiceStatus"), }, }, }, }, }, Dependencies: []string{ - corev1.ServiceSpec{}.OpenAPIModelName(), corev1.ServiceStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ServiceSpec", "k8s.io/api/core/v1.ServiceStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -85252,7 +83875,7 @@ func schema_k8sio_api_core_v1_ServiceAccount(ref common.ReferenceCallback) commo SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "secrets": { @@ -85273,7 +83896,7 @@ func schema_k8sio_api_core_v1_ServiceAccount(ref common.ReferenceCallback) commo Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, }, @@ -85292,7 +83915,7 @@ func schema_k8sio_api_core_v1_ServiceAccount(ref common.ReferenceCallback) commo Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, }, @@ -85309,7 +83932,7 @@ func schema_k8sio_api_core_v1_ServiceAccount(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - corev1.LocalObjectReference{}.OpenAPIModelName(), corev1.ObjectReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -85338,7 +83961,7 @@ func schema_k8sio_api_core_v1_ServiceAccountList(ref common.ReferenceCallback) c SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -85349,7 +83972,7 @@ func schema_k8sio_api_core_v1_ServiceAccountList(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ServiceAccount{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ServiceAccount"), }, }, }, @@ -85360,7 +83983,7 @@ func schema_k8sio_api_core_v1_ServiceAccountList(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - corev1.ServiceAccount{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ServiceAccount", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -85425,7 +84048,7 @@ func schema_k8sio_api_core_v1_ServiceList(ref common.ReferenceCallback) common.O SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -85436,7 +84059,7 @@ func schema_k8sio_api_core_v1_ServiceList(ref common.ReferenceCallback) common.O Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.Service{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.Service"), }, }, }, @@ -85447,7 +84070,7 @@ func schema_k8sio_api_core_v1_ServiceList(ref common.ReferenceCallback) common.O }, }, Dependencies: []string{ - corev1.Service{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.Service", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -85492,7 +84115,7 @@ func schema_k8sio_api_core_v1_ServicePort(ref common.ReferenceCallback) common.O "targetPort": { SchemaProps: spec.SchemaProps{ Description: "Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service", - Ref: ref(intstr.IntOrString{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/util/intstr.IntOrString"), }, }, "nodePort": { @@ -85507,7 +84130,7 @@ func schema_k8sio_api_core_v1_ServicePort(ref common.ReferenceCallback) common.O }, }, Dependencies: []string{ - intstr.IntOrString{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/util/intstr.IntOrString"}, } } @@ -85571,7 +84194,7 @@ func schema_k8sio_api_core_v1_ServiceSpec(ref common.ReferenceCallback) common.O Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.ServicePort{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ServicePort"), }, }, }, @@ -85720,7 +84343,7 @@ func schema_k8sio_api_core_v1_ServiceSpec(ref common.ReferenceCallback) common.O "sessionAffinityConfig": { SchemaProps: spec.SchemaProps{ Description: "sessionAffinityConfig contains the configurations of session affinity.", - Ref: ref(corev1.SessionAffinityConfig{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SessionAffinityConfig"), }, }, "ipFamilies": { @@ -85785,7 +84408,7 @@ func schema_k8sio_api_core_v1_ServiceSpec(ref common.ReferenceCallback) common.O }, }, Dependencies: []string{ - corev1.ServicePort{}.OpenAPIModelName(), corev1.SessionAffinityConfig{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ServicePort", "k8s.io/api/core/v1.SessionAffinityConfig"}, } } @@ -85800,7 +84423,7 @@ func schema_k8sio_api_core_v1_ServiceStatus(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "LoadBalancer contains the current status of the load-balancer, if one is present.", Default: map[string]interface{}{}, - Ref: ref(corev1.LoadBalancerStatus{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LoadBalancerStatus"), }, }, "conditions": { @@ -85821,7 +84444,7 @@ func schema_k8sio_api_core_v1_ServiceStatus(ref common.ReferenceCallback) common Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.Condition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), }, }, }, @@ -85831,7 +84454,7 @@ func schema_k8sio_api_core_v1_ServiceStatus(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - corev1.LoadBalancerStatus{}.OpenAPIModelName(), metav1.Condition{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.LoadBalancerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } @@ -85845,14 +84468,14 @@ func schema_k8sio_api_core_v1_SessionAffinityConfig(ref common.ReferenceCallback "clientIP": { SchemaProps: spec.SchemaProps{ Description: "clientIP contains the configurations of Client IP based session affinity.", - Ref: ref(corev1.ClientIPConfig{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ClientIPConfig"), }, }, }, }, }, Dependencies: []string{ - corev1.ClientIPConfig{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ClientIPConfig"}, } } @@ -85916,14 +84539,14 @@ func schema_k8sio_api_core_v1_StorageOSPersistentVolumeSource(ref common.Referen "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.", - Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ObjectReference"), }, }, }, }, }, Dependencies: []string{ - corev1.ObjectReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ObjectReference"}, } } @@ -85965,14 +84588,14 @@ func schema_k8sio_api_core_v1_StorageOSVolumeSource(ref common.ReferenceCallback "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.", - Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), }, }, }, }, }, Dependencies: []string{ - corev1.LocalObjectReference{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.LocalObjectReference"}, } } @@ -86016,7 +84639,7 @@ func schema_k8sio_api_core_v1_TCPSocketAction(ref common.ReferenceCallback) comm "port": { SchemaProps: spec.SchemaProps{ Description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", - Ref: ref(intstr.IntOrString{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/util/intstr.IntOrString"), }, }, "host": { @@ -86031,7 +84654,7 @@ func schema_k8sio_api_core_v1_TCPSocketAction(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - intstr.IntOrString{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/util/intstr.IntOrString"}, } } @@ -86069,7 +84692,7 @@ func schema_k8sio_api_core_v1_Taint(ref common.ReferenceCallback) common.OpenAPI "timeAdded": { SchemaProps: spec.SchemaProps{ Description: "TimeAdded represents the time at which the taint was added.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, }, @@ -86077,7 +84700,7 @@ func schema_k8sio_api_core_v1_Taint(ref common.ReferenceCallback) common.OpenAPI }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -86097,10 +84720,10 @@ func schema_k8sio_api_core_v1_Toleration(ref common.ReferenceCallback) common.Op }, "operator": { SchemaProps: spec.SchemaProps{ - Description: "Operator represents a key's relationship to the value. Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).\n\nPossible enum values:\n - `\"Equal\"`\n - `\"Exists\"`\n - `\"Gt\"`\n - `\"Lt\"`", + Description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.\n\nPossible enum values:\n - `\"Equal\"`\n - `\"Exists\"`", Type: []string{"string"}, Format: "", - Enum: []interface{}{"Equal", "Exists", "Gt", "Lt"}, + Enum: []interface{}{"Equal", "Exists"}, }, }, "value": { @@ -86193,7 +84816,7 @@ func schema_k8sio_api_core_v1_TopologySelectorTerm(ref common.ReferenceCallback) Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(corev1.TopologySelectorLabelRequirement{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.TopologySelectorLabelRequirement"), }, }, }, @@ -86208,7 +84831,7 @@ func schema_k8sio_api_core_v1_TopologySelectorTerm(ref common.ReferenceCallback) }, }, Dependencies: []string{ - corev1.TopologySelectorLabelRequirement{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.TopologySelectorLabelRequirement"}, } } @@ -86247,7 +84870,7 @@ func schema_k8sio_api_core_v1_TopologySpreadConstraint(ref common.ReferenceCallb "labelSelector": { SchemaProps: spec.SchemaProps{ Description: "LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.", - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, "minDomains": { @@ -86298,7 +84921,7 @@ func schema_k8sio_api_core_v1_TopologySpreadConstraint(ref common.ReferenceCallb }, }, Dependencies: []string{ - metav1.LabelSelector{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -86406,181 +85029,181 @@ func schema_k8sio_api_core_v1_Volume(ref common.ReferenceCallback) common.OpenAP "hostPath": { SchemaProps: spec.SchemaProps{ Description: "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - Ref: ref(corev1.HostPathVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.HostPathVolumeSource"), }, }, "emptyDir": { SchemaProps: spec.SchemaProps{ Description: "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - Ref: ref(corev1.EmptyDirVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EmptyDirVolumeSource"), }, }, "gcePersistentDisk": { SchemaProps: spec.SchemaProps{ Description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - Ref: ref(corev1.GCEPersistentDiskVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.GCEPersistentDiskVolumeSource"), }, }, "awsElasticBlockStore": { SchemaProps: spec.SchemaProps{ Description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - Ref: ref(corev1.AWSElasticBlockStoreVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.AWSElasticBlockStoreVolumeSource"), }, }, "gitRepo": { SchemaProps: spec.SchemaProps{ Description: "gitRepo represents a git repository at a particular revision. Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", - Ref: ref(corev1.GitRepoVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.GitRepoVolumeSource"), }, }, "secret": { SchemaProps: spec.SchemaProps{ Description: "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - Ref: ref(corev1.SecretVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SecretVolumeSource"), }, }, "nfs": { SchemaProps: spec.SchemaProps{ Description: "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - Ref: ref(corev1.NFSVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NFSVolumeSource"), }, }, "iscsi": { SchemaProps: spec.SchemaProps{ Description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi", - Ref: ref(corev1.ISCSIVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ISCSIVolumeSource"), }, }, "glusterfs": { SchemaProps: spec.SchemaProps{ Description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.", - Ref: ref(corev1.GlusterfsVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.GlusterfsVolumeSource"), }, }, "persistentVolumeClaim": { SchemaProps: spec.SchemaProps{ Description: "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - Ref: ref(corev1.PersistentVolumeClaimVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PersistentVolumeClaimVolumeSource"), }, }, "rbd": { SchemaProps: spec.SchemaProps{ Description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported.", - Ref: ref(corev1.RBDVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.RBDVolumeSource"), }, }, "flexVolume": { SchemaProps: spec.SchemaProps{ Description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", - Ref: ref(corev1.FlexVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.FlexVolumeSource"), }, }, "cinder": { SchemaProps: spec.SchemaProps{ Description: "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - Ref: ref(corev1.CinderVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.CinderVolumeSource"), }, }, "cephfs": { SchemaProps: spec.SchemaProps{ Description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", - Ref: ref(corev1.CephFSVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.CephFSVolumeSource"), }, }, "flocker": { SchemaProps: spec.SchemaProps{ Description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", - Ref: ref(corev1.FlockerVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.FlockerVolumeSource"), }, }, "downwardAPI": { SchemaProps: spec.SchemaProps{ Description: "downwardAPI represents downward API about the pod that should populate this volume", - Ref: ref(corev1.DownwardAPIVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.DownwardAPIVolumeSource"), }, }, "fc": { SchemaProps: spec.SchemaProps{ Description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", - Ref: ref(corev1.FCVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.FCVolumeSource"), }, }, "azureFile": { SchemaProps: spec.SchemaProps{ Description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver.", - Ref: ref(corev1.AzureFileVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.AzureFileVolumeSource"), }, }, "configMap": { SchemaProps: spec.SchemaProps{ Description: "configMap represents a configMap that should populate this volume", - Ref: ref(corev1.ConfigMapVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ConfigMapVolumeSource"), }, }, "vsphereVolume": { SchemaProps: spec.SchemaProps{ Description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver.", - Ref: ref(corev1.VsphereVirtualDiskVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.VsphereVirtualDiskVolumeSource"), }, }, "quobyte": { SchemaProps: spec.SchemaProps{ Description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", - Ref: ref(corev1.QuobyteVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.QuobyteVolumeSource"), }, }, "azureDisk": { SchemaProps: spec.SchemaProps{ Description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver.", - Ref: ref(corev1.AzureDiskVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.AzureDiskVolumeSource"), }, }, "photonPersistentDisk": { SchemaProps: spec.SchemaProps{ Description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", - Ref: ref(corev1.PhotonPersistentDiskVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PhotonPersistentDiskVolumeSource"), }, }, "projected": { SchemaProps: spec.SchemaProps{ Description: "projected items for all in one resources secrets, configmaps, and downward API", - Ref: ref(corev1.ProjectedVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ProjectedVolumeSource"), }, }, "portworxVolume": { SchemaProps: spec.SchemaProps{ Description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on.", - Ref: ref(corev1.PortworxVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PortworxVolumeSource"), }, }, "scaleIO": { SchemaProps: spec.SchemaProps{ Description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", - Ref: ref(corev1.ScaleIOVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ScaleIOVolumeSource"), }, }, "storageos": { SchemaProps: spec.SchemaProps{ Description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", - Ref: ref(corev1.StorageOSVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.StorageOSVolumeSource"), }, }, "csi": { SchemaProps: spec.SchemaProps{ Description: "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", - Ref: ref(corev1.CSIVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.CSIVolumeSource"), }, }, "ephemeral": { SchemaProps: spec.SchemaProps{ Description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed.\n\nUse this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information.\n\nA pod can use both types of ephemeral volumes and persistent volumes at the same time.", - Ref: ref(corev1.EphemeralVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EphemeralVolumeSource"), }, }, "image": { SchemaProps: spec.SchemaProps{ Description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", - Ref: ref(corev1.ImageVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ImageVolumeSource"), }, }, }, @@ -86588,7 +85211,7 @@ func schema_k8sio_api_core_v1_Volume(ref common.ReferenceCallback) common.OpenAP }, }, Dependencies: []string{ - corev1.AWSElasticBlockStoreVolumeSource{}.OpenAPIModelName(), corev1.AzureDiskVolumeSource{}.OpenAPIModelName(), corev1.AzureFileVolumeSource{}.OpenAPIModelName(), corev1.CSIVolumeSource{}.OpenAPIModelName(), corev1.CephFSVolumeSource{}.OpenAPIModelName(), corev1.CinderVolumeSource{}.OpenAPIModelName(), corev1.ConfigMapVolumeSource{}.OpenAPIModelName(), corev1.DownwardAPIVolumeSource{}.OpenAPIModelName(), corev1.EmptyDirVolumeSource{}.OpenAPIModelName(), corev1.EphemeralVolumeSource{}.OpenAPIModelName(), corev1.FCVolumeSource{}.OpenAPIModelName(), corev1.FlexVolumeSource{}.OpenAPIModelName(), corev1.FlockerVolumeSource{}.OpenAPIModelName(), corev1.GCEPersistentDiskVolumeSource{}.OpenAPIModelName(), corev1.GitRepoVolumeSource{}.OpenAPIModelName(), corev1.GlusterfsVolumeSource{}.OpenAPIModelName(), corev1.HostPathVolumeSource{}.OpenAPIModelName(), corev1.ISCSIVolumeSource{}.OpenAPIModelName(), corev1.ImageVolumeSource{}.OpenAPIModelName(), corev1.NFSVolumeSource{}.OpenAPIModelName(), corev1.PersistentVolumeClaimVolumeSource{}.OpenAPIModelName(), corev1.PhotonPersistentDiskVolumeSource{}.OpenAPIModelName(), corev1.PortworxVolumeSource{}.OpenAPIModelName(), corev1.ProjectedVolumeSource{}.OpenAPIModelName(), corev1.QuobyteVolumeSource{}.OpenAPIModelName(), corev1.RBDVolumeSource{}.OpenAPIModelName(), corev1.ScaleIOVolumeSource{}.OpenAPIModelName(), corev1.SecretVolumeSource{}.OpenAPIModelName(), corev1.StorageOSVolumeSource{}.OpenAPIModelName(), corev1.VsphereVirtualDiskVolumeSource{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.AWSElasticBlockStoreVolumeSource", "k8s.io/api/core/v1.AzureDiskVolumeSource", "k8s.io/api/core/v1.AzureFileVolumeSource", "k8s.io/api/core/v1.CSIVolumeSource", "k8s.io/api/core/v1.CephFSVolumeSource", "k8s.io/api/core/v1.CinderVolumeSource", "k8s.io/api/core/v1.ConfigMapVolumeSource", "k8s.io/api/core/v1.DownwardAPIVolumeSource", "k8s.io/api/core/v1.EmptyDirVolumeSource", "k8s.io/api/core/v1.EphemeralVolumeSource", "k8s.io/api/core/v1.FCVolumeSource", "k8s.io/api/core/v1.FlexVolumeSource", "k8s.io/api/core/v1.FlockerVolumeSource", "k8s.io/api/core/v1.GCEPersistentDiskVolumeSource", "k8s.io/api/core/v1.GitRepoVolumeSource", "k8s.io/api/core/v1.GlusterfsVolumeSource", "k8s.io/api/core/v1.HostPathVolumeSource", "k8s.io/api/core/v1.ISCSIVolumeSource", "k8s.io/api/core/v1.ImageVolumeSource", "k8s.io/api/core/v1.NFSVolumeSource", "k8s.io/api/core/v1.PersistentVolumeClaimVolumeSource", "k8s.io/api/core/v1.PhotonPersistentDiskVolumeSource", "k8s.io/api/core/v1.PortworxVolumeSource", "k8s.io/api/core/v1.ProjectedVolumeSource", "k8s.io/api/core/v1.QuobyteVolumeSource", "k8s.io/api/core/v1.RBDVolumeSource", "k8s.io/api/core/v1.ScaleIOVolumeSource", "k8s.io/api/core/v1.SecretVolumeSource", "k8s.io/api/core/v1.StorageOSVolumeSource", "k8s.io/api/core/v1.VsphereVirtualDiskVolumeSource"}, } } @@ -86742,14 +85365,14 @@ func schema_k8sio_api_core_v1_VolumeNodeAffinity(ref common.ReferenceCallback) c "required": { SchemaProps: spec.SchemaProps{ Description: "required specifies hard node constraints that must be met.", - Ref: ref(corev1.NodeSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NodeSelector"), }, }, }, }, }, Dependencies: []string{ - corev1.NodeSelector{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.NodeSelector"}, } } @@ -86763,44 +85386,44 @@ func schema_k8sio_api_core_v1_VolumeProjection(ref common.ReferenceCallback) com "secret": { SchemaProps: spec.SchemaProps{ Description: "secret information about the secret data to project", - Ref: ref(corev1.SecretProjection{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SecretProjection"), }, }, "downwardAPI": { SchemaProps: spec.SchemaProps{ Description: "downwardAPI information about the downwardAPI data to project", - Ref: ref(corev1.DownwardAPIProjection{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.DownwardAPIProjection"), }, }, "configMap": { SchemaProps: spec.SchemaProps{ Description: "configMap information about the configMap data to project", - Ref: ref(corev1.ConfigMapProjection{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ConfigMapProjection"), }, }, "serviceAccountToken": { SchemaProps: spec.SchemaProps{ Description: "serviceAccountToken is information about the serviceAccountToken data to project", - Ref: ref(corev1.ServiceAccountTokenProjection{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ServiceAccountTokenProjection"), }, }, "clusterTrustBundle": { SchemaProps: spec.SchemaProps{ Description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time.", - Ref: ref(corev1.ClusterTrustBundleProjection{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ClusterTrustBundleProjection"), }, }, "podCertificate": { SchemaProps: spec.SchemaProps{ Description: "Projects an auto-rotating credential bundle (private key and certificate chain) that the pod can use either as a TLS client or server.\n\nKubelet generates a private key and uses it to send a PodCertificateRequest to the named signer. Once the signer approves the request and issues a certificate chain, Kubelet writes the key and certificate chain to the pod filesystem. The pod does not start until certificates have been issued for each podCertificate projected volume source in its spec.\n\nKubelet will begin trying to rotate the certificate at the time indicated by the signer using the PodCertificateRequest.Status.BeginRefreshAt timestamp.\n\nKubelet can write a single file, indicated by the credentialBundlePath field, or separate files, indicated by the keyPath and certificateChainPath fields.\n\nThe credential bundle is a single file in PEM format. The first PEM entry is the private key (in PKCS#8 format), and the remaining PEM entries are the certificate chain issued by the signer (typically, signers will return their certificate chain in leaf-to-root order).\n\nPrefer using the credential bundle format, since your application code can read it atomically. If you use keyPath and certificateChainPath, your application must make two separate file reads. If these coincide with a certificate rotation, it is possible that the private key and leaf certificate you read may not correspond to each other. Your application will need to check for this condition, and re-read until they are consistent.\n\nThe named signer controls chooses the format of the certificate it issues; consult the signer implementation's documentation to learn how to use the certificates it issues.", - Ref: ref(corev1.PodCertificateProjection{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodCertificateProjection"), }, }, }, }, }, Dependencies: []string{ - corev1.ClusterTrustBundleProjection{}.OpenAPIModelName(), corev1.ConfigMapProjection{}.OpenAPIModelName(), corev1.DownwardAPIProjection{}.OpenAPIModelName(), corev1.PodCertificateProjection{}.OpenAPIModelName(), corev1.SecretProjection{}.OpenAPIModelName(), corev1.ServiceAccountTokenProjection{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.ClusterTrustBundleProjection", "k8s.io/api/core/v1.ConfigMapProjection", "k8s.io/api/core/v1.DownwardAPIProjection", "k8s.io/api/core/v1.PodCertificateProjection", "k8s.io/api/core/v1.SecretProjection", "k8s.io/api/core/v1.ServiceAccountTokenProjection"}, } } @@ -86819,7 +85442,7 @@ func schema_k8sio_api_core_v1_VolumeResourceRequirements(ref common.ReferenceCal Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -86833,7 +85456,7 @@ func schema_k8sio_api_core_v1_VolumeResourceRequirements(ref common.ReferenceCal Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref(resource.Quantity{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), }, }, }, @@ -86843,7 +85466,7 @@ func schema_k8sio_api_core_v1_VolumeResourceRequirements(ref common.ReferenceCal }, }, Dependencies: []string{ - resource.Quantity{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/api/resource.Quantity"}, } } @@ -86857,188 +85480,188 @@ func schema_k8sio_api_core_v1_VolumeSource(ref common.ReferenceCallback) common. "hostPath": { SchemaProps: spec.SchemaProps{ Description: "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - Ref: ref(corev1.HostPathVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.HostPathVolumeSource"), }, }, "emptyDir": { SchemaProps: spec.SchemaProps{ Description: "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - Ref: ref(corev1.EmptyDirVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EmptyDirVolumeSource"), }, }, "gcePersistentDisk": { SchemaProps: spec.SchemaProps{ Description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - Ref: ref(corev1.GCEPersistentDiskVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.GCEPersistentDiskVolumeSource"), }, }, "awsElasticBlockStore": { SchemaProps: spec.SchemaProps{ Description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - Ref: ref(corev1.AWSElasticBlockStoreVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.AWSElasticBlockStoreVolumeSource"), }, }, "gitRepo": { SchemaProps: spec.SchemaProps{ Description: "gitRepo represents a git repository at a particular revision. Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", - Ref: ref(corev1.GitRepoVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.GitRepoVolumeSource"), }, }, "secret": { SchemaProps: spec.SchemaProps{ Description: "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - Ref: ref(corev1.SecretVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.SecretVolumeSource"), }, }, "nfs": { SchemaProps: spec.SchemaProps{ Description: "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - Ref: ref(corev1.NFSVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.NFSVolumeSource"), }, }, "iscsi": { SchemaProps: spec.SchemaProps{ Description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi", - Ref: ref(corev1.ISCSIVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ISCSIVolumeSource"), }, }, "glusterfs": { SchemaProps: spec.SchemaProps{ Description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.", - Ref: ref(corev1.GlusterfsVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.GlusterfsVolumeSource"), }, }, "persistentVolumeClaim": { SchemaProps: spec.SchemaProps{ Description: "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - Ref: ref(corev1.PersistentVolumeClaimVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PersistentVolumeClaimVolumeSource"), }, }, "rbd": { SchemaProps: spec.SchemaProps{ Description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported.", - Ref: ref(corev1.RBDVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.RBDVolumeSource"), }, }, "flexVolume": { SchemaProps: spec.SchemaProps{ Description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", - Ref: ref(corev1.FlexVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.FlexVolumeSource"), }, }, "cinder": { SchemaProps: spec.SchemaProps{ Description: "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - Ref: ref(corev1.CinderVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.CinderVolumeSource"), }, }, "cephfs": { SchemaProps: spec.SchemaProps{ Description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", - Ref: ref(corev1.CephFSVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.CephFSVolumeSource"), }, }, "flocker": { SchemaProps: spec.SchemaProps{ Description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", - Ref: ref(corev1.FlockerVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.FlockerVolumeSource"), }, }, "downwardAPI": { SchemaProps: spec.SchemaProps{ Description: "downwardAPI represents downward API about the pod that should populate this volume", - Ref: ref(corev1.DownwardAPIVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.DownwardAPIVolumeSource"), }, }, "fc": { SchemaProps: spec.SchemaProps{ Description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", - Ref: ref(corev1.FCVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.FCVolumeSource"), }, }, "azureFile": { SchemaProps: spec.SchemaProps{ Description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver.", - Ref: ref(corev1.AzureFileVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.AzureFileVolumeSource"), }, }, "configMap": { SchemaProps: spec.SchemaProps{ Description: "configMap represents a configMap that should populate this volume", - Ref: ref(corev1.ConfigMapVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ConfigMapVolumeSource"), }, }, "vsphereVolume": { SchemaProps: spec.SchemaProps{ Description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver.", - Ref: ref(corev1.VsphereVirtualDiskVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.VsphereVirtualDiskVolumeSource"), }, }, "quobyte": { SchemaProps: spec.SchemaProps{ Description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", - Ref: ref(corev1.QuobyteVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.QuobyteVolumeSource"), }, }, "azureDisk": { SchemaProps: spec.SchemaProps{ Description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver.", - Ref: ref(corev1.AzureDiskVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.AzureDiskVolumeSource"), }, }, "photonPersistentDisk": { SchemaProps: spec.SchemaProps{ Description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", - Ref: ref(corev1.PhotonPersistentDiskVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PhotonPersistentDiskVolumeSource"), }, }, "projected": { SchemaProps: spec.SchemaProps{ Description: "projected items for all in one resources secrets, configmaps, and downward API", - Ref: ref(corev1.ProjectedVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ProjectedVolumeSource"), }, }, "portworxVolume": { SchemaProps: spec.SchemaProps{ Description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on.", - Ref: ref(corev1.PortworxVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PortworxVolumeSource"), }, }, "scaleIO": { SchemaProps: spec.SchemaProps{ Description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", - Ref: ref(corev1.ScaleIOVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ScaleIOVolumeSource"), }, }, "storageos": { SchemaProps: spec.SchemaProps{ Description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", - Ref: ref(corev1.StorageOSVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.StorageOSVolumeSource"), }, }, "csi": { SchemaProps: spec.SchemaProps{ Description: "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", - Ref: ref(corev1.CSIVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.CSIVolumeSource"), }, }, "ephemeral": { SchemaProps: spec.SchemaProps{ Description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed.\n\nUse this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information.\n\nA pod can use both types of ephemeral volumes and persistent volumes at the same time.", - Ref: ref(corev1.EphemeralVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.EphemeralVolumeSource"), }, }, "image": { SchemaProps: spec.SchemaProps{ Description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", - Ref: ref(corev1.ImageVolumeSource{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.ImageVolumeSource"), }, }, }, }, }, Dependencies: []string{ - corev1.AWSElasticBlockStoreVolumeSource{}.OpenAPIModelName(), corev1.AzureDiskVolumeSource{}.OpenAPIModelName(), corev1.AzureFileVolumeSource{}.OpenAPIModelName(), corev1.CSIVolumeSource{}.OpenAPIModelName(), corev1.CephFSVolumeSource{}.OpenAPIModelName(), corev1.CinderVolumeSource{}.OpenAPIModelName(), corev1.ConfigMapVolumeSource{}.OpenAPIModelName(), corev1.DownwardAPIVolumeSource{}.OpenAPIModelName(), corev1.EmptyDirVolumeSource{}.OpenAPIModelName(), corev1.EphemeralVolumeSource{}.OpenAPIModelName(), corev1.FCVolumeSource{}.OpenAPIModelName(), corev1.FlexVolumeSource{}.OpenAPIModelName(), corev1.FlockerVolumeSource{}.OpenAPIModelName(), corev1.GCEPersistentDiskVolumeSource{}.OpenAPIModelName(), corev1.GitRepoVolumeSource{}.OpenAPIModelName(), corev1.GlusterfsVolumeSource{}.OpenAPIModelName(), corev1.HostPathVolumeSource{}.OpenAPIModelName(), corev1.ISCSIVolumeSource{}.OpenAPIModelName(), corev1.ImageVolumeSource{}.OpenAPIModelName(), corev1.NFSVolumeSource{}.OpenAPIModelName(), corev1.PersistentVolumeClaimVolumeSource{}.OpenAPIModelName(), corev1.PhotonPersistentDiskVolumeSource{}.OpenAPIModelName(), corev1.PortworxVolumeSource{}.OpenAPIModelName(), corev1.ProjectedVolumeSource{}.OpenAPIModelName(), corev1.QuobyteVolumeSource{}.OpenAPIModelName(), corev1.RBDVolumeSource{}.OpenAPIModelName(), corev1.ScaleIOVolumeSource{}.OpenAPIModelName(), corev1.SecretVolumeSource{}.OpenAPIModelName(), corev1.StorageOSVolumeSource{}.OpenAPIModelName(), corev1.VsphereVirtualDiskVolumeSource{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.AWSElasticBlockStoreVolumeSource", "k8s.io/api/core/v1.AzureDiskVolumeSource", "k8s.io/api/core/v1.AzureFileVolumeSource", "k8s.io/api/core/v1.CSIVolumeSource", "k8s.io/api/core/v1.CephFSVolumeSource", "k8s.io/api/core/v1.CinderVolumeSource", "k8s.io/api/core/v1.ConfigMapVolumeSource", "k8s.io/api/core/v1.DownwardAPIVolumeSource", "k8s.io/api/core/v1.EmptyDirVolumeSource", "k8s.io/api/core/v1.EphemeralVolumeSource", "k8s.io/api/core/v1.FCVolumeSource", "k8s.io/api/core/v1.FlexVolumeSource", "k8s.io/api/core/v1.FlockerVolumeSource", "k8s.io/api/core/v1.GCEPersistentDiskVolumeSource", "k8s.io/api/core/v1.GitRepoVolumeSource", "k8s.io/api/core/v1.GlusterfsVolumeSource", "k8s.io/api/core/v1.HostPathVolumeSource", "k8s.io/api/core/v1.ISCSIVolumeSource", "k8s.io/api/core/v1.ImageVolumeSource", "k8s.io/api/core/v1.NFSVolumeSource", "k8s.io/api/core/v1.PersistentVolumeClaimVolumeSource", "k8s.io/api/core/v1.PhotonPersistentDiskVolumeSource", "k8s.io/api/core/v1.PortworxVolumeSource", "k8s.io/api/core/v1.ProjectedVolumeSource", "k8s.io/api/core/v1.QuobyteVolumeSource", "k8s.io/api/core/v1.RBDVolumeSource", "k8s.io/api/core/v1.ScaleIOVolumeSource", "k8s.io/api/core/v1.SecretVolumeSource", "k8s.io/api/core/v1.StorageOSVolumeSource", "k8s.io/api/core/v1.VsphereVirtualDiskVolumeSource"}, } } @@ -87104,7 +85727,7 @@ func schema_k8sio_api_core_v1_WeightedPodAffinityTerm(ref common.ReferenceCallba SchemaProps: spec.SchemaProps{ Description: "Required. A pod affinity term, associated with the corresponding weight.", Default: map[string]interface{}{}, - Ref: ref(corev1.PodAffinityTerm{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/core/v1.PodAffinityTerm"), }, }, }, @@ -87112,7 +85735,7 @@ func schema_k8sio_api_core_v1_WeightedPodAffinityTerm(ref common.ReferenceCallba }, }, Dependencies: []string{ - corev1.PodAffinityTerm{}.OpenAPIModelName()}, + "k8s.io/api/core/v1.PodAffinityTerm"}, } } @@ -87157,43 +85780,6 @@ func schema_k8sio_api_core_v1_WindowsSecurityContextOptions(ref common.Reference } } -func schema_k8sio_api_core_v1_WorkloadReference(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "WorkloadReference identifies the Workload object and PodGroup membership that a Pod belongs to. The scheduler uses this information to apply workload-aware scheduling semantics.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "name": { - SchemaProps: spec.SchemaProps{ - Description: "Name defines the name of the Workload object this Pod belongs to. Workload must be in the same namespace as the Pod. If it doesn't match any existing Workload, the Pod will remain unschedulable until a Workload object is created and observed by the kube-scheduler. It must be a DNS subdomain.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "podGroup": { - SchemaProps: spec.SchemaProps{ - Description: "PodGroup is the name of the PodGroup within the Workload that this Pod belongs to. If it doesn't match any existing PodGroup within the Workload, the Pod will remain unschedulable until the Workload object is recreated and observed by the kube-scheduler. It must be a DNS label.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "podGroupReplicaKey": { - SchemaProps: spec.SchemaProps{ - Description: "PodGroupReplicaKey specifies the replica key of the PodGroup to which this Pod belongs. It is used to distinguish pods belonging to different replicas of the same pod group. The pod group policy is applied separately to each replica. When set, it must be a DNS label.", - Type: []string{"string"}, - Format: "", - }, - }, - }, - Required: []string{"name", "podGroup"}, - }, - }, - } -} - func schema_k8sio_api_rbac_v1_AggregationRule(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -87214,7 +85800,7 @@ func schema_k8sio_api_rbac_v1_AggregationRule(ref common.ReferenceCallback) comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), }, }, }, @@ -87224,7 +85810,7 @@ func schema_k8sio_api_rbac_v1_AggregationRule(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - metav1.LabelSelector{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } @@ -87253,7 +85839,7 @@ func schema_k8sio_api_rbac_v1_ClusterRole(ref common.ReferenceCallback) common.O SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata.", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "rules": { @@ -87269,7 +85855,7 @@ func schema_k8sio_api_rbac_v1_ClusterRole(ref common.ReferenceCallback) common.O Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(rbacv1.PolicyRule{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/rbac/v1.PolicyRule"), }, }, }, @@ -87278,14 +85864,14 @@ func schema_k8sio_api_rbac_v1_ClusterRole(ref common.ReferenceCallback) common.O "aggregationRule": { SchemaProps: spec.SchemaProps{ Description: "AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller.", - Ref: ref(rbacv1.AggregationRule{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/rbac/v1.AggregationRule"), }, }, }, }, }, Dependencies: []string{ - rbacv1.AggregationRule{}.OpenAPIModelName(), rbacv1.PolicyRule{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/rbac/v1.AggregationRule", "k8s.io/api/rbac/v1.PolicyRule", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -87314,7 +85900,7 @@ func schema_k8sio_api_rbac_v1_ClusterRoleBinding(ref common.ReferenceCallback) c SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata.", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "subjects": { @@ -87330,7 +85916,7 @@ func schema_k8sio_api_rbac_v1_ClusterRoleBinding(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(rbacv1.Subject{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/rbac/v1.Subject"), }, }, }, @@ -87340,7 +85926,7 @@ func schema_k8sio_api_rbac_v1_ClusterRoleBinding(ref common.ReferenceCallback) c SchemaProps: spec.SchemaProps{ Description: "RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable.", Default: map[string]interface{}{}, - Ref: ref(rbacv1.RoleRef{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/rbac/v1.RoleRef"), }, }, }, @@ -87348,7 +85934,7 @@ func schema_k8sio_api_rbac_v1_ClusterRoleBinding(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - rbacv1.RoleRef{}.OpenAPIModelName(), rbacv1.Subject{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/rbac/v1.RoleRef", "k8s.io/api/rbac/v1.Subject", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -87377,7 +85963,7 @@ func schema_k8sio_api_rbac_v1_ClusterRoleBindingList(ref common.ReferenceCallbac SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata.", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -87388,7 +85974,7 @@ func schema_k8sio_api_rbac_v1_ClusterRoleBindingList(ref common.ReferenceCallbac Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(rbacv1.ClusterRoleBinding{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/rbac/v1.ClusterRoleBinding"), }, }, }, @@ -87399,7 +85985,7 @@ func schema_k8sio_api_rbac_v1_ClusterRoleBindingList(ref common.ReferenceCallbac }, }, Dependencies: []string{ - rbacv1.ClusterRoleBinding{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + "k8s.io/api/rbac/v1.ClusterRoleBinding", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -87428,7 +86014,7 @@ func schema_k8sio_api_rbac_v1_ClusterRoleList(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata.", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -87439,7 +86025,7 @@ func schema_k8sio_api_rbac_v1_ClusterRoleList(ref common.ReferenceCallback) comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(rbacv1.ClusterRole{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/rbac/v1.ClusterRole"), }, }, }, @@ -87450,7 +86036,7 @@ func schema_k8sio_api_rbac_v1_ClusterRoleList(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - rbacv1.ClusterRole{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + "k8s.io/api/rbac/v1.ClusterRole", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -87593,7 +86179,7 @@ func schema_k8sio_api_rbac_v1_Role(ref common.ReferenceCallback) common.OpenAPID SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata.", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "rules": { @@ -87609,7 +86195,7 @@ func schema_k8sio_api_rbac_v1_Role(ref common.ReferenceCallback) common.OpenAPID Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(rbacv1.PolicyRule{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/rbac/v1.PolicyRule"), }, }, }, @@ -87619,7 +86205,7 @@ func schema_k8sio_api_rbac_v1_Role(ref common.ReferenceCallback) common.OpenAPID }, }, Dependencies: []string{ - rbacv1.PolicyRule{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/rbac/v1.PolicyRule", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -87648,7 +86234,7 @@ func schema_k8sio_api_rbac_v1_RoleBinding(ref common.ReferenceCallback) common.O SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata.", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, "subjects": { @@ -87664,7 +86250,7 @@ func schema_k8sio_api_rbac_v1_RoleBinding(ref common.ReferenceCallback) common.O Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(rbacv1.Subject{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/rbac/v1.Subject"), }, }, }, @@ -87674,7 +86260,7 @@ func schema_k8sio_api_rbac_v1_RoleBinding(ref common.ReferenceCallback) common.O SchemaProps: spec.SchemaProps{ Description: "RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable.", Default: map[string]interface{}{}, - Ref: ref(rbacv1.RoleRef{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/rbac/v1.RoleRef"), }, }, }, @@ -87682,7 +86268,7 @@ func schema_k8sio_api_rbac_v1_RoleBinding(ref common.ReferenceCallback) common.O }, }, Dependencies: []string{ - rbacv1.RoleRef{}.OpenAPIModelName(), rbacv1.Subject{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/api/rbac/v1.RoleRef", "k8s.io/api/rbac/v1.Subject", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -87711,7 +86297,7 @@ func schema_k8sio_api_rbac_v1_RoleBindingList(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata.", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -87722,7 +86308,7 @@ func schema_k8sio_api_rbac_v1_RoleBindingList(ref common.ReferenceCallback) comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(rbacv1.RoleBinding{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/rbac/v1.RoleBinding"), }, }, }, @@ -87733,7 +86319,7 @@ func schema_k8sio_api_rbac_v1_RoleBindingList(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - rbacv1.RoleBinding{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + "k8s.io/api/rbac/v1.RoleBinding", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -87762,7 +86348,7 @@ func schema_k8sio_api_rbac_v1_RoleList(ref common.ReferenceCallback) common.Open SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata.", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -87773,7 +86359,7 @@ func schema_k8sio_api_rbac_v1_RoleList(ref common.ReferenceCallback) common.Open Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(rbacv1.Role{}.OpenAPIModelName()), + Ref: ref("k8s.io/api/rbac/v1.Role"), }, }, }, @@ -87784,7 +86370,7 @@ func schema_k8sio_api_rbac_v1_RoleList(ref common.ReferenceCallback) common.Open }, }, Dependencies: []string{ - rbacv1.Role{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, + "k8s.io/api/rbac/v1.Role", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } @@ -87970,7 +86556,7 @@ func schema_pkg_apis_meta_v1_APIGroup(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.GroupVersionForDiscovery{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionForDiscovery"), }, }, }, @@ -87980,7 +86566,7 @@ func schema_pkg_apis_meta_v1_APIGroup(ref common.ReferenceCallback) common.OpenA SchemaProps: spec.SchemaProps{ Description: "preferredVersion is the version preferred by the API server, which probably is the storage version.", Default: map[string]interface{}{}, - Ref: ref(metav1.GroupVersionForDiscovery{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionForDiscovery"), }, }, "serverAddressByClientCIDRs": { @@ -87996,7 +86582,7 @@ func schema_pkg_apis_meta_v1_APIGroup(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.ServerAddressByClientCIDR{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ServerAddressByClientCIDR"), }, }, }, @@ -88007,7 +86593,7 @@ func schema_pkg_apis_meta_v1_APIGroup(ref common.ReferenceCallback) common.OpenA }, }, Dependencies: []string{ - metav1.GroupVersionForDiscovery{}.OpenAPIModelName(), metav1.ServerAddressByClientCIDR{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionForDiscovery", "k8s.io/apimachinery/pkg/apis/meta/v1.ServerAddressByClientCIDR"}, } } @@ -88045,7 +86631,7 @@ func schema_pkg_apis_meta_v1_APIGroupList(ref common.ReferenceCallback) common.O Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.APIGroup{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.APIGroup"), }, }, }, @@ -88056,7 +86642,7 @@ func schema_pkg_apis_meta_v1_APIGroupList(ref common.ReferenceCallback) common.O }, }, Dependencies: []string{ - metav1.APIGroup{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroup"}, } } @@ -88224,7 +86810,7 @@ func schema_pkg_apis_meta_v1_APIResourceList(ref common.ReferenceCallback) commo Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.APIResource{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.APIResource"), }, }, }, @@ -88235,7 +86821,7 @@ func schema_pkg_apis_meta_v1_APIResourceList(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - metav1.APIResource{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.APIResource"}, } } @@ -88293,7 +86879,7 @@ func schema_pkg_apis_meta_v1_APIVersions(ref common.ReferenceCallback) common.Op Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.ServerAddressByClientCIDR{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ServerAddressByClientCIDR"), }, }, }, @@ -88304,7 +86890,7 @@ func schema_pkg_apis_meta_v1_APIVersions(ref common.ReferenceCallback) common.Op }, }, Dependencies: []string{ - metav1.ServerAddressByClientCIDR{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ServerAddressByClientCIDR"}, } } @@ -88405,7 +86991,7 @@ func schema_pkg_apis_meta_v1_Condition(ref common.ReferenceCallback) common.Open "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "reason": { @@ -88429,7 +87015,7 @@ func schema_pkg_apis_meta_v1_Condition(ref common.ReferenceCallback) common.Open }, }, Dependencies: []string{ - metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -88525,7 +87111,7 @@ func schema_pkg_apis_meta_v1_DeleteOptions(ref common.ReferenceCallback) common. "preconditions": { SchemaProps: spec.SchemaProps{ Description: "Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be returned.", - Ref: ref(metav1.Preconditions{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Preconditions"), }, }, "orphanDependents": { @@ -88573,7 +87159,7 @@ func schema_pkg_apis_meta_v1_DeleteOptions(ref common.ReferenceCallback) common. }, }, Dependencies: []string{ - metav1.Preconditions{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.Preconditions"}, } } @@ -88885,12 +87471,15 @@ func schema_pkg_apis_meta_v1_InternalEvent(ref common.ReferenceCallback) common. "Object": { SchemaProps: spec.SchemaProps{ Description: "Object is:\n * If Type is Added or Modified: the new state of the object.\n * If Type is Deleted: the state of the object immediately before deletion.\n * If Type is Bookmark: the object (instance of a type being watched) where\n only ResourceVersion field is set. On successful restart of watch from a\n bookmark resourceVersion, client is guaranteed to not get repeat event\n nor miss any events.\n * If Type is Error: *api.Status is recommended; other types may make sense\n depending on context.", + Ref: ref("k8s.io/apimachinery/pkg/runtime.Object"), }, }, }, Required: []string{"Type", "Object"}, }, }, + Dependencies: []string{ + "k8s.io/apimachinery/pkg/runtime.Object"}, } } @@ -88930,7 +87519,7 @@ func schema_pkg_apis_meta_v1_LabelSelector(ref common.ReferenceCallback) common. Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.LabelSelectorRequirement{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement"), }, }, }, @@ -88945,7 +87534,7 @@ func schema_pkg_apis_meta_v1_LabelSelector(ref common.ReferenceCallback) common. }, }, Dependencies: []string{ - metav1.LabelSelectorRequirement{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement"}, } } @@ -89024,7 +87613,7 @@ func schema_pkg_apis_meta_v1_List(ref common.ReferenceCallback) common.OpenAPIDe SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -89034,7 +87623,7 @@ func schema_pkg_apis_meta_v1_List(ref common.ReferenceCallback) common.OpenAPIDe Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -89045,7 +87634,7 @@ func schema_pkg_apis_meta_v1_List(ref common.ReferenceCallback) common.OpenAPIDe }, }, Dependencies: []string{ - metav1.ListMeta{}.OpenAPIModelName(), runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -89218,7 +87807,7 @@ func schema_pkg_apis_meta_v1_ManagedFieldsEntry(ref common.ReferenceCallback) co "time": { SchemaProps: spec.SchemaProps{ Description: "Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over.", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "fieldsType": { @@ -89231,7 +87820,7 @@ func schema_pkg_apis_meta_v1_ManagedFieldsEntry(ref common.ReferenceCallback) co "fieldsV1": { SchemaProps: spec.SchemaProps{ Description: "FieldsV1 holds the first JSON version format as described in the \"FieldsV1\" type.", - Ref: ref(metav1.FieldsV1{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.FieldsV1"), }, }, "subresource": { @@ -89245,7 +87834,7 @@ func schema_pkg_apis_meta_v1_ManagedFieldsEntry(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - metav1.FieldsV1{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.FieldsV1", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -89320,13 +87909,13 @@ func schema_pkg_apis_meta_v1_ObjectMeta(ref common.ReferenceCallback) common.Ope "creationTimestamp": { SchemaProps: spec.SchemaProps{ Description: "CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "deletionTimestamp": { SchemaProps: spec.SchemaProps{ Description: "DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Ref: ref(metav1.Time{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, "deletionGracePeriodSeconds": { @@ -89386,7 +87975,7 @@ func schema_pkg_apis_meta_v1_ObjectMeta(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.OwnerReference{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference"), }, }, }, @@ -89426,7 +88015,7 @@ func schema_pkg_apis_meta_v1_ObjectMeta(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.ManagedFieldsEntry{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ManagedFieldsEntry"), }, }, }, @@ -89436,7 +88025,7 @@ func schema_pkg_apis_meta_v1_ObjectMeta(ref common.ReferenceCallback) common.Ope }, }, Dependencies: []string{ - metav1.ManagedFieldsEntry{}.OpenAPIModelName(), metav1.OwnerReference{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ManagedFieldsEntry", "k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } @@ -89530,14 +88119,14 @@ func schema_pkg_apis_meta_v1_PartialObjectMetadata(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), }, }, }, }, }, Dependencies: []string{ - metav1.ObjectMeta{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } @@ -89566,7 +88155,7 @@ func schema_pkg_apis_meta_v1_PartialObjectMetadataList(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "items": { @@ -89577,7 +88166,7 @@ func schema_pkg_apis_meta_v1_PartialObjectMetadataList(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.PartialObjectMetadata{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadata"), }, }, }, @@ -89588,7 +88177,7 @@ func schema_pkg_apis_meta_v1_PartialObjectMetadataList(ref common.ReferenceCallb }, }, Dependencies: []string{ - metav1.ListMeta{}.OpenAPIModelName(), metav1.PartialObjectMetadata{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta", "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadata"}, } } @@ -89787,7 +88376,7 @@ func schema_pkg_apis_meta_v1_Status(ref common.ReferenceCallback) common.OpenAPI SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "status": { @@ -89812,9 +88401,14 @@ func schema_pkg_apis_meta_v1_Status(ref common.ReferenceCallback) common.OpenAPI }, }, "details": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "Extended data associated with the reason. Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type.", - Ref: ref(metav1.StatusDetails{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.StatusDetails"), }, }, "code": { @@ -89828,7 +88422,7 @@ func schema_pkg_apis_meta_v1_Status(ref common.ReferenceCallback) common.OpenAPI }, }, Dependencies: []string{ - metav1.ListMeta{}.OpenAPIModelName(), metav1.StatusDetails{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta", "k8s.io/apimachinery/pkg/apis/meta/v1.StatusDetails"}, } } @@ -89914,7 +88508,7 @@ func schema_pkg_apis_meta_v1_StatusDetails(ref common.ReferenceCallback) common. Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.StatusCause{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.StatusCause"), }, }, }, @@ -89931,7 +88525,7 @@ func schema_pkg_apis_meta_v1_StatusDetails(ref common.ReferenceCallback) common. }, }, Dependencies: []string{ - metav1.StatusCause{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.StatusCause"}, } } @@ -89960,7 +88554,7 @@ func schema_pkg_apis_meta_v1_Table(ref common.ReferenceCallback) common.OpenAPID SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), }, }, "columnDefinitions": { @@ -89976,7 +88570,7 @@ func schema_pkg_apis_meta_v1_Table(ref common.ReferenceCallback) common.OpenAPID Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.TableColumnDefinition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.TableColumnDefinition"), }, }, }, @@ -89995,7 +88589,7 @@ func schema_pkg_apis_meta_v1_Table(ref common.ReferenceCallback) common.OpenAPID Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.TableRow{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.TableRow"), }, }, }, @@ -90006,7 +88600,7 @@ func schema_pkg_apis_meta_v1_Table(ref common.ReferenceCallback) common.OpenAPID }, }, Dependencies: []string{ - metav1.ListMeta{}.OpenAPIModelName(), metav1.TableColumnDefinition{}.OpenAPIModelName(), metav1.TableRow{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta", "k8s.io/apimachinery/pkg/apis/meta/v1.TableColumnDefinition", "k8s.io/apimachinery/pkg/apis/meta/v1.TableRow"}, } } @@ -90137,7 +88731,7 @@ func schema_pkg_apis_meta_v1_TableRow(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref(metav1.TableRowCondition{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.TableRowCondition"), }, }, }, @@ -90146,7 +88740,7 @@ func schema_pkg_apis_meta_v1_TableRow(ref common.ReferenceCallback) common.OpenA "object": { SchemaProps: spec.SchemaProps{ Description: "This field contains the requested additional information about each object based on the includeObject policy when requesting the Table. If \"None\", this field is empty, if \"Object\" this will be the default serialization of the object for the current API version, and if \"Metadata\" (the default) will contain the object metadata. Check the returned kind and apiVersion of the object before parsing. The media type of the object will always match the enclosing list - if this as a JSON table, these will be JSON encoded objects.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -90154,7 +88748,7 @@ func schema_pkg_apis_meta_v1_TableRow(ref common.ReferenceCallback) common.OpenA }, }, Dependencies: []string{ - metav1.TableRowCondition{}.OpenAPIModelName(), runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/apis/meta/v1.TableRowCondition", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } @@ -90349,7 +88943,7 @@ func schema_pkg_apis_meta_v1_WatchEvent(ref common.ReferenceCallback) common.Ope "object": { SchemaProps: spec.SchemaProps{ Description: "Object is:\n * If Type is Added or Modified: the new state of the object.\n * If Type is Deleted: the state of the object immediately before deletion.\n * If Type is Error: *Status is recommended; other types may make sense\n depending on context.", - Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -90357,7 +88951,7 @@ func schema_pkg_apis_meta_v1_WatchEvent(ref common.ReferenceCallback) common.Ope }, }, Dependencies: []string{ - runtime.RawExtension{}.OpenAPIModelName()}, + "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } diff --git a/openapi/openapi.json b/openapi/openapi.json index 3f53ca99ad4..6370299e664 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -6,507 +6,288 @@ }, "paths": null, "definitions": { - "APIGroup.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "APIGroup contains the name, the supported versions, and the preferred version of a group.", + "com.github.openshift.api.apiextensions.v1alpha1.APIExcludedField": { + "description": "APIExcludedField describes a field in the schema which will not be validated by crdSchemaValidation or objectSchemaValidation.", "type": "object", "required": [ - "name", - "versions" + "path" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "path": { + "description": "path is the path to the field in the schema. Paths are dot-separated field names (e.g., \"fieldA.fieldB.fieldC\") representing nested object fields. If part of the path is a slice (e.g., \"status.conditions\") the remaining path is applied to all items in the slice (e.g., \"status.conditions.lastTransitionTimestamp\"). Each field name must be a valid Kubernetes CRD field name: start with a letter, contain only letters, digits, and underscores, and be between 1 and 63 characters in length. A path may contain at most 16 fields.", "type": "string" }, - "name": { - "description": "name is the name of the group.", - "type": "string", - "default": "" - }, - "preferredVersion": { - "description": "preferredVersion is the version preferred by the API server, which probably is the storage version.", - "default": {}, - "$ref": "#/definitions/GroupVersionForDiscovery.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "serverAddressByClientCIDRs": { - "description": "a map of client CIDR to server address that is serving this group. This is to help clients reach servers in the most network-efficient way possible. Clients can use the appropriate server address as per the CIDR that they match. In case of multiple matches, clients should use the longest matching CIDR. The server returns only those CIDRs that it thinks that the client can match. For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/ServerAddressByClientCIDR.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-type": "atomic" - }, "versions": { - "description": "versions are the versions supported in this group.", + "description": "versions are the API versions the field is excluded from. When not specified, the field is excluded from all versions.\n\nEach item must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character. At most 32 versions may be specified.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/GroupVersionForDiscovery.v1.meta.apis.pkg.apimachinery.k8s.io" + "type": "string", + "default": "" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-type": "set" } } }, - "APIGroupList.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "APIGroupList is a list of APIGroup, to allow clients to discover the API at /apis.", + "com.github.openshift.api.apiextensions.v1alpha1.APIVersions": { + "description": "APIVersions specifies a set of API versions of a CRD.", "type": "object", "required": [ - "groups" + "defaultSelection" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "groups": { - "description": "groups is a list of APIGroup.", + "additionalVersions": { + "description": "additionalVersions specifies a set api versions to require in addition to the default selection. It is explicitly permitted to specify a version in additionalVersions which was also selected by the default selection. The selections will be merged and deduplicated.\n\nEach item must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character.// with an alphabetic character and end with an alphanumeric character. At most 32 additional versions may be specified.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/APIGroup.v1.meta.apis.pkg.apimachinery.k8s.io" + "type": "string", + "default": "" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-type": "set" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "defaultSelection": { + "description": "defaultSelection specifies a method for automatically selecting a set of versions to require.\n\nValid options are StorageOnly and AllServed. When set to StorageOnly, only the storage version is selected for compatibility assessment. When set to AllServed, all served versions are selected for compatibility assessment.\n\nThis field is required.", "type": "string" } } }, - "APIResource.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "APIResource specifies the name of a resource and whether it is namespaced.", + "com.github.openshift.api.apiextensions.v1alpha1.CRDData": { + "description": "CRDData contains the complete definition of a CRD.", "type": "object", "required": [ - "name", - "singularName", - "namespaced", - "kind", - "verbs" + "type", + "data" ], "properties": { - "categories": { - "description": "categories is a list of the grouped resources this resource belongs to (e.g. 'all')", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "group": { - "description": "group is the preferred group of the resource. Empty implies the group of the containing resource list. For subresources, this may have a different value, for example: Scale\".", - "type": "string" - }, - "kind": { - "description": "kind is the kind for the resource (e.g. 'Foo' is the kind for a resource 'foo')", - "type": "string", - "default": "" - }, - "name": { - "description": "name is the plural name of the resource.", - "type": "string", - "default": "" - }, - "namespaced": { - "description": "namespaced indicates if a resource is namespaced or not.", - "type": "boolean", - "default": false - }, - "shortNames": { - "description": "shortNames is a list of suggested short names of the resource.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "singularName": { - "description": "singularName is the singular name of the resource. This allows clients to handle plural and singular opaquely. The singularName is more correct for reporting status on a single item and both singular and plural are allowed from the kubectl CLI interface.", - "type": "string", - "default": "" - }, - "storageVersionHash": { - "description": "The hash value of the storage version, the version this resource is converted to when written to the data store. Value must be treated as opaque by clients. Only equality comparison on the value is valid. This is an alpha feature and may change or be removed in the future. The field is populated by the apiserver only if the StorageVersionHash feature gate is enabled. This field will remain optional even if it graduates.", + "data": { + "description": "data contains the complete definition of the CRD. This field must be in the format specified by the type field. It may not be longer than 1572864 characters. This field is required.", "type": "string" }, - "verbs": { - "description": "verbs is a list of supported kube verbs (this includes get, list, watch, create, update, patch, delete, deletecollection, and proxy)", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "version": { - "description": "version is the preferred version of the resource. Empty implies the version of the containing resource list For subresources, this may have a different value, for example: v1 (while inside a v1beta1 version of the core resource's group)\".", + "type": { + "description": "type indicates the type of the CRD data. The only supported type is \"YAML\". This field is required.", "type": "string" } } }, - "APIResourceList.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "APIResourceList is a list of APIResource, it is used to expose the name of the resources supported in a specific group and version, and if the resource is namespaced.", + "com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirement": { + "description": "CompatibilityRequirement expresses a set of requirements on a target CRD. It is used to ensure compatibility between different actors using the same CRD.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "groupVersion", - "resources" + "metadata", + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "groupVersion": { - "description": "groupVersion is the group and version this APIResourceList is for.", - "type": "string", - "default": "" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "resources": { - "description": "resources contains the name of the resources and if they are namespaced.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/APIResource.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec is the specification of the desired behavior of the Compatibility Requirement.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirementSpec" + }, + "status": { + "description": "status is the most recently observed status of the Compatibility Requirement.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirementStatus" } } }, - "APIVersions.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "APIVersions lists the versions that are available, to allow clients to discover the API at /api, which is the root path of the legacy v1 API.", + "com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirementList": { + "description": "CompatibilityRequirementList is a collection of CompatibilityRequirements.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", - "required": [ - "versions", - "serverAddressByClientCIDRs" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "serverAddressByClientCIDRs": { - "description": "a map of client CIDR to server address that is serving this group. This is to help clients reach servers in the most network-efficient way possible. Clients can use the appropriate server address as per the CIDR that they match. In case of multiple matches, clients should use the longest matching CIDR. The server returns only those CIDRs that it thinks that the client can match. For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP.", + "items": { + "description": "items is a list of CompatibilityRequirements.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/ServerAddressByClientCIDR.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirement" + } }, - "versions": { - "description": "versions are the api versions that are available.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "AWSElasticBlockStoreVolumeSource.v1.core.api.k8s.io": { - "description": "Represents a Persistent Disk resource in AWS.\n\nAn AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.", - "type": "object", - "required": [ - "volumeID" - ], - "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "partition": { - "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", - "type": "integer", - "format": "int32" - }, - "readOnly": { - "description": "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "boolean" - }, - "volumeID": { - "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "Affinity.v1.core.api.k8s.io": { - "description": "Affinity is a group of affinity scheduling rules.", + "com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirementSpec": { + "description": "CompatibilityRequirementSpec is the specification of the desired behavior of the Compatibility Requirement.", "type": "object", + "required": [ + "compatibilitySchema" + ], "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "$ref": "#/definitions/NodeAffinity.v1.core.api.k8s.io" + "compatibilitySchema": { + "description": "compatibilitySchema defines the schema used by customResourceDefinitionSchemaValidation and objectSchemaValidation. This field is required.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.CompatibilitySchema" }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "$ref": "#/definitions/PodAffinity.v1.core.api.k8s.io" + "customResourceDefinitionSchemaValidation": { + "description": "customResourceDefinitionSchemaValidation ensures that updates to the installed CRD are compatible with this compatibility requirement. If not specified, admission of the target CRD will not be validated. This field is optional.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.CustomResourceDefinitionSchemaValidation" }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "$ref": "#/definitions/PodAntiAffinity.v1.core.api.k8s.io" + "objectSchemaValidation": { + "description": "objectSchemaValidation ensures that matching resources conform to compatibilitySchema. If not specified, admission of matching resources will not be validated. This field is optional.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.ObjectSchemaValidation" } } }, - "AggregationRule.v1.rbac.api.k8s.io": { - "description": "AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole", + "com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirementStatus": { + "description": "CompatibilityRequirementStatus defines the observed status of the Compatibility Requirement.", "type": "object", "properties": { - "clusterRoleSelectors": { - "description": "ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. If any of the selectors match, then the ClusterRole's permissions will be added", + "conditions": { + "description": "conditions is a list of conditions and their status. Known condition types are Progressing, Admitted, and Compatible.\n\nThe Progressing condition indicates if reconciliation of a CompatibilityRequirement is still progressing or has finished.\n\nThe Admitted condition indicates if the validating webhook has been configured.\n\nThe Compatible condition indicates if the observed CRD is compatible with the requirement.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "AppArmorProfile.v1.core.api.k8s.io": { - "description": "AppArmorProfile defines a pod or container's AppArmor settings.", - "type": "object", - "required": [ - "type" - ], - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is \"Localhost\".", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "crdName": { + "description": "crdName is the name of the target CRD. The target CRD is not required to exist, as we may legitimately place requirements on it before it is created. The observed CRD is given in status.observedCRD, which will be empty if no CRD is observed. When present, must be between 1 and 253 characters and conform to RFC 1123 subdomain format: lowercase alphanumeric characters, '-' or '.', starting and ending with alphanumeric characters. When not specified, the requirement applies to any CRD name discovered from the compatibility schema. This field is optional. Once set, the value cannot be changed and must always remain set.", "type": "string" }, - "type": { - "description": "type indicates which kind of AppArmor profile will be applied. Valid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.\n\nPossible enum values:\n - `\"Localhost\"` indicates that a profile pre-loaded on the node should be used.\n - `\"RuntimeDefault\"` indicates that the container runtime's default AppArmor profile should be used.\n - `\"Unconfined\"` indicates that no AppArmor profile should be enforced.", - "type": "string", - "default": "", - "enum": [ - "Localhost", - "RuntimeDefault", - "Unconfined" - ] - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "localhostProfile": "LocalhostProfile" - } + "observedCRD": { + "description": "observedCRD documents the uid and generation of the CRD object when the current status was written. This field will be omitted if the target CRD does not exist or could not be retrieved.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.ObservedCRD" } - ] + } }, - "ApplyOptions.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "ApplyOptions may be provided when applying an API object. FieldManager is required for apply requests. ApplyOptions is equivalent to PatchOptions. It is provided as a convenience with documentation that speaks specifically to how the options fields relate to apply.", + "com.github.openshift.api.apiextensions.v1alpha1.CompatibilitySchema": { + "description": "CompatibilitySchema defines the schema used by crdSchemaValidation and objectSchemaValidation.", "type": "object", "required": [ - "force", - "fieldManager" + "customResourceDefinition", + "requiredVersions" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "customResourceDefinition": { + "description": "customResourceDefinition contains the complete definition of the CRD for schema and object validation purposes. This field is required.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.CRDData" }, - "dryRun": { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "excludedFields": { + "description": "excludedFields is a set of fields in the schema which will not be validated by crdSchemaValidation or objectSchemaValidation. The list may contain at most 64 fields. When not specified, all fields in the schema will be validated.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.APIExcludedField" }, "x-kubernetes-list-type": "atomic" }, - "fieldManager": { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required.", - "type": "string", - "default": "" - }, - "force": { - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people.", - "type": "boolean", - "default": false - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "requiredVersions": { + "description": "requiredVersions specifies a subset of the CRD's API versions which will be asserted for compatibility. This field is required.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.APIVersions" } } }, - "AttachedVolume.v1.core.api.k8s.io": { - "description": "AttachedVolume describes a volume attached to a node", + "com.github.openshift.api.apiextensions.v1alpha1.CustomResourceDefinitionSchemaValidation": { + "description": "CustomResourceDefinitionSchemaValidation ensures that updates to the installed CRD are compatible with this compatibility requirement.", "type": "object", "required": [ - "name", - "devicePath" + "action" ], "properties": { - "devicePath": { - "description": "DevicePath represents the device path where the volume should be available", - "type": "string", - "default": "" - }, - "name": { - "description": "Name of the attached volume", + "action": { + "description": "action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). Valid options are Deny and Warn. When set to Deny, incompatible CRDs will be rejected and not admitted to the cluster. When set to Warn, incompatible CRDs will be allowed but a warning will be generated in the API response. This field is required.\n\nPossible enum values:\n - `\"Deny\"` means that incompatible CRDs will be rejected.\n - `\"Warn\"` means that incompatible CRDs will be allowed but a warning will be generated.", "type": "string", - "default": "" + "enum": [ + "Deny", + "Warn" + ] } } }, - "AuditAnnotation.v1.admissionregistration.api.k8s.io": { - "description": "AuditAnnotation describes how to produce an audit annotation for an API request.", + "com.github.openshift.api.apiextensions.v1alpha1.ObjectSchemaValidation": { + "description": "ObjectSchemaValidation ensures that matching objects conform to the compatibilitySchema.", "type": "object", "required": [ - "key", - "valueExpression" + "action" ], "properties": { - "key": { - "description": "key specifies the audit annotation key. The audit annotation keys of a ValidatingAdmissionPolicy must be unique. The key must be a qualified name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\nThe key is combined with the resource name of the ValidatingAdmissionPolicy to construct an audit annotation key: \"{ValidatingAdmissionPolicy name}/{key}\".\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy and the same audit annotation key, the annotation key will be identical. In this case, the first annotation written with the key will be included in the audit event and all subsequent annotations with the same key will be discarded.\n\nRequired.", + "action": { + "description": "action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). Valid options are Deny and Warn. When set to Deny, incompatible Objects will be rejected and not admitted to the cluster. When set to Warn, incompatible Objects will be allowed but a warning will be generated in the API response. This field is required.\n\nPossible enum values:\n - `\"Deny\"` means that incompatible CRDs will be rejected.\n - `\"Warn\"` means that incompatible CRDs will be allowed but a warning will be generated.", "type": "string", - "default": "" + "enum": [ + "Deny", + "Warn" + ] }, - "valueExpression": { - "description": "valueExpression represents the expression which is evaluated by CEL to produce an audit annotation value. The expression must evaluate to either a string or null value. If the expression evaluates to a string, the audit annotation is included with the string value. If the expression evaluates to null or empty string the audit annotation will be omitted. The valueExpression may be no longer than 5kb in length. If the result of the valueExpression is more than 10kb in length, it will be truncated to 10kb.\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an API request, then the valueExpression will be evaluated for each binding. All unique values produced by the valueExpressions will be joined together in a comma-separated list.\n\nRequired.", - "type": "string", - "default": "" - } - } - }, - "AvoidPods.v1.core.api.k8s.io": { - "description": "AvoidPods describes pods that should avoid this node. This is the value for a Node annotation with key scheduler.alpha.kubernetes.io/preferAvoidPods and will eventually become a field of NodeStatus.", - "type": "object", - "properties": { - "preferAvoidPods": { - "description": "Bounded-sized list of signatures of pods that should avoid this node, sorted in timestamp order from oldest to newest. Size of the slice is unspecified.", + "matchConditions": { + "description": "matchConditions defines the matchConditions field of the resulting ValidatingWebhookConfiguration. When present, must contain between 1 and 64 match conditions. When not specified, the webhook will match all requests according to its other selectors.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/PreferAvoidPodsEntry.v1.core.api.k8s.io" + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.MatchCondition" }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "AzureDiskVolumeSource.v1.core.api.k8s.io": { - "description": "AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.", - "type": "object", - "required": [ - "diskName", - "diskURI" - ], - "properties": { - "cachingMode": { - "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.\n\nPossible enum values:\n - `\"None\"`\n - `\"ReadOnly\"`\n - `\"ReadWrite\"`", - "type": "string", - "default": "ReadWrite", - "enum": [ - "None", - "ReadOnly", - "ReadWrite" - ] - }, - "diskName": { - "description": "diskName is the Name of the data disk in the blob storage", - "type": "string", - "default": "" - }, - "diskURI": { - "description": "diskURI is the URI of data disk in the blob storage", - "type": "string", - "default": "" - }, - "fsType": { - "description": "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string", - "default": "ext4" + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "kind": { - "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared\n\nPossible enum values:\n - `\"Dedicated\"`\n - `\"Managed\"`\n - `\"Shared\"`", - "type": "string", - "default": "Shared", - "enum": [ - "Dedicated", - "Managed", - "Shared" - ] + "namespaceSelector": { + "description": "namespaceSelector defines a label selector for namespaces. If defined, only objects in a namespace with matching labels will be subject to validation. When not specified, objects for validation will not be filtered by namespace.", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" }, - "readOnly": { - "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean", - "default": false + "objectSelector": { + "description": "objectSelector defines a label selector for objects. If defined, only objects with matching labels will be subject to validation. When not specified, objects for validation will not be filtered by label.", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" } } }, - "AzureFilePersistentVolumeSource.v1.core.api.k8s.io": { - "description": "AzureFile represents an Azure File Service mount on the host and bind mount to the pod.", + "com.github.openshift.api.apiextensions.v1alpha1.ObservedCRD": { + "description": "ObservedCRD contains information about the observed target CRD.", "type": "object", "required": [ - "secretName", - "shareName" + "uid", + "generation" ], "properties": { - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretName": { - "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", - "type": "string", - "default": "" + "generation": { + "description": "generation is the observed generation of the CRD. Must be a positive integer (minimum value of 1).", + "type": "integer", + "format": "int64" }, - "secretNamespace": { - "description": "secretNamespace is the namespace of the secret that contains Azure Storage Account Name and Key default is the same as the Pod", + "uid": { + "description": "uid is the uid of the observed CRD. Must be a valid UUID consisting of lowercase hexadecimal digits in 5 hyphenated blocks (8-4-4-4-12 format). Length must be between 1 and 36 characters.", "type": "string" - }, - "shareName": { - "description": "shareName is the azure Share Name", - "type": "string", - "default": "" - } - } - }, - "AzureFileVolumeSource.v1.core.api.k8s.io": { - "description": "AzureFile represents an Azure File Service mount on the host and bind mount to the pod.", - "type": "object", - "required": [ - "secretName", - "shareName" - ], - "properties": { - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretName": { - "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", - "type": "string", - "default": "" - }, - "shareName": { - "description": "shareName is the azure share Name", - "type": "string", - "default": "" } } }, - "Binding.v1.core.api.k8s.io": { - "description": "Binding ties one object to another; for example, a pod is bound to a node by a scheduler.", + "com.github.openshift.api.apiserver.v1.APIRequestCount": { + "description": "APIRequestCount tracks requests made to an API. The instance name must be of the form `resource.version.group`, matching the resource.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "target" + "spec" ], "properties": { "apiVersion": { @@ -518,491 +299,344 @@ "type": "string" }, "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "target": { - "description": "The target object that you want to bind to the standard object.", + "spec": { + "description": "spec defines the characteristics of the resource.", "default": {}, - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.APIRequestCountSpec" + }, + "status": { + "description": "status contains the observed state of the resource.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.APIRequestCountStatus" } } }, - "CSIPersistentVolumeSource.v1.core.api.k8s.io": { - "description": "Represents storage that is managed by an external CSI volume driver", + "com.github.openshift.api.apiserver.v1.APIRequestCountList": { + "description": "APIRequestCountList is a list of APIRequestCount resources.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "driver", - "volumeHandle" + "metadata", + "items" ], "properties": { - "controllerExpandSecretRef": { - "description": "controllerExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerExpandVolume call. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", - "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" - }, - "controllerPublishSecretRef": { - "description": "controllerPublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerPublishVolume and ControllerUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", - "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" - }, - "driver": { - "description": "driver is the name of the driver to use for this volume. Required.", - "type": "string", - "default": "" - }, - "fsType": { - "description": "fsType to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\".", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "nodeExpandSecretRef": { - "description": "nodeExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeExpandVolume call. This field is optional, may be omitted if no secret is required. If the secret object contains more than one secret, all secrets are passed.", - "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" - }, - "nodePublishSecretRef": { - "description": "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", - "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" - }, - "nodeStageSecretRef": { - "description": "nodeStageSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeStageVolume and NodeStageVolume and NodeUnstageVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", - "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" - }, - "readOnly": { - "description": "readOnly value to pass to ControllerPublishVolumeRequest. Defaults to false (read/write).", - "type": "boolean" - }, - "volumeAttributes": { - "description": "volumeAttributes of the volume to publish.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.APIRequestCount" } }, - "volumeHandle": { - "description": "volumeHandle is the unique volume name returned by the CSI volume plugin’s CreateVolume to refer to the volume on all subsequent calls. Required.", - "type": "string", - "default": "" - } - } - }, - "CSIVolumeSource.v1.core.api.k8s.io": { - "description": "Represents a source location of a volume to mount, managed by an external CSI driver", - "type": "object", - "required": [ - "driver" - ], - "properties": { - "driver": { - "description": "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.", - "type": "string", - "default": "" - }, - "fsType": { - "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "nodePublishSecretRef": { - "description": "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" - }, - "readOnly": { - "description": "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).", - "type": "boolean" - }, - "volumeAttributes": { - "description": "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "Capabilities.v1.core.api.k8s.io": { - "description": "Adds and removes POSIX capabilities from running containers.", + "com.github.openshift.api.apiserver.v1.APIRequestCountSpec": { "type": "object", "properties": { - "add": { - "description": "Added capabilities", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "drop": { - "description": "Removed capabilities", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "numberOfUsersToReport": { + "description": "numberOfUsersToReport is the number of users to include in the report. If unspecified or zero, the default is ten. This is default is subject to change.", + "type": "integer", + "format": "int64", + "default": 0 } } }, - "CephFSPersistentVolumeSource.v1.core.api.k8s.io": { - "description": "Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.", + "com.github.openshift.api.apiserver.v1.APIRequestCountStatus": { "type": "object", "required": [ - "monitors" + "requestCount" ], "properties": { - "monitors": { - "description": "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "conditions": { + "description": "conditions contains details of the current status of this API Resource.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "path": { - "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", - "type": "string" + "currentHour": { + "description": "currentHour contains request history for the current hour. This is porcelain to make the API easier to read by humans seeing if they addressed a problem. This field is reset on the hour.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.PerResourceAPIRequestLog" }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "boolean" + "last24h": { + "description": "last24h contains request history for the last 24 hours, indexed by the hour, so 12:00AM-12:59 is in index 0, 6am-6:59am is index 6, etc. The index of the current hour is updated live and then duplicated into the requestsLastHour field.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.PerResourceAPIRequestLog" + } }, - "secretFile": { - "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "removedInRelease": { + "description": "removedInRelease is when the API will be removed.", "type": "string" }, - "secretRef": { - "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" - }, - "user": { - "description": "user is Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "string" + "requestCount": { + "description": "requestCount is a sum of all requestCounts across all current hours, nodes, and users.", + "type": "integer", + "format": "int64", + "default": 0 } } }, - "CephFSVolumeSource.v1.core.api.k8s.io": { - "description": "Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.", + "com.github.openshift.api.apiserver.v1.PerNodeAPIRequestLog": { + "description": "PerNodeAPIRequestLog contains logs of requests to a certain node.", "type": "object", "required": [ - "monitors" + "nodeName", + "requestCount", + "byUser" ], "properties": { - "monitors": { - "description": "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "byUser": { + "description": "byUser contains request details by top .spec.numberOfUsersToReport users. Note that because in the case of an apiserver, restart the list of top users is determined on a best-effort basis, the list might be imprecise. In addition, some system users may be explicitly included in the list.", "type": "array", "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", - "type": "string" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "boolean" - }, - "secretFile": { - "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "string" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.PerUserAPIRequestCount" + } }, - "secretRef": { - "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + "nodeName": { + "description": "nodeName where the request are being handled.", + "type": "string", + "default": "" }, - "user": { - "description": "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "string" + "requestCount": { + "description": "requestCount is a sum of all requestCounts across all users, even those outside of the top 10 users.", + "type": "integer", + "format": "int64", + "default": 0 } } }, - "CinderPersistentVolumeSource.v1.core.api.k8s.io": { - "description": "Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.", + "com.github.openshift.api.apiserver.v1.PerResourceAPIRequestLog": { + "description": "PerResourceAPIRequestLog logs request for various nodes.", "type": "object", "required": [ - "volumeID" + "requestCount" ], "properties": { - "fsType": { - "description": "fsType Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is Optional: points to a secret object containing parameters used to connect to OpenStack.", - "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" + "byNode": { + "description": "byNode contains logs of requests per node.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.PerNodeAPIRequestLog" + } }, - "volumeID": { - "description": "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string", - "default": "" + "requestCount": { + "description": "requestCount is a sum of all requestCounts across nodes.", + "type": "integer", + "format": "int64", + "default": 0 } } }, - "CinderVolumeSource.v1.core.api.k8s.io": { - "description": "Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.", + "com.github.openshift.api.apiserver.v1.PerUserAPIRequestCount": { + "description": "PerUserAPIRequestCount contains logs of a user's requests.", "type": "object", "required": [ - "volumeID" + "username", + "userAgent", + "requestCount", + "byVerb" ], "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string" + "byVerb": { + "description": "byVerb details by verb.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.PerVerbAPIRequestCount" + } }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "boolean" + "requestCount": { + "description": "requestCount of requests by the user across all verbs.", + "type": "integer", + "format": "int64", + "default": 0 }, - "secretRef": { - "description": "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + "userAgent": { + "description": "userAgent that made the request. The same user often has multiple binaries which connect (pods with many containers). The different binaries will have different userAgents, but the same user. In addition, we have userAgents with version information embedded and the userName isn't likely to change.", + "type": "string", + "default": "" }, - "volumeID": { - "description": "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "username": { + "description": "username that made the request.", "type": "string", "default": "" } } }, - "ClientIPConfig.v1.core.api.k8s.io": { - "description": "ClientIPConfig represents the configurations of Client IP based session affinity.", + "com.github.openshift.api.apiserver.v1.PerVerbAPIRequestCount": { + "description": "PerVerbAPIRequestCount requestCounts requests by API request verb.", "type": "object", + "required": [ + "verb", + "requestCount" + ], "properties": { - "timeoutSeconds": { - "description": "timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == \"ClientIP\". Default value is 10800(for 3 hours).", + "requestCount": { + "description": "requestCount of requests for verb.", "type": "integer", - "format": "int32" - } - } - }, - "ClusterRole.v1.rbac.api.k8s.io": { - "description": "ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.", - "type": "object", - "properties": { - "aggregationRule": { - "description": "AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller.", - "$ref": "#/definitions/AggregationRule.v1.rbac.api.k8s.io" - }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "Standard object's metadata.", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "format": "int64", + "default": 0 }, - "rules": { - "description": "Rules holds all the PolicyRules for this ClusterRole", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/PolicyRule.v1.rbac.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "verb": { + "description": "verb of API request (get, list, create, etc...)", + "type": "string", + "default": "" } } }, - "ClusterRoleBinding.v1.rbac.api.k8s.io": { - "description": "ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, and adds who information via Subject.", + "com.github.openshift.api.apps.v1.CustomDeploymentStrategyParams": { + "description": "CustomDeploymentStrategyParams are the input to the Custom deployment strategy.", "type": "object", - "required": [ - "roleRef" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "Standard object's metadata.", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "roleRef": { - "description": "RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable.", - "default": {}, - "$ref": "#/definitions/RoleRef.v1.rbac.api.k8s.io" - }, - "subjects": { - "description": "Subjects holds references to the objects the role applies to.", + "command": { + "description": "command is optional and overrides CMD in the container Image.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/Subject.v1.rbac.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "ClusterRoleBindingList.v1.rbac.api.k8s.io": { - "description": "ClusterRoleBindingList is a collection of ClusterRoleBindings", - "type": "object", - "required": [ - "items" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "type": "string", + "default": "" + } }, - "items": { - "description": "Items is a list of ClusterRoleBindings", + "environment": { + "description": "environment holds the environment which will be given to the container for Image.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/ClusterRoleBinding.v1.rbac.api.k8s.io" + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "image": { + "description": "image specifies a container image which can carry out a deployment.", "type": "string" - }, - "metadata": { - "description": "Standard object's metadata.", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "ClusterRoleList.v1.rbac.api.k8s.io": { - "description": "ClusterRoleList is a collection of ClusterRoles", + "com.github.openshift.api.apps.v1.DeploymentCause": { + "description": "DeploymentCause captures information about a particular cause of a deployment.", "type": "object", "required": [ - "items" + "type" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "Items is a list of ClusterRoles", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/ClusterRole.v1.rbac.api.k8s.io" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "imageTrigger": { + "description": "imageTrigger contains the image trigger details, if this trigger was fired based on an image change", + "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentCauseImageTrigger" }, - "metadata": { - "description": "Standard object's metadata.", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "type": { + "description": "type of the trigger that resulted in the creation of a new deployment", + "type": "string", + "default": "" } } }, - "ClusterTrustBundleProjection.v1.core.api.k8s.io": { - "description": "ClusterTrustBundleProjection describes how to select a set of ClusterTrustBundle objects and project their contents into the pod filesystem.", + "com.github.openshift.api.apps.v1.DeploymentCauseImageTrigger": { + "description": "DeploymentCauseImageTrigger represents details about the cause of a deployment originating from an image change trigger", "type": "object", "required": [ - "path" + "from" ], "properties": { - "labelSelector": { - "description": "Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as \"match nothing\". If set but empty, interpreted as \"match everything\".", - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "name": { - "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector.", - "type": "string" - }, - "optional": { - "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles.", - "type": "boolean" - }, - "path": { - "description": "Relative path from the volume root to write the bundle.", - "type": "string", - "default": "" - }, - "signerName": { - "description": "Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated.", - "type": "string" + "from": { + "description": "from is a reference to the changed object which triggered a deployment. The field may have the kinds DockerImage, ImageStreamTag, or ImageStreamImage.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" } } }, - "ComponentCondition.v1.core.api.k8s.io": { - "description": "Information about the condition of a component.", + "com.github.openshift.api.apps.v1.DeploymentCondition": { + "description": "DeploymentCondition describes the state of a deployment config at a certain point.", "type": "object", "required": [ "type", "status" ], "properties": { - "error": { - "description": "Condition error code for a component. For example, a health check error code.", - "type": "string" + "lastTransitionTime": { + "description": "The last time the condition transitioned from one status to another.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "lastUpdateTime": { + "description": "The last time this condition was updated.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, "message": { - "description": "Message about the condition for a component. For example, information about a health check.", + "description": "A human readable message indicating details about the transition.", + "type": "string" + }, + "reason": { + "description": "The reason for the condition's last transition.", "type": "string" }, "status": { - "description": "Status of the condition for a component. Valid values for \"Healthy\": \"True\", \"False\", or \"Unknown\".", + "description": "status of the condition, one of True, False, Unknown.", "type": "string", "default": "" }, "type": { - "description": "Type of condition for a component. Valid value: \"Healthy\"", + "description": "type of deployment condition.", "type": "string", "default": "" } } }, - "ComponentStatus.v1.core.api.k8s.io": { - "description": "ComponentStatus (and ComponentStatusList) holds the cluster validation info. Deprecated: This API is deprecated in v1.19+", + "com.github.openshift.api.apps.v1.DeploymentConfig": { + "description": "Deployment Configs define the template for a pod and manages deploying new images or configuration changes. A single deployment configuration is usually analogous to a single micro-service. Can support many different deployment patterns, including full restart, customizable rolling updates, and fully custom behaviors, as well as pre- and post- deployment hooks. Each individual deployment is represented as a replication controller.\n\nA deployment is \"triggered\" when its configuration is changed or a tag in an Image Stream is changed. Triggers can be disabled to allow manual control over a deployment. The \"strategy\" determines how the deployment is carried out and may be changed at any time. The `latestVersion` field is updated when a new deployment is triggered by any means.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). Deprecated: Use deployments or other means for declarative updates for pods instead.", "type": "object", + "required": [ + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "conditions": { - "description": "List of component conditions observed", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/ComponentCondition.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec represents a desired deployment state and how to deploy to it.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentConfigSpec" + }, + "status": { + "description": "status represents the current deployment state.", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentConfigStatus" } } }, - "ComponentStatusList.v1.core.api.k8s.io": { - "description": "Status of all the conditions for the component as a list of ComponentStatus objects. Deprecated: This API is deprecated in v1.19+", + "com.github.openshift.api.apps.v1.DeploymentConfigList": { + "description": "DeploymentConfigList is a collection of deployment configs.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "items" @@ -1013,11 +647,11 @@ "type": "string" }, "items": { - "description": "List of ComponentStatus objects.", + "description": "items is a list of deployment configs", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/ComponentStatus.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentConfig" } }, "kind": { @@ -1025,1701 +659,1389 @@ "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "Condition.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", + "com.github.openshift.api.apps.v1.DeploymentConfigRollback": { + "description": "DeploymentConfigRollback provides the input to rollback generation.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "type", - "status", - "lastTransitionTime", - "reason", - "message" + "name", + "spec" ], "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "message": { - "description": "message is a human readable message indicating details about the transition. This may be an empty string.", - "type": "string", - "default": "" - }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", - "type": "integer", - "format": "int64" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", + "name": { + "description": "name of the deployment config that will be rolled back.", "type": "string", "default": "" }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "type": "string", - "default": "" + "spec": { + "description": "spec defines the options to rollback generation.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentConfigRollbackSpec" + }, + "updatedAnnotations": { + "description": "updatedAnnotations is a set of new annotations that will be added in the deployment config.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } } } }, - "ConfigMap.v1.core.api.k8s.io": { - "description": "ConfigMap holds configuration data for pods to consume.", + "com.github.openshift.api.apps.v1.DeploymentConfigRollbackSpec": { + "description": "DeploymentConfigRollbackSpec represents the options for rollback generation.", "type": "object", + "required": [ + "from", + "includeTriggers", + "includeTemplate", + "includeReplicationMeta", + "includeStrategy" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "from": { + "description": "from points to a ReplicationController which is a deployment.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" }, - "binaryData": { - "description": "BinaryData contains the binary data. Each key must consist of alphanumeric characters, '-', '_' or '.'. BinaryData can contain byte sequences that are not in the UTF-8 range. The keys stored in BinaryData must not overlap with the ones in the Data field, this is enforced during validation process. Using this field will require 1.10+ apiserver and kubelet.", - "type": "object", - "additionalProperties": { - "type": "string", - "format": "byte" - } + "includeReplicationMeta": { + "description": "includeReplicationMeta specifies whether to include the replica count and selector.", + "type": "boolean", + "default": false }, - "data": { - "description": "Data contains the configuration data. Each key must consist of alphanumeric characters, '-', '_' or '.'. Values with non-UTF-8 byte sequences must use the BinaryData field. The keys stored in Data must not overlap with the keys in the BinaryData field, this is enforced during validation process.", + "includeStrategy": { + "description": "includeStrategy specifies whether to include the deployment Strategy.", + "type": "boolean", + "default": false + }, + "includeTemplate": { + "description": "includeTemplate specifies whether to include the PodTemplateSpec.", + "type": "boolean", + "default": false + }, + "includeTriggers": { + "description": "includeTriggers specifies whether to include config Triggers.", + "type": "boolean", + "default": false + }, + "revision": { + "description": "revision to rollback to. If set to 0, rollback to the last revision.", + "type": "integer", + "format": "int64" + } + } + }, + "com.github.openshift.api.apps.v1.DeploymentConfigSpec": { + "description": "DeploymentConfigSpec represents the desired state of the deployment.", + "type": "object", + "properties": { + "minReadySeconds": { + "description": "minReadySeconds is the minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)", + "type": "integer", + "format": "int32" + }, + "paused": { + "description": "paused indicates that the deployment config is paused resulting in no new deployments on template changes or changes in the template caused by other triggers.", + "type": "boolean" + }, + "replicas": { + "description": "replicas is the number of desired replicas.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "revisionHistoryLimit": { + "description": "revisionHistoryLimit is the number of old ReplicationControllers to retain to allow for rollbacks. This field is a pointer to allow for differentiation between an explicit zero and not specified. Defaults to 10. (This only applies to DeploymentConfigs created via the new group API resource, not the legacy resource.)", + "type": "integer", + "format": "int32" + }, + "selector": { + "description": "selector is a label query over pods that should match the Replicas count.", "type": "object", "additionalProperties": { "type": "string", "default": "" } }, - "immutable": { - "description": "Immutable, if set to true, ensures that data stored in the ConfigMap cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil.", - "type": "boolean" + "strategy": { + "description": "strategy describes how a deployment is executed.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentStrategy" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "template": { + "description": "template is the object that describes the pod that will be created if insufficient replicas are detected.", + "$ref": "#/definitions/io.k8s.api.core.v1.PodTemplateSpec" }, - "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "test": { + "description": "test ensures that this deployment config will have zero replicas except while a deployment is running. This allows the deployment config to be used as a continuous deployment test - triggering on images, running the deployment, and then succeeding or failing. Post strategy hooks and After actions can be used to integrate successful deployment with an action.", + "type": "boolean", + "default": false + }, + "triggers": { + "description": "triggers determine how updates to a DeploymentConfig result in new deployments. If no triggers are defined, a new deployment can only occur as a result of an explicit client update to the DeploymentConfig with a new LatestVersion. If null, defaults to having a config change trigger.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentTriggerPolicy" + } } } }, - "ConfigMapEnvSource.v1.core.api.k8s.io": { - "description": "ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.\n\nThe contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.", + "com.github.openshift.api.apps.v1.DeploymentConfigStatus": { + "description": "DeploymentConfigStatus represents the current deployment state.", "type": "object", "properties": { - "name": { - "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string", - "default": "" + "availableReplicas": { + "description": "availableReplicas is the total number of available pods targeted by this deployment config.", + "type": "integer", + "format": "int32", + "default": 0 }, - "optional": { - "description": "Specify whether the ConfigMap must be defined", - "type": "boolean" + "conditions": { + "description": "conditions represents the latest available observations of a deployment config's current state.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentCondition" + }, + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, + "details": { + "description": "details are the reasons for the update to this deployment config. This could be based on a change made by the user or caused by an automatic trigger", + "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentDetails" + }, + "latestVersion": { + "description": "latestVersion is used to determine whether the current deployment associated with a deployment config is out of sync.", + "type": "integer", + "format": "int64", + "default": 0 + }, + "observedGeneration": { + "description": "observedGeneration is the most recent generation observed by the deployment config controller.", + "type": "integer", + "format": "int64", + "default": 0 + }, + "readyReplicas": { + "description": "Total number of ready pods targeted by this deployment.", + "type": "integer", + "format": "int32" + }, + "replicas": { + "description": "replicas is the total number of pods targeted by this deployment config.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "unavailableReplicas": { + "description": "unavailableReplicas is the total number of unavailable pods targeted by this deployment config.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "updatedReplicas": { + "description": "updatedReplicas is the total number of non-terminated pods targeted by this deployment config that have the desired template spec.", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "ConfigMapKeySelector.v1.core.api.k8s.io": { - "description": "Selects a key from a ConfigMap.", + "com.github.openshift.api.apps.v1.DeploymentDetails": { + "description": "DeploymentDetails captures information about the causes of a deployment.", "type": "object", "required": [ - "key" + "causes" ], "properties": { - "key": { - "description": "The key to select.", - "type": "string", - "default": "" - }, - "name": { - "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string", - "default": "" + "causes": { + "description": "causes are extended data associated with all the causes for creating a new deployment", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentCause" + } }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" + "message": { + "description": "message is the user specified change message, if this deployment was triggered manually by the user", + "type": "string" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "ConfigMapList.v1.core.api.k8s.io": { - "description": "ConfigMapList is a resource containing a list of ConfigMap objects.", + "com.github.openshift.api.apps.v1.DeploymentLog": { + "description": "DeploymentLog represents the logs for a deployment\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "items" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "Items is the list of ConfigMaps.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/ConfigMap.v1.core.api.k8s.io" - } - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - }, - "metadata": { - "description": "More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "ConfigMapNodeConfigSource.v1.core.api.k8s.io": { - "description": "ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration", + "com.github.openshift.api.apps.v1.DeploymentLogOptions": { + "description": "DeploymentLogOptions is the REST options for a deployment log\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "namespace", - "name", - "kubeletConfigKey" - ], "properties": { - "kubeletConfigKey": { - "description": "KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure This field is required in all cases.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "name": { - "description": "Name is the metadata.name of the referenced ConfigMap. This field is required in all cases.", - "type": "string", - "default": "" + "container": { + "description": "The container for which to stream logs. Defaults to only container if there is one container in the pod.", + "type": "string" }, - "namespace": { - "description": "Namespace is the metadata.namespace of the referenced ConfigMap. This field is required in all cases.", - "type": "string", - "default": "" + "follow": { + "description": "follow if true indicates that the build log should be streamed until the build terminates.", + "type": "boolean" }, - "resourceVersion": { - "description": "ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "uid": { - "description": "UID is the metadata.UID of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.", - "type": "string" + "limitBytes": { + "description": "If set, the number of bytes to read from the server before terminating the log output. This may not display a complete final line of logging, and may return slightly more or slightly less than the specified limit.", + "type": "integer", + "format": "int64" + }, + "nowait": { + "description": "nowait if true causes the call to return immediately even if the deployment is not available yet. Otherwise the server will wait until the deployment has started.", + "type": "boolean" + }, + "previous": { + "description": "Return previous deployment logs. Defaults to false.", + "type": "boolean" + }, + "sinceSeconds": { + "description": "A relative time in seconds before the current time from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", + "type": "integer", + "format": "int64" + }, + "sinceTime": { + "description": "An RFC3339 timestamp from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "tailLines": { + "description": "If set, the number of lines from the end of the logs to show. If not specified, logs are shown from the creation of the container or sinceSeconds or sinceTime", + "type": "integer", + "format": "int64" + }, + "timestamps": { + "description": "If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line of log output. Defaults to false.", + "type": "boolean" + }, + "version": { + "description": "version of the deployment for which to view logs.", + "type": "integer", + "format": "int64" } } }, - "ConfigMapProjection.v1.core.api.k8s.io": { - "description": "Adapts a ConfigMap into a projected volume.\n\nThe contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.", + "com.github.openshift.api.apps.v1.DeploymentRequest": { + "description": "DeploymentRequest is a request to a deployment config for a new deployment.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "name", + "latest", + "force" + ], "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "excludeTriggers": { + "description": "excludeTriggers instructs the instantiator to avoid processing the specified triggers. This field overrides the triggers from latest and allows clients to control specific logic. This field is ignored if not specified.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/KeyToPath.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "type": "string", + "default": "" + } + }, + "force": { + "description": "force will try to force a new deployment to run. If the deployment config is paused, then setting this to true will return an Invalid error.", + "type": "boolean", + "default": false + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "latest": { + "description": "latest will update the deployment config with the latest state from all triggers.", + "type": "boolean", + "default": false }, "name": { - "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "description": "name of the deployment config for requesting a new deployment.", "type": "string", "default": "" - }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" } } }, - "ConfigMapVolumeSource.v1.core.api.k8s.io": { - "description": "Adapts a ConfigMap into a volume.\n\nThe contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. ConfigMap volumes support ownership management and SELinux relabeling.", + "com.github.openshift.api.apps.v1.DeploymentStrategy": { + "description": "DeploymentStrategy describes how to perform a deployment.", "type": "object", "properties": { - "defaultMode": { - "description": "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "activeDeadlineSeconds": { + "description": "activeDeadlineSeconds is the duration in seconds that the deployer pods for this deployment config may be active on a node before the system actively tries to terminate them.", "type": "integer", - "format": "int32" + "format": "int64" }, - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/KeyToPath.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "annotations": { + "description": "annotations is a set of key, value pairs added to custom deployer and lifecycle pre/post hook pods.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } }, - "name": { - "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string", - "default": "" + "customParams": { + "description": "customParams are the input to the Custom deployment strategy, and may also be specified for the Recreate and Rolling strategies to customize the execution process that runs the deployment.", + "$ref": "#/definitions/com.github.openshift.api.apps.v1.CustomDeploymentStrategyParams" }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" + "labels": { + "description": "labels is a set of key, value pairs added to custom deployer and lifecycle pre/post hook pods.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "recreateParams": { + "description": "recreateParams are the input to the Recreate deployment strategy.", + "$ref": "#/definitions/com.github.openshift.api.apps.v1.RecreateDeploymentStrategyParams" + }, + "resources": { + "description": "resources contains resource requirements to execute the deployment and any hooks.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" + }, + "rollingParams": { + "description": "rollingParams are the input to the Rolling deployment strategy.", + "$ref": "#/definitions/com.github.openshift.api.apps.v1.RollingDeploymentStrategyParams" + }, + "type": { + "description": "type is the name of a deployment strategy.", + "type": "string" } } }, - "Container.v1.core.api.k8s.io": { - "description": "A single application container that you want to run within a pod.", + "com.github.openshift.api.apps.v1.DeploymentTriggerImageChangeParams": { + "description": "DeploymentTriggerImageChangeParams represents the parameters to the ImageChange trigger.", "type": "object", "required": [ - "name" + "from" ], "properties": { - "args": { - "description": "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "automatic": { + "description": "automatic means that the detection of a new tag value should result in an image update inside the pod template.", + "type": "boolean" + }, + "containerNames": { + "description": "containerNames is used to restrict tag updates to the specified set of container names in a pod. If multiple triggers point to the same containers, the resulting behavior is undefined. Future API versions will make this a validation error. If ContainerNames does not point to a valid container, the trigger will be ignored. Future API versions will make this a validation error.", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } + }, + "from": { + "description": "from is a reference to an image stream tag to watch for changes. From.Name is the only required subfield - if From.Namespace is blank, the namespace of the current deployment trigger will be used.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + }, + "lastTriggeredImage": { + "description": "lastTriggeredImage is the last image to be triggered.", + "type": "string" + } + } + }, + "com.github.openshift.api.apps.v1.DeploymentTriggerPolicy": { + "description": "DeploymentTriggerPolicy describes a policy for a single trigger that results in a new deployment.", + "type": "object", + "properties": { + "imageChangeParams": { + "description": "imageChangeParams represents the parameters for the ImageChange trigger.", + "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentTriggerImageChangeParams" }, + "type": { + "description": "type of the trigger", + "type": "string" + } + } + }, + "com.github.openshift.api.apps.v1.ExecNewPodHook": { + "description": "ExecNewPodHook is a hook implementation which runs a command in a new pod based on the specified container which is assumed to be part of the deployment template.", + "type": "object", + "required": [ + "command", + "containerName" + ], + "properties": { "command": { - "description": "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "description": "command is the action command and its arguments.", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } + }, + "containerName": { + "description": "containerName is the name of a container in the deployment pod template whose container image will be used for the hook pod's container.", + "type": "string", + "default": "" }, "env": { - "description": "List of environment variables to set in the container. Cannot be updated.", + "description": "env is a set of environment variables to supply to the hook pod's container.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + } }, - "envFrom": { - "description": "List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", + "volumes": { + "description": "volumes is a list of named volumes from the pod template which should be copied to the hook pod. Volumes names not found in pod spec are ignored. An empty list means no volumes will be copied.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/EnvFromSource.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" - }, - "image": { - "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", - "type": "string" - }, - "imagePullPolicy": { - "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images\n\nPossible enum values:\n - `\"Always\"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.\n - `\"IfNotPresent\"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.\n - `\"Never\"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present", - "type": "string", - "enum": [ - "Always", - "IfNotPresent", - "Never" - ] - }, - "lifecycle": { - "description": "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", - "$ref": "#/definitions/Lifecycle.v1.core.api.k8s.io" - }, - "livenessProbe": { - "description": "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "$ref": "#/definitions/Probe.v1.core.api.k8s.io" + "type": "string", + "default": "" + } + } + } + }, + "com.github.openshift.api.apps.v1.LifecycleHook": { + "description": "LifecycleHook defines a specific deployment lifecycle action. Only one type of action may be specified at any time.", + "type": "object", + "required": [ + "failurePolicy" + ], + "properties": { + "execNewPod": { + "description": "execNewPod specifies the options for a lifecycle hook backed by a pod.", + "$ref": "#/definitions/com.github.openshift.api.apps.v1.ExecNewPodHook" }, - "name": { - "description": "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", + "failurePolicy": { + "description": "failurePolicy specifies what action to take if the hook fails.", "type": "string", "default": "" }, - "ports": { - "description": "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/ContainerPort.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "containerPort", - "x-kubernetes-patch-strategy": "merge" - }, - "readinessProbe": { - "description": "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "$ref": "#/definitions/Probe.v1.core.api.k8s.io" - }, - "resizePolicy": { - "description": "Resources resize policy for the container. This field cannot be set on ephemeral containers.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/ContainerResizePolicy.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" - }, - "resources": { - "description": "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "default": {}, - "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" - }, - "restartPolicy": { - "description": "RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.", - "type": "string" - }, - "restartPolicyRules": { - "description": "Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy.", + "tagImages": { + "description": "tagImages instructs the deployer to tag the current image referenced under a container onto an image stream tag.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/ContainerRestartRule.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" - }, - "securityContext": { - "description": "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", - "$ref": "#/definitions/SecurityContext.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.apps.v1.TagImageHook" + } + } + } + }, + "com.github.openshift.api.apps.v1.RecreateDeploymentStrategyParams": { + "description": "RecreateDeploymentStrategyParams are the input to the Recreate deployment strategy.", + "type": "object", + "properties": { + "mid": { + "description": "mid is a lifecycle hook which is executed while the deployment is scaled down to zero before the first new pod is created. All LifecycleHookFailurePolicy values are supported.", + "$ref": "#/definitions/com.github.openshift.api.apps.v1.LifecycleHook" }, - "startupProbe": { - "description": "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "$ref": "#/definitions/Probe.v1.core.api.k8s.io" + "post": { + "description": "post is a lifecycle hook which is executed after the strategy has finished all deployment logic. All LifecycleHookFailurePolicy values are supported.", + "$ref": "#/definitions/com.github.openshift.api.apps.v1.LifecycleHook" }, - "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", - "type": "boolean" + "pre": { + "description": "pre is a lifecycle hook which is executed before the strategy manipulates the deployment. All LifecycleHookFailurePolicy values are supported.", + "$ref": "#/definitions/com.github.openshift.api.apps.v1.LifecycleHook" }, - "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", - "type": "boolean" + "timeoutSeconds": { + "description": "timeoutSeconds is the time to wait for updates before giving up. If the value is nil, a default will be used.", + "type": "integer", + "format": "int64" + } + } + }, + "com.github.openshift.api.apps.v1.RollingDeploymentStrategyParams": { + "description": "RollingDeploymentStrategyParams are the input to the Rolling deployment strategy.", + "type": "object", + "properties": { + "intervalSeconds": { + "description": "intervalSeconds is the time to wait between polling deployment status after update. If the value is nil, a default will be used.", + "type": "integer", + "format": "int64" }, - "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", - "type": "string" + "maxSurge": { + "description": "maxSurge is the maximum number of pods that can be scheduled above the original number of pods. Value can be an absolute number (ex: 5) or a percentage of total pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up.\n\nThis cannot be 0 if MaxUnavailable is 0. By default, 25% is used.\n\nExample: when this is set to 30%, the new RC can be scaled up by 30% immediately when the rolling update starts. Once old pods have been killed, new RC can be scaled up further, ensuring that total number of pods running at any time during the update is atmost 130% of original pods.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" }, - "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.\n\nPossible enum values:\n - `\"FallbackToLogsOnError\"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.\n - `\"File\"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.", - "type": "string", - "enum": [ - "FallbackToLogsOnError", - "File" - ] + "maxUnavailable": { + "description": "maxUnavailable is the maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total pods at the start of update (ex: 10%). Absolute number is calculated from percentage by rounding down.\n\nThis cannot be 0 if MaxSurge is 0. By default, 25% is used.\n\nExample: when this is set to 30%, the old RC can be scaled down by 30% immediately when the rolling update starts. Once new pods are ready, old RC can be scaled down further, followed by scaling up the new RC, ensuring that at least 70% of original number of pods are available at all times during the update.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" }, - "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", - "type": "boolean" + "post": { + "description": "post is a lifecycle hook which is executed after the strategy has finished all deployment logic. All LifecycleHookFailurePolicy values are supported.", + "$ref": "#/definitions/com.github.openshift.api.apps.v1.LifecycleHook" }, - "volumeDevices": { - "description": "volumeDevices is the list of block devices to be used by the container.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/VolumeDevice.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "devicePath" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "devicePath", - "x-kubernetes-patch-strategy": "merge" + "pre": { + "description": "pre is a lifecycle hook which is executed before the deployment process begins. All LifecycleHookFailurePolicy values are supported.", + "$ref": "#/definitions/com.github.openshift.api.apps.v1.LifecycleHook" }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem. Cannot be updated.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/VolumeMount.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "mountPath", - "x-kubernetes-patch-strategy": "merge" + "timeoutSeconds": { + "description": "timeoutSeconds is the time to wait for updates before giving up. If the value is nil, a default will be used.", + "type": "integer", + "format": "int64" }, - "workingDir": { - "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", - "type": "string" + "updatePeriodSeconds": { + "description": "updatePeriodSeconds is the time to wait between individual pod updates. If the value is nil, a default will be used.", + "type": "integer", + "format": "int64" } } }, - "ContainerExtendedResourceRequest.v1.core.api.k8s.io": { - "description": "ContainerExtendedResourceRequest has the mapping of container name, extended resource name to the device request name.", + "com.github.openshift.api.apps.v1.TagImageHook": { + "description": "TagImageHook is a request to tag the image in a particular container onto an ImageStreamTag.", "type": "object", "required": [ "containerName", - "resourceName", - "requestName" + "to" ], "properties": { "containerName": { - "description": "The name of the container requesting resources.", - "type": "string", - "default": "" - }, - "requestName": { - "description": "The name of the request in the special ResourceClaim which corresponds to the extended resource.", - "type": "string", - "default": "" - }, - "resourceName": { - "description": "The name of the extended resource in that container which gets backed by DRA.", + "description": "containerName is the name of a container in the deployment config whose image value will be used as the source of the tag. If there is only a single container this value will be defaulted to the name of that container.", "type": "string", "default": "" - } - } - }, - "ContainerImage.v1.core.api.k8s.io": { - "description": "Describe a container image", - "type": "object", - "properties": { - "names": { - "description": "Names by which this image is known. e.g. [\"kubernetes.example/hyperkube:v1.0.7\", \"cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7\"]", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" }, - "sizeBytes": { - "description": "The size of the image in bytes.", - "type": "integer", - "format": "int64" + "to": { + "description": "to is the target ImageStreamTag to set the container's image onto.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" } } }, - "ContainerPort.v1.core.api.k8s.io": { - "description": "ContainerPort represents a network port in a single container.", + "com.github.openshift.api.authorization.v1.Action": { + "description": "Action describes a request to the API server", "type": "object", "required": [ - "containerPort" + "namespace", + "verb", + "resourceAPIGroup", + "resourceAPIVersion", + "resource", + "resourceName", + "path", + "isNonResourceURL" ], "properties": { - "containerPort": { - "description": "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.", - "type": "integer", - "format": "int32", - "default": 0 + "content": { + "description": "content is the actual content of the request for create and update", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "hostIP": { - "description": "What host IP to bind the external port to.", - "type": "string" + "isNonResourceURL": { + "description": "isNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hierarchy)", + "type": "boolean", + "default": false }, - "hostPort": { - "description": "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", - "type": "integer", - "format": "int32" + "namespace": { + "description": "namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces", + "type": "string", + "default": "" }, - "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", - "type": "string" + "path": { + "description": "path is the path of a non resource URL", + "type": "string", + "default": "" }, - "protocol": { - "description": "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".\n\nPossible enum values:\n - `\"SCTP\"` is the SCTP protocol.\n - `\"TCP\"` is the TCP protocol.\n - `\"UDP\"` is the UDP protocol.", + "resource": { + "description": "resource is one of the existing resource types", "type": "string", - "default": "TCP", - "enum": [ - "SCTP", - "TCP", - "UDP" - ] - } - } - }, - "ContainerResizePolicy.v1.core.api.k8s.io": { - "description": "ContainerResizePolicy represents resource resize policy for the container.", - "type": "object", - "required": [ - "resourceName", - "restartPolicy" - ], - "properties": { + "default": "" + }, + "resourceAPIGroup": { + "description": "Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined", + "type": "string", + "default": "" + }, + "resourceAPIVersion": { + "description": "Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined", + "type": "string", + "default": "" + }, "resourceName": { - "description": "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.", + "description": "resourceName is the name of the resource being requested for a \"get\" or deleted for a \"delete\"", "type": "string", "default": "" }, - "restartPolicy": { - "description": "Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.", + "verb": { + "description": "verb is one of: get, list, watch, create, update, delete", "type": "string", "default": "" } } }, - "ContainerRestartRule.v1.core.api.k8s.io": { - "description": "ContainerRestartRule describes how a container exit is handled.", + "com.github.openshift.api.authorization.v1.ClusterRole": { + "description": "ClusterRole is a logical grouping of PolicyRules that can be referenced as a unit by ClusterRoleBindings.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "action" + "rules" ], "properties": { - "action": { - "description": "Specifies the action taken on a container exit if the requirements are satisfied. The only possible value is \"Restart\" to restart the container.", + "aggregationRule": { + "description": "aggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller.", + "$ref": "#/definitions/io.k8s.api.rbac.v1.AggregationRule" + }, + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "exitCodes": { - "description": "Represents the exit codes to check on container exits.", - "$ref": "#/definitions/ContainerRestartRuleOnExitCodes.v1.core.api.k8s.io" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "rules": { + "description": "rules holds all the PolicyRules for this ClusterRole", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.PolicyRule" + } } } }, - "ContainerRestartRuleOnExitCodes.v1.core.api.k8s.io": { - "description": "ContainerRestartRuleOnExitCodes describes the condition for handling an exited container based on its exit codes.", + "com.github.openshift.api.authorization.v1.ClusterRoleBinding": { + "description": "ClusterRoleBinding references a ClusterRole, but not contain it. It can reference any ClusterRole in the same namespace or in the global namespace. It adds who information via (Users and Groups) OR Subjects and namespace information by which namespace it exists in. ClusterRoleBindings in a given namespace only have effect in that namespace (excepting the master namespace which has power in all namespaces).\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "operator" + "subjects", + "roleRef" ], "properties": { - "operator": { - "description": "Represents the relationship between the container exit code(s) and the specified values. Possible values are: - In: the requirement is satisfied if the container exit code is in the\n set of specified values.\n- NotIn: the requirement is satisfied if the container exit code is\n not in the set of specified values.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "values": { - "description": "Specifies the set of values to check for container exit codes. At most 255 elements are allowed.", + "groupNames": { + "description": "groupNames holds all the groups directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.", "type": "array", "items": { - "type": "integer", - "format": "int32", - "default": 0 - }, - "x-kubernetes-list-type": "set" - } - } - }, - "ContainerState.v1.core.api.k8s.io": { - "description": "ContainerState holds a possible state of container. Only one of its members may be specified. If none of them is specified, the default one is ContainerStateWaiting.", - "type": "object", - "properties": { - "running": { - "description": "Details about a running container", - "$ref": "#/definitions/ContainerStateRunning.v1.core.api.k8s.io" + "type": "string", + "default": "" + } }, - "terminated": { - "description": "Details about a terminated container", - "$ref": "#/definitions/ContainerStateTerminated.v1.core.api.k8s.io" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "waiting": { - "description": "Details about a waiting container", - "$ref": "#/definitions/ContainerStateWaiting.v1.core.api.k8s.io" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "roleRef": { + "description": "roleRef can only reference the current namespace and the global namespace. If the ClusterRoleRef cannot be resolved, the Authorizer must return an error. Since Policy is a singleton, this is sufficient knowledge to locate a role.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + }, + "subjects": { + "description": "subjects hold object references to authorize with this rule. This field is ignored if UserNames or GroupNames are specified to support legacy clients and servers. Thus newer clients that do not need to support backwards compatibility should send only fully qualified Subjects and should omit the UserNames and GroupNames fields. Clients that need to support backwards compatibility can use this field to build the UserNames and GroupNames.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + } + }, + "userNames": { + "description": "userNames holds all the usernames directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "ContainerStateRunning.v1.core.api.k8s.io": { - "description": "ContainerStateRunning is a running state of a container.", + "com.github.openshift.api.authorization.v1.ClusterRoleBindingList": { + "description": "ClusterRoleBindingList is a collection of ClusterRoleBindings\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "items" + ], "properties": { - "startedAt": { - "description": "Time at which the container was last (re-)started", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is a list of ClusterRoleBindings", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.ClusterRoleBinding" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "ContainerStateTerminated.v1.core.api.k8s.io": { - "description": "ContainerStateTerminated is a terminated state of a container.", + "com.github.openshift.api.authorization.v1.ClusterRoleList": { + "description": "ClusterRoleList is a collection of ClusterRoles\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "exitCode" + "items" ], "properties": { - "containerID": { - "description": "Container's ID in the format '://'", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "exitCode": { - "description": "Exit status from the last termination of the container", - "type": "integer", - "format": "int32", - "default": 0 - }, - "finishedAt": { - "description": "Time at which the container last terminated", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "message": { - "description": "Message regarding the last termination of the container", - "type": "string" + "items": { + "description": "items is a list of ClusterRoles", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.ClusterRole" + } }, - "reason": { - "description": "(brief) reason from the last termination of the container", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "signal": { - "description": "Signal from the last termination of the container", - "type": "integer", - "format": "int32" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + } + }, + "com.github.openshift.api.authorization.v1.GroupRestriction": { + "description": "GroupRestriction matches a group either by a string match on the group name or a label selector applied to group labels.", + "type": "object", + "required": [ + "groups", + "labels" + ], + "properties": { + "groups": { + "description": "groups is a list of groups used to match against an individual user's groups. If the user is a member of one of the whitelisted groups, the user is allowed to be bound to a role.", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "startedAt": { - "description": "Time at which previous execution of the container started", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "labels": { + "description": "Selectors specifies a list of label selectors over group labels.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + } } } }, - "ContainerStateWaiting.v1.core.api.k8s.io": { - "description": "ContainerStateWaiting is a waiting state of a container.", + "com.github.openshift.api.authorization.v1.IsPersonalSubjectAccessReview": { + "description": "IsPersonalSubjectAccessReview is a marker for PolicyRule.AttributeRestrictions that denotes that subjectaccessreviews on self should be allowed\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "properties": { - "message": { - "description": "Message regarding why the container is not yet running.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "reason": { - "description": "(brief) reason the container is not yet running.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" } } }, - "ContainerStatus.v1.core.api.k8s.io": { - "description": "ContainerStatus contains details for the current status of this container.", + "com.github.openshift.api.authorization.v1.LocalResourceAccessReview": { + "description": "LocalResourceAccessReview is a means to request a list of which users and groups are authorized to perform the action specified by spec in a particular namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "name", - "ready", - "restartCount", - "image", - "imageID" + "namespace", + "verb", + "resourceAPIGroup", + "resourceAPIVersion", + "resource", + "resourceName", + "path", + "isNonResourceURL" ], "properties": { - "allocatedResources": { - "description": "AllocatedResources represents the compute resources allocated for this container by the node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission and after successfully admitting desired pod resize.", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" - } + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "allocatedResourcesStatus": { - "description": "AllocatedResourcesStatus represents the status of various resources allocated for this Pod.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/ResourceStatus.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" + "content": { + "description": "content is the actual content of the request for create and update", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "containerID": { - "description": "ContainerID is the ID of the container in the format '://'. Where type is a container runtime identifier, returned from Version call of CRI API (for example \"containerd\").", + "isNonResourceURL": { + "description": "isNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hierarchy)", + "type": "boolean", + "default": false + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "image": { - "description": "Image is the name of container image that the container is running. The container image may not match the image used in the PodSpec, as it may have been resolved by the runtime. More info: https://kubernetes.io/docs/concepts/containers/images.", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "namespace": { + "description": "namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces", "type": "string", "default": "" }, - "imageID": { - "description": "ImageID is the image ID of the container's image. The image ID may not match the image ID of the image used in the PodSpec, as it may have been resolved by the runtime.", + "path": { + "description": "path is the path of a non resource URL", "type": "string", "default": "" }, - "lastState": { - "description": "LastTerminationState holds the last termination state of the container to help debug container crashes and restarts. This field is not populated if the container is still running and RestartCount is 0.", - "default": {}, - "$ref": "#/definitions/ContainerState.v1.core.api.k8s.io" - }, - "name": { - "description": "Name is a DNS_LABEL representing the unique name of the container. Each container in a pod must have a unique name across all container types. Cannot be updated.", + "resource": { + "description": "resource is one of the existing resource types", "type": "string", "default": "" }, - "ready": { - "description": "Ready specifies whether the container is currently passing its readiness check. The value will change as readiness probes keep executing. If no readiness probes are specified, this field defaults to true once the container is fully started (see Started field).\n\nThe value is typically used to determine whether a container is ready to accept traffic.", - "type": "boolean", - "default": false - }, - "resources": { - "description": "Resources represents the compute resource requests and limits that have been successfully enacted on the running container after it has been started or has been successfully resized.", - "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" - }, - "restartCount": { - "description": "RestartCount holds the number of times the container has been restarted. Kubelet makes an effort to always increment the value, but there are cases when the state may be lost due to node restarts and then the value may be reset to 0. The value is never negative.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "started": { - "description": "Started indicates whether the container has finished its postStart lifecycle hook and passed its startup probe. Initialized as false, becomes true after startupProbe is considered successful. Resets to false when the container is restarted, or if kubelet loses state temporarily. In both cases, startup probes will run again. Is always true when no startupProbe is defined and container is running and has passed the postStart lifecycle hook. The null value must be treated the same as false.", - "type": "boolean" - }, - "state": { - "description": "State holds details about the container's current condition.", - "default": {}, - "$ref": "#/definitions/ContainerState.v1.core.api.k8s.io" + "resourceAPIGroup": { + "description": "Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined", + "type": "string", + "default": "" }, - "stopSignal": { - "description": "StopSignal reports the effective stop signal for this container\n\nPossible enum values:\n - `\"SIGABRT\"`\n - `\"SIGALRM\"`\n - `\"SIGBUS\"`\n - `\"SIGCHLD\"`\n - `\"SIGCLD\"`\n - `\"SIGCONT\"`\n - `\"SIGFPE\"`\n - `\"SIGHUP\"`\n - `\"SIGILL\"`\n - `\"SIGINT\"`\n - `\"SIGIO\"`\n - `\"SIGIOT\"`\n - `\"SIGKILL\"`\n - `\"SIGPIPE\"`\n - `\"SIGPOLL\"`\n - `\"SIGPROF\"`\n - `\"SIGPWR\"`\n - `\"SIGQUIT\"`\n - `\"SIGRTMAX\"`\n - `\"SIGRTMAX-1\"`\n - `\"SIGRTMAX-10\"`\n - `\"SIGRTMAX-11\"`\n - `\"SIGRTMAX-12\"`\n - `\"SIGRTMAX-13\"`\n - `\"SIGRTMAX-14\"`\n - `\"SIGRTMAX-2\"`\n - `\"SIGRTMAX-3\"`\n - `\"SIGRTMAX-4\"`\n - `\"SIGRTMAX-5\"`\n - `\"SIGRTMAX-6\"`\n - `\"SIGRTMAX-7\"`\n - `\"SIGRTMAX-8\"`\n - `\"SIGRTMAX-9\"`\n - `\"SIGRTMIN\"`\n - `\"SIGRTMIN+1\"`\n - `\"SIGRTMIN+10\"`\n - `\"SIGRTMIN+11\"`\n - `\"SIGRTMIN+12\"`\n - `\"SIGRTMIN+13\"`\n - `\"SIGRTMIN+14\"`\n - `\"SIGRTMIN+15\"`\n - `\"SIGRTMIN+2\"`\n - `\"SIGRTMIN+3\"`\n - `\"SIGRTMIN+4\"`\n - `\"SIGRTMIN+5\"`\n - `\"SIGRTMIN+6\"`\n - `\"SIGRTMIN+7\"`\n - `\"SIGRTMIN+8\"`\n - `\"SIGRTMIN+9\"`\n - `\"SIGSEGV\"`\n - `\"SIGSTKFLT\"`\n - `\"SIGSTOP\"`\n - `\"SIGSYS\"`\n - `\"SIGTERM\"`\n - `\"SIGTRAP\"`\n - `\"SIGTSTP\"`\n - `\"SIGTTIN\"`\n - `\"SIGTTOU\"`\n - `\"SIGURG\"`\n - `\"SIGUSR1\"`\n - `\"SIGUSR2\"`\n - `\"SIGVTALRM\"`\n - `\"SIGWINCH\"`\n - `\"SIGXCPU\"`\n - `\"SIGXFSZ\"`", + "resourceAPIVersion": { + "description": "Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined", "type": "string", - "enum": [ - "SIGABRT", - "SIGALRM", - "SIGBUS", - "SIGCHLD", - "SIGCLD", - "SIGCONT", - "SIGFPE", - "SIGHUP", - "SIGILL", - "SIGINT", - "SIGIO", - "SIGIOT", - "SIGKILL", - "SIGPIPE", - "SIGPOLL", - "SIGPROF", - "SIGPWR", - "SIGQUIT", - "SIGRTMAX", - "SIGRTMAX-1", - "SIGRTMAX-10", - "SIGRTMAX-11", - "SIGRTMAX-12", - "SIGRTMAX-13", - "SIGRTMAX-14", - "SIGRTMAX-2", - "SIGRTMAX-3", - "SIGRTMAX-4", - "SIGRTMAX-5", - "SIGRTMAX-6", - "SIGRTMAX-7", - "SIGRTMAX-8", - "SIGRTMAX-9", - "SIGRTMIN", - "SIGRTMIN+1", - "SIGRTMIN+10", - "SIGRTMIN+11", - "SIGRTMIN+12", - "SIGRTMIN+13", - "SIGRTMIN+14", - "SIGRTMIN+15", - "SIGRTMIN+2", - "SIGRTMIN+3", - "SIGRTMIN+4", - "SIGRTMIN+5", - "SIGRTMIN+6", - "SIGRTMIN+7", - "SIGRTMIN+8", - "SIGRTMIN+9", - "SIGSEGV", - "SIGSTKFLT", - "SIGSTOP", - "SIGSYS", - "SIGTERM", - "SIGTRAP", - "SIGTSTP", - "SIGTTIN", - "SIGTTOU", - "SIGURG", - "SIGUSR1", - "SIGUSR2", - "SIGVTALRM", - "SIGWINCH", - "SIGXCPU", - "SIGXFSZ" - ] + "default": "" }, - "user": { - "description": "User represents user identity information initially attached to the first process of the container", - "$ref": "#/definitions/ContainerUser.v1.core.api.k8s.io" + "resourceName": { + "description": "resourceName is the name of the resource being requested for a \"get\" or deleted for a \"delete\"", + "type": "string", + "default": "" }, - "volumeMounts": { - "description": "Status of volume mounts.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/VolumeMountStatus.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "mountPath", - "x-kubernetes-patch-strategy": "merge" - } - } - }, - "ContainerUser.v1.core.api.k8s.io": { - "description": "ContainerUser represents user identity information", - "type": "object", - "properties": { - "linux": { - "description": "Linux holds user identity information initially attached to the first process of the containers in Linux. Note that the actual running identity can be changed if the process has enough privilege to do so.", - "$ref": "#/definitions/LinuxContainerUser.v1.core.api.k8s.io" + "verb": { + "description": "verb is one of: get, list, watch, create, update, delete", + "type": "string", + "default": "" } } }, - "CreateOptions.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "CreateOptions may be provided when creating an API object.", + "com.github.openshift.api.authorization.v1.LocalSubjectAccessReview": { + "description": "LocalSubjectAccessReview is an object for requesting information about whether a user or group can perform an action in a particular namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "namespace", + "verb", + "resourceAPIGroup", + "resourceAPIVersion", + "resource", + "resourceName", + "path", + "isNonResourceURL", + "user", + "groups", + "scopes" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "dryRun": { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "content": { + "description": "content is the actual content of the request for create and update", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + }, + "groups": { + "description": "groups is optional. Groups is the list of groups to which the User belongs.", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "fieldManager": { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "type": "string" + } }, - "fieldValidation": { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "type": "string" + "isNonResourceURL": { + "description": "isNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hierarchy)", + "type": "boolean", + "default": false }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - } - } - }, - "DaemonEndpoint.v1.core.api.k8s.io": { - "description": "DaemonEndpoint contains information about a single Daemon endpoint.", - "type": "object", - "required": [ - "Port" - ], - "properties": { - "Port": { - "description": "Port number of the given endpoint.", - "type": "integer", - "format": "int32", - "default": 0 - } - } - }, - "DeleteOptions.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "DeleteOptions may be provided when deleting an API object.", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" }, - "dryRun": { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "gracePeriodSeconds": { - "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", - "type": "integer", - "format": "int64" + "namespace": { + "description": "namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces", + "type": "string", + "default": "" }, - "ignoreStoreReadErrorWithClusterBreakingPotential": { - "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", - "type": "boolean" + "path": { + "description": "path is the path of a non resource URL", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "resource": { + "description": "resource is one of the existing resource types", + "type": "string", + "default": "" }, - "orphanDependents": { - "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", - "type": "boolean" + "resourceAPIGroup": { + "description": "Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined", + "type": "string", + "default": "" }, - "preconditions": { - "description": "Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be returned.", - "$ref": "#/definitions/Preconditions.v1.meta.apis.pkg.apimachinery.k8s.io" + "resourceAPIVersion": { + "description": "Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined", + "type": "string", + "default": "" }, - "propagationPolicy": { - "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", - "type": "string" - } - } - }, - "DownwardAPIProjection.v1.core.api.k8s.io": { - "description": "Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode.", - "type": "object", - "properties": { - "items": { - "description": "Items is a list of DownwardAPIVolume file", + "resourceName": { + "description": "resourceName is the name of the resource being requested for a \"get\" or deleted for a \"delete\"", + "type": "string", + "default": "" + }, + "scopes": { + "description": "scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\". Nil for a self-SAR, means \"use the scopes on this request\". Nil for a regular SAR, means the same as empty.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/DownwardAPIVolumeFile.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "type": "string", + "default": "" + } + }, + "user": { + "description": "user is optional. If both User and Groups are empty, the current authenticated user is used.", + "type": "string", + "default": "" + }, + "verb": { + "description": "verb is one of: get, list, watch, create, update, delete", + "type": "string", + "default": "" } } }, - "DownwardAPIVolumeFile.v1.core.api.k8s.io": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "com.github.openshift.api.authorization.v1.NamedClusterRole": { + "description": "NamedClusterRole relates a name with a cluster role", "type": "object", "required": [ - "path" + "name", + "role" ], "properties": { - "fieldRef": { - "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", - "$ref": "#/definitions/ObjectFieldSelector.v1.core.api.k8s.io" - }, - "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" - }, - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", + "name": { + "description": "name is the name of the cluster role", "type": "string", "default": "" }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", - "$ref": "#/definitions/ResourceFieldSelector.v1.core.api.k8s.io" + "role": { + "description": "role is the cluster role being named", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.ClusterRole" } } }, - "DownwardAPIVolumeSource.v1.core.api.k8s.io": { - "description": "DownwardAPIVolumeSource represents a volume containing downward API info. Downward API volumes support ownership management and SELinux relabeling.", + "com.github.openshift.api.authorization.v1.NamedClusterRoleBinding": { + "description": "NamedClusterRoleBinding relates a name with a cluster role binding", "type": "object", + "required": [ + "name", + "roleBinding" + ], "properties": { - "defaultMode": { - "description": "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" + "name": { + "description": "name is the name of the cluster role binding", + "type": "string", + "default": "" }, - "items": { - "description": "Items is a list of downward API volume file", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/DownwardAPIVolumeFile.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "roleBinding": { + "description": "roleBinding is the cluster role binding being named", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.ClusterRoleBinding" } } }, - "Duration.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "Duration is a wrapper around time.Duration which supports correct marshaling to YAML and JSON. In particular, it marshals into strings, which can be used as map keys in json.", - "type": "string" - }, - "EmptyDirVolumeSource.v1.core.api.k8s.io": { - "description": "Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling.", + "com.github.openshift.api.authorization.v1.NamedRole": { + "description": "NamedRole relates a Role with a name", "type": "object", + "required": [ + "name", + "role" + ], "properties": { - "medium": { - "description": "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "type": "string" + "name": { + "description": "name is the name of the role", + "type": "string", + "default": "" }, - "sizeLimit": { - "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + "role": { + "description": "role is the role being named", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.Role" } } }, - "EndpointAddress.v1.core.api.k8s.io": { - "description": "EndpointAddress is a tuple that describes single IP address. Deprecated: This API is deprecated in v1.33+.", + "com.github.openshift.api.authorization.v1.NamedRoleBinding": { + "description": "NamedRoleBinding relates a role binding with a name", "type": "object", "required": [ - "ip" + "name", + "roleBinding" ], "properties": { - "hostname": { - "description": "The Hostname of this endpoint", - "type": "string" - }, - "ip": { - "description": "The IP of this endpoint. May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10), or link-local multicast (224.0.0.0/24 or ff02::/16).", + "name": { + "description": "name is the name of the role binding", "type": "string", "default": "" }, - "nodeName": { - "description": "Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node.", - "type": "string" - }, - "targetRef": { - "description": "Reference to object providing the endpoint.", - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + "roleBinding": { + "description": "roleBinding is the role binding being named", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.RoleBinding" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "EndpointPort.v1.core.api.k8s.io": { - "description": "EndpointPort is a tuple that describes a single port. Deprecated: This API is deprecated in v1.33+.", + "com.github.openshift.api.authorization.v1.PolicyRule": { + "description": "PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.", "type": "object", "required": [ - "port" + "verbs", + "resources" ], "properties": { - "appProtocol": { - "description": "The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.", - "type": "string" - }, - "name": { - "description": "The name of this port. This must match the 'name' field in the corresponding ServicePort. Must be a DNS_LABEL. Optional only if one port is defined.", - "type": "string" + "apiGroups": { + "description": "apiGroups is the name of the APIGroup that contains the resources. If this field is empty, then both kubernetes and origin API groups are assumed. That means that if an action is requested against one of the enumerated resources in either the kubernetes or the origin API group, the request will be allowed", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "port": { - "description": "The port number of the endpoint.", - "type": "integer", - "format": "int32", - "default": 0 + "attributeRestrictions": { + "description": "attributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder pair supports. If the Authorizer does not recognize how to handle the AttributeRestrictions, the Authorizer should report an error.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "protocol": { - "description": "The IP protocol for this port. Must be UDP, TCP, or SCTP. Default is TCP.\n\nPossible enum values:\n - `\"SCTP\"` is the SCTP protocol.\n - `\"TCP\"` is the TCP protocol.\n - `\"UDP\"` is the UDP protocol.", - "type": "string", - "enum": [ - "SCTP", - "TCP", - "UDP" - ] - } - }, - "x-kubernetes-map-type": "atomic" - }, - "EndpointSubset.v1.core.api.k8s.io": { - "description": "EndpointSubset is a group of addresses with a common set of ports. The expanded set of endpoints is the Cartesian product of Addresses x Ports. For example, given:\n\n\t{\n\t Addresses: [{\"ip\": \"10.10.1.1\"}, {\"ip\": \"10.10.2.2\"}],\n\t Ports: [{\"name\": \"a\", \"port\": 8675}, {\"name\": \"b\", \"port\": 309}]\n\t}\n\nThe resulting set of endpoints can be viewed as:\n\n\ta: [ 10.10.1.1:8675, 10.10.2.2:8675 ],\n\tb: [ 10.10.1.1:309, 10.10.2.2:309 ]\n\nDeprecated: This API is deprecated in v1.33+.", - "type": "object", - "properties": { - "addresses": { - "description": "IP addresses which offer the related ports that are marked as ready. These endpoints should be considered safe for load balancers and clients to utilize.", + "nonResourceURLs": { + "description": "NonResourceURLsSlice is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path This name is intentionally different than the internal type so that the DefaultConvert works nicely and because the ordering may be different.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/EndpointAddress.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "type": "string", + "default": "" + } }, - "notReadyAddresses": { - "description": "IP addresses which offer the related ports but are not currently marked as ready because they have not yet finished starting, have recently failed a readiness check, or have recently failed a liveness check.", + "resourceNames": { + "description": "resourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/EndpointAddress.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "type": "string", + "default": "" + } }, - "ports": { - "description": "Port numbers available on the related IP addresses.", + "resources": { + "description": "resources is a list of resources this rule applies to. ResourceAll represents all resources.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/EndpointPort.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "Endpoints.v1.core.api.k8s.io": { - "description": "Endpoints is a collection of endpoints that implement the actual service. Example:\n\n\t Name: \"mysvc\",\n\t Subsets: [\n\t {\n\t Addresses: [{\"ip\": \"10.10.1.1\"}, {\"ip\": \"10.10.2.2\"}],\n\t Ports: [{\"name\": \"a\", \"port\": 8675}, {\"name\": \"b\", \"port\": 309}]\n\t },\n\t {\n\t Addresses: [{\"ip\": \"10.10.3.3\"}],\n\t Ports: [{\"name\": \"a\", \"port\": 93}, {\"name\": \"b\", \"port\": 76}]\n\t },\n\t]\n\nEndpoints is a legacy API and does not contain information about all Service features. Use discoveryv1.EndpointSlice for complete information about Service endpoints.\n\nDeprecated: This API is deprecated in v1.33+. Use discoveryv1.EndpointSlice.", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "type": "string", + "default": "" + } }, - "subsets": { - "description": "The set of all endpoints is the union of all subsets. Addresses are placed into subsets according to the IPs they share. A single address with multiple ports, some of which are ready and some of which are not (because they come from different containers) will result in the address being displayed in different subsets for the different ports. No address will appear in both Addresses and NotReadyAddresses in the same subset. Sets of addresses and ports that comprise a service.", + "verbs": { + "description": "verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/EndpointSubset.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "type": "string", + "default": "" + } } } }, - "EndpointsList.v1.core.api.k8s.io": { - "description": "EndpointsList is a list of endpoints. Deprecated: This API is deprecated in v1.33+.", + "com.github.openshift.api.authorization.v1.ResourceAccessReview": { + "description": "ResourceAccessReview is a means to request a list of which users and groups are authorized to perform the action specified by spec\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "items" + "namespace", + "verb", + "resourceAPIGroup", + "resourceAPIVersion", + "resource", + "resourceName", + "path", + "isNonResourceURL" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "List of endpoints.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Endpoints.v1.core.api.k8s.io" - } + "content": { + "description": "content is the actual content of the request for create and update", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + }, + "isNonResourceURL": { + "description": "isNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hierarchy)", + "type": "boolean", + "default": false }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "EnvFromSource.v1.core.api.k8s.io": { - "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", - "type": "object", - "properties": { - "configMapRef": { - "description": "The ConfigMap to select from", - "$ref": "#/definitions/ConfigMapEnvSource.v1.core.api.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "prefix": { - "description": "Optional text to prepend to the name of each environment variable. May consist of any printable ASCII characters except '='.", - "type": "string" + "namespace": { + "description": "namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces", + "type": "string", + "default": "" }, - "secretRef": { - "description": "The Secret to select from", - "$ref": "#/definitions/SecretEnvSource.v1.core.api.k8s.io" - } - } - }, - "EnvVar.v1.core.api.k8s.io": { - "description": "EnvVar represents an environment variable present in a Container.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "description": "Name of the environment variable. May consist of any printable ASCII characters except '='.", + "path": { + "description": "path is the path of a non resource URL", "type": "string", "default": "" }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".", - "type": "string" - }, - "valueFrom": { - "description": "Source for the environment variable's value. Cannot be used if value is not empty.", - "$ref": "#/definitions/EnvVarSource.v1.core.api.k8s.io" - } - } - }, - "EnvVarSource.v1.core.api.k8s.io": { - "description": "EnvVarSource represents a source for the value of an EnvVar.", - "type": "object", - "properties": { - "configMapKeyRef": { - "description": "Selects a key of a ConfigMap.", - "$ref": "#/definitions/ConfigMapKeySelector.v1.core.api.k8s.io" + "resource": { + "description": "resource is one of the existing resource types", + "type": "string", + "default": "" }, - "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - "$ref": "#/definitions/ObjectFieldSelector.v1.core.api.k8s.io" + "resourceAPIGroup": { + "description": "Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined", + "type": "string", + "default": "" }, - "fileKeyRef": { - "description": "FileKeyRef selects a key of the env file. Requires the EnvFiles feature gate to be enabled.", - "$ref": "#/definitions/FileKeySelector.v1.core.api.k8s.io" + "resourceAPIVersion": { + "description": "Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined", + "type": "string", + "default": "" }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - "$ref": "#/definitions/ResourceFieldSelector.v1.core.api.k8s.io" + "resourceName": { + "description": "resourceName is the name of the resource being requested for a \"get\" or deleted for a \"delete\"", + "type": "string", + "default": "" }, - "secretKeyRef": { - "description": "Selects a key of a secret in the pod's namespace", - "$ref": "#/definitions/SecretKeySelector.v1.core.api.k8s.io" + "verb": { + "description": "verb is one of: get, list, watch, create, update, delete", + "type": "string", + "default": "" } } }, - "EphemeralContainer.v1.core.api.k8s.io": { - "description": "An EphemeralContainer is a temporary container that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a Pod is removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the Pod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod. Ephemeral containers may not be removed or restarted.", + "com.github.openshift.api.authorization.v1.ResourceAccessReviewResponse": { + "description": "ResourceAccessReviewResponse describes who can perform the action\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "name" + "users", + "groups", + "evalutionError" ], "properties": { - "args": { - "description": "Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "command": { - "description": "Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "env": { - "description": "List of environment variables to set in the container. Cannot be updated.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" - }, - "envFrom": { - "description": "List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/EnvFromSource.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" - }, - "image": { - "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "imagePullPolicy": { - "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images\n\nPossible enum values:\n - `\"Always\"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.\n - `\"IfNotPresent\"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.\n - `\"Never\"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present", - "type": "string", - "enum": [ - "Always", - "IfNotPresent", - "Never" - ] - }, - "lifecycle": { - "description": "Lifecycle is not allowed for ephemeral containers.", - "$ref": "#/definitions/Lifecycle.v1.core.api.k8s.io" - }, - "livenessProbe": { - "description": "Probes are not allowed for ephemeral containers.", - "$ref": "#/definitions/Probe.v1.core.api.k8s.io" - }, - "name": { - "description": "Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.", + "evalutionError": { + "description": "EvaluationError is an indication that some error occurred during resolution, but partial results can still be returned. It is entirely possible to get an error and be able to continue determine authorization status in spite of it. This is most common when a bound role is missing, but enough roles are still present and bound to reason about the request.", "type": "string", "default": "" }, - "ports": { - "description": "Ports are not allowed for ephemeral containers.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/ContainerPort.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "containerPort", - "x-kubernetes-patch-strategy": "merge" - }, - "readinessProbe": { - "description": "Probes are not allowed for ephemeral containers.", - "$ref": "#/definitions/Probe.v1.core.api.k8s.io" - }, - "resizePolicy": { - "description": "Resources resize policy for the container.", + "groups": { + "description": "GroupsSlice is the list of groups who can perform the action", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/ContainerResizePolicy.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "type": "string", + "default": "" + } }, - "resources": { - "description": "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.", - "default": {}, - "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "restartPolicy": { - "description": "Restart policy for the container to manage the restart behavior of each container within a pod. You cannot set this field on ephemeral containers.", + "namespace": { + "description": "namespace is the namespace used for the access review", "type": "string" }, - "restartPolicyRules": { - "description": "Represents a list of rules to be checked to determine if the container should be restarted on exit. You cannot set this field on ephemeral containers.", + "users": { + "description": "UsersSlice is the list of users who can perform the action", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/ContainerRestartRule.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" - }, - "securityContext": { - "description": "Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.", - "$ref": "#/definitions/SecurityContext.v1.core.api.k8s.io" - }, - "startupProbe": { - "description": "Probes are not allowed for ephemeral containers.", - "$ref": "#/definitions/Probe.v1.core.api.k8s.io" - }, - "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", - "type": "boolean" - }, - "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", - "type": "boolean" - }, - "targetContainerName": { - "description": "If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not support namespace targeting then the result of setting this field is undefined.", + "type": "string", + "default": "" + } + } + } + }, + "com.github.openshift.api.authorization.v1.Role": { + "description": "Role is a logical grouping of PolicyRules that can be referenced as a unit by RoleBindings.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "rules" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.\n\nPossible enum values:\n - `\"FallbackToLogsOnError\"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.\n - `\"File\"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.", - "type": "string", - "enum": [ - "FallbackToLogsOnError", - "File" - ] - }, - "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", - "type": "boolean" - }, - "volumeDevices": { - "description": "volumeDevices is the list of block devices to be used by the container.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/VolumeDevice.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "devicePath" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "devicePath", - "x-kubernetes-patch-strategy": "merge" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated.", + "rules": { + "description": "rules holds all the PolicyRules for this Role", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/VolumeMount.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "mountPath", - "x-kubernetes-patch-strategy": "merge" - }, - "workingDir": { - "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.PolicyRule" + } } } }, - "EphemeralContainerCommon.v1.core.api.k8s.io": { - "description": "EphemeralContainerCommon is a copy of all fields in Container to be inlined in EphemeralContainer. This separate type allows easy conversion from EphemeralContainer to Container and allows separate documentation for the fields of EphemeralContainer. When a new field is added to Container it must be added here as well.", + "com.github.openshift.api.authorization.v1.RoleBinding": { + "description": "RoleBinding references a Role, but not contain it. It can reference any Role in the same namespace or in the global namespace. It adds who information via (Users and Groups) OR Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace (excepting the master namespace which has power in all namespaces).\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "name" + "subjects", + "roleRef" ], "properties": { - "args": { - "description": "Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "command": { - "description": "Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "groupNames": { + "description": "groupNames holds all the groups directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "env": { - "description": "List of environment variables to set in the container. Cannot be updated.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" - }, - "envFrom": { - "description": "List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/EnvFromSource.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + } }, - "image": { - "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "imagePullPolicy": { - "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images\n\nPossible enum values:\n - `\"Always\"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.\n - `\"IfNotPresent\"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.\n - `\"Never\"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present", - "type": "string", - "enum": [ - "Always", - "IfNotPresent", - "Never" - ] - }, - "lifecycle": { - "description": "Lifecycle is not allowed for ephemeral containers.", - "$ref": "#/definitions/Lifecycle.v1.core.api.k8s.io" - }, - "livenessProbe": { - "description": "Probes are not allowed for ephemeral containers.", - "$ref": "#/definitions/Probe.v1.core.api.k8s.io" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "name": { - "description": "Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.", - "type": "string", - "default": "" + "roleRef": { + "description": "roleRef can only reference the current namespace and the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. Since Policy is a singleton, this is sufficient knowledge to locate a role.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" }, - "ports": { - "description": "Ports are not allowed for ephemeral containers.", + "subjects": { + "description": "subjects hold object references to authorize with this rule. This field is ignored if UserNames or GroupNames are specified to support legacy clients and servers. Thus newer clients that do not need to support backwards compatibility should send only fully qualified Subjects and should omit the UserNames and GroupNames fields. Clients that need to support backwards compatibility can use this field to build the UserNames and GroupNames.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/ContainerPort.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "containerPort", - "x-kubernetes-patch-strategy": "merge" - }, - "readinessProbe": { - "description": "Probes are not allowed for ephemeral containers.", - "$ref": "#/definitions/Probe.v1.core.api.k8s.io" + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + } }, - "resizePolicy": { - "description": "Resources resize policy for the container.", + "userNames": { + "description": "userNames holds all the usernames directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/ContainerResizePolicy.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" - }, - "resources": { - "description": "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.", - "default": {}, - "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" - }, - "restartPolicy": { - "description": "Restart policy for the container to manage the restart behavior of each container within a pod. You cannot set this field on ephemeral containers.", + "type": "string", + "default": "" + } + } + } + }, + "com.github.openshift.api.authorization.v1.RoleBindingList": { + "description": "RoleBindingList is a collection of RoleBindings\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "restartPolicyRules": { - "description": "Represents a list of rules to be checked to determine if the container should be restarted on exit. You cannot set this field on ephemeral containers.", + "items": { + "description": "items is a list of RoleBindings", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/ContainerRestartRule.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" - }, - "securityContext": { - "description": "Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.", - "$ref": "#/definitions/SecurityContext.v1.core.api.k8s.io" - }, - "startupProbe": { - "description": "Probes are not allowed for ephemeral containers.", - "$ref": "#/definitions/Probe.v1.core.api.k8s.io" - }, - "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", - "type": "boolean" - }, - "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", - "type": "boolean" + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.RoleBinding" + } }, - "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.\n\nPossible enum values:\n - `\"FallbackToLogsOnError\"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.\n - `\"File\"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.", - "type": "string", - "enum": [ - "FallbackToLogsOnError", - "File" - ] - }, - "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", - "type": "boolean" - }, - "volumeDevices": { - "description": "volumeDevices is the list of block devices to be used by the container.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/VolumeDevice.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "devicePath" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "devicePath", - "x-kubernetes-patch-strategy": "merge" - }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/VolumeMount.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "mountPath", - "x-kubernetes-patch-strategy": "merge" - }, - "workingDir": { - "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", - "type": "string" - } - } - }, - "EphemeralVolumeSource.v1.core.api.k8s.io": { - "description": "Represents an ephemeral volume that is handled by a normal storage driver.", - "type": "object", - "properties": { - "volumeClaimTemplate": { - "description": "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes to the PVC after it has been created.\n\nRequired, must not be nil.", - "$ref": "#/definitions/PersistentVolumeClaimTemplate.v1.core.api.k8s.io" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "Event.v1.core.api.k8s.io": { - "description": "Event is a report of an event somewhere in the cluster. Events have a limited retention time and triggers and messages may evolve with time. Event consumers should not rely on the timing of an event with a given Reason reflecting a consistent underlying trigger, or the continued existence of events with that Reason. Events should be treated as informative, best-effort, supplemental data.", + "com.github.openshift.api.authorization.v1.RoleBindingRestriction": { + "description": "RoleBindingRestriction is an object that can be matched against a subject (user, group, or service account) to determine whether rolebindings on that subject are allowed in the namespace to which the RoleBindingRestriction belongs. If any one of those RoleBindingRestriction objects matches a subject, rolebindings on that subject in the namespace are allowed.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "metadata", - "involvedObject" + "spec" ], "properties": { - "action": { - "description": "What action was taken/failed regarding to the Regarding object.", - "type": "string" - }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "count": { - "description": "The number of times this event has occurred.", - "type": "integer", - "format": "int32" - }, - "eventTime": { - "description": "Time when this Event was first observed.", - "$ref": "#/definitions/MicroTime.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "firstTimestamp": { - "description": "The time at which the event was first recorded. (Time of server receipt is in TypeMeta.)", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "involvedObject": { - "description": "The object that this event is about.", - "default": {}, - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "lastTimestamp": { - "description": "The time at which the most recent occurrence of this event was recorded.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "message": { - "description": "A human-readable description of the status of this operation.", - "type": "string" - }, "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "reason": { - "description": "This should be a short, machine understandable string that gives the reason for the transition into the object's current status.", - "type": "string" - }, - "related": { - "description": "Optional secondary object for more complex actions.", - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" - }, - "reportingComponent": { - "description": "Name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`.", - "type": "string", - "default": "" - }, - "reportingInstance": { - "description": "ID of the controller instance, e.g. `kubelet-xyzf`.", - "type": "string", - "default": "" - }, - "series": { - "description": "Data about the Event series this event represents or nil if it's a singleton Event.", - "$ref": "#/definitions/EventSeries.v1.core.api.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "source": { - "description": "The component reporting this event. Should be a short machine understandable string.", + "spec": { + "description": "spec defines the matcher.", "default": {}, - "$ref": "#/definitions/EventSource.v1.core.api.k8s.io" - }, - "type": { - "description": "Type of this event (Normal, Warning), new types could be added in the future", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.RoleBindingRestrictionSpec" } } }, - "EventList.v1.core.api.k8s.io": { - "description": "EventList is a list of events.", + "com.github.openshift.api.authorization.v1.RoleBindingRestrictionList": { + "description": "RoleBindingRestrictionList is a collection of RoleBindingRestriction objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "items" @@ -2730,11 +2052,11 @@ "type": "string" }, "items": { - "description": "List of events", + "description": "items is a list of RoleBindingRestriction objects.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Event.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.RoleBindingRestriction" } }, "kind": { @@ -2742,1946 +2064,2137 @@ "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "EventSeries.v1.core.api.k8s.io": { - "description": "EventSeries contain information on series of events, i.e. thing that was/is happening continuously for some time.", + "com.github.openshift.api.authorization.v1.RoleBindingRestrictionSpec": { + "description": "RoleBindingRestrictionSpec defines a rolebinding restriction. Exactly one field must be non-nil.", "type": "object", + "required": [ + "userrestriction", + "grouprestriction", + "serviceaccountrestriction" + ], "properties": { - "count": { - "description": "Number of occurrences in this series up to the last heartbeat time", - "type": "integer", - "format": "int32" + "grouprestriction": { + "description": "grouprestriction matches against group subjects.", + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.GroupRestriction" }, - "lastObservedTime": { - "description": "Time of the last occurrence observed", - "$ref": "#/definitions/MicroTime.v1.meta.apis.pkg.apimachinery.k8s.io" + "serviceaccountrestriction": { + "description": "serviceaccountrestriction matches against service-account subjects.", + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.ServiceAccountRestriction" + }, + "userrestriction": { + "description": "userrestriction matches against user subjects.", + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.UserRestriction" } } }, - "EventSource.v1.core.api.k8s.io": { - "description": "EventSource contains information for an event.", + "com.github.openshift.api.authorization.v1.RoleList": { + "description": "RoleList is a collection of Roles\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "items" + ], "properties": { - "component": { - "description": "Component from which the event is generated.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "host": { - "description": "Node name on which the event is generated.", + "items": { + "description": "items is a list of Roles", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.Role" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "ExecAction.v1.core.api.k8s.io": { - "description": "ExecAction describes a \"run in container\" action.", + "com.github.openshift.api.authorization.v1.SelfSubjectRulesReview": { + "description": "SelfSubjectRulesReview is a resource you can create to determine which actions you can perform in a namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "spec" + ], "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec adds information about how to conduct the check", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.SelfSubjectRulesReviewSpec" + }, + "status": { + "description": "status is completed by the server to tell which permissions you have", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.SubjectRulesReviewStatus" + } + } + }, + "com.github.openshift.api.authorization.v1.SelfSubjectRulesReviewSpec": { + "description": "SelfSubjectRulesReviewSpec adds information about how to conduct the check", + "type": "object", + "required": [ + "scopes" + ], + "properties": { + "scopes": { + "description": "scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\". Nil means \"use the scopes on this request\".", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } } } }, - "ExpressionWarning.v1.admissionregistration.api.k8s.io": { - "description": "ExpressionWarning is a warning information that targets a specific expression.", + "com.github.openshift.api.authorization.v1.ServiceAccountReference": { + "description": "ServiceAccountReference specifies a service account and namespace by their names.", "type": "object", "required": [ - "fieldRef", - "warning" + "name", + "namespace" ], "properties": { - "fieldRef": { - "description": "The path to the field that refers the expression. For example, the reference to the expression of the first item of validations is \"spec.validations[0].expression\"", + "name": { + "description": "name is the name of the service account.", "type": "string", "default": "" }, - "warning": { - "description": "The content of type checking information in a human-readable form. Each line of the warning contains the type that the expression is checked against, followed by the type check error from the compiler.", + "namespace": { + "description": "namespace is the namespace of the service account. Service accounts from inside the whitelisted namespaces are allowed to be bound to roles. If Namespace is empty, then the namespace of the RoleBindingRestriction in which the ServiceAccountReference is embedded is used.", "type": "string", "default": "" } } }, - "FCVolumeSource.v1.core.api.k8s.io": { - "description": "Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.", + "com.github.openshift.api.authorization.v1.ServiceAccountRestriction": { + "description": "ServiceAccountRestriction matches a service account by a string match on either the service-account name or the name of the service account's namespace.", "type": "object", + "required": [ + "serviceaccounts", + "namespaces" + ], "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "lun": { - "description": "lun is Optional: FC target lun number", - "type": "integer", - "format": "int32" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "targetWWNs": { - "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "wwids": { - "description": "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", + "namespaces": { + "description": "namespaces specifies a list of literal namespace names.", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "FieldSelectorAttributes.v1.authorization.api.k8s.io": { - "description": "FieldSelectorAttributes indicates a field limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.", - "type": "object", - "properties": { - "rawSelector": { - "description": "rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.", - "type": "string" + } }, - "requirements": { - "description": "requirements is the parsed interpretation of a field selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.", + "serviceaccounts": { + "description": "serviceaccounts specifies a list of literal service-account names.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/FieldSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.ServiceAccountReference" + } } } }, - "FieldSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "FieldSelectorRequirement is a selector that contains values, a key, and an operator that relates the key and values.", + "com.github.openshift.api.authorization.v1.SubjectAccessReview": { + "description": "SubjectAccessReview is an object for requesting information about whether a user or group can perform an action\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "key", - "operator" + "namespace", + "verb", + "resourceAPIGroup", + "resourceAPIVersion", + "resource", + "resourceName", + "path", + "isNonResourceURL", + "user", + "groups", + "scopes" ], "properties": { - "key": { - "description": "key is the field selector key that the requirement applies to.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. The list of operators may grow in the future.", - "type": "string", - "default": "" + "content": { + "description": "content is the actual content of the request for create and update", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.", + "groups": { + "description": "GroupsSlice is optional. Groups is the list of groups to which the User belongs.", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "FieldsV1.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format.\n\nEach key is either a '.' representing the field itself, and will always map to an empty set, or a string representing a sub-field or item. The string will follow one of these four formats: 'f:', where is the name of a field in a struct, or key in a map 'v:', where is the exact json formatted value of a list item 'i:', where is position of a item in a list 'k:', where is a map of a list item's key fields to their unique values If a key maps to an empty Fields value, the field that key represents is part of the set.\n\nThe exact format is defined in sigs.k8s.io/structured-merge-diff", - "type": "object" - }, - "FileKeySelector.v1.core.api.k8s.io": { - "description": "FileKeySelector selects a key of the env file.", - "type": "object", - "required": [ - "volumeName", - "path", - "key" - ], - "properties": { - "key": { - "description": "The key within the env file. An invalid key will prevent the pod from starting. The keys defined within a source may consist of any printable ASCII characters except '='. During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.", - "type": "string", - "default": "" + } }, - "optional": { - "description": "Specify whether the file or its key must be defined. If the file or key does not exist, then the env var is not published. If optional is set to true and the specified key does not exist, the environment variable will not be set in the Pod's containers.\n\nIf optional is set to false and the specified key does not exist, an error will be returned during Pod creation.", + "isNonResourceURL": { + "description": "isNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hierarchy)", "type": "boolean", "default": false }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "namespace": { + "description": "namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces", + "type": "string", + "default": "" + }, "path": { - "description": "The path within the volume from which to select the file. Must be relative and may not contain the '..' path or start with '..'.", + "description": "path is the path of a non resource URL", "type": "string", "default": "" }, - "volumeName": { - "description": "The name of the volume mount containing the env file.", + "resource": { + "description": "resource is one of the existing resource types", "type": "string", "default": "" - } - }, - "x-kubernetes-map-type": "atomic" - }, - "FlexPersistentVolumeSource.v1.core.api.k8s.io": { - "description": "FlexPersistentVolumeSource represents a generic persistent volume resource that is provisioned/attached using an exec based plugin.", - "type": "object", - "required": [ - "driver" - ], - "properties": { - "driver": { - "description": "driver is the name of the driver to use for this volume.", + }, + "resourceAPIGroup": { + "description": "Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined", "type": "string", "default": "" }, - "fsType": { - "description": "fsType is the Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", - "type": "string" + "resourceAPIVersion": { + "description": "Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined", + "type": "string", + "default": "" }, - "options": { - "description": "options is Optional: this field holds extra command options if any.", - "type": "object", - "additionalProperties": { + "resourceName": { + "description": "resourceName is the name of the resource being requested for a \"get\" or deleted for a \"delete\"", + "type": "string", + "default": "" + }, + "scopes": { + "description": "scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\". Nil for a self-SAR, means \"use the scopes on this request\". Nil for a regular SAR, means the same as empty.", + "type": "array", + "items": { "type": "string", "default": "" } }, - "readOnly": { - "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" + "user": { + "description": "user is optional. If both User and Groups are empty, the current authenticated user is used.", + "type": "string", + "default": "" }, - "secretRef": { - "description": "secretRef is Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.", - "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" + "verb": { + "description": "verb is one of: get, list, watch, create, update, delete", + "type": "string", + "default": "" } } }, - "FlexVolumeSource.v1.core.api.k8s.io": { - "description": "FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.", + "com.github.openshift.api.authorization.v1.SubjectAccessReviewResponse": { + "description": "SubjectAccessReviewResponse describes whether or not a user or group can perform an action\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "driver" + "allowed" ], "properties": { - "driver": { - "description": "driver is the name of the driver to use for this volume.", - "type": "string", - "default": "" + "allowed": { + "description": "allowed is required. True if the action would be allowed, false otherwise.", + "type": "boolean", + "default": false }, - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "options": { - "description": "options is Optional: this field holds extra command options if any.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "evaluationError": { + "description": "evaluationError is an indication that some error occurred during the authorization check. It is entirely possible to get an error and be able to continue determine authorization status in spite of it. This is most common when a bound role is missing, but enough roles are still present and bound to reason about the request.", + "type": "string" }, - "readOnly": { - "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "secretRef": { - "description": "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + "namespace": { + "description": "namespace is the namespace used for the access review", + "type": "string" + }, + "reason": { + "description": "reason is optional. It indicates why a request was allowed or denied.", + "type": "string" } } }, - "FlockerVolumeSource.v1.core.api.k8s.io": { - "description": "Represents a Flocker volume mounted by the Flocker agent. One and only one of datasetName and datasetUUID should be set. Flocker volumes do not support ownership management or SELinux relabeling.", + "com.github.openshift.api.authorization.v1.SubjectRulesReview": { + "description": "SubjectRulesReview is a resource you can create to determine which actions another user can perform in a namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "spec" + ], "properties": { - "datasetName": { - "description": "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "datasetUUID": { - "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec adds information about how to conduct the check", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.SubjectRulesReviewSpec" + }, + "status": { + "description": "status is completed by the server to tell which permissions you have", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.SubjectRulesReviewStatus" } } }, - "GCEPersistentDiskVolumeSource.v1.core.api.k8s.io": { - "description": "Represents a Persistent Disk resource in Google Compute Engine.\n\nA GCE PD must exist before mounting to a container. The disk must also be in the same GCE project and zone as the kubelet. A GCE PD can only be mounted as read/write once or read-only many times. GCE PDs support ownership management and SELinux relabeling.", + "com.github.openshift.api.authorization.v1.SubjectRulesReviewSpec": { + "description": "SubjectRulesReviewSpec adds information about how to conduct the check", "type": "object", "required": [ - "pdName" + "user", + "groups", + "scopes" ], "properties": { - "fsType": { - "description": "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "string" + "groups": { + "description": "groups is optional. Groups is the list of groups to which the User belongs. At least one of User and Groups must be specified.", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "partition": { - "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "integer", - "format": "int32" + "scopes": { + "description": "scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\".", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "pdName": { - "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "user": { + "description": "user is optional. At least one of User and Groups must be specified.", "type": "string", "default": "" + } + } + }, + "com.github.openshift.api.authorization.v1.SubjectRulesReviewStatus": { + "description": "SubjectRulesReviewStatus is contains the result of a rules check", + "type": "object", + "properties": { + "evaluationError": { + "description": "evaluationError can appear in combination with Rules. It means some error happened during evaluation that may have prevented additional rules from being populated.", + "type": "string" }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "boolean" + "rules": { + "description": "rules is the list of rules (no particular sort) that are allowed for the subject", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.PolicyRule" + } } } }, - "GRPCAction.v1.core.api.k8s.io": { - "description": "GRPCAction specifies an action involving a GRPC service.", + "com.github.openshift.api.authorization.v1.UserRestriction": { + "description": "UserRestriction matches a user either by a string match on the user name, a string match on the name of a group to which the user belongs, or a label selector applied to the user labels.", "type": "object", "required": [ - "port" + "users", + "groups", + "labels" ], "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "type": "integer", - "format": "int32", - "default": 0 + "groups": { + "description": "groups specifies a list of literal group names.", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string", - "default": "" + "labels": { + "description": "Selectors specifies a list of label selectors over user labels.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + } + }, + "users": { + "description": "users specifies a list of literal user names.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "GetOptions.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "GetOptions is the standard query options to the standard REST get call.", + "com.github.openshift.api.build.v1.BinaryBuildRequestOptions": { + "description": "BinaryBuildRequestOptions are the options required to fully speficy a binary build request\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "asFile": { + "description": "asFile determines if the binary should be created as a file within the source rather than extracted as an archive", + "type": "string" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "resourceVersion": { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "revision.authorEmail": { + "description": "revision.authorEmail of the source control user", + "type": "string" + }, + "revision.authorName": { + "description": "revision.authorName of the source control user", + "type": "string" + }, + "revision.commit": { + "description": "revision.commit is the value identifying a specific commit", + "type": "string" + }, + "revision.committerEmail": { + "description": "revision.committerEmail of the source control user", + "type": "string" + }, + "revision.committerName": { + "description": "revision.committerName of the source control user", + "type": "string" + }, + "revision.message": { + "description": "revision.message is the description of a specific commit", "type": "string" } } }, - "GitRepoVolumeSource.v1.core.api.k8s.io": { - "description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.\n\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", + "com.github.openshift.api.build.v1.BinaryBuildSource": { + "description": "BinaryBuildSource describes a binary file to be used for the Docker and Source build strategies, where the file will be extracted and used as the build source.", "type": "object", - "required": [ - "repository" - ], "properties": { - "directory": { - "description": "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.", - "type": "string" - }, - "repository": { - "description": "repository is the URL", - "type": "string", - "default": "" - }, - "revision": { - "description": "revision is the commit hash for the specified revision.", + "asFile": { + "description": "asFile indicates that the provided binary input should be considered a single file within the build input. For example, specifying \"webapp.war\" would place the provided binary as `/webapp.war` for the builder. If left empty, the Docker and Source build strategies assume this file is a zip, tar, or tar.gz file and extract it as the source. The custom strategy receives this binary as standard input. This filename may not contain slashes or be '..' or '.'.", "type": "string" } } }, - "GlusterfsPersistentVolumeSource.v1.core.api.k8s.io": { - "description": "Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.", + "com.github.openshift.api.build.v1.BitbucketWebHookCause": { + "description": "BitbucketWebHookCause has information about a Bitbucket webhook that triggered a build.", "type": "object", - "required": [ - "endpoints", - "path" - ], "properties": { - "endpoints": { - "description": "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string", - "default": "" + "revision": { + "description": "revision is the git source revision information of the trigger.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" }, - "endpointsNamespace": { - "description": "endpointsNamespace is the namespace that contains Glusterfs endpoint. If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "secret": { + "description": "secret is the obfuscated webhook secret that triggered a build.", "type": "string" - }, - "path": { - "description": "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string", - "default": "" - }, - "readOnly": { - "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "boolean" } } }, - "GlusterfsVolumeSource.v1.core.api.k8s.io": { - "description": "Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.", + "com.github.openshift.api.build.v1.Build": { + "description": "Build encapsulates the inputs needed to produce a new deployable image, as well as the status of the execution and a reference to the Pod which executed the build.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "endpoints", - "path" - ], "properties": { - "endpoints": { - "description": "endpoints is the endpoint name that details Glusterfs topology.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "path": { - "description": "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "readOnly": { - "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "boolean" - } - } - }, - "GroupKind.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types", - "type": "object", - "required": [ - "group", - "kind" - ], - "properties": { - "group": { - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "kind": { - "type": "string", - "default": "" - } - } - }, - "GroupResource.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "GroupResource specifies a Group and a Resource, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types", - "type": "object", - "required": [ - "group", - "resource" - ], - "properties": { - "group": { - "type": "string", - "default": "" + "spec": { + "description": "spec is all the inputs used to execute the build.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildSpec" }, - "resource": { - "type": "string", - "default": "" + "status": { + "description": "status is the current status of the build.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildStatus" } } }, - "GroupVersion.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "GroupVersion contains the \"group\" and the \"version\", which uniquely identifies the API.", + "com.github.openshift.api.build.v1.BuildCondition": { + "description": "BuildCondition describes the state of a build at a certain point.", "type": "object", "required": [ - "group", - "version" + "type", + "status" ], "properties": { - "group": { - "type": "string", - "default": "" + "lastTransitionTime": { + "description": "The last time the condition transitioned from one status to another.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, - "version": { - "type": "string", - "default": "" - } - } - }, - "GroupVersionForDiscovery.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "GroupVersion contains the \"group/version\" and \"version\" string of a version. It is made a struct to keep extensibility.", - "type": "object", - "required": [ - "groupVersion", - "version" - ], - "properties": { - "groupVersion": { - "description": "groupVersion specifies the API group and version in the form \"group/version\"", + "lastUpdateTime": { + "description": "The last time this condition was updated.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "message": { + "description": "A human readable message indicating details about the transition.", + "type": "string" + }, + "reason": { + "description": "The reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", "type": "string", "default": "" }, - "version": { - "description": "version specifies the version in the form of \"version\". This is to save the clients the trouble of splitting the GroupVersion.", + "type": { + "description": "type of build condition.", "type": "string", "default": "" } } }, - "GroupVersionKind.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling", + "com.github.openshift.api.build.v1.BuildConfig": { + "description": "Build configurations define a build process for new container images. There are three types of builds possible - a container image build using a Dockerfile, a Source-to-Image build that uses a specially prepared base image that accepts source code that it can make runnable, and a custom build that can run // arbitrary container images as a base and accept the build parameters. Builds run on the cluster and on completion are pushed to the container image registry specified in the \"output\" section. A build can be triggered via a webhook, when the base image changes, or when a user manually requests a new build be // created.\n\nEach build created by a build configuration is numbered and refers back to its parent configuration. Multiple builds can be triggered at once. Builds that do not have \"output\" set can be used to test code or run a verification build.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "group", - "version", - "kind" + "spec" ], "properties": { - "group": { - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, "kind": { - "type": "string", - "default": "" + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "version": { - "type": "string", - "default": "" - } - } - }, - "GroupVersionResource.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "GroupVersionResource unambiguously identifies a resource. It doesn't anonymously include GroupVersion to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling", - "type": "object", - "required": [ - "group", - "version", - "resource" - ], - "properties": { - "group": { - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "resource": { - "type": "string", - "default": "" + "spec": { + "description": "spec holds all the input necessary to produce a new build, and the conditions when to trigger them.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildConfigSpec" }, - "version": { - "type": "string", - "default": "" + "status": { + "description": "status holds any relevant information about a build config", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildConfigStatus" } } }, - "HTTPGetAction.v1.core.api.k8s.io": { - "description": "HTTPGetAction describes an action based on HTTP Get requests.", + "com.github.openshift.api.build.v1.BuildConfigList": { + "description": "BuildConfigList is a collection of BuildConfigs.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "port" + "items" ], "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "items": { + "description": "items is a list of build configs", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/HTTPHeader.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildConfig" + } }, - "path": { - "description": "Path to access on the HTTP server.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "port": { - "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", - "$ref": "#/definitions/IntOrString.intstr.util.pkg.apimachinery.k8s.io" - }, - "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.\n\nPossible enum values:\n - `\"HTTP\"` means that the scheme used will be http://\n - `\"HTTPS\"` means that the scheme used will be https://", - "type": "string", - "enum": [ - "HTTP", - "HTTPS" - ] + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "HTTPHeader.v1.core.api.k8s.io": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "com.github.openshift.api.build.v1.BuildConfigSpec": { + "description": "BuildConfigSpec describes when and how builds are created", "type": "object", "required": [ - "name", - "value" + "strategy" ], "properties": { - "name": { - "description": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", - "type": "string", - "default": "" + "completionDeadlineSeconds": { + "description": "completionDeadlineSeconds is an optional duration in seconds, counted from the time when a build pod gets scheduled in the system, that the build may be active on a node before the system actively tries to terminate the build; value must be positive integer", + "type": "integer", + "format": "int64" }, - "value": { - "description": "The header field value", - "type": "string", - "default": "" + "failedBuildsHistoryLimit": { + "description": "failedBuildsHistoryLimit is the number of old failed builds to retain. When a BuildConfig is created, the 5 most recent failed builds are retained unless this value is set. If removed after the BuildConfig has been created, all failed builds are retained.", + "type": "integer", + "format": "int32" + }, + "mountTrustedCA": { + "description": "mountTrustedCA bind mounts the cluster's trusted certificate authorities, as defined in the cluster's proxy configuration, into the build. This lets processes within a build trust components signed by custom PKI certificate authorities, such as private artifact repositories and HTTPS proxies.\n\nWhen this field is set to true, the contents of `/etc/pki/ca-trust` within the build are managed by the build container, and any changes to this directory or its subdirectories (for example - within a Dockerfile `RUN` instruction) are not persisted in the build's output image.", + "type": "boolean" + }, + "nodeSelector": { + "description": "nodeSelector is a selector which must be true for the build pod to fit on a node If nil, it can be overridden by default build nodeselector values for the cluster. If set to an empty map or a map with any values, default build nodeselector values are ignored.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "output": { + "description": "output describes the container image the Strategy should produce.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildOutput" + }, + "postCommit": { + "description": "postCommit is a build hook executed after the build output image is committed, before it is pushed to a registry.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildPostCommitSpec" + }, + "resources": { + "description": "resources computes resource requirements to execute the build.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" + }, + "revision": { + "description": "revision is the information from the source for a specific repo snapshot. This is optional.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" + }, + "runPolicy": { + "description": "runPolicy describes how the new build created from this build configuration will be scheduled for execution. This is optional, if not specified we default to \"Serial\".", + "type": "string" + }, + "serviceAccount": { + "description": "serviceAccount is the name of the ServiceAccount to use to run the pod created by this build. The pod will be allowed to use secrets referenced by the ServiceAccount", + "type": "string" + }, + "source": { + "description": "source describes the SCM in use.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildSource" + }, + "strategy": { + "description": "strategy defines how to perform a build.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildStrategy" + }, + "successfulBuildsHistoryLimit": { + "description": "successfulBuildsHistoryLimit is the number of old successful builds to retain. When a BuildConfig is created, the 5 most recent successful builds are retained unless this value is set. If removed after the BuildConfig has been created, all successful builds are retained.", + "type": "integer", + "format": "int32" + }, + "triggers": { + "description": "triggers determine how new Builds can be launched from a BuildConfig. If no triggers are defined, a new build can only occur as a result of an explicit client build creation.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildTriggerPolicy" + } } } }, - "HostAlias.v1.core.api.k8s.io": { - "description": "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.", + "com.github.openshift.api.build.v1.BuildConfigStatus": { + "description": "BuildConfigStatus contains current state of the build config object.", "type": "object", - "required": [ - "ip" - ], "properties": { - "hostnames": { - "description": "Hostnames for the above IP address.", + "imageChangeTriggers": { + "description": "imageChangeTriggers captures the runtime state of any ImageChangeTrigger specified in the BuildConfigSpec, including the value reconciled by the OpenShift APIServer for the lastTriggeredImageID. There is a single entry in this array for each image change trigger in spec. Each trigger status references the ImageStreamTag that acts as the source of the trigger.", "type": "array", "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageChangeTriggerStatus" + } }, - "ip": { - "description": "IP address of the host file entry.", - "type": "string", - "default": "" + "lastVersion": { + "description": "lastVersion is used to inform about number of last triggered build.", + "type": "integer", + "format": "int64", + "default": 0 } } }, - "HostIP.v1.core.api.k8s.io": { - "description": "HostIP represents a single IP address allocated to the host.", + "com.github.openshift.api.build.v1.BuildList": { + "description": "BuildList is a collection of Builds.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "ip" + "items" ], "properties": { - "ip": { - "description": "IP is the IP address assigned to the host", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is a list of builds", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.Build" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "HostPathVolumeSource.v1.core.api.k8s.io": { - "description": "Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.", + "com.github.openshift.api.build.v1.BuildLog": { + "description": "BuildLog is the (unused) resource associated with the build log redirector\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "path" - ], "properties": { - "path": { - "description": "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "type": { - "description": "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n\nPossible enum values:\n - `\"\"` For backwards compatible, leave it empty if unset\n - `\"BlockDevice\"` A block device must exist at the given path\n - `\"CharDevice\"` A character device must exist at the given path\n - `\"Directory\"` A directory must exist at the given path\n - `\"DirectoryOrCreate\"` If nothing exists at the given path, an empty directory will be created there as needed with file mode 0755, having the same group and ownership with Kubelet.\n - `\"File\"` A file must exist at the given path\n - `\"FileOrCreate\"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet.\n - `\"Socket\"` A UNIX socket must exist at the given path", - "type": "string", - "enum": [ - "", - "BlockDevice", - "CharDevice", - "Directory", - "DirectoryOrCreate", - "File", - "FileOrCreate", - "Socket" - ] + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" } } }, - "ISCSIPersistentVolumeSource.v1.core.api.k8s.io": { - "description": "ISCSIPersistentVolumeSource represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.", + "com.github.openshift.api.build.v1.BuildLogOptions": { + "description": "BuildLogOptions is the REST options for a build log\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "targetPortal", - "iqn", - "lun" - ], "properties": { - "chapAuthDiscovery": { - "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "container": { + "description": "cointainer for which to stream logs. Defaults to only container if there is one container in the pod.", + "type": "string" + }, + "follow": { + "description": "follow if true indicates that the build log should be streamed until the build terminates.", "type": "boolean" }, - "chapAuthSession": { - "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", + "insecureSkipTLSVerifyBackend": { + "description": "insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the serving certificate of the backend it is connecting to. This will make the HTTPS connection between the apiserver and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real kubelet. If the kubelet is configured to verify the apiserver's TLS credentials, it does not mean the connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept the actual log data coming from the real kubelet).", "type": "boolean" }, - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "initiatorName": { - "description": "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection.", - "type": "string" + "limitBytes": { + "description": "limitBytes, If set, is the number of bytes to read from the server before terminating the log output. This may not display a complete final line of logging, and may return slightly more or slightly less than the specified limit.", + "type": "integer", + "format": "int64" }, - "iqn": { - "description": "iqn is Target iSCSI Qualified Name.", - "type": "string", - "default": "" + "nowait": { + "description": "nowait if true causes the call to return immediately even if the build is not available yet. Otherwise the server will wait until the build has started.", + "type": "boolean" }, - "iscsiInterface": { - "description": "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).", - "type": "string", - "default": "default" + "previous": { + "description": "previous returns previous build logs. Defaults to false.", + "type": "boolean" }, - "lun": { - "description": "lun is iSCSI Target Lun number.", + "sinceSeconds": { + "description": "sinceSeconds is a relative time in seconds before the current time from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", "type": "integer", - "format": "int32", - "default": 0 + "format": "int64" }, - "portals": { - "description": "portals is the iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "sinceTime": { + "description": "sinceTime is an RFC3339 timestamp from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.", - "type": "boolean" + "tailLines": { + "description": "tailLines, If set, is the number of lines from the end of the logs to show. If not specified, logs are shown from the creation of the container or sinceSeconds or sinceTime", + "type": "integer", + "format": "int64" }, - "secretRef": { - "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", - "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" + "timestamps": { + "description": "timestamps, If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line of log output. Defaults to false.", + "type": "boolean" }, - "targetPortal": { - "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", - "type": "string", - "default": "" + "version": { + "description": "version of the build for which to view logs.", + "type": "integer", + "format": "int64" } } }, - "ISCSIVolumeSource.v1.core.api.k8s.io": { - "description": "Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.", + "com.github.openshift.api.build.v1.BuildOutput": { + "description": "BuildOutput is input to a build strategy and describes the container image that the strategy should produce.", "type": "object", - "required": [ - "targetPortal", - "iqn", - "lun" - ], "properties": { - "chapAuthDiscovery": { - "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", - "type": "boolean" - }, - "chapAuthSession": { - "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", - "type": "boolean" + "imageLabels": { + "description": "imageLabels define a list of labels that are applied to the resulting image. If there are multiple labels with the same name then the last one in the list is used.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageLabel" + } }, - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", - "type": "string" + "pushSecret": { + "description": "pushSecret is the name of a Secret that would be used for setting up the authentication for executing the Docker push to authentication enabled Docker Registry (or Docker Hub).", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" }, - "initiatorName": { - "description": "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection.", - "type": "string" + "to": { + "description": "to defines an optional location to push the output of this build to. Kind must be one of 'ImageStreamTag' or 'DockerImage'. This value will be used to look up a container image repository to push to. In the case of an ImageStreamTag, the ImageStreamTag will be looked for in the namespace of the build unless Namespace is specified.", + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + } + } + }, + "com.github.openshift.api.build.v1.BuildPostCommitSpec": { + "description": "A BuildPostCommitSpec holds a build post commit hook specification. The hook executes a command in a temporary container running the build output image, immediately after the last layer of the image is committed and before the image is pushed to a registry. The command is executed with the current working directory ($PWD) set to the image's WORKDIR.\n\nThe build will be marked as failed if the hook execution fails. It will fail if the script or command return a non-zero exit code, or if there is any other error related to starting the temporary container.\n\nThere are five different ways to configure the hook. As an example, all forms below are equivalent and will execute `rake test --verbose`.\n\n1. Shell script:\n\n\t \"postCommit\": {\n\t \"script\": \"rake test --verbose\",\n\t }\n\n\tThe above is a convenient form which is equivalent to:\n\n\t \"postCommit\": {\n\t \"command\": [\"/bin/sh\", \"-ic\"],\n\t \"args\": [\"rake test --verbose\"]\n\t }\n\n2. A command as the image entrypoint:\n\n\t \"postCommit\": {\n\t \"commit\": [\"rake\", \"test\", \"--verbose\"]\n\t }\n\n\tCommand overrides the image entrypoint in the exec form, as documented in\n\tDocker: https://docs.docker.com/engine/reference/builder/#entrypoint.\n\n3. Pass arguments to the default entrypoint:\n\n\t \"postCommit\": {\n\t\t\t \"args\": [\"rake\", \"test\", \"--verbose\"]\n\t\t }\n\n\t This form is only useful if the image entrypoint can handle arguments.\n\n4. Shell script with arguments:\n\n\t \"postCommit\": {\n\t \"script\": \"rake test $1\",\n\t \"args\": [\"--verbose\"]\n\t }\n\n\tThis form is useful if you need to pass arguments that would otherwise be\n\thard to quote properly in the shell script. In the script, $0 will be\n\t\"/bin/sh\" and $1, $2, etc, are the positional arguments from Args.\n\n5. Command with arguments:\n\n\t \"postCommit\": {\n\t \"command\": [\"rake\", \"test\"],\n\t \"args\": [\"--verbose\"]\n\t }\n\n\tThis form is equivalent to appending the arguments to the Command slice.\n\nIt is invalid to provide both Script and Command simultaneously. If none of the fields are specified, the hook is not executed.", + "type": "object", + "properties": { + "args": { + "description": "args is a list of arguments that are provided to either Command, Script or the container image's default entrypoint. The arguments are placed immediately after the command to be run.", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "iqn": { - "description": "iqn is the target iSCSI Qualified Name.", - "type": "string", - "default": "" - }, - "iscsiInterface": { - "description": "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).", - "type": "string", - "default": "default" - }, - "lun": { - "description": "lun represents iSCSI Target Lun number.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "portals": { - "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", + "command": { + "description": "command is the command to run. It may not be specified with Script. This might be needed if the image doesn't have `/bin/sh`, or if you do not want to use a shell. In all other cases, using Script might be more convenient.", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + } }, - "targetPortal": { - "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", - "type": "string", - "default": "" + "script": { + "description": "script is a shell script to be run with `/bin/sh -ic`. It may not be specified with Command. Use Script when a shell script is appropriate to execute the post build hook, for example for running unit tests with `rake test`. If you need control over the image entrypoint, or if the image does not have `/bin/sh`, use Command and/or Args. The `-i` flag is needed to support CentOS and RHEL images that use Software Collections (SCL), in order to have the appropriate collections enabled in the shell. E.g., in the Ruby image, this is necessary to make `ruby`, `bundle` and other binaries available in the PATH.", + "type": "string" } } }, - "ImageVolumeSource.v1.core.api.k8s.io": { - "description": "ImageVolumeSource represents a image volume resource.", + "com.github.openshift.api.build.v1.BuildRequest": { + "description": "BuildRequest is the resource used to pass parameters to build generator\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "properties": { - "pullPolicy": { - "description": "Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.\n\nPossible enum values:\n - `\"Always\"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.\n - `\"IfNotPresent\"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.\n - `\"Never\"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present", - "type": "string", - "enum": [ - "Always", - "IfNotPresent", - "Never" - ] + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "reference": { - "description": "Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", + "binary": { + "description": "binary indicates a request to build from a binary provided to the builder", + "$ref": "#/definitions/com.github.openshift.api.build.v1.BinaryBuildSource" + }, + "dockerStrategyOptions": { + "description": "dockerStrategyOptions contains additional docker-strategy specific options for the build", + "$ref": "#/definitions/com.github.openshift.api.build.v1.DockerStrategyOptions" + }, + "env": { + "description": "env contains additional environment variables you want to pass into a builder container.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + } + }, + "from": { + "description": "from is the reference to the ImageStreamTag that triggered the build.", + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "lastVersion": { + "description": "lastVersion (optional) is the LastVersion of the BuildConfig that was used to generate the build. If the BuildConfig in the generator doesn't match, a build will not be generated.", + "type": "integer", + "format": "int64" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "revision": { + "description": "revision is the information from the source for a specific repo snapshot.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" + }, + "sourceStrategyOptions": { + "description": "sourceStrategyOptions contains additional source-strategy specific options for the build", + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceStrategyOptions" + }, + "triggeredBy": { + "description": "triggeredBy describes which triggers started the most recent update to the build configuration and contains information about those triggers.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildTriggerCause" + } + }, + "triggeredByImage": { + "description": "triggeredByImage is the Image that triggered this build.", + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" } } }, - "IntOrString.intstr.util.pkg.apimachinery.k8s.io": { - "description": "IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number.", - "type": "string", - "format": "int-or-string" - }, - "InternalEvent.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "InternalEvent makes watch.Event versioned", + "com.github.openshift.api.build.v1.BuildSource": { + "description": "BuildSource is the SCM used for the build.", "type": "object", - "required": [ - "Type", - "Object" - ], "properties": { - "Object": { - "description": "Object is:\n * If Type is Added or Modified: the new state of the object.\n * If Type is Deleted: the state of the object immediately before deletion.\n * If Type is Bookmark: the object (instance of a type being watched) where\n only ResourceVersion field is set. On successful restart of watch from a\n bookmark resourceVersion, client is guaranteed to not get repeat event\n nor miss any events.\n * If Type is Error: *api.Status is recommended; other types may make sense\n depending on context." + "binary": { + "description": "binary builds accept a binary as their input. The binary is generally assumed to be a tar, gzipped tar, or zip file depending on the strategy. For container image builds, this is the build context and an optional Dockerfile may be specified to override any Dockerfile in the build context. For Source builds, this is assumed to be an archive as described above. For Source and container image builds, if binary.asFile is set the build will receive a directory with a single file. contextDir may be used when an archive is provided. Custom builds will receive this binary as input on STDIN.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.BinaryBuildSource" }, - "Type": { - "type": "string", - "default": "" + "configMaps": { + "description": "configMaps represents a list of configMaps and their destinations that will be used for the build.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.ConfigMapBuildSource" + } + }, + "contextDir": { + "description": "contextDir specifies the sub-directory where the source code for the application exists. This allows to have buildable sources in directory other than root of repository.", + "type": "string" + }, + "dockerfile": { + "description": "dockerfile is the raw contents of a Dockerfile which should be built. When this option is specified, the FROM may be modified based on your strategy base image and additional ENV stanzas from your strategy environment will be added after the FROM, but before the rest of your Dockerfile stanzas. The Dockerfile source type may be used with other options like git - in those cases the Git repo will have any innate Dockerfile replaced in the context dir.", + "type": "string" + }, + "git": { + "description": "git contains optional information about git build source", + "$ref": "#/definitions/com.github.openshift.api.build.v1.GitBuildSource" + }, + "images": { + "description": "images describes a set of images to be used to provide source for the build", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageSource" + } + }, + "secrets": { + "description": "secrets represents a list of secrets and their destinations that will be used only for the build.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.SecretBuildSource" + } + }, + "sourceSecret": { + "description": "sourceSecret is the name of a Secret that would be used for setting up the authentication for cloning private repository. The secret contains valid credentials for remote repository, where the data's key represent the authentication method to be used and value is the base64 encoded credentials. Supported auth methods are: ssh-privatekey.", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "type": { + "description": "type of build input to accept", + "type": "string" } } }, - "KeyToPath.v1.core.api.k8s.io": { - "description": "Maps a string key to a path within a volume.", + "com.github.openshift.api.build.v1.BuildSpec": { + "description": "BuildSpec has the information to represent a build and also additional information about a build", "type": "object", "required": [ - "key", - "path" + "strategy" ], "properties": { - "key": { - "description": "key is the key to project.", - "type": "string", - "default": "" - }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "completionDeadlineSeconds": { + "description": "completionDeadlineSeconds is an optional duration in seconds, counted from the time when a build pod gets scheduled in the system, that the build may be active on a node before the system actively tries to terminate the build; value must be positive integer", "type": "integer", - "format": "int32" + "format": "int64" }, - "path": { - "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", - "type": "string", - "default": "" - } - } - }, - "LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.", - "type": "object", - "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/LabelSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "mountTrustedCA": { + "description": "mountTrustedCA bind mounts the cluster's trusted certificate authorities, as defined in the cluster's proxy configuration, into the build. This lets processes within a build trust components signed by custom PKI certificate authorities, such as private artifact repositories and HTTPS proxies.\n\nWhen this field is set to true, the contents of `/etc/pki/ca-trust` within the build are managed by the build container, and any changes to this directory or its subdirectories (for example - within a Dockerfile `RUN` instruction) are not persisted in the build's output image.", + "type": "boolean" }, - "matchLabels": { - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "nodeSelector": { + "description": "nodeSelector is a selector which must be true for the build pod to fit on a node If nil, it can be overridden by default build nodeselector values for the cluster. If set to an empty map or a map with any values, default build nodeselector values are ignored.", "type": "object", "additionalProperties": { "type": "string", "default": "" } - } - }, - "x-kubernetes-map-type": "atomic" - }, - "LabelSelectorAttributes.v1.authorization.api.k8s.io": { - "description": "LabelSelectorAttributes indicates a label limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.", - "type": "object", - "properties": { - "rawSelector": { - "description": "rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.", + }, + "output": { + "description": "output describes the container image the Strategy should produce.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildOutput" + }, + "postCommit": { + "description": "postCommit is a build hook executed after the build output image is committed, before it is pushed to a registry.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildPostCommitSpec" + }, + "resources": { + "description": "resources computes resource requirements to execute the build.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" + }, + "revision": { + "description": "revision is the information from the source for a specific repo snapshot. This is optional.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" + }, + "serviceAccount": { + "description": "serviceAccount is the name of the ServiceAccount to use to run the pod created by this build. The pod will be allowed to use secrets referenced by the ServiceAccount", "type": "string" }, - "requirements": { - "description": "requirements is the parsed interpretation of a label selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.", + "source": { + "description": "source describes the SCM in use.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildSource" + }, + "strategy": { + "description": "strategy defines how to perform a build.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildStrategy" + }, + "triggeredBy": { + "description": "triggeredBy describes which triggers started the most recent update to the build configuration and contains information about those triggers.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/LabelSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildTriggerCause" + } } } }, - "LabelSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "com.github.openshift.api.build.v1.BuildStatus": { + "description": "BuildStatus contains the status of a build", "type": "object", - "required": [ - "key", - "operator" - ], "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string", - "default": "" + "cancelled": { + "description": "cancelled describes if a cancel event was triggered for the build.", + "type": "boolean" }, - "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "completionTimestamp": { + "description": "completionTimestamp is a timestamp representing the server time when this Build was finished, whether that build failed or succeeded. It reflects the time at which the Pod running the Build terminated. It is represented in RFC3339 form and is in UTC.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "conditions": { + "description": "conditions represents the latest available observations of a build's current state.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildCondition" + }, + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, + "config": { + "description": "config is an ObjectReference to the BuildConfig this Build is based on.", + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + }, + "duration": { + "description": "duration contains time.Duration object describing build time.", + "type": "integer", + "format": "int64" + }, + "logSnippet": { + "description": "logSnippet is the last few lines of the build log. This value is only set for builds that failed.", + "type": "string" + }, + "message": { + "description": "message is a human-readable message indicating details about why the build has this status.", + "type": "string" + }, + "output": { + "description": "output describes the container image the build has produced.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildStatusOutput" + }, + "outputDockerImageReference": { + "description": "outputDockerImageReference contains a reference to the container image that will be built by this build. Its value is computed from Build.Spec.Output.To, and should include the registry address, so that it can be used to push and pull the image.", + "type": "string" + }, + "phase": { + "description": "phase is the point in the build lifecycle. Possible values are \"New\", \"Pending\", \"Running\", \"Complete\", \"Failed\", \"Error\", and \"Cancelled\".", "type": "string", "default": "" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "reason": { + "description": "reason is a brief CamelCase string that describes any failure and is meant for machine parsing and tidy display in the CLI.", + "type": "string" + }, + "stages": { + "description": "stages contains details about each stage that occurs during the build including start time, duration (in milliseconds), and the steps that occured within each stage.", "type": "array", "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.StageInfo" + } + }, + "startTimestamp": { + "description": "startTimestamp is a timestamp representing the server time when this Build started running in a Pod. It is represented in RFC3339 form and is in UTC.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" } } }, - "Lifecycle.v1.core.api.k8s.io": { - "description": "Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.", + "com.github.openshift.api.build.v1.BuildStatusOutput": { + "description": "BuildStatusOutput contains the status of the built image.", "type": "object", "properties": { - "postStart": { - "description": "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "$ref": "#/definitions/LifecycleHandler.v1.core.api.k8s.io" - }, - "preStop": { - "description": "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "$ref": "#/definitions/LifecycleHandler.v1.core.api.k8s.io" - }, - "stopSignal": { - "description": "StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name\n\nPossible enum values:\n - `\"SIGABRT\"`\n - `\"SIGALRM\"`\n - `\"SIGBUS\"`\n - `\"SIGCHLD\"`\n - `\"SIGCLD\"`\n - `\"SIGCONT\"`\n - `\"SIGFPE\"`\n - `\"SIGHUP\"`\n - `\"SIGILL\"`\n - `\"SIGINT\"`\n - `\"SIGIO\"`\n - `\"SIGIOT\"`\n - `\"SIGKILL\"`\n - `\"SIGPIPE\"`\n - `\"SIGPOLL\"`\n - `\"SIGPROF\"`\n - `\"SIGPWR\"`\n - `\"SIGQUIT\"`\n - `\"SIGRTMAX\"`\n - `\"SIGRTMAX-1\"`\n - `\"SIGRTMAX-10\"`\n - `\"SIGRTMAX-11\"`\n - `\"SIGRTMAX-12\"`\n - `\"SIGRTMAX-13\"`\n - `\"SIGRTMAX-14\"`\n - `\"SIGRTMAX-2\"`\n - `\"SIGRTMAX-3\"`\n - `\"SIGRTMAX-4\"`\n - `\"SIGRTMAX-5\"`\n - `\"SIGRTMAX-6\"`\n - `\"SIGRTMAX-7\"`\n - `\"SIGRTMAX-8\"`\n - `\"SIGRTMAX-9\"`\n - `\"SIGRTMIN\"`\n - `\"SIGRTMIN+1\"`\n - `\"SIGRTMIN+10\"`\n - `\"SIGRTMIN+11\"`\n - `\"SIGRTMIN+12\"`\n - `\"SIGRTMIN+13\"`\n - `\"SIGRTMIN+14\"`\n - `\"SIGRTMIN+15\"`\n - `\"SIGRTMIN+2\"`\n - `\"SIGRTMIN+3\"`\n - `\"SIGRTMIN+4\"`\n - `\"SIGRTMIN+5\"`\n - `\"SIGRTMIN+6\"`\n - `\"SIGRTMIN+7\"`\n - `\"SIGRTMIN+8\"`\n - `\"SIGRTMIN+9\"`\n - `\"SIGSEGV\"`\n - `\"SIGSTKFLT\"`\n - `\"SIGSTOP\"`\n - `\"SIGSYS\"`\n - `\"SIGTERM\"`\n - `\"SIGTRAP\"`\n - `\"SIGTSTP\"`\n - `\"SIGTTIN\"`\n - `\"SIGTTOU\"`\n - `\"SIGURG\"`\n - `\"SIGUSR1\"`\n - `\"SIGUSR2\"`\n - `\"SIGVTALRM\"`\n - `\"SIGWINCH\"`\n - `\"SIGXCPU\"`\n - `\"SIGXFSZ\"`", - "type": "string", - "enum": [ - "SIGABRT", - "SIGALRM", - "SIGBUS", - "SIGCHLD", - "SIGCLD", - "SIGCONT", - "SIGFPE", - "SIGHUP", - "SIGILL", - "SIGINT", - "SIGIO", - "SIGIOT", - "SIGKILL", - "SIGPIPE", - "SIGPOLL", - "SIGPROF", - "SIGPWR", - "SIGQUIT", - "SIGRTMAX", - "SIGRTMAX-1", - "SIGRTMAX-10", - "SIGRTMAX-11", - "SIGRTMAX-12", - "SIGRTMAX-13", - "SIGRTMAX-14", - "SIGRTMAX-2", - "SIGRTMAX-3", - "SIGRTMAX-4", - "SIGRTMAX-5", - "SIGRTMAX-6", - "SIGRTMAX-7", - "SIGRTMAX-8", - "SIGRTMAX-9", - "SIGRTMIN", - "SIGRTMIN+1", - "SIGRTMIN+10", - "SIGRTMIN+11", - "SIGRTMIN+12", - "SIGRTMIN+13", - "SIGRTMIN+14", - "SIGRTMIN+15", - "SIGRTMIN+2", - "SIGRTMIN+3", - "SIGRTMIN+4", - "SIGRTMIN+5", - "SIGRTMIN+6", - "SIGRTMIN+7", - "SIGRTMIN+8", - "SIGRTMIN+9", - "SIGSEGV", - "SIGSTKFLT", - "SIGSTOP", - "SIGSYS", - "SIGTERM", - "SIGTRAP", - "SIGTSTP", - "SIGTTIN", - "SIGTTOU", - "SIGURG", - "SIGUSR1", - "SIGUSR2", - "SIGVTALRM", - "SIGWINCH", - "SIGXCPU", - "SIGXFSZ" - ] + "to": { + "description": "to describes the status of the built image being pushed to a registry.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildStatusOutputTo" } } }, - "LifecycleHandler.v1.core.api.k8s.io": { - "description": "LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.", + "com.github.openshift.api.build.v1.BuildStatusOutputTo": { + "description": "BuildStatusOutputTo describes the status of the built image with regards to image registry to which it was supposed to be pushed.", "type": "object", "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "$ref": "#/definitions/ExecAction.v1.core.api.k8s.io" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "$ref": "#/definitions/HTTPGetAction.v1.core.api.k8s.io" - }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "$ref": "#/definitions/SleepAction.v1.core.api.k8s.io" - }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified.", - "$ref": "#/definitions/TCPSocketAction.v1.core.api.k8s.io" + "imageDigest": { + "description": "imageDigest is the digest of the built container image. The digest uniquely identifies the image in the registry to which it was pushed.\n\nPlease note that this field may not always be set even if the push completes successfully - e.g. when the registry returns no digest or returns it in a format that the builder doesn't understand.", + "type": "string" } } }, - "LimitRange.v1.core.api.k8s.io": { - "description": "LimitRange sets resource usage limits for each kind of resource in a Namespace.", + "com.github.openshift.api.build.v1.BuildStrategy": { + "description": "BuildStrategy contains the details of how to perform a build.", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "customStrategy": { + "description": "customStrategy holds the parameters to the Custom build strategy", + "$ref": "#/definitions/com.github.openshift.api.build.v1.CustomBuildStrategy" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "dockerStrategy": { + "description": "dockerStrategy holds the parameters to the container image build strategy.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.DockerBuildStrategy" }, - "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "jenkinsPipelineStrategy": { + "description": "jenkinsPipelineStrategy holds the parameters to the Jenkins Pipeline build strategy. Deprecated: use OpenShift Pipelines", + "$ref": "#/definitions/com.github.openshift.api.build.v1.JenkinsPipelineBuildStrategy" }, - "spec": { - "description": "Spec defines the limits enforced. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "default": {}, - "$ref": "#/definitions/LimitRangeSpec.v1.core.api.k8s.io" + "sourceStrategy": { + "description": "sourceStrategy holds the parameters to the Source build strategy.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceBuildStrategy" + }, + "type": { + "description": "type is the kind of build strategy.", + "type": "string" } } }, - "LimitRangeItem.v1.core.api.k8s.io": { - "description": "LimitRangeItem defines a min/max usage limit for any resource that matches on kind.", + "com.github.openshift.api.build.v1.BuildTriggerCause": { + "description": "BuildTriggerCause holds information about a triggered build. It is used for displaying build trigger data for each build and build configuration in oc describe. It is also used to describe which triggers led to the most recent update in the build configuration.", "type": "object", - "required": [ - "type" - ], "properties": { - "default": { - "description": "Default resource requirement limit value by resource name if resource limit is omitted.", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" - } + "bitbucketWebHook": { + "description": "bitbucketWebHook represents data for a Bitbucket webhook that fired a specific build.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.BitbucketWebHookCause" }, - "defaultRequest": { - "description": "DefaultRequest is the default resource requirement request value by resource name if resource request is omitted.", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" - } + "genericWebHook": { + "description": "genericWebHook holds data about a builds generic webhook trigger.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.GenericWebHookCause" }, - "max": { - "description": "Max usage constraints on this kind by resource name.", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" - } + "githubWebHook": { + "description": "githubWebHook represents data for a GitHub webhook that fired a specific build.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.GitHubWebHookCause" }, - "maxLimitRequestRatio": { - "description": "MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource.", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" - } + "gitlabWebHook": { + "description": "gitlabWebHook represents data for a GitLab webhook that fired a specific build.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.GitLabWebHookCause" }, - "min": { - "description": "Min usage constraints on this kind by resource name.", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" - } + "imageChangeBuild": { + "description": "imageChangeBuild stores information about an imagechange event that triggered a new build.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageChangeCause" }, - "type": { - "description": "Type of resource that this limit applies to.", - "type": "string", - "default": "" + "message": { + "description": "message is used to store a human readable message for why the build was triggered. E.g.: \"Manually triggered by user\", \"Configuration change\",etc.", + "type": "string" } } }, - "LimitRangeList.v1.core.api.k8s.io": { - "description": "LimitRangeList is a list of LimitRange items.", + "com.github.openshift.api.build.v1.BuildTriggerPolicy": { + "description": "BuildTriggerPolicy describes a policy for a single trigger that results in a new Build.", "type": "object", "required": [ - "items" + "type" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "bitbucket": { + "description": "BitbucketWebHook contains the parameters for a Bitbucket webhook type of trigger", + "$ref": "#/definitions/com.github.openshift.api.build.v1.WebHookTrigger" }, - "items": { - "description": "Items is a list of LimitRange objects. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/LimitRange.v1.core.api.k8s.io" - } + "generic": { + "description": "generic contains the parameters for a Generic webhook type of trigger", + "$ref": "#/definitions/com.github.openshift.api.build.v1.WebHookTrigger" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "github": { + "description": "github contains the parameters for a GitHub webhook type of trigger", + "$ref": "#/definitions/com.github.openshift.api.build.v1.WebHookTrigger" }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "gitlab": { + "description": "GitLabWebHook contains the parameters for a GitLab webhook type of trigger", + "$ref": "#/definitions/com.github.openshift.api.build.v1.WebHookTrigger" + }, + "imageChange": { + "description": "imageChange contains parameters for an ImageChange type of trigger", + "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageChangeTrigger" + }, + "type": { + "description": "type is the type of build trigger. Valid values:\n\n- GitHub GitHubWebHookBuildTriggerType represents a trigger that launches builds on GitHub webhook invocations\n\n- Generic GenericWebHookBuildTriggerType represents a trigger that launches builds on generic webhook invocations\n\n- GitLab GitLabWebHookBuildTriggerType represents a trigger that launches builds on GitLab webhook invocations\n\n- Bitbucket BitbucketWebHookBuildTriggerType represents a trigger that launches builds on Bitbucket webhook invocations\n\n- ImageChange ImageChangeBuildTriggerType represents a trigger that launches builds on availability of a new version of an image\n\n- ConfigChange ConfigChangeBuildTriggerType will trigger a build on an initial build config creation WARNING: In the future the behavior will change to trigger a build on any config change", + "type": "string", + "default": "" } } }, - "LimitRangeSpec.v1.core.api.k8s.io": { - "description": "LimitRangeSpec defines a min/max usage limit for resources that match on kind.", + "com.github.openshift.api.build.v1.BuildVolume": { + "description": "BuildVolume describes a volume that is made available to build pods, such that it can be mounted into buildah's runtime environment. Only a subset of Kubernetes Volume sources are supported.", "type": "object", "required": [ - "limits" + "name", + "source", + "mounts" ], "properties": { - "limits": { - "description": "Limits is the list of LimitRangeItem objects that are enforced.", + "mounts": { + "description": "mounts represents the location of the volume in the image build container", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/LimitRangeItem.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildVolumeMount" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "destinationPath" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "destinationPath", + "x-kubernetes-patch-strategy": "merge" + }, + "name": { + "description": "name is a unique identifier for this BuildVolume. It must conform to the Kubernetes DNS label standard and be unique within the pod. Names that collide with those added by the build controller will result in a failed build with an error message detailing which name caused the error. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string", + "default": "" + }, + "source": { + "description": "source represents the location and type of the mounted volume.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildVolumeSource" } } }, - "LinuxContainerUser.v1.core.api.k8s.io": { - "description": "LinuxContainerUser represents user identity information in Linux containers", + "com.github.openshift.api.build.v1.BuildVolumeMount": { + "description": "BuildVolumeMount describes the mounting of a Volume within buildah's runtime environment.", "type": "object", "required": [ - "uid", - "gid" + "destinationPath" ], "properties": { - "gid": { - "description": "GID is the primary gid initially attached to the first process in the container", - "type": "integer", - "format": "int64", - "default": 0 - }, - "supplementalGroups": { - "description": "SupplementalGroups are the supplemental groups initially attached to the first process in the container", - "type": "array", - "items": { - "type": "integer", - "format": "int64", - "default": 0 - }, - "x-kubernetes-list-type": "atomic" - }, - "uid": { - "description": "UID is the primary uid initially attached to the first process in the container", - "type": "integer", - "format": "int64", - "default": 0 + "destinationPath": { + "description": "destinationPath is the path within the buildah runtime environment at which the volume should be mounted. The transient mount within the build image and the backing volume will both be mounted read only. Must be an absolute path, must not contain '..' or ':', and must not collide with a destination path generated by the builder process Paths that collide with those added by the build controller will result in a failed build with an error message detailing which path caused the error.", + "type": "string", + "default": "" } } }, - "List.v1.core.api.k8s.io": { - "description": "List holds a list of objects, which may not be known by the server.", + "com.github.openshift.api.build.v1.BuildVolumeSource": { + "description": "BuildVolumeSource represents the source of a volume to mount Only one of its supported types may be specified at any given time.", "type": "object", "required": [ - "items" + "type" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "configMap": { + "description": "configMap represents a ConfigMap that should populate this volume", + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapVolumeSource" }, - "items": { - "description": "List of objects", - "type": "array", - "items": { - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" - } + "csi": { + "description": "csi represents ephemeral storage provided by external CSI drivers which support this capability", + "$ref": "#/definitions/io.k8s.api.core.v1.CSIVolumeSource" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "secret": { + "description": "secret represents a Secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "$ref": "#/definitions/io.k8s.api.core.v1.SecretVolumeSource" }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "type": { + "description": "type is the BuildVolumeSourceType for the volume source. Type must match the populated volume source. Valid types are: Secret, ConfigMap", + "type": "string", + "default": "" } } }, - "List.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "List holds a list of objects, which may not be known by the server.", + "com.github.openshift.api.build.v1.CommonSpec": { + "description": "CommonSpec encapsulates all the inputs necessary to represent a build.", "type": "object", "required": [ - "items" + "strategy" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "completionDeadlineSeconds": { + "description": "completionDeadlineSeconds is an optional duration in seconds, counted from the time when a build pod gets scheduled in the system, that the build may be active on a node before the system actively tries to terminate the build; value must be positive integer", + "type": "integer", + "format": "int64" }, - "items": { - "description": "List of objects", - "type": "array", - "items": { - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "mountTrustedCA": { + "description": "mountTrustedCA bind mounts the cluster's trusted certificate authorities, as defined in the cluster's proxy configuration, into the build. This lets processes within a build trust components signed by custom PKI certificate authorities, such as private artifact repositories and HTTPS proxies.\n\nWhen this field is set to true, the contents of `/etc/pki/ca-trust` within the build are managed by the build container, and any changes to this directory or its subdirectories (for example - within a Dockerfile `RUN` instruction) are not persisted in the build's output image.", + "type": "boolean" + }, + "nodeSelector": { + "description": "nodeSelector is a selector which must be true for the build pod to fit on a node If nil, it can be overridden by default build nodeselector values for the cluster. If set to an empty map or a map with any values, default build nodeselector values are ignored.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "output": { + "description": "output describes the container image the Strategy should produce.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildOutput" + }, + "postCommit": { + "description": "postCommit is a build hook executed after the build output image is committed, before it is pushed to a registry.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildPostCommitSpec" + }, + "resources": { + "description": "resources computes resource requirements to execute the build.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" + }, + "revision": { + "description": "revision is the information from the source for a specific repo snapshot. This is optional.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" + }, + "serviceAccount": { + "description": "serviceAccount is the name of the ServiceAccount to use to run the pod created by this build. The pod will be allowed to use secrets referenced by the ServiceAccount", "type": "string" }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "source": { + "description": "source describes the SCM in use.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildSource" + }, + "strategy": { + "description": "strategy defines how to perform a build.", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildStrategy" } } }, - "ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.", + "com.github.openshift.api.build.v1.CommonWebHookCause": { + "description": "CommonWebHookCause factors out the identical format of these webhook causes into struct so we can share it in the specific causes; it is too late for GitHub and Generic but we can leverage this pattern with GitLab and Bitbucket.", "type": "object", "properties": { - "continue": { - "description": "continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message.", - "type": "string" - }, - "remainingItemCount": { - "description": "remainingItemCount is the number of subsequent items in the list which are not included in this list response. If the list request contained label or field selectors, then the number of remaining items is unknown and the field will be left unset and omitted during serialization. If the list is complete (either because it is not chunking or because this is the last chunk), then there are no more remaining items and this field will be left unset and omitted during serialization. Servers older than v1.15 do not set this field. The intended use of the remainingItemCount is *estimating* the size of a collection. Clients should not rely on the remainingItemCount to be set or to be exact.", - "type": "integer", - "format": "int64" - }, - "resourceVersion": { - "description": "String that identifies the server's internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" + "revision": { + "description": "revision is the git source revision information of the trigger.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" }, - "selfLink": { - "description": "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.", + "secret": { + "description": "secret is the obfuscated webhook secret that triggered a build.", "type": "string" } } }, - "ListOptions.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "ListOptions is the query options to a standard REST list call.", + "com.github.openshift.api.build.v1.ConfigMapBuildSource": { + "description": "ConfigMapBuildSource describes a configmap and its destination directory that will be used only at the build time. The content of the configmap referenced here will be copied into the destination directory instead of mounting.", "type": "object", + "required": [ + "configMap" + ], "properties": { - "allowWatchBookmarks": { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "type": "boolean" - }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "continue": { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "type": "string" - }, - "fieldSelector": { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", - "type": "string" + "configMap": { + "description": "configMap is a reference to an existing configmap that you want to use in your build.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "destinationDir": { + "description": "destinationDir is the directory where the files from the configmap should be available for the build time. For the Source build strategy, these will be injected into a container where the assemble script runs. For the container image build strategy, these will be copied into the build directory, where the Dockerfile is located, so users can ADD or COPY them during container image build.", "type": "string" - }, - "labelSelector": { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + } + } + }, + "com.github.openshift.api.build.v1.CustomBuildStrategy": { + "description": "CustomBuildStrategy defines input parameters specific to Custom build.", + "type": "object", + "required": [ + "from" + ], + "properties": { + "buildAPIVersion": { + "description": "buildAPIVersion is the requested API version for the Build object serialized and passed to the custom builder", "type": "string" }, - "limit": { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "type": "integer", - "format": "int64" - }, - "resourceVersion": { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "type": "string" + "env": { + "description": "env contains additional environment variables you want to pass into a builder container.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + } }, - "resourceVersionMatch": { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "type": "string" + "exposeDockerSocket": { + "description": "exposeDockerSocket will allow running Docker commands (and build container images) from inside the container.", + "type": "boolean" }, - "sendInitialEvents": { - "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "forcePull": { + "description": "forcePull describes if the controller should configure the build pod to always pull the images for the builder or only pull if it is not present locally", "type": "boolean" }, - "timeoutSeconds": { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "type": "integer", - "format": "int64" + "from": { + "description": "from is reference to an DockerImage, ImageStreamTag, or ImageStreamImage from which the container image should be pulled", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" }, - "watch": { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "type": "boolean" + "pullSecret": { + "description": "pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "secrets": { + "description": "secrets is a list of additional secrets that will be included in the build pod", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.SecretSpec" + } } } }, - "LoadBalancerIngress.v1.core.api.k8s.io": { - "description": "LoadBalancerIngress represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.", + "com.github.openshift.api.build.v1.DockerBuildStrategy": { + "description": "DockerBuildStrategy defines input parameters specific to container image build.", "type": "object", "properties": { - "hostname": { - "description": "Hostname is set for load-balancer ingress points that are DNS based (typically AWS load-balancers)", - "type": "string" + "buildArgs": { + "description": "buildArgs contains build arguments that will be resolved in the Dockerfile. See https://docs.docker.com/engine/reference/builder/#/arg for more details. NOTE: Only the 'name' and 'value' fields are supported. Any settings on the 'valueFrom' field are ignored.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + } }, - "ip": { - "description": "IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers)", + "dockerfilePath": { + "description": "dockerfilePath is the path of the Dockerfile that will be used to build the container image, relative to the root of the context (contextDir). Defaults to `Dockerfile` if unset.", "type": "string" }, - "ipMode": { - "description": "IPMode specifies how the load-balancer IP behaves, and may only be specified when the ip field is specified. Setting this to \"VIP\" indicates that traffic is delivered to the node with the destination set to the load-balancer's IP and port. Setting this to \"Proxy\" indicates that traffic is delivered to the node or pod with the destination set to the node's IP and node port or the pod's IP and port. Service implementations may use this information to adjust traffic routing.", + "env": { + "description": "env contains additional environment variables you want to pass into a builder container.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + } + }, + "forcePull": { + "description": "forcePull describes if the builder should pull the images from registry prior to building.", + "type": "boolean" + }, + "from": { + "description": "from is a reference to an DockerImage, ImageStreamTag, or ImageStreamImage which overrides the FROM image in the Dockerfile for the build. If the Dockerfile uses multi-stage builds, this will replace the image in the last FROM directive of the file.", + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + }, + "imageOptimizationPolicy": { + "description": "imageOptimizationPolicy describes what optimizations the system can use when building images to reduce the final size or time spent building the image. The default policy is 'None' which means the final build image will be equivalent to an image created by the container image build API. The experimental policy 'SkipLayers' will avoid commiting new layers in between each image step, and will fail if the Dockerfile cannot provide compatibility with the 'None' policy. An additional experimental policy 'SkipLayersAndWarn' is the same as 'SkipLayers' but simply warns if compatibility cannot be preserved.", "type": "string" }, - "ports": { - "description": "Ports is a list of records of service ports If used, every port defined in the service should have an entry in it", + "noCache": { + "description": "noCache if set to true indicates that the container image build must be executed with the --no-cache=true flag", + "type": "boolean" + }, + "pullSecret": { + "description": "pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "volumes": { + "description": "volumes is a list of input volumes that can be mounted into the builds runtime environment. Only a subset of Kubernetes Volume sources are supported by builds. More info: https://kubernetes.io/docs/concepts/storage/volumes", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/PortStatus.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildVolume" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" } } }, - "LoadBalancerStatus.v1.core.api.k8s.io": { - "description": "LoadBalancerStatus represents the status of a load-balancer.", + "com.github.openshift.api.build.v1.DockerStrategyOptions": { + "description": "DockerStrategyOptions contains extra strategy options for container image builds", "type": "object", "properties": { - "ingress": { - "description": "Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points.", + "buildArgs": { + "description": "Args contains any build arguments that are to be passed to Docker. See https://docs.docker.com/engine/reference/builder/#/arg for more details", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/LoadBalancerIngress.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + } + }, + "noCache": { + "description": "noCache overrides the docker-strategy noCache option in the build config", + "type": "boolean" } } }, - "LocalObjectReference.v1.core.api.k8s.io": { - "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", + "com.github.openshift.api.build.v1.GenericWebHookCause": { + "description": "GenericWebHookCause holds information about a generic WebHook that triggered a build.", "type": "object", "properties": { - "name": { - "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string", - "default": "" + "revision": { + "description": "revision is an optional field that stores the git source revision information of the generic webhook trigger when it is available.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" + }, + "secret": { + "description": "secret is the obfuscated webhook secret that triggered a build.", + "type": "string" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "LocalSubjectAccessReview.v1.authorization.api.k8s.io": { - "description": "LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.", + "com.github.openshift.api.build.v1.GenericWebHookEvent": { + "description": "GenericWebHookEvent is the payload expected for a generic webhook post", "type": "object", - "required": [ - "spec" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "dockerStrategyOptions": { + "description": "dockerStrategyOptions contains additional docker-strategy specific options for the build", + "$ref": "#/definitions/com.github.openshift.api.build.v1.DockerStrategyOptions" }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "env": { + "description": "env contains additional environment variables you want to pass into a builder container. ValueFrom is not supported.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + } }, - "spec": { - "description": "Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace you made the request against. If empty, it is defaulted.", - "default": {}, - "$ref": "#/definitions/SubjectAccessReviewSpec.v1.authorization.api.k8s.io" + "git": { + "description": "git is the git information if the Type is BuildSourceGit", + "$ref": "#/definitions/com.github.openshift.api.build.v1.GitInfo" }, - "status": { - "description": "Status is filled in by the server and indicates whether the request is allowed or not", - "default": {}, - "$ref": "#/definitions/SubjectAccessReviewStatus.v1.authorization.api.k8s.io" + "type": { + "description": "type is the type of source repository", + "type": "string" } } }, - "LocalVolumeSource.v1.core.api.k8s.io": { - "description": "Local represents directly-attached storage with node affinity", + "com.github.openshift.api.build.v1.GitBuildSource": { + "description": "GitBuildSource defines the parameters of a Git SCM", "type": "object", "required": [ - "path" + "uri" ], "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. It applies only when the Path is a block device. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default value is to auto-select a filesystem if unspecified.", + "httpProxy": { + "description": "httpProxy is a proxy used to reach the git repository over http", "type": "string" }, - "path": { - "description": "path of the full path to the volume on the node. It can be either a directory or block device (disk, partition, ...).", + "httpsProxy": { + "description": "httpsProxy is a proxy used to reach the git repository over https", + "type": "string" + }, + "noProxy": { + "description": "noProxy is the list of domains for which the proxy should not be used", + "type": "string" + }, + "ref": { + "description": "ref is the branch/tag/ref to build.", + "type": "string" + }, + "uri": { + "description": "uri points to the source that will be built. The structure of the source will depend on the type of build to run", "type": "string", "default": "" } } }, - "ManagedFieldsEntry.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource that the fieldset applies to.", + "com.github.openshift.api.build.v1.GitHubWebHookCause": { + "description": "GitHubWebHookCause has information about a GitHub webhook that triggered a build.", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the version of this resource that this field set applies to. The format is \"group/version\" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.", + "revision": { + "description": "revision is the git revision information of the trigger.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" + }, + "secret": { + "description": "secret is the obfuscated webhook secret that triggered a build.", "type": "string" + } + } + }, + "com.github.openshift.api.build.v1.GitInfo": { + "description": "GitInfo is the aggregated git information for a generic webhook post", + "type": "object", + "required": [ + "uri", + "refs" + ], + "properties": { + "author": { + "description": "author is the author of a specific commit", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceControlUser" }, - "fieldsType": { - "description": "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"", + "commit": { + "description": "commit is the commit hash identifying a specific commit", "type": "string" }, - "fieldsV1": { - "description": "FieldsV1 holds the first JSON version format as described in the \"FieldsV1\" type.", - "$ref": "#/definitions/FieldsV1.v1.meta.apis.pkg.apimachinery.k8s.io" + "committer": { + "description": "committer is the committer of a specific commit", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceControlUser" }, - "manager": { - "description": "Manager is an identifier of the workflow managing these fields.", + "httpProxy": { + "description": "httpProxy is a proxy used to reach the git repository over http", "type": "string" }, - "operation": { - "description": "Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.", + "httpsProxy": { + "description": "httpsProxy is a proxy used to reach the git repository over https", "type": "string" }, - "subresource": { - "description": "Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource.", + "message": { + "description": "message is the description of a specific commit", "type": "string" }, - "time": { - "description": "Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "noProxy": { + "description": "noProxy is the list of domains for which the proxy should not be used", + "type": "string" + }, + "ref": { + "description": "ref is the branch/tag/ref to build.", + "type": "string" + }, + "refs": { + "description": "refs is a list of GitRefs for the provided repo - generally sent when used from a post-receive hook. This field is optional and is used when sending multiple refs", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.GitRefInfo" + } + }, + "uri": { + "description": "uri points to the source that will be built. The structure of the source will depend on the type of build to run", + "type": "string", + "default": "" } } }, - "MatchCondition.v1.admissionregistration.api.k8s.io": { - "description": "MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.", + "com.github.openshift.api.build.v1.GitLabWebHookCause": { + "description": "GitLabWebHookCause has information about a GitLab webhook that triggered a build.", "type": "object", - "required": [ - "name", - "expression" + "properties": { + "revision": { + "description": "revision is the git source revision information of the trigger.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" + }, + "secret": { + "description": "secret is the obfuscated webhook secret that triggered a build.", + "type": "string" + } + } + }, + "com.github.openshift.api.build.v1.GitRefInfo": { + "description": "GitRefInfo is a single ref", + "type": "object", + "required": [ + "uri" ], "properties": { - "expression": { - "description": "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\nRequired.", - "type": "string", - "default": "" + "author": { + "description": "author is the author of a specific commit", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceControlUser" }, - "name": { - "description": "Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\nRequired.", + "commit": { + "description": "commit is the commit hash identifying a specific commit", + "type": "string" + }, + "committer": { + "description": "committer is the committer of a specific commit", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceControlUser" + }, + "httpProxy": { + "description": "httpProxy is a proxy used to reach the git repository over http", + "type": "string" + }, + "httpsProxy": { + "description": "httpsProxy is a proxy used to reach the git repository over https", + "type": "string" + }, + "message": { + "description": "message is the description of a specific commit", + "type": "string" + }, + "noProxy": { + "description": "noProxy is the list of domains for which the proxy should not be used", + "type": "string" + }, + "ref": { + "description": "ref is the branch/tag/ref to build.", + "type": "string" + }, + "uri": { + "description": "uri points to the source that will be built. The structure of the source will depend on the type of build to run", "type": "string", "default": "" } } }, - "MatchResources.v1.admissionregistration.api.k8s.io": { - "description": "MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)", + "com.github.openshift.api.build.v1.GitSourceRevision": { + "description": "GitSourceRevision is the commit information from a git source for a build", "type": "object", "properties": { - "excludeResourceRules": { - "description": "ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/NamedRuleWithOperations.v1.admissionregistration.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "author": { + "description": "author is the author of a specific commit", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceControlUser" }, - "matchPolicy": { - "description": "matchPolicy defines how the \"MatchResources\" list is used to match incoming requests. Allowed values are \"Exact\" or \"Equivalent\".\n\n- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.\n\n- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.\n\nDefaults to \"Equivalent\"\n\nPossible enum values:\n - `\"Equivalent\"` means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version.\n - `\"Exact\"` means requests should only be sent to the webhook if they exactly match a given rule.", - "type": "string", - "enum": [ - "Equivalent", - "Exact" - ] + "commit": { + "description": "commit is the commit hash identifying a specific commit", + "type": "string" }, - "namespaceSelector": { - "description": "NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"runlevel\",\n \"operator\": \"NotIn\",\n \"values\": [\n \"0\",\n \"1\"\n ]\n }\n ]\n}\n\nIf instead you want to only run the policy on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"environment\",\n \"operator\": \"In\",\n \"values\": [\n \"prod\",\n \"staging\"\n ]\n }\n ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything.", - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + "committer": { + "description": "committer is the committer of a specific commit", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceControlUser" }, - "objectSelector": { - "description": "ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.", - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + "message": { + "description": "message is the description of a specific commit", + "type": "string" + } + } + }, + "com.github.openshift.api.build.v1.ImageChangeCause": { + "description": "ImageChangeCause contains information about the image that triggered a build", + "type": "object", + "properties": { + "fromRef": { + "description": "fromRef contains detailed information about an image that triggered a build.", + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" }, - "resourceRules": { - "description": "ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/NamedRuleWithOperations.v1.admissionregistration.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "imageID": { + "description": "imageID is the ID of the image that triggered a new build.", + "type": "string" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "MicroTime.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "MicroTime is version of Time with microsecond level precision.", - "type": "string", - "format": "date-time" + "com.github.openshift.api.build.v1.ImageChangeTrigger": { + "description": "ImageChangeTrigger allows builds to be triggered when an ImageStream changes", + "type": "object", + "properties": { + "from": { + "description": "from is a reference to an ImageStreamTag that will trigger a build when updated It is optional. If no From is specified, the From image from the build strategy will be used. Only one ImageChangeTrigger with an empty From reference is allowed in a build configuration.", + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + }, + "lastTriggeredImageID": { + "description": "lastTriggeredImageID is used internally by the ImageChangeController to save last used image ID for build This field is deprecated and will be removed in a future release. Deprecated", + "type": "string" + }, + "paused": { + "description": "paused is true if this trigger is temporarily disabled. Optional.", + "type": "boolean" + } + } }, - "ModifyVolumeStatus.v1.core.api.k8s.io": { - "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation", + "com.github.openshift.api.build.v1.ImageChangeTriggerStatus": { + "description": "ImageChangeTriggerStatus tracks the latest resolved status of the associated ImageChangeTrigger policy specified in the BuildConfigSpec.Triggers struct.", + "type": "object", + "properties": { + "from": { + "description": "from is the ImageStreamTag that is the source of the trigger.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageStreamTagReference" + }, + "lastTriggerTime": { + "description": "lastTriggerTime is the last time this particular ImageStreamTag triggered a Build to start. This field is only updated when this trigger specifically started a Build.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "lastTriggeredImageID": { + "description": "lastTriggeredImageID represents the sha/id of the ImageStreamTag when a Build for this BuildConfig was started. The lastTriggeredImageID is updated each time a Build for this BuildConfig is started, even if this ImageStreamTag is not the reason the Build is started.", + "type": "string" + } + } + }, + "com.github.openshift.api.build.v1.ImageLabel": { + "description": "ImageLabel represents a label applied to the resulting image.", "type": "object", "required": [ - "status" + "name" ], "properties": { - "status": { - "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.\n\nPossible enum values:\n - `\"InProgress\"` InProgress indicates that the volume is being modified\n - `\"Infeasible\"` Infeasible indicates that the request has been rejected as invalid by the CSI driver. To resolve the error, a valid VolumeAttributesClass needs to be specified\n - `\"Pending\"` Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as the specified VolumeAttributesClass not existing", + "name": { + "description": "name defines the name of the label. It must have non-zero length.", "type": "string", - "default": "", - "enum": [ - "InProgress", - "Infeasible", - "Pending" - ] + "default": "" }, - "targetVolumeAttributesClassName": { - "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", + "value": { + "description": "value defines the literal value of the label.", "type": "string" } } }, - "MutatingWebhook.v1.admissionregistration.api.k8s.io": { - "description": "MutatingWebhook describes an admission webhook and the resources and operations it applies to.", + "com.github.openshift.api.build.v1.ImageSource": { + "description": "ImageSource is used to describe build source that will be extracted from an image or used during a multi stage build. A reference of type ImageStreamTag, ImageStreamImage or DockerImage may be used. A pull secret can be specified to pull the image from an external registry or override the default service account secret if pulling from the internal registry. Image sources can either be used to extract content from an image and place it into the build context along with the repository source, or used directly during a multi-stage container image build to allow content to be copied without overwriting the contents of the repository source (see the 'paths' and 'as' fields).", "type": "object", "required": [ - "name", - "clientConfig", - "sideEffects", - "admissionReviewVersions" + "from" ], "properties": { - "admissionReviewVersions": { - "description": "AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.", + "as": { + "description": "A list of image names that this source will be used in place of during a multi-stage container image build. For instance, a Dockerfile that uses \"COPY --from=nginx:latest\" will first check for an image source that has \"nginx:latest\" in this field before attempting to pull directly. If the Dockerfile does not reference an image source it is ignored. This field and paths may both be set, in which case the contents will be used twice.", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } }, - "clientConfig": { - "description": "ClientConfig defines how to communicate with the hook. Required", + "from": { + "description": "from is a reference to an ImageStreamTag, ImageStreamImage, or DockerImage to copy source from.", "default": {}, - "$ref": "#/definitions/WebhookClientConfig.v1.admissionregistration.api.k8s.io" + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" }, - "failurePolicy": { - "description": "FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.\n\nPossible enum values:\n - `\"Fail\"` means that an error calling the webhook causes the admission to fail.\n - `\"Ignore\"` means that an error calling the webhook is ignored.", - "type": "string", - "enum": [ - "Fail", - "Ignore" - ] - }, - "matchConditions": { - "description": "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n 1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n 2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n 3. If any matchCondition evaluates to an error (but none are FALSE):\n - If failurePolicy=Fail, reject the request\n - If failurePolicy=Ignore, the error is ignored and the webhook is skipped", + "paths": { + "description": "paths is a list of source and destination paths to copy from the image. This content will be copied into the build context prior to starting the build. If no paths are set, the build context will not be altered.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/MatchCondition.v1.admissionregistration.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" - }, - "matchPolicy": { - "description": "matchPolicy defines how the \"rules\" list is used to match incoming requests. Allowed values are \"Exact\" or \"Equivalent\".\n\n- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.\n\n- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.\n\nDefaults to \"Equivalent\"\n\nPossible enum values:\n - `\"Equivalent\"` means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version.\n - `\"Exact\"` means requests should only be sent to the webhook if they exactly match a given rule.", - "type": "string", - "enum": [ - "Equivalent", - "Exact" - ] + "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageSourcePath" + } }, - "name": { - "description": "The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where \"imagepolicy\" is the name of the webhook, and kubernetes.io is the name of the organization. Required.", + "pullSecret": { + "description": "pullSecret is a reference to a secret to be used to pull the image from a registry If the image is pulled from the OpenShift registry, this field does not need to be set.", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + } + } + }, + "com.github.openshift.api.build.v1.ImageSourcePath": { + "description": "ImageSourcePath describes a path to be copied from a source image and its destination within the build directory.", + "type": "object", + "required": [ + "sourcePath", + "destinationDir" + ], + "properties": { + "destinationDir": { + "description": "destinationDir is the relative directory within the build directory where files copied from the image are placed.", "type": "string", "default": "" }, - "namespaceSelector": { - "description": "NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"runlevel\",\n \"operator\": \"NotIn\",\n \"values\": [\n \"0\",\n \"1\"\n ]\n }\n ]\n}\n\nIf instead you want to only run the webhook on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"environment\",\n \"operator\": \"In\",\n \"values\": [\n \"prod\",\n \"staging\"\n ]\n }\n ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything.", - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "objectSelector": { - "description": "ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.", - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "reinvocationPolicy": { - "description": "reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are \"Never\" and \"IfNeeded\".\n\nNever: the webhook will not be called more than once in a single admission evaluation.\n\nIfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.\n\nDefaults to \"Never\".\n\nPossible enum values:\n - `\"IfNeeded\"` indicates that the mutation may be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial mutation call.\n - `\"Never\"` indicates that the mutation must not be called more than once in a single admission evaluation.", + "sourcePath": { + "description": "sourcePath is the absolute path of the file or directory inside the image to copy to the build directory. If the source path ends in /. then the content of the directory will be copied, but the directory itself will not be created at the destination.", "type": "string", - "enum": [ - "IfNeeded", - "Never" - ] + "default": "" + } + } + }, + "com.github.openshift.api.build.v1.ImageStreamTagReference": { + "description": "ImageStreamTagReference references the ImageStreamTag in an image change trigger by namespace and name.", + "type": "object", + "properties": { + "name": { + "description": "name is the name of the ImageStreamTag for an ImageChangeTrigger", + "type": "string" }, - "rules": { - "description": "Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.", + "namespace": { + "description": "namespace is the namespace where the ImageStreamTag for an ImageChangeTrigger is located", + "type": "string" + } + } + }, + "com.github.openshift.api.build.v1.JenkinsPipelineBuildStrategy": { + "description": "JenkinsPipelineBuildStrategy holds parameters specific to a Jenkins Pipeline build. Deprecated: use OpenShift Pipelines", + "type": "object", + "properties": { + "env": { + "description": "env contains additional environment variables you want to pass into a build pipeline.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/RuleWithOperations.v1.admissionregistration.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + } }, - "sideEffects": { - "description": "SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.\n\nPossible enum values:\n - `\"None\"` means that calling the webhook will have no side effects.\n - `\"NoneOnDryRun\"` means that calling the webhook will possibly have side effects, but if the request being reviewed has the dry-run attribute, the side effects will be suppressed.\n - `\"Some\"` means that calling the webhook will possibly have side effects. If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.\n - `\"Unknown\"` means that no information is known about the side effects of calling the webhook. If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.", - "type": "string", - "enum": [ - "None", - "NoneOnDryRun", - "Some", - "Unknown" - ] + "jenkinsfile": { + "description": "jenkinsfile defines the optional raw contents of a Jenkinsfile which defines a Jenkins pipeline build.", + "type": "string" }, - "timeoutSeconds": { - "description": "TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.", - "type": "integer", - "format": "int32" + "jenkinsfilePath": { + "description": "jenkinsfilePath is the optional path of the Jenkinsfile that will be used to configure the pipeline relative to the root of the context (contextDir). If both JenkinsfilePath & Jenkinsfile are both not specified, this defaults to Jenkinsfile in the root of the specified contextDir.", + "type": "string" } } }, - "MutatingWebhookConfiguration.v1.admissionregistration.api.k8s.io": { - "description": "MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.", + "com.github.openshift.api.build.v1.ProxyConfig": { + "description": "ProxyConfig defines what proxies to use for an operation", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "httpProxy": { + "description": "httpProxy is a proxy used to reach the git repository over http", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "httpsProxy": { + "description": "httpsProxy is a proxy used to reach the git repository over https", "type": "string" }, - "metadata": { - "description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "webhooks": { - "description": "Webhooks is a list of webhooks and the affected resources and operations.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/MutatingWebhook.v1.admissionregistration.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" + "noProxy": { + "description": "noProxy is the list of domains for which the proxy should not be used", + "type": "string" } } }, - "MutatingWebhookConfigurationList.v1.admissionregistration.api.k8s.io": { - "description": "MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration.", + "com.github.openshift.api.build.v1.SecretBuildSource": { + "description": "SecretBuildSource describes a secret and its destination directory that will be used only at the build time. The content of the secret referenced here will be copied into the destination directory instead of mounting.", "type": "object", "required": [ - "items" + "secret" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of MutatingWebhookConfiguration.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/MutatingWebhookConfiguration.v1.admissionregistration.api.k8s.io" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "destinationDir": { + "description": "destinationDir is the directory where the files from the secret should be available for the build time. For the Source build strategy, these will be injected into a container where the assemble script runs. Later, when the script finishes, all files injected will be truncated to zero length. For the container image build strategy, these will be copied into the build directory, where the Dockerfile is located, so users can ADD or COPY them during container image build.", "type": "string" }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "secret": { + "description": "secret is a reference to an existing secret that you want to use in your build.", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" } } }, - "NFSVolumeSource.v1.core.api.k8s.io": { - "description": "Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling.", + "com.github.openshift.api.build.v1.SecretLocalReference": { + "description": "SecretLocalReference contains information that points to the local secret being used", "type": "object", "required": [ - "server", - "path" + "name" ], "properties": { - "path": { - "description": "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "name": { + "description": "name is the name of the resource in the same namespace being referenced", "type": "string", "default": "" - }, - "readOnly": { - "description": "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "boolean" - }, - "server": { - "description": "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + } + } + }, + "com.github.openshift.api.build.v1.SecretSpec": { + "description": "SecretSpec specifies a secret to be included in a build pod and its corresponding mount point", + "type": "object", + "required": [ + "secretSource", + "mountPath" + ], + "properties": { + "mountPath": { + "description": "mountPath is the path at which to mount the secret", "type": "string", "default": "" + }, + "secretSource": { + "description": "secretSource is a reference to the secret", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" } } }, - "NamedRuleWithOperations.v1.admissionregistration.api.k8s.io": { - "description": "NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames.", + "com.github.openshift.api.build.v1.SourceBuildStrategy": { + "description": "SourceBuildStrategy defines input parameters specific to an Source build.", "type": "object", + "required": [ + "from" + ], "properties": { - "apiGroups": { - "description": "APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.", + "env": { + "description": "env contains additional environment variables you want to pass into a builder container.", "type": "array", "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + } }, - "apiVersions": { - "description": "APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "forcePull": { + "description": "forcePull describes if the builder should pull the images from registry prior to building.", + "type": "boolean" }, - "operations": { - "description": "Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.", - "type": "array", - "items": { - "type": "string", - "default": "", - "enum": [ - "*", - "CONNECT", - "CREATE", - "DELETE", - "UPDATE" - ] - }, - "x-kubernetes-list-type": "atomic" + "from": { + "description": "from is reference to an DockerImage, ImageStreamTag, or ImageStreamImage from which the container image should be pulled", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" }, - "resourceNames": { - "description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "incremental": { + "description": "incremental flag forces the Source build to do incremental builds if true.", + "type": "boolean" }, - "resources": { - "description": "Resources is a list of resources this rule applies to.\n\nFor example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.\n\nIf wildcard is present, the validation rule will ensure resources do not overlap with each other.\n\nDepending on the enclosing object, subresources might not be allowed. Required.", + "pullSecret": { + "description": "pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "scripts": { + "description": "scripts is the location of Source scripts", + "type": "string" + }, + "volumes": { + "description": "volumes is a list of input volumes that can be mounted into the builds runtime environment. Only a subset of Kubernetes Volume sources are supported by builds. More info: https://kubernetes.io/docs/concepts/storage/volumes", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildVolume" }, - "x-kubernetes-list-type": "atomic" - }, - "scope": { - "description": "scope specifies the scope of this rule. Valid values are \"Cluster\", \"Namespaced\", and \"*\" \"Cluster\" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. \"Namespaced\" means that only namespaced resources will match this rule. \"*\" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is \"*\".\n\n\nPossible enum values:\n - `\"*\"` means that all scopes are included.\n - `\"Cluster\"` means that scope is limited to cluster-scoped objects. Namespace objects are cluster-scoped.\n - `\"Namespaced\"` means that scope is limited to namespaced objects.", - "type": "string", - "enum": [ - "*", - "Cluster", - "Namespaced" - ] + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "Namespace.v1.core.api.k8s.io": { - "description": "Namespace provides a scope for Names. Use of multiple namespaces is optional.", + "com.github.openshift.api.build.v1.SourceControlUser": { + "description": "SourceControlUser defines the identity of a user of source control", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "email": { + "description": "email of the source control user", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "name": { + "description": "name of the source control user", "type": "string" - }, - "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "Spec defines the behavior of the Namespace. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "default": {}, - "$ref": "#/definitions/NamespaceSpec.v1.core.api.k8s.io" - }, - "status": { - "description": "Status describes the current status of a Namespace. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "default": {}, - "$ref": "#/definitions/NamespaceStatus.v1.core.api.k8s.io" } } }, - "NamespaceCondition.v1.core.api.k8s.io": { - "description": "NamespaceCondition contains details about state of namespace.", + "com.github.openshift.api.build.v1.SourceRevision": { + "description": "SourceRevision is the revision or commit information from the source for the build", "type": "object", "required": [ - "type", - "status" + "type" ], "properties": { - "lastTransitionTime": { - "description": "Last time the condition transitioned from one status to another.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "message": { - "description": "Human-readable message indicating details about last transition.", - "type": "string" - }, - "reason": { - "description": "Unique, one-word, CamelCase reason for the condition's last transition.", - "type": "string" - }, - "status": { - "description": "Status of the condition, one of True, False, Unknown.", - "type": "string", - "default": "" + "git": { + "description": "git contains information about git-based build source", + "$ref": "#/definitions/com.github.openshift.api.build.v1.GitSourceRevision" }, "type": { - "description": "Type of namespace controller condition.", + "description": "type of the build source, may be one of 'Source', 'Dockerfile', 'Binary', or 'Images'", "type": "string", "default": "" } } }, - "NamespaceList.v1.core.api.k8s.io": { - "description": "NamespaceList is a list of Namespaces.", + "com.github.openshift.api.build.v1.SourceStrategyOptions": { + "description": "SourceStrategyOptions contains extra strategy options for Source builds", "type": "object", - "required": [ - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "incremental": { + "description": "incremental overrides the source-strategy incremental option in the build config", + "type": "boolean" + } + } + }, + "com.github.openshift.api.build.v1.StageInfo": { + "description": "StageInfo contains details about a build stage.", + "type": "object", + "properties": { + "durationMilliseconds": { + "description": "durationMilliseconds identifies how long the stage took to complete in milliseconds. Note: the duration of a stage can exceed the sum of the duration of the steps within the stage as not all actions are accounted for in explicit build steps.", + "type": "integer", + "format": "int64" + }, + "name": { + "description": "name is a unique identifier for each build stage that occurs.", "type": "string" }, - "items": { - "description": "Items is the list of Namespace objects in the list. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "startTime": { + "description": "startTime is a timestamp representing the server time when this Stage started. It is represented in RFC3339 form and is in UTC.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "steps": { + "description": "steps contains details about each step that occurs during a build stage including start time and duration in milliseconds.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Namespace.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.build.v1.StepInfo" } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "NamespaceSpec.v1.core.api.k8s.io": { - "description": "NamespaceSpec describes the attributes on a Namespace.", + "com.github.openshift.api.build.v1.StepInfo": { + "description": "StepInfo contains details about a build step.", "type": "object", "properties": { - "finalizers": { - "description": "Finalizers is an opaque list of values that must be empty to permanently remove object from storage. More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "durationMilliseconds": { + "description": "durationMilliseconds identifies how long the step took to complete in milliseconds.", + "type": "integer", + "format": "int64" + }, + "name": { + "description": "name is a unique identifier for each build step.", + "type": "string" + }, + "startTime": { + "description": "startTime is a timestamp representing the server time when this Step started. it is represented in RFC3339 form and is in UTC.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" } } }, - "NamespaceStatus.v1.core.api.k8s.io": { - "description": "NamespaceStatus is information about the current status of a Namespace.", + "com.github.openshift.api.build.v1.WebHookTrigger": { + "description": "WebHookTrigger is a trigger that gets invoked using a webhook type of post", "type": "object", "properties": { - "conditions": { - "description": "Represents the latest available observations of a namespace's current state.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/NamespaceCondition.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + "allowEnv": { + "description": "allowEnv determines whether the webhook can set environment variables; can only be set to true for GenericWebHook.", + "type": "boolean" }, - "phase": { - "description": "Phase is the current lifecycle phase of the namespace. More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/\n\nPossible enum values:\n - `\"Active\"` means the namespace is available for use in the system\n - `\"Terminating\"` means the namespace is undergoing graceful termination", - "type": "string", - "enum": [ - "Active", - "Terminating" - ] + "secret": { + "description": "secret used to validate requests. Deprecated: use SecretReference instead.", + "type": "string" + }, + "secretReference": { + "description": "secretReference is a reference to a secret in the same namespace, containing the value to be validated when the webhook is invoked. The secret being referenced must contain a key named \"WebHookSecretKey\", the value of which will be checked against the value supplied in the webhook invocation.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.SecretLocalReference" } } }, - "Node.v1.core.api.k8s.io": { - "description": "Node is a worker node in Kubernetes. Each node will have a unique identifier in the cache (i.e. in etcd).", + "com.github.openshift.api.cloudnetwork.v1.CloudPrivateIPConfig": { + "description": "CloudPrivateIPConfig performs an assignment of a private IP address to the primary NIC associated with cloud VMs. This is done by specifying the IP and Kubernetes node which the IP should be assigned to. This CRD is intended to be used by the network plugin which manages the cluster network. The spec side represents the desired state requested by the network plugin, and the status side represents the current state that this CRD's controller has executed. No users will have permission to modify it, and if a cluster-admin decides to edit it for some reason, their changes will be overwritten the next time the network plugin reconciles the object. Note: the CR's name must specify the requested private IP address (can be IPv4 or IPv6).\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -4692,154 +4205,120 @@ "type": "string" }, "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "Spec defines the behavior of a node. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "description": "spec is the definition of the desired private IP request.", "default": {}, - "$ref": "#/definitions/NodeSpec.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.cloudnetwork.v1.CloudPrivateIPConfigSpec" }, "status": { - "description": "Most recently observed status of the node. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "description": "status is the observed status of the desired private IP request. Read-only.", "default": {}, - "$ref": "#/definitions/NodeStatus.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.cloudnetwork.v1.CloudPrivateIPConfigStatus" } } }, - "NodeAddress.v1.core.api.k8s.io": { - "description": "NodeAddress contains information for the node's address.", + "com.github.openshift.api.cloudnetwork.v1.CloudPrivateIPConfigSpec": { + "description": "CloudPrivateIPConfigSpec consists of a node name which the private IP should be assigned to.", "type": "object", - "required": [ - "type", - "address" - ], "properties": { - "address": { - "description": "The node address.", - "type": "string", - "default": "" - }, - "type": { - "description": "Node address type, one of Hostname, ExternalIP or InternalIP.", + "node": { + "description": "node is the node name, as specified by the Kubernetes field: node.metadata.name", "type": "string", "default": "" } } }, - "NodeAffinity.v1.core.api.k8s.io": { - "description": "Node affinity is a group of node affinity scheduling rules.", + "com.github.openshift.api.cloudnetwork.v1.CloudPrivateIPConfigStatus": { + "description": "CloudPrivateIPConfigStatus specifies the node assignment together with its assignment condition.", "type": "object", + "required": [ + "conditions" + ], "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + "conditions": { + "description": "condition is the assignment condition of the private IP and its status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/PreferredSchedulingTerm.v1.core.api.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", - "$ref": "#/definitions/NodeSelector.v1.core.api.k8s.io" + "node": { + "description": "node is the node name, as specified by the Kubernetes field: node.metadata.name", + "type": "string", + "default": "" } } }, - "NodeCondition.v1.core.api.k8s.io": { - "description": "NodeCondition contains condition information for a node.", + "com.github.openshift.api.config.v1.APIServer": { + "description": "APIServer holds configuration (like serving certificates, client CA and CORS domains) shared by all API servers in the system, among them especially kube-apiserver and openshift-apiserver. The canonical name of an instance is 'cluster'.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "type", - "status" + "spec" ], "properties": { - "lastHeartbeatTime": { - "description": "Last time we got an update on a given condition.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "lastTransitionTime": { - "description": "Last time the condition transit from one status to another.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "message": { - "description": "Human readable message indicating details about last transition.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "reason": { - "description": "(brief) reason for the condition's last transition.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "status": { - "description": "Status of the condition, one of True, False, Unknown.", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "type": { - "description": "Type of node condition.", - "type": "string", - "default": "" - } - } - }, - "NodeConfigSource.v1.core.api.k8s.io": { - "description": "NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22", - "type": "object", - "properties": { - "configMap": { - "description": "ConfigMap is a reference to a Node's ConfigMap", - "$ref": "#/definitions/ConfigMapNodeConfigSource.v1.core.api.k8s.io" + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.APIServerSpec" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.APIServerStatus" } } }, - "NodeConfigStatus.v1.core.api.k8s.io": { - "description": "NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource.", + "com.github.openshift.api.config.v1.APIServerEncryption": { + "description": "APIServerEncryption is used to encrypt sensitive resources on the cluster.", "type": "object", "properties": { - "active": { - "description": "Active reports the checkpointed config the node is actively using. Active will represent either the current version of the Assigned config, or the current LastKnownGood config, depending on whether attempting to use the Assigned config results in an error.", - "$ref": "#/definitions/NodeConfigSource.v1.core.api.k8s.io" - }, - "assigned": { - "description": "Assigned reports the checkpointed config the node will try to use. When Node.Spec.ConfigSource is updated, the node checkpoints the associated config payload to local disk, along with a record indicating intended config. The node refers to this record to choose its config checkpoint, and reports this record in Assigned. Assigned only updates in the status after the record has been checkpointed to disk. When the Kubelet is restarted, it tries to make the Assigned config the Active config by loading and validating the checkpointed payload identified by Assigned.", - "$ref": "#/definitions/NodeConfigSource.v1.core.api.k8s.io" + "kms": { + "description": "kms defines the configuration for the external KMS instance that manages the encryption keys, when KMS encryption is enabled sensitive resources will be encrypted using keys managed by an externally configured KMS instance.\n\nThe Key Management Service (KMS) instance provides symmetric encryption and is responsible for managing the lifecyle of the encryption keys outside of the control plane. This allows integration with an external provider to manage the data encryption keys securely.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.KMSConfig" }, - "error": { - "description": "Error describes any problems reconciling the Spec.ConfigSource to the Active config. Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting to load or validate the Assigned config, etc. Errors may occur at different points while syncing config. Earlier errors (e.g. download or checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error by fixing the config assigned in Spec.ConfigSource. You can find additional information for debugging by searching the error message in the Kubelet log. Error is a human-readable description of the error state; machines can check whether or not Error is empty, but should not rely on the stability of the Error text across Kubelet versions.", + "type": { + "description": "type defines what encryption type should be used to encrypt resources at the datastore layer. When this field is unset (i.e. when it is set to the empty string), identity is implied. The behavior of unset can and will change over time. Even if encryption is enabled by default, the meaning of unset may change to a different encryption type based on changes in best practices.\n\nWhen encryption is enabled, all sensitive resources shipped with the platform are encrypted. This list of sensitive resources can and will change over time. The current authoritative list is:\n\n 1. secrets\n 2. configmaps\n 3. routes.route.openshift.io\n 4. oauthaccesstokens.oauth.openshift.io\n 5. oauthauthorizetokens.oauth.openshift.io", "type": "string" - }, - "lastKnownGood": { - "description": "LastKnownGood reports the checkpointed config the node will fall back to when it encounters an error attempting to use the Assigned config. The Assigned config becomes the LastKnownGood config when the node determines that the Assigned config is stable and correct. This is currently implemented as a 10-minute soak period starting when the local record of Assigned config is updated. If the Assigned config is Active at the end of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, because the local default config is always assumed good. You should not make assumptions about the node's method of determining config stability and correctness, as this may change or become configurable in the future.", - "$ref": "#/definitions/NodeConfigSource.v1.core.api.k8s.io" - } - } - }, - "NodeDaemonEndpoints.v1.core.api.k8s.io": { - "description": "NodeDaemonEndpoints lists ports opened by daemons running on the Node.", - "type": "object", - "properties": { - "kubeletEndpoint": { - "description": "Endpoint on which Kubelet is listening.", - "default": {}, - "$ref": "#/definitions/DaemonEndpoint.v1.core.api.k8s.io" } - } - }, - "NodeFeatures.v1.core.api.k8s.io": { - "description": "NodeFeatures describes the set of features implemented by the CRI implementation. The features contained in the NodeFeatures should depend only on the cri implementation independent of runtime handlers.", - "type": "object", - "properties": { - "supplementalGroupsPolicy": { - "description": "SupplementalGroupsPolicy is set to true if the runtime supports SupplementalGroupsPolicy and ContainerUser.", - "type": "boolean" + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "kms": "KMS" + } } - } + ] }, - "NodeList.v1.core.api.k8s.io": { - "description": "NodeList is the whole list of all Nodes which have been registered with master.", + "com.github.openshift.api.config.v1.APIServerList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -4848,11 +4327,10 @@ "type": "string" }, "items": { - "description": "List of nodes", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Node.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.APIServer" } }, "kind": { @@ -4860,722 +4338,751 @@ "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "NodeProxyOptions.v1.core.api.k8s.io": { - "description": "NodeProxyOptions is the query options to a Node's proxy call.", + "com.github.openshift.api.config.v1.APIServerNamedServingCert": { + "description": "APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate.", "type": "object", + "required": [ + "servingCertificate" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "names": { + "description": "names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "path": { - "description": "Path is the URL path to use for the current proxy request to node.", - "type": "string" + "servingCertificate": { + "description": "servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. The secret must exist in the openshift-config namespace and contain the following required fields: - Secret.Data[\"tls.key\"] - TLS private key. - Secret.Data[\"tls.crt\"] - TLS certificate.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" } } }, - "NodeRuntimeHandler.v1.core.api.k8s.io": { - "description": "NodeRuntimeHandler is a set of runtime handler information.", + "com.github.openshift.api.config.v1.APIServerServingCerts": { "type": "object", "properties": { - "features": { - "description": "Supported features.", - "$ref": "#/definitions/NodeRuntimeHandlerFeatures.v1.core.api.k8s.io" - }, - "name": { - "description": "Runtime handler name. Empty for the default runtime handler.", - "type": "string", - "default": "" + "namedCertificates": { + "description": "namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. If no named certificates are provided, or no named certificates match the server name as understood by a client, the defaultServingCertificate will be used.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.APIServerNamedServingCert" + }, + "x-kubernetes-list-type": "atomic" } } }, - "NodeRuntimeHandlerFeatures.v1.core.api.k8s.io": { - "description": "NodeRuntimeHandlerFeatures is a set of features implemented by the runtime handler.", + "com.github.openshift.api.config.v1.APIServerSpec": { "type": "object", "properties": { - "recursiveReadOnlyMounts": { - "description": "RecursiveReadOnlyMounts is set to true if the runtime handler supports RecursiveReadOnlyMounts.", - "type": "boolean" + "additionalCORSAllowedOrigins": { + "description": "additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth server from JavaScript applications. The values are regular expressions that correspond to the Golang regular expression language.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "userNamespaces": { - "description": "UserNamespaces is set to true if the runtime handler supports UserNamespaces, including for volumes.", - "type": "boolean" + "audit": { + "description": "audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.Audit" + }, + "clientCA": { + "description": "clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. You usually only have to set this if you have your own PKI you wish to honor client certificates from. The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - ConfigMap.Data[\"ca-bundle.crt\"] - CA bundle.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + }, + "encryption": { + "description": "encryption allows the configuration of encryption of resources at the datastore layer.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.APIServerEncryption" + }, + "servingCerts": { + "description": "servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates will be used for serving secure traffic.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.APIServerServingCerts" + }, + "tlsSecurityProfile": { + "description": "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers.\n\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is the Intermediate profile.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.TLSSecurityProfile" } } }, - "NodeSelector.v1.core.api.k8s.io": { - "description": "A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.", + "com.github.openshift.api.config.v1.APIServerStatus": { + "type": "object" + }, + "com.github.openshift.api.config.v1.AWSDNSSpec": { + "description": "AWSDNSSpec contains DNS configuration specific to the Amazon Web Services cloud provider.", + "type": "object", + "properties": { + "privateZoneIAMRole": { + "description": "privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed.\n\nThe ARN must follow the format: arn::iam:::role/, where: is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc), is a 12-digit numeric identifier for the AWS account, is the IAM role name.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.AWSIngressSpec": { + "description": "AWSIngressSpec holds the desired state of the Ingress for Amazon Web Services infrastructure provider. This only includes fields that can be modified in the cluster.", "type": "object", "required": [ - "nodeSelectorTerms" + "type" ], "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/NodeSelectorTerm.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "type": { + "description": "type allows user to set a load balancer type. When this field is set the default ingresscontroller will get created using the specified LBType. If this field is not set then the default ingress controller of LBType Classic will be created. Valid values are:\n\n* \"Classic\": A Classic Load Balancer that makes routing decisions at either\n the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See\n the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb\n\n* \"NLB\": A Network Load Balancer that makes routing decisions at the\n transport layer (TCP/SSL). See the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb", + "type": "string", + "default": "" } }, - "x-kubernetes-map-type": "atomic" + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": {} + } + ] }, - "NodeSelectorRequirement.v1.core.api.k8s.io": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "com.github.openshift.api.config.v1.AWSKMSConfig": { + "description": "AWSKMSConfig defines the KMS config specific to AWS KMS provider", "type": "object", "required": [ - "key", - "operator" + "keyARN", + "region" ], "properties": { - "key": { - "description": "The label key that the selector applies to.", + "keyARN": { + "description": "keyARN specifies the Amazon Resource Name (ARN) of the AWS KMS key used for encryption. The value must adhere to the format `arn:aws:kms:::key/`, where: - `` is the AWS region consisting of lowercase letters and hyphens followed by a number. - `` is a 12-digit numeric identifier for the AWS account. - `` is a unique identifier for the KMS key, consisting of lowercase hexadecimal characters and hyphens.", "type": "string", "default": "" }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.\n\nPossible enum values:\n - `\"DoesNotExist\"`\n - `\"Exists\"`\n - `\"Gt\"`\n - `\"In\"`\n - `\"Lt\"`\n - `\"NotIn\"`", + "region": { + "description": "region specifies the AWS region where the KMS instance exists, and follows the format `--`, e.g.: `us-east-1`. Only lowercase letters and hyphens followed by numbers are allowed.", "type": "string", - "default": "", - "enum": [ - "DoesNotExist", - "Exists", - "Gt", - "In", - "Lt", - "NotIn" - ] - }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "default": "" } } }, - "NodeSelectorTerm.v1.core.api.k8s.io": { - "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "com.github.openshift.api.config.v1.AWSPlatformSpec": { + "description": "AWSPlatformSpec holds the desired state of the Amazon Web Services infrastructure provider. This only includes fields that can be modified in the cluster.", "type": "object", "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/NodeSelectorRequirement.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" - }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", + "serviceEndpoints": { + "description": "serviceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/NodeSelectorRequirement.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSServiceEndpoint" }, "x-kubernetes-list-type": "atomic" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "NodeSpec.v1.core.api.k8s.io": { - "description": "NodeSpec describes the attributes that a node is created with.", + "com.github.openshift.api.config.v1.AWSPlatformStatus": { + "description": "AWSPlatformStatus holds the current status of the Amazon Web Services infrastructure provider.", "type": "object", + "required": [ + "region" + ], "properties": { - "configSource": { - "description": "Deprecated: Previously used to specify the source of the node's configuration for the DynamicKubeletConfig feature. This feature is removed.", - "$ref": "#/definitions/NodeConfigSource.v1.core.api.k8s.io" + "cloudLoadBalancerConfig": { + "description": "cloudLoadBalancerConfig holds configuration related to DNS and cloud load balancers. It allows configuration of in-cluster DNS as an alternative to the platform default DNS implementation. When using the ClusterHosted DNS type, Load Balancer IP addresses must be provided for the API and internal API load balancers as well as the ingress load balancer.", + "default": { + "dnsType": "PlatformDefault" + }, + "$ref": "#/definitions/com.github.openshift.api.config.v1.CloudLoadBalancerConfig" }, - "externalID": { - "description": "Deprecated. Not all kubelets will set this field. Remove field after 1.13. see: https://issues.k8s.io/61966", - "type": "string" + "ipFamily": { + "description": "ipFamily specifies the IP protocol family that should be used for AWS network resources. This controls whether AWS resources are created with IPv4-only, or dual-stack networking with IPv4 or IPv6 as the primary protocol family.", + "type": "string", + "default": "IPv4" }, - "podCIDR": { - "description": "PodCIDR represents the pod IP range assigned to the node.", - "type": "string" + "region": { + "description": "region holds the default AWS region for new AWS resources created by the cluster.", + "type": "string", + "default": "" }, - "podCIDRs": { - "description": "podCIDRs represents the IP ranges assigned to the node for usage by Pods on that node. If this field is specified, the 0th entry must match the podCIDR field. It may contain at most 1 value for each of IPv4 and IPv6.", + "resourceTags": { + "description": "resourceTags is a list of additional tags to apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags available for the user.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSResourceTag" }, - "x-kubernetes-list-type": "set", - "x-kubernetes-patch-strategy": "merge" - }, - "providerID": { - "description": "ID of the node assigned by the cloud provider in the format: ://", - "type": "string" + "x-kubernetes-list-type": "atomic" }, - "taints": { - "description": "If specified, the node's taints.", + "serviceEndpoints": { + "description": "serviceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Taint.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSServiceEndpoint" }, "x-kubernetes-list-type": "atomic" - }, - "unschedulable": { - "description": "Unschedulable controls node schedulability of new pods. By default, node is schedulable. More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration", - "type": "boolean" } } }, - "NodeStatus.v1.core.api.k8s.io": { - "description": "NodeStatus is information about the current status of a node.", + "com.github.openshift.api.config.v1.AWSResourceTag": { + "description": "AWSResourceTag is a tag to apply to AWS resources created for the cluster.", "type": "object", + "required": [ + "key", + "value" + ], "properties": { - "addresses": { - "description": "List of addresses reachable to the node. Queried from cloud provider, if available. More info: https://kubernetes.io/docs/reference/node/node-status/#addresses Note: This field is declared as mergeable, but the merge key is not sufficiently unique, which can cause data corruption when it is merged. Callers should instead use a full-replacement patch. See https://pr.k8s.io/79391 for an example. Consumers should assume that addresses can change during the lifetime of a Node. However, there are some exceptions where this may not be possible, such as Pods that inherit a Node's address in its own status or consumers of the downward API (status.hostIP).", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/NodeAddress.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + "key": { + "description": "key sets the key of the AWS resource tag key-value pair. Key is required when defining an AWS resource tag. Key should consist of between 1 and 128 characters, and may contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'.", + "type": "string", + "default": "" }, - "allocatable": { - "description": "Allocatable represents the resources of a node that are available for scheduling. Defaults to Capacity.", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" - } - }, - "capacity": { - "description": "Capacity represents the total resources of a node. More info: https://kubernetes.io/docs/reference/node/node-status/#capacity", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" - } + "value": { + "description": "value sets the value of the AWS resource tag key-value pair. Value is required when defining an AWS resource tag. Value should consist of between 1 and 256 characters, and may contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'. Some AWS service do not support empty values. Since tags are added to resources in many services, the length of the tag value must meet the requirements of all services.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.AWSServiceEndpoint": { + "description": "AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services.", + "type": "object", + "required": [ + "name", + "url" + ], + "properties": { + "name": { + "description": "name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty.", + "type": "string", + "default": "" }, - "conditions": { - "description": "Conditions is an array of current observed node conditions. More info: https://kubernetes.io/docs/reference/node/node-status/#condition", + "url": { + "description": "url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.AcceptRisk": { + "description": "AcceptRisk represents a risk that is considered acceptable.", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "name is the name of the acceptable risk. It must be a non-empty string and must not exceed 256 characters.", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1.AdmissionConfig": { + "type": "object", + "properties": { + "disabledPlugins": { + "description": "disabledPlugins is a list of admission plugins that must be off. Putting something in this list is almost always a mistake and likely to result in cluster instability.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/NodeCondition.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" - }, - "config": { - "description": "Status of the config assigned to the node via the dynamic Kubelet config feature.", - "$ref": "#/definitions/NodeConfigStatus.v1.core.api.k8s.io" - }, - "daemonEndpoints": { - "description": "Endpoints of daemons running on the Node.", - "default": {}, - "$ref": "#/definitions/NodeDaemonEndpoints.v1.core.api.k8s.io" + "type": "string", + "default": "" + } }, - "declaredFeatures": { - "description": "DeclaredFeatures represents the features related to feature gates that are declared by the node.", + "enabledPlugins": { + "description": "enabledPlugins is a list of admission plugins that must be on in addition to the default list. Some admission plugins are disabled by default, but certain configurations require them. This is fairly uncommon and can result in performance penalties and unexpected behavior.", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "features": { - "description": "Features describes the set of features implemented by the CRI implementation.", - "$ref": "#/definitions/NodeFeatures.v1.core.api.k8s.io" + } }, - "images": { - "description": "List of container images on this node", - "type": "array", - "items": { + "pluginConfig": { + "type": "object", + "additionalProperties": { "default": {}, - "$ref": "#/definitions/ContainerImage.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" - }, - "nodeInfo": { - "description": "Set of ids/uuids to uniquely identify the node. More info: https://kubernetes.io/docs/reference/node/node-status/#info", - "default": {}, - "$ref": "#/definitions/NodeSystemInfo.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.AdmissionPluginConfig" + } + } + } + }, + "com.github.openshift.api.config.v1.AdmissionPluginConfig": { + "description": "AdmissionPluginConfig holds the necessary configuration options for admission plugins", + "type": "object", + "required": [ + "location", + "configuration" + ], + "properties": { + "configuration": { + "description": "configuration is an embedded configuration object to be used as the plugin's configuration. If present, it will be used instead of the path to the configuration file.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "phase": { - "description": "NodePhase is the recently observed lifecycle phase of the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#phase The field is never populated, and now is deprecated.\n\nPossible enum values:\n - `\"Pending\"` means the node has been created/added by the system, but not configured.\n - `\"Running\"` means the node has been configured and has Kubernetes components running.\n - `\"Terminated\"` means the node has been removed from the cluster.", + "location": { + "description": "location is the path to a configuration file that contains the plugin's configuration", "type": "string", - "enum": [ - "Pending", - "Running", - "Terminated" - ] + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.AlibabaCloudPlatformSpec": { + "description": "AlibabaCloudPlatformSpec holds the desired state of the Alibaba Cloud infrastructure provider. This only includes fields that can be modified in the cluster.", + "type": "object" + }, + "com.github.openshift.api.config.v1.AlibabaCloudPlatformStatus": { + "description": "AlibabaCloudPlatformStatus holds the current status of the Alibaba Cloud infrastructure provider.", + "type": "object", + "required": [ + "region" + ], + "properties": { + "region": { + "description": "region specifies the region for Alibaba Cloud resources created for the cluster.", + "type": "string", + "default": "" }, - "runtimeHandlers": { - "description": "The available runtime handlers.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/NodeRuntimeHandler.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "resourceGroupID": { + "description": "resourceGroupID is the ID of the resource group for the cluster.", + "type": "string" }, - "volumesAttached": { - "description": "List of volumes that are attached to the node.", + "resourceTags": { + "description": "resourceTags is a list of additional tags to apply to Alibaba Cloud resources created for the cluster.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/AttachedVolume.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.AlibabaCloudResourceTag" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "key" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.config.v1.AlibabaCloudResourceTag": { + "description": "AlibabaCloudResourceTag is the set of tags to add to apply to resources.", + "type": "object", + "required": [ + "key", + "value" + ], + "properties": { + "key": { + "description": "key is the key of the tag.", + "type": "string", + "default": "" }, - "volumesInUse": { - "description": "List of attachable volumes in use (mounted) by the node.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "value": { + "description": "value is the value of the tag.", + "type": "string", + "default": "" } } }, - "NodeSwapStatus.v1.core.api.k8s.io": { - "description": "NodeSwapStatus represents swap memory information.", + "com.github.openshift.api.config.v1.Audit": { "type": "object", "properties": { - "capacity": { - "description": "Total amount of swap memory in bytes.", - "type": "integer", - "format": "int64" + "customRules": { + "description": "customRules specify profiles per group. These profile take precedence over the top-level profile field if they apply. They are evaluation from top to bottom and the first one that matches, applies.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.AuditCustomRule" + }, + "x-kubernetes-list-map-keys": [ + "group" + ], + "x-kubernetes-list-type": "map" + }, + "profile": { + "description": "profile specifies the name of the desired top-level audit profile to be applied to all requests sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, openshift-apiserver and oauth-apiserver), with the exception of those requests that match one or more of the customRules.\n\nThe following profiles are provided: - Default: default policy which means MetaData level logging with the exception of events\n (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody\n level).\n- WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens.\n\nWarning: It is not recommended to disable audit logging by using the `None` profile unless you are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. If you disable audit logging and a support situation arises, you might need to enable audit logging and reproduce the issue in order to troubleshoot properly.\n\nIf unset, the 'Default' profile is used as the default.", + "type": "string" } } }, - "NodeSystemInfo.v1.core.api.k8s.io": { - "description": "NodeSystemInfo is a set of ids/uuids to uniquely identify the node.", + "com.github.openshift.api.config.v1.AuditConfig": { + "description": "AuditConfig holds configuration for the audit capabilities", "type": "object", "required": [ - "machineID", - "systemUUID", - "bootID", - "kernelVersion", - "osImage", - "containerRuntimeVersion", - "kubeletVersion", - "kubeProxyVersion", - "operatingSystem", - "architecture" + "enabled", + "auditFilePath", + "maximumFileRetentionDays", + "maximumRetainedFiles", + "maximumFileSizeMegabytes", + "policyFile", + "policyConfiguration", + "logFormat", + "webHookKubeConfig", + "webHookMode" ], "properties": { - "architecture": { - "description": "The Architecture reported by the node", + "auditFilePath": { + "description": "All requests coming to the apiserver will be logged to this file.", "type": "string", "default": "" }, - "bootID": { - "description": "Boot ID reported by the node.", - "type": "string", - "default": "" + "enabled": { + "description": "If this flag is set, audit log will be printed in the logs. The logs contains, method, user and a requested URL.", + "type": "boolean", + "default": false }, - "containerRuntimeVersion": { - "description": "ContainerRuntime Version reported by the node through runtime remote API (e.g. containerd://1.4.2).", + "logFormat": { + "description": "Format of saved audits (legacy or json).", "type": "string", "default": "" }, - "kernelVersion": { - "description": "Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64).", - "type": "string", - "default": "" + "maximumFileRetentionDays": { + "description": "Maximum number of days to retain old log files based on the timestamp encoded in their filename.", + "type": "integer", + "format": "int32", + "default": 0 }, - "kubeProxyVersion": { - "description": "Deprecated: KubeProxy Version reported by the node.", - "type": "string", - "default": "" + "maximumFileSizeMegabytes": { + "description": "Maximum size in megabytes of the log file before it gets rotated. Defaults to 100MB.", + "type": "integer", + "format": "int32", + "default": 0 }, - "kubeletVersion": { - "description": "Kubelet Version reported by the node.", - "type": "string", - "default": "" + "maximumRetainedFiles": { + "description": "Maximum number of old log files to retain.", + "type": "integer", + "format": "int32", + "default": 0 }, - "machineID": { - "description": "MachineID reported by the node. For unique machine identification in the cluster this field is preferred. Learn more from man(5) machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html", - "type": "string", - "default": "" + "policyConfiguration": { + "description": "policyConfiguration is an embedded policy configuration object to be used as the audit policy configuration. If present, it will be used instead of the path to the policy file.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "operatingSystem": { - "description": "The Operating System reported by the node", + "policyFile": { + "description": "policyFile is a path to the file that defines the audit policy configuration.", "type": "string", "default": "" }, - "osImage": { - "description": "OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)).", + "webHookKubeConfig": { + "description": "Path to a .kubeconfig formatted file that defines the audit webhook configuration.", "type": "string", "default": "" }, - "swap": { - "description": "Swap Info reported by the node.", - "$ref": "#/definitions/NodeSwapStatus.v1.core.api.k8s.io" - }, - "systemUUID": { - "description": "SystemUUID reported by the node. For unique machine identification MachineID is preferred. This field is specific to Red Hat hosts https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid", + "webHookMode": { + "description": "Strategy for sending audit events (block or batch).", "type": "string", "default": "" } } }, - "NonResourceAttributes.v1.authorization.api.k8s.io": { - "description": "NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface", + "com.github.openshift.api.config.v1.AuditCustomRule": { + "description": "AuditCustomRule describes a custom rule for an audit profile that takes precedence over the top-level profile.", "type": "object", + "required": [ + "group", + "profile" + ], "properties": { - "path": { - "description": "Path is the URL path of the request", - "type": "string" + "group": { + "description": "group is a name of group a request user must be member of in order to this profile to apply.", + "type": "string", + "default": "" }, - "verb": { - "description": "Verb is the standard HTTP verb", - "type": "string" + "profile": { + "description": "profile specifies the name of the desired audit policy configuration to be deployed to all OpenShift-provided API servers in the cluster.\n\nThe following profiles are provided: - Default: the existing default policy. - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens.\n\nIf unset, the 'Default' profile is used as the default.", + "type": "string", + "default": "" } } }, - "NonResourceRule.v1.authorization.api.k8s.io": { - "description": "NonResourceRule holds information that describes a rule for the non-resource", + "com.github.openshift.api.config.v1.Authentication": { + "description": "Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "verbs" + "spec" ], "properties": { - "nonResourceURLs": { - "description": "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path. \"*\" means all.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "verbs": { - "description": "Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. \"*\" means all.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.AuthenticationSpec" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.AuthenticationStatus" } } }, - "ObjectFieldSelector.v1.core.api.k8s.io": { - "description": "ObjectFieldSelector selects an APIVersioned field of an object.", + "com.github.openshift.api.config.v1.AuthenticationList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "fieldPath" + "metadata", + "items" ], "properties": { "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", - "type": "string", - "default": "" + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.Authentication" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.", + "com.github.openshift.api.config.v1.AuthenticationSpec": { "type": "object", "properties": { - "annotations": { - "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "creationTimestamp": { - "description": "CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "deletionGracePeriodSeconds": { - "description": "Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.", - "type": "integer", - "format": "int64" - }, - "deletionTimestamp": { - "description": "DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "oauthMetadata": { + "description": "oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key \"oauthMetadata\" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "finalizers": { - "description": "Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.", + "oidcProviders": { + "description": "oidcProviders are OIDC identity providers that can issue tokens for this cluster Can only be set if \"Type\" is set to \"OIDC\".\n\nAt most one provider can be configured.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.OIDCProvider" }, - "x-kubernetes-list-type": "set", - "x-kubernetes-patch-strategy": "merge" + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "generateName": { - "description": "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will return a 409.\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", - "type": "string" + "serviceAccountIssuer": { + "description": "serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the previous issuer value. Instead, the tokens issued by previous service account issuer will continue to be trusted for a time period chosen by the platform (currently set to 24h). This time period is subject to change over time. This allows internal components to transition to use new service account issuer without service distruption.", + "type": "string", + "default": "" }, - "generation": { - "description": "A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.", - "type": "integer", - "format": "int64" + "type": { + "description": "type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth.", + "type": "string", + "default": "" }, - "labels": { - "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "webhookTokenAuthenticator": { + "description": "webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service.\n\nCan only be set if \"Type\" is set to \"None\".", + "$ref": "#/definitions/com.github.openshift.api.config.v1.WebhookTokenAuthenticator" }, - "managedFields": { - "description": "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object.", + "webhookTokenAuthenticators": { + "description": "webhookTokenAuthenticators is DEPRECATED, setting it has no effect.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/ManagedFieldsEntry.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.DeprecatedWebhookTokenAuthenticator" }, "x-kubernetes-list-type": "atomic" + } + } + }, + "com.github.openshift.api.config.v1.AuthenticationStatus": { + "type": "object", + "properties": { + "integratedOAuthMetadata": { + "description": "integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for the in-cluster integrated OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This contains the observed value based on cluster state. An explicitly set value in spec.oauthMetadata has precedence over this field. This field has no meaning if authentication spec.type is not set to IntegratedOAuth. The key \"oauthMetadata\" is used to locate the data. If the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config-managed.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "name": { - "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names", - "type": "string" - }, - "namespace": { - "description": "Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces", - "type": "string" - }, - "ownerReferences": { - "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", + "oidcClients": { + "description": "oidcClients is where participating operators place the current OIDC client status for OIDC clients that can be customized by the cluster-admin.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.OIDCClientStatus" }, "x-kubernetes-list-map-keys": [ - "uid" + "componentNamespace", + "componentName" ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "uid", - "x-kubernetes-patch-strategy": "merge" - }, - "resourceVersion": { - "description": "An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" - }, - "selfLink": { - "description": "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.", - "type": "string" - }, - "uid": { - "description": "UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", - "type": "string" + "x-kubernetes-list-type": "map" } } }, - "ObjectReference.v1.core.api.k8s.io": { - "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "com.github.openshift.api.config.v1.AzurePlatformSpec": { + "description": "AzurePlatformSpec holds the desired state of the Azure infrastructure provider. This only includes fields that can be modified in the cluster.", + "type": "object" + }, + "com.github.openshift.api.config.v1.AzurePlatformStatus": { + "description": "AzurePlatformStatus holds the current status of the Azure infrastructure provider.", "type": "object", + "required": [ + "resourceGroupName" + ], "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.", + "armEndpoint": { + "description": "armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack.", "type": "string" }, - "kind": { - "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "cloudLoadBalancerConfig": { + "description": "cloudLoadBalancerConfig holds configuration related to DNS and cloud load balancers. It allows configuration of in-cluster DNS as an alternative to the platform default DNS implementation. When using the ClusterHosted DNS type, Load Balancer IP addresses must be provided for the API and internal API load balancers as well as the ingress load balancer.", + "default": { + "dnsType": "PlatformDefault" + }, + "$ref": "#/definitions/com.github.openshift.api.config.v1.CloudLoadBalancerConfig" }, - "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "cloudName": { + "description": "cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK with the appropriate Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`.", "type": "string" }, - "namespace": { - "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" + "ipFamily": { + "description": "ipFamily specifies the IP protocol family that should be used for Azure network resources. This controls whether Azure resources are created with IPv4-only, or dual-stack networking with IPv4 or IPv6 as the primary protocol family.", + "type": "string", + "default": "IPv4" }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "networkResourceGroupName": { + "description": "networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster. If empty, the value is same as ResourceGroupName.", "type": "string" }, - "uid": { - "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", - "type": "string" + "resourceGroupName": { + "description": "resourceGroupName is the Resource Group for new Azure resources created for the cluster.", + "type": "string", + "default": "" + }, + "resourceTags": { + "description": "resourceTags is a list of additional tags to apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.AzureResourceTag" + }, + "x-kubernetes-list-type": "atomic" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.", + "com.github.openshift.api.config.v1.AzureResourceTag": { + "description": "AzureResourceTag is a tag to apply to Azure resources created for the cluster.", "type": "object", "required": [ - "apiVersion", - "kind", - "name", - "uid" + "key", + "value" ], "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string", - "default": "" - }, - "blockOwnerDeletion": { - "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs \"delete\" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.", - "type": "boolean" - }, - "controller": { - "description": "If true, this reference points to the managing controller.", - "type": "boolean" - }, - "kind": { - "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string", - "default": "" - }, - "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names", + "key": { + "description": "key is the key part of the tag. A tag key can have a maximum of 128 characters and cannot be empty. Key must begin with a letter, end with a letter, number or underscore, and must contain only alphanumeric characters and the following special characters `_ . -`.", "type": "string", "default": "" }, - "uid": { - "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", + "value": { + "description": "value is the value part of the tag. A tag value can have a maximum of 256 characters and cannot be empty. Value must contain only alphanumeric characters and the following special characters `_ + , - . / : ; < = > ? @`.", "type": "string", "default": "" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "ParamKind.v1.admissionregistration.api.k8s.io": { - "description": "ParamKind is a tuple of Group Kind and Version.", + "com.github.openshift.api.config.v1.BareMetalPlatformLoadBalancer": { + "description": "BareMetalPlatformLoadBalancer defines the load balancer used by the cluster on BareMetal platform.", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion is the API group version the resources belong to. In format of \"group/version\". Required.", - "type": "string" - }, - "kind": { - "description": "Kind is the API kind the resources belong to. Required.", - "type": "string" + "type": { + "description": "type defines the type of load balancer used by the cluster on BareMetal platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", + "type": "string", + "default": "OpenShiftManagedDefault" } }, - "x-kubernetes-map-type": "atomic" - }, - "ParamRef.v1.admissionregistration.api.k8s.io": { - "description": "ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding.", - "type": "object", - "properties": { - "name": { - "description": "name is the name of the resource being referenced.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.\n\nA single parameter used for all admission requests can be configured by setting the `name` field, leaving `selector` blank, and setting namespace if `paramKind` is namespace-scoped.", - "type": "string" - }, - "namespace": { - "description": "namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.\n\nA per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.\n\n- If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.", - "type": "string" - }, - "parameterNotFoundAction": { - "description": "`parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.\n\nAllowed values are `Allow` or `Deny`\n\nRequired", - "type": "string" - }, - "selector": { - "description": "selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.\n\nIf multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.", - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": {} } - }, - "x-kubernetes-map-type": "atomic" + ] }, - "PartialObjectMetadata.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "PartialObjectMetadata is a generic representation of any object with ObjectMeta. It allows clients to get access to a particular ObjectMeta schema without knowing the details of the version.", + "com.github.openshift.api.config.v1.BareMetalPlatformSpec": { + "description": "BareMetalPlatformSpec holds the desired state of the BareMetal infrastructure provider. This only includes fields that can be modified in the cluster.", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "apiServerInternalIPs": { + "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "ingressIPs": { + "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "machineNetworks": { + "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example \"10.0.0.0/8\" or \"fd00::/8\".", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "PartialObjectMetadataList.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "PartialObjectMetadataList contains a list of objects containing only their metadata", + "com.github.openshift.api.config.v1.BareMetalPlatformStatus": { + "description": "BareMetalPlatformStatus holds the current status of the BareMetal infrastructure provider. For more information about the network architecture used with the BareMetal platform type, see: https://github.com/openshift/installer/blob/master/docs/design/baremetal/networking-infrastructure.md", "type": "object", "required": [ - "items" + "apiServerInternalIPs", + "ingressIPs" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "apiServerInternalIP": { + "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", "type": "string" }, - "items": { - "description": "items contains each of the included items.", + "apiServerInternalIPs": { + "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/PartialObjectMetadata.v1.meta.apis.pkg.apimachinery.k8s.io" - } + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "dnsRecordsType": { + "description": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.\n\nPossible enum values:\n - `\"External\"`\n - `\"Internal\"`", + "type": "string", + "enum": [ + "External", + "Internal" + ] }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "Patch.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "Patch is provided to give a concrete name and type to the Kubernetes PATCH request body.", - "type": "object" - }, - "PatchOptions.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "PatchOptions may be provided when patching an API object. PatchOptions is meant to be a superset of UpdateOptions.", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "ingressIP": { + "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", "type": "string" }, - "dryRun": { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "ingressIPs": { + "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", "type": "array", "items": { "type": "string", @@ -5583,56 +5090,63 @@ }, "x-kubernetes-list-type": "atomic" }, - "fieldManager": { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", - "type": "string" - }, - "fieldValidation": { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "type": "string" + "loadBalancer": { + "description": "loadBalancer defines how the load balancer used by the cluster is configured.", + "default": { + "type": "OpenShiftManagedDefault" + }, + "$ref": "#/definitions/com.github.openshift.api.config.v1.BareMetalPlatformLoadBalancer" }, - "force": { - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", - "type": "boolean" + "machineNetworks": { + "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "nodeDNSIP": { + "description": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", "type": "string" } } }, - "PersistentVolume.v1.core.api.k8s.io": { - "description": "PersistentVolume (PV) is a storage resource provisioned by an administrator. It is analogous to a node. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes", + "com.github.openshift.api.config.v1.BasicAuthIdentityProvider": { + "description": "BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials", "type": "object", + "required": [ + "url" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "ca": { + "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "spec": { - "description": "spec defines a specification of a persistent volume owned by the cluster. Provisioned by an administrator. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes", + "tlsClientCert": { + "description": "tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key \"tls.crt\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", "default": {}, - "$ref": "#/definitions/PersistentVolumeSpec.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" }, - "status": { - "description": "status represents the current information/status for the persistent volume. Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes", + "tlsClientKey": { + "description": "tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key \"tls.key\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", "default": {}, - "$ref": "#/definitions/PersistentVolumeStatus.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + }, + "url": { + "description": "url is the remote URL to connect to", + "type": "string", + "default": "" } } }, - "PersistentVolumeClaim.v1.core.api.k8s.io": { - "description": "PersistentVolumeClaim is a user's request for and claim to a persistent volume", + "com.github.openshift.api.config.v1.Build": { + "description": "Build configures the behavior of OpenShift builds for the entire cluster. This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds.\n\nThe canonical name is \"cluster\"\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -5643,62 +5157,56 @@ "type": "string" }, "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "default": {}, - "$ref": "#/definitions/PersistentVolumeClaimSpec.v1.core.api.k8s.io" - }, - "status": { - "description": "status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "description": "spec holds user-settable values for the build controller configuration", "default": {}, - "$ref": "#/definitions/PersistentVolumeClaimStatus.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.BuildSpec" } } }, - "PersistentVolumeClaimCondition.v1.core.api.k8s.io": { - "description": "PersistentVolumeClaimCondition contains details about state of pvc", + "com.github.openshift.api.config.v1.BuildDefaults": { "type": "object", - "required": [ - "type", - "status" - ], "properties": { - "lastProbeTime": { - "description": "lastProbeTime is the time we probed the condition.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "lastTransitionTime": { - "description": "lastTransitionTime is the time the condition transitioned from one status to another.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "defaultProxy": { + "description": "defaultProxy contains the default proxy settings for all build operations, including image pull/push and source download.\n\nValues can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables in the build config's strategy.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.ProxySpec" }, - "message": { - "description": "message is the human-readable message indicating details about last transition.", - "type": "string" + "env": { + "description": "env is a set of default environment variables that will be applied to the build if the specified variables do not exist on the build", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + } }, - "reason": { - "description": "reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports \"Resizing\" that means the underlying persistent volume is being resized.", - "type": "string" + "gitProxy": { + "description": "gitProxy contains the proxy settings for git operations only. If set, this will override any Proxy settings for all git commands, such as git clone.\n\nValues that are not set here will be inherited from DefaultProxy.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.ProxySpec" }, - "status": { - "description": "Status is the status of the condition. Can be True, False, Unknown. More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", - "type": "string", - "default": "" + "imageLabels": { + "description": "imageLabels is a list of docker labels that are applied to the resulting image. User can override a default label by providing a label with the same name in their Build/BuildConfig.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageLabel" + } }, - "type": { - "description": "Type is the type of the condition. More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", - "type": "string", - "default": "" + "resources": { + "description": "resources defines resource requirements to execute the build.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" } } }, - "PersistentVolumeClaimList.v1.core.api.k8s.io": { - "description": "PersistentVolumeClaimList is a list of PersistentVolumeClaim items.", + "com.github.openshift.api.config.v1.BuildList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -5707,11 +5215,10 @@ "type": "string" }, "items": { - "description": "items is a list of persistent volume claims. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/PersistentVolumeClaim.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.Build" } }, "kind": { @@ -5719,522 +5226,209 @@ "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "PersistentVolumeClaimSpec.v1.core.api.k8s.io": { - "description": "PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes", + "com.github.openshift.api.config.v1.BuildOverrides": { "type": "object", "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", - "type": "array", - "items": { - "type": "string", - "default": "", - "enum": [ - "ReadOnlyMany", - "ReadWriteMany", - "ReadWriteOnce", - "ReadWriteOncePod" - ] - }, - "x-kubernetes-list-type": "atomic" - }, - "dataSource": { - "description": "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "$ref": "#/definitions/TypedLocalObjectReference.v1.core.api.k8s.io" - }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "$ref": "#/definitions/TypedObjectReference.v1.core.api.k8s.io" - }, - "resources": { - "description": "resources represents the minimum resources the volume should have. Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "default": {}, - "$ref": "#/definitions/VolumeResourceRequirements.v1.core.api.k8s.io" - }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", - "type": "string" - }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string or nil value indicates that no VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.\n\nPossible enum values:\n - `\"Block\"` means the volume will not be formatted with a filesystem and will remain a raw block device.\n - `\"Filesystem\"` means the volume will be or is formatted with a filesystem.", - "type": "string", - "enum": [ - "Block", - "Filesystem" - ] + "forcePull": { + "description": "forcePull overrides, if set, the equivalent value in the builds, i.e. false disables force pull for all builds, true enables force pull for all builds, independently of what each build specifies itself", + "type": "boolean" }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", - "type": "string" - } - } - }, - "PersistentVolumeClaimStatus.v1.core.api.k8s.io": { - "description": "PersistentVolumeClaimStatus is the current status of a persistent volume claim.", - "type": "object", - "properties": { - "accessModes": { - "description": "accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "imageLabels": { + "description": "imageLabels is a list of docker labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten.", "type": "array", "items": { - "type": "string", - "default": "", - "enum": [ - "ReadOnlyMany", - "ReadWriteMany", - "ReadWriteOnce", - "ReadWriteOncePod" - ] - }, - "x-kubernetes-list-type": "atomic" - }, - "allocatedResourceStatuses": { - "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "", - "enum": [ - "ControllerResizeInProgress", - "ControllerResizeInfeasible", - "NodeResizeInProgress", - "NodeResizeInfeasible", - "NodeResizePending" - ] - }, - "x-kubernetes-map-type": "granular" - }, - "allocatedResources": { - "description": "allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageLabel" } }, - "capacity": { - "description": "capacity represents the actual resources of the underlying volume.", + "nodeSelector": { + "description": "nodeSelector is a selector which must be true for the build pod to fit on a node", "type": "object", "additionalProperties": { - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + "type": "string", + "default": "" } }, - "conditions": { - "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'Resizing'.", + "tolerations": { + "description": "tolerations is a list of Tolerations that will override any existing tolerations set on a build pod.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/PersistentVolumeClaimCondition.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" - }, - "currentVolumeAttributesClassName": { - "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim", - "type": "string" - }, - "modifyVolumeStatus": { - "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted.", - "$ref": "#/definitions/ModifyVolumeStatus.v1.core.api.k8s.io" - }, - "phase": { - "description": "phase represents the current phase of PersistentVolumeClaim.\n\nPossible enum values:\n - `\"Bound\"` used for PersistentVolumeClaims that are bound\n - `\"Lost\"` used for PersistentVolumeClaims that lost their underlying PersistentVolume. The claim was bound to a PersistentVolume and this volume does not exist any longer and all data on it was lost.\n - `\"Pending\"` used for PersistentVolumeClaims that are not yet bound", - "type": "string", - "enum": [ - "Bound", - "Lost", - "Pending" - ] + "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" + } } } }, - "PersistentVolumeClaimTemplate.v1.core.api.k8s.io": { - "description": "PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim objects as part of an EphemeralVolumeSource.", + "com.github.openshift.api.config.v1.BuildSpec": { "type": "object", - "required": [ - "spec" - ], "properties": { - "metadata": { - "description": "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.", + "additionalTrustedCA": { + "description": "additionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted for image pushes and pulls during builds. The namespace for this config map is openshift-config.\n\nDEPRECATED: Additional CAs for image pull and push should be set on image.config.openshift.io/cluster instead.", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "spec": { - "description": "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.", + "buildDefaults": { + "description": "buildDefaults controls the default information for Builds", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.BuildDefaults" + }, + "buildOverrides": { + "description": "buildOverrides controls override settings for builds", "default": {}, - "$ref": "#/definitions/PersistentVolumeClaimSpec.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.BuildOverrides" } } }, - "PersistentVolumeClaimVolumeSource.v1.core.api.k8s.io": { - "description": "PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system).", + "com.github.openshift.api.config.v1.CertInfo": { + "description": "CertInfo relates a certificate with a private key", "type": "object", "required": [ - "claimName" + "certFile", + "keyFile" ], "properties": { - "claimName": { - "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", "type": "string", "default": "" }, - "readOnly": { - "description": "readOnly Will force the ReadOnly setting in VolumeMounts. Default false.", - "type": "boolean" + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" } } }, - "PersistentVolumeList.v1.core.api.k8s.io": { - "description": "PersistentVolumeList is a list of PersistentVolume items.", + "com.github.openshift.api.config.v1.ClientConnectionOverrides": { "type": "object", "required": [ - "items" + "acceptContentTypes", + "contentType", + "qps", + "burst" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is a list of persistent volumes. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/PersistentVolume.v1.core.api.k8s.io" - } + "acceptContentTypes": { + "description": "acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the default value of 'application/json'. This field will control all connections to the server used by a particular client.", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "burst": { + "description": "burst allows extra queries to accumulate when a client is exceeding its rate.", + "type": "integer", + "format": "int32", + "default": 0 }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "contentType": { + "description": "contentType is the content type used when sending data to the server from this client.", + "type": "string", + "default": "" + }, + "qps": { + "description": "qps controls the number of queries per second allowed for this connection.", + "type": "number", + "format": "float", + "default": 0 } } }, - "PersistentVolumeSource.v1.core.api.k8s.io": { - "description": "PersistentVolumeSource is similar to VolumeSource but meant for the administrator who creates PVs. Exactly one of its members must be set.", + "com.github.openshift.api.config.v1.CloudControllerManagerStatus": { + "description": "CloudControllerManagerStatus holds the state of Cloud Controller Manager (a.k.a. CCM or CPI) related settings", "type": "object", "properties": { - "awsElasticBlockStore": { - "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "$ref": "#/definitions/AWSElasticBlockStoreVolumeSource.v1.core.api.k8s.io" - }, - "azureDisk": { - "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver.", - "$ref": "#/definitions/AzureDiskVolumeSource.v1.core.api.k8s.io" - }, - "azureFile": { - "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver.", - "$ref": "#/definitions/AzureFilePersistentVolumeSource.v1.core.api.k8s.io" - }, - "cephfs": { - "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", - "$ref": "#/definitions/CephFSPersistentVolumeSource.v1.core.api.k8s.io" - }, - "cinder": { - "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "$ref": "#/definitions/CinderPersistentVolumeSource.v1.core.api.k8s.io" - }, - "csi": { - "description": "csi represents storage that is handled by an external CSI driver.", - "$ref": "#/definitions/CSIPersistentVolumeSource.v1.core.api.k8s.io" - }, - "fc": { - "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", - "$ref": "#/definitions/FCVolumeSource.v1.core.api.k8s.io" - }, - "flexVolume": { - "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", - "$ref": "#/definitions/FlexPersistentVolumeSource.v1.core.api.k8s.io" - }, - "flocker": { - "description": "flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", - "$ref": "#/definitions/FlockerVolumeSource.v1.core.api.k8s.io" - }, - "gcePersistentDisk": { - "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "$ref": "#/definitions/GCEPersistentDiskVolumeSource.v1.core.api.k8s.io" - }, - "glusterfs": { - "description": "glusterfs represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md", - "$ref": "#/definitions/GlusterfsPersistentVolumeSource.v1.core.api.k8s.io" - }, - "hostPath": { - "description": "hostPath represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "$ref": "#/definitions/HostPathVolumeSource.v1.core.api.k8s.io" - }, - "iscsi": { - "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin.", - "$ref": "#/definitions/ISCSIPersistentVolumeSource.v1.core.api.k8s.io" - }, - "local": { - "description": "local represents directly-attached storage with node affinity", - "$ref": "#/definitions/LocalVolumeSource.v1.core.api.k8s.io" - }, - "nfs": { - "description": "nfs represents an NFS mount on the host. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "$ref": "#/definitions/NFSVolumeSource.v1.core.api.k8s.io" - }, - "photonPersistentDisk": { - "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", - "$ref": "#/definitions/PhotonPersistentDiskVolumeSource.v1.core.api.k8s.io" - }, - "portworxVolume": { - "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on.", - "$ref": "#/definitions/PortworxVolumeSource.v1.core.api.k8s.io" - }, - "quobyte": { - "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", - "$ref": "#/definitions/QuobyteVolumeSource.v1.core.api.k8s.io" - }, - "rbd": { - "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md", - "$ref": "#/definitions/RBDPersistentVolumeSource.v1.core.api.k8s.io" - }, - "scaleIO": { - "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", - "$ref": "#/definitions/ScaleIOPersistentVolumeSource.v1.core.api.k8s.io" - }, - "storageos": { - "description": "storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. More info: https://examples.k8s.io/volumes/storageos/README.md", - "$ref": "#/definitions/StorageOSPersistentVolumeSource.v1.core.api.k8s.io" - }, - "vsphereVolume": { - "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver.", - "$ref": "#/definitions/VsphereVirtualDiskVolumeSource.v1.core.api.k8s.io" + "state": { + "description": "state determines whether or not an external Cloud Controller Manager is expected to be installed within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager\n\nValid values are \"External\", \"None\" and omitted. When set to \"External\", new nodes will be tainted as uninitialized when created, preventing them from running workloads until they are initialized by the cloud controller manager. When omitted or set to \"None\", new nodes will be not tainted and no extra initialization from the cloud controller manager is expected.", + "type": "string", + "default": "" } } }, - "PersistentVolumeSpec.v1.core.api.k8s.io": { - "description": "PersistentVolumeSpec is the specification of a persistent volume.", + "com.github.openshift.api.config.v1.CloudLoadBalancerConfig": { + "description": "CloudLoadBalancerConfig contains an union discriminator indicating the type of DNS solution in use within the cluster. When the DNSType is `ClusterHosted`, the cloud's Load Balancer configuration needs to be provided so that the DNS solution hosted within the cluster can be configured with those values.", "type": "object", "properties": { - "accessModes": { - "description": "accessModes contains all ways the volume can be mounted. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes", + "clusterHosted": { + "description": "clusterHosted holds the IP addresses of API, API-Int and Ingress Load Balancers on Cloud Platforms. The DNS solution hosted within the cluster use these IP addresses to provide resolution for API, API-Int and Ingress services.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.CloudLoadBalancerIPs" + }, + "dnsType": { + "description": "dnsType indicates the type of DNS solution in use within the cluster. Its default value of `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform. It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode, the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed. The cluster's use of the cloud's Load Balancers is unaffected by this setting. The value is immutable after it has been set at install time. Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS. Enabling this functionality allows the user to start their own DNS solution outside the cluster after installation is complete. The customer would be responsible for configuring this custom DNS solution, and it can be run in addition to the in-cluster DNS solution.", + "type": "string", + "default": "PlatformDefault" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "dnsType", + "fields-to-discriminateBy": { + "clusterHosted": "ClusterHosted" + } + } + ] + }, + "com.github.openshift.api.config.v1.CloudLoadBalancerIPs": { + "description": "CloudLoadBalancerIPs contains the Load Balancer IPs for the cloud's API, API-Int and Ingress Load balancers. They will be populated as soon as the respective Load Balancers have been configured. These values are utilized to configure the DNS solution hosted within the cluster.", + "type": "object", + "properties": { + "apiIntLoadBalancerIPs": { + "description": "apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service. These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses. Entries in the apiIntLoadBalancerIPs must be unique. A maximum of 16 IP addresses are permitted.", "type": "array", "items": { "type": "string", - "default": "", - "enum": [ - "ReadOnlyMany", - "ReadWriteMany", - "ReadWriteOnce", - "ReadWriteOncePod" - ] + "default": "" }, - "x-kubernetes-list-type": "atomic" - }, - "awsElasticBlockStore": { - "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "$ref": "#/definitions/AWSElasticBlockStoreVolumeSource.v1.core.api.k8s.io" - }, - "azureDisk": { - "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver.", - "$ref": "#/definitions/AzureDiskVolumeSource.v1.core.api.k8s.io" - }, - "azureFile": { - "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver.", - "$ref": "#/definitions/AzureFilePersistentVolumeSource.v1.core.api.k8s.io" - }, - "capacity": { - "description": "capacity is the description of the persistent volume's resources and capacity. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" - } - }, - "cephfs": { - "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", - "$ref": "#/definitions/CephFSPersistentVolumeSource.v1.core.api.k8s.io" - }, - "cinder": { - "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "$ref": "#/definitions/CinderPersistentVolumeSource.v1.core.api.k8s.io" - }, - "claimRef": { - "description": "claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. claim.VolumeName is the authoritative bind between PV and PVC. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding", - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io", - "x-kubernetes-map-type": "granular" - }, - "csi": { - "description": "csi represents storage that is handled by an external CSI driver.", - "$ref": "#/definitions/CSIPersistentVolumeSource.v1.core.api.k8s.io" - }, - "fc": { - "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", - "$ref": "#/definitions/FCVolumeSource.v1.core.api.k8s.io" - }, - "flexVolume": { - "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", - "$ref": "#/definitions/FlexPersistentVolumeSource.v1.core.api.k8s.io" - }, - "flocker": { - "description": "flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", - "$ref": "#/definitions/FlockerVolumeSource.v1.core.api.k8s.io" - }, - "gcePersistentDisk": { - "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "$ref": "#/definitions/GCEPersistentDiskVolumeSource.v1.core.api.k8s.io" - }, - "glusterfs": { - "description": "glusterfs represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md", - "$ref": "#/definitions/GlusterfsPersistentVolumeSource.v1.core.api.k8s.io" - }, - "hostPath": { - "description": "hostPath represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "$ref": "#/definitions/HostPathVolumeSource.v1.core.api.k8s.io" - }, - "iscsi": { - "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin.", - "$ref": "#/definitions/ISCSIPersistentVolumeSource.v1.core.api.k8s.io" - }, - "local": { - "description": "local represents directly-attached storage with node affinity", - "$ref": "#/definitions/LocalVolumeSource.v1.core.api.k8s.io" + "x-kubernetes-list-type": "set" }, - "mountOptions": { - "description": "mountOptions is the list of mount options, e.g. [\"ro\", \"soft\"]. Not validated - mount will simply fail if one is invalid. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options", + "apiLoadBalancerIPs": { + "description": "apiLoadBalancerIPs holds Load Balancer IPs for the API service. These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses. Could be empty for private clusters. Entries in the apiLoadBalancerIPs must be unique. A maximum of 16 IP addresses are permitted.", "type": "array", "items": { "type": "string", "default": "" }, - "x-kubernetes-list-type": "atomic" - }, - "nfs": { - "description": "nfs represents an NFS mount on the host. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "$ref": "#/definitions/NFSVolumeSource.v1.core.api.k8s.io" - }, - "nodeAffinity": { - "description": "nodeAffinity defines constraints that limit what nodes this volume can be accessed from. This field influences the scheduling of pods that use this volume. This field is mutable if MutablePVNodeAffinity feature gate is enabled.", - "$ref": "#/definitions/VolumeNodeAffinity.v1.core.api.k8s.io" - }, - "persistentVolumeReclaimPolicy": { - "description": "persistentVolumeReclaimPolicy defines what happens to a persistent volume when released from its claim. Valid options are Retain (default for manually created PersistentVolumes), Delete (default for dynamically provisioned PersistentVolumes), and Recycle (deprecated). Recycle must be supported by the volume plugin underlying this PersistentVolume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming\n\nPossible enum values:\n - `\"Delete\"` means the volume will be deleted from Kubernetes on release from its claim. The volume plugin must support Deletion.\n - `\"Recycle\"` means the volume will be recycled back into the pool of unbound persistent volumes on release from its claim. The volume plugin must support Recycling.\n - `\"Retain\"` means the volume will be left in its current phase (Released) for manual reclamation by the administrator. The default policy is Retain.", - "type": "string", - "enum": [ - "Delete", - "Recycle", - "Retain" - ] - }, - "photonPersistentDisk": { - "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", - "$ref": "#/definitions/PhotonPersistentDiskVolumeSource.v1.core.api.k8s.io" - }, - "portworxVolume": { - "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on.", - "$ref": "#/definitions/PortworxVolumeSource.v1.core.api.k8s.io" - }, - "quobyte": { - "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", - "$ref": "#/definitions/QuobyteVolumeSource.v1.core.api.k8s.io" - }, - "rbd": { - "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md", - "$ref": "#/definitions/RBDPersistentVolumeSource.v1.core.api.k8s.io" - }, - "scaleIO": { - "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", - "$ref": "#/definitions/ScaleIOPersistentVolumeSource.v1.core.api.k8s.io" - }, - "storageClassName": { - "description": "storageClassName is the name of StorageClass to which this persistent volume belongs. Empty value means that this volume does not belong to any StorageClass.", - "type": "string" - }, - "storageos": { - "description": "storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. More info: https://examples.k8s.io/volumes/storageos/README.md", - "$ref": "#/definitions/StorageOSPersistentVolumeSource.v1.core.api.k8s.io" - }, - "volumeAttributesClassName": { - "description": "Name of VolumeAttributesClass to which this persistent volume belongs. Empty value is not allowed. When this field is not set, it indicates that this volume does not belong to any VolumeAttributesClass. This field is mutable and can be changed by the CSI driver after a volume has been updated successfully to a new class. For an unbound PersistentVolume, the volumeAttributesClassName will be matched with unbound PersistentVolumeClaims during the binding process.", - "type": "string" - }, - "volumeMode": { - "description": "volumeMode defines if a volume is intended to be used with a formatted filesystem or to remain in raw block state. Value of Filesystem is implied when not included in spec.\n\nPossible enum values:\n - `\"Block\"` means the volume will not be formatted with a filesystem and will remain a raw block device.\n - `\"Filesystem\"` means the volume will be or is formatted with a filesystem.", - "type": "string", - "enum": [ - "Block", - "Filesystem" - ] - }, - "vsphereVolume": { - "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver.", - "$ref": "#/definitions/VsphereVirtualDiskVolumeSource.v1.core.api.k8s.io" - } - } - }, - "PersistentVolumeStatus.v1.core.api.k8s.io": { - "description": "PersistentVolumeStatus is the current status of a persistent volume.", - "type": "object", - "properties": { - "lastPhaseTransitionTime": { - "description": "lastPhaseTransitionTime is the time the phase transitioned from one to another and automatically resets to current time everytime a volume phase transitions.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "message": { - "description": "message is a human-readable message indicating details about why the volume is in this state.", - "type": "string" - }, - "phase": { - "description": "phase indicates if a volume is available, bound to a claim, or released by a claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase\n\nPossible enum values:\n - `\"Available\"` used for PersistentVolumes that are not yet bound Available volumes are held by the binder and matched to PersistentVolumeClaims\n - `\"Bound\"` used for PersistentVolumes that are bound\n - `\"Failed\"` used for PersistentVolumes that failed to be correctly recycled or deleted after being released from a claim\n - `\"Pending\"` used for PersistentVolumes that are not available\n - `\"Released\"` used for PersistentVolumes where the bound PersistentVolumeClaim was deleted released volumes must be recycled before becoming available again this phase is used by the persistent volume claim binder to signal to another process to reclaim the resource", - "type": "string", - "enum": [ - "Available", - "Bound", - "Failed", - "Pending", - "Released" - ] + "x-kubernetes-list-type": "set" }, - "reason": { - "description": "reason is a brief CamelCase string that describes any failure and is meant for machine parsing and tidy display in the CLI.", - "type": "string" + "ingressLoadBalancerIPs": { + "description": "ingressLoadBalancerIPs holds IPs for Ingress Load Balancers. These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses. Entries in the ingressLoadBalancerIPs must be unique. A maximum of 16 IP addresses are permitted.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" } } }, - "PhotonPersistentDiskVolumeSource.v1.core.api.k8s.io": { - "description": "Represents a Photon Controller persistent disk resource.", + "com.github.openshift.api.config.v1.ClusterCondition": { + "description": "ClusterCondition is a union of typed cluster conditions. The 'type' property determines which of the type-specific properties are relevant. When evaluated on a cluster, the condition may match, not match, or fail to evaluate.", "type": "object", "required": [ - "pdID" + "type" ], "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" + "promql": { + "description": "promql represents a cluster condition based on PromQL.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.PromQLClusterCondition" }, - "pdID": { - "description": "pdID is the ID that identifies Photon Controller persistent disk", + "type": { + "description": "type represents the cluster-condition type. This defines the members and semantics of any additional properties.", "type": "string", "default": "" } } }, - "Pod.v1.core.api.k8s.io": { - "description": "Pod is a collection of containers that can run on a host. This resource is created by clients and scheduled onto hosts.", + "com.github.openshift.api.config.v1.ClusterImagePolicy": { + "description": "ClusterImagePolicy holds cluster-wide configuration for image signature verification\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -6245,372 +5439,333 @@ "type": "string" }, "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "description": "spec contains the configuration for the cluster image policy.", "default": {}, - "$ref": "#/definitions/PodSpec.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterImagePolicySpec" }, "status": { - "description": "Most recently observed status of the pod. This data may not be up to date. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "description": "status contains the observed state of the resource.", "default": {}, - "$ref": "#/definitions/PodStatus.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterImagePolicyStatus" } } }, - "PodAffinity.v1.core.api.k8s.io": { - "description": "Pod affinity is a group of inter pod affinity scheduling rules.", + "com.github.openshift.api.config.v1.ClusterImagePolicyList": { + "description": "ClusterImagePolicyList is a list of ClusterImagePolicy resources\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/WeightedPodAffinityTerm.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "items": { + "description": "items is a list of ClusterImagePolices", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/PodAffinityTerm.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterImagePolicy" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "PodAffinityTerm.v1.core.api.k8s.io": { - "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running", + "com.github.openshift.api.config.v1.ClusterImagePolicySpec": { + "description": "CLusterImagePolicySpec is the specification of the ClusterImagePolicy custom resource.", "type": "object", "required": [ - "topologyKey" + "scopes", + "policy" ], "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + "policy": { + "description": "policy is a required field that contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy" }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "scopes": { + "description": "scopes is a required field that defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. This support no more than 256 scopes in one object. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", "type": "array", "items": { "type": "string", "default": "" }, - "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", - "type": "string", - "default": "" + "x-kubernetes-list-type": "set" } } }, - "PodAntiAffinity.v1.core.api.k8s.io": { - "description": "Pod anti affinity is a group of inter pod anti affinity scheduling rules.", + "com.github.openshift.api.config.v1.ClusterImagePolicyStatus": { "type": "object", "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and subtracting \"weight\" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "conditions": { + "description": "conditions provide details on the status of this API Resource.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/WeightedPodAffinityTerm.v1.core.api.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.config.v1.ClusterNetworkEntry": { + "description": "ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated.", + "type": "object", + "required": [ + "cidr" + ], + "properties": { + "cidr": { + "description": "The complete block for pod IPs.", + "type": "string", + "default": "" }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/PodAffinityTerm.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "hostPrefix": { + "description": "The size (prefix) of block to allocate to each node. If this field is not used by the plugin, it can be left unset.", + "type": "integer", + "format": "int64" } } }, - "PodAttachOptions.v1.core.api.k8s.io": { - "description": "PodAttachOptions is the query options to a Pod's remote attach call.", + "com.github.openshift.api.config.v1.ClusterOperator": { + "description": "ClusterOperator holds the status of a core or optional OpenShift component managed by the Cluster Version Operator (CVO). This object is used by operators to convey their state to the rest of the cluster. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "container": { - "description": "The container in which to execute the command. Defaults to only container if there is only one container in the pod.", - "type": "string" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "stderr": { - "description": "Stderr if true indicates that stderr is to be redirected for the attach call. Defaults to true.", - "type": "boolean" - }, - "stdin": { - "description": "Stdin if true, redirects the standard input stream of the pod for this call. Defaults to false.", - "type": "boolean" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "stdout": { - "description": "Stdout if true indicates that stdout is to be redirected for the attach call. Defaults to true.", - "type": "boolean" + "spec": { + "description": "spec holds configuration that could apply to any operator.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterOperatorSpec" }, - "tty": { - "description": "TTY if true indicates that a tty will be allocated for the attach call. This is passed through the container runtime so the tty is allocated on the worker node by the container runtime. Defaults to false.", - "type": "boolean" + "status": { + "description": "status holds the information about the state of an operator. It is consistent with status information across the Kubernetes ecosystem.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterOperatorStatus" } } }, - "PodCertificateProjection.v1.core.api.k8s.io": { - "description": "PodCertificateProjection provides a private key and X.509 certificate in the pod filesystem.", + "com.github.openshift.api.config.v1.ClusterOperatorList": { + "description": "ClusterOperatorList is a list of OperatorStatus resources.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "signerName", - "keyType" + "metadata", + "items" ], "properties": { - "certificateChainPath": { - "description": "Write the certificate chain at this path in the projected volume.\n\nMost applications should use credentialBundlePath. When using keyPath and certificateChainPath, your application needs to check that the key and leaf certificate are consistent, because it is possible to read the files mid-rotation.", - "type": "string" - }, - "credentialBundlePath": { - "description": "Write the credential bundle at this path in the projected volume.\n\nThe credential bundle is a single file that contains multiple PEM blocks. The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private key.\n\nThe remaining blocks are CERTIFICATE blocks, containing the issued certificate chain from the signer (leaf and any intermediates).\n\nUsing credentialBundlePath lets your Pod's application code make a single atomic read that retrieves a consistent key and certificate chain. If you project them to separate files, your application code will need to additionally check that the leaf certificate was issued to the key.", - "type": "string" - }, - "keyPath": { - "description": "Write the key at this path in the projected volume.\n\nMost applications should use credentialBundlePath. When using keyPath and certificateChainPath, your application needs to check that the key and leaf certificate are consistent, because it is possible to read the files mid-rotation.", - "type": "string" - }, - "keyType": { - "description": "The type of keypair Kubelet will generate for the pod.\n\nValid values are \"RSA3072\", \"RSA4096\", \"ECDSAP256\", \"ECDSAP384\", \"ECDSAP521\", and \"ED25519\".", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "maxExpirationSeconds": { - "description": "maxExpirationSeconds is the maximum lifetime permitted for the certificate.\n\nKubelet copies this value verbatim into the PodCertificateRequests it generates for this projection.\n\nIf omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver will reject values shorter than 3600 (1 hour). The maximum allowable value is 7862400 (91 days).\n\nThe signer implementation is then free to issue a certificate with any lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600 seconds (1 hour). This constraint is enforced by kube-apiserver. `kubernetes.io` signers will never issue certificates with a lifetime longer than 24 hours.", - "type": "integer", - "format": "int32" + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterOperator" + } }, - "signerName": { - "description": "Kubelet's generated CSRs will be addressed to this signer.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "userAnnotations": { - "description": "userAnnotations allow pod authors to pass additional information to the signer implementation. Kubernetes does not restrict or validate this metadata in any way.\n\nThese values are copied verbatim into the `spec.unverifiedUserAnnotations` field of the PodCertificateRequest objects that Kubelet creates.\n\nEntries are subject to the same validation as object metadata annotations, with the addition that all keys must be domain-prefixed. No restrictions are placed on values, except an overall size limitation on the entire field.\n\nSigners should document the keys and values they support. Signers should deny requests that contain keys they do not recognize.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "PodCondition.v1.core.api.k8s.io": { - "description": "PodCondition contains details for the current condition of this pod.", - "type": "object", - "required": [ - "type", - "status" - ], - "properties": { - "lastProbeTime": { - "description": "Last time we probed the condition.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "lastTransitionTime": { - "description": "Last time the condition transitioned from one status to another.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "message": { - "description": "Human-readable message indicating details about last transition.", - "type": "string" - }, - "observedGeneration": { - "description": "If set, this represents the .metadata.generation that the pod condition was set based upon. The PodObservedGenerationTracking feature gate must be enabled to use this field.", - "type": "integer", - "format": "int64" - }, - "reason": { - "description": "Unique, one-word, CamelCase reason for the condition's last transition.", - "type": "string" - }, - "status": { - "description": "Status is the status of the condition. Can be True, False, Unknown. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions", - "type": "string", - "default": "" - }, - "type": { - "description": "Type is the type of the condition. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions", - "type": "string", - "default": "" - } - } + "com.github.openshift.api.config.v1.ClusterOperatorSpec": { + "description": "ClusterOperatorSpec is empty for now, but you could imagine holding information like \"pause\".", + "type": "object" }, - "PodDNSConfig.v1.core.api.k8s.io": { - "description": "PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.", + "com.github.openshift.api.config.v1.ClusterOperatorStatus": { + "description": "ClusterOperatorStatus provides information about the status of the operator.", "type": "object", "properties": { - "nameservers": { - "description": "A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.", + "conditions": { + "description": "conditions describes the state of the operator's managed and monitored components.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterOperatorStatusCondition" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "options": { - "description": "A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.", + "extension": { + "description": "extension contains any additional status information specific to the operator which owns this status object.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + }, + "relatedObjects": { + "description": "relatedObjects is a list of objects that are \"interesting\" or related to this operator. Common uses are: 1. the detailed resource driving the operator 2. operator namespaces 3. operand namespaces", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/PodDNSConfigOption.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ObjectReference" + } }, - "searches": { - "description": "A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.", + "versions": { + "description": "versions is a slice of operator and operand version tuples. Operators which manage multiple operands will have multiple operand entries in the array. Available operators must report the version of the operator itself with the name \"operator\". An operator reports a new \"operator\" version when it has rolled out the new version to all of its operands.", "type": "array", "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.OperandVersion" + } } } }, - "PodDNSConfigOption.v1.core.api.k8s.io": { - "description": "PodDNSConfigOption defines DNS resolver options of a pod.", + "com.github.openshift.api.config.v1.ClusterOperatorStatusCondition": { + "description": "ClusterOperatorStatusCondition represents the state of the operator's managed and monitored components.", "type": "object", + "required": [ + "type", + "status", + "lastTransitionTime" + ], "properties": { - "name": { - "description": "Name is this DNS resolver option's name. Required.", + "lastTransitionTime": { + "description": "lastTransitionTime is the time of the last update to the current status property.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "message": { + "description": "message provides additional information about the current condition. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.", "type": "string" }, - "value": { - "description": "Value is this DNS resolver option's value.", + "reason": { + "description": "reason is the CamelCase reason for the condition's current status.", "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "type": "string", + "default": "" + }, + "type": { + "description": "type specifies the aspect reported by this condition.", + "type": "string", + "default": "" } } }, - "PodExecOptions.v1.core.api.k8s.io": { - "description": "PodExecOptions is the query options to a Pod's remote exec call.", + "com.github.openshift.api.config.v1.ClusterVersion": { + "description": "ClusterVersion is the configuration for the ClusterVersionOperator. This is where parameters related to automatic updates can be set.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "command" + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "command": { - "description": "Command is the remote command to execute. argv array. Not executed within a shell.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "container": { - "description": "Container in which to execute the command. Defaults to only container if there is only one container in the pod.", - "type": "string" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "stderr": { - "description": "Redirect the standard error stream of the pod for this call.", - "type": "boolean" - }, - "stdin": { - "description": "Redirect the standard input stream of the pod for this call. Defaults to false.", - "type": "boolean" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "stdout": { - "description": "Redirect the standard output stream of the pod for this call.", - "type": "boolean" + "spec": { + "description": "spec is the desired state of the cluster version - the operator will work to ensure that the desired version is applied to the cluster.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterVersionSpec" }, - "tty": { - "description": "TTY if true indicates that a tty will be allocated for the exec call. Defaults to false.", - "type": "boolean" + "status": { + "description": "status contains information about the available updates and any in-progress updates.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterVersionStatus" } } }, - "PodExtendedResourceClaimStatus.v1.core.api.k8s.io": { - "description": "PodExtendedResourceClaimStatus is stored in the PodStatus for the extended resource requests backed by DRA. It stores the generated name for the corresponding special ResourceClaim created by the scheduler.", + "com.github.openshift.api.config.v1.ClusterVersionCapabilitiesSpec": { + "description": "ClusterVersionCapabilitiesSpec selects the managed set of optional, core cluster components.", "type": "object", - "required": [ - "requestMappings", - "resourceClaimName" - ], "properties": { - "requestMappings": { - "description": "RequestMappings identifies the mapping of to device request in the generated ResourceClaim.", + "additionalEnabledCapabilities": { + "description": "additionalEnabledCapabilities extends the set of managed capabilities beyond the baseline defined in baselineCapabilitySet. The default is an empty set.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/ContainerExtendedResourceRequest.v1.core.api.k8s.io" + "type": "string", + "default": "" }, "x-kubernetes-list-type": "atomic" }, - "resourceClaimName": { - "description": "ResourceClaimName is the name of the ResourceClaim that was generated for the Pod in the namespace of the Pod.", - "type": "string", - "default": "" + "baselineCapabilitySet": { + "description": "baselineCapabilitySet selects an initial set of optional capabilities to enable, which can be extended via additionalEnabledCapabilities. If unset, the cluster will choose a default, and the default may change over time. The current default is vCurrent.", + "type": "string" } } }, - "PodIP.v1.core.api.k8s.io": { - "description": "PodIP represents a single IP address allocated to the pod.", + "com.github.openshift.api.config.v1.ClusterVersionCapabilitiesStatus": { + "description": "ClusterVersionCapabilitiesStatus describes the state of optional, core cluster components.", "type": "object", - "required": [ - "ip" - ], "properties": { - "ip": { - "description": "IP is the IP address assigned to the pod", - "type": "string", - "default": "" + "enabledCapabilities": { + "description": "enabledCapabilities lists all the capabilities that are currently managed.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "knownCapabilities": { + "description": "knownCapabilities lists all the capabilities known to the current cluster.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "PodList.v1.core.api.k8s.io": { - "description": "PodList is a list of Pods.", + "com.github.openshift.api.config.v1.ClusterVersionList": { + "description": "ClusterVersionList is a list of ClusterVersion resources.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -6619,11 +5774,10 @@ "type": "string" }, "items": { - "description": "List of pods. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Pod.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterVersion" } }, "kind": { @@ -6631,393 +5785,327 @@ "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "PodLogOptions.v1.core.api.k8s.io": { - "description": "PodLogOptions is the query options for a Pod's logs REST call.", + "com.github.openshift.api.config.v1.ClusterVersionSpec": { + "description": "ClusterVersionSpec is the desired version state of the cluster. It includes the version the cluster should be at, how the cluster is identified, and where the cluster should look for version updates.", "type": "object", + "required": [ + "clusterID" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "container": { - "description": "The container for which to stream logs. Defaults to only container if there is one container in the pod.", - "type": "string" - }, - "follow": { - "description": "Follow the log stream of the pod. Defaults to false.", - "type": "boolean" - }, - "insecureSkipTLSVerifyBackend": { - "description": "insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the serving certificate of the backend it is connecting to. This will make the HTTPS connection between the apiserver and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real kubelet. If the kubelet is configured to verify the apiserver's TLS credentials, it does not mean the connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept the actual log data coming from the real kubelet).", - "type": "boolean" + "capabilities": { + "description": "capabilities configures the installation of optional, core cluster components. A null value here is identical to an empty object; see the child properties for default semantics.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterVersionCapabilitiesSpec" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "channel": { + "description": "channel is an identifier for explicitly requesting a non-default set of updates to be applied to this cluster. The default channel will contain stable updates that are appropriate for production clusters.", "type": "string" }, - "limitBytes": { - "description": "If set, the number of bytes to read from the server before terminating the log output. This may not display a complete final line of logging, and may return slightly more or slightly less than the specified limit.", - "type": "integer", - "format": "int64" + "clusterID": { + "description": "clusterID uniquely identifies this cluster. This is expected to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in hexadecimal values). This is a required field.", + "type": "string", + "default": "" }, - "previous": { - "description": "Return previous terminated container logs. Defaults to false.", - "type": "boolean" + "desiredUpdate": { + "description": "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail.\n\nSome of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. The version extracted from the referenced image must match the specified version. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error.\n\nIf an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted if the previous version is within the current minor version. Not all rollbacks will succeed, and some may unrecoverably break the cluster.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.Update" }, - "sinceSeconds": { - "description": "A relative time in seconds before the current time from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", - "type": "integer", - "format": "int64" + "overrides": { + "description": "overrides is list of overides for components that are managed by cluster version operator. Marking a component unmanaged will prevent the operator from creating or updating the object.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ComponentOverride" + }, + "x-kubernetes-list-map-keys": [ + "kind", + "group", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "sinceTime": { - "description": "An RFC3339 timestamp from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "signatureStores": { + "description": "signatureStores contains the upstream URIs to verify release signatures and optional reference to a config map by name containing the PEM-encoded CA bundle.\n\nBy default, CVO will use existing signature stores if this property is empty. The CVO will check the release signatures in the local ConfigMaps first. It will search for a valid signature in these stores in parallel only when local ConfigMaps did not include a valid signature. Validation will fail if none of the signature stores reply with valid signature before timeout. Setting signatureStores will replace the default signature stores with custom signature stores. Default stores can be used with custom signature stores by adding them manually.\n\nA maximum of 32 signature stores may be configured.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SignatureStore" + }, + "x-kubernetes-list-map-keys": [ + "url" + ], + "x-kubernetes-list-type": "map" }, - "stream": { - "description": "Specify which container log stream to return to the client. Acceptable values are \"All\", \"Stdout\" and \"Stderr\". If not specified, \"All\" is used, and both stdout and stderr are returned interleaved. Note that when \"TailLines\" is specified, \"Stream\" can only be set to nil or \"All\".", + "upstream": { + "description": "upstream may be used to specify the preferred update server. By default it will use the appropriate update server for the cluster and region.", "type": "string" - }, - "tailLines": { - "description": "If set, the number of lines from the end of the logs to show. If not specified, logs are shown from the creation of the container or sinceSeconds or sinceTime. Note that when \"TailLines\" is specified, \"Stream\" can only be set to nil or \"All\".", - "type": "integer", - "format": "int64" - }, - "timestamps": { - "description": "If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line of log output. Defaults to false.", - "type": "boolean" } } }, - "PodOS.v1.core.api.k8s.io": { - "description": "PodOS defines the OS parameters of a pod.", + "com.github.openshift.api.config.v1.ClusterVersionStatus": { + "description": "ClusterVersionStatus reports the status of the cluster versioning, including any upgrades that are in progress. The current field will be set to whichever version the cluster is reconciling to, and the conditions array will report whether the update succeeded, is in progress, or is failing.", "type": "object", "required": [ - "name" + "desired", + "observedGeneration", + "versionHash", + "availableUpdates" ], "properties": { - "name": { - "description": "Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: null", - "type": "string", - "default": "" - } - } - }, - "PodPortForwardOptions.v1.core.api.k8s.io": { - "description": "PodPortForwardOptions is the query options to a Pod's port forward call when using WebSockets. The `port` query parameter must specify the port or ports (comma separated) to forward over. Port forwarding over SPDY does not use these options. It requires the port to be passed in the `port` header as part of request.", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "availableUpdates": { + "description": "availableUpdates contains updates recommended for this cluster. Updates which appear in conditionalUpdates but not in availableUpdates may expose this cluster to known issues. This list may be empty if no updates are recommended, if the update service is unavailable, or if an invalid channel has been specified.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.Release" + }, + "x-kubernetes-list-type": "atomic" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "capabilities": { + "description": "capabilities describes the state of optional, core cluster components.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterVersionCapabilitiesStatus" }, - "ports": { - "description": "List of ports to forward Required when using WebSockets", + "conditionalUpdateRisks": { + "description": "conditionalUpdateRisks contains the list of risks associated with conditionalUpdates. When performing a conditional update, all its associated risks will be compared with the set of accepted risks in the spec.desiredUpdate.acceptRisks field. If all risks for a conditional update are included in the spec.desiredUpdate.acceptRisks set, the conditional update can proceed, otherwise it is blocked. The risk names in the list must be unique. conditionalUpdateRisks must not contain more than 500 entries.", "type": "array", "items": { - "type": "integer", - "format": "int32", - "default": 0 + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConditionalUpdateRisk" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "conditionalUpdates": { + "description": "conditionalUpdates contains the list of updates that may be recommended for this cluster if it meets specific required conditions. Consumers interested in the set of updates that are actually recommended for this cluster should use availableUpdates. This list may be empty if no updates are recommended, if the update service is unavailable, or if an empty or invalid channel has been specified.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConditionalUpdate" }, "x-kubernetes-list-type": "atomic" - } - } - }, - "PodProxyOptions.v1.core.api.k8s.io": { - "description": "PodProxyOptions is the query options to a Pod's proxy call.", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "conditions": { + "description": "conditions provides information about the cluster version. The condition \"Available\" is set to true if the desiredUpdate has been reached. The condition \"Progressing\" is set to true if an update is being applied. The condition \"Degraded\" is set to true if an update is currently blocked by a temporary or permanent error. Conditions are only valid for the current desiredUpdate when metadata.generation is equal to status.generation.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterOperatorStatusCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "path": { - "description": "Path is the URL path to use for the current proxy request to pod.", - "type": "string" - } - } - }, - "PodReadinessGate.v1.core.api.k8s.io": { - "description": "PodReadinessGate contains the reference to a pod condition", - "type": "object", - "required": [ - "conditionType" - ], - "properties": { - "conditionType": { - "description": "ConditionType refers to a condition in the pod's condition list with matching type.", + "desired": { + "description": "desired is the version that the cluster is reconciling towards. If the cluster is not yet fully initialized desired will be set with the information available, which may be an image or a tag.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.Release" + }, + "history": { + "description": "history contains a list of the most recent versions applied to the cluster. This value may be empty during cluster startup, and then will be updated when a new update is being applied. The newest update is first in the list and it is ordered by recency. Updates in the history have state Completed if the rollout completed - if an update was failing or halfway applied the state will be Partial. Only a limited amount of update history is preserved.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.UpdateHistory" + }, + "x-kubernetes-list-type": "atomic" + }, + "observedGeneration": { + "description": "observedGeneration reports which version of the spec is being synced. If this value is not equal to metadata.generation, then the desired and conditions fields may represent a previous version.", + "type": "integer", + "format": "int64", + "default": 0 + }, + "versionHash": { + "description": "versionHash is a fingerprint of the content that the cluster will be updated with. It is used by the operator to avoid unnecessary work and is for internal use only.", "type": "string", "default": "" } } }, - "PodResourceClaim.v1.core.api.k8s.io": { - "description": "PodResourceClaim references exactly one ResourceClaim, either directly or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim for the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.", + "com.github.openshift.api.config.v1.ComponentOverride": { + "description": "ComponentOverride allows overriding cluster version operator's behavior for a component.", "type": "object", "required": [ - "name" + "kind", + "group", + "namespace", + "name", + "unmanaged" ], "properties": { + "group": { + "description": "group identifies the API group that the kind is in.", + "type": "string", + "default": "" + }, + "kind": { + "description": "kind indentifies which object to override.", + "type": "string", + "default": "" + }, "name": { - "description": "Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL.", + "description": "name is the component's name.", "type": "string", "default": "" }, - "resourceClaimName": { - "description": "ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must be set.", - "type": "string" + "namespace": { + "description": "namespace is the component's namespace. If the resource is cluster scoped, the namespace should be empty.", + "type": "string", + "default": "" }, - "resourceClaimTemplateName": { - "description": "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must be set.", - "type": "string" + "unmanaged": { + "description": "unmanaged controls if cluster version operator should stop managing the resources in this cluster. Default: false", + "type": "boolean", + "default": false } } }, - "PodResourceClaimStatus.v1.core.api.k8s.io": { - "description": "PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim which references a ResourceClaimTemplate. It stores the generated name for the corresponding ResourceClaim.", + "com.github.openshift.api.config.v1.ComponentRouteSpec": { + "description": "ComponentRouteSpec allows for configuration of a route's hostname and serving certificate.", "type": "object", "required": [ - "name" + "namespace", + "name", + "hostname" ], "properties": { + "hostname": { + "description": "hostname is the hostname that should be used by the route.", + "type": "string", + "default": "" + }, "name": { - "description": "Name uniquely identifies this resource claim inside the pod. This must match the name of an entry in pod.spec.resourceClaims, which implies that the string must be a DNS_LABEL.", + "description": "name is the logical name of the route to customize.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized.", "type": "string", "default": "" }, - "resourceClaimName": { - "description": "ResourceClaimName is the name of the ResourceClaim that was generated for the Pod in the namespace of the Pod. If this is unset, then generating a ResourceClaim was not necessary. The pod.spec.resourceClaims entry can be ignored in this case.", - "type": "string" + "namespace": { + "description": "namespace is the namespace of the route to customize.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized.", + "type": "string", + "default": "" + }, + "servingCertKeyPairSecret": { + "description": "servingCertKeyPairSecret is a reference to a secret of type `kubernetes.io/tls` in the openshift-config namespace. The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name. If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" } } }, - "PodSchedulingGate.v1.core.api.k8s.io": { - "description": "PodSchedulingGate is associated to a Pod to guard its scheduling.", + "com.github.openshift.api.config.v1.ComponentRouteStatus": { + "description": "ComponentRouteStatus contains information allowing configuration of a route's hostname and serving certificate.", "type": "object", "required": [ - "name" + "namespace", + "name", + "defaultHostname", + "relatedObjects" ], "properties": { + "conditions": { + "description": "conditions are used to communicate the state of the componentRoutes entry.\n\nSupported conditions include Available, Degraded and Progressing.\n\nIf available is true, the content served by the route can be accessed by users. This includes cases where a default may continue to serve content while the customized route specified by the cluster-admin is being configured.\n\nIf Degraded is true, that means something has gone wrong trying to handle the componentRoutes entry. The currentHostnames field may or may not be in effect.\n\nIf Progressing is true, that means the component is taking some action related to the componentRoutes entry.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "consumingUsers": { + "description": "consumingUsers is a slice of ServiceAccounts that need to have read permission on the servingCertKeyPairSecret secret.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "currentHostnames": { + "description": "currentHostnames is the list of current names used by the route. Typically, this list should consist of a single hostname, but if multiple hostnames are supported by the route the operator may write multiple entries to this list.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "defaultHostname": { + "description": "defaultHostname is the hostname of this route prior to customization.", + "type": "string", + "default": "" + }, "name": { - "description": "Name of the scheduling gate. Each scheduling gate must have a unique name field.", + "description": "name is the logical name of the route to customize. It does not have to be the actual name of a route resource but it cannot be renamed.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized.", "type": "string", "default": "" - } - } - }, - "PodSecurityContext.v1.core.api.k8s.io": { - "description": "PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.", - "type": "object", - "properties": { - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.", - "$ref": "#/definitions/AppArmorProfile.v1.core.api.k8s.io" - }, - "fsGroup": { - "description": "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:\n\n1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.", - "type": "integer", - "format": "int64" - }, - "fsGroupChangePolicy": { - "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used. Note that this field cannot be set when spec.os.name is windows.\n\nPossible enum values:\n - `\"Always\"` indicates that volume's ownership and permissions should always be changed whenever volume is mounted inside a Pod. This the default behavior.\n - `\"OnRootMismatch\"` indicates that volume's ownership and permissions will be changed only when permission and ownership of root directory does not match with expected permissions on the volume. This can help shorten the time it takes to change ownership and permissions of a volume.", - "type": "string", - "enum": [ - "Always", - "OnRootMismatch" - ] - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", - "type": "integer", - "format": "int64" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", - "type": "integer", - "format": "int64" - }, - "seLinuxChangePolicy": { - "description": "seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are \"MountOption\" and \"Recursive\".\n\n\"Recursive\" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.\n\n\"MountOption\" mounts all eligible Pod volumes with `-o context` mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. \"MountOption\" value is allowed only when SELinuxMount feature gate is enabled.\n\nIf not specified and SELinuxMount feature gate is enabled, \"MountOption\" is used. If not specified and SELinuxMount feature gate is disabled, \"MountOption\" is used for ReadWriteOncePod volumes and \"Recursive\" for all other volumes.\n\nThis field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.\n\nAll Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows.", - "type": "string" - }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", - "$ref": "#/definitions/SELinuxOptions.v1.core.api.k8s.io" - }, - "seccompProfile": { - "description": "The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.", - "$ref": "#/definitions/SeccompProfile.v1.core.api.k8s.io" - }, - "supplementalGroups": { - "description": "A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.", - "type": "array", - "items": { - "type": "integer", - "format": "int64", - "default": 0 - }, - "x-kubernetes-list-type": "atomic" }, - "supplementalGroupsPolicy": { - "description": "Defines how supplemental groups of the first container processes are calculated. Valid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.\n\nPossible enum values:\n - `\"Merge\"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be merged with the primary user's groups as defined in the container image (in /etc/group).\n - `\"Strict\"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be used instead of any groups defined in the container image.", + "namespace": { + "description": "namespace is the namespace of the route to customize. It must be a real namespace. Using an actual namespace ensures that no two components will conflict and the same component can be installed multiple times.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized.", "type": "string", - "enum": [ - "Merge", - "Strict" - ] + "default": "" }, - "sysctls": { - "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.", + "relatedObjects": { + "description": "relatedObjects is a list of resources which are useful when debugging or inspecting how spec.componentRoutes is applied.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Sysctl.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", - "$ref": "#/definitions/WindowsSecurityContextOptions.v1.core.api.k8s.io" - } - } - }, - "PodSignature.v1.core.api.k8s.io": { - "description": "Describes the class of pods that should avoid this node. Exactly one field should be set.", - "type": "object", - "properties": { - "podController": { - "description": "Reference to controller whose pods should avoid this node.", - "$ref": "#/definitions/OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ObjectReference" + } } } }, - "PodSpec.v1.core.api.k8s.io": { - "description": "PodSpec is a description of a pod.", + "com.github.openshift.api.config.v1.ConditionalUpdate": { + "description": "ConditionalUpdate represents an update which is recommended to some clusters on the version the current cluster is reconciling, but which may not be recommended for the current cluster.", "type": "object", "required": [ - "containers" + "release", + "risks" ], "properties": { - "activeDeadlineSeconds": { - "description": "Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.", - "type": "integer", - "format": "int64" - }, - "affinity": { - "description": "If specified, the pod's scheduling constraints", - "$ref": "#/definitions/Affinity.v1.core.api.k8s.io" - }, - "automountServiceAccountToken": { - "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.", - "type": "boolean" - }, - "containers": { - "description": "List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.", + "conditions": { + "description": "conditions represents the observations of the conditional update's current status. Known types are: * Recommended, for whether the update is recommended for the current cluster.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Container.v1.core.api.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" }, "x-kubernetes-list-map-keys": [ - "name" + "type" ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" - }, - "dnsConfig": { - "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.", - "$ref": "#/definitions/PodDNSConfig.v1.core.api.k8s.io" - }, - "dnsPolicy": { - "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.\n\nPossible enum values:\n - `\"ClusterFirst\"` indicates that the pod should use cluster DNS first unless hostNetwork is true, if it is available, then fall back on the default (as determined by kubelet) DNS settings.\n - `\"ClusterFirstWithHostNet\"` indicates that the pod should use cluster DNS first, if it is available, then fall back on the default (as determined by kubelet) DNS settings.\n - `\"Default\"` indicates that the pod should use the default (as determined by kubelet) DNS settings.\n - `\"None\"` indicates that the pod should use empty DNS settings. DNS parameters such as nameservers and search paths should be defined via DNSConfig.", - "type": "string", - "enum": [ - "ClusterFirst", - "ClusterFirstWithHostNet", - "Default", - "None" - ] - }, - "enableServiceLinks": { - "description": "EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true.", - "type": "boolean" + "x-kubernetes-list-type": "map" }, - "ephemeralContainers": { - "description": "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/EphemeralContainer.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" + "release": { + "description": "release is the target of the update.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.Release" }, - "hostAliases": { - "description": "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified.", + "riskNames": { + "description": "riskNames represents the set of the names of conditionalUpdateRisks that are relevant to this update for some clusters. The Applies condition of each conditionalUpdateRisks entry declares if that risk applies to this cluster. A conditional update is accepted only if each of its risks either does not apply to the cluster or is considered acceptable by the cluster administrator. The latter means that the risk names are included in value of the spec.desiredUpdate.acceptRisks field. Entries must be unique and must not exceed 256 characters. riskNames must not contain more than 500 entries.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/HostAlias.v1.core.api.k8s.io" + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "ip" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "ip", - "x-kubernetes-patch-strategy": "merge" - }, - "hostIPC": { - "description": "Use the host's ipc namespace. Optional: Default to false.", - "type": "boolean" - }, - "hostNetwork": { - "description": "Host networking requested for this pod. Use the host's network namespace. When using HostNetwork you should specify ports so the scheduler is aware. When `hostNetwork` is true, specified `hostPort` fields in port definitions must match `containerPort`, and unspecified `hostPort` fields in port definitions are defaulted to match `containerPort`. Default to false.", - "type": "boolean" - }, - "hostPID": { - "description": "Use the host's pid namespace. Optional: Default to false.", - "type": "boolean" - }, - "hostUsers": { - "description": "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.", - "type": "boolean" - }, - "hostname": { - "description": "Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.", - "type": "string" - }, - "hostnameOverride": { - "description": "HostnameOverride specifies an explicit override for the pod's hostname as perceived by the pod. This field only specifies the pod's hostname and does not affect its DNS records. When this field is set to a non-empty string: - It takes precedence over the values set in `hostname` and `subdomain`. - The Pod's hostname will be set to this value. - `setHostnameAsFQDN` must be nil or set to false. - `hostNetwork` must be set to false.\n\nThis field must be a valid DNS subdomain as defined in RFC 1123 and contain at most 64 characters. Requires the HostnameOverride feature gate to be enabled.", - "type": "string" + "x-kubernetes-list-type": "set" }, - "imagePullSecrets": { - "description": "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod", + "risks": { + "description": "risks represents the range of issues associated with updating to the target release. The cluster-version operator will evaluate all entries, and only recommend the update if there is at least one entry and all entries recommend the update.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConditionalUpdateRisk" }, "x-kubernetes-list-map-keys": [ "name" @@ -7025,350 +6113,262 @@ "x-kubernetes-list-type": "map", "x-kubernetes-patch-merge-key": "name", "x-kubernetes-patch-strategy": "merge" - }, - "initContainers": { - "description": "List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/", + } + } + }, + "com.github.openshift.api.config.v1.ConditionalUpdateRisk": { + "description": "ConditionalUpdateRisk represents a reason and cluster-state for not recommending a conditional update.", + "type": "object", + "required": [ + "url", + "name", + "message", + "matchingRules" + ], + "properties": { + "conditions": { + "description": "conditions represents the observations of the conditional update risk's current status. Known types are: * Applies, for whether the risk applies to the current cluster. The condition's types in the list must be unique. conditions must not contain more than one entry.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Container.v1.core.api.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" }, "x-kubernetes-list-map-keys": [ - "name" + "type" ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" - }, - "nodeName": { - "description": "NodeName indicates in which node this pod is scheduled. If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. This field should not be used to express a desire for the pod to be scheduled on a specific node. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename", - "type": "string" - }, - "nodeSelector": { - "description": "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - }, - "x-kubernetes-map-type": "atomic" - }, - "os": { - "description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.resources - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.securityContext.supplementalGroupsPolicy - spec.containers[*].securityContext.appArmorProfile - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup", - "$ref": "#/definitions/PodOS.v1.core.api.k8s.io" - }, - "overhead": { - "description": "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" - } - }, - "preemptionPolicy": { - "description": "PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.\n\nPossible enum values:\n - `\"Never\"` means that pod never preempts other pods with lower priority.\n - `\"PreemptLowerPriority\"` means that pod can preempt other pods with lower priority.", - "type": "string", - "enum": [ - "Never", - "PreemptLowerPriority" - ] - }, - "priority": { - "description": "The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.", - "type": "integer", - "format": "int32" - }, - "priorityClassName": { - "description": "If specified, indicates the pod's priority. \"system-node-critical\" and \"system-cluster-critical\" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.", - "type": "string" + "x-kubernetes-list-type": "map" }, - "readinessGates": { - "description": "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates", + "matchingRules": { + "description": "matchingRules is a slice of conditions for deciding which clusters match the risk and which do not. The slice is ordered by decreasing precedence. The cluster-version operator will walk the slice in order, and stop after the first it can successfully evaluate. If no condition can be successfully evaluated, the update will not be recommended.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/PodReadinessGate.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterCondition" }, "x-kubernetes-list-type": "atomic" }, - "resourceClaims": { - "description": "ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name.\n\nThis is a stable field but requires that the DynamicResourceAllocation feature gate is enabled.\n\nThis field is immutable.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/PodResourceClaim.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge,retainKeys" - }, - "resources": { - "description": "Resources is the total amount of CPU and Memory resources required by all containers in the pod. It supports specifying Requests and Limits for \"cpu\", \"memory\" and \"hugepages-\" resource names only. ResourceClaims are not supported.\n\nThis field enables fine-grained control over resource allocation for the entire pod, allowing resource sharing among containers in a pod.\n\nThis is an alpha field and requires enabling the PodLevelResources feature gate.", - "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" - }, - "restartPolicy": { - "description": "Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy\n\nPossible enum values:\n - `\"Always\"`\n - `\"Never\"`\n - `\"OnFailure\"`", + "message": { + "description": "message provides additional information about the risk of updating, in the event that matchingRules match the cluster state. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.", "type": "string", - "enum": [ - "Always", - "Never", - "OnFailure" - ] + "default": "" }, - "runtimeClassName": { - "description": "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class", - "type": "string" + "name": { + "description": "name is the CamelCase reason for not recommending a conditional update, in the event that matchingRules match the cluster state.", + "type": "string", + "default": "" }, - "schedulerName": { - "description": "If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.", + "url": { + "description": "url contains information about this risk.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.ConfigMapFileReference": { + "description": "ConfigMapFileReference references a config map in a specific namespace. The namespace must be specified at the point of use.", + "type": "object", + "required": [ + "name" + ], + "properties": { + "key": { + "description": "key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references.", "type": "string" }, - "schedulingGates": { - "description": "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/PodSchedulingGate.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" - }, - "securityContext": { - "description": "SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.", - "$ref": "#/definitions/PodSecurityContext.v1.core.api.k8s.io" - }, - "serviceAccount": { - "description": "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.", + "name": { + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.ConfigMapNameReference": { + "description": "ConfigMapNameReference references a config map in a specific namespace. The namespace must be specified at the point of use.", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "name is the metadata.name of the referenced config map", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.Console": { + "description": "Console holds cluster-wide configuration for the web console, including the logout URL, and reports the public URL of the console. The canonical name is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "serviceAccountName": { - "description": "ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "setHostnameAsFQDN": { - "description": "If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false.", - "type": "boolean" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "shareProcessNamespace": { - "description": "Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false.", - "type": "boolean" + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConsoleSpec" }, - "subdomain": { - "description": "If specified, the fully qualified Pod hostname will be \"...svc.\". If not specified, the pod will not have a domainname at all.", + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConsoleStatus" + } + } + }, + "com.github.openshift.api.config.v1.ConsoleAuthentication": { + "description": "ConsoleAuthentication defines a list of optional configuration for console authentication.", + "type": "object", + "properties": { + "logoutRedirect": { + "description": "An optional, absolute URL to redirect web browsers to after logging out of the console. If not specified, it will redirect to the default login page. This is required when using an identity provider that supports single sign-on (SSO) such as: - OpenID (Keycloak, Azure) - RequestHeader (GSSAPI, SSPI, SAML) - OAuth (GitHub, GitLab, Google) Logging out of the console will destroy the user's token. The logoutRedirect provides the user the option to perform single logout (SLO) through the identity provider to destroy their single sign-on session.", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1.ConsoleList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "metadata", + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.", - "type": "integer", - "format": "int64" - }, - "tolerations": { - "description": "If specified, the pod's tolerations.", + "items": { "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.config.v1.Console" + } }, - "topologySpreadConstraints": { - "description": "TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/TopologySpreadConstraint.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "topologyKey", - "whenUnsatisfiable" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "topologyKey", - "x-kubernetes-patch-strategy": "merge" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "volumes": { - "description": "List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes", + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + } + }, + "com.github.openshift.api.config.v1.ConsoleSpec": { + "description": "ConsoleSpec is the specification of the desired behavior of the Console.", + "type": "object", + "properties": { + "authentication": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConsoleAuthentication" + } + } + }, + "com.github.openshift.api.config.v1.ConsoleStatus": { + "description": "ConsoleStatus defines the observed status of the Console.", + "type": "object", + "properties": { + "consoleURL": { + "description": "The URL for the console. This will be derived from the host for the route that is created for the console.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.Custom": { + "description": "Custom provides the custom configuration of gatherers", + "type": "object", + "required": [ + "configs" + ], + "properties": { + "configs": { + "description": "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Volume.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.GathererConfig" }, "x-kubernetes-list-map-keys": [ "name" ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge,retainKeys" - }, - "workloadRef": { - "description": "WorkloadRef provides a reference to the Workload object that this Pod belongs to. This field is used by the scheduler to identify the PodGroup and apply the correct group scheduling policies. The Workload object referenced by this field may not exist at the time the Pod is created. This field is immutable, but a Workload object with the same name may be recreated with different policies. Doing this during pod scheduling may result in the placement not conforming to the expected policies.", - "$ref": "#/definitions/WorkloadReference.v1.core.api.k8s.io" + "x-kubernetes-list-type": "map" } } }, - "PodStatus.v1.core.api.k8s.io": { - "description": "PodStatus represents information about the status of a pod. Status may trail the actual state of a system, especially if the node that hosts the pod cannot contact the control plane.", + "com.github.openshift.api.config.v1.CustomFeatureGates": { "type": "object", "properties": { - "allocatedResources": { - "description": "AllocatedResources is the total requests allocated for this pod by the node. If pod-level requests are not set, this will be the total requests aggregated across containers in the pod.", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + "disabled": { + "description": "disabled is a list of all feature gates that you want to force off", + "type": "array", + "items": { + "type": "string", + "default": "" } }, - "conditions": { - "description": "Current service state of pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions", + "enabled": { + "description": "enabled is a list of all feature gates that you want to force on", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/PodCondition.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" - }, - "containerStatuses": { - "description": "Statuses of containers in this pod. Each container in the pod should have at most one status in this list, and all statuses should be for containers in the pod. However this is not enforced. If a status for a non-existent container is present in the list, or the list has duplicate names, the behavior of various Kubernetes components is not defined and those statuses might be ignored. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status", + "type": "string", + "default": "" + } + } + } + }, + "com.github.openshift.api.config.v1.CustomTLSProfile": { + "description": "CustomTLSProfile is a user-defined TLS security profile. Be extremely careful using a custom TLS profile as invalid configurations can be catastrophic.", + "type": "object", + "required": [ + "ciphers", + "minTLSVersion" + ], + "properties": { + "ciphers": { + "description": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/ContainerStatus.v1.core.api.k8s.io" + "type": "string", + "default": "" }, "x-kubernetes-list-type": "atomic" }, - "ephemeralContainerStatuses": { - "description": "Statuses for any ephemeral containers that have run in this pod. Each ephemeral container in the pod should have at most one status in this list, and all statuses should be for containers in the pod. However this is not enforced. If a status for a non-existent container is present in the list, or the list has duplicate names, the behavior of various Kubernetes components is not defined and those statuses might be ignored. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status", + "curves": { + "description": "curves is used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use.\n\nFor example, to use X25519 and P-256 (yaml):\n\n curves:\n - X25519\n - P-256", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/ContainerStatus.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" - }, - "extendedResourceClaimStatus": { - "description": "Status of extended resource claim backed by DRA.", - "$ref": "#/definitions/PodExtendedResourceClaimStatus.v1.core.api.k8s.io" - }, - "hostIP": { - "description": "hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet. A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will not be updated even if there is a node is assigned to pod", - "type": "string" - }, - "hostIPs": { - "description": "hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must match the hostIP field. This list is empty if the pod has not started yet. A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will not be updated even if there is a node is assigned to this pod.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/HostIP.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic", - "x-kubernetes-patch-merge-key": "ip", - "x-kubernetes-patch-strategy": "merge" - }, - "initContainerStatuses": { - "description": "Statuses of init containers in this pod. The most recent successful non-restartable init container will have ready = true, the most recently started container will have startTime set. Each init container in the pod should have at most one status in this list, and all statuses should be for containers in the pod. However this is not enforced. If a status for a non-existent container is present in the list, or the list has duplicate names, the behavior of various Kubernetes components is not defined and those statuses might be ignored. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-and-container-status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/ContainerStatus.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" - }, - "message": { - "description": "A human readable message indicating details about why the pod is in this condition.", - "type": "string" - }, - "nominatedNodeName": { - "description": "nominatedNodeName is set only when this pod preempts other pods on the node, but it cannot be scheduled right away as preemption victims receive their graceful termination periods. This field does not guarantee that the pod will be scheduled on this node. Scheduler may decide to place the pod elsewhere if other nodes become available sooner. Scheduler may also decide to give the resources on this node to a higher priority pod that is created after preemption. As a result, this field may be different than PodSpec.nodeName when the pod is scheduled.", - "type": "string" - }, - "observedGeneration": { - "description": "If set, this represents the .metadata.generation that the pod status was set based upon. The PodObservedGenerationTracking feature gate must be enabled to use this field.", - "type": "integer", - "format": "int64" - }, - "phase": { - "description": "The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle. The conditions array, the reason and message fields, and the individual container status arrays contain more detail about the pod's status. There are five possible phase values:\n\nPending: The pod has been accepted by the Kubernetes system, but one or more of the container images has not been created. This includes time before being scheduled as well as time spent downloading images over the network, which could take a while. Running: The pod has been bound to a node, and all of the containers have been created. At least one container is still running, or is in the process of starting or restarting. Succeeded: All containers in the pod have terminated in success, and will not be restarted. Failed: All containers in the pod have terminated, and at least one container has terminated in failure. The container either exited with non-zero status or was terminated by the system. Unknown: For some reason the state of the pod could not be obtained, typically due to an error in communicating with the host of the pod.\n\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase\n\nPossible enum values:\n - `\"Failed\"` means that all containers in the pod have terminated, and at least one container has terminated in a failure (exited with a non-zero exit code or was stopped by the system).\n - `\"Pending\"` means the pod has been accepted by the system, but one or more of the containers has not been started. This includes time before being bound to a node, as well as time spent pulling images onto the host.\n - `\"Running\"` means the pod has been bound to a node and all of the containers have been started. At least one container is still running or is in the process of being restarted.\n - `\"Succeeded\"` means that all containers in the pod have voluntarily terminated with a container exit code of 0, and the system is not going to restart any of these containers.\n - `\"Unknown\"` means that for some reason the state of the pod could not be obtained, typically due to an error in communicating with the host of the pod. Deprecated: It isn't being set since 2015 (74da3b14b0c0f658b3bb8d2def5094686d0e9095)", - "type": "string", - "enum": [ - "Failed", - "Pending", - "Running", - "Succeeded", - "Unknown" - ] - }, - "podIP": { - "description": "podIP address allocated to the pod. Routable at least within the cluster. Empty if not yet allocated.", - "type": "string" - }, - "podIPs": { - "description": "podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list is empty if no IPs have been allocated yet.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/PodIP.v1.core.api.k8s.io" + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "ip" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "ip", - "x-kubernetes-patch-strategy": "merge" + "x-kubernetes-list-type": "set" }, - "qosClass": { - "description": "The Quality of Service (QOS) classification assigned to the pod based on resource requirements See PodQOSClass type for available QOS classes More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes\n\nPossible enum values:\n - `\"BestEffort\"` is the BestEffort qos class.\n - `\"Burstable\"` is the Burstable qos class.\n - `\"Guaranteed\"` is the Guaranteed qos class.", + "minTLSVersion": { + "description": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11", "type": "string", - "enum": [ - "BestEffort", - "Burstable", - "Guaranteed" - ] - }, - "reason": { - "description": "A brief CamelCase message indicating details about why the pod is in this state. e.g. 'Evicted'", - "type": "string" - }, - "resize": { - "description": "Status of resources resize desired for pod's containers. It is empty if no resources resize is pending. Any changes to container resources will automatically set this to \"Proposed\" Deprecated: Resize status is moved to two pod conditions PodResizePending and PodResizeInProgress. PodResizePending will track states where the spec has been resized, but the Kubelet has not yet allocated the resources. PodResizeInProgress will track in-progress resizes, and should be present whenever allocated resources != acknowledged resources.", - "type": "string" - }, - "resourceClaimStatuses": { - "description": "Status of resource claims.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/PodResourceClaimStatus.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge,retainKeys" - }, - "resources": { - "description": "Resources represents the compute resource requests and limits that have been applied at the pod level if pod-level requests or limits are set in PodSpec.Resources", - "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" - }, - "startTime": { - "description": "RFC 3339 date and time at which the object was acknowledged by the Kubelet. This is before the Kubelet pulled the container image(s) for the pod.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "default": "" } } }, - "PodStatusResult.v1.core.api.k8s.io": { - "description": "PodStatusResult is a wrapper for PodStatus returned by kubelet that can be encode/decoded", + "com.github.openshift.api.config.v1.DNS": { + "description": "DNS holds cluster-wide information about DNS. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -7379,114 +6379,256 @@ "type": "string" }, "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.DNSSpec" }, "status": { - "description": "Most recently observed status of the pod. This data may not be up to date. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "description": "status holds observed values from the cluster. They may not be overridden.", "default": {}, - "$ref": "#/definitions/PodStatus.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.DNSStatus" } } }, - "PodTemplate.v1.core.api.k8s.io": { - "description": "PodTemplate describes a template for creating copies of a predefined pod.", + "com.github.openshift.api.config.v1.DNSList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.DNS" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "template": { - "description": "Template defines the pods that will be created from this pod template. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/PodTemplateSpec.v1.core.api.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "PodTemplateList.v1.core.api.k8s.io": { - "description": "PodTemplateList is a list of PodTemplates.", + "com.github.openshift.api.config.v1.DNSPlatformSpec": { + "description": "DNSPlatformSpec holds cloud-provider-specific configuration for DNS administration.", "type": "object", "required": [ - "items" + "type" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "aws": { + "description": "aws contains DNS configuration specific to the Amazon Web Services cloud provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSDNSSpec" }, - "items": { - "description": "List of pod templates", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/PodTemplate.v1.core.api.k8s.io" + "type": { + "description": "type is the underlying infrastructure provider for the cluster. Allowed values: \"\", \"AWS\".\n\nIndividual components may not support all platforms, and must handle unrecognized platforms with best-effort defaults.", + "type": "string", + "default": "" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "aws": "AWS" } + } + ] + }, + "com.github.openshift.api.config.v1.DNSSpec": { + "type": "object", + "required": [ + "baseDomain" + ], + "properties": { + "baseDomain": { + "description": "baseDomain is the base domain of the cluster. All managed DNS records will be sub-domains of this base.\n\nFor example, given the base domain `openshift.example.com`, an API server DNS record may be created for `cluster-api.openshift.example.com`.\n\nOnce set, this field cannot be changed.", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "platform": { + "description": "platform holds configuration specific to the underlying infrastructure provider for DNS. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.DNSPlatformSpec" + }, + "privateZone": { + "description": "privateZone is the location where all the DNS records that are only available internally to the cluster exist.\n\nIf this field is nil, no private records should be created.\n\nOnce set, this field cannot be changed.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.DNSZone" + }, + "publicZone": { + "description": "publicZone is the location where all the DNS records that are publicly accessible to the internet exist.\n\nIf this field is nil, no public records should be created.\n\nOnce set, this field cannot be changed.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.DNSZone" + } + } + }, + "com.github.openshift.api.config.v1.DNSStatus": { + "type": "object" + }, + "com.github.openshift.api.config.v1.DNSZone": { + "description": "DNSZone is used to define a DNS hosted zone. A zone can be identified by an ID or tags.", + "type": "object", + "properties": { + "id": { + "description": "id is the identifier that can be used to find the DNS hosted zone.\n\non AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3].\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get", "type": "string" }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "tags": { + "description": "tags can be used to query the DNS hosted zone.\n\non AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters,\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } } } }, - "PodTemplateSpec.v1.core.api.k8s.io": { - "description": "PodTemplateSpec describes the data a pod should have when created from a template", + "com.github.openshift.api.config.v1.DelegatedAuthentication": { + "description": "DelegatedAuthentication allows authentication to be disabled.", "type": "object", "properties": { - "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "disabled": { + "description": "disabled indicates that authentication should be disabled. By default it will use delegated authentication.", + "type": "boolean" + } + } + }, + "com.github.openshift.api.config.v1.DelegatedAuthorization": { + "description": "DelegatedAuthorization allows authorization to be disabled.", + "type": "object", + "properties": { + "disabled": { + "description": "disabled indicates that authorization should be disabled. By default it will use delegated authorization.", + "type": "boolean" + } + } + }, + "com.github.openshift.api.config.v1.DeprecatedWebhookTokenAuthenticator": { + "description": "deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field.", + "type": "object", + "required": [ + "kubeConfig" + ], + "properties": { + "kubeConfig": { + "description": "kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + } + } + }, + "com.github.openshift.api.config.v1.EquinixMetalPlatformSpec": { + "description": "EquinixMetalPlatformSpec holds the desired state of the Equinix Metal infrastructure provider. This only includes fields that can be modified in the cluster.", + "type": "object" + }, + "com.github.openshift.api.config.v1.EquinixMetalPlatformStatus": { + "description": "EquinixMetalPlatformStatus holds the current status of the Equinix Metal infrastructure provider.", + "type": "object", + "properties": { + "apiServerInternalIP": { + "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", + "type": "string" }, - "spec": { - "description": "Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "default": {}, - "$ref": "#/definitions/PodSpec.v1.core.api.k8s.io" + "ingressIP": { + "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.", + "type": "string" } } }, - "PolicyRule.v1.rbac.api.k8s.io": { - "description": "PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.", + "com.github.openshift.api.config.v1.EtcdConnectionInfo": { + "description": "EtcdConnectionInfo holds information necessary for connecting to an etcd server", "type": "object", "required": [ - "verbs" + "ca", + "certFile", + "keyFile" ], "properties": { - "apiGroups": { - "description": "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. \"\" represents the core API group and \"*\" represents all API groups.", + "ca": { + "description": "ca is a file containing trusted roots for the etcd server certificates", + "type": "string", + "default": "" + }, + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", + "type": "string", + "default": "" + }, + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" + }, + "urls": { + "description": "urls are the URLs for etcd", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } + } + } + }, + "com.github.openshift.api.config.v1.EtcdStorageConfig": { + "type": "object", + "required": [ + "ca", + "certFile", + "keyFile", + "storagePrefix" + ], + "properties": { + "ca": { + "description": "ca is a file containing trusted roots for the etcd server certificates", + "type": "string", + "default": "" }, - "nonResourceURLs": { - "description": "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as \"pods\" or \"secrets\") or non-resource URL paths (such as \"/api\"), but not both.", + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", + "type": "string", + "default": "" + }, + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" + }, + "storagePrefix": { + "description": "storagePrefix is the path within etcd that the OpenShift resources will be rooted under. This value, if changed, will mean existing objects in etcd will no longer be located.", + "type": "string", + "default": "" + }, + "urls": { + "description": "urls are the URLs for etcd", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "resourceNames": { - "description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.", + } + } + } + }, + "com.github.openshift.api.config.v1.ExternalIPConfig": { + "description": "ExternalIPConfig specifies some IP blocks relevant for the ExternalIP field of a Service resource.", + "type": "object", + "properties": { + "autoAssignCIDRs": { + "description": "autoAssignCIDRs is a list of CIDRs from which to automatically assign Service.ExternalIP. These are assigned when the service is of type LoadBalancer. In general, this is only useful for bare-metal clusters. In Openshift 3.x, this was misleadingly called \"IngressIPs\". Automatically assigned External IPs are not affected by any ExternalIPPolicy rules. Currently, only one entry may be provided.", "type": "array", "items": { "type": "string", @@ -7494,8 +6636,18 @@ }, "x-kubernetes-list-type": "atomic" }, - "resources": { - "description": "Resources is a list of resources this rule applies to. '*' represents all resources.", + "policy": { + "description": "policy is a set of restrictions applied to the ExternalIP field. If nil or empty, then ExternalIP is not allowed to be set.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.ExternalIPPolicy" + } + } + }, + "com.github.openshift.api.config.v1.ExternalIPPolicy": { + "description": "ExternalIPPolicy configures exactly which IPs are allowed for the ExternalIP field in a Service. If the zero struct is supplied, then none are permitted. The policy controller always allows automatically assigned external IPs.", + "type": "object", + "properties": { + "allowedCIDRs": { + "description": "allowedCIDRs is the list of allowed CIDRs.", "type": "array", "items": { "type": "string", @@ -7503,8 +6655,8 @@ }, "x-kubernetes-list-type": "atomic" }, - "verbs": { - "description": "Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.", + "rejectedCIDRs": { + "description": "rejectedCIDRs is the list of disallowed CIDRs. These take precedence over allowedCIDRs.", "type": "array", "items": { "type": "string", @@ -7514,667 +6666,908 @@ } } }, - "PortStatus.v1.core.api.k8s.io": { - "description": "PortStatus represents the error condition of a service port", + "com.github.openshift.api.config.v1.ExternalPlatformSpec": { + "description": "ExternalPlatformSpec holds the desired state for the generic External infrastructure provider.", "type": "object", - "required": [ - "port", - "protocol" - ], "properties": { - "error": { - "description": "Error is to record the problem with the service port The format of the error shall comply with the following rules: - built-in error values shall be specified in this file and those shall use\n CamelCase names\n- cloud provider specific error values must have names that comply with the\n format foo.example.com/CamelCase.", - "type": "string" - }, - "port": { - "description": "Port is the port number of the service port of which status is recorded here", - "type": "integer", - "format": "int32", - "default": 0 - }, - "protocol": { - "description": "Protocol is the protocol of the service port of which status is recorded here The supported values are: \"TCP\", \"UDP\", \"SCTP\"\n\nPossible enum values:\n - `\"SCTP\"` is the SCTP protocol.\n - `\"TCP\"` is the TCP protocol.\n - `\"UDP\"` is the UDP protocol.", + "platformName": { + "description": "platformName holds the arbitrary string representing the infrastructure provider name, expected to be set at the installation time. This field is solely for informational and reporting purposes and is not expected to be used for decision-making.", "type": "string", - "default": "", - "enum": [ - "SCTP", - "TCP", - "UDP" - ] + "default": "Unknown" } } }, - "PortworxVolumeSource.v1.core.api.k8s.io": { - "description": "PortworxVolumeSource represents a Portworx volume resource.", + "com.github.openshift.api.config.v1.ExternalPlatformStatus": { + "description": "ExternalPlatformStatus holds the current status of the generic External infrastructure provider.", "type": "object", - "required": [ - "volumeID" - ], "properties": { - "fsType": { - "description": "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "volumeID": { - "description": "volumeID uniquely identifies a Portworx volume", - "type": "string", - "default": "" + "cloudControllerManager": { + "description": "cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI). When omitted, new nodes will be not tainted and no extra initialization from the cloud controller manager is expected.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.CloudControllerManagerStatus" } } }, - "Preconditions.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out.", + "com.github.openshift.api.config.v1.ExtraMapping": { + "description": "ExtraMapping allows specifying a key and CEL expression to evaluate the keys' value. It is used to create additional mappings and attributes added to a cluster identity from a provided authentication token.", "type": "object", + "required": [ + "key", + "valueExpression" + ], "properties": { - "resourceVersion": { - "description": "Specifies the target ResourceVersion", - "type": "string" + "key": { + "description": "key is a required field that specifies the string to use as the extra attribute key.\n\nkey must be a domain-prefix path (e.g 'example.org/foo'). key must not exceed 510 characters in length. key must contain the '/' character, separating the domain and path characters. key must not be empty.\n\nThe domain portion of the key (string of characters prior to the '/') must be a valid RFC1123 subdomain. It must not exceed 253 characters in length. It must start and end with an alphanumeric character. It must only contain lower case alphanumeric characters and '-' or '.'. It must not use the reserved domains, or be subdomains of, \"kubernetes.io\", \"k8s.io\", and \"openshift.io\".\n\nThe path portion of the key (string of characters after the '/') must not be empty and must consist of at least one alphanumeric character, percent-encoded octets, '-', '.', '_', '~', '!', '$', '&', ''', '(', ')', '*', '+', ',', ';', '=', and ':'. It must not exceed 256 characters in length.", + "type": "string", + "default": "" }, - "uid": { - "description": "Specifies the target UID.", - "type": "string" + "valueExpression": { + "description": "valueExpression is a required field to specify the CEL expression to extract the extra attribute value from a JWT token's claims. valueExpression must produce a string or string array value. \"\", [], and null are treated as the extra mapping not being present. Empty string values within an array are filtered out.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'. 'claims' is a map of claim names to claim values. For example, the 'sub' claim value can be accessed as 'claims.sub'. Nested claims can be accessed using dot notation ('claims.foo.bar').\n\nvalueExpression must not exceed 1024 characters in length. valueExpression must not be empty.", + "type": "string", + "default": "" } } }, - "PreferAvoidPodsEntry.v1.core.api.k8s.io": { - "description": "Describes a class of pods that should avoid this node.", + "com.github.openshift.api.config.v1.FeatureGate": { + "description": "Feature holds cluster-wide information about feature gates. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "podSignature" + "spec" ], "properties": { - "evictionTime": { - "description": "Time at which this entry was added to the list.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "message": { - "description": "Human readable message indicating why this entry was added to the list.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "podSignature": { - "description": "The class of pods.", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/PodSignature.v1.core.api.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "reason": { - "description": "(brief) reason why this entry was added to the list.", - "type": "string" + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGateSpec" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGateStatus" } } }, - "PreferredSchedulingTerm.v1.core.api.k8s.io": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "com.github.openshift.api.config.v1.FeatureGateAttributes": { "type": "object", "required": [ - "weight", - "preference" + "name" ], "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "default": {}, - "$ref": "#/definitions/NodeSelectorTerm.v1.core.api.k8s.io" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "type": "integer", - "format": "int32", - "default": 0 + "name": { + "description": "name is the name of the FeatureGate.", + "type": "string", + "default": "" } } }, - "Probe.v1.core.api.k8s.io": { - "description": "Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.", + "com.github.openshift.api.config.v1.FeatureGateDetails": { "type": "object", + "required": [ + "version" + ], "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "$ref": "#/definitions/ExecAction.v1.core.api.k8s.io" + "disabled": { + "description": "disabled is a list of all feature gates that are disabled in the cluster for the named version.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGateAttributes" + } }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", - "type": "integer", - "format": "int32" + "enabled": { + "description": "enabled is a list of all feature gates that are enabled in the cluster for the named version.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGateAttributes" + } }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "$ref": "#/definitions/GRPCAction.v1.core.api.k8s.io" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "$ref": "#/definitions/HTTPGetAction.v1.core.api.k8s.io" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "type": "integer", - "format": "int32" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", - "type": "integer", - "format": "int32" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "type": "integer", - "format": "int32" + "version": { + "description": "version matches the version provided by the ClusterVersion and in the ClusterOperator.Status.Versions field.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.FeatureGateList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "metadata", + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "$ref": "#/definitions/TCPSocketAction.v1.core.api.k8s.io" + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGate" + } }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "type": "integer", - "format": "int64" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "type": "integer", - "format": "int32" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "ProbeHandler.v1.core.api.k8s.io": { - "description": "ProbeHandler defines a specific action that should be taken in a probe. One and only one of the fields must be specified.", + "com.github.openshift.api.config.v1.FeatureGateSelection": { "type": "object", "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "$ref": "#/definitions/ExecAction.v1.core.api.k8s.io" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "$ref": "#/definitions/GRPCAction.v1.core.api.k8s.io" + "customNoUpgrade": { + "description": "customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations your cluster may fail in an unrecoverable way. featureSet must equal \"CustomNoUpgrade\" must be set to use this field.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.CustomFeatureGates" }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "$ref": "#/definitions/HTTPGetAction.v1.core.api.k8s.io" + "featureSet": { + "description": "featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting. Turning on or off features may cause irreversible changes in your cluster which cannot be undone.", + "type": "string" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "featureSet", + "fields-to-discriminateBy": { + "customNoUpgrade": "CustomNoUpgrade" + } + } + ] + }, + "com.github.openshift.api.config.v1.FeatureGateSpec": { + "type": "object", + "properties": { + "customNoUpgrade": { + "description": "customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations your cluster may fail in an unrecoverable way. featureSet must equal \"CustomNoUpgrade\" must be set to use this field.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.CustomFeatureGates" }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "$ref": "#/definitions/TCPSocketAction.v1.core.api.k8s.io" + "featureSet": { + "description": "featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting. Turning on or off features may cause irreversible changes in your cluster which cannot be undone.", + "type": "string" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "featureSet", + "fields-to-discriminateBy": { + "customNoUpgrade": "CustomNoUpgrade" + } + } + ] }, - "ProjectedVolumeSource.v1.core.api.k8s.io": { - "description": "Represents a projected volume source", + "com.github.openshift.api.config.v1.FeatureGateStatus": { "type": "object", "properties": { - "defaultMode": { - "description": "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" + "conditions": { + "description": "conditions represent the observations of the current state. Known .status.conditions.type are: \"DeterminationDegraded\"", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "sources": { - "description": "sources is the list of volume projections. Each entry in this list handles one source.", + "featureGates": { + "description": "featureGates contains a list of enabled and disabled featureGates that are keyed by payloadVersion. Operators other than the CVO and cluster-config-operator, must read the .status.featureGates, locate the version they are managing, find the enabled/disabled featuregates and make the operand and operator match. The enabled/disabled values for a particular version may change during the life of the cluster as various .spec.featureSet values are selected. Operators may choose to restart their processes to pick up these changes, but remembering past enable/disable lists is beyond the scope of this API and is the responsibility of individual operators. Only featureGates with .version in the ClusterVersion.status will be present in this list.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/VolumeProjection.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGateDetails" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "version" + ], + "x-kubernetes-list-type": "map" } } }, - "Quantity.resource.api.pkg.apimachinery.k8s.io": { - "description": "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n``` ::= \n\n\t(Note that may be empty, from the \"\" case in .)\n\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\n\t(International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\n ::= m | \"\" | k | M | G | T | P | E\n\n\t(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\n ::= \"e\" | \"E\" ```\n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n\n- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.\n\nThe sign will be omitted unless the number is negative.\n\nExamples:\n\n- 1.5 will be serialized as \"1500m\" - 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation.", - "type": "string" - }, - "QuobyteVolumeSource.v1.core.api.k8s.io": { - "description": "Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling.", + "com.github.openshift.api.config.v1.FeatureGateTests": { "type": "object", "required": [ - "registry", - "volume" + "featureGate", + "tests" ], "properties": { - "group": { - "description": "group to map volume access to Default is no group", - "type": "string" - }, - "readOnly": { - "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.", - "type": "boolean" - }, - "registry": { - "description": "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes", + "featureGate": { + "description": "featureGate is the name of the FeatureGate as it appears in The FeatureGate CR instance.", "type": "string", "default": "" }, - "tenant": { - "description": "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin", - "type": "string" - }, - "user": { - "description": "user to map volume access to Defaults to serivceaccount user", - "type": "string" - }, - "volume": { - "description": "volume is a string that references an already created Quobyte volume by name.", - "type": "string", - "default": "" + "tests": { + "description": "tests contains an item for every TestName", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.TestDetails" + } } } }, - "RBDPersistentVolumeSource.v1.core.api.k8s.io": { - "description": "Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.", + "com.github.openshift.api.config.v1.GCPPlatformSpec": { + "description": "GCPPlatformSpec holds the desired state of the Google Cloud Platform infrastructure provider. This only includes fields that can be modified in the cluster.", + "type": "object" + }, + "com.github.openshift.api.config.v1.GCPPlatformStatus": { + "description": "GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider.", "type": "object", "required": [ - "monitors", - "image" + "projectID", + "region" ], "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", - "type": "string" + "cloudLoadBalancerConfig": { + "description": "cloudLoadBalancerConfig holds configuration related to DNS and cloud load balancers. It allows configuration of in-cluster DNS as an alternative to the platform default DNS implementation. When using the ClusterHosted DNS type, Load Balancer IP addresses must be provided for the API and internal API load balancers as well as the ingress load balancer.", + "default": { + "dnsType": "PlatformDefault" + }, + "$ref": "#/definitions/com.github.openshift.api.config.v1.CloudLoadBalancerConfig" }, - "image": { - "description": "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "projectID": { + "description": "resourceGroupName is the Project ID for new GCP resources created for the cluster.", "type": "string", "default": "" }, - "keyring": { - "description": "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "region": { + "description": "region holds the region for new GCP resources created for the cluster.", "type": "string", - "default": "/etc/ceph/keyring" + "default": "" }, - "monitors": { - "description": "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "resourceLabels": { + "description": "resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.GCPResourceLabel" }, - "x-kubernetes-list-type": "atomic" - }, - "pool": { - "description": "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string", - "default": "rbd" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" + "x-kubernetes-list-map-keys": [ + "key" + ], + "x-kubernetes-list-type": "map" }, - "user": { - "description": "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string", - "default": "admin" + "resourceTags": { + "description": "resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.GCPResourceTag" + }, + "x-kubernetes-list-map-keys": [ + "key" + ], + "x-kubernetes-list-type": "map" } } }, - "RBDVolumeSource.v1.core.api.k8s.io": { - "description": "Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.", + "com.github.openshift.api.config.v1.GCPResourceLabel": { + "description": "GCPResourceLabel is a label to apply to GCP resources created for the cluster.", "type": "object", "required": [ - "monitors", - "image" + "key", + "value" ], "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", - "type": "string" - }, - "image": { - "description": "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "key": { + "description": "key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` and `openshift-io`.", "type": "string", "default": "" }, - "keyring": { - "description": "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string", - "default": "/etc/ceph/keyring" - }, - "monitors": { - "description": "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "pool": { - "description": "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string", - "default": "rbd" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" - }, - "user": { - "description": "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "value": { + "description": "value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. Value must contain only lowercase letters, numeric characters, and the following special characters `_-`.", "type": "string", - "default": "admin" + "default": "" } } }, - "RangeAllocation.v1.core.api.k8s.io": { - "description": "RangeAllocation is not a public type.", + "com.github.openshift.api.config.v1.GCPResourceTag": { + "description": "GCPResourceTag is a tag to apply to GCP resources created for the cluster.", "type": "object", "required": [ - "range", - "data" + "parentID", + "key", + "value" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "data": { - "description": "Data is a bit array containing all allocated addresses in the previous segment.", + "key": { + "description": "key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`.", "type": "string", - "format": "byte" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "default": "" }, - "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "parentID": { + "description": "parentID is the ID of the hierarchical resource where the tags are defined, e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.", + "type": "string", + "default": "" }, - "range": { - "description": "Range is string that identifies the range represented by 'data'.", + "value": { + "description": "value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces.", "type": "string", "default": "" } } }, - "RawExtension.runtime.pkg.apimachinery.k8s.io": { - "description": "RawExtension is used to hold extensions in external versions.\n\nTo use this, make a field which has RawExtension as its type in your external, versioned struct, and Object in your internal struct. You also need to register your various plugin types.\n\n// Internal package:\n\n\ttype MyAPIObject struct {\n\t\truntime.TypeMeta `json:\",inline\"`\n\t\tMyPlugin runtime.Object `json:\"myPlugin\"`\n\t}\n\n\ttype PluginA struct {\n\t\tAOption string `json:\"aOption\"`\n\t}\n\n// External package:\n\n\ttype MyAPIObject struct {\n\t\truntime.TypeMeta `json:\",inline\"`\n\t\tMyPlugin runtime.RawExtension `json:\"myPlugin\"`\n\t}\n\n\ttype PluginA struct {\n\t\tAOption string `json:\"aOption\"`\n\t}\n\n// On the wire, the JSON will look something like this:\n\n\t{\n\t\t\"kind\":\"MyAPIObject\",\n\t\t\"apiVersion\":\"v1\",\n\t\t\"myPlugin\": {\n\t\t\t\"kind\":\"PluginA\",\n\t\t\t\"aOption\":\"foo\",\n\t\t},\n\t}\n\nSo what happens? Decode first uses json or yaml to unmarshal the serialized data into your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. The next step is to copy (using pkg/conversion) into the internal struct. The runtime package's DefaultScheme has conversion functions installed which will unpack the JSON stored in RawExtension, turning it into the correct object type, and storing it in the Object. (TODO: In the case where the object is of an unknown type, a runtime.Unknown object will be created and stored.)", - "type": "object" - }, - "ReplicationController.v1.core.api.k8s.io": { - "description": "ReplicationController represents the configuration of a replication controller.", + "com.github.openshift.api.config.v1.GatherConfig": { + "description": "GatherConfig provides data gathering configuration options.", "type": "object", + "required": [ + "gatherers" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "If the Labels of a ReplicationController are empty, they are defaulted to be the same as the Pod(s) that the replication controller manages. Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "dataPolicy": { + "description": "dataPolicy is an optional list of DataPolicyOptions that allows user to enable additional obfuscation of the Insights archive data. It may not exceed 2 items and must not contain duplicates. Valid values are ObfuscateNetworking and WorkloadNames. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When set to WorkloadNames, the gathered data about cluster resources will not contain the workload names for your deployments. Resources UIDs will be used instead. When omitted no obfuscation is applied.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "spec": { - "description": "Spec defines the specification of the desired behavior of the replication controller. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "gatherers": { + "description": "gatherers is a required field that specifies the configuration of the gatherers.", "default": {}, - "$ref": "#/definitions/ReplicationControllerSpec.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.Gatherers" }, - "status": { - "description": "Status is the most recently observed status of the replication controller. This data may be out of date by some window of time. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "storage": { + "description": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", "default": {}, - "$ref": "#/definitions/ReplicationControllerStatus.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.Storage" } } }, - "ReplicationControllerCondition.v1.core.api.k8s.io": { - "description": "ReplicationControllerCondition describes the state of a replication controller at a certain point.", + "com.github.openshift.api.config.v1.GathererConfig": { + "description": "GathererConfig allows to configure specific gatherers", "type": "object", "required": [ - "type", - "status" + "name", + "state" ], "properties": { - "lastTransitionTime": { - "description": "The last time the condition transitioned from one status to another.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "message": { - "description": "A human readable message indicating details about the transition.", + "name": { + "description": "name is the required name of a specific gatherer. It may not exceed 256 characters. The format for a gatherer name is: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", "type": "string" }, - "reason": { - "description": "The reason for the condition's last transition.", + "state": { + "description": "state is a required field that allows you to configure specific gatherer. Valid values are \"Enabled\" and \"Disabled\". When set to Enabled the gatherer will run. When set to Disabled the gatherer will not run.", "type": "string" - }, - "status": { - "description": "Status of the condition, one of True, False, Unknown.", - "type": "string", - "default": "" - }, - "type": { - "description": "Type of replication controller condition.", - "type": "string", - "default": "" } } }, - "ReplicationControllerList.v1.core.api.k8s.io": { - "description": "ReplicationControllerList is a collection of replication controllers.", + "com.github.openshift.api.config.v1.Gatherers": { + "description": "Gatherers specifies the configuration of the gatherers", "type": "object", "required": [ - "items" + "mode" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "custom": { + "description": "custom provides gathering configuration. It is required when mode is Custom, and forbidden otherwise. Custom configuration allows user to disable only a subset of gatherers. Gatherers that are not explicitly disabled in custom configuration will run.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.Custom" + }, + "mode": { + "description": "mode is a required field that specifies the mode for gatherers. Allowed values are All, None, and Custom. When set to All, all gatherers will run and gather data. When set to None, all gatherers will be disabled and no data will be gathered. When set to Custom, the custom configuration from the custom field will be applied.", "type": "string" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "mode", + "fields-to-discriminateBy": { + "custom": "Custom" + } + } + ] + }, + "com.github.openshift.api.config.v1.GenericAPIServerConfig": { + "description": "GenericAPIServerConfig is an inline-able struct for aggregated apiservers that need to store data in etcd", + "type": "object", + "required": [ + "servingInfo", + "corsAllowedOrigins", + "auditConfig", + "storageConfig", + "admission", + "kubeClientConfig" + ], + "properties": { + "admission": { + "description": "admissionConfig holds information about how to configure admission.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.AdmissionConfig" }, - "items": { - "description": "List of replication controllers. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller", + "auditConfig": { + "description": "auditConfig describes how to configure audit information", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.AuditConfig" + }, + "corsAllowedOrigins": { + "description": "corsAllowedOrigins", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/ReplicationController.v1.core.api.k8s.io" + "type": "string", + "default": "" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "kubeClientConfig": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.KubeClientConfig" }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "servingInfo": { + "description": "servingInfo describes how to start serving", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" + }, + "storageConfig": { + "description": "storageConfig contains information about how to use", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.EtcdStorageConfig" } } }, - "ReplicationControllerSpec.v1.core.api.k8s.io": { - "description": "ReplicationControllerSpec is the specification of a replication controller.", + "com.github.openshift.api.config.v1.GenericControllerConfig": { + "description": "GenericControllerConfig provides information to configure a controller", "type": "object", + "required": [ + "servingInfo", + "leaderElection", + "authentication", + "authorization" + ], "properties": { - "minReadySeconds": { - "description": "Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)", - "type": "integer", - "format": "int32", - "default": 0 + "authentication": { + "description": "authentication allows configuration of authentication for the endpoints", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.DelegatedAuthentication" }, - "replicas": { - "description": "Replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller", - "type": "integer", - "format": "int32", - "default": 1 + "authorization": { + "description": "authorization allows configuration of authentication for the endpoints", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.DelegatedAuthorization" }, - "selector": { - "description": "Selector is a label query over pods that should match the Replicas count. If Selector is empty, it is defaulted to the labels present on the Pod template. Label keys and values that must match in order to be controlled by this replication controller, if empty defaulted to labels on Pod template. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - }, - "x-kubernetes-map-type": "atomic" + "leaderElection": { + "description": "leaderElection provides information to elect a leader. Only override this if you have a specific need", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.LeaderElection" }, - "template": { - "description": "Template is the object that describes the pod that will be created if insufficient replicas are detected. This takes precedence over a TemplateRef. The only allowed template.spec.restartPolicy value is \"Always\". More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template", - "$ref": "#/definitions/PodTemplateSpec.v1.core.api.k8s.io" + "servingInfo": { + "description": "servingInfo is the HTTP serving information for the controller's endpoints", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" } } }, - "ReplicationControllerStatus.v1.core.api.k8s.io": { - "description": "ReplicationControllerStatus represents the current status of a replication controller.", + "com.github.openshift.api.config.v1.GitHubIdentityProvider": { + "description": "GitHubIdentityProvider provides identities for users authenticating using GitHub credentials", "type": "object", "required": [ - "replicas" + "clientID", + "clientSecret" ], "properties": { - "availableReplicas": { - "description": "The number of available replicas (ready for at least minReadySeconds) for this replication controller.", - "type": "integer", - "format": "int32" - }, - "conditions": { - "description": "Represents the latest available observations of a replication controller's current state.", + "ca": { + "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. This can only be configured when hostname is set to a non-empty value. The namespace for this config map is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + }, + "clientID": { + "description": "clientID is the oauth client ID", + "type": "string", + "default": "" + }, + "clientSecret": { + "description": "clientSecret is a required reference to the secret by name containing the oauth client secret. The key \"clientSecret\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + }, + "hostname": { + "description": "hostname is the optional domain (e.g. \"mycompany.com\") for use with a hosted instance of GitHub Enterprise. It must match the GitHub Enterprise settings value configured at /setup/settings#hostname.", + "type": "string", + "default": "" + }, + "organizations": { + "description": "organizations optionally restricts which organizations are allowed to log in", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/ReplicationControllerCondition.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + "type": "string", + "default": "" + } }, - "fullyLabeledReplicas": { - "description": "The number of pods that have labels matching the labels of the pod template of the replication controller.", - "type": "integer", - "format": "int32" + "teams": { + "description": "teams optionally restricts which teams are allowed to log in. Format is /.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + } + } + }, + "com.github.openshift.api.config.v1.GitLabIdentityProvider": { + "description": "GitLabIdentityProvider provides identities for users authenticating using GitLab credentials", + "type": "object", + "required": [ + "clientID", + "clientSecret", + "url" + ], + "properties": { + "ca": { + "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "observedGeneration": { - "description": "ObservedGeneration reflects the generation of the most recently observed replication controller.", - "type": "integer", - "format": "int64" + "clientID": { + "description": "clientID is the oauth client ID", + "type": "string", + "default": "" }, - "readyReplicas": { - "description": "The number of ready replicas for this replication controller.", - "type": "integer", - "format": "int32" + "clientSecret": { + "description": "clientSecret is a required reference to the secret by name containing the oauth client secret. The key \"clientSecret\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" }, - "replicas": { - "description": "Replicas is the most recently observed number of replicas. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller", - "type": "integer", - "format": "int32", - "default": 0 + "url": { + "description": "url is the oauth server base URL", + "type": "string", + "default": "" } } }, - "ResourceAttributes.v1.authorization.api.k8s.io": { - "description": "ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface", + "com.github.openshift.api.config.v1.GoogleIdentityProvider": { + "description": "GoogleIdentityProvider provides identities for users authenticating using Google credentials", "type": "object", + "required": [ + "clientID", + "clientSecret" + ], "properties": { - "fieldSelector": { - "description": "fieldSelector describes the limitation on access based on field. It can only limit access, not broaden it.", - "$ref": "#/definitions/FieldSelectorAttributes.v1.authorization.api.k8s.io" + "clientID": { + "description": "clientID is the oauth client ID", + "type": "string", + "default": "" }, - "group": { - "description": "Group is the API Group of the Resource. \"*\" means all.", + "clientSecret": { + "description": "clientSecret is a required reference to the secret by name containing the oauth client secret. The key \"clientSecret\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + }, + "hostedDomain": { + "description": "hostedDomain is the optional Google App domain (e.g. \"mycompany.com\") to restrict logins to", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.HTPasswdIdentityProvider": { + "description": "HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials", + "type": "object", + "required": [ + "fileData" + ], + "properties": { + "fileData": { + "description": "fileData is a required reference to a secret by name containing the data to use as the htpasswd file. The key \"htpasswd\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. If the specified htpasswd data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + } + } + }, + "com.github.openshift.api.config.v1.HTTPServingInfo": { + "description": "HTTPServingInfo holds configuration for serving HTTP", + "type": "object", + "required": [ + "bindAddress", + "bindNetwork", + "certFile", + "keyFile", + "maxRequestsInFlight", + "requestTimeoutSeconds" + ], + "properties": { + "bindAddress": { + "description": "bindAddress is the ip:port to serve on", + "type": "string", + "default": "" + }, + "bindNetwork": { + "description": "bindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", + "type": "string", + "default": "" + }, + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", + "type": "string", + "default": "" + }, + "cipherSuites": { + "description": "cipherSuites contains an overridden list of ciphers for the server to support. Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "clientCA": { + "description": "clientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates", "type": "string" }, - "labelSelector": { - "description": "labelSelector describes the limitation on access based on labels. It can only limit access, not broaden it.", - "$ref": "#/definitions/LabelSelectorAttributes.v1.authorization.api.k8s.io" + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" + }, + "maxRequestsInFlight": { + "description": "maxRequestsInFlight is the number of concurrent requests allowed to the server. If zero, no limit.", + "type": "integer", + "format": "int64", + "default": 0 + }, + "minTLSVersion": { + "description": "minTLSVersion is the minimum TLS version supported. Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants", + "type": "string" + }, + "namedCertificates": { + "description": "namedCertificates is a list of certificates to use to secure requests to specific hostnames", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NamedCertificate" + } + }, + "requestTimeoutSeconds": { + "description": "requestTimeoutSeconds is the number of seconds before requests are timed out. The default is 60 minutes, if -1 there is no limit on requests.", + "type": "integer", + "format": "int64", + "default": 0 + } + } + }, + "com.github.openshift.api.config.v1.HubSource": { + "description": "HubSource is used to specify the hub source and its configuration", + "type": "object", + "required": [ + "name", + "disabled" + ], + "properties": { + "disabled": { + "description": "disabled is used to disable a default hub source on cluster", + "type": "boolean", + "default": false }, "name": { - "description": "Name is the name of the resource being requested for a \"get\" or deleted for a \"delete\". \"\" (empty) means all.", + "description": "name is the name of one of the default hub sources", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.HubSourceStatus": { + "description": "HubSourceStatus is used to reflect the current state of applying the configuration to a default source", + "type": "object", + "properties": { + "message": { + "description": "message provides more information regarding failures", "type": "string" }, - "namespace": { - "description": "Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces \"\" (empty) is defaulted for LocalSubjectAccessReviews \"\" (empty) is empty for cluster-scoped resources \"\" (empty) means \"all\" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview", + "status": { + "description": "status indicates success or failure in applying the configuration", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1.IBMCloudPlatformSpec": { + "description": "IBMCloudPlatformSpec holds the desired state of the IBMCloud infrastructure provider. This only includes fields that can be modified in the cluster.", + "type": "object", + "properties": { + "serviceEndpoints": { + "description": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of an IBM service. These endpoints are used by components within the cluster when trying to reach the IBM Cloud Services that have been overridden. The CCCMO reads in the IBMCloudPlatformSpec and validates each endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus are updated to reflect the same custom endpoints. A maximum of 13 service endpoints overrides are supported.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.IBMCloudServiceEndpoint" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.config.v1.IBMCloudPlatformStatus": { + "description": "IBMCloudPlatformStatus holds the current status of the IBMCloud infrastructure provider.", + "type": "object", + "properties": { + "cisInstanceCRN": { + "description": "cisInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain", "type": "string" }, - "resource": { - "description": "Resource is one of the existing resource types. \"*\" means all.", + "dnsInstanceCRN": { + "description": "dnsInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain", "type": "string" }, - "subresource": { - "description": "Subresource is one of the existing resource types. \"\" means none.", + "location": { + "description": "location is where the cluster has been deployed", "type": "string" }, - "verb": { - "description": "Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. \"*\" means all.", + "providerType": { + "description": "providerType indicates the type of cluster that was created", "type": "string" }, - "version": { - "description": "Version is the API Version of the Resource. \"*\" means all.", + "resourceGroupName": { + "description": "resourceGroupName is the Resource Group for new IBMCloud resources created for the cluster.", "type": "string" + }, + "serviceEndpoints": { + "description": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of an IBM service. These endpoints are used by components within the cluster when trying to reach the IBM Cloud Services that have been overridden. The CCCMO reads in the IBMCloudPlatformSpec and validates each endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus are updated to reflect the same custom endpoints.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.IBMCloudServiceEndpoint" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } } }, - "ResourceClaim.v1.core.api.k8s.io": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", + "com.github.openshift.api.config.v1.IBMCloudServiceEndpoint": { + "description": "IBMCloudServiceEndpoint stores the configuration of a custom url to override existing defaults of IBM Cloud Services.", "type": "object", "required": [ - "name" + "name", + "url" ], "properties": { "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", + "description": "name is the name of the IBM Cloud service. Possible values are: CIS, COS, COSConfig, DNSServices, GlobalCatalog, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC. For example, the IBM Cloud Private IAM service could be configured with the service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`", "type": "string", "default": "" }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.", - "type": "string" + "url": { + "description": "url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. The path must follow the pattern /v[0,9]+ or /api/v[0,9]+", + "type": "string", + "default": "" } } }, - "ResourceFieldSelector.v1.core.api.k8s.io": { - "description": "ResourceFieldSelector represents container resources (cpu, memory) and their output format", + "com.github.openshift.api.config.v1.IdentityProvider": { + "description": "IdentityProvider provides identities for users authenticating using credentials", "type": "object", "required": [ - "resource" + "name", + "type" ], "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", + "basicAuth": { + "description": "basicAuth contains configuration options for the BasicAuth IdP", + "$ref": "#/definitions/com.github.openshift.api.config.v1.BasicAuthIdentityProvider" + }, + "github": { + "description": "github enables user authentication using GitHub credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.GitHubIdentityProvider" + }, + "gitlab": { + "description": "gitlab enables user authentication using GitLab credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.GitLabIdentityProvider" + }, + "google": { + "description": "google enables user authentication using Google credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.GoogleIdentityProvider" + }, + "htpasswd": { + "description": "htpasswd enables user authentication using an HTPasswd file to validate credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.HTPasswdIdentityProvider" + }, + "keystone": { + "description": "keystone enables user authentication using keystone password credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.KeystoneIdentityProvider" + }, + "ldap": { + "description": "ldap enables user authentication using LDAP credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.LDAPIdentityProvider" + }, + "mappingMethod": { + "description": "mappingMethod determines how identities from this provider are mapped to users Defaults to \"claim\"", "type": "string" }, - "divisor": { - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + "name": { + "description": "name is used to qualify the identities returned by this provider. - It MUST be unique and not shared by any other identity provider used - It MUST be a valid path segment: name cannot equal \".\" or \"..\" or contain \"/\" or \"%\" or \":\"\n Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName", + "type": "string", + "default": "" }, - "resource": { - "description": "Required: resource to select", + "openID": { + "description": "openID enables user authentication using OpenID credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.OpenIDIdentityProvider" + }, + "requestHeader": { + "description": "requestHeader enables user authentication using request header credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.RequestHeaderIdentityProvider" + }, + "type": { + "description": "type identifies the identity provider type for this entry.", "type": "string", "default": "" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "ResourceHealth.v1.core.api.k8s.io": { - "description": "ResourceHealth represents the health of a resource. It has the latest device health information. This is a part of KEP https://kep.k8s.io/4680.", + "com.github.openshift.api.config.v1.IdentityProviderConfig": { + "description": "IdentityProviderConfig contains configuration for using a specific identity provider", "type": "object", "required": [ - "resourceID" + "type" ], "properties": { - "health": { - "description": "Health of the resource. can be one of:\n - Healthy: operates as normal\n - Unhealthy: reported unhealthy. We consider this a temporary health issue\n since we do not have a mechanism today to distinguish\n temporary and permanent issues.\n - Unknown: The status cannot be determined.\n For example, Device Plugin got unregistered and hasn't been re-registered since.\n\nIn future we may want to introduce the PermanentlyUnhealthy Status.", - "type": "string" + "basicAuth": { + "description": "basicAuth contains configuration options for the BasicAuth IdP", + "$ref": "#/definitions/com.github.openshift.api.config.v1.BasicAuthIdentityProvider" }, - "resourceID": { - "description": "ResourceID is the unique identifier of the resource. See the ResourceID type for more information.", + "github": { + "description": "github enables user authentication using GitHub credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.GitHubIdentityProvider" + }, + "gitlab": { + "description": "gitlab enables user authentication using GitLab credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.GitLabIdentityProvider" + }, + "google": { + "description": "google enables user authentication using Google credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.GoogleIdentityProvider" + }, + "htpasswd": { + "description": "htpasswd enables user authentication using an HTPasswd file to validate credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.HTPasswdIdentityProvider" + }, + "keystone": { + "description": "keystone enables user authentication using keystone password credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.KeystoneIdentityProvider" + }, + "ldap": { + "description": "ldap enables user authentication using LDAP credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.LDAPIdentityProvider" + }, + "openID": { + "description": "openID enables user authentication using OpenID credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.OpenIDIdentityProvider" + }, + "requestHeader": { + "description": "requestHeader enables user authentication using request header credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.RequestHeaderIdentityProvider" + }, + "type": { + "description": "type identifies the identity provider type for this entry.", "type": "string", "default": "" } } }, - "ResourceQuota.v1.core.api.k8s.io": { - "description": "ResourceQuota sets aggregate quota restrictions enforced per namespace", + "com.github.openshift.api.config.v1.Image": { + "description": "Image governs policies related to imagestream imports and runtime configuration for external registries. It allows cluster admins to configure which registries OpenShift is allowed to import images from, extra CA trust bundles for external registries, and policies to block or allow registry hostnames. When exposing OpenShift's image registry to the public, this also lets cluster admins specify the external hostname.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -8185,243 +7578,256 @@ "type": "string" }, "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "Spec defines the desired quota. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/ResourceQuotaSpec.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageSpec" }, "status": { - "description": "Status defines the actual enforced quota and its current usage. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "description": "status holds observed values from the cluster. They may not be overridden.", "default": {}, - "$ref": "#/definitions/ResourceQuotaStatus.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageStatus" } } }, - "ResourceQuotaList.v1.core.api.k8s.io": { - "description": "ResourceQuotaList is a list of ResourceQuota items.", + "com.github.openshift.api.config.v1.ImageContentPolicy": { + "description": "ImageContentPolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "items" + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "Items is a list of ResourceQuota objects. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/ResourceQuota.v1.core.api.k8s.io" - } - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageContentPolicySpec" } } }, - "ResourceQuotaSpec.v1.core.api.k8s.io": { - "description": "ResourceQuotaSpec defines the desired hard limits to enforce for Quota.", + "com.github.openshift.api.config.v1.ImageContentPolicyList": { + "description": "ImageContentPolicyList lists the items in the ImageContentPolicy CRD.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { - "hard": { - "description": "hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" - } - }, - "scopeSelector": { - "description": "scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.", - "$ref": "#/definitions/ScopeSelector.v1.core.api.k8s.io" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "scopes": { - "description": "A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects.", + "items": { "type": "array", "items": { - "type": "string", - "default": "", - "enum": [ - "BestEffort", - "CrossNamespacePodAffinity", - "NotBestEffort", - "NotTerminating", - "PriorityClass", - "Terminating", - "VolumeAttributesClass" - ] - }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "ResourceQuotaStatus.v1.core.api.k8s.io": { - "description": "ResourceQuotaStatus defines the enforced hard limits and observed use.", - "type": "object", - "properties": { - "hard": { - "description": "Hard is the set of enforced hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageContentPolicy" } }, - "used": { - "description": "Used is the current observed total usage of the resource in the namespace.", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" - } + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "ResourceRequirements.v1.core.api.k8s.io": { - "description": "ResourceRequirements describes the compute resource requirements.", + "com.github.openshift.api.config.v1.ImageContentPolicySpec": { + "description": "ImageContentPolicySpec is the specification of the ImageContentPolicy CRD.", "type": "object", "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis field depends on the DynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "repositoryDigestMirrors": { + "description": "repositoryDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in RepositoryDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To pull image from mirrors by tags, should set the \"allowMirrorByTags\".\n\nEach “source” repository is treated independently; configurations for different “source” repositories don’t interact.\n\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec.\n\nWhen multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/ResourceClaim.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.RepositoryDigestMirrors" }, "x-kubernetes-list-map-keys": [ - "name" + "source" ], "x-kubernetes-list-type": "map" - }, - "limits": { - "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" - } - }, - "requests": { - "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" - } } } }, - "ResourceRule.v1.authorization.api.k8s.io": { - "description": "ResourceRule is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.", + "com.github.openshift.api.config.v1.ImageDigestMirrorSet": { + "description": "ImageDigestMirrorSet holds cluster-wide information about how to handle registry mirror rules on using digest pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "verbs" + "spec" ], "properties": { - "apiGroups": { - "description": "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. \"*\" means all.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "resourceNames": { - "description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. \"*\" means all.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageDigestMirrorSetSpec" + }, + "status": { + "description": "status contains the observed state of the resource.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageDigestMirrorSetStatus" + } + } + }, + "com.github.openshift.api.config.v1.ImageDigestMirrorSetList": { + "description": "ImageDigestMirrorSetList lists the items in the ImageDigestMirrorSet CRD.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "metadata", + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { "type": "array", "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageDigestMirrorSet" + } }, - "resources": { - "description": "Resources is a list of resources this rule applies to. \"*\" means all in the specified apiGroups.\n \"*/foo\" represents the subresource 'foo' for all resources in the specified apiGroups.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + } + }, + "com.github.openshift.api.config.v1.ImageDigestMirrorSetSpec": { + "description": "ImageDigestMirrorSetSpec is the specification of the ImageDigestMirrorSet CRD.", + "type": "object", + "properties": { + "imageDigestMirrors": { + "description": "imageDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using tag specification, users should configure a list of mirrors using \"ImageTagMirrorSet\" CRD.\n\nIf the image pull specification matches the repository of \"source\" in multiple imagedigestmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the \"source\", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact.\n\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec.\n\nWhen multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a specific order of mirrors, should configure them into one list of mirrors using the expected order.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageDigestMirrors" }, "x-kubernetes-list-type": "atomic" + } + } + }, + "com.github.openshift.api.config.v1.ImageDigestMirrorSetStatus": { + "type": "object" + }, + "com.github.openshift.api.config.v1.ImageDigestMirrors": { + "description": "ImageDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config.", + "type": "object", + "required": [ + "source" + ], + "properties": { + "mirrorSourcePolicy": { + "description": "mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. If unset, the image will continue to be pulled from the the repository in the pull spec. sourcePolicy is valid configuration only when one or more mirrors are in the mirror list.", + "type": "string" }, - "verbs": { - "description": "Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. \"*\" means all.", + "mirrors": { + "description": "mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. Images can be pulled from these mirrors only if they are referenced by their digests. The mirrored location is obtained by replacing the part of the input reference that matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo repository to be used. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be pulled from the repository in the pull spec unless explicitly prohibited by \"mirrorSourcePolicy\" Other cluster configuration, including (but not limited to) other imageDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. \"mirrors\" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", "type": "array", "items": { "type": "string", "default": "" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-type": "set" + }, + "source": { + "description": "source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. \"source\" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo [*.]host for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", + "type": "string", + "default": "" } } }, - "ResourceStatus.v1.core.api.k8s.io": { - "description": "ResourceStatus represents the status of a single resource allocated to a Pod.", + "com.github.openshift.api.config.v1.ImageLabel": { "type": "object", "required": [ "name" ], "properties": { "name": { - "description": "Name of the resource. Must be unique within the pod and in case of non-DRA resource, match one of the resources from the pod spec. For DRA resources, the value must be \"claim:/\". When this status is reported about a container, the \"claim_name\" and \"request\" must match one of the claims of this container.", + "description": "name defines the name of the label. It must have non-zero length.", "type": "string", "default": "" }, - "resources": { - "description": "List of unique resources health. Each element in the list contains an unique resource ID and its health. At a minimum, for the lifetime of a Pod, resource ID must uniquely identify the resource allocated to the Pod on the Node. If other Pod on the same Node reports the status with the same resource ID, it must be the same resource they share. See ResourceID type definition for a specific format it has in various use cases.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/ResourceHealth.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "resourceID" - ], - "x-kubernetes-list-type": "map" + "value": { + "description": "value defines the literal value of the label.", + "type": "string" } } }, - "Role.v1.rbac.api.k8s.io": { - "description": "Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.", + "com.github.openshift.api.config.v1.ImageList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.Image" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "Standard object's metadata.", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "rules": { - "description": "Rules holds all the PolicyRules for this Role", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/PolicyRule.v1.rbac.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "RoleBinding.v1.rbac.api.k8s.io": { - "description": "RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace.", + "com.github.openshift.api.config.v1.ImagePolicy": { + "description": "ImagePolicy holds namespace-wide configuration for image signature verification\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "roleRef" + "spec" ], "properties": { "apiVersion": { @@ -8433,60 +7839,53 @@ "type": "string" }, "metadata": { - "description": "Standard object's metadata.", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "roleRef": { - "description": "RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable.", + "spec": { + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/RoleRef.v1.rbac.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicySpec" }, - "subjects": { - "description": "Subjects holds references to the objects the role applies to.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Subject.v1.rbac.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "status": { + "description": "status contains the observed state of the resource.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicyStatus" } } }, - "RoleBindingList.v1.rbac.api.k8s.io": { - "description": "RoleBindingList is a collection of RoleBindings", + "com.github.openshift.api.config.v1.ImagePolicyFulcioCAWithRekorRootOfTrust": { + "description": "ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key.", "type": "object", "required": [ - "items" + "fulcioCAData", + "rekorKeyData", + "fulcioSubject" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "Items is a list of RoleBindings", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/RoleBinding.v1.rbac.api.k8s.io" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "fulcioCAData": { + "description": "fulcioCAData is a required field contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters.", + "type": "string", + "format": "byte" }, - "metadata": { - "description": "Standard object's metadata.", + "fulcioSubject": { + "description": "fulcioSubject is a required field specifies OIDC issuer and the email of the Fulcio authentication configuration.", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyFulcioSubject" + }, + "rekorKeyData": { + "description": "rekorKeyData is a required field contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", + "type": "string", + "format": "byte" } } }, - "RoleList.v1.rbac.api.k8s.io": { - "description": "RoleList is a collection of Roles", + "com.github.openshift.api.config.v1.ImagePolicyList": { + "description": "ImagePolicyList is a list of ImagePolicy resources\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -8495,11 +7894,11 @@ "type": "string" }, "items": { - "description": "Items is a list of Roles", + "description": "items is a list of ImagePolicies", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Role.v1.rbac.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicy" } }, "kind": { @@ -8507,81 +7906,134 @@ "type": "string" }, "metadata": { - "description": "Standard object's metadata.", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "RoleRef.v1.rbac.api.k8s.io": { - "description": "RoleRef contains information that points to the role being used", + "com.github.openshift.api.config.v1.ImagePolicyPKIRootOfTrust": { + "description": "ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates.", "type": "object", "required": [ - "apiGroup", - "kind", - "name" + "caRootsData", + "pkiCertificateSubject" ], "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced", + "caIntermediatesData": { + "description": "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set.", "type": "string", - "default": "" + "format": "byte" }, - "kind": { - "description": "Kind is the type of resource being referenced", + "caRootsData": { + "description": "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters.", "type": "string", - "default": "" + "format": "byte" }, - "name": { - "description": "Name is the name of resource being referenced", + "pkiCertificateSubject": { + "description": "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.PKICertificateSubject" + } + } + }, + "com.github.openshift.api.config.v1.ImagePolicyPublicKeyRootOfTrust": { + "description": "ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key.", + "type": "object", + "required": [ + "keyData" + ], + "properties": { + "keyData": { + "description": "keyData is a required field contains inline base64-encoded data for the PEM format public key. keyData must be at most 8192 characters.", "type": "string", - "default": "" + "format": "byte" + }, + "rekorKeyData": { + "description": "rekorKeyData is an optional field contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", + "type": "string", + "format": "byte" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "RootPaths.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "RootPaths lists the paths available at root. For example: \"/healthz\", \"/apis\".", + "com.github.openshift.api.config.v1.ImagePolicySpec": { + "description": "ImagePolicySpec is the specification of the ImagePolicy CRD.", "type": "object", "required": [ - "paths" + "scopes", + "policy" ], "properties": { - "paths": { - "description": "paths are the paths available at root.", + "policy": { + "description": "policy is a required field that contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy" + }, + "scopes": { + "description": "scopes is a required field that defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. This support no more than 256 scopes in one object. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", "type": "array", "items": { "type": "string", "default": "" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-type": "set" } } }, - "Rule.v1.admissionregistration.api.k8s.io": { - "description": "Rule is a tuple of APIGroups, APIVersion, and Resources.It is recommended to make sure that all the tuple expansions are valid.", + "com.github.openshift.api.config.v1.ImagePolicyStatus": { "type": "object", "properties": { - "apiGroups": { - "description": "APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.", + "conditions": { + "description": "conditions provide details on the status of this API Resource. condition type 'Pending' indicates that the customer resource contains a policy that cannot take effect. It is either overwritten by a global policy or the image scope is not valid.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy": { + "description": "ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list.", + "type": "object", + "required": [ + "rootOfTrust" + ], + "properties": { + "rootOfTrust": { + "description": "rootOfTrust is a required field that defines the root of trust for verifying image signatures during retrieval. This allows image consumers to specify policyType and corresponding configuration of the policy, matching how the policy was generated.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyRootOfTrust" }, - "apiVersions": { - "description": "APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.", + "signedIdentity": { + "description": "signedIdentity is an optional field specifies what image identity the signature claims about the image. This is useful when the image identity in the signature differs from the original image spec, such as when mirror registry is configured for the image scope, the signature from the mirror registry contains the image identity of the mirror instead of the original scope. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".", + "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyIdentity" + } + } + }, + "com.github.openshift.api.config.v1.ImageSpec": { + "type": "object", + "properties": { + "additionalTrustedCA": { + "description": "additionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted during imagestream import, pod image pull, build image pull, and imageregistry pullthrough. The namespace for this config map is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + }, + "allowedRegistriesForImport": { + "description": "allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.RegistryLocation" }, "x-kubernetes-list-type": "atomic" }, - "resources": { - "description": "Resources is a list of resources this rule applies to.\n\nFor example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.\n\nIf wildcard is present, the validation rule will ensure resources do not overlap with each other.\n\nDepending on the enclosing object, subresources might not be allowed. Required.", + "externalRegistryHostnames": { + "description": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", "type": "array", "items": { "type": "string", @@ -8589,57 +8041,27 @@ }, "x-kubernetes-list-type": "atomic" }, - "scope": { - "description": "scope specifies the scope of this rule. Valid values are \"Cluster\", \"Namespaced\", and \"*\" \"Cluster\" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. \"Namespaced\" means that only namespaced resources will match this rule. \"*\" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is \"*\".\n\n\nPossible enum values:\n - `\"*\"` means that all scopes are included.\n - `\"Cluster\"` means that scope is limited to cluster-scoped objects. Namespace objects are cluster-scoped.\n - `\"Namespaced\"` means that scope is limited to namespaced objects.", + "imageStreamImportMode": { + "description": "imageStreamImportMode controls the import mode behaviour of imagestreams. It can be set to `Legacy` or `PreserveOriginal` or the empty string. If this value is specified, this setting is applied to all newly created imagestreams which do not have the value set. `Legacy` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported. When empty, the behaviour will be decided based on the payload type advertised by the ClusterVersion status, i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal.\n\nPossible enum values:\n - `\"Legacy\"` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. This mode is the default.\n - `\"PreserveOriginal\"` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.", "type": "string", + "default": "", "enum": [ - "*", - "Cluster", - "Namespaced" + "Legacy", + "PreserveOriginal" ] + }, + "registrySources": { + "description": "registrySources contains configuration that determines how the container runtime should treat individual registries when accessing images for builds+pods. (e.g. whether or not to allow insecure access). It does not contain configuration for the internal cluster registry.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.RegistrySources" } } }, - "RuleWithOperations.v1.admissionregistration.api.k8s.io": { - "description": "RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.", + "com.github.openshift.api.config.v1.ImageStatus": { "type": "object", "properties": { - "apiGroups": { - "description": "APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "apiVersions": { - "description": "APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "operations": { - "description": "Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.", - "type": "array", - "items": { - "type": "string", - "default": "", - "enum": [ - "*", - "CONNECT", - "CREATE", - "DELETE", - "UPDATE" - ] - }, - "x-kubernetes-list-type": "atomic" - }, - "resources": { - "description": "Resources is a list of resources this rule applies to.\n\nFor example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.\n\nIf wildcard is present, the validation rule will ensure resources do not overlap with each other.\n\nDepending on the enclosing object, subresources might not be allowed. Required.", + "externalRegistryHostnames": { + "description": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", "type": "array", "items": { "type": "string", @@ -8647,326 +8069,164 @@ }, "x-kubernetes-list-type": "atomic" }, - "scope": { - "description": "scope specifies the scope of this rule. Valid values are \"Cluster\", \"Namespaced\", and \"*\" \"Cluster\" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. \"Namespaced\" means that only namespaced resources will match this rule. \"*\" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is \"*\".\n\n\nPossible enum values:\n - `\"*\"` means that all scopes are included.\n - `\"Cluster\"` means that scope is limited to cluster-scoped objects. Namespace objects are cluster-scoped.\n - `\"Namespaced\"` means that scope is limited to namespaced objects.", + "imageStreamImportMode": { + "description": "imageStreamImportMode controls the import mode behaviour of imagestreams. It can be `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported. This value will be reconciled based on either the spec value or if no spec value is specified, the image registry operator would look at the ClusterVersion status to determine the payload type and set the import mode accordingly, i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal.\n\nPossible enum values:\n - `\"Legacy\"` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. This mode is the default.\n - `\"PreserveOriginal\"` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.", "type": "string", "enum": [ - "*", - "Cluster", - "Namespaced" + "Legacy", + "PreserveOriginal" ] + }, + "internalRegistryHostname": { + "description": "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format. This value is set by the image registry operator which controls the internal registry hostname.", + "type": "string" } } }, - "SELinuxOptions.v1.core.api.k8s.io": { - "description": "SELinuxOptions are the labels to be applied to the container", + "com.github.openshift.api.config.v1.ImageTagMirrorSet": { + "description": "ImageTagMirrorSet holds cluster-wide information about how to handle registry mirror rules on using tag pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "spec" + ], "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageTagMirrorSetSpec" + }, + "status": { + "description": "status contains the observed state of the resource.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageTagMirrorSetStatus" } } }, - "ScaleIOPersistentVolumeSource.v1.core.api.k8s.io": { - "description": "ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume", + "com.github.openshift.api.config.v1.ImageTagMirrorSetList": { + "description": "ImageTagMirrorSetList lists the items in the ImageTagMirrorSet CRD.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "gateway", - "system", - "secretRef" + "metadata", + "items" ], "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\"", - "type": "string", - "default": "xfs" - }, - "gateway": { - "description": "gateway is the host address of the ScaleIO API Gateway.", - "type": "string", - "default": "" - }, - "protectionDomain": { - "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.", - "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" - }, - "sslEnabled": { - "description": "sslEnabled is the flag to enable/disable SSL communication with Gateway, default false", - "type": "boolean" - }, - "storageMode": { - "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.", - "type": "string", - "default": "ThinProvisioned" + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageTagMirrorSet" + } }, - "storagePool": { - "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "system": { - "description": "system is the name of the storage system as configured in ScaleIO.", - "type": "string", - "default": "" - }, - "volumeName": { - "description": "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.", - "type": "string" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "ScaleIOVolumeSource.v1.core.api.k8s.io": { - "description": "ScaleIOVolumeSource represents a persistent ScaleIO volume", + "com.github.openshift.api.config.v1.ImageTagMirrorSetSpec": { + "description": "ImageTagMirrorSetSpec is the specification of the ImageTagMirrorSet CRD.", "type": "object", - "required": [ - "gateway", - "system", - "secretRef" - ], "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\".", - "type": "string", - "default": "xfs" - }, - "gateway": { - "description": "gateway is the host address of the ScaleIO API Gateway.", - "type": "string", - "default": "" - }, - "protectionDomain": { - "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", - "type": "string" - }, - "readOnly": { - "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" - }, - "sslEnabled": { - "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", - "type": "boolean" - }, - "storageMode": { - "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.", - "type": "string", - "default": "ThinProvisioned" - }, - "storagePool": { - "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", - "type": "string" - }, - "system": { - "description": "system is the name of the storage system as configured in ScaleIO.", - "type": "string", - "default": "" - }, - "volumeName": { - "description": "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.", - "type": "string" - } - } - }, - "ScopeSelector.v1.core.api.k8s.io": { - "description": "A scope selector represents the AND of the selectors represented by the scoped-resource selector requirements.", - "type": "object", - "properties": { - "matchExpressions": { - "description": "A list of scope selector requirements by scope of the resources.", + "imageTagMirrors": { + "description": "imageTagMirrors allows images referenced by image tags in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageTagMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using digest specification only, users should configure a list of mirrors using \"ImageDigestMirrorSet\" CRD.\n\nIf the image pull specification matches the repository of \"source\" in multiple imagetagmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the \"source\", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact.\n\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec.\n\nWhen multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a deterministic order of mirrors, should configure them into one list of mirrors using the expected order.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/ScopedResourceSelectorRequirement.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageTagMirrors" }, "x-kubernetes-list-type": "atomic" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "ScopedResourceSelectorRequirement.v1.core.api.k8s.io": { - "description": "A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator that relates the scope name and values.", + "com.github.openshift.api.config.v1.ImageTagMirrorSetStatus": { + "type": "object" + }, + "com.github.openshift.api.config.v1.ImageTagMirrors": { + "description": "ImageTagMirrors holds cluster-wide information about how to handle mirrors in the registries config.", "type": "object", "required": [ - "scopeName", - "operator" + "source" ], "properties": { - "operator": { - "description": "Represents a scope's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist.\n\nPossible enum values:\n - `\"DoesNotExist\"`\n - `\"Exists\"`\n - `\"In\"`\n - `\"NotIn\"`", - "type": "string", - "default": "", - "enum": [ - "DoesNotExist", - "Exists", - "In", - "NotIn" - ] - }, - "scopeName": { - "description": "The name of the scope that the selector applies to.\n\nPossible enum values:\n - `\"BestEffort\"` Match all pod objects that have best effort quality of service\n - `\"CrossNamespacePodAffinity\"` Match all pod objects that have cross-namespace pod (anti)affinity mentioned.\n - `\"NotBestEffort\"` Match all pod objects that do not have best effort quality of service\n - `\"NotTerminating\"` Match all pod objects where spec.activeDeadlineSeconds is nil\n - `\"PriorityClass\"` Match all pod objects that have priority class mentioned\n - `\"Terminating\"` Match all pod objects where spec.activeDeadlineSeconds >=0\n - `\"VolumeAttributesClass\"` Match all pvc objects that have volume attributes class mentioned.", - "type": "string", - "default": "", - "enum": [ - "BestEffort", - "CrossNamespacePodAffinity", - "NotBestEffort", - "NotTerminating", - "PriorityClass", - "Terminating", - "VolumeAttributesClass" - ] + "mirrorSourcePolicy": { + "description": "mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. If unset, the image will continue to be pulled from the repository in the pull spec. sourcePolicy is valid configuration only when one or more mirrors are in the mirror list.", + "type": "string" }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "mirrors": { + "description": "mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. Images can be pulled from these mirrors only if they are referenced by their tags. The mirrored location is obtained by replacing the part of the input reference that matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo repository to be used. Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. Configuring a list of mirrors using \"ImageDigestMirrorSet\" CRD and forcing digest-pulls for mirrors avoids that issue. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be pulled from the repository in the pull spec unless explicitly prohibited by \"mirrorSourcePolicy\". Other cluster configuration, including (but not limited to) other imageTagMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. \"mirrors\" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", "type": "array", "items": { "type": "string", "default": "" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-type": "set" + }, + "source": { + "description": "source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. \"source\" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo [*.]host for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", + "type": "string", + "default": "" } } }, - "SeccompProfile.v1.core.api.k8s.io": { - "description": "SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.", + "com.github.openshift.api.config.v1.Infrastructure": { + "description": "Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "type" + "spec" ], - "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is \"Localhost\". Must NOT be set for any other type.", - "type": "string" - }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied. Valid options are:\n\nLocalhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.\n\nPossible enum values:\n - `\"Localhost\"` indicates a profile defined in a file on the node should be used. The file's location relative to /seccomp.\n - `\"RuntimeDefault\"` represents the default container runtime seccomp profile.\n - `\"Unconfined\"` indicates no seccomp profile is applied (A.K.A. unconfined).", - "type": "string", - "default": "", - "enum": [ - "Localhost", - "RuntimeDefault", - "Unconfined" - ] - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "localhostProfile": "LocalhostProfile" - } - } - ] - }, - "Secret.v1.core.api.k8s.io": { - "description": "Secret holds secret data of a certain type. The total bytes of the values in the Data field must be less than MaxSecretSize bytes.", - "type": "object", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "data": { - "description": "Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4", - "type": "object", - "additionalProperties": { - "type": "string", - "format": "byte" - } - }, - "immutable": { - "description": "Immutable, if set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil.", - "type": "boolean" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "stringData": { - "description": "stringData allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "type": { - "description": "Used to facilitate programmatic handling of secret data. More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types", - "type": "string" - } - } - }, - "SecretEnvSource.v1.core.api.k8s.io": { - "description": "SecretEnvSource selects a Secret to populate the environment variables with.\n\nThe contents of the target Secret's Data field will represent the key-value pairs as environment variables.", - "type": "object", - "properties": { - "name": { - "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string", - "default": "" + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.InfrastructureSpec" }, - "optional": { - "description": "Specify whether the Secret must be defined", - "type": "boolean" + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.InfrastructureStatus" } } }, - "SecretKeySelector.v1.core.api.k8s.io": { - "description": "SecretKeySelector selects a key of a Secret.", - "type": "object", - "required": [ - "key" - ], - "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", - "type": "string", - "default": "" - }, - "name": { - "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string", - "default": "" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" - } - }, - "x-kubernetes-map-type": "atomic" - }, - "SecretList.v1.core.api.k8s.io": { - "description": "SecretList is a list of Secret.", + "com.github.openshift.api.config.v1.InfrastructureList": { + "description": "InfrastructureList is\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -8975,11 +8235,10 @@ "type": "string" }, "items": { - "description": "Items is a list of secret objects. More info: https://kubernetes.io/docs/concepts/configuration/secret", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Secret.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.Infrastructure" } }, "kind": { @@ -8987,141 +8246,78 @@ "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "SecretProjection.v1.core.api.k8s.io": { - "description": "Adapts a secret into a projected volume.\n\nThe contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.", - "type": "object", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/KeyToPath.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" - }, - "name": { - "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string", - "default": "" - }, - "optional": { - "description": "optional field specify whether the Secret or its key must be defined", - "type": "boolean" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "SecretReference.v1.core.api.k8s.io": { - "description": "SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace", - "type": "object", - "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", - "type": "string" - } - }, - "x-kubernetes-map-type": "atomic" - }, - "SecretVolumeSource.v1.core.api.k8s.io": { - "description": "Adapts a Secret into a volume.\n\nThe contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.", + "com.github.openshift.api.config.v1.InfrastructureSpec": { + "description": "InfrastructureSpec contains settings that apply to the cluster infrastructure.", "type": "object", "properties": { - "defaultMode": { - "description": "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" - }, - "items": { - "description": "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/KeyToPath.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" - }, - "optional": { - "description": "optional field specify whether the Secret or its keys must be defined", - "type": "boolean" + "cloudConfig": { + "description": "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config.\n\ncloudConfig should only be consumed by the kube_cloud_config controller. The controller is responsible for using the user configuration in the spec for various platforms and combining that with the user provided ConfigMap in this field to create a stitched kube cloud config. The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace with the kube cloud config is stored in `cloud.conf` key. All the clients are expected to use the generated ConfigMap only.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapFileReference" }, - "secretName": { - "description": "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "type": "string" + "platformSpec": { + "description": "platformSpec holds desired information specific to the underlying infrastructure provider.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.PlatformSpec" } } }, - "SecurityContext.v1.core.api.k8s.io": { - "description": "SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.", + "com.github.openshift.api.config.v1.InfrastructureStatus": { + "description": "InfrastructureStatus describes the infrastructure the cluster is leveraging.", "type": "object", "properties": { - "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows.", - "$ref": "#/definitions/AppArmorProfile.v1.core.api.k8s.io" - }, - "capabilities": { - "description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", - "$ref": "#/definitions/Capabilities.v1.core.api.k8s.io" - }, - "privileged": { - "description": "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", - "type": "boolean" + "apiServerInternalURI": { + "description": "apiServerInternalURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components like kubelets, to contact the Kubernetes API server using the infrastructure provider rather than Kubernetes networking.", + "type": "string", + "default": "" }, - "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.\n\nPossible enum values:\n - `\"Default\"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.\n - `\"Unmasked\"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications.", + "apiServerURL": { + "description": "apiServerURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerURL can be used by components like the web console to tell users where to find the Kubernetes API.", "type": "string", - "enum": [ - "Default", - "Unmasked" - ] + "default": "" }, - "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", - "type": "boolean" + "controlPlaneTopology": { + "description": "controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster. The 'HighlyAvailableArbiter' mode indicates that the control plane will consist of 2 control-plane nodes that run conventional services and 1 smaller sized arbiter node that runs a bare minimum of services to maintain quorum.", + "type": "string", + "default": "" }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", - "type": "integer", - "format": "int64" + "cpuPartitioning": { + "description": "cpuPartitioning expresses if CPU partitioning is a currently enabled feature in the cluster. CPU Partitioning means that this cluster can support partitioning workloads to specific CPU Sets. Valid values are \"None\" and \"AllNodes\". When omitted, the default value is \"None\". The default value of \"None\" indicates that no nodes will be setup with CPU partitioning. The \"AllNodes\" value indicates that all nodes have been setup with CPU partitioning, and can then be further configured via the PerformanceProfile API.", + "type": "string", + "default": "None" }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" + "etcdDiscoveryDomain": { + "description": "etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.", + "type": "string", + "default": "" }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", - "type": "integer", - "format": "int64" + "infrastructureName": { + "description": "infrastructureName uniquely identifies a cluster with a human friendly name. Once set it should not be changed. Must be of max length 27 and must have only alphanumeric or hyphen characters.", + "type": "string", + "default": "" }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", - "$ref": "#/definitions/SELinuxOptions.v1.core.api.k8s.io" + "infrastructureTopology": { + "description": "infrastructureTopology expresses the expectations for infrastructure services that do not run on control plane nodes, usually indicated by a node selector for a `role` value other than `master`. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation NOTE: External topology mode is not applicable for this field.", + "type": "string" }, - "seccompProfile": { - "description": "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", - "$ref": "#/definitions/SeccompProfile.v1.core.api.k8s.io" + "platform": { + "description": "platform is the underlying infrastructure provider for the cluster.\n\nDeprecated: Use platformStatus.type instead.", + "type": "string" }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", - "$ref": "#/definitions/WindowsSecurityContextOptions.v1.core.api.k8s.io" + "platformStatus": { + "description": "platformStatus holds status information specific to the underlying infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.PlatformStatus" } } }, - "SelfSubjectAccessReview.v1.authorization.api.k8s.io": { - "description": "SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a spec.namespace means \"in all namespaces\". Self is a special case, because users should always be able to check whether they can perform an action", + "com.github.openshift.api.config.v1.Ingress": { + "description": "Ingress holds cluster-wide information about ingress, including the default ingress domain used for routes. The canonical name is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "spec" @@ -9136,120 +8332,150 @@ "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "Spec holds information about the request being evaluated. user and groups must be empty", + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/SelfSubjectAccessReviewSpec.v1.authorization.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.IngressSpec" }, "status": { - "description": "Status is filled in by the server and indicates whether the request is allowed or not", + "description": "status holds observed values from the cluster. They may not be overridden.", "default": {}, - "$ref": "#/definitions/SubjectAccessReviewStatus.v1.authorization.api.k8s.io" - } - } - }, - "SelfSubjectAccessReviewSpec.v1.authorization.api.k8s.io": { - "description": "SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set", - "type": "object", - "properties": { - "nonResourceAttributes": { - "description": "NonResourceAttributes describes information for a non-resource access request", - "$ref": "#/definitions/NonResourceAttributes.v1.authorization.api.k8s.io" - }, - "resourceAttributes": { - "description": "ResourceAuthorizationAttributes describes information for a resource access request", - "$ref": "#/definitions/ResourceAttributes.v1.authorization.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.IngressStatus" } } }, - "SelfSubjectRulesReview.v1.authorization.api.k8s.io": { - "description": "SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace. The returned list of actions may be incomplete depending on the server's authorization mode, and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to show/hide actions, or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server.", + "com.github.openshift.api.config.v1.IngressList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "spec" + "metadata", + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.Ingress" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "Spec holds information about the request being evaluated.", - "default": {}, - "$ref": "#/definitions/SelfSubjectRulesReviewSpec.v1.authorization.api.k8s.io" - }, - "status": { - "description": "Status is filled in by the server and indicates the set of actions a user can perform.", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/SubjectRulesReviewStatus.v1.authorization.api.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "SelfSubjectRulesReviewSpec.v1.authorization.api.k8s.io": { - "description": "SelfSubjectRulesReviewSpec defines the specification for SelfSubjectRulesReview.", + "com.github.openshift.api.config.v1.IngressPlatformSpec": { + "description": "IngressPlatformSpec holds the desired state of Ingress specific to the underlying infrastructure provider of the current cluster. Since these are used at spec-level for the underlying cluster, it is supposed that only one of the spec structs is set.", "type": "object", + "required": [ + "type" + ], "properties": { - "namespace": { - "description": "Namespace to evaluate rules for. Required.", - "type": "string" + "aws": { + "description": "aws contains settings specific to the Amazon Web Services infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSIngressSpec" + }, + "type": { + "description": "type is the underlying infrastructure provider for the cluster. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"KubeVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", + "type": "string", + "default": "" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "aws": "AWS" + } + } + ] }, - "SerializedReference.v1.core.api.k8s.io": { - "description": "SerializedReference is a reference to serialized object.", + "com.github.openshift.api.config.v1.IngressSpec": { "type": "object", + "required": [ + "domain" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "appsDomain": { + "description": "appsDomain is an optional domain to use instead of the one specified in the domain field when a Route is created without specifying an explicit host. If appsDomain is nonempty, this value is used to generate default host values for Route. Unlike domain, appsDomain may be modified after installation. This assumes a new ingresscontroller has been setup with a wildcard certificate.", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "componentRoutes": { + "description": "componentRoutes is an optional list of routes that are managed by OpenShift components that a cluster-admin is able to configure the hostname and serving certificate for. The namespace and name of each route in this list should match an existing entry in the status.componentRoutes list.\n\nTo determine the set of configurable Routes, look at namespace and name of entries in the .status.componentRoutes list, where participating operators write the status of configurable routes.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ComponentRouteSpec" + }, + "x-kubernetes-list-map-keys": [ + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "reference": { - "description": "The reference to an object in the system.", + "domain": { + "description": "domain is used to generate a default host name for a route when the route's host name is empty. The generated host name will follow this pattern: \"..\".\n\nIt is also used as the default wildcard domain suffix for ingress. The default ingresscontroller domain will follow this pattern: \"*.\".\n\nOnce set, changing domain is not currently supported.", + "type": "string", + "default": "" + }, + "loadBalancer": { + "description": "loadBalancer contains the load balancer details in general which are not only specific to the underlying infrastructure provider of the current cluster and are required for Ingress Controller to work on OpenShift.", "default": {}, - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.LoadBalancer" + }, + "requiredHSTSPolicies": { + "description": "requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created or updated routes matching the domainPattern/s and namespaceSelector/s that are specified in the policy. Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route annotation, and affect route admission.\n\nA candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation: \"haproxy.router.openshift.io/hsts_header\" E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains\n\n- For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector, then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted. Otherwise, the route is rejected. - The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies determines the route's admission status. - If the candidate route doesn't match any requiredHSTSPolicy domainPattern and optional namespaceSelector, then it may use any HSTS Policy annotation.\n\nThe HSTS policy configuration may be changed after routes have already been created. An update to a previously admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration. However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working.\n\nNote that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.RequiredHSTSPolicy" + } } } }, - "ServerAddressByClientCIDR.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "ServerAddressByClientCIDR helps the client to determine the server address that they should use, depending on the clientCIDR that they match.", + "com.github.openshift.api.config.v1.IngressStatus": { "type": "object", - "required": [ - "clientCIDR", - "serverAddress" - ], "properties": { - "clientCIDR": { - "description": "The CIDR with which clients can match their IP to figure out the server address that they should use.", - "type": "string", - "default": "" + "componentRoutes": { + "description": "componentRoutes is where participating operators place the current route status for routes whose hostnames and serving certificates can be customized by the cluster-admin.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ComponentRouteStatus" + }, + "x-kubernetes-list-map-keys": [ + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "serverAddress": { - "description": "Address of this server, suitable for a client that matches the above CIDR. This can be a hostname, hostname:port, IP or IP:port.", + "defaultPlacement": { + "description": "defaultPlacement is set at installation time to control which nodes will host the ingress router pods by default. The options are control-plane nodes or worker nodes.\n\nThis field works by dictating how the Cluster Ingress Operator will consider unset replicas and nodePlacement fields in IngressController resources when creating the corresponding Deployments.\n\nSee the documentation for the IngressController replicas and nodePlacement fields for more information.\n\nWhen omitted, the default value is Workers", "type": "string", "default": "" } } }, - "Service.v1.core.api.k8s.io": { - "description": "Service is a named abstraction of software service (for example, mysql) consisting of local port (for example 3306) that the proxy listens on, and the selector that determines which pods will answer requests sent through the proxy.", + "com.github.openshift.api.config.v1.InsightsDataGather": { + "description": "InsightsDataGather provides data gather configuration options for the Insights Operator.\n\n\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -9260,1553 +8486,1433 @@ "type": "string" }, "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "Spec defines the behavior of a service. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "default": {}, - "$ref": "#/definitions/ServiceSpec.v1.core.api.k8s.io" - }, - "status": { - "description": "Most recently observed status of the service. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/ServiceStatus.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.InsightsDataGatherSpec" } } }, - "ServiceAccount.v1.core.api.k8s.io": { - "description": "ServiceAccount binds together: * a name, understood by users, and perhaps by peripheral systems, for an identity * a principal that can be authenticated and authorized * a set of secrets", + "com.github.openshift.api.config.v1.InsightsDataGatherList": { + "description": "InsightsDataGatherList is a collection of items Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "automountServiceAccountToken": { - "description": "AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. Can be overridden at the pod level.", - "type": "boolean" - }, - "imagePullSecrets": { - "description": "ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod", + "items": { + "description": "items is the required list of InsightsDataGather objects it may not exceed 100 items", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.config.v1.InsightsDataGather" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the required standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "secrets": { - "description": "Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use. Pods are only limited to this list if this service account has a \"kubernetes.io/enforce-mountable-secrets\" annotation set to \"true\". The \"kubernetes.io/enforce-mountable-secrets\" annotation is deprecated since v1.32. Prefer separate namespaces to isolate access to mounted secrets. This field should not be used to find auto-generated service account token secrets for use outside of pods. Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. More info: https://kubernetes.io/docs/concepts/configuration/secret", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "ServiceAccountList.v1.core.api.k8s.io": { - "description": "ServiceAccountList is a list of ServiceAccount objects", + "com.github.openshift.api.config.v1.InsightsDataGatherSpec": { + "description": "InsightsDataGatherSpec contains the configuration for the data gathering.", "type": "object", "required": [ - "items" + "gatherConfig" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of ServiceAccounts. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/ServiceAccount.v1.core.api.k8s.io" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "gatherConfig": { + "description": "gatherConfig is a required spec attribute that includes all the configuration options related to gathering of the Insights data and its uploading to the ingress.", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.GatherConfig" } } }, - "ServiceAccountTokenProjection.v1.core.api.k8s.io": { - "description": "ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).", + "com.github.openshift.api.config.v1.IntermediateTLSProfile": { + "description": "IntermediateTLSProfile is a TLS security profile based on the \"intermediate\" configuration of the Mozilla Server Side TLS configuration guidelines.", + "type": "object" + }, + "com.github.openshift.api.config.v1.KMSConfig": { + "description": "KMSConfig defines the configuration for the KMS instance that will be used with KMSEncryptionProvider encryption", "type": "object", "required": [ - "path" + "type" ], "properties": { - "audience": { - "description": "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.", - "type": "string" - }, - "expirationSeconds": { - "description": "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.", - "type": "integer", - "format": "int64" + "aws": { + "description": "aws defines the key config for using an AWS KMS instance for the encryption. The AWS KMS instance is managed by the user outside the purview of the control plane.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSKMSConfig" }, - "path": { - "description": "path is the path relative to the mount point of the file to project the token into.", + "type": { + "description": "type defines the kind of platform for the KMS provider. Available provider types are AWS only.", "type": "string", "default": "" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "aws": "AWS" + } + } + ] }, - "ServiceList.v1.core.api.k8s.io": { - "description": "ServiceList holds a list of services.", + "com.github.openshift.api.config.v1.KeystoneIdentityProvider": { + "description": "KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials", "type": "object", "required": [ - "items" + "url", + "domainName" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "ca": { + "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "items": { - "description": "List of services", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Service.v1.core.api.k8s.io" - } + "domainName": { + "description": "domainName is required for keystone v3", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "tlsClientCert": { + "description": "tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key \"tls.crt\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "tlsClientKey": { + "description": "tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key \"tls.key\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + }, + "url": { + "description": "url is the remote URL to connect to", + "type": "string", + "default": "" } } }, - "ServicePort.v1.core.api.k8s.io": { - "description": "ServicePort contains information on service's port.", + "com.github.openshift.api.config.v1.KubeClientConfig": { "type": "object", "required": [ - "port" + "kubeConfig", + "connectionOverrides" ], "properties": { - "appProtocol": { - "description": "The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.", - "type": "string" - }, - "name": { - "description": "The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.", - "type": "string" - }, - "nodePort": { - "description": "The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport", - "type": "integer", - "format": "int32" - }, - "port": { - "description": "The port that will be exposed by this service.", - "type": "integer", - "format": "int32", - "default": 0 + "connectionOverrides": { + "description": "connectionOverrides specifies client overrides for system components to loop back to this master.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClientConnectionOverrides" }, - "protocol": { - "description": "The IP protocol for this port. Supports \"TCP\", \"UDP\", and \"SCTP\". Default is TCP.\n\nPossible enum values:\n - `\"SCTP\"` is the SCTP protocol.\n - `\"TCP\"` is the TCP protocol.\n - `\"UDP\"` is the UDP protocol.", + "kubeConfig": { + "description": "kubeConfig is a .kubeconfig filename for going to the owning kube-apiserver. Empty uses an in-cluster-config", "type": "string", - "default": "TCP", - "enum": [ - "SCTP", - "TCP", - "UDP" - ] - }, - "targetPort": { - "description": "Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service", - "$ref": "#/definitions/IntOrString.intstr.util.pkg.apimachinery.k8s.io" + "default": "" } } }, - "ServiceProxyOptions.v1.core.api.k8s.io": { - "description": "ServiceProxyOptions is the query options to a Service's proxy call.", + "com.github.openshift.api.config.v1.KubevirtPlatformSpec": { + "description": "KubevirtPlatformSpec holds the desired state of the kubevirt infrastructure provider. This only includes fields that can be modified in the cluster.", + "type": "object" + }, + "com.github.openshift.api.config.v1.KubevirtPlatformStatus": { + "description": "KubevirtPlatformStatus holds the current status of the kubevirt infrastructure provider.", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "apiServerInternalIP": { + "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", "type": "string" }, - "path": { - "description": "Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.", + "ingressIP": { + "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.", "type": "string" } } }, - "ServiceReference.v1.admissionregistration.api.k8s.io": { - "description": "ServiceReference holds a reference to Service.legacy.k8s.io", + "com.github.openshift.api.config.v1.LDAPAttributeMapping": { + "description": "LDAPAttributeMapping maps LDAP attributes to OpenShift identity fields", "type": "object", "required": [ - "namespace", - "name" + "id" ], "properties": { - "name": { - "description": "`name` is the name of the service. Required", - "type": "string", - "default": "" - }, - "namespace": { - "description": "`namespace` is the namespace of the service. Required", - "type": "string", - "default": "" - }, - "path": { - "description": "`path` is an optional URL path which will be sent in any request to this service.", - "type": "string" - }, - "port": { - "description": "If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).", - "type": "integer", - "format": "int32" - } - } - }, - "ServiceSpec.v1.core.api.k8s.io": { - "description": "ServiceSpec describes the attributes that a user creates on a service.", - "type": "object", - "properties": { - "allocateLoadBalancerNodePorts": { - "description": "allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is \"true\". It may be set to \"false\" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type.", - "type": "boolean" - }, - "clusterIP": { - "description": "clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "type": "string" - }, - "clusterIPs": { - "description": "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value.\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", + "email": { + "description": "email is the list of attributes whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } }, - "externalIPs": { - "description": "externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.", + "id": { + "description": "id is the list of attributes whose values should be used as the user ID. Required. First non-empty attribute is used. At least one attribute is required. If none of the listed attribute have a value, authentication fails. LDAP standard identity attribute is \"dn\"", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "externalName": { - "description": "externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be \"ExternalName\".", - "type": "string" - }, - "externalTrafficPolicy": { - "description": "externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's \"externally-facing\" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to \"Local\", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get \"Cluster\" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.\n\nPossible enum values:\n - `\"Cluster\"` routes traffic to all endpoints.\n - `\"Local\"` preserves the source IP of the traffic by routing only to endpoints on the same node as the traffic was received on (dropping the traffic if there are no local endpoints).", - "type": "string", - "enum": [ - "Cluster", - "Local" - ] - }, - "healthCheckNodePort": { - "description": "healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set.", - "type": "integer", - "format": "int32" - }, - "internalTrafficPolicy": { - "description": "InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to \"Local\", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).\n\nPossible enum values:\n - `\"Cluster\"` routes traffic to all endpoints.\n - `\"Local\"` routes traffic only to endpoints on the same node as the client pod (dropping the traffic if there are no local endpoints).", - "type": "string", - "enum": [ - "Cluster", - "Local" - ] + } }, - "ipFamilies": { - "description": "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName.\n\nThis field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.", + "name": { + "description": "name is the list of attributes whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity LDAP standard display name attribute is \"cn\"", "type": "array", "items": { "type": "string", - "default": "", - "enum": [ - "", - "IPv4", - "IPv6" - ] - }, - "x-kubernetes-list-type": "atomic" - }, - "ipFamilyPolicy": { - "description": "IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be \"SingleStack\" (a single IP family), \"PreferDualStack\" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or \"RequireDualStack\" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName.\n\nPossible enum values:\n - `\"PreferDualStack\"` indicates that this service prefers dual-stack when the cluster is configured for dual-stack. If the cluster is not configured for dual-stack the service will be assigned a single IPFamily. If the IPFamily is not set in service.spec.ipFamilies then the service will be assigned the default IPFamily configured on the cluster\n - `\"RequireDualStack\"` indicates that this service requires dual-stack. Using IPFamilyPolicyRequireDualStack on a single stack cluster will result in validation errors. The IPFamilies (and their order) assigned to this service is based on service.spec.ipFamilies. If service.spec.ipFamilies was not provided then it will be assigned according to how they are configured on the cluster. If service.spec.ipFamilies has only one entry then the alternative IPFamily will be added by apiserver\n - `\"SingleStack\"` indicates that this service is required to have a single IPFamily. The IPFamily assigned is based on the default IPFamily used by the cluster or as identified by service.spec.ipFamilies field", - "type": "string", - "enum": [ - "PreferDualStack", - "RequireDualStack", - "SingleStack" - ] - }, - "loadBalancerClass": { - "description": "loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. \"internal-vip\" or \"example.com/internal-vip\". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.", - "type": "string" - }, - "loadBalancerIP": { - "description": "Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations. Using it is non-portable and it may not support dual-stack. Users are encouraged to use implementation-specific annotations when available.", - "type": "string" + "default": "" + } }, - "loadBalancerSourceRanges": { - "description": "If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature.\" More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/", + "preferredUsername": { + "description": "preferredUsername is the list of attributes whose values should be used as the preferred username. LDAP standard login attribute is \"uid\"", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } + } + } + }, + "com.github.openshift.api.config.v1.LDAPIdentityProvider": { + "description": "LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials", + "type": "object", + "required": [ + "url", + "insecure", + "attributes" + ], + "properties": { + "attributes": { + "description": "attributes maps LDAP attributes to identities", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.LDAPAttributeMapping" }, - "ports": { - "description": "The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/ServicePort.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "port", - "protocol" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "port", - "x-kubernetes-patch-strategy": "merge" + "bindDN": { + "description": "bindDN is an optional DN to bind with during the search phase.", + "type": "string", + "default": "" }, - "publishNotReadyAddresses": { - "description": "publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered \"ready\" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior.", - "type": "boolean" + "bindPassword": { + "description": "bindPassword is an optional reference to a secret by name containing a password to bind with during the search phase. The key \"bindPassword\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" }, - "selector": { - "description": "Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - }, - "x-kubernetes-map-type": "atomic" + "ca": { + "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "sessionAffinity": { - "description": "Supports \"ClientIP\" and \"None\". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies\n\nPossible enum values:\n - `\"ClientIP\"` is the Client IP based.\n - `\"None\"` - no session affinity.", + "insecure": { + "description": "insecure, if true, indicates the connection should not use TLS WARNING: Should not be set to `true` with the URL scheme \"ldaps://\" as \"ldaps://\" URLs always\n attempt to connect using TLS, even when `insecure` is set to `true`\nWhen `true`, \"ldap://\" URLS connect insecurely. When `false`, \"ldap://\" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830.", + "type": "boolean", + "default": false + }, + "url": { + "description": "url is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is: ldap://host:port/basedn?attribute?scope?filter", "type": "string", - "enum": [ - "ClientIP", - "None" - ] + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.LeaderElection": { + "description": "LeaderElection provides information to elect a leader", + "type": "object", + "required": [ + "leaseDuration", + "renewDeadline", + "retryPeriod" + ], + "properties": { + "disable": { + "description": "disable allows leader election to be suspended while allowing a fully defaulted \"normal\" startup case.", + "type": "boolean" }, - "sessionAffinityConfig": { - "description": "sessionAffinityConfig contains the configurations of session affinity.", - "$ref": "#/definitions/SessionAffinityConfig.v1.core.api.k8s.io" + "leaseDuration": { + "description": "leaseDuration is the duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate. This is only applicable if leader election is enabled.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" }, - "trafficDistribution": { - "description": "TrafficDistribution offers a way to express preferences for how traffic is distributed to Service endpoints. Implementations can use this field as a hint, but are not required to guarantee strict adherence. If the field is not set, the implementation will apply its default routing strategy. If set to \"PreferClose\", implementations should prioritize endpoints that are in the same zone.", + "name": { + "description": "name indicates what name to use for the resource", "type": "string" }, - "type": { - "description": "type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. \"ClusterIP\" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is \"None\", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. \"NodePort\" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. \"LoadBalancer\" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. \"ExternalName\" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types\n\nPossible enum values:\n - `\"ClusterIP\"` means a service will only be accessible inside the cluster, via the cluster IP.\n - `\"ExternalName\"` means a service consists of only a reference to an external name that kubedns or equivalent will return as a CNAME record, with no exposing or proxying of any pods involved.\n - `\"LoadBalancer\"` means a service will be exposed via an external load balancer (if the cloud provider supports it), in addition to 'NodePort' type.\n - `\"NodePort\"` means a service will be exposed on one port of every node, in addition to 'ClusterIP' type.", - "type": "string", - "enum": [ - "ClusterIP", - "ExternalName", - "LoadBalancer", - "NodePort" - ] + "namespace": { + "description": "namespace indicates which namespace the resource is in", + "type": "string" + }, + "renewDeadline": { + "description": "renewDeadline is the interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. This is only applicable if leader election is enabled.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + }, + "retryPeriod": { + "description": "retryPeriod is the duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" } } }, - "ServiceStatus.v1.core.api.k8s.io": { - "description": "ServiceStatus represents the current status of a service.", + "com.github.openshift.api.config.v1.LoadBalancer": { "type": "object", "properties": { - "conditions": { - "description": "Current service state", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" - }, - "loadBalancer": { - "description": "LoadBalancer contains the current status of the load-balancer, if one is present.", + "platform": { + "description": "platform holds configuration specific to the underlying infrastructure provider for the ingress load balancers. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.", "default": {}, - "$ref": "#/definitions/LoadBalancerStatus.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.IngressPlatformSpec" } } }, - "SessionAffinityConfig.v1.core.api.k8s.io": { - "description": "SessionAffinityConfig represents the configurations of session affinity.", + "com.github.openshift.api.config.v1.MTUMigration": { + "description": "MTUMigration contains infomation about MTU migration.", "type": "object", "properties": { - "clientIP": { - "description": "clientIP contains the configurations of Client IP based session affinity.", - "$ref": "#/definitions/ClientIPConfig.v1.core.api.k8s.io" + "machine": { + "description": "machine contains MTU migration configuration for the machine's uplink.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.MTUMigrationValues" + }, + "network": { + "description": "network contains MTU migration configuration for the default network.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.MTUMigrationValues" } } }, - "SleepAction.v1.core.api.k8s.io": { - "description": "SleepAction describes a \"sleep\" action.", + "com.github.openshift.api.config.v1.MTUMigrationValues": { + "description": "MTUMigrationValues contains the values for a MTU migration.", "type": "object", "required": [ - "seconds" + "to" ], "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", + "from": { + "description": "from is the MTU to migrate from.", "type": "integer", - "format": "int64", - "default": 0 + "format": "int64" + }, + "to": { + "description": "to is the MTU to migrate to.", + "type": "integer", + "format": "int64" } } }, - "Status.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "Status is a return value for calls that don't return other objects.", + "com.github.openshift.api.config.v1.MaxAgePolicy": { + "description": "MaxAgePolicy contains a numeric range for specifying a compliant HSTS max-age for the enclosing RequiredHSTSPolicy", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "code": { - "description": "Suggested HTTP return code for this status, 0 if not set.", + "largestMaxAge": { + "description": "The largest allowed value (in seconds) of the RequiredHSTSPolicy max-age This value can be left unspecified, in which case no upper limit is enforced.", "type": "integer", "format": "int32" }, - "details": { - "description": "Extended data associated with the reason. Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type.", - "$ref": "#/definitions/StatusDetails.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "message": { - "description": "A human-readable description of the status of this operation.", - "type": "string" - }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "reason": { - "description": "A machine-readable description of why this operation is in the \"Failure\" status. If this value is empty there is no information available. A Reason clarifies an HTTP status code but does not override it.", - "type": "string" - }, - "status": { - "description": "Status of the operation. One of: \"Success\" or \"Failure\". More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "type": "string" + "smallestMaxAge": { + "description": "The smallest allowed value (in seconds) of the RequiredHSTSPolicy max-age Setting max-age=0 allows the deletion of an existing HSTS header from a host. This is a necessary tool for administrators to quickly correct mistakes. This value can be left unspecified, in which case no lower limit is enforced.", + "type": "integer", + "format": "int32" } } }, - "StatusCause.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "StatusCause provides more information about an api.Status failure, including cases when multiple errors are encountered.", + "com.github.openshift.api.config.v1.ModernTLSProfile": { + "description": "ModernTLSProfile is a TLS security profile based on the \"modern\" configuration of the Mozilla Server Side TLS configuration guidelines.", + "type": "object" + }, + "com.github.openshift.api.config.v1.NamedCertificate": { + "description": "NamedCertificate specifies a certificate/key, and the names it should be served for", "type": "object", + "required": [ + "certFile", + "keyFile" + ], "properties": { - "field": { - "description": "The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional.\n\nExamples:\n \"name\" - the field \"name\" on the current resource\n \"items[0].name\" - the field \"name\" on the first array entry in \"items\"", - "type": "string" - }, - "message": { - "description": "A human-readable description of the cause of the error. This field may be presented as-is to a reader.", - "type": "string" + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", + "type": "string", + "default": "" }, - "reason": { - "description": "A machine-readable description of the cause of the error. If this value is empty there is no information available.", - "type": "string" + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" + }, + "names": { + "description": "names is a list of DNS names this certificate should be used to secure A name can be a normal DNS name, or can contain leading wildcard segments.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "StatusDetails.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "StatusDetails is a set of additional properties that MAY be set by the server to provide additional information about a response. The Reason field of a Status object defines what attributes will be set. Clients must ignore fields that do not match the defined type of each attribute, and should assume that any attribute may be empty, invalid, or under defined.", + "com.github.openshift.api.config.v1.Network": { + "description": "Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. Please view network.spec for an explanation on what applies when configuring this resource.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "spec" + ], "properties": { - "causes": { - "description": "The Causes array includes more details associated with the StatusReason failure. Not all StatusReasons may provide detailed causes.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/StatusCause.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-type": "atomic" - }, - "group": { - "description": "The group attribute of the resource associated with the status StatusReason.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "The kind attribute of the resource associated with the status StatusReason. On some operations may differ from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "name": { - "description": "The name attribute of the resource associated with the status StatusReason (when there is a single name which can be described).", - "type": "string" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "retryAfterSeconds": { - "description": "If specified, the time in seconds before the operation should be retried. Some errors may indicate the client must take an alternate action - for those errors this field may indicate how long to wait before taking the alternate action.", - "type": "integer", - "format": "int32" + "spec": { + "description": "spec holds user settable values for configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkSpec" }, - "uid": { - "description": "UID of the resource. (when there is a single resource which can be described). More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", - "type": "string" + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkStatus" } } }, - "StorageOSPersistentVolumeSource.v1.core.api.k8s.io": { - "description": "Represents a StorageOS persistent volume resource.", + "com.github.openshift.api.config.v1.NetworkDiagnostics": { "type": "object", "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.", - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + "mode": { + "description": "mode controls the network diagnostics mode\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is All.", + "type": "string", + "default": "" }, - "volumeName": { - "description": "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.", - "type": "string" + "sourcePlacement": { + "description": "sourcePlacement controls the scheduling of network diagnostics source deployment\n\nSee NetworkDiagnosticsSourcePlacement for more details about default values.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkDiagnosticsSourcePlacement" }, - "volumeNamespace": { - "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.", - "type": "string" + "targetPlacement": { + "description": "targetPlacement controls the scheduling of network diagnostics target daemonset\n\nSee NetworkDiagnosticsTargetPlacement for more details about default values.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkDiagnosticsTargetPlacement" } } }, - "StorageOSVolumeSource.v1.core.api.k8s.io": { - "description": "Represents a StorageOS persistent volume resource.", + "com.github.openshift.api.config.v1.NetworkDiagnosticsSourcePlacement": { + "description": "NetworkDiagnosticsSourcePlacement defines node scheduling configuration network diagnostics source components", "type": "object", "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" - }, - "volumeName": { - "description": "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.", - "type": "string" + "nodeSelector": { + "description": "nodeSelector is the node selector applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `kubernetes.io/os: linux`.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } }, - "volumeNamespace": { - "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.", - "type": "string" + "tolerations": { + "description": "tolerations is a list of tolerations applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is an empty list.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" + }, + "x-kubernetes-list-type": "atomic" } } }, - "Subject.v1.rbac.api.k8s.io": { - "description": "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names.", + "com.github.openshift.api.config.v1.NetworkDiagnosticsTargetPlacement": { + "description": "NetworkDiagnosticsTargetPlacement defines node scheduling configuration network diagnostics target components", "type": "object", - "required": [ - "kind", - "name" - ], "properties": { - "apiGroup": { - "description": "APIGroup holds the API group of the referenced subject. Defaults to \"\" for ServiceAccount subjects. Defaults to \"rbac.authorization.k8s.io\" for User and Group subjects.", - "type": "string" - }, - "kind": { - "description": "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\". If the Authorizer does not recognized the kind value, the Authorizer should report an error.", - "type": "string", - "default": "" - }, - "name": { - "description": "Name of the object being referenced.", - "type": "string", - "default": "" + "nodeSelector": { + "description": "nodeSelector is the node selector applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `kubernetes.io/os: linux`.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } }, - "namespace": { - "description": "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty the Authorizer should report an error.", - "type": "string" + "tolerations": { + "description": "tolerations is a list of tolerations applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `- operator: \"Exists\"` which means that all taints are tolerated.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" + }, + "x-kubernetes-list-type": "atomic" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "SubjectAccessReview.v1.authorization.api.k8s.io": { - "description": "SubjectAccessReview checks whether or not a user or group can perform an action.", + "com.github.openshift.api.config.v1.NetworkList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "spec" + "metadata", + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.Network" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "Spec holds information about the request being evaluated", - "default": {}, - "$ref": "#/definitions/SubjectAccessReviewSpec.v1.authorization.api.k8s.io" - }, - "status": { - "description": "Status is filled in by the server and indicates whether the request is allowed or not", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/SubjectAccessReviewStatus.v1.authorization.api.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "SubjectAccessReviewSpec.v1.authorization.api.k8s.io": { - "description": "SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set", + "com.github.openshift.api.config.v1.NetworkMigration": { + "description": "NetworkMigration represents the network migration status.", "type": "object", "properties": { - "extra": { - "description": "Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer it needs a reflection here.", - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string", - "default": "" - } - } - }, - "groups": { - "description": "Groups is the groups you're testing for.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "nonResourceAttributes": { - "description": "NonResourceAttributes describes information for a non-resource access request", - "$ref": "#/definitions/NonResourceAttributes.v1.authorization.api.k8s.io" - }, - "resourceAttributes": { - "description": "ResourceAuthorizationAttributes describes information for a resource access request", - "$ref": "#/definitions/ResourceAttributes.v1.authorization.api.k8s.io" - }, - "uid": { - "description": "UID information about the requesting user.", - "type": "string" + "mtu": { + "description": "mtu is the MTU configuration that is being deployed.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.MTUMigration" }, - "user": { - "description": "User is the user you're testing for. If you specify \"User\" but not \"Groups\", then is it interpreted as \"What if User were not a member of any groups", + "networkType": { + "description": "networkType is the target plugin that is being deployed. DEPRECATED: network type migration is no longer supported, so this should always be unset.", "type": "string" } } }, - "SubjectAccessReviewStatus.v1.authorization.api.k8s.io": { - "description": "SubjectAccessReviewStatus", + "com.github.openshift.api.config.v1.NetworkSpec": { + "description": "NetworkSpec is the desired network configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.", "type": "object", "required": [ - "allowed" + "clusterNetwork", + "serviceNetwork", + "networkType" ], "properties": { - "allowed": { - "description": "Allowed is required. True if the action would be allowed, false otherwise.", - "type": "boolean", - "default": false + "clusterNetwork": { + "description": "IP address pool to use for pod IPs. This field is immutable after installation.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterNetworkEntry" + }, + "x-kubernetes-list-type": "atomic" }, - "denied": { - "description": "Denied is optional. True if the action would be denied, otherwise false. If both allowed is false and denied is false, then the authorizer has no opinion on whether to authorize the action. Denied may not be true if Allowed is true.", - "type": "boolean" + "externalIP": { + "description": "externalIP defines configuration for controllers that affect Service.ExternalIP. If nil, then ExternalIP is not allowed to be set.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.ExternalIPConfig" }, - "evaluationError": { - "description": "EvaluationError is an indication that some error occurred during the authorization check. It is entirely possible to get an error and be able to continue determine authorization status in spite of it. For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.", - "type": "string" + "networkDiagnostics": { + "description": "networkDiagnostics defines network diagnostics configuration.\n\nTakes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. If networkDiagnostics is not specified or is empty, and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true, the network diagnostics feature will be disabled.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkDiagnostics" }, - "reason": { - "description": "Reason is optional. It indicates why a request was allowed or denied.", + "networkType": { + "description": "networkType is the plugin that is to be deployed (e.g. OVNKubernetes). This should match a value that the cluster-network-operator understands, or else no networking will be installed. Currently supported values are: - OVNKubernetes This field is immutable after installation.", + "type": "string", + "default": "" + }, + "serviceNetwork": { + "description": "IP address pool for services. Currently, we only support a single entry here. This field is immutable after installation.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "serviceNodePortRange": { + "description": "The port range allowed for Services of type NodePort. If not specified, the default of 30000-32767 will be used. Such Services without a NodePort specified will have one automatically allocated from this range. This parameter can be updated after the cluster is installed.", "type": "string" } } }, - "SubjectRulesReviewStatus.v1.authorization.api.k8s.io": { - "description": "SubjectRulesReviewStatus contains the result of a rules check. This check can be incomplete depending on the set of authorizers the server is configured with and any errors experienced during evaluation. Because authorization rules are additive, if a rule appears in a list it's safe to assume the subject has that permission, even if that list is incomplete.", + "com.github.openshift.api.config.v1.NetworkStatus": { + "description": "NetworkStatus is the current network configuration.", "type": "object", - "required": [ - "resourceRules", - "nonResourceRules", - "incomplete" - ], "properties": { - "evaluationError": { - "description": "EvaluationError can appear in combination with Rules. It indicates an error occurred during rule evaluation, such as an authorizer that doesn't support rule evaluation, and that ResourceRules and/or NonResourceRules may be incomplete.", - "type": "string" - }, - "incomplete": { - "description": "Incomplete is true when the rules returned by this call are incomplete. This is most commonly encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation.", - "type": "boolean", - "default": false - }, - "nonResourceRules": { - "description": "NonResourceRules is the list of actions the subject is allowed to perform on non-resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.", + "clusterNetwork": { + "description": "IP address pool to use for pod IPs.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/NonResourceRule.v1.authorization.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterNetworkEntry" }, "x-kubernetes-list-type": "atomic" }, - "resourceRules": { - "description": "ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.", + "clusterNetworkMTU": { + "description": "clusterNetworkMTU is the MTU for inter-pod networking.", + "type": "integer", + "format": "int32" + }, + "conditions": { + "description": "conditions represents the observations of a network.config current state. Known .status.conditions.type are: \"NetworkDiagnosticsAvailable\"", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/ResourceRule.v1.authorization.api.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "migration": { + "description": "migration contains the cluster network migration configuration.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkMigration" + }, + "networkType": { + "description": "networkType is the plugin that is deployed (e.g. OVNKubernetes).", + "type": "string" + }, + "serviceNetwork": { + "description": "IP address pool for services. Currently, we only support a single entry here.", + "type": "array", + "items": { + "type": "string", + "default": "" }, "x-kubernetes-list-type": "atomic" } } }, - "Sysctl.v1.core.api.k8s.io": { - "description": "Sysctl defines a kernel parameter to be set", + "com.github.openshift.api.config.v1.Node": { + "description": "Node holds cluster-wide information about node specific features.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "name", - "value" + "spec" ], "properties": { - "name": { - "description": "Name of a property to set", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "value": { - "description": "Value of a property to set", - "type": "string", - "default": "" - } - } - }, - "TCPSocketAction.v1.core.api.k8s.io": { - "description": "TCPSocketAction describes an action based on opening a socket", - "type": "object", - "required": [ - "port" - ], - "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "port": { - "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", - "$ref": "#/definitions/IntOrString.intstr.util.pkg.apimachinery.k8s.io" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NodeSpec" + }, + "status": { + "description": "status holds observed values.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NodeStatus" } } }, - "Table.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "Table is a tabular representation of a set of API resources. The server transforms the object into a set of preferred columns for quickly reviewing the objects.", + "com.github.openshift.api.config.v1.NodeList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "columnDefinitions", - "rows" + "metadata", + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "columnDefinitions": { - "description": "columnDefinitions describes each column in the returned items array. The number of cells per row will always match the number of column definitions.", + "items": { "type": "array", "items": { "default": {}, - "$ref": "#/definitions/TableColumnDefinition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.config.v1.Node" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + } + }, + "com.github.openshift.api.config.v1.NodeSpec": { + "type": "object", + "properties": { + "cgroupMode": { + "description": "cgroupMode determines the cgroups version on the node", + "type": "string" }, - "rows": { - "description": "rows is the list of items in the table.", + "minimumKubeletVersion": { + "description": "minimumKubeletVersion is the lowest version of a kubelet that can join the cluster. Specifically, the apiserver will deny most authorization requests of kubelets that are older than the specified version, only allowing the kubelet to get and update its node object, and perform subjectaccessreviews. This means any kubelet that attempts to join the cluster will not be able to run any assigned workloads, and will eventually be marked as not ready. Its max length is 8, so maximum version allowed is either \"9.999.99\" or \"99.99.99\". Since the kubelet reports the version of the kubernetes release, not Openshift, this field references the underlying kubernetes version this version of Openshift is based off of. In other words: if an admin wishes to ensure no nodes run an older version than Openshift 4.17, then they should set the minimumKubeletVersion to 1.30.0. When comparing versions, the kubelet's version is stripped of any contents outside of major.minor.patch version. Thus, a kubelet with version \"1.0.0-ec.0\" will be compatible with minimumKubeletVersion \"1.0.0\" or earlier.", + "type": "string", + "default": "" + }, + "workerLatencyProfile": { + "description": "workerLatencyProfile determins the how fast the kubelet is updating the status and corresponding reaction of the cluster", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1.NodeStatus": { + "type": "object", + "properties": { + "conditions": { + "description": "conditions contain the details and the current state of the nodes.config object", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/TableRow.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" } } }, - "TableColumnDefinition.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "TableColumnDefinition contains information about a column returned in the Table.", + "com.github.openshift.api.config.v1.NutanixFailureDomain": { + "description": "NutanixFailureDomain configures failure domain information for the Nutanix platform.", "type": "object", "required": [ "name", - "type", - "format", - "description", - "priority" + "cluster", + "subnets" ], "properties": { - "description": { - "description": "description is a human readable description of this column.", - "type": "string", - "default": "" - }, - "format": { - "description": "format is an optional OpenAPI type modifier for this column. A format modifies the type and imposes additional rules, like date or time formatting for a string. The 'name' format is applied to the primary identifier column which has type 'string' to assist in clients identifying column is the resource name. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more.", - "type": "string", - "default": "" + "cluster": { + "description": "cluster is to identify the cluster (the Prism Element under management of the Prism Central), in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixResourceIdentifier" }, "name": { - "description": "name is a human readable name for the column.", + "description": "name defines the unique name of a failure domain. Name is required and must be at most 64 characters in length. It must consist of only lower case alphanumeric characters and hyphens (-). It must start and end with an alphanumeric character. This value is arbitrary and is used to identify the failure domain within the platform.", "type": "string", "default": "" }, - "priority": { - "description": "priority is an integer defining the relative importance of this column compared to others. Lower numbers are considered higher priority. Columns that may be omitted in limited space scenarios should be given a higher priority.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "type": { - "description": "type is an OpenAPI type definition for this column, such as number, integer, string, or array. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more.", - "type": "string", - "default": "" + "subnets": { + "description": "subnets holds a list of identifiers (one or more) of the cluster's network subnets If the feature gate NutanixMultiSubnets is enabled, up to 32 subnets may be configured. for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixResourceIdentifier" + }, + "x-kubernetes-list-type": "atomic" } } }, - "TableOptions.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "TableOptions are used when a Table is requested by the caller.", + "com.github.openshift.api.config.v1.NutanixPlatformLoadBalancer": { + "description": "NutanixPlatformLoadBalancer defines the load balancer used by the cluster on Nutanix platform.", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "includeObject": { - "description": "includeObject decides whether to include each object along with its columnar information. Specifying \"None\" will return no object, specifying \"Object\" will return the full object contents, and specifying \"Metadata\" (the default) will return the object's metadata in the PartialObjectMetadata kind in version v1beta1 of the meta.k8s.io API group.", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "type": { + "description": "type defines the type of load balancer used by the cluster on Nutanix platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", + "type": "string", + "default": "OpenShiftManagedDefault" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": {} + } + ] }, - "TableRow.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "TableRow is an individual row in a table.", + "com.github.openshift.api.config.v1.NutanixPlatformSpec": { + "description": "NutanixPlatformSpec holds the desired state of the Nutanix infrastructure provider. This only includes fields that can be modified in the cluster.", "type": "object", "required": [ - "cells" + "prismCentral", + "prismElements" ], "properties": { - "cells": { - "description": "cells will be as wide as the column definitions array and may contain strings, numbers (float64 or int64), booleans, simple maps, lists, or null. See the type field of the column definition for a more detailed description.", + "failureDomains": { + "description": "failureDomains configures failure domains information for the Nutanix platform. When set, the failure domains defined here may be used to spread Machines across prism element clusters to improve fault tolerance of the cluster.", "type": "array", "items": { - "type": "object" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixFailureDomain" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "conditions": { - "description": "conditions describe additional status of a row that are relevant for a human user. These conditions apply to the row, not to the object, and will be specific to table output. The only defined condition type is 'Completed', for a row that indicates a resource that has run to completion and can be given less visual priority.", + "prismCentral": { + "description": "prismCentral holds the endpoint address and port to access the Nutanix Prism Central. When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixPrismEndpoint" + }, + "prismElements": { + "description": "prismElements holds one or more endpoint address and port data to access the Nutanix Prism Elements (clusters) of the Nutanix Prism Central. Currently we only support one Prism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.) used in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.) spread over multiple Prism Elements (clusters) of the Prism Central.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/TableRowCondition.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixPrismElementEndpoint" }, - "x-kubernetes-list-type": "atomic" - }, - "object": { - "description": "This field contains the requested additional information about each object based on the includeObject policy when requesting the Table. If \"None\", this field is empty, if \"Object\" this will be the default serialization of the object for the current API version, and if \"Metadata\" (the default) will contain the object metadata. Check the returned kind and apiVersion of the object before parsing. The media type of the object will always match the enclosing list - if this as a JSON table, these will be JSON encoded objects.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } } }, - "TableRowCondition.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "TableRowCondition allows a row to be marked with additional information.", + "com.github.openshift.api.config.v1.NutanixPlatformStatus": { + "description": "NutanixPlatformStatus holds the current status of the Nutanix infrastructure provider.", "type": "object", "required": [ - "type", - "status" + "apiServerInternalIPs", + "ingressIPs" ], "properties": { - "message": { - "description": "Human readable message indicating details about last transition.", + "apiServerInternalIP": { + "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", "type": "string" }, - "reason": { - "description": "(brief) machine readable reason for the condition's last transition.", - "type": "string" + "apiServerInternalIPs": { + "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" }, - "status": { - "description": "Status of the condition, one of True, False, Unknown.", + "dnsRecordsType": { + "description": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.\n\nPossible enum values:\n - `\"External\"`\n - `\"Internal\"`", "type": "string", - "default": "" + "enum": [ + "External", + "Internal" + ] }, - "type": { - "description": "Type of row condition. The only defined value is 'Completed' indicating that the object this row represents has reached a completed state and may be given less visual priority than other rows. Clients are not required to honor any conditions but should be consistent where possible about handling the conditions.", - "type": "string", - "default": "" + "ingressIP": { + "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", + "type": "string" + }, + "ingressIPs": { + "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" + }, + "loadBalancer": { + "description": "loadBalancer defines how the load balancer used by the cluster is configured.", + "default": { + "type": "OpenShiftManagedDefault" + }, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixPlatformLoadBalancer" } } }, - "Taint.v1.core.api.k8s.io": { - "description": "The node this Taint is attached to has the \"effect\" on any pod that does not tolerate the Taint.", + "com.github.openshift.api.config.v1.NutanixPrismElementEndpoint": { + "description": "NutanixPrismElementEndpoint holds the name and endpoint data for a Prism Element (cluster)", "type": "object", "required": [ - "key", - "effect" + "name", + "endpoint" ], "properties": { - "effect": { - "description": "Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute.\n\nPossible enum values:\n - `\"NoExecute\"` Evict any already-running pods that do not tolerate the taint. Currently enforced by NodeController.\n - `\"NoSchedule\"` Do not allow new pods to schedule onto the node unless they tolerate the taint, but allow all pods submitted to Kubelet without going through the scheduler to start, and allow all already-running pods to continue running. Enforced by the scheduler.\n - `\"PreferNoSchedule\"` Like TaintEffectNoSchedule, but the scheduler tries not to schedule new pods onto the node, rather than prohibiting new pods from scheduling onto the node entirely. Enforced by the scheduler.", - "type": "string", - "default": "", - "enum": [ - "NoExecute", - "NoSchedule", - "PreferNoSchedule" - ] + "endpoint": { + "description": "endpoint holds the endpoint address and port data of the Prism Element (cluster). When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixPrismEndpoint" }, - "key": { - "description": "Required. The taint key to be applied to a node.", + "name": { + "description": "name is the name of the Prism Element (cluster). This value will correspond with the cluster field configured on other resources (eg Machines, PVCs, etc).", "type": "string", "default": "" - }, - "timeAdded": { - "description": "TimeAdded represents the time at which the taint was added.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "value": { - "description": "The taint value corresponding to the taint key.", - "type": "string" } } }, - "Time.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", - "type": "string", - "format": "date-time" - }, - "Timestamp.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "Timestamp is a struct that is equivalent to Time, but intended for protobuf marshalling/unmarshalling. It is generated into a serialization that matches Time. Do not use in Go structs.", + "com.github.openshift.api.config.v1.NutanixPrismEndpoint": { + "description": "NutanixPrismEndpoint holds the endpoint address and port to access the Nutanix Prism Central or Element (cluster)", "type": "object", "required": [ - "seconds", - "nanos" + "address", + "port" ], "properties": { - "nanos": { - "description": "Non-negative fractions of a second at nanosecond resolution. Negative second values with fractions must still have non-negative nanos values that count forward in time. Must be from 0 to 999,999,999 inclusive. This field may be limited in precision depending on context.", - "type": "integer", - "format": "int32", - "default": 0 + "address": { + "description": "address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster)", + "type": "string", + "default": "" }, - "seconds": { - "description": "Represents seconds of UTC time since Unix epoch 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59Z inclusive.", + "port": { + "description": "port is the port number to access the Nutanix Prism Central or Element (cluster)", "type": "integer", - "format": "int64", + "format": "int32", "default": 0 } } }, - "Toleration.v1.core.api.k8s.io": { - "description": "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator .", + "com.github.openshift.api.config.v1.NutanixResourceIdentifier": { + "description": "NutanixResourceIdentifier holds the identity of a Nutanix PC resource (cluster, image, subnet, etc.)", "type": "object", + "required": [ + "type" + ], "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.\n\nPossible enum values:\n - `\"NoExecute\"` Evict any already-running pods that do not tolerate the taint. Currently enforced by NodeController.\n - `\"NoSchedule\"` Do not allow new pods to schedule onto the node unless they tolerate the taint, but allow all pods submitted to Kubelet without going through the scheduler to start, and allow all already-running pods to continue running. Enforced by the scheduler.\n - `\"PreferNoSchedule\"` Like TaintEffectNoSchedule, but the scheduler tries not to schedule new pods onto the node, rather than prohibiting new pods from scheduling onto the node entirely. Enforced by the scheduler.", - "type": "string", - "enum": [ - "NoExecute", - "NoSchedule", - "PreferNoSchedule" - ] - }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "name": { + "description": "name is the resource name in the PC. It cannot be empty if the type is Name.", "type": "string" }, - "operator": { - "description": "Operator represents a key's relationship to the value. Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).\n\nPossible enum values:\n - `\"Equal\"`\n - `\"Exists\"`\n - `\"Gt\"`\n - `\"Lt\"`", + "type": { + "description": "type is the identifier type to use for this resource.", "type": "string", - "enum": [ - "Equal", - "Exists", - "Gt", - "Lt" - ] - }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", - "type": "integer", - "format": "int64" + "default": "" }, - "value": { - "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", + "uuid": { + "description": "uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID.", "type": "string" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "name": "Name", + "uuid": "UUID" + } + } + ] }, - "TopologySelectorLabelRequirement.v1.core.api.k8s.io": { - "description": "A topology selector requirement is a selector that matches given label. This is an alpha feature and may change in the future.", + "com.github.openshift.api.config.v1.OAuth": { + "description": "OAuth holds cluster-wide information about OAuth. The canonical name is `cluster`. It is used to configure the integrated OAuth server. This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "key", - "values" + "metadata", + "spec" ], "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "values": { - "description": "An array of string values. One value must match the label to be selected. Each entry in Values is ORed.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.OAuthSpec" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.OAuthStatus" } } }, - "TopologySelectorTerm.v1.core.api.k8s.io": { - "description": "A topology selector term represents the result of label queries. A null or empty topology selector term matches no objects. The requirements of them are ANDed. It provides a subset of functionality as NodeSelectorTerm. This is an alpha feature and may change in the future.", + "com.github.openshift.api.config.v1.OAuthList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { - "matchLabelExpressions": { - "description": "A list of topology selector requirements by labels.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { "type": "array", "items": { "default": {}, - "$ref": "#/definitions/TopologySelectorLabelRequirement.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.config.v1.OAuth" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "TopologySpreadConstraint.v1.core.api.k8s.io": { - "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", + "com.github.openshift.api.config.v1.OAuthRemoteConnectionInfo": { + "description": "OAuthRemoteConnectionInfo holds information necessary for establishing a remote connection", "type": "object", "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" + "url" ], "properties": { - "labelSelector": { - "description": "LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.", - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "maxSkew": { - "description": "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "minDomains": { - "description": "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew.", - "type": "integer", - "format": "int32" + "ca": { + "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "nodeAffinityPolicy": { - "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\n\nPossible enum values:\n - `\"Honor\"` means use this scheduling directive when calculating pod topology spread skew.\n - `\"Ignore\"` means ignore this scheduling directive when calculating pod topology spread skew.", - "type": "string", - "enum": [ - "Honor", - "Ignore" - ] + "tlsClientCert": { + "description": "tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key \"tls.crt\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" }, - "nodeTaintsPolicy": { - "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\n\nPossible enum values:\n - `\"Honor\"` means use this scheduling directive when calculating pod topology spread skew.\n - `\"Ignore\"` means ignore this scheduling directive when calculating pod topology spread skew.", - "type": "string", - "enum": [ - "Honor", - "Ignore" - ] + "tlsClientKey": { + "description": "tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key \"tls.key\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" }, - "topologyKey": { - "description": "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field.", + "url": { + "description": "url is the remote URL to connect to", "type": "string", "default": "" - }, - "whenUnsatisfiable": { - "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.\n\nPossible enum values:\n - `\"DoNotSchedule\"` instructs the scheduler not to schedule the pod when constraints are not satisfied.\n - `\"ScheduleAnyway\"` instructs the scheduler to schedule the pod even if constraints are not satisfied.", - "type": "string", - "default": "", - "enum": [ - "DoNotSchedule", - "ScheduleAnyway" - ] } } }, - "TypeChecking.v1.admissionregistration.api.k8s.io": { - "description": "TypeChecking contains results of type checking the expressions in the ValidatingAdmissionPolicy", + "com.github.openshift.api.config.v1.OAuthSpec": { + "description": "OAuthSpec contains desired cluster auth configuration", "type": "object", + "required": [ + "tokenConfig" + ], "properties": { - "expressionWarnings": { - "description": "The type checking warnings for each expression.", + "identityProviders": { + "description": "identityProviders is an ordered list of ways for a user to identify themselves. When this list is empty, no identities are provisioned for users.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/ExpressionWarning.v1.admissionregistration.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.IdentityProvider" }, "x-kubernetes-list-type": "atomic" - } - } - }, - "TypeMeta.runtime.pkg.apimachinery.k8s.io": { - "description": "TypeMeta is shared by all top level objects. The proper way to use it is to inline it in your type, like this:\n\n\ttype MyAwesomeAPIObject struct {\n\t runtime.TypeMeta `json:\",inline\"`\n\t ... // other fields\n\t}\n\nfunc (obj *MyAwesomeAPIObject) SetGroupVersionKind(gvk *metav1.GroupVersionKind) { metav1.UpdateTypeMeta(obj,gvk) }; GroupVersionKind() *GroupVersionKind\n\nTypeMeta is provided here for convenience. You may use it directly from this package or define your own with the same fields.", - "type": "object", - "properties": { - "apiVersion": { - "type": "string" }, - "kind": { - "type": "string" + "templates": { + "description": "templates allow you to customize pages like the login page.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.OAuthTemplates" + }, + "tokenConfig": { + "description": "tokenConfig contains options for authorization and access tokens", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenConfig" } } }, - "TypeMeta.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "TypeMeta describes an individual object in an API response or request with strings representing the type of the object and its API schema version. Structures that are versioned or persisted should inline TypeMeta.", + "com.github.openshift.api.config.v1.OAuthStatus": { + "description": "OAuthStatus shows current known state of OAuth server in the cluster", + "type": "object" + }, + "com.github.openshift.api.config.v1.OAuthTemplates": { + "description": "OAuthTemplates allow for customization of pages like the login page", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "error": { + "description": "error is the name of a secret that specifies a go template to use to render error pages during the authentication or grant flow. The key \"errors.html\" is used to locate the template data. If specified and the secret or expected key is not found, the default error page is used. If the specified template is not valid, the default error page is used. If unspecified, the default error page is used. The namespace for this secret is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "login": { + "description": "login is the name of a secret that specifies a go template to use to render the login page. The key \"login.html\" is used to locate the template data. If specified and the secret or expected key is not found, the default login page is used. If the specified template is not valid, the default login page is used. If unspecified, the default login page is used. The namespace for this secret is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + }, + "providerSelection": { + "description": "providerSelection is the name of a secret that specifies a go template to use to render the provider selection page. The key \"providers.html\" is used to locate the template data. If specified and the secret or expected key is not found, the default provider selection page is used. If the specified template is not valid, the default provider selection page is used. If unspecified, the default provider selection page is used. The namespace for this secret is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" } } }, - "TypedLocalObjectReference.v1.core.api.k8s.io": { - "description": "TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.", + "com.github.openshift.api.config.v1.OIDCClientConfig": { + "description": "OIDCClientConfig configures how platform clients interact with identity providers as an authentication method.", "type": "object", "required": [ - "kind", - "name" + "componentName", + "componentNamespace", + "clientID" ], "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", - "type": "string" + "clientID": { + "description": "clientID is a required field that configures the client identifier, from the identity provider, that the platform component uses for authentication requests made to the identity provider. The identity provider must accept this identifier for platform components to be able to use the identity provider as an authentication mode.\n\nclientID must not be an empty string (\"\").", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is the type of resource being referenced", + "clientSecret": { + "description": "clientSecret is an optional field that configures the client secret used by the platform component when making authentication requests to the identity provider.\n\nWhen not specified, no client secret will be used when making authentication requests to the identity provider.\n\nWhen specified, clientSecret references a Secret in the 'openshift-config' namespace that contains the client secret in the 'clientSecret' key of the '.data' field.\n\nThe client secret will be used when making authentication requests to the identity provider.\n\nPublic clients do not require a client secret but private clients do require a client secret to work with the identity provider.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + }, + "componentName": { + "description": "componentName is a required field that specifies the name of the platform component being configured to use the identity provider as an authentication mode.\n\nIt is used in combination with componentNamespace as a unique identifier.\n\ncomponentName must not be an empty string (\"\") and must not exceed 256 characters in length.", "type": "string", "default": "" }, - "name": { - "description": "Name is the name of resource being referenced", + "componentNamespace": { + "description": "componentNamespace is a required field that specifies the namespace in which the platform component being configured to use the identity provider as an authentication mode is running.\n\nIt is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", "type": "string", "default": "" + }, + "extraScopes": { + "description": "extraScopes is an optional field that configures the extra scopes that should be requested by the platform component when making authentication requests to the identity provider. This is useful if you have configured claim mappings that requires specific scopes to be requested beyond the standard OIDC scopes.\n\nWhen omitted, no additional scopes are requested.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "TypedObjectReference.v1.core.api.k8s.io": { - "description": "TypedObjectReference contains enough information to let you locate the typed referenced object", + "com.github.openshift.api.config.v1.OIDCClientReference": { + "description": "OIDCClientReference is a reference to a platform component client configuration.", "type": "object", "required": [ - "kind", - "name" + "oidcProviderName", + "issuerURL", + "clientID" ], "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", + "clientID": { + "description": "clientID is a required field that specifies the client identifier, from the identity provider, that the platform component is using for authentication requests made to the identity provider.\n\nclientID must not be empty.", "type": "string", "default": "" }, - "name": { - "description": "Name is the name of resource being referenced", + "issuerURL": { + "description": "issuerURL is a required field that specifies the URL of the identity provider that this client is configured to make requests against.\n\nissuerURL must use the 'https' scheme.", "type": "string", "default": "" }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" + "oidcProviderName": { + "description": "oidcProviderName is a required reference to the 'name' of the identity provider configured in 'oidcProviders' that this client is associated with.\n\noidcProviderName must not be an empty string (\"\").", + "type": "string", + "default": "" } } }, - "Unknown.runtime.pkg.apimachinery.k8s.io": { - "description": "Unknown allows api objects with unknown types to be passed-through. This can be used to deal with the API objects from a plug-in. Unknown objects still have functioning TypeMeta features-- kind, version, etc. metadata and field mutatation.", + "com.github.openshift.api.config.v1.OIDCClientStatus": { + "description": "OIDCClientStatus represents the current state of platform components and how they interact with the configured identity providers.", "type": "object", "required": [ - "ContentEncoding", - "ContentType" + "componentName", + "componentNamespace" ], "properties": { - "ContentEncoding": { - "description": "ContentEncoding is encoding used to encode 'Raw' data. Unspecified means no encoding.", + "componentName": { + "description": "componentName is a required field that specifies the name of the platform component using the identity provider as an authentication mode. It is used in combination with componentNamespace as a unique identifier.\n\ncomponentName must not be an empty string (\"\") and must not exceed 256 characters in length.", "type": "string", "default": "" }, - "ContentType": { - "description": "ContentType is serialization method used to serialize 'Raw'. Unspecified means ContentTypeJSON.", + "componentNamespace": { + "description": "componentNamespace is a required field that specifies the namespace in which the platform component using the identity provider as an authentication mode is running.\n\nIt is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", "type": "string", "default": "" }, - "apiVersion": { - "type": "string" + "conditions": { + "description": "conditions are used to communicate the state of the `oidcClients` entry.\n\nSupported conditions include Available, Degraded and Progressing.\n\nIf Available is true, the component is successfully using the configured client. If Degraded is true, that means something has gone wrong trying to handle the client configuration. If Progressing is true, that means the component is taking some action related to the `oidcClients` entry.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "kind": { - "type": "string" + "consumingUsers": { + "description": "consumingUsers is an optional list of ServiceAccounts requiring read permissions on the `clientSecret` secret.\n\nconsumingUsers must not exceed 5 entries.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" + }, + "currentOIDCClients": { + "description": "currentOIDCClients is an optional list of clients that the component is currently using.\n\nEntries must have unique issuerURL/clientID pairs.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.OIDCClientReference" + }, + "x-kubernetes-list-map-keys": [ + "issuerURL", + "clientID" + ], + "x-kubernetes-list-type": "map" } } }, - "UpdateOptions.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "UpdateOptions may be provided when updating an API object. All fields in UpdateOptions should also be present in PatchOptions.", + "com.github.openshift.api.config.v1.OIDCProvider": { "type": "object", + "required": [ + "name", + "issuer", + "claimMappings" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "claimMappings": { + "description": "claimMappings is a required field that configures the rules to be used by the Kubernetes API server for translating claims in a JWT token, issued by the identity provider, to a cluster identity.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenClaimMappings" }, - "dryRun": { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "claimValidationRules": { + "description": "claimValidationRules is an optional field that configures the rules to be used by the Kubernetes API server for validating the claims in a JWT token issued by the identity provider.\n\nValidation rules are joined via an AND operation.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenClaimValidationRule" }, "x-kubernetes-list-type": "atomic" }, - "fieldManager": { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "type": "string" + "issuer": { + "description": "issuer is a required field that configures how the platform interacts with the identity provider and how tokens issued from the identity provider are evaluated by the Kubernetes API server.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenIssuer" }, - "fieldValidation": { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "type": "string" + "name": { + "description": "name is a required field that configures the unique human-readable identifier associated with the identity provider. It is used to distinguish between multiple identity providers and has no impact on token validation or authentication mechanics.\n\nname must not be an empty string (\"\").", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - } - } - }, - "ValidatingAdmissionPolicy.v1.admissionregistration.api.k8s.io": { - "description": "ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "Specification of the desired behavior of the ValidatingAdmissionPolicy.", - "default": {}, - "$ref": "#/definitions/ValidatingAdmissionPolicySpec.v1.admissionregistration.api.k8s.io" - }, - "status": { - "description": "The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.", - "default": {}, - "$ref": "#/definitions/ValidatingAdmissionPolicyStatus.v1.admissionregistration.api.k8s.io" - } - } - }, - "ValidatingAdmissionPolicyBinding.v1.admissionregistration.api.k8s.io": { - "description": "ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.\n\nFor a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.\n\nThe CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "oidcClients": { + "description": "oidcClients is an optional field that configures how on-cluster, platform clients should request tokens from the identity provider. oidcClients must not exceed 20 entries and entries must have unique namespace/name pairs.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.OIDCClientConfig" + }, + "x-kubernetes-list-map-keys": [ + "componentNamespace", + "componentName" + ], + "x-kubernetes-list-type": "map" }, - "spec": { - "description": "Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.", - "default": {}, - "$ref": "#/definitions/ValidatingAdmissionPolicyBindingSpec.v1.admissionregistration.api.k8s.io" + "userValidationRules": { + "description": "userValidationRules is an optional field that configures the set of rules used to validate the cluster user identity that was constructed via mapping token claims to user identity attributes. Rules are CEL expressions that must evaluate to 'true' for authentication to succeed. If any rule in the chain of rules evaluates to 'false', authentication will fail. When specified, at least one rule must be specified and no more than 64 rules may be specified.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenUserValidationRule" + }, + "x-kubernetes-list-map-keys": [ + "expression" + ], + "x-kubernetes-list-type": "map" } } }, - "ValidatingAdmissionPolicyBindingList.v1.admissionregistration.api.k8s.io": { - "description": "ValidatingAdmissionPolicyBindingList is a list of ValidatingAdmissionPolicyBinding.", + "com.github.openshift.api.config.v1.ObjectReference": { + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", "type": "object", "required": [ - "items" + "group", + "resource", + "name" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "group": { + "description": "group of the referent.", + "type": "string", + "default": "" }, - "items": { - "description": "List of PolicyBinding.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/ValidatingAdmissionPolicyBinding.v1.admissionregistration.api.k8s.io" - } + "name": { + "description": "name of the referent.", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "namespace": { + "description": "namespace of the referent.", "type": "string" }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "resource": { + "description": "resource of the referent.", + "type": "string", + "default": "" } } }, - "ValidatingAdmissionPolicyBindingSpec.v1.admissionregistration.api.k8s.io": { - "description": "ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.", + "com.github.openshift.api.config.v1.OldTLSProfile": { + "description": "OldTLSProfile is a TLS security profile based on the \"old\" configuration of the Mozilla Server Side TLS configuration guidelines.", + "type": "object" + }, + "com.github.openshift.api.config.v1.OpenIDClaims": { + "description": "OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider", "type": "object", "properties": { - "matchResources": { - "description": "MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.", - "$ref": "#/definitions/MatchResources.v1.admissionregistration.api.k8s.io" + "email": { + "description": "email is the list of claims whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "paramRef": { - "description": "paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.", - "$ref": "#/definitions/ParamRef.v1.admissionregistration.api.k8s.io" + "groups": { + "description": "groups is the list of claims value of which should be used to synchronize groups from the OIDC provider to OpenShift for the user. If multiple claims are specified, the first one with a non-empty value is used.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "policyName": { - "description": "PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.", - "type": "string" + "name": { + "description": "name is the list of claims whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "validationActions": { - "description": "validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.\n\nFailures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.\n\nvalidationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.\n\nThe supported actions values are:\n\n\"Deny\" specifies that a validation failure results in a denied request.\n\n\"Warn\" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.\n\n\"Audit\" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `\"validation.policy.admission.k8s.io/validation_failure\": \"[{\\\"message\\\": \\\"Invalid value\\\", {\\\"policy\\\": \\\"policy.example.com\\\", {\\\"binding\\\": \\\"policybinding.example.com\\\", {\\\"expressionIndex\\\": \\\"1\\\", {\\\"validationActions\\\": [\\\"Audit\\\"]}]\"`\n\nClients should expect to handle additional values by ignoring any values not recognized.\n\n\"Deny\" and \"Warn\" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.\n\nRequired.", + "preferredUsername": { + "description": "preferredUsername is the list of claims whose values should be used as the preferred username. If unspecified, the preferred username is determined from the value of the sub claim", "type": "array", "items": { "type": "string", - "default": "", - "enum": [ - "Audit", - "Deny", - "Warn" - ] + "default": "" }, - "x-kubernetes-list-type": "set" + "x-kubernetes-list-type": "atomic" } } }, - "ValidatingAdmissionPolicyList.v1.admissionregistration.api.k8s.io": { - "description": "ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy.", + "com.github.openshift.api.config.v1.OpenIDIdentityProvider": { + "description": "OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials", "type": "object", "required": [ - "items" + "clientID", + "clientSecret", + "issuer", + "claims" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "ca": { + "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "items": { - "description": "List of ValidatingAdmissionPolicy.", + "claims": { + "description": "claims mappings", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.OpenIDClaims" + }, + "clientID": { + "description": "clientID is the oauth client ID", + "type": "string", + "default": "" + }, + "clientSecret": { + "description": "clientSecret is a required reference to the secret by name containing the oauth client secret. The key \"clientSecret\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + }, + "extraAuthorizeParameters": { + "description": "extraAuthorizeParameters are any custom parameters to add to the authorize request.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "extraScopes": { + "description": "extraScopes are any scopes to request in addition to the standard \"openid\" scope.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/ValidatingAdmissionPolicy.v1.admissionregistration.api.k8s.io" + "type": "string", + "default": "" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "issuer": { + "description": "issuer is the URL that the OpenID Provider asserts as its Issuer Identifier. It must use the https scheme with no query or fragment component.", + "type": "string", + "default": "" } } }, - "ValidatingAdmissionPolicySpec.v1.admissionregistration.api.k8s.io": { - "description": "ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.", + "com.github.openshift.api.config.v1.OpenStackPlatformLoadBalancer": { + "description": "OpenStackPlatformLoadBalancer defines the load balancer used by the cluster on OpenStack platform.", "type": "object", "properties": { - "auditAnnotations": { - "description": "auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/AuditAnnotation.v1.admissionregistration.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" - }, - "failurePolicy": { - "description": "failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.\n\nA policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource.\n\nfailurePolicy does not define how validations that evaluate to false are handled.\n\nWhen failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.\n\nAllowed values are Ignore or Fail. Defaults to Fail.\n\nPossible enum values:\n - `\"Fail\"` means that an error calling the webhook causes the admission to fail.\n - `\"Ignore\"` means that an error calling the webhook is ignored.", + "type": { + "description": "type defines the type of load balancer used by the cluster on OpenStack platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", "type": "string", - "enum": [ - "Fail", - "Ignore" - ] - }, - "matchConditions": { - "description": "MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nIf a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.\n\nThe exact matching logic is (in order):\n 1. If ANY matchCondition evaluates to FALSE, the policy is skipped.\n 2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.\n 3. If any matchCondition evaluates to an error (but none are FALSE):\n - If failurePolicy=Fail, reject the request\n - If failurePolicy=Ignore, the policy is skipped", + "default": "OpenShiftManagedDefault" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": {} + } + ] + }, + "com.github.openshift.api.config.v1.OpenStackPlatformSpec": { + "description": "OpenStackPlatformSpec holds the desired state of the OpenStack infrastructure provider. This only includes fields that can be modified in the cluster.", + "type": "object", + "properties": { + "apiServerInternalIPs": { + "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/MatchCondition.v1.admissionregistration.api.k8s.io" + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" - }, - "matchConstraints": { - "description": "MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request if it matches _all_ Constraints. However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Required.", - "$ref": "#/definitions/MatchResources.v1.admissionregistration.api.k8s.io" - }, - "paramKind": { - "description": "ParamKind specifies the kind of resources used to parameterize this policy. If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.", - "$ref": "#/definitions/ParamKind.v1.admissionregistration.api.k8s.io" + "x-kubernetes-list-type": "atomic" }, - "validations": { - "description": "Validations contain CEL expressions which is used to apply the validation. Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is required.", + "ingressIPs": { + "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/Validation.v1.admissionregistration.api.k8s.io" + "type": "string", + "default": "" }, "x-kubernetes-list-type": "atomic" }, - "variables": { - "description": "Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.\n\nThe expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Variable.v1.admissionregistration.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" - } - } - }, - "ValidatingAdmissionPolicyStatus.v1.admissionregistration.api.k8s.io": { - "description": "ValidatingAdmissionPolicyStatus represents the status of an admission validation policy.", - "type": "object", - "properties": { - "conditions": { - "description": "The conditions represent the latest available observations of a policy's current state.", + "machineNetworks": { + "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example \"10.0.0.0/8\" or \"fd00::/8\".", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "observedGeneration": { - "description": "The generation observed by the controller.", - "type": "integer", - "format": "int64" - }, - "typeChecking": { - "description": "The results of type checking for each expression. Presence of this field indicates the completion of the type checking.", - "$ref": "#/definitions/TypeChecking.v1.admissionregistration.api.k8s.io" + "x-kubernetes-list-type": "atomic" } } }, - "ValidatingWebhook.v1.admissionregistration.api.k8s.io": { - "description": "ValidatingWebhook describes an admission webhook and the resources and operations it applies to.", + "com.github.openshift.api.config.v1.OpenStackPlatformStatus": { + "description": "OpenStackPlatformStatus holds the current status of the OpenStack infrastructure provider.", "type": "object", "required": [ - "name", - "clientConfig", - "sideEffects", - "admissionReviewVersions" + "apiServerInternalIPs", + "ingressIPs" ], "properties": { - "admissionReviewVersions": { - "description": "AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.", + "apiServerInternalIP": { + "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", + "type": "string" + }, + "apiServerInternalIPs": { + "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", "type": "array", "items": { "type": "string", @@ -10814,83 +9920,80 @@ }, "x-kubernetes-list-type": "atomic" }, - "clientConfig": { - "description": "ClientConfig defines how to communicate with the hook. Required", - "default": {}, - "$ref": "#/definitions/WebhookClientConfig.v1.admissionregistration.api.k8s.io" + "cloudName": { + "description": "cloudName is the name of the desired OpenStack cloud in the client configuration file (`clouds.yaml`).", + "type": "string" }, - "failurePolicy": { - "description": "FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.\n\nPossible enum values:\n - `\"Fail\"` means that an error calling the webhook causes the admission to fail.\n - `\"Ignore\"` means that an error calling the webhook is ignored.", + "dnsRecordsType": { + "description": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.\n\nPossible enum values:\n - `\"External\"`\n - `\"Internal\"`", "type": "string", "enum": [ - "Fail", - "Ignore" + "External", + "Internal" ] }, - "matchConditions": { - "description": "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n 1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n 2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n 3. If any matchCondition evaluates to an error (but none are FALSE):\n - If failurePolicy=Fail, reject the request\n - If failurePolicy=Ignore, the error is ignored and the webhook is skipped", + "ingressIP": { + "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", + "type": "string" + }, + "ingressIPs": { + "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/MatchCondition.v1.admissionregistration.api.k8s.io" + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" - }, - "matchPolicy": { - "description": "matchPolicy defines how the \"rules\" list is used to match incoming requests. Allowed values are \"Exact\" or \"Equivalent\".\n\n- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.\n\n- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.\n\nDefaults to \"Equivalent\"\n\nPossible enum values:\n - `\"Equivalent\"` means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version.\n - `\"Exact\"` means requests should only be sent to the webhook if they exactly match a given rule.", - "type": "string", - "enum": [ - "Equivalent", - "Exact" - ] - }, - "name": { - "description": "The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where \"imagepolicy\" is the name of the webhook, and kubernetes.io is the name of the organization. Required.", - "type": "string", - "default": "" - }, - "namespaceSelector": { - "description": "NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"runlevel\",\n \"operator\": \"NotIn\",\n \"values\": [\n \"0\",\n \"1\"\n ]\n }\n ]\n}\n\nIf instead you want to only run the webhook on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"environment\",\n \"operator\": \"In\",\n \"values\": [\n \"prod\",\n \"staging\"\n ]\n }\n ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything.", - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + "x-kubernetes-list-type": "atomic" }, - "objectSelector": { - "description": "ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.", - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + "loadBalancer": { + "description": "loadBalancer defines how the load balancer used by the cluster is configured.", + "default": { + "type": "OpenShiftManagedDefault" + }, + "$ref": "#/definitions/com.github.openshift.api.config.v1.OpenStackPlatformLoadBalancer" }, - "rules": { - "description": "Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.", + "machineNetworks": { + "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/RuleWithOperations.v1.admissionregistration.api.k8s.io" + "type": "string", + "default": "" }, "x-kubernetes-list-type": "atomic" }, - "sideEffects": { - "description": "SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.\n\nPossible enum values:\n - `\"None\"` means that calling the webhook will have no side effects.\n - `\"NoneOnDryRun\"` means that calling the webhook will possibly have side effects, but if the request being reviewed has the dry-run attribute, the side effects will be suppressed.\n - `\"Some\"` means that calling the webhook will possibly have side effects. If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.\n - `\"Unknown\"` means that no information is known about the side effects of calling the webhook. If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.", + "nodeDNSIP": { + "description": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1.OperandVersion": { + "type": "object", + "required": [ + "name", + "version" + ], + "properties": { + "name": { + "description": "name is the name of the particular operand this version is for. It usually matches container images, not operators.", "type": "string", - "enum": [ - "None", - "NoneOnDryRun", - "Some", - "Unknown" - ] + "default": "" }, - "timeoutSeconds": { - "description": "TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.", - "type": "integer", - "format": "int32" + "version": { + "description": "version indicates which version of a particular operand is currently being managed. It must always match the Available operand. If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout 1.1.0", + "type": "string", + "default": "" } } }, - "ValidatingWebhookConfiguration.v1.admissionregistration.api.k8s.io": { - "description": "ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.", + "com.github.openshift.api.config.v1.OperatorHub": { + "description": "OperatorHub is the Schema for the operatorhubs API. It can be used to change the state of the default hub sources for OperatorHub on the cluster from enabled to disabled and vice versa.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "spec", + "status" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -10901,30 +10004,25 @@ "type": "string" }, "metadata": { - "description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "webhooks": { - "description": "Webhooks is a list of webhooks and the affected resources and operations.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/ValidatingWebhook.v1.admissionregistration.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.OperatorHubSpec" + }, + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.OperatorHubStatus" } } }, - "ValidatingWebhookConfigurationList.v1.admissionregistration.api.k8s.io": { - "description": "ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration.", + "com.github.openshift.api.config.v1.OperatorHubList": { + "description": "OperatorHubList contains a list of OperatorHub\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -10933,11 +10031,10 @@ "type": "string" }, "items": { - "description": "List of ValidatingWebhookConfiguration.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/ValidatingWebhookConfiguration.v1.admissionregistration.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.OperatorHub" } }, "kind": { @@ -10945,670 +10042,541 @@ "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "Validation.v1.admissionregistration.api.k8s.io": { - "description": "Validation specifies the CEL expression which is used to apply the validation.", + "com.github.openshift.api.config.v1.OperatorHubSpec": { + "description": "OperatorHubSpec defines the desired state of OperatorHub", "type": "object", - "required": [ - "expression" - ], "properties": { - "expression": { - "description": "Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. - 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object. No other metadata properties are accessible.\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.\nRequired.", - "type": "string", - "default": "" - }, - "message": { - "description": "Message represents the message displayed when validation fails. The message is required if the Expression contains line breaks. The message must not contain line breaks. If unset, the message is \"failed rule: {Rule}\". e.g. \"must be a URL with the host matching spec.host\" If the Expression contains line breaks. Message is required. The message must not contain line breaks. If unset, the message is \"failed Expression: {Expression}\".", - "type": "string" - }, - "messageExpression": { - "description": "messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'. Example: \"object.x must be less than max (\"+string(params.max)+\")\"", - "type": "string" + "disableAllDefaultSources": { + "description": "disableAllDefaultSources allows you to disable all the default hub sources. If this is true, a specific entry in sources can be used to enable a default source. If this is false, a specific entry in sources can be used to disable or enable a default source.", + "type": "boolean" }, - "reason": { - "description": "Reason represents a machine-readable description of why this validation failed. If this is the first validation in the list to fail, this reason, as well as the corresponding HTTP response code, are used in the HTTP response to the client. The currently supported reasons are: \"Unauthorized\", \"Forbidden\", \"Invalid\", \"RequestEntityTooLarge\". If not set, StatusReasonInvalid is used in the response to the client.", - "type": "string" + "sources": { + "description": "sources is the list of default hub sources and their configuration. If the list is empty, it implies that the default hub sources are enabled on the cluster unless disableAllDefaultSources is true. If disableAllDefaultSources is true and sources is not empty, the configuration present in sources will take precedence. The list of default hub sources and their current state will always be reflected in the status block.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.HubSource" + } } } }, - "Variable.v1.admissionregistration.api.k8s.io": { - "description": "Variable is the definition of a variable that is used for composition. A variable is defined as a named expression.", + "com.github.openshift.api.config.v1.OperatorHubStatus": { + "description": "OperatorHubStatus defines the observed state of OperatorHub. The current state of the default hub sources will always be reflected here.", "type": "object", - "required": [ - "name", - "expression" - ], "properties": { - "expression": { - "description": "Expression is the expression that will be evaluated as the value of the variable. The CEL expression has access to the same identifiers as the CEL expressions in Validation.", - "type": "string", - "default": "" - }, - "name": { - "description": "Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables. The variable can be accessed in other expressions through `variables` For example, if name is \"foo\", the variable will be available as `variables.foo`", - "type": "string", - "default": "" - } - }, - "x-kubernetes-map-type": "atomic" - }, - "Volume.v1.core.api.k8s.io": { - "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "awsElasticBlockStore": { - "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "$ref": "#/definitions/AWSElasticBlockStoreVolumeSource.v1.core.api.k8s.io" - }, - "azureDisk": { - "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver.", - "$ref": "#/definitions/AzureDiskVolumeSource.v1.core.api.k8s.io" - }, - "azureFile": { - "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver.", - "$ref": "#/definitions/AzureFileVolumeSource.v1.core.api.k8s.io" - }, - "cephfs": { - "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", - "$ref": "#/definitions/CephFSVolumeSource.v1.core.api.k8s.io" - }, - "cinder": { - "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "$ref": "#/definitions/CinderVolumeSource.v1.core.api.k8s.io" - }, - "configMap": { - "description": "configMap represents a configMap that should populate this volume", - "$ref": "#/definitions/ConfigMapVolumeSource.v1.core.api.k8s.io" - }, - "csi": { - "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", - "$ref": "#/definitions/CSIVolumeSource.v1.core.api.k8s.io" - }, - "downwardAPI": { - "description": "downwardAPI represents downward API about the pod that should populate this volume", - "$ref": "#/definitions/DownwardAPIVolumeSource.v1.core.api.k8s.io" - }, - "emptyDir": { - "description": "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "$ref": "#/definitions/EmptyDirVolumeSource.v1.core.api.k8s.io" - }, - "ephemeral": { - "description": "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed.\n\nUse this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information.\n\nA pod can use both types of ephemeral volumes and persistent volumes at the same time.", - "$ref": "#/definitions/EphemeralVolumeSource.v1.core.api.k8s.io" - }, - "fc": { - "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", - "$ref": "#/definitions/FCVolumeSource.v1.core.api.k8s.io" - }, - "flexVolume": { - "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", - "$ref": "#/definitions/FlexVolumeSource.v1.core.api.k8s.io" - }, - "flocker": { - "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", - "$ref": "#/definitions/FlockerVolumeSource.v1.core.api.k8s.io" - }, - "gcePersistentDisk": { - "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "$ref": "#/definitions/GCEPersistentDiskVolumeSource.v1.core.api.k8s.io" - }, - "gitRepo": { - "description": "gitRepo represents a git repository at a particular revision. Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", - "$ref": "#/definitions/GitRepoVolumeSource.v1.core.api.k8s.io" - }, - "glusterfs": { - "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.", - "$ref": "#/definitions/GlusterfsVolumeSource.v1.core.api.k8s.io" - }, - "hostPath": { - "description": "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "$ref": "#/definitions/HostPathVolumeSource.v1.core.api.k8s.io" - }, - "image": { - "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", - "$ref": "#/definitions/ImageVolumeSource.v1.core.api.k8s.io" - }, - "iscsi": { - "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi", - "$ref": "#/definitions/ISCSIVolumeSource.v1.core.api.k8s.io" - }, - "name": { - "description": "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string", - "default": "" - }, - "nfs": { - "description": "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "$ref": "#/definitions/NFSVolumeSource.v1.core.api.k8s.io" - }, - "persistentVolumeClaim": { - "description": "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "$ref": "#/definitions/PersistentVolumeClaimVolumeSource.v1.core.api.k8s.io" - }, - "photonPersistentDisk": { - "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", - "$ref": "#/definitions/PhotonPersistentDiskVolumeSource.v1.core.api.k8s.io" - }, - "portworxVolume": { - "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on.", - "$ref": "#/definitions/PortworxVolumeSource.v1.core.api.k8s.io" - }, - "projected": { - "description": "projected items for all in one resources secrets, configmaps, and downward API", - "$ref": "#/definitions/ProjectedVolumeSource.v1.core.api.k8s.io" - }, - "quobyte": { - "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", - "$ref": "#/definitions/QuobyteVolumeSource.v1.core.api.k8s.io" - }, - "rbd": { - "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported.", - "$ref": "#/definitions/RBDVolumeSource.v1.core.api.k8s.io" - }, - "scaleIO": { - "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", - "$ref": "#/definitions/ScaleIOVolumeSource.v1.core.api.k8s.io" - }, - "secret": { - "description": "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "$ref": "#/definitions/SecretVolumeSource.v1.core.api.k8s.io" - }, - "storageos": { - "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", - "$ref": "#/definitions/StorageOSVolumeSource.v1.core.api.k8s.io" - }, - "vsphereVolume": { - "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver.", - "$ref": "#/definitions/VsphereVirtualDiskVolumeSource.v1.core.api.k8s.io" + "sources": { + "description": "sources encapsulates the result of applying the configuration for each hub source", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.HubSourceStatus" + } } } }, - "VolumeDevice.v1.core.api.k8s.io": { - "description": "volumeDevice describes a mapping of a raw block device within a container.", + "com.github.openshift.api.config.v1.OvirtPlatformLoadBalancer": { + "description": "OvirtPlatformLoadBalancer defines the load balancer used by the cluster on Ovirt platform.", "type": "object", - "required": [ - "name", - "devicePath" - ], "properties": { - "devicePath": { - "description": "devicePath is the path inside of the container that the device will be mapped to.", - "type": "string", - "default": "" - }, - "name": { - "description": "name must match the name of a persistentVolumeClaim in the pod", + "type": { + "description": "type defines the type of load balancer used by the cluster on Ovirt platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", "type": "string", - "default": "" + "default": "OpenShiftManagedDefault" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": {} + } + ] }, - "VolumeMount.v1.core.api.k8s.io": { - "description": "VolumeMount describes a mounting of a Volume within a container.", + "com.github.openshift.api.config.v1.OvirtPlatformSpec": { + "description": "OvirtPlatformSpec holds the desired state of the oVirt infrastructure provider. This only includes fields that can be modified in the cluster.", + "type": "object" + }, + "com.github.openshift.api.config.v1.OvirtPlatformStatus": { + "description": "OvirtPlatformStatus holds the current status of the oVirt infrastructure provider.", "type": "object", "required": [ - "name", - "mountPath" + "apiServerInternalIPs", + "ingressIPs" ], "properties": { - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", - "type": "string", - "default": "" + "apiServerInternalIP": { + "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", + "type": "string" }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).\n\nPossible enum values:\n - `\"Bidirectional\"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume (\"rshared\" in Linux terminology).\n - `\"HostToContainer\"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume (\"rslave\" in Linux terminology).\n - `\"None\"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to \"private\" in Linux terminology.", + "apiServerInternalIPs": { + "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" + }, + "dnsRecordsType": { + "description": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.\n\nPossible enum values:\n - `\"External\"`\n - `\"Internal\"`", "type": "string", "enum": [ - "Bidirectional", - "HostToContainer", - "None" + "External", + "Internal" ] }, - "name": { - "description": "This must match the Name of a Volume.", - "type": "string", - "default": "" - }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", - "type": "boolean" - }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled recursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "ingressIP": { + "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", "type": "string" }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", - "type": "string" + "ingressIPs": { + "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.", + "loadBalancer": { + "description": "loadBalancer defines how the load balancer used by the cluster is configured.", + "default": { + "type": "OpenShiftManagedDefault" + }, + "$ref": "#/definitions/com.github.openshift.api.config.v1.OvirtPlatformLoadBalancer" + }, + "nodeDNSIP": { + "description": "deprecated: as of 4.6, this field is no longer set or honored. It will be removed in a future release.", "type": "string" } } }, - "VolumeMountStatus.v1.core.api.k8s.io": { - "description": "VolumeMountStatus shows status of volume mounts.", + "com.github.openshift.api.config.v1.PKICertificateSubject": { + "description": "PKICertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", "type": "object", - "required": [ - "name", - "mountPath" - ], "properties": { - "mountPath": { - "description": "MountPath corresponds to the original VolumeMount.", - "type": "string", - "default": "" - }, - "name": { - "description": "Name corresponds to the name of the original VolumeMount.", - "type": "string", - "default": "" - }, - "readOnly": { - "description": "ReadOnly corresponds to the original VolumeMount.", - "type": "boolean" + "email": { + "description": "email specifies the expected email address imposed on the subject to which the certificate was issued, and must match the email address listed in the Subject Alternative Name (SAN) field of the certificate. The email must be a valid email address and at most 320 characters in length.", + "type": "string" }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly must be set to Disabled, Enabled, or unspecified (for non-readonly mounts). An IfPossible value in the original VolumeMount must be translated to Disabled or Enabled, depending on the mount result.", + "hostname": { + "description": "hostname specifies the expected hostname imposed on the subject to which the certificate was issued, and it must match the hostname listed in the Subject Alternative Name (SAN) DNS field of the certificate. The hostname must be a valid dns 1123 subdomain name, optionally prefixed by '*.', and at most 253 characters in length. It must consist only of lowercase alphanumeric characters, hyphens, periods and the optional preceding asterisk.", "type": "string" } } }, - "VolumeNodeAffinity.v1.core.api.k8s.io": { - "description": "VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from.", - "type": "object", - "properties": { - "required": { - "description": "required specifies hard node constraints that must be met.", - "$ref": "#/definitions/NodeSelector.v1.core.api.k8s.io" - } - } - }, - "VolumeProjection.v1.core.api.k8s.io": { - "description": "Projection that may be projected along with other supported volume types. Exactly one of these fields must be set.", + "com.github.openshift.api.config.v1.PersistentVolumeClaimReference": { + "description": "PersistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", "type": "object", + "required": [ + "name" + ], "properties": { - "clusterTrustBundle": { - "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time.", - "$ref": "#/definitions/ClusterTrustBundleProjection.v1.core.api.k8s.io" - }, - "configMap": { - "description": "configMap information about the configMap data to project", - "$ref": "#/definitions/ConfigMapProjection.v1.core.api.k8s.io" - }, - "downwardAPI": { - "description": "downwardAPI information about the downwardAPI data to project", - "$ref": "#/definitions/DownwardAPIProjection.v1.core.api.k8s.io" - }, - "podCertificate": { - "description": "Projects an auto-rotating credential bundle (private key and certificate chain) that the pod can use either as a TLS client or server.\n\nKubelet generates a private key and uses it to send a PodCertificateRequest to the named signer. Once the signer approves the request and issues a certificate chain, Kubelet writes the key and certificate chain to the pod filesystem. The pod does not start until certificates have been issued for each podCertificate projected volume source in its spec.\n\nKubelet will begin trying to rotate the certificate at the time indicated by the signer using the PodCertificateRequest.Status.BeginRefreshAt timestamp.\n\nKubelet can write a single file, indicated by the credentialBundlePath field, or separate files, indicated by the keyPath and certificateChainPath fields.\n\nThe credential bundle is a single file in PEM format. The first PEM entry is the private key (in PKCS#8 format), and the remaining PEM entries are the certificate chain issued by the signer (typically, signers will return their certificate chain in leaf-to-root order).\n\nPrefer using the credential bundle format, since your application code can read it atomically. If you use keyPath and certificateChainPath, your application must make two separate file reads. If these coincide with a certificate rotation, it is possible that the private key and leaf certificate you read may not correspond to each other. Your application will need to check for this condition, and re-read until they are consistent.\n\nThe named signer controls chooses the format of the certificate it issues; consult the signer implementation's documentation to learn how to use the certificates it issues.", - "$ref": "#/definitions/PodCertificateProjection.v1.core.api.k8s.io" - }, - "secret": { - "description": "secret information about the secret data to project", - "$ref": "#/definitions/SecretProjection.v1.core.api.k8s.io" - }, - "serviceAccountToken": { - "description": "serviceAccountToken is information about the serviceAccountToken data to project", - "$ref": "#/definitions/ServiceAccountTokenProjection.v1.core.api.k8s.io" + "name": { + "description": "name is the name of the PersistentVolumeClaim that will be used to store the Insights data archive. It is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", + "type": "string" } } }, - "VolumeResourceRequirements.v1.core.api.k8s.io": { - "description": "VolumeResourceRequirements describes the storage resource requirements for a volume.", + "com.github.openshift.api.config.v1.PersistentVolumeConfig": { + "description": "PersistentVolumeConfig provides configuration options for PersistentVolume storage.", "type": "object", + "required": [ + "claim" + ], "properties": { - "limits": { - "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" - } + "claim": { + "description": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.PersistentVolumeClaimReference" }, - "requests": { - "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" - } + "mountPath": { + "description": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", + "type": "string" } } }, - "VolumeSource.v1.core.api.k8s.io": { - "description": "Represents the source of a volume to mount. Only one of its members may be specified.", + "com.github.openshift.api.config.v1.PlatformSpec": { + "description": "PlatformSpec holds the desired state specific to the underlying infrastructure provider of the current cluster. Since these are used at spec-level for the underlying cluster, it is supposed that only one of the spec structs is set.", "type": "object", + "required": [ + "type" + ], "properties": { - "awsElasticBlockStore": { - "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "$ref": "#/definitions/AWSElasticBlockStoreVolumeSource.v1.core.api.k8s.io" - }, - "azureDisk": { - "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver.", - "$ref": "#/definitions/AzureDiskVolumeSource.v1.core.api.k8s.io" + "alibabaCloud": { + "description": "alibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.AlibabaCloudPlatformSpec" }, - "azureFile": { - "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver.", - "$ref": "#/definitions/AzureFileVolumeSource.v1.core.api.k8s.io" + "aws": { + "description": "aws contains settings specific to the Amazon Web Services infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSPlatformSpec" }, - "cephfs": { - "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", - "$ref": "#/definitions/CephFSVolumeSource.v1.core.api.k8s.io" + "azure": { + "description": "azure contains settings specific to the Azure infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.AzurePlatformSpec" }, - "cinder": { - "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "$ref": "#/definitions/CinderVolumeSource.v1.core.api.k8s.io" + "baremetal": { + "description": "baremetal contains settings specific to the BareMetal platform.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.BareMetalPlatformSpec" }, - "configMap": { - "description": "configMap represents a configMap that should populate this volume", - "$ref": "#/definitions/ConfigMapVolumeSource.v1.core.api.k8s.io" + "equinixMetal": { + "description": "equinixMetal contains settings specific to the Equinix Metal infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.EquinixMetalPlatformSpec" }, - "csi": { - "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", - "$ref": "#/definitions/CSIVolumeSource.v1.core.api.k8s.io" + "external": { + "description": "ExternalPlatformType represents generic infrastructure provider. Platform-specific components should be supplemented separately.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.ExternalPlatformSpec" }, - "downwardAPI": { - "description": "downwardAPI represents downward API about the pod that should populate this volume", - "$ref": "#/definitions/DownwardAPIVolumeSource.v1.core.api.k8s.io" + "gcp": { + "description": "gcp contains settings specific to the Google Cloud Platform infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.GCPPlatformSpec" }, - "emptyDir": { - "description": "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "$ref": "#/definitions/EmptyDirVolumeSource.v1.core.api.k8s.io" + "ibmcloud": { + "description": "ibmcloud contains settings specific to the IBMCloud infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.IBMCloudPlatformSpec" }, - "ephemeral": { - "description": "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed.\n\nUse this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information.\n\nA pod can use both types of ephemeral volumes and persistent volumes at the same time.", - "$ref": "#/definitions/EphemeralVolumeSource.v1.core.api.k8s.io" + "kubevirt": { + "description": "kubevirt contains settings specific to the kubevirt infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.KubevirtPlatformSpec" }, - "fc": { - "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", - "$ref": "#/definitions/FCVolumeSource.v1.core.api.k8s.io" + "nutanix": { + "description": "nutanix contains settings specific to the Nutanix infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixPlatformSpec" }, - "flexVolume": { - "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", - "$ref": "#/definitions/FlexVolumeSource.v1.core.api.k8s.io" + "openstack": { + "description": "openstack contains settings specific to the OpenStack infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.OpenStackPlatformSpec" }, - "flocker": { - "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", - "$ref": "#/definitions/FlockerVolumeSource.v1.core.api.k8s.io" + "ovirt": { + "description": "ovirt contains settings specific to the oVirt infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.OvirtPlatformSpec" }, - "gcePersistentDisk": { - "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "$ref": "#/definitions/GCEPersistentDiskVolumeSource.v1.core.api.k8s.io" + "powervs": { + "description": "powervs contains settings specific to the IBM Power Systems Virtual Servers infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.PowerVSPlatformSpec" }, - "gitRepo": { - "description": "gitRepo represents a git repository at a particular revision. Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", - "$ref": "#/definitions/GitRepoVolumeSource.v1.core.api.k8s.io" + "type": { + "description": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"IBMCloud\", \"KubeVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\", \"External\", and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", + "type": "string", + "default": "" }, - "glusterfs": { - "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.", - "$ref": "#/definitions/GlusterfsVolumeSource.v1.core.api.k8s.io" + "vsphere": { + "description": "vsphere contains settings specific to the VSphere infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformSpec" + } + } + }, + "com.github.openshift.api.config.v1.PlatformStatus": { + "description": "PlatformStatus holds the current status specific to the underlying infrastructure provider of the current cluster. Since these are used at status-level for the underlying cluster, it is supposed that only one of the status structs is set.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "alibabaCloud": { + "description": "alibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.AlibabaCloudPlatformStatus" }, - "hostPath": { - "description": "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "$ref": "#/definitions/HostPathVolumeSource.v1.core.api.k8s.io" + "aws": { + "description": "aws contains settings specific to the Amazon Web Services infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSPlatformStatus" }, - "image": { - "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", - "$ref": "#/definitions/ImageVolumeSource.v1.core.api.k8s.io" + "azure": { + "description": "azure contains settings specific to the Azure infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.AzurePlatformStatus" }, - "iscsi": { - "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi", - "$ref": "#/definitions/ISCSIVolumeSource.v1.core.api.k8s.io" + "baremetal": { + "description": "baremetal contains settings specific to the BareMetal platform.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.BareMetalPlatformStatus" }, - "nfs": { - "description": "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "$ref": "#/definitions/NFSVolumeSource.v1.core.api.k8s.io" + "equinixMetal": { + "description": "equinixMetal contains settings specific to the Equinix Metal infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.EquinixMetalPlatformStatus" }, - "persistentVolumeClaim": { - "description": "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "$ref": "#/definitions/PersistentVolumeClaimVolumeSource.v1.core.api.k8s.io" + "external": { + "description": "external contains settings specific to the generic External infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.ExternalPlatformStatus" }, - "photonPersistentDisk": { - "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", - "$ref": "#/definitions/PhotonPersistentDiskVolumeSource.v1.core.api.k8s.io" + "gcp": { + "description": "gcp contains settings specific to the Google Cloud Platform infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.GCPPlatformStatus" }, - "portworxVolume": { - "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on.", - "$ref": "#/definitions/PortworxVolumeSource.v1.core.api.k8s.io" + "ibmcloud": { + "description": "ibmcloud contains settings specific to the IBMCloud infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.IBMCloudPlatformStatus" }, - "projected": { - "description": "projected items for all in one resources secrets, configmaps, and downward API", - "$ref": "#/definitions/ProjectedVolumeSource.v1.core.api.k8s.io" + "kubevirt": { + "description": "kubevirt contains settings specific to the kubevirt infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.KubevirtPlatformStatus" }, - "quobyte": { - "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", - "$ref": "#/definitions/QuobyteVolumeSource.v1.core.api.k8s.io" + "nutanix": { + "description": "nutanix contains settings specific to the Nutanix infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixPlatformStatus" }, - "rbd": { - "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported.", - "$ref": "#/definitions/RBDVolumeSource.v1.core.api.k8s.io" + "openstack": { + "description": "openstack contains settings specific to the OpenStack infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.OpenStackPlatformStatus" }, - "scaleIO": { - "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", - "$ref": "#/definitions/ScaleIOVolumeSource.v1.core.api.k8s.io" + "ovirt": { + "description": "ovirt contains settings specific to the oVirt infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.OvirtPlatformStatus" }, - "secret": { - "description": "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "$ref": "#/definitions/SecretVolumeSource.v1.core.api.k8s.io" + "powervs": { + "description": "powervs contains settings specific to the Power Systems Virtual Servers infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.PowerVSPlatformStatus" }, - "storageos": { - "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", - "$ref": "#/definitions/StorageOSVolumeSource.v1.core.api.k8s.io" + "type": { + "description": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.\n\nThis value will be synced with to the `status.platform` and `status.platformStatus.type`. Currently this value cannot be changed once set.", + "type": "string", + "default": "" }, - "vsphereVolume": { - "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver.", - "$ref": "#/definitions/VsphereVirtualDiskVolumeSource.v1.core.api.k8s.io" + "vsphere": { + "description": "vsphere contains settings specific to the VSphere infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformStatus" } } }, - "VsphereVirtualDiskVolumeSource.v1.core.api.k8s.io": { - "description": "Represents a vSphere volume resource.", + "com.github.openshift.api.config.v1.PolicyFulcioSubject": { + "description": "PolicyFulcioSubject defines the OIDC issuer and the email of the Fulcio authentication configuration.", "type": "object", "required": [ - "volumePath" + "oidcIssuer", + "signedEmail" ], "properties": { - "fsType": { - "description": "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "storagePolicyID": { - "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", - "type": "string" - }, - "storagePolicyName": { - "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", - "type": "string" + "oidcIssuer": { + "description": "oidcIssuer is a required filed contains the expected OIDC issuer. The oidcIssuer must be a valid URL and at most 2048 characters in length. It will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL. When Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token. Example: \"https://expected.OIDC.issuer/\"", + "type": "string", + "default": "" }, - "volumePath": { - "description": "volumePath is the path that identifies vSphere volume vmdk", + "signedEmail": { + "description": "signedEmail is a required field holds the email address that the Fulcio certificate is issued for. The signedEmail must be a valid email address and at most 320 characters in length. Example: \"expected-signing-user@example.com\"", "type": "string", "default": "" } } }, - "WatchEvent.v1.meta.apis.pkg.apimachinery.k8s.io": { - "description": "Event represents a single event to a watched resource.", + "com.github.openshift.api.config.v1.PolicyIdentity": { + "description": "PolicyIdentity defines image identity the signature claims about the image. When omitted, the default matchPolicy is \"MatchRepoDigestOrExact\".", "type": "object", "required": [ - "type", - "object" + "matchPolicy" ], "properties": { - "object": { - "description": "Object is:\n * If Type is Added or Modified: the new state of the object.\n * If Type is Deleted: the state of the object immediately before deletion.\n * If Type is Error: *Status is recommended; other types may make sense\n depending on context.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "exactRepository": { + "description": "exactRepository specifies the repository that must be exactly matched by the identity in the signature. exactRepository is required if matchPolicy is set to \"ExactRepository\". It is used to verify that the signature claims an identity matching this exact repository, rather than the original image identity.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyMatchExactRepository" }, - "type": { + "matchPolicy": { + "description": "matchPolicy is a required filed specifies matching strategy to verify the image identity in the signature against the image scope. Allowed values are \"MatchRepoDigestOrExact\", \"MatchRepository\", \"ExactRepository\", \"RemapIdentity\". When omitted, the default value is \"MatchRepoDigestOrExact\". When set to \"MatchRepoDigestOrExact\", the identity in the signature must be in the same repository as the image identity if the image identity is referenced by a digest. Otherwise, the identity in the signature must be the same as the image identity. When set to \"MatchRepository\", the identity in the signature must be in the same repository as the image identity. When set to \"ExactRepository\", the exactRepository must be specified. The identity in the signature must be in the same repository as a specific identity specified by \"repository\". When set to \"RemapIdentity\", the remapIdentity must be specified. The signature must be in the same as the remapped image identity. Remapped image identity is obtained by replacing the \"prefix\" with the specified “signedPrefix” if the the image identity matches the specified remapPrefix.", "type": "string", "default": "" + }, + "remapIdentity": { + "description": "remapIdentity specifies the prefix remapping rule for verifying image identity. remapIdentity is required if matchPolicy is set to \"RemapIdentity\". It is used to verify that the signature claims a different registry/repository prefix than the original image.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyMatchRemapIdentity" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "matchPolicy", + "fields-to-discriminateBy": { + "exactRepository": "PolicyMatchExactRepository", + "remapIdentity": "PolicyMatchRemapIdentity" + } + } + ] }, - "WebhookClientConfig.v1.admissionregistration.api.k8s.io": { - "description": "WebhookClientConfig contains the information to make a TLS connection with the webhook", + "com.github.openshift.api.config.v1.PolicyMatchExactRepository": { "type": "object", + "required": [ + "repository" + ], "properties": { - "caBundle": { - "description": "`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.", + "repository": { + "description": "repository is the reference of the image identity to be matched. repository is required if matchPolicy is set to \"ExactRepository\". The value should be a repository name (by omitting the tag or digest) in a registry implementing the \"Docker Registry HTTP API V2\". For example, docker.io/library/busybox", "type": "string", - "format": "byte" - }, - "service": { - "description": "`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.\n\nIf the webhook is running within the cluster, then you should use `service`.", - "$ref": "#/definitions/ServiceReference.v1.admissionregistration.api.k8s.io" - }, - "url": { - "description": "`url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.\n\nThe `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.\n\nPlease note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.\n\nThe scheme must be \"https\"; the URL must begin with \"https://\".\n\nA path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.\n\nAttempting to use a user or basic auth e.g. \"user:password@\" is not allowed. Fragments (\"#...\") and query parameters (\"?...\") are not allowed, either.", - "type": "string" + "default": "" } } }, - "WeightedPodAffinityTerm.v1.core.api.k8s.io": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "com.github.openshift.api.config.v1.PolicyMatchRemapIdentity": { "type": "object", "required": [ - "weight", - "podAffinityTerm" + "prefix", + "signedPrefix" ], "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "default": {}, - "$ref": "#/definitions/PodAffinityTerm.v1.core.api.k8s.io" + "prefix": { + "description": "prefix is required if matchPolicy is set to \"RemapIdentity\". prefix is the prefix of the image identity to be matched. If the image identity matches the specified prefix, that prefix is replaced by the specified “signedPrefix” (otherwise it is used as unchanged and no remapping takes place). This is useful when verifying signatures for a mirror of some other repository namespace that preserves the vendor’s repository structure. The prefix and signedPrefix values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", + "type": "string", + "default": "" }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", - "type": "integer", - "format": "int32", - "default": 0 + "signedPrefix": { + "description": "signedPrefix is required if matchPolicy is set to \"RemapIdentity\". signedPrefix is the prefix of the image identity to be matched in the signature. The format is the same as \"prefix\". The values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", + "type": "string", + "default": "" } } }, - "WindowsSecurityContextOptions.v1.core.api.k8s.io": { - "description": "WindowsSecurityContextOptions contain Windows-specific options and credentials.", + "com.github.openshift.api.config.v1.PolicyRootOfTrust": { + "description": "PolicyRootOfTrust defines the root of trust based on the selected policyType.", "type": "object", + "required": [ + "policyType" + ], "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", - "type": "string" + "fulcioCAWithRekor": { + "description": "fulcioCAWithRekor defines the root of trust configuration based on the Fulcio certificate and the Rekor public key. fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise For more information about Fulcio and Rekor, please refer to the document at: https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor", + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicyFulcioCAWithRekorRootOfTrust" }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", - "type": "string" + "pki": { + "description": "pki defines the root of trust configuration based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates. pki is required when policyType is PKI, and forbidden otherwise.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicyPKIRootOfTrust" }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" + "policyType": { + "description": "policyType is a required field specifies the type of the policy for verification. This field must correspond to how the policy was generated. Allowed values are \"PublicKey\", \"FulcioCAWithRekor\", and \"PKI\". When set to \"PublicKey\", the policy relies on a sigstore publicKey and may optionally use a Rekor verification. When set to \"FulcioCAWithRekor\", the policy is based on the Fulcio certification and incorporates a Rekor verification. When set to \"PKI\", the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI).", + "type": "string", + "default": "" }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" + "publicKey": { + "description": "publicKey defines the root of trust configuration based on a sigstore public key. Optionally include a Rekor public key for Rekor verification. publicKey is required when policyType is PublicKey, and forbidden otherwise.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicyPublicKeyRootOfTrust" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "policyType", + "fields-to-discriminateBy": { + "fulcioCAWithRekor": "FulcioCAWithRekor", + "pki": "PKI", + "publicKey": "PublicKey" + } + } + ] + }, + "com.github.openshift.api.config.v1.PowerVSPlatformSpec": { + "description": "PowerVSPlatformSpec holds the desired state of the IBM Power Systems Virtual Servers infrastructure provider. This only includes fields that can be modified in the cluster.", + "type": "object", + "properties": { + "serviceEndpoints": { + "description": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.PowerVSServiceEndpoint" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } } }, - "WorkloadReference.v1.core.api.k8s.io": { - "description": "WorkloadReference identifies the Workload object and PodGroup membership that a Pod belongs to. The scheduler uses this information to apply workload-aware scheduling semantics.", + "com.github.openshift.api.config.v1.PowerVSPlatformStatus": { + "description": "PowerVSPlatformStatus holds the current status of the IBM Power Systems Virtual Servers infrastrucutre provider.", "type": "object", "required": [ - "name", - "podGroup" + "region", + "zone" ], "properties": { - "name": { - "description": "Name defines the name of the Workload object this Pod belongs to. Workload must be in the same namespace as the Pod. If it doesn't match any existing Workload, the Pod will remain unschedulable until a Workload object is created and observed by the kube-scheduler. It must be a DNS subdomain.", + "cisInstanceCRN": { + "description": "cisInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain", + "type": "string" + }, + "dnsInstanceCRN": { + "description": "dnsInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain", + "type": "string" + }, + "region": { + "description": "region holds the default Power VS region for new Power VS resources created by the cluster.", "type": "string", "default": "" }, - "podGroup": { - "description": "PodGroup is the name of the PodGroup within the Workload that this Pod belongs to. If it doesn't match any existing PodGroup within the Workload, the Pod will remain unschedulable until the Workload object is recreated and observed by the kube-scheduler. It must be a DNS label.", + "resourceGroup": { + "description": "resourceGroup is the resource group name for new IBMCloud resources created for a cluster. The resource group specified here will be used by cluster-image-registry-operator to set up a COS Instance in IBMCloud for the cluster registry. More about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs. When omitted, the image registry operator won't be able to configure storage, which results in the image registry cluster operator not being in an available state.", "type": "string", "default": "" }, - "podGroupReplicaKey": { - "description": "PodGroupReplicaKey specifies the replica key of the PodGroup to which this Pod belongs. It is used to distinguish pods belonging to different replicas of the same pod group. The pod group policy is applied separately to each replica. When set, it must be a DNS label.", - "type": "string" + "serviceEndpoints": { + "description": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.PowerVSServiceEndpoint" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "zone": { + "description": "zone holds the default zone for the new Power VS resources created by the cluster. Note: Currently only single-zone OCP clusters are supported", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.apiextensions.v1alpha1.APIExcludedField": { - "description": "APIExcludedField describes a field in the schema which will not be validated by crdSchemaValidation or objectSchemaValidation.", + "com.github.openshift.api.config.v1.PowerVSServiceEndpoint": { + "description": "PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services.", "type": "object", "required": [ - "path", - "versions" + "name", + "url" ], "properties": { - "path": { - "description": "path is the path to the field in the schema. Paths are dot-separated field names (e.g., \"fieldA.fieldB.fieldC\") representing nested object fields. If part of the path is a slice (e.g., \"status.conditions\") the remaining path is applied to all items in the slice (e.g., \"status.conditions.lastTransitionTimestamp\"). Each field name must be a valid Kubernetes CRD field name: start with a letter, contain only letters, digits, and underscores, and be between 1 and 63 characters in length. A path may contain at most 16 fields.", - "type": "string" + "name": { + "description": "name is the name of the Power VS service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller Power Cloud - https://cloud.ibm.com/apidocs/power-cloud", + "type": "string", + "default": "" }, - "versions": { - "description": "versions are the API versions the field is excluded from. When not specified, the field is excluded from all versions.\n\nEach item must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character. At most 32 versions may be specified.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" + "url": { + "description": "url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.apiextensions.v1alpha1.APIVersions": { - "description": "APIVersions specifies a set of API versions of a CRD.", + "com.github.openshift.api.config.v1.PrefixedClaimMapping": { + "description": "PrefixedClaimMapping configures a claim mapping that allows for an optional prefix.", "type": "object", "required": [ - "defaultSelection" + "claim" ], "properties": { - "additionalVersions": { - "description": "additionalVersions specifies a set api versions to require in addition to the default selection. It is explicitly permitted to specify a version in additionalVersions which was also selected by the default selection. The selections will be merged and deduplicated.\n\nEach item must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character.// with an alphabetic character and end with an alphanumeric character. At most 32 additional versions may be specified.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" + "claim": { + "description": "claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping.", + "type": "string", + "default": "" }, - "defaultSelection": { - "description": "defaultSelection specifies a method for automatically selecting a set of versions to require.\n\nValid options are StorageOnly and AllServed. When set to StorageOnly, only the storage version is selected for compatibility assessment. When set to AllServed, all served versions are selected for compatibility assessment.\n\nThis field is required.", - "type": "string" + "prefix": { + "description": "prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes.\n\nWhen omitted (\"\"), no prefix is applied to the cluster identity attribute.\n\nExample: if `prefix` is set to \"myoidc:\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\".", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.apiextensions.v1alpha1.CRDData": { - "description": "CRDData contains the complete definition of a CRD.", + "com.github.openshift.api.config.v1.ProfileCustomizations": { + "description": "ProfileCustomizations contains various parameters for modifying the default behavior of certain profiles", "type": "object", - "required": [ - "type", - "data" - ], "properties": { - "data": { - "description": "data contains the complete definition of the CRD. This field must be in the format specified by the type field. It may not be longer than 1572864 characters. This field is required.", - "type": "string" - }, - "type": { - "description": "type indicates the type of the CRD data. The only supported type is \"YAML\". This field is required.", - "type": "string" + "dynamicResourceAllocation": { + "description": "dynamicResourceAllocation allows to enable or disable dynamic resource allocation within the scheduler. Dynamic resource allocation is an API for requesting and sharing resources between pods and containers inside a pod. Third-party resource drivers are responsible for tracking and allocating resources. Different kinds of resources support arbitrary parameters for defining requirements and initialization. Valid values are Enabled, Disabled and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is Disabled.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirement": { - "description": "CompatibilityRequirement expresses a set of requirements on a target CRD. It is used to ensure compatibility between different actors using the same CRD.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.Project": { + "description": "Project holds cluster-wide information about Project. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "metadata", "spec" ], "properties": { @@ -11623,34 +10591,37 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec is the specification of the desired behavior of the Compatibility Requirement.", + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirementSpec" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ProjectSpec" }, "status": { - "description": "status is the most recently observed status of the Compatibility Requirement.", + "description": "status holds observed values from the cluster. They may not be overridden.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirementStatus" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ProjectStatus" } } }, - "com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirementList": { - "description": "CompatibilityRequirementList is a collection of CompatibilityRequirements.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.ProjectList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "items": { - "description": "items is a list of CompatibilityRequirements.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirement" + "$ref": "#/definitions/com.github.openshift.api.config.v1.Project" } }, "kind": { @@ -11660,167 +10631,45 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirementSpec": { - "description": "CompatibilityRequirementSpec is the specification of the desired behavior of the Compatibility Requirement.", - "type": "object", - "required": [ - "compatibilitySchema" - ], - "properties": { - "compatibilitySchema": { - "description": "compatibilitySchema defines the schema used by customResourceDefinitionSchemaValidation and objectSchemaValidation. This field is required.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.CompatibilitySchema" - }, - "customResourceDefinitionSchemaValidation": { - "description": "customResourceDefinitionSchemaValidation ensures that updates to the installed CRD are compatible with this compatibility requirement. If not specified, admission of the target CRD will not be validated. This field is optional.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.CustomResourceDefinitionSchemaValidation" - }, - "objectSchemaValidation": { - "description": "objectSchemaValidation ensures that matching resources conform to compatibilitySchema. If not specified, admission of matching resources will not be validated. This field is optional.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.ObjectSchemaValidation" - } - } - }, - "com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirementStatus": { - "description": "CompatibilityRequirementStatus defines the observed status of the Compatibility Requirement.", - "type": "object", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status. Known condition types are Progressing, Admitted, and Compatible.\n\nThe Progressing condition indicates if reconciliation of a CompatibilityRequirement is still progressing or has finished.\n\nThe Admitted condition indicates if the validating webhook has been configured.\n\nThe Compatible condition indicates if the observed CRD is compatible with the requirement.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "crdName": { - "description": "crdName is the name of the target CRD. The target CRD is not required to exist, as we may legitimately place requirements on it before it is created. The observed CRD is given in status.observedCRD, which will be empty if no CRD is observed. When present, must be between 1 and 253 characters and conform to RFC 1123 subdomain format: lowercase alphanumeric characters, '-' or '.', starting and ending with alphanumeric characters. When not specified, the requirement applies to any CRD name discovered from the compatibility schema. This field is optional. Once set, the value cannot be changed and must always remain set.", - "type": "string" - }, - "observedCRD": { - "description": "observedCRD documents the uid and generation of the CRD object when the current status was written. This field will be omitted if the target CRD does not exist or could not be retrieved.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.ObservedCRD" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.apiextensions.v1alpha1.CompatibilitySchema": { - "description": "CompatibilitySchema defines the schema used by crdSchemaValidation and objectSchemaValidation.", + "com.github.openshift.api.config.v1.ProjectSpec": { + "description": "ProjectSpec holds the project creation configuration.", "type": "object", - "required": [ - "customResourceDefinition", - "requiredVersions" - ], "properties": { - "customResourceDefinition": { - "description": "customResourceDefinition contains the complete definition of the CRD for schema and object validation purposes. This field is required.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.CRDData" - }, - "excludedFields": { - "description": "excludedFields is a set of fields in the schema which will not be validated by crdSchemaValidation or objectSchemaValidation. The list may contain at most 64 fields. Each path in the list must be unique. When not specified, all fields in the schema will be validated.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.APIExcludedField" - }, - "x-kubernetes-list-type": "atomic" + "projectRequestMessage": { + "description": "projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint", + "type": "string", + "default": "" }, - "requiredVersions": { - "description": "requiredVersions specifies a subset of the CRD's API versions which will be asserted for compatibility. This field is required.", + "projectRequestTemplate": { + "description": "projectRequestTemplate is the template to use for creating projects in response to projectrequest. This must point to a template in 'openshift-config' namespace. It is optional. If it is not specified, a default template is used.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.APIVersions" + "$ref": "#/definitions/com.github.openshift.api.config.v1.TemplateReference" } } }, - "com.github.openshift.api.apiextensions.v1alpha1.CustomResourceDefinitionSchemaValidation": { - "description": "CustomResourceDefinitionSchemaValidation ensures that updates to the installed CRD are compatible with this compatibility requirement.", - "type": "object", - "required": [ - "action" - ], - "properties": { - "action": { - "description": "action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). Valid options are Deny and Warn. When set to Deny, incompatible CRDs will be rejected and not admitted to the cluster. When set to Warn, incompatible CRDs will be allowed but a warning will be generated in the API response. This field is required.\n\nPossible enum values:\n - `\"Deny\"` means that incompatible CRDs will be rejected.\n - `\"Warn\"` means that incompatible CRDs will be allowed but a warning will be generated.", - "type": "string", - "enum": [ - "Deny", - "Warn" - ] - } - } + "com.github.openshift.api.config.v1.ProjectStatus": { + "type": "object" }, - "com.github.openshift.api.apiextensions.v1alpha1.ObjectSchemaValidation": { - "description": "ObjectSchemaValidation ensures that matching objects conform to the compatibilitySchema.", + "com.github.openshift.api.config.v1.PromQLClusterCondition": { + "description": "PromQLClusterCondition represents a cluster condition based on PromQL.", "type": "object", "required": [ - "action" + "promql" ], "properties": { - "action": { - "description": "action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). Valid options are Deny and Warn. When set to Deny, incompatible Objects will be rejected and not admitted to the cluster. When set to Warn, incompatible Objects will be allowed but a warning will be generated in the API response. This field is required.\n\nPossible enum values:\n - `\"Deny\"` means that incompatible CRDs will be rejected.\n - `\"Warn\"` means that incompatible CRDs will be allowed but a warning will be generated.", + "promql": { + "description": "promql is a PromQL query classifying clusters. This query query should return a 1 in the match case and a 0 in the does-not-match case. Queries which return no time series, or which return values besides 0 or 1, are evaluation failures.", "type": "string", - "enum": [ - "Deny", - "Warn" - ] - }, - "matchConditions": { - "description": "matchConditions defines the matchConditions field of the resulting ValidatingWebhookConfiguration. When present, must contain between 1 and 64 match conditions. When not specified, the webhook will match all requests according to its other selectors.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/MatchCondition.v1.admissionregistration.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "namespaceSelector": { - "description": "namespaceSelector defines a label selector for namespaces. If defined, only objects in a namespace with matching labels will be subject to validation. When not specified, objects for validation will not be filtered by namespace.", - "default": {}, - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "objectSelector": { - "description": "objectSelector defines a label selector for objects. If defined, only objects with matching labels will be subject to validation. When not specified, objects for validation will not be filtered by label.", - "default": {}, - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.apiextensions.v1alpha1.ObservedCRD": { - "description": "ObservedCRD contains information about the observed target CRD.", - "type": "object", - "required": [ - "uid", - "generation" - ], - "properties": { - "generation": { - "description": "generation is the observed generation of the CRD. Must be a positive integer (minimum value of 1).", - "type": "integer", - "format": "int64" - }, - "uid": { - "description": "uid is the uid of the observed CRD. Must be a valid UUID consisting of lowercase hexadecimal digits in 5 hyphenated blocks (8-4-4-4-12 format). Length must be between 1 and 36 characters.", - "type": "string" + "default": "" } } }, - "com.github.openshift.api.apiserver.v1.APIRequestCount": { - "description": "APIRequestCount tracks requests made to an API. The instance name must be of the form `resource.version.group`, matching the resource.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.Proxy": { + "description": "Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "spec" @@ -11837,22 +10686,22 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec defines the characteristics of the resource.", + "description": "spec holds user-settable values for the proxy configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.APIRequestCountSpec" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ProxySpec" }, "status": { - "description": "status contains the observed state of the resource.", + "description": "status holds observed values from the cluster. They may not be overridden.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.APIRequestCountStatus" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ProxyStatus" } } }, - "com.github.openshift.api.apiserver.v1.APIRequestCountList": { - "description": "APIRequestCountList is a list of APIRequestCount resources.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.ProxyList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "metadata", @@ -11867,7 +10716,7 @@ "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.APIRequestCount" + "$ref": "#/definitions/com.github.openshift.api.config.v1.Proxy" } }, "kind": { @@ -11877,270 +10726,321 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.apiserver.v1.APIRequestCountSpec": { - "type": "object", - "properties": { - "numberOfUsersToReport": { - "description": "numberOfUsersToReport is the number of users to include in the report. If unspecified or zero, the default is ten. This is default is subject to change.", - "type": "integer", - "format": "int64", - "default": 0 + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.apiserver.v1.APIRequestCountStatus": { + "com.github.openshift.api.config.v1.ProxySpec": { + "description": "ProxySpec contains cluster proxy creation configuration.", "type": "object", - "required": [ - "requestCount" - ], "properties": { - "conditions": { - "description": "conditions contains details of the current status of this API Resource.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "httpProxy": { + "description": "httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var.", + "type": "string" }, - "currentHour": { - "description": "currentHour contains request history for the current hour. This is porcelain to make the API easier to read by humans seeing if they addressed a problem. This field is reset on the hour.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.PerResourceAPIRequestLog" + "httpsProxy": { + "description": "httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var.", + "type": "string" }, - "last24h": { - "description": "last24h contains request history for the last 24 hours, indexed by the hour, so 12:00AM-12:59 is in index 0, 6am-6:59am is index 6, etc. The index of the current hour is updated live and then duplicated into the requestsLastHour field.", + "noProxy": { + "description": "noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. Empty means unset and will not result in an env var.", + "type": "string" + }, + "readinessEndpoints": { + "description": "readinessEndpoints is a list of endpoints used to verify readiness of the proxy.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.PerResourceAPIRequestLog" + "type": "string", + "default": "" } }, - "removedInRelease": { - "description": "removedInRelease is when the API will be removed.", + "trustedCA": { + "description": "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well.\n\nThe namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml):\n\napiVersion: v1 kind: ConfigMap metadata:\n name: user-ca-bundle\n namespace: openshift-config\n data:\n ca-bundle.crt: |\n -----BEGIN CERTIFICATE-----\n Custom CA certificate bundle.\n -----END CERTIFICATE-----", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + } + } + }, + "com.github.openshift.api.config.v1.ProxyStatus": { + "description": "ProxyStatus shows current known state of the cluster proxy.", + "type": "object", + "properties": { + "httpProxy": { + "description": "httpProxy is the URL of the proxy for HTTP requests.", "type": "string" }, - "requestCount": { - "description": "requestCount is a sum of all requestCounts across all current hours, nodes, and users.", - "type": "integer", - "format": "int64", - "default": 0 + "httpsProxy": { + "description": "httpsProxy is the URL of the proxy for HTTPS requests.", + "type": "string" + }, + "noProxy": { + "description": "noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used.", + "type": "string" } } }, - "com.github.openshift.api.apiserver.v1.PerNodeAPIRequestLog": { - "description": "PerNodeAPIRequestLog contains logs of requests to a certain node.", + "com.github.openshift.api.config.v1.RegistryLocation": { + "description": "RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'.", "type": "object", "required": [ - "nodeName", - "requestCount", - "byUser" + "domainName" ], "properties": { - "byUser": { - "description": "byUser contains request details by top .spec.numberOfUsersToReport users. Note that because in the case of an apiserver, restart the list of top users is determined on a best-effort basis, the list might be imprecise. In addition, some system users may be explicitly included in the list.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.PerUserAPIRequestCount" - } - }, - "nodeName": { - "description": "nodeName where the request are being handled.", + "domainName": { + "description": "domainName specifies a domain name for the registry In case the registry use non-standard (80 or 443) port, the port should be included in the domain name as well.", "type": "string", "default": "" }, - "requestCount": { - "description": "requestCount is a sum of all requestCounts across all users, even those outside of the top 10 users.", - "type": "integer", - "format": "int64", - "default": 0 + "insecure": { + "description": "insecure indicates whether the registry is secure (https) or insecure (http) By default (if not specified) the registry is assumed as secure.", + "type": "boolean" } } }, - "com.github.openshift.api.apiserver.v1.PerResourceAPIRequestLog": { - "description": "PerResourceAPIRequestLog logs request for various nodes.", + "com.github.openshift.api.config.v1.RegistrySources": { + "description": "RegistrySources holds cluster-wide information about how to handle the registries config.", "type": "object", - "required": [ - "requestCount" - ], "properties": { - "byNode": { - "description": "byNode contains logs of requests per node.", + "allowedRegistries": { + "description": "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.PerNodeAPIRequestLog" - } + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "requestCount": { - "description": "requestCount is a sum of all requestCounts across nodes.", - "type": "integer", - "format": "int64", - "default": 0 + "blockedRegistries": { + "description": "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "containerRuntimeSearchRegistries": { + "description": "containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified domains in their pull specs. Registries will be searched in the order provided in the list. Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" + }, + "insecureRegistries": { + "description": "insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.apiserver.v1.PerUserAPIRequestCount": { - "description": "PerUserAPIRequestCount contains logs of a user's requests.", + "com.github.openshift.api.config.v1.Release": { + "description": "Release represents an OpenShift release image and associated metadata.", "type": "object", "required": [ - "username", - "userAgent", - "requestCount", - "byVerb" + "version", + "image" ], "properties": { - "byVerb": { - "description": "byVerb details by verb.", + "architecture": { + "description": "architecture is an optional field that indicates the value of the cluster architecture. In this context cluster architecture means either a single architecture or a multi architecture. Valid values are 'Multi' and empty.", + "type": "string" + }, + "channels": { + "description": "channels is the set of Cincinnati channels to which the release currently belongs.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.PerVerbAPIRequestCount" - } - }, - "requestCount": { - "description": "requestCount of requests by the user across all verbs.", - "type": "integer", - "format": "int64", - "default": 0 + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" }, - "userAgent": { - "description": "userAgent that made the request. The same user often has multiple binaries which connect (pods with many containers). The different binaries will have different userAgents, but the same user. In addition, we have userAgents with version information embedded and the userName isn't likely to change.", + "image": { + "description": "image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.", "type": "string", "default": "" }, - "username": { - "description": "username that made the request.", + "url": { + "description": "url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases.", + "type": "string" + }, + "version": { + "description": "version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified.", "type": "string", "default": "" } } }, - "com.github.openshift.api.apiserver.v1.PerVerbAPIRequestCount": { - "description": "PerVerbAPIRequestCount requestCounts requests by API request verb.", + "com.github.openshift.api.config.v1.RemoteConnectionInfo": { + "description": "RemoteConnectionInfo holds information necessary for establishing a remote connection", "type": "object", "required": [ - "verb", - "requestCount" + "url", + "ca", + "certFile", + "keyFile" ], "properties": { - "requestCount": { - "description": "requestCount of requests for verb.", - "type": "integer", - "format": "int64", - "default": 0 + "ca": { + "description": "ca is the CA for verifying TLS connections", + "type": "string", + "default": "" }, - "verb": { - "description": "verb of API request (get, list, create, etc...)", + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.apps.v1.CustomDeploymentStrategyParams": { - "description": "CustomDeploymentStrategyParams are the input to the Custom deployment strategy.", - "type": "object", - "properties": { - "command": { - "description": "command is optional and overrides CMD in the container Image.", - "type": "array", - "items": { - "type": "string", - "default": "" - } }, - "environment": { - "description": "environment holds the environment which will be given to the container for Image.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" - } + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" }, - "image": { - "description": "image specifies a container image which can carry out a deployment.", - "type": "string" + "url": { + "description": "url is the remote URL to connect to", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.apps.v1.DeploymentCause": { - "description": "DeploymentCause captures information about a particular cause of a deployment.", + "com.github.openshift.api.config.v1.RepositoryDigestMirrors": { + "description": "RepositoryDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config.", "type": "object", "required": [ - "type" + "source" ], "properties": { - "imageTrigger": { - "description": "imageTrigger contains the image trigger details, if this trigger was fired based on an image change", - "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentCauseImageTrigger" + "allowMirrorByTags": { + "description": "allowMirrorByTags if true, the mirrors can be used to pull the images that are referenced by their tags. Default is false, the mirrors only work when pulling the images that are referenced by their digests. Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. Forcing digest-pulls for mirrors avoids that issue.", + "type": "boolean" }, - "type": { - "description": "type of the trigger that resulted in the creation of a new deployment", + "mirrors": { + "description": "mirrors is zero or more repositories that may also contain the same images. If the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec. No mirror will be configured. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. Other cluster configuration, including (but not limited to) other repositoryDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" + }, + "source": { + "description": "source is the repository that users refer to, e.g. in image pull specifications.", "type": "string", "default": "" } } }, - "com.github.openshift.api.apps.v1.DeploymentCauseImageTrigger": { - "description": "DeploymentCauseImageTrigger represents details about the cause of a deployment originating from an image change trigger", + "com.github.openshift.api.config.v1.RequestHeaderIdentityProvider": { + "description": "RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials", "type": "object", "required": [ - "from" + "loginURL", + "challengeURL", + "ca", + "headers", + "preferredUsernameHeaders", + "nameHeaders", + "emailHeaders" ], "properties": { - "from": { - "description": "from is a reference to the changed object which triggered a deployment. The field may have the kinds DockerImage, ImageStreamTag, or ImageStreamImage.", + "ca": { + "description": "ca is a required reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. Specifically, it allows verification of incoming requests to prevent header spoofing. The key \"ca.crt\" is used to locate the data. If the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. The namespace for this config map is openshift-config.", "default": {}, - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + }, + "challengeURL": { + "description": "challengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here. ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}\nRequired when challenge is set to true.", + "type": "string", + "default": "" + }, + "clientCommonNames": { + "description": "clientCommonNames is an optional list of common names to require a match from. If empty, any client certificate validated against the clientCA bundle is considered authoritative.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "emailHeaders": { + "description": "emailHeaders is the set of headers to check for the email address", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "headers": { + "description": "headers is the set of headers to check for identity information", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "loginURL": { + "description": "loginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}\nRequired when login is set to true.", + "type": "string", + "default": "" + }, + "nameHeaders": { + "description": "nameHeaders is the set of headers to check for the display name", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "preferredUsernameHeaders": { + "description": "preferredUsernameHeaders is the set of headers to check for the preferred username", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.apps.v1.DeploymentCondition": { - "description": "DeploymentCondition describes the state of a deployment config at a certain point.", + "com.github.openshift.api.config.v1.RequiredHSTSPolicy": { "type": "object", "required": [ - "type", - "status" + "domainPatterns", + "maxAge" ], "properties": { - "lastTransitionTime": { - "description": "The last time the condition transitioned from one status to another.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "lastUpdateTime": { - "description": "The last time this condition was updated.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "domainPatterns": { + "description": "domainPatterns is a list of domains for which the desired HSTS annotations are required. If domainPatterns is specified and a route is created with a spec.host matching one of the domains, the route must specify the HSTS Policy components described in the matching RequiredHSTSPolicy.\n\nThe use of wildcards is allowed like this: *.foo.com matches everything under foo.com. foo.com only matches foo.com, so to cover foo.com and everything under it, you must specify *both*.", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "message": { - "description": "A human readable message indicating details about the transition.", + "includeSubDomainsPolicy": { + "description": "includeSubDomainsPolicy means the HSTS Policy should apply to any subdomains of the host's domain name. Thus, for the host bar.foo.com, if includeSubDomainsPolicy was set to RequireIncludeSubDomains: - the host app.bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host foo.com would NOT inherit the HSTS Policy of bar.foo.com - the host def.foo.com would NOT inherit the HSTS Policy of bar.foo.com", "type": "string" }, - "reason": { - "description": "The reason for the condition's last transition.", - "type": "string" + "maxAge": { + "description": "maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts. If set to 0, it negates the effect, and hosts are removed as HSTS hosts. If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts. maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS policy will eventually expire on that client.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.MaxAgePolicy" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "type": "string", - "default": "" + "namespaceSelector": { + "description": "namespaceSelector specifies a label selector such that the policy applies only to those routes that are in namespaces with labels that match the selector, and are in one of the DomainPatterns. Defaults to the empty LabelSelector, which matches everything.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" }, - "type": { - "description": "type of deployment condition.", - "type": "string", - "default": "" + "preloadPolicy": { + "description": "preloadPolicy directs the client to include hosts in its host preload list so that it never needs to do an initial load to get the HSTS header (note that this is not defined in RFC 6797 and is therefore client implementation-dependent).", + "type": "string" } } }, - "com.github.openshift.api.apps.v1.DeploymentConfig": { - "description": "Deployment Configs define the template for a pod and manages deploying new images or configuration changes. A single deployment configuration is usually analogous to a single micro-service. Can support many different deployment patterns, including full restart, customizable rolling updates, and fully custom behaviors, as well as pre- and post- deployment hooks. Each individual deployment is represented as a replication controller.\n\nA deployment is \"triggered\" when its configuration is changed or a tag in an Image Stream is changed. Triggers can be disabled to allow manual control over a deployment. The \"strategy\" determines how the deployment is carried out and may be changed at any time. The `latestVersion` field is updated when a new deployment is triggered by any means.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). Deprecated: Use deployments or other means for declarative updates for pods instead.", + "com.github.openshift.api.config.v1.Scheduler": { + "description": "Scheduler holds cluster-wide config information to run the Kubernetes Scheduler and influence its placement decisions. The canonical name for this config is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "spec" @@ -12157,24 +11057,25 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec represents a desired deployment state and how to deploy to it.", + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentConfigSpec" + "$ref": "#/definitions/com.github.openshift.api.config.v1.SchedulerSpec" }, "status": { - "description": "status represents the current deployment state.", + "description": "status holds observed values from the cluster. They may not be overridden.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentConfigStatus" + "$ref": "#/definitions/com.github.openshift.api.config.v1.SchedulerStatus" } } }, - "com.github.openshift.api.apps.v1.DeploymentConfigList": { - "description": "DeploymentConfigList is a collection of deployment configs.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.SchedulerList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -12183,11 +11084,10 @@ "type": "string" }, "items": { - "description": "items is a list of deployment configs", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentConfig" + "$ref": "#/definitions/com.github.openshift.api.config.v1.Scheduler" } }, "kind": { @@ -12197,1362 +11097,1188 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.apps.v1.DeploymentConfigRollback": { - "description": "DeploymentConfigRollback provides the input to rollback generation.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.SchedulerSpec": { "type": "object", - "required": [ - "name", - "spec" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "defaultNodeSelector": { + "description": "defaultNodeSelector helps set the cluster-wide default node selector to restrict pod placement to specific nodes. This is applied to the pods created in all namespaces and creates an intersection with any existing nodeSelectors already set on a pod, additionally constraining that pod's selector. For example, defaultNodeSelector: \"type=user-node,region=east\" would set nodeSelector field in pod spec to \"type=user-node,region=east\" to all pods created in all namespaces. Namespaces having project-wide node selectors won't be impacted even if this field is set. This adds an annotation section to the namespace. For example, if a new namespace is created with node-selector='type=user-node,region=east', the annotation openshift.io/node-selector: type=user-node,region=east gets added to the project. When the openshift.io/node-selector annotation is set on the project the value is used in preference to the value we are setting for defaultNodeSelector field. For instance, openshift.io/node-selector: \"type=user-node,region=west\" means that the default of \"type=user-node,region=east\" set in defaultNodeSelector would not be applied.", "type": "string" }, - "name": { - "description": "name of the deployment config that will be rolled back.", - "type": "string", - "default": "" + "mastersSchedulable": { + "description": "mastersSchedulable allows masters nodes to be schedulable. When this flag is turned on, all the master nodes in the cluster will be made schedulable, so that workload pods can run on them. The default value for this field is false, meaning none of the master nodes are schedulable. Important Note: Once the workload pods start running on the master nodes, extreme care must be taken to ensure that cluster-critical control plane components are not impacted. Please turn on this field after doing due diligence.", + "type": "boolean", + "default": false }, - "spec": { - "description": "spec defines the options to rollback generation.", + "policy": { + "description": "DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. policy is a reference to a ConfigMap containing scheduler policy which has user specified predicates and priorities. If this ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. The namespace for this configmap is openshift-config.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentConfigRollbackSpec" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "updatedAnnotations": { - "description": "updatedAnnotations is a set of new annotations that will be added in the deployment config.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "profile": { + "description": "profile sets which scheduling profile should be set in order to configure scheduling decisions for new pods.\n\nValid values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" Defaults to \"LowNodeUtilization\"", + "type": "string" + }, + "profileCustomizations": { + "description": "profileCustomizations contains configuration for modifying the default behavior of existing scheduler profiles. Deprecated: no longer needed, since DRA is GA starting with 4.21, and is enabled by' default in the cluster, this field will be removed in 4.24.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ProfileCustomizations" } } }, - "com.github.openshift.api.apps.v1.DeploymentConfigRollbackSpec": { - "description": "DeploymentConfigRollbackSpec represents the options for rollback generation.", + "com.github.openshift.api.config.v1.SchedulerStatus": { + "type": "object" + }, + "com.github.openshift.api.config.v1.SecretNameReference": { + "description": "SecretNameReference references a secret in a specific namespace. The namespace must be specified at the point of use.", "type": "object", "required": [ - "from", - "includeTriggers", - "includeTemplate", - "includeReplicationMeta", - "includeStrategy" + "name" ], "properties": { - "from": { - "description": "from points to a ReplicationController which is a deployment.", - "default": {}, - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" - }, - "includeReplicationMeta": { - "description": "includeReplicationMeta specifies whether to include the replica count and selector.", - "type": "boolean", - "default": false - }, - "includeStrategy": { - "description": "includeStrategy specifies whether to include the deployment Strategy.", - "type": "boolean", - "default": false - }, - "includeTemplate": { - "description": "includeTemplate specifies whether to include the PodTemplateSpec.", - "type": "boolean", - "default": false - }, - "includeTriggers": { - "description": "includeTriggers specifies whether to include config Triggers.", - "type": "boolean", - "default": false - }, - "revision": { - "description": "revision to rollback to. If set to 0, rollback to the last revision.", - "type": "integer", - "format": "int64" + "name": { + "description": "name is the metadata.name of the referenced secret", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.apps.v1.DeploymentConfigSpec": { - "description": "DeploymentConfigSpec represents the desired state of the deployment.", + "com.github.openshift.api.config.v1.ServingInfo": { + "description": "ServingInfo holds information about serving web pages", "type": "object", + "required": [ + "bindAddress", + "bindNetwork", + "certFile", + "keyFile" + ], "properties": { - "minReadySeconds": { - "description": "minReadySeconds is the minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)", - "type": "integer", - "format": "int32" - }, - "paused": { - "description": "paused indicates that the deployment config is paused resulting in no new deployments on template changes or changes in the template caused by other triggers.", - "type": "boolean" + "bindAddress": { + "description": "bindAddress is the ip:port to serve on", + "type": "string", + "default": "" }, - "replicas": { - "description": "replicas is the number of desired replicas.", - "type": "integer", - "format": "int32", - "default": 0 + "bindNetwork": { + "description": "bindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", + "type": "string", + "default": "" }, - "revisionHistoryLimit": { - "description": "revisionHistoryLimit is the number of old ReplicationControllers to retain to allow for rollbacks. This field is a pointer to allow for differentiation between an explicit zero and not specified. Defaults to 10. (This only applies to DeploymentConfigs created via the new group API resource, not the legacy resource.)", - "type": "integer", - "format": "int32" + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", + "type": "string", + "default": "" }, - "selector": { - "description": "selector is a label query over pods that should match the Replicas count.", - "type": "object", - "additionalProperties": { + "cipherSuites": { + "description": "cipherSuites contains an overridden list of ciphers for the server to support. Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants", + "type": "array", + "items": { "type": "string", "default": "" } }, - "strategy": { - "description": "strategy describes how a deployment is executed.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentStrategy" + "clientCA": { + "description": "clientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates", + "type": "string" }, - "template": { - "description": "template is the object that describes the pod that will be created if insufficient replicas are detected.", - "$ref": "#/definitions/PodTemplateSpec.v1.core.api.k8s.io" + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" }, - "test": { - "description": "test ensures that this deployment config will have zero replicas except while a deployment is running. This allows the deployment config to be used as a continuous deployment test - triggering on images, running the deployment, and then succeeding or failing. Post strategy hooks and After actions can be used to integrate successful deployment with an action.", - "type": "boolean", - "default": false + "minTLSVersion": { + "description": "minTLSVersion is the minimum TLS version supported. Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants", + "type": "string" }, - "triggers": { - "description": "triggers determine how updates to a DeploymentConfig result in new deployments. If no triggers are defined, a new deployment can only occur as a result of an explicit client update to the DeploymentConfig with a new LatestVersion. If null, defaults to having a config change trigger.", + "namedCertificates": { + "description": "namedCertificates is a list of certificates to use to secure requests to specific hostnames", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentTriggerPolicy" + "$ref": "#/definitions/com.github.openshift.api.config.v1.NamedCertificate" } } } }, - "com.github.openshift.api.apps.v1.DeploymentConfigStatus": { - "description": "DeploymentConfigStatus represents the current deployment state.", + "com.github.openshift.api.config.v1.SignatureStore": { + "description": "SignatureStore represents the URL of custom Signature Store", "type": "object", + "required": [ + "url" + ], "properties": { - "availableReplicas": { - "description": "availableReplicas is the total number of available pods targeted by this deployment config.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "conditions": { - "description": "conditions represents the latest available observations of a deployment config's current state.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentCondition" - }, - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" - }, - "details": { - "description": "details are the reasons for the update to this deployment config. This could be based on a change made by the user or caused by an automatic trigger", - "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentDetails" - }, - "latestVersion": { - "description": "latestVersion is used to determine whether the current deployment associated with a deployment config is out of sync.", - "type": "integer", - "format": "int64", - "default": 0 + "ca": { + "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the signature store is not honored. If the specified ca data is not valid, the signature store is not honored. If empty, we fall back to the CA configured via Proxy, which is appended to the default system roots. The namespace for this config map is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "observedGeneration": { - "description": "observedGeneration is the most recent generation observed by the deployment config controller.", - "type": "integer", - "format": "int64", - "default": 0 + "url": { + "description": "url contains the upstream custom signature store URL. url should be a valid absolute http/https URI of an upstream signature store as per rfc1738. This must be provided and cannot be empty.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.Storage": { + "description": "Storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "persistentVolume": { + "description": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.PersistentVolumeConfig" }, - "readyReplicas": { - "description": "Total number of ready pods targeted by this deployment.", - "type": "integer", - "format": "int32" - }, - "replicas": { - "description": "replicas is the total number of pods targeted by this deployment config.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "unavailableReplicas": { - "description": "unavailableReplicas is the total number of unavailable pods targeted by this deployment config.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "updatedReplicas": { - "description": "updatedReplicas is the total number of non-terminated pods targeted by this deployment config that have the desired template spec.", - "type": "integer", - "format": "int32", - "default": 0 + "type": { + "description": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field.", + "type": "string" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "persistentVolume": "PersistentVolume" + } + } + ] }, - "com.github.openshift.api.apps.v1.DeploymentDetails": { - "description": "DeploymentDetails captures information about the causes of a deployment.", + "com.github.openshift.api.config.v1.StringSource": { + "description": "StringSource allows specifying a string inline, or externally via env var or file. When it contains only a string value, it marshals to a simple JSON string.", "type": "object", "required": [ - "causes" + "value", + "env", + "file", + "keyFile" ], "properties": { - "causes": { - "description": "causes are extended data associated with all the causes for creating a new deployment", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentCause" - } + "env": { + "description": "env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified.", + "type": "string", + "default": "" }, - "message": { - "description": "message is the user specified change message, if this deployment was triggered manually by the user", - "type": "string" - } - } - }, - "com.github.openshift.api.apps.v1.DeploymentLog": { - "description": "DeploymentLog represents the logs for a deployment\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "file": { + "description": "file references a file containing the cleartext value, or an encrypted value if a keyFile is specified.", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "keyFile": { + "description": "keyFile references a file containing the key to use to decrypt the value.", + "type": "string", + "default": "" + }, + "value": { + "description": "value specifies the cleartext value, or an encrypted value if keyFile is specified.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.apps.v1.DeploymentLogOptions": { - "description": "DeploymentLogOptions is the REST options for a deployment log\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.StringSourceSpec": { + "description": "StringSourceSpec specifies a string value, or external location", "type": "object", + "required": [ + "value", + "env", + "file", + "keyFile" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "container": { - "description": "The container for which to stream logs. Defaults to only container if there is one container in the pod.", - "type": "string" - }, - "follow": { - "description": "follow if true indicates that the build log should be streamed until the build terminates.", - "type": "boolean" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "limitBytes": { - "description": "If set, the number of bytes to read from the server before terminating the log output. This may not display a complete final line of logging, and may return slightly more or slightly less than the specified limit.", - "type": "integer", - "format": "int64" - }, - "nowait": { - "description": "nowait if true causes the call to return immediately even if the deployment is not available yet. Otherwise the server will wait until the deployment has started.", - "type": "boolean" - }, - "previous": { - "description": "Return previous deployment logs. Defaults to false.", - "type": "boolean" - }, - "sinceSeconds": { - "description": "A relative time in seconds before the current time from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", - "type": "integer", - "format": "int64" - }, - "sinceTime": { - "description": "An RFC3339 timestamp from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "env": { + "description": "env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified.", + "type": "string", + "default": "" }, - "tailLines": { - "description": "If set, the number of lines from the end of the logs to show. If not specified, logs are shown from the creation of the container or sinceSeconds or sinceTime", - "type": "integer", - "format": "int64" + "file": { + "description": "file references a file containing the cleartext value, or an encrypted value if a keyFile is specified.", + "type": "string", + "default": "" }, - "timestamps": { - "description": "If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line of log output. Defaults to false.", - "type": "boolean" + "keyFile": { + "description": "keyFile references a file containing the key to use to decrypt the value.", + "type": "string", + "default": "" }, - "version": { - "description": "version of the deployment for which to view logs.", - "type": "integer", - "format": "int64" + "value": { + "description": "value specifies the cleartext value, or an encrypted value if keyFile is specified.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.apps.v1.DeploymentRequest": { - "description": "DeploymentRequest is a request to a deployment config for a new deployment.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.TLSProfileSpec": { + "description": "TLSProfileSpec is the desired behavior of a TLSSecurityProfile.", "type": "object", "required": [ - "name", - "latest", - "force" + "ciphers", + "minTLSVersion" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "excludeTriggers": { - "description": "excludeTriggers instructs the instantiator to avoid processing the specified triggers. This field overrides the triggers from latest and allows clients to control specific logic. This field is ignored if not specified.", + "ciphers": { + "description": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", "type": "array", "items": { "type": "string", "default": "" - } - }, - "force": { - "description": "force will try to force a new deployment to run. If the deployment config is paused, then setting this to true will return an Invalid error.", - "type": "boolean", - "default": false - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + }, + "x-kubernetes-list-type": "atomic" }, - "latest": { - "description": "latest will update the deployment config with the latest state from all triggers.", - "type": "boolean", - "default": false + "curves": { + "description": "curves is used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use.\n\nFor example, to use X25519 and P-256 (yaml):\n\n curves:\n - X25519\n - P-256", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" }, - "name": { - "description": "name of the deployment config for requesting a new deployment.", + "minTLSVersion": { + "description": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11", "type": "string", "default": "" } } }, - "com.github.openshift.api.apps.v1.DeploymentStrategy": { - "description": "DeploymentStrategy describes how to perform a deployment.", + "com.github.openshift.api.config.v1.TLSSecurityProfile": { + "description": "TLSSecurityProfile defines the schema for a TLS security profile. This object is used by operators to apply TLS security settings to operands.", "type": "object", "properties": { - "activeDeadlineSeconds": { - "description": "activeDeadlineSeconds is the duration in seconds that the deployer pods for this deployment config may be active on a node before the system actively tries to terminate them.", - "type": "integer", - "format": "int64" - }, - "annotations": { - "description": "annotations is a set of key, value pairs added to custom deployer and lifecycle pre/post hook pods.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "customParams": { - "description": "customParams are the input to the Custom deployment strategy, and may also be specified for the Recreate and Rolling strategies to customize the execution process that runs the deployment.", - "$ref": "#/definitions/com.github.openshift.api.apps.v1.CustomDeploymentStrategyParams" - }, - "labels": { - "description": "labels is a set of key, value pairs added to custom deployer and lifecycle pre/post hook pods.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "custom": { + "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic.\n\nThe curve list for this profile is empty by default.\n\nAn example custom profile looks like this:\n\n minTLSVersion: VersionTLS11\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256", + "$ref": "#/definitions/com.github.openshift.api.config.v1.CustomTLSProfile" }, - "recreateParams": { - "description": "recreateParams are the input to the Recreate deployment strategy.", - "$ref": "#/definitions/com.github.openshift.api.apps.v1.RecreateDeploymentStrategyParams" + "intermediate": { + "description": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe cipher list includes TLS 1.3 ciphers for forward compatibility, followed by the \"intermediate\" profile ciphers.\n\nThe curve list includes by default the following curves: X25519, P-256, P-384, P-521, X25519MLKEM768, P256r1MLKEM768, P384r1MLKEM1024.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384", + "$ref": "#/definitions/com.github.openshift.api.config.v1.IntermediateTLSProfile" }, - "resources": { - "description": "resources contains resource requirements to execute the deployment and any hooks.", - "default": {}, - "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" + "modern": { + "description": "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: X25519, P-256, P-384, P-521, X25519MLKEM768, P256r1MLKEM768, P384r1MLKEM1024. This profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256", + "$ref": "#/definitions/com.github.openshift.api.config.v1.ModernTLSProfile" }, - "rollingParams": { - "description": "rollingParams are the input to the Rolling deployment strategy.", - "$ref": "#/definitions/com.github.openshift.api.apps.v1.RollingDeploymentStrategyParams" + "old": { + "description": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe cipher list includes TLS 1.3 ciphers for forward compatibility, followed by the \"old\" profile ciphers.\n\nThe curve list includes by default the following curves: X25519, P-256, P-384, P-521, X25519MLKEM768, P256r1MLKEM768, P384r1MLKEM1024.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n - DHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - DHE-RSA-AES128-SHA256\n - DHE-RSA-AES256-SHA256\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", + "$ref": "#/definitions/com.github.openshift.api.config.v1.OldTLSProfile" }, "type": { - "description": "type is the name of a deployment strategy.", - "type": "string" + "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe profiles are currently based on version 5.0 of the Mozilla Server Side TLS configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.", + "type": "string", + "default": "" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "custom": "Custom", + "intermediate": "Intermediate", + "modern": "Modern", + "old": "Old" + } + } + ] + }, + "com.github.openshift.api.config.v1.TemplateReference": { + "description": "TemplateReference references a template in a specific namespace. The namespace must be specified at the point of use.", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "name is the metadata.name of the referenced project request template", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.apps.v1.DeploymentTriggerImageChangeParams": { - "description": "DeploymentTriggerImageChangeParams represents the parameters to the ImageChange trigger.", + "com.github.openshift.api.config.v1.TestDetails": { "type": "object", "required": [ - "from" + "testName" ], "properties": { - "automatic": { - "description": "automatic means that the detection of a new tag value should result in an image update inside the pod template.", - "type": "boolean" - }, - "containerNames": { - "description": "containerNames is used to restrict tag updates to the specified set of container names in a pod. If multiple triggers point to the same containers, the resulting behavior is undefined. Future API versions will make this a validation error. If ContainerNames does not point to a valid container, the trigger will be ignored. Future API versions will make this a validation error.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "from": { - "description": "from is a reference to an image stream tag to watch for changes. From.Name is the only required subfield - if From.Namespace is blank, the namespace of the current deployment trigger will be used.", - "default": {}, - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" - }, - "lastTriggeredImage": { - "description": "lastTriggeredImage is the last image to be triggered.", - "type": "string" + "testName": { + "description": "testName is the name of the test as it appears in junit XMLs. It does not include the suite name since the same test can be executed in many suites.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.apps.v1.DeploymentTriggerPolicy": { - "description": "DeploymentTriggerPolicy describes a policy for a single trigger that results in a new deployment.", + "com.github.openshift.api.config.v1.TestReporting": { + "description": "TestReporting is used for origin (and potentially others) to report the test names for a given FeatureGate into the payload for later analysis on a per-payload basis. This doesn't need any CRD because it's never stored in the cluster.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "spec" + ], "properties": { - "imageChangeParams": { - "description": "imageChangeParams represents the parameters for the ImageChange trigger.", - "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentTriggerImageChangeParams" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "type": { - "description": "type of the trigger", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.TestReportingSpec" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.TestReportingStatus" } } }, - "com.github.openshift.api.apps.v1.ExecNewPodHook": { - "description": "ExecNewPodHook is a hook implementation which runs a command in a new pod based on the specified container which is assumed to be part of the deployment template.", + "com.github.openshift.api.config.v1.TestReportingSpec": { "type": "object", "required": [ - "command", - "containerName" + "testsForFeatureGates" ], "properties": { - "command": { - "description": "command is the action command and its arguments.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "containerName": { - "description": "containerName is the name of a container in the deployment pod template whose container image will be used for the hook pod's container.", - "type": "string", - "default": "" - }, - "env": { - "description": "env is a set of environment variables to supply to the hook pod's container.", + "testsForFeatureGates": { + "description": "testsForFeatureGates is a list, indexed by FeatureGate and includes information about testing.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" - } - }, - "volumes": { - "description": "volumes is a list of named volumes from the pod template which should be copied to the hook pod. Volumes names not found in pod spec are ignored. An empty list means no volumes will be copied.", - "type": "array", - "items": { - "type": "string", - "default": "" + "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGateTests" } } } }, - "com.github.openshift.api.apps.v1.LifecycleHook": { - "description": "LifecycleHook defines a specific deployment lifecycle action. Only one type of action may be specified at any time.", + "com.github.openshift.api.config.v1.TestReportingStatus": { + "type": "object" + }, + "com.github.openshift.api.config.v1.TokenClaimMapping": { + "description": "TokenClaimMapping allows specifying a JWT token claim to be used when mapping claims from an authentication token to cluster identities.", "type": "object", "required": [ - "failurePolicy" + "claim" ], "properties": { - "execNewPod": { - "description": "execNewPod specifies the options for a lifecycle hook backed by a pod.", - "$ref": "#/definitions/com.github.openshift.api.apps.v1.ExecNewPodHook" - }, - "failurePolicy": { - "description": "failurePolicy specifies what action to take if the hook fails.", + "claim": { + "description": "claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping.", "type": "string", "default": "" - }, - "tagImages": { - "description": "tagImages instructs the deployer to tag the current image referenced under a container onto an image stream tag.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apps.v1.TagImageHook" - } } } }, - "com.github.openshift.api.apps.v1.RecreateDeploymentStrategyParams": { - "description": "RecreateDeploymentStrategyParams are the input to the Recreate deployment strategy.", + "com.github.openshift.api.config.v1.TokenClaimMappings": { "type": "object", + "required": [ + "username" + ], "properties": { - "mid": { - "description": "mid is a lifecycle hook which is executed while the deployment is scaled down to zero before the first new pod is created. All LifecycleHookFailurePolicy values are supported.", - "$ref": "#/definitions/com.github.openshift.api.apps.v1.LifecycleHook" + "extra": { + "description": "extra is an optional field for configuring the mappings used to construct the extra attribute for the cluster identity. When omitted, no extra attributes will be present on the cluster identity.\n\nkey values for extra mappings must be unique. A maximum of 32 extra attribute mappings may be provided.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ExtraMapping" + }, + "x-kubernetes-list-map-keys": [ + "key" + ], + "x-kubernetes-list-type": "map" }, - "post": { - "description": "post is a lifecycle hook which is executed after the strategy has finished all deployment logic. All LifecycleHookFailurePolicy values are supported.", - "$ref": "#/definitions/com.github.openshift.api.apps.v1.LifecycleHook" + "groups": { + "description": "groups is an optional field that configures how the groups of a cluster identity should be constructed from the claims in a JWT token issued by the identity provider.\n\nWhen referencing a claim, if the claim is present in the JWT token, its value must be a list of groups separated by a comma (',').\n\nFor example - '\"example\"' and '\"exampleOne\", \"exampleTwo\", \"exampleThree\"' are valid claim values.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.PrefixedClaimMapping" }, - "pre": { - "description": "pre is a lifecycle hook which is executed before the strategy manipulates the deployment. All LifecycleHookFailurePolicy values are supported.", - "$ref": "#/definitions/com.github.openshift.api.apps.v1.LifecycleHook" + "uid": { + "description": "uid is an optional field for configuring the claim mapping used to construct the uid for the cluster identity.\n\nWhen using uid.claim to specify the claim it must be a single string value. When using uid.expression the expression must result in a single string value.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a default, which is subject to change over time.\n\nThe current default is to use the 'sub' claim.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenClaimOrExpressionMapping" }, - "timeoutSeconds": { - "description": "timeoutSeconds is the time to wait for updates before giving up. If the value is nil, a default will be used.", - "type": "integer", - "format": "int64" + "username": { + "description": "username is a required field that configures how the username of a cluster identity should be constructed from the claims in a JWT token issued by the identity provider.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.UsernameClaimMapping" } } }, - "com.github.openshift.api.apps.v1.RollingDeploymentStrategyParams": { - "description": "RollingDeploymentStrategyParams are the input to the Rolling deployment strategy.", + "com.github.openshift.api.config.v1.TokenClaimOrExpressionMapping": { + "description": "TokenClaimOrExpressionMapping allows specifying either a JWT token claim or CEL expression to be used when mapping claims from an authentication token to cluster identities.", "type": "object", "properties": { - "intervalSeconds": { - "description": "intervalSeconds is the time to wait between polling deployment status after update. If the value is nil, a default will be used.", - "type": "integer", - "format": "int64" - }, - "maxSurge": { - "description": "maxSurge is the maximum number of pods that can be scheduled above the original number of pods. Value can be an absolute number (ex: 5) or a percentage of total pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up.\n\nThis cannot be 0 if MaxUnavailable is 0. By default, 25% is used.\n\nExample: when this is set to 30%, the new RC can be scaled up by 30% immediately when the rolling update starts. Once old pods have been killed, new RC can be scaled up further, ensuring that total number of pods running at any time during the update is atmost 130% of original pods.", - "$ref": "#/definitions/IntOrString.intstr.util.pkg.apimachinery.k8s.io" - }, - "maxUnavailable": { - "description": "maxUnavailable is the maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total pods at the start of update (ex: 10%). Absolute number is calculated from percentage by rounding down.\n\nThis cannot be 0 if MaxSurge is 0. By default, 25% is used.\n\nExample: when this is set to 30%, the old RC can be scaled down by 30% immediately when the rolling update starts. Once new pods are ready, old RC can be scaled down further, followed by scaling up the new RC, ensuring that at least 70% of original number of pods are available at all times during the update.", - "$ref": "#/definitions/IntOrString.intstr.util.pkg.apimachinery.k8s.io" - }, - "post": { - "description": "post is a lifecycle hook which is executed after the strategy has finished all deployment logic. All LifecycleHookFailurePolicy values are supported.", - "$ref": "#/definitions/com.github.openshift.api.apps.v1.LifecycleHook" - }, - "pre": { - "description": "pre is a lifecycle hook which is executed before the deployment process begins. All LifecycleHookFailurePolicy values are supported.", - "$ref": "#/definitions/com.github.openshift.api.apps.v1.LifecycleHook" - }, - "timeoutSeconds": { - "description": "timeoutSeconds is the time to wait for updates before giving up. If the value is nil, a default will be used.", - "type": "integer", - "format": "int64" + "claim": { + "description": "claim is an optional field for specifying the JWT token claim that is used in the mapping. The value of this claim will be assigned to the field in which this mapping is associated.\n\nPrecisely one of claim or expression must be set. claim must not be specified when expression is set. When specified, claim must be at least 1 character in length and must not exceed 256 characters in length.", + "type": "string" }, - "updatePeriodSeconds": { - "description": "updatePeriodSeconds is the time to wait between individual pod updates. If the value is nil, a default will be used.", - "type": "integer", - "format": "int64" + "expression": { + "description": "expression is an optional field for specifying a CEL expression that produces a string value from JWT token claims.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'. 'claims' is a map of claim names to claim values. For example, the 'sub' claim value can be accessed as 'claims.sub'. Nested claims can be accessed using dot notation ('claims.foo.bar').\n\nPrecisely one of claim or expression must be set. expression must not be specified when claim is set. When specified, expression must be at least 1 character in length and must not exceed 1024 characters in length.", + "type": "string" } } }, - "com.github.openshift.api.apps.v1.TagImageHook": { - "description": "TagImageHook is a request to tag the image in a particular container onto an ImageStreamTag.", + "com.github.openshift.api.config.v1.TokenClaimValidationCELRule": { "type": "object", "required": [ - "containerName", - "to" + "expression", + "message" ], "properties": { - "containerName": { - "description": "containerName is the name of a container in the deployment config whose image value will be used as the source of the tag. If there is only a single container this value will be defaulted to the name of that container.", - "type": "string", - "default": "" + "expression": { + "description": "expression is a CEL expression evaluated against token claims. expression is required, must be at least 1 character in length and must not exceed 1024 characters. The expression must return a boolean value where 'true' signals a valid token and 'false' an invalid one.", + "type": "string" }, - "to": { - "description": "to is the target ImageStreamTag to set the container's image onto.", - "default": {}, - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + "message": { + "description": "message is a required human-readable message to be logged by the Kubernetes API server if the CEL expression defined in 'expression' fails. message must be at least 1 character in length and must not exceed 256 characters.", + "type": "string" } } }, - "com.github.openshift.api.authorization.v1.Action": { - "description": "Action describes a request to the API server", + "com.github.openshift.api.config.v1.TokenClaimValidationRule": { + "description": "TokenClaimValidationRule represents a validation rule based on token claims. If type is RequiredClaim, requiredClaim must be set. If Type is CEL, CEL must be set and RequiredClaim must be omitted.", "type": "object", "required": [ - "namespace", - "verb", - "resourceAPIGroup", - "resourceAPIVersion", - "resource", - "resourceName", - "path", - "isNonResourceURL" + "type" ], "properties": { - "content": { - "description": "content is the actual content of the request for create and update", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "cel": { + "description": "cel holds the CEL expression and message for validation. Must be set when Type is \"CEL\", and forbidden otherwise.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenClaimValidationCELRule" }, - "isNonResourceURL": { - "description": "isNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hierarchy)", - "type": "boolean", - "default": false + "requiredClaim": { + "description": "requiredClaim allows configuring a required claim name and its expected value. This field is required when `type` is set to RequiredClaim, and must be omitted when `type` is set to any other value. The Kubernetes API server uses this field to validate if an incoming JWT is valid for this identity provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenRequiredClaim" }, - "namespace": { - "description": "namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces", - "type": "string", - "default": "" - }, - "path": { - "description": "path is the path of a non resource URL", - "type": "string", - "default": "" - }, - "resource": { - "description": "resource is one of the existing resource types", - "type": "string", - "default": "" - }, - "resourceAPIGroup": { - "description": "Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined", - "type": "string", - "default": "" - }, - "resourceAPIVersion": { - "description": "Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined", - "type": "string", - "default": "" - }, - "resourceName": { - "description": "resourceName is the name of the resource being requested for a \"get\" or deleted for a \"delete\"", - "type": "string", - "default": "" - }, - "verb": { - "description": "verb is one of: get, list, watch, create, update, delete", + "type": { + "description": "type is an optional field that configures the type of the validation rule.\n\nAllowed values are \"RequiredClaim\" and \"CEL\".\n\nWhen set to 'RequiredClaim', the Kubernetes API server will be configured to validate that the incoming JWT contains the required claim and that its value matches the required value.\n\nWhen set to 'CEL', the Kubernetes API server will be configured to validate the incoming JWT against the configured CEL expression.", "type": "string", "default": "" } } }, - "com.github.openshift.api.authorization.v1.ClusterRole": { - "description": "ClusterRole is a logical grouping of PolicyRules that can be referenced as a unit by ClusterRoleBindings.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.TokenConfig": { + "description": "TokenConfig holds the necessary configuration options for authorization and access tokens", "type": "object", - "required": [ - "rules" - ], "properties": { - "aggregationRule": { - "description": "aggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller.", - "$ref": "#/definitions/AggregationRule.v1.rbac.api.k8s.io" - }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "accessTokenInactivityTimeout": { + "description": "accessTokenInactivityTimeout defines the token inactivity timeout for tokens granted by any client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Takes valid time duration string such as \"5m\", \"1.5h\" or \"2h45m\". The minimum allowed value for duration is 300s (5 minutes). If the timeout is configured per client, then that value takes precedence. If the timeout value is not specified and the client does not override the value, then tokens are valid until their lifetime.\n\nWARNING: existing tokens' timeout will not be affected (lowered) by changing this value", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "accessTokenInactivityTimeoutSeconds": { + "description": "accessTokenInactivityTimeoutSeconds - DEPRECATED: setting this field has no effect.", + "type": "integer", + "format": "int32" }, - "rules": { - "description": "rules holds all the PolicyRules for this ClusterRole", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.PolicyRule" - } + "accessTokenMaxAgeSeconds": { + "description": "accessTokenMaxAgeSeconds defines the maximum age of access tokens", + "type": "integer", + "format": "int32" } } }, - "com.github.openshift.api.authorization.v1.ClusterRoleBinding": { - "description": "ClusterRoleBinding references a ClusterRole, but not contain it. It can reference any ClusterRole in the same namespace or in the global namespace. It adds who information via (Users and Groups) OR Subjects and namespace information by which namespace it exists in. ClusterRoleBindings in a given namespace only have effect in that namespace (excepting the master namespace which has power in all namespaces).\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.TokenIssuer": { "type": "object", "required": [ - "subjects", - "roleRef" + "issuerURL", + "audiences" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "groupNames": { - "description": "groupNames holds all the groups directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.", + "audiences": { + "description": "audiences is a required field that configures the acceptable audiences the JWT token, issued by the identity provider, must be issued to. At least one of the entries must match the 'aud' claim in the JWT token.\n\naudiences must contain at least one entry and must not exceed ten entries.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "set" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "discoveryURL": { + "description": "discoveryURL is an optional field that, if specified, overrides the default discovery endpoint used to retrieve OIDC configuration metadata. By default, the discovery URL is derived from `issuerURL` as \"{issuerURL}/.well-known/openid-configuration\".\n\nThe discoveryURL must be a valid absolute HTTPS URL. It must not contain query parameters, user information, or fragments. Additionally, it must differ from the value of `issuerURL` (ignoring trailing slashes). The discoveryURL value must be at least 1 character long and no longer than 2048 characters.", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "roleRef": { - "description": "roleRef can only reference the current namespace and the global namespace. If the ClusterRoleRef cannot be resolved, the Authorizer must return an error. Since Policy is a singleton, this is sufficient knowledge to locate a role.", + "issuerCertificateAuthority": { + "description": "issuerCertificateAuthority is an optional field that configures the certificate authority, used by the Kubernetes API server, to validate the connection to the identity provider when fetching discovery information.\n\nWhen not specified, the system trust is used.\n\nWhen specified, it must reference a ConfigMap in the openshift-config namespace containing the PEM-encoded CA certificates under the 'ca-bundle.crt' key in the data field of the ConfigMap.", "default": {}, - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" - }, - "subjects": { - "description": "subjects hold object references to authorize with this rule. This field is ignored if UserNames or GroupNames are specified to support legacy clients and servers. Thus newer clients that do not need to support backwards compatibility should send only fully qualified Subjects and should omit the UserNames and GroupNames fields. Clients that need to support backwards compatibility can use this field to build the UserNames and GroupNames.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" - } + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "userNames": { - "description": "userNames holds all the usernames directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "issuerURL": { + "description": "issuerURL is a required field that configures the URL used to issue tokens by the identity provider. The Kubernetes API server determines how authentication tokens should be handled by matching the 'iss' claim in the JWT to the issuerURL of configured identity providers.\n\nMust be at least 1 character and must not exceed 512 characters in length. Must be a valid URL that uses the 'https' scheme and does not contain a query, fragment or user.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.authorization.v1.ClusterRoleBindingList": { - "description": "ClusterRoleBindingList is a collection of ClusterRoleBindings\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.TokenRequiredClaim": { "type": "object", "required": [ - "items" + "claim", + "requiredValue" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is a list of ClusterRoleBindings", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.ClusterRoleBinding" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "claim": { + "description": "claim is a required field that configures the name of the required claim. When taken from the JWT claims, claim must be a string value.\n\nclaim must not be an empty string (\"\").", + "type": "string", + "default": "" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "requiredValue": { + "description": "requiredValue is a required field that configures the value that 'claim' must have when taken from the incoming JWT claims. If the value in the JWT claims does not match, the token will be rejected for authentication.\n\nrequiredValue must not be an empty string (\"\").", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.authorization.v1.ClusterRoleList": { - "description": "ClusterRoleList is a collection of ClusterRoles\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.TokenUserValidationRule": { + "description": "TokenUserValidationRule provides a CEL-based rule used to validate a token subject. Each rule contains a CEL expression that is evaluated against the token’s claims.", "type": "object", "required": [ - "items" + "expression", + "message" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "expression": { + "description": "expression is a required CEL expression that performs a validation on cluster user identity attributes like username, groups, etc.\n\nThe expression must evaluate to a boolean value. When the expression evaluates to 'true', the cluster user identity is considered valid. When the expression evaluates to 'false', the cluster user identity is not considered valid. expression must be at least 1 character in length and must not exceed 1024 characters.", "type": "string" }, - "items": { - "description": "items is a list of ClusterRoles", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.ClusterRole" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "message": { + "description": "message is a required human-readable message to be logged by the Kubernetes API server if the CEL expression defined in 'expression' fails. message must be at least 1 character in length and must not exceed 256 characters.", "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.authorization.v1.GroupRestriction": { - "description": "GroupRestriction matches a group either by a string match on the group name or a label selector applied to group labels.", + "com.github.openshift.api.config.v1.Update": { + "description": "Update represents an administrator update request.", "type": "object", - "required": [ - "groups", - "labels" - ], "properties": { - "groups": { - "description": "groups is a list of groups used to match against an individual user's groups. If the user is a member of one of the whitelisted groups, the user is allowed to be bound to a role.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "labels": { - "description": "Selectors specifies a list of label selectors over group labels.", + "acceptRisks": { + "description": "acceptRisks is an optional set of names of conditional update risks that are considered acceptable. A conditional update is performed only if all of its risks are acceptable. This list may contain entries that apply to current, previous or future updates. The entries therefore may not map directly to a risk in .status.conditionalUpdateRisks. acceptRisks must not contain more than 1000 entries. Entries in this list must be unique.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - } - }, - "com.github.openshift.api.authorization.v1.IsPersonalSubjectAccessReview": { - "description": "IsPersonalSubjectAccessReview is a marker for PolicyRule.AttributeRestrictions that denotes that subjectaccessreviews on self should be allowed\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - } - } - }, - "com.github.openshift.api.authorization.v1.LocalResourceAccessReview": { - "description": "LocalResourceAccessReview is a means to request a list of which users and groups are authorized to perform the action specified by spec in a particular namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "namespace", - "verb", - "resourceAPIGroup", - "resourceAPIVersion", - "resource", - "resourceName", - "path", - "isNonResourceURL" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "content": { - "description": "content is the actual content of the request for create and update", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" - }, - "isNonResourceURL": { - "description": "isNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hierarchy)", - "type": "boolean", - "default": false - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "namespace": { - "description": "namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces", - "type": "string", - "default": "" - }, - "path": { - "description": "path is the path of a non resource URL", - "type": "string", - "default": "" - }, - "resource": { - "description": "resource is one of the existing resource types", - "type": "string", - "default": "" + "$ref": "#/definitions/com.github.openshift.api.config.v1.AcceptRisk" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "resourceAPIGroup": { - "description": "Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined", + "architecture": { + "description": "architecture is an optional field that indicates the desired value of the cluster architecture. In this context cluster architecture means either a single architecture or a multi architecture. architecture can only be set to Multi thereby only allowing updates from single to multi architecture. If architecture is set, image cannot be set and version must be set. Valid values are 'Multi' and empty.", "type": "string", "default": "" }, - "resourceAPIVersion": { - "description": "Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined", - "type": "string", - "default": "" + "force": { + "description": "force allows an administrator to update to an image that has failed verification or upgradeable checks that are designed to keep your cluster safe. Only use this if: * you are testing unsigned release images in short-lived test clusters or * you are working around a known bug in the cluster-version\n operator and you have verified the authenticity of the provided\n image yourself.\nThe provided image will run with full administrative access to the cluster. Do not use this flag with images that come from unknown or potentially malicious sources.", + "type": "boolean", + "default": false }, - "resourceName": { - "description": "resourceName is the name of the resource being requested for a \"get\" or deleted for a \"delete\"", + "image": { + "description": "image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. When image is set, architecture cannot be specified. If both version and image are set, the version extracted from the referenced image must match the specified version.", "type": "string", "default": "" }, - "verb": { - "description": "verb is one of: get, list, watch, create, update, delete", + "version": { + "description": "version is a semantic version identifying the update version. version is required if architecture is specified. If both version and image are set, the version extracted from the referenced image must match the specified version.", "type": "string", "default": "" } } }, - "com.github.openshift.api.authorization.v1.LocalSubjectAccessReview": { - "description": "LocalSubjectAccessReview is an object for requesting information about whether a user or group can perform an action in a particular namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.UpdateHistory": { + "description": "UpdateHistory is a single attempted update to the cluster.", "type": "object", "required": [ - "namespace", - "verb", - "resourceAPIGroup", - "resourceAPIVersion", - "resource", - "resourceName", - "path", - "isNonResourceURL", - "user", - "groups", - "scopes" + "state", + "startedTime", + "completionTime", + "image", + "verified" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "content": { - "description": "content is the actual content of the request for create and update", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" - }, - "groups": { - "description": "groups is optional. Groups is the list of groups to which the User belongs.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "isNonResourceURL": { - "description": "isNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hierarchy)", - "type": "boolean", - "default": false - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "acceptedRisks": { + "description": "acceptedRisks records risks which were accepted to initiate the update. For example, it may mention an Upgradeable=False or missing signature that was overridden via desiredUpdate.force, or an update that was initiated despite not being in the availableUpdates set of recommended update targets.", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "namespace": { - "description": "namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces", - "type": "string", - "default": "" - }, - "path": { - "description": "path is the path of a non resource URL", - "type": "string", - "default": "" - }, - "resource": { - "description": "resource is one of the existing resource types", - "type": "string", - "default": "" + "completionTime": { + "description": "completionTime, if set, is when the update was fully applied. The update that is currently being applied will have a null completion time. Completion time will always be set for entries that are not the current update (usually to the started time of the next update).", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, - "resourceAPIGroup": { - "description": "Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined", + "image": { + "description": "image is a container image location that contains the update. This value is always populated.", "type": "string", "default": "" }, - "resourceAPIVersion": { - "description": "Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined", - "type": "string", - "default": "" + "startedTime": { + "description": "startedTime is the time at which the update was started.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, - "resourceName": { - "description": "resourceName is the name of the resource being requested for a \"get\" or deleted for a \"delete\"", + "state": { + "description": "state reflects whether the update was fully applied. The Partial state indicates the update is not fully applied, while the Completed state indicates the update was successfully rolled out at least once (all parts of the update successfully applied).", "type": "string", "default": "" }, - "scopes": { - "description": "scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\". Nil for a self-SAR, means \"use the scopes on this request\". Nil for a regular SAR, means the same as empty.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "user": { - "description": "user is optional. If both User and Groups are empty, the current authenticated user is used.", - "type": "string", - "default": "" + "verified": { + "description": "verified indicates whether the provided update was properly verified before it was installed. If this is false the cluster may not be trusted. Verified does not cover upgradeable checks that depend on the cluster state at the time when the update target was accepted.", + "type": "boolean", + "default": false }, - "verb": { - "description": "verb is one of: get, list, watch, create, update, delete", + "version": { + "description": "version is a semantic version identifying the update version. If the requested image does not define a version, or if a failure occurs retrieving the image, this value may be empty.", "type": "string", "default": "" } } }, - "com.github.openshift.api.authorization.v1.NamedClusterRole": { - "description": "NamedClusterRole relates a name with a cluster role", + "com.github.openshift.api.config.v1.UsernameClaimMapping": { "type": "object", "required": [ - "name", - "role" + "claim" ], "properties": { - "name": { - "description": "name is the name of the cluster role", + "claim": { + "description": "claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping.\n\nclaim must not be an empty string (\"\") and must not exceed 256 characters.", "type": "string", "default": "" }, - "role": { - "description": "role is the cluster role being named", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.ClusterRole" + "prefix": { + "description": "prefix configures the prefix that should be prepended to the value of the JWT claim.\n\nprefix must be set when prefixPolicy is set to 'Prefix' and must be unset otherwise.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.UsernamePrefix" + }, + "prefixPolicy": { + "description": "prefixPolicy is an optional field that configures how a prefix should be applied to the value of the JWT claim specified in the 'claim' field.\n\nAllowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string).\n\nWhen set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim.\n\nThe prefix field must be set when prefixPolicy is 'Prefix'.\n\nWhen set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim.\n\nWhen omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'.\n\nAs an example, consider the following scenario:\n\n `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`,\n the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\",\n and `claim` is set to:\n - \"username\": the mapped value will be \"https://myoidc.tld#userA\"\n - \"email\": the mapped value will be \"userA@myoidc.tld\"", + "type": "string", + "default": "" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "prefixPolicy", + "fields-to-discriminateBy": { + "claim": "Claim", + "prefix": "Prefix" + } + } + ] }, - "com.github.openshift.api.authorization.v1.NamedClusterRoleBinding": { - "description": "NamedClusterRoleBinding relates a name with a cluster role binding", + "com.github.openshift.api.config.v1.UsernamePrefix": { + "description": "UsernamePrefix configures the string that should be used as a prefix for username claim mappings.", "type": "object", "required": [ - "name", - "roleBinding" + "prefixString" ], "properties": { - "name": { - "description": "name is the name of the cluster role binding", + "prefixString": { + "description": "prefixString is a required field that configures the prefix that will be applied to cluster identity username attribute during the process of mapping JWT claims to cluster identity attributes.\n\nprefixString must not be an empty string (\"\").", "type": "string", "default": "" - }, - "roleBinding": { - "description": "roleBinding is the cluster role binding being named", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.ClusterRoleBinding" } } }, - "com.github.openshift.api.authorization.v1.NamedRole": { - "description": "NamedRole relates a Role with a name", + "com.github.openshift.api.config.v1.VSphereFailureDomainHostGroup": { + "description": "VSphereFailureDomainHostGroup holds the vmGroup and the hostGroup names in vCenter corresponds to a vm-host group of type Virtual Machine and Host respectively. Is also contains the vmHostRule which is an affinity vm-host rule in vCenter.", "type": "object", "required": [ - "name", - "role" + "vmGroup", + "hostGroup", + "vmHostRule" ], "properties": { - "name": { - "description": "name is the name of the role", + "hostGroup": { + "description": "hostGroup is the name of the vm-host group of type host within vCenter for this failure domain. hostGroup is limited to 80 characters. This field is required when the VSphereFailureDomain ZoneType is HostGroup", "type": "string", "default": "" }, - "role": { - "description": "role is the role being named", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.Role" + "vmGroup": { + "description": "vmGroup is the name of the vm-host group of type virtual machine within vCenter for this failure domain. vmGroup is limited to 80 characters. This field is required when the VSphereFailureDomain ZoneType is HostGroup", + "type": "string", + "default": "" + }, + "vmHostRule": { + "description": "vmHostRule is the name of the affinity vm-host rule within vCenter for this failure domain. vmHostRule is limited to 80 characters. This field is required when the VSphereFailureDomain ZoneType is HostGroup", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.authorization.v1.NamedRoleBinding": { - "description": "NamedRoleBinding relates a role binding with a name", + "com.github.openshift.api.config.v1.VSphereFailureDomainRegionAffinity": { + "description": "VSphereFailureDomainRegionAffinity contains the region type which is the string representation of the VSphereFailureDomainRegionType with available options of Datacenter and ComputeCluster.", "type": "object", "required": [ - "name", - "roleBinding" + "type" ], "properties": { - "name": { - "description": "name is the name of the role binding", + "type": { + "description": "type determines the vSphere object type for a region within this failure domain. Available types are Datacenter and ComputeCluster. When set to Datacenter, this means the vCenter Datacenter defined is the region. When set to ComputeCluster, this means the vCenter cluster defined is the region.\n\nPossible enum values:\n - `\"ComputeCluster\"` is a failure domain region for a vCenter compute cluster.\n - `\"Datacenter\"` is a failure domain region for a vCenter datacenter.", "type": "string", - "default": "" - }, - "roleBinding": { - "description": "roleBinding is the role binding being named", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.RoleBinding" + "default": "", + "enum": [ + "ComputeCluster", + "Datacenter" + ] } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": {} + } + ] }, - "com.github.openshift.api.authorization.v1.PolicyRule": { - "description": "PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.", + "com.github.openshift.api.config.v1.VSphereFailureDomainZoneAffinity": { + "description": "VSphereFailureDomainZoneAffinity contains the vCenter cluster vm-host group (virtual machine and host types) and the vm-host affinity rule that together creates an affinity configuration for vm-host based zonal. This configuration within vCenter creates the required association between a failure domain, virtual machines and ESXi hosts to create a vm-host based zone.", "type": "object", "required": [ - "verbs", - "resources" + "type" ], "properties": { - "apiGroups": { - "description": "apiGroups is the name of the APIGroup that contains the resources. If this field is empty, then both kubernetes and origin API groups are assumed. That means that if an action is requested against one of the enumerated resources in either the kubernetes or the origin API group, the request will be allowed", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "attributeRestrictions": { - "description": "attributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder pair supports. If the Authorizer does not recognize how to handle the AttributeRestrictions, the Authorizer should report an error.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "hostGroup": { + "description": "hostGroup holds the vmGroup and the hostGroup names in vCenter corresponds to a vm-host group of type Virtual Machine and Host respectively. Is also contains the vmHostRule which is an affinity vm-host rule in vCenter.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.VSphereFailureDomainHostGroup" }, - "nonResourceURLs": { - "description": "NonResourceURLsSlice is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path This name is intentionally different than the internal type so that the DefaultConvert works nicely and because the ordering may be different.", - "type": "array", - "items": { - "type": "string", - "default": "" + "type": { + "description": "type determines the vSphere object type for a zone within this failure domain. Available types are ComputeCluster and HostGroup. When set to ComputeCluster, this means the vCenter cluster defined is the zone. When set to HostGroup, hostGroup must be configured with hostGroup, vmGroup and vmHostRule and this means the zone is defined by the grouping of those fields.\n\nPossible enum values:\n - `\"ComputeCluster\"` is a failure domain zone for a vCenter compute cluster.\n - `\"HostGroup\"` is a failure domain zone for a vCenter vm-host group.", + "type": "string", + "default": "", + "enum": [ + "ComputeCluster", + "HostGroup" + ] + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "hostGroup": "HostGroup" } + } + ] + }, + "com.github.openshift.api.config.v1.VSpherePlatformFailureDomainSpec": { + "description": "VSpherePlatformFailureDomainSpec holds the region and zone failure domain and the vCenter topology of that failure domain.", + "type": "object", + "required": [ + "name", + "region", + "zone", + "server", + "topology" + ], + "properties": { + "name": { + "description": "name defines the arbitrary but unique name of a failure domain.", + "type": "string", + "default": "" }, - "resourceNames": { - "description": "resourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.", + "region": { + "description": "region defines the name of a region tag that will be attached to a vCenter datacenter. The tag category in vCenter must be named openshift-region.", + "type": "string", + "default": "" + }, + "regionAffinity": { + "description": "regionAffinity holds the type of region, Datacenter or ComputeCluster. When set to Datacenter, this means the region is a vCenter Datacenter as defined in topology. When set to ComputeCluster, this means the region is a vCenter Cluster as defined in topology.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.VSphereFailureDomainRegionAffinity" + }, + "server": { + "description": "server is the fully-qualified domain name or the IP address of the vCenter server.", + "type": "string", + "default": "" + }, + "topology": { + "description": "topology describes a given failure domain using vSphere constructs", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformTopology" + }, + "zone": { + "description": "zone defines the name of a zone tag that will be attached to a vCenter cluster. The tag category in vCenter must be named openshift-zone.", + "type": "string", + "default": "" + }, + "zoneAffinity": { + "description": "zoneAffinity holds the type of the zone and the hostGroup which vmGroup and the hostGroup names in vCenter corresponds to a vm-host group of type Virtual Machine and Host respectively. Is also contains the vmHostRule which is an affinity vm-host rule in vCenter.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.VSphereFailureDomainZoneAffinity" + } + } + }, + "com.github.openshift.api.config.v1.VSpherePlatformLoadBalancer": { + "description": "VSpherePlatformLoadBalancer defines the load balancer used by the cluster on VSphere platform.", + "type": "object", + "properties": { + "type": { + "description": "type defines the type of load balancer used by the cluster on VSphere platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", + "type": "string", + "default": "OpenShiftManagedDefault" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": {} + } + ] + }, + "com.github.openshift.api.config.v1.VSpherePlatformNodeNetworking": { + "description": "VSpherePlatformNodeNetworking holds the external and internal node networking spec.", + "type": "object", + "properties": { + "external": { + "description": "external represents the network configuration of the node that is externally routable.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformNodeNetworkingSpec" + }, + "internal": { + "description": "internal represents the network configuration of the node that is routable only within the cluster.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformNodeNetworkingSpec" + } + } + }, + "com.github.openshift.api.config.v1.VSpherePlatformNodeNetworkingSpec": { + "description": "VSpherePlatformNodeNetworkingSpec holds the network CIDR(s) and port group name for including and excluding IP ranges in the cloud provider. This would be used for example when multiple network adapters are attached to a guest to help determine which IP address the cloud config manager should use for the external and internal node networking.", + "type": "object", + "properties": { + "excludeNetworkSubnetCidr": { + "description": "excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting the IP address from the VirtualMachine's VM for use in the status.addresses fields.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" }, - "resources": { - "description": "resources is a list of resources this rule applies to. ResourceAll represents all resources.", + "network": { + "description": "network VirtualMachine's VM Network names that will be used to when searching for status.addresses fields. Note that if internal.networkSubnetCIDR and external.networkSubnetCIDR are not set, then the vNIC associated to this network must only have a single IP address assigned to it. The available networks (port groups) can be listed using `govc ls 'network/*'`", + "type": "string" + }, + "networkSubnetCidr": { + "description": "networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs that will be used in respective status.addresses fields.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "set" + } + } + }, + "com.github.openshift.api.config.v1.VSpherePlatformSpec": { + "description": "VSpherePlatformSpec holds the desired state of the vSphere infrastructure provider. In the future the cloud provider operator, storage operator and machine operator will use these fields for configuration.", + "type": "object", + "properties": { + "apiServerInternalIPs": { + "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "verbs": { - "description": "verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.", + "failureDomains": { + "description": "failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformFailureDomainSpec" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "ingressIPs": { + "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" + }, + "machineNetworks": { + "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example \"10.0.0.0/8\" or \"fd00::/8\".", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "nodeNetworking": { + "description": "nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformNodeNetworking" + }, + "vcenters": { + "description": "vcenters holds the connection details for services to communicate with vCenter. Currently, only a single vCenter is supported, but in tech preview 3 vCenters are supported. Once the cluster has been installed, you are unable to change the current number of defined vCenters except in the case where the cluster has been upgraded from a version of OpenShift where the vsphere platform spec was not present. You may make modifications to the existing vCenters that are defined in the vcenters list in order to match with any added or modified failure domains.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformVCenterSpec" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.authorization.v1.ResourceAccessReview": { - "description": "ResourceAccessReview is a means to request a list of which users and groups are authorized to perform the action specified by spec\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.VSpherePlatformStatus": { + "description": "VSpherePlatformStatus holds the current status of the vSphere infrastructure provider.", "type": "object", "required": [ - "namespace", - "verb", - "resourceAPIGroup", - "resourceAPIVersion", - "resource", - "resourceName", - "path", - "isNonResourceURL" + "apiServerInternalIPs", + "ingressIPs" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "content": { - "description": "content is the actual content of the request for create and update", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" - }, - "isNonResourceURL": { - "description": "isNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hierarchy)", - "type": "boolean", - "default": false - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "apiServerInternalIP": { + "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "namespace": { - "description": "namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces", - "type": "string", - "default": "" + "apiServerInternalIPs": { + "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "path": { - "description": "path is the path of a non resource URL", + "dnsRecordsType": { + "description": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.\n\nPossible enum values:\n - `\"External\"`\n - `\"Internal\"`", "type": "string", - "default": "" + "enum": [ + "External", + "Internal" + ] }, - "resource": { - "description": "resource is one of the existing resource types", - "type": "string", - "default": "" + "ingressIP": { + "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", + "type": "string" }, - "resourceAPIGroup": { - "description": "Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined", - "type": "string", - "default": "" + "ingressIPs": { + "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "resourceAPIVersion": { - "description": "Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined", - "type": "string", - "default": "" + "loadBalancer": { + "description": "loadBalancer defines how the load balancer used by the cluster is configured.", + "default": { + "type": "OpenShiftManagedDefault" + }, + "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformLoadBalancer" }, - "resourceName": { - "description": "resourceName is the name of the resource being requested for a \"get\" or deleted for a \"delete\"", - "type": "string", - "default": "" + "machineNetworks": { + "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "verb": { - "description": "verb is one of: get, list, watch, create, update, delete", - "type": "string", - "default": "" + "nodeDNSIP": { + "description": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", + "type": "string" } } }, - "com.github.openshift.api.authorization.v1.ResourceAccessReviewResponse": { - "description": "ResourceAccessReviewResponse describes who can perform the action\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.VSpherePlatformTopology": { + "description": "VSpherePlatformTopology holds the required and optional vCenter objects - datacenter, computeCluster, networks, datastore and resourcePool - to provision virtual machines.", "type": "object", "required": [ - "users", - "groups", - "evalutionError" + "datacenter", + "computeCluster", + "networks", + "datastore" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "computeCluster": { + "description": "computeCluster the absolute path of the vCenter cluster in which virtual machine will be located. The absolute path is of the form //host/. The maximum length of the path is 2048 characters.", + "type": "string", + "default": "" }, - "evalutionError": { - "description": "EvaluationError is an indication that some error occurred during resolution, but partial results can still be returned. It is entirely possible to get an error and be able to continue determine authorization status in spite of it. This is most common when a bound role is missing, but enough roles are still present and bound to reason about the request.", + "datacenter": { + "description": "datacenter is the name of vCenter datacenter in which virtual machines will be located. The maximum length of the datacenter name is 80 characters.", "type": "string", "default": "" }, - "groups": { - "description": "GroupsSlice is the list of groups who can perform the action", + "datastore": { + "description": "datastore is the absolute path of the datastore in which the virtual machine is located. The absolute path is of the form //datastore/ The maximum length of the path is 2048 characters.", + "type": "string", + "default": "" + }, + "folder": { + "description": "folder is the absolute path of the folder where virtual machines are located. The absolute path is of the form //vm/. The maximum length of the path is 2048 characters.", + "type": "string" + }, + "networks": { + "description": "networks is the list of port group network names within this failure domain. If feature gate VSphereMultiNetworks is enabled, up to 10 network adapters may be defined. 10 is the maximum number of virtual network devices which may be attached to a VM as defined by: https://configmax.esp.vmware.com/guest?vmwareproduct=vSphere&release=vSphere%208.0&categories=1-0 The available networks (port groups) can be listed using `govc ls 'network/*'` Networks should be in the form of an absolute path: //network/.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "resourcePool": { + "description": "resourcePool is the absolute path of the resource pool where virtual machines will be created. The absolute path is of the form //host//Resources/. The maximum length of the path is 2048 characters.", "type": "string" }, - "namespace": { - "description": "namespace is the namespace used for the access review", + "template": { + "description": "template is the full inventory path of the virtual machine or template that will be cloned when creating new machines in this failure domain. The maximum length of the path is 2048 characters.\n\nWhen omitted, the template will be calculated by the control plane machineset operator based on the region and zone defined in VSpherePlatformFailureDomainSpec. For example, for zone=zonea, region=region1, and infrastructure name=test, the template path would be calculated as //vm/test-rhcos-region1-zonea.", "type": "string" - }, - "users": { - "description": "UsersSlice is the list of users who can perform the action", + } + } + }, + "com.github.openshift.api.config.v1.VSpherePlatformVCenterSpec": { + "description": "VSpherePlatformVCenterSpec stores the vCenter connection fields. This is used by the vSphere CCM.", + "type": "object", + "required": [ + "server", + "datacenters" + ], + "properties": { + "datacenters": { + "description": "The vCenter Datacenters in which the RHCOS vm guests are located. This field will be used by the Cloud Controller Manager. Each datacenter listed here should be used within a topology.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "set" + }, + "port": { + "description": "port is the TCP port that will be used to communicate to the vCenter endpoint. When omitted, this means the user has no opinion and it is up to the platform to choose a sensible default, which is subject to change over time.", + "type": "integer", + "format": "int32" + }, + "server": { + "description": "server is the fully-qualified domain name or the IP address of the vCenter server.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.authorization.v1.Role": { - "description": "Role is a logical grouping of PolicyRules that can be referenced as a unit by RoleBindings.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.WebhookTokenAuthenticator": { + "description": "webhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator", "type": "object", "required": [ - "rules" + "kubeConfig" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "kubeConfig": { + "description": "kubeConfig references a secret that contains kube config file data which describes how to access the remote webhook service. The namespace for the referenced secret is openshift-config.\n\nFor further details, see:\n\nhttps://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication\n\nThe key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored.", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "rules": { - "description": "rules holds all the PolicyRules for this Role", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.PolicyRule" - } + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" } } }, - "com.github.openshift.api.authorization.v1.RoleBinding": { - "description": "RoleBinding references a Role, but not contain it. It can reference any Role in the same namespace or in the global namespace. It adds who information via (Users and Groups) OR Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace (excepting the master namespace which has power in all namespaces).\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1alpha1.AlertmanagerConfig": { + "description": "alertmanagerConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", "type": "object", "required": [ - "subjects", - "roleRef" + "deploymentMode" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "customConfig": { + "description": "customConfig must be set when deploymentMode is CustomConfig, and must be unset otherwise. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.AlertmanagerCustomConfig" + }, + "deploymentMode": { + "description": "deploymentMode determines whether the default Alertmanager instance should be deployed as part of the monitoring stack. Allowed values are Disabled, DefaultConfig, and CustomConfig. When set to Disabled, the Alertmanager instance will not be deployed. When set to DefaultConfig, the platform will deploy Alertmanager with default settings. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1alpha1.AlertmanagerCustomConfig": { + "description": "AlertmanagerCustomConfig represents the configuration for a custom Alertmanager deployment. alertmanagerCustomConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", + "type": "object", + "properties": { + "logLevel": { + "description": "logLevel defines the verbosity of logs emitted by Alertmanager. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", "type": "string" }, - "groupNames": { - "description": "groupNames holds all the groups directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.", - "type": "array", - "items": { + "nodeSelector": { + "description": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", + "type": "object", + "additionalProperties": { "type": "string", "default": "" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "roleRef": { - "description": "roleRef can only reference the current namespace and the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. Since Policy is a singleton, this is sufficient knowledge to locate a role.", - "default": {}, - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" - }, - "subjects": { - "description": "subjects hold object references to authorize with this rule. This field is ignored if UserNames or GroupNames are specified to support legacy clients and servers. Thus newer clients that do not need to support backwards compatibility should send only fully qualified Subjects and should omit the UserNames and GroupNames fields. Clients that need to support backwards compatibility can use this field to build the UserNames and GroupNames.", + "resources": { + "description": "resources defines the compute resource requests and limits for the Alertmanager container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" - } + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "userNames": { - "description": "userNames holds all the usernames directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.", + "secrets": { + "description": "secrets defines a list of secrets that need to be mounted into the Alertmanager. The secrets must reside within the same namespace as the Alertmanager object. They will be added as volumes named secret- and mounted at /etc/alertmanager/secrets/ within the 'alertmanager' container of the Alertmanager Pods.\n\nThese secrets can be used to authenticate Alertmanager with endpoint receivers. For example, you can use secrets to: - Provide certificates for TLS authentication with receivers that require private CA certificates - Store credentials for Basic HTTP authentication with receivers that require password-based auth - Store any other authentication credentials needed by your alert receivers\n\nThis field is optional. Maximum length for this list is 10. Minimum length for this list is 1. Entries in this list must be unique.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "set" + }, + "tolerations": { + "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" + }, + "x-kubernetes-list-type": "atomic" + }, + "topologySpreadConstraints": { + "description": "topologySpreadConstraints defines rules for how Alertmanager Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint" + }, + "x-kubernetes-list-map-keys": [ + "topologyKey", + "whenUnsatisfiable" + ], + "x-kubernetes-list-type": "map" + }, + "volumeClaimTemplate": { + "description": "volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class, volume size, and name. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. This field is optional.", + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaim" } } }, - "com.github.openshift.api.authorization.v1.RoleBindingList": { - "description": "RoleBindingList is a collection of RoleBindings\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1alpha1.Audit": { + "description": "Audit profile configurations", "type": "object", "required": [ - "items" + "profile" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is a list of RoleBindings", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.RoleBinding" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "profile": { + "description": "profile is a required field for configuring the audit log level of the Kubernetes Metrics Server. Allowed values are None, Metadata, Request, or RequestResponse. When set to None, audit logging is disabled and no audit events are recorded. When set to Metadata, only request metadata (such as requesting user, timestamp, resource, verb, etc.) is logged, but not the request or response body. When set to Request, event metadata and the request body are logged, but not the response body. When set to RequestResponse, event metadata, request body, and response body are all logged, providing the most detailed audit information.\n\nSee: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#audit-policy for more information about auditing and log levels.", "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.authorization.v1.RoleBindingRestriction": { - "description": "RoleBindingRestriction is an object that can be matched against a subject (user, group, or service account) to determine whether rolebindings on that subject are allowed in the namespace to which the RoleBindingRestriction belongs. If any one of those RoleBindingRestriction objects matches a subject, rolebindings on that subject in the namespace are allowed.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1alpha1.Backup": { + "description": "Backup provides configuration for performing backups of the openshift cluster.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "metadata", "spec" ], "properties": { @@ -13567,19 +12293,25 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec defines the matcher.", + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.RoleBindingRestrictionSpec" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.BackupSpec" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.BackupStatus" } } }, - "com.github.openshift.api.authorization.v1.RoleBindingRestrictionList": { - "description": "RoleBindingRestrictionList is a collection of RoleBindingRestriction objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1alpha1.BackupList": { + "description": "BackupList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -13588,11 +12320,10 @@ "type": "string" }, "items": { - "description": "items is a list of RoleBindingRestriction objects.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.RoleBindingRestriction" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Backup" } }, "kind": { @@ -13602,37 +12333,62 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.authorization.v1.RoleBindingRestrictionSpec": { - "description": "RoleBindingRestrictionSpec defines a rolebinding restriction. Exactly one field must be non-nil.", + "com.github.openshift.api.config.v1alpha1.BackupSpec": { "type": "object", "required": [ - "userrestriction", - "grouprestriction", - "serviceaccountrestriction" + "etcd" ], "properties": { - "grouprestriction": { - "description": "grouprestriction matches against group subjects.", - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.GroupRestriction" + "etcd": { + "description": "etcd specifies the configuration for periodic backups of the etcd cluster", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.EtcdBackupSpec" + } + } + }, + "com.github.openshift.api.config.v1alpha1.BackupStatus": { + "type": "object" + }, + "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfig": { + "description": "CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is \"cluster\". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "required": [ + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "serviceaccountrestriction": { - "description": "serviceaccountrestriction matches against service-account subjects.", - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.ServiceAccountRestriction" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "userrestriction": { - "description": "userrestriction matches against user subjects.", - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.UserRestriction" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec defines the desired configuration of the CRI-O Credential Provider. This field is required and must be provided when creating the resource.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigSpec" + }, + "status": { + "description": "status represents the current state of the CRIOCredentialProviderConfig. When omitted or nil, it indicates that the status has not yet been set by the controller. The controller will populate this field with validation conditions and operational state.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigStatus" } } }, - "com.github.openshift.api.authorization.v1.RoleList": { - "description": "RoleList is a collection of Roles\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigList": { + "description": "CRIOCredentialProviderConfigList contains a list of CRIOCredentialProviderConfig resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -13641,11 +12397,10 @@ "type": "string" }, "items": { - "description": "items is a list of Roles", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.Role" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfig" } }, "kind": { @@ -13655,12 +12410,45 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.authorization.v1.SelfSubjectRulesReview": { - "description": "SelfSubjectRulesReview is a resource you can create to determine which actions you can perform in a namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigSpec": { + "description": "CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider.", + "type": "object", + "properties": { + "matchImages": { + "description": "matchImages is a list of string patterns used to determine whether the CRI-O credential provider should be invoked for a given image. This list is passed to the kubelet CredentialProviderConfig, and if any pattern matches the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling that image or its mirrors. Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider. Conflicts between the existing platform specific provider image match configuration and this list will be handled by the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those from the CRIOCredentialProviderConfig when both match the same image. To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml). You can check the resource's Status conditions to see if any entries were ignored due to exact matches with known built-in provider patterns.\n\nThis field is optional, the items of the list must contain between 1 and 50 entries. The list is treated as a set, so duplicate entries are not allowed.\n\nFor more details, see: https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/ https://github.com/cri-o/crio-credential-provider#architecture\n\nEach entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters. Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io', and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net'). A global wildcard '*' (matching any domain) is not allowed. Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path. For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not. Each wildcard matches only a single domain label, so '*.io' does **not** match '*.k8s.io'.\n\nA match exists between an image and a matchImage when all of the below are true: Both contain the same number of domain parts and each part matches. The URL path of an matchImages must be a prefix of the target image URL path. If the matchImages contains a port, then the port must match in the image as well.\n\nExample values of matchImages: - 123456789.dkr.ecr.us-east-1.amazonaws.com - *.azurecr.io - gcr.io - *.*.registry.io - registry.io:8080/path", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" + } + } + }, + "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigStatus": { + "description": "CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig", + "type": "object", + "properties": { + "conditions": { + "description": "conditions represent the latest available observations of the configuration state. When omitted, it indicates that no conditions have been reported yet. The maximum number of conditions is 16. Conditions are stored as a map keyed by condition type, ensuring uniqueness.\n\nExpected condition types include: \"Validated\": indicates whether the matchImages configuration is valid", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.config.v1alpha1.ClusterImagePolicy": { + "description": "ClusterImagePolicy holds cluster-wide configuration for image signature verification\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ "spec" @@ -13677,216 +12465,251 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec adds information about how to conduct the check", + "description": "spec contains the configuration for the cluster image policy.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.SelfSubjectRulesReviewSpec" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ClusterImagePolicySpec" }, "status": { - "description": "status is completed by the server to tell which permissions you have", + "description": "status contains the observed state of the resource.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.SubjectRulesReviewStatus" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ClusterImagePolicyStatus" } } }, - "com.github.openshift.api.authorization.v1.SelfSubjectRulesReviewSpec": { - "description": "SelfSubjectRulesReviewSpec adds information about how to conduct the check", + "com.github.openshift.api.config.v1alpha1.ClusterImagePolicyList": { + "description": "ClusterImagePolicyList is a list of ClusterImagePolicy resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "scopes" + "metadata", + "items" ], "properties": { - "scopes": { - "description": "scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\". Nil means \"use the scopes on this request\".", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ClusterImagePolicy" } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.authorization.v1.ServiceAccountReference": { - "description": "ServiceAccountReference specifies a service account and namespace by their names.", + "com.github.openshift.api.config.v1alpha1.ClusterImagePolicySpec": { + "description": "CLusterImagePolicySpec is the specification of the ClusterImagePolicy custom resource.", "type": "object", "required": [ - "name", - "namespace" + "scopes", + "policy" ], "properties": { - "name": { - "description": "name is the name of the service account.", - "type": "string", - "default": "" + "policy": { + "description": "policy contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ImageSigstoreVerificationPolicy" }, - "namespace": { - "description": "namespace is the namespace of the service account. Service accounts from inside the whitelisted namespaces are allowed to be bound to roles. If Namespace is empty, then the namespace of the RoleBindingRestriction in which the ServiceAccountReference is embedded is used.", - "type": "string", - "default": "" + "scopes": { + "description": "scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" } } }, - "com.github.openshift.api.authorization.v1.ServiceAccountRestriction": { - "description": "ServiceAccountRestriction matches a service account by a string match on either the service-account name or the name of the service account's namespace.", + "com.github.openshift.api.config.v1alpha1.ClusterImagePolicyStatus": { "type": "object", - "required": [ - "serviceaccounts", - "namespaces" - ], "properties": { - "namespaces": { - "description": "namespaces specifies a list of literal namespace names.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "serviceaccounts": { - "description": "serviceaccounts specifies a list of literal service-account names.", + "conditions": { + "description": "conditions provide details on the status of this API Resource.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.ServiceAccountReference" - } + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.authorization.v1.SubjectAccessReview": { - "description": "SubjectAccessReview is an object for requesting information about whether a user or group can perform an action\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1alpha1.ClusterMonitoring": { + "description": "ClusterMonitoring is the Custom Resource object which holds the current status of Cluster Monitoring Operator. CMO is a central component of the monitoring stack.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. ClusterMonitoring is the Schema for the Cluster Monitoring Operators API", "type": "object", "required": [ - "namespace", - "verb", - "resourceAPIGroup", - "resourceAPIVersion", - "resource", - "resourceName", - "path", - "isNonResourceURL", - "user", - "groups", - "scopes" + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "content": { - "description": "content is the actual content of the request for create and update", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "groups": { - "description": "GroupsSlice is optional. Groups is the list of groups to which the User belongs.", + "metadata": { + "description": "metadata is the standard object metadata.", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec holds user configuration for the Cluster Monitoring Operator", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ClusterMonitoringSpec" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ClusterMonitoringStatus" + } + } + }, + "com.github.openshift.api.config.v1alpha1.ClusterMonitoringList": { + "description": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is a list of ClusterMonitoring", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ClusterMonitoring" } }, - "isNonResourceURL": { - "description": "isNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hierarchy)", - "type": "boolean", - "default": false - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard list metadata.", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "namespace": { - "description": "namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces", - "type": "string", - "default": "" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + } + }, + "com.github.openshift.api.config.v1alpha1.ClusterMonitoringSpec": { + "description": "ClusterMonitoringSpec defines the desired state of Cluster Monitoring Operator", + "type": "object", + "properties": { + "alertmanagerConfig": { + "description": "alertmanagerConfig allows users to configure how the default Alertmanager instance should be deployed in the `openshift-monitoring` namespace. alertmanagerConfig is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `DefaultConfig`.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.AlertmanagerConfig" }, - "path": { - "description": "path is the path of a non resource URL", - "type": "string", - "default": "" + "metricsServerConfig": { + "description": "metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.MetricsServerConfig" }, - "resource": { - "description": "resource is one of the existing resource types", - "type": "string", - "default": "" + "prometheusOperatorConfig": { + "description": "prometheusOperatorConfig is an optional field that can be used to configure the Prometheus Operator component. Specifically, it can configure how the Prometheus Operator instance is deployed, pod scheduling, and resource allocation. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig" }, - "resourceAPIGroup": { - "description": "Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined", - "type": "string", - "default": "" + "userDefined": { + "description": "userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. userDefined is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `Disabled`.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring" + } + } + }, + "com.github.openshift.api.config.v1alpha1.ClusterMonitoringStatus": { + "description": "ClusterMonitoringStatus defines the observed state of ClusterMonitoring", + "type": "object" + }, + "com.github.openshift.api.config.v1alpha1.ContainerResource": { + "description": "ContainerResource defines a single resource requirement for a container.", + "type": "object", + "required": [ + "name" + ], + "properties": { + "limit": { + "description": "limit is the maximum amount of the resource allowed (e.g. \"2Mi\", \"1Gi\"). This field is optional. When request is specified, limit cannot be less than request. The value must be greater than 0 when specified.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" }, - "resourceAPIVersion": { - "description": "Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined", - "type": "string", - "default": "" + "name": { + "description": "name of the resource (e.g. \"cpu\", \"memory\", \"hugepages-2Mi\"). This field is required. name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character.", + "type": "string" }, - "resourceName": { - "description": "resourceName is the name of the resource being requested for a \"get\" or deleted for a \"delete\"", + "request": { + "description": "request is the minimum amount of the resource required (e.g. \"2Mi\", \"1Gi\"). This field is optional. When limit is specified, request cannot be greater than limit.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + } + } + }, + "com.github.openshift.api.config.v1alpha1.EtcdBackupSpec": { + "description": "EtcdBackupSpec provides configuration for automated etcd backups to the cluster-etcd-operator", + "type": "object", + "properties": { + "pvcName": { + "description": "pvcName specifies the name of the PersistentVolumeClaim (PVC) which binds a PersistentVolume where the etcd backup files would be saved The PVC itself must always be created in the \"openshift-etcd\" namespace If the PVC is left unspecified \"\" then the platform will choose a reasonable default location to save the backup. In the future this would be backups saved across the control-plane master nodes.", "type": "string", "default": "" }, - "scopes": { - "description": "scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\". Nil for a self-SAR, means \"use the scopes on this request\". Nil for a regular SAR, means the same as empty.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "retentionPolicy": { + "description": "retentionPolicy defines the retention policy for retaining and deleting existing backups.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RetentionPolicy" }, - "user": { - "description": "user is optional. If both User and Groups are empty, the current authenticated user is used.", + "schedule": { + "description": "schedule defines the recurring backup schedule in Cron format every 2 hours: 0 */2 * * * every day at 3am: 0 3 * * * Empty string means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. The current default is \"no backups\", but will change in the future.", "type": "string", "default": "" }, - "verb": { - "description": "verb is one of: get, list, watch, create, update, delete", + "timeZone": { + "description": "The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. If not specified, this will default to the time zone of the kube-controller-manager process. See https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones", "type": "string", "default": "" } } }, - "com.github.openshift.api.authorization.v1.SubjectAccessReviewResponse": { - "description": "SubjectAccessReviewResponse describes whether or not a user or group can perform an action\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1alpha1.GatherConfig": { + "description": "gatherConfig provides data gathering configuration options.", "type": "object", - "required": [ - "allowed" - ], "properties": { - "allowed": { - "description": "allowed is required. True if the action would be allowed, false otherwise.", - "type": "boolean", - "default": false - }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "evaluationError": { - "description": "evaluationError is an indication that some error occurred during the authorization check. It is entirely possible to get an error and be able to continue determine authorization status in spite of it. This is most common when a bound role is missing, but enough roles are still present and bound to reason about the request.", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "dataPolicy": { + "description": "dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. Valid values are \"None\" and \"ObfuscateNetworking\". When set to None the data is not obfuscated. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", "type": "string" }, - "namespace": { - "description": "namespace is the namespace used for the access review", - "type": "string" + "disabledGatherers": { + "description": "disabledGatherers is a list of gatherers to be excluded from the gathering. All the gatherers can be disabled by providing \"all\" value. If all the gatherers are disabled, the Insights operator does not gather any data. The format for the disabledGatherer should be: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\" An example of disabling gatherers looks like this: `disabledGatherers: [\"clusterconfig/machine_configs\", \"workloads/workload_info\"]`", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "reason": { - "description": "reason is optional. It indicates why a request was allowed or denied.", - "type": "string" + "storage": { + "description": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Storage" } } }, - "com.github.openshift.api.authorization.v1.SubjectRulesReview": { - "description": "SubjectRulesReview is a resource you can create to determine which actions another user can perform in a namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1alpha1.ImagePolicy": { + "description": "ImagePolicy holds namespace-wide configuration for image signature verification\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ "spec" @@ -13903,243 +12726,182 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec adds information about how to conduct the check", + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.SubjectRulesReviewSpec" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ImagePolicySpec" }, "status": { - "description": "status is completed by the server to tell which permissions you have", + "description": "status contains the observed state of the resource.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.SubjectRulesReviewStatus" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ImagePolicyStatus" } } }, - "com.github.openshift.api.authorization.v1.SubjectRulesReviewSpec": { - "description": "SubjectRulesReviewSpec adds information about how to conduct the check", + "com.github.openshift.api.config.v1alpha1.ImagePolicyFulcioCAWithRekorRootOfTrust": { + "description": "ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key.", "type": "object", "required": [ - "user", - "groups", - "scopes" + "fulcioCAData", + "rekorKeyData", + "fulcioSubject" ], "properties": { - "groups": { - "description": "groups is optional. Groups is the list of groups to which the User belongs. At least one of User and Groups must be specified.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "fulcioCAData": { + "description": "fulcioCAData contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters.", + "type": "string", + "format": "byte" }, - "scopes": { - "description": "scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\".", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "fulcioSubject": { + "description": "fulcioSubject specifies OIDC issuer and the email of the Fulcio authentication configuration.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PolicyFulcioSubject" }, - "user": { - "description": "user is optional. At least one of User and Groups must be specified.", + "rekorKeyData": { + "description": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", "type": "string", - "default": "" + "format": "byte" } } }, - "com.github.openshift.api.authorization.v1.SubjectRulesReviewStatus": { - "description": "SubjectRulesReviewStatus is contains the result of a rules check", + "com.github.openshift.api.config.v1alpha1.ImagePolicyList": { + "description": "ImagePolicyList is a list of ImagePolicy resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { - "evaluationError": { - "description": "evaluationError can appear in combination with Rules. It means some error happened during evaluation that may have prevented additional rules from being populated.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "rules": { - "description": "rules is the list of rules (no particular sort) that are allowed for the subject", + "items": { "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.PolicyRule" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ImagePolicy" } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.authorization.v1.UserRestriction": { - "description": "UserRestriction matches a user either by a string match on the user name, a string match on the name of a group to which the user belongs, or a label selector applied to the user labels.", + "com.github.openshift.api.config.v1alpha1.ImagePolicyPKIRootOfTrust": { + "description": "ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates.", "type": "object", "required": [ - "users", - "groups", - "labels" + "caRootsData", + "pkiCertificateSubject" ], "properties": { - "groups": { - "description": "groups specifies a list of literal group names.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "caIntermediatesData": { + "description": "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set.", + "type": "string", + "format": "byte" }, - "labels": { - "description": "Selectors specifies a list of label selectors over user labels.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" - } + "caRootsData": { + "description": "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters.", + "type": "string", + "format": "byte" }, - "users": { - "description": "users specifies a list of literal user names.", + "pkiCertificateSubject": { + "description": "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PKICertificateSubject" + } + } + }, + "com.github.openshift.api.config.v1alpha1.ImagePolicyPublicKeyRootOfTrust": { + "description": "ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key.", + "type": "object", + "required": [ + "keyData" + ], + "properties": { + "keyData": { + "description": "keyData contains inline base64-encoded data for the PEM format public key. KeyData must be at most 8192 characters.", + "type": "string", + "format": "byte" + }, + "rekorKeyData": { + "description": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", + "type": "string", + "format": "byte" + } + } + }, + "com.github.openshift.api.config.v1alpha1.ImagePolicySpec": { + "description": "ImagePolicySpec is the specification of the ImagePolicy CRD.", + "type": "object", + "required": [ + "scopes", + "policy" + ], + "properties": { + "policy": { + "description": "policy contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ImageSigstoreVerificationPolicy" + }, + "scopes": { + "description": "scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "set" } } }, - "com.github.openshift.api.build.v1.BinaryBuildRequestOptions": { - "description": "BinaryBuildRequestOptions are the options required to fully speficy a binary build request\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1alpha1.ImagePolicyStatus": { "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "asFile": { - "description": "asFile determines if the binary should be created as a file within the source rather than extracted as an archive", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "revision.authorEmail": { - "description": "revision.authorEmail of the source control user", - "type": "string" - }, - "revision.authorName": { - "description": "revision.authorName of the source control user", - "type": "string" - }, - "revision.commit": { - "description": "revision.commit is the value identifying a specific commit", - "type": "string" - }, - "revision.committerEmail": { - "description": "revision.committerEmail of the source control user", - "type": "string" - }, - "revision.committerName": { - "description": "revision.committerName of the source control user", - "type": "string" - }, - "revision.message": { - "description": "revision.message is the description of a specific commit", - "type": "string" - } - } - }, - "com.github.openshift.api.build.v1.BinaryBuildSource": { - "description": "BinaryBuildSource describes a binary file to be used for the Docker and Source build strategies, where the file will be extracted and used as the build source.", - "type": "object", - "properties": { - "asFile": { - "description": "asFile indicates that the provided binary input should be considered a single file within the build input. For example, specifying \"webapp.war\" would place the provided binary as `/webapp.war` for the builder. If left empty, the Docker and Source build strategies assume this file is a zip, tar, or tar.gz file and extract it as the source. The custom strategy receives this binary as standard input. This filename may not contain slashes or be '..' or '.'.", - "type": "string" - } - } - }, - "com.github.openshift.api.build.v1.BitbucketWebHookCause": { - "description": "BitbucketWebHookCause has information about a Bitbucket webhook that triggered a build.", - "type": "object", - "properties": { - "revision": { - "description": "revision is the git source revision information of the trigger.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" - }, - "secret": { - "description": "secret is the obfuscated webhook secret that triggered a build.", - "type": "string" - } - } - }, - "com.github.openshift.api.build.v1.Build": { - "description": "Build encapsulates the inputs needed to produce a new deployable image, as well as the status of the execution and a reference to the Pod which executed the build.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "spec is all the inputs used to execute the build.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildSpec" - }, - "status": { - "description": "status is the current status of the build.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildStatus" + "conditions": { + "description": "conditions provide details on the status of this API Resource.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.build.v1.BuildCondition": { - "description": "BuildCondition describes the state of a build at a certain point.", + "com.github.openshift.api.config.v1alpha1.ImageSigstoreVerificationPolicy": { + "description": "ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list.", "type": "object", "required": [ - "type", - "status" + "rootOfTrust" ], "properties": { - "lastTransitionTime": { - "description": "The last time the condition transitioned from one status to another.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "lastUpdateTime": { - "description": "The last time this condition was updated.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "message": { - "description": "A human readable message indicating details about the transition.", - "type": "string" - }, - "reason": { - "description": "The reason for the condition's last transition.", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "type": "string", - "default": "" + "rootOfTrust": { + "description": "rootOfTrust specifies the root of trust for the policy.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PolicyRootOfTrust" }, - "type": { - "description": "type of build condition.", - "type": "string", - "default": "" + "signedIdentity": { + "description": "signedIdentity specifies what image identity the signature claims about the image. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PolicyIdentity" } } }, - "com.github.openshift.api.build.v1.BuildConfig": { - "description": "Build configurations define a build process for new container images. There are three types of builds possible - a container image build using a Dockerfile, a Source-to-Image build that uses a specially prepared base image that accepts source code that it can make runnable, and a custom build that can run // arbitrary container images as a base and accept the build parameters. Builds run on the cluster and on completion are pushed to the container image registry specified in the \"output\" section. A build can be triggered via a webhook, when the base image changes, or when a user manually requests a new build be // created.\n\nEach build created by a build configuration is numbered and refers back to its parent configuration. Multiple builds can be triggered at once. Builds that do not have \"output\" set can be used to test code or run a verification build.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1alpha1.InsightsDataGather": { + "description": "InsightsDataGather provides data gather configuration options for the the Insights Operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ "spec" @@ -14156,24 +12918,25 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec holds all the input necessary to produce a new build, and the conditions when to trigger them.", + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildConfigSpec" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.InsightsDataGatherSpec" }, "status": { - "description": "status holds any relevant information about a build config", + "description": "status holds observed values from the cluster. They may not be overridden.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildConfigStatus" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.InsightsDataGatherStatus" } } }, - "com.github.openshift.api.build.v1.BuildConfigList": { - "description": "BuildConfigList is a collection of BuildConfigs.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1alpha1.InsightsDataGatherList": { + "description": "InsightsDataGatherList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -14182,11 +12945,10 @@ "type": "string" }, "items": { - "description": "items is a list of build configs", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildConfig" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.InsightsDataGather" } }, "kind": { @@ -14196,1537 +12958,1276 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.build.v1.BuildConfigSpec": { - "description": "BuildConfigSpec describes when and how builds are created", + "com.github.openshift.api.config.v1alpha1.InsightsDataGatherSpec": { "type": "object", - "required": [ - "strategy" - ], "properties": { - "completionDeadlineSeconds": { - "description": "completionDeadlineSeconds is an optional duration in seconds, counted from the time when a build pod gets scheduled in the system, that the build may be active on a node before the system actively tries to terminate the build; value must be positive integer", - "type": "integer", - "format": "int64" - }, - "failedBuildsHistoryLimit": { - "description": "failedBuildsHistoryLimit is the number of old failed builds to retain. When a BuildConfig is created, the 5 most recent failed builds are retained unless this value is set. If removed after the BuildConfig has been created, all failed builds are retained.", - "type": "integer", - "format": "int32" - }, - "mountTrustedCA": { - "description": "mountTrustedCA bind mounts the cluster's trusted certificate authorities, as defined in the cluster's proxy configuration, into the build. This lets processes within a build trust components signed by custom PKI certificate authorities, such as private artifact repositories and HTTPS proxies.\n\nWhen this field is set to true, the contents of `/etc/pki/ca-trust` within the build are managed by the build container, and any changes to this directory or its subdirectories (for example - within a Dockerfile `RUN` instruction) are not persisted in the build's output image.", - "type": "boolean" + "gatherConfig": { + "description": "gatherConfig spec attribute includes all the configuration options related to gathering of the Insights data and its uploading to the ingress.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.GatherConfig" + } + } + }, + "com.github.openshift.api.config.v1alpha1.InsightsDataGatherStatus": { + "type": "object" + }, + "com.github.openshift.api.config.v1alpha1.MetricsServerConfig": { + "description": "MetricsServerConfig provides configuration options for the Metrics Server instance that runs in the `openshift-monitoring` namespace. Use this configuration to control how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled.", + "type": "object", + "properties": { + "audit": { + "description": "audit defines the audit configuration used by the Metrics Server instance. audit is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default sets audit.profile to Metadata", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Audit" }, "nodeSelector": { - "description": "nodeSelector is a selector which must be true for the build pod to fit on a node If nil, it can be overridden by default build nodeselector values for the cluster. If set to an empty map or a map with any values, default build nodeselector values are ignored.", + "description": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", "type": "object", "additionalProperties": { "type": "string", "default": "" } }, - "output": { - "description": "output describes the container image the Strategy should produce.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildOutput" - }, - "postCommit": { - "description": "postCommit is a build hook executed after the build output image is committed, before it is pushed to a registry.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildPostCommitSpec" - }, "resources": { - "description": "resources computes resource requirements to execute the build.", - "default": {}, - "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" - }, - "revision": { - "description": "revision is the information from the source for a specific repo snapshot. This is optional.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" - }, - "runPolicy": { - "description": "runPolicy describes how the new build created from this build configuration will be scheduled for execution. This is optional, if not specified we default to \"Serial\".", - "type": "string" - }, - "serviceAccount": { - "description": "serviceAccount is the name of the ServiceAccount to use to run the pod created by this build. The pod will be allowed to use secrets referenced by the ServiceAccount", - "type": "string" - }, - "source": { - "description": "source describes the SCM in use.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildSource" - }, - "strategy": { - "description": "strategy defines how to perform a build.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildStrategy" + "description": "resources defines the compute resource requests and limits for the Metrics Server container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "successfulBuildsHistoryLimit": { - "description": "successfulBuildsHistoryLimit is the number of old successful builds to retain. When a BuildConfig is created, the 5 most recent successful builds are retained unless this value is set. If removed after the BuildConfig has been created, all successful builds are retained.", - "type": "integer", - "format": "int32" + "tolerations": { + "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" + }, + "x-kubernetes-list-type": "atomic" }, - "triggers": { - "description": "triggers determine how new Builds can be launched from a BuildConfig. If no triggers are defined, a new build can only occur as a result of an explicit client build creation.", + "topologySpreadConstraints": { + "description": "topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildTriggerPolicy" - } + "$ref": "#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint" + }, + "x-kubernetes-list-map-keys": [ + "topologyKey", + "whenUnsatisfiable" + ], + "x-kubernetes-list-type": "map" + }, + "verbosity": { + "description": "verbosity defines the verbosity of log messages for Metrics Server. Valid values are Errors, Info, Trace, TraceAll and omitted. When set to Errors, only critical messages and errors are logged. When set to Info, only basic information messages are logged. When set to Trace, information useful for general debugging is logged. When set to TraceAll, detailed information about metric scraping is logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Errors`", + "type": "string" } } }, - "com.github.openshift.api.build.v1.BuildConfigStatus": { - "description": "BuildConfigStatus contains current state of the build config object.", + "com.github.openshift.api.config.v1alpha1.PKICertificateSubject": { + "description": "PKICertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", "type": "object", "properties": { - "imageChangeTriggers": { - "description": "imageChangeTriggers captures the runtime state of any ImageChangeTrigger specified in the BuildConfigSpec, including the value reconciled by the OpenShift APIServer for the lastTriggeredImageID. There is a single entry in this array for each image change trigger in spec. Each trigger status references the ImageStreamTag that acts as the source of the trigger.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageChangeTriggerStatus" - } + "email": { + "description": "email specifies the expected email address imposed on the subject to which the certificate was issued, and must match the email address listed in the Subject Alternative Name (SAN) field of the certificate. The email should be a valid email address and at most 320 characters in length.", + "type": "string" }, - "lastVersion": { - "description": "lastVersion is used to inform about number of last triggered build.", - "type": "integer", - "format": "int64", - "default": 0 + "hostname": { + "description": "hostname specifies the expected hostname imposed on the subject to which the certificate was issued, and it must match the hostname listed in the Subject Alternative Name (SAN) DNS field of the certificate. The hostname should be a valid dns 1123 subdomain name, optionally prefixed by '*.', and at most 253 characters in length. It should consist only of lowercase alphanumeric characters, hyphens, periods and the optional preceding asterisk.", + "type": "string" } } }, - "com.github.openshift.api.build.v1.BuildList": { - "description": "BuildList is a collection of Builds.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1alpha1.PersistentVolumeClaimReference": { + "description": "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", "type": "object", "required": [ - "items" + "name" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is a list of builds", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.Build" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "name": { + "description": "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.build.v1.BuildLog": { - "description": "BuildLog is the (unused) resource associated with the build log redirector\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1alpha1.PersistentVolumeConfig": { + "description": "persistentVolumeConfig provides configuration options for PersistentVolume storage.", "type": "object", + "required": [ + "claim" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "claim": { + "description": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PersistentVolumeClaimReference" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "mountPath": { + "description": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", "type": "string" } } }, - "com.github.openshift.api.build.v1.BuildLogOptions": { - "description": "BuildLogOptions is the REST options for a build log\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1alpha1.PolicyFulcioSubject": { + "description": "PolicyFulcioSubject defines the OIDC issuer and the email of the Fulcio authentication configuration.", "type": "object", + "required": [ + "oidcIssuer", + "signedEmail" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "container": { - "description": "cointainer for which to stream logs. Defaults to only container if there is one container in the pod.", - "type": "string" - }, - "follow": { - "description": "follow if true indicates that the build log should be streamed until the build terminates.", - "type": "boolean" - }, - "insecureSkipTLSVerifyBackend": { - "description": "insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the serving certificate of the backend it is connecting to. This will make the HTTPS connection between the apiserver and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real kubelet. If the kubelet is configured to verify the apiserver's TLS credentials, it does not mean the connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept the actual log data coming from the real kubelet).", - "type": "boolean" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "limitBytes": { - "description": "limitBytes, If set, is the number of bytes to read from the server before terminating the log output. This may not display a complete final line of logging, and may return slightly more or slightly less than the specified limit.", - "type": "integer", - "format": "int64" - }, - "nowait": { - "description": "nowait if true causes the call to return immediately even if the build is not available yet. Otherwise the server will wait until the build has started.", - "type": "boolean" - }, - "previous": { - "description": "previous returns previous build logs. Defaults to false.", - "type": "boolean" - }, - "sinceSeconds": { - "description": "sinceSeconds is a relative time in seconds before the current time from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", - "type": "integer", - "format": "int64" - }, - "sinceTime": { - "description": "sinceTime is an RFC3339 timestamp from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "oidcIssuer": { + "description": "oidcIssuer contains the expected OIDC issuer. It will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL. When Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token. Example: \"https://expected.OIDC.issuer/\"", + "type": "string", + "default": "" }, - "tailLines": { - "description": "tailLines, If set, is the number of lines from the end of the logs to show. If not specified, logs are shown from the creation of the container or sinceSeconds or sinceTime", - "type": "integer", - "format": "int64" + "signedEmail": { + "description": "signedEmail holds the email address the the Fulcio certificate is issued for. Example: \"expected-signing-user@example.com\"", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1alpha1.PolicyIdentity": { + "description": "PolicyIdentity defines image identity the signature claims about the image. When omitted, the default matchPolicy is \"MatchRepoDigestOrExact\".", + "type": "object", + "required": [ + "matchPolicy" + ], + "properties": { + "exactRepository": { + "description": "exactRepository is required if matchPolicy is set to \"ExactRepository\".", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PolicyMatchExactRepository" }, - "timestamps": { - "description": "timestamps, If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line of log output. Defaults to false.", - "type": "boolean" + "matchPolicy": { + "description": "matchPolicy sets the type of matching to be used. Valid values are \"MatchRepoDigestOrExact\", \"MatchRepository\", \"ExactRepository\", \"RemapIdentity\". When omitted, the default value is \"MatchRepoDigestOrExact\". If set matchPolicy to ExactRepository, then the exactRepository must be specified. If set matchPolicy to RemapIdentity, then the remapIdentity must be specified. \"MatchRepoDigestOrExact\" means that the identity in the signature must be in the same repository as the image identity if the image identity is referenced by a digest. Otherwise, the identity in the signature must be the same as the image identity. \"MatchRepository\" means that the identity in the signature must be in the same repository as the image identity. \"ExactRepository\" means that the identity in the signature must be in the same repository as a specific identity specified by \"repository\". \"RemapIdentity\" means that the signature must be in the same as the remapped image identity. Remapped image identity is obtained by replacing the \"prefix\" with the specified “signedPrefix” if the the image identity matches the specified remapPrefix.", + "type": "string", + "default": "" }, - "version": { - "description": "version of the build for which to view logs.", - "type": "integer", - "format": "int64" + "remapIdentity": { + "description": "remapIdentity is required if matchPolicy is set to \"RemapIdentity\".", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PolicyMatchRemapIdentity" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "matchPolicy", + "fields-to-discriminateBy": { + "exactRepository": "PolicyMatchExactRepository", + "remapIdentity": "PolicyMatchRemapIdentity" + } + } + ] + }, + "com.github.openshift.api.config.v1alpha1.PolicyMatchExactRepository": { + "type": "object", + "required": [ + "repository" + ], + "properties": { + "repository": { + "description": "repository is the reference of the image identity to be matched. The value should be a repository name (by omitting the tag or digest) in a registry implementing the \"Docker Registry HTTP API V2\". For example, docker.io/library/busybox", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.build.v1.BuildOutput": { - "description": "BuildOutput is input to a build strategy and describes the container image that the strategy should produce.", + "com.github.openshift.api.config.v1alpha1.PolicyMatchRemapIdentity": { "type": "object", + "required": [ + "prefix", + "signedPrefix" + ], "properties": { - "imageLabels": { - "description": "imageLabels define a list of labels that are applied to the resulting image. If there are multiple labels with the same name then the last one in the list is used.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageLabel" - } - }, - "pushSecret": { - "description": "pushSecret is the name of a Secret that would be used for setting up the authentication for executing the Docker push to authentication enabled Docker Registry (or Docker Hub).", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + "prefix": { + "description": "prefix is the prefix of the image identity to be matched. If the image identity matches the specified prefix, that prefix is replaced by the specified “signedPrefix” (otherwise it is used as unchanged and no remapping takes place). This useful when verifying signatures for a mirror of some other repository namespace that preserves the vendor’s repository structure. The prefix and signedPrefix values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", + "type": "string", + "default": "" }, - "to": { - "description": "to defines an optional location to push the output of this build to. Kind must be one of 'ImageStreamTag' or 'DockerImage'. This value will be used to look up a container image repository to push to. In the case of an ImageStreamTag, the ImageStreamTag will be looked for in the namespace of the build unless Namespace is specified.", - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + "signedPrefix": { + "description": "signedPrefix is the prefix of the image identity to be matched in the signature. The format is the same as \"prefix\". The values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.build.v1.BuildPostCommitSpec": { - "description": "A BuildPostCommitSpec holds a build post commit hook specification. The hook executes a command in a temporary container running the build output image, immediately after the last layer of the image is committed and before the image is pushed to a registry. The command is executed with the current working directory ($PWD) set to the image's WORKDIR.\n\nThe build will be marked as failed if the hook execution fails. It will fail if the script or command return a non-zero exit code, or if there is any other error related to starting the temporary container.\n\nThere are five different ways to configure the hook. As an example, all forms below are equivalent and will execute `rake test --verbose`.\n\n1. Shell script:\n\n\t \"postCommit\": {\n\t \"script\": \"rake test --verbose\",\n\t }\n\n\tThe above is a convenient form which is equivalent to:\n\n\t \"postCommit\": {\n\t \"command\": [\"/bin/sh\", \"-ic\"],\n\t \"args\": [\"rake test --verbose\"]\n\t }\n\n2. A command as the image entrypoint:\n\n\t \"postCommit\": {\n\t \"commit\": [\"rake\", \"test\", \"--verbose\"]\n\t }\n\n\tCommand overrides the image entrypoint in the exec form, as documented in\n\tDocker: https://docs.docker.com/engine/reference/builder/#entrypoint.\n\n3. Pass arguments to the default entrypoint:\n\n\t \"postCommit\": {\n\t\t\t \"args\": [\"rake\", \"test\", \"--verbose\"]\n\t\t }\n\n\t This form is only useful if the image entrypoint can handle arguments.\n\n4. Shell script with arguments:\n\n\t \"postCommit\": {\n\t \"script\": \"rake test $1\",\n\t \"args\": [\"--verbose\"]\n\t }\n\n\tThis form is useful if you need to pass arguments that would otherwise be\n\thard to quote properly in the shell script. In the script, $0 will be\n\t\"/bin/sh\" and $1, $2, etc, are the positional arguments from Args.\n\n5. Command with arguments:\n\n\t \"postCommit\": {\n\t \"command\": [\"rake\", \"test\"],\n\t \"args\": [\"--verbose\"]\n\t }\n\n\tThis form is equivalent to appending the arguments to the Command slice.\n\nIt is invalid to provide both Script and Command simultaneously. If none of the fields are specified, the hook is not executed.", + "com.github.openshift.api.config.v1alpha1.PolicyRootOfTrust": { + "description": "PolicyRootOfTrust defines the root of trust based on the selected policyType.", "type": "object", + "required": [ + "policyType" + ], "properties": { - "args": { - "description": "args is a list of arguments that are provided to either Command, Script or the container image's default entrypoint. The arguments are placed immediately after the command to be run.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "fulcioCAWithRekor": { + "description": "fulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key. For more information about Fulcio and Rekor, please refer to the document at: https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ImagePolicyFulcioCAWithRekorRootOfTrust" }, - "command": { - "description": "command is the command to run. It may not be specified with Script. This might be needed if the image doesn't have `/bin/sh`, or if you do not want to use a shell. In all other cases, using Script might be more convenient.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "pki": { + "description": "pki defines the root of trust based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ImagePolicyPKIRootOfTrust" }, - "script": { - "description": "script is a shell script to be run with `/bin/sh -ic`. It may not be specified with Command. Use Script when a shell script is appropriate to execute the post build hook, for example for running unit tests with `rake test`. If you need control over the image entrypoint, or if the image does not have `/bin/sh`, use Command and/or Args. The `-i` flag is needed to support CentOS and RHEL images that use Software Collections (SCL), in order to have the appropriate collections enabled in the shell. E.g., in the Ruby image, this is necessary to make `ruby`, `bundle` and other binaries available in the PATH.", - "type": "string" + "policyType": { + "description": "policyType serves as the union's discriminator. Users are required to assign a value to this field, choosing one of the policy types that define the root of trust. \"PublicKey\" indicates that the policy relies on a sigstore publicKey and may optionally use a Rekor verification. \"FulcioCAWithRekor\" indicates that the policy is based on the Fulcio certification and incorporates a Rekor verification. \"PKI\" indicates that the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate.", + "type": "string", + "default": "" + }, + "publicKey": { + "description": "publicKey defines the root of trust based on a sigstore public key.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ImagePolicyPublicKeyRootOfTrust" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "policyType", + "fields-to-discriminateBy": { + "fulcioCAWithRekor": "FulcioCAWithRekor", + "pki": "PKI", + "publicKey": "PublicKey" + } + } + ] }, - "com.github.openshift.api.build.v1.BuildRequest": { - "description": "BuildRequest is the resource used to pass parameters to build generator\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig": { + "description": "PrometheusOperatorConfig provides configuration options for the Prometheus Operator instance Use this configuration to control how the Prometheus Operator instance is deployed, how it logs, and how its pods are scheduled.", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "logLevel": { + "description": "logLevel defines the verbosity of logs emitted by Prometheus Operator. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", "type": "string" }, - "binary": { - "description": "binary indicates a request to build from a binary provided to the builder", - "$ref": "#/definitions/com.github.openshift.api.build.v1.BinaryBuildSource" - }, - "dockerStrategyOptions": { - "description": "dockerStrategyOptions contains additional docker-strategy specific options for the build", - "$ref": "#/definitions/com.github.openshift.api.build.v1.DockerStrategyOptions" + "nodeSelector": { + "description": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } }, - "env": { - "description": "env contains additional environment variables you want to pass into a builder container.", + "resources": { + "description": "resources defines the compute resource requests and limits for the Prometheus Operator container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" - } - }, - "from": { - "description": "from is the reference to the ImageStreamTag that triggered the build.", - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "lastVersion": { - "description": "lastVersion (optional) is the LastVersion of the BuildConfig that was used to generate the build. If the BuildConfig in the generator doesn't match, a build will not be generated.", - "type": "integer", - "format": "int64" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "revision": { - "description": "revision is the information from the source for a specific repo snapshot.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" - }, - "sourceStrategyOptions": { - "description": "sourceStrategyOptions contains additional source-strategy specific options for the build", - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceStrategyOptions" - }, - "triggeredBy": { - "description": "triggeredBy describes which triggers started the most recent update to the build configuration and contains information about those triggers.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildTriggerCause" - } - }, - "triggeredByImage": { - "description": "triggeredByImage is the Image that triggered this build.", - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" - } - } - }, - "com.github.openshift.api.build.v1.BuildSource": { - "description": "BuildSource is the SCM used for the build.", - "type": "object", - "properties": { - "binary": { - "description": "binary builds accept a binary as their input. The binary is generally assumed to be a tar, gzipped tar, or zip file depending on the strategy. For container image builds, this is the build context and an optional Dockerfile may be specified to override any Dockerfile in the build context. For Source builds, this is assumed to be an archive as described above. For Source and container image builds, if binary.asFile is set the build will receive a directory with a single file. contextDir may be used when an archive is provided. Custom builds will receive this binary as input on STDIN.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.BinaryBuildSource" - }, - "configMaps": { - "description": "configMaps represents a list of configMaps and their destinations that will be used for the build.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.ConfigMapBuildSource" - } - }, - "contextDir": { - "description": "contextDir specifies the sub-directory where the source code for the application exists. This allows to have buildable sources in directory other than root of repository.", - "type": "string" - }, - "dockerfile": { - "description": "dockerfile is the raw contents of a Dockerfile which should be built. When this option is specified, the FROM may be modified based on your strategy base image and additional ENV stanzas from your strategy environment will be added after the FROM, but before the rest of your Dockerfile stanzas. The Dockerfile source type may be used with other options like git - in those cases the Git repo will have any innate Dockerfile replaced in the context dir.", - "type": "string" - }, - "git": { - "description": "git contains optional information about git build source", - "$ref": "#/definitions/com.github.openshift.api.build.v1.GitBuildSource" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "images": { - "description": "images describes a set of images to be used to provide source for the build", + "tolerations": { + "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageSource" - } + "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" + }, + "x-kubernetes-list-type": "atomic" }, - "secrets": { - "description": "secrets represents a list of secrets and their destinations that will be used only for the build.", + "topologySpreadConstraints": { + "description": "topologySpreadConstraints defines rules for how Prometheus Operator Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.SecretBuildSource" - } - }, - "sourceSecret": { - "description": "sourceSecret is the name of a Secret that would be used for setting up the authentication for cloning private repository. The secret contains valid credentials for remote repository, where the data's key represent the authentication method to be used and value is the base64 encoded credentials. Supported auth methods are: ssh-privatekey.", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" - }, - "type": { - "description": "type of build input to accept", - "type": "string" + "$ref": "#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint" + }, + "x-kubernetes-list-map-keys": [ + "topologyKey", + "whenUnsatisfiable" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.build.v1.BuildSpec": { - "description": "BuildSpec has the information to represent a build and also additional information about a build", + "com.github.openshift.api.config.v1alpha1.RetentionNumberConfig": { + "description": "RetentionNumberConfig specifies the configuration of the retention policy on the number of backups", "type": "object", "required": [ - "strategy" + "maxNumberOfBackups" ], "properties": { - "completionDeadlineSeconds": { - "description": "completionDeadlineSeconds is an optional duration in seconds, counted from the time when a build pod gets scheduled in the system, that the build may be active on a node before the system actively tries to terminate the build; value must be positive integer", + "maxNumberOfBackups": { + "description": "maxNumberOfBackups defines the maximum number of backups to retain. If the existing number of backups saved is equal to MaxNumberOfBackups then the oldest backup will be removed before a new backup is initiated.", "type": "integer", - "format": "int64" - }, - "mountTrustedCA": { - "description": "mountTrustedCA bind mounts the cluster's trusted certificate authorities, as defined in the cluster's proxy configuration, into the build. This lets processes within a build trust components signed by custom PKI certificate authorities, such as private artifact repositories and HTTPS proxies.\n\nWhen this field is set to true, the contents of `/etc/pki/ca-trust` within the build are managed by the build container, and any changes to this directory or its subdirectories (for example - within a Dockerfile `RUN` instruction) are not persisted in the build's output image.", - "type": "boolean" - }, - "nodeSelector": { - "description": "nodeSelector is a selector which must be true for the build pod to fit on a node If nil, it can be overridden by default build nodeselector values for the cluster. If set to an empty map or a map with any values, default build nodeselector values are ignored.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "output": { - "description": "output describes the container image the Strategy should produce.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildOutput" - }, - "postCommit": { - "description": "postCommit is a build hook executed after the build output image is committed, before it is pushed to a registry.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildPostCommitSpec" - }, - "resources": { - "description": "resources computes resource requirements to execute the build.", - "default": {}, - "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" - }, - "revision": { - "description": "revision is the information from the source for a specific repo snapshot. This is optional.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" - }, - "serviceAccount": { - "description": "serviceAccount is the name of the ServiceAccount to use to run the pod created by this build. The pod will be allowed to use secrets referenced by the ServiceAccount", - "type": "string" - }, - "source": { - "description": "source describes the SCM in use.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildSource" - }, - "strategy": { - "description": "strategy defines how to perform a build.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildStrategy" - }, - "triggeredBy": { - "description": "triggeredBy describes which triggers started the most recent update to the build configuration and contains information about those triggers.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildTriggerCause" - } + "format": "int32", + "default": 0 } } }, - "com.github.openshift.api.build.v1.BuildStatus": { - "description": "BuildStatus contains the status of a build", + "com.github.openshift.api.config.v1alpha1.RetentionPolicy": { + "description": "RetentionPolicy defines the retention policy for retaining and deleting existing backups. This struct is a discriminated union that allows users to select the type of retention policy from the supported types.", "type": "object", + "required": [ + "retentionType" + ], "properties": { - "cancelled": { - "description": "cancelled describes if a cancel event was triggered for the build.", - "type": "boolean" - }, - "completionTimestamp": { - "description": "completionTimestamp is a timestamp representing the server time when this Build was finished, whether that build failed or succeeded. It reflects the time at which the Pod running the Build terminated. It is represented in RFC3339 form and is in UTC.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "conditions": { - "description": "conditions represents the latest available observations of a build's current state.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildCondition" - }, - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" - }, - "config": { - "description": "config is an ObjectReference to the BuildConfig this Build is based on.", - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" - }, - "duration": { - "description": "duration contains time.Duration object describing build time.", - "type": "integer", - "format": "int64" - }, - "logSnippet": { - "description": "logSnippet is the last few lines of the build log. This value is only set for builds that failed.", - "type": "string" - }, - "message": { - "description": "message is a human-readable message indicating details about why the build has this status.", - "type": "string" - }, - "output": { - "description": "output describes the container image the build has produced.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildStatusOutput" + "retentionNumber": { + "description": "retentionNumber configures the retention policy based on the number of backups", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RetentionNumberConfig" }, - "outputDockerImageReference": { - "description": "outputDockerImageReference contains a reference to the container image that will be built by this build. Its value is computed from Build.Spec.Output.To, and should include the registry address, so that it can be used to push and pull the image.", - "type": "string" + "retentionSize": { + "description": "retentionSize configures the retention policy based on the size of backups", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RetentionSizeConfig" }, - "phase": { - "description": "phase is the point in the build lifecycle. Possible values are \"New\", \"Pending\", \"Running\", \"Complete\", \"Failed\", \"Error\", and \"Cancelled\".", + "retentionType": { + "description": "retentionType sets the type of retention policy. Currently, the only valid policies are retention by number of backups (RetentionNumber), by the size of backups (RetentionSize). More policies or types may be added in the future. Empty string means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. The current default is RetentionNumber with 15 backups kept.\n\nPossible enum values:\n - `\"RetentionNumber\"` sets the retention policy based on the number of backup files saved\n - `\"RetentionSize\"` sets the retention policy based on the total size of the backup files saved", "type": "string", - "default": "" - }, - "reason": { - "description": "reason is a brief CamelCase string that describes any failure and is meant for machine parsing and tidy display in the CLI.", - "type": "string" - }, - "stages": { - "description": "stages contains details about each stage that occurs during the build including start time, duration (in milliseconds), and the steps that occured within each stage.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.StageInfo" - } - }, - "startTimestamp": { - "description": "startTimestamp is a timestamp representing the server time when this Build started running in a Pod. It is represented in RFC3339 form and is in UTC.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "default": "", + "enum": [ + "RetentionNumber", + "RetentionSize" + ] } - } - }, - "com.github.openshift.api.build.v1.BuildStatusOutput": { - "description": "BuildStatusOutput contains the status of the built image.", - "type": "object", - "properties": { - "to": { - "description": "to describes the status of the built image being pushed to a registry.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildStatusOutputTo" + }, + "x-kubernetes-unions": [ + { + "discriminator": "retentionType", + "fields-to-discriminateBy": { + "retentionNumber": "RetentionNumber", + "retentionSize": "RetentionSize" + } } - } + ] }, - "com.github.openshift.api.build.v1.BuildStatusOutputTo": { - "description": "BuildStatusOutputTo describes the status of the built image with regards to image registry to which it was supposed to be pushed.", + "com.github.openshift.api.config.v1alpha1.RetentionSizeConfig": { + "description": "RetentionSizeConfig specifies the configuration of the retention policy on the total size of backups", "type": "object", + "required": [ + "maxSizeOfBackupsGb" + ], "properties": { - "imageDigest": { - "description": "imageDigest is the digest of the built container image. The digest uniquely identifies the image in the registry to which it was pushed.\n\nPlease note that this field may not always be set even if the push completes successfully - e.g. when the registry returns no digest or returns it in a format that the builder doesn't understand.", - "type": "string" + "maxSizeOfBackupsGb": { + "description": "maxSizeOfBackupsGb defines the total size in GB of backups to retain. If the current total size backups exceeds MaxSizeOfBackupsGb then the oldest backup will be removed before a new backup is initiated.", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "com.github.openshift.api.build.v1.BuildStrategy": { - "description": "BuildStrategy contains the details of how to perform a build.", + "com.github.openshift.api.config.v1alpha1.Storage": { + "description": "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", "type": "object", + "required": [ + "type" + ], "properties": { - "customStrategy": { - "description": "customStrategy holds the parameters to the Custom build strategy", - "$ref": "#/definitions/com.github.openshift.api.build.v1.CustomBuildStrategy" - }, - "dockerStrategy": { - "description": "dockerStrategy holds the parameters to the container image build strategy.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.DockerBuildStrategy" - }, - "jenkinsPipelineStrategy": { - "description": "jenkinsPipelineStrategy holds the parameters to the Jenkins Pipeline build strategy. Deprecated: use OpenShift Pipelines", - "$ref": "#/definitions/com.github.openshift.api.build.v1.JenkinsPipelineBuildStrategy" - }, - "sourceStrategy": { - "description": "sourceStrategy holds the parameters to the Source build strategy.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceBuildStrategy" + "persistentVolume": { + "description": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PersistentVolumeConfig" }, "type": { - "description": "type is the kind of build strategy.", - "type": "string" + "description": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.build.v1.BuildTriggerCause": { - "description": "BuildTriggerCause holds information about a triggered build. It is used for displaying build trigger data for each build and build configuration in oc describe. It is also used to describe which triggers led to the most recent update in the build configuration.", + "com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring": { + "description": "UserDefinedMonitoring config for user-defined projects.", "type": "object", + "required": [ + "mode" + ], "properties": { - "bitbucketWebHook": { - "description": "bitbucketWebHook represents data for a Bitbucket webhook that fired a specific build.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.BitbucketWebHookCause" - }, - "genericWebHook": { - "description": "genericWebHook holds data about a builds generic webhook trigger.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.GenericWebHookCause" - }, - "githubWebHook": { - "description": "githubWebHook represents data for a GitHub webhook that fired a specific build.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.GitHubWebHookCause" - }, - "gitlabWebHook": { - "description": "gitlabWebHook represents data for a GitLab webhook that fired a specific build.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.GitLabWebHookCause" - }, - "imageChangeBuild": { - "description": "imageChangeBuild stores information about an imagechange event that triggered a new build.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageChangeCause" - }, - "message": { - "description": "message is used to store a human readable message for why the build was triggered. E.g.: \"Manually triggered by user\", \"Configuration change\",etc.", - "type": "string" + "mode": { + "description": "mode defines the different configurations of UserDefinedMonitoring Valid values are Disabled and NamespaceIsolated Disabled disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces. NamespaceIsolated enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level. The current default value is `Disabled`.\n\nPossible enum values:\n - `\"Disabled\"` disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces.\n - `\"NamespaceIsolated\"` enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level.", + "type": "string", + "default": "", + "enum": [ + "Disabled", + "NamespaceIsolated" + ] } } }, - "com.github.openshift.api.build.v1.BuildTriggerPolicy": { - "description": "BuildTriggerPolicy describes a policy for a single trigger that results in a new Build.", + "com.github.openshift.api.config.v1alpha2.Custom": { + "description": "custom provides the custom configuration of gatherers", "type": "object", "required": [ - "type" + "configs" ], "properties": { - "bitbucket": { - "description": "BitbucketWebHook contains the parameters for a Bitbucket webhook type of trigger", - "$ref": "#/definitions/com.github.openshift.api.build.v1.WebHookTrigger" - }, - "generic": { - "description": "generic contains the parameters for a Generic webhook type of trigger", - "$ref": "#/definitions/com.github.openshift.api.build.v1.WebHookTrigger" - }, - "github": { - "description": "github contains the parameters for a GitHub webhook type of trigger", - "$ref": "#/definitions/com.github.openshift.api.build.v1.WebHookTrigger" - }, - "gitlab": { - "description": "GitLabWebHook contains the parameters for a GitLab webhook type of trigger", - "$ref": "#/definitions/com.github.openshift.api.build.v1.WebHookTrigger" - }, - "imageChange": { - "description": "imageChange contains parameters for an ImageChange type of trigger", - "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageChangeTrigger" - }, - "type": { - "description": "type is the type of build trigger. Valid values:\n\n- GitHub GitHubWebHookBuildTriggerType represents a trigger that launches builds on GitHub webhook invocations\n\n- Generic GenericWebHookBuildTriggerType represents a trigger that launches builds on generic webhook invocations\n\n- GitLab GitLabWebHookBuildTriggerType represents a trigger that launches builds on GitLab webhook invocations\n\n- Bitbucket BitbucketWebHookBuildTriggerType represents a trigger that launches builds on Bitbucket webhook invocations\n\n- ImageChange ImageChangeBuildTriggerType represents a trigger that launches builds on availability of a new version of an image\n\n- ConfigChange ConfigChangeBuildTriggerType will trigger a build on an initial build config creation WARNING: In the future the behavior will change to trigger a build on any config change", - "type": "string", - "default": "" + "configs": { + "description": "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.GathererConfig" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.build.v1.BuildVolume": { - "description": "BuildVolume describes a volume that is made available to build pods, such that it can be mounted into buildah's runtime environment. Only a subset of Kubernetes Volume sources are supported.", + "com.github.openshift.api.config.v1alpha2.GatherConfig": { + "description": "gatherConfig provides data gathering configuration options.", "type": "object", "required": [ - "name", - "source", - "mounts" + "gatherers" ], "properties": { - "mounts": { - "description": "mounts represents the location of the volume in the image build container", + "dataPolicy": { + "description": "dataPolicy is an optional list of DataPolicyOptions that allows user to enable additional obfuscation of the Insights archive data. It may not exceed 2 items and must not contain duplicates. Valid values are ObfuscateNetworking and WorkloadNames. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When set to WorkloadNames, the gathered data about cluster resources will not contain the workload names for your deployments. Resources UIDs will be used instead. When omitted no obfuscation is applied.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildVolumeMount" + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "destinationPath" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "destinationPath", - "x-kubernetes-patch-strategy": "merge" - }, - "name": { - "description": "name is a unique identifier for this BuildVolume. It must conform to the Kubernetes DNS label standard and be unique within the pod. Names that collide with those added by the build controller will result in a failed build with an error message detailing which name caused the error. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string", - "default": "" + "x-kubernetes-list-type": "atomic" }, - "source": { - "description": "source represents the location and type of the mounted volume.", + "gatherers": { + "description": "gatherers is a required field that specifies the configuration of the gatherers.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildVolumeSource" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.Gatherers" + }, + "storage": { + "description": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.Storage" } } }, - "com.github.openshift.api.build.v1.BuildVolumeMount": { - "description": "BuildVolumeMount describes the mounting of a Volume within buildah's runtime environment.", + "com.github.openshift.api.config.v1alpha2.GathererConfig": { + "description": "gathererConfig allows to configure specific gatherers", "type": "object", "required": [ - "destinationPath" + "name", + "state" ], "properties": { - "destinationPath": { - "description": "destinationPath is the path within the buildah runtime environment at which the volume should be mounted. The transient mount within the build image and the backing volume will both be mounted read only. Must be an absolute path, must not contain '..' or ':', and must not collide with a destination path generated by the builder process Paths that collide with those added by the build controller will result in a failed build with an error message detailing which path caused the error.", + "name": { + "description": "name is the required name of a specific gatherer It may not exceed 256 characters. The format for a gatherer name is: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + "type": "string", + "default": "" + }, + "state": { + "description": "state is a required field that allows you to configure specific gatherer. Valid values are \"Enabled\" and \"Disabled\". When set to Enabled the gatherer will run. When set to Disabled the gatherer will not run.", "type": "string", "default": "" } } }, - "com.github.openshift.api.build.v1.BuildVolumeSource": { - "description": "BuildVolumeSource represents the source of a volume to mount Only one of its supported types may be specified at any given time.", + "com.github.openshift.api.config.v1alpha2.Gatherers": { "type": "object", "required": [ - "type" + "mode" ], "properties": { - "configMap": { - "description": "configMap represents a ConfigMap that should populate this volume", - "$ref": "#/definitions/ConfigMapVolumeSource.v1.core.api.k8s.io" - }, - "csi": { - "description": "csi represents ephemeral storage provided by external CSI drivers which support this capability", - "$ref": "#/definitions/CSIVolumeSource.v1.core.api.k8s.io" - }, - "secret": { - "description": "secret represents a Secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "$ref": "#/definitions/SecretVolumeSource.v1.core.api.k8s.io" + "custom": { + "description": "custom provides gathering configuration. It is required when mode is Custom, and forbidden otherwise. Custom configuration allows user to disable only a subset of gatherers. Gatherers that are not explicitly disabled in custom configuration will run.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.Custom" }, - "type": { - "description": "type is the BuildVolumeSourceType for the volume source. Type must match the populated volume source. Valid types are: Secret, ConfigMap", + "mode": { + "description": "mode is a required field that specifies the mode for gatherers. Allowed values are All, None, and Custom. When set to All, all gatherers wil run and gather data. When set to None, all gatherers will be disabled and no data will be gathered. When set to Custom, the custom configuration from the custom field will be applied.", "type": "string", "default": "" } } }, - "com.github.openshift.api.build.v1.CommonSpec": { - "description": "CommonSpec encapsulates all the inputs necessary to represent a build.", + "com.github.openshift.api.config.v1alpha2.InsightsDataGather": { + "description": "InsightsDataGather provides data gather configuration options for the the Insights Operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "strategy" + "spec" ], "properties": { - "completionDeadlineSeconds": { - "description": "completionDeadlineSeconds is an optional duration in seconds, counted from the time when a build pod gets scheduled in the system, that the build may be active on a node before the system actively tries to terminate the build; value must be positive integer", - "type": "integer", - "format": "int64" - }, - "mountTrustedCA": { - "description": "mountTrustedCA bind mounts the cluster's trusted certificate authorities, as defined in the cluster's proxy configuration, into the build. This lets processes within a build trust components signed by custom PKI certificate authorities, such as private artifact repositories and HTTPS proxies.\n\nWhen this field is set to true, the contents of `/etc/pki/ca-trust` within the build are managed by the build container, and any changes to this directory or its subdirectories (for example - within a Dockerfile `RUN` instruction) are not persisted in the build's output image.", - "type": "boolean" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "nodeSelector": { - "description": "nodeSelector is a selector which must be true for the build pod to fit on a node If nil, it can be overridden by default build nodeselector values for the cluster. If set to an empty map or a map with any values, default build nodeselector values are ignored.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "output": { - "description": "output describes the container image the Strategy should produce.", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildOutput" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "postCommit": { - "description": "postCommit is a build hook executed after the build output image is committed, before it is pushed to a registry.", + "spec": { + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildPostCommitSpec" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.InsightsDataGatherSpec" }, - "resources": { - "description": "resources computes resource requirements to execute the build.", + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", "default": {}, - "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.InsightsDataGatherStatus" + } + } + }, + "com.github.openshift.api.config.v1alpha2.InsightsDataGatherList": { + "description": "InsightsDataGatherList is a collection of items Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "required": [ + "metadata", + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "revision": { - "description": "revision is the information from the source for a specific repo snapshot. This is optional.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" + "items": { + "description": "items is the required list of InsightsDataGather objects it may not exceed 100 items", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.InsightsDataGather" + } }, - "serviceAccount": { - "description": "serviceAccount is the name of the ServiceAccount to use to run the pod created by this build. The pod will be allowed to use secrets referenced by the ServiceAccount", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "source": { - "description": "source describes the SCM in use.", + "metadata": { + "description": "metadata is the required standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildSource" - }, - "strategy": { - "description": "strategy defines how to perform a build.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + } + }, + "com.github.openshift.api.config.v1alpha2.InsightsDataGatherSpec": { + "type": "object", + "properties": { + "gatherConfig": { + "description": "gatherConfig is an optional spec attribute that includes all the configuration options related to gathering of the Insights data and its uploading to the ingress.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildStrategy" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.GatherConfig" } } }, - "com.github.openshift.api.build.v1.CommonWebHookCause": { - "description": "CommonWebHookCause factors out the identical format of these webhook causes into struct so we can share it in the specific causes; it is too late for GitHub and Generic but we can leverage this pattern with GitLab and Bitbucket.", + "com.github.openshift.api.config.v1alpha2.InsightsDataGatherStatus": { + "type": "object" + }, + "com.github.openshift.api.config.v1alpha2.PersistentVolumeClaimReference": { + "description": "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", "type": "object", + "required": [ + "name" + ], "properties": { - "revision": { - "description": "revision is the git source revision information of the trigger.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" - }, - "secret": { - "description": "secret is the obfuscated webhook secret that triggered a build.", - "type": "string" + "name": { + "description": "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.build.v1.ConfigMapBuildSource": { - "description": "ConfigMapBuildSource describes a configmap and its destination directory that will be used only at the build time. The content of the configmap referenced here will be copied into the destination directory instead of mounting.", + "com.github.openshift.api.config.v1alpha2.PersistentVolumeConfig": { + "description": "persistentVolumeConfig provides configuration options for PersistentVolume storage.", "type": "object", "required": [ - "configMap" + "claim" ], "properties": { - "configMap": { - "description": "configMap is a reference to an existing configmap that you want to use in your build.", + "claim": { + "description": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", "default": {}, - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.PersistentVolumeClaimReference" }, - "destinationDir": { - "description": "destinationDir is the directory where the files from the configmap should be available for the build time. For the Source build strategy, these will be injected into a container where the assemble script runs. For the container image build strategy, these will be copied into the build directory, where the Dockerfile is located, so users can ADD or COPY them during container image build.", + "mountPath": { + "description": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", "type": "string" } } }, - "com.github.openshift.api.build.v1.CustomBuildStrategy": { - "description": "CustomBuildStrategy defines input parameters specific to Custom build.", + "com.github.openshift.api.config.v1alpha2.Storage": { + "description": "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", "type": "object", "required": [ - "from" + "type" ], "properties": { - "buildAPIVersion": { - "description": "buildAPIVersion is the requested API version for the Build object serialized and passed to the custom builder", + "persistentVolume": { + "description": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.PersistentVolumeConfig" + }, + "type": { + "description": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.console.v1.ApplicationMenuSpec": { + "description": "ApplicationMenuSpec is the specification of the desired section and icon used for the link in the application menu.", + "type": "object", + "required": [ + "section" + ], + "properties": { + "imageURL": { + "description": "imageURL is the URL for the icon used in front of the link in the application menu. The URL must be an HTTPS URL or a Data URI. The image should be square and will be shown at 24x24 pixels.", "type": "string" }, - "env": { - "description": "env contains additional environment variables you want to pass into a builder container.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" - } + "section": { + "description": "section is the section of the application menu in which the link should appear. This can be any text that will appear as a subheading in the application menu dropdown. A new section will be created if the text does not match text of an existing section.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.console.v1.CLIDownloadLink": { + "type": "object", + "required": [ + "href" + ], + "properties": { + "href": { + "description": "href is the absolute secure URL for the link (must use https)", + "type": "string", + "default": "" }, - "exposeDockerSocket": { - "description": "exposeDockerSocket will allow running Docker commands (and build container images) from inside the container.", - "type": "boolean" + "text": { + "description": "text is the display text for the link", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.console.v1.ConsoleCLIDownload": { + "description": "ConsoleCLIDownload is an extension for configuring openshift web console command line interface (CLI) downloads.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "forcePull": { - "description": "forcePull describes if the controller should configure the build pod to always pull the images for the builder or only pull if it is not present locally", - "type": "boolean" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "from": { - "description": "from is reference to an DockerImage, ImageStreamTag, or ImageStreamImage from which the container image should be pulled", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" - }, - "pullSecret": { - "description": "pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "secrets": { - "description": "secrets is a list of additional secrets that will be included in the build pod", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.SecretSpec" - } + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleCLIDownloadSpec" } } }, - "com.github.openshift.api.build.v1.DockerBuildStrategy": { - "description": "DockerBuildStrategy defines input parameters specific to container image build.", + "com.github.openshift.api.console.v1.ConsoleCLIDownloadList": { + "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { - "buildArgs": { - "description": "buildArgs contains build arguments that will be resolved in the Dockerfile. See https://docs.docker.com/engine/reference/builder/#/arg for more details. NOTE: Only the 'name' and 'value' fields are supported. Any settings on the 'valueFrom' field are ignored.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" - } - }, - "dockerfilePath": { - "description": "dockerfilePath is the path of the Dockerfile that will be used to build the container image, relative to the root of the context (contextDir). Defaults to `Dockerfile` if unset.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "env": { - "description": "env contains additional environment variables you want to pass into a builder container.", + "items": { "type": "array", "items": { "default": {}, - "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleCLIDownload" } }, - "forcePull": { - "description": "forcePull describes if the builder should pull the images from registry prior to building.", - "type": "boolean" - }, - "from": { - "description": "from is a reference to an DockerImage, ImageStreamTag, or ImageStreamImage which overrides the FROM image in the Dockerfile for the build. If the Dockerfile uses multi-stage builds, this will replace the image in the last FROM directive of the file.", - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" - }, - "imageOptimizationPolicy": { - "description": "imageOptimizationPolicy describes what optimizations the system can use when building images to reduce the final size or time spent building the image. The default policy is 'None' which means the final build image will be equivalent to an image created by the container image build API. The experimental policy 'SkipLayers' will avoid commiting new layers in between each image step, and will fail if the Dockerfile cannot provide compatibility with the 'None' policy. An additional experimental policy 'SkipLayersAndWarn' is the same as 'SkipLayers' but simply warns if compatibility cannot be preserved.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "noCache": { - "description": "noCache if set to true indicates that the container image build must be executed with the --no-cache=true flag", - "type": "boolean" - }, - "pullSecret": { - "description": "pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" - }, - "volumes": { - "description": "volumes is a list of input volumes that can be mounted into the builds runtime environment. Only a subset of Kubernetes Volume sources are supported by builds. More info: https://kubernetes.io/docs/concepts/storage/volumes", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildVolume" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.build.v1.DockerStrategyOptions": { - "description": "DockerStrategyOptions contains extra strategy options for container image builds", + "com.github.openshift.api.console.v1.ConsoleCLIDownloadSpec": { + "description": "ConsoleCLIDownloadSpec is the desired cli download configuration.", "type": "object", + "required": [ + "displayName", + "description", + "links" + ], "properties": { - "buildArgs": { - "description": "Args contains any build arguments that are to be passed to Docker. See https://docs.docker.com/engine/reference/builder/#/arg for more details", + "description": { + "description": "description is the description of the CLI download (can include markdown).", + "type": "string", + "default": "" + }, + "displayName": { + "description": "displayName is the display name of the CLI download.", + "type": "string", + "default": "" + }, + "links": { + "description": "links is a list of objects that provide CLI download link details.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.console.v1.CLIDownloadLink" } - }, - "noCache": { - "description": "noCache overrides the docker-strategy noCache option in the build config", - "type": "boolean" } } }, - "com.github.openshift.api.build.v1.GenericWebHookCause": { - "description": "GenericWebHookCause holds information about a generic WebHook that triggered a build.", + "com.github.openshift.api.console.v1.ConsoleExternalLogLink": { + "description": "ConsoleExternalLogLink is an extension for customizing OpenShift web console log links.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "spec" + ], "properties": { - "revision": { - "description": "revision is an optional field that stores the git source revision information of the generic webhook trigger when it is available.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "secret": { - "description": "secret is the obfuscated webhook secret that triggered a build.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleExternalLogLinkSpec" } } }, - "com.github.openshift.api.build.v1.GenericWebHookEvent": { - "description": "GenericWebHookEvent is the payload expected for a generic webhook post", + "com.github.openshift.api.console.v1.ConsoleExternalLogLinkList": { + "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { - "dockerStrategyOptions": { - "description": "dockerStrategyOptions contains additional docker-strategy specific options for the build", - "$ref": "#/definitions/com.github.openshift.api.build.v1.DockerStrategyOptions" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "env": { - "description": "env contains additional environment variables you want to pass into a builder container. ValueFrom is not supported.", + "items": { "type": "array", "items": { "default": {}, - "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleExternalLogLink" } }, - "git": { - "description": "git is the git information if the Type is BuildSourceGit", - "$ref": "#/definitions/com.github.openshift.api.build.v1.GitInfo" - }, - "type": { - "description": "type is the type of source repository", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.build.v1.GitBuildSource": { - "description": "GitBuildSource defines the parameters of a Git SCM", + "com.github.openshift.api.console.v1.ConsoleExternalLogLinkSpec": { + "description": "ConsoleExternalLogLinkSpec is the desired log link configuration. The log link will appear on the logs tab of the pod details page.", "type": "object", "required": [ - "uri" + "text", + "hrefTemplate" ], "properties": { - "httpProxy": { - "description": "httpProxy is a proxy used to reach the git repository over http", - "type": "string" - }, - "httpsProxy": { - "description": "httpsProxy is a proxy used to reach the git repository over https", - "type": "string" - }, - "noProxy": { - "description": "noProxy is the list of domains for which the proxy should not be used", - "type": "string" + "hrefTemplate": { + "description": "hrefTemplate is an absolute secure URL (must use https) for the log link including variables to be replaced. Variables are specified in the URL with the format ${variableName}, for instance, ${containerName} and will be replaced with the corresponding values from the resource. Resource is a pod. Supported variables are: - ${resourceName} - name of the resource which containes the logs - ${resourceUID} - UID of the resource which contains the logs\n - e.g. `11111111-2222-3333-4444-555555555555`\n- ${containerName} - name of the resource's container that contains the logs - ${resourceNamespace} - namespace of the resource that contains the logs - ${resourceNamespaceUID} - namespace UID of the resource that contains the logs - ${podLabels} - JSON representation of labels matching the pod with the logs\n - e.g. `{\"key1\":\"value1\",\"key2\":\"value2\"}`\n\ne.g., https://example.com/logs?resourceName=${resourceName}&containerName=${containerName}&resourceNamespace=${resourceNamespace}&podLabels=${podLabels}", + "type": "string", + "default": "" }, - "ref": { - "description": "ref is the branch/tag/ref to build.", + "namespaceFilter": { + "description": "namespaceFilter is a regular expression used to restrict a log link to a matching set of namespaces (e.g., `^openshift-`). The string is converted into a regular expression using the JavaScript RegExp constructor. If not specified, links will be displayed for all the namespaces.", "type": "string" }, - "uri": { - "description": "uri points to the source that will be built. The structure of the source will depend on the type of build to run", + "text": { + "description": "text is the display text for the link", "type": "string", "default": "" } } }, - "com.github.openshift.api.build.v1.GitHubWebHookCause": { - "description": "GitHubWebHookCause has information about a GitHub webhook that triggered a build.", + "com.github.openshift.api.console.v1.ConsoleLink": { + "description": "ConsoleLink is an extension for customizing OpenShift web console links.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "spec" + ], "properties": { - "revision": { - "description": "revision is the git revision information of the trigger.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "secret": { - "description": "secret is the obfuscated webhook secret that triggered a build.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleLinkSpec" } } }, - "com.github.openshift.api.build.v1.GitInfo": { - "description": "GitInfo is the aggregated git information for a generic webhook post", + "com.github.openshift.api.console.v1.ConsoleLinkList": { + "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "uri", - "refs" + "metadata", + "items" ], "properties": { - "author": { - "description": "author is the author of a specific commit", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceControlUser" - }, - "commit": { - "description": "commit is the commit hash identifying a specific commit", - "type": "string" - }, - "committer": { - "description": "committer is the committer of a specific commit", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceControlUser" - }, - "httpProxy": { - "description": "httpProxy is a proxy used to reach the git repository over http", - "type": "string" - }, - "httpsProxy": { - "description": "httpsProxy is a proxy used to reach the git repository over https", - "type": "string" - }, - "message": { - "description": "message is the description of a specific commit", - "type": "string" - }, - "noProxy": { - "description": "noProxy is the list of domains for which the proxy should not be used", - "type": "string" - }, - "ref": { - "description": "ref is the branch/tag/ref to build.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "refs": { - "description": "refs is a list of GitRefs for the provided repo - generally sent when used from a post-receive hook. This field is optional and is used when sending multiple refs", + "items": { "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.GitRefInfo" + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleLink" } }, - "uri": { - "description": "uri points to the source that will be built. The structure of the source will depend on the type of build to run", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.build.v1.GitLabWebHookCause": { - "description": "GitLabWebHookCause has information about a GitLab webhook that triggered a build.", - "type": "object", - "properties": { - "revision": { - "description": "revision is the git source revision information of the trigger.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" - }, - "secret": { - "description": "secret is the obfuscated webhook secret that triggered a build.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.build.v1.GitRefInfo": { - "description": "GitRefInfo is a single ref", + "com.github.openshift.api.console.v1.ConsoleLinkSpec": { + "description": "ConsoleLinkSpec is the desired console link configuration.", "type": "object", "required": [ - "uri" + "text", + "href", + "location" ], "properties": { - "author": { - "description": "author is the author of a specific commit", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceControlUser" - }, - "commit": { - "description": "commit is the commit hash identifying a specific commit", - "type": "string" - }, - "committer": { - "description": "committer is the committer of a specific commit", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceControlUser" - }, - "httpProxy": { - "description": "httpProxy is a proxy used to reach the git repository over http", - "type": "string" - }, - "httpsProxy": { - "description": "httpsProxy is a proxy used to reach the git repository over https", - "type": "string" + "applicationMenu": { + "description": "applicationMenu holds information about section and icon used for the link in the application menu, and it is applicable only when location is set to ApplicationMenu.", + "$ref": "#/definitions/com.github.openshift.api.console.v1.ApplicationMenuSpec" }, - "message": { - "description": "message is the description of a specific commit", - "type": "string" + "href": { + "description": "href is the absolute URL for the link. Must use https:// for web URLs or mailto: for email links.", + "type": "string", + "default": "" }, - "noProxy": { - "description": "noProxy is the list of domains for which the proxy should not be used", - "type": "string" + "location": { + "description": "location determines which location in the console the link will be appended to (ApplicationMenu, HelpMenu, UserMenu, NamespaceDashboard).", + "type": "string", + "default": "" }, - "ref": { - "description": "ref is the branch/tag/ref to build.", - "type": "string" + "namespaceDashboard": { + "description": "namespaceDashboard holds information about namespaces in which the dashboard link should appear, and it is applicable only when location is set to NamespaceDashboard. If not specified, the link will appear in all namespaces.", + "$ref": "#/definitions/com.github.openshift.api.console.v1.NamespaceDashboardSpec" }, - "uri": { - "description": "uri points to the source that will be built. The structure of the source will depend on the type of build to run", + "text": { + "description": "text is the display text for the link", "type": "string", "default": "" } } }, - "com.github.openshift.api.build.v1.GitSourceRevision": { - "description": "GitSourceRevision is the commit information from a git source for a build", + "com.github.openshift.api.console.v1.ConsoleNotification": { + "description": "ConsoleNotification is the extension for configuring openshift web console notifications.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "spec" + ], "properties": { - "author": { - "description": "author is the author of a specific commit", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceControlUser" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "commit": { - "description": "commit is the commit hash identifying a specific commit", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "committer": { - "description": "committer is the committer of a specific commit", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceControlUser" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "message": { - "description": "message is the description of a specific commit", - "type": "string" + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleNotificationSpec" } } }, - "com.github.openshift.api.build.v1.ImageChangeCause": { - "description": "ImageChangeCause contains information about the image that triggered a build", + "com.github.openshift.api.console.v1.ConsoleNotificationList": { + "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { - "fromRef": { - "description": "fromRef contains detailed information about an image that triggered a build.", - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "imageID": { - "description": "imageID is the ID of the image that triggered a new build.", + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleNotification" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.build.v1.ImageChangeTrigger": { - "description": "ImageChangeTrigger allows builds to be triggered when an ImageStream changes", + "com.github.openshift.api.console.v1.ConsoleNotificationSpec": { + "description": "ConsoleNotificationSpec is the desired console notification configuration.", "type": "object", + "required": [ + "text" + ], "properties": { - "from": { - "description": "from is a reference to an ImageStreamTag that will trigger a build when updated It is optional. If no From is specified, the From image from the build strategy will be used. Only one ImageChangeTrigger with an empty From reference is allowed in a build configuration.", - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + "backgroundColor": { + "description": "backgroundColor is the color of the background for the notification as CSS data type color.", + "type": "string" }, - "lastTriggeredImageID": { - "description": "lastTriggeredImageID is used internally by the ImageChangeController to save last used image ID for build This field is deprecated and will be removed in a future release. Deprecated", + "color": { + "description": "color is the color of the text for the notification as CSS data type color.", "type": "string" }, - "paused": { - "description": "paused is true if this trigger is temporarily disabled. Optional.", - "type": "boolean" + "link": { + "description": "link is an object that holds notification link details.", + "$ref": "#/definitions/com.github.openshift.api.console.v1.Link" + }, + "location": { + "description": "location is the location of the notification in the console. Valid values are: \"BannerTop\", \"BannerBottom\", \"BannerTopBottom\".", + "type": "string" + }, + "text": { + "description": "text is the visible text of the notification.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.build.v1.ImageChangeTriggerStatus": { - "description": "ImageChangeTriggerStatus tracks the latest resolved status of the associated ImageChangeTrigger policy specified in the BuildConfigSpec.Triggers struct.", + "com.github.openshift.api.console.v1.ConsolePlugin": { + "description": "ConsolePlugin is an extension for customizing OpenShift web console by dynamically loading code from another service running on the cluster.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "spec" + ], "properties": { - "from": { - "description": "from is the ImageStreamTag that is the source of the trigger.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageStreamTagReference" - }, - "lastTriggerTime": { - "description": "lastTriggerTime is the last time this particular ImageStreamTag triggered a Build to start. This field is only updated when this trigger specifically started a Build.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "lastTriggeredImageID": { - "description": "lastTriggeredImageID represents the sha/id of the ImageStreamTag when a Build for this BuildConfig was started. The lastTriggeredImageID is updated each time a Build for this BuildConfig is started, even if this ImageStreamTag is not the reason the Build is started.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec contains the desired configuration for the console plugin.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginSpec" } } }, - "com.github.openshift.api.build.v1.ImageLabel": { - "description": "ImageLabel represents a label applied to the resulting image.", + "com.github.openshift.api.console.v1.ConsolePluginBackend": { + "description": "ConsolePluginBackend holds information about the endpoint which serves the console's plugin", "type": "object", "required": [ - "name" + "type" ], "properties": { - "name": { - "description": "name defines the name of the label. It must have non-zero length.", + "service": { + "description": "service is a Kubernetes Service that exposes the plugin using a deployment with an HTTP server. The Service must use HTTPS and Service serving certificate. The console backend will proxy the plugins assets from the Service using the service CA bundle.", + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginService" + }, + "type": { + "description": "type is the backend type which servers the console's plugin. Currently only \"Service\" is supported.", "type": "string", "default": "" - }, - "value": { - "description": "value defines the literal value of the label.", - "type": "string" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "service": "Service" + } + } + ] }, - "com.github.openshift.api.build.v1.ImageSource": { - "description": "ImageSource is used to describe build source that will be extracted from an image or used during a multi stage build. A reference of type ImageStreamTag, ImageStreamImage or DockerImage may be used. A pull secret can be specified to pull the image from an external registry or override the default service account secret if pulling from the internal registry. Image sources can either be used to extract content from an image and place it into the build context along with the repository source, or used directly during a multi-stage container image build to allow content to be copied without overwriting the contents of the repository source (see the 'paths' and 'as' fields).", + "com.github.openshift.api.console.v1.ConsolePluginCSP": { + "description": "ConsolePluginCSP holds configuration for a specific CSP directive", "type": "object", "required": [ - "from" + "directive", + "values" ], "properties": { - "as": { - "description": "A list of image names that this source will be used in place of during a multi-stage container image build. For instance, a Dockerfile that uses \"COPY --from=nginx:latest\" will first check for an image source that has \"nginx:latest\" in this field before attempting to pull directly. If the Dockerfile does not reference an image source it is ignored. This field and paths may both be set, in which case the contents will be used twice.", + "directive": { + "description": "directive specifies which Content-Security-Policy directive to configure. Available directive types are DefaultSrc, ScriptSrc, StyleSrc, ImgSrc, FontSrc and ConnectSrc. DefaultSrc directive serves as a fallback for the other CSP fetch directives. For more information about the DefaultSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src ScriptSrc directive specifies valid sources for JavaScript. For more information about the ScriptSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src StyleSrc directive specifies valid sources for stylesheets. For more information about the StyleSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src ImgSrc directive specifies a valid sources of images and favicons. For more information about the ImgSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src FontSrc directive specifies valid sources for fonts loaded using @font-face. For more information about the FontSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src ConnectSrc directive restricts the URLs which can be loaded using script interfaces. For more information about the ConnectSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src\n\nPossible enum values:\n - `\"ConnectSrc\"` directive restricts the URLs which can be loaded using script interfaces. For more information about the ConnectSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src\n - `\"DefaultSrc\"` directive serves as a fallback for the other CSP fetch directives. For more information about the DefaultSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src\n - `\"FontSrc\"` directive specifies valid sources for fonts loaded using @font-face. For more information about the FontSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src\n - `\"ImgSrc\"` directive specifies a valid sources of images and favicons. For more information about the ImgSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src\n - `\"ScriptSrc\"` directive specifies valid sources for JavaScript. For more information about the ScriptSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src\n - `\"StyleSrc\"` directive specifies valid sources for stylesheets. For more information about the StyleSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src", + "type": "string", + "default": "", + "enum": [ + "ConnectSrc", + "DefaultSrc", + "FontSrc", + "ImgSrc", + "ScriptSrc", + "StyleSrc" + ] + }, + "values": { + "description": "values defines an array of values to append to the console defaults for this directive. Each ConsolePlugin may define their own directives with their values. These will be set by the OpenShift web console's backend, as part of its Content-Security-Policy header. The array can contain at most 16 values. Each directive value must have a maximum length of 1024 characters and must not contain whitespace, commas (,), semicolons (;) or single quotes ('). The value '*' is not permitted. Each value in the array must be unique.", "type": "array", "items": { "type": "string", "default": "" - } - }, - "from": { - "description": "from is a reference to an ImageStreamTag, ImageStreamImage, or DockerImage to copy source from.", - "default": {}, - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" - }, - "paths": { - "description": "paths is a list of source and destination paths to copy from the image. This content will be copied into the build context prior to starting the build. If no paths are set, the build context will not be altered.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageSourcePath" - } - }, - "pullSecret": { - "description": "pullSecret is a reference to a secret to be used to pull the image from a registry If the image is pulled from the OpenShift registry, this field does not need to be set.", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.build.v1.ImageSourcePath": { - "description": "ImageSourcePath describes a path to be copied from a source image and its destination within the build directory.", + "com.github.openshift.api.console.v1.ConsolePluginI18n": { + "description": "ConsolePluginI18n holds information on localization resources that are served by the dynamic plugin.", "type": "object", "required": [ - "sourcePath", - "destinationDir" + "loadType" ], "properties": { - "destinationDir": { - "description": "destinationDir is the relative directory within the build directory where files copied from the image are placed.", - "type": "string", - "default": "" - }, - "sourcePath": { - "description": "sourcePath is the absolute path of the file or directory inside the image to copy to the build directory. If the source path ends in /. then the content of the directory will be copied, but the directory itself will not be created at the destination.", + "loadType": { + "description": "loadType indicates how the plugin's localization resource should be loaded. Valid values are Preload, Lazy and the empty string. When set to Preload, all localization resources are fetched when the plugin is loaded. When set to Lazy, localization resources are lazily loaded as and when they are required by the console. When omitted or set to the empty string, the behaviour is equivalent to Lazy type.", "type": "string", "default": "" } } }, - "com.github.openshift.api.build.v1.ImageStreamTagReference": { - "description": "ImageStreamTagReference references the ImageStreamTag in an image change trigger by namespace and name.", + "com.github.openshift.api.console.v1.ConsolePluginList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { - "name": { - "description": "name is the name of the ImageStreamTag for an ImageChangeTrigger", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "namespace": { - "description": "namespace is the namespace where the ImageStreamTag for an ImageChangeTrigger is located", - "type": "string" - } - } - }, - "com.github.openshift.api.build.v1.JenkinsPipelineBuildStrategy": { - "description": "JenkinsPipelineBuildStrategy holds parameters specific to a Jenkins Pipeline build. Deprecated: use OpenShift Pipelines", - "type": "object", - "properties": { - "env": { - "description": "env contains additional environment variables you want to pass into a build pipeline.", + "items": { "type": "array", "items": { "default": {}, - "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePlugin" } }, - "jenkinsfile": { - "description": "jenkinsfile defines the optional raw contents of a Jenkinsfile which defines a Jenkins pipeline build.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "jenkinsfilePath": { - "description": "jenkinsfilePath is the optional path of the Jenkinsfile that will be used to configure the pipeline relative to the root of the context (contextDir). If both JenkinsfilePath & Jenkinsfile are both not specified, this defaults to Jenkinsfile in the root of the specified contextDir.", - "type": "string" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.build.v1.ProxyConfig": { - "description": "ProxyConfig defines what proxies to use for an operation", + "com.github.openshift.api.console.v1.ConsolePluginProxy": { + "description": "ConsolePluginProxy holds information on various service types to which console's backend will proxy the plugin's requests.", "type": "object", + "required": [ + "endpoint", + "alias" + ], "properties": { - "httpProxy": { - "description": "httpProxy is a proxy used to reach the git repository over http", - "type": "string" + "alias": { + "description": "alias is a proxy name that identifies the plugin's proxy. An alias name should be unique per plugin. The console backend exposes following proxy endpoint:\n\n/api/proxy/plugin///?\n\nRequest example path:\n\n/api/proxy/plugin/acm/search/pods?namespace=openshift-apiserver", + "type": "string", + "default": "" }, - "httpsProxy": { - "description": "httpsProxy is a proxy used to reach the git repository over https", + "authorization": { + "description": "authorization provides information about authorization type, which the proxied request should contain", "type": "string" }, - "noProxy": { - "description": "noProxy is the list of domains for which the proxy should not be used", + "caCertificate": { + "description": "caCertificate provides the cert authority certificate contents, in case the proxied Service is using custom service CA. By default, the service CA bundle provided by the service-ca operator is used.", "type": "string" + }, + "endpoint": { + "description": "endpoint provides information about endpoint to which the request is proxied to.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginProxyEndpoint" } } }, - "com.github.openshift.api.build.v1.SecretBuildSource": { - "description": "SecretBuildSource describes a secret and its destination directory that will be used only at the build time. The content of the secret referenced here will be copied into the destination directory instead of mounting.", + "com.github.openshift.api.console.v1.ConsolePluginProxyEndpoint": { + "description": "ConsolePluginProxyEndpoint holds information about the endpoint to which request will be proxied to.", "type": "object", "required": [ - "secret" + "type" ], "properties": { - "destinationDir": { - "description": "destinationDir is the directory where the files from the secret should be available for the build time. For the Source build strategy, these will be injected into a container where the assemble script runs. Later, when the script finishes, all files injected will be truncated to zero length. For the container image build strategy, these will be copied into the build directory, where the Dockerfile is located, so users can ADD or COPY them during container image build.", - "type": "string" + "service": { + "description": "service is an in-cluster Service that the plugin will connect to. The Service must use HTTPS. The console backend exposes an endpoint in order to proxy communication between the plugin and the Service. Note: service field is required for now, since currently only \"Service\" type is supported.", + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginProxyServiceConfig" }, - "secret": { - "description": "secret is a reference to an existing secret that you want to use in your build.", - "default": {}, - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + "type": { + "description": "type is the type of the console plugin's proxy. Currently only \"Service\" is supported.", + "type": "string", + "default": "" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "service": "Service" + } + } + ] }, - "com.github.openshift.api.build.v1.SecretLocalReference": { - "description": "SecretLocalReference contains information that points to the local secret being used", + "com.github.openshift.api.console.v1.ConsolePluginProxyServiceConfig": { + "description": "ProxyTypeServiceConfig holds information on Service to which console's backend will proxy the plugin's requests.", "type": "object", "required": [ - "name" + "name", + "namespace", + "port" ], "properties": { "name": { - "description": "name is the name of the resource in the same namespace being referenced", + "description": "name of Service that the plugin needs to connect to.", + "type": "string", + "default": "" + }, + "namespace": { + "description": "namespace of Service that the plugin needs to connect to", "type": "string", "default": "" + }, + "port": { + "description": "port on which the Service that the plugin needs to connect to is listening on.", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "com.github.openshift.api.build.v1.SecretSpec": { - "description": "SecretSpec specifies a secret to be included in a build pod and its corresponding mount point", + "com.github.openshift.api.console.v1.ConsolePluginService": { + "description": "ConsolePluginService holds information on Service that is serving console dynamic plugin assets.", "type": "object", "required": [ - "secretSource", - "mountPath" + "name", + "namespace", + "port" ], "properties": { - "mountPath": { - "description": "mountPath is the path at which to mount the secret", + "basePath": { + "description": "basePath is the path to the plugin's assets. The primary asset it the manifest file called `plugin-manifest.json`, which is a JSON document that contains metadata about the plugin and the extensions.", + "type": "string" + }, + "name": { + "description": "name of Service that is serving the plugin assets.", "type": "string", "default": "" }, - "secretSource": { - "description": "secretSource is a reference to the secret", - "default": {}, - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + "namespace": { + "description": "namespace of Service that is serving the plugin assets.", + "type": "string", + "default": "" + }, + "port": { + "description": "port on which the Service that is serving the plugin is listening to.", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "com.github.openshift.api.build.v1.SourceBuildStrategy": { - "description": "SourceBuildStrategy defines input parameters specific to an Source build.", + "com.github.openshift.api.console.v1.ConsolePluginSpec": { + "description": "ConsolePluginSpec is the desired plugin configuration.", "type": "object", "required": [ - "from" + "displayName", + "backend" ], "properties": { - "env": { - "description": "env contains additional environment variables you want to pass into a builder container.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" - } - }, - "forcePull": { - "description": "forcePull describes if the builder should pull the images from registry prior to building.", - "type": "boolean" - }, - "from": { - "description": "from is reference to an DockerImage, ImageStreamTag, or ImageStreamImage from which the container image should be pulled", + "backend": { + "description": "backend holds the configuration of backend which is serving console's plugin .", "default": {}, - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" - }, - "incremental": { - "description": "incremental flag forces the Source build to do incremental builds if true.", - "type": "boolean" - }, - "pullSecret": { - "description": "pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" - }, - "scripts": { - "description": "scripts is the location of Source scripts", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginBackend" }, - "volumes": { - "description": "volumes is a list of input volumes that can be mounted into the builds runtime environment. Only a subset of Kubernetes Volume sources are supported by builds. More info: https://kubernetes.io/docs/concepts/storage/volumes", + "contentSecurityPolicy": { + "description": "contentSecurityPolicy is a list of Content-Security-Policy (CSP) directives for the plugin. Each directive specifies a list of values, appropriate for the given directive type, for example a list of remote endpoints for fetch directives such as ScriptSrc. Console web application uses CSP to detect and mitigate certain types of attacks, such as cross-site scripting (XSS) and data injection attacks. Dynamic plugins should specify this field if need to load assets from outside the cluster or if violation reports are observed. Dynamic plugins should always prefer loading their assets from within the cluster, either by vendoring them, or fetching from a cluster service. CSP violation reports can be viewed in the browser's console logs during development and testing of the plugin in the OpenShift web console. Available directive types are DefaultSrc, ScriptSrc, StyleSrc, ImgSrc, FontSrc and ConnectSrc. Each of the available directives may be defined only once in the list. The value 'self' is automatically included in all fetch directives by the OpenShift web console's backend. For more information about the CSP directives, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy\n\nThe OpenShift web console server aggregates the CSP directives and values across its own default values and all enabled ConsolePlugin CRs, merging them into a single policy string that is sent to the browser via `Content-Security-Policy` HTTP response header.\n\nExample:\n ConsolePlugin A directives:\n script-src: https://script1.com/, https://script2.com/\n font-src: https://font1.com/\n\n ConsolePlugin B directives:\n script-src: https://script2.com/, https://script3.com/\n font-src: https://font2.com/\n img-src: https://img1.com/\n\n Unified set of CSP directives, passed to the OpenShift web console server:\n script-src: https://script1.com/, https://script2.com/, https://script3.com/\n font-src: https://font1.com/, https://font2.com/\n img-src: https://img1.com/\n\n OpenShift web console server CSP response header:\n Content-Security-Policy: default-src 'self'; base-uri 'self'; script-src 'self' https://script1.com/ https://script2.com/ https://script3.com/; font-src 'self' https://font1.com/ https://font2.com/; img-src 'self' https://img1.com/; style-src 'self'; frame-src 'none'; object-src 'none'", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildVolume" + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginCSP" }, "x-kubernetes-list-map-keys": [ - "name" + "directive" ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" - } - } - }, - "com.github.openshift.api.build.v1.SourceControlUser": { - "description": "SourceControlUser defines the identity of a user of source control", - "type": "object", - "properties": { - "email": { - "description": "email of the source control user", - "type": "string" - }, - "name": { - "description": "name of the source control user", - "type": "string" - } - } - }, - "com.github.openshift.api.build.v1.SourceRevision": { - "description": "SourceRevision is the revision or commit information from the source for the build", - "type": "object", - "required": [ - "type" - ], - "properties": { - "git": { - "description": "git contains information about git-based build source", - "$ref": "#/definitions/com.github.openshift.api.build.v1.GitSourceRevision" + "x-kubernetes-list-type": "map" }, - "type": { - "description": "type of the build source, may be one of 'Source', 'Dockerfile', 'Binary', or 'Images'", + "displayName": { + "description": "displayName is the display name of the plugin. The dispalyName should be between 1 and 128 characters.", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.build.v1.SourceStrategyOptions": { - "description": "SourceStrategyOptions contains extra strategy options for Source builds", - "type": "object", - "properties": { - "incremental": { - "description": "incremental overrides the source-strategy incremental option in the build config", - "type": "boolean" - } - } - }, - "com.github.openshift.api.build.v1.StageInfo": { - "description": "StageInfo contains details about a build stage.", - "type": "object", - "properties": { - "durationMilliseconds": { - "description": "durationMilliseconds identifies how long the stage took to complete in milliseconds. Note: the duration of a stage can exceed the sum of the duration of the steps within the stage as not all actions are accounted for in explicit build steps.", - "type": "integer", - "format": "int64" - }, - "name": { - "description": "name is a unique identifier for each build stage that occurs.", - "type": "string" }, - "startTime": { - "description": "startTime is a timestamp representing the server time when this Stage started. It is represented in RFC3339 form and is in UTC.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "i18n": { + "description": "i18n is the configuration of plugin's localization resources.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginI18n" }, - "steps": { - "description": "steps contains details about each step that occurs during a build stage including start time and duration in milliseconds.", + "proxy": { + "description": "proxy is a list of proxies that describe various service type to which the plugin needs to connect to.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.StepInfo" - } - } - } - }, - "com.github.openshift.api.build.v1.StepInfo": { - "description": "StepInfo contains details about a build step.", - "type": "object", - "properties": { - "durationMilliseconds": { - "description": "durationMilliseconds identifies how long the step took to complete in milliseconds.", - "type": "integer", - "format": "int64" - }, - "name": { - "description": "name is a unique identifier for each build step.", - "type": "string" - }, - "startTime": { - "description": "startTime is a timestamp representing the server time when this Step started. it is represented in RFC3339 form and is in UTC.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.build.v1.WebHookTrigger": { - "description": "WebHookTrigger is a trigger that gets invoked using a webhook type of post", - "type": "object", - "properties": { - "allowEnv": { - "description": "allowEnv determines whether the webhook can set environment variables; can only be set to true for GenericWebHook.", - "type": "boolean" - }, - "secret": { - "description": "secret used to validate requests. Deprecated: use SecretReference instead.", - "type": "string" - }, - "secretReference": { - "description": "secretReference is a reference to a secret in the same namespace, containing the value to be validated when the webhook is invoked. The secret being referenced must contain a key named \"WebHookSecretKey\", the value of which will be checked against the value supplied in the webhook invocation.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.SecretLocalReference" + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginProxy" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.cloudnetwork.v1.CloudPrivateIPConfig": { - "description": "CloudPrivateIPConfig performs an assignment of a private IP address to the primary NIC associated with cloud VMs. This is done by specifying the IP and Kubernetes node which the IP should be assigned to. This CRD is intended to be used by the network plugin which manages the cluster network. The spec side represents the desired state requested by the network plugin, and the status side represents the current state that this CRD's controller has executed. No users will have permission to modify it, and if a cluster-admin decides to edit it for some reason, their changes will be overwritten the next time the network plugin reconciles the object. Note: the CR's name must specify the requested private IP address (can be IPv4 or IPv6).\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.console.v1.ConsoleQuickStart": { + "description": "ConsoleQuickStart is an extension for guiding user through various workflows in the OpenShift web console.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "spec" @@ -15743,605 +14244,564 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec is the definition of the desired private IP request.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.cloudnetwork.v1.CloudPrivateIPConfigSpec" - }, - "status": { - "description": "status is the observed status of the desired private IP request. Read-only.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.cloudnetwork.v1.CloudPrivateIPConfigStatus" - } - } - }, - "com.github.openshift.api.cloudnetwork.v1.CloudPrivateIPConfigSpec": { - "description": "CloudPrivateIPConfigSpec consists of a node name which the private IP should be assigned to.", - "type": "object", - "properties": { - "node": { - "description": "node is the node name, as specified by the Kubernetes field: node.metadata.name", - "type": "string", - "default": "" + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleQuickStartSpec" } } }, - "com.github.openshift.api.cloudnetwork.v1.CloudPrivateIPConfigStatus": { - "description": "CloudPrivateIPConfigStatus specifies the node assignment together with its assignment condition.", + "com.github.openshift.api.console.v1.ConsoleQuickStartList": { + "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "conditions" + "metadata", + "items" ], "properties": { - "conditions": { - "description": "condition is the assignment condition of the private IP and its status", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" - }, - "node": { - "description": "node is the node name, as specified by the Kubernetes field: node.metadata.name", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.config.v1.APIServer": { - "description": "APIServer holds configuration (like serving certificates, client CA and CORS domains) shared by all API servers in the system, among them especially kube-apiserver and openshift-apiserver. The canonical name of an instance is 'cluster'.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "spec" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleQuickStart" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.APIServerSpec" - }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.APIServerStatus" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.config.v1.APIServerEncryption": { - "description": "APIServerEncryption is used to encrypt sensitive resources on the cluster.", - "type": "object", - "properties": { - "kms": { - "description": "kms defines the configuration for the external KMS instance that manages the encryption keys, when KMS encryption is enabled sensitive resources will be encrypted using keys managed by an externally configured KMS instance.\n\nThe Key Management Service (KMS) instance provides symmetric encryption and is responsible for managing the lifecyle of the encryption keys outside of the control plane. This allows integration with an external provider to manage the data encryption keys securely.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.KMSConfig" - }, - "type": { - "description": "type defines what encryption type should be used to encrypt resources at the datastore layer. When this field is unset (i.e. when it is set to the empty string), identity is implied. The behavior of unset can and will change over time. Even if encryption is enabled by default, the meaning of unset may change to a different encryption type based on changes in best practices.\n\nWhen encryption is enabled, all sensitive resources shipped with the platform are encrypted. This list of sensitive resources can and will change over time. The current authoritative list is:\n\n 1. secrets\n 2. configmaps\n 3. routes.route.openshift.io\n 4. oauthaccesstokens.oauth.openshift.io\n 5. oauthauthorizetokens.oauth.openshift.io", - "type": "string" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "kms": "KMS" - } - } - ] - }, - "com.github.openshift.api.config.v1.APIServerList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.console.v1.ConsoleQuickStartSpec": { + "description": "ConsoleQuickStartSpec is the desired quick start configuration.", "type": "object", "required": [ - "metadata", - "items" + "displayName", + "durationMinutes", + "description", + "introduction", + "tasks" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { + "accessReviewResources": { + "description": "accessReviewResources contains a list of resources that the user's access will be reviewed against in order for the user to complete the Quick Start. The Quick Start will be hidden if any of the access reviews fail.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.APIServer" + "$ref": "#/definitions/io.k8s.api.authorization.v1.ResourceAttributes" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "conclusion": { + "description": "conclusion sums up the Quick Start and suggests the possible next steps. (includes markdown)", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.config.v1.APIServerNamedServingCert": { - "description": "APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate.", - "type": "object", - "required": [ - "servingCertificate" - ], - "properties": { - "names": { - "description": "names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.", + "description": { + "description": "description is the description of the Quick Start. (includes markdown)", + "type": "string", + "default": "" + }, + "displayName": { + "description": "displayName is the display name of the Quick Start.", + "type": "string", + "default": "" + }, + "durationMinutes": { + "description": "durationMinutes describes approximately how many minutes it will take to complete the Quick Start.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "icon": { + "description": "icon is a base64 encoded image that will be displayed beside the Quick Start display name. The icon should be an vector image for easy scaling. The size of the icon should be 40x40.", + "type": "string" + }, + "introduction": { + "description": "introduction describes the purpose of the Quick Start. (includes markdown)", + "type": "string", + "default": "" + }, + "nextQuickStart": { + "description": "nextQuickStart is a list of the following Quick Starts, suggested for the user to try.", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } }, - "servingCertificate": { - "description": "servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. The secret must exist in the openshift-config namespace and contain the following required fields: - Secret.Data[\"tls.key\"] - TLS private key. - Secret.Data[\"tls.crt\"] - TLS certificate.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" - } - } - }, - "com.github.openshift.api.config.v1.APIServerServingCerts": { - "type": "object", - "properties": { - "namedCertificates": { - "description": "namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. If no named certificates are provided, or no named certificates match the server name as understood by a client, the defaultServingCertificate will be used.", + "prerequisites": { + "description": "prerequisites contains all prerequisites that need to be met before taking a Quick Start. (includes markdown)", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.APIServerNamedServingCert" - }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "com.github.openshift.api.config.v1.APIServerSpec": { - "type": "object", - "properties": { - "additionalCORSAllowedOrigins": { - "description": "additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth server from JavaScript applications. The values are regular expressions that correspond to the Golang regular expression language.", + "type": "string", + "default": "" + } + }, + "tags": { + "description": "tags is a list of strings that describe the Quick Start.", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "audit": { - "description": "audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Audit" - }, - "clientCA": { - "description": "clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. You usually only have to set this if you have your own PKI you wish to honor client certificates from. The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - ConfigMap.Data[\"ca-bundle.crt\"] - CA bundle.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" - }, - "encryption": { - "description": "encryption allows the configuration of encryption of resources at the datastore layer.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.APIServerEncryption" - }, - "servingCerts": { - "description": "servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates will be used for serving secure traffic.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.APIServerServingCerts" - }, - "tlsAdherence": { - "description": "tlsAdherence controls if components in the cluster adhere to the TLS security profile configured on this APIServer resource.\n\nValid values are \"LegacyAdheringComponentsOnly\" and \"StrictAllComponents\".\n\nWhen set to \"LegacyAdheringComponentsOnly\", components that already honor the cluster-wide TLS profile continue to do so. Components that do not already honor it continue to use their individual TLS configurations.\n\nWhen set to \"StrictAllComponents\", all components must honor the configured TLS profile unless they have a component-specific TLS configuration that overrides it. This mode is recommended for security-conscious deployments and is required for certain compliance frameworks.\n\nNote: Some components such as Kubelet and IngressController have their own dedicated TLS configuration mechanisms via KubeletConfig and IngressController CRs respectively. When these component-specific TLS configurations are set, they take precedence over the cluster-wide tlsSecurityProfile. When not set, these components fall back to the cluster-wide default.\n\nComponents that encounter an unknown value for tlsAdherence should treat it as \"StrictAllComponents\" and log a warning to ensure forward compatibility while defaulting to the more secure behavior.\n\nThis field is optional. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is LegacyAdheringComponentsOnly.\n\nOnce set, this field may be changed to a different value, but may not be removed.", - "type": "string" + } }, - "tlsSecurityProfile": { - "description": "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers.\n\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is the Intermediate profile.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.TLSSecurityProfile" + "tasks": { + "description": "tasks is the list of steps the user has to perform to complete the Quick Start.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleQuickStartTask" + } } } }, - "com.github.openshift.api.config.v1.APIServerStatus": { - "type": "object" - }, - "com.github.openshift.api.config.v1.AWSDNSSpec": { - "description": "AWSDNSSpec contains DNS configuration specific to the Amazon Web Services cloud provider.", + "com.github.openshift.api.console.v1.ConsoleQuickStartTask": { + "description": "ConsoleQuickStartTask is a single step in a Quick Start.", "type": "object", + "required": [ + "title", + "description" + ], "properties": { - "privateZoneIAMRole": { - "description": "privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed.\n\nThe ARN must follow the format: arn::iam:::role/, where: is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc), is a 12-digit numeric identifier for the AWS account, is the IAM role name.", + "description": { + "description": "description describes the steps needed to complete the task. (includes markdown)", + "type": "string", + "default": "" + }, + "review": { + "description": "review contains instructions to validate the task is complete. The user will select 'Yes' or 'No'. using a radio button, which indicates whether the step was completed successfully.", + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleQuickStartTaskReview" + }, + "summary": { + "description": "summary contains information about the passed step.", + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleQuickStartTaskSummary" + }, + "title": { + "description": "title describes the task and is displayed as a step heading.", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.AWSIngressSpec": { - "description": "AWSIngressSpec holds the desired state of the Ingress for Amazon Web Services infrastructure provider. This only includes fields that can be modified in the cluster.", + "com.github.openshift.api.console.v1.ConsoleQuickStartTaskReview": { + "description": "ConsoleQuickStartTaskReview contains instructions that validate a task was completed successfully.", "type": "object", "required": [ - "type" + "instructions", + "failedTaskHelp" ], "properties": { - "type": { - "description": "type allows user to set a load balancer type. When this field is set the default ingresscontroller will get created using the specified LBType. If this field is not set then the default ingress controller of LBType Classic will be created. Valid values are:\n\n* \"Classic\": A Classic Load Balancer that makes routing decisions at either\n the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See\n the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb\n\n* \"NLB\": A Network Load Balancer that makes routing decisions at the\n transport layer (TCP/SSL). See the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb", + "failedTaskHelp": { + "description": "failedTaskHelp contains suggestions for a failed task review and is shown at the end of task. (includes markdown)", + "type": "string", + "default": "" + }, + "instructions": { + "description": "instructions contains steps that user needs to take in order to validate his work after going through a task. (includes markdown)", "type": "string", "default": "" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": {} - } - ] + } }, - "com.github.openshift.api.config.v1.AWSKMSConfig": { - "description": "AWSKMSConfig defines the KMS config specific to AWS KMS provider", + "com.github.openshift.api.console.v1.ConsoleQuickStartTaskSummary": { + "description": "ConsoleQuickStartTaskSummary contains information about a passed step.", "type": "object", "required": [ - "keyARN", - "region" + "success", + "failed" ], "properties": { - "keyARN": { - "description": "keyARN specifies the Amazon Resource Name (ARN) of the AWS KMS key used for encryption. The value must adhere to the format `arn:aws:kms:::key/`, where: - `` is the AWS region consisting of lowercase letters and hyphens followed by a number. - `` is a 12-digit numeric identifier for the AWS account. - `` is a unique identifier for the KMS key, consisting of lowercase hexadecimal characters and hyphens.", + "failed": { + "description": "failed briefly describes the unsuccessfully passed task. (includes markdown)", "type": "string", "default": "" }, - "region": { - "description": "region specifies the AWS region where the KMS instance exists, and follows the format `--`, e.g.: `us-east-1`. Only lowercase letters and hyphens followed by numbers are allowed.", + "success": { + "description": "success describes the succesfully passed task.", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.AWSPlatformSpec": { - "description": "AWSPlatformSpec holds the desired state of the Amazon Web Services infrastructure provider. This only includes fields that can be modified in the cluster.", + "com.github.openshift.api.console.v1.ConsoleSample": { + "description": "ConsoleSample is an extension to customizing OpenShift web console by adding samples.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "spec" + ], "properties": { - "serviceEndpoints": { - "description": "serviceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSServiceEndpoint" - }, - "x-kubernetes-list-type": "atomic" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec contains configuration for a console sample.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleSpec" } } }, - "com.github.openshift.api.config.v1.AWSPlatformStatus": { - "description": "AWSPlatformStatus holds the current status of the Amazon Web Services infrastructure provider.", + "com.github.openshift.api.console.v1.ConsoleSampleContainerImportSource": { + "description": "ConsoleSampleContainerImportSource let the user import a container image.", "type": "object", "required": [ - "region" + "image" ], "properties": { - "cloudLoadBalancerConfig": { - "description": "cloudLoadBalancerConfig holds configuration related to DNS and cloud load balancers. It allows configuration of in-cluster DNS as an alternative to the platform default DNS implementation. When using the ClusterHosted DNS type, Load Balancer IP addresses must be provided for the API and internal API load balancers as well as the ingress load balancer.", - "default": { - "dnsType": "PlatformDefault" - }, - "$ref": "#/definitions/com.github.openshift.api.config.v1.CloudLoadBalancerConfig" - }, - "ipFamily": { - "description": "ipFamily specifies the IP protocol family that should be used for AWS network resources. This controls whether AWS resources are created with IPv4-only, or dual-stack networking with IPv4 or IPv6 as the primary protocol family.", - "type": "string", - "default": "IPv4" - }, - "region": { - "description": "region holds the default AWS region for new AWS resources created by the cluster.", + "image": { + "description": "reference to a container image that provides a HTTP service. The service must be exposed on the default port (8080) unless otherwise configured with the port field.\n\nSupported formats:\n - /\n - docker.io//\n - quay.io//\n - quay.io//@sha256:\n - quay.io//:", "type": "string", "default": "" }, - "resourceTags": { - "description": "resourceTags is a list of additional tags to apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags available for the user.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSResourceTag" - }, - "x-kubernetes-list-type": "atomic" - }, - "serviceEndpoints": { - "description": "serviceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSServiceEndpoint" - }, - "x-kubernetes-list-type": "atomic" + "service": { + "description": "service contains configuration for the Service resource created for this sample.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleContainerImportSourceService" } } }, - "com.github.openshift.api.config.v1.AWSResourceTag": { - "description": "AWSResourceTag is a tag to apply to AWS resources created for the cluster.", + "com.github.openshift.api.console.v1.ConsoleSampleContainerImportSourceService": { + "description": "ConsoleSampleContainerImportSourceService let the samples author define defaults for the Service created for this sample.", + "type": "object", + "properties": { + "targetPort": { + "description": "targetPort is the port that the service listens on for HTTP requests. This port will be used for Service and Route created for this sample. Port must be in the range 1 to 65535. Default port is 8080.", + "type": "integer", + "format": "int32" + } + } + }, + "com.github.openshift.api.console.v1.ConsoleSampleGitImportSource": { + "description": "ConsoleSampleGitImportSource let the user import code from a public Git repository.", "type": "object", "required": [ - "key", - "value" + "repository" ], "properties": { - "key": { - "description": "key sets the key of the AWS resource tag key-value pair. Key is required when defining an AWS resource tag. Key should consist of between 1 and 128 characters, and may contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'.", - "type": "string", - "default": "" + "repository": { + "description": "repository contains the reference to the actual Git repository.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleGitImportSourceRepository" }, - "value": { - "description": "value sets the value of the AWS resource tag key-value pair. Value is required when defining an AWS resource tag. Value should consist of between 1 and 256 characters, and may contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'. Some AWS service do not support empty values. Since tags are added to resources in many services, the length of the tag value must meet the requirements of all services.", - "type": "string", - "default": "" + "service": { + "description": "service contains configuration for the Service resource created for this sample.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleGitImportSourceService" } } }, - "com.github.openshift.api.config.v1.AWSServiceEndpoint": { - "description": "AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services.", + "com.github.openshift.api.console.v1.ConsoleSampleGitImportSourceRepository": { + "description": "ConsoleSampleGitImportSourceRepository let the user import code from a public git repository.", "type": "object", "required": [ - "name", "url" ], "properties": { - "name": { - "description": "name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty.", + "contextDir": { + "description": "contextDir is used to specify a directory within the repository to build the component. Must start with `/` and have a maximum length of 256 characters. When omitted, the default value is to build from the root of the repository.", + "type": "string", + "default": "" + }, + "revision": { + "description": "revision is the git revision at which to clone the git repository Can be used to clone a specific branch, tag or commit SHA. Must be at most 256 characters in length. When omitted the repository's default branch is used.", "type": "string", "default": "" }, "url": { - "description": "url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.", + "description": "url of the Git repository that contains a HTTP service. The HTTP service must be exposed on the default port (8080) unless otherwise configured with the port field.\n\nOnly public repositories on GitHub, GitLab and Bitbucket are currently supported:\n\n - https://github.com//\n - https://gitlab.com//\n - https://bitbucket.org//\n\nThe url must have a maximum length of 256 characters.", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.AcceptRisk": { - "description": "AcceptRisk represents a risk that is considered acceptable.", + "com.github.openshift.api.console.v1.ConsoleSampleGitImportSourceService": { + "description": "ConsoleSampleGitImportSourceService let the samples author define defaults for the Service created for this sample.", "type": "object", - "required": [ - "name" - ], "properties": { - "name": { - "description": "name is the name of the acceptable risk. It must be a non-empty string and must not exceed 256 characters.", - "type": "string" + "targetPort": { + "description": "targetPort is the port that the service listens on for HTTP requests. This port will be used for Service created for this sample. Port must be in the range 1 to 65535. Default port is 8080.", + "type": "integer", + "format": "int32" } } }, - "com.github.openshift.api.config.v1.AdmissionConfig": { + "com.github.openshift.api.console.v1.ConsoleSampleList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { - "disabledPlugins": { - "description": "disabledPlugins is a list of admission plugins that must be off. Putting something in this list is almost always a mistake and likely to result in cluster instability.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "enabledPlugins": { - "description": "enabledPlugins is a list of admission plugins that must be on in addition to the default list. Some admission plugins are disabled by default, but certain configurations require them. This is fairly uncommon and can result in performance penalties and unexpected behavior.", + "items": { "type": "array", "items": { - "type": "string", - "default": "" - } - }, - "pluginConfig": { - "type": "object", - "additionalProperties": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AdmissionPluginConfig" + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSample" } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.config.v1.AdmissionPluginConfig": { - "description": "AdmissionPluginConfig holds the necessary configuration options for admission plugins", + "com.github.openshift.api.console.v1.ConsoleSampleSource": { + "description": "ConsoleSampleSource is the actual sample definition and can hold different sample types. Unsupported sample types will be ignored in the web console.", "type": "object", "required": [ - "location", - "configuration" + "type" ], "properties": { - "configuration": { - "description": "configuration is an embedded configuration object to be used as the plugin's configuration. If present, it will be used instead of the path to the configuration file.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "containerImport": { + "description": "containerImport allows the user import a container image.", + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleContainerImportSource" }, - "location": { - "description": "location is the path to a configuration file that contains the plugin's configuration", + "gitImport": { + "description": "gitImport allows the user to import code from a git repository.", + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleGitImportSource" + }, + "type": { + "description": "type of the sample, currently supported: \"GitImport\";\"ContainerImport\"\n\nPossible enum values:\n - `\"ContainerImport\"` A sample that let the user import a container image.\n - `\"GitImport\"` A sample that let the user import code from a git repository.", "type": "string", - "default": "" + "default": "", + "enum": [ + "ContainerImport", + "GitImport" + ] } - } - }, - "com.github.openshift.api.config.v1.AlibabaCloudPlatformSpec": { - "description": "AlibabaCloudPlatformSpec holds the desired state of the Alibaba Cloud infrastructure provider. This only includes fields that can be modified in the cluster.", - "type": "object" + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "containerImport": "ContainerImport", + "gitImport": "GitImport" + } + } + ] }, - "com.github.openshift.api.config.v1.AlibabaCloudPlatformStatus": { - "description": "AlibabaCloudPlatformStatus holds the current status of the Alibaba Cloud infrastructure provider.", + "com.github.openshift.api.console.v1.ConsoleSampleSpec": { + "description": "ConsoleSampleSpec is the desired sample for the web console. Samples will appear with their title, descriptions and a badge in a samples catalog.", "type": "object", "required": [ - "region" + "title", + "abstract", + "description", + "source" ], "properties": { - "region": { - "description": "region specifies the region for Alibaba Cloud resources created for the cluster.", + "abstract": { + "description": "abstract is a short introduction to the sample.\n\nIt is required and must be no more than 100 characters in length.\n\nThe abstract is shown on the sample card tile below the title and provider and is limited to three lines of content.", "type": "string", "default": "" }, - "resourceGroupID": { - "description": "resourceGroupID is the ID of the resource group for the cluster.", - "type": "string" + "description": { + "description": "description is a long form explanation of the sample.\n\nIt is required and can have a maximum length of **4096** characters.\n\nIt is a README.md-like content for additional information, links, pre-conditions, and other instructions. It will be rendered as Markdown so that it can contain line breaks, links, and other simple formatting.", + "type": "string", + "default": "" }, - "resourceTags": { - "description": "resourceTags is a list of additional tags to apply to Alibaba Cloud resources created for the cluster.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AlibabaCloudResourceTag" - }, - "x-kubernetes-list-map-keys": [ - "key" - ], - "x-kubernetes-list-type": "map" - } - } + "icon": { + "description": "icon is an optional base64 encoded image and shown beside the sample title.\n\nThe format must follow the data: URL format and can have a maximum size of **10 KB**.\n\n data:[][;base64],\n\nFor example:\n\n data:image;base64, plus the base64 encoded image.\n\nVector images can also be used. SVG icons must start with:\n\n data:image/svg+xml;base64, plus the base64 encoded SVG image.\n\nAll sample catalog icons will be shown on a white background (also when the dark theme is used). The web console ensures that different aspect ratios work correctly. Currently, the surface of the icon is at most 40x100px.\n\nFor more information on the data URL format, please visit https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URLs.", + "type": "string", + "default": "" + }, + "provider": { + "description": "provider is an optional label to honor who provides the sample.\n\nIt is optional and must be no more than 50 characters in length.\n\nA provider can be a company like \"Red Hat\" or an organization like \"CNCF\" or \"Knative\".\n\nCurrently, the provider is only shown on the sample card tile below the title with the prefix \"Provided by \"", + "type": "string", + "default": "" + }, + "source": { + "description": "source defines where to deploy the sample service from. The sample may be sourced from an external git repository or container image.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleSource" + }, + "tags": { + "description": "tags are optional string values that can be used to find samples in the samples catalog.\n\nExamples of common tags may be \"Java\", \"Quarkus\", etc.\n\nThey will be displayed on the samples details page.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" + }, + "title": { + "description": "title is the display name of the sample.\n\nIt is required and must be no more than 50 characters in length.", + "type": "string", + "default": "" + }, + "type": { + "description": "type is an optional label to group multiple samples.\n\nIt is optional and must be no more than 20 characters in length.\n\nRecommendation is a singular term like \"Builder Image\", \"Devfile\" or \"Serverless Function\".\n\nCurrently, the type is shown a badge on the sample card tile in the top right corner.", + "type": "string", + "default": "" + } + } }, - "com.github.openshift.api.config.v1.AlibabaCloudResourceTag": { - "description": "AlibabaCloudResourceTag is the set of tags to add to apply to resources.", + "com.github.openshift.api.console.v1.ConsoleYAMLSample": { + "description": "ConsoleYAMLSample is an extension for customizing OpenShift web console YAML samples.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "key", - "value" + "metadata", + "spec" ], "properties": { - "key": { - "description": "key is the key of the tag.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "value": { - "description": "value is the value of the tag.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleYAMLSampleSpec" } } }, - "com.github.openshift.api.config.v1.Audit": { + "com.github.openshift.api.console.v1.ConsoleYAMLSampleList": { + "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { - "customRules": { - "description": "customRules specify profiles per group. These profile take precedence over the top-level profile field if they apply. They are evaluation from top to bottom and the first one that matches, applies.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AuditCustomRule" - }, - "x-kubernetes-list-map-keys": [ - "group" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleYAMLSample" + } }, - "profile": { - "description": "profile specifies the name of the desired top-level audit profile to be applied to all requests sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, openshift-apiserver and oauth-apiserver), with the exception of those requests that match one or more of the customRules.\n\nThe following profiles are provided: - Default: default policy which means MetaData level logging with the exception of events\n (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody\n level).\n- WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens.\n\nWarning: It is not recommended to disable audit logging by using the `None` profile unless you are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. If you disable audit logging and a support situation arises, you might need to enable audit logging and reproduce the issue in order to troubleshoot properly.\n\nIf unset, the 'Default' profile is used as the default.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.config.v1.AuditConfig": { - "description": "AuditConfig holds configuration for the audit capabilities", + "com.github.openshift.api.console.v1.ConsoleYAMLSampleSpec": { + "description": "ConsoleYAMLSampleSpec is the desired YAML sample configuration. Samples will appear with their descriptions in a samples sidebar when creating a resources in the web console.", "type": "object", "required": [ - "enabled", - "auditFilePath", - "maximumFileRetentionDays", - "maximumRetainedFiles", - "maximumFileSizeMegabytes", - "policyFile", - "policyConfiguration", - "logFormat", - "webHookKubeConfig", - "webHookMode" + "targetResource", + "title", + "description", + "yaml" ], "properties": { - "auditFilePath": { - "description": "All requests coming to the apiserver will be logged to this file.", + "description": { + "description": "description of the YAML sample.", "type": "string", "default": "" }, - "enabled": { - "description": "If this flag is set, audit log will be printed in the logs. The logs contains, method, user and a requested URL.", + "snippet": { + "description": "snippet indicates that the YAML sample is not the full YAML resource definition, but a fragment that can be inserted into the existing YAML document at the user's cursor.", "type": "boolean", "default": false }, - "logFormat": { - "description": "Format of saved audits (legacy or json).", - "type": "string", - "default": "" - }, - "maximumFileRetentionDays": { - "description": "Maximum number of days to retain old log files based on the timestamp encoded in their filename.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "maximumFileSizeMegabytes": { - "description": "Maximum size in megabytes of the log file before it gets rotated. Defaults to 100MB.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "maximumRetainedFiles": { - "description": "Maximum number of old log files to retain.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "policyConfiguration": { - "description": "policyConfiguration is an embedded policy configuration object to be used as the audit policy configuration. If present, it will be used instead of the path to the policy file.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" - }, - "policyFile": { - "description": "policyFile is a path to the file that defines the audit policy configuration.", - "type": "string", - "default": "" + "targetResource": { + "description": "targetResource contains apiVersion and kind of the resource YAML sample is representating.", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.TypeMeta" }, - "webHookKubeConfig": { - "description": "Path to a .kubeconfig formatted file that defines the audit webhook configuration.", + "title": { + "description": "title of the YAML sample.", "type": "string", "default": "" }, - "webHookMode": { - "description": "Strategy for sending audit events (block or batch).", + "yaml": { + "description": "yaml is the YAML sample to display.", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.AuditCustomRule": { - "description": "AuditCustomRule describes a custom rule for an audit profile that takes precedence over the top-level profile.", + "com.github.openshift.api.console.v1.Link": { + "description": "Represents a standard link that could be generated in HTML", "type": "object", "required": [ - "group", - "profile" + "text", + "href" ], "properties": { - "group": { - "description": "group is a name of group a request user must be member of in order to this profile to apply.", + "href": { + "description": "href is the absolute URL for the link. Must use https:// for web URLs or mailto: for email links.", "type": "string", "default": "" }, - "profile": { - "description": "profile specifies the name of the desired audit policy configuration to be deployed to all OpenShift-provided API servers in the cluster.\n\nThe following profiles are provided: - Default: the existing default policy. - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens.\n\nIf unset, the 'Default' profile is used as the default.", + "text": { + "description": "text is the display text for the link", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.Authentication": { - "description": "Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.console.v1.NamespaceDashboardSpec": { + "description": "NamespaceDashboardSpec is a specification of namespaces in which the dashboard link should appear. If both namespaces and namespaceSelector are specified, the link will appear in namespaces that match either", + "type": "object", + "properties": { + "namespaceSelector": { + "description": "namespaceSelector is used to select the Namespaces that should contain dashboard link by label. If the namespace labels match, dashboard link will be shown for the namespaces.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "namespaces": { + "description": "namespaces is an array of namespace names in which the dashboard link should appear.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + } + } + }, + "com.github.openshift.api.etcd.v1alpha1.PacemakerCluster": { + "description": "PacemakerCluster represents the current state of the pacemaker cluster as reported by the pcs status command. PacemakerCluster is a cluster-scoped singleton resource. The name of this instance is \"cluster\". This resource provides a view into the health and status of a pacemaker-managed cluster in Two Node OpenShift with Fencing deployments.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "spec" + "metadata" ], "properties": { "apiVersion": { @@ -16355,25 +14815,54 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AuthenticationSpec" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", + "description": "status contains the actual pacemaker cluster status information collected from the cluster. The goal of this status is to be able to quickly identify if pacemaker is in a healthy state. In Two Node OpenShift with Fencing, a healthy pacemaker cluster has 2 nodes, both of which have healthy kubelet, etcd, and fencing resources. This field is optional on creation - the status collector populates it immediately after creating the resource via the status subresource.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AuthenticationStatus" + "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerClusterStatus" } } }, - "com.github.openshift.api.config.v1.AuthenticationList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterFencingAgentStatus": { + "description": "PacemakerClusterFencingAgentStatus represents the status of a fencing agent that can fence a node. Fencing agents are STONITH (Shoot The Other Node In The Head) devices used to isolate failed nodes. Unlike regular pacemaker resources, fencing agents are mapped to their target node (the node they can fence), not the node where their monitoring operations are scheduled.", + "type": "object", + "required": [ + "conditions", + "name", + "method" + ], + "properties": { + "conditions": { + "description": "conditions represent the observations of the fencing agent's current state. Known condition types are: \"Healthy\", \"InService\", \"Managed\", \"Enabled\", \"Operational\", \"Active\", \"Started\", \"Schedulable\". The \"Healthy\" condition is an aggregate that tracks the overall health of the fencing agent. The \"InService\" condition tracks whether the fencing agent is in service (not in maintenance mode). The \"Managed\" condition tracks whether the fencing agent is managed by pacemaker. The \"Enabled\" condition tracks whether the fencing agent is enabled. The \"Operational\" condition tracks whether the fencing agent is operational (not failed). The \"Active\" condition tracks whether the fencing agent is active (available to be used). The \"Started\" condition tracks whether the fencing agent is started. The \"Schedulable\" condition tracks whether the fencing agent is schedulable (not blocked). Each of these conditions is required, so the array must contain at least 8 items.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "method": { + "description": "method is the fencing method used by this agent. Valid values are \"Redfish\" and \"IPMI\". Redfish is a standard RESTful API for server management. IPMI (Intelligent Platform Management Interface) is a hardware management interface.\n\nPossible enum values:\n - `\"IPMI\"` uses IPMI (Intelligent Platform Management Interface), a hardware management interface.\n - `\"Redfish\"` uses Redfish, a standard RESTful API for server management.", + "type": "string", + "enum": [ + "IPMI", + "Redfish" + ] + }, + "name": { + "description": "name is the unique identifier for this fencing agent (e.g., \"master-0_redfish\"). The name must be unique within the fencingAgents array for this node. It may contain alphanumeric characters, dots, hyphens, and underscores. Maximum length is 300 characters, providing headroom beyond the typical format of _ (253 for RFC 1123 node name + 1 underscore + type).", + "type": "string" + } + } + }, + "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterList": { + "description": "PacemakerClusterList contains a list of PacemakerCluster objects. PacemakerCluster is a cluster-scoped singleton resource; only one instance named \"cluster\" may exist. This list type exists only to satisfy Kubernetes API conventions.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -16382,10 +14871,11 @@ "type": "string" }, "items": { + "description": "items is a list of PacemakerCluster objects.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Authentication" + "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerCluster" } }, "kind": { @@ -16395,298 +14885,279 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.config.v1.AuthenticationSpec": { + "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterNodeStatus": { + "description": "PacemakerClusterNodeStatus represents the status of a single node in the pacemaker cluster including the node's conditions and the health of critical resources running on that node.", "type": "object", + "required": [ + "conditions", + "nodeName", + "addresses", + "resources", + "fencingAgents" + ], "properties": { - "oauthMetadata": { - "description": "oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key \"oauthMetadata\" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "addresses": { + "description": "addresses is a list of IP addresses for the node. Pacemaker allows multiple IP addresses for Corosync communication between nodes. The first address in this list is used for IP-based peer URLs for etcd membership. Each address must be a valid global unicast IPv4 or IPv6 address in canonical form (e.g., \"192.168.1.1\" not \"192.168.001.001\", or \"2001:db8::1\" not \"2001:0db8::1\"). This excludes loopback, link-local, and multicast addresses.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerNodeAddress" + }, + "x-kubernetes-list-type": "atomic" }, - "oidcProviders": { - "description": "oidcProviders are OIDC identity providers that can issue tokens for this cluster Can only be set if \"Type\" is set to \"OIDC\".\n\nAt most one provider can be configured.", + "conditions": { + "description": "conditions represent the observations of the node's current state. Known condition types are: \"Healthy\", \"Online\", \"InService\", \"Active\", \"Ready\", \"Clean\", \"Member\", \"FencingAvailable\", \"FencingHealthy\". The \"Healthy\" condition is an aggregate that tracks the overall health of the node. The \"Online\" condition tracks whether the node is online. The \"InService\" condition tracks whether the node is in service (not in maintenance mode). The \"Active\" condition tracks whether the node is active (not in standby mode). The \"Ready\" condition tracks whether the node is ready (not in a pending state). The \"Clean\" condition tracks whether the node is in a clean (status known) state. The \"Member\" condition tracks whether the node is a member of the cluster. The \"FencingAvailable\" condition tracks whether this node can be fenced by at least one healthy agent. The \"FencingHealthy\" condition tracks whether all fencing agents for this node are healthy. Each of these conditions is required, so the array must contain at least 9 items.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OIDCProvider" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" }, "x-kubernetes-list-map-keys": [ - "name" + "type" ], "x-kubernetes-list-type": "map" }, - "serviceAccountIssuer": { - "description": "serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the previous issuer value. Instead, the tokens issued by previous service account issuer will continue to be trusted for a time period chosen by the platform (currently set to 24h). This time period is subject to change over time. This allows internal components to transition to use new service account issuer without service distruption.", - "type": "string", - "default": "" - }, - "type": { - "description": "type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth.", - "type": "string", - "default": "" + "fencingAgents": { + "description": "fencingAgents contains the status of fencing agents that can fence this node. Unlike resources (which are scheduled to run on this node), fencing agents are mapped to the node they can fence (their target), not the node where monitoring operations run. Each fencing agent entry includes a unique name, fencing type, target node, and health conditions. A node is considered fence-capable if at least one fencing agent is healthy. Expected to have 1 fencing agent per node, but up to 8 are supported for redundancy. Names must be unique within this array.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerClusterFencingAgentStatus" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "webhookTokenAuthenticator": { - "description": "webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service.\n\nCan only be set if \"Type\" is set to \"None\".", - "$ref": "#/definitions/com.github.openshift.api.config.v1.WebhookTokenAuthenticator" + "nodeName": { + "description": "nodeName is the name of the node. This is expected to match the Kubernetes node's name, which must be a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length.", + "type": "string" }, - "webhookTokenAuthenticators": { - "description": "webhookTokenAuthenticators is DEPRECATED, setting it has no effect.", + "resources": { + "description": "resources contains the status of pacemaker resources scheduled on this node. Each resource entry includes the resource name and its health conditions. For Two Node OpenShift with Fencing, we track Kubelet and Etcd resources per node. Both resources are required to be present, so the array must contain at least 2 items. Valid resource names are \"Kubelet\" and \"Etcd\". Fencing agents are tracked separately in the fencingAgents field.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.DeprecatedWebhookTokenAuthenticator" + "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerClusterResourceStatus" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.config.v1.AuthenticationStatus": { + "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterResourceStatus": { + "description": "PacemakerClusterResourceStatus represents the status of a pacemaker resource scheduled on a node. A pacemaker resource is a unit of work managed by pacemaker. In pacemaker terminology, resources are services or applications that pacemaker monitors, starts, stops, and moves between nodes to maintain high availability. For Two Node OpenShift with Fencing, we track two resources per node:\n - Kubelet (the Kubernetes node agent and a prerequisite for etcd)\n - Etcd (the distributed key-value store)\n\nFencing agents are tracked separately in the fencingAgents field because they are mapped to their target node (the node they can fence), not the node where monitoring operations are scheduled.", "type": "object", + "required": [ + "conditions", + "name" + ], "properties": { - "integratedOAuthMetadata": { - "description": "integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for the in-cluster integrated OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This contains the observed value based on cluster state. An explicitly set value in spec.oauthMetadata has precedence over this field. This field has no meaning if authentication spec.type is not set to IntegratedOAuth. The key \"oauthMetadata\" is used to locate the data. If the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config-managed.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" - }, - "oidcClients": { - "description": "oidcClients is where participating operators place the current OIDC client status for OIDC clients that can be customized by the cluster-admin.", + "conditions": { + "description": "conditions represent the observations of the resource's current state. Known condition types are: \"Healthy\", \"InService\", \"Managed\", \"Enabled\", \"Operational\", \"Active\", \"Started\", \"Schedulable\". The \"Healthy\" condition is an aggregate that tracks the overall health of the resource. The \"InService\" condition tracks whether the resource is in service (not in maintenance mode). The \"Managed\" condition tracks whether the resource is managed by pacemaker. The \"Enabled\" condition tracks whether the resource is enabled. The \"Operational\" condition tracks whether the resource is operational (not failed). The \"Active\" condition tracks whether the resource is active (available to be used). The \"Started\" condition tracks whether the resource is started. The \"Schedulable\" condition tracks whether the resource is schedulable (not blocked). Each of these conditions is required, so the array must contain at least 8 items.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OIDCClientStatus" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" }, "x-kubernetes-list-map-keys": [ - "componentNamespace", - "componentName" + "type" ], "x-kubernetes-list-type": "map" + }, + "name": { + "description": "name is the name of the pacemaker resource. Valid values are \"Kubelet\" and \"Etcd\". The Kubelet resource is a prerequisite for etcd in Two Node OpenShift with Fencing deployments. The Etcd resource may temporarily transition to stopped during pacemaker quorum-recovery operations. Fencing agents are tracked separately in the node's fencingAgents field.\n\nPossible enum values:\n - `\"Etcd\"` is the etcd pacemaker resource. The etcd resource may temporarily transition to stopped during pacemaker quorum-recovery operations.\n - `\"Kubelet\"` is the kubelet pacemaker resource. The kubelet resource is a prerequisite for etcd in Two Node OpenShift with Fencing deployments.", + "type": "string", + "enum": [ + "Etcd", + "Kubelet" + ] } } }, - "com.github.openshift.api.config.v1.AzurePlatformSpec": { - "description": "AzurePlatformSpec holds the desired state of the Azure infrastructure provider. This only includes fields that can be modified in the cluster.", - "type": "object" - }, - "com.github.openshift.api.config.v1.AzurePlatformStatus": { - "description": "AzurePlatformStatus holds the current status of the Azure infrastructure provider.", + "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterStatus": { + "description": "PacemakerClusterStatus contains the actual pacemaker cluster status information. As part of validating the status object, we need to ensure that the lastUpdated timestamp may not be set to an earlier timestamp than the current value. The validation rule checks if oldSelf has lastUpdated before comparing, to handle the initial status creation case.", "type": "object", "required": [ - "resourceGroupName" + "conditions", + "lastUpdated", + "nodes" ], "properties": { - "armEndpoint": { - "description": "armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack.", - "type": "string" - }, - "cloudLoadBalancerConfig": { - "description": "cloudLoadBalancerConfig holds configuration related to DNS and cloud load balancers. It allows configuration of in-cluster DNS as an alternative to the platform default DNS implementation. When using the ClusterHosted DNS type, Load Balancer IP addresses must be provided for the API and internal API load balancers as well as the ingress load balancer.", - "default": { - "dnsType": "PlatformDefault" + "conditions": { + "description": "conditions represent the observations of the pacemaker cluster's current state. Known condition types are: \"Healthy\", \"InService\", \"NodeCountAsExpected\". The \"Healthy\" condition is an aggregate that tracks the overall health of the cluster. The \"InService\" condition tracks whether the cluster is in service (not in maintenance mode). The \"NodeCountAsExpected\" condition tracks whether the expected number of nodes are present. Each of these conditions is required, so the array must contain at least 3 items.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" }, - "$ref": "#/definitions/com.github.openshift.api.config.v1.CloudLoadBalancerConfig" - }, - "cloudName": { - "description": "cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK with the appropriate Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`.", - "type": "string" - }, - "ipFamily": { - "description": "ipFamily specifies the IP protocol family that should be used for Azure network resources. This controls whether Azure resources are created with IPv4-only, or dual-stack networking with IPv4 or IPv6 as the primary protocol family.", - "type": "string", - "default": "IPv4" - }, - "networkResourceGroupName": { - "description": "networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster. If empty, the value is same as ResourceGroupName.", - "type": "string" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "resourceGroupName": { - "description": "resourceGroupName is the Resource Group for new Azure resources created for the cluster.", - "type": "string", - "default": "" + "lastUpdated": { + "description": "lastUpdated is the timestamp when this status was last updated. This is useful for identifying stale status reports. It must be a valid timestamp in RFC3339 format. Once set, this field cannot be removed and cannot be set to an earlier timestamp than the current value.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, - "resourceTags": { - "description": "resourceTags is a list of additional tags to apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration.", + "nodes": { + "description": "nodes provides detailed status for each control-plane node in the Pacemaker cluster. While Pacemaker supports up to 32 nodes, the limit is set to 5 (max OpenShift control-plane nodes). For Two Node OpenShift with Fencing, exactly 2 nodes are expected in a healthy cluster. An empty list indicates a catastrophic failure where Pacemaker reports no nodes.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AzureResourceTag" + "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerClusterNodeStatus" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "nodeName" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.config.v1.AzureResourceTag": { - "description": "AzureResourceTag is a tag to apply to Azure resources created for the cluster.", + "com.github.openshift.api.etcd.v1alpha1.PacemakerNodeAddress": { + "description": "PacemakerNodeAddress contains information for a node's address. This is similar to corev1.NodeAddress but adds validation for IP addresses.", "type": "object", "required": [ - "key", - "value" + "type", + "address" ], "properties": { - "key": { - "description": "key is the key part of the tag. A tag key can have a maximum of 128 characters and cannot be empty. Key must begin with a letter, end with a letter, number or underscore, and must contain only alphanumeric characters and the following special characters `_ . -`.", - "type": "string", - "default": "" + "address": { + "description": "address is the node address. For InternalIP, this must be a valid global unicast IPv4 or IPv6 address in canonical form. Canonical form means the shortest standard representation (e.g., \"192.168.1.1\" not \"192.168.001.001\", or \"2001:db8::1\" not \"2001:0db8::1\"). Maximum length is 39 characters (full IPv6 address). Global unicast includes private/RFC1918 addresses but excludes loopback, link-local, and multicast.", + "type": "string" }, - "value": { - "description": "value is the value part of the tag. A tag value can have a maximum of 256 characters and cannot be empty. Value must contain only alphanumeric characters and the following special characters `_ + , - . / : ; < = > ? @`.", + "type": { + "description": "type is the type of node address. Currently only \"InternalIP\" is supported.\n\nPossible enum values:\n - `\"InternalIP\"` is an internal IP address assigned to the node. This is typically the IP address used for intra-cluster communication.", "type": "string", - "default": "" + "enum": [ + "InternalIP" + ] } } }, - "com.github.openshift.api.config.v1.BareMetalPlatformLoadBalancer": { - "description": "BareMetalPlatformLoadBalancer defines the load balancer used by the cluster on BareMetal platform.", + "com.github.openshift.api.example.v1.CELUnion": { + "description": "CELUnion demonstrates how to use a discriminated union and how to validate it using CEL.", "type": "object", + "required": [ + "type" + ], "properties": { + "optionalMember": { + "description": "optionalMember is a union member that is optional.", + "type": "string" + }, + "requiredMember": { + "description": "requiredMember is a union member that is required.", + "type": "string" + }, "type": { - "description": "type defines the type of load balancer used by the cluster on BareMetal platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", + "description": "type determines which of the union members should be populated.", "type": "string", - "default": "OpenShiftManagedDefault" + "default": "" } }, "x-kubernetes-unions": [ { "discriminator": "type", - "fields-to-discriminateBy": {} + "fields-to-discriminateBy": { + "optionalMember": "OptionalMember", + "requiredMember": "RequiredMember" + } } ] }, - "com.github.openshift.api.config.v1.BareMetalPlatformSpec": { - "description": "BareMetalPlatformSpec holds the desired state of the BareMetal infrastructure provider. This only includes fields that can be modified in the cluster.", + "com.github.openshift.api.example.v1.EvolvingUnion": { "type": "object", + "required": [ + "type" + ], "properties": { - "apiServerInternalIPs": { - "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "ingressIPs": { - "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "machineNetworks": { - "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example \"10.0.0.0/8\" or \"fd00::/8\".", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "type": { + "description": "type is the discriminator. It has different values for Default and for TechPreviewNoUpgrade", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.BareMetalPlatformStatus": { - "description": "BareMetalPlatformStatus holds the current status of the BareMetal infrastructure provider. For more information about the network architecture used with the BareMetal platform type, see: https://github.com/openshift/installer/blob/master/docs/design/baremetal/networking-infrastructure.md", + "com.github.openshift.api.example.v1.FormatMarkerExamples": { + "description": "FormatMarkerExamples demonstrates all Kubebuilder Format markers supported as of Kubernetes 1.33. This struct provides a comprehensive reference for format marker validation. Each field uses a different format marker to validate its value.", "type": "object", - "required": [ - "apiServerInternalIPs", - "ingressIPs" - ], "properties": { - "apiServerInternalIP": { - "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", + "base64Data": { + "description": "base64Data must be valid base64-encoded data. Valid examples include aGVsbG8= (encodes \"hello\") or SGVsbG8gV29ybGQh (encodes \"Hello World!\").", "type": "string" }, - "apiServerInternalIPs": { - "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "cidrNotation": { + "description": "cidrNotation must be a valid CIDR notation IP address range. Valid examples include IPv4 CIDR (10.0.0.0/8, 192.168.1.0/24) or IPv6 CIDR (fd00::/8, 2001:db8::/32).\n\nUse of Format=cidr is not recommended due to CVE-2021-29923 and CVE-2024-24790. Instead, use the CEL expression `isCIDR(self)` to validate CIDR notation. Additionally, use `isCIDR(self) && cidr(self).ip().family() == X` to validate IPvX specifically.", + "type": "string" }, - "dnsRecordsType": { - "description": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.\n\nPossible enum values:\n - `\"External\"`\n - `\"Internal\"`", - "type": "string", - "enum": [ - "External", - "Internal" - ] + "dateField": { + "description": "dateField must be a valid date in RFC 3339 full-date format (YYYY-MM-DD). Valid examples include 2024-01-15 or 2023-12-31.", + "type": "string" }, - "ingressIP": { - "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", + "dateTimeField": { + "description": "dateTimeField must be a valid RFC 3339 date-time. Valid examples include 2024-01-15T14:30:00Z, 2024-01-15T14:30:00+00:00, or 2024-01-15T14:30:00.123Z.", "type": "string" }, - "ingressIPs": { - "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "durationField": { + "description": "durationField must be a valid duration string parseable by Go's time.ParseDuration. Valid time units are ns, us (or µs), ms, s, m, h. Valid examples include 30s, 5m, 1h30m, 100ms, or 1h.", + "type": "string" }, - "loadBalancer": { - "description": "loadBalancer defines how the load balancer used by the cluster is configured.", - "default": { - "type": "OpenShiftManagedDefault" - }, - "$ref": "#/definitions/com.github.openshift.api.config.v1.BareMetalPlatformLoadBalancer" + "emailAddress": { + "description": "emailAddress must be a valid email address. Valid examples include user@example.com or firstname.lastname@company.co.uk.", + "type": "string" }, - "machineNetworks": { - "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "hostnameField": { + "description": "hostnameField must be a valid Internet hostname per RFC 1034. Valid examples include example.com, api.example.com, or my-service.", + "type": "string" }, - "nodeDNSIP": { - "description": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", + "ipv4Address": { + "description": "ipv4Address must be a valid IPv4 address in dotted-quad notation. Valid values range from 0.0.0.0 to 255.255.255.255 (e.g., 192.168.1.1).\n\nUse of Format=ipv4 is not recommended due to CVE-2021-29923 and CVE-2024-24790. Instead, use the CEL expression `isIP(self) && ip(self).family() == 4` to validate IPv4 addresses.", "type": "string" - } - } - }, - "com.github.openshift.api.config.v1.BasicAuthIdentityProvider": { - "description": "BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials", - "type": "object", - "required": [ - "url" - ], - "properties": { - "ca": { - "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "tlsClientCert": { - "description": "tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key \"tls.crt\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "ipv6Address": { + "description": "ipv6Address must be a valid IPv6 address. Valid examples include full form (2001:0db8:0000:0000:0000:0000:0000:0001) or compressed form (2001:db8::1 or ::1).\n\nUse of Format=ipv6 is not recommended due to CVE-2021-29923 and CVE-2024-24790. Instead, use the CEL expression `isIP(self) && ip(self).family() == 6` to validate IPv6 addresses.", + "type": "string" }, - "tlsClientKey": { - "description": "tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key \"tls.key\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "macAddress": { + "description": "macAddress must be a valid MAC address. Valid examples include 00:1A:2B:3C:4D:5E or 00-1A-2B-3C-4D-5E.", + "type": "string" }, - "url": { - "description": "url is the remote URL to connect to", - "type": "string", - "default": "" + "passwordField": { + "description": "passwordField is a marker for sensitive data. Note that the password format marker does not perform any actual validation - it accepts any string value. This marker is primarily used to signal that the field contains sensitive information.", + "type": "string" + }, + "uriField": { + "description": "uriField must be a valid URI following RFC 3986 syntax. Valid examples include https://example.com/path?query=value or /absolute-path.", + "type": "string" + }, + "uuid3Field": { + "description": "uuid3Field must be a valid UUID version 3 (MD5 hash-based). Version 3 UUIDs are generated using MD5 hashing of a namespace and name. Valid example: a3bb189e-8bf9-3888-9912-ace4e6543002.", + "type": "string" + }, + "uuid4Field": { + "description": "uuid4Field must be a valid UUID version 4 (random). Version 4 UUIDs are randomly generated. Valid example: 550e8400-e29b-41d4-a716-446655440000.", + "type": "string" + }, + "uuid5Field": { + "description": "uuid5Field must be a valid UUID version 5 (SHA-1 hash-based). Version 5 UUIDs are generated using SHA-1 hashing of a namespace and name. Valid example: 74738ff5-5367-5958-9aee-98fffdcd1876.", + "type": "string" + }, + "uuidField": { + "description": "uuidField must be a valid UUID (any version) in 8-4-4-4-12 format. Valid examples include 550e8400-e29b-41d4-a716-446655440000 or 123e4567-e89b-12d3-a456-426614174000.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.Build": { - "description": "Build configures the behavior of OpenShift builds for the entire cluster. This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds.\n\nThe canonical name is \"cluster\"\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.example.v1.StableConfigType": { + "description": "StableConfigType is a stable config type that may include TechPreviewNoUpgrade fields.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -16699,54 +15170,24 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec holds user-settable values for the build controller configuration", + "description": "spec is the specification of the desired behavior of the StableConfigType.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.BuildSpec" - } - } - }, - "com.github.openshift.api.config.v1.BuildDefaults": { - "type": "object", - "properties": { - "defaultProxy": { - "description": "defaultProxy contains the default proxy settings for all build operations, including image pull/push and source download.\n\nValues can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables in the build config's strategy.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.ProxySpec" - }, - "env": { - "description": "env is a set of default environment variables that will be applied to the build if the specified variables do not exist on the build", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" - } - }, - "gitProxy": { - "description": "gitProxy contains the proxy settings for git operations only. If set, this will override any Proxy settings for all git commands, such as git clone.\n\nValues that are not set here will be inherited from DefaultProxy.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.ProxySpec" - }, - "imageLabels": { - "description": "imageLabels is a list of docker labels that are applied to the resulting image. User can override a default label by providing a label with the same name in their Build/BuildConfig.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageLabel" - } + "$ref": "#/definitions/com.github.openshift.api.example.v1.StableConfigTypeSpec" }, - "resources": { - "description": "resources defines resource requirements to execute the build.", + "status": { + "description": "status is the most recently observed status of the StableConfigType.", "default": {}, - "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.example.v1.StableConfigTypeStatus" } } }, - "com.github.openshift.api.config.v1.BuildList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.example.v1.StableConfigTypeList": { + "description": "StableConfigTypeList contains a list of StableConfigTypes.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -16758,7 +15199,7 @@ "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Build" + "$ref": "#/definitions/com.github.openshift.api.example.v1.StableConfigType" } }, "kind": { @@ -16768,207 +15209,137 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.config.v1.BuildOverrides": { + "com.github.openshift.api.example.v1.StableConfigTypeSpec": { + "description": "StableConfigTypeSpec is the desired state", "type": "object", + "required": [ + "immutableField" + ], "properties": { - "forcePull": { - "description": "forcePull overrides, if set, the equivalent value in the builds, i.e. false disables force pull for all builds, true enables force pull for all builds, independently of what each build specifies itself", - "type": "boolean" + "celUnion": { + "description": "celUnion demonstrates how to validate a discrminated union using CEL", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.example.v1.CELUnion" }, - "imageLabels": { - "description": "imageLabels is a list of docker labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten.", + "coolNewField": { + "description": "coolNewField is a field that is for tech preview only. On normal clusters this shouldn't be present", + "type": "string", + "default": "" + }, + "evolvingCollection": { + "description": "evolvingCollection demonstrates how to have a collection where the maximum number of items varies on cluster type. For default clusters, this will be \"1\" but on TechPreview clusters, this value will be \"3\".", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageLabel" - } - }, - "nodeSelector": { - "description": "nodeSelector is a selector which must be true for the build pod to fit on a node", - "type": "object", - "additionalProperties": { "type": "string", "default": "" - } - }, - "tolerations": { - "description": "tolerations is a list of Tolerations that will override any existing tolerations set on a build pod.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" - } - } - } - }, - "com.github.openshift.api.config.v1.BuildSpec": { - "type": "object", - "properties": { - "additionalTrustedCA": { - "description": "additionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted for image pushes and pulls during builds. The namespace for this config map is openshift-config.\n\nDEPRECATED: Additional CAs for image pull and push should be set on image.config.openshift.io/cluster instead.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + }, + "x-kubernetes-list-type": "atomic" }, - "buildDefaults": { - "description": "buildDefaults controls the default information for Builds", + "evolvingUnion": { + "description": "evolvingUnion demonstrates how to phase in new values into discriminated union", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.BuildDefaults" + "$ref": "#/definitions/com.github.openshift.api.example.v1.EvolvingUnion" }, - "buildOverrides": { - "description": "buildOverrides controls override settings for builds", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.BuildOverrides" - } - } - }, - "com.github.openshift.api.config.v1.CertInfo": { - "description": "CertInfo relates a certificate with a private key", - "type": "object", - "required": [ - "certFile", - "keyFile" - ], - "properties": { - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" + "formatMarkerExamples": { + "description": "formatMarkerExamples demonstrates all Kubebuilder Format markers supported as of Kubernetes 1.33. This field serves as a comprehensive reference for format marker validation.", + "$ref": "#/definitions/com.github.openshift.api.example.v1.FormatMarkerExamples" }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.config.v1.ClientConnectionOverrides": { - "type": "object", - "required": [ - "acceptContentTypes", - "contentType", - "qps", - "burst" - ], - "properties": { - "acceptContentTypes": { - "description": "acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the default value of 'application/json'. This field will control all connections to the server used by a particular client.", + "immutableField": { + "description": "immutableField is a field that is immutable once the object has been created. It is required at all times.", "type": "string", "default": "" }, - "burst": { - "description": "burst allows extra queries to accumulate when a client is exceeding its rate.", + "nonZeroDefault": { + "description": "nonZeroDefault is a demonstration of creating an integer field that has a non zero default. It required two default tags (one for CRD generation, one for client generation) and must have `omitempty` and be optional. A minimum value is added to demonstrate that a zero value would not be accepted.", "type": "integer", "format": "int32", - "default": 0 + "default": 8 }, - "contentType": { - "description": "contentType is the content type used when sending data to the server from this client.", + "optionalImmutableField": { + "description": "optionalImmutableField is a field that is immutable once set. It is optional but may not be changed once set.", "type": "string", "default": "" }, - "qps": { - "description": "qps controls the number of queries per second allowed for this connection.", - "type": "number", - "format": "float", - "default": 0 - } - } - }, - "com.github.openshift.api.config.v1.CloudControllerManagerStatus": { - "description": "CloudControllerManagerStatus holds the state of Cloud Controller Manager (a.k.a. CCM or CPI) related settings", - "type": "object", - "properties": { - "state": { - "description": "state determines whether or not an external Cloud Controller Manager is expected to be installed within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager\n\nValid values are \"External\", \"None\" and omitted. When set to \"External\", new nodes will be tainted as uninitialized when created, preventing them from running workloads until they are initialized by the cloud controller manager. When omitted or set to \"None\", new nodes will be not tainted and no extra initialization from the cloud controller manager is expected.", + "set": { + "description": "set demonstrates how to define and validate set of strings", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "stableField": { + "description": "stableField is a field that is present on default clusters and on tech preview clusters\n\nIf empty, the platform will choose a good default, which may change over time without notice.", "type": "string", "default": "" + }, + "subdomainNameField": { + "description": "subdomainNameField represents a kubenetes name field. The intention is that it validates the name in the same way metadata.Name is validated. That is, it is a DNS-1123 subdomain.", + "type": "string" + }, + "subnetsWithExclusions": { + "description": "subnetsWithExclusions demonstrates how to validate a list of subnets with exclusions", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.example.v1.SubnetsWithExclusions" } } }, - "com.github.openshift.api.config.v1.CloudLoadBalancerConfig": { - "description": "CloudLoadBalancerConfig contains an union discriminator indicating the type of DNS solution in use within the cluster. When the DNSType is `ClusterHosted`, the cloud's Load Balancer configuration needs to be provided so that the DNS solution hosted within the cluster can be configured with those values.", + "com.github.openshift.api.example.v1.StableConfigTypeStatus": { + "description": "StableConfigTypeStatus defines the observed status of the StableConfigType.", "type": "object", "properties": { - "clusterHosted": { - "description": "clusterHosted holds the IP addresses of API, API-Int and Ingress Load Balancers on Cloud Platforms. The DNS solution hosted within the cluster use these IP addresses to provide resolution for API, API-Int and Ingress services.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.CloudLoadBalancerIPs" + "conditions": { + "description": "Represents the observations of a foo's current state. Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "dnsType": { - "description": "dnsType indicates the type of DNS solution in use within the cluster. Its default value of `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform. It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode, the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed. The cluster's use of the cloud's Load Balancers is unaffected by this setting. The value is immutable after it has been set at install time. Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS. Enabling this functionality allows the user to start their own DNS solution outside the cluster after installation is complete. The customer would be responsible for configuring this custom DNS solution, and it can be run in addition to the in-cluster DNS solution.", - "type": "string", - "default": "PlatformDefault" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "dnsType", - "fields-to-discriminateBy": { - "clusterHosted": "ClusterHosted" - } + "immutableField": { + "description": "immutableField is a field that is immutable once the object has been created. It is required at all times.", + "type": "string" } - ] + } }, - "com.github.openshift.api.config.v1.CloudLoadBalancerIPs": { - "description": "CloudLoadBalancerIPs contains the Load Balancer IPs for the cloud's API, API-Int and Ingress Load balancers. They will be populated as soon as the respective Load Balancers have been configured. These values are utilized to configure the DNS solution hosted within the cluster.", + "com.github.openshift.api.example.v1.SubnetsWithExclusions": { + "description": "SubnetsWithExclusions is used to validate a list of subnets with exclusions. It demonstrates how exclusions should be validated as subnetworks of the networks listed in the subnets field.", "type": "object", + "required": [ + "subnets" + ], "properties": { - "apiIntLoadBalancerIPs": { - "description": "apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service. These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses. Entries in the apiIntLoadBalancerIPs must be unique. A maximum of 16 IP addresses are permitted.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" - }, - "apiLoadBalancerIPs": { - "description": "apiLoadBalancerIPs holds Load Balancer IPs for the API service. These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses. Could be empty for private clusters. Entries in the apiLoadBalancerIPs must be unique. A maximum of 16 IP addresses are permitted.", + "excludeSubnets": { + "description": "excludeSubnets is a list of CIDR exclusions. The subnets in this list must be subnetworks of the subnets in the subnets list.", "type": "array", "items": { "type": "string", "default": "" }, - "x-kubernetes-list-type": "set" + "x-kubernetes-list-type": "atomic" }, - "ingressLoadBalancerIPs": { - "description": "ingressLoadBalancerIPs holds IPs for Ingress Load Balancers. These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses. Entries in the ingressLoadBalancerIPs must be unique. A maximum of 16 IP addresses are permitted.", + "subnets": { + "description": "subnets is a list of subnets. It may contain up to 2 subnets. The list may be either 1 IPv4 subnet, 1 IPv6 subnet, or 1 of each.", "type": "array", "items": { "type": "string", "default": "" }, - "x-kubernetes-list-type": "set" - } - } - }, - "com.github.openshift.api.config.v1.ClusterCondition": { - "description": "ClusterCondition is a union of typed cluster conditions. The 'type' property determines which of the type-specific properties are relevant. When evaluated on a cluster, the condition may match, not match, or fail to evaluate.", - "type": "object", - "required": [ - "type" - ], - "properties": { - "promql": { - "description": "promql represents a cluster condition based on PromQL.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.PromQLClusterCondition" - }, - "type": { - "description": "type represents the cluster-condition type. This defines the members and semantics of any additional properties.", - "type": "string", - "default": "" + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.config.v1.ClusterImagePolicy": { - "description": "ClusterImagePolicy holds cluster-wide configuration for image signature verification\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.example.v1alpha1.NotStableConfigType": { + "description": "NotStableConfigType is a stable config type that is TechPreviewNoUpgrade only.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", - "required": [ - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -16981,25 +15352,24 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec contains the configuration for the cluster image policy.", + "description": "spec is the specification of the desired behavior of the NotStableConfigType.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterImagePolicySpec" + "$ref": "#/definitions/com.github.openshift.api.example.v1alpha1.NotStableConfigTypeSpec" }, "status": { - "description": "status contains the observed state of the resource.", + "description": "status is the most recently observed status of the NotStableConfigType.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterImagePolicyStatus" + "$ref": "#/definitions/com.github.openshift.api.example.v1alpha1.NotStableConfigTypeStatus" } } }, - "com.github.openshift.api.config.v1.ClusterImagePolicyList": { - "description": "ClusterImagePolicyList is a list of ClusterImagePolicy resources\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.example.v1alpha1.NotStableConfigTypeList": { + "description": "NotStableConfigTypeList contains a list of NotStableConfigTypes.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -17008,11 +15378,10 @@ "type": "string" }, "items": { - "description": "items is a list of ClusterImagePolices", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterImagePolicy" + "$ref": "#/definitions/com.github.openshift.api.example.v1alpha1.NotStableConfigType" } }, "kind": { @@ -17022,43 +15391,34 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.config.v1.ClusterImagePolicySpec": { - "description": "CLusterImagePolicySpec is the specification of the ClusterImagePolicy custom resource.", + "com.github.openshift.api.example.v1alpha1.NotStableConfigTypeSpec": { + "description": "NotStableConfigTypeSpec is the desired state", "type": "object", "required": [ - "scopes", - "policy" + "newField" ], "properties": { - "policy": { - "description": "policy is a required field that contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy" - }, - "scopes": { - "description": "scopes is a required field that defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. This support no more than 256 scopes in one object. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" + "newField": { + "description": "newField is a field that is tech preview, but because the entire type is gated, there is no marker on the field.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.ClusterImagePolicyStatus": { + "com.github.openshift.api.example.v1alpha1.NotStableConfigTypeStatus": { + "description": "NotStableConfigTypeStatus defines the observed status of the NotStableConfigType.", "type": "object", "properties": { "conditions": { - "description": "conditions provide details on the status of this API Resource.", + "description": "Represents the observations of a foo's current state. Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" }, "x-kubernetes-list-map-keys": [ "type" @@ -17067,30 +15427,61 @@ } } }, - "com.github.openshift.api.config.v1.ClusterNetworkEntry": { - "description": "ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated.", + "com.github.openshift.api.helm.v1beta1.ConnectionConfig": { "type": "object", "required": [ - "cidr" + "url" ], "properties": { - "cidr": { - "description": "The complete block for pod IPs.", + "ca": { + "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca-bundle.crt\" is used to locate the data. If empty, the default system roots are used. The namespace for this config map is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + }, + "tlsClientConfig": { + "description": "tlsClientConfig is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate and private key to present when connecting to the server. The key \"tls.crt\" is used to locate the client certificate. The key \"tls.key\" is used to locate the private key. The namespace for this secret is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + }, + "url": { + "description": "Chart repository URL", "type": "string", "default": "" + } + } + }, + "com.github.openshift.api.helm.v1beta1.ConnectionConfigNamespaceScoped": { + "type": "object", + "required": [ + "url" + ], + "properties": { + "basicAuthConfig": { + "description": "basicAuthConfig is an optional reference to a secret by name that contains the basic authentication credentials to present when connecting to the server. The key \"username\" is used locate the username. The key \"password\" is used to locate the password. The namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" }, - "hostPrefix": { - "description": "The size (prefix) of block to allocate to each node. If this field is not used by the plugin, it can be left unset.", - "type": "integer", - "format": "int64" + "ca": { + "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca-bundle.crt\" is used to locate the data. If empty, the default system roots are used. The namespace for this configmap must be same as the namespace where the project helm chart repository is getting instantiated.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + }, + "tlsClientConfig": { + "description": "tlsClientConfig is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate and private key to present when connecting to the server. The key \"tls.crt\" is used to locate the client certificate. The key \"tls.key\" is used to locate the private key. The namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + }, + "url": { + "description": "Chart repository URL", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.ClusterOperator": { - "description": "ClusterOperator holds the status of a core or optional OpenShift component managed by the Cluster Version Operator (CVO). This object is used by operators to convey their state to the rest of the cluster. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.helm.v1beta1.HelmChartRepository": { + "description": "HelmChartRepository holds cluster-wide configuration for proxied Helm chart repository\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "metadata", "spec" ], "properties": { @@ -17105,22 +15496,22 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec holds configuration that could apply to any operator.", + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterOperatorSpec" + "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.HelmChartRepositorySpec" }, "status": { - "description": "status holds the information about the state of an operator. It is consistent with status information across the Kubernetes ecosystem.", + "description": "Observed status of the repository within the cluster..", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterOperatorStatus" + "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.HelmChartRepositoryStatus" } } }, - "com.github.openshift.api.config.v1.ClusterOperatorList": { - "description": "ClusterOperatorList is a list of OperatorStatus resources.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.helm.v1beta1.HelmChartRepositoryList": { + "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "metadata", @@ -17135,7 +15526,7 @@ "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterOperator" + "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.HelmChartRepository" } }, "kind": { @@ -17145,89 +15536,55 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.config.v1.ClusterOperatorSpec": { - "description": "ClusterOperatorSpec is empty for now, but you could imagine holding information like \"pause\".", - "type": "object" - }, - "com.github.openshift.api.config.v1.ClusterOperatorStatus": { - "description": "ClusterOperatorStatus provides information about the status of the operator.", + "com.github.openshift.api.helm.v1beta1.HelmChartRepositorySpec": { + "description": "Helm chart repository exposed within the cluster", "type": "object", + "required": [ + "connectionConfig" + ], "properties": { - "conditions": { - "description": "conditions describes the state of the operator's managed and monitored components.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterOperatorStatusCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + "connectionConfig": { + "description": "Required configuration for connecting to the chart repo", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.ConnectionConfig" }, - "extension": { - "description": "extension contains any additional status information specific to the operator which owns this status object.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "description": { + "description": "Optional human readable repository description, it can be used by UI for displaying purposes", + "type": "string" }, - "relatedObjects": { - "description": "relatedObjects is a list of objects that are \"interesting\" or related to this operator. Common uses are: 1. the detailed resource driving the operator 2. operator namespaces 3. operand namespaces", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ObjectReference" - } + "disabled": { + "description": "If set to true, disable the repo usage in the cluster/namespace", + "type": "boolean" }, - "versions": { - "description": "versions is a slice of operator and operand version tuples. Operators which manage multiple operands will have multiple operand entries in the array. Available operators must report the version of the operator itself with the name \"operator\". An operator reports a new \"operator\" version when it has rolled out the new version to all of its operands.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OperandVersion" - } + "name": { + "description": "Optional associated human readable repository name, it can be used by UI for displaying purposes", + "type": "string" } } }, - "com.github.openshift.api.config.v1.ClusterOperatorStatusCondition": { - "description": "ClusterOperatorStatusCondition represents the state of the operator's managed and monitored components.", + "com.github.openshift.api.helm.v1beta1.HelmChartRepositoryStatus": { "type": "object", - "required": [ - "type", - "status", - "lastTransitionTime" - ], "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the time of the last update to the current status property.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "message": { - "description": "message provides additional information about the current condition. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.", - "type": "string" - }, - "reason": { - "description": "reason is the CamelCase reason for the condition's current status.", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "type": "string", - "default": "" - }, - "type": { - "description": "type specifies the aspect reported by this condition.", - "type": "string", - "default": "" + "conditions": { + "description": "conditions is a list of conditions and their statuses", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.config.v1.ClusterVersion": { - "description": "ClusterVersion is the configuration for the ClusterVersionOperator. This is where parameters related to automatic updates can be set.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.helm.v1beta1.ProjectHelmChartRepository": { + "description": "ProjectHelmChartRepository holds namespace-wide configuration for proxied Helm chart repository\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "spec" @@ -17244,65 +15601,22 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec is the desired state of the cluster version - the operator will work to ensure that the desired version is applied to the cluster.", + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterVersionSpec" + "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.ProjectHelmChartRepositorySpec" }, "status": { - "description": "status contains information about the available updates and any in-progress updates.", + "description": "Observed status of the repository within the namespace..", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterVersionStatus" - } - } - }, - "com.github.openshift.api.config.v1.ClusterVersionCapabilitiesSpec": { - "description": "ClusterVersionCapabilitiesSpec selects the managed set of optional, core cluster components.", - "type": "object", - "properties": { - "additionalEnabledCapabilities": { - "description": "additionalEnabledCapabilities extends the set of managed capabilities beyond the baseline defined in baselineCapabilitySet. The default is an empty set.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "baselineCapabilitySet": { - "description": "baselineCapabilitySet selects an initial set of optional capabilities to enable, which can be extended via additionalEnabledCapabilities. If unset, the cluster will choose a default, and the default may change over time. The current default is vCurrent.", - "type": "string" - } - } - }, - "com.github.openshift.api.config.v1.ClusterVersionCapabilitiesStatus": { - "description": "ClusterVersionCapabilitiesStatus describes the state of optional, core cluster components.", - "type": "object", - "properties": { - "enabledCapabilities": { - "description": "enabledCapabilities lists all the capabilities that are currently managed.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "knownCapabilities": { - "description": "knownCapabilities lists all the capabilities known to the current cluster.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.HelmChartRepositoryStatus" } } }, - "com.github.openshift.api.config.v1.ClusterVersionList": { - "description": "ClusterVersionList is a list of ClusterVersion resources.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.helm.v1beta1.ProjectHelmChartRepositoryList": { + "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "metadata", @@ -17317,7 +15631,7 @@ "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterVersion" + "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.ProjectHelmChartRepository" } }, "kind": { @@ -17327,420 +15641,449 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.config.v1.ClusterVersionSpec": { - "description": "ClusterVersionSpec is the desired version state of the cluster. It includes the version the cluster should be at, how the cluster is identified, and where the cluster should look for version updates.", + "com.github.openshift.api.helm.v1beta1.ProjectHelmChartRepositorySpec": { + "description": "Project Helm chart repository exposed within a namespace", "type": "object", "required": [ - "clusterID" + "connectionConfig" ], "properties": { - "capabilities": { - "description": "capabilities configures the installation of optional, core cluster components. A null value here is identical to an empty object; see the child properties for default semantics.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterVersionCapabilitiesSpec" + "connectionConfig": { + "description": "Required configuration for connecting to the chart repo", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.ConnectionConfigNamespaceScoped" }, - "channel": { - "description": "channel is an identifier for explicitly requesting a non-default set of updates to be applied to this cluster. The default channel will contain stable updates that are appropriate for production clusters.", + "description": { + "description": "Optional human readable repository description, it can be used by UI for displaying purposes", "type": "string" }, - "clusterID": { - "description": "clusterID uniquely identifies this cluster. This is expected to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in hexadecimal values). This is a required field.", + "disabled": { + "description": "If set to true, disable the repo usage in the namespace", + "type": "boolean" + }, + "name": { + "description": "Optional associated human readable repository name, it can be used by UI for displaying purposes", + "type": "string" + } + } + }, + "com.github.openshift.api.image.v1.DockerImageReference": { + "description": "DockerImageReference points to a container image.", + "type": "object", + "required": [ + "Registry", + "Namespace", + "Name", + "Tag", + "ID" + ], + "properties": { + "ID": { + "description": "ID is the identifier for the container image", "type": "string", "default": "" }, - "desiredUpdate": { - "description": "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail.\n\nSome of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. The version extracted from the referenced image must match the specified version. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error.\n\nIf an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted if the previous version is within the current minor version. Not all rollbacks will succeed, and some may unrecoverably break the cluster.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.Update" + "Name": { + "description": "Name is the name of the container image", + "type": "string", + "default": "" }, - "overrides": { - "description": "overrides is list of overides for components that are managed by cluster version operator. Marking a component unmanaged will prevent the operator from creating or updating the object.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ComponentOverride" - }, - "x-kubernetes-list-map-keys": [ - "kind", - "group", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" + "Namespace": { + "description": "Namespace is the namespace that contains the container image", + "type": "string", + "default": "" }, - "signatureStores": { - "description": "signatureStores contains the upstream URIs to verify release signatures and optional reference to a config map by name containing the PEM-encoded CA bundle.\n\nBy default, CVO will use existing signature stores if this property is empty. The CVO will check the release signatures in the local ConfigMaps first. It will search for a valid signature in these stores in parallel only when local ConfigMaps did not include a valid signature. Validation will fail if none of the signature stores reply with valid signature before timeout. Setting signatureStores will replace the default signature stores with custom signature stores. Default stores can be used with custom signature stores by adding them manually.\n\nA maximum of 32 signature stores may be configured.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SignatureStore" - }, - "x-kubernetes-list-map-keys": [ - "url" - ], - "x-kubernetes-list-type": "map" + "Registry": { + "description": "Registry is the registry that contains the container image", + "type": "string", + "default": "" }, - "upstream": { - "description": "upstream may be used to specify the preferred update server. By default it will use the appropriate update server for the cluster and region.", - "type": "string" + "Tag": { + "description": "Tag is which tag of the container image is being referenced", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.ClusterVersionStatus": { - "description": "ClusterVersionStatus reports the status of the cluster versioning, including any upgrades that are in progress. The current field will be set to whichever version the cluster is reconciling to, and the conditions array will report whether the update succeeded, is in progress, or is failing.", + "com.github.openshift.api.image.v1.Image": { + "description": "Image is an immutable representation of a container image and its metadata at a point in time. Images are named by taking a hash of their contents (metadata and content) and any change in format, content, or metadata results in a new name. The images resource is primarily for use by cluster administrators and integrations like the cluster image registry - end users, instead, access images via the imagestreamtags or imagestreamimages resources. While image metadata is stored in the API, any integration that implements the container image registry API must provide its own storage for the raw manifest data, image config, and layer contents.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "desired", - "observedGeneration", - "versionHash", - "availableUpdates" - ], "properties": { - "availableUpdates": { - "description": "availableUpdates contains updates recommended for this cluster. Updates which appear in conditionalUpdates but not in availableUpdates may expose this cluster to known issues. This list may be empty if no updates are recommended, if the update service is unavailable, or if an invalid channel has been specified.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "dockerImageConfig": { + "description": "dockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. Will not be set when the image represents a manifest list.", + "type": "string" + }, + "dockerImageLayers": { + "description": "dockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Release" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageLayer" + } }, - "capabilities": { - "description": "capabilities describes the state of optional, core cluster components.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterVersionCapabilitiesStatus" + "dockerImageManifest": { + "description": "dockerImageManifest is the raw JSON of the manifest", + "type": "string" }, - "conditionalUpdateRisks": { - "description": "conditionalUpdateRisks contains the list of risks associated with conditionalUpdates. When performing a conditional update, all its associated risks will be compared with the set of accepted risks in the spec.desiredUpdate.acceptRisks field. If all risks for a conditional update are included in the spec.desiredUpdate.acceptRisks set, the conditional update can proceed, otherwise it is blocked. The risk names in the list must be unique. conditionalUpdateRisks must not contain more than 500 entries.", + "dockerImageManifestMediaType": { + "description": "dockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2.", + "type": "string" + }, + "dockerImageManifests": { + "description": "dockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConditionalUpdateRisk" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageManifest" + } }, - "conditionalUpdates": { - "description": "conditionalUpdates contains the list of updates that may be recommended for this cluster if it meets specific required conditions. Consumers interested in the set of updates that are actually recommended for this cluster should use availableUpdates. This list may be empty if no updates are recommended, if the update service is unavailable, or if an empty or invalid channel has been specified.", + "dockerImageMetadata": { + "description": "dockerImageMetadata contains metadata about this image", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension", + "x-kubernetes-patch-strategy": "replace" + }, + "dockerImageMetadataVersion": { + "description": "dockerImageMetadataVersion conveys the version of the object, which if empty defaults to \"1.0\"", + "type": "string" + }, + "dockerImageReference": { + "description": "dockerImageReference is the string that can be used to pull this image.", + "type": "string" + }, + "dockerImageSignatures": { + "description": "dockerImageSignatures provides the signatures as opaque blobs. This is a part of manifest schema v1.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConditionalUpdate" - }, - "x-kubernetes-list-type": "atomic" + "type": "string", + "format": "byte" + } }, - "conditions": { - "description": "conditions provides information about the cluster version. The condition \"Available\" is set to true if the desiredUpdate has been reached. The condition \"Progressing\" is set to true if an update is being applied. The condition \"Degraded\" is set to true if an update is currently blocked by a temporary or permanent error. Conditions are only valid for the current desiredUpdate when metadata.generation is equal to status.generation.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "signatures": { + "description": "signatures holds all signatures of the image.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterOperatorStatusCondition" + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageSignature" }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-merge-key": "name", "x-kubernetes-patch-strategy": "merge" + } + } + }, + "com.github.openshift.api.image.v1.ImageBlobReferences": { + "description": "ImageBlobReferences describes the blob references within an image.", + "type": "object", + "properties": { + "config": { + "description": "config, if set, is the blob that contains the image config. Some images do not have separate config blobs and this field will be set to nil if so.", + "type": "string" }, - "desired": { - "description": "desired is the version that the cluster is reconciling towards. If the cluster is not yet fully initialized desired will be set with the information available, which may be an image or a tag.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Release" + "imageMissing": { + "description": "imageMissing is true if the image is referenced by the image stream but the image object has been deleted from the API by an administrator. When this field is set, layers and config fields may be empty and callers that depend on the image metadata should consider the image to be unavailable for download or viewing.", + "type": "boolean", + "default": false }, - "history": { - "description": "history contains a list of the most recent versions applied to the cluster. This value may be empty during cluster startup, and then will be updated when a new update is being applied. The newest update is first in the list and it is ordered by recency. Updates in the history have state Completed if the rollout completed - if an update was failing or halfway applied the state will be Partial. Only a limited amount of update history is preserved.", + "layers": { + "description": "layers is the list of blobs that compose this image, from base layer to top layer. All layers referenced by this array will be defined in the blobs map. Some images may have zero layers.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.UpdateHistory" - }, - "x-kubernetes-list-type": "atomic" - }, - "observedGeneration": { - "description": "observedGeneration reports which version of the spec is being synced. If this value is not equal to metadata.generation, then the desired and conditions fields may represent a previous version.", - "type": "integer", - "format": "int64", - "default": 0 + "type": "string", + "default": "" + } }, - "versionHash": { - "description": "versionHash is a fingerprint of the content that the cluster will be updated with. It is used by the operator to avoid unnecessary work and is for internal use only.", - "type": "string", - "default": "" + "manifests": { + "description": "manifests is the list of other image names that this image points to. For a single architecture image, it is empty. For a multi-arch image, it consists of the digests of single architecture images, such images shouldn't have layers nor config.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.config.v1.ComponentOverride": { - "description": "ComponentOverride allows overriding cluster version operator's behavior for a component.", + "com.github.openshift.api.image.v1.ImageImportSpec": { + "description": "ImageImportSpec describes a request to import a specific image.", "type": "object", "required": [ - "kind", - "group", - "namespace", - "name", - "unmanaged" + "from" ], "properties": { - "group": { - "description": "group identifies the API group that the kind is in.", - "type": "string", - "default": "" + "from": { + "description": "from is the source of an image to import; only kind DockerImage is allowed", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" }, - "kind": { - "description": "kind indentifies which object to override.", - "type": "string", - "default": "" + "importPolicy": { + "description": "importPolicy is the policy controlling how the image is imported", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.TagImportPolicy" }, - "name": { - "description": "name is the component's name.", - "type": "string", - "default": "" + "includeManifest": { + "description": "includeManifest determines if the manifest for each image is returned in the response", + "type": "boolean" }, - "namespace": { - "description": "namespace is the component's namespace. If the resource is cluster scoped, the namespace should be empty.", - "type": "string", - "default": "" + "referencePolicy": { + "description": "referencePolicy defines how other components should consume the image", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.TagReferencePolicy" }, - "unmanaged": { - "description": "unmanaged controls if cluster version operator should stop managing the resources in this cluster. Default: false", - "type": "boolean", - "default": false + "to": { + "description": "to is a tag in the current image stream to assign the imported image to, if name is not specified the default tag from from.name will be used", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" } } }, - "com.github.openshift.api.config.v1.ComponentRouteSpec": { - "description": "ComponentRouteSpec allows for configuration of a route's hostname and serving certificate.", + "com.github.openshift.api.image.v1.ImageImportStatus": { + "description": "ImageImportStatus describes the result of an image import.", + "type": "object", + "required": [ + "status" + ], + "properties": { + "image": { + "description": "image is the metadata of that image, if the image was located", + "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" + }, + "manifests": { + "description": "manifests holds sub-manifests metadata when importing a manifest list", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" + } + }, + "status": { + "description": "status is the status of the image import, including errors encountered while retrieving the image", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + }, + "tag": { + "description": "tag is the tag this image was located under, if any", + "type": "string" + } + } + }, + "com.github.openshift.api.image.v1.ImageLayer": { + "description": "ImageLayer represents a single layer of the image. Some images may have multiple layers. Some may have none.", "type": "object", "required": [ - "namespace", "name", - "hostname" + "size", + "mediaType" ], "properties": { - "hostname": { - "description": "hostname is the hostname that should be used by the route.", + "mediaType": { + "description": "mediaType of the referenced object.", "type": "string", "default": "" }, "name": { - "description": "name is the logical name of the route to customize.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized.", + "description": "name of the layer as defined by the underlying store.", "type": "string", "default": "" }, - "namespace": { - "description": "namespace is the namespace of the route to customize.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized.", + "size": { + "description": "size of the layer in bytes as defined by the underlying store.", + "type": "integer", + "format": "int64", + "default": 0 + } + } + }, + "com.github.openshift.api.image.v1.ImageLayerData": { + "description": "ImageLayerData contains metadata about an image layer.", + "type": "object", + "required": [ + "size", + "mediaType" + ], + "properties": { + "mediaType": { + "description": "mediaType of the referenced object.", "type": "string", "default": "" }, - "servingCertKeyPairSecret": { - "description": "servingCertKeyPairSecret is a reference to a secret of type `kubernetes.io/tls` in the openshift-config namespace. The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name. If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "size": { + "description": "size of the layer in bytes as defined by the underlying store. This field is optional if the necessary information about size is not available.", + "type": "integer", + "format": "int64" } } }, - "com.github.openshift.api.config.v1.ComponentRouteStatus": { - "description": "ComponentRouteStatus contains information allowing configuration of a route's hostname and serving certificate.", + "com.github.openshift.api.image.v1.ImageList": { + "description": "ImageList is a list of Image objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "namespace", - "name", - "defaultHostname", - "relatedObjects" + "items" ], "properties": { - "conditions": { - "description": "conditions are used to communicate the state of the componentRoutes entry.\n\nSupported conditions include Available, Degraded and Progressing.\n\nIf available is true, the content served by the route can be accessed by users. This includes cases where a default may continue to serve content while the customized route specified by the cluster-admin is being configured.\n\nIf Degraded is true, that means something has gone wrong trying to handle the componentRoutes entry. The currentHostnames field may or may not be in effect.\n\nIf Progressing is true, that means the component is taking some action related to the componentRoutes entry.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "consumingUsers": { - "description": "consumingUsers is a slice of ServiceAccounts that need to have read permission on the servingCertKeyPairSecret secret.", + "items": { + "description": "items is a list of images", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" } }, - "currentHostnames": { - "description": "currentHostnames is the list of current names used by the route. Typically, this list should consist of a single hostname, but if multiple hostnames are supported by the route the operator may write multiple entries to this list.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "defaultHostname": { - "description": "defaultHostname is the hostname of this route prior to customization.", - "type": "string", - "default": "" - }, - "name": { - "description": "name is the logical name of the route to customize. It does not have to be the actual name of a route resource but it cannot be renamed.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized.", - "type": "string", - "default": "" - }, - "namespace": { - "description": "namespace is the namespace of the route to customize. It must be a real namespace. Using an actual namespace ensures that no two components will conflict and the same component can be installed multiple times.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "relatedObjects": { - "description": "relatedObjects is a list of resources which are useful when debugging or inspecting how spec.componentRoutes is applied.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ObjectReference" - } + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.config.v1.ConditionalUpdate": { - "description": "ConditionalUpdate represents an update which is recommended to some clusters on the version the current cluster is reconciling, but which may not be recommended for the current cluster.", + "com.github.openshift.api.image.v1.ImageLookupPolicy": { + "description": "ImageLookupPolicy describes how an image stream can be used to override the image references used by pods, builds, and other resources in a namespace.", "type": "object", "required": [ - "release", - "risks" + "local" ], "properties": { - "conditions": { - "description": "conditions represents the observations of the conditional update's current status. Known types are: * Recommended, for whether the update is recommended for the current cluster.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "release": { - "description": "release is the target of the update.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Release" - }, - "riskNames": { - "description": "riskNames represents the set of the names of conditionalUpdateRisks that are relevant to this update for some clusters. The Applies condition of each conditionalUpdateRisks entry declares if that risk applies to this cluster. A conditional update is accepted only if each of its risks either does not apply to the cluster or is considered acceptable by the cluster administrator. The latter means that the risk names are included in value of the spec.desiredUpdate.acceptRisks field. Entries must be unique and must not exceed 256 characters. riskNames must not contain more than 500 entries.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" - }, - "risks": { - "description": "risks represents the range of issues associated with updating to the target release. The cluster-version operator will evaluate all entries, and only recommend the update if there is at least one entry and all entries recommend the update.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConditionalUpdateRisk" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" + "local": { + "description": "local will change the docker short image references (like \"mysql\" or \"php:latest\") on objects in this namespace to the image ID whenever they match this image stream, instead of reaching out to a remote registry. The name will be fully qualified to an image ID if found. The tag's referencePolicy is taken into account on the replaced value. Only works within the current namespace.", + "type": "boolean", + "default": false } } }, - "com.github.openshift.api.config.v1.ConditionalUpdateRisk": { - "description": "ConditionalUpdateRisk represents a reason and cluster-state for not recommending a conditional update.", + "com.github.openshift.api.image.v1.ImageManifest": { + "description": "ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object.", "type": "object", "required": [ - "url", - "name", - "message", - "matchingRules" + "digest", + "mediaType", + "manifestSize", + "architecture", + "os" ], "properties": { - "conditions": { - "description": "conditions represents the observations of the conditional update risk's current status. Known types are: * Applies, for whether the risk applies to the current cluster. The condition's types in the list must be unique. conditions must not contain more than one entry.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "matchingRules": { - "description": "matchingRules is a slice of conditions for deciding which clusters match the risk and which do not. The slice is ordered by decreasing precedence. The cluster-version operator will walk the slice in order, and stop after the first it can successfully evaluate. If no condition can be successfully evaluated, the update will not be recommended.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterCondition" - }, - "x-kubernetes-list-type": "atomic" + "architecture": { + "description": "architecture specifies the supported CPU architecture, for example `amd64` or `ppc64le`.", + "type": "string", + "default": "" }, - "message": { - "description": "message provides additional information about the risk of updating, in the event that matchingRules match the cluster state. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.", + "digest": { + "description": "digest is the unique identifier for the manifest. It refers to an Image object.", "type": "string", "default": "" }, - "name": { - "description": "name is the CamelCase reason for not recommending a conditional update, in the event that matchingRules match the cluster state.", + "manifestSize": { + "description": "manifestSize represents the size of the raw object contents, in bytes.", + "type": "integer", + "format": "int64", + "default": 0 + }, + "mediaType": { + "description": "mediaType defines the type of the manifest, possible values are application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json or application/vnd.docker.distribution.manifest.v1+json.", "type": "string", "default": "" }, - "url": { - "description": "url contains information about this risk.", + "os": { + "description": "os specifies the operating system, for example `linux`.", "type": "string", "default": "" + }, + "variant": { + "description": "variant is an optional field repreenting a variant of the CPU, for example v6 to specify a particular CPU variant of the ARM CPU.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.ConfigMapFileReference": { - "description": "ConfigMapFileReference references a config map in a specific namespace. The namespace must be specified at the point of use.", + "com.github.openshift.api.image.v1.ImageSignature": { + "description": "ImageSignature holds a signature of an image. It allows to verify image identity and possibly other claims as long as the signature is trusted. Based on this information it is possible to restrict runnable images to those matching cluster-wide policy. Mandatory fields should be parsed by clients doing image verification. The others are parsed from signature's content by the server. They serve just an informative purpose.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "name" + "type", + "content" ], "properties": { - "key": { - "description": "key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "name": { + "conditions": { + "description": "conditions represent the latest available observations of a signature's current state.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.SignatureCondition" + }, + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, + "content": { + "description": "Required: An opaque binary string which is an image's signature.", "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.config.v1.ConfigMapNameReference": { - "description": "ConfigMapNameReference references a config map in a specific namespace. The namespace must be specified at the point of use.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "description": "name is the metadata.name of the referenced config map", + "format": "byte" + }, + "created": { + "description": "If specified, it is the time of signature's creation.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "imageIdentity": { + "description": "A human readable string representing image's identity. It could be a product name and version, or an image pull spec (e.g. \"registry.access.redhat.com/rhel7/rhel:7.2\").", + "type": "string" + }, + "issuedBy": { + "description": "If specified, it holds information about an issuer of signing certificate or key (a person or entity who signed the signing certificate or key).", + "$ref": "#/definitions/com.github.openshift.api.image.v1.SignatureIssuer" + }, + "issuedTo": { + "description": "If specified, it holds information about a subject of signing certificate or key (a person or entity who signed the image).", + "$ref": "#/definitions/com.github.openshift.api.image.v1.SignatureSubject" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "signedClaims": { + "description": "Contains claims from the signature.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "type": { + "description": "Required: Describes a type of stored blob.", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.Console": { - "description": "Console holds cluster-wide configuration for the web console, including the logout URL, and reports the public URL of the console. The canonical name is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.image.v1.ImageStream": { + "description": "An ImageStream stores a mapping of tags to images, metadata overrides that are applied when images are tagged in a stream, and an optional reference to a container image repository on a registry. Users typically update the spec.tags field to point to external images which are imported from container registries using credentials in your namespace with the pull secret type, or to existing image stream tags and images which are immediately accessible for tagging or pulling. The history of images applied to a tag is visible in the status.tags field and any user who can view an image stream is allowed to tag that image into their own image streams. Access to pull images from the integrated registry is granted by having the \"get imagestreams/layers\" permission on a given image stream. Users may remove a tag by deleting the imagestreamtag resource, which causes both spec and status for that tag to be removed. Image stream history is retained until an administrator runs the prune operation, which removes references that are no longer in use. To preserve a historical image, ensure there is a tag in spec pointing to that image by its digest.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -17753,158 +16096,156 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec holds user settable values for configuration", + "description": "spec describes the desired state of this stream", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConsoleSpec" + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStreamSpec" }, "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", + "description": "status describes the current state of this stream", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConsoleStatus" - } - } - }, - "com.github.openshift.api.config.v1.ConsoleAuthentication": { - "description": "ConsoleAuthentication defines a list of optional configuration for console authentication.", - "type": "object", - "properties": { - "logoutRedirect": { - "description": "An optional, absolute URL to redirect web browsers to after logging out of the console. If not specified, it will redirect to the default login page. This is required when using an identity provider that supports single sign-on (SSO) such as: - OpenID (Keycloak, Azure) - RequestHeader (GSSAPI, SSPI, SAML) - OAuth (GitHub, GitLab, Google) Logging out of the console will destroy the user's token. The logoutRedirect provides the user the option to perform single logout (SLO) through the identity provider to destroy their single sign-on session.", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStreamStatus" } } }, - "com.github.openshift.api.config.v1.ConsoleList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.image.v1.ImageStreamImage": { + "description": "ImageStreamImage represents an Image that is retrieved by image name from an ImageStream. User interfaces and regular users can use this resource to access the metadata details of a tagged image in the image stream history for viewing, since Image resources are not directly accessible to end users. A not found error will be returned if no such image is referenced by a tag within the ImageStream. Images are created when spec tags are set on an image stream that represent an image in an external registry, when pushing to the integrated registry, or when tagging an existing image from one image stream to another. The name of an image stream image is in the form \"@\", where the digest is the content addressible identifier for the image (sha256:xxxxx...). You can use ImageStreamImages as the from.kind of an image stream spec tag to reference an image exactly. The only operations supported on the imagestreamimage endpoint are retrieving the image.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "metadata", - "items" + "image" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Console" - } + "image": { + "description": "image associated with the ImageStream and image name.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } } }, - "com.github.openshift.api.config.v1.ConsoleSpec": { - "description": "ConsoleSpec is the specification of the desired behavior of the Console.", + "com.github.openshift.api.image.v1.ImageStreamImport": { + "description": "The image stream import resource provides an easy way for a user to find and import container images from other container image registries into the server. Individual images or an entire image repository may be imported, and users may choose to see the results of the import prior to tagging the resulting images into the specified image stream.\n\nThis API is intended for end-user tools that need to see the metadata of the image prior to import (for instance, to generate an application from it). Clients that know the desired image can continue to create spec.tags directly into their image streams.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "spec", + "status" + ], "properties": { - "authentication": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConsoleAuthentication" - } - } - }, - "com.github.openshift.api.config.v1.ConsoleStatus": { - "description": "ConsoleStatus defines the observed status of the Console.", - "type": "object", - "properties": { - "consoleURL": { - "description": "The URL for the console. This will be derived from the host for the route that is created for the console.", - "type": "string", - "default": "" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec is a description of the images that the user wishes to import", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStreamImportSpec" + }, + "status": { + "description": "status is the result of importing the image", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStreamImportStatus" } } }, - "com.github.openshift.api.config.v1.Custom": { - "description": "Custom provides the custom configuration of gatherers", + "com.github.openshift.api.image.v1.ImageStreamImportSpec": { + "description": "ImageStreamImportSpec defines what images should be imported.", "type": "object", "required": [ - "configs" + "import" ], "properties": { - "configs": { - "description": "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + "images": { + "description": "images are a list of individual images to import.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.GathererConfig" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - } - }, - "com.github.openshift.api.config.v1.CustomFeatureGates": { - "type": "object", - "properties": { - "disabled": { - "description": "disabled is a list of all feature gates that you want to force off", - "type": "array", - "items": { - "type": "string", - "default": "" + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageImportSpec" } }, - "enabled": { - "description": "enabled is a list of all feature gates that you want to force on", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "import": { + "description": "import indicates whether to perform an import - if so, the specified tags are set on the spec and status of the image stream defined by the type meta.", + "type": "boolean", + "default": false + }, + "repository": { + "description": "repository is an optional import of an entire container image repository. A maximum limit on the number of tags imported this way is imposed by the server.", + "$ref": "#/definitions/com.github.openshift.api.image.v1.RepositoryImportSpec" } } }, - "com.github.openshift.api.config.v1.CustomTLSProfile": { - "description": "CustomTLSProfile is a user-defined TLS security profile. Be extremely careful using a custom TLS profile as invalid configurations can be catastrophic.", + "com.github.openshift.api.image.v1.ImageStreamImportStatus": { + "description": "ImageStreamImportStatus contains information about the status of an image stream import.", "type": "object", - "required": [ - "ciphers", - "minTLSVersion" - ], "properties": { - "ciphers": { - "description": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries that their operands do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml):\n\n ciphers:\n - ECDHE-RSA-AES128-GCM-SHA256\n\nTLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable and are always enabled when TLS 1.3 is negotiated.", + "images": { + "description": "images is set with the result of importing spec.images", "type": "array", "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageImportStatus" + } }, - "minTLSVersion": { - "description": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11", - "type": "string", - "default": "" + "import": { + "description": "import is the image stream that was successfully updated or created when 'to' was set.", + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStream" + }, + "repository": { + "description": "repository is set if spec.repository was set to the outcome of the import", + "$ref": "#/definitions/com.github.openshift.api.image.v1.RepositoryImportStatus" } } }, - "com.github.openshift.api.config.v1.DNS": { - "description": "DNS holds cluster-wide information about DNS. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.image.v1.ImageStreamLayers": { + "description": "ImageStreamLayers describes information about the layers referenced by images in this image stream.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "spec" + "blobs", + "images" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "blobs": { + "description": "blobs is a map of blob name to metadata about the blob.", + "type": "object", + "additionalProperties": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageLayerData" + } + }, + "images": { + "description": "images is a map between an image name and the names of the blobs and config that comprise the image.", + "type": "object", + "additionalProperties": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageBlobReferences" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -17912,25 +16253,14 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.DNSSpec" - }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.DNSStatus" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } } }, - "com.github.openshift.api.config.v1.DNSList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.image.v1.ImageStreamList": { + "description": "ImageStreamList is a list of ImageStream objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -17939,10 +16269,11 @@ "type": "string" }, "items": { + "description": "items is a list of imageStreams", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.DNS" + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStream" } }, "kind": { @@ -17952,372 +16283,332 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.config.v1.DNSPlatformSpec": { - "description": "DNSPlatformSpec holds cloud-provider-specific configuration for DNS administration.", + "com.github.openshift.api.image.v1.ImageStreamMapping": { + "description": "ImageStreamMapping represents a mapping from a single image stream tag to a container image as well as the reference to the container image stream the image came from. This resource is used by privileged integrators to create an image resource and to associate it with an image stream in the status tags field. Creating an ImageStreamMapping will allow any user who can view the image stream to tag or pull that image, so only create mappings where the user has proven they have access to the image contents directly. The only operation supported for this resource is create and the metadata name and namespace should be set to the image stream containing the tag that should be updated.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "type" + "image", + "tag" ], "properties": { - "aws": { - "description": "aws contains DNS configuration specific to the Amazon Web Services cloud provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSDNSSpec" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "type": { - "description": "type is the underlying infrastructure provider for the cluster. Allowed values: \"\", \"AWS\".\n\nIndividual components may not support all platforms, and must handle unrecognized platforms with best-effort defaults.", + "image": { + "description": "image is a container image.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "tag": { + "description": "tag is a string value this image can be located with inside the stream.", "type": "string", "default": "" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "aws": "AWS" - } - } - ] + } }, - "com.github.openshift.api.config.v1.DNSSpec": { + "com.github.openshift.api.image.v1.ImageStreamSpec": { + "description": "ImageStreamSpec represents options for ImageStreams.", "type": "object", - "required": [ - "baseDomain" - ], "properties": { - "baseDomain": { - "description": "baseDomain is the base domain of the cluster. All managed DNS records will be sub-domains of this base.\n\nFor example, given the base domain `openshift.example.com`, an API server DNS record may be created for `cluster-api.openshift.example.com`.\n\nOnce set, this field cannot be changed.", - "type": "string", - "default": "" + "dockerImageRepository": { + "description": "dockerImageRepository is optional, if specified this stream is backed by a container repository on this server Deprecated: This field is deprecated as of v3.7 and will be removed in a future release. Specify the source for the tags to be imported in each tag via the spec.tags.from reference instead.", + "type": "string" }, - "platform": { - "description": "platform holds configuration specific to the underlying infrastructure provider for DNS. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.", + "lookupPolicy": { + "description": "lookupPolicy controls how other resources reference images within this namespace.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.DNSPlatformSpec" - }, - "privateZone": { - "description": "privateZone is the location where all the DNS records that are only available internally to the cluster exist.\n\nIf this field is nil, no private records should be created.\n\nOnce set, this field cannot be changed.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.DNSZone" + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageLookupPolicy" }, - "publicZone": { - "description": "publicZone is the location where all the DNS records that are publicly accessible to the internet exist.\n\nIf this field is nil, no public records should be created.\n\nOnce set, this field cannot be changed.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.DNSZone" + "tags": { + "description": "tags map arbitrary string values to specific image locators", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.TagReference" + }, + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" } } }, - "com.github.openshift.api.config.v1.DNSStatus": { - "type": "object" - }, - "com.github.openshift.api.config.v1.DNSZone": { - "description": "DNSZone is used to define a DNS hosted zone. A zone can be identified by an ID or tags.", + "com.github.openshift.api.image.v1.ImageStreamStatus": { + "description": "ImageStreamStatus contains information about the state of this image stream.", "type": "object", "properties": { - "id": { - "description": "id is the identifier that can be used to find the DNS hosted zone.\n\non AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3].\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get", + "dockerImageRepository": { + "description": "dockerImageRepository represents the effective location this stream may be accessed at. May be empty until the server determines where the repository is located", + "type": "string", + "default": "" + }, + "publicDockerImageRepository": { + "description": "publicDockerImageRepository represents the public location from where the image can be pulled outside the cluster. This field may be empty if the administrator has not exposed the integrated registry externally.", "type": "string" }, "tags": { - "description": "tags can be used to query the DNS hosted zone.\n\non AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters,\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - } - } - }, - "com.github.openshift.api.config.v1.DelegatedAuthentication": { - "description": "DelegatedAuthentication allows authentication to be disabled.", - "type": "object", - "properties": { - "disabled": { - "description": "disabled indicates that authentication should be disabled. By default it will use delegated authentication.", - "type": "boolean" - } - } - }, - "com.github.openshift.api.config.v1.DelegatedAuthorization": { - "description": "DelegatedAuthorization allows authorization to be disabled.", - "type": "object", - "properties": { - "disabled": { - "description": "disabled indicates that authorization should be disabled. By default it will use delegated authorization.", - "type": "boolean" + "description": "tags are a historical record of images associated with each tag. The first entry in the TagEvent array is the currently tagged image.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.NamedTagEventList" + }, + "x-kubernetes-patch-merge-key": "tag", + "x-kubernetes-patch-strategy": "merge" } } }, - "com.github.openshift.api.config.v1.DeprecatedWebhookTokenAuthenticator": { - "description": "deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field.", + "com.github.openshift.api.image.v1.ImageStreamTag": { + "description": "ImageStreamTag represents an Image that is retrieved by tag name from an ImageStream. Use this resource to interact with the tags and images in an image stream by tag, or to see the image details for a particular tag. The image associated with this resource is the most recently successfully tagged, imported, or pushed image (as described in the image stream status.tags.items list for this tag). If an import is in progress or has failed the previous image will be shown. Deleting an image stream tag clears both the status and spec fields of an image stream. If no image can be retrieved for a given tag, a not found error will be returned.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "kubeConfig" + "tag", + "generation", + "lookupPolicy", + "image" ], "properties": { - "kubeConfig": { - "description": "kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" - } - } - }, - "com.github.openshift.api.config.v1.EquinixMetalPlatformSpec": { - "description": "EquinixMetalPlatformSpec holds the desired state of the Equinix Metal infrastructure provider. This only includes fields that can be modified in the cluster.", - "type": "object" - }, - "com.github.openshift.api.config.v1.EquinixMetalPlatformStatus": { - "description": "EquinixMetalPlatformStatus holds the current status of the Equinix Metal infrastructure provider.", - "type": "object", - "properties": { - "apiServerInternalIP": { - "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "ingressIP": { - "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.", + "conditions": { + "description": "conditions is an array of conditions that apply to the image stream tag.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.TagEventCondition" + } + }, + "generation": { + "description": "generation is the current generation of the tagged image - if tag is provided and this value is not equal to the tag generation, a user has requested an import that has not completed, or conditions will be filled out indicating any error.", + "type": "integer", + "format": "int64", + "default": 0 + }, + "image": { + "description": "image associated with the ImageStream and tag.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "lookupPolicy": { + "description": "lookupPolicy indicates whether this tag will handle image references in this namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageLookupPolicy" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "tag": { + "description": "tag is the spec tag associated with this image stream tag, and it may be null if only pushes have occurred to this image stream.", + "$ref": "#/definitions/com.github.openshift.api.image.v1.TagReference" } } }, - "com.github.openshift.api.config.v1.EtcdConnectionInfo": { - "description": "EtcdConnectionInfo holds information necessary for connecting to an etcd server", + "com.github.openshift.api.image.v1.ImageStreamTagList": { + "description": "ImageStreamTagList is a list of ImageStreamTag objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "ca", - "certFile", - "keyFile" + "items" ], "properties": { - "ca": { - "description": "ca is a file containing trusted roots for the etcd server certificates", - "type": "string", - "default": "" - }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" - }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "urls": { - "description": "urls are the URLs for etcd", + "items": { + "description": "items is the list of image stream tags", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStreamTag" } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.config.v1.EtcdStorageConfig": { + "com.github.openshift.api.image.v1.ImageTag": { + "description": "ImageTag represents a single tag within an image stream and includes the spec, the status history, and the currently referenced image (if any) of the provided tag. This type replaces the ImageStreamTag by providing a full view of the tag. ImageTags are returned for every spec or status tag present on the image stream. If no tag exists in either form, a not found error will be returned by the API. A create operation will succeed if no spec tag has already been defined and the spec field is set. Delete will remove both spec and status elements from the image stream.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "ca", - "certFile", - "keyFile", - "storagePrefix" + "spec", + "status", + "image" ], "properties": { - "ca": { - "description": "ca is a file containing trusted roots for the etcd server certificates", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" + "image": { + "description": "image is the details of the most recent image stream status tag, and it may be null if import has not completed or an administrator has deleted the image object. To verify this is the most recent image, you must verify the generation of the most recent status.items entry matches the spec tag (if a spec tag is set). This field will not be set when listing image tags.", + "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "storagePrefix": { - "description": "storagePrefix is the path within etcd that the OpenShift resources will be rooted under. This value, if changed, will mean existing objects in etcd will no longer be located.", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "urls": { - "description": "urls are the URLs for etcd", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "spec": { + "description": "spec is the spec tag associated with this image stream tag, and it may be null if only pushes have occurred to this image stream.", + "$ref": "#/definitions/com.github.openshift.api.image.v1.TagReference" + }, + "status": { + "description": "status is the status tag details associated with this image stream tag, and it may be null if no push or import has been performed.", + "$ref": "#/definitions/com.github.openshift.api.image.v1.NamedTagEventList" } } }, - "com.github.openshift.api.config.v1.ExternalIPConfig": { - "description": "ExternalIPConfig specifies some IP blocks relevant for the ExternalIP field of a Service resource.", + "com.github.openshift.api.image.v1.ImageTagList": { + "description": "ImageTagList is a list of ImageTag objects. When listing image tags, the image field is not populated. Tags are returned in alphabetical order by image stream and then tag.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "items" + ], "properties": { - "autoAssignCIDRs": { - "description": "autoAssignCIDRs is a list of CIDRs from which to automatically assign Service.ExternalIP. These are assigned when the service is of type LoadBalancer. In general, this is only useful for bare-metal clusters. In Openshift 3.x, this was misleadingly called \"IngressIPs\". Automatically assigned External IPs are not affected by any ExternalIPPolicy rules. Currently, only one entry may be provided.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is the list of image stream tags", "type": "array", "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageTag" + } }, - "policy": { - "description": "policy is a set of restrictions applied to the ExternalIP field. If nil or empty, then ExternalIP is not allowed to be set.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.ExternalIPPolicy" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.config.v1.ExternalIPPolicy": { - "description": "ExternalIPPolicy configures exactly which IPs are allowed for the ExternalIP field in a Service. If the zero struct is supplied, then none are permitted. The policy controller always allows automatically assigned external IPs.", + "com.github.openshift.api.image.v1.NamedTagEventList": { + "description": "NamedTagEventList relates a tag to its image history.", "type": "object", + "required": [ + "tag", + "items" + ], "properties": { - "allowedCIDRs": { - "description": "allowedCIDRs is the list of allowed CIDRs.", + "conditions": { + "description": "conditions is an array of conditions that apply to the tag event list.", "type": "array", "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.TagEventCondition" + } }, - "rejectedCIDRs": { - "description": "rejectedCIDRs is the list of disallowed CIDRs. These take precedence over allowedCIDRs.", + "items": { + "description": "Standard object's metadata.", "type": "array", "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "com.github.openshift.api.config.v1.ExternalPlatformSpec": { - "description": "ExternalPlatformSpec holds the desired state for the generic External infrastructure provider.", - "type": "object", - "properties": { - "platformName": { - "description": "platformName holds the arbitrary string representing the infrastructure provider name, expected to be set at the installation time. This field is solely for informational and reporting purposes and is not expected to be used for decision-making.", - "type": "string", - "default": "Unknown" - } - } - }, - "com.github.openshift.api.config.v1.ExternalPlatformStatus": { - "description": "ExternalPlatformStatus holds the current status of the generic External infrastructure provider.", - "type": "object", - "properties": { - "cloudControllerManager": { - "description": "cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI). When omitted, new nodes will be not tainted and no extra initialization from the cloud controller manager is expected.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.CloudControllerManagerStatus" - } - } - }, - "com.github.openshift.api.config.v1.ExtraMapping": { - "description": "ExtraMapping allows specifying a key and CEL expression to evaluate the keys' value. It is used to create additional mappings and attributes added to a cluster identity from a provided authentication token.", - "type": "object", - "required": [ - "key", - "valueExpression" - ], - "properties": { - "key": { - "description": "key is a required field that specifies the string to use as the extra attribute key.\n\nkey must be a domain-prefix path (e.g 'example.org/foo'). key must not exceed 510 characters in length. key must contain the '/' character, separating the domain and path characters. key must not be empty.\n\nThe domain portion of the key (string of characters prior to the '/') must be a valid RFC1123 subdomain. It must not exceed 253 characters in length. It must start and end with an alphanumeric character. It must only contain lower case alphanumeric characters and '-' or '.'. It must not use the reserved domains, or be subdomains of, \"kubernetes.io\", \"k8s.io\", and \"openshift.io\".\n\nThe path portion of the key (string of characters after the '/') must not be empty and must consist of at least one alphanumeric character, percent-encoded octets, '-', '.', '_', '~', '!', '$', '&', ''', '(', ')', '*', '+', ',', ';', '=', and ':'. It must not exceed 256 characters in length.", - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.TagEvent" + } }, - "valueExpression": { - "description": "valueExpression is a required field to specify the CEL expression to extract the extra attribute value from a JWT token's claims. valueExpression must produce a string or string array value. \"\", [], and null are treated as the extra mapping not being present. Empty string values within an array are filtered out.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'. 'claims' is a map of claim names to claim values. For example, the 'sub' claim value can be accessed as 'claims.sub'. Nested claims can be accessed using dot notation ('claims.foo.bar').\n\nvalueExpression must not exceed 1024 characters in length. valueExpression must not be empty.", + "tag": { + "description": "tag is the tag for which the history is recorded", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.FeatureGate": { - "description": "Feature holds cluster-wide information about feature gates. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.image.v1.RepositoryImportSpec": { + "description": "RepositoryImportSpec describes a request to import images from a container image repository.", "type": "object", "required": [ - "spec" + "from" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "from": { + "description": "from is the source for the image repository to import; only kind DockerImage and a name of a container image repository is allowed", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" }, - "spec": { - "description": "spec holds user settable values for configuration", + "importPolicy": { + "description": "importPolicy is the policy controlling how the image is imported", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGateSpec" + "$ref": "#/definitions/com.github.openshift.api.image.v1.TagImportPolicy" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", + "includeManifest": { + "description": "includeManifest determines if the manifest for each image is returned in the response", + "type": "boolean" + }, + "referencePolicy": { + "description": "referencePolicy defines how other components should consume the image", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGateStatus" - } - } - }, - "com.github.openshift.api.config.v1.FeatureGateAttributes": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "description": "name is the name of the FeatureGate.", - "type": "string", - "default": "" + "$ref": "#/definitions/com.github.openshift.api.image.v1.TagReferencePolicy" } } }, - "com.github.openshift.api.config.v1.FeatureGateDetails": { + "com.github.openshift.api.image.v1.RepositoryImportStatus": { + "description": "RepositoryImportStatus describes the result of an image repository import", "type": "object", - "required": [ - "version" - ], "properties": { - "disabled": { - "description": "disabled is a list of all feature gates that are disabled in the cluster for the named version.", + "additionalTags": { + "description": "additionalTags are tags that exist in the repository but were not imported because a maximum limit of automatic imports was applied.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGateAttributes" + "type": "string", + "default": "" } }, - "enabled": { - "description": "enabled is a list of all feature gates that are enabled in the cluster for the named version.", + "images": { + "description": "images is a list of images successfully retrieved by the import of the repository.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGateAttributes" + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageImportStatus" } }, - "version": { - "description": "version matches the version provided by the ClusterVersion and in the ClusterOperator.Status.Versions field.", - "type": "string", - "default": "" + "status": { + "description": "status reflects whether any failure occurred during import", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" } } }, - "com.github.openshift.api.config.v1.FeatureGateList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.image.v1.SecretList": { + "description": "SecretList is a list of Secret.", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -18326,10 +16617,11 @@ "type": "string" }, "items": { + "description": "Items is a list of secret objects. More info: https://kubernetes.io/docs/concepts/configuration/secret", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGate" + "$ref": "#/definitions/io.k8s.api.core.v1.Secret" } }, "kind": { @@ -18337,208 +16629,329 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.config.v1.FeatureGateSelection": { + "com.github.openshift.api.image.v1.SignatureCondition": { + "description": "SignatureCondition describes an image signature condition of particular kind at particular probe time.", "type": "object", + "required": [ + "type", + "status" + ], "properties": { - "customNoUpgrade": { - "description": "customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations your cluster may fail in an unrecoverable way. featureSet must equal \"CustomNoUpgrade\" must be set to use this field.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.CustomFeatureGates" + "lastProbeTime": { + "description": "Last time the condition was checked.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, - "featureSet": { - "description": "featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting. Turning on or off features may cause irreversible changes in your cluster which cannot be undone.", + "lastTransitionTime": { + "description": "Last time the condition transit from one status to another.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "message": { + "description": "Human readable message indicating details about last transition.", "type": "string" + }, + "reason": { + "description": "(brief) reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "type": "string", + "default": "" + }, + "type": { + "description": "type of signature condition, Complete or Failed.", + "type": "string", + "default": "" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "featureSet", - "fields-to-discriminateBy": { - "customNoUpgrade": "CustomNoUpgrade" - } - } - ] + } }, - "com.github.openshift.api.config.v1.FeatureGateSpec": { + "com.github.openshift.api.image.v1.SignatureGenericEntity": { + "description": "SignatureGenericEntity holds a generic information about a person or entity who is an issuer or a subject of signing certificate or key.", "type": "object", "properties": { - "customNoUpgrade": { - "description": "customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations your cluster may fail in an unrecoverable way. featureSet must equal \"CustomNoUpgrade\" must be set to use this field.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.CustomFeatureGates" + "commonName": { + "description": "Common name (e.g. openshift-signing-service).", + "type": "string" }, - "featureSet": { - "description": "featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting. Turning on or off features may cause irreversible changes in your cluster which cannot be undone.", + "organization": { + "description": "organization name.", "type": "string" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "featureSet", - "fields-to-discriminateBy": { - "customNoUpgrade": "CustomNoUpgrade" - } - } - ] + } }, - "com.github.openshift.api.config.v1.FeatureGateStatus": { + "com.github.openshift.api.image.v1.SignatureIssuer": { + "description": "SignatureIssuer holds information about an issuer of signing certificate or key.", "type": "object", "properties": { - "conditions": { - "description": "conditions represent the observations of the current state. Known .status.conditions.type are: \"DeterminationDegraded\"", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "commonName": { + "description": "Common name (e.g. openshift-signing-service).", + "type": "string" }, - "featureGates": { - "description": "featureGates contains a list of enabled and disabled featureGates that are keyed by payloadVersion. Operators other than the CVO and cluster-config-operator, must read the .status.featureGates, locate the version they are managing, find the enabled/disabled featuregates and make the operand and operator match. The enabled/disabled values for a particular version may change during the life of the cluster as various .spec.featureSet values are selected. Operators may choose to restart their processes to pick up these changes, but remembering past enable/disable lists is beyond the scope of this API and is the responsibility of individual operators. Only featureGates with .version in the ClusterVersion.status will be present in this list.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGateDetails" - }, - "x-kubernetes-list-map-keys": [ - "version" - ], - "x-kubernetes-list-type": "map" + "organization": { + "description": "organization name.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.FeatureGateTests": { + "com.github.openshift.api.image.v1.SignatureSubject": { + "description": "SignatureSubject holds information about a person or entity who created the signature.", "type": "object", "required": [ - "featureGate", - "tests" + "publicKeyID" ], "properties": { - "featureGate": { - "description": "featureGate is the name of the FeatureGate as it appears in The FeatureGate CR instance.", + "commonName": { + "description": "Common name (e.g. openshift-signing-service).", + "type": "string" + }, + "organization": { + "description": "organization name.", + "type": "string" + }, + "publicKeyID": { + "description": "If present, it is a human readable key id of public key belonging to the subject used to verify image signature. It should contain at least 64 lowest bits of public key's fingerprint (e.g. 0x685ebe62bf278440).", "type": "string", "default": "" - }, - "tests": { - "description": "tests contains an item for every TestName", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.TestDetails" - } } } }, - "com.github.openshift.api.config.v1.GCPPlatformSpec": { - "description": "GCPPlatformSpec holds the desired state of the Google Cloud Platform infrastructure provider. This only includes fields that can be modified in the cluster.", - "type": "object" - }, - "com.github.openshift.api.config.v1.GCPPlatformStatus": { - "description": "GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider.", + "com.github.openshift.api.image.v1.TagEvent": { + "description": "TagEvent is used by ImageStreamStatus to keep a historical record of images associated with a tag.", "type": "object", "required": [ - "projectID", - "region" + "created", + "dockerImageReference", + "image", + "generation" ], "properties": { - "cloudLoadBalancerConfig": { - "description": "cloudLoadBalancerConfig holds configuration related to DNS and cloud load balancers. It allows configuration of in-cluster DNS as an alternative to the platform default DNS implementation. When using the ClusterHosted DNS type, Load Balancer IP addresses must be provided for the API and internal API load balancers as well as the ingress load balancer.", - "default": { - "dnsType": "PlatformDefault" - }, - "$ref": "#/definitions/com.github.openshift.api.config.v1.CloudLoadBalancerConfig" - }, - "projectID": { - "description": "resourceGroupName is the Project ID for new GCP resources created for the cluster.", - "type": "string", - "default": "" + "created": { + "description": "created holds the time the TagEvent was created", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, - "region": { - "description": "region holds the region for new GCP resources created for the cluster.", + "dockerImageReference": { + "description": "dockerImageReference is the string that can be used to pull this image", "type": "string", "default": "" }, - "resourceLabels": { - "description": "resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.GCPResourceLabel" - }, - "x-kubernetes-list-map-keys": [ - "key" - ], - "x-kubernetes-list-type": "map" + "generation": { + "description": "generation is the spec tag generation that resulted in this tag being updated", + "type": "integer", + "format": "int64", + "default": 0 }, - "resourceTags": { - "description": "resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.GCPResourceTag" - }, - "x-kubernetes-list-map-keys": [ - "key" - ], - "x-kubernetes-list-type": "map" + "image": { + "description": "image is the image", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.GCPResourceLabel": { - "description": "GCPResourceLabel is a label to apply to GCP resources created for the cluster.", + "com.github.openshift.api.image.v1.TagEventCondition": { + "description": "TagEventCondition contains condition information for a tag event.", "type": "object", "required": [ - "key", - "value" + "type", + "status", + "generation" ], "properties": { - "key": { - "description": "key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` and `openshift-io`.", + "generation": { + "description": "generation is the spec tag generation that this status corresponds to", + "type": "integer", + "format": "int64", + "default": 0 + }, + "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "message": { + "description": "message is a human readable description of the details about last transition, complementing reason.", + "type": "string" + }, + "reason": { + "description": "reason is a brief machine readable explanation for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", "type": "string", "default": "" }, - "value": { - "description": "value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. Value must contain only lowercase letters, numeric characters, and the following special characters `_-`.", + "type": { + "description": "type of tag event condition, currently only ImportSuccess", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.GCPResourceTag": { - "description": "GCPResourceTag is a tag to apply to GCP resources created for the cluster.", + "com.github.openshift.api.image.v1.TagImportPolicy": { + "description": "TagImportPolicy controls how images related to this tag will be imported.", + "type": "object", + "properties": { + "importMode": { + "description": "importMode describes how to import an image manifest.", + "type": "string" + }, + "insecure": { + "description": "insecure is true if the server may bypass certificate verification or connect directly over HTTP during image import.", + "type": "boolean" + }, + "scheduled": { + "description": "scheduled indicates to the server that this tag should be periodically checked to ensure it is up to date, and imported", + "type": "boolean" + } + } + }, + "com.github.openshift.api.image.v1.TagReference": { + "description": "TagReference specifies optional annotations for images using this tag and an optional reference to an ImageStreamTag, ImageStreamImage, or DockerImage this tag should track.", "type": "object", "required": [ - "parentID", - "key", - "value" + "name" ], "properties": { - "key": { - "description": "key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`.", - "type": "string", - "default": "" + "annotations": { + "description": "Optional; if specified, annotations that are applied to images retrieved via ImageStreamTags.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } }, - "parentID": { - "description": "parentID is the ID of the hierarchical resource where the tags are defined, e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.", + "from": { + "description": "Optional; if specified, a reference to another image that this tag should point to. Valid values are ImageStreamTag, ImageStreamImage, and DockerImage. ImageStreamTag references can only reference a tag within this same ImageStream.", + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + }, + "generation": { + "description": "generation is a counter that tracks mutations to the spec tag (user intent). When a tag reference is changed the generation is set to match the current stream generation (which is incremented every time spec is changed). Other processes in the system like the image importer observe that the generation of spec tag is newer than the generation recorded in the status and use that as a trigger to import the newest remote tag. To trigger a new import, clients may set this value to zero which will reset the generation to the latest stream generation. Legacy clients will send this value as nil which will be merged with the current tag generation.", + "type": "integer", + "format": "int64" + }, + "importPolicy": { + "description": "importPolicy is information that controls how images may be imported by the server.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.TagImportPolicy" + }, + "name": { + "description": "name of the tag", "type": "string", "default": "" }, - "value": { - "description": "value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces.", + "reference": { + "description": "reference states if the tag will be imported. Default value is false, which means the tag will be imported.", + "type": "boolean" + }, + "referencePolicy": { + "description": "referencePolicy defines how other components should consume the image.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.TagReferencePolicy" + } + } + }, + "com.github.openshift.api.image.v1.TagReferencePolicy": { + "description": "TagReferencePolicy describes how pull-specs for images in this image stream tag are generated when image change triggers in deployment configs or builds are resolved. This allows the image stream author to control how images are accessed.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "type": { + "description": "type determines how the image pull spec should be transformed when the image stream tag is used in deployment config triggers or new builds. The default value is `Source`, indicating the original location of the image should be used (if imported). The user may also specify `Local`, indicating that the pull spec should point to the integrated container image registry and leverage the registry's ability to proxy the pull to an upstream registry. `Local` allows the credentials used to pull this image to be managed from the image stream's namespace, so others on the platform can access a remote image but have no access to the remote secret. It also allows the image layers to be mirrored into the local registry which the images can still be pulled even if the upstream registry is unavailable.", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.GatherConfig": { - "description": "GatherConfig provides data gathering configuration options.", + "com.github.openshift.api.insights.v1.Custom": { + "description": "Custom provides the custom configuration of gatherers", + "type": "object", + "required": [ + "configs" + ], + "properties": { + "configs": { + "description": "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1.GathererConfig" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.insights.v1.DataGather": { + "description": "DataGather provides data gather configuration options and status for the particular Insights data gathering.\n\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1.DataGatherSpec" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1.DataGatherStatus" + } + } + }, + "com.github.openshift.api.insights.v1.DataGatherList": { + "description": "DataGatherList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items contains a list of DataGather resources.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1.DataGather" + }, + "x-kubernetes-list-type": "atomic" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + } + }, + "com.github.openshift.api.insights.v1.DataGatherSpec": { + "description": "DataGatherSpec contains the configuration for the DataGather.", "type": "object", "required": [ "gatherers" @@ -18556,16 +16969,76 @@ "gatherers": { "description": "gatherers is a required field that specifies the configuration of the gatherers.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Gatherers" + "$ref": "#/definitions/com.github.openshift.api.insights.v1.Gatherers" }, "storage": { "description": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Storage" + "$ref": "#/definitions/com.github.openshift.api.insights.v1.Storage" } } }, - "com.github.openshift.api.config.v1.GathererConfig": { + "com.github.openshift.api.insights.v1.DataGatherStatus": { + "description": "DataGatherStatus contains information relating to the DataGather state.", + "type": "object", + "properties": { + "conditions": { + "description": "conditions is an optional field that provides details on the status of the gatherer job. It may not exceed 100 items and must not contain duplicates.\n\nThe current condition types are DataUploaded, DataRecorded, DataProcessed, RemoteConfigurationNotAvailable, RemoteConfigurationInvalid\n\nThe DataUploaded condition is used to represent whether or not the archive was successfully uploaded for further processing. When it has a status of True and a reason of Succeeded, the archive was successfully uploaded. When it has a status of Unknown and a reason of NoUploadYet, the upload has not occurred, or there was no data to upload. When it has a status of False and a reason Failed, the upload failed. The accompanying message will include the specific error encountered.\n\nThe DataRecorded condition is used to represent whether or not the archive was successfully recorded. When it has a status of True and a reason of Succeeded, the archive was recorded successfully. When it has a status of Unknown and a reason of NoDataGatheringYet, the data gathering process has not started yet. When it has a status of False and a reason of RecordingFailed, the recording failed and a message will include the specific error encountered.\n\nThe DataProcessed condition is used to represent whether or not the archive was processed by the processing service. When it has a status of True and a reason of Processed, the data was processed successfully. When it has a status of Unknown and a reason of NothingToProcessYet, there is no data to process at the moment. When it has a status of False and a reason of Failure, processing failed and a message will include the specific error encountered.\n\nThe RemoteConfigurationAvailable condition is used to represent whether the remote configuration is available. When it has a status of Unknown and a reason of Unknown or RemoteConfigNotRequestedYet, the state of the remote configuration is unknown—typically at startup. When it has a status of True and a reason of Succeeded, the configuration is available. When it has a status of False and a reason of NoToken, the configuration was disabled by removing the cloud.openshift.com field from the pull secret. When it has a status of False and a reason of DisabledByConfiguration, the configuration was disabled in insightsdatagather.config.openshift.io.\n\nThe RemoteConfigurationValid condition is used to represent whether the remote configuration is valid. When it has a status of Unknown and a reason of Unknown or NoValidationYet, the validity of the remote configuration is unknown—typically at startup. When it has a status of True and a reason of Succeeded, the configuration is valid. When it has a status of False and a reason of Invalid, the configuration is invalid.\n\nThe Progressing condition is used to represent the phase of gathering When it has a status of False and the reason is DataGatherPending, the gathering has not started yet. When it has a status of True and reason is Gathering, the gathering is running. When it has a status of False and reason is GatheringSucceeded, the gathering successfully finished. When it has a status of False and reason is GatheringFailed, the gathering failed.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "finishTime": { + "description": "finishTime is the time when Insights data gathering finished.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "gatherers": { + "description": "gatherers is a list of active gatherers (and their statuses) in the last gathering.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1.GathererStatus" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "insightsReport": { + "description": "insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet or the corresponding Insights analysis (identified by \"insightsRequestID\") is not available.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1.InsightsReport" + }, + "insightsRequestID": { + "description": "insightsRequestID is an optional Insights request ID to track the status of the Insights analysis (in console.redhat.com processing pipeline) for the corresponding Insights data archive. It may not exceed 256 characters and is immutable once set.", + "type": "string" + }, + "relatedObjects": { + "description": "relatedObjects is an optional list of resources which are useful when debugging or inspecting the data gathering Pod It may not exceed 100 items and must not contain duplicates.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1.ObjectReference" + }, + "x-kubernetes-list-map-keys": [ + "name", + "namespace" + ], + "x-kubernetes-list-type": "map" + }, + "startTime": { + "description": "startTime is the time when Insights data gathering started.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + } + } + }, + "com.github.openshift.api.insights.v1.GathererConfig": { "description": "GathererConfig allows to configure specific gatherers", "type": "object", "required": [ @@ -18583,7 +17056,38 @@ } } }, - "com.github.openshift.api.config.v1.Gatherers": { + "com.github.openshift.api.insights.v1.GathererStatus": { + "description": "GathererStatus represents information about a particular data gatherer.", + "type": "object", + "required": [ + "name", + "lastGatherSeconds" + ], + "properties": { + "conditions": { + "description": "conditions provide details on the status of each gatherer.\n\nThe current condition type is DataGathered\n\nThe DataGathered condition is used to represent whether or not the data was gathered by a gatherer specified by name. When it has a status of True and a reason of GatheredOK, the data has been successfully gathered as expected. When it has a status of False and a reason of NoData, no data was gathered—for example, when the resource is not present in the cluster. When it has a status of False and a reason of GatherError, an error occurred and no data was gathered. When it has a status of False and a reason of GatherPanic, a panic occurred during gathering and no data was collected. When it has a status of False and a reason of GatherWithErrorReason, data was partially gathered or gathered with an error message.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "lastGatherSeconds": { + "description": "lastGatherSeconds is required field that represents the time spent gathering in seconds", + "type": "integer", + "format": "int32" + }, + "name": { + "description": "name is the required name of the gatherer. It must contain at least 5 characters and may not exceed 256 characters.", + "type": "string" + } + } + }, + "com.github.openshift.api.insights.v1.Gatherers": { "description": "Gatherers specifies the configuration of the gatherers", "type": "object", "required": [ @@ -18593,10 +17097,10 @@ "custom": { "description": "custom provides gathering configuration. It is required when mode is Custom, and forbidden otherwise. Custom configuration allows user to disable only a subset of gatherers. Gatherers that are not explicitly disabled in custom configuration will run.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Custom" + "$ref": "#/definitions/com.github.openshift.api.insights.v1.Custom" }, "mode": { - "description": "mode is a required field that specifies the mode for gatherers. Allowed values are All, None, and Custom. When set to All, all gatherers will run and gather data. When set to None, all gatherers will be disabled and no data will be gathered. When set to Custom, the custom configuration from the custom field will be applied.", + "description": "mode is a required field that specifies the mode for gatherers. Allowed values are All and Custom. When set to All, all gatherers will run and gather data. When set to Custom, the custom configuration from the custom field will be applied.", "type": "string" } }, @@ -18609,492 +17113,498 @@ } ] }, - "com.github.openshift.api.config.v1.GenericAPIServerConfig": { - "description": "GenericAPIServerConfig is an inline-able struct for aggregated apiservers that need to store data in etcd", + "com.github.openshift.api.insights.v1.HealthCheck": { + "description": "HealthCheck represents an Insights health check attributes.", "type": "object", "required": [ - "servingInfo", - "corsAllowedOrigins", - "auditConfig", - "storageConfig", - "admission", - "kubeClientConfig" + "description", + "totalRisk", + "advisorURI" ], "properties": { - "admission": { - "description": "admissionConfig holds information about how to configure admission.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AdmissionConfig" + "advisorURI": { + "description": "advisorURI is required field that provides the URL link to the Insights Advisor. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", + "type": "string" }, - "auditConfig": { - "description": "auditConfig describes how to configure audit information", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AuditConfig" + "description": { + "description": "description is required field that provides basic description of the healthcheck. It must contain at least 10 characters and may not exceed 2048 characters.", + "type": "string" }, - "corsAllowedOrigins": { - "description": "corsAllowedOrigins", + "totalRisk": { + "description": "totalRisk is the required field of the healthcheck. It is indicator of the total risk posed by the detected issue; combination of impact and likelihood. Allowed values are Low, Moderate, Important and Critical. The value represents the severity of the issue.", + "type": "string" + } + } + }, + "com.github.openshift.api.insights.v1.InsightsReport": { + "description": "InsightsReport provides Insights health check report based on the most recently sent Insights data.", + "type": "object", + "required": [ + "downloadedTime", + "uri" + ], + "properties": { + "downloadedTime": { + "description": "downloadedTime is a required field that specifies when the Insights report was last downloaded.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "healthChecks": { + "description": "healthChecks is an optional field that provides basic information about active Insights recommendations, which serve as proactive notifications for potential issues in the cluster. When omitted, it means that there are no active recommendations in the cluster.", "type": "array", "items": { - "type": "string", - "default": "" - } - }, - "kubeClientConfig": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.KubeClientConfig" - }, - "servingInfo": { - "description": "servingInfo describes how to start serving", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1.HealthCheck" + }, + "x-kubernetes-list-map-keys": [ + "advisorURI", + "totalRisk", + "description" + ], + "x-kubernetes-list-type": "map" }, - "storageConfig": { - "description": "storageConfig contains information about how to use", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.EtcdStorageConfig" + "uri": { + "description": "uri is a required field that provides the URL link from which the report was downloaded. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.GenericControllerConfig": { - "description": "GenericControllerConfig provides information to configure a controller", + "com.github.openshift.api.insights.v1.ObjectReference": { + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", "type": "object", "required": [ - "servingInfo", - "leaderElection", - "authentication", - "authorization" + "group", + "resource", + "name", + "namespace" ], "properties": { - "authentication": { - "description": "authentication allows configuration of authentication for the endpoints", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.DelegatedAuthentication" + "group": { + "description": "group is required field that specifies the API Group of the Resource. Enter empty string for the core group. This value is empty or it should follow the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start with an alphabetic character and end with an alphanumeric character. Example: \"\", \"apps\", \"build.openshift.io\", etc.", + "type": "string" }, - "authorization": { - "description": "authorization allows configuration of authentication for the endpoints", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.DelegatedAuthorization" + "name": { + "description": "name is required field that specifies the referent that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start with an alphabetic character and end with an alphanumeric character..", + "type": "string" }, - "leaderElection": { - "description": "leaderElection provides information to elect a leader. Only override this if you have a specific need", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.LeaderElection" + "namespace": { + "description": "namespace if required field of the referent that follows the DNS1123 labels format. It must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character.", + "type": "string" }, - "servingInfo": { - "description": "servingInfo is the HTTP serving information for the controller's endpoints", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" + "resource": { + "description": "resource is required field of the type that is being referenced and follows the DNS1035 format. It is normally the plural form of the resource kind in lowercase. It must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character. Example: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.GitHubIdentityProvider": { - "description": "GitHubIdentityProvider provides identities for users authenticating using GitHub credentials", + "com.github.openshift.api.insights.v1.PersistentVolumeClaimReference": { + "description": "PersistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", "type": "object", "required": [ - "clientID", - "clientSecret" + "name" ], "properties": { - "ca": { - "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. This can only be configured when hostname is set to a non-empty value. The namespace for this config map is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" - }, - "clientID": { - "description": "clientID is the oauth client ID", - "type": "string", - "default": "" - }, - "clientSecret": { - "description": "clientSecret is a required reference to the secret by name containing the oauth client secret. The key \"clientSecret\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" - }, - "hostname": { - "description": "hostname is the optional domain (e.g. \"mycompany.com\") for use with a hosted instance of GitHub Enterprise. It must match the GitHub Enterprise settings value configured at /setup/settings#hostname.", - "type": "string", - "default": "" - }, - "organizations": { - "description": "organizations optionally restricts which organizations are allowed to log in", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "teams": { - "description": "teams optionally restricts which teams are allowed to log in. Format is /.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "name": { + "description": "name is the name of the PersistentVolumeClaim that will be used to store the Insights data archive. It is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.GitLabIdentityProvider": { - "description": "GitLabIdentityProvider provides identities for users authenticating using GitLab credentials", + "com.github.openshift.api.insights.v1.PersistentVolumeConfig": { + "description": "PersistentVolumeConfig provides configuration options for PersistentVolume storage.", "type": "object", "required": [ - "clientID", - "clientSecret", - "url" + "claim" ], "properties": { - "ca": { - "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", + "claim": { + "description": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "$ref": "#/definitions/com.github.openshift.api.insights.v1.PersistentVolumeClaimReference" }, - "clientID": { - "description": "clientID is the oauth client ID", - "type": "string", - "default": "" - }, - "clientSecret": { - "description": "clientSecret is a required reference to the secret by name containing the oauth client secret. The key \"clientSecret\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" - }, - "url": { - "description": "url is the oauth server base URL", - "type": "string", - "default": "" + "mountPath": { + "description": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.GoogleIdentityProvider": { - "description": "GoogleIdentityProvider provides identities for users authenticating using Google credentials", + "com.github.openshift.api.insights.v1.Storage": { + "description": "Storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", "type": "object", "required": [ - "clientID", - "clientSecret" + "type" ], "properties": { - "clientID": { - "description": "clientID is the oauth client ID", - "type": "string", - "default": "" - }, - "clientSecret": { - "description": "clientSecret is a required reference to the secret by name containing the oauth client secret. The key \"clientSecret\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", + "persistentVolume": { + "description": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "$ref": "#/definitions/com.github.openshift.api.insights.v1.PersistentVolumeConfig" }, - "hostedDomain": { - "description": "hostedDomain is the optional Google App domain (e.g. \"mycompany.com\") to restrict logins to", - "type": "string", - "default": "" + "type": { + "description": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the PersistentVolume field.", + "type": "string" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "persistentVolume": "PersistentVolume" + } + } + ] }, - "com.github.openshift.api.config.v1.HTPasswdIdentityProvider": { - "description": "HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials", + "com.github.openshift.api.insights.v1alpha1.DataGather": { + "description": "DataGather provides data gather configuration options and status for the particular Insights data gathering.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "fileData" + "spec" ], "properties": { - "fileData": { - "description": "fileData is a required reference to a secret by name containing the data to use as the htpasswd file. The key \"htpasswd\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. If the specified htpasswd data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.DataGatherSpec" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.DataGatherStatus" } } }, - "com.github.openshift.api.config.v1.HTTPServingInfo": { - "description": "HTTPServingInfo holds configuration for serving HTTP", + "com.github.openshift.api.insights.v1alpha1.DataGatherList": { + "description": "DataGatherList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", - "required": [ - "bindAddress", - "bindNetwork", - "certFile", - "keyFile", - "maxRequestsInFlight", - "requestTimeoutSeconds" - ], "properties": { - "bindAddress": { - "description": "bindAddress is the ip:port to serve on", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "bindNetwork": { - "description": "bindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", - "type": "string", - "default": "" + "items": { + "description": "items contains a list of DataGather resources.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.DataGather" + }, + "x-kubernetes-list-type": "atomic" }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + } + }, + "com.github.openshift.api.insights.v1alpha1.DataGatherSpec": { + "description": "DataGatherSpec contains the configuration for the DataGather.", + "type": "object", + "properties": { + "dataPolicy": { + "description": "dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. Valid values are \"ClearText\" and \"ObfuscateNetworking\". When set to ClearText the data is not obfuscated. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is ClearText.", "type": "string", "default": "" }, - "cipherSuites": { - "description": "cipherSuites contains an overridden list of ciphers for the server to support. Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants", + "gatherers": { + "description": "gatherers is an optional list of gatherers configurations. The list must not exceed 100 items. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.GathererConfig" } }, - "clientCA": { - "description": "clientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates", + "storage": { + "description": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.Storage" + } + } + }, + "com.github.openshift.api.insights.v1alpha1.DataGatherStatus": { + "description": "DataGatherStatus contains information relating to the DataGather state.", + "type": "object", + "properties": { + "conditions": { + "description": "conditions provide details on the status of the gatherer job.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "dataGatherState": { + "description": "dataGatherState reflects the current state of the data gathering process.", "type": "string" }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - "type": "string", - "default": "" + "finishTime": { + "description": "finishTime is the time when Insights data gathering finished.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, - "maxRequestsInFlight": { - "description": "maxRequestsInFlight is the number of concurrent requests allowed to the server. If zero, no limit.", - "type": "integer", - "format": "int64", - "default": 0 + "gatherers": { + "description": "gatherers is a list of active gatherers (and their statuses) in the last gathering.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.GathererStatus" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "minTLSVersion": { - "description": "minTLSVersion is the minimum TLS version supported. Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants", + "insightsReport": { + "description": "insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet or the corresponding Insights analysis (identified by \"insightsRequestID\") is not available.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.InsightsReport" + }, + "insightsRequestID": { + "description": "insightsRequestID is an Insights request ID to track the status of the Insights analysis (in console.redhat.com processing pipeline) for the corresponding Insights data archive.", "type": "string" }, - "namedCertificates": { - "description": "namedCertificates is a list of certificates to use to secure requests to specific hostnames", + "relatedObjects": { + "description": "relatedObjects is a list of resources which are useful when debugging or inspecting the data gathering Pod", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NamedCertificate" + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.ObjectReference" } }, - "requestTimeoutSeconds": { - "description": "requestTimeoutSeconds is the number of seconds before requests are timed out. The default is 60 minutes, if -1 there is no limit on requests.", - "type": "integer", - "format": "int64", - "default": 0 + "startTime": { + "description": "startTime is the time when Insights data gathering started.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" } } }, - "com.github.openshift.api.config.v1.HubSource": { - "description": "HubSource is used to specify the hub source and its configuration", + "com.github.openshift.api.insights.v1alpha1.GathererConfig": { + "description": "gathererConfig allows to configure specific gatherers", "type": "object", "required": [ - "name", - "disabled" + "name" ], "properties": { - "disabled": { - "description": "disabled is used to disable a default hub source on cluster", - "type": "boolean", - "default": false - }, "name": { - "description": "name is the name of one of the default hub sources", + "description": "name is the required name of specific gatherer It must be at most 256 characters in length. The format for the gatherer name should be: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md.", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.config.v1.HubSourceStatus": { - "description": "HubSourceStatus is used to reflect the current state of applying the configuration to a default source", - "type": "object", - "properties": { - "message": { - "description": "message provides more information regarding failures", - "type": "string" }, - "status": { - "description": "status indicates success or failure in applying the configuration", - "type": "string" + "state": { + "description": "state allows you to configure specific gatherer. Valid values are \"Enabled\", \"Disabled\" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default. The current default is Enabled.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.IBMCloudPlatformSpec": { - "description": "IBMCloudPlatformSpec holds the desired state of the IBMCloud infrastructure provider. This only includes fields that can be modified in the cluster.", + "com.github.openshift.api.insights.v1alpha1.GathererStatus": { + "description": "gathererStatus represents information about a particular data gatherer.", "type": "object", + "required": [ + "conditions", + "name", + "lastGatherDuration" + ], "properties": { - "serviceEndpoints": { - "description": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of an IBM service. These endpoints are used by components within the cluster when trying to reach the IBM Cloud Services that have been overridden. The CCCMO reads in the IBMCloudPlatformSpec and validates each endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus are updated to reflect the same custom endpoints. A maximum of 13 service endpoints overrides are supported.", + "conditions": { + "description": "conditions provide details on the status of each gatherer.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.IBMCloudServiceEndpoint" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" }, "x-kubernetes-list-map-keys": [ - "name" + "type" ], "x-kubernetes-list-type": "map" + }, + "lastGatherDuration": { + "description": "lastGatherDuration represents the time spent gathering.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + }, + "name": { + "description": "name is the name of the gatherer.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.IBMCloudPlatformStatus": { - "description": "IBMCloudPlatformStatus holds the current status of the IBMCloud infrastructure provider.", + "com.github.openshift.api.insights.v1alpha1.HealthCheck": { + "description": "healthCheck represents an Insights health check attributes.", "type": "object", + "required": [ + "description", + "totalRisk", + "advisorURI", + "state" + ], "properties": { - "cisInstanceCRN": { - "description": "cisInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain", - "type": "string" - }, - "dnsInstanceCRN": { - "description": "dnsInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain", - "type": "string" + "advisorURI": { + "description": "advisorURI is required field that provides the URL link to the Insights Advisor. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", + "type": "string", + "default": "" }, - "location": { - "description": "location is where the cluster has been deployed", - "type": "string" + "description": { + "description": "description provides basic description of the healtcheck.", + "type": "string", + "default": "" }, - "providerType": { - "description": "providerType indicates the type of cluster that was created", - "type": "string" + "state": { + "description": "state determines what the current state of the health check is. Health check is enabled by default and can be disabled by the user in the Insights advisor user interface.", + "type": "string", + "default": "" }, - "resourceGroupName": { - "description": "resourceGroupName is the Resource Group for new IBMCloud resources created for the cluster.", - "type": "string" + "totalRisk": { + "description": "totalRisk of the healthcheck. Indicator of the total risk posed by the detected issue; combination of impact and likelihood. The values can be from 1 to 4, and the higher the number, the more important the issue.", + "type": "integer", + "format": "int32", + "default": 0 + } + } + }, + "com.github.openshift.api.insights.v1alpha1.InsightsReport": { + "description": "insightsReport provides Insights health check report based on the most recently sent Insights data.", + "type": "object", + "properties": { + "downloadedAt": { + "description": "downloadedAt is the time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled).", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, - "serviceEndpoints": { - "description": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of an IBM service. These endpoints are used by components within the cluster when trying to reach the IBM Cloud Services that have been overridden. The CCCMO reads in the IBMCloudPlatformSpec and validates each endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus are updated to reflect the same custom endpoints.", + "healthChecks": { + "description": "healthChecks provides basic information about active Insights health checks in a cluster.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.IBMCloudServiceEndpoint" + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.HealthCheck" }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" + }, + "uri": { + "description": "uri is optional field that provides the URL link from which the report was downloaded. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.IBMCloudServiceEndpoint": { - "description": "IBMCloudServiceEndpoint stores the configuration of a custom url to override existing defaults of IBM Cloud Services.", + "com.github.openshift.api.insights.v1alpha1.ObjectReference": { + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", "type": "object", "required": [ - "name", - "url" + "group", + "resource", + "name" ], "properties": { + "group": { + "description": "group is the API Group of the Resource. Enter empty string for the core group. This value is empty or should follow the DNS1123 subdomain format and it must be at most 253 characters in length. Example: \"\", \"apps\", \"build.openshift.io\", etc.", + "type": "string", + "default": "" + }, "name": { - "description": "name is the name of the IBM Cloud service. Possible values are: CIS, COS, COSConfig, DNSServices, GlobalCatalog, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC. For example, the IBM Cloud Private IAM service could be configured with the service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`", + "description": "name of the referent that follows the DNS1123 subdomain format. It must be at most 256 characters in length.", "type": "string", "default": "" }, - "url": { - "description": "url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. The path must follow the pattern /v[0,9]+ or /api/v[0,9]+", + "namespace": { + "description": "namespace of the referent that follows the DNS1123 subdomain format. It must be at most 253 characters in length.", + "type": "string" + }, + "resource": { + "description": "resource is required field of the type that is being referenced. It is normally the plural form of the resource kind in lowercase. This value should consist of only lowercase alphanumeric characters and hyphens. Example: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.IdentityProvider": { - "description": "IdentityProvider provides identities for users authenticating using credentials", + "com.github.openshift.api.insights.v1alpha1.PersistentVolumeClaimReference": { + "description": "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", "type": "object", "required": [ - "name", - "type" + "name" ], "properties": { - "basicAuth": { - "description": "basicAuth contains configuration options for the BasicAuth IdP", - "$ref": "#/definitions/com.github.openshift.api.config.v1.BasicAuthIdentityProvider" - }, - "github": { - "description": "github enables user authentication using GitHub credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.GitHubIdentityProvider" - }, - "gitlab": { - "description": "gitlab enables user authentication using GitLab credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.GitLabIdentityProvider" - }, - "google": { - "description": "google enables user authentication using Google credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.GoogleIdentityProvider" - }, - "htpasswd": { - "description": "htpasswd enables user authentication using an HTPasswd file to validate credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.HTPasswdIdentityProvider" - }, - "keystone": { - "description": "keystone enables user authentication using keystone password credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.KeystoneIdentityProvider" - }, - "ldap": { - "description": "ldap enables user authentication using LDAP credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.LDAPIdentityProvider" - }, - "mappingMethod": { - "description": "mappingMethod determines how identities from this provider are mapped to users Defaults to \"claim\"", - "type": "string" - }, "name": { - "description": "name is used to qualify the identities returned by this provider. - It MUST be unique and not shared by any other identity provider used - It MUST be a valid path segment: name cannot equal \".\" or \"..\" or contain \"/\" or \"%\" or \":\"\n Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName", + "description": "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", "type": "string", "default": "" + } + } + }, + "com.github.openshift.api.insights.v1alpha1.PersistentVolumeConfig": { + "description": "persistentVolumeConfig provides configuration options for PersistentVolume storage.", + "type": "object", + "required": [ + "claim" + ], + "properties": { + "claim": { + "description": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.PersistentVolumeClaimReference" }, - "openID": { - "description": "openID enables user authentication using OpenID credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.OpenIDIdentityProvider" - }, - "requestHeader": { - "description": "requestHeader enables user authentication using request header credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.RequestHeaderIdentityProvider" - }, - "type": { - "description": "type identifies the identity provider type for this entry.", - "type": "string", - "default": "" + "mountPath": { + "description": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.IdentityProviderConfig": { - "description": "IdentityProviderConfig contains configuration for using a specific identity provider", + "com.github.openshift.api.insights.v1alpha1.Storage": { + "description": "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", "type": "object", "required": [ "type" ], "properties": { - "basicAuth": { - "description": "basicAuth contains configuration options for the BasicAuth IdP", - "$ref": "#/definitions/com.github.openshift.api.config.v1.BasicAuthIdentityProvider" - }, - "github": { - "description": "github enables user authentication using GitHub credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.GitHubIdentityProvider" - }, - "gitlab": { - "description": "gitlab enables user authentication using GitLab credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.GitLabIdentityProvider" - }, - "google": { - "description": "google enables user authentication using Google credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.GoogleIdentityProvider" - }, - "htpasswd": { - "description": "htpasswd enables user authentication using an HTPasswd file to validate credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.HTPasswdIdentityProvider" - }, - "keystone": { - "description": "keystone enables user authentication using keystone password credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.KeystoneIdentityProvider" - }, - "ldap": { - "description": "ldap enables user authentication using LDAP credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.LDAPIdentityProvider" - }, - "openID": { - "description": "openID enables user authentication using OpenID credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.OpenIDIdentityProvider" - }, - "requestHeader": { - "description": "requestHeader enables user authentication using request header credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.RequestHeaderIdentityProvider" + "persistentVolume": { + "description": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.PersistentVolumeConfig" }, "type": { - "description": "type identifies the identity provider type for this entry.", + "description": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the PersistentVolume field.", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.Image": { - "description": "Image governs policies related to imagestream imports and runtime configuration for external registries. It allows cluster admins to configure which registries OpenShift is allowed to import images from, extra CA trust bundles for external registries, and policies to block or allow registry hostnames. When exposing OpenShift's image registry to the public, this also lets cluster admins specify the external hostname.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.insights.v1alpha2.Custom": { + "description": "custom provides the custom configuration of gatherers", + "type": "object", + "required": [ + "configs" + ], + "properties": { + "configs": { + "description": "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.GathererConfig" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.insights.v1alpha2.DataGather": { + "description": "DataGather provides data gather configuration options and status for the particular Insights data gathering.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ "spec" @@ -19111,1103 +17621,871 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageSpec" + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.DataGatherSpec" }, "status": { "description": "status holds observed values from the cluster. They may not be overridden.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageStatus" + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.DataGatherStatus" } } }, - "com.github.openshift.api.config.v1.ImageContentPolicy": { - "description": "ImageContentPolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.insights.v1alpha2.DataGatherList": { + "description": "DataGatherList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", - "required": [ - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "description": "items contains a list of DataGather resources.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.DataGather" + }, + "x-kubernetes-list-type": "atomic" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageContentPolicySpec" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.config.v1.ImageContentPolicyList": { - "description": "ImageContentPolicyList lists the items in the ImageContentPolicy CRD.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.insights.v1alpha2.DataGatherSpec": { + "description": "DataGatherSpec contains the configuration for the DataGather.", "type": "object", - "required": [ - "metadata", - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { + "dataPolicy": { + "description": "dataPolicy is an optional list of DataPolicyOptions that allows user to enable additional obfuscation of the Insights archive data. It may not exceed 2 items and must not contain duplicates. Valid values are ObfuscateNetworking and WorkloadNames. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When set to WorkloadNames, the gathered data about cluster resources will not contain the workload names for your deployments. Resources UIDs will be used instead. When omitted no obfuscation is applied.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageContentPolicy" - } + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "gatherers": { + "description": "gatherers is an optional field that specifies the configuration of the gatherers. If omitted, all gatherers will be run.", + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.Gatherers" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "storage": { + "description": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.Storage" } } }, - "com.github.openshift.api.config.v1.ImageContentPolicySpec": { - "description": "ImageContentPolicySpec is the specification of the ImageContentPolicy CRD.", + "com.github.openshift.api.insights.v1alpha2.DataGatherStatus": { + "description": "DataGatherStatus contains information relating to the DataGather state.", "type": "object", "properties": { - "repositoryDigestMirrors": { - "description": "repositoryDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in RepositoryDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To pull image from mirrors by tags, should set the \"allowMirrorByTags\".\n\nEach “source” repository is treated independently; configurations for different “source” repositories don’t interact.\n\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec.\n\nWhen multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.", + "conditions": { + "description": "conditions is an optional field that provides details on the status of the gatherer job. It may not exceed 100 items and must not contain duplicates.\n\nThe current condition types are DataUploaded, DataRecorded, DataProcessed, RemoteConfigurationNotAvailable, RemoteConfigurationInvalid\n\nThe DataUploaded condition is used to represent whether or not the archive was successfully uploaded for further processing. When it has a status of True and a reason of Succeeded, the archive was successfully uploaded. When it has a status of Unknown and a reason of NoUploadYet, the upload has not occurred, or there was no data to upload. When it has a status of False and a reason Failed, the upload failed. The accompanying message will include the specific error encountered.\n\nThe DataRecorded condition is used to represent whether or not the archive was successfully recorded. When it has a status of True and a reason of Succeeded, the archive was recorded successfully. When it has a status of Unknown and a reason of NoDataGatheringYet, the data gathering process has not started yet. When it has a status of False and a reason of RecordingFailed, the recording failed and a message will include the specific error encountered.\n\nThe DataProcessed condition is used to represent whether or not the archive was processed by the processing service. When it has a status of True and a reason of Processed, the data was processed successfully. When it has a status of Unknown and a reason of NothingToProcessYet, there is no data to process at the moment. When it has a status of False and a reason of Failure, processing failed and a message will include the specific error encountered.\n\nThe RemoteConfigurationAvailable condition is used to represent whether the remote configuration is available. When it has a status of Unknown and a reason of Unknown or RemoteConfigNotRequestedYet, the state of the remote configuration is unknown—typically at startup. When it has a status of True and a reason of Succeeded, the configuration is available. When it has a status of False and a reason of NoToken, the configuration was disabled by removing the cloud.openshift.com field from the pull secret. When it has a status of False and a reason of DisabledByConfiguration, the configuration was disabled in insightsdatagather.config.openshift.io.\n\nThe RemoteConfigurationValid condition is used to represent whether the remote configuration is valid. When it has a status of Unknown and a reason of Unknown or NoValidationYet, the validity of the remote configuration is unknown—typically at startup. When it has a status of True and a reason of Succeeded, the configuration is valid. When it has a status of False and a reason of Invalid, the configuration is invalid.\n\nThe Progressing condition is used to represent the phase of gathering When it has a status of False and the reason is DataGatherPending, the gathering has not started yet. When it has a status of True and reason is Gathering, the gathering is running. When it has a status of False and reason is GatheringSucceeded, the gathering succesfully finished. When it has a status of False and reason is GatheringFailed, the gathering failed.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.RepositoryDigestMirrors" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" }, "x-kubernetes-list-map-keys": [ - "source" + "type" ], "x-kubernetes-list-type": "map" - } - } - }, - "com.github.openshift.api.config.v1.ImageDigestMirrorSet": { - "description": "ImageDigestMirrorSet holds cluster-wide information about how to handle registry mirror rules on using digest pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "spec" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageDigestMirrorSetSpec" }, - "status": { - "description": "status contains the observed state of the resource.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageDigestMirrorSetStatus" - } - } - }, - "com.github.openshift.api.config.v1.ImageDigestMirrorSetList": { - "description": "ImageDigestMirrorSetList lists the items in the ImageDigestMirrorSet CRD.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "metadata", - "items" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "finishTime": { + "description": "finishTime is the time when Insights data gathering finished.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, - "items": { + "gatherers": { + "description": "gatherers is a list of active gatherers (and their statuses) in the last gathering.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageDigestMirrorSet" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.GathererStatus" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "insightsReport": { + "description": "insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet or the corresponding Insights analysis (identified by \"insightsRequestID\") is not available.", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.config.v1.ImageDigestMirrorSetSpec": { - "description": "ImageDigestMirrorSetSpec is the specification of the ImageDigestMirrorSet CRD.", - "type": "object", - "properties": { - "imageDigestMirrors": { - "description": "imageDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using tag specification, users should configure a list of mirrors using \"ImageTagMirrorSet\" CRD.\n\nIf the image pull specification matches the repository of \"source\" in multiple imagedigestmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the \"source\", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact.\n\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec.\n\nWhen multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a specific order of mirrors, should configure them into one list of mirrors using the expected order.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageDigestMirrors" - }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "com.github.openshift.api.config.v1.ImageDigestMirrorSetStatus": { - "type": "object" - }, - "com.github.openshift.api.config.v1.ImageDigestMirrors": { - "description": "ImageDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config.", - "type": "object", - "required": [ - "source" - ], - "properties": { - "mirrorSourcePolicy": { - "description": "mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. If unset, the image will continue to be pulled from the the repository in the pull spec. sourcePolicy is valid configuration only when one or more mirrors are in the mirror list.", + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.InsightsReport" + }, + "insightsRequestID": { + "description": "insightsRequestID is an optional Insights request ID to track the status of the Insights analysis (in console.redhat.com processing pipeline) for the corresponding Insights data archive. It may not exceed 256 characters and is immutable once set.", "type": "string" }, - "mirrors": { - "description": "mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. Images can be pulled from these mirrors only if they are referenced by their digests. The mirrored location is obtained by replacing the part of the input reference that matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo repository to be used. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be pulled from the repository in the pull spec unless explicitly prohibited by \"mirrorSourcePolicy\" Other cluster configuration, including (but not limited to) other imageDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. \"mirrors\" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", + "relatedObjects": { + "description": "relatedObjects is an optional list of resources which are useful when debugging or inspecting the data gathering Pod It may not exceed 100 items and must not contain duplicates.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.ObjectReference" }, - "x-kubernetes-list-type": "set" + "x-kubernetes-list-map-keys": [ + "name", + "namespace" + ], + "x-kubernetes-list-type": "map" }, - "source": { - "description": "source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. \"source\" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo [*.]host for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", - "type": "string", - "default": "" + "startTime": { + "description": "startTime is the time when Insights data gathering started.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" } } }, - "com.github.openshift.api.config.v1.ImageLabel": { + "com.github.openshift.api.insights.v1alpha2.GathererConfig": { + "description": "gathererConfig allows to configure specific gatherers", "type": "object", "required": [ - "name" + "name", + "state" ], "properties": { "name": { - "description": "name defines the name of the label. It must have non-zero length.", + "description": "name is the required name of a specific gatherer It may not exceed 256 characters. The format for a gatherer name is: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", "type": "string", "default": "" }, - "value": { - "description": "value defines the literal value of the label.", - "type": "string" + "state": { + "description": "state is a required field that allows you to configure specific gatherer. Valid values are \"Enabled\" and \"Disabled\". When set to Enabled the gatherer will run. When set to Disabled the gatherer will not run.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.ImageList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.insights.v1alpha2.GathererStatus": { + "description": "gathererStatus represents information about a particular data gatherer.", "type": "object", "required": [ - "metadata", - "items" + "name", + "lastGatherSeconds" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { + "conditions": { + "description": "conditions provide details on the status of each gatherer.\n\nThe current condition type is DataGathered\n\nThe DataGathered condition is used to represent whether or not the data was gathered by a gatherer specified by name. When it has a status of True and a reason of GatheredOK, the data has been successfully gathered as expected. When it has a status of False and a reason of NoData, no data was gathered—for example, when the resource is not present in the cluster. When it has a status of False and a reason of GatherError, an error occurred and no data was gathered. When it has a status of False and a reason of GatherPanic, a panic occurred during gathering and no data was collected. When it has a status of False and a reason of GatherWithErrorReason, data was partially gathered or gathered with an error message.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Image" - } + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "lastGatherSeconds": { + "description": "lastGatherSeconds is required field that represents the time spent gathering in seconds", + "type": "integer", + "format": "int32", + "default": 0 }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "name": { + "description": "name is the required name of the gatherer. It must contain at least 5 characters and may not exceed 256 characters.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.ImagePolicy": { - "description": "ImagePolicy holds namespace-wide configuration for image signature verification\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.insights.v1alpha2.Gatherers": { + "description": "Gathereres specifies the configuration of the gatherers", "type": "object", "required": [ - "spec" + "mode" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicySpec" + "custom": { + "description": "custom provides gathering configuration. It is required when mode is Custom, and forbidden otherwise. Custom configuration allows user to disable only a subset of gatherers. Gatherers that are not explicitly disabled in custom configuration will run.", + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.Custom" }, - "status": { - "description": "status contains the observed state of the resource.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicyStatus" + "mode": { + "description": "mode is a required field that specifies the mode for gatherers. Allowed values are All and Custom. When set to All, all gatherers wil run and gather data. When set to Custom, the custom configuration from the custom field will be applied.", + "type": "string", + "default": "" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "mode", + "fields-to-discriminateBy": { + "custom": "Custom" + } + } + ] }, - "com.github.openshift.api.config.v1.ImagePolicyFulcioCAWithRekorRootOfTrust": { - "description": "ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key.", + "com.github.openshift.api.insights.v1alpha2.HealthCheck": { + "description": "healthCheck represents an Insights health check attributes.", "type": "object", "required": [ - "fulcioCAData", - "rekorKeyData", - "fulcioSubject" + "description", + "totalRisk", + "advisorURI" ], "properties": { - "fulcioCAData": { - "description": "fulcioCAData is a required field contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters.", + "advisorURI": { + "description": "advisorURI is required field that provides the URL link to the Insights Advisor. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", "type": "string", - "format": "byte" + "default": "" }, - "fulcioSubject": { - "description": "fulcioSubject is a required field specifies OIDC issuer and the email of the Fulcio authentication configuration.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyFulcioSubject" + "description": { + "description": "description is required field that provides basic description of the healtcheck. It must contain at least 10 characters and may not exceed 2048 characters.", + "type": "string", + "default": "" }, - "rekorKeyData": { - "description": "rekorKeyData is a required field contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", + "totalRisk": { + "description": "totalRisk is the required field of the healthcheck. It is indicator of the total risk posed by the detected issue; combination of impact and likelihood. Allowed values are Low, Medium, Important and Critical. The value represents the severity of the issue.", "type": "string", - "format": "byte" + "default": "" } } }, - "com.github.openshift.api.config.v1.ImagePolicyList": { - "description": "ImagePolicyList is a list of ImagePolicy resources\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.insights.v1alpha2.InsightsReport": { + "description": "insightsReport provides Insights health check report based on the most recently sent Insights data.", "type": "object", - "required": [ - "metadata", - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "downloadedTime": { + "description": "downloadedTime is an optional time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled).", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, - "items": { - "description": "items is a list of ImagePolicies", + "healthChecks": { + "description": "healthChecks provides basic information about active Insights health checks in a cluster.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicy" - } + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.HealthCheck" + }, + "x-kubernetes-list-map-keys": [ + "advisorURI", + "totalRisk", + "description" + ], + "x-kubernetes-list-type": "map" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "uri": { + "description": "uri is optional field that provides the URL link from which the report was downloaded. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1.ImagePolicyPKIRootOfTrust": { - "description": "ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates.", + "com.github.openshift.api.insights.v1alpha2.ObjectReference": { + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", "type": "object", "required": [ - "caRootsData", - "pkiCertificateSubject" + "group", + "resource", + "name", + "namespace" ], "properties": { - "caIntermediatesData": { - "description": "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set.", + "group": { + "description": "group is required field that specifies the API Group of the Resource. Enter empty string for the core group. This value is empty or it should follow the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start with an alphabetic character and end with an alphanumeric character. Example: \"\", \"apps\", \"build.openshift.io\", etc.", "type": "string", - "format": "byte" + "default": "" }, - "caRootsData": { - "description": "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters.", + "name": { + "description": "name is required field that specifies the referent that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start with an alphabetic character and end with an alphanumeric character..", "type": "string", - "format": "byte" + "default": "" }, - "pkiCertificateSubject": { - "description": "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.PKICertificateSubject" + "namespace": { + "description": "namespace if required field of the referent that follows the DNS1123 labels format. It must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character.", + "type": "string", + "default": "" + }, + "resource": { + "description": "resource is required field of the type that is being referenced and follows the DNS1035 format. It is normally the plural form of the resource kind in lowercase. It must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character. Example: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.ImagePolicyPublicKeyRootOfTrust": { - "description": "ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key.", + "com.github.openshift.api.insights.v1alpha2.PersistentVolumeClaimReference": { + "description": "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", "type": "object", "required": [ - "keyData" + "name" ], "properties": { - "keyData": { - "description": "keyData is a required field contains inline base64-encoded data for the PEM format public key. keyData must be at most 8192 characters.", - "type": "string", - "format": "byte" - }, - "rekorKeyData": { - "description": "rekorKeyData is an optional field contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", + "name": { + "description": "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", "type": "string", - "format": "byte" + "default": "" } } }, - "com.github.openshift.api.config.v1.ImagePolicySpec": { - "description": "ImagePolicySpec is the specification of the ImagePolicy CRD.", + "com.github.openshift.api.insights.v1alpha2.PersistentVolumeConfig": { + "description": "persistentVolumeConfig provides configuration options for PersistentVolume storage.", "type": "object", "required": [ - "scopes", - "policy" + "claim" ], "properties": { - "policy": { - "description": "policy is a required field that contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", + "claim": { + "description": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy" + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.PersistentVolumeClaimReference" }, - "scopes": { - "description": "scopes is a required field that defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. This support no more than 256 scopes in one object. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" + "mountPath": { + "description": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.ImagePolicyStatus": { + "com.github.openshift.api.insights.v1alpha2.Storage": { + "description": "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", "type": "object", + "required": [ + "type" + ], "properties": { - "conditions": { - "description": "conditions provide details on the status of this API Resource. condition type 'Pending' indicates that the customer resource contains a policy that cannot take effect. It is either overwritten by a global policy or the image scope is not valid.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "persistentVolume": { + "description": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.PersistentVolumeConfig" + }, + "type": { + "description": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the PersistentVolume field.", + "type": "string", + "default": "" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "persistentVolume": "PersistentVolume" + } + } + ] }, - "com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy": { - "description": "ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list.", + "com.github.openshift.api.kubecontrolplane.v1.AggregatorConfig": { + "description": "AggregatorConfig holds information required to make the aggregator function.", "type": "object", "required": [ - "rootOfTrust" + "proxyClientInfo" ], "properties": { - "rootOfTrust": { - "description": "rootOfTrust is a required field that defines the root of trust for verifying image signatures during retrieval. This allows image consumers to specify policyType and corresponding configuration of the policy, matching how the policy was generated.", + "proxyClientInfo": { + "description": "proxyClientInfo specifies the client cert/key to use when proxying to aggregated API servers", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyRootOfTrust" - }, - "signedIdentity": { - "description": "signedIdentity is an optional field specifies what image identity the signature claims about the image. This is useful when the image identity in the signature differs from the original image spec, such as when mirror registry is configured for the image scope, the signature from the mirror registry contains the image identity of the mirror instead of the original scope. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".", - "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyIdentity" + "$ref": "#/definitions/com.github.openshift.api.config.v1.CertInfo" } } }, - "com.github.openshift.api.config.v1.ImageSpec": { + "com.github.openshift.api.kubecontrolplane.v1.KubeAPIServerConfig": { + "description": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "servingInfo", + "corsAllowedOrigins", + "auditConfig", + "storageConfig", + "admission", + "kubeClientConfig", + "authConfig", + "aggregatorConfig", + "kubeletClientInfo", + "servicesSubnet", + "servicesNodePortRange", + "consolePublicURL", + "userAgentMatchingConfig", + "imagePolicyConfig", + "projectConfig", + "serviceAccountPublicKeyFiles", + "oauthConfig", + "apiServerArguments" + ], "properties": { - "additionalTrustedCA": { - "description": "additionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted during imagestream import, pod image pull, build image pull, and imageregistry pullthrough. The namespace for this config map is openshift-config.", + "admission": { + "description": "admissionConfig holds information about how to configure admission.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "$ref": "#/definitions/com.github.openshift.api.config.v1.AdmissionConfig" }, - "allowedRegistriesForImport": { - "description": "allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.RegistryLocation" - }, - "x-kubernetes-list-type": "atomic" + "aggregatorConfig": { + "description": "aggregatorConfig has options for configuring the aggregator component of the API server.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.AggregatorConfig" }, - "externalRegistryHostnames": { - "description": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "apiServerArguments": { + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string", + "default": "" + } + } }, - "imageStreamImportMode": { - "description": "imageStreamImportMode controls the import mode behaviour of imagestreams. It can be set to `Legacy` or `PreserveOriginal` or the empty string. If this value is specified, this setting is applied to all newly created imagestreams which do not have the value set. `Legacy` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported. When empty, the behaviour will be decided based on the payload type advertised by the ClusterVersion status, i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal.\n\nPossible enum values:\n - `\"Legacy\"` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. This mode is the default.\n - `\"PreserveOriginal\"` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.", - "type": "string", - "default": "", - "enum": [ - "Legacy", - "PreserveOriginal" - ] + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "registrySources": { - "description": "registrySources contains configuration that determines how the container runtime should treat individual registries when accessing images for builds+pods. (e.g. whether or not to allow insecure access). It does not contain configuration for the internal cluster registry.", + "auditConfig": { + "description": "auditConfig describes how to configure audit information", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.RegistrySources" - } - } - }, - "com.github.openshift.api.config.v1.ImageStatus": { - "type": "object", - "properties": { - "externalRegistryHostnames": { - "description": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.AuditConfig" + }, + "authConfig": { + "description": "authConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.MasterAuthConfig" + }, + "consolePublicURL": { + "description": "DEPRECATED: consolePublicURL has been deprecated and setting it has no effect.", + "type": "string", + "default": "" + }, + "corsAllowedOrigins": { + "description": "corsAllowedOrigins", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "imageStreamImportMode": { - "description": "imageStreamImportMode controls the import mode behaviour of imagestreams. It can be `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported. This value will be reconciled based on either the spec value or if no spec value is specified, the image registry operator would look at the ClusterVersion status to determine the payload type and set the import mode accordingly, i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal.\n\nPossible enum values:\n - `\"Legacy\"` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. This mode is the default.\n - `\"PreserveOriginal\"` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.", - "type": "string", - "enum": [ - "Legacy", - "PreserveOriginal" - ] + } }, - "internalRegistryHostname": { - "description": "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format. This value is set by the image registry operator which controls the internal registry hostname.", - "type": "string" - } - } - }, - "com.github.openshift.api.config.v1.ImageTagMirrorSet": { - "description": "ImageTagMirrorSet holds cluster-wide information about how to handle registry mirror rules on using tag pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "spec" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "imagePolicyConfig": { + "description": "imagePolicyConfig feeds the image policy admission plugin", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.KubeAPIServerImagePolicyConfig" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "kubeClientConfig": { "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.KubeClientConfig" }, - "spec": { - "description": "spec holds user settable values for configuration", + "kubeletClientInfo": { + "description": "kubeletClientInfo contains information about how to connect to kubelets", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageTagMirrorSetSpec" + "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.KubeletConnectionInfo" }, - "status": { - "description": "status contains the observed state of the resource.", + "minimumKubeletVersion": { + "description": "minimumKubeletVersion is the lowest version of a kubelet that can join the cluster. Specifically, the apiserver will deny most authorization requests of kubelets that are older than the specified version, only allowing the kubelet to get and update its node object, and perform subjectaccessreviews. This means any kubelet that attempts to join the cluster will not be able to run any assigned workloads, and will eventually be marked as not ready. Its max length is 8, so maximum version allowed is either \"9.999.99\" or \"99.99.99\". Since the kubelet reports the version of the kubernetes release, not Openshift, this field references the underlying kubernetes version this version of Openshift is based off of. In other words: if an admin wishes to ensure no nodes run an older version than Openshift 4.17, then they should set the minimumKubeletVersion to 1.30.0. When comparing versions, the kubelet's version is stripped of any contents outside of major.minor.patch version. Thus, a kubelet with version \"1.0.0-ec.0\" will be compatible with minimumKubeletVersion \"1.0.0\" or earlier.", + "type": "string", + "default": "" + }, + "oauthConfig": { + "description": "oauthConfig, if present start the /oauth endpoint in this process", + "$ref": "#/definitions/com.github.openshift.api.osin.v1.OAuthConfig" + }, + "projectConfig": { + "description": "projectConfig feeds an admission plugin", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageTagMirrorSetStatus" - } - } - }, - "com.github.openshift.api.config.v1.ImageTagMirrorSetList": { - "description": "ImageTagMirrorSetList lists the items in the ImageTagMirrorSet CRD.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "metadata", - "items" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.KubeAPIServerProjectConfig" }, - "items": { + "serviceAccountPublicKeyFiles": { + "description": "serviceAccountPublicKeyFiles is a list of files, each containing a PEM-encoded public RSA key. (If any file contains a private key, the public portion of the key is used) The list of public keys is used to verify presented service account tokens. Each key is tried in order until the list is exhausted or verification succeeds. If no keys are specified, no service account authentication will be available.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageTagMirrorSet" + "type": "string", + "default": "" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "servicesNodePortRange": { + "description": "servicesNodePortRange is the range to use for assigning service public ports on a host.", + "type": "string", + "default": "" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "servicesSubnet": { + "description": "servicesSubnet is the subnet to use for assigning service IPs", + "type": "string", + "default": "" + }, + "servingInfo": { + "description": "servingInfo describes how to start serving", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.config.v1.ImageTagMirrorSetSpec": { - "description": "ImageTagMirrorSetSpec is the specification of the ImageTagMirrorSet CRD.", - "type": "object", - "properties": { - "imageTagMirrors": { - "description": "imageTagMirrors allows images referenced by image tags in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageTagMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using digest specification only, users should configure a list of mirrors using \"ImageDigestMirrorSet\" CRD.\n\nIf the image pull specification matches the repository of \"source\" in multiple imagetagmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the \"source\", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact.\n\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec.\n\nWhen multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a deterministic order of mirrors, should configure them into one list of mirrors using the expected order.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageTagMirrors" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" + }, + "storageConfig": { + "description": "storageConfig contains information about how to use", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.EtcdStorageConfig" + }, + "userAgentMatchingConfig": { + "description": "userAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.UserAgentMatchingConfig" } } }, - "com.github.openshift.api.config.v1.ImageTagMirrorSetStatus": { - "type": "object" - }, - "com.github.openshift.api.config.v1.ImageTagMirrors": { - "description": "ImageTagMirrors holds cluster-wide information about how to handle mirrors in the registries config.", + "com.github.openshift.api.kubecontrolplane.v1.KubeAPIServerImagePolicyConfig": { "type": "object", "required": [ - "source" + "internalRegistryHostname", + "externalRegistryHostnames" ], "properties": { - "mirrorSourcePolicy": { - "description": "mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. If unset, the image will continue to be pulled from the repository in the pull spec. sourcePolicy is valid configuration only when one or more mirrors are in the mirror list.", - "type": "string" - }, - "mirrors": { - "description": "mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. Images can be pulled from these mirrors only if they are referenced by their tags. The mirrored location is obtained by replacing the part of the input reference that matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo repository to be used. Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. Configuring a list of mirrors using \"ImageDigestMirrorSet\" CRD and forcing digest-pulls for mirrors avoids that issue. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be pulled from the repository in the pull spec unless explicitly prohibited by \"mirrorSourcePolicy\". Other cluster configuration, including (but not limited to) other imageTagMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. \"mirrors\" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", + "externalRegistryHostnames": { + "description": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "set" + } }, - "source": { - "description": "source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. \"source\" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo [*.]host for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", + "internalRegistryHostname": { + "description": "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format.", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.Infrastructure": { - "description": "Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.kubecontrolplane.v1.KubeAPIServerProjectConfig": { "type": "object", "required": [ - "spec" + "defaultNodeSelector" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.InfrastructureSpec" - }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.InfrastructureStatus" + "defaultNodeSelector": { + "description": "defaultNodeSelector holds default project node label selector", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.InfrastructureList": { - "description": "InfrastructureList is\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.kubecontrolplane.v1.KubeControllerManagerConfig": { + "description": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "metadata", - "items" + "serviceServingCert", + "projectConfig", + "extendedArguments" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Infrastructure" + "extendedArguments": { + "description": "extendedArguments is used to configure the kube-controller-manager", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string", + "default": "" + } } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "projectConfig": { + "description": "projectConfig is an optimization for the daemonset controller", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.KubeControllerManagerProjectConfig" + }, + "serviceServingCert": { + "description": "serviceServingCert provides support for the old alpha service serving cert signer CA bundle", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.ServiceServingCert" } } }, - "com.github.openshift.api.config.v1.InfrastructureSpec": { - "description": "InfrastructureSpec contains settings that apply to the cluster infrastructure.", + "com.github.openshift.api.kubecontrolplane.v1.KubeControllerManagerProjectConfig": { "type": "object", + "required": [ + "defaultNodeSelector" + ], "properties": { - "cloudConfig": { - "description": "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config.\n\ncloudConfig should only be consumed by the kube_cloud_config controller. The controller is responsible for using the user configuration in the spec for various platforms and combining that with the user provided ConfigMap in this field to create a stitched kube cloud config. The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace with the kube cloud config is stored in `cloud.conf` key. All the clients are expected to use the generated ConfigMap only.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapFileReference" - }, - "platformSpec": { - "description": "platformSpec holds desired information specific to the underlying infrastructure provider.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.PlatformSpec" + "defaultNodeSelector": { + "description": "defaultNodeSelector holds default project node label selector", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.InfrastructureStatus": { - "description": "InfrastructureStatus describes the infrastructure the cluster is leveraging.", + "com.github.openshift.api.kubecontrolplane.v1.KubeletConnectionInfo": { + "description": "KubeletConnectionInfo holds information necessary for connecting to a kubelet", "type": "object", + "required": [ + "port", + "ca", + "certFile", + "keyFile" + ], "properties": { - "apiServerInternalURI": { - "description": "apiServerInternalURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components like kubelets, to contact the Kubernetes API server using the infrastructure provider rather than Kubernetes networking.", - "type": "string", - "default": "" - }, - "apiServerURL": { - "description": "apiServerURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerURL can be used by components like the web console to tell users where to find the Kubernetes API.", - "type": "string", - "default": "" - }, - "controlPlaneTopology": { - "description": "controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster. The 'HighlyAvailableArbiter' mode indicates that the control plane will consist of 2 control-plane nodes that run conventional services and 1 smaller sized arbiter node that runs a bare minimum of services to maintain quorum.", + "ca": { + "description": "ca is the CA for verifying TLS connections to kubelets", "type": "string", "default": "" }, - "cpuPartitioning": { - "description": "cpuPartitioning expresses if CPU partitioning is a currently enabled feature in the cluster. CPU Partitioning means that this cluster can support partitioning workloads to specific CPU Sets. Valid values are \"None\" and \"AllNodes\". When omitted, the default value is \"None\". The default value of \"None\" indicates that no nodes will be setup with CPU partitioning. The \"AllNodes\" value indicates that all nodes have been setup with CPU partitioning, and can then be further configured via the PerformanceProfile API.", - "type": "string", - "default": "None" - }, - "etcdDiscoveryDomain": { - "description": "etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.", + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", "type": "string", "default": "" }, - "infrastructureName": { - "description": "infrastructureName uniquely identifies a cluster with a human friendly name. Once set it should not be changed. Must be of max length 27 and must have only alphanumeric or hyphen characters.", + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", "type": "string", "default": "" }, - "infrastructureTopology": { - "description": "infrastructureTopology expresses the expectations for infrastructure services that do not run on control plane nodes, usually indicated by a node selector for a `role` value other than `master`. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation NOTE: External topology mode is not applicable for this field.", - "type": "string" - }, - "platform": { - "description": "platform is the underlying infrastructure provider for the cluster.\n\nDeprecated: Use platformStatus.type instead.", - "type": "string" - }, - "platformStatus": { - "description": "platformStatus holds status information specific to the underlying infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.PlatformStatus" + "port": { + "description": "port is the port to connect to kubelets on", + "type": "integer", + "format": "int64", + "default": 0 } } }, - "com.github.openshift.api.config.v1.Ingress": { - "description": "Ingress holds cluster-wide information about ingress, including the default ingress domain used for routes. The canonical name is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.kubecontrolplane.v1.MasterAuthConfig": { + "description": "MasterAuthConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", "type": "object", "required": [ - "spec" + "requestHeader", + "webhookTokenAuthenticators", + "oauthMetadataFile" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "oauthMetadataFile": { + "description": "oauthMetadataFile is a path to a file containing the discovery endpoint for OAuth 2.0 Authorization Server Metadata for an external OAuth server. See IETF Draft: // https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This option is mutually exclusive with OAuthConfig", + "type": "string", + "default": "" }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.IngressSpec" + "requestHeader": { + "description": "requestHeader holds options for setting up a front proxy against the API. It is optional.", + "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.RequestHeaderAuthenticationOptions" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.IngressStatus" + "webhookTokenAuthenticators": { + "description": "webhookTokenAuthenticators, if present configures remote token reviewers", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.WebhookTokenAuthenticator" + } } } }, - "com.github.openshift.api.config.v1.IngressList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.kubecontrolplane.v1.RequestHeaderAuthenticationOptions": { + "description": "RequestHeaderAuthenticationOptions provides options for setting up a front proxy against the entire API instead of against the /oauth endpoint.", "type": "object", "required": [ - "metadata", - "items" + "clientCA", + "clientCommonNames", + "usernameHeaders", + "groupHeaders", + "extraHeaderPrefixes" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "clientCA": { + "description": "clientCA is a file with the trusted signer certs. It is required.", + "type": "string", + "default": "" }, - "items": { + "clientCommonNames": { + "description": "clientCommonNames is a required list of common names to require a match from.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Ingress" + "type": "string", + "default": "" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "extraHeaderPrefixes": { + "description": "extraHeaderPrefixes is the set of request header prefixes to inspect for user extra. X-Remote-Extra- is suggested.", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "groupHeaders": { + "description": "groupHeaders is the set of headers to check for group information. All are unioned.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "usernameHeaders": { + "description": "usernameHeaders is the list of headers to check for user information. First hit wins.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.config.v1.IngressPlatformSpec": { - "description": "IngressPlatformSpec holds the desired state of Ingress specific to the underlying infrastructure provider of the current cluster. Since these are used at spec-level for the underlying cluster, it is supposed that only one of the spec structs is set.", + "com.github.openshift.api.kubecontrolplane.v1.ServiceServingCert": { + "description": "ServiceServingCert holds configuration for service serving cert signer which creates cert/key pairs for pods fulfilling a service to serve with.", "type": "object", "required": [ - "type" + "certFile" ], "properties": { - "aws": { - "description": "aws contains settings specific to the Amazon Web Services infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSIngressSpec" - }, - "type": { - "description": "type is the underlying infrastructure provider for the cluster. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"KubeVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", "type": "string", "default": "" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "aws": "AWS" - } - } - ] + } }, - "com.github.openshift.api.config.v1.IngressSpec": { + "com.github.openshift.api.kubecontrolplane.v1.UserAgentDenyRule": { + "description": "UserAgentDenyRule adds a rejection message that can be used to help a user figure out how to get an approved client", "type": "object", "required": [ - "domain" + "regex", + "httpVerbs", + "rejectionMessage" ], "properties": { - "appsDomain": { - "description": "appsDomain is an optional domain to use instead of the one specified in the domain field when a Route is created without specifying an explicit host. If appsDomain is nonempty, this value is used to generate default host values for Route. Unlike domain, appsDomain may be modified after installation. This assumes a new ingresscontroller has been setup with a wildcard certificate.", - "type": "string" - }, - "componentRoutes": { - "description": "componentRoutes is an optional list of routes that are managed by OpenShift components that a cluster-admin is able to configure the hostname and serving certificate for. The namespace and name of each route in this list should match an existing entry in the status.componentRoutes list.\n\nTo determine the set of configurable Routes, look at namespace and name of entries in the .status.componentRoutes list, where participating operators write the status of configurable routes.", + "httpVerbs": { + "description": "httpVerbs specifies which HTTP verbs should be matched. An empty list means \"match all verbs\".", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ComponentRouteSpec" - }, - "x-kubernetes-list-map-keys": [ - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" + "type": "string", + "default": "" + } }, - "domain": { - "description": "domain is used to generate a default host name for a route when the route's host name is empty. The generated host name will follow this pattern: \"..\".\n\nIt is also used as the default wildcard domain suffix for ingress. The default ingresscontroller domain will follow this pattern: \"*.\".\n\nOnce set, changing domain is not currently supported.", + "regex": { + "description": "regex is a regex that is checked against the User-Agent. Known variants of oc clients 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f", "type": "string", "default": "" }, - "loadBalancer": { - "description": "loadBalancer contains the load balancer details in general which are not only specific to the underlying infrastructure provider of the current cluster and are required for Ingress Controller to work on OpenShift.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.LoadBalancer" - }, - "requiredHSTSPolicies": { - "description": "requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created or updated routes matching the domainPattern/s and namespaceSelector/s that are specified in the policy. Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route annotation, and affect route admission.\n\nA candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation: \"haproxy.router.openshift.io/hsts_header\" E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains\n\n- For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector, then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted. Otherwise, the route is rejected. - The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies determines the route's admission status. - If the candidate route doesn't match any requiredHSTSPolicy domainPattern and optional namespaceSelector, then it may use any HSTS Policy annotation.\n\nThe HSTS policy configuration may be changed after routes have already been created. An update to a previously admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration. However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working.\n\nNote that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.RequiredHSTSPolicy" - } + "rejectionMessage": { + "description": "rejectionMessage is the message shown when rejecting a client. If it is not a set, the default message is used.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.IngressStatus": { + "com.github.openshift.api.kubecontrolplane.v1.UserAgentMatchRule": { + "description": "UserAgentMatchRule describes how to match a given request based on User-Agent and HTTPVerb", "type": "object", + "required": [ + "regex", + "httpVerbs" + ], "properties": { - "componentRoutes": { - "description": "componentRoutes is where participating operators place the current route status for routes whose hostnames and serving certificates can be customized by the cluster-admin.", + "httpVerbs": { + "description": "httpVerbs specifies which HTTP verbs should be matched. An empty list means \"match all verbs\".", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ComponentRouteStatus" - }, - "x-kubernetes-list-map-keys": [ - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" + "type": "string", + "default": "" + } }, - "defaultPlacement": { - "description": "defaultPlacement is set at installation time to control which nodes will host the ingress router pods by default. The options are control-plane nodes or worker nodes.\n\nThis field works by dictating how the Cluster Ingress Operator will consider unset replicas and nodePlacement fields in IngressController resources when creating the corresponding Deployments.\n\nSee the documentation for the IngressController replicas and nodePlacement fields for more information.\n\nWhen omitted, the default value is Workers", + "regex": { + "description": "regex is a regex that is checked against the User-Agent. Known variants of oc clients 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.InsightsDataGather": { - "description": "InsightsDataGather provides data gather configuration options for the Insights Operator.\n\n\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.kubecontrolplane.v1.UserAgentMatchingConfig": { + "description": "UserAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!", "type": "object", "required": [ - "spec" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.InsightsDataGatherSpec" - } - } - }, - "com.github.openshift.api.config.v1.InsightsDataGatherList": { - "description": "InsightsDataGatherList is a collection of items Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "metadata", - "items" + "requiredClients", + "deniedClients", + "defaultRejectionMessage" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "defaultRejectionMessage": { + "description": "defaultRejectionMessage is the message shown when rejecting a client. If it is not a set, a generic message is given.", + "type": "string", + "default": "" }, - "items": { - "description": "items is the required list of InsightsDataGather objects it may not exceed 100 items", + "deniedClients": { + "description": "deniedClients if this list is non-empty, then a User-Agent must not match any of the UserAgentRegexes", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.InsightsDataGather" + "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.UserAgentDenyRule" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the required standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.config.v1.InsightsDataGatherSpec": { - "description": "InsightsDataGatherSpec contains the configuration for the data gathering.", - "type": "object", - "required": [ - "gatherConfig" - ], - "properties": { - "gatherConfig": { - "description": "gatherConfig is a required spec attribute that includes all the configuration options related to gathering of the Insights data and its uploading to the ingress.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.GatherConfig" - } - } - }, - "com.github.openshift.api.config.v1.IntermediateTLSProfile": { - "description": "IntermediateTLSProfile is a TLS security profile based on the \"intermediate\" configuration of the Mozilla Server Side TLS configuration guidelines.", - "type": "object" - }, - "com.github.openshift.api.config.v1.KMSConfig": { - "description": "KMSConfig defines the configuration for the KMS instance that will be used with KMSEncryptionProvider encryption", - "type": "object", - "required": [ - "type" - ], - "properties": { - "aws": { - "description": "aws defines the key config for using an AWS KMS instance for the encryption. The AWS KMS instance is managed by the user outside the purview of the control plane.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSKMSConfig" - }, - "type": { - "description": "type defines the kind of platform for the KMS provider. Available provider types are AWS only.", - "type": "string", - "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "aws": "AWS" + "requiredClients": { + "description": "requiredClients if this list is non-empty, then a User-Agent must match one of the UserAgentRegexes to be allowed", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.UserAgentMatchRule" } } - ] + } }, - "com.github.openshift.api.config.v1.KeystoneIdentityProvider": { - "description": "KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials", + "com.github.openshift.api.kubecontrolplane.v1.WebhookTokenAuthenticator": { + "description": "WebhookTokenAuthenticators holds the necessary configuation options for external token authenticators", "type": "object", "required": [ - "url", - "domainName" + "configFile", + "cacheTTL" ], "properties": { - "ca": { - "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" - }, - "domainName": { - "description": "domainName is required for keystone v3", - "type": "string", - "default": "" - }, - "tlsClientCert": { - "description": "tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key \"tls.crt\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" - }, - "tlsClientKey": { - "description": "tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key \"tls.key\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" - }, - "url": { - "description": "url is the remote URL to connect to", + "cacheTTL": { + "description": "cacheTTL indicates how long an authentication result should be cached. It takes a valid time duration string (e.g. \"5m\"). If empty, you get a default timeout of 2 minutes. If zero (e.g. \"0m\"), caching is disabled", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.config.v1.KubeClientConfig": { - "type": "object", - "required": [ - "kubeConfig", - "connectionOverrides" - ], - "properties": { - "connectionOverrides": { - "description": "connectionOverrides specifies client overrides for system components to loop back to this master.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClientConnectionOverrides" }, - "kubeConfig": { - "description": "kubeConfig is a .kubeconfig filename for going to the owning kube-apiserver. Empty uses an in-cluster-config", + "configFile": { + "description": "configFile is a path to a Kubeconfig file with the webhook configuration", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.KubevirtPlatformSpec": { - "description": "KubevirtPlatformSpec holds the desired state of the kubevirt infrastructure provider. This only includes fields that can be modified in the cluster.", - "type": "object" - }, - "com.github.openshift.api.config.v1.KubevirtPlatformStatus": { - "description": "KubevirtPlatformStatus holds the current status of the kubevirt infrastructure provider.", - "type": "object", - "properties": { - "apiServerInternalIP": { - "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", - "type": "string" - }, - "ingressIP": { - "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.", - "type": "string" - } - } - }, - "com.github.openshift.api.config.v1.LDAPAttributeMapping": { - "description": "LDAPAttributeMapping maps LDAP attributes to OpenShift identity fields", + "com.github.openshift.api.legacyconfig.v1.ActiveDirectoryConfig": { + "description": "ActiveDirectoryConfig holds the necessary configuration options to define how an LDAP group sync interacts with an LDAP server using the Active Directory schema", "type": "object", "required": [ - "id" + "usersQuery", + "userNameAttributes", + "groupMembershipAttributes" ], "properties": { - "email": { - "description": "email is the list of attributes whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", + "groupMembershipAttributes": { + "description": "groupMembershipAttributes defines which attributes on an LDAP user entry will be interpreted as the groups it is a member of", "type": "array", "items": { "type": "string", "default": "" } }, - "id": { - "description": "id is the list of attributes whose values should be used as the user ID. Required. First non-empty attribute is used. At least one attribute is required. If none of the listed attribute have a value, authentication fails. LDAP standard identity attribute is \"dn\"", + "userNameAttributes": { + "description": "userNameAttributes defines which attributes on an LDAP user entry will be interpreted as its OpenShift user name.", "type": "array", "items": { "type": "string", "default": "" } }, - "name": { - "description": "name is the list of attributes whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity LDAP standard display name attribute is \"cn\"", - "type": "array", - "items": { - "type": "string", - "default": "" + "usersQuery": { + "description": "AllUsersQuery holds the template for an LDAP query that returns user entries.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LDAPQuery" + } + } + }, + "com.github.openshift.api.legacyconfig.v1.AdmissionConfig": { + "description": "AdmissionConfig holds the necessary configuration options for admission", + "type": "object", + "required": [ + "pluginConfig" + ], + "properties": { + "pluginConfig": { + "description": "pluginConfig allows specifying a configuration file per admission control plugin", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.AdmissionPluginConfig" } }, - "preferredUsername": { - "description": "preferredUsername is the list of attributes whose values should be used as the preferred username. LDAP standard login attribute is \"uid\"", + "pluginOrderOverride": { + "description": "pluginOrderOverride is a list of admission control plugin names that will be installed on the master. Order is significant. If empty, a default list of plugins is used.", "type": "array", "items": { "type": "string", @@ -20216,2199 +18494,2434 @@ } } }, - "com.github.openshift.api.config.v1.LDAPIdentityProvider": { - "description": "LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials", + "com.github.openshift.api.legacyconfig.v1.AdmissionPluginConfig": { + "description": "AdmissionPluginConfig holds the necessary configuration options for admission plugins", "type": "object", "required": [ - "url", - "insecure", - "attributes" + "location", + "configuration" ], "properties": { - "attributes": { - "description": "attributes maps LDAP attributes to identities", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.LDAPAttributeMapping" - }, - "bindDN": { - "description": "bindDN is an optional DN to bind with during the search phase.", - "type": "string", - "default": "" - }, - "bindPassword": { - "description": "bindPassword is an optional reference to a secret by name containing a password to bind with during the search phase. The key \"bindPassword\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" - }, - "ca": { - "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" - }, - "insecure": { - "description": "insecure, if true, indicates the connection should not use TLS WARNING: Should not be set to `true` with the URL scheme \"ldaps://\" as \"ldaps://\" URLs always\n attempt to connect using TLS, even when `insecure` is set to `true`\nWhen `true`, \"ldap://\" URLS connect insecurely. When `false`, \"ldap://\" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830.", - "type": "boolean", - "default": false + "configuration": { + "description": "configuration is an embedded configuration object to be used as the plugin's configuration. If present, it will be used instead of the path to the configuration file.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "url": { - "description": "url is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is: ldap://host:port/basedn?attribute?scope?filter", + "location": { + "description": "location is the path to a configuration file that contains the plugin's configuration", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.LeaderElection": { - "description": "LeaderElection provides information to elect a leader", + "com.github.openshift.api.legacyconfig.v1.AggregatorConfig": { + "description": "AggregatorConfig holds information required to make the aggregator function.", "type": "object", "required": [ - "leaseDuration", - "renewDeadline", - "retryPeriod" + "proxyClientInfo" ], "properties": { - "disable": { - "description": "disable allows leader election to be suspended while allowing a fully defaulted \"normal\" startup case.", - "type": "boolean" - }, - "leaseDuration": { - "description": "leaseDuration is the duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate. This is only applicable if leader election is enabled.", - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "name": { - "description": "name indicates what name to use for the resource", - "type": "string" - }, - "namespace": { - "description": "namespace indicates which namespace the resource is in", - "type": "string" - }, - "renewDeadline": { - "description": "renewDeadline is the interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. This is only applicable if leader election is enabled.", - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "retryPeriod": { - "description": "retryPeriod is the duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled.", - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.config.v1.LoadBalancer": { - "type": "object", - "properties": { - "platform": { - "description": "platform holds configuration specific to the underlying infrastructure provider for the ingress load balancers. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.", + "proxyClientInfo": { + "description": "proxyClientInfo specifies the client cert/key to use when proxying to aggregated API servers", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.IngressPlatformSpec" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.CertInfo" } } }, - "com.github.openshift.api.config.v1.MTUMigration": { - "description": "MTUMigration contains infomation about MTU migration.", + "com.github.openshift.api.legacyconfig.v1.AllowAllPasswordIdentityProvider": { + "description": "AllowAllPasswordIdentityProvider provides identities for users authenticating using non-empty passwords\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "properties": { - "machine": { - "description": "machine contains MTU migration configuration for the machine's uplink.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.MTUMigrationValues" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "network": { - "description": "network contains MTU migration configuration for the default network.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.MTUMigrationValues" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" } } }, - "com.github.openshift.api.config.v1.MTUMigrationValues": { - "description": "MTUMigrationValues contains the values for a MTU migration.", + "com.github.openshift.api.legacyconfig.v1.AuditConfig": { + "description": "AuditConfig holds configuration for the audit capabilities", "type": "object", "required": [ - "to" + "enabled", + "auditFilePath", + "maximumFileRetentionDays", + "maximumRetainedFiles", + "maximumFileSizeMegabytes", + "policyFile", + "policyConfiguration", + "logFormat", + "webHookKubeConfig", + "webHookMode" ], "properties": { - "from": { - "description": "from is the MTU to migrate from.", - "type": "integer", - "format": "int64" + "auditFilePath": { + "description": "All requests coming to the apiserver will be logged to this file.", + "type": "string", + "default": "" }, - "to": { - "description": "to is the MTU to migrate to.", + "enabled": { + "description": "If this flag is set, audit log will be printed in the logs. The logs contains, method, user and a requested URL.", + "type": "boolean", + "default": false + }, + "logFormat": { + "description": "Format of saved audits (legacy or json).", + "type": "string", + "default": "" + }, + "maximumFileRetentionDays": { + "description": "Maximum number of days to retain old log files based on the timestamp encoded in their filename.", "type": "integer", - "format": "int64" - } - } - }, - "com.github.openshift.api.config.v1.MaxAgePolicy": { - "description": "MaxAgePolicy contains a numeric range for specifying a compliant HSTS max-age for the enclosing RequiredHSTSPolicy", - "type": "object", - "properties": { - "largestMaxAge": { - "description": "The largest allowed value (in seconds) of the RequiredHSTSPolicy max-age This value can be left unspecified, in which case no upper limit is enforced.", + "format": "int32", + "default": 0 + }, + "maximumFileSizeMegabytes": { + "description": "Maximum size in megabytes of the log file before it gets rotated. Defaults to 100MB.", "type": "integer", - "format": "int32" + "format": "int32", + "default": 0 }, - "smallestMaxAge": { - "description": "The smallest allowed value (in seconds) of the RequiredHSTSPolicy max-age Setting max-age=0 allows the deletion of an existing HSTS header from a host. This is a necessary tool for administrators to quickly correct mistakes. This value can be left unspecified, in which case no lower limit is enforced.", + "maximumRetainedFiles": { + "description": "Maximum number of old log files to retain.", "type": "integer", - "format": "int32" + "format": "int32", + "default": 0 + }, + "policyConfiguration": { + "description": "policyConfiguration is an embedded policy configuration object to be used as the audit policy configuration. If present, it will be used instead of the path to the policy file.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + }, + "policyFile": { + "description": "policyFile is a path to the file that defines the audit policy configuration.", + "type": "string", + "default": "" + }, + "webHookKubeConfig": { + "description": "Path to a .kubeconfig formatted file that defines the audit webhook configuration.", + "type": "string", + "default": "" + }, + "webHookMode": { + "description": "Strategy for sending audit events (block or batch).", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.ModernTLSProfile": { - "description": "ModernTLSProfile is a TLS security profile based on the \"modern\" configuration of the Mozilla Server Side TLS configuration guidelines.", - "type": "object" - }, - "com.github.openshift.api.config.v1.NamedCertificate": { - "description": "NamedCertificate specifies a certificate/key, and the names it should be served for", + "com.github.openshift.api.legacyconfig.v1.AugmentedActiveDirectoryConfig": { + "description": "AugmentedActiveDirectoryConfig holds the necessary configuration options to define how an LDAP group sync interacts with an LDAP server using the augmented Active Directory schema", "type": "object", "required": [ - "certFile", - "keyFile" + "usersQuery", + "userNameAttributes", + "groupMembershipAttributes", + "groupsQuery", + "groupUIDAttribute", + "groupNameAttributes" ], "properties": { - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" + "groupMembershipAttributes": { + "description": "groupMembershipAttributes defines which attributes on an LDAP user entry will be interpreted as the groups it is a member of", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "groupNameAttributes": { + "description": "groupNameAttributes defines which attributes on an LDAP group entry will be interpreted as its name to use for an OpenShift group", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "groupUIDAttribute": { + "description": "GroupUIDAttributes defines which attribute on an LDAP group entry will be interpreted as its unique identifier. (ldapGroupUID)", "type": "string", "default": "" }, - "names": { - "description": "names is a list of DNS names this certificate should be used to secure A name can be a normal DNS name, or can contain leading wildcard segments.", + "groupsQuery": { + "description": "AllGroupsQuery holds the template for an LDAP query that returns group entries.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LDAPQuery" + }, + "userNameAttributes": { + "description": "userNameAttributes defines which attributes on an LDAP user entry will be interpreted as its OpenShift user name.", "type": "array", "items": { "type": "string", "default": "" } + }, + "usersQuery": { + "description": "AllUsersQuery holds the template for an LDAP query that returns user entries.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LDAPQuery" } } }, - "com.github.openshift.api.config.v1.Network": { - "description": "Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. Please view network.spec for an explanation on what applies when configuring this resource.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.BasicAuthPasswordIdentityProvider": { + "description": "BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "spec" + "url", + "ca", + "certFile", + "keyFile" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "ca": { + "description": "ca is the CA for verifying TLS connections", + "type": "string", + "default": "" }, - "spec": { - "description": "spec holds user settable values for configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkSpec" + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", + "type": "string", + "default": "" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkStatus" - } - } - }, - "com.github.openshift.api.config.v1.NetworkDiagnostics": { - "type": "object", - "properties": { - "mode": { - "description": "mode controls the network diagnostics mode\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is All.", + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", "type": "string", "default": "" }, - "sourcePlacement": { - "description": "sourcePlacement controls the scheduling of network diagnostics source deployment\n\nSee NetworkDiagnosticsSourcePlacement for more details about default values.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkDiagnosticsSourcePlacement" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "targetPlacement": { - "description": "targetPlacement controls the scheduling of network diagnostics target daemonset\n\nSee NetworkDiagnosticsTargetPlacement for more details about default values.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkDiagnosticsTargetPlacement" + "url": { + "description": "url is the remote URL to connect to", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.NetworkDiagnosticsSourcePlacement": { - "description": "NetworkDiagnosticsSourcePlacement defines node scheduling configuration network diagnostics source components", + "com.github.openshift.api.legacyconfig.v1.BuildDefaultsConfig": { + "description": "BuildDefaultsConfig controls the default information for Builds\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "properties": { - "nodeSelector": { - "description": "nodeSelector is the node selector applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `kubernetes.io/os: linux`.", + "annotations": { + "description": "annotations are annotations that will be added to the build pod", "type": "object", "additionalProperties": { "type": "string", "default": "" } }, - "tolerations": { - "description": "tolerations is a list of tolerations applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is an empty list.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "com.github.openshift.api.config.v1.NetworkDiagnosticsTargetPlacement": { - "description": "NetworkDiagnosticsTargetPlacement defines node scheduling configuration network diagnostics target components", - "type": "object", - "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "env": { + "description": "env is a set of default environment variables that will be applied to the build if the specified variables do not exist on the build", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + } + }, + "gitHTTPProxy": { + "description": "gitHTTPProxy is the location of the HTTPProxy for Git source", + "type": "string" + }, + "gitHTTPSProxy": { + "description": "gitHTTPSProxy is the location of the HTTPSProxy for Git source", + "type": "string" + }, + "gitNoProxy": { + "description": "gitNoProxy is the list of domains for which the proxy should not be used", + "type": "string" + }, + "imageLabels": { + "description": "imageLabels is a list of labels that are applied to the resulting image. User can override a default label by providing a label with the same name in their Build/BuildConfig.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageLabel" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, "nodeSelector": { - "description": "nodeSelector is the node selector applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `kubernetes.io/os: linux`.", + "description": "nodeSelector is a selector which must be true for the build pod to fit on a node", "type": "object", "additionalProperties": { "type": "string", "default": "" } }, - "tolerations": { - "description": "tolerations is a list of tolerations applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `- operator: \"Exists\"` which means that all taints are tolerated.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "resources": { + "description": "resources defines resource requirements to execute the build.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" + }, + "sourceStrategyDefaults": { + "description": "sourceStrategyDefaults are default values that apply to builds using the source strategy.", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.SourceStrategyDefaultsConfig" } } }, - "com.github.openshift.api.config.v1.NetworkList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.BuildOverridesConfig": { + "description": "BuildOverridesConfig controls override settings for builds\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "metadata", - "items" + "forcePull" ], "properties": { + "annotations": { + "description": "annotations are annotations that will be added to the build pod", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { + "forcePull": { + "description": "forcePull indicates whether the build strategy should always be set to ForcePull=true", + "type": "boolean", + "default": false + }, + "imageLabels": { + "description": "imageLabels is a list of labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Network" + "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageLabel" } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.config.v1.NetworkMigration": { - "description": "NetworkMigration represents the network migration status.", - "type": "object", - "properties": { - "mtu": { - "description": "mtu is the MTU configuration that is being deployed.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.MTUMigration" + "nodeSelector": { + "description": "nodeSelector is a selector which must be true for the build pod to fit on a node", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } }, - "networkType": { - "description": "networkType is the target plugin that is being deployed. DEPRECATED: network type migration is no longer supported, so this should always be unset.", - "type": "string" + "tolerations": { + "description": "tolerations is a list of Tolerations that will override any existing tolerations set on a build pod.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" + } } } }, - "com.github.openshift.api.config.v1.NetworkSpec": { - "description": "NetworkSpec is the desired network configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.", + "com.github.openshift.api.legacyconfig.v1.CertInfo": { + "description": "CertInfo relates a certificate with a private key", "type": "object", "required": [ - "clusterNetwork", - "serviceNetwork", - "networkType" + "certFile", + "keyFile" ], "properties": { - "clusterNetwork": { - "description": "IP address pool to use for pod IPs. This field is immutable after installation.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterNetworkEntry" - }, - "x-kubernetes-list-type": "atomic" - }, - "externalIP": { - "description": "externalIP defines configuration for controllers that affect Service.ExternalIP. If nil, then ExternalIP is not allowed to be set.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.ExternalIPConfig" - }, - "networkDiagnostics": { - "description": "networkDiagnostics defines network diagnostics configuration.\n\nTakes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. If networkDiagnostics is not specified or is empty, and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true, the network diagnostics feature will be disabled.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkDiagnostics" - }, - "networkType": { - "description": "networkType is the plugin that is to be deployed (e.g. OVNKubernetes). This should match a value that the cluster-network-operator understands, or else no networking will be installed. Currently supported values are: - OVNKubernetes This field is immutable after installation.", + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", "type": "string", "default": "" }, - "serviceNetwork": { - "description": "IP address pool for services. Currently, we only support a single entry here. This field is immutable after installation.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "serviceNodePortRange": { - "description": "The port range allowed for Services of type NodePort. If not specified, the default of 30000-32767 will be used. Such Services without a NodePort specified will have one automatically allocated from this range. This parameter can be updated after the cluster is installed.", - "type": "string" + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.NetworkStatus": { - "description": "NetworkStatus is the current network configuration.", + "com.github.openshift.api.legacyconfig.v1.ClientConnectionOverrides": { + "description": "ClientConnectionOverrides are a set of overrides to the default client connection settings.", "type": "object", + "required": [ + "acceptContentTypes", + "contentType", + "qps", + "burst" + ], "properties": { - "clusterNetwork": { - "description": "IP address pool to use for pod IPs.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterNetworkEntry" - }, - "x-kubernetes-list-type": "atomic" + "acceptContentTypes": { + "description": "acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the default value of 'application/json'. This field will control all connections to the server used by a particular client.", + "type": "string", + "default": "" }, - "clusterNetworkMTU": { - "description": "clusterNetworkMTU is the MTU for inter-pod networking.", + "burst": { + "description": "burst allows extra queries to accumulate when a client is exceeding its rate.", "type": "integer", - "format": "int32" - }, - "conditions": { - "description": "conditions represents the observations of a network.config current state. Known .status.conditions.type are: \"NetworkDiagnosticsAvailable\"", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "migration": { - "description": "migration contains the cluster network migration configuration.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkMigration" + "format": "int32", + "default": 0 }, - "networkType": { - "description": "networkType is the plugin that is deployed (e.g. OVNKubernetes).", - "type": "string" + "contentType": { + "description": "contentType is the content type used when sending data to the server from this client.", + "type": "string", + "default": "" }, - "serviceNetwork": { - "description": "IP address pool for services. Currently, we only support a single entry here.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "qps": { + "description": "qps controls the number of queries per second allowed for this connection.", + "type": "number", + "format": "float", + "default": 0 } } }, - "com.github.openshift.api.config.v1.Node": { - "description": "Node holds cluster-wide information about node specific features.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.ClusterNetworkEntry": { + "description": "ClusterNetworkEntry defines an individual cluster network. The CIDRs cannot overlap with other cluster network CIDRs, CIDRs reserved for external ips, CIDRs reserved for service networks, and CIDRs reserved for ingress ips.", "type": "object", "required": [ - "spec" + "cidr", + "hostSubnetLength" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NodeSpec" + "cidr": { + "description": "cidr defines the total range of a cluster networks address space.", + "type": "string", + "default": "" }, - "status": { - "description": "status holds observed values.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NodeStatus" + "hostSubnetLength": { + "description": "hostSubnetLength is the number of bits of the accompanying CIDR address to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pod.", + "type": "integer", + "format": "int64", + "default": 0 } } }, - "com.github.openshift.api.config.v1.NodeList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.ControllerConfig": { + "description": "ControllerConfig holds configuration values for controllers", "type": "object", "required": [ - "metadata", - "items" + "controllers", + "election", + "serviceServingCert" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { + "controllers": { + "description": "controllers is a list of controllers to enable. '*' enables all on-by-default controllers, 'foo' enables the controller \"+ named 'foo', '-foo' disables the controller named 'foo'. Defaults to \"*\".", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Node" + "type": "string", + "default": "" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "election": { + "description": "election defines the configuration for electing a controller instance to make changes to the cluster. If unspecified, the ControllerTTL value is checked to determine whether the legacy direct etcd election code will be used.", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ControllerElectionConfig" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "serviceServingCert": { + "description": "serviceServingCert holds configuration for service serving cert signer which creates cert/key pairs for pods fulfilling a service to serve with.", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ServiceServingCert" } } }, - "com.github.openshift.api.config.v1.NodeSpec": { + "com.github.openshift.api.legacyconfig.v1.ControllerElectionConfig": { + "description": "ControllerElectionConfig contains configuration values for deciding how a controller will be elected to act as leader.", "type": "object", + "required": [ + "lockName", + "lockNamespace", + "lockResource" + ], "properties": { - "cgroupMode": { - "description": "cgroupMode determines the cgroups version on the node", - "type": "string" + "lockName": { + "description": "lockName is the resource name used to act as the lock for determining which controller instance should lead.", + "type": "string", + "default": "" }, - "minimumKubeletVersion": { - "description": "minimumKubeletVersion is the lowest version of a kubelet that can join the cluster. Specifically, the apiserver will deny most authorization requests of kubelets that are older than the specified version, only allowing the kubelet to get and update its node object, and perform subjectaccessreviews. This means any kubelet that attempts to join the cluster will not be able to run any assigned workloads, and will eventually be marked as not ready. Its max length is 8, so maximum version allowed is either \"9.999.99\" or \"99.99.99\". Since the kubelet reports the version of the kubernetes release, not Openshift, this field references the underlying kubernetes version this version of Openshift is based off of. In other words: if an admin wishes to ensure no nodes run an older version than Openshift 4.17, then they should set the minimumKubeletVersion to 1.30.0. When comparing versions, the kubelet's version is stripped of any contents outside of major.minor.patch version. Thus, a kubelet with version \"1.0.0-ec.0\" will be compatible with minimumKubeletVersion \"1.0.0\" or earlier.", + "lockNamespace": { + "description": "lockNamespace is the resource namespace used to act as the lock for determining which controller instance should lead. It defaults to \"kube-system\"", "type": "string", "default": "" }, - "workerLatencyProfile": { - "description": "workerLatencyProfile determins the how fast the kubelet is updating the status and corresponding reaction of the cluster", - "type": "string" - } - } - }, - "com.github.openshift.api.config.v1.NodeStatus": { - "type": "object", - "properties": { - "conditions": { - "description": "conditions contain the details and the current state of the nodes.config object", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "lockResource": { + "description": "lockResource is the group and resource name to use to coordinate for the controller lock. If unset, defaults to \"configmaps\".", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.GroupResource" } } }, - "com.github.openshift.api.config.v1.NutanixFailureDomain": { - "description": "NutanixFailureDomain configures failure domain information for the Nutanix platform.", + "com.github.openshift.api.legacyconfig.v1.DNSConfig": { + "description": "DNSConfig holds the necessary configuration options for DNS", "type": "object", "required": [ - "name", - "cluster", - "subnets" + "bindAddress", + "bindNetwork", + "allowRecursiveQueries" ], "properties": { - "cluster": { - "description": "cluster is to identify the cluster (the Prism Element under management of the Prism Central), in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixResourceIdentifier" + "allowRecursiveQueries": { + "description": "allowRecursiveQueries allows the DNS server on the master to answer queries recursively. Note that open resolvers can be used for DNS amplification attacks and the master DNS should not be made accessible to public networks.", + "type": "boolean", + "default": false }, - "name": { - "description": "name defines the unique name of a failure domain. Name is required and must be at most 64 characters in length. It must consist of only lower case alphanumeric characters and hyphens (-). It must start and end with an alphanumeric character. This value is arbitrary and is used to identify the failure domain within the platform.", + "bindAddress": { + "description": "bindAddress is the ip:port to serve DNS on", "type": "string", "default": "" }, - "subnets": { - "description": "subnets holds a list of identifiers (one or more) of the cluster's network subnets If the feature gate NutanixMultiSubnets is enabled, up to 32 subnets may be configured. for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixResourceIdentifier" - }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "com.github.openshift.api.config.v1.NutanixPlatformLoadBalancer": { - "description": "NutanixPlatformLoadBalancer defines the load balancer used by the cluster on Nutanix platform.", - "type": "object", - "properties": { - "type": { - "description": "type defines the type of load balancer used by the cluster on Nutanix platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", + "bindNetwork": { + "description": "bindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", "type": "string", - "default": "OpenShiftManagedDefault" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": {} + "default": "" } - ] + } }, - "com.github.openshift.api.config.v1.NutanixPlatformSpec": { - "description": "NutanixPlatformSpec holds the desired state of the Nutanix infrastructure provider. This only includes fields that can be modified in the cluster.", + "com.github.openshift.api.legacyconfig.v1.DefaultAdmissionConfig": { + "description": "DefaultAdmissionConfig can be used to enable or disable various admission plugins. When this type is present as the `configuration` object under `pluginConfig` and *if* the admission plugin supports it, this will cause an \"off by default\" admission plugin to be enabled\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "prismCentral", - "prismElements" + "disable" ], "properties": { - "failureDomains": { - "description": "failureDomains configures failure domains information for the Nutanix platform. When set, the failure domains defined here may be used to spread Machines across prism element clusters to improve fault tolerance of the cluster.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixFailureDomain" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "prismCentral": { - "description": "prismCentral holds the endpoint address and port to access the Nutanix Prism Central. When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixPrismEndpoint" + "disable": { + "description": "disable turns off an admission plugin that is enabled by default.", + "type": "boolean", + "default": false }, - "prismElements": { - "description": "prismElements holds one or more endpoint address and port data to access the Nutanix Prism Elements (clusters) of the Nutanix Prism Central. Currently we only support one Prism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.) used in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.) spread over multiple Prism Elements (clusters) of the Prism Central.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixPrismElementEndpoint" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" } } }, - "com.github.openshift.api.config.v1.NutanixPlatformStatus": { - "description": "NutanixPlatformStatus holds the current status of the Nutanix infrastructure provider.", + "com.github.openshift.api.legacyconfig.v1.DenyAllPasswordIdentityProvider": { + "description": "DenyAllPasswordIdentityProvider provides no identities for users\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", - "required": [ - "apiServerInternalIPs", - "ingressIPs" - ], "properties": { - "apiServerInternalIP": { - "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "apiServerInternalIPs": { - "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" - }, - "dnsRecordsType": { - "description": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.\n\nPossible enum values:\n - `\"External\"`\n - `\"Internal\"`", - "type": "string", - "enum": [ - "External", - "Internal" - ] - }, - "ingressIP": { - "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - }, - "ingressIPs": { - "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" - }, - "loadBalancer": { - "description": "loadBalancer defines how the load balancer used by the cluster is configured.", - "default": { - "type": "OpenShiftManagedDefault" - }, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixPlatformLoadBalancer" } } }, - "com.github.openshift.api.config.v1.NutanixPrismElementEndpoint": { - "description": "NutanixPrismElementEndpoint holds the name and endpoint data for a Prism Element (cluster)", + "com.github.openshift.api.legacyconfig.v1.DockerConfig": { + "description": "DockerConfig holds Docker related configuration options.", "type": "object", "required": [ - "name", - "endpoint" + "execHandlerName", + "dockerShimSocket", + "dockerShimRootDirectory" ], "properties": { - "endpoint": { - "description": "endpoint holds the endpoint address and port data of the Prism Element (cluster). When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixPrismEndpoint" + "dockerShimRootDirectory": { + "description": "dockerShimRootDirectory is the dockershim root directory.", + "type": "string", + "default": "" }, - "name": { - "description": "name is the name of the Prism Element (cluster). This value will correspond with the cluster field configured on other resources (eg Machines, PVCs, etc).", + "dockerShimSocket": { + "description": "dockerShimSocket is the location of the dockershim socket the kubelet uses. Currently unix socket is supported on Linux, and tcp is supported on windows. Examples:'unix:///var/run/dockershim.sock', 'tcp://localhost:3735'", + "type": "string", + "default": "" + }, + "execHandlerName": { + "description": "execHandlerName is the name of the handler to use for executing commands in containers.", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.NutanixPrismEndpoint": { - "description": "NutanixPrismEndpoint holds the endpoint address and port to access the Nutanix Prism Central or Element (cluster)", + "com.github.openshift.api.legacyconfig.v1.EtcdConfig": { + "description": "EtcdConfig holds the necessary configuration options for connecting with an etcd database", "type": "object", "required": [ + "servingInfo", "address", - "port" + "peerServingInfo", + "peerAddress", + "storageDirectory" ], "properties": { "address": { - "description": "address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster)", + "description": "address is the advertised host:port for client connections to etcd", "type": "string", "default": "" }, - "port": { - "description": "port is the port number to access the Nutanix Prism Central or Element (cluster)", - "type": "integer", - "format": "int32", - "default": 0 + "peerAddress": { + "description": "peerAddress is the advertised host:port for peer connections to etcd", + "type": "string", + "default": "" + }, + "peerServingInfo": { + "description": "peerServingInfo describes how to start serving the etcd peer", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ServingInfo" + }, + "servingInfo": { + "description": "servingInfo describes how to start serving the etcd master", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ServingInfo" + }, + "storageDirectory": { + "description": "StorageDir is the path to the etcd storage directory", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.NutanixResourceIdentifier": { - "description": "NutanixResourceIdentifier holds the identity of a Nutanix PC resource (cluster, image, subnet, etc.)", + "com.github.openshift.api.legacyconfig.v1.EtcdConnectionInfo": { + "description": "EtcdConnectionInfo holds information necessary for connecting to an etcd server", "type": "object", "required": [ - "type" + "urls", + "ca", + "certFile", + "keyFile" ], "properties": { - "name": { - "description": "name is the resource name in the PC. It cannot be empty if the type is Name.", - "type": "string" + "ca": { + "description": "ca is a file containing trusted roots for the etcd server certificates", + "type": "string", + "default": "" }, - "type": { - "description": "type is the identifier type to use for this resource.", + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", "type": "string", "default": "" }, - "uuid": { - "description": "uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID.", - "type": "string" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "name": "Name", - "uuid": "UUID" + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" + }, + "urls": { + "description": "urls are the URLs for etcd", + "type": "array", + "items": { + "type": "string", + "default": "" } } - ] + } }, - "com.github.openshift.api.config.v1.OAuth": { - "description": "OAuth holds cluster-wide information about OAuth. The canonical name is `cluster`. It is used to configure the integrated OAuth server. This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.EtcdStorageConfig": { + "description": "EtcdStorageConfig holds the necessary configuration options for the etcd storage underlying OpenShift and Kubernetes", "type": "object", "required": [ - "metadata", - "spec" + "kubernetesStorageVersion", + "kubernetesStoragePrefix", + "openShiftStorageVersion", + "openShiftStoragePrefix" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "kubernetesStoragePrefix": { + "description": "kubernetesStoragePrefix is the path within etcd that the Kubernetes resources will be rooted under. This value, if changed, will mean existing objects in etcd will no longer be located. The default value is 'kubernetes.io'.", + "type": "string", + "default": "" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "kubernetesStorageVersion": { + "description": "kubernetesStorageVersion is the API version that Kube resources in etcd should be serialized to. This value should *not* be advanced until all clients in the cluster that read from etcd have code that allows them to read the new version.", + "type": "string", + "default": "" }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OAuthSpec" + "openShiftStoragePrefix": { + "description": "openShiftStoragePrefix is the path within etcd that the OpenShift resources will be rooted under. This value, if changed, will mean existing objects in etcd will no longer be located. The default value is 'openshift.io'.", + "type": "string", + "default": "" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OAuthStatus" + "openShiftStorageVersion": { + "description": "openShiftStorageVersion is the API version that OS resources in etcd should be serialized to. This value should *not* be advanced until all clients in the cluster that read from etcd have code that allows them to read the new version.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.OAuthList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.GitHubIdentityProvider": { + "description": "GitHubIdentityProvider provides identities for users authenticating using GitHub credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "metadata", - "items" + "clientID", + "clientSecret", + "organizations", + "teams", + "hostname", + "ca" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OAuth" - } + "ca": { + "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server. If empty, the default system roots are used. This can only be configured when hostname is set to a non-empty value.", + "type": "string", + "default": "" + }, + "clientID": { + "description": "clientID is the oauth client ID", + "type": "string", + "default": "" + }, + "clientSecret": { + "description": "clientSecret is the oauth client secret", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.StringSource" + }, + "hostname": { + "description": "hostname is the optional domain (e.g. \"mycompany.com\") for use with a hosted instance of GitHub Enterprise. It must match the GitHub Enterprise settings value that is configured at /setup/settings#hostname.", + "type": "string", + "default": "" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "organizations": { + "description": "organizations optionally restricts which organizations are allowed to log in", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "teams": { + "description": "teams optionally restricts which teams are allowed to log in. Format is /.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.config.v1.OAuthRemoteConnectionInfo": { - "description": "OAuthRemoteConnectionInfo holds information necessary for establishing a remote connection", + "com.github.openshift.api.legacyconfig.v1.GitLabIdentityProvider": { + "description": "GitLabIdentityProvider provides identities for users authenticating using GitLab credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "url" + "ca", + "url", + "clientID", + "clientSecret" ], "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, "ca": { - "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", + "type": "string", + "default": "" }, - "tlsClientCert": { - "description": "tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key \"tls.crt\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "clientID": { + "description": "clientID is the oauth client ID", + "type": "string", + "default": "" }, - "tlsClientKey": { - "description": "tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key \"tls.key\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "clientSecret": { + "description": "clientSecret is the oauth client secret", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.StringSource" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "legacy": { + "description": "legacy determines if OAuth2 or OIDC should be used If true, OAuth2 is used If false, OIDC is used If nil and the URL's host is gitlab.com, OIDC is used Otherwise, OAuth2 is used In a future release, nil will default to using OIDC Eventually this flag will be removed and only OIDC will be used", + "type": "boolean" }, "url": { - "description": "url is the remote URL to connect to", + "description": "url is the oauth server base URL", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.OAuthSpec": { - "description": "OAuthSpec contains desired cluster auth configuration", + "com.github.openshift.api.legacyconfig.v1.GoogleIdentityProvider": { + "description": "GoogleIdentityProvider provides identities for users authenticating using Google credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "tokenConfig" + "clientID", + "clientSecret", + "hostedDomain" ], "properties": { - "identityProviders": { - "description": "identityProviders is an ordered list of ways for a user to identify themselves. When this list is empty, no identities are provisioned for users.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.IdentityProvider" - }, - "x-kubernetes-list-type": "atomic" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "templates": { - "description": "templates allow you to customize pages like the login page.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OAuthTemplates" + "clientID": { + "description": "clientID is the oauth client ID", + "type": "string", + "default": "" }, - "tokenConfig": { - "description": "tokenConfig contains options for authorization and access tokens", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenConfig" - } - } - }, - "com.github.openshift.api.config.v1.OAuthStatus": { - "description": "OAuthStatus shows current known state of OAuth server in the cluster", - "type": "object" - }, - "com.github.openshift.api.config.v1.OAuthTemplates": { - "description": "OAuthTemplates allow for customization of pages like the login page", - "type": "object", - "properties": { - "error": { - "description": "error is the name of a secret that specifies a go template to use to render error pages during the authentication or grant flow. The key \"errors.html\" is used to locate the template data. If specified and the secret or expected key is not found, the default error page is used. If the specified template is not valid, the default error page is used. If unspecified, the default error page is used. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "clientSecret": { + "description": "clientSecret is the oauth client secret", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.StringSource" }, - "login": { - "description": "login is the name of a secret that specifies a go template to use to render the login page. The key \"login.html\" is used to locate the template data. If specified and the secret or expected key is not found, the default login page is used. If the specified template is not valid, the default login page is used. If unspecified, the default login page is used. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "hostedDomain": { + "description": "hostedDomain is the optional Google App domain (e.g. \"mycompany.com\") to restrict logins to", + "type": "string", + "default": "" }, - "providerSelection": { - "description": "providerSelection is the name of a secret that specifies a go template to use to render the provider selection page. The key \"providers.html\" is used to locate the template data. If specified and the secret or expected key is not found, the default provider selection page is used. If the specified template is not valid, the default provider selection page is used. If unspecified, the default provider selection page is used. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" } } }, - "com.github.openshift.api.config.v1.OIDCClientConfig": { - "description": "OIDCClientConfig configures how platform clients interact with identity providers as an authentication method.", + "com.github.openshift.api.legacyconfig.v1.GrantConfig": { + "description": "GrantConfig holds the necessary configuration options for grant handlers", "type": "object", "required": [ - "componentName", - "componentNamespace", - "clientID" + "method", + "serviceAccountMethod" ], "properties": { - "clientID": { - "description": "clientID is a required field that configures the client identifier, from the identity provider, that the platform component uses for authentication requests made to the identity provider. The identity provider must accept this identifier for platform components to be able to use the identity provider as an authentication mode.\n\nclientID must not be an empty string (\"\").", - "type": "string", - "default": "" - }, - "clientSecret": { - "description": "clientSecret is an optional field that configures the client secret used by the platform component when making authentication requests to the identity provider.\n\nWhen not specified, no client secret will be used when making authentication requests to the identity provider.\n\nWhen specified, clientSecret references a Secret in the 'openshift-config' namespace that contains the client secret in the 'clientSecret' key of the '.data' field.\n\nThe client secret will be used when making authentication requests to the identity provider.\n\nPublic clients do not require a client secret but private clients do require a client secret to work with the identity provider.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" - }, - "componentName": { - "description": "componentName is a required field that specifies the name of the platform component being configured to use the identity provider as an authentication mode.\n\nIt is used in combination with componentNamespace as a unique identifier.\n\ncomponentName must not be an empty string (\"\") and must not exceed 256 characters in length.", + "method": { + "description": "method determines the default strategy to use when an OAuth client requests a grant. This method will be used only if the specific OAuth client doesn't provide a strategy of their own. Valid grant handling methods are:\n - auto: always approves grant requests, useful for trusted clients\n - prompt: prompts the end user for approval of grant requests, useful for third-party clients\n - deny: always denies grant requests, useful for black-listed clients", "type": "string", "default": "" }, - "componentNamespace": { - "description": "componentNamespace is a required field that specifies the namespace in which the platform component being configured to use the identity provider as an authentication mode is running.\n\nIt is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", + "serviceAccountMethod": { + "description": "serviceAccountMethod is used for determining client authorization for service account oauth client. It must be either: deny, prompt", "type": "string", "default": "" - }, - "extraScopes": { - "description": "extraScopes is an optional field that configures the extra scopes that should be requested by the platform component when making authentication requests to the identity provider. This is useful if you have configured claim mappings that requires specific scopes to be requested beyond the standard OIDC scopes.\n\nWhen omitted, no additional scopes are requested.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" } } }, - "com.github.openshift.api.config.v1.OIDCClientReference": { - "description": "OIDCClientReference is a reference to a platform component client configuration.", + "com.github.openshift.api.legacyconfig.v1.GroupResource": { + "description": "GroupResource points to a resource by its name and API group.", "type": "object", "required": [ - "oidcProviderName", - "issuerURL", - "clientID" + "group", + "resource" ], "properties": { - "clientID": { - "description": "clientID is a required field that specifies the client identifier, from the identity provider, that the platform component is using for authentication requests made to the identity provider.\n\nclientID must not be empty.", + "group": { + "description": "group is the name of an API group", "type": "string", "default": "" }, - "issuerURL": { - "description": "issuerURL is a required field that specifies the URL of the identity provider that this client is configured to make requests against.\n\nissuerURL must use the 'https' scheme.", + "resource": { + "description": "resource is the name of a resource.", "type": "string", "default": "" + } + } + }, + "com.github.openshift.api.legacyconfig.v1.HTPasswdPasswordIdentityProvider": { + "description": "HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "required": [ + "file" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "oidcProviderName": { - "description": "oidcProviderName is a required reference to the 'name' of the identity provider configured in 'oidcProviders' that this client is associated with.\n\noidcProviderName must not be an empty string (\"\").", + "file": { + "description": "file is a reference to your htpasswd file", "type": "string", "default": "" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" } } }, - "com.github.openshift.api.config.v1.OIDCClientStatus": { - "description": "OIDCClientStatus represents the current state of platform components and how they interact with the configured identity providers.", + "com.github.openshift.api.legacyconfig.v1.HTTPServingInfo": { + "description": "HTTPServingInfo holds configuration for serving HTTP", "type": "object", "required": [ - "componentName", - "componentNamespace" + "bindAddress", + "bindNetwork", + "certFile", + "keyFile", + "clientCA", + "namedCertificates", + "maxRequestsInFlight", + "requestTimeoutSeconds" ], "properties": { - "componentName": { - "description": "componentName is a required field that specifies the name of the platform component using the identity provider as an authentication mode. It is used in combination with componentNamespace as a unique identifier.\n\ncomponentName must not be an empty string (\"\") and must not exceed 256 characters in length.", + "bindAddress": { + "description": "bindAddress is the ip:port to serve on", "type": "string", "default": "" }, - "componentNamespace": { - "description": "componentNamespace is a required field that specifies the namespace in which the platform component using the identity provider as an authentication mode is running.\n\nIt is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", + "bindNetwork": { + "description": "bindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", "type": "string", "default": "" }, - "conditions": { - "description": "conditions are used to communicate the state of the `oidcClients` entry.\n\nSupported conditions include Available, Degraded and Progressing.\n\nIf Available is true, the component is successfully using the configured client. If Degraded is true, that means something has gone wrong trying to handle the client configuration. If Progressing is true, that means the component is taking some action related to the `oidcClients` entry.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", + "type": "string", + "default": "" }, - "consumingUsers": { - "description": "consumingUsers is an optional list of ServiceAccounts requiring read permissions on the `clientSecret` secret.\n\nconsumingUsers must not exceed 5 entries.", + "cipherSuites": { + "description": "cipherSuites contains an overridden list of ciphers for the server to support. Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "set" + } }, - "currentOIDCClients": { - "description": "currentOIDCClients is an optional list of clients that the component is currently using.\n\nEntries must have unique issuerURL/clientID pairs.", + "clientCA": { + "description": "clientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates", + "type": "string", + "default": "" + }, + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" + }, + "maxRequestsInFlight": { + "description": "maxRequestsInFlight is the number of concurrent requests allowed to the server. If zero, no limit.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "minTLSVersion": { + "description": "minTLSVersion is the minimum TLS version supported. Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants", + "type": "string" + }, + "namedCertificates": { + "description": "namedCertificates is a list of certificates to use to secure requests to specific hostnames", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OIDCClientReference" - }, - "x-kubernetes-list-map-keys": [ - "issuerURL", - "clientID" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.NamedCertificate" + } + }, + "requestTimeoutSeconds": { + "description": "requestTimeoutSeconds is the number of seconds before requests are timed out. The default is 60 minutes, if -1 there is no limit on requests.", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "com.github.openshift.api.config.v1.OIDCProvider": { + "com.github.openshift.api.legacyconfig.v1.IdentityProvider": { + "description": "IdentityProvider provides identities for users authenticating using credentials", "type": "object", "required": [ "name", - "issuer", - "claimMappings" + "challenge", + "login", + "mappingMethod", + "provider" ], "properties": { - "claimMappings": { - "description": "claimMappings is a required field that configures the rules to be used by the Kubernetes API server for translating claims in a JWT token, issued by the identity provider, to a cluster identity.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenClaimMappings" + "challenge": { + "description": "UseAsChallenger indicates whether to issue WWW-Authenticate challenges for this provider", + "type": "boolean", + "default": false }, - "claimValidationRules": { - "description": "claimValidationRules is an optional field that configures the rules to be used by the Kubernetes API server for validating the claims in a JWT token issued by the identity provider.\n\nValidation rules are joined via an AND operation.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenClaimValidationRule" - }, - "x-kubernetes-list-type": "atomic" + "login": { + "description": "UseAsLogin indicates whether to use this identity provider for unauthenticated browsers to login against", + "type": "boolean", + "default": false }, - "issuer": { - "description": "issuer is a required field that configures how the platform interacts with the identity provider and how tokens issued from the identity provider are evaluated by the Kubernetes API server.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenIssuer" + "mappingMethod": { + "description": "mappingMethod determines how identities from this provider are mapped to users", + "type": "string", + "default": "" }, "name": { - "description": "name is a required field that configures the unique human-readable identifier associated with the identity provider. It is used to distinguish between multiple identity providers and has no impact on token validation or authentication mechanics.\n\nname must not be an empty string (\"\").", + "description": "name is used to qualify the identities returned by this provider", "type": "string", "default": "" }, - "oidcClients": { - "description": "oidcClients is an optional field that configures how on-cluster, platform clients should request tokens from the identity provider. oidcClients must not exceed 20 entries and entries must have unique namespace/name pairs.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OIDCClientConfig" - }, - "x-kubernetes-list-map-keys": [ - "componentNamespace", - "componentName" - ], - "x-kubernetes-list-type": "map" - }, - "userValidationRules": { - "description": "userValidationRules is an optional field that configures the set of rules used to validate the cluster user identity that was constructed via mapping token claims to user identity attributes. Rules are CEL expressions that must evaluate to 'true' for authentication to succeed. If any rule in the chain of rules evaluates to 'false', authentication will fail. When specified, at least one rule must be specified and no more than 64 rules may be specified.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenUserValidationRule" - }, - "x-kubernetes-list-map-keys": [ - "expression" - ], - "x-kubernetes-list-type": "map" + "provider": { + "description": "provider contains the information about how to set up a specific identity provider", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } } }, - "com.github.openshift.api.config.v1.ObjectReference": { - "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "com.github.openshift.api.legacyconfig.v1.ImageConfig": { + "description": "ImageConfig holds the necessary configuration options for building image names for system components", "type": "object", "required": [ - "group", - "resource", - "name" + "format", + "latest" ], "properties": { - "group": { - "description": "group of the referent.", + "format": { + "description": "format is the format of the name to be built for the system component", "type": "string", "default": "" }, - "name": { - "description": "name of the referent.", - "type": "string", - "default": "" + "latest": { + "description": "latest determines if the latest tag will be pulled from the registry", + "type": "boolean", + "default": false + } + } + }, + "com.github.openshift.api.legacyconfig.v1.ImagePolicyConfig": { + "description": "ImagePolicyConfig holds the necessary configuration options for limits and behavior for importing images", + "type": "object", + "required": [ + "maxImagesBulkImportedPerRepository", + "disableScheduledImport", + "scheduledImageImportMinimumIntervalSeconds", + "maxScheduledImageImportsPerMinute" + ], + "properties": { + "additionalTrustedCA": { + "description": "additionalTrustedCA is a path to a pem bundle file containing additional CAs that should be trusted during imagestream import.", + "type": "string" }, - "namespace": { - "description": "namespace of the referent.", + "allowedRegistriesForImport": { + "description": "allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.RegistryLocation" + } + }, + "disableScheduledImport": { + "description": "disableScheduledImport allows scheduled background import of images to be disabled.", + "type": "boolean", + "default": false + }, + "externalRegistryHostname": { + "description": "externalRegistryHostname sets the hostname for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", "type": "string" }, - "resource": { - "description": "resource of the referent.", - "type": "string", - "default": "" + "internalRegistryHostname": { + "description": "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format.", + "type": "string" + }, + "maxImagesBulkImportedPerRepository": { + "description": "maxImagesBulkImportedPerRepository controls the number of images that are imported when a user does a bulk import of a container repository. This number defaults to 50 to prevent users from importing large numbers of images accidentally. Set -1 for no limit.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "maxScheduledImageImportsPerMinute": { + "description": "maxScheduledImageImportsPerMinute is the maximum number of scheduled image streams that will be imported in the background per minute. The default value is 60. Set to -1 for unlimited.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "scheduledImageImportMinimumIntervalSeconds": { + "description": "scheduledImageImportMinimumIntervalSeconds is the minimum number of seconds that can elapse between when image streams scheduled for background import are checked against the upstream repository. The default value is 15 minutes.", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "com.github.openshift.api.config.v1.OldTLSProfile": { - "description": "OldTLSProfile is a TLS security profile based on the \"old\" configuration of the Mozilla Server Side TLS configuration guidelines.", - "type": "object" - }, - "com.github.openshift.api.config.v1.OpenIDClaims": { - "description": "OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider", + "com.github.openshift.api.legacyconfig.v1.JenkinsPipelineConfig": { + "description": "JenkinsPipelineConfig holds configuration for the Jenkins pipeline strategy", "type": "object", + "required": [ + "autoProvisionEnabled", + "templateNamespace", + "templateName", + "serviceName", + "parameters" + ], "properties": { - "email": { - "description": "email is the list of claims whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "autoProvisionEnabled": { + "description": "autoProvisionEnabled determines whether a Jenkins server will be spawned from the provided template when the first build config in the project with type JenkinsPipeline is created. When not specified this option defaults to true.", + "type": "boolean" }, - "groups": { - "description": "groups is the list of claims value of which should be used to synchronize groups from the OIDC provider to OpenShift for the user. If multiple claims are specified, the first one with a non-empty value is used.", - "type": "array", - "items": { + "parameters": { + "description": "parameters specifies a set of optional parameters to the Jenkins template.", + "type": "object", + "additionalProperties": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } }, - "name": { - "description": "name is the list of claims whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "serviceName": { + "description": "serviceName is the name of the Jenkins service OpenShift uses to detect whether a Jenkins pipeline handler has already been installed in a project. This value *must* match a service name in the provided template.", + "type": "string", + "default": "" }, - "preferredUsername": { - "description": "preferredUsername is the list of claims whose values should be used as the preferred username. If unspecified, the preferred username is determined from the value of the sub claim", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "templateName": { + "description": "templateName is the name of the default Jenkins template", + "type": "string", + "default": "" + }, + "templateNamespace": { + "description": "templateNamespace contains the namespace name where the Jenkins template is stored", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.OpenIDIdentityProvider": { - "description": "OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials", + "com.github.openshift.api.legacyconfig.v1.KeystonePasswordIdentityProvider": { + "description": "KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "clientID", - "clientSecret", - "issuer", - "claims" + "url", + "ca", + "certFile", + "keyFile", + "domainName", + "useKeystoneIdentity" ], "properties": { - "ca": { - "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "claims": { - "description": "claims mappings", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OpenIDClaims" + "ca": { + "description": "ca is the CA for verifying TLS connections", + "type": "string", + "default": "" }, - "clientID": { - "description": "clientID is the oauth client ID", + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", "type": "string", "default": "" }, - "clientSecret": { - "description": "clientSecret is a required reference to the secret by name containing the oauth client secret. The key \"clientSecret\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "domainName": { + "description": "Domain Name is required for keystone v3", + "type": "string", + "default": "" }, - "extraAuthorizeParameters": { - "description": "extraAuthorizeParameters are any custom parameters to add to the authorize request.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" }, - "extraScopes": { - "description": "extraScopes are any scopes to request in addition to the standard \"openid\" scope.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "issuer": { - "description": "issuer is the URL that the OpenID Provider asserts as its Issuer Identifier. It must use the https scheme with no query or fragment component.", + "url": { + "description": "url is the remote URL to connect to", "type": "string", "default": "" + }, + "useKeystoneIdentity": { + "description": "useKeystoneIdentity flag indicates that user should be authenticated by keystone ID, not by username", + "type": "boolean", + "default": false } } }, - "com.github.openshift.api.config.v1.OpenStackPlatformLoadBalancer": { - "description": "OpenStackPlatformLoadBalancer defines the load balancer used by the cluster on OpenStack platform.", + "com.github.openshift.api.legacyconfig.v1.KubeletConnectionInfo": { + "description": "KubeletConnectionInfo holds information necessary for connecting to a kubelet", "type": "object", + "required": [ + "port", + "ca", + "certFile", + "keyFile" + ], "properties": { - "type": { - "description": "type defines the type of load balancer used by the cluster on OpenStack platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", + "ca": { + "description": "ca is the CA for verifying TLS connections to kubelets", "type": "string", - "default": "OpenShiftManagedDefault" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": {} + "default": "" + }, + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", + "type": "string", + "default": "" + }, + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" + }, + "port": { + "description": "port is the port to connect to kubelets on", + "type": "integer", + "format": "int32", + "default": 0 } - ] + } }, - "com.github.openshift.api.config.v1.OpenStackPlatformSpec": { - "description": "OpenStackPlatformSpec holds the desired state of the OpenStack infrastructure provider. This only includes fields that can be modified in the cluster.", + "com.github.openshift.api.legacyconfig.v1.KubernetesMasterConfig": { + "description": "KubernetesMasterConfig holds the necessary configuration options for the Kubernetes master", "type": "object", + "required": [ + "apiLevels", + "disabledAPIGroupVersions", + "masterIP", + "masterEndpointReconcileTTL", + "servicesSubnet", + "servicesNodePortRange", + "schedulerConfigFile", + "podEvictionTimeout", + "proxyClientInfo", + "apiServerArguments", + "controllerArguments", + "schedulerArguments" + ], "properties": { - "apiServerInternalIPs": { - "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", + "apiLevels": { + "description": "apiLevels is a list of API levels that should be enabled on startup: v1 as examples", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } }, - "ingressIPs": { - "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "apiServerArguments": { + "description": "apiServerArguments are key value pairs that will be passed directly to the Kube apiserver that match the apiservers's command line arguments. These are not migrated, but if you reference a value that does not exist the server will not start. These values may override other settings in KubernetesMasterConfig which may cause invalid configurations.", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string", + "default": "" + } + } }, - "machineNetworks": { - "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example \"10.0.0.0/8\" or \"fd00::/8\".", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "controllerArguments": { + "description": "controllerArguments are key value pairs that will be passed directly to the Kube controller manager that match the controller manager's command line arguments. These are not migrated, but if you reference a value that does not exist the server will not start. These values may override other settings in KubernetesMasterConfig which may cause invalid configurations.", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string", + "default": "" + } + } + }, + "disabledAPIGroupVersions": { + "description": "disabledAPIGroupVersions is a map of groups to the versions (or *) that should be disabled.", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string", + "default": "" + } + } + }, + "masterEndpointReconcileTTL": { + "description": "masterEndpointReconcileTTL sets the time to live in seconds of an endpoint record recorded by each master. The endpoints are checked at an interval that is 2/3 of this value and this value defaults to 15s if unset. In very large clusters, this value may be increased to reduce the possibility that the master endpoint record expires (due to other load on the etcd server) and causes masters to drop in and out of the kubernetes service record. It is not recommended to set this value below 15s.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "masterIP": { + "description": "masterIP is the public IP address of kubernetes stuff. If empty, the first result from net.InterfaceAddrs will be used.", + "type": "string", + "default": "" + }, + "podEvictionTimeout": { + "description": "podEvictionTimeout controls grace period for deleting pods on failed nodes. It takes valid time duration string. If empty, you get the default pod eviction timeout.", + "type": "string", + "default": "" + }, + "proxyClientInfo": { + "description": "proxyClientInfo specifies the client cert/key to use when proxying to pods", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.CertInfo" + }, + "schedulerArguments": { + "description": "schedulerArguments are key value pairs that will be passed directly to the Kube scheduler that match the scheduler's command line arguments. These are not migrated, but if you reference a value that does not exist the server will not start. These values may override other settings in KubernetesMasterConfig which may cause invalid configurations.", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string", + "default": "" + } + } + }, + "schedulerConfigFile": { + "description": "schedulerConfigFile points to a file that describes how to set up the scheduler. If empty, you get the default scheduling rules.", + "type": "string", + "default": "" + }, + "servicesNodePortRange": { + "description": "servicesNodePortRange is the range to use for assigning service public ports on a host.", + "type": "string", + "default": "" + }, + "servicesSubnet": { + "description": "servicesSubnet is the subnet to use for assigning service IPs", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.OpenStackPlatformStatus": { - "description": "OpenStackPlatformStatus holds the current status of the OpenStack infrastructure provider.", + "com.github.openshift.api.legacyconfig.v1.LDAPAttributeMapping": { + "description": "LDAPAttributeMapping maps LDAP attributes to OpenShift identity fields", "type": "object", "required": [ - "apiServerInternalIPs", - "ingressIPs" + "id", + "preferredUsername", + "name", + "email" ], "properties": { - "apiServerInternalIP": { - "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", - "type": "string" - }, - "apiServerInternalIPs": { - "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", + "email": { + "description": "email is the list of attributes whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "cloudName": { - "description": "cloudName is the name of the desired OpenStack cloud in the client configuration file (`clouds.yaml`).", - "type": "string" - }, - "dnsRecordsType": { - "description": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.\n\nPossible enum values:\n - `\"External\"`\n - `\"Internal\"`", - "type": "string", - "enum": [ - "External", - "Internal" - ] - }, - "ingressIP": { - "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", - "type": "string" + } }, - "ingressIPs": { - "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", + "id": { + "description": "id is the list of attributes whose values should be used as the user ID. Required. LDAP standard identity attribute is \"dn\"", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "loadBalancer": { - "description": "loadBalancer defines how the load balancer used by the cluster is configured.", - "default": { - "type": "OpenShiftManagedDefault" - }, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OpenStackPlatformLoadBalancer" + } }, - "machineNetworks": { - "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", + "name": { + "description": "name is the list of attributes whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity LDAP standard display name attribute is \"cn\"", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } }, - "nodeDNSIP": { - "description": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", - "type": "string" + "preferredUsername": { + "description": "preferredUsername is the list of attributes whose values should be used as the preferred username. LDAP standard login attribute is \"uid\"", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.config.v1.OperandVersion": { + "com.github.openshift.api.legacyconfig.v1.LDAPPasswordIdentityProvider": { + "description": "LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "name", - "version" + "url", + "bindDN", + "bindPassword", + "insecure", + "ca", + "attributes" ], "properties": { - "name": { - "description": "name is the name of the particular operand this version is for. It usually matches container images, not operators.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "attributes": { + "description": "attributes maps LDAP attributes to identities", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LDAPAttributeMapping" + }, + "bindDN": { + "description": "bindDN is an optional DN to bind with during the search phase.", "type": "string", "default": "" }, - "version": { - "description": "version indicates which version of a particular operand is currently being managed. It must always match the Available operand. If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout 1.1.0", + "bindPassword": { + "description": "bindPassword is an optional password to bind with during the search phase.", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.StringSource" + }, + "ca": { + "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.config.v1.OperatorHub": { - "description": "OperatorHub is the Schema for the operatorhubs API. It can be used to change the state of the default hub sources for OperatorHub on the cluster from enabled to disabled and vice versa.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "metadata", - "spec", - "status" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + }, + "insecure": { + "description": "Insecure, if true, indicates the connection should not use TLS. Cannot be set to true with a URL scheme of \"ldaps://\" If false, \"ldaps://\" URLs connect using TLS, and \"ldap://\" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830", + "type": "boolean", + "default": false }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OperatorHubSpec" - }, - "status": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OperatorHubStatus" + "url": { + "description": "url is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is\n ldap://host:port/basedn?attribute?scope?filter", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.OperatorHubList": { - "description": "OperatorHubList contains a list of OperatorHub\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.LDAPQuery": { + "description": "LDAPQuery holds the options necessary to build an LDAP query", "type": "object", "required": [ - "metadata", - "items" + "baseDN", + "scope", + "derefAliases", + "timeout", + "filter", + "pageSize" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "baseDN": { + "description": "The DN of the branch of the directory where all searches should start from", + "type": "string", + "default": "" }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OperatorHub" - } + "derefAliases": { + "description": "The (optional) behavior of the search with regards to alisases. Can be: never: never dereference aliases, search: only dereference in searching, base: only dereference in finding the base object, always: always dereference Defaults to always dereferencing if not set", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "filter": { + "description": "filter is a valid LDAP search filter that retrieves all relevant entries from the LDAP server with the base DN", + "type": "string", + "default": "" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.config.v1.OperatorHubSpec": { - "description": "OperatorHubSpec defines the desired state of OperatorHub", - "type": "object", - "properties": { - "disableAllDefaultSources": { - "description": "disableAllDefaultSources allows you to disable all the default hub sources. If this is true, a specific entry in sources can be used to enable a default source. If this is false, a specific entry in sources can be used to disable or enable a default source.", - "type": "boolean" + "pageSize": { + "description": "pageSize is the maximum preferred page size, measured in LDAP entries. A page size of 0 means no paging will be done.", + "type": "integer", + "format": "int32", + "default": 0 }, - "sources": { - "description": "sources is the list of default hub sources and their configuration. If the list is empty, it implies that the default hub sources are enabled on the cluster unless disableAllDefaultSources is true. If disableAllDefaultSources is true and sources is not empty, the configuration present in sources will take precedence. The list of default hub sources and their current state will always be reflected in the status block.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.HubSource" - } - } - } - }, - "com.github.openshift.api.config.v1.OperatorHubStatus": { - "description": "OperatorHubStatus defines the observed state of OperatorHub. The current state of the default hub sources will always be reflected here.", - "type": "object", - "properties": { - "sources": { - "description": "sources encapsulates the result of applying the configuration for each hub source", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.HubSourceStatus" - } - } - } - }, - "com.github.openshift.api.config.v1.OvirtPlatformLoadBalancer": { - "description": "OvirtPlatformLoadBalancer defines the load balancer used by the cluster on Ovirt platform.", - "type": "object", - "properties": { - "type": { - "description": "type defines the type of load balancer used by the cluster on Ovirt platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", + "scope": { + "description": "The (optional) scope of the search. Can be: base: only the base object, one: all object on the base level, sub: the entire subtree Defaults to the entire subtree if not set", "type": "string", - "default": "OpenShiftManagedDefault" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": {} + "default": "" + }, + "timeout": { + "description": "TimeLimit holds the limit of time in seconds that any request to the server can remain outstanding before the wait for a response is given up. If this is 0, no client-side limit is imposed", + "type": "integer", + "format": "int32", + "default": 0 } - ] - }, - "com.github.openshift.api.config.v1.OvirtPlatformSpec": { - "description": "OvirtPlatformSpec holds the desired state of the oVirt infrastructure provider. This only includes fields that can be modified in the cluster.", - "type": "object" + } }, - "com.github.openshift.api.config.v1.OvirtPlatformStatus": { - "description": "OvirtPlatformStatus holds the current status of the oVirt infrastructure provider.", + "com.github.openshift.api.legacyconfig.v1.LDAPSyncConfig": { + "description": "LDAPSyncConfig holds the necessary configuration options to define an LDAP group sync\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "apiServerInternalIPs", - "ingressIPs" + "url", + "bindDN", + "bindPassword", + "insecure", + "ca", + "groupUIDNameMapping" ], "properties": { - "apiServerInternalIP": { - "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", + "activeDirectory": { + "description": "ActiveDirectoryConfig holds the configuration for extracting data from an LDAP server set up in a fashion similar to that used in Active Directory: first-class user entries, with group membership determined by a multi-valued attribute on members listing groups they are a member of", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ActiveDirectoryConfig" + }, + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "apiServerInternalIPs": { - "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" + "augmentedActiveDirectory": { + "description": "AugmentedActiveDirectoryConfig holds the configuration for extracting data from an LDAP server set up in a fashion similar to that used in Active Directory as described above, with one addition: first-class group entries exist and are used to hold metadata but not group membership", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.AugmentedActiveDirectoryConfig" }, - "dnsRecordsType": { - "description": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.\n\nPossible enum values:\n - `\"External\"`\n - `\"Internal\"`", + "bindDN": { + "description": "bindDN is an optional DN to bind to the LDAP server with", "type": "string", - "enum": [ - "External", - "Internal" - ] + "default": "" }, - "ingressIP": { - "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", - "type": "string" + "bindPassword": { + "description": "bindPassword is an optional password to bind with during the search phase.", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.StringSource" }, - "ingressIPs": { - "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", - "type": "array", - "items": { + "ca": { + "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", + "type": "string", + "default": "" + }, + "groupUIDNameMapping": { + "description": "LDAPGroupUIDToOpenShiftGroupNameMapping is an optional direct mapping of LDAP group UIDs to OpenShift Group names", + "type": "object", + "additionalProperties": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "set" + } }, - "loadBalancer": { - "description": "loadBalancer defines how the load balancer used by the cluster is configured.", - "default": { - "type": "OpenShiftManagedDefault" - }, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OvirtPlatformLoadBalancer" + "insecure": { + "description": "Insecure, if true, indicates the connection should not use TLS. Cannot be set to true with a URL scheme of \"ldaps://\" If false, \"ldaps://\" URLs connect using TLS, and \"ldap://\" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830", + "type": "boolean", + "default": false }, - "nodeDNSIP": { - "description": "deprecated: as of 4.6, this field is no longer set or honored. It will be removed in a future release.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "rfc2307": { + "description": "RFC2307Config holds the configuration for extracting data from an LDAP server set up in a fashion similar to RFC2307: first-class group and user entries, with group membership determined by a multi-valued attribute on the group entry listing its members", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.RFC2307Config" + }, + "url": { + "description": "Host is the scheme, host and port of the LDAP server to connect to: scheme://host:port", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.PKICertificateSubject": { - "description": "PKICertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", + "com.github.openshift.api.legacyconfig.v1.LocalQuota": { + "description": "LocalQuota contains options for controlling local volume quota on the node.", "type": "object", + "required": [ + "perFSGroup" + ], "properties": { - "email": { - "description": "email specifies the expected email address imposed on the subject to which the certificate was issued, and must match the email address listed in the Subject Alternative Name (SAN) field of the certificate. The email must be a valid email address and at most 320 characters in length.", - "type": "string" - }, - "hostname": { - "description": "hostname specifies the expected hostname imposed on the subject to which the certificate was issued, and it must match the hostname listed in the Subject Alternative Name (SAN) DNS field of the certificate. The hostname must be a valid dns 1123 subdomain name, optionally prefixed by '*.', and at most 253 characters in length. It must consist only of lowercase alphanumeric characters, hyphens, periods and the optional preceding asterisk.", - "type": "string" + "perFSGroup": { + "description": "FSGroup can be specified to enable a quota on local storage use per unique FSGroup ID. At present this is only implemented for emptyDir volumes, and if the underlying volumeDirectory is on an XFS filesystem.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" } } }, - "com.github.openshift.api.config.v1.PersistentVolumeClaimReference": { - "description": "PersistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", + "com.github.openshift.api.legacyconfig.v1.MasterAuthConfig": { + "description": "MasterAuthConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", "type": "object", "required": [ - "name" + "requestHeader", + "webhookTokenAuthenticators", + "oauthMetadataFile" ], "properties": { - "name": { - "description": "name is the name of the PersistentVolumeClaim that will be used to store the Insights data archive. It is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", - "type": "string" + "oauthMetadataFile": { + "description": "oauthMetadataFile is a path to a file containing the discovery endpoint for OAuth 2.0 Authorization Server Metadata for an external OAuth server. See IETF Draft: // https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This option is mutually exclusive with OAuthConfig", + "type": "string", + "default": "" + }, + "requestHeader": { + "description": "requestHeader holds options for setting up a front proxy against the API. It is optional.", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.RequestHeaderAuthenticationOptions" + }, + "webhookTokenAuthenticators": { + "description": "WebhookTokenAuthnConfig, if present configures remote token reviewers", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.WebhookTokenAuthenticator" + } } } }, - "com.github.openshift.api.config.v1.PersistentVolumeConfig": { - "description": "PersistentVolumeConfig provides configuration options for PersistentVolume storage.", + "com.github.openshift.api.legacyconfig.v1.MasterClients": { + "description": "MasterClients holds references to `.kubeconfig` files that qualify master clients for OpenShift and Kubernetes", "type": "object", "required": [ - "claim" + "openshiftLoopbackKubeConfig", + "openshiftLoopbackClientConnectionOverrides" ], "properties": { - "claim": { - "description": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.PersistentVolumeClaimReference" + "openshiftLoopbackClientConnectionOverrides": { + "description": "openshiftLoopbackClientConnectionOverrides specifies client overrides for system components to loop back to this master.", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ClientConnectionOverrides" }, - "mountPath": { - "description": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", - "type": "string" + "openshiftLoopbackKubeConfig": { + "description": "openshiftLoopbackKubeConfig is a .kubeconfig filename for system components to loopback to this master", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.PlatformSpec": { - "description": "PlatformSpec holds the desired state specific to the underlying infrastructure provider of the current cluster. Since these are used at spec-level for the underlying cluster, it is supposed that only one of the spec structs is set.", + "com.github.openshift.api.legacyconfig.v1.MasterConfig": { + "description": "MasterConfig holds the necessary configuration options for the OpenShift master\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "type" + "servingInfo", + "authConfig", + "aggregatorConfig", + "corsAllowedOrigins", + "apiLevels", + "masterPublicURL", + "controllers", + "admissionConfig", + "controllerConfig", + "etcdStorageConfig", + "etcdClientInfo", + "kubeletClientInfo", + "kubernetesMasterConfig", + "etcdConfig", + "oauthConfig", + "dnsConfig", + "serviceAccountConfig", + "masterClients", + "imageConfig", + "imagePolicyConfig", + "policyConfig", + "projectConfig", + "routingConfig", + "networkConfig", + "volumeConfig", + "jenkinsPipelineConfig", + "auditConfig" ], "properties": { - "alibabaCloud": { - "description": "alibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.AlibabaCloudPlatformSpec" + "admissionConfig": { + "description": "admissionConfig contains admission control plugin configuration.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.AdmissionConfig" }, - "aws": { - "description": "aws contains settings specific to the Amazon Web Services infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSPlatformSpec" + "aggregatorConfig": { + "description": "aggregatorConfig has options for configuring the aggregator component of the API server.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.AggregatorConfig" }, - "azure": { - "description": "azure contains settings specific to the Azure infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.AzurePlatformSpec" + "apiLevels": { + "description": "apiLevels is a list of API levels that should be enabled on startup: v1 as examples", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "baremetal": { - "description": "baremetal contains settings specific to the BareMetal platform.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.BareMetalPlatformSpec" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "equinixMetal": { - "description": "equinixMetal contains settings specific to the Equinix Metal infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.EquinixMetalPlatformSpec" + "auditConfig": { + "description": "auditConfig holds information related to auditing capabilities.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.AuditConfig" }, - "external": { - "description": "ExternalPlatformType represents generic infrastructure provider. Platform-specific components should be supplemented separately.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.ExternalPlatformSpec" + "authConfig": { + "description": "authConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.MasterAuthConfig" }, - "gcp": { - "description": "gcp contains settings specific to the Google Cloud Platform infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.GCPPlatformSpec" + "controllerConfig": { + "description": "controllerConfig holds configuration values for controllers", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ControllerConfig" }, - "ibmcloud": { - "description": "ibmcloud contains settings specific to the IBMCloud infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.IBMCloudPlatformSpec" + "controllers": { + "description": "controllers is a list of the controllers that should be started. If set to \"none\", no controllers will start automatically. The default value is \"*\" which will start all controllers. When using \"*\", you may exclude controllers by prepending a \"-\" in front of their name. No other values are recognized at this time.", + "type": "string", + "default": "" }, - "kubevirt": { - "description": "kubevirt contains settings specific to the kubevirt infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.KubevirtPlatformSpec" + "corsAllowedOrigins": { + "description": "CORSAllowedOrigins", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "nutanix": { - "description": "nutanix contains settings specific to the Nutanix infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixPlatformSpec" + "dnsConfig": { + "description": "DNSConfig, if present start the DNS server in this process", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.DNSConfig" }, - "openstack": { - "description": "openstack contains settings specific to the OpenStack infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.OpenStackPlatformSpec" + "etcdClientInfo": { + "description": "etcdClientInfo contains information about how to connect to etcd", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.EtcdConnectionInfo" }, - "ovirt": { - "description": "ovirt contains settings specific to the oVirt infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.OvirtPlatformSpec" + "etcdConfig": { + "description": "EtcdConfig, if present start etcd in this process", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.EtcdConfig" }, - "powervs": { - "description": "powervs contains settings specific to the IBM Power Systems Virtual Servers infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.PowerVSPlatformSpec" + "etcdStorageConfig": { + "description": "etcdStorageConfig contains information about how API resources are stored in Etcd. These values are only relevant when etcd is the backing store for the cluster.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.EtcdStorageConfig" }, - "type": { - "description": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"IBMCloud\", \"KubeVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\", \"External\", and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", - "type": "string", - "default": "" + "imageConfig": { + "description": "imageConfig holds options that describe how to build image names for system components", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ImageConfig" }, - "vsphere": { - "description": "vsphere contains settings specific to the VSphere infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformSpec" - } - } - }, - "com.github.openshift.api.config.v1.PlatformStatus": { - "description": "PlatformStatus holds the current status specific to the underlying infrastructure provider of the current cluster. Since these are used at status-level for the underlying cluster, it is supposed that only one of the status structs is set.", - "type": "object", - "required": [ - "type" - ], - "properties": { - "alibabaCloud": { - "description": "alibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.AlibabaCloudPlatformStatus" + "imagePolicyConfig": { + "description": "imagePolicyConfig controls limits and behavior for importing images", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ImagePolicyConfig" }, - "aws": { - "description": "aws contains settings specific to the Amazon Web Services infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSPlatformStatus" + "jenkinsPipelineConfig": { + "description": "jenkinsPipelineConfig holds information about the default Jenkins template used for JenkinsPipeline build strategy.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.JenkinsPipelineConfig" }, - "azure": { - "description": "azure contains settings specific to the Azure infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.AzurePlatformStatus" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "baremetal": { - "description": "baremetal contains settings specific to the BareMetal platform.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.BareMetalPlatformStatus" + "kubeletClientInfo": { + "description": "kubeletClientInfo contains information about how to connect to kubelets", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.KubeletConnectionInfo" }, - "equinixMetal": { - "description": "equinixMetal contains settings specific to the Equinix Metal infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.EquinixMetalPlatformStatus" + "kubernetesMasterConfig": { + "description": "KubernetesMasterConfig, if present start the kubernetes master in this process", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.KubernetesMasterConfig" }, - "external": { - "description": "external contains settings specific to the generic External infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.ExternalPlatformStatus" + "masterClients": { + "description": "masterClients holds all the client connection information for controllers and other system components", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.MasterClients" }, - "gcp": { - "description": "gcp contains settings specific to the Google Cloud Platform infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.GCPPlatformStatus" + "masterPublicURL": { + "description": "masterPublicURL is how clients can access the OpenShift API server", + "type": "string", + "default": "" }, - "ibmcloud": { - "description": "ibmcloud contains settings specific to the IBMCloud infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.IBMCloudPlatformStatus" + "networkConfig": { + "description": "networkConfig to be passed to the compiled in network plugin", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.MasterNetworkConfig" }, - "kubevirt": { - "description": "kubevirt contains settings specific to the kubevirt infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.KubevirtPlatformStatus" + "oauthConfig": { + "description": "OAuthConfig, if present start the /oauth endpoint in this process", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.OAuthConfig" }, - "nutanix": { - "description": "nutanix contains settings specific to the Nutanix infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixPlatformStatus" + "policyConfig": { + "description": "policyConfig holds information about where to locate critical pieces of bootstrapping policy", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.PolicyConfig" }, - "openstack": { - "description": "openstack contains settings specific to the OpenStack infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.OpenStackPlatformStatus" + "projectConfig": { + "description": "projectConfig holds information about project creation and defaults", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ProjectConfig" }, - "ovirt": { - "description": "ovirt contains settings specific to the oVirt infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.OvirtPlatformStatus" + "routingConfig": { + "description": "routingConfig holds information about routing and route generation", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.RoutingConfig" }, - "powervs": { - "description": "powervs contains settings specific to the Power Systems Virtual Servers infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.PowerVSPlatformStatus" + "serviceAccountConfig": { + "description": "serviceAccountConfig holds options related to service accounts", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ServiceAccountConfig" }, - "type": { - "description": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.\n\nThis value will be synced with to the `status.platform` and `status.platformStatus.type`. Currently this value cannot be changed once set.", - "type": "string", - "default": "" + "servingInfo": { + "description": "servingInfo describes how to start serving", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.HTTPServingInfo" }, - "vsphere": { - "description": "vsphere contains settings specific to the VSphere infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformStatus" + "volumeConfig": { + "description": "MasterVolumeConfig contains options for configuring volume plugins in the master node.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.MasterVolumeConfig" } } }, - "com.github.openshift.api.config.v1.PolicyFulcioSubject": { - "description": "PolicyFulcioSubject defines the OIDC issuer and the email of the Fulcio authentication configuration.", + "com.github.openshift.api.legacyconfig.v1.MasterNetworkConfig": { + "description": "MasterNetworkConfig to be passed to the compiled in network plugin", "type": "object", "required": [ - "oidcIssuer", - "signedEmail" + "networkPluginName", + "clusterNetworks", + "serviceNetworkCIDR", + "externalIPNetworkCIDRs", + "ingressIPNetworkCIDR" ], "properties": { - "oidcIssuer": { - "description": "oidcIssuer is a required filed contains the expected OIDC issuer. The oidcIssuer must be a valid URL and at most 2048 characters in length. It will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL. When Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token. Example: \"https://expected.OIDC.issuer/\"", - "type": "string", - "default": "" + "clusterNetworkCIDR": { + "description": "clusterNetworkCIDR is the CIDR string to specify the global overlay network's L3 space. Deprecated, but maintained for backwards compatibility, use ClusterNetworks instead.", + "type": "string" }, - "signedEmail": { - "description": "signedEmail is a required field holds the email address that the Fulcio certificate is issued for. The signedEmail must be a valid email address and at most 320 characters in length. Example: \"expected-signing-user@example.com\"", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.config.v1.PolicyIdentity": { - "description": "PolicyIdentity defines image identity the signature claims about the image. When omitted, the default matchPolicy is \"MatchRepoDigestOrExact\".", - "type": "object", - "required": [ - "matchPolicy" - ], - "properties": { - "exactRepository": { - "description": "exactRepository specifies the repository that must be exactly matched by the identity in the signature. exactRepository is required if matchPolicy is set to \"ExactRepository\". It is used to verify that the signature claims an identity matching this exact repository, rather than the original image identity.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyMatchExactRepository" + "clusterNetworks": { + "description": "clusterNetworks is a list of ClusterNetwork objects that defines the global overlay network's L3 space by specifying a set of CIDR and netmasks that the SDN can allocate addressed from. If this is specified, then ClusterNetworkCIDR and HostSubnetLength may not be set.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ClusterNetworkEntry" + } }, - "matchPolicy": { - "description": "matchPolicy is a required filed specifies matching strategy to verify the image identity in the signature against the image scope. Allowed values are \"MatchRepoDigestOrExact\", \"MatchRepository\", \"ExactRepository\", \"RemapIdentity\". When omitted, the default value is \"MatchRepoDigestOrExact\". When set to \"MatchRepoDigestOrExact\", the identity in the signature must be in the same repository as the image identity if the image identity is referenced by a digest. Otherwise, the identity in the signature must be the same as the image identity. When set to \"MatchRepository\", the identity in the signature must be in the same repository as the image identity. When set to \"ExactRepository\", the exactRepository must be specified. The identity in the signature must be in the same repository as a specific identity specified by \"repository\". When set to \"RemapIdentity\", the remapIdentity must be specified. The signature must be in the same as the remapped image identity. Remapped image identity is obtained by replacing the \"prefix\" with the specified “signedPrefix” if the the image identity matches the specified remapPrefix.", + "externalIPNetworkCIDRs": { + "description": "externalIPNetworkCIDRs controls what values are acceptable for the service external IP field. If empty, no externalIP may be set. It may contain a list of CIDRs which are checked for access. If a CIDR is prefixed with !, IPs in that CIDR will be rejected. Rejections will be applied first, then the IP checked against one of the allowed CIDRs. You should ensure this range does not overlap with your nodes, pods, or service CIDRs for security reasons.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "hostSubnetLength": { + "description": "hostSubnetLength is the number of bits to allocate to each host's subnet e.g. 8 would mean a /24 network on the host. Deprecated, but maintained for backwards compatibility, use ClusterNetworks instead.", + "type": "integer", + "format": "int64" + }, + "ingressIPNetworkCIDR": { + "description": "ingressIPNetworkCIDR controls the range to assign ingress ips from for services of type LoadBalancer on bare metal. If empty, ingress ips will not be assigned. It may contain a single CIDR that will be allocated from. For security reasons, you should ensure that this range does not overlap with the CIDRs reserved for external ips, nodes, pods, or services.", "type": "string", "default": "" }, - "remapIdentity": { - "description": "remapIdentity specifies the prefix remapping rule for verifying image identity. remapIdentity is required if matchPolicy is set to \"RemapIdentity\". It is used to verify that the signature claims a different registry/repository prefix than the original image.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyMatchRemapIdentity" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "matchPolicy", - "fields-to-discriminateBy": { - "exactRepository": "PolicyMatchExactRepository", - "remapIdentity": "PolicyMatchRemapIdentity" - } + "networkPluginName": { + "description": "networkPluginName is the name of the network plugin to use", + "type": "string", + "default": "" + }, + "serviceNetworkCIDR": { + "description": "ServiceNetwork is the CIDR string to specify the service networks", + "type": "string", + "default": "" + }, + "vxlanPort": { + "description": "vxlanPort is the VXLAN port used by the cluster defaults. If it is not set, 4789 is the default value", + "type": "integer", + "format": "int64" } - ] + } }, - "com.github.openshift.api.config.v1.PolicyMatchExactRepository": { + "com.github.openshift.api.legacyconfig.v1.MasterVolumeConfig": { + "description": "MasterVolumeConfig contains options for configuring volume plugins in the master node.", "type": "object", "required": [ - "repository" + "dynamicProvisioningEnabled" ], "properties": { - "repository": { - "description": "repository is the reference of the image identity to be matched. repository is required if matchPolicy is set to \"ExactRepository\". The value should be a repository name (by omitting the tag or digest) in a registry implementing the \"Docker Registry HTTP API V2\". For example, docker.io/library/busybox", - "type": "string", - "default": "" + "dynamicProvisioningEnabled": { + "description": "dynamicProvisioningEnabled is a boolean that toggles dynamic provisioning off when false, defaults to true", + "type": "boolean" } } }, - "com.github.openshift.api.config.v1.PolicyMatchRemapIdentity": { + "com.github.openshift.api.legacyconfig.v1.NamedCertificate": { + "description": "NamedCertificate specifies a certificate/key, and the names it should be served for", "type": "object", "required": [ - "prefix", - "signedPrefix" + "names", + "certFile", + "keyFile" ], "properties": { - "prefix": { - "description": "prefix is required if matchPolicy is set to \"RemapIdentity\". prefix is the prefix of the image identity to be matched. If the image identity matches the specified prefix, that prefix is replaced by the specified “signedPrefix” (otherwise it is used as unchanged and no remapping takes place). This is useful when verifying signatures for a mirror of some other repository namespace that preserves the vendor’s repository structure. The prefix and signedPrefix values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", "type": "string", "default": "" }, - "signedPrefix": { - "description": "signedPrefix is required if matchPolicy is set to \"RemapIdentity\". signedPrefix is the prefix of the image identity to be matched in the signature. The format is the same as \"prefix\". The values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", "type": "string", "default": "" + }, + "names": { + "description": "names is a list of DNS names this certificate should be used to secure A name can be a normal DNS name, or can contain leading wildcard segments.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.config.v1.PolicyRootOfTrust": { - "description": "PolicyRootOfTrust defines the root of trust based on the selected policyType.", + "com.github.openshift.api.legacyconfig.v1.NodeAuthConfig": { + "description": "NodeAuthConfig holds authn/authz configuration options", "type": "object", "required": [ - "policyType" + "authenticationCacheTTL", + "authenticationCacheSize", + "authorizationCacheTTL", + "authorizationCacheSize" ], "properties": { - "fulcioCAWithRekor": { - "description": "fulcioCAWithRekor defines the root of trust configuration based on the Fulcio certificate and the Rekor public key. fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise For more information about Fulcio and Rekor, please refer to the document at: https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor", - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicyFulcioCAWithRekorRootOfTrust" - }, - "pki": { - "description": "pki defines the root of trust configuration based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates. pki is required when policyType is PKI, and forbidden otherwise.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicyPKIRootOfTrust" + "authenticationCacheSize": { + "description": "authenticationCacheSize indicates how many authentication results should be cached. If 0, the default cache size is used.", + "type": "integer", + "format": "int32", + "default": 0 }, - "policyType": { - "description": "policyType is a required field specifies the type of the policy for verification. This field must correspond to how the policy was generated. Allowed values are \"PublicKey\", \"FulcioCAWithRekor\", and \"PKI\". When set to \"PublicKey\", the policy relies on a sigstore publicKey and may optionally use a Rekor verification. When set to \"FulcioCAWithRekor\", the policy is based on the Fulcio certification and incorporates a Rekor verification. When set to \"PKI\", the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI).", + "authenticationCacheTTL": { + "description": "authenticationCacheTTL indicates how long an authentication result should be cached. It takes a valid time duration string (e.g. \"5m\"). If empty, you get the default timeout. If zero (e.g. \"0m\"), caching is disabled", "type": "string", "default": "" }, - "publicKey": { - "description": "publicKey defines the root of trust configuration based on a sigstore public key. Optionally include a Rekor public key for Rekor verification. publicKey is required when policyType is PublicKey, and forbidden otherwise.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicyPublicKeyRootOfTrust" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "policyType", - "fields-to-discriminateBy": { - "fulcioCAWithRekor": "FulcioCAWithRekor", - "pki": "PKI", - "publicKey": "PublicKey" - } - } - ] - }, - "com.github.openshift.api.config.v1.PowerVSPlatformSpec": { - "description": "PowerVSPlatformSpec holds the desired state of the IBM Power Systems Virtual Servers infrastructure provider. This only includes fields that can be modified in the cluster.", - "type": "object", - "properties": { - "serviceEndpoints": { - "description": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.PowerVSServiceEndpoint" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "authorizationCacheSize": { + "description": "authorizationCacheSize indicates how many authorization results should be cached. If 0, the default cache size is used.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "authorizationCacheTTL": { + "description": "authorizationCacheTTL indicates how long an authorization result should be cached. It takes a valid time duration string (e.g. \"5m\"). If empty, you get the default timeout. If zero (e.g. \"0m\"), caching is disabled", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.PowerVSPlatformStatus": { - "description": "PowerVSPlatformStatus holds the current status of the IBM Power Systems Virtual Servers infrastrucutre provider.", + "com.github.openshift.api.legacyconfig.v1.NodeConfig": { + "description": "NodeConfig is the fully specified config starting an OpenShift node\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "region", - "zone" + "nodeName", + "nodeIP", + "servingInfo", + "masterKubeConfig", + "masterClientConnectionOverrides", + "dnsDomain", + "dnsIP", + "dnsBindAddress", + "dnsNameservers", + "dnsRecursiveResolvConf", + "networkConfig", + "volumeDirectory", + "imageConfig", + "allowDisabledDocker", + "podManifestConfig", + "authConfig", + "dockerConfig", + "iptablesSyncPeriod", + "enableUnidling", + "volumeConfig" ], "properties": { - "cisInstanceCRN": { - "description": "cisInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain", - "type": "string" + "allowDisabledDocker": { + "description": "allowDisabledDocker if true, the Kubelet will ignore errors from Docker. This means that a node can start on a machine that doesn't have docker started.", + "type": "boolean", + "default": false }, - "dnsInstanceCRN": { - "description": "dnsInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "region": { - "description": "region holds the default Power VS region for new Power VS resources created by the cluster.", + "authConfig": { + "description": "authConfig holds authn/authz configuration options", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.NodeAuthConfig" + }, + "dnsBindAddress": { + "description": "dnsBindAddress is the ip:port to serve DNS on. If this is not set, the DNS server will not be started. Because most DNS resolvers will only listen on port 53, if you select an alternative port you will need a DNS proxy like dnsmasq to answer queries for containers. A common configuration is dnsmasq configured on a node IP listening on 53 and delegating queries for dnsDomain to this process, while sending other queries to the host environments nameservers.", "type": "string", "default": "" }, - "resourceGroup": { - "description": "resourceGroup is the resource group name for new IBMCloud resources created for a cluster. The resource group specified here will be used by cluster-image-registry-operator to set up a COS Instance in IBMCloud for the cluster registry. More about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs. When omitted, the image registry operator won't be able to configure storage, which results in the image registry cluster operator not being in an available state.", + "dnsDomain": { + "description": "dnsDomain holds the domain suffix that will be used for the DNS search path inside each container. Defaults to 'cluster.local'.", "type": "string", "default": "" }, - "serviceEndpoints": { - "description": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service.", + "dnsIP": { + "description": "dnsIP is the IP address that pods will use to access cluster DNS. Defaults to the service IP of the Kubernetes master. This IP must be listening on port 53 for compatibility with libc resolvers (which cannot be configured to resolve names from any other port). When running more complex local DNS configurations, this is often set to the local address of a DNS proxy like dnsmasq, which then will consult either the local DNS (see dnsBindAddress) or the master DNS.", + "type": "string", + "default": "" + }, + "dnsNameservers": { + "description": "dnsNameservers is a list of ip:port values of recursive nameservers to forward queries to when running a local DNS server if dnsBindAddress is set. If this value is empty, the DNS server will default to the nameservers listed in /etc/resolv.conf. If you have configured dnsmasq or another DNS proxy on the system, this value should be set to the upstream nameservers dnsmasq resolves with.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.PowerVSServiceEndpoint" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "type": "string", + "default": "" + } }, - "zone": { - "description": "zone holds the default zone for the new Power VS resources created by the cluster. Note: Currently only single-zone OCP clusters are supported", + "dnsRecursiveResolvConf": { + "description": "dnsRecursiveResolvConf is a path to a resolv.conf file that contains settings for an upstream server. Only the nameservers and port fields are used. The file must exist and parse correctly. It adds extra nameservers to DNSNameservers if set.", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.config.v1.PowerVSServiceEndpoint": { - "description": "PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services.", - "type": "object", - "required": [ - "name", - "url" - ], - "properties": { - "name": { - "description": "name is the name of the Power VS service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller Power Cloud - https://cloud.ibm.com/apidocs/power-cloud", + }, + "dockerConfig": { + "description": "dockerConfig holds Docker related configuration options.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.DockerConfig" + }, + "enableUnidling": { + "description": "enableUnidling controls whether or not the hybrid unidling proxy will be set up", + "type": "boolean" + }, + "imageConfig": { + "description": "imageConfig holds options that describe how to build image names for system components", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ImageConfig" + }, + "iptablesSyncPeriod": { + "description": "iptablesSyncPeriod is how often iptable rules are refreshed", "type": "string", "default": "" }, - "url": { - "description": "url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "kubeletArguments": { + "description": "kubeletArguments are key value pairs that will be passed directly to the Kubelet that match the Kubelet's command line arguments. These are not migrated or validated, so if you use them they may become invalid. These values override other settings in NodeConfig which may cause invalid configurations.", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string", + "default": "" + } + } + }, + "masterClientConnectionOverrides": { + "description": "masterClientConnectionOverrides provides overrides to the client connection used to connect to the master.", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ClientConnectionOverrides" + }, + "masterKubeConfig": { + "description": "masterKubeConfig is a filename for the .kubeconfig file that describes how to connect this node to the master", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.config.v1.PrefixedClaimMapping": { - "description": "PrefixedClaimMapping configures a claim mapping that allows for an optional prefix.", - "type": "object", - "properties": { - "claim": { - "description": "claim is an optional field for specifying the JWT token claim that is used in the mapping. The value of this claim will be assigned to the field in which this mapping is associated. claim must not exceed 256 characters in length. When set to the empty string `\"\"`, this means that no named claim should be used for the group mapping. claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled.", + }, + "networkConfig": { + "description": "networkConfig provides network options for the node", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.NodeNetworkConfig" + }, + "networkPluginName": { + "description": "Deprecated and maintained for backward compatibility, use NetworkConfig.NetworkPluginName instead", + "type": "string" + }, + "nodeIP": { + "description": "Node may have multiple IPs, specify the IP to use for pod traffic routing If not specified, network parse/lookup on the nodeName is performed and the first non-loopback address is used", "type": "string", "default": "" }, - "expression": { - "description": "expression is an optional CEL expression used to derive group values from JWT claims.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length .\n\nWhen specified, claim must not be set or be explicitly set to the empty string (`\"\"`).", - "type": "string" + "nodeName": { + "description": "nodeName is the value used to identify this particular node in the cluster. If possible, this should be your fully qualified hostname. If you're describing a set of static nodes to the master, this value must match one of the values in the list", + "type": "string", + "default": "" }, - "prefix": { - "description": "prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes.\n\nWhen omitted or set to an empty string (\"\"), no prefix is applied to the cluster identity attribute. Must not be set to a non-empty value when expression is set.\n\nExample: if `prefix` is set to \"myoidc:\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\".", + "podManifestConfig": { + "description": "podManifestConfig holds the configuration for enabling the Kubelet to create pods based from a manifest file(s) placed locally on the node", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.PodManifestConfig" + }, + "proxyArguments": { + "description": "proxyArguments are key value pairs that will be passed directly to the Proxy that match the Proxy's command line arguments. These are not migrated or validated, so if you use them they may become invalid. These values override other settings in NodeConfig which may cause invalid configurations.", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string", + "default": "" + } + } + }, + "servingInfo": { + "description": "servingInfo describes how to start serving", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ServingInfo" + }, + "volumeConfig": { + "description": "volumeConfig contains options for configuring volumes on the node.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.NodeVolumeConfig" + }, + "volumeDirectory": { + "description": "volumeDirectory is the directory that volumes will be stored under", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.ProfileCustomizations": { - "description": "ProfileCustomizations contains various parameters for modifying the default behavior of certain profiles", + "com.github.openshift.api.legacyconfig.v1.NodeNetworkConfig": { + "description": "NodeNetworkConfig provides network options for the node", "type": "object", + "required": [ + "networkPluginName", + "mtu" + ], "properties": { - "dynamicResourceAllocation": { - "description": "dynamicResourceAllocation allows to enable or disable dynamic resource allocation within the scheduler. Dynamic resource allocation is an API for requesting and sharing resources between pods and containers inside a pod. Third-party resource drivers are responsible for tracking and allocating resources. Different kinds of resources support arbitrary parameters for defining requirements and initialization. Valid values are Enabled, Disabled and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is Disabled.", + "mtu": { + "description": "Maximum transmission unit for the network packets", + "type": "integer", + "format": "int64", + "default": 0 + }, + "networkPluginName": { + "description": "networkPluginName is a string specifying the networking plugin", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.Project": { - "description": "Project holds cluster-wide information about Project. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.NodeVolumeConfig": { + "description": "NodeVolumeConfig contains options for configuring volumes on the node.", "type": "object", "required": [ - "spec" + "localQuota" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ProjectSpec" - }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", + "localQuota": { + "description": "localQuota contains options for controlling local volume quota on the node.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ProjectStatus" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LocalQuota" } } }, - "com.github.openshift.api.config.v1.ProjectList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.OAuthConfig": { + "description": "OAuthConfig holds the necessary configuration options for OAuth authentication", "type": "object", "required": [ - "metadata", - "items" + "masterCA", + "masterURL", + "masterPublicURL", + "assetPublicURL", + "alwaysShowProviderSelection", + "identityProviders", + "grantConfig", + "sessionConfig", + "tokenConfig", + "templates" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "alwaysShowProviderSelection": { + "description": "alwaysShowProviderSelection will force the provider selection page to render even when there is only a single provider.", + "type": "boolean", + "default": false }, - "items": { + "assetPublicURL": { + "description": "assetPublicURL is used for building valid client redirect URLs for external access", + "type": "string", + "default": "" + }, + "grantConfig": { + "description": "grantConfig describes how to handle grants", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.GrantConfig" + }, + "identityProviders": { + "description": "identityProviders is an ordered list of ways for a user to identify themselves", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Project" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.IdentityProvider" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "masterCA": { + "description": "masterCA is the CA for verifying the TLS connection back to the MasterURL.", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.config.v1.ProjectSpec": { - "description": "ProjectSpec holds the project creation configuration.", - "type": "object", - "properties": { - "projectRequestMessage": { - "description": "projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint", + "masterPublicURL": { + "description": "masterPublicURL is used for building valid client redirect URLs for internal and external access", "type": "string", "default": "" }, - "projectRequestTemplate": { - "description": "projectRequestTemplate is the template to use for creating projects in response to projectrequest. This must point to a template in 'openshift-config' namespace. It is optional. If it is not specified, a default template is used.", + "masterURL": { + "description": "masterURL is used for making server-to-server calls to exchange authorization codes for access tokens", + "type": "string", + "default": "" + }, + "sessionConfig": { + "description": "sessionConfig hold information about configuring sessions.", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.SessionConfig" + }, + "templates": { + "description": "templates allow you to customize pages like the login page.", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.OAuthTemplates" + }, + "tokenConfig": { + "description": "tokenConfig contains options for authorization and access tokens", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.TemplateReference" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.TokenConfig" } } }, - "com.github.openshift.api.config.v1.ProjectStatus": { - "type": "object" - }, - "com.github.openshift.api.config.v1.PromQLClusterCondition": { - "description": "PromQLClusterCondition represents a cluster condition based on PromQL.", + "com.github.openshift.api.legacyconfig.v1.OAuthTemplates": { + "description": "OAuthTemplates allow for customization of pages like the login page", "type": "object", "required": [ - "promql" + "login", + "providerSelection", + "error" ], "properties": { - "promql": { - "description": "promql is a PromQL query classifying clusters. This query query should return a 1 in the match case and a 0 in the does-not-match case. Queries which return no time series, or which return values besides 0 or 1, are evaluation failures.", + "error": { + "description": "error is a path to a file containing a go template used to render error pages during the authentication or grant flow If unspecified, the default error page is used.", + "type": "string", + "default": "" + }, + "login": { + "description": "login is a path to a file containing a go template used to render the login page. If unspecified, the default login page is used.", + "type": "string", + "default": "" + }, + "providerSelection": { + "description": "providerSelection is a path to a file containing a go template used to render the provider selection page. If unspecified, the default provider selection page is used.", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.Proxy": { - "description": "Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.OpenIDClaims": { + "description": "OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider", "type": "object", "required": [ - "spec" + "id", + "preferredUsername", + "name", + "email" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "email": { + "description": "email is the list of claims whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "id": { + "description": "id is the list of claims whose values should be used as the user ID. Required. OpenID standard identity claim is \"sub\"", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "spec": { - "description": "spec holds user-settable values for the proxy configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ProxySpec" + "name": { + "description": "name is the list of claims whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ProxyStatus" + "preferredUsername": { + "description": "preferredUsername is the list of claims whose values should be used as the preferred username. If unspecified, the preferred username is determined from the value of the id claim", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.config.v1.ProxyList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.OpenIDIdentityProvider": { + "description": "OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "metadata", - "items" + "ca", + "clientID", + "clientSecret", + "extraScopes", + "extraAuthorizeParameters", + "urls", + "claims" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { + "ca": { + "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", + "type": "string", + "default": "" + }, + "claims": { + "description": "claims mappings", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.OpenIDClaims" + }, + "clientID": { + "description": "clientID is the oauth client ID", + "type": "string", + "default": "" + }, + "clientSecret": { + "description": "clientSecret is the oauth client secret", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.StringSource" + }, + "extraAuthorizeParameters": { + "description": "extraAuthorizeParameters are any custom parameters to add to the authorize request.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "extraScopes": { + "description": "extraScopes are any scopes to request in addition to the standard \"openid\" scope.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Proxy" + "type": "string", + "default": "" } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "urls": { + "description": "urls to use to authenticate", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.OpenIDURLs" } } }, - "com.github.openshift.api.config.v1.ProxySpec": { - "description": "ProxySpec contains cluster proxy creation configuration.", + "com.github.openshift.api.legacyconfig.v1.OpenIDURLs": { + "description": "OpenIDURLs are URLs to use when authenticating with an OpenID identity provider", "type": "object", + "required": [ + "authorize", + "token", + "userInfo" + ], "properties": { - "httpProxy": { - "description": "httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var.", - "type": "string" - }, - "httpsProxy": { - "description": "httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var.", - "type": "string" - }, - "noProxy": { - "description": "noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. Empty means unset and will not result in an env var.", - "type": "string" + "authorize": { + "description": "authorize is the oauth authorization URL", + "type": "string", + "default": "" }, - "readinessEndpoints": { - "description": "readinessEndpoints is a list of endpoints used to verify readiness of the proxy.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "token": { + "description": "token is the oauth token granting URL", + "type": "string", + "default": "" }, - "trustedCA": { - "description": "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well.\n\nThe namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml):\n\napiVersion: v1 kind: ConfigMap metadata:\n name: user-ca-bundle\n namespace: openshift-config\n data:\n ca-bundle.crt: |\n -----BEGIN CERTIFICATE-----\n Custom CA certificate bundle.\n -----END CERTIFICATE-----", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "userInfo": { + "description": "userInfo is the optional userinfo URL. If present, a granted access_token is used to request claims If empty, a granted id_token is parsed for claims", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.ProxyStatus": { - "description": "ProxyStatus shows current known state of the cluster proxy.", + "com.github.openshift.api.legacyconfig.v1.PodManifestConfig": { + "description": "PodManifestConfig holds the necessary configuration options for using pod manifests", "type": "object", + "required": [ + "path", + "fileCheckIntervalSeconds" + ], "properties": { - "httpProxy": { - "description": "httpProxy is the URL of the proxy for HTTP requests.", - "type": "string" - }, - "httpsProxy": { - "description": "httpsProxy is the URL of the proxy for HTTPS requests.", - "type": "string" + "fileCheckIntervalSeconds": { + "description": "fileCheckIntervalSeconds is the interval in seconds for checking the manifest file(s) for new data The interval needs to be a positive value", + "type": "integer", + "format": "int64", + "default": 0 }, - "noProxy": { - "description": "noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used.", - "type": "string" + "path": { + "description": "path specifies the path for the pod manifest file or directory If its a directory, its expected to contain on or more manifest files This is used by the Kubelet to create pods on the node", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.RegistryLocation": { - "description": "RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'.", + "com.github.openshift.api.legacyconfig.v1.PolicyConfig": { + "description": "holds the necessary configuration options for", "type": "object", "required": [ - "domainName" + "userAgentMatchingConfig" ], "properties": { - "domainName": { - "description": "domainName specifies a domain name for the registry In case the registry use non-standard (80 or 443) port, the port should be included in the domain name as well.", + "userAgentMatchingConfig": { + "description": "userAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.UserAgentMatchingConfig" + } + } + }, + "com.github.openshift.api.legacyconfig.v1.ProjectConfig": { + "description": "holds the necessary configuration options for", + "type": "object", + "required": [ + "defaultNodeSelector", + "projectRequestMessage", + "projectRequestTemplate", + "securityAllocator" + ], + "properties": { + "defaultNodeSelector": { + "description": "defaultNodeSelector holds default project node label selector", "type": "string", "default": "" }, - "insecure": { - "description": "insecure indicates whether the registry is secure (https) or insecure (http) By default (if not specified) the registry is assumed as secure.", - "type": "boolean" + "projectRequestMessage": { + "description": "projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint", + "type": "string", + "default": "" + }, + "projectRequestTemplate": { + "description": "projectRequestTemplate is the template to use for creating projects in response to projectrequest. It is in the format namespace/template and it is optional. If it is not specified, a default template is used.", + "type": "string", + "default": "" + }, + "securityAllocator": { + "description": "securityAllocator controls the automatic allocation of UIDs and MCS labels to a project. If nil, allocation is disabled.", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.SecurityAllocator" } } }, - "com.github.openshift.api.config.v1.RegistrySources": { - "description": "RegistrySources holds cluster-wide information about how to handle the registries config.", + "com.github.openshift.api.legacyconfig.v1.RFC2307Config": { + "description": "RFC2307Config holds the necessary configuration options to define how an LDAP group sync interacts with an LDAP server using the RFC2307 schema", "type": "object", + "required": [ + "groupsQuery", + "groupUIDAttribute", + "groupNameAttributes", + "groupMembershipAttributes", + "usersQuery", + "userUIDAttribute", + "userNameAttributes", + "tolerateMemberNotFoundErrors", + "tolerateMemberOutOfScopeErrors" + ], "properties": { - "allowedRegistries": { - "description": "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", + "groupMembershipAttributes": { + "description": "groupMembershipAttributes defines which attributes on an LDAP group entry will be interpreted as its members. The values contained in those attributes must be queryable by your UserUIDAttribute", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } }, - "blockedRegistries": { - "description": "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", + "groupNameAttributes": { + "description": "groupNameAttributes defines which attributes on an LDAP group entry will be interpreted as its name to use for an OpenShift group", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } }, - "containerRuntimeSearchRegistries": { - "description": "containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified domains in their pull specs. Registries will be searched in the order provided in the list. Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" + "groupUIDAttribute": { + "description": "GroupUIDAttributes defines which attribute on an LDAP group entry will be interpreted as its unique identifier. (ldapGroupUID)", + "type": "string", + "default": "" }, - "insecureRegistries": { - "description": "insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.", + "groupsQuery": { + "description": "AllGroupsQuery holds the template for an LDAP query that returns group entries.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LDAPQuery" + }, + "tolerateMemberNotFoundErrors": { + "description": "tolerateMemberNotFoundErrors determines the behavior of the LDAP sync job when missing user entries are encountered. If 'true', an LDAP query for users that doesn't find any will be tolerated and an only and error will be logged. If 'false', the LDAP sync job will fail if a query for users doesn't find any. The default value is 'false'. Misconfigured LDAP sync jobs with this flag set to 'true' can cause group membership to be removed, so it is recommended to use this flag with caution.", + "type": "boolean", + "default": false + }, + "tolerateMemberOutOfScopeErrors": { + "description": "tolerateMemberOutOfScopeErrors determines the behavior of the LDAP sync job when out-of-scope user entries are encountered. If 'true', an LDAP query for a user that falls outside of the base DN given for the all user query will be tolerated and only an error will be logged. If 'false', the LDAP sync job will fail if a user query would search outside of the base DN specified by the all user query. Misconfigured LDAP sync jobs with this flag set to 'true' can result in groups missing users, so it is recommended to use this flag with caution.", + "type": "boolean", + "default": false + }, + "userNameAttributes": { + "description": "userNameAttributes defines which attributes on an LDAP user entry will be used, in order, as its OpenShift user name. The first attribute with a non-empty value is used. This should match your PreferredUsername setting for your LDAPPasswordIdentityProvider", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } + }, + "userUIDAttribute": { + "description": "userUIDAttribute defines which attribute on an LDAP user entry will be interpreted as its unique identifier. It must correspond to values that will be found from the GroupMembershipAttributes", + "type": "string", + "default": "" + }, + "usersQuery": { + "description": "AllUsersQuery holds the template for an LDAP query that returns user entries.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LDAPQuery" } } }, - "com.github.openshift.api.config.v1.Release": { - "description": "Release represents an OpenShift release image and associated metadata.", + "com.github.openshift.api.legacyconfig.v1.RegistryLocation": { + "description": "RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'.", "type": "object", "required": [ - "version", - "image" + "domainName" ], "properties": { - "architecture": { - "description": "architecture is an optional field that indicates the value of the cluster architecture. In this context cluster architecture means either a single architecture or a multi architecture. Valid values are 'Multi' and empty.", - "type": "string" - }, - "channels": { - "description": "channels is the set of Cincinnati channels to which the release currently belongs.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" - }, - "image": { - "description": "image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.", + "domainName": { + "description": "domainName specifies a domain name for the registry In case the registry use non-standard (80 or 443) port, the port should be included in the domain name as well.", "type": "string", "default": "" }, - "url": { - "description": "url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases.", - "type": "string" - }, - "version": { - "description": "version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified.", - "type": "string", - "default": "" + "insecure": { + "description": "insecure indicates whether the registry is secure (https) or insecure (http) By default (if not specified) the registry is assumed as secure.", + "type": "boolean" } } }, - "com.github.openshift.api.config.v1.RemoteConnectionInfo": { + "com.github.openshift.api.legacyconfig.v1.RemoteConnectionInfo": { "description": "RemoteConnectionInfo holds information necessary for establishing a remote connection", "type": "object", "required": [ @@ -22440,53 +20953,81 @@ } } }, - "com.github.openshift.api.config.v1.RepositoryDigestMirrors": { - "description": "RepositoryDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config.", + "com.github.openshift.api.legacyconfig.v1.RequestHeaderAuthenticationOptions": { + "description": "RequestHeaderAuthenticationOptions provides options for setting up a front proxy against the entire API instead of against the /oauth endpoint.", "type": "object", "required": [ - "source" + "clientCA", + "clientCommonNames", + "usernameHeaders", + "groupHeaders", + "extraHeaderPrefixes" ], "properties": { - "allowMirrorByTags": { - "description": "allowMirrorByTags if true, the mirrors can be used to pull the images that are referenced by their tags. Default is false, the mirrors only work when pulling the images that are referenced by their digests. Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. Forcing digest-pulls for mirrors avoids that issue.", - "type": "boolean" + "clientCA": { + "description": "clientCA is a file with the trusted signer certs. It is required.", + "type": "string", + "default": "" }, - "mirrors": { - "description": "mirrors is zero or more repositories that may also contain the same images. If the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec. No mirror will be configured. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. Other cluster configuration, including (but not limited to) other repositoryDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering.", + "clientCommonNames": { + "description": "clientCommonNames is a required list of common names to require a match from.", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "set" + } }, - "source": { - "description": "source is the repository that users refer to, e.g. in image pull specifications.", - "type": "string", - "default": "" + "extraHeaderPrefixes": { + "description": "extraHeaderPrefixes is the set of request header prefixes to inspect for user extra. X-Remote-Extra- is suggested.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "groupHeaders": { + "description": "GroupNameHeader is the set of headers to check for group information. All are unioned.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "usernameHeaders": { + "description": "usernameHeaders is the list of headers to check for user information. First hit wins.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.config.v1.RequestHeaderIdentityProvider": { - "description": "RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials", + "com.github.openshift.api.legacyconfig.v1.RequestHeaderIdentityProvider": { + "description": "RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ "loginURL", "challengeURL", - "ca", + "clientCA", + "clientCommonNames", "headers", "preferredUsernameHeaders", "nameHeaders", "emailHeaders" ], "properties": { - "ca": { - "description": "ca is a required reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. Specifically, it allows verification of incoming requests to prevent header spoofing. The key \"ca.crt\" is used to locate the data. If the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. The namespace for this config map is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, "challengeURL": { - "description": "challengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here. ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}\nRequired when challenge is set to true.", + "description": "challengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}", + "type": "string", + "default": "" + }, + "clientCA": { + "description": "clientCA is a file with the trusted signer certs. If empty, no request verification is done, and any direct request to the OAuth server can impersonate any identity from this provider, merely by setting a request header.", "type": "string", "default": "" }, @@ -22514,8 +21055,12 @@ "default": "" } }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, "loginURL": { - "description": "loginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}\nRequired when login is set to true.", + "description": "loginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}", "type": "string", "default": "" }, @@ -22537,155 +21082,114 @@ } } }, - "com.github.openshift.api.config.v1.RequiredHSTSPolicy": { + "com.github.openshift.api.legacyconfig.v1.RoutingConfig": { + "description": "RoutingConfig holds the necessary configuration options for routing to subdomains", "type": "object", "required": [ - "domainPatterns", - "maxAge" + "subdomain" ], "properties": { - "domainPatterns": { - "description": "domainPatterns is a list of domains for which the desired HSTS annotations are required. If domainPatterns is specified and a route is created with a spec.host matching one of the domains, the route must specify the HSTS Policy components described in the matching RequiredHSTSPolicy.\n\nThe use of wildcards is allowed like this: *.foo.com matches everything under foo.com. foo.com only matches foo.com, so to cover foo.com and everything under it, you must specify *both*.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "includeSubDomainsPolicy": { - "description": "includeSubDomainsPolicy means the HSTS Policy should apply to any subdomains of the host's domain name. Thus, for the host bar.foo.com, if includeSubDomainsPolicy was set to RequireIncludeSubDomains: - the host app.bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host foo.com would NOT inherit the HSTS Policy of bar.foo.com - the host def.foo.com would NOT inherit the HSTS Policy of bar.foo.com", - "type": "string" - }, - "maxAge": { - "description": "maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts. If set to 0, it negates the effect, and hosts are removed as HSTS hosts. If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts. maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS policy will eventually expire on that client.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.MaxAgePolicy" - }, - "namespaceSelector": { - "description": "namespaceSelector specifies a label selector such that the policy applies only to those routes that are in namespaces with labels that match the selector, and are in one of the DomainPatterns. Defaults to the empty LabelSelector, which matches everything.", - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "preloadPolicy": { - "description": "preloadPolicy directs the client to include hosts in its host preload list so that it never needs to do an initial load to get the HSTS header (note that this is not defined in RFC 6797 and is therefore client implementation-dependent).", - "type": "string" + "subdomain": { + "description": "subdomain is the suffix appended to $service.$namespace. to form the default route hostname DEPRECATED: This field is being replaced by routers setting their own defaults. This is the \"default\" route.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.Scheduler": { - "description": "Scheduler holds cluster-wide config information to run the Kubernetes Scheduler and influence its placement decisions. The canonical name for this config is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.SecurityAllocator": { + "description": "SecurityAllocator controls the automatic allocation of UIDs and MCS labels to a project. If nil, allocation is disabled.", "type": "object", "required": [ - "spec" + "uidAllocatorRange", + "mcsAllocatorRange", + "mcsLabelsPerProject" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "mcsAllocatorRange": { + "description": "mcsAllocatorRange defines the range of MCS categories that will be assigned to namespaces. The format is \"/[,]\". The default is \"s0/2\" and will allocate from c0 -> c1023, which means a total of 535k labels are available (1024 choose 2 ~ 535k). If this value is changed after startup, new projects may receive labels that are already allocated to other projects. Prefix may be any valid SELinux set of terms (including user, role, and type), although leaving them as the default will allow the server to set them automatically.\n\nExamples: * s0:/2 - Allocate labels from s0:c0,c0 to s0:c511,c511 * s0:/2,512 - Allocate labels from s0:c0,c0,c0 to s0:c511,c511,511", + "type": "string", + "default": "" }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SchedulerSpec" + "mcsLabelsPerProject": { + "description": "mcsLabelsPerProject defines the number of labels that should be reserved per project. The default is 5 to match the default UID and MCS ranges (100k namespaces, 535k/5 labels).", + "type": "integer", + "format": "int32", + "default": 0 }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SchedulerStatus" + "uidAllocatorRange": { + "description": "uidAllocatorRange defines the total set of Unix user IDs (UIDs) that will be allocated to projects automatically, and the size of the block each namespace gets. For example, 1000-1999/10 will allocate ten UIDs per namespace, and will be able to allocate up to 100 blocks before running out of space. The default is to allocate from 1 billion to 2 billion in 10k blocks (which is the expected size of the ranges container images will use once user namespaces are started).", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.SchedulerList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.ServiceAccountConfig": { + "description": "ServiceAccountConfig holds the necessary configuration options for a service account", "type": "object", "required": [ - "metadata", - "items" + "managedNames", + "limitSecretReferences", + "privateKeyFile", + "publicKeyFiles", + "masterCA" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "limitSecretReferences": { + "description": "limitSecretReferences controls whether or not to allow a service account to reference any secret in a namespace without explicitly referencing them", + "type": "boolean", + "default": false }, - "items": { + "managedNames": { + "description": "managedNames is a list of service account names that will be auto-created in every namespace. If no names are specified, the ServiceAccountsController will not be started.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Scheduler" + "type": "string", + "default": "" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "masterCA": { + "description": "masterCA is the CA for verifying the TLS connection back to the master. The service account controller will automatically inject the contents of this file into pods so they can verify connections to the master.", + "type": "string", + "default": "" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "privateKeyFile": { + "description": "privateKeyFile is a file containing a PEM-encoded private RSA key, used to sign service account tokens. If no private key is specified, the service account TokensController will not be started.", + "type": "string", + "default": "" + }, + "publicKeyFiles": { + "description": "publicKeyFiles is a list of files, each containing a PEM-encoded public RSA key. (If any file contains a private key, the public portion of the key is used) The list of public keys is used to verify presented service account tokens. Each key is tried in order until the list is exhausted or verification succeeds. If no keys are specified, no service account authentication will be available.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.config.v1.SchedulerSpec": { - "type": "object", - "properties": { - "defaultNodeSelector": { - "description": "defaultNodeSelector helps set the cluster-wide default node selector to restrict pod placement to specific nodes. This is applied to the pods created in all namespaces and creates an intersection with any existing nodeSelectors already set on a pod, additionally constraining that pod's selector. For example, defaultNodeSelector: \"type=user-node,region=east\" would set nodeSelector field in pod spec to \"type=user-node,region=east\" to all pods created in all namespaces. Namespaces having project-wide node selectors won't be impacted even if this field is set. This adds an annotation section to the namespace. For example, if a new namespace is created with node-selector='type=user-node,region=east', the annotation openshift.io/node-selector: type=user-node,region=east gets added to the project. When the openshift.io/node-selector annotation is set on the project the value is used in preference to the value we are setting for defaultNodeSelector field. For instance, openshift.io/node-selector: \"type=user-node,region=west\" means that the default of \"type=user-node,region=east\" set in defaultNodeSelector would not be applied.", - "type": "string" - }, - "mastersSchedulable": { - "description": "mastersSchedulable allows masters nodes to be schedulable. When this flag is turned on, all the master nodes in the cluster will be made schedulable, so that workload pods can run on them. The default value for this field is false, meaning none of the master nodes are schedulable. Important Note: Once the workload pods start running on the master nodes, extreme care must be taken to ensure that cluster-critical control plane components are not impacted. Please turn on this field after doing due diligence.", - "type": "boolean", - "default": false - }, - "policy": { - "description": "DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. policy is a reference to a ConfigMap containing scheduler policy which has user specified predicates and priorities. If this ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. The namespace for this configmap is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" - }, - "profile": { - "description": "profile sets which scheduling profile should be set in order to configure scheduling decisions for new pods.\n\nValid values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" Defaults to \"LowNodeUtilization\"", - "type": "string" - }, - "profileCustomizations": { - "description": "profileCustomizations contains configuration for modifying the default behavior of existing scheduler profiles. Deprecated: no longer needed, since DRA is GA starting with 4.21, and is enabled by' default in the cluster, this field will be removed in 4.24.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ProfileCustomizations" - } - } - }, - "com.github.openshift.api.config.v1.SchedulerStatus": { - "type": "object" - }, - "com.github.openshift.api.config.v1.SecretNameReference": { - "description": "SecretNameReference references a secret in a specific namespace. The namespace must be specified at the point of use.", + "com.github.openshift.api.legacyconfig.v1.ServiceServingCert": { + "description": "ServiceServingCert holds configuration for service serving cert signer which creates cert/key pairs for pods fulfilling a service to serve with.", "type": "object", "required": [ - "name" + "signer" ], "properties": { - "name": { - "description": "name is the metadata.name of the referenced secret", - "type": "string", - "default": "" + "signer": { + "description": "signer holds the signing information used to automatically sign serving certificates. If this value is nil, then certs are not signed automatically.", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.CertInfo" } } }, - "com.github.openshift.api.config.v1.ServingInfo": { + "com.github.openshift.api.legacyconfig.v1.ServingInfo": { "description": "ServingInfo holds information about serving web pages", "type": "object", "required": [ "bindAddress", "bindNetwork", "certFile", - "keyFile" + "keyFile", + "clientCA", + "namedCertificates" ], "properties": { "bindAddress": { @@ -22713,7 +21217,8 @@ }, "clientCA": { "description": "clientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates", - "type": "string" + "type": "string", + "default": "" }, "keyFile": { "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", @@ -22729,57 +21234,94 @@ "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NamedCertificate" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.NamedCertificate" } } } }, - "com.github.openshift.api.config.v1.SignatureStore": { - "description": "SignatureStore represents the URL of custom Signature Store", + "com.github.openshift.api.legacyconfig.v1.SessionConfig": { + "description": "SessionConfig specifies options for cookie-based sessions. Used by AuthRequestHandlerSession", "type": "object", "required": [ - "url" + "sessionSecretsFile", + "sessionMaxAgeSeconds", + "sessionName" ], "properties": { - "ca": { - "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the signature store is not honored. If the specified ca data is not valid, the signature store is not honored. If empty, we fall back to the CA configured via Proxy, which is appended to the default system roots. The namespace for this config map is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "sessionMaxAgeSeconds": { + "description": "sessionMaxAgeSeconds specifies how long created sessions last. Used by AuthRequestHandlerSession", + "type": "integer", + "format": "int32", + "default": 0 }, - "url": { - "description": "url contains the upstream custom signature store URL. url should be a valid absolute http/https URI of an upstream signature store as per rfc1738. This must be provided and cannot be empty.", + "sessionName": { + "description": "sessionName is the cookie name used to store the session", + "type": "string", + "default": "" + }, + "sessionSecretsFile": { + "description": "sessionSecretsFile is a reference to a file containing a serialized SessionSecrets object If no file is specified, a random signing and encryption key are generated at each server start", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.Storage": { - "description": "Storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", + "com.github.openshift.api.legacyconfig.v1.SessionSecret": { + "description": "SessionSecret is a secret used to authenticate/decrypt cookie-based sessions", "type": "object", "required": [ - "type" + "authentication", + "encryption" ], "properties": { - "persistentVolume": { - "description": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.PersistentVolumeConfig" + "authentication": { + "description": "authentication is used to authenticate sessions using HMAC. Recommended to use a secret with 32 or 64 bytes.", + "type": "string", + "default": "" }, - "type": { - "description": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field.", - "type": "string" + "encryption": { + "description": "encryption is used to encrypt sessions. Must be 16, 24, or 32 characters long, to select AES-128, AES-", + "type": "string", + "default": "" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "persistentVolume": "PersistentVolume" + } + }, + "com.github.openshift.api.legacyconfig.v1.SessionSecrets": { + "description": "SessionSecrets list the secrets to use to sign/encrypt and authenticate/decrypt created sessions.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "required": [ + "secrets" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "secrets": { + "description": "secrets is a list of secrets New sessions are signed and encrypted using the first secret. Existing sessions are decrypted/authenticated by each secret until one succeeds. This allows rotating secrets.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.SessionSecret" } } - ] + } }, - "com.github.openshift.api.config.v1.StringSource": { + "com.github.openshift.api.legacyconfig.v1.SourceStrategyDefaultsConfig": { + "description": "SourceStrategyDefaultsConfig contains values that apply to builds using the source strategy.", + "type": "object", + "properties": { + "incremental": { + "description": "incremental indicates if s2i build strategies should perform an incremental build or not", + "type": "boolean" + } + } + }, + "com.github.openshift.api.legacyconfig.v1.StringSource": { "description": "StringSource allows specifying a string inline, or externally via env var or file. When it contains only a string value, it marshals to a simple JSON string.", "type": "object", "required": [ @@ -22811,7 +21353,7 @@ } } }, - "com.github.openshift.api.config.v1.StringSourceSpec": { + "com.github.openshift.api.legacyconfig.v1.StringSourceSpec": { "description": "StringSourceSpec specifies a string value, or external location", "type": "object", "required": [ @@ -22843,1030 +21385,1104 @@ } } }, - "com.github.openshift.api.config.v1.TLSProfileSpec": { - "description": "TLSProfileSpec is the desired behavior of a TLSSecurityProfile.", + "com.github.openshift.api.legacyconfig.v1.TokenConfig": { + "description": "TokenConfig holds the necessary configuration options for authorization and access tokens", "type": "object", "required": [ - "ciphers", - "minTLSVersion" + "authorizeTokenMaxAgeSeconds", + "accessTokenMaxAgeSeconds" ], "properties": { - "ciphers": { - "description": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries that their operands do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml):\n\n ciphers:\n - ECDHE-RSA-AES128-GCM-SHA256\n\nTLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable and are always enabled when TLS 1.3 is negotiated.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "accessTokenInactivityTimeoutSeconds": { + "description": "accessTokenInactivityTimeoutSeconds defined the default token inactivity timeout for tokens granted by any client. Setting it to nil means the feature is completely disabled (default) The default setting can be overridden on OAuthClient basis. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Valid values are: - 0: Tokens never time out - X: Tokens time out if there is no activity for X seconds The current minimum allowed value for X is 300 (5 minutes)", + "type": "integer", + "format": "int32" }, - "minTLSVersion": { - "description": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11", - "type": "string", - "default": "" + "accessTokenMaxAgeSeconds": { + "description": "accessTokenMaxAgeSeconds defines the maximum age of access tokens", + "type": "integer", + "format": "int32", + "default": 0 + }, + "authorizeTokenMaxAgeSeconds": { + "description": "authorizeTokenMaxAgeSeconds defines the maximum age of authorize tokens", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "com.github.openshift.api.config.v1.TLSSecurityProfile": { - "description": "TLSSecurityProfile defines the schema for a TLS security profile. This object is used by operators to apply TLS security settings to operands.", + "com.github.openshift.api.legacyconfig.v1.UserAgentDenyRule": { + "description": "UserAgentDenyRule adds a rejection message that can be used to help a user figure out how to get an approved client", "type": "object", + "required": [ + "regex", + "httpVerbs", + "rejectionMessage" + ], "properties": { - "custom": { - "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. An example custom profile looks like this:\n\n minTLSVersion: VersionTLS11\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256", - "$ref": "#/definitions/com.github.openshift.api.config.v1.CustomTLSProfile" - }, - "intermediate": { - "description": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305", - "$ref": "#/definitions/com.github.openshift.api.config.v1.IntermediateTLSProfile" - }, - "modern": { - "description": "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256", - "$ref": "#/definitions/com.github.openshift.api.config.v1.ModernTLSProfile" - }, - "old": { - "description": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", - "$ref": "#/definitions/com.github.openshift.api.config.v1.OldTLSProfile" + "httpVerbs": { + "description": "httpVerbs specifies which HTTP verbs should be matched. An empty list means \"match all verbs\".", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "type": { - "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe profiles are based on version 5.7 of the Mozilla Server Side TLS configuration guidelines. The cipher lists consist of the configuration's \"ciphersuites\" followed by the Go-specific \"ciphers\" from the guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.", + "regex": { + "description": "UserAgentRegex is a regex that is checked against the User-Agent. Known variants of oc clients 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f", "type": "string", "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "custom": "Custom", - "intermediate": "Intermediate", - "modern": "Modern", - "old": "Old" - } - } - ] - }, - "com.github.openshift.api.config.v1.TemplateReference": { - "description": "TemplateReference references a template in a specific namespace. The namespace must be specified at the point of use.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "description": "name is the metadata.name of the referenced project request template", + }, + "rejectionMessage": { + "description": "rejectionMessage is the message shown when rejecting a client. If it is not a set, the default message is used.", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.TestDetails": { + "com.github.openshift.api.legacyconfig.v1.UserAgentMatchRule": { + "description": "UserAgentMatchRule describes how to match a given request based on User-Agent and HTTPVerb", "type": "object", "required": [ - "testName" + "regex", + "httpVerbs" ], "properties": { - "testName": { - "description": "testName is the name of the test as it appears in junit XMLs. It does not include the suite name since the same test can be executed in many suites.", + "httpVerbs": { + "description": "httpVerbs specifies which HTTP verbs should be matched. An empty list means \"match all verbs\".", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "regex": { + "description": "UserAgentRegex is a regex that is checked against the User-Agent. Known variants of oc clients 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.TestReporting": { - "description": "TestReporting is used for origin (and potentially others) to report the test names for a given FeatureGate into the payload for later analysis on a per-payload basis. This doesn't need any CRD because it's never stored in the cluster.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.legacyconfig.v1.UserAgentMatchingConfig": { + "description": "UserAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!", "type": "object", "required": [ - "spec" + "requiredClients", + "deniedClients", + "defaultRejectionMessage" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "defaultRejectionMessage": { + "description": "defaultRejectionMessage is the message shown when rejecting a client. If it is not a set, a generic message is given.", + "type": "string", + "default": "" }, - "spec": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.TestReportingSpec" + "deniedClients": { + "description": "If this list is non-empty, then a User-Agent must not match any of the UserAgentRegexes", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.UserAgentDenyRule" + } }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.TestReportingStatus" - } - } - }, - "com.github.openshift.api.config.v1.TestReportingSpec": { - "type": "object", - "required": [ - "testsForFeatureGates" - ], - "properties": { - "testsForFeatureGates": { - "description": "testsForFeatureGates is a list, indexed by FeatureGate and includes information about testing.", + "requiredClients": { + "description": "If this list is non-empty, then a User-Agent must match one of the UserAgentRegexes to be allowed", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGateTests" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.UserAgentMatchRule" } } } }, - "com.github.openshift.api.config.v1.TestReportingStatus": { - "type": "object" - }, - "com.github.openshift.api.config.v1.TokenClaimMapping": { - "description": "TokenClaimMapping allows specifying a JWT token claim to be used when mapping claims from an authentication token to cluster identities.", + "com.github.openshift.api.legacyconfig.v1.WebhookTokenAuthenticator": { + "description": "WebhookTokenAuthenticators holds the necessary configuation options for external token authenticators", "type": "object", + "required": [ + "configFile", + "cacheTTL" + ], "properties": { - "claim": { - "description": "claim is an optional field for specifying the JWT token claim that is used in the mapping. The value of this claim will be assigned to the field in which this mapping is associated. claim must not exceed 256 characters in length. When set to the empty string `\"\"`, this means that no named claim should be used for the group mapping. claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled.", + "cacheTTL": { + "description": "cacheTTL indicates how long an authentication result should be cached. It takes a valid time duration string (e.g. \"5m\"). If empty, you get a default timeout of 2 minutes. If zero (e.g. \"0m\"), caching is disabled", "type": "string", "default": "" }, - "expression": { - "description": "expression is an optional CEL expression used to derive group values from JWT claims.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length .\n\nWhen specified, claim must not be set or be explicitly set to the empty string (`\"\"`).", - "type": "string" + "configFile": { + "description": "configFile is a path to a Kubeconfig file with the webhook configuration", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.TokenClaimMappings": { + "com.github.openshift.api.machine.v1.AWSFailureDomain": { + "description": "AWSFailureDomain configures failure domain information for the AWS platform.", "type": "object", - "required": [ - "username" - ], "properties": { - "extra": { - "description": "extra is an optional field for configuring the mappings used to construct the extra attribute for the cluster identity. When omitted, no extra attributes will be present on the cluster identity.\n\nkey values for extra mappings must be unique. A maximum of 32 extra attribute mappings may be provided.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ExtraMapping" - }, - "x-kubernetes-list-map-keys": [ - "key" - ], - "x-kubernetes-list-type": "map" - }, - "groups": { - "description": "groups is an optional field that configures how the groups of a cluster identity should be constructed from the claims in a JWT token issued by the identity provider.\n\nWhen referencing a claim, if the claim is present in the JWT token, its value must be a list of groups separated by a comma (',').\n\nFor example - '\"example\"' and '\"exampleOne\", \"exampleTwo\", \"exampleThree\"' are valid claim values.", + "placement": { + "description": "placement configures the placement information for this instance.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.PrefixedClaimMapping" - }, - "uid": { - "description": "uid is an optional field for configuring the claim mapping used to construct the uid for the cluster identity.\n\nWhen using uid.claim to specify the claim it must be a single string value. When using uid.expression the expression must result in a single string value.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a default, which is subject to change over time.\n\nThe current default is to use the 'sub' claim.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenClaimOrExpressionMapping" + "$ref": "#/definitions/com.github.openshift.api.machine.v1.AWSFailureDomainPlacement" }, - "username": { - "description": "username is a required field that configures how the username of a cluster identity should be constructed from the claims in a JWT token issued by the identity provider.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.UsernameClaimMapping" + "subnet": { + "description": "subnet is a reference to the subnet to use for this instance.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1.AWSResourceReference" } } }, - "com.github.openshift.api.config.v1.TokenClaimOrExpressionMapping": { - "description": "TokenClaimOrExpressionMapping allows specifying either a JWT token claim or CEL expression to be used when mapping claims from an authentication token to cluster identities.", + "com.github.openshift.api.machine.v1.AWSFailureDomainPlacement": { + "description": "AWSFailureDomainPlacement configures the placement information for the AWSFailureDomain.", "type": "object", + "required": [ + "availabilityZone" + ], "properties": { - "claim": { - "description": "claim is an optional field for specifying the JWT token claim that is used in the mapping. The value of this claim will be assigned to the field in which this mapping is associated.\n\nPrecisely one of claim or expression must be set. claim must not be specified when expression is set. When specified, claim must be at least 1 character in length and must not exceed 256 characters in length.", - "type": "string" - }, - "expression": { - "description": "expression is an optional field for specifying a CEL expression that produces a string value from JWT token claims.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'. 'claims' is a map of claim names to claim values. For example, the 'sub' claim value can be accessed as 'claims.sub'. Nested claims can be accessed using dot notation ('claims.foo.bar').\n\nPrecisely one of claim or expression must be set. expression must not be specified when claim is set. When specified, expression must be at least 1 character in length and must not exceed 1024 characters in length.", - "type": "string" + "availabilityZone": { + "description": "availabilityZone is the availability zone of the instance.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.TokenClaimValidationCELRule": { + "com.github.openshift.api.machine.v1.AWSResourceFilter": { + "description": "AWSResourceFilter is a filter used to identify an AWS resource", "type": "object", "required": [ - "expression", - "message" + "name" ], "properties": { - "expression": { - "description": "expression is a CEL expression evaluated against token claims. expression is required, must be at least 1 character in length and must not exceed 1024 characters. The expression must return a boolean value where 'true' signals a valid token and 'false' an invalid one.", - "type": "string" + "name": { + "description": "name of the filter. Filter names are case-sensitive.", + "type": "string", + "default": "" }, - "message": { - "description": "message is a required human-readable message to be logged by the Kubernetes API server if the CEL expression defined in 'expression' fails. message must be at least 1 character in length and must not exceed 256 characters.", - "type": "string" + "values": { + "description": "values includes one or more filter values. Filter values are case-sensitive.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.config.v1.TokenClaimValidationRule": { - "description": "TokenClaimValidationRule represents a validation rule based on token claims. If type is RequiredClaim, requiredClaim must be set. If Type is CEL, CEL must be set and RequiredClaim must be omitted.", + "com.github.openshift.api.machine.v1.AWSResourceReference": { + "description": "AWSResourceReference is a reference to a specific AWS resource by ID, ARN, or filters. Only one of ID, ARN or Filters may be specified. Specifying more than one will result in a validation error.", "type": "object", "required": [ "type" ], "properties": { - "cel": { - "description": "cel holds the CEL expression and message for validation. Must be set when Type is \"CEL\", and forbidden otherwise.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenClaimValidationCELRule" + "arn": { + "description": "arn of resource.", + "type": "string" }, - "requiredClaim": { - "description": "requiredClaim allows configuring a required claim name and its expected value. This field is required when `type` is set to RequiredClaim, and must be omitted when `type` is set to any other value. The Kubernetes API server uses this field to validate if an incoming JWT is valid for this identity provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenRequiredClaim" + "filters": { + "description": "filters is a set of filters used to identify a resource.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.AWSResourceFilter" + }, + "x-kubernetes-list-type": "atomic" + }, + "id": { + "description": "id of resource.", + "type": "string" }, "type": { - "description": "type is an optional field that configures the type of the validation rule.\n\nAllowed values are \"RequiredClaim\" and \"CEL\".\n\nWhen set to 'RequiredClaim', the Kubernetes API server will be configured to validate that the incoming JWT contains the required claim and that its value matches the required value.\n\nWhen set to 'CEL', the Kubernetes API server will be configured to validate the incoming JWT against the configured CEL expression.", + "description": "type determines how the reference will fetch the AWS resource.", "type": "string", "default": "" } - } - }, - "com.github.openshift.api.config.v1.TokenConfig": { - "description": "TokenConfig holds the necessary configuration options for authorization and access tokens", - "type": "object", - "properties": { - "accessTokenInactivityTimeout": { - "description": "accessTokenInactivityTimeout defines the token inactivity timeout for tokens granted by any client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Takes valid time duration string such as \"5m\", \"1.5h\" or \"2h45m\". The minimum allowed value for duration is 300s (5 minutes). If the timeout is configured per client, then that value takes precedence. If the timeout value is not specified and the client does not override the value, then tokens are valid until their lifetime.\n\nWARNING: existing tokens' timeout will not be affected (lowered) by changing this value", - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "accessTokenInactivityTimeoutSeconds": { - "description": "accessTokenInactivityTimeoutSeconds - DEPRECATED: setting this field has no effect.", - "type": "integer", - "format": "int32" - }, - "accessTokenMaxAgeSeconds": { - "description": "accessTokenMaxAgeSeconds defines the maximum age of access tokens", - "type": "integer", - "format": "int32" + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "arn": "ARN", + "filters": "Filters", + "id": "ID" + } } - } + ] }, - "com.github.openshift.api.config.v1.TokenIssuer": { + "com.github.openshift.api.machine.v1.AlibabaCloudMachineProviderConfig": { + "description": "AlibabaCloudMachineProviderConfig is the Schema for the alibabacloudmachineproviderconfig API Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "issuerURL", - "audiences" + "instanceType", + "vpcId", + "regionId", + "zoneId", + "imageId", + "vSwitch", + "resourceGroup" ], "properties": { - "audiences": { - "description": "audiences is a required field that configures the acceptable audiences the JWT token, issued by the identity provider, must be issued to. At least one of the entries must match the 'aud' claim in the JWT token.\n\naudiences must contain at least one entry and must not exceed ten entries.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "bandwidth": { + "description": "bandwidth describes the internet bandwidth strategy for the instance", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.BandwidthProperties" + }, + "credentialsSecret": { + "description": "credentialsSecret is a reference to the secret with alibabacloud credentials. Otherwise, defaults to permissions provided by attached RAM role where the actuator is running.", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "dataDisk": { + "description": "DataDisks holds information regarding the extra disks attached to the instance", "type": "array", "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.DataDiskProperties" + } }, - "discoveryURL": { - "description": "discoveryURL is an optional field that, if specified, overrides the default discovery endpoint used to retrieve OIDC configuration metadata. By default, the discovery URL is derived from `issuerURL` as \"{issuerURL}/.well-known/openid-configuration\".\n\nThe discoveryURL must be a valid absolute HTTPS URL. It must not contain query parameters, user information, or fragments. Additionally, it must differ from the value of `issuerURL` (ignoring trailing slashes). The discoveryURL value must be at least 1 character long and no longer than 2048 characters.", + "imageId": { + "description": "The ID of the image used to create the instance.", + "type": "string", + "default": "" + }, + "instanceType": { + "description": "The instance type of the instance.", + "type": "string", + "default": "" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "issuerCertificateAuthority": { - "description": "issuerCertificateAuthority is an optional field that configures the certificate authority, used by the Kubernetes API server, to validate the connection to the identity provider when fetching discovery information.\n\nWhen not specified, the system trust is used.\n\nWhen specified, it must reference a ConfigMap in the openshift-config namespace containing the PEM-encoded CA certificates under the 'ca-bundle.crt' key in the data field of the ConfigMap.", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "issuerURL": { - "description": "issuerURL is a required field that configures the URL used to issue tokens by the identity provider. The Kubernetes API server determines how authentication tokens should be handled by matching the 'iss' claim in the JWT to the issuerURL of configured identity providers.\n\nMust be at least 1 character and must not exceed 512 characters in length. Must be a valid URL that uses the 'https' scheme and does not contain a query, fragment or user.", + "ramRoleName": { + "description": "ramRoleName is the name of the instance Resource Access Management (RAM) role. This allows the instance to perform API calls as this specified RAM role.", + "type": "string" + }, + "regionId": { + "description": "The ID of the region in which to create the instance. You can call the DescribeRegions operation to query the most recent region list.", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.config.v1.TokenRequiredClaim": { - "type": "object", - "required": [ - "claim", - "requiredValue" - ], - "properties": { - "claim": { - "description": "claim is a required field that configures the name of the required claim. When taken from the JWT claims, claim must be a string value.\n\nclaim must not be an empty string (\"\").", + }, + "resourceGroup": { + "description": "resourceGroup references the resource group to which to assign the instance. A reference holds either the resource group ID, the resource name, or the required tags to search. When more than one resource group are returned for a search, an error will be produced and the Machine will not be created. Resource Groups do not support searching by tags.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.AlibabaResourceReference" + }, + "securityGroups": { + "description": "securityGroups is a list of security group references to assign to the instance. A reference holds either the security group ID, the resource name, or the required tags to search. When more than one security group is returned for a tag search, all the groups are associated with the instance up to the maximum number of security groups to which an instance can belong. For more information, see the \"Security group limits\" section in Limits. https://www.alibabacloud.com/help/en/doc-detail/25412.htm", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.AlibabaResourceReference" + } + }, + "systemDisk": { + "description": "systemDisk holds the properties regarding the system disk for the instance", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.SystemDiskProperties" + }, + "tag": { + "description": "Tags are the set of metadata to add to an instance.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.Tag" + } + }, + "tenancy": { + "description": "tenancy specifies whether to create the instance on a dedicated host. Valid values:\n\ndefault: creates the instance on a non-dedicated host. host: creates the instance on a dedicated host. If you do not specify the DedicatedHostID parameter, Alibaba Cloud automatically selects a dedicated host for the instance. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `default`.", + "type": "string" + }, + "userDataSecret": { + "description": "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "vSwitch": { + "description": "vSwitch is a reference to the vswitch to use for this instance. A reference holds either the vSwitch ID, the resource name, or the required tags to search. When more than one vSwitch is returned for a tag search, only the first vSwitch returned will be used. This parameter is required when you create an instance of the VPC type. You can call the DescribeVSwitches operation to query the created vSwitches.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.AlibabaResourceReference" + }, + "vpcId": { + "description": "The ID of the vpc", "type": "string", "default": "" }, - "requiredValue": { - "description": "requiredValue is a required field that configures the value that 'claim' must have when taken from the incoming JWT claims. If the value in the JWT claims does not match, the token will be rejected for authentication.\n\nrequiredValue must not be an empty string (\"\").", + "zoneId": { + "description": "The ID of the zone in which to create the instance. You can call the DescribeZones operation to query the most recent region list.", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.TokenUserValidationRule": { - "description": "TokenUserValidationRule provides a CEL-based rule used to validate a token subject. Each rule contains a CEL expression that is evaluated against the token’s claims.", + "com.github.openshift.api.machine.v1.AlibabaCloudMachineProviderConfigList": { + "description": "AlibabaCloudMachineProviderConfigList contains a list of AlibabaCloudMachineProviderConfig Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "expression", - "message" + "items" ], "properties": { - "expression": { - "description": "expression is a required CEL expression that performs a validation on cluster user identity attributes like username, groups, etc.\n\nThe expression must evaluate to a boolean value. When the expression evaluates to 'true', the cluster user identity is considered valid. When the expression evaluates to 'false', the cluster user identity is not considered valid. expression must be at least 1 character in length and must not exceed 1024 characters.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "message": { - "description": "message is a required human-readable message to be logged by the Kubernetes API server if the CEL expression defined in 'expression' fails. message must be at least 1 character in length and must not exceed 256 characters.", + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.AlibabaCloudMachineProviderConfig" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.config.v1.Update": { - "description": "Update represents an administrator update request.", + "com.github.openshift.api.machine.v1.AlibabaCloudMachineProviderStatus": { + "description": "AlibabaCloudMachineProviderStatus is the Schema for the alibabacloudmachineproviderconfig API Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "properties": { - "acceptRisks": { - "description": "acceptRisks is an optional set of names of conditional update risks that are considered acceptable. A conditional update is performed only if all of its risks are acceptable. This list may contain entries that apply to current, previous or future updates. The entries therefore may not map directly to a risk in .status.conditionalUpdateRisks. acceptRisks must not contain more than 1000 entries. Entries in this list must be unique.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "conditions": { + "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AcceptRisk" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" }, "x-kubernetes-list-map-keys": [ - "name" + "type" ], "x-kubernetes-list-type": "map" }, - "architecture": { - "description": "architecture is an optional field that indicates the desired value of the cluster architecture. In this context cluster architecture means either a single architecture or a multi architecture. architecture can only be set to Multi thereby only allowing updates from single to multi architecture. If architecture is set, image cannot be set and version must be set. Valid values are 'Multi' and empty.", - "type": "string", - "default": "" - }, - "force": { - "description": "force allows an administrator to update to an image that has failed verification or upgradeable checks that are designed to keep your cluster safe. Only use this if: * you are testing unsigned release images in short-lived test clusters or * you are working around a known bug in the cluster-version\n operator and you have verified the authenticity of the provided\n image yourself.\nThe provided image will run with full administrative access to the cluster. Do not use this flag with images that come from unknown or potentially malicious sources.", - "type": "boolean", - "default": false + "instanceId": { + "description": "instanceId is the instance ID of the machine created in alibabacloud", + "type": "string" }, - "image": { - "description": "image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. When image is set, architecture cannot be specified. If both version and image are set, the version extracted from the referenced image must match the specified version.", - "type": "string", - "default": "" + "instanceState": { + "description": "instanceState is the state of the alibabacloud instance for this machine", + "type": "string" }, - "mode": { - "description": "mode determines how an update should be processed. The only valid value is \"Preflight\". When omitted, the cluster performs a normal update by applying the specified version or image to the cluster. This is the standard update behavior. When set to \"Preflight\", the cluster runs compatibility checks against the target release without performing an actual update. Compatibility results, including any detected risks, are reported in status.conditionalUpdates and status.conditionalUpdateRisks alongside risks from the update recommendation service. This allows administrators to assess update readiness and address issues before committing to the update. Preflight mode is particularly useful for skip-level updates where upgrade compatibility needs to be verified across multiple minor versions. When mode is set to \"Preflight\", the same rules for version, image, and architecture apply as for normal updates.\n\nPossible enum values:\n - `\"Preflight\"` allows an update to be checked for compatibility without committing to updating the cluster.", - "type": "string", - "enum": [ - "Preflight" - ] + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "version": { - "description": "version is a semantic version identifying the update version. version is required if architecture is specified. If both version and image are set, the version extracted from the referenced image must match the specified version.", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } } }, - "com.github.openshift.api.config.v1.UpdateHistory": { - "description": "UpdateHistory is a single attempted update to the cluster.", + "com.github.openshift.api.machine.v1.AlibabaResourceReference": { + "description": "ResourceTagReference is a reference to a specific AlibabaCloud resource by ID, or tags. Only one of ID or Tags may be specified. Specifying more than one will result in a validation error.", "type": "object", "required": [ - "state", - "startedTime", - "completionTime", - "image", - "verified" + "type" ], "properties": { - "acceptedRisks": { - "description": "acceptedRisks records risks which were accepted to initiate the update. For example, it may mention an Upgradeable=False or missing signature that was overridden via desiredUpdate.force, or an update that was initiated despite not being in the availableUpdates set of recommended update targets.", + "id": { + "description": "id of resource", "type": "string" }, - "completionTime": { - "description": "completionTime, if set, is when the update was fully applied. The update that is currently being applied will have a null completion time. Completion time will always be set for entries that are not the current update (usually to the started time of the next update).", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "image": { - "description": "image is a container image location that contains the update. This value is always populated.", - "type": "string", - "default": "" + "name": { + "description": "name of the resource", + "type": "string" }, - "startedTime": { - "description": "startedTime is the time at which the update was started.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "tags": { + "description": "tags is a set of metadata based upon ECS object tags used to identify a resource. For details about usage when multiple resources are found, please see the owning parent field documentation.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.Tag" + } }, - "state": { - "description": "state reflects whether the update was fully applied. The Partial state indicates the update is not fully applied, while the Completed state indicates the update was successfully rolled out at least once (all parts of the update successfully applied).", + "type": { + "description": "type identifies the resource reference type for this entry.", "type": "string", "default": "" + } + } + }, + "com.github.openshift.api.machine.v1.AzureFailureDomain": { + "description": "AzureFailureDomain configures failure domain information for the Azure platform.", + "type": "object", + "required": [ + "zone" + ], + "properties": { + "subnet": { + "description": "subnet is the name of the network subnet in which the VM will be created. When omitted, the subnet value from the machine providerSpec template will be used.", + "type": "string" }, - "verified": { - "description": "verified indicates whether the provided update was properly verified before it was installed. If this is false the cluster may not be trusted. Verified does not cover upgradeable checks that depend on the cluster state at the time when the update target was accepted.", - "type": "boolean", - "default": false - }, - "version": { - "description": "version is a semantic version identifying the update version. If the requested image does not define a version, or if a failure occurs retrieving the image, this value may be empty.", + "zone": { + "description": "Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone.", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.UsernameClaimMapping": { + "com.github.openshift.api.machine.v1.BandwidthProperties": { + "description": "Bandwidth describes the bandwidth strategy for the network of the instance", "type": "object", "properties": { - "claim": { - "description": "claim is an optional field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. When the ExternalOIDCWithUpstreamParity feature gate is enabled, claim must not be set when expression is set.\n\nclaim must not be an empty string (\"\") and must not exceed 256 characters.", + "internetMaxBandwidthIn": { + "description": "internetMaxBandwidthIn is the maximum inbound public bandwidth. Unit: Mbit/s. Valid values: When the purchased outbound public bandwidth is less than or equal to 10 Mbit/s, the valid values of this parameter are 1 to 10. Currently the default is `10` when outbound bandwidth is less than or equal to 10 Mbit/s. When the purchased outbound public bandwidth is greater than 10, the valid values are 1 to the InternetMaxBandwidthOut value. Currently the default is the value used for `InternetMaxBandwidthOut` when outbound public bandwidth is greater than 10.", + "type": "integer", + "format": "int64" + }, + "internetMaxBandwidthOut": { + "description": "internetMaxBandwidthOut is the maximum outbound public bandwidth. Unit: Mbit/s. Valid values: 0 to 100. When a value greater than 0 is used then a public IP address is assigned to the instance. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `0`", + "type": "integer", + "format": "int64" + } + } + }, + "com.github.openshift.api.machine.v1.ControlPlaneMachineSet": { + "description": "ControlPlaneMachineSet ensures that a specified number of control plane machine replicas are running at any given time. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "expression": { - "description": "expression is an optional CEL expression used to derive the username from JWT claims.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length. expression must not be set when claim is set.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "prefix": { - "description": "prefix configures the prefix that should be prepended to the value of the JWT claim.\n\nprefix must be set when prefixPolicy is set to 'Prefix' and must be unset otherwise.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.UsernamePrefix" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "prefixPolicy": { - "description": "prefixPolicy is an optional field that configures how a prefix should be applied to the value of the JWT claim specified in the 'claim' field.\n\nAllowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string).\n\nWhen set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim. The prefix field must be set when prefixPolicy is 'Prefix'. Must not be set to 'Prefix' when expression is set. When set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim. When omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'.\n\nAs an example, consider the following scenario:\n\n `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`,\n the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\",\n and `claim` is set to:\n - \"username\": the mapped value will be \"https://myoidc.tld#userA\"\n - \"email\": the mapped value will be \"userA@myoidc.tld\"", - "type": "string", - "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "prefixPolicy", - "fields-to-discriminateBy": { - "claim": "Claim", - "expression": "Expression", - "prefix": "Prefix" - } + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.ControlPlaneMachineSetSpec" + }, + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.ControlPlaneMachineSetStatus" } - ] + } }, - "com.github.openshift.api.config.v1.UsernamePrefix": { - "description": "UsernamePrefix configures the string that should be used as a prefix for username claim mappings.", + "com.github.openshift.api.machine.v1.ControlPlaneMachineSetList": { + "description": "ControlPlaneMachineSetList contains a list of ControlPlaneMachineSet Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "prefixString" + "items" ], "properties": { - "prefixString": { - "description": "prefixString is a required field that configures the prefix that will be applied to cluster identity username attribute during the process of mapping JWT claims to cluster identity attributes.\n\nprefixString must not be an empty string (\"\").", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.ControlPlaneMachineSet" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.config.v1.VSphereFailureDomainHostGroup": { - "description": "VSphereFailureDomainHostGroup holds the vmGroup and the hostGroup names in vCenter corresponds to a vm-host group of type Virtual Machine and Host respectively. Is also contains the vmHostRule which is an affinity vm-host rule in vCenter.", + "com.github.openshift.api.machine.v1.ControlPlaneMachineSetSpec": { + "description": "ControlPlaneMachineSet represents the configuration of the ControlPlaneMachineSet.", "type": "object", "required": [ - "vmGroup", - "hostGroup", - "vmHostRule" + "replicas", + "selector", + "template" ], "properties": { - "hostGroup": { - "description": "hostGroup is the name of the vm-host group of type host within vCenter for this failure domain. hostGroup is limited to 80 characters. This field is required when the VSphereFailureDomain ZoneType is HostGroup", - "type": "string", - "default": "" + "machineNamePrefix": { + "description": "machineNamePrefix is the prefix used when creating machine names. Each machine name will consist of this prefix, followed by a randomly generated string of 5 characters, and the index of the machine. It must be a lowercase RFC 1123 subdomain, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.'). Each block, separated by periods, must start and end with an alphanumeric character. Hyphens are not allowed at the start or end of a block, and consecutive periods are not permitted. The prefix must be between 1 and 245 characters in length. For example, if machineNamePrefix is set to 'control-plane', and three machines are created, their names might be: control-plane-abcde-0, control-plane-fghij-1, control-plane-klmno-2", + "type": "string" }, - "vmGroup": { - "description": "vmGroup is the name of the vm-host group of type virtual machine within vCenter for this failure domain. vmGroup is limited to 80 characters. This field is required when the VSphereFailureDomain ZoneType is HostGroup", - "type": "string", - "default": "" + "replicas": { + "description": "replicas defines how many Control Plane Machines should be created by this ControlPlaneMachineSet. This field is immutable and cannot be changed after cluster installation. The ControlPlaneMachineSet only operates with 3 or 5 node control planes, 3 and 5 are the only valid values for this field.", + "type": "integer", + "format": "int32" }, - "vmHostRule": { - "description": "vmHostRule is the name of the affinity vm-host rule within vCenter for this failure domain. vmHostRule is limited to 80 characters. This field is required when the VSphereFailureDomain ZoneType is HostGroup", + "selector": { + "description": "Label selector for Machines. Existing Machines selected by this selector will be the ones affected by this ControlPlaneMachineSet. It must match the template's labels. This field is considered immutable after creation of the resource.", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "state": { + "description": "state defines whether the ControlPlaneMachineSet is Active or Inactive. When Inactive, the ControlPlaneMachineSet will not take any action on the state of the Machines within the cluster. When Active, the ControlPlaneMachineSet will reconcile the Machines and will update the Machines as necessary. Once Active, a ControlPlaneMachineSet cannot be made Inactive. To prevent further action please remove the ControlPlaneMachineSet.", "type": "string", - "default": "" + "default": "Inactive" + }, + "strategy": { + "description": "strategy defines how the ControlPlaneMachineSet will update Machines when it detects a change to the ProviderSpec.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.ControlPlaneMachineSetStrategy" + }, + "template": { + "description": "template describes the Control Plane Machines that will be created by this ControlPlaneMachineSet.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.ControlPlaneMachineSetTemplate" } } }, - "com.github.openshift.api.config.v1.VSphereFailureDomainRegionAffinity": { - "description": "VSphereFailureDomainRegionAffinity contains the region type which is the string representation of the VSphereFailureDomainRegionType with available options of Datacenter and ComputeCluster.", + "com.github.openshift.api.machine.v1.ControlPlaneMachineSetStatus": { + "description": "ControlPlaneMachineSetStatus represents the status of the ControlPlaneMachineSet CRD.", + "type": "object", + "properties": { + "conditions": { + "description": "conditions represents the observations of the ControlPlaneMachineSet's current state. Known .status.conditions.type are: Available, Degraded and Progressing.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "observedGeneration": { + "description": "observedGeneration is the most recent generation observed for this ControlPlaneMachineSet. It corresponds to the ControlPlaneMachineSets's generation, which is updated on mutation by the API Server.", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas is the number of Control Plane Machines created by the ControlPlaneMachineSet controller which are ready. Note that this value may be higher than the desired number of replicas while rolling updates are in-progress.", + "type": "integer", + "format": "int32" + }, + "replicas": { + "description": "replicas is the number of Control Plane Machines created by the ControlPlaneMachineSet controller. Note that during update operations this value may differ from the desired replica count.", + "type": "integer", + "format": "int32" + }, + "unavailableReplicas": { + "description": "unavailableReplicas is the number of Control Plane Machines that are still required before the ControlPlaneMachineSet reaches the desired available capacity. When this value is non-zero, the number of ReadyReplicas is less than the desired Replicas.", + "type": "integer", + "format": "int32" + }, + "updatedReplicas": { + "description": "updatedReplicas is the number of non-terminated Control Plane Machines created by the ControlPlaneMachineSet controller that have the desired provider spec and are ready. This value is set to 0 when a change is detected to the desired spec. When the update strategy is RollingUpdate, this will also coincide with starting the process of updating the Machines. When the update strategy is OnDelete, this value will remain at 0 until a user deletes an existing replica and its replacement has become ready.", + "type": "integer", + "format": "int32" + } + } + }, + "com.github.openshift.api.machine.v1.ControlPlaneMachineSetStrategy": { + "description": "ControlPlaneMachineSetStrategy defines the strategy for applying updates to the Control Plane Machines managed by the ControlPlaneMachineSet.", "type": "object", - "required": [ - "type" - ], "properties": { "type": { - "description": "type determines the vSphere object type for a region within this failure domain. Available types are Datacenter and ComputeCluster. When set to Datacenter, this means the vCenter Datacenter defined is the region. When set to ComputeCluster, this means the vCenter cluster defined is the region.\n\nPossible enum values:\n - `\"ComputeCluster\"` is a failure domain region for a vCenter compute cluster.\n - `\"Datacenter\"` is a failure domain region for a vCenter datacenter.", + "description": "type defines the type of update strategy that should be used when updating Machines owned by the ControlPlaneMachineSet. Valid values are \"RollingUpdate\" and \"OnDelete\". The current default value is \"RollingUpdate\".", "type": "string", - "default": "", - "enum": [ - "ComputeCluster", - "Datacenter" - ] - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": {} + "default": "RollingUpdate" } - ] + } }, - "com.github.openshift.api.config.v1.VSphereFailureDomainZoneAffinity": { - "description": "VSphereFailureDomainZoneAffinity contains the vCenter cluster vm-host group (virtual machine and host types) and the vm-host affinity rule that together creates an affinity configuration for vm-host based zonal. This configuration within vCenter creates the required association between a failure domain, virtual machines and ESXi hosts to create a vm-host based zone.", + "com.github.openshift.api.machine.v1.ControlPlaneMachineSetTemplate": { + "description": "ControlPlaneMachineSetTemplate is a template used by the ControlPlaneMachineSet to create the Machines that it will manage in the future.", "type": "object", "required": [ - "type" + "machineType" ], "properties": { - "hostGroup": { - "description": "hostGroup holds the vmGroup and the hostGroup names in vCenter corresponds to a vm-host group of type Virtual Machine and Host respectively. Is also contains the vmHostRule which is an affinity vm-host rule in vCenter.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.VSphereFailureDomainHostGroup" - }, - "type": { - "description": "type determines the vSphere object type for a zone within this failure domain. Available types are ComputeCluster and HostGroup. When set to ComputeCluster, this means the vCenter cluster defined is the zone. When set to HostGroup, hostGroup must be configured with hostGroup, vmGroup and vmHostRule and this means the zone is defined by the grouping of those fields.\n\nPossible enum values:\n - `\"ComputeCluster\"` is a failure domain zone for a vCenter compute cluster.\n - `\"HostGroup\"` is a failure domain zone for a vCenter vm-host group.", + "machineType": { + "description": "machineType determines the type of Machines that should be managed by the ControlPlaneMachineSet. Currently, the only valid value is machines_v1beta1_machine_openshift_io.", "type": "string", - "default": "", - "enum": [ - "ComputeCluster", - "HostGroup" - ] + "default": "" + }, + "machines_v1beta1_machine_openshift_io": { + "description": "OpenShiftMachineV1Beta1Machine defines the template for creating Machines from the v1beta1.machine.openshift.io API group.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1.OpenShiftMachineV1Beta1MachineTemplate" } }, "x-kubernetes-unions": [ { - "discriminator": "type", + "discriminator": "machineType", "fields-to-discriminateBy": { - "hostGroup": "HostGroup" + "machines_v1beta1_machine_openshift_io": "OpenShiftMachineV1Beta1Machine" } } ] }, - "com.github.openshift.api.config.v1.VSpherePlatformFailureDomainSpec": { - "description": "VSpherePlatformFailureDomainSpec holds the region and zone failure domain and the vCenter topology of that failure domain.", + "com.github.openshift.api.machine.v1.ControlPlaneMachineSetTemplateObjectMeta": { + "description": "ControlPlaneMachineSetTemplateObjectMeta is a subset of the metav1.ObjectMeta struct. It allows users to specify labels and annotations that will be copied onto Machines created from this template.", "type": "object", "required": [ - "name", - "region", - "zone", - "server", - "topology" + "labels" ], "properties": { - "name": { - "description": "name defines the arbitrary but unique name of a failure domain.", + "annotations": { + "description": "annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "labels": { + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels. This field must contain both the 'machine.openshift.io/cluster-api-machine-role' and 'machine.openshift.io/cluster-api-machine-type' labels, both with a value of 'master'. It must also contain a label with the key 'machine.openshift.io/cluster-api-cluster'.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + } + } + }, + "com.github.openshift.api.machine.v1.DataDiskProperties": { + "description": "DataDisk contains the information regarding the datadisk attached to an instance", + "type": "object", + "properties": { + "Category": { + "description": "Category describes the type of data disk N. Valid values: cloud_efficiency: ultra disk cloud_ssd: standard SSD cloud_essd: ESSD cloud: basic disk Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently for non-I/O optimized instances of retired instance types, the default is `cloud`. Currently for other instances, the default is `cloud_efficiency`.", "type": "string", "default": "" }, - "region": { - "description": "region defines the name of a region tag that will be attached to a vCenter datacenter. The tag category in vCenter must be named openshift-region.", + "DiskEncryption": { + "description": "DiskEncryption specifies whether to encrypt data disk N.\n\nEmpty value means the platform chooses a default, which is subject to change over time. Currently the default is `disabled`.", "type": "string", "default": "" }, - "regionAffinity": { - "description": "regionAffinity holds the type of region, Datacenter or ComputeCluster. When set to Datacenter, this means the region is a vCenter Datacenter as defined in topology. When set to ComputeCluster, this means the region is a vCenter Cluster as defined in topology.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.VSphereFailureDomainRegionAffinity" + "DiskPreservation": { + "description": "DiskPreservation specifies whether to release data disk N along with the instance. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `DeleteWithInstance`", + "type": "string", + "default": "" }, - "server": { - "description": "server is the fully-qualified domain name or the IP address of the vCenter server.", + "KMSKeyID": { + "description": "KMSKeyID is the ID of the Key Management Service (KMS) key to be used by data disk N. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `\"\"` which is interpreted as do not use KMSKey encryption.", "type": "string", "default": "" }, - "topology": { - "description": "topology describes a given failure domain using vSphere constructs", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformTopology" + "Name": { + "description": "Name is the name of data disk N. If the name is specified the name must be 2 to 128 characters in length. It must start with a letter and cannot start with http:// or https://. It can contain letters, digits, colons (:), underscores (_), and hyphens (-).\n\nEmpty value means the platform chooses a default, which is subject to change over time. Currently the default is `\"\"`.", + "type": "string", + "default": "" }, - "zone": { - "description": "zone defines the name of a zone tag that will be attached to a vCenter cluster. The tag category in vCenter must be named openshift-zone.", + "PerformanceLevel": { + "description": "PerformanceLevel is the performance level of the ESSD used as as data disk N. The N value must be the same as that in DataDisk.N.Category when DataDisk.N.Category is set to cloud_essd. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is `PL1`. Valid values:\n\nPL0: A single ESSD can deliver up to 10,000 random read/write IOPS. PL1: A single ESSD can deliver up to 50,000 random read/write IOPS. PL2: A single ESSD can deliver up to 100,000 random read/write IOPS. PL3: A single ESSD can deliver up to 1,000,000 random read/write IOPS. For more information about ESSD performance levels, see ESSDs.", "type": "string", "default": "" }, - "zoneAffinity": { - "description": "zoneAffinity holds the type of the zone and the hostGroup which vmGroup and the hostGroup names in vCenter corresponds to a vm-host group of type Virtual Machine and Host respectively. Is also contains the vmHostRule which is an affinity vm-host rule in vCenter.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.VSphereFailureDomainZoneAffinity" + "Size": { + "description": "Size of the data disk N. Valid values of N: 1 to 16. Unit: GiB. Valid values:\n\nValid values when DataDisk.N.Category is set to cloud_efficiency: 20 to 32768 Valid values when DataDisk.N.Category is set to cloud_ssd: 20 to 32768 Valid values when DataDisk.N.Category is set to cloud_essd: 20 to 32768 Valid values when DataDisk.N.Category is set to cloud: 5 to 2000 The value of this parameter must be greater than or equal to the size of the snapshot specified by the SnapshotID parameter.", + "type": "integer", + "format": "int64", + "default": 0 + }, + "SnapshotID": { + "description": "SnapshotID is the ID of the snapshot used to create data disk N. Valid values of N: 1 to 16.\n\nWhen the DataDisk.N.SnapshotID parameter is specified, the DataDisk.N.Size parameter is ignored. The data disk is created based on the size of the specified snapshot. Use snapshots created after July 15, 2013. Otherwise, an error is returned and your request is rejected.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.VSpherePlatformLoadBalancer": { - "description": "VSpherePlatformLoadBalancer defines the load balancer used by the cluster on VSphere platform.", + "com.github.openshift.api.machine.v1.FailureDomains": { + "description": "FailureDomain represents the different configurations required to spread Machines across failure domains on different platforms.", "type": "object", + "required": [ + "platform" + ], "properties": { - "type": { - "description": "type defines the type of load balancer used by the cluster on VSphere platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", - "type": "string", - "default": "OpenShiftManagedDefault" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": {} - } - ] - }, - "com.github.openshift.api.config.v1.VSpherePlatformNodeNetworking": { - "description": "VSpherePlatformNodeNetworking holds the external and internal node networking spec.", - "type": "object", - "properties": { - "external": { - "description": "external represents the network configuration of the node that is externally routable.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformNodeNetworkingSpec" - }, - "internal": { - "description": "internal represents the network configuration of the node that is routable only within the cluster.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformNodeNetworkingSpec" - } - } - }, - "com.github.openshift.api.config.v1.VSpherePlatformNodeNetworkingSpec": { - "description": "VSpherePlatformNodeNetworkingSpec holds the network CIDR(s) and port group name for including and excluding IP ranges in the cloud provider. This would be used for example when multiple network adapters are attached to a guest to help determine which IP address the cloud config manager should use for the external and internal node networking.", - "type": "object", - "properties": { - "excludeNetworkSubnetCidr": { - "description": "excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting the IP address from the VirtualMachine's VM for use in the status.addresses fields.", + "aws": { + "description": "aws configures failure domain information for the AWS platform.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.AWSFailureDomain" }, "x-kubernetes-list-type": "atomic" }, - "network": { - "description": "network VirtualMachine's VM Network names that will be used to when searching for status.addresses fields. Note that if internal.networkSubnetCIDR and external.networkSubnetCIDR are not set, then the vNIC associated to this network must only have a single IP address assigned to it. The available networks (port groups) can be listed using `govc ls 'network/*'`", - "type": "string" - }, - "networkSubnetCidr": { - "description": "networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs that will be used in respective status.addresses fields.", + "azure": { + "description": "azure configures failure domain information for the Azure platform.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.AzureFailureDomain" }, - "x-kubernetes-list-type": "set" - } - } - }, - "com.github.openshift.api.config.v1.VSpherePlatformSpec": { - "description": "VSpherePlatformSpec holds the desired state of the vSphere infrastructure provider. In the future the cloud provider operator, storage operator and machine operator will use these fields for configuration.", - "type": "object", - "properties": { - "apiServerInternalIPs": { - "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", + "x-kubernetes-list-type": "atomic" + }, + "gcp": { + "description": "gcp configures failure domain information for the GCP platform.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.GCPFailureDomain" }, "x-kubernetes-list-type": "atomic" }, - "failureDomains": { - "description": "failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used.", + "nutanix": { + "description": "nutanix configures failure domain information for the Nutanix platform.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformFailureDomainSpec" + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixFailureDomainReference" }, "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, - "ingressIPs": { - "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "machineNetworks": { - "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example \"10.0.0.0/8\" or \"fd00::/8\".", + "openstack": { + "description": "openstack configures failure domain information for the OpenStack platform.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.OpenStackFailureDomain" }, "x-kubernetes-list-type": "atomic" }, - "nodeNetworking": { - "description": "nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformNodeNetworking" + "platform": { + "description": "platform identifies the platform for which the FailureDomain represents. Currently supported values are AWS, Azure, GCP, OpenStack, VSphere and Nutanix.", + "type": "string", + "default": "" }, - "vcenters": { - "description": "vcenters holds the connection details for services to communicate with vCenter. Currently, only a single vCenter is supported, but in tech preview 3 vCenters are supported. Once the cluster has been installed, you are unable to change the current number of defined vCenters except in the case where the cluster has been upgraded from a version of OpenShift where the vsphere platform spec was not present. You may make modifications to the existing vCenters that are defined in the vcenters list in order to match with any added or modified failure domains.", + "vsphere": { + "description": "vsphere configures failure domain information for the VSphere platform.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformVCenterSpec" + "$ref": "#/definitions/com.github.openshift.api.machine.v1.VSphereFailureDomain" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "platform", + "fields-to-discriminateBy": { + "aws": "AWS", + "azure": "Azure", + "gcp": "GCP", + "nutanix": "Nutanix", + "openstack": "OpenStack", + "vsphere": "VSphere" + } + } + ] }, - "com.github.openshift.api.config.v1.VSpherePlatformStatus": { - "description": "VSpherePlatformStatus holds the current status of the vSphere infrastructure provider.", + "com.github.openshift.api.machine.v1.GCPFailureDomain": { + "description": "GCPFailureDomain configures failure domain information for the GCP platform", "type": "object", "required": [ - "apiServerInternalIPs", - "ingressIPs" + "zone" ], "properties": { - "apiServerInternalIP": { - "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", - "type": "string" - }, - "apiServerInternalIPs": { - "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "dnsRecordsType": { - "description": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.\n\nPossible enum values:\n - `\"External\"`\n - `\"Internal\"`", + "zone": { + "description": "zone is the zone in which the GCP machine provider will create the VM.", "type": "string", - "enum": [ - "External", - "Internal" - ] - }, - "ingressIP": { - "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", - "type": "string" - }, - "ingressIPs": { - "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "loadBalancer": { - "description": "loadBalancer defines how the load balancer used by the cluster is configured.", - "default": { - "type": "OpenShiftManagedDefault" - }, - "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformLoadBalancer" - }, - "machineNetworks": { - "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "nodeDNSIP": { - "description": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", - "type": "string" + "default": "" } } }, - "com.github.openshift.api.config.v1.VSpherePlatformTopology": { - "description": "VSpherePlatformTopology holds the required and optional vCenter objects - datacenter, computeCluster, networks, datastore and resourcePool - to provision virtual machines.", + "com.github.openshift.api.machine.v1.LoadBalancerReference": { + "description": "LoadBalancerReference is a reference to a load balancer on IBM Cloud virtual private cloud(VPC).", "type": "object", "required": [ - "datacenter", - "computeCluster", - "networks", - "datastore" + "name", + "type" ], "properties": { - "computeCluster": { - "description": "computeCluster the absolute path of the vCenter cluster in which virtual machine will be located. The absolute path is of the form //host/. The maximum length of the path is 2048 characters.", - "type": "string", - "default": "" - }, - "datacenter": { - "description": "datacenter is the name of vCenter datacenter in which virtual machines will be located. The maximum length of the datacenter name is 80 characters.", + "name": { + "description": "name of the LoadBalancer in IBM Cloud VPC. The name should be between 1 and 63 characters long and may consist of lowercase alphanumeric characters and hyphens only. The value must not end with a hyphen. It is a reference to existing LoadBalancer created by openshift installer component.", "type": "string", "default": "" }, - "datastore": { - "description": "datastore is the absolute path of the datastore in which the virtual machine is located. The absolute path is of the form //datastore/ The maximum length of the path is 2048 characters.", + "type": { + "description": "type of the LoadBalancer service supported by IBM Cloud VPC. Currently, only Application LoadBalancer is supported. More details about Application LoadBalancer https://cloud.ibm.com/docs/vpc?topic=vpc-load-balancers-about&interface=ui Supported values are Application.", "type": "string", "default": "" - }, - "folder": { - "description": "folder is the absolute path of the folder where virtual machines are located. The absolute path is of the form //vm/. The maximum length of the path is 2048 characters.", - "type": "string" - }, - "networks": { - "description": "networks is the list of port group network names within this failure domain. If feature gate VSphereMultiNetworks is enabled, up to 10 network adapters may be defined. 10 is the maximum number of virtual network devices which may be attached to a VM as defined by: https://configmax.esp.vmware.com/guest?vmwareproduct=vSphere&release=vSphere%208.0&categories=1-0 The available networks (port groups) can be listed using `govc ls 'network/*'` Networks should be in the form of an absolute path: //network/.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "resourcePool": { - "description": "resourcePool is the absolute path of the resource pool where virtual machines will be created. The absolute path is of the form //host//Resources/. The maximum length of the path is 2048 characters.", - "type": "string" - }, - "template": { - "description": "template is the full inventory path of the virtual machine or template that will be cloned when creating new machines in this failure domain. The maximum length of the path is 2048 characters.\n\nWhen omitted, the template will be calculated by the control plane machineset operator based on the region and zone defined in VSpherePlatformFailureDomainSpec. For example, for zone=zonea, region=region1, and infrastructure name=test, the template path would be calculated as //vm/test-rhcos-region1-zonea.", - "type": "string" } } }, - "com.github.openshift.api.config.v1.VSpherePlatformVCenterSpec": { - "description": "VSpherePlatformVCenterSpec stores the vCenter connection fields. This is used by the vSphere CCM.", + "com.github.openshift.api.machine.v1.NutanixCategory": { + "description": "NutanixCategory identifies a pair of prism category key and value", "type": "object", "required": [ - "server", - "datacenters" + "key", + "value" ], "properties": { - "datacenters": { - "description": "The vCenter Datacenters in which the RHCOS vm guests are located. This field will be used by the Cloud Controller Manager. Each datacenter listed here should be used within a topology.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" - }, - "port": { - "description": "port is the TCP port that will be used to communicate to the vCenter endpoint. When omitted, this means the user has no opinion and it is up to the platform to choose a sensible default, which is subject to change over time.", - "type": "integer", - "format": "int32" + "key": { + "description": "key is the prism category key name", + "type": "string", + "default": "" }, - "server": { - "description": "server is the fully-qualified domain name or the IP address of the vCenter server.", + "value": { + "description": "value is the prism category value associated with the key", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.WebhookTokenAuthenticator": { - "description": "webhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator", + "com.github.openshift.api.machine.v1.NutanixFailureDomainReference": { + "description": "NutanixFailureDomainReference refers to the failure domain of the Nutanix platform.", "type": "object", "required": [ - "kubeConfig" + "name" ], "properties": { - "kubeConfig": { - "description": "kubeConfig references a secret that contains kube config file data which describes how to access the remote webhook service. The namespace for the referenced secret is openshift-config.\n\nFor further details, see:\n\nhttps://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication\n\nThe key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "name": { + "description": "name of the failure domain in which the nutanix machine provider will create the VM. Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1alpha1.AdditionalAlertmanagerConfig": { - "description": "AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. The `AdditionalAlertmanagerConfig` resource defines settings for how a component communicates with additional Alertmanager instances.", + "com.github.openshift.api.machine.v1.NutanixGPU": { + "description": "NutanixGPU holds the identity of a Nutanix GPU resource in the Prism Central", "type": "object", "required": [ - "name", - "staticConfigs" + "type" ], "properties": { - "authorization": { - "description": "authorization configures the authentication method for Alertmanager connections. Supports bearer token authentication. When omitted, no authentication is used.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.AuthorizationConfig" + "deviceID": { + "description": "deviceID is the GPU device ID with the integer value.", + "type": "integer", + "format": "int32" }, "name": { - "description": "name is a unique identifier for this Alertmanager configuration entry. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. Minimum length is 1 character (empty string is invalid). Maximum length is 253 characters.", - "type": "string" - }, - "pathPrefix": { - "description": "pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. For example, if your Alertmanager is behind a reverse proxy at \"/alertmanager/\", set this to \"/alertmanager\" so requests go to \"/alertmanager/api/v1/alerts\" instead of \"/api/v1/alerts\". This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. When no prefix is needed, omit this field; do not set it to \"/\" as that would produce paths with double slashes (e.g. \"//api/v1/alerts\"). Must start with \"/\", must not end with \"/\", and must not be exactly \"/\". Must not contain query strings (\"?\") or fragments (\"#\").", - "type": "string" - }, - "scheme": { - "description": "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `HTTP`.", + "description": "name is the GPU device name", "type": "string" }, - "staticConfigs": { - "description": "staticConfigs is a list of statically configured Alertmanager endpoints in the form of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address (in brackets) followed by a colon and a valid port number (1-65535). Examples: \"alertmanager.example.com:9093\", \"192.168.1.100:9093\", \"[::1]:9093\" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). Each entry must be unique and non-empty (empty string is invalid).", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" - }, - "timeoutSeconds": { - "description": "timeoutSeconds defines the timeout in seconds for requests to Alertmanager. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Currently the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", - "type": "integer", - "format": "int32" - }, - "tlsConfig": { - "description": "tlsConfig defines the TLS settings to use for Alertmanager connections. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.TLSConfig" + "type": { + "description": "type is the identifier type of the GPU device. Valid values are Name and DeviceID.", + "type": "string", + "default": "" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "deviceID": "DeviceID", + "name": "Name" + } + } + ] }, - "com.github.openshift.api.config.v1alpha1.AlertmanagerConfig": { - "description": "alertmanagerConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", + "com.github.openshift.api.machine.v1.NutanixMachineProviderConfig": { + "description": "NutanixMachineProviderConfig is the Schema for the nutanixmachineproviderconfigs API Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "deploymentMode" + "cluster", + "image", + "subnets", + "vcpusPerSocket", + "vcpuSockets", + "memorySize", + "systemDiskSize", + "credentialsSecret" ], "properties": { - "customConfig": { - "description": "customConfig must be set when deploymentMode is CustomConfig, and must be unset otherwise. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.AlertmanagerCustomConfig" - }, - "deploymentMode": { - "description": "deploymentMode determines whether the default Alertmanager instance should be deployed as part of the monitoring stack. Allowed values are Disabled, DefaultConfig, and CustomConfig. When set to Disabled, the Alertmanager instance will not be deployed. When set to DefaultConfig, the platform will deploy Alertmanager with default settings. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", - "type": "string" - } - } - }, - "com.github.openshift.api.config.v1alpha1.AlertmanagerCustomConfig": { - "description": "AlertmanagerCustomConfig represents the configuration for a custom Alertmanager deployment. alertmanagerCustomConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", - "type": "object", - "properties": { - "logLevel": { - "description": "logLevel defines the verbosity of logs emitted by Alertmanager. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "nodeSelector": { - "description": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "bootType": { + "description": "bootType indicates the boot type (Legacy, UEFI or SecureBoot) the Machine's VM uses to boot. If this field is empty or omitted, the VM will use the default boot type \"Legacy\" to boot. \"SecureBoot\" depends on \"UEFI\" boot, i.e., enabling \"SecureBoot\" means that \"UEFI\" boot is also enabled.", + "type": "string", + "default": "" }, - "resources": { - "description": "resources defines the compute resource requests and limits for the Alertmanager container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", + "categories": { + "description": "categories optionally adds one or more prism categories (each with key and value) for the Machine's VM to associate with. All the category key and value pairs specified must already exist in the prism central.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixCategory" }, "x-kubernetes-list-map-keys": [ - "name" + "key" ], "x-kubernetes-list-type": "map" }, - "secrets": { - "description": "secrets defines a list of secrets that need to be mounted into the Alertmanager. The secrets must reside within the same namespace as the Alertmanager object. They will be added as volumes named secret- and mounted at /etc/alertmanager/secrets/ within the 'alertmanager' container of the Alertmanager Pods.\n\nThese secrets can be used to authenticate Alertmanager with endpoint receivers. For example, you can use secrets to: - Provide certificates for TLS authentication with receivers that require private CA certificates - Store credentials for Basic HTTP authentication with receivers that require password-based auth - Store any other authentication credentials needed by your alert receivers\n\nThis field is optional. Maximum length for this list is 10. Minimum length for this list is 1. Entries in this list must be unique.", + "cluster": { + "description": "cluster is to identify the cluster (the Prism Element under management of the Prism Central), in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixResourceIdentifier" + }, + "credentialsSecret": { + "description": "credentialsSecret is a local reference to a secret that contains the credentials data to access Nutanix PC client", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "dataDisks": { + "description": "dataDisks holds information of the data disks to attach to the Machine's VM", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixVMDisk" }, "x-kubernetes-list-type": "set" }, - "tolerations": { - "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "failureDomain": { + "description": "failureDomain refers to the name of the FailureDomain with which this Machine is associated. If this is configured, the Nutanix machine controller will use the prism_central endpoint and credentials defined in the referenced FailureDomain to communicate to the prism_central. It will also verify that the 'cluster' and subnets' configuration in the NutanixMachineProviderConfig is consistent with that in the referenced failureDomain.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixFailureDomainReference" + }, + "gpus": { + "description": "gpus is a list of GPU devices to attach to the machine's VM. The GPU devices should already exist in Prism Central and associated with one of the Prism Element's hosts and available for the VM to attach (in \"UNUSED\" status).", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixGPU" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-type": "set" }, - "topologySpreadConstraints": { - "description": "topologySpreadConstraints defines rules for how Alertmanager Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "image": { + "description": "image is to identify the rhcos image uploaded to the Prism Central (PC) The image identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixResourceIdentifier" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "memorySize": { + "description": "memorySize is the memory size (in Quantity format) of the VM The minimum memorySize is 2Gi bytes", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "project": { + "description": "project optionally identifies a Prism project for the Machine's VM to associate with.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixResourceIdentifier" + }, + "subnets": { + "description": "subnets holds a list of identifiers (one or more) of the cluster's network subnets for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixResourceIdentifier" + } + }, + "systemDiskSize": { + "description": "systemDiskSize is size (in Quantity format) of the system disk of the VM The minimum systemDiskSize is 20Gi bytes", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + }, + "userDataSecret": { + "description": "userDataSecret is a local reference to a secret that contains the UserData to apply to the VM", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "vcpuSockets": { + "description": "vcpuSockets is the number of vCPU sockets of the VM", + "type": "integer", + "format": "int32", + "default": 0 + }, + "vcpusPerSocket": { + "description": "vcpusPerSocket is the number of vCPUs per socket of the VM", + "type": "integer", + "format": "int32", + "default": 0 + } + } + }, + "com.github.openshift.api.machine.v1.NutanixMachineProviderStatus": { + "description": "NutanixMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains nutanix-specific status information. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "conditions": { + "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/TopologySpreadConstraint.v1.core.api.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" }, "x-kubernetes-list-map-keys": [ - "topologyKey", - "whenUnsatisfiable" + "type" ], "x-kubernetes-list-type": "map" }, - "volumeClaimTemplate": { - "description": "volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts.", - "$ref": "#/definitions/PersistentVolumeClaim.v1.core.api.k8s.io" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "vmUUID": { + "description": "vmUUID is the Machine associated VM's UUID The field is missing before the VM is created. Once the VM is created, the field is filled with the VM's UUID and it will not change. The vmUUID is used to find the VM when updating the Machine status, and to delete the VM when the Machine is deleted.", + "type": "string" } } }, - "com.github.openshift.api.config.v1alpha1.Audit": { - "description": "Audit profile configurations", + "com.github.openshift.api.machine.v1.NutanixResourceIdentifier": { + "description": "NutanixResourceIdentifier holds the identity of a Nutanix PC resource (cluster, image, subnet, etc.)", "type": "object", "required": [ - "profile" + "type" ], "properties": { - "profile": { - "description": "profile is a required field for configuring the audit log level of the Kubernetes Metrics Server. Allowed values are None, Metadata, Request, or RequestResponse. When set to None, audit logging is disabled and no audit events are recorded. When set to Metadata, only request metadata (such as requesting user, timestamp, resource, verb, etc.) is logged, but not the request or response body. When set to Request, event metadata and the request body are logged, but not the response body. When set to RequestResponse, event metadata, request body, and response body are all logged, providing the most detailed audit information.\n\nSee: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#audit-policy for more information about auditing and log levels.", + "name": { + "description": "name is the resource name in the PC", + "type": "string" + }, + "type": { + "description": "type is the identifier type to use for this resource.", + "type": "string", + "default": "" + }, + "uuid": { + "description": "uuid is the UUID of the resource in the PC.", "type": "string" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "name": "Name", + "uuid": "UUID" + } + } + ] }, - "com.github.openshift.api.config.v1alpha1.AuthorizationConfig": { - "description": "AuthorizationConfig defines the authentication method for Alertmanager connections.", + "com.github.openshift.api.machine.v1.NutanixStorageResourceIdentifier": { + "description": "NutanixStorageResourceIdentifier holds the identity of a Nutanix storage resource (storage_container, etc.)", "type": "object", "required": [ "type" ], "properties": { - "bearerToken": { - "description": "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", and forbidden otherwise. The secret must exist in the openshift-monitoring namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" - }, "type": { - "description": "type specifies the authentication type to use. Valid value is \"BearerToken\" (bearer token authentication). When set to BearerToken, the bearerToken field must be specified.", + "description": "type is the identifier type to use for this resource. The valid value is \"uuid\".", + "type": "string", + "default": "" + }, + "uuid": { + "description": "uuid is the UUID of the storage resource in the PC.", "type": "string" } }, @@ -23874,846 +22490,629 @@ { "discriminator": "type", "fields-to-discriminateBy": { - "bearerToken": "BearerToken" + "uuid": "UUID" } } ] }, - "com.github.openshift.api.config.v1alpha1.Backup": { - "description": "Backup provides configuration for performing backups of the openshift cluster.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machine.v1.NutanixVMDisk": { + "description": "NutanixDataDisk specifies the VM data disk configuration parameters.", "type": "object", "required": [ - "spec" + "diskSize" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "dataSource": { + "description": "dataSource refers to a data source image for the VM disk.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixResourceIdentifier" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "deviceProperties": { + "description": "deviceProperties are the properties of the disk device.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixVMDiskDeviceProperties" }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.BackupSpec" + "diskSize": { + "description": "diskSize is size (in Quantity format) of the disk attached to the VM. See https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Format for the Quantity format and example documentation. The minimum diskSize is 1GB.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.BackupStatus" + "storageConfig": { + "description": "storageConfig are the storage configuration parameters of the VM disks.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixVMStorageConfig" } } }, - "com.github.openshift.api.config.v1alpha1.BackupList": { - "description": "BackupList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machine.v1.NutanixVMDiskDeviceProperties": { + "description": "NutanixVMDiskDeviceProperties specifies the disk device properties.", "type": "object", "required": [ - "metadata", - "items" + "deviceType", + "adapterType", + "deviceIndex" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Backup" - } + "adapterType": { + "description": "adapterType is the adapter type of the disk address. If the deviceType is \"Disk\", the valid adapterType can be \"SCSI\", \"IDE\", \"PCI\", \"SATA\" or \"SPAPR\". If the deviceType is \"CDRom\", the valid adapterType can be \"IDE\" or \"SATA\".", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "deviceIndex": { + "description": "deviceIndex is the index of the disk address. The valid values are non-negative integers, with the default value 0. For a Machine VM, the deviceIndex for the disks with the same deviceType.adapterType combination should start from 0 and increase consecutively afterwards. Note that for each Machine VM, the Disk.SCSI.0 and CDRom.IDE.0 are reserved to be used by the VM's system. So for dataDisks of Disk.SCSI and CDRom.IDE, the deviceIndex should start from 1.", + "type": "integer", + "format": "int32" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "deviceType": { + "description": "deviceType specifies the disk device type. The valid values are \"Disk\" and \"CDRom\", and the default is \"Disk\".", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1alpha1.BackupSpec": { + "com.github.openshift.api.machine.v1.NutanixVMStorageConfig": { + "description": "NutanixVMStorageConfig specifies the storage configuration parameters for VM disks.", "type": "object", "required": [ - "etcd" + "diskMode" ], "properties": { - "etcd": { - "description": "etcd specifies the configuration for periodic backups of the etcd cluster", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.EtcdBackupSpec" + "diskMode": { + "description": "diskMode specifies the disk mode. The valid values are Standard and Flash, and the default is Standard.", + "type": "string", + "default": "" + }, + "storageContainer": { + "description": "storageContainer refers to the storage_container used by the VM disk.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixStorageResourceIdentifier" } } }, - "com.github.openshift.api.config.v1alpha1.BackupStatus": { - "type": "object" - }, - "com.github.openshift.api.config.v1alpha1.BasicAuth": { - "description": "BasicAuth defines basic authentication settings for the remote write endpoint URL.", + "com.github.openshift.api.machine.v1.OpenShiftMachineV1Beta1MachineTemplate": { + "description": "OpenShiftMachineV1Beta1MachineTemplate is a template for the ControlPlaneMachineSet to create Machines from the v1beta1.machine.openshift.io API group.", "type": "object", "required": [ - "username", - "password" + "metadata", + "spec" ], "properties": { - "password": { - "description": "password defines the secret reference containing the password for basic authentication. The secret must exist in the openshift-monitoring namespace.", + "failureDomains": { + "description": "failureDomains is the list of failure domains (sometimes called availability zones) in which the ControlPlaneMachineSet should balance the Control Plane Machines. This will be merged into the ProviderSpec given in the template. This field is optional on platforms that do not require placement information.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1.FailureDomains" + }, + "metadata": { + "description": "ObjectMeta is the standard object metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata Labels are required to match the ControlPlaneMachineSet selector.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + "$ref": "#/definitions/com.github.openshift.api.machine.v1.ControlPlaneMachineSetTemplateObjectMeta" }, - "username": { - "description": "username defines the secret reference containing the username for basic authentication. The secret must exist in the openshift-monitoring namespace.", + "spec": { + "description": "spec contains the desired configuration of the Control Plane Machines. The ProviderSpec within contains platform specific details for creating the Control Plane Machines. The ProviderSe should be complete apart from the platform specific failure domain field. This will be overridden when the Machines are created based on the FailureDomains field.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineSpec" } } }, - "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfig": { - "description": "CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is \"cluster\". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machine.v1.OpenStackFailureDomain": { + "description": "OpenStackFailureDomain configures failure domain information for the OpenStack platform.", "type": "object", - "required": [ - "spec" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "availabilityZone": { + "description": "availabilityZone is the nova availability zone in which the OpenStack machine provider will create the VM. If not specified, the VM will be created in the default availability zone specified in the nova configuration. Availability zone names must NOT contain : since it is used by admin users to specify hosts where instances are launched in server creation. Also, it must not contain spaces otherwise it will lead to node that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information. The maximum length of availability zone name is 63 as per labels limits.", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "spec defines the desired configuration of the CRI-O Credential Provider. This field is required and must be provided when creating the resource.", - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigSpec" - }, - "status": { - "description": "status represents the current state of the CRIOCredentialProviderConfig. When omitted or nil, it indicates that the status has not yet been set by the controller. The controller will populate this field with validation conditions and operational state.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigStatus" + "rootVolume": { + "description": "rootVolume contains settings that will be used by the OpenStack machine provider to create the root volume attached to the VM. If not specified, no root volume will be created.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1.RootVolume" } } }, - "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigList": { - "description": "CRIOCredentialProviderConfigList contains a list of CRIOCredentialProviderConfig resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machine.v1.PowerVSMachineProviderConfig": { + "description": "PowerVSMachineProviderConfig is the type that will be embedded in a Machine.Spec.ProviderSpec field for a PowerVS virtual machine. It is used by the PowerVS machine actuator to create a single Machine.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "metadata", - "items" + "serviceInstance", + "image", + "network", + "keyPairName" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfig" - } + "credentialsSecret": { + "description": "credentialsSecret is a reference to the secret with IBM Cloud credentials.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1.PowerVSSecretReference" + }, + "image": { + "description": "image is to identify the rhcos image uploaded to IBM COS bucket which is used to create the instance. supported image identifier in PowerVSResource are Name and ID and that can be obtained from IBM Cloud UI or IBM Cloud cli.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.PowerVSResource" + }, + "keyPairName": { + "description": "keyPairName is the name of the KeyPair to use for SSH. The key pair will be exposed to the instance via the instance metadata service. On boot, the OS will copy the public keypair into the authorized keys for the core user.", + "type": "string", + "default": "" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigSpec": { - "description": "CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider.", - "type": "object", - "properties": { - "matchImages": { - "description": "matchImages is a list of string patterns used to determine whether the CRI-O credential provider should be invoked for a given image. This list is passed to the kubelet CredentialProviderConfig, and if any pattern matches the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling that image or its mirrors. Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider. Conflicts between the existing platform specific provider image match configuration and this list will be handled by the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those from the CRIOCredentialProviderConfig when both match the same image. To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml). You can check the resource's Status conditions to see if any entries were ignored due to exact matches with known built-in provider patterns.\n\nThis field is optional, the items of the list must contain between 1 and 50 entries. The list is treated as a set, so duplicate entries are not allowed.\n\nFor more details, see: https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/ https://github.com/cri-o/crio-credential-provider#architecture\n\nEach entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters. Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io', and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net'). A global wildcard '*' (matching any domain) is not allowed. Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path. For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not. Each wildcard matches only a single domain label, so '*.io' does **not** match '*.k8s.io'.\n\nA match exists between an image and a matchImage when all of the below are true: Both contain the same number of domain parts and each part matches. The URL path of an matchImages must be a prefix of the target image URL path. If the matchImages contains a port, then the port must match in the image as well.\n\nExample values of matchImages: - 123456789.dkr.ecr.us-east-1.amazonaws.com - *.azurecr.io - gcr.io - *.*.registry.io - registry.io:8080/path", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" - } - } - }, - "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigStatus": { - "description": "CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig", - "type": "object", - "properties": { - "conditions": { - "description": "conditions represent the latest available observations of the configuration state. When omitted, it indicates that no conditions have been reported yet. The maximum number of conditions is 16. Conditions are stored as a map keyed by condition type, ensuring uniqueness.\n\nExpected condition types include: \"Validated\": indicates whether the matchImages configuration is valid", + "loadBalancers": { + "description": "loadBalancers is the set of load balancers to which the new control plane instance should be added once it is created.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - } - } - }, - "com.github.openshift.api.config.v1alpha1.CertificateConfig": { - "description": "CertificateConfig specifies configuration parameters for certificates. At least one property must be specified.", - "type": "object", - "properties": { - "key": { - "description": "key specifies the cryptographic parameters for the certificate's key pair. Currently this is the only configurable parameter. When omitted in an overrides entry, the key configuration from defaults is used.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.KeyConfig" - } - } - }, - "com.github.openshift.api.config.v1alpha1.ClusterMonitoring": { - "description": "ClusterMonitoring is the Custom Resource object which holds the current status of Cluster Monitoring Operator. CMO is a central component of the monitoring stack.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. ClusterMonitoring is the Schema for the Cluster Monitoring Operators API", - "type": "object", - "required": [ - "spec" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.machine.v1.LoadBalancerReference" + } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "memoryGiB": { + "description": "memoryGiB is the size of a virtual machine's memory, in GiB. maximum value for the MemoryGiB depends on the selected SystemType. when SystemType is set to e880 maximum MemoryGiB value is 7463 GiB. when SystemType is set to e980 maximum MemoryGiB value is 15307 GiB. when SystemType is set to s922 maximum MemoryGiB value is 942 GiB. The minimum memory is 32 GiB. When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 32.", + "type": "integer", + "format": "int32" }, "metadata": { - "description": "metadata is the standard object metadata.", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "spec": { - "description": "spec holds user configuration for the Cluster Monitoring Operator", + "network": { + "description": "network is the reference to the Network to use for this instance. supported network identifier in PowerVSResource are Name, ID and RegEx and that can be obtained from IBM Cloud UI or IBM Cloud cli.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ClusterMonitoringSpec" + "$ref": "#/definitions/com.github.openshift.api.machine.v1.PowerVSResource" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", + "processorType": { + "description": "processorType is the VM instance processor type. It must be set to one of the following values: Dedicated, Capped or Shared. Dedicated: resources are allocated for a specific client, The hypervisor makes a 1:1 binding of a partition’s processor to a physical processor core. Shared: Shared among other clients. Capped: Shared, but resources do not expand beyond those that are requested, the amount of CPU time is Capped to the value specified for the entitlement. if the processorType is selected as Dedicated, then processors value cannot be fractional. When omitted, this means that the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is Shared.", + "type": "string" + }, + "processors": { + "description": "processors is the number of virtual processors in a virtual machine. when the processorType is selected as Dedicated the processors value cannot be fractional. maximum value for the Processors depends on the selected SystemType. when SystemType is set to e880 or e980 maximum Processors value is 143. when SystemType is set to s922 maximum Processors value is 15. minimum value for Processors depends on the selected ProcessorType. when ProcessorType is set as Shared or Capped, The minimum processors is 0.5. when ProcessorType is set as Dedicated, The minimum processors is 1. When omitted, this means that the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default is set based on the selected ProcessorType. when ProcessorType selected as Dedicated, the default is set to 1. when ProcessorType selected as Shared or Capped, the default is set to 0.5.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + }, + "serviceInstance": { + "description": "serviceInstance is the reference to the Power VS service on which the server instance(VM) will be created. Power VS service is a container for all Power VS instances at a specific geographic region. serviceInstance can be created via IBM Cloud catalog or CLI. supported serviceInstance identifier in PowerVSResource are Name and ID and that can be obtained from IBM Cloud UI or IBM Cloud cli. More detail about Power VS service instance. https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-creating-power-virtual-server", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ClusterMonitoringStatus" + "$ref": "#/definitions/com.github.openshift.api.machine.v1.PowerVSResource" + }, + "systemType": { + "description": "systemType is the System type used to host the instance. systemType determines the number of cores and memory that is available. Few of the supported SystemTypes are s922,e880,e980. e880 systemType available only in Dallas Datacenters. e980 systemType available in Datacenters except Dallas and Washington. When omitted, this means that the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is s922 which is generally available.", + "type": "string" + }, + "userDataSecret": { + "description": "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1.PowerVSSecretReference" } } }, - "com.github.openshift.api.config.v1alpha1.ClusterMonitoringList": { - "description": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machine.v1.PowerVSMachineProviderStatus": { + "description": "PowerVSMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains PowerVS-specific status information.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "items is a list of ClusterMonitoring", + "conditions": { + "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ClusterMonitoring" - } + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "instanceId": { + "description": "instanceId is the instance ID of the machine created in PowerVS instanceId uniquely identifies a Power VS server instance(VM) under a Power VS service. This will help in updating or deleting a VM in Power VS Cloud", + "type": "string" + }, + "instanceState": { + "description": "instanceState is the state of the PowerVS instance for this machine Possible instance states are Active, Build, ShutOff, Reboot This is used to display additional information to user regarding instance current state", + "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard list metadata.", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "serviceInstanceID": { + "description": "serviceInstanceID is the reference to the Power VS ServiceInstance on which the machine instance will be created. serviceInstanceID uniquely identifies the Power VS service By setting serviceInstanceID it will become easy and efficient to fetch a server instance(VM) within Power VS Cloud.", + "type": "string" } } }, - "com.github.openshift.api.config.v1alpha1.ClusterMonitoringSpec": { - "description": "ClusterMonitoringSpec defines the desired state of Cluster Monitoring Operator", + "com.github.openshift.api.machine.v1.PowerVSResource": { + "description": "PowerVSResource is a reference to a specific PowerVS resource by ID, Name or RegEx Only one of ID, Name or RegEx may be specified. Specifying more than one will result in a validation error.", "type": "object", "properties": { - "alertmanagerConfig": { - "description": "alertmanagerConfig allows users to configure how the default Alertmanager instance should be deployed in the `openshift-monitoring` namespace. alertmanagerConfig is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `DefaultConfig`.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.AlertmanagerConfig" - }, - "metricsServerConfig": { - "description": "metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.MetricsServerConfig" - }, - "openShiftStateMetricsConfig": { - "description": "openShiftStateMetricsConfig is an optional field that can be used to configure the openshift-state-metrics agent that runs in the openshift-monitoring namespace. The openshift-state-metrics agent generates metrics about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.OpenShiftStateMetricsConfig" - }, - "prometheusConfig": { - "description": "prometheusConfig provides configuration options for the default platform Prometheus instance that runs in the `openshift-monitoring` namespace. This configuration applies only to the platform Prometheus instance; user-workload Prometheus instances are configured separately.\n\nThis field allows you to customize how the platform Prometheus is deployed and operated, including:\n - Pod scheduling (node selectors, tolerations, topology spread constraints)\n - Resource allocation (CPU, memory requests/limits)\n - Retention policies (how long metrics are stored)\n - External integrations (remote write, additional alertmanagers)\n\nThis field is optional. When omitted, the platform chooses reasonable defaults, which may change over time.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PrometheusConfig" + "id": { + "description": "id of resource", + "type": "string" }, - "prometheusOperatorAdmissionWebhookConfig": { - "description": "prometheusOperatorAdmissionWebhookConfig is an optional field that can be used to configure the admission webhook component of Prometheus Operator that runs in the openshift-monitoring namespace. The admission webhook validates PrometheusRule and AlertmanagerConfig objects to ensure they are semantically valid, mutates PrometheusRule annotations, and converts AlertmanagerConfig objects between API versions. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PrometheusOperatorAdmissionWebhookConfig" + "name": { + "description": "name of resource", + "type": "string" }, - "prometheusOperatorConfig": { - "description": "prometheusOperatorConfig is an optional field that can be used to configure the Prometheus Operator component. Specifically, it can configure how the Prometheus Operator instance is deployed, pod scheduling, and resource allocation. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig" + "regex": { + "description": "regex to find resource Regex contains the pattern to match to find a resource", + "type": "string" }, - "userDefined": { - "description": "userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. userDefined is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `Disabled`.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring" + "type": { + "description": "type identifies the resource type for this entry. Valid values are ID, Name and RegEx", + "type": "string" } - } + }, + "x-kubernetes-unions": [ + { + "fields-to-discriminateBy": { + "id": "ID", + "name": "Name", + "regex": "RegEx", + "type": "Type" + } + } + ] }, - "com.github.openshift.api.config.v1alpha1.ClusterMonitoringStatus": { - "description": "ClusterMonitoringStatus defines the observed state of ClusterMonitoring", - "type": "object" + "com.github.openshift.api.machine.v1.PowerVSSecretReference": { + "description": "PowerVSSecretReference contains enough information to locate the referenced secret inside the same namespace.", + "type": "object", + "properties": { + "name": { + "description": "name of the secret.", + "type": "string" + } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.config.v1alpha1.ContainerResource": { - "description": "ContainerResource defines a single resource requirement for a container.", + "com.github.openshift.api.machine.v1.RootVolume": { + "description": "RootVolume represents the volume metadata to boot from. The original RootVolume struct is defined in the v1alpha1 but it's not best practice to use it directly here so we define a new one that should stay in sync with the original one.", "type": "object", "required": [ - "name" + "volumeType" ], "properties": { - "limit": { - "description": "limit is the maximum amount of the resource allowed (e.g. \"2Mi\", \"1Gi\"). This field is optional. When request is specified, limit cannot be less than request. The value must be greater than 0 when specified.", - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" - }, - "name": { - "description": "name of the resource (e.g. \"cpu\", \"memory\", \"hugepages-2Mi\"). This field is required. name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character.", + "availabilityZone": { + "description": "availabilityZone specifies the Cinder availability zone where the root volume will be created. If not specifified, the root volume will be created in the availability zone specified by the volume type in the cinder configuration. If the volume type (configured in the OpenStack cluster) does not specify an availability zone, the root volume will be created in the default availability zone specified in the cinder configuration. See https://docs.openstack.org/cinder/latest/admin/availability-zone-type.html for more details. If the OpenStack cluster is deployed with the cross_az_attach configuration option set to false, the root volume will have to be in the same availability zone as the VM (defined by OpenStackFailureDomain.AvailabilityZone). Availability zone names must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information. The maximum length of availability zone name is 63 as per labels limits.", "type": "string" }, - "request": { - "description": "request is the minimum amount of the resource required (e.g. \"2Mi\", \"1Gi\"). This field is optional. When limit is specified, request cannot be greater than limit.", - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + "volumeType": { + "description": "volumeType specifies the type of the root volume that will be provisioned. The maximum length of a volume type name is 255 characters, as per the OpenStack limit.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1alpha1.CustomPKIPolicy": { - "description": "CustomPKIPolicy contains administrator-specified cryptographic configuration. Administrators must specify defaults for all certificates and may optionally override specific categories of certificates.", + "com.github.openshift.api.machine.v1.SystemDiskProperties": { + "description": "SystemDiskProperties contains the information regarding the system disk including performance, size, name, and category", "type": "object", - "required": [ - "defaults" - ], "properties": { - "clientCertificates": { - "description": "clientCertificates optionally overrides certificate parameters for client authentication certificates used to authenticate to servers. When set, these parameters take precedence over defaults for all client certificates. When omitted, the defaults are used for client certificates.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CertificateConfig" + "category": { + "description": "category is the category of the system disk. Valid values: cloud_essd: ESSD. When the parameter is set to this value, you can use the SystemDisk.PerformanceLevel parameter to specify the performance level of the disk. cloud_efficiency: ultra disk. cloud_ssd: standard SSD. cloud: basic disk. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently for non-I/O optimized instances of retired instance types, the default is `cloud`. Currently for other instances, the default is `cloud_efficiency`.", + "type": "string" }, - "defaults": { - "description": "defaults specifies the default certificate configuration that applies to all certificates unless overridden by a category override.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.DefaultCertificateConfig" + "name": { + "description": "name is the name of the system disk. If the name is specified the name must be 2 to 128 characters in length. It must start with a letter and cannot start with http:// or https://. It can contain letters, digits, colons (:), underscores (_), and hyphens (-). Empty value means the platform chooses a default, which is subject to change over time. Currently the default is `\"\"`.", + "type": "string" }, - "servingCertificates": { - "description": "servingCertificates optionally overrides certificate parameters for TLS server certificates used to serve HTTPS endpoints. When set, these parameters take precedence over defaults for all serving certificates. When omitted, the defaults are used for serving certificates.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CertificateConfig" + "performanceLevel": { + "description": "performanceLevel is the performance level of the ESSD used as the system disk. Valid values:\n\nPL0: A single ESSD can deliver up to 10,000 random read/write IOPS. PL1: A single ESSD can deliver up to 50,000 random read/write IOPS. PL2: A single ESSD can deliver up to 100,000 random read/write IOPS. PL3: A single ESSD can deliver up to 1,000,000 random read/write IOPS. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is `PL1`. For more information about ESSD performance levels, see ESSDs.", + "type": "string" }, - "signerCertificates": { - "description": "signerCertificates optionally overrides certificate parameters for certificate authority (CA) certificates that sign other certificates. When set, these parameters take precedence over defaults for all signer certificates. When omitted, the defaults are used for signer certificates.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CertificateConfig" + "size": { + "description": "size is the size of the system disk. Unit: GiB. Valid values: 20 to 500. The value must be at least 20 and greater than or equal to the size of the image. Empty value means the platform chooses a default, which is subject to change over time. Currently the default is `40` or the size of the image depending on whichever is greater.", + "type": "integer", + "format": "int64" } } }, - "com.github.openshift.api.config.v1alpha1.DefaultCertificateConfig": { - "description": "DefaultCertificateConfig specifies the default certificate configuration parameters. All fields are required to ensure that defaults are fully specified for all certificates.", + "com.github.openshift.api.machine.v1.Tag": { + "description": "Tag The tags of ECS Instance", "type": "object", "required": [ - "key" + "Key", + "Value" ], "properties": { - "key": { - "description": "key specifies the cryptographic parameters for the certificate's key pair. This field is required in defaults to ensure all certificates have a well-defined key configuration.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.KeyConfig" + "Key": { + "description": "Key is the name of the key pair", + "type": "string", + "default": "" + }, + "Value": { + "description": "Value is the value or data of the key pair", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1alpha1.DropEqualActionConfig": { - "description": "DropEqualActionConfig configures the DropEqual action. Drops targets for which the concatenated source_labels do match the value of target_label. Requires Prometheus >= v2.41.0.", + "com.github.openshift.api.machine.v1.VSphereFailureDomain": { + "description": "VSphereFailureDomain configures failure domain information for the vSphere platform", "type": "object", "required": [ - "targetLabel" + "name" ], "properties": { - "targetLabel": { - "description": "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. Must be between 1 and 128 characters in length.", - "type": "string" + "name": { + "description": "name of the failure domain in which the vSphere machine provider will create the VM. Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource. When balancing machines across failure domains, the control plane machine set will inject configuration from the Infrastructure resource into the machine providerSpec to allocate the machine to a failure domain.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1alpha1.ECDSAKeyConfig": { - "description": "ECDSAKeyConfig specifies parameters for ECDSA key generation.", + "com.github.openshift.api.machine.v1alpha1.AdditionalBlockDevice": { + "description": "additionalBlockDevice is a block device to attach to the server.", "type": "object", "required": [ - "curve" + "name", + "sizeGiB", + "storage" ], "properties": { - "curve": { - "description": "curve specifies the NIST elliptic curve for ECDSA keys. Valid values are \"P256\", \"P384\", and \"P521\".\n\nWhen set to P256, the NIST P-256 curve (also known as secp256r1) is used, providing 128-bit security.\n\nWhen set to P384, the NIST P-384 curve (also known as secp384r1) is used, providing 192-bit security.\n\nWhen set to P521, the NIST P-521 curve (also known as secp521r1) is used, providing 256-bit security.", - "type": "string" - } - } - }, - "com.github.openshift.api.config.v1alpha1.EtcdBackupSpec": { - "description": "EtcdBackupSpec provides configuration for automated etcd backups to the cluster-etcd-operator", - "type": "object", - "properties": { - "pvcName": { - "description": "pvcName specifies the name of the PersistentVolumeClaim (PVC) which binds a PersistentVolume where the etcd backup files would be saved The PVC itself must always be created in the \"openshift-etcd\" namespace If the PVC is left unspecified \"\" then the platform will choose a reasonable default location to save the backup. In the future this would be backups saved across the control-plane master nodes.", + "name": { + "description": "name of the block device in the context of a machine. If the block device is a volume, the Cinder volume will be named as a combination of the machine name and this name. Also, this name will be used for tagging the block device. Information about the block device tag can be obtained from the OpenStack metadata API or the config drive.", "type": "string", "default": "" }, - "retentionPolicy": { - "description": "retentionPolicy defines the retention policy for retaining and deleting existing backups.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RetentionPolicy" - }, - "schedule": { - "description": "schedule defines the recurring backup schedule in Cron format every 2 hours: 0 */2 * * * every day at 3am: 0 3 * * * Empty string means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. The current default is \"no backups\", but will change in the future.", - "type": "string", - "default": "" + "sizeGiB": { + "description": "sizeGiB is the size of the block device in gibibytes (GiB).", + "type": "integer", + "format": "int32", + "default": 0 }, - "timeZone": { - "description": "The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. If not specified, this will default to the time zone of the kube-controller-manager process. See https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones", - "type": "string", - "default": "" + "storage": { + "description": "storage specifies the storage type of the block device and additional storage options.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.BlockDeviceStorage" } } }, - "com.github.openshift.api.config.v1alpha1.GatherConfig": { - "description": "gatherConfig provides data gathering configuration options.", + "com.github.openshift.api.machine.v1alpha1.AddressPair": { "type": "object", "properties": { - "dataPolicy": { - "description": "dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. Valid values are \"None\" and \"ObfuscateNetworking\". When set to None the data is not obfuscated. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "ipAddress": { "type": "string" }, - "disabledGatherers": { - "description": "disabledGatherers is a list of gatherers to be excluded from the gathering. All the gatherers can be disabled by providing \"all\" value. If all the gatherers are disabled, the Insights operator does not gather any data. The format for the disabledGatherer should be: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\" An example of disabling gatherers looks like this: `disabledGatherers: [\"clusterconfig/machine_configs\", \"workloads/workload_info\"]`", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "storage": { - "description": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Storage" + "macAddress": { + "type": "string" } } }, - "com.github.openshift.api.config.v1alpha1.HashModActionConfig": { - "description": "HashModActionConfig configures the HashMod action. target_label is set to the modulus of a hash of the concatenated source_labels (target = hash % modulus).", + "com.github.openshift.api.machine.v1alpha1.BlockDeviceStorage": { + "description": "blockDeviceStorage is the storage type of a block device to create and contains additional storage options.", "type": "object", "required": [ - "targetLabel", - "modulus" + "type" ], "properties": { - "modulus": { - "description": "modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). Required when using the HashMod action so the intended behavior is explicit. Must be between 1 and 1000000.", - "type": "integer", - "format": "int64" + "type": { + "description": "type is the type of block device to create. This can be either \"Volume\" or \"Local\".", + "type": "string", + "default": "" }, - "targetLabel": { - "description": "targetLabel is the label name where the hash modulus result is written. Must be between 1 and 128 characters in length.", + "volume": { + "description": "volume contains additional storage options for a volume block device.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.BlockDeviceVolume" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "volume": "Volume" + } + } + ] + }, + "com.github.openshift.api.machine.v1alpha1.BlockDeviceVolume": { + "description": "blockDeviceVolume contains additional storage options for a volume block device.", + "type": "object", + "properties": { + "availabilityZone": { + "description": "availabilityZone is the volume availability zone to create the volume in. If omitted, the availability zone of the server will be used. The availability zone must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information.", + "type": "string" + }, + "type": { + "description": "type is the Cinder volume type of the volume. If omitted, the default Cinder volume type that is configured in the OpenStack cloud will be used.", "type": "string" } } }, - "com.github.openshift.api.config.v1alpha1.InsightsDataGather": { - "description": "InsightsDataGather provides data gather configuration options for the the Insights Operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machine.v1alpha1.Filter": { "type": "object", - "required": [ - "spec" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "adminStateUp": { + "description": "Deprecated: adminStateUp is silently ignored. It has no replacement.", + "type": "boolean" + }, + "description": { + "description": "description filters networks by description.", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "id": { + "description": "Deprecated: use NetworkParam.uuid instead. Ignored if NetworkParam.uuid is set.", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "limit": { + "description": "Deprecated: limit is silently ignored. It has no replacement.", + "type": "integer", + "format": "int32" }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.InsightsDataGatherSpec" + "marker": { + "description": "Deprecated: marker is silently ignored. It has no replacement.", + "type": "string" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.InsightsDataGatherStatus" - } - } - }, - "com.github.openshift.api.config.v1alpha1.InsightsDataGatherList": { - "description": "InsightsDataGatherList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "type": "object", - "required": [ - "metadata", - "items" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "name": { + "description": "name filters networks by name.", "type": "string" }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.InsightsDataGather" - } + "notTags": { + "description": "notTags filters by networks which don't match all specified tags. NOT (t1 AND t2...) Multiple tags are comma separated.", + "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "notTagsAny": { + "description": "notTagsAny filters by networks which don't match any specified tags. NOT (t1 OR t2...) Multiple tags are comma separated.", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.config.v1alpha1.InsightsDataGatherSpec": { - "type": "object", - "properties": { - "gatherConfig": { - "description": "gatherConfig spec attribute includes all the configuration options related to gathering of the Insights data and its uploading to the ingress.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.GatherConfig" - } - } - }, - "com.github.openshift.api.config.v1alpha1.InsightsDataGatherStatus": { - "type": "object" - }, - "com.github.openshift.api.config.v1alpha1.KeepEqualActionConfig": { - "description": "KeepEqualActionConfig configures the KeepEqual action. Drops targets for which the concatenated source_labels do not match the value of target_label. Requires Prometheus >= v2.41.0.", - "type": "object", - "required": [ - "targetLabel" - ], - "properties": { - "targetLabel": { - "description": "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. Must be between 1 and 128 characters in length.", + "projectId": { + "description": "projectId filters networks by project ID.", "type": "string" - } - } - }, - "com.github.openshift.api.config.v1alpha1.KeyConfig": { - "description": "KeyConfig specifies cryptographic parameters for key generation.", - "type": "object", - "required": [ - "algorithm" - ], - "properties": { - "algorithm": { - "description": "algorithm specifies the key generation algorithm. Valid values are \"RSA\" and \"ECDSA\".\n\nWhen set to RSA, the rsa field must be specified and the generated key will be an RSA key with the configured key size.\n\nWhen set to ECDSA, the ecdsa field must be specified and the generated key will be an ECDSA key using the configured elliptic curve.", + }, + "shared": { + "description": "Deprecated: shared is silently ignored. It has no replacement.", + "type": "boolean" + }, + "sortDir": { + "description": "Deprecated: sortDir is silently ignored. It has no replacement.", "type": "string" }, - "ecdsa": { - "description": "ecdsa specifies ECDSA key parameters. Required when algorithm is ECDSA, and forbidden otherwise.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ECDSAKeyConfig" + "sortKey": { + "description": "Deprecated: sortKey is silently ignored. It has no replacement.", + "type": "string" }, - "rsa": { - "description": "rsa specifies RSA key parameters. Required when algorithm is RSA, and forbidden otherwise.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RSAKeyConfig" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "algorithm", - "fields-to-discriminateBy": { - "ecdsa": "ECDSA", - "rsa": "RSA" - } - } - ] - }, - "com.github.openshift.api.config.v1alpha1.Label": { - "description": "Label represents a key/value pair for external labels.", - "type": "object", - "required": [ - "key", - "value" - ], - "properties": { - "key": { - "description": "key is the name of the label. Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. Must be between 1 and 128 characters in length.", + "status": { + "description": "Deprecated: status is silently ignored. It has no replacement.", "type": "string" }, - "value": { - "description": "value is the value of the label. Must be between 1 and 128 characters in length.", + "tags": { + "description": "tags filters by networks containing all specified tags. Multiple tags are comma separated.", "type": "string" - } - } - }, - "com.github.openshift.api.config.v1alpha1.LabelMapActionConfig": { - "description": "LabelMapActionConfig configures the LabelMap action. Regex is matched against all source label names (not just source_labels). Matching label values are copied to new label names given by replacement, with match group references (${1}, ${2}, ...) substituted.", - "type": "object", - "required": [ - "replacement" - ], - "properties": { - "replacement": { - "description": "replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. Required when using the LabelMap action so the intended behavior is explicit and the platform does not need to apply defaults. Use \"$1\" for the first capture group, \"$2\" for the second, etc. Must be between 1 and 255 characters in length. Empty string is invalid as it would produce invalid label names.", + }, + "tagsAny": { + "description": "tagsAny filters by networks containing any specified tags. Multiple tags are comma separated.", + "type": "string" + }, + "tenantId": { + "description": "tenantId filters networks by tenant ID. Deprecated: use projectId instead. tenantId will be ignored if projectId is set.", "type": "string" } } }, - "com.github.openshift.api.config.v1alpha1.LowercaseActionConfig": { - "description": "LowercaseActionConfig configures the Lowercase action. Maps the concatenated source_labels to their lower case and writes to target_label. Requires Prometheus >= v2.36.0.", + "com.github.openshift.api.machine.v1alpha1.FixedIPs": { "type": "object", "required": [ - "targetLabel" + "subnetID" ], "properties": { - "targetLabel": { - "description": "targetLabel is the label name where the lower-cased value is written. Must be between 1 and 128 characters in length.", + "ipAddress": { + "description": "ipAddress is a specific IP address to use in the given subnet. Port creation will fail if the address is not available. If not specified, an available IP from the given subnet will be selected automatically.", "type": "string" + }, + "subnetID": { + "description": "subnetID specifies the ID of the subnet where the fixed IP will be allocated.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1alpha1.MetadataConfig": { - "description": "MetadataConfig defines whether and how to send series metadata to remote write storage.", + "com.github.openshift.api.machine.v1alpha1.NetworkParam": { "type": "object", - "required": [ - "sendPolicy" - ], "properties": { - "custom": { - "description": "custom defines custom metadata send settings. Required when sendPolicy is Custom (must have at least one property), and forbidden when sendPolicy is Default.", + "filter": { + "description": "Filters for optional network query", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.MetadataConfigCustom" + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.Filter" }, - "sendPolicy": { - "description": "sendPolicy specifies whether to send metadata and how it is configured. Default: send metadata using platform-chosen defaults (e.g. send interval 30 seconds). Custom: send metadata using the settings in the custom field.", + "fixedIp": { + "description": "A fixed IPv4 address for the NIC. Deprecated: fixedIP is silently ignored. Use subnets instead.", "type": "string" - } - } - }, - "com.github.openshift.api.config.v1alpha1.MetadataConfigCustom": { - "description": "MetadataConfigCustom defines custom settings for sending series metadata when sendPolicy is Custom. At least one property must be set when sendPolicy is Custom (e.g. sendIntervalSeconds).", - "type": "object", - "properties": { - "sendIntervalSeconds": { - "description": "sendIntervalSeconds is the interval in seconds at which metadata is sent. When omitted, the platform chooses a reasonable default (e.g. 30 seconds). Minimum value is 1 second. Maximum value is 86400 seconds (24 hours).", - "type": "integer", - "format": "int32" - } - } - }, - "com.github.openshift.api.config.v1alpha1.MetricsServerConfig": { - "description": "MetricsServerConfig provides configuration options for the Metrics Server instance that runs in the `openshift-monitoring` namespace. Use this configuration to control how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled.", - "type": "object", - "properties": { - "audit": { - "description": "audit defines the audit configuration used by the Metrics Server instance. audit is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default sets audit.profile to Metadata", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Audit" }, - "nodeSelector": { - "description": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", + "noAllowedAddressPairs": { + "description": "noAllowedAddressPairs disables creation of allowed address pairs for the network ports", + "type": "boolean" + }, + "portSecurity": { + "description": "portSecurity optionally enables or disables security on ports managed by OpenStack", + "type": "boolean" + }, + "portTags": { + "description": "portTags allows users to specify a list of tags to add to ports created in a given network", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "profile": { + "description": "A dictionary that enables the application running on the specified host to pass and receive virtual network interface (VIF) port-specific information to the plug-in.", "type": "object", "additionalProperties": { "type": "string", "default": "" } }, - "resources": { - "description": "resources defines the compute resource requests and limits for the Metrics Server container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "tolerations": { - "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "subnets": { + "description": "Subnet within a network to use", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.SubnetParam" + } }, - "topologySpreadConstraints": { - "description": "topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/TopologySpreadConstraint.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "topologyKey", - "whenUnsatisfiable" - ], - "x-kubernetes-list-type": "map" + "uuid": { + "description": "The UUID of the network. Required if you omit the port attribute.", + "type": "string" }, - "verbosity": { - "description": "verbosity defines the verbosity of log messages for Metrics Server. Valid values are Errors, Info, Trace, TraceAll and omitted. When set to Errors, only critical messages and errors are logged. When set to Info, only basic information messages are logged. When set to Trace, information useful for general debugging is logged. When set to TraceAll, detailed information about metric scraping is logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Errors`", + "vnicType": { + "description": "The virtual network interface card (vNIC) type that is bound to the neutron port.", "type": "string" } } }, - "com.github.openshift.api.config.v1alpha1.OAuth2": { - "description": "OAuth2 defines OAuth2 authentication settings for the remote write endpoint.", + "com.github.openshift.api.machine.v1alpha1.OpenstackProviderSpec": { + "description": "OpenstackProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an OpenStack Instance. It is used by the Openstack machine actuator to create a single machine instance. Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "clientId", - "clientSecret", - "tokenUrl" + "cloudsSecret", + "cloudName", + "flavor", + "image" ], "properties": { - "clientId": { - "description": "clientId defines the secret reference containing the OAuth2 client ID. The secret must exist in the openshift-monitoring namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" - }, - "clientSecret": { - "description": "clientSecret defines the secret reference containing the OAuth2 client secret. The secret must exist in the openshift-monitoring namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" - }, - "endpointParams": { - "description": "endpointParams defines additional parameters to append to the token URL. When omitted, no additional parameters are sent. Maximum of 20 parameters can be specified. Entries must have unique names (name is the list key).", + "additionalBlockDevices": { + "description": "additionalBlockDevices is a list of specifications for additional block devices to attach to the server instance", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.OAuth2EndpointParam" + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.AdditionalBlockDevice" }, "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, - "scopes": { - "description": "scopes is a list of OAuth2 scopes to request. When omitted, no scopes are requested. Maximum of 20 scopes can be specified. Each scope must be between 1 and 256 characters.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "tokenUrl": { - "description": "tokenUrl is the URL to fetch the token from. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", - "type": "string" - } - } - }, - "com.github.openshift.api.config.v1alpha1.OAuth2EndpointParam": { - "description": "OAuth2EndpointParam defines a name/value parameter for the OAuth2 token URL.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "description": "name is the parameter name. Must be between 1 and 256 characters.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "value": { - "description": "value is the optional parameter value. When omitted, the query parameter is applied as ?name (no value). When set (including to the empty string), it is applied as ?name=value. Empty string may be used when the external system expects a parameter with an empty value (e.g. ?parameter=\"\"). Must be between 0 and 2048 characters when present (aligned with common URL length recommendations).", + "availabilityZone": { + "description": "The availability zone from which to launch the server.", "type": "string" - } - } - }, - "com.github.openshift.api.config.v1alpha1.OpenShiftStateMetricsConfig": { - "description": "OpenShiftStateMetricsConfig provides configuration options for the openshift-state-metrics agent that runs in the `openshift-monitoring` namespace. The openshift-state-metrics agent generates metrics about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments.", - "type": "object", - "properties": { - "nodeSelector": { - "description": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } }, - "resources": { - "description": "resources defines the compute resource requests and limits for the openshift-state-metrics container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 1m\n limit: null\n - name: memory\n request: 32Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "cloudName": { + "description": "The name of the cloud to use from the clouds secret", + "type": "string", + "default": "" }, - "tolerations": { - "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "cloudsSecret": { + "description": "The name of the secret containing the openstack credentials", + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" }, - "topologySpreadConstraints": { - "description": "topologySpreadConstraints defines rules for how openshift-state-metrics Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/TopologySpreadConstraint.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "topologyKey", - "whenUnsatisfiable" - ], - "x-kubernetes-list-type": "map" - } - } - }, - "com.github.openshift.api.config.v1alpha1.PKI": { - "description": "PKI configures cryptographic parameters for certificates generated internally by OpenShift components.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "type": "object", - "required": [ - "spec" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "configDrive": { + "description": "Config Drive support", + "type": "boolean" + }, + "flavor": { + "description": "The flavor reference for the flavor for your server instance.", + "type": "string", + "default": "" + }, + "floatingIP": { + "description": "floatingIP specifies a floating IP to be associated with the machine. Note that it is not safe to use this parameter in a MachineSet, as only one Machine may be assigned the same floating IP.\n\nDeprecated: floatingIP will be removed in a future release as it cannot be implemented correctly.", + "type": "string" + }, + "image": { + "description": "The name of the image to use for your server instance. If the RootVolume is specified, this will be ignored and use rootVolume directly.", + "type": "string", + "default": "" + }, + "keyName": { + "description": "The ssh key to inject in the instance", "type": "string" }, "kind": { @@ -24723,1457 +23122,1761 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PKISpec" - } - } - }, - "com.github.openshift.api.config.v1alpha1.PKICertificateManagement": { - "description": "PKICertificateManagement determines whether components use hardcoded defaults (Unmanaged), follow OpenShift best practices (Default), or use administrator-specified cryptographic parameters (Custom). This provides flexibility for organizations with specific compliance requirements or security policies while maintaining backwards compatibility for existing clusters.", - "type": "object", - "required": [ - "mode" - ], - "properties": { - "custom": { - "description": "custom contains administrator-specified cryptographic configuration. Use the defaults and category override fields to specify certificate generation parameters. Required when mode is Custom, and forbidden otherwise.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CustomPKIPolicy" + "networks": { + "description": "A networks object. Required parameter when there are multiple networks defined for the tenant. When you do not specify the networks parameter, the server attaches to the only network created for the current tenant.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.NetworkParam" + } }, - "mode": { - "description": "mode determines how PKI configuration is managed. Valid values are \"Unmanaged\", \"Default\", and \"Custom\".\n\nWhen set to Unmanaged, components use their existing hardcoded certificate generation behavior, exactly as if this feature did not exist. Each component generates certificates using whatever parameters it was using before this feature. While most components use RSA 2048, some may use different parameters. Use of this mode might prevent upgrading to the next major OpenShift release.\n\nWhen set to Default, OpenShift-recommended best practices for certificate generation are applied. The specific parameters may evolve across OpenShift releases to adopt improved cryptographic standards. In the initial release, this matches Unmanaged behavior for each component. In future releases, this may adopt ECDSA or larger RSA keys based on industry best practices. Recommended for most customers who want to benefit from security improvements automatically.\n\nWhen set to Custom, the certificate management parameters can be set explicitly. Use the custom field to specify certificate generation parameters.", - "type": "string" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "mode", - "fields-to-discriminateBy": { - "custom": "Custom" + "ports": { + "description": "Create and assign additional ports to instances", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.PortOpts" } - } - ] - }, - "com.github.openshift.api.config.v1alpha1.PKIList": { - "description": "PKIList is a collection of PKI resources.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "type": "object", - "required": [ - "items" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + }, + "primarySubnet": { + "description": "The subnet that a set of machines will get ingress/egress traffic from Deprecated: primarySubnet is silently ignored. Use subnets instead.", "type": "string" }, - "items": { - "description": "items is a list of PKI resources", + "rootVolume": { + "description": "The volume metadata to boot from", + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.RootVolume" + }, + "securityGroups": { + "description": "The names of the security groups to assign to the instance", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PKI" + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.SecurityGroupParam" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "serverGroupID": { + "description": "The server group to assign the machine to.", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.config.v1alpha1.PKIProfile": { - "description": "PKIProfile defines the certificate generation parameters that OpenShift components use to create certificates. Category overrides take precedence over defaults.", - "type": "object", - "required": [ - "defaults" - ], - "properties": { - "clientCertificates": { - "description": "clientCertificates optionally overrides certificate parameters for client authentication certificates used to authenticate to servers. When set, these parameters take precedence over defaults for all client certificates. When omitted, the defaults are used for client certificates.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CertificateConfig" + "serverGroupName": { + "description": "The server group to assign the machine to. A server group with that name will be created if it does not exist. If both ServerGroupID and ServerGroupName are non-empty, they must refer to the same OpenStack resource.", + "type": "string" }, - "defaults": { - "description": "defaults specifies the default certificate configuration that applies to all certificates unless overridden by a category override.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.DefaultCertificateConfig" + "serverMetadata": { + "description": "Metadata mapping. Allows you to create a map of key value pairs to add to the server instance.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } }, - "servingCertificates": { - "description": "servingCertificates optionally overrides certificate parameters for TLS server certificates used to serve HTTPS endpoints. When set, these parameters take precedence over defaults for all serving certificates. When omitted, the defaults are used for serving certificates.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CertificateConfig" + "sshUserName": { + "description": "The machine ssh username Deprecated: sshUserName is silently ignored.", + "type": "string" }, - "signerCertificates": { - "description": "signerCertificates optionally overrides certificate parameters for certificate authority (CA) certificates that sign other certificates. When set, these parameters take precedence over defaults for all signer certificates. When omitted, the defaults are used for signer certificates.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CertificateConfig" - } - } - }, - "com.github.openshift.api.config.v1alpha1.PKISpec": { - "description": "PKISpec holds the specification for PKI configuration.", - "type": "object", - "required": [ - "certificateManagement" - ], - "properties": { - "certificateManagement": { - "description": "certificateManagement specifies how PKI configuration is managed for internally-generated certificates. This controls the certificate generation approach for all OpenShift components that create certificates internally, including certificate authorities, serving certificates, and client certificates.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PKICertificateManagement" - } - } - }, - "com.github.openshift.api.config.v1alpha1.PersistentVolumeClaimReference": { - "description": "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "description": "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", - "type": "string", - "default": "" + "tags": { + "description": "Machine tags Requires Nova api 2.52 minimum!", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "trunk": { + "description": "Whether the server instance is created on a trunk port or not.", + "type": "boolean" + }, + "userDataSecret": { + "description": "The name of the secret containing the user data (startup script in most cases)", + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" } } }, - "com.github.openshift.api.config.v1alpha1.PersistentVolumeConfig": { - "description": "persistentVolumeConfig provides configuration options for PersistentVolume storage.", + "com.github.openshift.api.machine.v1alpha1.PortOpts": { "type": "object", "required": [ - "claim" + "networkID" ], "properties": { - "claim": { - "description": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PersistentVolumeClaimReference" + "adminStateUp": { + "description": "adminStateUp sets the administrative state of the created port to up (true), or down (false).", + "type": "boolean" }, - "mountPath": { - "description": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", - "type": "string" - } - } - }, - "com.github.openshift.api.config.v1alpha1.PrometheusConfig": { - "description": "PrometheusConfig provides configuration options for the Prometheus instance. Use this configuration to control Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations.", - "type": "object", - "properties": { - "additionalAlertmanagerConfigs": { - "description": "additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from the Prometheus component. This is useful for organizations that need to:\n - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks)\n - Route different types of alerts to different teams or systems\n - Integrate with existing enterprise alerting infrastructure\n - Maintain separate alert routing for compliance or organizational requirements\nWhen omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Entries must have unique names (name is the list key).", + "allowedAddressPairs": { + "description": "allowedAddressPairs specifies a set of allowed address pairs to add to the port.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.AdditionalAlertmanagerConfig" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.AddressPair" + } }, - "collectionProfile": { - "description": "collectionProfile defines the metrics collection profile that Prometheus uses to collect metrics from the platform components. Supported values are `Full` or `Minimal`. In the `Full` profile (default), Prometheus collects all metrics that are exposed by the platform components. In the `Minimal` profile, Prometheus only collects metrics necessary for the default platform alerts, recording rules, telemetry and console dashboards. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is `Full`.", + "description": { + "description": "description specifies the description of the created port.", "type": "string" }, - "enforcedBodySizeLimitBytes": { - "description": "enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. If a scraped target's body response is larger than the limit, the scrape will fail. This helps protect Prometheus from targets that return excessively large responses. The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). When omitted, the Cluster Monitoring Operator automatically calculates an appropriate limit based on cluster capacity. Set an explicit value to override the automatic calculation. Minimum value is 10240 (10kB). Maximum value is 1073741824 (1GB).", - "type": "integer", - "format": "int64" - }, - "externalLabels": { - "description": "externalLabels defines labels to be attached to time series and alerts when communicating with external systems such as federation, remote storage, and Alertmanager. These labels are not stored with metrics on disk; they are only added when data leaves Prometheus (e.g., during federation queries, remote write, or alert notifications). At least 1 label must be specified when set, with a maximum of 50 labels allowed. Each label key must be unique within this list. When omitted, no external labels are applied.", + "fixedIPs": { + "description": "fixedIPs specifies a set of fixed IPs to assign to the port. They must all be valid for the port's network.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Label" - }, - "x-kubernetes-list-map-keys": [ - "key" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.FixedIPs" + } }, - "logLevel": { - "description": "logLevel defines the verbosity of logs emitted by Prometheus. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + "hostID": { + "description": "The ID of the host where the port is allocated. Do not use this field: it cannot be used correctly. Deprecated: hostID is silently ignored. It will be removed with no replacement.", "type": "string" }, - "nodeSelector": { - "description": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least one key-value pair (minimum of 1) and must not contain more than 10 entries.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "queryLogFile": { - "description": "queryLogFile specifies the file to which PromQL queries are logged. This setting can be either a filename, in which case the queries are saved to an `emptyDir` volume at `/var/log/prometheus`, or a full path to a location where an `emptyDir` volume will be mounted and the queries saved. Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but writing to any other `/dev/` path is not supported. Relative paths are also not supported. By default, PromQL queries are not logged. Must be an absolute path starting with `/` or a simple filename without path separators. Must not contain consecutive slashes, end with a slash, or include '..' path traversal. Must contain only alphanumeric characters, '.', '_', '-', or '/'. Must be between 1 and 255 characters in length.", + "macAddress": { + "description": "macAddress specifies the MAC address of the created port.", "type": "string" }, - "remoteWrite": { - "description": "remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. Remote write allows Prometheus to send metrics it collects to external long-term storage systems. When omitted, no remote write endpoints are configured. When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Entries must have unique names (name is the list key).", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RemoteWriteSpec" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "nameSuffix": { + "description": "If nameSuffix is specified the created port will be named -. If not specified the port will be named -.", + "type": "string" }, - "resources": { - "description": "resources defines the compute resource requests and limits for the Prometheus container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. Each entry must have a unique resource name. Minimum of 1 and maximum of 10 resource entries can be specified. The current default values are:\n resources:\n - name: cpu\n request: 4m\n - name: memory\n request: 40Mi", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "networkID": { + "description": "networkID is the ID of the network the port will be created in. It is required.", + "type": "string", + "default": "" }, - "retention": { - "description": "retention configures how long Prometheus retains metrics data and how much storage it can use. When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit).", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Retention" + "portSecurity": { + "description": "enable or disable security on a given port incompatible with securityGroups and allowedAddressPairs", + "type": "boolean" }, - "tolerations": { - "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", + "profile": { + "description": "A dictionary that enables the application running on the specified host to pass and receive virtual network interface (VIF) port-specific information to the plug-in.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "projectID": { + "description": "projectID specifies the project ID of the created port. Note that this requires OpenShift to have administrative permissions, which is typically not the case. Use of this field is not recommended. Deprecated: projectID is silently ignored.", + "type": "string" + }, + "securityGroups": { + "description": "securityGroups specifies a set of security group UUIDs to use instead of the machine's default security groups. The default security groups will be used if this is left empty or not specified.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "type": "string", + "default": "" + } }, - "topologySpreadConstraints": { - "description": "topologySpreadConstraints defines rules for how Prometheus Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "tags": { + "description": "tags species a set of tags to add to the port.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/TopologySpreadConstraint.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "topologyKey", - "whenUnsatisfiable" - ], - "x-kubernetes-list-type": "map" + "type": "string", + "default": "" + } }, - "volumeClaimTemplate": { - "description": "volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and Prometheus data will not persist across restarts.", - "$ref": "#/definitions/PersistentVolumeClaim.v1.core.api.k8s.io" + "tenantID": { + "description": "tenantID specifies the tenant ID of the created port. Note that this requires OpenShift to have administrative permissions, which is typically not the case. Use of this field is not recommended. Deprecated: tenantID is silently ignored.", + "type": "string" + }, + "trunk": { + "description": "Enables and disables trunk at port level. If not provided, openStackMachine.Spec.Trunk is inherited.", + "type": "boolean" + }, + "vnicType": { + "description": "The virtual network interface card (vNIC) type that is bound to the neutron port.", + "type": "string" } } }, - "com.github.openshift.api.config.v1alpha1.PrometheusOperatorAdmissionWebhookConfig": { - "description": "PrometheusOperatorAdmissionWebhookConfig provides configuration options for the admission webhook component of Prometheus Operator that runs in the `openshift-monitoring` namespace. The admission webhook validates PrometheusRule and AlertmanagerConfig objects, mutates PrometheusRule annotations, and converts AlertmanagerConfig objects between API versions.", + "com.github.openshift.api.machine.v1alpha1.RootVolume": { "type": "object", "properties": { - "resources": { - "description": "resources defines the compute resource requests and limits for the prometheus-operator-admission-webhook container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 5m\n limit: null\n - name: memory\n request: 30Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "availabilityZone": { + "description": "availabilityZone specifies the Cinder availability where the root volume will be created.", + "type": "string" }, - "topologySpreadConstraints": { - "description": "topologySpreadConstraints defines rules for how admission webhook Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/TopologySpreadConstraint.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "topologyKey", - "whenUnsatisfiable" - ], - "x-kubernetes-list-type": "map" + "deviceType": { + "description": "Deprecated: deviceType will be silently ignored. There is no replacement.", + "type": "string" + }, + "diskSize": { + "description": "diskSize specifies the size, in GiB, of the created root volume.", + "type": "integer", + "format": "int32" + }, + "sourceType": { + "description": "Deprecated: sourceType will be silently ignored. There is no replacement.", + "type": "string" + }, + "sourceUUID": { + "description": "sourceUUID specifies the UUID of a glance image used to populate the root volume. Deprecated: set image in the platform spec instead. This will be ignored if image is set in the platform spec.", + "type": "string" + }, + "volumeType": { + "description": "volumeType specifies a volume type to use when creating the root volume. If not specified the default volume type will be used.", + "type": "string" } } }, - "com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig": { - "description": "PrometheusOperatorConfig provides configuration options for the Prometheus Operator instance Use this configuration to control how the Prometheus Operator instance is deployed, how it logs, and how its pods are scheduled.", + "com.github.openshift.api.machine.v1alpha1.SecurityGroupFilter": { "type": "object", "properties": { - "logLevel": { - "description": "logLevel defines the verbosity of logs emitted by Prometheus Operator. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + "description": { + "description": "description filters security groups by description.", "type": "string" }, - "nodeSelector": { - "description": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "id": { + "description": "id specifies the ID of a security group to use. If set, id will not be validated before use. An invalid id will result in failure to create a server with an appropriate error message.", + "type": "string" }, - "resources": { - "description": "resources defines the compute resource requests and limits for the Prometheus Operator container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "limit": { + "description": "Deprecated: limit is silently ignored. It has no replacement.", + "type": "integer", + "format": "int32" }, - "tolerations": { - "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" + "marker": { + "description": "Deprecated: marker is silently ignored. It has no replacement.", + "type": "string" }, - "topologySpreadConstraints": { - "description": "topologySpreadConstraints defines rules for how Prometheus Operator Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/TopologySpreadConstraint.v1.core.api.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "topologyKey", - "whenUnsatisfiable" - ], - "x-kubernetes-list-type": "map" + "name": { + "description": "name filters security groups by name.", + "type": "string" + }, + "notTags": { + "description": "notTags filters by security groups which don't match all specified tags. NOT (t1 AND t2...) Multiple tags are comma separated.", + "type": "string" + }, + "notTagsAny": { + "description": "notTagsAny filters by security groups which don't match any specified tags. NOT (t1 OR t2...) Multiple tags are comma separated.", + "type": "string" + }, + "projectId": { + "description": "projectId filters security groups by project ID.", + "type": "string" + }, + "sortDir": { + "description": "Deprecated: sortDir is silently ignored. It has no replacement.", + "type": "string" + }, + "sortKey": { + "description": "Deprecated: sortKey is silently ignored. It has no replacement.", + "type": "string" + }, + "tags": { + "description": "tags filters by security groups containing all specified tags. Multiple tags are comma separated.", + "type": "string" + }, + "tagsAny": { + "description": "tagsAny filters by security groups containing any specified tags. Multiple tags are comma separated.", + "type": "string" + }, + "tenantId": { + "description": "tenantId filters security groups by tenant ID. Deprecated: use projectId instead. tenantId will be ignored if projectId is set.", + "type": "string" } } }, - "com.github.openshift.api.config.v1alpha1.PrometheusRemoteWriteHeader": { - "description": "PrometheusRemoteWriteHeader defines a custom HTTP header for remote write requests. The header name must not be one of the reserved headers set by Prometheus (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). Header names must contain only case-insensitive alphanumeric characters, hyphens (-), and underscores (_); other characters (e.g. emoji) are rejected by validation. Validation is enforced on the Headers field in RemoteWriteSpec.", + "com.github.openshift.api.machine.v1alpha1.SecurityGroupParam": { "type": "object", - "required": [ - "name", - "value" - ], "properties": { + "filter": { + "description": "Filters used to query security groups in openstack", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.SecurityGroupFilter" + }, "name": { - "description": "name is the HTTP header name. Must not be a reserved header (see type documentation). Must contain only alphanumeric characters, hyphens, and underscores; invalid characters are rejected. Must be between 1 and 256 characters.", + "description": "Security Group name", "type": "string" }, - "value": { - "description": "value is the HTTP header value. Must be at most 4096 characters.", + "uuid": { + "description": "Security Group UUID", "type": "string" } } }, - "com.github.openshift.api.config.v1alpha1.QueueConfig": { - "description": "QueueConfig allows tuning configuration for remote write queue parameters. Configure this when you need to control throughput, backpressure, or retry behavior—for example to avoid overloading the remote endpoint, to reduce memory usage, or to tune for high-cardinality workloads. Consider capacity, maxShards, and batchSendDeadlineSeconds for throughput; minBackoffMilliseconds and maxBackoffMilliseconds for retries; and rateLimitedAction when the remote returns HTTP 429.", + "com.github.openshift.api.machine.v1alpha1.SubnetFilter": { "type": "object", "properties": { - "batchSendDeadlineSeconds": { - "description": "batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 3600 seconds (1 hour).", - "type": "integer", - "format": "int32" + "cidr": { + "description": "cidr filters subnets by CIDR.", + "type": "string" }, - "capacity": { - "description": "capacity is the number of samples to buffer per shard before we start dropping them. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 10000. Minimum value is 1. Maximum value is 1000000.", - "type": "integer", - "format": "int32" + "description": { + "description": "description filters subnets by description.", + "type": "string" }, - "maxBackoffMilliseconds": { - "description": "maxBackoffMilliseconds is the maximum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", - "type": "integer", - "format": "int32" + "enableDhcp": { + "description": "Deprecated: enableDhcp is silently ignored. It has no replacement.", + "type": "boolean" }, - "maxSamplesPerSend": { - "description": "maxSamplesPerSend is the maximum number of samples per send. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1000. Minimum value is 1. Maximum value is 100000.", - "type": "integer", - "format": "int32" + "gateway_ip": { + "description": "gateway_ip filters subnets by gateway IP.", + "type": "string" }, - "maxShards": { - "description": "maxShards is the maximum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 200. Minimum value is 1. Maximum value is 10000.", - "type": "integer", - "format": "int32" + "id": { + "description": "id is the uuid of a specific subnet to use. If specified, id will not be validated. Instead server creation will fail with an appropriate error.", + "type": "string" }, - "minBackoffMilliseconds": { - "description": "minBackoffMilliseconds is the minimum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", + "ipVersion": { + "description": "ipVersion filters subnets by IP version.", "type": "integer", "format": "int32" }, - "minShards": { - "description": "minShards is the minimum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1. Minimum value is 1. Maximum value is 10000.", - "type": "integer", - "format": "int32" + "ipv6AddressMode": { + "description": "ipv6AddressMode filters subnets by IPv6 address mode.", + "type": "string" }, - "rateLimitedAction": { - "description": "rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). When omitted, no retries are performed on rate limit responses. When set to \"Retry\", Prometheus will retry such requests using the backoff settings above. Valid value when set is \"Retry\".", + "ipv6RaMode": { + "description": "ipv6RaMode filters subnets by IPv6 router adversiement mode.", "type": "string" - } - } - }, - "com.github.openshift.api.config.v1alpha1.RSAKeyConfig": { - "description": "RSAKeyConfig specifies parameters for RSA key generation.", - "type": "object", - "required": [ - "keySize" - ], - "properties": { - "keySize": { - "description": "keySize specifies the size of RSA keys in bits. Valid values are multiples of 1024 from 2048 to 8192.", + }, + "limit": { + "description": "Deprecated: limit is silently ignored. It has no replacement.", "type": "integer", "format": "int32" - } - } - }, - "com.github.openshift.api.config.v1alpha1.RelabelActionConfig": { - "description": "RelabelActionConfig represents the action to perform and its configuration. Exactly one action-specific configuration must be specified based on the action type.", - "type": "object", - "required": [ - "type" - ], - "properties": { - "dropEqual": { - "description": "dropEqual configures the DropEqual action. Required when type is DropEqual, and forbidden otherwise. Requires Prometheus >= v2.41.0.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.DropEqualActionConfig" }, - "hashMod": { - "description": "hashMod configures the HashMod action. Required when type is HashMod, and forbidden otherwise.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.HashModActionConfig" + "marker": { + "description": "Deprecated: marker is silently ignored. It has no replacement.", + "type": "string" }, - "keepEqual": { - "description": "keepEqual configures the KeepEqual action. Required when type is KeepEqual, and forbidden otherwise. Requires Prometheus >= v2.41.0.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.KeepEqualActionConfig" + "name": { + "description": "name filters subnets by name.", + "type": "string" }, - "labelMap": { - "description": "labelMap configures the LabelMap action. Required when type is LabelMap, and forbidden otherwise.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.LabelMapActionConfig" + "networkId": { + "description": "Deprecated: networkId is silently ignored. Set uuid on the containing network definition instead.", + "type": "string" }, - "lowercase": { - "description": "lowercase configures the Lowercase action. Required when type is Lowercase, and forbidden otherwise. Requires Prometheus >= v2.36.0.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.LowercaseActionConfig" + "notTags": { + "description": "notTags filters by subnets which don't match all specified tags. NOT (t1 AND t2...) Multiple tags are comma separated.", + "type": "string" }, - "replace": { - "description": "replace configures the Replace action. Required when type is Replace, and forbidden otherwise.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ReplaceActionConfig" + "notTagsAny": { + "description": "notTagsAny filters by subnets which don't match any specified tags. NOT (t1 OR t2...) Multiple tags are comma separated.", + "type": "string" }, - "type": { - "description": "type specifies the action to perform on the matched labels. Allowed values are Replace, Lowercase, Uppercase, Keep, Drop, KeepEqual, DropEqual, HashMod, LabelMap, LabelDrop, LabelKeep.\n\nWhen set to Replace, regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place.\n\nWhen set to Lowercase, the concatenated source_labels are mapped to their lower case. Requires Prometheus >= v2.36.0.\n\nWhen set to Uppercase, the concatenated source_labels are mapped to their upper case. Requires Prometheus >= v2.36.0.\n\nWhen set to Keep, targets for which regex does not match the concatenated source_labels are dropped.\n\nWhen set to Drop, targets for which regex matches the concatenated source_labels are dropped.\n\nWhen set to KeepEqual, targets for which the concatenated source_labels do not match target_label are dropped. Requires Prometheus >= v2.41.0.\n\nWhen set to DropEqual, targets for which the concatenated source_labels do match target_label are dropped. Requires Prometheus >= v2.41.0.\n\nWhen set to HashMod, target_label is set to the modulus of a hash of the concatenated source_labels.\n\nWhen set to LabelMap, regex is matched against all source label names (not just source_labels); matching label values are copied to new names given by replacement with ${1}, ${2}, ... substituted.\n\nWhen set to LabelDrop, regex is matched against all label names; any label that matches is removed.\n\nWhen set to LabelKeep, regex is matched against all label names; any label that does not match is removed.", + "projectId": { + "description": "projectId filters subnets by project ID.", "type": "string" }, - "uppercase": { - "description": "uppercase configures the Uppercase action. Required when type is Uppercase, and forbidden otherwise. Requires Prometheus >= v2.36.0.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.UppercaseActionConfig" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "dropEqual": "DropEqual", - "hashMod": "HashMod", - "keepEqual": "KeepEqual", - "labelMap": "LabelMap", - "lowercase": "Lowercase", - "replace": "Replace", - "uppercase": "Uppercase" - } - } - ] - }, - "com.github.openshift.api.config.v1alpha1.RelabelConfig": { - "description": "RelabelConfig represents a relabeling rule.", - "type": "object", - "required": [ - "name", - "action" - ], - "properties": { - "action": { - "description": "action defines the action to perform on the matched labels and its configuration. Exactly one action-specific configuration must be specified based on the action type.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RelabelActionConfig" + "sortDir": { + "description": "Deprecated: sortDir is silently ignored. It has no replacement.", + "type": "string" }, - "name": { - "description": "name is a unique identifier for this relabel configuration. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + "sortKey": { + "description": "Deprecated: sortKey is silently ignored. It has no replacement.", "type": "string" }, - "regex": { - "description": "regex is the regular expression to match against the concatenated source label values. Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"(.*)\" to match everything. Must be between 1 and 1000 characters in length when specified.", + "subnetpoolId": { + "description": "subnetpoolId filters subnets by subnet pool ID. Deprecated: subnetpoolId is silently ignored.", "type": "string" }, - "separator": { - "description": "separator is the character sequence used to join source label values. Common examples: \";\", \",\", \"::\", \"|||\". When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \";\". Must be between 1 and 5 characters in length when specified.", + "tags": { + "description": "tags filters by subnets containing all specified tags. Multiple tags are comma separated.", "type": "string" }, - "sourceLabels": { - "description": "sourceLabels specifies which label names to extract from each series for this relabeling rule. The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with \"__\" (two underscores) are reserved for internal Prometheus use and are not allowed. Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.).", + "tagsAny": { + "description": "tagsAny filters by subnets containing any specified tags. Multiple tags are comma separated.", + "type": "string" + }, + "tenantId": { + "description": "tenantId filters subnets by tenant ID. Deprecated: use projectId instead. tenantId will be ignored if projectId is set.", + "type": "string" + } + } + }, + "com.github.openshift.api.machine.v1alpha1.SubnetParam": { + "type": "object", + "properties": { + "filter": { + "description": "Filters for optional network query", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.SubnetFilter" + }, + "portSecurity": { + "description": "portSecurity optionally enables or disables security on ports managed by OpenStack Deprecated: portSecurity is silently ignored. Set portSecurity on the parent network instead.", + "type": "boolean" + }, + "portTags": { + "description": "portTags are tags that are added to ports created on this subnet", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "set" + } + }, + "uuid": { + "description": "The UUID of the network. Required if you omit the port attribute.", + "type": "string" } } }, - "com.github.openshift.api.config.v1alpha1.RemoteWriteAuthorization": { - "description": "RemoteWriteAuthorization defines the authorization method for a remote write endpoint. Exactly one of the nested configs must be set according to the type discriminator.", + "com.github.openshift.api.machine.v1beta1.AWSMachineProviderConfig": { + "description": "AWSMachineProviderConfig is the Schema for the awsmachineproviderconfigs API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "type" + "ami", + "instanceType", + "deviceIndex", + "subnet", + "placement" ], "properties": { - "basicAuth": { - "description": "basicAuth defines HTTP basic authentication credentials. Required when type is \"BasicAuth\", and forbidden otherwise.", + "ami": { + "description": "ami is the reference to the AMI from which to create the machine instance.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.BasicAuth" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AWSResourceReference" }, - "bearerToken": { - "description": "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", and forbidden otherwise.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "oauth2": { - "description": "oauth2 defines OAuth2 client credentials authentication. Required when type is \"OAuth2\", and forbidden otherwise.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.OAuth2" + "blockDevices": { + "description": "blockDevices is the set of block device mapping associated to this instance, block device without a name will be used as a root device and only one device without a name is allowed https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.BlockDeviceMappingSpec" + } }, - "safeAuthorization": { - "description": "safeAuthorization defines the secret reference containing the credentials for authentication (e.g. Bearer token). Required when type is \"SafeAuthorization\", and forbidden otherwise. Maps to Prometheus SafeAuthorization. The secret must exist in the openshift-monitoring namespace.", - "$ref": "#/definitions/SecretKeySelector.v1.core.api.k8s.io" + "capacityReservationId": { + "description": "capacityReservationId specifies the target Capacity Reservation into which the instance should be launched. The field size should be greater than 0 and the field input must start with cr-***", + "type": "string", + "default": "" }, - "sigv4": { - "description": "sigv4 defines AWS Signature Version 4 authentication. Required when type is \"SigV4\", and forbidden otherwise.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Sigv4" + "cpuOptions": { + "description": "cpuOptions defines CPU-related settings for the instance, including the confidential computing policy. When omitted, this means no opinion and the AWS platform is left to choose a reasonable default. More info: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CpuOptionsRequest.html, https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cpu-options-supported-instances-values.html", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.CPUOptions" }, - "type": { - "description": "type specifies the authorization method to use. Allowed values are BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, ServiceAccount.\n\nWhen set to BearerToken, the bearer token is read from a Secret referenced by the bearerToken field.\n\nWhen set to BasicAuth, HTTP basic authentication is used; the basicAuth field (username and password from Secrets) must be set.\n\nWhen set to OAuth2, OAuth2 client credentials flow is used; the oauth2 field (clientId, clientSecret, tokenUrl) must be set.\n\nWhen set to SigV4, AWS Signature Version 4 is used for authentication; the sigv4 field must be set.\n\nWhen set to SafeAuthorization, credentials are read from a single Secret key (Prometheus SafeAuthorization pattern). The secret key typically contains a Bearer token. Use the safeAuthorization field.\n\nWhen set to ServiceAccount, the pod's service account token is used for machine identity. No additional field is required; the operator configures the token path.", + "credentialsSecret": { + "description": "credentialsSecret is a reference to the secret with AWS credentials. Otherwise, defaults to permissions provided by attached IAM role where the actuator is running.", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "deviceIndex": { + "description": "deviceIndex is the index of the device on the instance for the network interface attachment. Defaults to 0.", + "type": "integer", + "format": "int64", + "default": 0 + }, + "iamInstanceProfile": { + "description": "iamInstanceProfile is a reference to an IAM role to assign to the instance", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AWSResourceReference" + }, + "instanceType": { + "description": "instanceType is the type of instance to create. Example: m4.xlarge", + "type": "string", + "default": "" + }, + "keyName": { + "description": "keyName is the name of the KeyPair to use for SSH", "type": "string" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "basicAuth": "BasicAuth", - "bearerToken": "BearerToken", - "oauth2": "OAuth2", - "safeAuthorization": "SafeAuthorization", - "sigv4": "Sigv4" - } - } - ] - }, - "com.github.openshift.api.config.v1alpha1.RemoteWriteSpec": { - "description": "RemoteWriteSpec represents configuration for remote write endpoints.", - "type": "object", - "required": [ - "url", - "name" - ], - "properties": { - "authorization": { - "description": "authorization defines the authorization method for the remote write endpoint. When omitted, no authorization is performed. When set, type must be one of BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, or ServiceAccount; the corresponding nested config must be set (ServiceAccount has no config).", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RemoteWriteAuthorization" }, - "exemplarsMode": { - "description": "exemplarsMode controls whether exemplars are sent via remote write. Valid values are \"Send\", \"DoNotSend\" and omitted. When set to \"Send\", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. When omitted or set to \"DoNotSend\", exemplars are not sent.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "headers": { - "description": "headers specifies the custom HTTP headers to be sent along with each remote write request. Sending custom headers makes the configuration of a proxy in between optional and helps the receiver recognize the given source better. Clients MAY allow users to send custom HTTP headers; they MUST NOT allow users to configure them in such a way as to send reserved headers. Headers set by Prometheus cannot be overwritten. When omitted, no custom headers are sent. Maximum of 50 headers can be specified. Each header name must be unique. Each header name must contain only alphanumeric characters, hyphens, and underscores, and must not be a reserved Prometheus header (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate).", + "loadBalancers": { + "description": "loadBalancers is the set of load balancers to which the new instance should be added once it is created.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PrometheusRemoteWriteHeader" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.LoadBalancerReference" + } + }, + "marketType": { + "description": "marketType specifies the type of market for the EC2 instance. Valid values are OnDemand, Spot, CapacityBlock and omitted.\n\nDefaults to OnDemand. When SpotMarketOptions is provided, the marketType defaults to \"Spot\".\n\nWhen set to OnDemand the instance runs as a standard OnDemand instance. When set to Spot the instance runs as a Spot instance. When set to CapacityBlock the instance utilizes pre-purchased compute capacity (capacity blocks) with AWS Capacity Reservations. If this value is selected, capacityReservationID must be specified to identify the target reservation.", + "type": "string" }, - "metadataConfig": { - "description": "metadataConfig configures the sending of series metadata to remote storage. When omitted, no metadata is sent. When set to sendPolicy: Default, metadata is sent using platform-chosen defaults (e.g. send interval 30 seconds). When set to sendPolicy: Custom, metadata is sent using the settings in the custom field (e.g. custom.sendIntervalSeconds).", + "metadata": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.MetadataConfig" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "name": { - "description": "name is a required identifier for this remote write configuration (name is the list key for the remoteWrite list). This name is used in metrics and logging to differentiate remote write queues. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", - "type": "string" + "metadataServiceOptions": { + "description": "metadataServiceOptions allows users to configure instance metadata service interaction options. If nothing specified, default AWS IMDS settings will be applied. https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_InstanceMetadataOptionsRequest.html", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MetadataServiceOptions" }, - "proxyUrl": { - "description": "proxyUrl defines an optional proxy URL. If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. When omitted, no proxy is used. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + "networkInterfaceType": { + "description": "networkInterfaceType specifies the type of network interface to be used for the primary network interface. Valid values are \"ENA\", \"EFA\", and omitted, which means no opinion and the platform chooses a good default which may change over time. The current default value is \"ENA\". Please visit https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html to learn more about the AWS Elastic Fabric Adapter interface option.", "type": "string" }, - "queueConfig": { - "description": "queueConfig allows tuning configuration for remote write queue parameters. When omitted, default queue configuration is used.", + "placement": { + "description": "placement specifies where to create the instance in AWS", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.QueueConfig" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Placement" + }, + "placementGroupName": { + "description": "placementGroupName specifies the name of the placement group in which to launch the instance. The placement group must already be created and may use any placement strategy. When omitted, no placement group is used when creating the EC2 instance.", + "type": "string" }, - "remoteTimeoutSeconds": { - "description": "remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "placementGroupPartition": { + "description": "placementGroupPartition is the partition number within the placement group in which to launch the instance. This must be an integer value between 1 and 7. It is only valid if the placement group, referred in `PlacementGroupName` was created with strategy set to partition.", "type": "integer", "format": "int32" }, - "tlsConfig": { - "description": "tlsConfig defines TLS authentication settings for the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.TLSConfig" + "publicIp": { + "description": "publicIp specifies whether the instance should get a public IP. If not present, it should use the default of its subnet.", + "type": "boolean" }, - "url": { - "description": "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme and a non-empty hostname. Query parameters, fragments, and user information (e.g. user:password@host) are not allowed. Empty string is invalid. Must be between 1 and 2048 characters in length.", - "type": "string" + "securityGroups": { + "description": "securityGroups is an array of references to security groups that should be applied to the instance.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AWSResourceReference" + } }, - "writeRelabelConfigs": { - "description": "writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. When omitted, no relabeling is performed and all metrics are sent as-is. Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name.", + "spotMarketOptions": { + "description": "spotMarketOptions allows users to configure instances to be run using AWS Spot instances.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.SpotMarketOptions" + }, + "subnet": { + "description": "subnet is a reference to the subnet to use for this instance", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AWSResourceReference" + }, + "tags": { + "description": "tags is the set of tags to add to apply to an instance, in addition to the ones added by default by the actuator. These tags are additive. The actuator will ensure these tags are present, but will not remove any other tags that may exist on the instance.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RelabelConfig" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.TagSpecification" + } + }, + "userDataSecret": { + "description": "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" } } }, - "com.github.openshift.api.config.v1alpha1.ReplaceActionConfig": { - "description": "ReplaceActionConfig configures the Replace action. Regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. No replacement if regex does not match.", + "com.github.openshift.api.machine.v1beta1.AWSMachineProviderConfigList": { + "description": "AWSMachineProviderConfigList contains a list of AWSMachineProviderConfig Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "targetLabel", - "replacement" + "items" ], "properties": { - "replacement": { - "description": "replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. Required when using the Replace action so the intended behavior is explicit and the platform does not need to apply defaults. Use \"$1\" for the first capture group, \"$2\" for the second, etc. Use an empty string (\"\") to explicitly clear the target label value. Must be between 0 and 255 characters in length.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "targetLabel": { - "description": "targetLabel is the label name where the replacement result is written. Must be between 1 and 128 characters in length.", - "type": "string" - } - } - }, - "com.github.openshift.api.config.v1alpha1.Retention": { - "description": "Retention configures how long Prometheus retains metrics data and how much storage it can use.", + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AWSMachineProviderConfig" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + } + }, + "com.github.openshift.api.machine.v1beta1.AWSMachineProviderStatus": { + "description": "AWSMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains AWS-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "properties": { - "durationInDays": { - "description": "durationInDays specifies how many days Prometheus will retain metrics data. Prometheus automatically deletes data older than this duration. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 15. Minimum value is 1 day. Maximum value is 365 days (1 year).", - "type": "integer", - "format": "int32" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "sizeInGiB": { - "description": "sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus can use for data blocks and the write-ahead log (WAL). When the limit is reached, Prometheus will delete oldest data first. When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. Minimum value is 1 GiB. Maximum value is 16384 GiB (16 TiB).", - "type": "integer", - "format": "int32" + "conditions": { + "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "dedicatedHost": { + "description": "dedicatedHost tracks the dynamically allocated dedicated host. This field is populated when allocationStrategy is Dynamic (with or without DynamicHostAllocation). When omitted, this indicates that the dedicated host has not yet been allocated, or allocation is in progress.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DedicatedHostStatus" + }, + "instanceId": { + "description": "instanceId is the instance ID of the machine created in AWS", + "type": "string" + }, + "instanceState": { + "description": "instanceState is the state of the AWS instance for this machine", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" } } }, - "com.github.openshift.api.config.v1alpha1.RetentionNumberConfig": { - "description": "RetentionNumberConfig specifies the configuration of the retention policy on the number of backups", + "com.github.openshift.api.machine.v1beta1.AWSResourceReference": { + "description": "AWSResourceReference is a reference to a specific AWS resource by ID, ARN, or filters. Only one of ID, ARN or Filters may be specified. Specifying more than one will result in a validation error.", + "type": "object", + "properties": { + "arn": { + "description": "arn of resource", + "type": "string" + }, + "filters": { + "description": "filters is a set of filters used to identify a resource", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Filter" + } + }, + "id": { + "description": "id of resource", + "type": "string" + } + } + }, + "com.github.openshift.api.machine.v1beta1.AddressesFromPool": { + "description": "AddressesFromPool is an IPAddressPool that will be used to create IPAddressClaims for fulfillment by an external controller.", "type": "object", "required": [ - "maxNumberOfBackups" + "group", + "resource", + "name" ], "properties": { - "maxNumberOfBackups": { - "description": "maxNumberOfBackups defines the maximum number of backups to retain. If the existing number of backups saved is equal to MaxNumberOfBackups then the oldest backup will be removed before a new backup is initiated.", - "type": "integer", - "format": "int32", - "default": 0 + "group": { + "description": "group of the IP address pool type known to an external IPAM controller. This should be a fully qualified domain name, for example, externalipam.controller.io.", + "type": "string", + "default": "" + }, + "name": { + "description": "name of an IP address pool, for example, pool-config-1.", + "type": "string", + "default": "" + }, + "resource": { + "description": "resource of the IP address pool type known to an external IPAM controller. It is normally the plural form of the resource kind in lowercase, for example, ippools.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1alpha1.RetentionPolicy": { - "description": "RetentionPolicy defines the retention policy for retaining and deleting existing backups. This struct is a discriminated union that allows users to select the type of retention policy from the supported types.", + "com.github.openshift.api.machine.v1beta1.AzureBootDiagnostics": { + "description": "AzureBootDiagnostics configures the boot diagnostics settings for the virtual machine. This allows you to configure capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", "type": "object", "required": [ - "retentionType" + "storageAccountType" ], "properties": { - "retentionNumber": { - "description": "retentionNumber configures the retention policy based on the number of backups", - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RetentionNumberConfig" - }, - "retentionSize": { - "description": "retentionSize configures the retention policy based on the size of backups", - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RetentionSizeConfig" + "customerManaged": { + "description": "customerManaged provides reference to the customer manager storage account.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AzureCustomerManagedBootDiagnostics" }, - "retentionType": { - "description": "retentionType sets the type of retention policy. Currently, the only valid policies are retention by number of backups (RetentionNumber), by the size of backups (RetentionSize). More policies or types may be added in the future. Empty string means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. The current default is RetentionNumber with 15 backups kept.\n\nPossible enum values:\n - `\"RetentionNumber\"` sets the retention policy based on the number of backup files saved\n - `\"RetentionSize\"` sets the retention policy based on the total size of the backup files saved", + "storageAccountType": { + "description": "storageAccountType determines if the storage account for storing the diagnostics data should be provisioned by Azure (AzureManaged) or by the customer (CustomerManaged).", "type": "string", - "default": "", - "enum": [ - "RetentionNumber", - "RetentionSize" - ] + "default": "" } }, "x-kubernetes-unions": [ { - "discriminator": "retentionType", + "discriminator": "storageAccountType", "fields-to-discriminateBy": { - "retentionNumber": "RetentionNumber", - "retentionSize": "RetentionSize" + "customerManaged": "CustomerManaged" } } ] }, - "com.github.openshift.api.config.v1alpha1.RetentionSizeConfig": { - "description": "RetentionSizeConfig specifies the configuration of the retention policy on the total size of backups", + "com.github.openshift.api.machine.v1beta1.AzureCustomerManagedBootDiagnostics": { + "description": "AzureCustomerManagedBootDiagnostics provides reference to a customer managed storage account.", "type": "object", "required": [ - "maxSizeOfBackupsGb" + "storageAccountURI" ], "properties": { - "maxSizeOfBackupsGb": { - "description": "maxSizeOfBackupsGb defines the total size in GB of backups to retain. If the current total size backups exceeds MaxSizeOfBackupsGb then the oldest backup will be removed before a new backup is initiated.", - "type": "integer", - "format": "int32", - "default": 0 + "storageAccountURI": { + "description": "storageAccountURI is the URI of the customer managed storage account. The URI typically will be `https://.blob.core.windows.net/` but may differ if you are using Azure DNS zone endpoints. You can find the correct endpoint by looking for the Blob Primary Endpoint in the endpoints tab in the Azure console.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.machine.v1beta1.AzureDiagnostics": { + "description": "AzureDiagnostics is used to configure the diagnostic settings of the virtual machine.", + "type": "object", + "properties": { + "boot": { + "description": "AzureBootDiagnostics configures the boot diagnostics settings for the virtual machine. This allows you to configure capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AzureBootDiagnostics" } } }, - "com.github.openshift.api.config.v1alpha1.SecretKeySelector": { - "description": "SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace.", + "com.github.openshift.api.machine.v1beta1.AzureMachineProviderSpec": { + "description": "AzureMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an Azure virtual machine. It is used by the Azure machine actuator to create a single Machine. Required parameters such as location that are not specified by this configuration, will be defaulted by the actuator. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "name", - "key" + "image", + "osDisk", + "publicIP", + "subnet" ], "properties": { - "key": { - "description": "key is the key of the secret to select from. Must consist of alphanumeric characters, '-', '_', or '.'. Must be between 1 and 253 characters in length.", + "acceleratedNetworking": { + "description": "acceleratedNetworking enables or disables Azure accelerated networking feature. Set to false by default. If true, then this will depend on whether the requested VMSize is supported. If set to true with an unsupported VMSize, Azure will return an error.", + "type": "boolean" + }, + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "name": { - "description": "name is the name of the secret in the `openshift-monitoring` namespace to select from. Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). Must be between 1 and 253 characters in length.", + "applicationSecurityGroups": { + "description": "Application Security Groups that need to be attached to the machine's interface. No application security groups will be attached if zero-length.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "availabilitySet": { + "description": "availabilitySet specifies the availability set to use for this instance. Availability set should be precreated, before using this field.", "type": "string" - } - }, - "x-kubernetes-map-type": "atomic" - }, - "com.github.openshift.api.config.v1alpha1.Sigv4": { - "description": "Sigv4 defines AWS Signature Version 4 authentication settings. At least one of region, accessKey/secretKey, profile, or roleArn must be set so the platform can perform authentication.", - "type": "object", - "properties": { - "accessKey": { - "description": "accessKey defines the secret reference containing the AWS access key ID. The secret must exist in the openshift-monitoring namespace. When omitted, the access key is derived from the environment or instance metadata.", + }, + "capacityReservationGroupID": { + "description": "capacityReservationGroupID specifies the capacity reservation group resource id that should be used for allocating the virtual machine. The field size should be greater than 0 and the field input must start with '/'. The input for capacityReservationGroupID must be similar to '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/capacityReservationGroups/{capacityReservationGroupName}'. The keys which are used should be among 'subscriptions', 'providers' and 'resourcegroups' followed by valid ID or names respectively.", + "type": "string" + }, + "credentialsSecret": { + "description": "credentialsSecret is a reference to the secret with Azure credentials.", + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" + }, + "dataDisks": { + "description": "DataDisk specifies the parameters that are used to add one or more data disks to the machine.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DataDisk" + } + }, + "diagnostics": { + "description": "diagnostics configures the diagnostics settings for the virtual machine. This allows you to configure boot diagnostics such as capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AzureDiagnostics" }, - "profile": { - "description": "profile is the named AWS profile used to authenticate. When omitted, the default profile is used. Must be between 1 and 128 characters.", + "image": { + "description": "image is the OS image to use to create the instance.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Image" + }, + "internalLoadBalancer": { + "description": "InternalLoadBalancerName to use for this instance", "type": "string" }, - "region": { - "description": "region is the AWS region. When omitted, the region is derived from the environment or instance metadata. Must be between 1 and 128 characters.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "location": { + "description": "location is the region to use to create the instance", + "type": "string" + }, + "managedIdentity": { + "description": "managedIdentity to set managed identity name", "type": "string" }, - "roleArn": { - "description": "roleArn is the AWS Role ARN, an alternative to using AWS API keys. When omitted, API keys are used for authentication. Must be a valid AWS ARN format (e.g., \"arn:aws:iam::123456789012:role/MyRole\"). Must be between 1 and 512 characters.", + "metadata": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "natRule": { + "description": "natRule to set inbound NAT rule of the load balancer", + "type": "integer", + "format": "int64" + }, + "networkResourceGroup": { + "description": "networkResourceGroup is the resource group for the virtual machine's network", "type": "string" }, - "secretKey": { - "description": "secretKey defines the secret reference containing the AWS secret access key. The secret must exist in the openshift-monitoring namespace. When omitted, the secret key is derived from the environment or instance metadata.", + "osDisk": { + "description": "osDisk represents the parameters for creating the OS disk.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" - } - } - }, - "com.github.openshift.api.config.v1alpha1.Storage": { - "description": "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", - "type": "object", - "required": [ - "type" - ], - "properties": { - "persistentVolume": { - "description": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PersistentVolumeConfig" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.OSDisk" }, - "type": { - "description": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field.", + "publicIP": { + "description": "publicIP if true a public IP will be used", + "type": "boolean", + "default": false + }, + "publicLoadBalancer": { + "description": "publicLoadBalancer to use for this instance", + "type": "string" + }, + "resourceGroup": { + "description": "resourceGroup is the resource group for the virtual machine", + "type": "string" + }, + "securityGroup": { + "description": "Network Security Group that needs to be attached to the machine's interface. No security group will be attached if empty.", + "type": "string" + }, + "securityProfile": { + "description": "securityProfile specifies the Security profile settings for a virtual machine.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.SecurityProfile" + }, + "spotVMOptions": { + "description": "spotVMOptions allows the ability to specify the Machine should use a Spot VM", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.SpotVMOptions" + }, + "sshPublicKey": { + "description": "sshPublicKey is the public key to use to SSH to the virtual machine.", + "type": "string" + }, + "subnet": { + "description": "subnet to use for this instance", "type": "string", "default": "" + }, + "tags": { + "description": "tags is a list of tags to apply to the machine.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "ultraSSDCapability": { + "description": "ultraSSDCapability enables or disables Azure UltraSSD capability for a virtual machine. This can be used to allow/disallow binding of Azure UltraSSD to the Machine both as Data Disks or via Persistent Volumes. This Azure feature is subject to a specific scope and certain limitations. More informations on this can be found in the official Azure documentation for Ultra Disks: (https://docs.microsoft.com/en-us/azure/virtual-machines/disks-enable-ultra-ssd?tabs=azure-portal#ga-scope-and-limitations).\n\nWhen omitted, if at least one Data Disk of type UltraSSD is specified, the platform will automatically enable the capability. If a Perisistent Volume backed by an UltraSSD is bound to a Pod on the Machine, when this field is ommitted, the platform will *not* automatically enable the capability (unless already enabled by the presence of an UltraSSD as Data Disk). This may manifest in the Pod being stuck in `ContainerCreating` phase. This defaulting behaviour may be subject to change in future.\n\nWhen set to \"Enabled\", if the capability is available for the Machine based on the scope and limitations described above, the capability will be set on the Machine. This will thus allow UltraSSD both as Data Disks and Persistent Volumes. If set to \"Enabled\" when the capability can't be available due to scope and limitations, the Machine will go into \"Failed\" state.\n\nWhen set to \"Disabled\", UltraSSDs will not be allowed either as Data Disks nor as Persistent Volumes. In this case if any UltraSSDs are specified as Data Disks on a Machine, the Machine will go into a \"Failed\" state. If instead any UltraSSDs are backing the volumes (via Persistent Volumes) of any Pods scheduled on a Node which is backed by the Machine, the Pod may get stuck in `ContainerCreating` phase.", + "type": "string" + }, + "userDataSecret": { + "description": "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" + }, + "vmSize": { + "description": "vmSize is the size of the VM to create.", + "type": "string" + }, + "vnet": { + "description": "vnet to set virtual network name", + "type": "string" + }, + "zone": { + "description": "Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone", + "type": "string" } } }, - "com.github.openshift.api.config.v1alpha1.TLSConfig": { - "description": "TLSConfig represents TLS configuration for Alertmanager connections. At least one TLS configuration option must be specified. For mutual TLS (mTLS), both cert and key must be specified together, or both omitted.", + "com.github.openshift.api.machine.v1beta1.AzureMachineProviderStatus": { + "description": "AzureMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains Azure-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "properties": { - "ca": { - "description": "ca is an optional CA certificate to use for TLS connections. When omitted, the system's default CA bundle is used.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "cert": { - "description": "cert is an optional client certificate to use for mutual TLS connections. When omitted, no client certificate is presented.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + "conditions": { + "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "certificateVerification": { - "description": "certificateVerification determines the policy for TLS certificate verification. Allowed values are \"Verify\" (performs certificate verification, secure) and \"SkipVerify\" (skips verification, insecure). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"Verify\".", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "key": { - "description": "key is an optional client key to use for mutual TLS connections. When omitted, no client key is used.", + "metadata": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "serverName": { - "description": "serverName is an optional server name to use for TLS connections. When specified, must be a valid DNS subdomain as per RFC 1123. When omitted, the server name is derived from the URL. Must be between 1 and 253 characters in length.", + "vmId": { + "description": "vmId is the ID of the virtual machine created in Azure.", + "type": "string" + }, + "vmState": { + "description": "vmState is the provisioning state of the Azure virtual machine.", "type": "string" } } }, - "com.github.openshift.api.config.v1alpha1.UppercaseActionConfig": { - "description": "UppercaseActionConfig configures the Uppercase action. Maps the concatenated source_labels to their upper case and writes to target_label. Requires Prometheus >= v2.36.0.", + "com.github.openshift.api.machine.v1beta1.BlockDeviceMappingSpec": { + "description": "BlockDeviceMappingSpec describes a block device mapping", "type": "object", - "required": [ - "targetLabel" - ], "properties": { - "targetLabel": { - "description": "targetLabel is the label name where the upper-cased value is written. Must be between 1 and 128 characters in length.", + "deviceName": { + "description": "The device name exposed to the machine (for example, /dev/sdh or xvdh).", + "type": "string" + }, + "ebs": { + "description": "Parameters used to automatically set up EBS volumes when the machine is launched.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.EBSBlockDeviceSpec" + }, + "noDevice": { + "description": "Suppresses the specified device included in the block device mapping of the AMI.", + "type": "string" + }, + "virtualName": { + "description": "The virtual device name (ephemeralN). Machine store volumes are numbered starting from 0. An machine type with 2 available machine store volumes can specify mappings for ephemeral0 and ephemeral1.The number of available machine store volumes depends on the machine type. After you connect to the machine, you must mount the volume.\n\nConstraints: For M3 machines, you must specify machine store volumes in the block device mapping for the machine. When you launch an M3 machine, we ignore any machine store volumes specified in the block device mapping for the AMI.", "type": "string" } } }, - "com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring": { - "description": "UserDefinedMonitoring config for user-defined projects.", + "com.github.openshift.api.machine.v1beta1.CPUOptions": { + "description": "CPUOptions defines CPU-related settings for the instance, including the confidential computing policy. If provided, it must not be empty — at least one field must be set.", "type": "object", - "required": [ - "mode" - ], "properties": { - "mode": { - "description": "mode defines the different configurations of UserDefinedMonitoring Valid values are Disabled and NamespaceIsolated Disabled disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces. NamespaceIsolated enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level. The current default value is `Disabled`.\n\nPossible enum values:\n - `\"Disabled\"` disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces.\n - `\"NamespaceIsolated\"` enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level.", - "type": "string", - "default": "", - "enum": [ - "Disabled", - "NamespaceIsolated" - ] + "confidentialCompute": { + "description": "confidentialCompute specifies whether confidential computing should be enabled for the instance, and, if so, which confidential computing technology to use. Valid values are: Disabled, AMDEncryptedVirtualizationNestedPaging and omitted. When set to Disabled, confidential computing will be disabled for the instance. When set to AMDEncryptedVirtualizationNestedPaging, AMD SEV-SNP will be used as the confidential computing technology for the instance. In this case, ensure the following conditions are met: 1) The selected instance type supports AMD SEV-SNP. 2) The selected AWS region supports AMD SEV-SNP. 3) The selected AMI supports AMD SEV-SNP. More details can be checked at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html When omitted, this means no opinion and the AWS platform is left to choose a reasonable default, which is subject to change without notice. The current default is Disabled.", + "type": "string" } } }, - "com.github.openshift.api.config.v1alpha2.Custom": { - "description": "custom provides the custom configuration of gatherers", + "com.github.openshift.api.machine.v1beta1.Condition": { + "description": "Condition defines an observation of a Machine API resource operational state.", "type": "object", "required": [ - "configs" + "type", + "status", + "lastTransitionTime" ], "properties": { - "configs": { - "description": "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.GathererConfig" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "message": { + "description": "A human readable message indicating details about the transition. This field may be empty.", + "type": "string" + }, + "reason": { + "description": "The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.", + "type": "string" + }, + "severity": { + "description": "severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "type": "string", + "default": "" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1alpha2.GatherConfig": { - "description": "gatherConfig provides data gathering configuration options.", + "com.github.openshift.api.machine.v1beta1.ConfidentialVM": { + "description": "ConfidentialVM defines the UEFI settings for the virtual machine.", "type": "object", "required": [ - "gatherers" + "uefiSettings" ], "properties": { - "dataPolicy": { - "description": "dataPolicy is an optional list of DataPolicyOptions that allows user to enable additional obfuscation of the Insights archive data. It may not exceed 2 items and must not contain duplicates. Valid values are ObfuscateNetworking and WorkloadNames. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When set to WorkloadNames, the gathered data about cluster resources will not contain the workload names for your deployments. Resources UIDs will be used instead. When omitted no obfuscation is applied.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "gatherers": { - "description": "gatherers is a required field that specifies the configuration of the gatherers.", + "uefiSettings": { + "description": "uefiSettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.Gatherers" - }, - "storage": { - "description": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.Storage" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.UEFISettings" } } }, - "com.github.openshift.api.config.v1alpha2.GathererConfig": { - "description": "gathererConfig allows to configure specific gatherers", + "com.github.openshift.api.machine.v1beta1.DataDisk": { + "description": "DataDisk specifies the parameters that are used to add one or more data disks to the machine. A Data Disk is a managed disk that's attached to a virtual machine to store application data. It differs from an OS Disk as it doesn't come with a pre-installed OS, and it cannot contain the boot volume. It is registered as SCSI drive and labeled with the chosen `lun`. e.g. for `lun: 0` the raw disk device will be available at `/dev/disk/azure/scsi1/lun0`.\n\nAs the Data Disk disk device is attached raw to the virtual machine, it will need to be partitioned, formatted with a filesystem and mounted, in order for it to be usable. This can be done by creating a custom userdata Secret with custom Ignition configuration to achieve the desired initialization. At this stage the previously defined `lun` is to be used as the \"device\" key for referencing the raw disk device to be initialized. Once the custom userdata Secret has been created, it can be referenced in the Machine's `.providerSpec.userDataSecret`. For further guidance and examples, please refer to the official OpenShift docs.", "type": "object", "required": [ - "name", - "state" + "nameSuffix", + "diskSizeGB", + "lun", + "deletionPolicy" ], "properties": { - "name": { - "description": "name is the required name of a specific gatherer It may not exceed 256 characters. The format for a gatherer name is: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + "cachingType": { + "description": "cachingType specifies the caching requirements. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is CachingTypeNone.", + "type": "string" + }, + "deletionPolicy": { + "description": "deletionPolicy specifies the data disk deletion policy upon Machine deletion. Possible values are \"Delete\",\"Detach\". When \"Delete\" is used the data disk is deleted when the Machine is deleted. When \"Detach\" is used the data disk is detached from the Machine and retained when the Machine is deleted.", "type": "string", "default": "" }, - "state": { - "description": "state is a required field that allows you to configure specific gatherer. Valid values are \"Enabled\" and \"Disabled\". When set to Enabled the gatherer will run. When set to Disabled the gatherer will not run.", + "diskSizeGB": { + "description": "diskSizeGB is the size in GB to assign to the data disk.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "lun": { + "description": "lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. This value is also needed for referencing the data disks devices within userdata to perform disk initialization through Ignition (e.g. partition/format/mount). The value must be between 0 and 63.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "managedDisk": { + "description": "managedDisk specifies the Managed Disk parameters for the data disk. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is a ManagedDisk with with storageAccountType: \"Premium_LRS\" and diskEncryptionSet.id: \"Default\".", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DataDiskManagedDiskParameters" + }, + "nameSuffix": { + "description": "nameSuffix is the suffix to be appended to the machine name to generate the disk name. Each disk name will be in format _. NameSuffix name must start and finish with an alphanumeric character and can only contain letters, numbers, underscores, periods or hyphens. The overall disk name must not exceed 80 chars in length.", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1alpha2.Gatherers": { + "com.github.openshift.api.machine.v1beta1.DataDiskManagedDiskParameters": { + "description": "DataDiskManagedDiskParameters is the parameters of a DataDisk managed disk.", "type": "object", "required": [ - "mode" + "storageAccountType" ], "properties": { - "custom": { - "description": "custom provides gathering configuration. It is required when mode is Custom, and forbidden otherwise. Custom configuration allows user to disable only a subset of gatherers. Gatherers that are not explicitly disabled in custom configuration will run.", - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.Custom" + "diskEncryptionSet": { + "description": "diskEncryptionSet is the disk encryption set properties. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is a DiskEncryptionSet with id: \"Default\".", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DiskEncryptionSetParameters" }, - "mode": { - "description": "mode is a required field that specifies the mode for gatherers. Allowed values are All, None, and Custom. When set to All, all gatherers wil run and gather data. When set to None, all gatherers will be disabled and no data will be gathered. When set to Custom, the custom configuration from the custom field will be applied.", + "storageAccountType": { + "description": "storageAccountType is the storage account type to use. Possible values include \"Standard_LRS\", \"Premium_LRS\" and \"UltraSSD_LRS\".", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1alpha2.InsightsDataGather": { - "description": "InsightsDataGather provides data gather configuration options for the the Insights Operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machine.v1beta1.DedicatedHost": { + "description": "DedicatedHost represents the configuration for the usage of dedicated host.", "type": "object", - "required": [ - "spec" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "allocationStrategy": { + "description": "allocationStrategy specifies if the dedicated host will be provided by the admin through the id field or if the host will be dynamically allocated. Valid values are UserProvided and Dynamic. When omitted, the value defaults to \"UserProvided\", which requires the id field to be set. When allocationStrategy is set to UserProvided, an ID of the dedicated host to assign must be provided. When allocationStrategy is set to Dynamic, a dedicated host will be allocated and used to assign instances. When allocationStrategy is set to Dynamic, and dynamicHostAllocation is configured, a dedicated host will be allocated and the tags in dynamicHostAllocation will be assigned to that host.\n\nPossible enum values:\n - `\"Dynamic\"` specifies that the system should dynamically allocate a dedicated host for instances.\n - `\"UserProvided\"` specifies that the system should assign instances to a user-provided dedicated host.", + "type": "string", + "default": "UserProvided", + "enum": [ + "Dynamic", + "UserProvided" + ] }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.InsightsDataGatherSpec" + "dynamicHostAllocation": { + "description": "dynamicHostAllocation specifies tags to apply to a dynamically allocated dedicated host. This field is only allowed when allocationStrategy is Dynamic, and is mutually exclusive with id. When specified, a dedicated host will be allocated with the provided tags applied. When omitted (and allocationStrategy is Dynamic), a dedicated host will be allocated without any additional tags.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DynamicHostAllocationSpec" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.InsightsDataGatherStatus" + "id": { + "description": "id identifies the AWS Dedicated Host on which the instance must run. The value must start with \"h-\" followed by either 8 or 17 lowercase hexadecimal characters (0-9 and a-f). The use of 8 lowercase hexadecimal characters is for older legacy hosts that may not have been migrated to newer format. Must be either 10 or 19 characters in length. This field is required when allocationStrategy is UserProvided, and forbidden otherwise. When omitted with allocationStrategy set to Dynamic, the platform will dynamically allocate a dedicated host.", + "type": "string" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "allocationStrategy", + "fields-to-discriminateBy": { + "dynamicHostAllocation": "DynamicHostAllocation", + "id": "ID" + } + } + ] }, - "com.github.openshift.api.config.v1alpha2.InsightsDataGatherList": { - "description": "InsightsDataGatherList is a collection of items Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machine.v1beta1.DedicatedHostStatus": { + "description": "DedicatedHostStatus defines the observed state of a dynamically allocated dedicated host associated with an AWSMachine. This struct is used to track the ID of the dedicated host.", "type": "object", "required": [ - "metadata", - "items" + "id" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "id": { + "description": "id tracks the dynamically allocated dedicated host ID. This field is populated when allocationStrategy is Dynamic (with or without DynamicHostAllocation). The value must start with \"h-\" followed by either 8 or 17 lowercase hexadecimal characters (0-9 and a-f). The use of 8 lowercase hexadecimal characters is for older legacy hosts that may not have been migrated to newer format. Must be either 10 or 19 characters in length.", "type": "string" - }, - "items": { - "description": "items is the required list of InsightsDataGather objects it may not exceed 100 items", + } + } + }, + "com.github.openshift.api.machine.v1beta1.DiskEncryptionSetParameters": { + "description": "DiskEncryptionSetParameters is the disk encryption set properties", + "type": "object", + "properties": { + "id": { + "description": "id is the disk encryption set ID Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is: \"Default\".", + "type": "string" + } + } + }, + "com.github.openshift.api.machine.v1beta1.DiskSettings": { + "description": "DiskSettings describe ephemeral disk settings for the os disk.", + "type": "object", + "properties": { + "ephemeralStorageLocation": { + "description": "ephemeralStorageLocation enables ephemeral OS when set to 'Local'. Possible values include: 'Local'. See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks for full details. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is that disks are saved to remote Azure storage.", + "type": "string" + } + } + }, + "com.github.openshift.api.machine.v1beta1.DynamicHostAllocationSpec": { + "description": "DynamicHostAllocationSpec defines the configuration for dynamic dedicated host allocation. This specification always allocates exactly one dedicated host per machine. At least one property must be specified when this struct is used. Currently only Tags are available for configuring, but in the future more configs may become available.", + "type": "object", + "properties": { + "tags": { + "description": "tags specifies a set of key-value pairs to apply to the allocated dedicated host. When omitted, no additional user-defined tags will be applied to the allocated host. A maximum of 50 tags can be specified.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.InsightsDataGather" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the required standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.TagSpecification" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.config.v1alpha2.InsightsDataGatherSpec": { + "com.github.openshift.api.machine.v1beta1.EBSBlockDeviceSpec": { + "description": "EBSBlockDeviceSpec describes a block device for an EBS volume. https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EbsBlockDevice", "type": "object", "properties": { - "gatherConfig": { - "description": "gatherConfig is an optional spec attribute that includes all the configuration options related to gathering of the Insights data and its uploading to the ingress.", + "deleteOnTermination": { + "description": "Indicates whether the EBS volume is deleted on machine termination.\n\nDeprecated: setting this field has no effect.", + "type": "boolean" + }, + "encrypted": { + "description": "Indicates whether the EBS volume is encrypted. Encrypted Amazon EBS volumes may only be attached to machines that support Amazon EBS encryption.", + "type": "boolean" + }, + "iops": { + "description": "The number of I/O operations per second (IOPS) that the volume supports. For io1, this represents the number of IOPS that are provisioned for the volume. For gp2, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. For more information about General Purpose SSD baseline performance, I/O credits, and bursting, see Amazon EBS Volume Types (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the Amazon Elastic Compute Cloud User Guide.\n\nMinimal and maximal IOPS for io1 and gp2 are constrained. Please, check https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html for precise boundaries for individual volumes.\n\nCondition: This parameter is required for requests to create io1 volumes; it is not used in requests to create gp2, st1, sc1, or standard volumes.", + "type": "integer", + "format": "int64" + }, + "kmsKey": { + "description": "Indicates the KMS key that should be used to encrypt the Amazon EBS volume.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.GatherConfig" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AWSResourceReference" + }, + "throughputMib": { + "description": "throughputMib to provision in MiB/s supported for the volume type. Not applicable to all types.\n\nThis parameter is valid only for gp3 volumes. Valid Range: Minimum value of 125. Maximum value of 2000.\n\nWhen omitted, this means no opinion, and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 125.", + "type": "integer", + "format": "int32" + }, + "volumeSize": { + "description": "The size of the volume, in GiB.\n\nConstraints: 1-16384 for General Purpose SSD (gp2), 4-16384 for Provisioned IOPS SSD (io1), 500-16384 for Throughput Optimized HDD (st1), 500-16384 for Cold HDD (sc1), and 1-1024 for Magnetic (standard) volumes. If you specify a snapshot, the volume size must be equal to or larger than the snapshot size.\n\nDefault: If you're creating the volume from a snapshot and don't specify a volume size, the default is the snapshot size.", + "type": "integer", + "format": "int64" + }, + "volumeType": { + "description": "volumeType can be of type gp2, gp3, io1, st1, sc1, or standard. Default: standard", + "type": "string" } } }, - "com.github.openshift.api.config.v1alpha2.InsightsDataGatherStatus": { - "type": "object" - }, - "com.github.openshift.api.config.v1alpha2.PersistentVolumeClaimReference": { - "description": "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", + "com.github.openshift.api.machine.v1beta1.Filter": { + "description": "Filter is a filter used to identify an AWS resource", "type": "object", "required": [ "name" ], "properties": { "name": { - "description": "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", + "description": "name of the filter. Filter names are case-sensitive.", "type": "string", "default": "" + }, + "values": { + "description": "values includes one or more filter values. Filter values are case-sensitive.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.config.v1alpha2.PersistentVolumeConfig": { - "description": "persistentVolumeConfig provides configuration options for PersistentVolume storage.", + "com.github.openshift.api.machine.v1beta1.GCPDisk": { + "description": "GCPDisk describes disks for GCP.", "type": "object", "required": [ - "claim" + "autoDelete", + "boot", + "sizeGb", + "type", + "image", + "labels" ], "properties": { - "claim": { - "description": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.PersistentVolumeClaimReference" + "autoDelete": { + "description": "autoDelete indicates if the disk will be auto-deleted when the instance is deleted (default false).", + "type": "boolean", + "default": false }, - "mountPath": { - "description": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", - "type": "string" + "boot": { + "description": "boot indicates if this is a boot disk (default false).", + "type": "boolean", + "default": false + }, + "encryptionKey": { + "description": "encryptionKey is the customer-supplied encryption key of the disk.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPEncryptionKeyReference" + }, + "image": { + "description": "image is the source image to create this disk.", + "type": "string", + "default": "" + }, + "labels": { + "description": "labels list of labels to apply to the disk.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "sizeGb": { + "description": "sizeGb is the size of the disk (in GB).", + "type": "integer", + "format": "int64", + "default": 0 + }, + "type": { + "description": "type is the type of the disk (eg: pd-standard).", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1alpha2.Storage": { - "description": "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", + "com.github.openshift.api.machine.v1beta1.GCPEncryptionKeyReference": { + "description": "GCPEncryptionKeyReference describes the encryptionKey to use for a disk's encryption.", "type": "object", - "required": [ - "type" - ], "properties": { - "persistentVolume": { - "description": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.PersistentVolumeConfig" + "kmsKey": { + "description": "KMSKeyName is the reference KMS key, in the format", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPKMSKeyReference" }, - "type": { - "description": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field.", - "type": "string", - "default": "" + "kmsKeyServiceAccount": { + "description": "kmsKeyServiceAccount is the service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. See https://cloud.google.com/compute/docs/access/service-accounts#compute_engine_service_account for details on the default service account.", + "type": "string" } } }, - "com.github.openshift.api.console.v1.ApplicationMenuSpec": { - "description": "ApplicationMenuSpec is the specification of the desired section and icon used for the link in the application menu.", + "com.github.openshift.api.machine.v1beta1.GCPGPUConfig": { + "description": "GCPGPUConfig describes type and count of GPUs attached to the instance on GCP.", "type": "object", "required": [ - "section" + "count", + "type" ], "properties": { - "imageURL": { - "description": "imageURL is the URL for the icon used in front of the link in the application menu. The URL must be an HTTPS URL or a Data URI. The image should be square and will be shown at 24x24 pixels.", - "type": "string" + "count": { + "description": "count is the number of GPUs to be attached to an instance.", + "type": "integer", + "format": "int32", + "default": 0 }, - "section": { - "description": "section is the section of the application menu in which the link should appear. This can be any text that will appear as a subheading in the application menu dropdown. A new section will be created if the text does not match text of an existing section.", + "type": { + "description": "type is the type of GPU to be attached to an instance. Supported GPU types are: nvidia-tesla-k80, nvidia-tesla-p100, nvidia-tesla-v100, nvidia-tesla-p4, nvidia-tesla-t4", "type": "string", "default": "" } } }, - "com.github.openshift.api.console.v1.CLIDownloadLink": { + "com.github.openshift.api.machine.v1beta1.GCPKMSKeyReference": { + "description": "GCPKMSKeyReference gathers required fields for looking up a GCP KMS Key", "type": "object", "required": [ - "href" + "name", + "keyRing", + "location" ], "properties": { - "href": { - "description": "href is the absolute secure URL for the link (must use https)", + "keyRing": { + "description": "keyRing is the name of the KMS Key Ring which the KMS Key belongs to.", "type": "string", "default": "" }, - "text": { - "description": "text is the display text for the link", + "location": { + "description": "location is the GCP location in which the Key Ring exists.", + "type": "string", + "default": "" + }, + "name": { + "description": "name is the name of the customer managed encryption key to be used for the disk encryption.", "type": "string", "default": "" + }, + "projectID": { + "description": "projectID is the ID of the Project in which the KMS Key Ring exists. Defaults to the VM ProjectID if not set.", + "type": "string" } } }, - "com.github.openshift.api.console.v1.ConsoleCLIDownload": { - "description": "ConsoleCLIDownload is an extension for configuring openshift web console command line interface (CLI) downloads.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1beta1.GCPMachineProviderSpec": { + "description": "GCPMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an GCP virtual machine. It is used by the GCP machine actuator to create a single Machine. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "spec" + "canIPForward", + "deletionProtection", + "serviceAccounts", + "machineType", + "region", + "zone" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "canIPForward": { + "description": "canIPForward Allows this instance to send and receive packets with non-matching destination or source IPs. This is required if you plan to use this instance to forward routes.", + "type": "boolean", + "default": false + }, + "confidentialCompute": { + "description": "confidentialCompute is an optional field defining whether the instance should have confidential compute enabled or not, and the confidential computing technology of choice. Allowed values are omitted, Disabled, Enabled, AMDEncryptedVirtualization, AMDEncryptedVirtualizationNestedPaging, and IntelTrustedDomainExtensions When set to Disabled, the machine will not be configured to be a confidential computing instance. When set to Enabled, the machine will be configured as a confidential computing instance with no preference on the confidential compute policy used. In this mode, the platform chooses a default that is subject to change over time. Currently, the default is to use AMD Secure Encrypted Virtualization. When set to AMDEncryptedVirtualization, the machine will be configured as a confidential computing instance with AMD Secure Encrypted Virtualization (AMD SEV) as the confidential computing technology. When set to AMDEncryptedVirtualizationNestedPaging, the machine will be configured as a confidential computing instance with AMD Secure Encrypted Virtualization Secure Nested Paging (AMD SEV-SNP) as the confidential computing technology. When set to IntelTrustedDomainExtensions, the machine will be configured as a confidential computing instance with Intel Trusted Domain Extensions (Intel TDX) as the confidential computing technology. If any value other than Disabled is set the selected machine type must support that specific confidential computing technology. The machine series supporting confidential computing technologies can be checked at https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations#all-confidential-vm-instances Currently, AMDEncryptedVirtualization is supported in c2d, n2d, and c3d machines. AMDEncryptedVirtualizationNestedPaging is supported in n2d machines. IntelTrustedDomainExtensions is supported in c3 machines. If any value other than Disabled is set, the selected region must support that specific confidential computing technology. The list of regions supporting confidential computing technologies can be checked at https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations#supported-zones If any value other than Disabled is set onHostMaintenance is required to be set to \"Terminate\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled.", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "credentialsSecret": { + "description": "credentialsSecret is a reference to the secret with GCP credentials.", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" }, - "spec": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleCLIDownloadSpec" - } - } - }, - "com.github.openshift.api.console.v1.ConsoleCLIDownloadList": { - "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "metadata", - "items" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "deletionProtection": { + "description": "deletionProtection whether the resource should be protected against deletion.", + "type": "boolean", + "default": false }, - "items": { + "disks": { + "description": "disks is a list of disks to be attached to the VM.", + "type": "array", + "items": { + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPDisk" + } + }, + "gcpMetadata": { + "description": "Metadata key/value pairs to apply to the VM.", + "type": "array", + "items": { + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPMetadata" + } + }, + "gpus": { + "description": "gpus is a list of GPUs to be attached to the VM.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleCLIDownload" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPGPUConfig" } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.console.v1.ConsoleCLIDownloadSpec": { - "description": "ConsoleCLIDownloadSpec is the desired cli download configuration.", - "type": "object", - "required": [ - "displayName", - "description", - "links" - ], - "properties": { - "description": { - "description": "description is the description of the CLI download (can include markdown).", + "labels": { + "description": "labels list of labels to apply to the VM.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "machineType": { + "description": "machineType is the machine type to use for the VM.", "type": "string", "default": "" }, - "displayName": { - "description": "displayName is the display name of the CLI download.", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "networkInterfaces": { + "description": "networkInterfaces is a list of network interfaces to be attached to the VM.", + "type": "array", + "items": { + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPNetworkInterface" + } + }, + "onHostMaintenance": { + "description": "onHostMaintenance determines the behavior when a maintenance event occurs that might cause the instance to reboot. This is required to be set to \"Terminate\" if you want to provision machine with attached GPUs. Otherwise, allowed values are \"Migrate\" and \"Terminate\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is \"Migrate\".", + "type": "string" + }, + "preemptible": { + "description": "preemptible indicates if created instance is preemptible.", + "type": "boolean" + }, + "projectID": { + "description": "projectID is the project in which the GCP machine provider will create the VM.", + "type": "string" + }, + "provisioningModel": { + "description": "provisioningModel is an optional field that determines the provisioning model for the GCP machine instance. Valid values are \"Spot\" and omitted. When set to Spot, the instance runs as a Google Cloud Spot instance which provides significant cost savings but may be preempted by Google Cloud Platform when resources are needed elsewhere. When omitted, the machine will be provisioned as a standard on-demand instance. This field cannot be used together with the preemptible field.", + "type": "string" + }, + "region": { + "description": "region is the region in which the GCP machine provider will create the VM.", "type": "string", "default": "" }, - "links": { - "description": "links is a list of objects that provide CLI download link details.", + "resourceManagerTags": { + "description": "resourceManagerTags is an optional list of tags to apply to the GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.CLIDownloadLink" - } - } - } - }, - "com.github.openshift.api.console.v1.ConsoleExternalLogLink": { - "description": "ConsoleExternalLogLink is an extension for customizing OpenShift web console log links.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "spec" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.ResourceManagerTag" + }, + "x-kubernetes-list-map-keys": [ + "key" + ], + "x-kubernetes-list-type": "map" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "restartPolicy": { + "description": "restartPolicy determines the behavior when an instance crashes or the underlying infrastructure provider stops the instance as part of a maintenance event (default \"Always\"). Cannot be \"Always\" with preemptible instances. Otherwise, allowed values are \"Always\" and \"Never\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is \"Always\". RestartPolicy represents AutomaticRestart in GCP compute api", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "serviceAccounts": { + "description": "serviceAccounts is a list of GCP service accounts to be used by the VM.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPServiceAccount" + } }, - "spec": { + "shieldedInstanceConfig": { + "description": "shieldedInstanceConfig is the Shielded VM configuration for the VM", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleExternalLogLinkSpec" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPShieldedInstanceConfig" + }, + "tags": { + "description": "tags list of network tags to apply to the VM.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "targetPools": { + "description": "targetPools are used for network TCP/UDP load balancing. A target pool references member instances, an associated legacy HttpHealthCheck resource, and, optionally, a backup target pool", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "userDataSecret": { + "description": "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "zone": { + "description": "zone is the zone in which the GCP machine provider will create the VM.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.console.v1.ConsoleExternalLogLinkList": { - "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1beta1.GCPMachineProviderStatus": { + "description": "GCPMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains GCP-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "metadata", - "items" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { + "conditions": { + "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleExternalLogLink" - } + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "instanceId": { + "description": "instanceId is the ID of the instance in GCP", + "type": "string" + }, + "instanceState": { + "description": "instanceState is the provisioning state of the GCP Instance.", + "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } } }, - "com.github.openshift.api.console.v1.ConsoleExternalLogLinkSpec": { - "description": "ConsoleExternalLogLinkSpec is the desired log link configuration. The log link will appear on the logs tab of the pod details page.", + "com.github.openshift.api.machine.v1beta1.GCPMetadata": { + "description": "GCPMetadata describes metadata for GCP.", "type": "object", "required": [ - "text", - "hrefTemplate" + "key", + "value" ], "properties": { - "hrefTemplate": { - "description": "hrefTemplate is an absolute secure URL (must use https) for the log link including variables to be replaced. Variables are specified in the URL with the format ${variableName}, for instance, ${containerName} and will be replaced with the corresponding values from the resource. Resource is a pod. Supported variables are: - ${resourceName} - name of the resource which containes the logs - ${resourceUID} - UID of the resource which contains the logs\n - e.g. `11111111-2222-3333-4444-555555555555`\n- ${containerName} - name of the resource's container that contains the logs - ${resourceNamespace} - namespace of the resource that contains the logs - ${resourceNamespaceUID} - namespace UID of the resource that contains the logs - ${podLabels} - JSON representation of labels matching the pod with the logs\n - e.g. `{\"key1\":\"value1\",\"key2\":\"value2\"}`\n\ne.g., https://example.com/logs?resourceName=${resourceName}&containerName=${containerName}&resourceNamespace=${resourceNamespace}&podLabels=${podLabels}", + "key": { + "description": "key is the metadata key.", "type": "string", "default": "" }, - "namespaceFilter": { - "description": "namespaceFilter is a regular expression used to restrict a log link to a matching set of namespaces (e.g., `^openshift-`). The string is converted into a regular expression using the JavaScript RegExp constructor. If not specified, links will be displayed for all the namespaces.", + "value": { + "description": "value is the metadata value.", "type": "string" - }, - "text": { - "description": "text is the display text for the link", - "type": "string", - "default": "" } } }, - "com.github.openshift.api.console.v1.ConsoleLink": { - "description": "ConsoleLink is an extension for customizing OpenShift web console links.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1beta1.GCPNetworkInterface": { + "description": "GCPNetworkInterface describes network interfaces for GCP", "type": "object", - "required": [ - "spec" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "network": { + "description": "network is the network name.", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "projectID": { + "description": "projectID is the project in which the GCP machine provider will create the VM.", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "publicIP": { + "description": "publicIP indicates if true a public IP will be used", + "type": "boolean" }, - "spec": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleLinkSpec" + "subnetwork": { + "description": "subnetwork is the subnetwork name.", + "type": "string" } } }, - "com.github.openshift.api.console.v1.ConsoleLinkList": { - "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1beta1.GCPServiceAccount": { + "description": "GCPServiceAccount describes service accounts for GCP.", "type": "object", "required": [ - "metadata", - "items" + "email", + "scopes" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "email": { + "description": "email is the service account email.", + "type": "string", + "default": "" }, - "items": { + "scopes": { + "description": "scopes list of scopes to be assigned to the service account.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleLink" + "type": "string", + "default": "" } + } + } + }, + "com.github.openshift.api.machine.v1beta1.GCPShieldedInstanceConfig": { + "description": "GCPShieldedInstanceConfig describes the shielded VM configuration of the instance on GCP. Shielded VM configuration allow users to enable and disable Secure Boot, vTPM, and Integrity Monitoring.", + "type": "object", + "properties": { + "integrityMonitoring": { + "description": "integrityMonitoring determines whether the instance should have integrity monitoring that verify the runtime boot integrity. Compares the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled.", + "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "secureBoot": { + "description": "secureBoot Defines whether the instance should have secure boot enabled. Secure Boot verify the digital signature of all boot components, and halting the boot process if signature verification fails. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled.", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "virtualizedTrustedPlatformModule": { + "description": "virtualizedTrustedPlatformModule enable virtualized trusted platform module measurements to create a known good boot integrity policy baseline. The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. This is required to be set to \"Enabled\" if IntegrityMonitoring is enabled. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled.", + "type": "string" } } }, - "com.github.openshift.api.console.v1.ConsoleLinkSpec": { - "description": "ConsoleLinkSpec is the desired console link configuration.", + "com.github.openshift.api.machine.v1beta1.HostPlacement": { + "description": "HostPlacement is the type that will be used to configure the placement of AWS instances.", "type": "object", "required": [ - "text", - "href", - "location" + "affinity" ], "properties": { - "applicationMenu": { - "description": "applicationMenu holds information about section and icon used for the link in the application menu, and it is applicable only when location is set to ApplicationMenu.", - "$ref": "#/definitions/com.github.openshift.api.console.v1.ApplicationMenuSpec" + "affinity": { + "description": "affinity specifies the affinity setting for the instance. Allowed values are AnyAvailable and DedicatedHost. When Affinity is set to DedicatedHost, an instance started onto a specific host always restarts on the same host if stopped. In this scenario, the `dedicatedHost` field must be set. When Affinity is set to AnyAvailable, and you stop and restart the instance, it can be restarted on any available host. When Affinity is set to AnyAvailable and the `dedicatedHost` field is defined, it runs on specified Dedicated Host, but may move if stopped.", + "type": "string" }, - "href": { - "description": "href is the absolute URL for the link. Must use https:// for web URLs or mailto: for email links.", + "dedicatedHost": { + "description": "dedicatedHost specifies the exact host that an instance should be restarted on if stopped. dedicatedHost is required when 'affinity' is set to DedicatedHost, and optional otherwise.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DedicatedHost" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "affinity", + "fields-to-discriminateBy": { + "dedicatedHost": "DedicatedHost" + } + } + ] + }, + "com.github.openshift.api.machine.v1beta1.Image": { + "description": "Image is a mirror of azure sdk compute.ImageReference", + "type": "object", + "required": [ + "publisher", + "offer", + "sku", + "version", + "resourceID" + ], + "properties": { + "offer": { + "description": "offer specifies the name of a group of related images created by the publisher. For example, UbuntuServer, WindowsServer", "type": "string", "default": "" }, - "location": { - "description": "location determines which location in the console the link will be appended to (ApplicationMenu, HelpMenu, UserMenu, NamespaceDashboard).", + "publisher": { + "description": "publisher is the name of the organization that created the image", "type": "string", "default": "" }, - "namespaceDashboard": { - "description": "namespaceDashboard holds information about namespaces in which the dashboard link should appear, and it is applicable only when location is set to NamespaceDashboard. If not specified, the link will appear in all namespaces.", - "$ref": "#/definitions/com.github.openshift.api.console.v1.NamespaceDashboardSpec" + "resourceID": { + "description": "resourceID specifies an image to use by ID", + "type": "string", + "default": "" }, - "text": { - "description": "text is the display text for the link", + "sku": { + "description": "sku specifies an instance of an offer, such as a major release of a distribution. For example, 18.04-LTS, 2019-Datacenter", + "type": "string", + "default": "" + }, + "type": { + "description": "type identifies the source of the image and related information, such as purchase plans. Valid values are \"ID\", \"MarketplaceWithPlan\", \"MarketplaceNoPlan\", and omitted, which means no opinion and the platform chooses a good default which may change over time. Currently that default is \"MarketplaceNoPlan\" if publisher data is supplied, or \"ID\" if not. For more information about purchase plans, see: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/cli-ps-findimage#check-the-purchase-plan-information", + "type": "string" + }, + "version": { + "description": "version specifies the version of an image sku. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available.", "type": "string", "default": "" } } }, - "com.github.openshift.api.console.v1.ConsoleNotification": { - "description": "ConsoleNotification is the extension for configuring openshift web console notifications.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1beta1.LastOperation": { + "description": "LastOperation represents the detail of the last performed operation on the MachineObject.", "type": "object", - "required": [ - "spec" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": { + "description": "description is the human-readable description of the last operation.", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "lastUpdated": { + "description": "lastUpdated is the timestamp at which LastOperation API was last-updated.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "state": { + "description": "state is the current status of the last performed operation. E.g. Processing, Failed, Successful etc", + "type": "string" }, - "spec": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleNotificationSpec" + "type": { + "description": "type is the type of operation which was last performed. E.g. Create, Delete, Update etc", + "type": "string" } } }, - "com.github.openshift.api.console.v1.ConsoleNotificationList": { - "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1beta1.LifecycleHook": { + "description": "LifecycleHook represents a single instance of a lifecycle hook", "type": "object", "required": [ - "metadata", - "items" + "name", + "owner" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "name": { + "description": "name defines a unique name for the lifcycle hook. The name should be unique and descriptive, ideally 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. Names must be unique and should only be managed by a single entity.", + "type": "string", + "default": "" }, - "items": { + "owner": { + "description": "owner defines the owner of the lifecycle hook. This should be descriptive enough so that users can identify who/what is responsible for blocking the lifecycle. This could be the name of a controller (e.g. clusteroperator/etcd) or an administrator managing the hook.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.machine.v1beta1.LifecycleHooks": { + "description": "LifecycleHooks allow users to pause operations on the machine at certain prefedined points within the machine lifecycle.", + "type": "object", + "properties": { + "preDrain": { + "description": "preDrain hooks prevent the machine from being drained. This also blocks further lifecycle events, such as termination.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleNotification" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.LifecycleHook" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "preTerminate": { + "description": "preTerminate hooks prevent the machine from being terminated. PreTerminate hooks be actioned after the Machine has been drained.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.LifecycleHook" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.console.v1.ConsoleNotificationSpec": { - "description": "ConsoleNotificationSpec is the desired console notification configuration.", + "com.github.openshift.api.machine.v1beta1.LoadBalancerReference": { + "description": "LoadBalancerReference is a reference to a load balancer on AWS.", "type": "object", "required": [ - "text" + "name", + "type" ], "properties": { - "backgroundColor": { - "description": "backgroundColor is the color of the background for the notification as CSS data type color.", + "name": { + "type": "string", + "default": "" + }, + "type": { + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.machine.v1beta1.Machine": { + "description": "Machine is the Schema for the machines API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "color": { - "description": "color is the color of the text for the notification as CSS data type color.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "link": { - "description": "link is an object that holds notification link details.", - "$ref": "#/definitions/com.github.openshift.api.console.v1.Link" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "location": { - "description": "location is the location of the notification in the console. Valid values are: \"BannerTop\", \"BannerBottom\", \"BannerTopBottom\".", - "type": "string" + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineSpec" }, - "text": { - "description": "text is the visible text of the notification.", - "type": "string", - "default": "" + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineStatus" } } }, - "com.github.openshift.api.console.v1.ConsolePlugin": { - "description": "ConsolePlugin is an extension for customizing OpenShift web console by dynamically loading code from another service running on the cluster.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1beta1.MachineHealthCheck": { + "description": "MachineHealthCheck is the Schema for the machinehealthchecks API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "metadata", - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -26186,92 +24889,122 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec contains the desired configuration for the console plugin.", + "description": "Specification of machine health check policy", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginSpec" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineHealthCheckSpec" + }, + "status": { + "description": "Most recently observed status of MachineHealthCheck resource", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineHealthCheckStatus" } } }, - "com.github.openshift.api.console.v1.ConsolePluginBackend": { - "description": "ConsolePluginBackend holds information about the endpoint which serves the console's plugin", + "com.github.openshift.api.machine.v1beta1.MachineHealthCheckList": { + "description": "MachineHealthCheckList contains a list of MachineHealthCheck Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "type" + "items" ], "properties": { - "service": { - "description": "service is a Kubernetes Service that exposes the plugin using a deployment with an HTTP server. The Service must use HTTPS and Service serving certificate. The console backend will proxy the plugins assets from the Service using the service CA bundle.", - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginService" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "type": { - "description": "type is the backend type which servers the console's plugin. Currently only \"Service\" is supported.", - "type": "string", - "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "service": "Service" + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineHealthCheck" } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } - ] + } }, - "com.github.openshift.api.console.v1.ConsolePluginCSP": { - "description": "ConsolePluginCSP holds configuration for a specific CSP directive", + "com.github.openshift.api.machine.v1beta1.MachineHealthCheckSpec": { + "description": "MachineHealthCheckSpec defines the desired state of MachineHealthCheck", "type": "object", "required": [ - "directive", - "values" + "selector", + "unhealthyConditions" ], "properties": { - "directive": { - "description": "directive specifies which Content-Security-Policy directive to configure. Available directive types are DefaultSrc, ScriptSrc, StyleSrc, ImgSrc, FontSrc and ConnectSrc. DefaultSrc directive serves as a fallback for the other CSP fetch directives. For more information about the DefaultSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src ScriptSrc directive specifies valid sources for JavaScript. For more information about the ScriptSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src StyleSrc directive specifies valid sources for stylesheets. For more information about the StyleSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src ImgSrc directive specifies a valid sources of images and favicons. For more information about the ImgSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src FontSrc directive specifies valid sources for fonts loaded using @font-face. For more information about the FontSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src ConnectSrc directive restricts the URLs which can be loaded using script interfaces. For more information about the ConnectSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src\n\nPossible enum values:\n - `\"ConnectSrc\"` directive restricts the URLs which can be loaded using script interfaces. For more information about the ConnectSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src\n - `\"DefaultSrc\"` directive serves as a fallback for the other CSP fetch directives. For more information about the DefaultSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src\n - `\"FontSrc\"` directive specifies valid sources for fonts loaded using @font-face. For more information about the FontSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src\n - `\"ImgSrc\"` directive specifies a valid sources of images and favicons. For more information about the ImgSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src\n - `\"ScriptSrc\"` directive specifies valid sources for JavaScript. For more information about the ScriptSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src\n - `\"StyleSrc\"` directive specifies valid sources for stylesheets. For more information about the StyleSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src", - "type": "string", - "default": "", - "enum": [ - "ConnectSrc", - "DefaultSrc", - "FontSrc", - "ImgSrc", - "ScriptSrc", - "StyleSrc" - ] + "maxUnhealthy": { + "description": "Any farther remediation is only allowed if at most \"MaxUnhealthy\" machines selected by \"selector\" are not healthy. Expects either a postive integer value or a percentage value. Percentage values must be positive whole numbers and are capped at 100%. Both 0 and 0% are valid and will block all remediation. Defaults to 100% if not set.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" }, - "values": { - "description": "values defines an array of values to append to the console defaults for this directive. Each ConsolePlugin may define their own directives with their values. These will be set by the OpenShift web console's backend, as part of its Content-Security-Policy header. The array can contain at most 16 values. Each directive value must have a maximum length of 1024 characters and must not contain whitespace, commas (,), semicolons (;) or single quotes ('). The value '*' is not permitted. Each value in the array must be unique.", + "nodeStartupTimeout": { + "description": "Machines older than this duration without a node will be considered to have failed and will be remediated. To prevent Machines without Nodes from being removed, disable startup checks by setting this value explicitly to \"0\". Expects an unsigned duration string of decimal numbers each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + }, + "remediationTemplate": { + "description": "remediationTemplate is a reference to a remediation template provided by an infrastructure provider.\n\nThis field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Machine API Operator.", + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + }, + "selector": { + "description": "Label selector to match machines whose health will be exercised. Note: An empty selector will match all machines.", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "unhealthyConditions": { + "description": "unhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy.", "type": "array", "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.UnhealthyCondition" + } } } }, - "com.github.openshift.api.console.v1.ConsolePluginI18n": { - "description": "ConsolePluginI18n holds information on localization resources that are served by the dynamic plugin.", + "com.github.openshift.api.machine.v1beta1.MachineHealthCheckStatus": { + "description": "MachineHealthCheckStatus defines the observed state of MachineHealthCheck", "type": "object", - "required": [ - "loadType" - ], "properties": { - "loadType": { - "description": "loadType indicates how the plugin's localization resource should be loaded. Valid values are Preload, Lazy and the empty string. When set to Preload, all localization resources are fetched when the plugin is loaded. When set to Lazy, localization resources are lazily loaded as and when they are required by the console. When omitted or set to the empty string, the behaviour is equivalent to Lazy type.", - "type": "string", - "default": "" + "conditions": { + "description": "conditions defines the current state of the MachineHealthCheck", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "currentHealthy": { + "description": "total number of machines counted by this machine health check", + "type": "integer", + "format": "int32" + }, + "expectedMachines": { + "description": "total number of machines counted by this machine health check", + "type": "integer", + "format": "int32" + }, + "remediationsAllowed": { + "description": "remediationsAllowed is the number of further remediations allowed by this machine health check before maxUnhealthy short circuiting will be applied", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "com.github.openshift.api.console.v1.ConsolePluginList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1beta1.MachineList": { + "description": "MachineList contains a list of Machine Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -26283,7 +25016,7 @@ "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePlugin" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Machine" } }, "kind": { @@ -26293,744 +25026,863 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.console.v1.ConsolePluginProxy": { - "description": "ConsolePluginProxy holds information on various service types to which console's backend will proxy the plugin's requests.", + "com.github.openshift.api.machine.v1beta1.MachineSet": { + "description": "MachineSet ensures that a specified number of machines replicas are running at any given time. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "endpoint", - "alias" - ], "properties": { - "alias": { - "description": "alias is a proxy name that identifies the plugin's proxy. An alias name should be unique per plugin. The console backend exposes following proxy endpoint:\n\n/api/proxy/plugin///?\n\nRequest example path:\n\n/api/proxy/plugin/acm/search/pods?namespace=openshift-apiserver", - "type": "string", - "default": "" - }, - "authorization": { - "description": "authorization provides information about authorization type, which the proxied request should contain", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "caCertificate": { - "description": "caCertificate provides the cert authority certificate contents, in case the proxied Service is using custom service CA. By default, the service CA bundle provided by the service-ca operator is used.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "endpoint": { - "description": "endpoint provides information about endpoint to which the request is proxied to.", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginProxyEndpoint" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineSetSpec" + }, + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineSetStatus" } } }, - "com.github.openshift.api.console.v1.ConsolePluginProxyEndpoint": { - "description": "ConsolePluginProxyEndpoint holds information about the endpoint to which request will be proxied to.", + "com.github.openshift.api.machine.v1beta1.MachineSetList": { + "description": "MachineSetList contains a list of MachineSet Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "type" + "items" ], "properties": { - "service": { - "description": "service is an in-cluster Service that the plugin will connect to. The Service must use HTTPS. The console backend exposes an endpoint in order to proxy communication between the plugin and the Service. Note: service field is required for now, since currently only \"Service\" type is supported.", - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginProxyServiceConfig" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "type": { - "description": "type is the type of the console plugin's proxy. Currently only \"Service\" is supported.", - "type": "string", - "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "service": "Service" + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineSet" } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } - ] + } }, - "com.github.openshift.api.console.v1.ConsolePluginProxyServiceConfig": { - "description": "ProxyTypeServiceConfig holds information on Service to which console's backend will proxy the plugin's requests.", + "com.github.openshift.api.machine.v1beta1.MachineSetSpec": { + "description": "MachineSetSpec defines the desired state of MachineSet", "type": "object", "required": [ - "name", - "namespace", - "port" + "selector" ], "properties": { - "name": { - "description": "name of Service that the plugin needs to connect to.", + "authoritativeAPI": { + "description": "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI and ClusterAPI. When set to MachineAPI, writes to the spec of the machine.openshift.io copy of this resource will be reflected into the cluster.x-k8s.io copy. When set to ClusterAPI, writes to the spec of the cluster.x-k8s.io copy of this resource will be reflected into the machine.openshift.io copy. Updates to the status will be reflected in both copies of the resource, based on the controller implementing the functionality of the API. Currently the authoritative API determines which controller will manage the resource, this will change in a future release. To ensure the change has been accepted, please verify that the `status.authoritativeAPI` field has been updated to the desired value and that the `Synchronized` condition is present and set to `True`.", "type": "string", - "default": "" + "default": "MachineAPI" }, - "namespace": { - "description": "namespace of Service that the plugin needs to connect to", - "type": "string", - "default": "" + "deletePolicy": { + "description": "deletePolicy defines the policy used to identify nodes to delete when downscaling. Defaults to \"Random\". Valid values are \"Random, \"Newest\", \"Oldest\"", + "type": "string" }, - "port": { - "description": "port on which the Service that the plugin needs to connect to is listening on.", + "minReadySeconds": { + "description": "minReadySeconds is the minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready)", "type": "integer", - "format": "int32", - "default": 0 - } - } - }, - "com.github.openshift.api.console.v1.ConsolePluginService": { - "description": "ConsolePluginService holds information on Service that is serving console dynamic plugin assets.", - "type": "object", - "required": [ - "name", - "namespace", - "port" - ], - "properties": { - "basePath": { - "description": "basePath is the path to the plugin's assets. The primary asset it the manifest file called `plugin-manifest.json`, which is a JSON document that contains metadata about the plugin and the extensions.", - "type": "string" + "format": "int32" }, - "name": { - "description": "name of Service that is serving the plugin assets.", - "type": "string", - "default": "" + "replicas": { + "description": "replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1.", + "type": "integer", + "format": "int32" }, - "namespace": { - "description": "namespace of Service that is serving the plugin assets.", - "type": "string", - "default": "" + "selector": { + "description": "selector is a label query over machines that should match the replica count. Label keys and values that must match in order to be controlled by this MachineSet. It must match the machine template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" }, - "port": { - "description": "port on which the Service that is serving the plugin is listening to.", - "type": "integer", - "format": "int32", - "default": 0 + "template": { + "description": "template is the object that describes the machine that will be created if insufficient replicas are detected.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineTemplateSpec" } } }, - "com.github.openshift.api.console.v1.ConsolePluginSpec": { - "description": "ConsolePluginSpec is the desired plugin configuration.", + "com.github.openshift.api.machine.v1beta1.MachineSetStatus": { + "description": "MachineSetStatus defines the observed state of MachineSet", "type": "object", - "required": [ - "displayName", - "backend" - ], "properties": { - "backend": { - "description": "backend holds the configuration of backend which is serving console's plugin .", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginBackend" + "authoritativeAPI": { + "description": "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI, ClusterAPI and Migrating. This value is updated by the migration controller to reflect the authoritative API. Machine API and Cluster API controllers use this value to determine whether or not to reconcile the resource. When set to Migrating, the migration controller is currently performing the handover of authority from one API to the other.", + "type": "string" }, - "contentSecurityPolicy": { - "description": "contentSecurityPolicy is a list of Content-Security-Policy (CSP) directives for the plugin. Each directive specifies a list of values, appropriate for the given directive type, for example a list of remote endpoints for fetch directives such as ScriptSrc. Console web application uses CSP to detect and mitigate certain types of attacks, such as cross-site scripting (XSS) and data injection attacks. Dynamic plugins should specify this field if need to load assets from outside the cluster or if violation reports are observed. Dynamic plugins should always prefer loading their assets from within the cluster, either by vendoring them, or fetching from a cluster service. CSP violation reports can be viewed in the browser's console logs during development and testing of the plugin in the OpenShift web console. Available directive types are DefaultSrc, ScriptSrc, StyleSrc, ImgSrc, FontSrc and ConnectSrc. Each of the available directives may be defined only once in the list. The value 'self' is automatically included in all fetch directives by the OpenShift web console's backend. For more information about the CSP directives, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy\n\nThe OpenShift web console server aggregates the CSP directives and values across its own default values and all enabled ConsolePlugin CRs, merging them into a single policy string that is sent to the browser via `Content-Security-Policy` HTTP response header.\n\nExample:\n ConsolePlugin A directives:\n script-src: https://script1.com/, https://script2.com/\n font-src: https://font1.com/\n\n ConsolePlugin B directives:\n script-src: https://script2.com/, https://script3.com/\n font-src: https://font2.com/\n img-src: https://img1.com/\n\n Unified set of CSP directives, passed to the OpenShift web console server:\n script-src: https://script1.com/, https://script2.com/, https://script3.com/\n font-src: https://font1.com/, https://font2.com/\n img-src: https://img1.com/\n\n OpenShift web console server CSP response header:\n Content-Security-Policy: default-src 'self'; base-uri 'self'; script-src 'self' https://script1.com/ https://script2.com/ https://script3.com/; font-src 'self' https://font1.com/ https://font2.com/; img-src 'self' https://img1.com/; style-src 'self'; frame-src 'none'; object-src 'none'", + "availableReplicas": { + "description": "The number of available replicas (ready for at least minReadySeconds) for this MachineSet.", + "type": "integer", + "format": "int32" + }, + "conditions": { + "description": "conditions defines the current state of the MachineSet", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginCSP" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Condition" }, "x-kubernetes-list-map-keys": [ - "directive" + "type" ], "x-kubernetes-list-type": "map" }, - "displayName": { - "description": "displayName is the display name of the plugin. The dispalyName should be between 1 and 128 characters.", + "errorMessage": { + "type": "string" + }, + "errorReason": { + "description": "In the event that there is a terminal problem reconciling the replicas, both ErrorReason and ErrorMessage will be set. ErrorReason will be populated with a succinct value suitable for machine interpretation, while ErrorMessage will contain a more verbose string suitable for logging and human consumption.\n\nThese fields should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the MachineTemplate's spec or the configuration of the machine controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the machine controller, or the responsible machine controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines can be added as events to the MachineSet object and/or logged in the controller's output.", + "type": "string" + }, + "fullyLabeledReplicas": { + "description": "The number of replicas that have labels matching the labels of the machine template of the MachineSet.", + "type": "integer", + "format": "int32" + }, + "observedGeneration": { + "description": "observedGeneration reflects the generation of the most recently observed MachineSet.", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "The number of ready replicas for this MachineSet. A machine is considered ready when the node has been created and is \"Ready\".", + "type": "integer", + "format": "int32" + }, + "replicas": { + "description": "replicas is the most recently observed number of replicas.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "synchronizedAPI": { + "description": "synchronizedAPI holds the last stable value of authoritativeAPI. It is used to detect migration cancellation requests and to restore the resource to its previous state. Valid values are \"MachineAPI\" and \"ClusterAPI\". When omitted, the resource has not yet been reconciled by the migration controller.", + "type": "string" + }, + "synchronizedGeneration": { + "description": "synchronizedGeneration is the generation of the authoritative resource that the non-authoritative resource is synchronised with. This field is set when the authoritative resource is updated and the sync controller has updated the non-authoritative resource to match.", + "type": "integer", + "format": "int64" + } + } + }, + "com.github.openshift.api.machine.v1beta1.MachineSpec": { + "description": "MachineSpec defines the desired state of Machine", + "type": "object", + "properties": { + "authoritativeAPI": { + "description": "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI and ClusterAPI. When set to MachineAPI, writes to the spec of the machine.openshift.io copy of this resource will be reflected into the cluster.x-k8s.io copy. When set to ClusterAPI, writes to the spec of the cluster.x-k8s.io copy of this resource will be reflected into the machine.openshift.io copy. Updates to the status will be reflected in both copies of the resource, based on the controller implementing the functionality of the API. Currently the authoritative API determines which controller will manage the resource, this will change in a future release. To ensure the change has been accepted, please verify that the `status.authoritativeAPI` field has been updated to the desired value and that the `Synchronized` condition is present and set to `True`.", "type": "string", - "default": "" + "default": "MachineAPI" }, - "i18n": { - "description": "i18n is the configuration of plugin's localization resources.", + "lifecycleHooks": { + "description": "lifecycleHooks allow users to pause operations on the machine at certain predefined points within the machine lifecycle.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginI18n" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.LifecycleHooks" }, - "proxy": { - "description": "proxy is a list of proxies that describe various service type to which the plugin needs to connect to.", + "metadata": { + "description": "ObjectMeta will autopopulate the Node created. Use this to indicate what labels, annotations, name prefix, etc., should be used when creating the Node.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.ObjectMeta" + }, + "providerID": { + "description": "providerID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider.", + "type": "string" + }, + "providerSpec": { + "description": "providerSpec details Provider-specific configuration to use during node creation.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.ProviderSpec" + }, + "taints": { + "description": "The list of the taints to be applied to the corresponding Node in additive manner. This list will not overwrite any other taints added to the Node on an ongoing basis by other entities. These taints should be actively reconciled e.g. if you ask the machine controller to apply a taint and then manually remove the taint the machine controller will put it back) but not have the machine controller remove any taints", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginProxy" + "$ref": "#/definitions/io.k8s.api.core.v1.Taint" }, "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.console.v1.ConsoleQuickStart": { - "description": "ConsoleQuickStart is an extension for guiding user through various workflows in the OpenShift web console.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1beta1.MachineStatus": { + "description": "MachineStatus defines the observed state of Machine", "type": "object", - "required": [ - "spec" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "addresses": { + "description": "addresses is a list of addresses assigned to the machine. Queried from cloud provider, if available.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.NodeAddress" + }, + "x-kubernetes-list-type": "atomic" + }, + "authoritativeAPI": { + "description": "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI, ClusterAPI and Migrating. This value is updated by the migration controller to reflect the authoritative API. Machine API and Cluster API controllers use this value to determine whether or not to reconcile the resource. When set to Migrating, the migration controller is currently performing the handover of authority from one API to the other.", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "conditions": { + "description": "conditions defines the current state of the Machine", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "errorMessage": { + "description": "errorMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption.\n\nThis field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", + "type": "string" + }, + "errorReason": { + "description": "errorReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation.\n\nThis field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", + "type": "string" + }, + "lastOperation": { + "description": "lastOperation describes the last-operation performed by the machine-controller. This API should be useful as a history in terms of the latest operation performed on the specific machine. It should also convey the state of the latest-operation for example if it is still on-going, failed or completed successfully.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.LastOperation" + }, + "lastUpdated": { + "description": "lastUpdated identifies when this status was last observed.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "nodeRef": { + "description": "nodeRef will point to the corresponding Node if it exists.", + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + }, + "phase": { + "description": "phase represents the current phase of machine actuation. One of: Failed, Provisioning, Provisioned, Running, Deleting", + "type": "string" + }, + "providerStatus": { + "description": "providerStatus details a Provider-specific status. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + }, + "synchronizedAPI": { + "description": "synchronizedAPI holds the last stable value of authoritativeAPI. It is used to detect migration cancellation requests and to restore the resource to its previous state. Valid values are \"MachineAPI\" and \"ClusterAPI\". When omitted, the resource has not yet been reconciled by the migration controller.", "type": "string" }, + "synchronizedGeneration": { + "description": "synchronizedGeneration is the generation of the authoritative resource that the non-authoritative resource is synchronised with. This field is set when the authoritative resource is updated and the sync controller has updated the non-authoritative resource to match.", + "type": "integer", + "format": "int64" + } + } + }, + "com.github.openshift.api.machine.v1beta1.MachineTemplateSpec": { + "description": "MachineTemplateSpec describes the data needed to create a Machine from a template", + "type": "object", + "properties": { "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.ObjectMeta" }, "spec": { + "description": "Specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleQuickStartSpec" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineSpec" } } }, - "com.github.openshift.api.console.v1.ConsoleQuickStartList": { - "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1beta1.MetadataServiceOptions": { + "description": "MetadataServiceOptions defines the options available to a user when configuring Instance Metadata Service (IMDS) Options.", "type": "object", - "required": [ - "metadata", - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleQuickStart" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "authentication": { + "description": "authentication determines whether or not the host requires the use of authentication when interacting with the metadata service. When using authentication, this enforces v2 interaction method (IMDSv2) with the metadata service. When omitted, this means the user has no opinion and the value is left to the platform to choose a good default, which is subject to change over time. The current default is optional. At this point this field represents `HttpTokens` parameter from `InstanceMetadataOptionsRequest` structure in AWS EC2 API https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_InstanceMetadataOptionsRequest.html", "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.console.v1.ConsoleQuickStartSpec": { - "description": "ConsoleQuickStartSpec is the desired quick start configuration.", + "com.github.openshift.api.machine.v1beta1.NetworkDeviceSpec": { + "description": "NetworkDeviceSpec defines the network configuration for a virtual machine's network device.", "type": "object", - "required": [ - "displayName", - "durationMinutes", - "description", - "introduction", - "tasks" - ], "properties": { - "accessReviewResources": { - "description": "accessReviewResources contains a list of resources that the user's access will be reviewed against in order for the user to complete the Quick Start. The Quick Start will be hidden if any of the access reviews fail.", + "addressesFromPools": { + "description": "addressesFromPools is a list of references to IP pool types and instances which are handled by an external controller. addressesFromPool configurations provided via addressesFromPools defer IP address assignment to an external controller. IP addresses provided via ipAddrs, however, are intended to allow explicit assignment of a machine's IP address. If both addressesFromPool and ipAddrs are empty or not defined, DHCP will assign an IP address. If both ipAddrs and addressesFromPools are defined, the IP addresses associated with ipAddrs will be applied first followed by IP addresses from addressesFromPools.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/ResourceAttributes.v1.authorization.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AddressesFromPool" } }, - "conclusion": { - "description": "conclusion sums up the Quick Start and suggests the possible next steps. (includes markdown)", - "type": "string" - }, - "description": { - "description": "description is the description of the Quick Start. (includes markdown)", - "type": "string", - "default": "" - }, - "displayName": { - "description": "displayName is the display name of the Quick Start.", - "type": "string", - "default": "" - }, - "durationMinutes": { - "description": "durationMinutes describes approximately how many minutes it will take to complete the Quick Start.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "icon": { - "description": "icon is a base64 encoded image that will be displayed beside the Quick Start display name. The icon should be an vector image for easy scaling. The size of the icon should be 40x40.", + "gateway": { + "description": "gateway is an IPv4 or IPv6 address which represents the subnet gateway, for example, 192.168.1.1.", "type": "string" }, - "introduction": { - "description": "introduction describes the purpose of the Quick Start. (includes markdown)", - "type": "string", - "default": "" - }, - "nextQuickStart": { - "description": "nextQuickStart is a list of the following Quick Starts, suggested for the user to try.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "prerequisites": { - "description": "prerequisites contains all prerequisites that need to be met before taking a Quick Start. (includes markdown)", + "ipAddrs": { + "description": "ipAddrs is a list of one or more IPv4 and/or IPv6 addresses and CIDR to assign to this device, for example, 192.168.1.100/24. IP addresses provided via ipAddrs are intended to allow explicit assignment of a machine's IP address. IP pool configurations provided via addressesFromPool, however, defer IP address assignment to an external controller. If both addressesFromPool and ipAddrs are empty or not defined, DHCP will be used to assign an IP address. If both ipAddrs and addressesFromPools are defined, the IP addresses associated with ipAddrs will be applied first followed by IP addresses from addressesFromPools.", "type": "array", "items": { "type": "string", "default": "" } }, - "tags": { - "description": "tags is a list of strings that describe the Quick Start.", + "nameservers": { + "description": "nameservers is a list of IPv4 and/or IPv6 addresses used as DNS nameservers, for example, 8.8.8.8. a nameserver is not provided by a fulfilled IPAddressClaim. If DHCP is not the source of IP addresses for this network device, nameservers should include a valid nameserver.", "type": "array", "items": { "type": "string", "default": "" } }, - "tasks": { - "description": "tasks is the list of steps the user has to perform to complete the Quick Start.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleQuickStartTask" - } + "networkName": { + "description": "networkName is the name of the vSphere network or port group to which the network device will be connected, for example, port-group-1. When not provided, the vCenter API will attempt to select a default network. The available networks (port groups) can be listed using `govc ls 'network/*'`", + "type": "string" } } }, - "com.github.openshift.api.console.v1.ConsoleQuickStartTask": { - "description": "ConsoleQuickStartTask is a single step in a Quick Start.", + "com.github.openshift.api.machine.v1beta1.NetworkSpec": { + "description": "NetworkSpec defines the virtual machine's network configuration.", "type": "object", "required": [ - "title", - "description" + "devices" ], "properties": { - "description": { - "description": "description describes the steps needed to complete the task. (includes markdown)", - "type": "string", - "default": "" - }, - "review": { - "description": "review contains instructions to validate the task is complete. The user will select 'Yes' or 'No'. using a radio button, which indicates whether the step was completed successfully.", - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleQuickStartTaskReview" - }, - "summary": { - "description": "summary contains information about the passed step.", - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleQuickStartTaskSummary" - }, - "title": { - "description": "title describes the task and is displayed as a step heading.", - "type": "string", - "default": "" + "devices": { + "description": "devices defines the virtual machine's network interfaces.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.NetworkDeviceSpec" + } } } }, - "com.github.openshift.api.console.v1.ConsoleQuickStartTaskReview": { - "description": "ConsoleQuickStartTaskReview contains instructions that validate a task was completed successfully.", + "com.github.openshift.api.machine.v1beta1.OSDisk": { "type": "object", "required": [ - "instructions", - "failedTaskHelp" + "osType", + "managedDisk", + "diskSizeGB" ], "properties": { - "failedTaskHelp": { - "description": "failedTaskHelp contains suggestions for a failed task review and is shown at the end of task. (includes markdown)", - "type": "string", - "default": "" + "cachingType": { + "description": "cachingType specifies the caching requirements. Possible values include: 'None', 'ReadOnly', 'ReadWrite'. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is `None`.", + "type": "string" }, - "instructions": { - "description": "instructions contains steps that user needs to take in order to validate his work after going through a task. (includes markdown)", + "diskSettings": { + "description": "diskSettings describe ephemeral disk settings for the os disk.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DiskSettings" + }, + "diskSizeGB": { + "description": "diskSizeGB is the size in GB to assign to the data disk.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "managedDisk": { + "description": "managedDisk specifies the Managed Disk parameters for the OS disk.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.OSDiskManagedDiskParameters" + }, + "osType": { + "description": "osType is the operating system type of the OS disk. Possible values include \"Linux\" and \"Windows\".", "type": "string", "default": "" } } }, - "com.github.openshift.api.console.v1.ConsoleQuickStartTaskSummary": { - "description": "ConsoleQuickStartTaskSummary contains information about a passed step.", + "com.github.openshift.api.machine.v1beta1.OSDiskManagedDiskParameters": { + "description": "OSDiskManagedDiskParameters is the parameters of a OSDisk managed disk.", "type": "object", "required": [ - "success", - "failed" + "storageAccountType" ], "properties": { - "failed": { - "description": "failed briefly describes the unsuccessfully passed task. (includes markdown)", - "type": "string", - "default": "" + "diskEncryptionSet": { + "description": "diskEncryptionSet is the disk encryption set properties", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DiskEncryptionSetParameters" }, - "success": { - "description": "success describes the succesfully passed task.", + "securityProfile": { + "description": "securityProfile specifies the security profile for the managed disk.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.VMDiskSecurityProfile" + }, + "storageAccountType": { + "description": "storageAccountType is the storage account type to use. Possible values include \"Standard_LRS\", \"Premium_LRS\".", "type": "string", "default": "" } } }, - "com.github.openshift.api.console.v1.ConsoleSample": { - "description": "ConsoleSample is an extension to customizing OpenShift web console by adding samples.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1beta1.ObjectMeta": { + "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. This is a copy of customizable fields from metav1.ObjectMeta.\n\nObjectMeta is embedded in `Machine.Spec`, `MachineDeployment.Template` and `MachineSet.Template`, which are not top-level Kubernetes objects. Given that metav1.ObjectMeta has lots of special cases and read-only fields which end up in the generated CRD validation, having it as a subset simplifies the API and some issues that can impact user experience.\n\nDuring the [upgrade to controller-tools@v2](https://github.com/kubernetes-sigs/cluster-api/pull/1054) for v1alpha2, we noticed a failure would occur running Cluster API test suite against the new CRDs, specifically `spec.metadata.creationTimestamp in body must be of type string: \"null\"`. The investigation showed that `controller-tools@v2` behaves differently than its previous version when handling types from [metav1](k8s.io/apimachinery/pkg/apis/meta/v1) package.\n\nIn more details, we found that embedded (non-top level) types that embedded `metav1.ObjectMeta` had validation properties, including for `creationTimestamp` (metav1.Time). The `metav1.Time` type specifies a custom json marshaller that, when IsZero() is true, returns `null` which breaks validation because the field isn't marked as nullable.\n\nIn future versions, controller-tools@v2 might allow overriding the type and validation for embedded types. When that happens, this hack should be revisited.", "type": "object", - "required": [ - "metadata", - "spec" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "annotations": { + "description": "annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "generateName": { + "description": "generateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "labels": { + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "name": { + "description": "name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "namespace": { + "description": "namespace defines the space within each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", + "type": "string" }, - "spec": { - "description": "spec contains configuration for a console sample.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleSpec" + "ownerReferences": { + "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference" + }, + "x-kubernetes-list-map-keys": [ + "uid" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "uid", + "x-kubernetes-patch-strategy": "merge" } } }, - "com.github.openshift.api.console.v1.ConsoleSampleContainerImportSource": { - "description": "ConsoleSampleContainerImportSource let the user import a container image.", + "com.github.openshift.api.machine.v1beta1.Placement": { + "description": "Placement indicates where to create the instance in AWS", "type": "object", - "required": [ - "image" - ], "properties": { - "image": { - "description": "reference to a container image that provides a HTTP service. The service must be exposed on the default port (8080) unless otherwise configured with the port field.\n\nSupported formats:\n - /\n - docker.io//\n - quay.io//\n - quay.io//@sha256:\n - quay.io//:", - "type": "string", - "default": "" + "availabilityZone": { + "description": "availabilityZone is the availability zone of the instance", + "type": "string" }, - "service": { - "description": "service contains configuration for the Service resource created for this sample.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleContainerImportSourceService" + "host": { + "description": "host configures placement on AWS Dedicated Hosts. This allows admins to assign instances to specific host for a variety of needs including for regulatory compliance, to leverage existing per-socket or per-core software licenses (BYOL), and to gain visibility and control over instance placement on a physical server. When omitted, the instance is not constrained to a dedicated host.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.HostPlacement" + }, + "region": { + "description": "region is the region to use to create the instance", + "type": "string" + }, + "tenancy": { + "description": "tenancy indicates if instance should run on shared or single-tenant hardware. There are supported 3 options: default, dedicated and host. When set to default Runs on shared multi-tenant hardware. When dedicated Runs on single-tenant hardware (any dedicated instance hardware). When host and the host object is not provided: Runs on Dedicated Host; best-effort restart on same host. When `host` and `host` object is provided with affinity `dedicatedHost` defined: Runs on specified Dedicated Host.", + "type": "string" } } }, - "com.github.openshift.api.console.v1.ConsoleSampleContainerImportSourceService": { - "description": "ConsoleSampleContainerImportSourceService let the samples author define defaults for the Service created for this sample.", + "com.github.openshift.api.machine.v1beta1.ProviderSpec": { + "description": "ProviderSpec defines the configuration to use during node creation.", "type": "object", "properties": { - "targetPort": { - "description": "targetPort is the port that the service listens on for HTTP requests. This port will be used for Service and Route created for this sample. Port must be in the range 1 to 65535. Default port is 8080.", - "type": "integer", - "format": "int32" + "value": { + "description": "value is an inlined, serialized representation of the resource configuration. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field, akin to component config.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } } }, - "com.github.openshift.api.console.v1.ConsoleSampleGitImportSource": { - "description": "ConsoleSampleGitImportSource let the user import code from a public Git repository.", + "com.github.openshift.api.machine.v1beta1.ResourceManagerTag": { + "description": "ResourceManagerTag is a tag to apply to GCP resources created for the cluster.", "type": "object", "required": [ - "repository" + "parentID", + "key", + "value" ], "properties": { - "repository": { - "description": "repository contains the reference to the actual Git repository.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleGitImportSourceRepository" + "key": { + "description": "key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`.", + "type": "string", + "default": "" }, - "service": { - "description": "service contains configuration for the Service resource created for this sample.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleGitImportSourceService" - } - } - }, - "com.github.openshift.api.console.v1.ConsoleSampleGitImportSourceRepository": { - "description": "ConsoleSampleGitImportSourceRepository let the user import code from a public git repository.", - "type": "object", - "required": [ - "url" - ], - "properties": { - "contextDir": { - "description": "contextDir is used to specify a directory within the repository to build the component. Must start with `/` and have a maximum length of 256 characters. When omitted, the default value is to build from the root of the repository.", - "type": "string", - "default": "" - }, - "revision": { - "description": "revision is the git revision at which to clone the git repository Can be used to clone a specific branch, tag or commit SHA. Must be at most 256 characters in length. When omitted the repository's default branch is used.", + "parentID": { + "description": "parentID is the ID of the hierarchical resource where the tags are defined e.g. at the Organization or the Project level. To find the Organization or Project ID ref https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects An OrganizationID can have a maximum of 32 characters and must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.", "type": "string", "default": "" }, - "url": { - "description": "url of the Git repository that contains a HTTP service. The HTTP service must be exposed on the default port (8080) unless otherwise configured with the port field.\n\nOnly public repositories on GitHub, GitLab and Bitbucket are currently supported:\n\n - https://github.com//\n - https://gitlab.com//\n - https://bitbucket.org//\n\nThe url must have a maximum length of 256 characters.", + "value": { + "description": "value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces.", "type": "string", "default": "" } } }, - "com.github.openshift.api.console.v1.ConsoleSampleGitImportSourceService": { - "description": "ConsoleSampleGitImportSourceService let the samples author define defaults for the Service created for this sample.", - "type": "object", - "properties": { - "targetPort": { - "description": "targetPort is the port that the service listens on for HTTP requests. This port will be used for Service created for this sample. Port must be in the range 1 to 65535. Default port is 8080.", - "type": "integer", - "format": "int32" - } - } - }, - "com.github.openshift.api.console.v1.ConsoleSampleList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1beta1.SecurityProfile": { + "description": "SecurityProfile specifies the Security profile settings for a virtual machine or virtual machine scale set.", "type": "object", - "required": [ - "metadata", - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSample" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "encryptionAtHost": { + "description": "encryptionAtHost indicates whether Host Encryption should be enabled or disabled for a virtual machine or virtual machine scale set. This should be disabled when SecurityEncryptionType is set to DiskWithVMGuestState. Default is disabled.", + "type": "boolean" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "settings": { + "description": "settings specify the security type and the UEFI settings of the virtual machine. This field can be set for Confidential VMs and Trusted Launch for VMs.", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.SecuritySettings" } } }, - "com.github.openshift.api.console.v1.ConsoleSampleSource": { - "description": "ConsoleSampleSource is the actual sample definition and can hold different sample types. Unsupported sample types will be ignored in the web console.", + "com.github.openshift.api.machine.v1beta1.SecuritySettings": { + "description": "SecuritySettings define the security type and the UEFI settings of the virtual machine.", "type": "object", "required": [ - "type" + "securityType" ], "properties": { - "containerImport": { - "description": "containerImport allows the user import a container image.", - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleContainerImportSource" - }, - "gitImport": { - "description": "gitImport allows the user to import code from a git repository.", - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleGitImportSource" + "confidentialVM": { + "description": "confidentialVM specifies the security configuration of the virtual machine. For more information regarding Confidential VMs, please refer to: https://learn.microsoft.com/azure/confidential-computing/confidential-vm-overview", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.ConfidentialVM" }, - "type": { - "description": "type of the sample, currently supported: \"GitImport\";\"ContainerImport\"\n\nPossible enum values:\n - `\"ContainerImport\"` A sample that let the user import a container image.\n - `\"GitImport\"` A sample that let the user import code from a git repository.", + "securityType": { + "description": "securityType specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UEFISettings. The default behavior is: UEFISettings will not be enabled unless this property is set.", "type": "string", - "default": "", - "enum": [ - "ContainerImport", - "GitImport" - ] + "default": "" + }, + "trustedLaunch": { + "description": "trustedLaunch specifies the security configuration of the virtual machine. For more information regarding TrustedLaunch for VMs, please refer to: https://learn.microsoft.com/azure/virtual-machines/trusted-launch", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.TrustedLaunch" } }, "x-kubernetes-unions": [ { - "discriminator": "type", + "discriminator": "securityType", "fields-to-discriminateBy": { - "containerImport": "ContainerImport", - "gitImport": "GitImport" + "confidentialVM": "ConfidentialVM", + "trustedLaunch": "TrustedLaunch" } } ] }, - "com.github.openshift.api.console.v1.ConsoleSampleSpec": { - "description": "ConsoleSampleSpec is the desired sample for the web console. Samples will appear with their title, descriptions and a badge in a samples catalog.", + "com.github.openshift.api.machine.v1beta1.SpotMarketOptions": { + "description": "SpotMarketOptions defines the options available to a user when configuring Machines to run on Spot instances. Most users should provide an empty struct.", + "type": "object", + "properties": { + "maxPrice": { + "description": "The maximum price the user is willing to pay for their instances Default: On-Demand price", + "type": "string" + } + } + }, + "com.github.openshift.api.machine.v1beta1.SpotVMOptions": { + "description": "SpotVMOptions defines the options relevant to running the Machine on Spot VMs", + "type": "object", + "properties": { + "maxPrice": { + "description": "maxPrice defines the maximum price the user is willing to pay for Spot VM instances", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + } + } + }, + "com.github.openshift.api.machine.v1beta1.TagSpecification": { + "description": "TagSpecification is the name/value pair for a tag", "type": "object", "required": [ - "title", - "abstract", - "description", - "source" + "name" ], "properties": { - "abstract": { - "description": "abstract is a short introduction to the sample.\n\nIt is required and must be no more than 100 characters in length.\n\nThe abstract is shown on the sample card tile below the title and provider and is limited to three lines of content.", - "type": "string", - "default": "" - }, - "description": { - "description": "description is a long form explanation of the sample.\n\nIt is required and can have a maximum length of **4096** characters.\n\nIt is a README.md-like content for additional information, links, pre-conditions, and other instructions. It will be rendered as Markdown so that it can contain line breaks, links, and other simple formatting.", - "type": "string", - "default": "" - }, - "icon": { - "description": "icon is an optional base64 encoded image and shown beside the sample title.\n\nThe format must follow the data: URL format and can have a maximum size of **10 KB**.\n\n data:[][;base64],\n\nFor example:\n\n data:image;base64, plus the base64 encoded image.\n\nVector images can also be used. SVG icons must start with:\n\n data:image/svg+xml;base64, plus the base64 encoded SVG image.\n\nAll sample catalog icons will be shown on a white background (also when the dark theme is used). The web console ensures that different aspect ratios work correctly. Currently, the surface of the icon is at most 40x100px.\n\nFor more information on the data URL format, please visit https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URLs.", + "name": { + "description": "name of the tag. This field is required and must be a non-empty string. Must be between 1 and 128 characters in length.", "type": "string", "default": "" }, - "provider": { - "description": "provider is an optional label to honor who provides the sample.\n\nIt is optional and must be no more than 50 characters in length.\n\nA provider can be a company like \"Red Hat\" or an organization like \"CNCF\" or \"Knative\".\n\nCurrently, the provider is only shown on the sample card tile below the title with the prefix \"Provided by \"", + "value": { + "description": "value of the tag. When omitted, this creates a tag with an empty string as the value.", "type": "string", "default": "" - }, - "source": { - "description": "source defines where to deploy the sample service from. The sample may be sourced from an external git repository or container image.", + } + } + }, + "com.github.openshift.api.machine.v1beta1.TrustedLaunch": { + "description": "TrustedLaunch defines the UEFI settings for the virtual machine.", + "type": "object", + "required": [ + "uefiSettings" + ], + "properties": { + "uefiSettings": { + "description": "uefiSettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleSource" - }, - "tags": { - "description": "tags are optional string values that can be used to find samples in the samples catalog.\n\nExamples of common tags may be \"Java\", \"Quarkus\", etc.\n\nThey will be displayed on the samples details page.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.UEFISettings" + } + } + }, + "com.github.openshift.api.machine.v1beta1.UEFISettings": { + "description": "UEFISettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.", + "type": "object", + "properties": { + "secureBoot": { + "description": "secureBoot specifies whether secure boot should be enabled on the virtual machine. Secure Boot verifies the digital signature of all boot components and halts the boot process if signature verification fails. If omitted, the platform chooses a default, which is subject to change over time, currently that default is disabled.", + "type": "string" }, - "title": { - "description": "title is the display name of the sample.\n\nIt is required and must be no more than 50 characters in length.", + "virtualizedTrustedPlatformModule": { + "description": "virtualizedTrustedPlatformModule specifies whether vTPM should be enabled on the virtual machine. When enabled the virtualized trusted platform module measurements are used to create a known good boot integrity policy baseline. The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. This is required to be enabled if SecurityEncryptionType is defined. If omitted, the platform chooses a default, which is subject to change over time, currently that default is disabled.", + "type": "string" + } + } + }, + "com.github.openshift.api.machine.v1beta1.UnhealthyCondition": { + "description": "UnhealthyCondition represents a Node condition type and value with a timeout specified as a duration. When the named condition has been in the given status for at least the timeout value, a node is considered unhealthy.", + "type": "object", + "required": [ + "type", + "status", + "timeout" + ], + "properties": { + "status": { "type": "string", "default": "" }, + "timeout": { + "description": "Expects an unsigned duration string of decimal numbers each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + }, "type": { - "description": "type is an optional label to group multiple samples.\n\nIt is optional and must be no more than 20 characters in length.\n\nRecommendation is a singular term like \"Builder Image\", \"Devfile\" or \"Serverless Function\".\n\nCurrently, the type is shown a badge on the sample card tile in the top right corner.", "type": "string", "default": "" } } }, - "com.github.openshift.api.console.v1.ConsoleYAMLSample": { - "description": "ConsoleYAMLSample is an extension for customizing OpenShift web console YAML samples.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1beta1.VMDiskSecurityProfile": { + "description": "VMDiskSecurityProfile specifies the security profile settings for the managed disk. It can be set only for Confidential VMs.", + "type": "object", + "properties": { + "diskEncryptionSet": { + "description": "diskEncryptionSet specifies the customer managed disk encryption set resource id for the managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and VMGuest blob.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DiskEncryptionSetParameters" + }, + "securityEncryptionType": { + "description": "securityEncryptionType specifies the encryption type of the managed disk. It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only. When set to VMGuestStateOnly, the vTPM should be enabled. When set to DiskWithVMGuestState, both SecureBoot and vTPM should be enabled. If the above conditions are not fulfilled, the VM will not be created and the respective error will be returned. It can be set only for Confidential VMs. Confidential VMs are defined by their SecurityProfile.SecurityType being set to ConfidentialVM, the SecurityEncryptionType of their OS disk being set to one of the allowed values and by enabling the respective SecurityProfile.UEFISettings of the VM (i.e. vTPM and SecureBoot), depending on the selected SecurityEncryptionType. For further details on Azure Confidential VMs, please refer to the respective documentation: https://learn.microsoft.com/azure/confidential-computing/confidential-vm-overview", + "type": "string" + } + } + }, + "com.github.openshift.api.machine.v1beta1.VSphereDisk": { + "description": "VSphereDisk describes additional disks for vSphere.", "type": "object", "required": [ - "metadata", - "spec" + "name", + "sizeGiB" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "name": { + "description": "name is used to identify the disk definition. name is required needs to be unique so that it can be used to clearly identify purpose of the disk. It must be at most 80 characters in length and must consist only of alphanumeric characters, hyphens and underscores, and must start and end with an alphanumeric character.", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "provisioningMode": { + "description": "provisioningMode is an optional field that specifies the provisioning type to be used by this vSphere data disk. Allowed values are \"Thin\", \"Thick\", \"EagerlyZeroed\", and omitted. When set to Thin, the disk will be made using thin provisioning allocating the bare minimum space. When set to Thick, the full disk size will be allocated when disk is created. When set to EagerlyZeroed, the disk will be created using eager zero provisioning. An eager zeroed thick disk has all space allocated and wiped clean of any previous contents on the physical media at creation time. Such disks may take longer time during creation compared to other disk formats. When omitted, no setting will be applied to the data disk and the provisioning mode for the disk will be determined by the default storage policy configured for the datastore in vSphere.", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleYAMLSampleSpec" + "sizeGiB": { + "description": "sizeGiB is the size of the disk in GiB. The maximum supported size 16384 GiB.", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "com.github.openshift.api.console.v1.ConsoleYAMLSampleList": { - "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1beta1.VSphereMachineProviderSpec": { + "description": "VSphereMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an VSphere virtual machine. It is used by the vSphere machine actuator to create a single Machine. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "metadata", - "items" + "template", + "network" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { + "cloneMode": { + "description": "cloneMode specifies the type of clone operation. The LinkedClone mode is only support for templates that have at least one snapshot. If the template has no snapshots, then CloneMode defaults to FullClone. When LinkedClone mode is enabled the DiskGiB field is ignored as it is not possible to expand disks of linked clones. Defaults to FullClone. When using LinkedClone, if no snapshots exist for the source template, falls back to FullClone.", + "type": "string" + }, + "credentialsSecret": { + "description": "credentialsSecret is a reference to the secret with vSphere credentials.", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "dataDisks": { + "description": "dataDisks is a list of non OS disks to be created and attached to the VM. The max number of disk allowed to be attached is currently 29. The max number of disks for any controller is 30, but VM template will always have OS disk so that will leave 29 disks on any controller type.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleYAMLSample" - } + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.VSphereDisk" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "diskGiB": { + "description": "diskGiB is the size of a virtual machine's disk, in GiB. Defaults to the analogue property value in the template from which this machine is cloned. This parameter will be ignored if 'LinkedClone' CloneMode is set.", + "type": "integer", + "format": "int32" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, + "memoryMiB": { + "description": "memoryMiB is the size of a virtual machine's memory, in MiB. Defaults to the analogue property value in the template from which this machine is cloned.", + "type": "integer", + "format": "int64" + }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.console.v1.ConsoleYAMLSampleSpec": { - "description": "ConsoleYAMLSampleSpec is the desired YAML sample configuration. Samples will appear with their descriptions in a samples sidebar when creating a resources in the web console.", - "type": "object", - "required": [ - "targetResource", - "title", - "description", - "yaml" - ], - "properties": { - "description": { - "description": "description of the YAML sample.", - "type": "string", - "default": "" - }, - "snippet": { - "description": "snippet indicates that the YAML sample is not the full YAML resource definition, but a fragment that can be inserted into the existing YAML document at the user's cursor.", - "type": "boolean", - "default": false + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "targetResource": { - "description": "targetResource contains apiVersion and kind of the resource YAML sample is representating.", + "network": { + "description": "network is the network configuration for this machine's VM.", "default": {}, - "$ref": "#/definitions/TypeMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.NetworkSpec" }, - "title": { - "description": "title of the YAML sample.", + "numCPUs": { + "description": "numCPUs is the number of virtual processors in a virtual machine. Defaults to the analogue property value in the template from which this machine is cloned.", + "type": "integer", + "format": "int32" + }, + "numCoresPerSocket": { + "description": "NumCPUs is the number of cores among which to distribute CPUs in this virtual machine. Defaults to the analogue property value in the template from which this machine is cloned.", + "type": "integer", + "format": "int32" + }, + "snapshot": { + "description": "snapshot is the name of the snapshot from which the VM was cloned", "type": "string", "default": "" }, - "yaml": { - "description": "yaml is the YAML sample to display.", + "tagIDs": { + "description": "tagIDs is an optional set of tags to add to an instance. Specified tagIDs must use URN-notation instead of display names. A maximum of 10 tag IDs may be specified.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "template": { + "description": "template is the name, inventory path, or instance UUID of the template used to clone new machines.", "type": "string", "default": "" + }, + "userDataSecret": { + "description": "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "workspace": { + "description": "workspace describes the workspace to use for the machine.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Workspace" } } }, - "com.github.openshift.api.console.v1.Link": { - "description": "Represents a standard link that could be generated in HTML", + "com.github.openshift.api.machine.v1beta1.VSphereMachineProviderStatus": { + "description": "VSphereMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains VSphere-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "text", - "href" - ], "properties": { - "href": { - "description": "href is the absolute URL for the link. Must use https:// for web URLs or mailto: for email links.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "text": { - "description": "text is the display text for the link", - "type": "string", - "default": "" + "conditions": { + "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "instanceId": { + "description": "instanceId is the ID of the instance in VSphere", + "type": "string" + }, + "instanceState": { + "description": "instanceState is the provisioning state of the VSphere Instance.", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "taskRef": { + "description": "taskRef is a managed object reference to a Task related to the machine. This value is set automatically at runtime and should not be set or modified by users.", + "type": "string" } } }, - "com.github.openshift.api.console.v1.NamespaceDashboardSpec": { - "description": "NamespaceDashboardSpec is a specification of namespaces in which the dashboard link should appear. If both namespaces and namespaceSelector are specified, the link will appear in namespaces that match either", + "com.github.openshift.api.machine.v1beta1.Workspace": { + "description": "WorkspaceConfig defines a workspace configuration for the vSphere cloud provider.", "type": "object", "properties": { - "namespaceSelector": { - "description": "namespaceSelector is used to select the Namespaces that should contain dashboard link by label. If the namespace labels match, dashboard link will be shown for the namespaces.", - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + "datacenter": { + "description": "datacenter is the datacenter in which VMs are created/located.", + "type": "string" }, - "namespaces": { - "description": "namespaces is an array of namespace names in which the dashboard link should appear.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "datastore": { + "description": "datastore is the datastore in which VMs are created/located.", + "type": "string" + }, + "folder": { + "description": "folder is the folder in which VMs are created/located.", + "type": "string" + }, + "resourcePool": { + "description": "resourcePool is the resource pool in which VMs are created/located.", + "type": "string" + }, + "server": { + "description": "server is the IP address or FQDN of the vSphere endpoint.", + "type": "string" + }, + "vmGroup": { + "description": "vmGroup is the cluster vm group in which virtual machines will be added for vm host group based zonal.", + "type": "string" } } }, - "com.github.openshift.api.etcd.v1alpha1.PacemakerCluster": { - "description": "PacemakerCluster represents the current state of the pacemaker cluster as reported by the pcs status command. PacemakerCluster is a cluster-scoped singleton resource. The name of this instance is \"cluster\". This resource provides a view into the health and status of a pacemaker-managed cluster in Two Node OpenShift with Fencing deployments.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImage": { + "description": "InternalReleaseImage is used to keep track and manage a set of release bundles (OCP and OLM operators images) that are stored into the control planes nodes.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "metadata" + "metadata", + "spec" ], "properties": { "apiVersion": { @@ -27044,54 +25896,53 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec describes the configuration of this internal release image.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageSpec" }, "status": { - "description": "status contains the actual pacemaker cluster status information collected from the cluster. The goal of this status is to be able to quickly identify if pacemaker is in a healthy state. In Two Node OpenShift with Fencing, a healthy pacemaker cluster has 2 nodes, both of which have healthy kubelet, etcd, and fencing resources. This field is optional on creation - the status collector populates it immediately after creating the resource via the status subresource.", + "description": "status describes the last observed state of this internal release image.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerClusterStatus" + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageStatus" } } }, - "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterFencingAgentStatus": { - "description": "PacemakerClusterFencingAgentStatus represents the status of a fencing agent that can fence a node. Fencing agents are STONITH (Shoot The Other Node In The Head) devices used to isolate failed nodes. Unlike regular pacemaker resources, fencing agents are mapped to their target node (the node they can fence), not the node where their monitoring operations are scheduled.", + "com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageBundleStatus": { "type": "object", "required": [ - "conditions", - "name", - "method" + "name" ], "properties": { "conditions": { - "description": "conditions represent the observations of the fencing agent's current state. Known condition types are: \"Healthy\", \"InService\", \"Managed\", \"Enabled\", \"Operational\", \"Active\", \"Started\", \"Schedulable\". The \"Healthy\" condition is an aggregate that tracks the overall health of the fencing agent. The \"InService\" condition tracks whether the fencing agent is in service (not in maintenance mode). The \"Managed\" condition tracks whether the fencing agent is managed by pacemaker. The \"Enabled\" condition tracks whether the fencing agent is enabled. The \"Operational\" condition tracks whether the fencing agent is operational (not failed). The \"Active\" condition tracks whether the fencing agent is active (available to be used). The \"Started\" condition tracks whether the fencing agent is started. The \"Schedulable\" condition tracks whether the fencing agent is schedulable (not blocked). Each of these conditions is required, so the array must contain at least 8 items.", + "description": "conditions represent the observations of an internal release image current state. Valid types are: Mounted, Installing, Available, Removing and Degraded.\n\nIf Mounted is true, that means that a valid ISO has been discovered and mounted on one of the cluster nodes. If Installing is true, that means that a new release bundle is currently being copied on one (or more) cluster nodes, and not yet completed. If Available is true, it means that the release has been previously installed on all the cluster nodes, and it can be used. If Removing is true, it means that a release deletion is in progress on one (or more) cluster nodes, and not yet completed. If Degraded is true, that means something has gone wrong (possibly on one or more cluster nodes).\n\nIn general, after installing a new release bundle, it is required to wait for the Conditions \"Available\" to become \"True\" (and all the other conditions to be equal to \"False\") before being able to pull its content.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" }, "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, - "method": { - "description": "method is the fencing method used by this agent. Valid values are \"Redfish\" and \"IPMI\". Redfish is a standard RESTful API for server management. IPMI (Intelligent Platform Management Interface) is a hardware management interface.\n\nPossible enum values:\n - `\"IPMI\"` uses IPMI (Intelligent Platform Management Interface), a hardware management interface.\n - `\"Redfish\"` uses Redfish, a standard RESTful API for server management.", - "type": "string", - "enum": [ - "IPMI", - "Redfish" - ] + "image": { + "description": "image is an OCP release image referenced by digest. The format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters. The field is optional, and it will be provided after a release will be successfully installed.", + "type": "string" }, "name": { - "description": "name is the unique identifier for this fencing agent (e.g., \"master-0_redfish\"). The name must be unique within the fencingAgents array for this node. It may contain alphanumeric characters, dots, hyphens, and underscores. Maximum length is 300 characters, providing headroom beyond the typical format of _ (253 for RFC 1123 node name + 1 underscore + type).", + "description": "name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. The expected name format is ocp-release-bundle--.", "type": "string" } } }, - "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterList": { - "description": "PacemakerClusterList contains a list of PacemakerCluster objects. PacemakerCluster is a cluster-scoped singleton resource; only one instance named \"cluster\" may exist. This list type exists only to satisfy Kubernetes API conventions.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageList": { + "description": "InternalReleaseImageList is a list of InternalReleaseImage resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -27100,11 +25951,10 @@ "type": "string" }, "items": { - "description": "items is a list of PacemakerCluster objects.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerCluster" + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImage" } }, "kind": { @@ -27114,64 +25964,69 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterNodeStatus": { - "description": "PacemakerClusterNodeStatus represents the status of a single node in the pacemaker cluster including the node's conditions and the health of critical resources running on that node.", + "com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageRef": { + "description": "InternalReleaseImageRef is used to provide a simple reference for a release bundle. Currently it contains only the name field.", "type": "object", "required": [ - "conditions", - "nodeName", - "addresses", - "resources", - "fencingAgents" + "name" ], "properties": { - "addresses": { - "description": "addresses is a list of IP addresses for the node. Pacemaker allows multiple IP addresses for Corosync communication between nodes. The first address in this list is used for IP-based peer URLs for etcd membership. Each address must be a valid global unicast IPv4 or IPv6 address in canonical form (e.g., \"192.168.1.1\" not \"192.168.001.001\", or \"2001:db8::1\" not \"2001:0db8::1\"). This excludes loopback, link-local, and multicast addresses.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerNodeAddress" - }, - "x-kubernetes-list-type": "atomic" - }, - "conditions": { - "description": "conditions represent the observations of the node's current state. Known condition types are: \"Healthy\", \"Online\", \"InService\", \"Active\", \"Ready\", \"Clean\", \"Member\", \"FencingAvailable\", \"FencingHealthy\". The \"Healthy\" condition is an aggregate that tracks the overall health of the node. The \"Online\" condition tracks whether the node is online. The \"InService\" condition tracks whether the node is in service (not in maintenance mode). The \"Active\" condition tracks whether the node is active (not in standby mode). The \"Ready\" condition tracks whether the node is ready (not in a pending state). The \"Clean\" condition tracks whether the node is in a clean (status known) state. The \"Member\" condition tracks whether the node is a member of the cluster. The \"FencingAvailable\" condition tracks whether this node can be fenced by at least one healthy agent. The \"FencingHealthy\" condition tracks whether all fencing agents for this node are healthy. Each of these conditions is required, so the array must contain at least 9 items.", + "name": { + "description": "name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. The expected name format is ocp-release-bundle--.", + "type": "string" + } + } + }, + "com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageSpec": { + "description": "InternalReleaseImageSpec defines the desired state of a InternalReleaseImage.", + "type": "object", + "required": [ + "releases" + ], + "properties": { + "releases": { + "description": "releases is a list of release bundle identifiers that the user wants to add/remove to/from the control plane nodes. Entries must be unique, keyed on the name field. releases must contain at least one entry and must not exceed 16 entries.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageRef" }, "x-kubernetes-list-map-keys": [ - "type" + "name" ], "x-kubernetes-list-type": "map" - }, - "fencingAgents": { - "description": "fencingAgents contains the status of fencing agents that can fence this node. Unlike resources (which are scheduled to run on this node), fencing agents are mapped to the node they can fence (their target), not the node where monitoring operations run. Each fencing agent entry includes a unique name, fencing type, target node, and health conditions. A node is considered fence-capable if at least one fencing agent is healthy. Expected to have 1 fencing agent per node, but up to 8 are supported for redundancy. Names must be unique within this array.", + } + } + }, + "com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageStatus": { + "description": "InternalReleaseImageStatus describes the current state of a InternalReleaseImage.", + "type": "object", + "required": [ + "releases" + ], + "properties": { + "conditions": { + "description": "conditions represent the observations of the InternalReleaseImage controller current state. Valid types are: Degraded. If Degraded is true, that means something has gone wrong in the controller.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerClusterFencingAgentStatus" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" }, "x-kubernetes-list-map-keys": [ - "name" + "type" ], "x-kubernetes-list-type": "map" }, - "nodeName": { - "description": "nodeName is the name of the node. This is expected to match the Kubernetes node's name, which must be a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length.", - "type": "string" - }, - "resources": { - "description": "resources contains the status of pacemaker resources scheduled on this node. Each resource entry includes the resource name and its health conditions. For Two Node OpenShift with Fencing, we track Kubelet and Etcd resources per node. Both resources are required to be present, so the array must contain at least 2 items. Valid resource names are \"Kubelet\" and \"Etcd\". Fencing agents are tracked separately in the fencingAgents field.", + "releases": { + "description": "releases is a list of the release bundles currently owned and managed by the cluster. A release bundle content could be safely pulled only when its Conditions field contains at least an Available entry set to \"True\" and Degraded to \"False\". Entries must be unique, keyed on the name field. releases must contain at least one entry and must not exceed 32 entries.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerClusterResourceStatus" + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageBundleStatus" }, "x-kubernetes-list-map-keys": [ "name" @@ -27180,213 +26035,220 @@ } } }, - "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterResourceStatus": { - "description": "PacemakerClusterResourceStatus represents the status of a pacemaker resource scheduled on a node. A pacemaker resource is a unit of work managed by pacemaker. In pacemaker terminology, resources are services or applications that pacemaker monitors, starts, stops, and moves between nodes to maintain high availability. For Two Node OpenShift with Fencing, we track two resources per node:\n - Kubelet (the Kubernetes node agent and a prerequisite for etcd)\n - Etcd (the distributed key-value store)\n\nFencing agents are tracked separately in the fencingAgents field because they are mapped to their target node (the node they can fence), not the node where monitoring operations are scheduled.", + "com.github.openshift.api.machineconfiguration.v1alpha1.MCOObjectReference": { + "description": "MCOObjectReference holds information about an object the MCO either owns or modifies in some way", "type": "object", "required": [ - "conditions", "name" ], "properties": { - "conditions": { - "description": "conditions represent the observations of the resource's current state. Known condition types are: \"Healthy\", \"InService\", \"Managed\", \"Enabled\", \"Operational\", \"Active\", \"Started\", \"Schedulable\". The \"Healthy\" condition is an aggregate that tracks the overall health of the resource. The \"InService\" condition tracks whether the resource is in service (not in maintenance mode). The \"Managed\" condition tracks whether the resource is managed by pacemaker. The \"Enabled\" condition tracks whether the resource is enabled. The \"Operational\" condition tracks whether the resource is operational (not failed). The \"Active\" condition tracks whether the resource is active (available to be used). The \"Started\" condition tracks whether the resource is started. The \"Schedulable\" condition tracks whether the resource is schedulable (not blocked). Each of these conditions is required, so the array must contain at least 8 items.", + "name": { + "description": "name is the name of the object being referenced. For example, this can represent a machine config pool or node name. Must be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting of only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end with an alphanumeric character, and be at most 253 characters in length.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNode": { + "description": "MachineConfigNode describes the health of the Machines on the system Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "required": [ + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object metadata.", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec describes the configuration of the machine config node.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeSpec" + }, + "status": { + "description": "status describes the last observed state of this machine config node.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeStatus" + } + } + }, + "com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeList": { + "description": "MachineConfigNodeList describes all of the MachinesStates on the system\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items contains a collection of MachineConfigNode resources.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNode" + } }, - "name": { - "description": "name is the name of the pacemaker resource. Valid values are \"Kubelet\" and \"Etcd\". The Kubelet resource is a prerequisite for etcd in Two Node OpenShift with Fencing deployments. The Etcd resource may temporarily transition to stopped during pacemaker quorum-recovery operations. Fencing agents are tracked separately in the node's fencingAgents field.\n\nPossible enum values:\n - `\"Etcd\"` is the etcd pacemaker resource. The etcd resource may temporarily transition to stopped during pacemaker quorum-recovery operations.\n - `\"Kubelet\"` is the kubelet pacemaker resource. The kubelet resource is a prerequisite for etcd in Two Node OpenShift with Fencing deployments.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list metadata.", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + } + }, + "com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeSpec": { + "description": "MachineConfigNodeSpec describes the MachineConfigNode we are managing.", + "type": "object", + "required": [ + "node", + "pool", + "configVersion" + ], + "properties": { + "configVersion": { + "description": "configVersion holds the desired config version for the node targeted by this machine config node resource. The desired version represents the machine config the node will attempt to update to and gets set before the machine config operator validates the new machine config against the current machine config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeSpecMachineConfigVersion" + }, + "node": { + "description": "node contains a reference to the node for this machine config node.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.MCOObjectReference" + }, + "pool": { + "description": "pool contains a reference to the machine config pool that this machine config node's referenced node belongs to.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.MCOObjectReference" + } + } + }, + "com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeSpecMachineConfigVersion": { + "description": "MachineConfigNodeSpecMachineConfigVersion holds the desired config version for the current observed machine config node. When Current is not equal to Desired, the MachineConfigOperator is in an upgrade phase and the machine config node will take account of upgrade related events. Otherwise, they will be ignored given that certain operations happen both during the MCO's upgrade mode and the daily operations mode.", + "type": "object", + "required": [ + "desired" + ], + "properties": { + "desired": { + "description": "desired is the name of the machine config that the the node should be upgraded to. This value is set when the machine config pool generates a new version of its rendered configuration. When this value is changed, the machine config daemon starts the node upgrade process. This value gets set in the machine config node spec once the machine config has been targeted for upgrade and before it is validated. Must be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting of only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end with an alphanumeric character, and be at most 253 characters in length.", "type": "string", - "enum": [ - "Etcd", - "Kubelet" - ] + "default": "" } } }, - "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterStatus": { - "description": "PacemakerClusterStatus contains the actual pacemaker cluster status information. As part of validating the status object, we need to ensure that the lastUpdated timestamp may not be set to an earlier timestamp than the current value. The validation rule checks if oldSelf has lastUpdated before comparing, to handle the initial status creation case.", + "com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeStatus": { + "description": "MachineConfigNodeStatus holds the reported information on a particular machine config node.", "type": "object", "required": [ - "conditions", - "lastUpdated", - "nodes" + "configVersion" ], "properties": { "conditions": { - "description": "conditions represent the observations of the pacemaker cluster's current state. Known condition types are: \"Healthy\", \"InService\", \"NodeCountAsExpected\". The \"Healthy\" condition is an aggregate that tracks the overall health of the cluster. The \"InService\" condition tracks whether the cluster is in service (not in maintenance mode). The \"NodeCountAsExpected\" condition tracks whether the expected number of nodes are present. Each of these conditions is required, so the array must contain at least 3 items.", + "description": "conditions represent the observations of a machine config node's current state.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" }, "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, - "lastUpdated": { - "description": "lastUpdated is the timestamp when this status was last updated. This is useful for identifying stale status reports. It must be a valid timestamp in RFC3339 format. Once set, this field cannot be removed and cannot be set to an earlier timestamp than the current value.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "configVersion": { + "description": "configVersion describes the current and desired machine config version for this node.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeStatusMachineConfigVersion" }, - "nodes": { - "description": "nodes provides detailed status for each control-plane node in the Pacemaker cluster. While Pacemaker supports up to 32 nodes, the limit is set to 5 (max OpenShift control-plane nodes). For Two Node OpenShift with Fencing, exactly 2 nodes are expected in a healthy cluster. An empty list indicates a catastrophic failure where Pacemaker reports no nodes.", + "observedGeneration": { + "description": "observedGeneration represents the generation of the MachineConfigNode object observed by the Machine Config Operator's controller. This field is updated when the controller observes a change to the desiredConfig in the configVersion of the machine config node spec.", + "type": "integer", + "format": "int64" + }, + "pinnedImageSets": { + "description": "pinnedImageSets describes the current and desired pinned image sets for this node.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerClusterNodeStatus" + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeStatusPinnedImageSet" }, "x-kubernetes-list-map-keys": [ - "nodeName" + "name" ], "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.etcd.v1alpha1.PacemakerNodeAddress": { - "description": "PacemakerNodeAddress contains information for a node's address. This is similar to corev1.NodeAddress but adds validation for IP addresses.", + "com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeStatusMachineConfigVersion": { + "description": "MachineConfigNodeStatusMachineConfigVersion holds the current and desired config versions as last updated in the MCN status. When the current and desired versions do not match, the machine config pool is processing an upgrade and the machine config node will monitor the upgrade process. When the current and desired versions do match, the machine config node will ignore these events given that certain operations happen both during the MCO's upgrade mode and the daily operations mode.", "type": "object", "required": [ - "type", - "address" + "desired" ], "properties": { - "address": { - "description": "address is the node address. For InternalIP, this must be a valid global unicast IPv4 or IPv6 address in canonical form. Canonical form means the shortest standard representation (e.g., \"192.168.1.1\" not \"192.168.001.001\", or \"2001:db8::1\" not \"2001:0db8::1\"). Maximum length is 39 characters (full IPv6 address). Global unicast includes private/RFC1918 addresses but excludes loopback, link-local, and multicast.", - "type": "string" - }, - "type": { - "description": "type is the type of node address. Currently only \"InternalIP\" is supported.\n\nPossible enum values:\n - `\"InternalIP\"` is an internal IP address assigned to the node. This is typically the IP address used for intra-cluster communication.", + "current": { + "description": "current is the name of the machine config currently in use on the node. This value is updated once the machine config daemon has completed the update of the configuration for the node. This value should match the desired version unless an upgrade is in progress. Must be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting of only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end with an alphanumeric character, and be at most 253 characters in length.", "type": "string", - "enum": [ - "InternalIP" - ] - } - } - }, - "com.github.openshift.api.example.v1.CELUnion": { - "description": "CELUnion demonstrates how to use a discriminated union and how to validate it using CEL.", - "type": "object", - "required": [ - "type" - ], - "properties": { - "optionalMember": { - "description": "optionalMember is a union member that is optional.", - "type": "string" - }, - "requiredMember": { - "description": "requiredMember is a union member that is required.", - "type": "string" + "default": "" }, - "type": { - "description": "type determines which of the union members should be populated.", + "desired": { + "description": "desired is the MachineConfig the node wants to upgrade to. This value gets set in the machine config node status once the machine config has been validated against the current machine config. Must be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting of only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end with an alphanumeric character, and be at most 253 characters in length.", "type": "string", "default": "" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "optionalMember": "OptionalMember", - "requiredMember": "RequiredMember" - } - } - ] + } }, - "com.github.openshift.api.example.v1.EvolvingUnion": { + "com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeStatusPinnedImageSet": { + "description": "MachineConfigNodeStatusPinnedImageSet holds information about the current, desired, and failed pinned image sets for the observed machine config node.", "type": "object", "required": [ - "type" + "name" ], "properties": { - "type": { - "description": "type is the discriminator. It has different values for Default and for TechPreviewNoUpgrade", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.example.v1.FormatMarkerExamples": { - "description": "FormatMarkerExamples demonstrates all Kubebuilder Format markers supported as of Kubernetes 1.33. This struct provides a comprehensive reference for format marker validation. Each field uses a different format marker to validate its value.", - "type": "object", - "properties": { - "base64Data": { - "description": "base64Data must be valid base64-encoded data. Valid examples include aGVsbG8= (encodes \"hello\") or SGVsbG8gV29ybGQh (encodes \"Hello World!\").", - "type": "string" - }, - "cidrNotation": { - "description": "cidrNotation must be a valid CIDR notation IP address range. Valid examples include IPv4 CIDR (10.0.0.0/8, 192.168.1.0/24) or IPv6 CIDR (fd00::/8, 2001:db8::/32).\n\nUse of Format=cidr is not recommended due to CVE-2021-29923 and CVE-2024-24790. Instead, use the CEL expression `isCIDR(self)` to validate CIDR notation. Additionally, use `isCIDR(self) && cidr(self).ip().family() == X` to validate IPvX specifically.", - "type": "string" - }, - "dateField": { - "description": "dateField must be a valid date in RFC 3339 full-date format (YYYY-MM-DD). Valid examples include 2024-01-15 or 2023-12-31.", - "type": "string" - }, - "dateTimeField": { - "description": "dateTimeField must be a valid RFC 3339 date-time. Valid examples include 2024-01-15T14:30:00Z, 2024-01-15T14:30:00+00:00, or 2024-01-15T14:30:00.123Z.", - "type": "string" - }, - "durationField": { - "description": "durationField must be a valid duration string parseable by Go's time.ParseDuration. Valid time units are ns, us (or µs), ms, s, m, h. Valid examples include 30s, 5m, 1h30m, 100ms, or 1h.", - "type": "string" - }, - "emailAddress": { - "description": "emailAddress must be a valid email address. Valid examples include user@example.com or firstname.lastname@company.co.uk.", - "type": "string" - }, - "hostnameField": { - "description": "hostnameField must be a valid Internet hostname per RFC 1034. Valid examples include example.com, api.example.com, or my-service.", - "type": "string" - }, - "ipv4Address": { - "description": "ipv4Address must be a valid IPv4 address in dotted-quad notation. Valid values range from 0.0.0.0 to 255.255.255.255 (e.g., 192.168.1.1).\n\nUse of Format=ipv4 is not recommended due to CVE-2021-29923 and CVE-2024-24790. Instead, use the CEL expression `isIP(self) && ip(self).family() == 4` to validate IPv4 addresses.", - "type": "string" - }, - "ipv6Address": { - "description": "ipv6Address must be a valid IPv6 address. Valid examples include full form (2001:0db8:0000:0000:0000:0000:0000:0001) or compressed form (2001:db8::1 or ::1).\n\nUse of Format=ipv6 is not recommended due to CVE-2021-29923 and CVE-2024-24790. Instead, use the CEL expression `isIP(self) && ip(self).family() == 6` to validate IPv6 addresses.", - "type": "string" - }, - "macAddress": { - "description": "macAddress must be a valid MAC address. Valid examples include 00:1A:2B:3C:4D:5E or 00-1A-2B-3C-4D-5E.", - "type": "string" - }, - "passwordField": { - "description": "passwordField is a marker for sensitive data. Note that the password format marker does not perform any actual validation - it accepts any string value. This marker is primarily used to signal that the field contains sensitive information.", - "type": "string" - }, - "uriField": { - "description": "uriField must be a valid URI following RFC 3986 syntax. Valid examples include https://example.com/path?query=value or /absolute-path.", - "type": "string" + "currentGeneration": { + "description": "currentGeneration is the generation of the pinned image set that has most recently been successfully pulled and pinned on this node.", + "type": "integer", + "format": "int32" }, - "uuid3Field": { - "description": "uuid3Field must be a valid UUID version 3 (MD5 hash-based). Version 3 UUIDs are generated using MD5 hashing of a namespace and name. Valid example: a3bb189e-8bf9-3888-9912-ace4e6543002.", - "type": "string" + "desiredGeneration": { + "description": "desiredGeneration is the generation of the pinned image set that is targeted to be pulled and pinned on this node.", + "type": "integer", + "format": "int32" }, - "uuid4Field": { - "description": "uuid4Field must be a valid UUID version 4 (random). Version 4 UUIDs are randomly generated. Valid example: 550e8400-e29b-41d4-a716-446655440000.", - "type": "string" + "lastFailedGeneration": { + "description": "lastFailedGeneration is the generation of the most recent pinned image set that failed to be pulled and pinned on this node.", + "type": "integer", + "format": "int32" }, - "uuid5Field": { - "description": "uuid5Field must be a valid UUID version 5 (SHA-1 hash-based). Version 5 UUIDs are generated using SHA-1 hashing of a namespace and name. Valid example: 74738ff5-5367-5958-9aee-98fffdcd1876.", + "lastFailedGenerationError": { + "description": "lastFailedGenerationError is the error explaining why the desired images failed to be pulled and pinned. The error is an empty string if the image pull and pin is successful.", "type": "string" }, - "uuidField": { - "description": "uuidField must be a valid UUID (any version) in 8-4-4-4-12 format. Valid examples include 550e8400-e29b-41d4-a716-446655440000 or 123e4567-e89b-12d3-a456-426614174000.", - "type": "string" + "name": { + "description": "name is the name of the pinned image set. Must be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting of only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end with an alphanumeric character, and be at most 253 characters in length.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.example.v1.StableConfigType": { - "description": "StableConfigType is a stable config type that may include TechPreviewNoUpgrade fields.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStream": { + "description": "OSImageStream describes a set of streams and associated images available for the MachineConfigPools to be used as base OS images.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -27399,24 +26261,24 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec is the specification of the desired behavior of the StableConfigType.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.example.v1.StableConfigTypeSpec" + "description": "spec contains the desired OSImageStream config configuration.", + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamSpec" }, "status": { - "description": "status is the most recently observed status of the StableConfigType.", + "description": "status describes the last observed state of this OSImageStream. Populated by the MachineConfigOperator after reading release metadata. When not present, the controller has not yet reconciled this resource.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.example.v1.StableConfigTypeStatus" + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamStatus" } } }, - "com.github.openshift.api.example.v1.StableConfigTypeList": { - "description": "StableConfigTypeList contains a list of StableConfigTypes.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamList": { + "description": "OSImageStreamList is a list of OSImageStream resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -27428,7 +26290,7 @@ "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.example.v1.StableConfigType" + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStream" } }, "kind": { @@ -27438,137 +26300,80 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.example.v1.StableConfigTypeSpec": { - "description": "StableConfigTypeSpec is the desired state", + "com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamSet": { "type": "object", "required": [ - "immutableField" + "name", + "osImage", + "osExtensionsImage" ], "properties": { - "celUnion": { - "description": "celUnion demonstrates how to validate a discrminated union using CEL", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.example.v1.CELUnion" - }, - "coolNewField": { - "description": "coolNewField is a field that is for tech preview only. On normal clusters this shouldn't be present", - "type": "string", - "default": "" - }, - "evolvingCollection": { - "description": "evolvingCollection demonstrates how to have a collection where the maximum number of items varies on cluster type. For default clusters, this will be \"1\" but on TechPreview clusters, this value will be \"3\".", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "evolvingUnion": { - "description": "evolvingUnion demonstrates how to phase in new values into discriminated union", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.example.v1.EvolvingUnion" - }, - "formatMarkerExamples": { - "description": "formatMarkerExamples demonstrates all Kubebuilder Format markers supported as of Kubernetes 1.33. This field serves as a comprehensive reference for format marker validation.", - "$ref": "#/definitions/com.github.openshift.api.example.v1.FormatMarkerExamples" - }, - "immutableField": { - "description": "immutableField is a field that is immutable once the object has been created. It is required at all times.", - "type": "string", - "default": "" - }, - "nonZeroDefault": { - "description": "nonZeroDefault is a demonstration of creating an integer field that has a non zero default. It required two default tags (one for CRD generation, one for client generation) and must have `omitempty` and be optional. A minimum value is added to demonstrate that a zero value would not be accepted.", - "type": "integer", - "format": "int32", - "default": 8 - }, - "optionalImmutableField": { - "description": "optionalImmutableField is a field that is immutable once set. It is optional but may not be changed once set.", - "type": "string", - "default": "" - }, - "set": { - "description": "set demonstrates how to define and validate set of strings", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "stableField": { - "description": "stableField is a field that is present on default clusters and on tech preview clusters\n\nIf empty, the platform will choose a good default, which may change over time without notice.", - "type": "string", - "default": "" + "name": { + "description": "name is the required identifier of the stream.\n\nname is determined by the operator based on the OCI label of the discovered OS or Extension Image.\n\nMust be a valid RFC 1123 subdomain between 1 and 253 characters in length, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.').", + "type": "string" }, - "subdomainNameField": { - "description": "subdomainNameField represents a kubenetes name field. The intention is that it validates the name in the same way metadata.Name is validated. That is, it is a DNS-1123 subdomain.", + "osExtensionsImage": { + "description": "osExtensionsImage is a required OS Extensions Image referenced by digest.\n\nosExtensionsImage bundles the extra repositories used to enable extensions, augmenting the base operating system without modifying the underlying immutable osImage.\n\nThe format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters.", "type": "string" }, - "subnetsWithExclusions": { - "description": "subnetsWithExclusions demonstrates how to validate a list of subnets with exclusions", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.example.v1.SubnetsWithExclusions" + "osImage": { + "description": "osImage is a required OS Image referenced by digest.\n\nosImage contains the immutable, fundamental operating system components, including the kernel and base utilities, that define the core environment for the node's host operating system.\n\nThe format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters.", + "type": "string" } } }, - "com.github.openshift.api.example.v1.StableConfigTypeStatus": { - "description": "StableConfigTypeStatus defines the observed status of the StableConfigType.", + "com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamSpec": { + "description": "OSImageStreamSpec defines the desired state of a OSImageStream.", + "type": "object" + }, + "com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamStatus": { + "description": "OSImageStreamStatus describes the current state of a OSImageStream", "type": "object", + "required": [ + "availableStreams", + "defaultStream" + ], "properties": { - "conditions": { - "description": "Represents the observations of a foo's current state. Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"", + "availableStreams": { + "description": "availableStreams is a list of the available OS Image Streams that can be used as the base image for MachineConfigPools. availableStreams is required, must have at least one item, must not exceed 100 items, and must have unique entries keyed on the name field.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamSet" }, "x-kubernetes-list-map-keys": [ - "type" + "name" ], "x-kubernetes-list-type": "map" }, - "immutableField": { - "description": "immutableField is a field that is immutable once the object has been created. It is required at all times.", + "defaultStream": { + "description": "defaultStream is the name of the stream that should be used as the default when no specific stream is requested by a MachineConfigPool.\n\nIt must be a valid RFC 1123 subdomain between 1 and 253 characters in length, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.'), and must reference the name of one of the streams in availableStreams.", "type": "string" } } }, - "com.github.openshift.api.example.v1.SubnetsWithExclusions": { - "description": "SubnetsWithExclusions is used to validate a list of subnets with exclusions. It demonstrates how exclusions should be validated as subnetworks of the networks listed in the subnets field.", + "com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageRef": { "type": "object", "required": [ - "subnets" + "name" ], "properties": { - "excludeSubnets": { - "description": "excludeSubnets is a list of CIDR exclusions. The subnets in this list must be subnetworks of the subnets in the subnets list.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "subnets": { - "description": "subnets is a list of subnets. It may contain up to 2 subnets. The list may be either 1 IPv4 subnet, 1 IPv6 subnet, or 1 of each.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "name": { + "description": "name is an OCI Image referenced by digest. The format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters.", + "type": "string" } } }, - "com.github.openshift.api.example.v1alpha1.NotStableConfigType": { - "description": "NotStableConfigType is a stable config type that is TechPreviewNoUpgrade only.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSet": { + "description": "PinnedImageSet describes a set of images that should be pinned by CRI-O and pulled to the nodes which are members of the declared MachineConfigPools.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -27579,26 +26384,26 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec is the specification of the desired behavior of the NotStableConfigType.", + "description": "spec describes the configuration of this pinned image set.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.example.v1alpha1.NotStableConfigTypeSpec" + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSetSpec" }, "status": { - "description": "status is the most recently observed status of the NotStableConfigType.", + "description": "status describes the last observed state of this pinned image set.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.example.v1alpha1.NotStableConfigTypeStatus" + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSetStatus" } } }, - "com.github.openshift.api.example.v1alpha1.NotStableConfigTypeList": { - "description": "NotStableConfigTypeList contains a list of NotStableConfigTypes.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSetList": { + "description": "PinnedImageSetList is a list of PinnedImageSet resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -27610,7 +26415,7 @@ "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.example.v1alpha1.NotStableConfigType" + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSet" } }, "kind": { @@ -27620,34 +26425,41 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.example.v1alpha1.NotStableConfigTypeSpec": { - "description": "NotStableConfigTypeSpec is the desired state", + "com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSetSpec": { + "description": "PinnedImageSetSpec defines the desired state of a PinnedImageSet.", "type": "object", "required": [ - "newField" + "pinnedImages" ], "properties": { - "newField": { - "description": "newField is a field that is tech preview, but because the entire type is gated, there is no marker on the field.", - "type": "string", - "default": "" + "pinnedImages": { + "description": "pinnedImages is a list of OCI Image referenced by digest that should be pinned and pre-loaded by the nodes of a MachineConfigPool. Translates into a new file inside the /etc/crio/crio.conf.d directory with content similar to this:\n\n pinned_images = [\n \"quay.io/openshift-release-dev/ocp-release@sha256:...\",\n \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\",\n \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\",\n ...\n ]\n\nThese image references should all be by digest, tags aren't allowed.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageRef" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.example.v1alpha1.NotStableConfigTypeStatus": { - "description": "NotStableConfigTypeStatus defines the observed status of the NotStableConfigType.", + "com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSetStatus": { + "description": "PinnedImageSetStatus describes the current state of a PinnedImageSet.", "type": "object", "properties": { "conditions": { - "description": "Represents the observations of a foo's current state. Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"", + "description": "conditions represent the observations of a pinned image set's current state.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" }, "x-kubernetes-list-map-keys": [ "type" @@ -27656,59 +26468,8 @@ } } }, - "com.github.openshift.api.helm.v1beta1.ConnectionConfig": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "ca": { - "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca-bundle.crt\" is used to locate the data. If empty, the default system roots are used. The namespace for this config map is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" - }, - "tlsClientConfig": { - "description": "tlsClientConfig is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate and private key to present when connecting to the server. The key \"tls.crt\" is used to locate the client certificate. The key \"tls.key\" is used to locate the private key. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" - }, - "url": { - "description": "Chart repository URL", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.helm.v1beta1.ConnectionConfigNamespaceScoped": { - "type": "object", - "required": [ - "url" - ], - "properties": { - "basicAuthConfig": { - "description": "basicAuthConfig is an optional reference to a secret by name that contains the basic authentication credentials to present when connecting to the server. The key \"username\" is used locate the username. The key \"password\" is used to locate the password. The namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" - }, - "ca": { - "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca-bundle.crt\" is used to locate the data. If empty, the default system roots are used. The namespace for this configmap must be same as the namespace where the project helm chart repository is getting instantiated.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" - }, - "tlsClientConfig": { - "description": "tlsClientConfig is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate and private key to present when connecting to the server. The key \"tls.crt\" is used to locate the client certificate. The key \"tls.key\" is used to locate the private key. The namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" - }, - "url": { - "description": "Chart repository URL", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.helm.v1beta1.HelmChartRepository": { - "description": "HelmChartRepository holds cluster-wide configuration for proxied Helm chart repository\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.monitoring.v1.AlertRelabelConfig": { + "description": "AlertRelabelConfig defines a set of relabel configs for alerts.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "spec" @@ -27725,37 +26486,34 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec holds user settable values for configuration", + "description": "spec describes the desired state of this AlertRelabelConfig object.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.HelmChartRepositorySpec" + "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.AlertRelabelConfigSpec" }, "status": { - "description": "Observed status of the repository within the cluster..", + "description": "status describes the current state of this AlertRelabelConfig object.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.HelmChartRepositoryStatus" + "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.AlertRelabelConfigStatus" } } }, - "com.github.openshift.api.helm.v1beta1.HelmChartRepositoryList": { - "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.monitoring.v1.AlertRelabelConfigList": { + "description": "AlertRelabelConfigList is a list of AlertRelabelConfigs.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "metadata", - "items" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "items": { + "description": "items is a list of AlertRelabelConfigs.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.HelmChartRepository" + "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.AlertRelabelConfig" } }, "kind": { @@ -27763,47 +26521,39 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.helm.v1beta1.HelmChartRepositorySpec": { - "description": "Helm chart repository exposed within the cluster", - "type": "object", + "com.github.openshift.api.monitoring.v1.AlertRelabelConfigSpec": { + "description": "AlertRelabelConfigsSpec is the desired state of an AlertRelabelConfig resource.", + "type": "object", "required": [ - "connectionConfig" + "configs" ], "properties": { - "connectionConfig": { - "description": "Required configuration for connecting to the chart repo", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.ConnectionConfig" - }, - "description": { - "description": "Optional human readable repository description, it can be used by UI for displaying purposes", - "type": "string" - }, - "disabled": { - "description": "If set to true, disable the repo usage in the cluster/namespace", - "type": "boolean" - }, - "name": { - "description": "Optional associated human readable repository name, it can be used by UI for displaying purposes", - "type": "string" + "configs": { + "description": "configs is a list of sequentially evaluated alert relabel configs.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.RelabelConfig" + } } } }, - "com.github.openshift.api.helm.v1beta1.HelmChartRepositoryStatus": { + "com.github.openshift.api.monitoring.v1.AlertRelabelConfigStatus": { + "description": "AlertRelabelConfigStatus is the status of an AlertRelabelConfig resource.", "type": "object", "properties": { "conditions": { - "description": "conditions is a list of conditions and their statuses", + "description": "conditions contains details on the state of the AlertRelabelConfig, may be empty.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" }, "x-kubernetes-list-map-keys": [ "type" @@ -27812,8 +26562,8 @@ } } }, - "com.github.openshift.api.helm.v1beta1.ProjectHelmChartRepository": { - "description": "ProjectHelmChartRepository holds namespace-wide configuration for proxied Helm chart repository\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.monitoring.v1.AlertingRule": { + "description": "AlertingRule represents a set of user-defined Prometheus rule groups containing alerting rules. This resource is the supported method for cluster admins to create alerts based on metrics recorded by the platform monitoring stack in OpenShift, i.e. the Prometheus instance deployed to the openshift-monitoring namespace. You might use this to create custom alerting rules not shipped with OpenShift based on metrics from components such as the node_exporter, which provides machine-level metrics such as CPU usage, or kube-state-metrics, which provides metrics on Kubernetes usage.\n\nThe API is mostly compatible with the upstream PrometheusRule type from the prometheus-operator. The primary difference being that recording rules are not allowed here -- only alerting rules. For each AlertingRule resource created, a corresponding PrometheusRule will be created in the openshift-monitoring namespace. OpenShift requires admins to use the AlertingRule resource rather than the upstream type in order to allow better OpenShift specific defaulting and validation, while not modifying the upstream APIs directly.\n\nYou can find upstream API documentation for PrometheusRule resources here:\n\nhttps://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "spec" @@ -27830,37 +26580,34 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec holds user settable values for configuration", + "description": "spec describes the desired state of this AlertingRule object.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.ProjectHelmChartRepositorySpec" + "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.AlertingRuleSpec" }, "status": { - "description": "Observed status of the repository within the namespace..", + "description": "status describes the current state of this AlertOverrides object.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.HelmChartRepositoryStatus" + "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.AlertingRuleStatus" } } }, - "com.github.openshift.api.helm.v1beta1.ProjectHelmChartRepositoryList": { - "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.monitoring.v1.AlertingRuleList": { + "description": "AlertingRuleList is a list of AlertingRule objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "metadata", - "items" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "items": { + "description": "items is a list of AlertingRule objects.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.ProjectHelmChartRepository" + "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.AlertingRule" } }, "kind": { @@ -27868,296 +26615,250 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.helm.v1beta1.ProjectHelmChartRepositorySpec": { - "description": "Project Helm chart repository exposed within a namespace", + "com.github.openshift.api.monitoring.v1.AlertingRuleSpec": { + "description": "AlertingRuleSpec is the desired state of an AlertingRule resource.", "type": "object", "required": [ - "connectionConfig" + "groups" ], "properties": { - "connectionConfig": { - "description": "Required configuration for connecting to the chart repo", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.ConnectionConfigNamespaceScoped" - }, - "description": { - "description": "Optional human readable repository description, it can be used by UI for displaying purposes", - "type": "string" - }, - "disabled": { - "description": "If set to true, disable the repo usage in the namespace", - "type": "boolean" + "groups": { + "description": "groups is a list of grouped alerting rules. Rule groups are the unit at which Prometheus parallelizes rule processing. All rules in a single group share a configured evaluation interval. All rules in the group will be processed together on this interval, sequentially, and all rules will be processed.\n\nIt's common to group related alerting rules into a single AlertingRule resources, and within that resource, closely related alerts, or simply alerts with the same interval, into individual groups. You are also free to create AlertingRule resources with only a single rule group, but be aware that this can have a performance impact on Prometheus if the group is extremely large or has very complex query expressions to evaluate. Spreading very complex rules across multiple groups to allow them to be processed in parallel is also a common use-case.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.RuleGroup" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.monitoring.v1.AlertingRuleStatus": { + "description": "AlertingRuleStatus is the status of an AlertingRule resource.", + "type": "object", + "properties": { + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with.", + "type": "integer", + "format": "int64" }, - "name": { - "description": "Optional associated human readable repository name, it can be used by UI for displaying purposes", - "type": "string" + "prometheusRule": { + "description": "prometheusRule is the generated PrometheusRule for this AlertingRule. Each AlertingRule instance results in a generated PrometheusRule object in the same namespace, which is always the openshift-monitoring namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.PrometheusRuleRef" } } }, - "com.github.openshift.api.image.v1.DockerImageReference": { - "description": "DockerImageReference points to a container image.", + "com.github.openshift.api.monitoring.v1.PrometheusRuleRef": { + "description": "PrometheusRuleRef is a reference to an existing PrometheusRule object. Each AlertingRule instance results in a generated PrometheusRule object in the same namespace, which is always the openshift-monitoring namespace. This is used to point to the generated PrometheusRule object in the AlertingRule status.", "type": "object", "required": [ - "Registry", - "Namespace", - "Name", - "Tag", - "ID" + "name" ], "properties": { - "ID": { - "description": "ID is the identifier for the container image", - "type": "string", - "default": "" - }, - "Name": { - "description": "Name is the name of the container image", - "type": "string", - "default": "" - }, - "Namespace": { - "description": "Namespace is the namespace that contains the container image", - "type": "string", - "default": "" - }, - "Registry": { - "description": "Registry is the registry that contains the container image", - "type": "string", - "default": "" - }, - "Tag": { - "description": "Tag is which tag of the container image is being referenced", + "name": { + "description": "name of the referenced PrometheusRule.", "type": "string", "default": "" } } }, - "com.github.openshift.api.image.v1.Image": { - "description": "Image is an immutable representation of a container image and its metadata at a point in time. Images are named by taking a hash of their contents (metadata and content) and any change in format, content, or metadata results in a new name. The images resource is primarily for use by cluster administrators and integrations like the cluster image registry - end users, instead, access images via the imagestreamtags or imagestreamimages resources. While image metadata is stored in the API, any integration that implements the container image registry API must provide its own storage for the raw manifest data, image config, and layer contents.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.monitoring.v1.RelabelConfig": { + "description": "RelabelConfig allows dynamic rewriting of label sets for alerts. See Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "dockerImageConfig": { - "description": "dockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. Will not be set when the image represents a manifest list.", + "action": { + "description": "action to perform based on regex matching. Must be one of: 'Replace', 'Keep', 'Drop', 'HashMod', 'LabelMap', 'LabelDrop', or 'LabelKeep'. Default is: 'Replace'", "type": "string" }, - "dockerImageLayers": { - "description": "dockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageLayer" - } - }, - "dockerImageManifest": { - "description": "dockerImageManifest is the raw JSON of the manifest", - "type": "string" + "modulus": { + "description": "modulus to take of the hash of the source label values. This can be combined with the 'HashMod' action to set 'target_label' to the 'modulus' of a hash of the concatenated 'source_labels'. This is only valid if sourceLabels is not empty and action is not 'LabelKeep' or 'LabelDrop'.", + "type": "integer", + "format": "int64" }, - "dockerImageManifestMediaType": { - "description": "dockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2.", + "regex": { + "description": "regex against which the extracted value is matched. Default is: '(.*)' regex is required for all actions except 'HashMod'", "type": "string" }, - "dockerImageManifests": { - "description": "dockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageManifest" - } - }, - "dockerImageMetadata": { - "description": "dockerImageMetadata contains metadata about this image", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io", - "x-kubernetes-patch-strategy": "replace" - }, - "dockerImageMetadataVersion": { - "description": "dockerImageMetadataVersion conveys the version of the object, which if empty defaults to \"1.0\"", + "replacement": { + "description": "replacement value against which a regex replace is performed if the regular expression matches. This is required if the action is 'Replace' or 'LabelMap' and forbidden for actions 'LabelKeep' and 'LabelDrop'. Regex capture groups are available. Default is: '$1'", "type": "string" }, - "dockerImageReference": { - "description": "dockerImageReference is the string that can be used to pull this image.", + "separator": { + "description": "separator placed between concatenated source label values. When omitted, Prometheus will use its default value of ';'.", "type": "string" }, - "dockerImageSignatures": { - "description": "dockerImageSignatures provides the signatures as opaque blobs. This is a part of manifest schema v1.", + "sourceLabels": { + "description": "sourceLabels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the 'Replace', 'Keep', and 'Drop' actions. Not allowed for actions 'LabelKeep' and 'LabelDrop'.", "type": "array", "items": { "type": "string", - "format": "byte" + "default": "" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "targetLabel": { + "description": "targetLabel to which the resulting value is written in a 'Replace' action. It is required for 'Replace' and 'HashMod' actions and forbidden for actions 'LabelKeep' and 'LabelDrop'. Regex capture groups are available.", "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "signatures": { - "description": "signatures holds all signatures of the image.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageSignature" - }, - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" } } }, - "com.github.openshift.api.image.v1.ImageBlobReferences": { - "description": "ImageBlobReferences describes the blob references within an image.", + "com.github.openshift.api.monitoring.v1.Rule": { + "description": "Rule describes an alerting rule. See Prometheus documentation: - https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules", "type": "object", + "required": [ + "alert", + "expr" + ], "properties": { - "config": { - "description": "config, if set, is the blob that contains the image config. Some images do not have separate config blobs and this field will be set to nil if so.", - "type": "string" - }, - "imageMissing": { - "description": "imageMissing is true if the image is referenced by the image stream but the image object has been deleted from the API by an administrator. When this field is set, layers and config fields may be empty and callers that depend on the image metadata should consider the image to be unavailable for download or viewing.", - "type": "boolean", - "default": false + "alert": { + "description": "alert is the name of the alert. Must be a valid label value, i.e. may contain any Unicode character.", + "type": "string", + "default": "" }, - "layers": { - "description": "layers is the list of blobs that compose this image, from base layer to top layer. All layers referenced by this array will be defined in the blobs map. Some images may have zero layers.", - "type": "array", - "items": { + "annotations": { + "description": "annotations to add to each alert. These are values that can be used to store longer additional information that you won't query on, such as alert descriptions or runbook links.", + "type": "object", + "additionalProperties": { "type": "string", "default": "" } }, - "manifests": { - "description": "manifests is the list of other image names that this image points to. For a single architecture image, it is empty. For a multi-arch image, it consists of the digests of single architecture images, such images shouldn't have layers nor config.", - "type": "array", - "items": { + "expr": { + "description": "expr is the PromQL expression to evaluate. Every evaluation cycle this is evaluated at the current time, and all resultant time series become pending or firing alerts. This is most often a string representing a PromQL expression, e.g.: mapi_current_pending_csr > mapi_max_pending_csr In rare cases this could be a simple integer, e.g. a simple \"1\" if the intent is to create an alert that is always firing. This is sometimes used to create an always-firing \"Watchdog\" alert in order to ensure the alerting pipeline is functional.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + }, + "for": { + "description": "for is the time period after which alerts are considered firing after first returning results. Alerts which have not yet fired for long enough are considered pending.", + "type": "string" + }, + "labels": { + "description": "labels to add or overwrite for each alert. The results of the PromQL expression for the alert will result in an existing set of labels for the alert, after evaluating the expression, for any label specified here with the same name as a label in that set, the label here wins and overwrites the previous value. These should typically be short identifying values that may be useful to query against. A common example is the alert severity, where one sets `severity: warning` under the `labels` key:", + "type": "object", + "additionalProperties": { "type": "string", "default": "" } } } }, - "com.github.openshift.api.image.v1.ImageImportSpec": { - "description": "ImageImportSpec describes a request to import a specific image.", + "com.github.openshift.api.monitoring.v1.RuleGroup": { + "description": "RuleGroup is a list of sequentially evaluated alerting rules.", "type": "object", "required": [ - "from" + "name", + "rules" ], "properties": { - "from": { - "description": "from is the source of an image to import; only kind DockerImage is allowed", - "default": {}, - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" - }, - "importPolicy": { - "description": "importPolicy is the policy controlling how the image is imported", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.TagImportPolicy" - }, - "includeManifest": { - "description": "includeManifest determines if the manifest for each image is returned in the response", - "type": "boolean" + "interval": { + "description": "interval is how often rules in the group are evaluated. If not specified, it defaults to the global.evaluation_interval configured in Prometheus, which itself defaults to 30 seconds. You can check if this value has been modified from the default on your cluster by inspecting the platform Prometheus configuration: The relevant field in that resource is: spec.evaluationInterval", + "type": "string" }, - "referencePolicy": { - "description": "referencePolicy defines how other components should consume the image", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.TagReferencePolicy" + "name": { + "description": "name is the name of the group.", + "type": "string", + "default": "" }, - "to": { - "description": "to is a tag in the current image stream to assign the imported image to, if name is not specified the default tag from from.name will be used", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + "rules": { + "description": "rules is a list of sequentially evaluated alerting rules. Prometheus may process rule groups in parallel, but rules within a single group are always processed sequentially, and all rules are processed.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.Rule" + } } } }, - "com.github.openshift.api.image.v1.ImageImportStatus": { - "description": "ImageImportStatus describes the result of an image import.", + "com.github.openshift.api.network.v1.ClusterNetwork": { + "description": "ClusterNetwork was used by OpenShift SDN. DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in any way by OpenShift.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "status" + "serviceNetwork", + "clusterNetworks" ], "properties": { - "image": { - "description": "image is the metadata of that image, if the image was located", - "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "manifests": { - "description": "manifests holds sub-manifests metadata when importing a manifest list", + "clusterNetworks": { + "description": "clusterNetworks is a list of ClusterNetwork objects that defines the global overlay network's L3 space by specifying a set of CIDR and netmasks that the SDN can allocate addresses from.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" + "$ref": "#/definitions/com.github.openshift.api.network.v1.ClusterNetworkEntry" } }, - "status": { - "description": "status is the status of the image import, including errors encountered while retrieving the image", + "hostsubnetlength": { + "description": "hostsubnetlength is the number of bits of network to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pods", + "type": "integer", + "format": "int64" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/Status.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "tag": { - "description": "tag is the tag this image was located under, if any", + "mtu": { + "description": "mtu is the MTU for the overlay network. This should be 50 less than the MTU of the network connecting the nodes. It is normally autodetected by the cluster network operator.", + "type": "integer", + "format": "int64" + }, + "network": { + "description": "network is a CIDR string specifying the global overlay network's L3 space", "type": "string" - } - } - }, - "com.github.openshift.api.image.v1.ImageLayer": { - "description": "ImageLayer represents a single layer of the image. Some images may have multiple layers. Some may have none.", - "type": "object", - "required": [ - "name", - "size", - "mediaType" - ], - "properties": { - "mediaType": { - "description": "mediaType of the referenced object.", - "type": "string", - "default": "" }, - "name": { - "description": "name of the layer as defined by the underlying store.", + "pluginName": { + "description": "pluginName is the name of the network plugin being used", + "type": "string" + }, + "serviceNetwork": { + "description": "serviceNetwork is the CIDR range that Service IP addresses are allocated from", "type": "string", "default": "" }, - "size": { - "description": "size of the layer in bytes as defined by the underlying store.", + "vxlanPort": { + "description": "vxlanPort sets the VXLAN destination port used by the cluster. It is set by the master configuration file on startup and cannot be edited manually. Valid values for VXLANPort are integers 1-65535 inclusive and if unset defaults to 4789. Changing VXLANPort allows users to resolve issues between openshift SDN and other software trying to use the same VXLAN destination port.", "type": "integer", - "format": "int64", - "default": 0 + "format": "int64" } } }, - "com.github.openshift.api.image.v1.ImageLayerData": { - "description": "ImageLayerData contains metadata about an image layer.", + "com.github.openshift.api.network.v1.ClusterNetworkEntry": { + "description": "ClusterNetworkEntry defines an individual cluster network. The CIDRs cannot overlap with other cluster network CIDRs, CIDRs reserved for external ips, CIDRs reserved for service networks, and CIDRs reserved for ingress ips.", "type": "object", "required": [ - "size", - "mediaType" + "CIDR", + "hostSubnetLength" ], "properties": { - "mediaType": { - "description": "mediaType of the referenced object.", + "CIDR": { + "description": "CIDR defines the total range of a cluster networks address space.", "type": "string", "default": "" }, - "size": { - "description": "size of the layer in bytes as defined by the underlying store. This field is optional if the necessary information about size is not available.", + "hostSubnetLength": { + "description": "hostSubnetLength is the number of bits of the accompanying CIDR address to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pods.", "type": "integer", - "format": "int64" + "format": "int64", + "default": 0 } } }, - "com.github.openshift.api.image.v1.ImageList": { - "description": "ImageList is a list of Image objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.network.v1.ClusterNetworkList": { + "description": "ClusterNetworkList is a collection of ClusterNetworks\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "items" @@ -28168,11 +26869,11 @@ "type": "string" }, "items": { - "description": "items is a list of images", + "description": "items is the list of cluster networks", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" + "$ref": "#/definitions/com.github.openshift.api.network.v1.ClusterNetwork" } }, "kind": { @@ -28182,299 +26883,157 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.image.v1.ImageLookupPolicy": { - "description": "ImageLookupPolicy describes how an image stream can be used to override the image references used by pods, builds, and other resources in a namespace.", - "type": "object", - "required": [ - "local" - ], - "properties": { - "local": { - "description": "local will change the docker short image references (like \"mysql\" or \"php:latest\") on objects in this namespace to the image ID whenever they match this image stream, instead of reaching out to a remote registry. The name will be fully qualified to an image ID if found. The tag's referencePolicy is taken into account on the replaced value. Only works within the current namespace.", - "type": "boolean", - "default": false + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.image.v1.ImageManifest": { - "description": "ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object.", + "com.github.openshift.api.network.v1.EgressNetworkPolicy": { + "description": "EgressNetworkPolicy was used by OpenShift SDN. DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in any way by OpenShift.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "digest", - "mediaType", - "manifestSize", - "architecture", - "os" + "spec" ], "properties": { - "architecture": { - "description": "architecture specifies the supported CPU architecture, for example `amd64` or `ppc64le`.", - "type": "string", - "default": "" - }, - "digest": { - "description": "digest is the unique identifier for the manifest. It refers to an Image object.", - "type": "string", - "default": "" - }, - "manifestSize": { - "description": "manifestSize represents the size of the raw object contents, in bytes.", - "type": "integer", - "format": "int64", - "default": 0 + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "mediaType": { - "description": "mediaType defines the type of the manifest, possible values are application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json or application/vnd.docker.distribution.manifest.v1+json.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "os": { - "description": "os specifies the operating system, for example `linux`.", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "variant": { - "description": "variant is an optional field repreenting a variant of the CPU, for example v6 to specify a particular CPU variant of the ARM CPU.", - "type": "string" + "spec": { + "description": "spec is the specification of the current egress network policy", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.network.v1.EgressNetworkPolicySpec" } } }, - "com.github.openshift.api.image.v1.ImageSignature": { - "description": "ImageSignature holds a signature of an image. It allows to verify image identity and possibly other claims as long as the signature is trusted. Based on this information it is possible to restrict runnable images to those matching cluster-wide policy. Mandatory fields should be parsed by clients doing image verification. The others are parsed from signature's content by the server. They serve just an informative purpose.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.network.v1.EgressNetworkPolicyList": { + "description": "EgressNetworkPolicyList is a collection of EgressNetworkPolicy\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "type", - "content" + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "conditions": { - "description": "conditions represent the latest available observations of a signature's current state.", + "items": { + "description": "items is the list of policies", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.SignatureCondition" - }, - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" - }, - "content": { - "description": "Required: An opaque binary string which is an image's signature.", - "type": "string", - "format": "byte" - }, - "created": { - "description": "If specified, it is the time of signature's creation.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "imageIdentity": { - "description": "A human readable string representing image's identity. It could be a product name and version, or an image pull spec (e.g. \"registry.access.redhat.com/rhel7/rhel:7.2\").", - "type": "string" - }, - "issuedBy": { - "description": "If specified, it holds information about an issuer of signing certificate or key (a person or entity who signed the signing certificate or key).", - "$ref": "#/definitions/com.github.openshift.api.image.v1.SignatureIssuer" - }, - "issuedTo": { - "description": "If specified, it holds information about a subject of signing certificate or key (a person or entity who signed the image).", - "$ref": "#/definitions/com.github.openshift.api.image.v1.SignatureSubject" + "$ref": "#/definitions/com.github.openshift.api.network.v1.EgressNetworkPolicy" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "signedClaims": { - "description": "Contains claims from the signature.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "type": { - "description": "Required: Describes a type of stored blob.", - "type": "string", - "default": "" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.image.v1.ImageStream": { - "description": "An ImageStream stores a mapping of tags to images, metadata overrides that are applied when images are tagged in a stream, and an optional reference to a container image repository on a registry. Users typically update the spec.tags field to point to external images which are imported from container registries using credentials in your namespace with the pull secret type, or to existing image stream tags and images which are immediately accessible for tagging or pulling. The history of images applied to a tag is visible in the status.tags field and any user who can view an image stream is allowed to tag that image into their own image streams. Access to pull images from the integrated registry is granted by having the \"get imagestreams/layers\" permission on a given image stream. Users may remove a tag by deleting the imagestreamtag resource, which causes both spec and status for that tag to be removed. Image stream history is retained until an administrator runs the prune operation, which removes references that are no longer in use. To preserve a historical image, ensure there is a tag in spec pointing to that image by its digest.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "spec describes the desired state of this stream", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStreamSpec" - }, - "status": { - "description": "status describes the current state of this stream", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStreamStatus" - } - } - }, - "com.github.openshift.api.image.v1.ImageStreamImage": { - "description": "ImageStreamImage represents an Image that is retrieved by image name from an ImageStream. User interfaces and regular users can use this resource to access the metadata details of a tagged image in the image stream history for viewing, since Image resources are not directly accessible to end users. A not found error will be returned if no such image is referenced by a tag within the ImageStream. Images are created when spec tags are set on an image stream that represent an image in an external registry, when pushing to the integrated registry, or when tagging an existing image from one image stream to another. The name of an image stream image is in the form \"@\", where the digest is the content addressible identifier for the image (sha256:xxxxx...). You can use ImageStreamImages as the from.kind of an image stream spec tag to reference an image exactly. The only operations supported on the imagestreamimage endpoint are retrieving the image.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.network.v1.EgressNetworkPolicyPeer": { + "description": "EgressNetworkPolicyPeer specifies a target to apply egress network policy to", "type": "object", - "required": [ - "image" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "cidrSelector": { + "description": "cidrSelector is the CIDR range to allow/deny traffic to. If this is set, dnsName must be unset Ideally we would have liked to use the cidr openapi format for this property. But openshift-sdn only supports v4 while specifying the cidr format allows both v4 and v6 cidrs We are therefore using a regex pattern to validate instead.", "type": "string" }, - "image": { - "description": "image associated with the ImageStream and image name.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "dnsName": { + "description": "dnsName is the domain name to allow/deny traffic to. If this is set, cidrSelector must be unset", "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.image.v1.ImageStreamImport": { - "description": "The image stream import resource provides an easy way for a user to find and import container images from other container image registries into the server. Individual images or an entire image repository may be imported, and users may choose to see the results of the import prior to tagging the resulting images into the specified image stream.\n\nThis API is intended for end-user tools that need to see the metadata of the image prior to import (for instance, to generate an application from it). Clients that know the desired image can continue to create spec.tags directly into their image streams.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.network.v1.EgressNetworkPolicyRule": { + "description": "EgressNetworkPolicyRule contains a single egress network policy rule", "type": "object", "required": [ - "spec", - "status" + "type", + "to" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "spec is a description of the images that the user wishes to import", + "to": { + "description": "to is the target that traffic is allowed/denied to", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStreamImportSpec" + "$ref": "#/definitions/com.github.openshift.api.network.v1.EgressNetworkPolicyPeer" }, - "status": { - "description": "status is the result of importing the image", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStreamImportStatus" + "type": { + "description": "type marks this as an \"Allow\" or \"Deny\" rule", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.image.v1.ImageStreamImportSpec": { - "description": "ImageStreamImportSpec defines what images should be imported.", + "com.github.openshift.api.network.v1.EgressNetworkPolicySpec": { + "description": "EgressNetworkPolicySpec provides a list of policies on outgoing network traffic", "type": "object", "required": [ - "import" + "egress" ], "properties": { - "images": { - "description": "images are a list of individual images to import.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageImportSpec" - } - }, - "import": { - "description": "import indicates whether to perform an import - if so, the specified tags are set on the spec and status of the image stream defined by the type meta.", - "type": "boolean", - "default": false - }, - "repository": { - "description": "repository is an optional import of an entire container image repository. A maximum limit on the number of tags imported this way is imposed by the server.", - "$ref": "#/definitions/com.github.openshift.api.image.v1.RepositoryImportSpec" - } - } - }, - "com.github.openshift.api.image.v1.ImageStreamImportStatus": { - "description": "ImageStreamImportStatus contains information about the status of an image stream import.", - "type": "object", - "properties": { - "images": { - "description": "images is set with the result of importing spec.images", + "egress": { + "description": "egress contains the list of egress policy rules", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageImportStatus" + "$ref": "#/definitions/com.github.openshift.api.network.v1.EgressNetworkPolicyRule" } - }, - "import": { - "description": "import is the image stream that was successfully updated or created when 'to' was set.", - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStream" - }, - "repository": { - "description": "repository is set if spec.repository was set to the outcome of the import", - "$ref": "#/definitions/com.github.openshift.api.image.v1.RepositoryImportStatus" } } }, - "com.github.openshift.api.image.v1.ImageStreamLayers": { - "description": "ImageStreamLayers describes information about the layers referenced by images in this image stream.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.network.v1.HostSubnet": { + "description": "HostSubnet was used by OpenShift SDN. DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in any way by OpenShift.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "blobs", - "images" + "host", + "hostIP", + "subnet" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "blobs": { - "description": "blobs is a map of blob name to metadata about the blob.", - "type": "object", - "additionalProperties": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageLayerData" + "egressCIDRs": { + "description": "egressCIDRs is the list of CIDR ranges available for automatically assigning egress IPs to this node from. If this field is set then EgressIPs should be treated as read-only.", + "type": "array", + "items": { + "type": "string", + "default": "" } }, - "images": { - "description": "images is a map between an image name and the names of the blobs and config that comprise the image.", - "type": "object", - "additionalProperties": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageBlobReferences" + "egressIPs": { + "description": "egressIPs is the list of automatic egress IP addresses currently hosted by this node. If EgressCIDRs is empty, this can be set by hand; if EgressCIDRs is set then the master will overwrite the value here with its own allocation of egress IPs.", + "type": "array", + "items": { + "type": "string", + "default": "" } }, + "host": { + "description": "host is the name of the node. (This is the same as the object's name, but both fields must be set.)", + "type": "string", + "default": "" + }, + "hostIP": { + "description": "hostIP is the IP address to be used as a VTEP by other nodes in the overlay network", + "type": "string", + "default": "" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -28482,12 +27041,17 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "subnet": { + "description": "subnet is the CIDR range of the overlay network assigned to the node for its pods", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.image.v1.ImageStreamList": { - "description": "ImageStreamList is a list of ImageStream objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.network.v1.HostSubnetList": { + "description": "HostSubnetList is a collection of HostSubnets\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "items" @@ -28498,11 +27062,11 @@ "type": "string" }, "items": { - "description": "items is a list of imageStreams", + "description": "items is the list of host subnets", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStream" + "$ref": "#/definitions/com.github.openshift.api.network.v1.HostSubnet" } }, "kind": { @@ -28512,26 +27076,29 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.image.v1.ImageStreamMapping": { - "description": "ImageStreamMapping represents a mapping from a single image stream tag to a container image as well as the reference to the container image stream the image came from. This resource is used by privileged integrators to create an image resource and to associate it with an image stream in the status tags field. Creating an ImageStreamMapping will allow any user who can view the image stream to tag or pull that image, so only create mappings where the user has proven they have access to the image contents directly. The only operation supported for this resource is create and the metadata name and namespace should be set to the image stream containing the tag that should be updated.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.network.v1.NetNamespace": { + "description": "NetNamespace was used by OpenShift SDN. DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in any way by OpenShift.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "image", - "tag" + "netname", + "netid" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "image": { - "description": "image is a container image.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" + "egressIPs": { + "description": "egressIPs is a list of reserved IPs that will be used as the source for external traffic coming from pods in this namespace. (If empty, external traffic will be masqueraded to Node IPs.)", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", @@ -28540,120 +27107,23 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "tag": { - "description": "tag is a string value this image can be located with inside the stream.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.image.v1.ImageStreamSpec": { - "description": "ImageStreamSpec represents options for ImageStreams.", - "type": "object", - "properties": { - "dockerImageRepository": { - "description": "dockerImageRepository is optional, if specified this stream is backed by a container repository on this server Deprecated: This field is deprecated as of v3.7 and will be removed in a future release. Specify the source for the tags to be imported in each tag via the spec.tags.from reference instead.", - "type": "string" - }, - "lookupPolicy": { - "description": "lookupPolicy controls how other resources reference images within this namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageLookupPolicy" - }, - "tags": { - "description": "tags map arbitrary string values to specific image locators", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.TagReference" - }, - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" - } - } - }, - "com.github.openshift.api.image.v1.ImageStreamStatus": { - "description": "ImageStreamStatus contains information about the state of this image stream.", - "type": "object", - "properties": { - "dockerImageRepository": { - "description": "dockerImageRepository represents the effective location this stream may be accessed at. May be empty until the server determines where the repository is located", - "type": "string", - "default": "" - }, - "publicDockerImageRepository": { - "description": "publicDockerImageRepository represents the public location from where the image can be pulled outside the cluster. This field may be empty if the administrator has not exposed the integrated registry externally.", - "type": "string" - }, - "tags": { - "description": "tags are a historical record of images associated with each tag. The first entry in the TagEvent array is the currently tagged image.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.NamedTagEventList" - }, - "x-kubernetes-patch-merge-key": "tag", - "x-kubernetes-patch-strategy": "merge" - } - } - }, - "com.github.openshift.api.image.v1.ImageStreamTag": { - "description": "ImageStreamTag represents an Image that is retrieved by tag name from an ImageStream. Use this resource to interact with the tags and images in an image stream by tag, or to see the image details for a particular tag. The image associated with this resource is the most recently successfully tagged, imported, or pushed image (as described in the image stream status.tags.items list for this tag). If an import is in progress or has failed the previous image will be shown. Deleting an image stream tag clears both the status and spec fields of an image stream. If no image can be retrieved for a given tag, a not found error will be returned.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "tag", - "generation", - "lookupPolicy", - "image" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "conditions": { - "description": "conditions is an array of conditions that apply to the image stream tag.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.TagEventCondition" - } + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "generation": { - "description": "generation is the current generation of the tagged image - if tag is provided and this value is not equal to the tag generation, a user has requested an import that has not completed, or conditions will be filled out indicating any error.", + "netid": { + "description": "netid is the network identifier of the network namespace assigned to each overlay network packet. This can be manipulated with the \"oc adm pod-network\" commands.", "type": "integer", "format": "int64", "default": 0 }, - "image": { - "description": "image associated with the ImageStream and tag.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "lookupPolicy": { - "description": "lookupPolicy indicates whether this tag will handle image references in this namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageLookupPolicy" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "tag": { - "description": "tag is the spec tag associated with this image stream tag, and it may be null if only pushes have occurred to this image stream.", - "$ref": "#/definitions/com.github.openshift.api.image.v1.TagReference" + "netname": { + "description": "netname is the name of the network namespace. (This is the same as the object's name, but both fields must be set.)", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.image.v1.ImageStreamTagList": { - "description": "ImageStreamTagList is a list of ImageStreamTag objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.network.v1.NetNamespaceList": { + "description": "NetNamespaceList is a collection of NetNamespaces\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "items" @@ -28664,11 +27134,11 @@ "type": "string" }, "items": { - "description": "items is the list of image stream tags", + "description": "items is the list of net namespaces", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStreamTag" + "$ref": "#/definitions/com.github.openshift.api.network.v1.NetNamespace" } }, "kind": { @@ -28678,27 +27148,21 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.image.v1.ImageTag": { - "description": "ImageTag represents a single tag within an image stream and includes the spec, the status history, and the currently referenced image (if any) of the provided tag. This type replaces the ImageStreamTag by providing a full view of the tag. ImageTags are returned for every spec or status tag present on the image stream. If no tag exists in either form, a not found error will be returned by the API. A create operation will succeed if no spec tag has already been defined and the spec field is set. Delete will remove both spec and status elements from the image stream.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.network.v1alpha1.DNSNameResolver": { + "description": "DNSNameResolver stores the DNS name resolution information of a DNS name. It can be enabled by the TechPreviewNoUpgrade feature set. It can also be enabled by the feature gate DNSNameResolver when using CustomNoUpgrade feature set.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "spec", - "status", - "image" + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "image": { - "description": "image is the details of the most recent image stream status tag, and it may be null if import has not completed or an administrator has deleted the image object. To verify this is the most recent image, you must verify the generation of the most recent status.items entry matches the spec tag (if a spec tag is set). This field will not be set when listing image tags.", - "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -28706,20 +27170,22 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec is the spec tag associated with this image stream tag, and it may be null if only pushes have occurred to this image stream.", - "$ref": "#/definitions/com.github.openshift.api.image.v1.TagReference" + "description": "spec is the specification of the desired behavior of the DNSNameResolver.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.network.v1alpha1.DNSNameResolverSpec" }, "status": { - "description": "status is the status tag details associated with this image stream tag, and it may be null if no push or import has been performed.", - "$ref": "#/definitions/com.github.openshift.api.image.v1.NamedTagEventList" + "description": "status is the most recently observed status of the DNSNameResolver.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.network.v1alpha1.DNSNameResolverStatus" } } }, - "com.github.openshift.api.image.v1.ImageTagList": { - "description": "ImageTagList is a list of ImageTag objects. When listing image tags, the image field is not populated. Tags are returned in alphabetical order by image stream and then tag.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.network.v1alpha1.DNSNameResolverList": { + "description": "DNSNameResolverList contains a list of DNSNameResolvers.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ "items" @@ -28730,11 +27196,11 @@ "type": "string" }, "items": { - "description": "items is the list of image stream tags", + "description": "items gives the list of DNSNameResolvers.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageTag" + "$ref": "#/definitions/com.github.openshift.api.network.v1alpha1.DNSNameResolver" } }, "kind": { @@ -28744,392 +27210,470 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.image.v1.NamedTagEventList": { - "description": "NamedTagEventList relates a tag to its image history.", + "com.github.openshift.api.network.v1alpha1.DNSNameResolverResolvedAddress": { + "description": "DNSNameResolverResolvedAddress describes the details of an IP address for a resolved DNS name.", "type": "object", "required": [ - "tag", - "items" + "ip", + "ttlSeconds", + "lastLookupTime" + ], + "properties": { + "ip": { + "description": "ip is an IP address associated with the dnsName. The validity of the IP address expires after lastLookupTime + ttlSeconds. To refresh the information, a DNS lookup will be performed upon the expiration of the IP address's validity. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity.", + "type": "string", + "default": "" + }, + "lastLookupTime": { + "description": "lastLookupTime is the timestamp when the last DNS lookup was completed successfully. The validity of the IP address expires after lastLookupTime + ttlSeconds. The value of this field will be updated to the current time on a successful DNS lookup. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "ttlSeconds": { + "description": "ttlSeconds is the time-to-live value of the IP address. The validity of the IP address expires after lastLookupTime + ttlSeconds. On a successful DNS lookup the value of this field will be updated with the current time-to-live value. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity.", + "type": "integer", + "format": "int32", + "default": 0 + } + } + }, + "com.github.openshift.api.network.v1alpha1.DNSNameResolverResolvedName": { + "description": "DNSNameResolverResolvedName describes the details of a resolved DNS name.", + "type": "object", + "required": [ + "dnsName", + "resolvedAddresses" ], "properties": { "conditions": { - "description": "conditions is an array of conditions that apply to the tag event list.", + "description": "conditions provide information about the state of the DNS name. Known .status.conditions.type is: \"Degraded\". \"Degraded\" is true when the last resolution failed for the DNS name, and false otherwise.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.TagEventCondition" - } + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "items": { - "description": "Standard object's metadata.", + "dnsName": { + "description": "dnsName is the resolved DNS name matching the name field of DNSNameResolverSpec. This field can store both regular and wildcard DNS names which match the spec.name field. When the spec.name field contains a regular DNS name, this field will store the same regular DNS name after it is successfully resolved. When the spec.name field contains a wildcard DNS name, each resolvedName.dnsName will store the regular DNS names which match the wildcard DNS name and have been successfully resolved. If the wildcard DNS name can also be successfully resolved, then this field will store the wildcard DNS name as well.", + "type": "string", + "default": "" + }, + "resolutionFailures": { + "description": "resolutionFailures keeps the count of how many consecutive times the DNS resolution failed for the dnsName. If the DNS resolution succeeds then the field will be set to zero. Upon every failure, the value of the field will be incremented by one. The details about the DNS name will be removed, if the value of resolutionFailures reaches 5 and the TTL of all the associated IP addresses have expired.", + "type": "integer", + "format": "int32" + }, + "resolvedAddresses": { + "description": "resolvedAddresses gives the list of associated IP addresses and their corresponding TTLs and last lookup times for the dnsName.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.TagEvent" - } - }, - "tag": { - "description": "tag is the tag for which the history is recorded", - "type": "string", - "default": "" + "$ref": "#/definitions/com.github.openshift.api.network.v1alpha1.DNSNameResolverResolvedAddress" + }, + "x-kubernetes-list-map-keys": [ + "ip" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.image.v1.RepositoryImportSpec": { - "description": "RepositoryImportSpec describes a request to import images from a container image repository.", + "com.github.openshift.api.network.v1alpha1.DNSNameResolverSpec": { + "description": "DNSNameResolverSpec is a desired state description of DNSNameResolver.", "type": "object", "required": [ - "from" + "name" ], "properties": { - "from": { - "description": "from is the source for the image repository to import; only kind DockerImage and a name of a container image repository is allowed", - "default": {}, - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" - }, - "importPolicy": { - "description": "importPolicy is the policy controlling how the image is imported", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.TagImportPolicy" - }, - "includeManifest": { - "description": "includeManifest determines if the manifest for each image is returned in the response", - "type": "boolean" - }, - "referencePolicy": { - "description": "referencePolicy defines how other components should consume the image", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.TagReferencePolicy" + "name": { + "description": "name is the DNS name for which the DNS name resolution information will be stored. For a regular DNS name, only the DNS name resolution information of the regular DNS name will be stored. For a wildcard DNS name, the DNS name resolution information of all the DNS names that match the wildcard DNS name will be stored. For a wildcard DNS name, the '*' will match only one label. Additionally, only a single '*' can be used at the beginning of the wildcard DNS name. For example, '*.example.com.' will match 'sub1.example.com.' but won't match 'sub2.sub1.example.com.'", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.image.v1.RepositoryImportStatus": { - "description": "RepositoryImportStatus describes the result of an image repository import", + "com.github.openshift.api.network.v1alpha1.DNSNameResolverStatus": { + "description": "DNSNameResolverStatus defines the observed status of DNSNameResolver.", "type": "object", "properties": { - "additionalTags": { - "description": "additionalTags are tags that exist in the repository but were not imported because a maximum limit of automatic imports was applied.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "images": { - "description": "images is a list of images successfully retrieved by the import of the repository.", + "resolvedNames": { + "description": "resolvedNames contains a list of matching DNS names and their corresponding IP addresses along with their TTL and last DNS lookup times.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageImportStatus" - } - }, - "status": { - "description": "status reflects whether any failure occurred during import", - "default": {}, - "$ref": "#/definitions/Status.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.network.v1alpha1.DNSNameResolverResolvedName" + }, + "x-kubernetes-list-map-keys": [ + "dnsName" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "dnsName", + "x-kubernetes-patch-strategy": "merge" } } }, - "com.github.openshift.api.image.v1.SecretList": { - "description": "SecretList is a list of Secret.", + "com.github.openshift.api.networkoperator.v1.EgressRouter": { + "description": "EgressRouter is a feature allowing the user to define an egress router that acts as a bridge between pods and external systems. The egress router runs a service that redirects egress traffic originating from a pod or a group of pods to a remote external system or multiple destinations as per configuration.\n\nIt is consumed by the cluster-network-operator. More specifically, given an EgressRouter CR with , the CNO will create and manage: - A service called - An egress pod called - A NAD called \n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).\n\nEgressRouter is a single egressrouter pod configuration object.", "type": "object", "required": [ - "items" + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "Items is a list of secret objects. More info: https://kubernetes.io/docs/concepts/configuration/secret", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Secret.v1.core.api.k8s.io" - } - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "Specification of the desired egress router.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.networkoperator.v1.EgressRouterSpec" + }, + "status": { + "description": "Observed status of EgressRouter.", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.networkoperator.v1.EgressRouterStatus" } } }, - "com.github.openshift.api.image.v1.SignatureCondition": { - "description": "SignatureCondition describes an image signature condition of particular kind at particular probe time.", + "com.github.openshift.api.networkoperator.v1.EgressRouterSpec": { + "description": "EgressRouterSpec contains the configuration for an egress router. Mode, networkInterface and addresses fields must be specified along with exactly one \"Config\" that matches the mode. Each config consists of parameters specific to that mode.", "type": "object", "required": [ - "type", - "status" + "mode", + "networkInterface", + "addresses" ], "properties": { - "lastProbeTime": { - "description": "Last time the condition was checked.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "lastTransitionTime": { - "description": "Last time the condition transit from one status to another.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "message": { - "description": "Human readable message indicating details about last transition.", - "type": "string" - }, - "reason": { - "description": "(brief) reason for the condition's last transition.", - "type": "string" + "addresses": { + "description": "List of IP addresses to configure on the pod's secondary interface.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.networkoperator.v1.EgressRouterAddress" + } }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", + "mode": { + "description": "mode depicts the mode that is used for the egress router. The default mode is \"Redirect\" and is the only supported mode currently.", "type": "string", "default": "" }, - "type": { - "description": "type of signature condition, Complete or Failed.", - "type": "string", - "default": "" + "networkInterface": { + "description": "Specification of interface to create/use. The default is macvlan. Currently only macvlan is supported.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.networkoperator.v1.EgressRouterInterface" + }, + "redirect": { + "description": "redirect represents the configuration parameters specific to redirect mode.", + "$ref": "#/definitions/com.github.openshift.api.networkoperator.v1.RedirectConfig" } } }, - "com.github.openshift.api.image.v1.SignatureGenericEntity": { - "description": "SignatureGenericEntity holds a generic information about a person or entity who is an issuer or a subject of signing certificate or key.", + "com.github.openshift.api.oauth.v1.ClusterRoleScopeRestriction": { + "description": "ClusterRoleScopeRestriction describes restrictions on cluster role scopes", "type": "object", + "required": [ + "roleNames", + "namespaces", + "allowEscalation" + ], "properties": { - "commonName": { - "description": "Common name (e.g. openshift-signing-service).", - "type": "string" + "allowEscalation": { + "description": "allowEscalation indicates whether you can request roles and their escalating resources", + "type": "boolean", + "default": false }, - "organization": { - "description": "organization name.", - "type": "string" + "namespaces": { + "description": "namespaces is the list of namespaces that can be referenced. * means any of them (including *)", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "roleNames": { + "description": "roleNames is the list of cluster roles that can referenced. * means anything", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.image.v1.SignatureIssuer": { - "description": "SignatureIssuer holds information about an issuer of signing certificate or key.", + "com.github.openshift.api.oauth.v1.OAuthAccessToken": { + "description": "OAuthAccessToken describes an OAuth access token. The name of a token must be prefixed with a `sha256~` string, must not contain \"/\" or \"%\" characters and must be at least 32 characters long.\n\nThe name of the token is constructed from the actual token by sha256-hashing it and using URL-safe unpadded base64-encoding (as described in RFC4648) on the hashed result.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "properties": { - "commonName": { - "description": "Common name (e.g. openshift-signing-service).", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "organization": { - "description": "organization name.", + "authorizeToken": { + "description": "authorizeToken contains the token that authorized this token", "type": "string" - } - } - }, - "com.github.openshift.api.image.v1.SignatureSubject": { - "description": "SignatureSubject holds information about a person or entity who created the signature.", - "type": "object", - "required": [ - "publicKeyID" - ], - "properties": { - "commonName": { - "description": "Common name (e.g. openshift-signing-service).", + }, + "clientName": { + "description": "clientName references the client that created this token.", "type": "string" }, - "organization": { - "description": "organization name.", + "expiresIn": { + "description": "expiresIn is the seconds from CreationTime before this token expires.", + "type": "integer", + "format": "int64" + }, + "inactivityTimeoutSeconds": { + "description": "inactivityTimeoutSeconds is the value in seconds, from the CreationTimestamp, after which this token can no longer be used. The value is automatically incremented when the token is used.", + "type": "integer", + "format": "int32" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "publicKeyID": { - "description": "If present, it is a human readable key id of public key belonging to the subject used to verify image signature. It should contain at least 64 lowest bits of public key's fingerprint (e.g. 0x685ebe62bf278440).", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "redirectURI": { + "description": "redirectURI is the redirection associated with the token.", + "type": "string" + }, + "refreshToken": { + "description": "refreshToken is the value by which this token can be renewed. Can be blank.", + "type": "string" + }, + "scopes": { + "description": "scopes is an array of the requested scopes.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "userName": { + "description": "userName is the user name associated with this token", + "type": "string" + }, + "userUID": { + "description": "userUID is the unique UID associated with this token", + "type": "string" } } }, - "com.github.openshift.api.image.v1.TagEvent": { - "description": "TagEvent is used by ImageStreamStatus to keep a historical record of images associated with a tag.", + "com.github.openshift.api.oauth.v1.OAuthAccessTokenList": { + "description": "OAuthAccessTokenList is a collection of OAuth access tokens\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "created", - "dockerImageReference", - "image", - "generation" + "items" ], "properties": { - "created": { - "description": "created holds the time the TagEvent was created", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "dockerImageReference": { - "description": "dockerImageReference is the string that can be used to pull this image", - "type": "string", - "default": "" + "items": { + "description": "items is the list of OAuth access tokens", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.oauth.v1.OAuthAccessToken" + } }, - "generation": { - "description": "generation is the spec tag generation that resulted in this tag being updated", - "type": "integer", - "format": "int64", - "default": 0 + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "image": { - "description": "image is the image", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.image.v1.TagEventCondition": { - "description": "TagEventCondition contains condition information for a tag event.", + "com.github.openshift.api.oauth.v1.OAuthAuthorizeToken": { + "description": "OAuthAuthorizeToken describes an OAuth authorization token\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "type", - "status", - "generation" - ], "properties": { - "generation": { - "description": "generation is the spec tag generation that this status corresponds to", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "clientName": { + "description": "clientName references the client that created this token.", + "type": "string" + }, + "codeChallenge": { + "description": "codeChallenge is the optional code_challenge associated with this authorization code, as described in rfc7636", + "type": "string" + }, + "codeChallengeMethod": { + "description": "codeChallengeMethod is the optional code_challenge_method associated with this authorization code, as described in rfc7636", + "type": "string" + }, + "expiresIn": { + "description": "expiresIn is the seconds from CreationTime before this token expires.", "type": "integer", - "format": "int64", - "default": 0 + "format": "int64" }, - "lastTransitionTime": { - "description": "lastTransitionTime is the time the condition transitioned from one status to another.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "message": { - "description": "message is a human readable description of the details about last transition, complementing reason.", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "redirectURI": { + "description": "redirectURI is the redirection associated with the token.", "type": "string" }, - "reason": { - "description": "reason is a brief machine readable explanation for the condition's last transition.", + "scopes": { + "description": "scopes is an array of the requested scopes.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "state": { + "description": "state data from request", "type": "string" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "type": "string", - "default": "" + "userName": { + "description": "userName is the user name associated with this token", + "type": "string" }, - "type": { - "description": "type of tag event condition, currently only ImportSuccess", - "type": "string", - "default": "" + "userUID": { + "description": "userUID is the unique UID associated with this token. UserUID and UserName must both match for this token to be valid.", + "type": "string" } } }, - "com.github.openshift.api.image.v1.TagImportPolicy": { - "description": "TagImportPolicy controls how images related to this tag will be imported.", + "com.github.openshift.api.oauth.v1.OAuthAuthorizeTokenList": { + "description": "OAuthAuthorizeTokenList is a collection of OAuth authorization tokens\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "items" + ], "properties": { - "importMode": { - "description": "importMode describes how to import an image manifest.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "insecure": { - "description": "insecure is true if the server may bypass certificate verification or connect directly over HTTP during image import.", - "type": "boolean" + "items": { + "description": "items is the list of OAuth authorization tokens", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.oauth.v1.OAuthAuthorizeToken" + } }, - "scheduled": { - "description": "scheduled indicates to the server that this tag should be periodically checked to ensure it is up to date, and imported", - "type": "boolean" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.image.v1.TagReference": { - "description": "TagReference specifies optional annotations for images using this tag and an optional reference to an ImageStreamTag, ImageStreamImage, or DockerImage this tag should track.", + "com.github.openshift.api.oauth.v1.OAuthClient": { + "description": "OAuthClient describes an OAuth client\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "name" - ], "properties": { - "annotations": { - "description": "Optional; if specified, annotations that are applied to images retrieved via ImageStreamTags.", - "type": "object", - "additionalProperties": { + "accessTokenInactivityTimeoutSeconds": { + "description": "accessTokenInactivityTimeoutSeconds overrides the default token inactivity timeout for tokens granted to this client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. This value needs to be set only if the default set in configuration is not appropriate for this client. Valid values are: - 0: Tokens for this client never time out - X: Tokens time out if there is no activity for X seconds The current minimum allowed value for X is 300 (5 minutes)\n\nWARNING: existing tokens' timeout will not be affected (lowered) by changing this value", + "type": "integer", + "format": "int32" + }, + "accessTokenMaxAgeSeconds": { + "description": "accessTokenMaxAgeSeconds overrides the default access token max age for tokens granted to this client. 0 means no expiration.", + "type": "integer", + "format": "int32" + }, + "additionalSecrets": { + "description": "additionalSecrets holds other secrets that may be used to identify the client. This is useful for rotation and for service account token validation", + "type": "array", + "items": { "type": "string", "default": "" } }, - "from": { - "description": "Optional; if specified, a reference to another image that this tag should point to. Valid values are ImageStreamTag, ImageStreamImage, and DockerImage. ImageStreamTag references can only reference a tag within this same ImageStream.", - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "generation": { - "description": "generation is a counter that tracks mutations to the spec tag (user intent). When a tag reference is changed the generation is set to match the current stream generation (which is incremented every time spec is changed). Other processes in the system like the image importer observe that the generation of spec tag is newer than the generation recorded in the status and use that as a trigger to import the newest remote tag. To trigger a new import, clients may set this value to zero which will reset the generation to the latest stream generation. Legacy clients will send this value as nil which will be merged with the current tag generation.", - "type": "integer", - "format": "int64" + "grantMethod": { + "description": "grantMethod is a required field which determines how to handle grants for this client. Valid grant handling methods are:\n - auto: always approves grant requests, useful for trusted clients\n - prompt: prompts the end user for approval of grant requests, useful for third-party clients", + "type": "string" }, - "importPolicy": { - "description": "importPolicy is information that controls how images may be imported by the server.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.TagImportPolicy" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "name": { - "description": "name of the tag", - "type": "string", - "default": "" + "redirectURIs": { + "description": "redirectURIs is the valid redirection URIs associated with a client", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-patch-strategy": "merge" }, - "reference": { - "description": "reference states if the tag will be imported. Default value is false, which means the tag will be imported.", + "respondWithChallenges": { + "description": "respondWithChallenges indicates whether the client wants authentication needed responses made in the form of challenges instead of redirects", "type": "boolean" }, - "referencePolicy": { - "description": "referencePolicy defines how other components should consume the image.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.TagReferencePolicy" - } - } - }, - "com.github.openshift.api.image.v1.TagReferencePolicy": { - "description": "TagReferencePolicy describes how pull-specs for images in this image stream tag are generated when image change triggers in deployment configs or builds are resolved. This allows the image stream author to control how images are accessed.", - "type": "object", - "required": [ - "type" - ], - "properties": { - "type": { - "description": "type determines how the image pull spec should be transformed when the image stream tag is used in deployment config triggers or new builds. The default value is `Source`, indicating the original location of the image should be used (if imported). The user may also specify `Local`, indicating that the pull spec should point to the integrated container image registry and leverage the registry's ability to proxy the pull to an upstream registry. `Local` allows the credentials used to pull this image to be managed from the image stream's namespace, so others on the platform can access a remote image but have no access to the remote secret. It also allows the image layers to be mirrored into the local registry which the images can still be pulled even if the upstream registry is unavailable.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.insights.v1.Custom": { - "description": "Custom provides the custom configuration of gatherers", - "type": "object", - "required": [ - "configs" - ], - "properties": { - "configs": { - "description": "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + "scopeRestrictions": { + "description": "scopeRestrictions describes which scopes this client can request. Each requested scope is checked against each restriction. If any restriction matches, then the scope is allowed. If no restriction matches, then the scope is denied.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.GathererConfig" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/com.github.openshift.api.oauth.v1.ScopeRestriction" + } + }, + "secret": { + "description": "secret is the unique secret associated with a client", + "type": "string" } } }, - "com.github.openshift.api.insights.v1.DataGather": { - "description": "DataGather provides data gather configuration options and status for the particular Insights data gathering.\n\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.oauth.v1.OAuthClientAuthorization": { + "description": "OAuthClientAuthorization describes an authorization created by an OAuth client\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "clientName": { + "description": "clientName references the client that created this authorization", + "type": "string" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -29137,36 +27681,44 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.DataGatherSpec" + "scopes": { + "description": "scopes is an array of the granted scopes.", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.DataGatherStatus" + "userName": { + "description": "userName is the user name that authorized this client", + "type": "string" + }, + "userUID": { + "description": "userUID is the unique UID associated with this authorization. UserUID and UserName must both match for this authorization to be valid.", + "type": "string" } } }, - "com.github.openshift.api.insights.v1.DataGatherList": { - "description": "DataGatherList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.oauth.v1.OAuthClientAuthorizationList": { + "description": "OAuthClientAuthorizationList is a collection of OAuth client authorizations\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "items" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "items": { - "description": "items contains a list of DataGather resources.", + "description": "items is the list of OAuth client authorizations", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.DataGather" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.oauth.v1.OAuthClientAuthorization" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", @@ -29175,4362 +27727,4237 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.insights.v1.DataGatherSpec": { - "description": "DataGatherSpec contains the configuration for the DataGather.", + "com.github.openshift.api.oauth.v1.OAuthClientList": { + "description": "OAuthClientList is a collection of OAuth clients\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "gatherers" + "items" ], "properties": { - "dataPolicy": { - "description": "dataPolicy is an optional list of DataPolicyOptions that allows user to enable additional obfuscation of the Insights archive data. It may not exceed 2 items and must not contain duplicates. Valid values are ObfuscateNetworking and WorkloadNames. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When set to WorkloadNames, the gathered data about cluster resources will not contain the workload names for your deployments. Resources UIDs will be used instead. When omitted no obfuscation is applied.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is the list of OAuth clients", "type": "array", "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.oauth.v1.OAuthClient" + } }, - "gatherers": { - "description": "gatherers is a required field that specifies the configuration of the gatherers.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.Gatherers" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "storage": { - "description": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.Storage" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.insights.v1.DataGatherStatus": { - "description": "DataGatherStatus contains information relating to the DataGather state.", + "com.github.openshift.api.oauth.v1.OAuthRedirectReference": { + "description": "OAuthRedirectReference is a reference to an OAuth redirect object.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "properties": { - "conditions": { - "description": "conditions is an optional field that provides details on the status of the gatherer job. It may not exceed 100 items and must not contain duplicates.\n\nThe current condition types are DataUploaded, DataRecorded, DataProcessed, RemoteConfigurationNotAvailable, RemoteConfigurationInvalid\n\nThe DataUploaded condition is used to represent whether or not the archive was successfully uploaded for further processing. When it has a status of True and a reason of Succeeded, the archive was successfully uploaded. When it has a status of Unknown and a reason of NoUploadYet, the upload has not occurred, or there was no data to upload. When it has a status of False and a reason Failed, the upload failed. The accompanying message will include the specific error encountered.\n\nThe DataRecorded condition is used to represent whether or not the archive was successfully recorded. When it has a status of True and a reason of Succeeded, the archive was recorded successfully. When it has a status of Unknown and a reason of NoDataGatheringYet, the data gathering process has not started yet. When it has a status of False and a reason of RecordingFailed, the recording failed and a message will include the specific error encountered.\n\nThe DataProcessed condition is used to represent whether or not the archive was processed by the processing service. When it has a status of True and a reason of Processed, the data was processed successfully. When it has a status of Unknown and a reason of NothingToProcessYet, there is no data to process at the moment. When it has a status of False and a reason of Failure, processing failed and a message will include the specific error encountered.\n\nThe RemoteConfigurationAvailable condition is used to represent whether the remote configuration is available. When it has a status of Unknown and a reason of Unknown or RemoteConfigNotRequestedYet, the state of the remote configuration is unknown—typically at startup. When it has a status of True and a reason of Succeeded, the configuration is available. When it has a status of False and a reason of NoToken, the configuration was disabled by removing the cloud.openshift.com field from the pull secret. When it has a status of False and a reason of DisabledByConfiguration, the configuration was disabled in insightsdatagather.config.openshift.io.\n\nThe RemoteConfigurationValid condition is used to represent whether the remote configuration is valid. When it has a status of Unknown and a reason of Unknown or NoValidationYet, the validity of the remote configuration is unknown—typically at startup. When it has a status of True and a reason of Succeeded, the configuration is valid. When it has a status of False and a reason of Invalid, the configuration is invalid.\n\nThe Progressing condition is used to represent the phase of gathering When it has a status of False and the reason is DataGatherPending, the gathering has not started yet. When it has a status of True and reason is Gathering, the gathering is running. When it has a status of False and reason is GatheringSucceeded, the gathering successfully finished. When it has a status of False and reason is GatheringFailed, the gathering failed.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "finishTime": { - "description": "finishTime is the time when Insights data gathering finished.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "gatherers": { - "description": "gatherers is a list of active gatherers (and their statuses) in the last gathering.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.GathererStatus" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "insightsReport": { - "description": "insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet or the corresponding Insights analysis (identified by \"insightsRequestID\") is not available.", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.InsightsReport" - }, - "insightsRequestID": { - "description": "insightsRequestID is an optional Insights request ID to track the status of the Insights analysis (in console.redhat.com processing pipeline) for the corresponding Insights data archive. It may not exceed 256 characters and is immutable once set.", - "type": "string" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "relatedObjects": { - "description": "relatedObjects is an optional list of resources which are useful when debugging or inspecting the data gathering Pod It may not exceed 100 items and must not contain duplicates.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.ObjectReference" - }, - "x-kubernetes-list-map-keys": [ - "name", - "namespace" - ], - "x-kubernetes-list-type": "map" - }, - "startTime": { - "description": "startTime is the time when Insights data gathering started.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.insights.v1.GathererConfig": { - "description": "GathererConfig allows to configure specific gatherers", - "type": "object", - "required": [ - "name", - "state" - ], - "properties": { - "name": { - "description": "name is the required name of a specific gatherer. It may not exceed 256 characters. The format for a gatherer name is: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", - "type": "string" - }, - "state": { - "description": "state is a required field that allows you to configure specific gatherer. Valid values are \"Enabled\" and \"Disabled\". When set to Enabled the gatherer will run. When set to Disabled the gatherer will not run.", - "type": "string" + "reference": { + "description": "The reference to an redirect object in the current namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.oauth.v1.RedirectReference" } } }, - "com.github.openshift.api.insights.v1.GathererStatus": { - "description": "GathererStatus represents information about a particular data gatherer.", + "com.github.openshift.api.oauth.v1.RedirectReference": { + "description": "RedirectReference specifies the target in the current namespace that resolves into redirect URIs. Only the 'Route' kind is currently allowed.", "type": "object", "required": [ - "name", - "lastGatherSeconds" + "group", + "kind", + "name" ], "properties": { - "conditions": { - "description": "conditions provide details on the status of each gatherer.\n\nThe current condition type is DataGathered\n\nThe DataGathered condition is used to represent whether or not the data was gathered by a gatherer specified by name. When it has a status of True and a reason of GatheredOK, the data has been successfully gathered as expected. When it has a status of False and a reason of NoData, no data was gathered—for example, when the resource is not present in the cluster. When it has a status of False and a reason of GatherError, an error occurred and no data was gathered. When it has a status of False and a reason of GatherPanic, a panic occurred during gathering and no data was collected. When it has a status of False and a reason of GatherWithErrorReason, data was partially gathered or gathered with an error message.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "group": { + "description": "The group of the target that is being referred to.", + "type": "string", + "default": "" }, - "lastGatherSeconds": { - "description": "lastGatherSeconds is required field that represents the time spent gathering in seconds", - "type": "integer", - "format": "int32" + "kind": { + "description": "The kind of the target that is being referred to. Currently, only 'Route' is allowed.", + "type": "string", + "default": "" }, "name": { - "description": "name is the required name of the gatherer. It must contain at least 5 characters and may not exceed 256 characters.", - "type": "string" + "description": "The name of the target that is being referred to. e.g. name of the Route.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.insights.v1.Gatherers": { - "description": "Gatherers specifies the configuration of the gatherers", + "com.github.openshift.api.oauth.v1.ScopeRestriction": { + "description": "ScopeRestriction describe one restriction on scopes. Exactly one option must be non-nil.", "type": "object", - "required": [ - "mode" - ], "properties": { - "custom": { - "description": "custom provides gathering configuration. It is required when mode is Custom, and forbidden otherwise. Custom configuration allows user to disable only a subset of gatherers. Gatherers that are not explicitly disabled in custom configuration will run.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.Custom" + "clusterRole": { + "description": "clusterRole describes a set of restrictions for cluster role scoping.", + "$ref": "#/definitions/com.github.openshift.api.oauth.v1.ClusterRoleScopeRestriction" }, - "mode": { - "description": "mode is a required field that specifies the mode for gatherers. Allowed values are All and Custom. When set to All, all gatherers will run and gather data. When set to Custom, the custom configuration from the custom field will be applied.", - "type": "string" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "mode", - "fields-to-discriminateBy": { - "custom": "Custom" + "literals": { + "description": "ExactValues means the scope has to match a particular set of strings exactly", + "type": "array", + "items": { + "type": "string", + "default": "" } } - ] + } }, - "com.github.openshift.api.insights.v1.HealthCheck": { - "description": "HealthCheck represents an Insights health check attributes.", + "com.github.openshift.api.oauth.v1.UserOAuthAccessToken": { + "description": "UserOAuthAccessToken is a virtual resource to mirror OAuthAccessTokens to the user the access token was issued for", "type": "object", - "required": [ - "description", - "totalRisk", - "advisorURI" - ], "properties": { - "advisorURI": { - "description": "advisorURI is required field that provides the URL link to the Insights Advisor. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "description": { - "description": "description is required field that provides basic description of the healthcheck. It must contain at least 10 characters and may not exceed 2048 characters.", + "authorizeToken": { + "description": "authorizeToken contains the token that authorized this token", "type": "string" }, - "totalRisk": { - "description": "totalRisk is the required field of the healthcheck. It is indicator of the total risk posed by the detected issue; combination of impact and likelihood. Allowed values are Low, Moderate, Important and Critical. The value represents the severity of the issue.", + "clientName": { + "description": "clientName references the client that created this token.", "type": "string" - } - } - }, - "com.github.openshift.api.insights.v1.InsightsReport": { - "description": "InsightsReport provides Insights health check report based on the most recently sent Insights data.", - "type": "object", - "required": [ - "downloadedTime", - "uri" - ], - "properties": { - "downloadedTime": { - "description": "downloadedTime is a required field that specifies when the Insights report was last downloaded.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "healthChecks": { - "description": "healthChecks is an optional field that provides basic information about active Insights recommendations, which serve as proactive notifications for potential issues in the cluster. When omitted, it means that there are no active recommendations in the cluster.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.HealthCheck" - }, - "x-kubernetes-list-map-keys": [ - "advisorURI", - "totalRisk", - "description" - ], - "x-kubernetes-list-type": "map" + "expiresIn": { + "description": "expiresIn is the seconds from CreationTime before this token expires.", + "type": "integer", + "format": "int64" }, - "uri": { - "description": "uri is a required field that provides the URL link from which the report was downloaded. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", + "inactivityTimeoutSeconds": { + "description": "inactivityTimeoutSeconds is the value in seconds, from the CreationTimestamp, after which this token can no longer be used. The value is automatically incremented when the token is used.", + "type": "integer", + "format": "int32" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - } - } - }, - "com.github.openshift.api.insights.v1.ObjectReference": { - "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", - "type": "object", - "required": [ - "group", - "resource", - "name", - "namespace" - ], - "properties": { - "group": { - "description": "group is required field that specifies the API Group of the Resource. Enter empty string for the core group. This value is empty or it should follow the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start with an alphabetic character and end with an alphanumeric character. Example: \"\", \"apps\", \"build.openshift.io\", etc.", + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "redirectURI": { + "description": "redirectURI is the redirection associated with the token.", "type": "string" }, - "name": { - "description": "name is required field that specifies the referent that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start with an alphabetic character and end with an alphanumeric character..", + "refreshToken": { + "description": "refreshToken is the value by which this token can be renewed. Can be blank.", "type": "string" }, - "namespace": { - "description": "namespace if required field of the referent that follows the DNS1123 labels format. It must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character.", + "scopes": { + "description": "scopes is an array of the requested scopes.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "userName": { + "description": "userName is the user name associated with this token", "type": "string" }, - "resource": { - "description": "resource is required field of the type that is being referenced and follows the DNS1035 format. It is normally the plural form of the resource kind in lowercase. It must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character. Example: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", + "userUID": { + "description": "userUID is the unique UID associated with this token", "type": "string" } } }, - "com.github.openshift.api.insights.v1.PersistentVolumeClaimReference": { - "description": "PersistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", + "com.github.openshift.api.oauth.v1.UserOAuthAccessTokenList": { + "description": "UserOAuthAccessTokenList is a collection of access tokens issued on behalf of the requesting user\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "name" + "items" ], "properties": { - "name": { - "description": "name is the name of the PersistentVolumeClaim that will be used to store the Insights data archive. It is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" - } - } - }, - "com.github.openshift.api.insights.v1.PersistentVolumeConfig": { - "description": "PersistentVolumeConfig provides configuration options for PersistentVolume storage.", - "type": "object", - "required": [ - "claim" - ], - "properties": { - "claim": { - "description": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.PersistentVolumeClaimReference" }, - "mountPath": { - "description": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.oauth.v1.UserOAuthAccessToken" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.insights.v1.Storage": { - "description": "Storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", + "com.github.openshift.api.openshiftcontrolplane.v1.APIServers": { "type": "object", "required": [ - "type" + "perGroupOptions" ], "properties": { - "persistentVolume": { - "description": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.PersistentVolumeConfig" - }, - "type": { - "description": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the PersistentVolume field.", - "type": "string" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "persistentVolume": "PersistentVolume" + "perGroupOptions": { + "description": "perGroupOptions is a list of enabled/disabled API servers in addition to the defaults", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.PerGroupOptions" } } - ] + } }, - "com.github.openshift.api.insights.v1alpha1.DataGather": { - "description": "DataGather provides data gather configuration options and status for the particular Insights data gathering.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.openshiftcontrolplane.v1.BuildControllerConfig": { "type": "object", "required": [ - "spec" + "imageTemplateFormat", + "buildDefaults", + "buildOverrides", + "additionalTrustedCA" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "additionalTrustedCA": { + "description": "additionalTrustedCA is a path to a pem bundle file containing additional CAs that should be trusted for image pushes and pulls during builds.", + "type": "string", + "default": "" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "buildDefaults": { + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.BuildDefaultsConfig" }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.DataGatherSpec" + "buildOverrides": { + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.BuildOverridesConfig" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", + "imageTemplateFormat": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.DataGatherStatus" + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ImageConfig" } } }, - "com.github.openshift.api.insights.v1alpha1.DataGatherList": { - "description": "DataGatherList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.openshiftcontrolplane.v1.BuildDefaultsConfig": { + "description": "BuildDefaultsConfig controls the default information for Builds\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "properties": { + "annotations": { + "description": "annotations are annotations that will be added to the build pod", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "items contains a list of DataGather resources.", + "env": { + "description": "env is a set of default environment variables that will be applied to the build if the specified variables do not exist on the build", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.DataGather" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "gitHTTPProxy": { + "description": "gitHTTPProxy is the location of the HTTPProxy for Git source", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.insights.v1alpha1.DataGatherSpec": { - "description": "DataGatherSpec contains the configuration for the DataGather.", - "type": "object", - "properties": { - "dataPolicy": { - "description": "dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. Valid values are \"ClearText\" and \"ObfuscateNetworking\". When set to ClearText the data is not obfuscated. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is ClearText.", - "type": "string", - "default": "" + "gitHTTPSProxy": { + "description": "gitHTTPSProxy is the location of the HTTPSProxy for Git source", + "type": "string" }, - "gatherers": { - "description": "gatherers is an optional list of gatherers configurations. The list must not exceed 100 items. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + "gitNoProxy": { + "description": "gitNoProxy is the list of domains for which the proxy should not be used", + "type": "string" + }, + "imageLabels": { + "description": "imageLabels is a list of labels that are applied to the resulting image. User can override a default label by providing a label with the same name in their Build/BuildConfig.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.GathererConfig" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageLabel" + } }, - "storage": { - "description": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.Storage" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "nodeSelector": { + "description": "nodeSelector is a selector which must be true for the build pod to fit on a node", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "resources": { + "description": "resources defines resource requirements to execute the build.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" + }, + "sourceStrategyDefaults": { + "description": "sourceStrategyDefaults are default values that apply to builds using the source strategy.", + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.SourceStrategyDefaultsConfig" } } }, - "com.github.openshift.api.insights.v1alpha1.DataGatherStatus": { - "description": "DataGatherStatus contains information relating to the DataGather state.", + "com.github.openshift.api.openshiftcontrolplane.v1.BuildOverridesConfig": { + "description": "BuildOverridesConfig controls override settings for builds\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "properties": { - "conditions": { - "description": "conditions provide details on the status of the gatherer job.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "annotations": { + "description": "annotations are annotations that will be added to the build pod", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } }, - "dataGatherState": { - "description": "dataGatherState reflects the current state of the data gathering process.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "finishTime": { - "description": "finishTime is the time when Insights data gathering finished.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "forcePull": { + "description": "forcePull overrides, if set, the equivalent value in the builds, i.e. false disables force pull for all builds, true enables force pull for all builds, independently of what each build specifies itself", + "type": "boolean" }, - "gatherers": { - "description": "gatherers is a list of active gatherers (and their statuses) in the last gathering.", + "imageLabels": { + "description": "imageLabels is a list of labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.GathererStatus" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "insightsReport": { - "description": "insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet or the corresponding Insights analysis (identified by \"insightsRequestID\") is not available.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.InsightsReport" + "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageLabel" + } }, - "insightsRequestID": { - "description": "insightsRequestID is an Insights request ID to track the status of the Insights analysis (in console.redhat.com processing pipeline) for the corresponding Insights data archive.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "relatedObjects": { - "description": "relatedObjects is a list of resources which are useful when debugging or inspecting the data gathering Pod", + "nodeSelector": { + "description": "nodeSelector is a selector which must be true for the build pod to fit on a node", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "tolerations": { + "description": "tolerations is a list of Tolerations that will override any existing tolerations set on a build pod.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.ObjectReference" - }, - "x-kubernetes-list-map-keys": [ - "name", - "namespace" - ], - "x-kubernetes-list-type": "map" - }, - "startTime": { - "description": "startTime is the time when Insights data gathering started.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" + } } } }, - "com.github.openshift.api.insights.v1alpha1.GathererConfig": { - "description": "gathererConfig allows to configure specific gatherers", + "com.github.openshift.api.openshiftcontrolplane.v1.ClusterNetworkEntry": { + "description": "ClusterNetworkEntry defines an individual cluster network. The CIDRs cannot overlap with other cluster network CIDRs, CIDRs reserved for external ips, CIDRs reserved for service networks, and CIDRs reserved for ingress ips.", "type": "object", "required": [ - "name" + "cidr", + "hostSubnetLength" ], "properties": { - "name": { - "description": "name is the required name of specific gatherer It must be at most 256 characters in length. The format for the gatherer name should be: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md.", + "cidr": { + "description": "cidr defines the total range of a cluster networks address space.", "type": "string", "default": "" }, - "state": { - "description": "state allows you to configure specific gatherer. Valid values are \"Enabled\", \"Disabled\" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default. The current default is Enabled.", - "type": "string", - "default": "" + "hostSubnetLength": { + "description": "hostSubnetLength is the number of bits of the accompanying CIDR address to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pod.", + "type": "integer", + "format": "int64", + "default": 0 } } }, - "com.github.openshift.api.insights.v1alpha1.GathererStatus": { - "description": "gathererStatus represents information about a particular data gatherer.", + "com.github.openshift.api.openshiftcontrolplane.v1.DeployerControllerConfig": { "type": "object", "required": [ - "conditions", - "name", - "lastGatherDuration" + "imageTemplateFormat" ], "properties": { - "conditions": { - "description": "conditions provide details on the status of each gatherer.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "lastGatherDuration": { - "description": "lastGatherDuration represents the time spent gathering.", - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "name": { - "description": "name is the name of the gatherer.", - "type": "string", - "default": "" + "imageTemplateFormat": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ImageConfig" } } }, - "com.github.openshift.api.insights.v1alpha1.HealthCheck": { - "description": "healthCheck represents an Insights health check attributes.", + "com.github.openshift.api.openshiftcontrolplane.v1.DockerPullSecretControllerConfig": { "type": "object", "required": [ - "description", - "totalRisk", - "advisorURI", - "state" + "registryURLs", + "internalRegistryHostname" ], "properties": { - "advisorURI": { - "description": "advisorURI is required field that provides the URL link to the Insights Advisor. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", + "internalRegistryHostname": { + "description": "internalRegistryHostname is the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format. Docker pull secrets will be generated for this registry.", "type": "string", "default": "" }, - "description": { - "description": "description provides basic description of the healtcheck.", + "registryURLs": { + "description": "registryURLs is a list of urls that the docker pull secrets should be valid for.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + } + } + }, + "com.github.openshift.api.openshiftcontrolplane.v1.FrontProxyConfig": { + "type": "object", + "required": [ + "clientCA", + "allowedNames", + "usernameHeaders", + "groupHeaders", + "extraHeaderPrefixes" + ], + "properties": { + "allowedNames": { + "description": "allowedNames is an optional list of common names to require a match from.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "clientCA": { + "description": "clientCA is a path to the CA bundle to use to verify the common name of the front proxy's client cert", "type": "string", "default": "" }, - "state": { - "description": "state determines what the current state of the health check is. Health check is enabled by default and can be disabled by the user in the Insights advisor user interface.", + "extraHeaderPrefixes": { + "description": "extraHeaderPrefixes is the set of header prefixes to check for user extra", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "groupHeaders": { + "description": "groupHeaders is the set of headers to check for groups", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "usernameHeaders": { + "description": "usernameHeaders is the set of headers to check for the username", + "type": "array", + "items": { + "type": "string", + "default": "" + } + } + } + }, + "com.github.openshift.api.openshiftcontrolplane.v1.ImageConfig": { + "description": "ImageConfig holds the necessary configuration options for building image names for system components", + "type": "object", + "required": [ + "format", + "latest" + ], + "properties": { + "format": { + "description": "format is the format of the name to be built for the system component", "type": "string", "default": "" }, - "totalRisk": { - "description": "totalRisk of the healthcheck. Indicator of the total risk posed by the detected issue; combination of impact and likelihood. The values can be from 1 to 4, and the higher the number, the more important the issue.", - "type": "integer", - "format": "int32", - "default": 0 + "latest": { + "description": "latest determines if the latest tag will be pulled from the registry", + "type": "boolean", + "default": false } } }, - "com.github.openshift.api.insights.v1alpha1.InsightsReport": { - "description": "insightsReport provides Insights health check report based on the most recently sent Insights data.", + "com.github.openshift.api.openshiftcontrolplane.v1.ImageImportControllerConfig": { "type": "object", + "required": [ + "maxScheduledImageImportsPerMinute", + "disableScheduledImport", + "scheduledImageImportMinimumIntervalSeconds" + ], "properties": { - "downloadedAt": { - "description": "downloadedAt is the time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled).", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "disableScheduledImport": { + "description": "disableScheduledImport allows scheduled background import of images to be disabled.", + "type": "boolean", + "default": false }, - "healthChecks": { - "description": "healthChecks provides basic information about active Insights health checks in a cluster.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.HealthCheck" - }, - "x-kubernetes-list-type": "atomic" + "maxScheduledImageImportsPerMinute": { + "description": "maxScheduledImageImportsPerMinute is the maximum number of image streams that will be imported in the background per minute. The default value is 60. Set to -1 for unlimited.", + "type": "integer", + "format": "int32", + "default": 0 }, - "uri": { - "description": "uri is optional field that provides the URL link from which the report was downloaded. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", - "type": "string" + "scheduledImageImportMinimumIntervalSeconds": { + "description": "scheduledImageImportMinimumIntervalSeconds is the minimum number of seconds that can elapse between when image streams scheduled for background import are checked against the upstream repository. The default value is 15 minutes.", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "com.github.openshift.api.insights.v1alpha1.ObjectReference": { - "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "com.github.openshift.api.openshiftcontrolplane.v1.ImagePolicyConfig": { "type": "object", "required": [ - "group", - "resource", - "name", - "namespace" + "maxImagesBulkImportedPerRepository", + "allowedRegistriesForImport", + "internalRegistryHostname", + "externalRegistryHostnames", + "additionalTrustedCA" ], "properties": { - "group": { - "description": "group is the API Group of the Resource. Enter empty string for the core group. This value is empty or should follow the DNS1123 subdomain format and it must be at most 253 characters in length. Example: \"\", \"apps\", \"build.openshift.io\", etc.", + "additionalTrustedCA": { + "description": "additionalTrustedCA is a path to a pem bundle file containing additional CAs that should be trusted during imagestream import.", "type": "string", "default": "" }, - "name": { - "description": "name of the referent that follows the DNS1123 subdomain format. It must be at most 256 characters in length.", - "type": "string", - "default": "" + "allowedRegistriesForImport": { + "description": "allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.RegistryLocation" + } }, - "namespace": { - "description": "namespace of the referent that follows the DNS1123 subdomain format. It must be at most 253 characters in length.", + "externalRegistryHostnames": { + "description": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "imageStreamImportMode": { + "description": "imageStreamImportMode provides the import mode value for imagestreams. It can be `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.If this value is specified, this setting is applied to all newly created imagestreams which do not have the value set.\n\nPossible enum values:\n - `\"Legacy\"` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. This mode is the default.\n - `\"PreserveOriginal\"` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.", "type": "string", - "default": "" + "default": "", + "enum": [ + "Legacy", + "PreserveOriginal" + ] }, - "resource": { - "description": "resource is required field of the type that is being referenced. It is normally the plural form of the resource kind in lowercase. This value should consist of only lowercase alphanumeric characters and hyphens. Example: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", + "internalRegistryHostname": { + "description": "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format.", "type": "string", "default": "" + }, + "maxImagesBulkImportedPerRepository": { + "description": "maxImagesBulkImportedPerRepository controls the number of images that are imported when a user does a bulk import of a container repository. This number is set low to prevent users from importing large numbers of images accidentally. Set -1 for no limit.", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "com.github.openshift.api.insights.v1alpha1.PersistentVolumeClaimReference": { - "description": "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", + "com.github.openshift.api.openshiftcontrolplane.v1.IngressControllerConfig": { "type": "object", "required": [ - "name" + "ingressIPNetworkCIDR" ], "properties": { - "name": { - "description": "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", + "ingressIPNetworkCIDR": { + "description": "ingressIPNetworkCIDR controls the range to assign ingress ips from for services of type LoadBalancer on bare metal. If empty, ingress ips will not be assigned. It may contain a single CIDR that will be allocated from. For security reasons, you should ensure that this range does not overlap with the CIDRs reserved for external ips, nodes, pods, or services.", "type": "string", "default": "" } } }, - "com.github.openshift.api.insights.v1alpha1.PersistentVolumeConfig": { - "description": "persistentVolumeConfig provides configuration options for PersistentVolume storage.", + "com.github.openshift.api.openshiftcontrolplane.v1.JenkinsPipelineConfig": { + "description": "JenkinsPipelineConfig holds configuration for the Jenkins pipeline strategy", "type": "object", "required": [ - "claim" + "autoProvisionEnabled", + "templateNamespace", + "templateName", + "serviceName", + "parameters" ], "properties": { - "claim": { - "description": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.PersistentVolumeClaimReference" + "autoProvisionEnabled": { + "description": "autoProvisionEnabled determines whether a Jenkins server will be spawned from the provided template when the first build config in the project with type JenkinsPipeline is created. When not specified this option defaults to true.", + "type": "boolean" }, - "mountPath": { - "description": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", - "type": "string" - } - } - }, - "com.github.openshift.api.insights.v1alpha1.Storage": { - "description": "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", - "type": "object", - "required": [ - "type" - ], - "properties": { - "persistentVolume": { - "description": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.PersistentVolumeConfig" + "parameters": { + "description": "parameters specifies a set of optional parameters to the Jenkins template.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } }, - "type": { - "description": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the PersistentVolume field.", + "serviceName": { + "description": "serviceName is the name of the Jenkins service OpenShift uses to detect whether a Jenkins pipeline handler has already been installed in a project. This value *must* match a service name in the provided template.", + "type": "string", + "default": "" + }, + "templateName": { + "description": "templateName is the name of the default Jenkins template", + "type": "string", + "default": "" + }, + "templateNamespace": { + "description": "templateNamespace contains the namespace name where the Jenkins template is stored", "type": "string", "default": "" } } }, - "com.github.openshift.api.insights.v1alpha2.Custom": { - "description": "custom provides the custom configuration of gatherers", + "com.github.openshift.api.openshiftcontrolplane.v1.NetworkControllerConfig": { + "description": "MasterNetworkConfig to be passed to the compiled in network plugin", "type": "object", "required": [ - "configs" + "networkPluginName", + "clusterNetworks", + "serviceNetworkCIDR", + "vxlanPort" ], "properties": { - "configs": { - "description": "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + "clusterNetworks": { + "description": "clusterNetworks contains a list of cluster networks that defines the global overlay networks L3 space.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.GathererConfig" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ClusterNetworkEntry" + } + }, + "networkPluginName": { + "type": "string", + "default": "" + }, + "serviceNetworkCIDR": { + "type": "string", + "default": "" + }, + "vxlanPort": { + "type": "integer", + "format": "int64", + "default": 0 } } }, - "com.github.openshift.api.insights.v1alpha2.DataGather": { - "description": "DataGather provides data gather configuration options and status for the particular Insights data gathering.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.openshiftcontrolplane.v1.OpenShiftAPIServerConfig": { + "description": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "spec" + "servingInfo", + "corsAllowedOrigins", + "auditConfig", + "storageConfig", + "admission", + "kubeClientConfig", + "aggregatorConfig", + "imagePolicyConfig", + "projectConfig", + "routingConfig", + "serviceAccountOAuthGrantMethod", + "jenkinsPipelineConfig", + "cloudProviderFile", + "apiServerArguments", + "apiServers" ], "properties": { + "admission": { + "description": "admissionConfig holds information about how to configure admission.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.AdmissionConfig" + }, + "aggregatorConfig": { + "description": "aggregatorConfig contains information about how to verify the aggregator front proxy", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.FrontProxyConfig" + }, + "apiServerArguments": { + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string", + "default": "" + } + } + }, + "apiServers": { + "description": "apiServers holds information about enabled/disabled API servers", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.APIServers" + }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "auditConfig": { + "description": "auditConfig describes how to configure audit information", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.AuditConfig" + }, + "cloudProviderFile": { + "description": "cloudProviderFile points to the cloud config file", + "type": "string", + "default": "" + }, + "corsAllowedOrigins": { + "description": "corsAllowedOrigins", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "imagePolicyConfig": { + "description": "imagePolicyConfig feeds the image policy admission plugin", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ImagePolicyConfig" + }, + "jenkinsPipelineConfig": { + "description": "jenkinsPipelineConfig holds information about the default Jenkins template used for JenkinsPipeline build strategy.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.JenkinsPipelineConfig" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "kubeClientConfig": { "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.KubeClientConfig" }, - "spec": { - "description": "spec holds user settable values for configuration", + "projectConfig": { + "description": "projectConfig feeds an admission plugin", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.DataGatherSpec" + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ProjectConfig" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", + "routingConfig": { + "description": "routingConfig holds information about routing and route generation", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.DataGatherStatus" + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.RoutingConfig" + }, + "serviceAccountOAuthGrantMethod": { + "description": "serviceAccountOAuthGrantMethod is used for determining client authorization for service account oauth client. It must be either: deny, prompt, or \"\"", + "type": "string", + "default": "" + }, + "servingInfo": { + "description": "servingInfo describes how to start serving", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" + }, + "storageConfig": { + "description": "storageConfig contains information about how to use", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.EtcdStorageConfig" } } }, - "com.github.openshift.api.insights.v1alpha2.DataGatherList": { - "description": "DataGatherList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.openshiftcontrolplane.v1.OpenShiftControllerManagerConfig": { + "description": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "servingInfo", + "leaderElection", + "controllers", + "resourceQuota", + "serviceServingCert", + "deployer", + "build", + "serviceAccount", + "dockerPullSecret", + "network", + "ingress", + "imageImport", + "securityAllocator", + "featureGates" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "items contains a list of DataGather resources.", + "build": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.BuildControllerConfig" + }, + "controllers": { + "description": "controllers is a list of controllers to enable. '*' enables all on-by-default controllers, 'foo' enables the controller \"+ named 'foo', '-foo' disables the controller named 'foo'. Defaults to \"*\".", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.DataGather" - }, - "x-kubernetes-list-type": "atomic" + "type": "string", + "default": "" + } + }, + "deployer": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.DeployerControllerConfig" + }, + "dockerPullSecret": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.DockerPullSecretControllerConfig" + }, + "featureGates": { + "description": "featureGates are the set of extra OpenShift feature gates for openshift-controller-manager. These feature gates can be used to enable features that are tech preview or otherwise not available on OpenShift by default.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "imageImport": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ImageImportControllerConfig" + }, + "ingress": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.IngressControllerConfig" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "leaderElection": { + "description": "leaderElection defines the configuration for electing a controller instance to make changes to the cluster. If unspecified, the ControllerTTL value is checked to determine whether the legacy direct etcd election code will be used.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.LeaderElection" + }, + "network": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.NetworkControllerConfig" + }, + "resourceQuota": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ResourceQuotaControllerConfig" + }, + "securityAllocator": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.SecurityAllocator" + }, + "serviceAccount": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ServiceAccountControllerConfig" + }, + "serviceServingCert": { "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ServiceServingCert" + }, + "servingInfo": { + "description": "servingInfo describes how to start serving", + "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" } } }, - "com.github.openshift.api.insights.v1alpha2.DataGatherSpec": { - "description": "DataGatherSpec contains the configuration for the DataGather.", + "com.github.openshift.api.openshiftcontrolplane.v1.PerGroupOptions": { "type": "object", + "required": [ + "name", + "enabledVersions", + "disabledVersions" + ], "properties": { - "dataPolicy": { - "description": "dataPolicy is an optional list of DataPolicyOptions that allows user to enable additional obfuscation of the Insights archive data. It may not exceed 2 items and must not contain duplicates. Valid values are ObfuscateNetworking and WorkloadNames. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When set to WorkloadNames, the gathered data about cluster resources will not contain the workload names for your deployments. Resources UIDs will be used instead. When omitted no obfuscation is applied.", + "disabledVersions": { + "description": "disabledVersions is a list of versions that must be disabled in addition to the defaults. Must not collide with the list of enabled versions", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } }, - "gatherers": { - "description": "gatherers is an optional field that specifies the configuration of the gatherers. If omitted, all gatherers will be run.", - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.Gatherers" + "enabledVersions": { + "description": "enabledVersions is a list of versions that must be enabled in addition to the defaults. Must not collide with the list of disabled versions", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "storage": { - "description": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.Storage" + "name": { + "description": "name is an API server name (see OpenShiftAPIserverName typed constants for a complete list of available API servers).", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.insights.v1alpha2.DataGatherStatus": { - "description": "DataGatherStatus contains information relating to the DataGather state.", + "com.github.openshift.api.openshiftcontrolplane.v1.ProjectConfig": { "type": "object", + "required": [ + "defaultNodeSelector", + "projectRequestMessage", + "projectRequestTemplate" + ], "properties": { - "conditions": { - "description": "conditions is an optional field that provides details on the status of the gatherer job. It may not exceed 100 items and must not contain duplicates.\n\nThe current condition types are DataUploaded, DataRecorded, DataProcessed, RemoteConfigurationNotAvailable, RemoteConfigurationInvalid\n\nThe DataUploaded condition is used to represent whether or not the archive was successfully uploaded for further processing. When it has a status of True and a reason of Succeeded, the archive was successfully uploaded. When it has a status of Unknown and a reason of NoUploadYet, the upload has not occurred, or there was no data to upload. When it has a status of False and a reason Failed, the upload failed. The accompanying message will include the specific error encountered.\n\nThe DataRecorded condition is used to represent whether or not the archive was successfully recorded. When it has a status of True and a reason of Succeeded, the archive was recorded successfully. When it has a status of Unknown and a reason of NoDataGatheringYet, the data gathering process has not started yet. When it has a status of False and a reason of RecordingFailed, the recording failed and a message will include the specific error encountered.\n\nThe DataProcessed condition is used to represent whether or not the archive was processed by the processing service. When it has a status of True and a reason of Processed, the data was processed successfully. When it has a status of Unknown and a reason of NothingToProcessYet, there is no data to process at the moment. When it has a status of False and a reason of Failure, processing failed and a message will include the specific error encountered.\n\nThe RemoteConfigurationAvailable condition is used to represent whether the remote configuration is available. When it has a status of Unknown and a reason of Unknown or RemoteConfigNotRequestedYet, the state of the remote configuration is unknown—typically at startup. When it has a status of True and a reason of Succeeded, the configuration is available. When it has a status of False and a reason of NoToken, the configuration was disabled by removing the cloud.openshift.com field from the pull secret. When it has a status of False and a reason of DisabledByConfiguration, the configuration was disabled in insightsdatagather.config.openshift.io.\n\nThe RemoteConfigurationValid condition is used to represent whether the remote configuration is valid. When it has a status of Unknown and a reason of Unknown or NoValidationYet, the validity of the remote configuration is unknown—typically at startup. When it has a status of True and a reason of Succeeded, the configuration is valid. When it has a status of False and a reason of Invalid, the configuration is invalid.\n\nThe Progressing condition is used to represent the phase of gathering When it has a status of False and the reason is DataGatherPending, the gathering has not started yet. When it has a status of True and reason is Gathering, the gathering is running. When it has a status of False and reason is GatheringSucceeded, the gathering succesfully finished. When it has a status of False and reason is GatheringFailed, the gathering failed.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "finishTime": { - "description": "finishTime is the time when Insights data gathering finished.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "gatherers": { - "description": "gatherers is a list of active gatherers (and their statuses) in the last gathering.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.GathererStatus" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "insightsReport": { - "description": "insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet or the corresponding Insights analysis (identified by \"insightsRequestID\") is not available.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.InsightsReport" - }, - "insightsRequestID": { - "description": "insightsRequestID is an optional Insights request ID to track the status of the Insights analysis (in console.redhat.com processing pipeline) for the corresponding Insights data archive. It may not exceed 256 characters and is immutable once set.", - "type": "string" + "defaultNodeSelector": { + "description": "defaultNodeSelector holds default project node label selector", + "type": "string", + "default": "" }, - "relatedObjects": { - "description": "relatedObjects is an optional list of resources which are useful when debugging or inspecting the data gathering Pod It may not exceed 100 items and must not contain duplicates.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.ObjectReference" - }, - "x-kubernetes-list-map-keys": [ - "name", - "namespace" - ], - "x-kubernetes-list-type": "map" + "projectRequestMessage": { + "description": "projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint", + "type": "string", + "default": "" }, - "startTime": { - "description": "startTime is the time when Insights data gathering started.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "projectRequestTemplate": { + "description": "projectRequestTemplate is the template to use for creating projects in response to projectrequest. It is in the format namespace/template and it is optional. If it is not specified, a default template is used.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.insights.v1alpha2.GathererConfig": { - "description": "gathererConfig allows to configure specific gatherers", + "com.github.openshift.api.openshiftcontrolplane.v1.RegistryLocation": { + "description": "RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'.", "type": "object", "required": [ - "name", - "state" + "domainName" ], "properties": { - "name": { - "description": "name is the required name of a specific gatherer It may not exceed 256 characters. The format for a gatherer name is: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + "domainName": { + "description": "domainName specifies a domain name for the registry In case the registry use non-standard (80 or 443) port, the port should be included in the domain name as well.", "type": "string", "default": "" }, - "state": { - "description": "state is a required field that allows you to configure specific gatherer. Valid values are \"Enabled\" and \"Disabled\". When set to Enabled the gatherer will run. When set to Disabled the gatherer will not run.", - "type": "string", - "default": "" + "insecure": { + "description": "insecure indicates whether the registry is secure (https) or insecure (http) By default (if not specified) the registry is assumed as secure.", + "type": "boolean" } } }, - "com.github.openshift.api.insights.v1alpha2.GathererStatus": { - "description": "gathererStatus represents information about a particular data gatherer.", + "com.github.openshift.api.openshiftcontrolplane.v1.ResourceQuotaControllerConfig": { "type": "object", "required": [ - "name", - "lastGatherSeconds" + "concurrentSyncs", + "syncPeriod", + "minResyncPeriod" ], "properties": { - "conditions": { - "description": "conditions provide details on the status of each gatherer.\n\nThe current condition type is DataGathered\n\nThe DataGathered condition is used to represent whether or not the data was gathered by a gatherer specified by name. When it has a status of True and a reason of GatheredOK, the data has been successfully gathered as expected. When it has a status of False and a reason of NoData, no data was gathered—for example, when the resource is not present in the cluster. When it has a status of False and a reason of GatherError, an error occurred and no data was gathered. When it has a status of False and a reason of GatherPanic, a panic occurred during gathering and no data was collected. When it has a status of False and a reason of GatherWithErrorReason, data was partially gathered or gathered with an error message.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "lastGatherSeconds": { - "description": "lastGatherSeconds is required field that represents the time spent gathering in seconds", + "concurrentSyncs": { "type": "integer", "format": "int32", "default": 0 }, - "name": { - "description": "name is the required name of the gatherer. It must contain at least 5 characters and may not exceed 256 characters.", - "type": "string", - "default": "" + "minResyncPeriod": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + }, + "syncPeriod": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" } } }, - "com.github.openshift.api.insights.v1alpha2.Gatherers": { - "description": "Gathereres specifies the configuration of the gatherers", + "com.github.openshift.api.openshiftcontrolplane.v1.RoutingConfig": { + "description": "RoutingConfig holds the necessary configuration options for routing to subdomains", "type": "object", "required": [ - "mode" + "subdomain" ], "properties": { - "custom": { - "description": "custom provides gathering configuration. It is required when mode is Custom, and forbidden otherwise. Custom configuration allows user to disable only a subset of gatherers. Gatherers that are not explicitly disabled in custom configuration will run.", - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.Custom" - }, - "mode": { - "description": "mode is a required field that specifies the mode for gatherers. Allowed values are All and Custom. When set to All, all gatherers wil run and gather data. When set to Custom, the custom configuration from the custom field will be applied.", + "subdomain": { + "description": "subdomain is the suffix appended to $service.$namespace. to form the default route hostname DEPRECATED: This field is being replaced by routers setting their own defaults. This is the \"default\" route.", "type": "string", "default": "" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "mode", - "fields-to-discriminateBy": { - "custom": "Custom" - } - } - ] + } }, - "com.github.openshift.api.insights.v1alpha2.HealthCheck": { - "description": "healthCheck represents an Insights health check attributes.", + "com.github.openshift.api.openshiftcontrolplane.v1.SecurityAllocator": { + "description": "SecurityAllocator controls the automatic allocation of UIDs and MCS labels to a project. If nil, allocation is disabled.", "type": "object", "required": [ - "description", - "totalRisk", - "advisorURI" + "uidAllocatorRange", + "mcsAllocatorRange", + "mcsLabelsPerProject" ], "properties": { - "advisorURI": { - "description": "advisorURI is required field that provides the URL link to the Insights Advisor. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", + "mcsAllocatorRange": { + "description": "mcsAllocatorRange defines the range of MCS categories that will be assigned to namespaces. The format is \"/[,]\". The default is \"s0/2\" and will allocate from c0 -> c1023, which means a total of 535k labels are available (1024 choose 2 ~ 535k). If this value is changed after startup, new projects may receive labels that are already allocated to other projects. Prefix may be any valid SELinux set of terms (including user, role, and type), although leaving them as the default will allow the server to set them automatically.\n\nExamples: * s0:/2 - Allocate labels from s0:c0,c0 to s0:c511,c511 * s0:/2,512 - Allocate labels from s0:c0,c0,c0 to s0:c511,c511,511", "type": "string", "default": "" }, - "description": { - "description": "description is required field that provides basic description of the healtcheck. It must contain at least 10 characters and may not exceed 2048 characters.", - "type": "string", - "default": "" + "mcsLabelsPerProject": { + "description": "mcsLabelsPerProject defines the number of labels that should be reserved per project. The default is 5 to match the default UID and MCS ranges (100k namespaces, 535k/5 labels).", + "type": "integer", + "format": "int32", + "default": 0 }, - "totalRisk": { - "description": "totalRisk is the required field of the healthcheck. It is indicator of the total risk posed by the detected issue; combination of impact and likelihood. Allowed values are Low, Medium, Important and Critical. The value represents the severity of the issue.", + "uidAllocatorRange": { + "description": "uidAllocatorRange defines the total set of Unix user IDs (UIDs) that will be allocated to projects automatically, and the size of the block each namespace gets. For example, 1000-1999/10 will allocate ten UIDs per namespace, and will be able to allocate up to 100 blocks before running out of space. The default is to allocate from 1 billion to 2 billion in 10k blocks (which is the expected size of the ranges container images will use once user namespaces are started).", "type": "string", "default": "" } } }, - "com.github.openshift.api.insights.v1alpha2.InsightsReport": { - "description": "insightsReport provides Insights health check report based on the most recently sent Insights data.", + "com.github.openshift.api.openshiftcontrolplane.v1.ServiceAccountControllerConfig": { "type": "object", + "required": [ + "managedNames" + ], "properties": { - "downloadedTime": { - "description": "downloadedTime is an optional time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled).", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "healthChecks": { - "description": "healthChecks provides basic information about active Insights health checks in a cluster.", + "managedNames": { + "description": "managedNames is a list of service account names that will be auto-created in every namespace. If no names are specified, the ServiceAccountsController will not be started.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.HealthCheck" - }, - "x-kubernetes-list-map-keys": [ - "advisorURI", - "totalRisk", - "description" - ], - "x-kubernetes-list-type": "map" - }, - "uri": { - "description": "uri is optional field that provides the URL link from which the report was downloaded. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", - "type": "string" + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.insights.v1alpha2.ObjectReference": { - "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "com.github.openshift.api.openshiftcontrolplane.v1.ServiceServingCert": { + "description": "ServiceServingCert holds configuration for service serving cert signer which creates cert/key pairs for pods fulfilling a service to serve with.", "type": "object", "required": [ - "group", - "resource", - "name", - "namespace" + "signer" ], "properties": { - "group": { - "description": "group is required field that specifies the API Group of the Resource. Enter empty string for the core group. This value is empty or it should follow the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start with an alphabetic character and end with an alphanumeric character. Example: \"\", \"apps\", \"build.openshift.io\", etc.", - "type": "string", - "default": "" - }, - "name": { - "description": "name is required field that specifies the referent that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start with an alphabetic character and end with an alphanumeric character..", - "type": "string", - "default": "" - }, - "namespace": { - "description": "namespace if required field of the referent that follows the DNS1123 labels format. It must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character.", - "type": "string", - "default": "" - }, - "resource": { - "description": "resource is required field of the type that is being referenced and follows the DNS1035 format. It is normally the plural form of the resource kind in lowercase. It must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character. Example: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", - "type": "string", - "default": "" + "signer": { + "description": "signer holds the signing information used to automatically sign serving certificates. If this value is nil, then certs are not signed automatically.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.CertInfo" } } }, - "com.github.openshift.api.insights.v1alpha2.PersistentVolumeClaimReference": { - "description": "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", + "com.github.openshift.api.openshiftcontrolplane.v1.SourceStrategyDefaultsConfig": { + "description": "SourceStrategyDefaultsConfig contains values that apply to builds using the source strategy.", "type": "object", - "required": [ - "name" - ], "properties": { - "name": { - "description": "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", - "type": "string", - "default": "" + "incremental": { + "description": "incremental indicates if s2i build strategies should perform an incremental build or not", + "type": "boolean" } } }, - "com.github.openshift.api.insights.v1alpha2.PersistentVolumeConfig": { - "description": "persistentVolumeConfig provides configuration options for PersistentVolume storage.", + "com.github.openshift.api.operator.v1.AWSCSIDriverConfigSpec": { + "description": "AWSCSIDriverConfigSpec defines properties that can be configured for the AWS CSI driver.", "type": "object", - "required": [ - "claim" - ], "properties": { - "claim": { - "description": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.PersistentVolumeClaimReference" + "efsVolumeMetrics": { + "description": "efsVolumeMetrics sets the configuration for collecting metrics from EFS volumes used by the EFS CSI Driver.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSEFSVolumeMetrics" }, - "mountPath": { - "description": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", + "kmsKeyARN": { + "description": "kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, rather than the default KMS key used by AWS. The value may be either the ARN or Alias ARN of a KMS key.\n\nThe ARN must follow the format: arn::kms:::(key|alias)/, where: is the AWS partition (aws, aws-cn, aws-us-gov, aws-iso, aws-iso-b, aws-iso-e, aws-iso-f, or aws-eusc), is the AWS region, is a 12-digit numeric identifier for the AWS account, is the KMS key ID or alias name.", "type": "string" } } }, - "com.github.openshift.api.insights.v1alpha2.Storage": { - "description": "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", + "com.github.openshift.api.operator.v1.AWSClassicLoadBalancerParameters": { + "description": "AWSClassicLoadBalancerParameters holds configuration parameters for an AWS Classic load balancer.", + "type": "object", + "properties": { + "connectionIdleTimeout": { + "description": "connectionIdleTimeout specifies the maximum time period that a connection may be idle before the load balancer closes the connection. The value must be parseable as a time duration value; see . A nil or zero value means no opinion, in which case a default value is used. The default value for this field is 60s. This default is subject to change.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + }, + "subnets": { + "description": "subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10.\n\nIn order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values.\n\nWhen omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSSubnets" + } + } + }, + "com.github.openshift.api.operator.v1.AWSEFSVolumeMetrics": { + "description": "AWSEFSVolumeMetrics defines the configuration for volume metrics in the EFS CSI Driver.", "type": "object", "required": [ - "type" + "state" ], "properties": { - "persistentVolume": { - "description": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.PersistentVolumeConfig" + "recursiveWalk": { + "description": "recursiveWalk provides additional configuration for collecting volume metrics in the AWS EFS CSI Driver when the state is set to RecursiveWalk.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSEFSVolumeMetricsRecursiveWalkConfig" }, - "type": { - "description": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the PersistentVolume field.", + "state": { + "description": "state defines the state of metric collection in the AWS EFS CSI Driver. This field is required and must be set to one of the following values: Disabled or RecursiveWalk. Disabled means no metrics collection will be performed. This is the default value. RecursiveWalk means the AWS EFS CSI Driver will recursively scan volumes to collect metrics. This process may result in high CPU and memory usage, depending on the volume size.", "type": "string", "default": "" } }, "x-kubernetes-unions": [ { - "discriminator": "type", + "discriminator": "state", "fields-to-discriminateBy": { - "persistentVolume": "PersistentVolume" + "recursiveWalk": "RecursiveWalk" } } ] }, - "com.github.openshift.api.kubecontrolplane.v1.AggregatorConfig": { - "description": "AggregatorConfig holds information required to make the aggregator function.", + "com.github.openshift.api.operator.v1.AWSEFSVolumeMetricsRecursiveWalkConfig": { + "description": "AWSEFSVolumeMetricsRecursiveWalkConfig defines options for volume metrics in the EFS CSI Driver.", "type": "object", - "required": [ - "proxyClientInfo" - ], "properties": { - "proxyClientInfo": { - "description": "proxyClientInfo specifies the client cert/key to use when proxying to aggregated API servers", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.CertInfo" + "fsRateLimit": { + "description": "fsRateLimit defines the rate limit, in goroutines per file system, for processing volume metrics. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 5. The valid range is from 1 to 100 goroutines.", + "type": "integer", + "format": "int32" + }, + "refreshPeriodMinutes": { + "description": "refreshPeriodMinutes specifies the frequency, in minutes, at which volume metrics are refreshed. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 240. The valid range is from 1 to 43200 minutes (30 days).", + "type": "integer", + "format": "int32" } } }, - "com.github.openshift.api.kubecontrolplane.v1.KubeAPIServerConfig": { - "description": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.operator.v1.AWSLoadBalancerParameters": { + "description": "AWSLoadBalancerParameters provides configuration settings that are specific to AWS load balancers.", "type": "object", "required": [ - "servingInfo", - "corsAllowedOrigins", - "auditConfig", - "storageConfig", - "admission", - "kubeClientConfig", - "authConfig", - "aggregatorConfig", - "kubeletClientInfo", - "servicesSubnet", - "servicesNodePortRange", - "consolePublicURL", - "userAgentMatchingConfig", - "imagePolicyConfig", - "projectConfig", - "serviceAccountPublicKeyFiles", - "oauthConfig", - "apiServerArguments" + "type" ], "properties": { - "admission": { - "description": "admissionConfig holds information about how to configure admission.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AdmissionConfig" - }, - "aggregatorConfig": { - "description": "aggregatorConfig has options for configuring the aggregator component of the API server.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.AggregatorConfig" - }, - "apiServerArguments": { - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string", - "default": "" - } - } - }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "auditConfig": { - "description": "auditConfig describes how to configure audit information", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AuditConfig" + "classicLoadBalancer": { + "description": "classicLoadBalancerParameters holds configuration parameters for an AWS classic load balancer. Present only if type is Classic.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSClassicLoadBalancerParameters" }, - "authConfig": { - "description": "authConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.MasterAuthConfig" + "networkLoadBalancer": { + "description": "networkLoadBalancerParameters holds configuration parameters for an AWS network load balancer. Present only if type is NLB.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSNetworkLoadBalancerParameters" }, - "consolePublicURL": { - "description": "DEPRECATED: consolePublicURL has been deprecated and setting it has no effect.", + "type": { + "description": "type is the type of AWS load balancer to instantiate for an ingresscontroller.\n\nValid values are:\n\n* \"Classic\": A Classic Load Balancer that makes routing decisions at either\n the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See\n the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb\n\n* \"NLB\": A Network Load Balancer that makes routing decisions at the\n transport layer (TCP/SSL). See the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb", "type": "string", "default": "" - }, - "corsAllowedOrigins": { - "description": "corsAllowedOrigins", + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "classicLoadBalancer": "ClassicLoadBalancerParameters", + "networkLoadBalancer": "NetworkLoadBalancerParameters" + } + } + ] + }, + "com.github.openshift.api.operator.v1.AWSNetworkLoadBalancerParameters": { + "description": "AWSNetworkLoadBalancerParameters holds configuration parameters for an AWS Network load balancer. For Example: Setting AWS EIPs https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html", + "type": "object", + "properties": { + "eipAllocations": { + "description": "eipAllocations is a list of IDs for Elastic IP (EIP) addresses that are assigned to the Network Load Balancer. The following restrictions apply:\n\neipAllocations can only be used with external scope, not internal. An EIP can be allocated to only a single IngressController. The number of EIP allocations must match the number of subnets that are used for the load balancer. Each EIP allocation must be unique. A maximum of 10 EIP allocations are permitted.\n\nSee https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general information about configuration, characteristics, and limitations of Elastic IP addresses.", "type": "array", "items": { "type": "string", "default": "" - } - }, - "imagePolicyConfig": { - "description": "imagePolicyConfig feeds the image policy admission plugin", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.KubeAPIServerImagePolicyConfig" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "kubeClientConfig": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.KubeClientConfig" - }, - "kubeletClientInfo": { - "description": "kubeletClientInfo contains information about how to connect to kubelets", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.KubeletConnectionInfo" - }, - "minimumKubeletVersion": { - "description": "minimumKubeletVersion is the lowest version of a kubelet that can join the cluster. Specifically, the apiserver will deny most authorization requests of kubelets that are older than the specified version, only allowing the kubelet to get and update its node object, and perform subjectaccessreviews. This means any kubelet that attempts to join the cluster will not be able to run any assigned workloads, and will eventually be marked as not ready. Its max length is 8, so maximum version allowed is either \"9.999.99\" or \"99.99.99\". Since the kubelet reports the version of the kubernetes release, not Openshift, this field references the underlying kubernetes version this version of Openshift is based off of. In other words: if an admin wishes to ensure no nodes run an older version than Openshift 4.17, then they should set the minimumKubeletVersion to 1.30.0. When comparing versions, the kubelet's version is stripped of any contents outside of major.minor.patch version. Thus, a kubelet with version \"1.0.0-ec.0\" will be compatible with minimumKubeletVersion \"1.0.0\" or earlier.", - "type": "string", - "default": "" - }, - "oauthConfig": { - "description": "oauthConfig, if present start the /oauth endpoint in this process", - "$ref": "#/definitions/com.github.openshift.api.osin.v1.OAuthConfig" - }, - "projectConfig": { - "description": "projectConfig feeds an admission plugin", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.KubeAPIServerProjectConfig" + }, + "x-kubernetes-list-type": "atomic" }, - "serviceAccountPublicKeyFiles": { - "description": "serviceAccountPublicKeyFiles is a list of files, each containing a PEM-encoded public RSA key. (If any file contains a private key, the public portion of the key is used) The list of public keys is used to verify presented service account tokens. Each key is tried in order until the list is exhausted or verification succeeds. If no keys are specified, no service account authentication will be available.", + "subnets": { + "description": "subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10.\n\nIn order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values.\n\nWhen omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSSubnets" + } + } + }, + "com.github.openshift.api.operator.v1.AWSSubnets": { + "description": "AWSSubnets contains a list of references to AWS subnets by ID or name.", + "type": "object", + "properties": { + "ids": { + "description": "ids specifies a list of AWS subnets by subnet ID. Subnet IDs must start with \"subnet-\", consist only of alphanumeric characters, must be exactly 24 characters long, must be unique, and the total number of subnets specified by ids and names must not exceed 10.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" }, - "servicesNodePortRange": { - "description": "servicesNodePortRange is the range to use for assigning service public ports on a host.", - "type": "string", - "default": "" + "names": { + "description": "names specifies a list of AWS subnets by subnet name. Subnet names must not start with \"subnet-\", must not include commas, must be under 256 characters in length, must be unique, and the total number of subnets specified by ids and names must not exceed 10.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "com.github.openshift.api.operator.v1.AccessLogging": { + "description": "AccessLogging describes how client requests should be logged.", + "type": "object", + "required": [ + "destination" + ], + "properties": { + "destination": { + "description": "destination is where access logs go.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.LoggingDestination" }, - "servicesSubnet": { - "description": "servicesSubnet is the subnet to use for assigning service IPs", - "type": "string", - "default": "" + "httpCaptureCookies": { + "description": "httpCaptureCookies specifies HTTP cookies that should be captured in access logs. If this field is empty, no cookies are captured.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookie" + }, + "x-kubernetes-list-type": "atomic" }, - "servingInfo": { - "description": "servingInfo describes how to start serving", + "httpCaptureHeaders": { + "description": "httpCaptureHeaders defines HTTP headers that should be captured in access logs. If this field is empty, no headers are captured.\n\nNote that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be captured for TLS passthrough connections.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeaders" }, - "storageConfig": { - "description": "storageConfig contains information about how to use", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.EtcdStorageConfig" + "httpLogFormat": { + "description": "httpLogFormat specifies the format of the log message for an HTTP request.\n\nIf this field is empty, log messages use the implementation's default HTTP log format. For HAProxy's default HTTP log format, see the HAProxy documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3\n\nNote that this format only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). It does not affect the log format for TLS passthrough connections.", + "type": "string" }, - "userAgentMatchingConfig": { - "description": "userAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.UserAgentMatchingConfig" + "logEmptyRequests": { + "description": "logEmptyRequests specifies how connections on which no request is received should be logged. Typically, these empty requests come from load balancers' health probes or Web browsers' speculative connections (\"preconnect\"), in which case logging these requests may be undesirable. However, these requests may also be caused by network errors, in which case logging empty requests may be useful for diagnosing the errors. In addition, these requests may be caused by port scans, in which case logging empty requests may aid in detecting intrusion attempts. Allowed values for this field are \"Log\" and \"Ignore\". The default value is \"Log\".", + "type": "string" } } }, - "com.github.openshift.api.kubecontrolplane.v1.KubeAPIServerImagePolicyConfig": { + "com.github.openshift.api.operator.v1.AddPage": { + "description": "AddPage allows customizing actions on the Add page in developer perspective.", "type": "object", - "required": [ - "internalRegistryHostname", - "externalRegistryHostnames" - ], "properties": { - "externalRegistryHostnames": { - "description": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", + "disabledActions": { + "description": "disabledActions is a list of actions that are not shown to users. Each action in the list is represented by its ID.", "type": "array", "items": { "type": "string", "default": "" } - }, - "internalRegistryHostname": { - "description": "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format.", - "type": "string", - "default": "" } } }, - "com.github.openshift.api.kubecontrolplane.v1.KubeAPIServerProjectConfig": { + "com.github.openshift.api.operator.v1.AdditionalNetworkDefinition": { + "description": "AdditionalNetworkDefinition configures an extra network that is available but not created by default. Instead, pods must request them by name. type must be specified, along with exactly one \"Config\" that matches the type.", "type": "object", "required": [ - "defaultNodeSelector" + "type", + "name" ], "properties": { - "defaultNodeSelector": { - "description": "defaultNodeSelector holds default project node label selector", + "name": { + "description": "name is the name of the network. This will be populated in the resulting CRD This must be unique.", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.kubecontrolplane.v1.KubeControllerManagerConfig": { - "description": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "type": "object", - "required": [ - "serviceServingCert", - "projectConfig", - "extendedArguments" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" }, - "extendedArguments": { - "description": "extendedArguments is used to configure the kube-controller-manager", - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string", - "default": "" - } - } + "namespace": { + "description": "namespace is the namespace of the network. This will be populated in the resulting CRD If not given the network will be created in the default namespace.", + "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "rawCNIConfig": { + "description": "rawCNIConfig is the raw CNI configuration json to create in the NetworkAttachmentDefinition CRD", "type": "string" }, - "projectConfig": { - "description": "projectConfig is an optimization for the daemonset controller", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.KubeControllerManagerProjectConfig" + "simpleMacvlanConfig": { + "description": "simpleMacvlanConfig configures the macvlan interface in case of type:NetworkTypeSimpleMacvlan", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.SimpleMacvlanConfig" }, - "serviceServingCert": { - "description": "serviceServingCert provides support for the old alpha service serving cert signer CA bundle", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.ServiceServingCert" + "type": { + "description": "type is the type of network The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.kubecontrolplane.v1.KubeControllerManagerProjectConfig": { + "com.github.openshift.api.operator.v1.AdditionalRoutingCapabilities": { + "description": "AdditionalRoutingCapabilities describes components and relevant configuration providing advanced routing capabilities.", "type": "object", "required": [ - "defaultNodeSelector" + "providers" ], "properties": { - "defaultNodeSelector": { - "description": "defaultNodeSelector holds default project node label selector", - "type": "string", - "default": "" + "providers": { + "description": "providers is a set of enabled components that provide additional routing capabilities. Entries on this list must be unique. The only valid value is currrently \"FRR\" which provides FRR routing capabilities through the deployment of FRR.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.kubecontrolplane.v1.KubeletConnectionInfo": { - "description": "KubeletConnectionInfo holds information necessary for connecting to a kubelet", + "com.github.openshift.api.operator.v1.Authentication": { + "description": "Authentication provides information to configure an operator to manage authentication.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "port", - "ca", - "certFile", - "keyFile" + "spec" ], "properties": { - "ca": { - "description": "ca is the CA for verifying TLS connections to kubelets", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "port": { - "description": "port is the port to connect to kubelets on", - "type": "integer", - "format": "int64", - "default": 0 + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AuthenticationSpec" + }, + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AuthenticationStatus" } } }, - "com.github.openshift.api.kubecontrolplane.v1.MasterAuthConfig": { - "description": "MasterAuthConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", + "com.github.openshift.api.operator.v1.AuthenticationList": { + "description": "AuthenticationList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "requestHeader", - "webhookTokenAuthenticators", - "oauthMetadataFile" + "metadata", + "items" ], "properties": { - "oauthMetadataFile": { - "description": "oauthMetadataFile is a path to a file containing the discovery endpoint for OAuth 2.0 Authorization Server Metadata for an external OAuth server. See IETF Draft: // https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This option is mutually exclusive with OAuthConfig", - "type": "string", - "default": "" - }, - "requestHeader": { - "description": "requestHeader holds options for setting up a front proxy against the API. It is optional.", - "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.RequestHeaderAuthenticationOptions" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "webhookTokenAuthenticators": { - "description": "webhookTokenAuthenticators, if present configures remote token reviewers", + "items": { "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.WebhookTokenAuthenticator" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Authentication" } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.kubecontrolplane.v1.RequestHeaderAuthenticationOptions": { - "description": "RequestHeaderAuthenticationOptions provides options for setting up a front proxy against the entire API instead of against the /oauth endpoint.", + "com.github.openshift.api.operator.v1.AuthenticationSpec": { "type": "object", "required": [ - "clientCA", - "clientCommonNames", - "usernameHeaders", - "groupHeaders", - "extraHeaderPrefixes" + "managementState" ], "properties": { - "clientCA": { - "description": "clientCA is a file with the trusted signer certs. It is required.", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", "default": "" }, - "clientCommonNames": { - "description": "clientCommonNames is a required list of common names to require a match from.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "extraHeaderPrefixes": { - "description": "extraHeaderPrefixes is the set of request header prefixes to inspect for user extra. X-Remote-Extra- is suggested.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" }, - "groupHeaders": { - "description": "groupHeaders is the set of headers to check for group information. All are unioned.", + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + } + } + }, + "com.github.openshift.api.operator.v1.AuthenticationStatus": { + "type": "object", + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "usernameHeaders": { - "description": "usernameHeaders is the list of headers to check for user information. First hit wins.", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" + }, + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" + }, + "oauthAPIServer": { + "description": "oauthAPIServer holds status specific only to oauth-apiserver", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OAuthAPIServerStatus" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } } }, - "com.github.openshift.api.kubecontrolplane.v1.ServiceServingCert": { - "description": "ServiceServingCert holds configuration for service serving cert signer which creates cert/key pairs for pods fulfilling a service to serve with.", + "com.github.openshift.api.operator.v1.AzureCSIDriverConfigSpec": { + "description": "AzureCSIDriverConfigSpec defines properties that can be configured for the Azure CSI driver.", "type": "object", - "required": [ - "certFile" - ], "properties": { - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" + "diskEncryptionSet": { + "description": "diskEncryptionSet sets the cluster default storage class to encrypt volumes with a customer-managed encryption set, rather than the default platform-managed keys.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AzureDiskEncryptionSet" } } }, - "com.github.openshift.api.kubecontrolplane.v1.UserAgentDenyRule": { - "description": "UserAgentDenyRule adds a rejection message that can be used to help a user figure out how to get an approved client", + "com.github.openshift.api.operator.v1.AzureDiskEncryptionSet": { + "description": "AzureDiskEncryptionSet defines the configuration for a disk encryption set.", "type": "object", "required": [ - "regex", - "httpVerbs", - "rejectionMessage" + "subscriptionID", + "resourceGroup", + "name" ], "properties": { - "httpVerbs": { - "description": "httpVerbs specifies which HTTP verbs should be matched. An empty list means \"match all verbs\".", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "name": { + "description": "name is the name of the disk encryption set that will be set on the default storage class. The value should consist of only alphanumberic characters, underscores (_), hyphens, and be at most 80 characters in length.", + "type": "string", + "default": "" }, - "regex": { - "description": "regex is a regex that is checked against the User-Agent. Known variants of oc clients 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f", + "resourceGroup": { + "description": "resourceGroup defines the Azure resource group that contains the disk encryption set. The value should consist of only alphanumberic characters, underscores (_), parentheses, hyphens and periods. The value should not end in a period and be at most 90 characters in length.", "type": "string", "default": "" }, - "rejectionMessage": { - "description": "rejectionMessage is the message shown when rejecting a client. If it is not a set, the default message is used.", + "subscriptionID": { + "description": "subscriptionID defines the Azure subscription that contains the disk encryption set. The value should meet the following conditions: 1. It should be a 128-bit number. 2. It should be 36 characters (32 hexadecimal characters and 4 hyphens) long. 3. It should be displayed in five groups separated by hyphens (-). 4. The first group should be 8 characters long. 5. The second, third, and fourth groups should be 4 characters long. 6. The fifth group should be 12 characters long. An Example SubscrionID: f2007bbf-f802-4a47-9336-cf7c6b89b378", "type": "string", "default": "" } } }, - "com.github.openshift.api.kubecontrolplane.v1.UserAgentMatchRule": { - "description": "UserAgentMatchRule describes how to match a given request based on User-Agent and HTTPVerb", + "com.github.openshift.api.operator.v1.BootImageSkewEnforcementConfig": { + "description": "BootImageSkewEnforcementConfig is used to configure how boot image version skew is enforced on the cluster.", "type": "object", "required": [ - "regex", - "httpVerbs" + "mode" ], "properties": { - "httpVerbs": { - "description": "httpVerbs specifies which HTTP verbs should be matched. An empty list means \"match all verbs\".", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "manual": { + "description": "manual describes the current boot image of the cluster. This should be set to the oldest boot image used amongst all machine resources in the cluster. This must include either the RHCOS version of the boot image or the OCP release version which shipped with that RHCOS boot image. Required when mode is set to \"Manual\" and forbidden otherwise.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterBootImageManual" }, - "regex": { - "description": "regex is a regex that is checked against the User-Agent. Known variants of oc clients 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f", - "type": "string", - "default": "" + "mode": { + "description": "mode determines the underlying behavior of skew enforcement mechanism. Valid values are Manual and None. Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP & RHCOS version associated with the last boot image update in the manual field. In Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the skew limit described by the release image. None means that the MCO will no longer monitor the boot image skew. This may affect the cluster's ability to scale. This field is required.", + "type": "string" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "mode", + "fields-to-discriminateBy": { + "manual": "Manual" + } + } + ] }, - "com.github.openshift.api.kubecontrolplane.v1.UserAgentMatchingConfig": { - "description": "UserAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!", + "com.github.openshift.api.operator.v1.BootImageSkewEnforcementStatus": { + "description": "BootImageSkewEnforcementStatus is the type for the status object. It represents the cluster defaults when the boot image skew enforcement configuration is undefined and reflects the actual configuration when it is defined.", "type": "object", "required": [ - "requiredClients", - "deniedClients", - "defaultRejectionMessage" + "mode" ], "properties": { - "defaultRejectionMessage": { - "description": "defaultRejectionMessage is the message shown when rejecting a client. If it is not a set, a generic message is given.", - "type": "string", - "default": "" + "automatic": { + "description": "automatic describes the current boot image of the cluster. This will be populated by the MCO when performing boot image updates. This value will be compared against the cluster's skew limit to determine skew compliance. Required when mode is set to \"Automatic\" and forbidden otherwise.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterBootImageAutomatic" }, - "deniedClients": { - "description": "deniedClients if this list is non-empty, then a User-Agent must not match any of the UserAgentRegexes", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.UserAgentDenyRule" - } + "manual": { + "description": "manual describes the current boot image of the cluster. This will be populated by the MCO using the values provided in the spec.bootImageSkewEnforcement.manual field. This value will be compared against the cluster's skew limit to determine skew compliance. Required when mode is set to \"Manual\" and forbidden otherwise.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterBootImageManual" }, - "requiredClients": { - "description": "requiredClients if this list is non-empty, then a User-Agent must match one of the UserAgentRegexes to be allowed", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.UserAgentMatchRule" + "mode": { + "description": "mode determines the underlying behavior of skew enforcement mechanism. Valid values are Automatic, Manual and None. Automatic means that the MCO will perform boot image updates and store the OCP & RHCOS version associated with the last boot image update in the automatic field. Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP & RHCOS version associated with the last boot image update in the manual field. In Automatic and Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the skew limit described by the release image. None means that the MCO will no longer monitor the boot image skew. This may affect the cluster's ability to scale. This field is required.", + "type": "string" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "mode", + "fields-to-discriminateBy": { + "automatic": "Automatic", + "manual": "Manual" } } - } + ] }, - "com.github.openshift.api.kubecontrolplane.v1.WebhookTokenAuthenticator": { - "description": "WebhookTokenAuthenticators holds the necessary configuation options for external token authenticators", + "com.github.openshift.api.operator.v1.CSIDriverConfigSpec": { + "description": "CSIDriverConfigSpec defines configuration spec that can be used to optionally configure a specific CSI Driver.", "type": "object", "required": [ - "configFile", - "cacheTTL" + "driverType" ], "properties": { - "cacheTTL": { - "description": "cacheTTL indicates how long an authentication result should be cached. It takes a valid time duration string (e.g. \"5m\"). If empty, you get a default timeout of 2 minutes. If zero (e.g. \"0m\"), caching is disabled", - "type": "string", - "default": "" + "aws": { + "description": "aws is used to configure the AWS CSI driver.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSCSIDriverConfigSpec" }, - "configFile": { - "description": "configFile is a path to a Kubeconfig file with the webhook configuration", + "azure": { + "description": "azure is used to configure the Azure CSI driver.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AzureCSIDriverConfigSpec" + }, + "driverType": { + "description": "driverType indicates type of CSI driver for which the driverConfig is being applied to. Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. Consumers should treat unknown values as a NO-OP.", "type": "string", "default": "" + }, + "gcp": { + "description": "gcp is used to configure the GCP CSI driver.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GCPCSIDriverConfigSpec" + }, + "ibmcloud": { + "description": "ibmcloud is used to configure the IBM Cloud CSI driver.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IBMCloudCSIDriverConfigSpec" + }, + "vSphere": { + "description": "vSphere is used to configure the vsphere CSI driver.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.VSphereCSIDriverConfigSpec" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "driverType", + "fields-to-discriminateBy": { + "aws": "AWS", + "azure": "Azure", + "gcp": "GCP", + "ibmcloud": "IBMCloud", + "vSphere": "VSphere" + } + } + ] }, - "com.github.openshift.api.legacyconfig.v1.ActiveDirectoryConfig": { - "description": "ActiveDirectoryConfig holds the necessary configuration options to define how an LDAP group sync interacts with an LDAP server using the Active Directory schema", + "com.github.openshift.api.operator.v1.CSISnapshotController": { + "description": "CSISnapshotController provides a means to configure an operator to manage the CSI snapshots. `cluster` is the canonical name.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "usersQuery", - "userNameAttributes", - "groupMembershipAttributes" + "spec" ], "properties": { - "groupMembershipAttributes": { - "description": "groupMembershipAttributes defines which attributes on an LDAP user entry will be interpreted as the groups it is a member of", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "userNameAttributes": { - "description": "userNameAttributes defines which attributes on an LDAP user entry will be interpreted as its OpenShift user name.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "usersQuery": { - "description": "AllUsersQuery holds the template for an LDAP query that returns user entries.", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LDAPQuery" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.CSISnapshotControllerSpec" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.CSISnapshotControllerStatus" } } }, - "com.github.openshift.api.legacyconfig.v1.AdmissionConfig": { - "description": "AdmissionConfig holds the necessary configuration options for admission", + "com.github.openshift.api.operator.v1.CSISnapshotControllerList": { + "description": "CSISnapshotControllerList contains a list of CSISnapshotControllers.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "pluginConfig" + "items" ], "properties": { - "pluginConfig": { - "description": "pluginConfig allows specifying a configuration file per admission control plugin", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.AdmissionPluginConfig" - } + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "pluginOrderOverride": { - "description": "pluginOrderOverride is a list of admission control plugin names that will be installed on the master. Order is significant. If empty, a default list of plugins is used.", + "items": { "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.CSISnapshotController" } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.legacyconfig.v1.AdmissionPluginConfig": { - "description": "AdmissionPluginConfig holds the necessary configuration options for admission plugins", + "com.github.openshift.api.operator.v1.CSISnapshotControllerSpec": { + "description": "CSISnapshotControllerSpec is the specification of the desired behavior of the CSISnapshotController operator.", "type": "object", "required": [ - "location", - "configuration" + "managementState" ], "properties": { - "configuration": { - "description": "configuration is an embedded configuration object to be used as the plugin's configuration. If present, it will be used instead of the path to the configuration file.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" }, - "location": { - "description": "location is the path to a configuration file that contains the plugin's configuration", + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.legacyconfig.v1.AggregatorConfig": { - "description": "AggregatorConfig holds information required to make the aggregator function.", - "type": "object", - "required": [ - "proxyClientInfo" - ], - "properties": { - "proxyClientInfo": { - "description": "proxyClientInfo specifies the client cert/key to use when proxying to aggregated API servers", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.CertInfo" - } - } - }, - "com.github.openshift.api.legacyconfig.v1.AllowAllPasswordIdentityProvider": { - "description": "AllowAllPasswordIdentityProvider provides identities for users authenticating using non-empty passwords\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } } }, - "com.github.openshift.api.legacyconfig.v1.AuditConfig": { - "description": "AuditConfig holds configuration for the audit capabilities", + "com.github.openshift.api.operator.v1.CSISnapshotControllerStatus": { + "description": "CSISnapshotControllerStatus defines the observed status of the CSISnapshotController operator.", "type": "object", - "required": [ - "enabled", - "auditFilePath", - "maximumFileRetentionDays", - "maximumRetainedFiles", - "maximumFileSizeMegabytes", - "policyFile", - "policyConfiguration", - "logFormat", - "webHookKubeConfig", - "webHookMode" - ], "properties": { - "auditFilePath": { - "description": "All requests coming to the apiserver will be logged to this file.", - "type": "string", - "default": "" - }, - "enabled": { - "description": "If this flag is set, audit log will be printed in the logs. The logs contains, method, user and a requested URL.", - "type": "boolean", - "default": false + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "logFormat": { - "description": "Format of saved audits (legacy or json).", - "type": "string", - "default": "" + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "maximumFileRetentionDays": { - "description": "Maximum number of days to retain old log files based on the timestamp encoded in their filename.", + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", "type": "integer", - "format": "int32", - "default": 0 + "format": "int32" }, - "maximumFileSizeMegabytes": { - "description": "Maximum size in megabytes of the log file before it gets rotated. Defaults to 100MB.", + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", "type": "integer", - "format": "int32", - "default": 0 + "format": "int64" }, - "maximumRetainedFiles": { - "description": "Maximum number of old log files to retain.", + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", "type": "integer", "format": "int32", "default": 0 }, - "policyConfiguration": { - "description": "policyConfiguration is an embedded policy configuration object to be used as the audit policy configuration. If present, it will be used instead of the path to the policy file.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" - }, - "policyFile": { - "description": "policyFile is a path to the file that defines the audit policy configuration.", - "type": "string", - "default": "" - }, - "webHookKubeConfig": { - "description": "Path to a .kubeconfig formatted file that defines the audit webhook configuration.", + "version": { + "description": "version is the level this availability applies to", + "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.Capability": { + "description": "Capabilities contains set of UI capabilities and their state in the console UI.", + "type": "object", + "required": [ + "name", + "visibility" + ], + "properties": { + "name": { + "description": "name is the unique name of a capability. Available capabilities are LightspeedButton, GettingStartedBanner, and GuidedTour.", "type": "string", "default": "" }, - "webHookMode": { - "description": "Strategy for sending audit events (block or batch).", + "visibility": { + "description": "visibility defines the visibility state of the capability.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.CapabilityVisibility" + } + } + }, + "com.github.openshift.api.operator.v1.CapabilityVisibility": { + "description": "CapabilityVisibility defines the criteria to enable/disable a capability.", + "type": "object", + "required": [ + "state" + ], + "properties": { + "state": { + "description": "state defines if the capability is enabled or disabled in the console UI. Enabling the capability in the console UI is represented by the \"Enabled\" value. Disabling the capability in the console UI is represented by the \"Disabled\" value.", "type": "string", "default": "" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "state", + "fields-to-discriminateBy": {} + } + ] }, - "com.github.openshift.api.legacyconfig.v1.AugmentedActiveDirectoryConfig": { - "description": "AugmentedActiveDirectoryConfig holds the necessary configuration options to define how an LDAP group sync interacts with an LDAP server using the augmented Active Directory schema", + "com.github.openshift.api.operator.v1.ClientTLS": { + "description": "ClientTLS specifies TLS configuration to enable client-to-server authentication, which can be used for mutual TLS.", "type": "object", "required": [ - "usersQuery", - "userNameAttributes", - "groupMembershipAttributes", - "groupsQuery", - "groupUIDAttribute", - "groupNameAttributes" + "clientCertificatePolicy", + "clientCA" ], "properties": { - "groupMembershipAttributes": { - "description": "groupMembershipAttributes defines which attributes on an LDAP user entry will be interpreted as the groups it is a member of", + "allowedSubjectPatterns": { + "description": "allowedSubjectPatterns specifies a list of regular expressions that should be matched against the distinguished name on a valid client certificate to filter requests. The regular expressions must use PCRE syntax. If this list is empty, no filtering is performed. If the list is nonempty, then at least one pattern must match a client certificate's distinguished name or else the ingress controller rejects the certificate and denies the connection.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" }, - "groupNameAttributes": { - "description": "groupNameAttributes defines which attributes on an LDAP group entry will be interpreted as its name to use for an OpenShift group", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "clientCA": { + "description": "clientCA specifies a configmap containing the PEM-encoded CA certificate bundle that should be used to verify a client's certificate. The administrator must create this configmap in the openshift-config namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "groupUIDAttribute": { - "description": "GroupUIDAttributes defines which attribute on an LDAP group entry will be interpreted as its unique identifier. (ldapGroupUID)", + "clientCertificatePolicy": { + "description": "clientCertificatePolicy specifies whether the ingress controller requires clients to provide certificates. This field accepts the values \"Required\" or \"Optional\".\n\nNote that the ingress controller only checks client certificates for edge-terminated and reencrypt TLS routes; it cannot check certificates for cleartext HTTP or passthrough TLS routes.", "type": "string", "default": "" + } + } + }, + "com.github.openshift.api.operator.v1.CloudCredential": { + "description": "CloudCredential provides a means to configure an operator to manage CredentialsRequests.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "groupsQuery": { - "description": "AllGroupsQuery holds the template for an LDAP query that returns group entries.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LDAPQuery" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "userNameAttributes": { - "description": "userNameAttributes defines which attributes on an LDAP user entry will be interpreted as its OpenShift user name.", + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.CloudCredentialSpec" + }, + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.CloudCredentialStatus" + } + } + }, + "com.github.openshift.api.operator.v1.CloudCredentialList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "metadata", + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.CloudCredential" } }, - "usersQuery": { - "description": "AllUsersQuery holds the template for an LDAP query that returns user entries.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LDAPQuery" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.legacyconfig.v1.BasicAuthPasswordIdentityProvider": { - "description": "BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.operator.v1.CloudCredentialSpec": { + "description": "CloudCredentialSpec is the specification of the desired behavior of the cloud-credential-operator.", "type": "object", "required": [ - "url", - "ca", - "certFile", - "keyFile" + "managementState" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "credentialsMode": { + "description": "credentialsMode allows informing CCO that it should not attempt to dynamically determine the root cloud credentials capabilities, and it should just run in the specified mode. It also allows putting the operator into \"manual\" mode if desired. Leaving the field in default mode runs CCO so that the cluster's cloud credentials will be dynamically probed for capabilities (on supported clouds/platforms). Supported modes:\n AWS/Azure/GCP: \"\" (Default), \"Mint\", \"Passthrough\", \"Manual\"\n Others: Do not set value as other platforms only support running in \"Passthrough\"", "type": "string" }, - "ca": { - "description": "ca is the CA for verifying TLS connections", - "type": "string", - "default": "" + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", "default": "" }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - "type": "string", - "default": "" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "url": { - "description": "url is the remote URL to connect to", - "type": "string", - "default": "" + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } } }, - "com.github.openshift.api.legacyconfig.v1.BuildDefaultsConfig": { - "description": "BuildDefaultsConfig controls the default information for Builds\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.operator.v1.CloudCredentialStatus": { + "description": "CloudCredentialStatus defines the observed status of the cloud-credential-operator.", "type": "object", "properties": { - "annotations": { - "description": "annotations are annotations that will be added to the build pod", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "env": { - "description": "env is a set of default environment variables that will be applied to the build if the specified variables do not exist on the build", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" - } + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "gitHTTPProxy": { - "description": "gitHTTPProxy is the location of the HTTPProxy for Git source", + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.ClusterBootImageAutomatic": { + "description": "ClusterBootImageAutomatic is used to describe the cluster boot image in Automatic mode. It stores the RHCOS version of the boot image and the OCP release version which shipped with that RHCOS boot image. At least one of these values are required. If ocpVersion and rhcosVersion are defined, both values will be used for checking skew compliance. If only ocpVersion is defined, only that value will be used for checking skew compliance. If only rhcosVersion is defined, only that value will be used for checking skew compliance.", + "type": "object", + "properties": { + "ocpVersion": { + "description": "ocpVersion provides a string which represents the OCP version of the boot image. This field must match the OCP semver compatible format of x.y.z. This field must be between 5 and 10 characters long.", "type": "string" }, - "gitHTTPSProxy": { - "description": "gitHTTPSProxy is the location of the HTTPSProxy for Git source", + "rhcosVersion": { + "description": "rhcosVersion provides a string which represents the RHCOS version of the boot image This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between 14 and 21 characters long.", + "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.ClusterBootImageManual": { + "description": "ClusterBootImageManual is used to describe the cluster boot image in Manual mode.", + "type": "object", + "required": [ + "mode" + ], + "properties": { + "mode": { + "description": "mode is used to configure which boot image field is defined in Manual mode. Valid values are OCPVersion and RHCOSVersion. OCPVersion means that the cluster admin is expected to set the OCP version associated with the last boot image update in the OCPVersion field. RHCOSVersion means that the cluster admin is expected to set the RHCOS version associated with the last boot image update in the RHCOSVersion field. This field is required.", "type": "string" }, - "gitNoProxy": { - "description": "gitNoProxy is the list of domains for which the proxy should not be used", + "ocpVersion": { + "description": "ocpVersion provides a string which represents the OCP version of the boot image. This field must match the OCP semver compatible format of x.y.z. This field must be between 5 and 10 characters long. Required when mode is set to \"OCPVersion\" and forbidden otherwise.", "type": "string" }, - "imageLabels": { - "description": "imageLabels is a list of labels that are applied to the resulting image. User can override a default label by providing a label with the same name in their Build/BuildConfig.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageLabel" + "rhcosVersion": { + "description": "rhcosVersion provides a string which represents the RHCOS version of the boot image This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between 14 and 21 characters long. Required when mode is set to \"RHCOSVersion\" and forbidden otherwise.", + "type": "string" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "mode", + "fields-to-discriminateBy": { + "ocpVersion": "OCPVersion", + "rhcosVersion": "RHCOSVersion" } + } + ] + }, + "com.github.openshift.api.operator.v1.ClusterCSIDriver": { + "description": "ClusterCSIDriver object allows management and configuration of a CSI driver operator installed by default in OpenShift. Name of the object must be name of the CSI driver it operates. See CSIDriverName type for list of allowed values.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "nodeSelector": { - "description": "nodeSelector is a selector which must be true for the build pod to fit on a node", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "resources": { - "description": "resources defines resource requirements to execute the build.", + "spec": { + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterCSIDriverSpec" }, - "sourceStrategyDefaults": { - "description": "sourceStrategyDefaults are default values that apply to builds using the source strategy.", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.SourceStrategyDefaultsConfig" + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterCSIDriverStatus" } } }, - "com.github.openshift.api.legacyconfig.v1.BuildOverridesConfig": { - "description": "BuildOverridesConfig controls override settings for builds\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.operator.v1.ClusterCSIDriverList": { + "description": "ClusterCSIDriverList contains a list of ClusterCSIDriver\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "forcePull" + "items" ], "properties": { - "annotations": { - "description": "annotations are annotations that will be added to the build pod", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "forcePull": { - "description": "forcePull indicates whether the build strategy should always be set to ForcePull=true", - "type": "boolean", - "default": false - }, - "imageLabels": { - "description": "imageLabels is a list of labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten.", + "items": { "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageLabel" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterCSIDriver" } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "nodeSelector": { - "description": "nodeSelector is a selector which must be true for the build pod to fit on a node", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "tolerations": { - "description": "tolerations is a list of Tolerations that will override any existing tolerations set on a build pod.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" - } + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.legacyconfig.v1.CertInfo": { - "description": "CertInfo relates a certificate with a private key", + "com.github.openshift.api.operator.v1.ClusterCSIDriverSpec": { + "description": "ClusterCSIDriverSpec is the desired behavior of CSI driver operator", "type": "object", "required": [ - "certFile", - "keyFile" + "managementState" ], "properties": { - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" + "driverConfig": { + "description": "driverConfig can be used to specify platform specific driver configuration. When omitted, this means no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.CSIDriverConfigSpec" }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", "default": "" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "storageClassState": { + "description": "storageClassState determines if CSI operator should create and manage storage classes. If this field value is empty or Managed - CSI operator will continuously reconcile storage class and create if necessary. If this field value is Unmanaged - CSI operator will not reconcile any previously created storage class. If this field value is Removed - CSI operator will delete the storage class it created previously. When omitted, this means the user has no opinion and the platform chooses a reasonable default, which is subject to change over time. The current default behaviour is Managed.", + "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } } }, - "com.github.openshift.api.legacyconfig.v1.ClientConnectionOverrides": { - "description": "ClientConnectionOverrides are a set of overrides to the default client connection settings.", + "com.github.openshift.api.operator.v1.ClusterCSIDriverStatus": { + "description": "ClusterCSIDriverStatus is the observed status of CSI driver operator", "type": "object", - "required": [ - "acceptContentTypes", - "contentType", - "qps", - "burst" - ], "properties": { - "acceptContentTypes": { - "description": "acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the default value of 'application/json'. This field will control all connections to the server used by a particular client.", - "type": "string", - "default": "" + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "burst": { - "description": "burst allows extra queries to accumulate when a client is exceeding its rate.", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" + }, + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", "type": "integer", - "format": "int32", - "default": 0 + "format": "int32" }, - "contentType": { - "description": "contentType is the content type used when sending data to the server from this client.", - "type": "string", - "default": "" + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" }, - "qps": { - "description": "qps controls the number of queries per second allowed for this connection.", - "type": "number", - "format": "float", + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } } }, - "com.github.openshift.api.legacyconfig.v1.ClusterNetworkEntry": { - "description": "ClusterNetworkEntry defines an individual cluster network. The CIDRs cannot overlap with other cluster network CIDRs, CIDRs reserved for external ips, CIDRs reserved for service networks, and CIDRs reserved for ingress ips.", + "com.github.openshift.api.operator.v1.ClusterNetworkEntry": { + "description": "ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks", "type": "object", "required": [ - "cidr", - "hostSubnetLength" + "cidr" ], "properties": { "cidr": { - "description": "cidr defines the total range of a cluster networks address space.", "type": "string", "default": "" }, - "hostSubnetLength": { - "description": "hostSubnetLength is the number of bits of the accompanying CIDR address to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pod.", + "hostPrefix": { "type": "integer", - "format": "int64", - "default": 0 + "format": "int64" } } }, - "com.github.openshift.api.legacyconfig.v1.ControllerConfig": { - "description": "ControllerConfig holds configuration values for controllers", + "com.github.openshift.api.operator.v1.Config": { + "description": "Config specifies the behavior of the config operator which is responsible for creating the initial configuration of other components on the cluster. The operator also handles installation, migration or synchronization of cloud configurations for AWS and Azure cloud based clusters\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "controllers", - "election", - "serviceServingCert" + "metadata", + "spec" ], "properties": { - "controllers": { - "description": "controllers is a list of controllers to enable. '*' enables all on-by-default controllers, 'foo' enables the controller \"+ named 'foo', '-foo' disables the controller named 'foo'. Defaults to \"*\".", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "election": { - "description": "election defines the configuration for electing a controller instance to make changes to the cluster. If unspecified, the ControllerTTL value is checked to determine whether the legacy direct etcd election code will be used.", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ControllerElectionConfig" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "serviceServingCert": { - "description": "serviceServingCert holds configuration for service serving cert signer which creates cert/key pairs for pods fulfilling a service to serve with.", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ServiceServingCert" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec is the specification of the desired behavior of the Config Operator.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConfigSpec" + }, + "status": { + "description": "status defines the observed status of the Config Operator.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConfigStatus" } } }, - "com.github.openshift.api.legacyconfig.v1.ControllerElectionConfig": { - "description": "ControllerElectionConfig contains configuration values for deciding how a controller will be elected to act as leader.", + "com.github.openshift.api.operator.v1.ConfigList": { + "description": "ConfigList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "lockName", - "lockNamespace", - "lockResource" + "metadata", + "items" ], "properties": { - "lockName": { - "description": "lockName is the resource name used to act as the lock for determining which controller instance should lead.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "lockNamespace": { - "description": "lockNamespace is the resource namespace used to act as the lock for determining which controller instance should lead. It defaults to \"kube-system\"", - "type": "string", - "default": "" + "items": { + "description": "items contains the items", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Config" + } }, - "lockResource": { - "description": "lockResource is the group and resource name to use to coordinate for the controller lock. If unset, defaults to \"configmaps\".", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.GroupResource" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.legacyconfig.v1.DNSConfig": { - "description": "DNSConfig holds the necessary configuration options for DNS", + "com.github.openshift.api.operator.v1.ConfigMapFileReference": { + "description": "ConfigMapFileReference references a specific file within a ConfigMap.", "type": "object", "required": [ - "bindAddress", - "bindNetwork", - "allowRecursiveQueries" + "name", + "key" ], "properties": { - "allowRecursiveQueries": { - "description": "allowRecursiveQueries allows the DNS server on the master to answer queries recursively. Note that open resolvers can be used for DNS amplification attacks and the master DNS should not be made accessible to public networks.", - "type": "boolean", - "default": false - }, - "bindAddress": { - "description": "bindAddress is the ip:port to serve DNS on", + "key": { + "description": "key is the logo key inside the referenced ConfigMap. Must consist only of alphanumeric characters, dashes (-), underscores (_), and periods (.). Must be at most 253 characters in length. Must end in a valid file extension. A valid file extension must consist of a period followed by 2 to 5 alpha characters.", "type": "string", "default": "" }, - "bindNetwork": { - "description": "bindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", + "name": { + "description": "name is the name of the ConfigMap. name is a required field. Must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. Must be at most 253 characters in length.", "type": "string", "default": "" } } }, - "com.github.openshift.api.legacyconfig.v1.DefaultAdmissionConfig": { - "description": "DefaultAdmissionConfig can be used to enable or disable various admission plugins. When this type is present as the `configuration` object under `pluginConfig` and *if* the admission plugin supports it, this will cause an \"off by default\" admission plugin to be enabled\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.operator.v1.ConfigSpec": { "type": "object", "required": [ - "disable" + "managementState" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "disable": { - "description": "disable turns off an admission plugin that is enabled by default.", - "type": "boolean", - "default": false + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - } - } - }, - "com.github.openshift.api.legacyconfig.v1.DenyAllPasswordIdentityProvider": { - "description": "DenyAllPasswordIdentityProvider provides no identities for users\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } } }, - "com.github.openshift.api.legacyconfig.v1.DockerConfig": { - "description": "DockerConfig holds Docker related configuration options.", + "com.github.openshift.api.operator.v1.ConfigStatus": { "type": "object", - "required": [ - "execHandlerName", - "dockerShimSocket", - "dockerShimRootDirectory" - ], "properties": { - "dockerShimRootDirectory": { - "description": "dockerShimRootDirectory is the dockershim root directory.", - "type": "string", - "default": "" + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "dockerShimSocket": { - "description": "dockerShimSocket is the location of the dockershim socket the kubelet uses. Currently unix socket is supported on Linux, and tcp is supported on windows. Examples:'unix:///var/run/dockershim.sock', 'tcp://localhost:3735'", - "type": "string", - "default": "" + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "execHandlerName": { - "description": "execHandlerName is the name of the handler to use for executing commands in containers.", - "type": "string", - "default": "" + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } } }, - "com.github.openshift.api.legacyconfig.v1.EtcdConfig": { - "description": "EtcdConfig holds the necessary configuration options for connecting with an etcd database", + "com.github.openshift.api.operator.v1.Console": { + "description": "Console provides a means to configure an operator to manage the console.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "servingInfo", - "address", - "peerServingInfo", - "peerAddress", - "storageDirectory" + "spec" ], "properties": { - "address": { - "description": "address is the advertised host:port for client connections to etcd", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "peerAddress": { - "description": "peerAddress is the advertised host:port for peer connections to etcd", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "peerServingInfo": { - "description": "peerServingInfo describes how to start serving the etcd peer", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ServingInfo" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "servingInfo": { - "description": "servingInfo describes how to start serving the etcd master", + "spec": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ServingInfo" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConsoleSpec" }, - "storageDirectory": { - "description": "StorageDir is the path to the etcd storage directory", - "type": "string", - "default": "" + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConsoleStatus" } } }, - "com.github.openshift.api.legacyconfig.v1.EtcdConnectionInfo": { - "description": "EtcdConnectionInfo holds information necessary for connecting to an etcd server", + "com.github.openshift.api.operator.v1.ConsoleConfigRoute": { + "description": "ConsoleConfigRoute holds information on external route access to console. DEPRECATED", "type": "object", "required": [ - "urls", - "ca", - "certFile", - "keyFile" + "hostname" ], "properties": { - "ca": { - "description": "ca is a file containing trusted roots for the etcd server certificates", - "type": "string", - "default": "" - }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" - }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "hostname": { + "description": "hostname is the desired custom domain under which console will be available.", "type": "string", "default": "" }, - "urls": { - "description": "urls are the URLs for etcd", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "secret": { + "description": "secret points to secret in the openshift-config namespace that contains custom certificate and key and needs to be created manually by the cluster admin. Referenced Secret is required to contain following key value pairs: - \"tls.crt\" - to specifies custom certificate - \"tls.key\" - to specifies private key of the custom certificate If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" } } }, - "com.github.openshift.api.legacyconfig.v1.EtcdStorageConfig": { - "description": "EtcdStorageConfig holds the necessary configuration options for the etcd storage underlying OpenShift and Kubernetes", + "com.github.openshift.api.operator.v1.ConsoleCustomization": { + "description": "ConsoleCustomization defines a list of optional configuration for the console UI. Ensure that Logos and CustomLogoFile cannot be set at the same time.", "type": "object", - "required": [ - "kubernetesStorageVersion", - "kubernetesStoragePrefix", - "openShiftStorageVersion", - "openShiftStoragePrefix" - ], "properties": { - "kubernetesStoragePrefix": { - "description": "kubernetesStoragePrefix is the path within etcd that the Kubernetes resources will be rooted under. This value, if changed, will mean existing objects in etcd will no longer be located. The default value is 'kubernetes.io'.", - "type": "string", - "default": "" - }, - "kubernetesStorageVersion": { - "description": "kubernetesStorageVersion is the API version that Kube resources in etcd should be serialized to. This value should *not* be advanced until all clients in the cluster that read from etcd have code that allows them to read the new version.", - "type": "string", - "default": "" - }, - "openShiftStoragePrefix": { - "description": "openShiftStoragePrefix is the path within etcd that the OpenShift resources will be rooted under. This value, if changed, will mean existing objects in etcd will no longer be located. The default value is 'openshift.io'.", - "type": "string", - "default": "" + "addPage": { + "description": "addPage allows customizing actions on the Add page in developer perspective.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AddPage" }, - "openShiftStorageVersion": { - "description": "openShiftStorageVersion is the API version that OS resources in etcd should be serialized to. This value should *not* be advanced until all clients in the cluster that read from etcd have code that allows them to read the new version.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.legacyconfig.v1.GitHubIdentityProvider": { - "description": "GitHubIdentityProvider provides identities for users authenticating using GitHub credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "type": "object", - "required": [ - "clientID", - "clientSecret", - "organizations", - "teams", - "hostname", - "ca" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "brand": { + "description": "brand is the default branding of the web console which can be overridden by providing the brand field. There is a limited set of specific brand options. This field controls elements of the console such as the logo. Invalid value will prevent a console rollout.", "type": "string" }, - "ca": { - "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server. If empty, the default system roots are used. This can only be configured when hostname is set to a non-empty value.", - "type": "string", - "default": "" + "capabilities": { + "description": "capabilities defines an array of capabilities that can be interacted with in the console UI. Each capability defines a visual state that can be interacted with the console to render in the UI. Available capabilities are LightspeedButton, GettingStartedBanner, and GuidedTour. Each of the available capabilities may appear only once in the list.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Capability" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "clientID": { - "description": "clientID is the oauth client ID", - "type": "string", - "default": "" + "customLogoFile": { + "description": "customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a Only one of customLogoFile or logos can be set at a time. ConfigMap in the openshift-config namespace. This can be created with a command like 'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'. Image size must be less than 1 MB due to constraints on the ConfigMap size. The ConfigMap key should include a file extension so that the console serves the file with the correct MIME type. The recommended file format for the logo is SVG, but other file formats are allowed if supported by the browser. Deprecated: Use logos instead.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapFileReference" }, - "clientSecret": { - "description": "clientSecret is the oauth client secret", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.StringSource" + "customProductName": { + "description": "customProductName is the name that will be displayed in page titles, logo alt text, and the about dialog instead of the normal OpenShift product name.", + "type": "string" }, - "hostname": { - "description": "hostname is the optional domain (e.g. \"mycompany.com\") for use with a hosted instance of GitHub Enterprise. It must match the GitHub Enterprise settings value that is configured at /setup/settings#hostname.", - "type": "string", - "default": "" + "developerCatalog": { + "description": "developerCatalog allows to configure the shown developer catalog categories (filters) and types (sub-catalogs).", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCustomization" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "documentationBaseURL": { + "description": "documentationBaseURL links to external documentation are shown in various sections of the web console. Providing documentationBaseURL will override the default documentation URL. Invalid value will prevent a console rollout.", "type": "string" }, - "organizations": { - "description": "organizations optionally restricts which organizations are allowed to log in", + "logos": { + "description": "logos is used to replace the OpenShift Masthead and Favicon logos in the console UI with custom logos. logos is an optional field that allows a list of logos. Only one of logos or customLogoFile can be set at a time. If logos is set, customLogoFile must be unset. When specified, there must be at least one entry and no more than 2 entries. Each type must appear only once in the list.", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Logo" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "teams": { - "description": "teams optionally restricts which teams are allowed to log in. Format is /.", + "perspectives": { + "description": "perspectives allows enabling/disabling of perspective(s) that user can see in the Perspective switcher dropdown.", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Perspective" + }, + "x-kubernetes-list-map-keys": [ + "id" + ], + "x-kubernetes-list-type": "map" + }, + "projectAccess": { + "description": "projectAccess allows customizing the available list of ClusterRoles in the Developer perspective Project access page which can be used by a project admin to specify roles to other users and restrict access within the project. If set, the list will replace the default ClusterRole options.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ProjectAccess" + }, + "quickStarts": { + "description": "quickStarts allows customization of available ConsoleQuickStart resources in console.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.QuickStarts" } } }, - "com.github.openshift.api.legacyconfig.v1.GitLabIdentityProvider": { - "description": "GitLabIdentityProvider provides identities for users authenticating using GitLab credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.operator.v1.ConsoleList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "ca", - "url", - "clientID", - "clientSecret" + "metadata", + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "ca": { - "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", - "type": "string", - "default": "" - }, - "clientID": { - "description": "clientID is the oauth client ID", - "type": "string", - "default": "" - }, - "clientSecret": { - "description": "clientSecret is the oauth client secret", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.StringSource" + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Console" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "legacy": { - "description": "legacy determines if OAuth2 or OIDC should be used If true, OAuth2 is used If false, OIDC is used If nil and the URL's host is gitlab.com, OIDC is used Otherwise, OAuth2 is used In a future release, nil will default to using OIDC Eventually this flag will be removed and only OIDC will be used", - "type": "boolean" - }, - "url": { - "description": "url is the oauth server base URL", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.legacyconfig.v1.GoogleIdentityProvider": { - "description": "GoogleIdentityProvider provides identities for users authenticating using Google credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.operator.v1.ConsoleProviders": { + "description": "ConsoleProviders defines a list of optional additional providers of functionality to the console.", "type": "object", - "required": [ - "clientID", - "clientSecret", - "hostedDomain" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "clientID": { - "description": "clientID is the oauth client ID", - "type": "string", - "default": "" - }, - "clientSecret": { - "description": "clientSecret is the oauth client secret", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.StringSource" - }, - "hostedDomain": { - "description": "hostedDomain is the optional Google App domain (e.g. \"mycompany.com\") to restrict logins to", - "type": "string", - "default": "" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "statuspage": { + "description": "statuspage contains ID for statuspage.io page that provides status info about.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.StatuspageProvider" } } }, - "com.github.openshift.api.legacyconfig.v1.GrantConfig": { - "description": "GrantConfig holds the necessary configuration options for grant handlers", + "com.github.openshift.api.operator.v1.ConsoleSpec": { + "description": "ConsoleSpec is the specification of the desired behavior of the Console.", "type": "object", "required": [ - "method", - "serviceAccountMethod" + "managementState", + "providers" ], "properties": { - "method": { - "description": "method determines the default strategy to use when an OAuth client requests a grant. This method will be used only if the specific OAuth client doesn't provide a strategy of their own. Valid grant handling methods are:\n - auto: always approves grant requests, useful for trusted clients\n - prompt: prompts the end user for approval of grant requests, useful for third-party clients\n - deny: always denies grant requests, useful for black-listed clients", - "type": "string", - "default": "" + "customization": { + "description": "customization is used to optionally provide a small set of customization options to the web console.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConsoleCustomization" }, - "serviceAccountMethod": { - "description": "serviceAccountMethod is used for determining client authorization for service account oauth client. It must be either: deny, prompt", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.legacyconfig.v1.GroupResource": { - "description": "GroupResource points to a resource by its name and API group.", - "type": "object", - "required": [ - "group", - "resource" - ], - "properties": { - "group": { - "description": "group is the name of an API group", - "type": "string", - "default": "" + "ingress": { + "description": "ingress allows to configure the alternative ingress for the console. This field is intended for clusters without ingress capability, where access to routes is not possible.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Ingress" }, - "resource": { - "description": "resource is the name of a resource.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.legacyconfig.v1.HTPasswdPasswordIdentityProvider": { - "description": "HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "type": "object", - "required": [ - "file" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "file": { - "description": "file is a reference to your htpasswd file", - "type": "string", - "default": "" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - } - } - }, - "com.github.openshift.api.legacyconfig.v1.HTTPServingInfo": { - "description": "HTTPServingInfo holds configuration for serving HTTP", - "type": "object", - "required": [ - "bindAddress", - "bindNetwork", - "certFile", - "keyFile", - "clientCA", - "namedCertificates", - "maxRequestsInFlight", - "requestTimeoutSeconds" - ], - "properties": { - "bindAddress": { - "description": "bindAddress is the ip:port to serve on", + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", "default": "" }, - "bindNetwork": { - "description": "bindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", - "type": "string", - "default": "" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" }, - "cipherSuites": { - "description": "cipherSuites contains an overridden list of ciphers for the server to support. Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants", + "plugins": { + "description": "plugins defines a list of enabled console plugin names.", "type": "array", "items": { "type": "string", "default": "" } }, - "clientCA": { - "description": "clientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates", - "type": "string", - "default": "" - }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - "type": "string", - "default": "" + "providers": { + "description": "providers contains configuration for using specific service providers.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConsoleProviders" }, - "maxRequestsInFlight": { - "description": "maxRequestsInFlight is the number of concurrent requests allowed to the server. If zero, no limit.", - "type": "integer", - "format": "int32", - "default": 0 + "route": { + "description": "route contains hostname and secret reference that contains the serving certificate. If a custom route is specified, a new route will be created with the provided hostname, under which console will be available. In case of custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed. In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. The default console route will be maintained to reserve the default hostname for console if the custom route is removed. If not specified, default route will be used. DEPRECATED", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConsoleConfigRoute" }, - "minTLSVersion": { - "description": "minTLSVersion is the minimum TLS version supported. Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants", - "type": "string" + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + } + } + }, + "com.github.openshift.api.operator.v1.ConsoleStatus": { + "description": "ConsoleStatus defines the observed status of the Console.", + "type": "object", + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "namedCertificates": { - "description": "namedCertificates is a list of certificates to use to secure requests to specific hostnames", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.NamedCertificate" - } + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "requestTimeoutSeconds": { - "description": "requestTimeoutSeconds is the number of seconds before requests are timed out. The default is 60 minutes, if -1 there is no limit on requests.", + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", "type": "integer", "format": "int32", "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } } }, - "com.github.openshift.api.legacyconfig.v1.IdentityProvider": { - "description": "IdentityProvider provides identities for users authenticating using credentials", + "com.github.openshift.api.operator.v1.ContainerLoggingDestinationParameters": { + "description": "ContainerLoggingDestinationParameters describes parameters for the Container logging destination type.", "type": "object", - "required": [ - "name", - "challenge", - "login", - "mappingMethod", - "provider" - ], "properties": { - "challenge": { - "description": "UseAsChallenger indicates whether to issue WWW-Authenticate challenges for this provider", - "type": "boolean", - "default": false + "maxLength": { + "description": "maxLength is the maximum length of the log message.\n\nValid values are integers in the range 480 to 8192, inclusive.\n\nWhen omitted, the default value is 1024.", + "type": "integer", + "format": "int32" + } + } + }, + "com.github.openshift.api.operator.v1.DNS": { + "description": "DNS manages the CoreDNS component to provide a name resolution service for pods and services in the cluster.\n\nThis supports the DNS-based service discovery specification: https://github.com/kubernetes/dns/blob/master/docs/specification.md\n\nMore details: https://kubernetes.io/docs/tasks/administer-cluster/coredns\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "login": { - "description": "UseAsLogin indicates whether to use this identity provider for unauthenticated browsers to login against", - "type": "boolean", - "default": false + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "mappingMethod": { - "description": "mappingMethod determines how identities from this provider are mapped to users", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "name": { - "description": "name is used to qualify the identities returned by this provider", - "type": "string", - "default": "" + "spec": { + "description": "spec is the specification of the desired behavior of the DNS.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSSpec" }, - "provider": { - "description": "provider contains the information about how to set up a specific identity provider", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "status": { + "description": "status is the most recently observed status of the DNS.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSStatus" } } }, - "com.github.openshift.api.legacyconfig.v1.ImageConfig": { - "description": "ImageConfig holds the necessary configuration options for building image names for system components", + "com.github.openshift.api.operator.v1.DNSCache": { + "description": "DNSCache defines the fields for configuring DNS caching.", "type": "object", - "required": [ - "format", - "latest" - ], "properties": { - "format": { - "description": "format is the format of the name to be built for the system component", - "type": "string", - "default": "" + "negativeTTL": { + "description": "negativeTTL is optional and specifies the amount of time that a negative response should be cached.\n\nIf configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"100s\", \"1m30s\", \"12h30m10s\". Values that are fractions of a second are rounded down to the nearest second. If the configured value is less than 1s, the default value will be used. If not configured, the value will be 0s and OpenShift will use a default value of 30 seconds unless noted otherwise in the respective Corefile for your version of OpenShift. The default value of 30 seconds is subject to change.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" }, - "latest": { - "description": "latest determines if the latest tag will be pulled from the registry", - "type": "boolean", - "default": false + "positiveTTL": { + "description": "positiveTTL is optional and specifies the amount of time that a positive response should be cached.\n\nIf configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"100s\", \"1m30s\", \"12h30m10s\". Values that are fractions of a second are rounded down to the nearest second. If the configured value is less than 1s, the default value will be used. If not configured, the value will be 0s and OpenShift will use a default value of 900 seconds unless noted otherwise in the respective Corefile for your version of OpenShift. The default value of 900 seconds is subject to change.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" } } }, - "com.github.openshift.api.legacyconfig.v1.ImagePolicyConfig": { - "description": "ImagePolicyConfig holds the necessary configuration options for limits and behavior for importing images", + "com.github.openshift.api.operator.v1.DNSList": { + "description": "DNSList contains a list of DNS\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "maxImagesBulkImportedPerRepository", - "disableScheduledImport", - "scheduledImageImportMinimumIntervalSeconds", - "maxScheduledImageImportsPerMinute" + "items" ], "properties": { - "additionalTrustedCA": { - "description": "additionalTrustedCA is a path to a pem bundle file containing additional CAs that should be trusted during imagestream import.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "allowedRegistriesForImport": { - "description": "allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions.", + "items": { "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.RegistryLocation" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNS" } }, - "disableScheduledImport": { - "description": "disableScheduledImport allows scheduled background import of images to be disabled.", - "type": "boolean", - "default": false - }, - "externalRegistryHostname": { - "description": "externalRegistryHostname sets the hostname for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", - "type": "string" - }, - "internalRegistryHostname": { - "description": "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "maxImagesBulkImportedPerRepository": { - "description": "maxImagesBulkImportedPerRepository controls the number of images that are imported when a user does a bulk import of a container repository. This number defaults to 50 to prevent users from importing large numbers of images accidentally. Set -1 for no limit.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "maxScheduledImageImportsPerMinute": { - "description": "maxScheduledImageImportsPerMinute is the maximum number of scheduled image streams that will be imported in the background per minute. The default value is 60. Set to -1 for unlimited.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "scheduledImageImportMinimumIntervalSeconds": { - "description": "scheduledImageImportMinimumIntervalSeconds is the minimum number of seconds that can elapse between when image streams scheduled for background import are checked against the upstream repository. The default value is 15 minutes.", - "type": "integer", - "format": "int32", - "default": 0 + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.legacyconfig.v1.JenkinsPipelineConfig": { - "description": "JenkinsPipelineConfig holds configuration for the Jenkins pipeline strategy", + "com.github.openshift.api.operator.v1.DNSNodePlacement": { + "description": "DNSNodePlacement describes the node scheduling configuration for DNS pods.", "type": "object", - "required": [ - "autoProvisionEnabled", - "templateNamespace", - "templateName", - "serviceName", - "parameters" - ], "properties": { - "autoProvisionEnabled": { - "description": "autoProvisionEnabled determines whether a Jenkins server will be spawned from the provided template when the first build config in the project with type JenkinsPipeline is created. When not specified this option defaults to true.", - "type": "boolean" - }, - "parameters": { - "description": "parameters specifies a set of optional parameters to the Jenkins template.", + "nodeSelector": { + "description": "nodeSelector is the node selector applied to DNS pods.\n\nIf empty, the default is used, which is currently the following:\n\n kubernetes.io/os: linux\n\nThis default is subject to change.\n\nIf set, the specified selector is used and replaces the default.", "type": "object", "additionalProperties": { "type": "string", "default": "" } }, - "serviceName": { - "description": "serviceName is the name of the Jenkins service OpenShift uses to detect whether a Jenkins pipeline handler has already been installed in a project. This value *must* match a service name in the provided template.", - "type": "string", - "default": "" - }, - "templateName": { - "description": "templateName is the name of the default Jenkins template", - "type": "string", - "default": "" - }, - "templateNamespace": { - "description": "templateNamespace contains the namespace name where the Jenkins template is stored", - "type": "string", - "default": "" + "tolerations": { + "description": "tolerations is a list of tolerations applied to DNS pods.\n\nIf empty, the DNS operator sets a toleration for the \"node-role.kubernetes.io/master\" taint. This default is subject to change. Specifying tolerations without including a toleration for the \"node-role.kubernetes.io/master\" taint may be risky as it could lead to an outage if all worker nodes become unavailable.\n\nNote that the daemon controller adds some tolerations as well. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" + } } } }, - "com.github.openshift.api.legacyconfig.v1.KeystonePasswordIdentityProvider": { - "description": "KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.operator.v1.DNSOverTLSConfig": { + "description": "DNSOverTLSConfig describes optional DNSTransportConfig fields that should be captured.", "type": "object", "required": [ - "url", - "ca", - "certFile", - "keyFile", - "domainName", - "useKeystoneIdentity" + "serverName" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "caBundle": { + "description": "caBundle references a ConfigMap that must contain either a single CA Certificate or a CA Bundle. This allows cluster administrators to provide their own CA or CA bundle for validating the certificate of upstream resolvers.\n\n1. The configmap must contain a `ca-bundle.crt` key. 2. The value must be a PEM encoded CA certificate or CA bundle. 3. The administrator must create this configmap in the openshift-config namespace. 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "ca": { - "description": "ca is the CA for verifying TLS connections", + "serverName": { + "description": "serverName is the upstream server to connect to when forwarding DNS queries. This is required when Transport is set to \"TLS\". ServerName will be validated against the DNS naming conventions in RFC 1123 and should match the TLS certificate installed in the upstream resolver(s).", "type": "string", "default": "" + } + } + }, + "com.github.openshift.api.operator.v1.DNSSpec": { + "description": "DNSSpec is the specification of the desired behavior of the DNS.", + "type": "object", + "properties": { + "cache": { + "description": "cache describes the caching configuration that applies to all server blocks listed in the Corefile. This field allows a cluster admin to optionally configure: * positiveTTL which is a duration for which positive responses should be cached. * negativeTTL which is a duration for which negative responses should be cached. If this is not configured, OpenShift will configure positive and negative caching with a default value that is subject to change. At the time of writing, the default positiveTTL is 900 seconds and the default negativeTTL is 30 seconds or as noted in the respective Corefile for your version of OpenShift.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSCache" }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" + "logLevel": { + "description": "logLevel describes the desired logging verbosity for CoreDNS. Any one of the following values may be specified: * Normal logs errors from upstream resolvers. * Debug logs errors, NXDOMAIN responses, and NODATA responses. * Trace logs errors and all responses.\n Setting logLevel: Trace will produce extremely verbose logs.\nValid values are: \"Normal\", \"Debug\", \"Trace\". Defaults to \"Normal\".", + "type": "string" }, - "domainName": { - "description": "Domain Name is required for keystone v3", - "type": "string", - "default": "" + "managementState": { + "description": "managementState indicates whether the DNS operator should manage cluster DNS", + "type": "string" }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - "type": "string", - "default": "" + "nodePlacement": { + "description": "nodePlacement provides explicit control over the scheduling of DNS pods.\n\nGenerally, it is useful to run a DNS pod on every node so that DNS queries are always handled by a local DNS pod instead of going over the network to a DNS pod on another node. However, security policies may require restricting the placement of DNS pods to specific nodes. For example, if a security policy prohibits pods on arbitrary nodes from communicating with the API, a node selector can be specified to restrict DNS pods to nodes that are permitted to communicate with the API. Conversely, if running DNS pods on nodes with a particular taint is desired, a toleration can be specified for that taint.\n\nIf unset, defaults are used. See nodePlacement for more details.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSNodePlacement" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "operatorLogLevel": { + "description": "operatorLogLevel controls the logging level of the DNS Operator. Valid values are: \"Normal\", \"Debug\", \"Trace\". Defaults to \"Normal\". setting operatorLogLevel: Trace will produce extremely verbose logs.", "type": "string" }, - "url": { - "description": "url is the remote URL to connect to", - "type": "string", - "default": "" + "servers": { + "description": "servers is a list of DNS resolvers that provide name query delegation for one or more subdomains outside the scope of the cluster domain. If servers consists of more than one Server, longest suffix match will be used to determine the Server.\n\nFor example, if there are two Servers, one for \"foo.com\" and another for \"a.foo.com\", and the name query is for \"www.a.foo.com\", it will be routed to the Server with Zone \"a.foo.com\".\n\nIf this field is nil, no servers are created.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Server" + } }, - "useKeystoneIdentity": { - "description": "useKeystoneIdentity flag indicates that user should be authenticated by keystone ID, not by username", - "type": "boolean", - "default": false + "upstreamResolvers": { + "description": "upstreamResolvers defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers for the case of the default (\".\") server\n\nIf this field is not specified, the upstream used will default to /etc/resolv.conf, with policy \"sequential\"", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.UpstreamResolvers" } } }, - "com.github.openshift.api.legacyconfig.v1.KubeletConnectionInfo": { - "description": "KubeletConnectionInfo holds information necessary for connecting to a kubelet", + "com.github.openshift.api.operator.v1.DNSStatus": { + "description": "DNSStatus defines the observed status of the DNS.", "type": "object", "required": [ - "port", - "ca", - "certFile", - "keyFile" + "clusterIP", + "clusterDomain" ], "properties": { - "ca": { - "description": "ca is the CA for verifying TLS connections to kubelets", - "type": "string", - "default": "" - }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", + "clusterDomain": { + "description": "clusterDomain is the local cluster DNS domain suffix for DNS services. This will be a subdomain as defined in RFC 1034, section 3.5: https://tools.ietf.org/html/rfc1034#section-3.5 Example: \"cluster.local\"\n\nMore info: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service", "type": "string", "default": "" }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "clusterIP": { + "description": "clusterIP is the service IP through which this DNS is made available.\n\nIn the case of the default DNS, this will be a well known IP that is used as the default nameserver for pods that are using the default ClusterFirst DNS policy.\n\nIn general, this IP can be specified in a pod's spec.dnsConfig.nameservers list or used explicitly when performing name resolution from within the cluster. Example: dig foo.com @\n\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", "type": "string", "default": "" }, - "port": { - "description": "port is the port to connect to kubelets on", - "type": "integer", - "format": "int32", - "default": 0 + "conditions": { + "description": "conditions provide information about the state of the DNS on the cluster.\n\nThese are the supported DNS conditions:\n\n * Available\n - True if the following conditions are met:\n * DNS controller daemonset is available.\n - False if any of those conditions are unsatisfied.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" } } }, - "com.github.openshift.api.legacyconfig.v1.KubernetesMasterConfig": { - "description": "KubernetesMasterConfig holds the necessary configuration options for the Kubernetes master", + "com.github.openshift.api.operator.v1.DNSTransportConfig": { + "description": "DNSTransportConfig groups related configuration parameters used for configuring forwarding to upstream resolvers that support DNS-over-TLS.", "type": "object", - "required": [ - "apiLevels", - "disabledAPIGroupVersions", - "masterIP", - "masterEndpointReconcileTTL", - "servicesSubnet", - "servicesNodePortRange", - "schedulerConfigFile", - "podEvictionTimeout", - "proxyClientInfo", - "apiServerArguments", - "controllerArguments", - "schedulerArguments" - ], "properties": { - "apiLevels": { - "description": "apiLevels is a list of API levels that should be enabled on startup: v1 as examples", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "apiServerArguments": { - "description": "apiServerArguments are key value pairs that will be passed directly to the Kube apiserver that match the apiservers's command line arguments. These are not migrated, but if you reference a value that does not exist the server will not start. These values may override other settings in KubernetesMasterConfig which may cause invalid configurations.", - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string", - "default": "" - } - } - }, - "controllerArguments": { - "description": "controllerArguments are key value pairs that will be passed directly to the Kube controller manager that match the controller manager's command line arguments. These are not migrated, but if you reference a value that does not exist the server will not start. These values may override other settings in KubernetesMasterConfig which may cause invalid configurations.", - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string", - "default": "" - } - } + "tls": { + "description": "tls contains the additional configuration options to use when Transport is set to \"TLS\".", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSOverTLSConfig" }, - "disabledAPIGroupVersions": { - "description": "disabledAPIGroupVersions is a map of groups to the versions (or *) that should be disabled.", - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string", - "default": "" - } + "transport": { + "description": "transport allows cluster administrators to opt-in to using a DNS-over-TLS connection between cluster DNS and an upstream resolver(s). Configuring TLS as the transport at this level without configuring a CABundle will result in the system certificates being used to verify the serving certificate of the upstream resolver(s).\n\nPossible values: \"\" (empty) - This means no explicit choice has been made and the platform chooses the default which is subject to change over time. The current default is \"Cleartext\". \"Cleartext\" - Cluster admin specified cleartext option. This results in the same functionality as an empty value but may be useful when a cluster admin wants to be more explicit about the transport, or wants to switch from \"TLS\" to \"Cleartext\" explicitly. \"TLS\" - This indicates that DNS queries should be sent over a TLS connection. If Transport is set to TLS, you MUST also set ServerName. If a port is not included with the upstream IP, port 853 will be tried by default per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1.", + "type": "string" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "transport", + "fields-to-discriminateBy": { + "tls": "TLS" } + } + ] + }, + "com.github.openshift.api.operator.v1.DefaultNetworkDefinition": { + "description": "DefaultNetworkDefinition represents a single network plugin's configuration. type must be specified, along with exactly one \"Config\" that matches the type.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "openshiftSDNConfig": { + "description": "openshiftSDNConfig was previously used to configure the openshift-sdn plugin. DEPRECATED: OpenShift SDN is no longer supported.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftSDNConfig" }, - "masterEndpointReconcileTTL": { - "description": "masterEndpointReconcileTTL sets the time to live in seconds of an endpoint record recorded by each master. The endpoints are checked at an interval that is 2/3 of this value and this value defaults to 15s if unset. In very large clusters, this value may be increased to reduce the possibility that the master endpoint record expires (due to other load on the etcd server) and causes masters to drop in and out of the kubernetes service record. It is not recommended to set this value below 15s.", - "type": "integer", - "format": "int32", - "default": 0 + "ovnKubernetesConfig": { + "description": "ovnKubernetesConfig configures the ovn-kubernetes plugin.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OVNKubernetesConfig" }, - "masterIP": { - "description": "masterIP is the public IP address of kubernetes stuff. If empty, the first result from net.InterfaceAddrs will be used.", + "type": { + "description": "type is the type of network All NetworkTypes are supported except for NetworkTypeRaw", "type": "string", "default": "" - }, - "podEvictionTimeout": { - "description": "podEvictionTimeout controls grace period for deleting pods on failed nodes. It takes valid time duration string. If empty, you get the default pod eviction timeout.", + } + } + }, + "com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategory": { + "description": "DeveloperConsoleCatalogCategory for the developer console catalog.", + "type": "object", + "required": [ + "id", + "label" + ], + "properties": { + "id": { + "description": "id is an identifier used in the URL to enable deep linking in console. ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters.", "type": "string", "default": "" }, - "proxyClientInfo": { - "description": "proxyClientInfo specifies the client cert/key to use when proxying to pods", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.CertInfo" - }, - "schedulerArguments": { - "description": "schedulerArguments are key value pairs that will be passed directly to the Kube scheduler that match the scheduler's command line arguments. These are not migrated, but if you reference a value that does not exist the server will not start. These values may override other settings in KubernetesMasterConfig which may cause invalid configurations.", - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string", - "default": "" - } - } - }, - "schedulerConfigFile": { - "description": "schedulerConfigFile points to a file that describes how to set up the scheduler. If empty, you get the default scheduling rules.", + "label": { + "description": "label defines a category display label. It is required and must have 1-64 characters.", "type": "string", "default": "" }, - "servicesNodePortRange": { - "description": "servicesNodePortRange is the range to use for assigning service public ports on a host.", - "type": "string", - "default": "" + "subcategories": { + "description": "subcategories defines a list of child categories.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategoryMeta" + } }, - "servicesSubnet": { - "description": "servicesSubnet is the subnet to use for assigning service IPs", - "type": "string", - "default": "" + "tags": { + "description": "tags is a list of strings that will match the category. A selected category show all items which has at least one overlapping tag between category and item.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.legacyconfig.v1.LDAPAttributeMapping": { - "description": "LDAPAttributeMapping maps LDAP attributes to OpenShift identity fields", + "com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategoryMeta": { + "description": "DeveloperConsoleCatalogCategoryMeta are the key identifiers of a developer catalog category.", "type": "object", "required": [ "id", - "preferredUsername", - "name", - "email" + "label" ], "properties": { - "email": { - "description": "email is the list of attributes whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", + "id": { + "description": "id is an identifier used in the URL to enable deep linking in console. ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters.", + "type": "string", + "default": "" + }, + "label": { + "description": "label defines a category display label. It is required and must have 1-64 characters.", + "type": "string", + "default": "" + }, + "tags": { + "description": "tags is a list of strings that will match the category. A selected category show all items which has at least one overlapping tag between category and item.", "type": "array", "items": { "type": "string", "default": "" } - }, - "id": { - "description": "id is the list of attributes whose values should be used as the user ID. Required. LDAP standard identity attribute is \"dn\"", + } + } + }, + "com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCustomization": { + "description": "DeveloperConsoleCatalogCustomization allow cluster admin to configure developer catalog.", + "type": "object", + "properties": { + "categories": { + "description": "categories which are shown in the developer catalog.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategory" } }, - "name": { - "description": "name is the list of attributes whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity LDAP standard display name attribute is \"cn\"", + "types": { + "description": "types allows enabling or disabling of sub-catalog types that user can see in the Developer catalog. When omitted, all the sub-catalog types will be shown.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DeveloperConsoleCatalogTypes" + } + } + }, + "com.github.openshift.api.operator.v1.DeveloperConsoleCatalogTypes": { + "description": "DeveloperConsoleCatalogTypes defines the state of the sub-catalog types.", + "type": "object", + "required": [ + "state" + ], + "properties": { + "disabled": { + "description": "disabled is a list of developer catalog types (sub-catalogs IDs) that are not shown to users. Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available in the console on the cluster configuration page, or when editing the YAML in the console. Example: \"Devfile\", \"HelmChart\", \"BuilderImage\" If the list is empty or all the available sub-catalog types are added, then the complete developer catalog should be hidden.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "set" }, - "preferredUsername": { - "description": "preferredUsername is the list of attributes whose values should be used as the preferred username. LDAP standard login attribute is \"uid\"", + "enabled": { + "description": "enabled is a list of developer catalog types (sub-catalogs IDs) that will be shown to users. Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available in the console on the cluster configuration page, or when editing the YAML in the console. Example: \"Devfile\", \"HelmChart\", \"BuilderImage\" If the list is non-empty, a new type will not be shown to the user until it is added to list. If the list is empty the complete developer catalog will be shown.", "type": "array", "items": { "type": "string", "default": "" + }, + "x-kubernetes-list-type": "set" + }, + "state": { + "description": "state defines if a list of catalog types should be enabled or disabled.", + "type": "string", + "default": "Enabled" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "state", + "fields-to-discriminateBy": { + "disabled": "Disabled", + "enabled": "Enabled" } } + ] + }, + "com.github.openshift.api.operator.v1.EgressIPConfig": { + "description": "EgressIPConfig defines the configuration knobs for egressip", + "type": "object", + "properties": { + "reachabilityTotalTimeoutSeconds": { + "description": "reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. If the EgressIP node cannot be reached within this timeout, the node is declared down. Setting a large value may cause the EgressIP feature to react slowly to node changes. In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 1 second. A value of 0 disables the EgressIP node's reachability check.", + "type": "integer", + "format": "int64" + } } }, - "com.github.openshift.api.legacyconfig.v1.LDAPPasswordIdentityProvider": { - "description": "LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.operator.v1.EndpointPublishingStrategy": { + "description": "EndpointPublishingStrategy is a way to publish the endpoints of an IngressController, and represents the type and any additional configuration for a specific type.", "type": "object", "required": [ - "url", - "bindDN", - "bindPassword", - "insecure", - "ca", - "attributes" + "type" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "hostNetwork": { + "description": "hostNetwork holds parameters for the HostNetwork endpoint publishing strategy. Present only if type is HostNetwork.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.HostNetworkStrategy" }, - "attributes": { - "description": "attributes maps LDAP attributes to identities", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LDAPAttributeMapping" + "loadBalancer": { + "description": "loadBalancer holds parameters for the load balancer. Present only if type is LoadBalancerService.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.LoadBalancerStrategy" }, - "bindDN": { - "description": "bindDN is an optional DN to bind with during the search phase.", - "type": "string", - "default": "" + "nodePort": { + "description": "nodePort holds parameters for the NodePortService endpoint publishing strategy. Present only if type is NodePortService.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodePortStrategy" }, - "bindPassword": { - "description": "bindPassword is an optional password to bind with during the search phase.", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.StringSource" + "private": { + "description": "private holds parameters for the Private endpoint publishing strategy. Present only if type is Private.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.PrivateStrategy" }, - "ca": { - "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", + "type": { + "description": "type is the publishing strategy to use. Valid values are:\n\n* LoadBalancerService\n\nPublishes the ingress controller using a Kubernetes LoadBalancer Service.\n\nIn this configuration, the ingress controller deployment uses container networking. A LoadBalancer Service is created to publish the deployment.\n\nSee: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer\n\nIf domain is set, a wildcard DNS record will be managed to point at the LoadBalancer Service's external name. DNS records are managed only in DNS zones defined by dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone.\n\nWildcard DNS management is currently supported only on the AWS, Azure, and GCP platforms.\n\n* HostNetwork\n\nPublishes the ingress controller on node ports where the ingress controller is deployed.\n\nIn this configuration, the ingress controller deployment uses host networking, bound to node ports 80 and 443. The user is responsible for configuring an external load balancer to publish the ingress controller via the node ports.\n\n* Private\n\nDoes not publish the ingress controller.\n\nIn this configuration, the ingress controller deployment uses container networking, and is not explicitly published. The user must manually publish the ingress controller.\n\n* NodePortService\n\nPublishes the ingress controller using a Kubernetes NodePort Service.\n\nIn this configuration, the ingress controller deployment uses container networking. A NodePort Service is created to publish the deployment. The specific node ports are dynamically allocated by OpenShift; however, to support static port allocations, user changes to the node port field of the managed NodePort Service will preserved.", "type": "string", "default": "" - }, - "insecure": { - "description": "Insecure, if true, indicates the connection should not use TLS. Cannot be set to true with a URL scheme of \"ldaps://\" If false, \"ldaps://\" URLs connect using TLS, and \"ldap://\" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830", - "type": "boolean", - "default": false + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "hostNetwork": "HostNetwork", + "loadBalancer": "LoadBalancer", + "nodePort": "NodePort", + "private": "Private" + } + } + ] + }, + "com.github.openshift.api.operator.v1.Etcd": { + "description": "Etcd provides information to configure an operator to manage etcd.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "metadata", + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "url": { - "description": "url is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is\n ldap://host:port/basedn?attribute?scope?filter", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.EtcdSpec" + }, + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.EtcdStatus" } } }, - "com.github.openshift.api.legacyconfig.v1.LDAPQuery": { - "description": "LDAPQuery holds the options necessary to build an LDAP query", + "com.github.openshift.api.operator.v1.EtcdList": { + "description": "KubeAPISOperatorConfigList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "baseDN", - "scope", - "derefAliases", - "timeout", - "filter", - "pageSize" + "metadata", + "items" ], "properties": { - "baseDN": { - "description": "The DN of the branch of the directory where all searches should start from", - "type": "string", - "default": "" - }, - "derefAliases": { - "description": "The (optional) behavior of the search with regards to alisases. Can be: never: never dereference aliases, search: only dereference in searching, base: only dereference in finding the base object, always: always dereference Defaults to always dereferencing if not set", - "type": "string", - "default": "" - }, - "filter": { - "description": "filter is a valid LDAP search filter that retrieves all relevant entries from the LDAP server with the base DN", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "pageSize": { - "description": "pageSize is the maximum preferred page size, measured in LDAP entries. A page size of 0 means no paging will be done.", - "type": "integer", - "format": "int32", - "default": 0 + "items": { + "description": "items contains the items", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Etcd" + } }, - "scope": { - "description": "The (optional) scope of the search. Can be: base: only the base object, one: all object on the base level, sub: the entire subtree Defaults to the entire subtree if not set", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "timeout": { - "description": "TimeLimit holds the limit of time in seconds that any request to the server can remain outstanding before the wait for a response is given up. If this is 0, no client-side limit is imposed", - "type": "integer", - "format": "int32", - "default": 0 + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.legacyconfig.v1.LDAPSyncConfig": { - "description": "LDAPSyncConfig holds the necessary configuration options to define an LDAP group sync\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.operator.v1.EtcdSpec": { "type": "object", "required": [ - "url", - "bindDN", - "bindPassword", - "insecure", - "ca", - "groupUIDNameMapping" + "managementState", + "forceRedeploymentReason" ], "properties": { - "activeDirectory": { - "description": "ActiveDirectoryConfig holds the configuration for extracting data from an LDAP server set up in a fashion similar to that used in Active Directory: first-class user entries, with group membership determined by a multi-valued attribute on members listing groups they are a member of", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ActiveDirectoryConfig" + "backendQuotaGiB": { + "description": "backendQuotaGiB sets the etcd backend storage size limit in gibibytes. The value should be an integer not less than 8 and not more than 32. When not specified, the default value is 8.", + "type": "integer", + "format": "int32", + "default": 8 }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "controlPlaneHardwareSpeed": { + "description": "HardwareSpeed allows user to change the etcd tuning profile which configures the latency parameters for heartbeat interval and leader election timeouts allowing the cluster to tolerate longer round-trip-times between etcd members. Valid values are \"\", \"Standard\" and \"Slower\".\n\t\"\" means no opinion and the platform is left to choose a reasonable default\n\twhich is subject to change without notice.\n\nPossible enum values:\n - `\"Slower\"` provides more tolerance for slower hardware and/or higher latency networks. Sets (values subject to change): ETCD_HEARTBEAT_INTERVAL: 5x Standard ETCD_LEADER_ELECTION_TIMEOUT: 2.5x Standard\n - `\"Standard\"` provides the normal tolerances for hardware speed and latency. Currently sets (values subject to change at any time): ETCD_HEARTBEAT_INTERVAL: 100ms ETCD_LEADER_ELECTION_TIMEOUT: 1000ms", + "type": "string", + "default": "", + "enum": [ + "Slower", + "Standard" + ] }, - "augmentedActiveDirectory": { - "description": "AugmentedActiveDirectoryConfig holds the configuration for extracting data from an LDAP server set up in a fashion similar to that used in Active Directory as described above, with one addition: first-class group entries exist and are used to hold metadata but not group membership", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.AugmentedActiveDirectoryConfig" + "failedRevisionLimit": { + "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", + "type": "integer", + "format": "int32" }, - "bindDN": { - "description": "bindDN is an optional DN to bind to the LDAP server with", + "forceRedeploymentReason": { + "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.", "type": "string", "default": "" }, - "bindPassword": { - "description": "bindPassword is an optional password to bind with during the search phase.", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.StringSource" + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" }, - "ca": { - "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", "default": "" }, - "groupUIDNameMapping": { - "description": "LDAPGroupUIDToOpenShiftGroupNameMapping is an optional direct mapping of LDAP group UIDs to OpenShift Group names", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "insecure": { - "description": "Insecure, if true, indicates the connection should not use TLS. Cannot be set to true with a URL scheme of \"ldaps://\" If false, \"ldaps://\" URLs connect using TLS, and \"ldap://\" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830", - "type": "boolean", - "default": false + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "rfc2307": { - "description": "RFC2307Config holds the configuration for extracting data from an LDAP server set up in a fashion similar to RFC2307: first-class group and user entries, with group membership determined by a multi-valued attribute on the group entry listing its members", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.RFC2307Config" + "succeededRevisionLimit": { + "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", + "type": "integer", + "format": "int32" }, - "url": { - "description": "Host is the scheme, host and port of the LDAP server to connect to: scheme://host:port", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.legacyconfig.v1.LocalQuota": { - "description": "LocalQuota contains options for controlling local volume quota on the node.", - "type": "object", - "required": [ - "perFSGroup" - ], - "properties": { - "perFSGroup": { - "description": "FSGroup can be specified to enable a quota on local storage use per unique FSGroup ID. At present this is only implemented for emptyDir volumes, and if the underlying volumeDirectory is on an XFS filesystem.", - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } } }, - "com.github.openshift.api.legacyconfig.v1.MasterAuthConfig": { - "description": "MasterAuthConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", + "com.github.openshift.api.operator.v1.EtcdStatus": { "type": "object", - "required": [ - "requestHeader", - "webhookTokenAuthenticators", - "oauthMetadataFile" - ], "properties": { - "oauthMetadataFile": { - "description": "oauthMetadataFile is a path to a file containing the discovery endpoint for OAuth 2.0 Authorization Server Metadata for an external OAuth server. See IETF Draft: // https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This option is mutually exclusive with OAuthConfig", - "type": "string", - "default": "" + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "requestHeader": { - "description": "requestHeader holds options for setting up a front proxy against the API. It is optional.", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.RequestHeaderAuthenticationOptions" + "controlPlaneHardwareSpeed": { + "description": "Possible enum values:\n - `\"Slower\"` provides more tolerance for slower hardware and/or higher latency networks. Sets (values subject to change): ETCD_HEARTBEAT_INTERVAL: 5x Standard ETCD_LEADER_ELECTION_TIMEOUT: 2.5x Standard\n - `\"Standard\"` provides the normal tolerances for hardware speed and latency. Currently sets (values subject to change at any time): ETCD_HEARTBEAT_INTERVAL: 100ms ETCD_LEADER_ELECTION_TIMEOUT: 1000ms", + "type": "string", + "default": "", + "enum": [ + "Slower", + "Standard" + ] }, - "webhookTokenAuthenticators": { - "description": "WebhookTokenAuthnConfig, if present configures remote token reviewers", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.WebhookTokenAuthenticator" - } + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" + }, + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" + }, + "latestAvailableRevisionReason": { + "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", + "type": "string" + }, + "nodeStatuses": { + "description": "nodeStatuses track the deployment values and errors across individual nodes", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeStatus" + }, + "x-kubernetes-list-map-keys": [ + "nodeName" + ], + "x-kubernetes-list-type": "map" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } } }, - "com.github.openshift.api.legacyconfig.v1.MasterClients": { - "description": "MasterClients holds references to `.kubeconfig` files that qualify master clients for OpenShift and Kubernetes", + "com.github.openshift.api.operator.v1.ExportNetworkFlows": { + "type": "object", + "properties": { + "ipfix": { + "description": "ipfix defines IPFIX configuration.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPFIXConfig" + }, + "netFlow": { + "description": "netFlow defines the NetFlow configuration.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NetFlowConfig" + }, + "sFlow": { + "description": "sFlow defines the SFlow configuration.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.SFlowConfig" + } + } + }, + "com.github.openshift.api.operator.v1.FeaturesMigration": { + "type": "object", + "properties": { + "egressFirewall": { + "description": "egressFirewall specified whether or not the Egress Firewall configuration was migrated. DEPRECATED: network type migration is no longer supported.", + "type": "boolean" + }, + "egressIP": { + "description": "egressIP specified whether or not the Egress IP configuration was migrated. DEPRECATED: network type migration is no longer supported.", + "type": "boolean" + }, + "multicast": { + "description": "multicast specified whether or not the multicast configuration was migrated. DEPRECATED: network type migration is no longer supported.", + "type": "boolean" + } + } + }, + "com.github.openshift.api.operator.v1.FileReferenceSource": { + "description": "FileReferenceSource is used by the console to locate the specified file containing a custom logo.", "type": "object", "required": [ - "openshiftLoopbackKubeConfig", - "openshiftLoopbackClientConnectionOverrides" + "from" ], "properties": { - "openshiftLoopbackClientConnectionOverrides": { - "description": "openshiftLoopbackClientConnectionOverrides specifies client overrides for system components to loop back to this master.", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ClientConnectionOverrides" + "configMap": { + "description": "configMap specifies the ConfigMap sourcing details such as the name of the ConfigMap and the key for the file. The ConfigMap must exist in the openshift-config namespace. Required when from is \"ConfigMap\", and forbidden otherwise.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConfigMapFileReference" }, - "openshiftLoopbackKubeConfig": { - "description": "openshiftLoopbackKubeConfig is a .kubeconfig filename for system components to loopback to this master", + "from": { + "description": "from is a required field to specify the source type of the file reference. Allowed values are ConfigMap. When set to ConfigMap, the file will be sourced from a ConfigMap in the openshift-config namespace. The configMap field must be set when from is set to ConfigMap.\n\nPossible enum values:\n - `\"ConfigMap\"` represents a ConfigMap source.", "type": "string", - "default": "" + "default": "", + "enum": [ + "ConfigMap" + ] } } }, - "com.github.openshift.api.legacyconfig.v1.MasterConfig": { - "description": "MasterConfig holds the necessary configuration options for the OpenShift master\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.operator.v1.ForwardPlugin": { + "description": "ForwardPlugin defines a schema for configuring the CoreDNS forward plugin.", "type": "object", "required": [ - "servingInfo", - "authConfig", - "aggregatorConfig", - "corsAllowedOrigins", - "apiLevels", - "masterPublicURL", - "controllers", - "admissionConfig", - "controllerConfig", - "etcdStorageConfig", - "etcdClientInfo", - "kubeletClientInfo", - "kubernetesMasterConfig", - "etcdConfig", - "oauthConfig", - "dnsConfig", - "serviceAccountConfig", - "masterClients", - "imageConfig", - "imagePolicyConfig", - "policyConfig", - "projectConfig", - "routingConfig", - "networkConfig", - "volumeConfig", - "jenkinsPipelineConfig", - "auditConfig" + "upstreams" ], "properties": { - "admissionConfig": { - "description": "admissionConfig contains admission control plugin configuration.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.AdmissionConfig" - }, - "aggregatorConfig": { - "description": "aggregatorConfig has options for configuring the aggregator component of the API server.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.AggregatorConfig" - }, - "apiLevels": { - "description": "apiLevels is a list of API levels that should be enabled on startup: v1 as examples", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "policy": { + "description": "policy is used to determine the order in which upstream servers are selected for querying. Any one of the following values may be specified:\n\n* \"Random\" picks a random upstream server for each query. * \"RoundRobin\" picks upstream servers in a round-robin order, moving to the next server for each new query. * \"Sequential\" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query.\n\nThe default value is \"Random\"", "type": "string" }, - "auditConfig": { - "description": "auditConfig holds information related to auditing capabilities.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.AuditConfig" - }, - "authConfig": { - "description": "authConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.MasterAuthConfig" - }, - "controllerConfig": { - "description": "controllerConfig holds configuration values for controllers", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ControllerConfig" - }, - "controllers": { - "description": "controllers is a list of the controllers that should be started. If set to \"none\", no controllers will start automatically. The default value is \"*\" which will start all controllers. When using \"*\", you may exclude controllers by prepending a \"-\" in front of their name. No other values are recognized at this time.", + "protocolStrategy": { + "description": "protocolStrategy specifies the protocol to use for upstream DNS requests. Valid values for protocolStrategy are \"TCP\" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is to use the protocol of the original client request. \"TCP\" specifies that the platform should use TCP for all upstream DNS requests, even if the client request uses UDP. \"TCP\" is useful for UDP-specific issues such as those created by non-compliant upstream resolvers, but may consume more bandwidth or increase DNS response time. Note that protocolStrategy only affects the protocol of DNS requests that CoreDNS makes to upstream resolvers. It does not affect the protocol of DNS requests between clients and CoreDNS.", "type": "string", "default": "" }, - "corsAllowedOrigins": { - "description": "CORSAllowedOrigins", + "transportConfig": { + "description": "transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver.\n\nThe default value is \"\" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSTransportConfig" + }, + "upstreams": { + "description": "upstreams is a list of resolvers to forward name queries for subdomains of Zones. Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream returns an error during the exchange, another resolver is tried from Upstreams. The Upstreams are selected in the order specified in Policy. Each upstream is represented by an IP address or IP:port if the upstream listens on a port other than 53.\n\nA maximum of 15 upstreams is allowed per ForwardPlugin.", "type": "array", "items": { "type": "string", "default": "" } + } + } + }, + "com.github.openshift.api.operator.v1.GCPCSIDriverConfigSpec": { + "description": "GCPCSIDriverConfigSpec defines properties that can be configured for the GCP CSI driver.", + "type": "object", + "properties": { + "kmsKey": { + "description": "kmsKey sets the cluster default storage class to encrypt volumes with customer-supplied encryption keys, rather than the default keys managed by GCP.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GCPKMSKeyReference" + } + } + }, + "com.github.openshift.api.operator.v1.GCPKMSKeyReference": { + "description": "GCPKMSKeyReference gathers required fields for looking up a GCP KMS Key", + "type": "object", + "required": [ + "name", + "keyRing", + "projectID" + ], + "properties": { + "keyRing": { + "description": "keyRing is the name of the KMS Key Ring which the KMS Key belongs to. The value should correspond to an existing KMS key ring and should consist of only alphanumeric characters, hyphens (-) and underscores (_), and be at most 63 characters in length.", + "type": "string", + "default": "" }, - "dnsConfig": { - "description": "DNSConfig, if present start the DNS server in this process", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.DNSConfig" - }, - "etcdClientInfo": { - "description": "etcdClientInfo contains information about how to connect to etcd", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.EtcdConnectionInfo" - }, - "etcdConfig": { - "description": "EtcdConfig, if present start etcd in this process", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.EtcdConfig" - }, - "etcdStorageConfig": { - "description": "etcdStorageConfig contains information about how API resources are stored in Etcd. These values are only relevant when etcd is the backing store for the cluster.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.EtcdStorageConfig" - }, - "imageConfig": { - "description": "imageConfig holds options that describe how to build image names for system components", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ImageConfig" - }, - "imagePolicyConfig": { - "description": "imagePolicyConfig controls limits and behavior for importing images", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ImagePolicyConfig" - }, - "jenkinsPipelineConfig": { - "description": "jenkinsPipelineConfig holds information about the default Jenkins template used for JenkinsPipeline build strategy.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.JenkinsPipelineConfig" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "location": { + "description": "location is the GCP location in which the Key Ring exists. The value must match an existing GCP location, or \"global\". Defaults to global, if not set.", "type": "string" }, - "kubeletClientInfo": { - "description": "kubeletClientInfo contains information about how to connect to kubelets", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.KubeletConnectionInfo" - }, - "kubernetesMasterConfig": { - "description": "KubernetesMasterConfig, if present start the kubernetes master in this process", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.KubernetesMasterConfig" - }, - "masterClients": { - "description": "masterClients holds all the client connection information for controllers and other system components", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.MasterClients" - }, - "masterPublicURL": { - "description": "masterPublicURL is how clients can access the OpenShift API server", + "name": { + "description": "name is the name of the customer-managed encryption key to be used for disk encryption. The value should correspond to an existing KMS key and should consist of only alphanumeric characters, hyphens (-) and underscores (_), and be at most 63 characters in length.", "type": "string", "default": "" }, - "networkConfig": { - "description": "networkConfig to be passed to the compiled in network plugin", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.MasterNetworkConfig" - }, - "oauthConfig": { - "description": "OAuthConfig, if present start the /oauth endpoint in this process", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.OAuthConfig" - }, - "policyConfig": { - "description": "policyConfig holds information about where to locate critical pieces of bootstrapping policy", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.PolicyConfig" - }, - "projectConfig": { - "description": "projectConfig holds information about project creation and defaults", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ProjectConfig" - }, - "routingConfig": { - "description": "routingConfig holds information about routing and route generation", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.RoutingConfig" + "projectID": { + "description": "projectID is the ID of the Project in which the KMS Key Ring exists. It must be 6 to 30 lowercase letters, digits, or hyphens. It must start with a letter. Trailing hyphens are prohibited.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.operator.v1.GCPLoadBalancerParameters": { + "description": "GCPLoadBalancerParameters provides configuration settings that are specific to GCP load balancers.", + "type": "object", + "properties": { + "clientAccess": { + "description": "clientAccess describes how client access is restricted for internal load balancers.\n\nValid values are: * \"Global\": Specifying an internal load balancer with Global client access\n allows clients from any region within the VPC to communicate with the load\n balancer.\n\n https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access\n\n* \"Local\": Specifying an internal load balancer with Local client access\n means only clients within the same region (and VPC) as the GCP load balancer\n can communicate with the load balancer. Note that this is the default behavior.\n\n https://cloud.google.com/load-balancing/docs/internal#client_access", + "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.GatewayConfig": { + "description": "GatewayConfig holds node gateway-related parsed config file parameters and command-line overrides", + "type": "object", + "properties": { + "ipForwarding": { + "description": "ipForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across OVN-Kubernetes managed interfaces, then set this field to \"Global\". The supported values are \"Restricted\" and \"Global\".", + "type": "string" }, - "serviceAccountConfig": { - "description": "serviceAccountConfig holds options related to service accounts", + "ipv4": { + "description": "ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv4 for details of default values.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ServiceAccountConfig" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPv4GatewayConfig" }, - "servingInfo": { - "description": "servingInfo describes how to start serving", + "ipv6": { + "description": "ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv6 for details of default values.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.HTTPServingInfo" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPv6GatewayConfig" }, - "volumeConfig": { - "description": "MasterVolumeConfig contains options for configuring volume plugins in the master node.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.MasterVolumeConfig" + "routingViaHost": { + "description": "routingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port into the host before sending it out. If this is not set, traffic will always egress directly from OVN to outside without touching the host stack. Setting this to true means hardware offload will not be supported. Default is false if GatewayConfig is specified.", + "type": "boolean" } } }, - "com.github.openshift.api.legacyconfig.v1.MasterNetworkConfig": { - "description": "MasterNetworkConfig to be passed to the compiled in network plugin", + "com.github.openshift.api.operator.v1.GatherStatus": { + "description": "gatherStatus provides information about the last known gather event.", "type": "object", - "required": [ - "networkPluginName", - "clusterNetworks", - "serviceNetworkCIDR", - "externalIPNetworkCIDRs", - "ingressIPNetworkCIDR" - ], "properties": { - "clusterNetworkCIDR": { - "description": "clusterNetworkCIDR is the CIDR string to specify the global overlay network's L3 space. Deprecated, but maintained for backwards compatibility, use ClusterNetworks instead.", - "type": "string" - }, - "clusterNetworks": { - "description": "clusterNetworks is a list of ClusterNetwork objects that defines the global overlay network's L3 space by specifying a set of CIDR and netmasks that the SDN can allocate addressed from. If this is specified, then ClusterNetworkCIDR and HostSubnetLength may not be set.", + "gatherers": { + "description": "gatherers is a list of active gatherers (and their statuses) in the last gathering.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ClusterNetworkEntry" - } - }, - "externalIPNetworkCIDRs": { - "description": "externalIPNetworkCIDRs controls what values are acceptable for the service external IP field. If empty, no externalIP may be set. It may contain a list of CIDRs which are checked for access. If a CIDR is prefixed with !, IPs in that CIDR will be rejected. Rejections will be applied first, then the IP checked against one of the allowed CIDRs. You should ensure this range does not overlap with your nodes, pods, or service CIDRs for security reasons.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "hostSubnetLength": { - "description": "hostSubnetLength is the number of bits to allocate to each host's subnet e.g. 8 would mean a /24 network on the host. Deprecated, but maintained for backwards compatibility, use ClusterNetworks instead.", - "type": "integer", - "format": "int64" - }, - "ingressIPNetworkCIDR": { - "description": "ingressIPNetworkCIDR controls the range to assign ingress ips from for services of type LoadBalancer on bare metal. If empty, ingress ips will not be assigned. It may contain a single CIDR that will be allocated from. For security reasons, you should ensure that this range does not overlap with the CIDRs reserved for external ips, nodes, pods, or services.", - "type": "string", - "default": "" - }, - "networkPluginName": { - "description": "networkPluginName is the name of the network plugin to use", - "type": "string", - "default": "" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GathererStatus" + }, + "x-kubernetes-list-type": "atomic" }, - "serviceNetworkCIDR": { - "description": "ServiceNetwork is the CIDR string to specify the service networks", - "type": "string", - "default": "" + "lastGatherDuration": { + "description": "lastGatherDuration is the total time taken to process all gatherers during the last gather event.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" }, - "vxlanPort": { - "description": "vxlanPort is the VXLAN port used by the cluster defaults. If it is not set, 4789 is the default value", - "type": "integer", - "format": "int64" + "lastGatherTime": { + "description": "lastGatherTime is the last time when Insights data gathering finished. An empty value means that no data has been gathered yet.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" } } }, - "com.github.openshift.api.legacyconfig.v1.MasterVolumeConfig": { - "description": "MasterVolumeConfig contains options for configuring volume plugins in the master node.", + "com.github.openshift.api.operator.v1.GathererStatus": { + "description": "gathererStatus represents information about a particular data gatherer.", "type": "object", "required": [ - "dynamicProvisioningEnabled" + "conditions", + "name", + "lastGatherDuration" ], "properties": { - "dynamicProvisioningEnabled": { - "description": "dynamicProvisioningEnabled is a boolean that toggles dynamic provisioning off when false, defaults to true", - "type": "boolean" + "conditions": { + "description": "conditions provide details on the status of each gatherer.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-type": "atomic" + }, + "lastGatherDuration": { + "description": "lastGatherDuration represents the time spent gathering.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + }, + "name": { + "description": "name is the name of the gatherer.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.legacyconfig.v1.NamedCertificate": { - "description": "NamedCertificate specifies a certificate/key, and the names it should be served for", + "com.github.openshift.api.operator.v1.GenerationStatus": { + "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", "type": "object", "required": [ - "names", - "certFile", - "keyFile" + "group", + "resource", + "namespace", + "name", + "lastGeneration", + "hash" ], "properties": { - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", + "group": { + "description": "group is the group of the thing you're tracking", "type": "string", "default": "" }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "hash": { + "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", "type": "string", "default": "" }, - "names": { - "description": "names is a list of DNS names this certificate should be used to secure A name can be a normal DNS name, or can contain leading wildcard segments.", + "lastGeneration": { + "description": "lastGeneration is the last generation of the workload controller involved", + "type": "integer", + "format": "int64", + "default": 0 + }, + "name": { + "description": "name is the name of the thing you're tracking", + "type": "string", + "default": "" + }, + "namespace": { + "description": "namespace is where the thing you're tracking is", + "type": "string", + "default": "" + }, + "resource": { + "description": "resource is the resource type of the thing you're tracking", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.operator.v1.HTTPCompressionPolicy": { + "description": "httpCompressionPolicy turns on compression for the specified MIME types.\n\nThis field is optional, and its absence implies that compression should not be enabled globally in HAProxy.\n\nIf httpCompressionPolicy exists, compression should be enabled only for the specified MIME types.", + "type": "object", + "properties": { + "mimeTypes": { + "description": "mimeTypes is a list of MIME types that should have compression applied. This list can be empty, in which case the ingress controller does not apply compression.\n\nNote: Not all MIME types benefit from compression, but HAProxy will still use resources to try to compress if instructed to. Generally speaking, text (html, css, js, etc.) formats benefit from compression, but formats that are already compressed (image, audio, video, etc.) benefit little in exchange for the time and cpu spent on compressing again. See https://joehonton.medium.com/the-gzip-penalty-d31bd697f1a2", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "set" } } }, - "com.github.openshift.api.legacyconfig.v1.NodeAuthConfig": { - "description": "NodeAuthConfig holds authn/authz configuration options", + "com.github.openshift.api.operator.v1.HealthCheck": { + "description": "healthCheck represents an Insights health check attributes.", "type": "object", "required": [ - "authenticationCacheTTL", - "authenticationCacheSize", - "authorizationCacheTTL", - "authorizationCacheSize" + "description", + "totalRisk", + "advisorURI", + "state" ], "properties": { - "authenticationCacheSize": { - "description": "authenticationCacheSize indicates how many authentication results should be cached. If 0, the default cache size is used.", - "type": "integer", - "format": "int32", - "default": 0 + "advisorURI": { + "description": "advisorURI provides the URL link to the Insights Advisor.", + "type": "string", + "default": "" }, - "authenticationCacheTTL": { - "description": "authenticationCacheTTL indicates how long an authentication result should be cached. It takes a valid time duration string (e.g. \"5m\"). If empty, you get the default timeout. If zero (e.g. \"0m\"), caching is disabled", + "description": { + "description": "description provides basic description of the healtcheck.", "type": "string", "default": "" }, - "authorizationCacheSize": { - "description": "authorizationCacheSize indicates how many authorization results should be cached. If 0, the default cache size is used.", + "state": { + "description": "state determines what the current state of the health check is. Health check is enabled by default and can be disabled by the user in the Insights advisor user interface.", + "type": "string", + "default": "" + }, + "totalRisk": { + "description": "totalRisk of the healthcheck. Indicator of the total risk posed by the detected issue; combination of impact and likelihood. The values can be from 1 to 4, and the higher the number, the more important the issue.", "type": "integer", "format": "int32", "default": 0 - }, - "authorizationCacheTTL": { - "description": "authorizationCacheTTL indicates how long an authorization result should be cached. It takes a valid time duration string (e.g. \"5m\"). If empty, you get the default timeout. If zero (e.g. \"0m\"), caching is disabled", - "type": "string", - "default": "" } } }, - "com.github.openshift.api.legacyconfig.v1.NodeConfig": { - "description": "NodeConfig is the fully specified config starting an OpenShift node\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.operator.v1.HostNetworkStrategy": { + "description": "HostNetworkStrategy holds parameters for the HostNetwork endpoint publishing strategy.", "type": "object", - "required": [ - "nodeName", - "nodeIP", - "servingInfo", - "masterKubeConfig", - "masterClientConnectionOverrides", - "dnsDomain", - "dnsIP", - "dnsBindAddress", - "dnsNameservers", - "dnsRecursiveResolvConf", - "networkConfig", - "volumeDirectory", - "imageConfig", - "allowDisabledDocker", - "podManifestConfig", - "authConfig", - "dockerConfig", - "iptablesSyncPeriod", - "enableUnidling", - "volumeConfig" - ], "properties": { - "allowDisabledDocker": { - "description": "allowDisabledDocker if true, the Kubelet will ignore errors from Docker. This means that a node can start on a machine that doesn't have docker started.", - "type": "boolean", - "default": false - }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "authConfig": { - "description": "authConfig holds authn/authz configuration options", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.NodeAuthConfig" - }, - "dnsBindAddress": { - "description": "dnsBindAddress is the ip:port to serve DNS on. If this is not set, the DNS server will not be started. Because most DNS resolvers will only listen on port 53, if you select an alternative port you will need a DNS proxy like dnsmasq to answer queries for containers. A common configuration is dnsmasq configured on a node IP listening on 53 and delegating queries for dnsDomain to this process, while sending other queries to the host environments nameservers.", - "type": "string", - "default": "" - }, - "dnsDomain": { - "description": "dnsDomain holds the domain suffix that will be used for the DNS search path inside each container. Defaults to 'cluster.local'.", - "type": "string", - "default": "" - }, - "dnsIP": { - "description": "dnsIP is the IP address that pods will use to access cluster DNS. Defaults to the service IP of the Kubernetes master. This IP must be listening on port 53 for compatibility with libc resolvers (which cannot be configured to resolve names from any other port). When running more complex local DNS configurations, this is often set to the local address of a DNS proxy like dnsmasq, which then will consult either the local DNS (see dnsBindAddress) or the master DNS.", - "type": "string", - "default": "" - }, - "dnsNameservers": { - "description": "dnsNameservers is a list of ip:port values of recursive nameservers to forward queries to when running a local DNS server if dnsBindAddress is set. If this value is empty, the DNS server will default to the nameservers listed in /etc/resolv.conf. If you have configured dnsmasq or another DNS proxy on the system, this value should be set to the upstream nameservers dnsmasq resolves with.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "dnsRecursiveResolvConf": { - "description": "dnsRecursiveResolvConf is a path to a resolv.conf file that contains settings for an upstream server. Only the nameservers and port fields are used. The file must exist and parse correctly. It adds extra nameservers to DNSNameservers if set.", - "type": "string", - "default": "" - }, - "dockerConfig": { - "description": "dockerConfig holds Docker related configuration options.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.DockerConfig" - }, - "enableUnidling": { - "description": "enableUnidling controls whether or not the hybrid unidling proxy will be set up", - "type": "boolean" - }, - "imageConfig": { - "description": "imageConfig holds options that describe how to build image names for system components", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ImageConfig" - }, - "iptablesSyncPeriod": { - "description": "iptablesSyncPeriod is how often iptable rules are refreshed", - "type": "string", - "default": "" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "kubeletArguments": { - "description": "kubeletArguments are key value pairs that will be passed directly to the Kubelet that match the Kubelet's command line arguments. These are not migrated or validated, so if you use them they may become invalid. These values override other settings in NodeConfig which may cause invalid configurations.", - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string", - "default": "" - } - } - }, - "masterClientConnectionOverrides": { - "description": "masterClientConnectionOverrides provides overrides to the client connection used to connect to the master.", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ClientConnectionOverrides" - }, - "masterKubeConfig": { - "description": "masterKubeConfig is a filename for the .kubeconfig file that describes how to connect this node to the master", - "type": "string", - "default": "" + "httpPort": { + "description": "httpPort is the port on the host which should be used to listen for HTTP requests. This field should be set when port 80 is already in use. The value should not coincide with the NodePort range of the cluster. When the value is 0 or is not specified it defaults to 80.", + "type": "integer", + "format": "int32" }, - "networkConfig": { - "description": "networkConfig provides network options for the node", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.NodeNetworkConfig" + "httpsPort": { + "description": "httpsPort is the port on the host which should be used to listen for HTTPS requests. This field should be set when port 443 is already in use. The value should not coincide with the NodePort range of the cluster. When the value is 0 or is not specified it defaults to 443.", + "type": "integer", + "format": "int32" }, - "networkPluginName": { - "description": "Deprecated and maintained for backward compatibility, use NetworkConfig.NetworkPluginName instead", + "protocol": { + "description": "protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string. * \"TCP\". * \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change.", "type": "string" }, - "nodeIP": { - "description": "Node may have multiple IPs, specify the IP to use for pod traffic routing If not specified, network parse/lookup on the nodeName is performed and the first non-loopback address is used", - "type": "string", - "default": "" - }, - "nodeName": { - "description": "nodeName is the value used to identify this particular node in the cluster. If possible, this should be your fully qualified hostname. If you're describing a set of static nodes to the master, this value must match one of the values in the list", - "type": "string", - "default": "" - }, - "podManifestConfig": { - "description": "podManifestConfig holds the configuration for enabling the Kubelet to create pods based from a manifest file(s) placed locally on the node", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.PodManifestConfig" - }, - "proxyArguments": { - "description": "proxyArguments are key value pairs that will be passed directly to the Proxy that match the Proxy's command line arguments. These are not migrated or validated, so if you use them they may become invalid. These values override other settings in NodeConfig which may cause invalid configurations.", - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string", - "default": "" - } - } - }, - "servingInfo": { - "description": "servingInfo describes how to start serving", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ServingInfo" - }, - "volumeConfig": { - "description": "volumeConfig contains options for configuring volumes on the node.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.NodeVolumeConfig" - }, - "volumeDirectory": { - "description": "volumeDirectory is the directory that volumes will be stored under", - "type": "string", - "default": "" + "statsPort": { + "description": "statsPort is the port on the host where the stats from the router are published. The value should not coincide with the NodePort range of the cluster. If an external load balancer is configured to forward connections to this IngressController, the load balancer should use this port for health checks. The load balancer can send HTTP probes on this port on a given node, with the path /healthz/ready to determine if the ingress controller is ready to receive traffic on the node. For proper operation the load balancer must not forward traffic to a node until the health check reports ready. The load balancer should also stop forwarding requests within a maximum of 45 seconds after /healthz/ready starts reporting not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with a threshold of two successful or failed requests to become healthy or unhealthy respectively, are well-tested values. When the value is 0 or is not specified it defaults to 1936.", + "type": "integer", + "format": "int32" } } }, - "com.github.openshift.api.legacyconfig.v1.NodeNetworkConfig": { - "description": "NodeNetworkConfig provides network options for the node", + "com.github.openshift.api.operator.v1.HybridOverlayConfig": { "type": "object", "required": [ - "networkPluginName", - "mtu" + "hybridClusterNetwork" ], "properties": { - "mtu": { - "description": "Maximum transmission unit for the network packets", - "type": "integer", - "format": "int64", - "default": 0 + "hybridClusterNetwork": { + "description": "hybridClusterNetwork defines a network space given to nodes on an additional overlay network.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterNetworkEntry" + }, + "x-kubernetes-list-type": "atomic" }, - "networkPluginName": { - "description": "networkPluginName is a string specifying the networking plugin", - "type": "string", - "default": "" + "hybridOverlayVXLANPort": { + "description": "hybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. Default is 4789", + "type": "integer", + "format": "int64" } } }, - "com.github.openshift.api.legacyconfig.v1.NodeVolumeConfig": { - "description": "NodeVolumeConfig contains options for configuring volumes on the node.", + "com.github.openshift.api.operator.v1.IBMCloudCSIDriverConfigSpec": { + "description": "IBMCloudCSIDriverConfigSpec defines the properties that can be configured for the IBM Cloud CSI driver.", "type": "object", "required": [ - "localQuota" + "encryptionKeyCRN" ], "properties": { - "localQuota": { - "description": "localQuota contains options for controlling local volume quota on the node.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LocalQuota" + "encryptionKeyCRN": { + "description": "encryptionKeyCRN is the IBM Cloud CRN of the customer-managed root key to use for disk encryption of volumes for the default storage classes.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.legacyconfig.v1.OAuthConfig": { - "description": "OAuthConfig holds the necessary configuration options for OAuth authentication", + "com.github.openshift.api.operator.v1.IBMLoadBalancerParameters": { + "description": "IBMLoadBalancerParameters provides configuration settings that are specific to IBM Cloud load balancers.", "type": "object", - "required": [ - "masterCA", - "masterURL", - "masterPublicURL", - "assetPublicURL", - "alwaysShowProviderSelection", - "identityProviders", - "grantConfig", - "sessionConfig", - "tokenConfig", - "templates" - ], "properties": { - "alwaysShowProviderSelection": { - "description": "alwaysShowProviderSelection will force the provider selection page to render even when there is only a single provider.", - "type": "boolean", - "default": false - }, - "assetPublicURL": { - "description": "assetPublicURL is used for building valid client redirect URLs for external access", - "type": "string", - "default": "" - }, - "grantConfig": { - "description": "grantConfig describes how to handle grants", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.GrantConfig" - }, - "identityProviders": { - "description": "identityProviders is an ordered list of ways for a user to identify themselves", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.IdentityProvider" - } - }, - "masterCA": { - "description": "masterCA is the CA for verifying the TLS connection back to the MasterURL.", + "protocol": { + "description": "protocol specifies whether the load balancer uses PROXY protocol to forward connections to the IngressController. See \"service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: \"proxy-protocol\"\" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas\"\n\nPROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol.\n\nValid values for protocol are TCP, PROXY and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is TCP, without the proxy protocol enabled.", "type": "string" - }, - "masterPublicURL": { - "description": "masterPublicURL is used for building valid client redirect URLs for internal and external access", - "type": "string", - "default": "" - }, - "masterURL": { - "description": "masterURL is used for making server-to-server calls to exchange authorization codes for access tokens", - "type": "string", - "default": "" - }, - "sessionConfig": { - "description": "sessionConfig hold information about configuring sessions.", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.SessionConfig" - }, - "templates": { - "description": "templates allow you to customize pages like the login page.", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.OAuthTemplates" - }, - "tokenConfig": { - "description": "tokenConfig contains options for authorization and access tokens", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.TokenConfig" } } }, - "com.github.openshift.api.legacyconfig.v1.OAuthTemplates": { - "description": "OAuthTemplates allow for customization of pages like the login page", + "com.github.openshift.api.operator.v1.IPAMConfig": { + "description": "IPAMConfig contains configurations for IPAM (IP Address Management)", "type": "object", "required": [ - "login", - "providerSelection", - "error" + "type" ], "properties": { - "error": { - "description": "error is a path to a file containing a go template used to render error pages during the authentication or grant flow If unspecified, the default error page is used.", - "type": "string", - "default": "" - }, - "login": { - "description": "login is a path to a file containing a go template used to render the login page. If unspecified, the default login page is used.", - "type": "string", - "default": "" + "staticIPAMConfig": { + "description": "staticIPAMConfig configures the static IP address in case of type:IPAMTypeStatic", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.StaticIPAMConfig" }, - "providerSelection": { - "description": "providerSelection is a path to a file containing a go template used to render the provider selection page. If unspecified, the default provider selection page is used.", + "type": { + "description": "type is the type of IPAM module will be used for IP Address Management(IPAM). The supported values are IPAMTypeDHCP, IPAMTypeStatic", "type": "string", "default": "" } } }, - "com.github.openshift.api.legacyconfig.v1.OpenIDClaims": { - "description": "OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider", + "com.github.openshift.api.operator.v1.IPFIXConfig": { "type": "object", - "required": [ - "id", - "preferredUsername", - "name", - "email" - ], "properties": { - "email": { - "description": "email is the list of claims whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "id": { - "description": "id is the list of claims whose values should be used as the user ID. Required. OpenID standard identity claim is \"sub\"", + "collectors": { + "description": "ipfixCollectors is list of strings formatted as ip:port with a maximum of ten items", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "com.github.openshift.api.operator.v1.IPsecConfig": { + "type": "object", + "properties": { + "full": { + "description": "full defines configuration parameters for the IPsec `Full` mode. This is permitted only when mode is configured with `Full`, and forbidden otherwise.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPsecFullModeConfig" }, - "name": { - "description": "name is the list of claims whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity", - "type": "array", - "items": { - "type": "string", - "default": "" + "mode": { + "description": "mode defines the behaviour of the ipsec configuration within the platform. Valid values are `Disabled`, `External` and `Full`. When 'Disabled', ipsec will not be enabled at the node level. When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), this is left to the user to configure.", + "type": "string" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "mode", + "fields-to-discriminateBy": { + "full": "Full" } + } + ] + }, + "com.github.openshift.api.operator.v1.IPsecFullModeConfig": { + "description": "IPsecFullModeConfig defines configuration parameters for the IPsec `Full` mode.", + "type": "object", + "properties": { + "encapsulation": { + "description": "encapsulation option to configure libreswan on how inter-pod traffic across nodes are encapsulated to handle NAT traversal. When configured it uses UDP port 4500 for the encapsulation. Valid values are Always, Auto and omitted. Always means enable UDP encapsulation regardless of whether NAT is detected. Auto means enable UDP encapsulation based on the detection of NAT. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is Auto.", + "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.IPv4GatewayConfig": { + "description": "IPV4GatewayConfig holds the configuration paramaters for IPV4 connections in the GatewayConfig for OVN-Kubernetes", + "type": "object", + "properties": { + "internalMasqueradeSubnet": { + "description": "internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /29). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 169.254.0.0/17 The value must be in proper IPV4 CIDR format", + "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.IPv4OVNKubernetesConfig": { + "type": "object", + "properties": { + "internalJoinSubnet": { + "description": "internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The current default value is 100.64.0.0/16 The subnet must be large enough to accommodate one IP per node in your cluster The value must be in proper IPV4 CIDR format", + "type": "string" }, - "preferredUsername": { - "description": "preferredUsername is the list of claims whose values should be used as the preferred username. If unspecified, the preferred username is determined from the value of the id claim", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "internalTransitSwitchSubnet": { + "description": "internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 100.88.0.0/16 The subnet must be large enough to accommodate one IP per node in your cluster The value must be in proper IPV4 CIDR format", + "type": "string" } } }, - "com.github.openshift.api.legacyconfig.v1.OpenIDIdentityProvider": { - "description": "OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.operator.v1.IPv6GatewayConfig": { + "description": "IPV6GatewayConfig holds the configuration paramaters for IPV6 connections in the GatewayConfig for OVN-Kubernetes", "type": "object", - "required": [ - "ca", - "clientID", - "clientSecret", - "extraScopes", - "extraAuthorizeParameters", - "urls", - "claims" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "internalMasqueradeSubnet": { + "description": "internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /125). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is fd69::/112 Note that IPV6 dual addresses are not permitted", + "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.IPv6OVNKubernetesConfig": { + "type": "object", + "properties": { + "internalJoinSubnet": { + "description": "internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The subnet must be large enough to accommodate one IP per node in your cluster The current default value is fd98::/64 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted", "type": "string" }, - "ca": { - "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", + "internalTransitSwitchSubnet": { + "description": "internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The subnet must be large enough to accommodate one IP per node in your cluster The current default subnet is fd97::/64 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted", + "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.Ingress": { + "description": "Ingress allows cluster admin to configure alternative ingress for the console.", + "type": "object", + "properties": { + "clientDownloadsURL": { + "description": "clientDownloadsURL is a URL to be used as the address to download client binaries. If not specified, the downloads route hostname will be used. This field is required for clusters without ingress capability, where access to routes is not possible. The console operator will monitor the URL and may go degraded if it's unreachable for an extended period. Must use the HTTPS scheme.", "type": "string", "default": "" }, - "claims": { - "description": "claims mappings", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.OpenIDClaims" - }, - "clientID": { - "description": "clientID is the oauth client ID", + "consoleURL": { + "description": "consoleURL is a URL to be used as the base console address. If not specified, the console route hostname will be used. This field is required for clusters without ingress capability, where access to routes is not possible. Make sure that appropriate ingress is set up at this URL. The console operator will monitor the URL and may go degraded if it's unreachable for an extended period. Must use the HTTPS scheme.", "type": "string", "default": "" - }, - "clientSecret": { - "description": "clientSecret is the oauth client secret", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.StringSource" - }, - "extraAuthorizeParameters": { - "description": "extraAuthorizeParameters are any custom parameters to add to the authorize request.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "extraScopes": { - "description": "extraScopes are any scopes to request in addition to the standard \"openid\" scope.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + } + } + }, + "com.github.openshift.api.operator.v1.IngressController": { + "description": "IngressController describes a managed ingress controller for the cluster. The controller can service OpenShift Route and Kubernetes Ingress resources.\n\nWhen an IngressController is created, a new ingress controller deployment is created to allow external traffic to reach the services that expose Ingress or Route resources. Updating this resource may lead to disruption for public facing network connections as a new ingress controller revision may be rolled out.\n\nhttps://kubernetes.io/docs/concepts/services-networking/ingress-controllers\n\nWhenever possible, sensible defaults for the platform are used. See each field for more details.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "urls": { - "description": "urls to use to authenticate", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.OpenIDURLs" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec is the specification of the desired behavior of the IngressController.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerSpec" + }, + "status": { + "description": "status is the most recently observed status of the IngressController.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerStatus" } } }, - "com.github.openshift.api.legacyconfig.v1.OpenIDURLs": { - "description": "OpenIDURLs are URLs to use when authenticating with an OpenID identity provider", + "com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookie": { + "description": "IngressControllerCaptureHTTPCookie describes an HTTP cookie that should be captured.", "type": "object", "required": [ - "authorize", - "token", - "userInfo" + "matchType", + "maxLength" ], "properties": { - "authorize": { - "description": "authorize is the oauth authorization URL", + "matchType": { + "description": "matchType specifies the type of match to be performed on the cookie name. Allowed values are \"Exact\" for an exact string match and \"Prefix\" for a string prefix match. If \"Exact\" is specified, a name must be specified in the name field. If \"Prefix\" is provided, a prefix must be specified in the namePrefix field. For example, specifying matchType \"Prefix\" and namePrefix \"foo\" will capture a cookie named \"foo\" or \"foobar\" but not one named \"bar\". The first matching cookie is captured.", "type": "string", "default": "" }, - "token": { - "description": "token is the oauth token granting URL", + "maxLength": { + "description": "maxLength specifies a maximum length of the string that will be logged, which includes the cookie name, cookie value, and one-character delimiter. If the log entry exceeds this length, the value will be truncated in the log message. Note that the ingress controller may impose a separate bound on the total length of HTTP headers in a request.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "name": { + "description": "name specifies a cookie name. Its value must be a valid HTTP cookie name as defined in RFC 6265 section 4.1.", "type": "string", "default": "" }, - "userInfo": { - "description": "userInfo is the optional userinfo URL. If present, a granted access_token is used to request claims If empty, a granted id_token is parsed for claims", + "namePrefix": { + "description": "namePrefix specifies a cookie name prefix. Its value must be a valid HTTP cookie name as defined in RFC 6265 section 4.1.", "type": "string", "default": "" } - } - }, - "com.github.openshift.api.legacyconfig.v1.PodManifestConfig": { - "description": "PodManifestConfig holds the necessary configuration options for using pod manifests", - "type": "object", - "required": [ - "path", - "fileCheckIntervalSeconds" - ], - "properties": { - "fileCheckIntervalSeconds": { - "description": "fileCheckIntervalSeconds is the interval in seconds for checking the manifest file(s) for new data The interval needs to be a positive value", - "type": "integer", - "format": "int64", - "default": 0 - }, - "path": { - "description": "path specifies the path for the pod manifest file or directory If its a directory, its expected to contain on or more manifest files This is used by the Kubelet to create pods on the node", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.legacyconfig.v1.PolicyConfig": { - "description": "holds the necessary configuration options for", - "type": "object", - "required": [ - "userAgentMatchingConfig" - ], - "properties": { - "userAgentMatchingConfig": { - "description": "userAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.UserAgentMatchingConfig" + }, + "x-kubernetes-unions": [ + { + "discriminator": "matchType", + "fields-to-discriminateBy": { + "name": "Name", + "namePrefix": "NamePrefix" + } } - } + ] }, - "com.github.openshift.api.legacyconfig.v1.ProjectConfig": { - "description": "holds the necessary configuration options for", + "com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookieUnion": { + "description": "IngressControllerCaptureHTTPCookieUnion describes optional fields of an HTTP cookie that should be captured.", "type": "object", "required": [ - "defaultNodeSelector", - "projectRequestMessage", - "projectRequestTemplate", - "securityAllocator" + "matchType" ], "properties": { - "defaultNodeSelector": { - "description": "defaultNodeSelector holds default project node label selector", + "matchType": { + "description": "matchType specifies the type of match to be performed on the cookie name. Allowed values are \"Exact\" for an exact string match and \"Prefix\" for a string prefix match. If \"Exact\" is specified, a name must be specified in the name field. If \"Prefix\" is provided, a prefix must be specified in the namePrefix field. For example, specifying matchType \"Prefix\" and namePrefix \"foo\" will capture a cookie named \"foo\" or \"foobar\" but not one named \"bar\". The first matching cookie is captured.", "type": "string", "default": "" }, - "projectRequestMessage": { - "description": "projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint", + "name": { + "description": "name specifies a cookie name. Its value must be a valid HTTP cookie name as defined in RFC 6265 section 4.1.", "type": "string", "default": "" }, - "projectRequestTemplate": { - "description": "projectRequestTemplate is the template to use for creating projects in response to projectrequest. It is in the format namespace/template and it is optional. If it is not specified, a default template is used.", + "namePrefix": { + "description": "namePrefix specifies a cookie name prefix. Its value must be a valid HTTP cookie name as defined in RFC 6265 section 4.1.", "type": "string", "default": "" - }, - "securityAllocator": { - "description": "securityAllocator controls the automatic allocation of UIDs and MCS labels to a project. If nil, allocation is disabled.", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.SecurityAllocator" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "matchType", + "fields-to-discriminateBy": { + "name": "Name", + "namePrefix": "NamePrefix" + } + } + ] }, - "com.github.openshift.api.legacyconfig.v1.RFC2307Config": { - "description": "RFC2307Config holds the necessary configuration options to define how an LDAP group sync interacts with an LDAP server using the RFC2307 schema", + "com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader": { + "description": "IngressControllerCaptureHTTPHeader describes an HTTP header that should be captured.", "type": "object", "required": [ - "groupsQuery", - "groupUIDAttribute", - "groupNameAttributes", - "groupMembershipAttributes", - "usersQuery", - "userUIDAttribute", - "userNameAttributes", - "tolerateMemberNotFoundErrors", - "tolerateMemberOutOfScopeErrors" + "name", + "maxLength" ], "properties": { - "groupMembershipAttributes": { - "description": "groupMembershipAttributes defines which attributes on an LDAP group entry will be interpreted as its members. The values contained in those attributes must be queryable by your UserUIDAttribute", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "groupNameAttributes": { - "description": "groupNameAttributes defines which attributes on an LDAP group entry will be interpreted as its name to use for an OpenShift group", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "groupUIDAttribute": { - "description": "GroupUIDAttributes defines which attribute on an LDAP group entry will be interpreted as its unique identifier. (ldapGroupUID)", - "type": "string", - "default": "" - }, - "groupsQuery": { - "description": "AllGroupsQuery holds the template for an LDAP query that returns group entries.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LDAPQuery" - }, - "tolerateMemberNotFoundErrors": { - "description": "tolerateMemberNotFoundErrors determines the behavior of the LDAP sync job when missing user entries are encountered. If 'true', an LDAP query for users that doesn't find any will be tolerated and an only and error will be logged. If 'false', the LDAP sync job will fail if a query for users doesn't find any. The default value is 'false'. Misconfigured LDAP sync jobs with this flag set to 'true' can cause group membership to be removed, so it is recommended to use this flag with caution.", - "type": "boolean", - "default": false - }, - "tolerateMemberOutOfScopeErrors": { - "description": "tolerateMemberOutOfScopeErrors determines the behavior of the LDAP sync job when out-of-scope user entries are encountered. If 'true', an LDAP query for a user that falls outside of the base DN given for the all user query will be tolerated and only an error will be logged. If 'false', the LDAP sync job will fail if a user query would search outside of the base DN specified by the all user query. Misconfigured LDAP sync jobs with this flag set to 'true' can result in groups missing users, so it is recommended to use this flag with caution.", - "type": "boolean", - "default": false - }, - "userNameAttributes": { - "description": "userNameAttributes defines which attributes on an LDAP user entry will be used, in order, as its OpenShift user name. The first attribute with a non-empty value is used. This should match your PreferredUsername setting for your LDAPPasswordIdentityProvider", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "maxLength": { + "description": "maxLength specifies a maximum length for the header value. If a header value exceeds this length, the value will be truncated in the log message. Note that the ingress controller may impose a separate bound on the total length of HTTP headers in a request.", + "type": "integer", + "format": "int32", + "default": 0 }, - "userUIDAttribute": { - "description": "userUIDAttribute defines which attribute on an LDAP user entry will be interpreted as its unique identifier. It must correspond to values that will be found from the GroupMembershipAttributes", + "name": { + "description": "name specifies a header name. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2.", "type": "string", "default": "" - }, - "usersQuery": { - "description": "AllUsersQuery holds the template for an LDAP query that returns user entries.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LDAPQuery" } } }, - "com.github.openshift.api.legacyconfig.v1.RegistryLocation": { - "description": "RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'.", + "com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeaders": { + "description": "IngressControllerCaptureHTTPHeaders specifies which HTTP headers the IngressController captures.", "type": "object", - "required": [ - "domainName" - ], "properties": { - "domainName": { - "description": "domainName specifies a domain name for the registry In case the registry use non-standard (80 or 443) port, the port should be included in the domain name as well.", - "type": "string", - "default": "" + "request": { + "description": "request specifies which HTTP request headers to capture.\n\nIf this field is empty, no request headers are captured.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader" + }, + "x-kubernetes-list-type": "atomic" }, - "insecure": { - "description": "insecure indicates whether the registry is secure (https) or insecure (http) By default (if not specified) the registry is assumed as secure.", - "type": "boolean" + "response": { + "description": "response specifies which HTTP response headers to capture.\n\nIf this field is empty, no response headers are captured.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.legacyconfig.v1.RemoteConnectionInfo": { - "description": "RemoteConnectionInfo holds information necessary for establishing a remote connection", + "com.github.openshift.api.operator.v1.IngressControllerHTTPHeader": { + "description": "IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header.", "type": "object", "required": [ - "url", - "ca", - "certFile", - "keyFile" + "name", + "action" ], "properties": { - "ca": { - "description": "ca is the CA for verifying TLS connections", - "type": "string", - "default": "" - }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" - }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - "type": "string", - "default": "" + "action": { + "description": "action specifies actions to perform on headers, such as setting or deleting headers.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActionUnion" }, - "url": { - "description": "url is the remote URL to connect to", + "name": { + "description": "name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, \"-!#$%&'*+.^_`\". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.", "type": "string", "default": "" } } }, - "com.github.openshift.api.legacyconfig.v1.RequestHeaderAuthenticationOptions": { - "description": "RequestHeaderAuthenticationOptions provides options for setting up a front proxy against the entire API instead of against the /oauth endpoint.", + "com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActionUnion": { + "description": "IngressControllerHTTPHeaderActionUnion specifies an action to take on an HTTP header.", "type": "object", "required": [ - "clientCA", - "clientCommonNames", - "usernameHeaders", - "groupHeaders", - "extraHeaderPrefixes" + "type" ], "properties": { - "clientCA": { - "description": "clientCA is a file with the trusted signer certs. It is required.", + "set": { + "description": "set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerSetHTTPHeader" + }, + "type": { + "description": "type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.", "type": "string", "default": "" - }, - "clientCommonNames": { - "description": "clientCommonNames is a required list of common names to require a match from.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "extraHeaderPrefixes": { - "description": "extraHeaderPrefixes is the set of request header prefixes to inspect for user extra. X-Remote-Extra- is suggested.", - "type": "array", - "items": { - "type": "string", - "default": "" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "set": "Set" } - }, - "groupHeaders": { - "description": "GroupNameHeader is the set of headers to check for group information. All are unioned.", + } + ] + }, + "com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActions": { + "description": "IngressControllerHTTPHeaderActions defines configuration for actions on HTTP request and response headers.", + "type": "object", + "properties": { + "request": { + "description": "request is a list of HTTP request headers to modify. Actions defined here will modify the request headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for request headers will be executed before Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. Sample fetchers allowed are \"req.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[req.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\".", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerHTTPHeader" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "usernameHeaders": { - "description": "usernameHeaders is the list of headers to check for user information. First hit wins.", + "response": { + "description": "response is a list of HTTP response headers to modify. Actions defined here will modify the response headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for response headers will be executed after Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. Sample fetchers allowed are \"res.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[res.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\".", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerHTTPHeader" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.legacyconfig.v1.RequestHeaderIdentityProvider": { - "description": "RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.operator.v1.IngressControllerHTTPHeaders": { + "description": "IngressControllerHTTPHeaders specifies how the IngressController handles certain HTTP headers.", "type": "object", - "required": [ - "loginURL", - "challengeURL", - "clientCA", - "clientCommonNames", - "headers", - "preferredUsernameHeaders", - "nameHeaders", - "emailHeaders" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "challengeURL": { - "description": "challengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}", - "type": "string", - "default": "" - }, - "clientCA": { - "description": "clientCA is a file with the trusted signer certs. If empty, no request verification is done, and any direct request to the OAuth server can impersonate any identity from this provider, merely by setting a request header.", - "type": "string", - "default": "" - }, - "clientCommonNames": { - "description": "clientCommonNames is an optional list of common names to require a match from. If empty, any client certificate validated against the clientCA bundle is considered authoritative.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "emailHeaders": { - "description": "emailHeaders is the set of headers to check for the email address", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "headers": { - "description": "headers is the set of headers to check for identity information", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "actions": { + "description": "actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the \"haproxy.router.openshift.io/hsts_header\" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController's spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route's spec.httpHeaders.actions field. Headers set using this API cannot be captured for use in access logs. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActions" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "forwardedHeaderPolicy": { + "description": "forwardedHeaderPolicy specifies when and how the IngressController sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version HTTP headers. The value may be one of the following:\n\n* \"Append\", which specifies that the IngressController appends the\n headers, preserving existing headers.\n\n* \"Replace\", which specifies that the IngressController sets the\n headers, replacing any existing Forwarded or X-Forwarded-* headers.\n\n* \"IfNone\", which specifies that the IngressController sets the\n headers if they are not already set.\n\n* \"Never\", which specifies that the IngressController never sets the\n headers, preserving any existing headers.\n\nBy default, the policy is \"Append\".", "type": "string" }, - "loginURL": { - "description": "loginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}", - "type": "string", - "default": "" - }, - "nameHeaders": { - "description": "nameHeaders is the set of headers to check for the display name", + "headerNameCaseAdjustments": { + "description": "headerNameCaseAdjustments specifies case adjustments that can be applied to HTTP header names. Each adjustment is specified as an HTTP header name with the desired capitalization. For example, specifying \"X-Forwarded-For\" indicates that the \"x-forwarded-for\" HTTP header should be adjusted to have the specified capitalization.\n\nThese adjustments are only applied to cleartext, edge-terminated, and re-encrypt routes, and only when using HTTP/1.\n\nFor request headers, these adjustments are applied only for routes that have the haproxy.router.openshift.io/h1-adjust-case=true annotation. For response headers, these adjustments are applied to all HTTP responses.\n\nIf this field is empty, no request headers are adjusted.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" }, - "preferredUsernameHeaders": { - "description": "preferredUsernameHeaders is the set of headers to check for the preferred username", - "type": "array", - "items": { - "type": "string", - "default": "" - } - } - } - }, - "com.github.openshift.api.legacyconfig.v1.RoutingConfig": { - "description": "RoutingConfig holds the necessary configuration options for routing to subdomains", - "type": "object", - "required": [ - "subdomain" - ], - "properties": { - "subdomain": { - "description": "subdomain is the suffix appended to $service.$namespace. to form the default route hostname DEPRECATED: This field is being replaced by routers setting their own defaults. This is the \"default\" route.", - "type": "string", - "default": "" + "uniqueId": { + "description": "uniqueId describes configuration for a custom HTTP header that the ingress controller should inject into incoming HTTP requests. Typically, this header is configured to have a value that is unique to the HTTP request. The header can be used by applications or included in access logs to facilitate tracing individual HTTP requests.\n\nIf this field is empty, no such header is injected into requests.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerHTTPUniqueIdHeaderPolicy" } } }, - "com.github.openshift.api.legacyconfig.v1.SecurityAllocator": { - "description": "SecurityAllocator controls the automatic allocation of UIDs and MCS labels to a project. If nil, allocation is disabled.", + "com.github.openshift.api.operator.v1.IngressControllerHTTPUniqueIdHeaderPolicy": { + "description": "IngressControllerHTTPUniqueIdHeaderPolicy describes configuration for a unique id header.", "type": "object", - "required": [ - "uidAllocatorRange", - "mcsAllocatorRange", - "mcsLabelsPerProject" - ], "properties": { - "mcsAllocatorRange": { - "description": "mcsAllocatorRange defines the range of MCS categories that will be assigned to namespaces. The format is \"/[,]\". The default is \"s0/2\" and will allocate from c0 -> c1023, which means a total of 535k labels are available (1024 choose 2 ~ 535k). If this value is changed after startup, new projects may receive labels that are already allocated to other projects. Prefix may be any valid SELinux set of terms (including user, role, and type), although leaving them as the default will allow the server to set them automatically.\n\nExamples: * s0:/2 - Allocate labels from s0:c0,c0 to s0:c511,c511 * s0:/2,512 - Allocate labels from s0:c0,c0,c0 to s0:c511,c511,511", - "type": "string", - "default": "" - }, - "mcsLabelsPerProject": { - "description": "mcsLabelsPerProject defines the number of labels that should be reserved per project. The default is 5 to match the default UID and MCS ranges (100k namespaces, 535k/5 labels).", - "type": "integer", - "format": "int32", - "default": 0 + "format": { + "description": "format specifies the format for the injected HTTP header's value. This field has no effect unless name is specified. For the HAProxy-based ingress controller implementation, this format uses the same syntax as the HTTP log format. If the field is empty, the default value is \"%{+X}o\\\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid\"; see the corresponding HAProxy documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3", + "type": "string" }, - "uidAllocatorRange": { - "description": "uidAllocatorRange defines the total set of Unix user IDs (UIDs) that will be allocated to projects automatically, and the size of the block each namespace gets. For example, 1000-1999/10 will allocate ten UIDs per namespace, and will be able to allocate up to 100 blocks before running out of space. The default is to allocate from 1 billion to 2 billion in 10k blocks (which is the expected size of the ranges container images will use once user namespaces are started).", - "type": "string", - "default": "" + "name": { + "description": "name specifies the name of the HTTP header (for example, \"unique-id\") that the ingress controller should inject into HTTP requests. The field's value must be a valid HTTP header name as defined in RFC 2616 section 4.2. If the field is empty, no header is injected.", + "type": "string" } } }, - "com.github.openshift.api.legacyconfig.v1.ServiceAccountConfig": { - "description": "ServiceAccountConfig holds the necessary configuration options for a service account", + "com.github.openshift.api.operator.v1.IngressControllerList": { + "description": "IngressControllerList contains a list of IngressControllers.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "managedNames", - "limitSecretReferences", - "privateKeyFile", - "publicKeyFiles", - "masterCA" + "items" ], "properties": { - "limitSecretReferences": { - "description": "limitSecretReferences controls whether or not to allow a service account to reference any secret in a namespace without explicitly referencing them", - "type": "boolean", - "default": false + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "managedNames": { - "description": "managedNames is a list of service account names that will be auto-created in every namespace. If no names are specified, the ServiceAccountsController will not be started.", + "items": { "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressController" } }, - "masterCA": { - "description": "masterCA is the CA for verifying the TLS connection back to the master. The service account controller will automatically inject the contents of this file into pods so they can verify connections to the master.", - "type": "string", - "default": "" - }, - "privateKeyFile": { - "description": "privateKeyFile is a file containing a PEM-encoded private RSA key, used to sign service account tokens. If no private key is specified, the service account TokensController will not be started.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "publicKeyFiles": { - "description": "publicKeyFiles is a list of files, each containing a PEM-encoded public RSA key. (If any file contains a private key, the public portion of the key is used) The list of public keys is used to verify presented service account tokens. Each key is tried in order until the list is exhausted or verification succeeds. If no keys are specified, no service account authentication will be available.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.legacyconfig.v1.ServiceServingCert": { - "description": "ServiceServingCert holds configuration for service serving cert signer which creates cert/key pairs for pods fulfilling a service to serve with.", + "com.github.openshift.api.operator.v1.IngressControllerLogging": { + "description": "IngressControllerLogging describes what should be logged where.", "type": "object", - "required": [ - "signer" - ], "properties": { - "signer": { - "description": "signer holds the signing information used to automatically sign serving certificates. If this value is nil, then certs are not signed automatically.", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.CertInfo" + "access": { + "description": "access describes how the client requests should be logged.\n\nIf this field is empty, access logging is disabled.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AccessLogging" } } }, - "com.github.openshift.api.legacyconfig.v1.ServingInfo": { - "description": "ServingInfo holds information about serving web pages", + "com.github.openshift.api.operator.v1.IngressControllerSetHTTPHeader": { + "description": "IngressControllerSetHTTPHeader defines the value which needs to be set on an HTTP header.", "type": "object", "required": [ - "bindAddress", - "bindNetwork", - "certFile", - "keyFile", - "clientCA", - "namedCertificates" + "value" ], "properties": { - "bindAddress": { - "description": "bindAddress is the ip:port to serve on", + "value": { + "description": "value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController.", "type": "string", "default": "" + } + } + }, + "com.github.openshift.api.operator.v1.IngressControllerSpec": { + "description": "IngressControllerSpec is the specification of the desired behavior of the IngressController.", + "type": "object", + "properties": { + "clientTLS": { + "description": "clientTLS specifies settings for requesting and verifying client certificates, which can be used to enable mutual TLS for edge-terminated and reencrypt routes.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClientTLS" }, - "bindNetwork": { - "description": "bindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", + "closedClientConnectionPolicy": { + "description": "closedClientConnectionPolicy controls how the IngressController behaves when the client closes the TCP connection while the TLS handshake or HTTP request is in progress. This option maps directly to HAProxy’s \"abortonclose\" option.\n\nValid values are: \"Abort\" and \"Continue\". The default value is \"Continue\".\n\nWhen set to \"Abort\", the router will stop processing the TLS handshake if it is in progress, and it will not send an HTTP request to the backend server if the request has not yet been sent when the client closes the connection.\n\nWhen set to \"Continue\", the router will complete the TLS handshake if it is in progress, or send an HTTP request to the backend server and wait for the backend server's response, regardless of whether the client has closed the connection.\n\nSetting \"Abort\" can help free CPU resources otherwise spent on TLS computation for connections the client has already closed, and can reduce request queue size, thereby reducing the load on saturated backend servers.\n\nImportant Considerations:\n\n - The default policy (\"Continue\") is HTTP-compliant, and requests\n for aborted client connections will still be served.\n Use the \"Continue\" policy to allow a client to send a request\n and then immediately close its side of the connection while\n still receiving a response on the half-closed connection.\n\n - When clients use keep-alive connections, the most common case for premature\n closure is when the user wants to cancel the transfer or when a timeout\n occurs. In that case, the \"Abort\" policy may be used to reduce resource consumption.\n\n - Using RSA keys larger than 2048 bits can significantly slow down\n TLS computations. Consider using the \"Abort\" policy to reduce CPU usage.", "type": "string", - "default": "" + "default": "Continue" }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" + "defaultCertificate": { + "description": "defaultCertificate is a reference to a secret containing the default certificate served by the ingress controller. When Routes don't specify their own certificate, defaultCertificate is used.\n\nThe secret must contain the following keys and data:\n\n tls.crt: certificate file contents\n tls.key: key file contents\n\nIf unset, a wildcard certificate is automatically generated and used. The certificate is valid for the ingress controller domain (and subdomains) and the generated certificate's CA will be automatically integrated with the cluster's trust store.\n\nIf a wildcard certificate is used and shared by multiple HTTP/2 enabled routes (which implies ALPN) then clients (i.e., notably browsers) are at liberty to reuse open connections. This means a client can reuse a connection to another route and that is likely to fail. This behaviour is generally known as connection coalescing.\n\nThe in-use certificate (whether generated or user-specified) will be automatically integrated with OpenShift's built-in OAuth server.", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" }, - "cipherSuites": { - "description": "cipherSuites contains an overridden list of ciphers for the server to support. Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "domain": { + "description": "domain is a DNS name serviced by the ingress controller and is used to configure multiple features:\n\n* For the LoadBalancerService endpoint publishing strategy, domain is\n used to configure DNS records. See endpointPublishingStrategy.\n\n* When using a generated default certificate, the certificate will be valid\n for domain and its subdomains. See defaultCertificate.\n\n* The value is published to individual Route statuses so that end-users\n know where to target external DNS records.\n\ndomain must be unique among all IngressControllers, and cannot be updated.\n\nIf empty, defaults to ingress.config.openshift.io/cluster .spec.domain.\n\nThe domain value must be a valid DNS name. It must consist of lowercase alphanumeric characters, '-' or '.', and each label must start and end with an alphanumeric character and not exceed 63 characters. Maximum length of a valid DNS domain is 253 characters.\n\nThe implementation may add a prefix such as \"router-default.\" to the domain when constructing the router canonical hostname. To ensure the resulting hostname does not exceed the DNS maximum length of 253 characters, the domain length is additionally validated at the IngressController object level. For the maximum length of the domain value itself, the shortest possible variant of the prefix and the ingress controller name was considered for example \"router-a.\"", + "type": "string" }, - "clientCA": { - "description": "clientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates", - "type": "string", - "default": "" + "endpointPublishingStrategy": { + "description": "endpointPublishingStrategy is used to publish the ingress controller endpoints to other networks, enable load balancer integrations, etc.\n\nIf unset, the default is based on infrastructure.config.openshift.io/cluster .status.platform:\n\n AWS: LoadBalancerService (with External scope)\n Azure: LoadBalancerService (with External scope)\n GCP: LoadBalancerService (with External scope)\n IBMCloud: LoadBalancerService (with External scope)\n AlibabaCloud: LoadBalancerService (with External scope)\n Libvirt: HostNetwork\n\nAny other platform types (including None) default to HostNetwork.\n\nendpointPublishingStrategy cannot be updated.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.EndpointPublishingStrategy" }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - "type": "string", - "default": "" + "httpCompression": { + "description": "httpCompression defines a policy for HTTP traffic compression. By default, there is no HTTP compression.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.HTTPCompressionPolicy" }, - "minTLSVersion": { - "description": "minTLSVersion is the minimum TLS version supported. Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants", + "httpEmptyRequestsPolicy": { + "description": "httpEmptyRequestsPolicy describes how HTTP connections should be handled if the connection times out before a request is received. Allowed values for this field are \"Respond\" and \"Ignore\". If the field is set to \"Respond\", the ingress controller sends an HTTP 400 or 408 response, logs the connection (if access logging is enabled), and counts the connection in the appropriate metrics. If the field is set to \"Ignore\", the ingress controller closes the connection without sending a response, logging the connection, or incrementing metrics. The default value is \"Respond\".\n\nTypically, these connections come from load balancers' health probes or Web browsers' speculative connections (\"preconnect\") and can be safely ignored. However, these requests may also be caused by network errors, and so setting this field to \"Ignore\" may impede detection and diagnosis of problems. In addition, these requests may be caused by port scans, in which case logging empty requests may aid in detecting intrusion attempts.", "type": "string" }, - "namedCertificates": { - "description": "namedCertificates is a list of certificates to use to secure requests to specific hostnames", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.NamedCertificate" - } + "httpErrorCodePages": { + "description": "httpErrorCodePages specifies a configmap with custom error pages. The administrator must create this configmap in the openshift-config namespace. This configmap should have keys in the format \"error-page-.http\", where is an HTTP error code. For example, \"error-page-503.http\" defines an error page for HTTP 503 responses. Currently only error pages for 503 and 404 responses can be customized. Each value in the configmap should be the full response, including HTTP headers. Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http If this field is empty, the ingress controller uses the default error pages.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + }, + "httpHeaders": { + "description": "httpHeaders defines policy for HTTP headers.\n\nIf this field is empty, the default values are used.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerHTTPHeaders" + }, + "idleConnectionTerminationPolicy": { + "description": "idleConnectionTerminationPolicy maps directly to HAProxy's idle-close-on-response option and controls whether HAProxy keeps idle frontend connections open during a soft stop (router reload).\n\nAllowed values for this field are \"Immediate\" and \"Deferred\". The default value is \"Immediate\".\n\nWhen set to \"Immediate\", idle connections are closed immediately during router reloads. This ensures immediate propagation of route changes but may impact clients sensitive to connection resets.\n\nWhen set to \"Deferred\", HAProxy will maintain idle connections during a soft reload instead of closing them immediately. These connections remain open until any of the following occurs:\n\n - A new request is received on the connection, in which\n case HAProxy handles it in the old process and closes\n the connection after sending the response.\n\n - HAProxy's `timeout http-keep-alive` duration expires.\n By default this is 300 seconds, but it can be changed\n using httpKeepAliveTimeout tuning option.\n\n - The client's keep-alive timeout expires, causing the\n client to close the connection.\n\nSetting Deferred can help prevent errors in clients or load balancers that do not properly handle connection resets. Additionally, this option allows you to retain the pre-2.4 HAProxy behaviour: in HAProxy version 2.2 (OpenShift versions < 4.14), maintaining idle connections during a soft reload was the default behaviour, but starting with HAProxy 2.4, the default changed to closing idle connections immediately.\n\nImportant Consideration:\n\n - Using Deferred will result in temporary inconsistencies\n for the first request on each persistent connection\n after a route update and router reload. This request\n will be processed by the old HAProxy process using its\n old configuration. Subsequent requests will use the\n updated configuration.\n\nOperational Considerations:\n\n - Keeping idle connections open during reloads may lead\n to an accumulation of old HAProxy processes if\n connections remain idle for extended periods,\n especially in environments where frequent reloads\n occur.\n\n - Consider monitoring the number of HAProxy processes in\n the router pods when Deferred is set.\n\n - You may need to enable or adjust the\n `ingress.operator.openshift.io/hard-stop-after`\n duration (configured via an annotation on the\n IngressController resource) in environments with\n frequent reloads to prevent resource exhaustion.", + "type": "string", + "default": "Immediate" + }, + "logging": { + "description": "logging defines parameters for what should be logged where. If this field is empty, operational logs are enabled but access logs are disabled.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerLogging" + }, + "namespaceSelector": { + "description": "namespaceSelector is used to filter the set of namespaces serviced by the ingress controller. This is useful for implementing shards.\n\nIf unset, the default is no filtering.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "nodePlacement": { + "description": "nodePlacement enables explicit control over the scheduling of the ingress controller.\n\nIf unset, defaults are used. See NodePlacement for more details.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodePlacement" + }, + "replicas": { + "description": "replicas is the desired number of ingress controller replicas. If unset, the default depends on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses status.\n\nThe value of replicas is set based on the value of a chosen field in the Infrastructure CR. If defaultPlacement is set to ControlPlane, the chosen field will be controlPlaneTopology. If it is set to Workers the chosen field will be infrastructureTopology. Replicas will then be set to 1 or 2 based whether the chosen field's value is SingleReplica or HighlyAvailable, respectively.\n\nThese defaults are subject to change.", + "type": "integer", + "format": "int32" + }, + "routeAdmission": { + "description": "routeAdmission defines a policy for handling new route claims (for example, to allow or deny claims across namespaces).\n\nIf empty, defaults will be applied. See specific routeAdmission fields for details about their defaults.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.RouteAdmissionPolicy" + }, + "routeSelector": { + "description": "routeSelector is used to filter the set of Routes serviced by the ingress controller. This is useful for implementing shards.\n\nIf unset, the default is no filtering.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "tlsSecurityProfile": { + "description": "tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers.\n\nIf unset, the default is based on the apiservers.config.openshift.io/cluster resource.\n\nNote that when using the Old, Intermediate, and Modern profile types, the effective profile configuration is subject to change between releases. For example, given a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress controller, resulting in a rollout.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.TLSSecurityProfile" + }, + "tuningOptions": { + "description": "tuningOptions defines parameters for adjusting the performance of ingress controller pods. All fields are optional and will use their respective defaults if not set. See specific tuningOptions fields for more details.\n\nSetting fields within tuningOptions is generally not recommended. The default values are suitable for most configurations.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerTuningOptions" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides allows specifying unsupported configuration options. Its use is unsupported.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } } }, - "com.github.openshift.api.legacyconfig.v1.SessionConfig": { - "description": "SessionConfig specifies options for cookie-based sessions. Used by AuthRequestHandlerSession", + "com.github.openshift.api.operator.v1.IngressControllerStatus": { + "description": "IngressControllerStatus defines the observed status of the IngressController.", "type": "object", - "required": [ - "sessionSecretsFile", - "sessionMaxAgeSeconds", - "sessionName" - ], "properties": { - "sessionMaxAgeSeconds": { - "description": "sessionMaxAgeSeconds specifies how long created sessions last. Used by AuthRequestHandlerSession", + "availableReplicas": { + "description": "availableReplicas is number of observed available replicas according to the ingress controller deployment.", "type": "integer", "format": "int32", "default": 0 }, - "sessionName": { - "description": "sessionName is the cookie name used to store the session", + "conditions": { + "description": "conditions is a list of conditions and their status.\n\nAvailable means the ingress controller deployment is available and servicing route and ingress resources (i.e, .status.availableReplicas equals .spec.replicas)\n\nThere are additional conditions which indicate the status of other ingress controller features and capabilities.\n\n * LoadBalancerManaged\n - True if the following conditions are met:\n * The endpoint publishing strategy requires a service load balancer.\n - False if any of those conditions are unsatisfied.\n\n * LoadBalancerReady\n - True if the following conditions are met:\n * A load balancer is managed.\n * The load balancer is ready.\n - False if any of those conditions are unsatisfied.\n\n * DNSManaged\n - True if the following conditions are met:\n * The endpoint publishing strategy and platform support DNS.\n * The ingress controller domain is set.\n * dns.config.openshift.io/cluster configures DNS zones.\n - False if any of those conditions are unsatisfied.\n\n * DNSReady\n - True if the following conditions are met:\n * DNS is managed.\n * DNS records have been successfully created.\n - False if any of those conditions are unsatisfied.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "domain": { + "description": "domain is the actual domain in use.", "type": "string", "default": "" }, - "sessionSecretsFile": { - "description": "sessionSecretsFile is a reference to a file containing a serialized SessionSecrets object If no file is specified, a random signing and encryption key are generated at each server start", + "endpointPublishingStrategy": { + "description": "endpointPublishingStrategy is the actual strategy in use.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.EndpointPublishingStrategy" + }, + "namespaceSelector": { + "description": "namespaceSelector is the actual namespaceSelector in use.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "observedGeneration": { + "description": "observedGeneration is the most recent generation observed.", + "type": "integer", + "format": "int64" + }, + "routeSelector": { + "description": "routeSelector is the actual routeSelector in use.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "selector": { + "description": "selector is a label selector, in string format, for ingress controller pods corresponding to the IngressController. The number of matching pods should equal the value of availableReplicas.", "type": "string", "default": "" + }, + "tlsProfile": { + "description": "tlsProfile is the TLS connection configuration that is in effect.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.TLSProfileSpec" } } }, - "com.github.openshift.api.legacyconfig.v1.SessionSecret": { - "description": "SessionSecret is a secret used to authenticate/decrypt cookie-based sessions", + "com.github.openshift.api.operator.v1.IngressControllerTuningOptions": { + "description": "IngressControllerTuningOptions specifies options for tuning the performance of ingress controller pods", "type": "object", - "required": [ - "authentication", - "encryption" - ], "properties": { - "authentication": { - "description": "authentication is used to authenticate sessions using HMAC. Recommended to use a secret with 32 or 64 bytes.", - "type": "string", - "default": "" + "clientFinTimeout": { + "description": "clientFinTimeout defines how long a connection will be held open while waiting for the client response to the server/backend closing the connection.\n\nIf unset, the default timeout is 1s", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" }, - "encryption": { - "description": "encryption is used to encrypt sessions. Must be 16, 24, or 32 characters long, to select AES-128, AES-", + "clientTimeout": { + "description": "clientTimeout defines how long a connection will be held open while waiting for a client response.\n\nIf unset, the default timeout is 30s", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + }, + "configurationManagement": { + "description": "configurationManagement specifies how OpenShift router should update the HAProxy configuration. The following values are valid for this field:\n\n* \"ForkAndReload\". * \"Dynamic\".\n\nOmitting this field means that the user has no opinion and the platform may choose a reasonable default. This default is subject to change over time. The current default is \"ForkAndReload\".\n\n\"ForkAndReload\" means that OpenShift router should rewrite the HAProxy configuration file and instruct HAProxy to fork and reload. This is OpenShift router's traditional approach.\n\n\"Dynamic\" means that OpenShift router may use HAProxy's control socket for some configuration updates and fall back to fork and reload for other configuration updates. This is a newer approach, which may be less mature than ForkAndReload. This setting can improve load-balancing fairness and metrics accuracy and reduce CPU and memory usage if HAProxy has frequent configuration updates for route and endpoints updates.\n\nNote: The \"Dynamic\" option is currently experimental and should not be enabled on production clusters.\n\n\nPossible enum values:\n - `\"Dynamic\"`\n - `\"ForkAndReload\"`", "type": "string", - "default": "" + "enum": [ + "Dynamic", + "ForkAndReload" + ] + }, + "connectTimeout": { + "description": "connectTimeout defines the maximum time to wait for a connection attempt to a server/backend to succeed.\n\nThis field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a reasonable default. This default is subject to change over time. The current default is 5s.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + }, + "headerBufferBytes": { + "description": "headerBufferBytes describes how much memory should be reserved (in bytes) for IngressController connection sessions. Note that this value must be at least 16384 if HTTP/2 is enabled for the IngressController (https://tools.ietf.org/html/rfc7540). If this field is empty, the IngressController will use a default value of 32768 bytes.\n\nSetting this field is generally not recommended as headerBufferBytes values that are too small may break the IngressController and headerBufferBytes values that are too large could cause the IngressController to use significantly more memory than necessary.", + "type": "integer", + "format": "int32" + }, + "headerBufferMaxRewriteBytes": { + "description": "headerBufferMaxRewriteBytes describes how much memory should be reserved (in bytes) from headerBufferBytes for HTTP header rewriting and appending for IngressController connection sessions. Note that incoming HTTP requests will be limited to (headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning headerBufferBytes must be greater than headerBufferMaxRewriteBytes. If this field is empty, the IngressController will use a default value of 8192 bytes.\n\nSetting this field is generally not recommended as headerBufferMaxRewriteBytes values that are too small may break the IngressController and headerBufferMaxRewriteBytes values that are too large could cause the IngressController to use significantly more memory than necessary.", + "type": "integer", + "format": "int32" + }, + "healthCheckInterval": { + "description": "healthCheckInterval defines how long the router waits between two consecutive health checks on its configured backends. This value is applied globally as a default for all routes, but may be overridden per-route by the route annotation \"router.openshift.io/haproxy.health.check.interval\".\n\nExpects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nSetting this to less than 5s can cause excess traffic due to too frequent TCP health checks and accompanying SYN packet storms. Alternatively, setting this too high can result in increased latency, due to backend servers that are no longer available, but haven't yet been detected as such.\n\nAn empty or zero healthCheckInterval means no opinion and IngressController chooses a default, which is subject to change over time. Currently the default healthCheckInterval value is 5s.\n\nCurrently the minimum allowed value is 1s and the maximum allowed value is 2147483647ms (24.85 days). Both are subject to change over time.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + }, + "httpKeepAliveTimeout": { + "description": "httpKeepAliveTimeout defines the maximum allowed time to wait for a new HTTP request to appear on a connection from the client to the router.\n\nThis field expects an unsigned duration string of a decimal number, with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5s\" or \"2m45s\". Valid time units are \"ms\", \"s\", \"m\". The allowed range is from 1 millisecond to 15 minutes.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a reasonable default. This default is subject to change over time. The current default is 300s.\n\nLow values (tens of milliseconds or less) can cause clients to close and reopen connections for each request, leading to reduced connection sharing. For HTTP/2, special care should be taken with low values. A few seconds is a reasonable starting point to avoid holding idle connections open while still allowing subsequent requests to reuse the connection.\n\nHigh values (minutes or more) favor connection reuse but may cause idle connections to linger longer.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + }, + "maxConnections": { + "description": "maxConnections defines the maximum number of simultaneous connections that can be established per HAProxy process. Increasing this value allows each ingress controller pod to handle more connections but at the cost of additional system resources being consumed.\n\nPermitted values are: empty, 0, -1, and the range 2000-2000000.\n\nIf this field is empty or 0, the IngressController will use the default value of 50000, but the default is subject to change in future releases.\n\nIf the value is -1 then HAProxy will dynamically compute a maximum value based on the available ulimits in the running container. Selecting -1 (i.e., auto) will result in a large value being computed (~520000 on OpenShift >=4.10 clusters) and therefore each HAProxy process will incur significant memory usage compared to the current default of 50000.\n\nSetting a value that is greater than the current operating system limit will prevent the HAProxy process from starting.\n\nIf you choose a discrete value (e.g., 750000) and the router pod is migrated to a new node, there's no guarantee that that new node has identical ulimits configured. In such a scenario the pod would fail to start. If you have nodes with different ulimits configured (e.g., different tuned profiles) and you choose a discrete value then the guidance is to use -1 and let the value be computed dynamically at runtime.\n\nYou can monitor memory usage for router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}'.\n\nYou can monitor memory usage of individual HAProxy processes in router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}/container_processes{container=\"router\",namespace=\"openshift-ingress\"}'.", + "type": "integer", + "format": "int32" + }, + "reloadInterval": { + "description": "reloadInterval defines the minimum interval at which the router is allowed to reload to accept new changes. Increasing this value can prevent the accumulation of HAProxy processes, depending on the scenario. Increasing this interval can also lessen load imbalance on a backend's servers when using the roundrobin balancing algorithm. Alternatively, decreasing this value may decrease latency since updates to HAProxy's configuration can take effect more quickly.\n\nThe value must be a time duration value; see . Currently, the minimum value allowed is 1s, and the maximum allowed value is 120s. Minimum and maximum allowed values may change in future versions of OpenShift. Note that if a duration outside of these bounds is provided, the value of reloadInterval will be capped/floored and not rejected (e.g. a duration of over 120s will be capped to 120s; the IngressController will not reject and replace this disallowed value with the default).\n\nA zero value for reloadInterval tells the IngressController to choose the default, which is currently 5s and subject to change without notice.\n\nThis field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nNote: Setting a value significantly larger than the default of 5s can cause latency in observing updates to routes and their endpoints. HAProxy's configuration will be reloaded less frequently, and newly created routes will not be served until the subsequent reload.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + }, + "serverFinTimeout": { + "description": "serverFinTimeout defines how long a connection will be held open while waiting for the server/backend response to the client closing the connection.\n\nIf unset, the default timeout is 1s", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + }, + "serverTimeout": { + "description": "serverTimeout defines how long a connection will be held open while waiting for a server/backend response.\n\nIf unset, the default timeout is 30s", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + }, + "threadCount": { + "description": "threadCount defines the number of threads created per HAProxy process. Creating more threads allows each ingress controller pod to handle more connections, at the cost of more system resources being used. HAProxy currently supports up to 64 threads. If this field is empty, the IngressController will use the default value. The current default is 4 threads, but this may change in future releases.\n\nSetting this field is generally not recommended. Increasing the number of HAProxy threads allows ingress controller pods to utilize more CPU time under load, potentially starving other pods if set too high. Reducing the number of threads may cause the ingress controller to perform poorly.", + "type": "integer", + "format": "int32" + }, + "tlsInspectDelay": { + "description": "tlsInspectDelay defines how long the router can hold data to find a matching route.\n\nSetting this too short can cause the router to fall back to the default certificate for edge-terminated or reencrypt routes even when a better matching certificate could be used.\n\nIf unset, the default inspect delay is 5s", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + }, + "tunnelTimeout": { + "description": "tunnelTimeout defines how long a tunnel connection (including websockets) will be held open while the tunnel is idle.\n\nIf unset, the default timeout is 1h", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" } } }, - "com.github.openshift.api.legacyconfig.v1.SessionSecrets": { - "description": "SessionSecrets list the secrets to use to sign/encrypt and authenticate/decrypt created sessions.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.operator.v1.InsightsOperator": { + "description": "InsightsOperator holds cluster-wide information about the Insights Operator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "secrets" + "metadata", + "spec" ], "properties": { "apiVersion": { @@ -33541,358 +31968,381 @@ "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "secrets": { - "description": "secrets is a list of secrets New sessions are signed and encrypted using the first secret. Existing sessions are decrypted/authenticated by each secret until one succeeds. This allows rotating secrets.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.SessionSecret" - } - } - } - }, - "com.github.openshift.api.legacyconfig.v1.SourceStrategyDefaultsConfig": { - "description": "SourceStrategyDefaultsConfig contains values that apply to builds using the source strategy.", - "type": "object", - "properties": { - "incremental": { - "description": "incremental indicates if s2i build strategies should perform an incremental build or not", - "type": "boolean" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec is the specification of the desired behavior of the Insights.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.InsightsOperatorSpec" + }, + "status": { + "description": "status is the most recently observed status of the Insights operator.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.InsightsOperatorStatus" } } }, - "com.github.openshift.api.legacyconfig.v1.StringSource": { - "description": "StringSource allows specifying a string inline, or externally via env var or file. When it contains only a string value, it marshals to a simple JSON string.", + "com.github.openshift.api.operator.v1.InsightsOperatorList": { + "description": "InsightsOperatorList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "value", - "env", - "file", - "keyFile" + "metadata", + "items" ], "properties": { - "env": { - "description": "env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "file": { - "description": "file references a file containing the cleartext value, or an encrypted value if a keyFile is specified.", - "type": "string", - "default": "" + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.InsightsOperator" + } }, - "keyFile": { - "description": "keyFile references a file containing the key to use to decrypt the value.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "value": { - "description": "value specifies the cleartext value, or an encrypted value if keyFile is specified.", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.legacyconfig.v1.StringSourceSpec": { - "description": "StringSourceSpec specifies a string value, or external location", + "com.github.openshift.api.operator.v1.InsightsOperatorSpec": { "type": "object", "required": [ - "value", - "env", - "file", - "keyFile" + "managementState" ], "properties": { - "env": { - "description": "env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified.", - "type": "string", - "default": "" + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" }, - "file": { - "description": "file references a file containing the cleartext value, or an encrypted value if a keyFile is specified.", + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", "default": "" }, - "keyFile": { - "description": "keyFile references a file containing the key to use to decrypt the value.", - "type": "string", - "default": "" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "value": { - "description": "value specifies the cleartext value, or an encrypted value if keyFile is specified.", - "type": "string", - "default": "" + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } } }, - "com.github.openshift.api.legacyconfig.v1.TokenConfig": { - "description": "TokenConfig holds the necessary configuration options for authorization and access tokens", + "com.github.openshift.api.operator.v1.InsightsOperatorStatus": { "type": "object", - "required": [ - "authorizeTokenMaxAgeSeconds", - "accessTokenMaxAgeSeconds" - ], "properties": { - "accessTokenInactivityTimeoutSeconds": { - "description": "accessTokenInactivityTimeoutSeconds defined the default token inactivity timeout for tokens granted by any client. Setting it to nil means the feature is completely disabled (default) The default setting can be overridden on OAuthClient basis. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Valid values are: - 0: Tokens never time out - X: Tokens time out if there is no activity for X seconds The current minimum allowed value for X is 300 (5 minutes)", + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "gatherStatus": { + "description": "gatherStatus provides basic information about the last Insights data gathering. When omitted, this means no data gathering has taken place yet.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GatherStatus" + }, + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" + }, + "insightsReport": { + "description": "insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.InsightsReport" + }, + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", "type": "integer", "format": "int32" }, - "accessTokenMaxAgeSeconds": { - "description": "accessTokenMaxAgeSeconds defines the maximum age of access tokens", + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", "type": "integer", - "format": "int32", - "default": 0 + "format": "int64" }, - "authorizeTokenMaxAgeSeconds": { - "description": "authorizeTokenMaxAgeSeconds defines the maximum age of authorize tokens", + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", "type": "integer", "format": "int32", "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } } }, - "com.github.openshift.api.legacyconfig.v1.UserAgentDenyRule": { - "description": "UserAgentDenyRule adds a rejection message that can be used to help a user figure out how to get an approved client", + "com.github.openshift.api.operator.v1.InsightsReport": { + "description": "insightsReport provides Insights health check report based on the most recently sent Insights data.", "type": "object", - "required": [ - "regex", - "httpVerbs", - "rejectionMessage" - ], "properties": { - "httpVerbs": { - "description": "httpVerbs specifies which HTTP verbs should be matched. An empty list means \"match all verbs\".", + "downloadedAt": { + "description": "downloadedAt is the time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled).", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "healthChecks": { + "description": "healthChecks provides basic information about active Insights health checks in a cluster.", "type": "array", "items": { - "type": "string", - "default": "" - } - }, - "regex": { - "description": "UserAgentRegex is a regex that is checked against the User-Agent. Known variants of oc clients 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f", - "type": "string", - "default": "" - }, - "rejectionMessage": { - "description": "rejectionMessage is the message shown when rejecting a client. If it is not a set, the default message is used.", - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.HealthCheck" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.legacyconfig.v1.UserAgentMatchRule": { - "description": "UserAgentMatchRule describes how to match a given request based on User-Agent and HTTPVerb", + "com.github.openshift.api.operator.v1.IrreconcilableValidationOverrides": { + "description": "IrreconcilableValidationOverrides holds the irreconcilable validations overrides to be applied on each rendered MachineConfig generation.", "type": "object", - "required": [ - "regex", - "httpVerbs" - ], "properties": { - "httpVerbs": { - "description": "httpVerbs specifies which HTTP verbs should be matched. An empty list means \"match all verbs\".", + "storage": { + "description": "storage can be used to allow making irreconcilable changes to the selected sections under the `spec.config.storage` field of MachineConfig CRs It must have at least one item, may not exceed 3 items and must not contain duplicates. Allowed element values are \"Disks\", \"FileSystems\", \"Raid\" and omitted. When contains \"Disks\" changes to the `spec.config.storage.disks` section of MachineConfig CRs are allowed. When contains \"FileSystems\" changes to the `spec.config.storage.filesystems` section of MachineConfig CRs are allowed. When contains \"Raid\" changes to the `spec.config.storage.raid` section of MachineConfig CRs are allowed. When omitted changes to the `spec.config.storage` section are forbidden.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "set" + } + } + }, + "com.github.openshift.api.operator.v1.KubeAPIServer": { + "description": "KubeAPIServer provides information to configure an operator to manage kube-apiserver.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "metadata", + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "regex": { - "description": "UserAgentRegex is a regex that is checked against the User-Agent. Known variants of oc clients 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec is the specification of the desired behavior of the Kubernetes API Server", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeAPIServerSpec" + }, + "status": { + "description": "status is the most recently observed status of the Kubernetes API Server", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeAPIServerStatus" } } }, - "com.github.openshift.api.legacyconfig.v1.UserAgentMatchingConfig": { - "description": "UserAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!", + "com.github.openshift.api.operator.v1.KubeAPIServerList": { + "description": "KubeAPIServerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "requiredClients", - "deniedClients", - "defaultRejectionMessage" + "metadata", + "items" ], "properties": { - "defaultRejectionMessage": { - "description": "defaultRejectionMessage is the message shown when rejecting a client. If it is not a set, a generic message is given.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "deniedClients": { - "description": "If this list is non-empty, then a User-Agent must not match any of the UserAgentRegexes", + "items": { + "description": "items contains the items", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.UserAgentDenyRule" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeAPIServer" } }, - "requiredClients": { - "description": "If this list is non-empty, then a User-Agent must match one of the UserAgentRegexes to be allowed", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.UserAgentMatchRule" - } + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.legacyconfig.v1.WebhookTokenAuthenticator": { - "description": "WebhookTokenAuthenticators holds the necessary configuation options for external token authenticators", + "com.github.openshift.api.operator.v1.KubeAPIServerSpec": { "type": "object", "required": [ - "configFile", - "cacheTTL" + "managementState", + "forceRedeploymentReason" ], "properties": { - "cacheTTL": { - "description": "cacheTTL indicates how long an authentication result should be cached. It takes a valid time duration string (e.g. \"5m\"). If empty, you get a default timeout of 2 minutes. If zero (e.g. \"0m\"), caching is disabled", - "type": "string", - "default": "" + "eventTTLMinutes": { + "description": "eventTTLMinutes specifies the amount of time that the events are stored before being deleted. The TTL is allowed between 5 minutes minimum up to a maximum of 180 minutes (3 hours).\n\nLowering this value will reduce the storage required in etcd. Note that this setting will only apply to new events being created and will not update existing events.\n\nWhen omitted this means no opinion, and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is 3h (180 minutes).", + "type": "integer", + "format": "int32" }, - "configFile": { - "description": "configFile is a path to a Kubeconfig file with the webhook configuration", + "failedRevisionLimit": { + "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", + "type": "integer", + "format": "int32" + }, + "forceRedeploymentReason": { + "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.machine.v1.AWSFailureDomain": { - "description": "AWSFailureDomain configures failure domain information for the AWS platform.", - "type": "object", - "properties": { - "placement": { - "description": "placement configures the placement information for this instance.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.AWSFailureDomainPlacement" }, - "subnet": { - "description": "subnet is a reference to the subnet to use for this instance.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1.AWSResourceReference" - } - } - }, - "com.github.openshift.api.machine.v1.AWSFailureDomainPlacement": { - "description": "AWSFailureDomainPlacement configures the placement information for the AWSFailureDomain.", - "type": "object", - "required": [ - "availabilityZone" - ], - "properties": { - "availabilityZone": { - "description": "availabilityZone is the availability zone of the instance.", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", "default": "" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "succeededRevisionLimit": { + "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", + "type": "integer", + "format": "int32" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } } }, - "com.github.openshift.api.machine.v1.AWSResourceFilter": { - "description": "AWSResourceFilter is a filter used to identify an AWS resource", + "com.github.openshift.api.operator.v1.KubeAPIServerStatus": { "type": "object", - "required": [ - "name" - ], "properties": { - "name": { - "description": "name of the filter. Filter names are case-sensitive.", - "type": "string", - "default": "" + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "values": { - "description": "values includes one or more filter values. Filter values are case-sensitive.", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "com.github.openshift.api.machine.v1.AWSResourceReference": { - "description": "AWSResourceReference is a reference to a specific AWS resource by ID, ARN, or filters. Only one of ID, ARN or Filters may be specified. Specifying more than one will result in a validation error.", - "type": "object", - "required": [ - "type" - ], - "properties": { - "arn": { - "description": "arn of resource.", + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" + }, + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" + }, + "latestAvailableRevisionReason": { + "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", "type": "string" }, - "filters": { - "description": "filters is a set of filters used to identify a resource.", + "nodeStatuses": { + "description": "nodeStatuses track the deployment values and errors across individual nodes", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.AWSResourceFilter" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeStatus" + }, + "x-kubernetes-list-map-keys": [ + "nodeName" + ], + "x-kubernetes-list-type": "map" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "serviceAccountIssuers": { + "description": "serviceAccountIssuers tracks history of used service account issuers. The item without expiration time represents the currently used service account issuer. The other items represents service account issuers that were used previously and are still being trusted. The default expiration for the items is set by the platform and it defaults to 24h. see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceAccountIssuerStatus" }, "x-kubernetes-list-type": "atomic" }, - "id": { - "description": "id of resource.", + "version": { + "description": "version is the level this availability applies to", "type": "string" - }, - "type": { - "description": "type determines how the reference will fetch the AWS resource.", - "type": "string", - "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "arn": "ARN", - "filters": "Filters", - "id": "ID" - } } - ] + } }, - "com.github.openshift.api.machine.v1.AlibabaCloudMachineProviderConfig": { - "description": "AlibabaCloudMachineProviderConfig is the Schema for the alibabacloudmachineproviderconfig API Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.KubeControllerManager": { + "description": "KubeControllerManager provides information to configure an operator to manage kube-controller-manager.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "instanceType", - "vpcId", - "regionId", - "zoneId", - "imageId", - "vSwitch", - "resourceGroup" + "metadata", + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "bandwidth": { - "description": "bandwidth describes the internet bandwidth strategy for the instance", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.BandwidthProperties" - }, - "credentialsSecret": { - "description": "credentialsSecret is a reference to the secret with alibabacloud credentials. Otherwise, defaults to permissions provided by attached RAM role where the actuator is running.", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" - }, - "dataDisk": { - "description": "DataDisks holds information regarding the extra disks attached to the instance", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.DataDiskProperties" - } - }, - "imageId": { - "description": "The ID of the image used to create the instance.", - "type": "string", - "default": "" - }, - "instanceType": { - "description": "The instance type of the instance.", - "type": "string", - "default": "" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -33900,72 +32350,25 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "ramRoleName": { - "description": "ramRoleName is the name of the instance Resource Access Management (RAM) role. This allows the instance to perform API calls as this specified RAM role.", - "type": "string" - }, - "regionId": { - "description": "The ID of the region in which to create the instance. You can call the DescribeRegions operation to query the most recent region list.", - "type": "string", - "default": "" - }, - "resourceGroup": { - "description": "resourceGroup references the resource group to which to assign the instance. A reference holds either the resource group ID, the resource name, or the required tags to search. When more than one resource group are returned for a search, an error will be produced and the Machine will not be created. Resource Groups do not support searching by tags.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.AlibabaResourceReference" - }, - "securityGroups": { - "description": "securityGroups is a list of security group references to assign to the instance. A reference holds either the security group ID, the resource name, or the required tags to search. When more than one security group is returned for a tag search, all the groups are associated with the instance up to the maximum number of security groups to which an instance can belong. For more information, see the \"Security group limits\" section in Limits. https://www.alibabacloud.com/help/en/doc-detail/25412.htm", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.AlibabaResourceReference" - } + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "systemDisk": { - "description": "systemDisk holds the properties regarding the system disk for the instance", + "spec": { + "description": "spec is the specification of the desired behavior of the Kubernetes Controller Manager", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.SystemDiskProperties" - }, - "tag": { - "description": "Tags are the set of metadata to add to an instance.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.Tag" - } - }, - "tenancy": { - "description": "tenancy specifies whether to create the instance on a dedicated host. Valid values:\n\ndefault: creates the instance on a non-dedicated host. host: creates the instance on a dedicated host. If you do not specify the DedicatedHostID parameter, Alibaba Cloud automatically selects a dedicated host for the instance. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `default`.", - "type": "string" - }, - "userDataSecret": { - "description": "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeControllerManagerSpec" }, - "vSwitch": { - "description": "vSwitch is a reference to the vswitch to use for this instance. A reference holds either the vSwitch ID, the resource name, or the required tags to search. When more than one vSwitch is returned for a tag search, only the first vSwitch returned will be used. This parameter is required when you create an instance of the VPC type. You can call the DescribeVSwitches operation to query the created vSwitches.", + "status": { + "description": "status is the most recently observed status of the Kubernetes Controller Manager", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.AlibabaResourceReference" - }, - "vpcId": { - "description": "The ID of the vpc", - "type": "string", - "default": "" - }, - "zoneId": { - "description": "The ID of the zone in which to create the instance. You can call the DescribeZones operation to query the most recent region list.", - "type": "string", - "default": "" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeControllerManagerStatus" } } }, - "com.github.openshift.api.machine.v1.AlibabaCloudMachineProviderConfigList": { - "description": "AlibabaCloudMachineProviderConfigList contains a list of AlibabaCloudMachineProviderConfig Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.KubeControllerManagerList": { + "description": "KubeControllerManagerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -33974,10 +32377,11 @@ "type": "string" }, "items": { + "description": "items contains the items", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.AlibabaCloudMachineProviderConfig" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeControllerManager" } }, "kind": { @@ -33987,116 +32391,136 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.machine.v1.AlibabaCloudMachineProviderStatus": { - "description": "AlibabaCloudMachineProviderStatus is the Schema for the alibabacloudmachineproviderconfig API Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.KubeControllerManagerSpec": { "type": "object", + "required": [ + "managementState", + "forceRedeploymentReason", + "useMoreSecureServiceCA" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "failedRevisionLimit": { + "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", + "type": "integer", + "format": "int32" + }, + "forceRedeploymentReason": { + "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.", + "type": "string", + "default": "" + }, + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, + "succeededRevisionLimit": { + "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", + "type": "integer", + "format": "int32" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + }, + "useMoreSecureServiceCA": { + "description": "useMoreSecureServiceCA indicates that the service-ca.crt provided in SA token volumes should include only enough certificates to validate service serving certificates. Once set to true, it cannot be set to false. Even if someone finds a way to set it back to false, the service-ca.crt files that previously existed will only have the more secure content.", + "type": "boolean", + "default": false + } + } + }, + "com.github.openshift.api.operator.v1.KubeControllerManagerStatus": { + "type": "object", + "properties": { "conditions": { - "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status", + "description": "conditions is a list of conditions and their status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" }, "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, - "instanceId": { - "description": "instanceId is the instance ID of the machine created in alibabacloud", - "type": "string" - }, - "instanceState": { - "description": "instanceState is the state of the alibabacloud instance for this machine", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.machine.v1.AlibabaResourceReference": { - "description": "ResourceTagReference is a reference to a specific AlibabaCloud resource by ID, or tags. Only one of ID or Tags may be specified. Specifying more than one will result in a validation error.", - "type": "object", - "required": [ - "type" - ], - "properties": { - "id": { - "description": "id of resource", - "type": "string" + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" }, - "name": { - "description": "name of the resource", + "latestAvailableRevisionReason": { + "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", "type": "string" }, - "tags": { - "description": "tags is a set of metadata based upon ECS object tags used to identify a resource. For details about usage when multiple resources are found, please see the owning parent field documentation.", + "nodeStatuses": { + "description": "nodeStatuses track the deployment values and errors across individual nodes", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.Tag" - } - }, - "type": { - "description": "type identifies the resource reference type for this entry.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.machine.v1.AzureFailureDomain": { - "description": "AzureFailureDomain configures failure domain information for the Azure platform.", - "type": "object", - "required": [ - "zone" - ], - "properties": { - "subnet": { - "description": "subnet is the name of the network subnet in which the VM will be created. When omitted, the subnet value from the machine providerSpec template will be used.", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeStatus" + }, + "x-kubernetes-list-map-keys": [ + "nodeName" + ], + "x-kubernetes-list-type": "map" }, - "zone": { - "description": "Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.machine.v1.BandwidthProperties": { - "description": "Bandwidth describes the bandwidth strategy for the network of the instance", - "type": "object", - "properties": { - "internetMaxBandwidthIn": { - "description": "internetMaxBandwidthIn is the maximum inbound public bandwidth. Unit: Mbit/s. Valid values: When the purchased outbound public bandwidth is less than or equal to 10 Mbit/s, the valid values of this parameter are 1 to 10. Currently the default is `10` when outbound bandwidth is less than or equal to 10 Mbit/s. When the purchased outbound public bandwidth is greater than 10, the valid values are 1 to the InternetMaxBandwidthOut value. Currently the default is the value used for `InternetMaxBandwidthOut` when outbound public bandwidth is greater than 10.", + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", "type": "integer", "format": "int64" }, - "internetMaxBandwidthOut": { - "description": "internetMaxBandwidthOut is the maximum outbound public bandwidth. Unit: Mbit/s. Valid values: 0 to 100. When a value greater than 0 is used then a public IP address is assigned to the instance. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `0`", + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", "type": "integer", - "format": "int64" + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } } }, - "com.github.openshift.api.machine.v1.ControlPlaneMachineSet": { - "description": "ControlPlaneMachineSet ensures that a specified number of control plane machine replicas are running at any given time. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.KubeScheduler": { + "description": "KubeScheduler provides information to configure an operator to manage scheduler.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -34109,22 +32533,25 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { + "description": "spec is the specification of the desired behavior of the Kubernetes Scheduler", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.ControlPlaneMachineSetSpec" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeSchedulerSpec" }, "status": { + "description": "status is the most recently observed status of the Kubernetes Scheduler", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.ControlPlaneMachineSetStatus" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeSchedulerStatus" } } }, - "com.github.openshift.api.machine.v1.ControlPlaneMachineSetList": { - "description": "ControlPlaneMachineSetList contains a list of ControlPlaneMachineSet Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.KubeSchedulerList": { + "description": "KubeSchedulerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -34133,10 +32560,11 @@ "type": "string" }, "items": { + "description": "items contains the items", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.ControlPlaneMachineSet" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeScheduler" } }, "kind": { @@ -34146,1213 +32574,1365 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.machine.v1.ControlPlaneMachineSetSpec": { - "description": "ControlPlaneMachineSet represents the configuration of the ControlPlaneMachineSet.", + "com.github.openshift.api.operator.v1.KubeSchedulerSpec": { "type": "object", "required": [ - "replicas", - "selector", - "template" + "managementState", + "forceRedeploymentReason" ], "properties": { - "machineNamePrefix": { - "description": "machineNamePrefix is the prefix used when creating machine names. Each machine name will consist of this prefix, followed by a randomly generated string of 5 characters, and the index of the machine. It must be a lowercase RFC 1123 subdomain, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.'). Each block, separated by periods, must start and end with an alphanumeric character. Hyphens are not allowed at the start or end of a block, and consecutive periods are not permitted. The prefix must be between 1 and 245 characters in length. For example, if machineNamePrefix is set to 'control-plane', and three machines are created, their names might be: control-plane-abcde-0, control-plane-fghij-1, control-plane-klmno-2", - "type": "string" - }, - "replicas": { - "description": "replicas defines how many Control Plane Machines should be created by this ControlPlaneMachineSet. This field is immutable and cannot be changed after cluster installation. The ControlPlaneMachineSet only operates with 3 or 5 node control planes, 3 and 5 are the only valid values for this field.", + "failedRevisionLimit": { + "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", "type": "integer", "format": "int32" }, - "selector": { - "description": "Label selector for Machines. Existing Machines selected by this selector will be the ones affected by this ControlPlaneMachineSet. It must match the template's labels. This field is considered immutable after creation of the resource.", - "default": {}, - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + "forceRedeploymentReason": { + "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.", + "type": "string", + "default": "" }, - "state": { - "description": "state defines whether the ControlPlaneMachineSet is Active or Inactive. When Inactive, the ControlPlaneMachineSet will not take any action on the state of the Machines within the cluster. When Active, the ControlPlaneMachineSet will reconcile the Machines and will update the Machines as necessary. Once Active, a ControlPlaneMachineSet cannot be made Inactive. To prevent further action please remove the ControlPlaneMachineSet.", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", - "default": "Inactive" + "default": "" }, - "strategy": { - "description": "strategy defines how the ControlPlaneMachineSet will update Machines when it detects a change to the ProviderSpec.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.ControlPlaneMachineSetStrategy" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "template": { - "description": "template describes the Control Plane Machines that will be created by this ControlPlaneMachineSet.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.ControlPlaneMachineSetTemplate" + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "succeededRevisionLimit": { + "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", + "type": "integer", + "format": "int32" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } } }, - "com.github.openshift.api.machine.v1.ControlPlaneMachineSetStatus": { - "description": "ControlPlaneMachineSetStatus represents the status of the ControlPlaneMachineSet CRD.", + "com.github.openshift.api.operator.v1.KubeSchedulerStatus": { "type": "object", "properties": { "conditions": { - "description": "conditions represents the observations of the ControlPlaneMachineSet's current state. Known .status.conditions.type are: Available, Degraded and Progressing.", + "description": "conditions is a list of conditions and their status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" }, "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, - "observedGeneration": { - "description": "observedGeneration is the most recent generation observed for this ControlPlaneMachineSet. It corresponds to the ControlPlaneMachineSets's generation, which is updated on mutation by the API Server.", - "type": "integer", - "format": "int64" + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "readyReplicas": { - "description": "readyReplicas is the number of Control Plane Machines created by the ControlPlaneMachineSet controller which are ready. Note that this value may be higher than the desired number of replicas while rolling updates are in-progress.", + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", "type": "integer", "format": "int32" }, - "replicas": { - "description": "replicas is the number of Control Plane Machines created by the ControlPlaneMachineSet controller. Note that during update operations this value may differ from the desired replica count.", - "type": "integer", - "format": "int32" + "latestAvailableRevisionReason": { + "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", + "type": "string" }, - "unavailableReplicas": { - "description": "unavailableReplicas is the number of Control Plane Machines that are still required before the ControlPlaneMachineSet reaches the desired available capacity. When this value is non-zero, the number of ReadyReplicas is less than the desired Replicas.", + "nodeStatuses": { + "description": "nodeStatuses track the deployment values and errors across individual nodes", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeStatus" + }, + "x-kubernetes-list-map-keys": [ + "nodeName" + ], + "x-kubernetes-list-type": "map" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", "type": "integer", - "format": "int32" + "format": "int64" }, - "updatedReplicas": { - "description": "updatedReplicas is the number of non-terminated Control Plane Machines created by the ControlPlaneMachineSet controller that have the desired provider spec and are ready. This value is set to 0 when a change is detected to the desired spec. When the update strategy is RollingUpdate, this will also coincide with starting the process of updating the Machines. When the update strategy is OnDelete, this value will remain at 0 until a user deletes an existing replica and its replacement has become ready.", + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", "type": "integer", - "format": "int32" - } - } - }, - "com.github.openshift.api.machine.v1.ControlPlaneMachineSetStrategy": { - "description": "ControlPlaneMachineSetStrategy defines the strategy for applying updates to the Control Plane Machines managed by the ControlPlaneMachineSet.", - "type": "object", - "properties": { - "type": { - "description": "type defines the type of update strategy that should be used when updating Machines owned by the ControlPlaneMachineSet. Valid values are \"RollingUpdate\" and \"OnDelete\". The current default value is \"RollingUpdate\".", - "type": "string", - "default": "RollingUpdate" + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } } }, - "com.github.openshift.api.machine.v1.ControlPlaneMachineSetTemplate": { - "description": "ControlPlaneMachineSetTemplate is a template used by the ControlPlaneMachineSet to create the Machines that it will manage in the future.", + "com.github.openshift.api.operator.v1.KubeStorageVersionMigrator": { + "description": "KubeStorageVersionMigrator provides information to configure an operator to manage kube-storage-version-migrator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "machineType" + "metadata", + "spec" ], "properties": { - "machineType": { - "description": "machineType determines the type of Machines that should be managed by the ControlPlaneMachineSet. Currently, the only valid value is machines_v1beta1_machine_openshift_io.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "machines_v1beta1_machine_openshift_io": { - "description": "OpenShiftMachineV1Beta1Machine defines the template for creating Machines from the v1beta1.machine.openshift.io API group.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1.OpenShiftMachineV1Beta1MachineTemplate" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "machineType", - "fields-to-discriminateBy": { - "machines_v1beta1_machine_openshift_io": "OpenShiftMachineV1Beta1Machine" - } + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeStorageVersionMigratorSpec" + }, + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeStorageVersionMigratorStatus" } - ] + } }, - "com.github.openshift.api.machine.v1.ControlPlaneMachineSetTemplateObjectMeta": { - "description": "ControlPlaneMachineSetTemplateObjectMeta is a subset of the metav1.ObjectMeta struct. It allows users to specify labels and annotations that will be copied onto Machines created from this template.", + "com.github.openshift.api.operator.v1.KubeStorageVersionMigratorList": { + "description": "KubeStorageVersionMigratorList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "labels" + "metadata", + "items" ], "properties": { - "annotations": { - "description": "annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "labels": { - "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels. This field must contain both the 'machine.openshift.io/cluster-api-machine-role' and 'machine.openshift.io/cluster-api-machine-type' labels, both with a value of 'master'. It must also contain a label with the key 'machine.openshift.io/cluster-api-cluster'.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" + "items": { + "description": "items contains the items", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeStorageVersionMigrator" } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.machine.v1.DataDiskProperties": { - "description": "DataDisk contains the information regarding the datadisk attached to an instance", + "com.github.openshift.api.operator.v1.KubeStorageVersionMigratorSpec": { "type": "object", + "required": [ + "managementState" + ], "properties": { - "Category": { - "description": "Category describes the type of data disk N. Valid values: cloud_efficiency: ultra disk cloud_ssd: standard SSD cloud_essd: ESSD cloud: basic disk Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently for non-I/O optimized instances of retired instance types, the default is `cloud`. Currently for other instances, the default is `cloud_efficiency`.", - "type": "string", - "default": "" - }, - "DiskEncryption": { - "description": "DiskEncryption specifies whether to encrypt data disk N.\n\nEmpty value means the platform chooses a default, which is subject to change over time. Currently the default is `disabled`.", - "type": "string", - "default": "" - }, - "DiskPreservation": { - "description": "DiskPreservation specifies whether to release data disk N along with the instance. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `DeleteWithInstance`", - "type": "string", - "default": "" - }, - "KMSKeyID": { - "description": "KMSKeyID is the ID of the Key Management Service (KMS) key to be used by data disk N. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `\"\"` which is interpreted as do not use KMSKey encryption.", - "type": "string", - "default": "" + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" }, - "Name": { - "description": "Name is the name of data disk N. If the name is specified the name must be 2 to 128 characters in length. It must start with a letter and cannot start with http:// or https://. It can contain letters, digits, colons (:), underscores (_), and hyphens (-).\n\nEmpty value means the platform chooses a default, which is subject to change over time. Currently the default is `\"\"`.", + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", "default": "" }, - "PerformanceLevel": { - "description": "PerformanceLevel is the performance level of the ESSD used as as data disk N. The N value must be the same as that in DataDisk.N.Category when DataDisk.N.Category is set to cloud_essd. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is `PL1`. Valid values:\n\nPL0: A single ESSD can deliver up to 10,000 random read/write IOPS. PL1: A single ESSD can deliver up to 50,000 random read/write IOPS. PL2: A single ESSD can deliver up to 100,000 random read/write IOPS. PL3: A single ESSD can deliver up to 1,000,000 random read/write IOPS. For more information about ESSD performance levels, see ESSDs.", - "type": "string", - "default": "" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "Size": { - "description": "Size of the data disk N. Valid values of N: 1 to 16. Unit: GiB. Valid values:\n\nValid values when DataDisk.N.Category is set to cloud_efficiency: 20 to 32768 Valid values when DataDisk.N.Category is set to cloud_ssd: 20 to 32768 Valid values when DataDisk.N.Category is set to cloud_essd: 20 to 32768 Valid values when DataDisk.N.Category is set to cloud: 5 to 2000 The value of this parameter must be greater than or equal to the size of the snapshot specified by the SnapshotID parameter.", - "type": "integer", - "format": "int64", - "default": 0 + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" }, - "SnapshotID": { - "description": "SnapshotID is the ID of the snapshot used to create data disk N. Valid values of N: 1 to 16.\n\nWhen the DataDisk.N.SnapshotID parameter is specified, the DataDisk.N.Size parameter is ignored. The data disk is created based on the size of the specified snapshot. Use snapshots created after July 15, 2013. Otherwise, an error is returned and your request is rejected.", - "type": "string", - "default": "" + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } } }, - "com.github.openshift.api.machine.v1.FailureDomains": { - "description": "FailureDomain represents the different configurations required to spread Machines across failure domains on different platforms.", + "com.github.openshift.api.operator.v1.KubeStorageVersionMigratorStatus": { "type": "object", - "required": [ - "platform" - ], "properties": { - "aws": { - "description": "aws configures failure domain information for the AWS platform.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.AWSFailureDomain" - }, - "x-kubernetes-list-type": "atomic" - }, - "azure": { - "description": "azure configures failure domain information for the Azure platform.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.AzureFailureDomain" - }, - "x-kubernetes-list-type": "atomic" - }, - "gcp": { - "description": "gcp configures failure domain information for the GCP platform.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.GCPFailureDomain" - }, - "x-kubernetes-list-type": "atomic" - }, - "nutanix": { - "description": "nutanix configures failure domain information for the Nutanix platform.", + "conditions": { + "description": "conditions is a list of conditions and their status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixFailureDomainReference" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" }, "x-kubernetes-list-map-keys": [ - "name" + "type" ], "x-kubernetes-list-type": "map" }, - "openstack": { - "description": "openstack configures failure domain information for the OpenStack platform.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.OpenStackFailureDomain" - }, - "x-kubernetes-list-type": "atomic" - }, - "platform": { - "description": "platform identifies the platform for which the FailureDomain represents. Currently supported values are AWS, Azure, GCP, OpenStack, VSphere and Nutanix.", - "type": "string", - "default": "" - }, - "vsphere": { - "description": "vsphere configures failure domain information for the VSphere platform.", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.VSphereFailureDomain" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" }, "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", "name" ], "x-kubernetes-list-type": "map" + }, + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "platform", - "fields-to-discriminateBy": { - "aws": "AWS", - "azure": "Azure", - "gcp": "GCP", - "nutanix": "Nutanix", - "openstack": "OpenStack", - "vsphere": "VSphere" - } - } - ] + } }, - "com.github.openshift.api.machine.v1.GCPFailureDomain": { - "description": "GCPFailureDomain configures failure domain information for the GCP platform", + "com.github.openshift.api.operator.v1.LoadBalancerStrategy": { + "description": "LoadBalancerStrategy holds parameters for a load balancer.", "type": "object", "required": [ - "zone" + "scope", + "dnsManagementPolicy" ], "properties": { - "zone": { - "description": "zone is the zone in which the GCP machine provider will create the VM.", + "allowedSourceRanges": { + "description": "allowedSourceRanges specifies an allowlist of IP address ranges to which access to the load balancer should be restricted. Each range must be specified using CIDR notation (e.g. \"10.0.0.0/8\" or \"fd00::/8\"). If no range is specified, \"0.0.0.0/0\" for IPv4 and \"::/0\" for IPv6 are used by default, which allows all source addresses.\n\nTo facilitate migration from earlier versions of OpenShift that did not have the allowedSourceRanges field, you may set the service.beta.kubernetes.io/load-balancer-source-ranges annotation on the \"router-\" service in the \"openshift-ingress\" namespace, and this annotation will take effect if allowedSourceRanges is empty on OpenShift 4.12.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "dnsManagementPolicy": { + "description": "dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record associated with the load balancer service will be managed by the ingress operator. It defaults to Managed. Valid values are: Managed and Unmanaged.", + "type": "string", + "default": "Managed" + }, + "providerParameters": { + "description": "providerParameters holds desired load balancer information specific to the underlying infrastructure provider.\n\nIf empty, defaults will be applied. See specific providerParameters fields for details about their defaults.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ProviderLoadBalancerParameters" + }, + "scope": { + "description": "scope indicates the scope at which the load balancer is exposed. Possible values are \"External\" and \"Internal\".", "type": "string", "default": "" } } }, - "com.github.openshift.api.machine.v1.LoadBalancerReference": { - "description": "LoadBalancerReference is a reference to a load balancer on IBM Cloud virtual private cloud(VPC).", + "com.github.openshift.api.operator.v1.LoggingDestination": { + "description": "LoggingDestination describes a destination for log messages.", "type": "object", "required": [ - "name", "type" ], "properties": { - "name": { - "description": "name of the LoadBalancer in IBM Cloud VPC. The name should be between 1 and 63 characters long and may consist of lowercase alphanumeric characters and hyphens only. The value must not end with a hyphen. It is a reference to existing LoadBalancer created by openshift installer component.", - "type": "string", - "default": "" + "container": { + "description": "container holds parameters for the Container logging destination. Present only if type is Container.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ContainerLoggingDestinationParameters" + }, + "syslog": { + "description": "syslog holds parameters for a syslog endpoint. Present only if type is Syslog.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.SyslogLoggingDestinationParameters" }, "type": { - "description": "type of the LoadBalancer service supported by IBM Cloud VPC. Currently, only Application LoadBalancer is supported. More details about Application LoadBalancer https://cloud.ibm.com/docs/vpc?topic=vpc-load-balancers-about&interface=ui Supported values are Application.", + "description": "type is the type of destination for logs. It must be one of the following:\n\n* Container\n\nThe ingress operator configures the sidecar container named \"logs\" on the ingress controller pod and configures the ingress controller to write logs to the sidecar. The logs are then available as container logs. The expectation is that the administrator configures a custom logging solution that reads logs from this sidecar. Note that using container logs means that logs may be dropped if the rate of logs exceeds the container runtime's or the custom logging solution's capacity.\n\n* Syslog\n\nLogs are sent to a syslog endpoint. The administrator must specify an endpoint that can receive syslog messages. The expectation is that the administrator has configured a custom syslog instance.", "type": "string", "default": "" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "container": "Container", + "syslog": "Syslog" + } + } + ] }, - "com.github.openshift.api.machine.v1.NutanixCategory": { - "description": "NutanixCategory identifies a pair of prism category key and value", + "com.github.openshift.api.operator.v1.Logo": { + "description": "Logo defines a configuration based on theme modes for the console UI logo.", "type": "object", "required": [ - "key", - "value" + "type", + "themes" ], "properties": { - "key": { - "description": "key is the prism category key name", - "type": "string", - "default": "" + "themes": { + "description": "themes specifies the themes for the console UI logo. themes is a required field that allows a list of themes. Each item in the themes list must have a unique mode and a source field. Each mode determines whether the logo is for the dark or light mode of the console UI. If a theme is not specified, the default OpenShift logo will be displayed for that theme. There must be at least one entry and no more than 2 entries.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Theme" + }, + "x-kubernetes-list-map-keys": [ + "mode" + ], + "x-kubernetes-list-type": "map" }, - "value": { - "description": "value is the prism category value associated with the key", + "type": { + "description": "type specifies the type of the logo for the console UI. It determines whether the logo is for the masthead or favicon. type is a required field that allows values of Masthead and Favicon. When set to \"Masthead\", the logo will be used in the masthead and about modal of the console UI. When set to \"Favicon\", the logo will be used as the favicon of the console UI.\n\nPossible enum values:\n - `\"Favicon\"` Favicon represents the favicon logo.\n - `\"Masthead\"` Masthead represents the logo in the masthead.", "type": "string", - "default": "" + "default": "", + "enum": [ + "Favicon", + "Masthead" + ] } } }, - "com.github.openshift.api.machine.v1.NutanixFailureDomainReference": { - "description": "NutanixFailureDomainReference refers to the failure domain of the Nutanix platform.", + "com.github.openshift.api.operator.v1.MTUMigration": { + "description": "MTUMigration contains infomation about MTU migration.", "type": "object", - "required": [ - "name" - ], "properties": { - "name": { - "description": "name of the failure domain in which the nutanix machine provider will create the VM. Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource.", - "type": "string", - "default": "" + "machine": { + "description": "machine contains MTU migration configuration for the machine's uplink. Needs to be migrated along with the default network MTU unless the current uplink MTU already accommodates the default network MTU.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.MTUMigrationValues" + }, + "network": { + "description": "network contains information about MTU migration for the default network. Migrations are only allowed to MTU values lower than the machine's uplink MTU by the minimum appropriate offset.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.MTUMigrationValues" } } }, - "com.github.openshift.api.machine.v1.NutanixGPU": { - "description": "NutanixGPU holds the identity of a Nutanix GPU resource in the Prism Central", + "com.github.openshift.api.operator.v1.MTUMigrationValues": { + "description": "MTUMigrationValues contains the values for a MTU migration.", "type": "object", "required": [ - "type" + "to" ], "properties": { - "deviceID": { - "description": "deviceID is the GPU device ID with the integer value.", + "from": { + "description": "from is the MTU to migrate from.", "type": "integer", - "format": "int32" - }, - "name": { - "description": "name is the GPU device name", - "type": "string" + "format": "int64" }, - "type": { - "description": "type is the identifier type of the GPU device. Valid values are Name and DeviceID.", - "type": "string", - "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "deviceID": "DeviceID", - "name": "Name" - } + "to": { + "description": "to is the MTU to migrate to.", + "type": "integer", + "format": "int64" } - ] + } }, - "com.github.openshift.api.machine.v1.NutanixMachineProviderConfig": { - "description": "NutanixMachineProviderConfig is the Schema for the nutanixmachineproviderconfigs API Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.MachineConfiguration": { + "description": "MachineConfiguration provides information to configure an operator to manage Machine Configuration.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "cluster", - "image", - "subnets", - "vcpusPerSocket", - "vcpuSockets", - "memorySize", - "systemDiskSize", - "credentialsSecret" + "metadata", + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "bootType": { - "description": "bootType indicates the boot type (Legacy, UEFI or SecureBoot) the Machine's VM uses to boot. If this field is empty or omitted, the VM will use the default boot type \"Legacy\" to boot. \"SecureBoot\" depends on \"UEFI\" boot, i.e., enabling \"SecureBoot\" means that \"UEFI\" boot is also enabled.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "categories": { - "description": "categories optionally adds one or more prism categories (each with key and value) for the Machine's VM to associate with. All the category key and value pairs specified must already exist in the prism central.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixCategory" - }, - "x-kubernetes-list-map-keys": [ - "key" - ], - "x-kubernetes-list-type": "map" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "cluster": { - "description": "cluster is to identify the cluster (the Prism Element under management of the Prism Central), in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", + "spec": { + "description": "spec is the specification of the desired behavior of the Machine Config Operator", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixResourceIdentifier" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.MachineConfigurationSpec" }, - "credentialsSecret": { - "description": "credentialsSecret is a local reference to a secret that contains the credentials data to access Nutanix PC client", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + "status": { + "description": "status is the most recently observed status of the Machine Config Operator", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.MachineConfigurationStatus" + } + } + }, + "com.github.openshift.api.operator.v1.MachineConfigurationList": { + "description": "MachineConfigurationList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "metadata", + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "dataDisks": { - "description": "dataDisks holds information of the data disks to attach to the Machine's VM", + "items": { + "description": "items contains the items", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixVMDisk" - }, - "x-kubernetes-list-type": "set" - }, - "failureDomain": { - "description": "failureDomain refers to the name of the FailureDomain with which this Machine is associated. If this is configured, the Nutanix machine controller will use the prism_central endpoint and credentials defined in the referenced FailureDomain to communicate to the prism_central. It will also verify that the 'cluster' and subnets' configuration in the NutanixMachineProviderConfig is consistent with that in the referenced failureDomain.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixFailureDomainReference" - }, - "gpus": { - "description": "gpus is a list of GPU devices to attach to the machine's VM. The GPU devices should already exist in Prism Central and associated with one of the Prism Element's hosts and available for the VM to attach (in \"UNUSED\" status).", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixGPU" - }, - "x-kubernetes-list-type": "set" - }, - "image": { - "description": "image is to identify the rhcos image uploaded to the Prism Central (PC) The image identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixResourceIdentifier" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.MachineConfiguration" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "memorySize": { - "description": "memorySize is the memory size (in Quantity format) of the VM The minimum memorySize is 2Gi bytes", - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" - }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + } + }, + "com.github.openshift.api.operator.v1.MachineConfigurationSpec": { + "type": "object", + "required": [ + "managementState", + "forceRedeploymentReason" + ], + "properties": { + "bootImageSkewEnforcement": { + "description": "bootImageSkewEnforcement allows an admin to configure how boot image version skew is enforced on the cluster. When omitted, this will default to Automatic for clusters that support automatic boot image updates. For clusters that do not support automatic boot image updates, cluster upgrades will be disabled until a skew enforcement mode has been specified. When version skew is being enforced, cluster upgrades will be disabled until the version skew is deemed acceptable for the current release payload.", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.BootImageSkewEnforcementConfig" }, - "project": { - "description": "project optionally identifies a Prism project for the Machine's VM to associate with.", + "failedRevisionLimit": { + "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", + "type": "integer", + "format": "int32" + }, + "forceRedeploymentReason": { + "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.", + "type": "string", + "default": "" + }, + "irreconcilableValidationOverrides": { + "description": "irreconcilableValidationOverrides is an optional field that can used to make changes to a MachineConfig that cannot be applied to existing nodes. When specified, the fields configured with validation overrides will no longer reject changes to those respective fields due to them not being able to be applied to existing nodes. Only newly provisioned nodes will have these configurations applied. Existing nodes will report observed configuration differences in their MachineConfigNode status.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixResourceIdentifier" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IrreconcilableValidationOverrides" }, - "subnets": { - "description": "subnets holds a list of identifiers (one or more) of the cluster's network subnets for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixResourceIdentifier" - } + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" }, - "systemDiskSize": { - "description": "systemDiskSize is size (in Quantity format) of the system disk of the VM The minimum systemDiskSize is 20Gi bytes", - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + "managedBootImages": { + "description": "managedBootImages allows configuration for the management of boot images for machine resources within the cluster. This configuration allows users to select resources that should be updated to the latest boot images during cluster upgrades, ensuring that new machines always boot with the current cluster version's boot image. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default for each machine manager mode is All for GCP and AWS platforms, and None for all other platforms.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ManagedBootImages" }, - "userDataSecret": { - "description": "userDataSecret is a local reference to a secret that contains the UserData to apply to the VM", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" }, - "vcpuSockets": { - "description": "vcpuSockets is the number of vCPU sockets of the VM", - "type": "integer", - "format": "int32", - "default": 0 + "nodeDisruptionPolicy": { + "description": "nodeDisruptionPolicy allows an admin to set granular node disruption actions for MachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow for less downtime when doing small configuration updates to the cluster. This configuration has no effect on cluster upgrades which will still incur node disruption where required.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyConfig" }, - "vcpusPerSocket": { - "description": "vcpusPerSocket is the number of vCPUs per socket of the VM", + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "succeededRevisionLimit": { + "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", "type": "integer", - "format": "int32", - "default": 0 + "format": "int32" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } } }, - "com.github.openshift.api.machine.v1.NutanixMachineProviderStatus": { - "description": "NutanixMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains nutanix-specific status information. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.MachineConfigurationStatus": { "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "bootImageSkewEnforcementStatus": { + "description": "bootImageSkewEnforcementStatus reflects what the latest cluster-validated boot image skew enforcement configuration is and will be used by Machine Config Controller while performing boot image skew enforcement. When omitted, the MCO has no knowledge of how to enforce boot image skew. When the MCO does not know how boot image skew should be enforced, cluster upgrades will be blocked until it can either automatically determine skew enforcement or there is an explicit skew enforcement configuration provided in the spec.bootImageSkewEnforcement field.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.BootImageSkewEnforcementStatus" }, "conditions": { - "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status", + "description": "conditions is a list of conditions and their status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" }, "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "managedBootImagesStatus": { + "description": "managedBootImagesStatus reflects what the latest cluster-validated boot image configuration is and will be used by Machine Config Controller while performing boot image updates.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ManagedBootImages" }, - "vmUUID": { - "description": "vmUUID is the Machine associated VM's UUID The field is missing before the VM is created. Once the VM is created, the field is filled with the VM's UUID and it will not change. The vmUUID is used to find the VM when updating the Machine status, and to delete the VM when the Machine is deleted.", - "type": "string" + "nodeDisruptionPolicyStatus": { + "description": "nodeDisruptionPolicyStatus status reflects what the latest cluster-validated policies are, and will be used by the Machine Config Daemon during future node updates.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatus" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" } } }, - "com.github.openshift.api.machine.v1.NutanixResourceIdentifier": { - "description": "NutanixResourceIdentifier holds the identity of a Nutanix PC resource (cluster, image, subnet, etc.)", + "com.github.openshift.api.operator.v1.MachineManager": { + "description": "MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information such as the resource type and the API Group of the resource. It also provides granular control via the selection field.", "type": "object", "required": [ - "type" + "resource", + "apiGroup", + "selection" ], "properties": { - "name": { - "description": "name is the resource name in the PC", - "type": "string" + "apiGroup": { + "description": "apiGroup is name of the APIGroup that the machine management resource belongs to. The only current valid value is machine.openshift.io. machine.openshift.io means that the machine manager will only register resources that belong to OpenShift machine API group.", + "type": "string", + "default": "" }, - "type": { - "description": "type is the identifier type to use for this resource.", + "resource": { + "description": "resource is the machine management resource's type. Valid values are machinesets and controlplanemachinesets. machinesets means that the machine manager will only register resources of the kind MachineSet. controlplanemachinesets means that the machine manager will only register resources of the kind ControlPlaneMachineSet.", "type": "string", "default": "" }, - "uuid": { - "description": "uuid is the UUID of the resource in the PC.", - "type": "string" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "name": "Name", - "uuid": "UUID" - } + "selection": { + "description": "selection allows granular control of the machine management resources that will be registered for boot image updates.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.MachineManagerSelector" } - ] + } }, - "com.github.openshift.api.machine.v1.NutanixStorageResourceIdentifier": { - "description": "NutanixStorageResourceIdentifier holds the identity of a Nutanix storage resource (storage_container, etc.)", + "com.github.openshift.api.operator.v1.MachineManagerSelector": { "type": "object", "required": [ - "type" + "mode" ], "properties": { - "type": { - "description": "type is the identifier type to use for this resource. The valid value is \"uuid\".", + "mode": { + "description": "mode determines how machine managers will be selected for updates. Valid values are All, Partial and None. All means that every resource matched by the machine manager will be updated. Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated. Partial is not permitted for the controlplanemachinesets resource type as they are a singleton within the cluster. None means that every resource matched by the machine manager will not be updated.", "type": "string", "default": "" }, - "uuid": { - "description": "uuid is the UUID of the storage resource in the PC.", - "type": "string" + "partial": { + "description": "partial provides label selector(s) that can be used to match machine management resources. Only permitted when mode is set to \"Partial\".", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.PartialSelector" } }, "x-kubernetes-unions": [ { - "discriminator": "type", + "discriminator": "mode", "fields-to-discriminateBy": { - "uuid": "UUID" + "partial": "Partial" } } ] }, - "com.github.openshift.api.machine.v1.NutanixVMDisk": { - "description": "NutanixDataDisk specifies the VM data disk configuration parameters.", + "com.github.openshift.api.operator.v1.ManagedBootImages": { "type": "object", - "required": [ - "diskSize" - ], "properties": { - "dataSource": { - "description": "dataSource refers to a data source image for the VM disk.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixResourceIdentifier" - }, - "deviceProperties": { - "description": "deviceProperties are the properties of the disk device.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixVMDiskDeviceProperties" - }, - "diskSize": { - "description": "diskSize is size (in Quantity format) of the disk attached to the VM. See https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Format for the Quantity format and example documentation. The minimum diskSize is 1GB.", - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" - }, - "storageConfig": { - "description": "storageConfig are the storage configuration parameters of the VM disks.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixVMStorageConfig" + "machineManagers": { + "description": "machineManagers can be used to register machine management resources for boot image updates. The Machine Config Operator will watch for changes to this list. Only one entry is permitted per type of machine management resource.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.MachineManager" + }, + "x-kubernetes-list-map-keys": [ + "resource", + "apiGroup" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.machine.v1.NutanixVMDiskDeviceProperties": { - "description": "NutanixVMDiskDeviceProperties specifies the disk device properties.", + "com.github.openshift.api.operator.v1.MyOperatorResource": { + "description": "MyOperatorResource is an example operator configuration type\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "deviceType", - "adapterType", - "deviceIndex" + "metadata", + "spec", + "status" ], "properties": { - "adapterType": { - "description": "adapterType is the adapter type of the disk address. If the deviceType is \"Disk\", the valid adapterType can be \"SCSI\", \"IDE\", \"PCI\", \"SATA\" or \"SPAPR\". If the deviceType is \"CDRom\", the valid adapterType can be \"IDE\" or \"SATA\".", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "deviceIndex": { - "description": "deviceIndex is the index of the disk address. The valid values are non-negative integers, with the default value 0. For a Machine VM, the deviceIndex for the disks with the same deviceType.adapterType combination should start from 0 and increase consecutively afterwards. Note that for each Machine VM, the Disk.SCSI.0 and CDRom.IDE.0 are reserved to be used by the VM's system. So for dataDisks of Disk.SCSI and CDRom.IDE, the deviceIndex should start from 1.", - "type": "integer", - "format": "int32" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "deviceType": { - "description": "deviceType specifies the disk device type. The valid values are \"Disk\" and \"CDRom\", and the default is \"Disk\".", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.MyOperatorResourceSpec" + }, + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.MyOperatorResourceStatus" } } }, - "com.github.openshift.api.machine.v1.NutanixVMStorageConfig": { - "description": "NutanixVMStorageConfig specifies the storage configuration parameters for VM disks.", + "com.github.openshift.api.operator.v1.MyOperatorResourceSpec": { "type": "object", "required": [ - "diskMode" + "managementState" ], "properties": { - "diskMode": { - "description": "diskMode specifies the disk mode. The valid values are Standard and Flash, and the default is Standard.", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", "default": "" }, - "storageContainer": { - "description": "storageContainer refers to the storage_container used by the VM disk.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixStorageResourceIdentifier" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } } }, - "com.github.openshift.api.machine.v1.OpenShiftMachineV1Beta1MachineTemplate": { - "description": "OpenShiftMachineV1Beta1MachineTemplate is a template for the ControlPlaneMachineSet to create Machines from the v1beta1.machine.openshift.io API group.", + "com.github.openshift.api.operator.v1.MyOperatorResourceStatus": { "type": "object", - "required": [ - "metadata", - "spec" - ], "properties": { - "failureDomains": { - "description": "failureDomains is the list of failure domains (sometimes called availability zones) in which the ControlPlaneMachineSet should balance the Control Plane Machines. This will be merged into the ProviderSpec given in the template. This field is optional on platforms that do not require placement information.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1.FailureDomains" + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "metadata": { - "description": "ObjectMeta is the standard object metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata Labels are required to match the ControlPlaneMachineSet selector.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.ControlPlaneMachineSetTemplateObjectMeta" + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "spec": { - "description": "spec contains the desired configuration of the Control Plane Machines. The ProviderSpec within contains platform specific details for creating the Control Plane Machines. The ProviderSe should be complete apart from the platform specific failure domain field. This will be overridden when the Machines are created based on the FailureDomains field.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineSpec" + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } } }, - "com.github.openshift.api.machine.v1.OpenStackFailureDomain": { - "description": "OpenStackFailureDomain configures failure domain information for the OpenStack platform.", + "com.github.openshift.api.operator.v1.NetFlowConfig": { "type": "object", "properties": { - "availabilityZone": { - "description": "availabilityZone is the nova availability zone in which the OpenStack machine provider will create the VM. If not specified, the VM will be created in the default availability zone specified in the nova configuration. Availability zone names must NOT contain : since it is used by admin users to specify hosts where instances are launched in server creation. Also, it must not contain spaces otherwise it will lead to node that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information. The maximum length of availability zone name is 63 as per labels limits.", - "type": "string" - }, - "rootVolume": { - "description": "rootVolume contains settings that will be used by the OpenStack machine provider to create the root volume attached to the VM. If not specified, no root volume will be created.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1.RootVolume" + "collectors": { + "description": "netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. It is a list of strings formatted as ip:port with a maximum of ten items", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.machine.v1.PowerVSMachineProviderConfig": { - "description": "PowerVSMachineProviderConfig is the type that will be embedded in a Machine.Spec.ProviderSpec field for a PowerVS virtual machine. It is used by the PowerVS machine actuator to create a single Machine.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.Network": { + "description": "Network describes the cluster's desired network configuration. It is consumed by the cluster-network-operator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "serviceInstance", - "image", - "network", - "keyPairName" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "credentialsSecret": { - "description": "credentialsSecret is a reference to the secret with IBM Cloud credentials.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1.PowerVSSecretReference" - }, - "image": { - "description": "image is to identify the rhcos image uploaded to IBM COS bucket which is used to create the instance. supported image identifier in PowerVSResource are Name and ID and that can be obtained from IBM Cloud UI or IBM Cloud cli.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.PowerVSResource" - }, - "keyPairName": { - "description": "keyPairName is the name of the KeyPair to use for SSH. The key pair will be exposed to the instance via the instance metadata service. On boot, the OS will copy the public keypair into the authorized keys for the core user.", - "type": "string", - "default": "" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "loadBalancers": { - "description": "loadBalancers is the set of load balancers to which the new control plane instance should be added once it is created.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.LoadBalancerReference" - } - }, - "memoryGiB": { - "description": "memoryGiB is the size of a virtual machine's memory, in GiB. maximum value for the MemoryGiB depends on the selected SystemType. when SystemType is set to e880 maximum MemoryGiB value is 7463 GiB. when SystemType is set to e980 maximum MemoryGiB value is 15307 GiB. when SystemType is set to s922 maximum MemoryGiB value is 942 GiB. The minimum memory is 32 GiB. When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 32.", - "type": "integer", - "format": "int32" - }, "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "network": { - "description": "network is the reference to the Network to use for this instance. supported network identifier in PowerVSResource are Name, ID and RegEx and that can be obtained from IBM Cloud UI or IBM Cloud cli.", + "spec": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.PowerVSResource" - }, - "processorType": { - "description": "processorType is the VM instance processor type. It must be set to one of the following values: Dedicated, Capped or Shared. Dedicated: resources are allocated for a specific client, The hypervisor makes a 1:1 binding of a partition’s processor to a physical processor core. Shared: Shared among other clients. Capped: Shared, but resources do not expand beyond those that are requested, the amount of CPU time is Capped to the value specified for the entitlement. if the processorType is selected as Dedicated, then processors value cannot be fractional. When omitted, this means that the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is Shared.", - "type": "string" - }, - "processors": { - "description": "processors is the number of virtual processors in a virtual machine. when the processorType is selected as Dedicated the processors value cannot be fractional. maximum value for the Processors depends on the selected SystemType. when SystemType is set to e880 or e980 maximum Processors value is 143. when SystemType is set to s922 maximum Processors value is 15. minimum value for Processors depends on the selected ProcessorType. when ProcessorType is set as Shared or Capped, The minimum processors is 0.5. when ProcessorType is set as Dedicated, The minimum processors is 1. When omitted, this means that the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default is set based on the selected ProcessorType. when ProcessorType selected as Dedicated, the default is set to 1. when ProcessorType selected as Shared or Capped, the default is set to 0.5.", - "$ref": "#/definitions/IntOrString.intstr.util.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NetworkSpec" }, - "serviceInstance": { - "description": "serviceInstance is the reference to the Power VS service on which the server instance(VM) will be created. Power VS service is a container for all Power VS instances at a specific geographic region. serviceInstance can be created via IBM Cloud catalog or CLI. supported serviceInstance identifier in PowerVSResource are Name and ID and that can be obtained from IBM Cloud UI or IBM Cloud cli. More detail about Power VS service instance. https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-creating-power-virtual-server", + "status": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.PowerVSResource" - }, - "systemType": { - "description": "systemType is the System type used to host the instance. systemType determines the number of cores and memory that is available. Few of the supported SystemTypes are s922,e880,e980. e880 systemType available only in Dallas Datacenters. e980 systemType available in Datacenters except Dallas and Washington. When omitted, this means that the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is s922 which is generally available.", - "type": "string" - }, - "userDataSecret": { - "description": "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1.PowerVSSecretReference" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NetworkStatus" } } }, - "com.github.openshift.api.machine.v1.PowerVSMachineProviderStatus": { - "description": "PowerVSMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains PowerVS-specific status information.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.NetworkList": { + "description": "NetworkList contains a list of Network configurations\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "items" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "conditions": { - "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status", + "items": { "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "instanceId": { - "description": "instanceId is the instance ID of the machine created in PowerVS instanceId uniquely identifies a Power VS server instance(VM) under a Power VS service. This will help in updating or deleting a VM in Power VS Cloud", - "type": "string" - }, - "instanceState": { - "description": "instanceState is the state of the PowerVS instance for this machine Possible instance states are Active, Build, ShutOff, Reboot This is used to display additional information to user regarding instance current state", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Network" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "serviceInstanceID": { - "description": "serviceInstanceID is the reference to the Power VS ServiceInstance on which the machine instance will be created. serviceInstanceID uniquely identifies the Power VS service By setting serviceInstanceID it will become easy and efficient to fetch a server instance(VM) within Power VS Cloud.", - "type": "string" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.machine.v1.PowerVSResource": { - "description": "PowerVSResource is a reference to a specific PowerVS resource by ID, Name or RegEx Only one of ID, Name or RegEx may be specified. Specifying more than one will result in a validation error.", + "com.github.openshift.api.operator.v1.NetworkMigration": { + "description": "NetworkMigration represents the cluster network migration configuration.", "type": "object", "properties": { - "id": { - "description": "id of resource", - "type": "string" + "features": { + "description": "features was previously used to configure which network plugin features would be migrated in a network type migration. DEPRECATED: network type migration is no longer supported, and setting this to a non-empty value will result in the network operator rejecting the configuration.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.FeaturesMigration" }, - "name": { - "description": "name of resource", + "mode": { + "description": "mode indicates the mode of network type migration. DEPRECATED: network type migration is no longer supported, and setting this to a non-empty value will result in the network operator rejecting the configuration.", "type": "string" }, - "regex": { - "description": "regex to find resource Regex contains the pattern to match to find a resource", - "type": "string" + "mtu": { + "description": "mtu contains the MTU migration configuration. Set this to allow changing the MTU values for the default network. If unset, the operation of changing the MTU for the default network will be rejected.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.MTUMigration" }, - "type": { - "description": "type identifies the resource type for this entry. Valid values are ID, Name and RegEx", - "type": "string" - } - }, - "x-kubernetes-unions": [ - { - "fields-to-discriminateBy": { - "id": "ID", - "name": "Name", - "regex": "RegEx", - "type": "Type" - } - } - ] - }, - "com.github.openshift.api.machine.v1.PowerVSSecretReference": { - "description": "PowerVSSecretReference contains enough information to locate the referenced secret inside the same namespace.", - "type": "object", - "properties": { - "name": { - "description": "name of the secret.", + "networkType": { + "description": "networkType was previously used when changing the default network type. DEPRECATED: network type migration is no longer supported, and setting this to a non-empty value will result in the network operator rejecting the configuration.", "type": "string" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "com.github.openshift.api.machine.v1.RootVolume": { - "description": "RootVolume represents the volume metadata to boot from. The original RootVolume struct is defined in the v1alpha1 but it's not best practice to use it directly here so we define a new one that should stay in sync with the original one.", + "com.github.openshift.api.operator.v1.NetworkSpec": { + "description": "NetworkSpec is the top-level network configuration object.", "type": "object", "required": [ - "volumeType" - ], - "properties": { - "availabilityZone": { - "description": "availabilityZone specifies the Cinder availability zone where the root volume will be created. If not specifified, the root volume will be created in the availability zone specified by the volume type in the cinder configuration. If the volume type (configured in the OpenStack cluster) does not specify an availability zone, the root volume will be created in the default availability zone specified in the cinder configuration. See https://docs.openstack.org/cinder/latest/admin/availability-zone-type.html for more details. If the OpenStack cluster is deployed with the cross_az_attach configuration option set to false, the root volume will have to be in the same availability zone as the VM (defined by OpenStackFailureDomain.AvailabilityZone). Availability zone names must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information. The maximum length of availability zone name is 63 as per labels limits.", + "managementState", + "clusterNetwork", + "serviceNetwork", + "defaultNetwork" + ], + "properties": { + "additionalNetworks": { + "description": "additionalNetworks is a list of extra networks to make available to pods when multiple networks are enabled.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AdditionalNetworkDefinition" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "additionalRoutingCapabilities": { + "description": "additionalRoutingCapabilities describes components and relevant configuration providing additional routing capabilities. When set, it enables such components and the usage of the routing capabilities they provide for the machine network. Upstream operators, like MetalLB operator, requiring these capabilities may rely on, or automatically set this attribute. Network plugins may leverage advanced routing capabilities acquired through the enablement of these components but may require specific configuration on their side to do so; refer to their respective documentation and configuration options.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AdditionalRoutingCapabilities" + }, + "clusterNetwork": { + "description": "clusterNetwork is the IP address pool to use for pod IPs. Some network providers support multiple ClusterNetworks. Others only support one. This is equivalent to the cluster-cidr.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterNetworkEntry" + }, + "x-kubernetes-list-type": "atomic" + }, + "defaultNetwork": { + "description": "defaultNetwork is the \"default\" network that all pods will receive", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DefaultNetworkDefinition" + }, + "deployKubeProxy": { + "description": "deployKubeProxy specifies whether or not a standalone kube-proxy should be deployed by the operator. Some network providers include kube-proxy or similar functionality. If unset, the plugin will attempt to select the correct value, which is false when ovn-kubernetes is used and true otherwise.", + "type": "boolean" + }, + "disableMultiNetwork": { + "description": "disableMultiNetwork defaults to 'false' and this setting enables the pod multi-networking capability. disableMultiNetwork when set to 'true' at cluster install time does not install the components, typically the Multus CNI and the network-attachment-definition CRD, that enable the pod multi-networking capability. Setting the parameter to 'true' might be useful when you need install third-party CNI plugins, but these plugins are not supported by Red Hat. Changing the parameter value as a postinstallation cluster task has no effect.", + "type": "boolean" + }, + "disableNetworkDiagnostics": { + "description": "disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck CRs from a test pod to every node, apiserver and LB should be disabled or not. If unset, this property defaults to 'false' and network diagnostics is enabled. Setting this to 'true' would reduce the additional load of the pods performing the checks.", + "type": "boolean", + "default": false + }, + "exportNetworkFlows": { + "description": "exportNetworkFlows enables and configures the export of network flow metadata from the pod network by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. If unset, flows will not be exported to any collector.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ExportNetworkFlows" + }, + "kubeProxyConfig": { + "description": "kubeProxyConfig lets us configure desired proxy configuration, if deployKubeProxy is true. If not specified, sensible defaults will be chosen by OpenShift directly.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ProxyConfig" + }, + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "volumeType": { - "description": "volumeType specifies the type of the root volume that will be provisioned. The maximum length of a volume type name is 255 characters, as per the OpenStack limit.", + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", "default": "" + }, + "migration": { + "description": "migration enables and configures cluster network migration, for network changes that cannot be made instantly.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NetworkMigration" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "serviceNetwork": { + "description": "serviceNetwork is the ip address pool to use for Service IPs Currently, all existing network providers only support a single value here, but this is an array to allow for growth.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + }, + "useMultiNetworkPolicy": { + "description": "useMultiNetworkPolicy enables a controller which allows for MultiNetworkPolicy objects to be used on additional networks as created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy objects, but NetworkPolicy objects only apply to the primary interface. With MultiNetworkPolicy, you can control the traffic that a pod can receive over the secondary interfaces. If unset, this property defaults to 'false' and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is 'true' then the value of this field is ignored.", + "type": "boolean" } } }, - "com.github.openshift.api.machine.v1.SystemDiskProperties": { - "description": "SystemDiskProperties contains the information regarding the system disk including performance, size, name, and category", + "com.github.openshift.api.operator.v1.NetworkStatus": { + "description": "NetworkStatus is detailed operator status, which is distilled up to the Network clusteroperator object.", "type": "object", "properties": { - "category": { - "description": "category is the category of the system disk. Valid values: cloud_essd: ESSD. When the parameter is set to this value, you can use the SystemDisk.PerformanceLevel parameter to specify the performance level of the disk. cloud_efficiency: ultra disk. cloud_ssd: standard SSD. cloud: basic disk. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently for non-I/O optimized instances of retired instance types, the default is `cloud`. Currently for other instances, the default is `cloud_efficiency`.", - "type": "string" + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "name": { - "description": "name is the name of the system disk. If the name is specified the name must be 2 to 128 characters in length. It must start with a letter and cannot start with http:// or https://. It can contain letters, digits, colons (:), underscores (_), and hyphens (-). Empty value means the platform chooses a default, which is subject to change over time. Currently the default is `\"\"`.", - "type": "string" + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "performanceLevel": { - "description": "performanceLevel is the performance level of the ESSD used as the system disk. Valid values:\n\nPL0: A single ESSD can deliver up to 10,000 random read/write IOPS. PL1: A single ESSD can deliver up to 50,000 random read/write IOPS. PL2: A single ESSD can deliver up to 100,000 random read/write IOPS. PL3: A single ESSD can deliver up to 1,000,000 random read/write IOPS. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is `PL1`. For more information about ESSD performance levels, see ESSDs.", - "type": "string" + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" }, - "size": { - "description": "size is the size of the system disk. Unit: GiB. Valid values: 20 to 500. The value must be at least 20 and greater than or equal to the size of the image. Empty value means the platform chooses a default, which is subject to change over time. Currently the default is `40` or the size of the image depending on whichever is greater.", + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", "type": "integer", "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } } }, - "com.github.openshift.api.machine.v1.Tag": { - "description": "Tag The tags of ECS Instance", + "com.github.openshift.api.operator.v1.NodeDisruptionPolicyClusterStatus": { + "description": "NodeDisruptionPolicyClusterStatus is the type for the status object, rendered by the controller as a merge of cluster defaults and user provided policies", + "type": "object", + "properties": { + "files": { + "description": "files is a list of MachineConfig file definitions and actions to take to changes on those paths", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusFile" + }, + "x-kubernetes-list-map-keys": [ + "path" + ], + "x-kubernetes-list-type": "map" + }, + "sshkey": { + "description": "sshkey is the overall sshkey MachineConfig definition", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusSSHKey" + }, + "units": { + "description": "units is a list MachineConfig unit definitions and actions to take on changes to those services", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusUnit" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.operator.v1.NodeDisruptionPolicyConfig": { + "description": "NodeDisruptionPolicyConfig is the overall spec definition for files/units/sshkeys", + "type": "object", + "properties": { + "files": { + "description": "files is a list of MachineConfig file definitions and actions to take to changes on those paths This list supports a maximum of 50 entries.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecFile" + }, + "x-kubernetes-list-map-keys": [ + "path" + ], + "x-kubernetes-list-type": "map" + }, + "sshkey": { + "description": "sshkey maps to the ignition.sshkeys field in the MachineConfig object, definition an action for this will apply to all sshkey changes in the cluster", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecSSHKey" + }, + "units": { + "description": "units is a list MachineConfig unit definitions and actions to take on changes to those services This list supports a maximum of 50 entries.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecUnit" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction": { "type": "object", "required": [ - "Key", - "Value" + "type" ], "properties": { - "Key": { - "description": "Key is the name of the key pair", + "reload": { + "description": "reload specifies the service to reload, only valid if type is reload", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ReloadService" + }, + "restart": { + "description": "restart specifies the service to restart, only valid if type is restart", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.RestartService" + }, + "type": { + "description": "type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration", "type": "string", "default": "" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "reload": "Reload", + "restart": "Restart" + } + } + ] + }, + "com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecFile": { + "description": "NodeDisruptionPolicySpecFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object", + "type": "object", + "required": [ + "path", + "actions" + ], + "properties": { + "actions": { + "description": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction" + }, + "x-kubernetes-list-type": "atomic" }, - "Value": { - "description": "Value is the value or data of the key pair", + "path": { + "description": "path is the location of a file being managed through a MachineConfig. The Actions in the policy will apply to changes to the file at this path.", "type": "string", "default": "" } } }, - "com.github.openshift.api.machine.v1.VSphereFailureDomain": { - "description": "VSphereFailureDomain configures failure domain information for the vSphere platform", + "com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecSSHKey": { + "description": "NodeDisruptionPolicySpecSSHKey is actions to take for any SSHKey change and is used in the NodeDisruptionPolicyConfig object", "type": "object", "required": [ - "name" + "actions" ], "properties": { - "name": { - "description": "name of the failure domain in which the vSphere machine provider will create the VM. Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource. When balancing machines across failure domains, the control plane machine set will inject configuration from the Infrastructure resource into the machine providerSpec to allocate the machine to a failure domain.", - "type": "string", - "default": "" + "actions": { + "description": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.machine.v1alpha1.AdditionalBlockDevice": { - "description": "additionalBlockDevice is a block device to attach to the server.", + "com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecUnit": { + "description": "NodeDisruptionPolicySpecUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object", "type": "object", "required": [ "name", - "sizeGiB", - "storage" + "actions" ], "properties": { + "actions": { + "description": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction" + }, + "x-kubernetes-list-type": "atomic" + }, "name": { - "description": "name of the block device in the context of a machine. If the block device is a volume, the Cinder volume will be named as a combination of the machine name and this name. Also, this name will be used for tagging the block device. Information about the block device tag can be obtained from the OpenStack metadata API or the config drive.", + "description": "name represents the service name of a systemd service managed through a MachineConfig Actions specified will be applied for changes to the named service. Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", "type": "string", "default": "" - }, - "sizeGiB": { - "description": "sizeGiB is the size of the block device in gibibytes (GiB).", - "type": "integer", - "format": "int32", - "default": 0 - }, - "storage": { - "description": "storage specifies the storage type of the block device and additional storage options.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.BlockDeviceStorage" } } }, - "com.github.openshift.api.machine.v1alpha1.AddressPair": { + "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatus": { "type": "object", "properties": { - "ipAddress": { - "type": "string" - }, - "macAddress": { - "type": "string" + "clusterPolicies": { + "description": "clusterPolicies is a merge of cluster default and user provided node disruption policies.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyClusterStatus" } } }, - "com.github.openshift.api.machine.v1alpha1.BlockDeviceStorage": { - "description": "blockDeviceStorage is the storage type of a block device to create and contains additional storage options.", + "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction": { "type": "object", "required": [ "type" ], "properties": { + "reload": { + "description": "reload specifies the service to reload, only valid if type is reload", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ReloadService" + }, + "restart": { + "description": "restart specifies the service to restart, only valid if type is restart", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.RestartService" + }, "type": { - "description": "type is the type of block device to create. This can be either \"Volume\" or \"Local\".", + "description": "type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration", "type": "string", "default": "" - }, - "volume": { - "description": "volume contains additional storage options for a volume block device.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.BlockDeviceVolume" } }, "x-kubernetes-unions": [ { "discriminator": "type", "fields-to-discriminateBy": { - "volume": "Volume" + "reload": "Reload", + "restart": "Restart" } } ] }, - "com.github.openshift.api.machine.v1alpha1.BlockDeviceVolume": { - "description": "blockDeviceVolume contains additional storage options for a volume block device.", + "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusFile": { + "description": "NodeDisruptionPolicyStatusFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object", "type": "object", + "required": [ + "path", + "actions" + ], "properties": { - "availabilityZone": { - "description": "availabilityZone is the volume availability zone to create the volume in. If omitted, the availability zone of the server will be used. The availability zone must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information.", - "type": "string" + "actions": { + "description": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction" + }, + "x-kubernetes-list-type": "atomic" }, - "type": { - "description": "type is the Cinder volume type of the volume. If omitted, the default Cinder volume type that is configured in the OpenStack cloud will be used.", - "type": "string" + "path": { + "description": "path is the location of a file being managed through a MachineConfig. The Actions in the policy will apply to changes to the file at this path.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.machine.v1alpha1.Filter": { + "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusSSHKey": { + "description": "NodeDisruptionPolicyStatusSSHKey is actions to take for any SSHKey change and is used in the NodeDisruptionPolicyClusterStatus object", "type": "object", + "required": [ + "actions" + ], "properties": { - "adminStateUp": { - "description": "Deprecated: adminStateUp is silently ignored. It has no replacement.", - "type": "boolean" - }, - "description": { - "description": "description filters networks by description.", - "type": "string" - }, - "id": { - "description": "Deprecated: use NetworkParam.uuid instead. Ignored if NetworkParam.uuid is set.", - "type": "string" - }, - "limit": { - "description": "Deprecated: limit is silently ignored. It has no replacement.", - "type": "integer", - "format": "int32" - }, - "marker": { - "description": "Deprecated: marker is silently ignored. It has no replacement.", - "type": "string" - }, - "name": { - "description": "name filters networks by name.", - "type": "string" - }, - "notTags": { - "description": "notTags filters by networks which don't match all specified tags. NOT (t1 AND t2...) Multiple tags are comma separated.", - "type": "string" - }, - "notTagsAny": { - "description": "notTagsAny filters by networks which don't match any specified tags. NOT (t1 OR t2...) Multiple tags are comma separated.", - "type": "string" - }, - "projectId": { - "description": "projectId filters networks by project ID.", - "type": "string" - }, - "shared": { - "description": "Deprecated: shared is silently ignored. It has no replacement.", - "type": "boolean" - }, - "sortDir": { - "description": "Deprecated: sortDir is silently ignored. It has no replacement.", - "type": "string" - }, - "sortKey": { - "description": "Deprecated: sortKey is silently ignored. It has no replacement.", - "type": "string" - }, - "status": { - "description": "Deprecated: status is silently ignored. It has no replacement.", - "type": "string" - }, - "tags": { - "description": "tags filters by networks containing all specified tags. Multiple tags are comma separated.", - "type": "string" - }, - "tagsAny": { - "description": "tagsAny filters by networks containing any specified tags. Multiple tags are comma separated.", - "type": "string" - }, - "tenantId": { - "description": "tenantId filters networks by tenant ID. Deprecated: use projectId instead. tenantId will be ignored if projectId is set.", - "type": "string" + "actions": { + "description": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.machine.v1alpha1.FixedIPs": { + "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusUnit": { + "description": "NodeDisruptionPolicyStatusUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object", "type": "object", "required": [ - "subnetID" + "name", + "actions" ], "properties": { - "ipAddress": { - "description": "ipAddress is a specific IP address to use in the given subnet. Port creation will fail if the address is not available. If not specified, an available IP from the given subnet will be selected automatically.", - "type": "string" + "actions": { + "description": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction" + }, + "x-kubernetes-list-type": "atomic" }, - "subnetID": { - "description": "subnetID specifies the ID of the subnet where the fixed IP will be allocated.", + "name": { + "description": "name represents the service name of a systemd service managed through a MachineConfig Actions specified will be applied for changes to the named service. Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", "type": "string", "default": "" } } }, - "com.github.openshift.api.machine.v1alpha1.NetworkParam": { + "com.github.openshift.api.operator.v1.NodePlacement": { + "description": "NodePlacement describes node scheduling configuration for an ingress controller.", "type": "object", "properties": { - "filter": { - "description": "Filters for optional network query", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.Filter" - }, - "fixedIp": { - "description": "A fixed IPv4 address for the NIC. Deprecated: fixedIP is silently ignored. Use subnets instead.", - "type": "string" - }, - "noAllowedAddressPairs": { - "description": "noAllowedAddressPairs disables creation of allowed address pairs for the network ports", - "type": "boolean" - }, - "portSecurity": { - "description": "portSecurity optionally enables or disables security on ports managed by OpenStack", - "type": "boolean" - }, - "portTags": { - "description": "portTags allows users to specify a list of tags to add to ports created in a given network", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "profile": { - "description": "A dictionary that enables the application running on the specified host to pass and receive virtual network interface (VIF) port-specific information to the plug-in.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "nodeSelector": { + "description": "nodeSelector is the node selector applied to ingress controller deployments.\n\nIf set, the specified selector is used and replaces the default.\n\nIf unset, the default depends on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses status.\n\nWhen defaultPlacement is Workers, the default is:\n\n kubernetes.io/os: linux\n node-role.kubernetes.io/worker: ''\n\nWhen defaultPlacement is ControlPlane, the default is:\n\n kubernetes.io/os: linux\n node-role.kubernetes.io/master: ''\n\nThese defaults are subject to change.\n\nNote that using nodeSelector.matchExpressions is not supported. Only nodeSelector.matchLabels may be used. This is a limitation of the Kubernetes API: the pod spec does not allow complex expressions for node selectors.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" }, - "subnets": { - "description": "Subnet within a network to use", + "tolerations": { + "description": "tolerations is a list of tolerations applied to ingress controller deployments.\n\nThe default is an empty list.\n\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.SubnetParam" - } - }, - "uuid": { - "description": "The UUID of the network. Required if you omit the port attribute.", - "type": "string" - }, - "vnicType": { - "description": "The virtual network interface card (vNIC) type that is bound to the neutron port.", + "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "com.github.openshift.api.operator.v1.NodePortStrategy": { + "description": "NodePortStrategy holds parameters for the NodePortService endpoint publishing strategy.", + "type": "object", + "properties": { + "protocol": { + "description": "protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string. * \"TCP\". * \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change.", "type": "string" } } }, - "com.github.openshift.api.machine.v1alpha1.OpenstackProviderSpec": { - "description": "OpenstackProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an OpenStack Instance. It is used by the Openstack machine actuator to create a single machine instance. Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.operator.v1.NodeStatus": { + "description": "NodeStatus provides information about the current state of a particular node managed by this operator.", "type": "object", "required": [ - "cloudsSecret", - "cloudName", - "flavor", - "image" + "nodeName" ], "properties": { - "additionalBlockDevices": { - "description": "additionalBlockDevices is a list of specifications for additional block devices to attach to the server instance", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.AdditionalBlockDevice" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "currentRevision": { + "description": "currentRevision is the generation of the most recently successful deployment. Can not be set on creation of a nodeStatus. Updates must only increase the value.", + "type": "integer", + "format": "int32" }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "lastFailedCount": { + "description": "lastFailedCount is how often the installer pod of the last failed revision failed.", + "type": "integer", + "format": "int32" }, - "availabilityZone": { - "description": "The availability zone from which to launch the server.", + "lastFailedReason": { + "description": "lastFailedReason is a machine readable failure reason string.", "type": "string" }, - "cloudName": { - "description": "The name of the cloud to use from the clouds secret", - "type": "string", - "default": "" - }, - "cloudsSecret": { - "description": "The name of the secret containing the openstack credentials", - "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" + "lastFailedRevision": { + "description": "lastFailedRevision is the generation of the deployment we tried and failed to deploy.", + "type": "integer", + "format": "int32" }, - "configDrive": { - "description": "Config Drive support", - "type": "boolean" + "lastFailedRevisionErrors": { + "description": "lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "flavor": { - "description": "The flavor reference for the flavor for your server instance.", - "type": "string", - "default": "" + "lastFailedTime": { + "description": "lastFailedTime is the time the last failed revision failed the last time.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, - "floatingIP": { - "description": "floatingIP specifies a floating IP to be associated with the machine. Note that it is not safe to use this parameter in a MachineSet, as only one Machine may be assigned the same floating IP.\n\nDeprecated: floatingIP will be removed in a future release as it cannot be implemented correctly.", - "type": "string" + "lastFallbackCount": { + "description": "lastFallbackCount is how often a fallback to a previous revision happened.", + "type": "integer", + "format": "int32" }, - "image": { - "description": "The name of the image to use for your server instance. If the RootVolume is specified, this will be ignored and use rootVolume directly.", + "nodeName": { + "description": "nodeName is the name of the node", "type": "string", "default": "" }, - "keyName": { - "description": "The ssh key to inject in the instance", + "targetRevision": { + "description": "targetRevision is the generation of the deployment we're trying to apply. Can not be set on creation of a nodeStatus.", + "type": "integer", + "format": "int32" + } + } + }, + "com.github.openshift.api.operator.v1.OAuthAPIServerStatus": { + "type": "object", + "properties": { + "latestAvailableRevision": { + "description": "latestAvailableRevision is the latest revision used as suffix of revisioned secrets like encryption-config. A new revision causes a new deployment of pods.", + "type": "integer", + "format": "int32" + } + } + }, + "com.github.openshift.api.operator.v1.OLM": { + "description": "OLM provides information to configure an operator to manage the OLM controllers\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "metadata", + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { @@ -35362,536 +33942,373 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "networks": { - "description": "A networks object. Required parameter when there are multiple networks defined for the tenant. When you do not specify the networks parameter, the server attaches to the only network created for the current tenant.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.NetworkParam" - } - }, - "ports": { - "description": "Create and assign additional ports to instances", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.PortOpts" - } - }, - "primarySubnet": { - "description": "The subnet that a set of machines will get ingress/egress traffic from Deprecated: primarySubnet is silently ignored. Use subnets instead.", - "type": "string" - }, - "rootVolume": { - "description": "The volume metadata to boot from", - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.RootVolume" - }, - "securityGroups": { - "description": "The names of the security groups to assign to the instance", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.SecurityGroupParam" - } - }, - "serverGroupID": { - "description": "The server group to assign the machine to.", - "type": "string" - }, - "serverGroupName": { - "description": "The server group to assign the machine to. A server group with that name will be created if it does not exist. If both ServerGroupID and ServerGroupName are non-empty, they must refer to the same OpenStack resource.", - "type": "string" - }, - "serverMetadata": { - "description": "Metadata mapping. Allows you to create a map of key value pairs to add to the server instance.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "sshUserName": { - "description": "The machine ssh username Deprecated: sshUserName is silently ignored.", - "type": "string" - }, - "tags": { - "description": "Machine tags Requires Nova api 2.52 minimum!", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "trunk": { - "description": "Whether the server instance is created on a trunk port or not.", - "type": "boolean" + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OLMSpec" }, - "userDataSecret": { - "description": "The name of the secret containing the user data (startup script in most cases)", - "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OLMStatus" } } }, - "com.github.openshift.api.machine.v1alpha1.PortOpts": { + "com.github.openshift.api.operator.v1.OLMList": { + "description": "OLMList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "networkID" + "metadata", + "items" ], "properties": { - "adminStateUp": { - "description": "adminStateUp sets the administrative state of the created port to up (true), or down (false).", - "type": "boolean" - }, - "allowedAddressPairs": { - "description": "allowedAddressPairs specifies a set of allowed address pairs to add to the port.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.AddressPair" - } - }, - "description": { - "description": "description specifies the description of the created port.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "fixedIPs": { - "description": "fixedIPs specifies a set of fixed IPs to assign to the port. They must all be valid for the port's network.", + "items": { + "description": "items contains the items", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.FixedIPs" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OLM" } }, - "hostID": { - "description": "The ID of the host where the port is allocated. Do not use this field: it cannot be used correctly. Deprecated: hostID is silently ignored. It will be removed with no replacement.", - "type": "string" - }, - "macAddress": { - "description": "macAddress specifies the MAC address of the created port.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "nameSuffix": { - "description": "If nameSuffix is specified the created port will be named -. If not specified the port will be named -.", + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + } + }, + "com.github.openshift.api.operator.v1.OLMSpec": { + "type": "object", + "required": [ + "managementState" + ], + "properties": { + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "networkID": { - "description": "networkID is the ID of the network the port will be created in. It is required.", + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", "default": "" }, - "portSecurity": { - "description": "enable or disable security on a given port incompatible with securityGroups and allowedAddressPairs", - "type": "boolean" - }, - "profile": { - "description": "A dictionary that enables the application running on the specified host to pass and receive virtual network interface (VIF) port-specific information to the plug-in.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "projectID": { - "description": "projectID specifies the project ID of the created port. Note that this requires OpenShift to have administrative permissions, which is typically not the case. Use of this field is not recommended. Deprecated: projectID is silently ignored.", - "type": "string" - }, - "securityGroups": { - "description": "securityGroups specifies a set of security group UUIDs to use instead of the machine's default security groups. The default security groups will be used if this is left empty or not specified.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "tags": { - "description": "tags species a set of tags to add to the port.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "tenantID": { - "description": "tenantID specifies the tenant ID of the created port. Note that this requires OpenShift to have administrative permissions, which is typically not the case. Use of this field is not recommended. Deprecated: tenantID is silently ignored.", + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "trunk": { - "description": "Enables and disables trunk at port level. If not provided, openStackMachine.Spec.Trunk is inherited.", - "type": "boolean" - }, - "vnicType": { - "description": "The virtual network interface card (vNIC) type that is bound to the neutron port.", - "type": "string" + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } } }, - "com.github.openshift.api.machine.v1alpha1.RootVolume": { + "com.github.openshift.api.operator.v1.OLMStatus": { "type": "object", "properties": { - "availabilityZone": { - "description": "availabilityZone specifies the Cinder availability where the root volume will be created.", - "type": "string" + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "deviceType": { - "description": "Deprecated: deviceType will be silently ignored. There is no replacement.", - "type": "string" + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "diskSize": { - "description": "diskSize specifies the size, in GiB, of the created root volume.", + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", "type": "integer", "format": "int32" }, - "sourceType": { - "description": "Deprecated: sourceType will be silently ignored. There is no replacement.", - "type": "string" + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" }, - "sourceUUID": { - "description": "sourceUUID specifies the UUID of a glance image used to populate the root volume. Deprecated: set image in the platform spec instead. This will be ignored if image is set in the platform spec.", - "type": "string" + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 }, - "volumeType": { - "description": "volumeType specifies a volume type to use when creating the root volume. If not specified the default volume type will be used.", + "version": { + "description": "version is the level this availability applies to", "type": "string" } } }, - "com.github.openshift.api.machine.v1alpha1.SecurityGroupFilter": { + "com.github.openshift.api.operator.v1.OVNKubernetesConfig": { + "description": "ovnKubernetesConfig contains the configuration parameters for networks using the ovn-kubernetes network project", "type": "object", "properties": { - "description": { - "description": "description filters security groups by description.", - "type": "string" + "egressIPConfig": { + "description": "egressIPConfig holds the configuration for EgressIP options.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.EgressIPConfig" }, - "id": { - "description": "id specifies the ID of a security group to use. If set, id will not be validated before use. An invalid id will result in failure to create a server with an appropriate error message.", - "type": "string" + "gatewayConfig": { + "description": "gatewayConfig holds the configuration for node gateway options.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GatewayConfig" }, - "limit": { - "description": "Deprecated: limit is silently ignored. It has no replacement.", + "genevePort": { + "description": "geneve port is the UDP port to be used by geneve encapulation. Default is 6081", "type": "integer", - "format": "int32" - }, - "marker": { - "description": "Deprecated: marker is silently ignored. It has no replacement.", - "type": "string" + "format": "int64" }, - "name": { - "description": "name filters security groups by name.", - "type": "string" + "hybridOverlayConfig": { + "description": "hybridOverlayConfig configures an additional overlay network for peers that are not using OVN.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.HybridOverlayConfig" }, - "notTags": { - "description": "notTags filters by security groups which don't match all specified tags. NOT (t1 AND t2...) Multiple tags are comma separated.", - "type": "string" + "ipsecConfig": { + "description": "ipsecConfig enables and configures IPsec for pods on the pod network within the cluster.", + "default": { + "mode": "Disabled" + }, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPsecConfig" }, - "notTagsAny": { - "description": "notTagsAny filters by security groups which don't match any specified tags. NOT (t1 OR t2...) Multiple tags are comma separated.", - "type": "string" + "ipv4": { + "description": "ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPv4OVNKubernetesConfig" }, - "projectId": { - "description": "projectId filters security groups by project ID.", - "type": "string" + "ipv6": { + "description": "ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPv6OVNKubernetesConfig" }, - "sortDir": { - "description": "Deprecated: sortDir is silently ignored. It has no replacement.", - "type": "string" + "mtu": { + "description": "mtu is the MTU to use for the tunnel interface. This must be 100 bytes smaller than the uplink mtu. Default is 1400", + "type": "integer", + "format": "int64" }, - "sortKey": { - "description": "Deprecated: sortKey is silently ignored. It has no replacement.", - "type": "string" + "policyAuditConfig": { + "description": "policyAuditConfig is the configuration for network policy audit events. If unset, reported defaults are used.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.PolicyAuditConfig" }, - "tags": { - "description": "tags filters by security groups containing all specified tags. Multiple tags are comma separated.", + "routeAdvertisements": { + "description": "routeAdvertisements determines if the functionality to advertise cluster network routes through a dynamic routing protocol, such as BGP, is enabled or not. This functionality is configured through the ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing capability provider to be enabled as an additional routing capability. Allowed values are \"Enabled\", \"Disabled\" and ommited. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is \"Disabled\".", "type": "string" }, - "tagsAny": { - "description": "tagsAny filters by security groups containing any specified tags. Multiple tags are comma separated.", + "v4InternalSubnet": { + "description": "v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. Default is 100.64.0.0/16", "type": "string" }, - "tenantId": { - "description": "tenantId filters security groups by tenant ID. Deprecated: use projectId instead. tenantId will be ignored if projectId is set.", + "v6InternalSubnet": { + "description": "v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. Default is fd98::/64", "type": "string" } } }, - "com.github.openshift.api.machine.v1alpha1.SecurityGroupParam": { + "com.github.openshift.api.operator.v1.OpenShiftAPIServer": { + "description": "OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "spec" + ], "properties": { - "filter": { - "description": "Filters used to query security groups in openstack", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.SecurityGroupFilter" - }, - "name": { - "description": "Security Group name", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "uuid": { - "description": "Security Group UUID", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec is the specification of the desired behavior of the OpenShift API Server.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftAPIServerSpec" + }, + "status": { + "description": "status defines the observed status of the OpenShift API Server.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftAPIServerStatus" } } }, - "com.github.openshift.api.machine.v1alpha1.SubnetFilter": { + "com.github.openshift.api.operator.v1.OpenShiftAPIServerList": { + "description": "OpenShiftAPIServerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { - "cidr": { - "description": "cidr filters subnets by CIDR.", - "type": "string" - }, - "description": { - "description": "description filters subnets by description.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "enableDhcp": { - "description": "Deprecated: enableDhcp is silently ignored. It has no replacement.", - "type": "boolean" + "items": { + "description": "items contains the items", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftAPIServer" + } }, - "gateway_ip": { - "description": "gateway_ip filters subnets by gateway IP.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "id": { - "description": "id is the uuid of a specific subnet to use. If specified, id will not be validated. Instead server creation will fail with an appropriate error.", + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + } + }, + "com.github.openshift.api.operator.v1.OpenShiftAPIServerSpec": { + "type": "object", + "required": [ + "managementState" + ], + "properties": { + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "ipVersion": { - "description": "ipVersion filters subnets by IP version.", - "type": "integer", - "format": "int32" - }, - "ipv6AddressMode": { - "description": "ipv6AddressMode filters subnets by IPv6 address mode.", - "type": "string" - }, - "ipv6RaMode": { - "description": "ipv6RaMode filters subnets by IPv6 router adversiement mode.", - "type": "string" - }, - "limit": { - "description": "Deprecated: limit is silently ignored. It has no replacement.", - "type": "integer", - "format": "int32" - }, - "marker": { - "description": "Deprecated: marker is silently ignored. It has no replacement.", - "type": "string" - }, - "name": { - "description": "name filters subnets by name.", - "type": "string" - }, - "networkId": { - "description": "Deprecated: networkId is silently ignored. Set uuid on the containing network definition instead.", - "type": "string" - }, - "notTags": { - "description": "notTags filters by subnets which don't match all specified tags. NOT (t1 AND t2...) Multiple tags are comma separated.", - "type": "string" - }, - "notTagsAny": { - "description": "notTagsAny filters by subnets which don't match any specified tags. NOT (t1 OR t2...) Multiple tags are comma separated.", - "type": "string" - }, - "projectId": { - "description": "projectId filters subnets by project ID.", - "type": "string" - }, - "sortDir": { - "description": "Deprecated: sortDir is silently ignored. It has no replacement.", - "type": "string" - }, - "sortKey": { - "description": "Deprecated: sortKey is silently ignored. It has no replacement.", - "type": "string" - }, - "subnetpoolId": { - "description": "subnetpoolId filters subnets by subnet pool ID. Deprecated: subnetpoolId is silently ignored.", - "type": "string" + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" }, - "tags": { - "description": "tags filters by subnets containing all specified tags. Multiple tags are comma separated.", - "type": "string" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "tagsAny": { - "description": "tagsAny filters by subnets containing any specified tags. Multiple tags are comma separated.", + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "tenantId": { - "description": "tenantId filters subnets by tenant ID. Deprecated: use projectId instead. tenantId will be ignored if projectId is set.", - "type": "string" + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } } }, - "com.github.openshift.api.machine.v1alpha1.SubnetParam": { + "com.github.openshift.api.operator.v1.OpenShiftAPIServerStatus": { "type": "object", "properties": { - "filter": { - "description": "Filters for optional network query", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.SubnetFilter" - }, - "portSecurity": { - "description": "portSecurity optionally enables or disables security on ports managed by OpenStack Deprecated: portSecurity is silently ignored. Set portSecurity on the parent network instead.", - "type": "boolean" + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "portTags": { - "description": "portTags are tags that are added to ports created on this subnet", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "uuid": { - "description": "The UUID of the network. Required if you omit the port attribute.", + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", "type": "string" } } }, - "com.github.openshift.api.machine.v1beta1.AWSMachineProviderConfig": { - "description": "AWSMachineProviderConfig is the Schema for the awsmachineproviderconfigs API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.OpenShiftControllerManager": { + "description": "OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "ami", - "instanceType", - "deviceIndex", - "subnet", - "placement" + "metadata", + "spec" ], "properties": { - "ami": { - "description": "ami is the reference to the AMI from which to create the machine instance.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AWSResourceReference" - }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "blockDevices": { - "description": "blockDevices is the set of block device mapping associated to this instance, block device without a name will be used as a root device and only one device without a name is allowed https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.BlockDeviceMappingSpec" - } - }, - "capacityReservationId": { - "description": "capacityReservationId specifies the target Capacity Reservation into which the instance should be launched. The field size should be greater than 0 and the field input must start with cr-***", - "type": "string", - "default": "" - }, - "cpuOptions": { - "description": "cpuOptions defines CPU-related settings for the instance, including the confidential computing policy. When omitted, this means no opinion and the AWS platform is left to choose a reasonable default. More info: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CpuOptionsRequest.html, https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cpu-options-supported-instances-values.html", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.CPUOptions" - }, - "credentialsSecret": { - "description": "credentialsSecret is a reference to the secret with AWS credentials. Otherwise, defaults to permissions provided by attached IAM role where the actuator is running.", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" - }, - "deviceIndex": { - "description": "deviceIndex is the index of the device on the instance for the network interface attachment. Defaults to 0.", - "type": "integer", - "format": "int64", - "default": 0 - }, - "iamInstanceProfile": { - "description": "iamInstanceProfile is a reference to an IAM role to assign to the instance", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AWSResourceReference" - }, - "instanceType": { - "description": "instanceType is the type of instance to create. Example: m4.xlarge", - "type": "string", - "default": "" - }, - "keyName": { - "description": "keyName is the name of the KeyPair to use for SSH", - "type": "string" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "loadBalancers": { - "description": "loadBalancers is the set of load balancers to which the new instance should be added once it is created.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.LoadBalancerReference" - } - }, - "marketType": { - "description": "marketType specifies the type of market for the EC2 instance. Valid values are OnDemand, Spot, CapacityBlock and omitted.\n\nDefaults to OnDemand. When SpotMarketOptions is provided, the marketType defaults to \"Spot\".\n\nWhen set to OnDemand the instance runs as a standard OnDemand instance. When set to Spot the instance runs as a Spot instance. When set to CapacityBlock the instance utilizes pre-purchased compute capacity (capacity blocks) with AWS Capacity Reservations. If this value is selected, capacityReservationID must be specified to identify the target reservation.", - "type": "string" - }, "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "metadataServiceOptions": { - "description": "metadataServiceOptions allows users to configure instance metadata service interaction options. If nothing specified, default AWS IMDS settings will be applied. https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_InstanceMetadataOptionsRequest.html", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MetadataServiceOptions" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "networkInterfaceType": { - "description": "networkInterfaceType specifies the type of network interface to be used for the primary network interface. Valid values are \"ENA\", \"EFA\", and omitted, which means no opinion and the platform chooses a good default which may change over time. The current default value is \"ENA\". Please visit https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html to learn more about the AWS Elastic Fabric Adapter interface option.", - "type": "string" - }, - "placement": { - "description": "placement specifies where to create the instance in AWS", + "spec": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Placement" - }, - "placementGroupName": { - "description": "placementGroupName specifies the name of the placement group in which to launch the instance. The placement group must already be created and may use any placement strategy. When omitted, no placement group is used when creating the EC2 instance.", - "type": "string" - }, - "placementGroupPartition": { - "description": "placementGroupPartition is the partition number within the placement group in which to launch the instance. This must be an integer value between 1 and 7. It is only valid if the placement group, referred in `PlacementGroupName` was created with strategy set to partition.", - "type": "integer", - "format": "int32" - }, - "publicIp": { - "description": "publicIp specifies whether the instance should get a public IP. If not present, it should use the default of its subnet.", - "type": "boolean" - }, - "securityGroups": { - "description": "securityGroups is an array of references to security groups that should be applied to the instance.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AWSResourceReference" - } - }, - "spotMarketOptions": { - "description": "spotMarketOptions allows users to configure instances to be run using AWS Spot instances.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.SpotMarketOptions" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftControllerManagerSpec" }, - "subnet": { - "description": "subnet is a reference to the subnet to use for this instance", + "status": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AWSResourceReference" - }, - "tags": { - "description": "tags is the set of tags to add to apply to an instance, in addition to the ones added by default by the actuator. These tags are additive. The actuator will ensure these tags are present, but will not remove any other tags that may exist on the instance.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.TagSpecification" - } - }, - "userDataSecret": { - "description": "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftControllerManagerStatus" } } }, - "com.github.openshift.api.machine.v1beta1.AWSMachineProviderConfigList": { - "description": "AWSMachineProviderConfigList contains a list of AWSMachineProviderConfig Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.OpenShiftControllerManagerList": { + "description": "OpenShiftControllerManagerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -35900,10 +34317,11 @@ "type": "string" }, "items": { + "description": "items contains the items", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AWSMachineProviderConfig" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftControllerManager" } }, "kind": { @@ -35911,618 +34329,465 @@ "type": "string" }, "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.machine.v1beta1.AWSMachineProviderStatus": { - "description": "AWSMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains AWS-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.OpenShiftControllerManagerSpec": { "type": "object", + "required": [ + "managementState" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "conditions": { - "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "dedicatedHost": { - "description": "dedicatedHost tracks the dynamically allocated dedicated host. This field is populated when allocationStrategy is Dynamic (with or without DynamicHostAllocation). When omitted, this indicates that the dedicated host has not yet been allocated, or allocation is in progress.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DedicatedHostStatus" + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" }, - "instanceId": { - "description": "instanceId is the instance ID of the machine created in AWS", - "type": "string" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "instanceState": { - "description": "instanceState is the state of the AWS instance for this machine", + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } } }, - "com.github.openshift.api.machine.v1beta1.AWSResourceReference": { - "description": "AWSResourceReference is a reference to a specific AWS resource by ID, ARN, or filters. Only one of ID, ARN or Filters may be specified. Specifying more than one will result in a validation error.", + "com.github.openshift.api.operator.v1.OpenShiftControllerManagerStatus": { "type": "object", "properties": { - "arn": { - "description": "arn of resource", - "type": "string" + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "filters": { - "description": "filters is a set of filters used to identify a resource", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Filter" - } + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "id": { - "description": "id of resource", + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", "type": "string" } } }, - "com.github.openshift.api.machine.v1beta1.AddressesFromPool": { - "description": "AddressesFromPool is an IPAddressPool that will be used to create IPAddressClaims for fulfillment by an external controller.", + "com.github.openshift.api.operator.v1.OpenShiftSDNConfig": { + "description": "OpenShiftSDNConfig was used to configure the OpenShift SDN plugin. It is no longer used.", "type": "object", "required": [ - "group", - "resource", - "name" + "mode" ], "properties": { - "group": { - "description": "group of the IP address pool type known to an external IPAM controller. This should be a fully qualified domain name, for example, externalipam.controller.io.", - "type": "string", - "default": "" + "enableUnidling": { + "description": "enableUnidling controls whether or not the service proxy will support idling and unidling of services. By default, unidling is enabled.", + "type": "boolean" }, - "name": { - "description": "name of an IP address pool, for example, pool-config-1.", + "mode": { + "description": "mode is one of \"Multitenant\", \"Subnet\", or \"NetworkPolicy\"", "type": "string", "default": "" }, - "resource": { - "description": "resource of the IP address pool type known to an external IPAM controller. It is normally the plural form of the resource kind in lowercase, for example, ippools.", - "type": "string", - "default": "" + "mtu": { + "description": "mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. This must be 50 bytes smaller than the machine's uplink.", + "type": "integer", + "format": "int64" + }, + "useExternalOpenvswitch": { + "description": "useExternalOpenvswitch used to control whether the operator would deploy an OVS DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always run as a system service, and this flag is ignored.", + "type": "boolean" + }, + "vxlanPort": { + "description": "vxlanPort is the port to use for all vxlan packets. The default is 4789.", + "type": "integer", + "format": "int64" } } }, - "com.github.openshift.api.machine.v1beta1.AzureBootDiagnostics": { - "description": "AzureBootDiagnostics configures the boot diagnostics settings for the virtual machine. This allows you to configure capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", + "com.github.openshift.api.operator.v1.OpenStackLoadBalancerParameters": { + "description": "OpenStackLoadBalancerParameters provides configuration settings that are specific to OpenStack load balancers.", "type": "object", - "required": [ - "storageAccountType" - ], "properties": { - "customerManaged": { - "description": "customerManaged provides reference to the customer manager storage account.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AzureCustomerManagedBootDiagnostics" - }, - "storageAccountType": { - "description": "storageAccountType determines if the storage account for storing the diagnostics data should be provisioned by Azure (AzureManaged) or by the customer (CustomerManaged).", - "type": "string", - "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "storageAccountType", - "fields-to-discriminateBy": { - "customerManaged": "CustomerManaged" - } + "floatingIP": { + "description": "floatingIP specifies the IP address that the load balancer will use. When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. When specified, the floating IP has to be pre-created. If the specified value is not a floating IP or is already claimed, the OpenStack cloud provider won't be able to provision the load balancer. This field may only be used if the IngressController has External scope. This value must be a valid IPv4 or IPv6 address.", + "type": "string" } - ] + } }, - "com.github.openshift.api.machine.v1beta1.AzureCustomerManagedBootDiagnostics": { - "description": "AzureCustomerManagedBootDiagnostics provides reference to a customer managed storage account.", + "com.github.openshift.api.operator.v1.OperatorCondition": { + "description": "OperatorCondition is just the standard condition fields.", "type": "object", "required": [ - "storageAccountURI" + "type", + "status", + "lastTransitionTime" ], "properties": { - "storageAccountURI": { - "description": "storageAccountURI is the URI of the customer managed storage account. The URI typically will be `https://.blob.core.windows.net/` but may differ if you are using Azure DNS zone endpoints. You can find the correct endpoint by looking for the Blob Primary Endpoint in the endpoints tab in the Azure console.", + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "message": { + "type": "string" + }, + "reason": { + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "type": "string", + "default": "" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", "type": "string", "default": "" } } }, - "com.github.openshift.api.machine.v1beta1.AzureDiagnostics": { - "description": "AzureDiagnostics is used to configure the diagnostic settings of the virtual machine.", - "type": "object", - "properties": { - "boot": { - "description": "AzureBootDiagnostics configures the boot diagnostics settings for the virtual machine. This allows you to configure capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AzureBootDiagnostics" - } - } - }, - "com.github.openshift.api.machine.v1beta1.AzureMachineProviderSpec": { - "description": "AzureMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an Azure virtual machine. It is used by the Azure machine actuator to create a single Machine. Required parameters such as location that are not specified by this configuration, will be defaulted by the actuator. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.OperatorSpec": { + "description": "OperatorSpec contains common fields operators need. It is intended to be anonymous included inside of the Spec struct for your particular operator.", "type": "object", "required": [ - "image", - "osDisk", - "publicIP", - "subnet" + "managementState" ], "properties": { - "acceleratedNetworking": { - "description": "acceleratedNetworking enables or disables Azure accelerated networking feature. Set to false by default. If true, then this will depend on whether the requested VMSize is supported. If set to true with an unsupported VMSize, Azure will return an error.", - "type": "boolean" - }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "applicationSecurityGroups": { - "description": "Application Security Groups that need to be attached to the machine's interface. No application security groups will be attached if zero-length.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" }, - "availabilitySet": { - "description": "availabilitySet specifies the availability set to use for this instance. Availability set should be precreated, before using this field.", - "type": "string" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "capacityReservationGroupID": { - "description": "capacityReservationGroupID specifies the capacity reservation group resource id that should be used for allocating the virtual machine. The field size should be greater than 0 and the field input must start with '/'. The input for capacityReservationGroupID must be similar to '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/capacityReservationGroups/{capacityReservationGroupName}'. The keys which are used should be among 'subscriptions', 'providers' and 'resourcegroups' followed by valid ID or names respectively.", + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "credentialsSecret": { - "description": "credentialsSecret is a reference to the secret with Azure credentials.", - "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" - }, - "dataDisks": { - "description": "DataDisk specifies the parameters that are used to add one or more data disks to the machine.", + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + } + } + }, + "com.github.openshift.api.operator.v1.OperatorStatus": { + "type": "object", + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DataDisk" - } - }, - "diagnostics": { - "description": "diagnostics configures the diagnostics settings for the virtual machine. This allows you to configure boot diagnostics such as capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AzureDiagnostics" - }, - "image": { - "description": "image is the OS image to use to create the instance.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Image" - }, - "internalLoadBalancer": { - "description": "InternalLoadBalancerName to use for this instance", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "location": { - "description": "location is the region to use to create the instance", - "type": "string" - }, - "managedIdentity": { - "description": "managedIdentity to set managed identity name", - "type": "string" - }, - "metadata": { - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "natRule": { - "description": "natRule to set inbound NAT rule of the load balancer", - "type": "integer", - "format": "int64" - }, - "networkResourceGroup": { - "description": "networkResourceGroup is the resource group for the virtual machine's network", - "type": "string" - }, - "osDisk": { - "description": "osDisk represents the parameters for creating the OS disk.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.OSDisk" - }, - "publicIP": { - "description": "publicIP if true a public IP will be used", - "type": "boolean", - "default": false - }, - "publicLoadBalancer": { - "description": "publicLoadBalancer to use for this instance", - "type": "string" - }, - "resourceGroup": { - "description": "resourceGroup is the resource group for the virtual machine", - "type": "string" - }, - "securityGroup": { - "description": "Network Security Group that needs to be attached to the machine's interface. No security group will be attached if empty.", - "type": "string" - }, - "securityProfile": { - "description": "securityProfile specifies the Security profile settings for a virtual machine.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.SecurityProfile" - }, - "spotVMOptions": { - "description": "spotVMOptions allows the ability to specify the Machine should use a Spot VM", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.SpotVMOptions" - }, - "sshPublicKey": { - "description": "sshPublicKey is the public key to use to SSH to the virtual machine.", - "type": "string" - }, - "subnet": { - "description": "subnet to use for this instance", - "type": "string", - "default": "" - }, - "tags": { - "description": "tags is a list of tags to apply to the machine.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "ultraSSDCapability": { - "description": "ultraSSDCapability enables or disables Azure UltraSSD capability for a virtual machine. This can be used to allow/disallow binding of Azure UltraSSD to the Machine both as Data Disks or via Persistent Volumes. This Azure feature is subject to a specific scope and certain limitations. More informations on this can be found in the official Azure documentation for Ultra Disks: (https://docs.microsoft.com/en-us/azure/virtual-machines/disks-enable-ultra-ssd?tabs=azure-portal#ga-scope-and-limitations).\n\nWhen omitted, if at least one Data Disk of type UltraSSD is specified, the platform will automatically enable the capability. If a Perisistent Volume backed by an UltraSSD is bound to a Pod on the Machine, when this field is ommitted, the platform will *not* automatically enable the capability (unless already enabled by the presence of an UltraSSD as Data Disk). This may manifest in the Pod being stuck in `ContainerCreating` phase. This defaulting behaviour may be subject to change in future.\n\nWhen set to \"Enabled\", if the capability is available for the Machine based on the scope and limitations described above, the capability will be set on the Machine. This will thus allow UltraSSD both as Data Disks and Persistent Volumes. If set to \"Enabled\" when the capability can't be available due to scope and limitations, the Machine will go into \"Failed\" state.\n\nWhen set to \"Disabled\", UltraSSDs will not be allowed either as Data Disks nor as Persistent Volumes. In this case if any UltraSSDs are specified as Data Disks on a Machine, the Machine will go into a \"Failed\" state. If instead any UltraSSDs are backing the volumes (via Persistent Volumes) of any Pods scheduled on a Node which is backed by the Machine, the Pod may get stuck in `ContainerCreating` phase.", - "type": "string" - }, - "userDataSecret": { - "description": "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", - "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" - }, - "vmSize": { - "description": "vmSize is the size of the VM to create.", - "type": "string" - }, - "vnet": { - "description": "vnet to set virtual network name", - "type": "string" - }, - "zone": { - "description": "Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone", - "type": "string" - } - } - }, - "com.github.openshift.api.machine.v1beta1.AzureMachineProviderStatus": { - "description": "AzureMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains Azure-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "conditions": { - "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status.", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" }, "x-kubernetes-list-map-keys": [ - "type" + "group", + "resource", + "namespace", + "name" ], "x-kubernetes-list-type": "map" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "vmId": { - "description": "vmId is the ID of the virtual machine created in Azure.", - "type": "string" - }, - "vmState": { - "description": "vmState is the provisioning state of the Azure virtual machine.", - "type": "string" - } - } - }, - "com.github.openshift.api.machine.v1beta1.BlockDeviceMappingSpec": { - "description": "BlockDeviceMappingSpec describes a block device mapping", - "type": "object", - "properties": { - "deviceName": { - "description": "The device name exposed to the machine (for example, /dev/sdh or xvdh).", - "type": "string" - }, - "ebs": { - "description": "Parameters used to automatically set up EBS volumes when the machine is launched.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.EBSBlockDeviceSpec" - }, - "noDevice": { - "description": "Suppresses the specified device included in the block device mapping of the AMI.", - "type": "string" - }, - "virtualName": { - "description": "The virtual device name (ephemeralN). Machine store volumes are numbered starting from 0. An machine type with 2 available machine store volumes can specify mappings for ephemeral0 and ephemeral1.The number of available machine store volumes depends on the machine type. After you connect to the machine, you must mount the volume.\n\nConstraints: For M3 machines, you must specify machine store volumes in the block device mapping for the machine. When you launch an M3 machine, we ignore any machine store volumes specified in the block device mapping for the AMI.", - "type": "string" - } - } - }, - "com.github.openshift.api.machine.v1beta1.CPUOptions": { - "description": "CPUOptions defines CPU-related settings for the instance, including the confidential computing policy. If provided, it must not be empty — at least one field must be set.", - "type": "object", - "properties": { - "confidentialCompute": { - "description": "confidentialCompute specifies whether confidential computing should be enabled for the instance, and, if so, which confidential computing technology to use. Valid values are: Disabled, AMDEncryptedVirtualizationNestedPaging and omitted. When set to Disabled, confidential computing will be disabled for the instance. When set to AMDEncryptedVirtualizationNestedPaging, AMD SEV-SNP will be used as the confidential computing technology for the instance. In this case, ensure the following conditions are met: 1) The selected instance type supports AMD SEV-SNP. 2) The selected AWS region supports AMD SEV-SNP. 3) The selected AMI supports AMD SEV-SNP. More details can be checked at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html When omitted, this means no opinion and the AWS platform is left to choose a reasonable default, which is subject to change without notice. The current default is Disabled.", - "type": "string" - } - } - }, - "com.github.openshift.api.machine.v1beta1.Condition": { - "description": "Condition defines an observation of a Machine API resource operational state.", - "type": "object", - "required": [ - "type", - "status", - "lastTransitionTime" - ], - "properties": { - "lastTransitionTime": { - "description": "Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" }, - "message": { - "description": "A human readable message indicating details about the transition. This field may be empty.", - "type": "string" + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" }, - "reason": { - "description": "The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.", - "type": "string" + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 }, - "severity": { - "description": "severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.", + "version": { + "description": "version is the level this availability applies to", "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "type": "string", - "default": "" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.", - "type": "string", - "default": "" } } }, - "com.github.openshift.api.machine.v1beta1.ConfidentialVM": { - "description": "ConfidentialVM defines the UEFI settings for the virtual machine.", + "com.github.openshift.api.operator.v1.PartialSelector": { + "description": "PartialSelector provides label selector(s) that can be used to match machine management resources.", "type": "object", "required": [ - "uefiSettings" + "machineResourceSelector" ], "properties": { - "uefiSettings": { - "description": "uefiSettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.UEFISettings" + "machineResourceSelector": { + "description": "machineResourceSelector is a label selector that can be used to select machine resources like MachineSets.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" } } }, - "com.github.openshift.api.machine.v1beta1.DataDisk": { - "description": "DataDisk specifies the parameters that are used to add one or more data disks to the machine. A Data Disk is a managed disk that's attached to a virtual machine to store application data. It differs from an OS Disk as it doesn't come with a pre-installed OS, and it cannot contain the boot volume. It is registered as SCSI drive and labeled with the chosen `lun`. e.g. for `lun: 0` the raw disk device will be available at `/dev/disk/azure/scsi1/lun0`.\n\nAs the Data Disk disk device is attached raw to the virtual machine, it will need to be partitioned, formatted with a filesystem and mounted, in order for it to be usable. This can be done by creating a custom userdata Secret with custom Ignition configuration to achieve the desired initialization. At this stage the previously defined `lun` is to be used as the \"device\" key for referencing the raw disk device to be initialized. Once the custom userdata Secret has been created, it can be referenced in the Machine's `.providerSpec.userDataSecret`. For further guidance and examples, please refer to the official OpenShift docs.", + "com.github.openshift.api.operator.v1.Perspective": { + "description": "Perspective defines a perspective that cluster admins want to show/hide in the perspective switcher dropdown", "type": "object", "required": [ - "nameSuffix", - "diskSizeGB", - "lun", - "deletionPolicy" + "id", + "visibility" ], "properties": { - "cachingType": { - "description": "cachingType specifies the caching requirements. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is CachingTypeNone.", - "type": "string" - }, - "deletionPolicy": { - "description": "deletionPolicy specifies the data disk deletion policy upon Machine deletion. Possible values are \"Delete\",\"Detach\". When \"Delete\" is used the data disk is deleted when the Machine is deleted. When \"Detach\" is used the data disk is detached from the Machine and retained when the Machine is deleted.", + "id": { + "description": "id defines the id of the perspective. Example: \"dev\", \"admin\". The available perspective ids can be found in the code snippet section next to the yaml editor. Incorrect or unknown ids will be ignored.", "type": "string", "default": "" }, - "diskSizeGB": { - "description": "diskSizeGB is the size in GB to assign to the data disk.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "lun": { - "description": "lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. This value is also needed for referencing the data disks devices within userdata to perform disk initialization through Ignition (e.g. partition/format/mount). The value must be between 0 and 63.", - "type": "integer", - "format": "int32", - "default": 0 + "pinnedResources": { + "description": "pinnedResources defines the list of default pinned resources that users will see on the perspective navigation if they have not customized these pinned resources themselves. The list of available Kubernetes resources could be read via `kubectl api-resources`. The console will also provide a configuration UI and a YAML snippet that will list the available resources that can be pinned to the navigation. Incorrect or unknown resources will be ignored.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.PinnedResourceReference" + } }, - "managedDisk": { - "description": "managedDisk specifies the Managed Disk parameters for the data disk. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is a ManagedDisk with with storageAccountType: \"Premium_LRS\" and diskEncryptionSet.id: \"Default\".", + "visibility": { + "description": "visibility defines the state of perspective along with access review checks if needed for that perspective.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DataDiskManagedDiskParameters" - }, - "nameSuffix": { - "description": "nameSuffix is the suffix to be appended to the machine name to generate the disk name. Each disk name will be in format _. NameSuffix name must start and finish with an alphanumeric character and can only contain letters, numbers, underscores, periods or hyphens. The overall disk name must not exceed 80 chars in length.", - "type": "string", - "default": "" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.PerspectiveVisibility" } } }, - "com.github.openshift.api.machine.v1beta1.DataDiskManagedDiskParameters": { - "description": "DataDiskManagedDiskParameters is the parameters of a DataDisk managed disk.", + "com.github.openshift.api.operator.v1.PerspectiveVisibility": { + "description": "PerspectiveVisibility defines the criteria to show/hide a perspective", "type": "object", "required": [ - "storageAccountType" + "state" ], "properties": { - "diskEncryptionSet": { - "description": "diskEncryptionSet is the disk encryption set properties. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is a DiskEncryptionSet with id: \"Default\".", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DiskEncryptionSetParameters" + "accessReview": { + "description": "accessReview defines required and missing access review checks.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ResourceAttributesAccessReview" }, - "storageAccountType": { - "description": "storageAccountType is the storage account type to use. Possible values include \"Standard_LRS\", \"Premium_LRS\" and \"UltraSSD_LRS\".", + "state": { + "description": "state defines the perspective is enabled or disabled or access review check is required.", "type": "string", "default": "" } - } - }, - "com.github.openshift.api.machine.v1beta1.DedicatedHost": { - "description": "DedicatedHost represents the configuration for the usage of dedicated host.", - "type": "object", - "properties": { - "allocationStrategy": { - "description": "allocationStrategy specifies if the dedicated host will be provided by the admin through the id field or if the host will be dynamically allocated. Valid values are UserProvided and Dynamic. When omitted, the value defaults to \"UserProvided\", which requires the id field to be set. When allocationStrategy is set to UserProvided, an ID of the dedicated host to assign must be provided. When allocationStrategy is set to Dynamic, a dedicated host will be allocated and used to assign instances. When allocationStrategy is set to Dynamic, and dynamicHostAllocation is configured, a dedicated host will be allocated and the tags in dynamicHostAllocation will be assigned to that host.\n\nPossible enum values:\n - `\"Dynamic\"` specifies that the system should dynamically allocate a dedicated host for instances.\n - `\"UserProvided\"` specifies that the system should assign instances to a user-provided dedicated host.", - "type": "string", - "default": "UserProvided", - "enum": [ - "Dynamic", - "UserProvided" - ] - }, - "dynamicHostAllocation": { - "description": "dynamicHostAllocation specifies tags to apply to a dynamically allocated dedicated host. This field is only allowed when allocationStrategy is Dynamic, and is mutually exclusive with id. When specified, a dedicated host will be allocated with the provided tags applied. When omitted (and allocationStrategy is Dynamic), a dedicated host will be allocated without any additional tags.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DynamicHostAllocationSpec" - }, - "id": { - "description": "id identifies the AWS Dedicated Host on which the instance must run. The value must start with \"h-\" followed by either 8 or 17 lowercase hexadecimal characters (0-9 and a-f). The use of 8 lowercase hexadecimal characters is for older legacy hosts that may not have been migrated to newer format. Must be either 10 or 19 characters in length. This field is required when allocationStrategy is UserProvided, and forbidden otherwise. When omitted with allocationStrategy set to Dynamic, the platform will dynamically allocate a dedicated host.", - "type": "string" - } }, "x-kubernetes-unions": [ { - "discriminator": "allocationStrategy", + "discriminator": "state", "fields-to-discriminateBy": { - "dynamicHostAllocation": "DynamicHostAllocation", - "id": "ID" + "accessReview": "AccessReview" } } ] }, - "com.github.openshift.api.machine.v1beta1.DedicatedHostStatus": { - "description": "DedicatedHostStatus defines the observed state of a dynamically allocated dedicated host associated with an AWSMachine. This struct is used to track the ID of the dedicated host.", + "com.github.openshift.api.operator.v1.PinnedResourceReference": { + "description": "PinnedResourceReference includes the group, version and type of resource", "type": "object", "required": [ - "id" + "group", + "version", + "resource" ], "properties": { - "id": { - "description": "id tracks the dynamically allocated dedicated host ID. This field is populated when allocationStrategy is Dynamic (with or without DynamicHostAllocation). The value must start with \"h-\" followed by either 8 or 17 lowercase hexadecimal characters (0-9 and a-f). The use of 8 lowercase hexadecimal characters is for older legacy hosts that may not have been migrated to newer format. Must be either 10 or 19 characters in length.", - "type": "string" + "group": { + "description": "group is the API Group of the Resource. Enter empty string for the core group. This value should consist of only lowercase alphanumeric characters, hyphens and periods. Example: \"\", \"apps\", \"build.openshift.io\", etc.", + "type": "string", + "default": "" + }, + "resource": { + "description": "resource is the type that is being referenced. It is normally the plural form of the resource kind in lowercase. This value should consist of only lowercase alphanumeric characters and hyphens. Example: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", + "type": "string", + "default": "" + }, + "version": { + "description": "version is the API Version of the Resource. This value should consist of only lowercase alphanumeric characters. Example: \"v1\", \"v1beta1\", etc.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.machine.v1beta1.DiskEncryptionSetParameters": { - "description": "DiskEncryptionSetParameters is the disk encryption set properties", + "com.github.openshift.api.operator.v1.PolicyAuditConfig": { "type": "object", "properties": { - "id": { - "description": "id is the disk encryption set ID Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is: \"Default\".", + "destination": { + "description": "destination is the location for policy log messages. Regardless of this config, persistent logs will always be dumped to the host at /var/log/ovn/ however Additionally syslog output may be configured as follows. Valid values are: - \"libc\" -> to use the libc syslog() function of the host node's journdald process - \"udp:host:port\" -> for sending syslog over UDP - \"unix:file\" -> for using the UNIX domain socket directly - \"null\" -> to discard all messages logged to syslog The default is \"null\"", + "type": "string" + }, + "maxFileSize": { + "description": "maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs Units are in MB and the Default is 50MB", + "type": "integer", + "format": "int64" + }, + "maxLogFiles": { + "description": "maxLogFiles specifies the maximum number of ACL_audit log files that can be present.", + "type": "integer", + "format": "int32" + }, + "rateLimit": { + "description": "rateLimit is the approximate maximum number of messages to generate per-second per-node. If unset the default of 20 msg/sec is used.", + "type": "integer", + "format": "int64" + }, + "syslogFacility": { + "description": "syslogFacility the RFC5424 facility for generated messages, e.g. \"kern\". Default is \"local0\"", "type": "string" } } }, - "com.github.openshift.api.machine.v1beta1.DiskSettings": { - "description": "DiskSettings describe ephemeral disk settings for the os disk.", + "com.github.openshift.api.operator.v1.PrivateStrategy": { + "description": "PrivateStrategy holds parameters for the Private endpoint publishing strategy.", "type": "object", "properties": { - "ephemeralStorageLocation": { - "description": "ephemeralStorageLocation enables ephemeral OS when set to 'Local'. Possible values include: 'Local'. See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks for full details. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is that disks are saved to remote Azure storage.", + "protocol": { + "description": "protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string. * \"TCP\". * \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change.", "type": "string" } } }, - "com.github.openshift.api.machine.v1beta1.DynamicHostAllocationSpec": { - "description": "DynamicHostAllocationSpec defines the configuration for dynamic dedicated host allocation. This specification always allocates exactly one dedicated host per machine. At least one property must be specified when this struct is used. Currently only Tags are available for configuring, but in the future more configs may become available.", + "com.github.openshift.api.operator.v1.ProjectAccess": { + "description": "ProjectAccess contains options for project access roles", "type": "object", "properties": { - "tags": { - "description": "tags specifies a set of key-value pairs to apply to the allocated dedicated host. When omitted, no additional user-defined tags will be applied to the allocated host. A maximum of 50 tags can be specified.", + "availableClusterRoles": { + "description": "availableClusterRoles is the list of ClusterRole names that are assignable to users through the project access tab.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.TagSpecification" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.machine.v1beta1.EBSBlockDeviceSpec": { - "description": "EBSBlockDeviceSpec describes a block device for an EBS volume. https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EbsBlockDevice", + "com.github.openshift.api.operator.v1.ProviderLoadBalancerParameters": { + "description": "ProviderLoadBalancerParameters holds desired load balancer information specific to the underlying infrastructure provider.", "type": "object", + "required": [ + "type" + ], "properties": { - "deleteOnTermination": { - "description": "Indicates whether the EBS volume is deleted on machine termination.\n\nDeprecated: setting this field has no effect.", - "type": "boolean" - }, - "encrypted": { - "description": "Indicates whether the EBS volume is encrypted. Encrypted Amazon EBS volumes may only be attached to machines that support Amazon EBS encryption.", - "type": "boolean" + "aws": { + "description": "aws provides configuration settings that are specific to AWS load balancers.\n\nIf empty, defaults will be applied. See specific aws fields for details about their defaults.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSLoadBalancerParameters" }, - "iops": { - "description": "The number of I/O operations per second (IOPS) that the volume supports. For io1, this represents the number of IOPS that are provisioned for the volume. For gp2, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. For more information about General Purpose SSD baseline performance, I/O credits, and bursting, see Amazon EBS Volume Types (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the Amazon Elastic Compute Cloud User Guide.\n\nMinimal and maximal IOPS for io1 and gp2 are constrained. Please, check https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html for precise boundaries for individual volumes.\n\nCondition: This parameter is required for requests to create io1 volumes; it is not used in requests to create gp2, st1, sc1, or standard volumes.", - "type": "integer", - "format": "int64" + "gcp": { + "description": "gcp provides configuration settings that are specific to GCP load balancers.\n\nIf empty, defaults will be applied. See specific gcp fields for details about their defaults.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GCPLoadBalancerParameters" }, - "kmsKey": { - "description": "Indicates the KMS key that should be used to encrypt the Amazon EBS volume.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AWSResourceReference" + "ibm": { + "description": "ibm provides configuration settings that are specific to IBM Cloud load balancers.\n\nIf empty, defaults will be applied. See specific ibm fields for details about their defaults.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IBMLoadBalancerParameters" }, - "throughputMib": { - "description": "throughputMib to provision in MiB/s supported for the volume type. Not applicable to all types.\n\nThis parameter is valid only for gp3 volumes. Valid Range: Minimum value of 125. Maximum value of 2000.\n\nWhen omitted, this means no opinion, and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 125.", - "type": "integer", - "format": "int32" + "openstack": { + "description": "openstack provides configuration settings that are specific to OpenStack load balancers.\n\nIf empty, defaults will be applied. See specific openstack fields for details about their defaults.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenStackLoadBalancerParameters" }, - "volumeSize": { - "description": "The size of the volume, in GiB.\n\nConstraints: 1-16384 for General Purpose SSD (gp2), 4-16384 for Provisioned IOPS SSD (io1), 500-16384 for Throughput Optimized HDD (st1), 500-16384 for Cold HDD (sc1), and 1-1024 for Magnetic (standard) volumes. If you specify a snapshot, the volume size must be equal to or larger than the snapshot size.\n\nDefault: If you're creating the volume from a snapshot and don't specify a volume size, the default is the snapshot size.", - "type": "integer", - "format": "int64" + "type": { + "description": "type is the underlying infrastructure provider for the load balancer. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"IBM\", \"Nutanix\", \"OpenStack\", and \"VSphere\".", + "type": "string", + "default": "" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "aws": "AWS", + "gcp": "GCP", + "ibm": "IBM", + "openstack": "OpenStack" + } + } + ] + }, + "com.github.openshift.api.operator.v1.ProxyConfig": { + "description": "ProxyConfig defines the configuration knobs for kubeproxy All of these are optional and have sensible defaults", + "type": "object", + "properties": { + "bindAddress": { + "description": "The address to \"bind\" on Defaults to 0.0.0.0", + "type": "string" }, - "volumeType": { - "description": "volumeType can be of type gp2, gp3, io1, st1, sc1, or standard. Default: standard", + "iptablesSyncPeriod": { + "description": "An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted in large clusters for performance reasons, but this is no longer necessary, and there is no reason to change this from the default value. Default: 30s", "type": "string" + }, + "proxyArguments": { + "description": "Any additional arguments to pass to the kubeproxy process", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string", + "default": "" + } + } } } }, - "com.github.openshift.api.machine.v1beta1.Filter": { - "description": "Filter is a filter used to identify an AWS resource", + "com.github.openshift.api.operator.v1.QuickStarts": { + "description": "QuickStarts allow cluster admins to customize available ConsoleQuickStart resources.", "type": "object", - "required": [ - "name" - ], "properties": { - "name": { - "description": "name of the filter. Filter names are case-sensitive.", - "type": "string", - "default": "" - }, - "values": { - "description": "values includes one or more filter values. Filter values are case-sensitive.", + "disabled": { + "description": "disabled is a list of ConsoleQuickStart resource names that are not shown to users.", "type": "array", "items": { "type": "string", @@ -36531,748 +34796,807 @@ } } }, - "com.github.openshift.api.machine.v1beta1.GCPDisk": { - "description": "GCPDisk describes disks for GCP.", + "com.github.openshift.api.operator.v1.ReloadService": { + "description": "ReloadService allows the user to specify the services to be reloaded", "type": "object", "required": [ - "autoDelete", - "boot", - "sizeGb", - "type", - "image", - "labels" + "serviceName" ], "properties": { - "autoDelete": { - "description": "autoDelete indicates if the disk will be auto-deleted when the instance is deleted (default false).", - "type": "boolean", - "default": false - }, - "boot": { - "description": "boot indicates if this is a boot disk (default false).", - "type": "boolean", - "default": false - }, - "encryptionKey": { - "description": "encryptionKey is the customer-supplied encryption key of the disk.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPEncryptionKeyReference" - }, - "image": { - "description": "image is the source image to create this disk.", + "serviceName": { + "description": "serviceName is the full name (e.g. crio.service) of the service to be reloaded Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", "type": "string", "default": "" - }, - "labels": { - "description": "labels list of labels to apply to the disk.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" + } + } + }, + "com.github.openshift.api.operator.v1.ResourceAttributesAccessReview": { + "description": "ResourceAttributesAccessReview defines the visibility of the perspective depending on the access review checks. `required` and `missing` can work together esp. in the case where the cluster admin wants to show another perspective to users without specific permissions. Out of `required` and `missing` atleast one property should be non-empty.", + "type": "object", + "properties": { + "missing": { + "description": "missing defines a list of permission checks. The perspective will only be shown when at least one check fails. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the required access review list.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.authorization.v1.ResourceAttributes" } }, - "sizeGb": { - "description": "sizeGb is the size of the disk (in GB).", - "type": "integer", - "format": "int64", - "default": 0 - }, - "type": { - "description": "type is the type of the disk (eg: pd-standard).", + "required": { + "description": "required defines a list of permission checks. The perspective will only be shown when all checks are successful. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the missing access review list.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.authorization.v1.ResourceAttributes" + } + } + } + }, + "com.github.openshift.api.operator.v1.RestartService": { + "description": "RestartService allows the user to specify the services to be restarted", + "type": "object", + "required": [ + "serviceName" + ], + "properties": { + "serviceName": { + "description": "serviceName is the full name (e.g. crio.service) of the service to be restarted Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", "type": "string", "default": "" } } }, - "com.github.openshift.api.machine.v1beta1.GCPEncryptionKeyReference": { - "description": "GCPEncryptionKeyReference describes the encryptionKey to use for a disk's encryption.", + "com.github.openshift.api.operator.v1.RouteAdmissionPolicy": { + "description": "RouteAdmissionPolicy is an admission policy for allowing new route claims.", "type": "object", "properties": { - "kmsKey": { - "description": "KMSKeyName is the reference KMS key, in the format", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPKMSKeyReference" + "namespaceOwnership": { + "description": "namespaceOwnership describes how host name claims across namespaces should be handled.\n\nValue must be one of:\n\n- Strict: Do not allow routes in different namespaces to claim the same host.\n\n- InterNamespaceAllowed: Allow routes to claim different paths of the same\n host name across namespaces.\n\nIf empty, the default is Strict.", + "type": "string" }, - "kmsKeyServiceAccount": { - "description": "kmsKeyServiceAccount is the service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. See https://cloud.google.com/compute/docs/access/service-accounts#compute_engine_service_account for details on the default service account.", + "wildcardPolicy": { + "description": "wildcardPolicy describes how routes with wildcard policies should be handled for the ingress controller. WildcardPolicy controls use of routes [1] exposed by the ingress controller based on the route's wildcard policy.\n\n[1] https://github.com/openshift/api/blob/master/route/v1/types.go\n\nNote: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed will cause admitted routes with a wildcard policy of Subdomain to stop working. These routes must be updated to a wildcard policy of None to be readmitted by the ingress controller.\n\nWildcardPolicy supports WildcardsAllowed and WildcardsDisallowed values.\n\nIf empty, defaults to \"WildcardsDisallowed\".", "type": "string" } } }, - "com.github.openshift.api.machine.v1beta1.GCPGPUConfig": { - "description": "GCPGPUConfig describes type and count of GPUs attached to the instance on GCP.", + "com.github.openshift.api.operator.v1.SFlowConfig": { + "type": "object", + "properties": { + "collectors": { + "description": "sFlowCollectors is list of strings formatted as ip:port with a maximum of ten items", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "com.github.openshift.api.operator.v1.Server": { + "description": "Server defines the schema for a server that runs per instance of CoreDNS.", "type": "object", "required": [ - "count", - "type" + "name", + "zones", + "forwardPlugin" ], "properties": { - "count": { - "description": "count is the number of GPUs to be attached to an instance.", - "type": "integer", - "format": "int32", - "default": 0 + "forwardPlugin": { + "description": "forwardPlugin defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ForwardPlugin" }, - "type": { - "description": "type is the type of GPU to be attached to an instance. Supported GPU types are: nvidia-tesla-k80, nvidia-tesla-p100, nvidia-tesla-v100, nvidia-tesla-p4, nvidia-tesla-t4", + "name": { + "description": "name is required and specifies a unique name for the server. Name must comply with the Service Name Syntax of rfc6335.", "type": "string", "default": "" + }, + "zones": { + "description": "zones is required and specifies the subdomains that Server is authoritative for. Zones must conform to the rfc1123 definition of a subdomain. Specifying the cluster domain (i.e., \"cluster.local\") is invalid.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.machine.v1beta1.GCPKMSKeyReference": { - "description": "GCPKMSKeyReference gathers required fields for looking up a GCP KMS Key", + "com.github.openshift.api.operator.v1.ServiceAccountIssuerStatus": { "type": "object", "required": [ - "name", - "keyRing", - "location" + "name" ], "properties": { - "keyRing": { - "description": "keyRing is the name of the KMS Key Ring which the KMS Key belongs to.", - "type": "string", - "default": "" - }, - "location": { - "description": "location is the GCP location in which the Key Ring exists.", - "type": "string", - "default": "" + "expirationTime": { + "description": "expirationTime is the time after which this service account issuer will be pruned and removed from the trusted list of service account issuers.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, "name": { - "description": "name is the name of the customer managed encryption key to be used for the disk encryption.", + "description": "name is the name of the service account issuer", "type": "string", "default": "" - }, - "projectID": { - "description": "projectID is the ID of the Project in which the KMS Key Ring exists. Defaults to the VM ProjectID if not set.", - "type": "string" } } }, - "com.github.openshift.api.machine.v1beta1.GCPMachineProviderSpec": { - "description": "GCPMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an GCP virtual machine. It is used by the GCP machine actuator to create a single Machine. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.ServiceCA": { + "description": "ServiceCA provides information to configure an operator to manage the service cert controllers\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "canIPForward", - "deletionProtection", - "serviceAccounts", - "machineType", - "region", - "zone" + "metadata", + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "canIPForward": { - "description": "canIPForward Allows this instance to send and receive packets with non-matching destination or source IPs. This is required if you plan to use this instance to forward routes.", - "type": "boolean", - "default": false - }, - "confidentialCompute": { - "description": "confidentialCompute is an optional field defining whether the instance should have confidential compute enabled or not, and the confidential computing technology of choice. Allowed values are omitted, Disabled, Enabled, AMDEncryptedVirtualization, AMDEncryptedVirtualizationNestedPaging, and IntelTrustedDomainExtensions When set to Disabled, the machine will not be configured to be a confidential computing instance. When set to Enabled, the machine will be configured as a confidential computing instance with no preference on the confidential compute policy used. In this mode, the platform chooses a default that is subject to change over time. Currently, the default is to use AMD Secure Encrypted Virtualization. When set to AMDEncryptedVirtualization, the machine will be configured as a confidential computing instance with AMD Secure Encrypted Virtualization (AMD SEV) as the confidential computing technology. When set to AMDEncryptedVirtualizationNestedPaging, the machine will be configured as a confidential computing instance with AMD Secure Encrypted Virtualization Secure Nested Paging (AMD SEV-SNP) as the confidential computing technology. When set to IntelTrustedDomainExtensions, the machine will be configured as a confidential computing instance with Intel Trusted Domain Extensions (Intel TDX) as the confidential computing technology. If any value other than Disabled is set the selected machine type must support that specific confidential computing technology. The machine series supporting confidential computing technologies can be checked at https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations#all-confidential-vm-instances Currently, AMDEncryptedVirtualization is supported in c2d, n2d, and c3d machines. AMDEncryptedVirtualizationNestedPaging is supported in n2d machines. IntelTrustedDomainExtensions is supported in c3 machines. If any value other than Disabled is set, the selected region must support that specific confidential computing technology. The list of regions supporting confidential computing technologies can be checked at https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations#supported-zones If any value other than Disabled is set onHostMaintenance is required to be set to \"Terminate\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "credentialsSecret": { - "description": "credentialsSecret is a reference to the secret with GCP credentials.", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" - }, - "deletionProtection": { - "description": "deletionProtection whether the resource should be protected against deletion.", - "type": "boolean", - "default": false + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "disks": { - "description": "disks is a list of disks to be attached to the VM.", - "type": "array", - "items": { - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPDisk" - } + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCASpec" }, - "gcpMetadata": { - "description": "Metadata key/value pairs to apply to the VM.", - "type": "array", - "items": { - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPMetadata" - } + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCAStatus" + } + } + }, + "com.github.openshift.api.operator.v1.ServiceCAList": { + "description": "ServiceCAList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "metadata", + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "gpus": { - "description": "gpus is a list of GPUs to be attached to the VM.", + "items": { + "description": "items contains the items", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPGPUConfig" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCA" } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "labels": { - "description": "labels list of labels to apply to the VM.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "machineType": { - "description": "machineType is the machine type to use for the VM.", - "type": "string", - "default": "" - }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "networkInterfaces": { - "description": "networkInterfaces is a list of network interfaces to be attached to the VM.", - "type": "array", - "items": { - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPNetworkInterface" - } - }, - "onHostMaintenance": { - "description": "onHostMaintenance determines the behavior when a maintenance event occurs that might cause the instance to reboot. This is required to be set to \"Terminate\" if you want to provision machine with attached GPUs. Otherwise, allowed values are \"Migrate\" and \"Terminate\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is \"Migrate\".", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + } + }, + "com.github.openshift.api.operator.v1.ServiceCASpec": { + "type": "object", + "required": [ + "managementState" + ], + "properties": { + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "preemptible": { - "description": "preemptible indicates if created instance is preemptible.", - "type": "boolean" + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" }, - "projectID": { - "description": "projectID is the project in which the GCP machine provider will create the VM.", - "type": "string" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "provisioningModel": { - "description": "provisioningModel is an optional field that determines the provisioning model for the GCP machine instance. Valid values are \"Spot\" and omitted. When set to Spot, the instance runs as a Google Cloud Spot instance which provides significant cost savings but may be preempted by Google Cloud Platform when resources are needed elsewhere. When omitted, the machine will be provisioned as a standard on-demand instance. This field cannot be used together with the preemptible field.", + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "region": { - "description": "region is the region in which the GCP machine provider will create the VM.", - "type": "string", - "default": "" - }, - "resourceManagerTags": { - "description": "resourceManagerTags is an optional list of tags to apply to the GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + } + } + }, + "com.github.openshift.api.operator.v1.ServiceCAStatus": { + "type": "object", + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.ResourceManagerTag" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" }, "x-kubernetes-list-map-keys": [ - "key" + "type" ], "x-kubernetes-list-type": "map" }, - "restartPolicy": { - "description": "restartPolicy determines the behavior when an instance crashes or the underlying infrastructure provider stops the instance as part of a maintenance event (default \"Always\"). Cannot be \"Always\" with preemptible instances. Otherwise, allowed values are \"Always\" and \"Never\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is \"Always\". RestartPolicy represents AutomaticRestart in GCP compute api", - "type": "string" - }, - "serviceAccounts": { - "description": "serviceAccounts is a list of GCP service accounts to be used by the VM.", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPServiceAccount" - } + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "shieldedInstanceConfig": { - "description": "shieldedInstanceConfig is the Shielded VM configuration for the VM", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPShieldedInstanceConfig" + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" }, - "tags": { - "description": "tags list of network tags to apply to the VM.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" }, - "targetPools": { - "description": "targetPools are used for network TCP/UDP load balancing. A target pool references member instances, an associated legacy HttpHealthCheck resource, and, optionally, a backup target pool", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 }, - "userDataSecret": { - "description": "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + "version": { + "description": "version is the level this availability applies to", + "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.ServiceCatalogAPIServer": { + "description": "ServiceCatalogAPIServer provides information to configure an operator to manage Service Catalog API Server DEPRECATED: will be removed in 4.6\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "zone": { - "description": "zone is the zone in which the GCP machine provider will create the VM.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCatalogAPIServerSpec" + }, + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCatalogAPIServerStatus" } } }, - "com.github.openshift.api.machine.v1beta1.GCPMachineProviderStatus": { - "description": "GCPMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains GCP-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.ServiceCatalogAPIServerList": { + "description": "ServiceCatalogAPIServerList is a collection of items DEPRECATED: will be removed in 4.6\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "conditions": { - "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status", + "items": { + "description": "items contains the items", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "instanceId": { - "description": "instanceId is the ID of the instance in GCP", - "type": "string" - }, - "instanceState": { - "description": "instanceState is the provisioning state of the GCP Instance.", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCatalogAPIServer" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.machine.v1beta1.GCPMetadata": { - "description": "GCPMetadata describes metadata for GCP.", + "com.github.openshift.api.operator.v1.ServiceCatalogAPIServerSpec": { "type": "object", "required": [ - "key", - "value" + "managementState" ], "properties": { - "key": { - "description": "key is the metadata key.", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", "default": "" }, - "value": { - "description": "value is the metadata value.", + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } } }, - "com.github.openshift.api.machine.v1beta1.GCPNetworkInterface": { - "description": "GCPNetworkInterface describes network interfaces for GCP", + "com.github.openshift.api.operator.v1.ServiceCatalogAPIServerStatus": { "type": "object", "properties": { - "network": { - "description": "network is the network name.", - "type": "string" + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "projectID": { - "description": "projectID is the project in which the GCP machine provider will create the VM.", - "type": "string" + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "publicIP": { - "description": "publicIP indicates if true a public IP will be used", - "type": "boolean" + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" }, - "subnetwork": { - "description": "subnetwork is the subnetwork name.", + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", "type": "string" } } }, - "com.github.openshift.api.machine.v1beta1.GCPServiceAccount": { - "description": "GCPServiceAccount describes service accounts for GCP.", + "com.github.openshift.api.operator.v1.ServiceCatalogControllerManager": { + "description": "ServiceCatalogControllerManager provides information to configure an operator to manage Service Catalog Controller Manager DEPRECATED: will be removed in 4.6\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "email", - "scopes" + "metadata", + "spec" ], "properties": { - "email": { - "description": "email is the service account email.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "scopes": { - "description": "scopes list of scopes to be assigned to the service account.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - } - } - }, - "com.github.openshift.api.machine.v1beta1.GCPShieldedInstanceConfig": { - "description": "GCPShieldedInstanceConfig describes the shielded VM configuration of the instance on GCP. Shielded VM configuration allow users to enable and disable Secure Boot, vTPM, and Integrity Monitoring.", - "type": "object", - "properties": { - "integrityMonitoring": { - "description": "integrityMonitoring determines whether the instance should have integrity monitoring that verify the runtime boot integrity. Compares the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "secureBoot": { - "description": "secureBoot Defines whether the instance should have secure boot enabled. Secure Boot verify the digital signature of all boot components, and halting the boot process if signature verification fails. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled.", - "type": "string" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "virtualizedTrustedPlatformModule": { - "description": "virtualizedTrustedPlatformModule enable virtualized trusted platform module measurements to create a known good boot integrity policy baseline. The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. This is required to be set to \"Enabled\" if IntegrityMonitoring is enabled. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled.", - "type": "string" + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerSpec" + }, + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerStatus" } } }, - "com.github.openshift.api.machine.v1beta1.HostPlacement": { - "description": "HostPlacement is the type that will be used to configure the placement of AWS instances.", + "com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerList": { + "description": "ServiceCatalogControllerManagerList is a collection of items DEPRECATED: will be removed in 4.6\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "affinity" + "metadata", + "items" ], "properties": { - "affinity": { - "description": "affinity specifies the affinity setting for the instance. Allowed values are AnyAvailable and DedicatedHost. When Affinity is set to DedicatedHost, an instance started onto a specific host always restarts on the same host if stopped. In this scenario, the `dedicatedHost` field must be set. When Affinity is set to AnyAvailable, and you stop and restart the instance, it can be restarted on any available host. When Affinity is set to AnyAvailable and the `dedicatedHost` field is defined, it runs on specified Dedicated Host, but may move if stopped.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "dedicatedHost": { - "description": "dedicatedHost specifies the exact host that an instance should be restarted on if stopped. dedicatedHost is required when 'affinity' is set to DedicatedHost, and optional otherwise.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DedicatedHost" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "affinity", - "fields-to-discriminateBy": { - "dedicatedHost": "DedicatedHost" + "items": { + "description": "items contains the items", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCatalogControllerManager" } - } - ] - }, - "com.github.openshift.api.machine.v1beta1.Image": { - "description": "Image is a mirror of azure sdk compute.ImageReference", - "type": "object", - "required": [ - "publisher", - "offer", - "sku", - "version", - "resourceID" - ], - "properties": { - "offer": { - "description": "offer specifies the name of a group of related images created by the publisher. For example, UbuntuServer, WindowsServer", - "type": "string", - "default": "" - }, - "publisher": { - "description": "publisher is the name of the organization that created the image", - "type": "string", - "default": "" - }, - "resourceID": { - "description": "resourceID specifies an image to use by ID", - "type": "string", - "default": "" - }, - "sku": { - "description": "sku specifies an instance of an offer, such as a major release of a distribution. For example, 18.04-LTS, 2019-Datacenter", - "type": "string", - "default": "" }, - "type": { - "description": "type identifies the source of the image and related information, such as purchase plans. Valid values are \"ID\", \"MarketplaceWithPlan\", \"MarketplaceNoPlan\", and omitted, which means no opinion and the platform chooses a good default which may change over time. Currently that default is \"MarketplaceNoPlan\" if publisher data is supplied, or \"ID\" if not. For more information about purchase plans, see: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/cli-ps-findimage#check-the-purchase-plan-information", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "version": { - "description": "version specifies the version of an image sku. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available.", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.machine.v1beta1.LastOperation": { - "description": "LastOperation represents the detail of the last performed operation on the MachineObject.", + "com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerSpec": { "type": "object", + "required": [ + "managementState" + ], "properties": { - "description": { - "description": "description is the human-readable description of the last operation.", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "lastUpdated": { - "description": "lastUpdated is the timestamp at which LastOperation API was last-updated.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" }, - "state": { - "description": "state is the current status of the last performed operation. E.g. Processing, Failed, Successful etc", - "type": "string" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "type": { - "description": "type is the type of operation which was last performed. E.g. Create, Delete, Update etc", + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" - } - } - }, - "com.github.openshift.api.machine.v1beta1.LifecycleHook": { - "description": "LifecycleHook represents a single instance of a lifecycle hook", - "type": "object", - "required": [ - "name", - "owner" - ], - "properties": { - "name": { - "description": "name defines a unique name for the lifcycle hook. The name should be unique and descriptive, ideally 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. Names must be unique and should only be managed by a single entity.", - "type": "string", - "default": "" }, - "owner": { - "description": "owner defines the owner of the lifecycle hook. This should be descriptive enough so that users can identify who/what is responsible for blocking the lifecycle. This could be the name of a controller (e.g. clusteroperator/etcd) or an administrator managing the hook.", - "type": "string", - "default": "" + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } } }, - "com.github.openshift.api.machine.v1beta1.LifecycleHooks": { - "description": "LifecycleHooks allow users to pause operations on the machine at certain prefedined points within the machine lifecycle.", + "com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerStatus": { "type": "object", "properties": { - "preDrain": { - "description": "preDrain hooks prevent the machine from being drained. This also blocks further lifecycle events, such as termination.", + "conditions": { + "description": "conditions is a list of conditions and their status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.LifecycleHook" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" }, "x-kubernetes-list-map-keys": [ - "name" + "type" ], "x-kubernetes-list-type": "map" }, - "preTerminate": { - "description": "preTerminate hooks prevent the machine from being terminated. PreTerminate hooks be actioned after the Machine has been drained.", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.LifecycleHook" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" }, "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", "name" ], "x-kubernetes-list-type": "map" + }, + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } } }, - "com.github.openshift.api.machine.v1beta1.LoadBalancerReference": { - "description": "LoadBalancerReference is a reference to a load balancer on AWS.", + "com.github.openshift.api.operator.v1.SimpleMacvlanConfig": { + "description": "SimpleMacvlanConfig contains configurations for macvlan interface.", "type": "object", - "required": [ - "name", - "type" - ], "properties": { - "name": { - "type": "string", - "default": "" + "ipamConfig": { + "description": "ipamConfig configures IPAM module will be used for IP Address Management (IPAM).", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPAMConfig" }, - "type": { - "type": "string", - "default": "" + "master": { + "description": "master is the host interface to create the macvlan interface from. If not specified, it will be default route interface", + "type": "string" + }, + "mode": { + "description": "mode is the macvlan mode: bridge, private, vepa, passthru. The default is bridge", + "type": "string" + }, + "mtu": { + "description": "mtu is the mtu to use for the macvlan interface. if unset, host's kernel will select the value.", + "type": "integer", + "format": "int64" } } }, - "com.github.openshift.api.machine.v1beta1.Machine": { - "description": "Machine is the Schema for the machines API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.StaticIPAMAddresses": { + "description": "StaticIPAMAddresses provides IP address and Gateway for static IPAM addresses", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "address": { + "description": "address is the IP address in CIDR format", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "gateway": { + "description": "gateway is IP inside of subnet to designate as the gateway", "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.StaticIPAMConfig": { + "description": "StaticIPAMConfig contains configurations for static IPAM (IP Address Management)", + "type": "object", + "properties": { + "addresses": { + "description": "addresses configures IP address for the interface", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.StaticIPAMAddresses" + }, + "x-kubernetes-list-type": "atomic" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineSpec" + "dns": { + "description": "dns configures DNS for the interface", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.StaticIPAMDNS" }, - "status": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineStatus" + "routes": { + "description": "routes configures IP routes for the interface", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.StaticIPAMRoutes" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.machine.v1beta1.MachineHealthCheck": { - "description": "MachineHealthCheck is the Schema for the machinehealthchecks API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.StaticIPAMDNS": { + "description": "StaticIPAMDNS provides DNS related information for static IPAM", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "domain": { + "description": "domain configures the domainname the local domain used for short hostname lookups", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "Specification of machine health check policy", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineHealthCheckSpec" + "nameservers": { + "description": "nameservers points DNS servers for IP lookup", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "status": { - "description": "Most recently observed status of MachineHealthCheck resource", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineHealthCheckStatus" + "search": { + "description": "search configures priority ordered search domains for short hostname lookups", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.machine.v1beta1.MachineHealthCheckList": { - "description": "MachineHealthCheckList contains a list of MachineHealthCheck Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.StaticIPAMRoutes": { + "description": "StaticIPAMRoutes provides Destination/Gateway pairs for static IPAM routes", "type": "object", "required": [ - "items" + "destination" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineHealthCheck" - } + "destination": { + "description": "destination points the IP route destination", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "gateway": { + "description": "gateway is the route's next-hop IP address If unset, a default gateway is assumed (as determined by the CNI plugin).", "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.machine.v1beta1.MachineHealthCheckSpec": { - "description": "MachineHealthCheckSpec defines the desired state of MachineHealthCheck", + "com.github.openshift.api.operator.v1.StaticPodOperatorSpec": { + "description": "StaticPodOperatorSpec is spec for controllers that manage static pods.", "type": "object", "required": [ - "selector", - "unhealthyConditions" + "managementState", + "forceRedeploymentReason" ], "properties": { - "maxUnhealthy": { - "description": "Any farther remediation is only allowed if at most \"MaxUnhealthy\" machines selected by \"selector\" are not healthy. Expects either a postive integer value or a percentage value. Percentage values must be positive whole numbers and are capped at 100%. Both 0 and 0% are valid and will block all remediation. Defaults to 100% if not set.", - "$ref": "#/definitions/IntOrString.intstr.util.pkg.apimachinery.k8s.io" + "failedRevisionLimit": { + "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", + "type": "integer", + "format": "int32" }, - "nodeStartupTimeout": { - "description": "Machines older than this duration without a node will be considered to have failed and will be remediated. To prevent Machines without Nodes from being removed, disable startup checks by setting this value explicitly to \"0\". Expects an unsigned duration string of decimal numbers each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".", - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + "forceRedeploymentReason": { + "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.", + "type": "string", + "default": "" }, - "remediationTemplate": { - "description": "remediationTemplate is a reference to a remediation template provided by an infrastructure provider.\n\nThis field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Machine API Operator.", - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" }, - "selector": { - "description": "Label selector to match machines whose health will be exercised. Note: An empty selector will match all machines.", - "default": {}, - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" }, - "unhealthyConditions": { - "description": "unhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.UnhealthyCondition" - } + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "succeededRevisionLimit": { + "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", + "type": "integer", + "format": "int32" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } } }, - "com.github.openshift.api.machine.v1beta1.MachineHealthCheckStatus": { - "description": "MachineHealthCheckStatus defines the observed state of MachineHealthCheck", + "com.github.openshift.api.operator.v1.StaticPodOperatorStatus": { + "description": "StaticPodOperatorStatus is status for controllers that manage static pods. There are different needs because individual node status must be tracked.", "type": "object", "properties": { "conditions": { - "description": "conditions defines the current state of the MachineHealthCheck", + "description": "conditions is a list of conditions and their status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Condition" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" }, "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, - "currentHealthy": { - "description": "total number of machines counted by this machine health check", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" + }, + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", "type": "integer", "format": "int32" }, - "expectedMachines": { - "description": "total number of machines counted by this machine health check", + "latestAvailableRevisionReason": { + "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", + "type": "string" + }, + "nodeStatuses": { + "description": "nodeStatuses track the deployment values and errors across individual nodes", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeStatus" + }, + "x-kubernetes-list-map-keys": [ + "nodeName" + ], + "x-kubernetes-list-type": "map" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", "type": "integer", - "format": "int32" + "format": "int64" }, - "remediationsAllowed": { - "description": "remediationsAllowed is the number of further remediations allowed by this machine health check before maxUnhealthy short circuiting will be applied", + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", "type": "integer", "format": "int32", "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } } }, - "com.github.openshift.api.machine.v1beta1.MachineList": { - "description": "MachineList contains a list of Machine Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.StatuspageProvider": { + "description": "StatuspageProvider provides identity for statuspage account.", "type": "object", "required": [ - "items" + "pageID" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Machine" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "pageID": { + "description": "pageID is the unique ID assigned by Statuspage for your page. This must be a public page.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.machine.v1beta1.MachineSet": { - "description": "MachineSet ensures that a specified number of machines replicas are running at any given time. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.Storage": { + "description": "Storage provides a means to configure an operator to manage the cluster storage operator. `cluster` is the canonical name.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -37285,20 +35609,22 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineSetSpec" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.StorageSpec" }, "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineSetStatus" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.StorageStatus" } } }, - "com.github.openshift.api.machine.v1beta1.MachineSetList": { - "description": "MachineSetList contains a list of MachineSet Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.StorageList": { + "description": "StorageList contains a list of Storages.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "items" @@ -37312,7 +35638,7 @@ "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineSet" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Storage" } }, "kind": { @@ -37322,803 +35648,767 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.machine.v1beta1.MachineSetSpec": { - "description": "MachineSetSpec defines the desired state of MachineSet", + "com.github.openshift.api.operator.v1.StorageSpec": { + "description": "StorageSpec is the specification of the desired behavior of the cluster storage operator.", "type": "object", "required": [ - "selector" + "managementState" ], "properties": { - "authoritativeAPI": { - "description": "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI and ClusterAPI. When set to MachineAPI, writes to the spec of the machine.openshift.io copy of this resource will be reflected into the cluster.x-k8s.io copy. When set to ClusterAPI, writes to the spec of the cluster.x-k8s.io copy of this resource will be reflected into the machine.openshift.io copy. Updates to the status will be reflected in both copies of the resource, based on the controller implementing the functionality of the API. Currently the authoritative API determines which controller will manage the resource, this will change in a future release. To ensure the change has been accepted, please verify that the `status.authoritativeAPI` field has been updated to the desired value and that the `Synchronized` condition is present and set to `True`.", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", - "default": "MachineAPI" + "default": "" }, - "deletePolicy": { - "description": "deletePolicy defines the policy used to identify nodes to delete when downscaling. Defaults to \"Random\". Valid values are \"Random, \"Newest\", \"Oldest\"", - "type": "string" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "minReadySeconds": { - "description": "minReadySeconds is the minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready)", - "type": "integer", - "format": "int32" + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" }, - "replicas": { - "description": "replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1.", - "type": "integer", - "format": "int32" + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "selector": { - "description": "selector is a label query over machines that should match the replica count. Label keys and values that must match in order to be controlled by this MachineSet. It must match the machine template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors", - "default": {}, - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "template": { - "description": "template is the object that describes the machine that will be created if insufficient replicas are detected.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineTemplateSpec" + "vsphereStorageDriver": { + "description": "vsphereStorageDriver indicates the storage driver to use on VSphere clusters. Once this field is set to CSIWithMigrationDriver, it can not be changed. If this is empty, the platform will choose a good default, which may change over time without notice. The current default is CSIWithMigrationDriver and may not be changed. DEPRECATED: This field will be removed in a future release.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.machine.v1beta1.MachineSetStatus": { - "description": "MachineSetStatus defines the observed state of MachineSet", + "com.github.openshift.api.operator.v1.StorageStatus": { + "description": "StorageStatus defines the observed status of the cluster storage operator.", "type": "object", "properties": { - "authoritativeAPI": { - "description": "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI, ClusterAPI and Migrating. This value is updated by the migration controller to reflect the authoritative API. Machine API and Cluster API controllers use this value to determine whether or not to reconcile the resource. When set to Migrating, the migration controller is currently performing the handover of authority from one API to the other.", - "type": "string" - }, - "availableReplicas": { - "description": "The number of available replicas (ready for at least minReadySeconds) for this MachineSet.", - "type": "integer", - "format": "int32" - }, "conditions": { - "description": "conditions defines the current state of the MachineSet", + "description": "conditions is a list of conditions and their status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Condition" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" }, "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, - "errorMessage": { - "type": "string" - }, - "errorReason": { - "description": "In the event that there is a terminal problem reconciling the replicas, both ErrorReason and ErrorMessage will be set. ErrorReason will be populated with a succinct value suitable for machine interpretation, while ErrorMessage will contain a more verbose string suitable for logging and human consumption.\n\nThese fields should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the MachineTemplate's spec or the configuration of the machine controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the machine controller, or the responsible machine controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines can be added as events to the MachineSet object and/or logged in the controller's output.", - "type": "string" + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "fullyLabeledReplicas": { - "description": "The number of replicas that have labels matching the labels of the machine template of the MachineSet.", + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", "type": "integer", "format": "int32" }, "observedGeneration": { - "description": "observedGeneration reflects the generation of the most recently observed MachineSet.", + "description": "observedGeneration is the last generation change you've dealt with", "type": "integer", "format": "int64" }, "readyReplicas": { - "description": "The number of ready replicas for this MachineSet. A machine is considered ready when the node has been created and is \"Ready\".", - "type": "integer", - "format": "int32" - }, - "replicas": { - "description": "replicas is the most recently observed number of replicas.", + "description": "readyReplicas indicates how many replicas are ready and at the desired state", "type": "integer", "format": "int32", "default": 0 }, - "synchronizedAPI": { - "description": "synchronizedAPI holds the last stable value of authoritativeAPI. It is used to detect migration cancellation requests and to restore the resource to its previous state. Valid values are \"MachineAPI\" and \"ClusterAPI\". When omitted, the resource has not yet been reconciled by the migration controller.", + "version": { + "description": "version is the level this availability applies to", "type": "string" - }, - "synchronizedGeneration": { - "description": "synchronizedGeneration is the generation of the authoritative resource that the non-authoritative resource is synchronised with. This field is set when the authoritative resource is updated and the sync controller has updated the non-authoritative resource to match.", - "type": "integer", - "format": "int64" } } }, - "com.github.openshift.api.machine.v1beta1.MachineSpec": { - "description": "MachineSpec defines the desired state of Machine", + "com.github.openshift.api.operator.v1.SyslogLoggingDestinationParameters": { + "description": "SyslogLoggingDestinationParameters describes parameters for the Syslog logging destination type.", "type": "object", + "required": [ + "address", + "port" + ], "properties": { - "authoritativeAPI": { - "description": "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI and ClusterAPI. When set to MachineAPI, writes to the spec of the machine.openshift.io copy of this resource will be reflected into the cluster.x-k8s.io copy. When set to ClusterAPI, writes to the spec of the cluster.x-k8s.io copy of this resource will be reflected into the machine.openshift.io copy. Updates to the status will be reflected in both copies of the resource, based on the controller implementing the functionality of the API. Currently the authoritative API determines which controller will manage the resource, this will change in a future release. To ensure the change has been accepted, please verify that the `status.authoritativeAPI` field has been updated to the desired value and that the `Synchronized` condition is present and set to `True`.", + "address": { + "description": "address is the IP address of the syslog endpoint that receives log messages.", "type": "string", - "default": "MachineAPI" - }, - "lifecycleHooks": { - "description": "lifecycleHooks allow users to pause operations on the machine at certain predefined points within the machine lifecycle.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.LifecycleHooks" - }, - "metadata": { - "description": "ObjectMeta will autopopulate the Node created. Use this to indicate what labels, annotations, name prefix, etc., should be used when creating the Node.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.ObjectMeta" - }, - "providerID": { - "description": "providerID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider.", - "type": "string" - }, - "providerSpec": { - "description": "providerSpec details Provider-specific configuration to use during node creation.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.ProviderSpec" - }, - "taints": { - "description": "The list of the taints to be applied to the corresponding Node in additive manner. This list will not overwrite any other taints added to the Node on an ongoing basis by other entities. These taints should be actively reconciled e.g. if you ask the machine controller to apply a taint and then manually remove the taint the machine controller will put it back) but not have the machine controller remove any taints", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Taint.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "com.github.openshift.api.machine.v1beta1.MachineStatus": { - "description": "MachineStatus defines the observed state of Machine", - "type": "object", - "properties": { - "addresses": { - "description": "addresses is a list of addresses assigned to the machine. Queried from cloud provider, if available.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/NodeAddress.v1.core.api.k8s.io" - }, - "x-kubernetes-list-type": "atomic" - }, - "authoritativeAPI": { - "description": "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI, ClusterAPI and Migrating. This value is updated by the migration controller to reflect the authoritative API. Machine API and Cluster API controllers use this value to determine whether or not to reconcile the resource. When set to Migrating, the migration controller is currently performing the handover of authority from one API to the other.", - "type": "string" - }, - "conditions": { - "description": "conditions defines the current state of the Machine", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "errorMessage": { - "description": "errorMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption.\n\nThis field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", - "type": "string" - }, - "errorReason": { - "description": "errorReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation.\n\nThis field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", - "type": "string" - }, - "lastOperation": { - "description": "lastOperation describes the last-operation performed by the machine-controller. This API should be useful as a history in terms of the latest operation performed on the specific machine. It should also convey the state of the latest-operation for example if it is still on-going, failed or completed successfully.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.LastOperation" - }, - "lastUpdated": { - "description": "lastUpdated identifies when this status was last observed.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "nodeRef": { - "description": "nodeRef will point to the corresponding Node if it exists.", - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" - }, - "phase": { - "description": "phase represents the current phase of machine actuation. One of: Failed, Provisioning, Provisioned, Running, Deleting", - "type": "string" - }, - "providerStatus": { - "description": "providerStatus details a Provider-specific status. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "default": "" }, - "synchronizedAPI": { - "description": "synchronizedAPI holds the last stable value of authoritativeAPI. It is used to detect migration cancellation requests and to restore the resource to its previous state. Valid values are \"MachineAPI\" and \"ClusterAPI\". When omitted, the resource has not yet been reconciled by the migration controller.", + "facility": { + "description": "facility specifies the syslog facility of log messages.\n\nIf this field is empty, the facility is \"local1\".", "type": "string" }, - "synchronizedGeneration": { - "description": "synchronizedGeneration is the generation of the authoritative resource that the non-authoritative resource is synchronised with. This field is set when the authoritative resource is updated and the sync controller has updated the non-authoritative resource to match.", + "maxLength": { + "description": "maxLength is the maximum length of the log message.\n\nValid values are integers in the range 480 to 4096, inclusive.\n\nWhen omitted, the default value is 1024.", "type": "integer", "format": "int64" + }, + "port": { + "description": "port is the UDP port number of the syslog endpoint that receives log messages.", + "type": "integer", + "format": "int64", + "default": 0 } } }, - "com.github.openshift.api.machine.v1beta1.MachineTemplateSpec": { - "description": "MachineTemplateSpec describes the data needed to create a Machine from a template", + "com.github.openshift.api.operator.v1.Theme": { + "description": "Theme defines a theme mode for the console UI.", "type": "object", + "required": [ + "mode", + "source" + ], "properties": { - "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.ObjectMeta" + "mode": { + "description": "mode is used to specify what theme mode a logo will apply to in the console UI. mode is a required field that allows values of Dark and Light. When set to Dark, the logo file referenced in the 'file' field will be used when an end-user of the console UI enables the Dark mode. When set to Light, the logo file referenced in the 'file' field will be used when an end-user of the console UI enables the Light mode.\n\nPossible enum values:\n - `\"Dark\"` represents the dark mode for a console theme.\n - `\"Light\"` represents the light mode for a console theme.", + "type": "string", + "default": "", + "enum": [ + "Dark", + "Light" + ] }, - "spec": { - "description": "Specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "source": { + "description": "source is used by the console to locate the specified file containing a custom logo. source is a required field that references a ConfigMap name and key that contains the custom logo file in the openshift-config namespace. You can create it with a command like: - 'oc create configmap custom-logos-config --namespace=openshift-config --from-file=/path/to/file' The ConfigMap key must include the file extension so that the console serves the file with the correct MIME type. The recommended file format for the Masthead and Favicon logos is SVG, but other file formats are allowed if supported by the browser. The logo image size must be less than 1 MB due to constraints on the ConfigMap size. For more information, see the documentation: https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/web_console/customizing-web-console#customizing-web-console", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineSpec" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.FileReferenceSource" } } }, - "com.github.openshift.api.machine.v1beta1.MetadataServiceOptions": { - "description": "MetadataServiceOptions defines the options available to a user when configuring Instance Metadata Service (IMDS) Options.", + "com.github.openshift.api.operator.v1.Upstream": { + "description": "Upstream can either be of type SystemResolvConf, or of type Network.\n\n - For an Upstream of type SystemResolvConf, no further fields are necessary:\n The upstream will be configured to use /etc/resolv.conf.\n - For an Upstream of type Network, a NetworkResolver field needs to be defined\n with an IP address or IP:port if the upstream listens on a port other than 53.", "type": "object", + "required": [ + "type" + ], "properties": { - "authentication": { - "description": "authentication determines whether or not the host requires the use of authentication when interacting with the metadata service. When using authentication, this enforces v2 interaction method (IMDSv2) with the metadata service. When omitted, this means the user has no opinion and the value is left to the platform to choose a good default, which is subject to change over time. The current default is optional. At this point this field represents `HttpTokens` parameter from `InstanceMetadataOptionsRequest` structure in AWS EC2 API https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_InstanceMetadataOptionsRequest.html", + "address": { + "description": "address must be defined when Type is set to Network. It will be ignored otherwise. It must be a valid ipv4 or ipv6 address.", "type": "string" + }, + "port": { + "description": "port may be defined when Type is set to Network. It will be ignored otherwise. Port must be between 65535", + "type": "integer", + "format": "int64" + }, + "type": { + "description": "type defines whether this upstream contains an IP/IP:port resolver or the local /etc/resolv.conf. Type accepts 2 possible values: SystemResolvConf or Network.\n\n* When SystemResolvConf is used, the Upstream structure does not require any further fields to be defined:\n /etc/resolv.conf will be used\n* When Network is used, the Upstream structure must contain at least an Address", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.machine.v1beta1.NetworkDeviceSpec": { - "description": "NetworkDeviceSpec defines the network configuration for a virtual machine's network device.", + "com.github.openshift.api.operator.v1.UpstreamResolvers": { + "description": "UpstreamResolvers defines a schema for configuring the CoreDNS forward plugin in the specific case of the default (\".\") server. It defers from ForwardPlugin in the default values it accepts: * At least one upstream should be specified. * the default policy is Sequential", "type": "object", "properties": { - "addressesFromPools": { - "description": "addressesFromPools is a list of references to IP pool types and instances which are handled by an external controller. addressesFromPool configurations provided via addressesFromPools defer IP address assignment to an external controller. IP addresses provided via ipAddrs, however, are intended to allow explicit assignment of a machine's IP address. If both addressesFromPool and ipAddrs are empty or not defined, DHCP will assign an IP address. If both ipAddrs and addressesFromPools are defined, the IP addresses associated with ipAddrs will be applied first followed by IP addresses from addressesFromPools.", + "policy": { + "description": "policy is used to determine the order in which upstream servers are selected for querying. Any one of the following values may be specified:\n\n* \"Random\" picks a random upstream server for each query. * \"RoundRobin\" picks upstream servers in a round-robin order, moving to the next server for each new query. * \"Sequential\" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query.\n\nThe default value is \"Sequential\"", + "type": "string" + }, + "protocolStrategy": { + "description": "protocolStrategy specifies the protocol to use for upstream DNS requests. Valid values for protocolStrategy are \"TCP\" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is to use the protocol of the original client request. \"TCP\" specifies that the platform should use TCP for all upstream DNS requests, even if the client request uses UDP. \"TCP\" is useful for UDP-specific issues such as those created by non-compliant upstream resolvers, but may consume more bandwidth or increase DNS response time. Note that protocolStrategy only affects the protocol of DNS requests that CoreDNS makes to upstream resolvers. It does not affect the protocol of DNS requests between clients and CoreDNS.", + "type": "string", + "default": "" + }, + "transportConfig": { + "description": "transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver.\n\nThe default value is \"\" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSTransportConfig" + }, + "upstreams": { + "description": "upstreams is a list of resolvers to forward name queries for the \".\" domain. Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream returns an error during the exchange, another resolver is tried from Upstreams. The Upstreams are selected in the order specified in Policy.\n\nA maximum of 15 upstreams is allowed per ForwardPlugin. If no Upstreams are specified, /etc/resolv.conf is used by default", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AddressesFromPool" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Upstream" } + } + } + }, + "com.github.openshift.api.operator.v1.VSphereCSIDriverConfigSpec": { + "description": "VSphereCSIDriverConfigSpec defines properties that can be configured for vsphere CSI driver.", + "type": "object", + "properties": { + "globalMaxSnapshotsPerBlockVolume": { + "description": "globalMaxSnapshotsPerBlockVolume is a global configuration parameter that applies to volumes on all kinds of datastores. If omitted, the platform chooses a default, which is subject to change over time, currently that default is 3. Snapshots can not be disabled using this parameter. Increasing number of snapshots above 3 can have negative impact on performance, for more details see: https://kb.vmware.com/s/article/1025279 Volume snapshot documentation: https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/3.0/vmware-vsphere-csp-getting-started/GUID-E0B41C69-7EEB-450F-A73D-5FD2FF39E891.html", + "type": "integer", + "format": "int64" }, - "gateway": { - "description": "gateway is an IPv4 or IPv6 address which represents the subnet gateway, for example, 192.168.1.1.", - "type": "string" + "granularMaxSnapshotsPerBlockVolumeInVSAN": { + "description": "granularMaxSnapshotsPerBlockVolumeInVSAN is a granular configuration parameter on vSAN datastore only. It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. Snapshots for VSAN can not be disabled using this parameter.", + "type": "integer", + "format": "int64" }, - "ipAddrs": { - "description": "ipAddrs is a list of one or more IPv4 and/or IPv6 addresses and CIDR to assign to this device, for example, 192.168.1.100/24. IP addresses provided via ipAddrs are intended to allow explicit assignment of a machine's IP address. IP pool configurations provided via addressesFromPool, however, defer IP address assignment to an external controller. If both addressesFromPool and ipAddrs are empty or not defined, DHCP will be used to assign an IP address. If both ipAddrs and addressesFromPools are defined, the IP addresses associated with ipAddrs will be applied first followed by IP addresses from addressesFromPools.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "granularMaxSnapshotsPerBlockVolumeInVVOL": { + "description": "granularMaxSnapshotsPerBlockVolumeInVVOL is a granular configuration parameter on Virtual Volumes datastore only. It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. Snapshots for VVOL can not be disabled using this parameter.", + "type": "integer", + "format": "int64" }, - "nameservers": { - "description": "nameservers is a list of IPv4 and/or IPv6 addresses used as DNS nameservers, for example, 8.8.8.8. a nameserver is not provided by a fulfilled IPAddressClaim. If DHCP is not the source of IP addresses for this network device, nameservers should include a valid nameserver.", + "maxAllowedBlockVolumesPerNode": { + "description": "maxAllowedBlockVolumesPerNode is an optional configuration parameter that allows setting a custom value for the limit of the number of PersistentVolumes attached to a node. In vSphere version 7 this limit was set to 59 by default, however in vSphere version 8 this limit was increased to 255. Before increasing this value above 59 the cluster administrator needs to ensure that every node forming the cluster is updated to ESXi version 8 or higher and that all nodes are running the same version. The limit must be between 1 and 255, which matches the vSphere version 8 maximum. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 59, which matches the limit for vSphere version 7.", + "type": "integer", + "format": "int32" + }, + "topologyCategories": { + "description": "topologyCategories indicates tag categories with which vcenter resources such as hostcluster or datacenter were tagged with. If cluster Infrastructure object has a topology, values specified in Infrastructure object will be used and modifications to topologyCategories will be rejected.", "type": "array", "items": { "type": "string", "default": "" - } - }, - "networkName": { - "description": "networkName is the name of the vSphere network or port group to which the network device will be connected, for example, port-group-1. When not provided, the vCenter API will attempt to select a default network. The available networks (port groups) can be listed using `govc ls 'network/*'`", - "type": "string" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.machine.v1beta1.NetworkSpec": { - "description": "NetworkSpec defines the virtual machine's network configuration.", + "com.github.openshift.api.operator.v1alpha1.BackupJobReference": { + "description": "BackupJobReference holds a reference to the batch/v1 Job created to run the etcd backup", "type": "object", "required": [ - "devices" + "namespace", + "name" ], "properties": { - "devices": { - "description": "devices defines the virtual machine's network interfaces.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.NetworkDeviceSpec" - } + "name": { + "description": "name is the name of the Job. Required", + "type": "string", + "default": "" + }, + "namespace": { + "description": "namespace is the namespace of the Job. this is always expected to be \"openshift-etcd\" since the user provided PVC is also required to be in \"openshift-etcd\" Required", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.machine.v1beta1.OSDisk": { + "com.github.openshift.api.operator.v1alpha1.ClusterAPI": { + "description": "ClusterAPI provides configuration for the capi-operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "osType", - "managedDisk", - "diskSizeGB" + "metadata", + "spec" ], "properties": { - "cachingType": { - "description": "cachingType specifies the caching requirements. Possible values include: 'None', 'ReadOnly', 'ReadWrite'. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is `None`.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "diskSettings": { - "description": "diskSettings describe ephemeral disk settings for the os disk.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DiskSettings" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "diskSizeGB": { - "description": "diskSizeGB is the size in GB to assign to the data disk.", - "type": "integer", - "format": "int32", - "default": 0 + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "managedDisk": { - "description": "managedDisk specifies the Managed Disk parameters for the OS disk.", + "spec": { + "description": "spec is the specification of the desired behavior of the capi-operator.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.OSDiskManagedDiskParameters" + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterAPISpec" }, - "osType": { - "description": "osType is the operating system type of the OS disk. Possible values include \"Linux\" and \"Windows\".", - "type": "string", - "default": "" + "status": { + "description": "status defines the observed status of the capi-operator.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterAPIStatus" } } }, - "com.github.openshift.api.machine.v1beta1.OSDiskManagedDiskParameters": { - "description": "OSDiskManagedDiskParameters is the parameters of a OSDisk managed disk.", + "com.github.openshift.api.operator.v1alpha1.ClusterAPIList": { + "description": "ClusterAPIList contains a list of ClusterAPI configurations\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "storageAccountType" + "metadata", + "items" ], "properties": { - "diskEncryptionSet": { - "description": "diskEncryptionSet is the disk encryption set properties", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DiskEncryptionSetParameters" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "securityProfile": { - "description": "securityProfile specifies the security profile for the managed disk.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.VMDiskSecurityProfile" + "items": { + "description": "items contains the items", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterAPI" + } }, - "storageAccountType": { - "description": "storageAccountType is the storage account type to use. Possible values include \"Standard_LRS\", \"Premium_LRS\".", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.machine.v1beta1.ObjectMeta": { - "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. This is a copy of customizable fields from metav1.ObjectMeta.\n\nObjectMeta is embedded in `Machine.Spec`, `MachineDeployment.Template` and `MachineSet.Template`, which are not top-level Kubernetes objects. Given that metav1.ObjectMeta has lots of special cases and read-only fields which end up in the generated CRD validation, having it as a subset simplifies the API and some issues that can impact user experience.\n\nDuring the [upgrade to controller-tools@v2](https://github.com/kubernetes-sigs/cluster-api/pull/1054) for v1alpha2, we noticed a failure would occur running Cluster API test suite against the new CRDs, specifically `spec.metadata.creationTimestamp in body must be of type string: \"null\"`. The investigation showed that `controller-tools@v2` behaves differently than its previous version when handling types from [metav1](k8s.io/apimachinery/pkg/apis/meta/v1) package.\n\nIn more details, we found that embedded (non-top level) types that embedded `metav1.ObjectMeta` had validation properties, including for `creationTimestamp` (metav1.Time). The `metav1.Time` type specifies a custom json marshaller that, when IsZero() is true, returns `null` which breaks validation because the field isn't marked as nullable.\n\nIn future versions, controller-tools@v2 might allow overriding the type and validation for embedded types. When that happens, this hack should be revisited.", + "com.github.openshift.api.operator.v1alpha1.ClusterAPISpec": { + "description": "ClusterAPISpec defines the desired configuration of the capi-operator.", "type": "object", "properties": { - "annotations": { - "description": "annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object", - "additionalProperties": { + "unmanagedCustomResourceDefinitions": { + "description": "unmanagedCustomResourceDefinitions is a list of ClusterResourceDefinition (CRD) names that should not be managed by the capi-operator installer controller. This allows external actors to own specific CRDs while capi-operator manages others.\n\nEach CRD name must be a valid DNS-1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character, with a maximum length of 253 characters. Example: \"clusters.cluster.x-k8s.io\"\n\nItems cannot be removed from this list once added.\n\nThe maximum number of unmanagedCustomResourceDefinitions is 128.", + "type": "array", + "items": { "type": "string", "default": "" - } - }, - "generateName": { - "description": "generateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", - "type": "string" - }, - "labels": { - "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", - "type": "object", - "additionalProperties": { + }, + "x-kubernetes-list-type": "set" + } + } + }, + "com.github.openshift.api.operator.v1alpha1.ClusterAPIStatus": { + "description": "ClusterAPIStatus describes the current state of the capi-operator.", + "type": "object", + "properties": { + "activeConfigMaps": { + "description": "activeConfigMaps is a list of ConfigMap names that the installer controller has successfully reconciled. This represents the currently deployed CAPI provider components.\n\nEach ConfigMap name must be a valid DNS-1123 label consisting of lowercase alphanumeric characters or hyphens, starting and ending with an alphanumeric character, with a maximum length of 63 characters.\n\nThis field is owned by the installer controller and is updated atomically after a successful reconciliation.\n\nThe maximum number of activeConfigMaps is 128.", + "type": "array", + "items": { "type": "string", "default": "" - } - }, - "name": { - "description": "name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", - "type": "string" - }, - "namespace": { - "description": "namespace defines the space within each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", - "type": "string" + }, + "x-kubernetes-list-type": "atomic" }, - "ownerReferences": { - "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", + "targetConfigMaps": { + "description": "targetConfigMaps is a list of ConfigMap names that the staging controller has validated and approved for reconciliation. The installer controller will reconcile these ConfigMaps.\n\nEach ConfigMap name must be a valid DNS-1123 label consisting of lowercase alphanumeric characters or hyphens, starting and ending with an alphanumeric character, with a maximum length of 63 characters.\n\nThis field is owned by the staging controller and is updated atomically to a consistent set of transport ConfigMaps that have passed validation checks.\n\nThe maximum number of targetConfigMaps is 128.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io" + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "uid" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "uid", - "x-kubernetes-patch-strategy": "merge" + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.machine.v1beta1.Placement": { - "description": "Placement indicates where to create the instance in AWS", + "com.github.openshift.api.operator.v1alpha1.ClusterVersionOperator": { + "description": "ClusterVersionOperator holds cluster-wide information about the Cluster Version Operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "metadata", + "spec" + ], "properties": { - "availabilityZone": { - "description": "availabilityZone is the availability zone of the instance", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "host": { - "description": "host configures placement on AWS Dedicated Hosts. This allows admins to assign instances to specific host for a variety of needs including for regulatory compliance, to leverage existing per-socket or per-core software licenses (BYOL), and to gain visibility and control over instance placement on a physical server. When omitted, the instance is not constrained to a dedicated host.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.HostPlacement" - }, - "region": { - "description": "region is the region to use to create the instance", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "tenancy": { - "description": "tenancy indicates if instance should run on shared or single-tenant hardware. There are supported 3 options: default, dedicated and host. When set to default Runs on shared multi-tenant hardware. When dedicated Runs on single-tenant hardware (any dedicated instance hardware). When host and the host object is not provided: Runs on Dedicated Host; best-effort restart on same host. When `host` and `host` object is provided with affinity `dedicatedHost` defined: Runs on specified Dedicated Host.", - "type": "string" - } - } - }, - "com.github.openshift.api.machine.v1beta1.ProviderSpec": { - "description": "ProviderSpec defines the configuration to use during node creation.", - "type": "object", - "properties": { - "value": { - "description": "value is an inlined, serialized representation of the resource configuration. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field, akin to component config.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec is the specification of the desired behavior of the Cluster Version Operator.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorSpec" + }, + "status": { + "description": "status is the most recently observed status of the Cluster Version Operator.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorStatus" } } }, - "com.github.openshift.api.machine.v1beta1.ResourceManagerTag": { - "description": "ResourceManagerTag is a tag to apply to GCP resources created for the cluster.", + "com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorList": { + "description": "ClusterVersionOperatorList is a collection of ClusterVersionOperators.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "parentID", - "key", - "value" + "metadata" ], "properties": { - "key": { - "description": "key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "parentID": { - "description": "parentID is the ID of the hierarchical resource where the tags are defined e.g. at the Organization or the Project level. To find the Organization or Project ID ref https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects An OrganizationID can have a maximum of 32 characters and must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.", - "type": "string", - "default": "" + "items": { + "description": "items is a list of ClusterVersionOperators.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterVersionOperator" + } }, - "value": { - "description": "value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.machine.v1beta1.SecurityProfile": { - "description": "SecurityProfile specifies the Security profile settings for a virtual machine or virtual machine scale set.", - "type": "object", - "properties": { - "encryptionAtHost": { - "description": "encryptionAtHost indicates whether Host Encryption should be enabled or disabled for a virtual machine or virtual machine scale set. This should be disabled when SecurityEncryptionType is set to DiskWithVMGuestState. Default is disabled.", - "type": "boolean" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "settings": { - "description": "settings specify the security type and the UEFI settings of the virtual machine. This field can be set for Confidential VMs and Trusted Launch for VMs.", + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.SecuritySettings" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.machine.v1beta1.SecuritySettings": { - "description": "SecuritySettings define the security type and the UEFI settings of the virtual machine.", + "com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorSpec": { + "description": "ClusterVersionOperatorSpec is the specification of the desired behavior of the Cluster Version Operator.", "type": "object", - "required": [ - "securityType" - ], "properties": { - "confidentialVM": { - "description": "confidentialVM specifies the security configuration of the virtual machine. For more information regarding Confidential VMs, please refer to: https://learn.microsoft.com/azure/confidential-computing/confidential-vm-overview", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.ConfidentialVM" - }, - "securityType": { - "description": "securityType specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UEFISettings. The default behavior is: UEFISettings will not be enabled unless this property is set.", - "type": "string", - "default": "" - }, - "trustedLaunch": { - "description": "trustedLaunch specifies the security configuration of the virtual machine. For more information regarding TrustedLaunch for VMs, please refer to: https://learn.microsoft.com/azure/virtual-machines/trusted-launch", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.TrustedLaunch" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "securityType", - "fields-to-discriminateBy": { - "confidentialVM": "ConfidentialVM", - "trustedLaunch": "TrustedLaunch" - } + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" } - ] + } }, - "com.github.openshift.api.machine.v1beta1.SpotMarketOptions": { - "description": "SpotMarketOptions defines the options available to a user when configuring Machines to run on Spot instances. Most users should provide an empty struct.", + "com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorStatus": { + "description": "ClusterVersionOperatorStatus defines the observed status of the Cluster Version Operator.", "type": "object", "properties": { - "maxPrice": { - "description": "The maximum price the user is willing to pay for their instances Default: On-Demand price", - "type": "string" + "observedGeneration": { + "description": "observedGeneration represents the most recent generation observed by the operator and specifies the version of the spec field currently being synced.", + "type": "integer", + "format": "int64" } } }, - "com.github.openshift.api.machine.v1beta1.SpotVMOptions": { - "description": "SpotVMOptions defines the options relevant to running the Machine on Spot VMs", + "com.github.openshift.api.operator.v1alpha1.DelegatedAuthentication": { + "description": "DelegatedAuthentication allows authentication to be disabled.", "type": "object", "properties": { - "maxPrice": { - "description": "maxPrice defines the maximum price the user is willing to pay for Spot VM instances", - "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + "disabled": { + "description": "disabled indicates that authentication should be disabled. By default it will use delegated authentication.", + "type": "boolean" } } }, - "com.github.openshift.api.machine.v1beta1.TagSpecification": { - "description": "TagSpecification is the name/value pair for a tag", + "com.github.openshift.api.operator.v1alpha1.DelegatedAuthorization": { + "description": "DelegatedAuthorization allows authorization to be disabled.", "type": "object", - "required": [ - "name" - ], "properties": { - "name": { - "description": "name of the tag. This field is required and must be a non-empty string. Must be between 1 and 128 characters in length.", - "type": "string", - "default": "" - }, - "value": { - "description": "value of the tag. When omitted, this creates a tag with an empty string as the value.", - "type": "string", - "default": "" + "disabled": { + "description": "disabled indicates that authorization should be disabled. By default it will use delegated authorization.", + "type": "boolean" } } }, - "com.github.openshift.api.machine.v1beta1.TrustedLaunch": { - "description": "TrustedLaunch defines the UEFI settings for the virtual machine.", + "com.github.openshift.api.operator.v1alpha1.EtcdBackup": { + "description": "# EtcdBackup provides configuration options and status for a one-time backup attempt of the etcd cluster\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "uefiSettings" + "spec" ], "properties": { - "uefiSettings": { - "description": "uefiSettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.UEFISettings" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.EtcdBackupSpec" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.EtcdBackupStatus" } } }, - "com.github.openshift.api.machine.v1beta1.UEFISettings": { - "description": "UEFISettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.", + "com.github.openshift.api.operator.v1alpha1.EtcdBackupList": { + "description": "EtcdBackupList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { - "secureBoot": { - "description": "secureBoot specifies whether secure boot should be enabled on the virtual machine. Secure Boot verifies the digital signature of all boot components and halts the boot process if signature verification fails. If omitted, the platform chooses a default, which is subject to change over time, currently that default is disabled.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "virtualizedTrustedPlatformModule": { - "description": "virtualizedTrustedPlatformModule specifies whether vTPM should be enabled on the virtual machine. When enabled the virtualized trusted platform module measurements are used to create a known good boot integrity policy baseline. The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. This is required to be enabled if SecurityEncryptionType is defined. If omitted, the platform chooses a default, which is subject to change over time, currently that default is disabled.", + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.EtcdBackup" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.machine.v1beta1.UnhealthyCondition": { - "description": "UnhealthyCondition represents a Node condition type and value with a timeout specified as a duration. When the named condition has been in the given status for at least the timeout value, a node is considered unhealthy.", + "com.github.openshift.api.operator.v1alpha1.EtcdBackupSpec": { "type": "object", - "required": [ - "type", - "status", - "timeout" - ], "properties": { - "status": { - "type": "string", - "default": "" - }, - "timeout": { - "description": "Expects an unsigned duration string of decimal numbers each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".", - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "type": { + "pvcName": { + "description": "pvcName specifies the name of the PersistentVolumeClaim (PVC) which binds a PersistentVolume where the etcd backup file would be saved The PVC itself must always be created in the \"openshift-etcd\" namespace If the PVC is left unspecified \"\" then the platform will choose a reasonable default location to save the backup. In the future this would be backups saved across the control-plane master nodes.", "type": "string", "default": "" } } }, - "com.github.openshift.api.machine.v1beta1.VMDiskSecurityProfile": { - "description": "VMDiskSecurityProfile specifies the security profile settings for the managed disk. It can be set only for Confidential VMs.", + "com.github.openshift.api.operator.v1alpha1.EtcdBackupStatus": { "type": "object", "properties": { - "diskEncryptionSet": { - "description": "diskEncryptionSet specifies the customer managed disk encryption set resource id for the managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and VMGuest blob.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DiskEncryptionSetParameters" + "backupJob": { + "description": "backupJob is the reference to the Job that executes the backup. Optional", + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.BackupJobReference" }, - "securityEncryptionType": { - "description": "securityEncryptionType specifies the encryption type of the managed disk. It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only. When set to VMGuestStateOnly, the vTPM should be enabled. When set to DiskWithVMGuestState, both SecureBoot and vTPM should be enabled. If the above conditions are not fulfilled, the VM will not be created and the respective error will be returned. It can be set only for Confidential VMs. Confidential VMs are defined by their SecurityProfile.SecurityType being set to ConfidentialVM, the SecurityEncryptionType of their OS disk being set to one of the allowed values and by enabling the respective SecurityProfile.UEFISettings of the VM (i.e. vTPM and SecureBoot), depending on the selected SecurityEncryptionType. For further details on Azure Confidential VMs, please refer to the respective documentation: https://learn.microsoft.com/azure/confidential-computing/confidential-vm-overview", - "type": "string" + "conditions": { + "description": "conditions provide details on the status of the etcd backup job.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.machine.v1beta1.VSphereDisk": { - "description": "VSphereDisk describes additional disks for vSphere.", + "com.github.openshift.api.operator.v1alpha1.GenerationHistory": { + "description": "GenerationHistory keeps track of the generation for a given resource so that decisions about forced updated can be made. DEPRECATED: Use fields in v1.GenerationStatus instead", "type": "object", "required": [ + "group", + "resource", + "namespace", "name", - "sizeGiB" + "lastGeneration" ], "properties": { - "name": { - "description": "name is used to identify the disk definition. name is required needs to be unique so that it can be used to clearly identify purpose of the disk. It must be at most 80 characters in length and must consist only of alphanumeric characters, hyphens and underscores, and must start and end with an alphanumeric character.", + "group": { + "description": "group is the group of the thing you're tracking", "type": "string", "default": "" }, - "provisioningMode": { - "description": "provisioningMode is an optional field that specifies the provisioning type to be used by this vSphere data disk. Allowed values are \"Thin\", \"Thick\", \"EagerlyZeroed\", and omitted. When set to Thin, the disk will be made using thin provisioning allocating the bare minimum space. When set to Thick, the full disk size will be allocated when disk is created. When set to EagerlyZeroed, the disk will be created using eager zero provisioning. An eager zeroed thick disk has all space allocated and wiped clean of any previous contents on the physical media at creation time. Such disks may take longer time during creation compared to other disk formats. When omitted, no setting will be applied to the data disk and the provisioning mode for the disk will be determined by the default storage policy configured for the datastore in vSphere.", - "type": "string" - }, - "sizeGiB": { - "description": "sizeGiB is the size of the disk in GiB. The maximum supported size 16384 GiB.", + "lastGeneration": { + "description": "lastGeneration is the last generation of the workload controller involved", "type": "integer", - "format": "int32", + "format": "int64", "default": 0 + }, + "name": { + "description": "name is the name of the thing you're tracking", + "type": "string", + "default": "" + }, + "namespace": { + "description": "namespace is where the thing you're tracking is", + "type": "string", + "default": "" + }, + "resource": { + "description": "resource is the resource type of the thing you're tracking", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.machine.v1beta1.VSphereMachineProviderSpec": { - "description": "VSphereMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an VSphere virtual machine. It is used by the vSphere machine actuator to create a single Machine. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1alpha1.GenericOperatorConfig": { + "description": "GenericOperatorConfig provides information to configure an operator\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", - "required": [ - "template", - "network" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "cloneMode": { - "description": "cloneMode specifies the type of clone operation. The LinkedClone mode is only support for templates that have at least one snapshot. If the template has no snapshots, then CloneMode defaults to FullClone. When LinkedClone mode is enabled the DiskGiB field is ignored as it is not possible to expand disks of linked clones. Defaults to FullClone. When using LinkedClone, if no snapshots exist for the source template, falls back to FullClone.", - "type": "string" - }, - "credentialsSecret": { - "description": "credentialsSecret is a reference to the secret with vSphere credentials.", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" - }, - "dataDisks": { - "description": "dataDisks is a list of non OS disks to be created and attached to the VM. The max number of disk allowed to be attached is currently 29. The max number of disks for any controller is 30, but VM template will always have OS disk so that will leave 29 disks on any controller type.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.VSphereDisk" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "authentication": { + "description": "authentication allows configuration of authentication for the endpoints", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.DelegatedAuthentication" }, - "diskGiB": { - "description": "diskGiB is the size of a virtual machine's disk, in GiB. Defaults to the analogue property value in the template from which this machine is cloned. This parameter will be ignored if 'LinkedClone' CloneMode is set.", - "type": "integer", - "format": "int32" + "authorization": { + "description": "authorization allows configuration of authentication for the endpoints", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.DelegatedAuthorization" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "memoryMiB": { - "description": "memoryMiB is the size of a virtual machine's memory, in MiB. Defaults to the analogue property value in the template from which this machine is cloned.", - "type": "integer", - "format": "int64" - }, - "metadata": { + "leaderElection": { + "description": "leaderElection provides information to elect a leader. Only override this if you have a specific need", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.LeaderElection" }, - "network": { - "description": "network is the network configuration for this machine's VM.", + "servingInfo": { + "description": "servingInfo is the HTTP serving information for the controller's endpoints", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.NetworkSpec" - }, - "numCPUs": { - "description": "numCPUs is the number of virtual processors in a virtual machine. Defaults to the analogue property value in the template from which this machine is cloned.", - "type": "integer", - "format": "int32" - }, - "numCoresPerSocket": { - "description": "NumCPUs is the number of cores among which to distribute CPUs in this virtual machine. Defaults to the analogue property value in the template from which this machine is cloned.", - "type": "integer", - "format": "int32" - }, - "snapshot": { - "description": "snapshot is the name of the snapshot from which the VM was cloned", - "type": "string", - "default": "" - }, - "tagIDs": { - "description": "tagIDs is an optional set of tags to add to an instance. Specified tagIDs must use URN-notation instead of display names. A maximum of 10 tag IDs may be specified.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" + } + } + }, + "com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicy": { + "description": "ImageContentSourcePolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "required": [ + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "template": { - "description": "template is the name, inventory path, or instance UUID of the template used to clone new machines.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "userDataSecret": { - "description": "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "workspace": { - "description": "workspace describes the workspace to use for the machine.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Workspace" + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicySpec" } } }, - "com.github.openshift.api.machine.v1beta1.VSphereMachineProviderStatus": { - "description": "VSphereMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains VSphere-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicyList": { + "description": "ImageContentSourcePolicyList lists the items in the ImageContentSourcePolicy CRD.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "conditions": { - "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status", + "items": { "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "instanceId": { - "description": "instanceId is the ID of the instance in VSphere", - "type": "string" - }, - "instanceState": { - "description": "instanceState is the provisioning state of the VSphere Instance.", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicy" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "taskRef": { - "description": "taskRef is a managed object reference to a Task related to the machine. This value is set automatically at runtime and should not be set or modified by users.", - "type": "string" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.machine.v1beta1.Workspace": { - "description": "WorkspaceConfig defines a workspace configuration for the vSphere cloud provider.", + "com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicySpec": { + "description": "ImageContentSourcePolicySpec is the specification of the ImageContentSourcePolicy CRD.", "type": "object", "properties": { - "datacenter": { - "description": "datacenter is the datacenter in which VMs are created/located.", - "type": "string" + "repositoryDigestMirrors": { + "description": "repositoryDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in RepositoryDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. Only image pull specifications that have an image digest will have this behavior applied to them - tags will continue to be pulled from the specified repository in the pull spec.\n\nEach “source” repository is treated independently; configurations for different “source” repositories don’t interact.\n\nWhen multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.RepositoryDigestMirrors" + } + } + } + }, + "com.github.openshift.api.operator.v1alpha1.LoggingConfig": { + "description": "LoggingConfig holds information about configuring logging DEPRECATED: Use v1.LogLevel instead", + "type": "object", + "required": [ + "level", + "vmodule" + ], + "properties": { + "level": { + "description": "level is passed to glog.", + "type": "integer", + "format": "int64", + "default": 0 }, - "datastore": { - "description": "datastore is the datastore in which VMs are created/located.", - "type": "string" + "vmodule": { + "description": "vmodule is passed to glog.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.operator.v1alpha1.NodeStatus": { + "description": "NodeStatus provides information about the current state of a particular node managed by this operator. Deprecated: Use v1.NodeStatus instead", + "type": "object", + "required": [ + "nodeName", + "currentDeploymentGeneration", + "targetDeploymentGeneration", + "lastFailedDeploymentGeneration", + "lastFailedDeploymentErrors" + ], + "properties": { + "currentDeploymentGeneration": { + "description": "currentDeploymentGeneration is the generation of the most recently successful deployment", + "type": "integer", + "format": "int32", + "default": 0 }, - "folder": { - "description": "folder is the folder in which VMs are created/located.", - "type": "string" + "lastFailedDeploymentErrors": { + "description": "lastFailedDeploymentGenerationErrors is a list of the errors during the failed deployment referenced in lastFailedDeploymentGeneration", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "resourcePool": { - "description": "resourcePool is the resource pool in which VMs are created/located.", - "type": "string" + "lastFailedDeploymentGeneration": { + "description": "lastFailedDeploymentGeneration is the generation of the deployment we tried and failed to deploy.", + "type": "integer", + "format": "int32", + "default": 0 }, - "server": { - "description": "server is the IP address or FQDN of the vSphere endpoint.", - "type": "string" + "nodeName": { + "description": "nodeName is the name of the node", + "type": "string", + "default": "" }, - "vmGroup": { - "description": "vmGroup is the cluster vm group in which virtual machines will be added for vm host group based zonal.", - "type": "string" + "targetDeploymentGeneration": { + "description": "targetDeploymentGeneration is the generation of the deployment we're trying to apply", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImage": { - "description": "InternalReleaseImage is used to keep track and manage a set of release bundles (OCP and OLM operators images) that are stored into the control planes nodes.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.operator.v1alpha1.OLM": { + "description": "OLM provides information to configure an operator to manage the OLM controllers\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ "metadata", @@ -38136,50 +36426,22 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec describes the configuration of this internal release image.", + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageSpec" + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.OLMSpec" }, "status": { - "description": "status describes the last observed state of this internal release image.", + "description": "status holds observed values from the cluster. They may not be overridden.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageStatus" - } - } - }, - "com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageBundleStatus": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "conditions": { - "description": "conditions represent the observations of an internal release image current state. Valid types are: Mounted, Installing, Available, Removing and Degraded.\n\nIf Mounted is true, that means that a valid ISO has been discovered and mounted on one of the cluster nodes. If Installing is true, that means that a new release bundle is currently being copied on one (or more) cluster nodes, and not yet completed. If Available is true, it means that the release has been previously installed on all the cluster nodes, and it can be used. If Removing is true, it means that a release deletion is in progress on one (or more) cluster nodes, and not yet completed. If Degraded is true, that means something has gone wrong (possibly on one or more cluster nodes).\n\nIn general, after installing a new release bundle, it is required to wait for the Conditions \"Available\" to become \"True\" (and all the other conditions to be equal to \"False\") before being able to pull its content.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "image": { - "description": "image is an OCP release image referenced by digest. The format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters. The field is optional, and it will be provided after a release will be successfully installed.", - "type": "string" - }, - "name": { - "description": "name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. The expected name format is ocp-release-bundle--.", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.OLMStatus" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageList": { - "description": "InternalReleaseImageList is a list of InternalReleaseImage resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.operator.v1alpha1.OLMList": { + "description": "OLMList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ "metadata", @@ -38191,10 +36453,11 @@ "type": "string" }, "items": { + "description": "items contains the items", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImage" + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.OLM" } }, "kind": { @@ -38204,200 +36467,384 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageRef": { - "description": "InternalReleaseImageRef is used to provide a simple reference for a release bundle. Currently it contains only the name field.", + "com.github.openshift.api.operator.v1alpha1.OLMSpec": { "type": "object", "required": [ - "name" + "managementState" ], "properties": { - "name": { - "description": "name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. The expected name format is ocp-release-bundle--.", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageSpec": { - "description": "InternalReleaseImageSpec defines the desired state of a InternalReleaseImage.", - "type": "object", - "required": [ - "releases" - ], - "properties": { - "releases": { - "description": "releases is a list of release bundle identifiers that the user wants to add/remove to/from the control plane nodes. Entries must be unique, keyed on the name field. releases must contain at least one entry and must not exceed 16 entries.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageRef" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - } - }, - "com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageStatus": { - "description": "InternalReleaseImageStatus describes the current state of a InternalReleaseImage.", + "com.github.openshift.api.operator.v1alpha1.OLMStatus": { "type": "object", - "required": [ - "releases" - ], "properties": { "conditions": { - "description": "conditions represent the observations of the InternalReleaseImage controller current state. Valid types are: Degraded. If Degraded is true, that means something has gone wrong in the controller.", + "description": "conditions is a list of conditions and their status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" }, "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, - "releases": { - "description": "releases is a list of the release bundles currently owned and managed by the cluster. A release bundle content could be safely pulled only when its Conditions field contains at least an Available entry set to \"True\" and Degraded to \"False\". Entries must be unique, keyed on the name field. releases must contain at least one entry and must not exceed 32 entries.", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageBundleStatus" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" }, "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", "name" ], "x-kubernetes-list-type": "map" + }, + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStream": { - "description": "OSImageStream describes a set of streams and associated images available for the MachineConfigPools to be used as base OS images.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.operator.v1alpha1.OperatorCondition": { + "description": "OperatorCondition is just the standard condition fields. DEPRECATED: Use v1.OperatorCondition instead", "type": "object", "required": [ - "spec" + "type", + "status" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "lastTransitionTime": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "message": { "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "spec contains the desired OSImageStream config configuration.", - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamSpec" + "reason": { + "type": "string" }, "status": { - "description": "status describes the last observed state of this OSImageStream. Populated by the MachineConfigOperator after reading release metadata. When not present, the controller has not yet reconciled this resource.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamStatus" + "type": "string", + "default": "" + }, + "type": { + "type": "string", + "default": "" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamList": { - "description": "OSImageStreamList is a list of OSImageStream resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.operator.v1alpha1.OperatorSpec": { + "description": "OperatorSpec contains common fields for an operator to need. It is intended to be anonymous included inside of the Spec struct for you particular operator. DEPRECATED: Use v1.OperatorSpec instead", "type": "object", "required": [ - "metadata", - "items" + "managementState", + "imagePullSpec", + "imagePullPolicy", + "version" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "imagePullPolicy": { + "description": "imagePullPolicy specifies the image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.", + "type": "string", + "default": "" }, - "items": { + "imagePullSpec": { + "description": "imagePullSpec is the image to use for the component.", + "type": "string", + "default": "" + }, + "logging": { + "description": "logging contains glog parameters for the component pods. It's always a command line arg for the moment", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.LoggingConfig" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" + }, + "version": { + "description": "version is the desired state in major.minor.micro-patch. Usually patch is ignored.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.operator.v1alpha1.OperatorStatus": { + "description": "OperatorStatus contains common fields for an operator to need. It is intended to be anonymous included inside of the Status struct for you particular operator. DEPRECATED: Use v1.OperatorStatus instead", + "type": "object", + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStream" + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.OperatorCondition" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "currentVersionAvailability": { + "description": "currentVersionAvailability is availability information for the current version. If it is unmanged or removed, this doesn't exist.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.VersionAvailability" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "state": { + "description": "state indicates what the operator has observed to be its current operational status.", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "targetVersionAvailability": { + "description": "targetVersionAvailability is availability information for the target version if we are migrating", + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.VersionAvailability" + }, + "taskSummary": { + "description": "taskSummary is a high level summary of what the controller is currently attempting to do. It is high-level, human-readable and not guaranteed in any way. (I needed this for debugging and realized it made a great summary).", + "type": "string" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamSet": { + "com.github.openshift.api.operator.v1alpha1.RepositoryDigestMirrors": { + "description": "RepositoryDigestMirrors holds cluster-wide information about how to handle mirros in the registries config. Note: the mirrors only work when pulling the images that are referenced by their digests.", "type": "object", "required": [ - "name", - "osImage", - "osExtensionsImage" + "source" ], "properties": { - "name": { - "description": "name is the required identifier of the stream.\n\nname is determined by the operator based on the OCI label of the discovered OS or Extension Image.\n\nMust be a valid RFC 1123 subdomain between 1 and 253 characters in length, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.').", - "type": "string" + "mirrors": { + "description": "mirrors is one or more repositories that may also contain the same images. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. Other cluster configuration, including (but not limited to) other repositoryDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering.", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "osExtensionsImage": { - "description": "osExtensionsImage is a required OS Extensions Image referenced by digest.\n\nosExtensionsImage bundles the extra repositories used to enable extensions, augmenting the base operating system without modifying the underlying immutable osImage.\n\nThe format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters.", + "source": { + "description": "source is the repository that users refer to, e.g. in image pull specifications.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.operator.v1alpha1.StaticPodOperatorStatus": { + "description": "StaticPodOperatorStatus is status for controllers that manage static pods. There are different needs because individual node status must be tracked. DEPRECATED: Use v1.StaticPodOperatorStatus instead", + "type": "object", + "required": [ + "latestAvailableDeploymentGeneration", + "nodeStatuses" + ], + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.OperatorCondition" + } + }, + "currentVersionAvailability": { + "description": "currentVersionAvailability is availability information for the current version. If it is unmanged or removed, this doesn't exist.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.VersionAvailability" + }, + "latestAvailableDeploymentGeneration": { + "description": "latestAvailableDeploymentGeneration is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32", + "default": 0 + }, + "nodeStatuses": { + "description": "nodeStatuses track the deployment values and errors across individual nodes", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.NodeStatus" + } + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "state": { + "description": "state indicates what the operator has observed to be its current operational status.", "type": "string" }, - "osImage": { - "description": "osImage is a required OS Image referenced by digest.\n\nosImage contains the immutable, fundamental operating system components, including the kernel and base utilities, that define the core environment for the node's host operating system.\n\nThe format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters.", + "targetVersionAvailability": { + "description": "targetVersionAvailability is availability information for the target version if we are migrating", + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.VersionAvailability" + }, + "taskSummary": { + "description": "taskSummary is a high level summary of what the controller is currently attempting to do. It is high-level, human-readable and not guaranteed in any way. (I needed this for debugging and realized it made a great summary).", "type": "string" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamSpec": { - "description": "OSImageStreamSpec defines the desired state of a OSImageStream.", + "com.github.openshift.api.operator.v1alpha1.VersionAvailability": { + "description": "VersionAvailability gives information about the synchronization and operational status of a particular version of the component DEPRECATED: Use fields in v1.OperatorStatus instead", "type": "object", + "required": [ + "version", + "updatedReplicas", + "readyReplicas", + "errors", + "generations" + ], "properties": { - "defaultStream": { - "description": "defaultStream is the desired name of the stream that should be used as the default when no specific stream is requested by a MachineConfigPool.\n\nThis field is set by the installer during installation. Users may need to update it if the currently selected stream is no longer available, for example when the stream has reached its End of Life. The MachineConfigOperator uses this value to determine which stream from status.availableStreams to apply as the default for MachineConfigPools that do not specify a stream override.\n\nWhen status.availableStreams has been populated by the operator, updating this field requires that the new value references the name of one of the streams in status.availableStreams. Status-only updates by the operator are not subject to this constraint, allowing the operator to update availableStreams independently of this field. During initial creation, before the operator has populated status, any valid value is accepted.\n\nWhen omitted, the operator determines the default stream automatically. Once set, this field cannot be removed.\n\nIt must be a valid RFC 1123 subdomain between 1 and 253 characters in length, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.').", + "errors": { + "description": "errors indicates what failures are associated with the operator trying to manage this version", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "generations": { + "description": "generations allows an operator to track what the generation of \"important\" resources was the last time we updated them", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.GenerationHistory" + } + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "updatedReplicas": { + "description": "updatedReplicas indicates how many replicas are at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.operatorcontrolplane.v1alpha1.LogEntry": { + "description": "LogEntry records events", + "type": "object", + "required": [ + "time", + "success" + ], + "properties": { + "latency": { + "description": "latency records how long the action mentioned in the entry took.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + }, + "message": { + "description": "message explaining status in a human readable format.", "type": "string" + }, + "reason": { + "description": "reason for status in a machine readable format.", + "type": "string" + }, + "success": { + "description": "success indicates if the log entry indicates a success or failure.", + "type": "boolean", + "default": false + }, + "time": { + "description": "Start time of check action.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamStatus": { - "description": "OSImageStreamStatus describes the current state of a OSImageStream", + "com.github.openshift.api.operatorcontrolplane.v1alpha1.OutageEntry": { + "description": "OutageEntry records time period of an outage", "type": "object", "required": [ - "availableStreams", - "defaultStream" + "start" ], "properties": { - "availableStreams": { - "description": "availableStreams is a list of the available OS Image Streams that can be used as the base image for MachineConfigPools. availableStreams is required, must have at least one item, must not exceed 100 items, and must have unique entries keyed on the name field.", + "end": { + "description": "end of outage detected", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "endLogs": { + "description": "endLogs contains log entries related to the end of this outage. Should contain the success entry that resolved the outage and possibly a few of the failure log entries that preceded it.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamSet" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.LogEntry" + } }, - "defaultStream": { - "description": "defaultStream is the name of the stream that should be used as the default when no specific stream is requested by a MachineConfigPool.\n\nIt must be a valid RFC 1123 subdomain between 1 and 253 characters in length, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.'), and must reference the name of one of the streams in availableStreams.", + "message": { + "description": "message summarizes outage details in a human readable format.", "type": "string" + }, + "start": { + "description": "start of outage detected", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "startLogs": { + "description": "startLogs contains log entries related to the start of this outage. Should contain the original failure, any entries where the failure mode changed.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.LogEntry" + } } } }, - "com.github.openshift.api.monitoring.v1.AlertRelabelConfig": { - "description": "AlertRelabelConfig defines a set of relabel configs for alerts.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheck": { + "description": "PodNetworkConnectivityCheck\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ + "metadata", "spec" ], "properties": { @@ -38412,34 +36859,71 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec describes the desired state of this AlertRelabelConfig object.", + "description": "spec defines the source and target of the connectivity check", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.AlertRelabelConfigSpec" + "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckSpec" }, "status": { - "description": "status describes the current state of this AlertRelabelConfig object.", + "description": "status contains the observed status of the connectivity check", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.AlertRelabelConfigStatus" + "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckStatus" } } }, - "com.github.openshift.api.monitoring.v1.AlertRelabelConfigList": { - "description": "AlertRelabelConfigList is a list of AlertRelabelConfigs.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckCondition": { + "description": "PodNetworkConnectivityCheckCondition represents the overall status of the pod network connectivity.", + "type": "object", + "required": [ + "type", + "status", + "lastTransitionTime" + ], + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "message": { + "description": "message indicating details about last transition in a human readable format.", + "type": "string" + }, + "reason": { + "description": "reason for the condition's last status transition in a machine readable format.", + "type": "string" + }, + "status": { + "description": "status of the condition", + "type": "string", + "default": "" + }, + "type": { + "description": "type of the condition", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckList": { + "description": "PodNetworkConnectivityCheckList is a collection of PodNetworkConnectivityCheck\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "items": { - "description": "items is a list of AlertRelabelConfigs.", + "description": "items contains the items", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.AlertRelabelConfig" + "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheck" } }, "kind": { @@ -38447,52 +36931,81 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.monitoring.v1.AlertRelabelConfigSpec": { - "description": "AlertRelabelConfigsSpec is the desired state of an AlertRelabelConfig resource.", + "com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckSpec": { "type": "object", "required": [ - "configs" + "sourcePod", + "targetEndpoint" ], "properties": { - "configs": { - "description": "configs is a list of sequentially evaluated alert relabel configs.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.RelabelConfig" - } + "sourcePod": { + "description": "sourcePod names the pod from which the condition will be checked", + "type": "string", + "default": "" + }, + "targetEndpoint": { + "description": "EndpointAddress to check. A TCP address of the form host:port. Note that if host is a DNS name, then the check would fail if the DNS name cannot be resolved. Specify an IP address for host to bypass DNS name lookup.", + "type": "string", + "default": "" + }, + "tlsClientCert": { + "description": "TLSClientCert, if specified, references a kubernetes.io/tls type secret with 'tls.crt' and 'tls.key' entries containing an optional TLS client certificate and key to be used when checking endpoints that require a client certificate in order to gracefully preform the scan without causing excessive logging in the endpoint process. The secret must exist in the same namespace as this resource.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" } } }, - "com.github.openshift.api.monitoring.v1.AlertRelabelConfigStatus": { - "description": "AlertRelabelConfigStatus is the status of an AlertRelabelConfig resource.", + "com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckStatus": { "type": "object", "properties": { "conditions": { - "description": "conditions contains details on the state of the AlertRelabelConfig, may be empty.", + "description": "conditions summarize the status of the check", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckCondition" }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, + "failures": { + "description": "failures contains logs of unsuccessful check actions", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.LogEntry" + } + }, + "outages": { + "description": "outages contains logs of time periods of outages", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.OutageEntry" + } + }, + "successes": { + "description": "successes contains logs successful check actions", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.LogEntry" + } } } }, - "com.github.openshift.api.monitoring.v1.AlertingRule": { - "description": "AlertingRule represents a set of user-defined Prometheus rule groups containing alerting rules. This resource is the supported method for cluster admins to create alerts based on metrics recorded by the platform monitoring stack in OpenShift, i.e. the Prometheus instance deployed to the openshift-monitoring namespace. You might use this to create custom alerting rules not shipped with OpenShift based on metrics from components such as the node_exporter, which provides machine-level metrics such as CPU usage, or kube-state-metrics, which provides metrics on Kubernetes usage.\n\nThe API is mostly compatible with the upstream PrometheusRule type from the prometheus-operator. The primary difference being that recording rules are not allowed here -- only alerting rules. For each AlertingRule resource created, a corresponding PrometheusRule will be created in the openshift-monitoring namespace. OpenShift requires admins to use the AlertingRule resource rather than the upstream type in order to allow better OpenShift specific defaulting and validation, while not modifying the upstream APIs directly.\n\nYou can find upstream API documentation for PrometheusRule resources here:\n\nhttps://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operatoringress.v1.DNSRecord": { + "description": "DNSRecord is a DNS record managed in the zones defined by dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone.\n\nCluster admin manipulation of this resource is not supported. This resource is only for internal communication of OpenShift operators.\n\nIf DNSManagementPolicy is \"Unmanaged\", the operator will not be responsible for managing the DNS records on the cloud provider.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "spec" + "spec", + "status" ], "properties": { "apiVersion": { @@ -38506,34 +37019,36 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec describes the desired state of this AlertingRule object.", + "description": "spec is the specification of the desired behavior of the dnsRecord.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.AlertingRuleSpec" + "$ref": "#/definitions/com.github.openshift.api.operatoringress.v1.DNSRecordSpec" }, "status": { - "description": "status describes the current state of this AlertOverrides object.", + "description": "status is the most recently observed status of the dnsRecord.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.AlertingRuleStatus" + "$ref": "#/definitions/com.github.openshift.api.operatoringress.v1.DNSRecordStatus" } } }, - "com.github.openshift.api.monitoring.v1.AlertingRuleList": { - "description": "AlertingRuleList is a list of AlertingRule objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operatoringress.v1.DNSRecordList": { + "description": "DNSRecordList contains a list of dnsrecords.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "properties": { - "apiVersion": { + "required": [ + "items" + ], + "properties": { + "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "items": { - "description": "items is a list of AlertingRule objects.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.AlertingRule" + "$ref": "#/definitions/com.github.openshift.api.operatoringress.v1.DNSRecord" } }, "kind": { @@ -38541,284 +37056,125 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.monitoring.v1.AlertingRuleSpec": { - "description": "AlertingRuleSpec is the desired state of an AlertingRule resource.", + "com.github.openshift.api.operatoringress.v1.DNSRecordSpec": { + "description": "DNSRecordSpec contains the details of a DNS record.", "type": "object", "required": [ - "groups" + "dnsName", + "targets", + "recordType", + "recordTTL", + "dnsManagementPolicy" ], "properties": { - "groups": { - "description": "groups is a list of grouped alerting rules. Rule groups are the unit at which Prometheus parallelizes rule processing. All rules in a single group share a configured evaluation interval. All rules in the group will be processed together on this interval, sequentially, and all rules will be processed.\n\nIt's common to group related alerting rules into a single AlertingRule resources, and within that resource, closely related alerts, or simply alerts with the same interval, into individual groups. You are also free to create AlertingRule resources with only a single rule group, but be aware that this can have a performance impact on Prometheus if the group is extremely large or has very complex query expressions to evaluate. Spreading very complex rules across multiple groups to allow them to be processed in parallel is also a common use-case.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.RuleGroup" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - } - }, - "com.github.openshift.api.monitoring.v1.AlertingRuleStatus": { - "description": "AlertingRuleStatus is the status of an AlertingRule resource.", - "type": "object", - "properties": { - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with.", - "type": "integer", - "format": "int64" + "dnsManagementPolicy": { + "description": "dnsManagementPolicy denotes the current policy applied on the DNS record. Records that have policy set as \"Unmanaged\" are ignored by the ingress operator. This means that the DNS record on the cloud provider is not managed by the operator, and the \"Published\" status condition will be updated to \"Unknown\" status, since it is externally managed. Any existing record on the cloud provider can be deleted at the discretion of the cluster admin.\n\nThis field defaults to Managed. Valid values are \"Managed\" and \"Unmanaged\".", + "type": "string", + "default": "Managed" }, - "prometheusRule": { - "description": "prometheusRule is the generated PrometheusRule for this AlertingRule. Each AlertingRule instance results in a generated PrometheusRule object in the same namespace, which is always the openshift-monitoring namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.PrometheusRuleRef" - } - } - }, - "com.github.openshift.api.monitoring.v1.PrometheusRuleRef": { - "description": "PrometheusRuleRef is a reference to an existing PrometheusRule object. Each AlertingRule instance results in a generated PrometheusRule object in the same namespace, which is always the openshift-monitoring namespace. This is used to point to the generated PrometheusRule object in the AlertingRule status.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "description": "name of the referenced PrometheusRule.", + "dnsName": { + "description": "dnsName is the hostname of the DNS record", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.monitoring.v1.RelabelConfig": { - "description": "RelabelConfig allows dynamic rewriting of label sets for alerts. See Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "type": "object", - "properties": { - "action": { - "description": "action to perform based on regex matching. Must be one of: 'Replace', 'Keep', 'Drop', 'HashMod', 'LabelMap', 'LabelDrop', or 'LabelKeep'. Default is: 'Replace'", - "type": "string" }, - "modulus": { - "description": "modulus to take of the hash of the source label values. This can be combined with the 'HashMod' action to set 'target_label' to the 'modulus' of a hash of the concatenated 'source_labels'. This is only valid if sourceLabels is not empty and action is not 'LabelKeep' or 'LabelDrop'.", + "recordTTL": { + "description": "recordTTL is the record TTL in seconds. If zero, the default is 30. RecordTTL will not be used in AWS regions Alias targets, but will be used in CNAME targets, per AWS API contract.", "type": "integer", - "format": "int64" - }, - "regex": { - "description": "regex against which the extracted value is matched. Default is: '(.*)' regex is required for all actions except 'HashMod'", - "type": "string" - }, - "replacement": { - "description": "replacement value against which a regex replace is performed if the regular expression matches. This is required if the action is 'Replace' or 'LabelMap' and forbidden for actions 'LabelKeep' and 'LabelDrop'. Regex capture groups are available. Default is: '$1'", - "type": "string" - }, - "separator": { - "description": "separator placed between concatenated source label values. When omitted, Prometheus will use its default value of ';'.", - "type": "string" - }, - "sourceLabels": { - "description": "sourceLabels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the 'Replace', 'Keep', and 'Drop' actions. Not allowed for actions 'LabelKeep' and 'LabelDrop'.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "format": "int64", + "default": 0 }, - "targetLabel": { - "description": "targetLabel to which the resulting value is written in a 'Replace' action. It is required for 'Replace' and 'HashMod' actions and forbidden for actions 'LabelKeep' and 'LabelDrop'. Regex capture groups are available.", - "type": "string" - } - } - }, - "com.github.openshift.api.monitoring.v1.Rule": { - "description": "Rule describes an alerting rule. See Prometheus documentation: - https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules", - "type": "object", - "required": [ - "alert", - "expr" - ], - "properties": { - "alert": { - "description": "alert is the name of the alert. Must be a valid label value, i.e. may contain any Unicode character.", + "recordType": { + "description": "recordType is the DNS record type. For example, \"A\", \"AAAA\", or \"CNAME\".", "type": "string", "default": "" }, - "annotations": { - "description": "annotations to add to each alert. These are values that can be used to store longer additional information that you won't query on, such as alert descriptions or runbook links.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "expr": { - "description": "expr is the PromQL expression to evaluate. Every evaluation cycle this is evaluated at the current time, and all resultant time series become pending or firing alerts. This is most often a string representing a PromQL expression, e.g.: mapi_current_pending_csr > mapi_max_pending_csr In rare cases this could be a simple integer, e.g. a simple \"1\" if the intent is to create an alert that is always firing. This is sometimes used to create an always-firing \"Watchdog\" alert in order to ensure the alerting pipeline is functional.", - "$ref": "#/definitions/IntOrString.intstr.util.pkg.apimachinery.k8s.io" - }, - "for": { - "description": "for is the time period after which alerts are considered firing after first returning results. Alerts which have not yet fired for long enough are considered pending.", - "type": "string" - }, - "labels": { - "description": "labels to add or overwrite for each alert. The results of the PromQL expression for the alert will result in an existing set of labels for the alert, after evaluating the expression, for any label specified here with the same name as a label in that set, the label here wins and overwrites the previous value. These should typically be short identifying values that may be useful to query against. A common example is the alert severity, where one sets `severity: warning` under the `labels` key:", - "type": "object", - "additionalProperties": { + "targets": { + "description": "targets are record targets.", + "type": "array", + "items": { "type": "string", "default": "" } } } }, - "com.github.openshift.api.monitoring.v1.RuleGroup": { - "description": "RuleGroup is a list of sequentially evaluated alerting rules.", + "com.github.openshift.api.operatoringress.v1.DNSRecordStatus": { + "description": "DNSRecordStatus is the most recently observed status of each record.", "type": "object", - "required": [ - "name", - "rules" - ], "properties": { - "interval": { - "description": "interval is how often rules in the group are evaluated. If not specified, it defaults to the global.evaluation_interval configured in Prometheus, which itself defaults to 30 seconds. You can check if this value has been modified from the default on your cluster by inspecting the platform Prometheus configuration: The relevant field in that resource is: spec.evaluationInterval", - "type": "string" - }, - "name": { - "description": "name is the name of the group.", - "type": "string", - "default": "" + "observedGeneration": { + "description": "observedGeneration is the most recently observed generation of the DNSRecord. When the DNSRecord is updated, the controller updates the corresponding record in each managed zone. If an update for a particular zone fails, that failure is recorded in the status condition for the zone so that the controller can determine that it needs to retry the update for that specific zone.", + "type": "integer", + "format": "int64" }, - "rules": { - "description": "rules is a list of sequentially evaluated alerting rules. Prometheus may process rule groups in parallel, but rules within a single group are always processed sequentially, and all rules are processed.", + "zones": { + "description": "zones are the status of the record in each zone.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.Rule" + "$ref": "#/definitions/com.github.openshift.api.operatoringress.v1.DNSZoneStatus" } } } }, - "com.github.openshift.api.network.v1.ClusterNetwork": { - "description": "ClusterNetwork was used by OpenShift SDN. DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in any way by OpenShift.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operatoringress.v1.DNSZoneCondition": { + "description": "DNSZoneCondition is just the standard condition fields.", "type": "object", "required": [ - "serviceNetwork", - "clusterNetworks" + "type", + "status" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "clusterNetworks": { - "description": "clusterNetworks is a list of ClusterNetwork objects that defines the global overlay network's L3 space by specifying a set of CIDR and netmasks that the SDN can allocate addresses from.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1.ClusterNetworkEntry" - } - }, - "hostsubnetlength": { - "description": "hostsubnetlength is the number of bits of network to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pods", - "type": "integer", - "format": "int64" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "mtu": { - "description": "mtu is the MTU for the overlay network. This should be 50 less than the MTU of the network connecting the nodes. It is normally autodetected by the cluster network operator.", - "type": "integer", - "format": "int64" + "lastTransitionTime": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, - "network": { - "description": "network is a CIDR string specifying the global overlay network's L3 space", + "message": { "type": "string" }, - "pluginName": { - "description": "pluginName is the name of the network plugin being used", + "reason": { "type": "string" }, - "serviceNetwork": { - "description": "serviceNetwork is the CIDR range that Service IP addresses are allocated from", + "status": { "type": "string", "default": "" }, - "vxlanPort": { - "description": "vxlanPort sets the VXLAN destination port used by the cluster. It is set by the master configuration file on startup and cannot be edited manually. Valid values for VXLANPort are integers 1-65535 inclusive and if unset defaults to 4789. Changing VXLANPort allows users to resolve issues between openshift SDN and other software trying to use the same VXLAN destination port.", - "type": "integer", - "format": "int64" - } - } - }, - "com.github.openshift.api.network.v1.ClusterNetworkEntry": { - "description": "ClusterNetworkEntry defines an individual cluster network. The CIDRs cannot overlap with other cluster network CIDRs, CIDRs reserved for external ips, CIDRs reserved for service networks, and CIDRs reserved for ingress ips.", - "type": "object", - "required": [ - "CIDR", - "hostSubnetLength" - ], - "properties": { - "CIDR": { - "description": "CIDR defines the total range of a cluster networks address space.", + "type": { "type": "string", "default": "" - }, - "hostSubnetLength": { - "description": "hostSubnetLength is the number of bits of the accompanying CIDR address to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pods.", - "type": "integer", - "format": "int64", - "default": 0 } } }, - "com.github.openshift.api.network.v1.ClusterNetworkList": { - "description": "ClusterNetworkList is a collection of ClusterNetworks\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operatoringress.v1.DNSZoneStatus": { + "description": "DNSZoneStatus is the status of a record within a specific zone.", "type": "object", "required": [ - "items" + "dnsZone" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is the list of cluster networks", + "conditions": { + "description": "conditions are any conditions associated with the record in the zone.\n\nIf publishing the record succeeds, the \"Published\" condition will be set with status \"True\" and upon failure it will be set to \"False\" along with the reason and message describing the cause of the failure.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1.ClusterNetwork" + "$ref": "#/definitions/com.github.openshift.api.operatoringress.v1.DNSZoneCondition" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "dnsZone": { + "description": "dnsZone is the zone where the record is published.", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.DNSZone" } } }, - "com.github.openshift.api.network.v1.EgressNetworkPolicy": { - "description": "EgressNetworkPolicy was used by OpenShift SDN. DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in any way by OpenShift.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.osin.v1.AllowAllPasswordIdentityProvider": { + "description": "AllowAllPasswordIdentityProvider provides identities for users authenticating using non-empty passwords\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", - "required": [ - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -38827,512 +37183,567 @@ "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "spec is the specification of the current egress network policy", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1.EgressNetworkPolicySpec" } } }, - "com.github.openshift.api.network.v1.EgressNetworkPolicyList": { - "description": "EgressNetworkPolicyList is a collection of EgressNetworkPolicy\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.osin.v1.BasicAuthPasswordIdentityProvider": { + "description": "BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "items" + "url", + "ca", + "certFile", + "keyFile" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "items is the list of policies", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1.EgressNetworkPolicy" - } + "ca": { + "description": "ca is the CA for verifying TLS connections", + "type": "string", + "default": "" + }, + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", + "type": "string", + "default": "" + }, + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "url": { + "description": "url is the remote URL to connect to", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.network.v1.EgressNetworkPolicyPeer": { - "description": "EgressNetworkPolicyPeer specifies a target to apply egress network policy to", + "com.github.openshift.api.osin.v1.DenyAllPasswordIdentityProvider": { + "description": "DenyAllPasswordIdentityProvider provides no identities for users\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "properties": { - "cidrSelector": { - "description": "cidrSelector is the CIDR range to allow/deny traffic to. If this is set, dnsName must be unset Ideally we would have liked to use the cidr openapi format for this property. But openshift-sdn only supports v4 while specifying the cidr format allows both v4 and v6 cidrs We are therefore using a regex pattern to validate instead.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "dnsName": { - "description": "dnsName is the domain name to allow/deny traffic to. If this is set, cidrSelector must be unset", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" } } }, - "com.github.openshift.api.network.v1.EgressNetworkPolicyRule": { - "description": "EgressNetworkPolicyRule contains a single egress network policy rule", + "com.github.openshift.api.osin.v1.GitHubIdentityProvider": { + "description": "GitHubIdentityProvider provides identities for users authenticating using GitHub credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "type", - "to" + "clientID", + "clientSecret", + "organizations", + "teams", + "hostname", + "ca" ], "properties": { - "to": { - "description": "to is the target that traffic is allowed/denied to", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1.EgressNetworkPolicyPeer" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "type": { - "description": "type marks this as an \"Allow\" or \"Deny\" rule", + "ca": { + "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server. If empty, the default system roots are used. This can only be configured when hostname is set to a non-empty value.", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.network.v1.EgressNetworkPolicySpec": { - "description": "EgressNetworkPolicySpec provides a list of policies on outgoing network traffic", - "type": "object", - "required": [ - "egress" - ], - "properties": { - "egress": { - "description": "egress contains the list of egress policy rules", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1.EgressNetworkPolicyRule" - } - } - } - }, - "com.github.openshift.api.network.v1.HostSubnet": { - "description": "HostSubnet was used by OpenShift SDN. DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in any way by OpenShift.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "host", - "hostIP", - "subnet" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + }, + "clientID": { + "description": "clientID is the oauth client ID", + "type": "string", + "default": "" + }, + "clientSecret": { + "description": "clientSecret is the oauth client secret", + "$ref": "#/definitions/com.github.openshift.api.config.v1.StringSource" + }, + "hostname": { + "description": "hostname is the optional domain (e.g. \"mycompany.com\") for use with a hosted instance of GitHub Enterprise. It must match the GitHub Enterprise settings value that is configured at /setup/settings#hostname.", + "type": "string", + "default": "" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "egressCIDRs": { - "description": "egressCIDRs is the list of CIDR ranges available for automatically assigning egress IPs to this node from. If this field is set then EgressIPs should be treated as read-only.", + "organizations": { + "description": "organizations optionally restricts which organizations are allowed to log in", "type": "array", "items": { "type": "string", "default": "" } }, - "egressIPs": { - "description": "egressIPs is the list of automatic egress IP addresses currently hosted by this node. If EgressCIDRs is empty, this can be set by hand; if EgressCIDRs is set then the master will overwrite the value here with its own allocation of egress IPs.", + "teams": { + "description": "teams optionally restricts which teams are allowed to log in. Format is /.", "type": "array", "items": { "type": "string", "default": "" } + } + } + }, + "com.github.openshift.api.osin.v1.GitLabIdentityProvider": { + "description": "GitLabIdentityProvider provides identities for users authenticating using GitLab credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "required": [ + "ca", + "url", + "clientID", + "clientSecret" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "host": { - "description": "host is the name of the node. (This is the same as the object's name, but both fields must be set.)", + "ca": { + "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", "type": "string", "default": "" }, - "hostIP": { - "description": "hostIP is the IP address to be used as a VTEP by other nodes in the overlay network", + "clientID": { + "description": "clientID is the oauth client ID", "type": "string", "default": "" }, + "clientSecret": { + "description": "clientSecret is the oauth client secret", + "$ref": "#/definitions/com.github.openshift.api.config.v1.StringSource" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "legacy": { + "description": "legacy determines if OAuth2 or OIDC should be used If true, OAuth2 is used If false, OIDC is used If nil and the URL's host is gitlab.com, OIDC is used Otherwise, OAuth2 is used In a future release, nil will default to using OIDC Eventually this flag will be removed and only OIDC will be used", + "type": "boolean" }, - "subnet": { - "description": "subnet is the CIDR range of the overlay network assigned to the node for its pods", + "url": { + "description": "url is the oauth server base URL", "type": "string", "default": "" } } }, - "com.github.openshift.api.network.v1.HostSubnetList": { - "description": "HostSubnetList is a collection of HostSubnets\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.osin.v1.GoogleIdentityProvider": { + "description": "GoogleIdentityProvider provides identities for users authenticating using Google credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "items" + "clientID", + "clientSecret", + "hostedDomain" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "items is the list of host subnets", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1.HostSubnet" - } + "clientID": { + "description": "clientID is the oauth client ID", + "type": "string", + "default": "" + }, + "clientSecret": { + "description": "clientSecret is the oauth client secret", + "$ref": "#/definitions/com.github.openshift.api.config.v1.StringSource" + }, + "hostedDomain": { + "description": "hostedDomain is the optional Google App domain (e.g. \"mycompany.com\") to restrict logins to", + "type": "string", + "default": "" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + } + } + }, + "com.github.openshift.api.osin.v1.GrantConfig": { + "description": "GrantConfig holds the necessary configuration options for grant handlers", + "type": "object", + "required": [ + "method", + "serviceAccountMethod" + ], + "properties": { + "method": { + "description": "method determines the default strategy to use when an OAuth client requests a grant. This method will be used only if the specific OAuth client doesn't provide a strategy of their own. Valid grant handling methods are:\n - auto: always approves grant requests, useful for trusted clients\n - prompt: prompts the end user for approval of grant requests, useful for third-party clients\n - deny: always denies grant requests, useful for black-listed clients", + "type": "string", + "default": "" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "serviceAccountMethod": { + "description": "serviceAccountMethod is used for determining client authorization for service account oauth client. It must be either: deny, prompt", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.network.v1.NetNamespace": { - "description": "NetNamespace was used by OpenShift SDN. DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in any way by OpenShift.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.osin.v1.HTPasswdPasswordIdentityProvider": { + "description": "HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "netname", - "netid" + "file" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "egressIPs": { - "description": "egressIPs is a list of reserved IPs that will be used as the source for external traffic coming from pods in this namespace. (If empty, external traffic will be masqueraded to Node IPs.)", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "netid": { - "description": "netid is the network identifier of the network namespace assigned to each overlay network packet. This can be manipulated with the \"oc adm pod-network\" commands.", - "type": "integer", - "format": "int64", - "default": 0 - }, - "netname": { - "description": "netname is the name of the network namespace. (This is the same as the object's name, but both fields must be set.)", + "file": { + "description": "file is a reference to your htpasswd file", "type": "string", "default": "" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" } } }, - "com.github.openshift.api.network.v1.NetNamespaceList": { - "description": "NetNamespaceList is a collection of NetNamespaces\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.osin.v1.IdentityProvider": { + "description": "IdentityProvider provides identities for users authenticating using credentials", "type": "object", "required": [ - "items" + "name", + "challenge", + "login", + "mappingMethod", + "provider" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "challenge": { + "description": "challenge indicates whether to issue WWW-Authenticate challenges for this provider", + "type": "boolean", + "default": false }, - "items": { - "description": "items is the list of net namespaces", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1.NetNamespace" - } + "login": { + "description": "login indicates whether to use this identity provider for unauthenticated browsers to login against", + "type": "boolean", + "default": false }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "mappingMethod": { + "description": "mappingMethod determines how identities from this provider are mapped to users", + "type": "string", + "default": "" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "name": { + "description": "name is used to qualify the identities returned by this provider", + "type": "string", + "default": "" + }, + "provider": { + "description": "provider contains the information about how to set up a specific identity provider", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } } }, - "com.github.openshift.api.network.v1alpha1.DNSNameResolver": { - "description": "DNSNameResolver stores the DNS name resolution information of a DNS name. It can be enabled by the TechPreviewNoUpgrade feature set. It can also be enabled by the feature gate DNSNameResolver when using CustomNoUpgrade feature set.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.osin.v1.KeystonePasswordIdentityProvider": { + "description": "KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "spec" + "url", + "ca", + "certFile", + "keyFile", + "domainName", + "useKeystoneIdentity" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "ca": { + "description": "ca is the CA for verifying TLS connections", + "type": "string", + "default": "" + }, + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", + "type": "string", + "default": "" + }, + "domainName": { + "description": "domainName is required for keystone v3", + "type": "string", + "default": "" + }, + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "spec is the specification of the desired behavior of the DNSNameResolver.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1alpha1.DNSNameResolverSpec" + "url": { + "description": "url is the remote URL to connect to", + "type": "string", + "default": "" }, - "status": { - "description": "status is the most recently observed status of the DNSNameResolver.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1alpha1.DNSNameResolverStatus" + "useKeystoneIdentity": { + "description": "useKeystoneIdentity flag indicates that user should be authenticated by keystone ID, not by username", + "type": "boolean", + "default": false } } }, - "com.github.openshift.api.network.v1alpha1.DNSNameResolverList": { - "description": "DNSNameResolverList contains a list of DNSNameResolvers.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.osin.v1.LDAPAttributeMapping": { + "description": "LDAPAttributeMapping maps LDAP attributes to OpenShift identity fields", "type": "object", "required": [ - "items" + "id", + "preferredUsername", + "name", + "email" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "email": { + "description": "email is the list of attributes whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "items": { - "description": "items gives the list of DNSNameResolvers.", + "id": { + "description": "id is the list of attributes whose values should be used as the user ID. Required. LDAP standard identity attribute is \"dn\"", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1alpha1.DNSNameResolver" + "type": "string", + "default": "" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "name": { + "description": "name is the list of attributes whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity LDAP standard display name attribute is \"cn\"", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "preferredUsername": { + "description": "preferredUsername is the list of attributes whose values should be used as the preferred username. LDAP standard login attribute is \"uid\"", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.network.v1alpha1.DNSNameResolverResolvedAddress": { - "description": "DNSNameResolverResolvedAddress describes the details of an IP address for a resolved DNS name.", + "com.github.openshift.api.osin.v1.LDAPPasswordIdentityProvider": { + "description": "LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "ip", - "ttlSeconds", - "lastLookupTime" + "url", + "bindDN", + "bindPassword", + "insecure", + "ca", + "attributes" ], "properties": { - "ip": { - "description": "ip is an IP address associated with the dnsName. The validity of the IP address expires after lastLookupTime + ttlSeconds. To refresh the information, a DNS lookup will be performed upon the expiration of the IP address's validity. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "attributes": { + "description": "attributes maps LDAP attributes to identities", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.osin.v1.LDAPAttributeMapping" + }, + "bindDN": { + "description": "bindDN is an optional DN to bind with during the search phase.", "type": "string", "default": "" }, - "lastLookupTime": { - "description": "lastLookupTime is the timestamp when the last DNS lookup was completed successfully. The validity of the IP address expires after lastLookupTime + ttlSeconds. The value of this field will be updated to the current time on a successful DNS lookup. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "bindPassword": { + "description": "bindPassword is an optional password to bind with during the search phase.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.StringSource" }, - "ttlSeconds": { - "description": "ttlSeconds is the time-to-live value of the IP address. The validity of the IP address expires after lastLookupTime + ttlSeconds. On a successful DNS lookup the value of this field will be updated with the current time-to-live value. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity.", - "type": "integer", - "format": "int32", - "default": 0 + "ca": { + "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", + "type": "string", + "default": "" + }, + "insecure": { + "description": "insecure, if true, indicates the connection should not use TLS. Cannot be set to true with a URL scheme of \"ldaps://\" If false, \"ldaps://\" URLs connect using TLS, and \"ldap://\" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830", + "type": "boolean", + "default": false + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "url": { + "description": "url is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is\n ldap://host:port/basedn?attribute?scope?filter", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.network.v1alpha1.DNSNameResolverResolvedName": { - "description": "DNSNameResolverResolvedName describes the details of a resolved DNS name.", + "com.github.openshift.api.osin.v1.OAuthConfig": { + "description": "OAuthConfig holds the necessary configuration options for OAuth authentication", "type": "object", "required": [ - "dnsName", - "resolvedAddresses" + "masterCA", + "masterURL", + "masterPublicURL", + "loginURL", + "assetPublicURL", + "alwaysShowProviderSelection", + "identityProviders", + "grantConfig", + "sessionConfig", + "tokenConfig", + "templates" ], "properties": { - "conditions": { - "description": "conditions provide information about the state of the DNS name. Known .status.conditions.type is: \"Degraded\". \"Degraded\" is true when the last resolution failed for the DNS name, and false otherwise.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "alwaysShowProviderSelection": { + "description": "alwaysShowProviderSelection will force the provider selection page to render even when there is only a single provider.", + "type": "boolean", + "default": false }, - "dnsName": { - "description": "dnsName is the resolved DNS name matching the name field of DNSNameResolverSpec. This field can store both regular and wildcard DNS names which match the spec.name field. When the spec.name field contains a regular DNS name, this field will store the same regular DNS name after it is successfully resolved. When the spec.name field contains a wildcard DNS name, each resolvedName.dnsName will store the regular DNS names which match the wildcard DNS name and have been successfully resolved. If the wildcard DNS name can also be successfully resolved, then this field will store the wildcard DNS name as well.", + "assetPublicURL": { + "description": "assetPublicURL is used for building valid client redirect URLs for external access", "type": "string", "default": "" }, - "resolutionFailures": { - "description": "resolutionFailures keeps the count of how many consecutive times the DNS resolution failed for the dnsName. If the DNS resolution succeeds then the field will be set to zero. Upon every failure, the value of the field will be incremented by one. The details about the DNS name will be removed, if the value of resolutionFailures reaches 5 and the TTL of all the associated IP addresses have expired.", - "type": "integer", - "format": "int32" + "grantConfig": { + "description": "grantConfig describes how to handle grants", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.osin.v1.GrantConfig" }, - "resolvedAddresses": { - "description": "resolvedAddresses gives the list of associated IP addresses and their corresponding TTLs and last lookup times for the dnsName.", + "identityProviders": { + "description": "identityProviders is an ordered list of ways for a user to identify themselves", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1alpha1.DNSNameResolverResolvedAddress" - }, - "x-kubernetes-list-map-keys": [ - "ip" - ], - "x-kubernetes-list-type": "map" - } - } - }, - "com.github.openshift.api.network.v1alpha1.DNSNameResolverSpec": { - "description": "DNSNameResolverSpec is a desired state description of DNSNameResolver.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "description": "name is the DNS name for which the DNS name resolution information will be stored. For a regular DNS name, only the DNS name resolution information of the regular DNS name will be stored. For a wildcard DNS name, the DNS name resolution information of all the DNS names that match the wildcard DNS name will be stored. For a wildcard DNS name, the '*' will match only one label. Additionally, only a single '*' can be used at the beginning of the wildcard DNS name. For example, '*.example.com.' will match 'sub1.example.com.' but won't match 'sub2.sub1.example.com.'", + "$ref": "#/definitions/com.github.openshift.api.osin.v1.IdentityProvider" + } + }, + "loginURL": { + "description": "loginURL, along with masterCA, masterURL and masterPublicURL have distinct meanings depending on how the OAuth server is run. The two states are: 1. embedded in the kube api server (all 3.x releases) 2. as a standalone external process (all 4.x releases) in the embedded configuration, loginURL is equivalent to masterPublicURL and the other fields have functionality that matches their docs. in the standalone configuration, the fields are used as: loginURL is the URL required to login to the cluster: oc login --server= masterPublicURL is the issuer URL it is accessible from inside (service network) and outside (ingress) of the cluster masterURL is the loopback variation of the token_endpoint URL with no path component it is only accessible from inside (service network) of the cluster masterCA is used to perform TLS verification for connections made to masterURL For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.network.v1alpha1.DNSNameResolverStatus": { - "description": "DNSNameResolverStatus defines the observed status of DNSNameResolver.", - "type": "object", - "properties": { - "resolvedNames": { - "description": "resolvedNames contains a list of matching DNS names and their corresponding IP addresses along with their TTL and last DNS lookup times.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1alpha1.DNSNameResolverResolvedName" - }, - "x-kubernetes-list-map-keys": [ - "dnsName" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "dnsName", - "x-kubernetes-patch-strategy": "merge" - } - } - }, - "com.github.openshift.api.networkoperator.v1.EgressRouter": { - "description": "EgressRouter is a feature allowing the user to define an egress router that acts as a bridge between pods and external systems. The egress router runs a service that redirects egress traffic originating from a pod or a group of pods to a remote external system or multiple destinations as per configuration.\n\nIt is consumed by the cluster-network-operator. More specifically, given an EgressRouter CR with , the CNO will create and manage: - A service called - An egress pod called - A NAD called \n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).\n\nEgressRouter is a single egressrouter pod configuration object.", - "type": "object", - "required": [ - "spec" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "masterCA": { + "description": "masterCA is the CA for verifying the TLS connection back to the MasterURL. This field is deprecated and will be removed in a future release. See loginURL for details. Deprecated", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "masterPublicURL": { + "description": "masterPublicURL is used for building valid client redirect URLs for internal and external access This field is deprecated and will be removed in a future release. See loginURL for details. Deprecated", + "type": "string", + "default": "" }, - "spec": { - "description": "Specification of the desired egress router.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.networkoperator.v1.EgressRouterSpec" + "masterURL": { + "description": "masterURL is used for making server-to-server calls to exchange authorization codes for access tokens This field is deprecated and will be removed in a future release. See loginURL for details. Deprecated", + "type": "string", + "default": "" }, - "status": { - "description": "Observed status of EgressRouter.", + "sessionConfig": { + "description": "sessionConfig hold information about configuring sessions.", + "$ref": "#/definitions/com.github.openshift.api.osin.v1.SessionConfig" + }, + "templates": { + "description": "templates allow you to customize pages like the login page.", + "$ref": "#/definitions/com.github.openshift.api.osin.v1.OAuthTemplates" + }, + "tokenConfig": { + "description": "tokenConfig contains options for authorization and access tokens", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.networkoperator.v1.EgressRouterStatus" + "$ref": "#/definitions/com.github.openshift.api.osin.v1.TokenConfig" } } }, - "com.github.openshift.api.networkoperator.v1.EgressRouterSpec": { - "description": "EgressRouterSpec contains the configuration for an egress router. Mode, networkInterface and addresses fields must be specified along with exactly one \"Config\" that matches the mode. Each config consists of parameters specific to that mode.", + "com.github.openshift.api.osin.v1.OAuthTemplates": { + "description": "OAuthTemplates allow for customization of pages like the login page", "type": "object", "required": [ - "mode", - "networkInterface", - "addresses" + "login", + "providerSelection", + "error" ], "properties": { - "addresses": { - "description": "List of IP addresses to configure on the pod's secondary interface.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.networkoperator.v1.EgressRouterAddress" - } - }, - "mode": { - "description": "mode depicts the mode that is used for the egress router. The default mode is \"Redirect\" and is the only supported mode currently.", + "error": { + "description": "error is a path to a file containing a go template used to render error pages during the authentication or grant flow If unspecified, the default error page is used.", "type": "string", "default": "" }, - "networkInterface": { - "description": "Specification of interface to create/use. The default is macvlan. Currently only macvlan is supported.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.networkoperator.v1.EgressRouterInterface" + "login": { + "description": "login is a path to a file containing a go template used to render the login page. If unspecified, the default login page is used.", + "type": "string", + "default": "" }, - "redirect": { - "description": "redirect represents the configuration parameters specific to redirect mode.", - "$ref": "#/definitions/com.github.openshift.api.networkoperator.v1.RedirectConfig" + "providerSelection": { + "description": "providerSelection is a path to a file containing a go template used to render the provider selection page. If unspecified, the default provider selection page is used.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.oauth.v1.ClusterRoleScopeRestriction": { - "description": "ClusterRoleScopeRestriction describes restrictions on cluster role scopes", + "com.github.openshift.api.osin.v1.OpenIDClaims": { + "description": "OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider", "type": "object", "required": [ - "roleNames", - "namespaces", - "allowEscalation" + "id", + "preferredUsername", + "name", + "email", + "groups" ], "properties": { - "allowEscalation": { - "description": "allowEscalation indicates whether you can request roles and their escalating resources", - "type": "boolean", - "default": false + "email": { + "description": "email is the list of claims whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "namespaces": { - "description": "namespaces is the list of namespaces that can be referenced. * means any of them (including *)", + "groups": { + "description": "groups is the list of claims value of which should be used to synchronize groups from the OIDC provider to OpenShift for the user", "type": "array", "items": { "type": "string", "default": "" } }, - "roleNames": { - "description": "roleNames is the list of cluster roles that can referenced. * means anything", + "id": { + "description": "id is the list of claims whose values should be used as the user ID. Required. OpenID standard identity claim is \"sub\"", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "name": { + "description": "name is the list of claims whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "preferredUsername": { + "description": "preferredUsername is the list of claims whose values should be used as the preferred username. If unspecified, the preferred username is determined from the value of the id claim", "type": "array", "items": { "type": "string", @@ -39341,217 +37752,339 @@ } } }, - "com.github.openshift.api.oauth.v1.OAuthAccessToken": { - "description": "OAuthAccessToken describes an OAuth access token. The name of a token must be prefixed with a `sha256~` string, must not contain \"/\" or \"%\" characters and must be at least 32 characters long.\n\nThe name of the token is constructed from the actual token by sha256-hashing it and using URL-safe unpadded base64-encoding (as described in RFC4648) on the hashed result.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.osin.v1.OpenIDIdentityProvider": { + "description": "OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "ca", + "clientID", + "clientSecret", + "extraScopes", + "extraAuthorizeParameters", + "urls", + "claims" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "authorizeToken": { - "description": "authorizeToken contains the token that authorized this token", - "type": "string" - }, - "clientName": { - "description": "clientName references the client that created this token.", - "type": "string" - }, - "expiresIn": { - "description": "expiresIn is the seconds from CreationTime before this token expires.", - "type": "integer", - "format": "int64" - }, - "inactivityTimeoutSeconds": { - "description": "inactivityTimeoutSeconds is the value in seconds, from the CreationTimestamp, after which this token can no longer be used. The value is automatically incremented when the token is used.", - "type": "integer", - "format": "int32" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "ca": { + "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", + "type": "string", + "default": "" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "claims": { + "description": "claims mappings", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.osin.v1.OpenIDClaims" }, - "redirectURI": { - "description": "redirectURI is the redirection associated with the token.", - "type": "string" + "clientID": { + "description": "clientID is the oauth client ID", + "type": "string", + "default": "" }, - "refreshToken": { - "description": "refreshToken is the value by which this token can be renewed. Can be blank.", - "type": "string" + "clientSecret": { + "description": "clientSecret is the oauth client secret", + "$ref": "#/definitions/com.github.openshift.api.config.v1.StringSource" }, - "scopes": { - "description": "scopes is an array of the requested scopes.", + "extraAuthorizeParameters": { + "description": "extraAuthorizeParameters are any custom parameters to add to the authorize request.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "extraScopes": { + "description": "extraScopes are any scopes to request in addition to the standard \"openid\" scope.", "type": "array", "items": { "type": "string", "default": "" } }, - "userName": { - "description": "userName is the user name associated with this token", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "userUID": { - "description": "userUID is the unique UID associated with this token", - "type": "string" + "urls": { + "description": "urls to use to authenticate", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.osin.v1.OpenIDURLs" } } }, - "com.github.openshift.api.oauth.v1.OAuthAccessTokenList": { - "description": "OAuthAccessTokenList is a collection of OAuth access tokens\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.osin.v1.OpenIDURLs": { + "description": "OpenIDURLs are URLs to use when authenticating with an OpenID identity provider", "type": "object", "required": [ - "items" + "authorize", + "token", + "userInfo" + ], + "properties": { + "authorize": { + "description": "authorize is the oauth authorization URL", + "type": "string", + "default": "" + }, + "token": { + "description": "token is the oauth token granting URL", + "type": "string", + "default": "" + }, + "userInfo": { + "description": "userInfo is the optional userinfo URL. If present, a granted access_token is used to request claims If empty, a granted id_token is parsed for claims", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.osin.v1.OsinServerConfig": { + "description": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "required": [ + "servingInfo", + "corsAllowedOrigins", + "auditConfig", + "storageConfig", + "admission", + "kubeClientConfig", + "oauthConfig" ], "properties": { + "admission": { + "description": "admissionConfig holds information about how to configure admission.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.AdmissionConfig" + }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "items is the list of OAuth access tokens", + "auditConfig": { + "description": "auditConfig describes how to configure audit information", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.AuditConfig" + }, + "corsAllowedOrigins": { + "description": "corsAllowedOrigins", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.oauth.v1.OAuthAccessToken" + "type": "string", + "default": "" } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "kubeClientConfig": { "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.config.v1.KubeClientConfig" + }, + "oauthConfig": { + "description": "oauthConfig holds the necessary configuration options for OAuth authentication", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.osin.v1.OAuthConfig" + }, + "servingInfo": { + "description": "servingInfo describes how to start serving", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" + }, + "storageConfig": { + "description": "storageConfig contains information about how to use", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.EtcdStorageConfig" } } }, - "com.github.openshift.api.oauth.v1.OAuthAuthorizeToken": { - "description": "OAuthAuthorizeToken describes an OAuth authorization token\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.osin.v1.RequestHeaderIdentityProvider": { + "description": "RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "loginURL", + "challengeURL", + "clientCA", + "clientCommonNames", + "headers", + "preferredUsernameHeaders", + "nameHeaders", + "emailHeaders" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "clientName": { - "description": "clientName references the client that created this token.", - "type": "string" + "challengeURL": { + "description": "challengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}", + "type": "string", + "default": "" }, - "codeChallenge": { - "description": "codeChallenge is the optional code_challenge associated with this authorization code, as described in rfc7636", - "type": "string" + "clientCA": { + "description": "clientCA is a file with the trusted signer certs. If empty, no request verification is done, and any direct request to the OAuth server can impersonate any identity from this provider, merely by setting a request header.", + "type": "string", + "default": "" }, - "codeChallengeMethod": { - "description": "codeChallengeMethod is the optional code_challenge_method associated with this authorization code, as described in rfc7636", - "type": "string" + "clientCommonNames": { + "description": "clientCommonNames is an optional list of common names to require a match from. If empty, any client certificate validated against the clientCA bundle is considered authoritative.", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "expiresIn": { - "description": "expiresIn is the seconds from CreationTime before this token expires.", - "type": "integer", - "format": "int64" + "emailHeaders": { + "description": "emailHeaders is the set of headers to check for the email address", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "headers": { + "description": "headers is the set of headers to check for identity information", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "loginURL": { + "description": "loginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}", + "type": "string", + "default": "" }, - "redirectURI": { - "description": "redirectURI is the redirection associated with the token.", - "type": "string" + "nameHeaders": { + "description": "nameHeaders is the set of headers to check for the display name", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "scopes": { - "description": "scopes is an array of the requested scopes.", + "preferredUsernameHeaders": { + "description": "preferredUsernameHeaders is the set of headers to check for the preferred username", "type": "array", "items": { "type": "string", "default": "" } + } + } + }, + "com.github.openshift.api.osin.v1.SessionConfig": { + "description": "SessionConfig specifies options for cookie-based sessions. Used by AuthRequestHandlerSession", + "type": "object", + "required": [ + "sessionSecretsFile", + "sessionMaxAgeSeconds", + "sessionName" + ], + "properties": { + "sessionMaxAgeSeconds": { + "description": "sessionMaxAgeSeconds specifies how long created sessions last. Used by AuthRequestHandlerSession", + "type": "integer", + "format": "int32", + "default": 0 }, - "state": { - "description": "state data from request", - "type": "string" + "sessionName": { + "description": "sessionName is the cookie name used to store the session", + "type": "string", + "default": "" }, - "userName": { - "description": "userName is the user name associated with this token", - "type": "string" + "sessionSecretsFile": { + "description": "sessionSecretsFile is a reference to a file containing a serialized SessionSecrets object If no file is specified, a random signing and encryption key are generated at each server start", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.osin.v1.SessionSecret": { + "description": "SessionSecret is a secret used to authenticate/decrypt cookie-based sessions", + "type": "object", + "required": [ + "authentication", + "encryption" + ], + "properties": { + "authentication": { + "description": "authentication is used to authenticate sessions using HMAC. Recommended to use a secret with 32 or 64 bytes.", + "type": "string", + "default": "" }, - "userUID": { - "description": "userUID is the unique UID associated with this token. UserUID and UserName must both match for this token to be valid.", - "type": "string" + "encryption": { + "description": "encryption is used to encrypt sessions. Must be 16, 24, or 32 characters long, to select AES-128, AES-", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.oauth.v1.OAuthAuthorizeTokenList": { - "description": "OAuthAuthorizeTokenList is a collection of OAuth authorization tokens\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.osin.v1.SessionSecrets": { + "description": "SessionSecrets list the secrets to use to sign/encrypt and authenticate/decrypt created sessions.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "items" + "secrets" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "items is the list of OAuth authorization tokens", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.oauth.v1.OAuthAuthorizeToken" - } - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "secrets": { + "description": "secrets is a list of secrets New sessions are signed and encrypted using the first secret. Existing sessions are decrypted/authenticated by each secret until one succeeds. This allows rotating secrets.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.osin.v1.SessionSecret" + } } } }, - "com.github.openshift.api.oauth.v1.OAuthClient": { - "description": "OAuthClient describes an OAuth client\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.osin.v1.TokenConfig": { + "description": "TokenConfig holds the necessary configuration options for authorization and access tokens", "type": "object", "properties": { + "accessTokenInactivityTimeout": { + "description": "accessTokenInactivityTimeout defines the token inactivity timeout for tokens granted by any client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Takes valid time duration string such as \"5m\", \"1.5h\" or \"2h45m\". The minimum allowed value for duration is 300s (5 minutes). If the timeout is configured per client, then that value takes precedence. If the timeout value is not specified and the client does not override the value, then tokens are valid until their lifetime.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + }, "accessTokenInactivityTimeoutSeconds": { - "description": "accessTokenInactivityTimeoutSeconds overrides the default token inactivity timeout for tokens granted to this client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. This value needs to be set only if the default set in configuration is not appropriate for this client. Valid values are: - 0: Tokens for this client never time out - X: Tokens time out if there is no activity for X seconds The current minimum allowed value for X is 300 (5 minutes)\n\nWARNING: existing tokens' timeout will not be affected (lowered) by changing this value", + "description": "accessTokenInactivityTimeoutSeconds - DEPRECATED: setting this field has no effect.", "type": "integer", "format": "int32" }, "accessTokenMaxAgeSeconds": { - "description": "accessTokenMaxAgeSeconds overrides the default access token max age for tokens granted to this client. 0 means no expiration.", + "description": "accessTokenMaxAgeSeconds defines the maximum age of access tokens", "type": "integer", "format": "int32" }, - "additionalSecrets": { - "description": "additionalSecrets holds other secrets that may be used to identify the client. This is useful for rotation and for service account token validation", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, + "authorizeTokenMaxAgeSeconds": { + "description": "authorizeTokenMaxAgeSeconds defines the maximum age of authorize tokens", + "type": "integer", + "format": "int32" + } + } + }, + "com.github.openshift.api.project.v1.Project": { + "description": "Projects are the unit of isolation and collaboration in OpenShift. A project has one or more members, a quota on the resources that the project may consume, and the security controls on the resources in the project. Within a project, members may have different roles - project administrators can set membership, editors can create and manage the resources, and viewers can see but not access running containers. In a normal cluster project administrators are not able to alter their quotas - that is restricted to cluster administrators.\n\nListing or watching projects will return only projects the user has the reader role on.\n\nAn OpenShift project is an alternative representation of a Kubernetes namespace. Projects are exposed as editable to end users while namespaces are not. Direct creation of a project is typically restricted to administrators, while end users should use the requestproject resource.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "grantMethod": { - "description": "grantMethod is a required field which determines how to handle grants for this client. Valid grant handling methods are:\n - auto: always approves grant requests, useful for trusted clients\n - prompt: prompts the end user for approval of grant requests, useful for third-party clients", - "type": "string" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -39559,45 +38092,64 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "redirectURIs": { - "description": "redirectURIs is the valid redirection URIs associated with a client", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-patch-strategy": "merge" + "spec": { + "description": "spec defines the behavior of the Namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.project.v1.ProjectSpec" }, - "respondWithChallenges": { - "description": "respondWithChallenges indicates whether the client wants authentication needed responses made in the form of challenges instead of redirects", - "type": "boolean" + "status": { + "description": "status describes the current status of a Namespace", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.project.v1.ProjectStatus" + } + } + }, + "com.github.openshift.api.project.v1.ProjectList": { + "description": "ProjectList is a list of Project objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "scopeRestrictions": { - "description": "scopeRestrictions describes which scopes this client can request. Each requested scope is checked against each restriction. If any restriction matches, then the scope is allowed. If no restriction matches, then the scope is denied.", + "items": { + "description": "items is the list of projects", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.oauth.v1.ScopeRestriction" + "$ref": "#/definitions/com.github.openshift.api.project.v1.Project" } }, - "secret": { - "description": "secret is the unique secret associated with a client", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.oauth.v1.OAuthClientAuthorization": { - "description": "OAuthClientAuthorization describes an authorization created by an OAuth client\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.project.v1.ProjectRequest": { + "description": "ProjectRequest is the set of options necessary to fully qualify a project request\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "clientName": { - "description": "clientName references the client that created this authorization", + "description": { + "description": "description is the description to apply to a project", + "type": "string" + }, + "displayName": { + "description": "displayName is the display name to apply to a project", "type": "string" }, "kind": { @@ -39607,58 +38159,83 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "scopes": { - "description": "scopes is an array of the granted scopes.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + } + } + }, + "com.github.openshift.api.project.v1.ProjectSpec": { + "description": "ProjectSpec describes the attributes on a Project", + "type": "object", + "properties": { + "finalizers": { + "description": "finalizers is an opaque list of values that must be empty to permanently remove object from storage", "type": "array", "items": { "type": "string", "default": "" } + } + } + }, + "com.github.openshift.api.project.v1.ProjectStatus": { + "description": "ProjectStatus is information about the current status of a Project", + "type": "object", + "properties": { + "conditions": { + "description": "Represents the latest available observations of the project current state.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.NamespaceCondition" + }, + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "userName": { - "description": "userName is the user name that authorized this client", - "type": "string" - }, - "userUID": { - "description": "userUID is the unique UID associated with this authorization. UserUID and UserName must both match for this authorization to be valid.", - "type": "string" + "phase": { + "description": "phase is the current lifecycle phase of the project\n\nPossible enum values:\n - `\"Active\"` means the namespace is available for use in the system\n - `\"Terminating\"` means the namespace is undergoing graceful termination", + "type": "string", + "enum": [ + "Active", + "Terminating" + ] } } }, - "com.github.openshift.api.oauth.v1.OAuthClientAuthorizationList": { - "description": "OAuthClientAuthorizationList is a collection of OAuth client authorizations\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.quota.v1.AppliedClusterResourceQuota": { + "description": "AppliedClusterResourceQuota mirrors ClusterResourceQuota at a project scope, for projection into a project. It allows a project-admin to know which ClusterResourceQuotas are applied to his project and their associated usage.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "items" + "metadata", + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "items is the list of OAuth client authorizations", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.oauth.v1.OAuthClientAuthorization" - } - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec defines the desired quota", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.quota.v1.ClusterResourceQuotaSpec" + }, + "status": { + "description": "status defines the actual enforced quota and its current usage", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.quota.v1.ClusterResourceQuotaStatus" } } }, - "com.github.openshift.api.oauth.v1.OAuthClientList": { - "description": "OAuthClientList is a collection of OAuth clients\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.quota.v1.AppliedClusterResourceQuotaList": { + "description": "AppliedClusterResourceQuotaList is a collection of AppliedClusterResourceQuotas\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "items" @@ -39669,11 +38246,11 @@ "type": "string" }, "items": { - "description": "items is the list of OAuth clients", + "description": "items is a list of AppliedClusterResourceQuota", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.oauth.v1.OAuthClient" + "$ref": "#/definitions/com.github.openshift.api.quota.v1.AppliedClusterResourceQuota" } }, "kind": { @@ -39683,13 +38260,17 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.oauth.v1.OAuthRedirectReference": { - "description": "OAuthRedirectReference is a reference to an OAuth redirect object.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.quota.v1.ClusterResourceQuota": { + "description": "ClusterResourceQuota mirrors ResourceQuota at a cluster scope. This object is easily convertible to synthetic ResourceQuota object to allow quota evaluation re-use.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -39702,1236 +38283,1001 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "reference": { - "description": "The reference to an redirect object in the current namespace.", + "spec": { + "description": "spec defines the desired quota", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.oauth.v1.RedirectReference" + "$ref": "#/definitions/com.github.openshift.api.quota.v1.ClusterResourceQuotaSpec" + }, + "status": { + "description": "status defines the actual enforced quota and its current usage", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.quota.v1.ClusterResourceQuotaStatus" } } }, - "com.github.openshift.api.oauth.v1.RedirectReference": { - "description": "RedirectReference specifies the target in the current namespace that resolves into redirect URIs. Only the 'Route' kind is currently allowed.", + "com.github.openshift.api.quota.v1.ClusterResourceQuotaList": { + "description": "ClusterResourceQuotaList is a collection of ClusterResourceQuotas\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "group", - "kind", - "name" + "items" ], "properties": { - "group": { - "description": "The group of the target that is being referred to.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is a list of ClusterResourceQuotas", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.quota.v1.ClusterResourceQuota" + } }, "kind": { - "description": "The kind of the target that is being referred to. Currently, only 'Route' is allowed.", - "type": "string", - "default": "" + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "name": { - "description": "The name of the target that is being referred to. e.g. name of the Route.", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.oauth.v1.ScopeRestriction": { - "description": "ScopeRestriction describe one restriction on scopes. Exactly one option must be non-nil.", + "com.github.openshift.api.quota.v1.ClusterResourceQuotaSelector": { + "description": "ClusterResourceQuotaSelector is used to select projects. At least one of LabelSelector or AnnotationSelector must present. If only one is present, it is the only selection criteria. If both are specified, the project must match both restrictions.", "type": "object", "properties": { - "clusterRole": { - "description": "clusterRole describes a set of restrictions for cluster role scoping.", - "$ref": "#/definitions/com.github.openshift.api.oauth.v1.ClusterRoleScopeRestriction" - }, - "literals": { - "description": "ExactValues means the scope has to match a particular set of strings exactly", - "type": "array", - "items": { + "annotations": { + "description": "AnnotationSelector is used to select projects by annotation.", + "type": "object", + "additionalProperties": { "type": "string", "default": "" } + }, + "labels": { + "description": "LabelSelector is used to select projects by label.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" } } }, - "com.github.openshift.api.oauth.v1.UserOAuthAccessToken": { - "description": "UserOAuthAccessToken is a virtual resource to mirror OAuthAccessTokens to the user the access token was issued for", + "com.github.openshift.api.quota.v1.ClusterResourceQuotaSpec": { + "description": "ClusterResourceQuotaSpec defines the desired quota restrictions", "type": "object", + "required": [ + "selector", + "quota" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "authorizeToken": { - "description": "authorizeToken contains the token that authorized this token", - "type": "string" - }, - "clientName": { - "description": "clientName references the client that created this token.", - "type": "string" - }, - "expiresIn": { - "description": "expiresIn is the seconds from CreationTime before this token expires.", - "type": "integer", - "format": "int64" - }, - "inactivityTimeoutSeconds": { - "description": "inactivityTimeoutSeconds is the value in seconds, from the CreationTimestamp, after which this token can no longer be used. The value is automatically incremented when the token is used.", - "type": "integer", - "format": "int32" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "quota": { + "description": "quota defines the desired quota", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceQuotaSpec" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "selector": { + "description": "selector is the selector used to match projects. It should only select active projects on the scale of dozens (though it can select many more less active projects). These projects will contend on object creation through this resource.", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "redirectURI": { - "description": "redirectURI is the redirection associated with the token.", - "type": "string" - }, - "refreshToken": { - "description": "refreshToken is the value by which this token can be renewed. Can be blank.", - "type": "string" - }, - "scopes": { - "description": "scopes is an array of the requested scopes.", + "$ref": "#/definitions/com.github.openshift.api.quota.v1.ClusterResourceQuotaSelector" + } + } + }, + "com.github.openshift.api.quota.v1.ClusterResourceQuotaStatus": { + "description": "ClusterResourceQuotaStatus defines the actual enforced quota and its current usage", + "type": "object", + "required": [ + "total" + ], + "properties": { + "namespaces": { + "description": "namespaces slices the usage by project. This division allows for quick resolution of deletion reconciliation inside of a single project without requiring a recalculation across all projects. This can be used to pull the deltas for a given project.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.quota.v1.ResourceQuotaStatusByNamespace" } }, - "userName": { - "description": "userName is the user name associated with this token", - "type": "string" + "total": { + "description": "total defines the actual enforced quota and its current usage across all projects", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceQuotaStatus" + } + } + }, + "com.github.openshift.api.quota.v1.ResourceQuotaStatusByNamespace": { + "description": "ResourceQuotaStatusByNamespace gives status for a particular project", + "type": "object", + "required": [ + "namespace", + "status" + ], + "properties": { + "namespace": { + "description": "namespace the project this status applies to", + "type": "string", + "default": "" }, - "userUID": { - "description": "userUID is the unique UID associated with this token", - "type": "string" + "status": { + "description": "status indicates how many resources have been consumed by this project", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceQuotaStatus" } } }, - "com.github.openshift.api.oauth.v1.UserOAuthAccessTokenList": { - "description": "UserOAuthAccessTokenList is a collection of access tokens issued on behalf of the requesting user\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.route.v1.LocalObjectReference": { + "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", + "type": "object", + "properties": { + "name": { + "description": "name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "x-kubernetes-map-type": "atomic" + }, + "com.github.openshift.api.route.v1.Route": { + "description": "A route allows developers to expose services through an HTTP(S) aware load balancing and proxy layer via a public DNS entry. The route may further specify TLS options and a certificate, or specify a public CNAME that the router should also accept for HTTP and HTTPS traffic. An administrator typically configures their router to be visible outside the cluster firewall, and may also add additional security, caching, or traffic controls on the service content. Routers usually talk directly to the service endpoints.\n\nOnce a route is created, the `host` field may not be changed. Generally, routers use the oldest route with a given host when resolving conflicts.\n\nRouters are subject to additional customization and may support additional controls via the annotations field.\n\nBecause administrators may configure multiple routers, the route status field is used to return information to clients about the names and states of the route under each router. If a client chooses a duplicate name, for instance, the route status conditions are used to indicate the route cannot be chosen.\n\nTo enable HTTP/2 ALPN on a route it requires a custom (non-wildcard) certificate. This prevents connection coalescing by clients, notably web browsers. We do not support HTTP/2 ALPN on routes that use the default certificate because of the risk of connection re-use/coalescing. Routes that do not have their own custom certificate will not be HTTP/2 ALPN-enabled on either the frontend or the backend.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "items" + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.oauth.v1.UserOAuthAccessToken" - } - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec is the desired state of the route", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteSpec" + }, + "status": { + "description": "status is the current state of the route", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteStatus" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.APIServers": { + "com.github.openshift.api.route.v1.RouteHTTPHeader": { + "description": "RouteHTTPHeader specifies configuration for setting or deleting an HTTP header.", "type": "object", "required": [ - "perGroupOptions" + "name", + "action" ], "properties": { - "perGroupOptions": { - "description": "perGroupOptions is a list of enabled/disabled API servers in addition to the defaults", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.PerGroupOptions" - } + "action": { + "description": "action specifies actions to perform on headers, such as setting or deleting headers.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteHTTPHeaderActionUnion" + }, + "name": { + "description": "name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, \"-!#$%&'*+.^_`\". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.BuildControllerConfig": { + "com.github.openshift.api.route.v1.RouteHTTPHeaderActionUnion": { + "description": "RouteHTTPHeaderActionUnion specifies an action to take on an HTTP header.", "type": "object", "required": [ - "imageTemplateFormat", - "buildDefaults", - "buildOverrides", - "additionalTrustedCA" + "type" ], "properties": { - "additionalTrustedCA": { - "description": "additionalTrustedCA is a path to a pem bundle file containing additional CAs that should be trusted for image pushes and pulls during builds.", + "set": { + "description": "set defines the HTTP header that should be set: added if it doesn't exist or replaced if it does. This field is required when type is Set and forbidden otherwise.", + "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteSetHTTPHeader" + }, + "type": { + "description": "type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.", "type": "string", "default": "" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "set": "Set" + } + } + ] + }, + "com.github.openshift.api.route.v1.RouteHTTPHeaderActions": { + "description": "RouteHTTPHeaderActions defines configuration for actions on HTTP request and response headers.", + "type": "object", + "properties": { + "request": { + "description": "request is a list of HTTP request headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the request headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Currently, actions may define to either `Set` or `Delete` headers values. Route actions will be executed after IngressController actions for request headers. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. You can use this field to specify HTTP request headers that should be set or deleted when forwarding connections from the client to your application. Sample fetchers allowed are \"req.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[req.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\". Any request header configuration applied directly via a Route resource using this API will override header configuration for a header of the same name applied via spec.httpHeaders.actions on the IngressController or route annotation. Note: This field cannot be used if your route uses TLS passthrough.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteHTTPHeader" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "buildDefaults": { - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.BuildDefaultsConfig" - }, - "buildOverrides": { - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.BuildOverridesConfig" - }, - "imageTemplateFormat": { + "response": { + "description": "response is a list of HTTP response headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the response headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Route actions will be executed before IngressController actions for response headers. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. You can use this field to specify HTTP response headers that should be set or deleted when forwarding responses from your application to the client. Sample fetchers allowed are \"res.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[res.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\". Note: This field cannot be used if your route uses TLS passthrough.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteHTTPHeader" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.route.v1.RouteHTTPHeaders": { + "description": "RouteHTTPHeaders defines policy for HTTP headers.", + "type": "object", + "properties": { + "actions": { + "description": "actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the \"haproxy.router.openshift.io/hsts_header\" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController's spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route's spec.httpHeaders.actions field. The headers set via this API will not appear in access logs. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ImageConfig" + "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteHTTPHeaderActions" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.BuildDefaultsConfig": { - "description": "BuildDefaultsConfig controls the default information for Builds\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.route.v1.RouteIngress": { + "description": "RouteIngress holds information about the places where a route is exposed.", "type": "object", "properties": { - "annotations": { - "description": "annotations are annotations that will be added to the build pod", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "env": { - "description": "env is a set of default environment variables that will be applied to the build if the specified variables do not exist on the build", + "conditions": { + "description": "conditions is the state of the route, may be empty.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" - } + "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteIngressCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "gitHTTPProxy": { - "description": "gitHTTPProxy is the location of the HTTPProxy for Git source", + "host": { + "description": "host is the host string under which the route is exposed; this value is required", "type": "string" }, - "gitHTTPSProxy": { - "description": "gitHTTPSProxy is the location of the HTTPSProxy for Git source", + "routerCanonicalHostname": { + "description": "CanonicalHostname is the external host name for the router that can be used as a CNAME for the host requested for this route. This value is optional and may not be set in all cases.", "type": "string" }, - "gitNoProxy": { - "description": "gitNoProxy is the list of domains for which the proxy should not be used", + "routerName": { + "description": "Name is a name chosen by the router to identify itself; this value is required", "type": "string" }, - "imageLabels": { - "description": "imageLabels is a list of labels that are applied to the resulting image. User can override a default label by providing a label with the same name in their Build/BuildConfig.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageLabel" - } + "wildcardPolicy": { + "description": "Wildcard policy is the wildcard policy that was allowed where this route is exposed.", + "type": "string" + } + } + }, + "com.github.openshift.api.route.v1.RouteIngressCondition": { + "description": "RouteIngressCondition contains details for the current condition of this route on a particular router.", + "type": "object", + "required": [ + "type", + "status" + ], + "properties": { + "lastTransitionTime": { + "description": "RFC 3339 date and time when this condition last transitioned", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "message": { + "description": "Human readable message indicating details about last transition.", "type": "string" }, - "nodeSelector": { - "description": "nodeSelector is a selector which must be true for the build pod to fit on a node", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "reason": { + "description": "(brief) reason for the condition's last transition, and is usually a machine and human readable constant", + "type": "string" }, - "resources": { - "description": "resources defines resource requirements to execute the build.", - "default": {}, - "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" + "status": { + "description": "status is the status of the condition. Can be True, False, Unknown.", + "type": "string", + "default": "" }, - "sourceStrategyDefaults": { - "description": "sourceStrategyDefaults are default values that apply to builds using the source strategy.", - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.SourceStrategyDefaultsConfig" + "type": { + "description": "type is the type of the condition. Currently only Admitted or UnservableInFutureVersions.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.BuildOverridesConfig": { - "description": "BuildOverridesConfig controls override settings for builds\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.route.v1.RouteList": { + "description": "RouteList is a collection of Routes.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "items" + ], "properties": { - "annotations": { - "description": "annotations are annotations that will be added to the build pod", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "forcePull": { - "description": "forcePull overrides, if set, the equivalent value in the builds, i.e. false disables force pull for all builds, true enables force pull for all builds, independently of what each build specifies itself", - "type": "boolean" - }, - "imageLabels": { - "description": "imageLabels is a list of labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten.", + "items": { + "description": "items is a list of routes", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageLabel" + "$ref": "#/definitions/com.github.openshift.api.route.v1.Route" } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "nodeSelector": { - "description": "nodeSelector is a selector which must be true for the build pod to fit on a node", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "tolerations": { - "description": "tolerations is a list of Tolerations that will override any existing tolerations set on a build pod.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" - } + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.ClusterNetworkEntry": { - "description": "ClusterNetworkEntry defines an individual cluster network. The CIDRs cannot overlap with other cluster network CIDRs, CIDRs reserved for external ips, CIDRs reserved for service networks, and CIDRs reserved for ingress ips.", + "com.github.openshift.api.route.v1.RoutePort": { + "description": "RoutePort defines a port mapping from a router to an endpoint in the service endpoints.", "type": "object", "required": [ - "cidr", - "hostSubnetLength" + "targetPort" ], "properties": { - "cidr": { - "description": "cidr defines the total range of a cluster networks address space.", - "type": "string", - "default": "" - }, - "hostSubnetLength": { - "description": "hostSubnetLength is the number of bits of the accompanying CIDR address to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pod.", - "type": "integer", - "format": "int64", - "default": 0 + "targetPort": { + "description": "The target port on pods selected by the service this route points to. If this is a string, it will be looked up as a named port in the target endpoints port list. Required", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.DeployerControllerConfig": { + "com.github.openshift.api.route.v1.RouteSetHTTPHeader": { + "description": "RouteSetHTTPHeader specifies what value needs to be set on an HTTP header.", "type": "object", "required": [ - "imageTemplateFormat" + "value" ], "properties": { - "imageTemplateFormat": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ImageConfig" + "value": { + "description": "value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.DockerPullSecretControllerConfig": { + "com.github.openshift.api.route.v1.RouteSpec": { + "description": "RouteSpec describes the hostname or path the route exposes, any security information, and one to four backends (services) the route points to. Requests are distributed among the backends depending on the weights assigned to each backend. When using roundrobin scheduling the portion of requests that go to each backend is the backend weight divided by the sum of all of the backend weights. When the backend has more than one endpoint the requests that end up on the backend are roundrobin distributed among the endpoints. Weights are between 0 and 256 with default 100. Weight 0 causes no requests to the backend. If all weights are zero the route will be considered to have no backends and return a standard 503 response.\n\nThe `tls` field is optional and allows specific certificates or behavior for the route. Routers typically configure a default certificate on a wildcard domain to terminate routes without explicit certificates, but custom hostnames usually must choose passthrough (send traffic directly to the backend via the TLS Server-Name- Indication field) or provide a certificate.", "type": "object", "required": [ - "registryURLs", - "internalRegistryHostname" + "to" ], "properties": { - "internalRegistryHostname": { - "description": "internalRegistryHostname is the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format. Docker pull secrets will be generated for this registry.", - "type": "string", - "default": "" + "alternateBackends": { + "description": "alternateBackends allows up to 3 additional backends to be assigned to the route. Only the Service kind is allowed, and it will be defaulted to Service. Use the weight field in RouteTargetReference object to specify relative preference.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteTargetReference" + }, + "x-kubernetes-list-map-keys": [ + "name", + "kind" + ], + "x-kubernetes-list-type": "map" }, - "registryURLs": { - "description": "registryURLs is a list of urls that the docker pull secrets should be valid for.", + "host": { + "description": "host is an alias/DNS that points to the service. Optional. If not specified a route name will typically be automatically chosen. Must follow DNS952 subdomain conventions.", + "type": "string" + }, + "httpHeaders": { + "description": "httpHeaders defines policy for HTTP headers.", + "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteHTTPHeaders" + }, + "path": { + "description": "path that the router watches for, to route traffic for to the service. Optional", + "type": "string" + }, + "port": { + "description": "If specified, the port to be used by the router. Most routers will use all endpoints exposed by the service by default - set this value to instruct routers which port to use.", + "$ref": "#/definitions/com.github.openshift.api.route.v1.RoutePort" + }, + "subdomain": { + "description": "subdomain is a DNS subdomain that is requested within the ingress controller's domain (as a subdomain). If host is set this field is ignored. An ingress controller may choose to ignore this suggested name, in which case the controller will report the assigned name in the status.ingress array or refuse to admit the route. If this value is set and the server does not support this field host will be populated automatically. Otherwise host is left empty. The field may have multiple parts separated by a dot, but not all ingress controllers may honor the request. This field may not be changed after creation except by a user with the update routes/custom-host permission.\n\nExample: subdomain `frontend` automatically receives the router subdomain `apps.mycluster.com` to have a full hostname `frontend.apps.mycluster.com`.", + "type": "string" + }, + "tls": { + "description": "The tls field provides the ability to configure certificates and termination for the route.", + "$ref": "#/definitions/com.github.openshift.api.route.v1.TLSConfig" + }, + "to": { + "description": "to is an object the route should use as the primary backend. Only the Service kind is allowed, and it will be defaulted to Service. If the weight field (0-256 default 100) is set to zero, no traffic will be sent to this backend.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteTargetReference" + }, + "wildcardPolicy": { + "description": "Wildcard policy if any for the route. Currently only 'Subdomain' or 'None' is allowed.", + "type": "string" + } + } + }, + "com.github.openshift.api.route.v1.RouteStatus": { + "description": "RouteStatus provides relevant info about the status of a route, including which routers acknowledge it.", + "type": "object", + "properties": { + "ingress": { + "description": "ingress describes the places where the route may be exposed. The list of ingress points may contain duplicate Host or RouterName values. Routes are considered live once they are `Ready`", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteIngress" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.FrontProxyConfig": { + "com.github.openshift.api.route.v1.RouteTargetReference": { + "description": "RouteTargetReference specifies the target that resolve into endpoints. Only the 'Service' kind is allowed. Use 'weight' field to emphasize one over others.", "type": "object", "required": [ - "clientCA", - "allowedNames", - "usernameHeaders", - "groupHeaders", - "extraHeaderPrefixes" + "kind", + "name" ], "properties": { - "allowedNames": { - "description": "allowedNames is an optional list of common names to require a match from.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "clientCA": { - "description": "clientCA is a path to the CA bundle to use to verify the common name of the front proxy's client cert", + "kind": { + "description": "The kind of target that the route is referring to. Currently, only 'Service' is allowed", "type": "string", "default": "" }, - "extraHeaderPrefixes": { - "description": "extraHeaderPrefixes is the set of header prefixes to check for user extra", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "groupHeaders": { - "description": "groupHeaders is the set of headers to check for groups", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "name": { + "description": "name of the service/target that is being referred to. e.g. name of the service", + "type": "string", + "default": "" }, - "usernameHeaders": { - "description": "usernameHeaders is the set of headers to check for the username", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "weight": { + "description": "weight as an integer between 0 and 256, default 100, that specifies the target's relative weight against other target reference objects. 0 suppresses requests to this backend.", + "type": "integer", + "format": "int32" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.ImageConfig": { - "description": "ImageConfig holds the necessary configuration options for building image names for system components", + "com.github.openshift.api.route.v1.RouterShard": { + "description": "RouterShard has information of a routing shard and is used to generate host names and routing table entries when a routing shard is allocated for a specific route. Caveat: This is WIP and will likely undergo modifications when sharding support is added.", "type": "object", "required": [ - "format", - "latest" + "shardName", + "dnsSuffix" ], "properties": { - "format": { - "description": "format is the format of the name to be built for the system component", + "dnsSuffix": { + "description": "dnsSuffix for the shard ala: shard-1.v3.openshift.com", "type": "string", "default": "" }, - "latest": { - "description": "latest determines if the latest tag will be pulled from the registry", - "type": "boolean", - "default": false + "shardName": { + "description": "shardName uniquely identifies a router shard in the \"set\" of routers used for routing traffic to the services.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.ImageImportControllerConfig": { + "com.github.openshift.api.route.v1.TLSConfig": { + "description": "TLSConfig defines config used to secure a route and provide termination", "type": "object", "required": [ - "maxScheduledImageImportsPerMinute", - "disableScheduledImport", - "scheduledImageImportMinimumIntervalSeconds" + "termination" ], "properties": { - "disableScheduledImport": { - "description": "disableScheduledImport allows scheduled background import of images to be disabled.", - "type": "boolean", - "default": false + "caCertificate": { + "description": "caCertificate provides the cert authority certificate contents", + "type": "string" }, - "maxScheduledImageImportsPerMinute": { - "description": "maxScheduledImageImportsPerMinute is the maximum number of image streams that will be imported in the background per minute. The default value is 60. Set to -1 for unlimited.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "scheduledImageImportMinimumIntervalSeconds": { - "description": "scheduledImageImportMinimumIntervalSeconds is the minimum number of seconds that can elapse between when image streams scheduled for background import are checked against the upstream repository. The default value is 15 minutes.", - "type": "integer", - "format": "int32", - "default": 0 - } - } - }, - "com.github.openshift.api.openshiftcontrolplane.v1.ImagePolicyConfig": { - "type": "object", - "required": [ - "maxImagesBulkImportedPerRepository", - "allowedRegistriesForImport", - "internalRegistryHostname", - "externalRegistryHostnames", - "additionalTrustedCA" - ], - "properties": { - "additionalTrustedCA": { - "description": "additionalTrustedCA is a path to a pem bundle file containing additional CAs that should be trusted during imagestream import.", - "type": "string", - "default": "" + "certificate": { + "description": "certificate provides certificate contents. This should be a single serving certificate, not a certificate chain. Do not include a CA certificate.", + "type": "string" }, - "allowedRegistriesForImport": { - "description": "allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.RegistryLocation" - } + "destinationCACertificate": { + "description": "destinationCACertificate provides the contents of the ca certificate of the final destination. When using reencrypt termination this file should be provided in order to have routers use it for health checks on the secure connection. If this field is not specified, the router may provide its own destination CA and perform hostname validation using the short service name (service.namespace.svc), which allows infrastructure generated certificates to automatically verify.", + "type": "string" }, - "externalRegistryHostnames": { - "description": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "externalCertificate": { + "description": "externalCertificate provides certificate contents as a secret reference. This should be a single serving certificate, not a certificate chain. Do not include a CA certificate. The secret referenced should be present in the same namespace as that of the Route. Forbidden when `certificate` is set. The router service account needs to be granted with read-only access to this secret, please refer to openshift docs for additional details.", + "$ref": "#/definitions/com.github.openshift.api.route.v1.LocalObjectReference" }, - "imageStreamImportMode": { - "description": "imageStreamImportMode provides the import mode value for imagestreams. It can be `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.If this value is specified, this setting is applied to all newly created imagestreams which do not have the value set.\n\nPossible enum values:\n - `\"Legacy\"` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. This mode is the default.\n - `\"PreserveOriginal\"` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.", - "type": "string", - "default": "", - "enum": [ - "Legacy", - "PreserveOriginal" - ] + "insecureEdgeTerminationPolicy": { + "description": "insecureEdgeTerminationPolicy indicates the desired behavior for insecure connections to a route. While each router may make its own decisions on which ports to expose, this is normally port 80.\n\nIf a route does not specify insecureEdgeTerminationPolicy, then the default behavior is \"None\".\n\n* Allow - traffic is sent to the server on the insecure port (edge/reencrypt terminations only).\n\n* None - no traffic is allowed on the insecure port (default).\n\n* Redirect - clients are redirected to the secure port.", + "type": "string" }, - "internalRegistryHostname": { - "description": "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format.", - "type": "string", - "default": "" + "key": { + "description": "key provides key file contents", + "type": "string" }, - "maxImagesBulkImportedPerRepository": { - "description": "maxImagesBulkImportedPerRepository controls the number of images that are imported when a user does a bulk import of a container repository. This number is set low to prevent users from importing large numbers of images accidentally. Set -1 for no limit.", - "type": "integer", - "format": "int32", - "default": 0 - } - } - }, - "com.github.openshift.api.openshiftcontrolplane.v1.IngressControllerConfig": { - "type": "object", - "required": [ - "ingressIPNetworkCIDR" - ], - "properties": { - "ingressIPNetworkCIDR": { - "description": "ingressIPNetworkCIDR controls the range to assign ingress ips from for services of type LoadBalancer on bare metal. If empty, ingress ips will not be assigned. It may contain a single CIDR that will be allocated from. For security reasons, you should ensure that this range does not overlap with the CIDRs reserved for external ips, nodes, pods, or services.", + "termination": { + "description": "termination indicates the TLS termination type.\n\n* edge - TLS termination is done by the router and http is used to communicate with the backend (default)\n\n* passthrough - Traffic is sent straight to the destination without the router providing TLS termination\n\n* reencrypt - TLS termination is done by the router and https is used to communicate with the backend\n\nNote: passthrough termination is incompatible with httpHeader actions", "type": "string", "default": "" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.JenkinsPipelineConfig": { - "description": "JenkinsPipelineConfig holds configuration for the Jenkins pipeline strategy", + "com.github.openshift.api.samples.v1.Config": { + "description": "Config contains the configuration and detailed condition status for the Samples Operator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "autoProvisionEnabled", - "templateNamespace", - "templateName", - "serviceName", - "parameters" + "metadata", + "spec" ], "properties": { - "autoProvisionEnabled": { - "description": "autoProvisionEnabled determines whether a Jenkins server will be spawned from the provided template when the first build config in the project with type JenkinsPipeline is created. When not specified this option defaults to true.", - "type": "boolean" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "parameters": { - "description": "parameters specifies a set of optional parameters to the Jenkins template.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "serviceName": { - "description": "serviceName is the name of the Jenkins service OpenShift uses to detect whether a Jenkins pipeline handler has already been installed in a project. This value *must* match a service name in the provided template.", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "templateName": { - "description": "templateName is the name of the default Jenkins template", - "type": "string", - "default": "" + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.samples.v1.ConfigSpec" }, - "templateNamespace": { - "description": "templateNamespace contains the namespace name where the Jenkins template is stored", - "type": "string", - "default": "" + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.samples.v1.ConfigStatus" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.NetworkControllerConfig": { - "description": "MasterNetworkConfig to be passed to the compiled in network plugin", + "com.github.openshift.api.samples.v1.ConfigCondition": { + "description": "ConfigCondition captures various conditions of the Config as entries are processed.", "type": "object", "required": [ - "networkPluginName", - "clusterNetworks", - "serviceNetworkCIDR", - "vxlanPort" + "type", + "status" ], "properties": { - "clusterNetworks": { - "description": "clusterNetworks contains a list of cluster networks that defines the global overlay networks L3 space.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ClusterNetworkEntry" - } + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, - "networkPluginName": { + "lastUpdateTime": { + "description": "lastUpdateTime is the last time this condition was updated.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "message": { + "description": "message is a human readable message indicating details about the transition.", + "type": "string" + }, + "reason": { + "description": "reason is what caused the condition's last transition.", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", "type": "string", "default": "" }, - "serviceNetworkCIDR": { + "type": { + "description": "type of condition.", "type": "string", "default": "" - }, - "vxlanPort": { - "type": "integer", - "format": "int64", - "default": 0 } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.OpenShiftAPIServerConfig": { - "description": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.samples.v1.ConfigList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "servingInfo", - "corsAllowedOrigins", - "auditConfig", - "storageConfig", - "admission", - "kubeClientConfig", - "aggregatorConfig", - "imagePolicyConfig", - "projectConfig", - "routingConfig", - "serviceAccountOAuthGrantMethod", - "jenkinsPipelineConfig", - "cloudProviderFile", - "apiServerArguments", - "apiServers" + "metadata", + "items" ], "properties": { - "admission": { - "description": "admissionConfig holds information about how to configure admission.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AdmissionConfig" - }, - "aggregatorConfig": { - "description": "aggregatorConfig contains information about how to verify the aggregator front proxy", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.FrontProxyConfig" - }, - "apiServerArguments": { - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string", - "default": "" - } - } - }, - "apiServers": { - "description": "apiServers holds information about enabled/disabled API servers", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.APIServers" - }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "auditConfig": { - "description": "auditConfig describes how to configure audit information", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AuditConfig" - }, - "cloudProviderFile": { - "description": "cloudProviderFile points to the cloud config file", - "type": "string", - "default": "" - }, - "corsAllowedOrigins": { - "description": "corsAllowedOrigins", + "items": { "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.samples.v1.Config" } }, - "imagePolicyConfig": { - "description": "imagePolicyConfig feeds the image policy admission plugin", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ImagePolicyConfig" - }, - "jenkinsPipelineConfig": { - "description": "jenkinsPipelineConfig holds information about the default Jenkins template used for JenkinsPipeline build strategy.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.JenkinsPipelineConfig" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "kubeClientConfig": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.KubeClientConfig" - }, - "projectConfig": { - "description": "projectConfig feeds an admission plugin", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ProjectConfig" - }, - "routingConfig": { - "description": "routingConfig holds information about routing and route generation", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.RoutingConfig" - }, - "serviceAccountOAuthGrantMethod": { - "description": "serviceAccountOAuthGrantMethod is used for determining client authorization for service account oauth client. It must be either: deny, prompt, or \"\"", - "type": "string", - "default": "" - }, - "servingInfo": { - "description": "servingInfo describes how to start serving", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" - }, - "storageConfig": { - "description": "storageConfig contains information about how to use", + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.EtcdStorageConfig" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.OpenShiftControllerManagerConfig": { - "description": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.samples.v1.ConfigSpec": { + "description": "ConfigSpec contains the desired configuration and state for the Samples Operator, controlling various behavior around the imagestreams and templates it creates/updates in the openshift namespace.", "type": "object", - "required": [ - "servingInfo", - "leaderElection", - "controllers", - "resourceQuota", - "serviceServingCert", - "deployer", - "build", - "serviceAccount", - "dockerPullSecret", - "network", - "ingress", - "imageImport", - "securityAllocator", - "featureGates" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "build": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.BuildControllerConfig" - }, - "controllers": { - "description": "controllers is a list of controllers to enable. '*' enables all on-by-default controllers, 'foo' enables the controller \"+ named 'foo', '-foo' disables the controller named 'foo'. Defaults to \"*\".", + "architectures": { + "description": "architectures determine which hardware architecture(s) to install, where x86_64, ppc64le, and s390x are the only supported choices currently.", "type": "array", "items": { "type": "string", "default": "" } }, - "deployer": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.DeployerControllerConfig" + "managementState": { + "description": "managementState is top level on/off type of switch for all operators. When \"Managed\", this operator processes config and manipulates the samples accordingly. When \"Unmanaged\", this operator ignores any updates to the resources it watches. When \"Removed\", it reacts that same wasy as it does if the Config object is deleted, meaning any ImageStreams or Templates it manages (i.e. it honors the skipped lists) and the registry secret are deleted, along with the ConfigMap in the operator's namespace that represents the last config used to manipulate the samples,", + "type": "string" }, - "dockerPullSecret": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.DockerPullSecretControllerConfig" + "samplesRegistry": { + "description": "samplesRegistry allows for the specification of which registry is accessed by the ImageStreams for their image content. Defaults on the content in https://github.com/openshift/library that are pulled into this github repository, but based on our pulling only ocp content it typically defaults to registry.redhat.io.", + "type": "string" }, - "featureGates": { - "description": "featureGates are the set of extra OpenShift feature gates for openshift-controller-manager. These feature gates can be used to enable features that are tech preview or otherwise not available on OpenShift by default.", + "skippedHelmCharts": { + "description": "skippedHelmCharts specifies names of helm charts that should NOT be managed. Admins can use this to allow them to delete content they don’t want. They will still have to MANUALLY DELETE the content but the operator will not recreate(or update) anything listed here. Few examples of the name of helmcharts which can be skipped are 'redhat-redhat-perl-imagestreams','redhat-redhat-nodejs-imagestreams','redhat-nginx-imagestreams', 'redhat-redhat-ruby-imagestreams','redhat-redhat-python-imagestreams','redhat-redhat-php-imagestreams', 'redhat-httpd-imagestreams','redhat-redhat-dotnet-imagestreams'. Rest of the names can be obtained from openshift console --> helmcharts -->installed helmcharts. This will display the list of all the 12 helmcharts(of imagestreams)being installed by Samples Operator. The skippedHelmCharts must be a valid Kubernetes resource name. May contain only lowercase alphanumeric characters, hyphens and periods, and each period separated segment must begin and end with an alphanumeric character. It must be non-empty and at most 253 characters in length", "type": "array", "items": { "type": "string", "default": "" - } - }, - "imageImport": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ImageImportControllerConfig" - }, - "ingress": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.IngressControllerConfig" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "leaderElection": { - "description": "leaderElection defines the configuration for electing a controller instance to make changes to the cluster. If unspecified, the ControllerTTL value is checked to determine whether the legacy direct etcd election code will be used.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.LeaderElection" - }, - "network": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.NetworkControllerConfig" - }, - "resourceQuota": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ResourceQuotaControllerConfig" - }, - "securityAllocator": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.SecurityAllocator" - }, - "serviceAccount": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ServiceAccountControllerConfig" + }, + "x-kubernetes-list-type": "set" }, - "serviceServingCert": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ServiceServingCert" + "skippedImagestreams": { + "description": "skippedImagestreams specifies names of image streams that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "servingInfo": { - "description": "servingInfo describes how to start serving", - "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" + "skippedTemplates": { + "description": "skippedTemplates specifies names of templates that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.PerGroupOptions": { + "com.github.openshift.api.samples.v1.ConfigStatus": { + "description": "ConfigStatus contains the actual configuration in effect, as well as various details that describe the state of the Samples Operator.", "type": "object", - "required": [ - "name", - "enabledVersions", - "disabledVersions" - ], "properties": { - "disabledVersions": { - "description": "disabledVersions is a list of versions that must be disabled in addition to the defaults. Must not collide with the list of enabled versions", + "architectures": { + "description": "architectures determine which hardware architecture(s) to install, where x86_64 and ppc64le are the supported choices.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "enabledVersions": { - "description": "enabledVersions is a list of versions that must be enabled in addition to the defaults. Must not collide with the list of disabled versions", + "conditions": { + "description": "conditions represents the available maintenance status of the sample imagestreams and templates.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.samples.v1.ConfigCondition" + }, + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, + "managementState": { + "description": "managementState reflects the current operational status of the on/off switch for the operator. This operator compares the ManagementState as part of determining that we are turning the operator back on (i.e. \"Managed\") when it was previously \"Unmanaged\".", + "type": "string", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, + "samplesRegistry": { + "description": "samplesRegistry allows for the specification of which registry is accessed by the ImageStreams for their image content. Defaults on the content in https://github.com/openshift/library that are pulled into this github repository, but based on our pulling only ocp content it typically defaults to registry.redhat.io.", + "type": "string", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, + "skippedImagestreams": { + "description": "skippedImagestreams specifies names of image streams that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "name": { - "description": "name is an API server name (see OpenShiftAPIserverName typed constants for a complete list of available API servers).", + "skippedTemplates": { + "description": "skippedTemplates specifies names of templates that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, + "version": { + "description": "version is the value of the operator's payload based version indicator when it was last successfully processed", "type": "string", - "default": "" + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.ProjectConfig": { + "com.github.openshift.api.security.v1.AllowedFlexVolume": { + "description": "AllowedFlexVolume represents a single Flexvolume that is allowed to be used.", "type": "object", "required": [ - "defaultNodeSelector", - "projectRequestMessage", - "projectRequestTemplate" + "driver" ], "properties": { - "defaultNodeSelector": { - "description": "defaultNodeSelector holds default project node label selector", - "type": "string", - "default": "" - }, - "projectRequestMessage": { - "description": "projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint", - "type": "string", - "default": "" - }, - "projectRequestTemplate": { - "description": "projectRequestTemplate is the template to use for creating projects in response to projectrequest. It is in the format namespace/template and it is optional. If it is not specified, a default template is used.", + "driver": { + "description": "driver is the name of the Flexvolume driver.", "type": "string", "default": "" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.RegistryLocation": { - "description": "RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'.", + "com.github.openshift.api.security.v1.FSGroupStrategyOptions": { + "description": "FSGroupStrategyOptions defines the strategy type and options used to create the strategy.", "type": "object", - "required": [ - "domainName" - ], "properties": { - "domainName": { - "description": "domainName specifies a domain name for the registry In case the registry use non-standard (80 or 443) port, the port should be included in the domain name as well.", - "type": "string", - "default": "" + "ranges": { + "description": "ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.security.v1.IDRange" + }, + "x-kubernetes-list-type": "atomic" }, - "insecure": { - "description": "insecure indicates whether the registry is secure (https) or insecure (http) By default (if not specified) the registry is assumed as secure.", - "type": "boolean" + "type": { + "description": "type is the strategy that will dictate what FSGroup is used in the SecurityContext.", + "type": "string" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.ResourceQuotaControllerConfig": { + "com.github.openshift.api.security.v1.IDRange": { + "description": "IDRange provides a min/max of an allowed range of IDs.", "type": "object", - "required": [ - "concurrentSyncs", - "syncPeriod", - "minResyncPeriod" - ], "properties": { - "concurrentSyncs": { + "max": { + "description": "max is the end of the range, inclusive.", "type": "integer", - "format": "int32", - "default": 0 - }, - "minResyncPeriod": { - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + "format": "int64" }, - "syncPeriod": { - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + "min": { + "description": "min is the start of the range, inclusive.", + "type": "integer", + "format": "int64" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.RoutingConfig": { - "description": "RoutingConfig holds the necessary configuration options for routing to subdomains", - "type": "object", - "required": [ - "subdomain" - ], - "properties": { - "subdomain": { - "description": "subdomain is the suffix appended to $service.$namespace. to form the default route hostname DEPRECATED: This field is being replaced by routers setting their own defaults. This is the \"default\" route.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.openshiftcontrolplane.v1.SecurityAllocator": { - "description": "SecurityAllocator controls the automatic allocation of UIDs and MCS labels to a project. If nil, allocation is disabled.", + "com.github.openshift.api.security.v1.PodSecurityPolicyReview": { + "description": "PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the `PodTemplateSpec` in question.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "uidAllocatorRange", - "mcsAllocatorRange", - "mcsLabelsPerProject" + "spec" ], "properties": { - "mcsAllocatorRange": { - "description": "mcsAllocatorRange defines the range of MCS categories that will be assigned to namespaces. The format is \"/[,]\". The default is \"s0/2\" and will allocate from c0 -> c1023, which means a total of 535k labels are available (1024 choose 2 ~ 535k). If this value is changed after startup, new projects may receive labels that are already allocated to other projects. Prefix may be any valid SELinux set of terms (including user, role, and type), although leaving them as the default will allow the server to set them automatically.\n\nExamples: * s0:/2 - Allocate labels from s0:c0,c0 to s0:c511,c511 * s0:/2,512 - Allocate labels from s0:c0,c0,c0 to s0:c511,c511,511", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "mcsLabelsPerProject": { - "description": "mcsLabelsPerProject defines the number of labels that should be reserved per project. The default is 5 to match the default UID and MCS ranges (100k namespaces, 535k/5 labels).", - "type": "integer", - "format": "int32", - "default": 0 + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "uidAllocatorRange": { - "description": "uidAllocatorRange defines the total set of Unix user IDs (UIDs) that will be allocated to projects automatically, and the size of the block each namespace gets. For example, 1000-1999/10 will allocate ten UIDs per namespace, and will be able to allocate up to 100 blocks before running out of space. The default is to allocate from 1 billion to 2 billion in 10k blocks (which is the expected size of the ranges container images will use once user namespaces are started).", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec is the PodSecurityPolicy to check.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.security.v1.PodSecurityPolicyReviewSpec" + }, + "status": { + "description": "status represents the current information/status for the PodSecurityPolicyReview.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.security.v1.PodSecurityPolicyReviewStatus" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.ServiceAccountControllerConfig": { + "com.github.openshift.api.security.v1.PodSecurityPolicyReviewSpec": { + "description": "PodSecurityPolicyReviewSpec defines specification for PodSecurityPolicyReview", "type": "object", "required": [ - "managedNames" + "template" ], "properties": { - "managedNames": { - "description": "managedNames is a list of service account names that will be auto-created in every namespace. If no names are specified, the ServiceAccountsController will not be started.", + "serviceAccountNames": { + "description": "serviceAccountNames is an optional set of ServiceAccounts to run the check with. If serviceAccountNames is empty, the template.spec.serviceAccountName is used, unless it's empty, in which case \"default\" is used instead. If serviceAccountNames is specified, template.spec.serviceAccountName is ignored.", "type": "array", "items": { "type": "string", "default": "" } - } - } - }, - "com.github.openshift.api.openshiftcontrolplane.v1.ServiceServingCert": { - "description": "ServiceServingCert holds configuration for service serving cert signer which creates cert/key pairs for pods fulfilling a service to serve with.", - "type": "object", - "required": [ - "signer" - ], - "properties": { - "signer": { - "description": "signer holds the signing information used to automatically sign serving certificates. If this value is nil, then certs are not signed automatically.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.CertInfo" - } - } - }, - "com.github.openshift.api.openshiftcontrolplane.v1.SourceStrategyDefaultsConfig": { - "description": "SourceStrategyDefaultsConfig contains values that apply to builds using the source strategy.", - "type": "object", - "properties": { - "incremental": { - "description": "incremental indicates if s2i build strategies should perform an incremental build or not", - "type": "boolean" - } - } - }, - "com.github.openshift.api.operator.v1.AWSCSIDriverConfigSpec": { - "description": "AWSCSIDriverConfigSpec defines properties that can be configured for the AWS CSI driver.", - "type": "object", - "properties": { - "efsVolumeMetrics": { - "description": "efsVolumeMetrics sets the configuration for collecting metrics from EFS volumes used by the EFS CSI Driver.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSEFSVolumeMetrics" - }, - "kmsKeyARN": { - "description": "kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, rather than the default KMS key used by AWS. The value may be either the ARN or Alias ARN of a KMS key.\n\nThe ARN must follow the format: arn::kms:::(key|alias)/, where: is the AWS partition (aws, aws-cn, aws-us-gov, aws-iso, aws-iso-b, aws-iso-e, aws-iso-f, or aws-eusc), is the AWS region, is a 12-digit numeric identifier for the AWS account, is the KMS key ID or alias name.", - "type": "string" - } - } - }, - "com.github.openshift.api.operator.v1.AWSClassicLoadBalancerParameters": { - "description": "AWSClassicLoadBalancerParameters holds configuration parameters for an AWS Classic load balancer.", - "type": "object", - "properties": { - "connectionIdleTimeout": { - "description": "connectionIdleTimeout specifies the maximum time period that a connection may be idle before the load balancer closes the connection. The value must be parseable as a time duration value; see . A nil or zero value means no opinion, in which case a default value is used. The default value for this field is 60s. This default is subject to change.", - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "subnets": { - "description": "subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10.\n\nIn order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values.\n\nWhen omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSSubnets" + "template": { + "description": "template is the PodTemplateSpec to check. The template.spec.serviceAccountName field is used if serviceAccountNames is empty, unless the template.spec.serviceAccountName is empty, in which case \"default\" is used. If serviceAccountNames is specified, template.spec.serviceAccountName is ignored.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.PodTemplateSpec" } } }, - "com.github.openshift.api.operator.v1.AWSEFSVolumeMetrics": { - "description": "AWSEFSVolumeMetrics defines the configuration for volume metrics in the EFS CSI Driver.", + "com.github.openshift.api.security.v1.PodSecurityPolicyReviewStatus": { + "description": "PodSecurityPolicyReviewStatus represents the status of PodSecurityPolicyReview.", "type": "object", - "required": [ - "state" - ], "properties": { - "recursiveWalk": { - "description": "recursiveWalk provides additional configuration for collecting volume metrics in the AWS EFS CSI Driver when the state is set to RecursiveWalk.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSEFSVolumeMetricsRecursiveWalkConfig" - }, - "state": { - "description": "state defines the state of metric collection in the AWS EFS CSI Driver. This field is required and must be set to one of the following values: Disabled or RecursiveWalk. Disabled means no metrics collection will be performed. This is the default value. RecursiveWalk means the AWS EFS CSI Driver will recursively scan volumes to collect metrics. This process may result in high CPU and memory usage, depending on the volume size.", - "type": "string", - "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "state", - "fields-to-discriminateBy": { - "recursiveWalk": "RecursiveWalk" + "allowedServiceAccounts": { + "description": "allowedServiceAccounts returns the list of service accounts in *this* namespace that have the power to create the PodTemplateSpec.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.security.v1.ServiceAccountPodSecurityPolicyReviewStatus" } } - ] - }, - "com.github.openshift.api.operator.v1.AWSEFSVolumeMetricsRecursiveWalkConfig": { - "description": "AWSEFSVolumeMetricsRecursiveWalkConfig defines options for volume metrics in the EFS CSI Driver.", - "type": "object", - "properties": { - "fsRateLimit": { - "description": "fsRateLimit defines the rate limit, in goroutines per file system, for processing volume metrics. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 5. The valid range is from 1 to 100 goroutines.", - "type": "integer", - "format": "int32" - }, - "refreshPeriodMinutes": { - "description": "refreshPeriodMinutes specifies the frequency, in minutes, at which volume metrics are refreshed. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 240. The valid range is from 1 to 43200 minutes (30 days).", - "type": "integer", - "format": "int32" - } } }, - "com.github.openshift.api.operator.v1.AWSLoadBalancerParameters": { - "description": "AWSLoadBalancerParameters provides configuration settings that are specific to AWS load balancers.", + "com.github.openshift.api.security.v1.PodSecurityPolicySelfSubjectReview": { + "description": "PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodTemplateSpec\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "type" + "spec" ], "properties": { - "classicLoadBalancer": { - "description": "classicLoadBalancerParameters holds configuration parameters for an AWS classic load balancer. Present only if type is Classic.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSClassicLoadBalancerParameters" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "networkLoadBalancer": { - "description": "networkLoadBalancerParameters holds configuration parameters for an AWS network load balancer. Present only if type is NLB.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSNetworkLoadBalancerParameters" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "type": { - "description": "type is the type of AWS load balancer to instantiate for an ingresscontroller.\n\nValid values are:\n\n* \"Classic\": A Classic Load Balancer that makes routing decisions at either\n the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See\n the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb\n\n* \"NLB\": A Network Load Balancer that makes routing decisions at the\n transport layer (TCP/SSL). See the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb", - "type": "string", - "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "classicLoadBalancer": "ClassicLoadBalancerParameters", - "networkLoadBalancer": "NetworkLoadBalancerParameters" - } - } - ] - }, - "com.github.openshift.api.operator.v1.AWSNetworkLoadBalancerParameters": { - "description": "AWSNetworkLoadBalancerParameters holds configuration parameters for an AWS Network load balancer. For Example: Setting AWS EIPs https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html", - "type": "object", - "properties": { - "eipAllocations": { - "description": "eipAllocations is a list of IDs for Elastic IP (EIP) addresses that are assigned to the Network Load Balancer. The following restrictions apply:\n\neipAllocations can only be used with external scope, not internal. An EIP can be allocated to only a single IngressController. The number of EIP allocations must match the number of subnets that are used for the load balancer. Each EIP allocation must be unique. A maximum of 10 EIP allocations are permitted.\n\nSee https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general information about configuration, characteristics, and limitations of Elastic IP addresses.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "subnets": { - "description": "subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10.\n\nIn order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values.\n\nWhen omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSSubnets" + "spec": { + "description": "spec defines specification the PodSecurityPolicySelfSubjectReview.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.security.v1.PodSecurityPolicySelfSubjectReviewSpec" + }, + "status": { + "description": "status represents the current information/status for the PodSecurityPolicySelfSubjectReview.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewStatus" } } }, - "com.github.openshift.api.operator.v1.AWSSubnets": { - "description": "AWSSubnets contains a list of references to AWS subnets by ID or name.", + "com.github.openshift.api.security.v1.PodSecurityPolicySelfSubjectReviewSpec": { + "description": "PodSecurityPolicySelfSubjectReviewSpec contains specification for PodSecurityPolicySelfSubjectReview.", "type": "object", + "required": [ + "template" + ], "properties": { - "ids": { - "description": "ids specifies a list of AWS subnets by subnet ID. Subnet IDs must start with \"subnet-\", consist only of alphanumeric characters, must be exactly 24 characters long, must be unique, and the total number of subnets specified by ids and names must not exceed 10.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "names": { - "description": "names specifies a list of AWS subnets by subnet name. Subnet names must not start with \"subnet-\", must not include commas, must be under 256 characters in length, must be unique, and the total number of subnets specified by ids and names must not exceed 10.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "template": { + "description": "template is the PodTemplateSpec to check.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.PodTemplateSpec" } } }, - "com.github.openshift.api.operator.v1.AccessLogging": { - "description": "AccessLogging describes how client requests should be logged.", + "com.github.openshift.api.security.v1.PodSecurityPolicySubjectReview": { + "description": "PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "destination" + "spec" ], "properties": { - "destination": { - "description": "destination is where access logs go.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.LoggingDestination" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "httpCaptureCookies": { - "description": "httpCaptureCookies specifies HTTP cookies that should be captured in access logs. If this field is empty, no cookies are captured.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookie" - }, - "x-kubernetes-list-type": "atomic" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "httpCaptureHeaders": { - "description": "httpCaptureHeaders defines HTTP headers that should be captured in access logs. If this field is empty, no headers are captured.\n\nNote that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be captured for TLS passthrough connections.", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeaders" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "httpLogFormat": { - "description": "httpLogFormat specifies the format of the log message for an HTTP request.\n\nIf this field is empty, log messages use the implementation's default HTTP log format. For HAProxy's default HTTP log format, see the HAProxy documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3\n\nNote that this format only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). It does not affect the log format for TLS passthrough connections.", - "type": "string" + "spec": { + "description": "spec defines specification for the PodSecurityPolicySubjectReview.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewSpec" }, - "logEmptyRequests": { - "description": "logEmptyRequests specifies how connections on which no request is received should be logged. Typically, these empty requests come from load balancers' health probes or Web browsers' speculative connections (\"preconnect\"), in which case logging these requests may be undesirable. However, these requests may also be caused by network errors, in which case logging empty requests may be useful for diagnosing the errors. In addition, these requests may be caused by port scans, in which case logging empty requests may aid in detecting intrusion attempts. Allowed values for this field are \"Log\" and \"Ignore\". The default value is \"Log\".", - "type": "string" + "status": { + "description": "status represents the current information/status for the PodSecurityPolicySubjectReview.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewStatus" } } }, - "com.github.openshift.api.operator.v1.AddPage": { - "description": "AddPage allows customizing actions on the Add page in developer perspective.", + "com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewSpec": { + "description": "PodSecurityPolicySubjectReviewSpec defines specification for PodSecurityPolicySubjectReview", "type": "object", + "required": [ + "template" + ], "properties": { - "disabledActions": { - "description": "disabledActions is a list of actions that are not shown to users. Each action in the list is represented by its ID.", + "groups": { + "description": "groups is the groups you're testing for.", "type": "array", "items": { "type": "string", "default": "" } - } - } - }, - "com.github.openshift.api.operator.v1.AdditionalNetworkDefinition": { - "description": "AdditionalNetworkDefinition configures an extra network that is available but not created by default. Instead, pods must request them by name. type must be specified, along with exactly one \"Config\" that matches the type.", - "type": "object", - "required": [ - "type", - "name" - ], - "properties": { - "name": { - "description": "name is the name of the network. This will be populated in the resulting CRD This must be unique.", - "type": "string", - "default": "" }, - "namespace": { - "description": "namespace is the namespace of the network. This will be populated in the resulting CRD If not given the network will be created in the default namespace.", - "type": "string" + "template": { + "description": "template is the PodTemplateSpec to check. If template.spec.serviceAccountName is empty it will not be defaulted. If its non-empty, it will be checked.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.PodTemplateSpec" }, - "rawCNIConfig": { - "description": "rawCNIConfig is the raw CNI configuration json to create in the NetworkAttachmentDefinition CRD", + "user": { + "description": "user is the user you're testing for. If you specify \"user\" but not \"group\", then is it interpreted as \"What if user were not a member of any groups. If user and groups are empty, then the check is performed using *only* the serviceAccountName in the template.", "type": "string" - }, - "simpleMacvlanConfig": { - "description": "simpleMacvlanConfig configures the macvlan interface in case of type:NetworkTypeSimpleMacvlan", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.SimpleMacvlanConfig" - }, - "type": { - "description": "type is the type of network The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan", - "type": "string", - "default": "" } } }, - "com.github.openshift.api.operator.v1.AdditionalRoutingCapabilities": { - "description": "AdditionalRoutingCapabilities describes components and relevant configuration providing advanced routing capabilities.", + "com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewStatus": { + "description": "PodSecurityPolicySubjectReviewStatus contains information/status for PodSecurityPolicySubjectReview.", "type": "object", - "required": [ - "providers" - ], "properties": { - "providers": { - "description": "providers is a set of enabled components that provide additional routing capabilities. Entries on this list must be unique. The only valid value is currrently \"FRR\" which provides FRR routing capabilities through the deployment of FRR.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "allowedBy": { + "description": "allowedBy is a reference to the rule that allows the PodTemplateSpec. A rule can be a SecurityContextConstraint or a PodSecurityPolicy A `nil`, indicates that it was denied.", + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + }, + "reason": { + "description": "A machine-readable description of why this operation is in the \"Failure\" status. If this value is empty there is no information available.", + "type": "string" + }, + "template": { + "description": "template is the PodTemplateSpec after the defaulting is applied.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.PodTemplateSpec" } } }, - "com.github.openshift.api.operator.v1.Authentication": { - "description": "Authentication provides information to configure an operator to manage authentication.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.security.v1.RangeAllocation": { + "description": "RangeAllocation is used so we can easily expose a RangeAllocation typed for security group\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "spec" + "range", + "data" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "data": { + "description": "data is a byte array representing the serialized state of a range allocation. It is a bitmap with each bit set to one to represent a range is taken.", + "type": "string", + "format": "byte" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -40939,23 +39285,19 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AuthenticationSpec" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "status": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AuthenticationStatus" + "range": { + "description": "range is a string representing a unique label for a range of uids, \"1000000000-2000000000/10000\".", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.AuthenticationList": { - "description": "AuthenticationList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.security.v1.RangeAllocationList": { + "description": "RangeAllocationList is a list of RangeAllocations objects\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -40964,10 +39306,11 @@ "type": "string" }, "items": { + "description": "List of RangeAllocations.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Authentication" + "$ref": "#/definitions/com.github.openshift.api.security.v1.RangeAllocation" } }, "kind": { @@ -40977,266 +39320,168 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1.AuthenticationSpec": { + "com.github.openshift.api.security.v1.RunAsUserStrategyOptions": { + "description": "RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.", "type": "object", - "required": [ - "managementState" - ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "type": "string", - "default": "" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" - }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": { + "description": "type is the strategy that will dictate what RunAsUser is used in the SecurityContext.", "type": "string" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.operator.v1.AuthenticationStatus": { - "type": "object", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "uid": { + "description": "uid is the user id that containers must run as. Required for the MustRunAs strategy if not using namespace/service account allocated uids.", "type": "integer", - "format": "int32" - }, - "oauthAPIServer": { - "description": "oauthAPIServer holds status specific only to oauth-apiserver", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OAuthAPIServerStatus" + "format": "int64" }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", + "uidRangeMax": { + "description": "uidRangeMax defines the max value for a strategy that allocates by range.", "type": "integer", "format": "int64" }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "uidRangeMin": { + "description": "uidRangeMin defines the min value for a strategy that allocates by range.", "type": "integer", - "format": "int32", - "default": 0 - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + "format": "int64" } } }, - "com.github.openshift.api.operator.v1.AzureCSIDriverConfigSpec": { - "description": "AzureCSIDriverConfigSpec defines properties that can be configured for the Azure CSI driver.", + "com.github.openshift.api.security.v1.SELinuxContextStrategyOptions": { + "description": "SELinuxContextStrategyOptions defines the strategy type and any options used to create the strategy.", "type": "object", "properties": { - "diskEncryptionSet": { - "description": "diskEncryptionSet sets the cluster default storage class to encrypt volumes with a customer-managed encryption set, rather than the default platform-managed keys.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AzureDiskEncryptionSet" + "seLinuxOptions": { + "description": "seLinuxOptions required to run as; required for MustRunAs", + "$ref": "#/definitions/io.k8s.api.core.v1.SELinuxOptions" + }, + "type": { + "description": "type is the strategy that will dictate what SELinux context is used in the SecurityContext.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.AzureDiskEncryptionSet": { - "description": "AzureDiskEncryptionSet defines the configuration for a disk encryption set.", + "com.github.openshift.api.security.v1.SecurityContextConstraints": { + "description": "SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "subscriptionID", - "resourceGroup", - "name" + "priority", + "allowPrivilegedContainer", + "defaultAddCapabilities", + "requiredDropCapabilities", + "allowedCapabilities", + "allowHostDirVolumePlugin", + "volumes", + "allowHostNetwork", + "allowHostPorts", + "allowHostPID", + "allowHostIPC", + "readOnlyRootFilesystem" ], "properties": { - "name": { - "description": "name is the name of the disk encryption set that will be set on the default storage class. The value should consist of only alphanumberic characters, underscores (_), hyphens, and be at most 80 characters in length.", - "type": "string", - "default": "" + "allowHostDirVolumePlugin": { + "description": "allowHostDirVolumePlugin determines if the policy allow containers to use the HostDir volume plugin", + "type": "boolean", + "default": false }, - "resourceGroup": { - "description": "resourceGroup defines the Azure resource group that contains the disk encryption set. The value should consist of only alphanumberic characters, underscores (_), parentheses, hyphens and periods. The value should not end in a period and be at most 90 characters in length.", - "type": "string", - "default": "" - }, - "subscriptionID": { - "description": "subscriptionID defines the Azure subscription that contains the disk encryption set. The value should meet the following conditions: 1. It should be a 128-bit number. 2. It should be 36 characters (32 hexadecimal characters and 4 hyphens) long. 3. It should be displayed in five groups separated by hyphens (-). 4. The first group should be 8 characters long. 5. The second, third, and fourth groups should be 4 characters long. 6. The fifth group should be 12 characters long. An Example SubscrionID: f2007bbf-f802-4a47-9336-cf7c6b89b378", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.operator.v1.BGPManagedConfig": { - "description": "BGPManagedConfig contains configuration options for BGP when routing is \"Managed\".", - "type": "object", - "required": [ - "bgpTopology" - ], - "properties": { - "asNumber": { - "description": "asNumber is the 2-byte or 4-byte Autonomous System Number (ASN) to be used in the generated FRR configuration. Valid values are 1 to 4294967295. When omitted, this defaults to 64512.", - "type": "integer", - "format": "int64", - "default": 64512 + "allowHostIPC": { + "description": "allowHostIPC determines if the policy allows host ipc in the containers.", + "type": "boolean", + "default": false }, - "bgpTopology": { - "description": "bgpTopology defines the BGP topology to be used. Allowed values are \"FullMesh\". When set to \"FullMesh\", every node peers directly with every other node via BGP. This field is required when BGPManagedConfig is specified.", - "type": "string" - } - } - }, - "com.github.openshift.api.operator.v1.BootImageSkewEnforcementConfig": { - "description": "BootImageSkewEnforcementConfig is used to configure how boot image version skew is enforced on the cluster.", - "type": "object", - "required": [ - "mode" - ], - "properties": { - "manual": { - "description": "manual describes the current boot image of the cluster. This should be set to the oldest boot image used amongst all machine resources in the cluster. This must include either the RHCOS version of the boot image or the OCP release version which shipped with that RHCOS boot image. Required when mode is set to \"Manual\" and forbidden otherwise.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterBootImageManual" + "allowHostNetwork": { + "description": "allowHostNetwork determines if the policy allows the use of HostNetwork in the pod spec.", + "type": "boolean", + "default": false }, - "mode": { - "description": "mode determines the underlying behavior of skew enforcement mechanism. Valid values are Manual and None. Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP & RHCOS version associated with the last boot image update in the manual field. In Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the skew limit described by the release image. None means that the MCO will no longer monitor the boot image skew. This may affect the cluster's ability to scale. This field is required.", - "type": "string" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "mode", - "fields-to-discriminateBy": { - "manual": "Manual" - } - } - ] - }, - "com.github.openshift.api.operator.v1.BootImageSkewEnforcementStatus": { - "description": "BootImageSkewEnforcementStatus is the type for the status object. It represents the cluster defaults when the boot image skew enforcement configuration is undefined and reflects the actual configuration when it is defined.", - "type": "object", - "required": [ - "mode" - ], - "properties": { - "automatic": { - "description": "automatic describes the current boot image of the cluster. This will be populated by the MCO when performing boot image updates. This value will be compared against the cluster's skew limit to determine skew compliance. Required when mode is set to \"Automatic\" and forbidden otherwise.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterBootImageAutomatic" + "allowHostPID": { + "description": "allowHostPID determines if the policy allows host pid in the containers.", + "type": "boolean", + "default": false }, - "manual": { - "description": "manual describes the current boot image of the cluster. This will be populated by the MCO using the values provided in the spec.bootImageSkewEnforcement.manual field. This value will be compared against the cluster's skew limit to determine skew compliance. Required when mode is set to \"Manual\" and forbidden otherwise.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterBootImageManual" + "allowHostPorts": { + "description": "allowHostPorts determines if the policy allows host ports in the containers.", + "type": "boolean", + "default": false }, - "mode": { - "description": "mode determines the underlying behavior of skew enforcement mechanism. Valid values are Automatic, Manual and None. Automatic means that the MCO will perform boot image updates and store the OCP & RHCOS version associated with the last boot image update in the automatic field. Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP & RHCOS version associated with the last boot image update in the manual field. In Automatic and Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the skew limit described by the release image. None means that the MCO will no longer monitor the boot image skew. This may affect the cluster's ability to scale. This field is required.", - "type": "string" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "mode", - "fields-to-discriminateBy": { - "automatic": "Automatic", - "manual": "Manual" - } - } - ] - }, - "com.github.openshift.api.operator.v1.CSIDriverConfigSpec": { - "description": "CSIDriverConfigSpec defines configuration spec that can be used to optionally configure a specific CSI Driver.", - "type": "object", - "required": [ - "driverType" - ], - "properties": { - "aws": { - "description": "aws is used to configure the AWS CSI driver.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSCSIDriverConfigSpec" + "allowPrivilegeEscalation": { + "description": "allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.", + "type": "boolean" }, - "azure": { - "description": "azure is used to configure the Azure CSI driver.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AzureCSIDriverConfigSpec" + "allowPrivilegedContainer": { + "description": "allowPrivilegedContainer determines if a container can request to be run as privileged.", + "type": "boolean", + "default": false }, - "driverType": { - "description": "driverType indicates type of CSI driver for which the driverConfig is being applied to. Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. Consumers should treat unknown values as a NO-OP.", - "type": "string", - "default": "" + "allowedCapabilities": { + "description": "allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field maybe added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities. To allow all capabilities you may use '*'.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "gcp": { - "description": "gcp is used to configure the GCP CSI driver.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GCPCSIDriverConfigSpec" + "allowedFlexVolumes": { + "description": "allowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the \"Volumes\" field.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.security.v1.AllowedFlexVolume" + }, + "x-kubernetes-list-type": "atomic" }, - "ibmcloud": { - "description": "ibmcloud is used to configure the IBM Cloud CSI driver.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IBMCloudCSIDriverConfigSpec" + "allowedUnsafeSysctls": { + "description": "allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.\n\nExamples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "vSphere": { - "description": "vSphere is used to configure the vsphere CSI driver.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.VSphereCSIDriverConfigSpec" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "driverType", - "fields-to-discriminateBy": { - "aws": "AWS", - "azure": "Azure", - "gcp": "GCP", - "ibmcloud": "IBMCloud", - "vSphere": "VSphere" - } - } - ] - }, - "com.github.openshift.api.operator.v1.CSISnapshotController": { - "description": "CSISnapshotController provides a means to configure an operator to manage the CSI snapshots. `cluster` is the canonical name.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "spec" - ], - "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "defaultAddCapabilities": { + "description": "defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "defaultAllowPrivilegeEscalation": { + "description": "defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.", + "type": "boolean" + }, + "forbiddenSysctls": { + "description": "forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.\n\nExamples: e.g. \"foo/*\" forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", \"foo.baz\", etc.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "fsGroup": { + "description": "fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.security.v1.FSGroupStrategyOptions" + }, + "groups": { + "description": "The groups that have permission to use this security context constraints", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -41244,22 +39489,78 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "spec": { - "description": "spec holds user settable values for configuration", + "priority": { + "description": "priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields. The higher the int, the higher priority. An unset value is considered a 0 priority. If scores for multiple SCCs are equal they will be sorted from most restrictive to least restrictive. If both priorities and restrictions are equal the SCCs will be sorted by name.", + "type": "integer", + "format": "int32" + }, + "readOnlyRootFilesystem": { + "description": "readOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the SCC should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.", + "type": "boolean", + "default": false + }, + "requiredDropCapabilities": { + "description": "requiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "runAsUser": { + "description": "runAsUser is the strategy that will dictate what RunAsUser is used in the SecurityContext.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.CSISnapshotControllerSpec" + "$ref": "#/definitions/com.github.openshift.api.security.v1.RunAsUserStrategyOptions" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", + "seLinuxContext": { + "description": "seLinuxContext is the strategy that will dictate what labels will be set in the SecurityContext.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.CSISnapshotControllerStatus" + "$ref": "#/definitions/com.github.openshift.api.security.v1.SELinuxContextStrategyOptions" + }, + "seccompProfiles": { + "description": "seccompProfiles lists the allowed profiles that may be set for the pod or container's seccomp annotations. An unset (nil) or empty value means that no profiles may be specifid by the pod or container.\tThe wildcard '*' may be used to allow all profiles. When used to generate a value for a pod the first non-wildcard profile will be used as the default.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "supplementalGroups": { + "description": "supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.security.v1.SupplementalGroupsStrategyOptions" + }, + "userNamespaceLevel": { + "description": "userNamespaceLevel determines if the policy allows host users in containers. Valid values are \"AllowHostLevel\", \"RequirePodLevel\", and omitted. When \"AllowHostLevel\" is set, a pod author may set `hostUsers` to either `true` or `false`. When \"RequirePodLevel\" is set, a pod author must set `hostUsers` to `false`. When omitted, the default value is \"AllowHostLevel\".", + "type": "string", + "default": "AllowHostLevel" + }, + "users": { + "description": "The users who have permissions to use this security context constraints", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "volumes": { + "description": "volumes is a white list of allowed volume plugins. FSType corresponds directly with the field names of a VolumeSource (azureFile, configMap, emptyDir). To allow all volumes you may use \"*\". To allow no volumes, set to [\"none\"].", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.operator.v1.CSISnapshotControllerList": { - "description": "CSISnapshotControllerList contains a list of CSISnapshotControllers.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.security.v1.SecurityContextConstraintsList": { + "description": "SecurityContextConstraintsList is a list of SecurityContextConstraints objects\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "items" @@ -41270,10 +39571,11 @@ "type": "string" }, "items": { + "description": "List of security context constraints.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.CSISnapshotController" + "$ref": "#/definitions/com.github.openshift.api.security.v1.SecurityContextConstraints" } }, "kind": { @@ -41283,167 +39585,126 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1.CSISnapshotControllerSpec": { - "description": "CSISnapshotControllerSpec is the specification of the desired behavior of the CSISnapshotController operator.", + "com.github.openshift.api.security.v1.ServiceAccountPodSecurityPolicyReviewStatus": { + "description": "ServiceAccountPodSecurityPolicyReviewStatus represents ServiceAccount name and related review status", "type": "object", "required": [ - "managementState" + "name" ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "allowedBy": { + "description": "allowedBy is a reference to the rule that allows the PodTemplateSpec. A rule can be a SecurityContextConstraint or a PodSecurityPolicy A `nil`, indicates that it was denied.", + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "name": { + "description": "name contains the allowed and the denied ServiceAccount name", "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" - }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "reason": { + "description": "A machine-readable description of why this operation is in the \"Failure\" status. If this value is empty there is no information available.", "type": "string" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "template": { + "description": "template is the PodTemplateSpec after the defaulting is applied.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.PodTemplateSpec" } } }, - "com.github.openshift.api.operator.v1.CSISnapshotControllerStatus": { - "description": "CSISnapshotControllerStatus defines the observed status of the CSISnapshotController operator.", + "com.github.openshift.api.security.v1.SupplementalGroupsStrategyOptions": { + "description": "SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.", "type": "object", "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "ranges": { + "description": "ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + "$ref": "#/definitions/com.github.openshift.api.security.v1.IDRange" }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "x-kubernetes-list-type": "atomic" }, - "version": { - "description": "version is the level this availability applies to", + "type": { + "description": "type is the strategy that will dictate what supplemental groups is used in the SecurityContext.", "type": "string" } } }, - "com.github.openshift.api.operator.v1.Capability": { - "description": "Capabilities contains set of UI capabilities and their state in the console UI.", + "com.github.openshift.api.securityinternal.v1.RangeAllocation": { + "description": "RangeAllocation is used so we can easily expose a RangeAllocation typed for security group This is an internal API, not intended for external consumption.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "name", - "visibility" + "range", + "data" ], "properties": { - "name": { - "description": "name is the unique name of a capability. Available capabilities are LightspeedButton, GettingStartedBanner, and GuidedTour.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "data": { + "description": "data is a byte array representing the serialized state of a range allocation. It is a bitmap with each bit set to one to represent a range is taken.", "type": "string", - "default": "" + "format": "byte" }, - "visibility": { - "description": "visibility defines the visibility state of the capability.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.CapabilityVisibility" - } - } - }, - "com.github.openshift.api.operator.v1.CapabilityVisibility": { - "description": "CapabilityVisibility defines the criteria to enable/disable a capability.", - "type": "object", - "required": [ - "state" - ], - "properties": { - "state": { - "description": "state defines if the capability is enabled or disabled in the console UI. Enabling the capability in the console UI is represented by the \"Enabled\" value. Disabling the capability in the console UI is represented by the \"Disabled\" value.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "range": { + "description": "range is a string representing a unique label for a range of uids, \"1000000000-2000000000/10000\".", "type": "string", "default": "" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "state", - "fields-to-discriminateBy": {} - } - ] + } }, - "com.github.openshift.api.operator.v1.ClientTLS": { - "description": "ClientTLS specifies TLS configuration to enable client-to-server authentication, which can be used for mutual TLS.", + "com.github.openshift.api.securityinternal.v1.RangeAllocationList": { + "description": "RangeAllocationList is a list of RangeAllocations objects This is an internal API, not intended for external consumption.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "clientCertificatePolicy", - "clientCA" + "items" ], "properties": { - "allowedSubjectPatterns": { - "description": "allowedSubjectPatterns specifies a list of regular expressions that should be matched against the distinguished name on a valid client certificate to filter requests. The regular expressions must use PCRE syntax. If this list is empty, no filtering is performed. If the list is nonempty, then at least one pattern must match a client certificate's distinguished name or else the ingress controller rejects the certificate and denies the connection.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of RangeAllocations.", "type": "array", "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.securityinternal.v1.RangeAllocation" + } }, - "clientCA": { - "description": "clientCA specifies a configmap containing the PEM-encoded CA certificate bundle that should be used to verify a client's certificate. The administrator must create this configmap in the openshift-config namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "clientCertificatePolicy": { - "description": "clientCertificatePolicy specifies whether the ingress controller requires clients to provide certificates. This field accepts the values \"Required\" or \"Optional\".\n\nNote that the ingress controller only checks client certificates for edge-terminated and reencrypt TLS routes; it cannot check certificates for cleartext HTTP or passthrough TLS routes.", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1.CloudCredential": { - "description": "CloudCredential provides a means to configure an operator to manage CredentialsRequests.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfig": { + "description": "ServiceCertSignerOperatorConfig provides information to configure an operator to manage the service cert signing controllers\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "spec" + "metadata", + "spec", + "status" ], "properties": { "apiVersion": { @@ -41457,23 +39718,22 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.CloudCredentialSpec" + "$ref": "#/definitions/com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfigSpec" }, "status": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.CloudCredentialStatus" + "$ref": "#/definitions/com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfigStatus" } } }, - "com.github.openshift.api.operator.v1.CloudCredentialList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfigList": { + "description": "ServiceCertSignerOperatorConfigList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -41482,10 +39742,11 @@ "type": "string" }, "items": { + "description": "items contains the items", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.CloudCredential" + "$ref": "#/definitions/com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfig" } }, "kind": { @@ -41495,21 +39756,16 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1.CloudCredentialSpec": { - "description": "CloudCredentialSpec is the specification of the desired behavior of the cloud-credential-operator.", + "com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfigSpec": { "type": "object", "required": [ "managementState" ], "properties": { - "credentialsMode": { - "description": "credentialsMode allows informing CCO that it should not attempt to dynamically determine the root cloud credentials capabilities, and it should just run in the specified mode. It also allows putting the operator into \"manual\" mode if desired. Leaving the field in default mode runs CCO so that the cluster's cloud credentials will be dynamically probed for capabilities (on supported clouds/platforms). Supported modes:\n AWS/Azure/GCP: \"\" (Default), \"Mint\", \"Passthrough\", \"Manual\"\n Others: Do not set value as other platforms only support running in \"Passthrough\"", - "type": "string" - }, "logLevel": { "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" @@ -41521,7 +39777,7 @@ }, "observedConfig": { "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, "operatorLogLevel": { "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", @@ -41529,12 +39785,11 @@ }, "unsupportedConfigOverrides": { "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } } }, - "com.github.openshift.api.operator.v1.CloudCredentialStatus": { - "description": "CloudCredentialStatus defines the observed status of the cloud-credential-operator.", + "com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfigStatus": { "type": "object", "properties": { "conditions": { @@ -41586,52 +39841,125 @@ } } }, - "com.github.openshift.api.operator.v1.ClusterBootImageAutomatic": { - "description": "ClusterBootImageAutomatic is used to describe the cluster boot image in Automatic mode. It stores the RHCOS version of the boot image and the OCP release version which shipped with that RHCOS boot image. At least one of these values are required. If ocpVersion and rhcosVersion are defined, both values will be used for checking skew compliance. If only ocpVersion is defined, only that value will be used for checking skew compliance. If only rhcosVersion is defined, only that value will be used for checking skew compliance.", + "com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMap": { + "description": "SharedConfigMap allows a ConfigMap to be shared across namespaces. Pods can mount the shared ConfigMap by adding a CSI volume to the pod specification using the \"csi.sharedresource.openshift.io\" CSI driver and a reference to the SharedConfigMap in the volume attributes:\n\nspec:\n\n\tvolumes:\n\t- name: shared-configmap\n\t csi:\n\t driver: csi.sharedresource.openshift.io\n\t volumeAttributes:\n\t sharedConfigMap: my-share\n\nFor the mount to be successful, the pod's service account must be granted permission to 'use' the named SharedConfigMap object within its namespace with an appropriate Role and RoleBinding. For compactness, here are example `oc` invocations for creating such Role and RoleBinding objects.\n\n\t`oc create role shared-resource-my-share --verb=use --resource=sharedconfigmaps.sharedresource.openshift.io --resource-name=my-share`\n\t`oc create rolebinding shared-resource-my-share --role=shared-resource-my-share --serviceaccount=my-namespace:default`\n\nShared resource objects, in this case ConfigMaps, have default permissions of list, get, and watch for system authenticated users.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "spec" + ], "properties": { - "ocpVersion": { - "description": "ocpVersion provides a string which represents the OCP version of the boot image. This field must match the OCP semver compatible format of x.y.z. This field must be between 5 and 10 characters long.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "rhcosVersion": { - "description": "rhcosVersion provides a string which represents the RHCOS version of the boot image This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between 14 and 21 characters long.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec is the specification of the desired shared configmap", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapSpec" + }, + "status": { + "description": "status is the observed status of the shared configmap", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapStatus" } } }, - "com.github.openshift.api.operator.v1.ClusterBootImageManual": { - "description": "ClusterBootImageManual is used to describe the cluster boot image in Manual mode.", + "com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapList": { + "description": "SharedConfigMapList contains a list of SharedConfigMap objects.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "mode" + "items" ], "properties": { - "mode": { - "description": "mode is used to configure which boot image field is defined in Manual mode. Valid values are OCPVersion and RHCOSVersion. OCPVersion means that the cluster admin is expected to set the OCP version associated with the last boot image update in the OCPVersion field. RHCOSVersion means that the cluster admin is expected to set the RHCOS version associated with the last boot image update in the RHCOSVersion field. This field is required.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "ocpVersion": { - "description": "ocpVersion provides a string which represents the OCP version of the boot image. This field must match the OCP semver compatible format of x.y.z. This field must be between 5 and 10 characters long. Required when mode is set to \"OCPVersion\" and forbidden otherwise.", + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMap" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "rhcosVersion": { - "description": "rhcosVersion provides a string which represents the RHCOS version of the boot image This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between 14 and 21 characters long. Required when mode is set to \"RHCOSVersion\" and forbidden otherwise.", + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + } + }, + "com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapReference": { + "description": "SharedConfigMapReference contains information about which ConfigMap to share", + "type": "object", + "required": [ + "name", + "namespace" + ], + "properties": { + "name": { + "description": "name represents the name of the ConfigMap that is being referenced.", + "type": "string", + "default": "" + }, + "namespace": { + "description": "namespace represents the namespace where the referenced ConfigMap is located.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapSpec": { + "description": "SharedConfigMapSpec defines the desired state of a SharedConfigMap", + "type": "object", + "required": [ + "configMapRef" + ], + "properties": { + "configMapRef": { + "description": "configMapRef is a reference to the ConfigMap to share", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapReference" + }, + "description": { + "description": "description is a user readable explanation of what the backing resource provides.", "type": "string" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "mode", - "fields-to-discriminateBy": { - "ocpVersion": "OCPVersion", - "rhcosVersion": "RHCOSVersion" - } + } + }, + "com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapStatus": { + "description": "SharedSecretStatus contains the observed status of the shared resource", + "type": "object", + "properties": { + "conditions": { + "description": "conditions represents any observations made on this particular shared resource by the underlying CSI driver or Share controller.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" } - ] + } }, - "com.github.openshift.api.operator.v1.ClusterCSIDriver": { - "description": "ClusterCSIDriver object allows management and configuration of a CSI driver operator installed by default in OpenShift. Name of the object must be name of the CSI driver it operates. See CSIDriverName type for list of allowed values.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.sharedresource.v1alpha1.SharedSecret": { + "description": "SharedSecret allows a Secret to be shared across namespaces. Pods can mount the shared Secret by adding a CSI volume to the pod specification using the \"csi.sharedresource.openshift.io\" CSI driver and a reference to the SharedSecret in the volume attributes:\n\nspec:\n\n\tvolumes:\n\t- name: shared-secret\n\t csi:\n\t driver: csi.sharedresource.openshift.io\n\t volumeAttributes:\n\t sharedSecret: my-share\n\nFor the mount to be successful, the pod's service account must be granted permission to 'use' the named SharedSecret object within its namespace with an appropriate Role and RoleBinding. For compactness, here are example `oc` invocations for creating such Role and RoleBinding objects.\n\n\t`oc create role shared-resource-my-share --verb=use --resource=sharedsecrets.sharedresource.openshift.io --resource-name=my-share`\n\t`oc create rolebinding shared-resource-my-share --role=shared-resource-my-share --serviceaccount=my-namespace:default`\n\nShared resource objects, in this case Secrets, have default permissions of list, get, and watch for system authenticated users.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ "spec" @@ -41648,22 +39976,22 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec holds user settable values for configuration", + "description": "spec is the specification of the desired shared secret", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterCSIDriverSpec" + "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedSecretSpec" }, "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", + "description": "status is the observed status of the shared secret", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterCSIDriverStatus" + "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedSecretStatus" } } }, - "com.github.openshift.api.operator.v1.ClusterCSIDriverList": { - "description": "ClusterCSIDriverList contains a list of ClusterCSIDriver\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.sharedresource.v1alpha1.SharedSecretList": { + "description": "SharedSecretList contains a list of SharedSecret objects.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ "items" @@ -41677,7 +40005,7 @@ "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterCSIDriver" + "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedSecret" } }, "kind": { @@ -41687,124 +40015,70 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1.ClusterCSIDriverSpec": { - "description": "ClusterCSIDriverSpec is the desired behavior of CSI driver operator", + "com.github.openshift.api.sharedresource.v1alpha1.SharedSecretReference": { + "description": "SharedSecretReference contains information about which Secret to share", "type": "object", "required": [ - "managementState" + "name", + "namespace" ], "properties": { - "driverConfig": { - "description": "driverConfig can be used to specify platform specific driver configuration. When omitted, this means no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.CSIDriverConfigSpec" - }, - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "name": { + "description": "name represents the name of the Secret that is being referenced.", "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" - }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "storageClassState": { - "description": "storageClassState determines if CSI operator should create and manage storage classes. If this field value is empty or Managed - CSI operator will continuously reconcile storage class and create if necessary. If this field value is Unmanaged - CSI operator will not reconcile any previously created storage class. If this field value is Removed - CSI operator will delete the storage class it created previously. When omitted, this means the user has no opinion and the platform chooses a reasonable default, which is subject to change over time. The current default behaviour is Managed.", + "namespace": { + "description": "namespace represents the namespace where the referenced Secret is located.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.sharedresource.v1alpha1.SharedSecretSpec": { + "description": "SharedSecretSpec defines the desired state of a SharedSecret", + "type": "object", + "required": [ + "secretRef" + ], + "properties": { + "description": { + "description": "description is a user readable explanation of what the backing resource provides.", "type": "string" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "secretRef": { + "description": "secretRef is a reference to the Secret to share", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedSecretReference" } } }, - "com.github.openshift.api.operator.v1.ClusterCSIDriverStatus": { - "description": "ClusterCSIDriverStatus is the observed status of CSI driver operator", + "com.github.openshift.api.sharedresource.v1alpha1.SharedSecretStatus": { + "description": "SharedSecretStatus contains the observed status of the shared resource", "type": "object", "properties": { "conditions": { - "description": "conditions is a list of conditions and their status", + "description": "conditions represents any observations made on this particular shared resource by the underlying CSI driver or Share controller.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" }, "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" } } }, - "com.github.openshift.api.operator.v1.ClusterNetworkEntry": { - "description": "ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks", - "type": "object", - "required": [ - "cidr" - ], - "properties": { - "cidr": { - "type": "string", - "default": "" - }, - "hostPrefix": { - "type": "integer", - "format": "int64" - } - } - }, - "com.github.openshift.api.operator.v1.Config": { - "description": "Config specifies the behavior of the config operator which is responsible for creating the initial configuration of other components on the cluster. The operator also handles installation, migration or synchronization of cloud configurations for AWS and Azure cloud based clusters\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.template.v1.BrokerTemplateInstance": { + "description": "BrokerTemplateInstance holds the service broker-related state associated with a TemplateInstance. BrokerTemplateInstance is part of an experimental API.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "metadata", "spec" ], "properties": { @@ -41819,25 +40093,19 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec is the specification of the desired behavior of the Config Operator.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConfigSpec" - }, - "status": { - "description": "status defines the observed status of the Config Operator.", + "description": "spec describes the state of this BrokerTemplateInstance.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConfigStatus" + "$ref": "#/definitions/com.github.openshift.api.template.v1.BrokerTemplateInstanceSpec" } } }, - "com.github.openshift.api.operator.v1.ConfigList": { - "description": "ConfigList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.template.v1.BrokerTemplateInstanceList": { + "description": "BrokerTemplateInstanceList is a list of BrokerTemplateInstance objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -41846,11 +40114,11 @@ "type": "string" }, "items": { - "description": "items contains the items", + "description": "items is a list of BrokerTemplateInstances", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Config" + "$ref": "#/definitions/com.github.openshift.api.template.v1.BrokerTemplateInstance" } }, "kind": { @@ -41860,113 +40128,127 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1.ConfigMapFileReference": { - "description": "ConfigMapFileReference references a specific file within a ConfigMap.", + "com.github.openshift.api.template.v1.BrokerTemplateInstanceSpec": { + "description": "BrokerTemplateInstanceSpec describes the state of a BrokerTemplateInstance.", "type": "object", "required": [ - "name", - "key" + "templateInstance", + "secret" ], "properties": { - "key": { - "description": "key is the logo key inside the referenced ConfigMap. Must consist only of alphanumeric characters, dashes (-), underscores (_), and periods (.). Must be at most 253 characters in length. Must end in a valid file extension. A valid file extension must consist of a period followed by 2 to 5 alpha characters.", - "type": "string", - "default": "" + "bindingIDs": { + "description": "bindingIDs is a list of 'binding_id's provided during successive bind calls to the template service broker.", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "name": { - "description": "name is the name of the ConfigMap. name is a required field. Must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. Must be at most 253 characters in length.", - "type": "string", - "default": "" + "secret": { + "description": "secret is a reference to a Secret object residing in a namespace, containing the necessary template parameters.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + }, + "templateInstance": { + "description": "templateInstance is a reference to a TemplateInstance object residing in a namespace.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" } } }, - "com.github.openshift.api.operator.v1.ConfigSpec": { + "com.github.openshift.api.template.v1.Parameter": { + "description": "Parameter defines a name/value variable that is to be processed during the Template to Config transformation.", "type": "object", "required": [ - "managementState" + "name" ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "description": { + "description": "description of a parameter. Optional.", "type": "string" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "displayName": { + "description": "Optional: The name that will show in UI instead of parameter 'Name'", + "type": "string" + }, + "from": { + "description": "from is an input value for the generator. Optional.", + "type": "string" + }, + "generate": { + "description": "generate specifies the generator to be used to generate random string from an input value specified by From field. The result string is stored into Value field. If empty, no generator is being used, leaving the result Value untouched. Optional.\n\nThe only supported generator is \"expression\", which accepts a \"from\" value in the form of a simple regular expression containing the range expression \"[a-zA-Z0-9]\", and the length expression \"a{length}\".\n\nExamples:\n\nfrom | value ----------------------------- \"test[0-9]{1}x\" | \"test7x\" \"[0-1]{8}\" | \"01001100\" \"0x[A-F0-9]{4}\" | \"0xB3AF\" \"[a-zA-Z0-9]{8}\" | \"hW4yQU5i\"", + "type": "string" + }, + "name": { + "description": "name must be set and it can be referenced in Template Items using ${PARAMETER_NAME}. Required.", "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "required": { + "description": "Optional: Indicates the parameter must have a value. Defaults to false.", + "type": "boolean" }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "value": { + "description": "value holds the Parameter data. If specified, the generator will be ignored. The value replaces all occurrences of the Parameter ${Name} expression during the Template to Config transformation. Optional.", "type": "string" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.operator.v1.ConfigStatus": { + "com.github.openshift.api.template.v1.Template": { + "description": "Template contains the inputs needed to produce a Config.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "objects" + ], "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "labels": { + "description": "labels is a optional set of labels that are applied to every object during the Template to Config transformation.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "message": { + "description": "message is an optional instructional message that will be displayed when this template is instantiated. This field should inform the user how to utilize the newly created resources. Parameter substitution will be performed on the message before being displayed so that generated credentials and other parameters can be included in the output.", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "objects": { + "description": "objects is an array of resources to include in this template. If a namespace value is hardcoded in the object, it will be removed during template instantiation, however if the namespace value is, or contains, a ${PARAMETER_REFERENCE}, the resolved value after parameter substitution will be respected and the object will be created in that namespace.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + } }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "parameters": { + "description": "parameters is an optional array of Parameters used during the Template to Config transformation.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.template.v1.Parameter" + } } } }, - "com.github.openshift.api.operator.v1.Console": { - "description": "Console provides a means to configure an operator to manage the console.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.template.v1.TemplateInstance": { + "description": "TemplateInstance requests and records the instantiation of a Template. TemplateInstance is part of an experimental API.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "spec" @@ -41983,121 +40265,61 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { + "description": "spec describes the desired state of this TemplateInstance.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConsoleSpec" + "$ref": "#/definitions/com.github.openshift.api.template.v1.TemplateInstanceSpec" }, "status": { + "description": "status describes the current state of this TemplateInstance.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConsoleStatus" + "$ref": "#/definitions/com.github.openshift.api.template.v1.TemplateInstanceStatus" } } }, - "com.github.openshift.api.operator.v1.ConsoleConfigRoute": { - "description": "ConsoleConfigRoute holds information on external route access to console. DEPRECATED", + "com.github.openshift.api.template.v1.TemplateInstanceCondition": { + "description": "TemplateInstanceCondition contains condition information for a TemplateInstance.", "type": "object", "required": [ - "hostname" + "type", + "status", + "lastTransitionTime", + "reason", + "message" ], "properties": { - "hostname": { - "description": "hostname is the desired custom domain under which console will be available.", + "lastTransitionTime": { + "description": "lastTransitionTime is the last time a condition status transitioned from one state to another.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "message": { + "description": "message is a human readable description of the details of the last transition, complementing reason.", "type": "string", "default": "" }, - "secret": { - "description": "secret points to secret in the openshift-config namespace that contains custom certificate and key and needs to be created manually by the cluster admin. Referenced Secret is required to contain following key value pairs: - \"tls.crt\" - to specifies custom certificate - \"tls.key\" - to specifies private key of the custom certificate If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" - } - } - }, - "com.github.openshift.api.operator.v1.ConsoleCustomization": { - "description": "ConsoleCustomization defines a list of optional configuration for the console UI. Ensure that Logos and CustomLogoFile cannot be set at the same time.", - "type": "object", - "properties": { - "addPage": { - "description": "addPage allows customizing actions on the Add page in developer perspective.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AddPage" - }, - "brand": { - "description": "brand is the default branding of the web console which can be overridden by providing the brand field. There is a limited set of specific brand options. This field controls elements of the console such as the logo. Invalid value will prevent a console rollout.", - "type": "string" - }, - "capabilities": { - "description": "capabilities defines an array of capabilities that can be interacted with in the console UI. Each capability defines a visual state that can be interacted with the console to render in the UI. Available capabilities are LightspeedButton, GettingStartedBanner, and GuidedTour. Each of the available capabilities may appear only once in the list.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Capability" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "customLogoFile": { - "description": "customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a Only one of customLogoFile or logos can be set at a time. ConfigMap in the openshift-config namespace. This can be created with a command like 'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'. Image size must be less than 1 MB due to constraints on the ConfigMap size. The ConfigMap key should include a file extension so that the console serves the file with the correct MIME type. The recommended file format for the logo is SVG, but other file formats are allowed if supported by the browser. Deprecated: Use logos instead.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapFileReference" - }, - "customProductName": { - "description": "customProductName is the name that will be displayed in page titles, logo alt text, and the about dialog instead of the normal OpenShift product name.", - "type": "string" - }, - "developerCatalog": { - "description": "developerCatalog allows to configure the shown developer catalog categories (filters) and types (sub-catalogs).", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCustomization" - }, - "documentationBaseURL": { - "description": "documentationBaseURL links to external documentation are shown in various sections of the web console. Providing documentationBaseURL will override the default documentation URL. Invalid value will prevent a console rollout.", - "type": "string" - }, - "logos": { - "description": "logos is used to replace the OpenShift Masthead and Favicon logos in the console UI with custom logos. logos is an optional field that allows a list of logos. Only one of logos or customLogoFile can be set at a time. If logos is set, customLogoFile must be unset. When specified, there must be at least one entry and no more than 2 entries. Each type must appear only once in the list.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Logo" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "perspectives": { - "description": "perspectives allows enabling/disabling of perspective(s) that user can see in the Perspective switcher dropdown.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Perspective" - }, - "x-kubernetes-list-map-keys": [ - "id" - ], - "x-kubernetes-list-type": "map" + "reason": { + "description": "reason is a brief machine readable explanation for the condition's last transition.", + "type": "string", + "default": "" }, - "projectAccess": { - "description": "projectAccess allows customizing the available list of ClusterRoles in the Developer perspective Project access page which can be used by a project admin to specify roles to other users and restrict access within the project. If set, the list will replace the default ClusterRole options.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ProjectAccess" + "status": { + "description": "status of the condition, one of True, False or Unknown.", + "type": "string", + "default": "" }, - "quickStarts": { - "description": "quickStarts allows customization of available ConsoleQuickStart resources in console.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.QuickStarts" + "type": { + "description": "type of the condition, currently Ready or InstantiateFailure.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.ConsoleList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.template.v1.TemplateInstanceList": { + "description": "TemplateInstanceList is a list of TemplateInstance objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -42106,10 +40328,11 @@ "type": "string" }, "items": { + "description": "items is a list of Templateinstances", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Console" + "$ref": "#/definitions/com.github.openshift.api.template.v1.TemplateInstance" } }, "kind": { @@ -42119,146 +40342,134 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1.ConsoleProviders": { - "description": "ConsoleProviders defines a list of optional additional providers of functionality to the console.", + "com.github.openshift.api.template.v1.TemplateInstanceObject": { + "description": "TemplateInstanceObject references an object created by a TemplateInstance.", "type": "object", "properties": { - "statuspage": { - "description": "statuspage contains ID for statuspage.io page that provides status info about.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.StatuspageProvider" - } + "ref": { + "description": "ref is a reference to the created object. When used under .spec, only name and namespace are used; these can contain references to parameters which will be substituted following the usual rules.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + } } }, - "com.github.openshift.api.operator.v1.ConsoleSpec": { - "description": "ConsoleSpec is the specification of the desired behavior of the Console.", + "com.github.openshift.api.template.v1.TemplateInstanceRequester": { + "description": "TemplateInstanceRequester holds the identity of an agent requesting a template instantiation.", "type": "object", - "required": [ - "managementState", - "providers" - ], "properties": { - "customization": { - "description": "customization is used to optionally provide a small set of customization options to the web console.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConsoleCustomization" - }, - "ingress": { - "description": "ingress allows to configure the alternative ingress for the console. This field is intended for clusters without ingress capability, where access to routes is not possible.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Ingress" - }, - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "type": "string", - "default": "" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" - }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "extra": { + "description": "extra holds additional information provided by the authenticator.", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string", + "default": "" + } + } }, - "plugins": { - "description": "plugins defines a list of enabled console plugin names.", + "groups": { + "description": "groups represent the groups this user is a part of.", "type": "array", "items": { "type": "string", "default": "" } }, - "providers": { - "description": "providers contains configuration for using specific service providers.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConsoleProviders" + "uid": { + "description": "uid is a unique value that identifies this user across time; if this user is deleted and another user by the same name is added, they will have different UIDs.", + "type": "string" }, - "route": { - "description": "route contains hostname and secret reference that contains the serving certificate. If a custom route is specified, a new route will be created with the provided hostname, under which console will be available. In case of custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed. In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. The default console route will be maintained to reserve the default hostname for console if the custom route is removed. If not specified, default route will be used. DEPRECATED", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConsoleConfigRoute" + "username": { + "description": "username uniquely identifies this user among all active users.", + "type": "string" + } + } + }, + "com.github.openshift.api.template.v1.TemplateInstanceSpec": { + "description": "TemplateInstanceSpec describes the desired state of a TemplateInstance.", + "type": "object", + "required": [ + "template" + ], + "properties": { + "requester": { + "description": "requester holds the identity of the agent requesting the template instantiation.", + "$ref": "#/definitions/com.github.openshift.api.template.v1.TemplateInstanceRequester" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "secret": { + "description": "secret is a reference to a Secret object containing the necessary template parameters.", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "template": { + "description": "template is a full copy of the template for instantiation.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.template.v1.Template" } } }, - "com.github.openshift.api.operator.v1.ConsoleStatus": { - "description": "ConsoleStatus defines the observed status of the Console.", + "com.github.openshift.api.template.v1.TemplateInstanceStatus": { + "description": "TemplateInstanceStatus describes the current state of a TemplateInstance.", "type": "object", "properties": { "conditions": { - "description": "conditions is a list of conditions and their status", + "description": "conditions represent the latest available observations of a TemplateInstance's current state.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/com.github.openshift.api.template.v1.TemplateInstanceCondition" + } }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "objects": { + "description": "objects references the objects created by the TemplateInstance.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.template.v1.TemplateInstanceObject" + } } } }, - "com.github.openshift.api.operator.v1.ContainerLoggingDestinationParameters": { - "description": "ContainerLoggingDestinationParameters describes parameters for the Container logging destination type.", + "com.github.openshift.api.template.v1.TemplateList": { + "description": "TemplateList is a list of Template objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "items" + ], "properties": { - "maxLength": { - "description": "maxLength is the maximum length of the log message.\n\nValid values are integers in the range 480 to 8192, inclusive.\n\nWhen omitted, the default value is 1024.", - "type": "integer", - "format": "int32" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is a list of templates", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.template.v1.Template" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1.DNS": { - "description": "DNS manages the CoreDNS component to provide a name resolution service for pods and services in the cluster.\n\nThis supports the DNS-based service discovery specification: https://github.com/kubernetes/dns/blob/master/docs/specification.md\n\nMore details: https://kubernetes.io/docs/tasks/administer-cluster/coredns\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.user.v1.Group": { + "description": "Group represents a referenceable set of Users\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "users" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -42271,36 +40482,20 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "spec is the specification of the desired behavior of the DNS.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSSpec" - }, - "status": { - "description": "status is the most recently observed status of the DNS.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSStatus" - } - } - }, - "com.github.openshift.api.operator.v1.DNSCache": { - "description": "DNSCache defines the fields for configuring DNS caching.", - "type": "object", - "properties": { - "negativeTTL": { - "description": "negativeTTL is optional and specifies the amount of time that a negative response should be cached.\n\nIf configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"100s\", \"1m30s\", \"12h30m10s\". Values that are fractions of a second are rounded down to the nearest second. If the configured value is less than 1s, the default value will be used. If not configured, the value will be 0s and OpenShift will use a default value of 30 seconds unless noted otherwise in the respective Corefile for your version of OpenShift. The default value of 30 seconds is subject to change.", - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "positiveTTL": { - "description": "positiveTTL is optional and specifies the amount of time that a positive response should be cached.\n\nIf configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"100s\", \"1m30s\", \"12h30m10s\". Values that are fractions of a second are rounded down to the nearest second. If the configured value is less than 1s, the default value will be used. If not configured, the value will be 0s and OpenShift will use a default value of 900 seconds unless noted otherwise in the respective Corefile for your version of OpenShift. The default value of 900 seconds is subject to change.", - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + "users": { + "description": "users is the list of users in this group.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.operator.v1.DNSList": { - "description": "DNSList contains a list of DNS\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.user.v1.GroupList": { + "description": "GroupList is a collection of Groups\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "items" @@ -42311,10 +40506,11 @@ "type": "string" }, "items": { + "description": "items is the list of groups", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNS" + "$ref": "#/definitions/com.github.openshift.api.user.v1.Group" } }, "kind": { @@ -42324,349 +40520,393 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1.DNSNodePlacement": { - "description": "DNSNodePlacement describes the node scheduling configuration for DNS pods.", + "com.github.openshift.api.user.v1.Identity": { + "description": "Identity records a successful authentication of a user with an identity provider. The information about the source of authentication is stored on the identity, and the identity is then associated with a single user object. Multiple identities can reference a single user. Information retrieved from the authentication provider is stored in the extra field using a schema determined by the provider.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "providerName", + "providerUserName", + "user" + ], "properties": { - "nodeSelector": { - "description": "nodeSelector is the node selector applied to DNS pods.\n\nIf empty, the default is used, which is currently the following:\n\n kubernetes.io/os: linux\n\nThis default is subject to change.\n\nIf set, the specified selector is used and replaces the default.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "extra": { + "description": "extra holds extra information about this identity", "type": "object", "additionalProperties": { "type": "string", "default": "" } }, - "tolerations": { - "description": "tolerations is a list of tolerations applied to DNS pods.\n\nIf empty, the DNS operator sets a toleration for the \"node-role.kubernetes.io/master\" taint. This default is subject to change. Specifying tolerations without including a toleration for the \"node-role.kubernetes.io/master\" taint may be risky as it could lead to an outage if all worker nodes become unavailable.\n\nNote that the daemon controller adds some tolerations as well. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "providerName": { + "description": "providerName is the source of identity information", + "type": "string", + "default": "" + }, + "providerUserName": { + "description": "providerUserName uniquely represents this identity in the scope of the provider", + "type": "string", + "default": "" + }, + "user": { + "description": "user is a reference to the user this identity is associated with Both Name and UID must be set", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + } + } + }, + "com.github.openshift.api.user.v1.IdentityList": { + "description": "IdentityList is a collection of Identities\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is the list of identities", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" + "$ref": "#/definitions/com.github.openshift.api.user.v1.Identity" } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1.DNSOverTLSConfig": { - "description": "DNSOverTLSConfig describes optional DNSTransportConfig fields that should be captured.", + "com.github.openshift.api.user.v1.User": { + "description": "Upon log in, every user of the system receives a User and Identity resource. Administrators may directly manipulate the attributes of the users for their own tracking, or set groups via the API. The user name is unique and is chosen based on the value provided by the identity provider - if a user already exists with the incoming name, the user name may have a number appended to it depending on the configuration of the system.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "serverName" + "groups" ], "properties": { - "caBundle": { - "description": "caBundle references a ConfigMap that must contain either a single CA Certificate or a CA Bundle. This allows cluster administrators to provide their own CA or CA bundle for validating the certificate of upstream resolvers.\n\n1. The configmap must contain a `ca-bundle.crt` key. 2. The value must be a PEM encoded CA certificate or CA bundle. 3. The administrator must create this configmap in the openshift-config namespace. 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "serverName": { - "description": "serverName is the upstream server to connect to when forwarding DNS queries. This is required when Transport is set to \"TLS\". ServerName will be validated against the DNS naming conventions in RFC 1123 and should match the TLS certificate installed in the upstream resolver(s).", - "type": "string", - "default": "" + "fullName": { + "description": "fullName is the full name of user", + "type": "string" + }, + "groups": { + "description": "groups specifies group names this user is a member of. This field is deprecated and will be removed in a future release. Instead, create a Group object containing the name of this User.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "identities": { + "description": "identities are the identities associated with this user", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } } }, - "com.github.openshift.api.operator.v1.DNSSpec": { - "description": "DNSSpec is the specification of the desired behavior of the DNS.", + "com.github.openshift.api.user.v1.UserIdentityMapping": { + "description": "UserIdentityMapping maps a user to an identity\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "properties": { - "cache": { - "description": "cache describes the caching configuration that applies to all server blocks listed in the Corefile. This field allows a cluster admin to optionally configure: * positiveTTL which is a duration for which positive responses should be cached. * negativeTTL which is a duration for which negative responses should be cached. If this is not configured, OpenShift will configure positive and negative caching with a default value that is subject to change. At the time of writing, the default positiveTTL is 900 seconds and the default negativeTTL is 30 seconds or as noted in the respective Corefile for your version of OpenShift.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSCache" - }, - "logLevel": { - "description": "logLevel describes the desired logging verbosity for CoreDNS. Any one of the following values may be specified: * Normal logs errors from upstream resolvers. * Debug logs errors, NXDOMAIN responses, and NODATA responses. * Trace logs errors and all responses.\n Setting logLevel: Trace will produce extremely verbose logs.\nValid values are: \"Normal\", \"Debug\", \"Trace\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether the DNS operator should manage cluster DNS", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "nodePlacement": { - "description": "nodePlacement provides explicit control over the scheduling of DNS pods.\n\nGenerally, it is useful to run a DNS pod on every node so that DNS queries are always handled by a local DNS pod instead of going over the network to a DNS pod on another node. However, security policies may require restricting the placement of DNS pods to specific nodes. For example, if a security policy prohibits pods on arbitrary nodes from communicating with the API, a node selector can be specified to restrict DNS pods to nodes that are permitted to communicate with the API. Conversely, if running DNS pods on nodes with a particular taint is desired, a toleration can be specified for that taint.\n\nIf unset, defaults are used. See nodePlacement for more details.", + "identity": { + "description": "identity is a reference to an identity", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSNodePlacement" + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" }, - "operatorLogLevel": { - "description": "operatorLogLevel controls the logging level of the DNS Operator. Valid values are: \"Normal\", \"Debug\", \"Trace\". Defaults to \"Normal\". setting operatorLogLevel: Trace will produce extremely verbose logs.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "servers": { - "description": "servers is a list of DNS resolvers that provide name query delegation for one or more subdomains outside the scope of the cluster domain. If servers consists of more than one Server, longest suffix match will be used to determine the Server.\n\nFor example, if there are two Servers, one for \"foo.com\" and another for \"a.foo.com\", and the name query is for \"www.a.foo.com\", it will be routed to the Server with Zone \"a.foo.com\".\n\nIf this field is nil, no servers are created.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Server" - } + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "upstreamResolvers": { - "description": "upstreamResolvers defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers for the case of the default (\".\") server\n\nIf this field is not specified, the upstream used will default to /etc/resolv.conf, with policy \"sequential\"", + "user": { + "description": "user is a reference to a user", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.UpstreamResolvers" + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" } } }, - "com.github.openshift.api.operator.v1.DNSStatus": { - "description": "DNSStatus defines the observed status of the DNS.", + "com.github.openshift.api.user.v1.UserList": { + "description": "UserList is a collection of Users\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "clusterIP", - "clusterDomain" + "items" ], "properties": { - "clusterDomain": { - "description": "clusterDomain is the local cluster DNS domain suffix for DNS services. This will be a subdomain as defined in RFC 1034, section 3.5: https://tools.ietf.org/html/rfc1034#section-3.5 Example: \"cluster.local\"\n\nMore info: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service", - "type": "string", - "default": "" - }, - "clusterIP": { - "description": "clusterIP is the service IP through which this DNS is made available.\n\nIn the case of the default DNS, this will be a well known IP that is used as the default nameserver for pods that are using the default ClusterFirst DNS policy.\n\nIn general, this IP can be specified in a pod's spec.dnsConfig.nameservers list or used explicitly when performing name resolution from within the cluster. Example: dig foo.com @\n\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "conditions": { - "description": "conditions provide information about the state of the DNS on the cluster.\n\nThese are the supported DNS conditions:\n\n * Available\n - True if the following conditions are met:\n * DNS controller daemonset is available.\n - False if any of those conditions are unsatisfied.", + "items": { + "description": "items is the list of users", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" - } - } - }, - "com.github.openshift.api.operator.v1.DNSTransportConfig": { - "description": "DNSTransportConfig groups related configuration parameters used for configuring forwarding to upstream resolvers that support DNS-over-TLS.", - "type": "object", - "properties": { - "tls": { - "description": "tls contains the additional configuration options to use when Transport is set to \"TLS\".", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSOverTLSConfig" + "$ref": "#/definitions/com.github.openshift.api.user.v1.User" + } }, - "transport": { - "description": "transport allows cluster administrators to opt-in to using a DNS-over-TLS connection between cluster DNS and an upstream resolver(s). Configuring TLS as the transport at this level without configuring a CABundle will result in the system certificates being used to verify the serving certificate of the upstream resolver(s).\n\nPossible values: \"\" (empty) - This means no explicit choice has been made and the platform chooses the default which is subject to change over time. The current default is \"Cleartext\". \"Cleartext\" - Cluster admin specified cleartext option. This results in the same functionality as an empty value but may be useful when a cluster admin wants to be more explicit about the transport, or wants to switch from \"TLS\" to \"Cleartext\" explicitly. \"TLS\" - This indicates that DNS queries should be sent over a TLS connection. If Transport is set to TLS, you MUST also set ServerName. If a port is not included with the upstream IP, port 853 will be tried by default per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "transport", - "fields-to-discriminateBy": { - "tls": "TLS" - } - } - ] + } }, - "com.github.openshift.api.operator.v1.DefaultNetworkDefinition": { - "description": "DefaultNetworkDefinition represents a single network plugin's configuration. type must be specified, along with exactly one \"Config\" that matches the type.", + "io.k8s.api.admissionregistration.v1.AuditAnnotation": { + "description": "AuditAnnotation describes how to produce an audit annotation for an API request.", "type": "object", "required": [ - "type" + "key", + "valueExpression" ], "properties": { - "openshiftSDNConfig": { - "description": "openshiftSDNConfig was previously used to configure the openshift-sdn plugin. DEPRECATED: OpenShift SDN is no longer supported.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftSDNConfig" - }, - "ovnKubernetesConfig": { - "description": "ovnKubernetesConfig configures the ovn-kubernetes plugin.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OVNKubernetesConfig" + "key": { + "description": "key specifies the audit annotation key. The audit annotation keys of a ValidatingAdmissionPolicy must be unique. The key must be a qualified name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\nThe key is combined with the resource name of the ValidatingAdmissionPolicy to construct an audit annotation key: \"{ValidatingAdmissionPolicy name}/{key}\".\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy and the same audit annotation key, the annotation key will be identical. In this case, the first annotation written with the key will be included in the audit event and all subsequent annotations with the same key will be discarded.\n\nRequired.", + "type": "string", + "default": "" }, - "type": { - "description": "type is the type of network All NetworkTypes are supported except for NetworkTypeRaw", + "valueExpression": { + "description": "valueExpression represents the expression which is evaluated by CEL to produce an audit annotation value. The expression must evaluate to either a string or null value. If the expression evaluates to a string, the audit annotation is included with the string value. If the expression evaluates to null or empty string the audit annotation will be omitted. The valueExpression may be no longer than 5kb in length. If the result of the valueExpression is more than 10kb in length, it will be truncated to 10kb.\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an API request, then the valueExpression will be evaluated for each binding. All unique values produced by the valueExpressions will be joined together in a comma-separated list.\n\nRequired.", "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategory": { - "description": "DeveloperConsoleCatalogCategory for the developer console catalog.", + "io.k8s.api.admissionregistration.v1.ExpressionWarning": { + "description": "ExpressionWarning is a warning information that targets a specific expression.", "type": "object", "required": [ - "id", - "label" + "fieldRef", + "warning" ], "properties": { - "id": { - "description": "id is an identifier used in the URL to enable deep linking in console. ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters.", + "fieldRef": { + "description": "The path to the field that refers the expression. For example, the reference to the expression of the first item of validations is \"spec.validations[0].expression\"", "type": "string", "default": "" }, - "label": { - "description": "label defines a category display label. It is required and must have 1-64 characters.", + "warning": { + "description": "The content of type checking information in a human-readable form. Each line of the warning contains the type that the expression is checked against, followed by the type check error from the compiler.", "type": "string", "default": "" - }, - "subcategories": { - "description": "subcategories defines a list of child categories.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategoryMeta" - } - }, - "tags": { - "description": "tags is a list of strings that will match the category. A selected category show all items which has at least one overlapping tag between category and item.", - "type": "array", - "items": { - "type": "string", - "default": "" - } } } }, - "com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategoryMeta": { - "description": "DeveloperConsoleCatalogCategoryMeta are the key identifiers of a developer catalog category.", + "io.k8s.api.admissionregistration.v1.MatchCondition": { + "description": "MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.", "type": "object", "required": [ - "id", - "label" + "name", + "expression" ], "properties": { - "id": { - "description": "id is an identifier used in the URL to enable deep linking in console. ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters.", + "expression": { + "description": "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\nRequired.", "type": "string", "default": "" }, - "label": { - "description": "label defines a category display label. It is required and must have 1-64 characters.", + "name": { + "description": "Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\nRequired.", "type": "string", "default": "" - }, - "tags": { - "description": "tags is a list of strings that will match the category. A selected category show all items which has at least one overlapping tag between category and item.", - "type": "array", - "items": { - "type": "string", - "default": "" - } } } }, - "com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCustomization": { - "description": "DeveloperConsoleCatalogCustomization allow cluster admin to configure developer catalog.", + "io.k8s.api.admissionregistration.v1.MatchResources": { + "description": "MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)", "type": "object", "properties": { - "categories": { - "description": "categories which are shown in the developer catalog.", + "excludeResourceRules": { + "description": "ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategory" - } + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.NamedRuleWithOperations" + }, + "x-kubernetes-list-type": "atomic" }, - "types": { - "description": "types allows enabling or disabling of sub-catalog types that user can see in the Developer catalog. When omitted, all the sub-catalog types will be shown.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DeveloperConsoleCatalogTypes" - } - } - }, - "com.github.openshift.api.operator.v1.DeveloperConsoleCatalogTypes": { - "description": "DeveloperConsoleCatalogTypes defines the state of the sub-catalog types.", - "type": "object", - "required": [ - "state" + "matchPolicy": { + "description": "matchPolicy defines how the \"MatchResources\" list is used to match incoming requests. Allowed values are \"Exact\" or \"Equivalent\".\n\n- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.\n\n- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.\n\nDefaults to \"Equivalent\"\n\nPossible enum values:\n - `\"Equivalent\"` means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version.\n - `\"Exact\"` means requests should only be sent to the webhook if they exactly match a given rule.", + "type": "string", + "enum": [ + "Equivalent", + "Exact" + ] + }, + "namespaceSelector": { + "description": "NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"runlevel\",\n \"operator\": \"NotIn\",\n \"values\": [\n \"0\",\n \"1\"\n ]\n }\n ]\n}\n\nIf instead you want to only run the policy on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"environment\",\n \"operator\": \"In\",\n \"values\": [\n \"prod\",\n \"staging\"\n ]\n }\n ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "objectSelector": { + "description": "ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "resourceRules": { + "description": "ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.NamedRuleWithOperations" + }, + "x-kubernetes-list-type": "atomic" + } + }, + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.admissionregistration.v1.MutatingWebhook": { + "description": "MutatingWebhook describes an admission webhook and the resources and operations it applies to.", + "type": "object", + "required": [ + "name", + "clientConfig", + "sideEffects", + "admissionReviewVersions" ], "properties": { - "disabled": { - "description": "disabled is a list of developer catalog types (sub-catalogs IDs) that are not shown to users. Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available in the console on the cluster configuration page, or when editing the YAML in the console. Example: \"Devfile\", \"HelmChart\", \"BuilderImage\" If the list is empty or all the available sub-catalog types are added, then the complete developer catalog should be hidden.", + "admissionReviewVersions": { + "description": "AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.", "type": "array", "items": { "type": "string", "default": "" }, - "x-kubernetes-list-type": "set" + "x-kubernetes-list-type": "atomic" }, - "enabled": { - "description": "enabled is a list of developer catalog types (sub-catalogs IDs) that will be shown to users. Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available in the console on the cluster configuration page, or when editing the YAML in the console. Example: \"Devfile\", \"HelmChart\", \"BuilderImage\" If the list is non-empty, a new type will not be shown to the user until it is added to list. If the list is empty the complete developer catalog will be shown.", + "clientConfig": { + "description": "ClientConfig defines how to communicate with the hook. Required", + "default": {}, + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.WebhookClientConfig" + }, + "failurePolicy": { + "description": "FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.\n\nPossible enum values:\n - `\"Fail\"` means that an error calling the webhook causes the admission to fail.\n - `\"Ignore\"` means that an error calling the webhook is ignored.", + "type": "string", + "enum": [ + "Fail", + "Ignore" + ] + }, + "matchConditions": { + "description": "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n 1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n 2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n 3. If any matchCondition evaluates to an error (but none are FALSE):\n - If failurePolicy=Fail, reject the request\n - If failurePolicy=Ignore, the error is ignored and the webhook is skipped", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.MatchCondition" }, - "x-kubernetes-list-type": "set" + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" }, - "state": { - "description": "state defines if a list of catalog types should be enabled or disabled.", + "matchPolicy": { + "description": "matchPolicy defines how the \"rules\" list is used to match incoming requests. Allowed values are \"Exact\" or \"Equivalent\".\n\n- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.\n\n- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.\n\nDefaults to \"Equivalent\"\n\nPossible enum values:\n - `\"Equivalent\"` means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version.\n - `\"Exact\"` means requests should only be sent to the webhook if they exactly match a given rule.", "type": "string", - "default": "Enabled" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "state", - "fields-to-discriminateBy": { - "disabled": "Disabled", - "enabled": "Enabled" - } - } - ] - }, - "com.github.openshift.api.operator.v1.EgressIPConfig": { - "description": "EgressIPConfig defines the configuration knobs for egressip", - "type": "object", - "properties": { - "reachabilityTotalTimeoutSeconds": { - "description": "reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. If the EgressIP node cannot be reached within this timeout, the node is declared down. Setting a large value may cause the EgressIP feature to react slowly to node changes. In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 1 second. A value of 0 disables the EgressIP node's reachability check.", - "type": "integer", - "format": "int64" - } - } - }, - "com.github.openshift.api.operator.v1.EndpointPublishingStrategy": { - "description": "EndpointPublishingStrategy is a way to publish the endpoints of an IngressController, and represents the type and any additional configuration for a specific type.", - "type": "object", - "required": [ - "type" - ], - "properties": { - "hostNetwork": { - "description": "hostNetwork holds parameters for the HostNetwork endpoint publishing strategy. Present only if type is HostNetwork.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.HostNetworkStrategy" + "enum": [ + "Equivalent", + "Exact" + ] }, - "loadBalancer": { - "description": "loadBalancer holds parameters for the load balancer. Present only if type is LoadBalancerService.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.LoadBalancerStrategy" + "name": { + "description": "The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where \"imagepolicy\" is the name of the webhook, and kubernetes.io is the name of the organization. Required.", + "type": "string", + "default": "" }, - "nodePort": { - "description": "nodePort holds parameters for the NodePortService endpoint publishing strategy. Present only if type is NodePortService.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodePortStrategy" + "namespaceSelector": { + "description": "NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"runlevel\",\n \"operator\": \"NotIn\",\n \"values\": [\n \"0\",\n \"1\"\n ]\n }\n ]\n}\n\nIf instead you want to only run the webhook on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"environment\",\n \"operator\": \"In\",\n \"values\": [\n \"prod\",\n \"staging\"\n ]\n }\n ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" }, - "private": { - "description": "private holds parameters for the Private endpoint publishing strategy. Present only if type is Private.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.PrivateStrategy" + "objectSelector": { + "description": "ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" }, - "type": { - "description": "type is the publishing strategy to use. Valid values are:\n\n* LoadBalancerService\n\nPublishes the ingress controller using a Kubernetes LoadBalancer Service.\n\nIn this configuration, the ingress controller deployment uses container networking. A LoadBalancer Service is created to publish the deployment.\n\nSee: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer\n\nIf domain is set, a wildcard DNS record will be managed to point at the LoadBalancer Service's external name. DNS records are managed only in DNS zones defined by dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone.\n\nWildcard DNS management is currently supported only on the AWS, Azure, and GCP platforms.\n\n* HostNetwork\n\nPublishes the ingress controller on node ports where the ingress controller is deployed.\n\nIn this configuration, the ingress controller deployment uses host networking, bound to node ports 80 and 443. The user is responsible for configuring an external load balancer to publish the ingress controller via the node ports.\n\n* Private\n\nDoes not publish the ingress controller.\n\nIn this configuration, the ingress controller deployment uses container networking, and is not explicitly published. The user must manually publish the ingress controller.\n\n* NodePortService\n\nPublishes the ingress controller using a Kubernetes NodePort Service.\n\nIn this configuration, the ingress controller deployment uses container networking. A NodePort Service is created to publish the deployment. The specific node ports are dynamically allocated by OpenShift; however, to support static port allocations, user changes to the node port field of the managed NodePort Service will preserved.", + "reinvocationPolicy": { + "description": "reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are \"Never\" and \"IfNeeded\".\n\nNever: the webhook will not be called more than once in a single admission evaluation.\n\nIfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.\n\nDefaults to \"Never\".\n\nPossible enum values:\n - `\"IfNeeded\"` indicates that the webhook may be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call.\n - `\"Never\"` indicates that the webhook must not be called more than once in a single admission evaluation.", "type": "string", - "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "hostNetwork": "HostNetwork", - "loadBalancer": "LoadBalancer", - "nodePort": "NodePort", - "private": "Private" - } + "enum": [ + "IfNeeded", + "Never" + ] + }, + "rules": { + "description": "Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.RuleWithOperations" + }, + "x-kubernetes-list-type": "atomic" + }, + "sideEffects": { + "description": "SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.\n\nPossible enum values:\n - `\"None\"` means that calling the webhook will have no side effects.\n - `\"NoneOnDryRun\"` means that calling the webhook will possibly have side effects, but if the request being reviewed has the dry-run attribute, the side effects will be suppressed.\n - `\"Some\"` means that calling the webhook will possibly have side effects. If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.\n - `\"Unknown\"` means that no information is known about the side effects of calling the webhook. If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.", + "type": "string", + "enum": [ + "None", + "NoneOnDryRun", + "Some", + "Unknown" + ] + }, + "timeoutSeconds": { + "description": "TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.", + "type": "integer", + "format": "int32" } - ] + } }, - "com.github.openshift.api.operator.v1.Etcd": { - "description": "Etcd provides information to configure an operator to manage etcd.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration": { + "description": "MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.", "type": "object", - "required": [ - "metadata", - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -42677,25 +40917,30 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { + "description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.EtcdSpec" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "status": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.EtcdStatus" + "webhooks": { + "description": "Webhooks is a list of webhooks and the affected resources and operations.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.MutatingWebhook" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" } } }, - "com.github.openshift.api.operator.v1.EtcdList": { - "description": "KubeAPISOperatorConfigList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.admissionregistration.v1.MutatingWebhookConfigurationList": { + "description": "MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration.", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -42704,11 +40949,11 @@ "type": "string" }, "items": { - "description": "items contains the items", + "description": "List of MutatingWebhookConfiguration.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Etcd" + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration" } }, "kind": { @@ -42716,653 +40961,928 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1.EtcdSpec": { + "io.k8s.api.admissionregistration.v1.NamedRuleWithOperations": { + "description": "NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames.", "type": "object", - "required": [ - "managementState", - "forceRedeploymentReason" - ], "properties": { - "backendQuotaGiB": { - "description": "backendQuotaGiB sets the etcd backend storage size limit in gibibytes. The value should be an integer not less than 8 and not more than 32. When not specified, the default value is 8.", - "type": "integer", - "format": "int32", - "default": 8 + "apiGroups": { + "description": "APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "controlPlaneHardwareSpeed": { - "description": "HardwareSpeed allows user to change the etcd tuning profile which configures the latency parameters for heartbeat interval and leader election timeouts allowing the cluster to tolerate longer round-trip-times between etcd members. Valid values are \"\", \"Standard\" and \"Slower\".\n\t\"\" means no opinion and the platform is left to choose a reasonable default\n\twhich is subject to change without notice.\n\nPossible enum values:\n - `\"Slower\"` provides more tolerance for slower hardware and/or higher latency networks. Sets (values subject to change): ETCD_HEARTBEAT_INTERVAL: 5x Standard ETCD_LEADER_ELECTION_TIMEOUT: 2.5x Standard\n - `\"Standard\"` provides the normal tolerances for hardware speed and latency. Currently sets (values subject to change at any time): ETCD_HEARTBEAT_INTERVAL: 100ms ETCD_LEADER_ELECTION_TIMEOUT: 1000ms", - "type": "string", - "default": "", - "enum": [ - "Slower", - "Standard" - ] + "apiVersions": { + "description": "APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "failedRevisionLimit": { - "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", - "type": "integer", - "format": "int32" + "operations": { + "description": "Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.", + "type": "array", + "items": { + "type": "string", + "default": "", + "enum": [ + "*", + "CONNECT", + "CREATE", + "DELETE", + "UPDATE" + ] + }, + "x-kubernetes-list-type": "atomic" }, - "forceRedeploymentReason": { - "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.", - "type": "string", - "default": "" + "resourceNames": { + "description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "resources": { + "description": "Resources is a list of resources this rule applies to.\n\nFor example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.\n\nIf wildcard is present, the validation rule will ensure resources do not overlap with each other.\n\nDepending on the enclosing object, subresources might not be allowed. Required.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "scope": { + "description": "scope specifies the scope of this rule. Valid values are \"Cluster\", \"Namespaced\", and \"*\" \"Cluster\" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. \"Namespaced\" means that only namespaced resources will match this rule. \"*\" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is \"*\".\n\n\nPossible enum values:\n - `\"*\"` means that all scopes are included.\n - `\"Cluster\"` means that scope is limited to cluster-scoped objects. Namespace objects are cluster-scoped.\n - `\"Namespaced\"` means that scope is limited to namespaced objects.", "type": "string", - "default": "" + "enum": [ + "*", + "Cluster", + "Namespaced" + ] + } + }, + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.admissionregistration.v1.ParamKind": { + "description": "ParamKind is a tuple of Group Kind and Version.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion is the API group version the resources belong to. In format of \"group/version\". Required.", + "type": "string" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "kind": { + "description": "Kind is the API kind the resources belong to. Required.", + "type": "string" + } + }, + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.admissionregistration.v1.ParamRef": { + "description": "ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding.", + "type": "object", + "properties": { + "name": { + "description": "name is the name of the resource being referenced.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.\n\nA single parameter used for all admission requests can be configured by setting the `name` field, leaving `selector` blank, and setting namespace if `paramKind` is namespace-scoped.", + "type": "string" }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "namespace": { + "description": "namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.\n\nA per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.\n\n- If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.", "type": "string" }, - "succeededRevisionLimit": { - "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", - "type": "integer", - "format": "int32" + "parameterNotFoundAction": { + "description": "`parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.\n\nAllowed values are `Allow` or `Deny`\n\nRequired", + "type": "string" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "selector": { + "description": "selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.\n\nIf multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.operator.v1.EtcdStatus": { + "io.k8s.api.admissionregistration.v1.Rule": { + "description": "Rule is a tuple of APIGroups, APIVersion, and Resources.It is recommended to make sure that all the tuple expansions are valid.", "type": "object", "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", + "apiGroups": { + "description": "APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "controlPlaneHardwareSpeed": { - "description": "Possible enum values:\n - `\"Slower\"` provides more tolerance for slower hardware and/or higher latency networks. Sets (values subject to change): ETCD_HEARTBEAT_INTERVAL: 5x Standard ETCD_LEADER_ELECTION_TIMEOUT: 2.5x Standard\n - `\"Standard\"` provides the normal tolerances for hardware speed and latency. Currently sets (values subject to change at any time): ETCD_HEARTBEAT_INTERVAL: 100ms ETCD_LEADER_ELECTION_TIMEOUT: 1000ms", - "type": "string", - "default": "", - "enum": [ - "Slower", - "Standard" - ] + "x-kubernetes-list-type": "atomic" }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "apiVersions": { + "description": "APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "latestAvailableRevisionReason": { - "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", - "type": "string" + "x-kubernetes-list-type": "atomic" }, - "nodeStatuses": { - "description": "nodeStatuses track the deployment values and errors across individual nodes", + "resources": { + "description": "Resources is a list of resources this rule applies to.\n\nFor example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.\n\nIf wildcard is present, the validation rule will ensure resources do not overlap with each other.\n\nDepending on the enclosing object, subresources might not be allowed. Required.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeStatus" + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "nodeName" - ], - "x-kubernetes-list-type": "map" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "x-kubernetes-list-type": "atomic" }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + "scope": { + "description": "scope specifies the scope of this rule. Valid values are \"Cluster\", \"Namespaced\", and \"*\" \"Cluster\" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. \"Namespaced\" means that only namespaced resources will match this rule. \"*\" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is \"*\".\n\n\nPossible enum values:\n - `\"*\"` means that all scopes are included.\n - `\"Cluster\"` means that scope is limited to cluster-scoped objects. Namespace objects are cluster-scoped.\n - `\"Namespaced\"` means that scope is limited to namespaced objects.", + "type": "string", + "enum": [ + "*", + "Cluster", + "Namespaced" + ] } } }, - "com.github.openshift.api.operator.v1.ExportNetworkFlows": { + "io.k8s.api.admissionregistration.v1.RuleWithOperations": { + "description": "RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.", "type": "object", "properties": { - "ipfix": { - "description": "ipfix defines IPFIX configuration.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPFIXConfig" + "apiGroups": { + "description": "APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "netFlow": { - "description": "netFlow defines the NetFlow configuration.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NetFlowConfig" + "apiVersions": { + "description": "APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "sFlow": { - "description": "sFlow defines the SFlow configuration.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.SFlowConfig" - } - } - }, - "com.github.openshift.api.operator.v1.FeaturesMigration": { - "type": "object", - "properties": { - "egressFirewall": { - "description": "egressFirewall specified whether or not the Egress Firewall configuration was migrated. DEPRECATED: network type migration is no longer supported.", - "type": "boolean" + "operations": { + "description": "Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.", + "type": "array", + "items": { + "type": "string", + "default": "", + "enum": [ + "*", + "CONNECT", + "CREATE", + "DELETE", + "UPDATE" + ] + }, + "x-kubernetes-list-type": "atomic" }, - "egressIP": { - "description": "egressIP specified whether or not the Egress IP configuration was migrated. DEPRECATED: network type migration is no longer supported.", - "type": "boolean" + "resources": { + "description": "Resources is a list of resources this rule applies to.\n\nFor example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.\n\nIf wildcard is present, the validation rule will ensure resources do not overlap with each other.\n\nDepending on the enclosing object, subresources might not be allowed. Required.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "multicast": { - "description": "multicast specified whether or not the multicast configuration was migrated. DEPRECATED: network type migration is no longer supported.", - "type": "boolean" + "scope": { + "description": "scope specifies the scope of this rule. Valid values are \"Cluster\", \"Namespaced\", and \"*\" \"Cluster\" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. \"Namespaced\" means that only namespaced resources will match this rule. \"*\" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is \"*\".\n\n\nPossible enum values:\n - `\"*\"` means that all scopes are included.\n - `\"Cluster\"` means that scope is limited to cluster-scoped objects. Namespace objects are cluster-scoped.\n - `\"Namespaced\"` means that scope is limited to namespaced objects.", + "type": "string", + "enum": [ + "*", + "Cluster", + "Namespaced" + ] } } }, - "com.github.openshift.api.operator.v1.FileReferenceSource": { - "description": "FileReferenceSource is used by the console to locate the specified file containing a custom logo.", + "io.k8s.api.admissionregistration.v1.ServiceReference": { + "description": "ServiceReference holds a reference to Service.legacy.k8s.io", "type": "object", "required": [ - "from" + "namespace", + "name" ], "properties": { - "configMap": { - "description": "configMap specifies the ConfigMap sourcing details such as the name of the ConfigMap and the key for the file. The ConfigMap must exist in the openshift-config namespace. Required when from is \"ConfigMap\", and forbidden otherwise.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConfigMapFileReference" + "name": { + "description": "`name` is the name of the service. Required", + "type": "string", + "default": "" }, - "from": { - "description": "from is a required field to specify the source type of the file reference. Allowed values are ConfigMap. When set to ConfigMap, the file will be sourced from a ConfigMap in the openshift-config namespace. The configMap field must be set when from is set to ConfigMap.\n\nPossible enum values:\n - `\"ConfigMap\"` represents a ConfigMap source.", + "namespace": { + "description": "`namespace` is the namespace of the service. Required", "type": "string", - "default": "", - "enum": [ - "ConfigMap" - ] + "default": "" + }, + "path": { + "description": "`path` is an optional URL path which will be sent in any request to this service.", + "type": "string" + }, + "port": { + "description": "If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).", + "type": "integer", + "format": "int32" } } }, - "com.github.openshift.api.operator.v1.ForwardPlugin": { - "description": "ForwardPlugin defines a schema for configuring the CoreDNS forward plugin.", + "io.k8s.api.admissionregistration.v1.TypeChecking": { + "description": "TypeChecking contains results of type checking the expressions in the ValidatingAdmissionPolicy", "type": "object", - "required": [ - "upstreams" - ], "properties": { - "policy": { - "description": "policy is used to determine the order in which upstream servers are selected for querying. Any one of the following values may be specified:\n\n* \"Random\" picks a random upstream server for each query. * \"RoundRobin\" picks upstream servers in a round-robin order, moving to the next server for each new query. * \"Sequential\" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query.\n\nThe default value is \"Random\"", + "expressionWarnings": { + "description": "The type checking warnings for each expression.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ExpressionWarning" + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy": { + "description": "ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "protocolStrategy": { - "description": "protocolStrategy specifies the protocol to use for upstream DNS requests. Valid values for protocolStrategy are \"TCP\" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is to use the protocol of the original client request. \"TCP\" specifies that the platform should use TCP for all upstream DNS requests, even if the client request uses UDP. \"TCP\" is useful for UDP-specific issues such as those created by non-compliant upstream resolvers, but may consume more bandwidth or increase DNS response time. Note that protocolStrategy only affects the protocol of DNS requests that CoreDNS makes to upstream resolvers. It does not affect the protocol of DNS requests between clients and CoreDNS.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "transportConfig": { - "description": "transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver.\n\nThe default value is \"\" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver.", + "metadata": { + "description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSTransportConfig" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "upstreams": { - "description": "upstreams is a list of resolvers to forward name queries for subdomains of Zones. Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream returns an error during the exchange, another resolver is tried from Upstreams. The Upstreams are selected in the order specified in Policy. Each upstream is represented by an IP address or IP:port if the upstream listens on a port other than 53.\n\nA maximum of 15 upstreams is allowed per ForwardPlugin.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "spec": { + "description": "Specification of the desired behavior of the ValidatingAdmissionPolicy.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicySpec" + }, + "status": { + "description": "The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyStatus" } } }, - "com.github.openshift.api.operator.v1.GCPCSIDriverConfigSpec": { - "description": "GCPCSIDriverConfigSpec defines properties that can be configured for the GCP CSI driver.", + "io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding": { + "description": "ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.\n\nFor a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.\n\nThe CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.", "type": "object", "properties": { - "kmsKey": { - "description": "kmsKey sets the cluster default storage class to encrypt volumes with customer-supplied encryption keys, rather than the default keys managed by GCP.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GCPKMSKeyReference" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBindingSpec" } } }, - "com.github.openshift.api.operator.v1.GCPKMSKeyReference": { - "description": "GCPKMSKeyReference gathers required fields for looking up a GCP KMS Key", + "io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBindingList": { + "description": "ValidatingAdmissionPolicyBindingList is a list of ValidatingAdmissionPolicyBinding.", "type": "object", "required": [ - "name", - "keyRing", - "projectID" + "items" ], "properties": { - "keyRing": { - "description": "keyRing is the name of the KMS Key Ring which the KMS Key belongs to. The value should correspond to an existing KMS key ring and should consist of only alphanumeric characters, hyphens (-) and underscores (_), and be at most 63 characters in length.", - "type": "string", - "default": "" - }, - "location": { - "description": "location is the GCP location in which the Key Ring exists. The value must match an existing GCP location, or \"global\". Defaults to global, if not set.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "name": { - "description": "name is the name of the customer-managed encryption key to be used for disk encryption. The value should correspond to an existing KMS key and should consist of only alphanumeric characters, hyphens (-) and underscores (_), and be at most 63 characters in length.", - "type": "string", - "default": "" + "items": { + "description": "List of PolicyBinding.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding" + } }, - "projectID": { - "description": "projectID is the ID of the Project in which the KMS Key Ring exists. It must be 6 to 30 lowercase letters, digits, or hyphens. It must start with a letter. Trailing hyphens are prohibited.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1.GCPLoadBalancerParameters": { - "description": "GCPLoadBalancerParameters provides configuration settings that are specific to GCP load balancers.", + "io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBindingSpec": { + "description": "ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.", "type": "object", "properties": { - "clientAccess": { - "description": "clientAccess describes how client access is restricted for internal load balancers.\n\nValid values are: * \"Global\": Specifying an internal load balancer with Global client access\n allows clients from any region within the VPC to communicate with the load\n balancer.\n\n https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access\n\n* \"Local\": Specifying an internal load balancer with Local client access\n means only clients within the same region (and VPC) as the GCP load balancer\n can communicate with the load balancer. Note that this is the default behavior.\n\n https://cloud.google.com/load-balancing/docs/internal#client_access", + "matchResources": { + "description": "MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.", + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.MatchResources" + }, + "paramRef": { + "description": "paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.", + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ParamRef" + }, + "policyName": { + "description": "PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.", "type": "string" + }, + "validationActions": { + "description": "validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.\n\nFailures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.\n\nvalidationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.\n\nThe supported actions values are:\n\n\"Deny\" specifies that a validation failure results in a denied request.\n\n\"Warn\" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.\n\n\"Audit\" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `\"validation.policy.admission.k8s.io/validation_failure\": \"[{\\\"message\\\": \\\"Invalid value\\\", {\\\"policy\\\": \\\"policy.example.com\\\", {\\\"binding\\\": \\\"policybinding.example.com\\\", {\\\"expressionIndex\\\": \\\"1\\\", {\\\"validationActions\\\": [\\\"Audit\\\"]}]\"`\n\nClients should expect to handle additional values by ignoring any values not recognized.\n\n\"Deny\" and \"Warn\" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.\n\nRequired.", + "type": "array", + "items": { + "type": "string", + "default": "", + "enum": [ + "Audit", + "Deny", + "Warn" + ] + }, + "x-kubernetes-list-type": "set" } } }, - "com.github.openshift.api.operator.v1.GatewayConfig": { - "description": "GatewayConfig holds node gateway-related parsed config file parameters and command-line overrides", + "io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyList": { + "description": "ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy.", "type": "object", + "required": [ + "items" + ], "properties": { - "ipForwarding": { - "description": "ipForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across OVN-Kubernetes managed interfaces, then set this field to \"Global\". The supported values are \"Restricted\" and \"Global\".", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "ipv4": { - "description": "ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv4 for details of default values.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPv4GatewayConfig" + "items": { + "description": "List of ValidatingAdmissionPolicy.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy" + } }, - "ipv6": { - "description": "ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv6 for details of default values.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPv6GatewayConfig" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "routingViaHost": { - "description": "routingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port into the host before sending it out. If this is not set, traffic will always egress directly from OVN to outside without touching the host stack. Setting this to true means hardware offload will not be supported. Default is false if GatewayConfig is specified.", - "type": "boolean" + "metadata": { + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1.GatherStatus": { - "description": "gatherStatus provides information about the last known gather event.", + "io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicySpec": { + "description": "ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.", "type": "object", "properties": { - "gatherers": { - "description": "gatherers is a list of active gatherers (and their statuses) in the last gathering.", + "auditAnnotations": { + "description": "auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GathererStatus" + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.AuditAnnotation" }, "x-kubernetes-list-type": "atomic" }, - "lastGatherDuration": { - "description": "lastGatherDuration is the total time taken to process all gatherers during the last gather event.", - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + "failurePolicy": { + "description": "failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.\n\nA policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource.\n\nfailurePolicy does not define how validations that evaluate to false are handled.\n\nWhen failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.\n\nAllowed values are Ignore or Fail. Defaults to Fail.\n\nPossible enum values:\n - `\"Fail\"` means that an error calling the webhook causes the admission to fail.\n - `\"Ignore\"` means that an error calling the webhook is ignored.", + "type": "string", + "enum": [ + "Fail", + "Ignore" + ] }, - "lastGatherTime": { - "description": "lastGatherTime is the last time when Insights data gathering finished. An empty value means that no data has been gathered yet.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "matchConditions": { + "description": "MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nIf a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.\n\nThe exact matching logic is (in order):\n 1. If ANY matchCondition evaluates to FALSE, the policy is skipped.\n 2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.\n 3. If any matchCondition evaluates to an error (but none are FALSE):\n - If failurePolicy=Fail, reject the request\n - If failurePolicy=Ignore, the policy is skipped", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.MatchCondition" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + }, + "matchConstraints": { + "description": "MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request if it matches _all_ Constraints. However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Required.", + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.MatchResources" + }, + "paramKind": { + "description": "ParamKind specifies the kind of resources used to parameterize this policy. If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.", + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ParamKind" + }, + "validations": { + "description": "Validations contain CEL expressions which is used to apply the validation. Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is required.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.Validation" + }, + "x-kubernetes-list-type": "atomic" + }, + "variables": { + "description": "Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.\n\nThe expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.Variable" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" } } }, - "com.github.openshift.api.operator.v1.GathererStatus": { - "description": "gathererStatus represents information about a particular data gatherer.", + "io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyStatus": { + "description": "ValidatingAdmissionPolicyStatus represents the status of an admission validation policy.", "type": "object", - "required": [ - "conditions", - "name", - "lastGatherDuration" - ], "properties": { "conditions": { - "description": "conditions provide details on the status of each gatherer.", + "description": "The conditions represent the latest available observations of a policy's current state.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "lastGatherDuration": { - "description": "lastGatherDuration represents the time spent gathering.", - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + "observedGeneration": { + "description": "The generation observed by the controller.", + "type": "integer", + "format": "int64" }, - "name": { - "description": "name is the name of the gatherer.", - "type": "string", - "default": "" + "typeChecking": { + "description": "The results of type checking for each expression. Presence of this field indicates the completion of the type checking.", + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.TypeChecking" } } }, - "com.github.openshift.api.operator.v1.GenerationStatus": { - "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "io.k8s.api.admissionregistration.v1.ValidatingWebhook": { + "description": "ValidatingWebhook describes an admission webhook and the resources and operations it applies to.", "type": "object", "required": [ - "group", - "resource", - "namespace", "name", - "lastGeneration", - "hash" + "clientConfig", + "sideEffects", + "admissionReviewVersions" ], "properties": { - "group": { - "description": "group is the group of the thing you're tracking", - "type": "string", - "default": "" + "admissionReviewVersions": { + "description": "AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "hash": { - "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", + "clientConfig": { + "description": "ClientConfig defines how to communicate with the hook. Required", + "default": {}, + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.WebhookClientConfig" + }, + "failurePolicy": { + "description": "FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.\n\nPossible enum values:\n - `\"Fail\"` means that an error calling the webhook causes the admission to fail.\n - `\"Ignore\"` means that an error calling the webhook is ignored.", "type": "string", - "default": "" + "enum": [ + "Fail", + "Ignore" + ] }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "type": "integer", - "format": "int64", - "default": 0 + "matchConditions": { + "description": "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n 1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n 2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n 3. If any matchCondition evaluates to an error (but none are FALSE):\n - If failurePolicy=Fail, reject the request\n - If failurePolicy=Ignore, the error is ignored and the webhook is skipped", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.MatchCondition" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" }, - "name": { - "description": "name is the name of the thing you're tracking", + "matchPolicy": { + "description": "matchPolicy defines how the \"rules\" list is used to match incoming requests. Allowed values are \"Exact\" or \"Equivalent\".\n\n- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.\n\n- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.\n\nDefaults to \"Equivalent\"\n\nPossible enum values:\n - `\"Equivalent\"` means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version.\n - `\"Exact\"` means requests should only be sent to the webhook if they exactly match a given rule.", "type": "string", - "default": "" + "enum": [ + "Equivalent", + "Exact" + ] }, - "namespace": { - "description": "namespace is where the thing you're tracking is", + "name": { + "description": "The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where \"imagepolicy\" is the name of the webhook, and kubernetes.io is the name of the organization. Required.", "type": "string", "default": "" }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.operator.v1.HTTPCompressionPolicy": { - "description": "httpCompressionPolicy turns on compression for the specified MIME types.\n\nThis field is optional, and its absence implies that compression should not be enabled globally in HAProxy.\n\nIf httpCompressionPolicy exists, compression should be enabled only for the specified MIME types.", - "type": "object", - "properties": { - "mimeTypes": { - "description": "mimeTypes is a list of MIME types that should have compression applied. This list can be empty, in which case the ingress controller does not apply compression.\n\nNote: Not all MIME types benefit from compression, but HAProxy will still use resources to try to compress if instructed to. Generally speaking, text (html, css, js, etc.) formats benefit from compression, but formats that are already compressed (image, audio, video, etc.) benefit little in exchange for the time and cpu spent on compressing again. See https://joehonton.medium.com/the-gzip-penalty-d31bd697f1a2", + "namespaceSelector": { + "description": "NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"runlevel\",\n \"operator\": \"NotIn\",\n \"values\": [\n \"0\",\n \"1\"\n ]\n }\n ]\n}\n\nIf instead you want to only run the webhook on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"environment\",\n \"operator\": \"In\",\n \"values\": [\n \"prod\",\n \"staging\"\n ]\n }\n ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "objectSelector": { + "description": "ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "rules": { + "description": "Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.RuleWithOperations" }, - "x-kubernetes-list-type": "set" - } - } - }, - "com.github.openshift.api.operator.v1.HealthCheck": { - "description": "healthCheck represents an Insights health check attributes.", - "type": "object", - "required": [ - "description", - "totalRisk", - "advisorURI", - "state" - ], - "properties": { - "advisorURI": { - "description": "advisorURI provides the URL link to the Insights Advisor.", - "type": "string", - "default": "" - }, - "description": { - "description": "description provides basic description of the healtcheck.", - "type": "string", - "default": "" + "x-kubernetes-list-type": "atomic" }, - "state": { - "description": "state determines what the current state of the health check is. Health check is enabled by default and can be disabled by the user in the Insights advisor user interface.", + "sideEffects": { + "description": "SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.\n\nPossible enum values:\n - `\"None\"` means that calling the webhook will have no side effects.\n - `\"NoneOnDryRun\"` means that calling the webhook will possibly have side effects, but if the request being reviewed has the dry-run attribute, the side effects will be suppressed.\n - `\"Some\"` means that calling the webhook will possibly have side effects. If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.\n - `\"Unknown\"` means that no information is known about the side effects of calling the webhook. If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.", "type": "string", - "default": "" + "enum": [ + "None", + "NoneOnDryRun", + "Some", + "Unknown" + ] }, - "totalRisk": { - "description": "totalRisk of the healthcheck. Indicator of the total risk posed by the detected issue; combination of impact and likelihood. The values can be from 1 to 4, and the higher the number, the more important the issue.", + "timeoutSeconds": { + "description": "TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.", "type": "integer", - "format": "int32", - "default": 0 + "format": "int32" } } }, - "com.github.openshift.api.operator.v1.HostNetworkStrategy": { - "description": "HostNetworkStrategy holds parameters for the HostNetwork endpoint publishing strategy.", + "io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration": { + "description": "ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.", "type": "object", "properties": { - "httpPort": { - "description": "httpPort is the port on the host which should be used to listen for HTTP requests. This field should be set when port 80 is already in use. The value should not coincide with the NodePort range of the cluster. When the value is 0 or is not specified it defaults to 80.", - "type": "integer", - "format": "int32" - }, - "httpsPort": { - "description": "httpsPort is the port on the host which should be used to listen for HTTPS requests. This field should be set when port 443 is already in use. The value should not coincide with the NodePort range of the cluster. When the value is 0 or is not specified it defaults to 443.", - "type": "integer", - "format": "int32" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "protocol": { - "description": "protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string. * \"TCP\". * \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "statsPort": { - "description": "statsPort is the port on the host where the stats from the router are published. The value should not coincide with the NodePort range of the cluster. If an external load balancer is configured to forward connections to this IngressController, the load balancer should use this port for health checks. The load balancer can send HTTP probes on this port on a given node, with the path /healthz/ready to determine if the ingress controller is ready to receive traffic on the node. For proper operation the load balancer must not forward traffic to a node until the health check reports ready. The load balancer should also stop forwarding requests within a maximum of 45 seconds after /healthz/ready starts reporting not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with a threshold of two successful or failed requests to become healthy or unhealthy respectively, are well-tested values. When the value is 0 or is not specified it defaults to 1936.", - "type": "integer", - "format": "int32" + "metadata": { + "description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "webhooks": { + "description": "Webhooks is a list of webhooks and the affected resources and operations.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ValidatingWebhook" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" } } }, - "com.github.openshift.api.operator.v1.HybridOverlayConfig": { + "io.k8s.api.admissionregistration.v1.ValidatingWebhookConfigurationList": { + "description": "ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration.", "type": "object", "required": [ - "hybridClusterNetwork" + "items" ], "properties": { - "hybridClusterNetwork": { - "description": "hybridClusterNetwork defines a network space given to nodes on an additional overlay network.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of ValidatingWebhookConfiguration.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterNetworkEntry" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration" + } }, - "hybridOverlayVXLANPort": { - "description": "hybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. Default is 4789", - "type": "integer", - "format": "int64" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1.IBMCloudCSIDriverConfigSpec": { - "description": "IBMCloudCSIDriverConfigSpec defines the properties that can be configured for the IBM Cloud CSI driver.", + "io.k8s.api.admissionregistration.v1.Validation": { + "description": "Validation specifies the CEL expression which is used to apply the validation.", "type": "object", "required": [ - "encryptionKeyCRN" + "expression" ], "properties": { - "encryptionKeyCRN": { - "description": "encryptionKeyCRN is the IBM Cloud CRN of the customer-managed root key to use for disk encryption of volumes for the default storage classes.", + "expression": { + "description": "Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. - 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object. No other metadata properties are accessible.\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.\nRequired.", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.operator.v1.IBMLoadBalancerParameters": { - "description": "IBMLoadBalancerParameters provides configuration settings that are specific to IBM Cloud load balancers.", - "type": "object", - "properties": { - "protocol": { - "description": "protocol specifies whether the load balancer uses PROXY protocol to forward connections to the IngressController. See \"service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: \"proxy-protocol\"\" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas\"\n\nPROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol.\n\nValid values for protocol are TCP, PROXY and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is TCP, without the proxy protocol enabled.", + }, + "message": { + "description": "Message represents the message displayed when validation fails. The message is required if the Expression contains line breaks. The message must not contain line breaks. If unset, the message is \"failed rule: {Rule}\". e.g. \"must be a URL with the host matching spec.host\" If the Expression contains line breaks. Message is required. The message must not contain line breaks. If unset, the message is \"failed Expression: {Expression}\".", + "type": "string" + }, + "messageExpression": { + "description": "messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'. Example: \"object.x must be less than max (\"+string(params.max)+\")\"", + "type": "string" + }, + "reason": { + "description": "Reason represents a machine-readable description of why this validation failed. If this is the first validation in the list to fail, this reason, as well as the corresponding HTTP response code, are used in the HTTP response to the client. The currently supported reasons are: \"Unauthorized\", \"Forbidden\", \"Invalid\", \"RequestEntityTooLarge\". If not set, StatusReasonInvalid is used in the response to the client.", "type": "string" } } }, - "com.github.openshift.api.operator.v1.IPAMConfig": { - "description": "IPAMConfig contains configurations for IPAM (IP Address Management)", + "io.k8s.api.admissionregistration.v1.Variable": { + "description": "Variable is the definition of a variable that is used for composition. A variable is defined as a named expression.", "type": "object", "required": [ - "type" + "name", + "expression" ], "properties": { - "staticIPAMConfig": { - "description": "staticIPAMConfig configures the static IP address in case of type:IPAMTypeStatic", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.StaticIPAMConfig" + "expression": { + "description": "Expression is the expression that will be evaluated as the value of the variable. The CEL expression has access to the same identifiers as the CEL expressions in Validation.", + "type": "string", + "default": "" }, - "type": { - "description": "type is the type of IPAM module will be used for IP Address Management(IPAM). The supported values are IPAMTypeDHCP, IPAMTypeStatic", + "name": { + "description": "Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables. The variable can be accessed in other expressions through `variables` For example, if name is \"foo\", the variable will be available as `variables.foo`", "type": "string", "default": "" } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.operator.v1.IPFIXConfig": { + "io.k8s.api.admissionregistration.v1.WebhookClientConfig": { + "description": "WebhookClientConfig contains the information to make a TLS connection with the webhook", "type": "object", "properties": { - "collectors": { - "description": "ipfixCollectors is list of strings formatted as ip:port with a maximum of ten items", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "caBundle": { + "description": "`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.", + "type": "string", + "format": "byte" + }, + "service": { + "description": "`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.\n\nIf the webhook is running within the cluster, then you should use `service`.", + "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ServiceReference" + }, + "url": { + "description": "`url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.\n\nThe `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.\n\nPlease note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.\n\nThe scheme must be \"https\"; the URL must begin with \"https://\".\n\nA path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.\n\nAttempting to use a user or basic auth e.g. \"user:password@\" is not allowed. Fragments (\"#...\") and query parameters (\"?...\") are not allowed, either.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.IPsecConfig": { + "io.k8s.api.authorization.v1.FieldSelectorAttributes": { + "description": "FieldSelectorAttributes indicates a field limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.", "type": "object", "properties": { - "full": { - "description": "full defines configuration parameters for the IPsec `Full` mode. This is permitted only when mode is configured with `Full`, and forbidden otherwise.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPsecFullModeConfig" - }, - "mode": { - "description": "mode defines the behaviour of the ipsec configuration within the platform. Valid values are `Disabled`, `External` and `Full`. When 'Disabled', ipsec will not be enabled at the node level. When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), this is left to the user to configure.", + "rawSelector": { + "description": "rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.", "type": "string" + }, + "requirements": { + "description": "requirements is the parsed interpretation of a field selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.FieldSelectorRequirement" + }, + "x-kubernetes-list-type": "atomic" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "mode", - "fields-to-discriminateBy": { - "full": "Full" - } - } - ] + } }, - "com.github.openshift.api.operator.v1.IPsecFullModeConfig": { - "description": "IPsecFullModeConfig defines configuration parameters for the IPsec `Full` mode.", + "io.k8s.api.authorization.v1.LabelSelectorAttributes": { + "description": "LabelSelectorAttributes indicates a label limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.", "type": "object", "properties": { - "encapsulation": { - "description": "encapsulation option to configure libreswan on how inter-pod traffic across nodes are encapsulated to handle NAT traversal. When configured it uses UDP port 4500 for the encapsulation. Valid values are Always, Auto and omitted. Always means enable UDP encapsulation regardless of whether NAT is detected. Auto means enable UDP encapsulation based on the detection of NAT. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is Auto.", + "rawSelector": { + "description": "rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.", "type": "string" + }, + "requirements": { + "description": "requirements is the parsed interpretation of a label selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.operator.v1.IPv4GatewayConfig": { - "description": "IPV4GatewayConfig holds the configuration paramaters for IPV4 connections in the GatewayConfig for OVN-Kubernetes", + "io.k8s.api.authorization.v1.LocalSubjectAccessReview": { + "description": "LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.", "type": "object", + "required": [ + "spec" + ], "properties": { - "internalMasqueradeSubnet": { - "description": "internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /29). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 169.254.0.0/17 The value must be in proper IPV4 CIDR format", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace you made the request against. If empty, it is defaulted.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.authorization.v1.SubjectAccessReviewSpec" + }, + "status": { + "description": "Status is filled in by the server and indicates whether the request is allowed or not", + "default": {}, + "$ref": "#/definitions/io.k8s.api.authorization.v1.SubjectAccessReviewStatus" } } }, - "com.github.openshift.api.operator.v1.IPv4OVNKubernetesConfig": { + "io.k8s.api.authorization.v1.NonResourceAttributes": { + "description": "NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface", "type": "object", "properties": { - "internalJoinSubnet": { - "description": "internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The current default value is 100.64.0.0/16 The subnet must be large enough to accommodate one IP per node in your cluster The value must be in proper IPV4 CIDR format", + "path": { + "description": "Path is the URL path of the request", "type": "string" }, - "internalTransitSwitchSubnet": { - "description": "internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 100.88.0.0/16 The subnet must be large enough to accommodate one IP per node in your cluster The value must be in proper IPV4 CIDR format", + "verb": { + "description": "Verb is the standard HTTP verb", "type": "string" } } }, - "com.github.openshift.api.operator.v1.IPv6GatewayConfig": { - "description": "IPV6GatewayConfig holds the configuration paramaters for IPV6 connections in the GatewayConfig for OVN-Kubernetes", + "io.k8s.api.authorization.v1.NonResourceRule": { + "description": "NonResourceRule holds information that describes a rule for the non-resource", "type": "object", + "required": [ + "verbs" + ], "properties": { - "internalMasqueradeSubnet": { - "description": "internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /125). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is fd69::/112 Note that IPV6 dual addresses are not permitted", - "type": "string" + "nonResourceURLs": { + "description": "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path. \"*\" means all.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "verbs": { + "description": "Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. \"*\" means all.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.operator.v1.IPv6OVNKubernetesConfig": { + "io.k8s.api.authorization.v1.ResourceAttributes": { + "description": "ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface", "type": "object", "properties": { - "internalJoinSubnet": { - "description": "internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The subnet must be large enough to accommodate one IP per node in your cluster The current default value is fd98::/64 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted", + "fieldSelector": { + "description": "fieldSelector describes the limitation on access based on field. It can only limit access, not broaden it.", + "$ref": "#/definitions/io.k8s.api.authorization.v1.FieldSelectorAttributes" + }, + "group": { + "description": "Group is the API Group of the Resource. \"*\" means all.", "type": "string" }, - "internalTransitSwitchSubnet": { - "description": "internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The subnet must be large enough to accommodate one IP per node in your cluster The current default subnet is fd97::/64 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted", + "labelSelector": { + "description": "labelSelector describes the limitation on access based on labels. It can only limit access, not broaden it.", + "$ref": "#/definitions/io.k8s.api.authorization.v1.LabelSelectorAttributes" + }, + "name": { + "description": "Name is the name of the resource being requested for a \"get\" or deleted for a \"delete\". \"\" (empty) means all.", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces \"\" (empty) is defaulted for LocalSubjectAccessReviews \"\" (empty) is empty for cluster-scoped resources \"\" (empty) means \"all\" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview", + "type": "string" + }, + "resource": { + "description": "Resource is one of the existing resource types. \"*\" means all.", + "type": "string" + }, + "subresource": { + "description": "Subresource is one of the existing resource types. \"\" means none.", + "type": "string" + }, + "verb": { + "description": "Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. \"*\" means all.", + "type": "string" + }, + "version": { + "description": "Version is the API Version of the Resource. \"*\" means all.", "type": "string" } } }, - "com.github.openshift.api.operator.v1.Ingress": { - "description": "Ingress allows cluster admin to configure alternative ingress for the console.", + "io.k8s.api.authorization.v1.ResourceRule": { + "description": "ResourceRule is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.", "type": "object", + "required": [ + "verbs" + ], "properties": { - "clientDownloadsURL": { - "description": "clientDownloadsURL is a URL to be used as the address to download client binaries. If not specified, the downloads route hostname will be used. This field is required for clusters without ingress capability, where access to routes is not possible. The console operator will monitor the URL and may go degraded if it's unreachable for an extended period. Must use the HTTPS scheme.", - "type": "string", - "default": "" + "apiGroups": { + "description": "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. \"*\" means all.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "consoleURL": { - "description": "consoleURL is a URL to be used as the base console address. If not specified, the console route hostname will be used. This field is required for clusters without ingress capability, where access to routes is not possible. Make sure that appropriate ingress is set up at this URL. The console operator will monitor the URL and may go degraded if it's unreachable for an extended period. Must use the HTTPS scheme.", - "type": "string", - "default": "" + "resourceNames": { + "description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. \"*\" means all.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "description": "Resources is a list of resources this rule applies to. \"*\" means all in the specified apiGroups.\n \"*/foo\" represents the subresource 'foo' for all resources in the specified apiGroups.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "verbs": { + "description": "Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. \"*\" means all.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.operator.v1.IngressController": { - "description": "IngressController describes a managed ingress controller for the cluster. The controller can service OpenShift Route and Kubernetes Ingress resources.\n\nWhen an IngressController is created, a new ingress controller deployment is created to allow external traffic to reach the services that expose Ingress or Route resources. Updating this resource may lead to disruption for public facing network connections as a new ingress controller revision may be rolled out.\n\nhttps://kubernetes.io/docs/concepts/services-networking/ingress-controllers\n\nWhenever possible, sensible defaults for the platform are used. See each field for more details.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.authorization.v1.SelfSubjectAccessReview": { + "description": "SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a spec.namespace means \"in all namespaces\". Self is a special case, because users should always be able to check whether they can perform an action", "type": "object", + "required": [ + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -43373,756 +41893,804 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec is the specification of the desired behavior of the IngressController.", + "description": "Spec holds information about the request being evaluated. user and groups must be empty", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerSpec" + "$ref": "#/definitions/io.k8s.api.authorization.v1.SelfSubjectAccessReviewSpec" }, "status": { - "description": "status is the most recently observed status of the IngressController.", + "description": "Status is filled in by the server and indicates whether the request is allowed or not", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerStatus" + "$ref": "#/definitions/io.k8s.api.authorization.v1.SubjectAccessReviewStatus" } } }, - "com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookie": { - "description": "IngressControllerCaptureHTTPCookie describes an HTTP cookie that should be captured.", + "io.k8s.api.authorization.v1.SelfSubjectAccessReviewSpec": { + "description": "SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set", + "type": "object", + "properties": { + "nonResourceAttributes": { + "description": "NonResourceAttributes describes information for a non-resource access request", + "$ref": "#/definitions/io.k8s.api.authorization.v1.NonResourceAttributes" + }, + "resourceAttributes": { + "description": "ResourceAuthorizationAttributes describes information for a resource access request", + "$ref": "#/definitions/io.k8s.api.authorization.v1.ResourceAttributes" + } + } + }, + "io.k8s.api.authorization.v1.SelfSubjectRulesReview": { + "description": "SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace. The returned list of actions may be incomplete depending on the server's authorization mode, and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to show/hide actions, or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server.", "type": "object", "required": [ - "matchType", - "maxLength" + "spec" ], "properties": { - "matchType": { - "description": "matchType specifies the type of match to be performed on the cookie name. Allowed values are \"Exact\" for an exact string match and \"Prefix\" for a string prefix match. If \"Exact\" is specified, a name must be specified in the name field. If \"Prefix\" is provided, a prefix must be specified in the namePrefix field. For example, specifying matchType \"Prefix\" and namePrefix \"foo\" will capture a cookie named \"foo\" or \"foobar\" but not one named \"bar\". The first matching cookie is captured.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "maxLength": { - "description": "maxLength specifies a maximum length of the string that will be logged, which includes the cookie name, cookie value, and one-character delimiter. If the log entry exceeds this length, the value will be truncated in the log message. Note that the ingress controller may impose a separate bound on the total length of HTTP headers in a request.", - "type": "integer", - "format": "int32", - "default": 0 + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "name": { - "description": "name specifies a cookie name. Its value must be a valid HTTP cookie name as defined in RFC 6265 section 4.1.", - "type": "string", - "default": "" + "metadata": { + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "namePrefix": { - "description": "namePrefix specifies a cookie name prefix. Its value must be a valid HTTP cookie name as defined in RFC 6265 section 4.1.", - "type": "string", - "default": "" + "spec": { + "description": "Spec holds information about the request being evaluated.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.authorization.v1.SelfSubjectRulesReviewSpec" + }, + "status": { + "description": "Status is filled in by the server and indicates the set of actions a user can perform.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.authorization.v1.SubjectRulesReviewStatus" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "matchType", - "fields-to-discriminateBy": { - "name": "Name", - "namePrefix": "NamePrefix" - } + } + }, + "io.k8s.api.authorization.v1.SelfSubjectRulesReviewSpec": { + "description": "SelfSubjectRulesReviewSpec defines the specification for SelfSubjectRulesReview.", + "type": "object", + "properties": { + "namespace": { + "description": "Namespace to evaluate rules for. Required.", + "type": "string" } - ] + } }, - "com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookieUnion": { - "description": "IngressControllerCaptureHTTPCookieUnion describes optional fields of an HTTP cookie that should be captured.", + "io.k8s.api.authorization.v1.SubjectAccessReview": { + "description": "SubjectAccessReview checks whether or not a user or group can perform an action.", "type": "object", "required": [ - "matchType" + "spec" ], "properties": { - "matchType": { - "description": "matchType specifies the type of match to be performed on the cookie name. Allowed values are \"Exact\" for an exact string match and \"Prefix\" for a string prefix match. If \"Exact\" is specified, a name must be specified in the name field. If \"Prefix\" is provided, a prefix must be specified in the namePrefix field. For example, specifying matchType \"Prefix\" and namePrefix \"foo\" will capture a cookie named \"foo\" or \"foobar\" but not one named \"bar\". The first matching cookie is captured.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "name": { - "description": "name specifies a cookie name. Its value must be a valid HTTP cookie name as defined in RFC 6265 section 4.1.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "namePrefix": { - "description": "namePrefix specifies a cookie name prefix. Its value must be a valid HTTP cookie name as defined in RFC 6265 section 4.1.", - "type": "string", - "default": "" + "metadata": { + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "Spec holds information about the request being evaluated", + "default": {}, + "$ref": "#/definitions/io.k8s.api.authorization.v1.SubjectAccessReviewSpec" + }, + "status": { + "description": "Status is filled in by the server and indicates whether the request is allowed or not", + "default": {}, + "$ref": "#/definitions/io.k8s.api.authorization.v1.SubjectAccessReviewStatus" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "matchType", - "fields-to-discriminateBy": { - "name": "Name", - "namePrefix": "NamePrefix" + } + }, + "io.k8s.api.authorization.v1.SubjectAccessReviewSpec": { + "description": "SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set", + "type": "object", + "properties": { + "extra": { + "description": "Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer it needs a reflection here.", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string", + "default": "" + } } + }, + "groups": { + "description": "Groups is the groups you're testing for.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "nonResourceAttributes": { + "description": "NonResourceAttributes describes information for a non-resource access request", + "$ref": "#/definitions/io.k8s.api.authorization.v1.NonResourceAttributes" + }, + "resourceAttributes": { + "description": "ResourceAuthorizationAttributes describes information for a resource access request", + "$ref": "#/definitions/io.k8s.api.authorization.v1.ResourceAttributes" + }, + "uid": { + "description": "UID information about the requesting user.", + "type": "string" + }, + "user": { + "description": "User is the user you're testing for. If you specify \"User\" but not \"Groups\", then is it interpreted as \"What if User were not a member of any groups", + "type": "string" } - ] + } }, - "com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader": { - "description": "IngressControllerCaptureHTTPHeader describes an HTTP header that should be captured.", + "io.k8s.api.authorization.v1.SubjectAccessReviewStatus": { + "description": "SubjectAccessReviewStatus", "type": "object", "required": [ - "name", - "maxLength" + "allowed" ], "properties": { - "maxLength": { - "description": "maxLength specifies a maximum length for the header value. If a header value exceeds this length, the value will be truncated in the log message. Note that the ingress controller may impose a separate bound on the total length of HTTP headers in a request.", - "type": "integer", - "format": "int32", - "default": 0 + "allowed": { + "description": "Allowed is required. True if the action would be allowed, false otherwise.", + "type": "boolean", + "default": false }, - "name": { - "description": "name specifies a header name. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2.", - "type": "string", - "default": "" + "denied": { + "description": "Denied is optional. True if the action would be denied, otherwise false. If both allowed is false and denied is false, then the authorizer has no opinion on whether to authorize the action. Denied may not be true if Allowed is true.", + "type": "boolean" + }, + "evaluationError": { + "description": "EvaluationError is an indication that some error occurred during the authorization check. It is entirely possible to get an error and be able to continue determine authorization status in spite of it. For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.", + "type": "string" + }, + "reason": { + "description": "Reason is optional. It indicates why a request was allowed or denied.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeaders": { - "description": "IngressControllerCaptureHTTPHeaders specifies which HTTP headers the IngressController captures.", + "io.k8s.api.authorization.v1.SubjectRulesReviewStatus": { + "description": "SubjectRulesReviewStatus contains the result of a rules check. This check can be incomplete depending on the set of authorizers the server is configured with and any errors experienced during evaluation. Because authorization rules are additive, if a rule appears in a list it's safe to assume the subject has that permission, even if that list is incomplete.", "type": "object", + "required": [ + "resourceRules", + "nonResourceRules", + "incomplete" + ], "properties": { - "request": { - "description": "request specifies which HTTP request headers to capture.\n\nIf this field is empty, no request headers are captured.", + "evaluationError": { + "description": "EvaluationError can appear in combination with Rules. It indicates an error occurred during rule evaluation, such as an authorizer that doesn't support rule evaluation, and that ResourceRules and/or NonResourceRules may be incomplete.", + "type": "string" + }, + "incomplete": { + "description": "Incomplete is true when the rules returned by this call are incomplete. This is most commonly encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation.", + "type": "boolean", + "default": false + }, + "nonResourceRules": { + "description": "NonResourceRules is the list of actions the subject is allowed to perform on non-resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader" + "$ref": "#/definitions/io.k8s.api.authorization.v1.NonResourceRule" }, "x-kubernetes-list-type": "atomic" }, - "response": { - "description": "response specifies which HTTP response headers to capture.\n\nIf this field is empty, no response headers are captured.", + "resourceRules": { + "description": "ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader" + "$ref": "#/definitions/io.k8s.api.authorization.v1.ResourceRule" }, "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.operator.v1.IngressControllerHTTPHeader": { - "description": "IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header.", + "io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource": { + "description": "Represents a Persistent Disk resource in AWS.\n\nAn AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.", "type": "object", "required": [ - "name", - "action" + "volumeID" ], "properties": { - "action": { - "description": "action specifies actions to perform on headers, such as setting or deleting headers.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActionUnion" + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "string" }, - "name": { - "description": "name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, \"-!#$%&'*+.^_`\". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.", + "partition": { + "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", + "type": "integer", + "format": "int32" + }, + "readOnly": { + "description": "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "boolean" + }, + "volumeID": { + "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActionUnion": { - "description": "IngressControllerHTTPHeaderActionUnion specifies an action to take on an HTTP header.", + "io.k8s.api.core.v1.Affinity": { + "description": "Affinity is a group of affinity scheduling rules.", + "type": "object", + "properties": { + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", + "$ref": "#/definitions/io.k8s.api.core.v1.NodeAffinity" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "$ref": "#/definitions/io.k8s.api.core.v1.PodAffinity" + }, + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "$ref": "#/definitions/io.k8s.api.core.v1.PodAntiAffinity" + } + } + }, + "io.k8s.api.core.v1.AppArmorProfile": { + "description": "AppArmorProfile defines a pod or container's AppArmor settings.", "type": "object", "required": [ "type" ], "properties": { - "set": { - "description": "set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerSetHTTPHeader" + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is \"Localhost\".", + "type": "string" }, "type": { - "description": "type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.", + "description": "type indicates which kind of AppArmor profile will be applied. Valid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.\n\nPossible enum values:\n - `\"Localhost\"` indicates that a profile pre-loaded on the node should be used.\n - `\"RuntimeDefault\"` indicates that the container runtime's default AppArmor profile should be used.\n - `\"Unconfined\"` indicates that no AppArmor profile should be enforced.", "type": "string", - "default": "" + "default": "", + "enum": [ + "Localhost", + "RuntimeDefault", + "Unconfined" + ] } }, "x-kubernetes-unions": [ { "discriminator": "type", "fields-to-discriminateBy": { - "set": "Set" + "localhostProfile": "LocalhostProfile" } } ] }, - "com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActions": { - "description": "IngressControllerHTTPHeaderActions defines configuration for actions on HTTP request and response headers.", + "io.k8s.api.core.v1.AttachedVolume": { + "description": "AttachedVolume describes a volume attached to a node", "type": "object", + "required": [ + "name", + "devicePath" + ], "properties": { - "request": { - "description": "request is a list of HTTP request headers to modify. Actions defined here will modify the request headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for request headers will be executed before Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. Sample fetchers allowed are \"req.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[req.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\".", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerHTTPHeader" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "devicePath": { + "description": "DevicePath represents the device path where the volume should be available", + "type": "string", + "default": "" }, - "response": { - "description": "response is a list of HTTP response headers to modify. Actions defined here will modify the response headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for response headers will be executed after Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. Sample fetchers allowed are \"res.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[res.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\".", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerHTTPHeader" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "name": { + "description": "Name of the attached volume", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.IngressControllerHTTPHeaders": { - "description": "IngressControllerHTTPHeaders specifies how the IngressController handles certain HTTP headers.", + "io.k8s.api.core.v1.AvoidPods": { + "description": "AvoidPods describes pods that should avoid this node. This is the value for a Node annotation with key scheduler.alpha.kubernetes.io/preferAvoidPods and will eventually become a field of NodeStatus.", "type": "object", "properties": { - "actions": { - "description": "actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the \"haproxy.router.openshift.io/hsts_header\" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController's spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route's spec.httpHeaders.actions field. Headers set using this API cannot be captured for use in access logs. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActions" - }, - "forwardedHeaderPolicy": { - "description": "forwardedHeaderPolicy specifies when and how the IngressController sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version HTTP headers. The value may be one of the following:\n\n* \"Append\", which specifies that the IngressController appends the\n headers, preserving existing headers.\n\n* \"Replace\", which specifies that the IngressController sets the\n headers, replacing any existing Forwarded or X-Forwarded-* headers.\n\n* \"IfNone\", which specifies that the IngressController sets the\n headers if they are not already set.\n\n* \"Never\", which specifies that the IngressController never sets the\n headers, preserving any existing headers.\n\nBy default, the policy is \"Append\".", - "type": "string" - }, - "headerNameCaseAdjustments": { - "description": "headerNameCaseAdjustments specifies case adjustments that can be applied to HTTP header names. Each adjustment is specified as an HTTP header name with the desired capitalization. For example, specifying \"X-Forwarded-For\" indicates that the \"x-forwarded-for\" HTTP header should be adjusted to have the specified capitalization.\n\nThese adjustments are only applied to cleartext, edge-terminated, and re-encrypt routes, and only when using HTTP/1.\n\nFor request headers, these adjustments are applied only for routes that have the haproxy.router.openshift.io/h1-adjust-case=true annotation. For response headers, these adjustments are applied to all HTTP responses.\n\nIf this field is empty, no request headers are adjusted.", + "preferAvoidPods": { + "description": "Bounded-sized list of signatures of pods that should avoid this node, sorted in timestamp order from oldest to newest. Size of the slice is unspecified.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.PreferAvoidPodsEntry" }, "x-kubernetes-list-type": "atomic" - }, - "uniqueId": { - "description": "uniqueId describes configuration for a custom HTTP header that the ingress controller should inject into incoming HTTP requests. Typically, this header is configured to have a value that is unique to the HTTP request. The header can be used by applications or included in access logs to facilitate tracing individual HTTP requests.\n\nIf this field is empty, no such header is injected into requests.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerHTTPUniqueIdHeaderPolicy" } } }, - "com.github.openshift.api.operator.v1.IngressControllerHTTPUniqueIdHeaderPolicy": { - "description": "IngressControllerHTTPUniqueIdHeaderPolicy describes configuration for a unique id header.", + "io.k8s.api.core.v1.AzureDiskVolumeSource": { + "description": "AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.", "type": "object", + "required": [ + "diskName", + "diskURI" + ], "properties": { - "format": { - "description": "format specifies the format for the injected HTTP header's value. This field has no effect unless name is specified. For the HAProxy-based ingress controller implementation, this format uses the same syntax as the HTTP log format. If the field is empty, the default value is \"%{+X}o\\\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid\"; see the corresponding HAProxy documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3", - "type": "string" + "cachingMode": { + "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.\n\nPossible enum values:\n - `\"None\"`\n - `\"ReadOnly\"`\n - `\"ReadWrite\"`", + "type": "string", + "default": "ReadWrite", + "enum": [ + "None", + "ReadOnly", + "ReadWrite" + ] }, - "name": { - "description": "name specifies the name of the HTTP header (for example, \"unique-id\") that the ingress controller should inject into HTTP requests. The field's value must be a valid HTTP header name as defined in RFC 2616 section 4.2. If the field is empty, no header is injected.", - "type": "string" + "diskName": { + "description": "diskName is the Name of the data disk in the blob storage", + "type": "string", + "default": "" + }, + "diskURI": { + "description": "diskURI is the URI of data disk in the blob storage", + "type": "string", + "default": "" + }, + "fsType": { + "description": "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string", + "default": "ext4" + }, + "kind": { + "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared\n\nPossible enum values:\n - `\"Dedicated\"`\n - `\"Managed\"`\n - `\"Shared\"`", + "type": "string", + "default": "Shared", + "enum": [ + "Dedicated", + "Managed", + "Shared" + ] + }, + "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean", + "default": false } } }, - "com.github.openshift.api.operator.v1.IngressControllerList": { - "description": "IngressControllerList contains a list of IngressControllers.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.AzureFilePersistentVolumeSource": { + "description": "AzureFile represents an Azure File Service mount on the host and bind mount to the pod.", "type": "object", "required": [ - "items" + "secretName", + "shareName" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressController" - } + "secretName": { + "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "secretNamespace": { + "description": "secretNamespace is the namespace of the secret that contains Azure Storage Account Name and Key default is the same as the Pod", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.operator.v1.IngressControllerLogging": { - "description": "IngressControllerLogging describes what should be logged where.", - "type": "object", - "properties": { - "access": { - "description": "access describes how the client requests should be logged.\n\nIf this field is empty, access logging is disabled.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AccessLogging" + "shareName": { + "description": "shareName is the azure Share Name", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.IngressControllerSetHTTPHeader": { - "description": "IngressControllerSetHTTPHeader defines the value which needs to be set on an HTTP header.", + "io.k8s.api.core.v1.AzureFileVolumeSource": { + "description": "AzureFile represents an Azure File Service mount on the host and bind mount to the pod.", "type": "object", "required": [ - "value" + "secretName", + "shareName" ], "properties": { - "value": { - "description": "value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController.", + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretName": { + "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", + "type": "string", + "default": "" + }, + "shareName": { + "description": "shareName is the azure share Name", "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1.IngressControllerSpec": { - "description": "IngressControllerSpec is the specification of the desired behavior of the IngressController.", + "io.k8s.api.core.v1.Binding": { + "description": "Binding ties one object to another; for example, a pod is bound to a node by a scheduler.", "type": "object", + "required": [ + "target" + ], "properties": { - "clientTLS": { - "description": "clientTLS specifies settings for requesting and verifying client certificates, which can be used to enable mutual TLS for edge-terminated and reencrypt routes.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClientTLS" - }, - "closedClientConnectionPolicy": { - "description": "closedClientConnectionPolicy controls how the IngressController behaves when the client closes the TCP connection while the TLS handshake or HTTP request is in progress. This option maps directly to HAProxy’s \"abortonclose\" option.\n\nValid values are: \"Abort\" and \"Continue\". The default value is \"Continue\".\n\nWhen set to \"Abort\", the router will stop processing the TLS handshake if it is in progress, and it will not send an HTTP request to the backend server if the request has not yet been sent when the client closes the connection.\n\nWhen set to \"Continue\", the router will complete the TLS handshake if it is in progress, or send an HTTP request to the backend server and wait for the backend server's response, regardless of whether the client has closed the connection.\n\nSetting \"Abort\" can help free CPU resources otherwise spent on TLS computation for connections the client has already closed, and can reduce request queue size, thereby reducing the load on saturated backend servers.\n\nImportant Considerations:\n\n - The default policy (\"Continue\") is HTTP-compliant, and requests\n for aborted client connections will still be served.\n Use the \"Continue\" policy to allow a client to send a request\n and then immediately close its side of the connection while\n still receiving a response on the half-closed connection.\n\n - When clients use keep-alive connections, the most common case for premature\n closure is when the user wants to cancel the transfer or when a timeout\n occurs. In that case, the \"Abort\" policy may be used to reduce resource consumption.\n\n - Using RSA keys larger than 2048 bits can significantly slow down\n TLS computations. Consider using the \"Abort\" policy to reduce CPU usage.", - "type": "string", - "default": "Continue" - }, - "defaultCertificate": { - "description": "defaultCertificate is a reference to a secret containing the default certificate served by the ingress controller. When Routes don't specify their own certificate, defaultCertificate is used.\n\nThe secret must contain the following keys and data:\n\n tls.crt: certificate file contents\n tls.key: key file contents\n\nIf unset, a wildcard certificate is automatically generated and used. The certificate is valid for the ingress controller domain (and subdomains) and the generated certificate's CA will be automatically integrated with the cluster's trust store.\n\nIf a wildcard certificate is used and shared by multiple HTTP/2 enabled routes (which implies ALPN) then clients (i.e., notably browsers) are at liberty to reuse open connections. This means a client can reuse a connection to another route and that is likely to fail. This behaviour is generally known as connection coalescing.\n\nThe in-use certificate (whether generated or user-specified) will be automatically integrated with OpenShift's built-in OAuth server.", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" - }, - "domain": { - "description": "domain is a DNS name serviced by the ingress controller and is used to configure multiple features:\n\n* For the LoadBalancerService endpoint publishing strategy, domain is\n used to configure DNS records. See endpointPublishingStrategy.\n\n* When using a generated default certificate, the certificate will be valid\n for domain and its subdomains. See defaultCertificate.\n\n* The value is published to individual Route statuses so that end-users\n know where to target external DNS records.\n\ndomain must be unique among all IngressControllers, and cannot be updated.\n\nIf empty, defaults to ingress.config.openshift.io/cluster .spec.domain.\n\nThe domain value must be a valid DNS name. It must consist of lowercase alphanumeric characters, '-' or '.', and each label must start and end with an alphanumeric character and not exceed 63 characters. Maximum length of a valid DNS domain is 253 characters.\n\nThe implementation may add a prefix such as \"router-default.\" to the domain when constructing the router canonical hostname. To ensure the resulting hostname does not exceed the DNS maximum length of 253 characters, the domain length is additionally validated at the IngressController object level. For the maximum length of the domain value itself, the shortest possible variant of the prefix and the ingress controller name was considered for example \"router-a.\"", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "endpointPublishingStrategy": { - "description": "endpointPublishingStrategy is used to publish the ingress controller endpoints to other networks, enable load balancer integrations, etc.\n\nIf unset, the default is based on infrastructure.config.openshift.io/cluster .status.platform:\n\n AWS: LoadBalancerService (with External scope)\n Azure: LoadBalancerService (with External scope)\n GCP: LoadBalancerService (with External scope)\n IBMCloud: LoadBalancerService (with External scope)\n AlibabaCloud: LoadBalancerService (with External scope)\n Libvirt: HostNetwork\n\nAny other platform types (including None) default to HostNetwork.\n\nendpointPublishingStrategy cannot be updated.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.EndpointPublishingStrategy" - }, - "httpCompression": { - "description": "httpCompression defines a policy for HTTP traffic compression. By default, there is no HTTP compression.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.HTTPCompressionPolicy" - }, - "httpEmptyRequestsPolicy": { - "description": "httpEmptyRequestsPolicy describes how HTTP connections should be handled if the connection times out before a request is received. Allowed values for this field are \"Respond\" and \"Ignore\". If the field is set to \"Respond\", the ingress controller sends an HTTP 400 or 408 response, logs the connection (if access logging is enabled), and counts the connection in the appropriate metrics. If the field is set to \"Ignore\", the ingress controller closes the connection without sending a response, logging the connection, or incrementing metrics. The default value is \"Respond\".\n\nTypically, these connections come from load balancers' health probes or Web browsers' speculative connections (\"preconnect\") and can be safely ignored. However, these requests may also be caused by network errors, and so setting this field to \"Ignore\" may impede detection and diagnosis of problems. In addition, these requests may be caused by port scans, in which case logging empty requests may aid in detecting intrusion attempts.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "httpErrorCodePages": { - "description": "httpErrorCodePages specifies a configmap with custom error pages. The administrator must create this configmap in the openshift-config namespace. This configmap should have keys in the format \"error-page-.http\", where is an HTTP error code. For example, \"error-page-503.http\" defines an error page for HTTP 503 responses. Currently only error pages for 503 and 404 responses can be customized. Each value in the configmap should be the full response, including HTTP headers. Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http If this field is empty, the ingress controller uses the default error pages.", + "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" - }, - "httpHeaders": { - "description": "httpHeaders defines policy for HTTP headers.\n\nIf this field is empty, the default values are used.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerHTTPHeaders" - }, - "idleConnectionTerminationPolicy": { - "description": "idleConnectionTerminationPolicy maps directly to HAProxy's idle-close-on-response option and controls whether HAProxy keeps idle frontend connections open during a soft stop (router reload).\n\nAllowed values for this field are \"Immediate\" and \"Deferred\". The default value is \"Immediate\".\n\nWhen set to \"Immediate\", idle connections are closed immediately during router reloads. This ensures immediate propagation of route changes but may impact clients sensitive to connection resets.\n\nWhen set to \"Deferred\", HAProxy will maintain idle connections during a soft reload instead of closing them immediately. These connections remain open until any of the following occurs:\n\n - A new request is received on the connection, in which\n case HAProxy handles it in the old process and closes\n the connection after sending the response.\n\n - HAProxy's `timeout http-keep-alive` duration expires.\n By default this is 300 seconds, but it can be changed\n using httpKeepAliveTimeout tuning option.\n\n - The client's keep-alive timeout expires, causing the\n client to close the connection.\n\nSetting Deferred can help prevent errors in clients or load balancers that do not properly handle connection resets. Additionally, this option allows you to retain the pre-2.4 HAProxy behaviour: in HAProxy version 2.2 (OpenShift versions < 4.14), maintaining idle connections during a soft reload was the default behaviour, but starting with HAProxy 2.4, the default changed to closing idle connections immediately.\n\nImportant Consideration:\n\n - Using Deferred will result in temporary inconsistencies\n for the first request on each persistent connection\n after a route update and router reload. This request\n will be processed by the old HAProxy process using its\n old configuration. Subsequent requests will use the\n updated configuration.\n\nOperational Considerations:\n\n - Keeping idle connections open during reloads may lead\n to an accumulation of old HAProxy processes if\n connections remain idle for extended periods,\n especially in environments where frequent reloads\n occur.\n\n - Consider monitoring the number of HAProxy processes in\n the router pods when Deferred is set.\n\n - You may need to enable or adjust the\n `ingress.operator.openshift.io/hard-stop-after`\n duration (configured via an annotation on the\n IngressController resource) in environments with\n frequent reloads to prevent resource exhaustion.", - "type": "string", - "default": "Immediate" - }, - "logging": { - "description": "logging defines parameters for what should be logged where. If this field is empty, operational logs are enabled but access logs are disabled.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerLogging" - }, - "namespaceSelector": { - "description": "namespaceSelector is used to filter the set of namespaces serviced by the ingress controller. This is useful for implementing shards.\n\nIf unset, the default is no filtering.", - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "nodePlacement": { - "description": "nodePlacement enables explicit control over the scheduling of the ingress controller.\n\nIf unset, defaults are used. See NodePlacement for more details.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodePlacement" - }, - "replicas": { - "description": "replicas is the desired number of ingress controller replicas. If unset, the default depends on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses status.\n\nThe value of replicas is set based on the value of a chosen field in the Infrastructure CR. If defaultPlacement is set to ControlPlane, the chosen field will be controlPlaneTopology. If it is set to Workers the chosen field will be infrastructureTopology. Replicas will then be set to 1 or 2 based whether the chosen field's value is SingleReplica or HighlyAvailable, respectively.\n\nThese defaults are subject to change.", - "type": "integer", - "format": "int32" - }, - "routeAdmission": { - "description": "routeAdmission defines a policy for handling new route claims (for example, to allow or deny claims across namespaces).\n\nIf empty, defaults will be applied. See specific routeAdmission fields for details about their defaults.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.RouteAdmissionPolicy" - }, - "routeSelector": { - "description": "routeSelector is used to filter the set of Routes serviced by the ingress controller. This is useful for implementing shards.\n\nIf unset, the default is no filtering.", - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "tlsSecurityProfile": { - "description": "tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers.\n\nIf unset, the default is based on the apiservers.config.openshift.io/cluster resource.\n\nNote that when using the Old, Intermediate, and Modern profile types, the effective profile configuration is subject to change between releases. For example, given a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress controller, resulting in a rollout.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.TLSSecurityProfile" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "tuningOptions": { - "description": "tuningOptions defines parameters for adjusting the performance of ingress controller pods. All fields are optional and will use their respective defaults if not set. See specific tuningOptions fields for more details.\n\nSetting fields within tuningOptions is generally not recommended. The default values are suitable for most configurations.", + "target": { + "description": "The target object that you want to bind to the standard object.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerTuningOptions" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides allows specifying unsupported configuration options. Its use is unsupported.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" } } }, - "com.github.openshift.api.operator.v1.IngressControllerStatus": { - "description": "IngressControllerStatus defines the observed status of the IngressController.", + "io.k8s.api.core.v1.CSIPersistentVolumeSource": { + "description": "Represents storage that is managed by an external CSI volume driver", "type": "object", + "required": [ + "driver", + "volumeHandle" + ], "properties": { - "availableReplicas": { - "description": "availableReplicas is number of observed available replicas according to the ingress controller deployment.", - "type": "integer", - "format": "int32", - "default": 0 + "controllerExpandSecretRef": { + "description": "controllerExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerExpandVolume call. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" }, - "conditions": { - "description": "conditions is a list of conditions and their status.\n\nAvailable means the ingress controller deployment is available and servicing route and ingress resources (i.e, .status.availableReplicas equals .spec.replicas)\n\nThere are additional conditions which indicate the status of other ingress controller features and capabilities.\n\n * LoadBalancerManaged\n - True if the following conditions are met:\n * The endpoint publishing strategy requires a service load balancer.\n - False if any of those conditions are unsatisfied.\n\n * LoadBalancerReady\n - True if the following conditions are met:\n * A load balancer is managed.\n * The load balancer is ready.\n - False if any of those conditions are unsatisfied.\n\n * DNSManaged\n - True if the following conditions are met:\n * The endpoint publishing strategy and platform support DNS.\n * The ingress controller domain is set.\n * dns.config.openshift.io/cluster configures DNS zones.\n - False if any of those conditions are unsatisfied.\n\n * DNSReady\n - True if the following conditions are met:\n * DNS is managed.\n * DNS records have been successfully created.\n - False if any of those conditions are unsatisfied.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "controllerPublishSecretRef": { + "description": "controllerPublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerPublishVolume and ControllerUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" }, - "domain": { - "description": "domain is the actual domain in use.", + "driver": { + "description": "driver is the name of the driver to use for this volume. Required.", "type": "string", "default": "" }, - "endpointPublishingStrategy": { - "description": "endpointPublishingStrategy is the actual strategy in use.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.EndpointPublishingStrategy" + "fsType": { + "description": "fsType to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\".", + "type": "string" }, - "namespaceSelector": { - "description": "namespaceSelector is the actual namespaceSelector in use.", - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + "nodeExpandSecretRef": { + "description": "nodeExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeExpandVolume call. This field is optional, may be omitted if no secret is required. If the secret object contains more than one secret, all secrets are passed.", + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" }, - "observedGeneration": { - "description": "observedGeneration is the most recent generation observed.", - "type": "integer", - "format": "int64" + "nodePublishSecretRef": { + "description": "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" }, - "routeSelector": { - "description": "routeSelector is the actual routeSelector in use.", - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + "nodeStageSecretRef": { + "description": "nodeStageSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeStageVolume and NodeStageVolume and NodeUnstageVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" }, - "selector": { - "description": "selector is a label selector, in string format, for ingress controller pods corresponding to the IngressController. The number of matching pods should equal the value of availableReplicas.", + "readOnly": { + "description": "readOnly value to pass to ControllerPublishVolumeRequest. Defaults to false (read/write).", + "type": "boolean" + }, + "volumeAttributes": { + "description": "volumeAttributes of the volume to publish.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "volumeHandle": { + "description": "volumeHandle is the unique volume name returned by the CSI volume plugin’s CreateVolume to refer to the volume on all subsequent calls. Required.", "type": "string", "default": "" - }, - "tlsProfile": { - "description": "tlsProfile is the TLS connection configuration that is in effect.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.TLSProfileSpec" } } }, - "com.github.openshift.api.operator.v1.IngressControllerTuningOptions": { - "description": "IngressControllerTuningOptions specifies options for tuning the performance of ingress controller pods", + "io.k8s.api.core.v1.CSIVolumeSource": { + "description": "Represents a source location of a volume to mount, managed by an external CSI driver", "type": "object", + "required": [ + "driver" + ], "properties": { - "clientFinTimeout": { - "description": "clientFinTimeout defines how long a connection will be held open while waiting for the client response to the server/backend closing the connection.\n\nIf unset, the default timeout is 1s", - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "clientTimeout": { - "description": "clientTimeout defines how long a connection will be held open while waiting for a client response.\n\nIf unset, the default timeout is 30s", - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "configurationManagement": { - "description": "configurationManagement specifies how OpenShift router should update the HAProxy configuration. The following values are valid for this field:\n\n* \"ForkAndReload\". * \"Dynamic\".\n\nOmitting this field means that the user has no opinion and the platform may choose a reasonable default. This default is subject to change over time. The current default is \"ForkAndReload\".\n\n\"ForkAndReload\" means that OpenShift router should rewrite the HAProxy configuration file and instruct HAProxy to fork and reload. This is OpenShift router's traditional approach.\n\n\"Dynamic\" means that OpenShift router may use HAProxy's control socket for some configuration updates and fall back to fork and reload for other configuration updates. This is a newer approach, which may be less mature than ForkAndReload. This setting can improve load-balancing fairness and metrics accuracy and reduce CPU and memory usage if HAProxy has frequent configuration updates for route and endpoints updates.\n\nNote: The \"Dynamic\" option is currently experimental and should not be enabled on production clusters.\n\n\nPossible enum values:\n - `\"Dynamic\"`\n - `\"ForkAndReload\"`", + "driver": { + "description": "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.", "type": "string", - "enum": [ - "Dynamic", - "ForkAndReload" - ] - }, - "connectTimeout": { - "description": "connectTimeout defines the maximum time to wait for a connection attempt to a server/backend to succeed.\n\nThis field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a reasonable default. This default is subject to change over time. The current default is 5s.", - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "headerBufferBytes": { - "description": "headerBufferBytes describes how much memory should be reserved (in bytes) for IngressController connection sessions. Note that this value must be at least 16384 if HTTP/2 is enabled for the IngressController (https://tools.ietf.org/html/rfc7540). If this field is empty, the IngressController will use a default value of 32768 bytes.\n\nSetting this field is generally not recommended as headerBufferBytes values that are too small may break the IngressController and headerBufferBytes values that are too large could cause the IngressController to use significantly more memory than necessary.", - "type": "integer", - "format": "int32" + "default": "" }, - "headerBufferMaxRewriteBytes": { - "description": "headerBufferMaxRewriteBytes describes how much memory should be reserved (in bytes) from headerBufferBytes for HTTP header rewriting and appending for IngressController connection sessions. Note that incoming HTTP requests will be limited to (headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning headerBufferBytes must be greater than headerBufferMaxRewriteBytes. If this field is empty, the IngressController will use a default value of 8192 bytes.\n\nSetting this field is generally not recommended as headerBufferMaxRewriteBytes values that are too small may break the IngressController and headerBufferMaxRewriteBytes values that are too large could cause the IngressController to use significantly more memory than necessary.", - "type": "integer", - "format": "int32" + "fsType": { + "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.", + "type": "string" }, - "healthCheckInterval": { - "description": "healthCheckInterval defines how long the router waits between two consecutive health checks on its configured backends. This value is applied globally as a default for all routes, but may be overridden per-route by the route annotation \"router.openshift.io/haproxy.health.check.interval\".\n\nExpects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nSetting this to less than 5s can cause excess traffic due to too frequent TCP health checks and accompanying SYN packet storms. Alternatively, setting this too high can result in increased latency, due to backend servers that are no longer available, but haven't yet been detected as such.\n\nAn empty or zero healthCheckInterval means no opinion and IngressController chooses a default, which is subject to change over time. Currently the default healthCheckInterval value is 5s.\n\nCurrently the minimum allowed value is 1s and the maximum allowed value is 2147483647ms (24.85 days). Both are subject to change over time.", - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + "nodePublishSecretRef": { + "description": "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" }, - "httpKeepAliveTimeout": { - "description": "httpKeepAliveTimeout defines the maximum allowed time to wait for a new HTTP request to appear on a connection from the client to the router.\n\nThis field expects an unsigned duration string of a decimal number, with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5s\" or \"2m45s\". Valid time units are \"ms\", \"s\", \"m\". The allowed range is from 1 millisecond to 15 minutes.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a reasonable default. This default is subject to change over time. The current default is 300s.\n\nLow values (tens of milliseconds or less) can cause clients to close and reopen connections for each request, leading to reduced connection sharing. For HTTP/2, special care should be taken with low values. A few seconds is a reasonable starting point to avoid holding idle connections open while still allowing subsequent requests to reuse the connection.\n\nHigh values (minutes or more) favor connection reuse but may cause idle connections to linger longer.", - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + "readOnly": { + "description": "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).", + "type": "boolean" }, - "maxConnections": { - "description": "maxConnections defines the maximum number of simultaneous connections that can be established per HAProxy process. Increasing this value allows each ingress controller pod to handle more connections but at the cost of additional system resources being consumed.\n\nPermitted values are: empty, 0, -1, and the range 2000-2000000.\n\nIf this field is empty or 0, the IngressController will use the default value of 50000, but the default is subject to change in future releases.\n\nIf the value is -1 then HAProxy will dynamically compute a maximum value based on the available ulimits in the running container. Selecting -1 (i.e., auto) will result in a large value being computed (~520000 on OpenShift >=4.10 clusters) and therefore each HAProxy process will incur significant memory usage compared to the current default of 50000.\n\nSetting a value that is greater than the current operating system limit will prevent the HAProxy process from starting.\n\nIf you choose a discrete value (e.g., 750000) and the router pod is migrated to a new node, there's no guarantee that that new node has identical ulimits configured. In such a scenario the pod would fail to start. If you have nodes with different ulimits configured (e.g., different tuned profiles) and you choose a discrete value then the guidance is to use -1 and let the value be computed dynamically at runtime.\n\nYou can monitor memory usage for router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}'.\n\nYou can monitor memory usage of individual HAProxy processes in router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}/container_processes{container=\"router\",namespace=\"openshift-ingress\"}'.", - "type": "integer", - "format": "int32" + "volumeAttributes": { + "description": "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + } + } + }, + "io.k8s.api.core.v1.Capabilities": { + "description": "Adds and removes POSIX capabilities from running containers.", + "type": "object", + "properties": { + "add": { + "description": "Added capabilities", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "reloadInterval": { - "description": "reloadInterval defines the minimum interval at which the router is allowed to reload to accept new changes. Increasing this value can prevent the accumulation of HAProxy processes, depending on the scenario. Increasing this interval can also lessen load imbalance on a backend's servers when using the roundrobin balancing algorithm. Alternatively, decreasing this value may decrease latency since updates to HAProxy's configuration can take effect more quickly.\n\nThe value must be a time duration value; see . Currently, the minimum value allowed is 1s, and the maximum allowed value is 120s. Minimum and maximum allowed values may change in future versions of OpenShift. Note that if a duration outside of these bounds is provided, the value of reloadInterval will be capped/floored and not rejected (e.g. a duration of over 120s will be capped to 120s; the IngressController will not reject and replace this disallowed value with the default).\n\nA zero value for reloadInterval tells the IngressController to choose the default, which is currently 5s and subject to change without notice.\n\nThis field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nNote: Setting a value significantly larger than the default of 5s can cause latency in observing updates to routes and their endpoints. HAProxy's configuration will be reloaded less frequently, and newly created routes will not be served until the subsequent reload.", - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + "drop": { + "description": "Removed capabilities", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "io.k8s.api.core.v1.CephFSPersistentVolumeSource": { + "description": "Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.", + "type": "object", + "required": [ + "monitors" + ], + "properties": { + "monitors": { + "description": "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "serverFinTimeout": { - "description": "serverFinTimeout defines how long a connection will be held open while waiting for the server/backend response to the client closing the connection.\n\nIf unset, the default timeout is 1s", - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + "path": { + "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", + "type": "string" }, - "serverTimeout": { - "description": "serverTimeout defines how long a connection will be held open while waiting for a server/backend response.\n\nIf unset, the default timeout is 30s", - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "boolean" }, - "threadCount": { - "description": "threadCount defines the number of threads created per HAProxy process. Creating more threads allows each ingress controller pod to handle more connections, at the cost of more system resources being used. HAProxy currently supports up to 64 threads. If this field is empty, the IngressController will use the default value. The current default is 4 threads, but this may change in future releases.\n\nSetting this field is generally not recommended. Increasing the number of HAProxy threads allows ingress controller pods to utilize more CPU time under load, potentially starving other pods if set too high. Reducing the number of threads may cause the ingress controller to perform poorly.", - "type": "integer", - "format": "int32" + "secretFile": { + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" }, - "tlsInspectDelay": { - "description": "tlsInspectDelay defines how long the router can hold data to find a matching route.\n\nSetting this too short can cause the router to fall back to the default certificate for edge-terminated or reencrypt routes even when a better matching certificate could be used.\n\nIf unset, the default inspect delay is 5s", - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + "secretRef": { + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" }, - "tunnelTimeout": { - "description": "tunnelTimeout defines how long a tunnel connection (including websockets) will be held open while the tunnel is idle.\n\nIf unset, the default timeout is 1h", - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + "user": { + "description": "user is Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.InsightsOperator": { - "description": "InsightsOperator holds cluster-wide information about the Insights Operator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.CephFSVolumeSource": { + "description": "Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.", "type": "object", "required": [ - "metadata", - "spec" + "monitors" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "monitors": { + "description": "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "path": { + "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "boolean" }, - "spec": { - "description": "spec is the specification of the desired behavior of the Insights.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.InsightsOperatorSpec" + "secretFile": { + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" }, - "status": { - "description": "status is the most recently observed status of the Insights operator.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.InsightsOperatorStatus" + "secretRef": { + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "user": { + "description": "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.InsightsOperatorList": { - "description": "InsightsOperatorList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.CinderPersistentVolumeSource": { + "description": "Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.", "type": "object", "required": [ - "metadata", - "items" + "volumeID" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "fsType": { + "description": "fsType Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string" }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.InsightsOperator" - } + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "boolean" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "secretRef": { + "description": "secretRef is Optional: points to a secret object containing parameters used to connect to OpenStack.", + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "volumeID": { + "description": "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.InsightsOperatorSpec": { + "io.k8s.api.core.v1.CinderVolumeSource": { + "description": "Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.", "type": "object", "required": [ - "managementState" + "volumeID" ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "type": "string", - "default": "" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "boolean" }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "secretRef": { + "description": "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "volumeID": { + "description": "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.InsightsOperatorStatus": { + "io.k8s.api.core.v1.ClientIPConfig": { + "description": "ClientIPConfig represents the configurations of Client IP based session affinity.", "type": "object", "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "gatherStatus": { - "description": "gatherStatus provides basic information about the last Insights data gathering. When omitted, this means no data gathering has taken place yet.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GatherStatus" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "insightsReport": { - "description": "insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.InsightsReport" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "timeoutSeconds": { + "description": "timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == \"ClientIP\". Default value is 10800(for 3 hours).", "type": "integer", "format": "int32" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" } } }, - "com.github.openshift.api.operator.v1.InsightsReport": { - "description": "insightsReport provides Insights health check report based on the most recently sent Insights data.", + "io.k8s.api.core.v1.ClusterTrustBundleProjection": { + "description": "ClusterTrustBundleProjection describes how to select a set of ClusterTrustBundle objects and project their contents into the pod filesystem.", "type": "object", + "required": [ + "path" + ], "properties": { - "downloadedAt": { - "description": "downloadedAt is the time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled).", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "labelSelector": { + "description": "Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as \"match nothing\". If set but empty, interpreted as \"match everything\".", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" }, - "healthChecks": { - "description": "healthChecks provides basic information about active Insights health checks in a cluster.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.HealthCheck" - }, - "x-kubernetes-list-type": "atomic" + "name": { + "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector.", + "type": "string" + }, + "optional": { + "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles.", + "type": "boolean" + }, + "path": { + "description": "Relative path from the volume root to write the bundle.", + "type": "string", + "default": "" + }, + "signerName": { + "description": "Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.IrreconcilableValidationOverrides": { - "description": "IrreconcilableValidationOverrides holds the irreconcilable validations overrides to be applied on each rendered MachineConfig generation.", + "io.k8s.api.core.v1.ComponentCondition": { + "description": "Information about the condition of a component.", "type": "object", + "required": [ + "type", + "status" + ], "properties": { - "storage": { - "description": "storage can be used to allow making irreconcilable changes to the selected sections under the `spec.config.storage` field of MachineConfig CRs It must have at least one item, may not exceed 3 items and must not contain duplicates. Allowed element values are \"Disks\", \"FileSystems\", \"Raid\" and omitted. When contains \"Disks\" changes to the `spec.config.storage.disks` section of MachineConfig CRs are allowed. When contains \"FileSystems\" changes to the `spec.config.storage.filesystems` section of MachineConfig CRs are allowed. When contains \"Raid\" changes to the `spec.config.storage.raid` section of MachineConfig CRs are allowed. When omitted changes to the `spec.config.storage` section are forbidden.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" + "error": { + "description": "Condition error code for a component. For example, a health check error code.", + "type": "string" + }, + "message": { + "description": "Message about the condition for a component. For example, information about a health check.", + "type": "string" + }, + "status": { + "description": "Status of the condition for a component. Valid values for \"Healthy\": \"True\", \"False\", or \"Unknown\".", + "type": "string", + "default": "" + }, + "type": { + "description": "Type of condition for a component. Valid value: \"Healthy\"", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.KubeAPIServer": { - "description": "KubeAPIServer provides information to configure an operator to manage kube-apiserver.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.ComponentStatus": { + "description": "ComponentStatus (and ComponentStatusList) holds the cluster validation info. Deprecated: This API is deprecated in v1.19+", "type": "object", - "required": [ - "metadata", - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "conditions": { + "description": "List of component conditions observed", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ComponentCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "spec is the specification of the desired behavior of the Kubernetes API Server", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeAPIServerSpec" - }, - "status": { - "description": "status is the most recently observed status of the Kubernetes API Server", + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeAPIServerStatus" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } } }, - "com.github.openshift.api.operator.v1.KubeAPIServerList": { - "description": "KubeAPIServerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.ComponentStatusList": { + "description": "Status of all the conditions for the component as a list of ComponentStatus objects. Deprecated: This API is deprecated in v1.19+", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -44131,11 +42699,11 @@ "type": "string" }, "items": { - "description": "items contains the items", + "description": "List of ComponentStatus objects.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeAPIServer" + "$ref": "#/definitions/io.k8s.api.core.v1.ComponentStatus" } }, "kind": { @@ -44143,177 +42711,94 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1.KubeAPIServerSpec": { + "io.k8s.api.core.v1.ConfigMap": { + "description": "ConfigMap holds configuration data for pods to consume.", "type": "object", - "required": [ - "managementState", - "forceRedeploymentReason" - ], "properties": { - "eventTTLMinutes": { - "description": "eventTTLMinutes specifies the amount of time that the events are stored before being deleted. The TTL is allowed between 5 minutes minimum up to a maximum of 180 minutes (3 hours).\n\nLowering this value will reduce the storage required in etcd. Note that this setting will only apply to new events being created and will not update existing events.\n\nWhen omitted this means no opinion, and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is 3h (180 minutes).", - "type": "integer", - "format": "int32" - }, - "failedRevisionLimit": { - "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", - "type": "integer", - "format": "int32" - }, - "forceRedeploymentReason": { - "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.", - "type": "string", - "default": "" - }, - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "type": "string", - "default": "" + "binaryData": { + "description": "BinaryData contains the binary data. Each key must consist of alphanumeric characters, '-', '_' or '.'. BinaryData can contain byte sequences that are not in the UTF-8 range. The keys stored in BinaryData must not overlap with the ones in the Data field, this is enforced during validation process. Using this field will require 1.10+ apiserver and kubelet.", + "type": "object", + "additionalProperties": { + "type": "string", + "format": "byte" + } }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "data": { + "description": "Data contains the configuration data. Each key must consist of alphanumeric characters, '-', '_' or '.'. Values with non-UTF-8 byte sequences must use the BinaryData field. The keys stored in Data must not overlap with the keys in the BinaryData field, this is enforced during validation process.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "immutable": { + "description": "Immutable, if set to true, ensures that data stored in the ConfigMap cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil.", + "type": "boolean" }, - "succeededRevisionLimit": { - "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", - "type": "integer", - "format": "int32" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } } }, - "com.github.openshift.api.operator.v1.KubeAPIServerStatus": { + "io.k8s.api.core.v1.ConfigMapEnvSource": { + "description": "ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.\n\nThe contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.", "type": "object", "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "latestAvailableRevisionReason": { - "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", - "type": "string" - }, - "nodeStatuses": { - "description": "nodeStatuses track the deployment values and errors across individual nodes", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeStatus" - }, - "x-kubernetes-list-map-keys": [ - "nodeName" - ], - "x-kubernetes-list-type": "map" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 - }, - "serviceAccountIssuers": { - "description": "serviceAccountIssuers tracks history of used service account issuers. The item without expiration time represents the currently used service account issuer. The other items represents service account issuers that were used previously and are still being trusted. The default expiration for the items is set by the platform and it defaults to 24h. see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceAccountIssuerStatus" - }, - "x-kubernetes-list-type": "atomic" + "name": { + "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string", + "default": "" }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + "optional": { + "description": "Specify whether the ConfigMap must be defined", + "type": "boolean" } } }, - "com.github.openshift.api.operator.v1.KubeControllerManager": { - "description": "KubeControllerManager provides information to configure an operator to manage kube-controller-manager.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.ConfigMapKeySelector": { + "description": "Selects a key from a ConfigMap.", "type": "object", "required": [ - "metadata", - "spec" + "key" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "key": { + "description": "The key to select.", + "type": "string", + "default": "" }, - "spec": { - "description": "spec is the specification of the desired behavior of the Kubernetes Controller Manager", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeControllerManagerSpec" + "name": { + "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string", + "default": "" }, - "status": { - "description": "status is the most recently observed status of the Kubernetes Controller Manager", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeControllerManagerStatus" + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.operator.v1.KubeControllerManagerList": { - "description": "KubeControllerManagerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.ConfigMapList": { + "description": "ConfigMapList is a resource containing a list of ConfigMap objects.", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -44322,11 +42807,11 @@ "type": "string" }, "items": { - "description": "items contains the items", + "description": "Items is the list of ConfigMaps.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeControllerManager" + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMap" } }, "kind": { @@ -44334,943 +42819,878 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1.KubeControllerManagerSpec": { + "io.k8s.api.core.v1.ConfigMapNodeConfigSource": { + "description": "ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration", "type": "object", "required": [ - "managementState", - "forceRedeploymentReason", - "useMoreSecureServiceCA" + "namespace", + "name", + "kubeletConfigKey" ], "properties": { - "failedRevisionLimit": { - "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", - "type": "integer", - "format": "int32" - }, - "forceRedeploymentReason": { - "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.", + "kubeletConfigKey": { + "description": "KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure This field is required in all cases.", "type": "string", "default": "" }, - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "name": { + "description": "Name is the metadata.name of the referenced ConfigMap. This field is required in all cases.", "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "namespace": { + "description": "Namespace is the metadata.namespace of the referenced ConfigMap. This field is required in all cases.", + "type": "string", + "default": "" }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "resourceVersion": { + "description": "ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.", "type": "string" }, - "succeededRevisionLimit": { - "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", - "type": "integer", - "format": "int32" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" - }, - "useMoreSecureServiceCA": { - "description": "useMoreSecureServiceCA indicates that the service-ca.crt provided in SA token volumes should include only enough certificates to validate service serving certificates. Once set to true, it cannot be set to false. Even if someone finds a way to set it back to false, the service-ca.crt files that previously existed will only have the more secure content.", - "type": "boolean", - "default": false + "uid": { + "description": "UID is the metadata.UID of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.KubeControllerManagerStatus": { + "io.k8s.api.core.v1.ConfigMapProjection": { + "description": "Adapts a ConfigMap into a projected volume.\n\nThe contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.", "type": "object", "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + "$ref": "#/definitions/io.k8s.api.core.v1.KeyToPath" }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" + "name": { + "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string", + "default": "" }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", + "type": "boolean" + } + } + }, + "io.k8s.api.core.v1.ConfigMapVolumeSource": { + "description": "Adapts a ConfigMap into a volume.\n\nThe contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. ConfigMap volumes support ownership management and SELinux relabeling.", + "type": "object", + "properties": { + "defaultMode": { + "description": "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, - "latestAvailableRevisionReason": { - "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", - "type": "string" - }, - "nodeStatuses": { - "description": "nodeStatuses track the deployment values and errors across individual nodes", + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeStatus" + "$ref": "#/definitions/io.k8s.api.core.v1.KeyToPath" }, - "x-kubernetes-list-map-keys": [ - "nodeName" - ], - "x-kubernetes-list-type": "map" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" + "x-kubernetes-list-type": "atomic" }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "name": { + "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string", + "default": "" }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", + "type": "boolean" } } }, - "com.github.openshift.api.operator.v1.KubeScheduler": { - "description": "KubeScheduler provides information to configure an operator to manage scheduler.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.Container": { + "description": "A single application container that you want to run within a pod.", "type": "object", "required": [ - "metadata", - "spec" + "name" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "args": { + "description": "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "spec": { - "description": "spec is the specification of the desired behavior of the Kubernetes Scheduler", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeSchedulerSpec" + "command": { + "description": "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "status": { - "description": "status is the most recently observed status of the Kubernetes Scheduler", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeSchedulerStatus" - } - } - }, - "com.github.openshift.api.operator.v1.KubeSchedulerList": { - "description": "KubeSchedulerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "metadata", - "items" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "env": { + "description": "List of environment variables to set in the container. Cannot be updated.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" }, - "items": { - "description": "items contains the items", + "envFrom": { + "description": "List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeScheduler" - } + "$ref": "#/definitions/io.k8s.api.core.v1.EnvFromSource" + }, + "x-kubernetes-list-type": "atomic" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "image": { + "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.operator.v1.KubeSchedulerSpec": { - "type": "object", - "required": [ - "managementState", - "forceRedeploymentReason" - ], - "properties": { - "failedRevisionLimit": { - "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", - "type": "integer", - "format": "int32" - }, - "forceRedeploymentReason": { - "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.", + "imagePullPolicy": { + "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images\n\nPossible enum values:\n - `\"Always\"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.\n - `\"IfNotPresent\"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.\n - `\"Never\"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present", "type": "string", - "default": "" + "enum": [ + "Always", + "IfNotPresent", + "Never" + ] }, - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "lifecycle": { + "description": "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", + "$ref": "#/definitions/io.k8s.api.core.v1.Lifecycle" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "livenessProbe": { + "description": "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "$ref": "#/definitions/io.k8s.api.core.v1.Probe" + }, + "name": { + "description": "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" - }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "succeededRevisionLimit": { - "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", - "type": "integer", - "format": "int32" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.operator.v1.KubeSchedulerStatus": { - "type": "object", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", + "ports": { + "description": "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerPort" }, "x-kubernetes-list-map-keys": [ - "type" + "containerPort", + "protocol" ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "containerPort", + "x-kubernetes-patch-strategy": "merge" }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "readinessProbe": { + "description": "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "$ref": "#/definitions/io.k8s.api.core.v1.Probe" + }, + "resizePolicy": { + "description": "Resources resize policy for the container.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerResizePolicy" }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" + "resources": { + "description": "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" }, - "latestAvailableRevisionReason": { - "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", + "restartPolicy": { + "description": "RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.", "type": "string" }, - "nodeStatuses": { - "description": "nodeStatuses track the deployment values and errors across individual nodes", + "restartPolicyRules": { + "description": "Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeStatus" + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerRestartRule" }, - "x-kubernetes-list-map-keys": [ - "nodeName" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" + "securityContext": { + "description": "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "$ref": "#/definitions/io.k8s.api.core.v1.SecurityContext" }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "startupProbe": { + "description": "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "$ref": "#/definitions/io.k8s.api.core.v1.Probe" }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" - } - } - }, - "com.github.openshift.api.operator.v1.KubeStorageVersionMigrator": { - "description": "KubeStorageVersionMigrator provides information to configure an operator to manage kube-storage-version-migrator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "metadata", - "spec" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", + "type": "boolean" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", + "type": "boolean" + }, + "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.\n\nPossible enum values:\n - `\"FallbackToLogsOnError\"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.\n - `\"File\"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.", + "type": "string", + "enum": [ + "FallbackToLogsOnError", + "File" + ] }, - "spec": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeStorageVersionMigratorSpec" + "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", + "type": "boolean" }, - "status": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeStorageVersionMigratorStatus" - } - } - }, - "com.github.openshift.api.operator.v1.KubeStorageVersionMigratorList": { - "description": "KubeStorageVersionMigratorList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "metadata", - "items" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeDevice" + }, + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "devicePath", + "x-kubernetes-patch-strategy": "merge" }, - "items": { - "description": "items contains the items", + "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem. Cannot be updated.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeStorageVersionMigrator" - } + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeMount" + }, + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "mountPath", + "x-kubernetes-patch-strategy": "merge" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "workingDir": { + "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.operator.v1.KubeStorageVersionMigratorSpec": { + "io.k8s.api.core.v1.ContainerExtendedResourceRequest": { + "description": "ContainerExtendedResourceRequest has the mapping of container name, extended resource name to the device request name.", "type": "object", "required": [ - "managementState" + "containerName", + "resourceName", + "requestName" ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "containerName": { + "description": "The name of the container requesting resources.", "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" - }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "requestName": { + "description": "The name of the request in the special ResourceClaim which corresponds to the extended resource.", + "type": "string", + "default": "" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "resourceName": { + "description": "The name of the extended resource in that container which gets backed by DRA.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.KubeStorageVersionMigratorStatus": { + "io.k8s.api.core.v1.ContainerImage": { + "description": "Describe a container image", "type": "object", "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "names": { + "description": "Names by which this image is known. e.g. [\"kubernetes.example/hyperkube:v1.0.7\", \"cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7\"]", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" + "x-kubernetes-list-type": "atomic" }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", + "sizeBytes": { + "description": "The size of the image in bytes.", "type": "integer", "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", + } + } + }, + "io.k8s.api.core.v1.ContainerPort": { + "description": "ContainerPort represents a network port in a single container.", + "type": "object", + "required": [ + "containerPort" + ], + "properties": { + "containerPort": { + "description": "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.", "type": "integer", "format": "int32", "default": 0 }, - "version": { - "description": "version is the level this availability applies to", + "hostIP": { + "description": "What host IP to bind the external port to.", + "type": "string" + }, + "hostPort": { + "description": "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", + "type": "integer", + "format": "int32" + }, + "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", "type": "string" + }, + "protocol": { + "description": "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".\n\nPossible enum values:\n - `\"SCTP\"` is the SCTP protocol.\n - `\"TCP\"` is the TCP protocol.\n - `\"UDP\"` is the UDP protocol.", + "type": "string", + "default": "TCP", + "enum": [ + "SCTP", + "TCP", + "UDP" + ] } } }, - "com.github.openshift.api.operator.v1.LoadBalancerStrategy": { - "description": "LoadBalancerStrategy holds parameters for a load balancer.", + "io.k8s.api.core.v1.ContainerResizePolicy": { + "description": "ContainerResizePolicy represents resource resize policy for the container.", "type": "object", "required": [ - "scope", - "dnsManagementPolicy" + "resourceName", + "restartPolicy" ], "properties": { - "allowedSourceRanges": { - "description": "allowedSourceRanges specifies an allowlist of IP address ranges to which access to the load balancer should be restricted. Each range must be specified using CIDR notation (e.g. \"10.0.0.0/8\" or \"fd00::/8\"). If no range is specified, \"0.0.0.0/0\" for IPv4 and \"::/0\" for IPv6 are used by default, which allows all source addresses.\n\nTo facilitate migration from earlier versions of OpenShift that did not have the allowedSourceRanges field, you may set the service.beta.kubernetes.io/load-balancer-source-ranges annotation on the \"router-\" service in the \"openshift-ingress\" namespace, and this annotation will take effect if allowedSourceRanges is empty on OpenShift 4.12.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "dnsManagementPolicy": { - "description": "dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record associated with the load balancer service will be managed by the ingress operator. It defaults to Managed. Valid values are: Managed and Unmanaged.", + "resourceName": { + "description": "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.", "type": "string", - "default": "Managed" - }, - "providerParameters": { - "description": "providerParameters holds desired load balancer information specific to the underlying infrastructure provider.\n\nIf empty, defaults will be applied. See specific providerParameters fields for details about their defaults.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ProviderLoadBalancerParameters" + "default": "" }, - "scope": { - "description": "scope indicates the scope at which the load balancer is exposed. Possible values are \"External\" and \"Internal\".", + "restartPolicy": { + "description": "Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.", "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1.LoggingDestination": { - "description": "LoggingDestination describes a destination for log messages.", + "io.k8s.api.core.v1.ContainerRestartRule": { + "description": "ContainerRestartRule describes how a container exit is handled.", "type": "object", "required": [ - "type" + "action" ], "properties": { - "container": { - "description": "container holds parameters for the Container logging destination. Present only if type is Container.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ContainerLoggingDestinationParameters" - }, - "syslog": { - "description": "syslog holds parameters for a syslog endpoint. Present only if type is Syslog.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.SyslogLoggingDestinationParameters" + "action": { + "description": "Specifies the action taken on a container exit if the requirements are satisfied. The only possible value is \"Restart\" to restart the container.", + "type": "string" }, - "type": { - "description": "type is the type of destination for logs. It must be one of the following:\n\n* Container\n\nThe ingress operator configures the sidecar container named \"logs\" on the ingress controller pod and configures the ingress controller to write logs to the sidecar. The logs are then available as container logs. The expectation is that the administrator configures a custom logging solution that reads logs from this sidecar. Note that using container logs means that logs may be dropped if the rate of logs exceeds the container runtime's or the custom logging solution's capacity.\n\n* Syslog\n\nLogs are sent to a syslog endpoint. The administrator must specify an endpoint that can receive syslog messages. The expectation is that the administrator has configured a custom syslog instance.", - "type": "string", - "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "container": "Container", - "syslog": "Syslog" - } + "exitCodes": { + "description": "Represents the exit codes to check on container exits.", + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerRestartRuleOnExitCodes" } - ] + } }, - "com.github.openshift.api.operator.v1.Logo": { - "description": "Logo defines a configuration based on theme modes for the console UI logo.", + "io.k8s.api.core.v1.ContainerRestartRuleOnExitCodes": { + "description": "ContainerRestartRuleOnExitCodes describes the condition for handling an exited container based on its exit codes.", "type": "object", "required": [ - "type", - "themes" + "operator" ], "properties": { - "themes": { - "description": "themes specifies the themes for the console UI logo. themes is a required field that allows a list of themes. Each item in the themes list must have a unique mode and a source field. Each mode determines whether the logo is for the dark or light mode of the console UI. If a theme is not specified, the default OpenShift logo will be displayed for that theme. There must be at least one entry and no more than 2 entries.", + "operator": { + "description": "Represents the relationship between the container exit code(s) and the specified values. Possible values are: - In: the requirement is satisfied if the container exit code is in the\n set of specified values.\n- NotIn: the requirement is satisfied if the container exit code is\n not in the set of specified values.", + "type": "string" + }, + "values": { + "description": "Specifies the set of values to check for container exit codes. At most 255 elements are allowed.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Theme" + "type": "integer", + "format": "int32", + "default": 0 }, - "x-kubernetes-list-map-keys": [ - "mode" - ], - "x-kubernetes-list-type": "map" - }, - "type": { - "description": "type specifies the type of the logo for the console UI. It determines whether the logo is for the masthead or favicon. type is a required field that allows values of Masthead and Favicon. When set to \"Masthead\", the logo will be used in the masthead and about modal of the console UI. When set to \"Favicon\", the logo will be used as the favicon of the console UI.\n\nPossible enum values:\n - `\"Favicon\"` Favicon represents the favicon logo.\n - `\"Masthead\"` Masthead represents the logo in the masthead.", - "type": "string", - "default": "", - "enum": [ - "Favicon", - "Masthead" - ] + "x-kubernetes-list-type": "set" } } }, - "com.github.openshift.api.operator.v1.MTUMigration": { - "description": "MTUMigration contains infomation about MTU migration.", + "io.k8s.api.core.v1.ContainerState": { + "description": "ContainerState holds a possible state of container. Only one of its members may be specified. If none of them is specified, the default one is ContainerStateWaiting.", "type": "object", "properties": { - "machine": { - "description": "machine contains MTU migration configuration for the machine's uplink. Needs to be migrated along with the default network MTU unless the current uplink MTU already accommodates the default network MTU.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.MTUMigrationValues" + "running": { + "description": "Details about a running container", + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerStateRunning" }, - "network": { - "description": "network contains information about MTU migration for the default network. Migrations are only allowed to MTU values lower than the machine's uplink MTU by the minimum appropriate offset.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.MTUMigrationValues" + "terminated": { + "description": "Details about a terminated container", + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerStateTerminated" + }, + "waiting": { + "description": "Details about a waiting container", + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerStateWaiting" } } }, - "com.github.openshift.api.operator.v1.MTUMigrationValues": { - "description": "MTUMigrationValues contains the values for a MTU migration.", + "io.k8s.api.core.v1.ContainerStateRunning": { + "description": "ContainerStateRunning is a running state of a container.", "type": "object", - "required": [ - "to" - ], "properties": { - "from": { - "description": "from is the MTU to migrate from.", - "type": "integer", - "format": "int64" - }, - "to": { - "description": "to is the MTU to migrate to.", - "type": "integer", - "format": "int64" + "startedAt": { + "description": "Time at which the container was last (re-)started", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" } } }, - "com.github.openshift.api.operator.v1.MachineConfiguration": { - "description": "MachineConfiguration provides information to configure an operator to manage Machine Configuration.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.ContainerStateTerminated": { + "description": "ContainerStateTerminated is a terminated state of a container.", "type": "object", "required": [ - "metadata", - "spec" + "exitCode" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "containerID": { + "description": "Container's ID in the format '://'", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "exitCode": { + "description": "Exit status from the last termination of the container", + "type": "integer", + "format": "int32", + "default": 0 + }, + "finishedAt": { + "description": "Time at which the container last terminated", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "message": { + "description": "Message regarding the last termination of the container", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "reason": { + "description": "(brief) reason from the last termination of the container", + "type": "string" }, - "spec": { - "description": "spec is the specification of the desired behavior of the Machine Config Operator", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.MachineConfigurationSpec" + "signal": { + "description": "Signal from the last termination of the container", + "type": "integer", + "format": "int32" }, - "status": { - "description": "status is the most recently observed status of the Machine Config Operator", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.MachineConfigurationStatus" + "startedAt": { + "description": "Time at which previous execution of the container started", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" } } }, - "com.github.openshift.api.operator.v1.MachineConfigurationList": { - "description": "MachineConfigurationList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.ContainerStateWaiting": { + "description": "ContainerStateWaiting is a waiting state of a container.", "type": "object", - "required": [ - "metadata", - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "message": { + "description": "Message regarding why the container is not yet running.", "type": "string" }, - "items": { - "description": "items contains the items", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.MachineConfiguration" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "reason": { + "description": "(brief) reason the container is not yet running.", "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.operator.v1.MachineConfigurationSpec": { + "io.k8s.api.core.v1.ContainerStatus": { + "description": "ContainerStatus contains details for the current status of this container.", "type": "object", "required": [ - "managementState", - "forceRedeploymentReason" + "name", + "ready", + "restartCount", + "image", + "imageID" ], "properties": { - "bootImageSkewEnforcement": { - "description": "bootImageSkewEnforcement allows an admin to configure how boot image version skew is enforced on the cluster. When omitted, this will default to Automatic for clusters that support automatic boot image updates. For clusters that do not support automatic boot image updates, cluster upgrades will be disabled until a skew enforcement mode has been specified. When version skew is being enforced, cluster upgrades will be disabled until the version skew is deemed acceptable for the current release payload.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.BootImageSkewEnforcementConfig" + "allocatedResources": { + "description": "AllocatedResources represents the compute resources allocated for this container by the node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission and after successfully admitting desired pod resize.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + } }, - "failedRevisionLimit": { - "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", - "type": "integer", - "format": "int32" + "allocatedResourcesStatus": { + "description": "AllocatedResourcesStatus represents the status of various resources allocated for this Pod.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceStatus" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" }, - "forceRedeploymentReason": { - "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.", + "containerID": { + "description": "ContainerID is the ID of the container in the format '://'. Where type is a container runtime identifier, returned from Version call of CRI API (for example \"containerd\").", + "type": "string" + }, + "image": { + "description": "Image is the name of container image that the container is running. The container image may not match the image used in the PodSpec, as it may have been resolved by the runtime. More info: https://kubernetes.io/docs/concepts/containers/images.", "type": "string", "default": "" }, - "irreconcilableValidationOverrides": { - "description": "irreconcilableValidationOverrides is an optional field that can used to make changes to a MachineConfig that cannot be applied to existing nodes. When specified, the fields configured with validation overrides will no longer reject changes to those respective fields due to them not being able to be applied to existing nodes. Only newly provisioned nodes will have these configurations applied. Existing nodes will report observed configuration differences in their MachineConfigNode status.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IrreconcilableValidationOverrides" - }, - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "imageID": { + "description": "ImageID is the image ID of the container's image. The image ID may not match the image ID of the image used in the PodSpec, as it may have been resolved by the runtime.", + "type": "string", + "default": "" }, - "managedBootImages": { - "description": "managedBootImages allows configuration for the management of boot images for machine resources within the cluster. This configuration allows users to select resources that should be updated to the latest boot images during cluster upgrades, ensuring that new machines always boot with the current cluster version's boot image. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default for each machine manager mode is All for GCP and AWS platforms, and None for all other platforms.", + "lastState": { + "description": "LastTerminationState holds the last termination state of the container to help debug container crashes and restarts. This field is not populated if the container is still running and RestartCount is 0.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ManagedBootImages" + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerState" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "name": { + "description": "Name is a DNS_LABEL representing the unique name of the container. Each container in a pod must have a unique name across all container types. Cannot be updated.", "type": "string", "default": "" }, - "nodeDisruptionPolicy": { - "description": "nodeDisruptionPolicy allows an admin to set granular node disruption actions for MachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow for less downtime when doing small configuration updates to the cluster. This configuration has no effect on cluster upgrades which will still incur node disruption where required.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyConfig" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "ready": { + "description": "Ready specifies whether the container is currently passing its readiness check. The value will change as readiness probes keep executing. If no readiness probes are specified, this field defaults to true once the container is fully started (see Started field).\n\nThe value is typically used to determine whether a container is ready to accept traffic.", + "type": "boolean", + "default": false }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "resources": { + "description": "Resources represents the compute resource requests and limits that have been successfully enacted on the running container after it has been started or has been successfully resized.", + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" }, - "succeededRevisionLimit": { - "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", + "restartCount": { + "description": "RestartCount holds the number of times the container has been restarted. Kubelet makes an effort to always increment the value, but there are cases when the state may be lost due to node restarts and then the value may be reset to 0. The value is never negative.", "type": "integer", - "format": "int32" + "format": "int32", + "default": 0 }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.operator.v1.MachineConfigurationStatus": { - "type": "object", - "properties": { - "bootImageSkewEnforcementStatus": { - "description": "bootImageSkewEnforcementStatus reflects what the latest cluster-validated boot image skew enforcement configuration is and will be used by Machine Config Controller while performing boot image skew enforcement. When omitted, the MCO has no knowledge of how to enforce boot image skew. When the MCO does not know how boot image skew should be enforced, cluster upgrades will be blocked until it can either automatically determine skew enforcement or there is an explicit skew enforcement configuration provided in the spec.bootImageSkewEnforcement field.", + "started": { + "description": "Started indicates whether the container has finished its postStart lifecycle hook and passed its startup probe. Initialized as false, becomes true after startupProbe is considered successful. Resets to false when the container is restarted, or if kubelet loses state temporarily. In both cases, startup probes will run again. Is always true when no startupProbe is defined and container is running and has passed the postStart lifecycle hook. The null value must be treated the same as false.", + "type": "boolean" + }, + "state": { + "description": "State holds details about the container's current condition.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.BootImageSkewEnforcementStatus" + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerState" }, - "conditions": { - "description": "conditions is a list of conditions and their status", + "stopSignal": { + "description": "StopSignal reports the effective stop signal for this container\n\nPossible enum values:\n - `\"SIGABRT\"`\n - `\"SIGALRM\"`\n - `\"SIGBUS\"`\n - `\"SIGCHLD\"`\n - `\"SIGCLD\"`\n - `\"SIGCONT\"`\n - `\"SIGFPE\"`\n - `\"SIGHUP\"`\n - `\"SIGILL\"`\n - `\"SIGINT\"`\n - `\"SIGIO\"`\n - `\"SIGIOT\"`\n - `\"SIGKILL\"`\n - `\"SIGPIPE\"`\n - `\"SIGPOLL\"`\n - `\"SIGPROF\"`\n - `\"SIGPWR\"`\n - `\"SIGQUIT\"`\n - `\"SIGRTMAX\"`\n - `\"SIGRTMAX-1\"`\n - `\"SIGRTMAX-10\"`\n - `\"SIGRTMAX-11\"`\n - `\"SIGRTMAX-12\"`\n - `\"SIGRTMAX-13\"`\n - `\"SIGRTMAX-14\"`\n - `\"SIGRTMAX-2\"`\n - `\"SIGRTMAX-3\"`\n - `\"SIGRTMAX-4\"`\n - `\"SIGRTMAX-5\"`\n - `\"SIGRTMAX-6\"`\n - `\"SIGRTMAX-7\"`\n - `\"SIGRTMAX-8\"`\n - `\"SIGRTMAX-9\"`\n - `\"SIGRTMIN\"`\n - `\"SIGRTMIN+1\"`\n - `\"SIGRTMIN+10\"`\n - `\"SIGRTMIN+11\"`\n - `\"SIGRTMIN+12\"`\n - `\"SIGRTMIN+13\"`\n - `\"SIGRTMIN+14\"`\n - `\"SIGRTMIN+15\"`\n - `\"SIGRTMIN+2\"`\n - `\"SIGRTMIN+3\"`\n - `\"SIGRTMIN+4\"`\n - `\"SIGRTMIN+5\"`\n - `\"SIGRTMIN+6\"`\n - `\"SIGRTMIN+7\"`\n - `\"SIGRTMIN+8\"`\n - `\"SIGRTMIN+9\"`\n - `\"SIGSEGV\"`\n - `\"SIGSTKFLT\"`\n - `\"SIGSTOP\"`\n - `\"SIGSYS\"`\n - `\"SIGTERM\"`\n - `\"SIGTRAP\"`\n - `\"SIGTSTP\"`\n - `\"SIGTTIN\"`\n - `\"SIGTTOU\"`\n - `\"SIGURG\"`\n - `\"SIGUSR1\"`\n - `\"SIGUSR2\"`\n - `\"SIGVTALRM\"`\n - `\"SIGWINCH\"`\n - `\"SIGXCPU\"`\n - `\"SIGXFSZ\"`", + "type": "string", + "enum": [ + "SIGABRT", + "SIGALRM", + "SIGBUS", + "SIGCHLD", + "SIGCLD", + "SIGCONT", + "SIGFPE", + "SIGHUP", + "SIGILL", + "SIGINT", + "SIGIO", + "SIGIOT", + "SIGKILL", + "SIGPIPE", + "SIGPOLL", + "SIGPROF", + "SIGPWR", + "SIGQUIT", + "SIGRTMAX", + "SIGRTMAX-1", + "SIGRTMAX-10", + "SIGRTMAX-11", + "SIGRTMAX-12", + "SIGRTMAX-13", + "SIGRTMAX-14", + "SIGRTMAX-2", + "SIGRTMAX-3", + "SIGRTMAX-4", + "SIGRTMAX-5", + "SIGRTMAX-6", + "SIGRTMAX-7", + "SIGRTMAX-8", + "SIGRTMAX-9", + "SIGRTMIN", + "SIGRTMIN+1", + "SIGRTMIN+10", + "SIGRTMIN+11", + "SIGRTMIN+12", + "SIGRTMIN+13", + "SIGRTMIN+14", + "SIGRTMIN+15", + "SIGRTMIN+2", + "SIGRTMIN+3", + "SIGRTMIN+4", + "SIGRTMIN+5", + "SIGRTMIN+6", + "SIGRTMIN+7", + "SIGRTMIN+8", + "SIGRTMIN+9", + "SIGSEGV", + "SIGSTKFLT", + "SIGSTOP", + "SIGSYS", + "SIGTERM", + "SIGTRAP", + "SIGTSTP", + "SIGTTIN", + "SIGTTOU", + "SIGURG", + "SIGUSR1", + "SIGUSR2", + "SIGVTALRM", + "SIGWINCH", + "SIGXCPU", + "SIGXFSZ" + ] + }, + "user": { + "description": "User represents user identity information initially attached to the first process of the container", + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerUser" + }, + "volumeMounts": { + "description": "Status of volume mounts.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeMountStatus" }, "x-kubernetes-list-map-keys": [ - "type" + "mountPath" ], - "x-kubernetes-list-type": "map" - }, - "managedBootImagesStatus": { - "description": "managedBootImagesStatus reflects what the latest cluster-validated boot image configuration is and will be used by Machine Config Controller while performing boot image updates.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ManagedBootImages" - }, - "nodeDisruptionPolicyStatus": { - "description": "nodeDisruptionPolicyStatus status reflects what the latest cluster-validated policies are, and will be used by the Machine Config Daemon during future node updates.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatus" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "mountPath", + "x-kubernetes-patch-strategy": "merge" } } }, - "com.github.openshift.api.operator.v1.MachineManager": { - "description": "MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information such as the resource type and the API Group of the resource. It also provides granular control via the selection field.", + "io.k8s.api.core.v1.ContainerUser": { + "description": "ContainerUser represents user identity information", + "type": "object", + "properties": { + "linux": { + "description": "Linux holds user identity information initially attached to the first process of the containers in Linux. Note that the actual running identity can be changed if the process has enough privilege to do so.", + "$ref": "#/definitions/io.k8s.api.core.v1.LinuxContainerUser" + } + } + }, + "io.k8s.api.core.v1.DaemonEndpoint": { + "description": "DaemonEndpoint contains information about a single Daemon endpoint.", "type": "object", "required": [ - "resource", - "apiGroup", - "selection" + "Port" ], "properties": { - "apiGroup": { - "description": "apiGroup is name of the APIGroup that the machine management resource belongs to. The only current valid value is machine.openshift.io. machine.openshift.io means that the machine manager will only register resources that belong to OpenShift machine API group.", - "type": "string", - "default": "" - }, - "resource": { - "description": "resource is the machine management resource's type. Valid values are machinesets and controlplanemachinesets. machinesets means that the machine manager will only register resources of the kind MachineSet. controlplanemachinesets means that the machine manager will only register resources of the kind ControlPlaneMachineSet.", - "type": "string", - "default": "" - }, - "selection": { - "description": "selection allows granular control of the machine management resources that will be registered for boot image updates.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.MachineManagerSelector" + "Port": { + "description": "Port number of the given endpoint.", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "com.github.openshift.api.operator.v1.MachineManagerSelector": { + "io.k8s.api.core.v1.DownwardAPIProjection": { + "description": "Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode.", + "type": "object", + "properties": { + "items": { + "description": "Items is a list of DownwardAPIVolume file", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIVolumeFile" + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "io.k8s.api.core.v1.DownwardAPIVolumeFile": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", "type": "object", "required": [ - "mode" + "path" ], "properties": { + "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectFieldSelector" + }, "mode": { - "description": "mode determines how machine managers will be selected for updates. Valid values are All, Partial and None. All means that every resource matched by the machine manager will be updated. Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated. Partial is not permitted for the controlplanemachinesets resource type as they are a singleton within the cluster. None means that every resource matched by the machine manager will not be updated.", + "description": "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" + }, + "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string", "default": "" }, - "partial": { - "description": "partial provides label selector(s) that can be used to match machine management resources. Only permitted when mode is set to \"Partial\".", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.PartialSelector" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "mode", - "fields-to-discriminateBy": { - "partial": "Partial" - } + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceFieldSelector" } - ] + } }, - "com.github.openshift.api.operator.v1.ManagedBootImages": { + "io.k8s.api.core.v1.DownwardAPIVolumeSource": { + "description": "DownwardAPIVolumeSource represents a volume containing downward API info. Downward API volumes support ownership management and SELinux relabeling.", "type": "object", "properties": { - "machineManagers": { - "description": "machineManagers can be used to register machine management resources for boot image updates. The Machine Config Operator will watch for changes to this list. Only one entry is permitted per type of machine management resource.", + "defaultMode": { + "description": "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" + }, + "items": { + "description": "Items is a list of downward API volume file", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.MachineManager" + "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIVolumeFile" }, - "x-kubernetes-list-map-keys": [ - "resource", - "apiGroup" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.operator.v1.MyOperatorResource": { - "description": "MyOperatorResource is an example operator configuration type\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "io.k8s.api.core.v1.EmptyDirVolumeSource": { + "description": "Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling.", "type": "object", - "required": [ - "metadata", - "spec", - "status" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "medium": { + "description": "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.MyOperatorResourceSpec" - }, - "status": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.MyOperatorResourceStatus" + "sizeLimit": { + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" } } }, - "com.github.openshift.api.operator.v1.MyOperatorResourceSpec": { + "io.k8s.api.core.v1.EndpointAddress": { + "description": "EndpointAddress is a tuple that describes single IP address. Deprecated: This API is deprecated in v1.33+.", "type": "object", "required": [ - "managementState" + "ip" ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "hostname": { + "description": "The Hostname of this endpoint", "type": "string" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "ip": { + "description": "The IP of this endpoint. May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10), or link-local multicast (224.0.0.0/24 or ff02::/16).", "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "nodeName": { + "description": "Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node.", + "type": "string" }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "targetRef": { + "description": "Reference to object providing the endpoint.", + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + } + }, + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.EndpointPort": { + "description": "EndpointPort is a tuple that describes a single port. Deprecated: This API is deprecated in v1.33+.", + "type": "object", + "required": [ + "port" + ], + "properties": { + "appProtocol": { + "description": "The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.", "type": "string" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "name": { + "description": "The name of this port. This must match the 'name' field in the corresponding ServicePort. Must be a DNS_LABEL. Optional only if one port is defined.", + "type": "string" + }, + "port": { + "description": "The port number of the endpoint.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "protocol": { + "description": "The IP protocol for this port. Must be UDP, TCP, or SCTP. Default is TCP.\n\nPossible enum values:\n - `\"SCTP\"` is the SCTP protocol.\n - `\"TCP\"` is the TCP protocol.\n - `\"UDP\"` is the UDP protocol.", + "type": "string", + "enum": [ + "SCTP", + "TCP", + "UDP" + ] } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.operator.v1.MyOperatorResourceStatus": { + "io.k8s.api.core.v1.EndpointSubset": { + "description": "EndpointSubset is a group of addresses with a common set of ports. The expanded set of endpoints is the Cartesian product of Addresses x Ports. For example, given:\n\n\t{\n\t Addresses: [{\"ip\": \"10.10.1.1\"}, {\"ip\": \"10.10.2.2\"}],\n\t Ports: [{\"name\": \"a\", \"port\": 8675}, {\"name\": \"b\", \"port\": 309}]\n\t}\n\nThe resulting set of endpoints can be viewed as:\n\n\ta: [ 10.10.1.1:8675, 10.10.2.2:8675 ],\n\tb: [ 10.10.1.1:309, 10.10.2.2:309 ]\n\nDeprecated: This API is deprecated in v1.33+.", "type": "object", "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", + "addresses": { + "description": "IP addresses which offer the related ports that are marked as ready. These endpoints should be considered safe for load balancers and clients to utilize.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + "$ref": "#/definitions/io.k8s.api.core.v1.EndpointAddress" }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "notReadyAddresses": { + "description": "IP addresses which offer the related ports but are not currently marked as ready because they have not yet finished starting, have recently failed a readiness check, or have recently failed a liveness check.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + "$ref": "#/definitions/io.k8s.api.core.v1.EndpointAddress" }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "x-kubernetes-list-type": "atomic" }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + "ports": { + "description": "Port numbers available on the related IP addresses.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.EndpointPort" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.operator.v1.NetFlowConfig": { - "type": "object", - "properties": { - "collectors": { - "description": "netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. It is a list of strings formatted as ip:port with a maximum of ten items", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "com.github.openshift.api.operator.v1.Network": { - "description": "Network describes the cluster's desired network configuration. It is consumed by the cluster-network-operator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.Endpoints": { + "description": "Endpoints is a collection of endpoints that implement the actual service. Example:\n\n\t Name: \"mysvc\",\n\t Subsets: [\n\t {\n\t Addresses: [{\"ip\": \"10.10.1.1\"}, {\"ip\": \"10.10.2.2\"}],\n\t Ports: [{\"name\": \"a\", \"port\": 8675}, {\"name\": \"b\", \"port\": 309}]\n\t },\n\t {\n\t Addresses: [{\"ip\": \"10.10.3.3\"}],\n\t Ports: [{\"name\": \"a\", \"port\": 93}, {\"name\": \"b\", \"port\": 76}]\n\t },\n\t]\n\nEndpoints is a legacy API and does not contain information about all Service features. Use discoveryv1.EndpointSlice for complete information about Service endpoints.\n\nDeprecated: This API is deprecated in v1.33+. Use discoveryv1.EndpointSlice.", "type": "object", "properties": { "apiVersion": { @@ -45282,22 +43702,23 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NetworkSpec" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "status": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NetworkStatus" + "subsets": { + "description": "The set of all endpoints is the union of all subsets. Addresses are placed into subsets according to the IPs they share. A single address with multiple ports, some of which are ready and some of which are not (because they come from different containers) will result in the address being displayed in different subsets for the different ports. No address will appear in both Addresses and NotReadyAddresses in the same subset. Sets of addresses and ports that comprise a service.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.EndpointSubset" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.operator.v1.NetworkList": { - "description": "NetworkList contains a list of Network configurations\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.EndpointsList": { + "description": "EndpointsList is a list of endpoints. Deprecated: This API is deprecated in v1.33+.", "type": "object", "required": [ "items" @@ -45308,10 +43729,11 @@ "type": "string" }, "items": { + "description": "List of endpoints.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Network" + "$ref": "#/definitions/io.k8s.api.core.v1.Endpoints" } }, "kind": { @@ -45319,611 +43741,552 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1.NetworkMigration": { - "description": "NetworkMigration represents the cluster network migration configuration.", + "io.k8s.api.core.v1.EnvFromSource": { + "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", "type": "object", "properties": { - "features": { - "description": "features was previously used to configure which network plugin features would be migrated in a network type migration. DEPRECATED: network type migration is no longer supported, and setting this to a non-empty value will result in the network operator rejecting the configuration.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.FeaturesMigration" + "configMapRef": { + "description": "The ConfigMap to select from", + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapEnvSource" }, - "mode": { - "description": "mode indicates the mode of network type migration. DEPRECATED: network type migration is no longer supported, and setting this to a non-empty value will result in the network operator rejecting the configuration.", + "prefix": { + "description": "Optional text to prepend to the name of each environment variable. May consist of any printable ASCII characters except '='.", "type": "string" }, - "mtu": { - "description": "mtu contains the MTU migration configuration. Set this to allow changing the MTU values for the default network. If unset, the operation of changing the MTU for the default network will be rejected.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.MTUMigration" + "secretRef": { + "description": "The Secret to select from", + "$ref": "#/definitions/io.k8s.api.core.v1.SecretEnvSource" + } + } + }, + "io.k8s.api.core.v1.EnvVar": { + "description": "EnvVar represents an environment variable present in a Container.", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "Name of the environment variable. May consist of any printable ASCII characters except '='.", + "type": "string", + "default": "" }, - "networkType": { - "description": "networkType was previously used when changing the default network type. DEPRECATED: network type migration is no longer supported, and setting this to a non-empty value will result in the network operator rejecting the configuration.", + "value": { + "description": "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".", "type": "string" + }, + "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVarSource" } } }, - "com.github.openshift.api.operator.v1.NetworkSpec": { - "description": "NetworkSpec is the top-level network configuration object.", + "io.k8s.api.core.v1.EnvVarSource": { + "description": "EnvVarSource represents a source for the value of an EnvVar.", + "type": "object", + "properties": { + "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapKeySelector" + }, + "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectFieldSelector" + }, + "fileKeyRef": { + "description": "FileKeyRef selects a key of the env file. Requires the EnvFiles feature gate to be enabled.", + "$ref": "#/definitions/io.k8s.api.core.v1.FileKeySelector" + }, + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceFieldSelector" + }, + "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", + "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + } + } + }, + "io.k8s.api.core.v1.EphemeralContainer": { + "description": "An EphemeralContainer is a temporary container that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a Pod is removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the Pod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod. Ephemeral containers may not be removed or restarted.", "type": "object", "required": [ - "managementState", - "clusterNetwork", - "serviceNetwork", - "defaultNetwork" + "name" ], "properties": { - "additionalNetworks": { - "description": "additionalNetworks is a list of extra networks to make available to pods when multiple networks are enabled.", + "args": { + "description": "Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "command": { + "description": "Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "env": { + "description": "List of environment variables to set in the container. Cannot be updated.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AdditionalNetworkDefinition" + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" }, "x-kubernetes-list-map-keys": [ "name" ], - "x-kubernetes-list-type": "map" - }, - "additionalRoutingCapabilities": { - "description": "additionalRoutingCapabilities describes components and relevant configuration providing additional routing capabilities. When set, it enables such components and the usage of the routing capabilities they provide for the machine network. Upstream operators, like MetalLB operator, requiring these capabilities may rely on, or automatically set this attribute. Network plugins may leverage advanced routing capabilities acquired through the enablement of these components but may require specific configuration on their side to do so; refer to their respective documentation and configuration options.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AdditionalRoutingCapabilities" + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" }, - "clusterNetwork": { - "description": "clusterNetwork is the IP address pool to use for pod IPs. Some network providers support multiple ClusterNetworks. Others only support one. This is equivalent to the cluster-cidr.", + "envFrom": { + "description": "List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterNetworkEntry" + "$ref": "#/definitions/io.k8s.api.core.v1.EnvFromSource" }, "x-kubernetes-list-type": "atomic" }, - "defaultNetwork": { - "description": "defaultNetwork is the \"default\" network that all pods will receive", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DefaultNetworkDefinition" - }, - "deployKubeProxy": { - "description": "deployKubeProxy specifies whether or not a standalone kube-proxy should be deployed by the operator. Some network providers include kube-proxy or similar functionality. If unset, the plugin will attempt to select the correct value, which is false when ovn-kubernetes is used and true otherwise.", - "type": "boolean" - }, - "disableMultiNetwork": { - "description": "disableMultiNetwork defaults to 'false' and this setting enables the pod multi-networking capability. disableMultiNetwork when set to 'true' at cluster install time does not install the components, typically the Multus CNI and the network-attachment-definition CRD, that enable the pod multi-networking capability. Setting the parameter to 'true' might be useful when you need install third-party CNI plugins, but these plugins are not supported by Red Hat. Changing the parameter value as a postinstallation cluster task has no effect.", - "type": "boolean" - }, - "disableNetworkDiagnostics": { - "description": "disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck CRs from a test pod to every node, apiserver and LB should be disabled or not. If unset, this property defaults to 'false' and network diagnostics is enabled. Setting this to 'true' would reduce the additional load of the pods performing the checks.", - "type": "boolean", - "default": false - }, - "exportNetworkFlows": { - "description": "exportNetworkFlows enables and configures the export of network flow metadata from the pod network by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. If unset, flows will not be exported to any collector.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ExportNetworkFlows" - }, - "kubeProxyConfig": { - "description": "kubeProxyConfig lets us configure desired proxy configuration, if deployKubeProxy is true. If not specified, sensible defaults will be chosen by OpenShift directly.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ProxyConfig" - }, - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "image": { + "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images", "type": "string" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "imagePullPolicy": { + "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images\n\nPossible enum values:\n - `\"Always\"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.\n - `\"IfNotPresent\"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.\n - `\"Never\"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present", "type": "string", - "default": "" + "enum": [ + "Always", + "IfNotPresent", + "Never" + ] }, - "migration": { - "description": "migration enables and configures cluster network migration, for network changes that cannot be made instantly.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NetworkMigration" + "lifecycle": { + "description": "Lifecycle is not allowed for ephemeral containers.", + "$ref": "#/definitions/io.k8s.api.core.v1.Lifecycle" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "livenessProbe": { + "description": "Probes are not allowed for ephemeral containers.", + "$ref": "#/definitions/io.k8s.api.core.v1.Probe" }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "name": { + "description": "Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.", + "type": "string", + "default": "" }, - "serviceNetwork": { - "description": "serviceNetwork is the ip address pool to use for Service IPs Currently, all existing network providers only support a single value here, but this is an array to allow for growth.", + "ports": { + "description": "Ports are not allowed for ephemeral containers.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerPort" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "containerPort", + "x-kubernetes-patch-strategy": "merge" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "readinessProbe": { + "description": "Probes are not allowed for ephemeral containers.", + "$ref": "#/definitions/io.k8s.api.core.v1.Probe" }, - "useMultiNetworkPolicy": { - "description": "useMultiNetworkPolicy enables a controller which allows for MultiNetworkPolicy objects to be used on additional networks as created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy objects, but NetworkPolicy objects only apply to the primary interface. With MultiNetworkPolicy, you can control the traffic that a pod can receive over the secondary interfaces. If unset, this property defaults to 'false' and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is 'true' then the value of this field is ignored.", - "type": "boolean" - } - } - }, - "com.github.openshift.api.operator.v1.NetworkStatus": { - "description": "NetworkStatus is detailed operator status, which is distilled up to the Network clusteroperator object.", - "type": "object", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", + "resizePolicy": { + "description": "Resources resize policy for the container.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerResizePolicy" }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "resources": { + "description": "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" + }, + "restartPolicy": { + "description": "Restart policy for the container to manage the restart behavior of each container within a pod. You cannot set this field on ephemeral containers.", + "type": "string" + }, + "restartPolicyRules": { + "description": "Represents a list of rules to be checked to determine if the container should be restarted on exit. You cannot set this field on ephemeral containers.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerRestartRule" }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" + "securityContext": { + "description": "Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.", + "$ref": "#/definitions/io.k8s.api.core.v1.SecurityContext" }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" + "startupProbe": { + "description": "Probes are not allowed for ephemeral containers.", + "$ref": "#/definitions/io.k8s.api.core.v1.Probe" }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", + "type": "boolean" }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" - } - } - }, - "com.github.openshift.api.operator.v1.NoOverlayConfig": { - "description": "NoOverlayConfig contains configuration options for networks operating in no-overlay mode.", - "type": "object", - "required": [ - "outboundSNAT", - "routing" - ], - "properties": { - "outboundSNAT": { - "description": "outboundSNAT defines the SNAT behavior for outbound traffic from pods. Allowed values are \"Enabled\" and \"Disabled\". When set to \"Enabled\", SNAT is performed on outbound traffic from pods. When set to \"Disabled\", SNAT is not performed and pod IPs are preserved in outbound traffic. This field is required when the network operates in no-overlay mode. This field can be set to any value at installation time and can be changed afterwards.", + "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", + "type": "boolean" + }, + "targetContainerName": { + "description": "If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not support namespace targeting then the result of setting this field is undefined.", "type": "string" }, - "routing": { - "description": "routing specifies whether the pod network routing is managed by OVN-Kubernetes or users. Allowed values are \"Managed\" and \"Unmanaged\". When set to \"Managed\", OVN-Kubernetes manages the pod network routing configuration through BGP. When set to \"Unmanaged\", users are responsible for configuring the pod network routing. This field is required when the network operates in no-overlay mode. This field is immutable once set.", + "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", "type": "string" - } - } - }, - "com.github.openshift.api.operator.v1.NodeDisruptionPolicyClusterStatus": { - "description": "NodeDisruptionPolicyClusterStatus is the type for the status object, rendered by the controller as a merge of cluster defaults and user provided policies", - "type": "object", - "properties": { - "files": { - "description": "files is a list of MachineConfig file definitions and actions to take to changes on those paths", + }, + "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.\n\nPossible enum values:\n - `\"FallbackToLogsOnError\"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.\n - `\"File\"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.", + "type": "string", + "enum": [ + "FallbackToLogsOnError", + "File" + ] + }, + "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", + "type": "boolean" + }, + "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusFile" + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeDevice" }, "x-kubernetes-list-map-keys": [ - "path" + "devicePath" ], - "x-kubernetes-list-type": "map" - }, - "sshkey": { - "description": "sshkey is the overall sshkey MachineConfig definition", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusSSHKey" + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "devicePath", + "x-kubernetes-patch-strategy": "merge" }, - "units": { - "description": "units is a list MachineConfig unit definitions and actions to take on changes to those services", + "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusUnit" + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeMount" }, "x-kubernetes-list-map-keys": [ - "name" + "mountPath" ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "mountPath", + "x-kubernetes-patch-strategy": "merge" + }, + "workingDir": { + "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.NodeDisruptionPolicyConfig": { - "description": "NodeDisruptionPolicyConfig is the overall spec definition for files/units/sshkeys", + "io.k8s.api.core.v1.EphemeralContainerCommon": { + "description": "EphemeralContainerCommon is a copy of all fields in Container to be inlined in EphemeralContainer. This separate type allows easy conversion from EphemeralContainer to Container and allows separate documentation for the fields of EphemeralContainer. When a new field is added to Container it must be added here as well.", "type": "object", + "required": [ + "name" + ], "properties": { - "files": { - "description": "files is a list of MachineConfig file definitions and actions to take to changes on those paths This list supports a maximum of 50 entries.", + "args": { + "description": "Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecFile" + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "path" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" }, - "sshkey": { - "description": "sshkey maps to the ignition.sshkeys field in the MachineConfig object, definition an action for this will apply to all sshkey changes in the cluster", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecSSHKey" + "command": { + "description": "Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "units": { - "description": "units is a list MachineConfig unit definitions and actions to take on changes to those services This list supports a maximum of 50 entries.", + "env": { + "description": "List of environment variables to set in the container. Cannot be updated.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecUnit" + "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" }, "x-kubernetes-list-map-keys": [ "name" ], - "x-kubernetes-list-type": "map" - } - } - }, - "com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction": { - "type": "object", - "required": [ - "type" - ], - "properties": { - "reload": { - "description": "reload specifies the service to reload, only valid if type is reload", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ReloadService" - }, - "restart": { - "description": "restart specifies the service to restart, only valid if type is restart", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.RestartService" + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" }, - "type": { - "description": "type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration", - "type": "string", - "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "reload": "Reload", - "restart": "Restart" - } - } - ] - }, - "com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecFile": { - "description": "NodeDisruptionPolicySpecFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object", - "type": "object", - "required": [ - "path", - "actions" - ], - "properties": { - "actions": { - "description": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", + "envFrom": { + "description": "List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction" + "$ref": "#/definitions/io.k8s.api.core.v1.EnvFromSource" }, "x-kubernetes-list-type": "atomic" }, - "path": { - "description": "path is the location of a file being managed through a MachineConfig. The Actions in the policy will apply to changes to the file at this path.", + "image": { + "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images", + "type": "string" + }, + "imagePullPolicy": { + "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images\n\nPossible enum values:\n - `\"Always\"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.\n - `\"IfNotPresent\"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.\n - `\"Never\"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present", + "type": "string", + "enum": [ + "Always", + "IfNotPresent", + "Never" + ] + }, + "lifecycle": { + "description": "Lifecycle is not allowed for ephemeral containers.", + "$ref": "#/definitions/io.k8s.api.core.v1.Lifecycle" + }, + "livenessProbe": { + "description": "Probes are not allowed for ephemeral containers.", + "$ref": "#/definitions/io.k8s.api.core.v1.Probe" + }, + "name": { + "description": "Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecSSHKey": { - "description": "NodeDisruptionPolicySpecSSHKey is actions to take for any SSHKey change and is used in the NodeDisruptionPolicyConfig object", - "type": "object", - "required": [ - "actions" - ], - "properties": { - "actions": { - "description": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", + }, + "ports": { + "description": "Ports are not allowed for ephemeral containers.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction" + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerPort" }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecUnit": { - "description": "NodeDisruptionPolicySpecUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object", - "type": "object", - "required": [ - "name", - "actions" - ], - "properties": { - "actions": { - "description": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "containerPort", + "x-kubernetes-patch-strategy": "merge" + }, + "readinessProbe": { + "description": "Probes are not allowed for ephemeral containers.", + "$ref": "#/definitions/io.k8s.api.core.v1.Probe" + }, + "resizePolicy": { + "description": "Resources resize policy for the container.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction" + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerResizePolicy" }, "x-kubernetes-list-type": "atomic" }, - "name": { - "description": "name represents the service name of a systemd service managed through a MachineConfig Actions specified will be applied for changes to the named service. Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatus": { - "type": "object", - "properties": { - "clusterPolicies": { - "description": "clusterPolicies is a merge of cluster default and user provided node disruption policies.", + "resources": { + "description": "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyClusterStatus" - } - } - }, - "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction": { - "type": "object", - "required": [ - "type" - ], - "properties": { - "reload": { - "description": "reload specifies the service to reload, only valid if type is reload", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ReloadService" + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" }, - "restart": { - "description": "restart specifies the service to restart, only valid if type is restart", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.RestartService" + "restartPolicy": { + "description": "Restart policy for the container to manage the restart behavior of each container within a pod. You cannot set this field on ephemeral containers.", + "type": "string" }, - "type": { - "description": "type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration", - "type": "string", - "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "reload": "Reload", - "restart": "Restart" - } - } - ] - }, - "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusFile": { - "description": "NodeDisruptionPolicyStatusFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object", - "type": "object", - "required": [ - "path", - "actions" - ], - "properties": { - "actions": { - "description": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", + "restartPolicyRules": { + "description": "Represents a list of rules to be checked to determine if the container should be restarted on exit. You cannot set this field on ephemeral containers.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction" + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerRestartRule" }, "x-kubernetes-list-type": "atomic" }, - "path": { - "description": "path is the location of a file being managed through a MachineConfig. The Actions in the policy will apply to changes to the file at this path.", + "securityContext": { + "description": "Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.", + "$ref": "#/definitions/io.k8s.api.core.v1.SecurityContext" + }, + "startupProbe": { + "description": "Probes are not allowed for ephemeral containers.", + "$ref": "#/definitions/io.k8s.api.core.v1.Probe" + }, + "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", + "type": "boolean" + }, + "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", + "type": "boolean" + }, + "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", + "type": "string" + }, + "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.\n\nPossible enum values:\n - `\"FallbackToLogsOnError\"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.\n - `\"File\"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.", "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusSSHKey": { - "description": "NodeDisruptionPolicyStatusSSHKey is actions to take for any SSHKey change and is used in the NodeDisruptionPolicyClusterStatus object", - "type": "object", - "required": [ - "actions" - ], - "properties": { - "actions": { - "description": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction" - }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusUnit": { - "description": "NodeDisruptionPolicyStatusUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object", - "type": "object", - "required": [ - "name", - "actions" - ], - "properties": { - "actions": { - "description": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", + "enum": [ + "FallbackToLogsOnError", + "File" + ] + }, + "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", + "type": "boolean" + }, + "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction" + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeDevice" }, - "x-kubernetes-list-type": "atomic" - }, - "name": { - "description": "name represents the service name of a systemd service managed through a MachineConfig Actions specified will be applied for changes to the named service. Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.operator.v1.NodePlacement": { - "description": "NodePlacement describes node scheduling configuration for an ingress controller.", - "type": "object", - "properties": { - "nodeSelector": { - "description": "nodeSelector is the node selector applied to ingress controller deployments.\n\nIf set, the specified selector is used and replaces the default.\n\nIf unset, the default depends on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses status.\n\nWhen defaultPlacement is Workers, the default is:\n\n kubernetes.io/os: linux\n node-role.kubernetes.io/worker: ''\n\nWhen defaultPlacement is ControlPlane, the default is:\n\n kubernetes.io/os: linux\n node-role.kubernetes.io/master: ''\n\nThese defaults are subject to change.\n\nNote that using nodeSelector.matchExpressions is not supported. Only nodeSelector.matchLabels may be used. This is a limitation of the Kubernetes API: the pod spec does not allow complex expressions for node selectors.", - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "devicePath", + "x-kubernetes-patch-strategy": "merge" }, - "tolerations": { - "description": "tolerations is a list of tolerations applied to ingress controller deployments.\n\nThe default is an empty list.\n\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/", + "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeMount" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "mountPath", + "x-kubernetes-patch-strategy": "merge" + }, + "workingDir": { + "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.NodePortStrategy": { - "description": "NodePortStrategy holds parameters for the NodePortService endpoint publishing strategy.", + "io.k8s.api.core.v1.EphemeralVolumeSource": { + "description": "Represents an ephemeral volume that is handled by a normal storage driver.", "type": "object", "properties": { - "protocol": { - "description": "protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string. * \"TCP\". * \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change.", - "type": "string" + "volumeClaimTemplate": { + "description": "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes to the PVC after it has been created.\n\nRequired, must not be nil.", + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimTemplate" } } }, - "com.github.openshift.api.operator.v1.NodeStatus": { - "description": "NodeStatus provides information about the current state of a particular node managed by this operator.", + "io.k8s.api.core.v1.Event": { + "description": "Event is a report of an event somewhere in the cluster. Events have a limited retention time and triggers and messages may evolve with time. Event consumers should not rely on the timing of an event with a given Reason reflecting a consistent underlying trigger, or the continued existence of events with that Reason. Events should be treated as informative, best-effort, supplemental data.", "type": "object", "required": [ - "nodeName" + "metadata", + "involvedObject" ], "properties": { - "currentRevision": { - "description": "currentRevision is the generation of the most recently successful deployment. Can not be set on creation of a nodeStatus. Updates must only increase the value.", - "type": "integer", - "format": "int32" - }, - "lastFailedCount": { - "description": "lastFailedCount is how often the installer pod of the last failed revision failed.", - "type": "integer", - "format": "int32" + "action": { + "description": "What action was taken/failed regarding to the Regarding object.", + "type": "string" }, - "lastFailedReason": { - "description": "lastFailedReason is a machine readable failure reason string.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "lastFailedRevision": { - "description": "lastFailedRevision is the generation of the deployment we tried and failed to deploy.", + "count": { + "description": "The number of times this event has occurred.", "type": "integer", "format": "int32" }, - "lastFailedRevisionErrors": { - "description": "lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "lastFailedTime": { - "description": "lastFailedTime is the time the last failed revision failed the last time.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "lastFallbackCount": { - "description": "lastFallbackCount is how often a fallback to a previous revision happened.", - "type": "integer", - "format": "int32" + "eventTime": { + "description": "Time when this Event was first observed.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.MicroTime" }, - "nodeName": { - "description": "nodeName is the name of the node", - "type": "string", - "default": "" + "firstTimestamp": { + "description": "The time at which the event was first recorded. (Time of server receipt is in TypeMeta.)", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, - "targetRevision": { - "description": "targetRevision is the generation of the deployment we're trying to apply. Can not be set on creation of a nodeStatus.", - "type": "integer", - "format": "int32" - } - } - }, - "com.github.openshift.api.operator.v1.OAuthAPIServerStatus": { - "type": "object", - "properties": { - "latestAvailableRevision": { - "description": "latestAvailableRevision is the latest revision used as suffix of revisioned secrets like encryption-config. A new revision causes a new deployment of pods.", - "type": "integer", - "format": "int32" - } - } - }, - "com.github.openshift.api.operator.v1.OLM": { - "description": "OLM provides information to configure an operator to manage the OLM controllers\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "metadata", - "spec" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "involvedObject": { + "description": "The object that this event is about.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, + "lastTimestamp": { + "description": "The time at which the most recent occurrence of this event was recorded.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "message": { + "description": "A human-readable description of the status of this operation.", + "type": "string" + }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OLMSpec" + "reason": { + "description": "This should be a short, machine understandable string that gives the reason for the transition into the object's current status.", + "type": "string" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", + "related": { + "description": "Optional secondary object for more complex actions.", + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + }, + "reportingComponent": { + "description": "Name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`.", + "type": "string", + "default": "" + }, + "reportingInstance": { + "description": "ID of the controller instance, e.g. `kubelet-xyzf`.", + "type": "string", + "default": "" + }, + "series": { + "description": "Data about the Event series this event represents or nil if it's a singleton Event.", + "$ref": "#/definitions/io.k8s.api.core.v1.EventSeries" + }, + "source": { + "description": "The component reporting this event. Should be a short machine understandable string.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OLMStatus" + "$ref": "#/definitions/io.k8s.api.core.v1.EventSource" + }, + "type": { + "description": "Type of this event (Normal, Warning), new types could be added in the future", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.OLMList": { - "description": "OLMList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.EventList": { + "description": "EventList is a list of events.", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -45932,11 +44295,11 @@ "type": "string" }, "items": { - "description": "items contains the items", + "description": "List of events", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OLM" + "$ref": "#/definitions/io.k8s.api.core.v1.Event" } }, "kind": { @@ -45944,997 +44307,889 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1.OLMSpec": { + "io.k8s.api.core.v1.EventSeries": { + "description": "EventSeries contain information on series of events, i.e. thing that was/is happening continuously for some time.", "type": "object", - "required": [ - "managementState" - ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "type": "string", - "default": "" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "count": { + "description": "Number of occurrences in this series up to the last heartbeat time", + "type": "integer", + "format": "int32" }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "lastObservedTime": { + "description": "Time of the last occurrence observed", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.MicroTime" + } + } + }, + "io.k8s.api.core.v1.EventSource": { + "description": "EventSource contains information for an event.", + "type": "object", + "properties": { + "component": { + "description": "Component from which the event is generated.", "type": "string" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "host": { + "description": "Node name on which the event is generated.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.OLMStatus": { + "io.k8s.api.core.v1.ExecAction": { + "description": "ExecAction describes a \"run in container\" action.", "type": "object", "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.operator.v1.OVNKubernetesConfig": { - "description": "ovnKubernetesConfig contains the configuration parameters for networks using the ovn-kubernetes network project", + "io.k8s.api.core.v1.FCVolumeSource": { + "description": "Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.", "type": "object", "properties": { - "bgpManagedConfig": { - "description": "bgpManagedConfig configures the BGP properties for networks (default network or CUDNs) in no-overlay mode that specify routing=\"Managed\" in their noOverlayConfig. It is required when noOverlayConfig.routing is set to \"Managed\". When omitted, this means the user does not configure BGP for managed routing. This field can be set at installation time or on day 2, and can be modified at any time.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.BGPManagedConfig" - }, - "egressIPConfig": { - "description": "egressIPConfig holds the configuration for EgressIP options.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.EgressIPConfig" - }, - "gatewayConfig": { - "description": "gatewayConfig holds the configuration for node gateway options.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GatewayConfig" + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" }, - "genevePort": { - "description": "geneve port is the UDP port to be used by geneve encapulation. Default is 6081", + "lun": { + "description": "lun is Optional: FC target lun number", "type": "integer", - "format": "int64" + "format": "int32" }, - "hybridOverlayConfig": { - "description": "hybridOverlayConfig configures an additional overlay network for peers that are not using OVN.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.HybridOverlayConfig" + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" }, - "ipsecConfig": { - "description": "ipsecConfig enables and configures IPsec for pods on the pod network within the cluster.", - "default": { - "mode": "Disabled" + "targetWWNs": { + "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", + "type": "array", + "items": { + "type": "string", + "default": "" }, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPsecConfig" - }, - "ipv4": { - "description": "ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPv4OVNKubernetesConfig" - }, - "ipv6": { - "description": "ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPv6OVNKubernetesConfig" - }, - "mtu": { - "description": "mtu is the MTU to use for the tunnel interface. This must be 100 bytes smaller than the uplink mtu. Default is 1400", - "type": "integer", - "format": "int64" - }, - "noOverlayConfig": { - "description": "noOverlayConfig contains configuration for no-overlay mode. This configuration applies to the default network only. It is required when transport is \"NoOverlay\". When omitted, this means the user does not configure no-overlay mode options.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NoOverlayConfig" - }, - "policyAuditConfig": { - "description": "policyAuditConfig is the configuration for network policy audit events. If unset, reported defaults are used.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.PolicyAuditConfig" - }, - "routeAdvertisements": { - "description": "routeAdvertisements determines if the functionality to advertise cluster network routes through a dynamic routing protocol, such as BGP, is enabled or not. This functionality is configured through the ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing capability provider to be enabled as an additional routing capability. Allowed values are \"Enabled\", \"Disabled\" and ommited. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is \"Disabled\".", - "type": "string" - }, - "transport": { - "description": "transport sets the transport mode for pods on the default network. Allowed values are \"NoOverlay\" and \"Geneve\". \"NoOverlay\" avoids tunnel encapsulation, routing pod traffic directly between nodes. \"Geneve\" encapsulates pod traffic using Geneve tunnels between nodes. When omitted, this means the user has no opinion and the platform chooses a reasonable default which is subject to change over time. The current default is \"Geneve\". \"NoOverlay\" can only be set at installation time and cannot be changed afterwards. \"Geneve\" may be set explicitly at any time to lock in the current default.", - "type": "string" - }, - "v4InternalSubnet": { - "description": "v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. Default is 100.64.0.0/16", - "type": "string" + "x-kubernetes-list-type": "atomic" }, - "v6InternalSubnet": { - "description": "v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. Default is fd98::/64", - "type": "string" + "wwids": { + "description": "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.operator.v1.OpenShiftAPIServer": { - "description": "OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.FileKeySelector": { + "description": "FileKeySelector selects a key of the env file.", "type": "object", "required": [ - "metadata", - "spec" + "volumeName", + "path", + "key" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "key": { + "description": "The key within the env file. An invalid key will prevent the pod from starting. The keys defined within a source may consist of any printable ASCII characters except '='. During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.", + "type": "string", + "default": "" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "optional": { + "description": "Specify whether the file or its key must be defined. If the file or key does not exist, then the env var is not published. If optional is set to true and the specified key does not exist, the environment variable will not be set in the Pod's containers.\n\nIf optional is set to false and the specified key does not exist, an error will be returned during Pod creation.", + "type": "boolean", + "default": false }, - "spec": { - "description": "spec is the specification of the desired behavior of the OpenShift API Server.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftAPIServerSpec" + "path": { + "description": "The path within the volume from which to select the file. Must be relative and may not contain the '..' path or start with '..'.", + "type": "string", + "default": "" }, - "status": { - "description": "status defines the observed status of the OpenShift API Server.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftAPIServerStatus" + "volumeName": { + "description": "The name of the volume mount containing the env file.", + "type": "string", + "default": "" } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.operator.v1.OpenShiftAPIServerList": { - "description": "OpenShiftAPIServerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.FlexPersistentVolumeSource": { + "description": "FlexPersistentVolumeSource represents a generic persistent volume resource that is provisioned/attached using an exec based plugin.", "type": "object", "required": [ - "metadata", - "items" + "driver" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "driver": { + "description": "driver is the name of the driver to use for this volume.", + "type": "string", + "default": "" }, - "items": { - "description": "items contains the items", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftAPIServer" + "fsType": { + "description": "fsType is the Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", + "type": "string" + }, + "options": { + "description": "options is Optional: this field holds extra command options if any.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "readOnly": { + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "secretRef": { + "description": "secretRef is Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.", + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" } } }, - "com.github.openshift.api.operator.v1.OpenShiftAPIServerSpec": { + "io.k8s.api.core.v1.FlexVolumeSource": { + "description": "FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.", "type": "object", "required": [ - "managementState" + "driver" ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "driver": { + "description": "driver is the name of the driver to use for this volume.", "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" - }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", "type": "string" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.operator.v1.OpenShiftAPIServerStatus": { - "type": "object", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" + "options": { + "description": "options is Optional: this field holds extra command options if any.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "readOnly": { + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + "secretRef": { + "description": "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" } } }, - "com.github.openshift.api.operator.v1.OpenShiftControllerManager": { - "description": "OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.FlockerVolumeSource": { + "description": "Represents a Flocker volume mounted by the Flocker agent. One and only one of datasetName and datasetUUID should be set. Flocker volumes do not support ownership management or SELinux relabeling.", "type": "object", - "required": [ - "metadata", - "spec" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "datasetName": { + "description": "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "datasetUUID": { + "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftControllerManagerSpec" - }, - "status": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftControllerManagerStatus" } } }, - "com.github.openshift.api.operator.v1.OpenShiftControllerManagerList": { - "description": "OpenShiftControllerManagerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.GCEPersistentDiskVolumeSource": { + "description": "Represents a Persistent Disk resource in Google Compute Engine.\n\nA GCE PD must exist before mounting to a container. The disk must also be in the same GCE project and zone as the kubelet. A GCE PD can only be mounted as read/write once or read-only many times. GCE PDs support ownership management and SELinux relabeling.", "type": "object", "required": [ - "metadata", - "items" + "pdName" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items contains the items", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftControllerManager" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "fsType": { + "description": "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.operator.v1.OpenShiftControllerManagerSpec": { - "type": "object", - "required": [ - "managementState" - ], - "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "partition": { + "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "integer", + "format": "int32" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "pdName": { + "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" - }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "boolean" } } }, - "com.github.openshift.api.operator.v1.OpenShiftControllerManagerStatus": { + "io.k8s.api.core.v1.GRPCAction": { + "description": "GRPCAction specifies an action involving a GRPC service.", "type": "object", + "required": [ + "port" + ], "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", "type": "integer", "format": "int32", "default": 0 }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + "service": { + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.OpenShiftSDNConfig": { - "description": "OpenShiftSDNConfig was used to configure the OpenShift SDN plugin. It is no longer used.", + "io.k8s.api.core.v1.GitRepoVolumeSource": { + "description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.\n\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", "type": "object", "required": [ - "mode" + "repository" ], "properties": { - "enableUnidling": { - "description": "enableUnidling controls whether or not the service proxy will support idling and unidling of services. By default, unidling is enabled.", - "type": "boolean" + "directory": { + "description": "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.", + "type": "string" }, - "mode": { - "description": "mode is one of \"Multitenant\", \"Subnet\", or \"NetworkPolicy\"", + "repository": { + "description": "repository is the URL", "type": "string", "default": "" }, - "mtu": { - "description": "mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. This must be 50 bytes smaller than the machine's uplink.", - "type": "integer", - "format": "int64" - }, - "useExternalOpenvswitch": { - "description": "useExternalOpenvswitch used to control whether the operator would deploy an OVS DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always run as a system service, and this flag is ignored.", - "type": "boolean" - }, - "vxlanPort": { - "description": "vxlanPort is the port to use for all vxlan packets. The default is 4789.", - "type": "integer", - "format": "int64" - } - } - }, - "com.github.openshift.api.operator.v1.OpenStackLoadBalancerParameters": { - "description": "OpenStackLoadBalancerParameters provides configuration settings that are specific to OpenStack load balancers.", - "type": "object", - "properties": { - "floatingIP": { - "description": "floatingIP specifies the IP address that the load balancer will use. When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. When specified, the floating IP has to be pre-created. If the specified value is not a floating IP or is already claimed, the OpenStack cloud provider won't be able to provision the load balancer. This field may only be used if the IngressController has External scope. This value must be a valid IPv4 or IPv6 address.", + "revision": { + "description": "revision is the commit hash for the specified revision.", "type": "string" } } }, - "com.github.openshift.api.operator.v1.OperatorCondition": { - "description": "OperatorCondition is just the standard condition fields.", + "io.k8s.api.core.v1.GlusterfsPersistentVolumeSource": { + "description": "Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.", "type": "object", "required": [ - "type", - "status", - "lastTransitionTime" + "endpoints", + "path" ], "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "message": { - "type": "string" + "endpoints": { + "description": "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string", + "default": "" }, - "reason": { + "endpointsNamespace": { + "description": "endpointsNamespace is the namespace that contains Glusterfs endpoint. If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", + "path": { + "description": "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string", "default": "" }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "type": "string", - "default": "" + "readOnly": { + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "boolean" } } }, - "com.github.openshift.api.operator.v1.OperatorSpec": { - "description": "OperatorSpec contains common fields operators need. It is intended to be anonymous included inside of the Spec struct for your particular operator.", + "io.k8s.api.core.v1.GlusterfsVolumeSource": { + "description": "Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.", "type": "object", "required": [ - "managementState" + "endpoints", + "path" ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "endpoints": { + "description": "endpoints is the endpoint name that details Glusterfs topology.", "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" - }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "path": { + "description": "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string", + "default": "" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "readOnly": { + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "boolean" } } }, - "com.github.openshift.api.operator.v1.OperatorStatus": { + "io.k8s.api.core.v1.HTTPGetAction": { + "description": "HTTPGetAction describes an action based on HTTP Get requests.", "type": "object", + "required": [ + "port" + ], "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", + "type": "string" }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + "$ref": "#/definitions/io.k8s.api.core.v1.HTTPHeader" }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" + "x-kubernetes-list-type": "atomic" }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" + "path": { + "description": "Path to access on the HTTP server.", + "type": "string" }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.\n\nPossible enum values:\n - `\"HTTP\"` means that the scheme used will be http://\n - `\"HTTPS\"` means that the scheme used will be https://", + "type": "string", + "enum": [ + "HTTP", + "HTTPS" + ] } } }, - "com.github.openshift.api.operator.v1.PartialSelector": { - "description": "PartialSelector provides label selector(s) that can be used to match machine management resources.", + "io.k8s.api.core.v1.HTTPHeader": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", "required": [ - "machineResourceSelector" + "name", + "value" ], "properties": { - "machineResourceSelector": { - "description": "machineResourceSelector is a label selector that can be used to select machine resources like MachineSets.", - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + "name": { + "description": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string", + "default": "" + }, + "value": { + "description": "The header field value", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.Perspective": { - "description": "Perspective defines a perspective that cluster admins want to show/hide in the perspective switcher dropdown", + "io.k8s.api.core.v1.HostAlias": { + "description": "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.", "type": "object", "required": [ - "id", - "visibility" + "ip" ], "properties": { - "id": { - "description": "id defines the id of the perspective. Example: \"dev\", \"admin\". The available perspective ids can be found in the code snippet section next to the yaml editor. Incorrect or unknown ids will be ignored.", - "type": "string", - "default": "" - }, - "pinnedResources": { - "description": "pinnedResources defines the list of default pinned resources that users will see on the perspective navigation if they have not customized these pinned resources themselves. The list of available Kubernetes resources could be read via `kubectl api-resources`. The console will also provide a configuration UI and a YAML snippet that will list the available resources that can be pinned to the navigation. Incorrect or unknown resources will be ignored.", + "hostnames": { + "description": "Hostnames for the above IP address.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.PinnedResourceReference" - } + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "visibility": { - "description": "visibility defines the state of perspective along with access review checks if needed for that perspective.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.PerspectiveVisibility" + "ip": { + "description": "IP address of the host file entry.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.PerspectiveVisibility": { - "description": "PerspectiveVisibility defines the criteria to show/hide a perspective", + "io.k8s.api.core.v1.HostIP": { + "description": "HostIP represents a single IP address allocated to the host.", "type": "object", "required": [ - "state" + "ip" ], "properties": { - "accessReview": { - "description": "accessReview defines required and missing access review checks.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ResourceAttributesAccessReview" - }, - "state": { - "description": "state defines the perspective is enabled or disabled or access review check is required.", + "ip": { + "description": "IP is the IP address assigned to the host", "type": "string", "default": "" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "state", - "fields-to-discriminateBy": { - "accessReview": "AccessReview" - } - } - ] + } }, - "com.github.openshift.api.operator.v1.PinnedResourceReference": { - "description": "PinnedResourceReference includes the group, version and type of resource", + "io.k8s.api.core.v1.HostPathVolumeSource": { + "description": "Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.", "type": "object", "required": [ - "group", - "version", - "resource" + "path" ], "properties": { - "group": { - "description": "group is the API Group of the Resource. Enter empty string for the core group. This value should consist of only lowercase alphanumeric characters, hyphens and periods. Example: \"\", \"apps\", \"build.openshift.io\", etc.", - "type": "string", - "default": "" - }, - "resource": { - "description": "resource is the type that is being referenced. It is normally the plural form of the resource kind in lowercase. This value should consist of only lowercase alphanumeric characters and hyphens. Example: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", + "path": { + "description": "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", "type": "string", "default": "" }, - "version": { - "description": "version is the API Version of the Resource. This value should consist of only lowercase alphanumeric characters. Example: \"v1\", \"v1beta1\", etc.", + "type": { + "description": "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n\nPossible enum values:\n - `\"\"` For backwards compatible, leave it empty if unset\n - `\"BlockDevice\"` A block device must exist at the given path\n - `\"CharDevice\"` A character device must exist at the given path\n - `\"Directory\"` A directory must exist at the given path\n - `\"DirectoryOrCreate\"` If nothing exists at the given path, an empty directory will be created there as needed with file mode 0755, having the same group and ownership with Kubelet.\n - `\"File\"` A file must exist at the given path\n - `\"FileOrCreate\"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet.\n - `\"Socket\"` A UNIX socket must exist at the given path", "type": "string", - "default": "" + "enum": [ + "", + "BlockDevice", + "CharDevice", + "Directory", + "DirectoryOrCreate", + "File", + "FileOrCreate", + "Socket" + ] } } }, - "com.github.openshift.api.operator.v1.PolicyAuditConfig": { + "io.k8s.api.core.v1.ISCSIPersistentVolumeSource": { + "description": "ISCSIPersistentVolumeSource represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.", "type": "object", - "properties": { - "destination": { - "description": "destination is the location for policy log messages. Regardless of this config, persistent logs will always be dumped to the host at /var/log/ovn/ however Additionally syslog output may be configured as follows. Valid values are: - \"libc\" -> to use the libc syslog() function of the host node's journdald process - \"udp:host:port\" -> for sending syslog over UDP - \"unix:file\" -> for using the UNIX domain socket directly - \"null\" -> to discard all messages logged to syslog The default is \"null\"", + "required": [ + "targetPortal", + "iqn", + "lun" + ], + "properties": { + "chapAuthDiscovery": { + "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", + "type": "boolean" + }, + "chapAuthSession": { + "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", + "type": "boolean" + }, + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", "type": "string" }, - "maxFileSize": { - "description": "maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs Units are in MB and the Default is 50MB", - "type": "integer", - "format": "int64" + "initiatorName": { + "description": "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection.", + "type": "string" }, - "maxLogFiles": { - "description": "maxLogFiles specifies the maximum number of ACL_audit log files that can be present.", - "type": "integer", - "format": "int32" + "iqn": { + "description": "iqn is Target iSCSI Qualified Name.", + "type": "string", + "default": "" }, - "rateLimit": { - "description": "rateLimit is the approximate maximum number of messages to generate per-second per-node. If unset the default of 20 msg/sec is used.", + "iscsiInterface": { + "description": "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).", + "type": "string", + "default": "default" + }, + "lun": { + "description": "lun is iSCSI Target Lun number.", "type": "integer", - "format": "int64" + "format": "int32", + "default": 0 }, - "syslogFacility": { - "description": "syslogFacility the RFC5424 facility for generated messages, e.g. \"kern\". Default is \"local0\"", - "type": "string" - } - } - }, - "com.github.openshift.api.operator.v1.PrivateStrategy": { - "description": "PrivateStrategy holds parameters for the Private endpoint publishing strategy.", - "type": "object", - "properties": { - "protocol": { - "description": "protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string. * \"TCP\". * \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change.", - "type": "string" - } - } - }, - "com.github.openshift.api.operator.v1.ProjectAccess": { - "description": "ProjectAccess contains options for project access roles", - "type": "object", - "properties": { - "availableClusterRoles": { - "description": "availableClusterRoles is the list of ClusterRole names that are assignable to users through the project access tab.", + "portals": { + "description": "portals is the iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" + }, + "targetPortal": { + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.ProviderLoadBalancerParameters": { - "description": "ProviderLoadBalancerParameters holds desired load balancer information specific to the underlying infrastructure provider.", + "io.k8s.api.core.v1.ISCSIVolumeSource": { + "description": "Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.", "type": "object", "required": [ - "type" + "targetPortal", + "iqn", + "lun" ], "properties": { - "aws": { - "description": "aws provides configuration settings that are specific to AWS load balancers.\n\nIf empty, defaults will be applied. See specific aws fields for details about their defaults.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSLoadBalancerParameters" + "chapAuthDiscovery": { + "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", + "type": "boolean" }, - "gcp": { - "description": "gcp provides configuration settings that are specific to GCP load balancers.\n\nIf empty, defaults will be applied. See specific gcp fields for details about their defaults.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GCPLoadBalancerParameters" + "chapAuthSession": { + "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", + "type": "boolean" }, - "ibm": { - "description": "ibm provides configuration settings that are specific to IBM Cloud load balancers.\n\nIf empty, defaults will be applied. See specific ibm fields for details about their defaults.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IBMLoadBalancerParameters" + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", + "type": "string" }, - "openstack": { - "description": "openstack provides configuration settings that are specific to OpenStack load balancers.\n\nIf empty, defaults will be applied. See specific openstack fields for details about their defaults.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenStackLoadBalancerParameters" + "initiatorName": { + "description": "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection.", + "type": "string" }, - "type": { - "description": "type is the underlying infrastructure provider for the load balancer. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"IBM\", \"Nutanix\", \"OpenStack\", and \"VSphere\".", + "iqn": { + "description": "iqn is the target iSCSI Qualified Name.", "type": "string", "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "aws": "AWS", - "gcp": "GCP", - "ibm": "IBM", - "openstack": "OpenStack" - } - } - ] - }, - "com.github.openshift.api.operator.v1.ProxyConfig": { - "description": "ProxyConfig defines the configuration knobs for kubeproxy All of these are optional and have sensible defaults", - "type": "object", - "properties": { - "bindAddress": { - "description": "The address to \"bind\" on Defaults to 0.0.0.0", - "type": "string" }, - "iptablesSyncPeriod": { - "description": "An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted in large clusters for performance reasons, but this is no longer necessary, and there is no reason to change this from the default value. Default: 30s", - "type": "string" + "iscsiInterface": { + "description": "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).", + "type": "string", + "default": "default" }, - "proxyArguments": { - "description": "Any additional arguments to pass to the kubeproxy process", - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string", - "default": "" - } - } - } - } - }, - "com.github.openshift.api.operator.v1.QuickStarts": { - "description": "QuickStarts allow cluster admins to customize available ConsoleQuickStart resources.", - "type": "object", - "properties": { - "disabled": { - "description": "disabled is a list of ConsoleQuickStart resource names that are not shown to users.", + "lun": { + "description": "lun represents iSCSI Target Lun number.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "portals": { + "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", "type": "array", "items": { "type": "string", "default": "" - } - } - } - }, - "com.github.openshift.api.operator.v1.ReloadService": { - "description": "ReloadService allows the user to specify the services to be reloaded", - "type": "object", - "required": [ - "serviceName" - ], - "properties": { - "serviceName": { - "description": "serviceName is the full name (e.g. crio.service) of the service to be reloaded Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", + }, + "x-kubernetes-list-type": "atomic" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "targetPortal": { + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1.ResourceAttributesAccessReview": { - "description": "ResourceAttributesAccessReview defines the visibility of the perspective depending on the access review checks. `required` and `missing` can work together esp. in the case where the cluster admin wants to show another perspective to users without specific permissions. Out of `required` and `missing` atleast one property should be non-empty.", + "io.k8s.api.core.v1.ImageVolumeSource": { + "description": "ImageVolumeSource represents a image volume resource.", "type": "object", "properties": { - "missing": { - "description": "missing defines a list of permission checks. The perspective will only be shown when at least one check fails. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the required access review list.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/ResourceAttributes.v1.authorization.api.k8s.io" - } + "pullPolicy": { + "description": "Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.\n\nPossible enum values:\n - `\"Always\"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.\n - `\"IfNotPresent\"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.\n - `\"Never\"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present", + "type": "string", + "enum": [ + "Always", + "IfNotPresent", + "Never" + ] }, - "required": { - "description": "required defines a list of permission checks. The perspective will only be shown when all checks are successful. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the missing access review list.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/ResourceAttributes.v1.authorization.api.k8s.io" - } + "reference": { + "description": "Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.RestartService": { - "description": "RestartService allows the user to specify the services to be restarted", + "io.k8s.api.core.v1.KeyToPath": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ - "serviceName" + "key", + "path" ], "properties": { - "serviceName": { - "description": "serviceName is the full name (e.g. crio.service) of the service to be restarted Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", + "key": { + "description": "key is the key to project.", + "type": "string", + "default": "" + }, + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" + }, + "path": { + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1.RouteAdmissionPolicy": { - "description": "RouteAdmissionPolicy is an admission policy for allowing new route claims.", + "io.k8s.api.core.v1.Lifecycle": { + "description": "Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.", "type": "object", "properties": { - "namespaceOwnership": { - "description": "namespaceOwnership describes how host name claims across namespaces should be handled.\n\nValue must be one of:\n\n- Strict: Do not allow routes in different namespaces to claim the same host.\n\n- InterNamespaceAllowed: Allow routes to claim different paths of the same\n host name across namespaces.\n\nIf empty, the default is Strict.", - "type": "string" + "postStart": { + "description": "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "$ref": "#/definitions/io.k8s.api.core.v1.LifecycleHandler" }, - "wildcardPolicy": { - "description": "wildcardPolicy describes how routes with wildcard policies should be handled for the ingress controller. WildcardPolicy controls use of routes [1] exposed by the ingress controller based on the route's wildcard policy.\n\n[1] https://github.com/openshift/api/blob/master/route/v1/types.go\n\nNote: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed will cause admitted routes with a wildcard policy of Subdomain to stop working. These routes must be updated to a wildcard policy of None to be readmitted by the ingress controller.\n\nWildcardPolicy supports WildcardsAllowed and WildcardsDisallowed values.\n\nIf empty, defaults to \"WildcardsDisallowed\".", - "type": "string" + "preStop": { + "description": "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "$ref": "#/definitions/io.k8s.api.core.v1.LifecycleHandler" + }, + "stopSignal": { + "description": "StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name\n\nPossible enum values:\n - `\"SIGABRT\"`\n - `\"SIGALRM\"`\n - `\"SIGBUS\"`\n - `\"SIGCHLD\"`\n - `\"SIGCLD\"`\n - `\"SIGCONT\"`\n - `\"SIGFPE\"`\n - `\"SIGHUP\"`\n - `\"SIGILL\"`\n - `\"SIGINT\"`\n - `\"SIGIO\"`\n - `\"SIGIOT\"`\n - `\"SIGKILL\"`\n - `\"SIGPIPE\"`\n - `\"SIGPOLL\"`\n - `\"SIGPROF\"`\n - `\"SIGPWR\"`\n - `\"SIGQUIT\"`\n - `\"SIGRTMAX\"`\n - `\"SIGRTMAX-1\"`\n - `\"SIGRTMAX-10\"`\n - `\"SIGRTMAX-11\"`\n - `\"SIGRTMAX-12\"`\n - `\"SIGRTMAX-13\"`\n - `\"SIGRTMAX-14\"`\n - `\"SIGRTMAX-2\"`\n - `\"SIGRTMAX-3\"`\n - `\"SIGRTMAX-4\"`\n - `\"SIGRTMAX-5\"`\n - `\"SIGRTMAX-6\"`\n - `\"SIGRTMAX-7\"`\n - `\"SIGRTMAX-8\"`\n - `\"SIGRTMAX-9\"`\n - `\"SIGRTMIN\"`\n - `\"SIGRTMIN+1\"`\n - `\"SIGRTMIN+10\"`\n - `\"SIGRTMIN+11\"`\n - `\"SIGRTMIN+12\"`\n - `\"SIGRTMIN+13\"`\n - `\"SIGRTMIN+14\"`\n - `\"SIGRTMIN+15\"`\n - `\"SIGRTMIN+2\"`\n - `\"SIGRTMIN+3\"`\n - `\"SIGRTMIN+4\"`\n - `\"SIGRTMIN+5\"`\n - `\"SIGRTMIN+6\"`\n - `\"SIGRTMIN+7\"`\n - `\"SIGRTMIN+8\"`\n - `\"SIGRTMIN+9\"`\n - `\"SIGSEGV\"`\n - `\"SIGSTKFLT\"`\n - `\"SIGSTOP\"`\n - `\"SIGSYS\"`\n - `\"SIGTERM\"`\n - `\"SIGTRAP\"`\n - `\"SIGTSTP\"`\n - `\"SIGTTIN\"`\n - `\"SIGTTOU\"`\n - `\"SIGURG\"`\n - `\"SIGUSR1\"`\n - `\"SIGUSR2\"`\n - `\"SIGVTALRM\"`\n - `\"SIGWINCH\"`\n - `\"SIGXCPU\"`\n - `\"SIGXFSZ\"`", + "type": "string", + "enum": [ + "SIGABRT", + "SIGALRM", + "SIGBUS", + "SIGCHLD", + "SIGCLD", + "SIGCONT", + "SIGFPE", + "SIGHUP", + "SIGILL", + "SIGINT", + "SIGIO", + "SIGIOT", + "SIGKILL", + "SIGPIPE", + "SIGPOLL", + "SIGPROF", + "SIGPWR", + "SIGQUIT", + "SIGRTMAX", + "SIGRTMAX-1", + "SIGRTMAX-10", + "SIGRTMAX-11", + "SIGRTMAX-12", + "SIGRTMAX-13", + "SIGRTMAX-14", + "SIGRTMAX-2", + "SIGRTMAX-3", + "SIGRTMAX-4", + "SIGRTMAX-5", + "SIGRTMAX-6", + "SIGRTMAX-7", + "SIGRTMAX-8", + "SIGRTMAX-9", + "SIGRTMIN", + "SIGRTMIN+1", + "SIGRTMIN+10", + "SIGRTMIN+11", + "SIGRTMIN+12", + "SIGRTMIN+13", + "SIGRTMIN+14", + "SIGRTMIN+15", + "SIGRTMIN+2", + "SIGRTMIN+3", + "SIGRTMIN+4", + "SIGRTMIN+5", + "SIGRTMIN+6", + "SIGRTMIN+7", + "SIGRTMIN+8", + "SIGRTMIN+9", + "SIGSEGV", + "SIGSTKFLT", + "SIGSTOP", + "SIGSYS", + "SIGTERM", + "SIGTRAP", + "SIGTSTP", + "SIGTTIN", + "SIGTTOU", + "SIGURG", + "SIGUSR1", + "SIGUSR2", + "SIGVTALRM", + "SIGWINCH", + "SIGXCPU", + "SIGXFSZ" + ] } } }, - "com.github.openshift.api.operator.v1.SFlowConfig": { + "io.k8s.api.core.v1.LifecycleHandler": { + "description": "LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.", "type": "object", "properties": { - "collectors": { - "description": "sFlowCollectors is list of strings formatted as ip:port with a maximum of ten items", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "exec": { + "description": "Exec specifies a command to execute in the container.", + "$ref": "#/definitions/io.k8s.api.core.v1.ExecAction" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "$ref": "#/definitions/io.k8s.api.core.v1.HTTPGetAction" + }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "$ref": "#/definitions/io.k8s.api.core.v1.SleepAction" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified.", + "$ref": "#/definitions/io.k8s.api.core.v1.TCPSocketAction" } } }, - "com.github.openshift.api.operator.v1.Server": { - "description": "Server defines the schema for a server that runs per instance of CoreDNS.", + "io.k8s.api.core.v1.LimitRange": { + "description": "LimitRange sets resource usage limits for each kind of resource in a Namespace.", "type": "object", - "required": [ - "name", - "zones", - "forwardPlugin" - ], "properties": { - "forwardPlugin": { - "description": "forwardPlugin defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ForwardPlugin" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "name": { - "description": "name is required and specifies a unique name for the server. Name must comply with the Service Name Syntax of rfc6335.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "zones": { - "description": "zones is required and specifies the subdomains that Server is authoritative for. Zones must conform to the rfc1123 definition of a subdomain. Specifying the cluster domain (i.e., \"cluster.local\") is invalid.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "Spec defines the limits enforced. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.LimitRangeSpec" } } }, - "com.github.openshift.api.operator.v1.ServiceAccountIssuerStatus": { + "io.k8s.api.core.v1.LimitRangeItem": { + "description": "LimitRangeItem defines a min/max usage limit for any resource that matches on kind.", "type": "object", "required": [ - "name" + "type" ], "properties": { - "expirationTime": { - "description": "expirationTime is the time after which this service account issuer will be pruned and removed from the trusted list of service account issuers.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "default": { + "description": "Default resource requirement limit value by resource name if resource limit is omitted.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + } }, - "name": { - "description": "name is the name of the service account issuer", + "defaultRequest": { + "description": "DefaultRequest is the default resource requirement request value by resource name if resource request is omitted.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + } + }, + "max": { + "description": "Max usage constraints on this kind by resource name.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + } + }, + "maxLimitRequestRatio": { + "description": "MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + } + }, + "min": { + "description": "Min usage constraints on this kind by resource name.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + } + }, + "type": { + "description": "Type of resource that this limit applies to.", "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1.ServiceCA": { - "description": "ServiceCA provides information to configure an operator to manage the service cert controllers\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.LimitRangeList": { + "description": "LimitRangeList is a list of LimitRange items.", "type": "object", "required": [ - "metadata", - "spec" + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "description": "Items is a list of LimitRange objects. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.LimitRange" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + } + }, + "io.k8s.api.core.v1.LimitRangeSpec": { + "description": "LimitRangeSpec defines a min/max usage limit for resources that match on kind.", + "type": "object", + "required": [ + "limits" + ], + "properties": { + "limits": { + "description": "Limits is the list of LimitRangeItem objects that are enforced.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.LimitRangeItem" + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "io.k8s.api.core.v1.LinuxContainerUser": { + "description": "LinuxContainerUser represents user identity information in Linux containers", + "type": "object", + "required": [ + "uid", + "gid" + ], + "properties": { + "gid": { + "description": "GID is the primary gid initially attached to the first process in the container", + "type": "integer", + "format": "int64", + "default": 0 }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCASpec" + "supplementalGroups": { + "description": "SupplementalGroups are the supplemental groups initially attached to the first process in the container", + "type": "array", + "items": { + "type": "integer", + "format": "int64", + "default": 0 + }, + "x-kubernetes-list-type": "atomic" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCAStatus" + "uid": { + "description": "UID is the primary uid initially attached to the first process in the container", + "type": "integer", + "format": "int64", + "default": 0 } } }, - "com.github.openshift.api.operator.v1.ServiceCAList": { - "description": "ServiceCAList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.List": { + "description": "List holds a list of objects, which may not be known by the server.", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -46943,11 +45198,10 @@ "type": "string" }, "items": { - "description": "items contains the items", + "description": "List of objects", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCA" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } }, "kind": { @@ -46955,99 +45209,134 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1.ServiceCASpec": { + "io.k8s.api.core.v1.LoadBalancerIngress": { + "description": "LoadBalancerIngress represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.", "type": "object", - "required": [ - "managementState" - ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "hostname": { + "description": "Hostname is set for load-balancer ingress points that are DNS based (typically AWS load-balancers)", "type": "string" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "type": "string", - "default": "" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "ip": { + "description": "IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers)", + "type": "string" }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "ipMode": { + "description": "IPMode specifies how the load-balancer IP behaves, and may only be specified when the ip field is specified. Setting this to \"VIP\" indicates that traffic is delivered to the node with the destination set to the load-balancer's IP and port. Setting this to \"Proxy\" indicates that traffic is delivered to the node or pod with the destination set to the node's IP and node port or the pod's IP and port. Service implementations may use this information to adjust traffic routing.", "type": "string" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "ports": { + "description": "Ports is a list of records of service ports If used, every port defined in the service should have an entry in it", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.PortStatus" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.operator.v1.ServiceCAStatus": { + "io.k8s.api.core.v1.LoadBalancerStatus": { + "description": "LoadBalancerStatus represents the status of a load-balancer.", "type": "object", "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "ingress": { + "description": "Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + "$ref": "#/definitions/io.k8s.api.core.v1.LoadBalancerIngress" }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" + "x-kubernetes-list-type": "atomic" + } + } + }, + "io.k8s.api.core.v1.LocalObjectReference": { + "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", + "type": "object", + "properties": { + "name": { + "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string", + "default": "" + } + }, + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.LocalVolumeSource": { + "description": "Local represents directly-attached storage with node affinity", + "type": "object", + "required": [ + "path" + ], + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. It applies only when the Path is a block device. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default value is to auto-select a filesystem if unspecified.", + "type": "string" }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "path": { + "description": "path of the full path to the volume on the node. It can be either a directory or block device (disk, partition, ...).", + "type": "string", + "default": "" + } + } + }, + "io.k8s.api.core.v1.ModifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation", + "type": "object", + "required": [ + "status" + ], + "properties": { + "status": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.\n\nPossible enum values:\n - `\"InProgress\"` InProgress indicates that the volume is being modified\n - `\"Infeasible\"` Infeasible indicates that the request has been rejected as invalid by the CSI driver. To resolve the error, a valid VolumeAttributesClass needs to be specified\n - `\"Pending\"` Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as the specified VolumeAttributesClass not existing", + "type": "string", + "default": "", + "enum": [ + "InProgress", + "Infeasible", + "Pending" + ] }, - "version": { - "description": "version is the level this availability applies to", + "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", "type": "string" } } }, - "com.github.openshift.api.operator.v1.ServiceCatalogAPIServer": { - "description": "ServiceCatalogAPIServer provides information to configure an operator to manage Service Catalog API Server DEPRECATED: will be removed in 4.6\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.NFSVolumeSource": { + "description": "Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling.", "type": "object", "required": [ - "spec" + "server", + "path" ], + "properties": { + "path": { + "description": "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "string", + "default": "" + }, + "readOnly": { + "description": "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "boolean" + }, + "server": { + "description": "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "string", + "default": "" + } + } + }, + "io.k8s.api.core.v1.Namespace": { + "description": "Namespace provides a scope for Names. Use of multiple namespaces is optional.", + "type": "object", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -47058,25 +45347,58 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { + "description": "Spec defines the behavior of the Namespace. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCatalogAPIServerSpec" + "$ref": "#/definitions/io.k8s.api.core.v1.NamespaceSpec" }, "status": { + "description": "Status describes the current status of a Namespace. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCatalogAPIServerStatus" + "$ref": "#/definitions/io.k8s.api.core.v1.NamespaceStatus" } } }, - "com.github.openshift.api.operator.v1.ServiceCatalogAPIServerList": { - "description": "ServiceCatalogAPIServerList is a collection of items DEPRECATED: will be removed in 4.6\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.NamespaceCondition": { + "description": "NamespaceCondition contains details about state of namespace.", + "type": "object", + "required": [ + "type", + "status" + ], + "properties": { + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status of the condition, one of True, False, Unknown.", + "type": "string", + "default": "" + }, + "type": { + "description": "Type of namespace controller condition.", + "type": "string", + "default": "" + } + } + }, + "io.k8s.api.core.v1.NamespaceList": { + "description": "NamespaceList is a list of Namespaces.", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -47085,11 +45407,11 @@ "type": "string" }, "items": { - "description": "items contains the items", + "description": "Items is the list of Namespace objects in the list. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCatalogAPIServer" + "$ref": "#/definitions/io.k8s.api.core.v1.Namespace" } }, "kind": { @@ -47097,100 +45419,58 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1.ServiceCatalogAPIServerSpec": { + "io.k8s.api.core.v1.NamespaceSpec": { + "description": "NamespaceSpec describes the attributes on a Namespace.", "type": "object", - "required": [ - "managementState" - ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "type": "string", - "default": "" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" - }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "finalizers": { + "description": "Finalizers is an opaque list of values that must be empty to permanently remove object from storage. More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.operator.v1.ServiceCatalogAPIServerStatus": { + "io.k8s.api.core.v1.NamespaceStatus": { + "description": "NamespaceStatus is information about the current status of a Namespace.", "type": "object", "properties": { "conditions": { - "description": "conditions is a list of conditions and their status", + "description": "Represents the latest available observations of a namespace's current state.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + "$ref": "#/definitions/io.k8s.api.core.v1.NamespaceCondition" }, "x-kubernetes-list-map-keys": [ "type" ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + "phase": { + "description": "Phase is the current lifecycle phase of the namespace. More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/\n\nPossible enum values:\n - `\"Active\"` means the namespace is available for use in the system\n - `\"Terminating\"` means the namespace is undergoing graceful termination", + "type": "string", + "enum": [ + "Active", + "Terminating" + ] } } }, - "com.github.openshift.api.operator.v1.ServiceCatalogControllerManager": { - "description": "ServiceCatalogControllerManager provides information to configure an operator to manage Service Catalog Controller Manager DEPRECATED: will be removed in 4.6\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.Node": { + "description": "Node is a worker node in Kubernetes. Each node will have a unique identifier in the cache (i.e. in etcd).", "type": "object", - "required": [ - "metadata", - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -47201,379 +45481,604 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { + "description": "Spec defines the behavior of a node. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerSpec" + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSpec" }, "status": { + "description": "Most recently observed status of the node. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerStatus" + "$ref": "#/definitions/io.k8s.api.core.v1.NodeStatus" } } }, - "com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerList": { - "description": "ServiceCatalogControllerManagerList is a collection of items DEPRECATED: will be removed in 4.6\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.NodeAddress": { + "description": "NodeAddress contains information for the node's address.", "type": "object", "required": [ - "metadata", - "items" + "type", + "address" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "address": { + "description": "The node address.", + "type": "string", + "default": "" }, - "items": { - "description": "items contains the items", + "type": { + "description": "Node address type, one of Hostname, ExternalIP or InternalIP.", + "type": "string", + "default": "" + } + } + }, + "io.k8s.api.core.v1.NodeAffinity": { + "description": "Node affinity is a group of node affinity scheduling rules.", + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCatalogControllerManager" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "$ref": "#/definitions/io.k8s.api.core.v1.PreferredSchedulingTerm" + }, + "x-kubernetes-list-type": "atomic" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelector" } } }, - "com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerSpec": { + "io.k8s.api.core.v1.NodeCondition": { + "description": "NodeCondition contains condition information for a node.", "type": "object", "required": [ - "managementState" + "type", + "status" ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "lastHeartbeatTime": { + "description": "Last time we got an update on a given condition.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "lastTransitionTime": { + "description": "Last time the condition transit from one status to another.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "message": { + "description": "Human readable message indicating details about last transition.", "type": "string" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "reason": { + "description": "(brief) reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status of the condition, one of True, False, Unknown.", "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "type": { + "description": "Type of node condition.", + "type": "string", + "default": "" + } + } + }, + "io.k8s.api.core.v1.NodeConfigSource": { + "description": "NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22", + "type": "object", + "properties": { + "configMap": { + "description": "ConfigMap is a reference to a Node's ConfigMap", + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapNodeConfigSource" + } + } + }, + "io.k8s.api.core.v1.NodeConfigStatus": { + "description": "NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource.", + "type": "object", + "properties": { + "active": { + "description": "Active reports the checkpointed config the node is actively using. Active will represent either the current version of the Assigned config, or the current LastKnownGood config, depending on whether attempting to use the Assigned config results in an error.", + "$ref": "#/definitions/io.k8s.api.core.v1.NodeConfigSource" }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "assigned": { + "description": "Assigned reports the checkpointed config the node will try to use. When Node.Spec.ConfigSource is updated, the node checkpoints the associated config payload to local disk, along with a record indicating intended config. The node refers to this record to choose its config checkpoint, and reports this record in Assigned. Assigned only updates in the status after the record has been checkpointed to disk. When the Kubelet is restarted, it tries to make the Assigned config the Active config by loading and validating the checkpointed payload identified by Assigned.", + "$ref": "#/definitions/io.k8s.api.core.v1.NodeConfigSource" + }, + "error": { + "description": "Error describes any problems reconciling the Spec.ConfigSource to the Active config. Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting to load or validate the Assigned config, etc. Errors may occur at different points while syncing config. Earlier errors (e.g. download or checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error by fixing the config assigned in Spec.ConfigSource. You can find additional information for debugging by searching the error message in the Kubelet log. Error is a human-readable description of the error state; machines can check whether or not Error is empty, but should not rely on the stability of the Error text across Kubelet versions.", "type": "string" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "lastKnownGood": { + "description": "LastKnownGood reports the checkpointed config the node will fall back to when it encounters an error attempting to use the Assigned config. The Assigned config becomes the LastKnownGood config when the node determines that the Assigned config is stable and correct. This is currently implemented as a 10-minute soak period starting when the local record of Assigned config is updated. If the Assigned config is Active at the end of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, because the local default config is always assumed good. You should not make assumptions about the node's method of determining config stability and correctness, as this may change or become configurable in the future.", + "$ref": "#/definitions/io.k8s.api.core.v1.NodeConfigSource" } } }, - "com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerStatus": { + "io.k8s.api.core.v1.NodeDaemonEndpoints": { + "description": "NodeDaemonEndpoints lists ports opened by daemons running on the Node.", "type": "object", "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "kubeletEndpoint": { + "description": "Endpoint on which Kubelet is listening.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.DaemonEndpoint" + } + } + }, + "io.k8s.api.core.v1.NodeFeatures": { + "description": "NodeFeatures describes the set of features implemented by the CRI implementation. The features contained in the NodeFeatures should depend only on the cri implementation independent of runtime handlers.", + "type": "object", + "properties": { + "supplementalGroupsPolicy": { + "description": "SupplementalGroupsPolicy is set to true if the runtime supports SupplementalGroupsPolicy and ContainerUser.", + "type": "boolean" + } + } + }, + "io.k8s.api.core.v1.NodeList": { + "description": "NodeList is the whole list of all Nodes which have been registered with master.", + "type": "object", + "required": [ + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "items": { + "description": "List of nodes", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "$ref": "#/definitions/io.k8s.api.core.v1.Node" + } }, - "version": { - "description": "version is the level this availability applies to", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1.SimpleMacvlanConfig": { - "description": "SimpleMacvlanConfig contains configurations for macvlan interface.", + "io.k8s.api.core.v1.NodeProxyOptions": { + "description": "NodeProxyOptions is the query options to a Node's proxy call.", "type": "object", "properties": { - "ipamConfig": { - "description": "ipamConfig configures IPAM module will be used for IP Address Management (IPAM).", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPAMConfig" - }, - "master": { - "description": "master is the host interface to create the macvlan interface from. If not specified, it will be default route interface", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "mode": { - "description": "mode is the macvlan mode: bridge, private, vepa, passthru. The default is bridge", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "mtu": { - "description": "mtu is the mtu to use for the macvlan interface. if unset, host's kernel will select the value.", - "type": "integer", - "format": "int64" + "path": { + "description": "Path is the URL path to use for the current proxy request to node.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.StaticIPAMAddresses": { - "description": "StaticIPAMAddresses provides IP address and Gateway for static IPAM addresses", + "io.k8s.api.core.v1.NodeRuntimeHandler": { + "description": "NodeRuntimeHandler is a set of runtime handler information.", "type": "object", "properties": { - "address": { - "description": "address is the IP address in CIDR format", + "features": { + "description": "Supported features.", + "$ref": "#/definitions/io.k8s.api.core.v1.NodeRuntimeHandlerFeatures" + }, + "name": { + "description": "Runtime handler name. Empty for the default runtime handler.", "type": "string", "default": "" + } + } + }, + "io.k8s.api.core.v1.NodeRuntimeHandlerFeatures": { + "description": "NodeRuntimeHandlerFeatures is a set of features implemented by the runtime handler.", + "type": "object", + "properties": { + "recursiveReadOnlyMounts": { + "description": "RecursiveReadOnlyMounts is set to true if the runtime handler supports RecursiveReadOnlyMounts.", + "type": "boolean" }, - "gateway": { - "description": "gateway is IP inside of subnet to designate as the gateway", - "type": "string" + "userNamespaces": { + "description": "UserNamespaces is set to true if the runtime handler supports UserNamespaces, including for volumes.", + "type": "boolean" } } }, - "com.github.openshift.api.operator.v1.StaticIPAMConfig": { - "description": "StaticIPAMConfig contains configurations for static IPAM (IP Address Management)", + "io.k8s.api.core.v1.NodeSelector": { + "description": "A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.", "type": "object", + "required": [ + "nodeSelectorTerms" + ], "properties": { - "addresses": { - "description": "addresses configures IP address for the interface", + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.StaticIPAMAddresses" + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorTerm" }, "x-kubernetes-list-type": "atomic" - }, - "dns": { - "description": "dns configures DNS for the interface", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.StaticIPAMDNS" - }, - "routes": { - "description": "routes configures IP routes for the interface", + } + }, + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.NodeSelectorRequirement": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "type": "object", + "required": [ + "key", + "operator" + ], + "properties": { + "key": { + "description": "The label key that the selector applies to.", + "type": "string", + "default": "" + }, + "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.\n\nPossible enum values:\n - `\"DoesNotExist\"`\n - `\"Exists\"`\n - `\"Gt\"`\n - `\"In\"`\n - `\"Lt\"`\n - `\"NotIn\"`", + "type": "string", + "default": "", + "enum": [ + "DoesNotExist", + "Exists", + "Gt", + "In", + "Lt", + "NotIn" + ] + }, + "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.StaticIPAMRoutes" + "type": "string", + "default": "" }, "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.operator.v1.StaticIPAMDNS": { - "description": "StaticIPAMDNS provides DNS related information for static IPAM", + "io.k8s.api.core.v1.NodeSelectorTerm": { + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", "type": "object", "properties": { - "domain": { - "description": "domain configures the domainname the local domain used for short hostname lookups", - "type": "string" - }, - "nameservers": { - "description": "nameservers points DNS servers for IP lookup", + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorRequirement" }, "x-kubernetes-list-type": "atomic" }, - "search": { - "description": "search configures priority ordered search domains for short hostname lookups", + "matchFields": { + "description": "A list of node selector requirements by node's fields.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorRequirement" }, "x-kubernetes-list-type": "atomic" } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.operator.v1.StaticIPAMRoutes": { - "description": "StaticIPAMRoutes provides Destination/Gateway pairs for static IPAM routes", + "io.k8s.api.core.v1.NodeSpec": { + "description": "NodeSpec describes the attributes that a node is created with.", "type": "object", - "required": [ - "destination" - ], "properties": { - "destination": { - "description": "destination points the IP route destination", - "type": "string", - "default": "" + "configSource": { + "description": "Deprecated: Previously used to specify the source of the node's configuration for the DynamicKubeletConfig feature. This feature is removed.", + "$ref": "#/definitions/io.k8s.api.core.v1.NodeConfigSource" }, - "gateway": { - "description": "gateway is the route's next-hop IP address If unset, a default gateway is assumed (as determined by the CNI plugin).", + "externalID": { + "description": "Deprecated. Not all kubelets will set this field. Remove field after 1.13. see: https://issues.k8s.io/61966", "type": "string" - } - } - }, - "com.github.openshift.api.operator.v1.StaticPodOperatorSpec": { - "description": "StaticPodOperatorSpec is spec for controllers that manage static pods.", - "type": "object", - "required": [ - "managementState", - "forceRedeploymentReason" - ], - "properties": { - "failedRevisionLimit": { - "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", - "type": "integer", - "format": "int32" - }, - "forceRedeploymentReason": { - "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.", - "type": "string", - "default": "" }, - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "podCIDR": { + "description": "PodCIDR represents the pod IP range assigned to the node.", "type": "string" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "type": "string", - "default": "" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "podCIDRs": { + "description": "podCIDRs represents the IP ranges assigned to the node for usage by Pods on that node. If this field is specified, the 0th entry must match the podCIDR field. It may contain at most 1 value for each of IPv4 and IPv6.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set", + "x-kubernetes-patch-strategy": "merge" }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "providerID": { + "description": "ID of the node assigned by the cloud provider in the format: ://", "type": "string" }, - "succeededRevisionLimit": { - "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", - "type": "integer", - "format": "int32" + "taints": { + "description": "If specified, the node's taints.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.Taint" + }, + "x-kubernetes-list-type": "atomic" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "unschedulable": { + "description": "Unschedulable controls node schedulability of new pods. By default, node is schedulable. More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration", + "type": "boolean" } } }, - "com.github.openshift.api.operator.v1.StaticPodOperatorStatus": { - "description": "StaticPodOperatorStatus is status for controllers that manage static pods. There are different needs because individual node status must be tracked.", + "io.k8s.api.core.v1.NodeStatus": { + "description": "NodeStatus is information about the current status of a node.", "type": "object", "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", + "addresses": { + "description": "List of addresses reachable to the node. Queried from cloud provider, if available. More info: https://kubernetes.io/docs/reference/node/node-status/#addresses Note: This field is declared as mergeable, but the merge key is not sufficiently unique, which can cause data corruption when it is merged. Callers should instead use a full-replacement patch. See https://pr.k8s.io/79391 for an example. Consumers should assume that addresses can change during the lifetime of a Node. However, there are some exceptions where this may not be possible, such as Pods that inherit a Node's address in its own status or consumers of the downward API (status.hostIP).", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + "$ref": "#/definitions/io.k8s.api.core.v1.NodeAddress" }, "x-kubernetes-list-map-keys": [ "type" ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "allocatable": { + "description": "Allocatable represents the resources of a node that are available for scheduling. Defaults to Capacity.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + } + }, + "capacity": { + "description": "Capacity represents the total resources of a node. More info: https://kubernetes.io/docs/reference/node/node-status/#capacity", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + } + }, + "conditions": { + "description": "Conditions is an array of current observed node conditions. More info: https://kubernetes.io/docs/reference/node/node-status/#condition", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + "$ref": "#/definitions/io.k8s.api.core.v1.NodeCondition" }, "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" + "type" ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" + "config": { + "description": "Status of the config assigned to the node via the dynamic Kubelet config feature.", + "$ref": "#/definitions/io.k8s.api.core.v1.NodeConfigStatus" }, - "latestAvailableRevisionReason": { - "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", - "type": "string" + "daemonEndpoints": { + "description": "Endpoints of daemons running on the Node.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.NodeDaemonEndpoints" }, - "nodeStatuses": { - "description": "nodeStatuses track the deployment values and errors across individual nodes", + "features": { + "description": "Features describes the set of features implemented by the CRI implementation.", + "$ref": "#/definitions/io.k8s.api.core.v1.NodeFeatures" + }, + "images": { + "description": "List of container images on this node", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeStatus" + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerImage" }, - "x-kubernetes-list-map-keys": [ - "nodeName" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" + "nodeInfo": { + "description": "Set of ids/uuids to uniquely identify the node. More info: https://kubernetes.io/docs/reference/node/node-status/#info", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSystemInfo" }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "phase": { + "description": "NodePhase is the recently observed lifecycle phase of the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#phase The field is never populated, and now is deprecated.\n\nPossible enum values:\n - `\"Pending\"` means the node has been created/added by the system, but not configured.\n - `\"Running\"` means the node has been configured and has Kubernetes components running.\n - `\"Terminated\"` means the node has been removed from the cluster.", + "type": "string", + "enum": [ + "Pending", + "Running", + "Terminated" + ] }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + "runtimeHandlers": { + "description": "The available runtime handlers.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.NodeRuntimeHandler" + }, + "x-kubernetes-list-type": "atomic" + }, + "volumesAttached": { + "description": "List of volumes that are attached to the node.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.AttachedVolume" + }, + "x-kubernetes-list-type": "atomic" + }, + "volumesInUse": { + "description": "List of attachable volumes in use (mounted) by the node.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.operator.v1.StatuspageProvider": { - "description": "StatuspageProvider provides identity for statuspage account.", + "io.k8s.api.core.v1.NodeSwapStatus": { + "description": "NodeSwapStatus represents swap memory information.", + "type": "object", + "properties": { + "capacity": { + "description": "Total amount of swap memory in bytes.", + "type": "integer", + "format": "int64" + } + } + }, + "io.k8s.api.core.v1.NodeSystemInfo": { + "description": "NodeSystemInfo is a set of ids/uuids to uniquely identify the node.", "type": "object", "required": [ - "pageID" + "machineID", + "systemUUID", + "bootID", + "kernelVersion", + "osImage", + "containerRuntimeVersion", + "kubeletVersion", + "kubeProxyVersion", + "operatingSystem", + "architecture" ], "properties": { - "pageID": { - "description": "pageID is the unique ID assigned by Statuspage for your page. This must be a public page.", + "architecture": { + "description": "The Architecture reported by the node", + "type": "string", + "default": "" + }, + "bootID": { + "description": "Boot ID reported by the node.", + "type": "string", + "default": "" + }, + "containerRuntimeVersion": { + "description": "ContainerRuntime Version reported by the node through runtime remote API (e.g. containerd://1.4.2).", + "type": "string", + "default": "" + }, + "kernelVersion": { + "description": "Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64).", + "type": "string", + "default": "" + }, + "kubeProxyVersion": { + "description": "Deprecated: KubeProxy Version reported by the node.", + "type": "string", + "default": "" + }, + "kubeletVersion": { + "description": "Kubelet Version reported by the node.", + "type": "string", + "default": "" + }, + "machineID": { + "description": "MachineID reported by the node. For unique machine identification in the cluster this field is preferred. Learn more from man(5) machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html", + "type": "string", + "default": "" + }, + "operatingSystem": { + "description": "The Operating System reported by the node", + "type": "string", + "default": "" + }, + "osImage": { + "description": "OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)).", + "type": "string", + "default": "" + }, + "swap": { + "description": "Swap Info reported by the node.", + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSwapStatus" + }, + "systemUUID": { + "description": "SystemUUID reported by the node. For unique machine identification MachineID is preferred. This field is specific to Red Hat hosts https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid", "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1.Storage": { - "description": "Storage provides a means to configure an operator to manage the cluster storage operator. `cluster` is the canonical name.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.ObjectFieldSelector": { + "description": "ObjectFieldSelector selects an APIVersioned field of an object.", "type": "object", "required": [ - "spec" + "fieldPath" ], + "properties": { + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "type": "string" + }, + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string", + "default": "" + } + }, + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.ObjectReference": { + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "type": "object", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } + }, + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.PersistentVolume": { + "description": "PersistentVolume (PV) is a storage resource provisioned by an administrator. It is analogous to a node. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes", + "type": "object", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -47584,425 +46089,298 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec holds user settable values for configuration", + "description": "spec defines a specification of a persistent volume owned by the cluster. Provisioned by an administrator. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.StorageSpec" + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeSpec" }, "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", + "description": "status represents the current information/status for the persistent volume. Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.StorageStatus" + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeStatus" } } }, - "com.github.openshift.api.operator.v1.StorageList": { - "description": "StorageList contains a list of Storages.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.PersistentVolumeClaim": { + "description": "PersistentVolumeClaim is a user's request for and claim to a persistent volume", "type": "object", - "required": [ - "items" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Storage" - } - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimSpec" + }, + "status": { + "description": "status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimStatus" } } }, - "com.github.openshift.api.operator.v1.StorageSpec": { - "description": "StorageSpec is the specification of the desired behavior of the cluster storage operator.", + "io.k8s.api.core.v1.PersistentVolumeClaimCondition": { + "description": "PersistentVolumeClaimCondition contains details about state of pvc", "type": "object", "required": [ - "managementState" + "type", + "status" ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "lastProbeTime": { + "description": "lastProbeTime is the time we probed the condition.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "type": "string", - "default": "" + "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "message": { + "description": "message is the human-readable message indicating details about last transition.", + "type": "string" }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports \"Resizing\" that means the underlying persistent volume is being resized.", "type": "string" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown. More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", + "type": "string", + "default": "" }, - "vsphereStorageDriver": { - "description": "vsphereStorageDriver indicates the storage driver to use on VSphere clusters. Once this field is set to CSIWithMigrationDriver, it can not be changed. If this is empty, the platform will choose a good default, which may change over time without notice. The current default is CSIWithMigrationDriver and may not be changed. DEPRECATED: This field will be removed in a future release.", + "type": { + "description": "Type is the type of the condition. More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1.StorageStatus": { - "description": "StorageStatus defines the observed status of the cluster storage operator.", + "io.k8s.api.core.v1.PersistentVolumeClaimList": { + "description": "PersistentVolumeClaimList is a list of PersistentVolumeClaim items.", "type": "object", + "required": [ + "items" + ], "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "items": { + "description": "items is a list of persistent volume claims. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaim" + } }, - "version": { - "description": "version is the level this availability applies to", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1.SyslogLoggingDestinationParameters": { - "description": "SyslogLoggingDestinationParameters describes parameters for the Syslog logging destination type.", + "io.k8s.api.core.v1.PersistentVolumeClaimSpec": { + "description": "PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes", "type": "object", - "required": [ - "address", - "port" - ], "properties": { - "address": { - "description": "address is the IP address of the syslog endpoint that receives log messages.", - "type": "string", - "default": "" + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "type": "array", + "items": { + "type": "string", + "default": "", + "enum": [ + "ReadOnlyMany", + "ReadWriteMany", + "ReadWriteOnce", + "ReadWriteOncePod" + ] + }, + "x-kubernetes-list-type": "atomic" }, - "facility": { - "description": "facility specifies the syslog facility of log messages.\n\nIf this field is empty, the facility is \"local1\".", + "dataSource": { + "description": "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "$ref": "#/definitions/io.k8s.api.core.v1.TypedLocalObjectReference" + }, + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "$ref": "#/definitions/io.k8s.api.core.v1.TypedObjectReference" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeResourceRequirements" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", "type": "string" }, - "maxLength": { - "description": "maxLength is the maximum length of the log message.\n\nValid values are integers in the range 480 to 4096, inclusive.\n\nWhen omitted, the default value is 1024.", - "type": "integer", - "format": "int64" + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string or nil value indicates that no VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/", + "type": "string" }, - "port": { - "description": "port is the UDP port number of the syslog endpoint that receives log messages.", - "type": "integer", - "format": "int64", - "default": 0 - } - } - }, - "com.github.openshift.api.operator.v1.Theme": { - "description": "Theme defines a theme mode for the console UI.", - "type": "object", - "required": [ - "mode", - "source" - ], - "properties": { - "mode": { - "description": "mode is used to specify what theme mode a logo will apply to in the console UI. mode is a required field that allows values of Dark and Light. When set to Dark, the logo file referenced in the 'file' field will be used when an end-user of the console UI enables the Dark mode. When set to Light, the logo file referenced in the 'file' field will be used when an end-user of the console UI enables the Light mode.\n\nPossible enum values:\n - `\"Dark\"` represents the dark mode for a console theme.\n - `\"Light\"` represents the light mode for a console theme.", + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.\n\nPossible enum values:\n - `\"Block\"` means the volume will not be formatted with a filesystem and will remain a raw block device.\n - `\"Filesystem\"` means the volume will be or is formatted with a filesystem.", "type": "string", - "default": "", "enum": [ - "Dark", - "Light" + "Block", + "Filesystem" ] }, - "source": { - "description": "source is used by the console to locate the specified file containing a custom logo. source is a required field that references a ConfigMap name and key that contains the custom logo file in the openshift-config namespace. You can create it with a command like: - 'oc create configmap custom-logos-config --namespace=openshift-config --from-file=/path/to/file' The ConfigMap key must include the file extension so that the console serves the file with the correct MIME type. The recommended file format for the Masthead and Favicon logos is SVG, but other file formats are allowed if supported by the browser. The logo image size must be less than 1 MB due to constraints on the ConfigMap size. For more information, see the documentation: https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/web_console/customizing-web-console#customizing-web-console", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.FileReferenceSource" - } - } - }, - "com.github.openshift.api.operator.v1.Upstream": { - "description": "Upstream can either be of type SystemResolvConf, or of type Network.\n\n - For an Upstream of type SystemResolvConf, no further fields are necessary:\n The upstream will be configured to use /etc/resolv.conf.\n - For an Upstream of type Network, a NetworkResolver field needs to be defined\n with an IP address or IP:port if the upstream listens on a port other than 53.", - "type": "object", - "required": [ - "type" - ], - "properties": { - "address": { - "description": "address must be defined when Type is set to Network. It will be ignored otherwise. It must be a valid ipv4 or ipv6 address.", + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", "type": "string" - }, - "port": { - "description": "port may be defined when Type is set to Network. It will be ignored otherwise. Port must be between 65535", - "type": "integer", - "format": "int64" - }, - "type": { - "description": "type defines whether this upstream contains an IP/IP:port resolver or the local /etc/resolv.conf. Type accepts 2 possible values: SystemResolvConf or Network.\n\n* When SystemResolvConf is used, the Upstream structure does not require any further fields to be defined:\n /etc/resolv.conf will be used\n* When Network is used, the Upstream structure must contain at least an Address", - "type": "string", - "default": "" } } }, - "com.github.openshift.api.operator.v1.UpstreamResolvers": { - "description": "UpstreamResolvers defines a schema for configuring the CoreDNS forward plugin in the specific case of the default (\".\") server. It defers from ForwardPlugin in the default values it accepts: * At least one upstream should be specified. * the default policy is Sequential", + "io.k8s.api.core.v1.PersistentVolumeClaimStatus": { + "description": "PersistentVolumeClaimStatus is the current status of a persistent volume claim.", "type": "object", "properties": { - "policy": { - "description": "policy is used to determine the order in which upstream servers are selected for querying. Any one of the following values may be specified:\n\n* \"Random\" picks a random upstream server for each query. * \"RoundRobin\" picks upstream servers in a round-robin order, moving to the next server for each new query. * \"Sequential\" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query.\n\nThe default value is \"Sequential\"", - "type": "string" - }, - "protocolStrategy": { - "description": "protocolStrategy specifies the protocol to use for upstream DNS requests. Valid values for protocolStrategy are \"TCP\" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is to use the protocol of the original client request. \"TCP\" specifies that the platform should use TCP for all upstream DNS requests, even if the client request uses UDP. \"TCP\" is useful for UDP-specific issues such as those created by non-compliant upstream resolvers, but may consume more bandwidth or increase DNS response time. Note that protocolStrategy only affects the protocol of DNS requests that CoreDNS makes to upstream resolvers. It does not affect the protocol of DNS requests between clients and CoreDNS.", - "type": "string", - "default": "" - }, - "transportConfig": { - "description": "transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver.\n\nThe default value is \"\" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSTransportConfig" - }, - "upstreams": { - "description": "upstreams is a list of resolvers to forward name queries for the \".\" domain. Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream returns an error during the exchange, another resolver is tried from Upstreams. The Upstreams are selected in the order specified in Policy.\n\nA maximum of 15 upstreams is allowed per ForwardPlugin. If no Upstreams are specified, /etc/resolv.conf is used by default", + "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Upstream" - } - } - } - }, - "com.github.openshift.api.operator.v1.VSphereCSIDriverConfigSpec": { - "description": "VSphereCSIDriverConfigSpec defines properties that can be configured for vsphere CSI driver.", - "type": "object", - "properties": { - "globalMaxSnapshotsPerBlockVolume": { - "description": "globalMaxSnapshotsPerBlockVolume is a global configuration parameter that applies to volumes on all kinds of datastores. If omitted, the platform chooses a default, which is subject to change over time, currently that default is 3. Snapshots can not be disabled using this parameter. Increasing number of snapshots above 3 can have negative impact on performance, for more details see: https://kb.vmware.com/s/article/1025279 Volume snapshot documentation: https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/3.0/vmware-vsphere-csp-getting-started/GUID-E0B41C69-7EEB-450F-A73D-5FD2FF39E891.html", - "type": "integer", - "format": "int64" + "type": "string", + "default": "", + "enum": [ + "ReadOnlyMany", + "ReadWriteMany", + "ReadWriteOnce", + "ReadWriteOncePod" + ] + }, + "x-kubernetes-list-type": "atomic" }, - "granularMaxSnapshotsPerBlockVolumeInVSAN": { - "description": "granularMaxSnapshotsPerBlockVolumeInVSAN is a granular configuration parameter on vSAN datastore only. It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. Snapshots for VSAN can not be disabled using this parameter.", - "type": "integer", - "format": "int64" + "allocatedResourceStatuses": { + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "", + "enum": [ + "ControllerResizeInProgress", + "ControllerResizeInfeasible", + "NodeResizeInProgress", + "NodeResizeInfeasible", + "NodeResizePending" + ] + }, + "x-kubernetes-map-type": "granular" }, - "granularMaxSnapshotsPerBlockVolumeInVVOL": { - "description": "granularMaxSnapshotsPerBlockVolumeInVVOL is a granular configuration parameter on Virtual Volumes datastore only. It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. Snapshots for VVOL can not be disabled using this parameter.", - "type": "integer", - "format": "int64" + "allocatedResources": { + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + } }, - "maxAllowedBlockVolumesPerNode": { - "description": "maxAllowedBlockVolumesPerNode is an optional configuration parameter that allows setting a custom value for the limit of the number of PersistentVolumes attached to a node. In vSphere version 7 this limit was set to 59 by default, however in vSphere version 8 this limit was increased to 255. Before increasing this value above 59 the cluster administrator needs to ensure that every node forming the cluster is updated to ESXi version 8 or higher and that all nodes are running the same version. The limit must be between 1 and 255, which matches the vSphere version 8 maximum. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 59, which matches the limit for vSphere version 7.", - "type": "integer", - "format": "int32" + "capacity": { + "description": "capacity represents the actual resources of the underlying volume.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + } }, - "topologyCategories": { - "description": "topologyCategories indicates tag categories with which vcenter resources such as hostcluster or datacenter were tagged with. If cluster Infrastructure object has a topology, values specified in Infrastructure object will be used and modifications to topologyCategories will be rejected.", + "conditions": { + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'Resizing'.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimCondition" }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "com.github.openshift.api.operator.v1alpha1.BackupJobReference": { - "description": "BackupJobReference holds a reference to the batch/v1 Job created to run the etcd backup", - "type": "object", - "required": [ - "namespace", - "name" - ], - "properties": { - "name": { - "description": "name is the name of the Job. Required", - "type": "string", - "default": "" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "namespace": { - "description": "namespace is the namespace of the Job. this is always expected to be \"openshift-etcd\" since the user provided PVC is also required to be in \"openshift-etcd\" Required", + "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim", + "type": "string" + }, + "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted.", + "$ref": "#/definitions/io.k8s.api.core.v1.ModifyVolumeStatus" + }, + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.\n\nPossible enum values:\n - `\"Bound\"` used for PersistentVolumeClaims that are bound\n - `\"Lost\"` used for PersistentVolumeClaims that lost their underlying PersistentVolume. The claim was bound to a PersistentVolume and this volume does not exist any longer and all data on it was lost.\n - `\"Pending\"` used for PersistentVolumeClaims that are not yet bound", "type": "string", - "default": "" + "enum": [ + "Bound", + "Lost", + "Pending" + ] } } }, - "com.github.openshift.api.operator.v1alpha1.ClusterAPI": { - "description": "ClusterAPI provides configuration for the capi-operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "io.k8s.api.core.v1.PersistentVolumeClaimTemplate": { + "description": "PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim objects as part of an EphemeralVolumeSource.", "type": "object", "required": [ - "metadata", "spec" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec is the specification of the desired behavior of the capi-operator.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterAPISpec" - }, - "status": { - "description": "status defines the observed status of the capi-operator.", + "description": "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterAPIStatus" + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimSpec" } } }, - "com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponent": { - "description": "ClusterAPIInstallerComponent defines a component which will be installed by this revision.", + "io.k8s.api.core.v1.PersistentVolumeClaimVolumeSource": { + "description": "PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system).", "type": "object", "required": [ - "type" + "claimName" ], "properties": { - "image": { - "description": "image defines an image source for a component. The image must contain a /capi-operator-installer directory containing the component manifests.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponentImage" - }, - "type": { - "description": "type is the source type of the component. The only valid value is Image. When set to Image, the image field must be set and will define an image source for the component.\n\nPossible enum values:\n - `\"Image\"` is an image source for a component.", + "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", "type": "string", - "enum": [ - "Image" - ] - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "image": "Image" - } - } - ] - }, - "com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponentImage": { - "description": "ClusterAPIInstallerComponentImage defines an image source for a component.", - "type": "object", - "required": [ - "ref", - "profile" - ], - "properties": { - "profile": { - "description": "profile is the name of a profile to use from the image.\n\nA profile name may be up to 255 characters long. It must consist of alphanumeric characters, '-', or '_'.", - "type": "string" + "default": "" }, - "ref": { - "description": "ref is an image reference to the image containing the component manifests. The reference must be a valid image digest reference in the format host[:port][/namespace]/name@sha256:. The digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the field must be between 1 to 447 characters.", - "type": "string" + "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts. Default false.", + "type": "boolean" } } }, - "com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerRevision": { - "type": "object", - "required": [ - "name", - "revision", - "contentID" - ], - "properties": { - "components": { - "description": "components is a list of components which will be installed by this revision. Components will be installed in the order they are listed. If omitted no components will be installed.\n\nThe maximum number of components is 32.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponent" - }, - "x-kubernetes-list-type": "atomic" - }, - "contentID": { - "description": "contentID uniquely identifies the content of this revision. The contentID must be between 1 and 255 characters long.", - "type": "string" - }, - "name": { - "description": "name is the name of a revision.", - "type": "string" - }, - "revision": { - "description": "revision is a monotonically increasing number that is assigned to a revision.", - "type": "integer", - "format": "int64" - }, - "unmanagedCustomResourceDefinitions": { - "description": "unmanagedCustomResourceDefinitions is a list of the names of ClusterResourceDefinition (CRD) objects which are included in this revision, but which should not be installed or updated. If not set, all CRDs in the revision will be managed by the CAPI operator.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - } - }, - "x-kubernetes-map-type": "atomic" - }, - "com.github.openshift.api.operator.v1alpha1.ClusterAPIList": { - "description": "ClusterAPIList contains a list of ClusterAPI configurations\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "io.k8s.api.core.v1.PersistentVolumeList": { + "description": "PersistentVolumeList is a list of PersistentVolume items.", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -48011,11 +46389,11 @@ "type": "string" }, "items": { - "description": "items contains the items", + "description": "items is a list of persistent volumes. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterAPI" + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolume" } }, "kind": { @@ -48023,164 +46401,315 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1alpha1.ClusterAPISpec": { - "description": "ClusterAPISpec defines the desired configuration of the capi-operator. The spec is required but we deliberately allow it to be empty.", + "io.k8s.api.core.v1.PersistentVolumeSource": { + "description": "PersistentVolumeSource is similar to VolumeSource but meant for the administrator who creates PVs. Exactly one of its members must be set.", "type": "object", "properties": { - "unmanagedCustomResourceDefinitions": { - "description": "unmanagedCustomResourceDefinitions is a list of ClusterResourceDefinition (CRD) names that should not be managed by the capi-operator installer controller. This allows external actors to own specific CRDs while capi-operator manages others.\n\nEach CRD name must be a valid DNS-1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character, with a maximum length of 253 characters. CRD names must contain at least two '.' characters. Example: \"clusters.cluster.x-k8s.io\"\n\nItems cannot be removed from this list once added.\n\nThe maximum number of unmanagedCustomResourceDefinitions is 128.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" + "awsElasticBlockStore": { + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "$ref": "#/definitions/io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource" + }, + "azureDisk": { + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver.", + "$ref": "#/definitions/io.k8s.api.core.v1.AzureDiskVolumeSource" + }, + "azureFile": { + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver.", + "$ref": "#/definitions/io.k8s.api.core.v1.AzureFilePersistentVolumeSource" + }, + "cephfs": { + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.CephFSPersistentVolumeSource" + }, + "cinder": { + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "$ref": "#/definitions/io.k8s.api.core.v1.CinderPersistentVolumeSource" + }, + "csi": { + "description": "csi represents storage that is handled by an external CSI driver.", + "$ref": "#/definitions/io.k8s.api.core.v1.CSIPersistentVolumeSource" + }, + "fc": { + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", + "$ref": "#/definitions/io.k8s.api.core.v1.FCVolumeSource" + }, + "flexVolume": { + "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", + "$ref": "#/definitions/io.k8s.api.core.v1.FlexPersistentVolumeSource" + }, + "flocker": { + "description": "flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.FlockerVolumeSource" + }, + "gcePersistentDisk": { + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "$ref": "#/definitions/io.k8s.api.core.v1.GCEPersistentDiskVolumeSource" + }, + "glusterfs": { + "description": "glusterfs represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md", + "$ref": "#/definitions/io.k8s.api.core.v1.GlusterfsPersistentVolumeSource" + }, + "hostPath": { + "description": "hostPath represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "$ref": "#/definitions/io.k8s.api.core.v1.HostPathVolumeSource" + }, + "iscsi": { + "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin.", + "$ref": "#/definitions/io.k8s.api.core.v1.ISCSIPersistentVolumeSource" + }, + "local": { + "description": "local represents directly-attached storage with node affinity", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalVolumeSource" + }, + "nfs": { + "description": "nfs represents an NFS mount on the host. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "$ref": "#/definitions/io.k8s.api.core.v1.NFSVolumeSource" + }, + "photonPersistentDisk": { + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource" + }, + "portworxVolume": { + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on.", + "$ref": "#/definitions/io.k8s.api.core.v1.PortworxVolumeSource" + }, + "quobyte": { + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.QuobyteVolumeSource" + }, + "rbd": { + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md", + "$ref": "#/definitions/io.k8s.api.core.v1.RBDPersistentVolumeSource" + }, + "scaleIO": { + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.ScaleIOPersistentVolumeSource" + }, + "storageos": { + "description": "storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. More info: https://examples.k8s.io/volumes/storageos/README.md", + "$ref": "#/definitions/io.k8s.api.core.v1.StorageOSPersistentVolumeSource" + }, + "vsphereVolume": { + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver.", + "$ref": "#/definitions/io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource" } } }, - "com.github.openshift.api.operator.v1alpha1.ClusterAPIStatus": { - "description": "ClusterAPIStatus describes the current state of the capi-operator.", + "io.k8s.api.core.v1.PersistentVolumeSpec": { + "description": "PersistentVolumeSpec is the specification of a persistent volume.", "type": "object", - "required": [ - "desiredRevision", - "revisions" - ], "properties": { - "currentRevision": { - "description": "currentRevision is the name of the most recently fully applied revision. It is written by the installer controller. If it is absent, it indicates that no revision has been fully applied yet. If set, currentRevision must correspond to an entry in the revisions list.", - "type": "string" - }, - "desiredRevision": { - "description": "desiredRevision is the name of the desired revision. It is written by the revision controller. It must be set to the name of the entry in the revisions list with the highest revision number.", - "type": "string" - }, - "revisions": { - "description": "revisions is a list of all currently active revisions. A revision is active until the installer controller updates currentRevision to a later revision. It is written by the revision controller.\n\nThe maximum number of revisions is 16. All revisions must have a unique name. All revisions must have a unique revision number. When adding a revision, the revision number must be greater than the highest revision number in the list. Revisions are immutable, although they can be deleted.", + "accessModes": { + "description": "accessModes contains all ways the volume can be mounted. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerRevision" + "type": "string", + "default": "", + "enum": [ + "ReadOnlyMany", + "ReadWriteMany", + "ReadWriteOnce", + "ReadWriteOncePod" + ] }, "x-kubernetes-list-type": "atomic" - } - } - }, - "com.github.openshift.api.operator.v1alpha1.ClusterVersionOperator": { - "description": "ClusterVersionOperator holds cluster-wide information about the Cluster Version Operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "type": "object", - "required": [ - "metadata", - "spec" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "awsElasticBlockStore": { + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "$ref": "#/definitions/io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "azureDisk": { + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver.", + "$ref": "#/definitions/io.k8s.api.core.v1.AzureDiskVolumeSource" }, - "spec": { - "description": "spec is the specification of the desired behavior of the Cluster Version Operator.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorSpec" + "azureFile": { + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver.", + "$ref": "#/definitions/io.k8s.api.core.v1.AzureFilePersistentVolumeSource" }, - "status": { - "description": "status is the most recently observed status of the Cluster Version Operator.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorStatus" - } - } - }, - "com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorList": { - "description": "ClusterVersionOperatorList is a collection of ClusterVersionOperators.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "type": "object", - "required": [ - "metadata" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "capacity": { + "description": "capacity is the description of the persistent volume's resources and capacity. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + } }, - "items": { - "description": "items is a list of ClusterVersionOperators.", + "cephfs": { + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.CephFSPersistentVolumeSource" + }, + "cinder": { + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "$ref": "#/definitions/io.k8s.api.core.v1.CinderPersistentVolumeSource" + }, + "claimRef": { + "description": "claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. claim.VolumeName is the authoritative bind between PV and PVC. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding", + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference", + "x-kubernetes-map-type": "granular" + }, + "csi": { + "description": "csi represents storage that is handled by an external CSI driver.", + "$ref": "#/definitions/io.k8s.api.core.v1.CSIPersistentVolumeSource" + }, + "fc": { + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", + "$ref": "#/definitions/io.k8s.api.core.v1.FCVolumeSource" + }, + "flexVolume": { + "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", + "$ref": "#/definitions/io.k8s.api.core.v1.FlexPersistentVolumeSource" + }, + "flocker": { + "description": "flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.FlockerVolumeSource" + }, + "gcePersistentDisk": { + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "$ref": "#/definitions/io.k8s.api.core.v1.GCEPersistentDiskVolumeSource" + }, + "glusterfs": { + "description": "glusterfs represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md", + "$ref": "#/definitions/io.k8s.api.core.v1.GlusterfsPersistentVolumeSource" + }, + "hostPath": { + "description": "hostPath represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "$ref": "#/definitions/io.k8s.api.core.v1.HostPathVolumeSource" + }, + "iscsi": { + "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin.", + "$ref": "#/definitions/io.k8s.api.core.v1.ISCSIPersistentVolumeSource" + }, + "local": { + "description": "local represents directly-attached storage with node affinity", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalVolumeSource" + }, + "mountOptions": { + "description": "mountOptions is the list of mount options, e.g. [\"ro\", \"soft\"]. Not validated - mount will simply fail if one is invalid. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterVersionOperator" - } + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "nfs": { + "description": "nfs represents an NFS mount on the host. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "$ref": "#/definitions/io.k8s.api.core.v1.NFSVolumeSource" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorSpec": { - "description": "ClusterVersionOperatorSpec is the specification of the desired behavior of the Cluster Version Operator.", - "type": "object", - "properties": { - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "nodeAffinity": { + "description": "nodeAffinity defines constraints that limit what nodes this volume can be accessed from. This field influences the scheduling of pods that use this volume.", + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeNodeAffinity" + }, + "persistentVolumeReclaimPolicy": { + "description": "persistentVolumeReclaimPolicy defines what happens to a persistent volume when released from its claim. Valid options are Retain (default for manually created PersistentVolumes), Delete (default for dynamically provisioned PersistentVolumes), and Recycle (deprecated). Recycle must be supported by the volume plugin underlying this PersistentVolume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming\n\nPossible enum values:\n - `\"Delete\"` means the volume will be deleted from Kubernetes on release from its claim. The volume plugin must support Deletion.\n - `\"Recycle\"` means the volume will be recycled back into the pool of unbound persistent volumes on release from its claim. The volume plugin must support Recycling.\n - `\"Retain\"` means the volume will be left in its current phase (Released) for manual reclamation by the administrator. The default policy is Retain.", + "type": "string", + "enum": [ + "Delete", + "Recycle", + "Retain" + ] + }, + "photonPersistentDisk": { + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource" + }, + "portworxVolume": { + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on.", + "$ref": "#/definitions/io.k8s.api.core.v1.PortworxVolumeSource" + }, + "quobyte": { + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.QuobyteVolumeSource" + }, + "rbd": { + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md", + "$ref": "#/definitions/io.k8s.api.core.v1.RBDPersistentVolumeSource" + }, + "scaleIO": { + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.ScaleIOPersistentVolumeSource" + }, + "storageClassName": { + "description": "storageClassName is the name of StorageClass to which this persistent volume belongs. Empty value means that this volume does not belong to any StorageClass.", "type": "string" + }, + "storageos": { + "description": "storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. More info: https://examples.k8s.io/volumes/storageos/README.md", + "$ref": "#/definitions/io.k8s.api.core.v1.StorageOSPersistentVolumeSource" + }, + "volumeAttributesClassName": { + "description": "Name of VolumeAttributesClass to which this persistent volume belongs. Empty value is not allowed. When this field is not set, it indicates that this volume does not belong to any VolumeAttributesClass. This field is mutable and can be changed by the CSI driver after a volume has been updated successfully to a new class. For an unbound PersistentVolume, the volumeAttributesClassName will be matched with unbound PersistentVolumeClaims during the binding process.", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines if a volume is intended to be used with a formatted filesystem or to remain in raw block state. Value of Filesystem is implied when not included in spec.\n\nPossible enum values:\n - `\"Block\"` means the volume will not be formatted with a filesystem and will remain a raw block device.\n - `\"Filesystem\"` means the volume will be or is formatted with a filesystem.", + "type": "string", + "enum": [ + "Block", + "Filesystem" + ] + }, + "vsphereVolume": { + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver.", + "$ref": "#/definitions/io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource" } } }, - "com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorStatus": { - "description": "ClusterVersionOperatorStatus defines the observed status of the Cluster Version Operator.", - "type": "object", - "properties": { - "observedGeneration": { - "description": "observedGeneration represents the most recent generation observed by the operator and specifies the version of the spec field currently being synced.", - "type": "integer", - "format": "int64" - } - } - }, - "com.github.openshift.api.operator.v1alpha1.DelegatedAuthentication": { - "description": "DelegatedAuthentication allows authentication to be disabled.", + "io.k8s.api.core.v1.PersistentVolumeStatus": { + "description": "PersistentVolumeStatus is the current status of a persistent volume.", "type": "object", "properties": { - "disabled": { - "description": "disabled indicates that authentication should be disabled. By default it will use delegated authentication.", - "type": "boolean" + "lastPhaseTransitionTime": { + "description": "lastPhaseTransitionTime is the time the phase transitioned from one to another and automatically resets to current time everytime a volume phase transitions.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "message": { + "description": "message is a human-readable message indicating details about why the volume is in this state.", + "type": "string" + }, + "phase": { + "description": "phase indicates if a volume is available, bound to a claim, or released by a claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase\n\nPossible enum values:\n - `\"Available\"` used for PersistentVolumes that are not yet bound Available volumes are held by the binder and matched to PersistentVolumeClaims\n - `\"Bound\"` used for PersistentVolumes that are bound\n - `\"Failed\"` used for PersistentVolumes that failed to be correctly recycled or deleted after being released from a claim\n - `\"Pending\"` used for PersistentVolumes that are not available\n - `\"Released\"` used for PersistentVolumes where the bound PersistentVolumeClaim was deleted released volumes must be recycled before becoming available again this phase is used by the persistent volume claim binder to signal to another process to reclaim the resource", + "type": "string", + "enum": [ + "Available", + "Bound", + "Failed", + "Pending", + "Released" + ] + }, + "reason": { + "description": "reason is a brief CamelCase string that describes any failure and is meant for machine parsing and tidy display in the CLI.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1alpha1.DelegatedAuthorization": { - "description": "DelegatedAuthorization allows authorization to be disabled.", + "io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource": { + "description": "Represents a Photon Controller persistent disk resource.", "type": "object", + "required": [ + "pdID" + ], "properties": { - "disabled": { - "description": "disabled indicates that authorization should be disabled. By default it will use delegated authorization.", - "type": "boolean" + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "pdID": { + "description": "pdID is the ID that identifies Photon Controller persistent disk", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1alpha1.EtcdBackup": { - "description": "# EtcdBackup provides configuration options and status for a one-time backup attempt of the etcd cluster\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "io.k8s.api.core.v1.Pod": { + "description": "Pod is a collection of containers that can run on a host. This resource is created by clients and scheduled onto hosts.", "type": "object", - "required": [ - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -48191,341 +46720,377 @@ "type": "string" }, "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "spec": { - "description": "spec holds user settable values for configuration", + "description": "Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.EtcdBackupSpec" + "$ref": "#/definitions/io.k8s.api.core.v1.PodSpec" }, "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", + "description": "Most recently observed status of the pod. This data may not be up to date. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.EtcdBackupStatus" + "$ref": "#/definitions/io.k8s.api.core.v1.PodStatus" } } }, - "com.github.openshift.api.operator.v1alpha1.EtcdBackupList": { - "description": "EtcdBackupList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "io.k8s.api.core.v1.PodAffinity": { + "description": "Pod affinity is a group of inter pod affinity scheduling rules.", "type": "object", - "required": [ - "metadata", - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.EtcdBackup" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.operator.v1alpha1.EtcdBackupSpec": { - "type": "object", - "properties": { - "pvcName": { - "description": "pvcName specifies the name of the PersistentVolumeClaim (PVC) which binds a PersistentVolume where the etcd backup file would be saved The PVC itself must always be created in the \"openshift-etcd\" namespace If the PVC is left unspecified \"\" then the platform will choose a reasonable default location to save the backup. In the future this would be backups saved across the control-plane master nodes.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.operator.v1alpha1.EtcdBackupStatus": { - "type": "object", - "properties": { - "backupJob": { - "description": "backupJob is the reference to the Job that executes the backup. Optional", - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.BackupJobReference" + "$ref": "#/definitions/io.k8s.api.core.v1.WeightedPodAffinityTerm" + }, + "x-kubernetes-list-type": "atomic" }, - "conditions": { - "description": "conditions provide details on the status of the etcd backup job.", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.api.core.v1.PodAffinityTerm" }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.operator.v1alpha1.GenerationHistory": { - "description": "GenerationHistory keeps track of the generation for a given resource so that decisions about forced updated can be made. DEPRECATED: Use fields in v1.GenerationStatus instead", + "io.k8s.api.core.v1.PodAffinityTerm": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running", "type": "object", "required": [ - "group", - "resource", - "namespace", - "name", - "lastGeneration" + "topologyKey" ], "properties": { - "group": { - "description": "group is the group of the thing you're tracking", - "type": "string", - "default": "" + "labelSelector": { + "description": "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "type": "integer", - "format": "int64", - "default": 0 + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "name": { - "description": "name is the name of the thing you're tracking", - "type": "string", - "default": "" + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "namespace": { - "description": "namespace is where the thing you're tracking is", - "type": "string", - "default": "" + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1alpha1.GenericOperatorConfig": { - "description": "GenericOperatorConfig provides information to configure an operator\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "io.k8s.api.core.v1.PodAntiAffinity": { + "description": "Pod anti affinity is a group of inter pod anti affinity scheduling rules.", + "type": "object", + "properties": { + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and subtracting \"weight\" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.WeightedPodAffinityTerm" + }, + "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.PodAffinityTerm" + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "io.k8s.api.core.v1.PodAttachOptions": { + "description": "PodAttachOptions is the query options to a Pod's remote attach call.", "type": "object", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "authentication": { - "description": "authentication allows configuration of authentication for the endpoints", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.DelegatedAuthentication" - }, - "authorization": { - "description": "authorization allows configuration of authentication for the endpoints", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.DelegatedAuthorization" + "container": { + "description": "The container in which to execute the command. Defaults to only container if there is only one container in the pod.", + "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "leaderElection": { - "description": "leaderElection provides information to elect a leader. Only override this if you have a specific need", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.LeaderElection" + "stderr": { + "description": "Stderr if true indicates that stderr is to be redirected for the attach call. Defaults to true.", + "type": "boolean" }, - "servingInfo": { - "description": "servingInfo is the HTTP serving information for the controller's endpoints", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" + "stdin": { + "description": "Stdin if true, redirects the standard input stream of the pod for this call. Defaults to false.", + "type": "boolean" + }, + "stdout": { + "description": "Stdout if true indicates that stdout is to be redirected for the attach call. Defaults to true.", + "type": "boolean" + }, + "tty": { + "description": "TTY if true indicates that a tty will be allocated for the attach call. This is passed through the container runtime so the tty is allocated on the worker node by the container runtime. Defaults to false.", + "type": "boolean" } } }, - "com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicy": { - "description": "ImageContentSourcePolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "io.k8s.api.core.v1.PodCertificateProjection": { + "description": "PodCertificateProjection provides a private key and X.509 certificate in the pod filesystem.", "type": "object", "required": [ - "spec" + "signerName", + "keyType" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "certificateChainPath": { + "description": "Write the certificate chain at this path in the projected volume.\n\nMost applications should use credentialBundlePath. When using keyPath and certificateChainPath, your application needs to check that the key and leaf certificate are consistent, because it is possible to read the files mid-rotation.", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "credentialBundlePath": { + "description": "Write the credential bundle at this path in the projected volume.\n\nThe credential bundle is a single file that contains multiple PEM blocks. The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private key.\n\nThe remaining blocks are CERTIFICATE blocks, containing the issued certificate chain from the signer (leaf and any intermediates).\n\nUsing credentialBundlePath lets your Pod's application code make a single atomic read that retrieves a consistent key and certificate chain. If you project them to separate files, your application code will need to additionally check that the leaf certificate was issued to the key.", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "keyPath": { + "description": "Write the key at this path in the projected volume.\n\nMost applications should use credentialBundlePath. When using keyPath and certificateChainPath, your application needs to check that the key and leaf certificate are consistent, because it is possible to read the files mid-rotation.", + "type": "string" }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicySpec" + "keyType": { + "description": "The type of keypair Kubelet will generate for the pod.\n\nValid values are \"RSA3072\", \"RSA4096\", \"ECDSAP256\", \"ECDSAP384\", \"ECDSAP521\", and \"ED25519\".", + "type": "string" + }, + "maxExpirationSeconds": { + "description": "maxExpirationSeconds is the maximum lifetime permitted for the certificate.\n\nKubelet copies this value verbatim into the PodCertificateRequests it generates for this projection.\n\nIf omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver will reject values shorter than 3600 (1 hour). The maximum allowable value is 7862400 (91 days).\n\nThe signer implementation is then free to issue a certificate with any lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600 seconds (1 hour). This constraint is enforced by kube-apiserver. `kubernetes.io` signers will never issue certificates with a lifetime longer than 24 hours.", + "type": "integer", + "format": "int32" + }, + "signerName": { + "description": "Kubelet's generated CSRs will be addressed to this signer.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicyList": { - "description": "ImageContentSourcePolicyList lists the items in the ImageContentSourcePolicy CRD.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "io.k8s.api.core.v1.PodCondition": { + "description": "PodCondition contains details for the current condition of this pod.", "type": "object", "required": [ - "metadata", - "items" + "type", + "status" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "lastProbeTime": { + "description": "Last time we probed the condition.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", "type": "string" }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicy" - } + "observedGeneration": { + "description": "If set, this represents the .metadata.generation that the pod condition was set based upon. This is an alpha field. Enable PodObservedGenerationTracking to be able to use this field.", + "type": "integer", + "format": "int64" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions", + "type": "string", + "default": "" + }, + "type": { + "description": "Type is the type of the condition. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicySpec": { - "description": "ImageContentSourcePolicySpec is the specification of the ImageContentSourcePolicy CRD.", + "io.k8s.api.core.v1.PodDNSConfig": { + "description": "PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.", "type": "object", "properties": { - "repositoryDigestMirrors": { - "description": "repositoryDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in RepositoryDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. Only image pull specifications that have an image digest will have this behavior applied to them - tags will continue to be pulled from the specified repository in the pull spec.\n\nEach “source” repository is treated independently; configurations for different “source” repositories don’t interact.\n\nWhen multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.", + "nameservers": { + "description": "A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "options": { + "description": "A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.RepositoryDigestMirrors" - } + "$ref": "#/definitions/io.k8s.api.core.v1.PodDNSConfigOption" + }, + "x-kubernetes-list-type": "atomic" + }, + "searches": { + "description": "A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.operator.v1alpha1.LoggingConfig": { - "description": "LoggingConfig holds information about configuring logging DEPRECATED: Use v1.LogLevel instead", + "io.k8s.api.core.v1.PodDNSConfigOption": { + "description": "PodDNSConfigOption defines DNS resolver options of a pod.", "type": "object", - "required": [ - "level", - "vmodule" - ], "properties": { - "level": { - "description": "level is passed to glog.", - "type": "integer", - "format": "int64", - "default": 0 + "name": { + "description": "Name is this DNS resolver option's name. Required.", + "type": "string" }, - "vmodule": { - "description": "vmodule is passed to glog.", - "type": "string", - "default": "" + "value": { + "description": "Value is this DNS resolver option's value.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1alpha1.NodeStatus": { - "description": "NodeStatus provides information about the current state of a particular node managed by this operator. Deprecated: Use v1.NodeStatus instead", + "io.k8s.api.core.v1.PodExecOptions": { + "description": "PodExecOptions is the query options to a Pod's remote exec call.", "type": "object", "required": [ - "nodeName", - "currentDeploymentGeneration", - "targetDeploymentGeneration", - "lastFailedDeploymentGeneration", - "lastFailedDeploymentErrors" + "command" ], "properties": { - "currentDeploymentGeneration": { - "description": "currentDeploymentGeneration is the generation of the most recently successful deployment", - "type": "integer", - "format": "int32", - "default": 0 + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "lastFailedDeploymentErrors": { - "description": "lastFailedDeploymentGenerationErrors is a list of the errors during the failed deployment referenced in lastFailedDeploymentGeneration", + "command": { + "description": "Command is the remote command to execute. argv array. Not executed within a shell.", "type": "array", "items": { "type": "string", "default": "" - } - }, - "lastFailedDeploymentGeneration": { - "description": "lastFailedDeploymentGeneration is the generation of the deployment we tried and failed to deploy.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "nodeName": { - "description": "nodeName is the name of the node", - "type": "string", - "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "targetDeploymentGeneration": { - "description": "targetDeploymentGeneration is the generation of the deployment we're trying to apply", - "type": "integer", - "format": "int32", - "default": 0 - } - } - }, - "com.github.openshift.api.operator.v1alpha1.OLM": { - "description": "OLM provides information to configure an operator to manage the OLM controllers\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "type": "object", - "required": [ - "metadata", - "spec" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "container": { + "description": "Container in which to execute the command. Defaults to only container if there is only one container in the pod.", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "stderr": { + "description": "Redirect the standard error stream of the pod for this call.", + "type": "boolean" }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.OLMSpec" + "stdin": { + "description": "Redirect the standard input stream of the pod for this call. Defaults to false.", + "type": "boolean" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.OLMStatus" + "stdout": { + "description": "Redirect the standard output stream of the pod for this call.", + "type": "boolean" + }, + "tty": { + "description": "TTY if true indicates that a tty will be allocated for the exec call. Defaults to false.", + "type": "boolean" } } }, - "com.github.openshift.api.operator.v1alpha1.OLMList": { - "description": "OLMList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "io.k8s.api.core.v1.PodExtendedResourceClaimStatus": { + "description": "PodExtendedResourceClaimStatus is stored in the PodStatus for the extended resource requests backed by DRA. It stores the generated name for the corresponding special ResourceClaim created by the scheduler.", "type": "object", "required": [ - "metadata", - "items" + "requestMappings", + "resourceClaimName" ], "properties": { - "apiVersion": { + "requestMappings": { + "description": "RequestMappings identifies the mapping of to device request in the generated ResourceClaim.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerExtendedResourceRequest" + }, + "x-kubernetes-list-type": "atomic" + }, + "resourceClaimName": { + "description": "ResourceClaimName is the name of the ResourceClaim that was generated for the Pod in the namespace of the Pod.", + "type": "string", + "default": "" + } + } + }, + "io.k8s.api.core.v1.PodIP": { + "description": "PodIP represents a single IP address allocated to the pod.", + "type": "object", + "required": [ + "ip" + ], + "properties": { + "ip": { + "description": "IP is the IP address assigned to the pod", + "type": "string", + "default": "" + } + } + }, + "io.k8s.api.core.v1.PodList": { + "description": "PodList is a list of Pods.", + "type": "object", + "required": [ + "items" + ], + "properties": { + "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "items": { - "description": "items contains the items", + "description": "List of pods. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.OLM" + "$ref": "#/definitions/io.k8s.api.core.v1.Pod" } }, "kind": { @@ -48533,388 +47098,729 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1alpha1.OLMSpec": { + "io.k8s.api.core.v1.PodLogOptions": { + "description": "PodLogOptions is the query options for a Pod's logs REST call.", "type": "object", - "required": [ - "managementState" - ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "type": "string", - "default": "" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" - }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "container": { + "description": "The container for which to stream logs. Defaults to only container if there is one container in the pod.", "type": "string" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.operator.v1alpha1.OLMStatus": { - "type": "object", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "follow": { + "description": "Follow the log stream of the pod. Defaults to false.", + "type": "boolean" }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" + "insecureSkipTLSVerifyBackend": { + "description": "insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the serving certificate of the backend it is connecting to. This will make the HTTPS connection between the apiserver and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real kubelet. If the kubelet is configured to verify the apiserver's TLS credentials, it does not mean the connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept the actual log data coming from the real kubelet).", + "type": "boolean" }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", + "limitBytes": { + "description": "If set, the number of bytes to read from the server before terminating the log output. This may not display a complete final line of logging, and may return slightly more or slightly less than the specified limit.", "type": "integer", "format": "int64" }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "previous": { + "description": "Return previous terminated container logs. Defaults to false.", + "type": "boolean" + }, + "sinceSeconds": { + "description": "A relative time in seconds before the current time from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", "type": "integer", - "format": "int32", - "default": 0 + "format": "int64" }, - "version": { - "description": "version is the level this availability applies to", + "sinceTime": { + "description": "An RFC3339 timestamp from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "stream": { + "description": "Specify which container log stream to return to the client. Acceptable values are \"All\", \"Stdout\" and \"Stderr\". If not specified, \"All\" is used, and both stdout and stderr are returned interleaved. Note that when \"TailLines\" is specified, \"Stream\" can only be set to nil or \"All\".", "type": "string" + }, + "tailLines": { + "description": "If set, the number of lines from the end of the logs to show. If not specified, logs are shown from the creation of the container or sinceSeconds or sinceTime. Note that when \"TailLines\" is specified, \"Stream\" can only be set to nil or \"All\".", + "type": "integer", + "format": "int64" + }, + "timestamps": { + "description": "If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line of log output. Defaults to false.", + "type": "boolean" } } }, - "com.github.openshift.api.operator.v1alpha1.OperatorCondition": { - "description": "OperatorCondition is just the standard condition fields. DEPRECATED: Use v1.OperatorCondition instead", + "io.k8s.api.core.v1.PodOS": { + "description": "PodOS defines the OS parameters of a pod.", "type": "object", "required": [ - "type", - "status" + "name" ], "properties": { - "lastTransitionTime": { - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "name": { + "description": "Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: null", + "type": "string", + "default": "" + } + } + }, + "io.k8s.api.core.v1.PodPortForwardOptions": { + "description": "PodPortForwardOptions is the query options to a Pod's port forward call when using WebSockets. The `port` query parameter must specify the port or ports (comma separated) to forward over. Port forwarding over SPDY does not use these options. It requires the port to be passed in the `port` header as part of request.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "message": { + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "reason": { + "ports": { + "description": "List of ports to forward Required when using WebSockets", + "type": "array", + "items": { + "type": "integer", + "format": "int32", + "default": 0 + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "io.k8s.api.core.v1.PodProxyOptions": { + "description": "PodProxyOptions is the query options to a Pod's proxy call.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "status": { - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "type": { - "type": "string", - "default": "" + "path": { + "description": "Path is the URL path to use for the current proxy request to pod.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1alpha1.OperatorSpec": { - "description": "OperatorSpec contains common fields for an operator to need. It is intended to be anonymous included inside of the Spec struct for you particular operator. DEPRECATED: Use v1.OperatorSpec instead", + "io.k8s.api.core.v1.PodReadinessGate": { + "description": "PodReadinessGate contains the reference to a pod condition", "type": "object", "required": [ - "managementState", - "imagePullSpec", - "imagePullPolicy", - "version" + "conditionType" ], "properties": { - "imagePullPolicy": { - "description": "imagePullPolicy specifies the image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.", + "conditionType": { + "description": "ConditionType refers to a condition in the pod's condition list with matching type.", "type": "string", "default": "" - }, - "imagePullSpec": { - "description": "imagePullSpec is the image to use for the component.", + } + } + }, + "io.k8s.api.core.v1.PodResourceClaim": { + "description": "PodResourceClaim references exactly one ResourceClaim, either directly or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim for the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL.", "type": "string", "default": "" }, - "logging": { - "description": "logging contains glog parameters for the component pods. It's always a command line arg for the moment", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.LoggingConfig" + "resourceClaimName": { + "description": "ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must be set.", + "type": "string" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "resourceClaimTemplateName": { + "description": "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must be set.", + "type": "string" + } + } + }, + "io.k8s.api.core.v1.PodResourceClaimStatus": { + "description": "PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim which references a ResourceClaimTemplate. It stores the generated name for the corresponding ResourceClaim.", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "Name uniquely identifies this resource claim inside the pod. This must match the name of an entry in pod.spec.resourceClaims, which implies that the string must be a DNS_LABEL.", "type": "string", "default": "" }, - "version": { - "description": "version is the desired state in major.minor.micro-patch. Usually patch is ignored.", + "resourceClaimName": { + "description": "ResourceClaimName is the name of the ResourceClaim that was generated for the Pod in the namespace of the Pod. If this is unset, then generating a ResourceClaim was not necessary. The pod.spec.resourceClaims entry can be ignored in this case.", + "type": "string" + } + } + }, + "io.k8s.api.core.v1.PodSchedulingGate": { + "description": "PodSchedulingGate is associated to a Pod to guard its scheduling.", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "Name of the scheduling gate. Each scheduling gate must have a unique name field.", "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1alpha1.OperatorStatus": { - "description": "OperatorStatus contains common fields for an operator to need. It is intended to be anonymous included inside of the Status struct for you particular operator. DEPRECATED: Use v1.OperatorStatus instead", + "io.k8s.api.core.v1.PodSecurityContext": { + "description": "PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.", "type": "object", "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.OperatorCondition" - } + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.", + "$ref": "#/definitions/io.k8s.api.core.v1.AppArmorProfile" }, - "currentVersionAvailability": { - "description": "currentVersionAvailability is availability information for the current version. If it is unmanged or removed, this doesn't exist.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.VersionAvailability" + "fsGroup": { + "description": "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:\n\n1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.", + "type": "integer", + "format": "int64" }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", + "fsGroupChangePolicy": { + "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used. Note that this field cannot be set when spec.os.name is windows.\n\nPossible enum values:\n - `\"Always\"` indicates that volume's ownership and permissions should always be changed whenever volume is mounted inside a Pod. This the default behavior.\n - `\"OnRootMismatch\"` indicates that volume's ownership and permissions will be changed only when permission and ownership of root directory does not match with expected permissions on the volume. This can help shorten the time it takes to change ownership and permissions of a volume.", + "type": "string", + "enum": [ + "Always", + "OnRootMismatch" + ] + }, + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", "type": "integer", "format": "int64" }, - "state": { - "description": "state indicates what the operator has observed to be its current operational status.", - "type": "string" + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" }, - "targetVersionAvailability": { - "description": "targetVersionAvailability is availability information for the target version if we are migrating", - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.VersionAvailability" + "runAsUser": { + "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", + "type": "integer", + "format": "int64" }, - "taskSummary": { - "description": "taskSummary is a high level summary of what the controller is currently attempting to do. It is high-level, human-readable and not guaranteed in any way. (I needed this for debugging and realized it made a great summary).", + "seLinuxChangePolicy": { + "description": "seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are \"MountOption\" and \"Recursive\".\n\n\"Recursive\" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.\n\n\"MountOption\" mounts all eligible Pod volumes with `-o context` mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. \"MountOption\" value is allowed only when SELinuxMount feature gate is enabled.\n\nIf not specified and SELinuxMount feature gate is enabled, \"MountOption\" is used. If not specified and SELinuxMount feature gate is disabled, \"MountOption\" is used for ReadWriteOncePod volumes and \"Recursive\" for all other volumes.\n\nThis field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.\n\nAll Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows.", "type": "string" + }, + "seLinuxOptions": { + "description": "The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", + "$ref": "#/definitions/io.k8s.api.core.v1.SELinuxOptions" + }, + "seccompProfile": { + "description": "The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.", + "$ref": "#/definitions/io.k8s.api.core.v1.SeccompProfile" + }, + "supplementalGroups": { + "description": "A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.", + "type": "array", + "items": { + "type": "integer", + "format": "int64", + "default": 0 + }, + "x-kubernetes-list-type": "atomic" + }, + "supplementalGroupsPolicy": { + "description": "Defines how supplemental groups of the first container processes are calculated. Valid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.\n\nPossible enum values:\n - `\"Merge\"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be merged with the primary user's groups as defined in the container image (in /etc/group).\n - `\"Strict\"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be used instead of any groups defined in the container image.", + "type": "string", + "enum": [ + "Merge", + "Strict" + ] + }, + "sysctls": { + "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.Sysctl" + }, + "x-kubernetes-list-type": "atomic" + }, + "windowsOptions": { + "description": "The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", + "$ref": "#/definitions/io.k8s.api.core.v1.WindowsSecurityContextOptions" } } }, - "com.github.openshift.api.operator.v1alpha1.RepositoryDigestMirrors": { - "description": "RepositoryDigestMirrors holds cluster-wide information about how to handle mirros in the registries config. Note: the mirrors only work when pulling the images that are referenced by their digests.", + "io.k8s.api.core.v1.PodSignature": { + "description": "Describes the class of pods that should avoid this node. Exactly one field should be set.", "type": "object", - "required": [ - "source" - ], "properties": { - "mirrors": { - "description": "mirrors is one or more repositories that may also contain the same images. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. Other cluster configuration, including (but not limited to) other repositoryDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "source": { - "description": "source is the repository that users refer to, e.g. in image pull specifications.", - "type": "string", - "default": "" + "podController": { + "description": "Reference to controller whose pods should avoid this node.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference" } } }, - "com.github.openshift.api.operator.v1alpha1.StaticPodOperatorStatus": { - "description": "StaticPodOperatorStatus is status for controllers that manage static pods. There are different needs because individual node status must be tracked. DEPRECATED: Use v1.StaticPodOperatorStatus instead", + "io.k8s.api.core.v1.PodSpec": { + "description": "PodSpec is a description of a pod.", "type": "object", "required": [ - "latestAvailableDeploymentGeneration", - "nodeStatuses" + "containers" ], "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", + "activeDeadlineSeconds": { + "description": "Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.", + "type": "integer", + "format": "int64" + }, + "affinity": { + "description": "If specified, the pod's scheduling constraints", + "$ref": "#/definitions/io.k8s.api.core.v1.Affinity" + }, + "automountServiceAccountToken": { + "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.", + "type": "boolean" + }, + "containers": { + "description": "List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.OperatorCondition" - } + "$ref": "#/definitions/io.k8s.api.core.v1.Container" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" }, - "currentVersionAvailability": { - "description": "currentVersionAvailability is availability information for the current version. If it is unmanged or removed, this doesn't exist.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.VersionAvailability" + "dnsConfig": { + "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.", + "$ref": "#/definitions/io.k8s.api.core.v1.PodDNSConfig" }, - "latestAvailableDeploymentGeneration": { - "description": "latestAvailableDeploymentGeneration is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32", - "default": 0 + "dnsPolicy": { + "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.\n\nPossible enum values:\n - `\"ClusterFirst\"` indicates that the pod should use cluster DNS first unless hostNetwork is true, if it is available, then fall back on the default (as determined by kubelet) DNS settings.\n - `\"ClusterFirstWithHostNet\"` indicates that the pod should use cluster DNS first, if it is available, then fall back on the default (as determined by kubelet) DNS settings.\n - `\"Default\"` indicates that the pod should use the default (as determined by kubelet) DNS settings.\n - `\"None\"` indicates that the pod should use empty DNS settings. DNS parameters such as nameservers and search paths should be defined via DNSConfig.", + "type": "string", + "enum": [ + "ClusterFirst", + "ClusterFirstWithHostNet", + "Default", + "None" + ] }, - "nodeStatuses": { - "description": "nodeStatuses track the deployment values and errors across individual nodes", + "enableServiceLinks": { + "description": "EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true.", + "type": "boolean" + }, + "ephemeralContainers": { + "description": "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.NodeStatus" - } + "$ref": "#/definitions/io.k8s.api.core.v1.EphemeralContainer" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" + "hostAliases": { + "description": "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.HostAlias" + }, + "x-kubernetes-list-map-keys": [ + "ip" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "ip", + "x-kubernetes-patch-strategy": "merge" }, - "state": { - "description": "state indicates what the operator has observed to be its current operational status.", - "type": "string" + "hostIPC": { + "description": "Use the host's ipc namespace. Optional: Default to false.", + "type": "boolean" }, - "targetVersionAvailability": { - "description": "targetVersionAvailability is availability information for the target version if we are migrating", - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.VersionAvailability" + "hostNetwork": { + "description": "Host networking requested for this pod. Use the host's network namespace. When using HostNetwork you should specify ports so the scheduler is aware. When `hostNetwork` is true, specified `hostPort` fields in port definitions must match `containerPort`, and unspecified `hostPort` fields in port definitions are defaulted to match `containerPort`. Default to false.", + "type": "boolean" }, - "taskSummary": { - "description": "taskSummary is a high level summary of what the controller is currently attempting to do. It is high-level, human-readable and not guaranteed in any way. (I needed this for debugging and realized it made a great summary).", + "hostPID": { + "description": "Use the host's pid namespace. Optional: Default to false.", + "type": "boolean" + }, + "hostUsers": { + "description": "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.", + "type": "boolean" + }, + "hostname": { + "description": "Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.", "type": "string" - } - } - }, - "com.github.openshift.api.operator.v1alpha1.VersionAvailability": { - "description": "VersionAvailability gives information about the synchronization and operational status of a particular version of the component DEPRECATED: Use fields in v1.OperatorStatus instead", - "type": "object", - "required": [ - "version", - "updatedReplicas", - "readyReplicas", - "errors", - "generations" - ], - "properties": { - "errors": { - "description": "errors indicates what failures are associated with the operator trying to manage this version", + }, + "hostnameOverride": { + "description": "HostnameOverride specifies an explicit override for the pod's hostname as perceived by the pod. This field only specifies the pod's hostname and does not affect its DNS records. When this field is set to a non-empty string: - It takes precedence over the values set in `hostname` and `subdomain`. - The Pod's hostname will be set to this value. - `setHostnameAsFQDN` must be nil or set to false. - `hostNetwork` must be set to false.\n\nThis field must be a valid DNS subdomain as defined in RFC 1123 and contain at most 64 characters. Requires the HostnameOverride feature gate to be enabled.", + "type": "string" + }, + "imagePullSecrets": { + "description": "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod", "type": "array", "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + }, + "initContainers": { + "description": "List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.Container" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + }, + "nodeName": { + "description": "NodeName indicates in which node this pod is scheduled. If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. This field should not be used to express a desire for the pod to be scheduled on a specific node. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename", + "type": "string" + }, + "nodeSelector": { + "description": "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object", + "additionalProperties": { "type": "string", "default": "" + }, + "x-kubernetes-map-type": "atomic" + }, + "os": { + "description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.resources - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.securityContext.supplementalGroupsPolicy - spec.containers[*].securityContext.appArmorProfile - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup", + "$ref": "#/definitions/io.k8s.api.core.v1.PodOS" + }, + "overhead": { + "description": "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" } }, - "generations": { - "description": "generations allows an operator to track what the generation of \"important\" resources was the last time we updated them", + "preemptionPolicy": { + "description": "PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.\n\nPossible enum values:\n - `\"Never\"` means that pod never preempts other pods with lower priority.\n - `\"PreemptLowerPriority\"` means that pod can preempt other pods with lower priority.", + "type": "string", + "enum": [ + "Never", + "PreemptLowerPriority" + ] + }, + "priority": { + "description": "The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.", + "type": "integer", + "format": "int32" + }, + "priorityClassName": { + "description": "If specified, indicates the pod's priority. \"system-node-critical\" and \"system-cluster-critical\" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.", + "type": "string" + }, + "readinessGates": { + "description": "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.GenerationHistory" - } + "$ref": "#/definitions/io.k8s.api.core.v1.PodReadinessGate" + }, + "x-kubernetes-list-type": "atomic" }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "resourceClaims": { + "description": "ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.PodResourceClaim" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge,retainKeys" }, - "updatedReplicas": { - "description": "updatedReplicas indicates how many replicas are at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "resources": { + "description": "Resources is the total amount of CPU and Memory resources required by all containers in the pod. It supports specifying Requests and Limits for \"cpu\", \"memory\" and \"hugepages-\" resource names only. ResourceClaims are not supported.\n\nThis field enables fine-grained control over resource allocation for the entire pod, allowing resource sharing among containers in a pod.\n\nThis is an alpha field and requires enabling the PodLevelResources feature gate.", + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" }, - "version": { - "description": "version is the level this availability applies to", + "restartPolicy": { + "description": "Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy\n\nPossible enum values:\n - `\"Always\"`\n - `\"Never\"`\n - `\"OnFailure\"`", "type": "string", - "default": "" + "enum": [ + "Always", + "Never", + "OnFailure" + ] + }, + "runtimeClassName": { + "description": "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class", + "type": "string" + }, + "schedulerName": { + "description": "If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.", + "type": "string" + }, + "schedulingGates": { + "description": "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.PodSchedulingGate" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + }, + "securityContext": { + "description": "SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.", + "$ref": "#/definitions/io.k8s.api.core.v1.PodSecurityContext" + }, + "serviceAccount": { + "description": "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.", + "type": "string" + }, + "serviceAccountName": { + "description": "ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", + "type": "string" + }, + "setHostnameAsFQDN": { + "description": "If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false.", + "type": "boolean" + }, + "shareProcessNamespace": { + "description": "Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false.", + "type": "boolean" + }, + "subdomain": { + "description": "If specified, the fully qualified Pod hostname will be \"...svc.\". If not specified, the pod will not have a domainname at all.", + "type": "string" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.", + "type": "integer", + "format": "int64" + }, + "tolerations": { + "description": "If specified, the pod's tolerations.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" + }, + "x-kubernetes-list-type": "atomic" + }, + "topologySpreadConstraints": { + "description": "TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint" + }, + "x-kubernetes-list-map-keys": [ + "topologyKey", + "whenUnsatisfiable" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "topologyKey", + "x-kubernetes-patch-strategy": "merge" + }, + "volumes": { + "description": "List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.Volume" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge,retainKeys" } } }, - "com.github.openshift.api.operatorcontrolplane.v1alpha1.LogEntry": { - "description": "LogEntry records events", + "io.k8s.api.core.v1.PodStatus": { + "description": "PodStatus represents information about the status of a pod. Status may trail the actual state of a system, especially if the node that hosts the pod cannot contact the control plane.", "type": "object", - "required": [ - "time", - "success" - ], "properties": { - "latency": { - "description": "latency records how long the action mentioned in the entry took.", - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + "conditions": { + "description": "Current service state of pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.PodCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, + "containerStatuses": { + "description": "Statuses of containers in this pod. Each container in the pod should have at most one status in this list, and all statuses should be for containers in the pod. However this is not enforced. If a status for a non-existent container is present in the list, or the list has duplicate names, the behavior of various Kubernetes components is not defined and those statuses might be ignored. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerStatus" + }, + "x-kubernetes-list-type": "atomic" + }, + "ephemeralContainerStatuses": { + "description": "Statuses for any ephemeral containers that have run in this pod. Each ephemeral container in the pod should have at most one status in this list, and all statuses should be for containers in the pod. However this is not enforced. If a status for a non-existent container is present in the list, or the list has duplicate names, the behavior of various Kubernetes components is not defined and those statuses might be ignored. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerStatus" + }, + "x-kubernetes-list-type": "atomic" + }, + "extendedResourceClaimStatus": { + "description": "Status of extended resource claim backed by DRA.", + "$ref": "#/definitions/io.k8s.api.core.v1.PodExtendedResourceClaimStatus" + }, + "hostIP": { + "description": "hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet. A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will not be updated even if there is a node is assigned to pod", + "type": "string" + }, + "hostIPs": { + "description": "hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must match the hostIP field. This list is empty if the pod has not started yet. A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will not be updated even if there is a node is assigned to this pod.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.HostIP" + }, + "x-kubernetes-list-type": "atomic", + "x-kubernetes-patch-merge-key": "ip", + "x-kubernetes-patch-strategy": "merge" + }, + "initContainerStatuses": { + "description": "Statuses of init containers in this pod. The most recent successful non-restartable init container will have ready = true, the most recently started container will have startTime set. Each init container in the pod should have at most one status in this list, and all statuses should be for containers in the pod. However this is not enforced. If a status for a non-existent container is present in the list, or the list has duplicate names, the behavior of various Kubernetes components is not defined and those statuses might be ignored. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-and-container-status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ContainerStatus" + }, + "x-kubernetes-list-type": "atomic" }, "message": { - "description": "message explaining status in a human readable format.", + "description": "A human readable message indicating details about why the pod is in this condition.", "type": "string" }, - "reason": { - "description": "reason for status in a machine readable format.", + "nominatedNodeName": { + "description": "nominatedNodeName is set only when this pod preempts other pods on the node, but it cannot be scheduled right away as preemption victims receive their graceful termination periods. This field does not guarantee that the pod will be scheduled on this node. Scheduler may decide to place the pod elsewhere if other nodes become available sooner. Scheduler may also decide to give the resources on this node to a higher priority pod that is created after preemption. As a result, this field may be different than PodSpec.nodeName when the pod is scheduled.", "type": "string" }, - "success": { - "description": "success indicates if the log entry indicates a success or failure.", - "type": "boolean", - "default": false + "observedGeneration": { + "description": "If set, this represents the .metadata.generation that the pod status was set based upon. This is an alpha field. Enable PodObservedGenerationTracking to be able to use this field.", + "type": "integer", + "format": "int64" }, - "time": { - "description": "Start time of check action.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.operatorcontrolplane.v1alpha1.OutageEntry": { - "description": "OutageEntry records time period of an outage", - "type": "object", - "required": [ - "start" - ], - "properties": { - "end": { - "description": "end of outage detected", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "phase": { + "description": "The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle. The conditions array, the reason and message fields, and the individual container status arrays contain more detail about the pod's status. There are five possible phase values:\n\nPending: The pod has been accepted by the Kubernetes system, but one or more of the container images has not been created. This includes time before being scheduled as well as time spent downloading images over the network, which could take a while. Running: The pod has been bound to a node, and all of the containers have been created. At least one container is still running, or is in the process of starting or restarting. Succeeded: All containers in the pod have terminated in success, and will not be restarted. Failed: All containers in the pod have terminated, and at least one container has terminated in failure. The container either exited with non-zero status or was terminated by the system. Unknown: For some reason the state of the pod could not be obtained, typically due to an error in communicating with the host of the pod.\n\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase\n\nPossible enum values:\n - `\"Failed\"` means that all containers in the pod have terminated, and at least one container has terminated in a failure (exited with a non-zero exit code or was stopped by the system).\n - `\"Pending\"` means the pod has been accepted by the system, but one or more of the containers has not been started. This includes time before being bound to a node, as well as time spent pulling images onto the host.\n - `\"Running\"` means the pod has been bound to a node and all of the containers have been started. At least one container is still running or is in the process of being restarted.\n - `\"Succeeded\"` means that all containers in the pod have voluntarily terminated with a container exit code of 0, and the system is not going to restart any of these containers.\n - `\"Unknown\"` means that for some reason the state of the pod could not be obtained, typically due to an error in communicating with the host of the pod. Deprecated: It isn't being set since 2015 (74da3b14b0c0f658b3bb8d2def5094686d0e9095)", + "type": "string", + "enum": [ + "Failed", + "Pending", + "Running", + "Succeeded", + "Unknown" + ] }, - "endLogs": { - "description": "endLogs contains log entries related to the end of this outage. Should contain the success entry that resolved the outage and possibly a few of the failure log entries that preceded it.", + "podIP": { + "description": "podIP address allocated to the pod. Routable at least within the cluster. Empty if not yet allocated.", + "type": "string" + }, + "podIPs": { + "description": "podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list is empty if no IPs have been allocated yet.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.LogEntry" - } + "$ref": "#/definitions/io.k8s.api.core.v1.PodIP" + }, + "x-kubernetes-list-map-keys": [ + "ip" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "ip", + "x-kubernetes-patch-strategy": "merge" }, - "message": { - "description": "message summarizes outage details in a human readable format.", + "qosClass": { + "description": "The Quality of Service (QOS) classification assigned to the pod based on resource requirements See PodQOSClass type for available QOS classes More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes\n\nPossible enum values:\n - `\"BestEffort\"` is the BestEffort qos class.\n - `\"Burstable\"` is the Burstable qos class.\n - `\"Guaranteed\"` is the Guaranteed qos class.", + "type": "string", + "enum": [ + "BestEffort", + "Burstable", + "Guaranteed" + ] + }, + "reason": { + "description": "A brief CamelCase message indicating details about why the pod is in this state. e.g. 'Evicted'", "type": "string" }, - "start": { - "description": "start of outage detected", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "resize": { + "description": "Status of resources resize desired for pod's containers. It is empty if no resources resize is pending. Any changes to container resources will automatically set this to \"Proposed\" Deprecated: Resize status is moved to two pod conditions PodResizePending and PodResizeInProgress. PodResizePending will track states where the spec has been resized, but the Kubelet has not yet allocated the resources. PodResizeInProgress will track in-progress resizes, and should be present whenever allocated resources != acknowledged resources.", + "type": "string" }, - "startLogs": { - "description": "startLogs contains log entries related to the start of this outage. Should contain the original failure, any entries where the failure mode changed.", + "resourceClaimStatuses": { + "description": "Status of resource claims.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.LogEntry" - } + "$ref": "#/definitions/io.k8s.api.core.v1.PodResourceClaimStatus" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge,retainKeys" + }, + "startTime": { + "description": "RFC 3339 date and time at which the object was acknowledged by the Kubelet. This is before the Kubelet pulled the container image(s) for the pod.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" } } }, - "com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheck": { - "description": "PodNetworkConnectivityCheck\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "io.k8s.api.core.v1.PodStatusResult": { + "description": "PodStatusResult is a wrapper for PodStatus returned by kubelet that can be encode/decoded", "type": "object", - "required": [ - "metadata", - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -48925,60 +47831,45 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "spec defines the source and target of the connectivity check", + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckSpec" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, "status": { - "description": "status contains the observed status of the connectivity check", + "description": "Most recently observed status of the pod. This data may not be up to date. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckStatus" + "$ref": "#/definitions/io.k8s.api.core.v1.PodStatus" } } }, - "com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckCondition": { - "description": "PodNetworkConnectivityCheckCondition represents the overall status of the pod network connectivity.", + "io.k8s.api.core.v1.PodTemplate": { + "description": "PodTemplate describes a template for creating copies of a predefined pod.", "type": "object", - "required": [ - "type", - "status", - "lastTransitionTime" - ], "properties": { - "lastTransitionTime": { - "description": "Last time the condition transitioned from one status to another.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "message": { - "description": "message indicating details about last transition in a human readable format.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "reason": { - "description": "reason for the condition's last status transition in a machine readable format.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "status": { - "description": "status of the condition", - "type": "string", - "default": "" + "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "type": { - "description": "type of the condition", - "type": "string", - "default": "" + "template": { + "description": "Template defines the pods that will be created from this pod template. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.PodTemplateSpec" } } }, - "com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckList": { - "description": "PodNetworkConnectivityCheckList is a collection of PodNetworkConnectivityCheck\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "io.k8s.api.core.v1.PodTemplateList": { + "description": "PodTemplateList is a list of PodTemplates.", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -48987,11 +47878,11 @@ "type": "string" }, "items": { - "description": "items contains the items", + "description": "List of pod templates", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheck" + "$ref": "#/definitions/io.k8s.api.core.v1.PodTemplate" } }, "kind": { @@ -48999,1158 +47890,1258 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckSpec": { + "io.k8s.api.core.v1.PodTemplateSpec": { + "description": "PodTemplateSpec describes the data a pod should have when created from a template", "type": "object", - "required": [ - "sourcePod", - "targetEndpoint" - ], "properties": { - "sourcePod": { - "description": "sourcePod names the pod from which the condition will be checked", - "type": "string", - "default": "" - }, - "targetEndpoint": { - "description": "EndpointAddress to check. A TCP address of the form host:port. Note that if host is a DNS name, then the check would fail if the DNS name cannot be resolved. Specify an IP address for host to bypass DNS name lookup.", - "type": "string", - "default": "" + "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "tlsClientCert": { - "description": "TLSClientCert, if specified, references a kubernetes.io/tls type secret with 'tls.crt' and 'tls.key' entries containing an optional TLS client certificate and key to be used when checking endpoints that require a client certificate in order to gracefully preform the scan without causing excessive logging in the endpoint process. The secret must exist in the same namespace as this resource.", + "spec": { + "description": "Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "$ref": "#/definitions/io.k8s.api.core.v1.PodSpec" } } }, - "com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckStatus": { + "io.k8s.api.core.v1.PortStatus": { + "description": "PortStatus represents the error condition of a service port", "type": "object", + "required": [ + "port", + "protocol" + ], "properties": { - "conditions": { - "description": "conditions summarize the status of the check", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckCondition" - }, - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" - }, - "failures": { - "description": "failures contains logs of unsuccessful check actions", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.LogEntry" - } + "error": { + "description": "Error is to record the problem with the service port The format of the error shall comply with the following rules: - built-in error values shall be specified in this file and those shall use\n CamelCase names\n- cloud provider specific error values must have names that comply with the\n format foo.example.com/CamelCase.", + "type": "string" }, - "outages": { - "description": "outages contains logs of time periods of outages", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.OutageEntry" - } + "port": { + "description": "Port is the port number of the service port of which status is recorded here", + "type": "integer", + "format": "int32", + "default": 0 }, - "successes": { - "description": "successes contains logs successful check actions", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.LogEntry" - } + "protocol": { + "description": "Protocol is the protocol of the service port of which status is recorded here The supported values are: \"TCP\", \"UDP\", \"SCTP\"\n\nPossible enum values:\n - `\"SCTP\"` is the SCTP protocol.\n - `\"TCP\"` is the TCP protocol.\n - `\"UDP\"` is the UDP protocol.", + "type": "string", + "default": "", + "enum": [ + "SCTP", + "TCP", + "UDP" + ] } } }, - "com.github.openshift.api.operatoringress.v1.DNSRecord": { - "description": "DNSRecord is a DNS record managed in the zones defined by dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone.\n\nCluster admin manipulation of this resource is not supported. This resource is only for internal communication of OpenShift operators.\n\nIf DNSManagementPolicy is \"Unmanaged\", the operator will not be responsible for managing the DNS records on the cloud provider.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.PortworxVolumeSource": { + "description": "PortworxVolumeSource represents a Portworx volume resource.", "type": "object", "required": [ - "spec", - "status" + "volumeID" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "fsType": { + "description": "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "spec is the specification of the desired behavior of the dnsRecord.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatoringress.v1.DNSRecordSpec" + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" }, - "status": { - "description": "status is the most recently observed status of the dnsRecord.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatoringress.v1.DNSRecordStatus" + "volumeID": { + "description": "volumeID uniquely identifies a Portworx volume", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operatoringress.v1.DNSRecordList": { - "description": "DNSRecordList contains a list of dnsrecords.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.PreferAvoidPodsEntry": { + "description": "Describes a class of pods that should avoid this node.", "type": "object", "required": [ - "items" + "podSignature" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatoringress.v1.DNSRecord" - }, - "x-kubernetes-list-type": "atomic" + "evictionTime": { + "description": "Time at which this entry was added to the list.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "message": { + "description": "Human readable message indicating why this entry was added to the list.", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "podSignature": { + "description": "The class of pods.", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.api.core.v1.PodSignature" + }, + "reason": { + "description": "(brief) reason why this entry was added to the list.", + "type": "string" } } }, - "com.github.openshift.api.operatoringress.v1.DNSRecordSpec": { - "description": "DNSRecordSpec contains the details of a DNS record.", + "io.k8s.api.core.v1.PreferredSchedulingTerm": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "type": "object", "required": [ - "dnsName", - "targets", - "recordType", - "recordTTL", - "dnsManagementPolicy" + "weight", + "preference" ], "properties": { - "dnsManagementPolicy": { - "description": "dnsManagementPolicy denotes the current policy applied on the DNS record. Records that have policy set as \"Unmanaged\" are ignored by the ingress operator. This means that the DNS record on the cloud provider is not managed by the operator, and the \"Published\" status condition will be updated to \"Unknown\" status, since it is externally managed. Any existing record on the cloud provider can be deleted at the discretion of the cluster admin.\n\nThis field defaults to Managed. Valid values are \"Managed\" and \"Unmanaged\".", - "type": "string", - "default": "Managed" - }, - "dnsName": { - "description": "dnsName is the hostname of the DNS record", - "type": "string", - "default": "" + "preference": { + "description": "A node selector term, associated with the corresponding weight.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorTerm" }, - "recordTTL": { - "description": "recordTTL is the record TTL in seconds. If zero, the default is 30. RecordTTL will not be used in AWS regions Alias targets, but will be used in CNAME targets, per AWS API contract.", + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", "type": "integer", - "format": "int64", + "format": "int32", "default": 0 - }, - "recordType": { - "description": "recordType is the DNS record type. For example, \"A\", \"AAAA\", or \"CNAME\".", - "type": "string", - "default": "" - }, - "targets": { - "description": "targets are record targets.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.operatoringress.v1.DNSRecordStatus": { - "description": "DNSRecordStatus is the most recently observed status of each record.", + "io.k8s.api.core.v1.Probe": { + "description": "Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.", "type": "object", "properties": { - "observedGeneration": { - "description": "observedGeneration is the most recently observed generation of the DNSRecord. When the DNSRecord is updated, the controller updates the corresponding record in each managed zone. If an update for a particular zone fails, that failure is recorded in the status condition for the zone so that the controller can determine that it needs to retry the update for that specific zone.", + "exec": { + "description": "Exec specifies a command to execute in the container.", + "$ref": "#/definitions/io.k8s.api.core.v1.ExecAction" + }, + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "type": "integer", + "format": "int32" + }, + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "$ref": "#/definitions/io.k8s.api.core.v1.GRPCAction" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "$ref": "#/definitions/io.k8s.api.core.v1.HTTPGetAction" + }, + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" + }, + "periodSeconds": { + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "type": "integer", + "format": "int32" + }, + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "type": "integer", + "format": "int32" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "$ref": "#/definitions/io.k8s.api.core.v1.TCPSocketAction" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", "type": "integer", "format": "int64" }, - "zones": { - "description": "zones are the status of the record in each zone.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatoringress.v1.DNSZoneStatus" - }, - "x-kubernetes-list-type": "atomic" + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" } } }, - "com.github.openshift.api.operatoringress.v1.DNSZoneCondition": { - "description": "DNSZoneCondition is just the standard condition fields.", + "io.k8s.api.core.v1.ProbeHandler": { + "description": "ProbeHandler defines a specific action that should be taken in a probe. One and only one of the fields must be specified.", "type": "object", - "required": [ - "type", - "status" - ], "properties": { - "lastTransitionTime": { - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "message": { - "type": "string" + "exec": { + "description": "Exec specifies a command to execute in the container.", + "$ref": "#/definitions/io.k8s.api.core.v1.ExecAction" }, - "reason": { - "type": "string" + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "$ref": "#/definitions/io.k8s.api.core.v1.GRPCAction" }, - "status": { - "type": "string", - "default": "" + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "$ref": "#/definitions/io.k8s.api.core.v1.HTTPGetAction" }, - "type": { - "type": "string", - "default": "" + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "$ref": "#/definitions/io.k8s.api.core.v1.TCPSocketAction" } } }, - "com.github.openshift.api.operatoringress.v1.DNSZoneStatus": { - "description": "DNSZoneStatus is the status of a record within a specific zone.", + "io.k8s.api.core.v1.ProjectedVolumeSource": { + "description": "Represents a projected volume source", "type": "object", - "required": [ - "dnsZone" - ], "properties": { - "conditions": { - "description": "conditions are any conditions associated with the record in the zone.\n\nIf publishing the record succeeds, the \"Published\" condition will be set with status \"True\" and upon failure it will be set to \"False\" along with the reason and message describing the cause of the failure.", + "defaultMode": { + "description": "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" + }, + "sources": { + "description": "sources is the list of volume projections. Each entry in this list handles one source.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatoringress.v1.DNSZoneCondition" + "$ref": "#/definitions/io.k8s.api.core.v1.VolumeProjection" }, "x-kubernetes-list-type": "atomic" - }, - "dnsZone": { - "description": "dnsZone is the zone where the record is published.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.DNSZone" - } - } - }, - "com.github.openshift.api.osin.v1.AllowAllPasswordIdentityProvider": { - "description": "AllowAllPasswordIdentityProvider provides identities for users authenticating using non-empty passwords\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" } } }, - "com.github.openshift.api.osin.v1.BasicAuthPasswordIdentityProvider": { - "description": "BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "io.k8s.api.core.v1.QuobyteVolumeSource": { + "description": "Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling.", "type": "object", "required": [ - "url", - "ca", - "certFile", - "keyFile" + "registry", + "volume" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "group": { + "description": "group to map volume access to Default is no group", "type": "string" }, - "ca": { - "description": "ca is the CA for verifying TLS connections", - "type": "string", - "default": "" - }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" + "readOnly": { + "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.", + "type": "boolean" }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "registry": { + "description": "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes", "type": "string", "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "url": { - "description": "url is the remote URL to connect to", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.osin.v1.DenyAllPasswordIdentityProvider": { - "description": "DenyAllPasswordIdentityProvider provides no identities for users\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "tenant": { + "description": "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "user": { + "description": "user to map volume access to Defaults to serivceaccount user", "type": "string" + }, + "volume": { + "description": "volume is a string that references an already created Quobyte volume by name.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.osin.v1.GitHubIdentityProvider": { - "description": "GitHubIdentityProvider provides identities for users authenticating using GitHub credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "io.k8s.api.core.v1.RBDPersistentVolumeSource": { + "description": "Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.", "type": "object", "required": [ - "clientID", - "clientSecret", - "organizations", - "teams", - "hostname", - "ca" + "monitors", + "image" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", "type": "string" }, - "ca": { - "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server. If empty, the default system roots are used. This can only be configured when hostname is set to a non-empty value.", - "type": "string", - "default": "" - }, - "clientID": { - "description": "clientID is the oauth client ID", + "image": { + "description": "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string", "default": "" }, - "clientSecret": { - "description": "clientSecret is the oauth client secret", - "$ref": "#/definitions/com.github.openshift.api.config.v1.StringSource" - }, - "hostname": { - "description": "hostname is the optional domain (e.g. \"mycompany.com\") for use with a hosted instance of GitHub Enterprise. It must match the GitHub Enterprise settings value that is configured at /setup/settings#hostname.", + "keyring": { + "description": "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string", - "default": "" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "default": "/etc/ceph/keyring" }, - "organizations": { - "description": "organizations optionally restricts which organizations are allowed to log in", + "monitors": { + "description": "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" }, - "teams": { - "description": "teams optionally restricts which teams are allowed to log in. Format is /.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "pool": { + "description": "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string", + "default": "rbd" + }, + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" + }, + "user": { + "description": "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string", + "default": "admin" } } }, - "com.github.openshift.api.osin.v1.GitLabIdentityProvider": { - "description": "GitLabIdentityProvider provides identities for users authenticating using GitLab credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "io.k8s.api.core.v1.RBDVolumeSource": { + "description": "Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.", "type": "object", "required": [ - "ca", - "url", - "clientID", - "clientSecret" + "monitors", + "image" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", "type": "string" }, - "ca": { - "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", + "image": { + "description": "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string", "default": "" }, - "clientID": { - "description": "clientID is the oauth client ID", + "keyring": { + "description": "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string", - "default": "" + "default": "/etc/ceph/keyring" }, - "clientSecret": { - "description": "clientSecret is the oauth client secret", - "$ref": "#/definitions/com.github.openshift.api.config.v1.StringSource" + "monitors": { + "description": "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "pool": { + "description": "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string", + "default": "rbd" }, - "legacy": { - "description": "legacy determines if OAuth2 or OIDC should be used If true, OAuth2 is used If false, OIDC is used If nil and the URL's host is gitlab.com, OIDC is used Otherwise, OAuth2 is used In a future release, nil will default to using OIDC Eventually this flag will be removed and only OIDC will be used", + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "boolean" }, - "url": { - "description": "url is the oauth server base URL", + "secretRef": { + "description": "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "user": { + "description": "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string", - "default": "" + "default": "admin" } } }, - "com.github.openshift.api.osin.v1.GoogleIdentityProvider": { - "description": "GoogleIdentityProvider provides identities for users authenticating using Google credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "io.k8s.api.core.v1.RangeAllocation": { + "description": "RangeAllocation is not a public type.", "type": "object", "required": [ - "clientID", - "clientSecret", - "hostedDomain" + "range", + "data" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "clientID": { - "description": "clientID is the oauth client ID", - "type": "string", - "default": "" - }, - "clientSecret": { - "description": "clientSecret is the oauth client secret", - "$ref": "#/definitions/com.github.openshift.api.config.v1.StringSource" - }, - "hostedDomain": { - "description": "hostedDomain is the optional Google App domain (e.g. \"mycompany.com\") to restrict logins to", + "data": { + "description": "Data is a bit array containing all allocated addresses in the previous segment.", "type": "string", - "default": "" + "format": "byte" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - } - } - }, - "com.github.openshift.api.osin.v1.GrantConfig": { - "description": "GrantConfig holds the necessary configuration options for grant handlers", - "type": "object", - "required": [ - "method", - "serviceAccountMethod" - ], - "properties": { - "method": { - "description": "method determines the default strategy to use when an OAuth client requests a grant. This method will be used only if the specific OAuth client doesn't provide a strategy of their own. Valid grant handling methods are:\n - auto: always approves grant requests, useful for trusted clients\n - prompt: prompts the end user for approval of grant requests, useful for third-party clients\n - deny: always denies grant requests, useful for black-listed clients", - "type": "string", - "default": "" }, - "serviceAccountMethod": { - "description": "serviceAccountMethod is used for determining client authorization for service account oauth client. It must be either: deny, prompt", + "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "range": { + "description": "Range is string that identifies the range represented by 'data'.", "type": "string", "default": "" } } }, - "com.github.openshift.api.osin.v1.HTPasswdPasswordIdentityProvider": { - "description": "HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "io.k8s.api.core.v1.ReplicationController": { + "description": "ReplicationController represents the configuration of a replication controller.", "type": "object", - "required": [ - "file" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "file": { - "description": "file is a reference to your htpasswd file", - "type": "string", - "default": "" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "If the Labels of a ReplicationController are empty, they are defaulted to be the same as the Pod(s) that the replication controller manages. Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "Spec defines the specification of the desired behavior of the replication controller. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ReplicationControllerSpec" + }, + "status": { + "description": "Status is the most recently observed status of the replication controller. This data may be out of date by some window of time. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ReplicationControllerStatus" } } }, - "com.github.openshift.api.osin.v1.IdentityProvider": { - "description": "IdentityProvider provides identities for users authenticating using credentials", + "io.k8s.api.core.v1.ReplicationControllerCondition": { + "description": "ReplicationControllerCondition describes the state of a replication controller at a certain point.", "type": "object", "required": [ - "name", - "challenge", - "login", - "mappingMethod", - "provider" + "type", + "status" ], "properties": { - "challenge": { - "description": "challenge indicates whether to issue WWW-Authenticate challenges for this provider", - "type": "boolean", - "default": false + "lastTransitionTime": { + "description": "The last time the condition transitioned from one status to another.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, - "login": { - "description": "login indicates whether to use this identity provider for unauthenticated browsers to login against", - "type": "boolean", - "default": false + "message": { + "description": "A human readable message indicating details about the transition.", + "type": "string" }, - "mappingMethod": { - "description": "mappingMethod determines how identities from this provider are mapped to users", + "reason": { + "description": "The reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status of the condition, one of True, False, Unknown.", "type": "string", "default": "" }, - "name": { - "description": "name is used to qualify the identities returned by this provider", + "type": { + "description": "Type of replication controller condition.", "type": "string", "default": "" - }, - "provider": { - "description": "provider contains the information about how to set up a specific identity provider", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.osin.v1.KeystonePasswordIdentityProvider": { - "description": "KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "io.k8s.api.core.v1.ReplicationControllerList": { + "description": "ReplicationControllerList is a collection of replication controllers.", "type": "object", "required": [ - "url", - "ca", - "certFile", - "keyFile", - "domainName", - "useKeystoneIdentity" + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "ca": { - "description": "ca is the CA for verifying TLS connections", - "type": "string", - "default": "" - }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" - }, - "domainName": { - "description": "domainName is required for keystone v3", - "type": "string", - "default": "" - }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - "type": "string", - "default": "" + "items": { + "description": "List of replication controllers. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ReplicationController" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "url": { - "description": "url is the remote URL to connect to", - "type": "string", - "default": "" - }, - "useKeystoneIdentity": { - "description": "useKeystoneIdentity flag indicates that user should be authenticated by keystone ID, not by username", - "type": "boolean", - "default": false + "metadata": { + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.osin.v1.LDAPAttributeMapping": { - "description": "LDAPAttributeMapping maps LDAP attributes to OpenShift identity fields", + "io.k8s.api.core.v1.ReplicationControllerSpec": { + "description": "ReplicationControllerSpec is the specification of a replication controller.", "type": "object", - "required": [ - "id", - "preferredUsername", - "name", - "email" - ], "properties": { - "email": { - "description": "email is the list of attributes whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "minReadySeconds": { + "description": "Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)", + "type": "integer", + "format": "int32", + "default": 0 }, - "id": { - "description": "id is the list of attributes whose values should be used as the user ID. Required. LDAP standard identity attribute is \"dn\"", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "replicas": { + "description": "Replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller", + "type": "integer", + "format": "int32", + "default": 1 }, - "name": { - "description": "name is the list of attributes whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity LDAP standard display name attribute is \"cn\"", - "type": "array", - "items": { + "selector": { + "description": "Selector is a label query over pods that should match the Replicas count. If Selector is empty, it is defaulted to the labels present on the Pod template. Label keys and values that must match in order to be controlled by this replication controller, if empty defaulted to labels on Pod template. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors", + "type": "object", + "additionalProperties": { "type": "string", "default": "" - } + }, + "x-kubernetes-map-type": "atomic" }, - "preferredUsername": { - "description": "preferredUsername is the list of attributes whose values should be used as the preferred username. LDAP standard login attribute is \"uid\"", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "template": { + "description": "Template is the object that describes the pod that will be created if insufficient replicas are detected. This takes precedence over a TemplateRef. The only allowed template.spec.restartPolicy value is \"Always\". More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template", + "$ref": "#/definitions/io.k8s.api.core.v1.PodTemplateSpec" } } }, - "com.github.openshift.api.osin.v1.LDAPPasswordIdentityProvider": { - "description": "LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "io.k8s.api.core.v1.ReplicationControllerStatus": { + "description": "ReplicationControllerStatus represents the current status of a replication controller.", "type": "object", "required": [ - "url", - "bindDN", - "bindPassword", - "insecure", - "ca", - "attributes" + "replicas" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "attributes": { - "description": "attributes maps LDAP attributes to identities", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.osin.v1.LDAPAttributeMapping" - }, - "bindDN": { - "description": "bindDN is an optional DN to bind with during the search phase.", - "type": "string", - "default": "" + "availableReplicas": { + "description": "The number of available replicas (ready for at least minReadySeconds) for this replication controller.", + "type": "integer", + "format": "int32" }, - "bindPassword": { - "description": "bindPassword is an optional password to bind with during the search phase.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.StringSource" + "conditions": { + "description": "Represents the latest available observations of a replication controller's current state.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ReplicationControllerCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "ca": { - "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", - "type": "string", - "default": "" + "fullyLabeledReplicas": { + "description": "The number of pods that have labels matching the labels of the pod template of the replication controller.", + "type": "integer", + "format": "int32" }, - "insecure": { - "description": "insecure, if true, indicates the connection should not use TLS. Cannot be set to true with a URL scheme of \"ldaps://\" If false, \"ldaps://\" URLs connect using TLS, and \"ldap://\" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830", - "type": "boolean", - "default": false + "observedGeneration": { + "description": "ObservedGeneration reflects the generation of the most recently observed replication controller.", + "type": "integer", + "format": "int64" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "readyReplicas": { + "description": "The number of ready replicas for this replication controller.", + "type": "integer", + "format": "int32" }, - "url": { - "description": "url is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is\n ldap://host:port/basedn?attribute?scope?filter", - "type": "string", - "default": "" + "replicas": { + "description": "Replicas is the most recently observed number of replicas. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "com.github.openshift.api.osin.v1.OAuthConfig": { - "description": "OAuthConfig holds the necessary configuration options for OAuth authentication", + "io.k8s.api.core.v1.ResourceClaim": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", "required": [ - "masterCA", - "masterURL", - "masterPublicURL", - "loginURL", - "assetPublicURL", - "alwaysShowProviderSelection", - "identityProviders", - "grantConfig", - "sessionConfig", - "tokenConfig", - "templates" + "name" ], "properties": { - "alwaysShowProviderSelection": { - "description": "alwaysShowProviderSelection will force the provider selection page to render even when there is only a single provider.", - "type": "boolean", - "default": false - }, - "assetPublicURL": { - "description": "assetPublicURL is used for building valid client redirect URLs for external access", + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", "type": "string", "default": "" }, - "grantConfig": { - "description": "grantConfig describes how to handle grants", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.osin.v1.GrantConfig" + "request": { + "description": "Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.", + "type": "string" + } + } + }, + "io.k8s.api.core.v1.ResourceFieldSelector": { + "description": "ResourceFieldSelector represents container resources (cpu, memory) and their output format", + "type": "object", + "required": [ + "resource" + ], + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" }, - "identityProviders": { - "description": "identityProviders is an ordered list of ways for a user to identify themselves", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.osin.v1.IdentityProvider" - } + "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" }, - "loginURL": { - "description": "loginURL, along with masterCA, masterURL and masterPublicURL have distinct meanings depending on how the OAuth server is run. The two states are: 1. embedded in the kube api server (all 3.x releases) 2. as a standalone external process (all 4.x releases) in the embedded configuration, loginURL is equivalent to masterPublicURL and the other fields have functionality that matches their docs. in the standalone configuration, the fields are used as: loginURL is the URL required to login to the cluster: oc login --server= masterPublicURL is the issuer URL it is accessible from inside (service network) and outside (ingress) of the cluster masterURL is the loopback variation of the token_endpoint URL with no path component it is only accessible from inside (service network) of the cluster masterCA is used to perform TLS verification for connections made to masterURL For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2", + "resource": { + "description": "Required: resource to select", "type": "string", "default": "" - }, - "masterCA": { - "description": "masterCA is the CA for verifying the TLS connection back to the MasterURL. This field is deprecated and will be removed in a future release. See loginURL for details. Deprecated", + } + }, + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.ResourceHealth": { + "description": "ResourceHealth represents the health of a resource. It has the latest device health information. This is a part of KEP https://kep.k8s.io/4680.", + "type": "object", + "required": [ + "resourceID" + ], + "properties": { + "health": { + "description": "Health of the resource. can be one of:\n - Healthy: operates as normal\n - Unhealthy: reported unhealthy. We consider this a temporary health issue\n since we do not have a mechanism today to distinguish\n temporary and permanent issues.\n - Unknown: The status cannot be determined.\n For example, Device Plugin got unregistered and hasn't been re-registered since.\n\nIn future we may want to introduce the PermanentlyUnhealthy Status.", "type": "string" }, - "masterPublicURL": { - "description": "masterPublicURL is used for building valid client redirect URLs for internal and external access This field is deprecated and will be removed in a future release. See loginURL for details. Deprecated", + "resourceID": { + "description": "ResourceID is the unique identifier of the resource. See the ResourceID type for more information.", "type": "string", "default": "" + } + } + }, + "io.k8s.api.core.v1.ResourceQuota": { + "description": "ResourceQuota sets aggregate quota restrictions enforced per namespace", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "masterURL": { - "description": "masterURL is used for making server-to-server calls to exchange authorization codes for access tokens This field is deprecated and will be removed in a future release. See loginURL for details. Deprecated", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "sessionConfig": { - "description": "sessionConfig hold information about configuring sessions.", - "$ref": "#/definitions/com.github.openshift.api.osin.v1.SessionConfig" + "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "templates": { - "description": "templates allow you to customize pages like the login page.", - "$ref": "#/definitions/com.github.openshift.api.osin.v1.OAuthTemplates" + "spec": { + "description": "Spec defines the desired quota. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceQuotaSpec" }, - "tokenConfig": { - "description": "tokenConfig contains options for authorization and access tokens", + "status": { + "description": "Status defines the actual enforced quota and its current usage. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.osin.v1.TokenConfig" + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceQuotaStatus" } } }, - "com.github.openshift.api.osin.v1.OAuthTemplates": { - "description": "OAuthTemplates allow for customization of pages like the login page", + "io.k8s.api.core.v1.ResourceQuotaList": { + "description": "ResourceQuotaList is a list of ResourceQuota items.", "type": "object", "required": [ - "login", - "providerSelection", - "error" + "items" ], "properties": { - "error": { - "description": "error is a path to a file containing a go template used to render error pages during the authentication or grant flow If unspecified, the default error page is used.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "login": { - "description": "login is a path to a file containing a go template used to render the login page. If unspecified, the default login page is used.", - "type": "string", - "default": "" + "items": { + "description": "Items is a list of ResourceQuota objects. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceQuota" + } }, - "providerSelection": { - "description": "providerSelection is a path to a file containing a go template used to render the provider selection page. If unspecified, the default provider selection page is used.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.osin.v1.OpenIDClaims": { - "description": "OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider", + "io.k8s.api.core.v1.ResourceQuotaSpec": { + "description": "ResourceQuotaSpec defines the desired hard limits to enforce for Quota.", "type": "object", - "required": [ - "id", - "preferredUsername", - "name", - "email", - "groups" - ], "properties": { - "email": { - "description": "email is the list of claims whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", - "type": "array", - "items": { - "type": "string", - "default": "" + "hard": { + "description": "hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" } }, - "groups": { - "description": "groups is the list of claims value of which should be used to synchronize groups from the OIDC provider to OpenShift for the user", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "scopeSelector": { + "description": "scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.", + "$ref": "#/definitions/io.k8s.api.core.v1.ScopeSelector" }, - "id": { - "description": "id is the list of claims whose values should be used as the user ID. Required. OpenID standard identity claim is \"sub\"", + "scopes": { + "description": "A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects.", "type": "array", "items": { "type": "string", - "default": "" + "default": "", + "enum": [ + "BestEffort", + "CrossNamespacePodAffinity", + "NotBestEffort", + "NotTerminating", + "PriorityClass", + "Terminating", + "VolumeAttributesClass" + ] + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "io.k8s.api.core.v1.ResourceQuotaStatus": { + "description": "ResourceQuotaStatus defines the enforced hard limits and observed use.", + "type": "object", + "properties": { + "hard": { + "description": "Hard is the set of enforced hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" } }, - "name": { - "description": "name is the list of claims whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity", + "used": { + "description": "Used is the current observed total usage of the resource in the namespace.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + } + } + } + }, + "io.k8s.api.core.v1.ResourceRequirements": { + "description": "ResourceRequirements describes the compute resource requirements.", + "type": "object", + "properties": { + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis field depends on the DynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceClaim" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" } }, - "preferredUsername": { - "description": "preferredUsername is the list of claims whose values should be used as the preferred username. If unspecified, the preferred username is determined from the value of the id claim", - "type": "array", - "items": { - "type": "string", - "default": "" + "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" } } } }, - "com.github.openshift.api.osin.v1.OpenIDIdentityProvider": { - "description": "OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "io.k8s.api.core.v1.ResourceStatus": { + "description": "ResourceStatus represents the status of a single resource allocated to a Pod.", "type": "object", "required": [ - "ca", - "clientID", - "clientSecret", - "extraScopes", - "extraAuthorizeParameters", - "urls", - "claims" + "name" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "ca": { - "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", - "type": "string", - "default": "" - }, - "claims": { - "description": "claims mappings", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.osin.v1.OpenIDClaims" - }, - "clientID": { - "description": "clientID is the oauth client ID", + "name": { + "description": "Name of the resource. Must be unique within the pod and in case of non-DRA resource, match one of the resources from the pod spec. For DRA resources, the value must be \"claim:/\". When this status is reported about a container, the \"claim_name\" and \"request\" must match one of the claims of this container.", "type": "string", "default": "" }, - "clientSecret": { - "description": "clientSecret is the oauth client secret", - "$ref": "#/definitions/com.github.openshift.api.config.v1.StringSource" - }, - "extraAuthorizeParameters": { - "description": "extraAuthorizeParameters are any custom parameters to add to the authorize request.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "extraScopes": { - "description": "extraScopes are any scopes to request in addition to the standard \"openid\" scope.", + "resources": { + "description": "List of unique resources health. Each element in the list contains an unique resource ID and its health. At a minimum, for the lifetime of a Pod, resource ID must uniquely identify the resource allocated to the Pod on the Node. If other Pod on the same Node reports the status with the same resource ID, it must be the same resource they share. See ResourceID type definition for a specific format it has in various use cases.", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ResourceHealth" + }, + "x-kubernetes-list-map-keys": [ + "resourceID" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "io.k8s.api.core.v1.SELinuxOptions": { + "description": "SELinuxOptions are the labels to be applied to the container", + "type": "object", + "properties": { + "level": { + "description": "Level is SELinux level label that applies to the container.", + "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "role": { + "description": "Role is a SELinux role label that applies to the container.", "type": "string" }, - "urls": { - "description": "urls to use to authenticate", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.osin.v1.OpenIDURLs" + "type": { + "description": "Type is a SELinux type label that applies to the container.", + "type": "string" + }, + "user": { + "description": "User is a SELinux user label that applies to the container.", + "type": "string" } } }, - "com.github.openshift.api.osin.v1.OpenIDURLs": { - "description": "OpenIDURLs are URLs to use when authenticating with an OpenID identity provider", + "io.k8s.api.core.v1.ScaleIOPersistentVolumeSource": { + "description": "ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume", "type": "object", "required": [ - "authorize", - "token", - "userInfo" + "gateway", + "system", + "secretRef" ], "properties": { - "authorize": { - "description": "authorize is the oauth authorization URL", + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\"", "type": "string", - "default": "" + "default": "xfs" }, - "token": { - "description": "token is the oauth token granting URL", + "gateway": { + "description": "gateway is the host address of the ScaleIO API Gateway.", "type": "string", "default": "" }, - "userInfo": { - "description": "userInfo is the optional userinfo URL. If present, a granted access_token is used to request claims If empty, a granted id_token is parsed for claims", + "protectionDomain": { + "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.", + "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" + }, + "sslEnabled": { + "description": "sslEnabled is the flag to enable/disable SSL communication with Gateway, default false", + "type": "boolean" + }, + "storageMode": { + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.", + "type": "string", + "default": "ThinProvisioned" + }, + "storagePool": { + "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", + "type": "string" + }, + "system": { + "description": "system is the name of the storage system as configured in ScaleIO.", "type": "string", "default": "" + }, + "volumeName": { + "description": "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.", + "type": "string" } } }, - "com.github.openshift.api.osin.v1.OsinServerConfig": { - "description": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "io.k8s.api.core.v1.ScaleIOVolumeSource": { + "description": "ScaleIOVolumeSource represents a persistent ScaleIO volume", "type": "object", "required": [ - "servingInfo", - "corsAllowedOrigins", - "auditConfig", - "storageConfig", - "admission", - "kubeClientConfig", - "oauthConfig" + "gateway", + "system", + "secretRef" ], "properties": { - "admission": { - "description": "admissionConfig holds information about how to configure admission.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AdmissionConfig" + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\".", + "type": "string", + "default": "xfs" }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "gateway": { + "description": "gateway is the host address of the ScaleIO API Gateway.", + "type": "string", + "default": "" + }, + "protectionDomain": { + "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", "type": "string" }, - "auditConfig": { - "description": "auditConfig describes how to configure audit information", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AuditConfig" + "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" }, - "corsAllowedOrigins": { - "description": "corsAllowedOrigins", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "secretRef": { + "description": "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "sslEnabled": { + "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", + "type": "boolean" }, - "kubeClientConfig": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.KubeClientConfig" + "storageMode": { + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.", + "type": "string", + "default": "ThinProvisioned" }, - "oauthConfig": { - "description": "oauthConfig holds the necessary configuration options for OAuth authentication", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.osin.v1.OAuthConfig" + "storagePool": { + "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", + "type": "string" }, - "servingInfo": { - "description": "servingInfo describes how to start serving", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" + "system": { + "description": "system is the name of the storage system as configured in ScaleIO.", + "type": "string", + "default": "" }, - "storageConfig": { - "description": "storageConfig contains information about how to use", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.EtcdStorageConfig" + "volumeName": { + "description": "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.", + "type": "string" } } }, - "com.github.openshift.api.osin.v1.RequestHeaderIdentityProvider": { - "description": "RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "io.k8s.api.core.v1.ScopeSelector": { + "description": "A scope selector represents the AND of the selectors represented by the scoped-resource selector requirements.", + "type": "object", + "properties": { + "matchExpressions": { + "description": "A list of scope selector requirements by scope of the resources.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ScopedResourceSelectorRequirement" + }, + "x-kubernetes-list-type": "atomic" + } + }, + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.ScopedResourceSelectorRequirement": { + "description": "A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator that relates the scope name and values.", "type": "object", "required": [ - "loginURL", - "challengeURL", - "clientCA", - "clientCommonNames", - "headers", - "preferredUsernameHeaders", - "nameHeaders", - "emailHeaders" + "scopeName", + "operator" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "challengeURL": { - "description": "challengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}", + "operator": { + "description": "Represents a scope's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist.\n\nPossible enum values:\n - `\"DoesNotExist\"`\n - `\"Exists\"`\n - `\"In\"`\n - `\"NotIn\"`", "type": "string", - "default": "" + "default": "", + "enum": [ + "DoesNotExist", + "Exists", + "In", + "NotIn" + ] }, - "clientCA": { - "description": "clientCA is a file with the trusted signer certs. If empty, no request verification is done, and any direct request to the OAuth server can impersonate any identity from this provider, merely by setting a request header.", + "scopeName": { + "description": "The name of the scope that the selector applies to.\n\nPossible enum values:\n - `\"BestEffort\"` Match all pod objects that have best effort quality of service\n - `\"CrossNamespacePodAffinity\"` Match all pod objects that have cross-namespace pod (anti)affinity mentioned.\n - `\"NotBestEffort\"` Match all pod objects that do not have best effort quality of service\n - `\"NotTerminating\"` Match all pod objects where spec.activeDeadlineSeconds is nil\n - `\"PriorityClass\"` Match all pod objects that have priority class mentioned\n - `\"Terminating\"` Match all pod objects where spec.activeDeadlineSeconds >=0\n - `\"VolumeAttributesClass\"` Match all pvc objects that have volume attributes class mentioned.", "type": "string", - "default": "" + "default": "", + "enum": [ + "BestEffort", + "CrossNamespacePodAffinity", + "NotBestEffort", + "NotTerminating", + "PriorityClass", + "Terminating", + "VolumeAttributesClass" + ] }, - "clientCommonNames": { - "description": "clientCommonNames is an optional list of common names to require a match from. If empty, any client certificate validated against the clientCA bundle is considered authoritative.", + "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "io.k8s.api.core.v1.SeccompProfile": { + "description": "SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is \"Localhost\". Must NOT be set for any other type.", + "type": "string" }, - "emailHeaders": { - "description": "emailHeaders is the set of headers to check for the email address", - "type": "array", - "items": { - "type": "string", - "default": "" + "type": { + "description": "type indicates which kind of seccomp profile will be applied. Valid options are:\n\nLocalhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.\n\nPossible enum values:\n - `\"Localhost\"` indicates a profile defined in a file on the node should be used. The file's location relative to /seccomp.\n - `\"RuntimeDefault\"` represents the default container runtime seccomp profile.\n - `\"Unconfined\"` indicates no seccomp profile is applied (A.K.A. unconfined).", + "type": "string", + "default": "", + "enum": [ + "Localhost", + "RuntimeDefault", + "Unconfined" + ] + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "localhostProfile": "LocalhostProfile" } + } + ] + }, + "io.k8s.api.core.v1.Secret": { + "description": "Secret holds secret data of a certain type. The total bytes of the values in the Data field must be less than MaxSecretSize bytes.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "headers": { - "description": "headers is the set of headers to check for identity information", - "type": "array", - "items": { + "data": { + "description": "Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4", + "type": "object", + "additionalProperties": { "type": "string", - "default": "" + "format": "byte" } }, + "immutable": { + "description": "Immutable, if set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil.", + "type": "boolean" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "loginURL": { - "description": "loginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}", - "type": "string", - "default": "" + "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "nameHeaders": { - "description": "nameHeaders is the set of headers to check for the display name", - "type": "array", - "items": { + "stringData": { + "description": "stringData allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API.", + "type": "object", + "additionalProperties": { "type": "string", "default": "" } }, - "preferredUsernameHeaders": { - "description": "preferredUsernameHeaders is the set of headers to check for the preferred username", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "type": { + "description": "Used to facilitate programmatic handling of secret data. More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types", + "type": "string" } } }, - "com.github.openshift.api.osin.v1.SessionConfig": { - "description": "SessionConfig specifies options for cookie-based sessions. Used by AuthRequestHandlerSession", + "io.k8s.api.core.v1.SecretEnvSource": { + "description": "SecretEnvSource selects a Secret to populate the environment variables with.\n\nThe contents of the target Secret's Data field will represent the key-value pairs as environment variables.", "type": "object", - "required": [ - "sessionSecretsFile", - "sessionMaxAgeSeconds", - "sessionName" - ], "properties": { - "sessionMaxAgeSeconds": { - "description": "sessionMaxAgeSeconds specifies how long created sessions last. Used by AuthRequestHandlerSession", - "type": "integer", - "format": "int32", - "default": 0 - }, - "sessionName": { - "description": "sessionName is the cookie name used to store the session", + "name": { + "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string", "default": "" }, - "sessionSecretsFile": { - "description": "sessionSecretsFile is a reference to a file containing a serialized SessionSecrets object If no file is specified, a random signing and encryption key are generated at each server start", - "type": "string", - "default": "" + "optional": { + "description": "Specify whether the Secret must be defined", + "type": "boolean" } } }, - "com.github.openshift.api.osin.v1.SessionSecret": { - "description": "SessionSecret is a secret used to authenticate/decrypt cookie-based sessions", + "io.k8s.api.core.v1.SecretKeySelector": { + "description": "SecretKeySelector selects a key of a Secret.", "type": "object", "required": [ - "authentication", - "encryption" + "key" ], "properties": { - "authentication": { - "description": "authentication is used to authenticate sessions using HMAC. Recommended to use a secret with 32 or 64 bytes.", + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", "type": "string", "default": "" }, - "encryption": { - "description": "encryption is used to encrypt sessions. Must be 16, 24, or 32 characters long, to select AES-128, AES-", + "name": { + "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string", "default": "" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.osin.v1.SessionSecrets": { - "description": "SessionSecrets list the secrets to use to sign/encrypt and authenticate/decrypt created sessions.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "io.k8s.api.core.v1.SecretList": { + "description": "SecretList is a list of Secret.", "type": "object", "required": [ - "secrets" + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "description": "Items is a list of secret objects. More info: https://kubernetes.io/docs/concepts/configuration/secret", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.Secret" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "secrets": { - "description": "secrets is a list of secrets New sessions are signed and encrypted using the first secret. Existing sessions are decrypted/authenticated by each secret until one succeeds. This allows rotating secrets.", + "metadata": { + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + } + }, + "io.k8s.api.core.v1.SecretProjection": { + "description": "Adapts a secret into a projected volume.\n\nThe contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.", + "type": "object", + "properties": { + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.osin.v1.SessionSecret" - } + "$ref": "#/definitions/io.k8s.api.core.v1.KeyToPath" + }, + "x-kubernetes-list-type": "atomic" + }, + "name": { + "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string", + "default": "" + }, + "optional": { + "description": "optional field specify whether the Secret or its key must be defined", + "type": "boolean" } } }, - "com.github.openshift.api.osin.v1.TokenConfig": { - "description": "TokenConfig holds the necessary configuration options for authorization and access tokens", + "io.k8s.api.core.v1.SecretReference": { + "description": "SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace", "type": "object", "properties": { - "accessTokenInactivityTimeout": { - "description": "accessTokenInactivityTimeout defines the token inactivity timeout for tokens granted by any client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Takes valid time duration string such as \"5m\", \"1.5h\" or \"2h45m\". The minimum allowed value for duration is 300s (5 minutes). If the timeout is configured per client, then that value takes precedence. If the timeout value is not specified and the client does not override the value, then tokens are valid until their lifetime.", - "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" }, - "accessTokenInactivityTimeoutSeconds": { - "description": "accessTokenInactivityTimeoutSeconds - DEPRECATED: setting this field has no effect.", + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.SecretVolumeSource": { + "description": "Adapts a Secret into a volume.\n\nThe contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.", + "type": "object", + "properties": { + "defaultMode": { + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, - "accessTokenMaxAgeSeconds": { - "description": "accessTokenMaxAgeSeconds defines the maximum age of access tokens", + "items": { + "description": "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.KeyToPath" + }, + "x-kubernetes-list-type": "atomic" + }, + "optional": { + "description": "optional field specify whether the Secret or its keys must be defined", + "type": "boolean" + }, + "secretName": { + "description": "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "type": "string" + } + } + }, + "io.k8s.api.core.v1.SecurityContext": { + "description": "SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.", + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows.", + "$ref": "#/definitions/io.k8s.api.core.v1.AppArmorProfile" + }, + "capabilities": { + "description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", + "$ref": "#/definitions/io.k8s.api.core.v1.Capabilities" + }, + "privileged": { + "description": "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.\n\nPossible enum values:\n - `\"Default\"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.\n - `\"Unmasked\"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications.", + "type": "string", + "enum": [ + "Default", + "Unmasked" + ] + }, + "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", "type": "integer", - "format": "int32" + "format": "int64" }, - "authorizeTokenMaxAgeSeconds": { - "description": "authorizeTokenMaxAgeSeconds defines the maximum age of authorize tokens", + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", "type": "integer", - "format": "int32" + "format": "int64" + }, + "seLinuxOptions": { + "description": "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "$ref": "#/definitions/io.k8s.api.core.v1.SELinuxOptions" + }, + "seccompProfile": { + "description": "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", + "$ref": "#/definitions/io.k8s.api.core.v1.SeccompProfile" + }, + "windowsOptions": { + "description": "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", + "$ref": "#/definitions/io.k8s.api.core.v1.WindowsSecurityContextOptions" } } }, - "com.github.openshift.api.project.v1.Project": { - "description": "Projects are the unit of isolation and collaboration in OpenShift. A project has one or more members, a quota on the resources that the project may consume, and the security controls on the resources in the project. Within a project, members may have different roles - project administrators can set membership, editors can create and manage the resources, and viewers can see but not access running containers. In a normal cluster project administrators are not able to alter their quotas - that is restricted to cluster administrators.\n\nListing or watching projects will return only projects the user has the reader role on.\n\nAn OpenShift project is an alternative representation of a Kubernetes namespace. Projects are exposed as editable to end users while namespaces are not. Direct creation of a project is typically restricted to administrators, while end users should use the requestproject resource.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.SerializedReference": { + "description": "SerializedReference is a reference to serialized object.", "type": "object", "properties": { "apiVersion": { @@ -50161,153 +49152,143 @@ "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "spec defines the behavior of the Namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.project.v1.ProjectSpec" - }, - "status": { - "description": "status describes the current status of a Namespace", + "reference": { + "description": "The reference to an object in the system.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.project.v1.ProjectStatus" + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" } } }, - "com.github.openshift.api.project.v1.ProjectList": { - "description": "ProjectList is a list of Project objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.Service": { + "description": "Service is a named abstraction of software service (for example, mysql) consisting of local port (for example 3306) that the proxy listens on, and the selector that determines which pods will answer requests sent through the proxy.", "type": "object", - "required": [ - "items" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "items is the list of projects", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.project.v1.Project" - } - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "Spec defines the behavior of a service. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ServiceSpec" + }, + "status": { + "description": "Most recently observed status of the service. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.api.core.v1.ServiceStatus" } } }, - "com.github.openshift.api.project.v1.ProjectRequest": { - "description": "ProjectRequest is the set of options necessary to fully qualify a project request\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.ServiceAccount": { + "description": "ServiceAccount binds together: * a name, understood by users, and perhaps by peripheral systems, for an identity * a principal that can be authenticated and authorized * a set of secrets", "type": "object", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "description": { - "description": "description is the description to apply to a project", - "type": "string" + "automountServiceAccountToken": { + "description": "AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. Can be overridden at the pod level.", + "type": "boolean" }, - "displayName": { - "description": "displayName is the display name to apply to a project", - "type": "string" + "imagePullSecrets": { + "description": "ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "x-kubernetes-list-type": "atomic" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.project.v1.ProjectSpec": { - "description": "ProjectSpec describes the attributes on a Project", - "type": "object", - "properties": { - "finalizers": { - "description": "finalizers is an opaque list of values that must be empty to permanently remove object from storage", - "type": "array", - "items": { - "type": "string", - "default": "" - } - } - } - }, - "com.github.openshift.api.project.v1.ProjectStatus": { - "description": "ProjectStatus is information about the current status of a Project", - "type": "object", - "properties": { - "conditions": { - "description": "Represents the latest available observations of the project current state.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "secrets": { + "description": "Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use. Pods are only limited to this list if this service account has a \"kubernetes.io/enforce-mountable-secrets\" annotation set to \"true\". The \"kubernetes.io/enforce-mountable-secrets\" annotation is deprecated since v1.32. Prefer separate namespaces to isolate access to mounted secrets. This field should not be used to find auto-generated service account token secrets for use outside of pods. Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. More info: https://kubernetes.io/docs/concepts/configuration/secret", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/NamespaceCondition.v1.core.api.k8s.io" + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" }, - "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", "x-kubernetes-patch-strategy": "merge" - }, - "phase": { - "description": "phase is the current lifecycle phase of the project\n\nPossible enum values:\n - `\"Active\"` means the namespace is available for use in the system\n - `\"Terminating\"` means the namespace is undergoing graceful termination", - "type": "string", - "enum": [ - "Active", - "Terminating" - ] } } }, - "com.github.openshift.api.quota.v1.AppliedClusterResourceQuota": { - "description": "AppliedClusterResourceQuota mirrors ClusterResourceQuota at a project scope, for projection into a project. It allows a project-admin to know which ClusterResourceQuotas are applied to his project and their associated usage.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.ServiceAccountList": { + "description": "ServiceAccountList is a list of ServiceAccount objects", "type": "object", "required": [ - "metadata", - "spec" + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "description": "List of ServiceAccounts. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ServiceAccount" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + } + }, + "io.k8s.api.core.v1.ServiceAccountTokenProjection": { + "description": "ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).", + "type": "object", + "required": [ + "path" + ], + "properties": { + "audience": { + "description": "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.", + "type": "string" }, - "spec": { - "description": "spec defines the desired quota", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.quota.v1.ClusterResourceQuotaSpec" + "expirationSeconds": { + "description": "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.", + "type": "integer", + "format": "int64" }, - "status": { - "description": "status defines the actual enforced quota and its current usage", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.quota.v1.ClusterResourceQuotaStatus" + "path": { + "description": "path is the path relative to the mount point of the file to project the token into.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.quota.v1.AppliedClusterResourceQuotaList": { - "description": "AppliedClusterResourceQuotaList is a collection of AppliedClusterResourceQuotas\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.ServiceList": { + "description": "ServiceList holds a list of services.", "type": "object", "required": [ "items" @@ -50318,11 +49299,11 @@ "type": "string" }, "items": { - "description": "items is a list of AppliedClusterResourceQuota", + "description": "List of services", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.quota.v1.AppliedClusterResourceQuota" + "$ref": "#/definitions/io.k8s.api.core.v1.Service" } }, "kind": { @@ -50330,19 +49311,57 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.quota.v1.ClusterResourceQuota": { - "description": "ClusterResourceQuota mirrors ResourceQuota at a cluster scope. This object is easily convertible to synthetic ResourceQuota object to allow quota evaluation re-use.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.ServicePort": { + "description": "ServicePort contains information on service's port.", "type": "object", "required": [ - "metadata", - "spec" + "port" ], + "properties": { + "appProtocol": { + "description": "The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.", + "type": "string" + }, + "name": { + "description": "The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.", + "type": "string" + }, + "nodePort": { + "description": "The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport", + "type": "integer", + "format": "int32" + }, + "port": { + "description": "The port that will be exposed by this service.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "protocol": { + "description": "The IP protocol for this port. Supports \"TCP\", \"UDP\", and \"SCTP\". Default is TCP.\n\nPossible enum values:\n - `\"SCTP\"` is the SCTP protocol.\n - `\"TCP\"` is the TCP protocol.\n - `\"UDP\"` is the UDP protocol.", + "type": "string", + "default": "TCP", + "enum": [ + "SCTP", + "TCP", + "UDP" + ] + }, + "targetPort": { + "description": "Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + } + } + }, + "io.k8s.api.core.v1.ServiceProxyOptions": { + "description": "ServiceProxyOptions is the query options to a Service's proxy call.", + "type": "object", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -50352,803 +49371,1034 @@ "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "path": { + "description": "Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.", + "type": "string" + } + } + }, + "io.k8s.api.core.v1.ServiceSpec": { + "description": "ServiceSpec describes the attributes that a user creates on a service.", + "type": "object", + "properties": { + "allocateLoadBalancerNodePorts": { + "description": "allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is \"true\". It may be set to \"false\" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type.", + "type": "boolean" }, - "spec": { - "description": "spec defines the desired quota", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.quota.v1.ClusterResourceQuotaSpec" + "clusterIP": { + "description": "clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", + "type": "string" }, - "status": { - "description": "status defines the actual enforced quota and its current usage", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.quota.v1.ClusterResourceQuotaStatus" + "clusterIPs": { + "description": "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value.\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "externalIPs": { + "description": "externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "externalName": { + "description": "externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be \"ExternalName\".", + "type": "string" + }, + "externalTrafficPolicy": { + "description": "externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's \"externally-facing\" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to \"Local\", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get \"Cluster\" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.\n\nPossible enum values:\n - `\"Cluster\"` routes traffic to all endpoints.\n - `\"Local\"` preserves the source IP of the traffic by routing only to endpoints on the same node as the traffic was received on (dropping the traffic if there are no local endpoints).", + "type": "string", + "enum": [ + "Cluster", + "Local" + ] + }, + "healthCheckNodePort": { + "description": "healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set.", + "type": "integer", + "format": "int32" + }, + "internalTrafficPolicy": { + "description": "InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to \"Local\", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).\n\nPossible enum values:\n - `\"Cluster\"` routes traffic to all endpoints.\n - `\"Local\"` routes traffic only to endpoints on the same node as the client pod (dropping the traffic if there are no local endpoints).", + "type": "string", + "enum": [ + "Cluster", + "Local" + ] + }, + "ipFamilies": { + "description": "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName.\n\nThis field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.", + "type": "array", + "items": { + "type": "string", + "default": "", + "enum": [ + "", + "IPv4", + "IPv6" + ] + }, + "x-kubernetes-list-type": "atomic" + }, + "ipFamilyPolicy": { + "description": "IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be \"SingleStack\" (a single IP family), \"PreferDualStack\" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or \"RequireDualStack\" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName.\n\nPossible enum values:\n - `\"PreferDualStack\"` indicates that this service prefers dual-stack when the cluster is configured for dual-stack. If the cluster is not configured for dual-stack the service will be assigned a single IPFamily. If the IPFamily is not set in service.spec.ipFamilies then the service will be assigned the default IPFamily configured on the cluster\n - `\"RequireDualStack\"` indicates that this service requires dual-stack. Using IPFamilyPolicyRequireDualStack on a single stack cluster will result in validation errors. The IPFamilies (and their order) assigned to this service is based on service.spec.ipFamilies. If service.spec.ipFamilies was not provided then it will be assigned according to how they are configured on the cluster. If service.spec.ipFamilies has only one entry then the alternative IPFamily will be added by apiserver\n - `\"SingleStack\"` indicates that this service is required to have a single IPFamily. The IPFamily assigned is based on the default IPFamily used by the cluster or as identified by service.spec.ipFamilies field", + "type": "string", + "enum": [ + "PreferDualStack", + "RequireDualStack", + "SingleStack" + ] + }, + "loadBalancerClass": { + "description": "loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. \"internal-vip\" or \"example.com/internal-vip\". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.", + "type": "string" + }, + "loadBalancerIP": { + "description": "Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations. Using it is non-portable and it may not support dual-stack. Users are encouraged to use implementation-specific annotations when available.", + "type": "string" + }, + "loadBalancerSourceRanges": { + "description": "If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature.\" More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "ports": { + "description": "The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.ServicePort" + }, + "x-kubernetes-list-map-keys": [ + "port", + "protocol" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "port", + "x-kubernetes-patch-strategy": "merge" + }, + "publishNotReadyAddresses": { + "description": "publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered \"ready\" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior.", + "type": "boolean" + }, + "selector": { + "description": "Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + }, + "x-kubernetes-map-type": "atomic" + }, + "sessionAffinity": { + "description": "Supports \"ClientIP\" and \"None\". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies\n\nPossible enum values:\n - `\"ClientIP\"` is the Client IP based.\n - `\"None\"` - no session affinity.", + "type": "string", + "enum": [ + "ClientIP", + "None" + ] + }, + "sessionAffinityConfig": { + "description": "sessionAffinityConfig contains the configurations of session affinity.", + "$ref": "#/definitions/io.k8s.api.core.v1.SessionAffinityConfig" + }, + "trafficDistribution": { + "description": "TrafficDistribution offers a way to express preferences for how traffic is distributed to Service endpoints. Implementations can use this field as a hint, but are not required to guarantee strict adherence. If the field is not set, the implementation will apply its default routing strategy. If set to \"PreferClose\", implementations should prioritize endpoints that are in the same zone.", + "type": "string" + }, + "type": { + "description": "type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. \"ClusterIP\" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is \"None\", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. \"NodePort\" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. \"LoadBalancer\" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. \"ExternalName\" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types\n\nPossible enum values:\n - `\"ClusterIP\"` means a service will only be accessible inside the cluster, via the cluster IP.\n - `\"ExternalName\"` means a service consists of only a reference to an external name that kubedns or equivalent will return as a CNAME record, with no exposing or proxying of any pods involved.\n - `\"LoadBalancer\"` means a service will be exposed via an external load balancer (if the cloud provider supports it), in addition to 'NodePort' type.\n - `\"NodePort\"` means a service will be exposed on one port of every node, in addition to 'ClusterIP' type.", + "type": "string", + "enum": [ + "ClusterIP", + "ExternalName", + "LoadBalancer", + "NodePort" + ] } } }, - "com.github.openshift.api.quota.v1.ClusterResourceQuotaList": { - "description": "ClusterResourceQuotaList is a collection of ClusterResourceQuotas\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.ServiceStatus": { + "description": "ServiceStatus represents the current status of a service.", "type": "object", - "required": [ - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is a list of ClusterResourceQuotas", + "conditions": { + "description": "Current service state", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.quota.v1.ClusterResourceQuota" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "loadBalancer": { + "description": "LoadBalancer contains the current status of the load-balancer, if one is present.", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.api.core.v1.LoadBalancerStatus" } } }, - "com.github.openshift.api.quota.v1.ClusterResourceQuotaSelector": { - "description": "ClusterResourceQuotaSelector is used to select projects. At least one of LabelSelector or AnnotationSelector must present. If only one is present, it is the only selection criteria. If both are specified, the project must match both restrictions.", + "io.k8s.api.core.v1.SessionAffinityConfig": { + "description": "SessionAffinityConfig represents the configurations of session affinity.", "type": "object", "properties": { - "annotations": { - "description": "AnnotationSelector is used to select projects by annotation.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "labels": { - "description": "LabelSelector is used to select projects by label.", - "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + "clientIP": { + "description": "clientIP contains the configurations of Client IP based session affinity.", + "$ref": "#/definitions/io.k8s.api.core.v1.ClientIPConfig" } } }, - "com.github.openshift.api.quota.v1.ClusterResourceQuotaSpec": { - "description": "ClusterResourceQuotaSpec defines the desired quota restrictions", + "io.k8s.api.core.v1.SleepAction": { + "description": "SleepAction describes a \"sleep\" action.", "type": "object", "required": [ - "selector", - "quota" + "seconds" ], "properties": { - "quota": { - "description": "quota defines the desired quota", - "default": {}, - "$ref": "#/definitions/ResourceQuotaSpec.v1.core.api.k8s.io" + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "type": "integer", + "format": "int64", + "default": 0 + } + } + }, + "io.k8s.api.core.v1.StorageOSPersistentVolumeSource": { + "description": "Represents a StorageOS persistent volume resource.", + "type": "object", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" }, - "selector": { - "description": "selector is the selector used to match projects. It should only select active projects on the scale of dozens (though it can select many more less active projects). These projects will contend on object creation through this resource.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.quota.v1.ClusterResourceQuotaSelector" + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.", + "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + }, + "volumeName": { + "description": "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.", + "type": "string" + }, + "volumeNamespace": { + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.", + "type": "string" } } }, - "com.github.openshift.api.quota.v1.ClusterResourceQuotaStatus": { - "description": "ClusterResourceQuotaStatus defines the actual enforced quota and its current usage", + "io.k8s.api.core.v1.StorageOSVolumeSource": { + "description": "Represents a StorageOS persistent volume resource.", "type": "object", - "required": [ - "total" - ], "properties": { - "namespaces": { - "description": "namespaces slices the usage by project. This division allows for quick resolution of deletion reconciliation inside of a single project without requiring a recalculation across all projects. This can be used to pull the deltas for a given project.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.quota.v1.ResourceQuotaStatusByNamespace" - } + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" }, - "total": { - "description": "total defines the actual enforced quota and its current usage across all projects", - "default": {}, - "$ref": "#/definitions/ResourceQuotaStatus.v1.core.api.k8s.io" + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.", + "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + }, + "volumeName": { + "description": "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.", + "type": "string" + }, + "volumeNamespace": { + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.", + "type": "string" } } }, - "com.github.openshift.api.quota.v1.ResourceQuotaStatusByNamespace": { - "description": "ResourceQuotaStatusByNamespace gives status for a particular project", + "io.k8s.api.core.v1.Sysctl": { + "description": "Sysctl defines a kernel parameter to be set", "type": "object", "required": [ - "namespace", - "status" + "name", + "value" ], "properties": { - "namespace": { - "description": "namespace the project this status applies to", + "name": { + "description": "Name of a property to set", "type": "string", "default": "" }, - "status": { - "description": "status indicates how many resources have been consumed by this project", - "default": {}, - "$ref": "#/definitions/ResourceQuotaStatus.v1.core.api.k8s.io" + "value": { + "description": "Value of a property to set", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.route.v1.LocalObjectReference": { - "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", + "io.k8s.api.core.v1.TCPSocketAction": { + "description": "TCPSocketAction describes an action based on opening a socket", "type": "object", + "required": [ + "port" + ], "properties": { - "name": { - "description": "name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" + }, + "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "com.github.openshift.api.route.v1.Route": { - "description": "A route allows developers to expose services through an HTTP(S) aware load balancing and proxy layer via a public DNS entry. The route may further specify TLS options and a certificate, or specify a public CNAME that the router should also accept for HTTP and HTTPS traffic. An administrator typically configures their router to be visible outside the cluster firewall, and may also add additional security, caching, or traffic controls on the service content. Routers usually talk directly to the service endpoints.\n\nOnce a route is created, the `host` field may not be changed. Generally, routers use the oldest route with a given host when resolving conflicts.\n\nRouters are subject to additional customization and may support additional controls via the annotations field.\n\nBecause administrators may configure multiple routers, the route status field is used to return information to clients about the names and states of the route under each router. If a client chooses a duplicate name, for instance, the route status conditions are used to indicate the route cannot be chosen.\n\nTo enable HTTP/2 ALPN on a route it requires a custom (non-wildcard) certificate. This prevents connection coalescing by clients, notably web browsers. We do not support HTTP/2 ALPN on routes that use the default certificate because of the risk of connection re-use/coalescing. Routes that do not have their own custom certificate will not be HTTP/2 ALPN-enabled on either the frontend or the backend.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.Taint": { + "description": "The node this Taint is attached to has the \"effect\" on any pod that does not tolerate the Taint.", "type": "object", "required": [ - "spec" + "key", + "effect" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "effect": { + "description": "Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute.\n\nPossible enum values:\n - `\"NoExecute\"` Evict any already-running pods that do not tolerate the taint. Currently enforced by NodeController.\n - `\"NoSchedule\"` Do not allow new pods to schedule onto the node unless they tolerate the taint, but allow all pods submitted to Kubelet without going through the scheduler to start, and allow all already-running pods to continue running. Enforced by the scheduler.\n - `\"PreferNoSchedule\"` Like TaintEffectNoSchedule, but the scheduler tries not to schedule new pods onto the node, rather than prohibiting new pods from scheduling onto the node entirely. Enforced by the scheduler.", + "type": "string", + "default": "", + "enum": [ + "NoExecute", + "NoSchedule", + "PreferNoSchedule" + ] }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "key": { + "description": "Required. The taint key to be applied to a node.", + "type": "string", + "default": "" }, - "spec": { - "description": "spec is the desired state of the route", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteSpec" + "timeAdded": { + "description": "TimeAdded represents the time at which the taint was added.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, - "status": { - "description": "status is the current state of the route", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteStatus" + "value": { + "description": "The taint value corresponding to the taint key.", + "type": "string" } } }, - "com.github.openshift.api.route.v1.RouteHTTPHeader": { - "description": "RouteHTTPHeader specifies configuration for setting or deleting an HTTP header.", + "io.k8s.api.core.v1.Toleration": { + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator .", "type": "object", - "required": [ - "name", - "action" - ], "properties": { - "action": { - "description": "action specifies actions to perform on headers, such as setting or deleting headers.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteHTTPHeaderActionUnion" + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.\n\nPossible enum values:\n - `\"NoExecute\"` Evict any already-running pods that do not tolerate the taint. Currently enforced by NodeController.\n - `\"NoSchedule\"` Do not allow new pods to schedule onto the node unless they tolerate the taint, but allow all pods submitted to Kubelet without going through the scheduler to start, and allow all already-running pods to continue running. Enforced by the scheduler.\n - `\"PreferNoSchedule\"` Like TaintEffectNoSchedule, but the scheduler tries not to schedule new pods onto the node, rather than prohibiting new pods from scheduling onto the node entirely. Enforced by the scheduler.", + "type": "string", + "enum": [ + "NoExecute", + "NoSchedule", + "PreferNoSchedule" + ] }, - "name": { - "description": "name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, \"-!#$%&'*+.^_`\". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.", + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.\n\nPossible enum values:\n - `\"Equal\"`\n - `\"Exists\"`", "type": "string", - "default": "" + "enum": [ + "Equal", + "Exists" + ] + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + "type": "integer", + "format": "int64" + }, + "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" } } }, - "com.github.openshift.api.route.v1.RouteHTTPHeaderActionUnion": { - "description": "RouteHTTPHeaderActionUnion specifies an action to take on an HTTP header.", + "io.k8s.api.core.v1.TopologySelectorLabelRequirement": { + "description": "A topology selector requirement is a selector that matches given label. This is an alpha feature and may change in the future.", "type": "object", "required": [ - "type" + "key", + "values" ], "properties": { - "set": { - "description": "set defines the HTTP header that should be set: added if it doesn't exist or replaced if it does. This field is required when type is Set and forbidden otherwise.", - "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteSetHTTPHeader" - }, - "type": { - "description": "type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.", + "key": { + "description": "The label key that the selector applies to.", "type": "string", "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "set": "Set" - } - } - ] - }, - "com.github.openshift.api.route.v1.RouteHTTPHeaderActions": { - "description": "RouteHTTPHeaderActions defines configuration for actions on HTTP request and response headers.", - "type": "object", - "properties": { - "request": { - "description": "request is a list of HTTP request headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the request headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Currently, actions may define to either `Set` or `Delete` headers values. Route actions will be executed after IngressController actions for request headers. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. You can use this field to specify HTTP request headers that should be set or deleted when forwarding connections from the client to your application. Sample fetchers allowed are \"req.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[req.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\". Any request header configuration applied directly via a Route resource using this API will override header configuration for a header of the same name applied via spec.httpHeaders.actions on the IngressController or route annotation. Note: This field cannot be used if your route uses TLS passthrough.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteHTTPHeader" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" }, - "response": { - "description": "response is a list of HTTP response headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the response headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Route actions will be executed before IngressController actions for response headers. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. You can use this field to specify HTTP response headers that should be set or deleted when forwarding responses from your application to the client. Sample fetchers allowed are \"res.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[res.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\". Note: This field cannot be used if your route uses TLS passthrough.", + "values": { + "description": "An array of string values. One value must match the label to be selected. Each entry in Values is ORed.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteHTTPHeader" + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.route.v1.RouteHTTPHeaders": { - "description": "RouteHTTPHeaders defines policy for HTTP headers.", + "io.k8s.api.core.v1.TopologySelectorTerm": { + "description": "A topology selector term represents the result of label queries. A null or empty topology selector term matches no objects. The requirements of them are ANDed. It provides a subset of functionality as NodeSelectorTerm. This is an alpha feature and may change in the future.", "type": "object", "properties": { - "actions": { - "description": "actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the \"haproxy.router.openshift.io/hsts_header\" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController's spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route's spec.httpHeaders.actions field. The headers set via this API will not appear in access logs. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteHTTPHeaderActions" + "matchLabelExpressions": { + "description": "A list of topology selector requirements by labels.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.TopologySelectorLabelRequirement" + }, + "x-kubernetes-list-type": "atomic" } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.route.v1.RouteIngress": { - "description": "RouteIngress holds information about the places where a route is exposed.", + "io.k8s.api.core.v1.TopologySpreadConstraint": { + "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", "type": "object", + "required": [ + "maxSkew", + "topologyKey", + "whenUnsatisfiable" + ], "properties": { - "conditions": { - "description": "conditions is the state of the route, may be empty.", + "labelSelector": { + "description": "LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteIngressCondition" + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" }, - "host": { - "description": "host is the host string under which the route is exposed; this value is required", - "type": "string" + "maxSkew": { + "description": "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.", + "type": "integer", + "format": "int32", + "default": 0 }, - "routerCanonicalHostname": { - "description": "CanonicalHostname is the external host name for the router that can be used as a CNAME for the host requested for this route. This value is optional and may not be set in all cases.", - "type": "string" + "minDomains": { + "description": "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew.", + "type": "integer", + "format": "int32" }, - "routerName": { - "description": "Name is a name chosen by the router to identify itself; this value is required", - "type": "string" + "nodeAffinityPolicy": { + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\n\nPossible enum values:\n - `\"Honor\"` means use this scheduling directive when calculating pod topology spread skew.\n - `\"Ignore\"` means ignore this scheduling directive when calculating pod topology spread skew.", + "type": "string", + "enum": [ + "Honor", + "Ignore" + ] }, - "wildcardPolicy": { - "description": "Wildcard policy is the wildcard policy that was allowed where this route is exposed.", - "type": "string" + "nodeTaintsPolicy": { + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\n\nPossible enum values:\n - `\"Honor\"` means use this scheduling directive when calculating pod topology spread skew.\n - `\"Ignore\"` means ignore this scheduling directive when calculating pod topology spread skew.", + "type": "string", + "enum": [ + "Honor", + "Ignore" + ] + }, + "topologyKey": { + "description": "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field.", + "type": "string", + "default": "" + }, + "whenUnsatisfiable": { + "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.\n\nPossible enum values:\n - `\"DoNotSchedule\"` instructs the scheduler not to schedule the pod when constraints are not satisfied.\n - `\"ScheduleAnyway\"` instructs the scheduler to schedule the pod even if constraints are not satisfied.", + "type": "string", + "default": "", + "enum": [ + "DoNotSchedule", + "ScheduleAnyway" + ] } } }, - "com.github.openshift.api.route.v1.RouteIngressCondition": { - "description": "RouteIngressCondition contains details for the current condition of this route on a particular router.", + "io.k8s.api.core.v1.TypedLocalObjectReference": { + "description": "TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.", "type": "object", "required": [ - "type", - "status" + "kind", + "name" ], "properties": { - "lastTransitionTime": { - "description": "RFC 3339 date and time when this condition last transitioned", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "message": { - "description": "Human readable message indicating details about last transition.", + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", "type": "string" }, - "reason": { - "description": "(brief) reason for the condition's last transition, and is usually a machine and human readable constant", + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string", + "default": "" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string", + "default": "" + } + }, + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.api.core.v1.TypedObjectReference": { + "description": "TypedObjectReference contains enough information to let you locate the typed referenced object", + "type": "object", + "required": [ + "kind", + "name" + ], + "properties": { + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", "type": "string" }, - "status": { - "description": "status is the status of the condition. Can be True, False, Unknown.", + "kind": { + "description": "Kind is the type of resource being referenced", "type": "string", "default": "" }, - "type": { - "description": "type is the type of the condition. Currently only Admitted or UnservableInFutureVersions.", + "name": { + "description": "Name is the name of resource being referenced", "type": "string", "default": "" + }, + "namespace": { + "description": "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" } } }, - "com.github.openshift.api.route.v1.RouteList": { - "description": "RouteList is a collection of Routes.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.Volume": { + "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", "type": "object", "required": [ - "items" + "name" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "awsElasticBlockStore": { + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "$ref": "#/definitions/io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource" + }, + "azureDisk": { + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver.", + "$ref": "#/definitions/io.k8s.api.core.v1.AzureDiskVolumeSource" + }, + "azureFile": { + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver.", + "$ref": "#/definitions/io.k8s.api.core.v1.AzureFileVolumeSource" + }, + "cephfs": { + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.CephFSVolumeSource" + }, + "cinder": { + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "$ref": "#/definitions/io.k8s.api.core.v1.CinderVolumeSource" + }, + "configMap": { + "description": "configMap represents a configMap that should populate this volume", + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapVolumeSource" + }, + "csi": { + "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", + "$ref": "#/definitions/io.k8s.api.core.v1.CSIVolumeSource" + }, + "downwardAPI": { + "description": "downwardAPI represents downward API about the pod that should populate this volume", + "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIVolumeSource" + }, + "emptyDir": { + "description": "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "$ref": "#/definitions/io.k8s.api.core.v1.EmptyDirVolumeSource" + }, + "ephemeral": { + "description": "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed.\n\nUse this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information.\n\nA pod can use both types of ephemeral volumes and persistent volumes at the same time.", + "$ref": "#/definitions/io.k8s.api.core.v1.EphemeralVolumeSource" + }, + "fc": { + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", + "$ref": "#/definitions/io.k8s.api.core.v1.FCVolumeSource" + }, + "flexVolume": { + "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", + "$ref": "#/definitions/io.k8s.api.core.v1.FlexVolumeSource" + }, + "flocker": { + "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.FlockerVolumeSource" + }, + "gcePersistentDisk": { + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "$ref": "#/definitions/io.k8s.api.core.v1.GCEPersistentDiskVolumeSource" + }, + "gitRepo": { + "description": "gitRepo represents a git repository at a particular revision. Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", + "$ref": "#/definitions/io.k8s.api.core.v1.GitRepoVolumeSource" + }, + "glusterfs": { + "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.GlusterfsVolumeSource" + }, + "hostPath": { + "description": "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "$ref": "#/definitions/io.k8s.api.core.v1.HostPathVolumeSource" + }, + "image": { + "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", + "$ref": "#/definitions/io.k8s.api.core.v1.ImageVolumeSource" + }, + "iscsi": { + "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi", + "$ref": "#/definitions/io.k8s.api.core.v1.ISCSIVolumeSource" + }, + "name": { + "description": "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string", + "default": "" + }, + "nfs": { + "description": "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "$ref": "#/definitions/io.k8s.api.core.v1.NFSVolumeSource" + }, + "persistentVolumeClaim": { + "description": "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimVolumeSource" + }, + "photonPersistentDisk": { + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource" + }, + "portworxVolume": { + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on.", + "$ref": "#/definitions/io.k8s.api.core.v1.PortworxVolumeSource" }, - "items": { - "description": "items is a list of routes", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.route.v1.Route" - } + "projected": { + "description": "projected items for all in one resources secrets, configmaps, and downward API", + "$ref": "#/definitions/io.k8s.api.core.v1.ProjectedVolumeSource" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "quobyte": { + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.QuobyteVolumeSource" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.route.v1.RoutePort": { - "description": "RoutePort defines a port mapping from a router to an endpoint in the service endpoints.", - "type": "object", - "required": [ - "targetPort" - ], - "properties": { - "targetPort": { - "description": "The target port on pods selected by the service this route points to. If this is a string, it will be looked up as a named port in the target endpoints port list. Required", - "$ref": "#/definitions/IntOrString.intstr.util.pkg.apimachinery.k8s.io" + "rbd": { + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.RBDVolumeSource" + }, + "scaleIO": { + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.ScaleIOVolumeSource" + }, + "secret": { + "description": "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "$ref": "#/definitions/io.k8s.api.core.v1.SecretVolumeSource" + }, + "storageos": { + "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.StorageOSVolumeSource" + }, + "vsphereVolume": { + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver.", + "$ref": "#/definitions/io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource" } } }, - "com.github.openshift.api.route.v1.RouteSetHTTPHeader": { - "description": "RouteSetHTTPHeader specifies what value needs to be set on an HTTP header.", + "io.k8s.api.core.v1.VolumeDevice": { + "description": "volumeDevice describes a mapping of a raw block device within a container.", "type": "object", "required": [ - "value" + "name", + "devicePath" ], "properties": { - "value": { - "description": "value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController.", + "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", + "type": "string", + "default": "" + }, + "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", "type": "string", "default": "" } } }, - "com.github.openshift.api.route.v1.RouteSpec": { - "description": "RouteSpec describes the hostname or path the route exposes, any security information, and one to four backends (services) the route points to. Requests are distributed among the backends depending on the weights assigned to each backend. When using roundrobin scheduling the portion of requests that go to each backend is the backend weight divided by the sum of all of the backend weights. When the backend has more than one endpoint the requests that end up on the backend are roundrobin distributed among the endpoints. Weights are between 0 and 256 with default 100. Weight 0 causes no requests to the backend. If all weights are zero the route will be considered to have no backends and return a standard 503 response.\n\nThe `tls` field is optional and allows specific certificates or behavior for the route. Routers typically configure a default certificate on a wildcard domain to terminate routes without explicit certificates, but custom hostnames usually must choose passthrough (send traffic directly to the backend via the TLS Server-Name- Indication field) or provide a certificate.", + "io.k8s.api.core.v1.VolumeMount": { + "description": "VolumeMount describes a mounting of a Volume within a container.", "type": "object", "required": [ - "to" + "name", + "mountPath" ], "properties": { - "alternateBackends": { - "description": "alternateBackends allows up to 3 additional backends to be assigned to the route. Only the Service kind is allowed, and it will be defaulted to Service. Use the weight field in RouteTargetReference object to specify relative preference.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteTargetReference" - }, - "x-kubernetes-list-map-keys": [ - "name", - "kind" - ], - "x-kubernetes-list-type": "map" - }, - "host": { - "description": "host is an alias/DNS that points to the service. Optional. If not specified a route name will typically be automatically chosen. Must follow DNS952 subdomain conventions.", - "type": "string" + "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", + "type": "string", + "default": "" }, - "httpHeaders": { - "description": "httpHeaders defines policy for HTTP headers.", - "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteHTTPHeaders" + "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).\n\nPossible enum values:\n - `\"Bidirectional\"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume (\"rshared\" in Linux terminology).\n - `\"HostToContainer\"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume (\"rslave\" in Linux terminology).\n - `\"None\"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to \"private\" in Linux terminology.", + "type": "string", + "enum": [ + "Bidirectional", + "HostToContainer", + "None" + ] }, - "path": { - "description": "path that the router watches for, to route traffic for to the service. Optional", - "type": "string" + "name": { + "description": "This must match the Name of a Volume.", + "type": "string", + "default": "" }, - "port": { - "description": "If specified, the port to be used by the router. Most routers will use all endpoints exposed by the service by default - set this value to instruct routers which port to use.", - "$ref": "#/definitions/com.github.openshift.api.route.v1.RoutePort" + "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + "type": "boolean" }, - "subdomain": { - "description": "subdomain is a DNS subdomain that is requested within the ingress controller's domain (as a subdomain). If host is set this field is ignored. An ingress controller may choose to ignore this suggested name, in which case the controller will report the assigned name in the status.ingress array or refuse to admit the route. If this value is set and the server does not support this field host will be populated automatically. Otherwise host is left empty. The field may have multiple parts separated by a dot, but not all ingress controllers may honor the request. This field may not be changed after creation except by a user with the update routes/custom-host permission.\n\nExample: subdomain `frontend` automatically receives the router subdomain `apps.mycluster.com` to have a full hostname `frontend.apps.mycluster.com`.", + "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled recursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", "type": "string" }, - "tls": { - "description": "The tls field provides the ability to configure certificates and termination for the route.", - "$ref": "#/definitions/com.github.openshift.api.route.v1.TLSConfig" - }, - "to": { - "description": "to is an object the route should use as the primary backend. Only the Service kind is allowed, and it will be defaulted to Service. If the weight field (0-256 default 100) is set to zero, no traffic will be sent to this backend.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteTargetReference" + "subPath": { + "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", + "type": "string" }, - "wildcardPolicy": { - "description": "Wildcard policy if any for the route. Currently only 'Subdomain' or 'None' is allowed.", + "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.", "type": "string" } } }, - "com.github.openshift.api.route.v1.RouteStatus": { - "description": "RouteStatus provides relevant info about the status of a route, including which routers acknowledge it.", - "type": "object", - "properties": { - "ingress": { - "description": "ingress describes the places where the route may be exposed. The list of ingress points may contain duplicate Host or RouterName values. Routes are considered live once they are `Ready`", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteIngress" - }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "com.github.openshift.api.route.v1.RouteTargetReference": { - "description": "RouteTargetReference specifies the target that resolve into endpoints. Only the 'Service' kind is allowed. Use 'weight' field to emphasize one over others.", + "io.k8s.api.core.v1.VolumeMountStatus": { + "description": "VolumeMountStatus shows status of volume mounts.", "type": "object", "required": [ - "kind", - "name" + "name", + "mountPath" ], "properties": { - "kind": { - "description": "The kind of target that the route is referring to. Currently, only 'Service' is allowed", + "mountPath": { + "description": "MountPath corresponds to the original VolumeMount.", "type": "string", "default": "" }, "name": { - "description": "name of the service/target that is being referred to. e.g. name of the service", + "description": "Name corresponds to the name of the original VolumeMount.", "type": "string", "default": "" }, - "weight": { - "description": "weight as an integer between 0 and 256, default 100, that specifies the target's relative weight against other target reference objects. 0 suppresses requests to this backend.", - "type": "integer", - "format": "int32" + "readOnly": { + "description": "ReadOnly corresponds to the original VolumeMount.", + "type": "boolean" + }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly must be set to Disabled, Enabled, or unspecified (for non-readonly mounts). An IfPossible value in the original VolumeMount must be translated to Disabled or Enabled, depending on the mount result.", + "type": "string" } } }, - "com.github.openshift.api.route.v1.RouterShard": { - "description": "RouterShard has information of a routing shard and is used to generate host names and routing table entries when a routing shard is allocated for a specific route. Caveat: This is WIP and will likely undergo modifications when sharding support is added.", + "io.k8s.api.core.v1.VolumeNodeAffinity": { + "description": "VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from.", "type": "object", - "required": [ - "shardName", - "dnsSuffix" - ], "properties": { - "dnsSuffix": { - "description": "dnsSuffix for the shard ala: shard-1.v3.openshift.com", - "type": "string", - "default": "" - }, - "shardName": { - "description": "shardName uniquely identifies a router shard in the \"set\" of routers used for routing traffic to the services.", - "type": "string", - "default": "" + "required": { + "description": "required specifies hard node constraints that must be met.", + "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelector" } } }, - "com.github.openshift.api.route.v1.TLSConfig": { - "description": "TLSConfig defines config used to secure a route and provide termination", + "io.k8s.api.core.v1.VolumeProjection": { + "description": "Projection that may be projected along with other supported volume types. Exactly one of these fields must be set.", "type": "object", - "required": [ - "termination" - ], "properties": { - "caCertificate": { - "description": "caCertificate provides the cert authority certificate contents", - "type": "string" - }, - "certificate": { - "description": "certificate provides certificate contents. This should be a single serving certificate, not a certificate chain. Do not include a CA certificate.", - "type": "string" + "clusterTrustBundle": { + "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time.", + "$ref": "#/definitions/io.k8s.api.core.v1.ClusterTrustBundleProjection" }, - "destinationCACertificate": { - "description": "destinationCACertificate provides the contents of the ca certificate of the final destination. When using reencrypt termination this file should be provided in order to have routers use it for health checks on the secure connection. If this field is not specified, the router may provide its own destination CA and perform hostname validation using the short service name (service.namespace.svc), which allows infrastructure generated certificates to automatically verify.", - "type": "string" + "configMap": { + "description": "configMap information about the configMap data to project", + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapProjection" }, - "externalCertificate": { - "description": "externalCertificate provides certificate contents as a secret reference. This should be a single serving certificate, not a certificate chain. Do not include a CA certificate. The secret referenced should be present in the same namespace as that of the Route. Forbidden when `certificate` is set. The router service account needs to be granted with read-only access to this secret, please refer to openshift docs for additional details.", - "$ref": "#/definitions/com.github.openshift.api.route.v1.LocalObjectReference" + "downwardAPI": { + "description": "downwardAPI information about the downwardAPI data to project", + "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIProjection" }, - "insecureEdgeTerminationPolicy": { - "description": "insecureEdgeTerminationPolicy indicates the desired behavior for insecure connections to a route. While each router may make its own decisions on which ports to expose, this is normally port 80.\n\nIf a route does not specify insecureEdgeTerminationPolicy, then the default behavior is \"None\".\n\n* Allow - traffic is sent to the server on the insecure port (edge/reencrypt terminations only).\n\n* None - no traffic is allowed on the insecure port (default).\n\n* Redirect - clients are redirected to the secure port.", - "type": "string" + "podCertificate": { + "description": "Projects an auto-rotating credential bundle (private key and certificate chain) that the pod can use either as a TLS client or server.\n\nKubelet generates a private key and uses it to send a PodCertificateRequest to the named signer. Once the signer approves the request and issues a certificate chain, Kubelet writes the key and certificate chain to the pod filesystem. The pod does not start until certificates have been issued for each podCertificate projected volume source in its spec.\n\nKubelet will begin trying to rotate the certificate at the time indicated by the signer using the PodCertificateRequest.Status.BeginRefreshAt timestamp.\n\nKubelet can write a single file, indicated by the credentialBundlePath field, or separate files, indicated by the keyPath and certificateChainPath fields.\n\nThe credential bundle is a single file in PEM format. The first PEM entry is the private key (in PKCS#8 format), and the remaining PEM entries are the certificate chain issued by the signer (typically, signers will return their certificate chain in leaf-to-root order).\n\nPrefer using the credential bundle format, since your application code can read it atomically. If you use keyPath and certificateChainPath, your application must make two separate file reads. If these coincide with a certificate rotation, it is possible that the private key and leaf certificate you read may not correspond to each other. Your application will need to check for this condition, and re-read until they are consistent.\n\nThe named signer controls chooses the format of the certificate it issues; consult the signer implementation's documentation to learn how to use the certificates it issues.", + "$ref": "#/definitions/io.k8s.api.core.v1.PodCertificateProjection" }, - "key": { - "description": "key provides key file contents", - "type": "string" + "secret": { + "description": "secret information about the secret data to project", + "$ref": "#/definitions/io.k8s.api.core.v1.SecretProjection" }, - "termination": { - "description": "termination indicates the TLS termination type.\n\n* edge - TLS termination is done by the router and http is used to communicate with the backend (default)\n\n* passthrough - Traffic is sent straight to the destination without the router providing TLS termination\n\n* reencrypt - TLS termination is done by the router and https is used to communicate with the backend\n\nNote: passthrough termination is incompatible with httpHeader actions", - "type": "string", - "default": "" + "serviceAccountToken": { + "description": "serviceAccountToken is information about the serviceAccountToken data to project", + "$ref": "#/definitions/io.k8s.api.core.v1.ServiceAccountTokenProjection" } } }, - "com.github.openshift.api.samples.v1.Config": { - "description": "Config contains the configuration and detailed condition status for the Samples Operator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.core.v1.VolumeResourceRequirements": { + "description": "VolumeResourceRequirements describes the storage resource requirements for a volume.", "type": "object", - "required": [ - "metadata", - "spec" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.samples.v1.ConfigSpec" + "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + } }, - "status": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.samples.v1.ConfigStatus" + "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + } } } }, - "com.github.openshift.api.samples.v1.ConfigCondition": { - "description": "ConfigCondition captures various conditions of the Config as entries are processed.", + "io.k8s.api.core.v1.VolumeSource": { + "description": "Represents the source of a volume to mount. Only one of its members may be specified.", "type": "object", - "required": [ - "type", - "status" - ], "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "awsElasticBlockStore": { + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "$ref": "#/definitions/io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource" }, - "lastUpdateTime": { - "description": "lastUpdateTime is the last time this condition was updated.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + "azureDisk": { + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver.", + "$ref": "#/definitions/io.k8s.api.core.v1.AzureDiskVolumeSource" }, - "message": { - "description": "message is a human readable message indicating details about the transition.", - "type": "string" + "azureFile": { + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver.", + "$ref": "#/definitions/io.k8s.api.core.v1.AzureFileVolumeSource" }, - "reason": { - "description": "reason is what caused the condition's last transition.", - "type": "string" + "cephfs": { + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.CephFSVolumeSource" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "type": "string", - "default": "" + "cinder": { + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "$ref": "#/definitions/io.k8s.api.core.v1.CinderVolumeSource" }, - "type": { - "description": "type of condition.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.samples.v1.ConfigList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "metadata", - "items" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "configMap": { + "description": "configMap represents a configMap that should populate this volume", + "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapVolumeSource" }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.samples.v1.Config" - } + "csi": { + "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", + "$ref": "#/definitions/io.k8s.api.core.v1.CSIVolumeSource" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "downwardAPI": { + "description": "downwardAPI represents downward API about the pod that should populate this volume", + "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIVolumeSource" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "emptyDir": { + "description": "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "$ref": "#/definitions/io.k8s.api.core.v1.EmptyDirVolumeSource" + }, + "ephemeral": { + "description": "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed.\n\nUse this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information.\n\nA pod can use both types of ephemeral volumes and persistent volumes at the same time.", + "$ref": "#/definitions/io.k8s.api.core.v1.EphemeralVolumeSource" + }, + "fc": { + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", + "$ref": "#/definitions/io.k8s.api.core.v1.FCVolumeSource" + }, + "flexVolume": { + "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", + "$ref": "#/definitions/io.k8s.api.core.v1.FlexVolumeSource" + }, + "flocker": { + "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.FlockerVolumeSource" + }, + "gcePersistentDisk": { + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "$ref": "#/definitions/io.k8s.api.core.v1.GCEPersistentDiskVolumeSource" + }, + "gitRepo": { + "description": "gitRepo represents a git repository at a particular revision. Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", + "$ref": "#/definitions/io.k8s.api.core.v1.GitRepoVolumeSource" + }, + "glusterfs": { + "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.GlusterfsVolumeSource" + }, + "hostPath": { + "description": "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "$ref": "#/definitions/io.k8s.api.core.v1.HostPathVolumeSource" + }, + "image": { + "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", + "$ref": "#/definitions/io.k8s.api.core.v1.ImageVolumeSource" + }, + "iscsi": { + "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi", + "$ref": "#/definitions/io.k8s.api.core.v1.ISCSIVolumeSource" + }, + "nfs": { + "description": "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "$ref": "#/definitions/io.k8s.api.core.v1.NFSVolumeSource" + }, + "persistentVolumeClaim": { + "description": "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimVolumeSource" + }, + "photonPersistentDisk": { + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource" + }, + "portworxVolume": { + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on.", + "$ref": "#/definitions/io.k8s.api.core.v1.PortworxVolumeSource" + }, + "projected": { + "description": "projected items for all in one resources secrets, configmaps, and downward API", + "$ref": "#/definitions/io.k8s.api.core.v1.ProjectedVolumeSource" + }, + "quobyte": { + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.QuobyteVolumeSource" + }, + "rbd": { + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.RBDVolumeSource" + }, + "scaleIO": { + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.ScaleIOVolumeSource" + }, + "secret": { + "description": "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "$ref": "#/definitions/io.k8s.api.core.v1.SecretVolumeSource" + }, + "storageos": { + "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", + "$ref": "#/definitions/io.k8s.api.core.v1.StorageOSVolumeSource" + }, + "vsphereVolume": { + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver.", + "$ref": "#/definitions/io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource" } } }, - "com.github.openshift.api.samples.v1.ConfigSpec": { - "description": "ConfigSpec contains the desired configuration and state for the Samples Operator, controlling various behavior around the imagestreams and templates it creates/updates in the openshift namespace.", + "io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource": { + "description": "Represents a vSphere volume resource.", "type": "object", + "required": [ + "volumePath" + ], "properties": { - "architectures": { - "description": "architectures determine which hardware architecture(s) to install, where x86_64, ppc64le, and s390x are the only supported choices currently.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "managementState": { - "description": "managementState is top level on/off type of switch for all operators. When \"Managed\", this operator processes config and manipulates the samples accordingly. When \"Unmanaged\", this operator ignores any updates to the resources it watches. When \"Removed\", it reacts that same wasy as it does if the Config object is deleted, meaning any ImageStreams or Templates it manages (i.e. it honors the skipped lists) and the registry secret are deleted, along with the ConfigMap in the operator's namespace that represents the last config used to manipulate the samples,", + "fsType": { + "description": "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, - "samplesRegistry": { - "description": "samplesRegistry allows for the specification of which registry is accessed by the ImageStreams for their image content. Defaults on the content in https://github.com/openshift/library that are pulled into this github repository, but based on our pulling only ocp content it typically defaults to registry.redhat.io.", + "storagePolicyID": { + "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", "type": "string" }, - "skippedHelmCharts": { - "description": "skippedHelmCharts specifies names of helm charts that should NOT be managed. Admins can use this to allow them to delete content they don’t want. They will still have to MANUALLY DELETE the content but the operator will not recreate(or update) anything listed here. Few examples of the name of helmcharts which can be skipped are 'redhat-redhat-perl-imagestreams','redhat-redhat-nodejs-imagestreams','redhat-nginx-imagestreams', 'redhat-redhat-ruby-imagestreams','redhat-redhat-python-imagestreams','redhat-redhat-php-imagestreams', 'redhat-httpd-imagestreams','redhat-redhat-dotnet-imagestreams'. Rest of the names can be obtained from openshift console --> helmcharts -->installed helmcharts. This will display the list of all the 12 helmcharts(of imagestreams)being installed by Samples Operator. The skippedHelmCharts must be a valid Kubernetes resource name. May contain only lowercase alphanumeric characters, hyphens and periods, and each period separated segment must begin and end with an alphanumeric character. It must be non-empty and at most 253 characters in length", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" - }, - "skippedImagestreams": { - "description": "skippedImagestreams specifies names of image streams that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "storagePolicyName": { + "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", + "type": "string" }, - "skippedTemplates": { - "description": "skippedTemplates specifies names of templates that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "volumePath": { + "description": "volumePath is the path that identifies vSphere volume vmdk", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.samples.v1.ConfigStatus": { - "description": "ConfigStatus contains the actual configuration in effect, as well as various details that describe the state of the Samples Operator.", + "io.k8s.api.core.v1.WeightedPodAffinityTerm": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", + "required": [ + "weight", + "podAffinityTerm" + ], "properties": { - "architectures": { - "description": "architectures determine which hardware architecture(s) to install, where x86_64 and ppc64le are the supported choices.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" - }, - "conditions": { - "description": "conditions represents the available maintenance status of the sample imagestreams and templates.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.samples.v1.ConfigCondition" - }, - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" - }, - "managementState": { - "description": "managementState reflects the current operational status of the on/off switch for the operator. This operator compares the ManagementState as part of determining that we are turning the operator back on (i.e. \"Managed\") when it was previously \"Unmanaged\".", - "type": "string", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" - }, - "samplesRegistry": { - "description": "samplesRegistry allows for the specification of which registry is accessed by the ImageStreams for their image content. Defaults on the content in https://github.com/openshift/library that are pulled into this github repository, but based on our pulling only ocp content it typically defaults to registry.redhat.io.", - "type": "string", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" - }, - "skippedImagestreams": { - "description": "skippedImagestreams specifies names of image streams that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" - }, - "skippedTemplates": { - "description": "skippedTemplates specifies names of templates that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.core.v1.PodAffinityTerm" }, - "version": { - "description": "version is the value of the operator's payload based version indicator when it was last successfully processed", - "type": "string", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "com.github.openshift.api.security.v1.AllowedFlexVolume": { - "description": "AllowedFlexVolume represents a single Flexvolume that is allowed to be used.", + "io.k8s.api.core.v1.WindowsSecurityContextOptions": { + "description": "WindowsSecurityContextOptions contain Windows-specific options and credentials.", "type": "object", - "required": [ - "driver" - ], "properties": { - "driver": { - "description": "driver is the name of the Flexvolume driver.", - "type": "string", - "default": "" + "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", + "type": "string" + }, + "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", + "type": "string" + }, + "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", + "type": "boolean" + }, + "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "string" } } }, - "com.github.openshift.api.security.v1.FSGroupStrategyOptions": { - "description": "FSGroupStrategyOptions defines the strategy type and options used to create the strategy.", + "io.k8s.api.rbac.v1.AggregationRule": { + "description": "AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole", "type": "object", "properties": { - "ranges": { - "description": "ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end.", + "clusterRoleSelectors": { + "description": "ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. If any of the selectors match, then the ClusterRole's permissions will be added", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.IDRange" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" }, "x-kubernetes-list-type": "atomic" - }, - "type": { - "description": "type is the strategy that will dictate what FSGroup is used in the SecurityContext.", - "type": "string" } } }, - "com.github.openshift.api.security.v1.IDRange": { - "description": "IDRange provides a min/max of an allowed range of IDs.", + "io.k8s.api.rbac.v1.ClusterRole": { + "description": "ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.", "type": "object", "properties": { - "max": { - "description": "max is the end of the range, inclusive.", - "type": "integer", - "format": "int64" + "aggregationRule": { + "description": "AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller.", + "$ref": "#/definitions/io.k8s.api.rbac.v1.AggregationRule" }, - "min": { - "description": "min is the start of the range, inclusive.", - "type": "integer", - "format": "int64" - } - } - }, - "com.github.openshift.api.security.v1.PodSecurityPolicyReview": { - "description": "PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the `PodTemplateSpec` in question.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "spec" - ], - "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" @@ -51158,63 +50408,26 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "spec is the PodSecurityPolicy to check.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.PodSecurityPolicyReviewSpec" - }, - "status": { - "description": "status represents the current information/status for the PodSecurityPolicyReview.", + "description": "Standard object's metadata.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.PodSecurityPolicyReviewStatus" - } - } - }, - "com.github.openshift.api.security.v1.PodSecurityPolicyReviewSpec": { - "description": "PodSecurityPolicyReviewSpec defines specification for PodSecurityPolicyReview", - "type": "object", - "required": [ - "template" - ], - "properties": { - "serviceAccountNames": { - "description": "serviceAccountNames is an optional set of ServiceAccounts to run the check with. If serviceAccountNames is empty, the template.spec.serviceAccountName is used, unless it's empty, in which case \"default\" is used instead. If serviceAccountNames is specified, template.spec.serviceAccountName is ignored.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "template": { - "description": "template is the PodTemplateSpec to check. The template.spec.serviceAccountName field is used if serviceAccountNames is empty, unless the template.spec.serviceAccountName is empty, in which case \"default\" is used. If serviceAccountNames is specified, template.spec.serviceAccountName is ignored.", - "default": {}, - "$ref": "#/definitions/PodTemplateSpec.v1.core.api.k8s.io" - } - } - }, - "com.github.openshift.api.security.v1.PodSecurityPolicyReviewStatus": { - "description": "PodSecurityPolicyReviewStatus represents the status of PodSecurityPolicyReview.", - "type": "object", - "properties": { - "allowedServiceAccounts": { - "description": "allowedServiceAccounts returns the list of service accounts in *this* namespace that have the power to create the PodTemplateSpec.", + "rules": { + "description": "Rules holds all the PolicyRules for this ClusterRole", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.ServiceAccountPodSecurityPolicyReviewStatus" - } + "$ref": "#/definitions/io.k8s.api.rbac.v1.PolicyRule" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.security.v1.PodSecurityPolicySelfSubjectReview": { - "description": "PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodTemplateSpec\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "io.k8s.api.rbac.v1.ClusterRoleBinding": { + "description": "ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, and adds who information via Subject.", "type": "object", "required": [ - "spec" + "roleRef" ], "properties": { "apiVersion": { @@ -51226,148 +50439,206 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard object's metadata.", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "spec": { - "description": "spec defines specification the PodSecurityPolicySelfSubjectReview.", + "roleRef": { + "description": "RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.PodSecurityPolicySelfSubjectReviewSpec" + "$ref": "#/definitions/io.k8s.api.rbac.v1.RoleRef" }, - "status": { - "description": "status represents the current information/status for the PodSecurityPolicySelfSubjectReview.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewStatus" + "subjects": { + "description": "Subjects holds references to the objects the role applies to.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.rbac.v1.Subject" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.security.v1.PodSecurityPolicySelfSubjectReviewSpec": { - "description": "PodSecurityPolicySelfSubjectReviewSpec contains specification for PodSecurityPolicySelfSubjectReview.", + "io.k8s.api.rbac.v1.ClusterRoleBindingList": { + "description": "ClusterRoleBindingList is a collection of ClusterRoleBindings", "type": "object", "required": [ - "template" + "items" ], "properties": { - "template": { - "description": "template is the PodTemplateSpec to check.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "Items is a list of ClusterRoleBindings", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.rbac.v1.ClusterRoleBinding" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard object's metadata.", "default": {}, - "$ref": "#/definitions/PodTemplateSpec.v1.core.api.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.security.v1.PodSecurityPolicySubjectReview": { - "description": "PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "io.k8s.api.rbac.v1.ClusterRoleList": { + "description": "ClusterRoleList is a collection of ClusterRoles", "type": "object", "required": [ - "spec" + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "description": "Items is a list of ClusterRoles", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.rbac.v1.ClusterRole" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "spec defines specification for the PodSecurityPolicySubjectReview.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewSpec" - }, - "status": { - "description": "status represents the current information/status for the PodSecurityPolicySubjectReview.", + "description": "Standard object's metadata.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewStatus" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewSpec": { - "description": "PodSecurityPolicySubjectReviewSpec defines specification for PodSecurityPolicySubjectReview", + "io.k8s.api.rbac.v1.PolicyRule": { + "description": "PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.", "type": "object", "required": [ - "template" + "verbs" ], "properties": { - "groups": { - "description": "groups is the groups you're testing for.", + "apiGroups": { + "description": "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. \"\" represents the core API group and \"*\" represents all API groups.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" }, - "template": { - "description": "template is the PodTemplateSpec to check. If template.spec.serviceAccountName is empty it will not be defaulted. If its non-empty, it will be checked.", - "default": {}, - "$ref": "#/definitions/PodTemplateSpec.v1.core.api.k8s.io" + "nonResourceURLs": { + "description": "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as \"pods\" or \"secrets\") or non-resource URL paths (such as \"/api\"), but not both.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "user": { - "description": "user is the user you're testing for. If you specify \"user\" but not \"group\", then is it interpreted as \"What if user were not a member of any groups. If user and groups are empty, then the check is performed using *only* the serviceAccountName in the template.", - "type": "string" + "resourceNames": { + "description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "description": "Resources is a list of resources this rule applies to. '*' represents all resources.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "verbs": { + "description": "Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewStatus": { - "description": "PodSecurityPolicySubjectReviewStatus contains information/status for PodSecurityPolicySubjectReview.", + "io.k8s.api.rbac.v1.Role": { + "description": "Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.", "type": "object", "properties": { - "allowedBy": { - "description": "allowedBy is a reference to the rule that allows the PodTemplateSpec. A rule can be a SecurityContextConstraint or a PodSecurityPolicy A `nil`, indicates that it was denied.", - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "reason": { - "description": "A machine-readable description of why this operation is in the \"Failure\" status. If this value is empty there is no information available.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "template": { - "description": "template is the PodTemplateSpec after the defaulting is applied.", + "metadata": { + "description": "Standard object's metadata.", "default": {}, - "$ref": "#/definitions/PodTemplateSpec.v1.core.api.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "rules": { + "description": "Rules holds all the PolicyRules for this Role", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.rbac.v1.PolicyRule" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.security.v1.RangeAllocation": { - "description": "RangeAllocation is used so we can easily expose a RangeAllocation typed for security group\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "io.k8s.api.rbac.v1.RoleBinding": { + "description": "RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace.", "type": "object", "required": [ - "range", - "data" + "roleRef" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "data": { - "description": "data is a byte array representing the serialized state of a range allocation. It is a bitmap with each bit set to one to represent a range is taken.", - "type": "string", - "format": "byte" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard object's metadata.", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" }, - "range": { - "description": "range is a string representing a unique label for a range of uids, \"1000000000-2000000000/10000\".", - "type": "string", - "default": "" + "roleRef": { + "description": "RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable.", + "default": {}, + "$ref": "#/definitions/io.k8s.api.rbac.v1.RoleRef" + }, + "subjects": { + "description": "Subjects holds references to the objects the role applies to.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.rbac.v1.Subject" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.security.v1.RangeAllocationList": { - "description": "RangeAllocationList is a list of RangeAllocations objects\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.rbac.v1.RoleBindingList": { + "description": "RoleBindingList is a collection of RoleBindings", "type": "object", "required": [ "items" @@ -51378,11 +50649,11 @@ "type": "string" }, "items": { - "description": "List of RangeAllocations.", + "description": "Items is a list of RoleBindings", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.RangeAllocation" + "$ref": "#/definitions/io.k8s.api.rbac.v1.RoleBinding" } }, "kind": { @@ -51390,163 +50661,207 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard object's metadata.", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.security.v1.RunAsUserStrategyOptions": { - "description": "RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.", + "io.k8s.api.rbac.v1.RoleList": { + "description": "RoleList is a collection of Roles", "type": "object", + "required": [ + "items" + ], "properties": { - "type": { - "description": "type is the strategy that will dictate what RunAsUser is used in the SecurityContext.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "uid": { - "description": "uid is the user id that containers must run as. Required for the MustRunAs strategy if not using namespace/service account allocated uids.", - "type": "integer", - "format": "int64" + "items": { + "description": "Items is a list of Roles", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.api.rbac.v1.Role" + } }, - "uidRangeMax": { - "description": "uidRangeMax defines the max value for a strategy that allocates by range.", - "type": "integer", - "format": "int64" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "uidRangeMin": { - "description": "uidRangeMin defines the min value for a strategy that allocates by range.", - "type": "integer", - "format": "int64" + "metadata": { + "description": "Standard object's metadata.", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.security.v1.SELinuxContextStrategyOptions": { - "description": "SELinuxContextStrategyOptions defines the strategy type and any options used to create the strategy.", + "io.k8s.api.rbac.v1.RoleRef": { + "description": "RoleRef contains information that points to the role being used", "type": "object", + "required": [ + "apiGroup", + "kind", + "name" + ], "properties": { - "seLinuxOptions": { - "description": "seLinuxOptions required to run as; required for MustRunAs", - "$ref": "#/definitions/SELinuxOptions.v1.core.api.k8s.io" + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced", + "type": "string", + "default": "" }, - "type": { - "description": "type is the strategy that will dictate what SELinux context is used in the SecurityContext.", - "type": "string" + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string", + "default": "" + }, + "name": { + "description": "Name is the name of resource being referenced", + "type": "string", + "default": "" } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.security.v1.SecurityContextConstraints": { - "description": "SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.api.rbac.v1.Subject": { + "description": "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names.", "type": "object", "required": [ - "priority", - "allowPrivilegedContainer", - "defaultAddCapabilities", - "requiredDropCapabilities", - "allowedCapabilities", - "allowHostDirVolumePlugin", - "volumes", - "allowHostNetwork", - "allowHostPorts", - "allowHostPID", - "allowHostIPC", - "readOnlyRootFilesystem" + "kind", + "name" ], "properties": { - "allowHostDirVolumePlugin": { - "description": "allowHostDirVolumePlugin determines if the policy allow containers to use the HostDir volume plugin", - "type": "boolean", - "default": false + "apiGroup": { + "description": "APIGroup holds the API group of the referenced subject. Defaults to \"\" for ServiceAccount subjects. Defaults to \"rbac.authorization.k8s.io\" for User and Group subjects.", + "type": "string" }, - "allowHostIPC": { - "description": "allowHostIPC determines if the policy allows host ipc in the containers.", - "type": "boolean", - "default": false + "kind": { + "description": "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\". If the Authorizer does not recognized the kind value, the Authorizer should report an error.", + "type": "string", + "default": "" }, - "allowHostNetwork": { - "description": "allowHostNetwork determines if the policy allows the use of HostNetwork in the pod spec.", - "type": "boolean", - "default": false + "name": { + "description": "Name of the object being referenced.", + "type": "string", + "default": "" }, - "allowHostPID": { - "description": "allowHostPID determines if the policy allows host pid in the containers.", - "type": "boolean", - "default": false + "namespace": { + "description": "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty the Authorizer should report an error.", + "type": "string" + } + }, + "x-kubernetes-map-type": "atomic" + }, + "io.k8s.apimachinery.pkg.api.resource.Quantity": { + "description": "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n``` ::= \n\n\t(Note that may be empty, from the \"\" case in .)\n\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\n\t(International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\n ::= m | \"\" | k | M | G | T | P | E\n\n\t(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\n ::= \"e\" | \"E\" ```\n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n\n- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.\n\nThe sign will be omitted unless the number is negative.\n\nExamples:\n\n- 1.5 will be serialized as \"1500m\" - 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation.", + "type": "string" + }, + "io.k8s.apimachinery.pkg.api.resource.int64Amount": { + "description": "int64Amount represents a fixed precision numerator and arbitrary scale exponent. It is faster than operations on inf.Dec for values that can be represented as int64.", + "type": "object", + "required": [ + "value", + "scale" + ], + "properties": { + "scale": { + "type": "integer", + "format": "int32", + "default": 0 }, - "allowHostPorts": { - "description": "allowHostPorts determines if the policy allows host ports in the containers.", - "type": "boolean", - "default": false + "value": { + "type": "integer", + "format": "int64", + "default": 0 + } + } + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.APIGroup": { + "description": "APIGroup contains the name, the supported versions, and the preferred version of a group.", + "type": "object", + "required": [ + "name", + "versions" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "allowPrivilegeEscalation": { - "description": "allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.", - "type": "boolean" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "allowPrivilegedContainer": { - "description": "allowPrivilegedContainer determines if a container can request to be run as privileged.", - "type": "boolean", - "default": false + "name": { + "description": "name is the name of the group.", + "type": "string", + "default": "" }, - "allowedCapabilities": { - "description": "allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field maybe added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities. To allow all capabilities you may use '*'.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "preferredVersion": { + "description": "preferredVersion is the version preferred by the API server, which probably is the storage version.", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.GroupVersionForDiscovery" }, - "allowedFlexVolumes": { - "description": "allowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the \"Volumes\" field.", + "serverAddressByClientCIDRs": { + "description": "a map of client CIDR to server address that is serving this group. This is to help clients reach servers in the most network-efficient way possible. Clients can use the appropriate server address as per the CIDR that they match. In case of multiple matches, clients should use the longest matching CIDR. The server returns only those CIDRs that it thinks that the client can match. For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.AllowedFlexVolume" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ServerAddressByClientCIDR" }, "x-kubernetes-list-type": "atomic" }, - "allowedUnsafeSysctls": { - "description": "allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.\n\nExamples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc.", + "versions": { + "description": "versions are the versions supported in this group.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.GroupVersionForDiscovery" }, "x-kubernetes-list-type": "atomic" - }, + } + } + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.APIGroupList": { + "description": "APIGroupList is a list of APIGroup, to allow clients to discover the API at /apis.", + "type": "object", + "required": [ + "groups" + ], + "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "defaultAddCapabilities": { - "description": "defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "defaultAllowPrivilegeEscalation": { - "description": "defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.", - "type": "boolean" - }, - "forbiddenSysctls": { - "description": "forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.\n\nExamples: e.g. \"foo/*\" forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", \"foo.baz\", etc.", + "groups": { + "description": "groups is a list of APIGroup.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIGroup" }, "x-kubernetes-list-type": "atomic" }, - "fsGroup": { - "description": "fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.FSGroupStrategyOptions" - }, - "groups": { - "description": "The groups that have permission to use this security context constraints", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + } + } + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.APIResource": { + "description": "APIResource specifies the name of a resource and whether it is namespaced.", + "type": "object", + "required": [ + "name", + "singularName", + "namespaced", + "kind", + "verbs" + ], + "properties": { + "categories": { + "description": "categories is a list of the grouped resources this resource belongs to (e.g. 'all')", "type": "array", "items": { "type": "string", @@ -51554,27 +50869,27 @@ }, "x-kubernetes-list-type": "atomic" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "group": { + "description": "group is the preferred group of the resource. Empty implies the group of the containing resource list. For subresources, this may have a different value, for example: Scale\".", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "kind": { + "description": "kind is the kind for the resource (e.g. 'Foo' is the kind for a resource 'foo')", + "type": "string", + "default": "" }, - "priority": { - "description": "priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields. The higher the int, the higher priority. An unset value is considered a 0 priority. If scores for multiple SCCs are equal they will be sorted from most restrictive to least restrictive. If both priorities and restrictions are equal the SCCs will be sorted by name.", - "type": "integer", - "format": "int32" + "name": { + "description": "name is the plural name of the resource.", + "type": "string", + "default": "" }, - "readOnlyRootFilesystem": { - "description": "readOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the SCC should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.", + "namespaced": { + "description": "namespaced indicates if a resource is namespaced or not.", "type": "boolean", "default": false }, - "requiredDropCapabilities": { - "description": "requiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.", + "shortNames": { + "description": "shortNames is a list of suggested short names of the resource.", "type": "array", "items": { "type": "string", @@ -51582,46 +50897,88 @@ }, "x-kubernetes-list-type": "atomic" }, - "runAsUser": { - "description": "runAsUser is the strategy that will dictate what RunAsUser is used in the SecurityContext.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.RunAsUserStrategyOptions" + "singularName": { + "description": "singularName is the singular name of the resource. This allows clients to handle plural and singular opaquely. The singularName is more correct for reporting status on a single item and both singular and plural are allowed from the kubectl CLI interface.", + "type": "string", + "default": "" }, - "seLinuxContext": { - "description": "seLinuxContext is the strategy that will dictate what labels will be set in the SecurityContext.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.SELinuxContextStrategyOptions" + "storageVersionHash": { + "description": "The hash value of the storage version, the version this resource is converted to when written to the data store. Value must be treated as opaque by clients. Only equality comparison on the value is valid. This is an alpha feature and may change or be removed in the future. The field is populated by the apiserver only if the StorageVersionHash feature gate is enabled. This field will remain optional even if it graduates.", + "type": "string" }, - "seccompProfiles": { - "description": "seccompProfiles lists the allowed profiles that may be set for the pod or container's seccomp annotations. An unset (nil) or empty value means that no profiles may be specifid by the pod or container.\tThe wildcard '*' may be used to allow all profiles. When used to generate a value for a pod the first non-wildcard profile will be used as the default.", + "verbs": { + "description": "verbs is a list of supported kube verbs (this includes get, list, watch, create, update, patch, delete, deletecollection, and proxy)", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } }, - "supplementalGroups": { - "description": "supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.SupplementalGroupsStrategyOptions" + "version": { + "description": "version is the preferred version of the resource. Empty implies the version of the containing resource list For subresources, this may have a different value, for example: v1 (while inside a v1beta1 version of the core resource's group)\".", + "type": "string" + } + } + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList": { + "description": "APIResourceList is a list of APIResource, it is used to expose the name of the resources supported in a specific group and version, and if the resource is namespaced.", + "type": "object", + "required": [ + "groupVersion", + "resources" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "userNamespaceLevel": { - "description": "userNamespaceLevel determines if the policy allows host users in containers. Valid values are \"AllowHostLevel\", \"RequirePodLevel\", and omitted. When \"AllowHostLevel\" is set, a pod author may set `hostUsers` to either `true` or `false`. When \"RequirePodLevel\" is set, a pod author must set `hostUsers` to `false`. When omitted, the default value is \"AllowHostLevel\".", + "groupVersion": { + "description": "groupVersion is the group and version this APIResourceList is for.", "type": "string", - "default": "AllowHostLevel" + "default": "" }, - "users": { - "description": "The users who have permissions to use this security context constraints", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "resources": { + "description": "resources contains the name of the resources and if they are namespaced.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIResource" }, "x-kubernetes-list-type": "atomic" + } + } + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.APIVersions": { + "description": "APIVersions lists the versions that are available, to allow clients to discover the API at /api, which is the root path of the legacy v1 API.", + "type": "object", + "required": [ + "versions", + "serverAddressByClientCIDRs" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "volumes": { - "description": "volumes is a white list of allowed volume plugins. FSType corresponds directly with the field names of a VolumeSource (azureFile, configMap, emptyDir). To allow all volumes you may use \"*\". To allow no volumes, set to [\"none\"].", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "serverAddressByClientCIDRs": { + "description": "a map of client CIDR to server address that is serving this group. This is to help clients reach servers in the most network-efficient way possible. Clients can use the appropriate server address as per the CIDR that they match. In case of multiple matches, clients should use the longest matching CIDR. The server returns only those CIDRs that it thinks that the client can match. For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ServerAddressByClientCIDR" + }, + "x-kubernetes-list-type": "atomic" + }, + "versions": { + "description": "versions are the api versions that are available.", "type": "array", "items": { "type": "string", @@ -51631,153 +50988,200 @@ } } }, - "com.github.openshift.api.security.v1.SecurityContextConstraintsList": { - "description": "SecurityContextConstraintsList is a list of SecurityContextConstraints objects\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.apimachinery.pkg.apis.meta.v1.ApplyOptions": { + "description": "ApplyOptions may be provided when applying an API object. FieldManager is required for apply requests. ApplyOptions is equivalent to PatchOptions. It is provided as a convenience with documentation that speaks specifically to how the options fields relate to apply.", "type": "object", "required": [ - "items" + "force", + "fieldManager" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "List of security context constraints.", + "dryRun": { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.SecurityContextConstraints" - } + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "fieldManager": { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required.", + "type": "string", + "default": "" + }, + "force": { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people.", + "type": "boolean", + "default": false }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.security.v1.ServiceAccountPodSecurityPolicyReviewStatus": { - "description": "ServiceAccountPodSecurityPolicyReviewStatus represents ServiceAccount name and related review status", + "io.k8s.apimachinery.pkg.apis.meta.v1.Condition": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", "type": "object", "required": [ - "name" + "type", + "status", + "lastTransitionTime", + "reason", + "message" ], "properties": { - "allowedBy": { - "description": "allowedBy is a reference to the rule that allows the PodTemplateSpec. A rule can be a SecurityContextConstraint or a PodSecurityPolicy A `nil`, indicates that it was denied.", - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" }, - "name": { - "description": "name contains the allowed and the denied ServiceAccount name", + "message": { + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", "type": "string", "default": "" }, + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", + "type": "integer", + "format": "int64" + }, "reason": { - "description": "A machine-readable description of why this operation is in the \"Failure\" status. If this value is empty there is no information available.", - "type": "string" + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", + "type": "string", + "default": "" }, - "template": { - "description": "template is the PodTemplateSpec after the defaulting is applied.", - "default": {}, - "$ref": "#/definitions/PodTemplateSpec.v1.core.api.k8s.io" + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "type": "string", + "default": "" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.security.v1.SupplementalGroupsStrategyOptions": { - "description": "SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.", + "io.k8s.apimachinery.pkg.apis.meta.v1.CreateOptions": { + "description": "CreateOptions may be provided when creating an API object.", "type": "object", "properties": { - "ranges": { - "description": "ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "dryRun": { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.IDRange" + "type": "string", + "default": "" }, "x-kubernetes-list-type": "atomic" }, - "type": { - "description": "type is the strategy that will dictate what supplemental groups is used in the SecurityContext.", + "fieldManager": { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "type": "string" + }, + "fieldValidation": { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" } } }, - "com.github.openshift.api.securityinternal.v1.RangeAllocation": { - "description": "RangeAllocation is used so we can easily expose a RangeAllocation typed for security group This is an internal API, not intended for external consumption.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions": { + "description": "DeleteOptions may be provided when deleting an API object.", "type": "object", - "required": [ - "range", - "data" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "data": { - "description": "data is a byte array representing the serialized state of a range allocation. It is a bitmap with each bit set to one to represent a range is taken.", - "type": "string", - "format": "byte" + "dryRun": { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "gracePeriodSeconds": { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "type": "integer", + "format": "int64" + }, + "ignoreStoreReadErrorWithClusterBreakingPotential": { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "type": "boolean" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "orphanDependents": { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "type": "boolean" }, - "range": { - "description": "range is a string representing a unique label for a range of uids, \"1000000000-2000000000/10000\".", - "type": "string", - "default": "" + "preconditions": { + "description": "Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be returned.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Preconditions" + }, + "propagationPolicy": { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "type": "string" } } }, - "com.github.openshift.api.securityinternal.v1.RangeAllocationList": { - "description": "RangeAllocationList is a list of RangeAllocations objects This is an internal API, not intended for external consumption.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.apimachinery.pkg.apis.meta.v1.Duration": { + "description": "Duration is a wrapper around time.Duration which supports correct marshaling to YAML and JSON. In particular, it marshals into strings, which can be used as map keys in json.", + "type": "string" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.FieldSelectorRequirement": { + "description": "FieldSelectorRequirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ - "items" + "key", + "operator" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "key": { + "description": "key is the field selector key that the requirement applies to.", + "type": "string", + "default": "" }, - "items": { - "description": "List of RangeAllocations.", + "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. The list of operators may grow in the future.", + "type": "string", + "default": "" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.securityinternal.v1.RangeAllocation" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfig": { - "description": "ServiceCertSignerOperatorConfig provides information to configure an operator to manage the service cert signing controllers\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1": { + "description": "FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format.\n\nEach key is either a '.' representing the field itself, and will always map to an empty set, or a string representing a sub-field or item. The string will follow one of these four formats: 'f:', where is the name of a field in a struct, or key in a map 'v:', where is the exact json formatted value of a list item 'i:', where is position of a item in a list 'k:', where is a map of a list item's key fields to their unique values If a key maps to an empty Fields value, the field that key represents is part of the set.\n\nThe exact format is defined in sigs.k8s.io/structured-merge-diff", + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.GetOptions": { + "description": "GetOptions is the standard query options to the standard REST get call.", "type": "object", - "required": [ - "metadata", - "spec", - "status" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -51787,283 +51191,205 @@ "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfigSpec" - }, - "status": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfigStatus" + "resourceVersion": { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "type": "string" } } }, - "com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfigList": { - "description": "ServiceCertSignerOperatorConfigList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "io.k8s.apimachinery.pkg.apis.meta.v1.GroupKind": { + "description": "GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types", "type": "object", "required": [ - "items" + "group", + "kind" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items contains the items", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfig" - } + "group": { + "type": "string", + "default": "" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "type": "string", + "default": "" } } }, - "com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfigSpec": { + "io.k8s.apimachinery.pkg.apis.meta.v1.GroupResource": { + "description": "GroupResource specifies a Group and a Resource, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types", "type": "object", "required": [ - "managementState" + "group", + "resource" ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "group": { "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" - }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + "resource": { + "type": "string", + "default": "" } } }, - "com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfigStatus": { + "io.k8s.apimachinery.pkg.apis.meta.v1.GroupVersion": { + "description": "GroupVersion contains the \"group\" and the \"version\", which uniquely identifies the API.", "type": "object", + "required": [ + "group", + "version" + ], "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "group": { + "type": "string", + "default": "" }, "version": { - "description": "version is the level this availability applies to", - "type": "string" + "type": "string", + "default": "" } } }, - "com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMap": { - "description": "SharedConfigMap allows a ConfigMap to be shared across namespaces. Pods can mount the shared ConfigMap by adding a CSI volume to the pod specification using the \"csi.sharedresource.openshift.io\" CSI driver and a reference to the SharedConfigMap in the volume attributes:\n\nspec:\n\n\tvolumes:\n\t- name: shared-configmap\n\t csi:\n\t driver: csi.sharedresource.openshift.io\n\t volumeAttributes:\n\t sharedConfigMap: my-share\n\nFor the mount to be successful, the pod's service account must be granted permission to 'use' the named SharedConfigMap object within its namespace with an appropriate Role and RoleBinding. For compactness, here are example `oc` invocations for creating such Role and RoleBinding objects.\n\n\t`oc create role shared-resource-my-share --verb=use --resource=sharedconfigmaps.sharedresource.openshift.io --resource-name=my-share`\n\t`oc create rolebinding shared-resource-my-share --role=shared-resource-my-share --serviceaccount=my-namespace:default`\n\nShared resource objects, in this case ConfigMaps, have default permissions of list, get, and watch for system authenticated users.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support.", + "io.k8s.apimachinery.pkg.apis.meta.v1.GroupVersionForDiscovery": { + "description": "GroupVersion contains the \"group/version\" and \"version\" string of a version. It is made a struct to keep extensibility.", "type": "object", "required": [ - "spec" + "groupVersion", + "version" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "spec": { - "description": "spec is the specification of the desired shared configmap", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapSpec" + "groupVersion": { + "description": "groupVersion specifies the API group and version in the form \"group/version\"", + "type": "string", + "default": "" }, - "status": { - "description": "status is the observed status of the shared configmap", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapStatus" + "version": { + "description": "version specifies the version in the form of \"version\". This is to save the clients the trouble of splitting the GroupVersion.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapList": { - "description": "SharedConfigMapList contains a list of SharedConfigMap objects.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support.", + "io.k8s.apimachinery.pkg.apis.meta.v1.GroupVersionKind": { + "description": "GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling", "type": "object", "required": [ - "items" + "group", + "version", + "kind" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMap" - } + "group": { + "type": "string", + "default": "" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "type": "string", + "default": "" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "version": { + "type": "string", + "default": "" } } }, - "com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapReference": { - "description": "SharedConfigMapReference contains information about which ConfigMap to share", + "io.k8s.apimachinery.pkg.apis.meta.v1.GroupVersionResource": { + "description": "GroupVersionResource unambiguously identifies a resource. It doesn't anonymously include GroupVersion to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling", "type": "object", "required": [ - "name", - "namespace" + "group", + "version", + "resource" ], "properties": { - "name": { - "description": "name represents the name of the ConfigMap that is being referenced.", + "group": { "type": "string", "default": "" }, - "namespace": { - "description": "namespace represents the namespace where the referenced ConfigMap is located.", + "resource": { + "type": "string", + "default": "" + }, + "version": { "type": "string", "default": "" } } }, - "com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapSpec": { - "description": "SharedConfigMapSpec defines the desired state of a SharedConfigMap", + "io.k8s.apimachinery.pkg.apis.meta.v1.InternalEvent": { + "description": "InternalEvent makes watch.Event versioned", "type": "object", "required": [ - "configMapRef" + "Type", + "Object" ], "properties": { - "configMapRef": { - "description": "configMapRef is a reference to the ConfigMap to share", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapReference" + "Object": { + "description": "Object is:\n * If Type is Added or Modified: the new state of the object.\n * If Type is Deleted: the state of the object immediately before deletion.\n * If Type is Bookmark: the object (instance of a type being watched) where\n only ResourceVersion field is set. On successful restart of watch from a\n bookmark resourceVersion, client is guaranteed to not get repeat event\n nor miss any events.\n * If Type is Error: *api.Status is recommended; other types may make sense\n depending on context.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.Object" }, - "description": { - "description": "description is a user readable explanation of what the backing resource provides.", - "type": "string" + "Type": { + "type": "string", + "default": "" } } }, - "com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapStatus": { - "description": "SharedSecretStatus contains the observed status of the shared resource", + "io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector": { + "description": "A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.", "type": "object", "properties": { - "conditions": { - "description": "conditions represents any observations made on this particular shared resource by the underlying CSI driver or Share controller.", + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement" }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" + }, + "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.sharedresource.v1alpha1.SharedSecret": { - "description": "SharedSecret allows a Secret to be shared across namespaces. Pods can mount the shared Secret by adding a CSI volume to the pod specification using the \"csi.sharedresource.openshift.io\" CSI driver and a reference to the SharedSecret in the volume attributes:\n\nspec:\n\n\tvolumes:\n\t- name: shared-secret\n\t csi:\n\t driver: csi.sharedresource.openshift.io\n\t volumeAttributes:\n\t sharedSecret: my-share\n\nFor the mount to be successful, the pod's service account must be granted permission to 'use' the named SharedSecret object within its namespace with an appropriate Role and RoleBinding. For compactness, here are example `oc` invocations for creating such Role and RoleBinding objects.\n\n\t`oc create role shared-resource-my-share --verb=use --resource=sharedsecrets.sharedresource.openshift.io --resource-name=my-share`\n\t`oc create rolebinding shared-resource-my-share --role=shared-resource-my-share --serviceaccount=my-namespace:default`\n\nShared resource objects, in this case Secrets, have default permissions of list, get, and watch for system authenticated users.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support.", + "io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ - "spec" + "key", + "operator" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string", + "default": "" }, - "spec": { - "description": "spec is the specification of the desired shared secret", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedSecretSpec" + "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + "type": "string", + "default": "" }, - "status": { - "description": "status is the observed status of the shared secret", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedSecretStatus" + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.sharedresource.v1alpha1.SharedSecretList": { - "description": "SharedSecretList contains a list of SharedSecret objects.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support.", + "io.k8s.apimachinery.pkg.apis.meta.v1.List": { + "description": "List holds a list of objects, which may not be known by the server.", "type": "object", "required": [ "items" @@ -52074,10 +51400,10 @@ "type": "string" }, "items": { + "description": "List of objects", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedSecret" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } }, "kind": { @@ -52085,197 +51411,271 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.sharedresource.v1alpha1.SharedSecretReference": { - "description": "SharedSecretReference contains information about which Secret to share", + "io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta": { + "description": "ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.", "type": "object", - "required": [ - "name", - "namespace" - ], "properties": { - "name": { - "description": "name represents the name of the Secret that is being referenced.", - "type": "string", - "default": "" + "continue": { + "description": "continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message.", + "type": "string" }, - "namespace": { - "description": "namespace represents the namespace where the referenced Secret is located.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.sharedresource.v1alpha1.SharedSecretSpec": { - "description": "SharedSecretSpec defines the desired state of a SharedSecret", - "type": "object", - "required": [ - "secretRef" - ], - "properties": { - "description": { - "description": "description is a user readable explanation of what the backing resource provides.", + "remainingItemCount": { + "description": "remainingItemCount is the number of subsequent items in the list which are not included in this list response. If the list request contained label or field selectors, then the number of remaining items is unknown and the field will be left unset and omitted during serialization. If the list is complete (either because it is not chunking or because this is the last chunk), then there are no more remaining items and this field will be left unset and omitted during serialization. Servers older than v1.15 do not set this field. The intended use of the remainingItemCount is *estimating* the size of a collection. Clients should not rely on the remainingItemCount to be set or to be exact.", + "type": "integer", + "format": "int64" + }, + "resourceVersion": { + "description": "String that identifies the server's internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", "type": "string" }, - "secretRef": { - "description": "secretRef is a reference to the Secret to share", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedSecretReference" - } - } - }, - "com.github.openshift.api.sharedresource.v1alpha1.SharedSecretStatus": { - "description": "SharedSecretStatus contains the observed status of the shared resource", - "type": "object", - "properties": { - "conditions": { - "description": "conditions represents any observations made on this particular shared resource by the underlying CSI driver or Share controller.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "selfLink": { + "description": "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.", + "type": "string" } } }, - "com.github.openshift.api.template.v1.BrokerTemplateInstance": { - "description": "BrokerTemplateInstance holds the service broker-related state associated with a TemplateInstance. BrokerTemplateInstance is part of an experimental API.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.apimachinery.pkg.apis.meta.v1.ListOptions": { + "description": "ListOptions is the query options to a standard REST list call.", "type": "object", - "required": [ - "spec" - ], "properties": { + "allowWatchBookmarks": { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "type": "boolean" + }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "continue": { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "type": "string" + }, + "fieldSelector": { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "type": "string" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "labelSelector": { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "type": "string" }, - "spec": { - "description": "spec describes the state of this BrokerTemplateInstance.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.template.v1.BrokerTemplateInstanceSpec" + "limit": { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "type": "integer", + "format": "int64" + }, + "resourceVersion": { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "type": "string" + }, + "resourceVersionMatch": { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "type": "string" + }, + "sendInitialEvents": { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "type": "boolean" + }, + "timeoutSeconds": { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "type": "integer", + "format": "int64" + }, + "watch": { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "type": "boolean" } } }, - "com.github.openshift.api.template.v1.BrokerTemplateInstanceList": { - "description": "BrokerTemplateInstanceList is a list of BrokerTemplateInstance objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry": { + "description": "ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource that the fieldset applies to.", "type": "object", - "required": [ - "items" - ], "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion defines the version of this resource that this field set applies to. The format is \"group/version\" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.", "type": "string" }, - "items": { - "description": "items is a list of BrokerTemplateInstances", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.template.v1.BrokerTemplateInstance" - } + "fieldsType": { + "description": "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"", + "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "fieldsV1": { + "description": "FieldsV1 holds the first JSON version format as described in the \"FieldsV1\" type.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1" + }, + "manager": { + "description": "Manager is an identifier of the workflow managing these fields.", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "operation": { + "description": "Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.", + "type": "string" + }, + "subresource": { + "description": "Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource.", + "type": "string" + }, + "time": { + "description": "Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" } } }, - "com.github.openshift.api.template.v1.BrokerTemplateInstanceSpec": { - "description": "BrokerTemplateInstanceSpec describes the state of a BrokerTemplateInstance.", + "io.k8s.apimachinery.pkg.apis.meta.v1.MicroTime": { + "description": "MicroTime is version of Time with microsecond level precision.", + "type": "string", + "format": "date-time" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta": { + "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.", "type": "object", - "required": [ - "templateInstance", - "secret" - ], "properties": { - "bindingIDs": { - "description": "bindingIDs is a list of 'binding_id's provided during successive bind calls to the template service broker.", + "annotations": { + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "creationTimestamp": { + "description": "CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "deletionGracePeriodSeconds": { + "description": "Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.", + "type": "integer", + "format": "int64" + }, + "deletionTimestamp": { + "description": "DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + }, + "finalizers": { + "description": "Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.", "type": "array", "items": { "type": "string", "default": "" + }, + "x-kubernetes-list-type": "set", + "x-kubernetes-patch-strategy": "merge" + }, + "generateName": { + "description": "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will return a 409.\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", + "type": "string" + }, + "generation": { + "description": "A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.", + "type": "integer", + "format": "int64" + }, + "labels": { + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" } }, - "secret": { - "description": "secret is a reference to a Secret object residing in a namespace, containing the necessary template parameters.", - "default": {}, - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + "managedFields": { + "description": "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry" + }, + "x-kubernetes-list-type": "atomic" }, - "templateInstance": { - "description": "templateInstance is a reference to a TemplateInstance object residing in a namespace.", - "default": {}, - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names", + "type": "string" + }, + "namespace": { + "description": "Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces", + "type": "string" + }, + "ownerReferences": { + "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference" + }, + "x-kubernetes-list-map-keys": [ + "uid" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "uid", + "x-kubernetes-patch-strategy": "merge" + }, + "resourceVersion": { + "description": "An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "selfLink": { + "description": "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.", + "type": "string" + }, + "uid": { + "description": "UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", + "type": "string" } } }, - "com.github.openshift.api.template.v1.Parameter": { - "description": "Parameter defines a name/value variable that is to be processed during the Template to Config transformation.", + "io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference": { + "description": "OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.", "type": "object", "required": [ - "name" + "apiVersion", + "kind", + "name", + "uid" ], "properties": { - "description": { - "description": "description of a parameter. Optional.", - "type": "string" + "apiVersion": { + "description": "API version of the referent.", + "type": "string", + "default": "" }, - "displayName": { - "description": "Optional: The name that will show in UI instead of parameter 'Name'", - "type": "string" + "blockOwnerDeletion": { + "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs \"delete\" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.", + "type": "boolean" }, - "from": { - "description": "from is an input value for the generator. Optional.", - "type": "string" + "controller": { + "description": "If true, this reference points to the managing controller.", + "type": "boolean" }, - "generate": { - "description": "generate specifies the generator to be used to generate random string from an input value specified by From field. The result string is stored into Value field. If empty, no generator is being used, leaving the result Value untouched. Optional.\n\nThe only supported generator is \"expression\", which accepts a \"from\" value in the form of a simple regular expression containing the range expression \"[a-zA-Z0-9]\", and the length expression \"a{length}\".\n\nExamples:\n\nfrom | value ----------------------------- \"test[0-9]{1}x\" | \"test7x\" \"[0-1]{8}\" | \"01001100\" \"0x[A-F0-9]{4}\" | \"0xB3AF\" \"[a-zA-Z0-9]{8}\" | \"hW4yQU5i\"", - "type": "string" + "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string", + "default": "" }, "name": { - "description": "name must be set and it can be referenced in Template Items using ${PARAMETER_NAME}. Required.", + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names", "type": "string", "default": "" }, - "required": { - "description": "Optional: Indicates the parameter must have a value. Defaults to false.", - "type": "boolean" - }, - "value": { - "description": "value holds the Parameter data. If specified, the generator will be ignored. The value replaces all occurrences of the Parameter ${Name} expression during the Template to Config transformation. Optional.", - "type": "string" + "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", + "type": "string", + "default": "" } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.template.v1.Template": { - "description": "Template contains the inputs needed to produce a Config.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.apimachinery.pkg.apis.meta.v1.PartialObjectMetadata": { + "description": "PartialObjectMetadata is a generic representation of any object with ObjectMeta. It allows clients to get access to a particular ObjectMeta schema without knowing the details of the version.", "type": "object", - "required": [ - "objects" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -52285,492 +51685,590 @@ "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "labels": { - "description": "labels is a optional set of labels that are applied to every object during the Template to Config transformation.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "message": { - "description": "message is an optional instructional message that will be displayed when this template is instantiated. This field should inform the user how to utilize the newly created resources. Parameter substitution will be performed on the message before being displayed so that generated credentials and other parameters can be included in the output.", - "type": "string" - }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "objects": { - "description": "objects is an array of resources to include in this template. If a namespace value is hardcoded in the object, it will be removed during template instantiation, however if the namespace value is, or contains, a ${PARAMETER_REFERENCE}, the resolved value after parameter substitution will be respected and the object will be created in that namespace.", - "type": "array", - "items": { - "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" - } - }, - "parameters": { - "description": "parameters is an optional array of Parameters used during the Template to Config transformation.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.template.v1.Parameter" - } + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } } }, - "com.github.openshift.api.template.v1.TemplateInstance": { - "description": "TemplateInstance requests and records the instantiation of a Template. TemplateInstance is part of an experimental API.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.apimachinery.pkg.apis.meta.v1.PartialObjectMetadataList": { + "description": "PartialObjectMetadataList contains a list of objects containing only their metadata", "type": "object", "required": [ - "spec" + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "description": "items contains each of the included items.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.PartialObjectMetadata" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + } + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.Patch": { + "description": "Patch is provided to give a concrete name and type to the Kubernetes PATCH request body.", + "type": "object" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.PatchOptions": { + "description": "PatchOptions may be provided when patching an API object. PatchOptions is meant to be a superset of UpdateOptions.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "spec": { - "description": "spec describes the desired state of this TemplateInstance.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.template.v1.TemplateInstanceSpec" + "dryRun": { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "status": { - "description": "status describes the current state of this TemplateInstance.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.template.v1.TemplateInstanceStatus" + "fieldManager": { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "type": "string" + }, + "fieldValidation": { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "type": "string" + }, + "force": { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "type": "boolean" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + } + } + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.Preconditions": { + "description": "Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out.", + "type": "object", + "properties": { + "resourceVersion": { + "description": "Specifies the target ResourceVersion", + "type": "string" + }, + "uid": { + "description": "Specifies the target UID.", + "type": "string" + } + } + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.RootPaths": { + "description": "RootPaths lists the paths available at root. For example: \"/healthz\", \"/apis\".", + "type": "object", + "required": [ + "paths" + ], + "properties": { + "paths": { + "description": "paths are the paths available at root.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.template.v1.TemplateInstanceCondition": { - "description": "TemplateInstanceCondition contains condition information for a TemplateInstance.", + "io.k8s.apimachinery.pkg.apis.meta.v1.ServerAddressByClientCIDR": { + "description": "ServerAddressByClientCIDR helps the client to determine the server address that they should use, depending on the clientCIDR that they match.", "type": "object", "required": [ - "type", - "status", - "lastTransitionTime", - "reason", - "message" + "clientCIDR", + "serverAddress" ], "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time a condition status transitioned from one state to another.", - "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "message": { - "description": "message is a human readable description of the details of the last transition, complementing reason.", - "type": "string", - "default": "" - }, - "reason": { - "description": "reason is a brief machine readable explanation for the condition's last transition.", - "type": "string", - "default": "" - }, - "status": { - "description": "status of the condition, one of True, False or Unknown.", + "clientCIDR": { + "description": "The CIDR with which clients can match their IP to figure out the server address that they should use.", "type": "string", "default": "" }, - "type": { - "description": "type of the condition, currently Ready or InstantiateFailure.", + "serverAddress": { + "description": "Address of this server, suitable for a client that matches the above CIDR. This can be a hostname, hostname:port, IP or IP:port.", "type": "string", "default": "" } } }, - "com.github.openshift.api.template.v1.TemplateInstanceList": { - "description": "TemplateInstanceList is a list of TemplateInstance objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.apimachinery.pkg.apis.meta.v1.Status": { + "description": "Status is a return value for calls that don't return other objects.", "type": "object", - "required": [ - "items" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "items is a list of Templateinstances", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.template.v1.TemplateInstance" - } + "code": { + "description": "Suggested HTTP return code for this status, 0 if not set.", + "type": "integer", + "format": "int32" + }, + "details": { + "description": "Extended data associated with the reason. Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.StatusDetails", + "x-kubernetes-list-type": "atomic" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, + "message": { + "description": "A human-readable description of the status of this operation.", + "type": "string" + }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - } - } - }, - "com.github.openshift.api.template.v1.TemplateInstanceObject": { - "description": "TemplateInstanceObject references an object created by a TemplateInstance.", - "type": "object", - "properties": { - "ref": { - "description": "ref is a reference to the created object. When used under .spec, only name and namespace are used; these can contain references to parameters which will be substituted following the usual rules.", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" - } - } - }, - "com.github.openshift.api.template.v1.TemplateInstanceRequester": { - "description": "TemplateInstanceRequester holds the identity of an agent requesting a template instantiation.", - "type": "object", - "properties": { - "extra": { - "description": "extra holds additional information provided by the authenticator.", - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string", - "default": "" - } - } - }, - "groups": { - "description": "groups represent the groups this user is a part of.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" }, - "uid": { - "description": "uid is a unique value that identifies this user across time; if this user is deleted and another user by the same name is added, they will have different UIDs.", + "reason": { + "description": "A machine-readable description of why this operation is in the \"Failure\" status. If this value is empty there is no information available. A Reason clarifies an HTTP status code but does not override it.", "type": "string" }, - "username": { - "description": "username uniquely identifies this user among all active users.", + "status": { + "description": "Status of the operation. One of: \"Success\" or \"Failure\". More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "type": "string" } } }, - "com.github.openshift.api.template.v1.TemplateInstanceSpec": { - "description": "TemplateInstanceSpec describes the desired state of a TemplateInstance.", + "io.k8s.apimachinery.pkg.apis.meta.v1.StatusCause": { + "description": "StatusCause provides more information about an api.Status failure, including cases when multiple errors are encountered.", "type": "object", - "required": [ - "template" - ], "properties": { - "requester": { - "description": "requester holds the identity of the agent requesting the template instantiation.", - "$ref": "#/definitions/com.github.openshift.api.template.v1.TemplateInstanceRequester" + "field": { + "description": "The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional.\n\nExamples:\n \"name\" - the field \"name\" on the current resource\n \"items[0].name\" - the field \"name\" on the first array entry in \"items\"", + "type": "string" }, - "secret": { - "description": "secret is a reference to a Secret object containing the necessary template parameters.", - "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + "message": { + "description": "A human-readable description of the cause of the error. This field may be presented as-is to a reader.", + "type": "string" }, - "template": { - "description": "template is a full copy of the template for instantiation.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.template.v1.Template" + "reason": { + "description": "A machine-readable description of the cause of the error. If this value is empty there is no information available.", + "type": "string" } } }, - "com.github.openshift.api.template.v1.TemplateInstanceStatus": { - "description": "TemplateInstanceStatus describes the current state of a TemplateInstance.", + "io.k8s.apimachinery.pkg.apis.meta.v1.StatusDetails": { + "description": "StatusDetails is a set of additional properties that MAY be set by the server to provide additional information about a response. The Reason field of a Status object defines what attributes will be set. Clients must ignore fields that do not match the defined type of each attribute, and should assume that any attribute may be empty, invalid, or under defined.", "type": "object", "properties": { - "conditions": { - "description": "conditions represent the latest available observations of a TemplateInstance's current state.", + "causes": { + "description": "The Causes array includes more details associated with the StatusReason failure. Not all StatusReasons may provide detailed causes.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.template.v1.TemplateInstanceCondition" - } + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.StatusCause" + }, + "x-kubernetes-list-type": "atomic" }, - "objects": { - "description": "objects references the objects created by the TemplateInstance.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.template.v1.TemplateInstanceObject" - } + "group": { + "description": "The group attribute of the resource associated with the status StatusReason.", + "type": "string" + }, + "kind": { + "description": "The kind attribute of the resource associated with the status StatusReason. On some operations may differ from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "The name attribute of the resource associated with the status StatusReason (when there is a single name which can be described).", + "type": "string" + }, + "retryAfterSeconds": { + "description": "If specified, the time in seconds before the operation should be retried. Some errors may indicate the client must take an alternate action - for those errors this field may indicate how long to wait before taking the alternate action.", + "type": "integer", + "format": "int32" + }, + "uid": { + "description": "UID of the resource. (when there is a single resource which can be described). More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", + "type": "string" } } }, - "com.github.openshift.api.template.v1.TemplateList": { - "description": "TemplateList is a list of Template objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.apimachinery.pkg.apis.meta.v1.Table": { + "description": "Table is a tabular representation of a set of API resources. The server transforms the object into a set of preferred columns for quickly reviewing the objects.", "type": "object", "required": [ - "items" + "columnDefinitions", + "rows" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "items is a list of templates", + "columnDefinitions": { + "description": "columnDefinitions describes each column in the returned items array. The number of cells per row will always match the number of column definitions.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.template.v1.Template" - } + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.TableColumnDefinition" + }, + "x-kubernetes-list-type": "atomic" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + }, + "rows": { + "description": "rows is the list of items in the table.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.TableRow" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.user.v1.Group": { - "description": "Group represents a referenceable set of Users\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.apimachinery.pkg.apis.meta.v1.TableColumnDefinition": { + "description": "TableColumnDefinition contains information about a column returned in the Table.", "type": "object", "required": [ - "users" + "name", + "type", + "format", + "description", + "priority" ], + "properties": { + "description": { + "description": "description is a human readable description of this column.", + "type": "string", + "default": "" + }, + "format": { + "description": "format is an optional OpenAPI type modifier for this column. A format modifies the type and imposes additional rules, like date or time formatting for a string. The 'name' format is applied to the primary identifier column which has type 'string' to assist in clients identifying column is the resource name. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more.", + "type": "string", + "default": "" + }, + "name": { + "description": "name is a human readable name for the column.", + "type": "string", + "default": "" + }, + "priority": { + "description": "priority is an integer defining the relative importance of this column compared to others. Lower numbers are considered higher priority. Columns that may be omitted in limited space scenarios should be given a higher priority.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "type": { + "description": "type is an OpenAPI type definition for this column, such as number, integer, string, or array. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more.", + "type": "string", + "default": "" + } + } + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.TableOptions": { + "description": "TableOptions are used when a Table is requested by the caller.", + "type": "object", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "includeObject": { + "description": "includeObject decides whether to include each object along with its columnar information. Specifying \"None\" will return no object, specifying \"Object\" will return the full object contents, and specifying \"Metadata\" (the default) will return the object's metadata in the PartialObjectMetadata kind in version v1beta1 of the meta.k8s.io API group.", + "type": "string" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "users": { - "description": "users is the list of users in this group.", - "type": "array", - "items": { - "type": "string", - "default": "" - } } } }, - "com.github.openshift.api.user.v1.GroupList": { - "description": "GroupList is a collection of Groups\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.apimachinery.pkg.apis.meta.v1.TableRow": { + "description": "TableRow is an individual row in a table.", "type": "object", "required": [ - "items" + "cells" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "cells": { + "description": "cells will be as wide as the column definitions array and may contain strings, numbers (float64 or int64), booleans, simple maps, lists, or null. See the type field of the column definition for a more detailed description.", + "type": "array", + "items": { + "type": "object" + }, + "x-kubernetes-list-type": "atomic" }, - "items": { - "description": "items is the list of groups", + "conditions": { + "description": "conditions describe additional status of a row that are relevant for a human user. These conditions apply to the row, not to the object, and will be specific to table output. The only defined condition type is 'Completed', for a row that indicates a resource that has run to completion and can be given less visual priority.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.user.v1.Group" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.TableRowCondition" + }, + "x-kubernetes-list-type": "atomic" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "object": { + "description": "This field contains the requested additional information about each object based on the includeObject policy when requesting the Table. If \"None\", this field is empty, if \"Object\" this will be the default serialization of the object for the current API version, and if \"Metadata\" (the default) will contain the object metadata. Check the returned kind and apiVersion of the object before parsing. The media type of the object will always match the enclosing list - if this as a JSON table, these will be JSON encoded objects.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } } }, - "com.github.openshift.api.user.v1.Identity": { - "description": "Identity records a successful authentication of a user with an identity provider. The information about the source of authentication is stored on the identity, and the identity is then associated with a single user object. Multiple identities can reference a single user. Information retrieved from the authentication provider is stored in the extra field using a schema determined by the provider.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.apimachinery.pkg.apis.meta.v1.TableRowCondition": { + "description": "TableRowCondition allows a row to be marked with additional information.", "type": "object", "required": [ - "providerName", - "providerUserName", - "user" + "type", + "status" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "message": { + "description": "Human readable message indicating details about last transition.", "type": "string" }, - "extra": { - "description": "extra holds extra information about this identity", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "reason": { + "description": "(brief) machine readable reason for the condition's last transition.", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" - }, - "providerName": { - "description": "providerName is the source of identity information", + "status": { + "description": "Status of the condition, one of True, False, Unknown.", "type": "string", "default": "" }, - "providerUserName": { - "description": "providerUserName uniquely represents this identity in the scope of the provider", + "type": { + "description": "Type of row condition. The only defined value is 'Completed' indicating that the object this row represents has reached a completed state and may be given less visual priority than other rows. Clients are not required to honor any conditions but should be consistent where possible about handling the conditions.", "type": "string", "default": "" - }, - "user": { - "description": "user is a reference to the user this identity is associated with Both Name and UID must be set", - "default": {}, - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.user.v1.IdentityList": { - "description": "IdentityList is a collection of Identities\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.apimachinery.pkg.apis.meta.v1.Time": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.Timestamp": { + "description": "Timestamp is a struct that is equivalent to Time, but intended for protobuf marshalling/unmarshalling. It is generated into a serialization that matches Time. Do not use in Go structs.", "type": "object", "required": [ - "items" + "seconds", + "nanos" ], + "properties": { + "nanos": { + "description": "Non-negative fractions of a second at nanosecond resolution. Negative second values with fractions must still have non-negative nanos values that count forward in time. Must be from 0 to 999,999,999 inclusive. This field may be limited in precision depending on context.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "seconds": { + "description": "Represents seconds of UTC time since Unix epoch 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59Z inclusive.", + "type": "integer", + "format": "int64", + "default": 0 + } + } + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.TypeMeta": { + "description": "TypeMeta describes an individual object in an API response or request with strings representing the type of the object and its API schema version. Structures that are versioned or persisted should inline TypeMeta.", + "type": "object", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "items is the list of identities", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.user.v1.Identity" - } - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.user.v1.User": { - "description": "Upon log in, every user of the system receives a User and Identity resource. Administrators may directly manipulate the attributes of the users for their own tracking, or set groups via the API. The user name is unique and is chosen based on the value provided by the identity provider - if a user already exists with the incoming name, the user name may have a number appended to it depending on the configuration of the system.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.apimachinery.pkg.apis.meta.v1.UpdateOptions": { + "description": "UpdateOptions may be provided when updating an API object. All fields in UpdateOptions should also be present in PatchOptions.", "type": "object", - "required": [ - "groups" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "fullName": { - "description": "fullName is the full name of user", - "type": "string" - }, - "groups": { - "description": "groups specifies group names this user is a member of. This field is deprecated and will be removed in a future release. Instead, create a Group object containing the name of this User.", + "dryRun": { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" }, - "identities": { - "description": "identities are the identities associated with this user", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "fieldManager": { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "type": "string" + }, + "fieldValidation": { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + } + } + }, + "io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent": { + "description": "Event represents a single event to a watched resource.", + "type": "object", + "required": [ + "type", + "object" + ], + "properties": { + "object": { + "description": "Object is:\n * If Type is Added or Modified: the new state of the object.\n * If Type is Deleted: the state of the object immediately before deletion.\n * If Type is Error: *Status is recommended; other types may make sense\n depending on context.", + "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "type": { + "type": "string", + "default": "" } } }, - "com.github.openshift.api.user.v1.UserIdentityMapping": { - "description": "UserIdentityMapping maps a user to an identity\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.apimachinery.pkg.runtime.RawExtension": { + "description": "RawExtension is used to hold extensions in external versions.\n\nTo use this, make a field which has RawExtension as its type in your external, versioned struct, and Object in your internal struct. You also need to register your various plugin types.\n\n// Internal package:\n\n\ttype MyAPIObject struct {\n\t\truntime.TypeMeta `json:\",inline\"`\n\t\tMyPlugin runtime.Object `json:\"myPlugin\"`\n\t}\n\n\ttype PluginA struct {\n\t\tAOption string `json:\"aOption\"`\n\t}\n\n// External package:\n\n\ttype MyAPIObject struct {\n\t\truntime.TypeMeta `json:\",inline\"`\n\t\tMyPlugin runtime.RawExtension `json:\"myPlugin\"`\n\t}\n\n\ttype PluginA struct {\n\t\tAOption string `json:\"aOption\"`\n\t}\n\n// On the wire, the JSON will look something like this:\n\n\t{\n\t\t\"kind\":\"MyAPIObject\",\n\t\t\"apiVersion\":\"v1\",\n\t\t\"myPlugin\": {\n\t\t\t\"kind\":\"PluginA\",\n\t\t\t\"aOption\":\"foo\",\n\t\t},\n\t}\n\nSo what happens? Decode first uses json or yaml to unmarshal the serialized data into your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. The next step is to copy (using pkg/conversion) into the internal struct. The runtime package's DefaultScheme has conversion functions installed which will unpack the JSON stored in RawExtension, turning it into the correct object type, and storing it in the Object. (TODO: In the case where the object is of an unknown type, a runtime.Unknown object will be created and stored.)", + "type": "object" + }, + "io.k8s.apimachinery.pkg.runtime.TypeMeta": { + "description": "TypeMeta is shared by all top level objects. The proper way to use it is to inline it in your type, like this:\n\n\ttype MyAwesomeAPIObject struct {\n\t runtime.TypeMeta `json:\",inline\"`\n\t ... // other fields\n\t}\n\nfunc (obj *MyAwesomeAPIObject) SetGroupVersionKind(gvk *metav1.GroupVersionKind) { metav1.UpdateTypeMeta(obj,gvk) }; GroupVersionKind() *GroupVersionKind\n\nTypeMeta is provided here for convenience. You may use it directly from this package or define your own with the same fields.", "type": "object", "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "identity": { - "description": "identity is a reference to an identity", - "default": {}, - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" - }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + } + } + }, + "io.k8s.apimachinery.pkg.runtime.Unknown": { + "description": "Unknown allows api objects with unknown types to be passed-through. This can be used to deal with the API objects from a plug-in. Unknown objects still have functioning TypeMeta features-- kind, version, etc. metadata and field mutatation.", + "type": "object", + "required": [ + "ContentEncoding", + "ContentType" + ], + "properties": { + "ContentEncoding": { + "description": "ContentEncoding is encoding used to encode 'Raw' data. Unspecified means no encoding.", + "type": "string", + "default": "" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "ContentType": { + "description": "ContentType is serialization method used to serialize 'Raw'. Unspecified means ContentTypeJSON.", + "type": "string", + "default": "" }, - "user": { - "description": "user is a reference to a user", - "default": {}, - "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + "apiVersion": { + "type": "string" + }, + "kind": { + "type": "string" } } }, - "com.github.openshift.api.user.v1.UserList": { - "description": "UserList is a collection of Users\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "io.k8s.apimachinery.pkg.util.intstr.IntOrString": { + "description": "IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number.", + "type": "string", + "format": "int-or-string" + }, + "io.k8s.apimachinery.pkg.version.Info": { + "description": "Info contains versioning information. how we'll want to distribute that information.", "type": "object", "required": [ - "items" + "major", + "minor", + "gitVersion", + "gitCommit", + "gitTreeState", + "buildDate", + "goVersion", + "compiler", + "platform" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "buildDate": { + "type": "string", + "default": "" + }, + "compiler": { + "type": "string", + "default": "" + }, + "emulationMajor": { + "description": "EmulationMajor is the major version of the emulation version", "type": "string" }, - "items": { - "description": "items is the list of users", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.user.v1.User" - } + "emulationMinor": { + "description": "EmulationMinor is the minor version of the emulation version", + "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "gitCommit": { + "type": "string", + "default": "" + }, + "gitTreeState": { + "type": "string", + "default": "" + }, + "gitVersion": { + "type": "string", + "default": "" + }, + "goVersion": { + "type": "string", + "default": "" + }, + "major": { + "description": "Major is the major version of the binary version", + "type": "string", + "default": "" + }, + "minCompatibilityMajor": { + "description": "MinCompatibilityMajor is the major version of the minimum compatibility version", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + "minCompatibilityMinor": { + "description": "MinCompatibilityMinor is the minor version of the minimum compatibility version", + "type": "string" + }, + "minor": { + "description": "Minor is the minor version of the binary version", + "type": "string", + "default": "" + }, + "platform": { + "type": "string", + "default": "" } } } diff --git a/operator/v1/tests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml b/operator/v1/tests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml new file mode 100644 index 00000000000..52918acc95d --- /dev/null +++ b/operator/v1/tests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml @@ -0,0 +1,384 @@ +apiVersion: apiextensions.k8s.io/v1 +name: "IngressController" +crdName: ingresscontrollers.operator.openshift.io +featureGates: + - TLSCurvePreferences +tests: + onCreate: + - name: Should be able to create with Custom TLS profile and curves + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + curves: + - X25519 + - SecP256r1 + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + closedClientConnectionPolicy: Continue + httpEmptyRequestsPolicy: Respond + idleConnectionTerminationPolicy: Immediate + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + curves: + - X25519 + - SecP256r1 + - name: Should be able to create with all supported curves + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + closedClientConnectionPolicy: Continue + httpEmptyRequestsPolicy: Respond + idleConnectionTerminationPolicy: Immediate + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + - name: Should fail to create with Custom TLS profile and empty curves + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: [] + expectedError: "spec.tlsSecurityProfile.custom.curves in body should have at least 1 items" + - name: Should be able to create with Custom TLS profile and curves omitted + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + closedClientConnectionPolicy: Continue + httpEmptyRequestsPolicy: Respond + idleConnectionTerminationPolicy: Immediate + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + - name: Should be able to create with Custom TLS profile VersionTLS10 and curves + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS10 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - SecP256r1 + - SecP384r1 + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + closedClientConnectionPolicy: Continue + httpEmptyRequestsPolicy: Respond + idleConnectionTerminationPolicy: Immediate + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS10 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - SecP256r1 + - SecP384r1 + - name: Should be able to create with Custom TLS profile VersionTLS11 and curves + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS11 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - SecP384r1 + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + closedClientConnectionPolicy: Continue + httpEmptyRequestsPolicy: Respond + idleConnectionTerminationPolicy: Immediate + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS11 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - SecP384r1 + - name: Should fail to create with more than 5 curves + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + - X25519 + expectedError: "spec.tlsSecurityProfile.custom.curves: Too many: 6: must have at most 5 items" + - name: Should fail to create with invalid curve value + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - InvalidCurve + expectedError: "spec.tlsSecurityProfile.custom.curves[0]: Unsupported value: \"InvalidCurve\": supported values: \"X25519\", \"SecP256r1\", \"SecP384r1\", \"SecP521r1\", \"X25519MLKEM768\"" + onUpdate: + - name: Should be able to add curves to existing Custom TLS profile + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + updated: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + closedClientConnectionPolicy: Continue + httpEmptyRequestsPolicy: Respond + idleConnectionTerminationPolicy: Immediate + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - X25519 + - SecP256r1 + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + closedClientConnectionPolicy: Continue + httpEmptyRequestsPolicy: Respond + idleConnectionTerminationPolicy: Immediate + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - X25519 + - SecP256r1 + - name: Should be able to update curves in existing Custom TLS profile + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - X25519 + updated: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + closedClientConnectionPolicy: Continue + httpEmptyRequestsPolicy: Respond + idleConnectionTerminationPolicy: Immediate + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - SecP256r1 + - SecP384r1 + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + closedClientConnectionPolicy: Continue + httpEmptyRequestsPolicy: Respond + idleConnectionTerminationPolicy: Immediate + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - SecP256r1 + - SecP384r1 + - name: Should fail to remove all curves from existing Custom TLS profile + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - X25519 + - SecP256r1 + updated: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + closedClientConnectionPolicy: Continue + httpEmptyRequestsPolicy: Respond + idleConnectionTerminationPolicy: Immediate + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: [] + expectedError: "spec.tlsSecurityProfile.custom.curves in body should have at least 1 items" diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml index fdf10772dd8..8eadb4ca4c8 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml @@ -1843,10 +1843,9 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. + Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. - Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -1993,8 +1992,11 @@ spec: custom: description: |- custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: minTLSVersion: VersionTLS11 ciphers: @@ -2007,18 +2009,47 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is an optional field used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. + + When omitted, this means no opinion and the platform is left to choose reasonable defaults which are + subject to change over time and may be different per platform component depending on the underlying TLS + libraries they use. If specified, the list must contain at least one curve. + + For example, to use X25519 and SecP256r1 (yaml): + + curves: + - X25519 + - SecP256r1 + items: + description: |- + TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. + There is a one-to-one mapping between these names and the curve IDs defined + in crypto/tls package based on IANA's "TLS Supported Groups" registry: + https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + enum: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + type: string + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: set minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol @@ -2039,6 +2070,12 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 ciphers: @@ -2051,13 +2088,16 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -2071,6 +2111,12 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 ciphers: @@ -2083,15 +2129,23 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 + - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -2102,10 +2156,9 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -2155,37 +2208,6 @@ spec: If unset, the default timeout is 30s format: duration type: string - configurationManagement: - description: |- - configurationManagement specifies how OpenShift router should update - the HAProxy configuration. The following values are valid for this - field: - - * "ForkAndReload". - * "Dynamic". - - Omitting this field means that the user has no opinion and the - platform may choose a reasonable default. This default is subject to - change over time. The current default is "ForkAndReload". - - "ForkAndReload" means that OpenShift router should rewrite the - HAProxy configuration file and instruct HAProxy to fork and reload. - This is OpenShift router's traditional approach. - - "Dynamic" means that OpenShift router may use HAProxy's control - socket for some configuration updates and fall back to fork and - reload for other configuration updates. This is a newer approach, - which may be less mature than ForkAndReload. This setting can - improve load-balancing fairness and metrics accuracy and reduce CPU - and memory usage if HAProxy has frequent configuration updates for - route and endpoints updates. - - Note: The "Dynamic" option is currently experimental and should not - be enabled on production clusters. - enum: - - Dynamic - - ForkAndReload - type: string connectTimeout: description: |- connectTimeout defines the maximum time to wait for @@ -3274,18 +3296,47 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is an optional field used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. + + When omitted, this means no opinion and the platform is left to choose reasonable defaults which are + subject to change over time and may be different per platform component depending on the underlying TLS + libraries they use. If specified, the list must contain at least one curve. + + For example, to use X25519 and SecP256r1 (yaml): + + curves: + - X25519 + - SecP256r1 + items: + description: |- + TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. + There is a one-to-one mapping between these names and the curve IDs defined + in crypto/tls package based on IANA's "TLS Supported Groups" registry: + https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + enum: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + type: string + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: set minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml index 97c3ca8c401..88cff97976a 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml @@ -1843,10 +1843,9 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. + Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. - Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -1993,8 +1992,11 @@ spec: custom: description: |- custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: minTLSVersion: VersionTLS11 ciphers: @@ -2007,14 +2009,11 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array @@ -2039,6 +2038,12 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 ciphers: @@ -2051,13 +2056,16 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -2071,6 +2079,12 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 ciphers: @@ -2083,15 +2097,23 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 + - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -2102,10 +2124,9 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -3243,14 +3264,11 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml index 89c366cda45..8fab4f058aa 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml @@ -1843,10 +1843,9 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. + Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. - Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -1993,8 +1992,11 @@ spec: custom: description: |- custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: minTLSVersion: VersionTLS11 ciphers: @@ -2007,18 +2009,47 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is an optional field used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. + + When omitted, this means no opinion and the platform is left to choose reasonable defaults which are + subject to change over time and may be different per platform component depending on the underlying TLS + libraries they use. If specified, the list must contain at least one curve. + + For example, to use X25519 and SecP256r1 (yaml): + + curves: + - X25519 + - SecP256r1 + items: + description: |- + TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. + There is a one-to-one mapping between these names and the curve IDs defined + in crypto/tls package based on IANA's "TLS Supported Groups" registry: + https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + enum: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + type: string + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: set minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol @@ -2039,6 +2070,12 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 ciphers: @@ -2051,13 +2088,16 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -2071,6 +2111,12 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 ciphers: @@ -2083,15 +2129,23 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 + - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -2102,10 +2156,9 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -2155,37 +2208,6 @@ spec: If unset, the default timeout is 30s format: duration type: string - configurationManagement: - description: |- - configurationManagement specifies how OpenShift router should update - the HAProxy configuration. The following values are valid for this - field: - - * "ForkAndReload". - * "Dynamic". - - Omitting this field means that the user has no opinion and the - platform may choose a reasonable default. This default is subject to - change over time. The current default is "ForkAndReload". - - "ForkAndReload" means that OpenShift router should rewrite the - HAProxy configuration file and instruct HAProxy to fork and reload. - This is OpenShift router's traditional approach. - - "Dynamic" means that OpenShift router may use HAProxy's control - socket for some configuration updates and fall back to fork and - reload for other configuration updates. This is a newer approach, - which may be less mature than ForkAndReload. This setting can - improve load-balancing fairness and metrics accuracy and reduce CPU - and memory usage if HAProxy has frequent configuration updates for - route and endpoints updates. - - Note: The "Dynamic" option is currently experimental and should not - be enabled on production clusters. - enum: - - Dynamic - - ForkAndReload - type: string connectTimeout: description: |- connectTimeout defines the maximum time to wait for @@ -3274,18 +3296,47 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is an optional field used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. + + When omitted, this means no opinion and the platform is left to choose reasonable defaults which are + subject to change over time and may be different per platform component depending on the underlying TLS + libraries they use. If specified, the list must contain at least one curve. + + For example, to use X25519 and SecP256r1 (yaml): + + curves: + - X25519 + - SecP256r1 + items: + description: |- + TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. + There is a one-to-one mapping between these names and the curve IDs defined + in crypto/tls package based on IANA's "TLS Supported Groups" registry: + https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + enum: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + type: string + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: set minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml index 535ddf0bc87..de764ecb9dc 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml @@ -1993,8 +1993,11 @@ spec: custom: description: |- custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: minTLSVersion: VersionTLS11 ciphers: @@ -2007,14 +2010,11 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array @@ -2039,6 +2039,12 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 ciphers: @@ -2051,13 +2057,16 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -2071,6 +2080,12 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 ciphers: @@ -2083,15 +2098,23 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 + - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -2102,10 +2125,9 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -3243,14 +3265,11 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml index 2fbc3cd4e39..2efe9d649b5 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml @@ -1843,10 +1843,9 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. + Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. - Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -1993,8 +1992,11 @@ spec: custom: description: |- custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: minTLSVersion: VersionTLS11 ciphers: @@ -2007,18 +2009,47 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is an optional field used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. + + When omitted, this means no opinion and the platform is left to choose reasonable defaults which are + subject to change over time and may be different per platform component depending on the underlying TLS + libraries they use. If specified, the list must contain at least one curve. + + For example, to use X25519 and SecP256r1 (yaml): + + curves: + - X25519 + - SecP256r1 + items: + description: |- + TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. + There is a one-to-one mapping between these names and the curve IDs defined + in crypto/tls package based on IANA's "TLS Supported Groups" registry: + https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + enum: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + type: string + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: set minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol @@ -2039,6 +2070,12 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 ciphers: @@ -2051,13 +2088,16 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -2071,6 +2111,12 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 ciphers: @@ -2083,15 +2129,23 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 + - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -2102,10 +2156,9 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -2155,37 +2208,6 @@ spec: If unset, the default timeout is 30s format: duration type: string - configurationManagement: - description: |- - configurationManagement specifies how OpenShift router should update - the HAProxy configuration. The following values are valid for this - field: - - * "ForkAndReload". - * "Dynamic". - - Omitting this field means that the user has no opinion and the - platform may choose a reasonable default. This default is subject to - change over time. The current default is "ForkAndReload". - - "ForkAndReload" means that OpenShift router should rewrite the - HAProxy configuration file and instruct HAProxy to fork and reload. - This is OpenShift router's traditional approach. - - "Dynamic" means that OpenShift router may use HAProxy's control - socket for some configuration updates and fall back to fork and - reload for other configuration updates. This is a newer approach, - which may be less mature than ForkAndReload. This setting can - improve load-balancing fairness and metrics accuracy and reduce CPU - and memory usage if HAProxy has frequent configuration updates for - route and endpoints updates. - - Note: The "Dynamic" option is currently experimental and should not - be enabled on production clusters. - enum: - - Dynamic - - ForkAndReload - type: string connectTimeout: description: |- connectTimeout defines the maximum time to wait for @@ -3274,18 +3296,47 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is an optional field used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. + + When omitted, this means no opinion and the platform is left to choose reasonable defaults which are + subject to change over time and may be different per platform component depending on the underlying TLS + libraries they use. If specified, the list must contain at least one curve. + + For example, to use X25519 and SecP256r1 (yaml): + + curves: + - X25519 + - SecP256r1 + items: + description: |- + TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. + There is a one-to-one mapping between these names and the curve IDs defined + in crypto/tls package based on IANA's "TLS Supported Groups" registry: + https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + enum: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + type: string + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: set minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol diff --git a/operator/v1/zz_generated.featuregated-crd-manifests.yaml b/operator/v1/zz_generated.featuregated-crd-manifests.yaml index aaf09729085..c71164a5726 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests.yaml @@ -69,7 +69,6 @@ clustercsidrivers.operator.openshift.io: Capability: "" Category: "" FeatureGates: - - AWSEuropeanSovereignCloudInstall - VSphereConfigurableMaxAllowedBlockVolumesPerNode FilenameOperatorName: csi-driver FilenameOperatorOrdering: "01" @@ -177,7 +176,7 @@ ingresscontrollers.operator.openshift.io: Capability: Ingress Category: "" FeatureGates: - - IngressControllerDynamicConfigurationManager + - TLSCurvePreferences FilenameOperatorName: ingress FilenameOperatorOrdering: "00" FilenameRunLevel: "0000_50" @@ -307,7 +306,8 @@ machineconfigurations.operator.openshift.io: FeatureGates: - BootImageSkewEnforcement - IrreconcilableMachineConfig - - ManagedBootImagesCPMS + - ManagedBootImages + - ManagedBootImages+ManagedBootImagesCPMS FilenameOperatorName: machine-config FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_80" @@ -328,8 +328,7 @@ networks.operator.openshift.io: CRDName: networks.operator.openshift.io Capability: "" Category: "" - FeatureGates: - - NoOverlayMode + FeatureGates: [] FilenameOperatorName: network FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_70" diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml index db97e59b3f6..16d19bfd51c 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml @@ -1986,8 +1986,11 @@ spec: custom: description: |- custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: minTLSVersion: VersionTLS11 ciphers: @@ -2000,14 +2003,11 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array @@ -2032,6 +2032,12 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 ciphers: @@ -2044,13 +2050,16 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -2064,6 +2073,12 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 ciphers: @@ -2076,15 +2091,23 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 + - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -2095,10 +2118,9 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -3225,14 +3247,11 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml new file mode 100644 index 00000000000..4bfbf596c2d --- /dev/null +++ b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml @@ -0,0 +1,3346 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/616 + api.openshift.io/filename-cvo-runlevel: "0000_50" + api.openshift.io/filename-operator: ingress + api.openshift.io/filename-ordering: "00" + capability.openshift.io/name: Ingress + feature-gate.release.openshift.io/TLSCurvePreferences: "true" + name: ingresscontrollers.operator.openshift.io +spec: + group: operator.openshift.io + names: + kind: IngressController + listKind: IngressControllerList + plural: ingresscontrollers + singular: ingresscontroller + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + IngressController describes a managed ingress controller for the cluster. The + controller can service OpenShift Route and Kubernetes Ingress resources. + + When an IngressController is created, a new ingress controller deployment is + created to allow external traffic to reach the services that expose Ingress + or Route resources. Updating this resource may lead to disruption for public + facing network connections as a new ingress controller revision may be rolled + out. + + https://kubernetes.io/docs/concepts/services-networking/ingress-controllers + + Whenever possible, sensible defaults for the platform are used. See each + field for more details. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + IngressController. + properties: + clientTLS: + description: |- + clientTLS specifies settings for requesting and verifying client + certificates, which can be used to enable mutual TLS for + edge-terminated and reencrypt routes. + properties: + allowedSubjectPatterns: + description: |- + allowedSubjectPatterns specifies a list of regular expressions that + should be matched against the distinguished name on a valid client + certificate to filter requests. The regular expressions must use + PCRE syntax. If this list is empty, no filtering is performed. If + the list is nonempty, then at least one pattern must match a client + certificate's distinguished name or else the ingress controller + rejects the certificate and denies the connection. + items: + type: string + type: array + x-kubernetes-list-type: atomic + clientCA: + description: |- + clientCA specifies a configmap containing the PEM-encoded CA + certificate bundle that should be used to verify a client's + certificate. The administrator must create this configmap in the + openshift-config namespace. + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + required: + - name + type: object + clientCertificatePolicy: + description: |- + clientCertificatePolicy specifies whether the ingress controller + requires clients to provide certificates. This field accepts the + values "Required" or "Optional". + + Note that the ingress controller only checks client certificates for + edge-terminated and reencrypt TLS routes; it cannot check + certificates for cleartext HTTP or passthrough TLS routes. + enum: + - "" + - Required + - Optional + type: string + required: + - clientCA + - clientCertificatePolicy + type: object + closedClientConnectionPolicy: + default: Continue + description: |- + closedClientConnectionPolicy controls how the IngressController + behaves when the client closes the TCP connection while the TLS + handshake or HTTP request is in progress. This option maps directly + to HAProxy’s "abortonclose" option. + + Valid values are: "Abort" and "Continue". + The default value is "Continue". + + When set to "Abort", the router will stop processing the TLS handshake + if it is in progress, and it will not send an HTTP request to the backend server + if the request has not yet been sent when the client closes the connection. + + When set to "Continue", the router will complete the TLS handshake + if it is in progress, or send an HTTP request to the backend server + and wait for the backend server's response, regardless of + whether the client has closed the connection. + + Setting "Abort" can help free CPU resources otherwise spent on TLS computation + for connections the client has already closed, and can reduce request queue + size, thereby reducing the load on saturated backend servers. + + Important Considerations: + + - The default policy ("Continue") is HTTP-compliant, and requests + for aborted client connections will still be served. + Use the "Continue" policy to allow a client to send a request + and then immediately close its side of the connection while + still receiving a response on the half-closed connection. + + - When clients use keep-alive connections, the most common case for premature + closure is when the user wants to cancel the transfer or when a timeout + occurs. In that case, the "Abort" policy may be used to reduce resource consumption. + + - Using RSA keys larger than 2048 bits can significantly slow down + TLS computations. Consider using the "Abort" policy to reduce CPU usage. + enum: + - Abort + - Continue + type: string + defaultCertificate: + description: |- + defaultCertificate is a reference to a secret containing the default + certificate served by the ingress controller. When Routes don't specify + their own certificate, defaultCertificate is used. + + The secret must contain the following keys and data: + + tls.crt: certificate file contents + tls.key: key file contents + + If unset, a wildcard certificate is automatically generated and used. The + certificate is valid for the ingress controller domain (and subdomains) and + the generated certificate's CA will be automatically integrated with the + cluster's trust store. + + If a wildcard certificate is used and shared by multiple + HTTP/2 enabled routes (which implies ALPN) then clients + (i.e., notably browsers) are at liberty to reuse open + connections. This means a client can reuse a connection to + another route and that is likely to fail. This behaviour is + generally known as connection coalescing. + + The in-use certificate (whether generated or user-specified) will be + automatically integrated with OpenShift's built-in OAuth server. + properties: + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + type: object + x-kubernetes-map-type: atomic + domain: + description: |- + domain is a DNS name serviced by the ingress controller and is used to + configure multiple features: + + * For the LoadBalancerService endpoint publishing strategy, domain is + used to configure DNS records. See endpointPublishingStrategy. + + * When using a generated default certificate, the certificate will be valid + for domain and its subdomains. See defaultCertificate. + + * The value is published to individual Route statuses so that end-users + know where to target external DNS records. + + domain must be unique among all IngressControllers, and cannot be + updated. + + If empty, defaults to ingress.config.openshift.io/cluster .spec.domain. + + The domain value must be a valid DNS name. It must consist of lowercase + alphanumeric characters, '-' or '.', and each label must start and end + with an alphanumeric character and not exceed 63 characters. Maximum + length of a valid DNS domain is 253 characters. + + The implementation may add a prefix such as "router-default." to the domain + when constructing the router canonical hostname. To ensure the resulting + hostname does not exceed the DNS maximum length of 253 characters, + the domain length is additionally validated at the IngressController object + level. For the maximum length of the domain value itself, the shortest + possible variant of the prefix and the ingress controller name was considered + for example "router-a." + maxLength: 244 + type: string + x-kubernetes-validations: + - message: domain must consist of lower case alphanumeric characters, + '-' or '.', and must start and end with an alphanumeric character + rule: '!format.dns1123Subdomain().validate(self).hasValue()' + - message: each DNS label must not exceed 63 characters + rule: self.split('.').all(label, size(label) <= 63) + endpointPublishingStrategy: + description: |- + endpointPublishingStrategy is used to publish the ingress controller + endpoints to other networks, enable load balancer integrations, etc. + + If unset, the default is based on + infrastructure.config.openshift.io/cluster .status.platform: + + AWS: LoadBalancerService (with External scope) + Azure: LoadBalancerService (with External scope) + GCP: LoadBalancerService (with External scope) + IBMCloud: LoadBalancerService (with External scope) + AlibabaCloud: LoadBalancerService (with External scope) + Libvirt: HostNetwork + + Any other platform types (including None) default to HostNetwork. + + endpointPublishingStrategy cannot be updated. + properties: + hostNetwork: + description: |- + hostNetwork holds parameters for the HostNetwork endpoint publishing + strategy. Present only if type is HostNetwork. + properties: + httpPort: + default: 80 + description: |- + httpPort is the port on the host which should be used to listen for + HTTP requests. This field should be set when port 80 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 80. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + httpsPort: + default: 443 + description: |- + httpsPort is the port on the host which should be used to listen for + HTTPS requests. This field should be set when port 443 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 443. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + statsPort: + default: 1936 + description: |- + statsPort is the port on the host where the stats from the router are + published. The value should not coincide with the NodePort range of the + cluster. If an external load balancer is configured to forward connections + to this IngressController, the load balancer should use this port for + health checks. The load balancer can send HTTP probes on this port on a + given node, with the path /healthz/ready to determine if the ingress + controller is ready to receive traffic on the node. For proper operation + the load balancer must not forward traffic to a node until the health + check reports ready. The load balancer should also stop forwarding requests + within a maximum of 45 seconds after /healthz/ready starts reporting + not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with + a threshold of two successful or failed requests to become healthy or + unhealthy respectively, are well-tested values. When the value is 0 or + is not specified it defaults to 1936. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + type: object + loadBalancer: + description: |- + loadBalancer holds parameters for the load balancer. Present only if + type is LoadBalancerService. + properties: + allowedSourceRanges: + description: |- + allowedSourceRanges specifies an allowlist of IP address ranges to which + access to the load balancer should be restricted. Each range must be + specified using CIDR notation (e.g. "10.0.0.0/8" or "fd00::/8"). If no range is + specified, "0.0.0.0/0" for IPv4 and "::/0" for IPv6 are used by default, + which allows all source addresses. + + To facilitate migration from earlier versions of OpenShift that did + not have the allowedSourceRanges field, you may set the + service.beta.kubernetes.io/load-balancer-source-ranges annotation on + the "router-" service in the + "openshift-ingress" namespace, and this annotation will take + effect if allowedSourceRanges is empty on OpenShift 4.12. + items: + description: |- + CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" + or "fd00::/8"). + pattern: (^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + nullable: true + type: array + x-kubernetes-list-type: atomic + dnsManagementPolicy: + default: Managed + description: |- + dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record + associated with the load balancer service will be managed by + the ingress operator. It defaults to Managed. + Valid values are: Managed and Unmanaged. + enum: + - Managed + - Unmanaged + type: string + providerParameters: + description: |- + providerParameters holds desired load balancer information specific to + the underlying infrastructure provider. + + If empty, defaults will be applied. See specific providerParameters + fields for details about their defaults. + properties: + aws: + description: |- + aws provides configuration settings that are specific to AWS + load balancers. + + If empty, defaults will be applied. See specific aws fields for + details about their defaults. + properties: + classicLoadBalancer: + description: |- + classicLoadBalancerParameters holds configuration parameters for an AWS + classic load balancer. Present only if type is Classic. + properties: + connectionIdleTimeout: + description: |- + connectionIdleTimeout specifies the maximum time period that a + connection may be idle before the load balancer closes the + connection. The value must be parseable as a time duration value; + see . A nil or zero value + means no opinion, in which case a default value is used. The default + value for this field is 60s. This default is subject to change. + format: duration + type: string + subnets: + description: |- + subnets specifies the subnets to which the load balancer will + attach. The subnets may be specified by either their + ID or name. The total number of subnets is limited to 10. + + In order for the load balancer to be provisioned with subnets, + each subnet must exist, each subnet must be from a different + availability zone, and the load balancer service must be + recreated to pick up new values. + + When omitted from the spec, the subnets will be auto-discovered + for each availability zone. Auto-discovered subnets are not reported + in the status of the IngressController object. + properties: + ids: + description: |- + ids specifies a list of AWS subnets by subnet ID. + Subnet IDs must start with "subnet-", consist only + of alphanumeric characters, must be exactly 24 + characters long, must be unique, and the total + number of subnets specified by ids and names + must not exceed 10. + items: + description: AWSSubnetID is a reference + to an AWS subnet ID. + maxLength: 24 + minLength: 24 + pattern: ^subnet-[0-9A-Za-z]+$ + type: string + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: subnet ids cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == + y)) + names: + description: |- + names specifies a list of AWS subnets by subnet name. + Subnet names must not start with "subnet-", must not + include commas, must be under 256 characters in length, + must be unique, and the total number of subnets + specified by ids and names must not exceed 10. + items: + description: AWSSubnetName is a reference + to an AWS subnet name. + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: subnet name cannot contain a + comma + rule: '!self.contains('','')' + - message: subnet name cannot start with + 'subnet-' + rule: '!self.startsWith(''subnet-'')' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: subnet names cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == + y)) + type: object + x-kubernetes-validations: + - message: the total number of subnets cannot + exceed 10 + rule: 'has(self.ids) && has(self.names) ? size(self.ids + + self.names) <= 10 : true' + - message: must specify at least 1 subnet name + or id + rule: has(self.ids) && self.ids.size() > 0 || + has(self.names) && self.names.size() > 0 + type: object + networkLoadBalancer: + description: |- + networkLoadBalancerParameters holds configuration parameters for an AWS + network load balancer. Present only if type is NLB. + properties: + eipAllocations: + description: |- + eipAllocations is a list of IDs for Elastic IP (EIP) addresses that + are assigned to the Network Load Balancer. + The following restrictions apply: + + eipAllocations can only be used with external scope, not internal. + An EIP can be allocated to only a single IngressController. + The number of EIP allocations must match the number of subnets that are used for the load balancer. + Each EIP allocation must be unique. + A maximum of 10 EIP allocations are permitted. + + See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general + information about configuration, characteristics, and limitations of Elastic IP addresses. + items: + description: |- + EIPAllocation is an ID for an Elastic IP (EIP) address that can be allocated to an ELB in the AWS environment. + Values must begin with `eipalloc-` followed by exactly 17 hexadecimal (`[0-9a-fA-F]`) characters. + maxLength: 26 + minLength: 26 + type: string + x-kubernetes-validations: + - message: eipAllocations should start with + 'eipalloc-' + rule: self.startsWith('eipalloc-') + - message: eipAllocations must be 'eipalloc-' + followed by exactly 17 hexadecimal characters + (0-9, a-f, A-F) + rule: self.split("-", 2)[1].matches('[0-9a-fA-F]{17}$') + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: eipAllocations cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == y)) + subnets: + description: |- + subnets specifies the subnets to which the load balancer will + attach. The subnets may be specified by either their + ID or name. The total number of subnets is limited to 10. + + In order for the load balancer to be provisioned with subnets, + each subnet must exist, each subnet must be from a different + availability zone, and the load balancer service must be + recreated to pick up new values. + + When omitted from the spec, the subnets will be auto-discovered + for each availability zone. Auto-discovered subnets are not reported + in the status of the IngressController object. + properties: + ids: + description: |- + ids specifies a list of AWS subnets by subnet ID. + Subnet IDs must start with "subnet-", consist only + of alphanumeric characters, must be exactly 24 + characters long, must be unique, and the total + number of subnets specified by ids and names + must not exceed 10. + items: + description: AWSSubnetID is a reference + to an AWS subnet ID. + maxLength: 24 + minLength: 24 + pattern: ^subnet-[0-9A-Za-z]+$ + type: string + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: subnet ids cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == + y)) + names: + description: |- + names specifies a list of AWS subnets by subnet name. + Subnet names must not start with "subnet-", must not + include commas, must be under 256 characters in length, + must be unique, and the total number of subnets + specified by ids and names must not exceed 10. + items: + description: AWSSubnetName is a reference + to an AWS subnet name. + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: subnet name cannot contain a + comma + rule: '!self.contains('','')' + - message: subnet name cannot start with + 'subnet-' + rule: '!self.startsWith(''subnet-'')' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: subnet names cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == + y)) + type: object + x-kubernetes-validations: + - message: the total number of subnets cannot + exceed 10 + rule: 'has(self.ids) && has(self.names) ? size(self.ids + + self.names) <= 10 : true' + - message: must specify at least 1 subnet name + or id + rule: has(self.ids) && self.ids.size() > 0 || + has(self.names) && self.names.size() > 0 + type: object + x-kubernetes-validations: + - message: number of subnets must be equal to number + of eipAllocations + rule: 'has(self.subnets) && has(self.subnets.ids) + && has(self.subnets.names) && has(self.eipAllocations) + ? size(self.subnets.ids + self.subnets.names) + == size(self.eipAllocations) : true' + - message: number of subnets must be equal to number + of eipAllocations + rule: 'has(self.subnets) && has(self.subnets.ids) + && !has(self.subnets.names) && has(self.eipAllocations) + ? size(self.subnets.ids) == size(self.eipAllocations) + : true' + - message: number of subnets must be equal to number + of eipAllocations + rule: 'has(self.subnets) && has(self.subnets.names) + && !has(self.subnets.ids) && has(self.eipAllocations) + ? size(self.subnets.names) == size(self.eipAllocations) + : true' + type: + description: |- + type is the type of AWS load balancer to instantiate for an ingresscontroller. + + Valid values are: + + * "Classic": A Classic Load Balancer that makes routing decisions at either + the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See + the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb + + * "NLB": A Network Load Balancer that makes routing decisions at the + transport layer (TCP/SSL). See the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb + enum: + - Classic + - NLB + type: string + required: + - type + type: object + gcp: + description: |- + gcp provides configuration settings that are specific to GCP + load balancers. + + If empty, defaults will be applied. See specific gcp fields for + details about their defaults. + properties: + clientAccess: + description: |- + clientAccess describes how client access is restricted for internal + load balancers. + + Valid values are: + * "Global": Specifying an internal load balancer with Global client access + allows clients from any region within the VPC to communicate with the load + balancer. + + https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access + + * "Local": Specifying an internal load balancer with Local client access + means only clients within the same region (and VPC) as the GCP load balancer + can communicate with the load balancer. Note that this is the default behavior. + + https://cloud.google.com/load-balancing/docs/internal#client_access + enum: + - Global + - Local + type: string + type: object + ibm: + description: |- + ibm provides configuration settings that are specific to IBM Cloud + load balancers. + + If empty, defaults will be applied. See specific ibm fields for + details about their defaults. + properties: + protocol: + description: |- + protocol specifies whether the load balancer uses PROXY protocol to forward connections to + the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: + "proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas" + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + Valid values for protocol are TCP, PROXY and omitted. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is TCP, without the proxy protocol enabled. + enum: + - "" + - TCP + - PROXY + type: string + type: object + openstack: + description: |- + openstack provides configuration settings that are specific to OpenStack + load balancers. + + If empty, defaults will be applied. See specific openstack fields for + details about their defaults. + properties: + floatingIP: + description: |- + floatingIP specifies the IP address that the load balancer will use. + When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. + When specified, the floating IP has to be pre-created. If the + specified value is not a floating IP or is already claimed, the + OpenStack cloud provider won't be able to provision the load + balancer. + This field may only be used if the IngressController has External scope. + This value must be a valid IPv4 or IPv6 address. + type: string + x-kubernetes-validations: + - message: floatingIP must be a valid IPv4 or IPv6 + address + rule: isIP(self) + type: object + type: + description: |- + type is the underlying infrastructure provider for the load balancer. + Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix", + "OpenStack", and "VSphere". + enum: + - AWS + - Azure + - BareMetal + - GCP + - Nutanix + - OpenStack + - VSphere + - IBM + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: openstack is not permitted when type is not OpenStack + rule: 'has(self.type) && self.type == ''OpenStack'' ? true + : !has(self.openstack)' + scope: + description: |- + scope indicates the scope at which the load balancer is exposed. + Possible values are "External" and "Internal". + enum: + - Internal + - External + type: string + required: + - dnsManagementPolicy + - scope + type: object + x-kubernetes-validations: + - message: eipAllocations are forbidden when the scope is Internal. + rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) + || !has(self.providerParameters.aws) || !has(self.providerParameters.aws.networkLoadBalancer) + || !has(self.providerParameters.aws.networkLoadBalancer.eipAllocations)' + - message: cannot specify a floating ip when scope is internal + rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) + || !has(self.providerParameters.openstack) || !has(self.providerParameters.openstack.floatingIP) + || self.providerParameters.openstack.floatingIP == ""' + nodePort: + description: |- + nodePort holds parameters for the NodePortService endpoint publishing strategy. + Present only if type is NodePortService. + properties: + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + type: object + private: + description: |- + private holds parameters for the Private endpoint publishing + strategy. Present only if type is Private. + properties: + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + type: object + type: + description: |- + type is the publishing strategy to use. Valid values are: + + * LoadBalancerService + + Publishes the ingress controller using a Kubernetes LoadBalancer Service. + + In this configuration, the ingress controller deployment uses container + networking. A LoadBalancer Service is created to publish the deployment. + + See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + + If domain is set, a wildcard DNS record will be managed to point at the + LoadBalancer Service's external name. DNS records are managed only in DNS + zones defined by dns.config.openshift.io/cluster .spec.publicZone and + .spec.privateZone. + + Wildcard DNS management is currently supported only on the AWS, Azure, + and GCP platforms. + + * HostNetwork + + Publishes the ingress controller on node ports where the ingress controller + is deployed. + + In this configuration, the ingress controller deployment uses host + networking, bound to node ports 80 and 443. The user is responsible for + configuring an external load balancer to publish the ingress controller via + the node ports. + + * Private + + Does not publish the ingress controller. + + In this configuration, the ingress controller deployment uses container + networking, and is not explicitly published. The user must manually publish + the ingress controller. + + * NodePortService + + Publishes the ingress controller using a Kubernetes NodePort Service. + + In this configuration, the ingress controller deployment uses container + networking. A NodePort Service is created to publish the deployment. The + specific node ports are dynamically allocated by OpenShift; however, to + support static port allocations, user changes to the node port + field of the managed NodePort Service will preserved. + enum: + - LoadBalancerService + - HostNetwork + - Private + - NodePortService + type: string + required: + - type + type: object + httpCompression: + description: |- + httpCompression defines a policy for HTTP traffic compression. + By default, there is no HTTP compression. + properties: + mimeTypes: + description: |- + mimeTypes is a list of MIME types that should have compression applied. + This list can be empty, in which case the ingress controller does not apply compression. + + Note: Not all MIME types benefit from compression, but HAProxy will still use resources + to try to compress if instructed to. Generally speaking, text (html, css, js, etc.) + formats benefit from compression, but formats that are already compressed (image, + audio, video, etc.) benefit little in exchange for the time and cpu spent on compressing + again. See https://joehonton.medium.com/the-gzip-penalty-d31bd697f1a2 + items: + description: |- + CompressionMIMEType defines the format of a single MIME type. + E.g. "text/css; charset=utf-8", "text/html", "text/*", "image/svg+xml", + "application/octet-stream", "X-custom/customsub", etc. + + The format should follow the Content-Type definition in RFC 1341: + Content-Type := type "/" subtype *[";" parameter] + - The type in Content-Type can be one of: + application, audio, image, message, multipart, text, video, or a custom + type preceded by "X-" and followed by a token as defined below. + - The token is a string of at least one character, and not containing white + space, control characters, or any of the characters in the tspecials set. + - The tspecials set contains the characters ()<>@,;:\"/[]?.= + - The subtype in Content-Type is also a token. + - The optional parameter/s following the subtype are defined as: + token "=" (token / quoted-string) + - The quoted-string, as defined in RFC 822, is surrounded by double quotes + and can contain white space plus any character EXCEPT \, ", and CR. + It can also contain any single ASCII character as long as it is escaped by \. + pattern: ^(?i)(x-[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+|application|audio|image|message|multipart|text|video)/[^][ + ()\\<>@,;:"/?.=\x00-\x1F\x7F]+(; *[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+=([^][ + ()\\<>@,;:"/?.=\x00-\x1F\x7F]+|"(\\[\x00-\x7F]|[^\x0D"\\])*"))*$ + type: string + type: array + x-kubernetes-list-type: set + type: object + httpEmptyRequestsPolicy: + default: Respond + description: |- + httpEmptyRequestsPolicy describes how HTTP connections should be + handled if the connection times out before a request is received. + Allowed values for this field are "Respond" and "Ignore". If the + field is set to "Respond", the ingress controller sends an HTTP 400 + or 408 response, logs the connection (if access logging is enabled), + and counts the connection in the appropriate metrics. If the field + is set to "Ignore", the ingress controller closes the connection + without sending a response, logging the connection, or incrementing + metrics. The default value is "Respond". + + Typically, these connections come from load balancers' health probes + or Web browsers' speculative connections ("preconnect") and can be + safely ignored. However, these requests may also be caused by + network errors, and so setting this field to "Ignore" may impede + detection and diagnosis of problems. In addition, these requests may + be caused by port scans, in which case logging empty requests may aid + in detecting intrusion attempts. + enum: + - Respond + - Ignore + type: string + httpErrorCodePages: + description: |- + httpErrorCodePages specifies a configmap with custom error pages. + The administrator must create this configmap in the openshift-config namespace. + This configmap should have keys in the format "error-page-.http", + where is an HTTP error code. + For example, "error-page-503.http" defines an error page for HTTP 503 responses. + Currently only error pages for 503 and 404 responses can be customized. + Each value in the configmap should be the full response, including HTTP headers. + Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http + If this field is empty, the ingress controller uses the default error pages. + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + required: + - name + type: object + httpHeaders: + description: |- + httpHeaders defines policy for HTTP headers. + + If this field is empty, the default values are used. + properties: + actions: + description: |- + actions specifies options for modifying headers and their values. + Note that this option only applies to cleartext HTTP connections + and to secure HTTP connections for which the ingress controller + terminates encryption (that is, edge-terminated or reencrypt + connections). Headers cannot be modified for TLS passthrough + connections. + Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` + may only be configured using the "haproxy.router.openshift.io/hsts_header" route annotation, and only in + accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. + Any actions defined here are applied after any actions related to the following other fields: + cache-control, spec.clientTLS, + spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, + and spec.httpHeaders.headerNameCaseAdjustments. + In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after + the actions specified in the IngressController's spec.httpHeaders.actions field. + In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be + executed after the actions specified in the Route's spec.httpHeaders.actions field. + Headers set using this API cannot be captured for use in access logs. + The following header names are reserved and may not be modified via this API: + Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + Note that the total size of all net added headers *after* interpolating dynamic values + must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + IngressController. Please refer to the documentation + for that API field for more details. + properties: + request: + description: |- + request is a list of HTTP request headers to modify. + Actions defined here will modify the request headers of all requests passing through an ingress controller. + These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. + IngressController actions for request headers will be executed before Route actions. + Currently, actions may define to either `Set` or `Delete` headers values. + Actions are applied in sequence as defined in this list. + A maximum of 20 request header actions may be configured. + Sample fetchers allowed are "req.hdr" and "ssl_c_der". + Converters allowed are "lower" and "base64". + Example header values: "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + items: + description: IngressControllerHTTPHeader specifies configuration + for setting or deleting an HTTP header. + properties: + action: + description: action specifies actions to perform on + headers, such as setting or deleting headers. + properties: + set: + description: |- + set specifies how the HTTP header should be set. + This field is required when type is Set and forbidden otherwise. + properties: + value: + description: |- + value specifies a header value. + Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in + http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and + otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + The value of this field must be no more than 16384 characters in length. + Note that the total size of all net added headers *after* interpolating dynamic values + must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + IngressController. + maxLength: 16384 + minLength: 1 + type: string + required: + - value + type: object + type: + description: |- + type defines the type of the action to be applied on the header. + Possible values are Set or Delete. + Set allows you to set HTTP request and response headers. + Delete allows you to delete HTTP request and response headers. + enum: + - Set + - Delete + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: set is required when type is Set, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) + : !has(self.set)' + name: + description: |- + name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". + The following header names are reserved and may not be modified via this API: + Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + It must be no more than 255 characters in length. + Header name must be unique. + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + x-kubernetes-validations: + - message: strict-transport-security header may not + be modified via header actions + rule: self.lowerAscii() != 'strict-transport-security' + - message: proxy header may not be modified via header + actions + rule: self.lowerAscii() != 'proxy' + - message: host header may not be modified via header + actions + rule: self.lowerAscii() != 'host' + - message: cookie header may not be modified via header + actions + rule: self.lowerAscii() != 'cookie' + - message: set-cookie header may not be modified via + header actions + rule: self.lowerAscii() != 'set-cookie' + required: + - action + - name + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: Either the header value provided is not in correct + format or the sample fetcher/converter specified is not + allowed. The dynamic header value will be interpreted + as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 + and may use HAProxy's %[] syntax and otherwise must be + a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + Sample fetchers allowed are req.hdr, ssl_c_der. Converters + allowed are lower, base64. + rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) + && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + response: + description: |- + response is a list of HTTP response headers to modify. + Actions defined here will modify the response headers of all requests passing through an ingress controller. + These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. + IngressController actions for response headers will be executed after Route actions. + Currently, actions may define to either `Set` or `Delete` headers values. + Actions are applied in sequence as defined in this list. + A maximum of 20 response header actions may be configured. + Sample fetchers allowed are "res.hdr" and "ssl_c_der". + Converters allowed are "lower" and "base64". + Example header values: "%[res.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". + items: + description: IngressControllerHTTPHeader specifies configuration + for setting or deleting an HTTP header. + properties: + action: + description: action specifies actions to perform on + headers, such as setting or deleting headers. + properties: + set: + description: |- + set specifies how the HTTP header should be set. + This field is required when type is Set and forbidden otherwise. + properties: + value: + description: |- + value specifies a header value. + Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in + http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and + otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + The value of this field must be no more than 16384 characters in length. + Note that the total size of all net added headers *after* interpolating dynamic values + must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the + IngressController. + maxLength: 16384 + minLength: 1 + type: string + required: + - value + type: object + type: + description: |- + type defines the type of the action to be applied on the header. + Possible values are Set or Delete. + Set allows you to set HTTP request and response headers. + Delete allows you to delete HTTP request and response headers. + enum: + - Set + - Delete + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: set is required when type is Set, and forbidden + otherwise + rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) + : !has(self.set)' + name: + description: |- + name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + The name must consist only of alphanumeric and the following special characters, "-!#$%&'*+.^_`". + The following header names are reserved and may not be modified via this API: + Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. + It must be no more than 255 characters in length. + Header name must be unique. + maxLength: 255 + minLength: 1 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + x-kubernetes-validations: + - message: strict-transport-security header may not + be modified via header actions + rule: self.lowerAscii() != 'strict-transport-security' + - message: proxy header may not be modified via header + actions + rule: self.lowerAscii() != 'proxy' + - message: host header may not be modified via header + actions + rule: self.lowerAscii() != 'host' + - message: cookie header may not be modified via header + actions + rule: self.lowerAscii() != 'cookie' + - message: set-cookie header may not be modified via + header actions + rule: self.lowerAscii() != 'set-cookie' + required: + - action + - name + type: object + maxItems: 20 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + x-kubernetes-validations: + - message: Either the header value provided is not in correct + format or the sample fetcher/converter specified is not + allowed. The dynamic header value will be interpreted + as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 + and may use HAProxy's %[] syntax and otherwise must be + a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. + Sample fetchers allowed are res.hdr, ssl_c_der. Converters + allowed are lower, base64. + rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) + && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) + type: object + forwardedHeaderPolicy: + description: |- + forwardedHeaderPolicy specifies when and how the IngressController + sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, + X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version + HTTP headers. The value may be one of the following: + + * "Append", which specifies that the IngressController appends the + headers, preserving existing headers. + + * "Replace", which specifies that the IngressController sets the + headers, replacing any existing Forwarded or X-Forwarded-* headers. + + * "IfNone", which specifies that the IngressController sets the + headers if they are not already set. + + * "Never", which specifies that the IngressController never sets the + headers, preserving any existing headers. + + By default, the policy is "Append". + enum: + - Append + - Replace + - IfNone + - Never + type: string + headerNameCaseAdjustments: + description: |- + headerNameCaseAdjustments specifies case adjustments that can be + applied to HTTP header names. Each adjustment is specified as an + HTTP header name with the desired capitalization. For example, + specifying "X-Forwarded-For" indicates that the "x-forwarded-for" + HTTP header should be adjusted to have the specified capitalization. + + These adjustments are only applied to cleartext, edge-terminated, and + re-encrypt routes, and only when using HTTP/1. + + For request headers, these adjustments are applied only for routes + that have the haproxy.router.openshift.io/h1-adjust-case=true + annotation. For response headers, these adjustments are applied to + all HTTP responses. + + If this field is empty, no request headers are adjusted. + items: + description: |- + IngressControllerHTTPHeaderNameCaseAdjustment is the name of an HTTP header + (for example, "X-Forwarded-For") in the desired capitalization. The value + must be a valid HTTP header name as defined in RFC 2616 section 4.2. + maxLength: 1024 + minLength: 0 + pattern: ^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + nullable: true + type: array + x-kubernetes-list-type: atomic + uniqueId: + description: |- + uniqueId describes configuration for a custom HTTP header that the + ingress controller should inject into incoming HTTP requests. + Typically, this header is configured to have a value that is unique + to the HTTP request. The header can be used by applications or + included in access logs to facilitate tracing individual HTTP + requests. + + If this field is empty, no such header is injected into requests. + properties: + format: + description: |- + format specifies the format for the injected HTTP header's value. + This field has no effect unless name is specified. For the + HAProxy-based ingress controller implementation, this format uses the + same syntax as the HTTP log format. If the field is empty, the + default value is "%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid"; see the + corresponding HAProxy documentation: + http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 + maxLength: 1024 + minLength: 0 + pattern: ^(%(%|(\{[-+]?[QXE](,[-+]?[QXE])*\})?([A-Za-z]+|\[[.0-9A-Z_a-z]+(\([^)]+\))?(,[.0-9A-Z_a-z]+(\([^)]+\))?)*\]))|[^%[:cntrl:]])*$ + type: string + name: + description: |- + name specifies the name of the HTTP header (for example, "unique-id") + that the ingress controller should inject into HTTP requests. The + field's value must be a valid HTTP header name as defined in RFC 2616 + section 4.2. If the field is empty, no header is injected. + maxLength: 1024 + minLength: 0 + pattern: ^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + type: object + type: object + idleConnectionTerminationPolicy: + default: Immediate + description: |- + idleConnectionTerminationPolicy maps directly to HAProxy's + idle-close-on-response option and controls whether HAProxy + keeps idle frontend connections open during a soft stop + (router reload). + + Allowed values for this field are "Immediate" and + "Deferred". The default value is "Immediate". + + When set to "Immediate", idle connections are closed + immediately during router reloads. This ensures immediate + propagation of route changes but may impact clients + sensitive to connection resets. + + When set to "Deferred", HAProxy will maintain idle + connections during a soft reload instead of closing them + immediately. These connections remain open until any of the + following occurs: + + - A new request is received on the connection, in which + case HAProxy handles it in the old process and closes + the connection after sending the response. + + - HAProxy's `timeout http-keep-alive` duration expires. + By default this is 300 seconds, but it can be changed + using httpKeepAliveTimeout tuning option. + + - The client's keep-alive timeout expires, causing the + client to close the connection. + + Setting Deferred can help prevent errors in clients or load + balancers that do not properly handle connection resets. + Additionally, this option allows you to retain the pre-2.4 + HAProxy behaviour: in HAProxy version 2.2 (OpenShift + versions < 4.14), maintaining idle connections during a + soft reload was the default behaviour, but starting with + HAProxy 2.4, the default changed to closing idle + connections immediately. + + Important Consideration: + + - Using Deferred will result in temporary inconsistencies + for the first request on each persistent connection + after a route update and router reload. This request + will be processed by the old HAProxy process using its + old configuration. Subsequent requests will use the + updated configuration. + + Operational Considerations: + + - Keeping idle connections open during reloads may lead + to an accumulation of old HAProxy processes if + connections remain idle for extended periods, + especially in environments where frequent reloads + occur. + + - Consider monitoring the number of HAProxy processes in + the router pods when Deferred is set. + + - You may need to enable or adjust the + `ingress.operator.openshift.io/hard-stop-after` + duration (configured via an annotation on the + IngressController resource) in environments with + frequent reloads to prevent resource exhaustion. + enum: + - Immediate + - Deferred + type: string + logging: + description: |- + logging defines parameters for what should be logged where. If this + field is empty, operational logs are enabled but access logs are + disabled. + properties: + access: + description: |- + access describes how the client requests should be logged. + + If this field is empty, access logging is disabled. + properties: + destination: + description: destination is where access logs go. + properties: + container: + description: |- + container holds parameters for the Container logging destination. + Present only if type is Container. + properties: + maxLength: + default: 1024 + description: |- + maxLength is the maximum length of the log message. + + Valid values are integers in the range 480 to 8192, inclusive. + + When omitted, the default value is 1024. + format: int32 + maximum: 8192 + minimum: 480 + type: integer + type: object + syslog: + description: |- + syslog holds parameters for a syslog endpoint. Present only if + type is Syslog. + properties: + address: + description: |- + address is the IP address of the syslog endpoint that receives log + messages. + type: string + facility: + description: |- + facility specifies the syslog facility of log messages. + + If this field is empty, the facility is "local1". + enum: + - kern + - user + - mail + - daemon + - auth + - syslog + - lpr + - news + - uucp + - cron + - auth2 + - ftp + - ntp + - audit + - alert + - cron2 + - local0 + - local1 + - local2 + - local3 + - local4 + - local5 + - local6 + - local7 + type: string + maxLength: + default: 1024 + description: |- + maxLength is the maximum length of the log message. + + Valid values are integers in the range 480 to 4096, inclusive. + + When omitted, the default value is 1024. + format: int32 + maximum: 4096 + minimum: 480 + type: integer + port: + description: |- + port is the UDP port number of the syslog endpoint that receives log + messages. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - address + - port + type: object + type: + description: |- + type is the type of destination for logs. It must be one of the + following: + + * Container + + The ingress operator configures the sidecar container named "logs" on + the ingress controller pod and configures the ingress controller to + write logs to the sidecar. The logs are then available as container + logs. The expectation is that the administrator configures a custom + logging solution that reads logs from this sidecar. Note that using + container logs means that logs may be dropped if the rate of logs + exceeds the container runtime's or the custom logging solution's + capacity. + + * Syslog + + Logs are sent to a syslog endpoint. The administrator must specify + an endpoint that can receive syslog messages. The expectation is + that the administrator has configured a custom syslog instance. + enum: + - Container + - Syslog + type: string + required: + - type + type: object + httpCaptureCookies: + description: |- + httpCaptureCookies specifies HTTP cookies that should be captured in + access logs. If this field is empty, no cookies are captured. + items: + description: |- + IngressControllerCaptureHTTPCookie describes an HTTP cookie that should be + captured. + properties: + matchType: + description: |- + matchType specifies the type of match to be performed on the cookie + name. Allowed values are "Exact" for an exact string match and + "Prefix" for a string prefix match. If "Exact" is specified, a name + must be specified in the name field. If "Prefix" is provided, a + prefix must be specified in the namePrefix field. For example, + specifying matchType "Prefix" and namePrefix "foo" will capture a + cookie named "foo" or "foobar" but not one named "bar". The first + matching cookie is captured. + enum: + - Exact + - Prefix + type: string + maxLength: + description: |- + maxLength specifies a maximum length of the string that will be + logged, which includes the cookie name, cookie value, and + one-character delimiter. If the log entry exceeds this length, the + value will be truncated in the log message. Note that the ingress + controller may impose a separate bound on the total length of HTTP + headers in a request. + maximum: 1024 + minimum: 1 + type: integer + name: + description: |- + name specifies a cookie name. Its value must be a valid HTTP cookie + name as defined in RFC 6265 section 4.1. + maxLength: 1024 + minLength: 0 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$ + type: string + namePrefix: + description: |- + namePrefix specifies a cookie name prefix. Its value must be a valid + HTTP cookie name as defined in RFC 6265 section 4.1. + maxLength: 1024 + minLength: 0 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$ + type: string + required: + - matchType + - maxLength + type: object + maxItems: 1 + nullable: true + type: array + x-kubernetes-list-type: atomic + httpCaptureHeaders: + description: |- + httpCaptureHeaders defines HTTP headers that should be captured in + access logs. If this field is empty, no headers are captured. + + Note that this option only applies to cleartext HTTP connections + and to secure HTTP connections for which the ingress controller + terminates encryption (that is, edge-terminated or reencrypt + connections). Headers cannot be captured for TLS passthrough + connections. + properties: + request: + description: |- + request specifies which HTTP request headers to capture. + + If this field is empty, no request headers are captured. + items: + description: |- + IngressControllerCaptureHTTPHeader describes an HTTP header that should be + captured. + properties: + maxLength: + description: |- + maxLength specifies a maximum length for the header value. If a + header value exceeds this length, the value will be truncated in the + log message. Note that the ingress controller may impose a separate + bound on the total length of HTTP headers in a request. + minimum: 1 + type: integer + name: + description: |- + name specifies a header name. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + required: + - maxLength + - name + type: object + nullable: true + type: array + x-kubernetes-list-type: atomic + response: + description: |- + response specifies which HTTP response headers to capture. + + If this field is empty, no response headers are captured. + items: + description: |- + IngressControllerCaptureHTTPHeader describes an HTTP header that should be + captured. + properties: + maxLength: + description: |- + maxLength specifies a maximum length for the header value. If a + header value exceeds this length, the value will be truncated in the + log message. Note that the ingress controller may impose a separate + bound on the total length of HTTP headers in a request. + minimum: 1 + type: integer + name: + description: |- + name specifies a header name. Its value must be a valid HTTP header + name as defined in RFC 2616 section 4.2. + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + required: + - maxLength + - name + type: object + nullable: true + type: array + x-kubernetes-list-type: atomic + type: object + httpLogFormat: + description: |- + httpLogFormat specifies the format of the log message for an HTTP + request. + + If this field is empty, log messages use the implementation's default + HTTP log format. For HAProxy's default HTTP log format, see the + HAProxy documentation: + http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 + + Note that this format only applies to cleartext HTTP connections + and to secure HTTP connections for which the ingress controller + terminates encryption (that is, edge-terminated or reencrypt + connections). It does not affect the log format for TLS passthrough + connections. + type: string + logEmptyRequests: + default: Log + description: |- + logEmptyRequests specifies how connections on which no request is + received should be logged. Typically, these empty requests come from + load balancers' health probes or Web browsers' speculative + connections ("preconnect"), in which case logging these requests may + be undesirable. However, these requests may also be caused by + network errors, in which case logging empty requests may be useful + for diagnosing the errors. In addition, these requests may be caused + by port scans, in which case logging empty requests may aid in + detecting intrusion attempts. Allowed values for this field are + "Log" and "Ignore". The default value is "Log". + enum: + - Log + - Ignore + type: string + required: + - destination + type: object + type: object + namespaceSelector: + description: |- + namespaceSelector is used to filter the set of namespaces serviced by the + ingress controller. This is useful for implementing shards. + + If unset, the default is no filtering. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nodePlacement: + description: |- + nodePlacement enables explicit control over the scheduling of the ingress + controller. + + If unset, defaults are used. See NodePlacement for more details. + properties: + nodeSelector: + description: |- + nodeSelector is the node selector applied to ingress controller + deployments. + + If set, the specified selector is used and replaces the default. + + If unset, the default depends on the value of the defaultPlacement + field in the cluster config.openshift.io/v1/ingresses status. + + When defaultPlacement is Workers, the default is: + + kubernetes.io/os: linux + node-role.kubernetes.io/worker: '' + + When defaultPlacement is ControlPlane, the default is: + + kubernetes.io/os: linux + node-role.kubernetes.io/master: '' + + These defaults are subject to change. + + Note that using nodeSelector.matchExpressions is not supported. Only + nodeSelector.matchLabels may be used. This is a limitation of the + Kubernetes API: the pod spec does not allow complex expressions for + node selectors. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + tolerations: + description: |- + tolerations is a list of tolerations applied to ingress controller + deployments. + + The default is an empty list. + + See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + x-kubernetes-list-type: atomic + type: object + replicas: + description: |- + replicas is the desired number of ingress controller replicas. If unset, + the default depends on the value of the defaultPlacement field in the + cluster config.openshift.io/v1/ingresses status. + + The value of replicas is set based on the value of a chosen field in the + Infrastructure CR. If defaultPlacement is set to ControlPlane, the + chosen field will be controlPlaneTopology. If it is set to Workers the + chosen field will be infrastructureTopology. Replicas will then be set to 1 + or 2 based whether the chosen field's value is SingleReplica or + HighlyAvailable, respectively. + + These defaults are subject to change. + format: int32 + type: integer + routeAdmission: + description: |- + routeAdmission defines a policy for handling new route claims (for example, + to allow or deny claims across namespaces). + + If empty, defaults will be applied. See specific routeAdmission fields + for details about their defaults. + properties: + namespaceOwnership: + description: |- + namespaceOwnership describes how host name claims across namespaces should + be handled. + + Value must be one of: + + - Strict: Do not allow routes in different namespaces to claim the same host. + + - InterNamespaceAllowed: Allow routes to claim different paths of the same + host name across namespaces. + + If empty, the default is Strict. + enum: + - InterNamespaceAllowed + - Strict + type: string + wildcardPolicy: + description: |- + wildcardPolicy describes how routes with wildcard policies should + be handled for the ingress controller. WildcardPolicy controls use + of routes [1] exposed by the ingress controller based on the route's + wildcard policy. + + [1] https://github.com/openshift/api/blob/master/route/v1/types.go + + Note: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed + will cause admitted routes with a wildcard policy of Subdomain to stop + working. These routes must be updated to a wildcard policy of None to be + readmitted by the ingress controller. + + WildcardPolicy supports WildcardsAllowed and WildcardsDisallowed values. + + If empty, defaults to "WildcardsDisallowed". + enum: + - WildcardsAllowed + - WildcardsDisallowed + type: string + type: object + routeSelector: + description: |- + routeSelector is used to filter the set of Routes serviced by the ingress + controller. This is useful for implementing shards. + + If unset, the default is no filtering. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + tlsSecurityProfile: + description: |- + tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers. + + If unset, the default is based on the apiservers.config.openshift.io/cluster resource. + + Note that when using the Old, Intermediate, and Modern profile types, the effective + profile configuration is subject to change between releases. For example, given + a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade + to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress + controller, resulting in a rollout. + properties: + custom: + description: |- + custom is a user-defined TLS security profile. Be extremely careful using a custom + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: + + minTLSVersion: VersionTLS11 + ciphers: + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + nullable: true + properties: + ciphers: + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + ciphers: + - DES-CBC3-SHA + items: + type: string + type: array + x-kubernetes-list-type: atomic + curves: + description: |- + curves is an optional field used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. + + When omitted, this means no opinion and the platform is left to choose reasonable defaults which are + subject to change over time and may be different per platform component depending on the underlying TLS + libraries they use. If specified, the list must contain at least one curve. + + For example, to use X25519 and SecP256r1 (yaml): + + curves: + - X25519 + - SecP256r1 + items: + description: |- + TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. + There is a one-to-one mapping between these names and the curve IDs defined + in crypto/tls package based on IANA's "TLS Supported Groups" registry: + https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + enum: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + type: string + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: set + minTLSVersion: + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + minTLSVersion: VersionTLS11 + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + intermediate: + description: |- + intermediate is a TLS profile for use when you do not need compatibility with + legacy clients and want to remain highly secure while being compatible with + most clients currently in use. + + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + nullable: true + type: object + modern: + description: |- + modern is a TLS security profile for use with clients that support TLS 1.3 and + do not need backward compatibility for older clients. + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS13 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + nullable: true + type: object + old: + description: |- + old is a TLS profile for use when services need to be accessed by very old + clients or libraries and should be used only as a last resort. + + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS10 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 + - ECDHE-ECDSA-AES128-SHA256 + - ECDHE-RSA-AES128-SHA256 + - ECDHE-ECDSA-AES128-SHA + - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 + - ECDHE-ECDSA-AES256-SHA + - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 + - AES128-GCM-SHA256 + - AES256-GCM-SHA384 + - AES128-SHA256 + - AES256-SHA256 + - AES128-SHA + - AES256-SHA + - DES-CBC3-SHA + nullable: true + type: object + type: + description: |- + type is one of Old, Intermediate, Modern or Custom. Custom provides the + ability to specify individual TLS security profile parameters. + + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + + The profiles are intent based, so they may change over time as new ciphers are + developed and existing ciphers are found to be insecure. Depending on + precisely which ciphers are available to a process, the list may be reduced. + enum: + - Old + - Intermediate + - Modern + - Custom + type: string + type: object + tuningOptions: + description: |- + tuningOptions defines parameters for adjusting the performance of + ingress controller pods. All fields are optional and will use their + respective defaults if not set. See specific tuningOptions fields for + more details. + + Setting fields within tuningOptions is generally not recommended. The + default values are suitable for most configurations. + properties: + clientFinTimeout: + description: |- + clientFinTimeout defines how long a connection will be held open while + waiting for the client response to the server/backend closing the + connection. + + If unset, the default timeout is 1s + format: duration + type: string + clientTimeout: + description: |- + clientTimeout defines how long a connection will be held open while + waiting for a client response. + + If unset, the default timeout is 30s + format: duration + type: string + connectTimeout: + description: |- + connectTimeout defines the maximum time to wait for + a connection attempt to a server/backend to succeed. + + This field expects an unsigned duration string of decimal numbers, each with optional + fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m". + Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + + When omitted, this means the user has no opinion and the platform is left + to choose a reasonable default. This default is subject to change over time. + The current default is 5s. + pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + type: string + headerBufferBytes: + description: |- + headerBufferBytes describes how much memory should be reserved + (in bytes) for IngressController connection sessions. + Note that this value must be at least 16384 if HTTP/2 is + enabled for the IngressController (https://tools.ietf.org/html/rfc7540). + If this field is empty, the IngressController will use a default value + of 32768 bytes. + + Setting this field is generally not recommended as headerBufferBytes + values that are too small may break the IngressController and + headerBufferBytes values that are too large could cause the + IngressController to use significantly more memory than necessary. + format: int32 + minimum: 16384 + type: integer + headerBufferMaxRewriteBytes: + description: |- + headerBufferMaxRewriteBytes describes how much memory should be reserved + (in bytes) from headerBufferBytes for HTTP header rewriting + and appending for IngressController connection sessions. + Note that incoming HTTP requests will be limited to + (headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning + headerBufferBytes must be greater than headerBufferMaxRewriteBytes. + If this field is empty, the IngressController will use a default value + of 8192 bytes. + + Setting this field is generally not recommended as + headerBufferMaxRewriteBytes values that are too small may break the + IngressController and headerBufferMaxRewriteBytes values that are too + large could cause the IngressController to use significantly more memory + than necessary. + format: int32 + minimum: 4096 + type: integer + healthCheckInterval: + description: |- + healthCheckInterval defines how long the router waits between two consecutive + health checks on its configured backends. This value is applied globally as + a default for all routes, but may be overridden per-route by the route annotation + "router.openshift.io/haproxy.health.check.interval". + + Expects an unsigned duration string of decimal numbers, each with optional + fraction and a unit suffix, eg "300ms", "1.5h" or "2h45m". + Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + + Setting this to less than 5s can cause excess traffic due to too frequent + TCP health checks and accompanying SYN packet storms. Alternatively, setting + this too high can result in increased latency, due to backend servers that are no + longer available, but haven't yet been detected as such. + + An empty or zero healthCheckInterval means no opinion and IngressController chooses + a default, which is subject to change over time. + Currently the default healthCheckInterval value is 5s. + + Currently the minimum allowed value is 1s and the maximum allowed value is + 2147483647ms (24.85 days). Both are subject to change over time. + pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + type: string + httpKeepAliveTimeout: + description: |- + httpKeepAliveTimeout defines the maximum allowed time to wait for + a new HTTP request to appear on a connection from the client to the router. + + This field expects an unsigned duration string of a decimal number, with optional + fraction and a unit suffix, e.g. "300ms", "1.5s" or "2m45s". + Valid time units are "ms", "s", "m". + The allowed range is from 1 millisecond to 15 minutes. + + When omitted, this means the user has no opinion and the platform is left + to choose a reasonable default. This default is subject to change over time. + The current default is 300s. + + Low values (tens of milliseconds or less) can cause clients to close and reopen connections + for each request, leading to reduced connection sharing. + For HTTP/2, special care should be taken with low values. + A few seconds is a reasonable starting point to avoid holding idle connections open + while still allowing subsequent requests to reuse the connection. + + High values (minutes or more) favor connection reuse but may cause idle + connections to linger longer. + maxLength: 16 + minLength: 1 + type: string + x-kubernetes-validations: + - message: httpKeepAliveTimeout must be a valid duration string + composed of an unsigned integer value, optionally followed + by a decimal fraction and a unit suffix (ms, s, m) + rule: self.matches('^([0-9]+(\\.[0-9]+)?(ms|s|m))+$') + - message: httpKeepAliveTimeout must be less than or equal to + 15 minutes + rule: '!self.matches(''^([0-9]+(\\.[0-9]+)?(ms|s|m))+$'') || + duration(self) <= duration(''15m'')' + - message: httpKeepAliveTimeout must be greater than or equal + to 1 millisecond + rule: '!self.matches(''^([0-9]+(\\.[0-9]+)?(ms|s|m))+$'') || + duration(self) >= duration(''1ms'')' + maxConnections: + description: |- + maxConnections defines the maximum number of simultaneous + connections that can be established per HAProxy process. + Increasing this value allows each ingress controller pod to + handle more connections but at the cost of additional + system resources being consumed. + + Permitted values are: empty, 0, -1, and the range + 2000-2000000. + + If this field is empty or 0, the IngressController will use + the default value of 50000, but the default is subject to + change in future releases. + + If the value is -1 then HAProxy will dynamically compute a + maximum value based on the available ulimits in the running + container. Selecting -1 (i.e., auto) will result in a large + value being computed (~520000 on OpenShift >=4.10 clusters) + and therefore each HAProxy process will incur significant + memory usage compared to the current default of 50000. + + Setting a value that is greater than the current operating + system limit will prevent the HAProxy process from + starting. + + If you choose a discrete value (e.g., 750000) and the + router pod is migrated to a new node, there's no guarantee + that that new node has identical ulimits configured. In + such a scenario the pod would fail to start. If you have + nodes with different ulimits configured (e.g., different + tuned profiles) and you choose a discrete value then the + guidance is to use -1 and let the value be computed + dynamically at runtime. + + You can monitor memory usage for router containers with the + following metric: + 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}'. + + You can monitor memory usage of individual HAProxy + processes in router containers with the following metric: + 'container_memory_working_set_bytes{container="router",namespace="openshift-ingress"}/container_processes{container="router",namespace="openshift-ingress"}'. + format: int32 + type: integer + reloadInterval: + description: |- + reloadInterval defines the minimum interval at which the router is allowed to reload + to accept new changes. Increasing this value can prevent the accumulation of + HAProxy processes, depending on the scenario. Increasing this interval can + also lessen load imbalance on a backend's servers when using the roundrobin + balancing algorithm. Alternatively, decreasing this value may decrease latency + since updates to HAProxy's configuration can take effect more quickly. + + The value must be a time duration value; see . + Currently, the minimum value allowed is 1s, and the maximum allowed value is + 120s. Minimum and maximum allowed values may change in future versions of OpenShift. + Note that if a duration outside of these bounds is provided, the value of reloadInterval + will be capped/floored and not rejected (e.g. a duration of over 120s will be capped to + 120s; the IngressController will not reject and replace this disallowed value with + the default). + + A zero value for reloadInterval tells the IngressController to choose the default, + which is currently 5s and subject to change without notice. + + This field expects an unsigned duration string of decimal numbers, each with optional + fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m". + Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + + Note: Setting a value significantly larger than the default of 5s can cause latency + in observing updates to routes and their endpoints. HAProxy's configuration will + be reloaded less frequently, and newly created routes will not be served until the + subsequent reload. + pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + type: string + serverFinTimeout: + description: |- + serverFinTimeout defines how long a connection will be held open while + waiting for the server/backend response to the client closing the + connection. + + If unset, the default timeout is 1s + format: duration + type: string + serverTimeout: + description: |- + serverTimeout defines how long a connection will be held open while + waiting for a server/backend response. + + If unset, the default timeout is 30s + format: duration + type: string + threadCount: + description: |- + threadCount defines the number of threads created per HAProxy process. + Creating more threads allows each ingress controller pod to handle more + connections, at the cost of more system resources being used. HAProxy + currently supports up to 64 threads. If this field is empty, the + IngressController will use the default value. The current default is 4 + threads, but this may change in future releases. + + Setting this field is generally not recommended. Increasing the number + of HAProxy threads allows ingress controller pods to utilize more CPU + time under load, potentially starving other pods if set too high. + Reducing the number of threads may cause the ingress controller to + perform poorly. + format: int32 + maximum: 64 + minimum: 1 + type: integer + tlsInspectDelay: + description: |- + tlsInspectDelay defines how long the router can hold data to find a + matching route. + + Setting this too short can cause the router to fall back to the default + certificate for edge-terminated or reencrypt routes even when a better + matching certificate could be used. + + If unset, the default inspect delay is 5s + format: duration + type: string + tunnelTimeout: + description: |- + tunnelTimeout defines how long a tunnel connection (including + websockets) will be held open while the tunnel is idle. + + If unset, the default timeout is 1h + format: duration + type: string + type: object + unsupportedConfigOverrides: + description: |- + unsupportedConfigOverrides allows specifying unsupported + configuration options. Its use is unsupported. + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status is the most recently observed status of the IngressController. + properties: + availableReplicas: + description: |- + availableReplicas is number of observed available replicas according to the + ingress controller deployment. + format: int32 + type: integer + conditions: + description: |- + conditions is a list of conditions and their status. + + Available means the ingress controller deployment is available and + servicing route and ingress resources (i.e, .status.availableReplicas + equals .spec.replicas) + + There are additional conditions which indicate the status of other + ingress controller features and capabilities. + + * LoadBalancerManaged + - True if the following conditions are met: + * The endpoint publishing strategy requires a service load balancer. + - False if any of those conditions are unsatisfied. + + * LoadBalancerReady + - True if the following conditions are met: + * A load balancer is managed. + * The load balancer is ready. + - False if any of those conditions are unsatisfied. + + * DNSManaged + - True if the following conditions are met: + * The endpoint publishing strategy and platform support DNS. + * The ingress controller domain is set. + * dns.config.openshift.io/cluster configures DNS zones. + - False if any of those conditions are unsatisfied. + + * DNSReady + - True if the following conditions are met: + * DNS is managed. + * DNS records have been successfully created. + - False if any of those conditions are unsatisfied. + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + type: string + reason: + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + domain: + description: domain is the actual domain in use. + type: string + endpointPublishingStrategy: + description: endpointPublishingStrategy is the actual strategy in + use. + properties: + hostNetwork: + description: |- + hostNetwork holds parameters for the HostNetwork endpoint publishing + strategy. Present only if type is HostNetwork. + properties: + httpPort: + default: 80 + description: |- + httpPort is the port on the host which should be used to listen for + HTTP requests. This field should be set when port 80 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 80. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + httpsPort: + default: 443 + description: |- + httpsPort is the port on the host which should be used to listen for + HTTPS requests. This field should be set when port 443 is already in use. + The value should not coincide with the NodePort range of the cluster. + When the value is 0 or is not specified it defaults to 443. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + statsPort: + default: 1936 + description: |- + statsPort is the port on the host where the stats from the router are + published. The value should not coincide with the NodePort range of the + cluster. If an external load balancer is configured to forward connections + to this IngressController, the load balancer should use this port for + health checks. The load balancer can send HTTP probes on this port on a + given node, with the path /healthz/ready to determine if the ingress + controller is ready to receive traffic on the node. For proper operation + the load balancer must not forward traffic to a node until the health + check reports ready. The load balancer should also stop forwarding requests + within a maximum of 45 seconds after /healthz/ready starts reporting + not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with + a threshold of two successful or failed requests to become healthy or + unhealthy respectively, are well-tested values. When the value is 0 or + is not specified it defaults to 1936. + format: int32 + maximum: 65535 + minimum: 0 + type: integer + type: object + loadBalancer: + description: |- + loadBalancer holds parameters for the load balancer. Present only if + type is LoadBalancerService. + properties: + allowedSourceRanges: + description: |- + allowedSourceRanges specifies an allowlist of IP address ranges to which + access to the load balancer should be restricted. Each range must be + specified using CIDR notation (e.g. "10.0.0.0/8" or "fd00::/8"). If no range is + specified, "0.0.0.0/0" for IPv4 and "::/0" for IPv6 are used by default, + which allows all source addresses. + + To facilitate migration from earlier versions of OpenShift that did + not have the allowedSourceRanges field, you may set the + service.beta.kubernetes.io/load-balancer-source-ranges annotation on + the "router-" service in the + "openshift-ingress" namespace, and this annotation will take + effect if allowedSourceRanges is empty on OpenShift 4.12. + items: + description: |- + CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" + or "fd00::/8"). + pattern: (^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) + type: string + nullable: true + type: array + x-kubernetes-list-type: atomic + dnsManagementPolicy: + default: Managed + description: |- + dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record + associated with the load balancer service will be managed by + the ingress operator. It defaults to Managed. + Valid values are: Managed and Unmanaged. + enum: + - Managed + - Unmanaged + type: string + providerParameters: + description: |- + providerParameters holds desired load balancer information specific to + the underlying infrastructure provider. + + If empty, defaults will be applied. See specific providerParameters + fields for details about their defaults. + properties: + aws: + description: |- + aws provides configuration settings that are specific to AWS + load balancers. + + If empty, defaults will be applied. See specific aws fields for + details about their defaults. + properties: + classicLoadBalancer: + description: |- + classicLoadBalancerParameters holds configuration parameters for an AWS + classic load balancer. Present only if type is Classic. + properties: + connectionIdleTimeout: + description: |- + connectionIdleTimeout specifies the maximum time period that a + connection may be idle before the load balancer closes the + connection. The value must be parseable as a time duration value; + see . A nil or zero value + means no opinion, in which case a default value is used. The default + value for this field is 60s. This default is subject to change. + format: duration + type: string + subnets: + description: |- + subnets specifies the subnets to which the load balancer will + attach. The subnets may be specified by either their + ID or name. The total number of subnets is limited to 10. + + In order for the load balancer to be provisioned with subnets, + each subnet must exist, each subnet must be from a different + availability zone, and the load balancer service must be + recreated to pick up new values. + + When omitted from the spec, the subnets will be auto-discovered + for each availability zone. Auto-discovered subnets are not reported + in the status of the IngressController object. + properties: + ids: + description: |- + ids specifies a list of AWS subnets by subnet ID. + Subnet IDs must start with "subnet-", consist only + of alphanumeric characters, must be exactly 24 + characters long, must be unique, and the total + number of subnets specified by ids and names + must not exceed 10. + items: + description: AWSSubnetID is a reference + to an AWS subnet ID. + maxLength: 24 + minLength: 24 + pattern: ^subnet-[0-9A-Za-z]+$ + type: string + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: subnet ids cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == + y)) + names: + description: |- + names specifies a list of AWS subnets by subnet name. + Subnet names must not start with "subnet-", must not + include commas, must be under 256 characters in length, + must be unique, and the total number of subnets + specified by ids and names must not exceed 10. + items: + description: AWSSubnetName is a reference + to an AWS subnet name. + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: subnet name cannot contain a + comma + rule: '!self.contains('','')' + - message: subnet name cannot start with + 'subnet-' + rule: '!self.startsWith(''subnet-'')' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: subnet names cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == + y)) + type: object + x-kubernetes-validations: + - message: the total number of subnets cannot + exceed 10 + rule: 'has(self.ids) && has(self.names) ? size(self.ids + + self.names) <= 10 : true' + - message: must specify at least 1 subnet name + or id + rule: has(self.ids) && self.ids.size() > 0 || + has(self.names) && self.names.size() > 0 + type: object + networkLoadBalancer: + description: |- + networkLoadBalancerParameters holds configuration parameters for an AWS + network load balancer. Present only if type is NLB. + properties: + eipAllocations: + description: |- + eipAllocations is a list of IDs for Elastic IP (EIP) addresses that + are assigned to the Network Load Balancer. + The following restrictions apply: + + eipAllocations can only be used with external scope, not internal. + An EIP can be allocated to only a single IngressController. + The number of EIP allocations must match the number of subnets that are used for the load balancer. + Each EIP allocation must be unique. + A maximum of 10 EIP allocations are permitted. + + See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general + information about configuration, characteristics, and limitations of Elastic IP addresses. + items: + description: |- + EIPAllocation is an ID for an Elastic IP (EIP) address that can be allocated to an ELB in the AWS environment. + Values must begin with `eipalloc-` followed by exactly 17 hexadecimal (`[0-9a-fA-F]`) characters. + maxLength: 26 + minLength: 26 + type: string + x-kubernetes-validations: + - message: eipAllocations should start with + 'eipalloc-' + rule: self.startsWith('eipalloc-') + - message: eipAllocations must be 'eipalloc-' + followed by exactly 17 hexadecimal characters + (0-9, a-f, A-F) + rule: self.split("-", 2)[1].matches('[0-9a-fA-F]{17}$') + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: eipAllocations cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == y)) + subnets: + description: |- + subnets specifies the subnets to which the load balancer will + attach. The subnets may be specified by either their + ID or name. The total number of subnets is limited to 10. + + In order for the load balancer to be provisioned with subnets, + each subnet must exist, each subnet must be from a different + availability zone, and the load balancer service must be + recreated to pick up new values. + + When omitted from the spec, the subnets will be auto-discovered + for each availability zone. Auto-discovered subnets are not reported + in the status of the IngressController object. + properties: + ids: + description: |- + ids specifies a list of AWS subnets by subnet ID. + Subnet IDs must start with "subnet-", consist only + of alphanumeric characters, must be exactly 24 + characters long, must be unique, and the total + number of subnets specified by ids and names + must not exceed 10. + items: + description: AWSSubnetID is a reference + to an AWS subnet ID. + maxLength: 24 + minLength: 24 + pattern: ^subnet-[0-9A-Za-z]+$ + type: string + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: subnet ids cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == + y)) + names: + description: |- + names specifies a list of AWS subnets by subnet name. + Subnet names must not start with "subnet-", must not + include commas, must be under 256 characters in length, + must be unique, and the total number of subnets + specified by ids and names must not exceed 10. + items: + description: AWSSubnetName is a reference + to an AWS subnet name. + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: subnet name cannot contain a + comma + rule: '!self.contains('','')' + - message: subnet name cannot start with + 'subnet-' + rule: '!self.startsWith(''subnet-'')' + maxItems: 10 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: subnet names cannot contain duplicates + rule: self.all(x, self.exists_one(y, x == + y)) + type: object + x-kubernetes-validations: + - message: the total number of subnets cannot + exceed 10 + rule: 'has(self.ids) && has(self.names) ? size(self.ids + + self.names) <= 10 : true' + - message: must specify at least 1 subnet name + or id + rule: has(self.ids) && self.ids.size() > 0 || + has(self.names) && self.names.size() > 0 + type: object + x-kubernetes-validations: + - message: number of subnets must be equal to number + of eipAllocations + rule: 'has(self.subnets) && has(self.subnets.ids) + && has(self.subnets.names) && has(self.eipAllocations) + ? size(self.subnets.ids + self.subnets.names) + == size(self.eipAllocations) : true' + - message: number of subnets must be equal to number + of eipAllocations + rule: 'has(self.subnets) && has(self.subnets.ids) + && !has(self.subnets.names) && has(self.eipAllocations) + ? size(self.subnets.ids) == size(self.eipAllocations) + : true' + - message: number of subnets must be equal to number + of eipAllocations + rule: 'has(self.subnets) && has(self.subnets.names) + && !has(self.subnets.ids) && has(self.eipAllocations) + ? size(self.subnets.names) == size(self.eipAllocations) + : true' + type: + description: |- + type is the type of AWS load balancer to instantiate for an ingresscontroller. + + Valid values are: + + * "Classic": A Classic Load Balancer that makes routing decisions at either + the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See + the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb + + * "NLB": A Network Load Balancer that makes routing decisions at the + transport layer (TCP/SSL). See the following for additional details: + + https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb + enum: + - Classic + - NLB + type: string + required: + - type + type: object + gcp: + description: |- + gcp provides configuration settings that are specific to GCP + load balancers. + + If empty, defaults will be applied. See specific gcp fields for + details about their defaults. + properties: + clientAccess: + description: |- + clientAccess describes how client access is restricted for internal + load balancers. + + Valid values are: + * "Global": Specifying an internal load balancer with Global client access + allows clients from any region within the VPC to communicate with the load + balancer. + + https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access + + * "Local": Specifying an internal load balancer with Local client access + means only clients within the same region (and VPC) as the GCP load balancer + can communicate with the load balancer. Note that this is the default behavior. + + https://cloud.google.com/load-balancing/docs/internal#client_access + enum: + - Global + - Local + type: string + type: object + ibm: + description: |- + ibm provides configuration settings that are specific to IBM Cloud + load balancers. + + If empty, defaults will be applied. See specific ibm fields for + details about their defaults. + properties: + protocol: + description: |- + protocol specifies whether the load balancer uses PROXY protocol to forward connections to + the IngressController. See "service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: + "proxy-protocol"" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas" + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + Valid values for protocol are TCP, PROXY and omitted. + When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. + The current default is TCP, without the proxy protocol enabled. + enum: + - "" + - TCP + - PROXY + type: string + type: object + openstack: + description: |- + openstack provides configuration settings that are specific to OpenStack + load balancers. + + If empty, defaults will be applied. See specific openstack fields for + details about their defaults. + properties: + floatingIP: + description: |- + floatingIP specifies the IP address that the load balancer will use. + When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. + When specified, the floating IP has to be pre-created. If the + specified value is not a floating IP or is already claimed, the + OpenStack cloud provider won't be able to provision the load + balancer. + This field may only be used if the IngressController has External scope. + This value must be a valid IPv4 or IPv6 address. + type: string + x-kubernetes-validations: + - message: floatingIP must be a valid IPv4 or IPv6 + address + rule: isIP(self) + type: object + type: + description: |- + type is the underlying infrastructure provider for the load balancer. + Allowed values are "AWS", "Azure", "BareMetal", "GCP", "IBM", "Nutanix", + "OpenStack", and "VSphere". + enum: + - AWS + - Azure + - BareMetal + - GCP + - Nutanix + - OpenStack + - VSphere + - IBM + type: string + required: + - type + type: object + x-kubernetes-validations: + - message: openstack is not permitted when type is not OpenStack + rule: 'has(self.type) && self.type == ''OpenStack'' ? true + : !has(self.openstack)' + scope: + description: |- + scope indicates the scope at which the load balancer is exposed. + Possible values are "External" and "Internal". + enum: + - Internal + - External + type: string + required: + - dnsManagementPolicy + - scope + type: object + x-kubernetes-validations: + - message: eipAllocations are forbidden when the scope is Internal. + rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) + || !has(self.providerParameters.aws) || !has(self.providerParameters.aws.networkLoadBalancer) + || !has(self.providerParameters.aws.networkLoadBalancer.eipAllocations)' + - message: cannot specify a floating ip when scope is internal + rule: '!has(self.scope) || self.scope != ''Internal'' || !has(self.providerParameters) + || !has(self.providerParameters.openstack) || !has(self.providerParameters.openstack.floatingIP) + || self.providerParameters.openstack.floatingIP == ""' + nodePort: + description: |- + nodePort holds parameters for the NodePortService endpoint publishing strategy. + Present only if type is NodePortService. + properties: + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + type: object + private: + description: |- + private holds parameters for the Private endpoint publishing + strategy. Present only if type is Private. + properties: + protocol: + description: |- + protocol specifies whether the IngressController expects incoming + connections to use plain TCP or whether the IngressController expects + PROXY protocol. + + PROXY protocol can be used with load balancers that support it to + communicate the source addresses of client connections when + forwarding those connections to the IngressController. Using PROXY + protocol enables the IngressController to report those source + addresses instead of reporting the load balancer's address in HTTP + headers and logs. Note that enabling PROXY protocol on the + IngressController will cause connections to fail if you are not using + a load balancer that uses PROXY protocol to forward connections to + the IngressController. See + http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for + information about PROXY protocol. + + The following values are valid for this field: + + * The empty string. + * "TCP". + * "PROXY". + + The empty string specifies the default, which is TCP without PROXY + protocol. Note that the default is subject to change. + enum: + - "" + - TCP + - PROXY + type: string + type: object + type: + description: |- + type is the publishing strategy to use. Valid values are: + + * LoadBalancerService + + Publishes the ingress controller using a Kubernetes LoadBalancer Service. + + In this configuration, the ingress controller deployment uses container + networking. A LoadBalancer Service is created to publish the deployment. + + See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + + If domain is set, a wildcard DNS record will be managed to point at the + LoadBalancer Service's external name. DNS records are managed only in DNS + zones defined by dns.config.openshift.io/cluster .spec.publicZone and + .spec.privateZone. + + Wildcard DNS management is currently supported only on the AWS, Azure, + and GCP platforms. + + * HostNetwork + + Publishes the ingress controller on node ports where the ingress controller + is deployed. + + In this configuration, the ingress controller deployment uses host + networking, bound to node ports 80 and 443. The user is responsible for + configuring an external load balancer to publish the ingress controller via + the node ports. + + * Private + + Does not publish the ingress controller. + + In this configuration, the ingress controller deployment uses container + networking, and is not explicitly published. The user must manually publish + the ingress controller. + + * NodePortService + + Publishes the ingress controller using a Kubernetes NodePort Service. + + In this configuration, the ingress controller deployment uses container + networking. A NodePort Service is created to publish the deployment. The + specific node ports are dynamically allocated by OpenShift; however, to + support static port allocations, user changes to the node port + field of the managed NodePort Service will preserved. + enum: + - LoadBalancerService + - HostNetwork + - Private + - NodePortService + type: string + required: + - type + type: object + namespaceSelector: + description: namespaceSelector is the actual namespaceSelector in + use. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + observedGeneration: + description: observedGeneration is the most recent generation observed. + format: int64 + type: integer + routeSelector: + description: routeSelector is the actual routeSelector in use. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + selector: + description: |- + selector is a label selector, in string format, for ingress controller pods + corresponding to the IngressController. The number of matching pods should + equal the value of availableReplicas. + type: string + tlsProfile: + description: tlsProfile is the TLS connection configuration that is + in effect. + properties: + ciphers: + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + ciphers: + - DES-CBC3-SHA + items: + type: string + type: array + x-kubernetes-list-type: atomic + curves: + description: |- + curves is an optional field used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. + + When omitted, this means no opinion and the platform is left to choose reasonable defaults which are + subject to change over time and may be different per platform component depending on the underlying TLS + libraries they use. If specified, the list must contain at least one curve. + + For example, to use X25519 and SecP256r1 (yaml): + + curves: + - X25519 + - SecP256r1 + items: + description: |- + TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. + There is a one-to-one mapping between these names and the curve IDs defined + in crypto/tls package based on IANA's "TLS Supported Groups" registry: + https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + enum: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + type: string + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: set + minTLSVersion: + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + minTLSVersion: VersionTLS11 + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + type: object + type: object + x-kubernetes-validations: + - message: The combined 'router-' + metadata.name + '.' + .spec.domain cannot + exceed 253 characters + rule: '!has(self.spec.domain) || size(''router-'' + self.metadata.name + + ''.'' + self.spec.domain) <= 253' + served: true + storage: true + subresources: + status: {} diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml index d2ba7fc3253..12e5d935da3 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml @@ -338,8 +338,11 @@ spec: custom: description: |- custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: minTLSVersion: VersionTLS11 ciphers: @@ -352,18 +355,47 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is an optional field used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. + + When omitted, this means no opinion and the platform is left to choose reasonable defaults which are + subject to change over time and may be different per platform component depending on the underlying TLS + libraries they use. If specified, the list must contain at least one curve. + + For example, to use X25519 and SecP256r1 (yaml): + + curves: + - X25519 + - SecP256r1 + items: + description: |- + TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. + There is a one-to-one mapping between these names and the curve IDs defined + in crypto/tls package based on IANA's "TLS Supported Groups" registry: + https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + enum: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + type: string + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: set minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol @@ -384,6 +416,12 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 ciphers: @@ -396,13 +434,16 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -416,6 +457,12 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 ciphers: @@ -428,15 +475,23 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 + - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -447,10 +502,9 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-Default.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-Default.crd.yaml index 272d49db0e3..32e3cf9b8bd 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-Default.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-Default.crd.yaml @@ -233,8 +233,11 @@ spec: custom: description: |- custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: minTLSVersion: VersionTLS11 ciphers: @@ -247,14 +250,11 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array @@ -279,6 +279,12 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 ciphers: @@ -291,13 +297,16 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -311,6 +320,12 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 ciphers: @@ -323,15 +338,23 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 + - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -342,10 +365,9 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml index cabbd04bb71..9bc55b2073c 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml @@ -338,8 +338,11 @@ spec: custom: description: |- custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: minTLSVersion: VersionTLS11 ciphers: @@ -352,18 +355,47 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is an optional field used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. + + When omitted, this means no opinion and the platform is left to choose reasonable defaults which are + subject to change over time and may be different per platform component depending on the underlying TLS + libraries they use. If specified, the list must contain at least one curve. + + For example, to use X25519 and SecP256r1 (yaml): + + curves: + - X25519 + - SecP256r1 + items: + description: |- + TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. + There is a one-to-one mapping between these names and the curve IDs defined + in crypto/tls package based on IANA's "TLS Supported Groups" registry: + https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + enum: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + type: string + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: set minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol @@ -384,6 +416,12 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 ciphers: @@ -396,13 +434,16 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -416,6 +457,12 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 ciphers: @@ -428,15 +475,23 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 + - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -447,10 +502,9 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-OKD.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-OKD.crd.yaml index 3c81a12e872..a5677d9b594 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-OKD.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-OKD.crd.yaml @@ -233,8 +233,11 @@ spec: custom: description: |- custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: minTLSVersion: VersionTLS11 ciphers: @@ -247,14 +250,11 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array @@ -279,6 +279,12 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 ciphers: @@ -291,13 +297,16 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -311,6 +320,12 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 ciphers: @@ -323,15 +338,23 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 + - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -342,10 +365,9 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml index b21c31dd439..809806f3720 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml @@ -270,8 +270,11 @@ spec: custom: description: |- custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: minTLSVersion: VersionTLS11 ciphers: @@ -284,18 +287,47 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array x-kubernetes-list-type: atomic + curves: + description: |- + curves is an optional field used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. + + When omitted, this means no opinion and the platform is left to choose reasonable defaults which are + subject to change over time and may be different per platform component depending on the underlying TLS + libraries they use. If specified, the list must contain at least one curve. + + For example, to use X25519 and SecP256r1 (yaml): + + curves: + - X25519 + - SecP256r1 + items: + description: |- + TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. + There is a one-to-one mapping between these names and the curve IDs defined + in crypto/tls package based on IANA's "TLS Supported Groups" registry: + https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + enum: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + type: string + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: set minTLSVersion: description: |- minTLSVersion is used to specify the minimal version of the TLS protocol @@ -316,6 +348,12 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 ciphers: @@ -328,13 +366,16 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -348,6 +389,12 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 ciphers: @@ -360,15 +407,23 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 + - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -379,10 +434,9 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml new file mode 100644 index 00000000000..70203c6c034 --- /dev/null +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml @@ -0,0 +1,344 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: CustomNoUpgrade + labels: + openshift.io/operator-managed: "" + name: kubeletconfigs.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: KubeletConfig + listKind: KubeletConfigList + plural: kubeletconfigs + singular: kubeletconfig + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + KubeletConfig describes a customized Kubelet configuration. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec contains the desired kubelet configuration. + properties: + autoSizingReserved: + type: boolean + kubeletConfig: + description: |- + kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by + OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from + upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes + for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable. + type: object + x-kubernetes-preserve-unknown-fields: true + logLevel: + format: int32 + type: integer + machineConfigPoolSelector: + description: |- + machineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. + A nil selector will result in no pools being selected. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + tlsSecurityProfile: + description: |- + If unset, the default is based on the apiservers.config.openshift.io/cluster resource. + Note that only Old and Intermediate profiles are currently supported, and + the maximum available minTLSVersion is VersionTLS12. + properties: + custom: + description: |- + custom is a user-defined TLS security profile. Be extremely careful using a custom + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: + + minTLSVersion: VersionTLS11 + ciphers: + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + nullable: true + properties: + ciphers: + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + ciphers: + - DES-CBC3-SHA + items: + type: string + type: array + x-kubernetes-list-type: atomic + curves: + description: |- + curves is an optional field used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. + + When omitted, this means no opinion and the platform is left to choose reasonable defaults which are + subject to change over time and may be different per platform component depending on the underlying TLS + libraries they use. If specified, the list must contain at least one curve. + + For example, to use X25519 and SecP256r1 (yaml): + + curves: + - X25519 + - SecP256r1 + items: + description: |- + TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. + There is a one-to-one mapping between these names and the curve IDs defined + in crypto/tls package based on IANA's "TLS Supported Groups" registry: + https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + enum: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + type: string + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: set + minTLSVersion: + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + minTLSVersion: VersionTLS11 + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + intermediate: + description: |- + intermediate is a TLS profile for use when you do not need compatibility with + legacy clients and want to remain highly secure while being compatible with + most clients currently in use. + + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + nullable: true + type: object + modern: + description: |- + modern is a TLS security profile for use with clients that support TLS 1.3 and + do not need backward compatibility for older clients. + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS13 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + nullable: true + type: object + old: + description: |- + old is a TLS profile for use when services need to be accessed by very old + clients or libraries and should be used only as a last resort. + + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS10 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 + - ECDHE-ECDSA-AES128-SHA256 + - ECDHE-RSA-AES128-SHA256 + - ECDHE-ECDSA-AES128-SHA + - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 + - ECDHE-ECDSA-AES256-SHA + - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 + - AES128-GCM-SHA256 + - AES256-GCM-SHA384 + - AES128-SHA256 + - AES256-SHA256 + - AES128-SHA + - AES256-SHA + - DES-CBC3-SHA + nullable: true + type: object + type: + description: |- + type is one of Old, Intermediate, Modern or Custom. Custom provides the + ability to specify individual TLS security profile parameters. + + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + + The profiles are intent based, so they may change over time as new ciphers are + developed and existing ciphers are found to be insecure. Depending on + precisely which ciphers are available to a process, the list may be reduced. + enum: + - Old + - Intermediate + - Modern + - Custom + type: string + type: object + type: object + status: + description: status contains observed information about the kubelet configuration. + properties: + conditions: + description: conditions represents the latest available observations + of current state. + items: + description: KubeletConfigCondition defines the state of the KubeletConfig + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status object. + format: date-time + nullable: true + type: string + message: + description: |- + message provides additional information about the current condition. + This is only to be consumed by humans. + type: string + reason: + description: reason is the reason for the condition's last transition. Reasons + are PascalCase + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the state of the operator's reconciliation + functionality. + type: string + type: object + type: array + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml new file mode 100644 index 00000000000..4f4862bef74 --- /dev/null +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml @@ -0,0 +1,312 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: Default + labels: + openshift.io/operator-managed: "" + name: kubeletconfigs.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: KubeletConfig + listKind: KubeletConfigList + plural: kubeletconfigs + singular: kubeletconfig + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + KubeletConfig describes a customized Kubelet configuration. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec contains the desired kubelet configuration. + properties: + autoSizingReserved: + type: boolean + kubeletConfig: + description: |- + kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by + OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from + upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes + for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable. + type: object + x-kubernetes-preserve-unknown-fields: true + logLevel: + format: int32 + type: integer + machineConfigPoolSelector: + description: |- + machineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. + A nil selector will result in no pools being selected. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + tlsSecurityProfile: + description: |- + If unset, the default is based on the apiservers.config.openshift.io/cluster resource. + Note that only Old and Intermediate profiles are currently supported, and + the maximum available minTLSVersion is VersionTLS12. + properties: + custom: + description: |- + custom is a user-defined TLS security profile. Be extremely careful using a custom + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: + + minTLSVersion: VersionTLS11 + ciphers: + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + nullable: true + properties: + ciphers: + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + ciphers: + - DES-CBC3-SHA + items: + type: string + type: array + x-kubernetes-list-type: atomic + minTLSVersion: + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + minTLSVersion: VersionTLS11 + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + intermediate: + description: |- + intermediate is a TLS profile for use when you do not need compatibility with + legacy clients and want to remain highly secure while being compatible with + most clients currently in use. + + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + nullable: true + type: object + modern: + description: |- + modern is a TLS security profile for use with clients that support TLS 1.3 and + do not need backward compatibility for older clients. + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS13 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + nullable: true + type: object + old: + description: |- + old is a TLS profile for use when services need to be accessed by very old + clients or libraries and should be used only as a last resort. + + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS10 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 + - ECDHE-ECDSA-AES128-SHA256 + - ECDHE-RSA-AES128-SHA256 + - ECDHE-ECDSA-AES128-SHA + - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 + - ECDHE-ECDSA-AES256-SHA + - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 + - AES128-GCM-SHA256 + - AES256-GCM-SHA384 + - AES128-SHA256 + - AES256-SHA256 + - AES128-SHA + - AES256-SHA + - DES-CBC3-SHA + nullable: true + type: object + type: + description: |- + type is one of Old, Intermediate, Modern or Custom. Custom provides the + ability to specify individual TLS security profile parameters. + + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + + The profiles are intent based, so they may change over time as new ciphers are + developed and existing ciphers are found to be insecure. Depending on + precisely which ciphers are available to a process, the list may be reduced. + enum: + - Old + - Intermediate + - Modern + - Custom + type: string + type: object + type: object + status: + description: status contains observed information about the kubelet configuration. + properties: + conditions: + description: conditions represents the latest available observations + of current state. + items: + description: KubeletConfigCondition defines the state of the KubeletConfig + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status object. + format: date-time + nullable: true + type: string + message: + description: |- + message provides additional information about the current condition. + This is only to be consumed by humans. + type: string + reason: + description: reason is the reason for the condition's last transition. Reasons + are PascalCase + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the state of the operator's reconciliation + functionality. + type: string + type: object + type: array + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..309a946b023 --- /dev/null +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml @@ -0,0 +1,344 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: DevPreviewNoUpgrade + labels: + openshift.io/operator-managed: "" + name: kubeletconfigs.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: KubeletConfig + listKind: KubeletConfigList + plural: kubeletconfigs + singular: kubeletconfig + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + KubeletConfig describes a customized Kubelet configuration. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec contains the desired kubelet configuration. + properties: + autoSizingReserved: + type: boolean + kubeletConfig: + description: |- + kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by + OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from + upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes + for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable. + type: object + x-kubernetes-preserve-unknown-fields: true + logLevel: + format: int32 + type: integer + machineConfigPoolSelector: + description: |- + machineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. + A nil selector will result in no pools being selected. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + tlsSecurityProfile: + description: |- + If unset, the default is based on the apiservers.config.openshift.io/cluster resource. + Note that only Old and Intermediate profiles are currently supported, and + the maximum available minTLSVersion is VersionTLS12. + properties: + custom: + description: |- + custom is a user-defined TLS security profile. Be extremely careful using a custom + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: + + minTLSVersion: VersionTLS11 + ciphers: + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + nullable: true + properties: + ciphers: + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + ciphers: + - DES-CBC3-SHA + items: + type: string + type: array + x-kubernetes-list-type: atomic + curves: + description: |- + curves is an optional field used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. + + When omitted, this means no opinion and the platform is left to choose reasonable defaults which are + subject to change over time and may be different per platform component depending on the underlying TLS + libraries they use. If specified, the list must contain at least one curve. + + For example, to use X25519 and SecP256r1 (yaml): + + curves: + - X25519 + - SecP256r1 + items: + description: |- + TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. + There is a one-to-one mapping between these names and the curve IDs defined + in crypto/tls package based on IANA's "TLS Supported Groups" registry: + https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + enum: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + type: string + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: set + minTLSVersion: + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + minTLSVersion: VersionTLS11 + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + intermediate: + description: |- + intermediate is a TLS profile for use when you do not need compatibility with + legacy clients and want to remain highly secure while being compatible with + most clients currently in use. + + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + nullable: true + type: object + modern: + description: |- + modern is a TLS security profile for use with clients that support TLS 1.3 and + do not need backward compatibility for older clients. + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS13 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + nullable: true + type: object + old: + description: |- + old is a TLS profile for use when services need to be accessed by very old + clients or libraries and should be used only as a last resort. + + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS10 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 + - ECDHE-ECDSA-AES128-SHA256 + - ECDHE-RSA-AES128-SHA256 + - ECDHE-ECDSA-AES128-SHA + - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 + - ECDHE-ECDSA-AES256-SHA + - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 + - AES128-GCM-SHA256 + - AES256-GCM-SHA384 + - AES128-SHA256 + - AES256-SHA256 + - AES128-SHA + - AES256-SHA + - DES-CBC3-SHA + nullable: true + type: object + type: + description: |- + type is one of Old, Intermediate, Modern or Custom. Custom provides the + ability to specify individual TLS security profile parameters. + + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + + The profiles are intent based, so they may change over time as new ciphers are + developed and existing ciphers are found to be insecure. Depending on + precisely which ciphers are available to a process, the list may be reduced. + enum: + - Old + - Intermediate + - Modern + - Custom + type: string + type: object + type: object + status: + description: status contains observed information about the kubelet configuration. + properties: + conditions: + description: conditions represents the latest available observations + of current state. + items: + description: KubeletConfigCondition defines the state of the KubeletConfig + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status object. + format: date-time + nullable: true + type: string + message: + description: |- + message provides additional information about the current condition. + This is only to be consumed by humans. + type: string + reason: + description: reason is the reason for the condition's last transition. Reasons + are PascalCase + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the state of the operator's reconciliation + functionality. + type: string + type: object + type: array + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml similarity index 87% rename from payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs.crd.yaml rename to payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml index 4be92099f4f..f108c4f6d98 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml @@ -6,6 +6,7 @@ metadata: api.openshift.io/merged-by-featuregates: "true" include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: OKD labels: openshift.io/operator-managed: "" name: kubeletconfigs.machineconfiguration.openshift.io @@ -131,8 +132,11 @@ spec: custom: description: |- custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: minTLSVersion: VersionTLS11 ciphers: @@ -145,14 +149,11 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries that their operands - do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): ciphers: - - ECDHE-RSA-AES128-GCM-SHA256 - - TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable - and are always enabled when TLS 1.3 is negotiated. + - DES-CBC3-SHA items: type: string type: array @@ -177,6 +178,12 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 ciphers: @@ -189,13 +196,16 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -209,6 +219,12 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 ciphers: @@ -221,15 +237,23 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 + - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -240,10 +264,9 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..faf7987cd1d --- /dev/null +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,344 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + labels: + openshift.io/operator-managed: "" + name: kubeletconfigs.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: KubeletConfig + listKind: KubeletConfigList + plural: kubeletconfigs + singular: kubeletconfig + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: |- + KubeletConfig describes a customized Kubelet configuration. + + Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: spec contains the desired kubelet configuration. + properties: + autoSizingReserved: + type: boolean + kubeletConfig: + description: |- + kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by + OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from + upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes + for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable. + type: object + x-kubernetes-preserve-unknown-fields: true + logLevel: + format: int32 + type: integer + machineConfigPoolSelector: + description: |- + machineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. + A nil selector will result in no pools being selected. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + tlsSecurityProfile: + description: |- + If unset, the default is based on the apiservers.config.openshift.io/cluster resource. + Note that only Old and Intermediate profiles are currently supported, and + the maximum available minTLSVersion is VersionTLS12. + properties: + custom: + description: |- + custom is a user-defined TLS security profile. Be extremely careful using a custom + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: + + minTLSVersion: VersionTLS11 + ciphers: + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + nullable: true + properties: + ciphers: + description: |- + ciphers is used to specify the cipher algorithms that are negotiated + during the TLS handshake. Operators may remove entries their operands + do not support. For example, to use DES-CBC3-SHA (yaml): + + ciphers: + - DES-CBC3-SHA + items: + type: string + type: array + x-kubernetes-list-type: atomic + curves: + description: |- + curves is an optional field used to specify the elliptic curves that are used during + the TLS handshake. Operators may remove entries their operands do + not support. + + When omitted, this means no opinion and the platform is left to choose reasonable defaults which are + subject to change over time and may be different per platform component depending on the underlying TLS + libraries they use. If specified, the list must contain at least one curve. + + For example, to use X25519 and SecP256r1 (yaml): + + curves: + - X25519 + - SecP256r1 + items: + description: |- + TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. + There is a one-to-one mapping between these names and the curve IDs defined + in crypto/tls package based on IANA's "TLS Supported Groups" registry: + https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + enum: + - X25519 + - SecP256r1 + - SecP384r1 + - SecP521r1 + - X25519MLKEM768 + type: string + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: set + minTLSVersion: + description: |- + minTLSVersion is used to specify the minimal version of the TLS protocol + that is negotiated during the TLS handshake. For example, to use TLS + versions 1.1, 1.2 and 1.3 (yaml): + + minTLSVersion: VersionTLS11 + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + intermediate: + description: |- + intermediate is a TLS profile for use when you do not need compatibility with + legacy clients and want to remain highly secure while being compatible with + most clients currently in use. + + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "intermediate" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + nullable: true + type: object + modern: + description: |- + modern is a TLS security profile for use with clients that support TLS 1.3 and + do not need backward compatibility for older clients. + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS13 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + nullable: true + type: object + old: + description: |- + old is a TLS profile for use when services need to be accessed by very old + clients or libraries and should be used only as a last resort. + + The cipher list includes TLS 1.3 ciphers for forward compatibility, followed + by the "old" profile ciphers. + + The curve list includes by default the following curves: + X25519, SecP256r1, SecP384r1, X25519MLKEM768. + + This profile is equivalent to a Custom profile specified as: + minTLSVersion: VersionTLS10 + ciphers: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - ECDHE-ECDSA-AES128-GCM-SHA256 + - ECDHE-RSA-AES128-GCM-SHA256 + - ECDHE-ECDSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-GCM-SHA384 + - ECDHE-ECDSA-CHACHA20-POLY1305 + - ECDHE-RSA-CHACHA20-POLY1305 + - DHE-RSA-AES128-GCM-SHA256 + - DHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-CHACHA20-POLY1305 + - ECDHE-ECDSA-AES128-SHA256 + - ECDHE-RSA-AES128-SHA256 + - ECDHE-ECDSA-AES128-SHA + - ECDHE-RSA-AES128-SHA + - ECDHE-ECDSA-AES256-SHA384 + - ECDHE-RSA-AES256-SHA384 + - ECDHE-ECDSA-AES256-SHA + - ECDHE-RSA-AES256-SHA + - DHE-RSA-AES128-SHA256 + - DHE-RSA-AES256-SHA256 + - AES128-GCM-SHA256 + - AES256-GCM-SHA384 + - AES128-SHA256 + - AES256-SHA256 + - AES128-SHA + - AES256-SHA + - DES-CBC3-SHA + nullable: true + type: object + type: + description: |- + type is one of Old, Intermediate, Modern or Custom. Custom provides the + ability to specify individual TLS security profile parameters. + + The profiles are currently based on version 5.0 of the Mozilla Server Side TLS + configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for + forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + + The profiles are intent based, so they may change over time as new ciphers are + developed and existing ciphers are found to be insecure. Depending on + precisely which ciphers are available to a process, the list may be reduced. + enum: + - Old + - Intermediate + - Modern + - Custom + type: string + type: object + type: object + status: + description: status contains observed information about the kubelet configuration. + properties: + conditions: + description: conditions represents the latest available observations + of current state. + items: + description: KubeletConfigCondition defines the state of the KubeletConfig + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status object. + format: date-time + nullable: true + type: string + message: + description: |- + message provides additional information about the current condition. + This is only to be consumed by humans. + type: string + reason: + description: reason is the reason for the condition's last transition. Reasons + are PascalCase + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the state of the operator's reconciliation + functionality. + type: string + type: object + type: array + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. + format: int64 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/payload-manifests/featuregates/featureGate-4-10-Hypershift-Default.yaml b/payload-manifests/featuregates/featureGate-4-10-Hypershift-Default.yaml index 1e7bbbf9722..761e90a6d4a 100644 --- a/payload-manifests/featuregates/featureGate-4-10-Hypershift-Default.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-Hypershift-Default.yaml @@ -26,15 +26,9 @@ { "name": "AWSDualStackInstall" }, - { - "name": "AWSEuropeanSovereignCloudInstall" - }, { "name": "AWSServiceLBNetworkSecurityGroup" }, - { - "name": "AdditionalStorageConfig" - }, { "name": "AutomatedEtcdBackup" }, @@ -47,6 +41,9 @@ { "name": "AzureMultiDisk" }, + { + "name": "BootImageSkewEnforcement" + }, { "name": "BootcNodeManagement" }, @@ -107,9 +104,6 @@ { "name": "ClusterUpdateAcceptRisks" }, - { - "name": "ClusterUpdatePreflight" - }, { "name": "ClusterVersionOperatorConfiguration" }, @@ -149,9 +143,6 @@ { "name": "Example2" }, - { - "name": "ExternalOIDCExternalClaimsSourcing" - }, { "name": "ExternalOIDCWithUpstreamParity" }, @@ -197,9 +188,6 @@ { "name": "MachineAPIMigrationOpenStack" }, - { - "name": "MachineAPIMigrationVSphere" - }, { "name": "MachineAPIOperatorDisableMachineHealthCheckController" }, @@ -233,9 +221,6 @@ { "name": "NewOLMCatalogdAPIV1Metas" }, - { - "name": "NewOLMConfigAPI" - }, { "name": "NewOLMOwnSingleNamespace" }, @@ -245,9 +230,6 @@ { "name": "NewOLMWebhookProviderOpenshiftServiceCA" }, - { - "name": "NoOverlayMode" - }, { "name": "NoRegistryClusterInstall" }, @@ -276,11 +258,14 @@ "name": "SignatureStores" }, { - "name": "TLSAdherence" + "name": "TLSCurvePreferences" }, { "name": "VSphereConfigurableMaxAllowedBlockVolumesPerNode" }, + { + "name": "VSphereHostVMGroupZonal" + }, { "name": "VSphereMixedNodeEnv" }, @@ -298,9 +283,6 @@ { "name": "AzureWorkloadIdentity" }, - { - "name": "BootImageSkewEnforcement" - }, { "name": "BuildCSIVolumes" }, @@ -316,12 +298,24 @@ { "name": "GCPClusterHostedDNSInstall" }, + { + "name": "GatewayAPI" + }, + { + "name": "GatewayAPIController" + }, + { + "name": "HighlyAvailableArbiter" + }, { "name": "HyperShiftOnlyDynamicResourceAllocation" }, { "name": "ImageStreamImportMode" }, + { + "name": "ImageVolume" + }, { "name": "InsightsConfig" }, @@ -331,9 +325,24 @@ { "name": "KMSv1" }, + { + "name": "MachineConfigNodes" + }, + { + "name": "ManagedBootImages" + }, + { + "name": "ManagedBootImagesAWS" + }, + { + "name": "ManagedBootImagesAzure" + }, { "name": "ManagedBootImagesCPMS" }, + { + "name": "ManagedBootImagesvSphere" + }, { "name": "MetricsCollectionProfiles" }, @@ -343,6 +352,9 @@ { "name": "OpenShiftPodSecurityAdmission" }, + { + "name": "PinnedImages" + }, { "name": "RouteExternalCertificate" }, @@ -367,9 +379,6 @@ { "name": "UserNamespacesSupport" }, - { - "name": "VSphereHostVMGroupZonal" - }, { "name": "VSphereMultiDisk" }, diff --git a/payload-manifests/featuregates/featureGate-4-10-Hypershift-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-4-10-Hypershift-DevPreviewNoUpgrade.yaml index 58a39e75712..984df4ba410 100644 --- a/payload-manifests/featuregates/featureGate-4-10-Hypershift-DevPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-Hypershift-DevPreviewNoUpgrade.yaml @@ -40,9 +40,6 @@ { "name": "NewOLMCatalogdAPIV1Metas" }, - { - "name": "NewOLMConfigAPI" - }, { "name": "NewOLMOwnSingleNamespace" }, @@ -72,15 +69,9 @@ { "name": "AWSDualStackInstall" }, - { - "name": "AWSEuropeanSovereignCloudInstall" - }, { "name": "AWSServiceLBNetworkSecurityGroup" }, - { - "name": "AdditionalStorageConfig" - }, { "name": "AutomatedEtcdBackup" }, @@ -159,9 +150,6 @@ { "name": "ClusterUpdateAcceptRisks" }, - { - "name": "ClusterUpdatePreflight" - }, { "name": "ClusterVersionOperatorConfiguration" }, @@ -204,9 +192,6 @@ { "name": "ExternalOIDC" }, - { - "name": "ExternalOIDCExternalClaimsSourcing" - }, { "name": "ExternalOIDCWithUIDAndExtraClaimMappings" }, @@ -231,9 +216,18 @@ { "name": "GCPDualStackInstall" }, + { + "name": "GatewayAPI" + }, + { + "name": "GatewayAPIController" + }, { "name": "GatewayAPIWithoutOLM" }, + { + "name": "HighlyAvailableArbiter" + }, { "name": "HyperShiftOnlyDynamicResourceAllocation" }, @@ -243,6 +237,9 @@ { "name": "ImageStreamImportMode" }, + { + "name": "ImageVolume" + }, { "name": "IngressControllerDynamicConfigurationManager" }, @@ -274,11 +271,23 @@ "name": "MachineAPIMigrationOpenStack" }, { - "name": "MachineAPIMigrationVSphere" + "name": "MachineConfigNodes" + }, + { + "name": "ManagedBootImages" + }, + { + "name": "ManagedBootImagesAWS" + }, + { + "name": "ManagedBootImagesAzure" }, { "name": "ManagedBootImagesCPMS" }, + { + "name": "ManagedBootImagesvSphere" + }, { "name": "MaxUnavailableStatefulSet" }, @@ -303,9 +312,6 @@ { "name": "NetworkConnect" }, - { - "name": "NoOverlayMode" - }, { "name": "NutanixMultiSubnets" }, @@ -321,6 +327,9 @@ { "name": "OpenShiftPodSecurityAdmission" }, + { + "name": "PinnedImages" + }, { "name": "ProvisioningRequestAvailable" }, @@ -346,7 +355,7 @@ "name": "StoragePerformantSecurityPolicy" }, { - "name": "TLSAdherence" + "name": "TLSCurvePreferences" }, { "name": "UpgradeStatus" diff --git a/payload-manifests/featuregates/featureGate-4-10-Hypershift-OKD.yaml b/payload-manifests/featuregates/featureGate-4-10-Hypershift-OKD.yaml index 80234030144..2c2d2f2d490 100644 --- a/payload-manifests/featuregates/featureGate-4-10-Hypershift-OKD.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-Hypershift-OKD.yaml @@ -28,15 +28,9 @@ { "name": "AWSDualStackInstall" }, - { - "name": "AWSEuropeanSovereignCloudInstall" - }, { "name": "AWSServiceLBNetworkSecurityGroup" }, - { - "name": "AdditionalStorageConfig" - }, { "name": "AutomatedEtcdBackup" }, @@ -49,6 +43,9 @@ { "name": "AzureMultiDisk" }, + { + "name": "BootImageSkewEnforcement" + }, { "name": "BootcNodeManagement" }, @@ -109,9 +106,6 @@ { "name": "ClusterUpdateAcceptRisks" }, - { - "name": "ClusterUpdatePreflight" - }, { "name": "ClusterVersionOperatorConfiguration" }, @@ -151,9 +145,6 @@ { "name": "Example2" }, - { - "name": "ExternalOIDCExternalClaimsSourcing" - }, { "name": "ExternalOIDCWithUpstreamParity" }, @@ -199,9 +190,6 @@ { "name": "MachineAPIMigrationOpenStack" }, - { - "name": "MachineAPIMigrationVSphere" - }, { "name": "MachineAPIOperatorDisableMachineHealthCheckController" }, @@ -235,9 +223,6 @@ { "name": "NewOLMCatalogdAPIV1Metas" }, - { - "name": "NewOLMConfigAPI" - }, { "name": "NewOLMOwnSingleNamespace" }, @@ -247,9 +232,6 @@ { "name": "NewOLMWebhookProviderOpenshiftServiceCA" }, - { - "name": "NoOverlayMode" - }, { "name": "NoRegistryClusterInstall" }, @@ -278,11 +260,14 @@ "name": "SignatureStores" }, { - "name": "TLSAdherence" + "name": "TLSCurvePreferences" }, { "name": "VSphereConfigurableMaxAllowedBlockVolumesPerNode" }, + { + "name": "VSphereHostVMGroupZonal" + }, { "name": "VSphereMixedNodeEnv" }, @@ -300,9 +285,6 @@ { "name": "AzureWorkloadIdentity" }, - { - "name": "BootImageSkewEnforcement" - }, { "name": "BuildCSIVolumes" }, @@ -318,12 +300,24 @@ { "name": "GCPClusterHostedDNSInstall" }, + { + "name": "GatewayAPI" + }, + { + "name": "GatewayAPIController" + }, + { + "name": "HighlyAvailableArbiter" + }, { "name": "HyperShiftOnlyDynamicResourceAllocation" }, { "name": "ImageStreamImportMode" }, + { + "name": "ImageVolume" + }, { "name": "InsightsConfig" }, @@ -333,9 +327,24 @@ { "name": "KMSv1" }, + { + "name": "MachineConfigNodes" + }, + { + "name": "ManagedBootImages" + }, + { + "name": "ManagedBootImagesAWS" + }, + { + "name": "ManagedBootImagesAzure" + }, { "name": "ManagedBootImagesCPMS" }, + { + "name": "ManagedBootImagesvSphere" + }, { "name": "MetricsCollectionProfiles" }, @@ -345,6 +354,9 @@ { "name": "OpenShiftPodSecurityAdmission" }, + { + "name": "PinnedImages" + }, { "name": "RouteExternalCertificate" }, @@ -369,9 +381,6 @@ { "name": "UserNamespacesSupport" }, - { - "name": "VSphereHostVMGroupZonal" - }, { "name": "VSphereMultiDisk" }, diff --git a/payload-manifests/featuregates/featureGate-4-10-Hypershift-TechPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-4-10-Hypershift-TechPreviewNoUpgrade.yaml index 92eaf5dbab7..e58468cafd0 100644 --- a/payload-manifests/featuregates/featureGate-4-10-Hypershift-TechPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-Hypershift-TechPreviewNoUpgrade.yaml @@ -28,30 +28,18 @@ { "name": "ClusterAPIInstall" }, - { - "name": "ClusterUpdatePreflight" - }, - { - "name": "ConfidentialCluster" - }, { "name": "EventedPLEG" }, { "name": "Example2" }, - { - "name": "ExternalOIDCExternalClaimsSourcing" - }, { "name": "ExternalSnapshotMetadata" }, { "name": "KMSEncryptionProvider" }, - { - "name": "MachineAPIMigrationVSphere" - }, { "name": "MachineAPIOperatorDisableMachineHealthCheckController" }, @@ -70,9 +58,6 @@ { "name": "NewOLMCatalogdAPIV1Metas" }, - { - "name": "NewOLMConfigAPI" - }, { "name": "NewOLMOwnSingleNamespace" }, @@ -90,9 +75,6 @@ }, { "name": "ShortCertRotation" - }, - { - "name": "VSphereMultiVCenterDay2" } ], "enabled": [ @@ -108,15 +90,9 @@ { "name": "AWSDualStackInstall" }, - { - "name": "AWSEuropeanSovereignCloudInstall" - }, { "name": "AWSServiceLBNetworkSecurityGroup" }, - { - "name": "AdditionalStorageConfig" - }, { "name": "AutomatedEtcdBackup" }, @@ -246,9 +222,18 @@ { "name": "GCPDualStackInstall" }, + { + "name": "GatewayAPI" + }, + { + "name": "GatewayAPIController" + }, { "name": "GatewayAPIWithoutOLM" }, + { + "name": "HighlyAvailableArbiter" + }, { "name": "HyperShiftOnlyDynamicResourceAllocation" }, @@ -258,6 +243,9 @@ { "name": "ImageStreamImportMode" }, + { + "name": "ImageVolume" + }, { "name": "IngressControllerDynamicConfigurationManager" }, @@ -285,9 +273,24 @@ { "name": "MachineAPIMigrationOpenStack" }, + { + "name": "MachineConfigNodes" + }, + { + "name": "ManagedBootImages" + }, + { + "name": "ManagedBootImagesAWS" + }, + { + "name": "ManagedBootImagesAzure" + }, { "name": "ManagedBootImagesCPMS" }, + { + "name": "ManagedBootImagesvSphere" + }, { "name": "MaxUnavailableStatefulSet" }, @@ -309,9 +312,6 @@ { "name": "MutatingAdmissionPolicy" }, - { - "name": "NoOverlayMode" - }, { "name": "NutanixMultiSubnets" }, @@ -327,6 +327,9 @@ { "name": "OpenShiftPodSecurityAdmission" }, + { + "name": "PinnedImages" + }, { "name": "RouteExternalCertificate" }, @@ -349,7 +352,7 @@ "name": "StoragePerformantSecurityPolicy" }, { - "name": "TLSAdherence" + "name": "TLSCurvePreferences" }, { "name": "UpgradeStatus" diff --git a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-Default.yaml b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-Default.yaml index db208cded2d..5bcfb966e6f 100644 --- a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-Default.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-Default.yaml @@ -27,13 +27,13 @@ "name": "AWSDualStackInstall" }, { - "name": "AWSEuropeanSovereignCloudInstall" + "name": "AWSServiceLBNetworkSecurityGroup" }, { - "name": "AdditionalStorageConfig" + "name": "AutomatedEtcdBackup" }, { - "name": "AutomatedEtcdBackup" + "name": "AzureClusterHostedDNSInstall" }, { "name": "AzureDedicatedHosts" @@ -44,6 +44,9 @@ { "name": "AzureMultiDisk" }, + { + "name": "BootImageSkewEnforcement" + }, { "name": "BootcNodeManagement" }, @@ -104,15 +107,9 @@ { "name": "ClusterUpdateAcceptRisks" }, - { - "name": "ClusterUpdatePreflight" - }, { "name": "ClusterVersionOperatorConfiguration" }, - { - "name": "ConfidentialCluster" - }, { "name": "ConfigurablePKI" }, @@ -146,9 +143,6 @@ { "name": "Example2" }, - { - "name": "ExternalOIDCExternalClaimsSourcing" - }, { "name": "ExternalOIDCWithUpstreamParity" }, @@ -197,9 +191,6 @@ { "name": "MachineAPIMigrationOpenStack" }, - { - "name": "MachineAPIMigrationVSphere" - }, { "name": "MachineAPIOperatorDisableMachineHealthCheckController" }, @@ -230,18 +221,9 @@ { "name": "NewOLMCatalogdAPIV1Metas" }, - { - "name": "NewOLMConfigAPI" - }, - { - "name": "NewOLMOwnSingleNamespace" - }, { "name": "NewOLMPreflightPermissionChecks" }, - { - "name": "NoOverlayMode" - }, { "name": "NoRegistryClusterInstall" }, @@ -270,34 +252,25 @@ "name": "SignatureStores" }, { - "name": "TLSAdherence" + "name": "TLSCurvePreferences" }, { "name": "VSphereConfigurableMaxAllowedBlockVolumesPerNode" }, { - "name": "VSphereMixedNodeEnv" + "name": "VSphereHostVMGroupZonal" }, { - "name": "VSphereMultiVCenterDay2" + "name": "VSphereMixedNodeEnv" }, { "name": "VolumeGroupSnapshot" } ], "enabled": [ - { - "name": "AWSServiceLBNetworkSecurityGroup" - }, - { - "name": "AzureClusterHostedDNSInstall" - }, { "name": "AzureWorkloadIdentity" }, - { - "name": "BootImageSkewEnforcement" - }, { "name": "BuildCSIVolumes" }, @@ -313,9 +286,21 @@ { "name": "GCPClusterHostedDNSInstall" }, + { + "name": "GatewayAPI" + }, + { + "name": "GatewayAPIController" + }, + { + "name": "HighlyAvailableArbiter" + }, { "name": "ImageStreamImportMode" }, + { + "name": "ImageVolume" + }, { "name": "InsightsConfig" }, @@ -325,9 +310,24 @@ { "name": "KMSv1" }, + { + "name": "MachineConfigNodes" + }, + { + "name": "ManagedBootImages" + }, + { + "name": "ManagedBootImagesAWS" + }, + { + "name": "ManagedBootImagesAzure" + }, { "name": "ManagedBootImagesCPMS" }, + { + "name": "ManagedBootImagesvSphere" + }, { "name": "MetricsCollectionProfiles" }, @@ -337,12 +337,18 @@ { "name": "NewOLM" }, + { + "name": "NewOLMOwnSingleNamespace" + }, { "name": "NewOLMWebhookProviderOpenshiftServiceCA" }, { "name": "OpenShiftPodSecurityAdmission" }, + { + "name": "PinnedImages" + }, { "name": "RouteExternalCertificate" }, @@ -367,9 +373,6 @@ { "name": "UserNamespacesSupport" }, - { - "name": "VSphereHostVMGroupZonal" - }, { "name": "VSphereMultiDisk" }, diff --git a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-DevPreviewNoUpgrade.yaml index ce805891d3f..7bdded5b27d 100644 --- a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-DevPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-DevPreviewNoUpgrade.yaml @@ -51,15 +51,9 @@ { "name": "AWSDualStackInstall" }, - { - "name": "AWSEuropeanSovereignCloudInstall" - }, { "name": "AWSServiceLBNetworkSecurityGroup" }, - { - "name": "AdditionalStorageConfig" - }, { "name": "AutomatedEtcdBackup" }, @@ -138,9 +132,6 @@ { "name": "ClusterUpdateAcceptRisks" }, - { - "name": "ClusterUpdatePreflight" - }, { "name": "ClusterVersionOperatorConfiguration" }, @@ -183,9 +174,6 @@ { "name": "ExternalOIDC" }, - { - "name": "ExternalOIDCExternalClaimsSourcing" - }, { "name": "ExternalOIDCWithUIDAndExtraClaimMappings" }, @@ -210,15 +198,27 @@ { "name": "GCPDualStackInstall" }, + { + "name": "GatewayAPI" + }, + { + "name": "GatewayAPIController" + }, { "name": "GatewayAPIWithoutOLM" }, + { + "name": "HighlyAvailableArbiter" + }, { "name": "ImageModeStatusReporting" }, { "name": "ImageStreamImportMode" }, + { + "name": "ImageVolume" + }, { "name": "IngressControllerDynamicConfigurationManager" }, @@ -250,11 +250,23 @@ "name": "MachineAPIMigrationOpenStack" }, { - "name": "MachineAPIMigrationVSphere" + "name": "MachineConfigNodes" + }, + { + "name": "ManagedBootImages" + }, + { + "name": "ManagedBootImagesAWS" + }, + { + "name": "ManagedBootImagesAzure" }, { "name": "ManagedBootImagesCPMS" }, + { + "name": "ManagedBootImagesvSphere" + }, { "name": "MaxUnavailableStatefulSet" }, @@ -288,9 +300,6 @@ { "name": "NewOLMCatalogdAPIV1Metas" }, - { - "name": "NewOLMConfigAPI" - }, { "name": "NewOLMOwnSingleNamespace" }, @@ -300,9 +309,6 @@ { "name": "NewOLMWebhookProviderOpenshiftServiceCA" }, - { - "name": "NoOverlayMode" - }, { "name": "NoRegistryClusterInstall" }, @@ -321,6 +327,9 @@ { "name": "OpenShiftPodSecurityAdmission" }, + { + "name": "PinnedImages" + }, { "name": "ProvisioningRequestAvailable" }, @@ -346,7 +355,7 @@ "name": "StoragePerformantSecurityPolicy" }, { - "name": "TLSAdherence" + "name": "TLSCurvePreferences" }, { "name": "UpgradeStatus" diff --git a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-OKD.yaml b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-OKD.yaml index 3c46a9898b3..f1549350c21 100644 --- a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-OKD.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-OKD.yaml @@ -29,13 +29,13 @@ "name": "AWSDualStackInstall" }, { - "name": "AWSEuropeanSovereignCloudInstall" + "name": "AWSServiceLBNetworkSecurityGroup" }, { - "name": "AdditionalStorageConfig" + "name": "AutomatedEtcdBackup" }, { - "name": "AutomatedEtcdBackup" + "name": "AzureClusterHostedDNSInstall" }, { "name": "AzureDedicatedHosts" @@ -46,6 +46,9 @@ { "name": "AzureMultiDisk" }, + { + "name": "BootImageSkewEnforcement" + }, { "name": "BootcNodeManagement" }, @@ -106,15 +109,9 @@ { "name": "ClusterUpdateAcceptRisks" }, - { - "name": "ClusterUpdatePreflight" - }, { "name": "ClusterVersionOperatorConfiguration" }, - { - "name": "ConfidentialCluster" - }, { "name": "ConfigurablePKI" }, @@ -148,9 +145,6 @@ { "name": "Example2" }, - { - "name": "ExternalOIDCExternalClaimsSourcing" - }, { "name": "ExternalOIDCWithUpstreamParity" }, @@ -199,9 +193,6 @@ { "name": "MachineAPIMigrationOpenStack" }, - { - "name": "MachineAPIMigrationVSphere" - }, { "name": "MachineAPIOperatorDisableMachineHealthCheckController" }, @@ -232,18 +223,9 @@ { "name": "NewOLMCatalogdAPIV1Metas" }, - { - "name": "NewOLMConfigAPI" - }, - { - "name": "NewOLMOwnSingleNamespace" - }, { "name": "NewOLMPreflightPermissionChecks" }, - { - "name": "NoOverlayMode" - }, { "name": "NoRegistryClusterInstall" }, @@ -272,34 +254,25 @@ "name": "SignatureStores" }, { - "name": "TLSAdherence" + "name": "TLSCurvePreferences" }, { "name": "VSphereConfigurableMaxAllowedBlockVolumesPerNode" }, { - "name": "VSphereMixedNodeEnv" + "name": "VSphereHostVMGroupZonal" }, { - "name": "VSphereMultiVCenterDay2" + "name": "VSphereMixedNodeEnv" }, { "name": "VolumeGroupSnapshot" } ], "enabled": [ - { - "name": "AWSServiceLBNetworkSecurityGroup" - }, - { - "name": "AzureClusterHostedDNSInstall" - }, { "name": "AzureWorkloadIdentity" }, - { - "name": "BootImageSkewEnforcement" - }, { "name": "BuildCSIVolumes" }, @@ -315,9 +288,21 @@ { "name": "GCPClusterHostedDNSInstall" }, + { + "name": "GatewayAPI" + }, + { + "name": "GatewayAPIController" + }, + { + "name": "HighlyAvailableArbiter" + }, { "name": "ImageStreamImportMode" }, + { + "name": "ImageVolume" + }, { "name": "InsightsConfig" }, @@ -327,9 +312,24 @@ { "name": "KMSv1" }, + { + "name": "MachineConfigNodes" + }, + { + "name": "ManagedBootImages" + }, + { + "name": "ManagedBootImagesAWS" + }, + { + "name": "ManagedBootImagesAzure" + }, { "name": "ManagedBootImagesCPMS" }, + { + "name": "ManagedBootImagesvSphere" + }, { "name": "MetricsCollectionProfiles" }, @@ -339,12 +339,18 @@ { "name": "NewOLM" }, + { + "name": "NewOLMOwnSingleNamespace" + }, { "name": "NewOLMWebhookProviderOpenshiftServiceCA" }, { "name": "OpenShiftPodSecurityAdmission" }, + { + "name": "PinnedImages" + }, { "name": "RouteExternalCertificate" }, @@ -369,9 +375,6 @@ { "name": "UserNamespacesSupport" }, - { - "name": "VSphereHostVMGroupZonal" - }, { "name": "VSphereMultiDisk" }, diff --git a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-TechPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-TechPreviewNoUpgrade.yaml index 40a154cf401..204b2e54551 100644 --- a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-TechPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-TechPreviewNoUpgrade.yaml @@ -28,21 +28,12 @@ { "name": "ClusterAPIInstall" }, - { - "name": "ClusterUpdatePreflight" - }, - { - "name": "ConfidentialCluster" - }, { "name": "EventedPLEG" }, { "name": "Example2" }, - { - "name": "ExternalOIDCExternalClaimsSourcing" - }, { "name": "ExternalSnapshotMetadata" }, @@ -52,9 +43,6 @@ { "name": "KMSEncryptionProvider" }, - { - "name": "MachineAPIMigrationVSphere" - }, { "name": "MachineAPIOperatorDisableMachineHealthCheckController" }, @@ -69,9 +57,6 @@ }, { "name": "ShortCertRotation" - }, - { - "name": "VSphereMultiVCenterDay2" } ], "enabled": [ @@ -87,15 +72,9 @@ { "name": "AWSDualStackInstall" }, - { - "name": "AWSEuropeanSovereignCloudInstall" - }, { "name": "AWSServiceLBNetworkSecurityGroup" }, - { - "name": "AdditionalStorageConfig" - }, { "name": "AutomatedEtcdBackup" }, @@ -225,15 +204,27 @@ { "name": "GCPDualStackInstall" }, + { + "name": "GatewayAPI" + }, + { + "name": "GatewayAPIController" + }, { "name": "GatewayAPIWithoutOLM" }, + { + "name": "HighlyAvailableArbiter" + }, { "name": "ImageModeStatusReporting" }, { "name": "ImageStreamImportMode" }, + { + "name": "ImageVolume" + }, { "name": "IngressControllerDynamicConfigurationManager" }, @@ -261,9 +252,24 @@ { "name": "MachineAPIMigrationOpenStack" }, + { + "name": "MachineConfigNodes" + }, + { + "name": "ManagedBootImages" + }, + { + "name": "ManagedBootImagesAWS" + }, + { + "name": "ManagedBootImagesAzure" + }, { "name": "ManagedBootImagesCPMS" }, + { + "name": "ManagedBootImagesvSphere" + }, { "name": "MaxUnavailableStatefulSet" }, @@ -294,9 +300,6 @@ { "name": "NewOLMCatalogdAPIV1Metas" }, - { - "name": "NewOLMConfigAPI" - }, { "name": "NewOLMOwnSingleNamespace" }, @@ -306,9 +309,6 @@ { "name": "NewOLMWebhookProviderOpenshiftServiceCA" }, - { - "name": "NoOverlayMode" - }, { "name": "NoRegistryClusterInstall" }, @@ -327,6 +327,9 @@ { "name": "OpenShiftPodSecurityAdmission" }, + { + "name": "PinnedImages" + }, { "name": "RouteExternalCertificate" }, @@ -349,7 +352,7 @@ "name": "StoragePerformantSecurityPolicy" }, { - "name": "TLSAdherence" + "name": "TLSCurvePreferences" }, { "name": "UpgradeStatus" From f7e26178c3e1aa84a8b904807cc7f74cf0245487 Mon Sep 17 00:00:00 2001 From: Davide Salerno Date: Fri, 13 Feb 2026 14:56:32 +0100 Subject: [PATCH 2/7] Update config/v1/types_tlssecurityprofile.go Co-authored-by: Bryce Palmer --- config/v1/types_tlssecurityprofile.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/config/v1/types_tlssecurityprofile.go b/config/v1/types_tlssecurityprofile.go index 33fab07827c..f6b03654259 100644 --- a/config/v1/types_tlssecurityprofile.go +++ b/config/v1/types_tlssecurityprofile.go @@ -164,11 +164,11 @@ const ( // TLSCurveX25519 represents X25519. TLSCurveX25519 TLSCurve = "X25519" // TLSCurveSecp256r1 represents P-256 (secp256r1). - TLSCurveSecp256r1 TLSCurve = "SecP256r1" - // TLSCurveSecp384r1 represents P-384 (secp384r1). - TLSCurveSecp384r1 TLSCurve = "SecP384r1" - // TLSCurveSecp521r1 represents P-521 (secp521r1). - TLSCurveSecp521r1 TLSCurve = "SecP521r1" + TLSCurveSecP256r1 TLSCurve = "SecP256r1" + // TLSCurveSecP384r1 represents P-384 (secp384r1). + TLSCurveSecP384r1 TLSCurve = "SecP384r1" + // TLSCurveSecP521r1 represents P-521 (secp521r1). + TLSCurveSecP521r1 TLSCurve = "SecP521r1" // TLSCurveX25519MLKEM768 represents X25519MLKEM768. TLSCurveX25519MLKEM768 TLSCurve = "X25519MLKEM768" ) From 3c6362203e6754d15bd682575e4fb66c51014629 Mon Sep 17 00:00:00 2001 From: Davide Salerno Date: Fri, 13 Feb 2026 15:22:51 +0100 Subject: [PATCH 3/7] Add feature gate test to verify that curves could be omitted Signed-off-by: Davide Salerno --- .../TLSCurvePreferences.yaml | 38 ++++++++++++++ .../TLSCurvePreferences.yaml | 34 +++++++++++++ .../TLSCurvePreferences.yaml | 49 +++++++++++++++++++ 3 files changed, 121 insertions(+) diff --git a/config/v1/tests/apiservers.config.openshift.io/TLSCurvePreferences.yaml b/config/v1/tests/apiservers.config.openshift.io/TLSCurvePreferences.yaml index 8c64e86f331..24c04062f7d 100644 --- a/config/v1/tests/apiservers.config.openshift.io/TLSCurvePreferences.yaml +++ b/config/v1/tests/apiservers.config.openshift.io/TLSCurvePreferences.yaml @@ -281,6 +281,44 @@ tests: curves: - SecP256r1 - SecP384r1 + - name: Should be able to remove curves field from existing Custom TLS profile + initial: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - X25519 + - SecP256r1 + updated: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + audit: + profile: Default + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + expected: | + apiVersion: config.openshift.io/v1 + kind: APIServer + spec: + audit: + profile: Default + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 - name: Should fail to remove all curves from existing Custom TLS profile initial: | apiVersion: config.openshift.io/v1 diff --git a/machineconfiguration/v1/tests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml b/machineconfiguration/v1/tests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml index 91c35ef490e..38d5250e744 100644 --- a/machineconfiguration/v1/tests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml +++ b/machineconfiguration/v1/tests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml @@ -263,6 +263,40 @@ tests: curves: - SecP256r1 - SecP384r1 + - name: Should be able to remove curves field from existing Custom TLS profile + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - X25519 + - SecP256r1 + updated: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 - name: Should fail to remove all curves from existing Custom TLS profile initial: | apiVersion: machineconfiguration.openshift.io/v1 diff --git a/operator/v1/tests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml b/operator/v1/tests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml index 52918acc95d..59b1a7c276d 100644 --- a/operator/v1/tests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml +++ b/operator/v1/tests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml @@ -347,6 +347,55 @@ tests: curves: - SecP256r1 - SecP384r1 + - name: Should be able to remove curves field from existing Custom TLS profile + initial: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + curves: + - X25519 + - SecP256r1 + updated: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + closedClientConnectionPolicy: Continue + httpEmptyRequestsPolicy: Respond + idleConnectionTerminationPolicy: Immediate + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 + expected: | + apiVersion: operator.openshift.io/v1 + kind: IngressController + metadata: + name: default + namespace: openshift-ingress-operator + spec: + closedClientConnectionPolicy: Continue + httpEmptyRequestsPolicy: Respond + idleConnectionTerminationPolicy: Immediate + tlsSecurityProfile: + type: Custom + custom: + minTLSVersion: VersionTLS12 + ciphers: + - TLS_AES_128_GCM_SHA256 - name: Should fail to remove all curves from existing Custom TLS profile initial: | apiVersion: operator.openshift.io/v1 From c305b14a887a98c375501b77dfad4df65568c747 Mon Sep 17 00:00:00 2001 From: Davide Salerno Date: Fri, 13 Feb 2026 15:39:31 +0100 Subject: [PATCH 4/7] make update Signed-off-by: Davide Salerno --- config/v1/types_tlssecurityprofile.go | 12 ++++++------ ...g-operator_01_apiservers-CustomNoUpgrade.crd.yaml | 6 ------ ...10_config-operator_01_apiservers-Default.crd.yaml | 6 ------ ...erator_01_apiservers-DevPreviewNoUpgrade.crd.yaml | 6 ------ ...000_10_config-operator_01_apiservers-OKD.crd.yaml | 6 ------ ...rator_01_apiservers-TechPreviewNoUpgrade.crd.yaml | 6 ------ .../apiservers.config.openshift.io/AAA_ungated.yaml | 6 ------ .../KMSEncryption.yaml | 6 ------ .../KMSEncryptionProvider.yaml | 6 ------ .../TLSCurvePreferences.yaml | 6 ------ config/v1/zz_generated.swagger_doc_generated.go | 4 ++-- ...config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml | 6 ------ ...machine-config_01_kubeletconfigs-Default.crd.yaml | 6 ------ ...ig_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml | 6 ------ ..._80_machine-config_01_kubeletconfigs-OKD.crd.yaml | 6 ------ ...g_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml | 6 ------ .../AAA_ungated.yaml | 6 ------ .../TLSCurvePreferences.yaml | 6 ------ openapi/generated_openapi/zz_generated.openapi.go | 4 ++-- openapi/openapi.json | 10 +++++----- ...ss_00_ingresscontrollers-CustomNoUpgrade.crd.yaml | 6 ------ ...50_ingress_00_ingresscontrollers-Default.crd.yaml | 6 ------ ...0_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml | 6 ------ ...000_50_ingress_00_ingresscontrollers-OKD.crd.yaml | 6 ------ ..._ingresscontrollers-TechPreviewNoUpgrade.crd.yaml | 6 ------ .../AAA_ungated.yaml | 6 ------ .../TLSCurvePreferences.yaml | 6 ------ ...g-operator_01_apiservers-CustomNoUpgrade.crd.yaml | 6 ------ ...10_config-operator_01_apiservers-Default.crd.yaml | 6 ------ ...erator_01_apiservers-DevPreviewNoUpgrade.crd.yaml | 6 ------ ...000_10_config-operator_01_apiservers-OKD.crd.yaml | 6 ------ ...rator_01_apiservers-TechPreviewNoUpgrade.crd.yaml | 6 ------ ...config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml | 6 ------ ...machine-config_01_kubeletconfigs-Default.crd.yaml | 6 ------ ...ig_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml | 6 ------ ..._80_machine-config_01_kubeletconfigs-OKD.crd.yaml | 6 ------ ...g_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml | 6 ------ 37 files changed, 15 insertions(+), 213 deletions(-) diff --git a/config/v1/types_tlssecurityprofile.go b/config/v1/types_tlssecurityprofile.go index f6b03654259..20e8a5fcebf 100644 --- a/config/v1/types_tlssecurityprofile.go +++ b/config/v1/types_tlssecurityprofile.go @@ -278,8 +278,8 @@ var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ }, Curves: []TLSCurve{ TLSCurveX25519, - TLSCurveSecp256r1, - TLSCurveSecp384r1, + TLSCurveSecP256r1, + TLSCurveSecP384r1, TLSCurveX25519MLKEM768, }, MinTLSVersion: VersionTLS10, @@ -298,8 +298,8 @@ var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ }, Curves: []TLSCurve{ TLSCurveX25519, - TLSCurveSecp256r1, - TLSCurveSecp384r1, + TLSCurveSecP256r1, + TLSCurveSecP384r1, TLSCurveX25519MLKEM768, }, MinTLSVersion: VersionTLS12, @@ -312,8 +312,8 @@ var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ }, Curves: []TLSCurve{ TLSCurveX25519, - TLSCurveSecp256r1, - TLSCurveSecp384r1, + TLSCurveSecP256r1, + TLSCurveSecP384r1, TLSCurveX25519MLKEM768, }, MinTLSVersion: VersionTLS13, diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml index 12e5d935da3..cd5c1a61a81 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml @@ -416,9 +416,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -457,9 +454,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml index 32e3cf9b8bd..8ba7facfc69 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml @@ -279,9 +279,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -320,9 +317,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml index 9bc55b2073c..73781b19307 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml @@ -416,9 +416,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -457,9 +454,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml index a5677d9b594..1b4e173f19c 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml @@ -279,9 +279,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -320,9 +317,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml index 809806f3720..d0ef4fc5ae4 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml @@ -348,9 +348,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -389,9 +386,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/AAA_ungated.yaml b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/AAA_ungated.yaml index 14dccbabaf1..2fc78499889 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/AAA_ungated.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/AAA_ungated.yaml @@ -279,9 +279,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -320,9 +317,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryption.yaml b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryption.yaml index e879458c8ce..a2ba0bfb023 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryption.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryption.yaml @@ -280,9 +280,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -321,9 +318,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml index ddd39480293..02387876d84 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml @@ -348,9 +348,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -389,9 +386,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSCurvePreferences.yaml b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSCurvePreferences.yaml index 5ca0e619e3d..b0f319cd494 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSCurvePreferences.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSCurvePreferences.yaml @@ -306,9 +306,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -347,9 +344,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/config/v1/zz_generated.swagger_doc_generated.go b/config/v1/zz_generated.swagger_doc_generated.go index f19eecdec90..1c7818e836c 100644 --- a/config/v1/zz_generated.swagger_doc_generated.go +++ b/config/v1/zz_generated.swagger_doc_generated.go @@ -3020,8 +3020,8 @@ func (TLSProfileSpec) SwaggerDoc() map[string]string { var map_TLSSecurityProfile = map[string]string{ "": "TLSSecurityProfile defines the schema for a TLS security profile. This object is used by operators to apply TLS security settings to operands.", "type": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe profiles are currently based on version 5.0 of the Mozilla Server Side TLS configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.", - "old": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe cipher list includes TLS 1.3 ciphers for forward compatibility, followed by the \"old\" profile ciphers.\n\nThe curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n - DHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - DHE-RSA-AES128-SHA256\n - DHE-RSA-AES256-SHA256\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", - "intermediate": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe cipher list includes TLS 1.3 ciphers for forward compatibility, followed by the \"intermediate\" profile ciphers.\n\nThe curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384", + "old": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n - DHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - DHE-RSA-AES128-SHA256\n - DHE-RSA-AES256-SHA256\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", + "intermediate": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384", "modern": "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256", "custom": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic.\n\nThe curve list for this profile is empty by default.\n\nAn example custom profile looks like this:\n\n minTLSVersion: VersionTLS11\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256", } diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml index 70203c6c034..f76d502a787 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml @@ -195,9 +195,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -236,9 +233,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml index 4f4862bef74..0efeb5e4878 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml @@ -163,9 +163,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -204,9 +201,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml index 309a946b023..a017bef104c 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml @@ -195,9 +195,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -236,9 +233,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml index f108c4f6d98..8bd5df06334 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml @@ -178,9 +178,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -219,9 +216,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml index faf7987cd1d..573ed55ddaa 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml @@ -195,9 +195,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -236,9 +233,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml index ea3ef5f4e5d..ba86b0a6ae5 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml @@ -178,9 +178,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -219,9 +216,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml index b349b320971..8d98c12e564 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml @@ -195,9 +195,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -236,9 +233,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index 48bfdc64a99..404e88b56b1 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -20982,13 +20982,13 @@ func schema_openshift_api_config_v1_TLSSecurityProfile(ref common.ReferenceCallb }, "old": { SchemaProps: spec.SchemaProps{ - Description: "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe cipher list includes TLS 1.3 ciphers for forward compatibility, followed by the \"old\" profile ciphers.\n\nThe curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n - DHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - DHE-RSA-AES128-SHA256\n - DHE-RSA-AES256-SHA256\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", + Description: "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n - DHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - DHE-RSA-AES128-SHA256\n - DHE-RSA-AES256-SHA256\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", Ref: ref("github.com/openshift/api/config/v1.OldTLSProfile"), }, }, "intermediate": { SchemaProps: spec.SchemaProps{ - Description: "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe cipher list includes TLS 1.3 ciphers for forward compatibility, followed by the \"intermediate\" profile ciphers.\n\nThe curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384", + Description: "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384", Ref: ref("github.com/openshift/api/config/v1.IntermediateTLSProfile"), }, }, diff --git a/openapi/openapi.json b/openapi/openapi.json index 6370299e664..350ccb3d897 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -6348,7 +6348,7 @@ "x-kubernetes-list-type": "atomic" }, "curves": { - "description": "curves is used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use.\n\nFor example, to use X25519 and P-256 (yaml):\n\n curves:\n - X25519\n - P-256", + "description": "curves is an optional field used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one curve.\n\nFor example, to use X25519 and SecP256r1 (yaml):\n\n curves:\n - X25519\n - SecP256r1", "type": "array", "items": { "type": "string", @@ -11329,7 +11329,7 @@ "x-kubernetes-list-type": "atomic" }, "curves": { - "description": "curves is used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use.\n\nFor example, to use X25519 and P-256 (yaml):\n\n curves:\n - X25519\n - P-256", + "description": "curves is an optional field used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one curve.\n\nFor example, to use X25519 and SecP256r1 (yaml):\n\n curves:\n - X25519\n - SecP256r1", "type": "array", "items": { "type": "string", @@ -11353,15 +11353,15 @@ "$ref": "#/definitions/com.github.openshift.api.config.v1.CustomTLSProfile" }, "intermediate": { - "description": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe cipher list includes TLS 1.3 ciphers for forward compatibility, followed by the \"intermediate\" profile ciphers.\n\nThe curve list includes by default the following curves: X25519, P-256, P-384, P-521, X25519MLKEM768, P256r1MLKEM768, P384r1MLKEM1024.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384", + "description": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384", "$ref": "#/definitions/com.github.openshift.api.config.v1.IntermediateTLSProfile" }, "modern": { - "description": "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: X25519, P-256, P-384, P-521, X25519MLKEM768, P256r1MLKEM768, P384r1MLKEM1024. This profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256", + "description": "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256", "$ref": "#/definitions/com.github.openshift.api.config.v1.ModernTLSProfile" }, "old": { - "description": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe cipher list includes TLS 1.3 ciphers for forward compatibility, followed by the \"old\" profile ciphers.\n\nThe curve list includes by default the following curves: X25519, P-256, P-384, P-521, X25519MLKEM768, P256r1MLKEM768, P384r1MLKEM1024.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n - DHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - DHE-RSA-AES128-SHA256\n - DHE-RSA-AES256-SHA256\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", + "description": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n - DHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - DHE-RSA-AES128-SHA256\n - DHE-RSA-AES256-SHA256\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", "$ref": "#/definitions/com.github.openshift.api.config.v1.OldTLSProfile" }, "type": { diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml index 8eadb4ca4c8..e857d998609 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml @@ -2070,9 +2070,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -2111,9 +2108,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml index 88cff97976a..13c6c8aec62 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml @@ -2038,9 +2038,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -2079,9 +2076,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml index 8fab4f058aa..54921998907 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml @@ -2070,9 +2070,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -2111,9 +2108,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml index de764ecb9dc..4cd3e405431 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml @@ -2039,9 +2039,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -2080,9 +2077,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml index 2efe9d649b5..c752ebb4261 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml @@ -2070,9 +2070,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -2111,9 +2108,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml index 16d19bfd51c..97248333389 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml @@ -2032,9 +2032,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -2073,9 +2070,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml index 4bfbf596c2d..4527400dec1 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml @@ -2063,9 +2063,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -2104,9 +2101,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml index 12e5d935da3..cd5c1a61a81 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml @@ -416,9 +416,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -457,9 +454,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-Default.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-Default.crd.yaml index 32e3cf9b8bd..8ba7facfc69 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-Default.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-Default.crd.yaml @@ -279,9 +279,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -320,9 +317,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml index 9bc55b2073c..73781b19307 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml @@ -416,9 +416,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -457,9 +454,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-OKD.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-OKD.crd.yaml index a5677d9b594..1b4e173f19c 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-OKD.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-OKD.crd.yaml @@ -279,9 +279,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -320,9 +317,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml index 809806f3720..d0ef4fc5ae4 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml @@ -348,9 +348,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -389,9 +386,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml index 70203c6c034..f76d502a787 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml @@ -195,9 +195,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -236,9 +233,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml index 4f4862bef74..0efeb5e4878 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml @@ -163,9 +163,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -204,9 +201,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml index 309a946b023..a017bef104c 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml @@ -195,9 +195,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -236,9 +233,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml index f108c4f6d98..8bd5df06334 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml @@ -178,9 +178,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -219,9 +216,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml index faf7987cd1d..573ed55ddaa 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml @@ -195,9 +195,6 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "intermediate" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. @@ -236,9 +233,6 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The cipher list includes TLS 1.3 ciphers for forward compatibility, followed - by the "old" profile ciphers. - The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. From 1ed9a333716a7c63b1fcd24559a0781e14b32386 Mon Sep 17 00:00:00 2001 From: Davide Salerno Date: Fri, 13 Feb 2026 16:12:41 +0100 Subject: [PATCH 5/7] make update after rebase Regenerate CRD manifests, OpenAPI definitions, and swagger docs after rebasing on upstream/master Signed-off-by: Davide Salerno --- .../TLSCurvePreferences.yaml | 52 +- config/v1/types_tlssecurityprofile.go | 22 +- ...usterversions-DevPreviewNoUpgrade.crd.yaml | 17 - ...tor_01_apiservers-CustomNoUpgrade.crd.yaml | 44 +- ...ig-operator_01_apiservers-Default.crd.yaml | 32 +- ...01_apiservers-DevPreviewNoUpgrade.crd.yaml | 83 +- ...config-operator_01_apiservers-OKD.crd.yaml | 32 +- ...1_apiservers-TechPreviewNoUpgrade.crd.yaml | 83 +- ...ator_01_dnses-DevPreviewNoUpgrade.crd.yaml | 2 +- ...tor_01_dnses-TechPreviewNoUpgrade.crd.yaml | 2 +- ...erator_01_infrastructures-Default.crd.yaml | 11 - ...g-operator_01_infrastructures-OKD.crd.yaml | 11 - ..._generated.featuregated-crd-manifests.yaml | 7 +- .../AAA_ungated.yaml | 32 +- .../KMSEncryption.yaml | 32 +- .../KMSEncryptionProvider.yaml | 32 +- .../TLSAdherence.yaml | 16 +- .../TLSCurvePreferences.yaml | 44 +- .../v1/zz_generated.swagger_doc_generated.go | 12 +- features.md | 26 +- features/features.go | 2 +- .../TLSCurvePreferences.yaml | 52 +- ...untimeconfigs-DevPreviewNoUpgrade.crd.yaml | 131 - ...ntimeconfigs-TechPreviewNoUpgrade.crd.yaml | 131 - ...nfig_01_controllerconfigs-Default.crd.yaml | 13 - ...rollerconfigs-DevPreviewNoUpgrade.crd.yaml | 2 +- ...e-config_01_controllerconfigs-OKD.crd.yaml | 13 - ...ollerconfigs-TechPreviewNoUpgrade.crd.yaml | 2 +- ...01_kubeletconfigs-CustomNoUpgrade.crd.yaml | 45 +- ...-config_01_kubeletconfigs-Default.crd.yaml | 33 +- ...ubeletconfigs-DevPreviewNoUpgrade.crd.yaml | 45 +- ...hine-config_01_kubeletconfigs-OKD.crd.yaml | 32 +- ...beletconfigs-TechPreviewNoUpgrade.crd.yaml | 45 +- .../AAA_ungated.yaml | 32 +- .../TLSCurvePreferences.yaml | 45 +- .../generated_openapi/zz_generated.openapi.go | 27628 ++++++++-------- openapi/openapi.json | 209 +- .../TLSCurvePreferences.yaml | 52 +- ...tercsidrivers-DevPreviewNoUpgrade.crd.yaml | 2 +- ...ercsidrivers-TechPreviewNoUpgrade.crd.yaml | 2 +- ...ngresscontrollers-CustomNoUpgrade.crd.yaml | 99 +- ...ess_00_ingresscontrollers-Default.crd.yaml | 44 +- ...sscontrollers-DevPreviewNoUpgrade.crd.yaml | 99 +- ...ingress_00_ingresscontrollers-OKD.crd.yaml | 41 +- ...scontrollers-TechPreviewNoUpgrade.crd.yaml | 99 +- ...k_01_networks-DevPreviewNoUpgrade.crd.yaml | 107 - ..._01_networks-TechPreviewNoUpgrade.crd.yaml | 107 - ..._01_machineconfigurations-Default.crd.yaml | 252 - ...nfig_01_machineconfigurations-OKD.crd.yaml | 252 - ..._generated.featuregated-crd-manifests.yaml | 8 +- .../AAA_ungated.yaml | 41 +- ...ControllerDynamicConfigurationManager.yaml | 16 +- .../TLSCurvePreferences.yaml | 68 +- ...tor_01_apiservers-CustomNoUpgrade.crd.yaml | 44 +- ...ig-operator_01_apiservers-Default.crd.yaml | 32 +- ...01_apiservers-DevPreviewNoUpgrade.crd.yaml | 83 +- ...config-operator_01_apiservers-OKD.crd.yaml | 32 +- ...1_apiservers-TechPreviewNoUpgrade.crd.yaml | 83 +- ...ator_01_dnses-DevPreviewNoUpgrade.crd.yaml | 2 +- ...tor_01_dnses-TechPreviewNoUpgrade.crd.yaml | 2 +- ...erator_01_infrastructures-Default.crd.yaml | 11 - ...g-operator_01_infrastructures-OKD.crd.yaml | 11 - ...tercsidrivers-DevPreviewNoUpgrade.crd.yaml | 2 +- ...ercsidrivers-TechPreviewNoUpgrade.crd.yaml | 2 +- ...untimeconfigs-DevPreviewNoUpgrade.crd.yaml | 131 - ...ntimeconfigs-TechPreviewNoUpgrade.crd.yaml | 131 - ...nfig_01_controllerconfigs-Default.crd.yaml | 13 - ...rollerconfigs-DevPreviewNoUpgrade.crd.yaml | 2 +- ...e-config_01_controllerconfigs-OKD.crd.yaml | 13 - ...ollerconfigs-TechPreviewNoUpgrade.crd.yaml | 2 +- ...01_kubeletconfigs-CustomNoUpgrade.crd.yaml | 45 +- ...-config_01_kubeletconfigs-Default.crd.yaml | 33 +- ...ubeletconfigs-DevPreviewNoUpgrade.crd.yaml | 45 +- ...hine-config_01_kubeletconfigs-OKD.crd.yaml | 32 +- ...beletconfigs-TechPreviewNoUpgrade.crd.yaml | 45 +- ..._01_machineconfigurations-Default.crd.yaml | 252 - ...nfig_01_machineconfigurations-OKD.crd.yaml | 252 - .../featureGate-4-10-Hypershift-Default.yaml | 66 +- ...e-4-10-Hypershift-DevPreviewNoUpgrade.yaml | 50 +- .../featureGate-4-10-Hypershift-OKD.yaml | 66 +- ...-4-10-Hypershift-TechPreviewNoUpgrade.yaml | 54 +- ...eatureGate-4-10-SelfManagedHA-Default.yaml | 74 +- ...-10-SelfManagedHA-DevPreviewNoUpgrade.yaml | 50 +- .../featureGate-4-10-SelfManagedHA-OKD.yaml | 74 +- ...10-SelfManagedHA-TechPreviewNoUpgrade.yaml | 54 +- 85 files changed, 15742 insertions(+), 16387 deletions(-) diff --git a/config/v1/tests/apiservers.config.openshift.io/TLSCurvePreferences.yaml b/config/v1/tests/apiservers.config.openshift.io/TLSCurvePreferences.yaml index 24c04062f7d..2d1b1677526 100644 --- a/config/v1/tests/apiservers.config.openshift.io/TLSCurvePreferences.yaml +++ b/config/v1/tests/apiservers.config.openshift.io/TLSCurvePreferences.yaml @@ -19,7 +19,7 @@ tests: - TLS_AES_256_GCM_SHA384 curves: - X25519 - - SecP256r1 + - secp256r1 expected: | apiVersion: config.openshift.io/v1 kind: APIServer @@ -35,7 +35,7 @@ tests: - TLS_AES_256_GCM_SHA384 curves: - X25519 - - SecP256r1 + - secp256r1 - name: Should be able to create with all supported curves initial: | apiVersion: config.openshift.io/v1 @@ -49,9 +49,9 @@ tests: - TLS_AES_128_GCM_SHA256 curves: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 expected: | apiVersion: config.openshift.io/v1 @@ -67,9 +67,9 @@ tests: - TLS_AES_128_GCM_SHA256 curves: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 - name: Should fail to create with Custom TLS profile and empty curves initial: | @@ -119,8 +119,8 @@ tests: ciphers: - TLS_AES_128_GCM_SHA256 curves: - - SecP256r1 - - SecP384r1 + - secp256r1 + - secp384r1 expected: | apiVersion: config.openshift.io/v1 kind: APIServer @@ -134,8 +134,8 @@ tests: ciphers: - TLS_AES_128_GCM_SHA256 curves: - - SecP256r1 - - SecP384r1 + - secp256r1 + - secp384r1 - name: Should be able to create with Custom TLS profile VersionTLS11 and curves initial: | apiVersion: config.openshift.io/v1 @@ -148,7 +148,7 @@ tests: ciphers: - TLS_AES_128_GCM_SHA256 curves: - - SecP384r1 + - secp384r1 expected: | apiVersion: config.openshift.io/v1 kind: APIServer @@ -162,7 +162,7 @@ tests: ciphers: - TLS_AES_128_GCM_SHA256 curves: - - SecP384r1 + - secp384r1 - name: Should fail to create with more than 5 curves initial: | apiVersion: config.openshift.io/v1 @@ -176,9 +176,9 @@ tests: - TLS_AES_128_GCM_SHA256 curves: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 - X25519 expectedError: "spec.tlsSecurityProfile.custom.curves: Too many: 6: must have at most 5 items" @@ -195,7 +195,7 @@ tests: - TLS_AES_128_GCM_SHA256 curves: - InvalidCurve - expectedError: "spec.tlsSecurityProfile.custom.curves[0]: Unsupported value: \"InvalidCurve\": supported values: \"X25519\", \"SecP256r1\", \"SecP384r1\", \"SecP521r1\", \"X25519MLKEM768\"" + expectedError: "spec.tlsSecurityProfile.custom.curves[0]: Unsupported value: \"InvalidCurve\": supported values: \"X25519\", \"secp256r1\", \"secp384r1\", \"secp521r1\", \"X25519MLKEM768\"" onUpdate: - name: Should be able to add curves to existing Custom TLS profile initial: | @@ -222,7 +222,7 @@ tests: - TLS_AES_128_GCM_SHA256 curves: - X25519 - - SecP256r1 + - secp256r1 expected: | apiVersion: config.openshift.io/v1 kind: APIServer @@ -237,7 +237,7 @@ tests: - TLS_AES_128_GCM_SHA256 curves: - X25519 - - SecP256r1 + - secp256r1 - name: Should be able to update curves in existing Custom TLS profile initial: | apiVersion: config.openshift.io/v1 @@ -264,8 +264,8 @@ tests: ciphers: - TLS_AES_128_GCM_SHA256 curves: - - SecP256r1 - - SecP384r1 + - secp256r1 + - secp384r1 expected: | apiVersion: config.openshift.io/v1 kind: APIServer @@ -279,8 +279,8 @@ tests: ciphers: - TLS_AES_128_GCM_SHA256 curves: - - SecP256r1 - - SecP384r1 + - secp256r1 + - secp384r1 - name: Should be able to remove curves field from existing Custom TLS profile initial: | apiVersion: config.openshift.io/v1 @@ -294,7 +294,7 @@ tests: - TLS_AES_128_GCM_SHA256 curves: - X25519 - - SecP256r1 + - secp256r1 updated: | apiVersion: config.openshift.io/v1 kind: APIServer @@ -332,7 +332,7 @@ tests: - TLS_AES_128_GCM_SHA256 curves: - X25519 - - SecP256r1 + - secp256r1 updated: | apiVersion: config.openshift.io/v1 kind: APIServer diff --git a/config/v1/types_tlssecurityprofile.go b/config/v1/types_tlssecurityprofile.go index 20e8a5fcebf..ad5f76e22c3 100644 --- a/config/v1/types_tlssecurityprofile.go +++ b/config/v1/types_tlssecurityprofile.go @@ -24,7 +24,7 @@ type TLSSecurityProfile struct { // clients or libraries and should be used only as a last resort. // // The curve list includes by default the following curves: - // X25519, SecP256r1, SecP384r1, X25519MLKEM768. + // X25519, secp256r1, secp384r1, X25519MLKEM768. // // This profile is equivalent to a Custom profile specified as: // minTLSVersion: VersionTLS10 @@ -60,7 +60,7 @@ type TLSSecurityProfile struct { // most clients currently in use. // // The curve list includes by default the following curves: - // X25519, SecP256r1, SecP384r1, X25519MLKEM768. + // X25519, secp256r1, secp384r1, X25519MLKEM768. // // This profile is equivalent to a Custom profile specified as: // minTLSVersion: VersionTLS12 @@ -82,7 +82,7 @@ type TLSSecurityProfile struct { // modern is a TLS security profile for use with clients that support TLS 1.3 and // do not need backward compatibility for older clients. // The curve list includes by default the following curves: - // X25519, SecP256r1, SecP384r1, X25519MLKEM768. + // X25519, secp256r1, secp384r1, X25519MLKEM768. // This profile is equivalent to a Custom profile specified as: // minTLSVersion: VersionTLS13 // ciphers: @@ -157,18 +157,18 @@ const ( // in crypto/tls package based on IANA's "TLS Supported Groups" registry: // https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 // -// +kubebuilder:validation:Enum=X25519;SecP256r1;SecP384r1;SecP521r1;X25519MLKEM768 +// +kubebuilder:validation:Enum=X25519;secp256r1;secp384r1;secp521r1;X25519MLKEM768 type TLSCurve string const ( // TLSCurveX25519 represents X25519. TLSCurveX25519 TLSCurve = "X25519" // TLSCurveSecp256r1 represents P-256 (secp256r1). - TLSCurveSecP256r1 TLSCurve = "SecP256r1" + TLSCurveSecP256r1 TLSCurve = "secp256r1" // TLSCurveSecP384r1 represents P-384 (secp384r1). - TLSCurveSecP384r1 TLSCurve = "SecP384r1" + TLSCurveSecP384r1 TLSCurve = "secp384r1" // TLSCurveSecP521r1 represents P-521 (secp521r1). - TLSCurveSecP521r1 TLSCurve = "SecP521r1" + TLSCurveSecP521r1 TLSCurve = "secp521r1" // TLSCurveX25519MLKEM768 represents X25519MLKEM768. TLSCurveX25519MLKEM768 TLSCurve = "X25519MLKEM768" ) @@ -192,13 +192,13 @@ type TLSProfileSpec struct { // // When omitted, this means no opinion and the platform is left to choose reasonable defaults which are // subject to change over time and may be different per platform component depending on the underlying TLS - // libraries they use. If specified, the list must contain at least one curve. + // libraries they use. If specified, the list must contain at least one curve and each curve must be unique. // - // For example, to use X25519 and SecP256r1 (yaml): + // For example, to use X25519 and secp256r1 (yaml): // // curves: // - X25519 - // - SecP256r1 + // - secp256r1 // // +optional // +listType=set @@ -245,7 +245,7 @@ const ( // Go-specific "ciphers" from the guidelines JSON. // // TLSProfiles Old, Intermediate, Modern include by default the following -// curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768 +// curves: X25519, secp256r1, secp384r1, X25519MLKEM768 // // NOTE: The caller needs to make sure to check that these constants are valid // for their binary. Not all entries map to values for all binaries. In the case diff --git a/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml index 70a09d3ff0a..f24b2a16a15 100644 --- a/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml @@ -218,23 +218,6 @@ spec: When image is set, architecture cannot be specified. If both version and image are set, the version extracted from the referenced image must match the specified version. type: string - mode: - description: |- - mode determines how an update should be processed. - The only valid value is "Preflight". - When omitted, the cluster performs a normal update by applying the specified version or image to the cluster. - This is the standard update behavior. - When set to "Preflight", the cluster runs compatibility checks against the target release without - performing an actual update. Compatibility results, including any detected risks, are reported - in status.conditionalUpdates and status.conditionalUpdateRisks alongside risks from the update - recommendation service. - This allows administrators to assess update readiness and address issues before committing to the update. - Preflight mode is particularly useful for skip-level updates where upgrade compatibility needs to be - verified across multiple minor versions. - When mode is set to "Preflight", the same rules for version, image, and architecture apply as for normal updates. - enum: - - Preflight - type: string version: description: |- version is a semantic version identifying the update version. diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml index cd5c1a61a81..c14e3c36855 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml @@ -355,11 +355,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -372,13 +375,13 @@ spec: When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve. + libraries they use. If specified, the list must contain at least one curve and each curve must be unique. - For example, to use X25519 and SecP256r1 (yaml): + For example, to use X25519 and secp256r1 (yaml): curves: - X25519 - - SecP256r1 + - secp256r1 items: description: |- TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. @@ -387,9 +390,9 @@ spec: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 enum: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 type: string maxItems: 5 @@ -417,7 +420,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -431,8 +434,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -440,7 +441,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -455,7 +456,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -469,23 +470,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -496,9 +489,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml index 8ba7facfc69..a85382e5d90 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml @@ -250,11 +250,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -280,7 +283,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -294,8 +297,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -303,7 +304,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -318,7 +319,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -332,23 +333,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -359,9 +352,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml index 73781b19307..9c6194b3864 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml @@ -292,42 +292,6 @@ spec: type: array x-kubernetes-list-type: atomic type: object - tlsAdherence: - description: |- - tlsAdherence controls if components in the cluster adhere to the TLS security profile - configured on this APIServer resource. - - Valid values are "LegacyAdheringComponentsOnly" and "StrictAllComponents". - - When set to "LegacyAdheringComponentsOnly", components that already honor the - cluster-wide TLS profile continue to do so. Components that do not already honor - it continue to use their individual TLS configurations. - - When set to "StrictAllComponents", all components must honor the configured TLS - profile unless they have a component-specific TLS configuration that overrides - it. This mode is recommended for security-conscious deployments and is required - for certain compliance frameworks. - - Note: Some components such as Kubelet and IngressController have their own - dedicated TLS configuration mechanisms via KubeletConfig and IngressController - CRs respectively. When these component-specific TLS configurations are set, - they take precedence over the cluster-wide tlsSecurityProfile. When not set, - these components fall back to the cluster-wide default. - - Components that encounter an unknown value for tlsAdherence should treat it - as "StrictAllComponents" and log a warning to ensure forward compatibility - while defaulting to the more secure behavior. - - This field is optional. - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is LegacyAdheringComponentsOnly. - - Once set, this field may be changed to a different value, but may not be removed. - enum: - - LegacyAdheringComponentsOnly - - StrictAllComponents - type: string tlsSecurityProfile: description: |- tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. @@ -355,11 +319,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -372,13 +339,13 @@ spec: When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve. + libraries they use. If specified, the list must contain at least one curve and each curve must be unique. - For example, to use X25519 and SecP256r1 (yaml): + For example, to use X25519 and secp256r1 (yaml): curves: - X25519 - - SecP256r1 + - secp256r1 items: description: |- TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. @@ -387,9 +354,9 @@ spec: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 enum: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 type: string maxItems: 5 @@ -417,7 +384,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -431,8 +398,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -440,7 +405,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -455,7 +420,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -469,23 +434,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -496,9 +453,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -511,9 +469,6 @@ spec: type: string type: object type: object - x-kubernetes-validations: - - message: tlsAdherence may not be removed once set - rule: 'has(oldSelf.tlsAdherence) ? has(self.tlsAdherence) : true' status: description: status holds observed values from the cluster. They may not be overridden. diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml index 1b4e173f19c..653497138c1 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml @@ -250,11 +250,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -280,7 +283,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -294,8 +297,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -303,7 +304,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -318,7 +319,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -332,23 +333,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -359,9 +352,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml index d0ef4fc5ae4..4e977b3bac8 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml @@ -224,42 +224,6 @@ spec: type: array x-kubernetes-list-type: atomic type: object - tlsAdherence: - description: |- - tlsAdherence controls if components in the cluster adhere to the TLS security profile - configured on this APIServer resource. - - Valid values are "LegacyAdheringComponentsOnly" and "StrictAllComponents". - - When set to "LegacyAdheringComponentsOnly", components that already honor the - cluster-wide TLS profile continue to do so. Components that do not already honor - it continue to use their individual TLS configurations. - - When set to "StrictAllComponents", all components must honor the configured TLS - profile unless they have a component-specific TLS configuration that overrides - it. This mode is recommended for security-conscious deployments and is required - for certain compliance frameworks. - - Note: Some components such as Kubelet and IngressController have their own - dedicated TLS configuration mechanisms via KubeletConfig and IngressController - CRs respectively. When these component-specific TLS configurations are set, - they take precedence over the cluster-wide tlsSecurityProfile. When not set, - these components fall back to the cluster-wide default. - - Components that encounter an unknown value for tlsAdherence should treat it - as "StrictAllComponents" and log a warning to ensure forward compatibility - while defaulting to the more secure behavior. - - This field is optional. - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is LegacyAdheringComponentsOnly. - - Once set, this field may be changed to a different value, but may not be removed. - enum: - - LegacyAdheringComponentsOnly - - StrictAllComponents - type: string tlsSecurityProfile: description: |- tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. @@ -287,11 +251,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -304,13 +271,13 @@ spec: When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve. + libraries they use. If specified, the list must contain at least one curve and each curve must be unique. - For example, to use X25519 and SecP256r1 (yaml): + For example, to use X25519 and secp256r1 (yaml): curves: - X25519 - - SecP256r1 + - secp256r1 items: description: |- TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. @@ -319,9 +286,9 @@ spec: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 enum: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 type: string maxItems: 5 @@ -349,7 +316,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -363,8 +330,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -372,7 +337,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -387,7 +352,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -401,23 +366,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -428,9 +385,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -443,9 +401,6 @@ spec: type: string type: object type: object - x-kubernetes-validations: - - message: tlsAdherence may not be removed once set - rule: 'has(oldSelf.tlsAdherence) ? has(self.tlsAdherence) : true' status: description: status holds observed values from the cluster. They may not be overridden. diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-DevPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-DevPreviewNoUpgrade.crd.yaml index f2d9157713a..282c6b30021 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-DevPreviewNoUpgrade.crd.yaml @@ -81,7 +81,7 @@ spec: x-kubernetes-validations: - message: 'privateZoneIAMRole must be a valid AWS IAM role ARN in the format: arn::iam:::role/' - rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role/.*$') + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role/.*$') type: object type: description: |- diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-TechPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-TechPreviewNoUpgrade.crd.yaml index ce4e9b77f01..e7b1af06326 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-TechPreviewNoUpgrade.crd.yaml @@ -81,7 +81,7 @@ spec: x-kubernetes-validations: - message: 'privateZoneIAMRole must be a valid AWS IAM role ARN in the format: arn::iam:::role/' - rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role/.*$') + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role/.*$') type: object type: description: |- diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml index cc7fe5e2a2e..9c9cfb6fe37 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml @@ -828,17 +828,6 @@ spec: - topology - zone type: object - x-kubernetes-validations: - - message: when zoneAffinity type is HostGroup, regionAffinity - type must be ComputeCluster - rule: 'has(self.zoneAffinity) && self.zoneAffinity.type - == ''HostGroup'' ? has(self.regionAffinity) && self.regionAffinity.type - == ''ComputeCluster'' : true' - - message: when zoneAffinity type is ComputeCluster, regionAffinity - type must be Datacenter - rule: 'has(self.zoneAffinity) && self.zoneAffinity.type - == ''ComputeCluster'' ? has(self.regionAffinity) && - self.regionAffinity.type == ''Datacenter'' : true' type: array x-kubernetes-list-map-keys: - name diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml index 5a105a3c9b0..029cbc3f16b 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml @@ -828,17 +828,6 @@ spec: - topology - zone type: object - x-kubernetes-validations: - - message: when zoneAffinity type is HostGroup, regionAffinity - type must be ComputeCluster - rule: 'has(self.zoneAffinity) && self.zoneAffinity.type - == ''HostGroup'' ? has(self.regionAffinity) && self.regionAffinity.type - == ''ComputeCluster'' : true' - - message: when zoneAffinity type is ComputeCluster, regionAffinity - type must be Datacenter - rule: 'has(self.zoneAffinity) && self.zoneAffinity.type - == ''ComputeCluster'' ? has(self.regionAffinity) && - self.regionAffinity.type == ''Datacenter'' : true' type: array x-kubernetes-list-map-keys: - name diff --git a/config/v1/zz_generated.featuregated-crd-manifests.yaml b/config/v1/zz_generated.featuregated-crd-manifests.yaml index bac1ac4c831..d542bae1b98 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests.yaml @@ -8,6 +8,7 @@ apiservers.config.openshift.io: FeatureGates: - KMSEncryption - KMSEncryptionProvider + - TLSAdherence - TLSCurvePreferences FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" @@ -145,6 +146,7 @@ clusterversions.config.openshift.io: Category: "" FeatureGates: - ClusterUpdateAcceptRisks + - ClusterUpdatePreflight - ImageStreamImportMode - SignatureStores FilenameOperatorName: cluster-version-operator @@ -205,7 +207,8 @@ dnses.config.openshift.io: CRDName: dnses.config.openshift.io Capability: "" Category: "" - FeatureGates: [] + FeatureGates: + - AWSEuropeanSovereignCloudInstall FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" @@ -372,8 +375,6 @@ infrastructures.config.openshift.io: - DualReplica - DyanmicServiceEndpointIBMCloud - GCPClusterHostedDNSInstall - - HighlyAvailableArbiter - - HighlyAvailableArbiter+DualReplica - NutanixMultiSubnets - OnPremDNSRecords - VSphereHostVMGroupZonal diff --git a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/AAA_ungated.yaml b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/AAA_ungated.yaml index 2fc78499889..43079a4c7e8 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/AAA_ungated.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/AAA_ungated.yaml @@ -250,11 +250,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -280,7 +283,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -294,8 +297,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -303,7 +304,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -318,7 +319,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -332,23 +333,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -359,9 +352,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryption.yaml b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryption.yaml index a2ba0bfb023..3cd101714b0 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryption.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryption.yaml @@ -251,11 +251,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -281,7 +284,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -295,8 +298,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -304,7 +305,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -319,7 +320,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -333,23 +334,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -360,9 +353,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml index 02387876d84..7d9764f6480 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml @@ -319,11 +319,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -349,7 +352,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -363,8 +366,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -372,7 +373,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -387,7 +388,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -401,23 +402,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -428,9 +421,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSAdherence.yaml b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSAdherence.yaml index d5d2a4c888e..916475c4542 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSAdherence.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSAdherence.yaml @@ -264,8 +264,11 @@ spec: custom: description: |- custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: minTLSVersion: VersionTLS11 ciphers: @@ -310,6 +313,9 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. + The curve list includes by default the following curves: + X25519, secp256r1, secp384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 ciphers: @@ -328,7 +334,8 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - + The curve list includes by default the following curves: + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -342,6 +349,9 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. + The curve list includes by default the following curves: + X25519, secp256r1, secp384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 ciphers: diff --git a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSCurvePreferences.yaml b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSCurvePreferences.yaml index b0f319cd494..8780609bd3b 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSCurvePreferences.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSCurvePreferences.yaml @@ -245,11 +245,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -262,13 +265,13 @@ spec: When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve. + libraries they use. If specified, the list must contain at least one curve and each curve must be unique. - For example, to use X25519 and SecP256r1 (yaml): + For example, to use X25519 and secp256r1 (yaml): curves: - X25519 - - SecP256r1 + - secp256r1 items: description: |- TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. @@ -277,9 +280,9 @@ spec: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 enum: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 type: string maxItems: 5 @@ -307,7 +310,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -321,8 +324,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -330,7 +331,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -345,7 +346,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -359,23 +360,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -386,9 +379,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/config/v1/zz_generated.swagger_doc_generated.go b/config/v1/zz_generated.swagger_doc_generated.go index 1c7818e836c..dc615f32ebe 100644 --- a/config/v1/zz_generated.swagger_doc_generated.go +++ b/config/v1/zz_generated.swagger_doc_generated.go @@ -3008,8 +3008,8 @@ func (OldTLSProfile) SwaggerDoc() map[string]string { var map_TLSProfileSpec = map[string]string{ "": "TLSProfileSpec is the desired behavior of a TLSSecurityProfile.", - "ciphers": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", - "curves": "curves is an optional field used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one curve.\n\nFor example, to use X25519 and SecP256r1 (yaml):\n\n curves:\n - X25519\n - SecP256r1", + "ciphers": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries that their operands do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml):\n\n ciphers:\n - ECDHE-RSA-AES128-GCM-SHA256\n\nTLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable and are always enabled when TLS 1.3 is negotiated.", + "curves": "curves is an optional field used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one curve and each curve must be unique.\n\nFor example, to use X25519 and secp256r1 (yaml):\n\n curves:\n - X25519\n - secp256r1", "minTLSVersion": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11", } @@ -3019,10 +3019,10 @@ func (TLSProfileSpec) SwaggerDoc() map[string]string { var map_TLSSecurityProfile = map[string]string{ "": "TLSSecurityProfile defines the schema for a TLS security profile. This object is used by operators to apply TLS security settings to operands.", - "type": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe profiles are currently based on version 5.0 of the Mozilla Server Side TLS configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.", - "old": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n - DHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - DHE-RSA-AES128-SHA256\n - DHE-RSA-AES256-SHA256\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", - "intermediate": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384", - "modern": "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256", + "type": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe profiles are based on version 5.7 of the Mozilla Server Side TLS configuration guidelines. The cipher lists consist of the configuration's \"ciphersuites\" followed by the Go-specific \"ciphers\" from the guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.", + "old": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe curve list includes by default the following curves: X25519, secp256r1, secp384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", + "intermediate": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe curve list includes by default the following curves: X25519, secp256r1, secp384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305", + "modern": "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256", "custom": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic.\n\nThe curve list for this profile is empty by default.\n\nAn example custom profile looks like this:\n\n minTLSVersion: VersionTLS11\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256", } diff --git a/features.md b/features.md index c1827b5aae2..dde5d0712d1 100644 --- a/features.md +++ b/features.md @@ -8,12 +8,17 @@ | ShortCertRotation| | | | | | | | | | ClusterAPIComputeInstall| | | Enabled | Enabled | | | | | | ClusterAPIControlPlaneInstall| | | Enabled | Enabled | | | | | +| ClusterUpdatePreflight| | | Enabled | Enabled | | | | | | Example2| | | Enabled | Enabled | | | | | +| ExternalOIDCExternalClaimsSourcing| | | Enabled | Enabled | | | | | | ExternalSnapshotMetadata| | | Enabled | Enabled | | | | | | KMSEncryptionProvider| | | Enabled | Enabled | | | | | +| MachineAPIMigrationVSphere| | | Enabled | Enabled | | | | | | NetworkConnect| | | Enabled | Enabled | | | | | | NewOLMBoxCutterRuntime| | | | Enabled | | | | Enabled | | NewOLMCatalogdAPIV1Metas| | | | Enabled | | | | Enabled | +| NewOLMConfigAPI| | | | Enabled | | | | Enabled | +| NewOLMOwnSingleNamespace| | | | Enabled | | | | Enabled | | NewOLMPreflightPermissionChecks| | | | Enabled | | | | Enabled | | NoRegistryClusterInstall| | | | Enabled | | | | Enabled | | ProvisioningRequestAvailable| | | Enabled | Enabled | | | | | @@ -21,13 +26,13 @@ | AWSClusterHostedDNSInstall| | | Enabled | Enabled | | | Enabled | Enabled | | AWSDedicatedHosts| | | Enabled | Enabled | | | Enabled | Enabled | | AWSDualStackInstall| | | Enabled | Enabled | | | Enabled | Enabled | -| AWSServiceLBNetworkSecurityGroup| | | Enabled | Enabled | | | Enabled | Enabled | +| AWSEuropeanSovereignCloudInstall| | | Enabled | Enabled | | | Enabled | Enabled | +| AdditionalStorageConfig| | | Enabled | Enabled | | | Enabled | Enabled | | AutomatedEtcdBackup| | | Enabled | Enabled | | | Enabled | Enabled | | AzureClusterHostedDNSInstall| | | Enabled | Enabled | | | Enabled | Enabled | | AzureDedicatedHosts| | | Enabled | Enabled | | | Enabled | Enabled | | AzureDualStackInstall| | | Enabled | Enabled | | | Enabled | Enabled | | AzureMultiDisk| | | Enabled | Enabled | | | Enabled | Enabled | -| BootImageSkewEnforcement| | | Enabled | Enabled | | | Enabled | Enabled | | BootcNodeManagement| | | Enabled | Enabled | | | Enabled | Enabled | | CBORServingAndStorage| | | Enabled | Enabled | | | Enabled | Enabled | | CRDCompatibilityRequirementOperator| | | Enabled | Enabled | | | Enabled | Enabled | @@ -74,43 +79,35 @@ | MultiDiskSetup| | | Enabled | Enabled | | | Enabled | Enabled | | MutatingAdmissionPolicy| | | Enabled | Enabled | | | Enabled | Enabled | | NewOLM| | Enabled | | Enabled | | Enabled | | Enabled | -| NewOLMOwnSingleNamespace| | Enabled | | Enabled | | Enabled | | Enabled | | NewOLMWebhookProviderOpenshiftServiceCA| | Enabled | | Enabled | | Enabled | | Enabled | +| NoOverlayMode| | | Enabled | Enabled | | | Enabled | Enabled | | NutanixMultiSubnets| | | Enabled | Enabled | | | Enabled | Enabled | | OSStreams| | | Enabled | Enabled | | | Enabled | Enabled | | OVNObservability| | | Enabled | Enabled | | | Enabled | Enabled | | OnPremDNSRecords| | | Enabled | Enabled | | | Enabled | Enabled | | SELinuxMount| | | Enabled | Enabled | | | Enabled | Enabled | | SignatureStores| | | Enabled | Enabled | | | Enabled | Enabled | +| TLSAdherence| | | Enabled | Enabled | | | Enabled | Enabled | | TLSCurvePreferences| | | Enabled | Enabled | | | Enabled | Enabled | | VSphereConfigurableMaxAllowedBlockVolumesPerNode| | | Enabled | Enabled | | | Enabled | Enabled | -| VSphereHostVMGroupZonal| | | Enabled | Enabled | | | Enabled | Enabled | | VSphereMixedNodeEnv| | | Enabled | Enabled | | | Enabled | Enabled | | VolumeGroupSnapshot| | | Enabled | Enabled | | | Enabled | Enabled | +| AWSServiceLBNetworkSecurityGroup| | Enabled | Enabled | Enabled | | Enabled | Enabled | Enabled | | AzureWorkloadIdentity| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| BootImageSkewEnforcement| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | BuildCSIVolumes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ConsolePluginContentSecurityPolicy| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ExternalOIDC| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ExternalOIDCWithUIDAndExtraClaimMappings| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | GCPClusterHostedDNSInstall| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| GatewayAPI| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| GatewayAPIController| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| HighlyAvailableArbiter| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ImageStreamImportMode| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ImageVolume| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | InsightsConfig| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | InsightsOnDemandDataGather| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | KMSv1| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| MachineConfigNodes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ManagedBootImages| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ManagedBootImagesAWS| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ManagedBootImagesAzure| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ManagedBootImagesCPMS| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| ManagedBootImagesvSphere| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | MetricsCollectionProfiles| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | MutableCSINodeAllocatableCount| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | OpenShiftPodSecurityAdmission| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | -| PinnedImages| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | RouteExternalCertificate| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | ServiceAccountTokenNodeBinding| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | SigstoreImageVerification| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | @@ -119,5 +116,6 @@ | UpgradeStatus| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | UserNamespacesPodSecurityStandards| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | UserNamespacesSupport| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | +| VSphereHostVMGroupZonal| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | VSphereMultiDisk| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | VSphereMultiNetworks| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | diff --git a/features/features.go b/features/features.go index 2d7d25f6b37..13c08b031d5 100644 --- a/features/features.go +++ b/features/features.go @@ -1030,7 +1030,7 @@ var ( mustRegister() FeatureGateTLSCurvePreferences = newFeatureGate("TLSCurvePreferences"). - reportProblemsToJiraComponent("Networking"). + reportProblemsToJiraComponent("Networking / router"). contactPerson("davidesalerno"). productScope(ocpSpecific). enhancementPR("https://github.com/openshift/enhancements/pull/1894"). diff --git a/machineconfiguration/v1/tests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml b/machineconfiguration/v1/tests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml index 38d5250e744..93eeec4f83e 100644 --- a/machineconfiguration/v1/tests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml +++ b/machineconfiguration/v1/tests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml @@ -19,7 +19,7 @@ tests: - TLS_AES_256_GCM_SHA384 curves: - X25519 - - SecP256r1 + - secp256r1 expected: | apiVersion: machineconfiguration.openshift.io/v1 kind: KubeletConfig @@ -33,7 +33,7 @@ tests: - TLS_AES_256_GCM_SHA384 curves: - X25519 - - SecP256r1 + - secp256r1 - name: Should be able to create with all supported curves initial: | apiVersion: machineconfiguration.openshift.io/v1 @@ -47,9 +47,9 @@ tests: - TLS_AES_128_GCM_SHA256 curves: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 expected: | apiVersion: machineconfiguration.openshift.io/v1 @@ -63,9 +63,9 @@ tests: - TLS_AES_128_GCM_SHA256 curves: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 - name: Should fail to create with Custom TLS profile and empty curves initial: | @@ -113,8 +113,8 @@ tests: ciphers: - TLS_AES_128_GCM_SHA256 curves: - - SecP256r1 - - SecP384r1 + - secp256r1 + - secp384r1 expected: | apiVersion: machineconfiguration.openshift.io/v1 kind: KubeletConfig @@ -126,8 +126,8 @@ tests: ciphers: - TLS_AES_128_GCM_SHA256 curves: - - SecP256r1 - - SecP384r1 + - secp256r1 + - secp384r1 - name: Should be able to create with Custom TLS profile VersionTLS11 and curves initial: | apiVersion: machineconfiguration.openshift.io/v1 @@ -140,7 +140,7 @@ tests: ciphers: - TLS_AES_128_GCM_SHA256 curves: - - SecP384r1 + - secp384r1 expected: | apiVersion: machineconfiguration.openshift.io/v1 kind: KubeletConfig @@ -152,7 +152,7 @@ tests: ciphers: - TLS_AES_128_GCM_SHA256 curves: - - SecP384r1 + - secp384r1 - name: Should fail to create with more than 5 curves initial: | apiVersion: machineconfiguration.openshift.io/v1 @@ -166,9 +166,9 @@ tests: - TLS_AES_128_GCM_SHA256 curves: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 - X25519 expectedError: "spec.tlsSecurityProfile.custom.curves: Too many: 6: must have at most 5 items" @@ -185,7 +185,7 @@ tests: - TLS_AES_128_GCM_SHA256 curves: - InvalidCurve - expectedError: "spec.tlsSecurityProfile.custom.curves[0]: Unsupported value: \"InvalidCurve\": supported values: \"X25519\", \"SecP256r1\", \"SecP384r1\", \"SecP521r1\", \"X25519MLKEM768\"" + expectedError: "spec.tlsSecurityProfile.custom.curves[0]: Unsupported value: \"InvalidCurve\": supported values: \"X25519\", \"secp256r1\", \"secp384r1\", \"secp521r1\", \"X25519MLKEM768\"" onUpdate: - name: Should be able to add curves to existing Custom TLS profile initial: | @@ -210,7 +210,7 @@ tests: - TLS_AES_128_GCM_SHA256 curves: - X25519 - - SecP256r1 + - secp256r1 expected: | apiVersion: machineconfiguration.openshift.io/v1 kind: KubeletConfig @@ -223,7 +223,7 @@ tests: - TLS_AES_128_GCM_SHA256 curves: - X25519 - - SecP256r1 + - secp256r1 - name: Should be able to update curves in existing Custom TLS profile initial: | apiVersion: machineconfiguration.openshift.io/v1 @@ -248,8 +248,8 @@ tests: ciphers: - TLS_AES_128_GCM_SHA256 curves: - - SecP256r1 - - SecP384r1 + - secp256r1 + - secp384r1 expected: | apiVersion: machineconfiguration.openshift.io/v1 kind: KubeletConfig @@ -261,8 +261,8 @@ tests: ciphers: - TLS_AES_128_GCM_SHA256 curves: - - SecP256r1 - - SecP384r1 + - secp256r1 + - secp384r1 - name: Should be able to remove curves field from existing Custom TLS profile initial: | apiVersion: machineconfiguration.openshift.io/v1 @@ -276,7 +276,7 @@ tests: - TLS_AES_128_GCM_SHA256 curves: - X25519 - - SecP256r1 + - secp256r1 updated: | apiVersion: machineconfiguration.openshift.io/v1 kind: KubeletConfig @@ -310,7 +310,7 @@ tests: - TLS_AES_128_GCM_SHA256 curves: - X25519 - - SecP256r1 + - secp256r1 updated: | apiVersion: machineconfiguration.openshift.io/v1 kind: KubeletConfig diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml index 8d918545b29..7402413ec5c 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml @@ -53,137 +53,6 @@ spec: description: containerRuntimeConfig defines the tuneables of the container runtime. properties: - additionalArtifactStores: - description: |- - additionalArtifactStores configures additional read-only artifact storage locations for Open Container Initiative (OCI) artifacts. - - Artifacts are checked in order: additional stores first, then the default location (/var/lib/containers/storage/artifacts). - Stores are read-only. - Maximum of 10 stores allowed. - Each path must be unique. - - When omitted, only the default artifact location is used. - When specified, at least one store must be provided. - items: - description: AdditionalArtifactStore defines an additional read-only - storage location for Open Container Initiative (OCI) artifacts. - properties: - path: - description: |- - path specifies the absolute location of the additional artifact store. - The path must exist on the node before configuration is applied. - When an artifact is requested, artifacts found at this location will be used instead of - retrieving from the registry. - The path is required and must be between 1 and 256 characters long, begin with a forward slash, - and only contain the characters a-z, A-Z, 0-9, '/', '.', '_', and '-'. - Consecutive forward slashes are not permitted. - maxLength: 256 - minLength: 1 - type: string - x-kubernetes-validations: - - message: path must be absolute and contain only alphanumeric - characters, '/', '.', '_', and '-' - rule: self.matches('^/[a-zA-Z0-9/._-]+$') - - message: path must not contain consecutive forward slashes - rule: '!self.contains(''//'')' - required: - - path - type: object - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - x-kubernetes-validations: - - message: additionalArtifactStores must not contain duplicate - paths - rule: self.all(x, self.exists_one(y, x.path == y.path)) - additionalImageStores: - description: |- - additionalImageStores configures additional read-only container image store locations for Open Container Initiative (OCI) images. - - Images are checked in order: additional stores first, then the default location. - Stores are read-only. - Maximum of 10 stores allowed. - Each path must be unique. - - When omitted, only the default image location is used. - When specified, at least one store must be provided. - items: - description: AdditionalImageStore defines an additional read-only - storage location for Open Container Initiative (OCI) images. - properties: - path: - description: |- - path specifies the absolute location of the additional image store. - The path must exist on the node before configuration is applied. - When a container image is requested, images found at this location will be used instead of - retrieving from the registry. - The path is required and must be between 1 and 256 characters long, begin with a forward slash, - and only contain the characters a-z, A-Z, 0-9, '/', '.', '_', and '-'. - Consecutive forward slashes are not permitted. - maxLength: 256 - minLength: 1 - type: string - x-kubernetes-validations: - - message: path must be absolute and contain only alphanumeric - characters, '/', '.', '_', and '-' - rule: self.matches('^/[a-zA-Z0-9/._-]+$') - - message: path must not contain consecutive forward slashes - rule: '!self.contains(''//'')' - required: - - path - type: object - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - x-kubernetes-validations: - - message: additionalImageStores must not contain duplicate paths - rule: self.all(x, self.exists_one(y, x.path == y.path)) - additionalLayerStores: - description: |- - additionalLayerStores configures additional read-only container image layer store locations for Open Container Initiative (OCI) images. - - Layers are checked in order: additional stores first, then the default location. - Stores are read-only. - Maximum of 5 stores allowed. - Each path must be unique. - - When omitted, only the default layer location is used. - When specified, at least one store must be provided. - items: - description: AdditionalLayerStore defines a read-only storage - location for Open Container Initiative (OCI) container image - layers. - properties: - path: - description: |- - path specifies the absolute location of the additional layer store. - The path must exist on the node before configuration is applied. - When a container image is requested, layers found at this location will be used instead of - retrieving from the registry. - The path is required and must be between 1 and 256 characters long, begin with a forward slash, - and only contain the characters a-z, A-Z, 0-9, '/', '.', '_', and '-'. - Consecutive forward slashes are not permitted. - maxLength: 256 - minLength: 1 - type: string - x-kubernetes-validations: - - message: path must be absolute and contain only alphanumeric - characters, '/', '.', '_', and '-' - rule: self.matches('^/[a-zA-Z0-9/._-]+$') - - message: path must not contain consecutive forward slashes - rule: '!self.contains(''//'')' - required: - - path - type: object - maxItems: 5 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - x-kubernetes-validations: - - message: additionalLayerStores must not contain duplicate paths - rule: self.all(x, self.exists_one(y, x.path == y.path)) defaultRuntime: description: |- defaultRuntime is the name of the OCI runtime to be used as the default for containers. diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml index 27a0cb3c173..7b0902f8488 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml @@ -53,137 +53,6 @@ spec: description: containerRuntimeConfig defines the tuneables of the container runtime. properties: - additionalArtifactStores: - description: |- - additionalArtifactStores configures additional read-only artifact storage locations for Open Container Initiative (OCI) artifacts. - - Artifacts are checked in order: additional stores first, then the default location (/var/lib/containers/storage/artifacts). - Stores are read-only. - Maximum of 10 stores allowed. - Each path must be unique. - - When omitted, only the default artifact location is used. - When specified, at least one store must be provided. - items: - description: AdditionalArtifactStore defines an additional read-only - storage location for Open Container Initiative (OCI) artifacts. - properties: - path: - description: |- - path specifies the absolute location of the additional artifact store. - The path must exist on the node before configuration is applied. - When an artifact is requested, artifacts found at this location will be used instead of - retrieving from the registry. - The path is required and must be between 1 and 256 characters long, begin with a forward slash, - and only contain the characters a-z, A-Z, 0-9, '/', '.', '_', and '-'. - Consecutive forward slashes are not permitted. - maxLength: 256 - minLength: 1 - type: string - x-kubernetes-validations: - - message: path must be absolute and contain only alphanumeric - characters, '/', '.', '_', and '-' - rule: self.matches('^/[a-zA-Z0-9/._-]+$') - - message: path must not contain consecutive forward slashes - rule: '!self.contains(''//'')' - required: - - path - type: object - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - x-kubernetes-validations: - - message: additionalArtifactStores must not contain duplicate - paths - rule: self.all(x, self.exists_one(y, x.path == y.path)) - additionalImageStores: - description: |- - additionalImageStores configures additional read-only container image store locations for Open Container Initiative (OCI) images. - - Images are checked in order: additional stores first, then the default location. - Stores are read-only. - Maximum of 10 stores allowed. - Each path must be unique. - - When omitted, only the default image location is used. - When specified, at least one store must be provided. - items: - description: AdditionalImageStore defines an additional read-only - storage location for Open Container Initiative (OCI) images. - properties: - path: - description: |- - path specifies the absolute location of the additional image store. - The path must exist on the node before configuration is applied. - When a container image is requested, images found at this location will be used instead of - retrieving from the registry. - The path is required and must be between 1 and 256 characters long, begin with a forward slash, - and only contain the characters a-z, A-Z, 0-9, '/', '.', '_', and '-'. - Consecutive forward slashes are not permitted. - maxLength: 256 - minLength: 1 - type: string - x-kubernetes-validations: - - message: path must be absolute and contain only alphanumeric - characters, '/', '.', '_', and '-' - rule: self.matches('^/[a-zA-Z0-9/._-]+$') - - message: path must not contain consecutive forward slashes - rule: '!self.contains(''//'')' - required: - - path - type: object - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - x-kubernetes-validations: - - message: additionalImageStores must not contain duplicate paths - rule: self.all(x, self.exists_one(y, x.path == y.path)) - additionalLayerStores: - description: |- - additionalLayerStores configures additional read-only container image layer store locations for Open Container Initiative (OCI) images. - - Layers are checked in order: additional stores first, then the default location. - Stores are read-only. - Maximum of 5 stores allowed. - Each path must be unique. - - When omitted, only the default layer location is used. - When specified, at least one store must be provided. - items: - description: AdditionalLayerStore defines a read-only storage - location for Open Container Initiative (OCI) container image - layers. - properties: - path: - description: |- - path specifies the absolute location of the additional layer store. - The path must exist on the node before configuration is applied. - When a container image is requested, layers found at this location will be used instead of - retrieving from the registry. - The path is required and must be between 1 and 256 characters long, begin with a forward slash, - and only contain the characters a-z, A-Z, 0-9, '/', '.', '_', and '-'. - Consecutive forward slashes are not permitted. - maxLength: 256 - minLength: 1 - type: string - x-kubernetes-validations: - - message: path must be absolute and contain only alphanumeric - characters, '/', '.', '_', and '-' - rule: self.matches('^/[a-zA-Z0-9/._-]+$') - - message: path must not contain consecutive forward slashes - rule: '!self.contains(''//'')' - required: - - path - type: object - maxItems: 5 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - x-kubernetes-validations: - - message: additionalLayerStores must not contain duplicate paths - rule: self.all(x, self.exists_one(y, x.path == y.path)) defaultRuntime: description: |- defaultRuntime is the name of the OCI runtime to be used as the default for containers. diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml index d6ebfd67ce5..2b285e0e9c4 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml @@ -1119,19 +1119,6 @@ spec: - topology - zone type: object - x-kubernetes-validations: - - message: when zoneAffinity type is HostGroup, - regionAffinity type must be ComputeCluster - rule: 'has(self.zoneAffinity) && self.zoneAffinity.type - == ''HostGroup'' ? has(self.regionAffinity) - && self.regionAffinity.type == ''ComputeCluster'' - : true' - - message: when zoneAffinity type is ComputeCluster, - regionAffinity type must be Datacenter - rule: 'has(self.zoneAffinity) && self.zoneAffinity.type - == ''ComputeCluster'' ? has(self.regionAffinity) - && self.regionAffinity.type == ''Datacenter'' - : true' type: array x-kubernetes-list-map-keys: - name diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml index 0ae7a36d13f..76b336e4077 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml @@ -137,7 +137,7 @@ spec: x-kubernetes-validations: - message: 'privateZoneIAMRole must be a valid AWS IAM role ARN in the format: arn::iam:::role/' - rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role/.*$') + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role/.*$') type: object type: description: |- diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml index 512510c2092..a30c0002fe5 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml @@ -1119,19 +1119,6 @@ spec: - topology - zone type: object - x-kubernetes-validations: - - message: when zoneAffinity type is HostGroup, - regionAffinity type must be ComputeCluster - rule: 'has(self.zoneAffinity) && self.zoneAffinity.type - == ''HostGroup'' ? has(self.regionAffinity) - && self.regionAffinity.type == ''ComputeCluster'' - : true' - - message: when zoneAffinity type is ComputeCluster, - regionAffinity type must be Datacenter - rule: 'has(self.zoneAffinity) && self.zoneAffinity.type - == ''ComputeCluster'' ? has(self.regionAffinity) - && self.regionAffinity.type == ''Datacenter'' - : true' type: array x-kubernetes-list-map-keys: - name diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml index 99cb62c6039..603971241b1 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml @@ -137,7 +137,7 @@ spec: x-kubernetes-validations: - message: 'privateZoneIAMRole must be a valid AWS IAM role ARN in the format: arn::iam:::role/' - rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role/.*$') + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role/.*$') type: object type: description: |- diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml index f76d502a787..67dd0d7d9bc 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml @@ -134,11 +134,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -151,13 +154,13 @@ spec: When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve. + libraries they use. If specified, the list must contain at least one curve and each curve must be unique. - For example, to use X25519 and SecP256r1 (yaml): + For example, to use X25519 and secp256r1 (yaml): curves: - X25519 - - SecP256r1 + - secp256r1 items: description: |- TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. @@ -166,9 +169,9 @@ spec: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 enum: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 type: string maxItems: 5 @@ -196,7 +199,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -210,8 +213,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -219,7 +220,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -234,7 +235,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -248,23 +249,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -275,9 +268,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -323,6 +317,7 @@ spec: type: string type: object type: array + x-kubernetes-list-type: atomic observedGeneration: description: observedGeneration represents the generation observed by the controller. diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml index 0efeb5e4878..dc63d4a2864 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml @@ -134,11 +134,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -164,7 +167,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -178,8 +181,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -187,7 +188,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -202,7 +203,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -216,23 +217,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -243,9 +236,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -291,6 +285,7 @@ spec: type: string type: object type: array + x-kubernetes-list-type: atomic observedGeneration: description: observedGeneration represents the generation observed by the controller. diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml index a017bef104c..72555642770 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml @@ -134,11 +134,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -151,13 +154,13 @@ spec: When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve. + libraries they use. If specified, the list must contain at least one curve and each curve must be unique. - For example, to use X25519 and SecP256r1 (yaml): + For example, to use X25519 and secp256r1 (yaml): curves: - X25519 - - SecP256r1 + - secp256r1 items: description: |- TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. @@ -166,9 +169,9 @@ spec: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 enum: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 type: string maxItems: 5 @@ -196,7 +199,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -210,8 +213,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -219,7 +220,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -234,7 +235,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -248,23 +249,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -275,9 +268,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -323,6 +317,7 @@ spec: type: string type: object type: array + x-kubernetes-list-type: atomic observedGeneration: description: observedGeneration represents the generation observed by the controller. diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml index 8bd5df06334..f061015c4f5 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml @@ -149,11 +149,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -179,7 +182,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -193,8 +196,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -202,7 +203,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -217,7 +218,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -231,23 +232,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -258,9 +251,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml index 573ed55ddaa..cd3d4dcf4f7 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml @@ -134,11 +134,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -151,13 +154,13 @@ spec: When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve. + libraries they use. If specified, the list must contain at least one curve and each curve must be unique. - For example, to use X25519 and SecP256r1 (yaml): + For example, to use X25519 and secp256r1 (yaml): curves: - X25519 - - SecP256r1 + - secp256r1 items: description: |- TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. @@ -166,9 +169,9 @@ spec: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 enum: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 type: string maxItems: 5 @@ -196,7 +199,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -210,8 +213,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -219,7 +220,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -234,7 +235,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -248,23 +249,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -275,9 +268,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -323,6 +317,7 @@ spec: type: string type: object type: array + x-kubernetes-list-type: atomic observedGeneration: description: observedGeneration represents the generation observed by the controller. diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml index ba86b0a6ae5..9e234a258cf 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml @@ -149,11 +149,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -179,7 +182,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -193,8 +196,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -202,7 +203,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -217,7 +218,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -231,23 +232,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -258,9 +251,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml index 8d98c12e564..065a04603f8 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml @@ -134,11 +134,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -151,13 +154,13 @@ spec: When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve. + libraries they use. If specified, the list must contain at least one curve and each curve must be unique. - For example, to use X25519 and SecP256r1 (yaml): + For example, to use X25519 and secp256r1 (yaml): curves: - X25519 - - SecP256r1 + - secp256r1 items: description: |- TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. @@ -166,9 +169,9 @@ spec: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 enum: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 type: string maxItems: 5 @@ -196,7 +199,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -210,8 +213,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -219,7 +220,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -234,7 +235,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -248,23 +249,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -275,9 +268,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -323,6 +317,7 @@ spec: type: string type: object type: array + x-kubernetes-list-type: atomic observedGeneration: description: observedGeneration represents the generation observed by the controller. diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index 404e88b56b1..4913e48fc8d 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -6,9 +6,13 @@ package generated_openapi import ( - v1 "k8s.io/api/core/v1" + v1 "k8s.io/api/admissionregistration/v1" + authorizationv1 "k8s.io/api/authorization/v1" + corev1 "k8s.io/api/core/v1" + rbacv1 "k8s.io/api/rbac/v1" resource "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" intstr "k8s.io/apimachinery/pkg/util/intstr" common "k8s.io/kube-openapi/pkg/common" spec "k8s.io/kube-openapi/pkg/validation/spec" @@ -16,1693 +20,1713 @@ import ( func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition { return map[string]common.OpenAPIDefinition{ - "github.com/openshift/api/apiextensions/v1alpha1.APIExcludedField": schema_openshift_api_apiextensions_v1alpha1_APIExcludedField(ref), - "github.com/openshift/api/apiextensions/v1alpha1.APIVersions": schema_openshift_api_apiextensions_v1alpha1_APIVersions(ref), - "github.com/openshift/api/apiextensions/v1alpha1.CRDData": schema_openshift_api_apiextensions_v1alpha1_CRDData(ref), - "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirement": schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirement(ref), - "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirementList": schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirementList(ref), - "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirementSpec": schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirementSpec(ref), - "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirementStatus": schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirementStatus(ref), - "github.com/openshift/api/apiextensions/v1alpha1.CompatibilitySchema": schema_openshift_api_apiextensions_v1alpha1_CompatibilitySchema(ref), - "github.com/openshift/api/apiextensions/v1alpha1.CustomResourceDefinitionSchemaValidation": schema_openshift_api_apiextensions_v1alpha1_CustomResourceDefinitionSchemaValidation(ref), - "github.com/openshift/api/apiextensions/v1alpha1.ObjectSchemaValidation": schema_openshift_api_apiextensions_v1alpha1_ObjectSchemaValidation(ref), - "github.com/openshift/api/apiextensions/v1alpha1.ObservedCRD": schema_openshift_api_apiextensions_v1alpha1_ObservedCRD(ref), - "github.com/openshift/api/apiserver/v1.APIRequestCount": schema_openshift_api_apiserver_v1_APIRequestCount(ref), - "github.com/openshift/api/apiserver/v1.APIRequestCountList": schema_openshift_api_apiserver_v1_APIRequestCountList(ref), - "github.com/openshift/api/apiserver/v1.APIRequestCountSpec": schema_openshift_api_apiserver_v1_APIRequestCountSpec(ref), - "github.com/openshift/api/apiserver/v1.APIRequestCountStatus": schema_openshift_api_apiserver_v1_APIRequestCountStatus(ref), - "github.com/openshift/api/apiserver/v1.PerNodeAPIRequestLog": schema_openshift_api_apiserver_v1_PerNodeAPIRequestLog(ref), - "github.com/openshift/api/apiserver/v1.PerResourceAPIRequestLog": schema_openshift_api_apiserver_v1_PerResourceAPIRequestLog(ref), - "github.com/openshift/api/apiserver/v1.PerUserAPIRequestCount": schema_openshift_api_apiserver_v1_PerUserAPIRequestCount(ref), - "github.com/openshift/api/apiserver/v1.PerVerbAPIRequestCount": schema_openshift_api_apiserver_v1_PerVerbAPIRequestCount(ref), - "github.com/openshift/api/apps/v1.CustomDeploymentStrategyParams": schema_openshift_api_apps_v1_CustomDeploymentStrategyParams(ref), - "github.com/openshift/api/apps/v1.DeploymentCause": schema_openshift_api_apps_v1_DeploymentCause(ref), - "github.com/openshift/api/apps/v1.DeploymentCauseImageTrigger": schema_openshift_api_apps_v1_DeploymentCauseImageTrigger(ref), - "github.com/openshift/api/apps/v1.DeploymentCondition": schema_openshift_api_apps_v1_DeploymentCondition(ref), - "github.com/openshift/api/apps/v1.DeploymentConfig": schema_openshift_api_apps_v1_DeploymentConfig(ref), - "github.com/openshift/api/apps/v1.DeploymentConfigList": schema_openshift_api_apps_v1_DeploymentConfigList(ref), - "github.com/openshift/api/apps/v1.DeploymentConfigRollback": schema_openshift_api_apps_v1_DeploymentConfigRollback(ref), - "github.com/openshift/api/apps/v1.DeploymentConfigRollbackSpec": schema_openshift_api_apps_v1_DeploymentConfigRollbackSpec(ref), - "github.com/openshift/api/apps/v1.DeploymentConfigSpec": schema_openshift_api_apps_v1_DeploymentConfigSpec(ref), - "github.com/openshift/api/apps/v1.DeploymentConfigStatus": schema_openshift_api_apps_v1_DeploymentConfigStatus(ref), - "github.com/openshift/api/apps/v1.DeploymentDetails": schema_openshift_api_apps_v1_DeploymentDetails(ref), - "github.com/openshift/api/apps/v1.DeploymentLog": schema_openshift_api_apps_v1_DeploymentLog(ref), - "github.com/openshift/api/apps/v1.DeploymentLogOptions": schema_openshift_api_apps_v1_DeploymentLogOptions(ref), - "github.com/openshift/api/apps/v1.DeploymentRequest": schema_openshift_api_apps_v1_DeploymentRequest(ref), - "github.com/openshift/api/apps/v1.DeploymentStrategy": schema_openshift_api_apps_v1_DeploymentStrategy(ref), - "github.com/openshift/api/apps/v1.DeploymentTriggerImageChangeParams": schema_openshift_api_apps_v1_DeploymentTriggerImageChangeParams(ref), - "github.com/openshift/api/apps/v1.DeploymentTriggerPolicy": schema_openshift_api_apps_v1_DeploymentTriggerPolicy(ref), - "github.com/openshift/api/apps/v1.ExecNewPodHook": schema_openshift_api_apps_v1_ExecNewPodHook(ref), - "github.com/openshift/api/apps/v1.LifecycleHook": schema_openshift_api_apps_v1_LifecycleHook(ref), - "github.com/openshift/api/apps/v1.RecreateDeploymentStrategyParams": schema_openshift_api_apps_v1_RecreateDeploymentStrategyParams(ref), - "github.com/openshift/api/apps/v1.RollingDeploymentStrategyParams": schema_openshift_api_apps_v1_RollingDeploymentStrategyParams(ref), - "github.com/openshift/api/apps/v1.TagImageHook": schema_openshift_api_apps_v1_TagImageHook(ref), - "github.com/openshift/api/authorization/v1.Action": schema_openshift_api_authorization_v1_Action(ref), - "github.com/openshift/api/authorization/v1.ClusterRole": schema_openshift_api_authorization_v1_ClusterRole(ref), - "github.com/openshift/api/authorization/v1.ClusterRoleBinding": schema_openshift_api_authorization_v1_ClusterRoleBinding(ref), - "github.com/openshift/api/authorization/v1.ClusterRoleBindingList": schema_openshift_api_authorization_v1_ClusterRoleBindingList(ref), - "github.com/openshift/api/authorization/v1.ClusterRoleList": schema_openshift_api_authorization_v1_ClusterRoleList(ref), - "github.com/openshift/api/authorization/v1.GroupRestriction": schema_openshift_api_authorization_v1_GroupRestriction(ref), - "github.com/openshift/api/authorization/v1.IsPersonalSubjectAccessReview": schema_openshift_api_authorization_v1_IsPersonalSubjectAccessReview(ref), - "github.com/openshift/api/authorization/v1.LocalResourceAccessReview": schema_openshift_api_authorization_v1_LocalResourceAccessReview(ref), - "github.com/openshift/api/authorization/v1.LocalSubjectAccessReview": schema_openshift_api_authorization_v1_LocalSubjectAccessReview(ref), - "github.com/openshift/api/authorization/v1.NamedClusterRole": schema_openshift_api_authorization_v1_NamedClusterRole(ref), - "github.com/openshift/api/authorization/v1.NamedClusterRoleBinding": schema_openshift_api_authorization_v1_NamedClusterRoleBinding(ref), - "github.com/openshift/api/authorization/v1.NamedRole": schema_openshift_api_authorization_v1_NamedRole(ref), - "github.com/openshift/api/authorization/v1.NamedRoleBinding": schema_openshift_api_authorization_v1_NamedRoleBinding(ref), - "github.com/openshift/api/authorization/v1.PolicyRule": schema_openshift_api_authorization_v1_PolicyRule(ref), - "github.com/openshift/api/authorization/v1.ResourceAccessReview": schema_openshift_api_authorization_v1_ResourceAccessReview(ref), - "github.com/openshift/api/authorization/v1.ResourceAccessReviewResponse": schema_openshift_api_authorization_v1_ResourceAccessReviewResponse(ref), - "github.com/openshift/api/authorization/v1.Role": schema_openshift_api_authorization_v1_Role(ref), - "github.com/openshift/api/authorization/v1.RoleBinding": schema_openshift_api_authorization_v1_RoleBinding(ref), - "github.com/openshift/api/authorization/v1.RoleBindingList": schema_openshift_api_authorization_v1_RoleBindingList(ref), - "github.com/openshift/api/authorization/v1.RoleBindingRestriction": schema_openshift_api_authorization_v1_RoleBindingRestriction(ref), - "github.com/openshift/api/authorization/v1.RoleBindingRestrictionList": schema_openshift_api_authorization_v1_RoleBindingRestrictionList(ref), - "github.com/openshift/api/authorization/v1.RoleBindingRestrictionSpec": schema_openshift_api_authorization_v1_RoleBindingRestrictionSpec(ref), - "github.com/openshift/api/authorization/v1.RoleList": schema_openshift_api_authorization_v1_RoleList(ref), - "github.com/openshift/api/authorization/v1.SelfSubjectRulesReview": schema_openshift_api_authorization_v1_SelfSubjectRulesReview(ref), - "github.com/openshift/api/authorization/v1.SelfSubjectRulesReviewSpec": schema_openshift_api_authorization_v1_SelfSubjectRulesReviewSpec(ref), - "github.com/openshift/api/authorization/v1.ServiceAccountReference": schema_openshift_api_authorization_v1_ServiceAccountReference(ref), - "github.com/openshift/api/authorization/v1.ServiceAccountRestriction": schema_openshift_api_authorization_v1_ServiceAccountRestriction(ref), - "github.com/openshift/api/authorization/v1.SubjectAccessReview": schema_openshift_api_authorization_v1_SubjectAccessReview(ref), - "github.com/openshift/api/authorization/v1.SubjectAccessReviewResponse": schema_openshift_api_authorization_v1_SubjectAccessReviewResponse(ref), - "github.com/openshift/api/authorization/v1.SubjectRulesReview": schema_openshift_api_authorization_v1_SubjectRulesReview(ref), - "github.com/openshift/api/authorization/v1.SubjectRulesReviewSpec": schema_openshift_api_authorization_v1_SubjectRulesReviewSpec(ref), - "github.com/openshift/api/authorization/v1.SubjectRulesReviewStatus": schema_openshift_api_authorization_v1_SubjectRulesReviewStatus(ref), - "github.com/openshift/api/authorization/v1.UserRestriction": schema_openshift_api_authorization_v1_UserRestriction(ref), - "github.com/openshift/api/build/v1.BinaryBuildRequestOptions": schema_openshift_api_build_v1_BinaryBuildRequestOptions(ref), - "github.com/openshift/api/build/v1.BinaryBuildSource": schema_openshift_api_build_v1_BinaryBuildSource(ref), - "github.com/openshift/api/build/v1.BitbucketWebHookCause": schema_openshift_api_build_v1_BitbucketWebHookCause(ref), - "github.com/openshift/api/build/v1.Build": schema_openshift_api_build_v1_Build(ref), - "github.com/openshift/api/build/v1.BuildCondition": schema_openshift_api_build_v1_BuildCondition(ref), - "github.com/openshift/api/build/v1.BuildConfig": schema_openshift_api_build_v1_BuildConfig(ref), - "github.com/openshift/api/build/v1.BuildConfigList": schema_openshift_api_build_v1_BuildConfigList(ref), - "github.com/openshift/api/build/v1.BuildConfigSpec": schema_openshift_api_build_v1_BuildConfigSpec(ref), - "github.com/openshift/api/build/v1.BuildConfigStatus": schema_openshift_api_build_v1_BuildConfigStatus(ref), - "github.com/openshift/api/build/v1.BuildList": schema_openshift_api_build_v1_BuildList(ref), - "github.com/openshift/api/build/v1.BuildLog": schema_openshift_api_build_v1_BuildLog(ref), - "github.com/openshift/api/build/v1.BuildLogOptions": schema_openshift_api_build_v1_BuildLogOptions(ref), - "github.com/openshift/api/build/v1.BuildOutput": schema_openshift_api_build_v1_BuildOutput(ref), - "github.com/openshift/api/build/v1.BuildPostCommitSpec": schema_openshift_api_build_v1_BuildPostCommitSpec(ref), - "github.com/openshift/api/build/v1.BuildRequest": schema_openshift_api_build_v1_BuildRequest(ref), - "github.com/openshift/api/build/v1.BuildSource": schema_openshift_api_build_v1_BuildSource(ref), - "github.com/openshift/api/build/v1.BuildSpec": schema_openshift_api_build_v1_BuildSpec(ref), - "github.com/openshift/api/build/v1.BuildStatus": schema_openshift_api_build_v1_BuildStatus(ref), - "github.com/openshift/api/build/v1.BuildStatusOutput": schema_openshift_api_build_v1_BuildStatusOutput(ref), - "github.com/openshift/api/build/v1.BuildStatusOutputTo": schema_openshift_api_build_v1_BuildStatusOutputTo(ref), - "github.com/openshift/api/build/v1.BuildStrategy": schema_openshift_api_build_v1_BuildStrategy(ref), - "github.com/openshift/api/build/v1.BuildTriggerCause": schema_openshift_api_build_v1_BuildTriggerCause(ref), - "github.com/openshift/api/build/v1.BuildTriggerPolicy": schema_openshift_api_build_v1_BuildTriggerPolicy(ref), - "github.com/openshift/api/build/v1.BuildVolume": schema_openshift_api_build_v1_BuildVolume(ref), - "github.com/openshift/api/build/v1.BuildVolumeMount": schema_openshift_api_build_v1_BuildVolumeMount(ref), - "github.com/openshift/api/build/v1.BuildVolumeSource": schema_openshift_api_build_v1_BuildVolumeSource(ref), - "github.com/openshift/api/build/v1.CommonSpec": schema_openshift_api_build_v1_CommonSpec(ref), - "github.com/openshift/api/build/v1.CommonWebHookCause": schema_openshift_api_build_v1_CommonWebHookCause(ref), - "github.com/openshift/api/build/v1.ConfigMapBuildSource": schema_openshift_api_build_v1_ConfigMapBuildSource(ref), - "github.com/openshift/api/build/v1.CustomBuildStrategy": schema_openshift_api_build_v1_CustomBuildStrategy(ref), - "github.com/openshift/api/build/v1.DockerBuildStrategy": schema_openshift_api_build_v1_DockerBuildStrategy(ref), - "github.com/openshift/api/build/v1.DockerStrategyOptions": schema_openshift_api_build_v1_DockerStrategyOptions(ref), - "github.com/openshift/api/build/v1.GenericWebHookCause": schema_openshift_api_build_v1_GenericWebHookCause(ref), - "github.com/openshift/api/build/v1.GenericWebHookEvent": schema_openshift_api_build_v1_GenericWebHookEvent(ref), - "github.com/openshift/api/build/v1.GitBuildSource": schema_openshift_api_build_v1_GitBuildSource(ref), - "github.com/openshift/api/build/v1.GitHubWebHookCause": schema_openshift_api_build_v1_GitHubWebHookCause(ref), - "github.com/openshift/api/build/v1.GitInfo": schema_openshift_api_build_v1_GitInfo(ref), - "github.com/openshift/api/build/v1.GitLabWebHookCause": schema_openshift_api_build_v1_GitLabWebHookCause(ref), - "github.com/openshift/api/build/v1.GitRefInfo": schema_openshift_api_build_v1_GitRefInfo(ref), - "github.com/openshift/api/build/v1.GitSourceRevision": schema_openshift_api_build_v1_GitSourceRevision(ref), - "github.com/openshift/api/build/v1.ImageChangeCause": schema_openshift_api_build_v1_ImageChangeCause(ref), - "github.com/openshift/api/build/v1.ImageChangeTrigger": schema_openshift_api_build_v1_ImageChangeTrigger(ref), - "github.com/openshift/api/build/v1.ImageChangeTriggerStatus": schema_openshift_api_build_v1_ImageChangeTriggerStatus(ref), - "github.com/openshift/api/build/v1.ImageLabel": schema_openshift_api_build_v1_ImageLabel(ref), - "github.com/openshift/api/build/v1.ImageSource": schema_openshift_api_build_v1_ImageSource(ref), - "github.com/openshift/api/build/v1.ImageSourcePath": schema_openshift_api_build_v1_ImageSourcePath(ref), - "github.com/openshift/api/build/v1.ImageStreamTagReference": schema_openshift_api_build_v1_ImageStreamTagReference(ref), - "github.com/openshift/api/build/v1.JenkinsPipelineBuildStrategy": schema_openshift_api_build_v1_JenkinsPipelineBuildStrategy(ref), - "github.com/openshift/api/build/v1.ProxyConfig": schema_openshift_api_build_v1_ProxyConfig(ref), - "github.com/openshift/api/build/v1.SecretBuildSource": schema_openshift_api_build_v1_SecretBuildSource(ref), - "github.com/openshift/api/build/v1.SecretLocalReference": schema_openshift_api_build_v1_SecretLocalReference(ref), - "github.com/openshift/api/build/v1.SecretSpec": schema_openshift_api_build_v1_SecretSpec(ref), - "github.com/openshift/api/build/v1.SourceBuildStrategy": schema_openshift_api_build_v1_SourceBuildStrategy(ref), - "github.com/openshift/api/build/v1.SourceControlUser": schema_openshift_api_build_v1_SourceControlUser(ref), - "github.com/openshift/api/build/v1.SourceRevision": schema_openshift_api_build_v1_SourceRevision(ref), - "github.com/openshift/api/build/v1.SourceStrategyOptions": schema_openshift_api_build_v1_SourceStrategyOptions(ref), - "github.com/openshift/api/build/v1.StageInfo": schema_openshift_api_build_v1_StageInfo(ref), - "github.com/openshift/api/build/v1.StepInfo": schema_openshift_api_build_v1_StepInfo(ref), - "github.com/openshift/api/build/v1.WebHookTrigger": schema_openshift_api_build_v1_WebHookTrigger(ref), - "github.com/openshift/api/cloudnetwork/v1.CloudPrivateIPConfig": schema_openshift_api_cloudnetwork_v1_CloudPrivateIPConfig(ref), - "github.com/openshift/api/cloudnetwork/v1.CloudPrivateIPConfigSpec": schema_openshift_api_cloudnetwork_v1_CloudPrivateIPConfigSpec(ref), - "github.com/openshift/api/cloudnetwork/v1.CloudPrivateIPConfigStatus": schema_openshift_api_cloudnetwork_v1_CloudPrivateIPConfigStatus(ref), - "github.com/openshift/api/config/v1.APIServer": schema_openshift_api_config_v1_APIServer(ref), - "github.com/openshift/api/config/v1.APIServerEncryption": schema_openshift_api_config_v1_APIServerEncryption(ref), - "github.com/openshift/api/config/v1.APIServerList": schema_openshift_api_config_v1_APIServerList(ref), - "github.com/openshift/api/config/v1.APIServerNamedServingCert": schema_openshift_api_config_v1_APIServerNamedServingCert(ref), - "github.com/openshift/api/config/v1.APIServerServingCerts": schema_openshift_api_config_v1_APIServerServingCerts(ref), - "github.com/openshift/api/config/v1.APIServerSpec": schema_openshift_api_config_v1_APIServerSpec(ref), - "github.com/openshift/api/config/v1.APIServerStatus": schema_openshift_api_config_v1_APIServerStatus(ref), - "github.com/openshift/api/config/v1.AWSDNSSpec": schema_openshift_api_config_v1_AWSDNSSpec(ref), - "github.com/openshift/api/config/v1.AWSIngressSpec": schema_openshift_api_config_v1_AWSIngressSpec(ref), - "github.com/openshift/api/config/v1.AWSKMSConfig": schema_openshift_api_config_v1_AWSKMSConfig(ref), - "github.com/openshift/api/config/v1.AWSPlatformSpec": schema_openshift_api_config_v1_AWSPlatformSpec(ref), - "github.com/openshift/api/config/v1.AWSPlatformStatus": schema_openshift_api_config_v1_AWSPlatformStatus(ref), - "github.com/openshift/api/config/v1.AWSResourceTag": schema_openshift_api_config_v1_AWSResourceTag(ref), - "github.com/openshift/api/config/v1.AWSServiceEndpoint": schema_openshift_api_config_v1_AWSServiceEndpoint(ref), - "github.com/openshift/api/config/v1.AcceptRisk": schema_openshift_api_config_v1_AcceptRisk(ref), - "github.com/openshift/api/config/v1.AdmissionConfig": schema_openshift_api_config_v1_AdmissionConfig(ref), - "github.com/openshift/api/config/v1.AdmissionPluginConfig": schema_openshift_api_config_v1_AdmissionPluginConfig(ref), - "github.com/openshift/api/config/v1.AlibabaCloudPlatformSpec": schema_openshift_api_config_v1_AlibabaCloudPlatformSpec(ref), - "github.com/openshift/api/config/v1.AlibabaCloudPlatformStatus": schema_openshift_api_config_v1_AlibabaCloudPlatformStatus(ref), - "github.com/openshift/api/config/v1.AlibabaCloudResourceTag": schema_openshift_api_config_v1_AlibabaCloudResourceTag(ref), - "github.com/openshift/api/config/v1.Audit": schema_openshift_api_config_v1_Audit(ref), - "github.com/openshift/api/config/v1.AuditConfig": schema_openshift_api_config_v1_AuditConfig(ref), - "github.com/openshift/api/config/v1.AuditCustomRule": schema_openshift_api_config_v1_AuditCustomRule(ref), - "github.com/openshift/api/config/v1.Authentication": schema_openshift_api_config_v1_Authentication(ref), - "github.com/openshift/api/config/v1.AuthenticationList": schema_openshift_api_config_v1_AuthenticationList(ref), - "github.com/openshift/api/config/v1.AuthenticationSpec": schema_openshift_api_config_v1_AuthenticationSpec(ref), - "github.com/openshift/api/config/v1.AuthenticationStatus": schema_openshift_api_config_v1_AuthenticationStatus(ref), - "github.com/openshift/api/config/v1.AzurePlatformSpec": schema_openshift_api_config_v1_AzurePlatformSpec(ref), - "github.com/openshift/api/config/v1.AzurePlatformStatus": schema_openshift_api_config_v1_AzurePlatformStatus(ref), - "github.com/openshift/api/config/v1.AzureResourceTag": schema_openshift_api_config_v1_AzureResourceTag(ref), - "github.com/openshift/api/config/v1.BareMetalPlatformLoadBalancer": schema_openshift_api_config_v1_BareMetalPlatformLoadBalancer(ref), - "github.com/openshift/api/config/v1.BareMetalPlatformSpec": schema_openshift_api_config_v1_BareMetalPlatformSpec(ref), - "github.com/openshift/api/config/v1.BareMetalPlatformStatus": schema_openshift_api_config_v1_BareMetalPlatformStatus(ref), - "github.com/openshift/api/config/v1.BasicAuthIdentityProvider": schema_openshift_api_config_v1_BasicAuthIdentityProvider(ref), - "github.com/openshift/api/config/v1.Build": schema_openshift_api_config_v1_Build(ref), - "github.com/openshift/api/config/v1.BuildDefaults": schema_openshift_api_config_v1_BuildDefaults(ref), - "github.com/openshift/api/config/v1.BuildList": schema_openshift_api_config_v1_BuildList(ref), - "github.com/openshift/api/config/v1.BuildOverrides": schema_openshift_api_config_v1_BuildOverrides(ref), - "github.com/openshift/api/config/v1.BuildSpec": schema_openshift_api_config_v1_BuildSpec(ref), - "github.com/openshift/api/config/v1.CertInfo": schema_openshift_api_config_v1_CertInfo(ref), - "github.com/openshift/api/config/v1.ClientConnectionOverrides": schema_openshift_api_config_v1_ClientConnectionOverrides(ref), - "github.com/openshift/api/config/v1.CloudControllerManagerStatus": schema_openshift_api_config_v1_CloudControllerManagerStatus(ref), - "github.com/openshift/api/config/v1.CloudLoadBalancerConfig": schema_openshift_api_config_v1_CloudLoadBalancerConfig(ref), - "github.com/openshift/api/config/v1.CloudLoadBalancerIPs": schema_openshift_api_config_v1_CloudLoadBalancerIPs(ref), - "github.com/openshift/api/config/v1.ClusterCondition": schema_openshift_api_config_v1_ClusterCondition(ref), - "github.com/openshift/api/config/v1.ClusterImagePolicy": schema_openshift_api_config_v1_ClusterImagePolicy(ref), - "github.com/openshift/api/config/v1.ClusterImagePolicyList": schema_openshift_api_config_v1_ClusterImagePolicyList(ref), - "github.com/openshift/api/config/v1.ClusterImagePolicySpec": schema_openshift_api_config_v1_ClusterImagePolicySpec(ref), - "github.com/openshift/api/config/v1.ClusterImagePolicyStatus": schema_openshift_api_config_v1_ClusterImagePolicyStatus(ref), - "github.com/openshift/api/config/v1.ClusterNetworkEntry": schema_openshift_api_config_v1_ClusterNetworkEntry(ref), - "github.com/openshift/api/config/v1.ClusterOperator": schema_openshift_api_config_v1_ClusterOperator(ref), - "github.com/openshift/api/config/v1.ClusterOperatorList": schema_openshift_api_config_v1_ClusterOperatorList(ref), - "github.com/openshift/api/config/v1.ClusterOperatorSpec": schema_openshift_api_config_v1_ClusterOperatorSpec(ref), - "github.com/openshift/api/config/v1.ClusterOperatorStatus": schema_openshift_api_config_v1_ClusterOperatorStatus(ref), - "github.com/openshift/api/config/v1.ClusterOperatorStatusCondition": schema_openshift_api_config_v1_ClusterOperatorStatusCondition(ref), - "github.com/openshift/api/config/v1.ClusterVersion": schema_openshift_api_config_v1_ClusterVersion(ref), - "github.com/openshift/api/config/v1.ClusterVersionCapabilitiesSpec": schema_openshift_api_config_v1_ClusterVersionCapabilitiesSpec(ref), - "github.com/openshift/api/config/v1.ClusterVersionCapabilitiesStatus": schema_openshift_api_config_v1_ClusterVersionCapabilitiesStatus(ref), - "github.com/openshift/api/config/v1.ClusterVersionList": schema_openshift_api_config_v1_ClusterVersionList(ref), - "github.com/openshift/api/config/v1.ClusterVersionSpec": schema_openshift_api_config_v1_ClusterVersionSpec(ref), - "github.com/openshift/api/config/v1.ClusterVersionStatus": schema_openshift_api_config_v1_ClusterVersionStatus(ref), - "github.com/openshift/api/config/v1.ComponentOverride": schema_openshift_api_config_v1_ComponentOverride(ref), - "github.com/openshift/api/config/v1.ComponentRouteSpec": schema_openshift_api_config_v1_ComponentRouteSpec(ref), - "github.com/openshift/api/config/v1.ComponentRouteStatus": schema_openshift_api_config_v1_ComponentRouteStatus(ref), - "github.com/openshift/api/config/v1.ConditionalUpdate": schema_openshift_api_config_v1_ConditionalUpdate(ref), - "github.com/openshift/api/config/v1.ConditionalUpdateRisk": schema_openshift_api_config_v1_ConditionalUpdateRisk(ref), - "github.com/openshift/api/config/v1.ConfigMapFileReference": schema_openshift_api_config_v1_ConfigMapFileReference(ref), - "github.com/openshift/api/config/v1.ConfigMapNameReference": schema_openshift_api_config_v1_ConfigMapNameReference(ref), - "github.com/openshift/api/config/v1.Console": schema_openshift_api_config_v1_Console(ref), - "github.com/openshift/api/config/v1.ConsoleAuthentication": schema_openshift_api_config_v1_ConsoleAuthentication(ref), - "github.com/openshift/api/config/v1.ConsoleList": schema_openshift_api_config_v1_ConsoleList(ref), - "github.com/openshift/api/config/v1.ConsoleSpec": schema_openshift_api_config_v1_ConsoleSpec(ref), - "github.com/openshift/api/config/v1.ConsoleStatus": schema_openshift_api_config_v1_ConsoleStatus(ref), - "github.com/openshift/api/config/v1.Custom": schema_openshift_api_config_v1_Custom(ref), - "github.com/openshift/api/config/v1.CustomFeatureGates": schema_openshift_api_config_v1_CustomFeatureGates(ref), - "github.com/openshift/api/config/v1.CustomTLSProfile": schema_openshift_api_config_v1_CustomTLSProfile(ref), - "github.com/openshift/api/config/v1.DNS": schema_openshift_api_config_v1_DNS(ref), - "github.com/openshift/api/config/v1.DNSList": schema_openshift_api_config_v1_DNSList(ref), - "github.com/openshift/api/config/v1.DNSPlatformSpec": schema_openshift_api_config_v1_DNSPlatformSpec(ref), - "github.com/openshift/api/config/v1.DNSSpec": schema_openshift_api_config_v1_DNSSpec(ref), - "github.com/openshift/api/config/v1.DNSStatus": schema_openshift_api_config_v1_DNSStatus(ref), - "github.com/openshift/api/config/v1.DNSZone": schema_openshift_api_config_v1_DNSZone(ref), - "github.com/openshift/api/config/v1.DelegatedAuthentication": schema_openshift_api_config_v1_DelegatedAuthentication(ref), - "github.com/openshift/api/config/v1.DelegatedAuthorization": schema_openshift_api_config_v1_DelegatedAuthorization(ref), - "github.com/openshift/api/config/v1.DeprecatedWebhookTokenAuthenticator": schema_openshift_api_config_v1_DeprecatedWebhookTokenAuthenticator(ref), - "github.com/openshift/api/config/v1.EquinixMetalPlatformSpec": schema_openshift_api_config_v1_EquinixMetalPlatformSpec(ref), - "github.com/openshift/api/config/v1.EquinixMetalPlatformStatus": schema_openshift_api_config_v1_EquinixMetalPlatformStatus(ref), - "github.com/openshift/api/config/v1.EtcdConnectionInfo": schema_openshift_api_config_v1_EtcdConnectionInfo(ref), - "github.com/openshift/api/config/v1.EtcdStorageConfig": schema_openshift_api_config_v1_EtcdStorageConfig(ref), - "github.com/openshift/api/config/v1.ExternalIPConfig": schema_openshift_api_config_v1_ExternalIPConfig(ref), - "github.com/openshift/api/config/v1.ExternalIPPolicy": schema_openshift_api_config_v1_ExternalIPPolicy(ref), - "github.com/openshift/api/config/v1.ExternalPlatformSpec": schema_openshift_api_config_v1_ExternalPlatformSpec(ref), - "github.com/openshift/api/config/v1.ExternalPlatformStatus": schema_openshift_api_config_v1_ExternalPlatformStatus(ref), - "github.com/openshift/api/config/v1.ExtraMapping": schema_openshift_api_config_v1_ExtraMapping(ref), - "github.com/openshift/api/config/v1.FeatureGate": schema_openshift_api_config_v1_FeatureGate(ref), - "github.com/openshift/api/config/v1.FeatureGateAttributes": schema_openshift_api_config_v1_FeatureGateAttributes(ref), - "github.com/openshift/api/config/v1.FeatureGateDetails": schema_openshift_api_config_v1_FeatureGateDetails(ref), - "github.com/openshift/api/config/v1.FeatureGateList": schema_openshift_api_config_v1_FeatureGateList(ref), - "github.com/openshift/api/config/v1.FeatureGateSelection": schema_openshift_api_config_v1_FeatureGateSelection(ref), - "github.com/openshift/api/config/v1.FeatureGateSpec": schema_openshift_api_config_v1_FeatureGateSpec(ref), - "github.com/openshift/api/config/v1.FeatureGateStatus": schema_openshift_api_config_v1_FeatureGateStatus(ref), - "github.com/openshift/api/config/v1.FeatureGateTests": schema_openshift_api_config_v1_FeatureGateTests(ref), - "github.com/openshift/api/config/v1.GCPPlatformSpec": schema_openshift_api_config_v1_GCPPlatformSpec(ref), - "github.com/openshift/api/config/v1.GCPPlatformStatus": schema_openshift_api_config_v1_GCPPlatformStatus(ref), - "github.com/openshift/api/config/v1.GCPResourceLabel": schema_openshift_api_config_v1_GCPResourceLabel(ref), - "github.com/openshift/api/config/v1.GCPResourceTag": schema_openshift_api_config_v1_GCPResourceTag(ref), - "github.com/openshift/api/config/v1.GatherConfig": schema_openshift_api_config_v1_GatherConfig(ref), - "github.com/openshift/api/config/v1.GathererConfig": schema_openshift_api_config_v1_GathererConfig(ref), - "github.com/openshift/api/config/v1.Gatherers": schema_openshift_api_config_v1_Gatherers(ref), - "github.com/openshift/api/config/v1.GenericAPIServerConfig": schema_openshift_api_config_v1_GenericAPIServerConfig(ref), - "github.com/openshift/api/config/v1.GenericControllerConfig": schema_openshift_api_config_v1_GenericControllerConfig(ref), - "github.com/openshift/api/config/v1.GitHubIdentityProvider": schema_openshift_api_config_v1_GitHubIdentityProvider(ref), - "github.com/openshift/api/config/v1.GitLabIdentityProvider": schema_openshift_api_config_v1_GitLabIdentityProvider(ref), - "github.com/openshift/api/config/v1.GoogleIdentityProvider": schema_openshift_api_config_v1_GoogleIdentityProvider(ref), - "github.com/openshift/api/config/v1.HTPasswdIdentityProvider": schema_openshift_api_config_v1_HTPasswdIdentityProvider(ref), - "github.com/openshift/api/config/v1.HTTPServingInfo": schema_openshift_api_config_v1_HTTPServingInfo(ref), - "github.com/openshift/api/config/v1.HubSource": schema_openshift_api_config_v1_HubSource(ref), - "github.com/openshift/api/config/v1.HubSourceStatus": schema_openshift_api_config_v1_HubSourceStatus(ref), - "github.com/openshift/api/config/v1.IBMCloudPlatformSpec": schema_openshift_api_config_v1_IBMCloudPlatformSpec(ref), - "github.com/openshift/api/config/v1.IBMCloudPlatformStatus": schema_openshift_api_config_v1_IBMCloudPlatformStatus(ref), - "github.com/openshift/api/config/v1.IBMCloudServiceEndpoint": schema_openshift_api_config_v1_IBMCloudServiceEndpoint(ref), - "github.com/openshift/api/config/v1.IdentityProvider": schema_openshift_api_config_v1_IdentityProvider(ref), - "github.com/openshift/api/config/v1.IdentityProviderConfig": schema_openshift_api_config_v1_IdentityProviderConfig(ref), - "github.com/openshift/api/config/v1.Image": schema_openshift_api_config_v1_Image(ref), - "github.com/openshift/api/config/v1.ImageContentPolicy": schema_openshift_api_config_v1_ImageContentPolicy(ref), - "github.com/openshift/api/config/v1.ImageContentPolicyList": schema_openshift_api_config_v1_ImageContentPolicyList(ref), - "github.com/openshift/api/config/v1.ImageContentPolicySpec": schema_openshift_api_config_v1_ImageContentPolicySpec(ref), - "github.com/openshift/api/config/v1.ImageDigestMirrorSet": schema_openshift_api_config_v1_ImageDigestMirrorSet(ref), - "github.com/openshift/api/config/v1.ImageDigestMirrorSetList": schema_openshift_api_config_v1_ImageDigestMirrorSetList(ref), - "github.com/openshift/api/config/v1.ImageDigestMirrorSetSpec": schema_openshift_api_config_v1_ImageDigestMirrorSetSpec(ref), - "github.com/openshift/api/config/v1.ImageDigestMirrorSetStatus": schema_openshift_api_config_v1_ImageDigestMirrorSetStatus(ref), - "github.com/openshift/api/config/v1.ImageDigestMirrors": schema_openshift_api_config_v1_ImageDigestMirrors(ref), - "github.com/openshift/api/config/v1.ImageLabel": schema_openshift_api_config_v1_ImageLabel(ref), - "github.com/openshift/api/config/v1.ImageList": schema_openshift_api_config_v1_ImageList(ref), - "github.com/openshift/api/config/v1.ImagePolicy": schema_openshift_api_config_v1_ImagePolicy(ref), - "github.com/openshift/api/config/v1.ImagePolicyFulcioCAWithRekorRootOfTrust": schema_openshift_api_config_v1_ImagePolicyFulcioCAWithRekorRootOfTrust(ref), - "github.com/openshift/api/config/v1.ImagePolicyList": schema_openshift_api_config_v1_ImagePolicyList(ref), - "github.com/openshift/api/config/v1.ImagePolicyPKIRootOfTrust": schema_openshift_api_config_v1_ImagePolicyPKIRootOfTrust(ref), - "github.com/openshift/api/config/v1.ImagePolicyPublicKeyRootOfTrust": schema_openshift_api_config_v1_ImagePolicyPublicKeyRootOfTrust(ref), - "github.com/openshift/api/config/v1.ImagePolicySpec": schema_openshift_api_config_v1_ImagePolicySpec(ref), - "github.com/openshift/api/config/v1.ImagePolicyStatus": schema_openshift_api_config_v1_ImagePolicyStatus(ref), - "github.com/openshift/api/config/v1.ImageSigstoreVerificationPolicy": schema_openshift_api_config_v1_ImageSigstoreVerificationPolicy(ref), - "github.com/openshift/api/config/v1.ImageSpec": schema_openshift_api_config_v1_ImageSpec(ref), - "github.com/openshift/api/config/v1.ImageStatus": schema_openshift_api_config_v1_ImageStatus(ref), - "github.com/openshift/api/config/v1.ImageTagMirrorSet": schema_openshift_api_config_v1_ImageTagMirrorSet(ref), - "github.com/openshift/api/config/v1.ImageTagMirrorSetList": schema_openshift_api_config_v1_ImageTagMirrorSetList(ref), - "github.com/openshift/api/config/v1.ImageTagMirrorSetSpec": schema_openshift_api_config_v1_ImageTagMirrorSetSpec(ref), - "github.com/openshift/api/config/v1.ImageTagMirrorSetStatus": schema_openshift_api_config_v1_ImageTagMirrorSetStatus(ref), - "github.com/openshift/api/config/v1.ImageTagMirrors": schema_openshift_api_config_v1_ImageTagMirrors(ref), - "github.com/openshift/api/config/v1.Infrastructure": schema_openshift_api_config_v1_Infrastructure(ref), - "github.com/openshift/api/config/v1.InfrastructureList": schema_openshift_api_config_v1_InfrastructureList(ref), - "github.com/openshift/api/config/v1.InfrastructureSpec": schema_openshift_api_config_v1_InfrastructureSpec(ref), - "github.com/openshift/api/config/v1.InfrastructureStatus": schema_openshift_api_config_v1_InfrastructureStatus(ref), - "github.com/openshift/api/config/v1.Ingress": schema_openshift_api_config_v1_Ingress(ref), - "github.com/openshift/api/config/v1.IngressList": schema_openshift_api_config_v1_IngressList(ref), - "github.com/openshift/api/config/v1.IngressPlatformSpec": schema_openshift_api_config_v1_IngressPlatformSpec(ref), - "github.com/openshift/api/config/v1.IngressSpec": schema_openshift_api_config_v1_IngressSpec(ref), - "github.com/openshift/api/config/v1.IngressStatus": schema_openshift_api_config_v1_IngressStatus(ref), - "github.com/openshift/api/config/v1.InsightsDataGather": schema_openshift_api_config_v1_InsightsDataGather(ref), - "github.com/openshift/api/config/v1.InsightsDataGatherList": schema_openshift_api_config_v1_InsightsDataGatherList(ref), - "github.com/openshift/api/config/v1.InsightsDataGatherSpec": schema_openshift_api_config_v1_InsightsDataGatherSpec(ref), - "github.com/openshift/api/config/v1.IntermediateTLSProfile": schema_openshift_api_config_v1_IntermediateTLSProfile(ref), - "github.com/openshift/api/config/v1.KMSConfig": schema_openshift_api_config_v1_KMSConfig(ref), - "github.com/openshift/api/config/v1.KeystoneIdentityProvider": schema_openshift_api_config_v1_KeystoneIdentityProvider(ref), - "github.com/openshift/api/config/v1.KubeClientConfig": schema_openshift_api_config_v1_KubeClientConfig(ref), - "github.com/openshift/api/config/v1.KubevirtPlatformSpec": schema_openshift_api_config_v1_KubevirtPlatformSpec(ref), - "github.com/openshift/api/config/v1.KubevirtPlatformStatus": schema_openshift_api_config_v1_KubevirtPlatformStatus(ref), - "github.com/openshift/api/config/v1.LDAPAttributeMapping": schema_openshift_api_config_v1_LDAPAttributeMapping(ref), - "github.com/openshift/api/config/v1.LDAPIdentityProvider": schema_openshift_api_config_v1_LDAPIdentityProvider(ref), - "github.com/openshift/api/config/v1.LeaderElection": schema_openshift_api_config_v1_LeaderElection(ref), - "github.com/openshift/api/config/v1.LoadBalancer": schema_openshift_api_config_v1_LoadBalancer(ref), - "github.com/openshift/api/config/v1.MTUMigration": schema_openshift_api_config_v1_MTUMigration(ref), - "github.com/openshift/api/config/v1.MTUMigrationValues": schema_openshift_api_config_v1_MTUMigrationValues(ref), - "github.com/openshift/api/config/v1.MaxAgePolicy": schema_openshift_api_config_v1_MaxAgePolicy(ref), - "github.com/openshift/api/config/v1.ModernTLSProfile": schema_openshift_api_config_v1_ModernTLSProfile(ref), - "github.com/openshift/api/config/v1.NamedCertificate": schema_openshift_api_config_v1_NamedCertificate(ref), - "github.com/openshift/api/config/v1.Network": schema_openshift_api_config_v1_Network(ref), - "github.com/openshift/api/config/v1.NetworkDiagnostics": schema_openshift_api_config_v1_NetworkDiagnostics(ref), - "github.com/openshift/api/config/v1.NetworkDiagnosticsSourcePlacement": schema_openshift_api_config_v1_NetworkDiagnosticsSourcePlacement(ref), - "github.com/openshift/api/config/v1.NetworkDiagnosticsTargetPlacement": schema_openshift_api_config_v1_NetworkDiagnosticsTargetPlacement(ref), - "github.com/openshift/api/config/v1.NetworkList": schema_openshift_api_config_v1_NetworkList(ref), - "github.com/openshift/api/config/v1.NetworkMigration": schema_openshift_api_config_v1_NetworkMigration(ref), - "github.com/openshift/api/config/v1.NetworkSpec": schema_openshift_api_config_v1_NetworkSpec(ref), - "github.com/openshift/api/config/v1.NetworkStatus": schema_openshift_api_config_v1_NetworkStatus(ref), - "github.com/openshift/api/config/v1.Node": schema_openshift_api_config_v1_Node(ref), - "github.com/openshift/api/config/v1.NodeList": schema_openshift_api_config_v1_NodeList(ref), - "github.com/openshift/api/config/v1.NodeSpec": schema_openshift_api_config_v1_NodeSpec(ref), - "github.com/openshift/api/config/v1.NodeStatus": schema_openshift_api_config_v1_NodeStatus(ref), - "github.com/openshift/api/config/v1.NutanixFailureDomain": schema_openshift_api_config_v1_NutanixFailureDomain(ref), - "github.com/openshift/api/config/v1.NutanixPlatformLoadBalancer": schema_openshift_api_config_v1_NutanixPlatformLoadBalancer(ref), - "github.com/openshift/api/config/v1.NutanixPlatformSpec": schema_openshift_api_config_v1_NutanixPlatformSpec(ref), - "github.com/openshift/api/config/v1.NutanixPlatformStatus": schema_openshift_api_config_v1_NutanixPlatformStatus(ref), - "github.com/openshift/api/config/v1.NutanixPrismElementEndpoint": schema_openshift_api_config_v1_NutanixPrismElementEndpoint(ref), - "github.com/openshift/api/config/v1.NutanixPrismEndpoint": schema_openshift_api_config_v1_NutanixPrismEndpoint(ref), - "github.com/openshift/api/config/v1.NutanixResourceIdentifier": schema_openshift_api_config_v1_NutanixResourceIdentifier(ref), - "github.com/openshift/api/config/v1.OAuth": schema_openshift_api_config_v1_OAuth(ref), - "github.com/openshift/api/config/v1.OAuthList": schema_openshift_api_config_v1_OAuthList(ref), - "github.com/openshift/api/config/v1.OAuthRemoteConnectionInfo": schema_openshift_api_config_v1_OAuthRemoteConnectionInfo(ref), - "github.com/openshift/api/config/v1.OAuthSpec": schema_openshift_api_config_v1_OAuthSpec(ref), - "github.com/openshift/api/config/v1.OAuthStatus": schema_openshift_api_config_v1_OAuthStatus(ref), - "github.com/openshift/api/config/v1.OAuthTemplates": schema_openshift_api_config_v1_OAuthTemplates(ref), - "github.com/openshift/api/config/v1.OIDCClientConfig": schema_openshift_api_config_v1_OIDCClientConfig(ref), - "github.com/openshift/api/config/v1.OIDCClientReference": schema_openshift_api_config_v1_OIDCClientReference(ref), - "github.com/openshift/api/config/v1.OIDCClientStatus": schema_openshift_api_config_v1_OIDCClientStatus(ref), - "github.com/openshift/api/config/v1.OIDCProvider": schema_openshift_api_config_v1_OIDCProvider(ref), - "github.com/openshift/api/config/v1.ObjectReference": schema_openshift_api_config_v1_ObjectReference(ref), - "github.com/openshift/api/config/v1.OldTLSProfile": schema_openshift_api_config_v1_OldTLSProfile(ref), - "github.com/openshift/api/config/v1.OpenIDClaims": schema_openshift_api_config_v1_OpenIDClaims(ref), - "github.com/openshift/api/config/v1.OpenIDIdentityProvider": schema_openshift_api_config_v1_OpenIDIdentityProvider(ref), - "github.com/openshift/api/config/v1.OpenStackPlatformLoadBalancer": schema_openshift_api_config_v1_OpenStackPlatformLoadBalancer(ref), - "github.com/openshift/api/config/v1.OpenStackPlatformSpec": schema_openshift_api_config_v1_OpenStackPlatformSpec(ref), - "github.com/openshift/api/config/v1.OpenStackPlatformStatus": schema_openshift_api_config_v1_OpenStackPlatformStatus(ref), - "github.com/openshift/api/config/v1.OperandVersion": schema_openshift_api_config_v1_OperandVersion(ref), - "github.com/openshift/api/config/v1.OperatorHub": schema_openshift_api_config_v1_OperatorHub(ref), - "github.com/openshift/api/config/v1.OperatorHubList": schema_openshift_api_config_v1_OperatorHubList(ref), - "github.com/openshift/api/config/v1.OperatorHubSpec": schema_openshift_api_config_v1_OperatorHubSpec(ref), - "github.com/openshift/api/config/v1.OperatorHubStatus": schema_openshift_api_config_v1_OperatorHubStatus(ref), - "github.com/openshift/api/config/v1.OvirtPlatformLoadBalancer": schema_openshift_api_config_v1_OvirtPlatformLoadBalancer(ref), - "github.com/openshift/api/config/v1.OvirtPlatformSpec": schema_openshift_api_config_v1_OvirtPlatformSpec(ref), - "github.com/openshift/api/config/v1.OvirtPlatformStatus": schema_openshift_api_config_v1_OvirtPlatformStatus(ref), - "github.com/openshift/api/config/v1.PKICertificateSubject": schema_openshift_api_config_v1_PKICertificateSubject(ref), - "github.com/openshift/api/config/v1.PersistentVolumeClaimReference": schema_openshift_api_config_v1_PersistentVolumeClaimReference(ref), - "github.com/openshift/api/config/v1.PersistentVolumeConfig": schema_openshift_api_config_v1_PersistentVolumeConfig(ref), - "github.com/openshift/api/config/v1.PlatformSpec": schema_openshift_api_config_v1_PlatformSpec(ref), - "github.com/openshift/api/config/v1.PlatformStatus": schema_openshift_api_config_v1_PlatformStatus(ref), - "github.com/openshift/api/config/v1.PolicyFulcioSubject": schema_openshift_api_config_v1_PolicyFulcioSubject(ref), - "github.com/openshift/api/config/v1.PolicyIdentity": schema_openshift_api_config_v1_PolicyIdentity(ref), - "github.com/openshift/api/config/v1.PolicyMatchExactRepository": schema_openshift_api_config_v1_PolicyMatchExactRepository(ref), - "github.com/openshift/api/config/v1.PolicyMatchRemapIdentity": schema_openshift_api_config_v1_PolicyMatchRemapIdentity(ref), - "github.com/openshift/api/config/v1.PolicyRootOfTrust": schema_openshift_api_config_v1_PolicyRootOfTrust(ref), - "github.com/openshift/api/config/v1.PowerVSPlatformSpec": schema_openshift_api_config_v1_PowerVSPlatformSpec(ref), - "github.com/openshift/api/config/v1.PowerVSPlatformStatus": schema_openshift_api_config_v1_PowerVSPlatformStatus(ref), - "github.com/openshift/api/config/v1.PowerVSServiceEndpoint": schema_openshift_api_config_v1_PowerVSServiceEndpoint(ref), - "github.com/openshift/api/config/v1.PrefixedClaimMapping": schema_openshift_api_config_v1_PrefixedClaimMapping(ref), - "github.com/openshift/api/config/v1.ProfileCustomizations": schema_openshift_api_config_v1_ProfileCustomizations(ref), - "github.com/openshift/api/config/v1.Project": schema_openshift_api_config_v1_Project(ref), - "github.com/openshift/api/config/v1.ProjectList": schema_openshift_api_config_v1_ProjectList(ref), - "github.com/openshift/api/config/v1.ProjectSpec": schema_openshift_api_config_v1_ProjectSpec(ref), - "github.com/openshift/api/config/v1.ProjectStatus": schema_openshift_api_config_v1_ProjectStatus(ref), - "github.com/openshift/api/config/v1.PromQLClusterCondition": schema_openshift_api_config_v1_PromQLClusterCondition(ref), - "github.com/openshift/api/config/v1.Proxy": schema_openshift_api_config_v1_Proxy(ref), - "github.com/openshift/api/config/v1.ProxyList": schema_openshift_api_config_v1_ProxyList(ref), - "github.com/openshift/api/config/v1.ProxySpec": schema_openshift_api_config_v1_ProxySpec(ref), - "github.com/openshift/api/config/v1.ProxyStatus": schema_openshift_api_config_v1_ProxyStatus(ref), - "github.com/openshift/api/config/v1.RegistryLocation": schema_openshift_api_config_v1_RegistryLocation(ref), - "github.com/openshift/api/config/v1.RegistrySources": schema_openshift_api_config_v1_RegistrySources(ref), - "github.com/openshift/api/config/v1.Release": schema_openshift_api_config_v1_Release(ref), - "github.com/openshift/api/config/v1.RemoteConnectionInfo": schema_openshift_api_config_v1_RemoteConnectionInfo(ref), - "github.com/openshift/api/config/v1.RepositoryDigestMirrors": schema_openshift_api_config_v1_RepositoryDigestMirrors(ref), - "github.com/openshift/api/config/v1.RequestHeaderIdentityProvider": schema_openshift_api_config_v1_RequestHeaderIdentityProvider(ref), - "github.com/openshift/api/config/v1.RequiredHSTSPolicy": schema_openshift_api_config_v1_RequiredHSTSPolicy(ref), - "github.com/openshift/api/config/v1.Scheduler": schema_openshift_api_config_v1_Scheduler(ref), - "github.com/openshift/api/config/v1.SchedulerList": schema_openshift_api_config_v1_SchedulerList(ref), - "github.com/openshift/api/config/v1.SchedulerSpec": schema_openshift_api_config_v1_SchedulerSpec(ref), - "github.com/openshift/api/config/v1.SchedulerStatus": schema_openshift_api_config_v1_SchedulerStatus(ref), - "github.com/openshift/api/config/v1.SecretNameReference": schema_openshift_api_config_v1_SecretNameReference(ref), - "github.com/openshift/api/config/v1.ServingInfo": schema_openshift_api_config_v1_ServingInfo(ref), - "github.com/openshift/api/config/v1.SignatureStore": schema_openshift_api_config_v1_SignatureStore(ref), - "github.com/openshift/api/config/v1.Storage": schema_openshift_api_config_v1_Storage(ref), - "github.com/openshift/api/config/v1.StringSource": schema_openshift_api_config_v1_StringSource(ref), - "github.com/openshift/api/config/v1.StringSourceSpec": schema_openshift_api_config_v1_StringSourceSpec(ref), - "github.com/openshift/api/config/v1.TLSProfileSpec": schema_openshift_api_config_v1_TLSProfileSpec(ref), - "github.com/openshift/api/config/v1.TLSSecurityProfile": schema_openshift_api_config_v1_TLSSecurityProfile(ref), - "github.com/openshift/api/config/v1.TemplateReference": schema_openshift_api_config_v1_TemplateReference(ref), - "github.com/openshift/api/config/v1.TestDetails": schema_openshift_api_config_v1_TestDetails(ref), - "github.com/openshift/api/config/v1.TestReporting": schema_openshift_api_config_v1_TestReporting(ref), - "github.com/openshift/api/config/v1.TestReportingSpec": schema_openshift_api_config_v1_TestReportingSpec(ref), - "github.com/openshift/api/config/v1.TestReportingStatus": schema_openshift_api_config_v1_TestReportingStatus(ref), - "github.com/openshift/api/config/v1.TokenClaimMapping": schema_openshift_api_config_v1_TokenClaimMapping(ref), - "github.com/openshift/api/config/v1.TokenClaimMappings": schema_openshift_api_config_v1_TokenClaimMappings(ref), - "github.com/openshift/api/config/v1.TokenClaimOrExpressionMapping": schema_openshift_api_config_v1_TokenClaimOrExpressionMapping(ref), - "github.com/openshift/api/config/v1.TokenClaimValidationCELRule": schema_openshift_api_config_v1_TokenClaimValidationCELRule(ref), - "github.com/openshift/api/config/v1.TokenClaimValidationRule": schema_openshift_api_config_v1_TokenClaimValidationRule(ref), - "github.com/openshift/api/config/v1.TokenConfig": schema_openshift_api_config_v1_TokenConfig(ref), - "github.com/openshift/api/config/v1.TokenIssuer": schema_openshift_api_config_v1_TokenIssuer(ref), - "github.com/openshift/api/config/v1.TokenRequiredClaim": schema_openshift_api_config_v1_TokenRequiredClaim(ref), - "github.com/openshift/api/config/v1.TokenUserValidationRule": schema_openshift_api_config_v1_TokenUserValidationRule(ref), - "github.com/openshift/api/config/v1.Update": schema_openshift_api_config_v1_Update(ref), - "github.com/openshift/api/config/v1.UpdateHistory": schema_openshift_api_config_v1_UpdateHistory(ref), - "github.com/openshift/api/config/v1.UsernameClaimMapping": schema_openshift_api_config_v1_UsernameClaimMapping(ref), - "github.com/openshift/api/config/v1.UsernamePrefix": schema_openshift_api_config_v1_UsernamePrefix(ref), - "github.com/openshift/api/config/v1.VSphereFailureDomainHostGroup": schema_openshift_api_config_v1_VSphereFailureDomainHostGroup(ref), - "github.com/openshift/api/config/v1.VSphereFailureDomainRegionAffinity": schema_openshift_api_config_v1_VSphereFailureDomainRegionAffinity(ref), - "github.com/openshift/api/config/v1.VSphereFailureDomainZoneAffinity": schema_openshift_api_config_v1_VSphereFailureDomainZoneAffinity(ref), - "github.com/openshift/api/config/v1.VSpherePlatformFailureDomainSpec": schema_openshift_api_config_v1_VSpherePlatformFailureDomainSpec(ref), - "github.com/openshift/api/config/v1.VSpherePlatformLoadBalancer": schema_openshift_api_config_v1_VSpherePlatformLoadBalancer(ref), - "github.com/openshift/api/config/v1.VSpherePlatformNodeNetworking": schema_openshift_api_config_v1_VSpherePlatformNodeNetworking(ref), - "github.com/openshift/api/config/v1.VSpherePlatformNodeNetworkingSpec": schema_openshift_api_config_v1_VSpherePlatformNodeNetworkingSpec(ref), - "github.com/openshift/api/config/v1.VSpherePlatformSpec": schema_openshift_api_config_v1_VSpherePlatformSpec(ref), - "github.com/openshift/api/config/v1.VSpherePlatformStatus": schema_openshift_api_config_v1_VSpherePlatformStatus(ref), - "github.com/openshift/api/config/v1.VSpherePlatformTopology": schema_openshift_api_config_v1_VSpherePlatformTopology(ref), - "github.com/openshift/api/config/v1.VSpherePlatformVCenterSpec": schema_openshift_api_config_v1_VSpherePlatformVCenterSpec(ref), - "github.com/openshift/api/config/v1.WebhookTokenAuthenticator": schema_openshift_api_config_v1_WebhookTokenAuthenticator(ref), - "github.com/openshift/api/config/v1alpha1.AlertmanagerConfig": schema_openshift_api_config_v1alpha1_AlertmanagerConfig(ref), - "github.com/openshift/api/config/v1alpha1.AlertmanagerCustomConfig": schema_openshift_api_config_v1alpha1_AlertmanagerCustomConfig(ref), - "github.com/openshift/api/config/v1alpha1.Audit": schema_openshift_api_config_v1alpha1_Audit(ref), - "github.com/openshift/api/config/v1alpha1.Backup": schema_openshift_api_config_v1alpha1_Backup(ref), - "github.com/openshift/api/config/v1alpha1.BackupList": schema_openshift_api_config_v1alpha1_BackupList(ref), - "github.com/openshift/api/config/v1alpha1.BackupSpec": schema_openshift_api_config_v1alpha1_BackupSpec(ref), - "github.com/openshift/api/config/v1alpha1.BackupStatus": schema_openshift_api_config_v1alpha1_BackupStatus(ref), - "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfig": schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfig(ref), - "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigList": schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigList(ref), - "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigSpec": schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigSpec(ref), - "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigStatus": schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigStatus(ref), - "github.com/openshift/api/config/v1alpha1.ClusterImagePolicy": schema_openshift_api_config_v1alpha1_ClusterImagePolicy(ref), - "github.com/openshift/api/config/v1alpha1.ClusterImagePolicyList": schema_openshift_api_config_v1alpha1_ClusterImagePolicyList(ref), - "github.com/openshift/api/config/v1alpha1.ClusterImagePolicySpec": schema_openshift_api_config_v1alpha1_ClusterImagePolicySpec(ref), - "github.com/openshift/api/config/v1alpha1.ClusterImagePolicyStatus": schema_openshift_api_config_v1alpha1_ClusterImagePolicyStatus(ref), - "github.com/openshift/api/config/v1alpha1.ClusterMonitoring": schema_openshift_api_config_v1alpha1_ClusterMonitoring(ref), - "github.com/openshift/api/config/v1alpha1.ClusterMonitoringList": schema_openshift_api_config_v1alpha1_ClusterMonitoringList(ref), - "github.com/openshift/api/config/v1alpha1.ClusterMonitoringSpec": schema_openshift_api_config_v1alpha1_ClusterMonitoringSpec(ref), - "github.com/openshift/api/config/v1alpha1.ClusterMonitoringStatus": schema_openshift_api_config_v1alpha1_ClusterMonitoringStatus(ref), - "github.com/openshift/api/config/v1alpha1.ContainerResource": schema_openshift_api_config_v1alpha1_ContainerResource(ref), - "github.com/openshift/api/config/v1alpha1.EtcdBackupSpec": schema_openshift_api_config_v1alpha1_EtcdBackupSpec(ref), - "github.com/openshift/api/config/v1alpha1.GatherConfig": schema_openshift_api_config_v1alpha1_GatherConfig(ref), - "github.com/openshift/api/config/v1alpha1.ImagePolicy": schema_openshift_api_config_v1alpha1_ImagePolicy(ref), - "github.com/openshift/api/config/v1alpha1.ImagePolicyFulcioCAWithRekorRootOfTrust": schema_openshift_api_config_v1alpha1_ImagePolicyFulcioCAWithRekorRootOfTrust(ref), - "github.com/openshift/api/config/v1alpha1.ImagePolicyList": schema_openshift_api_config_v1alpha1_ImagePolicyList(ref), - "github.com/openshift/api/config/v1alpha1.ImagePolicyPKIRootOfTrust": schema_openshift_api_config_v1alpha1_ImagePolicyPKIRootOfTrust(ref), - "github.com/openshift/api/config/v1alpha1.ImagePolicyPublicKeyRootOfTrust": schema_openshift_api_config_v1alpha1_ImagePolicyPublicKeyRootOfTrust(ref), - "github.com/openshift/api/config/v1alpha1.ImagePolicySpec": schema_openshift_api_config_v1alpha1_ImagePolicySpec(ref), - "github.com/openshift/api/config/v1alpha1.ImagePolicyStatus": schema_openshift_api_config_v1alpha1_ImagePolicyStatus(ref), - "github.com/openshift/api/config/v1alpha1.ImageSigstoreVerificationPolicy": schema_openshift_api_config_v1alpha1_ImageSigstoreVerificationPolicy(ref), - "github.com/openshift/api/config/v1alpha1.InsightsDataGather": schema_openshift_api_config_v1alpha1_InsightsDataGather(ref), - "github.com/openshift/api/config/v1alpha1.InsightsDataGatherList": schema_openshift_api_config_v1alpha1_InsightsDataGatherList(ref), - "github.com/openshift/api/config/v1alpha1.InsightsDataGatherSpec": schema_openshift_api_config_v1alpha1_InsightsDataGatherSpec(ref), - "github.com/openshift/api/config/v1alpha1.InsightsDataGatherStatus": schema_openshift_api_config_v1alpha1_InsightsDataGatherStatus(ref), - "github.com/openshift/api/config/v1alpha1.MetricsServerConfig": schema_openshift_api_config_v1alpha1_MetricsServerConfig(ref), - "github.com/openshift/api/config/v1alpha1.PKICertificateSubject": schema_openshift_api_config_v1alpha1_PKICertificateSubject(ref), - "github.com/openshift/api/config/v1alpha1.PersistentVolumeClaimReference": schema_openshift_api_config_v1alpha1_PersistentVolumeClaimReference(ref), - "github.com/openshift/api/config/v1alpha1.PersistentVolumeConfig": schema_openshift_api_config_v1alpha1_PersistentVolumeConfig(ref), - "github.com/openshift/api/config/v1alpha1.PolicyFulcioSubject": schema_openshift_api_config_v1alpha1_PolicyFulcioSubject(ref), - "github.com/openshift/api/config/v1alpha1.PolicyIdentity": schema_openshift_api_config_v1alpha1_PolicyIdentity(ref), - "github.com/openshift/api/config/v1alpha1.PolicyMatchExactRepository": schema_openshift_api_config_v1alpha1_PolicyMatchExactRepository(ref), - "github.com/openshift/api/config/v1alpha1.PolicyMatchRemapIdentity": schema_openshift_api_config_v1alpha1_PolicyMatchRemapIdentity(ref), - "github.com/openshift/api/config/v1alpha1.PolicyRootOfTrust": schema_openshift_api_config_v1alpha1_PolicyRootOfTrust(ref), - "github.com/openshift/api/config/v1alpha1.PrometheusOperatorConfig": schema_openshift_api_config_v1alpha1_PrometheusOperatorConfig(ref), - "github.com/openshift/api/config/v1alpha1.RetentionNumberConfig": schema_openshift_api_config_v1alpha1_RetentionNumberConfig(ref), - "github.com/openshift/api/config/v1alpha1.RetentionPolicy": schema_openshift_api_config_v1alpha1_RetentionPolicy(ref), - "github.com/openshift/api/config/v1alpha1.RetentionSizeConfig": schema_openshift_api_config_v1alpha1_RetentionSizeConfig(ref), - "github.com/openshift/api/config/v1alpha1.Storage": schema_openshift_api_config_v1alpha1_Storage(ref), - "github.com/openshift/api/config/v1alpha1.UserDefinedMonitoring": schema_openshift_api_config_v1alpha1_UserDefinedMonitoring(ref), - "github.com/openshift/api/config/v1alpha2.Custom": schema_openshift_api_config_v1alpha2_Custom(ref), - "github.com/openshift/api/config/v1alpha2.GatherConfig": schema_openshift_api_config_v1alpha2_GatherConfig(ref), - "github.com/openshift/api/config/v1alpha2.GathererConfig": schema_openshift_api_config_v1alpha2_GathererConfig(ref), - "github.com/openshift/api/config/v1alpha2.Gatherers": schema_openshift_api_config_v1alpha2_Gatherers(ref), - "github.com/openshift/api/config/v1alpha2.InsightsDataGather": schema_openshift_api_config_v1alpha2_InsightsDataGather(ref), - "github.com/openshift/api/config/v1alpha2.InsightsDataGatherList": schema_openshift_api_config_v1alpha2_InsightsDataGatherList(ref), - "github.com/openshift/api/config/v1alpha2.InsightsDataGatherSpec": schema_openshift_api_config_v1alpha2_InsightsDataGatherSpec(ref), - "github.com/openshift/api/config/v1alpha2.InsightsDataGatherStatus": schema_openshift_api_config_v1alpha2_InsightsDataGatherStatus(ref), - "github.com/openshift/api/config/v1alpha2.PersistentVolumeClaimReference": schema_openshift_api_config_v1alpha2_PersistentVolumeClaimReference(ref), - "github.com/openshift/api/config/v1alpha2.PersistentVolumeConfig": schema_openshift_api_config_v1alpha2_PersistentVolumeConfig(ref), - "github.com/openshift/api/config/v1alpha2.Storage": schema_openshift_api_config_v1alpha2_Storage(ref), - "github.com/openshift/api/console/v1.ApplicationMenuSpec": schema_openshift_api_console_v1_ApplicationMenuSpec(ref), - "github.com/openshift/api/console/v1.CLIDownloadLink": schema_openshift_api_console_v1_CLIDownloadLink(ref), - "github.com/openshift/api/console/v1.ConsoleCLIDownload": schema_openshift_api_console_v1_ConsoleCLIDownload(ref), - "github.com/openshift/api/console/v1.ConsoleCLIDownloadList": schema_openshift_api_console_v1_ConsoleCLIDownloadList(ref), - "github.com/openshift/api/console/v1.ConsoleCLIDownloadSpec": schema_openshift_api_console_v1_ConsoleCLIDownloadSpec(ref), - "github.com/openshift/api/console/v1.ConsoleExternalLogLink": schema_openshift_api_console_v1_ConsoleExternalLogLink(ref), - "github.com/openshift/api/console/v1.ConsoleExternalLogLinkList": schema_openshift_api_console_v1_ConsoleExternalLogLinkList(ref), - "github.com/openshift/api/console/v1.ConsoleExternalLogLinkSpec": schema_openshift_api_console_v1_ConsoleExternalLogLinkSpec(ref), - "github.com/openshift/api/console/v1.ConsoleLink": schema_openshift_api_console_v1_ConsoleLink(ref), - "github.com/openshift/api/console/v1.ConsoleLinkList": schema_openshift_api_console_v1_ConsoleLinkList(ref), - "github.com/openshift/api/console/v1.ConsoleLinkSpec": schema_openshift_api_console_v1_ConsoleLinkSpec(ref), - "github.com/openshift/api/console/v1.ConsoleNotification": schema_openshift_api_console_v1_ConsoleNotification(ref), - "github.com/openshift/api/console/v1.ConsoleNotificationList": schema_openshift_api_console_v1_ConsoleNotificationList(ref), - "github.com/openshift/api/console/v1.ConsoleNotificationSpec": schema_openshift_api_console_v1_ConsoleNotificationSpec(ref), - "github.com/openshift/api/console/v1.ConsolePlugin": schema_openshift_api_console_v1_ConsolePlugin(ref), - "github.com/openshift/api/console/v1.ConsolePluginBackend": schema_openshift_api_console_v1_ConsolePluginBackend(ref), - "github.com/openshift/api/console/v1.ConsolePluginCSP": schema_openshift_api_console_v1_ConsolePluginCSP(ref), - "github.com/openshift/api/console/v1.ConsolePluginI18n": schema_openshift_api_console_v1_ConsolePluginI18n(ref), - "github.com/openshift/api/console/v1.ConsolePluginList": schema_openshift_api_console_v1_ConsolePluginList(ref), - "github.com/openshift/api/console/v1.ConsolePluginProxy": schema_openshift_api_console_v1_ConsolePluginProxy(ref), - "github.com/openshift/api/console/v1.ConsolePluginProxyEndpoint": schema_openshift_api_console_v1_ConsolePluginProxyEndpoint(ref), - "github.com/openshift/api/console/v1.ConsolePluginProxyServiceConfig": schema_openshift_api_console_v1_ConsolePluginProxyServiceConfig(ref), - "github.com/openshift/api/console/v1.ConsolePluginService": schema_openshift_api_console_v1_ConsolePluginService(ref), - "github.com/openshift/api/console/v1.ConsolePluginSpec": schema_openshift_api_console_v1_ConsolePluginSpec(ref), - "github.com/openshift/api/console/v1.ConsoleQuickStart": schema_openshift_api_console_v1_ConsoleQuickStart(ref), - "github.com/openshift/api/console/v1.ConsoleQuickStartList": schema_openshift_api_console_v1_ConsoleQuickStartList(ref), - "github.com/openshift/api/console/v1.ConsoleQuickStartSpec": schema_openshift_api_console_v1_ConsoleQuickStartSpec(ref), - "github.com/openshift/api/console/v1.ConsoleQuickStartTask": schema_openshift_api_console_v1_ConsoleQuickStartTask(ref), - "github.com/openshift/api/console/v1.ConsoleQuickStartTaskReview": schema_openshift_api_console_v1_ConsoleQuickStartTaskReview(ref), - "github.com/openshift/api/console/v1.ConsoleQuickStartTaskSummary": schema_openshift_api_console_v1_ConsoleQuickStartTaskSummary(ref), - "github.com/openshift/api/console/v1.ConsoleSample": schema_openshift_api_console_v1_ConsoleSample(ref), - "github.com/openshift/api/console/v1.ConsoleSampleContainerImportSource": schema_openshift_api_console_v1_ConsoleSampleContainerImportSource(ref), - "github.com/openshift/api/console/v1.ConsoleSampleContainerImportSourceService": schema_openshift_api_console_v1_ConsoleSampleContainerImportSourceService(ref), - "github.com/openshift/api/console/v1.ConsoleSampleGitImportSource": schema_openshift_api_console_v1_ConsoleSampleGitImportSource(ref), - "github.com/openshift/api/console/v1.ConsoleSampleGitImportSourceRepository": schema_openshift_api_console_v1_ConsoleSampleGitImportSourceRepository(ref), - "github.com/openshift/api/console/v1.ConsoleSampleGitImportSourceService": schema_openshift_api_console_v1_ConsoleSampleGitImportSourceService(ref), - "github.com/openshift/api/console/v1.ConsoleSampleList": schema_openshift_api_console_v1_ConsoleSampleList(ref), - "github.com/openshift/api/console/v1.ConsoleSampleSource": schema_openshift_api_console_v1_ConsoleSampleSource(ref), - "github.com/openshift/api/console/v1.ConsoleSampleSpec": schema_openshift_api_console_v1_ConsoleSampleSpec(ref), - "github.com/openshift/api/console/v1.ConsoleYAMLSample": schema_openshift_api_console_v1_ConsoleYAMLSample(ref), - "github.com/openshift/api/console/v1.ConsoleYAMLSampleList": schema_openshift_api_console_v1_ConsoleYAMLSampleList(ref), - "github.com/openshift/api/console/v1.ConsoleYAMLSampleSpec": schema_openshift_api_console_v1_ConsoleYAMLSampleSpec(ref), - "github.com/openshift/api/console/v1.Link": schema_openshift_api_console_v1_Link(ref), - "github.com/openshift/api/console/v1.NamespaceDashboardSpec": schema_openshift_api_console_v1_NamespaceDashboardSpec(ref), - "github.com/openshift/api/etcd/v1alpha1.PacemakerCluster": schema_openshift_api_etcd_v1alpha1_PacemakerCluster(ref), - "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterFencingAgentStatus": schema_openshift_api_etcd_v1alpha1_PacemakerClusterFencingAgentStatus(ref), - "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterList": schema_openshift_api_etcd_v1alpha1_PacemakerClusterList(ref), - "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterNodeStatus": schema_openshift_api_etcd_v1alpha1_PacemakerClusterNodeStatus(ref), - "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterResourceStatus": schema_openshift_api_etcd_v1alpha1_PacemakerClusterResourceStatus(ref), - "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterStatus": schema_openshift_api_etcd_v1alpha1_PacemakerClusterStatus(ref), - "github.com/openshift/api/etcd/v1alpha1.PacemakerNodeAddress": schema_openshift_api_etcd_v1alpha1_PacemakerNodeAddress(ref), - "github.com/openshift/api/example/v1.CELUnion": schema_openshift_api_example_v1_CELUnion(ref), - "github.com/openshift/api/example/v1.EvolvingUnion": schema_openshift_api_example_v1_EvolvingUnion(ref), - "github.com/openshift/api/example/v1.FormatMarkerExamples": schema_openshift_api_example_v1_FormatMarkerExamples(ref), - "github.com/openshift/api/example/v1.StableConfigType": schema_openshift_api_example_v1_StableConfigType(ref), - "github.com/openshift/api/example/v1.StableConfigTypeList": schema_openshift_api_example_v1_StableConfigTypeList(ref), - "github.com/openshift/api/example/v1.StableConfigTypeSpec": schema_openshift_api_example_v1_StableConfigTypeSpec(ref), - "github.com/openshift/api/example/v1.StableConfigTypeStatus": schema_openshift_api_example_v1_StableConfigTypeStatus(ref), - "github.com/openshift/api/example/v1.SubnetsWithExclusions": schema_openshift_api_example_v1_SubnetsWithExclusions(ref), - "github.com/openshift/api/example/v1alpha1.NotStableConfigType": schema_openshift_api_example_v1alpha1_NotStableConfigType(ref), - "github.com/openshift/api/example/v1alpha1.NotStableConfigTypeList": schema_openshift_api_example_v1alpha1_NotStableConfigTypeList(ref), - "github.com/openshift/api/example/v1alpha1.NotStableConfigTypeSpec": schema_openshift_api_example_v1alpha1_NotStableConfigTypeSpec(ref), - "github.com/openshift/api/example/v1alpha1.NotStableConfigTypeStatus": schema_openshift_api_example_v1alpha1_NotStableConfigTypeStatus(ref), - "github.com/openshift/api/helm/v1beta1.ConnectionConfig": schema_openshift_api_helm_v1beta1_ConnectionConfig(ref), - "github.com/openshift/api/helm/v1beta1.ConnectionConfigNamespaceScoped": schema_openshift_api_helm_v1beta1_ConnectionConfigNamespaceScoped(ref), - "github.com/openshift/api/helm/v1beta1.HelmChartRepository": schema_openshift_api_helm_v1beta1_HelmChartRepository(ref), - "github.com/openshift/api/helm/v1beta1.HelmChartRepositoryList": schema_openshift_api_helm_v1beta1_HelmChartRepositoryList(ref), - "github.com/openshift/api/helm/v1beta1.HelmChartRepositorySpec": schema_openshift_api_helm_v1beta1_HelmChartRepositorySpec(ref), - "github.com/openshift/api/helm/v1beta1.HelmChartRepositoryStatus": schema_openshift_api_helm_v1beta1_HelmChartRepositoryStatus(ref), - "github.com/openshift/api/helm/v1beta1.ProjectHelmChartRepository": schema_openshift_api_helm_v1beta1_ProjectHelmChartRepository(ref), - "github.com/openshift/api/helm/v1beta1.ProjectHelmChartRepositoryList": schema_openshift_api_helm_v1beta1_ProjectHelmChartRepositoryList(ref), - "github.com/openshift/api/helm/v1beta1.ProjectHelmChartRepositorySpec": schema_openshift_api_helm_v1beta1_ProjectHelmChartRepositorySpec(ref), - "github.com/openshift/api/image/v1.DockerImageReference": schema_openshift_api_image_v1_DockerImageReference(ref), - "github.com/openshift/api/image/v1.Image": schema_openshift_api_image_v1_Image(ref), - "github.com/openshift/api/image/v1.ImageBlobReferences": schema_openshift_api_image_v1_ImageBlobReferences(ref), - "github.com/openshift/api/image/v1.ImageImportSpec": schema_openshift_api_image_v1_ImageImportSpec(ref), - "github.com/openshift/api/image/v1.ImageImportStatus": schema_openshift_api_image_v1_ImageImportStatus(ref), - "github.com/openshift/api/image/v1.ImageLayer": schema_openshift_api_image_v1_ImageLayer(ref), - "github.com/openshift/api/image/v1.ImageLayerData": schema_openshift_api_image_v1_ImageLayerData(ref), - "github.com/openshift/api/image/v1.ImageList": schema_openshift_api_image_v1_ImageList(ref), - "github.com/openshift/api/image/v1.ImageLookupPolicy": schema_openshift_api_image_v1_ImageLookupPolicy(ref), - "github.com/openshift/api/image/v1.ImageManifest": schema_openshift_api_image_v1_ImageManifest(ref), - "github.com/openshift/api/image/v1.ImageSignature": schema_openshift_api_image_v1_ImageSignature(ref), - "github.com/openshift/api/image/v1.ImageStream": schema_openshift_api_image_v1_ImageStream(ref), - "github.com/openshift/api/image/v1.ImageStreamImage": schema_openshift_api_image_v1_ImageStreamImage(ref), - "github.com/openshift/api/image/v1.ImageStreamImport": schema_openshift_api_image_v1_ImageStreamImport(ref), - "github.com/openshift/api/image/v1.ImageStreamImportSpec": schema_openshift_api_image_v1_ImageStreamImportSpec(ref), - "github.com/openshift/api/image/v1.ImageStreamImportStatus": schema_openshift_api_image_v1_ImageStreamImportStatus(ref), - "github.com/openshift/api/image/v1.ImageStreamLayers": schema_openshift_api_image_v1_ImageStreamLayers(ref), - "github.com/openshift/api/image/v1.ImageStreamList": schema_openshift_api_image_v1_ImageStreamList(ref), - "github.com/openshift/api/image/v1.ImageStreamMapping": schema_openshift_api_image_v1_ImageStreamMapping(ref), - "github.com/openshift/api/image/v1.ImageStreamSpec": schema_openshift_api_image_v1_ImageStreamSpec(ref), - "github.com/openshift/api/image/v1.ImageStreamStatus": schema_openshift_api_image_v1_ImageStreamStatus(ref), - "github.com/openshift/api/image/v1.ImageStreamTag": schema_openshift_api_image_v1_ImageStreamTag(ref), - "github.com/openshift/api/image/v1.ImageStreamTagList": schema_openshift_api_image_v1_ImageStreamTagList(ref), - "github.com/openshift/api/image/v1.ImageTag": schema_openshift_api_image_v1_ImageTag(ref), - "github.com/openshift/api/image/v1.ImageTagList": schema_openshift_api_image_v1_ImageTagList(ref), - "github.com/openshift/api/image/v1.NamedTagEventList": schema_openshift_api_image_v1_NamedTagEventList(ref), - "github.com/openshift/api/image/v1.RepositoryImportSpec": schema_openshift_api_image_v1_RepositoryImportSpec(ref), - "github.com/openshift/api/image/v1.RepositoryImportStatus": schema_openshift_api_image_v1_RepositoryImportStatus(ref), - "github.com/openshift/api/image/v1.SecretList": schema_openshift_api_image_v1_SecretList(ref), - "github.com/openshift/api/image/v1.SignatureCondition": schema_openshift_api_image_v1_SignatureCondition(ref), - "github.com/openshift/api/image/v1.SignatureGenericEntity": schema_openshift_api_image_v1_SignatureGenericEntity(ref), - "github.com/openshift/api/image/v1.SignatureIssuer": schema_openshift_api_image_v1_SignatureIssuer(ref), - "github.com/openshift/api/image/v1.SignatureSubject": schema_openshift_api_image_v1_SignatureSubject(ref), - "github.com/openshift/api/image/v1.TagEvent": schema_openshift_api_image_v1_TagEvent(ref), - "github.com/openshift/api/image/v1.TagEventCondition": schema_openshift_api_image_v1_TagEventCondition(ref), - "github.com/openshift/api/image/v1.TagImportPolicy": schema_openshift_api_image_v1_TagImportPolicy(ref), - "github.com/openshift/api/image/v1.TagReference": schema_openshift_api_image_v1_TagReference(ref), - "github.com/openshift/api/image/v1.TagReferencePolicy": schema_openshift_api_image_v1_TagReferencePolicy(ref), - "github.com/openshift/api/insights/v1.Custom": schema_openshift_api_insights_v1_Custom(ref), - "github.com/openshift/api/insights/v1.DataGather": schema_openshift_api_insights_v1_DataGather(ref), - "github.com/openshift/api/insights/v1.DataGatherList": schema_openshift_api_insights_v1_DataGatherList(ref), - "github.com/openshift/api/insights/v1.DataGatherSpec": schema_openshift_api_insights_v1_DataGatherSpec(ref), - "github.com/openshift/api/insights/v1.DataGatherStatus": schema_openshift_api_insights_v1_DataGatherStatus(ref), - "github.com/openshift/api/insights/v1.GathererConfig": schema_openshift_api_insights_v1_GathererConfig(ref), - "github.com/openshift/api/insights/v1.GathererStatus": schema_openshift_api_insights_v1_GathererStatus(ref), - "github.com/openshift/api/insights/v1.Gatherers": schema_openshift_api_insights_v1_Gatherers(ref), - "github.com/openshift/api/insights/v1.HealthCheck": schema_openshift_api_insights_v1_HealthCheck(ref), - "github.com/openshift/api/insights/v1.InsightsReport": schema_openshift_api_insights_v1_InsightsReport(ref), - "github.com/openshift/api/insights/v1.ObjectReference": schema_openshift_api_insights_v1_ObjectReference(ref), - "github.com/openshift/api/insights/v1.PersistentVolumeClaimReference": schema_openshift_api_insights_v1_PersistentVolumeClaimReference(ref), - "github.com/openshift/api/insights/v1.PersistentVolumeConfig": schema_openshift_api_insights_v1_PersistentVolumeConfig(ref), - "github.com/openshift/api/insights/v1.Storage": schema_openshift_api_insights_v1_Storage(ref), - "github.com/openshift/api/insights/v1alpha1.DataGather": schema_openshift_api_insights_v1alpha1_DataGather(ref), - "github.com/openshift/api/insights/v1alpha1.DataGatherList": schema_openshift_api_insights_v1alpha1_DataGatherList(ref), - "github.com/openshift/api/insights/v1alpha1.DataGatherSpec": schema_openshift_api_insights_v1alpha1_DataGatherSpec(ref), - "github.com/openshift/api/insights/v1alpha1.DataGatherStatus": schema_openshift_api_insights_v1alpha1_DataGatherStatus(ref), - "github.com/openshift/api/insights/v1alpha1.GathererConfig": schema_openshift_api_insights_v1alpha1_GathererConfig(ref), - "github.com/openshift/api/insights/v1alpha1.GathererStatus": schema_openshift_api_insights_v1alpha1_GathererStatus(ref), - "github.com/openshift/api/insights/v1alpha1.HealthCheck": schema_openshift_api_insights_v1alpha1_HealthCheck(ref), - "github.com/openshift/api/insights/v1alpha1.InsightsReport": schema_openshift_api_insights_v1alpha1_InsightsReport(ref), - "github.com/openshift/api/insights/v1alpha1.ObjectReference": schema_openshift_api_insights_v1alpha1_ObjectReference(ref), - "github.com/openshift/api/insights/v1alpha1.PersistentVolumeClaimReference": schema_openshift_api_insights_v1alpha1_PersistentVolumeClaimReference(ref), - "github.com/openshift/api/insights/v1alpha1.PersistentVolumeConfig": schema_openshift_api_insights_v1alpha1_PersistentVolumeConfig(ref), - "github.com/openshift/api/insights/v1alpha1.Storage": schema_openshift_api_insights_v1alpha1_Storage(ref), - "github.com/openshift/api/insights/v1alpha2.Custom": schema_openshift_api_insights_v1alpha2_Custom(ref), - "github.com/openshift/api/insights/v1alpha2.DataGather": schema_openshift_api_insights_v1alpha2_DataGather(ref), - "github.com/openshift/api/insights/v1alpha2.DataGatherList": schema_openshift_api_insights_v1alpha2_DataGatherList(ref), - "github.com/openshift/api/insights/v1alpha2.DataGatherSpec": schema_openshift_api_insights_v1alpha2_DataGatherSpec(ref), - "github.com/openshift/api/insights/v1alpha2.DataGatherStatus": schema_openshift_api_insights_v1alpha2_DataGatherStatus(ref), - "github.com/openshift/api/insights/v1alpha2.GathererConfig": schema_openshift_api_insights_v1alpha2_GathererConfig(ref), - "github.com/openshift/api/insights/v1alpha2.GathererStatus": schema_openshift_api_insights_v1alpha2_GathererStatus(ref), - "github.com/openshift/api/insights/v1alpha2.Gatherers": schema_openshift_api_insights_v1alpha2_Gatherers(ref), - "github.com/openshift/api/insights/v1alpha2.HealthCheck": schema_openshift_api_insights_v1alpha2_HealthCheck(ref), - "github.com/openshift/api/insights/v1alpha2.InsightsReport": schema_openshift_api_insights_v1alpha2_InsightsReport(ref), - "github.com/openshift/api/insights/v1alpha2.ObjectReference": schema_openshift_api_insights_v1alpha2_ObjectReference(ref), - "github.com/openshift/api/insights/v1alpha2.PersistentVolumeClaimReference": schema_openshift_api_insights_v1alpha2_PersistentVolumeClaimReference(ref), - "github.com/openshift/api/insights/v1alpha2.PersistentVolumeConfig": schema_openshift_api_insights_v1alpha2_PersistentVolumeConfig(ref), - "github.com/openshift/api/insights/v1alpha2.Storage": schema_openshift_api_insights_v1alpha2_Storage(ref), - "github.com/openshift/api/kubecontrolplane/v1.AggregatorConfig": schema_openshift_api_kubecontrolplane_v1_AggregatorConfig(ref), - "github.com/openshift/api/kubecontrolplane/v1.KubeAPIServerConfig": schema_openshift_api_kubecontrolplane_v1_KubeAPIServerConfig(ref), - "github.com/openshift/api/kubecontrolplane/v1.KubeAPIServerImagePolicyConfig": schema_openshift_api_kubecontrolplane_v1_KubeAPIServerImagePolicyConfig(ref), - "github.com/openshift/api/kubecontrolplane/v1.KubeAPIServerProjectConfig": schema_openshift_api_kubecontrolplane_v1_KubeAPIServerProjectConfig(ref), - "github.com/openshift/api/kubecontrolplane/v1.KubeControllerManagerConfig": schema_openshift_api_kubecontrolplane_v1_KubeControllerManagerConfig(ref), - "github.com/openshift/api/kubecontrolplane/v1.KubeControllerManagerProjectConfig": schema_openshift_api_kubecontrolplane_v1_KubeControllerManagerProjectConfig(ref), - "github.com/openshift/api/kubecontrolplane/v1.KubeletConnectionInfo": schema_openshift_api_kubecontrolplane_v1_KubeletConnectionInfo(ref), - "github.com/openshift/api/kubecontrolplane/v1.MasterAuthConfig": schema_openshift_api_kubecontrolplane_v1_MasterAuthConfig(ref), - "github.com/openshift/api/kubecontrolplane/v1.RequestHeaderAuthenticationOptions": schema_openshift_api_kubecontrolplane_v1_RequestHeaderAuthenticationOptions(ref), - "github.com/openshift/api/kubecontrolplane/v1.ServiceServingCert": schema_openshift_api_kubecontrolplane_v1_ServiceServingCert(ref), - "github.com/openshift/api/kubecontrolplane/v1.UserAgentDenyRule": schema_openshift_api_kubecontrolplane_v1_UserAgentDenyRule(ref), - "github.com/openshift/api/kubecontrolplane/v1.UserAgentMatchRule": schema_openshift_api_kubecontrolplane_v1_UserAgentMatchRule(ref), - "github.com/openshift/api/kubecontrolplane/v1.UserAgentMatchingConfig": schema_openshift_api_kubecontrolplane_v1_UserAgentMatchingConfig(ref), - "github.com/openshift/api/kubecontrolplane/v1.WebhookTokenAuthenticator": schema_openshift_api_kubecontrolplane_v1_WebhookTokenAuthenticator(ref), - "github.com/openshift/api/legacyconfig/v1.ActiveDirectoryConfig": schema_openshift_api_legacyconfig_v1_ActiveDirectoryConfig(ref), - "github.com/openshift/api/legacyconfig/v1.AdmissionConfig": schema_openshift_api_legacyconfig_v1_AdmissionConfig(ref), - "github.com/openshift/api/legacyconfig/v1.AdmissionPluginConfig": schema_openshift_api_legacyconfig_v1_AdmissionPluginConfig(ref), - "github.com/openshift/api/legacyconfig/v1.AggregatorConfig": schema_openshift_api_legacyconfig_v1_AggregatorConfig(ref), - "github.com/openshift/api/legacyconfig/v1.AllowAllPasswordIdentityProvider": schema_openshift_api_legacyconfig_v1_AllowAllPasswordIdentityProvider(ref), - "github.com/openshift/api/legacyconfig/v1.AuditConfig": schema_openshift_api_legacyconfig_v1_AuditConfig(ref), - "github.com/openshift/api/legacyconfig/v1.AugmentedActiveDirectoryConfig": schema_openshift_api_legacyconfig_v1_AugmentedActiveDirectoryConfig(ref), - "github.com/openshift/api/legacyconfig/v1.BasicAuthPasswordIdentityProvider": schema_openshift_api_legacyconfig_v1_BasicAuthPasswordIdentityProvider(ref), - "github.com/openshift/api/legacyconfig/v1.BuildDefaultsConfig": schema_openshift_api_legacyconfig_v1_BuildDefaultsConfig(ref), - "github.com/openshift/api/legacyconfig/v1.BuildOverridesConfig": schema_openshift_api_legacyconfig_v1_BuildOverridesConfig(ref), - "github.com/openshift/api/legacyconfig/v1.CertInfo": schema_openshift_api_legacyconfig_v1_CertInfo(ref), - "github.com/openshift/api/legacyconfig/v1.ClientConnectionOverrides": schema_openshift_api_legacyconfig_v1_ClientConnectionOverrides(ref), - "github.com/openshift/api/legacyconfig/v1.ClusterNetworkEntry": schema_openshift_api_legacyconfig_v1_ClusterNetworkEntry(ref), - "github.com/openshift/api/legacyconfig/v1.ControllerConfig": schema_openshift_api_legacyconfig_v1_ControllerConfig(ref), - "github.com/openshift/api/legacyconfig/v1.ControllerElectionConfig": schema_openshift_api_legacyconfig_v1_ControllerElectionConfig(ref), - "github.com/openshift/api/legacyconfig/v1.DNSConfig": schema_openshift_api_legacyconfig_v1_DNSConfig(ref), - "github.com/openshift/api/legacyconfig/v1.DefaultAdmissionConfig": schema_openshift_api_legacyconfig_v1_DefaultAdmissionConfig(ref), - "github.com/openshift/api/legacyconfig/v1.DenyAllPasswordIdentityProvider": schema_openshift_api_legacyconfig_v1_DenyAllPasswordIdentityProvider(ref), - "github.com/openshift/api/legacyconfig/v1.DockerConfig": schema_openshift_api_legacyconfig_v1_DockerConfig(ref), - "github.com/openshift/api/legacyconfig/v1.EtcdConfig": schema_openshift_api_legacyconfig_v1_EtcdConfig(ref), - "github.com/openshift/api/legacyconfig/v1.EtcdConnectionInfo": schema_openshift_api_legacyconfig_v1_EtcdConnectionInfo(ref), - "github.com/openshift/api/legacyconfig/v1.EtcdStorageConfig": schema_openshift_api_legacyconfig_v1_EtcdStorageConfig(ref), - "github.com/openshift/api/legacyconfig/v1.GitHubIdentityProvider": schema_openshift_api_legacyconfig_v1_GitHubIdentityProvider(ref), - "github.com/openshift/api/legacyconfig/v1.GitLabIdentityProvider": schema_openshift_api_legacyconfig_v1_GitLabIdentityProvider(ref), - "github.com/openshift/api/legacyconfig/v1.GoogleIdentityProvider": schema_openshift_api_legacyconfig_v1_GoogleIdentityProvider(ref), - "github.com/openshift/api/legacyconfig/v1.GrantConfig": schema_openshift_api_legacyconfig_v1_GrantConfig(ref), - "github.com/openshift/api/legacyconfig/v1.GroupResource": schema_openshift_api_legacyconfig_v1_GroupResource(ref), - "github.com/openshift/api/legacyconfig/v1.HTPasswdPasswordIdentityProvider": schema_openshift_api_legacyconfig_v1_HTPasswdPasswordIdentityProvider(ref), - "github.com/openshift/api/legacyconfig/v1.HTTPServingInfo": schema_openshift_api_legacyconfig_v1_HTTPServingInfo(ref), - "github.com/openshift/api/legacyconfig/v1.IdentityProvider": schema_openshift_api_legacyconfig_v1_IdentityProvider(ref), - "github.com/openshift/api/legacyconfig/v1.ImageConfig": schema_openshift_api_legacyconfig_v1_ImageConfig(ref), - "github.com/openshift/api/legacyconfig/v1.ImagePolicyConfig": schema_openshift_api_legacyconfig_v1_ImagePolicyConfig(ref), - "github.com/openshift/api/legacyconfig/v1.JenkinsPipelineConfig": schema_openshift_api_legacyconfig_v1_JenkinsPipelineConfig(ref), - "github.com/openshift/api/legacyconfig/v1.KeystonePasswordIdentityProvider": schema_openshift_api_legacyconfig_v1_KeystonePasswordIdentityProvider(ref), - "github.com/openshift/api/legacyconfig/v1.KubeletConnectionInfo": schema_openshift_api_legacyconfig_v1_KubeletConnectionInfo(ref), - "github.com/openshift/api/legacyconfig/v1.KubernetesMasterConfig": schema_openshift_api_legacyconfig_v1_KubernetesMasterConfig(ref), - "github.com/openshift/api/legacyconfig/v1.LDAPAttributeMapping": schema_openshift_api_legacyconfig_v1_LDAPAttributeMapping(ref), - "github.com/openshift/api/legacyconfig/v1.LDAPPasswordIdentityProvider": schema_openshift_api_legacyconfig_v1_LDAPPasswordIdentityProvider(ref), - "github.com/openshift/api/legacyconfig/v1.LDAPQuery": schema_openshift_api_legacyconfig_v1_LDAPQuery(ref), - "github.com/openshift/api/legacyconfig/v1.LDAPSyncConfig": schema_openshift_api_legacyconfig_v1_LDAPSyncConfig(ref), - "github.com/openshift/api/legacyconfig/v1.LocalQuota": schema_openshift_api_legacyconfig_v1_LocalQuota(ref), - "github.com/openshift/api/legacyconfig/v1.MasterAuthConfig": schema_openshift_api_legacyconfig_v1_MasterAuthConfig(ref), - "github.com/openshift/api/legacyconfig/v1.MasterClients": schema_openshift_api_legacyconfig_v1_MasterClients(ref), - "github.com/openshift/api/legacyconfig/v1.MasterConfig": schema_openshift_api_legacyconfig_v1_MasterConfig(ref), - "github.com/openshift/api/legacyconfig/v1.MasterNetworkConfig": schema_openshift_api_legacyconfig_v1_MasterNetworkConfig(ref), - "github.com/openshift/api/legacyconfig/v1.MasterVolumeConfig": schema_openshift_api_legacyconfig_v1_MasterVolumeConfig(ref), - "github.com/openshift/api/legacyconfig/v1.NamedCertificate": schema_openshift_api_legacyconfig_v1_NamedCertificate(ref), - "github.com/openshift/api/legacyconfig/v1.NodeAuthConfig": schema_openshift_api_legacyconfig_v1_NodeAuthConfig(ref), - "github.com/openshift/api/legacyconfig/v1.NodeConfig": schema_openshift_api_legacyconfig_v1_NodeConfig(ref), - "github.com/openshift/api/legacyconfig/v1.NodeNetworkConfig": schema_openshift_api_legacyconfig_v1_NodeNetworkConfig(ref), - "github.com/openshift/api/legacyconfig/v1.NodeVolumeConfig": schema_openshift_api_legacyconfig_v1_NodeVolumeConfig(ref), - "github.com/openshift/api/legacyconfig/v1.OAuthConfig": schema_openshift_api_legacyconfig_v1_OAuthConfig(ref), - "github.com/openshift/api/legacyconfig/v1.OAuthTemplates": schema_openshift_api_legacyconfig_v1_OAuthTemplates(ref), - "github.com/openshift/api/legacyconfig/v1.OpenIDClaims": schema_openshift_api_legacyconfig_v1_OpenIDClaims(ref), - "github.com/openshift/api/legacyconfig/v1.OpenIDIdentityProvider": schema_openshift_api_legacyconfig_v1_OpenIDIdentityProvider(ref), - "github.com/openshift/api/legacyconfig/v1.OpenIDURLs": schema_openshift_api_legacyconfig_v1_OpenIDURLs(ref), - "github.com/openshift/api/legacyconfig/v1.PodManifestConfig": schema_openshift_api_legacyconfig_v1_PodManifestConfig(ref), - "github.com/openshift/api/legacyconfig/v1.PolicyConfig": schema_openshift_api_legacyconfig_v1_PolicyConfig(ref), - "github.com/openshift/api/legacyconfig/v1.ProjectConfig": schema_openshift_api_legacyconfig_v1_ProjectConfig(ref), - "github.com/openshift/api/legacyconfig/v1.RFC2307Config": schema_openshift_api_legacyconfig_v1_RFC2307Config(ref), - "github.com/openshift/api/legacyconfig/v1.RegistryLocation": schema_openshift_api_legacyconfig_v1_RegistryLocation(ref), - "github.com/openshift/api/legacyconfig/v1.RemoteConnectionInfo": schema_openshift_api_legacyconfig_v1_RemoteConnectionInfo(ref), - "github.com/openshift/api/legacyconfig/v1.RequestHeaderAuthenticationOptions": schema_openshift_api_legacyconfig_v1_RequestHeaderAuthenticationOptions(ref), - "github.com/openshift/api/legacyconfig/v1.RequestHeaderIdentityProvider": schema_openshift_api_legacyconfig_v1_RequestHeaderIdentityProvider(ref), - "github.com/openshift/api/legacyconfig/v1.RoutingConfig": schema_openshift_api_legacyconfig_v1_RoutingConfig(ref), - "github.com/openshift/api/legacyconfig/v1.SecurityAllocator": schema_openshift_api_legacyconfig_v1_SecurityAllocator(ref), - "github.com/openshift/api/legacyconfig/v1.ServiceAccountConfig": schema_openshift_api_legacyconfig_v1_ServiceAccountConfig(ref), - "github.com/openshift/api/legacyconfig/v1.ServiceServingCert": schema_openshift_api_legacyconfig_v1_ServiceServingCert(ref), - "github.com/openshift/api/legacyconfig/v1.ServingInfo": schema_openshift_api_legacyconfig_v1_ServingInfo(ref), - "github.com/openshift/api/legacyconfig/v1.SessionConfig": schema_openshift_api_legacyconfig_v1_SessionConfig(ref), - "github.com/openshift/api/legacyconfig/v1.SessionSecret": schema_openshift_api_legacyconfig_v1_SessionSecret(ref), - "github.com/openshift/api/legacyconfig/v1.SessionSecrets": schema_openshift_api_legacyconfig_v1_SessionSecrets(ref), - "github.com/openshift/api/legacyconfig/v1.SourceStrategyDefaultsConfig": schema_openshift_api_legacyconfig_v1_SourceStrategyDefaultsConfig(ref), - "github.com/openshift/api/legacyconfig/v1.StringSource": schema_openshift_api_legacyconfig_v1_StringSource(ref), - "github.com/openshift/api/legacyconfig/v1.StringSourceSpec": schema_openshift_api_legacyconfig_v1_StringSourceSpec(ref), - "github.com/openshift/api/legacyconfig/v1.TokenConfig": schema_openshift_api_legacyconfig_v1_TokenConfig(ref), - "github.com/openshift/api/legacyconfig/v1.UserAgentDenyRule": schema_openshift_api_legacyconfig_v1_UserAgentDenyRule(ref), - "github.com/openshift/api/legacyconfig/v1.UserAgentMatchRule": schema_openshift_api_legacyconfig_v1_UserAgentMatchRule(ref), - "github.com/openshift/api/legacyconfig/v1.UserAgentMatchingConfig": schema_openshift_api_legacyconfig_v1_UserAgentMatchingConfig(ref), - "github.com/openshift/api/legacyconfig/v1.WebhookTokenAuthenticator": schema_openshift_api_legacyconfig_v1_WebhookTokenAuthenticator(ref), - "github.com/openshift/api/machine/v1.AWSFailureDomain": schema_openshift_api_machine_v1_AWSFailureDomain(ref), - "github.com/openshift/api/machine/v1.AWSFailureDomainPlacement": schema_openshift_api_machine_v1_AWSFailureDomainPlacement(ref), - "github.com/openshift/api/machine/v1.AWSResourceFilter": schema_openshift_api_machine_v1_AWSResourceFilter(ref), - "github.com/openshift/api/machine/v1.AWSResourceReference": schema_openshift_api_machine_v1_AWSResourceReference(ref), - "github.com/openshift/api/machine/v1.AlibabaCloudMachineProviderConfig": schema_openshift_api_machine_v1_AlibabaCloudMachineProviderConfig(ref), - "github.com/openshift/api/machine/v1.AlibabaCloudMachineProviderConfigList": schema_openshift_api_machine_v1_AlibabaCloudMachineProviderConfigList(ref), - "github.com/openshift/api/machine/v1.AlibabaCloudMachineProviderStatus": schema_openshift_api_machine_v1_AlibabaCloudMachineProviderStatus(ref), - "github.com/openshift/api/machine/v1.AlibabaResourceReference": schema_openshift_api_machine_v1_AlibabaResourceReference(ref), - "github.com/openshift/api/machine/v1.AzureFailureDomain": schema_openshift_api_machine_v1_AzureFailureDomain(ref), - "github.com/openshift/api/machine/v1.BandwidthProperties": schema_openshift_api_machine_v1_BandwidthProperties(ref), - "github.com/openshift/api/machine/v1.ControlPlaneMachineSet": schema_openshift_api_machine_v1_ControlPlaneMachineSet(ref), - "github.com/openshift/api/machine/v1.ControlPlaneMachineSetList": schema_openshift_api_machine_v1_ControlPlaneMachineSetList(ref), - "github.com/openshift/api/machine/v1.ControlPlaneMachineSetSpec": schema_openshift_api_machine_v1_ControlPlaneMachineSetSpec(ref), - "github.com/openshift/api/machine/v1.ControlPlaneMachineSetStatus": schema_openshift_api_machine_v1_ControlPlaneMachineSetStatus(ref), - "github.com/openshift/api/machine/v1.ControlPlaneMachineSetStrategy": schema_openshift_api_machine_v1_ControlPlaneMachineSetStrategy(ref), - "github.com/openshift/api/machine/v1.ControlPlaneMachineSetTemplate": schema_openshift_api_machine_v1_ControlPlaneMachineSetTemplate(ref), - "github.com/openshift/api/machine/v1.ControlPlaneMachineSetTemplateObjectMeta": schema_openshift_api_machine_v1_ControlPlaneMachineSetTemplateObjectMeta(ref), - "github.com/openshift/api/machine/v1.DataDiskProperties": schema_openshift_api_machine_v1_DataDiskProperties(ref), - "github.com/openshift/api/machine/v1.FailureDomains": schema_openshift_api_machine_v1_FailureDomains(ref), - "github.com/openshift/api/machine/v1.GCPFailureDomain": schema_openshift_api_machine_v1_GCPFailureDomain(ref), - "github.com/openshift/api/machine/v1.LoadBalancerReference": schema_openshift_api_machine_v1_LoadBalancerReference(ref), - "github.com/openshift/api/machine/v1.NutanixCategory": schema_openshift_api_machine_v1_NutanixCategory(ref), - "github.com/openshift/api/machine/v1.NutanixFailureDomainReference": schema_openshift_api_machine_v1_NutanixFailureDomainReference(ref), - "github.com/openshift/api/machine/v1.NutanixGPU": schema_openshift_api_machine_v1_NutanixGPU(ref), - "github.com/openshift/api/machine/v1.NutanixMachineProviderConfig": schema_openshift_api_machine_v1_NutanixMachineProviderConfig(ref), - "github.com/openshift/api/machine/v1.NutanixMachineProviderStatus": schema_openshift_api_machine_v1_NutanixMachineProviderStatus(ref), - "github.com/openshift/api/machine/v1.NutanixResourceIdentifier": schema_openshift_api_machine_v1_NutanixResourceIdentifier(ref), - "github.com/openshift/api/machine/v1.NutanixStorageResourceIdentifier": schema_openshift_api_machine_v1_NutanixStorageResourceIdentifier(ref), - "github.com/openshift/api/machine/v1.NutanixVMDisk": schema_openshift_api_machine_v1_NutanixVMDisk(ref), - "github.com/openshift/api/machine/v1.NutanixVMDiskDeviceProperties": schema_openshift_api_machine_v1_NutanixVMDiskDeviceProperties(ref), - "github.com/openshift/api/machine/v1.NutanixVMStorageConfig": schema_openshift_api_machine_v1_NutanixVMStorageConfig(ref), - "github.com/openshift/api/machine/v1.OpenShiftMachineV1Beta1MachineTemplate": schema_openshift_api_machine_v1_OpenShiftMachineV1Beta1MachineTemplate(ref), - "github.com/openshift/api/machine/v1.OpenStackFailureDomain": schema_openshift_api_machine_v1_OpenStackFailureDomain(ref), - "github.com/openshift/api/machine/v1.PowerVSMachineProviderConfig": schema_openshift_api_machine_v1_PowerVSMachineProviderConfig(ref), - "github.com/openshift/api/machine/v1.PowerVSMachineProviderStatus": schema_openshift_api_machine_v1_PowerVSMachineProviderStatus(ref), - "github.com/openshift/api/machine/v1.PowerVSResource": schema_openshift_api_machine_v1_PowerVSResource(ref), - "github.com/openshift/api/machine/v1.PowerVSSecretReference": schema_openshift_api_machine_v1_PowerVSSecretReference(ref), - "github.com/openshift/api/machine/v1.RootVolume": schema_openshift_api_machine_v1_RootVolume(ref), - "github.com/openshift/api/machine/v1.SystemDiskProperties": schema_openshift_api_machine_v1_SystemDiskProperties(ref), - "github.com/openshift/api/machine/v1.Tag": schema_openshift_api_machine_v1_Tag(ref), - "github.com/openshift/api/machine/v1.VSphereFailureDomain": schema_openshift_api_machine_v1_VSphereFailureDomain(ref), - "github.com/openshift/api/machine/v1alpha1.AdditionalBlockDevice": schema_openshift_api_machine_v1alpha1_AdditionalBlockDevice(ref), - "github.com/openshift/api/machine/v1alpha1.AddressPair": schema_openshift_api_machine_v1alpha1_AddressPair(ref), - "github.com/openshift/api/machine/v1alpha1.BlockDeviceStorage": schema_openshift_api_machine_v1alpha1_BlockDeviceStorage(ref), - "github.com/openshift/api/machine/v1alpha1.BlockDeviceVolume": schema_openshift_api_machine_v1alpha1_BlockDeviceVolume(ref), - "github.com/openshift/api/machine/v1alpha1.Filter": schema_openshift_api_machine_v1alpha1_Filter(ref), - "github.com/openshift/api/machine/v1alpha1.FixedIPs": schema_openshift_api_machine_v1alpha1_FixedIPs(ref), - "github.com/openshift/api/machine/v1alpha1.NetworkParam": schema_openshift_api_machine_v1alpha1_NetworkParam(ref), - "github.com/openshift/api/machine/v1alpha1.OpenstackProviderSpec": schema_openshift_api_machine_v1alpha1_OpenstackProviderSpec(ref), - "github.com/openshift/api/machine/v1alpha1.PortOpts": schema_openshift_api_machine_v1alpha1_PortOpts(ref), - "github.com/openshift/api/machine/v1alpha1.RootVolume": schema_openshift_api_machine_v1alpha1_RootVolume(ref), - "github.com/openshift/api/machine/v1alpha1.SecurityGroupFilter": schema_openshift_api_machine_v1alpha1_SecurityGroupFilter(ref), - "github.com/openshift/api/machine/v1alpha1.SecurityGroupParam": schema_openshift_api_machine_v1alpha1_SecurityGroupParam(ref), - "github.com/openshift/api/machine/v1alpha1.SubnetFilter": schema_openshift_api_machine_v1alpha1_SubnetFilter(ref), - "github.com/openshift/api/machine/v1alpha1.SubnetParam": schema_openshift_api_machine_v1alpha1_SubnetParam(ref), - "github.com/openshift/api/machine/v1beta1.AWSMachineProviderConfig": schema_openshift_api_machine_v1beta1_AWSMachineProviderConfig(ref), - "github.com/openshift/api/machine/v1beta1.AWSMachineProviderConfigList": schema_openshift_api_machine_v1beta1_AWSMachineProviderConfigList(ref), - "github.com/openshift/api/machine/v1beta1.AWSMachineProviderStatus": schema_openshift_api_machine_v1beta1_AWSMachineProviderStatus(ref), - "github.com/openshift/api/machine/v1beta1.AWSResourceReference": schema_openshift_api_machine_v1beta1_AWSResourceReference(ref), - "github.com/openshift/api/machine/v1beta1.AddressesFromPool": schema_openshift_api_machine_v1beta1_AddressesFromPool(ref), - "github.com/openshift/api/machine/v1beta1.AzureBootDiagnostics": schema_openshift_api_machine_v1beta1_AzureBootDiagnostics(ref), - "github.com/openshift/api/machine/v1beta1.AzureCustomerManagedBootDiagnostics": schema_openshift_api_machine_v1beta1_AzureCustomerManagedBootDiagnostics(ref), - "github.com/openshift/api/machine/v1beta1.AzureDiagnostics": schema_openshift_api_machine_v1beta1_AzureDiagnostics(ref), - "github.com/openshift/api/machine/v1beta1.AzureMachineProviderSpec": schema_openshift_api_machine_v1beta1_AzureMachineProviderSpec(ref), - "github.com/openshift/api/machine/v1beta1.AzureMachineProviderStatus": schema_openshift_api_machine_v1beta1_AzureMachineProviderStatus(ref), - "github.com/openshift/api/machine/v1beta1.BlockDeviceMappingSpec": schema_openshift_api_machine_v1beta1_BlockDeviceMappingSpec(ref), - "github.com/openshift/api/machine/v1beta1.CPUOptions": schema_openshift_api_machine_v1beta1_CPUOptions(ref), - "github.com/openshift/api/machine/v1beta1.Condition": schema_openshift_api_machine_v1beta1_Condition(ref), - "github.com/openshift/api/machine/v1beta1.ConfidentialVM": schema_openshift_api_machine_v1beta1_ConfidentialVM(ref), - "github.com/openshift/api/machine/v1beta1.DataDisk": schema_openshift_api_machine_v1beta1_DataDisk(ref), - "github.com/openshift/api/machine/v1beta1.DataDiskManagedDiskParameters": schema_openshift_api_machine_v1beta1_DataDiskManagedDiskParameters(ref), - "github.com/openshift/api/machine/v1beta1.DedicatedHost": schema_openshift_api_machine_v1beta1_DedicatedHost(ref), - "github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters": schema_openshift_api_machine_v1beta1_DiskEncryptionSetParameters(ref), - "github.com/openshift/api/machine/v1beta1.DiskSettings": schema_openshift_api_machine_v1beta1_DiskSettings(ref), - "github.com/openshift/api/machine/v1beta1.EBSBlockDeviceSpec": schema_openshift_api_machine_v1beta1_EBSBlockDeviceSpec(ref), - "github.com/openshift/api/machine/v1beta1.Filter": schema_openshift_api_machine_v1beta1_Filter(ref), - "github.com/openshift/api/machine/v1beta1.GCPDisk": schema_openshift_api_machine_v1beta1_GCPDisk(ref), - "github.com/openshift/api/machine/v1beta1.GCPEncryptionKeyReference": schema_openshift_api_machine_v1beta1_GCPEncryptionKeyReference(ref), - "github.com/openshift/api/machine/v1beta1.GCPGPUConfig": schema_openshift_api_machine_v1beta1_GCPGPUConfig(ref), - "github.com/openshift/api/machine/v1beta1.GCPKMSKeyReference": schema_openshift_api_machine_v1beta1_GCPKMSKeyReference(ref), - "github.com/openshift/api/machine/v1beta1.GCPMachineProviderSpec": schema_openshift_api_machine_v1beta1_GCPMachineProviderSpec(ref), - "github.com/openshift/api/machine/v1beta1.GCPMachineProviderStatus": schema_openshift_api_machine_v1beta1_GCPMachineProviderStatus(ref), - "github.com/openshift/api/machine/v1beta1.GCPMetadata": schema_openshift_api_machine_v1beta1_GCPMetadata(ref), - "github.com/openshift/api/machine/v1beta1.GCPNetworkInterface": schema_openshift_api_machine_v1beta1_GCPNetworkInterface(ref), - "github.com/openshift/api/machine/v1beta1.GCPServiceAccount": schema_openshift_api_machine_v1beta1_GCPServiceAccount(ref), - "github.com/openshift/api/machine/v1beta1.GCPShieldedInstanceConfig": schema_openshift_api_machine_v1beta1_GCPShieldedInstanceConfig(ref), - "github.com/openshift/api/machine/v1beta1.HostPlacement": schema_openshift_api_machine_v1beta1_HostPlacement(ref), - "github.com/openshift/api/machine/v1beta1.Image": schema_openshift_api_machine_v1beta1_Image(ref), - "github.com/openshift/api/machine/v1beta1.LastOperation": schema_openshift_api_machine_v1beta1_LastOperation(ref), - "github.com/openshift/api/machine/v1beta1.LifecycleHook": schema_openshift_api_machine_v1beta1_LifecycleHook(ref), - "github.com/openshift/api/machine/v1beta1.LifecycleHooks": schema_openshift_api_machine_v1beta1_LifecycleHooks(ref), - "github.com/openshift/api/machine/v1beta1.LoadBalancerReference": schema_openshift_api_machine_v1beta1_LoadBalancerReference(ref), - "github.com/openshift/api/machine/v1beta1.Machine": schema_openshift_api_machine_v1beta1_Machine(ref), - "github.com/openshift/api/machine/v1beta1.MachineHealthCheck": schema_openshift_api_machine_v1beta1_MachineHealthCheck(ref), - "github.com/openshift/api/machine/v1beta1.MachineHealthCheckList": schema_openshift_api_machine_v1beta1_MachineHealthCheckList(ref), - "github.com/openshift/api/machine/v1beta1.MachineHealthCheckSpec": schema_openshift_api_machine_v1beta1_MachineHealthCheckSpec(ref), - "github.com/openshift/api/machine/v1beta1.MachineHealthCheckStatus": schema_openshift_api_machine_v1beta1_MachineHealthCheckStatus(ref), - "github.com/openshift/api/machine/v1beta1.MachineList": schema_openshift_api_machine_v1beta1_MachineList(ref), - "github.com/openshift/api/machine/v1beta1.MachineSet": schema_openshift_api_machine_v1beta1_MachineSet(ref), - "github.com/openshift/api/machine/v1beta1.MachineSetList": schema_openshift_api_machine_v1beta1_MachineSetList(ref), - "github.com/openshift/api/machine/v1beta1.MachineSetSpec": schema_openshift_api_machine_v1beta1_MachineSetSpec(ref), - "github.com/openshift/api/machine/v1beta1.MachineSetStatus": schema_openshift_api_machine_v1beta1_MachineSetStatus(ref), - "github.com/openshift/api/machine/v1beta1.MachineSpec": schema_openshift_api_machine_v1beta1_MachineSpec(ref), - "github.com/openshift/api/machine/v1beta1.MachineStatus": schema_openshift_api_machine_v1beta1_MachineStatus(ref), - "github.com/openshift/api/machine/v1beta1.MachineTemplateSpec": schema_openshift_api_machine_v1beta1_MachineTemplateSpec(ref), - "github.com/openshift/api/machine/v1beta1.MetadataServiceOptions": schema_openshift_api_machine_v1beta1_MetadataServiceOptions(ref), - "github.com/openshift/api/machine/v1beta1.NetworkDeviceSpec": schema_openshift_api_machine_v1beta1_NetworkDeviceSpec(ref), - "github.com/openshift/api/machine/v1beta1.NetworkSpec": schema_openshift_api_machine_v1beta1_NetworkSpec(ref), - "github.com/openshift/api/machine/v1beta1.OSDisk": schema_openshift_api_machine_v1beta1_OSDisk(ref), - "github.com/openshift/api/machine/v1beta1.OSDiskManagedDiskParameters": schema_openshift_api_machine_v1beta1_OSDiskManagedDiskParameters(ref), - "github.com/openshift/api/machine/v1beta1.ObjectMeta": schema_openshift_api_machine_v1beta1_ObjectMeta(ref), - "github.com/openshift/api/machine/v1beta1.Placement": schema_openshift_api_machine_v1beta1_Placement(ref), - "github.com/openshift/api/machine/v1beta1.ProviderSpec": schema_openshift_api_machine_v1beta1_ProviderSpec(ref), - "github.com/openshift/api/machine/v1beta1.ResourceManagerTag": schema_openshift_api_machine_v1beta1_ResourceManagerTag(ref), - "github.com/openshift/api/machine/v1beta1.SecurityProfile": schema_openshift_api_machine_v1beta1_SecurityProfile(ref), - "github.com/openshift/api/machine/v1beta1.SecuritySettings": schema_openshift_api_machine_v1beta1_SecuritySettings(ref), - "github.com/openshift/api/machine/v1beta1.SpotMarketOptions": schema_openshift_api_machine_v1beta1_SpotMarketOptions(ref), - "github.com/openshift/api/machine/v1beta1.SpotVMOptions": schema_openshift_api_machine_v1beta1_SpotVMOptions(ref), - "github.com/openshift/api/machine/v1beta1.TagSpecification": schema_openshift_api_machine_v1beta1_TagSpecification(ref), - "github.com/openshift/api/machine/v1beta1.TrustedLaunch": schema_openshift_api_machine_v1beta1_TrustedLaunch(ref), - "github.com/openshift/api/machine/v1beta1.UEFISettings": schema_openshift_api_machine_v1beta1_UEFISettings(ref), - "github.com/openshift/api/machine/v1beta1.UnhealthyCondition": schema_openshift_api_machine_v1beta1_UnhealthyCondition(ref), - "github.com/openshift/api/machine/v1beta1.VMDiskSecurityProfile": schema_openshift_api_machine_v1beta1_VMDiskSecurityProfile(ref), - "github.com/openshift/api/machine/v1beta1.VSphereDisk": schema_openshift_api_machine_v1beta1_VSphereDisk(ref), - "github.com/openshift/api/machine/v1beta1.VSphereMachineProviderSpec": schema_openshift_api_machine_v1beta1_VSphereMachineProviderSpec(ref), - "github.com/openshift/api/machine/v1beta1.VSphereMachineProviderStatus": schema_openshift_api_machine_v1beta1_VSphereMachineProviderStatus(ref), - "github.com/openshift/api/machine/v1beta1.Workspace": schema_openshift_api_machine_v1beta1_Workspace(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImage": schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImage(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageBundleStatus": schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageBundleStatus(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageList": schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageList(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageRef": schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageRef(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageSpec": schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageSpec(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageStatus": schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageStatus(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.MCOObjectReference": schema_openshift_api_machineconfiguration_v1alpha1_MCOObjectReference(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNode": schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNode(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeList": schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeList(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeSpec": schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeSpec(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeSpecMachineConfigVersion": schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeSpecMachineConfigVersion(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeStatus": schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeStatus(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeStatusMachineConfigVersion": schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeStatusMachineConfigVersion(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeStatusPinnedImageSet": schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeStatusPinnedImageSet(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStream": schema_openshift_api_machineconfiguration_v1alpha1_OSImageStream(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamList": schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamList(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamSet": schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamSet(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamSpec": schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamSpec(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamStatus": schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamStatus(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageRef": schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageRef(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSet": schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSet(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetList": schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetList(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetSpec": schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetSpec(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetStatus": schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetStatus(ref), - "github.com/openshift/api/monitoring/v1.AlertRelabelConfig": schema_openshift_api_monitoring_v1_AlertRelabelConfig(ref), - "github.com/openshift/api/monitoring/v1.AlertRelabelConfigList": schema_openshift_api_monitoring_v1_AlertRelabelConfigList(ref), - "github.com/openshift/api/monitoring/v1.AlertRelabelConfigSpec": schema_openshift_api_monitoring_v1_AlertRelabelConfigSpec(ref), - "github.com/openshift/api/monitoring/v1.AlertRelabelConfigStatus": schema_openshift_api_monitoring_v1_AlertRelabelConfigStatus(ref), - "github.com/openshift/api/monitoring/v1.AlertingRule": schema_openshift_api_monitoring_v1_AlertingRule(ref), - "github.com/openshift/api/monitoring/v1.AlertingRuleList": schema_openshift_api_monitoring_v1_AlertingRuleList(ref), - "github.com/openshift/api/monitoring/v1.AlertingRuleSpec": schema_openshift_api_monitoring_v1_AlertingRuleSpec(ref), - "github.com/openshift/api/monitoring/v1.AlertingRuleStatus": schema_openshift_api_monitoring_v1_AlertingRuleStatus(ref), - "github.com/openshift/api/monitoring/v1.PrometheusRuleRef": schema_openshift_api_monitoring_v1_PrometheusRuleRef(ref), - "github.com/openshift/api/monitoring/v1.RelabelConfig": schema_openshift_api_monitoring_v1_RelabelConfig(ref), - "github.com/openshift/api/monitoring/v1.Rule": schema_openshift_api_monitoring_v1_Rule(ref), - "github.com/openshift/api/monitoring/v1.RuleGroup": schema_openshift_api_monitoring_v1_RuleGroup(ref), - "github.com/openshift/api/network/v1.ClusterNetwork": schema_openshift_api_network_v1_ClusterNetwork(ref), - "github.com/openshift/api/network/v1.ClusterNetworkEntry": schema_openshift_api_network_v1_ClusterNetworkEntry(ref), - "github.com/openshift/api/network/v1.ClusterNetworkList": schema_openshift_api_network_v1_ClusterNetworkList(ref), - "github.com/openshift/api/network/v1.EgressNetworkPolicy": schema_openshift_api_network_v1_EgressNetworkPolicy(ref), - "github.com/openshift/api/network/v1.EgressNetworkPolicyList": schema_openshift_api_network_v1_EgressNetworkPolicyList(ref), - "github.com/openshift/api/network/v1.EgressNetworkPolicyPeer": schema_openshift_api_network_v1_EgressNetworkPolicyPeer(ref), - "github.com/openshift/api/network/v1.EgressNetworkPolicyRule": schema_openshift_api_network_v1_EgressNetworkPolicyRule(ref), - "github.com/openshift/api/network/v1.EgressNetworkPolicySpec": schema_openshift_api_network_v1_EgressNetworkPolicySpec(ref), - "github.com/openshift/api/network/v1.HostSubnet": schema_openshift_api_network_v1_HostSubnet(ref), - "github.com/openshift/api/network/v1.HostSubnetList": schema_openshift_api_network_v1_HostSubnetList(ref), - "github.com/openshift/api/network/v1.NetNamespace": schema_openshift_api_network_v1_NetNamespace(ref), - "github.com/openshift/api/network/v1.NetNamespaceList": schema_openshift_api_network_v1_NetNamespaceList(ref), - "github.com/openshift/api/network/v1alpha1.DNSNameResolver": schema_openshift_api_network_v1alpha1_DNSNameResolver(ref), - "github.com/openshift/api/network/v1alpha1.DNSNameResolverList": schema_openshift_api_network_v1alpha1_DNSNameResolverList(ref), - "github.com/openshift/api/network/v1alpha1.DNSNameResolverResolvedAddress": schema_openshift_api_network_v1alpha1_DNSNameResolverResolvedAddress(ref), - "github.com/openshift/api/network/v1alpha1.DNSNameResolverResolvedName": schema_openshift_api_network_v1alpha1_DNSNameResolverResolvedName(ref), - "github.com/openshift/api/network/v1alpha1.DNSNameResolverSpec": schema_openshift_api_network_v1alpha1_DNSNameResolverSpec(ref), - "github.com/openshift/api/network/v1alpha1.DNSNameResolverStatus": schema_openshift_api_network_v1alpha1_DNSNameResolverStatus(ref), - "github.com/openshift/api/networkoperator/v1.EgressRouter": schema_openshift_api_networkoperator_v1_EgressRouter(ref), - "github.com/openshift/api/networkoperator/v1.EgressRouterSpec": schema_openshift_api_networkoperator_v1_EgressRouterSpec(ref), - "github.com/openshift/api/oauth/v1.ClusterRoleScopeRestriction": schema_openshift_api_oauth_v1_ClusterRoleScopeRestriction(ref), - "github.com/openshift/api/oauth/v1.OAuthAccessToken": schema_openshift_api_oauth_v1_OAuthAccessToken(ref), - "github.com/openshift/api/oauth/v1.OAuthAccessTokenList": schema_openshift_api_oauth_v1_OAuthAccessTokenList(ref), - "github.com/openshift/api/oauth/v1.OAuthAuthorizeToken": schema_openshift_api_oauth_v1_OAuthAuthorizeToken(ref), - "github.com/openshift/api/oauth/v1.OAuthAuthorizeTokenList": schema_openshift_api_oauth_v1_OAuthAuthorizeTokenList(ref), - "github.com/openshift/api/oauth/v1.OAuthClient": schema_openshift_api_oauth_v1_OAuthClient(ref), - "github.com/openshift/api/oauth/v1.OAuthClientAuthorization": schema_openshift_api_oauth_v1_OAuthClientAuthorization(ref), - "github.com/openshift/api/oauth/v1.OAuthClientAuthorizationList": schema_openshift_api_oauth_v1_OAuthClientAuthorizationList(ref), - "github.com/openshift/api/oauth/v1.OAuthClientList": schema_openshift_api_oauth_v1_OAuthClientList(ref), - "github.com/openshift/api/oauth/v1.OAuthRedirectReference": schema_openshift_api_oauth_v1_OAuthRedirectReference(ref), - "github.com/openshift/api/oauth/v1.RedirectReference": schema_openshift_api_oauth_v1_RedirectReference(ref), - "github.com/openshift/api/oauth/v1.ScopeRestriction": schema_openshift_api_oauth_v1_ScopeRestriction(ref), - "github.com/openshift/api/oauth/v1.UserOAuthAccessToken": schema_openshift_api_oauth_v1_UserOAuthAccessToken(ref), - "github.com/openshift/api/oauth/v1.UserOAuthAccessTokenList": schema_openshift_api_oauth_v1_UserOAuthAccessTokenList(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.APIServers": schema_openshift_api_openshiftcontrolplane_v1_APIServers(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.BuildControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_BuildControllerConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.BuildDefaultsConfig": schema_openshift_api_openshiftcontrolplane_v1_BuildDefaultsConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.BuildOverridesConfig": schema_openshift_api_openshiftcontrolplane_v1_BuildOverridesConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.ClusterNetworkEntry": schema_openshift_api_openshiftcontrolplane_v1_ClusterNetworkEntry(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.DeployerControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_DeployerControllerConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.DockerPullSecretControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_DockerPullSecretControllerConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.FrontProxyConfig": schema_openshift_api_openshiftcontrolplane_v1_FrontProxyConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.ImageConfig": schema_openshift_api_openshiftcontrolplane_v1_ImageConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.ImageImportControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_ImageImportControllerConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.ImagePolicyConfig": schema_openshift_api_openshiftcontrolplane_v1_ImagePolicyConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.IngressControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_IngressControllerConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.JenkinsPipelineConfig": schema_openshift_api_openshiftcontrolplane_v1_JenkinsPipelineConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.NetworkControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_NetworkControllerConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.OpenShiftAPIServerConfig": schema_openshift_api_openshiftcontrolplane_v1_OpenShiftAPIServerConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.OpenShiftControllerManagerConfig": schema_openshift_api_openshiftcontrolplane_v1_OpenShiftControllerManagerConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.PerGroupOptions": schema_openshift_api_openshiftcontrolplane_v1_PerGroupOptions(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.ProjectConfig": schema_openshift_api_openshiftcontrolplane_v1_ProjectConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.RegistryLocation": schema_openshift_api_openshiftcontrolplane_v1_RegistryLocation(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.ResourceQuotaControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_ResourceQuotaControllerConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.RoutingConfig": schema_openshift_api_openshiftcontrolplane_v1_RoutingConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.SecurityAllocator": schema_openshift_api_openshiftcontrolplane_v1_SecurityAllocator(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.ServiceAccountControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_ServiceAccountControllerConfig(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.ServiceServingCert": schema_openshift_api_openshiftcontrolplane_v1_ServiceServingCert(ref), - "github.com/openshift/api/openshiftcontrolplane/v1.SourceStrategyDefaultsConfig": schema_openshift_api_openshiftcontrolplane_v1_SourceStrategyDefaultsConfig(ref), - "github.com/openshift/api/operator/v1.AWSCSIDriverConfigSpec": schema_openshift_api_operator_v1_AWSCSIDriverConfigSpec(ref), - "github.com/openshift/api/operator/v1.AWSClassicLoadBalancerParameters": schema_openshift_api_operator_v1_AWSClassicLoadBalancerParameters(ref), - "github.com/openshift/api/operator/v1.AWSEFSVolumeMetrics": schema_openshift_api_operator_v1_AWSEFSVolumeMetrics(ref), - "github.com/openshift/api/operator/v1.AWSEFSVolumeMetricsRecursiveWalkConfig": schema_openshift_api_operator_v1_AWSEFSVolumeMetricsRecursiveWalkConfig(ref), - "github.com/openshift/api/operator/v1.AWSLoadBalancerParameters": schema_openshift_api_operator_v1_AWSLoadBalancerParameters(ref), - "github.com/openshift/api/operator/v1.AWSNetworkLoadBalancerParameters": schema_openshift_api_operator_v1_AWSNetworkLoadBalancerParameters(ref), - "github.com/openshift/api/operator/v1.AWSSubnets": schema_openshift_api_operator_v1_AWSSubnets(ref), - "github.com/openshift/api/operator/v1.AccessLogging": schema_openshift_api_operator_v1_AccessLogging(ref), - "github.com/openshift/api/operator/v1.AddPage": schema_openshift_api_operator_v1_AddPage(ref), - "github.com/openshift/api/operator/v1.AdditionalNetworkDefinition": schema_openshift_api_operator_v1_AdditionalNetworkDefinition(ref), - "github.com/openshift/api/operator/v1.AdditionalRoutingCapabilities": schema_openshift_api_operator_v1_AdditionalRoutingCapabilities(ref), - "github.com/openshift/api/operator/v1.Authentication": schema_openshift_api_operator_v1_Authentication(ref), - "github.com/openshift/api/operator/v1.AuthenticationList": schema_openshift_api_operator_v1_AuthenticationList(ref), - "github.com/openshift/api/operator/v1.AuthenticationSpec": schema_openshift_api_operator_v1_AuthenticationSpec(ref), - "github.com/openshift/api/operator/v1.AuthenticationStatus": schema_openshift_api_operator_v1_AuthenticationStatus(ref), - "github.com/openshift/api/operator/v1.AzureCSIDriverConfigSpec": schema_openshift_api_operator_v1_AzureCSIDriverConfigSpec(ref), - "github.com/openshift/api/operator/v1.AzureDiskEncryptionSet": schema_openshift_api_operator_v1_AzureDiskEncryptionSet(ref), - "github.com/openshift/api/operator/v1.BootImageSkewEnforcementConfig": schema_openshift_api_operator_v1_BootImageSkewEnforcementConfig(ref), - "github.com/openshift/api/operator/v1.BootImageSkewEnforcementStatus": schema_openshift_api_operator_v1_BootImageSkewEnforcementStatus(ref), - "github.com/openshift/api/operator/v1.CSIDriverConfigSpec": schema_openshift_api_operator_v1_CSIDriverConfigSpec(ref), - "github.com/openshift/api/operator/v1.CSISnapshotController": schema_openshift_api_operator_v1_CSISnapshotController(ref), - "github.com/openshift/api/operator/v1.CSISnapshotControllerList": schema_openshift_api_operator_v1_CSISnapshotControllerList(ref), - "github.com/openshift/api/operator/v1.CSISnapshotControllerSpec": schema_openshift_api_operator_v1_CSISnapshotControllerSpec(ref), - "github.com/openshift/api/operator/v1.CSISnapshotControllerStatus": schema_openshift_api_operator_v1_CSISnapshotControllerStatus(ref), - "github.com/openshift/api/operator/v1.Capability": schema_openshift_api_operator_v1_Capability(ref), - "github.com/openshift/api/operator/v1.CapabilityVisibility": schema_openshift_api_operator_v1_CapabilityVisibility(ref), - "github.com/openshift/api/operator/v1.ClientTLS": schema_openshift_api_operator_v1_ClientTLS(ref), - "github.com/openshift/api/operator/v1.CloudCredential": schema_openshift_api_operator_v1_CloudCredential(ref), - "github.com/openshift/api/operator/v1.CloudCredentialList": schema_openshift_api_operator_v1_CloudCredentialList(ref), - "github.com/openshift/api/operator/v1.CloudCredentialSpec": schema_openshift_api_operator_v1_CloudCredentialSpec(ref), - "github.com/openshift/api/operator/v1.CloudCredentialStatus": schema_openshift_api_operator_v1_CloudCredentialStatus(ref), - "github.com/openshift/api/operator/v1.ClusterBootImageAutomatic": schema_openshift_api_operator_v1_ClusterBootImageAutomatic(ref), - "github.com/openshift/api/operator/v1.ClusterBootImageManual": schema_openshift_api_operator_v1_ClusterBootImageManual(ref), - "github.com/openshift/api/operator/v1.ClusterCSIDriver": schema_openshift_api_operator_v1_ClusterCSIDriver(ref), - "github.com/openshift/api/operator/v1.ClusterCSIDriverList": schema_openshift_api_operator_v1_ClusterCSIDriverList(ref), - "github.com/openshift/api/operator/v1.ClusterCSIDriverSpec": schema_openshift_api_operator_v1_ClusterCSIDriverSpec(ref), - "github.com/openshift/api/operator/v1.ClusterCSIDriverStatus": schema_openshift_api_operator_v1_ClusterCSIDriverStatus(ref), - "github.com/openshift/api/operator/v1.ClusterNetworkEntry": schema_openshift_api_operator_v1_ClusterNetworkEntry(ref), - "github.com/openshift/api/operator/v1.Config": schema_openshift_api_operator_v1_Config(ref), - "github.com/openshift/api/operator/v1.ConfigList": schema_openshift_api_operator_v1_ConfigList(ref), - "github.com/openshift/api/operator/v1.ConfigMapFileReference": schema_openshift_api_operator_v1_ConfigMapFileReference(ref), - "github.com/openshift/api/operator/v1.ConfigSpec": schema_openshift_api_operator_v1_ConfigSpec(ref), - "github.com/openshift/api/operator/v1.ConfigStatus": schema_openshift_api_operator_v1_ConfigStatus(ref), - "github.com/openshift/api/operator/v1.Console": schema_openshift_api_operator_v1_Console(ref), - "github.com/openshift/api/operator/v1.ConsoleConfigRoute": schema_openshift_api_operator_v1_ConsoleConfigRoute(ref), - "github.com/openshift/api/operator/v1.ConsoleCustomization": schema_openshift_api_operator_v1_ConsoleCustomization(ref), - "github.com/openshift/api/operator/v1.ConsoleList": schema_openshift_api_operator_v1_ConsoleList(ref), - "github.com/openshift/api/operator/v1.ConsoleProviders": schema_openshift_api_operator_v1_ConsoleProviders(ref), - "github.com/openshift/api/operator/v1.ConsoleSpec": schema_openshift_api_operator_v1_ConsoleSpec(ref), - "github.com/openshift/api/operator/v1.ConsoleStatus": schema_openshift_api_operator_v1_ConsoleStatus(ref), - "github.com/openshift/api/operator/v1.ContainerLoggingDestinationParameters": schema_openshift_api_operator_v1_ContainerLoggingDestinationParameters(ref), - "github.com/openshift/api/operator/v1.DNS": schema_openshift_api_operator_v1_DNS(ref), - "github.com/openshift/api/operator/v1.DNSCache": schema_openshift_api_operator_v1_DNSCache(ref), - "github.com/openshift/api/operator/v1.DNSList": schema_openshift_api_operator_v1_DNSList(ref), - "github.com/openshift/api/operator/v1.DNSNodePlacement": schema_openshift_api_operator_v1_DNSNodePlacement(ref), - "github.com/openshift/api/operator/v1.DNSOverTLSConfig": schema_openshift_api_operator_v1_DNSOverTLSConfig(ref), - "github.com/openshift/api/operator/v1.DNSSpec": schema_openshift_api_operator_v1_DNSSpec(ref), - "github.com/openshift/api/operator/v1.DNSStatus": schema_openshift_api_operator_v1_DNSStatus(ref), - "github.com/openshift/api/operator/v1.DNSTransportConfig": schema_openshift_api_operator_v1_DNSTransportConfig(ref), - "github.com/openshift/api/operator/v1.DefaultNetworkDefinition": schema_openshift_api_operator_v1_DefaultNetworkDefinition(ref), - "github.com/openshift/api/operator/v1.DeveloperConsoleCatalogCategory": schema_openshift_api_operator_v1_DeveloperConsoleCatalogCategory(ref), - "github.com/openshift/api/operator/v1.DeveloperConsoleCatalogCategoryMeta": schema_openshift_api_operator_v1_DeveloperConsoleCatalogCategoryMeta(ref), - "github.com/openshift/api/operator/v1.DeveloperConsoleCatalogCustomization": schema_openshift_api_operator_v1_DeveloperConsoleCatalogCustomization(ref), - "github.com/openshift/api/operator/v1.DeveloperConsoleCatalogTypes": schema_openshift_api_operator_v1_DeveloperConsoleCatalogTypes(ref), - "github.com/openshift/api/operator/v1.EgressIPConfig": schema_openshift_api_operator_v1_EgressIPConfig(ref), - "github.com/openshift/api/operator/v1.EndpointPublishingStrategy": schema_openshift_api_operator_v1_EndpointPublishingStrategy(ref), - "github.com/openshift/api/operator/v1.Etcd": schema_openshift_api_operator_v1_Etcd(ref), - "github.com/openshift/api/operator/v1.EtcdList": schema_openshift_api_operator_v1_EtcdList(ref), - "github.com/openshift/api/operator/v1.EtcdSpec": schema_openshift_api_operator_v1_EtcdSpec(ref), - "github.com/openshift/api/operator/v1.EtcdStatus": schema_openshift_api_operator_v1_EtcdStatus(ref), - "github.com/openshift/api/operator/v1.ExportNetworkFlows": schema_openshift_api_operator_v1_ExportNetworkFlows(ref), - "github.com/openshift/api/operator/v1.FeaturesMigration": schema_openshift_api_operator_v1_FeaturesMigration(ref), - "github.com/openshift/api/operator/v1.FileReferenceSource": schema_openshift_api_operator_v1_FileReferenceSource(ref), - "github.com/openshift/api/operator/v1.ForwardPlugin": schema_openshift_api_operator_v1_ForwardPlugin(ref), - "github.com/openshift/api/operator/v1.GCPCSIDriverConfigSpec": schema_openshift_api_operator_v1_GCPCSIDriverConfigSpec(ref), - "github.com/openshift/api/operator/v1.GCPKMSKeyReference": schema_openshift_api_operator_v1_GCPKMSKeyReference(ref), - "github.com/openshift/api/operator/v1.GCPLoadBalancerParameters": schema_openshift_api_operator_v1_GCPLoadBalancerParameters(ref), - "github.com/openshift/api/operator/v1.GatewayConfig": schema_openshift_api_operator_v1_GatewayConfig(ref), - "github.com/openshift/api/operator/v1.GatherStatus": schema_openshift_api_operator_v1_GatherStatus(ref), - "github.com/openshift/api/operator/v1.GathererStatus": schema_openshift_api_operator_v1_GathererStatus(ref), - "github.com/openshift/api/operator/v1.GenerationStatus": schema_openshift_api_operator_v1_GenerationStatus(ref), - "github.com/openshift/api/operator/v1.HTTPCompressionPolicy": schema_openshift_api_operator_v1_HTTPCompressionPolicy(ref), - "github.com/openshift/api/operator/v1.HealthCheck": schema_openshift_api_operator_v1_HealthCheck(ref), - "github.com/openshift/api/operator/v1.HostNetworkStrategy": schema_openshift_api_operator_v1_HostNetworkStrategy(ref), - "github.com/openshift/api/operator/v1.HybridOverlayConfig": schema_openshift_api_operator_v1_HybridOverlayConfig(ref), - "github.com/openshift/api/operator/v1.IBMCloudCSIDriverConfigSpec": schema_openshift_api_operator_v1_IBMCloudCSIDriverConfigSpec(ref), - "github.com/openshift/api/operator/v1.IBMLoadBalancerParameters": schema_openshift_api_operator_v1_IBMLoadBalancerParameters(ref), - "github.com/openshift/api/operator/v1.IPAMConfig": schema_openshift_api_operator_v1_IPAMConfig(ref), - "github.com/openshift/api/operator/v1.IPFIXConfig": schema_openshift_api_operator_v1_IPFIXConfig(ref), - "github.com/openshift/api/operator/v1.IPsecConfig": schema_openshift_api_operator_v1_IPsecConfig(ref), - "github.com/openshift/api/operator/v1.IPsecFullModeConfig": schema_openshift_api_operator_v1_IPsecFullModeConfig(ref), - "github.com/openshift/api/operator/v1.IPv4GatewayConfig": schema_openshift_api_operator_v1_IPv4GatewayConfig(ref), - "github.com/openshift/api/operator/v1.IPv4OVNKubernetesConfig": schema_openshift_api_operator_v1_IPv4OVNKubernetesConfig(ref), - "github.com/openshift/api/operator/v1.IPv6GatewayConfig": schema_openshift_api_operator_v1_IPv6GatewayConfig(ref), - "github.com/openshift/api/operator/v1.IPv6OVNKubernetesConfig": schema_openshift_api_operator_v1_IPv6OVNKubernetesConfig(ref), - "github.com/openshift/api/operator/v1.Ingress": schema_openshift_api_operator_v1_Ingress(ref), - "github.com/openshift/api/operator/v1.IngressController": schema_openshift_api_operator_v1_IngressController(ref), - "github.com/openshift/api/operator/v1.IngressControllerCaptureHTTPCookie": schema_openshift_api_operator_v1_IngressControllerCaptureHTTPCookie(ref), - "github.com/openshift/api/operator/v1.IngressControllerCaptureHTTPCookieUnion": schema_openshift_api_operator_v1_IngressControllerCaptureHTTPCookieUnion(ref), - "github.com/openshift/api/operator/v1.IngressControllerCaptureHTTPHeader": schema_openshift_api_operator_v1_IngressControllerCaptureHTTPHeader(ref), - "github.com/openshift/api/operator/v1.IngressControllerCaptureHTTPHeaders": schema_openshift_api_operator_v1_IngressControllerCaptureHTTPHeaders(ref), - "github.com/openshift/api/operator/v1.IngressControllerHTTPHeader": schema_openshift_api_operator_v1_IngressControllerHTTPHeader(ref), - "github.com/openshift/api/operator/v1.IngressControllerHTTPHeaderActionUnion": schema_openshift_api_operator_v1_IngressControllerHTTPHeaderActionUnion(ref), - "github.com/openshift/api/operator/v1.IngressControllerHTTPHeaderActions": schema_openshift_api_operator_v1_IngressControllerHTTPHeaderActions(ref), - "github.com/openshift/api/operator/v1.IngressControllerHTTPHeaders": schema_openshift_api_operator_v1_IngressControllerHTTPHeaders(ref), - "github.com/openshift/api/operator/v1.IngressControllerHTTPUniqueIdHeaderPolicy": schema_openshift_api_operator_v1_IngressControllerHTTPUniqueIdHeaderPolicy(ref), - "github.com/openshift/api/operator/v1.IngressControllerList": schema_openshift_api_operator_v1_IngressControllerList(ref), - "github.com/openshift/api/operator/v1.IngressControllerLogging": schema_openshift_api_operator_v1_IngressControllerLogging(ref), - "github.com/openshift/api/operator/v1.IngressControllerSetHTTPHeader": schema_openshift_api_operator_v1_IngressControllerSetHTTPHeader(ref), - "github.com/openshift/api/operator/v1.IngressControllerSpec": schema_openshift_api_operator_v1_IngressControllerSpec(ref), - "github.com/openshift/api/operator/v1.IngressControllerStatus": schema_openshift_api_operator_v1_IngressControllerStatus(ref), - "github.com/openshift/api/operator/v1.IngressControllerTuningOptions": schema_openshift_api_operator_v1_IngressControllerTuningOptions(ref), - "github.com/openshift/api/operator/v1.InsightsOperator": schema_openshift_api_operator_v1_InsightsOperator(ref), - "github.com/openshift/api/operator/v1.InsightsOperatorList": schema_openshift_api_operator_v1_InsightsOperatorList(ref), - "github.com/openshift/api/operator/v1.InsightsOperatorSpec": schema_openshift_api_operator_v1_InsightsOperatorSpec(ref), - "github.com/openshift/api/operator/v1.InsightsOperatorStatus": schema_openshift_api_operator_v1_InsightsOperatorStatus(ref), - "github.com/openshift/api/operator/v1.InsightsReport": schema_openshift_api_operator_v1_InsightsReport(ref), - "github.com/openshift/api/operator/v1.IrreconcilableValidationOverrides": schema_openshift_api_operator_v1_IrreconcilableValidationOverrides(ref), - "github.com/openshift/api/operator/v1.KubeAPIServer": schema_openshift_api_operator_v1_KubeAPIServer(ref), - "github.com/openshift/api/operator/v1.KubeAPIServerList": schema_openshift_api_operator_v1_KubeAPIServerList(ref), - "github.com/openshift/api/operator/v1.KubeAPIServerSpec": schema_openshift_api_operator_v1_KubeAPIServerSpec(ref), - "github.com/openshift/api/operator/v1.KubeAPIServerStatus": schema_openshift_api_operator_v1_KubeAPIServerStatus(ref), - "github.com/openshift/api/operator/v1.KubeControllerManager": schema_openshift_api_operator_v1_KubeControllerManager(ref), - "github.com/openshift/api/operator/v1.KubeControllerManagerList": schema_openshift_api_operator_v1_KubeControllerManagerList(ref), - "github.com/openshift/api/operator/v1.KubeControllerManagerSpec": schema_openshift_api_operator_v1_KubeControllerManagerSpec(ref), - "github.com/openshift/api/operator/v1.KubeControllerManagerStatus": schema_openshift_api_operator_v1_KubeControllerManagerStatus(ref), - "github.com/openshift/api/operator/v1.KubeScheduler": schema_openshift_api_operator_v1_KubeScheduler(ref), - "github.com/openshift/api/operator/v1.KubeSchedulerList": schema_openshift_api_operator_v1_KubeSchedulerList(ref), - "github.com/openshift/api/operator/v1.KubeSchedulerSpec": schema_openshift_api_operator_v1_KubeSchedulerSpec(ref), - "github.com/openshift/api/operator/v1.KubeSchedulerStatus": schema_openshift_api_operator_v1_KubeSchedulerStatus(ref), - "github.com/openshift/api/operator/v1.KubeStorageVersionMigrator": schema_openshift_api_operator_v1_KubeStorageVersionMigrator(ref), - "github.com/openshift/api/operator/v1.KubeStorageVersionMigratorList": schema_openshift_api_operator_v1_KubeStorageVersionMigratorList(ref), - "github.com/openshift/api/operator/v1.KubeStorageVersionMigratorSpec": schema_openshift_api_operator_v1_KubeStorageVersionMigratorSpec(ref), - "github.com/openshift/api/operator/v1.KubeStorageVersionMigratorStatus": schema_openshift_api_operator_v1_KubeStorageVersionMigratorStatus(ref), - "github.com/openshift/api/operator/v1.LoadBalancerStrategy": schema_openshift_api_operator_v1_LoadBalancerStrategy(ref), - "github.com/openshift/api/operator/v1.LoggingDestination": schema_openshift_api_operator_v1_LoggingDestination(ref), - "github.com/openshift/api/operator/v1.Logo": schema_openshift_api_operator_v1_Logo(ref), - "github.com/openshift/api/operator/v1.MTUMigration": schema_openshift_api_operator_v1_MTUMigration(ref), - "github.com/openshift/api/operator/v1.MTUMigrationValues": schema_openshift_api_operator_v1_MTUMigrationValues(ref), - "github.com/openshift/api/operator/v1.MachineConfiguration": schema_openshift_api_operator_v1_MachineConfiguration(ref), - "github.com/openshift/api/operator/v1.MachineConfigurationList": schema_openshift_api_operator_v1_MachineConfigurationList(ref), - "github.com/openshift/api/operator/v1.MachineConfigurationSpec": schema_openshift_api_operator_v1_MachineConfigurationSpec(ref), - "github.com/openshift/api/operator/v1.MachineConfigurationStatus": schema_openshift_api_operator_v1_MachineConfigurationStatus(ref), - "github.com/openshift/api/operator/v1.MachineManager": schema_openshift_api_operator_v1_MachineManager(ref), - "github.com/openshift/api/operator/v1.MachineManagerSelector": schema_openshift_api_operator_v1_MachineManagerSelector(ref), - "github.com/openshift/api/operator/v1.ManagedBootImages": schema_openshift_api_operator_v1_ManagedBootImages(ref), - "github.com/openshift/api/operator/v1.MyOperatorResource": schema_openshift_api_operator_v1_MyOperatorResource(ref), - "github.com/openshift/api/operator/v1.MyOperatorResourceSpec": schema_openshift_api_operator_v1_MyOperatorResourceSpec(ref), - "github.com/openshift/api/operator/v1.MyOperatorResourceStatus": schema_openshift_api_operator_v1_MyOperatorResourceStatus(ref), - "github.com/openshift/api/operator/v1.NetFlowConfig": schema_openshift_api_operator_v1_NetFlowConfig(ref), - "github.com/openshift/api/operator/v1.Network": schema_openshift_api_operator_v1_Network(ref), - "github.com/openshift/api/operator/v1.NetworkList": schema_openshift_api_operator_v1_NetworkList(ref), - "github.com/openshift/api/operator/v1.NetworkMigration": schema_openshift_api_operator_v1_NetworkMigration(ref), - "github.com/openshift/api/operator/v1.NetworkSpec": schema_openshift_api_operator_v1_NetworkSpec(ref), - "github.com/openshift/api/operator/v1.NetworkStatus": schema_openshift_api_operator_v1_NetworkStatus(ref), - "github.com/openshift/api/operator/v1.NodeDisruptionPolicyClusterStatus": schema_openshift_api_operator_v1_NodeDisruptionPolicyClusterStatus(ref), - "github.com/openshift/api/operator/v1.NodeDisruptionPolicyConfig": schema_openshift_api_operator_v1_NodeDisruptionPolicyConfig(ref), - "github.com/openshift/api/operator/v1.NodeDisruptionPolicySpecAction": schema_openshift_api_operator_v1_NodeDisruptionPolicySpecAction(ref), - "github.com/openshift/api/operator/v1.NodeDisruptionPolicySpecFile": schema_openshift_api_operator_v1_NodeDisruptionPolicySpecFile(ref), - "github.com/openshift/api/operator/v1.NodeDisruptionPolicySpecSSHKey": schema_openshift_api_operator_v1_NodeDisruptionPolicySpecSSHKey(ref), - "github.com/openshift/api/operator/v1.NodeDisruptionPolicySpecUnit": schema_openshift_api_operator_v1_NodeDisruptionPolicySpecUnit(ref), - "github.com/openshift/api/operator/v1.NodeDisruptionPolicyStatus": schema_openshift_api_operator_v1_NodeDisruptionPolicyStatus(ref), - "github.com/openshift/api/operator/v1.NodeDisruptionPolicyStatusAction": schema_openshift_api_operator_v1_NodeDisruptionPolicyStatusAction(ref), - "github.com/openshift/api/operator/v1.NodeDisruptionPolicyStatusFile": schema_openshift_api_operator_v1_NodeDisruptionPolicyStatusFile(ref), - "github.com/openshift/api/operator/v1.NodeDisruptionPolicyStatusSSHKey": schema_openshift_api_operator_v1_NodeDisruptionPolicyStatusSSHKey(ref), - "github.com/openshift/api/operator/v1.NodeDisruptionPolicyStatusUnit": schema_openshift_api_operator_v1_NodeDisruptionPolicyStatusUnit(ref), - "github.com/openshift/api/operator/v1.NodePlacement": schema_openshift_api_operator_v1_NodePlacement(ref), - "github.com/openshift/api/operator/v1.NodePortStrategy": schema_openshift_api_operator_v1_NodePortStrategy(ref), - "github.com/openshift/api/operator/v1.NodeStatus": schema_openshift_api_operator_v1_NodeStatus(ref), - "github.com/openshift/api/operator/v1.OAuthAPIServerStatus": schema_openshift_api_operator_v1_OAuthAPIServerStatus(ref), - "github.com/openshift/api/operator/v1.OLM": schema_openshift_api_operator_v1_OLM(ref), - "github.com/openshift/api/operator/v1.OLMList": schema_openshift_api_operator_v1_OLMList(ref), - "github.com/openshift/api/operator/v1.OLMSpec": schema_openshift_api_operator_v1_OLMSpec(ref), - "github.com/openshift/api/operator/v1.OLMStatus": schema_openshift_api_operator_v1_OLMStatus(ref), - "github.com/openshift/api/operator/v1.OVNKubernetesConfig": schema_openshift_api_operator_v1_OVNKubernetesConfig(ref), - "github.com/openshift/api/operator/v1.OpenShiftAPIServer": schema_openshift_api_operator_v1_OpenShiftAPIServer(ref), - "github.com/openshift/api/operator/v1.OpenShiftAPIServerList": schema_openshift_api_operator_v1_OpenShiftAPIServerList(ref), - "github.com/openshift/api/operator/v1.OpenShiftAPIServerSpec": schema_openshift_api_operator_v1_OpenShiftAPIServerSpec(ref), - "github.com/openshift/api/operator/v1.OpenShiftAPIServerStatus": schema_openshift_api_operator_v1_OpenShiftAPIServerStatus(ref), - "github.com/openshift/api/operator/v1.OpenShiftControllerManager": schema_openshift_api_operator_v1_OpenShiftControllerManager(ref), - "github.com/openshift/api/operator/v1.OpenShiftControllerManagerList": schema_openshift_api_operator_v1_OpenShiftControllerManagerList(ref), - "github.com/openshift/api/operator/v1.OpenShiftControllerManagerSpec": schema_openshift_api_operator_v1_OpenShiftControllerManagerSpec(ref), - "github.com/openshift/api/operator/v1.OpenShiftControllerManagerStatus": schema_openshift_api_operator_v1_OpenShiftControllerManagerStatus(ref), - "github.com/openshift/api/operator/v1.OpenShiftSDNConfig": schema_openshift_api_operator_v1_OpenShiftSDNConfig(ref), - "github.com/openshift/api/operator/v1.OpenStackLoadBalancerParameters": schema_openshift_api_operator_v1_OpenStackLoadBalancerParameters(ref), - "github.com/openshift/api/operator/v1.OperatorCondition": schema_openshift_api_operator_v1_OperatorCondition(ref), - "github.com/openshift/api/operator/v1.OperatorSpec": schema_openshift_api_operator_v1_OperatorSpec(ref), - "github.com/openshift/api/operator/v1.OperatorStatus": schema_openshift_api_operator_v1_OperatorStatus(ref), - "github.com/openshift/api/operator/v1.PartialSelector": schema_openshift_api_operator_v1_PartialSelector(ref), - "github.com/openshift/api/operator/v1.Perspective": schema_openshift_api_operator_v1_Perspective(ref), - "github.com/openshift/api/operator/v1.PerspectiveVisibility": schema_openshift_api_operator_v1_PerspectiveVisibility(ref), - "github.com/openshift/api/operator/v1.PinnedResourceReference": schema_openshift_api_operator_v1_PinnedResourceReference(ref), - "github.com/openshift/api/operator/v1.PolicyAuditConfig": schema_openshift_api_operator_v1_PolicyAuditConfig(ref), - "github.com/openshift/api/operator/v1.PrivateStrategy": schema_openshift_api_operator_v1_PrivateStrategy(ref), - "github.com/openshift/api/operator/v1.ProjectAccess": schema_openshift_api_operator_v1_ProjectAccess(ref), - "github.com/openshift/api/operator/v1.ProviderLoadBalancerParameters": schema_openshift_api_operator_v1_ProviderLoadBalancerParameters(ref), - "github.com/openshift/api/operator/v1.ProxyConfig": schema_openshift_api_operator_v1_ProxyConfig(ref), - "github.com/openshift/api/operator/v1.QuickStarts": schema_openshift_api_operator_v1_QuickStarts(ref), - "github.com/openshift/api/operator/v1.ReloadService": schema_openshift_api_operator_v1_ReloadService(ref), - "github.com/openshift/api/operator/v1.ResourceAttributesAccessReview": schema_openshift_api_operator_v1_ResourceAttributesAccessReview(ref), - "github.com/openshift/api/operator/v1.RestartService": schema_openshift_api_operator_v1_RestartService(ref), - "github.com/openshift/api/operator/v1.RouteAdmissionPolicy": schema_openshift_api_operator_v1_RouteAdmissionPolicy(ref), - "github.com/openshift/api/operator/v1.SFlowConfig": schema_openshift_api_operator_v1_SFlowConfig(ref), - "github.com/openshift/api/operator/v1.Server": schema_openshift_api_operator_v1_Server(ref), - "github.com/openshift/api/operator/v1.ServiceAccountIssuerStatus": schema_openshift_api_operator_v1_ServiceAccountIssuerStatus(ref), - "github.com/openshift/api/operator/v1.ServiceCA": schema_openshift_api_operator_v1_ServiceCA(ref), - "github.com/openshift/api/operator/v1.ServiceCAList": schema_openshift_api_operator_v1_ServiceCAList(ref), - "github.com/openshift/api/operator/v1.ServiceCASpec": schema_openshift_api_operator_v1_ServiceCASpec(ref), - "github.com/openshift/api/operator/v1.ServiceCAStatus": schema_openshift_api_operator_v1_ServiceCAStatus(ref), - "github.com/openshift/api/operator/v1.ServiceCatalogAPIServer": schema_openshift_api_operator_v1_ServiceCatalogAPIServer(ref), - "github.com/openshift/api/operator/v1.ServiceCatalogAPIServerList": schema_openshift_api_operator_v1_ServiceCatalogAPIServerList(ref), - "github.com/openshift/api/operator/v1.ServiceCatalogAPIServerSpec": schema_openshift_api_operator_v1_ServiceCatalogAPIServerSpec(ref), - "github.com/openshift/api/operator/v1.ServiceCatalogAPIServerStatus": schema_openshift_api_operator_v1_ServiceCatalogAPIServerStatus(ref), - "github.com/openshift/api/operator/v1.ServiceCatalogControllerManager": schema_openshift_api_operator_v1_ServiceCatalogControllerManager(ref), - "github.com/openshift/api/operator/v1.ServiceCatalogControllerManagerList": schema_openshift_api_operator_v1_ServiceCatalogControllerManagerList(ref), - "github.com/openshift/api/operator/v1.ServiceCatalogControllerManagerSpec": schema_openshift_api_operator_v1_ServiceCatalogControllerManagerSpec(ref), - "github.com/openshift/api/operator/v1.ServiceCatalogControllerManagerStatus": schema_openshift_api_operator_v1_ServiceCatalogControllerManagerStatus(ref), - "github.com/openshift/api/operator/v1.SimpleMacvlanConfig": schema_openshift_api_operator_v1_SimpleMacvlanConfig(ref), - "github.com/openshift/api/operator/v1.StaticIPAMAddresses": schema_openshift_api_operator_v1_StaticIPAMAddresses(ref), - "github.com/openshift/api/operator/v1.StaticIPAMConfig": schema_openshift_api_operator_v1_StaticIPAMConfig(ref), - "github.com/openshift/api/operator/v1.StaticIPAMDNS": schema_openshift_api_operator_v1_StaticIPAMDNS(ref), - "github.com/openshift/api/operator/v1.StaticIPAMRoutes": schema_openshift_api_operator_v1_StaticIPAMRoutes(ref), - "github.com/openshift/api/operator/v1.StaticPodOperatorSpec": schema_openshift_api_operator_v1_StaticPodOperatorSpec(ref), - "github.com/openshift/api/operator/v1.StaticPodOperatorStatus": schema_openshift_api_operator_v1_StaticPodOperatorStatus(ref), - "github.com/openshift/api/operator/v1.StatuspageProvider": schema_openshift_api_operator_v1_StatuspageProvider(ref), - "github.com/openshift/api/operator/v1.Storage": schema_openshift_api_operator_v1_Storage(ref), - "github.com/openshift/api/operator/v1.StorageList": schema_openshift_api_operator_v1_StorageList(ref), - "github.com/openshift/api/operator/v1.StorageSpec": schema_openshift_api_operator_v1_StorageSpec(ref), - "github.com/openshift/api/operator/v1.StorageStatus": schema_openshift_api_operator_v1_StorageStatus(ref), - "github.com/openshift/api/operator/v1.SyslogLoggingDestinationParameters": schema_openshift_api_operator_v1_SyslogLoggingDestinationParameters(ref), - "github.com/openshift/api/operator/v1.Theme": schema_openshift_api_operator_v1_Theme(ref), - "github.com/openshift/api/operator/v1.Upstream": schema_openshift_api_operator_v1_Upstream(ref), - "github.com/openshift/api/operator/v1.UpstreamResolvers": schema_openshift_api_operator_v1_UpstreamResolvers(ref), - "github.com/openshift/api/operator/v1.VSphereCSIDriverConfigSpec": schema_openshift_api_operator_v1_VSphereCSIDriverConfigSpec(ref), - "github.com/openshift/api/operator/v1alpha1.BackupJobReference": schema_openshift_api_operator_v1alpha1_BackupJobReference(ref), - "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperator": schema_openshift_api_operator_v1alpha1_ClusterVersionOperator(ref), - "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperatorList": schema_openshift_api_operator_v1alpha1_ClusterVersionOperatorList(ref), - "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperatorSpec": schema_openshift_api_operator_v1alpha1_ClusterVersionOperatorSpec(ref), - "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperatorStatus": schema_openshift_api_operator_v1alpha1_ClusterVersionOperatorStatus(ref), - "github.com/openshift/api/operator/v1alpha1.DelegatedAuthentication": schema_openshift_api_operator_v1alpha1_DelegatedAuthentication(ref), - "github.com/openshift/api/operator/v1alpha1.DelegatedAuthorization": schema_openshift_api_operator_v1alpha1_DelegatedAuthorization(ref), - "github.com/openshift/api/operator/v1alpha1.EtcdBackup": schema_openshift_api_operator_v1alpha1_EtcdBackup(ref), - "github.com/openshift/api/operator/v1alpha1.EtcdBackupList": schema_openshift_api_operator_v1alpha1_EtcdBackupList(ref), - "github.com/openshift/api/operator/v1alpha1.EtcdBackupSpec": schema_openshift_api_operator_v1alpha1_EtcdBackupSpec(ref), - "github.com/openshift/api/operator/v1alpha1.EtcdBackupStatus": schema_openshift_api_operator_v1alpha1_EtcdBackupStatus(ref), - "github.com/openshift/api/operator/v1alpha1.GenerationHistory": schema_openshift_api_operator_v1alpha1_GenerationHistory(ref), - "github.com/openshift/api/operator/v1alpha1.GenericOperatorConfig": schema_openshift_api_operator_v1alpha1_GenericOperatorConfig(ref), - "github.com/openshift/api/operator/v1alpha1.ImageContentSourcePolicy": schema_openshift_api_operator_v1alpha1_ImageContentSourcePolicy(ref), - "github.com/openshift/api/operator/v1alpha1.ImageContentSourcePolicyList": schema_openshift_api_operator_v1alpha1_ImageContentSourcePolicyList(ref), - "github.com/openshift/api/operator/v1alpha1.ImageContentSourcePolicySpec": schema_openshift_api_operator_v1alpha1_ImageContentSourcePolicySpec(ref), - "github.com/openshift/api/operator/v1alpha1.LoggingConfig": schema_openshift_api_operator_v1alpha1_LoggingConfig(ref), - "github.com/openshift/api/operator/v1alpha1.NodeStatus": schema_openshift_api_operator_v1alpha1_NodeStatus(ref), - "github.com/openshift/api/operator/v1alpha1.OLM": schema_openshift_api_operator_v1alpha1_OLM(ref), - "github.com/openshift/api/operator/v1alpha1.OLMList": schema_openshift_api_operator_v1alpha1_OLMList(ref), - "github.com/openshift/api/operator/v1alpha1.OLMSpec": schema_openshift_api_operator_v1alpha1_OLMSpec(ref), - "github.com/openshift/api/operator/v1alpha1.OLMStatus": schema_openshift_api_operator_v1alpha1_OLMStatus(ref), - "github.com/openshift/api/operator/v1alpha1.OperatorCondition": schema_openshift_api_operator_v1alpha1_OperatorCondition(ref), - "github.com/openshift/api/operator/v1alpha1.OperatorSpec": schema_openshift_api_operator_v1alpha1_OperatorSpec(ref), - "github.com/openshift/api/operator/v1alpha1.OperatorStatus": schema_openshift_api_operator_v1alpha1_OperatorStatus(ref), - "github.com/openshift/api/operator/v1alpha1.RepositoryDigestMirrors": schema_openshift_api_operator_v1alpha1_RepositoryDigestMirrors(ref), - "github.com/openshift/api/operator/v1alpha1.StaticPodOperatorStatus": schema_openshift_api_operator_v1alpha1_StaticPodOperatorStatus(ref), - "github.com/openshift/api/operator/v1alpha1.VersionAvailability": schema_openshift_api_operator_v1alpha1_VersionAvailability(ref), - "github.com/openshift/api/operatorcontrolplane/v1alpha1.LogEntry": schema_openshift_api_operatorcontrolplane_v1alpha1_LogEntry(ref), - "github.com/openshift/api/operatorcontrolplane/v1alpha1.OutageEntry": schema_openshift_api_operatorcontrolplane_v1alpha1_OutageEntry(ref), - "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheck": schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheck(ref), - "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckCondition": schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheckCondition(ref), - "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckList": schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheckList(ref), - "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckSpec": schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheckSpec(ref), - "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckStatus": schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheckStatus(ref), - "github.com/openshift/api/operatoringress/v1.DNSRecord": schema_openshift_api_operatoringress_v1_DNSRecord(ref), - "github.com/openshift/api/operatoringress/v1.DNSRecordList": schema_openshift_api_operatoringress_v1_DNSRecordList(ref), - "github.com/openshift/api/operatoringress/v1.DNSRecordSpec": schema_openshift_api_operatoringress_v1_DNSRecordSpec(ref), - "github.com/openshift/api/operatoringress/v1.DNSRecordStatus": schema_openshift_api_operatoringress_v1_DNSRecordStatus(ref), - "github.com/openshift/api/operatoringress/v1.DNSZoneCondition": schema_openshift_api_operatoringress_v1_DNSZoneCondition(ref), - "github.com/openshift/api/operatoringress/v1.DNSZoneStatus": schema_openshift_api_operatoringress_v1_DNSZoneStatus(ref), - "github.com/openshift/api/osin/v1.AllowAllPasswordIdentityProvider": schema_openshift_api_osin_v1_AllowAllPasswordIdentityProvider(ref), - "github.com/openshift/api/osin/v1.BasicAuthPasswordIdentityProvider": schema_openshift_api_osin_v1_BasicAuthPasswordIdentityProvider(ref), - "github.com/openshift/api/osin/v1.DenyAllPasswordIdentityProvider": schema_openshift_api_osin_v1_DenyAllPasswordIdentityProvider(ref), - "github.com/openshift/api/osin/v1.GitHubIdentityProvider": schema_openshift_api_osin_v1_GitHubIdentityProvider(ref), - "github.com/openshift/api/osin/v1.GitLabIdentityProvider": schema_openshift_api_osin_v1_GitLabIdentityProvider(ref), - "github.com/openshift/api/osin/v1.GoogleIdentityProvider": schema_openshift_api_osin_v1_GoogleIdentityProvider(ref), - "github.com/openshift/api/osin/v1.GrantConfig": schema_openshift_api_osin_v1_GrantConfig(ref), - "github.com/openshift/api/osin/v1.HTPasswdPasswordIdentityProvider": schema_openshift_api_osin_v1_HTPasswdPasswordIdentityProvider(ref), - "github.com/openshift/api/osin/v1.IdentityProvider": schema_openshift_api_osin_v1_IdentityProvider(ref), - "github.com/openshift/api/osin/v1.KeystonePasswordIdentityProvider": schema_openshift_api_osin_v1_KeystonePasswordIdentityProvider(ref), - "github.com/openshift/api/osin/v1.LDAPAttributeMapping": schema_openshift_api_osin_v1_LDAPAttributeMapping(ref), - "github.com/openshift/api/osin/v1.LDAPPasswordIdentityProvider": schema_openshift_api_osin_v1_LDAPPasswordIdentityProvider(ref), - "github.com/openshift/api/osin/v1.OAuthConfig": schema_openshift_api_osin_v1_OAuthConfig(ref), - "github.com/openshift/api/osin/v1.OAuthTemplates": schema_openshift_api_osin_v1_OAuthTemplates(ref), - "github.com/openshift/api/osin/v1.OpenIDClaims": schema_openshift_api_osin_v1_OpenIDClaims(ref), - "github.com/openshift/api/osin/v1.OpenIDIdentityProvider": schema_openshift_api_osin_v1_OpenIDIdentityProvider(ref), - "github.com/openshift/api/osin/v1.OpenIDURLs": schema_openshift_api_osin_v1_OpenIDURLs(ref), - "github.com/openshift/api/osin/v1.OsinServerConfig": schema_openshift_api_osin_v1_OsinServerConfig(ref), - "github.com/openshift/api/osin/v1.RequestHeaderIdentityProvider": schema_openshift_api_osin_v1_RequestHeaderIdentityProvider(ref), - "github.com/openshift/api/osin/v1.SessionConfig": schema_openshift_api_osin_v1_SessionConfig(ref), - "github.com/openshift/api/osin/v1.SessionSecret": schema_openshift_api_osin_v1_SessionSecret(ref), - "github.com/openshift/api/osin/v1.SessionSecrets": schema_openshift_api_osin_v1_SessionSecrets(ref), - "github.com/openshift/api/osin/v1.TokenConfig": schema_openshift_api_osin_v1_TokenConfig(ref), - "github.com/openshift/api/project/v1.Project": schema_openshift_api_project_v1_Project(ref), - "github.com/openshift/api/project/v1.ProjectList": schema_openshift_api_project_v1_ProjectList(ref), - "github.com/openshift/api/project/v1.ProjectRequest": schema_openshift_api_project_v1_ProjectRequest(ref), - "github.com/openshift/api/project/v1.ProjectSpec": schema_openshift_api_project_v1_ProjectSpec(ref), - "github.com/openshift/api/project/v1.ProjectStatus": schema_openshift_api_project_v1_ProjectStatus(ref), - "github.com/openshift/api/quota/v1.AppliedClusterResourceQuota": schema_openshift_api_quota_v1_AppliedClusterResourceQuota(ref), - "github.com/openshift/api/quota/v1.AppliedClusterResourceQuotaList": schema_openshift_api_quota_v1_AppliedClusterResourceQuotaList(ref), - "github.com/openshift/api/quota/v1.ClusterResourceQuota": schema_openshift_api_quota_v1_ClusterResourceQuota(ref), - "github.com/openshift/api/quota/v1.ClusterResourceQuotaList": schema_openshift_api_quota_v1_ClusterResourceQuotaList(ref), - "github.com/openshift/api/quota/v1.ClusterResourceQuotaSelector": schema_openshift_api_quota_v1_ClusterResourceQuotaSelector(ref), - "github.com/openshift/api/quota/v1.ClusterResourceQuotaSpec": schema_openshift_api_quota_v1_ClusterResourceQuotaSpec(ref), - "github.com/openshift/api/quota/v1.ClusterResourceQuotaStatus": schema_openshift_api_quota_v1_ClusterResourceQuotaStatus(ref), - "github.com/openshift/api/quota/v1.ResourceQuotaStatusByNamespace": schema_openshift_api_quota_v1_ResourceQuotaStatusByNamespace(ref), - "github.com/openshift/api/route/v1.LocalObjectReference": schema_openshift_api_route_v1_LocalObjectReference(ref), - "github.com/openshift/api/route/v1.Route": schema_openshift_api_route_v1_Route(ref), - "github.com/openshift/api/route/v1.RouteHTTPHeader": schema_openshift_api_route_v1_RouteHTTPHeader(ref), - "github.com/openshift/api/route/v1.RouteHTTPHeaderActionUnion": schema_openshift_api_route_v1_RouteHTTPHeaderActionUnion(ref), - "github.com/openshift/api/route/v1.RouteHTTPHeaderActions": schema_openshift_api_route_v1_RouteHTTPHeaderActions(ref), - "github.com/openshift/api/route/v1.RouteHTTPHeaders": schema_openshift_api_route_v1_RouteHTTPHeaders(ref), - "github.com/openshift/api/route/v1.RouteIngress": schema_openshift_api_route_v1_RouteIngress(ref), - "github.com/openshift/api/route/v1.RouteIngressCondition": schema_openshift_api_route_v1_RouteIngressCondition(ref), - "github.com/openshift/api/route/v1.RouteList": schema_openshift_api_route_v1_RouteList(ref), - "github.com/openshift/api/route/v1.RoutePort": schema_openshift_api_route_v1_RoutePort(ref), - "github.com/openshift/api/route/v1.RouteSetHTTPHeader": schema_openshift_api_route_v1_RouteSetHTTPHeader(ref), - "github.com/openshift/api/route/v1.RouteSpec": schema_openshift_api_route_v1_RouteSpec(ref), - "github.com/openshift/api/route/v1.RouteStatus": schema_openshift_api_route_v1_RouteStatus(ref), - "github.com/openshift/api/route/v1.RouteTargetReference": schema_openshift_api_route_v1_RouteTargetReference(ref), - "github.com/openshift/api/route/v1.RouterShard": schema_openshift_api_route_v1_RouterShard(ref), - "github.com/openshift/api/route/v1.TLSConfig": schema_openshift_api_route_v1_TLSConfig(ref), - "github.com/openshift/api/samples/v1.Config": schema_openshift_api_samples_v1_Config(ref), - "github.com/openshift/api/samples/v1.ConfigCondition": schema_openshift_api_samples_v1_ConfigCondition(ref), - "github.com/openshift/api/samples/v1.ConfigList": schema_openshift_api_samples_v1_ConfigList(ref), - "github.com/openshift/api/samples/v1.ConfigSpec": schema_openshift_api_samples_v1_ConfigSpec(ref), - "github.com/openshift/api/samples/v1.ConfigStatus": schema_openshift_api_samples_v1_ConfigStatus(ref), - "github.com/openshift/api/security/v1.AllowedFlexVolume": schema_openshift_api_security_v1_AllowedFlexVolume(ref), - "github.com/openshift/api/security/v1.FSGroupStrategyOptions": schema_openshift_api_security_v1_FSGroupStrategyOptions(ref), - "github.com/openshift/api/security/v1.IDRange": schema_openshift_api_security_v1_IDRange(ref), - "github.com/openshift/api/security/v1.PodSecurityPolicyReview": schema_openshift_api_security_v1_PodSecurityPolicyReview(ref), - "github.com/openshift/api/security/v1.PodSecurityPolicyReviewSpec": schema_openshift_api_security_v1_PodSecurityPolicyReviewSpec(ref), - "github.com/openshift/api/security/v1.PodSecurityPolicyReviewStatus": schema_openshift_api_security_v1_PodSecurityPolicyReviewStatus(ref), - "github.com/openshift/api/security/v1.PodSecurityPolicySelfSubjectReview": schema_openshift_api_security_v1_PodSecurityPolicySelfSubjectReview(ref), - "github.com/openshift/api/security/v1.PodSecurityPolicySelfSubjectReviewSpec": schema_openshift_api_security_v1_PodSecurityPolicySelfSubjectReviewSpec(ref), - "github.com/openshift/api/security/v1.PodSecurityPolicySubjectReview": schema_openshift_api_security_v1_PodSecurityPolicySubjectReview(ref), - "github.com/openshift/api/security/v1.PodSecurityPolicySubjectReviewSpec": schema_openshift_api_security_v1_PodSecurityPolicySubjectReviewSpec(ref), - "github.com/openshift/api/security/v1.PodSecurityPolicySubjectReviewStatus": schema_openshift_api_security_v1_PodSecurityPolicySubjectReviewStatus(ref), - "github.com/openshift/api/security/v1.RangeAllocation": schema_openshift_api_security_v1_RangeAllocation(ref), - "github.com/openshift/api/security/v1.RangeAllocationList": schema_openshift_api_security_v1_RangeAllocationList(ref), - "github.com/openshift/api/security/v1.RunAsUserStrategyOptions": schema_openshift_api_security_v1_RunAsUserStrategyOptions(ref), - "github.com/openshift/api/security/v1.SELinuxContextStrategyOptions": schema_openshift_api_security_v1_SELinuxContextStrategyOptions(ref), - "github.com/openshift/api/security/v1.SecurityContextConstraints": schema_openshift_api_security_v1_SecurityContextConstraints(ref), - "github.com/openshift/api/security/v1.SecurityContextConstraintsList": schema_openshift_api_security_v1_SecurityContextConstraintsList(ref), - "github.com/openshift/api/security/v1.ServiceAccountPodSecurityPolicyReviewStatus": schema_openshift_api_security_v1_ServiceAccountPodSecurityPolicyReviewStatus(ref), - "github.com/openshift/api/security/v1.SupplementalGroupsStrategyOptions": schema_openshift_api_security_v1_SupplementalGroupsStrategyOptions(ref), - "github.com/openshift/api/securityinternal/v1.RangeAllocation": schema_openshift_api_securityinternal_v1_RangeAllocation(ref), - "github.com/openshift/api/securityinternal/v1.RangeAllocationList": schema_openshift_api_securityinternal_v1_RangeAllocationList(ref), - "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfig": schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorConfig(ref), - "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfigList": schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorConfigList(ref), - "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfigSpec": schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorConfigSpec(ref), - "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfigStatus": schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorConfigStatus(ref), - "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMap": schema_openshift_api_sharedresource_v1alpha1_SharedConfigMap(ref), - "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMapList": schema_openshift_api_sharedresource_v1alpha1_SharedConfigMapList(ref), - "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMapReference": schema_openshift_api_sharedresource_v1alpha1_SharedConfigMapReference(ref), - "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMapSpec": schema_openshift_api_sharedresource_v1alpha1_SharedConfigMapSpec(ref), - "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMapStatus": schema_openshift_api_sharedresource_v1alpha1_SharedConfigMapStatus(ref), - "github.com/openshift/api/sharedresource/v1alpha1.SharedSecret": schema_openshift_api_sharedresource_v1alpha1_SharedSecret(ref), - "github.com/openshift/api/sharedresource/v1alpha1.SharedSecretList": schema_openshift_api_sharedresource_v1alpha1_SharedSecretList(ref), - "github.com/openshift/api/sharedresource/v1alpha1.SharedSecretReference": schema_openshift_api_sharedresource_v1alpha1_SharedSecretReference(ref), - "github.com/openshift/api/sharedresource/v1alpha1.SharedSecretSpec": schema_openshift_api_sharedresource_v1alpha1_SharedSecretSpec(ref), - "github.com/openshift/api/sharedresource/v1alpha1.SharedSecretStatus": schema_openshift_api_sharedresource_v1alpha1_SharedSecretStatus(ref), - "github.com/openshift/api/template/v1.BrokerTemplateInstance": schema_openshift_api_template_v1_BrokerTemplateInstance(ref), - "github.com/openshift/api/template/v1.BrokerTemplateInstanceList": schema_openshift_api_template_v1_BrokerTemplateInstanceList(ref), - "github.com/openshift/api/template/v1.BrokerTemplateInstanceSpec": schema_openshift_api_template_v1_BrokerTemplateInstanceSpec(ref), - "github.com/openshift/api/template/v1.Parameter": schema_openshift_api_template_v1_Parameter(ref), - "github.com/openshift/api/template/v1.Template": schema_openshift_api_template_v1_Template(ref), - "github.com/openshift/api/template/v1.TemplateInstance": schema_openshift_api_template_v1_TemplateInstance(ref), - "github.com/openshift/api/template/v1.TemplateInstanceCondition": schema_openshift_api_template_v1_TemplateInstanceCondition(ref), - "github.com/openshift/api/template/v1.TemplateInstanceList": schema_openshift_api_template_v1_TemplateInstanceList(ref), - "github.com/openshift/api/template/v1.TemplateInstanceObject": schema_openshift_api_template_v1_TemplateInstanceObject(ref), - "github.com/openshift/api/template/v1.TemplateInstanceRequester": schema_openshift_api_template_v1_TemplateInstanceRequester(ref), - "github.com/openshift/api/template/v1.TemplateInstanceSpec": schema_openshift_api_template_v1_TemplateInstanceSpec(ref), - "github.com/openshift/api/template/v1.TemplateInstanceStatus": schema_openshift_api_template_v1_TemplateInstanceStatus(ref), - "github.com/openshift/api/template/v1.TemplateList": schema_openshift_api_template_v1_TemplateList(ref), - "github.com/openshift/api/user/v1.Group": schema_openshift_api_user_v1_Group(ref), - "github.com/openshift/api/user/v1.GroupList": schema_openshift_api_user_v1_GroupList(ref), - "github.com/openshift/api/user/v1.Identity": schema_openshift_api_user_v1_Identity(ref), - "github.com/openshift/api/user/v1.IdentityList": schema_openshift_api_user_v1_IdentityList(ref), - "github.com/openshift/api/user/v1.User": schema_openshift_api_user_v1_User(ref), - "github.com/openshift/api/user/v1.UserIdentityMapping": schema_openshift_api_user_v1_UserIdentityMapping(ref), - "github.com/openshift/api/user/v1.UserList": schema_openshift_api_user_v1_UserList(ref), - "k8s.io/api/admissionregistration/v1.AuditAnnotation": schema_k8sio_api_admissionregistration_v1_AuditAnnotation(ref), - "k8s.io/api/admissionregistration/v1.ExpressionWarning": schema_k8sio_api_admissionregistration_v1_ExpressionWarning(ref), - "k8s.io/api/admissionregistration/v1.MatchCondition": schema_k8sio_api_admissionregistration_v1_MatchCondition(ref), - "k8s.io/api/admissionregistration/v1.MatchResources": schema_k8sio_api_admissionregistration_v1_MatchResources(ref), - "k8s.io/api/admissionregistration/v1.MutatingWebhook": schema_k8sio_api_admissionregistration_v1_MutatingWebhook(ref), - "k8s.io/api/admissionregistration/v1.MutatingWebhookConfiguration": schema_k8sio_api_admissionregistration_v1_MutatingWebhookConfiguration(ref), - "k8s.io/api/admissionregistration/v1.MutatingWebhookConfigurationList": schema_k8sio_api_admissionregistration_v1_MutatingWebhookConfigurationList(ref), - "k8s.io/api/admissionregistration/v1.NamedRuleWithOperations": schema_k8sio_api_admissionregistration_v1_NamedRuleWithOperations(ref), - "k8s.io/api/admissionregistration/v1.ParamKind": schema_k8sio_api_admissionregistration_v1_ParamKind(ref), - "k8s.io/api/admissionregistration/v1.ParamRef": schema_k8sio_api_admissionregistration_v1_ParamRef(ref), - "k8s.io/api/admissionregistration/v1.Rule": schema_k8sio_api_admissionregistration_v1_Rule(ref), - "k8s.io/api/admissionregistration/v1.RuleWithOperations": schema_k8sio_api_admissionregistration_v1_RuleWithOperations(ref), - "k8s.io/api/admissionregistration/v1.ServiceReference": schema_k8sio_api_admissionregistration_v1_ServiceReference(ref), - "k8s.io/api/admissionregistration/v1.TypeChecking": schema_k8sio_api_admissionregistration_v1_TypeChecking(ref), - "k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicy": schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicy(ref), - "k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicyBinding": schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyBinding(ref), - "k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicyBindingList": schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyBindingList(ref), - "k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicyBindingSpec": schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyBindingSpec(ref), - "k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicyList": schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyList(ref), - "k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicySpec": schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicySpec(ref), - "k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicyStatus": schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyStatus(ref), - "k8s.io/api/admissionregistration/v1.ValidatingWebhook": schema_k8sio_api_admissionregistration_v1_ValidatingWebhook(ref), - "k8s.io/api/admissionregistration/v1.ValidatingWebhookConfiguration": schema_k8sio_api_admissionregistration_v1_ValidatingWebhookConfiguration(ref), - "k8s.io/api/admissionregistration/v1.ValidatingWebhookConfigurationList": schema_k8sio_api_admissionregistration_v1_ValidatingWebhookConfigurationList(ref), - "k8s.io/api/admissionregistration/v1.Validation": schema_k8sio_api_admissionregistration_v1_Validation(ref), - "k8s.io/api/admissionregistration/v1.Variable": schema_k8sio_api_admissionregistration_v1_Variable(ref), - "k8s.io/api/admissionregistration/v1.WebhookClientConfig": schema_k8sio_api_admissionregistration_v1_WebhookClientConfig(ref), - "k8s.io/api/authorization/v1.FieldSelectorAttributes": schema_k8sio_api_authorization_v1_FieldSelectorAttributes(ref), - "k8s.io/api/authorization/v1.LabelSelectorAttributes": schema_k8sio_api_authorization_v1_LabelSelectorAttributes(ref), - "k8s.io/api/authorization/v1.LocalSubjectAccessReview": schema_k8sio_api_authorization_v1_LocalSubjectAccessReview(ref), - "k8s.io/api/authorization/v1.NonResourceAttributes": schema_k8sio_api_authorization_v1_NonResourceAttributes(ref), - "k8s.io/api/authorization/v1.NonResourceRule": schema_k8sio_api_authorization_v1_NonResourceRule(ref), - "k8s.io/api/authorization/v1.ResourceAttributes": schema_k8sio_api_authorization_v1_ResourceAttributes(ref), - "k8s.io/api/authorization/v1.ResourceRule": schema_k8sio_api_authorization_v1_ResourceRule(ref), - "k8s.io/api/authorization/v1.SelfSubjectAccessReview": schema_k8sio_api_authorization_v1_SelfSubjectAccessReview(ref), - "k8s.io/api/authorization/v1.SelfSubjectAccessReviewSpec": schema_k8sio_api_authorization_v1_SelfSubjectAccessReviewSpec(ref), - "k8s.io/api/authorization/v1.SelfSubjectRulesReview": schema_k8sio_api_authorization_v1_SelfSubjectRulesReview(ref), - "k8s.io/api/authorization/v1.SelfSubjectRulesReviewSpec": schema_k8sio_api_authorization_v1_SelfSubjectRulesReviewSpec(ref), - "k8s.io/api/authorization/v1.SubjectAccessReview": schema_k8sio_api_authorization_v1_SubjectAccessReview(ref), - "k8s.io/api/authorization/v1.SubjectAccessReviewSpec": schema_k8sio_api_authorization_v1_SubjectAccessReviewSpec(ref), - "k8s.io/api/authorization/v1.SubjectAccessReviewStatus": schema_k8sio_api_authorization_v1_SubjectAccessReviewStatus(ref), - "k8s.io/api/authorization/v1.SubjectRulesReviewStatus": schema_k8sio_api_authorization_v1_SubjectRulesReviewStatus(ref), - "k8s.io/api/core/v1.AWSElasticBlockStoreVolumeSource": schema_k8sio_api_core_v1_AWSElasticBlockStoreVolumeSource(ref), - "k8s.io/api/core/v1.Affinity": schema_k8sio_api_core_v1_Affinity(ref), - "k8s.io/api/core/v1.AppArmorProfile": schema_k8sio_api_core_v1_AppArmorProfile(ref), - "k8s.io/api/core/v1.AttachedVolume": schema_k8sio_api_core_v1_AttachedVolume(ref), - "k8s.io/api/core/v1.AvoidPods": schema_k8sio_api_core_v1_AvoidPods(ref), - "k8s.io/api/core/v1.AzureDiskVolumeSource": schema_k8sio_api_core_v1_AzureDiskVolumeSource(ref), - "k8s.io/api/core/v1.AzureFilePersistentVolumeSource": schema_k8sio_api_core_v1_AzureFilePersistentVolumeSource(ref), - "k8s.io/api/core/v1.AzureFileVolumeSource": schema_k8sio_api_core_v1_AzureFileVolumeSource(ref), - "k8s.io/api/core/v1.Binding": schema_k8sio_api_core_v1_Binding(ref), - "k8s.io/api/core/v1.CSIPersistentVolumeSource": schema_k8sio_api_core_v1_CSIPersistentVolumeSource(ref), - "k8s.io/api/core/v1.CSIVolumeSource": schema_k8sio_api_core_v1_CSIVolumeSource(ref), - "k8s.io/api/core/v1.Capabilities": schema_k8sio_api_core_v1_Capabilities(ref), - "k8s.io/api/core/v1.CephFSPersistentVolumeSource": schema_k8sio_api_core_v1_CephFSPersistentVolumeSource(ref), - "k8s.io/api/core/v1.CephFSVolumeSource": schema_k8sio_api_core_v1_CephFSVolumeSource(ref), - "k8s.io/api/core/v1.CinderPersistentVolumeSource": schema_k8sio_api_core_v1_CinderPersistentVolumeSource(ref), - "k8s.io/api/core/v1.CinderVolumeSource": schema_k8sio_api_core_v1_CinderVolumeSource(ref), - "k8s.io/api/core/v1.ClientIPConfig": schema_k8sio_api_core_v1_ClientIPConfig(ref), - "k8s.io/api/core/v1.ClusterTrustBundleProjection": schema_k8sio_api_core_v1_ClusterTrustBundleProjection(ref), - "k8s.io/api/core/v1.ComponentCondition": schema_k8sio_api_core_v1_ComponentCondition(ref), - "k8s.io/api/core/v1.ComponentStatus": schema_k8sio_api_core_v1_ComponentStatus(ref), - "k8s.io/api/core/v1.ComponentStatusList": schema_k8sio_api_core_v1_ComponentStatusList(ref), - "k8s.io/api/core/v1.ConfigMap": schema_k8sio_api_core_v1_ConfigMap(ref), - "k8s.io/api/core/v1.ConfigMapEnvSource": schema_k8sio_api_core_v1_ConfigMapEnvSource(ref), - "k8s.io/api/core/v1.ConfigMapKeySelector": schema_k8sio_api_core_v1_ConfigMapKeySelector(ref), - "k8s.io/api/core/v1.ConfigMapList": schema_k8sio_api_core_v1_ConfigMapList(ref), - "k8s.io/api/core/v1.ConfigMapNodeConfigSource": schema_k8sio_api_core_v1_ConfigMapNodeConfigSource(ref), - "k8s.io/api/core/v1.ConfigMapProjection": schema_k8sio_api_core_v1_ConfigMapProjection(ref), - "k8s.io/api/core/v1.ConfigMapVolumeSource": schema_k8sio_api_core_v1_ConfigMapVolumeSource(ref), - "k8s.io/api/core/v1.Container": schema_k8sio_api_core_v1_Container(ref), - "k8s.io/api/core/v1.ContainerExtendedResourceRequest": schema_k8sio_api_core_v1_ContainerExtendedResourceRequest(ref), - "k8s.io/api/core/v1.ContainerImage": schema_k8sio_api_core_v1_ContainerImage(ref), - "k8s.io/api/core/v1.ContainerPort": schema_k8sio_api_core_v1_ContainerPort(ref), - "k8s.io/api/core/v1.ContainerResizePolicy": schema_k8sio_api_core_v1_ContainerResizePolicy(ref), - "k8s.io/api/core/v1.ContainerRestartRule": schema_k8sio_api_core_v1_ContainerRestartRule(ref), - "k8s.io/api/core/v1.ContainerRestartRuleOnExitCodes": schema_k8sio_api_core_v1_ContainerRestartRuleOnExitCodes(ref), - "k8s.io/api/core/v1.ContainerState": schema_k8sio_api_core_v1_ContainerState(ref), - "k8s.io/api/core/v1.ContainerStateRunning": schema_k8sio_api_core_v1_ContainerStateRunning(ref), - "k8s.io/api/core/v1.ContainerStateTerminated": schema_k8sio_api_core_v1_ContainerStateTerminated(ref), - "k8s.io/api/core/v1.ContainerStateWaiting": schema_k8sio_api_core_v1_ContainerStateWaiting(ref), - "k8s.io/api/core/v1.ContainerStatus": schema_k8sio_api_core_v1_ContainerStatus(ref), - "k8s.io/api/core/v1.ContainerUser": schema_k8sio_api_core_v1_ContainerUser(ref), - "k8s.io/api/core/v1.DaemonEndpoint": schema_k8sio_api_core_v1_DaemonEndpoint(ref), - "k8s.io/api/core/v1.DownwardAPIProjection": schema_k8sio_api_core_v1_DownwardAPIProjection(ref), - "k8s.io/api/core/v1.DownwardAPIVolumeFile": schema_k8sio_api_core_v1_DownwardAPIVolumeFile(ref), - "k8s.io/api/core/v1.DownwardAPIVolumeSource": schema_k8sio_api_core_v1_DownwardAPIVolumeSource(ref), - "k8s.io/api/core/v1.EmptyDirVolumeSource": schema_k8sio_api_core_v1_EmptyDirVolumeSource(ref), - "k8s.io/api/core/v1.EndpointAddress": schema_k8sio_api_core_v1_EndpointAddress(ref), - "k8s.io/api/core/v1.EndpointPort": schema_k8sio_api_core_v1_EndpointPort(ref), - "k8s.io/api/core/v1.EndpointSubset": schema_k8sio_api_core_v1_EndpointSubset(ref), - "k8s.io/api/core/v1.Endpoints": schema_k8sio_api_core_v1_Endpoints(ref), - "k8s.io/api/core/v1.EndpointsList": schema_k8sio_api_core_v1_EndpointsList(ref), - "k8s.io/api/core/v1.EnvFromSource": schema_k8sio_api_core_v1_EnvFromSource(ref), - "k8s.io/api/core/v1.EnvVar": schema_k8sio_api_core_v1_EnvVar(ref), - "k8s.io/api/core/v1.EnvVarSource": schema_k8sio_api_core_v1_EnvVarSource(ref), - "k8s.io/api/core/v1.EphemeralContainer": schema_k8sio_api_core_v1_EphemeralContainer(ref), - "k8s.io/api/core/v1.EphemeralContainerCommon": schema_k8sio_api_core_v1_EphemeralContainerCommon(ref), - "k8s.io/api/core/v1.EphemeralVolumeSource": schema_k8sio_api_core_v1_EphemeralVolumeSource(ref), - "k8s.io/api/core/v1.Event": schema_k8sio_api_core_v1_Event(ref), - "k8s.io/api/core/v1.EventList": schema_k8sio_api_core_v1_EventList(ref), - "k8s.io/api/core/v1.EventSeries": schema_k8sio_api_core_v1_EventSeries(ref), - "k8s.io/api/core/v1.EventSource": schema_k8sio_api_core_v1_EventSource(ref), - "k8s.io/api/core/v1.ExecAction": schema_k8sio_api_core_v1_ExecAction(ref), - "k8s.io/api/core/v1.FCVolumeSource": schema_k8sio_api_core_v1_FCVolumeSource(ref), - "k8s.io/api/core/v1.FileKeySelector": schema_k8sio_api_core_v1_FileKeySelector(ref), - "k8s.io/api/core/v1.FlexPersistentVolumeSource": schema_k8sio_api_core_v1_FlexPersistentVolumeSource(ref), - "k8s.io/api/core/v1.FlexVolumeSource": schema_k8sio_api_core_v1_FlexVolumeSource(ref), - "k8s.io/api/core/v1.FlockerVolumeSource": schema_k8sio_api_core_v1_FlockerVolumeSource(ref), - "k8s.io/api/core/v1.GCEPersistentDiskVolumeSource": schema_k8sio_api_core_v1_GCEPersistentDiskVolumeSource(ref), - "k8s.io/api/core/v1.GRPCAction": schema_k8sio_api_core_v1_GRPCAction(ref), - "k8s.io/api/core/v1.GitRepoVolumeSource": schema_k8sio_api_core_v1_GitRepoVolumeSource(ref), - "k8s.io/api/core/v1.GlusterfsPersistentVolumeSource": schema_k8sio_api_core_v1_GlusterfsPersistentVolumeSource(ref), - "k8s.io/api/core/v1.GlusterfsVolumeSource": schema_k8sio_api_core_v1_GlusterfsVolumeSource(ref), - "k8s.io/api/core/v1.HTTPGetAction": schema_k8sio_api_core_v1_HTTPGetAction(ref), - "k8s.io/api/core/v1.HTTPHeader": schema_k8sio_api_core_v1_HTTPHeader(ref), - "k8s.io/api/core/v1.HostAlias": schema_k8sio_api_core_v1_HostAlias(ref), - "k8s.io/api/core/v1.HostIP": schema_k8sio_api_core_v1_HostIP(ref), - "k8s.io/api/core/v1.HostPathVolumeSource": schema_k8sio_api_core_v1_HostPathVolumeSource(ref), - "k8s.io/api/core/v1.ISCSIPersistentVolumeSource": schema_k8sio_api_core_v1_ISCSIPersistentVolumeSource(ref), - "k8s.io/api/core/v1.ISCSIVolumeSource": schema_k8sio_api_core_v1_ISCSIVolumeSource(ref), - "k8s.io/api/core/v1.ImageVolumeSource": schema_k8sio_api_core_v1_ImageVolumeSource(ref), - "k8s.io/api/core/v1.KeyToPath": schema_k8sio_api_core_v1_KeyToPath(ref), - "k8s.io/api/core/v1.Lifecycle": schema_k8sio_api_core_v1_Lifecycle(ref), - "k8s.io/api/core/v1.LifecycleHandler": schema_k8sio_api_core_v1_LifecycleHandler(ref), - "k8s.io/api/core/v1.LimitRange": schema_k8sio_api_core_v1_LimitRange(ref), - "k8s.io/api/core/v1.LimitRangeItem": schema_k8sio_api_core_v1_LimitRangeItem(ref), - "k8s.io/api/core/v1.LimitRangeList": schema_k8sio_api_core_v1_LimitRangeList(ref), - "k8s.io/api/core/v1.LimitRangeSpec": schema_k8sio_api_core_v1_LimitRangeSpec(ref), - "k8s.io/api/core/v1.LinuxContainerUser": schema_k8sio_api_core_v1_LinuxContainerUser(ref), - "k8s.io/api/core/v1.List": schema_k8sio_api_core_v1_List(ref), - "k8s.io/api/core/v1.LoadBalancerIngress": schema_k8sio_api_core_v1_LoadBalancerIngress(ref), - "k8s.io/api/core/v1.LoadBalancerStatus": schema_k8sio_api_core_v1_LoadBalancerStatus(ref), - "k8s.io/api/core/v1.LocalObjectReference": schema_k8sio_api_core_v1_LocalObjectReference(ref), - "k8s.io/api/core/v1.LocalVolumeSource": schema_k8sio_api_core_v1_LocalVolumeSource(ref), - "k8s.io/api/core/v1.ModifyVolumeStatus": schema_k8sio_api_core_v1_ModifyVolumeStatus(ref), - "k8s.io/api/core/v1.NFSVolumeSource": schema_k8sio_api_core_v1_NFSVolumeSource(ref), - "k8s.io/api/core/v1.Namespace": schema_k8sio_api_core_v1_Namespace(ref), - "k8s.io/api/core/v1.NamespaceCondition": schema_k8sio_api_core_v1_NamespaceCondition(ref), - "k8s.io/api/core/v1.NamespaceList": schema_k8sio_api_core_v1_NamespaceList(ref), - "k8s.io/api/core/v1.NamespaceSpec": schema_k8sio_api_core_v1_NamespaceSpec(ref), - "k8s.io/api/core/v1.NamespaceStatus": schema_k8sio_api_core_v1_NamespaceStatus(ref), - "k8s.io/api/core/v1.Node": schema_k8sio_api_core_v1_Node(ref), - "k8s.io/api/core/v1.NodeAddress": schema_k8sio_api_core_v1_NodeAddress(ref), - "k8s.io/api/core/v1.NodeAffinity": schema_k8sio_api_core_v1_NodeAffinity(ref), - "k8s.io/api/core/v1.NodeCondition": schema_k8sio_api_core_v1_NodeCondition(ref), - "k8s.io/api/core/v1.NodeConfigSource": schema_k8sio_api_core_v1_NodeConfigSource(ref), - "k8s.io/api/core/v1.NodeConfigStatus": schema_k8sio_api_core_v1_NodeConfigStatus(ref), - "k8s.io/api/core/v1.NodeDaemonEndpoints": schema_k8sio_api_core_v1_NodeDaemonEndpoints(ref), - "k8s.io/api/core/v1.NodeFeatures": schema_k8sio_api_core_v1_NodeFeatures(ref), - "k8s.io/api/core/v1.NodeList": schema_k8sio_api_core_v1_NodeList(ref), - "k8s.io/api/core/v1.NodeProxyOptions": schema_k8sio_api_core_v1_NodeProxyOptions(ref), - "k8s.io/api/core/v1.NodeRuntimeHandler": schema_k8sio_api_core_v1_NodeRuntimeHandler(ref), - "k8s.io/api/core/v1.NodeRuntimeHandlerFeatures": schema_k8sio_api_core_v1_NodeRuntimeHandlerFeatures(ref), - "k8s.io/api/core/v1.NodeSelector": schema_k8sio_api_core_v1_NodeSelector(ref), - "k8s.io/api/core/v1.NodeSelectorRequirement": schema_k8sio_api_core_v1_NodeSelectorRequirement(ref), - "k8s.io/api/core/v1.NodeSelectorTerm": schema_k8sio_api_core_v1_NodeSelectorTerm(ref), - "k8s.io/api/core/v1.NodeSpec": schema_k8sio_api_core_v1_NodeSpec(ref), - "k8s.io/api/core/v1.NodeStatus": schema_k8sio_api_core_v1_NodeStatus(ref), - "k8s.io/api/core/v1.NodeSwapStatus": schema_k8sio_api_core_v1_NodeSwapStatus(ref), - "k8s.io/api/core/v1.NodeSystemInfo": schema_k8sio_api_core_v1_NodeSystemInfo(ref), - "k8s.io/api/core/v1.ObjectFieldSelector": schema_k8sio_api_core_v1_ObjectFieldSelector(ref), - "k8s.io/api/core/v1.ObjectReference": schema_k8sio_api_core_v1_ObjectReference(ref), - "k8s.io/api/core/v1.PersistentVolume": schema_k8sio_api_core_v1_PersistentVolume(ref), - "k8s.io/api/core/v1.PersistentVolumeClaim": schema_k8sio_api_core_v1_PersistentVolumeClaim(ref), - "k8s.io/api/core/v1.PersistentVolumeClaimCondition": schema_k8sio_api_core_v1_PersistentVolumeClaimCondition(ref), - "k8s.io/api/core/v1.PersistentVolumeClaimList": schema_k8sio_api_core_v1_PersistentVolumeClaimList(ref), - "k8s.io/api/core/v1.PersistentVolumeClaimSpec": schema_k8sio_api_core_v1_PersistentVolumeClaimSpec(ref), - "k8s.io/api/core/v1.PersistentVolumeClaimStatus": schema_k8sio_api_core_v1_PersistentVolumeClaimStatus(ref), - "k8s.io/api/core/v1.PersistentVolumeClaimTemplate": schema_k8sio_api_core_v1_PersistentVolumeClaimTemplate(ref), - "k8s.io/api/core/v1.PersistentVolumeClaimVolumeSource": schema_k8sio_api_core_v1_PersistentVolumeClaimVolumeSource(ref), - "k8s.io/api/core/v1.PersistentVolumeList": schema_k8sio_api_core_v1_PersistentVolumeList(ref), - "k8s.io/api/core/v1.PersistentVolumeSource": schema_k8sio_api_core_v1_PersistentVolumeSource(ref), - "k8s.io/api/core/v1.PersistentVolumeSpec": schema_k8sio_api_core_v1_PersistentVolumeSpec(ref), - "k8s.io/api/core/v1.PersistentVolumeStatus": schema_k8sio_api_core_v1_PersistentVolumeStatus(ref), - "k8s.io/api/core/v1.PhotonPersistentDiskVolumeSource": schema_k8sio_api_core_v1_PhotonPersistentDiskVolumeSource(ref), - "k8s.io/api/core/v1.Pod": schema_k8sio_api_core_v1_Pod(ref), - "k8s.io/api/core/v1.PodAffinity": schema_k8sio_api_core_v1_PodAffinity(ref), - "k8s.io/api/core/v1.PodAffinityTerm": schema_k8sio_api_core_v1_PodAffinityTerm(ref), - "k8s.io/api/core/v1.PodAntiAffinity": schema_k8sio_api_core_v1_PodAntiAffinity(ref), - "k8s.io/api/core/v1.PodAttachOptions": schema_k8sio_api_core_v1_PodAttachOptions(ref), - "k8s.io/api/core/v1.PodCertificateProjection": schema_k8sio_api_core_v1_PodCertificateProjection(ref), - "k8s.io/api/core/v1.PodCondition": schema_k8sio_api_core_v1_PodCondition(ref), - "k8s.io/api/core/v1.PodDNSConfig": schema_k8sio_api_core_v1_PodDNSConfig(ref), - "k8s.io/api/core/v1.PodDNSConfigOption": schema_k8sio_api_core_v1_PodDNSConfigOption(ref), - "k8s.io/api/core/v1.PodExecOptions": schema_k8sio_api_core_v1_PodExecOptions(ref), - "k8s.io/api/core/v1.PodExtendedResourceClaimStatus": schema_k8sio_api_core_v1_PodExtendedResourceClaimStatus(ref), - "k8s.io/api/core/v1.PodIP": schema_k8sio_api_core_v1_PodIP(ref), - "k8s.io/api/core/v1.PodList": schema_k8sio_api_core_v1_PodList(ref), - "k8s.io/api/core/v1.PodLogOptions": schema_k8sio_api_core_v1_PodLogOptions(ref), - "k8s.io/api/core/v1.PodOS": schema_k8sio_api_core_v1_PodOS(ref), - "k8s.io/api/core/v1.PodPortForwardOptions": schema_k8sio_api_core_v1_PodPortForwardOptions(ref), - "k8s.io/api/core/v1.PodProxyOptions": schema_k8sio_api_core_v1_PodProxyOptions(ref), - "k8s.io/api/core/v1.PodReadinessGate": schema_k8sio_api_core_v1_PodReadinessGate(ref), - "k8s.io/api/core/v1.PodResourceClaim": schema_k8sio_api_core_v1_PodResourceClaim(ref), - "k8s.io/api/core/v1.PodResourceClaimStatus": schema_k8sio_api_core_v1_PodResourceClaimStatus(ref), - "k8s.io/api/core/v1.PodSchedulingGate": schema_k8sio_api_core_v1_PodSchedulingGate(ref), - "k8s.io/api/core/v1.PodSecurityContext": schema_k8sio_api_core_v1_PodSecurityContext(ref), - "k8s.io/api/core/v1.PodSignature": schema_k8sio_api_core_v1_PodSignature(ref), - "k8s.io/api/core/v1.PodSpec": schema_k8sio_api_core_v1_PodSpec(ref), - "k8s.io/api/core/v1.PodStatus": schema_k8sio_api_core_v1_PodStatus(ref), - "k8s.io/api/core/v1.PodStatusResult": schema_k8sio_api_core_v1_PodStatusResult(ref), - "k8s.io/api/core/v1.PodTemplate": schema_k8sio_api_core_v1_PodTemplate(ref), - "k8s.io/api/core/v1.PodTemplateList": schema_k8sio_api_core_v1_PodTemplateList(ref), - "k8s.io/api/core/v1.PodTemplateSpec": schema_k8sio_api_core_v1_PodTemplateSpec(ref), - "k8s.io/api/core/v1.PortStatus": schema_k8sio_api_core_v1_PortStatus(ref), - "k8s.io/api/core/v1.PortworxVolumeSource": schema_k8sio_api_core_v1_PortworxVolumeSource(ref), - "k8s.io/api/core/v1.PreferAvoidPodsEntry": schema_k8sio_api_core_v1_PreferAvoidPodsEntry(ref), - "k8s.io/api/core/v1.PreferredSchedulingTerm": schema_k8sio_api_core_v1_PreferredSchedulingTerm(ref), - "k8s.io/api/core/v1.Probe": schema_k8sio_api_core_v1_Probe(ref), - "k8s.io/api/core/v1.ProbeHandler": schema_k8sio_api_core_v1_ProbeHandler(ref), - "k8s.io/api/core/v1.ProjectedVolumeSource": schema_k8sio_api_core_v1_ProjectedVolumeSource(ref), - "k8s.io/api/core/v1.QuobyteVolumeSource": schema_k8sio_api_core_v1_QuobyteVolumeSource(ref), - "k8s.io/api/core/v1.RBDPersistentVolumeSource": schema_k8sio_api_core_v1_RBDPersistentVolumeSource(ref), - "k8s.io/api/core/v1.RBDVolumeSource": schema_k8sio_api_core_v1_RBDVolumeSource(ref), - "k8s.io/api/core/v1.RangeAllocation": schema_k8sio_api_core_v1_RangeAllocation(ref), - "k8s.io/api/core/v1.ReplicationController": schema_k8sio_api_core_v1_ReplicationController(ref), - "k8s.io/api/core/v1.ReplicationControllerCondition": schema_k8sio_api_core_v1_ReplicationControllerCondition(ref), - "k8s.io/api/core/v1.ReplicationControllerList": schema_k8sio_api_core_v1_ReplicationControllerList(ref), - "k8s.io/api/core/v1.ReplicationControllerSpec": schema_k8sio_api_core_v1_ReplicationControllerSpec(ref), - "k8s.io/api/core/v1.ReplicationControllerStatus": schema_k8sio_api_core_v1_ReplicationControllerStatus(ref), - "k8s.io/api/core/v1.ResourceClaim": schema_k8sio_api_core_v1_ResourceClaim(ref), - "k8s.io/api/core/v1.ResourceFieldSelector": schema_k8sio_api_core_v1_ResourceFieldSelector(ref), - "k8s.io/api/core/v1.ResourceHealth": schema_k8sio_api_core_v1_ResourceHealth(ref), - "k8s.io/api/core/v1.ResourceQuota": schema_k8sio_api_core_v1_ResourceQuota(ref), - "k8s.io/api/core/v1.ResourceQuotaList": schema_k8sio_api_core_v1_ResourceQuotaList(ref), - "k8s.io/api/core/v1.ResourceQuotaSpec": schema_k8sio_api_core_v1_ResourceQuotaSpec(ref), - "k8s.io/api/core/v1.ResourceQuotaStatus": schema_k8sio_api_core_v1_ResourceQuotaStatus(ref), - "k8s.io/api/core/v1.ResourceRequirements": schema_k8sio_api_core_v1_ResourceRequirements(ref), - "k8s.io/api/core/v1.ResourceStatus": schema_k8sio_api_core_v1_ResourceStatus(ref), - "k8s.io/api/core/v1.SELinuxOptions": schema_k8sio_api_core_v1_SELinuxOptions(ref), - "k8s.io/api/core/v1.ScaleIOPersistentVolumeSource": schema_k8sio_api_core_v1_ScaleIOPersistentVolumeSource(ref), - "k8s.io/api/core/v1.ScaleIOVolumeSource": schema_k8sio_api_core_v1_ScaleIOVolumeSource(ref), - "k8s.io/api/core/v1.ScopeSelector": schema_k8sio_api_core_v1_ScopeSelector(ref), - "k8s.io/api/core/v1.ScopedResourceSelectorRequirement": schema_k8sio_api_core_v1_ScopedResourceSelectorRequirement(ref), - "k8s.io/api/core/v1.SeccompProfile": schema_k8sio_api_core_v1_SeccompProfile(ref), - "k8s.io/api/core/v1.Secret": schema_k8sio_api_core_v1_Secret(ref), - "k8s.io/api/core/v1.SecretEnvSource": schema_k8sio_api_core_v1_SecretEnvSource(ref), - "k8s.io/api/core/v1.SecretKeySelector": schema_k8sio_api_core_v1_SecretKeySelector(ref), - "k8s.io/api/core/v1.SecretList": schema_k8sio_api_core_v1_SecretList(ref), - "k8s.io/api/core/v1.SecretProjection": schema_k8sio_api_core_v1_SecretProjection(ref), - "k8s.io/api/core/v1.SecretReference": schema_k8sio_api_core_v1_SecretReference(ref), - "k8s.io/api/core/v1.SecretVolumeSource": schema_k8sio_api_core_v1_SecretVolumeSource(ref), - "k8s.io/api/core/v1.SecurityContext": schema_k8sio_api_core_v1_SecurityContext(ref), - "k8s.io/api/core/v1.SerializedReference": schema_k8sio_api_core_v1_SerializedReference(ref), - "k8s.io/api/core/v1.Service": schema_k8sio_api_core_v1_Service(ref), - "k8s.io/api/core/v1.ServiceAccount": schema_k8sio_api_core_v1_ServiceAccount(ref), - "k8s.io/api/core/v1.ServiceAccountList": schema_k8sio_api_core_v1_ServiceAccountList(ref), - "k8s.io/api/core/v1.ServiceAccountTokenProjection": schema_k8sio_api_core_v1_ServiceAccountTokenProjection(ref), - "k8s.io/api/core/v1.ServiceList": schema_k8sio_api_core_v1_ServiceList(ref), - "k8s.io/api/core/v1.ServicePort": schema_k8sio_api_core_v1_ServicePort(ref), - "k8s.io/api/core/v1.ServiceProxyOptions": schema_k8sio_api_core_v1_ServiceProxyOptions(ref), - "k8s.io/api/core/v1.ServiceSpec": schema_k8sio_api_core_v1_ServiceSpec(ref), - "k8s.io/api/core/v1.ServiceStatus": schema_k8sio_api_core_v1_ServiceStatus(ref), - "k8s.io/api/core/v1.SessionAffinityConfig": schema_k8sio_api_core_v1_SessionAffinityConfig(ref), - "k8s.io/api/core/v1.SleepAction": schema_k8sio_api_core_v1_SleepAction(ref), - "k8s.io/api/core/v1.StorageOSPersistentVolumeSource": schema_k8sio_api_core_v1_StorageOSPersistentVolumeSource(ref), - "k8s.io/api/core/v1.StorageOSVolumeSource": schema_k8sio_api_core_v1_StorageOSVolumeSource(ref), - "k8s.io/api/core/v1.Sysctl": schema_k8sio_api_core_v1_Sysctl(ref), - "k8s.io/api/core/v1.TCPSocketAction": schema_k8sio_api_core_v1_TCPSocketAction(ref), - "k8s.io/api/core/v1.Taint": schema_k8sio_api_core_v1_Taint(ref), - "k8s.io/api/core/v1.Toleration": schema_k8sio_api_core_v1_Toleration(ref), - "k8s.io/api/core/v1.TopologySelectorLabelRequirement": schema_k8sio_api_core_v1_TopologySelectorLabelRequirement(ref), - "k8s.io/api/core/v1.TopologySelectorTerm": schema_k8sio_api_core_v1_TopologySelectorTerm(ref), - "k8s.io/api/core/v1.TopologySpreadConstraint": schema_k8sio_api_core_v1_TopologySpreadConstraint(ref), - "k8s.io/api/core/v1.TypedLocalObjectReference": schema_k8sio_api_core_v1_TypedLocalObjectReference(ref), - "k8s.io/api/core/v1.TypedObjectReference": schema_k8sio_api_core_v1_TypedObjectReference(ref), - "k8s.io/api/core/v1.Volume": schema_k8sio_api_core_v1_Volume(ref), - "k8s.io/api/core/v1.VolumeDevice": schema_k8sio_api_core_v1_VolumeDevice(ref), - "k8s.io/api/core/v1.VolumeMount": schema_k8sio_api_core_v1_VolumeMount(ref), - "k8s.io/api/core/v1.VolumeMountStatus": schema_k8sio_api_core_v1_VolumeMountStatus(ref), - "k8s.io/api/core/v1.VolumeNodeAffinity": schema_k8sio_api_core_v1_VolumeNodeAffinity(ref), - "k8s.io/api/core/v1.VolumeProjection": schema_k8sio_api_core_v1_VolumeProjection(ref), - "k8s.io/api/core/v1.VolumeResourceRequirements": schema_k8sio_api_core_v1_VolumeResourceRequirements(ref), - "k8s.io/api/core/v1.VolumeSource": schema_k8sio_api_core_v1_VolumeSource(ref), - "k8s.io/api/core/v1.VsphereVirtualDiskVolumeSource": schema_k8sio_api_core_v1_VsphereVirtualDiskVolumeSource(ref), - "k8s.io/api/core/v1.WeightedPodAffinityTerm": schema_k8sio_api_core_v1_WeightedPodAffinityTerm(ref), - "k8s.io/api/core/v1.WindowsSecurityContextOptions": schema_k8sio_api_core_v1_WindowsSecurityContextOptions(ref), - "k8s.io/api/rbac/v1.AggregationRule": schema_k8sio_api_rbac_v1_AggregationRule(ref), - "k8s.io/api/rbac/v1.ClusterRole": schema_k8sio_api_rbac_v1_ClusterRole(ref), - "k8s.io/api/rbac/v1.ClusterRoleBinding": schema_k8sio_api_rbac_v1_ClusterRoleBinding(ref), - "k8s.io/api/rbac/v1.ClusterRoleBindingList": schema_k8sio_api_rbac_v1_ClusterRoleBindingList(ref), - "k8s.io/api/rbac/v1.ClusterRoleList": schema_k8sio_api_rbac_v1_ClusterRoleList(ref), - "k8s.io/api/rbac/v1.PolicyRule": schema_k8sio_api_rbac_v1_PolicyRule(ref), - "k8s.io/api/rbac/v1.Role": schema_k8sio_api_rbac_v1_Role(ref), - "k8s.io/api/rbac/v1.RoleBinding": schema_k8sio_api_rbac_v1_RoleBinding(ref), - "k8s.io/api/rbac/v1.RoleBindingList": schema_k8sio_api_rbac_v1_RoleBindingList(ref), - "k8s.io/api/rbac/v1.RoleList": schema_k8sio_api_rbac_v1_RoleList(ref), - "k8s.io/api/rbac/v1.RoleRef": schema_k8sio_api_rbac_v1_RoleRef(ref), - "k8s.io/api/rbac/v1.Subject": schema_k8sio_api_rbac_v1_Subject(ref), - "k8s.io/apimachinery/pkg/api/resource.Quantity": schema_apimachinery_pkg_api_resource_Quantity(ref), - "k8s.io/apimachinery/pkg/api/resource.int64Amount": schema_apimachinery_pkg_api_resource_int64Amount(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroup": schema_pkg_apis_meta_v1_APIGroup(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroupList": schema_pkg_apis_meta_v1_APIGroupList(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIResource": schema_pkg_apis_meta_v1_APIResource(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIResourceList": schema_pkg_apis_meta_v1_APIResourceList(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.APIVersions": schema_pkg_apis_meta_v1_APIVersions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ApplyOptions": schema_pkg_apis_meta_v1_ApplyOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition": schema_pkg_apis_meta_v1_Condition(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.CreateOptions": schema_pkg_apis_meta_v1_CreateOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.DeleteOptions": schema_pkg_apis_meta_v1_DeleteOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Duration": schema_pkg_apis_meta_v1_Duration(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.FieldSelectorRequirement": schema_pkg_apis_meta_v1_FieldSelectorRequirement(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.FieldsV1": schema_pkg_apis_meta_v1_FieldsV1(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GetOptions": schema_pkg_apis_meta_v1_GetOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupKind": schema_pkg_apis_meta_v1_GroupKind(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupResource": schema_pkg_apis_meta_v1_GroupResource(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersion": schema_pkg_apis_meta_v1_GroupVersion(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionForDiscovery": schema_pkg_apis_meta_v1_GroupVersionForDiscovery(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionKind": schema_pkg_apis_meta_v1_GroupVersionKind(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionResource": schema_pkg_apis_meta_v1_GroupVersionResource(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.InternalEvent": schema_pkg_apis_meta_v1_InternalEvent(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector": schema_pkg_apis_meta_v1_LabelSelector(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement": schema_pkg_apis_meta_v1_LabelSelectorRequirement(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.List": schema_pkg_apis_meta_v1_List(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta": schema_pkg_apis_meta_v1_ListMeta(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ListOptions": schema_pkg_apis_meta_v1_ListOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ManagedFieldsEntry": schema_pkg_apis_meta_v1_ManagedFieldsEntry(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime": schema_pkg_apis_meta_v1_MicroTime(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta": schema_pkg_apis_meta_v1_ObjectMeta(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference": schema_pkg_apis_meta_v1_OwnerReference(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadata": schema_pkg_apis_meta_v1_PartialObjectMetadata(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadataList": schema_pkg_apis_meta_v1_PartialObjectMetadataList(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Patch": schema_pkg_apis_meta_v1_Patch(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.PatchOptions": schema_pkg_apis_meta_v1_PatchOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Preconditions": schema_pkg_apis_meta_v1_Preconditions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.RootPaths": schema_pkg_apis_meta_v1_RootPaths(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.ServerAddressByClientCIDR": schema_pkg_apis_meta_v1_ServerAddressByClientCIDR(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Status": schema_pkg_apis_meta_v1_Status(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.StatusCause": schema_pkg_apis_meta_v1_StatusCause(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.StatusDetails": schema_pkg_apis_meta_v1_StatusDetails(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Table": schema_pkg_apis_meta_v1_Table(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableColumnDefinition": schema_pkg_apis_meta_v1_TableColumnDefinition(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableOptions": schema_pkg_apis_meta_v1_TableOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableRow": schema_pkg_apis_meta_v1_TableRow(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TableRowCondition": schema_pkg_apis_meta_v1_TableRowCondition(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Time": schema_pkg_apis_meta_v1_Time(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.Timestamp": schema_pkg_apis_meta_v1_Timestamp(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.TypeMeta": schema_pkg_apis_meta_v1_TypeMeta(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.UpdateOptions": schema_pkg_apis_meta_v1_UpdateOptions(ref), - "k8s.io/apimachinery/pkg/apis/meta/v1.WatchEvent": schema_pkg_apis_meta_v1_WatchEvent(ref), - "k8s.io/apimachinery/pkg/runtime.RawExtension": schema_k8sio_apimachinery_pkg_runtime_RawExtension(ref), - "k8s.io/apimachinery/pkg/runtime.TypeMeta": schema_k8sio_apimachinery_pkg_runtime_TypeMeta(ref), - "k8s.io/apimachinery/pkg/runtime.Unknown": schema_k8sio_apimachinery_pkg_runtime_Unknown(ref), - "k8s.io/apimachinery/pkg/util/intstr.IntOrString": schema_apimachinery_pkg_util_intstr_IntOrString(ref), + "github.com/openshift/api/apiextensions/v1alpha1.APIExcludedField": schema_openshift_api_apiextensions_v1alpha1_APIExcludedField(ref), + "github.com/openshift/api/apiextensions/v1alpha1.APIVersions": schema_openshift_api_apiextensions_v1alpha1_APIVersions(ref), + "github.com/openshift/api/apiextensions/v1alpha1.CRDData": schema_openshift_api_apiextensions_v1alpha1_CRDData(ref), + "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirement": schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirement(ref), + "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirementList": schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirementList(ref), + "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirementSpec": schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirementSpec(ref), + "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirementStatus": schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirementStatus(ref), + "github.com/openshift/api/apiextensions/v1alpha1.CompatibilitySchema": schema_openshift_api_apiextensions_v1alpha1_CompatibilitySchema(ref), + "github.com/openshift/api/apiextensions/v1alpha1.CustomResourceDefinitionSchemaValidation": schema_openshift_api_apiextensions_v1alpha1_CustomResourceDefinitionSchemaValidation(ref), + "github.com/openshift/api/apiextensions/v1alpha1.ObjectSchemaValidation": schema_openshift_api_apiextensions_v1alpha1_ObjectSchemaValidation(ref), + "github.com/openshift/api/apiextensions/v1alpha1.ObservedCRD": schema_openshift_api_apiextensions_v1alpha1_ObservedCRD(ref), + "github.com/openshift/api/apiserver/v1.APIRequestCount": schema_openshift_api_apiserver_v1_APIRequestCount(ref), + "github.com/openshift/api/apiserver/v1.APIRequestCountList": schema_openshift_api_apiserver_v1_APIRequestCountList(ref), + "github.com/openshift/api/apiserver/v1.APIRequestCountSpec": schema_openshift_api_apiserver_v1_APIRequestCountSpec(ref), + "github.com/openshift/api/apiserver/v1.APIRequestCountStatus": schema_openshift_api_apiserver_v1_APIRequestCountStatus(ref), + "github.com/openshift/api/apiserver/v1.PerNodeAPIRequestLog": schema_openshift_api_apiserver_v1_PerNodeAPIRequestLog(ref), + "github.com/openshift/api/apiserver/v1.PerResourceAPIRequestLog": schema_openshift_api_apiserver_v1_PerResourceAPIRequestLog(ref), + "github.com/openshift/api/apiserver/v1.PerUserAPIRequestCount": schema_openshift_api_apiserver_v1_PerUserAPIRequestCount(ref), + "github.com/openshift/api/apiserver/v1.PerVerbAPIRequestCount": schema_openshift_api_apiserver_v1_PerVerbAPIRequestCount(ref), + "github.com/openshift/api/apps/v1.CustomDeploymentStrategyParams": schema_openshift_api_apps_v1_CustomDeploymentStrategyParams(ref), + "github.com/openshift/api/apps/v1.DeploymentCause": schema_openshift_api_apps_v1_DeploymentCause(ref), + "github.com/openshift/api/apps/v1.DeploymentCauseImageTrigger": schema_openshift_api_apps_v1_DeploymentCauseImageTrigger(ref), + "github.com/openshift/api/apps/v1.DeploymentCondition": schema_openshift_api_apps_v1_DeploymentCondition(ref), + "github.com/openshift/api/apps/v1.DeploymentConfig": schema_openshift_api_apps_v1_DeploymentConfig(ref), + "github.com/openshift/api/apps/v1.DeploymentConfigList": schema_openshift_api_apps_v1_DeploymentConfigList(ref), + "github.com/openshift/api/apps/v1.DeploymentConfigRollback": schema_openshift_api_apps_v1_DeploymentConfigRollback(ref), + "github.com/openshift/api/apps/v1.DeploymentConfigRollbackSpec": schema_openshift_api_apps_v1_DeploymentConfigRollbackSpec(ref), + "github.com/openshift/api/apps/v1.DeploymentConfigSpec": schema_openshift_api_apps_v1_DeploymentConfigSpec(ref), + "github.com/openshift/api/apps/v1.DeploymentConfigStatus": schema_openshift_api_apps_v1_DeploymentConfigStatus(ref), + "github.com/openshift/api/apps/v1.DeploymentDetails": schema_openshift_api_apps_v1_DeploymentDetails(ref), + "github.com/openshift/api/apps/v1.DeploymentLog": schema_openshift_api_apps_v1_DeploymentLog(ref), + "github.com/openshift/api/apps/v1.DeploymentLogOptions": schema_openshift_api_apps_v1_DeploymentLogOptions(ref), + "github.com/openshift/api/apps/v1.DeploymentRequest": schema_openshift_api_apps_v1_DeploymentRequest(ref), + "github.com/openshift/api/apps/v1.DeploymentStrategy": schema_openshift_api_apps_v1_DeploymentStrategy(ref), + "github.com/openshift/api/apps/v1.DeploymentTriggerImageChangeParams": schema_openshift_api_apps_v1_DeploymentTriggerImageChangeParams(ref), + "github.com/openshift/api/apps/v1.DeploymentTriggerPolicy": schema_openshift_api_apps_v1_DeploymentTriggerPolicy(ref), + "github.com/openshift/api/apps/v1.ExecNewPodHook": schema_openshift_api_apps_v1_ExecNewPodHook(ref), + "github.com/openshift/api/apps/v1.LifecycleHook": schema_openshift_api_apps_v1_LifecycleHook(ref), + "github.com/openshift/api/apps/v1.RecreateDeploymentStrategyParams": schema_openshift_api_apps_v1_RecreateDeploymentStrategyParams(ref), + "github.com/openshift/api/apps/v1.RollingDeploymentStrategyParams": schema_openshift_api_apps_v1_RollingDeploymentStrategyParams(ref), + "github.com/openshift/api/apps/v1.TagImageHook": schema_openshift_api_apps_v1_TagImageHook(ref), + "github.com/openshift/api/authorization/v1.Action": schema_openshift_api_authorization_v1_Action(ref), + "github.com/openshift/api/authorization/v1.ClusterRole": schema_openshift_api_authorization_v1_ClusterRole(ref), + "github.com/openshift/api/authorization/v1.ClusterRoleBinding": schema_openshift_api_authorization_v1_ClusterRoleBinding(ref), + "github.com/openshift/api/authorization/v1.ClusterRoleBindingList": schema_openshift_api_authorization_v1_ClusterRoleBindingList(ref), + "github.com/openshift/api/authorization/v1.ClusterRoleList": schema_openshift_api_authorization_v1_ClusterRoleList(ref), + "github.com/openshift/api/authorization/v1.GroupRestriction": schema_openshift_api_authorization_v1_GroupRestriction(ref), + "github.com/openshift/api/authorization/v1.IsPersonalSubjectAccessReview": schema_openshift_api_authorization_v1_IsPersonalSubjectAccessReview(ref), + "github.com/openshift/api/authorization/v1.LocalResourceAccessReview": schema_openshift_api_authorization_v1_LocalResourceAccessReview(ref), + "github.com/openshift/api/authorization/v1.LocalSubjectAccessReview": schema_openshift_api_authorization_v1_LocalSubjectAccessReview(ref), + "github.com/openshift/api/authorization/v1.NamedClusterRole": schema_openshift_api_authorization_v1_NamedClusterRole(ref), + "github.com/openshift/api/authorization/v1.NamedClusterRoleBinding": schema_openshift_api_authorization_v1_NamedClusterRoleBinding(ref), + "github.com/openshift/api/authorization/v1.NamedRole": schema_openshift_api_authorization_v1_NamedRole(ref), + "github.com/openshift/api/authorization/v1.NamedRoleBinding": schema_openshift_api_authorization_v1_NamedRoleBinding(ref), + "github.com/openshift/api/authorization/v1.PolicyRule": schema_openshift_api_authorization_v1_PolicyRule(ref), + "github.com/openshift/api/authorization/v1.ResourceAccessReview": schema_openshift_api_authorization_v1_ResourceAccessReview(ref), + "github.com/openshift/api/authorization/v1.ResourceAccessReviewResponse": schema_openshift_api_authorization_v1_ResourceAccessReviewResponse(ref), + "github.com/openshift/api/authorization/v1.Role": schema_openshift_api_authorization_v1_Role(ref), + "github.com/openshift/api/authorization/v1.RoleBinding": schema_openshift_api_authorization_v1_RoleBinding(ref), + "github.com/openshift/api/authorization/v1.RoleBindingList": schema_openshift_api_authorization_v1_RoleBindingList(ref), + "github.com/openshift/api/authorization/v1.RoleBindingRestriction": schema_openshift_api_authorization_v1_RoleBindingRestriction(ref), + "github.com/openshift/api/authorization/v1.RoleBindingRestrictionList": schema_openshift_api_authorization_v1_RoleBindingRestrictionList(ref), + "github.com/openshift/api/authorization/v1.RoleBindingRestrictionSpec": schema_openshift_api_authorization_v1_RoleBindingRestrictionSpec(ref), + "github.com/openshift/api/authorization/v1.RoleList": schema_openshift_api_authorization_v1_RoleList(ref), + "github.com/openshift/api/authorization/v1.SelfSubjectRulesReview": schema_openshift_api_authorization_v1_SelfSubjectRulesReview(ref), + "github.com/openshift/api/authorization/v1.SelfSubjectRulesReviewSpec": schema_openshift_api_authorization_v1_SelfSubjectRulesReviewSpec(ref), + "github.com/openshift/api/authorization/v1.ServiceAccountReference": schema_openshift_api_authorization_v1_ServiceAccountReference(ref), + "github.com/openshift/api/authorization/v1.ServiceAccountRestriction": schema_openshift_api_authorization_v1_ServiceAccountRestriction(ref), + "github.com/openshift/api/authorization/v1.SubjectAccessReview": schema_openshift_api_authorization_v1_SubjectAccessReview(ref), + "github.com/openshift/api/authorization/v1.SubjectAccessReviewResponse": schema_openshift_api_authorization_v1_SubjectAccessReviewResponse(ref), + "github.com/openshift/api/authorization/v1.SubjectRulesReview": schema_openshift_api_authorization_v1_SubjectRulesReview(ref), + "github.com/openshift/api/authorization/v1.SubjectRulesReviewSpec": schema_openshift_api_authorization_v1_SubjectRulesReviewSpec(ref), + "github.com/openshift/api/authorization/v1.SubjectRulesReviewStatus": schema_openshift_api_authorization_v1_SubjectRulesReviewStatus(ref), + "github.com/openshift/api/authorization/v1.UserRestriction": schema_openshift_api_authorization_v1_UserRestriction(ref), + "github.com/openshift/api/build/v1.BinaryBuildRequestOptions": schema_openshift_api_build_v1_BinaryBuildRequestOptions(ref), + "github.com/openshift/api/build/v1.BinaryBuildSource": schema_openshift_api_build_v1_BinaryBuildSource(ref), + "github.com/openshift/api/build/v1.BitbucketWebHookCause": schema_openshift_api_build_v1_BitbucketWebHookCause(ref), + "github.com/openshift/api/build/v1.Build": schema_openshift_api_build_v1_Build(ref), + "github.com/openshift/api/build/v1.BuildCondition": schema_openshift_api_build_v1_BuildCondition(ref), + "github.com/openshift/api/build/v1.BuildConfig": schema_openshift_api_build_v1_BuildConfig(ref), + "github.com/openshift/api/build/v1.BuildConfigList": schema_openshift_api_build_v1_BuildConfigList(ref), + "github.com/openshift/api/build/v1.BuildConfigSpec": schema_openshift_api_build_v1_BuildConfigSpec(ref), + "github.com/openshift/api/build/v1.BuildConfigStatus": schema_openshift_api_build_v1_BuildConfigStatus(ref), + "github.com/openshift/api/build/v1.BuildList": schema_openshift_api_build_v1_BuildList(ref), + "github.com/openshift/api/build/v1.BuildLog": schema_openshift_api_build_v1_BuildLog(ref), + "github.com/openshift/api/build/v1.BuildLogOptions": schema_openshift_api_build_v1_BuildLogOptions(ref), + "github.com/openshift/api/build/v1.BuildOutput": schema_openshift_api_build_v1_BuildOutput(ref), + "github.com/openshift/api/build/v1.BuildPostCommitSpec": schema_openshift_api_build_v1_BuildPostCommitSpec(ref), + "github.com/openshift/api/build/v1.BuildRequest": schema_openshift_api_build_v1_BuildRequest(ref), + "github.com/openshift/api/build/v1.BuildSource": schema_openshift_api_build_v1_BuildSource(ref), + "github.com/openshift/api/build/v1.BuildSpec": schema_openshift_api_build_v1_BuildSpec(ref), + "github.com/openshift/api/build/v1.BuildStatus": schema_openshift_api_build_v1_BuildStatus(ref), + "github.com/openshift/api/build/v1.BuildStatusOutput": schema_openshift_api_build_v1_BuildStatusOutput(ref), + "github.com/openshift/api/build/v1.BuildStatusOutputTo": schema_openshift_api_build_v1_BuildStatusOutputTo(ref), + "github.com/openshift/api/build/v1.BuildStrategy": schema_openshift_api_build_v1_BuildStrategy(ref), + "github.com/openshift/api/build/v1.BuildTriggerCause": schema_openshift_api_build_v1_BuildTriggerCause(ref), + "github.com/openshift/api/build/v1.BuildTriggerPolicy": schema_openshift_api_build_v1_BuildTriggerPolicy(ref), + "github.com/openshift/api/build/v1.BuildVolume": schema_openshift_api_build_v1_BuildVolume(ref), + "github.com/openshift/api/build/v1.BuildVolumeMount": schema_openshift_api_build_v1_BuildVolumeMount(ref), + "github.com/openshift/api/build/v1.BuildVolumeSource": schema_openshift_api_build_v1_BuildVolumeSource(ref), + "github.com/openshift/api/build/v1.CommonSpec": schema_openshift_api_build_v1_CommonSpec(ref), + "github.com/openshift/api/build/v1.CommonWebHookCause": schema_openshift_api_build_v1_CommonWebHookCause(ref), + "github.com/openshift/api/build/v1.ConfigMapBuildSource": schema_openshift_api_build_v1_ConfigMapBuildSource(ref), + "github.com/openshift/api/build/v1.CustomBuildStrategy": schema_openshift_api_build_v1_CustomBuildStrategy(ref), + "github.com/openshift/api/build/v1.DockerBuildStrategy": schema_openshift_api_build_v1_DockerBuildStrategy(ref), + "github.com/openshift/api/build/v1.DockerStrategyOptions": schema_openshift_api_build_v1_DockerStrategyOptions(ref), + "github.com/openshift/api/build/v1.GenericWebHookCause": schema_openshift_api_build_v1_GenericWebHookCause(ref), + "github.com/openshift/api/build/v1.GenericWebHookEvent": schema_openshift_api_build_v1_GenericWebHookEvent(ref), + "github.com/openshift/api/build/v1.GitBuildSource": schema_openshift_api_build_v1_GitBuildSource(ref), + "github.com/openshift/api/build/v1.GitHubWebHookCause": schema_openshift_api_build_v1_GitHubWebHookCause(ref), + "github.com/openshift/api/build/v1.GitInfo": schema_openshift_api_build_v1_GitInfo(ref), + "github.com/openshift/api/build/v1.GitLabWebHookCause": schema_openshift_api_build_v1_GitLabWebHookCause(ref), + "github.com/openshift/api/build/v1.GitRefInfo": schema_openshift_api_build_v1_GitRefInfo(ref), + "github.com/openshift/api/build/v1.GitSourceRevision": schema_openshift_api_build_v1_GitSourceRevision(ref), + "github.com/openshift/api/build/v1.ImageChangeCause": schema_openshift_api_build_v1_ImageChangeCause(ref), + "github.com/openshift/api/build/v1.ImageChangeTrigger": schema_openshift_api_build_v1_ImageChangeTrigger(ref), + "github.com/openshift/api/build/v1.ImageChangeTriggerStatus": schema_openshift_api_build_v1_ImageChangeTriggerStatus(ref), + "github.com/openshift/api/build/v1.ImageLabel": schema_openshift_api_build_v1_ImageLabel(ref), + "github.com/openshift/api/build/v1.ImageSource": schema_openshift_api_build_v1_ImageSource(ref), + "github.com/openshift/api/build/v1.ImageSourcePath": schema_openshift_api_build_v1_ImageSourcePath(ref), + "github.com/openshift/api/build/v1.ImageStreamTagReference": schema_openshift_api_build_v1_ImageStreamTagReference(ref), + "github.com/openshift/api/build/v1.JenkinsPipelineBuildStrategy": schema_openshift_api_build_v1_JenkinsPipelineBuildStrategy(ref), + "github.com/openshift/api/build/v1.ProxyConfig": schema_openshift_api_build_v1_ProxyConfig(ref), + "github.com/openshift/api/build/v1.SecretBuildSource": schema_openshift_api_build_v1_SecretBuildSource(ref), + "github.com/openshift/api/build/v1.SecretLocalReference": schema_openshift_api_build_v1_SecretLocalReference(ref), + "github.com/openshift/api/build/v1.SecretSpec": schema_openshift_api_build_v1_SecretSpec(ref), + "github.com/openshift/api/build/v1.SourceBuildStrategy": schema_openshift_api_build_v1_SourceBuildStrategy(ref), + "github.com/openshift/api/build/v1.SourceControlUser": schema_openshift_api_build_v1_SourceControlUser(ref), + "github.com/openshift/api/build/v1.SourceRevision": schema_openshift_api_build_v1_SourceRevision(ref), + "github.com/openshift/api/build/v1.SourceStrategyOptions": schema_openshift_api_build_v1_SourceStrategyOptions(ref), + "github.com/openshift/api/build/v1.StageInfo": schema_openshift_api_build_v1_StageInfo(ref), + "github.com/openshift/api/build/v1.StepInfo": schema_openshift_api_build_v1_StepInfo(ref), + "github.com/openshift/api/build/v1.WebHookTrigger": schema_openshift_api_build_v1_WebHookTrigger(ref), + "github.com/openshift/api/cloudnetwork/v1.CloudPrivateIPConfig": schema_openshift_api_cloudnetwork_v1_CloudPrivateIPConfig(ref), + "github.com/openshift/api/cloudnetwork/v1.CloudPrivateIPConfigSpec": schema_openshift_api_cloudnetwork_v1_CloudPrivateIPConfigSpec(ref), + "github.com/openshift/api/cloudnetwork/v1.CloudPrivateIPConfigStatus": schema_openshift_api_cloudnetwork_v1_CloudPrivateIPConfigStatus(ref), + "github.com/openshift/api/config/v1.APIServer": schema_openshift_api_config_v1_APIServer(ref), + "github.com/openshift/api/config/v1.APIServerEncryption": schema_openshift_api_config_v1_APIServerEncryption(ref), + "github.com/openshift/api/config/v1.APIServerList": schema_openshift_api_config_v1_APIServerList(ref), + "github.com/openshift/api/config/v1.APIServerNamedServingCert": schema_openshift_api_config_v1_APIServerNamedServingCert(ref), + "github.com/openshift/api/config/v1.APIServerServingCerts": schema_openshift_api_config_v1_APIServerServingCerts(ref), + "github.com/openshift/api/config/v1.APIServerSpec": schema_openshift_api_config_v1_APIServerSpec(ref), + "github.com/openshift/api/config/v1.APIServerStatus": schema_openshift_api_config_v1_APIServerStatus(ref), + "github.com/openshift/api/config/v1.AWSDNSSpec": schema_openshift_api_config_v1_AWSDNSSpec(ref), + "github.com/openshift/api/config/v1.AWSIngressSpec": schema_openshift_api_config_v1_AWSIngressSpec(ref), + "github.com/openshift/api/config/v1.AWSKMSConfig": schema_openshift_api_config_v1_AWSKMSConfig(ref), + "github.com/openshift/api/config/v1.AWSPlatformSpec": schema_openshift_api_config_v1_AWSPlatformSpec(ref), + "github.com/openshift/api/config/v1.AWSPlatformStatus": schema_openshift_api_config_v1_AWSPlatformStatus(ref), + "github.com/openshift/api/config/v1.AWSResourceTag": schema_openshift_api_config_v1_AWSResourceTag(ref), + "github.com/openshift/api/config/v1.AWSServiceEndpoint": schema_openshift_api_config_v1_AWSServiceEndpoint(ref), + "github.com/openshift/api/config/v1.AcceptRisk": schema_openshift_api_config_v1_AcceptRisk(ref), + "github.com/openshift/api/config/v1.AdmissionConfig": schema_openshift_api_config_v1_AdmissionConfig(ref), + "github.com/openshift/api/config/v1.AdmissionPluginConfig": schema_openshift_api_config_v1_AdmissionPluginConfig(ref), + "github.com/openshift/api/config/v1.AlibabaCloudPlatformSpec": schema_openshift_api_config_v1_AlibabaCloudPlatformSpec(ref), + "github.com/openshift/api/config/v1.AlibabaCloudPlatformStatus": schema_openshift_api_config_v1_AlibabaCloudPlatformStatus(ref), + "github.com/openshift/api/config/v1.AlibabaCloudResourceTag": schema_openshift_api_config_v1_AlibabaCloudResourceTag(ref), + "github.com/openshift/api/config/v1.Audit": schema_openshift_api_config_v1_Audit(ref), + "github.com/openshift/api/config/v1.AuditConfig": schema_openshift_api_config_v1_AuditConfig(ref), + "github.com/openshift/api/config/v1.AuditCustomRule": schema_openshift_api_config_v1_AuditCustomRule(ref), + "github.com/openshift/api/config/v1.Authentication": schema_openshift_api_config_v1_Authentication(ref), + "github.com/openshift/api/config/v1.AuthenticationList": schema_openshift_api_config_v1_AuthenticationList(ref), + "github.com/openshift/api/config/v1.AuthenticationSpec": schema_openshift_api_config_v1_AuthenticationSpec(ref), + "github.com/openshift/api/config/v1.AuthenticationStatus": schema_openshift_api_config_v1_AuthenticationStatus(ref), + "github.com/openshift/api/config/v1.AzurePlatformSpec": schema_openshift_api_config_v1_AzurePlatformSpec(ref), + "github.com/openshift/api/config/v1.AzurePlatformStatus": schema_openshift_api_config_v1_AzurePlatformStatus(ref), + "github.com/openshift/api/config/v1.AzureResourceTag": schema_openshift_api_config_v1_AzureResourceTag(ref), + "github.com/openshift/api/config/v1.BareMetalPlatformLoadBalancer": schema_openshift_api_config_v1_BareMetalPlatformLoadBalancer(ref), + "github.com/openshift/api/config/v1.BareMetalPlatformSpec": schema_openshift_api_config_v1_BareMetalPlatformSpec(ref), + "github.com/openshift/api/config/v1.BareMetalPlatformStatus": schema_openshift_api_config_v1_BareMetalPlatformStatus(ref), + "github.com/openshift/api/config/v1.BasicAuthIdentityProvider": schema_openshift_api_config_v1_BasicAuthIdentityProvider(ref), + "github.com/openshift/api/config/v1.Build": schema_openshift_api_config_v1_Build(ref), + "github.com/openshift/api/config/v1.BuildDefaults": schema_openshift_api_config_v1_BuildDefaults(ref), + "github.com/openshift/api/config/v1.BuildList": schema_openshift_api_config_v1_BuildList(ref), + "github.com/openshift/api/config/v1.BuildOverrides": schema_openshift_api_config_v1_BuildOverrides(ref), + "github.com/openshift/api/config/v1.BuildSpec": schema_openshift_api_config_v1_BuildSpec(ref), + "github.com/openshift/api/config/v1.CertInfo": schema_openshift_api_config_v1_CertInfo(ref), + "github.com/openshift/api/config/v1.ClientConnectionOverrides": schema_openshift_api_config_v1_ClientConnectionOverrides(ref), + "github.com/openshift/api/config/v1.CloudControllerManagerStatus": schema_openshift_api_config_v1_CloudControllerManagerStatus(ref), + "github.com/openshift/api/config/v1.CloudLoadBalancerConfig": schema_openshift_api_config_v1_CloudLoadBalancerConfig(ref), + "github.com/openshift/api/config/v1.CloudLoadBalancerIPs": schema_openshift_api_config_v1_CloudLoadBalancerIPs(ref), + "github.com/openshift/api/config/v1.ClusterCondition": schema_openshift_api_config_v1_ClusterCondition(ref), + "github.com/openshift/api/config/v1.ClusterImagePolicy": schema_openshift_api_config_v1_ClusterImagePolicy(ref), + "github.com/openshift/api/config/v1.ClusterImagePolicyList": schema_openshift_api_config_v1_ClusterImagePolicyList(ref), + "github.com/openshift/api/config/v1.ClusterImagePolicySpec": schema_openshift_api_config_v1_ClusterImagePolicySpec(ref), + "github.com/openshift/api/config/v1.ClusterImagePolicyStatus": schema_openshift_api_config_v1_ClusterImagePolicyStatus(ref), + "github.com/openshift/api/config/v1.ClusterNetworkEntry": schema_openshift_api_config_v1_ClusterNetworkEntry(ref), + "github.com/openshift/api/config/v1.ClusterOperator": schema_openshift_api_config_v1_ClusterOperator(ref), + "github.com/openshift/api/config/v1.ClusterOperatorList": schema_openshift_api_config_v1_ClusterOperatorList(ref), + "github.com/openshift/api/config/v1.ClusterOperatorSpec": schema_openshift_api_config_v1_ClusterOperatorSpec(ref), + "github.com/openshift/api/config/v1.ClusterOperatorStatus": schema_openshift_api_config_v1_ClusterOperatorStatus(ref), + "github.com/openshift/api/config/v1.ClusterOperatorStatusCondition": schema_openshift_api_config_v1_ClusterOperatorStatusCondition(ref), + "github.com/openshift/api/config/v1.ClusterVersion": schema_openshift_api_config_v1_ClusterVersion(ref), + "github.com/openshift/api/config/v1.ClusterVersionCapabilitiesSpec": schema_openshift_api_config_v1_ClusterVersionCapabilitiesSpec(ref), + "github.com/openshift/api/config/v1.ClusterVersionCapabilitiesStatus": schema_openshift_api_config_v1_ClusterVersionCapabilitiesStatus(ref), + "github.com/openshift/api/config/v1.ClusterVersionList": schema_openshift_api_config_v1_ClusterVersionList(ref), + "github.com/openshift/api/config/v1.ClusterVersionSpec": schema_openshift_api_config_v1_ClusterVersionSpec(ref), + "github.com/openshift/api/config/v1.ClusterVersionStatus": schema_openshift_api_config_v1_ClusterVersionStatus(ref), + "github.com/openshift/api/config/v1.ComponentOverride": schema_openshift_api_config_v1_ComponentOverride(ref), + "github.com/openshift/api/config/v1.ComponentRouteSpec": schema_openshift_api_config_v1_ComponentRouteSpec(ref), + "github.com/openshift/api/config/v1.ComponentRouteStatus": schema_openshift_api_config_v1_ComponentRouteStatus(ref), + "github.com/openshift/api/config/v1.ConditionalUpdate": schema_openshift_api_config_v1_ConditionalUpdate(ref), + "github.com/openshift/api/config/v1.ConditionalUpdateRisk": schema_openshift_api_config_v1_ConditionalUpdateRisk(ref), + "github.com/openshift/api/config/v1.ConfigMapFileReference": schema_openshift_api_config_v1_ConfigMapFileReference(ref), + "github.com/openshift/api/config/v1.ConfigMapNameReference": schema_openshift_api_config_v1_ConfigMapNameReference(ref), + "github.com/openshift/api/config/v1.Console": schema_openshift_api_config_v1_Console(ref), + "github.com/openshift/api/config/v1.ConsoleAuthentication": schema_openshift_api_config_v1_ConsoleAuthentication(ref), + "github.com/openshift/api/config/v1.ConsoleList": schema_openshift_api_config_v1_ConsoleList(ref), + "github.com/openshift/api/config/v1.ConsoleSpec": schema_openshift_api_config_v1_ConsoleSpec(ref), + "github.com/openshift/api/config/v1.ConsoleStatus": schema_openshift_api_config_v1_ConsoleStatus(ref), + "github.com/openshift/api/config/v1.Custom": schema_openshift_api_config_v1_Custom(ref), + "github.com/openshift/api/config/v1.CustomFeatureGates": schema_openshift_api_config_v1_CustomFeatureGates(ref), + "github.com/openshift/api/config/v1.CustomTLSProfile": schema_openshift_api_config_v1_CustomTLSProfile(ref), + "github.com/openshift/api/config/v1.DNS": schema_openshift_api_config_v1_DNS(ref), + "github.com/openshift/api/config/v1.DNSList": schema_openshift_api_config_v1_DNSList(ref), + "github.com/openshift/api/config/v1.DNSPlatformSpec": schema_openshift_api_config_v1_DNSPlatformSpec(ref), + "github.com/openshift/api/config/v1.DNSSpec": schema_openshift_api_config_v1_DNSSpec(ref), + "github.com/openshift/api/config/v1.DNSStatus": schema_openshift_api_config_v1_DNSStatus(ref), + "github.com/openshift/api/config/v1.DNSZone": schema_openshift_api_config_v1_DNSZone(ref), + "github.com/openshift/api/config/v1.DelegatedAuthentication": schema_openshift_api_config_v1_DelegatedAuthentication(ref), + "github.com/openshift/api/config/v1.DelegatedAuthorization": schema_openshift_api_config_v1_DelegatedAuthorization(ref), + "github.com/openshift/api/config/v1.DeprecatedWebhookTokenAuthenticator": schema_openshift_api_config_v1_DeprecatedWebhookTokenAuthenticator(ref), + "github.com/openshift/api/config/v1.EquinixMetalPlatformSpec": schema_openshift_api_config_v1_EquinixMetalPlatformSpec(ref), + "github.com/openshift/api/config/v1.EquinixMetalPlatformStatus": schema_openshift_api_config_v1_EquinixMetalPlatformStatus(ref), + "github.com/openshift/api/config/v1.EtcdConnectionInfo": schema_openshift_api_config_v1_EtcdConnectionInfo(ref), + "github.com/openshift/api/config/v1.EtcdStorageConfig": schema_openshift_api_config_v1_EtcdStorageConfig(ref), + "github.com/openshift/api/config/v1.ExternalIPConfig": schema_openshift_api_config_v1_ExternalIPConfig(ref), + "github.com/openshift/api/config/v1.ExternalIPPolicy": schema_openshift_api_config_v1_ExternalIPPolicy(ref), + "github.com/openshift/api/config/v1.ExternalPlatformSpec": schema_openshift_api_config_v1_ExternalPlatformSpec(ref), + "github.com/openshift/api/config/v1.ExternalPlatformStatus": schema_openshift_api_config_v1_ExternalPlatformStatus(ref), + "github.com/openshift/api/config/v1.ExtraMapping": schema_openshift_api_config_v1_ExtraMapping(ref), + "github.com/openshift/api/config/v1.FeatureGate": schema_openshift_api_config_v1_FeatureGate(ref), + "github.com/openshift/api/config/v1.FeatureGateAttributes": schema_openshift_api_config_v1_FeatureGateAttributes(ref), + "github.com/openshift/api/config/v1.FeatureGateDetails": schema_openshift_api_config_v1_FeatureGateDetails(ref), + "github.com/openshift/api/config/v1.FeatureGateList": schema_openshift_api_config_v1_FeatureGateList(ref), + "github.com/openshift/api/config/v1.FeatureGateSelection": schema_openshift_api_config_v1_FeatureGateSelection(ref), + "github.com/openshift/api/config/v1.FeatureGateSpec": schema_openshift_api_config_v1_FeatureGateSpec(ref), + "github.com/openshift/api/config/v1.FeatureGateStatus": schema_openshift_api_config_v1_FeatureGateStatus(ref), + "github.com/openshift/api/config/v1.FeatureGateTests": schema_openshift_api_config_v1_FeatureGateTests(ref), + "github.com/openshift/api/config/v1.GCPPlatformSpec": schema_openshift_api_config_v1_GCPPlatformSpec(ref), + "github.com/openshift/api/config/v1.GCPPlatformStatus": schema_openshift_api_config_v1_GCPPlatformStatus(ref), + "github.com/openshift/api/config/v1.GCPResourceLabel": schema_openshift_api_config_v1_GCPResourceLabel(ref), + "github.com/openshift/api/config/v1.GCPResourceTag": schema_openshift_api_config_v1_GCPResourceTag(ref), + "github.com/openshift/api/config/v1.GatherConfig": schema_openshift_api_config_v1_GatherConfig(ref), + "github.com/openshift/api/config/v1.GathererConfig": schema_openshift_api_config_v1_GathererConfig(ref), + "github.com/openshift/api/config/v1.Gatherers": schema_openshift_api_config_v1_Gatherers(ref), + "github.com/openshift/api/config/v1.GenericAPIServerConfig": schema_openshift_api_config_v1_GenericAPIServerConfig(ref), + "github.com/openshift/api/config/v1.GenericControllerConfig": schema_openshift_api_config_v1_GenericControllerConfig(ref), + "github.com/openshift/api/config/v1.GitHubIdentityProvider": schema_openshift_api_config_v1_GitHubIdentityProvider(ref), + "github.com/openshift/api/config/v1.GitLabIdentityProvider": schema_openshift_api_config_v1_GitLabIdentityProvider(ref), + "github.com/openshift/api/config/v1.GoogleIdentityProvider": schema_openshift_api_config_v1_GoogleIdentityProvider(ref), + "github.com/openshift/api/config/v1.HTPasswdIdentityProvider": schema_openshift_api_config_v1_HTPasswdIdentityProvider(ref), + "github.com/openshift/api/config/v1.HTTPServingInfo": schema_openshift_api_config_v1_HTTPServingInfo(ref), + "github.com/openshift/api/config/v1.HubSource": schema_openshift_api_config_v1_HubSource(ref), + "github.com/openshift/api/config/v1.HubSourceStatus": schema_openshift_api_config_v1_HubSourceStatus(ref), + "github.com/openshift/api/config/v1.IBMCloudPlatformSpec": schema_openshift_api_config_v1_IBMCloudPlatformSpec(ref), + "github.com/openshift/api/config/v1.IBMCloudPlatformStatus": schema_openshift_api_config_v1_IBMCloudPlatformStatus(ref), + "github.com/openshift/api/config/v1.IBMCloudServiceEndpoint": schema_openshift_api_config_v1_IBMCloudServiceEndpoint(ref), + "github.com/openshift/api/config/v1.IdentityProvider": schema_openshift_api_config_v1_IdentityProvider(ref), + "github.com/openshift/api/config/v1.IdentityProviderConfig": schema_openshift_api_config_v1_IdentityProviderConfig(ref), + "github.com/openshift/api/config/v1.Image": schema_openshift_api_config_v1_Image(ref), + "github.com/openshift/api/config/v1.ImageContentPolicy": schema_openshift_api_config_v1_ImageContentPolicy(ref), + "github.com/openshift/api/config/v1.ImageContentPolicyList": schema_openshift_api_config_v1_ImageContentPolicyList(ref), + "github.com/openshift/api/config/v1.ImageContentPolicySpec": schema_openshift_api_config_v1_ImageContentPolicySpec(ref), + "github.com/openshift/api/config/v1.ImageDigestMirrorSet": schema_openshift_api_config_v1_ImageDigestMirrorSet(ref), + "github.com/openshift/api/config/v1.ImageDigestMirrorSetList": schema_openshift_api_config_v1_ImageDigestMirrorSetList(ref), + "github.com/openshift/api/config/v1.ImageDigestMirrorSetSpec": schema_openshift_api_config_v1_ImageDigestMirrorSetSpec(ref), + "github.com/openshift/api/config/v1.ImageDigestMirrorSetStatus": schema_openshift_api_config_v1_ImageDigestMirrorSetStatus(ref), + "github.com/openshift/api/config/v1.ImageDigestMirrors": schema_openshift_api_config_v1_ImageDigestMirrors(ref), + "github.com/openshift/api/config/v1.ImageLabel": schema_openshift_api_config_v1_ImageLabel(ref), + "github.com/openshift/api/config/v1.ImageList": schema_openshift_api_config_v1_ImageList(ref), + "github.com/openshift/api/config/v1.ImagePolicy": schema_openshift_api_config_v1_ImagePolicy(ref), + "github.com/openshift/api/config/v1.ImagePolicyFulcioCAWithRekorRootOfTrust": schema_openshift_api_config_v1_ImagePolicyFulcioCAWithRekorRootOfTrust(ref), + "github.com/openshift/api/config/v1.ImagePolicyList": schema_openshift_api_config_v1_ImagePolicyList(ref), + "github.com/openshift/api/config/v1.ImagePolicyPKIRootOfTrust": schema_openshift_api_config_v1_ImagePolicyPKIRootOfTrust(ref), + "github.com/openshift/api/config/v1.ImagePolicyPublicKeyRootOfTrust": schema_openshift_api_config_v1_ImagePolicyPublicKeyRootOfTrust(ref), + "github.com/openshift/api/config/v1.ImagePolicySpec": schema_openshift_api_config_v1_ImagePolicySpec(ref), + "github.com/openshift/api/config/v1.ImagePolicyStatus": schema_openshift_api_config_v1_ImagePolicyStatus(ref), + "github.com/openshift/api/config/v1.ImageSigstoreVerificationPolicy": schema_openshift_api_config_v1_ImageSigstoreVerificationPolicy(ref), + "github.com/openshift/api/config/v1.ImageSpec": schema_openshift_api_config_v1_ImageSpec(ref), + "github.com/openshift/api/config/v1.ImageStatus": schema_openshift_api_config_v1_ImageStatus(ref), + "github.com/openshift/api/config/v1.ImageTagMirrorSet": schema_openshift_api_config_v1_ImageTagMirrorSet(ref), + "github.com/openshift/api/config/v1.ImageTagMirrorSetList": schema_openshift_api_config_v1_ImageTagMirrorSetList(ref), + "github.com/openshift/api/config/v1.ImageTagMirrorSetSpec": schema_openshift_api_config_v1_ImageTagMirrorSetSpec(ref), + "github.com/openshift/api/config/v1.ImageTagMirrorSetStatus": schema_openshift_api_config_v1_ImageTagMirrorSetStatus(ref), + "github.com/openshift/api/config/v1.ImageTagMirrors": schema_openshift_api_config_v1_ImageTagMirrors(ref), + "github.com/openshift/api/config/v1.Infrastructure": schema_openshift_api_config_v1_Infrastructure(ref), + "github.com/openshift/api/config/v1.InfrastructureList": schema_openshift_api_config_v1_InfrastructureList(ref), + "github.com/openshift/api/config/v1.InfrastructureSpec": schema_openshift_api_config_v1_InfrastructureSpec(ref), + "github.com/openshift/api/config/v1.InfrastructureStatus": schema_openshift_api_config_v1_InfrastructureStatus(ref), + "github.com/openshift/api/config/v1.Ingress": schema_openshift_api_config_v1_Ingress(ref), + "github.com/openshift/api/config/v1.IngressList": schema_openshift_api_config_v1_IngressList(ref), + "github.com/openshift/api/config/v1.IngressPlatformSpec": schema_openshift_api_config_v1_IngressPlatformSpec(ref), + "github.com/openshift/api/config/v1.IngressSpec": schema_openshift_api_config_v1_IngressSpec(ref), + "github.com/openshift/api/config/v1.IngressStatus": schema_openshift_api_config_v1_IngressStatus(ref), + "github.com/openshift/api/config/v1.InsightsDataGather": schema_openshift_api_config_v1_InsightsDataGather(ref), + "github.com/openshift/api/config/v1.InsightsDataGatherList": schema_openshift_api_config_v1_InsightsDataGatherList(ref), + "github.com/openshift/api/config/v1.InsightsDataGatherSpec": schema_openshift_api_config_v1_InsightsDataGatherSpec(ref), + "github.com/openshift/api/config/v1.IntermediateTLSProfile": schema_openshift_api_config_v1_IntermediateTLSProfile(ref), + "github.com/openshift/api/config/v1.KMSConfig": schema_openshift_api_config_v1_KMSConfig(ref), + "github.com/openshift/api/config/v1.KeystoneIdentityProvider": schema_openshift_api_config_v1_KeystoneIdentityProvider(ref), + "github.com/openshift/api/config/v1.KubeClientConfig": schema_openshift_api_config_v1_KubeClientConfig(ref), + "github.com/openshift/api/config/v1.KubevirtPlatformSpec": schema_openshift_api_config_v1_KubevirtPlatformSpec(ref), + "github.com/openshift/api/config/v1.KubevirtPlatformStatus": schema_openshift_api_config_v1_KubevirtPlatformStatus(ref), + "github.com/openshift/api/config/v1.LDAPAttributeMapping": schema_openshift_api_config_v1_LDAPAttributeMapping(ref), + "github.com/openshift/api/config/v1.LDAPIdentityProvider": schema_openshift_api_config_v1_LDAPIdentityProvider(ref), + "github.com/openshift/api/config/v1.LeaderElection": schema_openshift_api_config_v1_LeaderElection(ref), + "github.com/openshift/api/config/v1.LoadBalancer": schema_openshift_api_config_v1_LoadBalancer(ref), + "github.com/openshift/api/config/v1.MTUMigration": schema_openshift_api_config_v1_MTUMigration(ref), + "github.com/openshift/api/config/v1.MTUMigrationValues": schema_openshift_api_config_v1_MTUMigrationValues(ref), + "github.com/openshift/api/config/v1.MaxAgePolicy": schema_openshift_api_config_v1_MaxAgePolicy(ref), + "github.com/openshift/api/config/v1.ModernTLSProfile": schema_openshift_api_config_v1_ModernTLSProfile(ref), + "github.com/openshift/api/config/v1.NamedCertificate": schema_openshift_api_config_v1_NamedCertificate(ref), + "github.com/openshift/api/config/v1.Network": schema_openshift_api_config_v1_Network(ref), + "github.com/openshift/api/config/v1.NetworkDiagnostics": schema_openshift_api_config_v1_NetworkDiagnostics(ref), + "github.com/openshift/api/config/v1.NetworkDiagnosticsSourcePlacement": schema_openshift_api_config_v1_NetworkDiagnosticsSourcePlacement(ref), + "github.com/openshift/api/config/v1.NetworkDiagnosticsTargetPlacement": schema_openshift_api_config_v1_NetworkDiagnosticsTargetPlacement(ref), + "github.com/openshift/api/config/v1.NetworkList": schema_openshift_api_config_v1_NetworkList(ref), + "github.com/openshift/api/config/v1.NetworkMigration": schema_openshift_api_config_v1_NetworkMigration(ref), + "github.com/openshift/api/config/v1.NetworkSpec": schema_openshift_api_config_v1_NetworkSpec(ref), + "github.com/openshift/api/config/v1.NetworkStatus": schema_openshift_api_config_v1_NetworkStatus(ref), + "github.com/openshift/api/config/v1.Node": schema_openshift_api_config_v1_Node(ref), + "github.com/openshift/api/config/v1.NodeList": schema_openshift_api_config_v1_NodeList(ref), + "github.com/openshift/api/config/v1.NodeSpec": schema_openshift_api_config_v1_NodeSpec(ref), + "github.com/openshift/api/config/v1.NodeStatus": schema_openshift_api_config_v1_NodeStatus(ref), + "github.com/openshift/api/config/v1.NutanixFailureDomain": schema_openshift_api_config_v1_NutanixFailureDomain(ref), + "github.com/openshift/api/config/v1.NutanixPlatformLoadBalancer": schema_openshift_api_config_v1_NutanixPlatformLoadBalancer(ref), + "github.com/openshift/api/config/v1.NutanixPlatformSpec": schema_openshift_api_config_v1_NutanixPlatformSpec(ref), + "github.com/openshift/api/config/v1.NutanixPlatformStatus": schema_openshift_api_config_v1_NutanixPlatformStatus(ref), + "github.com/openshift/api/config/v1.NutanixPrismElementEndpoint": schema_openshift_api_config_v1_NutanixPrismElementEndpoint(ref), + "github.com/openshift/api/config/v1.NutanixPrismEndpoint": schema_openshift_api_config_v1_NutanixPrismEndpoint(ref), + "github.com/openshift/api/config/v1.NutanixResourceIdentifier": schema_openshift_api_config_v1_NutanixResourceIdentifier(ref), + "github.com/openshift/api/config/v1.OAuth": schema_openshift_api_config_v1_OAuth(ref), + "github.com/openshift/api/config/v1.OAuthList": schema_openshift_api_config_v1_OAuthList(ref), + "github.com/openshift/api/config/v1.OAuthRemoteConnectionInfo": schema_openshift_api_config_v1_OAuthRemoteConnectionInfo(ref), + "github.com/openshift/api/config/v1.OAuthSpec": schema_openshift_api_config_v1_OAuthSpec(ref), + "github.com/openshift/api/config/v1.OAuthStatus": schema_openshift_api_config_v1_OAuthStatus(ref), + "github.com/openshift/api/config/v1.OAuthTemplates": schema_openshift_api_config_v1_OAuthTemplates(ref), + "github.com/openshift/api/config/v1.OIDCClientConfig": schema_openshift_api_config_v1_OIDCClientConfig(ref), + "github.com/openshift/api/config/v1.OIDCClientReference": schema_openshift_api_config_v1_OIDCClientReference(ref), + "github.com/openshift/api/config/v1.OIDCClientStatus": schema_openshift_api_config_v1_OIDCClientStatus(ref), + "github.com/openshift/api/config/v1.OIDCProvider": schema_openshift_api_config_v1_OIDCProvider(ref), + "github.com/openshift/api/config/v1.ObjectReference": schema_openshift_api_config_v1_ObjectReference(ref), + "github.com/openshift/api/config/v1.OldTLSProfile": schema_openshift_api_config_v1_OldTLSProfile(ref), + "github.com/openshift/api/config/v1.OpenIDClaims": schema_openshift_api_config_v1_OpenIDClaims(ref), + "github.com/openshift/api/config/v1.OpenIDIdentityProvider": schema_openshift_api_config_v1_OpenIDIdentityProvider(ref), + "github.com/openshift/api/config/v1.OpenStackPlatformLoadBalancer": schema_openshift_api_config_v1_OpenStackPlatformLoadBalancer(ref), + "github.com/openshift/api/config/v1.OpenStackPlatformSpec": schema_openshift_api_config_v1_OpenStackPlatformSpec(ref), + "github.com/openshift/api/config/v1.OpenStackPlatformStatus": schema_openshift_api_config_v1_OpenStackPlatformStatus(ref), + "github.com/openshift/api/config/v1.OperandVersion": schema_openshift_api_config_v1_OperandVersion(ref), + "github.com/openshift/api/config/v1.OperatorHub": schema_openshift_api_config_v1_OperatorHub(ref), + "github.com/openshift/api/config/v1.OperatorHubList": schema_openshift_api_config_v1_OperatorHubList(ref), + "github.com/openshift/api/config/v1.OperatorHubSpec": schema_openshift_api_config_v1_OperatorHubSpec(ref), + "github.com/openshift/api/config/v1.OperatorHubStatus": schema_openshift_api_config_v1_OperatorHubStatus(ref), + "github.com/openshift/api/config/v1.OvirtPlatformLoadBalancer": schema_openshift_api_config_v1_OvirtPlatformLoadBalancer(ref), + "github.com/openshift/api/config/v1.OvirtPlatformSpec": schema_openshift_api_config_v1_OvirtPlatformSpec(ref), + "github.com/openshift/api/config/v1.OvirtPlatformStatus": schema_openshift_api_config_v1_OvirtPlatformStatus(ref), + "github.com/openshift/api/config/v1.PKICertificateSubject": schema_openshift_api_config_v1_PKICertificateSubject(ref), + "github.com/openshift/api/config/v1.PersistentVolumeClaimReference": schema_openshift_api_config_v1_PersistentVolumeClaimReference(ref), + "github.com/openshift/api/config/v1.PersistentVolumeConfig": schema_openshift_api_config_v1_PersistentVolumeConfig(ref), + "github.com/openshift/api/config/v1.PlatformSpec": schema_openshift_api_config_v1_PlatformSpec(ref), + "github.com/openshift/api/config/v1.PlatformStatus": schema_openshift_api_config_v1_PlatformStatus(ref), + "github.com/openshift/api/config/v1.PolicyFulcioSubject": schema_openshift_api_config_v1_PolicyFulcioSubject(ref), + "github.com/openshift/api/config/v1.PolicyIdentity": schema_openshift_api_config_v1_PolicyIdentity(ref), + "github.com/openshift/api/config/v1.PolicyMatchExactRepository": schema_openshift_api_config_v1_PolicyMatchExactRepository(ref), + "github.com/openshift/api/config/v1.PolicyMatchRemapIdentity": schema_openshift_api_config_v1_PolicyMatchRemapIdentity(ref), + "github.com/openshift/api/config/v1.PolicyRootOfTrust": schema_openshift_api_config_v1_PolicyRootOfTrust(ref), + "github.com/openshift/api/config/v1.PowerVSPlatformSpec": schema_openshift_api_config_v1_PowerVSPlatformSpec(ref), + "github.com/openshift/api/config/v1.PowerVSPlatformStatus": schema_openshift_api_config_v1_PowerVSPlatformStatus(ref), + "github.com/openshift/api/config/v1.PowerVSServiceEndpoint": schema_openshift_api_config_v1_PowerVSServiceEndpoint(ref), + "github.com/openshift/api/config/v1.PrefixedClaimMapping": schema_openshift_api_config_v1_PrefixedClaimMapping(ref), + "github.com/openshift/api/config/v1.ProfileCustomizations": schema_openshift_api_config_v1_ProfileCustomizations(ref), + "github.com/openshift/api/config/v1.Project": schema_openshift_api_config_v1_Project(ref), + "github.com/openshift/api/config/v1.ProjectList": schema_openshift_api_config_v1_ProjectList(ref), + "github.com/openshift/api/config/v1.ProjectSpec": schema_openshift_api_config_v1_ProjectSpec(ref), + "github.com/openshift/api/config/v1.ProjectStatus": schema_openshift_api_config_v1_ProjectStatus(ref), + "github.com/openshift/api/config/v1.PromQLClusterCondition": schema_openshift_api_config_v1_PromQLClusterCondition(ref), + "github.com/openshift/api/config/v1.Proxy": schema_openshift_api_config_v1_Proxy(ref), + "github.com/openshift/api/config/v1.ProxyList": schema_openshift_api_config_v1_ProxyList(ref), + "github.com/openshift/api/config/v1.ProxySpec": schema_openshift_api_config_v1_ProxySpec(ref), + "github.com/openshift/api/config/v1.ProxyStatus": schema_openshift_api_config_v1_ProxyStatus(ref), + "github.com/openshift/api/config/v1.RegistryLocation": schema_openshift_api_config_v1_RegistryLocation(ref), + "github.com/openshift/api/config/v1.RegistrySources": schema_openshift_api_config_v1_RegistrySources(ref), + "github.com/openshift/api/config/v1.Release": schema_openshift_api_config_v1_Release(ref), + "github.com/openshift/api/config/v1.RemoteConnectionInfo": schema_openshift_api_config_v1_RemoteConnectionInfo(ref), + "github.com/openshift/api/config/v1.RepositoryDigestMirrors": schema_openshift_api_config_v1_RepositoryDigestMirrors(ref), + "github.com/openshift/api/config/v1.RequestHeaderIdentityProvider": schema_openshift_api_config_v1_RequestHeaderIdentityProvider(ref), + "github.com/openshift/api/config/v1.RequiredHSTSPolicy": schema_openshift_api_config_v1_RequiredHSTSPolicy(ref), + "github.com/openshift/api/config/v1.Scheduler": schema_openshift_api_config_v1_Scheduler(ref), + "github.com/openshift/api/config/v1.SchedulerList": schema_openshift_api_config_v1_SchedulerList(ref), + "github.com/openshift/api/config/v1.SchedulerSpec": schema_openshift_api_config_v1_SchedulerSpec(ref), + "github.com/openshift/api/config/v1.SchedulerStatus": schema_openshift_api_config_v1_SchedulerStatus(ref), + "github.com/openshift/api/config/v1.SecretNameReference": schema_openshift_api_config_v1_SecretNameReference(ref), + "github.com/openshift/api/config/v1.ServingInfo": schema_openshift_api_config_v1_ServingInfo(ref), + "github.com/openshift/api/config/v1.SignatureStore": schema_openshift_api_config_v1_SignatureStore(ref), + "github.com/openshift/api/config/v1.Storage": schema_openshift_api_config_v1_Storage(ref), + "github.com/openshift/api/config/v1.StringSource": schema_openshift_api_config_v1_StringSource(ref), + "github.com/openshift/api/config/v1.StringSourceSpec": schema_openshift_api_config_v1_StringSourceSpec(ref), + "github.com/openshift/api/config/v1.TLSProfileSpec": schema_openshift_api_config_v1_TLSProfileSpec(ref), + "github.com/openshift/api/config/v1.TLSSecurityProfile": schema_openshift_api_config_v1_TLSSecurityProfile(ref), + "github.com/openshift/api/config/v1.TemplateReference": schema_openshift_api_config_v1_TemplateReference(ref), + "github.com/openshift/api/config/v1.TestDetails": schema_openshift_api_config_v1_TestDetails(ref), + "github.com/openshift/api/config/v1.TestReporting": schema_openshift_api_config_v1_TestReporting(ref), + "github.com/openshift/api/config/v1.TestReportingSpec": schema_openshift_api_config_v1_TestReportingSpec(ref), + "github.com/openshift/api/config/v1.TestReportingStatus": schema_openshift_api_config_v1_TestReportingStatus(ref), + "github.com/openshift/api/config/v1.TokenClaimMapping": schema_openshift_api_config_v1_TokenClaimMapping(ref), + "github.com/openshift/api/config/v1.TokenClaimMappings": schema_openshift_api_config_v1_TokenClaimMappings(ref), + "github.com/openshift/api/config/v1.TokenClaimOrExpressionMapping": schema_openshift_api_config_v1_TokenClaimOrExpressionMapping(ref), + "github.com/openshift/api/config/v1.TokenClaimValidationCELRule": schema_openshift_api_config_v1_TokenClaimValidationCELRule(ref), + "github.com/openshift/api/config/v1.TokenClaimValidationRule": schema_openshift_api_config_v1_TokenClaimValidationRule(ref), + "github.com/openshift/api/config/v1.TokenConfig": schema_openshift_api_config_v1_TokenConfig(ref), + "github.com/openshift/api/config/v1.TokenIssuer": schema_openshift_api_config_v1_TokenIssuer(ref), + "github.com/openshift/api/config/v1.TokenRequiredClaim": schema_openshift_api_config_v1_TokenRequiredClaim(ref), + "github.com/openshift/api/config/v1.TokenUserValidationRule": schema_openshift_api_config_v1_TokenUserValidationRule(ref), + "github.com/openshift/api/config/v1.Update": schema_openshift_api_config_v1_Update(ref), + "github.com/openshift/api/config/v1.UpdateHistory": schema_openshift_api_config_v1_UpdateHistory(ref), + "github.com/openshift/api/config/v1.UsernameClaimMapping": schema_openshift_api_config_v1_UsernameClaimMapping(ref), + "github.com/openshift/api/config/v1.UsernamePrefix": schema_openshift_api_config_v1_UsernamePrefix(ref), + "github.com/openshift/api/config/v1.VSphereFailureDomainHostGroup": schema_openshift_api_config_v1_VSphereFailureDomainHostGroup(ref), + "github.com/openshift/api/config/v1.VSphereFailureDomainRegionAffinity": schema_openshift_api_config_v1_VSphereFailureDomainRegionAffinity(ref), + "github.com/openshift/api/config/v1.VSphereFailureDomainZoneAffinity": schema_openshift_api_config_v1_VSphereFailureDomainZoneAffinity(ref), + "github.com/openshift/api/config/v1.VSpherePlatformFailureDomainSpec": schema_openshift_api_config_v1_VSpherePlatformFailureDomainSpec(ref), + "github.com/openshift/api/config/v1.VSpherePlatformLoadBalancer": schema_openshift_api_config_v1_VSpherePlatformLoadBalancer(ref), + "github.com/openshift/api/config/v1.VSpherePlatformNodeNetworking": schema_openshift_api_config_v1_VSpherePlatformNodeNetworking(ref), + "github.com/openshift/api/config/v1.VSpherePlatformNodeNetworkingSpec": schema_openshift_api_config_v1_VSpherePlatformNodeNetworkingSpec(ref), + "github.com/openshift/api/config/v1.VSpherePlatformSpec": schema_openshift_api_config_v1_VSpherePlatformSpec(ref), + "github.com/openshift/api/config/v1.VSpherePlatformStatus": schema_openshift_api_config_v1_VSpherePlatformStatus(ref), + "github.com/openshift/api/config/v1.VSpherePlatformTopology": schema_openshift_api_config_v1_VSpherePlatformTopology(ref), + "github.com/openshift/api/config/v1.VSpherePlatformVCenterSpec": schema_openshift_api_config_v1_VSpherePlatformVCenterSpec(ref), + "github.com/openshift/api/config/v1.WebhookTokenAuthenticator": schema_openshift_api_config_v1_WebhookTokenAuthenticator(ref), + "github.com/openshift/api/config/v1alpha1.AdditionalAlertmanagerConfig": schema_openshift_api_config_v1alpha1_AdditionalAlertmanagerConfig(ref), + "github.com/openshift/api/config/v1alpha1.AlertmanagerConfig": schema_openshift_api_config_v1alpha1_AlertmanagerConfig(ref), + "github.com/openshift/api/config/v1alpha1.AlertmanagerCustomConfig": schema_openshift_api_config_v1alpha1_AlertmanagerCustomConfig(ref), + "github.com/openshift/api/config/v1alpha1.Audit": schema_openshift_api_config_v1alpha1_Audit(ref), + "github.com/openshift/api/config/v1alpha1.AuthorizationConfig": schema_openshift_api_config_v1alpha1_AuthorizationConfig(ref), + "github.com/openshift/api/config/v1alpha1.Backup": schema_openshift_api_config_v1alpha1_Backup(ref), + "github.com/openshift/api/config/v1alpha1.BackupList": schema_openshift_api_config_v1alpha1_BackupList(ref), + "github.com/openshift/api/config/v1alpha1.BackupSpec": schema_openshift_api_config_v1alpha1_BackupSpec(ref), + "github.com/openshift/api/config/v1alpha1.BackupStatus": schema_openshift_api_config_v1alpha1_BackupStatus(ref), + "github.com/openshift/api/config/v1alpha1.BasicAuth": schema_openshift_api_config_v1alpha1_BasicAuth(ref), + "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfig": schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfig(ref), + "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigList": schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigList(ref), + "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigSpec": schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigSpec(ref), + "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigStatus": schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigStatus(ref), + "github.com/openshift/api/config/v1alpha1.CertificateConfig": schema_openshift_api_config_v1alpha1_CertificateConfig(ref), + "github.com/openshift/api/config/v1alpha1.ClusterMonitoring": schema_openshift_api_config_v1alpha1_ClusterMonitoring(ref), + "github.com/openshift/api/config/v1alpha1.ClusterMonitoringList": schema_openshift_api_config_v1alpha1_ClusterMonitoringList(ref), + "github.com/openshift/api/config/v1alpha1.ClusterMonitoringSpec": schema_openshift_api_config_v1alpha1_ClusterMonitoringSpec(ref), + "github.com/openshift/api/config/v1alpha1.ClusterMonitoringStatus": schema_openshift_api_config_v1alpha1_ClusterMonitoringStatus(ref), + "github.com/openshift/api/config/v1alpha1.ContainerResource": schema_openshift_api_config_v1alpha1_ContainerResource(ref), + "github.com/openshift/api/config/v1alpha1.CustomPKIPolicy": schema_openshift_api_config_v1alpha1_CustomPKIPolicy(ref), + "github.com/openshift/api/config/v1alpha1.DefaultCertificateConfig": schema_openshift_api_config_v1alpha1_DefaultCertificateConfig(ref), + "github.com/openshift/api/config/v1alpha1.DropEqualActionConfig": schema_openshift_api_config_v1alpha1_DropEqualActionConfig(ref), + "github.com/openshift/api/config/v1alpha1.ECDSAKeyConfig": schema_openshift_api_config_v1alpha1_ECDSAKeyConfig(ref), + "github.com/openshift/api/config/v1alpha1.EtcdBackupSpec": schema_openshift_api_config_v1alpha1_EtcdBackupSpec(ref), + "github.com/openshift/api/config/v1alpha1.GatherConfig": schema_openshift_api_config_v1alpha1_GatherConfig(ref), + "github.com/openshift/api/config/v1alpha1.HashModActionConfig": schema_openshift_api_config_v1alpha1_HashModActionConfig(ref), + "github.com/openshift/api/config/v1alpha1.InsightsDataGather": schema_openshift_api_config_v1alpha1_InsightsDataGather(ref), + "github.com/openshift/api/config/v1alpha1.InsightsDataGatherList": schema_openshift_api_config_v1alpha1_InsightsDataGatherList(ref), + "github.com/openshift/api/config/v1alpha1.InsightsDataGatherSpec": schema_openshift_api_config_v1alpha1_InsightsDataGatherSpec(ref), + "github.com/openshift/api/config/v1alpha1.InsightsDataGatherStatus": schema_openshift_api_config_v1alpha1_InsightsDataGatherStatus(ref), + "github.com/openshift/api/config/v1alpha1.KeepEqualActionConfig": schema_openshift_api_config_v1alpha1_KeepEqualActionConfig(ref), + "github.com/openshift/api/config/v1alpha1.KeyConfig": schema_openshift_api_config_v1alpha1_KeyConfig(ref), + "github.com/openshift/api/config/v1alpha1.Label": schema_openshift_api_config_v1alpha1_Label(ref), + "github.com/openshift/api/config/v1alpha1.LabelMapActionConfig": schema_openshift_api_config_v1alpha1_LabelMapActionConfig(ref), + "github.com/openshift/api/config/v1alpha1.LowercaseActionConfig": schema_openshift_api_config_v1alpha1_LowercaseActionConfig(ref), + "github.com/openshift/api/config/v1alpha1.MetadataConfig": schema_openshift_api_config_v1alpha1_MetadataConfig(ref), + "github.com/openshift/api/config/v1alpha1.MetadataConfigCustom": schema_openshift_api_config_v1alpha1_MetadataConfigCustom(ref), + "github.com/openshift/api/config/v1alpha1.MetricsServerConfig": schema_openshift_api_config_v1alpha1_MetricsServerConfig(ref), + "github.com/openshift/api/config/v1alpha1.OAuth2": schema_openshift_api_config_v1alpha1_OAuth2(ref), + "github.com/openshift/api/config/v1alpha1.OAuth2EndpointParam": schema_openshift_api_config_v1alpha1_OAuth2EndpointParam(ref), + "github.com/openshift/api/config/v1alpha1.OpenShiftStateMetricsConfig": schema_openshift_api_config_v1alpha1_OpenShiftStateMetricsConfig(ref), + "github.com/openshift/api/config/v1alpha1.PKI": schema_openshift_api_config_v1alpha1_PKI(ref), + "github.com/openshift/api/config/v1alpha1.PKICertificateManagement": schema_openshift_api_config_v1alpha1_PKICertificateManagement(ref), + "github.com/openshift/api/config/v1alpha1.PKIList": schema_openshift_api_config_v1alpha1_PKIList(ref), + "github.com/openshift/api/config/v1alpha1.PKIProfile": schema_openshift_api_config_v1alpha1_PKIProfile(ref), + "github.com/openshift/api/config/v1alpha1.PKISpec": schema_openshift_api_config_v1alpha1_PKISpec(ref), + "github.com/openshift/api/config/v1alpha1.PersistentVolumeClaimReference": schema_openshift_api_config_v1alpha1_PersistentVolumeClaimReference(ref), + "github.com/openshift/api/config/v1alpha1.PersistentVolumeConfig": schema_openshift_api_config_v1alpha1_PersistentVolumeConfig(ref), + "github.com/openshift/api/config/v1alpha1.PrometheusConfig": schema_openshift_api_config_v1alpha1_PrometheusConfig(ref), + "github.com/openshift/api/config/v1alpha1.PrometheusOperatorAdmissionWebhookConfig": schema_openshift_api_config_v1alpha1_PrometheusOperatorAdmissionWebhookConfig(ref), + "github.com/openshift/api/config/v1alpha1.PrometheusOperatorConfig": schema_openshift_api_config_v1alpha1_PrometheusOperatorConfig(ref), + "github.com/openshift/api/config/v1alpha1.PrometheusRemoteWriteHeader": schema_openshift_api_config_v1alpha1_PrometheusRemoteWriteHeader(ref), + "github.com/openshift/api/config/v1alpha1.QueueConfig": schema_openshift_api_config_v1alpha1_QueueConfig(ref), + "github.com/openshift/api/config/v1alpha1.RSAKeyConfig": schema_openshift_api_config_v1alpha1_RSAKeyConfig(ref), + "github.com/openshift/api/config/v1alpha1.RelabelActionConfig": schema_openshift_api_config_v1alpha1_RelabelActionConfig(ref), + "github.com/openshift/api/config/v1alpha1.RelabelConfig": schema_openshift_api_config_v1alpha1_RelabelConfig(ref), + "github.com/openshift/api/config/v1alpha1.RemoteWriteAuthorization": schema_openshift_api_config_v1alpha1_RemoteWriteAuthorization(ref), + "github.com/openshift/api/config/v1alpha1.RemoteWriteSpec": schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref), + "github.com/openshift/api/config/v1alpha1.ReplaceActionConfig": schema_openshift_api_config_v1alpha1_ReplaceActionConfig(ref), + "github.com/openshift/api/config/v1alpha1.Retention": schema_openshift_api_config_v1alpha1_Retention(ref), + "github.com/openshift/api/config/v1alpha1.RetentionNumberConfig": schema_openshift_api_config_v1alpha1_RetentionNumberConfig(ref), + "github.com/openshift/api/config/v1alpha1.RetentionPolicy": schema_openshift_api_config_v1alpha1_RetentionPolicy(ref), + "github.com/openshift/api/config/v1alpha1.RetentionSizeConfig": schema_openshift_api_config_v1alpha1_RetentionSizeConfig(ref), + "github.com/openshift/api/config/v1alpha1.SecretKeySelector": schema_openshift_api_config_v1alpha1_SecretKeySelector(ref), + "github.com/openshift/api/config/v1alpha1.Sigv4": schema_openshift_api_config_v1alpha1_Sigv4(ref), + "github.com/openshift/api/config/v1alpha1.Storage": schema_openshift_api_config_v1alpha1_Storage(ref), + "github.com/openshift/api/config/v1alpha1.TLSConfig": schema_openshift_api_config_v1alpha1_TLSConfig(ref), + "github.com/openshift/api/config/v1alpha1.TelemeterClientConfig": schema_openshift_api_config_v1alpha1_TelemeterClientConfig(ref), + "github.com/openshift/api/config/v1alpha1.UppercaseActionConfig": schema_openshift_api_config_v1alpha1_UppercaseActionConfig(ref), + "github.com/openshift/api/config/v1alpha1.UserDefinedMonitoring": schema_openshift_api_config_v1alpha1_UserDefinedMonitoring(ref), + "github.com/openshift/api/config/v1alpha2.Custom": schema_openshift_api_config_v1alpha2_Custom(ref), + "github.com/openshift/api/config/v1alpha2.GatherConfig": schema_openshift_api_config_v1alpha2_GatherConfig(ref), + "github.com/openshift/api/config/v1alpha2.GathererConfig": schema_openshift_api_config_v1alpha2_GathererConfig(ref), + "github.com/openshift/api/config/v1alpha2.Gatherers": schema_openshift_api_config_v1alpha2_Gatherers(ref), + "github.com/openshift/api/config/v1alpha2.InsightsDataGather": schema_openshift_api_config_v1alpha2_InsightsDataGather(ref), + "github.com/openshift/api/config/v1alpha2.InsightsDataGatherList": schema_openshift_api_config_v1alpha2_InsightsDataGatherList(ref), + "github.com/openshift/api/config/v1alpha2.InsightsDataGatherSpec": schema_openshift_api_config_v1alpha2_InsightsDataGatherSpec(ref), + "github.com/openshift/api/config/v1alpha2.InsightsDataGatherStatus": schema_openshift_api_config_v1alpha2_InsightsDataGatherStatus(ref), + "github.com/openshift/api/config/v1alpha2.PersistentVolumeClaimReference": schema_openshift_api_config_v1alpha2_PersistentVolumeClaimReference(ref), + "github.com/openshift/api/config/v1alpha2.PersistentVolumeConfig": schema_openshift_api_config_v1alpha2_PersistentVolumeConfig(ref), + "github.com/openshift/api/config/v1alpha2.Storage": schema_openshift_api_config_v1alpha2_Storage(ref), + "github.com/openshift/api/console/v1.ApplicationMenuSpec": schema_openshift_api_console_v1_ApplicationMenuSpec(ref), + "github.com/openshift/api/console/v1.CLIDownloadLink": schema_openshift_api_console_v1_CLIDownloadLink(ref), + "github.com/openshift/api/console/v1.ConsoleCLIDownload": schema_openshift_api_console_v1_ConsoleCLIDownload(ref), + "github.com/openshift/api/console/v1.ConsoleCLIDownloadList": schema_openshift_api_console_v1_ConsoleCLIDownloadList(ref), + "github.com/openshift/api/console/v1.ConsoleCLIDownloadSpec": schema_openshift_api_console_v1_ConsoleCLIDownloadSpec(ref), + "github.com/openshift/api/console/v1.ConsoleExternalLogLink": schema_openshift_api_console_v1_ConsoleExternalLogLink(ref), + "github.com/openshift/api/console/v1.ConsoleExternalLogLinkList": schema_openshift_api_console_v1_ConsoleExternalLogLinkList(ref), + "github.com/openshift/api/console/v1.ConsoleExternalLogLinkSpec": schema_openshift_api_console_v1_ConsoleExternalLogLinkSpec(ref), + "github.com/openshift/api/console/v1.ConsoleLink": schema_openshift_api_console_v1_ConsoleLink(ref), + "github.com/openshift/api/console/v1.ConsoleLinkList": schema_openshift_api_console_v1_ConsoleLinkList(ref), + "github.com/openshift/api/console/v1.ConsoleLinkSpec": schema_openshift_api_console_v1_ConsoleLinkSpec(ref), + "github.com/openshift/api/console/v1.ConsoleNotification": schema_openshift_api_console_v1_ConsoleNotification(ref), + "github.com/openshift/api/console/v1.ConsoleNotificationList": schema_openshift_api_console_v1_ConsoleNotificationList(ref), + "github.com/openshift/api/console/v1.ConsoleNotificationSpec": schema_openshift_api_console_v1_ConsoleNotificationSpec(ref), + "github.com/openshift/api/console/v1.ConsolePlugin": schema_openshift_api_console_v1_ConsolePlugin(ref), + "github.com/openshift/api/console/v1.ConsolePluginBackend": schema_openshift_api_console_v1_ConsolePluginBackend(ref), + "github.com/openshift/api/console/v1.ConsolePluginCSP": schema_openshift_api_console_v1_ConsolePluginCSP(ref), + "github.com/openshift/api/console/v1.ConsolePluginI18n": schema_openshift_api_console_v1_ConsolePluginI18n(ref), + "github.com/openshift/api/console/v1.ConsolePluginList": schema_openshift_api_console_v1_ConsolePluginList(ref), + "github.com/openshift/api/console/v1.ConsolePluginProxy": schema_openshift_api_console_v1_ConsolePluginProxy(ref), + "github.com/openshift/api/console/v1.ConsolePluginProxyEndpoint": schema_openshift_api_console_v1_ConsolePluginProxyEndpoint(ref), + "github.com/openshift/api/console/v1.ConsolePluginProxyServiceConfig": schema_openshift_api_console_v1_ConsolePluginProxyServiceConfig(ref), + "github.com/openshift/api/console/v1.ConsolePluginService": schema_openshift_api_console_v1_ConsolePluginService(ref), + "github.com/openshift/api/console/v1.ConsolePluginSpec": schema_openshift_api_console_v1_ConsolePluginSpec(ref), + "github.com/openshift/api/console/v1.ConsoleQuickStart": schema_openshift_api_console_v1_ConsoleQuickStart(ref), + "github.com/openshift/api/console/v1.ConsoleQuickStartList": schema_openshift_api_console_v1_ConsoleQuickStartList(ref), + "github.com/openshift/api/console/v1.ConsoleQuickStartSpec": schema_openshift_api_console_v1_ConsoleQuickStartSpec(ref), + "github.com/openshift/api/console/v1.ConsoleQuickStartTask": schema_openshift_api_console_v1_ConsoleQuickStartTask(ref), + "github.com/openshift/api/console/v1.ConsoleQuickStartTaskReview": schema_openshift_api_console_v1_ConsoleQuickStartTaskReview(ref), + "github.com/openshift/api/console/v1.ConsoleQuickStartTaskSummary": schema_openshift_api_console_v1_ConsoleQuickStartTaskSummary(ref), + "github.com/openshift/api/console/v1.ConsoleSample": schema_openshift_api_console_v1_ConsoleSample(ref), + "github.com/openshift/api/console/v1.ConsoleSampleContainerImportSource": schema_openshift_api_console_v1_ConsoleSampleContainerImportSource(ref), + "github.com/openshift/api/console/v1.ConsoleSampleContainerImportSourceService": schema_openshift_api_console_v1_ConsoleSampleContainerImportSourceService(ref), + "github.com/openshift/api/console/v1.ConsoleSampleGitImportSource": schema_openshift_api_console_v1_ConsoleSampleGitImportSource(ref), + "github.com/openshift/api/console/v1.ConsoleSampleGitImportSourceRepository": schema_openshift_api_console_v1_ConsoleSampleGitImportSourceRepository(ref), + "github.com/openshift/api/console/v1.ConsoleSampleGitImportSourceService": schema_openshift_api_console_v1_ConsoleSampleGitImportSourceService(ref), + "github.com/openshift/api/console/v1.ConsoleSampleList": schema_openshift_api_console_v1_ConsoleSampleList(ref), + "github.com/openshift/api/console/v1.ConsoleSampleSource": schema_openshift_api_console_v1_ConsoleSampleSource(ref), + "github.com/openshift/api/console/v1.ConsoleSampleSpec": schema_openshift_api_console_v1_ConsoleSampleSpec(ref), + "github.com/openshift/api/console/v1.ConsoleYAMLSample": schema_openshift_api_console_v1_ConsoleYAMLSample(ref), + "github.com/openshift/api/console/v1.ConsoleYAMLSampleList": schema_openshift_api_console_v1_ConsoleYAMLSampleList(ref), + "github.com/openshift/api/console/v1.ConsoleYAMLSampleSpec": schema_openshift_api_console_v1_ConsoleYAMLSampleSpec(ref), + "github.com/openshift/api/console/v1.Link": schema_openshift_api_console_v1_Link(ref), + "github.com/openshift/api/console/v1.NamespaceDashboardSpec": schema_openshift_api_console_v1_NamespaceDashboardSpec(ref), + "github.com/openshift/api/etcd/v1alpha1.PacemakerCluster": schema_openshift_api_etcd_v1alpha1_PacemakerCluster(ref), + "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterFencingAgentStatus": schema_openshift_api_etcd_v1alpha1_PacemakerClusterFencingAgentStatus(ref), + "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterList": schema_openshift_api_etcd_v1alpha1_PacemakerClusterList(ref), + "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterNodeStatus": schema_openshift_api_etcd_v1alpha1_PacemakerClusterNodeStatus(ref), + "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterResourceStatus": schema_openshift_api_etcd_v1alpha1_PacemakerClusterResourceStatus(ref), + "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterStatus": schema_openshift_api_etcd_v1alpha1_PacemakerClusterStatus(ref), + "github.com/openshift/api/etcd/v1alpha1.PacemakerNodeAddress": schema_openshift_api_etcd_v1alpha1_PacemakerNodeAddress(ref), + "github.com/openshift/api/example/v1.CELUnion": schema_openshift_api_example_v1_CELUnion(ref), + "github.com/openshift/api/example/v1.EvolvingUnion": schema_openshift_api_example_v1_EvolvingUnion(ref), + "github.com/openshift/api/example/v1.FormatMarkerExamples": schema_openshift_api_example_v1_FormatMarkerExamples(ref), + "github.com/openshift/api/example/v1.StableConfigType": schema_openshift_api_example_v1_StableConfigType(ref), + "github.com/openshift/api/example/v1.StableConfigTypeList": schema_openshift_api_example_v1_StableConfigTypeList(ref), + "github.com/openshift/api/example/v1.StableConfigTypeSpec": schema_openshift_api_example_v1_StableConfigTypeSpec(ref), + "github.com/openshift/api/example/v1.StableConfigTypeStatus": schema_openshift_api_example_v1_StableConfigTypeStatus(ref), + "github.com/openshift/api/example/v1.SubnetsWithExclusions": schema_openshift_api_example_v1_SubnetsWithExclusions(ref), + "github.com/openshift/api/example/v1alpha1.NotStableConfigType": schema_openshift_api_example_v1alpha1_NotStableConfigType(ref), + "github.com/openshift/api/example/v1alpha1.NotStableConfigTypeList": schema_openshift_api_example_v1alpha1_NotStableConfigTypeList(ref), + "github.com/openshift/api/example/v1alpha1.NotStableConfigTypeSpec": schema_openshift_api_example_v1alpha1_NotStableConfigTypeSpec(ref), + "github.com/openshift/api/example/v1alpha1.NotStableConfigTypeStatus": schema_openshift_api_example_v1alpha1_NotStableConfigTypeStatus(ref), + "github.com/openshift/api/helm/v1beta1.ConnectionConfig": schema_openshift_api_helm_v1beta1_ConnectionConfig(ref), + "github.com/openshift/api/helm/v1beta1.ConnectionConfigNamespaceScoped": schema_openshift_api_helm_v1beta1_ConnectionConfigNamespaceScoped(ref), + "github.com/openshift/api/helm/v1beta1.HelmChartRepository": schema_openshift_api_helm_v1beta1_HelmChartRepository(ref), + "github.com/openshift/api/helm/v1beta1.HelmChartRepositoryList": schema_openshift_api_helm_v1beta1_HelmChartRepositoryList(ref), + "github.com/openshift/api/helm/v1beta1.HelmChartRepositorySpec": schema_openshift_api_helm_v1beta1_HelmChartRepositorySpec(ref), + "github.com/openshift/api/helm/v1beta1.HelmChartRepositoryStatus": schema_openshift_api_helm_v1beta1_HelmChartRepositoryStatus(ref), + "github.com/openshift/api/helm/v1beta1.ProjectHelmChartRepository": schema_openshift_api_helm_v1beta1_ProjectHelmChartRepository(ref), + "github.com/openshift/api/helm/v1beta1.ProjectHelmChartRepositoryList": schema_openshift_api_helm_v1beta1_ProjectHelmChartRepositoryList(ref), + "github.com/openshift/api/helm/v1beta1.ProjectHelmChartRepositorySpec": schema_openshift_api_helm_v1beta1_ProjectHelmChartRepositorySpec(ref), + "github.com/openshift/api/image/v1.DockerImageReference": schema_openshift_api_image_v1_DockerImageReference(ref), + "github.com/openshift/api/image/v1.Image": schema_openshift_api_image_v1_Image(ref), + "github.com/openshift/api/image/v1.ImageBlobReferences": schema_openshift_api_image_v1_ImageBlobReferences(ref), + "github.com/openshift/api/image/v1.ImageImportSpec": schema_openshift_api_image_v1_ImageImportSpec(ref), + "github.com/openshift/api/image/v1.ImageImportStatus": schema_openshift_api_image_v1_ImageImportStatus(ref), + "github.com/openshift/api/image/v1.ImageLayer": schema_openshift_api_image_v1_ImageLayer(ref), + "github.com/openshift/api/image/v1.ImageLayerData": schema_openshift_api_image_v1_ImageLayerData(ref), + "github.com/openshift/api/image/v1.ImageList": schema_openshift_api_image_v1_ImageList(ref), + "github.com/openshift/api/image/v1.ImageLookupPolicy": schema_openshift_api_image_v1_ImageLookupPolicy(ref), + "github.com/openshift/api/image/v1.ImageManifest": schema_openshift_api_image_v1_ImageManifest(ref), + "github.com/openshift/api/image/v1.ImageSignature": schema_openshift_api_image_v1_ImageSignature(ref), + "github.com/openshift/api/image/v1.ImageStream": schema_openshift_api_image_v1_ImageStream(ref), + "github.com/openshift/api/image/v1.ImageStreamImage": schema_openshift_api_image_v1_ImageStreamImage(ref), + "github.com/openshift/api/image/v1.ImageStreamImport": schema_openshift_api_image_v1_ImageStreamImport(ref), + "github.com/openshift/api/image/v1.ImageStreamImportSpec": schema_openshift_api_image_v1_ImageStreamImportSpec(ref), + "github.com/openshift/api/image/v1.ImageStreamImportStatus": schema_openshift_api_image_v1_ImageStreamImportStatus(ref), + "github.com/openshift/api/image/v1.ImageStreamLayers": schema_openshift_api_image_v1_ImageStreamLayers(ref), + "github.com/openshift/api/image/v1.ImageStreamList": schema_openshift_api_image_v1_ImageStreamList(ref), + "github.com/openshift/api/image/v1.ImageStreamMapping": schema_openshift_api_image_v1_ImageStreamMapping(ref), + "github.com/openshift/api/image/v1.ImageStreamSpec": schema_openshift_api_image_v1_ImageStreamSpec(ref), + "github.com/openshift/api/image/v1.ImageStreamStatus": schema_openshift_api_image_v1_ImageStreamStatus(ref), + "github.com/openshift/api/image/v1.ImageStreamTag": schema_openshift_api_image_v1_ImageStreamTag(ref), + "github.com/openshift/api/image/v1.ImageStreamTagList": schema_openshift_api_image_v1_ImageStreamTagList(ref), + "github.com/openshift/api/image/v1.ImageTag": schema_openshift_api_image_v1_ImageTag(ref), + "github.com/openshift/api/image/v1.ImageTagList": schema_openshift_api_image_v1_ImageTagList(ref), + "github.com/openshift/api/image/v1.NamedTagEventList": schema_openshift_api_image_v1_NamedTagEventList(ref), + "github.com/openshift/api/image/v1.RepositoryImportSpec": schema_openshift_api_image_v1_RepositoryImportSpec(ref), + "github.com/openshift/api/image/v1.RepositoryImportStatus": schema_openshift_api_image_v1_RepositoryImportStatus(ref), + "github.com/openshift/api/image/v1.SecretList": schema_openshift_api_image_v1_SecretList(ref), + "github.com/openshift/api/image/v1.SignatureCondition": schema_openshift_api_image_v1_SignatureCondition(ref), + "github.com/openshift/api/image/v1.SignatureGenericEntity": schema_openshift_api_image_v1_SignatureGenericEntity(ref), + "github.com/openshift/api/image/v1.SignatureIssuer": schema_openshift_api_image_v1_SignatureIssuer(ref), + "github.com/openshift/api/image/v1.SignatureSubject": schema_openshift_api_image_v1_SignatureSubject(ref), + "github.com/openshift/api/image/v1.TagEvent": schema_openshift_api_image_v1_TagEvent(ref), + "github.com/openshift/api/image/v1.TagEventCondition": schema_openshift_api_image_v1_TagEventCondition(ref), + "github.com/openshift/api/image/v1.TagImportPolicy": schema_openshift_api_image_v1_TagImportPolicy(ref), + "github.com/openshift/api/image/v1.TagReference": schema_openshift_api_image_v1_TagReference(ref), + "github.com/openshift/api/image/v1.TagReferencePolicy": schema_openshift_api_image_v1_TagReferencePolicy(ref), + "github.com/openshift/api/insights/v1.Custom": schema_openshift_api_insights_v1_Custom(ref), + "github.com/openshift/api/insights/v1.DataGather": schema_openshift_api_insights_v1_DataGather(ref), + "github.com/openshift/api/insights/v1.DataGatherList": schema_openshift_api_insights_v1_DataGatherList(ref), + "github.com/openshift/api/insights/v1.DataGatherSpec": schema_openshift_api_insights_v1_DataGatherSpec(ref), + "github.com/openshift/api/insights/v1.DataGatherStatus": schema_openshift_api_insights_v1_DataGatherStatus(ref), + "github.com/openshift/api/insights/v1.GathererConfig": schema_openshift_api_insights_v1_GathererConfig(ref), + "github.com/openshift/api/insights/v1.GathererStatus": schema_openshift_api_insights_v1_GathererStatus(ref), + "github.com/openshift/api/insights/v1.Gatherers": schema_openshift_api_insights_v1_Gatherers(ref), + "github.com/openshift/api/insights/v1.HealthCheck": schema_openshift_api_insights_v1_HealthCheck(ref), + "github.com/openshift/api/insights/v1.InsightsReport": schema_openshift_api_insights_v1_InsightsReport(ref), + "github.com/openshift/api/insights/v1.ObjectReference": schema_openshift_api_insights_v1_ObjectReference(ref), + "github.com/openshift/api/insights/v1.PersistentVolumeClaimReference": schema_openshift_api_insights_v1_PersistentVolumeClaimReference(ref), + "github.com/openshift/api/insights/v1.PersistentVolumeConfig": schema_openshift_api_insights_v1_PersistentVolumeConfig(ref), + "github.com/openshift/api/insights/v1.Storage": schema_openshift_api_insights_v1_Storage(ref), + "github.com/openshift/api/insights/v1alpha1.DataGather": schema_openshift_api_insights_v1alpha1_DataGather(ref), + "github.com/openshift/api/insights/v1alpha1.DataGatherList": schema_openshift_api_insights_v1alpha1_DataGatherList(ref), + "github.com/openshift/api/insights/v1alpha1.DataGatherSpec": schema_openshift_api_insights_v1alpha1_DataGatherSpec(ref), + "github.com/openshift/api/insights/v1alpha1.DataGatherStatus": schema_openshift_api_insights_v1alpha1_DataGatherStatus(ref), + "github.com/openshift/api/insights/v1alpha1.GathererConfig": schema_openshift_api_insights_v1alpha1_GathererConfig(ref), + "github.com/openshift/api/insights/v1alpha1.GathererStatus": schema_openshift_api_insights_v1alpha1_GathererStatus(ref), + "github.com/openshift/api/insights/v1alpha1.HealthCheck": schema_openshift_api_insights_v1alpha1_HealthCheck(ref), + "github.com/openshift/api/insights/v1alpha1.InsightsReport": schema_openshift_api_insights_v1alpha1_InsightsReport(ref), + "github.com/openshift/api/insights/v1alpha1.ObjectReference": schema_openshift_api_insights_v1alpha1_ObjectReference(ref), + "github.com/openshift/api/insights/v1alpha1.PersistentVolumeClaimReference": schema_openshift_api_insights_v1alpha1_PersistentVolumeClaimReference(ref), + "github.com/openshift/api/insights/v1alpha1.PersistentVolumeConfig": schema_openshift_api_insights_v1alpha1_PersistentVolumeConfig(ref), + "github.com/openshift/api/insights/v1alpha1.Storage": schema_openshift_api_insights_v1alpha1_Storage(ref), + "github.com/openshift/api/insights/v1alpha2.Custom": schema_openshift_api_insights_v1alpha2_Custom(ref), + "github.com/openshift/api/insights/v1alpha2.DataGather": schema_openshift_api_insights_v1alpha2_DataGather(ref), + "github.com/openshift/api/insights/v1alpha2.DataGatherList": schema_openshift_api_insights_v1alpha2_DataGatherList(ref), + "github.com/openshift/api/insights/v1alpha2.DataGatherSpec": schema_openshift_api_insights_v1alpha2_DataGatherSpec(ref), + "github.com/openshift/api/insights/v1alpha2.DataGatherStatus": schema_openshift_api_insights_v1alpha2_DataGatherStatus(ref), + "github.com/openshift/api/insights/v1alpha2.GathererConfig": schema_openshift_api_insights_v1alpha2_GathererConfig(ref), + "github.com/openshift/api/insights/v1alpha2.GathererStatus": schema_openshift_api_insights_v1alpha2_GathererStatus(ref), + "github.com/openshift/api/insights/v1alpha2.Gatherers": schema_openshift_api_insights_v1alpha2_Gatherers(ref), + "github.com/openshift/api/insights/v1alpha2.HealthCheck": schema_openshift_api_insights_v1alpha2_HealthCheck(ref), + "github.com/openshift/api/insights/v1alpha2.InsightsReport": schema_openshift_api_insights_v1alpha2_InsightsReport(ref), + "github.com/openshift/api/insights/v1alpha2.ObjectReference": schema_openshift_api_insights_v1alpha2_ObjectReference(ref), + "github.com/openshift/api/insights/v1alpha2.PersistentVolumeClaimReference": schema_openshift_api_insights_v1alpha2_PersistentVolumeClaimReference(ref), + "github.com/openshift/api/insights/v1alpha2.PersistentVolumeConfig": schema_openshift_api_insights_v1alpha2_PersistentVolumeConfig(ref), + "github.com/openshift/api/insights/v1alpha2.Storage": schema_openshift_api_insights_v1alpha2_Storage(ref), + "github.com/openshift/api/kubecontrolplane/v1.AggregatorConfig": schema_openshift_api_kubecontrolplane_v1_AggregatorConfig(ref), + "github.com/openshift/api/kubecontrolplane/v1.KubeAPIServerConfig": schema_openshift_api_kubecontrolplane_v1_KubeAPIServerConfig(ref), + "github.com/openshift/api/kubecontrolplane/v1.KubeAPIServerImagePolicyConfig": schema_openshift_api_kubecontrolplane_v1_KubeAPIServerImagePolicyConfig(ref), + "github.com/openshift/api/kubecontrolplane/v1.KubeAPIServerProjectConfig": schema_openshift_api_kubecontrolplane_v1_KubeAPIServerProjectConfig(ref), + "github.com/openshift/api/kubecontrolplane/v1.KubeControllerManagerConfig": schema_openshift_api_kubecontrolplane_v1_KubeControllerManagerConfig(ref), + "github.com/openshift/api/kubecontrolplane/v1.KubeControllerManagerProjectConfig": schema_openshift_api_kubecontrolplane_v1_KubeControllerManagerProjectConfig(ref), + "github.com/openshift/api/kubecontrolplane/v1.KubeletConnectionInfo": schema_openshift_api_kubecontrolplane_v1_KubeletConnectionInfo(ref), + "github.com/openshift/api/kubecontrolplane/v1.MasterAuthConfig": schema_openshift_api_kubecontrolplane_v1_MasterAuthConfig(ref), + "github.com/openshift/api/kubecontrolplane/v1.RequestHeaderAuthenticationOptions": schema_openshift_api_kubecontrolplane_v1_RequestHeaderAuthenticationOptions(ref), + "github.com/openshift/api/kubecontrolplane/v1.ServiceServingCert": schema_openshift_api_kubecontrolplane_v1_ServiceServingCert(ref), + "github.com/openshift/api/kubecontrolplane/v1.UserAgentDenyRule": schema_openshift_api_kubecontrolplane_v1_UserAgentDenyRule(ref), + "github.com/openshift/api/kubecontrolplane/v1.UserAgentMatchRule": schema_openshift_api_kubecontrolplane_v1_UserAgentMatchRule(ref), + "github.com/openshift/api/kubecontrolplane/v1.UserAgentMatchingConfig": schema_openshift_api_kubecontrolplane_v1_UserAgentMatchingConfig(ref), + "github.com/openshift/api/kubecontrolplane/v1.WebhookTokenAuthenticator": schema_openshift_api_kubecontrolplane_v1_WebhookTokenAuthenticator(ref), + "github.com/openshift/api/legacyconfig/v1.ActiveDirectoryConfig": schema_openshift_api_legacyconfig_v1_ActiveDirectoryConfig(ref), + "github.com/openshift/api/legacyconfig/v1.AdmissionConfig": schema_openshift_api_legacyconfig_v1_AdmissionConfig(ref), + "github.com/openshift/api/legacyconfig/v1.AdmissionPluginConfig": schema_openshift_api_legacyconfig_v1_AdmissionPluginConfig(ref), + "github.com/openshift/api/legacyconfig/v1.AggregatorConfig": schema_openshift_api_legacyconfig_v1_AggregatorConfig(ref), + "github.com/openshift/api/legacyconfig/v1.AllowAllPasswordIdentityProvider": schema_openshift_api_legacyconfig_v1_AllowAllPasswordIdentityProvider(ref), + "github.com/openshift/api/legacyconfig/v1.AuditConfig": schema_openshift_api_legacyconfig_v1_AuditConfig(ref), + "github.com/openshift/api/legacyconfig/v1.AugmentedActiveDirectoryConfig": schema_openshift_api_legacyconfig_v1_AugmentedActiveDirectoryConfig(ref), + "github.com/openshift/api/legacyconfig/v1.BasicAuthPasswordIdentityProvider": schema_openshift_api_legacyconfig_v1_BasicAuthPasswordIdentityProvider(ref), + "github.com/openshift/api/legacyconfig/v1.BuildDefaultsConfig": schema_openshift_api_legacyconfig_v1_BuildDefaultsConfig(ref), + "github.com/openshift/api/legacyconfig/v1.BuildOverridesConfig": schema_openshift_api_legacyconfig_v1_BuildOverridesConfig(ref), + "github.com/openshift/api/legacyconfig/v1.CertInfo": schema_openshift_api_legacyconfig_v1_CertInfo(ref), + "github.com/openshift/api/legacyconfig/v1.ClientConnectionOverrides": schema_openshift_api_legacyconfig_v1_ClientConnectionOverrides(ref), + "github.com/openshift/api/legacyconfig/v1.ClusterNetworkEntry": schema_openshift_api_legacyconfig_v1_ClusterNetworkEntry(ref), + "github.com/openshift/api/legacyconfig/v1.ControllerConfig": schema_openshift_api_legacyconfig_v1_ControllerConfig(ref), + "github.com/openshift/api/legacyconfig/v1.ControllerElectionConfig": schema_openshift_api_legacyconfig_v1_ControllerElectionConfig(ref), + "github.com/openshift/api/legacyconfig/v1.DNSConfig": schema_openshift_api_legacyconfig_v1_DNSConfig(ref), + "github.com/openshift/api/legacyconfig/v1.DefaultAdmissionConfig": schema_openshift_api_legacyconfig_v1_DefaultAdmissionConfig(ref), + "github.com/openshift/api/legacyconfig/v1.DenyAllPasswordIdentityProvider": schema_openshift_api_legacyconfig_v1_DenyAllPasswordIdentityProvider(ref), + "github.com/openshift/api/legacyconfig/v1.DockerConfig": schema_openshift_api_legacyconfig_v1_DockerConfig(ref), + "github.com/openshift/api/legacyconfig/v1.EtcdConfig": schema_openshift_api_legacyconfig_v1_EtcdConfig(ref), + "github.com/openshift/api/legacyconfig/v1.EtcdConnectionInfo": schema_openshift_api_legacyconfig_v1_EtcdConnectionInfo(ref), + "github.com/openshift/api/legacyconfig/v1.EtcdStorageConfig": schema_openshift_api_legacyconfig_v1_EtcdStorageConfig(ref), + "github.com/openshift/api/legacyconfig/v1.GitHubIdentityProvider": schema_openshift_api_legacyconfig_v1_GitHubIdentityProvider(ref), + "github.com/openshift/api/legacyconfig/v1.GitLabIdentityProvider": schema_openshift_api_legacyconfig_v1_GitLabIdentityProvider(ref), + "github.com/openshift/api/legacyconfig/v1.GoogleIdentityProvider": schema_openshift_api_legacyconfig_v1_GoogleIdentityProvider(ref), + "github.com/openshift/api/legacyconfig/v1.GrantConfig": schema_openshift_api_legacyconfig_v1_GrantConfig(ref), + "github.com/openshift/api/legacyconfig/v1.GroupResource": schema_openshift_api_legacyconfig_v1_GroupResource(ref), + "github.com/openshift/api/legacyconfig/v1.HTPasswdPasswordIdentityProvider": schema_openshift_api_legacyconfig_v1_HTPasswdPasswordIdentityProvider(ref), + "github.com/openshift/api/legacyconfig/v1.HTTPServingInfo": schema_openshift_api_legacyconfig_v1_HTTPServingInfo(ref), + "github.com/openshift/api/legacyconfig/v1.IdentityProvider": schema_openshift_api_legacyconfig_v1_IdentityProvider(ref), + "github.com/openshift/api/legacyconfig/v1.ImageConfig": schema_openshift_api_legacyconfig_v1_ImageConfig(ref), + "github.com/openshift/api/legacyconfig/v1.ImagePolicyConfig": schema_openshift_api_legacyconfig_v1_ImagePolicyConfig(ref), + "github.com/openshift/api/legacyconfig/v1.JenkinsPipelineConfig": schema_openshift_api_legacyconfig_v1_JenkinsPipelineConfig(ref), + "github.com/openshift/api/legacyconfig/v1.KeystonePasswordIdentityProvider": schema_openshift_api_legacyconfig_v1_KeystonePasswordIdentityProvider(ref), + "github.com/openshift/api/legacyconfig/v1.KubeletConnectionInfo": schema_openshift_api_legacyconfig_v1_KubeletConnectionInfo(ref), + "github.com/openshift/api/legacyconfig/v1.KubernetesMasterConfig": schema_openshift_api_legacyconfig_v1_KubernetesMasterConfig(ref), + "github.com/openshift/api/legacyconfig/v1.LDAPAttributeMapping": schema_openshift_api_legacyconfig_v1_LDAPAttributeMapping(ref), + "github.com/openshift/api/legacyconfig/v1.LDAPPasswordIdentityProvider": schema_openshift_api_legacyconfig_v1_LDAPPasswordIdentityProvider(ref), + "github.com/openshift/api/legacyconfig/v1.LDAPQuery": schema_openshift_api_legacyconfig_v1_LDAPQuery(ref), + "github.com/openshift/api/legacyconfig/v1.LDAPSyncConfig": schema_openshift_api_legacyconfig_v1_LDAPSyncConfig(ref), + "github.com/openshift/api/legacyconfig/v1.LocalQuota": schema_openshift_api_legacyconfig_v1_LocalQuota(ref), + "github.com/openshift/api/legacyconfig/v1.MasterAuthConfig": schema_openshift_api_legacyconfig_v1_MasterAuthConfig(ref), + "github.com/openshift/api/legacyconfig/v1.MasterClients": schema_openshift_api_legacyconfig_v1_MasterClients(ref), + "github.com/openshift/api/legacyconfig/v1.MasterConfig": schema_openshift_api_legacyconfig_v1_MasterConfig(ref), + "github.com/openshift/api/legacyconfig/v1.MasterNetworkConfig": schema_openshift_api_legacyconfig_v1_MasterNetworkConfig(ref), + "github.com/openshift/api/legacyconfig/v1.MasterVolumeConfig": schema_openshift_api_legacyconfig_v1_MasterVolumeConfig(ref), + "github.com/openshift/api/legacyconfig/v1.NamedCertificate": schema_openshift_api_legacyconfig_v1_NamedCertificate(ref), + "github.com/openshift/api/legacyconfig/v1.NodeAuthConfig": schema_openshift_api_legacyconfig_v1_NodeAuthConfig(ref), + "github.com/openshift/api/legacyconfig/v1.NodeConfig": schema_openshift_api_legacyconfig_v1_NodeConfig(ref), + "github.com/openshift/api/legacyconfig/v1.NodeNetworkConfig": schema_openshift_api_legacyconfig_v1_NodeNetworkConfig(ref), + "github.com/openshift/api/legacyconfig/v1.NodeVolumeConfig": schema_openshift_api_legacyconfig_v1_NodeVolumeConfig(ref), + "github.com/openshift/api/legacyconfig/v1.OAuthConfig": schema_openshift_api_legacyconfig_v1_OAuthConfig(ref), + "github.com/openshift/api/legacyconfig/v1.OAuthTemplates": schema_openshift_api_legacyconfig_v1_OAuthTemplates(ref), + "github.com/openshift/api/legacyconfig/v1.OpenIDClaims": schema_openshift_api_legacyconfig_v1_OpenIDClaims(ref), + "github.com/openshift/api/legacyconfig/v1.OpenIDIdentityProvider": schema_openshift_api_legacyconfig_v1_OpenIDIdentityProvider(ref), + "github.com/openshift/api/legacyconfig/v1.OpenIDURLs": schema_openshift_api_legacyconfig_v1_OpenIDURLs(ref), + "github.com/openshift/api/legacyconfig/v1.PodManifestConfig": schema_openshift_api_legacyconfig_v1_PodManifestConfig(ref), + "github.com/openshift/api/legacyconfig/v1.PolicyConfig": schema_openshift_api_legacyconfig_v1_PolicyConfig(ref), + "github.com/openshift/api/legacyconfig/v1.ProjectConfig": schema_openshift_api_legacyconfig_v1_ProjectConfig(ref), + "github.com/openshift/api/legacyconfig/v1.RFC2307Config": schema_openshift_api_legacyconfig_v1_RFC2307Config(ref), + "github.com/openshift/api/legacyconfig/v1.RegistryLocation": schema_openshift_api_legacyconfig_v1_RegistryLocation(ref), + "github.com/openshift/api/legacyconfig/v1.RemoteConnectionInfo": schema_openshift_api_legacyconfig_v1_RemoteConnectionInfo(ref), + "github.com/openshift/api/legacyconfig/v1.RequestHeaderAuthenticationOptions": schema_openshift_api_legacyconfig_v1_RequestHeaderAuthenticationOptions(ref), + "github.com/openshift/api/legacyconfig/v1.RequestHeaderIdentityProvider": schema_openshift_api_legacyconfig_v1_RequestHeaderIdentityProvider(ref), + "github.com/openshift/api/legacyconfig/v1.RoutingConfig": schema_openshift_api_legacyconfig_v1_RoutingConfig(ref), + "github.com/openshift/api/legacyconfig/v1.SecurityAllocator": schema_openshift_api_legacyconfig_v1_SecurityAllocator(ref), + "github.com/openshift/api/legacyconfig/v1.ServiceAccountConfig": schema_openshift_api_legacyconfig_v1_ServiceAccountConfig(ref), + "github.com/openshift/api/legacyconfig/v1.ServiceServingCert": schema_openshift_api_legacyconfig_v1_ServiceServingCert(ref), + "github.com/openshift/api/legacyconfig/v1.ServingInfo": schema_openshift_api_legacyconfig_v1_ServingInfo(ref), + "github.com/openshift/api/legacyconfig/v1.SessionConfig": schema_openshift_api_legacyconfig_v1_SessionConfig(ref), + "github.com/openshift/api/legacyconfig/v1.SessionSecret": schema_openshift_api_legacyconfig_v1_SessionSecret(ref), + "github.com/openshift/api/legacyconfig/v1.SessionSecrets": schema_openshift_api_legacyconfig_v1_SessionSecrets(ref), + "github.com/openshift/api/legacyconfig/v1.SourceStrategyDefaultsConfig": schema_openshift_api_legacyconfig_v1_SourceStrategyDefaultsConfig(ref), + "github.com/openshift/api/legacyconfig/v1.StringSource": schema_openshift_api_legacyconfig_v1_StringSource(ref), + "github.com/openshift/api/legacyconfig/v1.StringSourceSpec": schema_openshift_api_legacyconfig_v1_StringSourceSpec(ref), + "github.com/openshift/api/legacyconfig/v1.TokenConfig": schema_openshift_api_legacyconfig_v1_TokenConfig(ref), + "github.com/openshift/api/legacyconfig/v1.UserAgentDenyRule": schema_openshift_api_legacyconfig_v1_UserAgentDenyRule(ref), + "github.com/openshift/api/legacyconfig/v1.UserAgentMatchRule": schema_openshift_api_legacyconfig_v1_UserAgentMatchRule(ref), + "github.com/openshift/api/legacyconfig/v1.UserAgentMatchingConfig": schema_openshift_api_legacyconfig_v1_UserAgentMatchingConfig(ref), + "github.com/openshift/api/legacyconfig/v1.WebhookTokenAuthenticator": schema_openshift_api_legacyconfig_v1_WebhookTokenAuthenticator(ref), + "github.com/openshift/api/machine/v1.AWSFailureDomain": schema_openshift_api_machine_v1_AWSFailureDomain(ref), + "github.com/openshift/api/machine/v1.AWSFailureDomainPlacement": schema_openshift_api_machine_v1_AWSFailureDomainPlacement(ref), + "github.com/openshift/api/machine/v1.AWSResourceFilter": schema_openshift_api_machine_v1_AWSResourceFilter(ref), + "github.com/openshift/api/machine/v1.AWSResourceReference": schema_openshift_api_machine_v1_AWSResourceReference(ref), + "github.com/openshift/api/machine/v1.AlibabaCloudMachineProviderConfig": schema_openshift_api_machine_v1_AlibabaCloudMachineProviderConfig(ref), + "github.com/openshift/api/machine/v1.AlibabaCloudMachineProviderConfigList": schema_openshift_api_machine_v1_AlibabaCloudMachineProviderConfigList(ref), + "github.com/openshift/api/machine/v1.AlibabaCloudMachineProviderStatus": schema_openshift_api_machine_v1_AlibabaCloudMachineProviderStatus(ref), + "github.com/openshift/api/machine/v1.AlibabaResourceReference": schema_openshift_api_machine_v1_AlibabaResourceReference(ref), + "github.com/openshift/api/machine/v1.AzureFailureDomain": schema_openshift_api_machine_v1_AzureFailureDomain(ref), + "github.com/openshift/api/machine/v1.BandwidthProperties": schema_openshift_api_machine_v1_BandwidthProperties(ref), + "github.com/openshift/api/machine/v1.ControlPlaneMachineSet": schema_openshift_api_machine_v1_ControlPlaneMachineSet(ref), + "github.com/openshift/api/machine/v1.ControlPlaneMachineSetList": schema_openshift_api_machine_v1_ControlPlaneMachineSetList(ref), + "github.com/openshift/api/machine/v1.ControlPlaneMachineSetSpec": schema_openshift_api_machine_v1_ControlPlaneMachineSetSpec(ref), + "github.com/openshift/api/machine/v1.ControlPlaneMachineSetStatus": schema_openshift_api_machine_v1_ControlPlaneMachineSetStatus(ref), + "github.com/openshift/api/machine/v1.ControlPlaneMachineSetStrategy": schema_openshift_api_machine_v1_ControlPlaneMachineSetStrategy(ref), + "github.com/openshift/api/machine/v1.ControlPlaneMachineSetTemplate": schema_openshift_api_machine_v1_ControlPlaneMachineSetTemplate(ref), + "github.com/openshift/api/machine/v1.ControlPlaneMachineSetTemplateObjectMeta": schema_openshift_api_machine_v1_ControlPlaneMachineSetTemplateObjectMeta(ref), + "github.com/openshift/api/machine/v1.DataDiskProperties": schema_openshift_api_machine_v1_DataDiskProperties(ref), + "github.com/openshift/api/machine/v1.FailureDomains": schema_openshift_api_machine_v1_FailureDomains(ref), + "github.com/openshift/api/machine/v1.GCPFailureDomain": schema_openshift_api_machine_v1_GCPFailureDomain(ref), + "github.com/openshift/api/machine/v1.LoadBalancerReference": schema_openshift_api_machine_v1_LoadBalancerReference(ref), + "github.com/openshift/api/machine/v1.NutanixCategory": schema_openshift_api_machine_v1_NutanixCategory(ref), + "github.com/openshift/api/machine/v1.NutanixFailureDomainReference": schema_openshift_api_machine_v1_NutanixFailureDomainReference(ref), + "github.com/openshift/api/machine/v1.NutanixGPU": schema_openshift_api_machine_v1_NutanixGPU(ref), + "github.com/openshift/api/machine/v1.NutanixMachineProviderConfig": schema_openshift_api_machine_v1_NutanixMachineProviderConfig(ref), + "github.com/openshift/api/machine/v1.NutanixMachineProviderStatus": schema_openshift_api_machine_v1_NutanixMachineProviderStatus(ref), + "github.com/openshift/api/machine/v1.NutanixResourceIdentifier": schema_openshift_api_machine_v1_NutanixResourceIdentifier(ref), + "github.com/openshift/api/machine/v1.NutanixStorageResourceIdentifier": schema_openshift_api_machine_v1_NutanixStorageResourceIdentifier(ref), + "github.com/openshift/api/machine/v1.NutanixVMDisk": schema_openshift_api_machine_v1_NutanixVMDisk(ref), + "github.com/openshift/api/machine/v1.NutanixVMDiskDeviceProperties": schema_openshift_api_machine_v1_NutanixVMDiskDeviceProperties(ref), + "github.com/openshift/api/machine/v1.NutanixVMStorageConfig": schema_openshift_api_machine_v1_NutanixVMStorageConfig(ref), + "github.com/openshift/api/machine/v1.OpenShiftMachineV1Beta1MachineTemplate": schema_openshift_api_machine_v1_OpenShiftMachineV1Beta1MachineTemplate(ref), + "github.com/openshift/api/machine/v1.OpenStackFailureDomain": schema_openshift_api_machine_v1_OpenStackFailureDomain(ref), + "github.com/openshift/api/machine/v1.PowerVSMachineProviderConfig": schema_openshift_api_machine_v1_PowerVSMachineProviderConfig(ref), + "github.com/openshift/api/machine/v1.PowerVSMachineProviderStatus": schema_openshift_api_machine_v1_PowerVSMachineProviderStatus(ref), + "github.com/openshift/api/machine/v1.PowerVSResource": schema_openshift_api_machine_v1_PowerVSResource(ref), + "github.com/openshift/api/machine/v1.PowerVSSecretReference": schema_openshift_api_machine_v1_PowerVSSecretReference(ref), + "github.com/openshift/api/machine/v1.RootVolume": schema_openshift_api_machine_v1_RootVolume(ref), + "github.com/openshift/api/machine/v1.SystemDiskProperties": schema_openshift_api_machine_v1_SystemDiskProperties(ref), + "github.com/openshift/api/machine/v1.Tag": schema_openshift_api_machine_v1_Tag(ref), + "github.com/openshift/api/machine/v1.VSphereFailureDomain": schema_openshift_api_machine_v1_VSphereFailureDomain(ref), + "github.com/openshift/api/machine/v1alpha1.AdditionalBlockDevice": schema_openshift_api_machine_v1alpha1_AdditionalBlockDevice(ref), + "github.com/openshift/api/machine/v1alpha1.AddressPair": schema_openshift_api_machine_v1alpha1_AddressPair(ref), + "github.com/openshift/api/machine/v1alpha1.BlockDeviceStorage": schema_openshift_api_machine_v1alpha1_BlockDeviceStorage(ref), + "github.com/openshift/api/machine/v1alpha1.BlockDeviceVolume": schema_openshift_api_machine_v1alpha1_BlockDeviceVolume(ref), + "github.com/openshift/api/machine/v1alpha1.Filter": schema_openshift_api_machine_v1alpha1_Filter(ref), + "github.com/openshift/api/machine/v1alpha1.FixedIPs": schema_openshift_api_machine_v1alpha1_FixedIPs(ref), + "github.com/openshift/api/machine/v1alpha1.NetworkParam": schema_openshift_api_machine_v1alpha1_NetworkParam(ref), + "github.com/openshift/api/machine/v1alpha1.OpenstackProviderSpec": schema_openshift_api_machine_v1alpha1_OpenstackProviderSpec(ref), + "github.com/openshift/api/machine/v1alpha1.PortOpts": schema_openshift_api_machine_v1alpha1_PortOpts(ref), + "github.com/openshift/api/machine/v1alpha1.RootVolume": schema_openshift_api_machine_v1alpha1_RootVolume(ref), + "github.com/openshift/api/machine/v1alpha1.SecurityGroupFilter": schema_openshift_api_machine_v1alpha1_SecurityGroupFilter(ref), + "github.com/openshift/api/machine/v1alpha1.SecurityGroupParam": schema_openshift_api_machine_v1alpha1_SecurityGroupParam(ref), + "github.com/openshift/api/machine/v1alpha1.SubnetFilter": schema_openshift_api_machine_v1alpha1_SubnetFilter(ref), + "github.com/openshift/api/machine/v1alpha1.SubnetParam": schema_openshift_api_machine_v1alpha1_SubnetParam(ref), + "github.com/openshift/api/machine/v1beta1.AWSMachineProviderConfig": schema_openshift_api_machine_v1beta1_AWSMachineProviderConfig(ref), + "github.com/openshift/api/machine/v1beta1.AWSMachineProviderConfigList": schema_openshift_api_machine_v1beta1_AWSMachineProviderConfigList(ref), + "github.com/openshift/api/machine/v1beta1.AWSMachineProviderStatus": schema_openshift_api_machine_v1beta1_AWSMachineProviderStatus(ref), + "github.com/openshift/api/machine/v1beta1.AWSResourceReference": schema_openshift_api_machine_v1beta1_AWSResourceReference(ref), + "github.com/openshift/api/machine/v1beta1.AddressesFromPool": schema_openshift_api_machine_v1beta1_AddressesFromPool(ref), + "github.com/openshift/api/machine/v1beta1.AzureBootDiagnostics": schema_openshift_api_machine_v1beta1_AzureBootDiagnostics(ref), + "github.com/openshift/api/machine/v1beta1.AzureCustomerManagedBootDiagnostics": schema_openshift_api_machine_v1beta1_AzureCustomerManagedBootDiagnostics(ref), + "github.com/openshift/api/machine/v1beta1.AzureDiagnostics": schema_openshift_api_machine_v1beta1_AzureDiagnostics(ref), + "github.com/openshift/api/machine/v1beta1.AzureMachineProviderSpec": schema_openshift_api_machine_v1beta1_AzureMachineProviderSpec(ref), + "github.com/openshift/api/machine/v1beta1.AzureMachineProviderStatus": schema_openshift_api_machine_v1beta1_AzureMachineProviderStatus(ref), + "github.com/openshift/api/machine/v1beta1.BlockDeviceMappingSpec": schema_openshift_api_machine_v1beta1_BlockDeviceMappingSpec(ref), + "github.com/openshift/api/machine/v1beta1.CPUOptions": schema_openshift_api_machine_v1beta1_CPUOptions(ref), + "github.com/openshift/api/machine/v1beta1.Condition": schema_openshift_api_machine_v1beta1_Condition(ref), + "github.com/openshift/api/machine/v1beta1.ConfidentialVM": schema_openshift_api_machine_v1beta1_ConfidentialVM(ref), + "github.com/openshift/api/machine/v1beta1.DataDisk": schema_openshift_api_machine_v1beta1_DataDisk(ref), + "github.com/openshift/api/machine/v1beta1.DataDiskManagedDiskParameters": schema_openshift_api_machine_v1beta1_DataDiskManagedDiskParameters(ref), + "github.com/openshift/api/machine/v1beta1.DedicatedHost": schema_openshift_api_machine_v1beta1_DedicatedHost(ref), + "github.com/openshift/api/machine/v1beta1.DedicatedHostStatus": schema_openshift_api_machine_v1beta1_DedicatedHostStatus(ref), + "github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters": schema_openshift_api_machine_v1beta1_DiskEncryptionSetParameters(ref), + "github.com/openshift/api/machine/v1beta1.DiskSettings": schema_openshift_api_machine_v1beta1_DiskSettings(ref), + "github.com/openshift/api/machine/v1beta1.DynamicHostAllocationSpec": schema_openshift_api_machine_v1beta1_DynamicHostAllocationSpec(ref), + "github.com/openshift/api/machine/v1beta1.EBSBlockDeviceSpec": schema_openshift_api_machine_v1beta1_EBSBlockDeviceSpec(ref), + "github.com/openshift/api/machine/v1beta1.Filter": schema_openshift_api_machine_v1beta1_Filter(ref), + "github.com/openshift/api/machine/v1beta1.GCPDisk": schema_openshift_api_machine_v1beta1_GCPDisk(ref), + "github.com/openshift/api/machine/v1beta1.GCPEncryptionKeyReference": schema_openshift_api_machine_v1beta1_GCPEncryptionKeyReference(ref), + "github.com/openshift/api/machine/v1beta1.GCPGPUConfig": schema_openshift_api_machine_v1beta1_GCPGPUConfig(ref), + "github.com/openshift/api/machine/v1beta1.GCPKMSKeyReference": schema_openshift_api_machine_v1beta1_GCPKMSKeyReference(ref), + "github.com/openshift/api/machine/v1beta1.GCPMachineProviderSpec": schema_openshift_api_machine_v1beta1_GCPMachineProviderSpec(ref), + "github.com/openshift/api/machine/v1beta1.GCPMachineProviderStatus": schema_openshift_api_machine_v1beta1_GCPMachineProviderStatus(ref), + "github.com/openshift/api/machine/v1beta1.GCPMetadata": schema_openshift_api_machine_v1beta1_GCPMetadata(ref), + "github.com/openshift/api/machine/v1beta1.GCPNetworkInterface": schema_openshift_api_machine_v1beta1_GCPNetworkInterface(ref), + "github.com/openshift/api/machine/v1beta1.GCPServiceAccount": schema_openshift_api_machine_v1beta1_GCPServiceAccount(ref), + "github.com/openshift/api/machine/v1beta1.GCPShieldedInstanceConfig": schema_openshift_api_machine_v1beta1_GCPShieldedInstanceConfig(ref), + "github.com/openshift/api/machine/v1beta1.HostPlacement": schema_openshift_api_machine_v1beta1_HostPlacement(ref), + "github.com/openshift/api/machine/v1beta1.Image": schema_openshift_api_machine_v1beta1_Image(ref), + "github.com/openshift/api/machine/v1beta1.LastOperation": schema_openshift_api_machine_v1beta1_LastOperation(ref), + "github.com/openshift/api/machine/v1beta1.LifecycleHook": schema_openshift_api_machine_v1beta1_LifecycleHook(ref), + "github.com/openshift/api/machine/v1beta1.LifecycleHooks": schema_openshift_api_machine_v1beta1_LifecycleHooks(ref), + "github.com/openshift/api/machine/v1beta1.LoadBalancerReference": schema_openshift_api_machine_v1beta1_LoadBalancerReference(ref), + "github.com/openshift/api/machine/v1beta1.Machine": schema_openshift_api_machine_v1beta1_Machine(ref), + "github.com/openshift/api/machine/v1beta1.MachineHealthCheck": schema_openshift_api_machine_v1beta1_MachineHealthCheck(ref), + "github.com/openshift/api/machine/v1beta1.MachineHealthCheckList": schema_openshift_api_machine_v1beta1_MachineHealthCheckList(ref), + "github.com/openshift/api/machine/v1beta1.MachineHealthCheckSpec": schema_openshift_api_machine_v1beta1_MachineHealthCheckSpec(ref), + "github.com/openshift/api/machine/v1beta1.MachineHealthCheckStatus": schema_openshift_api_machine_v1beta1_MachineHealthCheckStatus(ref), + "github.com/openshift/api/machine/v1beta1.MachineList": schema_openshift_api_machine_v1beta1_MachineList(ref), + "github.com/openshift/api/machine/v1beta1.MachineSet": schema_openshift_api_machine_v1beta1_MachineSet(ref), + "github.com/openshift/api/machine/v1beta1.MachineSetList": schema_openshift_api_machine_v1beta1_MachineSetList(ref), + "github.com/openshift/api/machine/v1beta1.MachineSetSpec": schema_openshift_api_machine_v1beta1_MachineSetSpec(ref), + "github.com/openshift/api/machine/v1beta1.MachineSetStatus": schema_openshift_api_machine_v1beta1_MachineSetStatus(ref), + "github.com/openshift/api/machine/v1beta1.MachineSpec": schema_openshift_api_machine_v1beta1_MachineSpec(ref), + "github.com/openshift/api/machine/v1beta1.MachineStatus": schema_openshift_api_machine_v1beta1_MachineStatus(ref), + "github.com/openshift/api/machine/v1beta1.MachineTemplateSpec": schema_openshift_api_machine_v1beta1_MachineTemplateSpec(ref), + "github.com/openshift/api/machine/v1beta1.MetadataServiceOptions": schema_openshift_api_machine_v1beta1_MetadataServiceOptions(ref), + "github.com/openshift/api/machine/v1beta1.NetworkDeviceSpec": schema_openshift_api_machine_v1beta1_NetworkDeviceSpec(ref), + "github.com/openshift/api/machine/v1beta1.NetworkSpec": schema_openshift_api_machine_v1beta1_NetworkSpec(ref), + "github.com/openshift/api/machine/v1beta1.OSDisk": schema_openshift_api_machine_v1beta1_OSDisk(ref), + "github.com/openshift/api/machine/v1beta1.OSDiskManagedDiskParameters": schema_openshift_api_machine_v1beta1_OSDiskManagedDiskParameters(ref), + "github.com/openshift/api/machine/v1beta1.ObjectMeta": schema_openshift_api_machine_v1beta1_ObjectMeta(ref), + "github.com/openshift/api/machine/v1beta1.Placement": schema_openshift_api_machine_v1beta1_Placement(ref), + "github.com/openshift/api/machine/v1beta1.ProviderSpec": schema_openshift_api_machine_v1beta1_ProviderSpec(ref), + "github.com/openshift/api/machine/v1beta1.ResourceManagerTag": schema_openshift_api_machine_v1beta1_ResourceManagerTag(ref), + "github.com/openshift/api/machine/v1beta1.SecurityProfile": schema_openshift_api_machine_v1beta1_SecurityProfile(ref), + "github.com/openshift/api/machine/v1beta1.SecuritySettings": schema_openshift_api_machine_v1beta1_SecuritySettings(ref), + "github.com/openshift/api/machine/v1beta1.SpotMarketOptions": schema_openshift_api_machine_v1beta1_SpotMarketOptions(ref), + "github.com/openshift/api/machine/v1beta1.SpotVMOptions": schema_openshift_api_machine_v1beta1_SpotVMOptions(ref), + "github.com/openshift/api/machine/v1beta1.TagSpecification": schema_openshift_api_machine_v1beta1_TagSpecification(ref), + "github.com/openshift/api/machine/v1beta1.TrustedLaunch": schema_openshift_api_machine_v1beta1_TrustedLaunch(ref), + "github.com/openshift/api/machine/v1beta1.UEFISettings": schema_openshift_api_machine_v1beta1_UEFISettings(ref), + "github.com/openshift/api/machine/v1beta1.UnhealthyCondition": schema_openshift_api_machine_v1beta1_UnhealthyCondition(ref), + "github.com/openshift/api/machine/v1beta1.VMDiskSecurityProfile": schema_openshift_api_machine_v1beta1_VMDiskSecurityProfile(ref), + "github.com/openshift/api/machine/v1beta1.VSphereDisk": schema_openshift_api_machine_v1beta1_VSphereDisk(ref), + "github.com/openshift/api/machine/v1beta1.VSphereMachineProviderSpec": schema_openshift_api_machine_v1beta1_VSphereMachineProviderSpec(ref), + "github.com/openshift/api/machine/v1beta1.VSphereMachineProviderStatus": schema_openshift_api_machine_v1beta1_VSphereMachineProviderStatus(ref), + "github.com/openshift/api/machine/v1beta1.Workspace": schema_openshift_api_machine_v1beta1_Workspace(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImage": schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImage(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageBundleStatus": schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageBundleStatus(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageList": schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageList(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageRef": schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageRef(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageSpec": schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageSpec(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageStatus": schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageStatus(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStream": schema_openshift_api_machineconfiguration_v1alpha1_OSImageStream(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamList": schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamList(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamSet": schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamSet(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamSpec": schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamSpec(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamStatus": schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamStatus(ref), + "github.com/openshift/api/monitoring/v1.AlertRelabelConfig": schema_openshift_api_monitoring_v1_AlertRelabelConfig(ref), + "github.com/openshift/api/monitoring/v1.AlertRelabelConfigList": schema_openshift_api_monitoring_v1_AlertRelabelConfigList(ref), + "github.com/openshift/api/monitoring/v1.AlertRelabelConfigSpec": schema_openshift_api_monitoring_v1_AlertRelabelConfigSpec(ref), + "github.com/openshift/api/monitoring/v1.AlertRelabelConfigStatus": schema_openshift_api_monitoring_v1_AlertRelabelConfigStatus(ref), + "github.com/openshift/api/monitoring/v1.AlertingRule": schema_openshift_api_monitoring_v1_AlertingRule(ref), + "github.com/openshift/api/monitoring/v1.AlertingRuleList": schema_openshift_api_monitoring_v1_AlertingRuleList(ref), + "github.com/openshift/api/monitoring/v1.AlertingRuleSpec": schema_openshift_api_monitoring_v1_AlertingRuleSpec(ref), + "github.com/openshift/api/monitoring/v1.AlertingRuleStatus": schema_openshift_api_monitoring_v1_AlertingRuleStatus(ref), + "github.com/openshift/api/monitoring/v1.PrometheusRuleRef": schema_openshift_api_monitoring_v1_PrometheusRuleRef(ref), + "github.com/openshift/api/monitoring/v1.RelabelConfig": schema_openshift_api_monitoring_v1_RelabelConfig(ref), + "github.com/openshift/api/monitoring/v1.Rule": schema_openshift_api_monitoring_v1_Rule(ref), + "github.com/openshift/api/monitoring/v1.RuleGroup": schema_openshift_api_monitoring_v1_RuleGroup(ref), + "github.com/openshift/api/network/v1.ClusterNetwork": schema_openshift_api_network_v1_ClusterNetwork(ref), + "github.com/openshift/api/network/v1.ClusterNetworkEntry": schema_openshift_api_network_v1_ClusterNetworkEntry(ref), + "github.com/openshift/api/network/v1.ClusterNetworkList": schema_openshift_api_network_v1_ClusterNetworkList(ref), + "github.com/openshift/api/network/v1.EgressNetworkPolicy": schema_openshift_api_network_v1_EgressNetworkPolicy(ref), + "github.com/openshift/api/network/v1.EgressNetworkPolicyList": schema_openshift_api_network_v1_EgressNetworkPolicyList(ref), + "github.com/openshift/api/network/v1.EgressNetworkPolicyPeer": schema_openshift_api_network_v1_EgressNetworkPolicyPeer(ref), + "github.com/openshift/api/network/v1.EgressNetworkPolicyRule": schema_openshift_api_network_v1_EgressNetworkPolicyRule(ref), + "github.com/openshift/api/network/v1.EgressNetworkPolicySpec": schema_openshift_api_network_v1_EgressNetworkPolicySpec(ref), + "github.com/openshift/api/network/v1.HostSubnet": schema_openshift_api_network_v1_HostSubnet(ref), + "github.com/openshift/api/network/v1.HostSubnetList": schema_openshift_api_network_v1_HostSubnetList(ref), + "github.com/openshift/api/network/v1.NetNamespace": schema_openshift_api_network_v1_NetNamespace(ref), + "github.com/openshift/api/network/v1.NetNamespaceList": schema_openshift_api_network_v1_NetNamespaceList(ref), + "github.com/openshift/api/network/v1alpha1.DNSNameResolver": schema_openshift_api_network_v1alpha1_DNSNameResolver(ref), + "github.com/openshift/api/network/v1alpha1.DNSNameResolverList": schema_openshift_api_network_v1alpha1_DNSNameResolverList(ref), + "github.com/openshift/api/network/v1alpha1.DNSNameResolverResolvedAddress": schema_openshift_api_network_v1alpha1_DNSNameResolverResolvedAddress(ref), + "github.com/openshift/api/network/v1alpha1.DNSNameResolverResolvedName": schema_openshift_api_network_v1alpha1_DNSNameResolverResolvedName(ref), + "github.com/openshift/api/network/v1alpha1.DNSNameResolverSpec": schema_openshift_api_network_v1alpha1_DNSNameResolverSpec(ref), + "github.com/openshift/api/network/v1alpha1.DNSNameResolverStatus": schema_openshift_api_network_v1alpha1_DNSNameResolverStatus(ref), + "github.com/openshift/api/networkoperator/v1.EgressRouter": schema_openshift_api_networkoperator_v1_EgressRouter(ref), + "github.com/openshift/api/networkoperator/v1.EgressRouterSpec": schema_openshift_api_networkoperator_v1_EgressRouterSpec(ref), + "github.com/openshift/api/oauth/v1.ClusterRoleScopeRestriction": schema_openshift_api_oauth_v1_ClusterRoleScopeRestriction(ref), + "github.com/openshift/api/oauth/v1.OAuthAccessToken": schema_openshift_api_oauth_v1_OAuthAccessToken(ref), + "github.com/openshift/api/oauth/v1.OAuthAccessTokenList": schema_openshift_api_oauth_v1_OAuthAccessTokenList(ref), + "github.com/openshift/api/oauth/v1.OAuthAuthorizeToken": schema_openshift_api_oauth_v1_OAuthAuthorizeToken(ref), + "github.com/openshift/api/oauth/v1.OAuthAuthorizeTokenList": schema_openshift_api_oauth_v1_OAuthAuthorizeTokenList(ref), + "github.com/openshift/api/oauth/v1.OAuthClient": schema_openshift_api_oauth_v1_OAuthClient(ref), + "github.com/openshift/api/oauth/v1.OAuthClientAuthorization": schema_openshift_api_oauth_v1_OAuthClientAuthorization(ref), + "github.com/openshift/api/oauth/v1.OAuthClientAuthorizationList": schema_openshift_api_oauth_v1_OAuthClientAuthorizationList(ref), + "github.com/openshift/api/oauth/v1.OAuthClientList": schema_openshift_api_oauth_v1_OAuthClientList(ref), + "github.com/openshift/api/oauth/v1.OAuthRedirectReference": schema_openshift_api_oauth_v1_OAuthRedirectReference(ref), + "github.com/openshift/api/oauth/v1.RedirectReference": schema_openshift_api_oauth_v1_RedirectReference(ref), + "github.com/openshift/api/oauth/v1.ScopeRestriction": schema_openshift_api_oauth_v1_ScopeRestriction(ref), + "github.com/openshift/api/oauth/v1.UserOAuthAccessToken": schema_openshift_api_oauth_v1_UserOAuthAccessToken(ref), + "github.com/openshift/api/oauth/v1.UserOAuthAccessTokenList": schema_openshift_api_oauth_v1_UserOAuthAccessTokenList(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.APIServers": schema_openshift_api_openshiftcontrolplane_v1_APIServers(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.BuildControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_BuildControllerConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.BuildDefaultsConfig": schema_openshift_api_openshiftcontrolplane_v1_BuildDefaultsConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.BuildOverridesConfig": schema_openshift_api_openshiftcontrolplane_v1_BuildOverridesConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.ClusterNetworkEntry": schema_openshift_api_openshiftcontrolplane_v1_ClusterNetworkEntry(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.DeployerControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_DeployerControllerConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.DockerPullSecretControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_DockerPullSecretControllerConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.FrontProxyConfig": schema_openshift_api_openshiftcontrolplane_v1_FrontProxyConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.ImageConfig": schema_openshift_api_openshiftcontrolplane_v1_ImageConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.ImageImportControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_ImageImportControllerConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.ImagePolicyConfig": schema_openshift_api_openshiftcontrolplane_v1_ImagePolicyConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.IngressControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_IngressControllerConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.JenkinsPipelineConfig": schema_openshift_api_openshiftcontrolplane_v1_JenkinsPipelineConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.NetworkControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_NetworkControllerConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.OpenShiftAPIServerConfig": schema_openshift_api_openshiftcontrolplane_v1_OpenShiftAPIServerConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.OpenShiftControllerManagerConfig": schema_openshift_api_openshiftcontrolplane_v1_OpenShiftControllerManagerConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.PerGroupOptions": schema_openshift_api_openshiftcontrolplane_v1_PerGroupOptions(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.ProjectConfig": schema_openshift_api_openshiftcontrolplane_v1_ProjectConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.RegistryLocation": schema_openshift_api_openshiftcontrolplane_v1_RegistryLocation(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.ResourceQuotaControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_ResourceQuotaControllerConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.RoutingConfig": schema_openshift_api_openshiftcontrolplane_v1_RoutingConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.SecurityAllocator": schema_openshift_api_openshiftcontrolplane_v1_SecurityAllocator(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.ServiceAccountControllerConfig": schema_openshift_api_openshiftcontrolplane_v1_ServiceAccountControllerConfig(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.ServiceServingCert": schema_openshift_api_openshiftcontrolplane_v1_ServiceServingCert(ref), + "github.com/openshift/api/openshiftcontrolplane/v1.SourceStrategyDefaultsConfig": schema_openshift_api_openshiftcontrolplane_v1_SourceStrategyDefaultsConfig(ref), + "github.com/openshift/api/operator/v1.AWSCSIDriverConfigSpec": schema_openshift_api_operator_v1_AWSCSIDriverConfigSpec(ref), + "github.com/openshift/api/operator/v1.AWSClassicLoadBalancerParameters": schema_openshift_api_operator_v1_AWSClassicLoadBalancerParameters(ref), + "github.com/openshift/api/operator/v1.AWSEFSVolumeMetrics": schema_openshift_api_operator_v1_AWSEFSVolumeMetrics(ref), + "github.com/openshift/api/operator/v1.AWSEFSVolumeMetricsRecursiveWalkConfig": schema_openshift_api_operator_v1_AWSEFSVolumeMetricsRecursiveWalkConfig(ref), + "github.com/openshift/api/operator/v1.AWSLoadBalancerParameters": schema_openshift_api_operator_v1_AWSLoadBalancerParameters(ref), + "github.com/openshift/api/operator/v1.AWSNetworkLoadBalancerParameters": schema_openshift_api_operator_v1_AWSNetworkLoadBalancerParameters(ref), + "github.com/openshift/api/operator/v1.AWSSubnets": schema_openshift_api_operator_v1_AWSSubnets(ref), + "github.com/openshift/api/operator/v1.AccessLogging": schema_openshift_api_operator_v1_AccessLogging(ref), + "github.com/openshift/api/operator/v1.AddPage": schema_openshift_api_operator_v1_AddPage(ref), + "github.com/openshift/api/operator/v1.AdditionalNetworkDefinition": schema_openshift_api_operator_v1_AdditionalNetworkDefinition(ref), + "github.com/openshift/api/operator/v1.AdditionalRoutingCapabilities": schema_openshift_api_operator_v1_AdditionalRoutingCapabilities(ref), + "github.com/openshift/api/operator/v1.Authentication": schema_openshift_api_operator_v1_Authentication(ref), + "github.com/openshift/api/operator/v1.AuthenticationList": schema_openshift_api_operator_v1_AuthenticationList(ref), + "github.com/openshift/api/operator/v1.AuthenticationSpec": schema_openshift_api_operator_v1_AuthenticationSpec(ref), + "github.com/openshift/api/operator/v1.AuthenticationStatus": schema_openshift_api_operator_v1_AuthenticationStatus(ref), + "github.com/openshift/api/operator/v1.AzureCSIDriverConfigSpec": schema_openshift_api_operator_v1_AzureCSIDriverConfigSpec(ref), + "github.com/openshift/api/operator/v1.AzureDiskEncryptionSet": schema_openshift_api_operator_v1_AzureDiskEncryptionSet(ref), + "github.com/openshift/api/operator/v1.BGPManagedConfig": schema_openshift_api_operator_v1_BGPManagedConfig(ref), + "github.com/openshift/api/operator/v1.BootImageSkewEnforcementConfig": schema_openshift_api_operator_v1_BootImageSkewEnforcementConfig(ref), + "github.com/openshift/api/operator/v1.BootImageSkewEnforcementStatus": schema_openshift_api_operator_v1_BootImageSkewEnforcementStatus(ref), + "github.com/openshift/api/operator/v1.CSIDriverConfigSpec": schema_openshift_api_operator_v1_CSIDriverConfigSpec(ref), + "github.com/openshift/api/operator/v1.CSISnapshotController": schema_openshift_api_operator_v1_CSISnapshotController(ref), + "github.com/openshift/api/operator/v1.CSISnapshotControllerList": schema_openshift_api_operator_v1_CSISnapshotControllerList(ref), + "github.com/openshift/api/operator/v1.CSISnapshotControllerSpec": schema_openshift_api_operator_v1_CSISnapshotControllerSpec(ref), + "github.com/openshift/api/operator/v1.CSISnapshotControllerStatus": schema_openshift_api_operator_v1_CSISnapshotControllerStatus(ref), + "github.com/openshift/api/operator/v1.Capability": schema_openshift_api_operator_v1_Capability(ref), + "github.com/openshift/api/operator/v1.CapabilityVisibility": schema_openshift_api_operator_v1_CapabilityVisibility(ref), + "github.com/openshift/api/operator/v1.ClientTLS": schema_openshift_api_operator_v1_ClientTLS(ref), + "github.com/openshift/api/operator/v1.CloudCredential": schema_openshift_api_operator_v1_CloudCredential(ref), + "github.com/openshift/api/operator/v1.CloudCredentialList": schema_openshift_api_operator_v1_CloudCredentialList(ref), + "github.com/openshift/api/operator/v1.CloudCredentialSpec": schema_openshift_api_operator_v1_CloudCredentialSpec(ref), + "github.com/openshift/api/operator/v1.CloudCredentialStatus": schema_openshift_api_operator_v1_CloudCredentialStatus(ref), + "github.com/openshift/api/operator/v1.ClusterBootImageAutomatic": schema_openshift_api_operator_v1_ClusterBootImageAutomatic(ref), + "github.com/openshift/api/operator/v1.ClusterBootImageManual": schema_openshift_api_operator_v1_ClusterBootImageManual(ref), + "github.com/openshift/api/operator/v1.ClusterCSIDriver": schema_openshift_api_operator_v1_ClusterCSIDriver(ref), + "github.com/openshift/api/operator/v1.ClusterCSIDriverList": schema_openshift_api_operator_v1_ClusterCSIDriverList(ref), + "github.com/openshift/api/operator/v1.ClusterCSIDriverSpec": schema_openshift_api_operator_v1_ClusterCSIDriverSpec(ref), + "github.com/openshift/api/operator/v1.ClusterCSIDriverStatus": schema_openshift_api_operator_v1_ClusterCSIDriverStatus(ref), + "github.com/openshift/api/operator/v1.ClusterNetworkEntry": schema_openshift_api_operator_v1_ClusterNetworkEntry(ref), + "github.com/openshift/api/operator/v1.Config": schema_openshift_api_operator_v1_Config(ref), + "github.com/openshift/api/operator/v1.ConfigList": schema_openshift_api_operator_v1_ConfigList(ref), + "github.com/openshift/api/operator/v1.ConfigMapFileReference": schema_openshift_api_operator_v1_ConfigMapFileReference(ref), + "github.com/openshift/api/operator/v1.ConfigSpec": schema_openshift_api_operator_v1_ConfigSpec(ref), + "github.com/openshift/api/operator/v1.ConfigStatus": schema_openshift_api_operator_v1_ConfigStatus(ref), + "github.com/openshift/api/operator/v1.Console": schema_openshift_api_operator_v1_Console(ref), + "github.com/openshift/api/operator/v1.ConsoleConfigRoute": schema_openshift_api_operator_v1_ConsoleConfigRoute(ref), + "github.com/openshift/api/operator/v1.ConsoleCustomization": schema_openshift_api_operator_v1_ConsoleCustomization(ref), + "github.com/openshift/api/operator/v1.ConsoleList": schema_openshift_api_operator_v1_ConsoleList(ref), + "github.com/openshift/api/operator/v1.ConsoleProviders": schema_openshift_api_operator_v1_ConsoleProviders(ref), + "github.com/openshift/api/operator/v1.ConsoleSpec": schema_openshift_api_operator_v1_ConsoleSpec(ref), + "github.com/openshift/api/operator/v1.ConsoleStatus": schema_openshift_api_operator_v1_ConsoleStatus(ref), + "github.com/openshift/api/operator/v1.ContainerLoggingDestinationParameters": schema_openshift_api_operator_v1_ContainerLoggingDestinationParameters(ref), + "github.com/openshift/api/operator/v1.DNS": schema_openshift_api_operator_v1_DNS(ref), + "github.com/openshift/api/operator/v1.DNSCache": schema_openshift_api_operator_v1_DNSCache(ref), + "github.com/openshift/api/operator/v1.DNSList": schema_openshift_api_operator_v1_DNSList(ref), + "github.com/openshift/api/operator/v1.DNSNodePlacement": schema_openshift_api_operator_v1_DNSNodePlacement(ref), + "github.com/openshift/api/operator/v1.DNSOverTLSConfig": schema_openshift_api_operator_v1_DNSOverTLSConfig(ref), + "github.com/openshift/api/operator/v1.DNSSpec": schema_openshift_api_operator_v1_DNSSpec(ref), + "github.com/openshift/api/operator/v1.DNSStatus": schema_openshift_api_operator_v1_DNSStatus(ref), + "github.com/openshift/api/operator/v1.DNSTransportConfig": schema_openshift_api_operator_v1_DNSTransportConfig(ref), + "github.com/openshift/api/operator/v1.DefaultNetworkDefinition": schema_openshift_api_operator_v1_DefaultNetworkDefinition(ref), + "github.com/openshift/api/operator/v1.DeveloperConsoleCatalogCategory": schema_openshift_api_operator_v1_DeveloperConsoleCatalogCategory(ref), + "github.com/openshift/api/operator/v1.DeveloperConsoleCatalogCategoryMeta": schema_openshift_api_operator_v1_DeveloperConsoleCatalogCategoryMeta(ref), + "github.com/openshift/api/operator/v1.DeveloperConsoleCatalogCustomization": schema_openshift_api_operator_v1_DeveloperConsoleCatalogCustomization(ref), + "github.com/openshift/api/operator/v1.DeveloperConsoleCatalogTypes": schema_openshift_api_operator_v1_DeveloperConsoleCatalogTypes(ref), + "github.com/openshift/api/operator/v1.EgressIPConfig": schema_openshift_api_operator_v1_EgressIPConfig(ref), + "github.com/openshift/api/operator/v1.EndpointPublishingStrategy": schema_openshift_api_operator_v1_EndpointPublishingStrategy(ref), + "github.com/openshift/api/operator/v1.Etcd": schema_openshift_api_operator_v1_Etcd(ref), + "github.com/openshift/api/operator/v1.EtcdList": schema_openshift_api_operator_v1_EtcdList(ref), + "github.com/openshift/api/operator/v1.EtcdSpec": schema_openshift_api_operator_v1_EtcdSpec(ref), + "github.com/openshift/api/operator/v1.EtcdStatus": schema_openshift_api_operator_v1_EtcdStatus(ref), + "github.com/openshift/api/operator/v1.ExportNetworkFlows": schema_openshift_api_operator_v1_ExportNetworkFlows(ref), + "github.com/openshift/api/operator/v1.FeaturesMigration": schema_openshift_api_operator_v1_FeaturesMigration(ref), + "github.com/openshift/api/operator/v1.FileReferenceSource": schema_openshift_api_operator_v1_FileReferenceSource(ref), + "github.com/openshift/api/operator/v1.ForwardPlugin": schema_openshift_api_operator_v1_ForwardPlugin(ref), + "github.com/openshift/api/operator/v1.GCPCSIDriverConfigSpec": schema_openshift_api_operator_v1_GCPCSIDriverConfigSpec(ref), + "github.com/openshift/api/operator/v1.GCPKMSKeyReference": schema_openshift_api_operator_v1_GCPKMSKeyReference(ref), + "github.com/openshift/api/operator/v1.GCPLoadBalancerParameters": schema_openshift_api_operator_v1_GCPLoadBalancerParameters(ref), + "github.com/openshift/api/operator/v1.GatewayConfig": schema_openshift_api_operator_v1_GatewayConfig(ref), + "github.com/openshift/api/operator/v1.GatherStatus": schema_openshift_api_operator_v1_GatherStatus(ref), + "github.com/openshift/api/operator/v1.GathererStatus": schema_openshift_api_operator_v1_GathererStatus(ref), + "github.com/openshift/api/operator/v1.GenerationStatus": schema_openshift_api_operator_v1_GenerationStatus(ref), + "github.com/openshift/api/operator/v1.HTTPCompressionPolicy": schema_openshift_api_operator_v1_HTTPCompressionPolicy(ref), + "github.com/openshift/api/operator/v1.HealthCheck": schema_openshift_api_operator_v1_HealthCheck(ref), + "github.com/openshift/api/operator/v1.HostNetworkStrategy": schema_openshift_api_operator_v1_HostNetworkStrategy(ref), + "github.com/openshift/api/operator/v1.HybridOverlayConfig": schema_openshift_api_operator_v1_HybridOverlayConfig(ref), + "github.com/openshift/api/operator/v1.IBMCloudCSIDriverConfigSpec": schema_openshift_api_operator_v1_IBMCloudCSIDriverConfigSpec(ref), + "github.com/openshift/api/operator/v1.IBMLoadBalancerParameters": schema_openshift_api_operator_v1_IBMLoadBalancerParameters(ref), + "github.com/openshift/api/operator/v1.IPAMConfig": schema_openshift_api_operator_v1_IPAMConfig(ref), + "github.com/openshift/api/operator/v1.IPFIXConfig": schema_openshift_api_operator_v1_IPFIXConfig(ref), + "github.com/openshift/api/operator/v1.IPsecConfig": schema_openshift_api_operator_v1_IPsecConfig(ref), + "github.com/openshift/api/operator/v1.IPsecFullModeConfig": schema_openshift_api_operator_v1_IPsecFullModeConfig(ref), + "github.com/openshift/api/operator/v1.IPv4GatewayConfig": schema_openshift_api_operator_v1_IPv4GatewayConfig(ref), + "github.com/openshift/api/operator/v1.IPv4OVNKubernetesConfig": schema_openshift_api_operator_v1_IPv4OVNKubernetesConfig(ref), + "github.com/openshift/api/operator/v1.IPv6GatewayConfig": schema_openshift_api_operator_v1_IPv6GatewayConfig(ref), + "github.com/openshift/api/operator/v1.IPv6OVNKubernetesConfig": schema_openshift_api_operator_v1_IPv6OVNKubernetesConfig(ref), + "github.com/openshift/api/operator/v1.Ingress": schema_openshift_api_operator_v1_Ingress(ref), + "github.com/openshift/api/operator/v1.IngressController": schema_openshift_api_operator_v1_IngressController(ref), + "github.com/openshift/api/operator/v1.IngressControllerCaptureHTTPCookie": schema_openshift_api_operator_v1_IngressControllerCaptureHTTPCookie(ref), + "github.com/openshift/api/operator/v1.IngressControllerCaptureHTTPCookieUnion": schema_openshift_api_operator_v1_IngressControllerCaptureHTTPCookieUnion(ref), + "github.com/openshift/api/operator/v1.IngressControllerCaptureHTTPHeader": schema_openshift_api_operator_v1_IngressControllerCaptureHTTPHeader(ref), + "github.com/openshift/api/operator/v1.IngressControllerCaptureHTTPHeaders": schema_openshift_api_operator_v1_IngressControllerCaptureHTTPHeaders(ref), + "github.com/openshift/api/operator/v1.IngressControllerHTTPHeader": schema_openshift_api_operator_v1_IngressControllerHTTPHeader(ref), + "github.com/openshift/api/operator/v1.IngressControllerHTTPHeaderActionUnion": schema_openshift_api_operator_v1_IngressControllerHTTPHeaderActionUnion(ref), + "github.com/openshift/api/operator/v1.IngressControllerHTTPHeaderActions": schema_openshift_api_operator_v1_IngressControllerHTTPHeaderActions(ref), + "github.com/openshift/api/operator/v1.IngressControllerHTTPHeaders": schema_openshift_api_operator_v1_IngressControllerHTTPHeaders(ref), + "github.com/openshift/api/operator/v1.IngressControllerHTTPUniqueIdHeaderPolicy": schema_openshift_api_operator_v1_IngressControllerHTTPUniqueIdHeaderPolicy(ref), + "github.com/openshift/api/operator/v1.IngressControllerList": schema_openshift_api_operator_v1_IngressControllerList(ref), + "github.com/openshift/api/operator/v1.IngressControllerLogging": schema_openshift_api_operator_v1_IngressControllerLogging(ref), + "github.com/openshift/api/operator/v1.IngressControllerSetHTTPHeader": schema_openshift_api_operator_v1_IngressControllerSetHTTPHeader(ref), + "github.com/openshift/api/operator/v1.IngressControllerSpec": schema_openshift_api_operator_v1_IngressControllerSpec(ref), + "github.com/openshift/api/operator/v1.IngressControllerStatus": schema_openshift_api_operator_v1_IngressControllerStatus(ref), + "github.com/openshift/api/operator/v1.IngressControllerTuningOptions": schema_openshift_api_operator_v1_IngressControllerTuningOptions(ref), + "github.com/openshift/api/operator/v1.InsightsOperator": schema_openshift_api_operator_v1_InsightsOperator(ref), + "github.com/openshift/api/operator/v1.InsightsOperatorList": schema_openshift_api_operator_v1_InsightsOperatorList(ref), + "github.com/openshift/api/operator/v1.InsightsOperatorSpec": schema_openshift_api_operator_v1_InsightsOperatorSpec(ref), + "github.com/openshift/api/operator/v1.InsightsOperatorStatus": schema_openshift_api_operator_v1_InsightsOperatorStatus(ref), + "github.com/openshift/api/operator/v1.InsightsReport": schema_openshift_api_operator_v1_InsightsReport(ref), + "github.com/openshift/api/operator/v1.IrreconcilableValidationOverrides": schema_openshift_api_operator_v1_IrreconcilableValidationOverrides(ref), + "github.com/openshift/api/operator/v1.KubeAPIServer": schema_openshift_api_operator_v1_KubeAPIServer(ref), + "github.com/openshift/api/operator/v1.KubeAPIServerList": schema_openshift_api_operator_v1_KubeAPIServerList(ref), + "github.com/openshift/api/operator/v1.KubeAPIServerSpec": schema_openshift_api_operator_v1_KubeAPIServerSpec(ref), + "github.com/openshift/api/operator/v1.KubeAPIServerStatus": schema_openshift_api_operator_v1_KubeAPIServerStatus(ref), + "github.com/openshift/api/operator/v1.KubeControllerManager": schema_openshift_api_operator_v1_KubeControllerManager(ref), + "github.com/openshift/api/operator/v1.KubeControllerManagerList": schema_openshift_api_operator_v1_KubeControllerManagerList(ref), + "github.com/openshift/api/operator/v1.KubeControllerManagerSpec": schema_openshift_api_operator_v1_KubeControllerManagerSpec(ref), + "github.com/openshift/api/operator/v1.KubeControllerManagerStatus": schema_openshift_api_operator_v1_KubeControllerManagerStatus(ref), + "github.com/openshift/api/operator/v1.KubeScheduler": schema_openshift_api_operator_v1_KubeScheduler(ref), + "github.com/openshift/api/operator/v1.KubeSchedulerList": schema_openshift_api_operator_v1_KubeSchedulerList(ref), + "github.com/openshift/api/operator/v1.KubeSchedulerSpec": schema_openshift_api_operator_v1_KubeSchedulerSpec(ref), + "github.com/openshift/api/operator/v1.KubeSchedulerStatus": schema_openshift_api_operator_v1_KubeSchedulerStatus(ref), + "github.com/openshift/api/operator/v1.KubeStorageVersionMigrator": schema_openshift_api_operator_v1_KubeStorageVersionMigrator(ref), + "github.com/openshift/api/operator/v1.KubeStorageVersionMigratorList": schema_openshift_api_operator_v1_KubeStorageVersionMigratorList(ref), + "github.com/openshift/api/operator/v1.KubeStorageVersionMigratorSpec": schema_openshift_api_operator_v1_KubeStorageVersionMigratorSpec(ref), + "github.com/openshift/api/operator/v1.KubeStorageVersionMigratorStatus": schema_openshift_api_operator_v1_KubeStorageVersionMigratorStatus(ref), + "github.com/openshift/api/operator/v1.LoadBalancerStrategy": schema_openshift_api_operator_v1_LoadBalancerStrategy(ref), + "github.com/openshift/api/operator/v1.LoggingDestination": schema_openshift_api_operator_v1_LoggingDestination(ref), + "github.com/openshift/api/operator/v1.Logo": schema_openshift_api_operator_v1_Logo(ref), + "github.com/openshift/api/operator/v1.MTUMigration": schema_openshift_api_operator_v1_MTUMigration(ref), + "github.com/openshift/api/operator/v1.MTUMigrationValues": schema_openshift_api_operator_v1_MTUMigrationValues(ref), + "github.com/openshift/api/operator/v1.MachineConfiguration": schema_openshift_api_operator_v1_MachineConfiguration(ref), + "github.com/openshift/api/operator/v1.MachineConfigurationList": schema_openshift_api_operator_v1_MachineConfigurationList(ref), + "github.com/openshift/api/operator/v1.MachineConfigurationSpec": schema_openshift_api_operator_v1_MachineConfigurationSpec(ref), + "github.com/openshift/api/operator/v1.MachineConfigurationStatus": schema_openshift_api_operator_v1_MachineConfigurationStatus(ref), + "github.com/openshift/api/operator/v1.MachineManager": schema_openshift_api_operator_v1_MachineManager(ref), + "github.com/openshift/api/operator/v1.MachineManagerSelector": schema_openshift_api_operator_v1_MachineManagerSelector(ref), + "github.com/openshift/api/operator/v1.ManagedBootImages": schema_openshift_api_operator_v1_ManagedBootImages(ref), + "github.com/openshift/api/operator/v1.MyOperatorResource": schema_openshift_api_operator_v1_MyOperatorResource(ref), + "github.com/openshift/api/operator/v1.MyOperatorResourceSpec": schema_openshift_api_operator_v1_MyOperatorResourceSpec(ref), + "github.com/openshift/api/operator/v1.MyOperatorResourceStatus": schema_openshift_api_operator_v1_MyOperatorResourceStatus(ref), + "github.com/openshift/api/operator/v1.NetFlowConfig": schema_openshift_api_operator_v1_NetFlowConfig(ref), + "github.com/openshift/api/operator/v1.Network": schema_openshift_api_operator_v1_Network(ref), + "github.com/openshift/api/operator/v1.NetworkList": schema_openshift_api_operator_v1_NetworkList(ref), + "github.com/openshift/api/operator/v1.NetworkMigration": schema_openshift_api_operator_v1_NetworkMigration(ref), + "github.com/openshift/api/operator/v1.NetworkSpec": schema_openshift_api_operator_v1_NetworkSpec(ref), + "github.com/openshift/api/operator/v1.NetworkStatus": schema_openshift_api_operator_v1_NetworkStatus(ref), + "github.com/openshift/api/operator/v1.NoOverlayConfig": schema_openshift_api_operator_v1_NoOverlayConfig(ref), + "github.com/openshift/api/operator/v1.NodeDisruptionPolicyClusterStatus": schema_openshift_api_operator_v1_NodeDisruptionPolicyClusterStatus(ref), + "github.com/openshift/api/operator/v1.NodeDisruptionPolicyConfig": schema_openshift_api_operator_v1_NodeDisruptionPolicyConfig(ref), + "github.com/openshift/api/operator/v1.NodeDisruptionPolicySpecAction": schema_openshift_api_operator_v1_NodeDisruptionPolicySpecAction(ref), + "github.com/openshift/api/operator/v1.NodeDisruptionPolicySpecFile": schema_openshift_api_operator_v1_NodeDisruptionPolicySpecFile(ref), + "github.com/openshift/api/operator/v1.NodeDisruptionPolicySpecSSHKey": schema_openshift_api_operator_v1_NodeDisruptionPolicySpecSSHKey(ref), + "github.com/openshift/api/operator/v1.NodeDisruptionPolicySpecUnit": schema_openshift_api_operator_v1_NodeDisruptionPolicySpecUnit(ref), + "github.com/openshift/api/operator/v1.NodeDisruptionPolicyStatus": schema_openshift_api_operator_v1_NodeDisruptionPolicyStatus(ref), + "github.com/openshift/api/operator/v1.NodeDisruptionPolicyStatusAction": schema_openshift_api_operator_v1_NodeDisruptionPolicyStatusAction(ref), + "github.com/openshift/api/operator/v1.NodeDisruptionPolicyStatusFile": schema_openshift_api_operator_v1_NodeDisruptionPolicyStatusFile(ref), + "github.com/openshift/api/operator/v1.NodeDisruptionPolicyStatusSSHKey": schema_openshift_api_operator_v1_NodeDisruptionPolicyStatusSSHKey(ref), + "github.com/openshift/api/operator/v1.NodeDisruptionPolicyStatusUnit": schema_openshift_api_operator_v1_NodeDisruptionPolicyStatusUnit(ref), + "github.com/openshift/api/operator/v1.NodePlacement": schema_openshift_api_operator_v1_NodePlacement(ref), + "github.com/openshift/api/operator/v1.NodePortStrategy": schema_openshift_api_operator_v1_NodePortStrategy(ref), + "github.com/openshift/api/operator/v1.NodeStatus": schema_openshift_api_operator_v1_NodeStatus(ref), + "github.com/openshift/api/operator/v1.OAuthAPIServerStatus": schema_openshift_api_operator_v1_OAuthAPIServerStatus(ref), + "github.com/openshift/api/operator/v1.OLM": schema_openshift_api_operator_v1_OLM(ref), + "github.com/openshift/api/operator/v1.OLMList": schema_openshift_api_operator_v1_OLMList(ref), + "github.com/openshift/api/operator/v1.OLMSpec": schema_openshift_api_operator_v1_OLMSpec(ref), + "github.com/openshift/api/operator/v1.OLMStatus": schema_openshift_api_operator_v1_OLMStatus(ref), + "github.com/openshift/api/operator/v1.OVNKubernetesConfig": schema_openshift_api_operator_v1_OVNKubernetesConfig(ref), + "github.com/openshift/api/operator/v1.OpenShiftAPIServer": schema_openshift_api_operator_v1_OpenShiftAPIServer(ref), + "github.com/openshift/api/operator/v1.OpenShiftAPIServerList": schema_openshift_api_operator_v1_OpenShiftAPIServerList(ref), + "github.com/openshift/api/operator/v1.OpenShiftAPIServerSpec": schema_openshift_api_operator_v1_OpenShiftAPIServerSpec(ref), + "github.com/openshift/api/operator/v1.OpenShiftAPIServerStatus": schema_openshift_api_operator_v1_OpenShiftAPIServerStatus(ref), + "github.com/openshift/api/operator/v1.OpenShiftControllerManager": schema_openshift_api_operator_v1_OpenShiftControllerManager(ref), + "github.com/openshift/api/operator/v1.OpenShiftControllerManagerList": schema_openshift_api_operator_v1_OpenShiftControllerManagerList(ref), + "github.com/openshift/api/operator/v1.OpenShiftControllerManagerSpec": schema_openshift_api_operator_v1_OpenShiftControllerManagerSpec(ref), + "github.com/openshift/api/operator/v1.OpenShiftControllerManagerStatus": schema_openshift_api_operator_v1_OpenShiftControllerManagerStatus(ref), + "github.com/openshift/api/operator/v1.OpenShiftSDNConfig": schema_openshift_api_operator_v1_OpenShiftSDNConfig(ref), + "github.com/openshift/api/operator/v1.OpenStackLoadBalancerParameters": schema_openshift_api_operator_v1_OpenStackLoadBalancerParameters(ref), + "github.com/openshift/api/operator/v1.OperatorCondition": schema_openshift_api_operator_v1_OperatorCondition(ref), + "github.com/openshift/api/operator/v1.OperatorSpec": schema_openshift_api_operator_v1_OperatorSpec(ref), + "github.com/openshift/api/operator/v1.OperatorStatus": schema_openshift_api_operator_v1_OperatorStatus(ref), + "github.com/openshift/api/operator/v1.PartialSelector": schema_openshift_api_operator_v1_PartialSelector(ref), + "github.com/openshift/api/operator/v1.Perspective": schema_openshift_api_operator_v1_Perspective(ref), + "github.com/openshift/api/operator/v1.PerspectiveVisibility": schema_openshift_api_operator_v1_PerspectiveVisibility(ref), + "github.com/openshift/api/operator/v1.PinnedResourceReference": schema_openshift_api_operator_v1_PinnedResourceReference(ref), + "github.com/openshift/api/operator/v1.PolicyAuditConfig": schema_openshift_api_operator_v1_PolicyAuditConfig(ref), + "github.com/openshift/api/operator/v1.PrivateStrategy": schema_openshift_api_operator_v1_PrivateStrategy(ref), + "github.com/openshift/api/operator/v1.ProjectAccess": schema_openshift_api_operator_v1_ProjectAccess(ref), + "github.com/openshift/api/operator/v1.ProviderLoadBalancerParameters": schema_openshift_api_operator_v1_ProviderLoadBalancerParameters(ref), + "github.com/openshift/api/operator/v1.ProxyConfig": schema_openshift_api_operator_v1_ProxyConfig(ref), + "github.com/openshift/api/operator/v1.QuickStarts": schema_openshift_api_operator_v1_QuickStarts(ref), + "github.com/openshift/api/operator/v1.ReloadService": schema_openshift_api_operator_v1_ReloadService(ref), + "github.com/openshift/api/operator/v1.ResourceAttributesAccessReview": schema_openshift_api_operator_v1_ResourceAttributesAccessReview(ref), + "github.com/openshift/api/operator/v1.RestartService": schema_openshift_api_operator_v1_RestartService(ref), + "github.com/openshift/api/operator/v1.RouteAdmissionPolicy": schema_openshift_api_operator_v1_RouteAdmissionPolicy(ref), + "github.com/openshift/api/operator/v1.SFlowConfig": schema_openshift_api_operator_v1_SFlowConfig(ref), + "github.com/openshift/api/operator/v1.Server": schema_openshift_api_operator_v1_Server(ref), + "github.com/openshift/api/operator/v1.ServiceAccountIssuerStatus": schema_openshift_api_operator_v1_ServiceAccountIssuerStatus(ref), + "github.com/openshift/api/operator/v1.ServiceCA": schema_openshift_api_operator_v1_ServiceCA(ref), + "github.com/openshift/api/operator/v1.ServiceCAList": schema_openshift_api_operator_v1_ServiceCAList(ref), + "github.com/openshift/api/operator/v1.ServiceCASpec": schema_openshift_api_operator_v1_ServiceCASpec(ref), + "github.com/openshift/api/operator/v1.ServiceCAStatus": schema_openshift_api_operator_v1_ServiceCAStatus(ref), + "github.com/openshift/api/operator/v1.ServiceCatalogAPIServer": schema_openshift_api_operator_v1_ServiceCatalogAPIServer(ref), + "github.com/openshift/api/operator/v1.ServiceCatalogAPIServerList": schema_openshift_api_operator_v1_ServiceCatalogAPIServerList(ref), + "github.com/openshift/api/operator/v1.ServiceCatalogAPIServerSpec": schema_openshift_api_operator_v1_ServiceCatalogAPIServerSpec(ref), + "github.com/openshift/api/operator/v1.ServiceCatalogAPIServerStatus": schema_openshift_api_operator_v1_ServiceCatalogAPIServerStatus(ref), + "github.com/openshift/api/operator/v1.ServiceCatalogControllerManager": schema_openshift_api_operator_v1_ServiceCatalogControllerManager(ref), + "github.com/openshift/api/operator/v1.ServiceCatalogControllerManagerList": schema_openshift_api_operator_v1_ServiceCatalogControllerManagerList(ref), + "github.com/openshift/api/operator/v1.ServiceCatalogControllerManagerSpec": schema_openshift_api_operator_v1_ServiceCatalogControllerManagerSpec(ref), + "github.com/openshift/api/operator/v1.ServiceCatalogControllerManagerStatus": schema_openshift_api_operator_v1_ServiceCatalogControllerManagerStatus(ref), + "github.com/openshift/api/operator/v1.SimpleMacvlanConfig": schema_openshift_api_operator_v1_SimpleMacvlanConfig(ref), + "github.com/openshift/api/operator/v1.StaticIPAMAddresses": schema_openshift_api_operator_v1_StaticIPAMAddresses(ref), + "github.com/openshift/api/operator/v1.StaticIPAMConfig": schema_openshift_api_operator_v1_StaticIPAMConfig(ref), + "github.com/openshift/api/operator/v1.StaticIPAMDNS": schema_openshift_api_operator_v1_StaticIPAMDNS(ref), + "github.com/openshift/api/operator/v1.StaticIPAMRoutes": schema_openshift_api_operator_v1_StaticIPAMRoutes(ref), + "github.com/openshift/api/operator/v1.StaticPodOperatorSpec": schema_openshift_api_operator_v1_StaticPodOperatorSpec(ref), + "github.com/openshift/api/operator/v1.StaticPodOperatorStatus": schema_openshift_api_operator_v1_StaticPodOperatorStatus(ref), + "github.com/openshift/api/operator/v1.StatuspageProvider": schema_openshift_api_operator_v1_StatuspageProvider(ref), + "github.com/openshift/api/operator/v1.Storage": schema_openshift_api_operator_v1_Storage(ref), + "github.com/openshift/api/operator/v1.StorageList": schema_openshift_api_operator_v1_StorageList(ref), + "github.com/openshift/api/operator/v1.StorageSpec": schema_openshift_api_operator_v1_StorageSpec(ref), + "github.com/openshift/api/operator/v1.StorageStatus": schema_openshift_api_operator_v1_StorageStatus(ref), + "github.com/openshift/api/operator/v1.SyslogLoggingDestinationParameters": schema_openshift_api_operator_v1_SyslogLoggingDestinationParameters(ref), + "github.com/openshift/api/operator/v1.Theme": schema_openshift_api_operator_v1_Theme(ref), + "github.com/openshift/api/operator/v1.Upstream": schema_openshift_api_operator_v1_Upstream(ref), + "github.com/openshift/api/operator/v1.UpstreamResolvers": schema_openshift_api_operator_v1_UpstreamResolvers(ref), + "github.com/openshift/api/operator/v1.VSphereCSIDriverConfigSpec": schema_openshift_api_operator_v1_VSphereCSIDriverConfigSpec(ref), + "github.com/openshift/api/operator/v1alpha1.BackupJobReference": schema_openshift_api_operator_v1alpha1_BackupJobReference(ref), + "github.com/openshift/api/operator/v1alpha1.ClusterAPI": schema_openshift_api_operator_v1alpha1_ClusterAPI(ref), + "github.com/openshift/api/operator/v1alpha1.ClusterAPIInstallerComponent": schema_openshift_api_operator_v1alpha1_ClusterAPIInstallerComponent(ref), + "github.com/openshift/api/operator/v1alpha1.ClusterAPIInstallerComponentImage": schema_openshift_api_operator_v1alpha1_ClusterAPIInstallerComponentImage(ref), + "github.com/openshift/api/operator/v1alpha1.ClusterAPIInstallerRevision": schema_openshift_api_operator_v1alpha1_ClusterAPIInstallerRevision(ref), + "github.com/openshift/api/operator/v1alpha1.ClusterAPIList": schema_openshift_api_operator_v1alpha1_ClusterAPIList(ref), + "github.com/openshift/api/operator/v1alpha1.ClusterAPISpec": schema_openshift_api_operator_v1alpha1_ClusterAPISpec(ref), + "github.com/openshift/api/operator/v1alpha1.ClusterAPIStatus": schema_openshift_api_operator_v1alpha1_ClusterAPIStatus(ref), + "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperator": schema_openshift_api_operator_v1alpha1_ClusterVersionOperator(ref), + "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperatorList": schema_openshift_api_operator_v1alpha1_ClusterVersionOperatorList(ref), + "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperatorSpec": schema_openshift_api_operator_v1alpha1_ClusterVersionOperatorSpec(ref), + "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperatorStatus": schema_openshift_api_operator_v1alpha1_ClusterVersionOperatorStatus(ref), + "github.com/openshift/api/operator/v1alpha1.DelegatedAuthentication": schema_openshift_api_operator_v1alpha1_DelegatedAuthentication(ref), + "github.com/openshift/api/operator/v1alpha1.DelegatedAuthorization": schema_openshift_api_operator_v1alpha1_DelegatedAuthorization(ref), + "github.com/openshift/api/operator/v1alpha1.EtcdBackup": schema_openshift_api_operator_v1alpha1_EtcdBackup(ref), + "github.com/openshift/api/operator/v1alpha1.EtcdBackupList": schema_openshift_api_operator_v1alpha1_EtcdBackupList(ref), + "github.com/openshift/api/operator/v1alpha1.EtcdBackupSpec": schema_openshift_api_operator_v1alpha1_EtcdBackupSpec(ref), + "github.com/openshift/api/operator/v1alpha1.EtcdBackupStatus": schema_openshift_api_operator_v1alpha1_EtcdBackupStatus(ref), + "github.com/openshift/api/operator/v1alpha1.GenerationHistory": schema_openshift_api_operator_v1alpha1_GenerationHistory(ref), + "github.com/openshift/api/operator/v1alpha1.GenericOperatorConfig": schema_openshift_api_operator_v1alpha1_GenericOperatorConfig(ref), + "github.com/openshift/api/operator/v1alpha1.ImageContentSourcePolicy": schema_openshift_api_operator_v1alpha1_ImageContentSourcePolicy(ref), + "github.com/openshift/api/operator/v1alpha1.ImageContentSourcePolicyList": schema_openshift_api_operator_v1alpha1_ImageContentSourcePolicyList(ref), + "github.com/openshift/api/operator/v1alpha1.ImageContentSourcePolicySpec": schema_openshift_api_operator_v1alpha1_ImageContentSourcePolicySpec(ref), + "github.com/openshift/api/operator/v1alpha1.LoggingConfig": schema_openshift_api_operator_v1alpha1_LoggingConfig(ref), + "github.com/openshift/api/operator/v1alpha1.NodeStatus": schema_openshift_api_operator_v1alpha1_NodeStatus(ref), + "github.com/openshift/api/operator/v1alpha1.OLM": schema_openshift_api_operator_v1alpha1_OLM(ref), + "github.com/openshift/api/operator/v1alpha1.OLMList": schema_openshift_api_operator_v1alpha1_OLMList(ref), + "github.com/openshift/api/operator/v1alpha1.OLMSpec": schema_openshift_api_operator_v1alpha1_OLMSpec(ref), + "github.com/openshift/api/operator/v1alpha1.OLMStatus": schema_openshift_api_operator_v1alpha1_OLMStatus(ref), + "github.com/openshift/api/operator/v1alpha1.OperatorCondition": schema_openshift_api_operator_v1alpha1_OperatorCondition(ref), + "github.com/openshift/api/operator/v1alpha1.OperatorSpec": schema_openshift_api_operator_v1alpha1_OperatorSpec(ref), + "github.com/openshift/api/operator/v1alpha1.OperatorStatus": schema_openshift_api_operator_v1alpha1_OperatorStatus(ref), + "github.com/openshift/api/operator/v1alpha1.RepositoryDigestMirrors": schema_openshift_api_operator_v1alpha1_RepositoryDigestMirrors(ref), + "github.com/openshift/api/operator/v1alpha1.StaticPodOperatorStatus": schema_openshift_api_operator_v1alpha1_StaticPodOperatorStatus(ref), + "github.com/openshift/api/operator/v1alpha1.VersionAvailability": schema_openshift_api_operator_v1alpha1_VersionAvailability(ref), + "github.com/openshift/api/operatorcontrolplane/v1alpha1.LogEntry": schema_openshift_api_operatorcontrolplane_v1alpha1_LogEntry(ref), + "github.com/openshift/api/operatorcontrolplane/v1alpha1.OutageEntry": schema_openshift_api_operatorcontrolplane_v1alpha1_OutageEntry(ref), + "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheck": schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheck(ref), + "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckCondition": schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheckCondition(ref), + "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckList": schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheckList(ref), + "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckSpec": schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheckSpec(ref), + "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckStatus": schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheckStatus(ref), + "github.com/openshift/api/operatoringress/v1.DNSRecord": schema_openshift_api_operatoringress_v1_DNSRecord(ref), + "github.com/openshift/api/operatoringress/v1.DNSRecordList": schema_openshift_api_operatoringress_v1_DNSRecordList(ref), + "github.com/openshift/api/operatoringress/v1.DNSRecordSpec": schema_openshift_api_operatoringress_v1_DNSRecordSpec(ref), + "github.com/openshift/api/operatoringress/v1.DNSRecordStatus": schema_openshift_api_operatoringress_v1_DNSRecordStatus(ref), + "github.com/openshift/api/operatoringress/v1.DNSZoneCondition": schema_openshift_api_operatoringress_v1_DNSZoneCondition(ref), + "github.com/openshift/api/operatoringress/v1.DNSZoneStatus": schema_openshift_api_operatoringress_v1_DNSZoneStatus(ref), + "github.com/openshift/api/osin/v1.AllowAllPasswordIdentityProvider": schema_openshift_api_osin_v1_AllowAllPasswordIdentityProvider(ref), + "github.com/openshift/api/osin/v1.BasicAuthPasswordIdentityProvider": schema_openshift_api_osin_v1_BasicAuthPasswordIdentityProvider(ref), + "github.com/openshift/api/osin/v1.DenyAllPasswordIdentityProvider": schema_openshift_api_osin_v1_DenyAllPasswordIdentityProvider(ref), + "github.com/openshift/api/osin/v1.GitHubIdentityProvider": schema_openshift_api_osin_v1_GitHubIdentityProvider(ref), + "github.com/openshift/api/osin/v1.GitLabIdentityProvider": schema_openshift_api_osin_v1_GitLabIdentityProvider(ref), + "github.com/openshift/api/osin/v1.GoogleIdentityProvider": schema_openshift_api_osin_v1_GoogleIdentityProvider(ref), + "github.com/openshift/api/osin/v1.GrantConfig": schema_openshift_api_osin_v1_GrantConfig(ref), + "github.com/openshift/api/osin/v1.HTPasswdPasswordIdentityProvider": schema_openshift_api_osin_v1_HTPasswdPasswordIdentityProvider(ref), + "github.com/openshift/api/osin/v1.IdentityProvider": schema_openshift_api_osin_v1_IdentityProvider(ref), + "github.com/openshift/api/osin/v1.KeystonePasswordIdentityProvider": schema_openshift_api_osin_v1_KeystonePasswordIdentityProvider(ref), + "github.com/openshift/api/osin/v1.LDAPAttributeMapping": schema_openshift_api_osin_v1_LDAPAttributeMapping(ref), + "github.com/openshift/api/osin/v1.LDAPPasswordIdentityProvider": schema_openshift_api_osin_v1_LDAPPasswordIdentityProvider(ref), + "github.com/openshift/api/osin/v1.OAuthConfig": schema_openshift_api_osin_v1_OAuthConfig(ref), + "github.com/openshift/api/osin/v1.OAuthTemplates": schema_openshift_api_osin_v1_OAuthTemplates(ref), + "github.com/openshift/api/osin/v1.OpenIDClaims": schema_openshift_api_osin_v1_OpenIDClaims(ref), + "github.com/openshift/api/osin/v1.OpenIDIdentityProvider": schema_openshift_api_osin_v1_OpenIDIdentityProvider(ref), + "github.com/openshift/api/osin/v1.OpenIDURLs": schema_openshift_api_osin_v1_OpenIDURLs(ref), + "github.com/openshift/api/osin/v1.OsinServerConfig": schema_openshift_api_osin_v1_OsinServerConfig(ref), + "github.com/openshift/api/osin/v1.RequestHeaderIdentityProvider": schema_openshift_api_osin_v1_RequestHeaderIdentityProvider(ref), + "github.com/openshift/api/osin/v1.SessionConfig": schema_openshift_api_osin_v1_SessionConfig(ref), + "github.com/openshift/api/osin/v1.SessionSecret": schema_openshift_api_osin_v1_SessionSecret(ref), + "github.com/openshift/api/osin/v1.SessionSecrets": schema_openshift_api_osin_v1_SessionSecrets(ref), + "github.com/openshift/api/osin/v1.TokenConfig": schema_openshift_api_osin_v1_TokenConfig(ref), + "github.com/openshift/api/project/v1.Project": schema_openshift_api_project_v1_Project(ref), + "github.com/openshift/api/project/v1.ProjectList": schema_openshift_api_project_v1_ProjectList(ref), + "github.com/openshift/api/project/v1.ProjectRequest": schema_openshift_api_project_v1_ProjectRequest(ref), + "github.com/openshift/api/project/v1.ProjectSpec": schema_openshift_api_project_v1_ProjectSpec(ref), + "github.com/openshift/api/project/v1.ProjectStatus": schema_openshift_api_project_v1_ProjectStatus(ref), + "github.com/openshift/api/quota/v1.AppliedClusterResourceQuota": schema_openshift_api_quota_v1_AppliedClusterResourceQuota(ref), + "github.com/openshift/api/quota/v1.AppliedClusterResourceQuotaList": schema_openshift_api_quota_v1_AppliedClusterResourceQuotaList(ref), + "github.com/openshift/api/quota/v1.ClusterResourceQuota": schema_openshift_api_quota_v1_ClusterResourceQuota(ref), + "github.com/openshift/api/quota/v1.ClusterResourceQuotaList": schema_openshift_api_quota_v1_ClusterResourceQuotaList(ref), + "github.com/openshift/api/quota/v1.ClusterResourceQuotaSelector": schema_openshift_api_quota_v1_ClusterResourceQuotaSelector(ref), + "github.com/openshift/api/quota/v1.ClusterResourceQuotaSpec": schema_openshift_api_quota_v1_ClusterResourceQuotaSpec(ref), + "github.com/openshift/api/quota/v1.ClusterResourceQuotaStatus": schema_openshift_api_quota_v1_ClusterResourceQuotaStatus(ref), + "github.com/openshift/api/quota/v1.ResourceQuotaStatusByNamespace": schema_openshift_api_quota_v1_ResourceQuotaStatusByNamespace(ref), + "github.com/openshift/api/route/v1.LocalObjectReference": schema_openshift_api_route_v1_LocalObjectReference(ref), + "github.com/openshift/api/route/v1.Route": schema_openshift_api_route_v1_Route(ref), + "github.com/openshift/api/route/v1.RouteHTTPHeader": schema_openshift_api_route_v1_RouteHTTPHeader(ref), + "github.com/openshift/api/route/v1.RouteHTTPHeaderActionUnion": schema_openshift_api_route_v1_RouteHTTPHeaderActionUnion(ref), + "github.com/openshift/api/route/v1.RouteHTTPHeaderActions": schema_openshift_api_route_v1_RouteHTTPHeaderActions(ref), + "github.com/openshift/api/route/v1.RouteHTTPHeaders": schema_openshift_api_route_v1_RouteHTTPHeaders(ref), + "github.com/openshift/api/route/v1.RouteIngress": schema_openshift_api_route_v1_RouteIngress(ref), + "github.com/openshift/api/route/v1.RouteIngressCondition": schema_openshift_api_route_v1_RouteIngressCondition(ref), + "github.com/openshift/api/route/v1.RouteList": schema_openshift_api_route_v1_RouteList(ref), + "github.com/openshift/api/route/v1.RoutePort": schema_openshift_api_route_v1_RoutePort(ref), + "github.com/openshift/api/route/v1.RouteSetHTTPHeader": schema_openshift_api_route_v1_RouteSetHTTPHeader(ref), + "github.com/openshift/api/route/v1.RouteSpec": schema_openshift_api_route_v1_RouteSpec(ref), + "github.com/openshift/api/route/v1.RouteStatus": schema_openshift_api_route_v1_RouteStatus(ref), + "github.com/openshift/api/route/v1.RouteTargetReference": schema_openshift_api_route_v1_RouteTargetReference(ref), + "github.com/openshift/api/route/v1.RouterShard": schema_openshift_api_route_v1_RouterShard(ref), + "github.com/openshift/api/route/v1.TLSConfig": schema_openshift_api_route_v1_TLSConfig(ref), + "github.com/openshift/api/samples/v1.Config": schema_openshift_api_samples_v1_Config(ref), + "github.com/openshift/api/samples/v1.ConfigCondition": schema_openshift_api_samples_v1_ConfigCondition(ref), + "github.com/openshift/api/samples/v1.ConfigList": schema_openshift_api_samples_v1_ConfigList(ref), + "github.com/openshift/api/samples/v1.ConfigSpec": schema_openshift_api_samples_v1_ConfigSpec(ref), + "github.com/openshift/api/samples/v1.ConfigStatus": schema_openshift_api_samples_v1_ConfigStatus(ref), + "github.com/openshift/api/security/v1.AllowedFlexVolume": schema_openshift_api_security_v1_AllowedFlexVolume(ref), + "github.com/openshift/api/security/v1.FSGroupStrategyOptions": schema_openshift_api_security_v1_FSGroupStrategyOptions(ref), + "github.com/openshift/api/security/v1.IDRange": schema_openshift_api_security_v1_IDRange(ref), + "github.com/openshift/api/security/v1.PodSecurityPolicyReview": schema_openshift_api_security_v1_PodSecurityPolicyReview(ref), + "github.com/openshift/api/security/v1.PodSecurityPolicyReviewSpec": schema_openshift_api_security_v1_PodSecurityPolicyReviewSpec(ref), + "github.com/openshift/api/security/v1.PodSecurityPolicyReviewStatus": schema_openshift_api_security_v1_PodSecurityPolicyReviewStatus(ref), + "github.com/openshift/api/security/v1.PodSecurityPolicySelfSubjectReview": schema_openshift_api_security_v1_PodSecurityPolicySelfSubjectReview(ref), + "github.com/openshift/api/security/v1.PodSecurityPolicySelfSubjectReviewSpec": schema_openshift_api_security_v1_PodSecurityPolicySelfSubjectReviewSpec(ref), + "github.com/openshift/api/security/v1.PodSecurityPolicySubjectReview": schema_openshift_api_security_v1_PodSecurityPolicySubjectReview(ref), + "github.com/openshift/api/security/v1.PodSecurityPolicySubjectReviewSpec": schema_openshift_api_security_v1_PodSecurityPolicySubjectReviewSpec(ref), + "github.com/openshift/api/security/v1.PodSecurityPolicySubjectReviewStatus": schema_openshift_api_security_v1_PodSecurityPolicySubjectReviewStatus(ref), + "github.com/openshift/api/security/v1.RangeAllocation": schema_openshift_api_security_v1_RangeAllocation(ref), + "github.com/openshift/api/security/v1.RangeAllocationList": schema_openshift_api_security_v1_RangeAllocationList(ref), + "github.com/openshift/api/security/v1.RunAsUserStrategyOptions": schema_openshift_api_security_v1_RunAsUserStrategyOptions(ref), + "github.com/openshift/api/security/v1.SELinuxContextStrategyOptions": schema_openshift_api_security_v1_SELinuxContextStrategyOptions(ref), + "github.com/openshift/api/security/v1.SecurityContextConstraints": schema_openshift_api_security_v1_SecurityContextConstraints(ref), + "github.com/openshift/api/security/v1.SecurityContextConstraintsList": schema_openshift_api_security_v1_SecurityContextConstraintsList(ref), + "github.com/openshift/api/security/v1.ServiceAccountPodSecurityPolicyReviewStatus": schema_openshift_api_security_v1_ServiceAccountPodSecurityPolicyReviewStatus(ref), + "github.com/openshift/api/security/v1.SupplementalGroupsStrategyOptions": schema_openshift_api_security_v1_SupplementalGroupsStrategyOptions(ref), + "github.com/openshift/api/securityinternal/v1.RangeAllocation": schema_openshift_api_securityinternal_v1_RangeAllocation(ref), + "github.com/openshift/api/securityinternal/v1.RangeAllocationList": schema_openshift_api_securityinternal_v1_RangeAllocationList(ref), + "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfig": schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorConfig(ref), + "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfigList": schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorConfigList(ref), + "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfigSpec": schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorConfigSpec(ref), + "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfigStatus": schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorConfigStatus(ref), + "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMap": schema_openshift_api_sharedresource_v1alpha1_SharedConfigMap(ref), + "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMapList": schema_openshift_api_sharedresource_v1alpha1_SharedConfigMapList(ref), + "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMapReference": schema_openshift_api_sharedresource_v1alpha1_SharedConfigMapReference(ref), + "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMapSpec": schema_openshift_api_sharedresource_v1alpha1_SharedConfigMapSpec(ref), + "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMapStatus": schema_openshift_api_sharedresource_v1alpha1_SharedConfigMapStatus(ref), + "github.com/openshift/api/sharedresource/v1alpha1.SharedSecret": schema_openshift_api_sharedresource_v1alpha1_SharedSecret(ref), + "github.com/openshift/api/sharedresource/v1alpha1.SharedSecretList": schema_openshift_api_sharedresource_v1alpha1_SharedSecretList(ref), + "github.com/openshift/api/sharedresource/v1alpha1.SharedSecretReference": schema_openshift_api_sharedresource_v1alpha1_SharedSecretReference(ref), + "github.com/openshift/api/sharedresource/v1alpha1.SharedSecretSpec": schema_openshift_api_sharedresource_v1alpha1_SharedSecretSpec(ref), + "github.com/openshift/api/sharedresource/v1alpha1.SharedSecretStatus": schema_openshift_api_sharedresource_v1alpha1_SharedSecretStatus(ref), + "github.com/openshift/api/template/v1.BrokerTemplateInstance": schema_openshift_api_template_v1_BrokerTemplateInstance(ref), + "github.com/openshift/api/template/v1.BrokerTemplateInstanceList": schema_openshift_api_template_v1_BrokerTemplateInstanceList(ref), + "github.com/openshift/api/template/v1.BrokerTemplateInstanceSpec": schema_openshift_api_template_v1_BrokerTemplateInstanceSpec(ref), + "github.com/openshift/api/template/v1.Parameter": schema_openshift_api_template_v1_Parameter(ref), + "github.com/openshift/api/template/v1.Template": schema_openshift_api_template_v1_Template(ref), + "github.com/openshift/api/template/v1.TemplateInstance": schema_openshift_api_template_v1_TemplateInstance(ref), + "github.com/openshift/api/template/v1.TemplateInstanceCondition": schema_openshift_api_template_v1_TemplateInstanceCondition(ref), + "github.com/openshift/api/template/v1.TemplateInstanceList": schema_openshift_api_template_v1_TemplateInstanceList(ref), + "github.com/openshift/api/template/v1.TemplateInstanceObject": schema_openshift_api_template_v1_TemplateInstanceObject(ref), + "github.com/openshift/api/template/v1.TemplateInstanceRequester": schema_openshift_api_template_v1_TemplateInstanceRequester(ref), + "github.com/openshift/api/template/v1.TemplateInstanceSpec": schema_openshift_api_template_v1_TemplateInstanceSpec(ref), + "github.com/openshift/api/template/v1.TemplateInstanceStatus": schema_openshift_api_template_v1_TemplateInstanceStatus(ref), + "github.com/openshift/api/template/v1.TemplateList": schema_openshift_api_template_v1_TemplateList(ref), + "github.com/openshift/api/user/v1.Group": schema_openshift_api_user_v1_Group(ref), + "github.com/openshift/api/user/v1.GroupList": schema_openshift_api_user_v1_GroupList(ref), + "github.com/openshift/api/user/v1.Identity": schema_openshift_api_user_v1_Identity(ref), + "github.com/openshift/api/user/v1.IdentityList": schema_openshift_api_user_v1_IdentityList(ref), + "github.com/openshift/api/user/v1.User": schema_openshift_api_user_v1_User(ref), + "github.com/openshift/api/user/v1.UserIdentityMapping": schema_openshift_api_user_v1_UserIdentityMapping(ref), + "github.com/openshift/api/user/v1.UserList": schema_openshift_api_user_v1_UserList(ref), + v1.AuditAnnotation{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_AuditAnnotation(ref), + v1.ExpressionWarning{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ExpressionWarning(ref), + v1.MatchCondition{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_MatchCondition(ref), + v1.MatchResources{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_MatchResources(ref), + v1.MutatingWebhook{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_MutatingWebhook(ref), + v1.MutatingWebhookConfiguration{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_MutatingWebhookConfiguration(ref), + v1.MutatingWebhookConfigurationList{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_MutatingWebhookConfigurationList(ref), + v1.NamedRuleWithOperations{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_NamedRuleWithOperations(ref), + v1.ParamKind{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ParamKind(ref), + v1.ParamRef{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ParamRef(ref), + v1.Rule{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_Rule(ref), + v1.RuleWithOperations{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_RuleWithOperations(ref), + v1.ServiceReference{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ServiceReference(ref), + v1.TypeChecking{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_TypeChecking(ref), + v1.ValidatingAdmissionPolicy{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicy(ref), + v1.ValidatingAdmissionPolicyBinding{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyBinding(ref), + v1.ValidatingAdmissionPolicyBindingList{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyBindingList(ref), + v1.ValidatingAdmissionPolicyBindingSpec{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyBindingSpec(ref), + v1.ValidatingAdmissionPolicyList{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyList(ref), + v1.ValidatingAdmissionPolicySpec{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicySpec(ref), + v1.ValidatingAdmissionPolicyStatus{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyStatus(ref), + v1.ValidatingWebhook{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ValidatingWebhook(ref), + v1.ValidatingWebhookConfiguration{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ValidatingWebhookConfiguration(ref), + v1.ValidatingWebhookConfigurationList{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_ValidatingWebhookConfigurationList(ref), + v1.Validation{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_Validation(ref), + v1.Variable{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_Variable(ref), + v1.WebhookClientConfig{}.OpenAPIModelName(): schema_k8sio_api_admissionregistration_v1_WebhookClientConfig(ref), + authorizationv1.FieldSelectorAttributes{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_FieldSelectorAttributes(ref), + authorizationv1.LabelSelectorAttributes{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_LabelSelectorAttributes(ref), + authorizationv1.LocalSubjectAccessReview{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_LocalSubjectAccessReview(ref), + authorizationv1.NonResourceAttributes{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_NonResourceAttributes(ref), + authorizationv1.NonResourceRule{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_NonResourceRule(ref), + authorizationv1.ResourceAttributes{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_ResourceAttributes(ref), + authorizationv1.ResourceRule{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_ResourceRule(ref), + authorizationv1.SelfSubjectAccessReview{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_SelfSubjectAccessReview(ref), + authorizationv1.SelfSubjectAccessReviewSpec{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_SelfSubjectAccessReviewSpec(ref), + authorizationv1.SelfSubjectRulesReview{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_SelfSubjectRulesReview(ref), + authorizationv1.SelfSubjectRulesReviewSpec{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_SelfSubjectRulesReviewSpec(ref), + authorizationv1.SubjectAccessReview{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_SubjectAccessReview(ref), + authorizationv1.SubjectAccessReviewSpec{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_SubjectAccessReviewSpec(ref), + authorizationv1.SubjectAccessReviewStatus{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_SubjectAccessReviewStatus(ref), + authorizationv1.SubjectRulesReviewStatus{}.OpenAPIModelName(): schema_k8sio_api_authorization_v1_SubjectRulesReviewStatus(ref), + corev1.AWSElasticBlockStoreVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_AWSElasticBlockStoreVolumeSource(ref), + corev1.Affinity{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Affinity(ref), + corev1.AppArmorProfile{}.OpenAPIModelName(): schema_k8sio_api_core_v1_AppArmorProfile(ref), + corev1.AttachedVolume{}.OpenAPIModelName(): schema_k8sio_api_core_v1_AttachedVolume(ref), + corev1.AvoidPods{}.OpenAPIModelName(): schema_k8sio_api_core_v1_AvoidPods(ref), + corev1.AzureDiskVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_AzureDiskVolumeSource(ref), + corev1.AzureFilePersistentVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_AzureFilePersistentVolumeSource(ref), + corev1.AzureFileVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_AzureFileVolumeSource(ref), + corev1.Binding{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Binding(ref), + corev1.CSIPersistentVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_CSIPersistentVolumeSource(ref), + corev1.CSIVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_CSIVolumeSource(ref), + corev1.Capabilities{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Capabilities(ref), + corev1.CephFSPersistentVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_CephFSPersistentVolumeSource(ref), + corev1.CephFSVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_CephFSVolumeSource(ref), + corev1.CinderPersistentVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_CinderPersistentVolumeSource(ref), + corev1.CinderVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_CinderVolumeSource(ref), + corev1.ClientIPConfig{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ClientIPConfig(ref), + corev1.ClusterTrustBundleProjection{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ClusterTrustBundleProjection(ref), + corev1.ComponentCondition{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ComponentCondition(ref), + corev1.ComponentStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ComponentStatus(ref), + corev1.ComponentStatusList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ComponentStatusList(ref), + corev1.ConfigMap{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ConfigMap(ref), + corev1.ConfigMapEnvSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ConfigMapEnvSource(ref), + corev1.ConfigMapKeySelector{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ConfigMapKeySelector(ref), + corev1.ConfigMapList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ConfigMapList(ref), + corev1.ConfigMapNodeConfigSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ConfigMapNodeConfigSource(ref), + corev1.ConfigMapProjection{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ConfigMapProjection(ref), + corev1.ConfigMapVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ConfigMapVolumeSource(ref), + corev1.Container{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Container(ref), + corev1.ContainerExtendedResourceRequest{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ContainerExtendedResourceRequest(ref), + corev1.ContainerImage{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ContainerImage(ref), + corev1.ContainerPort{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ContainerPort(ref), + corev1.ContainerResizePolicy{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ContainerResizePolicy(ref), + corev1.ContainerRestartRule{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ContainerRestartRule(ref), + corev1.ContainerRestartRuleOnExitCodes{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ContainerRestartRuleOnExitCodes(ref), + corev1.ContainerState{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ContainerState(ref), + corev1.ContainerStateRunning{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ContainerStateRunning(ref), + corev1.ContainerStateTerminated{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ContainerStateTerminated(ref), + corev1.ContainerStateWaiting{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ContainerStateWaiting(ref), + corev1.ContainerStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ContainerStatus(ref), + corev1.ContainerUser{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ContainerUser(ref), + corev1.DaemonEndpoint{}.OpenAPIModelName(): schema_k8sio_api_core_v1_DaemonEndpoint(ref), + corev1.DownwardAPIProjection{}.OpenAPIModelName(): schema_k8sio_api_core_v1_DownwardAPIProjection(ref), + corev1.DownwardAPIVolumeFile{}.OpenAPIModelName(): schema_k8sio_api_core_v1_DownwardAPIVolumeFile(ref), + corev1.DownwardAPIVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_DownwardAPIVolumeSource(ref), + corev1.EmptyDirVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EmptyDirVolumeSource(ref), + corev1.EndpointAddress{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EndpointAddress(ref), + corev1.EndpointPort{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EndpointPort(ref), + corev1.EndpointSubset{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EndpointSubset(ref), + corev1.Endpoints{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Endpoints(ref), + corev1.EndpointsList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EndpointsList(ref), + corev1.EnvFromSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EnvFromSource(ref), + corev1.EnvVar{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EnvVar(ref), + corev1.EnvVarSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EnvVarSource(ref), + corev1.EphemeralContainer{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EphemeralContainer(ref), + corev1.EphemeralContainerCommon{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EphemeralContainerCommon(ref), + corev1.EphemeralVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EphemeralVolumeSource(ref), + corev1.Event{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Event(ref), + corev1.EventList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EventList(ref), + corev1.EventSeries{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EventSeries(ref), + corev1.EventSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_EventSource(ref), + corev1.ExecAction{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ExecAction(ref), + corev1.FCVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_FCVolumeSource(ref), + corev1.FileKeySelector{}.OpenAPIModelName(): schema_k8sio_api_core_v1_FileKeySelector(ref), + corev1.FlexPersistentVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_FlexPersistentVolumeSource(ref), + corev1.FlexVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_FlexVolumeSource(ref), + corev1.FlockerVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_FlockerVolumeSource(ref), + corev1.GCEPersistentDiskVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_GCEPersistentDiskVolumeSource(ref), + corev1.GRPCAction{}.OpenAPIModelName(): schema_k8sio_api_core_v1_GRPCAction(ref), + corev1.GitRepoVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_GitRepoVolumeSource(ref), + corev1.GlusterfsPersistentVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_GlusterfsPersistentVolumeSource(ref), + corev1.GlusterfsVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_GlusterfsVolumeSource(ref), + corev1.HTTPGetAction{}.OpenAPIModelName(): schema_k8sio_api_core_v1_HTTPGetAction(ref), + corev1.HTTPHeader{}.OpenAPIModelName(): schema_k8sio_api_core_v1_HTTPHeader(ref), + corev1.HostAlias{}.OpenAPIModelName(): schema_k8sio_api_core_v1_HostAlias(ref), + corev1.HostIP{}.OpenAPIModelName(): schema_k8sio_api_core_v1_HostIP(ref), + corev1.HostPathVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_HostPathVolumeSource(ref), + corev1.ISCSIPersistentVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ISCSIPersistentVolumeSource(ref), + corev1.ISCSIVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ISCSIVolumeSource(ref), + corev1.ImageVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ImageVolumeSource(ref), + corev1.KeyToPath{}.OpenAPIModelName(): schema_k8sio_api_core_v1_KeyToPath(ref), + corev1.Lifecycle{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Lifecycle(ref), + corev1.LifecycleHandler{}.OpenAPIModelName(): schema_k8sio_api_core_v1_LifecycleHandler(ref), + corev1.LimitRange{}.OpenAPIModelName(): schema_k8sio_api_core_v1_LimitRange(ref), + corev1.LimitRangeItem{}.OpenAPIModelName(): schema_k8sio_api_core_v1_LimitRangeItem(ref), + corev1.LimitRangeList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_LimitRangeList(ref), + corev1.LimitRangeSpec{}.OpenAPIModelName(): schema_k8sio_api_core_v1_LimitRangeSpec(ref), + corev1.LinuxContainerUser{}.OpenAPIModelName(): schema_k8sio_api_core_v1_LinuxContainerUser(ref), + corev1.List{}.OpenAPIModelName(): schema_k8sio_api_core_v1_List(ref), + corev1.LoadBalancerIngress{}.OpenAPIModelName(): schema_k8sio_api_core_v1_LoadBalancerIngress(ref), + corev1.LoadBalancerStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_LoadBalancerStatus(ref), + corev1.LocalObjectReference{}.OpenAPIModelName(): schema_k8sio_api_core_v1_LocalObjectReference(ref), + corev1.LocalVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_LocalVolumeSource(ref), + corev1.ModifyVolumeStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ModifyVolumeStatus(ref), + corev1.NFSVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NFSVolumeSource(ref), + corev1.Namespace{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Namespace(ref), + corev1.NamespaceCondition{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NamespaceCondition(ref), + corev1.NamespaceList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NamespaceList(ref), + corev1.NamespaceSpec{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NamespaceSpec(ref), + corev1.NamespaceStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NamespaceStatus(ref), + corev1.Node{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Node(ref), + corev1.NodeAddress{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeAddress(ref), + corev1.NodeAffinity{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeAffinity(ref), + corev1.NodeCondition{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeCondition(ref), + corev1.NodeConfigSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeConfigSource(ref), + corev1.NodeConfigStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeConfigStatus(ref), + corev1.NodeDaemonEndpoints{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeDaemonEndpoints(ref), + corev1.NodeFeatures{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeFeatures(ref), + corev1.NodeList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeList(ref), + corev1.NodeProxyOptions{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeProxyOptions(ref), + corev1.NodeRuntimeHandler{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeRuntimeHandler(ref), + corev1.NodeRuntimeHandlerFeatures{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeRuntimeHandlerFeatures(ref), + corev1.NodeSelector{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeSelector(ref), + corev1.NodeSelectorRequirement{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeSelectorRequirement(ref), + corev1.NodeSelectorTerm{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeSelectorTerm(ref), + corev1.NodeSpec{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeSpec(ref), + corev1.NodeStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeStatus(ref), + corev1.NodeSwapStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeSwapStatus(ref), + corev1.NodeSystemInfo{}.OpenAPIModelName(): schema_k8sio_api_core_v1_NodeSystemInfo(ref), + corev1.ObjectFieldSelector{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ObjectFieldSelector(ref), + corev1.ObjectReference{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ObjectReference(ref), + corev1.PersistentVolume{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PersistentVolume(ref), + corev1.PersistentVolumeClaim{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PersistentVolumeClaim(ref), + corev1.PersistentVolumeClaimCondition{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PersistentVolumeClaimCondition(ref), + corev1.PersistentVolumeClaimList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PersistentVolumeClaimList(ref), + corev1.PersistentVolumeClaimSpec{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PersistentVolumeClaimSpec(ref), + corev1.PersistentVolumeClaimStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PersistentVolumeClaimStatus(ref), + corev1.PersistentVolumeClaimTemplate{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PersistentVolumeClaimTemplate(ref), + corev1.PersistentVolumeClaimVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PersistentVolumeClaimVolumeSource(ref), + corev1.PersistentVolumeList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PersistentVolumeList(ref), + corev1.PersistentVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PersistentVolumeSource(ref), + corev1.PersistentVolumeSpec{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PersistentVolumeSpec(ref), + corev1.PersistentVolumeStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PersistentVolumeStatus(ref), + corev1.PhotonPersistentDiskVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PhotonPersistentDiskVolumeSource(ref), + corev1.Pod{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Pod(ref), + corev1.PodAffinity{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodAffinity(ref), + corev1.PodAffinityTerm{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodAffinityTerm(ref), + corev1.PodAntiAffinity{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodAntiAffinity(ref), + corev1.PodAttachOptions{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodAttachOptions(ref), + corev1.PodCertificateProjection{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodCertificateProjection(ref), + corev1.PodCondition{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodCondition(ref), + corev1.PodDNSConfig{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodDNSConfig(ref), + corev1.PodDNSConfigOption{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodDNSConfigOption(ref), + corev1.PodExecOptions{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodExecOptions(ref), + corev1.PodExtendedResourceClaimStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodExtendedResourceClaimStatus(ref), + corev1.PodIP{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodIP(ref), + corev1.PodList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodList(ref), + corev1.PodLogOptions{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodLogOptions(ref), + corev1.PodOS{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodOS(ref), + corev1.PodPortForwardOptions{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodPortForwardOptions(ref), + corev1.PodProxyOptions{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodProxyOptions(ref), + corev1.PodReadinessGate{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodReadinessGate(ref), + corev1.PodResourceClaim{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodResourceClaim(ref), + corev1.PodResourceClaimStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodResourceClaimStatus(ref), + corev1.PodSchedulingGate{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodSchedulingGate(ref), + corev1.PodSecurityContext{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodSecurityContext(ref), + corev1.PodSignature{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodSignature(ref), + corev1.PodSpec{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodSpec(ref), + corev1.PodStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodStatus(ref), + corev1.PodStatusResult{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodStatusResult(ref), + corev1.PodTemplate{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodTemplate(ref), + corev1.PodTemplateList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodTemplateList(ref), + corev1.PodTemplateSpec{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PodTemplateSpec(ref), + corev1.PortStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PortStatus(ref), + corev1.PortworxVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PortworxVolumeSource(ref), + corev1.PreferAvoidPodsEntry{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PreferAvoidPodsEntry(ref), + corev1.PreferredSchedulingTerm{}.OpenAPIModelName(): schema_k8sio_api_core_v1_PreferredSchedulingTerm(ref), + corev1.Probe{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Probe(ref), + corev1.ProbeHandler{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ProbeHandler(ref), + corev1.ProjectedVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ProjectedVolumeSource(ref), + corev1.QuobyteVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_QuobyteVolumeSource(ref), + corev1.RBDPersistentVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_RBDPersistentVolumeSource(ref), + corev1.RBDVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_RBDVolumeSource(ref), + corev1.RangeAllocation{}.OpenAPIModelName(): schema_k8sio_api_core_v1_RangeAllocation(ref), + corev1.ReplicationController{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ReplicationController(ref), + corev1.ReplicationControllerCondition{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ReplicationControllerCondition(ref), + corev1.ReplicationControllerList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ReplicationControllerList(ref), + corev1.ReplicationControllerSpec{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ReplicationControllerSpec(ref), + corev1.ReplicationControllerStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ReplicationControllerStatus(ref), + corev1.ResourceClaim{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ResourceClaim(ref), + corev1.ResourceFieldSelector{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ResourceFieldSelector(ref), + corev1.ResourceHealth{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ResourceHealth(ref), + corev1.ResourceQuota{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ResourceQuota(ref), + corev1.ResourceQuotaList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ResourceQuotaList(ref), + corev1.ResourceQuotaSpec{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ResourceQuotaSpec(ref), + corev1.ResourceQuotaStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ResourceQuotaStatus(ref), + corev1.ResourceRequirements{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ResourceRequirements(ref), + corev1.ResourceStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ResourceStatus(ref), + corev1.SELinuxOptions{}.OpenAPIModelName(): schema_k8sio_api_core_v1_SELinuxOptions(ref), + corev1.ScaleIOPersistentVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ScaleIOPersistentVolumeSource(ref), + corev1.ScaleIOVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ScaleIOVolumeSource(ref), + corev1.ScopeSelector{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ScopeSelector(ref), + corev1.ScopedResourceSelectorRequirement{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ScopedResourceSelectorRequirement(ref), + corev1.SeccompProfile{}.OpenAPIModelName(): schema_k8sio_api_core_v1_SeccompProfile(ref), + corev1.Secret{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Secret(ref), + corev1.SecretEnvSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_SecretEnvSource(ref), + corev1.SecretKeySelector{}.OpenAPIModelName(): schema_k8sio_api_core_v1_SecretKeySelector(ref), + corev1.SecretList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_SecretList(ref), + corev1.SecretProjection{}.OpenAPIModelName(): schema_k8sio_api_core_v1_SecretProjection(ref), + corev1.SecretReference{}.OpenAPIModelName(): schema_k8sio_api_core_v1_SecretReference(ref), + corev1.SecretVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_SecretVolumeSource(ref), + corev1.SecurityContext{}.OpenAPIModelName(): schema_k8sio_api_core_v1_SecurityContext(ref), + corev1.SerializedReference{}.OpenAPIModelName(): schema_k8sio_api_core_v1_SerializedReference(ref), + corev1.Service{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Service(ref), + corev1.ServiceAccount{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ServiceAccount(ref), + corev1.ServiceAccountList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ServiceAccountList(ref), + corev1.ServiceAccountTokenProjection{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ServiceAccountTokenProjection(ref), + corev1.ServiceList{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ServiceList(ref), + corev1.ServicePort{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ServicePort(ref), + corev1.ServiceProxyOptions{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ServiceProxyOptions(ref), + corev1.ServiceSpec{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ServiceSpec(ref), + corev1.ServiceStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_ServiceStatus(ref), + corev1.SessionAffinityConfig{}.OpenAPIModelName(): schema_k8sio_api_core_v1_SessionAffinityConfig(ref), + corev1.SleepAction{}.OpenAPIModelName(): schema_k8sio_api_core_v1_SleepAction(ref), + corev1.StorageOSPersistentVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_StorageOSPersistentVolumeSource(ref), + corev1.StorageOSVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_StorageOSVolumeSource(ref), + corev1.Sysctl{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Sysctl(ref), + corev1.TCPSocketAction{}.OpenAPIModelName(): schema_k8sio_api_core_v1_TCPSocketAction(ref), + corev1.Taint{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Taint(ref), + corev1.Toleration{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Toleration(ref), + corev1.TopologySelectorLabelRequirement{}.OpenAPIModelName(): schema_k8sio_api_core_v1_TopologySelectorLabelRequirement(ref), + corev1.TopologySelectorTerm{}.OpenAPIModelName(): schema_k8sio_api_core_v1_TopologySelectorTerm(ref), + corev1.TopologySpreadConstraint{}.OpenAPIModelName(): schema_k8sio_api_core_v1_TopologySpreadConstraint(ref), + corev1.TypedLocalObjectReference{}.OpenAPIModelName(): schema_k8sio_api_core_v1_TypedLocalObjectReference(ref), + corev1.TypedObjectReference{}.OpenAPIModelName(): schema_k8sio_api_core_v1_TypedObjectReference(ref), + corev1.Volume{}.OpenAPIModelName(): schema_k8sio_api_core_v1_Volume(ref), + corev1.VolumeDevice{}.OpenAPIModelName(): schema_k8sio_api_core_v1_VolumeDevice(ref), + corev1.VolumeMount{}.OpenAPIModelName(): schema_k8sio_api_core_v1_VolumeMount(ref), + corev1.VolumeMountStatus{}.OpenAPIModelName(): schema_k8sio_api_core_v1_VolumeMountStatus(ref), + corev1.VolumeNodeAffinity{}.OpenAPIModelName(): schema_k8sio_api_core_v1_VolumeNodeAffinity(ref), + corev1.VolumeProjection{}.OpenAPIModelName(): schema_k8sio_api_core_v1_VolumeProjection(ref), + corev1.VolumeResourceRequirements{}.OpenAPIModelName(): schema_k8sio_api_core_v1_VolumeResourceRequirements(ref), + corev1.VolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_VolumeSource(ref), + corev1.VsphereVirtualDiskVolumeSource{}.OpenAPIModelName(): schema_k8sio_api_core_v1_VsphereVirtualDiskVolumeSource(ref), + corev1.WeightedPodAffinityTerm{}.OpenAPIModelName(): schema_k8sio_api_core_v1_WeightedPodAffinityTerm(ref), + corev1.WindowsSecurityContextOptions{}.OpenAPIModelName(): schema_k8sio_api_core_v1_WindowsSecurityContextOptions(ref), + corev1.WorkloadReference{}.OpenAPIModelName(): schema_k8sio_api_core_v1_WorkloadReference(ref), + rbacv1.AggregationRule{}.OpenAPIModelName(): schema_k8sio_api_rbac_v1_AggregationRule(ref), + rbacv1.ClusterRole{}.OpenAPIModelName(): schema_k8sio_api_rbac_v1_ClusterRole(ref), + rbacv1.ClusterRoleBinding{}.OpenAPIModelName(): schema_k8sio_api_rbac_v1_ClusterRoleBinding(ref), + rbacv1.ClusterRoleBindingList{}.OpenAPIModelName(): schema_k8sio_api_rbac_v1_ClusterRoleBindingList(ref), + rbacv1.ClusterRoleList{}.OpenAPIModelName(): schema_k8sio_api_rbac_v1_ClusterRoleList(ref), + rbacv1.PolicyRule{}.OpenAPIModelName(): schema_k8sio_api_rbac_v1_PolicyRule(ref), + rbacv1.Role{}.OpenAPIModelName(): schema_k8sio_api_rbac_v1_Role(ref), + rbacv1.RoleBinding{}.OpenAPIModelName(): schema_k8sio_api_rbac_v1_RoleBinding(ref), + rbacv1.RoleBindingList{}.OpenAPIModelName(): schema_k8sio_api_rbac_v1_RoleBindingList(ref), + rbacv1.RoleList{}.OpenAPIModelName(): schema_k8sio_api_rbac_v1_RoleList(ref), + rbacv1.RoleRef{}.OpenAPIModelName(): schema_k8sio_api_rbac_v1_RoleRef(ref), + rbacv1.Subject{}.OpenAPIModelName(): schema_k8sio_api_rbac_v1_Subject(ref), + resource.Quantity{}.OpenAPIModelName(): schema_apimachinery_pkg_api_resource_Quantity(ref), + metav1.APIGroup{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_APIGroup(ref), + metav1.APIGroupList{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_APIGroupList(ref), + metav1.APIResource{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_APIResource(ref), + metav1.APIResourceList{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_APIResourceList(ref), + metav1.APIVersions{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_APIVersions(ref), + metav1.ApplyOptions{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_ApplyOptions(ref), + metav1.Condition{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_Condition(ref), + metav1.CreateOptions{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_CreateOptions(ref), + metav1.DeleteOptions{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_DeleteOptions(ref), + metav1.Duration{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_Duration(ref), + metav1.FieldSelectorRequirement{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_FieldSelectorRequirement(ref), + metav1.FieldsV1{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_FieldsV1(ref), + metav1.GetOptions{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_GetOptions(ref), + metav1.GroupKind{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_GroupKind(ref), + metav1.GroupResource{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_GroupResource(ref), + metav1.GroupVersion{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_GroupVersion(ref), + metav1.GroupVersionForDiscovery{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_GroupVersionForDiscovery(ref), + metav1.GroupVersionKind{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_GroupVersionKind(ref), + metav1.GroupVersionResource{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_GroupVersionResource(ref), + metav1.InternalEvent{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_InternalEvent(ref), + metav1.LabelSelector{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_LabelSelector(ref), + metav1.LabelSelectorRequirement{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_LabelSelectorRequirement(ref), + metav1.List{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_List(ref), + metav1.ListMeta{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_ListMeta(ref), + metav1.ListOptions{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_ListOptions(ref), + metav1.ManagedFieldsEntry{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_ManagedFieldsEntry(ref), + metav1.MicroTime{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_MicroTime(ref), + metav1.ObjectMeta{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_ObjectMeta(ref), + metav1.OwnerReference{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_OwnerReference(ref), + metav1.PartialObjectMetadata{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_PartialObjectMetadata(ref), + metav1.PartialObjectMetadataList{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_PartialObjectMetadataList(ref), + metav1.Patch{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_Patch(ref), + metav1.PatchOptions{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_PatchOptions(ref), + metav1.Preconditions{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_Preconditions(ref), + metav1.RootPaths{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_RootPaths(ref), + metav1.ServerAddressByClientCIDR{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_ServerAddressByClientCIDR(ref), + metav1.Status{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_Status(ref), + metav1.StatusCause{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_StatusCause(ref), + metav1.StatusDetails{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_StatusDetails(ref), + metav1.Table{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_Table(ref), + metav1.TableColumnDefinition{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_TableColumnDefinition(ref), + metav1.TableOptions{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_TableOptions(ref), + metav1.TableRow{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_TableRow(ref), + metav1.TableRowCondition{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_TableRowCondition(ref), + metav1.Time{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_Time(ref), + metav1.Timestamp{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_Timestamp(ref), + metav1.TypeMeta{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_TypeMeta(ref), + metav1.UpdateOptions{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_UpdateOptions(ref), + metav1.WatchEvent{}.OpenAPIModelName(): schema_pkg_apis_meta_v1_WatchEvent(ref), + runtime.RawExtension{}.OpenAPIModelName(): schema_k8sio_apimachinery_pkg_runtime_RawExtension(ref), + runtime.TypeMeta{}.OpenAPIModelName(): schema_k8sio_apimachinery_pkg_runtime_TypeMeta(ref), + runtime.Unknown{}.OpenAPIModelName(): schema_k8sio_apimachinery_pkg_runtime_Unknown(ref), + intstr.IntOrString{}.OpenAPIModelName(): schema_apimachinery_pkg_util_intstr_IntOrString(ref), } } @@ -1741,7 +1765,7 @@ func schema_openshift_api_apiextensions_v1alpha1_APIExcludedField(ref common.Ref }, }, }, - Required: []string{"path"}, + Required: []string{"path", "versions"}, }, }, } @@ -1841,7 +1865,7 @@ func schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirement(ref co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -1863,7 +1887,7 @@ func schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirement(ref co }, }, Dependencies: []string{ - "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirementSpec", "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirementStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirementSpec", "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirementStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -1892,7 +1916,7 @@ func schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirementList(re SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -1913,7 +1937,7 @@ func schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirementList(re }, }, Dependencies: []string{ - "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirement", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/apiextensions/v1alpha1.CompatibilityRequirement", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -1977,7 +2001,7 @@ func schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirementStatus( Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -2001,7 +2025,7 @@ func schema_openshift_api_apiextensions_v1alpha1_CompatibilityRequirementStatus( }, }, Dependencies: []string{ - "github.com/openshift/api/apiextensions/v1alpha1.ObservedCRD", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + "github.com/openshift/api/apiextensions/v1alpha1.ObservedCRD", metav1.Condition{}.OpenAPIModelName()}, } } @@ -2033,7 +2057,7 @@ func schema_openshift_api_apiextensions_v1alpha1_CompatibilitySchema(ref common. }, }, SchemaProps: spec.SchemaProps{ - Description: "excludedFields is a set of fields in the schema which will not be validated by crdSchemaValidation or objectSchemaValidation. The list may contain at most 64 fields. When not specified, all fields in the schema will be validated.", + Description: "excludedFields is a set of fields in the schema which will not be validated by crdSchemaValidation or objectSchemaValidation. The list may contain at most 64 fields. Each path in the list must be unique. When not specified, all fields in the schema will be validated.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -2095,14 +2119,14 @@ func schema_openshift_api_apiextensions_v1alpha1_ObjectSchemaValidation(ref comm SchemaProps: spec.SchemaProps{ Description: "namespaceSelector defines a label selector for namespaces. If defined, only objects in a namespace with matching labels will be subject to validation. When not specified, objects for validation will not be filtered by namespace.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, "objectSelector": { SchemaProps: spec.SchemaProps{ Description: "objectSelector defines a label selector for objects. If defined, only objects with matching labels will be subject to validation. When not specified, objects for validation will not be filtered by label.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, "matchConditions": { @@ -2121,7 +2145,7 @@ func schema_openshift_api_apiextensions_v1alpha1_ObjectSchemaValidation(ref comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/admissionregistration/v1.MatchCondition"), + Ref: ref(v1.MatchCondition{}.OpenAPIModelName()), }, }, }, @@ -2132,7 +2156,7 @@ func schema_openshift_api_apiextensions_v1alpha1_ObjectSchemaValidation(ref comm }, }, Dependencies: []string{ - "k8s.io/api/admissionregistration/v1.MatchCondition", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + v1.MatchCondition{}.OpenAPIModelName(), metav1.LabelSelector{}.OpenAPIModelName()}, } } @@ -2189,7 +2213,7 @@ func schema_openshift_api_apiserver_v1_APIRequestCount(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -2211,7 +2235,7 @@ func schema_openshift_api_apiserver_v1_APIRequestCount(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/apiserver/v1.APIRequestCountSpec", "github.com/openshift/api/apiserver/v1.APIRequestCountStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/apiserver/v1.APIRequestCountSpec", "github.com/openshift/api/apiserver/v1.APIRequestCountStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -2240,7 +2264,7 @@ func schema_openshift_api_apiserver_v1_APIRequestCountList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -2261,7 +2285,7 @@ func schema_openshift_api_apiserver_v1_APIRequestCountList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/apiserver/v1.APIRequestCount", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/apiserver/v1.APIRequestCount", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -2307,7 +2331,7 @@ func schema_openshift_api_apiserver_v1_APIRequestCountStatus(ref common.Referenc Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -2354,7 +2378,7 @@ func schema_openshift_api_apiserver_v1_APIRequestCountStatus(ref common.Referenc }, }, Dependencies: []string{ - "github.com/openshift/api/apiserver/v1.PerResourceAPIRequestLog", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + "github.com/openshift/api/apiserver/v1.PerResourceAPIRequestLog", metav1.Condition{}.OpenAPIModelName()}, } } @@ -2548,7 +2572,7 @@ func schema_openshift_api_apps_v1_CustomDeploymentStrategyParams(ref common.Refe Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.EnvVar"), + Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), }, }, }, @@ -2573,7 +2597,7 @@ func schema_openshift_api_apps_v1_CustomDeploymentStrategyParams(ref common.Refe }, }, Dependencies: []string{ - "k8s.io/api/core/v1.EnvVar"}, + corev1.EnvVar{}.OpenAPIModelName()}, } } @@ -2618,7 +2642,7 @@ func schema_openshift_api_apps_v1_DeploymentCauseImageTrigger(ref common.Referen SchemaProps: spec.SchemaProps{ Description: "from is a reference to the changed object which triggered a deployment. The field may have the kinds DockerImage, ImageStreamTag, or ImageStreamImage.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, }, @@ -2626,7 +2650,7 @@ func schema_openshift_api_apps_v1_DeploymentCauseImageTrigger(ref common.Referen }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ObjectReference"}, + corev1.ObjectReference{}.OpenAPIModelName()}, } } @@ -2656,13 +2680,13 @@ func schema_openshift_api_apps_v1_DeploymentCondition(ref common.ReferenceCallba "lastUpdateTime": { SchemaProps: spec.SchemaProps{ Description: "The last time this condition was updated.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "The last time the condition transitioned from one status to another.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "reason": { @@ -2684,7 +2708,7 @@ func schema_openshift_api_apps_v1_DeploymentCondition(ref common.ReferenceCallba }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -2713,7 +2737,7 @@ func schema_openshift_api_apps_v1_DeploymentConfig(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -2735,7 +2759,7 @@ func schema_openshift_api_apps_v1_DeploymentConfig(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/apps/v1.DeploymentConfigSpec", "github.com/openshift/api/apps/v1.DeploymentConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/apps/v1.DeploymentConfigSpec", "github.com/openshift/api/apps/v1.DeploymentConfigStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -2764,7 +2788,7 @@ func schema_openshift_api_apps_v1_DeploymentConfigList(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -2786,7 +2810,7 @@ func schema_openshift_api_apps_v1_DeploymentConfigList(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/apps/v1.DeploymentConfig", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/apps/v1.DeploymentConfig", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -2862,7 +2886,7 @@ func schema_openshift_api_apps_v1_DeploymentConfigRollbackSpec(ref common.Refere SchemaProps: spec.SchemaProps{ Description: "from points to a ReplicationController which is a deployment.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, "revision": { @@ -2909,7 +2933,7 @@ func schema_openshift_api_apps_v1_DeploymentConfigRollbackSpec(ref common.Refere }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ObjectReference"}, + corev1.ObjectReference{}.OpenAPIModelName()}, } } @@ -2997,14 +3021,14 @@ func schema_openshift_api_apps_v1_DeploymentConfigSpec(ref common.ReferenceCallb "template": { SchemaProps: spec.SchemaProps{ Description: "template is the object that describes the pod that will be created if insufficient replicas are detected.", - Ref: ref("k8s.io/api/core/v1.PodTemplateSpec"), + Ref: ref(corev1.PodTemplateSpec{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/apps/v1.DeploymentStrategy", "github.com/openshift/api/apps/v1.DeploymentTriggerPolicy", "k8s.io/api/core/v1.PodTemplateSpec"}, + "github.com/openshift/api/apps/v1.DeploymentStrategy", "github.com/openshift/api/apps/v1.DeploymentTriggerPolicy", corev1.PodTemplateSpec{}.OpenAPIModelName()}, } } @@ -3220,7 +3244,7 @@ func schema_openshift_api_apps_v1_DeploymentLogOptions(ref common.ReferenceCallb "sinceTime": { SchemaProps: spec.SchemaProps{ Description: "An RFC3339 timestamp from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "timestamps": { @@ -3262,7 +3286,7 @@ func schema_openshift_api_apps_v1_DeploymentLogOptions(ref common.ReferenceCallb }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -3369,7 +3393,7 @@ func schema_openshift_api_apps_v1_DeploymentStrategy(ref common.ReferenceCallbac SchemaProps: spec.SchemaProps{ Description: "resources contains resource requirements to execute the deployment and any hooks.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), + Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), }, }, "labels": { @@ -3415,7 +3439,7 @@ func schema_openshift_api_apps_v1_DeploymentStrategy(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "github.com/openshift/api/apps/v1.CustomDeploymentStrategyParams", "github.com/openshift/api/apps/v1.RecreateDeploymentStrategyParams", "github.com/openshift/api/apps/v1.RollingDeploymentStrategyParams", "k8s.io/api/core/v1.ResourceRequirements"}, + "github.com/openshift/api/apps/v1.CustomDeploymentStrategyParams", "github.com/openshift/api/apps/v1.RecreateDeploymentStrategyParams", "github.com/openshift/api/apps/v1.RollingDeploymentStrategyParams", corev1.ResourceRequirements{}.OpenAPIModelName()}, } } @@ -3452,7 +3476,7 @@ func schema_openshift_api_apps_v1_DeploymentTriggerImageChangeParams(ref common. SchemaProps: spec.SchemaProps{ Description: "from is a reference to an image stream tag to watch for changes. From.Name is the only required subfield - if From.Namespace is blank, the namespace of the current deployment trigger will be used.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, "lastTriggeredImage": { @@ -3467,7 +3491,7 @@ func schema_openshift_api_apps_v1_DeploymentTriggerImageChangeParams(ref common. }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ObjectReference"}, + corev1.ObjectReference{}.OpenAPIModelName()}, } } @@ -3529,7 +3553,7 @@ func schema_openshift_api_apps_v1_ExecNewPodHook(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.EnvVar"), + Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), }, }, }, @@ -3563,7 +3587,7 @@ func schema_openshift_api_apps_v1_ExecNewPodHook(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - "k8s.io/api/core/v1.EnvVar"}, + corev1.EnvVar{}.OpenAPIModelName()}, } } @@ -3682,13 +3706,13 @@ func schema_openshift_api_apps_v1_RollingDeploymentStrategyParams(ref common.Ref "maxUnavailable": { SchemaProps: spec.SchemaProps{ Description: "maxUnavailable is the maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total pods at the start of update (ex: 10%). Absolute number is calculated from percentage by rounding down.\n\nThis cannot be 0 if MaxSurge is 0. By default, 25% is used.\n\nExample: when this is set to 30%, the old RC can be scaled down by 30% immediately when the rolling update starts. Once new pods are ready, old RC can be scaled down further, followed by scaling up the new RC, ensuring that at least 70% of original number of pods are available at all times during the update.", - Ref: ref("k8s.io/apimachinery/pkg/util/intstr.IntOrString"), + Ref: ref(intstr.IntOrString{}.OpenAPIModelName()), }, }, "maxSurge": { SchemaProps: spec.SchemaProps{ Description: "maxSurge is the maximum number of pods that can be scheduled above the original number of pods. Value can be an absolute number (ex: 5) or a percentage of total pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up.\n\nThis cannot be 0 if MaxUnavailable is 0. By default, 25% is used.\n\nExample: when this is set to 30%, the new RC can be scaled up by 30% immediately when the rolling update starts. Once old pods have been killed, new RC can be scaled up further, ensuring that total number of pods running at any time during the update is atmost 130% of original pods.", - Ref: ref("k8s.io/apimachinery/pkg/util/intstr.IntOrString"), + Ref: ref(intstr.IntOrString{}.OpenAPIModelName()), }, }, "pre": { @@ -3707,7 +3731,7 @@ func schema_openshift_api_apps_v1_RollingDeploymentStrategyParams(ref common.Ref }, }, Dependencies: []string{ - "github.com/openshift/api/apps/v1.LifecycleHook", "k8s.io/apimachinery/pkg/util/intstr.IntOrString"}, + "github.com/openshift/api/apps/v1.LifecycleHook", intstr.IntOrString{}.OpenAPIModelName()}, } } @@ -3730,7 +3754,7 @@ func schema_openshift_api_apps_v1_TagImageHook(ref common.ReferenceCallback) com SchemaProps: spec.SchemaProps{ Description: "to is the target ImageStreamTag to set the container's image onto.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, }, @@ -3738,7 +3762,7 @@ func schema_openshift_api_apps_v1_TagImageHook(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ObjectReference"}, + corev1.ObjectReference{}.OpenAPIModelName()}, } } @@ -3816,7 +3840,7 @@ func schema_openshift_api_authorization_v1_Action(ref common.ReferenceCallback) "content": { SchemaProps: spec.SchemaProps{ Description: "content is the actual content of the request for create and update", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, @@ -3824,7 +3848,7 @@ func schema_openshift_api_authorization_v1_Action(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -3853,7 +3877,7 @@ func schema_openshift_api_authorization_v1_ClusterRole(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "rules": { @@ -3873,7 +3897,7 @@ func schema_openshift_api_authorization_v1_ClusterRole(ref common.ReferenceCallb "aggregationRule": { SchemaProps: spec.SchemaProps{ Description: "aggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller.", - Ref: ref("k8s.io/api/rbac/v1.AggregationRule"), + Ref: ref(rbacv1.AggregationRule{}.OpenAPIModelName()), }, }, }, @@ -3881,7 +3905,7 @@ func schema_openshift_api_authorization_v1_ClusterRole(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/authorization/v1.PolicyRule", "k8s.io/api/rbac/v1.AggregationRule", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/authorization/v1.PolicyRule", rbacv1.AggregationRule{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -3910,7 +3934,7 @@ func schema_openshift_api_authorization_v1_ClusterRoleBinding(ref common.Referen SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "userNames": { @@ -3951,7 +3975,7 @@ func schema_openshift_api_authorization_v1_ClusterRoleBinding(ref common.Referen Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, }, @@ -3961,7 +3985,7 @@ func schema_openshift_api_authorization_v1_ClusterRoleBinding(ref common.Referen SchemaProps: spec.SchemaProps{ Description: "roleRef can only reference the current namespace and the global namespace. If the ClusterRoleRef cannot be resolved, the Authorizer must return an error. Since Policy is a singleton, this is sufficient knowledge to locate a role.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, }, @@ -3969,7 +3993,7 @@ func schema_openshift_api_authorization_v1_ClusterRoleBinding(ref common.Referen }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + corev1.ObjectReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -3998,7 +4022,7 @@ func schema_openshift_api_authorization_v1_ClusterRoleBindingList(ref common.Ref SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -4020,7 +4044,7 @@ func schema_openshift_api_authorization_v1_ClusterRoleBindingList(ref common.Ref }, }, Dependencies: []string{ - "github.com/openshift/api/authorization/v1.ClusterRoleBinding", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/authorization/v1.ClusterRoleBinding", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -4049,7 +4073,7 @@ func schema_openshift_api_authorization_v1_ClusterRoleList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -4071,7 +4095,7 @@ func schema_openshift_api_authorization_v1_ClusterRoleList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/authorization/v1.ClusterRole", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/authorization/v1.ClusterRole", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -4105,7 +4129,7 @@ func schema_openshift_api_authorization_v1_GroupRestriction(ref common.Reference Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, }, @@ -4116,7 +4140,7 @@ func schema_openshift_api_authorization_v1_GroupRestriction(ref common.Reference }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + metav1.LabelSelector{}.OpenAPIModelName()}, } } @@ -4172,7 +4196,7 @@ func schema_openshift_api_authorization_v1_LocalResourceAccessReview(ref common. SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "namespace": { @@ -4242,7 +4266,7 @@ func schema_openshift_api_authorization_v1_LocalResourceAccessReview(ref common. "content": { SchemaProps: spec.SchemaProps{ Description: "content is the actual content of the request for create and update", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, @@ -4250,7 +4274,7 @@ func schema_openshift_api_authorization_v1_LocalResourceAccessReview(ref common. }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + metav1.ObjectMeta{}.OpenAPIModelName(), runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -4279,7 +4303,7 @@ func schema_openshift_api_authorization_v1_LocalSubjectAccessReview(ref common.R SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "namespace": { @@ -4349,7 +4373,7 @@ func schema_openshift_api_authorization_v1_LocalSubjectAccessReview(ref common.R "content": { SchemaProps: spec.SchemaProps{ Description: "content is the actual content of the request for create and update", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "user": { @@ -4395,7 +4419,7 @@ func schema_openshift_api_authorization_v1_LocalSubjectAccessReview(ref common.R }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + metav1.ObjectMeta{}.OpenAPIModelName(), runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -4548,7 +4572,7 @@ func schema_openshift_api_authorization_v1_PolicyRule(ref common.ReferenceCallba "attributeRestrictions": { SchemaProps: spec.SchemaProps{ Description: "attributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder pair supports. If the Authorizer does not recognize how to handle the AttributeRestrictions, the Authorizer should report an error.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "apiGroups": { @@ -4616,7 +4640,7 @@ func schema_openshift_api_authorization_v1_PolicyRule(ref common.ReferenceCallba }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -4645,7 +4669,7 @@ func schema_openshift_api_authorization_v1_ResourceAccessReview(ref common.Refer SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "namespace": { @@ -4715,7 +4739,7 @@ func schema_openshift_api_authorization_v1_ResourceAccessReview(ref common.Refer "content": { SchemaProps: spec.SchemaProps{ Description: "content is the actual content of the request for create and update", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, @@ -4723,7 +4747,7 @@ func schema_openshift_api_authorization_v1_ResourceAccessReview(ref common.Refer }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + metav1.ObjectMeta{}.OpenAPIModelName(), runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -4825,7 +4849,7 @@ func schema_openshift_api_authorization_v1_Role(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "rules": { @@ -4847,7 +4871,7 @@ func schema_openshift_api_authorization_v1_Role(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/authorization/v1.PolicyRule", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/authorization/v1.PolicyRule", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -4876,7 +4900,7 @@ func schema_openshift_api_authorization_v1_RoleBinding(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "userNames": { @@ -4917,7 +4941,7 @@ func schema_openshift_api_authorization_v1_RoleBinding(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, }, @@ -4927,7 +4951,7 @@ func schema_openshift_api_authorization_v1_RoleBinding(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "roleRef can only reference the current namespace and the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. Since Policy is a singleton, this is sufficient knowledge to locate a role.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, }, @@ -4935,7 +4959,7 @@ func schema_openshift_api_authorization_v1_RoleBinding(ref common.ReferenceCallb }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + corev1.ObjectReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -4964,7 +4988,7 @@ func schema_openshift_api_authorization_v1_RoleBindingList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -4986,7 +5010,7 @@ func schema_openshift_api_authorization_v1_RoleBindingList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/authorization/v1.RoleBinding", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/authorization/v1.RoleBinding", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -5015,7 +5039,7 @@ func schema_openshift_api_authorization_v1_RoleBindingRestriction(ref common.Ref SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -5030,7 +5054,7 @@ func schema_openshift_api_authorization_v1_RoleBindingRestriction(ref common.Ref }, }, Dependencies: []string{ - "github.com/openshift/api/authorization/v1.RoleBindingRestrictionSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/authorization/v1.RoleBindingRestrictionSpec", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -5059,7 +5083,7 @@ func schema_openshift_api_authorization_v1_RoleBindingRestrictionList(ref common SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -5081,7 +5105,7 @@ func schema_openshift_api_authorization_v1_RoleBindingRestrictionList(ref common }, }, Dependencies: []string{ - "github.com/openshift/api/authorization/v1.RoleBindingRestriction", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/authorization/v1.RoleBindingRestriction", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -5144,7 +5168,7 @@ func schema_openshift_api_authorization_v1_RoleList(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -5166,7 +5190,7 @@ func schema_openshift_api_authorization_v1_RoleList(ref common.ReferenceCallback }, }, Dependencies: []string{ - "github.com/openshift/api/authorization/v1.Role", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/authorization/v1.Role", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -5195,7 +5219,7 @@ func schema_openshift_api_authorization_v1_SelfSubjectRulesReview(ref common.Ref SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -5217,7 +5241,7 @@ func schema_openshift_api_authorization_v1_SelfSubjectRulesReview(ref common.Ref }, }, Dependencies: []string{ - "github.com/openshift/api/authorization/v1.SelfSubjectRulesReviewSpec", "github.com/openshift/api/authorization/v1.SubjectRulesReviewStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/authorization/v1.SelfSubjectRulesReviewSpec", "github.com/openshift/api/authorization/v1.SubjectRulesReviewStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -5350,7 +5374,7 @@ func schema_openshift_api_authorization_v1_SubjectAccessReview(ref common.Refere SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "namespace": { @@ -5420,7 +5444,7 @@ func schema_openshift_api_authorization_v1_SubjectAccessReview(ref common.Refere "content": { SchemaProps: spec.SchemaProps{ Description: "content is the actual content of the request for create and update", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "user": { @@ -5466,7 +5490,7 @@ func schema_openshift_api_authorization_v1_SubjectAccessReview(ref common.Refere }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + metav1.ObjectMeta{}.OpenAPIModelName(), runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -5552,7 +5576,7 @@ func schema_openshift_api_authorization_v1_SubjectRulesReview(ref common.Referen SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -5574,7 +5598,7 @@ func schema_openshift_api_authorization_v1_SubjectRulesReview(ref common.Referen }, }, Dependencies: []string{ - "github.com/openshift/api/authorization/v1.SubjectRulesReviewSpec", "github.com/openshift/api/authorization/v1.SubjectRulesReviewStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/authorization/v1.SubjectRulesReviewSpec", "github.com/openshift/api/authorization/v1.SubjectRulesReviewStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -5711,7 +5735,7 @@ func schema_openshift_api_authorization_v1_UserRestriction(ref common.ReferenceC Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, }, @@ -5722,7 +5746,7 @@ func schema_openshift_api_authorization_v1_UserRestriction(ref common.ReferenceC }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + metav1.LabelSelector{}.OpenAPIModelName()}, } } @@ -5751,7 +5775,7 @@ func schema_openshift_api_build_v1_BinaryBuildRequestOptions(ref common.Referenc SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "asFile": { @@ -5807,7 +5831,7 @@ func schema_openshift_api_build_v1_BinaryBuildRequestOptions(ref common.Referenc }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -5884,7 +5908,7 @@ func schema_openshift_api_build_v1_Build(ref common.ReferenceCallback) common.Op SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -5905,7 +5929,7 @@ func schema_openshift_api_build_v1_Build(ref common.ReferenceCallback) common.Op }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.BuildSpec", "github.com/openshift/api/build/v1.BuildStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/build/v1.BuildSpec", "github.com/openshift/api/build/v1.BuildStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -5935,13 +5959,13 @@ func schema_openshift_api_build_v1_BuildCondition(ref common.ReferenceCallback) "lastUpdateTime": { SchemaProps: spec.SchemaProps{ Description: "The last time this condition was updated.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "The last time the condition transitioned from one status to another.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "reason": { @@ -5963,7 +5987,7 @@ func schema_openshift_api_build_v1_BuildCondition(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -5992,7 +6016,7 @@ func schema_openshift_api_build_v1_BuildConfig(ref common.ReferenceCallback) com SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -6014,7 +6038,7 @@ func schema_openshift_api_build_v1_BuildConfig(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.BuildConfigSpec", "github.com/openshift/api/build/v1.BuildConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/build/v1.BuildConfigSpec", "github.com/openshift/api/build/v1.BuildConfigStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -6043,7 +6067,7 @@ func schema_openshift_api_build_v1_BuildConfigList(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -6065,7 +6089,7 @@ func schema_openshift_api_build_v1_BuildConfigList(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.BuildConfig", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/build/v1.BuildConfig", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -6135,7 +6159,7 @@ func schema_openshift_api_build_v1_BuildConfigSpec(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "resources computes resource requirements to execute the build.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), + Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), }, }, "postCommit": { @@ -6194,7 +6218,7 @@ func schema_openshift_api_build_v1_BuildConfigSpec(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.BuildOutput", "github.com/openshift/api/build/v1.BuildPostCommitSpec", "github.com/openshift/api/build/v1.BuildSource", "github.com/openshift/api/build/v1.BuildStrategy", "github.com/openshift/api/build/v1.BuildTriggerPolicy", "github.com/openshift/api/build/v1.SourceRevision", "k8s.io/api/core/v1.ResourceRequirements"}, + "github.com/openshift/api/build/v1.BuildOutput", "github.com/openshift/api/build/v1.BuildPostCommitSpec", "github.com/openshift/api/build/v1.BuildSource", "github.com/openshift/api/build/v1.BuildStrategy", "github.com/openshift/api/build/v1.BuildTriggerPolicy", "github.com/openshift/api/build/v1.SourceRevision", corev1.ResourceRequirements{}.OpenAPIModelName()}, } } @@ -6260,7 +6284,7 @@ func schema_openshift_api_build_v1_BuildList(ref common.ReferenceCallback) commo SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -6282,7 +6306,7 @@ func schema_openshift_api_build_v1_BuildList(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.Build", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/build/v1.Build", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -6365,7 +6389,7 @@ func schema_openshift_api_build_v1_BuildLogOptions(ref common.ReferenceCallback) "sinceTime": { SchemaProps: spec.SchemaProps{ Description: "sinceTime is an RFC3339 timestamp from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "timestamps": { @@ -6414,7 +6438,7 @@ func schema_openshift_api_build_v1_BuildLogOptions(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -6428,13 +6452,13 @@ func schema_openshift_api_build_v1_BuildOutput(ref common.ReferenceCallback) com "to": { SchemaProps: spec.SchemaProps{ Description: "to defines an optional location to push the output of this build to. Kind must be one of 'ImageStreamTag' or 'DockerImage'. This value will be used to look up a container image repository to push to. In the case of an ImageStreamTag, the ImageStreamTag will be looked for in the namespace of the build unless Namespace is specified.", - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, "pushSecret": { SchemaProps: spec.SchemaProps{ Description: "pushSecret is the name of a Secret that would be used for setting up the authentication for executing the Docker push to authentication enabled Docker Registry (or Docker Hub).", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, "imageLabels": { @@ -6455,7 +6479,7 @@ func schema_openshift_api_build_v1_BuildOutput(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.ImageLabel", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.ObjectReference"}, + "github.com/openshift/api/build/v1.ImageLabel", corev1.LocalObjectReference{}.OpenAPIModelName(), corev1.ObjectReference{}.OpenAPIModelName()}, } } @@ -6534,7 +6558,7 @@ func schema_openshift_api_build_v1_BuildRequest(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "revision": { @@ -6546,13 +6570,13 @@ func schema_openshift_api_build_v1_BuildRequest(ref common.ReferenceCallback) co "triggeredByImage": { SchemaProps: spec.SchemaProps{ Description: "triggeredByImage is the Image that triggered this build.", - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, "from": { SchemaProps: spec.SchemaProps{ Description: "from is the reference to the ImageStreamTag that triggered the build.", - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, "binary": { @@ -6576,7 +6600,7 @@ func schema_openshift_api_build_v1_BuildRequest(ref common.ReferenceCallback) co Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.EnvVar"), + Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), }, }, }, @@ -6612,7 +6636,7 @@ func schema_openshift_api_build_v1_BuildRequest(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.BinaryBuildSource", "github.com/openshift/api/build/v1.BuildTriggerCause", "github.com/openshift/api/build/v1.DockerStrategyOptions", "github.com/openshift/api/build/v1.SourceRevision", "github.com/openshift/api/build/v1.SourceStrategyOptions", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/build/v1.BinaryBuildSource", "github.com/openshift/api/build/v1.BuildTriggerCause", "github.com/openshift/api/build/v1.DockerStrategyOptions", "github.com/openshift/api/build/v1.SourceRevision", "github.com/openshift/api/build/v1.SourceStrategyOptions", corev1.EnvVar{}.OpenAPIModelName(), corev1.ObjectReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -6673,7 +6697,7 @@ func schema_openshift_api_build_v1_BuildSource(ref common.ReferenceCallback) com "sourceSecret": { SchemaProps: spec.SchemaProps{ Description: "sourceSecret is the name of a Secret that would be used for setting up the authentication for cloning private repository. The secret contains valid credentials for remote repository, where the data's key represent the authentication method to be used and value is the base64 encoded credentials. Supported auth methods are: ssh-privatekey.", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, "secrets": { @@ -6708,7 +6732,7 @@ func schema_openshift_api_build_v1_BuildSource(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.BinaryBuildSource", "github.com/openshift/api/build/v1.ConfigMapBuildSource", "github.com/openshift/api/build/v1.GitBuildSource", "github.com/openshift/api/build/v1.ImageSource", "github.com/openshift/api/build/v1.SecretBuildSource", "k8s.io/api/core/v1.LocalObjectReference"}, + "github.com/openshift/api/build/v1.BinaryBuildSource", "github.com/openshift/api/build/v1.ConfigMapBuildSource", "github.com/openshift/api/build/v1.GitBuildSource", "github.com/openshift/api/build/v1.ImageSource", "github.com/openshift/api/build/v1.SecretBuildSource", corev1.LocalObjectReference{}.OpenAPIModelName()}, } } @@ -6757,7 +6781,7 @@ func schema_openshift_api_build_v1_BuildSpec(ref common.ReferenceCallback) commo SchemaProps: spec.SchemaProps{ Description: "resources computes resource requirements to execute the build.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), + Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), }, }, "postCommit": { @@ -6816,7 +6840,7 @@ func schema_openshift_api_build_v1_BuildSpec(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.BuildOutput", "github.com/openshift/api/build/v1.BuildPostCommitSpec", "github.com/openshift/api/build/v1.BuildSource", "github.com/openshift/api/build/v1.BuildStrategy", "github.com/openshift/api/build/v1.BuildTriggerCause", "github.com/openshift/api/build/v1.SourceRevision", "k8s.io/api/core/v1.ResourceRequirements"}, + "github.com/openshift/api/build/v1.BuildOutput", "github.com/openshift/api/build/v1.BuildPostCommitSpec", "github.com/openshift/api/build/v1.BuildSource", "github.com/openshift/api/build/v1.BuildStrategy", "github.com/openshift/api/build/v1.BuildTriggerCause", "github.com/openshift/api/build/v1.SourceRevision", corev1.ResourceRequirements{}.OpenAPIModelName()}, } } @@ -6859,13 +6883,13 @@ func schema_openshift_api_build_v1_BuildStatus(ref common.ReferenceCallback) com "startTimestamp": { SchemaProps: spec.SchemaProps{ Description: "startTimestamp is a timestamp representing the server time when this Build started running in a Pod. It is represented in RFC3339 form and is in UTC.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "completionTimestamp": { SchemaProps: spec.SchemaProps{ Description: "completionTimestamp is a timestamp representing the server time when this Build was finished, whether that build failed or succeeded. It reflects the time at which the Pod running the Build terminated. It is represented in RFC3339 form and is in UTC.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "duration": { @@ -6885,7 +6909,7 @@ func schema_openshift_api_build_v1_BuildStatus(ref common.ReferenceCallback) com "config": { SchemaProps: spec.SchemaProps{ Description: "config is an ObjectReference to the BuildConfig this Build is based on.", - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, "output": { @@ -6940,7 +6964,7 @@ func schema_openshift_api_build_v1_BuildStatus(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.BuildCondition", "github.com/openshift/api/build/v1.BuildStatusOutput", "github.com/openshift/api/build/v1.StageInfo", "k8s.io/api/core/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + "github.com/openshift/api/build/v1.BuildCondition", "github.com/openshift/api/build/v1.BuildStatusOutput", "github.com/openshift/api/build/v1.StageInfo", corev1.ObjectReference{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, } } @@ -7232,19 +7256,19 @@ func schema_openshift_api_build_v1_BuildVolumeSource(ref common.ReferenceCallbac "secret": { SchemaProps: spec.SchemaProps{ Description: "secret represents a Secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - Ref: ref("k8s.io/api/core/v1.SecretVolumeSource"), + Ref: ref(corev1.SecretVolumeSource{}.OpenAPIModelName()), }, }, "configMap": { SchemaProps: spec.SchemaProps{ Description: "configMap represents a ConfigMap that should populate this volume", - Ref: ref("k8s.io/api/core/v1.ConfigMapVolumeSource"), + Ref: ref(corev1.ConfigMapVolumeSource{}.OpenAPIModelName()), }, }, "csi": { SchemaProps: spec.SchemaProps{ Description: "csi represents ephemeral storage provided by external CSI drivers which support this capability", - Ref: ref("k8s.io/api/core/v1.CSIVolumeSource"), + Ref: ref(corev1.CSIVolumeSource{}.OpenAPIModelName()), }, }, }, @@ -7252,7 +7276,7 @@ func schema_openshift_api_build_v1_BuildVolumeSource(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "k8s.io/api/core/v1.CSIVolumeSource", "k8s.io/api/core/v1.ConfigMapVolumeSource", "k8s.io/api/core/v1.SecretVolumeSource"}, + corev1.CSIVolumeSource{}.OpenAPIModelName(), corev1.ConfigMapVolumeSource{}.OpenAPIModelName(), corev1.SecretVolumeSource{}.OpenAPIModelName()}, } } @@ -7301,7 +7325,7 @@ func schema_openshift_api_build_v1_CommonSpec(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "resources computes resource requirements to execute the build.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), + Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), }, }, "postCommit": { @@ -7346,7 +7370,7 @@ func schema_openshift_api_build_v1_CommonSpec(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.BuildOutput", "github.com/openshift/api/build/v1.BuildPostCommitSpec", "github.com/openshift/api/build/v1.BuildSource", "github.com/openshift/api/build/v1.BuildStrategy", "github.com/openshift/api/build/v1.SourceRevision", "k8s.io/api/core/v1.ResourceRequirements"}, + "github.com/openshift/api/build/v1.BuildOutput", "github.com/openshift/api/build/v1.BuildPostCommitSpec", "github.com/openshift/api/build/v1.BuildSource", "github.com/openshift/api/build/v1.BuildStrategy", "github.com/openshift/api/build/v1.SourceRevision", corev1.ResourceRequirements{}.OpenAPIModelName()}, } } @@ -7389,7 +7413,7 @@ func schema_openshift_api_build_v1_ConfigMapBuildSource(ref common.ReferenceCall SchemaProps: spec.SchemaProps{ Description: "configMap is a reference to an existing configmap that you want to use in your build.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, "destinationDir": { @@ -7404,7 +7428,7 @@ func schema_openshift_api_build_v1_ConfigMapBuildSource(ref common.ReferenceCall }, }, Dependencies: []string{ - "k8s.io/api/core/v1.LocalObjectReference"}, + corev1.LocalObjectReference{}.OpenAPIModelName()}, } } @@ -7419,13 +7443,13 @@ func schema_openshift_api_build_v1_CustomBuildStrategy(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "from is reference to an DockerImage, ImageStreamTag, or ImageStreamImage from which the container image should be pulled", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, "pullSecret": { SchemaProps: spec.SchemaProps{ Description: "pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, "env": { @@ -7436,7 +7460,7 @@ func schema_openshift_api_build_v1_CustomBuildStrategy(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.EnvVar"), + Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), }, }, }, @@ -7482,7 +7506,7 @@ func schema_openshift_api_build_v1_CustomBuildStrategy(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.SecretSpec", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.ObjectReference"}, + "github.com/openshift/api/build/v1.SecretSpec", corev1.EnvVar{}.OpenAPIModelName(), corev1.LocalObjectReference{}.OpenAPIModelName(), corev1.ObjectReference{}.OpenAPIModelName()}, } } @@ -7496,13 +7520,13 @@ func schema_openshift_api_build_v1_DockerBuildStrategy(ref common.ReferenceCallb "from": { SchemaProps: spec.SchemaProps{ Description: "from is a reference to an DockerImage, ImageStreamTag, or ImageStreamImage which overrides the FROM image in the Dockerfile for the build. If the Dockerfile uses multi-stage builds, this will replace the image in the last FROM directive of the file.", - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, "pullSecret": { SchemaProps: spec.SchemaProps{ Description: "pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, "noCache": { @@ -7520,7 +7544,7 @@ func schema_openshift_api_build_v1_DockerBuildStrategy(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.EnvVar"), + Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), }, }, }, @@ -7548,7 +7572,7 @@ func schema_openshift_api_build_v1_DockerBuildStrategy(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.EnvVar"), + Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), }, }, }, @@ -7589,7 +7613,7 @@ func schema_openshift_api_build_v1_DockerBuildStrategy(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.BuildVolume", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.ObjectReference"}, + "github.com/openshift/api/build/v1.BuildVolume", corev1.EnvVar{}.OpenAPIModelName(), corev1.LocalObjectReference{}.OpenAPIModelName(), corev1.ObjectReference{}.OpenAPIModelName()}, } } @@ -7608,7 +7632,7 @@ func schema_openshift_api_build_v1_DockerStrategyOptions(ref common.ReferenceCal Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.EnvVar"), + Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), }, }, }, @@ -7625,7 +7649,7 @@ func schema_openshift_api_build_v1_DockerStrategyOptions(ref common.ReferenceCal }, }, Dependencies: []string{ - "k8s.io/api/core/v1.EnvVar"}, + corev1.EnvVar{}.OpenAPIModelName()}, } } @@ -7685,7 +7709,7 @@ func schema_openshift_api_build_v1_GenericWebHookEvent(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.EnvVar"), + Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), }, }, }, @@ -7701,7 +7725,7 @@ func schema_openshift_api_build_v1_GenericWebHookEvent(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.DockerStrategyOptions", "github.com/openshift/api/build/v1.GitInfo", "k8s.io/api/core/v1.EnvVar"}, + "github.com/openshift/api/build/v1.DockerStrategyOptions", "github.com/openshift/api/build/v1.GitInfo", corev1.EnvVar{}.OpenAPIModelName()}, } } @@ -8045,14 +8069,14 @@ func schema_openshift_api_build_v1_ImageChangeCause(ref common.ReferenceCallback "fromRef": { SchemaProps: spec.SchemaProps{ Description: "fromRef contains detailed information about an image that triggered a build.", - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ObjectReference"}, + corev1.ObjectReference{}.OpenAPIModelName()}, } } @@ -8073,7 +8097,7 @@ func schema_openshift_api_build_v1_ImageChangeTrigger(ref common.ReferenceCallba "from": { SchemaProps: spec.SchemaProps{ Description: "from is a reference to an ImageStreamTag that will trigger a build when updated It is optional. If no From is specified, the From image from the build strategy will be used. Only one ImageChangeTrigger with an empty From reference is allowed in a build configuration.", - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, "paused": { @@ -8087,7 +8111,7 @@ func schema_openshift_api_build_v1_ImageChangeTrigger(ref common.ReferenceCallba }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ObjectReference"}, + corev1.ObjectReference{}.OpenAPIModelName()}, } } @@ -8115,14 +8139,14 @@ func schema_openshift_api_build_v1_ImageChangeTriggerStatus(ref common.Reference "lastTriggerTime": { SchemaProps: spec.SchemaProps{ Description: "lastTriggerTime is the last time this particular ImageStreamTag triggered a Build to start. This field is only updated when this trigger specifically started a Build.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.ImageStreamTagReference", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + "github.com/openshift/api/build/v1.ImageStreamTagReference", metav1.Time{}.OpenAPIModelName()}, } } @@ -8166,7 +8190,7 @@ func schema_openshift_api_build_v1_ImageSource(ref common.ReferenceCallback) com SchemaProps: spec.SchemaProps{ Description: "from is a reference to an ImageStreamTag, ImageStreamImage, or DockerImage to copy source from.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, "as": { @@ -8201,7 +8225,7 @@ func schema_openshift_api_build_v1_ImageSource(ref common.ReferenceCallback) com "pullSecret": { SchemaProps: spec.SchemaProps{ Description: "pullSecret is a reference to a secret to be used to pull the image from a registry If the image is pulled from the OpenShift registry, this field does not need to be set.", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, }, @@ -8209,7 +8233,7 @@ func schema_openshift_api_build_v1_ImageSource(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.ImageSourcePath", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.ObjectReference"}, + "github.com/openshift/api/build/v1.ImageSourcePath", corev1.LocalObjectReference{}.OpenAPIModelName(), corev1.ObjectReference{}.OpenAPIModelName()}, } } @@ -8299,7 +8323,7 @@ func schema_openshift_api_build_v1_JenkinsPipelineBuildStrategy(ref common.Refer Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.EnvVar"), + Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), }, }, }, @@ -8309,7 +8333,7 @@ func schema_openshift_api_build_v1_JenkinsPipelineBuildStrategy(ref common.Refer }, }, Dependencies: []string{ - "k8s.io/api/core/v1.EnvVar"}, + corev1.EnvVar{}.OpenAPIModelName()}, } } @@ -8358,7 +8382,7 @@ func schema_openshift_api_build_v1_SecretBuildSource(ref common.ReferenceCallbac SchemaProps: spec.SchemaProps{ Description: "secret is a reference to an existing secret that you want to use in your build.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, "destinationDir": { @@ -8373,7 +8397,7 @@ func schema_openshift_api_build_v1_SecretBuildSource(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "k8s.io/api/core/v1.LocalObjectReference"}, + corev1.LocalObjectReference{}.OpenAPIModelName()}, } } @@ -8410,7 +8434,7 @@ func schema_openshift_api_build_v1_SecretSpec(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "secretSource is a reference to the secret", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, "mountPath": { @@ -8426,7 +8450,7 @@ func schema_openshift_api_build_v1_SecretSpec(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "k8s.io/api/core/v1.LocalObjectReference"}, + corev1.LocalObjectReference{}.OpenAPIModelName()}, } } @@ -8441,13 +8465,13 @@ func schema_openshift_api_build_v1_SourceBuildStrategy(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "from is reference to an DockerImage, ImageStreamTag, or ImageStreamImage from which the container image should be pulled", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, "pullSecret": { SchemaProps: spec.SchemaProps{ Description: "pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, "env": { @@ -8458,7 +8482,7 @@ func schema_openshift_api_build_v1_SourceBuildStrategy(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.EnvVar"), + Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), }, }, }, @@ -8514,7 +8538,7 @@ func schema_openshift_api_build_v1_SourceBuildStrategy(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.BuildVolume", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.ObjectReference"}, + "github.com/openshift/api/build/v1.BuildVolume", corev1.EnvVar{}.OpenAPIModelName(), corev1.LocalObjectReference{}.OpenAPIModelName(), corev1.ObjectReference{}.OpenAPIModelName()}, } } @@ -8612,7 +8636,7 @@ func schema_openshift_api_build_v1_StageInfo(ref common.ReferenceCallback) commo "startTime": { SchemaProps: spec.SchemaProps{ Description: "startTime is a timestamp representing the server time when this Stage started. It is represented in RFC3339 form and is in UTC.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "durationMilliseconds": { @@ -8640,7 +8664,7 @@ func schema_openshift_api_build_v1_StageInfo(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.StepInfo", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + "github.com/openshift/api/build/v1.StepInfo", metav1.Time{}.OpenAPIModelName()}, } } @@ -8661,7 +8685,7 @@ func schema_openshift_api_build_v1_StepInfo(ref common.ReferenceCallback) common "startTime": { SchemaProps: spec.SchemaProps{ Description: "startTime is a timestamp representing the server time when this Step started. it is represented in RFC3339 form and is in UTC.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "durationMilliseconds": { @@ -8675,7 +8699,7 @@ func schema_openshift_api_build_v1_StepInfo(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -8739,7 +8763,7 @@ func schema_openshift_api_cloudnetwork_v1_CloudPrivateIPConfig(ref common.Refere SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -8761,7 +8785,7 @@ func schema_openshift_api_cloudnetwork_v1_CloudPrivateIPConfig(ref common.Refere }, }, Dependencies: []string{ - "github.com/openshift/api/cloudnetwork/v1.CloudPrivateIPConfigSpec", "github.com/openshift/api/cloudnetwork/v1.CloudPrivateIPConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/cloudnetwork/v1.CloudPrivateIPConfigSpec", "github.com/openshift/api/cloudnetwork/v1.CloudPrivateIPConfigStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -8819,7 +8843,7 @@ func schema_openshift_api_cloudnetwork_v1_CloudPrivateIPConfigStatus(ref common. Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -8830,7 +8854,7 @@ func schema_openshift_api_cloudnetwork_v1_CloudPrivateIPConfigStatus(ref common. }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + metav1.Condition{}.OpenAPIModelName()}, } } @@ -8859,7 +8883,7 @@ func schema_openshift_api_config_v1_APIServer(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -8881,7 +8905,7 @@ func schema_openshift_api_config_v1_APIServer(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.APIServerSpec", "github.com/openshift/api/config/v1.APIServerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1.APIServerSpec", "github.com/openshift/api/config/v1.APIServerStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -8950,7 +8974,7 @@ func schema_openshift_api_config_v1_APIServerList(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -8971,7 +8995,7 @@ func schema_openshift_api_config_v1_APIServerList(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.APIServer", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1.APIServer", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -9104,6 +9128,13 @@ func schema_openshift_api_config_v1_APIServerSpec(ref common.ReferenceCallback) Ref: ref("github.com/openshift/api/config/v1.TLSSecurityProfile"), }, }, + "tlsAdherence": { + SchemaProps: spec.SchemaProps{ + Description: "tlsAdherence controls if components in the cluster adhere to the TLS security profile configured on this APIServer resource.\n\nValid values are \"LegacyAdheringComponentsOnly\" and \"StrictAllComponents\".\n\nWhen set to \"LegacyAdheringComponentsOnly\", components that already honor the cluster-wide TLS profile continue to do so. Components that do not already honor it continue to use their individual TLS configurations.\n\nWhen set to \"StrictAllComponents\", all components must honor the configured TLS profile unless they have a component-specific TLS configuration that overrides it. This mode is recommended for security-conscious deployments and is required for certain compliance frameworks.\n\nNote: Some components such as Kubelet and IngressController have their own dedicated TLS configuration mechanisms via KubeletConfig and IngressController CRs respectively. When these component-specific TLS configurations are set, they take precedence over the cluster-wide tlsSecurityProfile. When not set, these components fall back to the cluster-wide default.\n\nComponents that encounter an unknown value for tlsAdherence should treat it as \"StrictAllComponents\" and log a warning to ensure forward compatibility while defaulting to the more secure behavior.\n\nThis field is optional. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is LegacyAdheringComponentsOnly.\n\nOnce set, this field may be changed to a different value, but may not be removed.", + Type: []string{"string"}, + Format: "", + }, + }, "audit": { SchemaProps: spec.SchemaProps{ Description: "audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster.", @@ -9138,7 +9169,7 @@ func schema_openshift_api_config_v1_AWSDNSSpec(ref common.ReferenceCallback) com Properties: map[string]spec.Schema{ "privateZoneIAMRole": { SchemaProps: spec.SchemaProps{ - Description: "privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed.", + Description: "privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed.\n\nThe ARN must follow the format: arn::iam:::role/, where: is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc), is a 12-digit numeric identifier for the AWS account, is the IAM role name.", Default: "", Type: []string{"string"}, Format: "", @@ -9480,7 +9511,7 @@ func schema_openshift_api_config_v1_AdmissionPluginConfig(ref common.ReferenceCa "configuration": { SchemaProps: spec.SchemaProps{ Description: "configuration is an embedded configuration object to be used as the plugin's configuration. If present, it will be used instead of the path to the configuration file.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, @@ -9488,7 +9519,7 @@ func schema_openshift_api_config_v1_AdmissionPluginConfig(ref common.ReferenceCa }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -9687,7 +9718,7 @@ func schema_openshift_api_config_v1_AuditConfig(ref common.ReferenceCallback) co "policyConfiguration": { SchemaProps: spec.SchemaProps{ Description: "policyConfiguration is an embedded policy configuration object to be used as the audit policy configuration. If present, it will be used instead of the path to the policy file.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "logFormat": { @@ -9719,7 +9750,7 @@ func schema_openshift_api_config_v1_AuditConfig(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -9778,7 +9809,7 @@ func schema_openshift_api_config_v1_Authentication(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -9800,7 +9831,7 @@ func schema_openshift_api_config_v1_Authentication(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.AuthenticationSpec", "github.com/openshift/api/config/v1.AuthenticationStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1.AuthenticationSpec", "github.com/openshift/api/config/v1.AuthenticationStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -9829,7 +9860,7 @@ func schema_openshift_api_config_v1_AuthenticationList(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -9850,7 +9881,7 @@ func schema_openshift_api_config_v1_AuthenticationList(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.Authentication", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1.Authentication", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -10388,7 +10419,7 @@ func schema_openshift_api_config_v1_Build(ref common.ReferenceCallback) common.O SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -10403,7 +10434,7 @@ func schema_openshift_api_config_v1_Build(ref common.ReferenceCallback) common.O }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.BuildSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1.BuildSpec", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -10433,7 +10464,7 @@ func schema_openshift_api_config_v1_BuildDefaults(ref common.ReferenceCallback) Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.EnvVar"), + Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), }, }, }, @@ -10457,14 +10488,14 @@ func schema_openshift_api_config_v1_BuildDefaults(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "resources defines resource requirements to execute the build.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), + Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ImageLabel", "github.com/openshift/api/config/v1.ProxySpec", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.ResourceRequirements"}, + "github.com/openshift/api/config/v1.ImageLabel", "github.com/openshift/api/config/v1.ProxySpec", corev1.EnvVar{}.OpenAPIModelName(), corev1.ResourceRequirements{}.OpenAPIModelName()}, } } @@ -10493,7 +10524,7 @@ func schema_openshift_api_config_v1_BuildList(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -10514,7 +10545,7 @@ func schema_openshift_api_config_v1_BuildList(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.Build", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1.Build", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -10562,7 +10593,7 @@ func schema_openshift_api_config_v1_BuildOverrides(ref common.ReferenceCallback) Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.Toleration"), + Ref: ref(corev1.Toleration{}.OpenAPIModelName()), }, }, }, @@ -10579,7 +10610,7 @@ func schema_openshift_api_config_v1_BuildOverrides(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ImageLabel", "k8s.io/api/core/v1.Toleration"}, + "github.com/openshift/api/config/v1.ImageLabel", corev1.Toleration{}.OpenAPIModelName()}, } } @@ -10883,7 +10914,7 @@ func schema_openshift_api_config_v1_ClusterImagePolicy(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -10905,7 +10936,7 @@ func schema_openshift_api_config_v1_ClusterImagePolicy(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ClusterImagePolicySpec", "github.com/openshift/api/config/v1.ClusterImagePolicyStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1.ClusterImagePolicySpec", "github.com/openshift/api/config/v1.ClusterImagePolicyStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -10934,7 +10965,7 @@ func schema_openshift_api_config_v1_ClusterImagePolicyList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -10956,7 +10987,7 @@ func schema_openshift_api_config_v1_ClusterImagePolicyList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ClusterImagePolicy", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1.ClusterImagePolicy", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -11025,7 +11056,7 @@ func schema_openshift_api_config_v1_ClusterImagePolicyStatus(ref common.Referenc Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -11035,7 +11066,7 @@ func schema_openshift_api_config_v1_ClusterImagePolicyStatus(ref common.Referenc }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + metav1.Condition{}.OpenAPIModelName()}, } } @@ -11093,7 +11124,7 @@ func schema_openshift_api_config_v1_ClusterOperator(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -11115,7 +11146,7 @@ func schema_openshift_api_config_v1_ClusterOperator(ref common.ReferenceCallback }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ClusterOperatorSpec", "github.com/openshift/api/config/v1.ClusterOperatorStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1.ClusterOperatorSpec", "github.com/openshift/api/config/v1.ClusterOperatorStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -11144,7 +11175,7 @@ func schema_openshift_api_config_v1_ClusterOperatorList(ref common.ReferenceCall SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -11165,7 +11196,7 @@ func schema_openshift_api_config_v1_ClusterOperatorList(ref common.ReferenceCall }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ClusterOperator", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1.ClusterOperator", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -11242,14 +11273,14 @@ func schema_openshift_api_config_v1_ClusterOperatorStatus(ref common.ReferenceCa "extension": { SchemaProps: spec.SchemaProps{ Description: "extension contains any additional status information specific to the operator which owns this status object.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ClusterOperatorStatusCondition", "github.com/openshift/api/config/v1.ObjectReference", "github.com/openshift/api/config/v1.OperandVersion", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + "github.com/openshift/api/config/v1.ClusterOperatorStatusCondition", "github.com/openshift/api/config/v1.ObjectReference", "github.com/openshift/api/config/v1.OperandVersion", runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -11279,7 +11310,7 @@ func schema_openshift_api_config_v1_ClusterOperatorStatusCondition(ref common.Re "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "lastTransitionTime is the time of the last update to the current status property.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "reason": { @@ -11301,7 +11332,7 @@ func schema_openshift_api_config_v1_ClusterOperatorStatusCondition(ref common.Re }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -11330,7 +11361,7 @@ func schema_openshift_api_config_v1_ClusterVersion(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -11352,7 +11383,7 @@ func schema_openshift_api_config_v1_ClusterVersion(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ClusterVersionSpec", "github.com/openshift/api/config/v1.ClusterVersionStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1.ClusterVersionSpec", "github.com/openshift/api/config/v1.ClusterVersionStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -11474,7 +11505,7 @@ func schema_openshift_api_config_v1_ClusterVersionList(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -11495,7 +11526,7 @@ func schema_openshift_api_config_v1_ClusterVersionList(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ClusterVersion", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1.ClusterVersion", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -11923,7 +11954,7 @@ func schema_openshift_api_config_v1_ComponentRouteStatus(ref common.ReferenceCal Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -11948,7 +11979,7 @@ func schema_openshift_api_config_v1_ComponentRouteStatus(ref common.ReferenceCal }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + "github.com/openshift/api/config/v1.ObjectReference", metav1.Condition{}.OpenAPIModelName()}, } } @@ -12026,7 +12057,7 @@ func schema_openshift_api_config_v1_ConditionalUpdate(ref common.ReferenceCallba Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -12037,7 +12068,7 @@ func schema_openshift_api_config_v1_ConditionalUpdate(ref common.ReferenceCallba }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ConditionalUpdateRisk", "github.com/openshift/api/config/v1.Release", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + "github.com/openshift/api/config/v1.ConditionalUpdateRisk", "github.com/openshift/api/config/v1.Release", metav1.Condition{}.OpenAPIModelName()}, } } @@ -12064,7 +12095,7 @@ func schema_openshift_api_config_v1_ConditionalUpdateRisk(ref common.ReferenceCa Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -12118,7 +12149,7 @@ func schema_openshift_api_config_v1_ConditionalUpdateRisk(ref common.ReferenceCa }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ClusterCondition", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + "github.com/openshift/api/config/v1.ClusterCondition", metav1.Condition{}.OpenAPIModelName()}, } } @@ -12197,7 +12228,7 @@ func schema_openshift_api_config_v1_Console(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -12219,7 +12250,7 @@ func schema_openshift_api_config_v1_Console(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ConsoleSpec", "github.com/openshift/api/config/v1.ConsoleStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1.ConsoleSpec", "github.com/openshift/api/config/v1.ConsoleStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -12268,7 +12299,7 @@ func schema_openshift_api_config_v1_ConsoleList(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -12289,7 +12320,7 @@ func schema_openshift_api_config_v1_ConsoleList(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.Console", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1.Console", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -12429,7 +12460,7 @@ func schema_openshift_api_config_v1_CustomTLSProfile(ref common.ReferenceCallbac }, }, SchemaProps: spec.SchemaProps{ - Description: "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", + Description: "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries that their operands do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml):\n\n ciphers:\n - ECDHE-RSA-AES128-GCM-SHA256\n\nTLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable and are always enabled when TLS 1.3 is negotiated.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -12449,7 +12480,7 @@ func schema_openshift_api_config_v1_CustomTLSProfile(ref common.ReferenceCallbac }, }, SchemaProps: spec.SchemaProps{ - Description: "curves is an optional field used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one curve.\n\nFor example, to use X25519 and SecP256r1 (yaml):\n\n curves:\n - X25519\n - SecP256r1", + Description: "curves is an optional field used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one curve and each curve must be unique.\n\nFor example, to use X25519 and secp256r1 (yaml):\n\n curves:\n - X25519\n - secp256r1", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -12502,7 +12533,7 @@ func schema_openshift_api_config_v1_DNS(ref common.ReferenceCallback) common.Ope SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -12524,7 +12555,7 @@ func schema_openshift_api_config_v1_DNS(ref common.ReferenceCallback) common.Ope }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.DNSSpec", "github.com/openshift/api/config/v1.DNSStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1.DNSSpec", "github.com/openshift/api/config/v1.DNSStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -12553,7 +12584,7 @@ func schema_openshift_api_config_v1_DNSList(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -12574,7 +12605,7 @@ func schema_openshift_api_config_v1_DNSList(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.DNS", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1.DNS", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -13114,7 +13145,7 @@ func schema_openshift_api_config_v1_FeatureGate(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -13136,7 +13167,7 @@ func schema_openshift_api_config_v1_FeatureGate(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.FeatureGateSpec", "github.com/openshift/api/config/v1.FeatureGateStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1.FeatureGateSpec", "github.com/openshift/api/config/v1.FeatureGateStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -13237,7 +13268,7 @@ func schema_openshift_api_config_v1_FeatureGateList(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -13258,7 +13289,7 @@ func schema_openshift_api_config_v1_FeatureGateList(ref common.ReferenceCallback }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.FeatureGate", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1.FeatureGate", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -13362,7 +13393,7 @@ func schema_openshift_api_config_v1_FeatureGateStatus(ref common.ReferenceCallba Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -13394,7 +13425,7 @@ func schema_openshift_api_config_v1_FeatureGateStatus(ref common.ReferenceCallba }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.FeatureGateDetails", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + "github.com/openshift/api/config/v1.FeatureGateDetails", metav1.Condition{}.OpenAPIModelName()}, } } @@ -14523,7 +14554,7 @@ func schema_openshift_api_config_v1_Image(ref common.ReferenceCallback) common.O SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -14545,7 +14576,7 @@ func schema_openshift_api_config_v1_Image(ref common.ReferenceCallback) common.O }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ImageSpec", "github.com/openshift/api/config/v1.ImageStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1.ImageSpec", "github.com/openshift/api/config/v1.ImageStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -14574,7 +14605,7 @@ func schema_openshift_api_config_v1_ImageContentPolicy(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -14589,7 +14620,7 @@ func schema_openshift_api_config_v1_ImageContentPolicy(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ImageContentPolicySpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1.ImageContentPolicySpec", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -14618,7 +14649,7 @@ func schema_openshift_api_config_v1_ImageContentPolicyList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -14639,7 +14670,7 @@ func schema_openshift_api_config_v1_ImageContentPolicyList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ImageContentPolicy", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1.ImageContentPolicy", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -14705,7 +14736,7 @@ func schema_openshift_api_config_v1_ImageDigestMirrorSet(ref common.ReferenceCal SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -14727,7 +14758,7 @@ func schema_openshift_api_config_v1_ImageDigestMirrorSet(ref common.ReferenceCal }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ImageDigestMirrorSetSpec", "github.com/openshift/api/config/v1.ImageDigestMirrorSetStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1.ImageDigestMirrorSetSpec", "github.com/openshift/api/config/v1.ImageDigestMirrorSetStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -14756,7 +14787,7 @@ func schema_openshift_api_config_v1_ImageDigestMirrorSetList(ref common.Referenc SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -14777,7 +14808,7 @@ func schema_openshift_api_config_v1_ImageDigestMirrorSetList(ref common.Referenc }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ImageDigestMirrorSet", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1.ImageDigestMirrorSet", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -14927,7 +14958,7 @@ func schema_openshift_api_config_v1_ImageList(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -14948,7 +14979,7 @@ func schema_openshift_api_config_v1_ImageList(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.Image", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1.Image", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -14977,7 +15008,7 @@ func schema_openshift_api_config_v1_ImagePolicy(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -14999,7 +15030,7 @@ func schema_openshift_api_config_v1_ImagePolicy(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ImagePolicySpec", "github.com/openshift/api/config/v1.ImagePolicyStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1.ImagePolicySpec", "github.com/openshift/api/config/v1.ImagePolicyStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -15065,7 +15096,7 @@ func schema_openshift_api_config_v1_ImagePolicyList(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -15087,7 +15118,7 @@ func schema_openshift_api_config_v1_ImagePolicyList(ref common.ReferenceCallback }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ImagePolicy", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1.ImagePolicy", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -15221,7 +15252,7 @@ func schema_openshift_api_config_v1_ImagePolicyStatus(ref common.ReferenceCallba Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -15231,7 +15262,7 @@ func schema_openshift_api_config_v1_ImagePolicyStatus(ref common.ReferenceCallba }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + metav1.Condition{}.OpenAPIModelName()}, } } @@ -15412,7 +15443,7 @@ func schema_openshift_api_config_v1_ImageTagMirrorSet(ref common.ReferenceCallba SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -15434,7 +15465,7 @@ func schema_openshift_api_config_v1_ImageTagMirrorSet(ref common.ReferenceCallba }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ImageTagMirrorSetSpec", "github.com/openshift/api/config/v1.ImageTagMirrorSetStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1.ImageTagMirrorSetSpec", "github.com/openshift/api/config/v1.ImageTagMirrorSetStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -15463,7 +15494,7 @@ func schema_openshift_api_config_v1_ImageTagMirrorSetList(ref common.ReferenceCa SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -15484,7 +15515,7 @@ func schema_openshift_api_config_v1_ImageTagMirrorSetList(ref common.ReferenceCa }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ImageTagMirrorSet", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1.ImageTagMirrorSet", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -15606,7 +15637,7 @@ func schema_openshift_api_config_v1_Infrastructure(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -15628,7 +15659,7 @@ func schema_openshift_api_config_v1_Infrastructure(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.InfrastructureSpec", "github.com/openshift/api/config/v1.InfrastructureStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1.InfrastructureSpec", "github.com/openshift/api/config/v1.InfrastructureStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -15657,7 +15688,7 @@ func schema_openshift_api_config_v1_InfrastructureList(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -15678,7 +15709,7 @@ func schema_openshift_api_config_v1_InfrastructureList(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.Infrastructure", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1.Infrastructure", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -15765,7 +15796,7 @@ func schema_openshift_api_config_v1_InfrastructureStatus(ref common.ReferenceCal }, "controlPlaneTopology": { SchemaProps: spec.SchemaProps{ - Description: "controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster.", + Description: "controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster. The 'HighlyAvailableArbiter' mode indicates that the control plane will consist of 2 control-plane nodes that run conventional services and 1 smaller sized arbiter node that runs a bare minimum of services to maintain quorum.", Default: "", Type: []string{"string"}, Format: "", @@ -15819,7 +15850,7 @@ func schema_openshift_api_config_v1_Ingress(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -15841,7 +15872,7 @@ func schema_openshift_api_config_v1_Ingress(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.IngressSpec", "github.com/openshift/api/config/v1.IngressStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1.IngressSpec", "github.com/openshift/api/config/v1.IngressStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -15870,7 +15901,7 @@ func schema_openshift_api_config_v1_IngressList(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -15891,7 +15922,7 @@ func schema_openshift_api_config_v1_IngressList(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.Ingress", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1.Ingress", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -16081,7 +16112,7 @@ func schema_openshift_api_config_v1_InsightsDataGather(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -16096,7 +16127,7 @@ func schema_openshift_api_config_v1_InsightsDataGather(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.InsightsDataGatherSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1.InsightsDataGatherSpec", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -16125,7 +16156,7 @@ func schema_openshift_api_config_v1_InsightsDataGatherList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the required standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -16147,7 +16178,7 @@ func schema_openshift_api_config_v1_InsightsDataGatherList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.InsightsDataGather", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1.InsightsDataGather", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -16514,19 +16545,19 @@ func schema_openshift_api_config_v1_LeaderElection(ref common.ReferenceCallback) "leaseDuration": { SchemaProps: spec.SchemaProps{ Description: "leaseDuration is the duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate. This is only applicable if leader election is enabled.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Ref: ref(metav1.Duration{}.OpenAPIModelName()), }, }, "renewDeadline": { SchemaProps: spec.SchemaProps{ Description: "renewDeadline is the interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. This is only applicable if leader election is enabled.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Ref: ref(metav1.Duration{}.OpenAPIModelName()), }, }, "retryPeriod": { SchemaProps: spec.SchemaProps{ Description: "retryPeriod is the duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Ref: ref(metav1.Duration{}.OpenAPIModelName()), }, }, }, @@ -16534,7 +16565,7 @@ func schema_openshift_api_config_v1_LeaderElection(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, + metav1.Duration{}.OpenAPIModelName()}, } } @@ -16722,7 +16753,7 @@ func schema_openshift_api_config_v1_Network(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -16744,7 +16775,7 @@ func schema_openshift_api_config_v1_Network(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.NetworkSpec", "github.com/openshift/api/config/v1.NetworkStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1.NetworkSpec", "github.com/openshift/api/config/v1.NetworkStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -16820,7 +16851,7 @@ func schema_openshift_api_config_v1_NetworkDiagnosticsSourcePlacement(ref common Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.Toleration"), + Ref: ref(corev1.Toleration{}.OpenAPIModelName()), }, }, }, @@ -16830,7 +16861,7 @@ func schema_openshift_api_config_v1_NetworkDiagnosticsSourcePlacement(ref common }, }, Dependencies: []string{ - "k8s.io/api/core/v1.Toleration"}, + corev1.Toleration{}.OpenAPIModelName()}, } } @@ -16870,7 +16901,7 @@ func schema_openshift_api_config_v1_NetworkDiagnosticsTargetPlacement(ref common Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.Toleration"), + Ref: ref(corev1.Toleration{}.OpenAPIModelName()), }, }, }, @@ -16880,7 +16911,7 @@ func schema_openshift_api_config_v1_NetworkDiagnosticsTargetPlacement(ref common }, }, Dependencies: []string{ - "k8s.io/api/core/v1.Toleration"}, + corev1.Toleration{}.OpenAPIModelName()}, } } @@ -16909,7 +16940,7 @@ func schema_openshift_api_config_v1_NetworkList(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -16930,7 +16961,7 @@ func schema_openshift_api_config_v1_NetworkList(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.Network", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1.Network", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -17127,7 +17158,7 @@ func schema_openshift_api_config_v1_NetworkStatus(ref common.ReferenceCallback) Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -17137,7 +17168,7 @@ func schema_openshift_api_config_v1_NetworkStatus(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ClusterNetworkEntry", "github.com/openshift/api/config/v1.NetworkMigration", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + "github.com/openshift/api/config/v1.ClusterNetworkEntry", "github.com/openshift/api/config/v1.NetworkMigration", metav1.Condition{}.OpenAPIModelName()}, } } @@ -17166,7 +17197,7 @@ func schema_openshift_api_config_v1_Node(ref common.ReferenceCallback) common.Op SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -17188,7 +17219,7 @@ func schema_openshift_api_config_v1_Node(ref common.ReferenceCallback) common.Op }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.NodeSpec", "github.com/openshift/api/config/v1.NodeStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1.NodeSpec", "github.com/openshift/api/config/v1.NodeStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -17217,7 +17248,7 @@ func schema_openshift_api_config_v1_NodeList(ref common.ReferenceCallback) commo SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -17238,7 +17269,7 @@ func schema_openshift_api_config_v1_NodeList(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.Node", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1.Node", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -17298,7 +17329,7 @@ func schema_openshift_api_config_v1_NodeStatus(ref common.ReferenceCallback) com Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -17308,7 +17339,7 @@ func schema_openshift_api_config_v1_NodeStatus(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + metav1.Condition{}.OpenAPIModelName()}, } } @@ -17680,7 +17711,7 @@ func schema_openshift_api_config_v1_OAuth(ref common.ReferenceCallback) common.O SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -17702,7 +17733,7 @@ func schema_openshift_api_config_v1_OAuth(ref common.ReferenceCallback) common.O }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.OAuthSpec", "github.com/openshift/api/config/v1.OAuthStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1.OAuthSpec", "github.com/openshift/api/config/v1.OAuthStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -17731,7 +17762,7 @@ func schema_openshift_api_config_v1_OAuthList(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -17752,7 +17783,7 @@ func schema_openshift_api_config_v1_OAuthList(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.OAuth", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1.OAuth", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -18084,7 +18115,7 @@ func schema_openshift_api_config_v1_OIDCClientStatus(ref common.ReferenceCallbac Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -18095,7 +18126,7 @@ func schema_openshift_api_config_v1_OIDCClientStatus(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.OIDCClientReference", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + "github.com/openshift/api/config/v1.OIDCClientReference", metav1.Condition{}.OpenAPIModelName()}, } } @@ -18710,7 +18741,7 @@ func schema_openshift_api_config_v1_OperatorHub(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -18730,7 +18761,7 @@ func schema_openshift_api_config_v1_OperatorHub(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.OperatorHubSpec", "github.com/openshift/api/config/v1.OperatorHubStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1.OperatorHubSpec", "github.com/openshift/api/config/v1.OperatorHubStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -18759,7 +18790,7 @@ func schema_openshift_api_config_v1_OperatorHubList(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -18780,7 +18811,7 @@ func schema_openshift_api_config_v1_OperatorHubList(ref common.ReferenceCallback }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.OperatorHub", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1.OperatorHub", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -19614,22 +19645,28 @@ func schema_openshift_api_config_v1_PrefixedClaimMapping(ref common.ReferenceCal Properties: map[string]spec.Schema{ "claim": { SchemaProps: spec.SchemaProps{ - Description: "claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping.", + Description: "claim is an optional field for specifying the JWT token claim that is used in the mapping. The value of this claim will be assigned to the field in which this mapping is associated. claim must not exceed 256 characters in length. When set to the empty string `\"\"`, this means that no named claim should be used for the group mapping. claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled.", Default: "", Type: []string{"string"}, Format: "", }, }, + "expression": { + SchemaProps: spec.SchemaProps{ + Description: "expression is an optional CEL expression used to derive group values from JWT claims.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length .\n\nWhen specified, claim must not be set or be explicitly set to the empty string (`\"\"`).", + Type: []string{"string"}, + Format: "", + }, + }, "prefix": { SchemaProps: spec.SchemaProps{ - Description: "prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes.\n\nWhen omitted (\"\"), no prefix is applied to the cluster identity attribute.\n\nExample: if `prefix` is set to \"myoidc:\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\".", + Description: "prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes.\n\nWhen omitted or set to an empty string (\"\"), no prefix is applied to the cluster identity attribute. Must not be set to a non-empty value when expression is set.\n\nExample: if `prefix` is set to \"myoidc:\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\".", Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"claim"}, }, }, } @@ -19681,7 +19718,7 @@ func schema_openshift_api_config_v1_Project(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -19703,7 +19740,7 @@ func schema_openshift_api_config_v1_Project(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ProjectSpec", "github.com/openshift/api/config/v1.ProjectStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1.ProjectSpec", "github.com/openshift/api/config/v1.ProjectStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -19732,7 +19769,7 @@ func schema_openshift_api_config_v1_ProjectList(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -19753,7 +19790,7 @@ func schema_openshift_api_config_v1_ProjectList(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.Project", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1.Project", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -19844,7 +19881,7 @@ func schema_openshift_api_config_v1_Proxy(ref common.ReferenceCallback) common.O SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -19866,7 +19903,7 @@ func schema_openshift_api_config_v1_Proxy(ref common.ReferenceCallback) common.O }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ProxySpec", "github.com/openshift/api/config/v1.ProxyStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1.ProxySpec", "github.com/openshift/api/config/v1.ProxyStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -19895,7 +19932,7 @@ func schema_openshift_api_config_v1_ProxyList(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -19916,7 +19953,7 @@ func schema_openshift_api_config_v1_ProxyList(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.Proxy", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1.Proxy", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -20416,7 +20453,7 @@ func schema_openshift_api_config_v1_RequiredHSTSPolicy(ref common.ReferenceCallb "namespaceSelector": { SchemaProps: spec.SchemaProps{ Description: "namespaceSelector specifies a label selector such that the policy applies only to those routes that are in namespaces with labels that match the selector, and are in one of the DomainPatterns. Defaults to the empty LabelSelector, which matches everything.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, "domainPatterns": { @@ -20460,7 +20497,7 @@ func schema_openshift_api_config_v1_RequiredHSTSPolicy(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.MaxAgePolicy", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + "github.com/openshift/api/config/v1.MaxAgePolicy", metav1.LabelSelector{}.OpenAPIModelName()}, } } @@ -20489,7 +20526,7 @@ func schema_openshift_api_config_v1_Scheduler(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -20511,7 +20548,7 @@ func schema_openshift_api_config_v1_Scheduler(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.SchedulerSpec", "github.com/openshift/api/config/v1.SchedulerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1.SchedulerSpec", "github.com/openshift/api/config/v1.SchedulerStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -20540,7 +20577,7 @@ func schema_openshift_api_config_v1_SchedulerList(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -20561,7 +20598,7 @@ func schema_openshift_api_config_v1_SchedulerList(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.Scheduler", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1.Scheduler", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -20917,7 +20954,7 @@ func schema_openshift_api_config_v1_TLSProfileSpec(ref common.ReferenceCallback) }, }, SchemaProps: spec.SchemaProps{ - Description: "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", + Description: "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries that their operands do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml):\n\n ciphers:\n - ECDHE-RSA-AES128-GCM-SHA256\n\nTLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable and are always enabled when TLS 1.3 is negotiated.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -20937,7 +20974,7 @@ func schema_openshift_api_config_v1_TLSProfileSpec(ref common.ReferenceCallback) }, }, SchemaProps: spec.SchemaProps{ - Description: "curves is an optional field used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one curve.\n\nFor example, to use X25519 and SecP256r1 (yaml):\n\n curves:\n - X25519\n - SecP256r1", + Description: "curves is an optional field used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one curve and each curve must be unique.\n\nFor example, to use X25519 and secp256r1 (yaml):\n\n curves:\n - X25519\n - secp256r1", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -20974,7 +21011,7 @@ func schema_openshift_api_config_v1_TLSSecurityProfile(ref common.ReferenceCallb Properties: map[string]spec.Schema{ "type": { SchemaProps: spec.SchemaProps{ - Description: "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe profiles are currently based on version 5.0 of the Mozilla Server Side TLS configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.", + Description: "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe profiles are based on version 5.7 of the Mozilla Server Side TLS configuration guidelines. The cipher lists consist of the configuration's \"ciphersuites\" followed by the Go-specific \"ciphers\" from the guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.", Default: "", Type: []string{"string"}, Format: "", @@ -20982,19 +21019,19 @@ func schema_openshift_api_config_v1_TLSSecurityProfile(ref common.ReferenceCallb }, "old": { SchemaProps: spec.SchemaProps{ - Description: "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n - DHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - DHE-RSA-AES128-SHA256\n - DHE-RSA-AES256-SHA256\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", + Description: "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe curve list includes by default the following curves: X25519, secp256r1, secp384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", Ref: ref("github.com/openshift/api/config/v1.OldTLSProfile"), }, }, "intermediate": { SchemaProps: spec.SchemaProps{ - Description: "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384", + Description: "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe curve list includes by default the following curves: X25519, secp256r1, secp384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305", Ref: ref("github.com/openshift/api/config/v1.IntermediateTLSProfile"), }, }, "modern": { SchemaProps: spec.SchemaProps{ - Description: "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256", + Description: "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256", Ref: ref("github.com/openshift/api/config/v1.ModernTLSProfile"), }, }, @@ -21095,7 +21132,7 @@ func schema_openshift_api_config_v1_TestReporting(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -21116,7 +21153,7 @@ func schema_openshift_api_config_v1_TestReporting(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.TestReportingSpec", "github.com/openshift/api/config/v1.TestReportingStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1.TestReportingSpec", "github.com/openshift/api/config/v1.TestReportingStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -21168,14 +21205,20 @@ func schema_openshift_api_config_v1_TokenClaimMapping(ref common.ReferenceCallba Properties: map[string]spec.Schema{ "claim": { SchemaProps: spec.SchemaProps{ - Description: "claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping.", + Description: "claim is an optional field for specifying the JWT token claim that is used in the mapping. The value of this claim will be assigned to the field in which this mapping is associated. claim must not exceed 256 characters in length. When set to the empty string `\"\"`, this means that no named claim should be used for the group mapping. claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled.", Default: "", Type: []string{"string"}, Format: "", }, }, + "expression": { + SchemaProps: spec.SchemaProps{ + Description: "expression is an optional CEL expression used to derive group values from JWT claims.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length .\n\nWhen specified, claim must not be set or be explicitly set to the empty string (`\"\"`).", + Type: []string{"string"}, + Format: "", + }, + }, }, - Required: []string{"claim"}, }, }, } @@ -21354,14 +21397,14 @@ func schema_openshift_api_config_v1_TokenConfig(ref common.ReferenceCallback) co "accessTokenInactivityTimeout": { SchemaProps: spec.SchemaProps{ Description: "accessTokenInactivityTimeout defines the token inactivity timeout for tokens granted by any client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Takes valid time duration string such as \"5m\", \"1.5h\" or \"2h45m\". The minimum allowed value for duration is 300s (5 minutes). If the timeout is configured per client, then that value takes precedence. If the timeout value is not specified and the client does not override the value, then tokens are valid until their lifetime.\n\nWARNING: existing tokens' timeout will not be affected (lowered) by changing this value", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Ref: ref(metav1.Duration{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, + metav1.Duration{}.OpenAPIModelName()}, } } @@ -21540,6 +21583,14 @@ func schema_openshift_api_config_v1_Update(ref common.ReferenceCallback) common. }, }, }, + "mode": { + SchemaProps: spec.SchemaProps{ + Description: "mode determines how an update should be processed. The only valid value is \"Preflight\". When omitted, the cluster performs a normal update by applying the specified version or image to the cluster. This is the standard update behavior. When set to \"Preflight\", the cluster runs compatibility checks against the target release without performing an actual update. Compatibility results, including any detected risks, are reported in status.conditionalUpdates and status.conditionalUpdateRisks alongside risks from the update recommendation service. This allows administrators to assess update readiness and address issues before committing to the update. Preflight mode is particularly useful for skip-level updates where upgrade compatibility needs to be verified across multiple minor versions. When mode is set to \"Preflight\", the same rules for version, image, and architecture apply as for normal updates.\n\nPossible enum values:\n - `\"Preflight\"` allows an update to be checked for compatibility without committing to updating the cluster.", + Type: []string{"string"}, + Format: "", + Enum: []interface{}{"Preflight"}, + }, + }, }, }, }, @@ -21566,13 +21617,13 @@ func schema_openshift_api_config_v1_UpdateHistory(ref common.ReferenceCallback) "startedTime": { SchemaProps: spec.SchemaProps{ Description: "startedTime is the time at which the update was started.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "completionTime": { SchemaProps: spec.SchemaProps{ Description: "completionTime, if set, is when the update was fully applied. The update that is currently being applied will have a null completion time. Completion time will always be set for entries that are not the current update (usually to the started time of the next update).", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "version": { @@ -21611,7 +21662,7 @@ func schema_openshift_api_config_v1_UpdateHistory(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -21623,15 +21674,21 @@ func schema_openshift_api_config_v1_UsernameClaimMapping(ref common.ReferenceCal Properties: map[string]spec.Schema{ "claim": { SchemaProps: spec.SchemaProps{ - Description: "claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping.\n\nclaim must not be an empty string (\"\") and must not exceed 256 characters.", - Default: "", + Description: "claim is an optional field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. When the ExternalOIDCWithUpstreamParity feature gate is enabled, claim must not be set when expression is set.\n\nclaim must not be an empty string (\"\") and must not exceed 256 characters.", + Type: []string{"string"}, + Format: "", + }, + }, + "expression": { + SchemaProps: spec.SchemaProps{ + Description: "expression is an optional CEL expression used to derive the username from JWT claims.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length. expression must not be set when claim is set.", Type: []string{"string"}, Format: "", }, }, "prefixPolicy": { SchemaProps: spec.SchemaProps{ - Description: "prefixPolicy is an optional field that configures how a prefix should be applied to the value of the JWT claim specified in the 'claim' field.\n\nAllowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string).\n\nWhen set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim.\n\nThe prefix field must be set when prefixPolicy is 'Prefix'.\n\nWhen set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim.\n\nWhen omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'.\n\nAs an example, consider the following scenario:\n\n `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`,\n the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\",\n and `claim` is set to:\n - \"username\": the mapped value will be \"https://myoidc.tld#userA\"\n - \"email\": the mapped value will be \"userA@myoidc.tld\"", + Description: "prefixPolicy is an optional field that configures how a prefix should be applied to the value of the JWT claim specified in the 'claim' field.\n\nAllowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string).\n\nWhen set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim. The prefix field must be set when prefixPolicy is 'Prefix'. Must not be set to 'Prefix' when expression is set. When set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim. When omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'.\n\nAs an example, consider the following scenario:\n\n `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`,\n the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\",\n and `claim` is set to:\n - \"username\": the mapped value will be \"https://myoidc.tld#userA\"\n - \"email\": the mapped value will be \"userA@myoidc.tld\"", Default: "", Type: []string{"string"}, Format: "", @@ -21645,7 +21702,6 @@ func schema_openshift_api_config_v1_UsernameClaimMapping(ref common.ReferenceCal }, }, }, - Required: []string{"claim"}, }, VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ @@ -21653,8 +21709,9 @@ func schema_openshift_api_config_v1_UsernameClaimMapping(ref common.ReferenceCal map[string]interface{}{ "discriminator": "prefixPolicy", "fields-to-discriminateBy": map[string]interface{}{ - "claim": "Claim", - "prefix": "Prefix", + "claim": "Claim", + "expression": "Expression", + "prefix": "Prefix", }, }, }, @@ -22375,6 +22432,84 @@ func schema_openshift_api_config_v1_WebhookTokenAuthenticator(ref common.Referen } } +func schema_openshift_api_config_v1alpha1_AdditionalAlertmanagerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. The `AdditionalAlertmanagerConfig` resource defines settings for how a component communicates with additional Alertmanager instances.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is a unique identifier for this Alertmanager configuration entry. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. Minimum length is 1 character (empty string is invalid). Maximum length is 253 characters.", + Type: []string{"string"}, + Format: "", + }, + }, + "authorization": { + SchemaProps: spec.SchemaProps{ + Description: "authorization configures the authentication method for Alertmanager connections. Supports bearer token authentication. When omitted, no authentication is used.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.AuthorizationConfig"), + }, + }, + "pathPrefix": { + SchemaProps: spec.SchemaProps{ + Description: "pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. For example, if your Alertmanager is behind a reverse proxy at \"/alertmanager/\", set this to \"/alertmanager\" so requests go to \"/alertmanager/api/v1/alerts\" instead of \"/api/v1/alerts\". This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. When no prefix is needed, omit this field; do not set it to \"/\" as that would produce paths with double slashes (e.g. \"//api/v1/alerts\"). Must start with \"/\", must not end with \"/\", and must not be exactly \"/\". Must not contain query strings (\"?\") or fragments (\"#\").", + Type: []string{"string"}, + Format: "", + }, + }, + "scheme": { + SchemaProps: spec.SchemaProps{ + Description: "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `HTTP`.", + Type: []string{"string"}, + Format: "", + }, + }, + "staticConfigs": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "set", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "staticConfigs is a list of statically configured Alertmanager endpoints in the form of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address (in brackets) followed by a colon and a valid port number (1-65535). Examples: \"alertmanager.example.com:9093\", \"192.168.1.100:9093\", \"[::1]:9093\" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). Each entry must be unique and non-empty (empty string is invalid).", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "timeoutSeconds": { + SchemaProps: spec.SchemaProps{ + Description: "timeoutSeconds defines the timeout in seconds for requests to Alertmanager. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Currently the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "tlsConfig": { + SchemaProps: spec.SchemaProps{ + Description: "tlsConfig defines the TLS settings to use for Alertmanager connections. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.TLSConfig"), + }, + }, + }, + Required: []string{"name", "staticConfigs"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.AuthorizationConfig", "github.com/openshift/api/config/v1alpha1.TLSConfig"}, + } +} + func schema_openshift_api_config_v1alpha1_AlertmanagerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -22445,7 +22580,7 @@ func schema_openshift_api_config_v1alpha1_AlertmanagerCustomConfig(ref common.Re }, }, SchemaProps: spec.SchemaProps{ - Description: "resources defines the compute resource requests and limits for the Alertmanager container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", + Description: "resources defines the compute resource requests and limits for the Alertmanager container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -22490,7 +22625,7 @@ func schema_openshift_api_config_v1alpha1_AlertmanagerCustomConfig(ref common.Re Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.Toleration"), + Ref: ref(corev1.Toleration{}.OpenAPIModelName()), }, }, }, @@ -22513,7 +22648,7 @@ func schema_openshift_api_config_v1alpha1_AlertmanagerCustomConfig(ref common.Re Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.TopologySpreadConstraint"), + Ref: ref(corev1.TopologySpreadConstraint{}.OpenAPIModelName()), }, }, }, @@ -22521,15 +22656,15 @@ func schema_openshift_api_config_v1alpha1_AlertmanagerCustomConfig(ref common.Re }, "volumeClaimTemplate": { SchemaProps: spec.SchemaProps{ - Description: "volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class, volume size, and name. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. This field is optional.", - Ref: ref("k8s.io/api/core/v1.PersistentVolumeClaim"), + Description: "volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts.", + Ref: ref(corev1.PersistentVolumeClaim{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.ContainerResource", "k8s.io/api/core/v1.PersistentVolumeClaim", "k8s.io/api/core/v1.Toleration", "k8s.io/api/core/v1.TopologySpreadConstraint"}, + "github.com/openshift/api/config/v1alpha1.ContainerResource", corev1.PersistentVolumeClaim{}.OpenAPIModelName(), corev1.Toleration{}.OpenAPIModelName(), corev1.TopologySpreadConstraint{}.OpenAPIModelName()}, } } @@ -22554,6 +22689,48 @@ func schema_openshift_api_config_v1alpha1_Audit(ref common.ReferenceCallback) co } } +func schema_openshift_api_config_v1alpha1_AuthorizationConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "AuthorizationConfig defines the authentication method for Alertmanager connections.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { + SchemaProps: spec.SchemaProps{ + Description: "type specifies the authentication type to use. Valid value is \"BearerToken\" (bearer token authentication). When set to BearerToken, the bearerToken field must be specified.", + Type: []string{"string"}, + Format: "", + }, + }, + "bearerToken": { + SchemaProps: spec.SchemaProps{ + Description: "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", and forbidden otherwise. The secret must exist in the openshift-monitoring namespace.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + }, + Required: []string{"type"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "type", + "fields-to-discriminateBy": map[string]interface{}{ + "bearerToken": "BearerToken", + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.SecretKeySelector"}, + } +} + func schema_openshift_api_config_v1alpha1_Backup(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -22579,7 +22756,7 @@ func schema_openshift_api_config_v1alpha1_Backup(ref common.ReferenceCallback) c SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -22601,7 +22778,7 @@ func schema_openshift_api_config_v1alpha1_Backup(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.BackupSpec", "github.com/openshift/api/config/v1alpha1.BackupStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1alpha1.BackupSpec", "github.com/openshift/api/config/v1alpha1.BackupStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -22630,7 +22807,7 @@ func schema_openshift_api_config_v1alpha1_BackupList(ref common.ReferenceCallbac SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -22651,7 +22828,7 @@ func schema_openshift_api_config_v1alpha1_BackupList(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.Backup", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1alpha1.Backup", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -22687,181 +22864,41 @@ func schema_openshift_api_config_v1alpha1_BackupStatus(ref common.ReferenceCallb } } -func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_BasicAuth(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is \"cluster\". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "BasicAuth defines basic authentication settings for the remote write endpoint URL.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), - }, - }, - "spec": { - SchemaProps: spec.SchemaProps{ - Description: "spec defines the desired configuration of the CRI-O Credential Provider. This field is required and must be provided when creating the resource.", - Ref: ref("github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigSpec"), - }, - }, - "status": { + "username": { SchemaProps: spec.SchemaProps{ - Description: "status represents the current state of the CRIOCredentialProviderConfig. When omitted or nil, it indicates that the status has not yet been set by the controller. The controller will populate this field with validation conditions and operational state.", + Description: "username defines the secret reference containing the username for basic authentication. The secret must exist in the openshift-monitoring namespace.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigStatus"), - }, - }, - }, - Required: []string{"spec"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigSpec", "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, - } -} - -func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigList(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "CRIOCredentialProviderConfigList contains a list of CRIOCredentialProviderConfig resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), }, }, - "metadata": { + "password": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Description: "password defines the secret reference containing the password for basic authentication. The secret must exist in the openshift-monitoring namespace.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), - }, - }, - "items": { - SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfig"), - }, - }, - }, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), }, }, }, - Required: []string{"metadata", "items"}, + Required: []string{"username", "password"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfig", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1alpha1.SecretKeySelector"}, } } -func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "matchImages": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "set", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "matchImages is a list of string patterns used to determine whether the CRI-O credential provider should be invoked for a given image. This list is passed to the kubelet CredentialProviderConfig, and if any pattern matches the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling that image or its mirrors. Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider. Conflicts between the existing platform specific provider image match configuration and this list will be handled by the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those from the CRIOCredentialProviderConfig when both match the same image. To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml). You can check the resource's Status conditions to see if any entries were ignored due to exact matches with known built-in provider patterns.\n\nThis field is optional, the items of the list must contain between 1 and 50 entries. The list is treated as a set, so duplicate entries are not allowed.\n\nFor more details, see: https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/ https://github.com/cri-o/crio-credential-provider#architecture\n\nEach entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters. Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io', and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net'). A global wildcard '*' (matching any domain) is not allowed. Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path. For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not. Each wildcard matches only a single domain label, so '*.io' does **not** match '*.k8s.io'.\n\nA match exists between an image and a matchImage when all of the below are true: Both contain the same number of domain parts and each part matches. The URL path of an matchImages must be a prefix of the target image URL path. If the matchImages contains a port, then the port must match in the image as well.\n\nExample values of matchImages: - 123456789.dkr.ecr.us-east-1.amazonaws.com - *.azurecr.io - gcr.io - *.*.registry.io - registry.io:8080/path", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - }, - }, - }, - } -} - -func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", - }, - "x-kubernetes-list-type": "map", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "conditions represent the latest available observations of the configuration state. When omitted, it indicates that no conditions have been reported yet. The maximum number of conditions is 16. Conditions are stored as a map keyed by condition type, ensuring uniqueness.\n\nExpected condition types include: \"Validated\": indicates whether the matchImages configuration is valid", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), - }, - }, - }, - }, - }, - }, - }, - }, - Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, - } -} - -func schema_openshift_api_config_v1alpha1_ClusterImagePolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ClusterImagePolicy holds cluster-wide configuration for image signature verification\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is \"cluster\". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -22882,21 +22919,20 @@ func schema_openshift_api_config_v1alpha1_ClusterImagePolicy(ref common.Referenc SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { SchemaProps: spec.SchemaProps{ - Description: "spec contains the configuration for the cluster image policy.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.ClusterImagePolicySpec"), + Description: "spec defines the desired configuration of the CRI-O Credential Provider. This field is required and must be provided when creating the resource.", + Ref: ref("github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ - Description: "status contains the observed state of the resource.", + Description: "status represents the current state of the CRIOCredentialProviderConfig. When omitted or nil, it indicates that the status has not yet been set by the controller. The controller will populate this field with validation conditions and operational state.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.ClusterImagePolicyStatus"), + Ref: ref("github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigStatus"), }, }, }, @@ -22904,15 +22940,15 @@ func schema_openshift_api_config_v1alpha1_ClusterImagePolicy(ref common.Referenc }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.ClusterImagePolicySpec", "github.com/openshift/api/config/v1alpha1.ClusterImagePolicyStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigSpec", "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfigStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_config_v1alpha1_ClusterImagePolicyList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ClusterImagePolicyList is a list of ClusterImagePolicy resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "CRIOCredentialProviderConfigList contains a list of CRIOCredentialProviderConfig resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -22933,7 +22969,7 @@ func schema_openshift_api_config_v1alpha1_ClusterImagePolicyList(ref common.Refe SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -22943,7 +22979,7 @@ func schema_openshift_api_config_v1alpha1_ClusterImagePolicyList(ref common.Refe Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.ClusterImagePolicy"), + Ref: ref("github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfig"), }, }, }, @@ -22954,25 +22990,25 @@ func schema_openshift_api_config_v1alpha1_ClusterImagePolicyList(ref common.Refe }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.ClusterImagePolicy", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1alpha1.CRIOCredentialProviderConfig", metav1.ListMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_config_v1alpha1_ClusterImagePolicySpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "CLusterImagePolicySpec is the specification of the ClusterImagePolicy custom resource.", + Description: "CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "scopes": { + "matchImages": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ "x-kubernetes-list-type": "set", }, }, SchemaProps: spec.SchemaProps{ - Description: "scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", + Description: "matchImages is a list of string patterns used to determine whether the CRI-O credential provider should be invoked for a given image. This list is passed to the kubelet CredentialProviderConfig, and if any pattern matches the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling that image or its mirrors. Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider. Conflicts between the existing platform specific provider image match configuration and this list will be handled by the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those from the CRIOCredentialProviderConfig when both match the same image. To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml). You can check the resource's Status conditions to see if any entries were ignored due to exact matches with known built-in provider patterns.\n\nThis field is optional, the items of the list must contain between 1 and 50 entries. The list is treated as a set, so duplicate entries are not allowed.\n\nFor more details, see: https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/ https://github.com/cri-o/crio-credential-provider#architecture\n\nEach entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters. Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io', and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net'). A global wildcard '*' (matching any domain) is not allowed. Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path. For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not. Each wildcard matches only a single domain label, so '*.io' does **not** match '*.k8s.io'.\n\nA match exists between an image and a matchImage when all of the below are true: Both contain the same number of domain parts and each part matches. The URL path of an matchImages must be a prefix of the target image URL path. If the matchImages contains a port, then the port must match in the image as well.\n\nExample values of matchImages: - 123456789.dkr.ecr.us-east-1.amazonaws.com - *.azurecr.io - gcr.io - *.*.registry.io - registry.io:8080/path", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -22985,27 +23021,18 @@ func schema_openshift_api_config_v1alpha1_ClusterImagePolicySpec(ref common.Refe }, }, }, - "policy": { - SchemaProps: spec.SchemaProps{ - Description: "policy contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.ImageSigstoreVerificationPolicy"), - }, - }, }, - Required: []string{"scopes", "policy"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.ImageSigstoreVerificationPolicy"}, } } -func schema_openshift_api_config_v1alpha1_ClusterImagePolicyStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_CRIOCredentialProviderConfigStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig", + Type: []string{"object"}, Properties: map[string]spec.Schema{ "conditions": { VendorExtensible: spec.VendorExtensible{ @@ -23017,13 +23044,13 @@ func schema_openshift_api_config_v1alpha1_ClusterImagePolicyStatus(ref common.Re }, }, SchemaProps: spec.SchemaProps{ - Description: "conditions provide details on the status of this API Resource.", + Description: "conditions represent the latest available observations of the configuration state. When omitted, it indicates that no conditions have been reported yet. The maximum number of conditions is 16. Conditions are stored as a map keyed by condition type, ensuring uniqueness.\n\nExpected condition types include: \"Validated\": indicates whether the matchImages configuration is valid", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -23033,7 +23060,29 @@ func schema_openshift_api_config_v1alpha1_ClusterImagePolicyStatus(ref common.Re }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + metav1.Condition{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_config_v1alpha1_CertificateConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "CertificateConfig specifies configuration parameters for certificates. At least one property must be specified.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "key": { + SchemaProps: spec.SchemaProps{ + Description: "key specifies the cryptographic parameters for the certificate's key pair. Currently this is the only configurable parameter. When omitted in an overrides entry, the key configuration from defaults is used.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.KeyConfig"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.KeyConfig"}, } } @@ -23062,7 +23111,7 @@ func schema_openshift_api_config_v1alpha1_ClusterMonitoring(ref common.Reference SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object metadata.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -23084,7 +23133,7 @@ func schema_openshift_api_config_v1alpha1_ClusterMonitoring(ref common.Reference }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.ClusterMonitoringSpec", "github.com/openshift/api/config/v1alpha1.ClusterMonitoringStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1alpha1.ClusterMonitoringSpec", "github.com/openshift/api/config/v1alpha1.ClusterMonitoringStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -23113,7 +23162,7 @@ func schema_openshift_api_config_v1alpha1_ClusterMonitoringList(ref common.Refer SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list metadata.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -23134,7 +23183,7 @@ func schema_openshift_api_config_v1alpha1_ClusterMonitoringList(ref common.Refer }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.ClusterMonitoring", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1alpha1.ClusterMonitoring", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -23159,6 +23208,13 @@ func schema_openshift_api_config_v1alpha1_ClusterMonitoringSpec(ref common.Refer Ref: ref("github.com/openshift/api/config/v1alpha1.AlertmanagerConfig"), }, }, + "prometheusConfig": { + SchemaProps: spec.SchemaProps{ + Description: "prometheusConfig provides configuration options for the default platform Prometheus instance that runs in the `openshift-monitoring` namespace. This configuration applies only to the platform Prometheus instance; user-workload Prometheus instances are configured separately.\n\nThis field allows you to customize how the platform Prometheus is deployed and operated, including:\n - Pod scheduling (node selectors, tolerations, topology spread constraints)\n - Resource allocation (CPU, memory requests/limits)\n - Retention policies (how long metrics are stored)\n - External integrations (remote write, additional alertmanagers)\n\nThis field is optional. When omitted, the platform chooses reasonable defaults, which may change over time.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.PrometheusConfig"), + }, + }, "metricsServerConfig": { SchemaProps: spec.SchemaProps{ Description: "metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", @@ -23173,11 +23229,32 @@ func schema_openshift_api_config_v1alpha1_ClusterMonitoringSpec(ref common.Refer Ref: ref("github.com/openshift/api/config/v1alpha1.PrometheusOperatorConfig"), }, }, + "prometheusOperatorAdmissionWebhookConfig": { + SchemaProps: spec.SchemaProps{ + Description: "prometheusOperatorAdmissionWebhookConfig is an optional field that can be used to configure the admission webhook component of Prometheus Operator that runs in the openshift-monitoring namespace. The admission webhook validates PrometheusRule and AlertmanagerConfig objects to ensure they are semantically valid, mutates PrometheusRule annotations, and converts AlertmanagerConfig objects between API versions. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.PrometheusOperatorAdmissionWebhookConfig"), + }, + }, + "openShiftStateMetricsConfig": { + SchemaProps: spec.SchemaProps{ + Description: "openShiftStateMetricsConfig is an optional field that can be used to configure the openshift-state-metrics agent that runs in the openshift-monitoring namespace. The openshift-state-metrics agent generates metrics about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.OpenShiftStateMetricsConfig"), + }, + }, + "telemeterClientConfig": { + SchemaProps: spec.SchemaProps{ + Description: "telemeterClientConfig is an optional field that can be used to configure the Telemeter Client component that runs in the openshift-monitoring namespace. The Telemeter Client collects selected monitoring metrics and forwards them to Red Hat for telemetry purposes. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. When set, at least one field must be specified within telemeterClientConfig.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.TelemeterClientConfig"), + }, + }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.AlertmanagerConfig", "github.com/openshift/api/config/v1alpha1.MetricsServerConfig", "github.com/openshift/api/config/v1alpha1.PrometheusOperatorConfig", "github.com/openshift/api/config/v1alpha1.UserDefinedMonitoring"}, + "github.com/openshift/api/config/v1alpha1.AlertmanagerConfig", "github.com/openshift/api/config/v1alpha1.MetricsServerConfig", "github.com/openshift/api/config/v1alpha1.OpenShiftStateMetricsConfig", "github.com/openshift/api/config/v1alpha1.PrometheusConfig", "github.com/openshift/api/config/v1alpha1.PrometheusOperatorAdmissionWebhookConfig", "github.com/openshift/api/config/v1alpha1.PrometheusOperatorConfig", "github.com/openshift/api/config/v1alpha1.TelemeterClientConfig", "github.com/openshift/api/config/v1alpha1.UserDefinedMonitoring"}, } } @@ -23209,13 +23286,13 @@ func schema_openshift_api_config_v1alpha1_ContainerResource(ref common.Reference "request": { SchemaProps: spec.SchemaProps{ Description: "request is the minimum amount of the resource required (e.g. \"2Mi\", \"1Gi\"). This field is optional. When limit is specified, request cannot be greater than limit.", - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, "limit": { SchemaProps: spec.SchemaProps{ Description: "limit is the maximum amount of the resource allowed (e.g. \"2Mi\", \"1Gi\"). This field is optional. When request is specified, limit cannot be less than request. The value must be greater than 0 when specified.", - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, }, @@ -23223,317 +23300,187 @@ func schema_openshift_api_config_v1alpha1_ContainerResource(ref common.Reference }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/api/resource.Quantity"}, + resource.Quantity{}.OpenAPIModelName()}, } } -func schema_openshift_api_config_v1alpha1_EtcdBackupSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_CustomPKIPolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "EtcdBackupSpec provides configuration for automated etcd backups to the cluster-etcd-operator", + Description: "CustomPKIPolicy contains administrator-specified cryptographic configuration. Administrators must specify defaults for all certificates and may optionally override specific categories of certificates.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "schedule": { + "defaults": { SchemaProps: spec.SchemaProps{ - Description: "schedule defines the recurring backup schedule in Cron format every 2 hours: 0 */2 * * * every day at 3am: 0 3 * * * Empty string means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. The current default is \"no backups\", but will change in the future.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "defaults specifies the default certificate configuration that applies to all certificates unless overridden by a category override.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.DefaultCertificateConfig"), }, }, - "timeZone": { + "signerCertificates": { SchemaProps: spec.SchemaProps{ - Description: "The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. If not specified, this will default to the time zone of the kube-controller-manager process. See https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "signerCertificates optionally overrides certificate parameters for certificate authority (CA) certificates that sign other certificates. When set, these parameters take precedence over defaults for all signer certificates. When omitted, the defaults are used for signer certificates.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.CertificateConfig"), }, }, - "retentionPolicy": { + "servingCertificates": { SchemaProps: spec.SchemaProps{ - Description: "retentionPolicy defines the retention policy for retaining and deleting existing backups.", + Description: "servingCertificates optionally overrides certificate parameters for TLS server certificates used to serve HTTPS endpoints. When set, these parameters take precedence over defaults for all serving certificates. When omitted, the defaults are used for serving certificates.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.RetentionPolicy"), + Ref: ref("github.com/openshift/api/config/v1alpha1.CertificateConfig"), }, }, - "pvcName": { + "clientCertificates": { SchemaProps: spec.SchemaProps{ - Description: "pvcName specifies the name of the PersistentVolumeClaim (PVC) which binds a PersistentVolume where the etcd backup files would be saved The PVC itself must always be created in the \"openshift-etcd\" namespace If the PVC is left unspecified \"\" then the platform will choose a reasonable default location to save the backup. In the future this would be backups saved across the control-plane master nodes.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "clientCertificates optionally overrides certificate parameters for client authentication certificates used to authenticate to servers. When set, these parameters take precedence over defaults for all client certificates. When omitted, the defaults are used for client certificates.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.CertificateConfig"), }, }, }, + Required: []string{"defaults"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.RetentionPolicy"}, + "github.com/openshift/api/config/v1alpha1.CertificateConfig", "github.com/openshift/api/config/v1alpha1.DefaultCertificateConfig"}, } } -func schema_openshift_api_config_v1alpha1_GatherConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_DefaultCertificateConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "gatherConfig provides data gathering configuration options.", + Description: "DefaultCertificateConfig specifies the default certificate configuration parameters. All fields are required to ensure that defaults are fully specified for all certificates.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "dataPolicy": { - SchemaProps: spec.SchemaProps{ - Description: "dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. Valid values are \"None\" and \"ObfuscateNetworking\". When set to None the data is not obfuscated. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", - Type: []string{"string"}, - Format: "", - }, - }, - "disabledGatherers": { - SchemaProps: spec.SchemaProps{ - Description: "disabledGatherers is a list of gatherers to be excluded from the gathering. All the gatherers can be disabled by providing \"all\" value. If all the gatherers are disabled, the Insights operator does not gather any data. The format for the disabledGatherer should be: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\" An example of disabling gatherers looks like this: `disabledGatherers: [\"clusterconfig/machine_configs\", \"workloads/workload_info\"]`", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "storage": { + "key": { SchemaProps: spec.SchemaProps{ - Description: "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", - Ref: ref("github.com/openshift/api/config/v1alpha1.Storage"), + Description: "key specifies the cryptographic parameters for the certificate's key pair. This field is required in defaults to ensure all certificates have a well-defined key configuration.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.KeyConfig"), }, }, }, + Required: []string{"key"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.Storage"}, + "github.com/openshift/api/config/v1alpha1.KeyConfig"}, } } -func schema_openshift_api_config_v1alpha1_ImagePolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_DropEqualActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ImagePolicy holds namespace-wide configuration for image signature verification\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "DropEqualActionConfig configures the DropEqual action. Drops targets for which the concatenated source_labels do match the value of target_label. Requires Prometheus >= v2.41.0.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { + "targetLabel": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. Must be between 1 and 128 characters in length.", Type: []string{"string"}, Format: "", }, }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), - }, - }, - "spec": { - SchemaProps: spec.SchemaProps{ - Description: "spec holds user settable values for configuration", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.ImagePolicySpec"), - }, - }, - "status": { - SchemaProps: spec.SchemaProps{ - Description: "status contains the observed state of the resource.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.ImagePolicyStatus"), - }, - }, }, - Required: []string{"spec"}, + Required: []string{"targetLabel"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.ImagePolicySpec", "github.com/openshift/api/config/v1alpha1.ImagePolicyStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_config_v1alpha1_ImagePolicyFulcioCAWithRekorRootOfTrust(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_ECDSAKeyConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key.", + Description: "ECDSAKeyConfig specifies parameters for ECDSA key generation.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "fulcioCAData": { + "curve": { SchemaProps: spec.SchemaProps{ - Description: "fulcioCAData contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters.", + Description: "curve specifies the NIST elliptic curve for ECDSA keys. Valid values are \"P256\", \"P384\", and \"P521\".\n\nWhen set to P256, the NIST P-256 curve (also known as secp256r1) is used, providing 128-bit security.\n\nWhen set to P384, the NIST P-384 curve (also known as secp384r1) is used, providing 192-bit security.\n\nWhen set to P521, the NIST P-521 curve (also known as secp521r1) is used, providing 256-bit security.", Type: []string{"string"}, - Format: "byte", - }, - }, - "rekorKeyData": { - SchemaProps: spec.SchemaProps{ - Description: "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", - Type: []string{"string"}, - Format: "byte", - }, - }, - "fulcioSubject": { - SchemaProps: spec.SchemaProps{ - Description: "fulcioSubject specifies OIDC issuer and the email of the Fulcio authentication configuration.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.PolicyFulcioSubject"), + Format: "", }, }, }, - Required: []string{"fulcioCAData", "rekorKeyData", "fulcioSubject"}, + Required: []string{"curve"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.PolicyFulcioSubject"}, } } -func schema_openshift_api_config_v1alpha1_ImagePolicyList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_EtcdBackupSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ImagePolicyList is a list of ImagePolicy resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "EtcdBackupSpec provides configuration for automated etcd backups to the cluster-etcd-operator", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "schedule": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "schedule defines the recurring backup schedule in Cron format every 2 hours: 0 */2 * * * every day at 3am: 0 3 * * * Empty string means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. The current default is \"no backups\", but will change in the future.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "timeZone": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. If not specified, this will default to the time zone of the kube-controller-manager process. See https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones", + Default: "", Type: []string{"string"}, Format: "", }, }, - "metadata": { + "retentionPolicy": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Description: "retentionPolicy defines the retention policy for retaining and deleting existing backups.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), - }, - }, - "items": { - SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.ImagePolicy"), - }, - }, - }, - }, - }, - }, - Required: []string{"metadata", "items"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.ImagePolicy", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, - } -} - -func schema_openshift_api_config_v1alpha1_ImagePolicyPKIRootOfTrust(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "caRootsData": { - SchemaProps: spec.SchemaProps{ - Description: "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters.", - Type: []string{"string"}, - Format: "byte", + Ref: ref("github.com/openshift/api/config/v1alpha1.RetentionPolicy"), }, }, - "caIntermediatesData": { + "pvcName": { SchemaProps: spec.SchemaProps{ - Description: "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set.", + Description: "pvcName specifies the name of the PersistentVolumeClaim (PVC) which binds a PersistentVolume where the etcd backup files would be saved The PVC itself must always be created in the \"openshift-etcd\" namespace If the PVC is left unspecified \"\" then the platform will choose a reasonable default location to save the backup. In the future this would be backups saved across the control-plane master nodes.", + Default: "", Type: []string{"string"}, - Format: "byte", - }, - }, - "pkiCertificateSubject": { - SchemaProps: spec.SchemaProps{ - Description: "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.PKICertificateSubject"), + Format: "", }, }, }, - Required: []string{"caRootsData", "pkiCertificateSubject"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.PKICertificateSubject"}, + "github.com/openshift/api/config/v1alpha1.RetentionPolicy"}, } } -func schema_openshift_api_config_v1alpha1_ImagePolicyPublicKeyRootOfTrust(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_GatherConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key.", + Description: "gatherConfig provides data gathering configuration options.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "keyData": { - SchemaProps: spec.SchemaProps{ - Description: "keyData contains inline base64-encoded data for the PEM format public key. KeyData must be at most 8192 characters.", - Type: []string{"string"}, - Format: "byte", - }, - }, - "rekorKeyData": { + "dataPolicy": { SchemaProps: spec.SchemaProps{ - Description: "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", + Description: "dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. Valid values are \"None\" and \"ObfuscateNetworking\". When set to None the data is not obfuscated. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", Type: []string{"string"}, - Format: "byte", + Format: "", }, }, - }, - Required: []string{"keyData"}, - }, - }, - } -} - -func schema_openshift_api_config_v1alpha1_ImagePolicySpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ImagePolicySpec is the specification of the ImagePolicy CRD.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "scopes": { + "disabledGatherers": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ - "x-kubernetes-list-type": "set", + "x-kubernetes-list-type": "atomic", }, }, SchemaProps: spec.SchemaProps{ - Description: "scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", + Description: "disabledGatherers is a list of gatherers to be excluded from the gathering. All the gatherers can be disabled by providing \"all\" value. If all the gatherers are disabled, the Insights operator does not gather any data. The format for the disabledGatherer should be: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\" An example of disabling gatherers looks like this: `disabledGatherers: [\"clusterconfig/machine_configs\", \"workloads/workload_info\"]`", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -23546,85 +23493,45 @@ func schema_openshift_api_config_v1alpha1_ImagePolicySpec(ref common.ReferenceCa }, }, }, - "policy": { - SchemaProps: spec.SchemaProps{ - Description: "policy contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.ImageSigstoreVerificationPolicy"), - }, - }, - }, - Required: []string{"scopes", "policy"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.ImageSigstoreVerificationPolicy"}, - } -} - -func schema_openshift_api_config_v1alpha1_ImagePolicyStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", - }, - "x-kubernetes-list-type": "map", - }, - }, + "storage": { SchemaProps: spec.SchemaProps{ - Description: "conditions provide details on the status of this API Resource.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), - }, - }, - }, + Description: "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", + Ref: ref("github.com/openshift/api/config/v1alpha1.Storage"), }, }, }, }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + "github.com/openshift/api/config/v1alpha1.Storage"}, } } -func schema_openshift_api_config_v1alpha1_ImageSigstoreVerificationPolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_HashModActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list.", + Description: "HashModActionConfig configures the HashMod action. target_label is set to the modulus of a hash of the concatenated source_labels (target = hash % modulus).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "rootOfTrust": { + "targetLabel": { SchemaProps: spec.SchemaProps{ - Description: "rootOfTrust specifies the root of trust for the policy.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.PolicyRootOfTrust"), + Description: "targetLabel is the label name where the hash modulus result is written. Must be between 1 and 128 characters in length.", + Type: []string{"string"}, + Format: "", }, }, - "signedIdentity": { + "modulus": { SchemaProps: spec.SchemaProps{ - Description: "signedIdentity specifies what image identity the signature claims about the image. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.PolicyIdentity"), + Description: "modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). Required when using the HashMod action so the intended behavior is explicit. Must be between 1 and 1000000.", + Type: []string{"integer"}, + Format: "int64", }, }, }, - Required: []string{"rootOfTrust"}, + Required: []string{"targetLabel", "modulus"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.PolicyIdentity", "github.com/openshift/api/config/v1alpha1.PolicyRootOfTrust"}, } } @@ -23653,7 +23560,7 @@ func schema_openshift_api_config_v1alpha1_InsightsDataGather(ref common.Referenc SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -23675,7 +23582,7 @@ func schema_openshift_api_config_v1alpha1_InsightsDataGather(ref common.Referenc }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.InsightsDataGatherSpec", "github.com/openshift/api/config/v1alpha1.InsightsDataGatherStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1alpha1.InsightsDataGatherSpec", "github.com/openshift/api/config/v1alpha1.InsightsDataGatherStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -23704,7 +23611,7 @@ func schema_openshift_api_config_v1alpha1_InsightsDataGatherList(ref common.Refe SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -23725,7 +23632,7 @@ func schema_openshift_api_config_v1alpha1_InsightsDataGatherList(ref common.Refe }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.InsightsDataGather", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1alpha1.InsightsDataGather", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -23760,396 +23667,423 @@ func schema_openshift_api_config_v1alpha1_InsightsDataGatherStatus(ref common.Re } } -func schema_openshift_api_config_v1alpha1_MetricsServerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_KeepEqualActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MetricsServerConfig provides configuration options for the Metrics Server instance that runs in the `openshift-monitoring` namespace. Use this configuration to control how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled.", + Description: "KeepEqualActionConfig configures the KeepEqual action. Drops targets for which the concatenated source_labels do not match the value of target_label. Requires Prometheus >= v2.41.0.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "audit": { - SchemaProps: spec.SchemaProps{ - Description: "audit defines the audit configuration used by the Metrics Server instance. audit is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default sets audit.profile to Metadata", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.Audit"), - }, - }, - "nodeSelector": { - SchemaProps: spec.SchemaProps{ - Description: "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "tolerations": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.Toleration"), - }, - }, - }, - }, - }, - "verbosity": { + "targetLabel": { SchemaProps: spec.SchemaProps{ - Description: "verbosity defines the verbosity of log messages for Metrics Server. Valid values are Errors, Info, Trace, TraceAll and omitted. When set to Errors, only critical messages and errors are logged. When set to Info, only basic information messages are logged. When set to Trace, information useful for general debugging is logged. When set to TraceAll, detailed information about metric scraping is logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Errors`", + Description: "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. Must be between 1 and 128 characters in length.", Type: []string{"string"}, Format: "", }, }, - "resources": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "resources defines the compute resource requests and limits for the Metrics Server container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.ContainerResource"), - }, - }, - }, - }, - }, - "topologySpreadConstraints": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "topologyKey", - "whenUnsatisfiable", - }, - "x-kubernetes-list-type": "map", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.TopologySpreadConstraint"), - }, - }, - }, - }, - }, }, + Required: []string{"targetLabel"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.Audit", "github.com/openshift/api/config/v1alpha1.ContainerResource", "k8s.io/api/core/v1.Toleration", "k8s.io/api/core/v1.TopologySpreadConstraint"}, } } -func schema_openshift_api_config_v1alpha1_PKICertificateSubject(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_KeyConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PKICertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", + Description: "KeyConfig specifies cryptographic parameters for key generation.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "email": { + "algorithm": { SchemaProps: spec.SchemaProps{ - Description: "email specifies the expected email address imposed on the subject to which the certificate was issued, and must match the email address listed in the Subject Alternative Name (SAN) field of the certificate. The email should be a valid email address and at most 320 characters in length.", + Description: "algorithm specifies the key generation algorithm. Valid values are \"RSA\" and \"ECDSA\".\n\nWhen set to RSA, the rsa field must be specified and the generated key will be an RSA key with the configured key size.\n\nWhen set to ECDSA, the ecdsa field must be specified and the generated key will be an ECDSA key using the configured elliptic curve.", Type: []string{"string"}, Format: "", }, }, - "hostname": { + "rsa": { SchemaProps: spec.SchemaProps{ - Description: "hostname specifies the expected hostname imposed on the subject to which the certificate was issued, and it must match the hostname listed in the Subject Alternative Name (SAN) DNS field of the certificate. The hostname should be a valid dns 1123 subdomain name, optionally prefixed by '*.', and at most 253 characters in length. It should consist only of lowercase alphanumeric characters, hyphens, periods and the optional preceding asterisk.", - Type: []string{"string"}, - Format: "", + Description: "rsa specifies RSA key parameters. Required when algorithm is RSA, and forbidden otherwise.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.RSAKeyConfig"), + }, + }, + "ecdsa": { + SchemaProps: spec.SchemaProps{ + Description: "ecdsa specifies ECDSA key parameters. Required when algorithm is ECDSA, and forbidden otherwise.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.ECDSAKeyConfig"), + }, + }, + }, + Required: []string{"algorithm"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "algorithm", + "fields-to-discriminateBy": map[string]interface{}{ + "ecdsa": "ECDSA", + "rsa": "RSA", + }, }, }, }, }, }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.ECDSAKeyConfig", "github.com/openshift/api/config/v1alpha1.RSAKeyConfig"}, } } -func schema_openshift_api_config_v1alpha1_PersistentVolumeClaimReference(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_Label(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", + Description: "Label represents a key/value pair for external labels.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "key": { SchemaProps: spec.SchemaProps{ - Description: "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", - Default: "", + Description: "key is the name of the label. Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. Must be between 1 and 128 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "value": { + SchemaProps: spec.SchemaProps{ + Description: "value is the value of the label. Must be between 1 and 128 characters in length.", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"name"}, + Required: []string{"key", "value"}, }, }, } } -func schema_openshift_api_config_v1alpha1_PersistentVolumeConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_LabelMapActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "persistentVolumeConfig provides configuration options for PersistentVolume storage.", + Description: "LabelMapActionConfig configures the LabelMap action. Regex is matched against all source label names (not just source_labels). Matching label values are copied to new label names given by replacement, with match group references (${1}, ${2}, ...) substituted.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "claim": { - SchemaProps: spec.SchemaProps{ - Description: "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1alpha1.PersistentVolumeClaimReference"), - }, - }, - "mountPath": { + "replacement": { SchemaProps: spec.SchemaProps{ - Description: "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", + Description: "replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. Required when using the LabelMap action so the intended behavior is explicit and the platform does not need to apply defaults. Use \"$1\" for the first capture group, \"$2\" for the second, etc. Must be between 1 and 255 characters in length. Empty string is invalid as it would produce invalid label names.", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"claim"}, + Required: []string{"replacement"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.PersistentVolumeClaimReference"}, } } -func schema_openshift_api_config_v1alpha1_PolicyFulcioSubject(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_LowercaseActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PolicyFulcioSubject defines the OIDC issuer and the email of the Fulcio authentication configuration.", + Description: "LowercaseActionConfig configures the Lowercase action. Maps the concatenated source_labels to their lower case and writes to target_label. Requires Prometheus >= v2.36.0.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "oidcIssuer": { - SchemaProps: spec.SchemaProps{ - Description: "oidcIssuer contains the expected OIDC issuer. It will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL. When Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token. Example: \"https://expected.OIDC.issuer/\"", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "signedEmail": { + "targetLabel": { SchemaProps: spec.SchemaProps{ - Description: "signedEmail holds the email address the the Fulcio certificate is issued for. Example: \"expected-signing-user@example.com\"", - Default: "", + Description: "targetLabel is the label name where the lower-cased value is written. Must be between 1 and 128 characters in length.", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"oidcIssuer", "signedEmail"}, + Required: []string{"targetLabel"}, }, }, } } -func schema_openshift_api_config_v1alpha1_PolicyIdentity(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_MetadataConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PolicyIdentity defines image identity the signature claims about the image. When omitted, the default matchPolicy is \"MatchRepoDigestOrExact\".", + Description: "MetadataConfig defines whether and how to send series metadata to remote write storage.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "matchPolicy": { + "sendPolicy": { SchemaProps: spec.SchemaProps{ - Description: "matchPolicy sets the type of matching to be used. Valid values are \"MatchRepoDigestOrExact\", \"MatchRepository\", \"ExactRepository\", \"RemapIdentity\". When omitted, the default value is \"MatchRepoDigestOrExact\". If set matchPolicy to ExactRepository, then the exactRepository must be specified. If set matchPolicy to RemapIdentity, then the remapIdentity must be specified. \"MatchRepoDigestOrExact\" means that the identity in the signature must be in the same repository as the image identity if the image identity is referenced by a digest. Otherwise, the identity in the signature must be the same as the image identity. \"MatchRepository\" means that the identity in the signature must be in the same repository as the image identity. \"ExactRepository\" means that the identity in the signature must be in the same repository as a specific identity specified by \"repository\". \"RemapIdentity\" means that the signature must be in the same as the remapped image identity. Remapped image identity is obtained by replacing the \"prefix\" with the specified “signedPrefix” if the the image identity matches the specified remapPrefix.", - Default: "", + Description: "sendPolicy specifies whether to send metadata and how it is configured. Default: send metadata using platform-chosen defaults (e.g. send interval 30 seconds). Custom: send metadata using the settings in the custom field.", Type: []string{"string"}, Format: "", }, }, - "exactRepository": { - SchemaProps: spec.SchemaProps{ - Description: "exactRepository is required if matchPolicy is set to \"ExactRepository\".", - Ref: ref("github.com/openshift/api/config/v1alpha1.PolicyMatchExactRepository"), - }, - }, - "remapIdentity": { + "custom": { SchemaProps: spec.SchemaProps{ - Description: "remapIdentity is required if matchPolicy is set to \"RemapIdentity\".", - Ref: ref("github.com/openshift/api/config/v1alpha1.PolicyMatchRemapIdentity"), - }, - }, - }, - Required: []string{"matchPolicy"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "matchPolicy", - "fields-to-discriminateBy": map[string]interface{}{ - "exactRepository": "PolicyMatchExactRepository", - "remapIdentity": "PolicyMatchRemapIdentity", - }, + Description: "custom defines custom metadata send settings. Required when sendPolicy is Custom (must have at least one property), and forbidden when sendPolicy is Default.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.MetadataConfigCustom"), }, }, }, + Required: []string{"sendPolicy"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.PolicyMatchExactRepository", "github.com/openshift/api/config/v1alpha1.PolicyMatchRemapIdentity"}, + "github.com/openshift/api/config/v1alpha1.MetadataConfigCustom"}, } } -func schema_openshift_api_config_v1alpha1_PolicyMatchExactRepository(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_MetadataConfigCustom(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "MetadataConfigCustom defines custom settings for sending series metadata when sendPolicy is Custom. At least one property must be set when sendPolicy is Custom (e.g. sendIntervalSeconds).", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "repository": { + "sendIntervalSeconds": { SchemaProps: spec.SchemaProps{ - Description: "repository is the reference of the image identity to be matched. The value should be a repository name (by omitting the tag or digest) in a registry implementing the \"Docker Registry HTTP API V2\". For example, docker.io/library/busybox", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "sendIntervalSeconds is the interval in seconds at which metadata is sent. When omitted, the platform chooses a reasonable default (e.g. 30 seconds). Minimum value is 1 second. Maximum value is 86400 seconds (24 hours).", + Type: []string{"integer"}, + Format: "int32", }, }, }, - Required: []string{"repository"}, }, }, } } -func schema_openshift_api_config_v1alpha1_PolicyMatchRemapIdentity(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_MetricsServerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "MetricsServerConfig provides configuration options for the Metrics Server instance that runs in the `openshift-monitoring` namespace. Use this configuration to control how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "prefix": { + "audit": { SchemaProps: spec.SchemaProps{ - Description: "prefix is the prefix of the image identity to be matched. If the image identity matches the specified prefix, that prefix is replaced by the specified “signedPrefix” (otherwise it is used as unchanged and no remapping takes place). This useful when verifying signatures for a mirror of some other repository namespace that preserves the vendor’s repository structure. The prefix and signedPrefix values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "audit defines the audit configuration used by the Metrics Server instance. audit is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default sets audit.profile to Metadata", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.Audit"), }, }, - "signedPrefix": { + "nodeSelector": { SchemaProps: spec.SchemaProps{ - Description: "signedPrefix is the prefix of the image identity to be matched in the signature. The format is the same as \"prefix\". The values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", - Default: "", + Description: "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "tolerations": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(corev1.Toleration{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + "verbosity": { + SchemaProps: spec.SchemaProps{ + Description: "verbosity defines the verbosity of log messages for Metrics Server. Valid values are Errors, Info, Trace, TraceAll and omitted. When set to Errors, only critical messages and errors are logged. When set to Info, only basic information messages are logged. When set to Trace, information useful for general debugging is logged. When set to TraceAll, detailed information about metric scraping is logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Errors`", Type: []string{"string"}, Format: "", }, }, + "resources": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "resources defines the compute resource requests and limits for the Metrics Server container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.ContainerResource"), + }, + }, + }, + }, + }, + "topologySpreadConstraints": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "topologyKey", + "whenUnsatisfiable", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(corev1.TopologySpreadConstraint{}.OpenAPIModelName()), + }, + }, + }, + }, + }, }, - Required: []string{"prefix", "signedPrefix"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.Audit", "github.com/openshift/api/config/v1alpha1.ContainerResource", corev1.Toleration{}.OpenAPIModelName(), corev1.TopologySpreadConstraint{}.OpenAPIModelName()}, } } -func schema_openshift_api_config_v1alpha1_PolicyRootOfTrust(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_OAuth2(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PolicyRootOfTrust defines the root of trust based on the selected policyType.", + Description: "OAuth2 defines OAuth2 authentication settings for the remote write endpoint.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "policyType": { + "clientId": { SchemaProps: spec.SchemaProps{ - Description: "policyType serves as the union's discriminator. Users are required to assign a value to this field, choosing one of the policy types that define the root of trust. \"PublicKey\" indicates that the policy relies on a sigstore publicKey and may optionally use a Rekor verification. \"FulcioCAWithRekor\" indicates that the policy is based on the Fulcio certification and incorporates a Rekor verification. \"PKI\" indicates that the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "clientId defines the secret reference containing the OAuth2 client ID. The secret must exist in the openshift-monitoring namespace.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), }, }, - "publicKey": { + "clientSecret": { SchemaProps: spec.SchemaProps{ - Description: "publicKey defines the root of trust based on a sigstore public key.", - Ref: ref("github.com/openshift/api/config/v1alpha1.ImagePolicyPublicKeyRootOfTrust"), + Description: "clientSecret defines the secret reference containing the OAuth2 client secret. The secret must exist in the openshift-monitoring namespace.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), }, }, - "fulcioCAWithRekor": { + "tokenUrl": { SchemaProps: spec.SchemaProps{ - Description: "fulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key. For more information about Fulcio and Rekor, please refer to the document at: https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor", - Ref: ref("github.com/openshift/api/config/v1alpha1.ImagePolicyFulcioCAWithRekorRootOfTrust"), + Description: "tokenUrl is the URL to fetch the token from. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + Type: []string{"string"}, + Format: "", }, }, - "pki": { + "scopes": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "pki defines the root of trust based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates.", - Ref: ref("github.com/openshift/api/config/v1alpha1.ImagePolicyPKIRootOfTrust"), + Description: "scopes is a list of OAuth2 scopes to request. When omitted, no scopes are requested. Maximum of 20 scopes can be specified. Each scope must be between 1 and 256 characters.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - }, - Required: []string{"policyType"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "policyType", - "fields-to-discriminateBy": map[string]interface{}{ - "fulcioCAWithRekor": "FulcioCAWithRekor", - "pki": "PKI", - "publicKey": "PublicKey", + "endpointParams": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "endpointParams defines additional parameters to append to the token URL. When omitted, no additional parameters are sent. Maximum of 20 parameters can be specified. Entries must have unique names (name is the list key).", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.OAuth2EndpointParam"), + }, + }, }, }, }, }, + Required: []string{"clientId", "clientSecret", "tokenUrl"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.ImagePolicyFulcioCAWithRekorRootOfTrust", "github.com/openshift/api/config/v1alpha1.ImagePolicyPKIRootOfTrust", "github.com/openshift/api/config/v1alpha1.ImagePolicyPublicKeyRootOfTrust"}, + "github.com/openshift/api/config/v1alpha1.OAuth2EndpointParam", "github.com/openshift/api/config/v1alpha1.SecretKeySelector"}, } } -func schema_openshift_api_config_v1alpha1_PrometheusOperatorConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_OAuth2EndpointParam(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PrometheusOperatorConfig provides configuration options for the Prometheus Operator instance Use this configuration to control how the Prometheus Operator instance is deployed, how it logs, and how its pods are scheduled.", + Description: "OAuth2EndpointParam defines a name/value parameter for the OAuth2 token URL.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "logLevel": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "logLevel defines the verbosity of logs emitted by Prometheus Operator. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + Description: "name is the parameter name. Must be between 1 and 256 characters.", + Type: []string{"string"}, + Format: "", + }, + }, + "value": { + SchemaProps: spec.SchemaProps{ + Description: "value is the optional parameter value. When omitted, the query parameter is applied as ?name (no value). When set (including to the empty string), it is applied as ?name=value. Empty string may be used when the external system expects a parameter with an empty value (e.g. ?parameter=\"\"). Must be between 0 and 2048 characters when present (aligned with common URL length recommendations).", Type: []string{"string"}, Format: "", }, }, + }, + Required: []string{"name"}, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_OpenShiftStateMetricsConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "OpenShiftStateMetricsConfig provides configuration options for the openshift-state-metrics agent that runs in the `openshift-monitoring` namespace. The openshift-state-metrics agent generates metrics about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ "nodeSelector": { SchemaProps: spec.SchemaProps{ - Description: "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + Description: "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", Type: []string{"object"}, AdditionalProperties: &spec.SchemaOrBool{ Allows: true, @@ -24173,7 +24107,7 @@ func schema_openshift_api_config_v1alpha1_PrometheusOperatorConfig(ref common.Re }, }, SchemaProps: spec.SchemaProps{ - Description: "resources defines the compute resource requests and limits for the Prometheus Operator container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", + Description: "resources defines the compute resource requests and limits for the openshift-state-metrics container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 1m\n limit: null\n - name: memory\n request: 32Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -24198,7 +24132,7 @@ func schema_openshift_api_config_v1alpha1_PrometheusOperatorConfig(ref common.Re Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.Toleration"), + Ref: ref(corev1.Toleration{}.OpenAPIModelName()), }, }, }, @@ -24215,13 +24149,13 @@ func schema_openshift_api_config_v1alpha1_PrometheusOperatorConfig(ref common.Re }, }, SchemaProps: spec.SchemaProps{ - Description: "topologySpreadConstraints defines rules for how Prometheus Operator Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + Description: "topologySpreadConstraints defines rules for how openshift-state-metrics Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.TopologySpreadConstraint"), + Ref: ref(corev1.TopologySpreadConstraint{}.OpenAPIModelName()), }, }, }, @@ -24231,71 +24165,85 @@ func schema_openshift_api_config_v1alpha1_PrometheusOperatorConfig(ref common.Re }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.ContainerResource", "k8s.io/api/core/v1.Toleration", "k8s.io/api/core/v1.TopologySpreadConstraint"}, + "github.com/openshift/api/config/v1alpha1.ContainerResource", corev1.Toleration{}.OpenAPIModelName(), corev1.TopologySpreadConstraint{}.OpenAPIModelName()}, } } -func schema_openshift_api_config_v1alpha1_RetentionNumberConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_PKI(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "RetentionNumberConfig specifies the configuration of the retention policy on the number of backups", + Description: "PKI configures cryptographic parameters for certificates generated internally by OpenShift components.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "maxNumberOfBackups": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "maxNumberOfBackups defines the maximum number of backups to retain. If the existing number of backups saved is equal to MaxNumberOfBackups then the oldest backup will be removed before a new backup is initiated.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Description: "spec holds user settable values for configuration", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.PKISpec"), }, }, }, - Required: []string{"maxNumberOfBackups"}, + Required: []string{"spec"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.PKISpec", metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_config_v1alpha1_RetentionPolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_PKICertificateManagement(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "RetentionPolicy defines the retention policy for retaining and deleting existing backups. This struct is a discriminated union that allows users to select the type of retention policy from the supported types.", + Description: "PKICertificateManagement determines whether components use hardcoded defaults (Unmanaged), follow OpenShift best practices (Default), or use administrator-specified cryptographic parameters (Custom). This provides flexibility for organizations with specific compliance requirements or security policies while maintaining backwards compatibility for existing clusters.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "retentionType": { + "mode": { SchemaProps: spec.SchemaProps{ - Description: "retentionType sets the type of retention policy. Currently, the only valid policies are retention by number of backups (RetentionNumber), by the size of backups (RetentionSize). More policies or types may be added in the future. Empty string means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. The current default is RetentionNumber with 15 backups kept.\n\nPossible enum values:\n - `\"RetentionNumber\"` sets the retention policy based on the number of backup files saved\n - `\"RetentionSize\"` sets the retention policy based on the total size of the backup files saved", - Default: "", + Description: "mode determines how PKI configuration is managed. Valid values are \"Unmanaged\", \"Default\", and \"Custom\".\n\nWhen set to Unmanaged, components use their existing hardcoded certificate generation behavior, exactly as if this feature did not exist. Each component generates certificates using whatever parameters it was using before this feature. While most components use RSA 2048, some may use different parameters. Use of this mode might prevent upgrading to the next major OpenShift release.\n\nWhen set to Default, OpenShift-recommended best practices for certificate generation are applied. The specific parameters may evolve across OpenShift releases to adopt improved cryptographic standards. In the initial release, this matches Unmanaged behavior for each component. In future releases, this may adopt ECDSA or larger RSA keys based on industry best practices. Recommended for most customers who want to benefit from security improvements automatically.\n\nWhen set to Custom, the certificate management parameters can be set explicitly. Use the custom field to specify certificate generation parameters.", Type: []string{"string"}, Format: "", - Enum: []interface{}{"RetentionNumber", "RetentionSize"}, - }, - }, - "retentionNumber": { - SchemaProps: spec.SchemaProps{ - Description: "retentionNumber configures the retention policy based on the number of backups", - Ref: ref("github.com/openshift/api/config/v1alpha1.RetentionNumberConfig"), }, }, - "retentionSize": { + "custom": { SchemaProps: spec.SchemaProps{ - Description: "retentionSize configures the retention policy based on the size of backups", - Ref: ref("github.com/openshift/api/config/v1alpha1.RetentionSizeConfig"), + Description: "custom contains administrator-specified cryptographic configuration. Use the defaults and category override fields to specify certificate generation parameters. Required when mode is Custom, and forbidden otherwise.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.CustomPKIPolicy"), }, }, }, - Required: []string{"retentionType"}, + Required: []string{"mode"}, }, VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ "x-kubernetes-unions": []interface{}{ map[string]interface{}{ - "discriminator": "retentionType", + "discriminator": "mode", "fields-to-discriminateBy": map[string]interface{}{ - "retentionNumber": "RetentionNumber", - "retentionSize": "RetentionSize", + "custom": "Custom", }, }, }, @@ -24303,107 +24251,1485 @@ func schema_openshift_api_config_v1alpha1_RetentionPolicy(ref common.ReferenceCa }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.RetentionNumberConfig", "github.com/openshift/api/config/v1alpha1.RetentionSizeConfig"}, + "github.com/openshift/api/config/v1alpha1.CustomPKIPolicy"}, } } -func schema_openshift_api_config_v1alpha1_RetentionSizeConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_PKIList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "RetentionSizeConfig specifies the configuration of the retention policy on the total size of backups", + Description: "PKIList is a collection of PKI resources.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "maxSizeOfBackupsGb": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "maxSizeOfBackupsGb defines the total size in GB of backups to retain. If the current total size backups exceeds MaxSizeOfBackupsGb then the oldest backup will be removed before a new backup is initiated.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Description: "items is a list of PKI resources", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.PKI"), + }, + }, + }, }, }, }, - Required: []string{"maxSizeOfBackupsGb"}, + Required: []string{"items"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.PKI", metav1.ListMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_config_v1alpha1_Storage(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_PKIProfile(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", + Description: "PKIProfile defines the certificate generation parameters that OpenShift components use to create certificates. Category overrides take precedence over defaults.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "type": { + "defaults": { SchemaProps: spec.SchemaProps{ - Description: "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "defaults specifies the default certificate configuration that applies to all certificates unless overridden by a category override.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.DefaultCertificateConfig"), }, }, - "persistentVolume": { + "signerCertificates": { SchemaProps: spec.SchemaProps{ - Description: "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", - Ref: ref("github.com/openshift/api/config/v1alpha1.PersistentVolumeConfig"), + Description: "signerCertificates optionally overrides certificate parameters for certificate authority (CA) certificates that sign other certificates. When set, these parameters take precedence over defaults for all signer certificates. When omitted, the defaults are used for signer certificates.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.CertificateConfig"), + }, + }, + "servingCertificates": { + SchemaProps: spec.SchemaProps{ + Description: "servingCertificates optionally overrides certificate parameters for TLS server certificates used to serve HTTPS endpoints. When set, these parameters take precedence over defaults for all serving certificates. When omitted, the defaults are used for serving certificates.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.CertificateConfig"), + }, + }, + "clientCertificates": { + SchemaProps: spec.SchemaProps{ + Description: "clientCertificates optionally overrides certificate parameters for client authentication certificates used to authenticate to servers. When set, these parameters take precedence over defaults for all client certificates. When omitted, the defaults are used for client certificates.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.CertificateConfig"), }, }, }, - Required: []string{"type"}, + Required: []string{"defaults"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha1.PersistentVolumeConfig"}, + "github.com/openshift/api/config/v1alpha1.CertificateConfig", "github.com/openshift/api/config/v1alpha1.DefaultCertificateConfig"}, } } -func schema_openshift_api_config_v1alpha1_UserDefinedMonitoring(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_PKISpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "UserDefinedMonitoring config for user-defined projects.", + Description: "PKISpec holds the specification for PKI configuration.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "mode": { + "certificateManagement": { SchemaProps: spec.SchemaProps{ - Description: "mode defines the different configurations of UserDefinedMonitoring Valid values are Disabled and NamespaceIsolated Disabled disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces. NamespaceIsolated enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level. The current default value is `Disabled`.\n\nPossible enum values:\n - `\"Disabled\"` disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces.\n - `\"NamespaceIsolated\"` enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level.", - Default: "", - Type: []string{"string"}, - Format: "", - Enum: []interface{}{"Disabled", "NamespaceIsolated"}, + Description: "certificateManagement specifies how PKI configuration is managed for internally-generated certificates. This controls the certificate generation approach for all OpenShift components that create certificates internally, including certificate authorities, serving certificates, and client certificates.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.PKICertificateManagement"), }, }, }, - Required: []string{"mode"}, + Required: []string{"certificateManagement"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.PKICertificateManagement"}, } } -func schema_openshift_api_config_v1alpha2_Custom(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_config_v1alpha1_PersistentVolumeClaimReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "custom provides the custom configuration of gatherers", + Description: "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "configs": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, - }, + "name": { SchemaProps: spec.SchemaProps{ - Description: "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ + Description: "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"name"}, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_PersistentVolumeConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "persistentVolumeConfig provides configuration options for PersistentVolume storage.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "claim": { + SchemaProps: spec.SchemaProps{ + Description: "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.PersistentVolumeClaimReference"), + }, + }, + "mountPath": { + SchemaProps: spec.SchemaProps{ + Description: "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"claim"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.PersistentVolumeClaimReference"}, + } +} + +func schema_openshift_api_config_v1alpha1_PrometheusConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "PrometheusConfig provides configuration options for the Prometheus instance. Use this configuration to control Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "additionalAlertmanagerConfigs": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from the Prometheus component. This is useful for organizations that need to:\n - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks)\n - Route different types of alerts to different teams or systems\n - Integrate with existing enterprise alerting infrastructure\n - Maintain separate alert routing for compliance or organizational requirements\nWhen omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Entries must have unique names (name is the list key).", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.AdditionalAlertmanagerConfig"), + }, + }, + }, + }, + }, + "enforcedBodySizeLimitBytes": { + SchemaProps: spec.SchemaProps{ + Description: "enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. If a scraped target's body response is larger than the limit, the scrape will fail. This helps protect Prometheus from targets that return excessively large responses. The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). When omitted, the Cluster Monitoring Operator automatically calculates an appropriate limit based on cluster capacity. Set an explicit value to override the automatic calculation. Minimum value is 10240 (10kB). Maximum value is 1073741824 (1GB).", + Type: []string{"integer"}, + Format: "int64", + }, + }, + "externalLabels": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "key", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "externalLabels defines labels to be attached to time series and alerts when communicating with external systems such as federation, remote storage, and Alertmanager. These labels are not stored with metrics on disk; they are only added when data leaves Prometheus (e.g., during federation queries, remote write, or alert notifications). At least 1 label must be specified when set, with a maximum of 50 labels allowed. Each label key must be unique within this list. When omitted, no external labels are applied.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.Label"), + }, + }, + }, + }, + }, + "logLevel": { + SchemaProps: spec.SchemaProps{ + Description: "logLevel defines the verbosity of logs emitted by Prometheus. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + Type: []string{"string"}, + Format: "", + }, + }, + "nodeSelector": { + SchemaProps: spec.SchemaProps{ + Description: "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least one key-value pair (minimum of 1) and must not contain more than 10 entries.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "queryLogFile": { + SchemaProps: spec.SchemaProps{ + Description: "queryLogFile specifies the file to which PromQL queries are logged. This setting can be either a filename, in which case the queries are saved to an `emptyDir` volume at `/var/log/prometheus`, or a full path to a location where an `emptyDir` volume will be mounted and the queries saved. Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but writing to any other `/dev/` path is not supported. Relative paths are also not supported. By default, PromQL queries are not logged. Must be an absolute path starting with `/` or a simple filename without path separators. Must not contain consecutive slashes, end with a slash, or include '..' path traversal. Must contain only alphanumeric characters, '.', '_', '-', or '/'. Must be between 1 and 255 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "remoteWrite": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. Remote write allows Prometheus to send metrics it collects to external long-term storage systems. When omitted, no remote write endpoints are configured. When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Entries must have unique names (name is the list key).", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.RemoteWriteSpec"), + }, + }, + }, + }, + }, + "resources": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "resources defines the compute resource requests and limits for the Prometheus container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.ContainerResource"), + }, + }, + }, + }, + }, + "retention": { + SchemaProps: spec.SchemaProps{ + Description: "retention configures how long Prometheus retains metrics data and how much storage it can use. When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit).", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.Retention"), + }, + }, + "tolerations": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(corev1.Toleration{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + "topologySpreadConstraints": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "topologyKey", + "whenUnsatisfiable", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "topologySpreadConstraints defines rules for how Prometheus Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(corev1.TopologySpreadConstraint{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + "collectionProfile": { + SchemaProps: spec.SchemaProps{ + Description: "collectionProfile defines the metrics collection profile that Prometheus uses to collect metrics from the platform components. Supported values are `Full` or `Minimal`. In the `Full` profile (default), Prometheus collects all metrics that are exposed by the platform components. In the `Minimal` profile, Prometheus only collects metrics necessary for the default platform alerts, recording rules, telemetry and console dashboards. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is `Full`.", + Type: []string{"string"}, + Format: "", + }, + }, + "volumeClaimTemplate": { + SchemaProps: spec.SchemaProps{ + Description: "volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and Prometheus data will not persist across restarts.", + Ref: ref(corev1.PersistentVolumeClaim{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.AdditionalAlertmanagerConfig", "github.com/openshift/api/config/v1alpha1.ContainerResource", "github.com/openshift/api/config/v1alpha1.Label", "github.com/openshift/api/config/v1alpha1.RemoteWriteSpec", "github.com/openshift/api/config/v1alpha1.Retention", corev1.PersistentVolumeClaim{}.OpenAPIModelName(), corev1.Toleration{}.OpenAPIModelName(), corev1.TopologySpreadConstraint{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_config_v1alpha1_PrometheusOperatorAdmissionWebhookConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "PrometheusOperatorAdmissionWebhookConfig provides configuration options for the admission webhook component of Prometheus Operator that runs in the `openshift-monitoring` namespace. The admission webhook validates PrometheusRule and AlertmanagerConfig objects, mutates PrometheusRule annotations, and converts AlertmanagerConfig objects between API versions.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "resources": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "resources defines the compute resource requests and limits for the prometheus-operator-admission-webhook container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 5m\n limit: null\n - name: memory\n request: 30Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.ContainerResource"), + }, + }, + }, + }, + }, + "topologySpreadConstraints": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "topologyKey", + "whenUnsatisfiable", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "topologySpreadConstraints defines rules for how admission webhook Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(corev1.TopologySpreadConstraint{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.ContainerResource", corev1.TopologySpreadConstraint{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_config_v1alpha1_PrometheusOperatorConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "PrometheusOperatorConfig provides configuration options for the Prometheus Operator instance Use this configuration to control how the Prometheus Operator instance is deployed, how it logs, and how its pods are scheduled.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "logLevel": { + SchemaProps: spec.SchemaProps{ + Description: "logLevel defines the verbosity of logs emitted by Prometheus Operator. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + Type: []string{"string"}, + Format: "", + }, + }, + "nodeSelector": { + SchemaProps: spec.SchemaProps{ + Description: "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "resources": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "resources defines the compute resource requests and limits for the Prometheus Operator container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.ContainerResource"), + }, + }, + }, + }, + }, + "tolerations": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(corev1.Toleration{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + "topologySpreadConstraints": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "topologyKey", + "whenUnsatisfiable", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "topologySpreadConstraints defines rules for how Prometheus Operator Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(corev1.TopologySpreadConstraint{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.ContainerResource", corev1.Toleration{}.OpenAPIModelName(), corev1.TopologySpreadConstraint{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_config_v1alpha1_PrometheusRemoteWriteHeader(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "PrometheusRemoteWriteHeader defines a custom HTTP header for remote write requests. The header name must not be one of the reserved headers set by Prometheus (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). Header names must contain only case-insensitive alphanumeric characters, hyphens (-), and underscores (_); other characters (e.g. emoji) are rejected by validation. Validation is enforced on the Headers field in RemoteWriteSpec.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is the HTTP header name. Must not be a reserved header (see type documentation). Must contain only alphanumeric characters, hyphens, and underscores; invalid characters are rejected. Must be between 1 and 256 characters.", + Type: []string{"string"}, + Format: "", + }, + }, + "value": { + SchemaProps: spec.SchemaProps{ + Description: "value is the HTTP header value. Must be at most 4096 characters.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"name", "value"}, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_QueueConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "QueueConfig allows tuning configuration for remote write queue parameters. Configure this when you need to control throughput, backpressure, or retry behavior—for example to avoid overloading the remote endpoint, to reduce memory usage, or to tune for high-cardinality workloads. Consider capacity, maxShards, and batchSendDeadlineSeconds for throughput; minBackoffMilliseconds and maxBackoffMilliseconds for retries; and rateLimitedAction when the remote returns HTTP 429.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "capacity": { + SchemaProps: spec.SchemaProps{ + Description: "capacity is the number of samples to buffer per shard before we start dropping them. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 10000. Minimum value is 1. Maximum value is 1000000.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "maxShards": { + SchemaProps: spec.SchemaProps{ + Description: "maxShards is the maximum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 200. Minimum value is 1. Maximum value is 10000.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "minShards": { + SchemaProps: spec.SchemaProps{ + Description: "minShards is the minimum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1. Minimum value is 1. Maximum value is 10000.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "maxSamplesPerSend": { + SchemaProps: spec.SchemaProps{ + Description: "maxSamplesPerSend is the maximum number of samples per send. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1000. Minimum value is 1. Maximum value is 100000.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "batchSendDeadlineSeconds": { + SchemaProps: spec.SchemaProps{ + Description: "batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 3600 seconds (1 hour).", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "minBackoffMilliseconds": { + SchemaProps: spec.SchemaProps{ + Description: "minBackoffMilliseconds is the minimum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "maxBackoffMilliseconds": { + SchemaProps: spec.SchemaProps{ + Description: "maxBackoffMilliseconds is the maximum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "rateLimitedAction": { + SchemaProps: spec.SchemaProps{ + Description: "rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). When omitted, no retries are performed on rate limit responses. When set to \"Retry\", Prometheus will retry such requests using the backoff settings above. Valid value when set is \"Retry\".", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_RSAKeyConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RSAKeyConfig specifies parameters for RSA key generation.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "keySize": { + SchemaProps: spec.SchemaProps{ + Description: "keySize specifies the size of RSA keys in bits. Valid values are multiples of 1024 from 2048 to 8192.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + }, + Required: []string{"keySize"}, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_RelabelActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RelabelActionConfig represents the action to perform and its configuration. Exactly one action-specific configuration must be specified based on the action type.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { + SchemaProps: spec.SchemaProps{ + Description: "type specifies the action to perform on the matched labels. Allowed values are Replace, Lowercase, Uppercase, Keep, Drop, KeepEqual, DropEqual, HashMod, LabelMap, LabelDrop, LabelKeep.\n\nWhen set to Replace, regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place.\n\nWhen set to Lowercase, the concatenated source_labels are mapped to their lower case. Requires Prometheus >= v2.36.0.\n\nWhen set to Uppercase, the concatenated source_labels are mapped to their upper case. Requires Prometheus >= v2.36.0.\n\nWhen set to Keep, targets for which regex does not match the concatenated source_labels are dropped.\n\nWhen set to Drop, targets for which regex matches the concatenated source_labels are dropped.\n\nWhen set to KeepEqual, targets for which the concatenated source_labels do not match target_label are dropped. Requires Prometheus >= v2.41.0.\n\nWhen set to DropEqual, targets for which the concatenated source_labels do match target_label are dropped. Requires Prometheus >= v2.41.0.\n\nWhen set to HashMod, target_label is set to the modulus of a hash of the concatenated source_labels.\n\nWhen set to LabelMap, regex is matched against all source label names (not just source_labels); matching label values are copied to new names given by replacement with ${1}, ${2}, ... substituted.\n\nWhen set to LabelDrop, regex is matched against all label names; any label that matches is removed.\n\nWhen set to LabelKeep, regex is matched against all label names; any label that does not match is removed.", + Type: []string{"string"}, + Format: "", + }, + }, + "replace": { + SchemaProps: spec.SchemaProps{ + Description: "replace configures the Replace action. Required when type is Replace, and forbidden otherwise.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.ReplaceActionConfig"), + }, + }, + "hashMod": { + SchemaProps: spec.SchemaProps{ + Description: "hashMod configures the HashMod action. Required when type is HashMod, and forbidden otherwise.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.HashModActionConfig"), + }, + }, + "labelMap": { + SchemaProps: spec.SchemaProps{ + Description: "labelMap configures the LabelMap action. Required when type is LabelMap, and forbidden otherwise.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.LabelMapActionConfig"), + }, + }, + "lowercase": { + SchemaProps: spec.SchemaProps{ + Description: "lowercase configures the Lowercase action. Required when type is Lowercase, and forbidden otherwise. Requires Prometheus >= v2.36.0.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.LowercaseActionConfig"), + }, + }, + "uppercase": { + SchemaProps: spec.SchemaProps{ + Description: "uppercase configures the Uppercase action. Required when type is Uppercase, and forbidden otherwise. Requires Prometheus >= v2.36.0.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.UppercaseActionConfig"), + }, + }, + "keepEqual": { + SchemaProps: spec.SchemaProps{ + Description: "keepEqual configures the KeepEqual action. Required when type is KeepEqual, and forbidden otherwise. Requires Prometheus >= v2.41.0.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.KeepEqualActionConfig"), + }, + }, + "dropEqual": { + SchemaProps: spec.SchemaProps{ + Description: "dropEqual configures the DropEqual action. Required when type is DropEqual, and forbidden otherwise. Requires Prometheus >= v2.41.0.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.DropEqualActionConfig"), + }, + }, + }, + Required: []string{"type"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "type", + "fields-to-discriminateBy": map[string]interface{}{ + "dropEqual": "DropEqual", + "hashMod": "HashMod", + "keepEqual": "KeepEqual", + "labelMap": "LabelMap", + "lowercase": "Lowercase", + "replace": "Replace", + "uppercase": "Uppercase", + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.DropEqualActionConfig", "github.com/openshift/api/config/v1alpha1.HashModActionConfig", "github.com/openshift/api/config/v1alpha1.KeepEqualActionConfig", "github.com/openshift/api/config/v1alpha1.LabelMapActionConfig", "github.com/openshift/api/config/v1alpha1.LowercaseActionConfig", "github.com/openshift/api/config/v1alpha1.ReplaceActionConfig", "github.com/openshift/api/config/v1alpha1.UppercaseActionConfig"}, + } +} + +func schema_openshift_api_config_v1alpha1_RelabelConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RelabelConfig represents a relabeling rule.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is a unique identifier for this relabel configuration. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "sourceLabels": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "set", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "sourceLabels specifies which label names to extract from each series for this relabeling rule. The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with \"__\" (two underscores) are reserved for internal Prometheus use and are not allowed. Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.).", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "separator": { + SchemaProps: spec.SchemaProps{ + Description: "separator is the character sequence used to join source label values. Common examples: \";\", \",\", \"::\", \"|||\". When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \";\". Must be between 1 and 5 characters in length when specified.", + Type: []string{"string"}, + Format: "", + }, + }, + "regex": { + SchemaProps: spec.SchemaProps{ + Description: "regex is the regular expression to match against the concatenated source label values. Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"(.*)\" to match everything. Must be between 1 and 1000 characters in length when specified.", + Type: []string{"string"}, + Format: "", + }, + }, + "action": { + SchemaProps: spec.SchemaProps{ + Description: "action defines the action to perform on the matched labels and its configuration. Exactly one action-specific configuration must be specified based on the action type.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.RelabelActionConfig"), + }, + }, + }, + Required: []string{"name", "action"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.RelabelActionConfig"}, + } +} + +func schema_openshift_api_config_v1alpha1_RemoteWriteAuthorization(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RemoteWriteAuthorization defines the authorization method for a remote write endpoint. Exactly one of the nested configs must be set according to the type discriminator.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { + SchemaProps: spec.SchemaProps{ + Description: "type specifies the authorization method to use. Allowed values are BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, ServiceAccount.\n\nWhen set to BearerToken, the bearer token is read from a Secret referenced by the bearerToken field.\n\nWhen set to BasicAuth, HTTP basic authentication is used; the basicAuth field (username and password from Secrets) must be set.\n\nWhen set to OAuth2, OAuth2 client credentials flow is used; the oauth2 field (clientId, clientSecret, tokenUrl) must be set.\n\nWhen set to SigV4, AWS Signature Version 4 is used for authentication; the sigv4 field must be set.\n\nWhen set to SafeAuthorization, credentials are read from a single Secret key (Prometheus SafeAuthorization pattern). The secret key typically contains a Bearer token. Use the safeAuthorization field.\n\nWhen set to ServiceAccount, the pod's service account token is used for machine identity. No additional field is required; the operator configures the token path.", + Type: []string{"string"}, + Format: "", + }, + }, + "safeAuthorization": { + SchemaProps: spec.SchemaProps{ + Description: "safeAuthorization defines the secret reference containing the credentials for authentication (e.g. Bearer token). Required when type is \"SafeAuthorization\", and forbidden otherwise. Maps to Prometheus SafeAuthorization. The secret must exist in the openshift-monitoring namespace.", + Ref: ref(corev1.SecretKeySelector{}.OpenAPIModelName()), + }, + }, + "bearerToken": { + SchemaProps: spec.SchemaProps{ + Description: "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", and forbidden otherwise.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "basicAuth": { + SchemaProps: spec.SchemaProps{ + Description: "basicAuth defines HTTP basic authentication credentials. Required when type is \"BasicAuth\", and forbidden otherwise.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.BasicAuth"), + }, + }, + "oauth2": { + SchemaProps: spec.SchemaProps{ + Description: "oauth2 defines OAuth2 client credentials authentication. Required when type is \"OAuth2\", and forbidden otherwise.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.OAuth2"), + }, + }, + "sigv4": { + SchemaProps: spec.SchemaProps{ + Description: "sigv4 defines AWS Signature Version 4 authentication. Required when type is \"SigV4\", and forbidden otherwise.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.Sigv4"), + }, + }, + }, + Required: []string{"type"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "type", + "fields-to-discriminateBy": map[string]interface{}{ + "basicAuth": "BasicAuth", + "bearerToken": "BearerToken", + "oauth2": "OAuth2", + "safeAuthorization": "SafeAuthorization", + "sigv4": "Sigv4", + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.BasicAuth", "github.com/openshift/api/config/v1alpha1.OAuth2", "github.com/openshift/api/config/v1alpha1.SecretKeySelector", "github.com/openshift/api/config/v1alpha1.Sigv4", corev1.SecretKeySelector{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_config_v1alpha1_RemoteWriteSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RemoteWriteSpec represents configuration for remote write endpoints.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "url": { + SchemaProps: spec.SchemaProps{ + Description: "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme and a non-empty hostname. Query parameters, fragments, and user information (e.g. user:password@host) are not allowed. Empty string is invalid. Must be between 1 and 2048 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is a required identifier for this remote write configuration (name is the list key for the remoteWrite list). This name is used in metrics and logging to differentiate remote write queues. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "authorization": { + SchemaProps: spec.SchemaProps{ + Description: "authorization defines the authorization method for the remote write endpoint. When omitted, no authorization is performed. When set, type must be one of BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, or ServiceAccount; the corresponding nested config must be set (ServiceAccount has no config).", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.RemoteWriteAuthorization"), + }, + }, + "headers": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "headers specifies the custom HTTP headers to be sent along with each remote write request. Sending custom headers makes the configuration of a proxy in between optional and helps the receiver recognize the given source better. Clients MAY allow users to send custom HTTP headers; they MUST NOT allow users to configure them in such a way as to send reserved headers. Headers set by Prometheus cannot be overwritten. When omitted, no custom headers are sent. Maximum of 50 headers can be specified. Each header name must be unique. Each header name must contain only alphanumeric characters, hyphens, and underscores, and must not be a reserved Prometheus header (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate).", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.PrometheusRemoteWriteHeader"), + }, + }, + }, + }, + }, + "metadataConfig": { + SchemaProps: spec.SchemaProps{ + Description: "metadataConfig configures the sending of series metadata to remote storage. When omitted, no metadata is sent. When set to sendPolicy: Default, metadata is sent using platform-chosen defaults (e.g. send interval 30 seconds). When set to sendPolicy: Custom, metadata is sent using the settings in the custom field (e.g. custom.sendIntervalSeconds).", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.MetadataConfig"), + }, + }, + "proxyUrl": { + SchemaProps: spec.SchemaProps{ + Description: "proxyUrl defines an optional proxy URL. If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. When omitted, no proxy is used. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "queueConfig": { + SchemaProps: spec.SchemaProps{ + Description: "queueConfig allows tuning configuration for remote write queue parameters. When omitted, default queue configuration is used.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.QueueConfig"), + }, + }, + "remoteTimeoutSeconds": { + SchemaProps: spec.SchemaProps{ + Description: "remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "exemplarsMode": { + SchemaProps: spec.SchemaProps{ + Description: "exemplarsMode controls whether exemplars are sent via remote write. Valid values are \"Send\", \"DoNotSend\" and omitted. When set to \"Send\", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. When omitted or set to \"DoNotSend\", exemplars are not sent.", + Type: []string{"string"}, + Format: "", + }, + }, + "tlsConfig": { + SchemaProps: spec.SchemaProps{ + Description: "tlsConfig defines TLS authentication settings for the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.TLSConfig"), + }, + }, + "writeRelabelConfigs": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. When omitted, no relabeling is performed and all metrics are sent as-is. Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.RelabelConfig"), + }, + }, + }, + }, + }, + }, + Required: []string{"url", "name"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.MetadataConfig", "github.com/openshift/api/config/v1alpha1.PrometheusRemoteWriteHeader", "github.com/openshift/api/config/v1alpha1.QueueConfig", "github.com/openshift/api/config/v1alpha1.RelabelConfig", "github.com/openshift/api/config/v1alpha1.RemoteWriteAuthorization", "github.com/openshift/api/config/v1alpha1.TLSConfig"}, + } +} + +func schema_openshift_api_config_v1alpha1_ReplaceActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ReplaceActionConfig configures the Replace action. Regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. No replacement if regex does not match.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "targetLabel": { + SchemaProps: spec.SchemaProps{ + Description: "targetLabel is the label name where the replacement result is written. Must be between 1 and 128 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "replacement": { + SchemaProps: spec.SchemaProps{ + Description: "replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. Required when using the Replace action so the intended behavior is explicit and the platform does not need to apply defaults. Use \"$1\" for the first capture group, \"$2\" for the second, etc. Use an empty string (\"\") to explicitly clear the target label value. Must be between 0 and 255 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"targetLabel", "replacement"}, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_Retention(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Retention configures how long Prometheus retains metrics data and how much storage it can use.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "durationInDays": { + SchemaProps: spec.SchemaProps{ + Description: "durationInDays specifies how many days Prometheus will retain metrics data. Prometheus automatically deletes data older than this duration. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 15. Minimum value is 1 day. Maximum value is 365 days (1 year).", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "sizeInGiB": { + SchemaProps: spec.SchemaProps{ + Description: "sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus can use for data blocks and the write-ahead log (WAL). When the limit is reached, Prometheus will delete oldest data first. When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. Minimum value is 1 GiB. Maximum value is 16384 GiB (16 TiB).", + Type: []string{"integer"}, + Format: "int32", + }, + }, + }, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_RetentionNumberConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RetentionNumberConfig specifies the configuration of the retention policy on the number of backups", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "maxNumberOfBackups": { + SchemaProps: spec.SchemaProps{ + Description: "maxNumberOfBackups defines the maximum number of backups to retain. If the existing number of backups saved is equal to MaxNumberOfBackups then the oldest backup will be removed before a new backup is initiated.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", + }, + }, + }, + Required: []string{"maxNumberOfBackups"}, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_RetentionPolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RetentionPolicy defines the retention policy for retaining and deleting existing backups. This struct is a discriminated union that allows users to select the type of retention policy from the supported types.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "retentionType": { + SchemaProps: spec.SchemaProps{ + Description: "retentionType sets the type of retention policy. Currently, the only valid policies are retention by number of backups (RetentionNumber), by the size of backups (RetentionSize). More policies or types may be added in the future. Empty string means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. The current default is RetentionNumber with 15 backups kept.\n\nPossible enum values:\n - `\"RetentionNumber\"` sets the retention policy based on the number of backup files saved\n - `\"RetentionSize\"` sets the retention policy based on the total size of the backup files saved", + Default: "", + Type: []string{"string"}, + Format: "", + Enum: []interface{}{"RetentionNumber", "RetentionSize"}, + }, + }, + "retentionNumber": { + SchemaProps: spec.SchemaProps{ + Description: "retentionNumber configures the retention policy based on the number of backups", + Ref: ref("github.com/openshift/api/config/v1alpha1.RetentionNumberConfig"), + }, + }, + "retentionSize": { + SchemaProps: spec.SchemaProps{ + Description: "retentionSize configures the retention policy based on the size of backups", + Ref: ref("github.com/openshift/api/config/v1alpha1.RetentionSizeConfig"), + }, + }, + }, + Required: []string{"retentionType"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "retentionType", + "fields-to-discriminateBy": map[string]interface{}{ + "retentionNumber": "RetentionNumber", + "retentionSize": "RetentionSize", + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.RetentionNumberConfig", "github.com/openshift/api/config/v1alpha1.RetentionSizeConfig"}, + } +} + +func schema_openshift_api_config_v1alpha1_RetentionSizeConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RetentionSizeConfig specifies the configuration of the retention policy on the total size of backups", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "maxSizeOfBackupsGb": { + SchemaProps: spec.SchemaProps{ + Description: "maxSizeOfBackupsGb defines the total size in GB of backups to retain. If the current total size backups exceeds MaxSizeOfBackupsGb then the oldest backup will be removed before a new backup is initiated.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", + }, + }, + }, + Required: []string{"maxSizeOfBackupsGb"}, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_SecretKeySelector(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is the name of the secret in the `openshift-monitoring` namespace to select from. Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). Must be between 1 and 253 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "key": { + SchemaProps: spec.SchemaProps{ + Description: "key is the key of the secret to select from. Must consist of alphanumeric characters, '-', '_', or '.'. Must be between 1 and 253 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"name", "key"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-map-type": "atomic", + }, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_Sigv4(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Sigv4 defines AWS Signature Version 4 authentication settings. At least one of region, accessKey/secretKey, profile, or roleArn must be set so the platform can perform authentication.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "region": { + SchemaProps: spec.SchemaProps{ + Description: "region is the AWS region. When omitted, the region is derived from the environment or instance metadata. Must be between 1 and 128 characters.", + Type: []string{"string"}, + Format: "", + }, + }, + "accessKey": { + SchemaProps: spec.SchemaProps{ + Description: "accessKey defines the secret reference containing the AWS access key ID. The secret must exist in the openshift-monitoring namespace. When omitted, the access key is derived from the environment or instance metadata.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "secretKey": { + SchemaProps: spec.SchemaProps{ + Description: "secretKey defines the secret reference containing the AWS secret access key. The secret must exist in the openshift-monitoring namespace. When omitted, the secret key is derived from the environment or instance metadata.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "profile": { + SchemaProps: spec.SchemaProps{ + Description: "profile is the named AWS profile used to authenticate. When omitted, the default profile is used. Must be between 1 and 128 characters.", + Type: []string{"string"}, + Format: "", + }, + }, + "roleArn": { + SchemaProps: spec.SchemaProps{ + Description: "roleArn is the AWS Role ARN, an alternative to using AWS API keys. When omitted, API keys are used for authentication. Must be a valid AWS ARN format (e.g., \"arn:aws:iam::123456789012:role/MyRole\"). Must be between 1 and 512 characters.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.SecretKeySelector"}, + } +} + +func schema_openshift_api_config_v1alpha1_Storage(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { + SchemaProps: spec.SchemaProps{ + Description: "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "persistentVolume": { + SchemaProps: spec.SchemaProps{ + Description: "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", + Ref: ref("github.com/openshift/api/config/v1alpha1.PersistentVolumeConfig"), + }, + }, + }, + Required: []string{"type"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.PersistentVolumeConfig"}, + } +} + +func schema_openshift_api_config_v1alpha1_TLSConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TLSConfig represents TLS configuration for Alertmanager connections. At least one TLS configuration option must be specified. For mutual TLS (mTLS), both cert and key must be specified together, or both omitted.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "ca": { + SchemaProps: spec.SchemaProps{ + Description: "ca is an optional CA certificate to use for TLS connections. When omitted, the system's default CA bundle is used.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "cert": { + SchemaProps: spec.SchemaProps{ + Description: "cert is an optional client certificate to use for mutual TLS connections. When omitted, no client certificate is presented.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "key": { + SchemaProps: spec.SchemaProps{ + Description: "key is an optional client key to use for mutual TLS connections. When omitted, no client key is used.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.SecretKeySelector"), + }, + }, + "serverName": { + SchemaProps: spec.SchemaProps{ + Description: "serverName is an optional server name to use for TLS connections. When specified, must be a valid DNS subdomain as per RFC 1123. When omitted, the server name is derived from the URL. Must be between 1 and 253 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + "certificateVerification": { + SchemaProps: spec.SchemaProps{ + Description: "certificateVerification determines the policy for TLS certificate verification. Allowed values are \"Verify\" (performs certificate verification, secure) and \"SkipVerify\" (skips verification, insecure). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"Verify\".", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.SecretKeySelector"}, + } +} + +func schema_openshift_api_config_v1alpha1_TelemeterClientConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "TelemeterClientConfig provides configuration options for the Telemeter Client component that runs in the `openshift-monitoring` namespace. The Telemeter Client collects selected monitoring metrics and forwards them to Red Hat for telemetry purposes. At least one field must be specified.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "nodeSelector": { + SchemaProps: spec.SchemaProps{ + Description: "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "resources": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "resources defines the compute resource requests and limits for the Telemeter Client container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 1m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1alpha1.ContainerResource"), + }, + }, + }, + }, + }, + "tolerations": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(corev1.Toleration{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + "topologySpreadConstraints": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "topologyKey", + "whenUnsatisfiable", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "topologySpreadConstraints defines rules for how Telemeter Client Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(corev1.TopologySpreadConstraint{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1alpha1.ContainerResource", corev1.Toleration{}.OpenAPIModelName(), corev1.TopologySpreadConstraint{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_config_v1alpha1_UppercaseActionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "UppercaseActionConfig configures the Uppercase action. Maps the concatenated source_labels to their upper case and writes to target_label. Requires Prometheus >= v2.36.0.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "targetLabel": { + SchemaProps: spec.SchemaProps{ + Description: "targetLabel is the label name where the upper-cased value is written. Must be between 1 and 128 characters in length.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"targetLabel"}, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha1_UserDefinedMonitoring(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "UserDefinedMonitoring config for user-defined projects.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "mode": { + SchemaProps: spec.SchemaProps{ + Description: "mode defines the different configurations of UserDefinedMonitoring Valid values are Disabled and NamespaceIsolated Disabled disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces. NamespaceIsolated enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level. The current default value is `Disabled`.\n\nPossible enum values:\n - `\"Disabled\"` disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces.\n - `\"NamespaceIsolated\"` enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level.", + Default: "", + Type: []string{"string"}, + Format: "", + Enum: []interface{}{"Disabled", "NamespaceIsolated"}, + }, + }, + }, + Required: []string{"mode"}, + }, + }, + } +} + +func schema_openshift_api_config_v1alpha2_Custom(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "custom provides the custom configuration of gatherers", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "configs": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, Ref: ref("github.com/openshift/api/config/v1alpha2.GathererConfig"), }, @@ -24553,7 +25879,7 @@ func schema_openshift_api_config_v1alpha2_InsightsDataGather(ref common.Referenc SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -24575,7 +25901,7 @@ func schema_openshift_api_config_v1alpha2_InsightsDataGather(ref common.Referenc }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha2.InsightsDataGatherSpec", "github.com/openshift/api/config/v1alpha2.InsightsDataGatherStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/config/v1alpha2.InsightsDataGatherSpec", "github.com/openshift/api/config/v1alpha2.InsightsDataGatherStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -24604,7 +25930,7 @@ func schema_openshift_api_config_v1alpha2_InsightsDataGatherList(ref common.Refe SchemaProps: spec.SchemaProps{ Description: "metadata is the required standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -24626,7 +25952,7 @@ func schema_openshift_api_config_v1alpha2_InsightsDataGatherList(ref common.Refe }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1alpha2.InsightsDataGather", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/config/v1alpha2.InsightsDataGather", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -24826,7 +26152,7 @@ func schema_openshift_api_console_v1_ConsoleCLIDownload(ref common.ReferenceCall SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -24840,7 +26166,7 @@ func schema_openshift_api_console_v1_ConsoleCLIDownload(ref common.ReferenceCall }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleCLIDownloadSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/console/v1.ConsoleCLIDownloadSpec", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -24869,7 +26195,7 @@ func schema_openshift_api_console_v1_ConsoleCLIDownloadList(ref common.Reference SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -24890,7 +26216,7 @@ func schema_openshift_api_console_v1_ConsoleCLIDownloadList(ref common.Reference }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleCLIDownload", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/console/v1.ConsoleCLIDownload", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -24965,7 +26291,7 @@ func schema_openshift_api_console_v1_ConsoleExternalLogLink(ref common.Reference SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -24979,7 +26305,7 @@ func schema_openshift_api_console_v1_ConsoleExternalLogLink(ref common.Reference }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleExternalLogLinkSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/console/v1.ConsoleExternalLogLinkSpec", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -25008,7 +26334,7 @@ func schema_openshift_api_console_v1_ConsoleExternalLogLinkList(ref common.Refer SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -25029,7 +26355,7 @@ func schema_openshift_api_console_v1_ConsoleExternalLogLinkList(ref common.Refer }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleExternalLogLink", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/console/v1.ConsoleExternalLogLink", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -25095,7 +26421,7 @@ func schema_openshift_api_console_v1_ConsoleLink(ref common.ReferenceCallback) c SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -25109,7 +26435,7 @@ func schema_openshift_api_console_v1_ConsoleLink(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleLinkSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/console/v1.ConsoleLinkSpec", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -25138,7 +26464,7 @@ func schema_openshift_api_console_v1_ConsoleLinkList(ref common.ReferenceCallbac SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -25159,7 +26485,7 @@ func schema_openshift_api_console_v1_ConsoleLinkList(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleLink", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/console/v1.ConsoleLink", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -25240,7 +26566,7 @@ func schema_openshift_api_console_v1_ConsoleNotification(ref common.ReferenceCal SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -25254,7 +26580,7 @@ func schema_openshift_api_console_v1_ConsoleNotification(ref common.ReferenceCal }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleNotificationSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/console/v1.ConsoleNotificationSpec", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -25283,7 +26609,7 @@ func schema_openshift_api_console_v1_ConsoleNotificationList(ref common.Referenc SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -25304,7 +26630,7 @@ func schema_openshift_api_console_v1_ConsoleNotificationList(ref common.Referenc }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleNotification", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/console/v1.ConsoleNotification", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -25384,7 +26710,7 @@ func schema_openshift_api_console_v1_ConsolePlugin(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -25399,7 +26725,7 @@ func schema_openshift_api_console_v1_ConsolePlugin(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsolePluginSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/console/v1.ConsolePluginSpec", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -25535,7 +26861,7 @@ func schema_openshift_api_console_v1_ConsolePluginList(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -25556,7 +26882,7 @@ func schema_openshift_api_console_v1_ConsolePluginList(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsolePlugin", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/console/v1.ConsolePlugin", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -25834,7 +27160,7 @@ func schema_openshift_api_console_v1_ConsoleQuickStart(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -25848,7 +27174,7 @@ func schema_openshift_api_console_v1_ConsoleQuickStart(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleQuickStartSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/console/v1.ConsoleQuickStartSpec", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -25877,7 +27203,7 @@ func schema_openshift_api_console_v1_ConsoleQuickStartList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -25898,7 +27224,7 @@ func schema_openshift_api_console_v1_ConsoleQuickStartList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleQuickStart", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/console/v1.ConsoleQuickStart", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -26022,7 +27348,7 @@ func schema_openshift_api_console_v1_ConsoleQuickStartSpec(ref common.ReferenceC Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/authorization/v1.ResourceAttributes"), + Ref: ref(authorizationv1.ResourceAttributes{}.OpenAPIModelName()), }, }, }, @@ -26033,7 +27359,7 @@ func schema_openshift_api_console_v1_ConsoleQuickStartSpec(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleQuickStartTask", "k8s.io/api/authorization/v1.ResourceAttributes"}, + "github.com/openshift/api/console/v1.ConsoleQuickStartTask", authorizationv1.ResourceAttributes{}.OpenAPIModelName()}, } } @@ -26166,7 +27492,7 @@ func schema_openshift_api_console_v1_ConsoleSample(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -26181,7 +27507,7 @@ func schema_openshift_api_console_v1_ConsoleSample(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleSampleSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/console/v1.ConsoleSampleSpec", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -26349,7 +27675,7 @@ func schema_openshift_api_console_v1_ConsoleSampleList(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -26370,7 +27696,7 @@ func schema_openshift_api_console_v1_ConsoleSampleList(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleSample", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/console/v1.ConsoleSample", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -26540,7 +27866,7 @@ func schema_openshift_api_console_v1_ConsoleYAMLSample(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -26554,7 +27880,7 @@ func schema_openshift_api_console_v1_ConsoleYAMLSample(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleYAMLSampleSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/console/v1.ConsoleYAMLSampleSpec", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -26583,7 +27909,7 @@ func schema_openshift_api_console_v1_ConsoleYAMLSampleList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -26604,7 +27930,7 @@ func schema_openshift_api_console_v1_ConsoleYAMLSampleList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/console/v1.ConsoleYAMLSample", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/console/v1.ConsoleYAMLSample", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -26619,7 +27945,7 @@ func schema_openshift_api_console_v1_ConsoleYAMLSampleSpec(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "targetResource contains apiVersion and kind of the resource YAML sample is representating.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.TypeMeta"), + Ref: ref(metav1.TypeMeta{}.OpenAPIModelName()), }, }, "title": { @@ -26659,7 +27985,7 @@ func schema_openshift_api_console_v1_ConsoleYAMLSampleSpec(ref common.ReferenceC }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.TypeMeta"}, + metav1.TypeMeta{}.OpenAPIModelName()}, } } @@ -26718,14 +28044,14 @@ func schema_openshift_api_console_v1_NamespaceDashboardSpec(ref common.Reference "namespaceSelector": { SchemaProps: spec.SchemaProps{ Description: "namespaceSelector is used to select the Namespaces that should contain dashboard link by label. If the namespace labels match, dashboard link will be shown for the namespaces.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + metav1.LabelSelector{}.OpenAPIModelName()}, } } @@ -26754,7 +28080,7 @@ func schema_openshift_api_etcd_v1alpha1_PacemakerCluster(ref common.ReferenceCal SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "status": { @@ -26769,7 +28095,7 @@ func schema_openshift_api_etcd_v1alpha1_PacemakerCluster(ref common.ReferenceCal }, }, Dependencies: []string{ - "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -26796,7 +28122,7 @@ func schema_openshift_api_etcd_v1alpha1_PacemakerClusterFencingAgentStatus(ref c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -26822,7 +28148,7 @@ func schema_openshift_api_etcd_v1alpha1_PacemakerClusterFencingAgentStatus(ref c }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + metav1.Condition{}.OpenAPIModelName()}, } } @@ -26851,7 +28177,7 @@ func schema_openshift_api_etcd_v1alpha1_PacemakerClusterList(ref common.Referenc SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -26873,7 +28199,7 @@ func schema_openshift_api_etcd_v1alpha1_PacemakerClusterList(ref common.Referenc }, }, Dependencies: []string{ - "github.com/openshift/api/etcd/v1alpha1.PacemakerCluster", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/etcd/v1alpha1.PacemakerCluster", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -26900,7 +28226,7 @@ func schema_openshift_api_etcd_v1alpha1_PacemakerClusterNodeStatus(ref common.Re Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -26981,7 +28307,7 @@ func schema_openshift_api_etcd_v1alpha1_PacemakerClusterNodeStatus(ref common.Re }, }, Dependencies: []string{ - "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterFencingAgentStatus", "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterResourceStatus", "github.com/openshift/api/etcd/v1alpha1.PacemakerNodeAddress", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterFencingAgentStatus", "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterResourceStatus", "github.com/openshift/api/etcd/v1alpha1.PacemakerNodeAddress", metav1.Condition{}.OpenAPIModelName()}, } } @@ -27008,7 +28334,7 @@ func schema_openshift_api_etcd_v1alpha1_PacemakerClusterResourceStatus(ref commo Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -27027,7 +28353,7 @@ func schema_openshift_api_etcd_v1alpha1_PacemakerClusterResourceStatus(ref commo }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + metav1.Condition{}.OpenAPIModelName()}, } } @@ -27054,7 +28380,7 @@ func schema_openshift_api_etcd_v1alpha1_PacemakerClusterStatus(ref common.Refere Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -27063,7 +28389,7 @@ func schema_openshift_api_etcd_v1alpha1_PacemakerClusterStatus(ref common.Refere "lastUpdated": { SchemaProps: spec.SchemaProps{ Description: "lastUpdated is the timestamp when this status was last updated. This is useful for identifying stale status reports. It must be a valid timestamp in RFC3339 format. Once set, this field cannot be removed and cannot be set to an earlier timestamp than the current value.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "nodes": { @@ -27093,7 +28419,7 @@ func schema_openshift_api_etcd_v1alpha1_PacemakerClusterStatus(ref common.Refere }, }, Dependencies: []string{ - "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterNodeStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + "github.com/openshift/api/etcd/v1alpha1.PacemakerClusterNodeStatus", metav1.Condition{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, } } @@ -27346,7 +28672,7 @@ func schema_openshift_api_example_v1_StableConfigType(ref common.ReferenceCallba SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -27367,7 +28693,7 @@ func schema_openshift_api_example_v1_StableConfigType(ref common.ReferenceCallba }, }, Dependencies: []string{ - "github.com/openshift/api/example/v1.StableConfigTypeSpec", "github.com/openshift/api/example/v1.StableConfigTypeStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/example/v1.StableConfigTypeSpec", "github.com/openshift/api/example/v1.StableConfigTypeStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -27396,7 +28722,7 @@ func schema_openshift_api_example_v1_StableConfigTypeList(ref common.ReferenceCa SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -27417,7 +28743,7 @@ func schema_openshift_api_example_v1_StableConfigTypeList(ref common.ReferenceCa }, }, Dependencies: []string{ - "github.com/openshift/api/example/v1.StableConfigType", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/example/v1.StableConfigType", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -27569,7 +28895,7 @@ func schema_openshift_api_example_v1_StableConfigTypeStatus(ref common.Reference Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -27586,7 +28912,7 @@ func schema_openshift_api_example_v1_StableConfigTypeStatus(ref common.Reference }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + metav1.Condition{}.OpenAPIModelName()}, } } @@ -27669,7 +28995,7 @@ func schema_openshift_api_example_v1alpha1_NotStableConfigType(ref common.Refere SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -27690,7 +29016,7 @@ func schema_openshift_api_example_v1alpha1_NotStableConfigType(ref common.Refere }, }, Dependencies: []string{ - "github.com/openshift/api/example/v1alpha1.NotStableConfigTypeSpec", "github.com/openshift/api/example/v1alpha1.NotStableConfigTypeStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/example/v1alpha1.NotStableConfigTypeSpec", "github.com/openshift/api/example/v1alpha1.NotStableConfigTypeStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -27719,7 +29045,7 @@ func schema_openshift_api_example_v1alpha1_NotStableConfigTypeList(ref common.Re SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -27740,7 +29066,7 @@ func schema_openshift_api_example_v1alpha1_NotStableConfigTypeList(ref common.Re }, }, Dependencies: []string{ - "github.com/openshift/api/example/v1alpha1.NotStableConfigType", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/example/v1alpha1.NotStableConfigType", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -27789,7 +29115,7 @@ func schema_openshift_api_example_v1alpha1_NotStableConfigTypeStatus(ref common. Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -27799,7 +29125,7 @@ func schema_openshift_api_example_v1alpha1_NotStableConfigTypeStatus(ref common. }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + metav1.Condition{}.OpenAPIModelName()}, } } @@ -27909,7 +29235,7 @@ func schema_openshift_api_helm_v1beta1_HelmChartRepository(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -27931,7 +29257,7 @@ func schema_openshift_api_helm_v1beta1_HelmChartRepository(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/helm/v1beta1.HelmChartRepositorySpec", "github.com/openshift/api/helm/v1beta1.HelmChartRepositoryStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/helm/v1beta1.HelmChartRepositorySpec", "github.com/openshift/api/helm/v1beta1.HelmChartRepositoryStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -27960,7 +29286,7 @@ func schema_openshift_api_helm_v1beta1_HelmChartRepositoryList(ref common.Refere SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -27981,7 +29307,7 @@ func schema_openshift_api_helm_v1beta1_HelmChartRepositoryList(ref common.Refere }, }, Dependencies: []string{ - "github.com/openshift/api/helm/v1beta1.HelmChartRepository", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/helm/v1beta1.HelmChartRepository", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -28051,7 +29377,7 @@ func schema_openshift_api_helm_v1beta1_HelmChartRepositoryStatus(ref common.Refe Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -28061,7 +29387,7 @@ func schema_openshift_api_helm_v1beta1_HelmChartRepositoryStatus(ref common.Refe }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + metav1.Condition{}.OpenAPIModelName()}, } } @@ -28090,7 +29416,7 @@ func schema_openshift_api_helm_v1beta1_ProjectHelmChartRepository(ref common.Ref SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -28112,7 +29438,7 @@ func schema_openshift_api_helm_v1beta1_ProjectHelmChartRepository(ref common.Ref }, }, Dependencies: []string{ - "github.com/openshift/api/helm/v1beta1.HelmChartRepositoryStatus", "github.com/openshift/api/helm/v1beta1.ProjectHelmChartRepositorySpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/helm/v1beta1.HelmChartRepositoryStatus", "github.com/openshift/api/helm/v1beta1.ProjectHelmChartRepositorySpec", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -28141,7 +29467,7 @@ func schema_openshift_api_helm_v1beta1_ProjectHelmChartRepositoryList(ref common SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -28162,7 +29488,7 @@ func schema_openshift_api_helm_v1beta1_ProjectHelmChartRepositoryList(ref common }, }, Dependencies: []string{ - "github.com/openshift/api/helm/v1beta1.ProjectHelmChartRepository", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/helm/v1beta1.ProjectHelmChartRepository", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -28185,593 +29511,90 @@ func schema_openshift_api_helm_v1beta1_ProjectHelmChartRepositorySpec(ref common Description: "Optional associated human readable repository name, it can be used by UI for displaying purposes", Type: []string{"string"}, Format: "", - }, - }, - "description": { - SchemaProps: spec.SchemaProps{ - Description: "Optional human readable repository description, it can be used by UI for displaying purposes", - Type: []string{"string"}, - Format: "", - }, - }, - "connectionConfig": { - SchemaProps: spec.SchemaProps{ - Description: "Required configuration for connecting to the chart repo", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/helm/v1beta1.ConnectionConfigNamespaceScoped"), - }, - }, - }, - Required: []string{"connectionConfig"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/helm/v1beta1.ConnectionConfigNamespaceScoped"}, - } -} - -func schema_openshift_api_image_v1_DockerImageReference(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "DockerImageReference points to a container image.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "Registry": { - SchemaProps: spec.SchemaProps{ - Description: "Registry is the registry that contains the container image", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "Namespace": { - SchemaProps: spec.SchemaProps{ - Description: "Namespace is the namespace that contains the container image", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "Name": { - SchemaProps: spec.SchemaProps{ - Description: "Name is the name of the container image", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "Tag": { - SchemaProps: spec.SchemaProps{ - Description: "Tag is which tag of the container image is being referenced", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "ID": { - SchemaProps: spec.SchemaProps{ - Description: "ID is the identifier for the container image", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - Required: []string{"Registry", "Namespace", "Name", "Tag", "ID"}, - }, - }, - } -} - -func schema_openshift_api_image_v1_Image(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "Image is an immutable representation of a container image and its metadata at a point in time. Images are named by taking a hash of their contents (metadata and content) and any change in format, content, or metadata results in a new name. The images resource is primarily for use by cluster administrators and integrations like the cluster image registry - end users, instead, access images via the imagestreamtags or imagestreamimages resources. While image metadata is stored in the API, any integration that implements the container image registry API must provide its own storage for the raw manifest data, image config, and layer contents.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), - }, - }, - "dockerImageReference": { - SchemaProps: spec.SchemaProps{ - Description: "dockerImageReference is the string that can be used to pull this image.", - Type: []string{"string"}, - Format: "", - }, - }, - "dockerImageMetadata": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-patch-strategy": "replace", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "dockerImageMetadata contains metadata about this image", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), - }, - }, - "dockerImageMetadataVersion": { - SchemaProps: spec.SchemaProps{ - Description: "dockerImageMetadataVersion conveys the version of the object, which if empty defaults to \"1.0\"", - Type: []string{"string"}, - Format: "", - }, - }, - "dockerImageManifest": { - SchemaProps: spec.SchemaProps{ - Description: "dockerImageManifest is the raw JSON of the manifest", - Type: []string{"string"}, - Format: "", - }, - }, - "dockerImageLayers": { - SchemaProps: spec.SchemaProps{ - Description: "dockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.ImageLayer"), - }, - }, - }, - }, - }, - "signatures": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "signatures holds all signatures of the image.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.ImageSignature"), - }, - }, - }, - }, - }, - "dockerImageSignatures": { - SchemaProps: spec.SchemaProps{ - Description: "dockerImageSignatures provides the signatures as opaque blobs. This is a part of manifest schema v1.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "byte", - }, - }, - }, - }, - }, - "dockerImageManifestMediaType": { - SchemaProps: spec.SchemaProps{ - Description: "dockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2.", - Type: []string{"string"}, - Format: "", - }, - }, - "dockerImageConfig": { - SchemaProps: spec.SchemaProps{ - Description: "dockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. Will not be set when the image represents a manifest list.", - Type: []string{"string"}, - Format: "", - }, - }, - "dockerImageManifests": { - SchemaProps: spec.SchemaProps{ - Description: "dockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.ImageManifest"), - }, - }, - }, - }, - }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/image/v1.ImageLayer", "github.com/openshift/api/image/v1.ImageManifest", "github.com/openshift/api/image/v1.ImageSignature", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, - } -} - -func schema_openshift_api_image_v1_ImageBlobReferences(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ImageBlobReferences describes the blob references within an image.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "imageMissing": { - SchemaProps: spec.SchemaProps{ - Description: "imageMissing is true if the image is referenced by the image stream but the image object has been deleted from the API by an administrator. When this field is set, layers and config fields may be empty and callers that depend on the image metadata should consider the image to be unavailable for download or viewing.", - Default: false, - Type: []string{"boolean"}, - Format: "", - }, - }, - "layers": { - SchemaProps: spec.SchemaProps{ - Description: "layers is the list of blobs that compose this image, from base layer to top layer. All layers referenced by this array will be defined in the blobs map. Some images may have zero layers.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "config": { - SchemaProps: spec.SchemaProps{ - Description: "config, if set, is the blob that contains the image config. Some images do not have separate config blobs and this field will be set to nil if so.", - Type: []string{"string"}, - Format: "", - }, - }, - "manifests": { - SchemaProps: spec.SchemaProps{ - Description: "manifests is the list of other image names that this image points to. For a single architecture image, it is empty. For a multi-arch image, it consists of the digests of single architecture images, such images shouldn't have layers nor config.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - }, - }, - }, - } -} - -func schema_openshift_api_image_v1_ImageImportSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ImageImportSpec describes a request to import a specific image.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "from": { - SchemaProps: spec.SchemaProps{ - Description: "from is the source of an image to import; only kind DockerImage is allowed", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ObjectReference"), - }, - }, - "to": { - SchemaProps: spec.SchemaProps{ - Description: "to is a tag in the current image stream to assign the imported image to, if name is not specified the default tag from from.name will be used", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), - }, - }, - "importPolicy": { - SchemaProps: spec.SchemaProps{ - Description: "importPolicy is the policy controlling how the image is imported", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.TagImportPolicy"), - }, - }, - "referencePolicy": { - SchemaProps: spec.SchemaProps{ - Description: "referencePolicy defines how other components should consume the image", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.TagReferencePolicy"), - }, - }, - "includeManifest": { - SchemaProps: spec.SchemaProps{ - Description: "includeManifest determines if the manifest for each image is returned in the response", - Type: []string{"boolean"}, - Format: "", - }, - }, - }, - Required: []string{"from"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/image/v1.TagImportPolicy", "github.com/openshift/api/image/v1.TagReferencePolicy", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.ObjectReference"}, - } -} - -func schema_openshift_api_image_v1_ImageImportStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ImageImportStatus describes the result of an image import.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "status": { - SchemaProps: spec.SchemaProps{ - Description: "status is the status of the image import, including errors encountered while retrieving the image", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Status"), - }, - }, - "image": { - SchemaProps: spec.SchemaProps{ - Description: "image is the metadata of that image, if the image was located", - Ref: ref("github.com/openshift/api/image/v1.Image"), - }, - }, - "tag": { - SchemaProps: spec.SchemaProps{ - Description: "tag is the tag this image was located under, if any", - Type: []string{"string"}, - Format: "", - }, - }, - "manifests": { - SchemaProps: spec.SchemaProps{ - Description: "manifests holds sub-manifests metadata when importing a manifest list", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.Image"), - }, - }, - }, - }, - }, - }, - Required: []string{"status"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/image/v1.Image", "k8s.io/apimachinery/pkg/apis/meta/v1.Status"}, - } -} - -func schema_openshift_api_image_v1_ImageLayer(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ImageLayer represents a single layer of the image. Some images may have multiple layers. Some may have none.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "name": { - SchemaProps: spec.SchemaProps{ - Description: "name of the layer as defined by the underlying store.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "size": { - SchemaProps: spec.SchemaProps{ - Description: "size of the layer in bytes as defined by the underlying store.", - Default: 0, - Type: []string{"integer"}, - Format: "int64", - }, - }, - "mediaType": { - SchemaProps: spec.SchemaProps{ - Description: "mediaType of the referenced object.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - Required: []string{"name", "size", "mediaType"}, - }, - }, - } -} - -func schema_openshift_api_image_v1_ImageLayerData(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ImageLayerData contains metadata about an image layer.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "size": { - SchemaProps: spec.SchemaProps{ - Description: "size of the layer in bytes as defined by the underlying store. This field is optional if the necessary information about size is not available.", - Type: []string{"integer"}, - Format: "int64", - }, - }, - "mediaType": { - SchemaProps: spec.SchemaProps{ - Description: "mediaType of the referenced object.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - Required: []string{"size", "mediaType"}, - }, - }, - } -} - -func schema_openshift_api_image_v1_ImageList(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ImageList is a list of Image objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), - }, - }, - "items": { - SchemaProps: spec.SchemaProps{ - Description: "items is a list of images", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.Image"), - }, - }, - }, - }, - }, - }, - Required: []string{"items"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/image/v1.Image", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, - } -} - -func schema_openshift_api_image_v1_ImageLookupPolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ImageLookupPolicy describes how an image stream can be used to override the image references used by pods, builds, and other resources in a namespace.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "local": { + }, + }, + "description": { SchemaProps: spec.SchemaProps{ - Description: "local will change the docker short image references (like \"mysql\" or \"php:latest\") on objects in this namespace to the image ID whenever they match this image stream, instead of reaching out to a remote registry. The name will be fully qualified to an image ID if found. The tag's referencePolicy is taken into account on the replaced value. Only works within the current namespace.", - Default: false, - Type: []string{"boolean"}, + Description: "Optional human readable repository description, it can be used by UI for displaying purposes", + Type: []string{"string"}, Format: "", }, }, + "connectionConfig": { + SchemaProps: spec.SchemaProps{ + Description: "Required configuration for connecting to the chart repo", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/helm/v1beta1.ConnectionConfigNamespaceScoped"), + }, + }, }, - Required: []string{"local"}, + Required: []string{"connectionConfig"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/helm/v1beta1.ConnectionConfigNamespaceScoped"}, } } -func schema_openshift_api_image_v1_ImageManifest(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_DockerImageReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object.", + Description: "DockerImageReference points to a container image.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "digest": { + "Registry": { SchemaProps: spec.SchemaProps{ - Description: "digest is the unique identifier for the manifest. It refers to an Image object.", + Description: "Registry is the registry that contains the container image", Default: "", Type: []string{"string"}, Format: "", }, }, - "mediaType": { + "Namespace": { SchemaProps: spec.SchemaProps{ - Description: "mediaType defines the type of the manifest, possible values are application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json or application/vnd.docker.distribution.manifest.v1+json.", + Description: "Namespace is the namespace that contains the container image", Default: "", Type: []string{"string"}, Format: "", }, }, - "manifestSize": { - SchemaProps: spec.SchemaProps{ - Description: "manifestSize represents the size of the raw object contents, in bytes.", - Default: 0, - Type: []string{"integer"}, - Format: "int64", - }, - }, - "architecture": { + "Name": { SchemaProps: spec.SchemaProps{ - Description: "architecture specifies the supported CPU architecture, for example `amd64` or `ppc64le`.", + Description: "Name is the name of the container image", Default: "", Type: []string{"string"}, Format: "", }, }, - "os": { + "Tag": { SchemaProps: spec.SchemaProps{ - Description: "os specifies the operating system, for example `linux`.", + Description: "Tag is which tag of the container image is being referenced", Default: "", Type: []string{"string"}, Format: "", }, }, - "variant": { + "ID": { SchemaProps: spec.SchemaProps{ - Description: "variant is an optional field repreenting a variant of the CPU, for example v6 to specify a particular CPU variant of the ARM CPU.", + Description: "ID is the identifier for the container image", + Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"digest", "mediaType", "manifestSize", "architecture", "os"}, + Required: []string{"Registry", "Namespace", "Name", "Tag", "ID"}, }, }, } } -func schema_openshift_api_image_v1_ImageSignature(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_Image(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ImageSignature holds a signature of an image. It allows to verify image identity and possibly other claims as long as the signature is trusted. Based on this information it is possible to restrict runnable images to those matching cluster-wide policy. Mandatory fields should be parsed by clients doing image verification. The others are parsed from signature's content by the server. They serve just an informative purpose.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Description: "Image is an immutable representation of a container image and its metadata at a point in time. Images are named by taking a hash of their contents (metadata and content) and any change in format, content, or metadata results in a new name. The images resource is primarily for use by cluster administrators and integrations like the cluster image registry - end users, instead, access images via the imagestreamtags or imagestreamimages resources. While image metadata is stored in the API, any integration that implements the container image registry API must provide its own storage for the raw manifest data, image config, and layer contents.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -28792,396 +29615,355 @@ func schema_openshift_api_image_v1_ImageSignature(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, - "type": { + "dockerImageReference": { SchemaProps: spec.SchemaProps{ - Description: "Required: Describes a type of stored blob.", - Default: "", + Description: "dockerImageReference is the string that can be used to pull this image.", Type: []string{"string"}, Format: "", }, }, - "content": { + "dockerImageMetadata": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-patch-strategy": "replace", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "Required: An opaque binary string which is an image's signature.", + Description: "dockerImageMetadata contains metadata about this image", + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + }, + }, + "dockerImageMetadataVersion": { + SchemaProps: spec.SchemaProps{ + Description: "dockerImageMetadataVersion conveys the version of the object, which if empty defaults to \"1.0\"", Type: []string{"string"}, - Format: "byte", + Format: "", }, }, - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge", - }, + "dockerImageManifest": { + SchemaProps: spec.SchemaProps{ + Description: "dockerImageManifest is the raw JSON of the manifest", + Type: []string{"string"}, + Format: "", }, + }, + "dockerImageLayers": { SchemaProps: spec.SchemaProps{ - Description: "conditions represent the latest available observations of a signature's current state.", + Description: "dockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.SignatureCondition"), + Ref: ref("github.com/openshift/api/image/v1.ImageLayer"), }, }, }, }, }, - "imageIdentity": { - SchemaProps: spec.SchemaProps{ - Description: "A human readable string representing image's identity. It could be a product name and version, or an image pull spec (e.g. \"registry.access.redhat.com/rhel7/rhel:7.2\").", - Type: []string{"string"}, - Format: "", + "signatures": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge", + }, }, - }, - "signedClaims": { SchemaProps: spec.SchemaProps{ - Description: "Contains claims from the signature.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, + Description: "signatures holds all signatures of the image.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/image/v1.ImageSignature"), }, }, }, }, }, - "created": { - SchemaProps: spec.SchemaProps{ - Description: "If specified, it is the time of signature's creation.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), - }, - }, - "issuedBy": { - SchemaProps: spec.SchemaProps{ - Description: "If specified, it holds information about an issuer of signing certificate or key (a person or entity who signed the signing certificate or key).", - Ref: ref("github.com/openshift/api/image/v1.SignatureIssuer"), - }, - }, - "issuedTo": { + "dockerImageSignatures": { SchemaProps: spec.SchemaProps{ - Description: "If specified, it holds information about a subject of signing certificate or key (a person or entity who signed the image).", - Ref: ref("github.com/openshift/api/image/v1.SignatureSubject"), + Description: "dockerImageSignatures provides the signatures as opaque blobs. This is a part of manifest schema v1.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "byte", + }, + }, + }, }, }, - }, - Required: []string{"type", "content"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/image/v1.SignatureCondition", "github.com/openshift/api/image/v1.SignatureIssuer", "github.com/openshift/api/image/v1.SignatureSubject", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, - } -} - -func schema_openshift_api_image_v1_ImageStream(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "An ImageStream stores a mapping of tags to images, metadata overrides that are applied when images are tagged in a stream, and an optional reference to a container image repository on a registry. Users typically update the spec.tags field to point to external images which are imported from container registries using credentials in your namespace with the pull secret type, or to existing image stream tags and images which are immediately accessible for tagging or pulling. The history of images applied to a tag is visible in the status.tags field and any user who can view an image stream is allowed to tag that image into their own image streams. Access to pull images from the integrated registry is granted by having the \"get imagestreams/layers\" permission on a given image stream. Users may remove a tag by deleting the imagestreamtag resource, which causes both spec and status for that tag to be removed. Image stream history is retained until an administrator runs the prune operation, which removes references that are no longer in use. To preserve a historical image, ensure there is a tag in spec pointing to that image by its digest.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { + "dockerImageManifestMediaType": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "dockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2.", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "dockerImageConfig": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "dockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. Will not be set when the image represents a manifest list.", Type: []string{"string"}, Format: "", }, }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), - }, - }, - "spec": { - SchemaProps: spec.SchemaProps{ - Description: "spec describes the desired state of this stream", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.ImageStreamSpec"), - }, - }, - "status": { + "dockerImageManifests": { SchemaProps: spec.SchemaProps{ - Description: "status describes the current state of this stream", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.ImageStreamStatus"), + Description: "dockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/image/v1.ImageManifest"), + }, + }, + }, }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.ImageStreamSpec", "github.com/openshift/api/image/v1.ImageStreamStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/image/v1.ImageLayer", "github.com/openshift/api/image/v1.ImageManifest", "github.com/openshift/api/image/v1.ImageSignature", metav1.ObjectMeta{}.OpenAPIModelName(), runtime.RawExtension{}.OpenAPIModelName()}, } } -func schema_openshift_api_image_v1_ImageStreamImage(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_ImageBlobReferences(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ImageStreamImage represents an Image that is retrieved by image name from an ImageStream. User interfaces and regular users can use this resource to access the metadata details of a tagged image in the image stream history for viewing, since Image resources are not directly accessible to end users. A not found error will be returned if no such image is referenced by a tag within the ImageStream. Images are created when spec tags are set on an image stream that represent an image in an external registry, when pushing to the integrated registry, or when tagging an existing image from one image stream to another. The name of an image stream image is in the form \"@\", where the digest is the content addressible identifier for the image (sha256:xxxxx...). You can use ImageStreamImages as the from.kind of an image stream spec tag to reference an image exactly. The only operations supported on the imagestreamimage endpoint are retrieving the image.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Description: "ImageBlobReferences describes the blob references within an image.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "imageMissing": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, + Description: "imageMissing is true if the image is referenced by the image stream but the image object has been deleted from the API by an administrator. When this field is set, layers and config fields may be empty and callers that depend on the image metadata should consider the image to be unavailable for download or viewing.", + Default: false, + Type: []string{"boolean"}, Format: "", }, }, - "apiVersion": { + "layers": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", + Description: "layers is the list of blobs that compose this image, from base layer to top layer. All layers referenced by this array will be defined in the blobs map. Some images may have zero layers.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "metadata": { + "config": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Description: "config, if set, is the blob that contains the image config. Some images do not have separate config blobs and this field will be set to nil if so.", + Type: []string{"string"}, + Format: "", }, }, - "image": { + "manifests": { SchemaProps: spec.SchemaProps{ - Description: "image associated with the ImageStream and image name.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.Image"), + Description: "manifests is the list of other image names that this image points to. For a single architecture image, it is empty. For a multi-arch image, it consists of the digests of single architecture images, such images shouldn't have layers nor config.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, }, - Required: []string{"image"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/image/v1.Image", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_image_v1_ImageStreamImport(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_ImageImportSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "The image stream import resource provides an easy way for a user to find and import container images from other container image registries into the server. Individual images or an entire image repository may be imported, and users may choose to see the results of the import prior to tagging the resulting images into the specified image stream.\n\nThis API is intended for end-user tools that need to see the metadata of the image prior to import (for instance, to generate an application from it). Clients that know the desired image can continue to create spec.tags directly into their image streams.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Description: "ImageImportSpec describes a request to import a specific image.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "from": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", + Description: "from is the source of an image to import; only kind DockerImage is allowed", + Default: map[string]interface{}{}, + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, - "apiVersion": { + "to": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", + Description: "to is a tag in the current image stream to assign the imported image to, if name is not specified the default tag from from.name will be used", + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, - "metadata": { + "importPolicy": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Description: "importPolicy is the policy controlling how the image is imported", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref("github.com/openshift/api/image/v1.TagImportPolicy"), }, }, - "spec": { + "referencePolicy": { SchemaProps: spec.SchemaProps{ - Description: "spec is a description of the images that the user wishes to import", + Description: "referencePolicy defines how other components should consume the image", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.ImageStreamImportSpec"), + Ref: ref("github.com/openshift/api/image/v1.TagReferencePolicy"), }, }, - "status": { + "includeManifest": { SchemaProps: spec.SchemaProps{ - Description: "status is the result of importing the image", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.ImageStreamImportStatus"), + Description: "includeManifest determines if the manifest for each image is returned in the response", + Type: []string{"boolean"}, + Format: "", }, }, }, - Required: []string{"spec", "status"}, + Required: []string{"from"}, }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.ImageStreamImportSpec", "github.com/openshift/api/image/v1.ImageStreamImportStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/image/v1.TagImportPolicy", "github.com/openshift/api/image/v1.TagReferencePolicy", corev1.LocalObjectReference{}.OpenAPIModelName(), corev1.ObjectReference{}.OpenAPIModelName()}, } } -func schema_openshift_api_image_v1_ImageStreamImportSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_ImageImportStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ImageStreamImportSpec defines what images should be imported.", + Description: "ImageImportStatus describes the result of an image import.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "import": { + "status": { SchemaProps: spec.SchemaProps{ - Description: "import indicates whether to perform an import - if so, the specified tags are set on the spec and status of the image stream defined by the type meta.", - Default: false, - Type: []string{"boolean"}, - Format: "", + Description: "status is the status of the image import, including errors encountered while retrieving the image", + Default: map[string]interface{}{}, + Ref: ref(metav1.Status{}.OpenAPIModelName()), }, }, - "repository": { + "image": { SchemaProps: spec.SchemaProps{ - Description: "repository is an optional import of an entire container image repository. A maximum limit on the number of tags imported this way is imposed by the server.", - Ref: ref("github.com/openshift/api/image/v1.RepositoryImportSpec"), + Description: "image is the metadata of that image, if the image was located", + Ref: ref("github.com/openshift/api/image/v1.Image"), }, }, - "images": { + "tag": { SchemaProps: spec.SchemaProps{ - Description: "images are a list of individual images to import.", + Description: "tag is the tag this image was located under, if any", + Type: []string{"string"}, + Format: "", + }, + }, + "manifests": { + SchemaProps: spec.SchemaProps{ + Description: "manifests holds sub-manifests metadata when importing a manifest list", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.ImageImportSpec"), + Ref: ref("github.com/openshift/api/image/v1.Image"), }, }, }, }, }, }, - Required: []string{"import"}, + Required: []string{"status"}, }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.ImageImportSpec", "github.com/openshift/api/image/v1.RepositoryImportSpec"}, + "github.com/openshift/api/image/v1.Image", metav1.Status{}.OpenAPIModelName()}, } } -func schema_openshift_api_image_v1_ImageStreamImportStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_ImageLayer(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ImageStreamImportStatus contains information about the status of an image stream import.", + Description: "ImageLayer represents a single layer of the image. Some images may have multiple layers. Some may have none.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "import": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "import is the image stream that was successfully updated or created when 'to' was set.", - Ref: ref("github.com/openshift/api/image/v1.ImageStream"), + Description: "name of the layer as defined by the underlying store.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "repository": { + "size": { SchemaProps: spec.SchemaProps{ - Description: "repository is set if spec.repository was set to the outcome of the import", - Ref: ref("github.com/openshift/api/image/v1.RepositoryImportStatus"), + Description: "size of the layer in bytes as defined by the underlying store.", + Default: 0, + Type: []string{"integer"}, + Format: "int64", }, }, - "images": { + "mediaType": { SchemaProps: spec.SchemaProps{ - Description: "images is set with the result of importing spec.images", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.ImageImportStatus"), - }, - }, - }, + Description: "mediaType of the referenced object.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, + Required: []string{"name", "size", "mediaType"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/image/v1.ImageImportStatus", "github.com/openshift/api/image/v1.ImageStream", "github.com/openshift/api/image/v1.RepositoryImportStatus"}, } } -func schema_openshift_api_image_v1_ImageStreamLayers(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_ImageLayerData(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ImageStreamLayers describes information about the layers referenced by images in this image stream.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Description: "ImageLayerData contains metadata about an image layer.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "size": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", + Description: "size of the layer in bytes as defined by the underlying store. This field is optional if the necessary information about size is not available.", + Type: []string{"integer"}, + Format: "int64", }, }, - "apiVersion": { + "mediaType": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "mediaType of the referenced object.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), - }, - }, - "blobs": { - SchemaProps: spec.SchemaProps{ - Description: "blobs is a map of blob name to metadata about the blob.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.ImageLayerData"), - }, - }, - }, - }, - }, - "images": { - SchemaProps: spec.SchemaProps{ - Description: "images is a map between an image name and the names of the blobs and config that comprise the image.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.ImageBlobReferences"), - }, - }, - }, - }, - }, }, - Required: []string{"blobs", "images"}, + Required: []string{"size", "mediaType"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/image/v1.ImageBlobReferences", "github.com/openshift/api/image/v1.ImageLayerData", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_image_v1_ImageStreamList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_ImageList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ImageStreamList is a list of ImageStream objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Description: "ImageList is a list of Image objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -29202,18 +29984,18 @@ func schema_openshift_api_image_v1_ImageStreamList(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { SchemaProps: spec.SchemaProps{ - Description: "items is a list of imageStreams", + Description: "items is a list of images", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.ImageStream"), + Ref: ref("github.com/openshift/api/image/v1.Image"), }, }, }, @@ -29224,166 +30006,98 @@ func schema_openshift_api_image_v1_ImageStreamList(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.ImageStream", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, - } -} - -func schema_openshift_api_image_v1_ImageStreamMapping(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ImageStreamMapping represents a mapping from a single image stream tag to a container image as well as the reference to the container image stream the image came from. This resource is used by privileged integrators to create an image resource and to associate it with an image stream in the status tags field. Creating an ImageStreamMapping will allow any user who can view the image stream to tag or pull that image, so only create mappings where the user has proven they have access to the image contents directly. The only operation supported for this resource is create and the metadata name and namespace should be set to the image stream containing the tag that should be updated.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), - }, - }, - "image": { - SchemaProps: spec.SchemaProps{ - Description: "image is a container image.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.Image"), - }, - }, - "tag": { - SchemaProps: spec.SchemaProps{ - Description: "tag is a string value this image can be located with inside the stream.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - Required: []string{"image", "tag"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/image/v1.Image", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/image/v1.Image", metav1.ListMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_image_v1_ImageStreamSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_ImageLookupPolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ImageStreamSpec represents options for ImageStreams.", + Description: "ImageLookupPolicy describes how an image stream can be used to override the image references used by pods, builds, and other resources in a namespace.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "lookupPolicy": { - SchemaProps: spec.SchemaProps{ - Description: "lookupPolicy controls how other resources reference images within this namespace.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.ImageLookupPolicy"), - }, - }, - "dockerImageRepository": { + "local": { SchemaProps: spec.SchemaProps{ - Description: "dockerImageRepository is optional, if specified this stream is backed by a container repository on this server Deprecated: This field is deprecated as of v3.7 and will be removed in a future release. Specify the source for the tags to be imported in each tag via the spec.tags.from reference instead.", - Type: []string{"string"}, + Description: "local will change the docker short image references (like \"mysql\" or \"php:latest\") on objects in this namespace to the image ID whenever they match this image stream, instead of reaching out to a remote registry. The name will be fully qualified to an image ID if found. The tag's referencePolicy is taken into account on the replaced value. Only works within the current namespace.", + Default: false, + Type: []string{"boolean"}, Format: "", }, }, - "tags": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "tags map arbitrary string values to specific image locators", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.TagReference"), - }, - }, - }, - }, - }, }, + Required: []string{"local"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/image/v1.ImageLookupPolicy", "github.com/openshift/api/image/v1.TagReference"}, } } -func schema_openshift_api_image_v1_ImageStreamStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_ImageManifest(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ImageStreamStatus contains information about the state of this image stream.", + Description: "ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "dockerImageRepository": { + "digest": { SchemaProps: spec.SchemaProps{ - Description: "dockerImageRepository represents the effective location this stream may be accessed at. May be empty until the server determines where the repository is located", + Description: "digest is the unique identifier for the manifest. It refers to an Image object.", Default: "", Type: []string{"string"}, Format: "", }, }, - "publicDockerImageRepository": { + "mediaType": { SchemaProps: spec.SchemaProps{ - Description: "publicDockerImageRepository represents the public location from where the image can be pulled outside the cluster. This field may be empty if the administrator has not exposed the integrated registry externally.", + Description: "mediaType defines the type of the manifest, possible values are application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json or application/vnd.docker.distribution.manifest.v1+json.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "tags": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-patch-merge-key": "tag", - "x-kubernetes-patch-strategy": "merge", - }, + "manifestSize": { + SchemaProps: spec.SchemaProps{ + Description: "manifestSize represents the size of the raw object contents, in bytes.", + Default: 0, + Type: []string{"integer"}, + Format: "int64", }, + }, + "architecture": { SchemaProps: spec.SchemaProps{ - Description: "tags are a historical record of images associated with each tag. The first entry in the TagEvent array is the currently tagged image.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.NamedTagEventList"), - }, - }, - }, + Description: "architecture specifies the supported CPU architecture, for example `amd64` or `ppc64le`.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "os": { + SchemaProps: spec.SchemaProps{ + Description: "os specifies the operating system, for example `linux`.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "variant": { + SchemaProps: spec.SchemaProps{ + Description: "variant is an optional field repreenting a variant of the CPU, for example v6 to specify a particular CPU variant of the ARM CPU.", + Type: []string{"string"}, + Format: "", }, }, }, + Required: []string{"digest", "mediaType", "manifestSize", "architecture", "os"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/image/v1.NamedTagEventList"}, } } -func schema_openshift_api_image_v1_ImageStreamTag(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_ImageSignature(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ImageStreamTag represents an Image that is retrieved by tag name from an ImageStream. Use this resource to interact with the tags and images in an image stream by tag, or to see the image details for a particular tag. The image associated with this resource is the most recently successfully tagged, imported, or pushed image (as described in the image stream status.tags.items list for this tag). If an import is in progress or has failed the previous image will be shown. Deleting an image stream tag clears both the status and spec fields of an image stream. If no image can be retrieved for a given tag, a not found error will be returned.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Description: "ImageSignature holds a signature of an image. It allows to verify image identity and possibly other claims as long as the signature is trusted. Based on this information it is possible to restrict runnable images to those matching cluster-wide policy. Mandatory fields should be parsed by clients doing image verification. The others are parsed from signature's content by the server. They serve just an informative purpose.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -29404,65 +30118,99 @@ func schema_openshift_api_image_v1_ImageStreamTag(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), - }, - }, - "tag": { - SchemaProps: spec.SchemaProps{ - Description: "tag is the spec tag associated with this image stream tag, and it may be null if only pushes have occurred to this image stream.", - Ref: ref("github.com/openshift/api/image/v1.TagReference"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, - "generation": { + "type": { SchemaProps: spec.SchemaProps{ - Description: "generation is the current generation of the tagged image - if tag is provided and this value is not equal to the tag generation, a user has requested an import that has not completed, or conditions will be filled out indicating any error.", - Default: 0, - Type: []string{"integer"}, - Format: "int64", + Description: "Required: Describes a type of stored blob.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "lookupPolicy": { + "content": { SchemaProps: spec.SchemaProps{ - Description: "lookupPolicy indicates whether this tag will handle image references in this namespace.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.ImageLookupPolicy"), + Description: "Required: An opaque binary string which is an image's signature.", + Type: []string{"string"}, + Format: "byte", }, }, "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "conditions is an array of conditions that apply to the image stream tag.", + Description: "conditions represent the latest available observations of a signature's current state.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.TagEventCondition"), + Ref: ref("github.com/openshift/api/image/v1.SignatureCondition"), }, }, }, }, }, - "image": { + "imageIdentity": { SchemaProps: spec.SchemaProps{ - Description: "image associated with the ImageStream and tag.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.Image"), + Description: "A human readable string representing image's identity. It could be a product name and version, or an image pull spec (e.g. \"registry.access.redhat.com/rhel7/rhel:7.2\").", + Type: []string{"string"}, + Format: "", + }, + }, + "signedClaims": { + SchemaProps: spec.SchemaProps{ + Description: "Contains claims from the signature.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "created": { + SchemaProps: spec.SchemaProps{ + Description: "If specified, it is the time of signature's creation.", + Ref: ref(metav1.Time{}.OpenAPIModelName()), + }, + }, + "issuedBy": { + SchemaProps: spec.SchemaProps{ + Description: "If specified, it holds information about an issuer of signing certificate or key (a person or entity who signed the signing certificate or key).", + Ref: ref("github.com/openshift/api/image/v1.SignatureIssuer"), + }, + }, + "issuedTo": { + SchemaProps: spec.SchemaProps{ + Description: "If specified, it holds information about a subject of signing certificate or key (a person or entity who signed the image).", + Ref: ref("github.com/openshift/api/image/v1.SignatureSubject"), }, }, }, - Required: []string{"tag", "generation", "lookupPolicy", "image"}, + Required: []string{"type", "content"}, }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.Image", "github.com/openshift/api/image/v1.ImageLookupPolicy", "github.com/openshift/api/image/v1.TagEventCondition", "github.com/openshift/api/image/v1.TagReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/image/v1.SignatureCondition", "github.com/openshift/api/image/v1.SignatureIssuer", "github.com/openshift/api/image/v1.SignatureSubject", metav1.ObjectMeta{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, } } -func schema_openshift_api_image_v1_ImageStreamTagList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_ImageStream(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ImageStreamTagList is a list of ImageStreamTag objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Description: "An ImageStream stores a mapping of tags to images, metadata overrides that are applied when images are tagged in a stream, and an optional reference to a container image repository on a registry. Users typically update the spec.tags field to point to external images which are imported from container registries using credentials in your namespace with the pull secret type, or to existing image stream tags and images which are immediately accessible for tagging or pulling. The history of images applied to a tag is visible in the status.tags field and any user who can view an image stream is allowed to tag that image into their own image streams. Access to pull images from the integrated registry is granted by having the \"get imagestreams/layers\" permission on a given image stream. Users may remove a tag by deleting the imagestreamtag resource, which causes both spec and status for that tag to be removed. Image stream history is retained until an administrator runs the prune operation, which removes references that are no longer in use. To preserve a historical image, ensure there is a tag in spec pointing to that image by its digest.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -29481,39 +30229,38 @@ func schema_openshift_api_image_v1_ImageStreamTagList(ref common.ReferenceCallba }, "metadata": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, - "items": { + "spec": { SchemaProps: spec.SchemaProps{ - Description: "items is the list of image stream tags", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.ImageStreamTag"), - }, - }, - }, + Description: "spec describes the desired state of this stream", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/image/v1.ImageStreamSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "status describes the current state of this stream", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/image/v1.ImageStreamStatus"), }, }, }, - Required: []string{"items"}, }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.ImageStreamTag", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/image/v1.ImageStreamSpec", "github.com/openshift/api/image/v1.ImageStreamStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_image_v1_ImageTag(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_ImageStreamImage(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ImageTag represents a single tag within an image stream and includes the spec, the status history, and the currently referenced image (if any) of the provided tag. This type replaces the ImageStreamTag by providing a full view of the tag. ImageTags are returned for every spec or status tag present on the image stream. If no tag exists in either form, a not found error will be returned by the API. A create operation will succeed if no spec tag has already been defined and the spec field is set. Delete will remove both spec and status elements from the image stream.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Description: "ImageStreamImage represents an Image that is retrieved by image name from an ImageStream. User interfaces and regular users can use this resource to access the metadata details of a tagged image in the image stream history for viewing, since Image resources are not directly accessible to end users. A not found error will be returned if no such image is referenced by a tag within the ImageStream. Images are created when spec tags are set on an image stream that represent an image in an external registry, when pushing to the integrated registry, or when tagging an existing image from one image stream to another. The name of an image stream image is in the form \"@\", where the digest is the content addressible identifier for the image (sha256:xxxxx...). You can use ImageStreamImages as the from.kind of an image stream spec tag to reference an image exactly. The only operations supported on the imagestreamimage endpoint are retrieving the image.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -29534,41 +30281,30 @@ func schema_openshift_api_image_v1_ImageTag(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), - }, - }, - "spec": { - SchemaProps: spec.SchemaProps{ - Description: "spec is the spec tag associated with this image stream tag, and it may be null if only pushes have occurred to this image stream.", - Ref: ref("github.com/openshift/api/image/v1.TagReference"), - }, - }, - "status": { - SchemaProps: spec.SchemaProps{ - Description: "status is the status tag details associated with this image stream tag, and it may be null if no push or import has been performed.", - Ref: ref("github.com/openshift/api/image/v1.NamedTagEventList"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "image": { SchemaProps: spec.SchemaProps{ - Description: "image is the details of the most recent image stream status tag, and it may be null if import has not completed or an administrator has deleted the image object. To verify this is the most recent image, you must verify the generation of the most recent status.items entry matches the spec tag (if a spec tag is set). This field will not be set when listing image tags.", + Description: "image associated with the ImageStream and image name.", + Default: map[string]interface{}{}, Ref: ref("github.com/openshift/api/image/v1.Image"), }, }, }, - Required: []string{"spec", "status", "image"}, + Required: []string{"image"}, }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.Image", "github.com/openshift/api/image/v1.NamedTagEventList", "github.com/openshift/api/image/v1.TagReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/image/v1.Image", metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_image_v1_ImageTagList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_ImageStreamImport(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ImageTagList is a list of ImageTag objects. When listing image tags, the image field is not populated. Tags are returned in alphabetical order by image stream and then tag.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Description: "The image stream import resource provides an easy way for a user to find and import container images from other container image registries into the server. Individual images or an entire image repository may be imported, and users may choose to see the results of the import prior to tagging the resulting images into the specified image stream.\n\nThis API is intended for end-user tools that need to see the metadata of the image prior to import (for instance, to generate an application from it). Clients that know the desired image can continue to create spec.tags directly into their image streams.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -29587,147 +30323,100 @@ func schema_openshift_api_image_v1_ImageTagList(ref common.ReferenceCallback) co }, "metadata": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, - "items": { + "spec": { SchemaProps: spec.SchemaProps{ - Description: "items is the list of image stream tags", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.ImageTag"), - }, - }, - }, + Description: "spec is a description of the images that the user wishes to import", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/image/v1.ImageStreamImportSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "status is the result of importing the image", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/image/v1.ImageStreamImportStatus"), }, }, }, - Required: []string{"items"}, + Required: []string{"spec", "status"}, }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.ImageTag", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/image/v1.ImageStreamImportSpec", "github.com/openshift/api/image/v1.ImageStreamImportStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_image_v1_NamedTagEventList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_ImageStreamImportSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "NamedTagEventList relates a tag to its image history.", + Description: "ImageStreamImportSpec defines what images should be imported.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "tag": { + "import": { SchemaProps: spec.SchemaProps{ - Description: "tag is the tag for which the history is recorded", - Default: "", - Type: []string{"string"}, + Description: "import indicates whether to perform an import - if so, the specified tags are set on the spec and status of the image stream defined by the type meta.", + Default: false, + Type: []string{"boolean"}, Format: "", }, }, - "items": { + "repository": { SchemaProps: spec.SchemaProps{ - Description: "Standard object's metadata.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.TagEvent"), - }, - }, - }, + Description: "repository is an optional import of an entire container image repository. A maximum limit on the number of tags imported this way is imposed by the server.", + Ref: ref("github.com/openshift/api/image/v1.RepositoryImportSpec"), }, }, - "conditions": { + "images": { SchemaProps: spec.SchemaProps{ - Description: "conditions is an array of conditions that apply to the tag event list.", + Description: "images are a list of individual images to import.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.TagEventCondition"), + Ref: ref("github.com/openshift/api/image/v1.ImageImportSpec"), }, }, }, }, }, }, - Required: []string{"tag", "items"}, + Required: []string{"import"}, }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.TagEvent", "github.com/openshift/api/image/v1.TagEventCondition"}, + "github.com/openshift/api/image/v1.ImageImportSpec", "github.com/openshift/api/image/v1.RepositoryImportSpec"}, } } -func schema_openshift_api_image_v1_RepositoryImportSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_ImageStreamImportStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "RepositoryImportSpec describes a request to import images from a container image repository.", + Description: "ImageStreamImportStatus contains information about the status of an image stream import.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "from": { - SchemaProps: spec.SchemaProps{ - Description: "from is the source for the image repository to import; only kind DockerImage and a name of a container image repository is allowed", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ObjectReference"), - }, - }, - "importPolicy": { - SchemaProps: spec.SchemaProps{ - Description: "importPolicy is the policy controlling how the image is imported", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.TagImportPolicy"), - }, - }, - "referencePolicy": { - SchemaProps: spec.SchemaProps{ - Description: "referencePolicy defines how other components should consume the image", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.TagReferencePolicy"), - }, - }, - "includeManifest": { + "import": { SchemaProps: spec.SchemaProps{ - Description: "includeManifest determines if the manifest for each image is returned in the response", - Type: []string{"boolean"}, - Format: "", + Description: "import is the image stream that was successfully updated or created when 'to' was set.", + Ref: ref("github.com/openshift/api/image/v1.ImageStream"), }, }, - }, - Required: []string{"from"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/image/v1.TagImportPolicy", "github.com/openshift/api/image/v1.TagReferencePolicy", "k8s.io/api/core/v1.ObjectReference"}, - } -} - -func schema_openshift_api_image_v1_RepositoryImportStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "RepositoryImportStatus describes the result of an image repository import", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "status": { + "repository": { SchemaProps: spec.SchemaProps{ - Description: "status reflects whether any failure occurred during import", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Status"), + Description: "repository is set if spec.repository was set to the outcome of the import", + Ref: ref("github.com/openshift/api/image/v1.RepositoryImportStatus"), }, }, "images": { SchemaProps: spec.SchemaProps{ - Description: "images is a list of images successfully retrieved by the import of the repository.", + Description: "images is set with the result of importing spec.images", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -29739,34 +30428,19 @@ func schema_openshift_api_image_v1_RepositoryImportStatus(ref common.ReferenceCa }, }, }, - "additionalTags": { - SchemaProps: spec.SchemaProps{ - Description: "additionalTags are tags that exist in the repository but were not imported because a maximum limit of automatic imports was applied.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.ImageImportStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.Status"}, + "github.com/openshift/api/image/v1.ImageImportStatus", "github.com/openshift/api/image/v1.ImageStream", "github.com/openshift/api/image/v1.RepositoryImportStatus"}, } } -func schema_openshift_api_image_v1_SecretList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_ImageStreamLayers(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "SecretList is a list of Secret.", + Description: "ImageStreamLayers describes information about the layers referenced by images in this image stream.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -29785,461 +30459,387 @@ func schema_openshift_api_image_v1_SecretList(ref common.ReferenceCallback) comm }, "metadata": { SchemaProps: spec.SchemaProps{ - Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, - "items": { + "blobs": { SchemaProps: spec.SchemaProps{ - Description: "Items is a list of secret objects. More info: https://kubernetes.io/docs/concepts/configuration/secret", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ + Description: "blobs is a map of blob name to metadata about the blob.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.Secret"), + Ref: ref("github.com/openshift/api/image/v1.ImageLayerData"), }, }, }, }, }, - }, - Required: []string{"items"}, - }, - }, - Dependencies: []string{ - "k8s.io/api/core/v1.Secret", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, - } -} - -func schema_openshift_api_image_v1_SignatureCondition(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "SignatureCondition describes an image signature condition of particular kind at particular probe time.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "type": { - SchemaProps: spec.SchemaProps{ - Description: "type of signature condition, Complete or Failed.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "status": { - SchemaProps: spec.SchemaProps{ - Description: "status of the condition, one of True, False, Unknown.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "lastProbeTime": { - SchemaProps: spec.SchemaProps{ - Description: "Last time the condition was checked.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), - }, - }, - "lastTransitionTime": { - SchemaProps: spec.SchemaProps{ - Description: "Last time the condition transit from one status to another.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), - }, - }, - "reason": { - SchemaProps: spec.SchemaProps{ - Description: "(brief) reason for the condition's last transition.", - Type: []string{"string"}, - Format: "", - }, - }, - "message": { + "images": { SchemaProps: spec.SchemaProps{ - Description: "Human readable message indicating details about last transition.", - Type: []string{"string"}, - Format: "", + Description: "images is a map between an image name and the names of the blobs and config that comprise the image.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/image/v1.ImageBlobReferences"), + }, + }, + }, }, }, }, - Required: []string{"type", "status"}, + Required: []string{"blobs", "images"}, }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + "github.com/openshift/api/image/v1.ImageBlobReferences", "github.com/openshift/api/image/v1.ImageLayerData", metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_image_v1_SignatureGenericEntity(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_ImageStreamList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "SignatureGenericEntity holds a generic information about a person or entity who is an issuer or a subject of signing certificate or key.", + Description: "ImageStreamList is a list of ImageStream objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "organization": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "organization name.", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "commonName": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "Common name (e.g. openshift-signing-service).", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - }, - }, - }, - } -} - -func schema_openshift_api_image_v1_SignatureIssuer(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "SignatureIssuer holds information about an issuer of signing certificate or key.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "organization": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "organization name.", - Type: []string{"string"}, - Format: "", + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, - "commonName": { + "items": { SchemaProps: spec.SchemaProps{ - Description: "Common name (e.g. openshift-signing-service).", - Type: []string{"string"}, - Format: "", + Description: "items is a list of imageStreams", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/image/v1.ImageStream"), + }, + }, + }, }, }, }, + Required: []string{"items"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/image/v1.ImageStream", metav1.ListMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_image_v1_SignatureSubject(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_ImageStreamMapping(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "SignatureSubject holds information about a person or entity who created the signature.", + Description: "ImageStreamMapping represents a mapping from a single image stream tag to a container image as well as the reference to the container image stream the image came from. This resource is used by privileged integrators to create an image resource and to associate it with an image stream in the status tags field. Creating an ImageStreamMapping will allow any user who can view the image stream to tag or pull that image, so only create mappings where the user has proven they have access to the image contents directly. The only operation supported for this resource is create and the metadata name and namespace should be set to the image stream containing the tag that should be updated.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "organization": { - SchemaProps: spec.SchemaProps{ - Description: "organization name.", - Type: []string{"string"}, - Format: "", - }, - }, - "commonName": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "Common name (e.g. openshift-signing-service).", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "publicKeyID": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "If present, it is a human readable key id of public key belonging to the subject used to verify image signature. It should contain at least 64 lowest bits of public key's fingerprint (e.g. 0x685ebe62bf278440).", - Default: "", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - }, - Required: []string{"publicKeyID"}, - }, - }, - } -} - -func schema_openshift_api_image_v1_TagEvent(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "TagEvent is used by ImageStreamStatus to keep a historical record of images associated with a tag.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "created": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "created holds the time the TagEvent was created", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, - "dockerImageReference": { + "image": { SchemaProps: spec.SchemaProps{ - Description: "dockerImageReference is the string that can be used to pull this image", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "image is a container image.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/image/v1.Image"), }, }, - "image": { + "tag": { SchemaProps: spec.SchemaProps{ - Description: "image is the image", + Description: "tag is a string value this image can be located with inside the stream.", Default: "", Type: []string{"string"}, Format: "", }, }, - "generation": { - SchemaProps: spec.SchemaProps{ - Description: "generation is the spec tag generation that resulted in this tag being updated", - Default: 0, - Type: []string{"integer"}, - Format: "int64", - }, - }, }, - Required: []string{"created", "dockerImageReference", "image", "generation"}, + Required: []string{"image", "tag"}, }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + "github.com/openshift/api/image/v1.Image", metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_image_v1_TagEventCondition(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_ImageStreamSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "TagEventCondition contains condition information for a tag event.", + Description: "ImageStreamSpec represents options for ImageStreams.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "type": { - SchemaProps: spec.SchemaProps{ - Description: "type of tag event condition, currently only ImportSuccess", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "status": { - SchemaProps: spec.SchemaProps{ - Description: "status of the condition, one of True, False, Unknown.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "lastTransitionTime": { + "lookupPolicy": { SchemaProps: spec.SchemaProps{ - Description: "lastTransitionTime is the time the condition transitioned from one status to another.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Description: "lookupPolicy controls how other resources reference images within this namespace.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/image/v1.ImageLookupPolicy"), }, }, - "reason": { + "dockerImageRepository": { SchemaProps: spec.SchemaProps{ - Description: "reason is a brief machine readable explanation for the condition's last transition.", + Description: "dockerImageRepository is optional, if specified this stream is backed by a container repository on this server Deprecated: This field is deprecated as of v3.7 and will be removed in a future release. Specify the source for the tags to be imported in each tag via the spec.tags.from reference instead.", Type: []string{"string"}, Format: "", }, }, - "message": { - SchemaProps: spec.SchemaProps{ - Description: "message is a human readable description of the details about last transition, complementing reason.", - Type: []string{"string"}, - Format: "", + "tags": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge", + }, }, - }, - "generation": { SchemaProps: spec.SchemaProps{ - Description: "generation is the spec tag generation that this status corresponds to", - Default: 0, - Type: []string{"integer"}, - Format: "int64", + Description: "tags map arbitrary string values to specific image locators", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/image/v1.TagReference"), + }, + }, + }, }, }, }, - Required: []string{"type", "status", "generation"}, }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + "github.com/openshift/api/image/v1.ImageLookupPolicy", "github.com/openshift/api/image/v1.TagReference"}, } } -func schema_openshift_api_image_v1_TagImportPolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_ImageStreamStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "TagImportPolicy controls how images related to this tag will be imported.", + Description: "ImageStreamStatus contains information about the state of this image stream.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "insecure": { + "dockerImageRepository": { SchemaProps: spec.SchemaProps{ - Description: "insecure is true if the server may bypass certificate verification or connect directly over HTTP during image import.", - Type: []string{"boolean"}, + Description: "dockerImageRepository represents the effective location this stream may be accessed at. May be empty until the server determines where the repository is located", + Default: "", + Type: []string{"string"}, Format: "", }, }, - "scheduled": { + "publicDockerImageRepository": { SchemaProps: spec.SchemaProps{ - Description: "scheduled indicates to the server that this tag should be periodically checked to ensure it is up to date, and imported", - Type: []string{"boolean"}, + Description: "publicDockerImageRepository represents the public location from where the image can be pulled outside the cluster. This field may be empty if the administrator has not exposed the integrated registry externally.", + Type: []string{"string"}, Format: "", }, }, - "importMode": { + "tags": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-patch-merge-key": "tag", + "x-kubernetes-patch-strategy": "merge", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "importMode describes how to import an image manifest.", - Type: []string{"string"}, - Format: "", + Description: "tags are a historical record of images associated with each tag. The first entry in the TagEvent array is the currently tagged image.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/image/v1.NamedTagEventList"), + }, + }, + }, }, }, }, }, }, + Dependencies: []string{ + "github.com/openshift/api/image/v1.NamedTagEventList"}, } } -func schema_openshift_api_image_v1_TagReference(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_ImageStreamTag(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "TagReference specifies optional annotations for images using this tag and an optional reference to an ImageStreamTag, ImageStreamImage, or DockerImage this tag should track.", + Description: "ImageStreamTag represents an Image that is retrieved by tag name from an ImageStream. Use this resource to interact with the tags and images in an image stream by tag, or to see the image details for a particular tag. The image associated with this resource is the most recently successfully tagged, imported, or pushed image (as described in the image stream status.tags.items list for this tag). If an import is in progress or has failed the previous image will be shown. Deleting an image stream tag clears both the status and spec fields of an image stream. If no image can be retrieved for a given tag, a not found error will be returned.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "name of the tag", - Default: "", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "annotations": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "Optional; if specified, annotations that are applied to images retrieved via ImageStreamTags.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", }, }, - "from": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "Optional; if specified, a reference to another image that this tag should point to. Valid values are ImageStreamTag, ImageStreamImage, and DockerImage. ImageStreamTag references can only reference a tag within this same ImageStream.", - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, - "reference": { + "tag": { SchemaProps: spec.SchemaProps{ - Description: "reference states if the tag will be imported. Default value is false, which means the tag will be imported.", - Type: []string{"boolean"}, - Format: "", + Description: "tag is the spec tag associated with this image stream tag, and it may be null if only pushes have occurred to this image stream.", + Ref: ref("github.com/openshift/api/image/v1.TagReference"), }, }, "generation": { SchemaProps: spec.SchemaProps{ - Description: "generation is a counter that tracks mutations to the spec tag (user intent). When a tag reference is changed the generation is set to match the current stream generation (which is incremented every time spec is changed). Other processes in the system like the image importer observe that the generation of spec tag is newer than the generation recorded in the status and use that as a trigger to import the newest remote tag. To trigger a new import, clients may set this value to zero which will reset the generation to the latest stream generation. Legacy clients will send this value as nil which will be merged with the current tag generation.", + Description: "generation is the current generation of the tagged image - if tag is provided and this value is not equal to the tag generation, a user has requested an import that has not completed, or conditions will be filled out indicating any error.", + Default: 0, Type: []string{"integer"}, Format: "int64", }, }, - "importPolicy": { + "lookupPolicy": { SchemaProps: spec.SchemaProps{ - Description: "importPolicy is information that controls how images may be imported by the server.", + Description: "lookupPolicy indicates whether this tag will handle image references in this namespace.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.TagImportPolicy"), + Ref: ref("github.com/openshift/api/image/v1.ImageLookupPolicy"), }, }, - "referencePolicy": { + "conditions": { SchemaProps: spec.SchemaProps{ - Description: "referencePolicy defines how other components should consume the image.", + Description: "conditions is an array of conditions that apply to the image stream tag.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/image/v1.TagEventCondition"), + }, + }, + }, + }, + }, + "image": { + SchemaProps: spec.SchemaProps{ + Description: "image associated with the ImageStream and tag.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/image/v1.TagReferencePolicy"), + Ref: ref("github.com/openshift/api/image/v1.Image"), }, }, }, - Required: []string{"name"}, + Required: []string{"tag", "generation", "lookupPolicy", "image"}, }, }, Dependencies: []string{ - "github.com/openshift/api/image/v1.TagImportPolicy", "github.com/openshift/api/image/v1.TagReferencePolicy", "k8s.io/api/core/v1.ObjectReference"}, + "github.com/openshift/api/image/v1.Image", "github.com/openshift/api/image/v1.ImageLookupPolicy", "github.com/openshift/api/image/v1.TagEventCondition", "github.com/openshift/api/image/v1.TagReference", metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_image_v1_TagReferencePolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_ImageStreamTagList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "TagReferencePolicy describes how pull-specs for images in this image stream tag are generated when image change triggers in deployment configs or builds are resolved. This allows the image stream author to control how images are accessed.", + Description: "ImageStreamTagList is a list of ImageStreamTag objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "type": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "type determines how the image pull spec should be transformed when the image stream tag is used in deployment config triggers or new builds. The default value is `Source`, indicating the original location of the image should be used (if imported). The user may also specify `Local`, indicating that the pull spec should point to the integrated container image registry and leverage the registry's ability to proxy the pull to an upstream registry. `Local` allows the credentials used to pull this image to be managed from the image stream's namespace, so others on the platform can access a remote image but have no access to the remote secret. It also allows the image layers to be mirrored into the local registry which the images can still be pulled even if the upstream registry is unavailable.", - Default: "", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - }, - Required: []string{"type"}, - }, - }, - } -} - -func schema_openshift_api_insights_v1_Custom(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "Custom provides the custom configuration of gatherers", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "configs": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, + }, + "items": { SchemaProps: spec.SchemaProps{ - Description: "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + Description: "items is the list of image stream tags", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1.GathererConfig"), + Ref: ref("github.com/openshift/api/image/v1.ImageStreamTag"), }, }, }, }, }, }, - Required: []string{"configs"}, + Required: []string{"items"}, }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1.GathererConfig"}, + "github.com/openshift/api/image/v1.ImageStreamTag", metav1.ListMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_insights_v1_DataGather(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_ImageTag(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "DataGather provides data gather configuration options and status for the particular Insights data gathering.\n\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Description: "ImageTag represents a single tag within an image stream and includes the spec, the status history, and the currently referenced image (if any) of the provided tag. This type replaces the ImageStreamTag by providing a full view of the tag. ImageTags are returned for every spec or status tag present on the image stream. If no tag exists in either form, a not found error will be returned by the API. A create operation will succeed if no spec tag has already been defined and the spec field is set. Delete will remove both spec and status elements from the image stream.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -30260,37 +30860,41 @@ func schema_openshift_api_insights_v1_DataGather(ref common.ReferenceCallback) c SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { SchemaProps: spec.SchemaProps{ - Description: "spec holds user settable values for configuration", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1.DataGatherSpec"), + Description: "spec is the spec tag associated with this image stream tag, and it may be null if only pushes have occurred to this image stream.", + Ref: ref("github.com/openshift/api/image/v1.TagReference"), }, }, "status": { SchemaProps: spec.SchemaProps{ - Description: "status holds observed values from the cluster. They may not be overridden.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1.DataGatherStatus"), + Description: "status is the status tag details associated with this image stream tag, and it may be null if no push or import has been performed.", + Ref: ref("github.com/openshift/api/image/v1.NamedTagEventList"), + }, + }, + "image": { + SchemaProps: spec.SchemaProps{ + Description: "image is the details of the most recent image stream status tag, and it may be null if import has not completed or an administrator has deleted the image object. To verify this is the most recent image, you must verify the generation of the most recent status.items entry matches the spec tag (if a spec tag is set). This field will not be set when listing image tags.", + Ref: ref("github.com/openshift/api/image/v1.Image"), }, }, }, - Required: []string{"spec"}, + Required: []string{"spec", "status", "image"}, }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1.DataGatherSpec", "github.com/openshift/api/insights/v1.DataGatherStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/image/v1.Image", "github.com/openshift/api/image/v1.NamedTagEventList", "github.com/openshift/api/image/v1.TagReference", metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_insights_v1_DataGatherList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_ImageTagList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "DataGatherList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Description: "ImageTagList is a list of ImageTag objects. When listing image tags, the image field is not populated. Tags are returned in alphabetical order by image stream and then tag.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -30311,544 +30915,657 @@ func schema_openshift_api_insights_v1_DataGatherList(ref common.ReferenceCallbac SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, SchemaProps: spec.SchemaProps{ - Description: "items contains a list of DataGather resources.", + Description: "items is the list of image stream tags", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1.DataGather"), + Ref: ref("github.com/openshift/api/image/v1.ImageTag"), }, }, }, }, }, }, + Required: []string{"items"}, }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1.DataGather", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/image/v1.ImageTag", metav1.ListMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_insights_v1_DataGatherSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_NamedTagEventList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "DataGatherSpec contains the configuration for the DataGather.", + Description: "NamedTagEventList relates a tag to its image history.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "dataPolicy": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", + "tag": { + SchemaProps: spec.SchemaProps{ + Description: "tag is the tag for which the history is recorded", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Description: "Standard object's metadata.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/image/v1.TagEvent"), + }, + }, }, }, + }, + "conditions": { SchemaProps: spec.SchemaProps{ - Description: "dataPolicy is an optional list of DataPolicyOptions that allows user to enable additional obfuscation of the Insights archive data. It may not exceed 2 items and must not contain duplicates. Valid values are ObfuscateNetworking and WorkloadNames. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When set to WorkloadNames, the gathered data about cluster resources will not contain the workload names for your deployments. Resources UIDs will be used instead. When omitted no obfuscation is applied.", + Description: "conditions is an array of conditions that apply to the tag event list.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/image/v1.TagEventCondition"), }, }, }, }, }, - "gatherers": { + }, + Required: []string{"tag", "items"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/image/v1.TagEvent", "github.com/openshift/api/image/v1.TagEventCondition"}, + } +} + +func schema_openshift_api_image_v1_RepositoryImportSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RepositoryImportSpec describes a request to import images from a container image repository.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "from": { SchemaProps: spec.SchemaProps{ - Description: "gatherers is a required field that specifies the configuration of the gatherers.", + Description: "from is the source for the image repository to import; only kind DockerImage and a name of a container image repository is allowed", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1.Gatherers"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, - "storage": { + "importPolicy": { SchemaProps: spec.SchemaProps{ - Description: "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", + Description: "importPolicy is the policy controlling how the image is imported", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1.Storage"), + Ref: ref("github.com/openshift/api/image/v1.TagImportPolicy"), + }, + }, + "referencePolicy": { + SchemaProps: spec.SchemaProps{ + Description: "referencePolicy defines how other components should consume the image", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/image/v1.TagReferencePolicy"), + }, + }, + "includeManifest": { + SchemaProps: spec.SchemaProps{ + Description: "includeManifest determines if the manifest for each image is returned in the response", + Type: []string{"boolean"}, + Format: "", }, }, }, - Required: []string{"gatherers"}, + Required: []string{"from"}, }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1.Gatherers", "github.com/openshift/api/insights/v1.Storage"}, + "github.com/openshift/api/image/v1.TagImportPolicy", "github.com/openshift/api/image/v1.TagReferencePolicy", corev1.ObjectReference{}.OpenAPIModelName()}, } } -func schema_openshift_api_insights_v1_DataGatherStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_RepositoryImportStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "DataGatherStatus contains information relating to the DataGather state.", + Description: "RepositoryImportStatus describes the result of an image repository import", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", - }, - "x-kubernetes-list-type": "map", - }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "status reflects whether any failure occurred during import", + Default: map[string]interface{}{}, + Ref: ref(metav1.Status{}.OpenAPIModelName()), }, + }, + "images": { SchemaProps: spec.SchemaProps{ - Description: "conditions is an optional field that provides details on the status of the gatherer job. It may not exceed 100 items and must not contain duplicates.\n\nThe current condition types are DataUploaded, DataRecorded, DataProcessed, RemoteConfigurationNotAvailable, RemoteConfigurationInvalid\n\nThe DataUploaded condition is used to represent whether or not the archive was successfully uploaded for further processing. When it has a status of True and a reason of Succeeded, the archive was successfully uploaded. When it has a status of Unknown and a reason of NoUploadYet, the upload has not occurred, or there was no data to upload. When it has a status of False and a reason Failed, the upload failed. The accompanying message will include the specific error encountered.\n\nThe DataRecorded condition is used to represent whether or not the archive was successfully recorded. When it has a status of True and a reason of Succeeded, the archive was recorded successfully. When it has a status of Unknown and a reason of NoDataGatheringYet, the data gathering process has not started yet. When it has a status of False and a reason of RecordingFailed, the recording failed and a message will include the specific error encountered.\n\nThe DataProcessed condition is used to represent whether or not the archive was processed by the processing service. When it has a status of True and a reason of Processed, the data was processed successfully. When it has a status of Unknown and a reason of NothingToProcessYet, there is no data to process at the moment. When it has a status of False and a reason of Failure, processing failed and a message will include the specific error encountered.\n\nThe RemoteConfigurationAvailable condition is used to represent whether the remote configuration is available. When it has a status of Unknown and a reason of Unknown or RemoteConfigNotRequestedYet, the state of the remote configuration is unknown—typically at startup. When it has a status of True and a reason of Succeeded, the configuration is available. When it has a status of False and a reason of NoToken, the configuration was disabled by removing the cloud.openshift.com field from the pull secret. When it has a status of False and a reason of DisabledByConfiguration, the configuration was disabled in insightsdatagather.config.openshift.io.\n\nThe RemoteConfigurationValid condition is used to represent whether the remote configuration is valid. When it has a status of Unknown and a reason of Unknown or NoValidationYet, the validity of the remote configuration is unknown—typically at startup. When it has a status of True and a reason of Succeeded, the configuration is valid. When it has a status of False and a reason of Invalid, the configuration is invalid.\n\nThe Progressing condition is used to represent the phase of gathering When it has a status of False and the reason is DataGatherPending, the gathering has not started yet. When it has a status of True and reason is Gathering, the gathering is running. When it has a status of False and reason is GatheringSucceeded, the gathering successfully finished. When it has a status of False and reason is GatheringFailed, the gathering failed.", + Description: "images is a list of images successfully retrieved by the import of the repository.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref("github.com/openshift/api/image/v1.ImageImportStatus"), }, }, }, }, }, - "gatherers": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, - }, + "additionalTags": { SchemaProps: spec.SchemaProps{ - Description: "gatherers is a list of active gatherers (and their statuses) in the last gathering.", + Description: "additionalTags are tags that exist in the repository but were not imported because a maximum limit of automatic imports was applied.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1.GathererStatus"), + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, }, }, - "startTime": { + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/image/v1.ImageImportStatus", metav1.Status{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_image_v1_SecretList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "SecretList is a list of Secret.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { SchemaProps: spec.SchemaProps{ - Description: "startTime is the time when Insights data gathering started.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", }, }, - "finishTime": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "finishTime is the time when Insights data gathering finished.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", }, }, - "relatedObjects": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - "namespace", - }, - "x-kubernetes-list-type": "map", - }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Default: map[string]interface{}{}, + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, + }, + "items": { SchemaProps: spec.SchemaProps{ - Description: "relatedObjects is an optional list of resources which are useful when debugging or inspecting the data gathering Pod It may not exceed 100 items and must not contain duplicates.", + Description: "Items is a list of secret objects. More info: https://kubernetes.io/docs/concepts/configuration/secret", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1.ObjectReference"), + Ref: ref(corev1.Secret{}.OpenAPIModelName()), }, }, }, }, }, - "insightsRequestID": { - SchemaProps: spec.SchemaProps{ - Description: "insightsRequestID is an optional Insights request ID to track the status of the Insights analysis (in console.redhat.com processing pipeline) for the corresponding Insights data archive. It may not exceed 256 characters and is immutable once set.", - Type: []string{"string"}, - Format: "", - }, - }, - "insightsReport": { - SchemaProps: spec.SchemaProps{ - Description: "insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet or the corresponding Insights analysis (identified by \"insightsRequestID\") is not available.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1.InsightsReport"), - }, - }, }, + Required: []string{"items"}, }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1.GathererStatus", "github.com/openshift/api/insights/v1.InsightsReport", "github.com/openshift/api/insights/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + corev1.Secret{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_insights_v1_GathererConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_SignatureCondition(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "GathererConfig allows to configure specific gatherers", + Description: "SignatureCondition describes an image signature condition of particular kind at particular probe time.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "type": { SchemaProps: spec.SchemaProps{ - Description: "name is the required name of a specific gatherer. It may not exceed 256 characters. The format for a gatherer name is: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + Description: "type of signature condition, Complete or Failed.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "state": { + "status": { SchemaProps: spec.SchemaProps{ - Description: "state is a required field that allows you to configure specific gatherer. Valid values are \"Enabled\" and \"Disabled\". When set to Enabled the gatherer will run. When set to Disabled the gatherer will not run.", + Description: "status of the condition, one of True, False, Unknown.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "lastProbeTime": { + SchemaProps: spec.SchemaProps{ + Description: "Last time the condition was checked.", + Ref: ref(metav1.Time{}.OpenAPIModelName()), + }, + }, + "lastTransitionTime": { + SchemaProps: spec.SchemaProps{ + Description: "Last time the condition transit from one status to another.", + Ref: ref(metav1.Time{}.OpenAPIModelName()), + }, + }, + "reason": { + SchemaProps: spec.SchemaProps{ + Description: "(brief) reason for the condition's last transition.", + Type: []string{"string"}, + Format: "", + }, + }, + "message": { + SchemaProps: spec.SchemaProps{ + Description: "Human readable message indicating details about last transition.", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"name", "state"}, + Required: []string{"type", "status"}, }, }, + Dependencies: []string{ + metav1.Time{}.OpenAPIModelName()}, } } -func schema_openshift_api_insights_v1_GathererStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_SignatureGenericEntity(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "GathererStatus represents information about a particular data gatherer.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", - }, - "x-kubernetes-list-type": "map", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "conditions provide details on the status of each gatherer.\n\nThe current condition type is DataGathered\n\nThe DataGathered condition is used to represent whether or not the data was gathered by a gatherer specified by name. When it has a status of True and a reason of GatheredOK, the data has been successfully gathered as expected. When it has a status of False and a reason of NoData, no data was gathered—for example, when the resource is not present in the cluster. When it has a status of False and a reason of GatherError, an error occurred and no data was gathered. When it has a status of False and a reason of GatherPanic, a panic occurred during gathering and no data was collected. When it has a status of False and a reason of GatherWithErrorReason, data was partially gathered or gathered with an error message.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), - }, - }, - }, - }, - }, - "name": { + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "SignatureGenericEntity holds a generic information about a person or entity who is an issuer or a subject of signing certificate or key.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "organization": { SchemaProps: spec.SchemaProps{ - Description: "name is the required name of the gatherer. It must contain at least 5 characters and may not exceed 256 characters.", + Description: "organization name.", Type: []string{"string"}, Format: "", }, }, - "lastGatherSeconds": { + "commonName": { SchemaProps: spec.SchemaProps{ - Description: "lastGatherSeconds is required field that represents the time spent gathering in seconds", - Type: []string{"integer"}, - Format: "int32", + Description: "Common name (e.g. openshift-signing-service).", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"name", "lastGatherSeconds"}, }, }, - Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } -func schema_openshift_api_insights_v1_Gatherers(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_SignatureIssuer(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "Gatherers specifies the configuration of the gatherers", + Description: "SignatureIssuer holds information about an issuer of signing certificate or key.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "mode": { + "organization": { SchemaProps: spec.SchemaProps{ - Description: "mode is a required field that specifies the mode for gatherers. Allowed values are All and Custom. When set to All, all gatherers will run and gather data. When set to Custom, the custom configuration from the custom field will be applied.", + Description: "organization name.", Type: []string{"string"}, Format: "", }, }, - "custom": { + "commonName": { SchemaProps: spec.SchemaProps{ - Description: "custom provides gathering configuration. It is required when mode is Custom, and forbidden otherwise. Custom configuration allows user to disable only a subset of gatherers. Gatherers that are not explicitly disabled in custom configuration will run.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1.Custom"), - }, - }, - }, - Required: []string{"mode"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "mode", - "fields-to-discriminateBy": map[string]interface{}{ - "custom": "Custom", - }, + Description: "Common name (e.g. openshift-signing-service).", + Type: []string{"string"}, + Format: "", }, }, }, }, }, - Dependencies: []string{ - "github.com/openshift/api/insights/v1.Custom"}, } } -func schema_openshift_api_insights_v1_HealthCheck(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_SignatureSubject(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "HealthCheck represents an Insights health check attributes.", + Description: "SignatureSubject holds information about a person or entity who created the signature.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "description": { + "organization": { SchemaProps: spec.SchemaProps{ - Description: "description is required field that provides basic description of the healthcheck. It must contain at least 10 characters and may not exceed 2048 characters.", + Description: "organization name.", Type: []string{"string"}, Format: "", }, }, - "totalRisk": { + "commonName": { SchemaProps: spec.SchemaProps{ - Description: "totalRisk is the required field of the healthcheck. It is indicator of the total risk posed by the detected issue; combination of impact and likelihood. Allowed values are Low, Moderate, Important and Critical. The value represents the severity of the issue.", + Description: "Common name (e.g. openshift-signing-service).", Type: []string{"string"}, Format: "", }, }, - "advisorURI": { + "publicKeyID": { SchemaProps: spec.SchemaProps{ - Description: "advisorURI is required field that provides the URL link to the Insights Advisor. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", + Description: "If present, it is a human readable key id of public key belonging to the subject used to verify image signature. It should contain at least 64 lowest bits of public key's fingerprint (e.g. 0x685ebe62bf278440).", + Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"description", "totalRisk", "advisorURI"}, + Required: []string{"publicKeyID"}, }, }, } } -func schema_openshift_api_insights_v1_InsightsReport(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_TagEvent(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "InsightsReport provides Insights health check report based on the most recently sent Insights data.", + Description: "TagEvent is used by ImageStreamStatus to keep a historical record of images associated with a tag.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "downloadedTime": { + "created": { SchemaProps: spec.SchemaProps{ - Description: "downloadedTime is a required field that specifies when the Insights report was last downloaded.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Description: "created holds the time the TagEvent was created", + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, - "healthChecks": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "advisorURI", - "totalRisk", - "description", - }, - "x-kubernetes-list-type": "map", - }, - }, + "dockerImageReference": { SchemaProps: spec.SchemaProps{ - Description: "healthChecks is an optional field that provides basic information about active Insights recommendations, which serve as proactive notifications for potential issues in the cluster. When omitted, it means that there are no active recommendations in the cluster.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1.HealthCheck"), - }, - }, - }, + Description: "dockerImageReference is the string that can be used to pull this image", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "uri": { + "image": { SchemaProps: spec.SchemaProps{ - Description: "uri is a required field that provides the URL link from which the report was downloaded. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", + Description: "image is the image", + Default: "", Type: []string{"string"}, Format: "", }, }, + "generation": { + SchemaProps: spec.SchemaProps{ + Description: "generation is the spec tag generation that resulted in this tag being updated", + Default: 0, + Type: []string{"integer"}, + Format: "int64", + }, + }, }, - Required: []string{"downloadedTime", "uri"}, + Required: []string{"created", "dockerImageReference", "image", "generation"}, }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1.HealthCheck", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } -func schema_openshift_api_insights_v1_ObjectReference(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_TagEventCondition(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ObjectReference contains enough information to let you inspect or modify the referred object.", + Description: "TagEventCondition contains condition information for a tag event.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "group": { + "type": { SchemaProps: spec.SchemaProps{ - Description: "group is required field that specifies the API Group of the Resource. Enter empty string for the core group. This value is empty or it should follow the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start with an alphabetic character and end with an alphanumeric character. Example: \"\", \"apps\", \"build.openshift.io\", etc.", + Description: "type of tag event condition, currently only ImportSuccess", + Default: "", Type: []string{"string"}, Format: "", }, }, - "resource": { + "status": { SchemaProps: spec.SchemaProps{ - Description: "resource is required field of the type that is being referenced and follows the DNS1035 format. It is normally the plural form of the resource kind in lowercase. It must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character. Example: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", + Description: "status of the condition, one of True, False, Unknown.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "name": { + "lastTransitionTime": { SchemaProps: spec.SchemaProps{ - Description: "name is required field that specifies the referent that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start with an alphabetic character and end with an alphanumeric character..", + Description: "lastTransitionTime is the time the condition transitioned from one status to another.", + Ref: ref(metav1.Time{}.OpenAPIModelName()), + }, + }, + "reason": { + SchemaProps: spec.SchemaProps{ + Description: "reason is a brief machine readable explanation for the condition's last transition.", Type: []string{"string"}, Format: "", }, }, - "namespace": { + "message": { SchemaProps: spec.SchemaProps{ - Description: "namespace if required field of the referent that follows the DNS1123 labels format. It must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character.", + Description: "message is a human readable description of the details about last transition, complementing reason.", Type: []string{"string"}, Format: "", }, }, + "generation": { + SchemaProps: spec.SchemaProps{ + Description: "generation is the spec tag generation that this status corresponds to", + Default: 0, + Type: []string{"integer"}, + Format: "int64", + }, + }, }, - Required: []string{"group", "resource", "name", "namespace"}, + Required: []string{"type", "status", "generation"}, }, }, + Dependencies: []string{ + metav1.Time{}.OpenAPIModelName()}, } } -func schema_openshift_api_insights_v1_PersistentVolumeClaimReference(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_TagImportPolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PersistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", + Description: "TagImportPolicy controls how images related to this tag will be imported.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "insecure": { SchemaProps: spec.SchemaProps{ - Description: "name is the name of the PersistentVolumeClaim that will be used to store the Insights data archive. It is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", + Description: "insecure is true if the server may bypass certificate verification or connect directly over HTTP during image import.", + Type: []string{"boolean"}, + Format: "", + }, + }, + "scheduled": { + SchemaProps: spec.SchemaProps{ + Description: "scheduled indicates to the server that this tag should be periodically checked to ensure it is up to date, and imported", + Type: []string{"boolean"}, + Format: "", + }, + }, + "importMode": { + SchemaProps: spec.SchemaProps{ + Description: "importMode describes how to import an image manifest.", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"name"}, }, }, } } -func schema_openshift_api_insights_v1_PersistentVolumeConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_TagReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PersistentVolumeConfig provides configuration options for PersistentVolume storage.", + Description: "TagReference specifies optional annotations for images using this tag and an optional reference to an ImageStreamTag, ImageStreamImage, or DockerImage this tag should track.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "claim": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1.PersistentVolumeClaimReference"), + Description: "name of the tag", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "mountPath": { + "annotations": { SchemaProps: spec.SchemaProps{ - Description: "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", - Type: []string{"string"}, + Description: "Optional; if specified, annotations that are applied to images retrieved via ImageStreamTags.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "from": { + SchemaProps: spec.SchemaProps{ + Description: "Optional; if specified, a reference to another image that this tag should point to. Valid values are ImageStreamTag, ImageStreamImage, and DockerImage. ImageStreamTag references can only reference a tag within this same ImageStream.", + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), + }, + }, + "reference": { + SchemaProps: spec.SchemaProps{ + Description: "reference states if the tag will be imported. Default value is false, which means the tag will be imported.", + Type: []string{"boolean"}, Format: "", }, }, + "generation": { + SchemaProps: spec.SchemaProps{ + Description: "generation is a counter that tracks mutations to the spec tag (user intent). When a tag reference is changed the generation is set to match the current stream generation (which is incremented every time spec is changed). Other processes in the system like the image importer observe that the generation of spec tag is newer than the generation recorded in the status and use that as a trigger to import the newest remote tag. To trigger a new import, clients may set this value to zero which will reset the generation to the latest stream generation. Legacy clients will send this value as nil which will be merged with the current tag generation.", + Type: []string{"integer"}, + Format: "int64", + }, + }, + "importPolicy": { + SchemaProps: spec.SchemaProps{ + Description: "importPolicy is information that controls how images may be imported by the server.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/image/v1.TagImportPolicy"), + }, + }, + "referencePolicy": { + SchemaProps: spec.SchemaProps{ + Description: "referencePolicy defines how other components should consume the image.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/image/v1.TagReferencePolicy"), + }, + }, }, - Required: []string{"claim"}, + Required: []string{"name"}, }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1.PersistentVolumeClaimReference"}, + "github.com/openshift/api/image/v1.TagImportPolicy", "github.com/openshift/api/image/v1.TagReferencePolicy", corev1.ObjectReference{}.OpenAPIModelName()}, } } -func schema_openshift_api_insights_v1_Storage(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_image_v1_TagReferencePolicy(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "Storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", + Description: "TagReferencePolicy describes how pull-specs for images in this image stream tag are generated when image change triggers in deployment configs or builds are resolved. This allows the image stream author to control how images are accessed.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "type": { SchemaProps: spec.SchemaProps{ - Description: "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the PersistentVolume field.", + Description: "type determines how the image pull spec should be transformed when the image stream tag is used in deployment config triggers or new builds. The default value is `Source`, indicating the original location of the image should be used (if imported). The user may also specify `Local`, indicating that the pull spec should point to the integrated container image registry and leverage the registry's ability to proxy the pull to an upstream registry. `Local` allows the credentials used to pull this image to be managed from the image stream's namespace, so others on the platform can access a remote image but have no access to the remote secret. It also allows the image layers to be mirrored into the local registry which the images can still be pulled even if the upstream registry is unavailable.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "persistentVolume": { - SchemaProps: spec.SchemaProps{ - Description: "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1.PersistentVolumeConfig"), - }, - }, }, Required: []string{"type"}, }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "type", - "fields-to-discriminateBy": map[string]interface{}{ - "persistentVolume": "PersistentVolume", + }, + } +} + +func schema_openshift_api_insights_v1_Custom(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Custom provides the custom configuration of gatherers", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "configs": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/insights/v1.GathererConfig"), + }, + }, }, }, }, }, + Required: []string{"configs"}, }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1.PersistentVolumeConfig"}, + "github.com/openshift/api/insights/v1.GathererConfig"}, } } -func schema_openshift_api_insights_v1alpha1_DataGather(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1_DataGather(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "DataGather provides data gather configuration options and status for the particular Insights data gathering.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "DataGather provides data gather configuration options and status for the particular Insights data gathering.\n\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -30869,21 +31586,21 @@ func schema_openshift_api_insights_v1alpha1_DataGather(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "spec holds user settable values for configuration", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1alpha1.DataGatherSpec"), + Ref: ref("github.com/openshift/api/insights/v1.DataGatherSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "status holds observed values from the cluster. They may not be overridden.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1alpha1.DataGatherStatus"), + Ref: ref("github.com/openshift/api/insights/v1.DataGatherStatus"), }, }, }, @@ -30891,15 +31608,15 @@ func schema_openshift_api_insights_v1alpha1_DataGather(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1alpha1.DataGatherSpec", "github.com/openshift/api/insights/v1alpha1.DataGatherStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/insights/v1.DataGatherSpec", "github.com/openshift/api/insights/v1.DataGatherStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_insights_v1alpha1_DataGatherList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1_DataGatherList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "DataGatherList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "DataGatherList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -30920,7 +31637,7 @@ func schema_openshift_api_insights_v1alpha1_DataGatherList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -30936,7 +31653,7 @@ func schema_openshift_api_insights_v1alpha1_DataGatherList(ref common.ReferenceC Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1alpha1.DataGather"), + Ref: ref("github.com/openshift/api/insights/v1.DataGather"), }, }, }, @@ -30946,11 +31663,11 @@ func schema_openshift_api_insights_v1alpha1_DataGatherList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1alpha1.DataGather", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/insights/v1.DataGather", metav1.ListMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_insights_v1alpha1_DataGatherSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1_DataGatherSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -30958,42 +31675,49 @@ func schema_openshift_api_insights_v1alpha1_DataGatherSpec(ref common.ReferenceC Type: []string{"object"}, Properties: map[string]spec.Schema{ "dataPolicy": { - SchemaProps: spec.SchemaProps{ - Description: "dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. Valid values are \"ClearText\" and \"ObfuscateNetworking\". When set to ClearText the data is not obfuscated. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is ClearText.", - Default: "", - Type: []string{"string"}, - Format: "", + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, }, - }, - "gatherers": { SchemaProps: spec.SchemaProps{ - Description: "gatherers is an optional list of gatherers configurations. The list must not exceed 100 items. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + Description: "dataPolicy is an optional list of DataPolicyOptions that allows user to enable additional obfuscation of the Insights archive data. It may not exceed 2 items and must not contain duplicates. Valid values are ObfuscateNetworking and WorkloadNames. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When set to WorkloadNames, the gathered data about cluster resources will not contain the workload names for your deployments. Resources UIDs will be used instead. When omitted no obfuscation is applied.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1alpha1.GathererConfig"), + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, }, }, + "gatherers": { + SchemaProps: spec.SchemaProps{ + Description: "gatherers is a required field that specifies the configuration of the gatherers.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/insights/v1.Gatherers"), + }, + }, "storage": { SchemaProps: spec.SchemaProps{ Description: "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", - Ref: ref("github.com/openshift/api/insights/v1alpha1.Storage"), + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/insights/v1.Storage"), }, }, }, + Required: []string{"gatherers"}, }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1alpha1.GathererConfig", "github.com/openshift/api/insights/v1alpha1.Storage"}, + "github.com/openshift/api/insights/v1.Gatherers", "github.com/openshift/api/insights/v1.Storage"}, } } -func schema_openshift_api_insights_v1alpha1_DataGatherStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1_DataGatherStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -31010,25 +31734,18 @@ func schema_openshift_api_insights_v1alpha1_DataGatherStatus(ref common.Referenc }, }, SchemaProps: spec.SchemaProps{ - Description: "conditions provide details on the status of the gatherer job.", + Description: "conditions is an optional field that provides details on the status of the gatherer job. It may not exceed 100 items and must not contain duplicates.\n\nThe current condition types are DataUploaded, DataRecorded, DataProcessed, RemoteConfigurationNotAvailable, RemoteConfigurationInvalid\n\nThe DataUploaded condition is used to represent whether or not the archive was successfully uploaded for further processing. When it has a status of True and a reason of Succeeded, the archive was successfully uploaded. When it has a status of Unknown and a reason of NoUploadYet, the upload has not occurred, or there was no data to upload. When it has a status of False and a reason Failed, the upload failed. The accompanying message will include the specific error encountered.\n\nThe DataRecorded condition is used to represent whether or not the archive was successfully recorded. When it has a status of True and a reason of Succeeded, the archive was recorded successfully. When it has a status of Unknown and a reason of NoDataGatheringYet, the data gathering process has not started yet. When it has a status of False and a reason of RecordingFailed, the recording failed and a message will include the specific error encountered.\n\nThe DataProcessed condition is used to represent whether or not the archive was processed by the processing service. When it has a status of True and a reason of Processed, the data was processed successfully. When it has a status of Unknown and a reason of NothingToProcessYet, there is no data to process at the moment. When it has a status of False and a reason of Failure, processing failed and a message will include the specific error encountered.\n\nThe RemoteConfigurationAvailable condition is used to represent whether the remote configuration is available. When it has a status of Unknown and a reason of Unknown or RemoteConfigNotRequestedYet, the state of the remote configuration is unknown—typically at startup. When it has a status of True and a reason of Succeeded, the configuration is available. When it has a status of False and a reason of NoToken, the configuration was disabled by removing the cloud.openshift.com field from the pull secret. When it has a status of False and a reason of DisabledByConfiguration, the configuration was disabled in insightsdatagather.config.openshift.io.\n\nThe RemoteConfigurationValid condition is used to represent whether the remote configuration is valid. When it has a status of Unknown and a reason of Unknown or NoValidationYet, the validity of the remote configuration is unknown—typically at startup. When it has a status of True and a reason of Succeeded, the configuration is valid. When it has a status of False and a reason of Invalid, the configuration is invalid.\n\nThe Progressing condition is used to represent the phase of gathering When it has a status of False and the reason is DataGatherPending, the gathering has not started yet. When it has a status of True and reason is Gathering, the gathering is running. When it has a status of False and reason is GatheringSucceeded, the gathering successfully finished. When it has a status of False and reason is GatheringFailed, the gathering failed.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, }, }, - "dataGatherState": { - SchemaProps: spec.SchemaProps{ - Description: "dataGatherState reflects the current state of the data gathering process.", - Type: []string{"string"}, - Format: "", - }, - }, "gatherers": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ @@ -31045,7 +31762,7 @@ func schema_openshift_api_insights_v1alpha1_DataGatherStatus(ref common.Referenc Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1alpha1.GathererStatus"), + Ref: ref("github.com/openshift/api/insights/v1.GathererStatus"), }, }, }, @@ -31054,24 +31771,33 @@ func schema_openshift_api_insights_v1alpha1_DataGatherStatus(ref common.Referenc "startTime": { SchemaProps: spec.SchemaProps{ Description: "startTime is the time when Insights data gathering started.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "finishTime": { SchemaProps: spec.SchemaProps{ Description: "finishTime is the time when Insights data gathering finished.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "relatedObjects": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + "namespace", + }, + "x-kubernetes-list-type": "map", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "relatedObjects is a list of resources which are useful when debugging or inspecting the data gathering Pod", + Description: "relatedObjects is an optional list of resources which are useful when debugging or inspecting the data gathering Pod It may not exceed 100 items and must not contain duplicates.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1alpha1.ObjectReference"), + Ref: ref("github.com/openshift/api/insights/v1.ObjectReference"), }, }, }, @@ -31079,7 +31805,7 @@ func schema_openshift_api_insights_v1alpha1_DataGatherStatus(ref common.Referenc }, "insightsRequestID": { SchemaProps: spec.SchemaProps{ - Description: "insightsRequestID is an Insights request ID to track the status of the Insights analysis (in console.redhat.com processing pipeline) for the corresponding Insights data archive.", + Description: "insightsRequestID is an optional Insights request ID to track the status of the Insights analysis (in console.redhat.com processing pipeline) for the corresponding Insights data archive. It may not exceed 256 characters and is immutable once set.", Type: []string{"string"}, Format: "", }, @@ -31088,52 +31814,50 @@ func schema_openshift_api_insights_v1alpha1_DataGatherStatus(ref common.Referenc SchemaProps: spec.SchemaProps{ Description: "insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet or the corresponding Insights analysis (identified by \"insightsRequestID\") is not available.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1alpha1.InsightsReport"), + Ref: ref("github.com/openshift/api/insights/v1.InsightsReport"), }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1alpha1.GathererStatus", "github.com/openshift/api/insights/v1alpha1.InsightsReport", "github.com/openshift/api/insights/v1alpha1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + "github.com/openshift/api/insights/v1.GathererStatus", "github.com/openshift/api/insights/v1.InsightsReport", "github.com/openshift/api/insights/v1.ObjectReference", metav1.Condition{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, } } -func schema_openshift_api_insights_v1alpha1_GathererConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1_GathererConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "gathererConfig allows to configure specific gatherers", + Description: "GathererConfig allows to configure specific gatherers", Type: []string{"object"}, Properties: map[string]spec.Schema{ "name": { SchemaProps: spec.SchemaProps{ - Description: "name is the required name of specific gatherer It must be at most 256 characters in length. The format for the gatherer name should be: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md.", - Default: "", + Description: "name is the required name of a specific gatherer. It may not exceed 256 characters. The format for a gatherer name is: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", Type: []string{"string"}, Format: "", }, }, "state": { SchemaProps: spec.SchemaProps{ - Description: "state allows you to configure specific gatherer. Valid values are \"Enabled\", \"Disabled\" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default. The current default is Enabled.", - Default: "", + Description: "state is a required field that allows you to configure specific gatherer. Valid values are \"Enabled\" and \"Disabled\". When set to Enabled the gatherer will run. When set to Disabled the gatherer will not run.", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"name"}, + Required: []string{"name", "state"}, }, }, } } -func schema_openshift_api_insights_v1alpha1_GathererStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1_GathererStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "gathererStatus represents information about a particular data gatherer.", + Description: "GathererStatus represents information about a particular data gatherer.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "conditions": { @@ -31146,13 +31870,13 @@ func schema_openshift_api_insights_v1alpha1_GathererStatus(ref common.ReferenceC }, }, SchemaProps: spec.SchemaProps{ - Description: "conditions provide details on the status of each gatherer.", + Description: "conditions provide details on the status of each gatherer.\n\nThe current condition type is DataGathered\n\nThe DataGathered condition is used to represent whether or not the data was gathered by a gatherer specified by name. When it has a status of True and a reason of GatheredOK, the data has been successfully gathered as expected. When it has a status of False and a reason of NoData, no data was gathered—for example, when the resource is not present in the cluster. When it has a status of False and a reason of GatherError, an error occurred and no data was gathered. When it has a status of False and a reason of GatherPanic, a panic occurred during gathering and no data was collected. When it has a status of False and a reason of GatherWithErrorReason, data was partially gathered or gathered with an error message.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -31160,100 +31884,136 @@ func schema_openshift_api_insights_v1alpha1_GathererStatus(ref common.ReferenceC }, "name": { SchemaProps: spec.SchemaProps{ - Description: "name is the name of the gatherer.", - Default: "", + Description: "name is the required name of the gatherer. It must contain at least 5 characters and may not exceed 256 characters.", Type: []string{"string"}, Format: "", }, }, - "lastGatherDuration": { + "lastGatherSeconds": { SchemaProps: spec.SchemaProps{ - Description: "lastGatherDuration represents the time spent gathering.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Description: "lastGatherSeconds is required field that represents the time spent gathering in seconds", + Type: []string{"integer"}, + Format: "int32", }, }, }, - Required: []string{"conditions", "name", "lastGatherDuration"}, + Required: []string{"name", "lastGatherSeconds"}, }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition", "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, + metav1.Condition{}.OpenAPIModelName()}, } } -func schema_openshift_api_insights_v1alpha1_HealthCheck(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1_Gatherers(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "healthCheck represents an Insights health check attributes.", + Description: "Gatherers specifies the configuration of the gatherers", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "description": { + "mode": { SchemaProps: spec.SchemaProps{ - Description: "description provides basic description of the healtcheck.", - Default: "", + Description: "mode is a required field that specifies the mode for gatherers. Allowed values are All and Custom. When set to All, all gatherers will run and gather data. When set to Custom, the custom configuration from the custom field will be applied.", Type: []string{"string"}, Format: "", }, }, - "totalRisk": { + "custom": { SchemaProps: spec.SchemaProps{ - Description: "totalRisk of the healthcheck. Indicator of the total risk posed by the detected issue; combination of impact and likelihood. The values can be from 1 to 4, and the higher the number, the more important the issue.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "custom provides gathering configuration. It is required when mode is Custom, and forbidden otherwise. Custom configuration allows user to disable only a subset of gatherers. Gatherers that are not explicitly disabled in custom configuration will run.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/insights/v1.Custom"), }, }, - "advisorURI": { + }, + Required: []string{"mode"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "mode", + "fields-to-discriminateBy": map[string]interface{}{ + "custom": "Custom", + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/insights/v1.Custom"}, + } +} + +func schema_openshift_api_insights_v1_HealthCheck(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "HealthCheck represents an Insights health check attributes.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "description": { SchemaProps: spec.SchemaProps{ - Description: "advisorURI is required field that provides the URL link to the Insights Advisor. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", - Default: "", + Description: "description is required field that provides basic description of the healthcheck. It must contain at least 10 characters and may not exceed 2048 characters.", Type: []string{"string"}, Format: "", }, }, - "state": { + "totalRisk": { SchemaProps: spec.SchemaProps{ - Description: "state determines what the current state of the health check is. Health check is enabled by default and can be disabled by the user in the Insights advisor user interface.", - Default: "", + Description: "totalRisk is the required field of the healthcheck. It is indicator of the total risk posed by the detected issue; combination of impact and likelihood. Allowed values are Low, Moderate, Important and Critical. The value represents the severity of the issue.", + Type: []string{"string"}, + Format: "", + }, + }, + "advisorURI": { + SchemaProps: spec.SchemaProps{ + Description: "advisorURI is required field that provides the URL link to the Insights Advisor. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"description", "totalRisk", "advisorURI", "state"}, + Required: []string{"description", "totalRisk", "advisorURI"}, }, }, } } -func schema_openshift_api_insights_v1alpha1_InsightsReport(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1_InsightsReport(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "insightsReport provides Insights health check report based on the most recently sent Insights data.", + Description: "InsightsReport provides Insights health check report based on the most recently sent Insights data.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "downloadedAt": { + "downloadedTime": { SchemaProps: spec.SchemaProps{ - Description: "downloadedAt is the time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled).", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Description: "downloadedTime is a required field that specifies when the Insights report was last downloaded.", + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "healthChecks": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", + "x-kubernetes-list-map-keys": []interface{}{ + "advisorURI", + "totalRisk", + "description", + }, + "x-kubernetes-list-type": "map", }, }, SchemaProps: spec.SchemaProps{ - Description: "healthChecks provides basic information about active Insights health checks in a cluster.", + Description: "healthChecks is an optional field that provides basic information about active Insights recommendations, which serve as proactive notifications for potential issues in the cluster. When omitted, it means that there are no active recommendations in the cluster.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1alpha1.HealthCheck"), + Ref: ref("github.com/openshift/api/insights/v1.HealthCheck"), }, }, }, @@ -31261,20 +32021,21 @@ func schema_openshift_api_insights_v1alpha1_InsightsReport(ref common.ReferenceC }, "uri": { SchemaProps: spec.SchemaProps{ - Description: "uri is optional field that provides the URL link from which the report was downloaded. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", + Description: "uri is a required field that provides the URL link from which the report was downloaded. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", Type: []string{"string"}, Format: "", }, }, }, + Required: []string{"downloadedTime", "uri"}, }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1alpha1.HealthCheck", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + "github.com/openshift/api/insights/v1.HealthCheck", metav1.Time{}.OpenAPIModelName()}, } } -func schema_openshift_api_insights_v1alpha1_ObjectReference(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1_ObjectReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -31283,53 +32044,49 @@ func schema_openshift_api_insights_v1alpha1_ObjectReference(ref common.Reference Properties: map[string]spec.Schema{ "group": { SchemaProps: spec.SchemaProps{ - Description: "group is the API Group of the Resource. Enter empty string for the core group. This value is empty or should follow the DNS1123 subdomain format and it must be at most 253 characters in length. Example: \"\", \"apps\", \"build.openshift.io\", etc.", - Default: "", + Description: "group is required field that specifies the API Group of the Resource. Enter empty string for the core group. This value is empty or it should follow the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start with an alphabetic character and end with an alphanumeric character. Example: \"\", \"apps\", \"build.openshift.io\", etc.", Type: []string{"string"}, Format: "", }, }, "resource": { SchemaProps: spec.SchemaProps{ - Description: "resource is required field of the type that is being referenced. It is normally the plural form of the resource kind in lowercase. This value should consist of only lowercase alphanumeric characters and hyphens. Example: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", - Default: "", + Description: "resource is required field of the type that is being referenced and follows the DNS1035 format. It is normally the plural form of the resource kind in lowercase. It must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character. Example: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", Type: []string{"string"}, Format: "", }, }, "name": { SchemaProps: spec.SchemaProps{ - Description: "name of the referent that follows the DNS1123 subdomain format. It must be at most 256 characters in length.", - Default: "", + Description: "name is required field that specifies the referent that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start with an alphabetic character and end with an alphanumeric character..", Type: []string{"string"}, Format: "", }, }, "namespace": { SchemaProps: spec.SchemaProps{ - Description: "namespace of the referent that follows the DNS1123 subdomain format. It must be at most 253 characters in length.", + Description: "namespace if required field of the referent that follows the DNS1123 labels format. It must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character.", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"group", "resource", "name"}, + Required: []string{"group", "resource", "name", "namespace"}, }, }, } } -func schema_openshift_api_insights_v1alpha1_PersistentVolumeClaimReference(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1_PersistentVolumeClaimReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", + Description: "PersistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "name": { SchemaProps: spec.SchemaProps{ - Description: "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", - Default: "", + Description: "name is the name of the PersistentVolumeClaim that will be used to store the Insights data archive. It is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", Type: []string{"string"}, Format: "", }, @@ -31341,18 +32098,18 @@ func schema_openshift_api_insights_v1alpha1_PersistentVolumeClaimReference(ref c } } -func schema_openshift_api_insights_v1alpha1_PersistentVolumeConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1_PersistentVolumeConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "persistentVolumeConfig provides configuration options for PersistentVolume storage.", + Description: "PersistentVolumeConfig provides configuration options for PersistentVolume storage.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "claim": { SchemaProps: spec.SchemaProps{ Description: "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1alpha1.PersistentVolumeClaimReference"), + Ref: ref("github.com/openshift/api/insights/v1.PersistentVolumeClaimReference"), }, }, "mountPath": { @@ -31367,21 +32124,20 @@ func schema_openshift_api_insights_v1alpha1_PersistentVolumeConfig(ref common.Re }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1alpha1.PersistentVolumeClaimReference"}, + "github.com/openshift/api/insights/v1.PersistentVolumeClaimReference"}, } } -func schema_openshift_api_insights_v1alpha1_Storage(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1_Storage(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", + Description: "Storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "type": { SchemaProps: spec.SchemaProps{ Description: "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the PersistentVolume field.", - Default: "", Type: []string{"string"}, Format: "", }, @@ -31389,57 +32145,32 @@ func schema_openshift_api_insights_v1alpha1_Storage(ref common.ReferenceCallback "persistentVolume": { SchemaProps: spec.SchemaProps{ Description: "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", - Ref: ref("github.com/openshift/api/insights/v1alpha1.PersistentVolumeConfig"), + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/insights/v1.PersistentVolumeConfig"), }, }, }, Required: []string{"type"}, }, - }, - Dependencies: []string{ - "github.com/openshift/api/insights/v1alpha1.PersistentVolumeConfig"}, - } -} - -func schema_openshift_api_insights_v1alpha2_Custom(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "custom provides the custom configuration of gatherers", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "configs": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1alpha2.GathererConfig"), - }, - }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "type", + "fields-to-discriminateBy": map[string]interface{}{ + "persistentVolume": "PersistentVolume", }, }, }, }, - Required: []string{"configs"}, }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1alpha2.GathererConfig"}, + "github.com/openshift/api/insights/v1.PersistentVolumeConfig"}, } } -func schema_openshift_api_insights_v1alpha2_DataGather(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1alpha1_DataGather(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -31464,21 +32195,21 @@ func schema_openshift_api_insights_v1alpha2_DataGather(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "spec holds user settable values for configuration", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1alpha2.DataGatherSpec"), + Ref: ref("github.com/openshift/api/insights/v1alpha1.DataGatherSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "status holds observed values from the cluster. They may not be overridden.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1alpha2.DataGatherStatus"), + Ref: ref("github.com/openshift/api/insights/v1alpha1.DataGatherStatus"), }, }, }, @@ -31486,11 +32217,11 @@ func schema_openshift_api_insights_v1alpha2_DataGather(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1alpha2.DataGatherSpec", "github.com/openshift/api/insights/v1alpha2.DataGatherStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/insights/v1alpha1.DataGatherSpec", "github.com/openshift/api/insights/v1alpha1.DataGatherStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_insights_v1alpha2_DataGatherList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1alpha1_DataGatherList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -31515,7 +32246,7 @@ func schema_openshift_api_insights_v1alpha2_DataGatherList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -31531,7 +32262,7 @@ func schema_openshift_api_insights_v1alpha2_DataGatherList(ref common.ReferenceC Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1alpha2.DataGather"), + Ref: ref("github.com/openshift/api/insights/v1alpha1.DataGather"), }, }, }, @@ -31541,11 +32272,11 @@ func schema_openshift_api_insights_v1alpha2_DataGatherList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1alpha2.DataGather", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/insights/v1alpha1.DataGather", metav1.ListMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_insights_v1alpha2_DataGatherSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1alpha1_DataGatherSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -31553,46 +32284,50 @@ func schema_openshift_api_insights_v1alpha2_DataGatherSpec(ref common.ReferenceC Type: []string{"object"}, Properties: map[string]spec.Schema{ "dataPolicy": { + SchemaProps: spec.SchemaProps{ + Description: "dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. Valid values are \"ClearText\" and \"ObfuscateNetworking\". When set to ClearText the data is not obfuscated. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is ClearText.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "gatherers": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", }, }, SchemaProps: spec.SchemaProps{ - Description: "dataPolicy is an optional list of DataPolicyOptions that allows user to enable additional obfuscation of the Insights archive data. It may not exceed 2 items and must not contain duplicates. Valid values are ObfuscateNetworking and WorkloadNames. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When set to WorkloadNames, the gathered data about cluster resources will not contain the workload names for your deployments. Resources UIDs will be used instead. When omitted no obfuscation is applied.", + Description: "gatherers is an optional list of gatherers configurations. The list must not exceed 100 items. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/insights/v1alpha1.GathererConfig"), }, }, }, }, }, - "gatherers": { - SchemaProps: spec.SchemaProps{ - Description: "gatherers is an optional field that specifies the configuration of the gatherers. If omitted, all gatherers will be run.", - Ref: ref("github.com/openshift/api/insights/v1alpha2.Gatherers"), - }, - }, "storage": { SchemaProps: spec.SchemaProps{ Description: "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", - Ref: ref("github.com/openshift/api/insights/v1alpha2.Storage"), + Ref: ref("github.com/openshift/api/insights/v1alpha1.Storage"), }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1alpha2.Gatherers", "github.com/openshift/api/insights/v1alpha2.Storage"}, + "github.com/openshift/api/insights/v1alpha1.GathererConfig", "github.com/openshift/api/insights/v1alpha1.Storage"}, } } -func schema_openshift_api_insights_v1alpha2_DataGatherStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1alpha1_DataGatherStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -31609,18 +32344,25 @@ func schema_openshift_api_insights_v1alpha2_DataGatherStatus(ref common.Referenc }, }, SchemaProps: spec.SchemaProps{ - Description: "conditions is an optional field that provides details on the status of the gatherer job. It may not exceed 100 items and must not contain duplicates.\n\nThe current condition types are DataUploaded, DataRecorded, DataProcessed, RemoteConfigurationNotAvailable, RemoteConfigurationInvalid\n\nThe DataUploaded condition is used to represent whether or not the archive was successfully uploaded for further processing. When it has a status of True and a reason of Succeeded, the archive was successfully uploaded. When it has a status of Unknown and a reason of NoUploadYet, the upload has not occurred, or there was no data to upload. When it has a status of False and a reason Failed, the upload failed. The accompanying message will include the specific error encountered.\n\nThe DataRecorded condition is used to represent whether or not the archive was successfully recorded. When it has a status of True and a reason of Succeeded, the archive was recorded successfully. When it has a status of Unknown and a reason of NoDataGatheringYet, the data gathering process has not started yet. When it has a status of False and a reason of RecordingFailed, the recording failed and a message will include the specific error encountered.\n\nThe DataProcessed condition is used to represent whether or not the archive was processed by the processing service. When it has a status of True and a reason of Processed, the data was processed successfully. When it has a status of Unknown and a reason of NothingToProcessYet, there is no data to process at the moment. When it has a status of False and a reason of Failure, processing failed and a message will include the specific error encountered.\n\nThe RemoteConfigurationAvailable condition is used to represent whether the remote configuration is available. When it has a status of Unknown and a reason of Unknown or RemoteConfigNotRequestedYet, the state of the remote configuration is unknown—typically at startup. When it has a status of True and a reason of Succeeded, the configuration is available. When it has a status of False and a reason of NoToken, the configuration was disabled by removing the cloud.openshift.com field from the pull secret. When it has a status of False and a reason of DisabledByConfiguration, the configuration was disabled in insightsdatagather.config.openshift.io.\n\nThe RemoteConfigurationValid condition is used to represent whether the remote configuration is valid. When it has a status of Unknown and a reason of Unknown or NoValidationYet, the validity of the remote configuration is unknown—typically at startup. When it has a status of True and a reason of Succeeded, the configuration is valid. When it has a status of False and a reason of Invalid, the configuration is invalid.\n\nThe Progressing condition is used to represent the phase of gathering When it has a status of False and the reason is DataGatherPending, the gathering has not started yet. When it has a status of True and reason is Gathering, the gathering is running. When it has a status of False and reason is GatheringSucceeded, the gathering succesfully finished. When it has a status of False and reason is GatheringFailed, the gathering failed.", + Description: "conditions provide details on the status of the gatherer job.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, }, }, + "dataGatherState": { + SchemaProps: spec.SchemaProps{ + Description: "dataGatherState reflects the current state of the data gathering process.", + Type: []string{"string"}, + Format: "", + }, + }, "gatherers": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ @@ -31637,7 +32379,7 @@ func schema_openshift_api_insights_v1alpha2_DataGatherStatus(ref common.Referenc Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1alpha2.GathererStatus"), + Ref: ref("github.com/openshift/api/insights/v1alpha1.GathererStatus"), }, }, }, @@ -31646,13 +32388,13 @@ func schema_openshift_api_insights_v1alpha2_DataGatherStatus(ref common.Referenc "startTime": { SchemaProps: spec.SchemaProps{ Description: "startTime is the time when Insights data gathering started.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "finishTime": { SchemaProps: spec.SchemaProps{ Description: "finishTime is the time when Insights data gathering finished.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "relatedObjects": { @@ -31666,13 +32408,13 @@ func schema_openshift_api_insights_v1alpha2_DataGatherStatus(ref common.Referenc }, }, SchemaProps: spec.SchemaProps{ - Description: "relatedObjects is an optional list of resources which are useful when debugging or inspecting the data gathering Pod It may not exceed 100 items and must not contain duplicates.", + Description: "relatedObjects is a list of resources which are useful when debugging or inspecting the data gathering Pod", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1alpha2.ObjectReference"), + Ref: ref("github.com/openshift/api/insights/v1alpha1.ObjectReference"), }, }, }, @@ -31680,7 +32422,7 @@ func schema_openshift_api_insights_v1alpha2_DataGatherStatus(ref common.Referenc }, "insightsRequestID": { SchemaProps: spec.SchemaProps{ - Description: "insightsRequestID is an optional Insights request ID to track the status of the Insights analysis (in console.redhat.com processing pipeline) for the corresponding Insights data archive. It may not exceed 256 characters and is immutable once set.", + Description: "insightsRequestID is an Insights request ID to track the status of the Insights analysis (in console.redhat.com processing pipeline) for the corresponding Insights data archive.", Type: []string{"string"}, Format: "", }, @@ -31689,18 +32431,18 @@ func schema_openshift_api_insights_v1alpha2_DataGatherStatus(ref common.Referenc SchemaProps: spec.SchemaProps{ Description: "insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet or the corresponding Insights analysis (identified by \"insightsRequestID\") is not available.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1alpha2.InsightsReport"), + Ref: ref("github.com/openshift/api/insights/v1alpha1.InsightsReport"), }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1alpha2.GathererStatus", "github.com/openshift/api/insights/v1alpha2.InsightsReport", "github.com/openshift/api/insights/v1alpha2.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + "github.com/openshift/api/insights/v1alpha1.GathererStatus", "github.com/openshift/api/insights/v1alpha1.InsightsReport", "github.com/openshift/api/insights/v1alpha1.ObjectReference", metav1.Condition{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, } } -func schema_openshift_api_insights_v1alpha2_GathererConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1alpha1_GathererConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -31709,7 +32451,7 @@ func schema_openshift_api_insights_v1alpha2_GathererConfig(ref common.ReferenceC Properties: map[string]spec.Schema{ "name": { SchemaProps: spec.SchemaProps{ - Description: "name is the required name of a specific gatherer It may not exceed 256 characters. The format for a gatherer name is: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + Description: "name is the required name of specific gatherer It must be at most 256 characters in length. The format for the gatherer name should be: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md.", Default: "", Type: []string{"string"}, Format: "", @@ -31717,20 +32459,20 @@ func schema_openshift_api_insights_v1alpha2_GathererConfig(ref common.ReferenceC }, "state": { SchemaProps: spec.SchemaProps{ - Description: "state is a required field that allows you to configure specific gatherer. Valid values are \"Enabled\" and \"Disabled\". When set to Enabled the gatherer will run. When set to Disabled the gatherer will not run.", + Description: "state allows you to configure specific gatherer. Valid values are \"Enabled\", \"Disabled\" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default. The current default is Enabled.", Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"name", "state"}, + Required: []string{"name"}, }, }, } } -func schema_openshift_api_insights_v1alpha2_GathererStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1alpha1_GathererStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -31747,13 +32489,13 @@ func schema_openshift_api_insights_v1alpha2_GathererStatus(ref common.ReferenceC }, }, SchemaProps: spec.SchemaProps{ - Description: "conditions provide details on the status of each gatherer.\n\nThe current condition type is DataGathered\n\nThe DataGathered condition is used to represent whether or not the data was gathered by a gatherer specified by name. When it has a status of True and a reason of GatheredOK, the data has been successfully gathered as expected. When it has a status of False and a reason of NoData, no data was gathered—for example, when the resource is not present in the cluster. When it has a status of False and a reason of GatherError, an error occurred and no data was gathered. When it has a status of False and a reason of GatherPanic, a panic occurred during gathering and no data was collected. When it has a status of False and a reason of GatherWithErrorReason, data was partially gathered or gathered with an error message.", + Description: "conditions provide details on the status of each gatherer.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -31761,72 +32503,28 @@ func schema_openshift_api_insights_v1alpha2_GathererStatus(ref common.ReferenceC }, "name": { SchemaProps: spec.SchemaProps{ - Description: "name is the required name of the gatherer. It must contain at least 5 characters and may not exceed 256 characters.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "lastGatherSeconds": { - SchemaProps: spec.SchemaProps{ - Description: "lastGatherSeconds is required field that represents the time spent gathering in seconds", - Default: 0, - Type: []string{"integer"}, - Format: "int32", - }, - }, - }, - Required: []string{"name", "lastGatherSeconds"}, - }, - }, - Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, - } -} - -func schema_openshift_api_insights_v1alpha2_Gatherers(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "Gathereres specifies the configuration of the gatherers", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "mode": { - SchemaProps: spec.SchemaProps{ - Description: "mode is a required field that specifies the mode for gatherers. Allowed values are All and Custom. When set to All, all gatherers wil run and gather data. When set to Custom, the custom configuration from the custom field will be applied.", + Description: "name is the name of the gatherer.", Default: "", Type: []string{"string"}, Format: "", }, }, - "custom": { + "lastGatherDuration": { SchemaProps: spec.SchemaProps{ - Description: "custom provides gathering configuration. It is required when mode is Custom, and forbidden otherwise. Custom configuration allows user to disable only a subset of gatherers. Gatherers that are not explicitly disabled in custom configuration will run.", - Ref: ref("github.com/openshift/api/insights/v1alpha2.Custom"), - }, - }, - }, - Required: []string{"mode"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "mode", - "fields-to-discriminateBy": map[string]interface{}{ - "custom": "Custom", - }, + Description: "lastGatherDuration represents the time spent gathering.", + Ref: ref(metav1.Duration{}.OpenAPIModelName()), }, }, }, + Required: []string{"conditions", "name", "lastGatherDuration"}, }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1alpha2.Custom"}, + metav1.Condition{}.OpenAPIModelName(), metav1.Duration{}.OpenAPIModelName()}, } } -func schema_openshift_api_insights_v1alpha2_HealthCheck(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1alpha1_HealthCheck(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -31835,7 +32533,7 @@ func schema_openshift_api_insights_v1alpha2_HealthCheck(ref common.ReferenceCall Properties: map[string]spec.Schema{ "description": { SchemaProps: spec.SchemaProps{ - Description: "description is required field that provides basic description of the healtcheck. It must contain at least 10 characters and may not exceed 2048 characters.", + Description: "description provides basic description of the healtcheck.", Default: "", Type: []string{"string"}, Format: "", @@ -31843,49 +32541,52 @@ func schema_openshift_api_insights_v1alpha2_HealthCheck(ref common.ReferenceCall }, "totalRisk": { SchemaProps: spec.SchemaProps{ - Description: "totalRisk is the required field of the healthcheck. It is indicator of the total risk posed by the detected issue; combination of impact and likelihood. Allowed values are Low, Medium, Important and Critical. The value represents the severity of the issue.", + Description: "totalRisk of the healthcheck. Indicator of the total risk posed by the detected issue; combination of impact and likelihood. The values can be from 1 to 4, and the higher the number, the more important the issue.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", + }, + }, + "advisorURI": { + SchemaProps: spec.SchemaProps{ + Description: "advisorURI is required field that provides the URL link to the Insights Advisor. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", Default: "", Type: []string{"string"}, Format: "", }, }, - "advisorURI": { + "state": { SchemaProps: spec.SchemaProps{ - Description: "advisorURI is required field that provides the URL link to the Insights Advisor. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", + Description: "state determines what the current state of the health check is. Health check is enabled by default and can be disabled by the user in the Insights advisor user interface.", Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"description", "totalRisk", "advisorURI"}, + Required: []string{"description", "totalRisk", "advisorURI", "state"}, }, }, } } -func schema_openshift_api_insights_v1alpha2_InsightsReport(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1alpha1_InsightsReport(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ Description: "insightsReport provides Insights health check report based on the most recently sent Insights data.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "downloadedTime": { + "downloadedAt": { SchemaProps: spec.SchemaProps{ - Description: "downloadedTime is an optional time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled).", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Description: "downloadedAt is the time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled).", + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "healthChecks": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "advisorURI", - "totalRisk", - "description", - }, - "x-kubernetes-list-type": "map", + "x-kubernetes-list-type": "atomic", }, }, SchemaProps: spec.SchemaProps{ @@ -31895,7 +32596,7 @@ func schema_openshift_api_insights_v1alpha2_InsightsReport(ref common.ReferenceC Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1alpha2.HealthCheck"), + Ref: ref("github.com/openshift/api/insights/v1alpha1.HealthCheck"), }, }, }, @@ -31912,11 +32613,11 @@ func schema_openshift_api_insights_v1alpha2_InsightsReport(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/insights/v1alpha2.HealthCheck", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + "github.com/openshift/api/insights/v1alpha1.HealthCheck", metav1.Time{}.OpenAPIModelName()}, } } -func schema_openshift_api_insights_v1alpha2_ObjectReference(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1alpha1_ObjectReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -31925,7 +32626,7 @@ func schema_openshift_api_insights_v1alpha2_ObjectReference(ref common.Reference Properties: map[string]spec.Schema{ "group": { SchemaProps: spec.SchemaProps{ - Description: "group is required field that specifies the API Group of the Resource. Enter empty string for the core group. This value is empty or it should follow the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start with an alphabetic character and end with an alphanumeric character. Example: \"\", \"apps\", \"build.openshift.io\", etc.", + Description: "group is the API Group of the Resource. Enter empty string for the core group. This value is empty or should follow the DNS1123 subdomain format and it must be at most 253 characters in length. Example: \"\", \"apps\", \"build.openshift.io\", etc.", Default: "", Type: []string{"string"}, Format: "", @@ -31933,7 +32634,7 @@ func schema_openshift_api_insights_v1alpha2_ObjectReference(ref common.Reference }, "resource": { SchemaProps: spec.SchemaProps{ - Description: "resource is required field of the type that is being referenced and follows the DNS1035 format. It is normally the plural form of the resource kind in lowercase. It must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character. Example: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", + Description: "resource is required field of the type that is being referenced. It is normally the plural form of the resource kind in lowercase. This value should consist of only lowercase alphanumeric characters and hyphens. Example: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", Default: "", Type: []string{"string"}, Format: "", @@ -31941,7 +32642,7 @@ func schema_openshift_api_insights_v1alpha2_ObjectReference(ref common.Reference }, "name": { SchemaProps: spec.SchemaProps{ - Description: "name is required field that specifies the referent that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start with an alphabetic character and end with an alphanumeric character..", + Description: "name of the referent that follows the DNS1123 subdomain format. It must be at most 256 characters in length.", Default: "", Type: []string{"string"}, Format: "", @@ -31949,7 +32650,7 @@ func schema_openshift_api_insights_v1alpha2_ObjectReference(ref common.Reference }, "namespace": { SchemaProps: spec.SchemaProps{ - Description: "namespace if required field of the referent that follows the DNS1123 labels format. It must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character.", + Description: "namespace of the referent that follows the DNS1123 subdomain format. It must be at most 253 characters in length.", Default: "", Type: []string{"string"}, Format: "", @@ -31962,7 +32663,7 @@ func schema_openshift_api_insights_v1alpha2_ObjectReference(ref common.Reference } } -func schema_openshift_api_insights_v1alpha2_PersistentVolumeClaimReference(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1alpha1_PersistentVolumeClaimReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -31976,367 +32677,117 @@ func schema_openshift_api_insights_v1alpha2_PersistentVolumeClaimReference(ref c Type: []string{"string"}, Format: "", }, - }, - }, - Required: []string{"name"}, - }, - }, - } -} - -func schema_openshift_api_insights_v1alpha2_PersistentVolumeConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "persistentVolumeConfig provides configuration options for PersistentVolume storage.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "claim": { - SchemaProps: spec.SchemaProps{ - Description: "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/insights/v1alpha2.PersistentVolumeClaimReference"), - }, - }, - "mountPath": { - SchemaProps: spec.SchemaProps{ - Description: "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", - Type: []string{"string"}, - Format: "", - }, - }, - }, - Required: []string{"claim"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/insights/v1alpha2.PersistentVolumeClaimReference"}, - } -} - -func schema_openshift_api_insights_v1alpha2_Storage(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "type": { - SchemaProps: spec.SchemaProps{ - Description: "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the PersistentVolume field.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "persistentVolume": { - SchemaProps: spec.SchemaProps{ - Description: "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", - Ref: ref("github.com/openshift/api/insights/v1alpha2.PersistentVolumeConfig"), - }, - }, - }, - Required: []string{"type"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "type", - "fields-to-discriminateBy": map[string]interface{}{ - "persistentVolume": "PersistentVolume", - }, - }, - }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/insights/v1alpha2.PersistentVolumeConfig"}, - } -} - -func schema_openshift_api_kubecontrolplane_v1_AggregatorConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "AggregatorConfig holds information required to make the aggregator function.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "proxyClientInfo": { - SchemaProps: spec.SchemaProps{ - Description: "proxyClientInfo specifies the client cert/key to use when proxying to aggregated API servers", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1.CertInfo"), - }, - }, - }, - Required: []string{"proxyClientInfo"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/config/v1.CertInfo"}, - } -} - -func schema_openshift_api_kubecontrolplane_v1_KubeAPIServerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "servingInfo": { - SchemaProps: spec.SchemaProps{ - Description: "servingInfo describes how to start serving", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1.HTTPServingInfo"), - }, - }, - "corsAllowedOrigins": { - SchemaProps: spec.SchemaProps{ - Description: "corsAllowedOrigins", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "auditConfig": { - SchemaProps: spec.SchemaProps{ - Description: "auditConfig describes how to configure audit information", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1.AuditConfig"), - }, - }, - "storageConfig": { - SchemaProps: spec.SchemaProps{ - Description: "storageConfig contains information about how to use", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1.EtcdStorageConfig"), - }, - }, - "admission": { - SchemaProps: spec.SchemaProps{ - Description: "admissionConfig holds information about how to configure admission.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1.AdmissionConfig"), - }, - }, - "kubeClientConfig": { - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1.KubeClientConfig"), - }, - }, - "authConfig": { - SchemaProps: spec.SchemaProps{ - Description: "authConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/kubecontrolplane/v1.MasterAuthConfig"), - }, - }, - "aggregatorConfig": { - SchemaProps: spec.SchemaProps{ - Description: "aggregatorConfig has options for configuring the aggregator component of the API server.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/kubecontrolplane/v1.AggregatorConfig"), - }, - }, - "kubeletClientInfo": { - SchemaProps: spec.SchemaProps{ - Description: "kubeletClientInfo contains information about how to connect to kubelets", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/kubecontrolplane/v1.KubeletConnectionInfo"), - }, - }, - "servicesSubnet": { - SchemaProps: spec.SchemaProps{ - Description: "servicesSubnet is the subnet to use for assigning service IPs", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "servicesNodePortRange": { - SchemaProps: spec.SchemaProps{ - Description: "servicesNodePortRange is the range to use for assigning service public ports on a host.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "consolePublicURL": { - SchemaProps: spec.SchemaProps{ - Description: "DEPRECATED: consolePublicURL has been deprecated and setting it has no effect.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "userAgentMatchingConfig": { - SchemaProps: spec.SchemaProps{ - Description: "userAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/kubecontrolplane/v1.UserAgentMatchingConfig"), - }, - }, - "imagePolicyConfig": { - SchemaProps: spec.SchemaProps{ - Description: "imagePolicyConfig feeds the image policy admission plugin", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/kubecontrolplane/v1.KubeAPIServerImagePolicyConfig"), - }, - }, - "projectConfig": { - SchemaProps: spec.SchemaProps{ - Description: "projectConfig feeds an admission plugin", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/kubecontrolplane/v1.KubeAPIServerProjectConfig"), - }, - }, - "serviceAccountPublicKeyFiles": { - SchemaProps: spec.SchemaProps{ - Description: "serviceAccountPublicKeyFiles is a list of files, each containing a PEM-encoded public RSA key. (If any file contains a private key, the public portion of the key is used) The list of public keys is used to verify presented service account tokens. Each key is tried in order until the list is exhausted or verification succeeds. If no keys are specified, no service account authentication will be available.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "oauthConfig": { - SchemaProps: spec.SchemaProps{ - Description: "oauthConfig, if present start the /oauth endpoint in this process", - Ref: ref("github.com/openshift/api/osin/v1.OAuthConfig"), - }, - }, - "apiServerArguments": { - SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - }, + }, + }, + Required: []string{"name"}, + }, + }, + } +} + +func schema_openshift_api_insights_v1alpha1_PersistentVolumeConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "persistentVolumeConfig provides configuration options for PersistentVolume storage.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "claim": { + SchemaProps: spec.SchemaProps{ + Description: "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/insights/v1alpha1.PersistentVolumeClaimReference"), }, }, - "minimumKubeletVersion": { + "mountPath": { SchemaProps: spec.SchemaProps{ - Description: "minimumKubeletVersion is the lowest version of a kubelet that can join the cluster. Specifically, the apiserver will deny most authorization requests of kubelets that are older than the specified version, only allowing the kubelet to get and update its node object, and perform subjectaccessreviews. This means any kubelet that attempts to join the cluster will not be able to run any assigned workloads, and will eventually be marked as not ready. Its max length is 8, so maximum version allowed is either \"9.999.99\" or \"99.99.99\". Since the kubelet reports the version of the kubernetes release, not Openshift, this field references the underlying kubernetes version this version of Openshift is based off of. In other words: if an admin wishes to ensure no nodes run an older version than Openshift 4.17, then they should set the minimumKubeletVersion to 1.30.0. When comparing versions, the kubelet's version is stripped of any contents outside of major.minor.patch version. Thus, a kubelet with version \"1.0.0-ec.0\" will be compatible with minimumKubeletVersion \"1.0.0\" or earlier.", - Default: "", + Description: "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"servingInfo", "corsAllowedOrigins", "auditConfig", "storageConfig", "admission", "kubeClientConfig", "authConfig", "aggregatorConfig", "kubeletClientInfo", "servicesSubnet", "servicesNodePortRange", "consolePublicURL", "userAgentMatchingConfig", "imagePolicyConfig", "projectConfig", "serviceAccountPublicKeyFiles", "oauthConfig", "apiServerArguments"}, + Required: []string{"claim"}, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.AdmissionConfig", "github.com/openshift/api/config/v1.AuditConfig", "github.com/openshift/api/config/v1.EtcdStorageConfig", "github.com/openshift/api/config/v1.HTTPServingInfo", "github.com/openshift/api/config/v1.KubeClientConfig", "github.com/openshift/api/kubecontrolplane/v1.AggregatorConfig", "github.com/openshift/api/kubecontrolplane/v1.KubeAPIServerImagePolicyConfig", "github.com/openshift/api/kubecontrolplane/v1.KubeAPIServerProjectConfig", "github.com/openshift/api/kubecontrolplane/v1.KubeletConnectionInfo", "github.com/openshift/api/kubecontrolplane/v1.MasterAuthConfig", "github.com/openshift/api/kubecontrolplane/v1.UserAgentMatchingConfig", "github.com/openshift/api/osin/v1.OAuthConfig"}, + "github.com/openshift/api/insights/v1alpha1.PersistentVolumeClaimReference"}, } } -func schema_openshift_api_kubecontrolplane_v1_KubeAPIServerImagePolicyConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1alpha1_Storage(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "internalRegistryHostname": { + "type": { SchemaProps: spec.SchemaProps{ - Description: "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format.", + Description: "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the PersistentVolume field.", Default: "", Type: []string{"string"}, Format: "", }, }, - "externalRegistryHostnames": { + "persistentVolume": { SchemaProps: spec.SchemaProps{ - Description: "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", + Ref: ref("github.com/openshift/api/insights/v1alpha1.PersistentVolumeConfig"), }, }, }, - Required: []string{"internalRegistryHostname", "externalRegistryHostnames"}, + Required: []string{"type"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/insights/v1alpha1.PersistentVolumeConfig"}, } } -func schema_openshift_api_kubecontrolplane_v1_KubeAPIServerProjectConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1alpha2_Custom(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "custom provides the custom configuration of gatherers", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "defaultNodeSelector": { + "configs": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "defaultNodeSelector holds default project node label selector", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/insights/v1alpha2.GathererConfig"), + }, + }, + }, }, }, }, - Required: []string{"defaultNodeSelector"}, + Required: []string{"configs"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/insights/v1alpha2.GathererConfig"}, } } -func schema_openshift_api_kubecontrolplane_v1_KubeControllerManagerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1alpha2_DataGather(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "DataGather provides data gather configuration options and status for the particular Insights data gathering.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -32353,560 +32804,603 @@ func schema_openshift_api_kubecontrolplane_v1_KubeControllerManagerConfig(ref co Format: "", }, }, - "serviceServingCert": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "serviceServingCert provides support for the old alpha service serving cert signer CA bundle", + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/kubecontrolplane/v1.ServiceServingCert"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, - "projectConfig": { + "spec": { SchemaProps: spec.SchemaProps{ - Description: "projectConfig is an optimization for the daemonset controller", + Description: "spec holds user settable values for configuration", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/kubecontrolplane/v1.KubeControllerManagerProjectConfig"), + Ref: ref("github.com/openshift/api/insights/v1alpha2.DataGatherSpec"), }, }, - "extendedArguments": { + "status": { SchemaProps: spec.SchemaProps{ - Description: "extendedArguments is used to configure the kube-controller-manager", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - }, + Description: "status holds observed values from the cluster. They may not be overridden.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/insights/v1alpha2.DataGatherStatus"), }, }, }, - Required: []string{"serviceServingCert", "projectConfig", "extendedArguments"}, + Required: []string{"spec"}, }, }, Dependencies: []string{ - "github.com/openshift/api/kubecontrolplane/v1.KubeControllerManagerProjectConfig", "github.com/openshift/api/kubecontrolplane/v1.ServiceServingCert"}, + "github.com/openshift/api/insights/v1alpha2.DataGatherSpec", "github.com/openshift/api/insights/v1alpha2.DataGatherStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_kubecontrolplane_v1_KubeControllerManagerProjectConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1alpha2_DataGatherList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "DataGatherList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "defaultNodeSelector": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "defaultNodeSelector holds default project node label selector", - Default: "", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - }, - Required: []string{"defaultNodeSelector"}, - }, - }, - } -} - -func schema_openshift_api_kubecontrolplane_v1_KubeletConnectionInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "KubeletConnectionInfo holds information necessary for connecting to a kubelet", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "port": { - SchemaProps: spec.SchemaProps{ - Description: "port is the port to connect to kubelets on", - Default: 0, - Type: []string{"integer"}, - Format: "int64", - }, - }, - "ca": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "ca is the CA for verifying TLS connections to kubelets", - Default: "", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - "certFile": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "certFile is a file containing a PEM-encoded certificate", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, - "keyFile": { + "items": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "items contains a list of DataGather resources.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/insights/v1alpha2.DataGather"), + }, + }, + }, }, }, }, - Required: []string{"port", "ca", "certFile", "keyFile"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/insights/v1alpha2.DataGather", metav1.ListMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_kubecontrolplane_v1_MasterAuthConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1alpha2_DataGatherSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MasterAuthConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", + Description: "DataGatherSpec contains the configuration for the DataGather.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "requestHeader": { - SchemaProps: spec.SchemaProps{ - Description: "requestHeader holds options for setting up a front proxy against the API. It is optional.", - Ref: ref("github.com/openshift/api/kubecontrolplane/v1.RequestHeaderAuthenticationOptions"), + "dataPolicy": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, }, - }, - "webhookTokenAuthenticators": { SchemaProps: spec.SchemaProps{ - Description: "webhookTokenAuthenticators, if present configures remote token reviewers", + Description: "dataPolicy is an optional list of DataPolicyOptions that allows user to enable additional obfuscation of the Insights archive data. It may not exceed 2 items and must not contain duplicates. Valid values are ObfuscateNetworking and WorkloadNames. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When set to WorkloadNames, the gathered data about cluster resources will not contain the workload names for your deployments. Resources UIDs will be used instead. When omitted no obfuscation is applied.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/kubecontrolplane/v1.WebhookTokenAuthenticator"), + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, }, }, - "oauthMetadataFile": { + "gatherers": { SchemaProps: spec.SchemaProps{ - Description: "oauthMetadataFile is a path to a file containing the discovery endpoint for OAuth 2.0 Authorization Server Metadata for an external OAuth server. See IETF Draft: // https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This option is mutually exclusive with OAuthConfig", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "gatherers is an optional field that specifies the configuration of the gatherers. If omitted, all gatherers will be run.", + Ref: ref("github.com/openshift/api/insights/v1alpha2.Gatherers"), + }, + }, + "storage": { + SchemaProps: spec.SchemaProps{ + Description: "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", + Ref: ref("github.com/openshift/api/insights/v1alpha2.Storage"), }, }, }, - Required: []string{"requestHeader", "webhookTokenAuthenticators", "oauthMetadataFile"}, }, }, Dependencies: []string{ - "github.com/openshift/api/kubecontrolplane/v1.RequestHeaderAuthenticationOptions", "github.com/openshift/api/kubecontrolplane/v1.WebhookTokenAuthenticator"}, + "github.com/openshift/api/insights/v1alpha2.Gatherers", "github.com/openshift/api/insights/v1alpha2.Storage"}, } } -func schema_openshift_api_kubecontrolplane_v1_RequestHeaderAuthenticationOptions(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1alpha2_DataGatherStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "RequestHeaderAuthenticationOptions provides options for setting up a front proxy against the entire API instead of against the /oauth endpoint.", + Description: "DataGatherStatus contains information relating to the DataGather state.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "clientCA": { - SchemaProps: spec.SchemaProps{ - Description: "clientCA is a file with the trusted signer certs. It is required.", - Default: "", - Type: []string{"string"}, - Format: "", + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + }, }, - }, - "clientCommonNames": { SchemaProps: spec.SchemaProps{ - Description: "clientCommonNames is a required list of common names to require a match from.", + Description: "conditions is an optional field that provides details on the status of the gatherer job. It may not exceed 100 items and must not contain duplicates.\n\nThe current condition types are DataUploaded, DataRecorded, DataProcessed, RemoteConfigurationNotAvailable, RemoteConfigurationInvalid\n\nThe DataUploaded condition is used to represent whether or not the archive was successfully uploaded for further processing. When it has a status of True and a reason of Succeeded, the archive was successfully uploaded. When it has a status of Unknown and a reason of NoUploadYet, the upload has not occurred, or there was no data to upload. When it has a status of False and a reason Failed, the upload failed. The accompanying message will include the specific error encountered.\n\nThe DataRecorded condition is used to represent whether or not the archive was successfully recorded. When it has a status of True and a reason of Succeeded, the archive was recorded successfully. When it has a status of Unknown and a reason of NoDataGatheringYet, the data gathering process has not started yet. When it has a status of False and a reason of RecordingFailed, the recording failed and a message will include the specific error encountered.\n\nThe DataProcessed condition is used to represent whether or not the archive was processed by the processing service. When it has a status of True and a reason of Processed, the data was processed successfully. When it has a status of Unknown and a reason of NothingToProcessYet, there is no data to process at the moment. When it has a status of False and a reason of Failure, processing failed and a message will include the specific error encountered.\n\nThe RemoteConfigurationAvailable condition is used to represent whether the remote configuration is available. When it has a status of Unknown and a reason of Unknown or RemoteConfigNotRequestedYet, the state of the remote configuration is unknown—typically at startup. When it has a status of True and a reason of Succeeded, the configuration is available. When it has a status of False and a reason of NoToken, the configuration was disabled by removing the cloud.openshift.com field from the pull secret. When it has a status of False and a reason of DisabledByConfiguration, the configuration was disabled in insightsdatagather.config.openshift.io.\n\nThe RemoteConfigurationValid condition is used to represent whether the remote configuration is valid. When it has a status of Unknown and a reason of Unknown or NoValidationYet, the validity of the remote configuration is unknown—typically at startup. When it has a status of True and a reason of Succeeded, the configuration is valid. When it has a status of False and a reason of Invalid, the configuration is invalid.\n\nThe Progressing condition is used to represent the phase of gathering When it has a status of False and the reason is DataGatherPending, the gathering has not started yet. When it has a status of True and reason is Gathering, the gathering is running. When it has a status of False and reason is GatheringSucceeded, the gathering succesfully finished. When it has a status of False and reason is GatheringFailed, the gathering failed.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Default: map[string]interface{}{}, + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, }, }, - "usernameHeaders": { + "gatherers": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "usernameHeaders is the list of headers to check for user information. First hit wins.", + Description: "gatherers is a list of active gatherers (and their statuses) in the last gathering.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/insights/v1alpha2.GathererStatus"), }, }, }, }, }, - "groupHeaders": { + "startTime": { SchemaProps: spec.SchemaProps{ - Description: "groupHeaders is the set of headers to check for group information. All are unioned.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, + Description: "startTime is the time when Insights data gathering started.", + Ref: ref(metav1.Time{}.OpenAPIModelName()), + }, + }, + "finishTime": { + SchemaProps: spec.SchemaProps{ + Description: "finishTime is the time when Insights data gathering finished.", + Ref: ref(metav1.Time{}.OpenAPIModelName()), + }, + }, + "relatedObjects": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + "namespace", }, + "x-kubernetes-list-type": "map", }, }, - }, - "extraHeaderPrefixes": { SchemaProps: spec.SchemaProps{ - Description: "extraHeaderPrefixes is the set of request header prefixes to inspect for user extra. X-Remote-Extra- is suggested.", + Description: "relatedObjects is an optional list of resources which are useful when debugging or inspecting the data gathering Pod It may not exceed 100 items and must not contain duplicates.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/insights/v1alpha2.ObjectReference"), }, }, }, }, }, + "insightsRequestID": { + SchemaProps: spec.SchemaProps{ + Description: "insightsRequestID is an optional Insights request ID to track the status of the Insights analysis (in console.redhat.com processing pipeline) for the corresponding Insights data archive. It may not exceed 256 characters and is immutable once set.", + Type: []string{"string"}, + Format: "", + }, + }, + "insightsReport": { + SchemaProps: spec.SchemaProps{ + Description: "insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet or the corresponding Insights analysis (identified by \"insightsRequestID\") is not available.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/insights/v1alpha2.InsightsReport"), + }, + }, }, - Required: []string{"clientCA", "clientCommonNames", "usernameHeaders", "groupHeaders", "extraHeaderPrefixes"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/insights/v1alpha2.GathererStatus", "github.com/openshift/api/insights/v1alpha2.InsightsReport", "github.com/openshift/api/insights/v1alpha2.ObjectReference", metav1.Condition{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, } } -func schema_openshift_api_kubecontrolplane_v1_ServiceServingCert(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1alpha2_GathererConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ServiceServingCert holds configuration for service serving cert signer which creates cert/key pairs for pods fulfilling a service to serve with.", + Description: "gathererConfig allows to configure specific gatherers", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "certFile": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "certFile is a file containing a PEM-encoded certificate", + Description: "name is the required name of a specific gatherer It may not exceed 256 characters. The format for a gatherer name is: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "state": { + SchemaProps: spec.SchemaProps{ + Description: "state is a required field that allows you to configure specific gatherer. Valid values are \"Enabled\" and \"Disabled\". When set to Enabled the gatherer will run. When set to Disabled the gatherer will not run.", Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"certFile"}, + Required: []string{"name", "state"}, }, }, } } -func schema_openshift_api_kubecontrolplane_v1_UserAgentDenyRule(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1alpha2_GathererStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "UserAgentDenyRule adds a rejection message that can be used to help a user figure out how to get an approved client", + Description: "gathererStatus represents information about a particular data gatherer.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "regex": { - SchemaProps: spec.SchemaProps{ - Description: "regex is a regex that is checked against the User-Agent. Known variants of oc clients 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f", - Default: "", - Type: []string{"string"}, - Format: "", + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + }, }, - }, - "httpVerbs": { SchemaProps: spec.SchemaProps{ - Description: "httpVerbs specifies which HTTP verbs should be matched. An empty list means \"match all verbs\".", + Description: "conditions provide details on the status of each gatherer.\n\nThe current condition type is DataGathered\n\nThe DataGathered condition is used to represent whether or not the data was gathered by a gatherer specified by name. When it has a status of True and a reason of GatheredOK, the data has been successfully gathered as expected. When it has a status of False and a reason of NoData, no data was gathered—for example, when the resource is not present in the cluster. When it has a status of False and a reason of GatherError, an error occurred and no data was gathered. When it has a status of False and a reason of GatherPanic, a panic occurred during gathering and no data was collected. When it has a status of False and a reason of GatherWithErrorReason, data was partially gathered or gathered with an error message.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Default: map[string]interface{}{}, + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, }, }, - "rejectionMessage": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "rejectionMessage is the message shown when rejecting a client. If it is not a set, the default message is used.", + Description: "name is the required name of the gatherer. It must contain at least 5 characters and may not exceed 256 characters.", Default: "", Type: []string{"string"}, Format: "", }, }, + "lastGatherSeconds": { + SchemaProps: spec.SchemaProps{ + Description: "lastGatherSeconds is required field that represents the time spent gathering in seconds", + Default: 0, + Type: []string{"integer"}, + Format: "int32", + }, + }, }, - Required: []string{"regex", "httpVerbs", "rejectionMessage"}, + Required: []string{"name", "lastGatherSeconds"}, }, }, + Dependencies: []string{ + metav1.Condition{}.OpenAPIModelName()}, } } -func schema_openshift_api_kubecontrolplane_v1_UserAgentMatchRule(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1alpha2_Gatherers(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "UserAgentMatchRule describes how to match a given request based on User-Agent and HTTPVerb", + Description: "Gathereres specifies the configuration of the gatherers", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "regex": { + "mode": { SchemaProps: spec.SchemaProps{ - Description: "regex is a regex that is checked against the User-Agent. Known variants of oc clients 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f", + Description: "mode is a required field that specifies the mode for gatherers. Allowed values are All and Custom. When set to All, all gatherers wil run and gather data. When set to Custom, the custom configuration from the custom field will be applied.", Default: "", Type: []string{"string"}, Format: "", }, }, - "httpVerbs": { + "custom": { SchemaProps: spec.SchemaProps{ - Description: "httpVerbs specifies which HTTP verbs should be matched. An empty list means \"match all verbs\".", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, + Description: "custom provides gathering configuration. It is required when mode is Custom, and forbidden otherwise. Custom configuration allows user to disable only a subset of gatherers. Gatherers that are not explicitly disabled in custom configuration will run.", + Ref: ref("github.com/openshift/api/insights/v1alpha2.Custom"), + }, + }, + }, + Required: []string{"mode"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "mode", + "fields-to-discriminateBy": map[string]interface{}{ + "custom": "Custom", }, }, }, }, - Required: []string{"regex", "httpVerbs"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/insights/v1alpha2.Custom"}, } } -func schema_openshift_api_kubecontrolplane_v1_UserAgentMatchingConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1alpha2_HealthCheck(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "UserAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!", + Description: "healthCheck represents an Insights health check attributes.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "requiredClients": { + "description": { SchemaProps: spec.SchemaProps{ - Description: "requiredClients if this list is non-empty, then a User-Agent must match one of the UserAgentRegexes to be allowed", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/kubecontrolplane/v1.UserAgentMatchRule"), - }, + Description: "description is required field that provides basic description of the healtcheck. It must contain at least 10 characters and may not exceed 2048 characters.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "totalRisk": { + SchemaProps: spec.SchemaProps{ + Description: "totalRisk is the required field of the healthcheck. It is indicator of the total risk posed by the detected issue; combination of impact and likelihood. Allowed values are Low, Medium, Important and Critical. The value represents the severity of the issue.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "advisorURI": { + SchemaProps: spec.SchemaProps{ + Description: "advisorURI is required field that provides the URL link to the Insights Advisor. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"description", "totalRisk", "advisorURI"}, + }, + }, + } +} + +func schema_openshift_api_insights_v1alpha2_InsightsReport(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "insightsReport provides Insights health check report based on the most recently sent Insights data.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "downloadedTime": { + SchemaProps: spec.SchemaProps{ + Description: "downloadedTime is an optional time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled).", + Ref: ref(metav1.Time{}.OpenAPIModelName()), + }, + }, + "healthChecks": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "advisorURI", + "totalRisk", + "description", }, + "x-kubernetes-list-type": "map", }, }, - }, - "deniedClients": { SchemaProps: spec.SchemaProps{ - Description: "deniedClients if this list is non-empty, then a User-Agent must not match any of the UserAgentRegexes", + Description: "healthChecks provides basic information about active Insights health checks in a cluster.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/kubecontrolplane/v1.UserAgentDenyRule"), + Ref: ref("github.com/openshift/api/insights/v1alpha2.HealthCheck"), }, }, }, }, }, - "defaultRejectionMessage": { + "uri": { SchemaProps: spec.SchemaProps{ - Description: "defaultRejectionMessage is the message shown when rejecting a client. If it is not a set, a generic message is given.", - Default: "", + Description: "uri is optional field that provides the URL link from which the report was downloaded. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"requiredClients", "deniedClients", "defaultRejectionMessage"}, }, }, Dependencies: []string{ - "github.com/openshift/api/kubecontrolplane/v1.UserAgentDenyRule", "github.com/openshift/api/kubecontrolplane/v1.UserAgentMatchRule"}, + "github.com/openshift/api/insights/v1alpha2.HealthCheck", metav1.Time{}.OpenAPIModelName()}, } } -func schema_openshift_api_kubecontrolplane_v1_WebhookTokenAuthenticator(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1alpha2_ObjectReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "WebhookTokenAuthenticators holds the necessary configuation options for external token authenticators", + Description: "ObjectReference contains enough information to let you inspect or modify the referred object.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "configFile": { + "group": { + SchemaProps: spec.SchemaProps{ + Description: "group is required field that specifies the API Group of the Resource. Enter empty string for the core group. This value is empty or it should follow the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start with an alphabetic character and end with an alphanumeric character. Example: \"\", \"apps\", \"build.openshift.io\", etc.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "resource": { SchemaProps: spec.SchemaProps{ - Description: "configFile is a path to a Kubeconfig file with the webhook configuration", + Description: "resource is required field of the type that is being referenced and follows the DNS1035 format. It is normally the plural form of the resource kind in lowercase. It must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character. Example: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", Default: "", Type: []string{"string"}, Format: "", }, }, - "cacheTTL": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "cacheTTL indicates how long an authentication result should be cached. It takes a valid time duration string (e.g. \"5m\"). If empty, you get a default timeout of 2 minutes. If zero (e.g. \"0m\"), caching is disabled", + Description: "name is required field that specifies the referent that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start with an alphabetic character and end with an alphanumeric character..", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "namespace": { + SchemaProps: spec.SchemaProps{ + Description: "namespace if required field of the referent that follows the DNS1123 labels format. It must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character.", Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"configFile", "cacheTTL"}, + Required: []string{"group", "resource", "name", "namespace"}, }, }, } } -func schema_openshift_api_legacyconfig_v1_ActiveDirectoryConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1alpha2_PersistentVolumeClaimReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ActiveDirectoryConfig holds the necessary configuration options to define how an LDAP group sync interacts with an LDAP server using the Active Directory schema", + Description: "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "usersQuery": { - SchemaProps: spec.SchemaProps{ - Description: "AllUsersQuery holds the template for an LDAP query that returns user entries.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.LDAPQuery"), - }, - }, - "userNameAttributes": { - SchemaProps: spec.SchemaProps{ - Description: "userNameAttributes defines which attributes on an LDAP user entry will be interpreted as its OpenShift user name.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "groupMembershipAttributes": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "groupMembershipAttributes defines which attributes on an LDAP user entry will be interpreted as the groups it is a member of", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"usersQuery", "userNameAttributes", "groupMembershipAttributes"}, + Required: []string{"name"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.LDAPQuery"}, } } -func schema_openshift_api_legacyconfig_v1_AdmissionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1alpha2_PersistentVolumeConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "AdmissionConfig holds the necessary configuration options for admission", + Description: "persistentVolumeConfig provides configuration options for PersistentVolume storage.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "pluginConfig": { + "claim": { SchemaProps: spec.SchemaProps{ - Description: "pluginConfig allows specifying a configuration file per admission control plugin", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Ref: ref("github.com/openshift/api/legacyconfig/v1.AdmissionPluginConfig"), - }, - }, - }, + Description: "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/insights/v1alpha2.PersistentVolumeClaimReference"), }, }, - "pluginOrderOverride": { + "mountPath": { SchemaProps: spec.SchemaProps{ - Description: "pluginOrderOverride is a list of admission control plugin names that will be installed on the master. Order is significant. If empty, a default list of plugins is used.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"pluginConfig"}, + Required: []string{"claim"}, }, }, Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.AdmissionPluginConfig"}, + "github.com/openshift/api/insights/v1alpha2.PersistentVolumeClaimReference"}, } } -func schema_openshift_api_legacyconfig_v1_AdmissionPluginConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_insights_v1alpha2_Storage(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "AdmissionPluginConfig holds the necessary configuration options for admission plugins", + Description: "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "location": { + "type": { SchemaProps: spec.SchemaProps{ - Description: "location is the path to a configuration file that contains the plugin's configuration", + Description: "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the PersistentVolume field.", Default: "", Type: []string{"string"}, Format: "", }, }, - "configuration": { + "persistentVolume": { SchemaProps: spec.SchemaProps{ - Description: "configuration is an embedded configuration object to be used as the plugin's configuration. If present, it will be used instead of the path to the configuration file.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Description: "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", + Ref: ref("github.com/openshift/api/insights/v1alpha2.PersistentVolumeConfig"), + }, + }, + }, + Required: []string{"type"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "type", + "fields-to-discriminateBy": map[string]interface{}{ + "persistentVolume": "PersistentVolume", + }, }, }, }, - Required: []string{"location", "configuration"}, }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + "github.com/openshift/api/insights/v1alpha2.PersistentVolumeConfig"}, } } -func schema_openshift_api_legacyconfig_v1_AggregatorConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_kubecontrolplane_v1_AggregatorConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -32917,7 +33411,7 @@ func schema_openshift_api_legacyconfig_v1_AggregatorConfig(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "proxyClientInfo specifies the client cert/key to use when proxying to aggregated API servers", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.CertInfo"), + Ref: ref("github.com/openshift/api/config/v1.CertInfo"), }, }, }, @@ -32925,15 +33419,15 @@ func schema_openshift_api_legacyconfig_v1_AggregatorConfig(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.CertInfo"}, + "github.com/openshift/api/config/v1.CertInfo"}, } } -func schema_openshift_api_legacyconfig_v1_AllowAllPasswordIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_kubecontrolplane_v1_KubeAPIServerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "AllowAllPasswordIdentityProvider provides identities for users authenticating using non-empty passwords\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -32950,123 +33444,124 @@ func schema_openshift_api_legacyconfig_v1_AllowAllPasswordIdentityProvider(ref c Format: "", }, }, - }, - }, - }, - } -} - -func schema_openshift_api_legacyconfig_v1_AuditConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "AuditConfig holds configuration for the audit capabilities", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "enabled": { + "servingInfo": { SchemaProps: spec.SchemaProps{ - Description: "If this flag is set, audit log will be printed in the logs. The logs contains, method, user and a requested URL.", - Default: false, - Type: []string{"boolean"}, - Format: "", + Description: "servingInfo describes how to start serving", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1.HTTPServingInfo"), }, }, - "auditFilePath": { + "corsAllowedOrigins": { SchemaProps: spec.SchemaProps{ - Description: "All requests coming to the apiserver will be logged to this file.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "corsAllowedOrigins", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "maximumFileRetentionDays": { + "auditConfig": { SchemaProps: spec.SchemaProps{ - Description: "Maximum number of days to retain old log files based on the timestamp encoded in their filename.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "auditConfig describes how to configure audit information", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1.AuditConfig"), }, }, - "maximumRetainedFiles": { + "storageConfig": { SchemaProps: spec.SchemaProps{ - Description: "Maximum number of old log files to retain.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "storageConfig contains information about how to use", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1.EtcdStorageConfig"), }, }, - "maximumFileSizeMegabytes": { + "admission": { SchemaProps: spec.SchemaProps{ - Description: "Maximum size in megabytes of the log file before it gets rotated. Defaults to 100MB.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "admissionConfig holds information about how to configure admission.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1.AdmissionConfig"), }, }, - "policyFile": { + "kubeClientConfig": { SchemaProps: spec.SchemaProps{ - Description: "policyFile is a path to the file that defines the audit policy configuration.", - Default: "", - Type: []string{"string"}, - Format: "", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1.KubeClientConfig"), }, }, - "policyConfiguration": { + "authConfig": { SchemaProps: spec.SchemaProps{ - Description: "policyConfiguration is an embedded policy configuration object to be used as the audit policy configuration. If present, it will be used instead of the path to the policy file.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Description: "authConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/kubecontrolplane/v1.MasterAuthConfig"), }, }, - "logFormat": { + "aggregatorConfig": { SchemaProps: spec.SchemaProps{ - Description: "Format of saved audits (legacy or json).", + Description: "aggregatorConfig has options for configuring the aggregator component of the API server.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/kubecontrolplane/v1.AggregatorConfig"), + }, + }, + "kubeletClientInfo": { + SchemaProps: spec.SchemaProps{ + Description: "kubeletClientInfo contains information about how to connect to kubelets", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/kubecontrolplane/v1.KubeletConnectionInfo"), + }, + }, + "servicesSubnet": { + SchemaProps: spec.SchemaProps{ + Description: "servicesSubnet is the subnet to use for assigning service IPs", Default: "", Type: []string{"string"}, Format: "", }, }, - "webHookKubeConfig": { + "servicesNodePortRange": { SchemaProps: spec.SchemaProps{ - Description: "Path to a .kubeconfig formatted file that defines the audit webhook configuration.", + Description: "servicesNodePortRange is the range to use for assigning service public ports on a host.", Default: "", Type: []string{"string"}, Format: "", }, }, - "webHookMode": { + "consolePublicURL": { SchemaProps: spec.SchemaProps{ - Description: "Strategy for sending audit events (block or batch).", + Description: "DEPRECATED: consolePublicURL has been deprecated and setting it has no effect.", Default: "", Type: []string{"string"}, Format: "", }, }, - }, - Required: []string{"enabled", "auditFilePath", "maximumFileRetentionDays", "maximumRetainedFiles", "maximumFileSizeMegabytes", "policyFile", "policyConfiguration", "logFormat", "webHookKubeConfig", "webHookMode"}, - }, - }, - Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, - } -} - -func schema_openshift_api_legacyconfig_v1_AugmentedActiveDirectoryConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "AugmentedActiveDirectoryConfig holds the necessary configuration options to define how an LDAP group sync interacts with an LDAP server using the augmented Active Directory schema", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "usersQuery": { + "userAgentMatchingConfig": { SchemaProps: spec.SchemaProps{ - Description: "AllUsersQuery holds the template for an LDAP query that returns user entries.", + Description: "userAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.LDAPQuery"), + Ref: ref("github.com/openshift/api/kubecontrolplane/v1.UserAgentMatchingConfig"), }, }, - "userNameAttributes": { + "imagePolicyConfig": { SchemaProps: spec.SchemaProps{ - Description: "userNameAttributes defines which attributes on an LDAP user entry will be interpreted as its OpenShift user name.", + Description: "imagePolicyConfig feeds the image policy admission plugin", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/kubecontrolplane/v1.KubeAPIServerImagePolicyConfig"), + }, + }, + "projectConfig": { + SchemaProps: spec.SchemaProps{ + Description: "projectConfig feeds an admission plugin", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/kubecontrolplane/v1.KubeAPIServerProjectConfig"), + }, + }, + "serviceAccountPublicKeyFiles": { + SchemaProps: spec.SchemaProps{ + Description: "serviceAccountPublicKeyFiles is a list of files, each containing a PEM-encoded public RSA key. (If any file contains a private key, the public portion of the key is used) The list of public keys is used to verify presented service account tokens. Each key is tried in order until the list is exhausted or verification succeeds. If no keys are specified, no service account authentication will be available.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -33079,39 +33574,68 @@ func schema_openshift_api_legacyconfig_v1_AugmentedActiveDirectoryConfig(ref com }, }, }, - "groupMembershipAttributes": { + "oauthConfig": { SchemaProps: spec.SchemaProps{ - Description: "groupMembershipAttributes defines which attributes on an LDAP user entry will be interpreted as the groups it is a member of", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ + Description: "oauthConfig, if present start the /oauth endpoint in this process", + Ref: ref("github.com/openshift/api/osin/v1.OAuthConfig"), + }, + }, + "apiServerArguments": { + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, }, }, }, - "groupsQuery": { + "minimumKubeletVersion": { SchemaProps: spec.SchemaProps{ - Description: "AllGroupsQuery holds the template for an LDAP query that returns group entries.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.LDAPQuery"), + Description: "minimumKubeletVersion is the lowest version of a kubelet that can join the cluster. Specifically, the apiserver will deny most authorization requests of kubelets that are older than the specified version, only allowing the kubelet to get and update its node object, and perform subjectaccessreviews. This means any kubelet that attempts to join the cluster will not be able to run any assigned workloads, and will eventually be marked as not ready. Its max length is 8, so maximum version allowed is either \"9.999.99\" or \"99.99.99\". Since the kubelet reports the version of the kubernetes release, not Openshift, this field references the underlying kubernetes version this version of Openshift is based off of. In other words: if an admin wishes to ensure no nodes run an older version than Openshift 4.17, then they should set the minimumKubeletVersion to 1.30.0. When comparing versions, the kubelet's version is stripped of any contents outside of major.minor.patch version. Thus, a kubelet with version \"1.0.0-ec.0\" will be compatible with minimumKubeletVersion \"1.0.0\" or earlier.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "groupUIDAttribute": { + }, + Required: []string{"servingInfo", "corsAllowedOrigins", "auditConfig", "storageConfig", "admission", "kubeClientConfig", "authConfig", "aggregatorConfig", "kubeletClientInfo", "servicesSubnet", "servicesNodePortRange", "consolePublicURL", "userAgentMatchingConfig", "imagePolicyConfig", "projectConfig", "serviceAccountPublicKeyFiles", "oauthConfig", "apiServerArguments"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1.AdmissionConfig", "github.com/openshift/api/config/v1.AuditConfig", "github.com/openshift/api/config/v1.EtcdStorageConfig", "github.com/openshift/api/config/v1.HTTPServingInfo", "github.com/openshift/api/config/v1.KubeClientConfig", "github.com/openshift/api/kubecontrolplane/v1.AggregatorConfig", "github.com/openshift/api/kubecontrolplane/v1.KubeAPIServerImagePolicyConfig", "github.com/openshift/api/kubecontrolplane/v1.KubeAPIServerProjectConfig", "github.com/openshift/api/kubecontrolplane/v1.KubeletConnectionInfo", "github.com/openshift/api/kubecontrolplane/v1.MasterAuthConfig", "github.com/openshift/api/kubecontrolplane/v1.UserAgentMatchingConfig", "github.com/openshift/api/osin/v1.OAuthConfig"}, + } +} + +func schema_openshift_api_kubecontrolplane_v1_KubeAPIServerImagePolicyConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "internalRegistryHostname": { SchemaProps: spec.SchemaProps{ - Description: "GroupUIDAttributes defines which attribute on an LDAP group entry will be interpreted as its unique identifier. (ldapGroupUID)", + Description: "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format.", Default: "", Type: []string{"string"}, Format: "", }, }, - "groupNameAttributes": { + "externalRegistryHostnames": { SchemaProps: spec.SchemaProps{ - Description: "groupNameAttributes defines which attributes on an LDAP group entry will be interpreted as its name to use for an OpenShift group", + Description: "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -33125,19 +33649,38 @@ func schema_openshift_api_legacyconfig_v1_AugmentedActiveDirectoryConfig(ref com }, }, }, - Required: []string{"usersQuery", "userNameAttributes", "groupMembershipAttributes", "groupsQuery", "groupUIDAttribute", "groupNameAttributes"}, + Required: []string{"internalRegistryHostname", "externalRegistryHostnames"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.LDAPQuery"}, } } -func schema_openshift_api_legacyconfig_v1_BasicAuthPasswordIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_kubecontrolplane_v1_KubeAPIServerProjectConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "defaultNodeSelector": { + SchemaProps: spec.SchemaProps{ + Description: "defaultNodeSelector holds default project node label selector", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"defaultNodeSelector"}, + }, + }, + } +} + +func schema_openshift_api_kubecontrolplane_v1_KubeControllerManagerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -33154,217 +33697,198 @@ func schema_openshift_api_legacyconfig_v1_BasicAuthPasswordIdentityProvider(ref Format: "", }, }, - "url": { + "serviceServingCert": { SchemaProps: spec.SchemaProps{ - Description: "url is the remote URL to connect to", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "serviceServingCert provides support for the old alpha service serving cert signer CA bundle", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/kubecontrolplane/v1.ServiceServingCert"), }, }, - "ca": { + "projectConfig": { SchemaProps: spec.SchemaProps{ - Description: "ca is the CA for verifying TLS connections", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "projectConfig is an optimization for the daemonset controller", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/kubecontrolplane/v1.KubeControllerManagerProjectConfig"), }, }, - "certFile": { + "extendedArguments": { SchemaProps: spec.SchemaProps{ - Description: "certFile is a file containing a PEM-encoded certificate", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "extendedArguments is used to configure the kube-controller-manager", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, }, }, - "keyFile": { + }, + Required: []string{"serviceServingCert", "projectConfig", "extendedArguments"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/kubecontrolplane/v1.KubeControllerManagerProjectConfig", "github.com/openshift/api/kubecontrolplane/v1.ServiceServingCert"}, + } +} + +func schema_openshift_api_kubecontrolplane_v1_KubeControllerManagerProjectConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "defaultNodeSelector": { SchemaProps: spec.SchemaProps{ - Description: "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + Description: "defaultNodeSelector holds default project node label selector", Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"url", "ca", "certFile", "keyFile"}, + Required: []string{"defaultNodeSelector"}, }, }, } } -func schema_openshift_api_legacyconfig_v1_BuildDefaultsConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_kubecontrolplane_v1_KubeletConnectionInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "BuildDefaultsConfig controls the default information for Builds\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "KubeletConnectionInfo holds information necessary for connecting to a kubelet", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { + "port": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", + Description: "port is the port to connect to kubelets on", + Default: 0, + Type: []string{"integer"}, + Format: "int64", }, }, - "gitHTTPProxy": { + "ca": { SchemaProps: spec.SchemaProps{ - Description: "gitHTTPProxy is the location of the HTTPProxy for Git source", + Description: "ca is the CA for verifying TLS connections to kubelets", + Default: "", Type: []string{"string"}, Format: "", }, }, - "gitHTTPSProxy": { + "certFile": { SchemaProps: spec.SchemaProps{ - Description: "gitHTTPSProxy is the location of the HTTPSProxy for Git source", + Description: "certFile is a file containing a PEM-encoded certificate", + Default: "", Type: []string{"string"}, Format: "", }, }, - "gitNoProxy": { + "keyFile": { SchemaProps: spec.SchemaProps{ - Description: "gitNoProxy is the list of domains for which the proxy should not be used", + Description: "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + Default: "", Type: []string{"string"}, Format: "", }, }, - "env": { - SchemaProps: spec.SchemaProps{ - Description: "env is a set of default environment variables that will be applied to the build if the specified variables do not exist on the build", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.EnvVar"), - }, - }, - }, - }, - }, - "sourceStrategyDefaults": { + }, + Required: []string{"port", "ca", "certFile", "keyFile"}, + }, + }, + } +} + +func schema_openshift_api_kubecontrolplane_v1_MasterAuthConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "MasterAuthConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "requestHeader": { SchemaProps: spec.SchemaProps{ - Description: "sourceStrategyDefaults are default values that apply to builds using the source strategy.", - Ref: ref("github.com/openshift/api/legacyconfig/v1.SourceStrategyDefaultsConfig"), + Description: "requestHeader holds options for setting up a front proxy against the API. It is optional.", + Ref: ref("github.com/openshift/api/kubecontrolplane/v1.RequestHeaderAuthenticationOptions"), }, }, - "imageLabels": { + "webhookTokenAuthenticators": { SchemaProps: spec.SchemaProps{ - Description: "imageLabels is a list of labels that are applied to the resulting image. User can override a default label by providing a label with the same name in their Build/BuildConfig.", + Description: "webhookTokenAuthenticators, if present configures remote token reviewers", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/build/v1.ImageLabel"), - }, - }, - }, - }, - }, - "nodeSelector": { - SchemaProps: spec.SchemaProps{ - Description: "nodeSelector is a selector which must be true for the build pod to fit on a node", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "annotations": { - SchemaProps: spec.SchemaProps{ - Description: "annotations are annotations that will be added to the build pod", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Ref: ref("github.com/openshift/api/kubecontrolplane/v1.WebhookTokenAuthenticator"), }, }, }, }, }, - "resources": { + "oauthMetadataFile": { SchemaProps: spec.SchemaProps{ - Description: "resources defines resource requirements to execute the build.", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), + Description: "oauthMetadataFile is a path to a file containing the discovery endpoint for OAuth 2.0 Authorization Server Metadata for an external OAuth server. See IETF Draft: // https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This option is mutually exclusive with OAuthConfig", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, + Required: []string{"requestHeader", "webhookTokenAuthenticators", "oauthMetadataFile"}, }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.ImageLabel", "github.com/openshift/api/legacyconfig/v1.SourceStrategyDefaultsConfig", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.ResourceRequirements"}, + "github.com/openshift/api/kubecontrolplane/v1.RequestHeaderAuthenticationOptions", "github.com/openshift/api/kubecontrolplane/v1.WebhookTokenAuthenticator"}, } } -func schema_openshift_api_legacyconfig_v1_BuildOverridesConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_kubecontrolplane_v1_RequestHeaderAuthenticationOptions(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "BuildOverridesConfig controls override settings for builds\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "RequestHeaderAuthenticationOptions provides options for setting up a front proxy against the entire API instead of against the /oauth endpoint.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { + "clientCA": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "clientCA is a file with the trusted signer certs. It is required.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "forcePull": { - SchemaProps: spec.SchemaProps{ - Description: "forcePull indicates whether the build strategy should always be set to ForcePull=true", - Default: false, - Type: []string{"boolean"}, - Format: "", - }, - }, - "imageLabels": { + "clientCommonNames": { SchemaProps: spec.SchemaProps{ - Description: "imageLabels is a list of labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten.", + Description: "clientCommonNames is a required list of common names to require a match from.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/build/v1.ImageLabel"), + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, }, }, - "nodeSelector": { + "usernameHeaders": { SchemaProps: spec.SchemaProps{ - Description: "nodeSelector is a selector which must be true for the build pod to fit on a node", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, + Description: "usernameHeaders is the list of headers to check for user information. First hit wins.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: "", @@ -33375,12 +33899,11 @@ func schema_openshift_api_legacyconfig_v1_BuildOverridesConfig(ref common.Refere }, }, }, - "annotations": { + "groupHeaders": { SchemaProps: spec.SchemaProps{ - Description: "annotations are annotations that will be added to the build pod", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, + Description: "groupHeaders is the set of headers to check for group information. All are unioned.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: "", @@ -33391,34 +33914,33 @@ func schema_openshift_api_legacyconfig_v1_BuildOverridesConfig(ref common.Refere }, }, }, - "tolerations": { + "extraHeaderPrefixes": { SchemaProps: spec.SchemaProps{ - Description: "tolerations is a list of Tolerations that will override any existing tolerations set on a build pod.", + Description: "extraHeaderPrefixes is the set of request header prefixes to inspect for user extra. X-Remote-Extra- is suggested.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.Toleration"), + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, }, }, }, - Required: []string{"forcePull"}, + Required: []string{"clientCA", "clientCommonNames", "usernameHeaders", "groupHeaders", "extraHeaderPrefixes"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/build/v1.ImageLabel", "k8s.io/api/core/v1.Toleration"}, } } -func schema_openshift_api_legacyconfig_v1_CertInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_kubecontrolplane_v1_ServiceServingCert(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "CertInfo relates a certificate with a private key", + Description: "ServiceServingCert holds configuration for service serving cert signer which creates cert/key pairs for pods fulfilling a service to serve with.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "certFile": { @@ -33429,510 +33951,466 @@ func schema_openshift_api_legacyconfig_v1_CertInfo(ref common.ReferenceCallback) Format: "", }, }, - "keyFile": { - SchemaProps: spec.SchemaProps{ - Description: "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, }, - Required: []string{"certFile", "keyFile"}, + Required: []string{"certFile"}, }, }, } } -func schema_openshift_api_legacyconfig_v1_ClientConnectionOverrides(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_kubecontrolplane_v1_UserAgentDenyRule(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ClientConnectionOverrides are a set of overrides to the default client connection settings.", + Description: "UserAgentDenyRule adds a rejection message that can be used to help a user figure out how to get an approved client", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "acceptContentTypes": { - SchemaProps: spec.SchemaProps{ - Description: "acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the default value of 'application/json'. This field will control all connections to the server used by a particular client.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "contentType": { + "regex": { SchemaProps: spec.SchemaProps{ - Description: "contentType is the content type used when sending data to the server from this client.", + Description: "regex is a regex that is checked against the User-Agent. Known variants of oc clients 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f", Default: "", Type: []string{"string"}, Format: "", }, }, - "qps": { + "httpVerbs": { SchemaProps: spec.SchemaProps{ - Description: "qps controls the number of queries per second allowed for this connection.", - Default: 0, - Type: []string{"number"}, - Format: "float", + Description: "httpVerbs specifies which HTTP verbs should be matched. An empty list means \"match all verbs\".", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "burst": { + "rejectionMessage": { SchemaProps: spec.SchemaProps{ - Description: "burst allows extra queries to accumulate when a client is exceeding its rate.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "rejectionMessage is the message shown when rejecting a client. If it is not a set, the default message is used.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"acceptContentTypes", "contentType", "qps", "burst"}, + Required: []string{"regex", "httpVerbs", "rejectionMessage"}, }, }, } } -func schema_openshift_api_legacyconfig_v1_ClusterNetworkEntry(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_kubecontrolplane_v1_UserAgentMatchRule(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ClusterNetworkEntry defines an individual cluster network. The CIDRs cannot overlap with other cluster network CIDRs, CIDRs reserved for external ips, CIDRs reserved for service networks, and CIDRs reserved for ingress ips.", + Description: "UserAgentMatchRule describes how to match a given request based on User-Agent and HTTPVerb", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "cidr": { + "regex": { SchemaProps: spec.SchemaProps{ - Description: "cidr defines the total range of a cluster networks address space.", + Description: "regex is a regex that is checked against the User-Agent. Known variants of oc clients 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f", Default: "", Type: []string{"string"}, Format: "", }, }, - "hostSubnetLength": { + "httpVerbs": { SchemaProps: spec.SchemaProps{ - Description: "hostSubnetLength is the number of bits of the accompanying CIDR address to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pod.", - Default: 0, - Type: []string{"integer"}, - Format: "int64", + Description: "httpVerbs specifies which HTTP verbs should be matched. An empty list means \"match all verbs\".", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, }, - Required: []string{"cidr", "hostSubnetLength"}, + Required: []string{"regex", "httpVerbs"}, }, }, } } -func schema_openshift_api_legacyconfig_v1_ControllerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_kubecontrolplane_v1_UserAgentMatchingConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ControllerConfig holds configuration values for controllers", + Description: "UserAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "controllers": { + "requiredClients": { SchemaProps: spec.SchemaProps{ - Description: "controllers is a list of controllers to enable. '*' enables all on-by-default controllers, 'foo' enables the controller \"+ named 'foo', '-foo' disables the controller named 'foo'. Defaults to \"*\".", + Description: "requiredClients if this list is non-empty, then a User-Agent must match one of the UserAgentRegexes to be allowed", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/kubecontrolplane/v1.UserAgentMatchRule"), }, }, }, }, }, - "election": { + "deniedClients": { SchemaProps: spec.SchemaProps{ - Description: "election defines the configuration for electing a controller instance to make changes to the cluster. If unspecified, the ControllerTTL value is checked to determine whether the legacy direct etcd election code will be used.", - Ref: ref("github.com/openshift/api/legacyconfig/v1.ControllerElectionConfig"), + Description: "deniedClients if this list is non-empty, then a User-Agent must not match any of the UserAgentRegexes", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/kubecontrolplane/v1.UserAgentDenyRule"), + }, + }, + }, }, }, - "serviceServingCert": { + "defaultRejectionMessage": { SchemaProps: spec.SchemaProps{ - Description: "serviceServingCert holds configuration for service serving cert signer which creates cert/key pairs for pods fulfilling a service to serve with.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.ServiceServingCert"), + Description: "defaultRejectionMessage is the message shown when rejecting a client. If it is not a set, a generic message is given.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"controllers", "election", "serviceServingCert"}, + Required: []string{"requiredClients", "deniedClients", "defaultRejectionMessage"}, }, }, Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.ControllerElectionConfig", "github.com/openshift/api/legacyconfig/v1.ServiceServingCert"}, + "github.com/openshift/api/kubecontrolplane/v1.UserAgentDenyRule", "github.com/openshift/api/kubecontrolplane/v1.UserAgentMatchRule"}, } } -func schema_openshift_api_legacyconfig_v1_ControllerElectionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_kubecontrolplane_v1_WebhookTokenAuthenticator(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ControllerElectionConfig contains configuration values for deciding how a controller will be elected to act as leader.", + Description: "WebhookTokenAuthenticators holds the necessary configuation options for external token authenticators", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "lockName": { + "configFile": { SchemaProps: spec.SchemaProps{ - Description: "lockName is the resource name used to act as the lock for determining which controller instance should lead.", + Description: "configFile is a path to a Kubeconfig file with the webhook configuration", Default: "", Type: []string{"string"}, Format: "", }, }, - "lockNamespace": { + "cacheTTL": { SchemaProps: spec.SchemaProps{ - Description: "lockNamespace is the resource namespace used to act as the lock for determining which controller instance should lead. It defaults to \"kube-system\"", + Description: "cacheTTL indicates how long an authentication result should be cached. It takes a valid time duration string (e.g. \"5m\"). If empty, you get a default timeout of 2 minutes. If zero (e.g. \"0m\"), caching is disabled", Default: "", Type: []string{"string"}, Format: "", }, }, - "lockResource": { - SchemaProps: spec.SchemaProps{ - Description: "lockResource is the group and resource name to use to coordinate for the controller lock. If unset, defaults to \"configmaps\".", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.GroupResource"), - }, - }, }, - Required: []string{"lockName", "lockNamespace", "lockResource"}, + Required: []string{"configFile", "cacheTTL"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.GroupResource"}, } } -func schema_openshift_api_legacyconfig_v1_DNSConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_ActiveDirectoryConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "DNSConfig holds the necessary configuration options for DNS", + Description: "ActiveDirectoryConfig holds the necessary configuration options to define how an LDAP group sync interacts with an LDAP server using the Active Directory schema", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "bindAddress": { + "usersQuery": { SchemaProps: spec.SchemaProps{ - Description: "bindAddress is the ip:port to serve DNS on", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "AllUsersQuery holds the template for an LDAP query that returns user entries.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.LDAPQuery"), }, }, - "bindNetwork": { + "userNameAttributes": { SchemaProps: spec.SchemaProps{ - Description: "bindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "userNameAttributes defines which attributes on an LDAP user entry will be interpreted as its OpenShift user name.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "allowRecursiveQueries": { + "groupMembershipAttributes": { SchemaProps: spec.SchemaProps{ - Description: "allowRecursiveQueries allows the DNS server on the master to answer queries recursively. Note that open resolvers can be used for DNS amplification attacks and the master DNS should not be made accessible to public networks.", - Default: false, - Type: []string{"boolean"}, - Format: "", + Description: "groupMembershipAttributes defines which attributes on an LDAP user entry will be interpreted as the groups it is a member of", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, }, - Required: []string{"bindAddress", "bindNetwork", "allowRecursiveQueries"}, + Required: []string{"usersQuery", "userNameAttributes", "groupMembershipAttributes"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/legacyconfig/v1.LDAPQuery"}, } } -func schema_openshift_api_legacyconfig_v1_DefaultAdmissionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_AdmissionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "DefaultAdmissionConfig can be used to enable or disable various admission plugins. When this type is present as the `configuration` object under `pluginConfig` and *if* the admission plugin supports it, this will cause an \"off by default\" admission plugin to be enabled\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "AdmissionConfig holds the necessary configuration options for admission", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { + "pluginConfig": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", + Description: "pluginConfig allows specifying a configuration file per admission control plugin", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/openshift/api/legacyconfig/v1.AdmissionPluginConfig"), + }, + }, + }, }, }, - "disable": { + "pluginOrderOverride": { SchemaProps: spec.SchemaProps{ - Description: "disable turns off an admission plugin that is enabled by default.", - Default: false, - Type: []string{"boolean"}, - Format: "", + Description: "pluginOrderOverride is a list of admission control plugin names that will be installed on the master. Order is significant. If empty, a default list of plugins is used.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, }, - Required: []string{"disable"}, + Required: []string{"pluginConfig"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/legacyconfig/v1.AdmissionPluginConfig"}, } } -func schema_openshift_api_legacyconfig_v1_DenyAllPasswordIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_AdmissionPluginConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "DenyAllPasswordIdentityProvider provides no identities for users\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "AdmissionPluginConfig holds the necessary configuration options for admission plugins", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "location": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "location is the path to a configuration file that contains the plugin's configuration", + Default: "", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "configuration": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", + Description: "configuration is an embedded configuration object to be used as the plugin's configuration. If present, it will be used instead of the path to the configuration file.", + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, + Required: []string{"location", "configuration"}, }, }, + Dependencies: []string{ + runtime.RawExtension{}.OpenAPIModelName()}, } } -func schema_openshift_api_legacyconfig_v1_DockerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_AggregatorConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "DockerConfig holds Docker related configuration options.", + Description: "AggregatorConfig holds information required to make the aggregator function.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "execHandlerName": { - SchemaProps: spec.SchemaProps{ - Description: "execHandlerName is the name of the handler to use for executing commands in containers.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "dockerShimSocket": { - SchemaProps: spec.SchemaProps{ - Description: "dockerShimSocket is the location of the dockershim socket the kubelet uses. Currently unix socket is supported on Linux, and tcp is supported on windows. Examples:'unix:///var/run/dockershim.sock', 'tcp://localhost:3735'", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "dockerShimRootDirectory": { + "proxyClientInfo": { SchemaProps: spec.SchemaProps{ - Description: "dockerShimRootDirectory is the dockershim root directory.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "proxyClientInfo specifies the client cert/key to use when proxying to aggregated API servers", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.CertInfo"), }, }, }, - Required: []string{"execHandlerName", "dockerShimSocket", "dockerShimRootDirectory"}, + Required: []string{"proxyClientInfo"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/legacyconfig/v1.CertInfo"}, } } -func schema_openshift_api_legacyconfig_v1_EtcdConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_AllowAllPasswordIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "EtcdConfig holds the necessary configuration options for connecting with an etcd database", + Description: "AllowAllPasswordIdentityProvider provides identities for users authenticating using non-empty passwords\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "servingInfo": { - SchemaProps: spec.SchemaProps{ - Description: "servingInfo describes how to start serving the etcd master", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.ServingInfo"), - }, - }, - "address": { - SchemaProps: spec.SchemaProps{ - Description: "address is the advertised host:port for client connections to etcd", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "peerServingInfo": { - SchemaProps: spec.SchemaProps{ - Description: "peerServingInfo describes how to start serving the etcd peer", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.ServingInfo"), - }, - }, - "peerAddress": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "peerAddress is the advertised host:port for peer connections to etcd", - Default: "", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "storageDirectory": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "StorageDir is the path to the etcd storage directory", - Default: "", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"servingInfo", "address", "peerServingInfo", "peerAddress", "storageDirectory"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.ServingInfo"}, } } -func schema_openshift_api_legacyconfig_v1_EtcdConnectionInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_AuditConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "EtcdConnectionInfo holds information necessary for connecting to an etcd server", + Description: "AuditConfig holds configuration for the audit capabilities", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "urls": { + "enabled": { SchemaProps: spec.SchemaProps{ - Description: "urls are the URLs for etcd", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "If this flag is set, audit log will be printed in the logs. The logs contains, method, user and a requested URL.", + Default: false, + Type: []string{"boolean"}, + Format: "", }, }, - "ca": { + "auditFilePath": { SchemaProps: spec.SchemaProps{ - Description: "ca is a file containing trusted roots for the etcd server certificates", + Description: "All requests coming to the apiserver will be logged to this file.", Default: "", Type: []string{"string"}, Format: "", }, }, - "certFile": { + "maximumFileRetentionDays": { SchemaProps: spec.SchemaProps{ - Description: "certFile is a file containing a PEM-encoded certificate", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "Maximum number of days to retain old log files based on the timestamp encoded in their filename.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, - "keyFile": { + "maximumRetainedFiles": { SchemaProps: spec.SchemaProps{ - Description: "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "Maximum number of old log files to retain.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, - }, - Required: []string{"urls", "ca", "certFile", "keyFile"}, - }, - }, - } -} - -func schema_openshift_api_legacyconfig_v1_EtcdStorageConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "EtcdStorageConfig holds the necessary configuration options for the etcd storage underlying OpenShift and Kubernetes", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kubernetesStorageVersion": { + "maximumFileSizeMegabytes": { + SchemaProps: spec.SchemaProps{ + Description: "Maximum size in megabytes of the log file before it gets rotated. Defaults to 100MB.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", + }, + }, + "policyFile": { SchemaProps: spec.SchemaProps{ - Description: "kubernetesStorageVersion is the API version that Kube resources in etcd should be serialized to. This value should *not* be advanced until all clients in the cluster that read from etcd have code that allows them to read the new version.", + Description: "policyFile is a path to the file that defines the audit policy configuration.", Default: "", Type: []string{"string"}, Format: "", }, }, - "kubernetesStoragePrefix": { + "policyConfiguration": { SchemaProps: spec.SchemaProps{ - Description: "kubernetesStoragePrefix is the path within etcd that the Kubernetes resources will be rooted under. This value, if changed, will mean existing objects in etcd will no longer be located. The default value is 'kubernetes.io'.", + Description: "policyConfiguration is an embedded policy configuration object to be used as the audit policy configuration. If present, it will be used instead of the path to the policy file.", + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), + }, + }, + "logFormat": { + SchemaProps: spec.SchemaProps{ + Description: "Format of saved audits (legacy or json).", Default: "", Type: []string{"string"}, Format: "", }, }, - "openShiftStorageVersion": { + "webHookKubeConfig": { SchemaProps: spec.SchemaProps{ - Description: "openShiftStorageVersion is the API version that OS resources in etcd should be serialized to. This value should *not* be advanced until all clients in the cluster that read from etcd have code that allows them to read the new version.", + Description: "Path to a .kubeconfig formatted file that defines the audit webhook configuration.", Default: "", Type: []string{"string"}, Format: "", }, }, - "openShiftStoragePrefix": { + "webHookMode": { SchemaProps: spec.SchemaProps{ - Description: "openShiftStoragePrefix is the path within etcd that the OpenShift resources will be rooted under. This value, if changed, will mean existing objects in etcd will no longer be located. The default value is 'openshift.io'.", + Description: "Strategy for sending audit events (block or batch).", Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"kubernetesStorageVersion", "kubernetesStoragePrefix", "openShiftStorageVersion", "openShiftStoragePrefix"}, + Required: []string{"enabled", "auditFilePath", "maximumFileRetentionDays", "maximumRetainedFiles", "maximumFileSizeMegabytes", "policyFile", "policyConfiguration", "logFormat", "webHookKubeConfig", "webHookMode"}, }, }, + Dependencies: []string{ + runtime.RawExtension{}.OpenAPIModelName()}, } } -func schema_openshift_api_legacyconfig_v1_GitHubIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_AugmentedActiveDirectoryConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "GitHubIdentityProvider provides identities for users authenticating using GitHub credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "AugmentedActiveDirectoryConfig holds the necessary configuration options to define how an LDAP group sync interacts with an LDAP server using the augmented Active Directory schema", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "clientID": { - SchemaProps: spec.SchemaProps{ - Description: "clientID is the oauth client ID", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "clientSecret": { + "usersQuery": { SchemaProps: spec.SchemaProps{ - Description: "clientSecret is the oauth client secret", - Ref: ref("github.com/openshift/api/legacyconfig/v1.StringSource"), + Description: "AllUsersQuery holds the template for an LDAP query that returns user entries.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.LDAPQuery"), }, }, - "organizations": { + "userNameAttributes": { SchemaProps: spec.SchemaProps{ - Description: "organizations optionally restricts which organizations are allowed to log in", + Description: "userNameAttributes defines which attributes on an LDAP user entry will be interpreted as its OpenShift user name.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -33945,9 +34423,9 @@ func schema_openshift_api_legacyconfig_v1_GitHubIdentityProvider(ref common.Refe }, }, }, - "teams": { + "groupMembershipAttributes": { SchemaProps: spec.SchemaProps{ - Description: "teams optionally restricts which teams are allowed to log in. Format is /.", + Description: "groupMembershipAttributes defines which attributes on an LDAP user entry will be interpreted as the groups it is a member of", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -33960,36 +34438,50 @@ func schema_openshift_api_legacyconfig_v1_GitHubIdentityProvider(ref common.Refe }, }, }, - "hostname": { + "groupsQuery": { SchemaProps: spec.SchemaProps{ - Description: "hostname is the optional domain (e.g. \"mycompany.com\") for use with a hosted instance of GitHub Enterprise. It must match the GitHub Enterprise settings value that is configured at /setup/settings#hostname.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "AllGroupsQuery holds the template for an LDAP query that returns group entries.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.LDAPQuery"), }, }, - "ca": { + "groupUIDAttribute": { SchemaProps: spec.SchemaProps{ - Description: "ca is the optional trusted certificate authority bundle to use when making requests to the server. If empty, the default system roots are used. This can only be configured when hostname is set to a non-empty value.", + Description: "GroupUIDAttributes defines which attribute on an LDAP group entry will be interpreted as its unique identifier. (ldapGroupUID)", Default: "", Type: []string{"string"}, Format: "", }, }, + "groupNameAttributes": { + SchemaProps: spec.SchemaProps{ + Description: "groupNameAttributes defines which attributes on an LDAP group entry will be interpreted as its name to use for an OpenShift group", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, }, - Required: []string{"clientID", "clientSecret", "organizations", "teams", "hostname", "ca"}, + Required: []string{"usersQuery", "userNameAttributes", "groupMembershipAttributes", "groupsQuery", "groupUIDAttribute", "groupNameAttributes"}, }, }, Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.StringSource"}, + "github.com/openshift/api/legacyconfig/v1.LDAPQuery"}, } } -func schema_openshift_api_legacyconfig_v1_GitLabIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_BasicAuthPasswordIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "GitLabIdentityProvider provides identities for users authenticating using GitLab credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -34006,57 +34498,50 @@ func schema_openshift_api_legacyconfig_v1_GitLabIdentityProvider(ref common.Refe Format: "", }, }, - "ca": { + "url": { SchemaProps: spec.SchemaProps{ - Description: "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", + Description: "url is the remote URL to connect to", Default: "", Type: []string{"string"}, Format: "", }, }, - "url": { + "ca": { SchemaProps: spec.SchemaProps{ - Description: "url is the oauth server base URL", + Description: "ca is the CA for verifying TLS connections", Default: "", Type: []string{"string"}, Format: "", }, }, - "clientID": { + "certFile": { SchemaProps: spec.SchemaProps{ - Description: "clientID is the oauth client ID", + Description: "certFile is a file containing a PEM-encoded certificate", Default: "", Type: []string{"string"}, Format: "", }, }, - "clientSecret": { - SchemaProps: spec.SchemaProps{ - Description: "clientSecret is the oauth client secret", - Ref: ref("github.com/openshift/api/legacyconfig/v1.StringSource"), - }, - }, - "legacy": { + "keyFile": { SchemaProps: spec.SchemaProps{ - Description: "legacy determines if OAuth2 or OIDC should be used If true, OAuth2 is used If false, OIDC is used If nil and the URL's host is gitlab.com, OIDC is used Otherwise, OAuth2 is used In a future release, nil will default to using OIDC Eventually this flag will be removed and only OIDC will be used", - Type: []string{"boolean"}, + Description: "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + Default: "", + Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"ca", "url", "clientID", "clientSecret"}, + Required: []string{"url", "ca", "certFile", "keyFile"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.StringSource"}, } } -func schema_openshift_api_legacyconfig_v1_GoogleIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_BuildDefaultsConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "GoogleIdentityProvider provides identities for users authenticating using Google credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "BuildDefaultsConfig controls the default information for Builds\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -34073,206 +34558,157 @@ func schema_openshift_api_legacyconfig_v1_GoogleIdentityProvider(ref common.Refe Format: "", }, }, - "clientID": { + "gitHTTPProxy": { SchemaProps: spec.SchemaProps{ - Description: "clientID is the oauth client ID", - Default: "", + Description: "gitHTTPProxy is the location of the HTTPProxy for Git source", Type: []string{"string"}, Format: "", }, }, - "clientSecret": { - SchemaProps: spec.SchemaProps{ - Description: "clientSecret is the oauth client secret", - Ref: ref("github.com/openshift/api/legacyconfig/v1.StringSource"), - }, - }, - "hostedDomain": { + "gitHTTPSProxy": { SchemaProps: spec.SchemaProps{ - Description: "hostedDomain is the optional Google App domain (e.g. \"mycompany.com\") to restrict logins to", - Default: "", + Description: "gitHTTPSProxy is the location of the HTTPSProxy for Git source", Type: []string{"string"}, Format: "", }, }, - }, - Required: []string{"clientID", "clientSecret", "hostedDomain"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.StringSource"}, - } -} - -func schema_openshift_api_legacyconfig_v1_GrantConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "GrantConfig holds the necessary configuration options for grant handlers", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "method": { + "gitNoProxy": { SchemaProps: spec.SchemaProps{ - Description: "method determines the default strategy to use when an OAuth client requests a grant. This method will be used only if the specific OAuth client doesn't provide a strategy of their own. Valid grant handling methods are:\n - auto: always approves grant requests, useful for trusted clients\n - prompt: prompts the end user for approval of grant requests, useful for third-party clients\n - deny: always denies grant requests, useful for black-listed clients", - Default: "", + Description: "gitNoProxy is the list of domains for which the proxy should not be used", Type: []string{"string"}, Format: "", }, }, - "serviceAccountMethod": { + "env": { SchemaProps: spec.SchemaProps{ - Description: "serviceAccountMethod is used for determining client authorization for service account oauth client. It must be either: deny, prompt", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "env is a set of default environment variables that will be applied to the build if the specified variables do not exist on the build", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), + }, + }, + }, }, }, - }, - Required: []string{"method", "serviceAccountMethod"}, - }, - }, - } -} - -func schema_openshift_api_legacyconfig_v1_GroupResource(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "GroupResource points to a resource by its name and API group.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "group": { + "sourceStrategyDefaults": { SchemaProps: spec.SchemaProps{ - Description: "group is the name of an API group", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "sourceStrategyDefaults are default values that apply to builds using the source strategy.", + Ref: ref("github.com/openshift/api/legacyconfig/v1.SourceStrategyDefaultsConfig"), }, }, - "resource": { + "imageLabels": { SchemaProps: spec.SchemaProps{ - Description: "resource is the name of a resource.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "imageLabels is a list of labels that are applied to the resulting image. User can override a default label by providing a label with the same name in their Build/BuildConfig.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/build/v1.ImageLabel"), + }, + }, + }, }, }, - }, - Required: []string{"group", "resource"}, - }, - }, - } -} - -func schema_openshift_api_legacyconfig_v1_HTPasswdPasswordIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { + "nodeSelector": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", + Description: "nodeSelector is a selector which must be true for the build pod to fit on a node", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "apiVersion": { + "annotations": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", + Description: "annotations are annotations that will be added to the build pod", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "file": { + "resources": { SchemaProps: spec.SchemaProps{ - Description: "file is a reference to your htpasswd file", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "resources defines resource requirements to execute the build.", + Default: map[string]interface{}{}, + Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), }, }, }, - Required: []string{"file"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/build/v1.ImageLabel", "github.com/openshift/api/legacyconfig/v1.SourceStrategyDefaultsConfig", corev1.EnvVar{}.OpenAPIModelName(), corev1.ResourceRequirements{}.OpenAPIModelName()}, } } -func schema_openshift_api_legacyconfig_v1_HTTPServingInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_BuildOverridesConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "HTTPServingInfo holds configuration for serving HTTP", + Description: "BuildOverridesConfig controls override settings for builds\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "bindAddress": { - SchemaProps: spec.SchemaProps{ - Description: "bindAddress is the ip:port to serve on", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "bindNetwork": { - SchemaProps: spec.SchemaProps{ - Description: "bindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "certFile": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "certFile is a file containing a PEM-encoded certificate", - Default: "", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "keyFile": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - Default: "", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - "clientCA": { + "forcePull": { SchemaProps: spec.SchemaProps{ - Description: "clientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates", - Default: "", - Type: []string{"string"}, + Description: "forcePull indicates whether the build strategy should always be set to ForcePull=true", + Default: false, + Type: []string{"boolean"}, Format: "", }, }, - "namedCertificates": { + "imageLabels": { SchemaProps: spec.SchemaProps{ - Description: "namedCertificates is a list of certificates to use to secure requests to specific hostnames", + Description: "imageLabels is a list of labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.NamedCertificate"), + Ref: ref("github.com/openshift/api/build/v1.ImageLabel"), }, }, }, }, }, - "minTLSVersion": { - SchemaProps: spec.SchemaProps{ - Description: "minTLSVersion is the minimum TLS version supported. Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants", - Type: []string{"string"}, - Format: "", - }, - }, - "cipherSuites": { + "nodeSelector": { SchemaProps: spec.SchemaProps{ - Description: "cipherSuites contains an overridden list of ciphers for the server to support. Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ + Description: "nodeSelector is a selector which must be true for the build pod to fit on a node", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: "", @@ -34283,264 +34719,277 @@ func schema_openshift_api_legacyconfig_v1_HTTPServingInfo(ref common.ReferenceCa }, }, }, - "maxRequestsInFlight": { + "annotations": { SchemaProps: spec.SchemaProps{ - Description: "maxRequestsInFlight is the number of concurrent requests allowed to the server. If zero, no limit.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "annotations are annotations that will be added to the build pod", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "requestTimeoutSeconds": { + "tolerations": { SchemaProps: spec.SchemaProps{ - Description: "requestTimeoutSeconds is the number of seconds before requests are timed out. The default is 60 minutes, if -1 there is no limit on requests.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "tolerations is a list of Tolerations that will override any existing tolerations set on a build pod.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(corev1.Toleration{}.OpenAPIModelName()), + }, + }, + }, }, }, }, - Required: []string{"bindAddress", "bindNetwork", "certFile", "keyFile", "clientCA", "namedCertificates", "maxRequestsInFlight", "requestTimeoutSeconds"}, + Required: []string{"forcePull"}, }, }, Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.NamedCertificate"}, + "github.com/openshift/api/build/v1.ImageLabel", corev1.Toleration{}.OpenAPIModelName()}, } } -func schema_openshift_api_legacyconfig_v1_IdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_CertInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "IdentityProvider provides identities for users authenticating using credentials", + Description: "CertInfo relates a certificate with a private key", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "certFile": { SchemaProps: spec.SchemaProps{ - Description: "name is used to qualify the identities returned by this provider", + Description: "certFile is a file containing a PEM-encoded certificate", Default: "", Type: []string{"string"}, Format: "", }, }, - "challenge": { + "keyFile": { SchemaProps: spec.SchemaProps{ - Description: "UseAsChallenger indicates whether to issue WWW-Authenticate challenges for this provider", - Default: false, - Type: []string{"boolean"}, + Description: "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + Default: "", + Type: []string{"string"}, Format: "", }, }, - "login": { + }, + Required: []string{"certFile", "keyFile"}, + }, + }, + } +} + +func schema_openshift_api_legacyconfig_v1_ClientConnectionOverrides(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ClientConnectionOverrides are a set of overrides to the default client connection settings.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "acceptContentTypes": { SchemaProps: spec.SchemaProps{ - Description: "UseAsLogin indicates whether to use this identity provider for unauthenticated browsers to login against", - Default: false, - Type: []string{"boolean"}, + Description: "acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the default value of 'application/json'. This field will control all connections to the server used by a particular client.", + Default: "", + Type: []string{"string"}, Format: "", }, }, - "mappingMethod": { + "contentType": { SchemaProps: spec.SchemaProps{ - Description: "mappingMethod determines how identities from this provider are mapped to users", + Description: "contentType is the content type used when sending data to the server from this client.", Default: "", Type: []string{"string"}, Format: "", }, }, - "provider": { + "qps": { SchemaProps: spec.SchemaProps{ - Description: "provider contains the information about how to set up a specific identity provider", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Description: "qps controls the number of queries per second allowed for this connection.", + Default: 0, + Type: []string{"number"}, + Format: "float", + }, + }, + "burst": { + SchemaProps: spec.SchemaProps{ + Description: "burst allows extra queries to accumulate when a client is exceeding its rate.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, }, - Required: []string{"name", "challenge", "login", "mappingMethod", "provider"}, + Required: []string{"acceptContentTypes", "contentType", "qps", "burst"}, }, }, - Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, } } -func schema_openshift_api_legacyconfig_v1_ImageConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_ClusterNetworkEntry(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ImageConfig holds the necessary configuration options for building image names for system components", + Description: "ClusterNetworkEntry defines an individual cluster network. The CIDRs cannot overlap with other cluster network CIDRs, CIDRs reserved for external ips, CIDRs reserved for service networks, and CIDRs reserved for ingress ips.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "format": { + "cidr": { SchemaProps: spec.SchemaProps{ - Description: "format is the format of the name to be built for the system component", + Description: "cidr defines the total range of a cluster networks address space.", Default: "", Type: []string{"string"}, Format: "", }, }, - "latest": { + "hostSubnetLength": { SchemaProps: spec.SchemaProps{ - Description: "latest determines if the latest tag will be pulled from the registry", - Default: false, - Type: []string{"boolean"}, - Format: "", + Description: "hostSubnetLength is the number of bits of the accompanying CIDR address to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pod.", + Default: 0, + Type: []string{"integer"}, + Format: "int64", }, }, }, - Required: []string{"format", "latest"}, + Required: []string{"cidr", "hostSubnetLength"}, }, }, } } -func schema_openshift_api_legacyconfig_v1_ImagePolicyConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_ControllerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ImagePolicyConfig holds the necessary configuration options for limits and behavior for importing images", + Description: "ControllerConfig holds configuration values for controllers", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "maxImagesBulkImportedPerRepository": { - SchemaProps: spec.SchemaProps{ - Description: "maxImagesBulkImportedPerRepository controls the number of images that are imported when a user does a bulk import of a container repository. This number defaults to 50 to prevent users from importing large numbers of images accidentally. Set -1 for no limit.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", - }, - }, - "disableScheduledImport": { - SchemaProps: spec.SchemaProps{ - Description: "disableScheduledImport allows scheduled background import of images to be disabled.", - Default: false, - Type: []string{"boolean"}, - Format: "", - }, - }, - "scheduledImageImportMinimumIntervalSeconds": { - SchemaProps: spec.SchemaProps{ - Description: "scheduledImageImportMinimumIntervalSeconds is the minimum number of seconds that can elapse between when image streams scheduled for background import are checked against the upstream repository. The default value is 15 minutes.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", - }, - }, - "maxScheduledImageImportsPerMinute": { - SchemaProps: spec.SchemaProps{ - Description: "maxScheduledImageImportsPerMinute is the maximum number of scheduled image streams that will be imported in the background per minute. The default value is 60. Set to -1 for unlimited.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", - }, - }, - "allowedRegistriesForImport": { + "controllers": { SchemaProps: spec.SchemaProps{ - Description: "allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions.", + Description: "controllers is a list of controllers to enable. '*' enables all on-by-default controllers, 'foo' enables the controller \"+ named 'foo', '-foo' disables the controller named 'foo'. Defaults to \"*\".", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.RegistryLocation"), + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, }, }, - "internalRegistryHostname": { - SchemaProps: spec.SchemaProps{ - Description: "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format.", - Type: []string{"string"}, - Format: "", - }, - }, - "externalRegistryHostname": { + "election": { SchemaProps: spec.SchemaProps{ - Description: "externalRegistryHostname sets the hostname for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", - Type: []string{"string"}, - Format: "", + Description: "election defines the configuration for electing a controller instance to make changes to the cluster. If unspecified, the ControllerTTL value is checked to determine whether the legacy direct etcd election code will be used.", + Ref: ref("github.com/openshift/api/legacyconfig/v1.ControllerElectionConfig"), }, }, - "additionalTrustedCA": { + "serviceServingCert": { SchemaProps: spec.SchemaProps{ - Description: "additionalTrustedCA is a path to a pem bundle file containing additional CAs that should be trusted during imagestream import.", - Type: []string{"string"}, - Format: "", + Description: "serviceServingCert holds configuration for service serving cert signer which creates cert/key pairs for pods fulfilling a service to serve with.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.ServiceServingCert"), }, }, }, - Required: []string{"maxImagesBulkImportedPerRepository", "disableScheduledImport", "scheduledImageImportMinimumIntervalSeconds", "maxScheduledImageImportsPerMinute"}, + Required: []string{"controllers", "election", "serviceServingCert"}, }, }, Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.RegistryLocation"}, + "github.com/openshift/api/legacyconfig/v1.ControllerElectionConfig", "github.com/openshift/api/legacyconfig/v1.ServiceServingCert"}, } } -func schema_openshift_api_legacyconfig_v1_JenkinsPipelineConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_ControllerElectionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "JenkinsPipelineConfig holds configuration for the Jenkins pipeline strategy", + Description: "ControllerElectionConfig contains configuration values for deciding how a controller will be elected to act as leader.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "autoProvisionEnabled": { + "lockName": { SchemaProps: spec.SchemaProps{ - Description: "autoProvisionEnabled determines whether a Jenkins server will be spawned from the provided template when the first build config in the project with type JenkinsPipeline is created. When not specified this option defaults to true.", - Type: []string{"boolean"}, + Description: "lockName is the resource name used to act as the lock for determining which controller instance should lead.", + Default: "", + Type: []string{"string"}, Format: "", }, }, - "templateNamespace": { + "lockNamespace": { SchemaProps: spec.SchemaProps{ - Description: "templateNamespace contains the namespace name where the Jenkins template is stored", + Description: "lockNamespace is the resource namespace used to act as the lock for determining which controller instance should lead. It defaults to \"kube-system\"", Default: "", Type: []string{"string"}, Format: "", }, }, - "templateName": { + "lockResource": { SchemaProps: spec.SchemaProps{ - Description: "templateName is the name of the default Jenkins template", + Description: "lockResource is the group and resource name to use to coordinate for the controller lock. If unset, defaults to \"configmaps\".", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.GroupResource"), + }, + }, + }, + Required: []string{"lockName", "lockNamespace", "lockResource"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/legacyconfig/v1.GroupResource"}, + } +} + +func schema_openshift_api_legacyconfig_v1_DNSConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "DNSConfig holds the necessary configuration options for DNS", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "bindAddress": { + SchemaProps: spec.SchemaProps{ + Description: "bindAddress is the ip:port to serve DNS on", Default: "", Type: []string{"string"}, Format: "", }, }, - "serviceName": { + "bindNetwork": { SchemaProps: spec.SchemaProps{ - Description: "serviceName is the name of the Jenkins service OpenShift uses to detect whether a Jenkins pipeline handler has already been installed in a project. This value *must* match a service name in the provided template.", + Description: "bindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", Default: "", Type: []string{"string"}, Format: "", }, }, - "parameters": { + "allowRecursiveQueries": { SchemaProps: spec.SchemaProps{ - Description: "parameters specifies a set of optional parameters to the Jenkins template.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "allowRecursiveQueries allows the DNS server on the master to answer queries recursively. Note that open resolvers can be used for DNS amplification attacks and the master DNS should not be made accessible to public networks.", + Default: false, + Type: []string{"boolean"}, + Format: "", }, }, }, - Required: []string{"autoProvisionEnabled", "templateNamespace", "templateName", "serviceName", "parameters"}, + Required: []string{"bindAddress", "bindNetwork", "allowRecursiveQueries"}, }, }, } } -func schema_openshift_api_legacyconfig_v1_KeystonePasswordIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_DefaultAdmissionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "DefaultAdmissionConfig can be used to enable or disable various admission plugins. When this type is present as the `configuration` object under `pluginConfig` and *if* the admission plugin supports it, this will cause an \"off by default\" admission plugin to be enabled\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -34557,295 +35006,150 @@ func schema_openshift_api_legacyconfig_v1_KeystonePasswordIdentityProvider(ref c Format: "", }, }, - "url": { - SchemaProps: spec.SchemaProps{ - Description: "url is the remote URL to connect to", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "ca": { - SchemaProps: spec.SchemaProps{ - Description: "ca is the CA for verifying TLS connections", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "certFile": { + "disable": { SchemaProps: spec.SchemaProps{ - Description: "certFile is a file containing a PEM-encoded certificate", - Default: "", - Type: []string{"string"}, + Description: "disable turns off an admission plugin that is enabled by default.", + Default: false, + Type: []string{"boolean"}, Format: "", }, }, - "keyFile": { + }, + Required: []string{"disable"}, + }, + }, + } +} + +func schema_openshift_api_legacyconfig_v1_DenyAllPasswordIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "DenyAllPasswordIdentityProvider provides no identities for users\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { SchemaProps: spec.SchemaProps{ - Description: "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - Default: "", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "domainName": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "Domain Name is required for keystone v3", - Default: "", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - "useKeystoneIdentity": { - SchemaProps: spec.SchemaProps{ - Description: "useKeystoneIdentity flag indicates that user should be authenticated by keystone ID, not by username", - Default: false, - Type: []string{"boolean"}, - Format: "", - }, - }, }, - Required: []string{"url", "ca", "certFile", "keyFile", "domainName", "useKeystoneIdentity"}, }, }, } } -func schema_openshift_api_legacyconfig_v1_KubeletConnectionInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_DockerConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "KubeletConnectionInfo holds information necessary for connecting to a kubelet", + Description: "DockerConfig holds Docker related configuration options.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "port": { - SchemaProps: spec.SchemaProps{ - Description: "port is the port to connect to kubelets on", - Default: 0, - Type: []string{"integer"}, - Format: "int32", - }, - }, - "ca": { + "execHandlerName": { SchemaProps: spec.SchemaProps{ - Description: "ca is the CA for verifying TLS connections to kubelets", + Description: "execHandlerName is the name of the handler to use for executing commands in containers.", Default: "", Type: []string{"string"}, Format: "", }, }, - "certFile": { + "dockerShimSocket": { SchemaProps: spec.SchemaProps{ - Description: "certFile is a file containing a PEM-encoded certificate", + Description: "dockerShimSocket is the location of the dockershim socket the kubelet uses. Currently unix socket is supported on Linux, and tcp is supported on windows. Examples:'unix:///var/run/dockershim.sock', 'tcp://localhost:3735'", Default: "", Type: []string{"string"}, Format: "", }, }, - "keyFile": { + "dockerShimRootDirectory": { SchemaProps: spec.SchemaProps{ - Description: "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + Description: "dockerShimRootDirectory is the dockershim root directory.", Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"port", "ca", "certFile", "keyFile"}, + Required: []string{"execHandlerName", "dockerShimSocket", "dockerShimRootDirectory"}, }, }, } } -func schema_openshift_api_legacyconfig_v1_KubernetesMasterConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_EtcdConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "KubernetesMasterConfig holds the necessary configuration options for the Kubernetes master", + Description: "EtcdConfig holds the necessary configuration options for connecting with an etcd database", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "apiLevels": { - SchemaProps: spec.SchemaProps{ - Description: "apiLevels is a list of API levels that should be enabled on startup: v1 as examples", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "disabledAPIGroupVersions": { - SchemaProps: spec.SchemaProps{ - Description: "disabledAPIGroupVersions is a map of groups to the versions (or *) that should be disabled.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - }, - }, - }, - "masterIP": { - SchemaProps: spec.SchemaProps{ - Description: "masterIP is the public IP address of kubernetes stuff. If empty, the first result from net.InterfaceAddrs will be used.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "masterEndpointReconcileTTL": { + "servingInfo": { SchemaProps: spec.SchemaProps{ - Description: "masterEndpointReconcileTTL sets the time to live in seconds of an endpoint record recorded by each master. The endpoints are checked at an interval that is 2/3 of this value and this value defaults to 15s if unset. In very large clusters, this value may be increased to reduce the possibility that the master endpoint record expires (due to other load on the etcd server) and causes masters to drop in and out of the kubernetes service record. It is not recommended to set this value below 15s.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "servingInfo describes how to start serving the etcd master", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.ServingInfo"), }, }, - "servicesSubnet": { + "address": { SchemaProps: spec.SchemaProps{ - Description: "servicesSubnet is the subnet to use for assigning service IPs", + Description: "address is the advertised host:port for client connections to etcd", Default: "", Type: []string{"string"}, Format: "", }, }, - "servicesNodePortRange": { + "peerServingInfo": { SchemaProps: spec.SchemaProps{ - Description: "servicesNodePortRange is the range to use for assigning service public ports on a host.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "peerServingInfo describes how to start serving the etcd peer", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.ServingInfo"), }, }, - "schedulerConfigFile": { + "peerAddress": { SchemaProps: spec.SchemaProps{ - Description: "schedulerConfigFile points to a file that describes how to set up the scheduler. If empty, you get the default scheduling rules.", + Description: "peerAddress is the advertised host:port for peer connections to etcd", Default: "", Type: []string{"string"}, Format: "", }, }, - "podEvictionTimeout": { + "storageDirectory": { SchemaProps: spec.SchemaProps{ - Description: "podEvictionTimeout controls grace period for deleting pods on failed nodes. It takes valid time duration string. If empty, you get the default pod eviction timeout.", + Description: "StorageDir is the path to the etcd storage directory", Default: "", Type: []string{"string"}, Format: "", }, }, - "proxyClientInfo": { - SchemaProps: spec.SchemaProps{ - Description: "proxyClientInfo specifies the client cert/key to use when proxying to pods", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.CertInfo"), - }, - }, - "apiServerArguments": { - SchemaProps: spec.SchemaProps{ - Description: "apiServerArguments are key value pairs that will be passed directly to the Kube apiserver that match the apiservers's command line arguments. These are not migrated, but if you reference a value that does not exist the server will not start. These values may override other settings in KubernetesMasterConfig which may cause invalid configurations.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - }, - }, - }, - "controllerArguments": { - SchemaProps: spec.SchemaProps{ - Description: "controllerArguments are key value pairs that will be passed directly to the Kube controller manager that match the controller manager's command line arguments. These are not migrated, but if you reference a value that does not exist the server will not start. These values may override other settings in KubernetesMasterConfig which may cause invalid configurations.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - }, - }, - }, - "schedulerArguments": { - SchemaProps: spec.SchemaProps{ - Description: "schedulerArguments are key value pairs that will be passed directly to the Kube scheduler that match the scheduler's command line arguments. These are not migrated, but if you reference a value that does not exist the server will not start. These values may override other settings in KubernetesMasterConfig which may cause invalid configurations.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - }, - }, - }, }, - Required: []string{"apiLevels", "disabledAPIGroupVersions", "masterIP", "masterEndpointReconcileTTL", "servicesSubnet", "servicesNodePortRange", "schedulerConfigFile", "podEvictionTimeout", "proxyClientInfo", "apiServerArguments", "controllerArguments", "schedulerArguments"}, + Required: []string{"servingInfo", "address", "peerServingInfo", "peerAddress", "storageDirectory"}, }, }, Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.CertInfo"}, + "github.com/openshift/api/legacyconfig/v1.ServingInfo"}, } } -func schema_openshift_api_legacyconfig_v1_LDAPAttributeMapping(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_EtcdConnectionInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "LDAPAttributeMapping maps LDAP attributes to OpenShift identity fields", + Description: "EtcdConnectionInfo holds information necessary for connecting to an etcd server", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "id": { + "urls": { SchemaProps: spec.SchemaProps{ - Description: "id is the list of attributes whose values should be used as the user ID. Required. LDAP standard identity attribute is \"dn\"", + Description: "urls are the URLs for etcd", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -34858,200 +35162,178 @@ func schema_openshift_api_legacyconfig_v1_LDAPAttributeMapping(ref common.Refere }, }, }, - "preferredUsername": { + "ca": { SchemaProps: spec.SchemaProps{ - Description: "preferredUsername is the list of attributes whose values should be used as the preferred username. LDAP standard login attribute is \"uid\"", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "ca is a file containing trusted roots for the etcd server certificates", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "name": { + "certFile": { SchemaProps: spec.SchemaProps{ - Description: "name is the list of attributes whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity LDAP standard display name attribute is \"cn\"", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "certFile is a file containing a PEM-encoded certificate", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "email": { + "keyFile": { SchemaProps: spec.SchemaProps{ - Description: "email is the list of attributes whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"id", "preferredUsername", "name", "email"}, + Required: []string{"urls", "ca", "certFile", "keyFile"}, }, }, } } -func schema_openshift_api_legacyconfig_v1_LDAPPasswordIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_EtcdStorageConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "EtcdStorageConfig holds the necessary configuration options for the etcd storage underlying OpenShift and Kubernetes", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { + "kubernetesStorageVersion": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "kubernetesStorageVersion is the API version that Kube resources in etcd should be serialized to. This value should *not* be advanced until all clients in the cluster that read from etcd have code that allows them to read the new version.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "url": { + "kubernetesStoragePrefix": { SchemaProps: spec.SchemaProps{ - Description: "url is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is\n ldap://host:port/basedn?attribute?scope?filter", + Description: "kubernetesStoragePrefix is the path within etcd that the Kubernetes resources will be rooted under. This value, if changed, will mean existing objects in etcd will no longer be located. The default value is 'kubernetes.io'.", Default: "", Type: []string{"string"}, Format: "", }, }, - "bindDN": { + "openShiftStorageVersion": { SchemaProps: spec.SchemaProps{ - Description: "bindDN is an optional DN to bind with during the search phase.", + Description: "openShiftStorageVersion is the API version that OS resources in etcd should be serialized to. This value should *not* be advanced until all clients in the cluster that read from etcd have code that allows them to read the new version.", Default: "", Type: []string{"string"}, Format: "", }, }, - "bindPassword": { - SchemaProps: spec.SchemaProps{ - Description: "bindPassword is an optional password to bind with during the search phase.", - Ref: ref("github.com/openshift/api/legacyconfig/v1.StringSource"), - }, - }, - "insecure": { - SchemaProps: spec.SchemaProps{ - Description: "Insecure, if true, indicates the connection should not use TLS. Cannot be set to true with a URL scheme of \"ldaps://\" If false, \"ldaps://\" URLs connect using TLS, and \"ldap://\" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830", - Default: false, - Type: []string{"boolean"}, - Format: "", - }, - }, - "ca": { + "openShiftStoragePrefix": { SchemaProps: spec.SchemaProps{ - Description: "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", + Description: "openShiftStoragePrefix is the path within etcd that the OpenShift resources will be rooted under. This value, if changed, will mean existing objects in etcd will no longer be located. The default value is 'openshift.io'.", Default: "", Type: []string{"string"}, Format: "", }, }, - "attributes": { - SchemaProps: spec.SchemaProps{ - Description: "attributes maps LDAP attributes to identities", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.LDAPAttributeMapping"), - }, - }, }, - Required: []string{"url", "bindDN", "bindPassword", "insecure", "ca", "attributes"}, + Required: []string{"kubernetesStorageVersion", "kubernetesStoragePrefix", "openShiftStorageVersion", "openShiftStoragePrefix"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.LDAPAttributeMapping", "github.com/openshift/api/legacyconfig/v1.StringSource"}, } } -func schema_openshift_api_legacyconfig_v1_LDAPQuery(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_GitHubIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "LDAPQuery holds the options necessary to build an LDAP query", + Description: "GitHubIdentityProvider provides identities for users authenticating using GitHub credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "baseDN": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "The DN of the branch of the directory where all searches should start from", - Default: "", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "scope": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "The (optional) scope of the search. Can be: base: only the base object, one: all object on the base level, sub: the entire subtree Defaults to the entire subtree if not set", - Default: "", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - "derefAliases": { + "clientID": { SchemaProps: spec.SchemaProps{ - Description: "The (optional) behavior of the search with regards to alisases. Can be: never: never dereference aliases, search: only dereference in searching, base: only dereference in finding the base object, always: always dereference Defaults to always dereferencing if not set", + Description: "clientID is the oauth client ID", Default: "", Type: []string{"string"}, Format: "", }, }, - "timeout": { + "clientSecret": { SchemaProps: spec.SchemaProps{ - Description: "TimeLimit holds the limit of time in seconds that any request to the server can remain outstanding before the wait for a response is given up. If this is 0, no client-side limit is imposed", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "clientSecret is the oauth client secret", + Ref: ref("github.com/openshift/api/legacyconfig/v1.StringSource"), }, }, - "filter": { + "organizations": { SchemaProps: spec.SchemaProps{ - Description: "filter is a valid LDAP search filter that retrieves all relevant entries from the LDAP server with the base DN", + Description: "organizations optionally restricts which organizations are allowed to log in", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "teams": { + SchemaProps: spec.SchemaProps{ + Description: "teams optionally restricts which teams are allowed to log in. Format is /.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "hostname": { + SchemaProps: spec.SchemaProps{ + Description: "hostname is the optional domain (e.g. \"mycompany.com\") for use with a hosted instance of GitHub Enterprise. It must match the GitHub Enterprise settings value that is configured at /setup/settings#hostname.", Default: "", Type: []string{"string"}, Format: "", }, - }, - "pageSize": { - SchemaProps: spec.SchemaProps{ - Description: "pageSize is the maximum preferred page size, measured in LDAP entries. A page size of 0 means no paging will be done.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + }, + "ca": { + SchemaProps: spec.SchemaProps{ + Description: "ca is the optional trusted certificate authority bundle to use when making requests to the server. If empty, the default system roots are used. This can only be configured when hostname is set to a non-empty value.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"baseDN", "scope", "derefAliases", "timeout", "filter", "pageSize"}, + Required: []string{"clientID", "clientSecret", "organizations", "teams", "hostname", "ca"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/legacyconfig/v1.StringSource"}, } } -func schema_openshift_api_legacyconfig_v1_LDAPSyncConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_GitLabIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "LDAPSyncConfig holds the necessary configuration options to define an LDAP group sync\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "GitLabIdentityProvider provides identities for users authenticating using GitLab credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -35068,243 +35350,271 @@ func schema_openshift_api_legacyconfig_v1_LDAPSyncConfig(ref common.ReferenceCal Format: "", }, }, + "ca": { + SchemaProps: spec.SchemaProps{ + Description: "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, "url": { SchemaProps: spec.SchemaProps{ - Description: "Host is the scheme, host and port of the LDAP server to connect to: scheme://host:port", + Description: "url is the oauth server base URL", Default: "", Type: []string{"string"}, Format: "", }, }, - "bindDN": { + "clientID": { SchemaProps: spec.SchemaProps{ - Description: "bindDN is an optional DN to bind to the LDAP server with", + Description: "clientID is the oauth client ID", Default: "", Type: []string{"string"}, Format: "", }, }, - "bindPassword": { + "clientSecret": { SchemaProps: spec.SchemaProps{ - Description: "bindPassword is an optional password to bind with during the search phase.", + Description: "clientSecret is the oauth client secret", Ref: ref("github.com/openshift/api/legacyconfig/v1.StringSource"), }, }, - "insecure": { + "legacy": { SchemaProps: spec.SchemaProps{ - Description: "Insecure, if true, indicates the connection should not use TLS. Cannot be set to true with a URL scheme of \"ldaps://\" If false, \"ldaps://\" URLs connect using TLS, and \"ldap://\" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830", - Default: false, + Description: "legacy determines if OAuth2 or OIDC should be used If true, OAuth2 is used If false, OIDC is used If nil and the URL's host is gitlab.com, OIDC is used Otherwise, OAuth2 is used In a future release, nil will default to using OIDC Eventually this flag will be removed and only OIDC will be used", Type: []string{"boolean"}, Format: "", }, }, - "ca": { + }, + Required: []string{"ca", "url", "clientID", "clientSecret"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/legacyconfig/v1.StringSource"}, + } +} + +func schema_openshift_api_legacyconfig_v1_GoogleIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "GoogleIdentityProvider provides identities for users authenticating using Google credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { SchemaProps: spec.SchemaProps{ - Description: "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", - Default: "", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "groupUIDNameMapping": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "LDAPGroupUIDToOpenShiftGroupNameMapping is an optional direct mapping of LDAP group UIDs to OpenShift Group names", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", }, }, - "rfc2307": { + "clientID": { SchemaProps: spec.SchemaProps{ - Description: "RFC2307Config holds the configuration for extracting data from an LDAP server set up in a fashion similar to RFC2307: first-class group and user entries, with group membership determined by a multi-valued attribute on the group entry listing its members", - Ref: ref("github.com/openshift/api/legacyconfig/v1.RFC2307Config"), + Description: "clientID is the oauth client ID", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "activeDirectory": { + "clientSecret": { SchemaProps: spec.SchemaProps{ - Description: "ActiveDirectoryConfig holds the configuration for extracting data from an LDAP server set up in a fashion similar to that used in Active Directory: first-class user entries, with group membership determined by a multi-valued attribute on members listing groups they are a member of", - Ref: ref("github.com/openshift/api/legacyconfig/v1.ActiveDirectoryConfig"), + Description: "clientSecret is the oauth client secret", + Ref: ref("github.com/openshift/api/legacyconfig/v1.StringSource"), }, }, - "augmentedActiveDirectory": { + "hostedDomain": { SchemaProps: spec.SchemaProps{ - Description: "AugmentedActiveDirectoryConfig holds the configuration for extracting data from an LDAP server set up in a fashion similar to that used in Active Directory as described above, with one addition: first-class group entries exist and are used to hold metadata but not group membership", - Ref: ref("github.com/openshift/api/legacyconfig/v1.AugmentedActiveDirectoryConfig"), + Description: "hostedDomain is the optional Google App domain (e.g. \"mycompany.com\") to restrict logins to", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"url", "bindDN", "bindPassword", "insecure", "ca", "groupUIDNameMapping"}, + Required: []string{"clientID", "clientSecret", "hostedDomain"}, }, }, Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.ActiveDirectoryConfig", "github.com/openshift/api/legacyconfig/v1.AugmentedActiveDirectoryConfig", "github.com/openshift/api/legacyconfig/v1.RFC2307Config", "github.com/openshift/api/legacyconfig/v1.StringSource"}, + "github.com/openshift/api/legacyconfig/v1.StringSource"}, } } -func schema_openshift_api_legacyconfig_v1_LocalQuota(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_GrantConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "LocalQuota contains options for controlling local volume quota on the node.", + Description: "GrantConfig holds the necessary configuration options for grant handlers", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "perFSGroup": { + "method": { SchemaProps: spec.SchemaProps{ - Description: "FSGroup can be specified to enable a quota on local storage use per unique FSGroup ID. At present this is only implemented for emptyDir volumes, and if the underlying volumeDirectory is on an XFS filesystem.", - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Description: "method determines the default strategy to use when an OAuth client requests a grant. This method will be used only if the specific OAuth client doesn't provide a strategy of their own. Valid grant handling methods are:\n - auto: always approves grant requests, useful for trusted clients\n - prompt: prompts the end user for approval of grant requests, useful for third-party clients\n - deny: always denies grant requests, useful for black-listed clients", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "serviceAccountMethod": { + SchemaProps: spec.SchemaProps{ + Description: "serviceAccountMethod is used for determining client authorization for service account oauth client. It must be either: deny, prompt", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"perFSGroup"}, + Required: []string{"method", "serviceAccountMethod"}, }, }, - Dependencies: []string{ - "k8s.io/apimachinery/pkg/api/resource.Quantity"}, } } -func schema_openshift_api_legacyconfig_v1_MasterAuthConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_GroupResource(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MasterAuthConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", + Description: "GroupResource points to a resource by its name and API group.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "requestHeader": { - SchemaProps: spec.SchemaProps{ - Description: "requestHeader holds options for setting up a front proxy against the API. It is optional.", - Ref: ref("github.com/openshift/api/legacyconfig/v1.RequestHeaderAuthenticationOptions"), - }, - }, - "webhookTokenAuthenticators": { + "group": { SchemaProps: spec.SchemaProps{ - Description: "WebhookTokenAuthnConfig, if present configures remote token reviewers", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.WebhookTokenAuthenticator"), - }, - }, - }, + Description: "group is the name of an API group", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "oauthMetadataFile": { + "resource": { SchemaProps: spec.SchemaProps{ - Description: "oauthMetadataFile is a path to a file containing the discovery endpoint for OAuth 2.0 Authorization Server Metadata for an external OAuth server. See IETF Draft: // https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This option is mutually exclusive with OAuthConfig", + Description: "resource is the name of a resource.", Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"requestHeader", "webhookTokenAuthenticators", "oauthMetadataFile"}, + Required: []string{"group", "resource"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.RequestHeaderAuthenticationOptions", "github.com/openshift/api/legacyconfig/v1.WebhookTokenAuthenticator"}, } } -func schema_openshift_api_legacyconfig_v1_MasterClients(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_HTPasswdPasswordIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MasterClients holds references to `.kubeconfig` files that qualify master clients for OpenShift and Kubernetes", + Description: "HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "openshiftLoopbackKubeConfig": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "openshiftLoopbackKubeConfig is a .kubeconfig filename for system components to loopback to this master", - Default: "", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "openshiftLoopbackClientConnectionOverrides": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "openshiftLoopbackClientConnectionOverrides specifies client overrides for system components to loop back to this master.", - Ref: ref("github.com/openshift/api/legacyconfig/v1.ClientConnectionOverrides"), + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "file": { + SchemaProps: spec.SchemaProps{ + Description: "file is a reference to your htpasswd file", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"openshiftLoopbackKubeConfig", "openshiftLoopbackClientConnectionOverrides"}, + Required: []string{"file"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.ClientConnectionOverrides"}, } } -func schema_openshift_api_legacyconfig_v1_MasterConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_HTTPServingInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MasterConfig holds the necessary configuration options for the OpenShift master\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "HTTPServingInfo holds configuration for serving HTTP", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "bindAddress": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "bindAddress is the ip:port to serve on", + Default: "", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "bindNetwork": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "bindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", + Default: "", Type: []string{"string"}, Format: "", }, }, - "servingInfo": { + "certFile": { SchemaProps: spec.SchemaProps{ - Description: "servingInfo describes how to start serving", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.HTTPServingInfo"), + Description: "certFile is a file containing a PEM-encoded certificate", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "authConfig": { + "keyFile": { SchemaProps: spec.SchemaProps{ - Description: "authConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.MasterAuthConfig"), + Description: "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "aggregatorConfig": { + "clientCA": { SchemaProps: spec.SchemaProps{ - Description: "aggregatorConfig has options for configuring the aggregator component of the API server.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.AggregatorConfig"), + Description: "clientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "corsAllowedOrigins": { + "namedCertificates": { SchemaProps: spec.SchemaProps{ - Description: "CORSAllowedOrigins", + Description: "namedCertificates is a list of certificates to use to secure requests to specific hostnames", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.NamedCertificate"), }, }, }, }, }, - "apiLevels": { + "minTLSVersion": { SchemaProps: spec.SchemaProps{ - Description: "apiLevels is a list of API levels that should be enabled on startup: v1 as examples", + Description: "minTLSVersion is the minimum TLS version supported. Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants", + Type: []string{"string"}, + Format: "", + }, + }, + "cipherSuites": { + SchemaProps: spec.SchemaProps{ + Description: "cipherSuites contains an overridden list of ciphers for the server to support. Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -35317,375 +35627,264 @@ func schema_openshift_api_legacyconfig_v1_MasterConfig(ref common.ReferenceCallb }, }, }, - "masterPublicURL": { - SchemaProps: spec.SchemaProps{ - Description: "masterPublicURL is how clients can access the OpenShift API server", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "controllers": { - SchemaProps: spec.SchemaProps{ - Description: "controllers is a list of the controllers that should be started. If set to \"none\", no controllers will start automatically. The default value is \"*\" which will start all controllers. When using \"*\", you may exclude controllers by prepending a \"-\" in front of their name. No other values are recognized at this time.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "admissionConfig": { - SchemaProps: spec.SchemaProps{ - Description: "admissionConfig contains admission control plugin configuration.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.AdmissionConfig"), - }, - }, - "controllerConfig": { - SchemaProps: spec.SchemaProps{ - Description: "controllerConfig holds configuration values for controllers", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.ControllerConfig"), - }, - }, - "etcdStorageConfig": { - SchemaProps: spec.SchemaProps{ - Description: "etcdStorageConfig contains information about how API resources are stored in Etcd. These values are only relevant when etcd is the backing store for the cluster.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.EtcdStorageConfig"), - }, - }, - "etcdClientInfo": { - SchemaProps: spec.SchemaProps{ - Description: "etcdClientInfo contains information about how to connect to etcd", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.EtcdConnectionInfo"), - }, - }, - "kubeletClientInfo": { - SchemaProps: spec.SchemaProps{ - Description: "kubeletClientInfo contains information about how to connect to kubelets", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.KubeletConnectionInfo"), - }, - }, - "kubernetesMasterConfig": { - SchemaProps: spec.SchemaProps{ - Description: "KubernetesMasterConfig, if present start the kubernetes master in this process", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.KubernetesMasterConfig"), - }, - }, - "etcdConfig": { - SchemaProps: spec.SchemaProps{ - Description: "EtcdConfig, if present start etcd in this process", - Ref: ref("github.com/openshift/api/legacyconfig/v1.EtcdConfig"), - }, - }, - "oauthConfig": { - SchemaProps: spec.SchemaProps{ - Description: "OAuthConfig, if present start the /oauth endpoint in this process", - Ref: ref("github.com/openshift/api/legacyconfig/v1.OAuthConfig"), - }, - }, - "dnsConfig": { - SchemaProps: spec.SchemaProps{ - Description: "DNSConfig, if present start the DNS server in this process", - Ref: ref("github.com/openshift/api/legacyconfig/v1.DNSConfig"), - }, - }, - "serviceAccountConfig": { - SchemaProps: spec.SchemaProps{ - Description: "serviceAccountConfig holds options related to service accounts", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.ServiceAccountConfig"), - }, - }, - "masterClients": { - SchemaProps: spec.SchemaProps{ - Description: "masterClients holds all the client connection information for controllers and other system components", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.MasterClients"), - }, - }, - "imageConfig": { - SchemaProps: spec.SchemaProps{ - Description: "imageConfig holds options that describe how to build image names for system components", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.ImageConfig"), - }, - }, - "imagePolicyConfig": { - SchemaProps: spec.SchemaProps{ - Description: "imagePolicyConfig controls limits and behavior for importing images", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.ImagePolicyConfig"), - }, - }, - "policyConfig": { - SchemaProps: spec.SchemaProps{ - Description: "policyConfig holds information about where to locate critical pieces of bootstrapping policy", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.PolicyConfig"), - }, - }, - "projectConfig": { - SchemaProps: spec.SchemaProps{ - Description: "projectConfig holds information about project creation and defaults", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.ProjectConfig"), - }, - }, - "routingConfig": { - SchemaProps: spec.SchemaProps{ - Description: "routingConfig holds information about routing and route generation", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.RoutingConfig"), - }, - }, - "networkConfig": { - SchemaProps: spec.SchemaProps{ - Description: "networkConfig to be passed to the compiled in network plugin", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.MasterNetworkConfig"), - }, - }, - "volumeConfig": { - SchemaProps: spec.SchemaProps{ - Description: "MasterVolumeConfig contains options for configuring volume plugins in the master node.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.MasterVolumeConfig"), - }, - }, - "jenkinsPipelineConfig": { + "maxRequestsInFlight": { SchemaProps: spec.SchemaProps{ - Description: "jenkinsPipelineConfig holds information about the default Jenkins template used for JenkinsPipeline build strategy.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.JenkinsPipelineConfig"), + Description: "maxRequestsInFlight is the number of concurrent requests allowed to the server. If zero, no limit.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, - "auditConfig": { + "requestTimeoutSeconds": { SchemaProps: spec.SchemaProps{ - Description: "auditConfig holds information related to auditing capabilities.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.AuditConfig"), + Description: "requestTimeoutSeconds is the number of seconds before requests are timed out. The default is 60 minutes, if -1 there is no limit on requests.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, }, - Required: []string{"servingInfo", "authConfig", "aggregatorConfig", "corsAllowedOrigins", "apiLevels", "masterPublicURL", "controllers", "admissionConfig", "controllerConfig", "etcdStorageConfig", "etcdClientInfo", "kubeletClientInfo", "kubernetesMasterConfig", "etcdConfig", "oauthConfig", "dnsConfig", "serviceAccountConfig", "masterClients", "imageConfig", "imagePolicyConfig", "policyConfig", "projectConfig", "routingConfig", "networkConfig", "volumeConfig", "jenkinsPipelineConfig", "auditConfig"}, + Required: []string{"bindAddress", "bindNetwork", "certFile", "keyFile", "clientCA", "namedCertificates", "maxRequestsInFlight", "requestTimeoutSeconds"}, }, }, Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.AdmissionConfig", "github.com/openshift/api/legacyconfig/v1.AggregatorConfig", "github.com/openshift/api/legacyconfig/v1.AuditConfig", "github.com/openshift/api/legacyconfig/v1.ControllerConfig", "github.com/openshift/api/legacyconfig/v1.DNSConfig", "github.com/openshift/api/legacyconfig/v1.EtcdConfig", "github.com/openshift/api/legacyconfig/v1.EtcdConnectionInfo", "github.com/openshift/api/legacyconfig/v1.EtcdStorageConfig", "github.com/openshift/api/legacyconfig/v1.HTTPServingInfo", "github.com/openshift/api/legacyconfig/v1.ImageConfig", "github.com/openshift/api/legacyconfig/v1.ImagePolicyConfig", "github.com/openshift/api/legacyconfig/v1.JenkinsPipelineConfig", "github.com/openshift/api/legacyconfig/v1.KubeletConnectionInfo", "github.com/openshift/api/legacyconfig/v1.KubernetesMasterConfig", "github.com/openshift/api/legacyconfig/v1.MasterAuthConfig", "github.com/openshift/api/legacyconfig/v1.MasterClients", "github.com/openshift/api/legacyconfig/v1.MasterNetworkConfig", "github.com/openshift/api/legacyconfig/v1.MasterVolumeConfig", "github.com/openshift/api/legacyconfig/v1.OAuthConfig", "github.com/openshift/api/legacyconfig/v1.PolicyConfig", "github.com/openshift/api/legacyconfig/v1.ProjectConfig", "github.com/openshift/api/legacyconfig/v1.RoutingConfig", "github.com/openshift/api/legacyconfig/v1.ServiceAccountConfig"}, + "github.com/openshift/api/legacyconfig/v1.NamedCertificate"}, } } -func schema_openshift_api_legacyconfig_v1_MasterNetworkConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_IdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MasterNetworkConfig to be passed to the compiled in network plugin", + Description: "IdentityProvider provides identities for users authenticating using credentials", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "networkPluginName": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "networkPluginName is the name of the network plugin to use", + Description: "name is used to qualify the identities returned by this provider", Default: "", Type: []string{"string"}, Format: "", }, }, - "clusterNetworkCIDR": { + "challenge": { SchemaProps: spec.SchemaProps{ - Description: "clusterNetworkCIDR is the CIDR string to specify the global overlay network's L3 space. Deprecated, but maintained for backwards compatibility, use ClusterNetworks instead.", - Type: []string{"string"}, + Description: "UseAsChallenger indicates whether to issue WWW-Authenticate challenges for this provider", + Default: false, + Type: []string{"boolean"}, Format: "", }, }, - "clusterNetworks": { - SchemaProps: spec.SchemaProps{ - Description: "clusterNetworks is a list of ClusterNetwork objects that defines the global overlay network's L3 space by specifying a set of CIDR and netmasks that the SDN can allocate addressed from. If this is specified, then ClusterNetworkCIDR and HostSubnetLength may not be set.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.ClusterNetworkEntry"), - }, - }, - }, - }, - }, - "hostSubnetLength": { + "login": { SchemaProps: spec.SchemaProps{ - Description: "hostSubnetLength is the number of bits to allocate to each host's subnet e.g. 8 would mean a /24 network on the host. Deprecated, but maintained for backwards compatibility, use ClusterNetworks instead.", - Type: []string{"integer"}, - Format: "int64", + Description: "UseAsLogin indicates whether to use this identity provider for unauthenticated browsers to login against", + Default: false, + Type: []string{"boolean"}, + Format: "", }, }, - "serviceNetworkCIDR": { + "mappingMethod": { SchemaProps: spec.SchemaProps{ - Description: "ServiceNetwork is the CIDR string to specify the service networks", + Description: "mappingMethod determines how identities from this provider are mapped to users", Default: "", Type: []string{"string"}, Format: "", }, }, - "externalIPNetworkCIDRs": { + "provider": { SchemaProps: spec.SchemaProps{ - Description: "externalIPNetworkCIDRs controls what values are acceptable for the service external IP field. If empty, no externalIP may be set. It may contain a list of CIDRs which are checked for access. If a CIDR is prefixed with !, IPs in that CIDR will be rejected. Rejections will be applied first, then the IP checked against one of the allowed CIDRs. You should ensure this range does not overlap with your nodes, pods, or service CIDRs for security reasons.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "provider contains the information about how to set up a specific identity provider", + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, - "ingressIPNetworkCIDR": { + }, + Required: []string{"name", "challenge", "login", "mappingMethod", "provider"}, + }, + }, + Dependencies: []string{ + runtime.RawExtension{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_legacyconfig_v1_ImageConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ImageConfig holds the necessary configuration options for building image names for system components", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "format": { SchemaProps: spec.SchemaProps{ - Description: "ingressIPNetworkCIDR controls the range to assign ingress ips from for services of type LoadBalancer on bare metal. If empty, ingress ips will not be assigned. It may contain a single CIDR that will be allocated from. For security reasons, you should ensure that this range does not overlap with the CIDRs reserved for external ips, nodes, pods, or services.", + Description: "format is the format of the name to be built for the system component", Default: "", Type: []string{"string"}, Format: "", }, }, - "vxlanPort": { + "latest": { SchemaProps: spec.SchemaProps{ - Description: "vxlanPort is the VXLAN port used by the cluster defaults. If it is not set, 4789 is the default value", - Type: []string{"integer"}, - Format: "int64", + Description: "latest determines if the latest tag will be pulled from the registry", + Default: false, + Type: []string{"boolean"}, + Format: "", }, }, }, - Required: []string{"networkPluginName", "clusterNetworks", "serviceNetworkCIDR", "externalIPNetworkCIDRs", "ingressIPNetworkCIDR"}, + Required: []string{"format", "latest"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.ClusterNetworkEntry"}, } } -func schema_openshift_api_legacyconfig_v1_MasterVolumeConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_ImagePolicyConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MasterVolumeConfig contains options for configuring volume plugins in the master node.", + Description: "ImagePolicyConfig holds the necessary configuration options for limits and behavior for importing images", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "dynamicProvisioningEnabled": { + "maxImagesBulkImportedPerRepository": { SchemaProps: spec.SchemaProps{ - Description: "dynamicProvisioningEnabled is a boolean that toggles dynamic provisioning off when false, defaults to true", + Description: "maxImagesBulkImportedPerRepository controls the number of images that are imported when a user does a bulk import of a container repository. This number defaults to 50 to prevent users from importing large numbers of images accidentally. Set -1 for no limit.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", + }, + }, + "disableScheduledImport": { + SchemaProps: spec.SchemaProps{ + Description: "disableScheduledImport allows scheduled background import of images to be disabled.", + Default: false, Type: []string{"boolean"}, Format: "", }, }, - }, - Required: []string{"dynamicProvisioningEnabled"}, - }, - }, - } -} - -func schema_openshift_api_legacyconfig_v1_NamedCertificate(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "NamedCertificate specifies a certificate/key, and the names it should be served for", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "names": { + "scheduledImageImportMinimumIntervalSeconds": { SchemaProps: spec.SchemaProps{ - Description: "names is a list of DNS names this certificate should be used to secure A name can be a normal DNS name, or can contain leading wildcard segments.", + Description: "scheduledImageImportMinimumIntervalSeconds is the minimum number of seconds that can elapse between when image streams scheduled for background import are checked against the upstream repository. The default value is 15 minutes.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", + }, + }, + "maxScheduledImageImportsPerMinute": { + SchemaProps: spec.SchemaProps{ + Description: "maxScheduledImageImportsPerMinute is the maximum number of scheduled image streams that will be imported in the background per minute. The default value is 60. Set to -1 for unlimited.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", + }, + }, + "allowedRegistriesForImport": { + SchemaProps: spec.SchemaProps{ + Description: "allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.RegistryLocation"), }, }, }, }, }, - "certFile": { + "internalRegistryHostname": { SchemaProps: spec.SchemaProps{ - Description: "certFile is a file containing a PEM-encoded certificate", - Default: "", + Description: "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format.", Type: []string{"string"}, Format: "", }, }, - "keyFile": { + "externalRegistryHostname": { SchemaProps: spec.SchemaProps{ - Description: "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - Default: "", + Description: "externalRegistryHostname sets the hostname for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", + Type: []string{"string"}, + Format: "", + }, + }, + "additionalTrustedCA": { + SchemaProps: spec.SchemaProps{ + Description: "additionalTrustedCA is a path to a pem bundle file containing additional CAs that should be trusted during imagestream import.", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"names", "certFile", "keyFile"}, + Required: []string{"maxImagesBulkImportedPerRepository", "disableScheduledImport", "scheduledImageImportMinimumIntervalSeconds", "maxScheduledImageImportsPerMinute"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/legacyconfig/v1.RegistryLocation"}, } } -func schema_openshift_api_legacyconfig_v1_NodeAuthConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_JenkinsPipelineConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "NodeAuthConfig holds authn/authz configuration options", + Description: "JenkinsPipelineConfig holds configuration for the Jenkins pipeline strategy", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "authenticationCacheTTL": { + "autoProvisionEnabled": { SchemaProps: spec.SchemaProps{ - Description: "authenticationCacheTTL indicates how long an authentication result should be cached. It takes a valid time duration string (e.g. \"5m\"). If empty, you get the default timeout. If zero (e.g. \"0m\"), caching is disabled", + Description: "autoProvisionEnabled determines whether a Jenkins server will be spawned from the provided template when the first build config in the project with type JenkinsPipeline is created. When not specified this option defaults to true.", + Type: []string{"boolean"}, + Format: "", + }, + }, + "templateNamespace": { + SchemaProps: spec.SchemaProps{ + Description: "templateNamespace contains the namespace name where the Jenkins template is stored", Default: "", Type: []string{"string"}, Format: "", }, }, - "authenticationCacheSize": { + "templateName": { SchemaProps: spec.SchemaProps{ - Description: "authenticationCacheSize indicates how many authentication results should be cached. If 0, the default cache size is used.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "templateName is the name of the default Jenkins template", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "authorizationCacheTTL": { + "serviceName": { SchemaProps: spec.SchemaProps{ - Description: "authorizationCacheTTL indicates how long an authorization result should be cached. It takes a valid time duration string (e.g. \"5m\"). If empty, you get the default timeout. If zero (e.g. \"0m\"), caching is disabled", + Description: "serviceName is the name of the Jenkins service OpenShift uses to detect whether a Jenkins pipeline handler has already been installed in a project. This value *must* match a service name in the provided template.", Default: "", Type: []string{"string"}, Format: "", }, }, - "authorizationCacheSize": { + "parameters": { SchemaProps: spec.SchemaProps{ - Description: "authorizationCacheSize indicates how many authorization results should be cached. If 0, the default cache size is used.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "parameters specifies a set of optional parameters to the Jenkins template.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, }, - Required: []string{"authenticationCacheTTL", "authenticationCacheSize", "authorizationCacheTTL", "authorizationCacheSize"}, + Required: []string{"autoProvisionEnabled", "templateNamespace", "templateName", "serviceName", "parameters"}, }, }, } } -func schema_openshift_api_legacyconfig_v1_NodeConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_KeystonePasswordIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "NodeConfig is the fully specified config starting an OpenShift node\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -35702,70 +35901,117 @@ func schema_openshift_api_legacyconfig_v1_NodeConfig(ref common.ReferenceCallbac Format: "", }, }, - "nodeName": { + "url": { SchemaProps: spec.SchemaProps{ - Description: "nodeName is the value used to identify this particular node in the cluster. If possible, this should be your fully qualified hostname. If you're describing a set of static nodes to the master, this value must match one of the values in the list", + Description: "url is the remote URL to connect to", Default: "", Type: []string{"string"}, Format: "", }, }, - "nodeIP": { + "ca": { SchemaProps: spec.SchemaProps{ - Description: "Node may have multiple IPs, specify the IP to use for pod traffic routing If not specified, network parse/lookup on the nodeName is performed and the first non-loopback address is used", + Description: "ca is the CA for verifying TLS connections", Default: "", Type: []string{"string"}, Format: "", }, }, - "servingInfo": { + "certFile": { SchemaProps: spec.SchemaProps{ - Description: "servingInfo describes how to start serving", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.ServingInfo"), + Description: "certFile is a file containing a PEM-encoded certificate", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "masterKubeConfig": { + "keyFile": { SchemaProps: spec.SchemaProps{ - Description: "masterKubeConfig is a filename for the .kubeconfig file that describes how to connect this node to the master", + Description: "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", Default: "", Type: []string{"string"}, Format: "", }, }, - "masterClientConnectionOverrides": { + "domainName": { SchemaProps: spec.SchemaProps{ - Description: "masterClientConnectionOverrides provides overrides to the client connection used to connect to the master.", - Ref: ref("github.com/openshift/api/legacyconfig/v1.ClientConnectionOverrides"), + Description: "Domain Name is required for keystone v3", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "dnsDomain": { + "useKeystoneIdentity": { SchemaProps: spec.SchemaProps{ - Description: "dnsDomain holds the domain suffix that will be used for the DNS search path inside each container. Defaults to 'cluster.local'.", + Description: "useKeystoneIdentity flag indicates that user should be authenticated by keystone ID, not by username", + Default: false, + Type: []string{"boolean"}, + Format: "", + }, + }, + }, + Required: []string{"url", "ca", "certFile", "keyFile", "domainName", "useKeystoneIdentity"}, + }, + }, + } +} + +func schema_openshift_api_legacyconfig_v1_KubeletConnectionInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "KubeletConnectionInfo holds information necessary for connecting to a kubelet", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "port": { + SchemaProps: spec.SchemaProps{ + Description: "port is the port to connect to kubelets on", + Default: 0, + Type: []string{"integer"}, + Format: "int32", + }, + }, + "ca": { + SchemaProps: spec.SchemaProps{ + Description: "ca is the CA for verifying TLS connections to kubelets", Default: "", Type: []string{"string"}, Format: "", }, }, - "dnsIP": { + "certFile": { SchemaProps: spec.SchemaProps{ - Description: "dnsIP is the IP address that pods will use to access cluster DNS. Defaults to the service IP of the Kubernetes master. This IP must be listening on port 53 for compatibility with libc resolvers (which cannot be configured to resolve names from any other port). When running more complex local DNS configurations, this is often set to the local address of a DNS proxy like dnsmasq, which then will consult either the local DNS (see dnsBindAddress) or the master DNS.", + Description: "certFile is a file containing a PEM-encoded certificate", Default: "", Type: []string{"string"}, Format: "", }, }, - "dnsBindAddress": { + "keyFile": { SchemaProps: spec.SchemaProps{ - Description: "dnsBindAddress is the ip:port to serve DNS on. If this is not set, the DNS server will not be started. Because most DNS resolvers will only listen on port 53, if you select an alternative port you will need a DNS proxy like dnsmasq to answer queries for containers. A common configuration is dnsmasq configured on a node IP listening on 53 and delegating queries for dnsDomain to this process, while sending other queries to the host environments nameservers.", + Description: "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", Default: "", Type: []string{"string"}, Format: "", }, }, - "dnsNameservers": { + }, + Required: []string{"port", "ca", "certFile", "keyFile"}, + }, + }, + } +} + +func schema_openshift_api_legacyconfig_v1_KubernetesMasterConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "KubernetesMasterConfig holds the necessary configuration options for the Kubernetes master", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "apiLevels": { SchemaProps: spec.SchemaProps{ - Description: "dnsNameservers is a list of ip:port values of recursive nameservers to forward queries to when running a local DNS server if dnsBindAddress is set. If this value is empty, the DNS server will default to the nameservers listed in /etc/resolv.conf. If you have configured dnsmasq or another DNS proxy on the system, this value should be set to the upstream nameservers dnsmasq resolves with.", + Description: "apiLevels is a list of API levels that should be enabled on startup: v1 as examples", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -35778,74 +36024,87 @@ func schema_openshift_api_legacyconfig_v1_NodeConfig(ref common.ReferenceCallbac }, }, }, - "dnsRecursiveResolvConf": { + "disabledAPIGroupVersions": { SchemaProps: spec.SchemaProps{ - Description: "dnsRecursiveResolvConf is a path to a resolv.conf file that contains settings for an upstream server. Only the nameservers and port fields are used. The file must exist and parse correctly. It adds extra nameservers to DNSNameservers if set.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "disabledAPIGroupVersions is a map of groups to the versions (or *) that should be disabled.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, }, }, - "networkPluginName": { + "masterIP": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated and maintained for backward compatibility, use NetworkConfig.NetworkPluginName instead", + Description: "masterIP is the public IP address of kubernetes stuff. If empty, the first result from net.InterfaceAddrs will be used.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "networkConfig": { + "masterEndpointReconcileTTL": { SchemaProps: spec.SchemaProps{ - Description: "networkConfig provides network options for the node", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.NodeNetworkConfig"), + Description: "masterEndpointReconcileTTL sets the time to live in seconds of an endpoint record recorded by each master. The endpoints are checked at an interval that is 2/3 of this value and this value defaults to 15s if unset. In very large clusters, this value may be increased to reduce the possibility that the master endpoint record expires (due to other load on the etcd server) and causes masters to drop in and out of the kubernetes service record. It is not recommended to set this value below 15s.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, - "volumeDirectory": { + "servicesSubnet": { SchemaProps: spec.SchemaProps{ - Description: "volumeDirectory is the directory that volumes will be stored under", + Description: "servicesSubnet is the subnet to use for assigning service IPs", Default: "", Type: []string{"string"}, Format: "", }, }, - "imageConfig": { - SchemaProps: spec.SchemaProps{ - Description: "imageConfig holds options that describe how to build image names for system components", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.ImageConfig"), - }, - }, - "allowDisabledDocker": { + "servicesNodePortRange": { SchemaProps: spec.SchemaProps{ - Description: "allowDisabledDocker if true, the Kubelet will ignore errors from Docker. This means that a node can start on a machine that doesn't have docker started.", - Default: false, - Type: []string{"boolean"}, + Description: "servicesNodePortRange is the range to use for assigning service public ports on a host.", + Default: "", + Type: []string{"string"}, Format: "", }, }, - "podManifestConfig": { + "schedulerConfigFile": { SchemaProps: spec.SchemaProps{ - Description: "podManifestConfig holds the configuration for enabling the Kubelet to create pods based from a manifest file(s) placed locally on the node", - Ref: ref("github.com/openshift/api/legacyconfig/v1.PodManifestConfig"), + Description: "schedulerConfigFile points to a file that describes how to set up the scheduler. If empty, you get the default scheduling rules.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "authConfig": { + "podEvictionTimeout": { SchemaProps: spec.SchemaProps{ - Description: "authConfig holds authn/authz configuration options", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.NodeAuthConfig"), + Description: "podEvictionTimeout controls grace period for deleting pods on failed nodes. It takes valid time duration string. If empty, you get the default pod eviction timeout.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "dockerConfig": { + "proxyClientInfo": { SchemaProps: spec.SchemaProps{ - Description: "dockerConfig holds Docker related configuration options.", + Description: "proxyClientInfo specifies the client cert/key to use when proxying to pods", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.DockerConfig"), + Ref: ref("github.com/openshift/api/legacyconfig/v1.CertInfo"), }, }, - "kubeletArguments": { + "apiServerArguments": { SchemaProps: spec.SchemaProps{ - Description: "kubeletArguments are key value pairs that will be passed directly to the Kubelet that match the Kubelet's command line arguments. These are not migrated or validated, so if you use them they may become invalid. These values override other settings in NodeConfig which may cause invalid configurations.", + Description: "apiServerArguments are key value pairs that will be passed directly to the Kube apiserver that match the apiservers's command line arguments. These are not migrated, but if you reference a value that does not exist the server will not start. These values may override other settings in KubernetesMasterConfig which may cause invalid configurations.", Type: []string{"object"}, AdditionalProperties: &spec.SchemaOrBool{ Allows: true, @@ -35866,9 +36125,9 @@ func schema_openshift_api_legacyconfig_v1_NodeConfig(ref common.ReferenceCallbac }, }, }, - "proxyArguments": { + "controllerArguments": { SchemaProps: spec.SchemaProps{ - Description: "proxyArguments are key value pairs that will be passed directly to the Proxy that match the Proxy's command line arguments. These are not migrated or validated, so if you use them they may become invalid. These values override other settings in NodeConfig which may cause invalid configurations.", + Description: "controllerArguments are key value pairs that will be passed directly to the Kube controller manager that match the controller manager's command line arguments. These are not migrated, but if you reference a value that does not exist the server will not start. These values may override other settings in KubernetesMasterConfig which may cause invalid configurations.", Type: []string{"object"}, AdditionalProperties: &spec.SchemaOrBool{ Allows: true, @@ -35889,233 +36148,48 @@ func schema_openshift_api_legacyconfig_v1_NodeConfig(ref common.ReferenceCallbac }, }, }, - "iptablesSyncPeriod": { - SchemaProps: spec.SchemaProps{ - Description: "iptablesSyncPeriod is how often iptable rules are refreshed", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "enableUnidling": { - SchemaProps: spec.SchemaProps{ - Description: "enableUnidling controls whether or not the hybrid unidling proxy will be set up", - Type: []string{"boolean"}, - Format: "", - }, - }, - "volumeConfig": { - SchemaProps: spec.SchemaProps{ - Description: "volumeConfig contains options for configuring volumes on the node.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.NodeVolumeConfig"), - }, - }, - }, - Required: []string{"nodeName", "nodeIP", "servingInfo", "masterKubeConfig", "masterClientConnectionOverrides", "dnsDomain", "dnsIP", "dnsBindAddress", "dnsNameservers", "dnsRecursiveResolvConf", "networkConfig", "volumeDirectory", "imageConfig", "allowDisabledDocker", "podManifestConfig", "authConfig", "dockerConfig", "iptablesSyncPeriod", "enableUnidling", "volumeConfig"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.ClientConnectionOverrides", "github.com/openshift/api/legacyconfig/v1.DockerConfig", "github.com/openshift/api/legacyconfig/v1.ImageConfig", "github.com/openshift/api/legacyconfig/v1.NodeAuthConfig", "github.com/openshift/api/legacyconfig/v1.NodeNetworkConfig", "github.com/openshift/api/legacyconfig/v1.NodeVolumeConfig", "github.com/openshift/api/legacyconfig/v1.PodManifestConfig", "github.com/openshift/api/legacyconfig/v1.ServingInfo"}, - } -} - -func schema_openshift_api_legacyconfig_v1_NodeNetworkConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "NodeNetworkConfig provides network options for the node", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "networkPluginName": { - SchemaProps: spec.SchemaProps{ - Description: "networkPluginName is a string specifying the networking plugin", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "mtu": { - SchemaProps: spec.SchemaProps{ - Description: "Maximum transmission unit for the network packets", - Default: 0, - Type: []string{"integer"}, - Format: "int64", - }, - }, - }, - Required: []string{"networkPluginName", "mtu"}, - }, - }, - } -} - -func schema_openshift_api_legacyconfig_v1_NodeVolumeConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "NodeVolumeConfig contains options for configuring volumes on the node.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "localQuota": { - SchemaProps: spec.SchemaProps{ - Description: "localQuota contains options for controlling local volume quota on the node.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.LocalQuota"), - }, - }, - }, - Required: []string{"localQuota"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.LocalQuota"}, - } -} - -func schema_openshift_api_legacyconfig_v1_OAuthConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "OAuthConfig holds the necessary configuration options for OAuth authentication", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "masterCA": { - SchemaProps: spec.SchemaProps{ - Description: "masterCA is the CA for verifying the TLS connection back to the MasterURL.", - Type: []string{"string"}, - Format: "", - }, - }, - "masterURL": { - SchemaProps: spec.SchemaProps{ - Description: "masterURL is used for making server-to-server calls to exchange authorization codes for access tokens", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "masterPublicURL": { - SchemaProps: spec.SchemaProps{ - Description: "masterPublicURL is used for building valid client redirect URLs for internal and external access", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "assetPublicURL": { - SchemaProps: spec.SchemaProps{ - Description: "assetPublicURL is used for building valid client redirect URLs for external access", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "alwaysShowProviderSelection": { - SchemaProps: spec.SchemaProps{ - Description: "alwaysShowProviderSelection will force the provider selection page to render even when there is only a single provider.", - Default: false, - Type: []string{"boolean"}, - Format: "", - }, - }, - "identityProviders": { + "schedulerArguments": { SchemaProps: spec.SchemaProps{ - Description: "identityProviders is an ordered list of ways for a user to identify themselves", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ + Description: "schedulerArguments are key value pairs that will be passed directly to the Kube scheduler that match the scheduler's command line arguments. These are not migrated, but if you reference a value that does not exist the server will not start. These values may override other settings in KubernetesMasterConfig which may cause invalid configurations.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.IdentityProvider"), + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, }, }, }, - "grantConfig": { - SchemaProps: spec.SchemaProps{ - Description: "grantConfig describes how to handle grants", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.GrantConfig"), - }, - }, - "sessionConfig": { - SchemaProps: spec.SchemaProps{ - Description: "sessionConfig hold information about configuring sessions.", - Ref: ref("github.com/openshift/api/legacyconfig/v1.SessionConfig"), - }, - }, - "tokenConfig": { - SchemaProps: spec.SchemaProps{ - Description: "tokenConfig contains options for authorization and access tokens", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.TokenConfig"), - }, - }, - "templates": { - SchemaProps: spec.SchemaProps{ - Description: "templates allow you to customize pages like the login page.", - Ref: ref("github.com/openshift/api/legacyconfig/v1.OAuthTemplates"), - }, - }, }, - Required: []string{"masterCA", "masterURL", "masterPublicURL", "assetPublicURL", "alwaysShowProviderSelection", "identityProviders", "grantConfig", "sessionConfig", "tokenConfig", "templates"}, + Required: []string{"apiLevels", "disabledAPIGroupVersions", "masterIP", "masterEndpointReconcileTTL", "servicesSubnet", "servicesNodePortRange", "schedulerConfigFile", "podEvictionTimeout", "proxyClientInfo", "apiServerArguments", "controllerArguments", "schedulerArguments"}, }, }, Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.GrantConfig", "github.com/openshift/api/legacyconfig/v1.IdentityProvider", "github.com/openshift/api/legacyconfig/v1.OAuthTemplates", "github.com/openshift/api/legacyconfig/v1.SessionConfig", "github.com/openshift/api/legacyconfig/v1.TokenConfig"}, - } -} - -func schema_openshift_api_legacyconfig_v1_OAuthTemplates(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "OAuthTemplates allow for customization of pages like the login page", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "login": { - SchemaProps: spec.SchemaProps{ - Description: "login is a path to a file containing a go template used to render the login page. If unspecified, the default login page is used.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "providerSelection": { - SchemaProps: spec.SchemaProps{ - Description: "providerSelection is a path to a file containing a go template used to render the provider selection page. If unspecified, the default provider selection page is used.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "error": { - SchemaProps: spec.SchemaProps{ - Description: "error is a path to a file containing a go template used to render error pages during the authentication or grant flow If unspecified, the default error page is used.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - Required: []string{"login", "providerSelection", "error"}, - }, - }, + "github.com/openshift/api/legacyconfig/v1.CertInfo"}, } } -func schema_openshift_api_legacyconfig_v1_OpenIDClaims(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_LDAPAttributeMapping(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider", + Description: "LDAPAttributeMapping maps LDAP attributes to OpenShift identity fields", Type: []string{"object"}, Properties: map[string]spec.Schema{ "id": { SchemaProps: spec.SchemaProps{ - Description: "id is the list of claims whose values should be used as the user ID. Required. OpenID standard identity claim is \"sub\"", + Description: "id is the list of attributes whose values should be used as the user ID. Required. LDAP standard identity attribute is \"dn\"", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -36130,7 +36204,7 @@ func schema_openshift_api_legacyconfig_v1_OpenIDClaims(ref common.ReferenceCallb }, "preferredUsername": { SchemaProps: spec.SchemaProps{ - Description: "preferredUsername is the list of claims whose values should be used as the preferred username. If unspecified, the preferred username is determined from the value of the id claim", + Description: "preferredUsername is the list of attributes whose values should be used as the preferred username. LDAP standard login attribute is \"uid\"", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -36145,7 +36219,7 @@ func schema_openshift_api_legacyconfig_v1_OpenIDClaims(ref common.ReferenceCallb }, "name": { SchemaProps: spec.SchemaProps{ - Description: "name is the list of claims whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity", + Description: "name is the list of attributes whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity LDAP standard display name attribute is \"cn\"", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -36160,7 +36234,7 @@ func schema_openshift_api_legacyconfig_v1_OpenIDClaims(ref common.ReferenceCallb }, "email": { SchemaProps: spec.SchemaProps{ - Description: "email is the list of claims whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", + Description: "email is the list of attributes whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -36180,11 +36254,11 @@ func schema_openshift_api_legacyconfig_v1_OpenIDClaims(ref common.ReferenceCallb } } -func schema_openshift_api_legacyconfig_v1_OpenIDIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_LDAPPasswordIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -36201,244 +36275,365 @@ func schema_openshift_api_legacyconfig_v1_OpenIDIdentityProvider(ref common.Refe Format: "", }, }, - "ca": { + "url": { SchemaProps: spec.SchemaProps{ - Description: "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", + Description: "url is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is\n ldap://host:port/basedn?attribute?scope?filter", Default: "", Type: []string{"string"}, Format: "", }, }, - "clientID": { + "bindDN": { SchemaProps: spec.SchemaProps{ - Description: "clientID is the oauth client ID", + Description: "bindDN is an optional DN to bind with during the search phase.", Default: "", Type: []string{"string"}, Format: "", }, }, - "clientSecret": { + "bindPassword": { SchemaProps: spec.SchemaProps{ - Description: "clientSecret is the oauth client secret", + Description: "bindPassword is an optional password to bind with during the search phase.", Ref: ref("github.com/openshift/api/legacyconfig/v1.StringSource"), }, }, - "extraScopes": { - SchemaProps: spec.SchemaProps{ - Description: "extraScopes are any scopes to request in addition to the standard \"openid\" scope.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "extraAuthorizeParameters": { + "insecure": { SchemaProps: spec.SchemaProps{ - Description: "extraAuthorizeParameters are any custom parameters to add to the authorize request.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "Insecure, if true, indicates the connection should not use TLS. Cannot be set to true with a URL scheme of \"ldaps://\" If false, \"ldaps://\" URLs connect using TLS, and \"ldap://\" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830", + Default: false, + Type: []string{"boolean"}, + Format: "", }, }, - "urls": { + "ca": { SchemaProps: spec.SchemaProps{ - Description: "urls to use to authenticate", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.OpenIDURLs"), + Description: "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "claims": { + "attributes": { SchemaProps: spec.SchemaProps{ - Description: "claims mappings", + Description: "attributes maps LDAP attributes to identities", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.OpenIDClaims"), + Ref: ref("github.com/openshift/api/legacyconfig/v1.LDAPAttributeMapping"), }, }, }, - Required: []string{"ca", "clientID", "clientSecret", "extraScopes", "extraAuthorizeParameters", "urls", "claims"}, + Required: []string{"url", "bindDN", "bindPassword", "insecure", "ca", "attributes"}, }, }, Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.OpenIDClaims", "github.com/openshift/api/legacyconfig/v1.OpenIDURLs", "github.com/openshift/api/legacyconfig/v1.StringSource"}, + "github.com/openshift/api/legacyconfig/v1.LDAPAttributeMapping", "github.com/openshift/api/legacyconfig/v1.StringSource"}, } } -func schema_openshift_api_legacyconfig_v1_OpenIDURLs(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_LDAPQuery(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "OpenIDURLs are URLs to use when authenticating with an OpenID identity provider", + Description: "LDAPQuery holds the options necessary to build an LDAP query", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "authorize": { + "baseDN": { SchemaProps: spec.SchemaProps{ - Description: "authorize is the oauth authorization URL", + Description: "The DN of the branch of the directory where all searches should start from", Default: "", Type: []string{"string"}, Format: "", }, }, - "token": { + "scope": { SchemaProps: spec.SchemaProps{ - Description: "token is the oauth token granting URL", + Description: "The (optional) scope of the search. Can be: base: only the base object, one: all object on the base level, sub: the entire subtree Defaults to the entire subtree if not set", Default: "", Type: []string{"string"}, Format: "", }, }, - "userInfo": { + "derefAliases": { SchemaProps: spec.SchemaProps{ - Description: "userInfo is the optional userinfo URL. If present, a granted access_token is used to request claims If empty, a granted id_token is parsed for claims", + Description: "The (optional) behavior of the search with regards to alisases. Can be: never: never dereference aliases, search: only dereference in searching, base: only dereference in finding the base object, always: always dereference Defaults to always dereferencing if not set", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "timeout": { + SchemaProps: spec.SchemaProps{ + Description: "TimeLimit holds the limit of time in seconds that any request to the server can remain outstanding before the wait for a response is given up. If this is 0, no client-side limit is imposed", + Default: 0, + Type: []string{"integer"}, + Format: "int32", + }, + }, + "filter": { + SchemaProps: spec.SchemaProps{ + Description: "filter is a valid LDAP search filter that retrieves all relevant entries from the LDAP server with the base DN", Default: "", Type: []string{"string"}, Format: "", }, }, + "pageSize": { + SchemaProps: spec.SchemaProps{ + Description: "pageSize is the maximum preferred page size, measured in LDAP entries. A page size of 0 means no paging will be done.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", + }, + }, }, - Required: []string{"authorize", "token", "userInfo"}, + Required: []string{"baseDN", "scope", "derefAliases", "timeout", "filter", "pageSize"}, }, }, } } -func schema_openshift_api_legacyconfig_v1_PodManifestConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_LDAPSyncConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PodManifestConfig holds the necessary configuration options for using pod manifests", + Description: "LDAPSyncConfig holds the necessary configuration options to define an LDAP group sync\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "path": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "path specifies the path for the pod manifest file or directory If its a directory, its expected to contain on or more manifest files This is used by the Kubelet to create pods on the node", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "url": { + SchemaProps: spec.SchemaProps{ + Description: "Host is the scheme, host and port of the LDAP server to connect to: scheme://host:port", Default: "", Type: []string{"string"}, Format: "", }, }, - "fileCheckIntervalSeconds": { + "bindDN": { SchemaProps: spec.SchemaProps{ - Description: "fileCheckIntervalSeconds is the interval in seconds for checking the manifest file(s) for new data The interval needs to be a positive value", - Default: 0, - Type: []string{"integer"}, - Format: "int64", + Description: "bindDN is an optional DN to bind to the LDAP server with", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "bindPassword": { + SchemaProps: spec.SchemaProps{ + Description: "bindPassword is an optional password to bind with during the search phase.", + Ref: ref("github.com/openshift/api/legacyconfig/v1.StringSource"), + }, + }, + "insecure": { + SchemaProps: spec.SchemaProps{ + Description: "Insecure, if true, indicates the connection should not use TLS. Cannot be set to true with a URL scheme of \"ldaps://\" If false, \"ldaps://\" URLs connect using TLS, and \"ldap://\" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830", + Default: false, + Type: []string{"boolean"}, + Format: "", + }, + }, + "ca": { + SchemaProps: spec.SchemaProps{ + Description: "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "groupUIDNameMapping": { + SchemaProps: spec.SchemaProps{ + Description: "LDAPGroupUIDToOpenShiftGroupNameMapping is an optional direct mapping of LDAP group UIDs to OpenShift Group names", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "rfc2307": { + SchemaProps: spec.SchemaProps{ + Description: "RFC2307Config holds the configuration for extracting data from an LDAP server set up in a fashion similar to RFC2307: first-class group and user entries, with group membership determined by a multi-valued attribute on the group entry listing its members", + Ref: ref("github.com/openshift/api/legacyconfig/v1.RFC2307Config"), + }, + }, + "activeDirectory": { + SchemaProps: spec.SchemaProps{ + Description: "ActiveDirectoryConfig holds the configuration for extracting data from an LDAP server set up in a fashion similar to that used in Active Directory: first-class user entries, with group membership determined by a multi-valued attribute on members listing groups they are a member of", + Ref: ref("github.com/openshift/api/legacyconfig/v1.ActiveDirectoryConfig"), + }, + }, + "augmentedActiveDirectory": { + SchemaProps: spec.SchemaProps{ + Description: "AugmentedActiveDirectoryConfig holds the configuration for extracting data from an LDAP server set up in a fashion similar to that used in Active Directory as described above, with one addition: first-class group entries exist and are used to hold metadata but not group membership", + Ref: ref("github.com/openshift/api/legacyconfig/v1.AugmentedActiveDirectoryConfig"), }, }, }, - Required: []string{"path", "fileCheckIntervalSeconds"}, + Required: []string{"url", "bindDN", "bindPassword", "insecure", "ca", "groupUIDNameMapping"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/legacyconfig/v1.ActiveDirectoryConfig", "github.com/openshift/api/legacyconfig/v1.AugmentedActiveDirectoryConfig", "github.com/openshift/api/legacyconfig/v1.RFC2307Config", "github.com/openshift/api/legacyconfig/v1.StringSource"}, } } -func schema_openshift_api_legacyconfig_v1_PolicyConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_LocalQuota(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "holds the necessary configuration options for", + Description: "LocalQuota contains options for controlling local volume quota on the node.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "userAgentMatchingConfig": { + "perFSGroup": { SchemaProps: spec.SchemaProps{ - Description: "userAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.UserAgentMatchingConfig"), + Description: "FSGroup can be specified to enable a quota on local storage use per unique FSGroup ID. At present this is only implemented for emptyDir volumes, and if the underlying volumeDirectory is on an XFS filesystem.", + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, }, - Required: []string{"userAgentMatchingConfig"}, + Required: []string{"perFSGroup"}, }, }, Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.UserAgentMatchingConfig"}, + resource.Quantity{}.OpenAPIModelName()}, } } -func schema_openshift_api_legacyconfig_v1_ProjectConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_MasterAuthConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "holds the necessary configuration options for", + Description: "MasterAuthConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "defaultNodeSelector": { + "requestHeader": { SchemaProps: spec.SchemaProps{ - Description: "defaultNodeSelector holds default project node label selector", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "requestHeader holds options for setting up a front proxy against the API. It is optional.", + Ref: ref("github.com/openshift/api/legacyconfig/v1.RequestHeaderAuthenticationOptions"), }, }, - "projectRequestMessage": { + "webhookTokenAuthenticators": { SchemaProps: spec.SchemaProps{ - Description: "projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint", + Description: "WebhookTokenAuthnConfig, if present configures remote token reviewers", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.WebhookTokenAuthenticator"), + }, + }, + }, + }, + }, + "oauthMetadataFile": { + SchemaProps: spec.SchemaProps{ + Description: "oauthMetadataFile is a path to a file containing the discovery endpoint for OAuth 2.0 Authorization Server Metadata for an external OAuth server. See IETF Draft: // https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This option is mutually exclusive with OAuthConfig", Default: "", Type: []string{"string"}, Format: "", }, }, - "projectRequestTemplate": { + }, + Required: []string{"requestHeader", "webhookTokenAuthenticators", "oauthMetadataFile"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/legacyconfig/v1.RequestHeaderAuthenticationOptions", "github.com/openshift/api/legacyconfig/v1.WebhookTokenAuthenticator"}, + } +} + +func schema_openshift_api_legacyconfig_v1_MasterClients(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "MasterClients holds references to `.kubeconfig` files that qualify master clients for OpenShift and Kubernetes", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "openshiftLoopbackKubeConfig": { SchemaProps: spec.SchemaProps{ - Description: "projectRequestTemplate is the template to use for creating projects in response to projectrequest. It is in the format namespace/template and it is optional. If it is not specified, a default template is used.", + Description: "openshiftLoopbackKubeConfig is a .kubeconfig filename for system components to loopback to this master", Default: "", Type: []string{"string"}, Format: "", }, }, - "securityAllocator": { + "openshiftLoopbackClientConnectionOverrides": { SchemaProps: spec.SchemaProps{ - Description: "securityAllocator controls the automatic allocation of UIDs and MCS labels to a project. If nil, allocation is disabled.", - Ref: ref("github.com/openshift/api/legacyconfig/v1.SecurityAllocator"), + Description: "openshiftLoopbackClientConnectionOverrides specifies client overrides for system components to loop back to this master.", + Ref: ref("github.com/openshift/api/legacyconfig/v1.ClientConnectionOverrides"), }, }, }, - Required: []string{"defaultNodeSelector", "projectRequestMessage", "projectRequestTemplate", "securityAllocator"}, + Required: []string{"openshiftLoopbackKubeConfig", "openshiftLoopbackClientConnectionOverrides"}, }, }, Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.SecurityAllocator"}, + "github.com/openshift/api/legacyconfig/v1.ClientConnectionOverrides"}, } } -func schema_openshift_api_legacyconfig_v1_RFC2307Config(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_MasterConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "RFC2307Config holds the necessary configuration options to define how an LDAP group sync interacts with an LDAP server using the RFC2307 schema", + Description: "MasterConfig holds the necessary configuration options for the OpenShift master\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "groupsQuery": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "AllGroupsQuery holds the template for an LDAP query that returns group entries.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.LDAPQuery"), + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", }, }, - "groupUIDAttribute": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "GroupUIDAttributes defines which attribute on an LDAP group entry will be interpreted as its unique identifier. (ldapGroupUID)", - Default: "", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - "groupNameAttributes": { + "servingInfo": { SchemaProps: spec.SchemaProps{ - Description: "groupNameAttributes defines which attributes on an LDAP group entry will be interpreted as its name to use for an OpenShift group", + Description: "servingInfo describes how to start serving", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.HTTPServingInfo"), + }, + }, + "authConfig": { + SchemaProps: spec.SchemaProps{ + Description: "authConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.MasterAuthConfig"), + }, + }, + "aggregatorConfig": { + SchemaProps: spec.SchemaProps{ + Description: "aggregatorConfig has options for configuring the aggregator component of the API server.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.AggregatorConfig"), + }, + }, + "corsAllowedOrigins": { + SchemaProps: spec.SchemaProps{ + Description: "CORSAllowedOrigins", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -36451,9 +36646,9 @@ func schema_openshift_api_legacyconfig_v1_RFC2307Config(ref common.ReferenceCall }, }, }, - "groupMembershipAttributes": { + "apiLevels": { SchemaProps: spec.SchemaProps{ - Description: "groupMembershipAttributes defines which attributes on an LDAP group entry will be interpreted as its members. The values contained in those attributes must be queryable by your UserUIDAttribute", + Description: "apiLevels is a list of API levels that should be enabled on startup: v1 as examples", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -36466,326 +36661,222 @@ func schema_openshift_api_legacyconfig_v1_RFC2307Config(ref common.ReferenceCall }, }, }, - "usersQuery": { + "masterPublicURL": { SchemaProps: spec.SchemaProps{ - Description: "AllUsersQuery holds the template for an LDAP query that returns user entries.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.LDAPQuery"), + Description: "masterPublicURL is how clients can access the OpenShift API server", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "userUIDAttribute": { + "controllers": { SchemaProps: spec.SchemaProps{ - Description: "userUIDAttribute defines which attribute on an LDAP user entry will be interpreted as its unique identifier. It must correspond to values that will be found from the GroupMembershipAttributes", + Description: "controllers is a list of the controllers that should be started. If set to \"none\", no controllers will start automatically. The default value is \"*\" which will start all controllers. When using \"*\", you may exclude controllers by prepending a \"-\" in front of their name. No other values are recognized at this time.", Default: "", Type: []string{"string"}, Format: "", }, }, - "userNameAttributes": { + "admissionConfig": { SchemaProps: spec.SchemaProps{ - Description: "userNameAttributes defines which attributes on an LDAP user entry will be used, in order, as its OpenShift user name. The first attribute with a non-empty value is used. This should match your PreferredUsername setting for your LDAPPasswordIdentityProvider", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "admissionConfig contains admission control plugin configuration.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.AdmissionConfig"), }, }, - "tolerateMemberNotFoundErrors": { + "controllerConfig": { SchemaProps: spec.SchemaProps{ - Description: "tolerateMemberNotFoundErrors determines the behavior of the LDAP sync job when missing user entries are encountered. If 'true', an LDAP query for users that doesn't find any will be tolerated and an only and error will be logged. If 'false', the LDAP sync job will fail if a query for users doesn't find any. The default value is 'false'. Misconfigured LDAP sync jobs with this flag set to 'true' can cause group membership to be removed, so it is recommended to use this flag with caution.", - Default: false, - Type: []string{"boolean"}, - Format: "", + Description: "controllerConfig holds configuration values for controllers", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.ControllerConfig"), }, }, - "tolerateMemberOutOfScopeErrors": { + "etcdStorageConfig": { SchemaProps: spec.SchemaProps{ - Description: "tolerateMemberOutOfScopeErrors determines the behavior of the LDAP sync job when out-of-scope user entries are encountered. If 'true', an LDAP query for a user that falls outside of the base DN given for the all user query will be tolerated and only an error will be logged. If 'false', the LDAP sync job will fail if a user query would search outside of the base DN specified by the all user query. Misconfigured LDAP sync jobs with this flag set to 'true' can result in groups missing users, so it is recommended to use this flag with caution.", - Default: false, - Type: []string{"boolean"}, - Format: "", + Description: "etcdStorageConfig contains information about how API resources are stored in Etcd. These values are only relevant when etcd is the backing store for the cluster.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.EtcdStorageConfig"), }, }, - }, - Required: []string{"groupsQuery", "groupUIDAttribute", "groupNameAttributes", "groupMembershipAttributes", "usersQuery", "userUIDAttribute", "userNameAttributes", "tolerateMemberNotFoundErrors", "tolerateMemberOutOfScopeErrors"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.LDAPQuery"}, - } -} - -func schema_openshift_api_legacyconfig_v1_RegistryLocation(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "domainName": { + "etcdClientInfo": { SchemaProps: spec.SchemaProps{ - Description: "domainName specifies a domain name for the registry In case the registry use non-standard (80 or 443) port, the port should be included in the domain name as well.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "etcdClientInfo contains information about how to connect to etcd", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.EtcdConnectionInfo"), }, }, - "insecure": { + "kubeletClientInfo": { SchemaProps: spec.SchemaProps{ - Description: "insecure indicates whether the registry is secure (https) or insecure (http) By default (if not specified) the registry is assumed as secure.", - Type: []string{"boolean"}, - Format: "", + Description: "kubeletClientInfo contains information about how to connect to kubelets", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.KubeletConnectionInfo"), }, }, - }, - Required: []string{"domainName"}, - }, - }, - } -} - -func schema_openshift_api_legacyconfig_v1_RemoteConnectionInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "RemoteConnectionInfo holds information necessary for establishing a remote connection", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "url": { + "kubernetesMasterConfig": { SchemaProps: spec.SchemaProps{ - Description: "url is the remote URL to connect to", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "KubernetesMasterConfig, if present start the kubernetes master in this process", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.KubernetesMasterConfig"), }, }, - "ca": { + "etcdConfig": { SchemaProps: spec.SchemaProps{ - Description: "ca is the CA for verifying TLS connections", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "EtcdConfig, if present start etcd in this process", + Ref: ref("github.com/openshift/api/legacyconfig/v1.EtcdConfig"), }, }, - "certFile": { + "oauthConfig": { SchemaProps: spec.SchemaProps{ - Description: "certFile is a file containing a PEM-encoded certificate", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "OAuthConfig, if present start the /oauth endpoint in this process", + Ref: ref("github.com/openshift/api/legacyconfig/v1.OAuthConfig"), }, }, - "keyFile": { + "dnsConfig": { SchemaProps: spec.SchemaProps{ - Description: "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "DNSConfig, if present start the DNS server in this process", + Ref: ref("github.com/openshift/api/legacyconfig/v1.DNSConfig"), }, }, - }, - Required: []string{"url", "ca", "certFile", "keyFile"}, - }, - }, - } -} - -func schema_openshift_api_legacyconfig_v1_RequestHeaderAuthenticationOptions(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "RequestHeaderAuthenticationOptions provides options for setting up a front proxy against the entire API instead of against the /oauth endpoint.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "clientCA": { + "serviceAccountConfig": { + SchemaProps: spec.SchemaProps{ + Description: "serviceAccountConfig holds options related to service accounts", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.ServiceAccountConfig"), + }, + }, + "masterClients": { + SchemaProps: spec.SchemaProps{ + Description: "masterClients holds all the client connection information for controllers and other system components", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.MasterClients"), + }, + }, + "imageConfig": { + SchemaProps: spec.SchemaProps{ + Description: "imageConfig holds options that describe how to build image names for system components", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.ImageConfig"), + }, + }, + "imagePolicyConfig": { + SchemaProps: spec.SchemaProps{ + Description: "imagePolicyConfig controls limits and behavior for importing images", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.ImagePolicyConfig"), + }, + }, + "policyConfig": { + SchemaProps: spec.SchemaProps{ + Description: "policyConfig holds information about where to locate critical pieces of bootstrapping policy", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.PolicyConfig"), + }, + }, + "projectConfig": { + SchemaProps: spec.SchemaProps{ + Description: "projectConfig holds information about project creation and defaults", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.ProjectConfig"), + }, + }, + "routingConfig": { SchemaProps: spec.SchemaProps{ - Description: "clientCA is a file with the trusted signer certs. It is required.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "routingConfig holds information about routing and route generation", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.RoutingConfig"), }, }, - "clientCommonNames": { + "networkConfig": { SchemaProps: spec.SchemaProps{ - Description: "clientCommonNames is a required list of common names to require a match from.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "networkConfig to be passed to the compiled in network plugin", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.MasterNetworkConfig"), }, }, - "usernameHeaders": { + "volumeConfig": { SchemaProps: spec.SchemaProps{ - Description: "usernameHeaders is the list of headers to check for user information. First hit wins.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "MasterVolumeConfig contains options for configuring volume plugins in the master node.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.MasterVolumeConfig"), }, }, - "groupHeaders": { + "jenkinsPipelineConfig": { SchemaProps: spec.SchemaProps{ - Description: "GroupNameHeader is the set of headers to check for group information. All are unioned.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "jenkinsPipelineConfig holds information about the default Jenkins template used for JenkinsPipeline build strategy.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.JenkinsPipelineConfig"), }, }, - "extraHeaderPrefixes": { + "auditConfig": { SchemaProps: spec.SchemaProps{ - Description: "extraHeaderPrefixes is the set of request header prefixes to inspect for user extra. X-Remote-Extra- is suggested.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "auditConfig holds information related to auditing capabilities.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.AuditConfig"), }, }, }, - Required: []string{"clientCA", "clientCommonNames", "usernameHeaders", "groupHeaders", "extraHeaderPrefixes"}, + Required: []string{"servingInfo", "authConfig", "aggregatorConfig", "corsAllowedOrigins", "apiLevels", "masterPublicURL", "controllers", "admissionConfig", "controllerConfig", "etcdStorageConfig", "etcdClientInfo", "kubeletClientInfo", "kubernetesMasterConfig", "etcdConfig", "oauthConfig", "dnsConfig", "serviceAccountConfig", "masterClients", "imageConfig", "imagePolicyConfig", "policyConfig", "projectConfig", "routingConfig", "networkConfig", "volumeConfig", "jenkinsPipelineConfig", "auditConfig"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/legacyconfig/v1.AdmissionConfig", "github.com/openshift/api/legacyconfig/v1.AggregatorConfig", "github.com/openshift/api/legacyconfig/v1.AuditConfig", "github.com/openshift/api/legacyconfig/v1.ControllerConfig", "github.com/openshift/api/legacyconfig/v1.DNSConfig", "github.com/openshift/api/legacyconfig/v1.EtcdConfig", "github.com/openshift/api/legacyconfig/v1.EtcdConnectionInfo", "github.com/openshift/api/legacyconfig/v1.EtcdStorageConfig", "github.com/openshift/api/legacyconfig/v1.HTTPServingInfo", "github.com/openshift/api/legacyconfig/v1.ImageConfig", "github.com/openshift/api/legacyconfig/v1.ImagePolicyConfig", "github.com/openshift/api/legacyconfig/v1.JenkinsPipelineConfig", "github.com/openshift/api/legacyconfig/v1.KubeletConnectionInfo", "github.com/openshift/api/legacyconfig/v1.KubernetesMasterConfig", "github.com/openshift/api/legacyconfig/v1.MasterAuthConfig", "github.com/openshift/api/legacyconfig/v1.MasterClients", "github.com/openshift/api/legacyconfig/v1.MasterNetworkConfig", "github.com/openshift/api/legacyconfig/v1.MasterVolumeConfig", "github.com/openshift/api/legacyconfig/v1.OAuthConfig", "github.com/openshift/api/legacyconfig/v1.PolicyConfig", "github.com/openshift/api/legacyconfig/v1.ProjectConfig", "github.com/openshift/api/legacyconfig/v1.RoutingConfig", "github.com/openshift/api/legacyconfig/v1.ServiceAccountConfig"}, } } -func schema_openshift_api_legacyconfig_v1_RequestHeaderIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_MasterNetworkConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "MasterNetworkConfig to be passed to the compiled in network plugin", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "loginURL": { - SchemaProps: spec.SchemaProps{ - Description: "loginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "challengeURL": { + "networkPluginName": { SchemaProps: spec.SchemaProps{ - Description: "challengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}", + Description: "networkPluginName is the name of the network plugin to use", Default: "", Type: []string{"string"}, Format: "", }, }, - "clientCA": { + "clusterNetworkCIDR": { SchemaProps: spec.SchemaProps{ - Description: "clientCA is a file with the trusted signer certs. If empty, no request verification is done, and any direct request to the OAuth server can impersonate any identity from this provider, merely by setting a request header.", - Default: "", + Description: "clusterNetworkCIDR is the CIDR string to specify the global overlay network's L3 space. Deprecated, but maintained for backwards compatibility, use ClusterNetworks instead.", Type: []string{"string"}, Format: "", }, }, - "clientCommonNames": { - SchemaProps: spec.SchemaProps{ - Description: "clientCommonNames is an optional list of common names to require a match from. If empty, any client certificate validated against the clientCA bundle is considered authoritative.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "headers": { + "clusterNetworks": { SchemaProps: spec.SchemaProps{ - Description: "headers is the set of headers to check for identity information", + Description: "clusterNetworks is a list of ClusterNetwork objects that defines the global overlay network's L3 space by specifying a set of CIDR and netmasks that the SDN can allocate addressed from. If this is specified, then ClusterNetworkCIDR and HostSubnetLength may not be set.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.ClusterNetworkEntry"), }, }, }, }, }, - "preferredUsernameHeaders": { + "hostSubnetLength": { SchemaProps: spec.SchemaProps{ - Description: "preferredUsernameHeaders is the set of headers to check for the preferred username", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "hostSubnetLength is the number of bits to allocate to each host's subnet e.g. 8 would mean a /24 network on the host. Deprecated, but maintained for backwards compatibility, use ClusterNetworks instead.", + Type: []string{"integer"}, + Format: "int64", }, }, - "nameHeaders": { + "serviceNetworkCIDR": { SchemaProps: spec.SchemaProps{ - Description: "nameHeaders is the set of headers to check for the display name", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "ServiceNetwork is the CIDR string to specify the service networks", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "emailHeaders": { + "externalIPNetworkCIDRs": { SchemaProps: spec.SchemaProps{ - Description: "emailHeaders is the set of headers to check for the email address", + Description: "externalIPNetworkCIDRs controls what values are acceptable for the service external IP field. If empty, no externalIP may be set. It may contain a list of CIDRs which are checked for access. If a CIDR is prefixed with !, IPs in that CIDR will be rejected. Rejections will be applied first, then the IP checked against one of the allowed CIDRs. You should ensure this range does not overlap with your nodes, pods, or service CIDRs for security reasons.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -36798,83 +36889,61 @@ func schema_openshift_api_legacyconfig_v1_RequestHeaderIdentityProvider(ref comm }, }, }, - }, - Required: []string{"loginURL", "challengeURL", "clientCA", "clientCommonNames", "headers", "preferredUsernameHeaders", "nameHeaders", "emailHeaders"}, - }, - }, - } -} - -func schema_openshift_api_legacyconfig_v1_RoutingConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "RoutingConfig holds the necessary configuration options for routing to subdomains", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "subdomain": { + "ingressIPNetworkCIDR": { SchemaProps: spec.SchemaProps{ - Description: "subdomain is the suffix appended to $service.$namespace. to form the default route hostname DEPRECATED: This field is being replaced by routers setting their own defaults. This is the \"default\" route.", + Description: "ingressIPNetworkCIDR controls the range to assign ingress ips from for services of type LoadBalancer on bare metal. If empty, ingress ips will not be assigned. It may contain a single CIDR that will be allocated from. For security reasons, you should ensure that this range does not overlap with the CIDRs reserved for external ips, nodes, pods, or services.", Default: "", Type: []string{"string"}, Format: "", }, }, + "vxlanPort": { + SchemaProps: spec.SchemaProps{ + Description: "vxlanPort is the VXLAN port used by the cluster defaults. If it is not set, 4789 is the default value", + Type: []string{"integer"}, + Format: "int64", + }, + }, }, - Required: []string{"subdomain"}, + Required: []string{"networkPluginName", "clusterNetworks", "serviceNetworkCIDR", "externalIPNetworkCIDRs", "ingressIPNetworkCIDR"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/legacyconfig/v1.ClusterNetworkEntry"}, } } -func schema_openshift_api_legacyconfig_v1_SecurityAllocator(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_MasterVolumeConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "SecurityAllocator controls the automatic allocation of UIDs and MCS labels to a project. If nil, allocation is disabled.", + Description: "MasterVolumeConfig contains options for configuring volume plugins in the master node.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "uidAllocatorRange": { - SchemaProps: spec.SchemaProps{ - Description: "uidAllocatorRange defines the total set of Unix user IDs (UIDs) that will be allocated to projects automatically, and the size of the block each namespace gets. For example, 1000-1999/10 will allocate ten UIDs per namespace, and will be able to allocate up to 100 blocks before running out of space. The default is to allocate from 1 billion to 2 billion in 10k blocks (which is the expected size of the ranges container images will use once user namespaces are started).", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "mcsAllocatorRange": { + "dynamicProvisioningEnabled": { SchemaProps: spec.SchemaProps{ - Description: "mcsAllocatorRange defines the range of MCS categories that will be assigned to namespaces. The format is \"/[,]\". The default is \"s0/2\" and will allocate from c0 -> c1023, which means a total of 535k labels are available (1024 choose 2 ~ 535k). If this value is changed after startup, new projects may receive labels that are already allocated to other projects. Prefix may be any valid SELinux set of terms (including user, role, and type), although leaving them as the default will allow the server to set them automatically.\n\nExamples: * s0:/2 - Allocate labels from s0:c0,c0 to s0:c511,c511 * s0:/2,512 - Allocate labels from s0:c0,c0,c0 to s0:c511,c511,511", - Default: "", - Type: []string{"string"}, + Description: "dynamicProvisioningEnabled is a boolean that toggles dynamic provisioning off when false, defaults to true", + Type: []string{"boolean"}, Format: "", }, }, - "mcsLabelsPerProject": { - SchemaProps: spec.SchemaProps{ - Description: "mcsLabelsPerProject defines the number of labels that should be reserved per project. The default is 5 to match the default UID and MCS ranges (100k namespaces, 535k/5 labels).", - Default: 0, - Type: []string{"integer"}, - Format: "int32", - }, - }, }, - Required: []string{"uidAllocatorRange", "mcsAllocatorRange", "mcsLabelsPerProject"}, + Required: []string{"dynamicProvisioningEnabled"}, }, }, } } -func schema_openshift_api_legacyconfig_v1_ServiceAccountConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_NamedCertificate(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ServiceAccountConfig holds the necessary configuration options for a service account", + Description: "NamedCertificate specifies a certificate/key, and the names it should be served for", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "managedNames": { + "names": { SchemaProps: spec.SchemaProps{ - Description: "managedNames is a list of service account names that will be auto-created in every namespace. If no names are specified, the ServiceAccountsController will not be started.", + Description: "names is a list of DNS names this certificate should be used to secure A name can be a normal DNS name, or can contain leading wildcard segments.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -36887,145 +36956,160 @@ func schema_openshift_api_legacyconfig_v1_ServiceAccountConfig(ref common.Refere }, }, }, - "limitSecretReferences": { - SchemaProps: spec.SchemaProps{ - Description: "limitSecretReferences controls whether or not to allow a service account to reference any secret in a namespace without explicitly referencing them", - Default: false, - Type: []string{"boolean"}, - Format: "", - }, - }, - "privateKeyFile": { + "certFile": { SchemaProps: spec.SchemaProps{ - Description: "privateKeyFile is a file containing a PEM-encoded private RSA key, used to sign service account tokens. If no private key is specified, the service account TokensController will not be started.", + Description: "certFile is a file containing a PEM-encoded certificate", Default: "", Type: []string{"string"}, Format: "", }, }, - "publicKeyFiles": { - SchemaProps: spec.SchemaProps{ - Description: "publicKeyFiles is a list of files, each containing a PEM-encoded public RSA key. (If any file contains a private key, the public portion of the key is used) The list of public keys is used to verify presented service account tokens. Each key is tried in order until the list is exhausted or verification succeeds. If no keys are specified, no service account authentication will be available.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "masterCA": { + "keyFile": { SchemaProps: spec.SchemaProps{ - Description: "masterCA is the CA for verifying the TLS connection back to the master. The service account controller will automatically inject the contents of this file into pods so they can verify connections to the master.", + Description: "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"managedNames", "limitSecretReferences", "privateKeyFile", "publicKeyFiles", "masterCA"}, + Required: []string{"names", "certFile", "keyFile"}, }, }, } } -func schema_openshift_api_legacyconfig_v1_ServiceServingCert(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_NodeAuthConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ServiceServingCert holds configuration for service serving cert signer which creates cert/key pairs for pods fulfilling a service to serve with.", + Description: "NodeAuthConfig holds authn/authz configuration options", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "signer": { + "authenticationCacheTTL": { SchemaProps: spec.SchemaProps{ - Description: "signer holds the signing information used to automatically sign serving certificates. If this value is nil, then certs are not signed automatically.", - Ref: ref("github.com/openshift/api/legacyconfig/v1.CertInfo"), + Description: "authenticationCacheTTL indicates how long an authentication result should be cached. It takes a valid time duration string (e.g. \"5m\"). If empty, you get the default timeout. If zero (e.g. \"0m\"), caching is disabled", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "authenticationCacheSize": { + SchemaProps: spec.SchemaProps{ + Description: "authenticationCacheSize indicates how many authentication results should be cached. If 0, the default cache size is used.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", + }, + }, + "authorizationCacheTTL": { + SchemaProps: spec.SchemaProps{ + Description: "authorizationCacheTTL indicates how long an authorization result should be cached. It takes a valid time duration string (e.g. \"5m\"). If empty, you get the default timeout. If zero (e.g. \"0m\"), caching is disabled", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "authorizationCacheSize": { + SchemaProps: spec.SchemaProps{ + Description: "authorizationCacheSize indicates how many authorization results should be cached. If 0, the default cache size is used.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, }, - Required: []string{"signer"}, + Required: []string{"authenticationCacheTTL", "authenticationCacheSize", "authorizationCacheTTL", "authorizationCacheSize"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.CertInfo"}, } } -func schema_openshift_api_legacyconfig_v1_ServingInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_NodeConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ServingInfo holds information about serving web pages", + Description: "NodeConfig is the fully specified config starting an OpenShift node\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "bindAddress": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "bindAddress is the ip:port to serve on", - Default: "", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "bindNetwork": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "bindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "nodeName": { + SchemaProps: spec.SchemaProps{ + Description: "nodeName is the value used to identify this particular node in the cluster. If possible, this should be your fully qualified hostname. If you're describing a set of static nodes to the master, this value must match one of the values in the list", Default: "", Type: []string{"string"}, Format: "", }, }, - "certFile": { + "nodeIP": { SchemaProps: spec.SchemaProps{ - Description: "certFile is a file containing a PEM-encoded certificate", + Description: "Node may have multiple IPs, specify the IP to use for pod traffic routing If not specified, network parse/lookup on the nodeName is performed and the first non-loopback address is used", Default: "", Type: []string{"string"}, Format: "", }, }, - "keyFile": { + "servingInfo": { SchemaProps: spec.SchemaProps{ - Description: "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + Description: "servingInfo describes how to start serving", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.ServingInfo"), + }, + }, + "masterKubeConfig": { + SchemaProps: spec.SchemaProps{ + Description: "masterKubeConfig is a filename for the .kubeconfig file that describes how to connect this node to the master", Default: "", Type: []string{"string"}, Format: "", }, }, - "clientCA": { + "masterClientConnectionOverrides": { SchemaProps: spec.SchemaProps{ - Description: "clientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates", + Description: "masterClientConnectionOverrides provides overrides to the client connection used to connect to the master.", + Ref: ref("github.com/openshift/api/legacyconfig/v1.ClientConnectionOverrides"), + }, + }, + "dnsDomain": { + SchemaProps: spec.SchemaProps{ + Description: "dnsDomain holds the domain suffix that will be used for the DNS search path inside each container. Defaults to 'cluster.local'.", Default: "", Type: []string{"string"}, Format: "", }, }, - "namedCertificates": { + "dnsIP": { SchemaProps: spec.SchemaProps{ - Description: "namedCertificates is a list of certificates to use to secure requests to specific hostnames", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.NamedCertificate"), - }, - }, - }, + Description: "dnsIP is the IP address that pods will use to access cluster DNS. Defaults to the service IP of the Kubernetes master. This IP must be listening on port 53 for compatibility with libc resolvers (which cannot be configured to resolve names from any other port). When running more complex local DNS configurations, this is often set to the local address of a DNS proxy like dnsmasq, which then will consult either the local DNS (see dnsBindAddress) or the master DNS.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "minTLSVersion": { + "dnsBindAddress": { SchemaProps: spec.SchemaProps{ - Description: "minTLSVersion is the minimum TLS version supported. Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants", + Description: "dnsBindAddress is the ip:port to serve DNS on. If this is not set, the DNS server will not be started. Because most DNS resolvers will only listen on port 53, if you select an alternative port you will need a DNS proxy like dnsmasq to answer queries for containers. A common configuration is dnsmasq configured on a node IP listening on 53 and delegating queries for dnsDomain to this process, while sending other queries to the host environments nameservers.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "cipherSuites": { + "dnsNameservers": { SchemaProps: spec.SchemaProps{ - Description: "cipherSuites contains an overridden list of ciphers for the server to support. Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants", + Description: "dnsNameservers is a list of ip:port values of recursive nameservers to forward queries to when running a local DNS server if dnsBindAddress is set. If this value is empty, the DNS server will default to the nameservers listed in /etc/resolv.conf. If you have configured dnsmasq or another DNS proxy on the system, this value should be set to the upstream nameservers dnsmasq resolves with.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -37038,294 +37122,359 @@ func schema_openshift_api_legacyconfig_v1_ServingInfo(ref common.ReferenceCallba }, }, }, - }, - Required: []string{"bindAddress", "bindNetwork", "certFile", "keyFile", "clientCA", "namedCertificates"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.NamedCertificate"}, - } -} - -func schema_openshift_api_legacyconfig_v1_SessionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "SessionConfig specifies options for cookie-based sessions. Used by AuthRequestHandlerSession", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "sessionSecretsFile": { + "dnsRecursiveResolvConf": { SchemaProps: spec.SchemaProps{ - Description: "sessionSecretsFile is a reference to a file containing a serialized SessionSecrets object If no file is specified, a random signing and encryption key are generated at each server start", + Description: "dnsRecursiveResolvConf is a path to a resolv.conf file that contains settings for an upstream server. Only the nameservers and port fields are used. The file must exist and parse correctly. It adds extra nameservers to DNSNameservers if set.", Default: "", Type: []string{"string"}, Format: "", }, }, - "sessionMaxAgeSeconds": { + "networkPluginName": { SchemaProps: spec.SchemaProps{ - Description: "sessionMaxAgeSeconds specifies how long created sessions last. Used by AuthRequestHandlerSession", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "Deprecated and maintained for backward compatibility, use NetworkConfig.NetworkPluginName instead", + Type: []string{"string"}, + Format: "", }, }, - "sessionName": { + "networkConfig": { SchemaProps: spec.SchemaProps{ - Description: "sessionName is the cookie name used to store the session", + Description: "networkConfig provides network options for the node", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.NodeNetworkConfig"), + }, + }, + "volumeDirectory": { + SchemaProps: spec.SchemaProps{ + Description: "volumeDirectory is the directory that volumes will be stored under", Default: "", Type: []string{"string"}, Format: "", }, }, - }, - Required: []string{"sessionSecretsFile", "sessionMaxAgeSeconds", "sessionName"}, - }, - }, - } -} - -func schema_openshift_api_legacyconfig_v1_SessionSecret(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "SessionSecret is a secret used to authenticate/decrypt cookie-based sessions", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "authentication": { + "imageConfig": { + SchemaProps: spec.SchemaProps{ + Description: "imageConfig holds options that describe how to build image names for system components", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.ImageConfig"), + }, + }, + "allowDisabledDocker": { + SchemaProps: spec.SchemaProps{ + Description: "allowDisabledDocker if true, the Kubelet will ignore errors from Docker. This means that a node can start on a machine that doesn't have docker started.", + Default: false, + Type: []string{"boolean"}, + Format: "", + }, + }, + "podManifestConfig": { + SchemaProps: spec.SchemaProps{ + Description: "podManifestConfig holds the configuration for enabling the Kubelet to create pods based from a manifest file(s) placed locally on the node", + Ref: ref("github.com/openshift/api/legacyconfig/v1.PodManifestConfig"), + }, + }, + "authConfig": { + SchemaProps: spec.SchemaProps{ + Description: "authConfig holds authn/authz configuration options", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.NodeAuthConfig"), + }, + }, + "dockerConfig": { + SchemaProps: spec.SchemaProps{ + Description: "dockerConfig holds Docker related configuration options.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.DockerConfig"), + }, + }, + "kubeletArguments": { + SchemaProps: spec.SchemaProps{ + Description: "kubeletArguments are key value pairs that will be passed directly to the Kubelet that match the Kubelet's command line arguments. These are not migrated or validated, so if you use them they may become invalid. These values override other settings in NodeConfig which may cause invalid configurations.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, + }, + }, + "proxyArguments": { + SchemaProps: spec.SchemaProps{ + Description: "proxyArguments are key value pairs that will be passed directly to the Proxy that match the Proxy's command line arguments. These are not migrated or validated, so if you use them they may become invalid. These values override other settings in NodeConfig which may cause invalid configurations.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, + }, + }, + "iptablesSyncPeriod": { SchemaProps: spec.SchemaProps{ - Description: "authentication is used to authenticate sessions using HMAC. Recommended to use a secret with 32 or 64 bytes.", + Description: "iptablesSyncPeriod is how often iptable rules are refreshed", Default: "", Type: []string{"string"}, Format: "", }, }, - "encryption": { + "enableUnidling": { SchemaProps: spec.SchemaProps{ - Description: "encryption is used to encrypt sessions. Must be 16, 24, or 32 characters long, to select AES-128, AES-", - Default: "", - Type: []string{"string"}, + Description: "enableUnidling controls whether or not the hybrid unidling proxy will be set up", + Type: []string{"boolean"}, Format: "", }, }, + "volumeConfig": { + SchemaProps: spec.SchemaProps{ + Description: "volumeConfig contains options for configuring volumes on the node.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.NodeVolumeConfig"), + }, + }, }, - Required: []string{"authentication", "encryption"}, + Required: []string{"nodeName", "nodeIP", "servingInfo", "masterKubeConfig", "masterClientConnectionOverrides", "dnsDomain", "dnsIP", "dnsBindAddress", "dnsNameservers", "dnsRecursiveResolvConf", "networkConfig", "volumeDirectory", "imageConfig", "allowDisabledDocker", "podManifestConfig", "authConfig", "dockerConfig", "iptablesSyncPeriod", "enableUnidling", "volumeConfig"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/legacyconfig/v1.ClientConnectionOverrides", "github.com/openshift/api/legacyconfig/v1.DockerConfig", "github.com/openshift/api/legacyconfig/v1.ImageConfig", "github.com/openshift/api/legacyconfig/v1.NodeAuthConfig", "github.com/openshift/api/legacyconfig/v1.NodeNetworkConfig", "github.com/openshift/api/legacyconfig/v1.NodeVolumeConfig", "github.com/openshift/api/legacyconfig/v1.PodManifestConfig", "github.com/openshift/api/legacyconfig/v1.ServingInfo"}, } } -func schema_openshift_api_legacyconfig_v1_SessionSecrets(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_NodeNetworkConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "SessionSecrets list the secrets to use to sign/encrypt and authenticate/decrypt created sessions.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "NodeNetworkConfig provides network options for the node", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { + "networkPluginName": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "networkPluginName is a string specifying the networking plugin", + Default: "", Type: []string{"string"}, Format: "", }, }, - "secrets": { + "mtu": { SchemaProps: spec.SchemaProps{ - Description: "secrets is a list of secrets New sessions are signed and encrypted using the first secret. Existing sessions are decrypted/authenticated by each secret until one succeeds. This allows rotating secrets.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.SessionSecret"), - }, - }, - }, + Description: "Maximum transmission unit for the network packets", + Default: 0, + Type: []string{"integer"}, + Format: "int64", }, }, }, - Required: []string{"secrets"}, + Required: []string{"networkPluginName", "mtu"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.SessionSecret"}, } } -func schema_openshift_api_legacyconfig_v1_SourceStrategyDefaultsConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_NodeVolumeConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "SourceStrategyDefaultsConfig contains values that apply to builds using the source strategy.", + Description: "NodeVolumeConfig contains options for configuring volumes on the node.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "incremental": { + "localQuota": { SchemaProps: spec.SchemaProps{ - Description: "incremental indicates if s2i build strategies should perform an incremental build or not", - Type: []string{"boolean"}, - Format: "", + Description: "localQuota contains options for controlling local volume quota on the node.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.LocalQuota"), }, }, }, + Required: []string{"localQuota"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/legacyconfig/v1.LocalQuota"}, } } -func schema_openshift_api_legacyconfig_v1_StringSource(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_OAuthConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "StringSource allows specifying a string inline, or externally via env var or file. When it contains only a string value, it marshals to a simple JSON string.", + Description: "OAuthConfig holds the necessary configuration options for OAuth authentication", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "value": { + "masterCA": { SchemaProps: spec.SchemaProps{ - Description: "value specifies the cleartext value, or an encrypted value if keyFile is specified.", - Default: "", + Description: "masterCA is the CA for verifying the TLS connection back to the MasterURL.", Type: []string{"string"}, Format: "", }, }, - "env": { + "masterURL": { SchemaProps: spec.SchemaProps{ - Description: "env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified.", + Description: "masterURL is used for making server-to-server calls to exchange authorization codes for access tokens", Default: "", Type: []string{"string"}, Format: "", }, }, - "file": { + "masterPublicURL": { SchemaProps: spec.SchemaProps{ - Description: "file references a file containing the cleartext value, or an encrypted value if a keyFile is specified.", + Description: "masterPublicURL is used for building valid client redirect URLs for internal and external access", Default: "", Type: []string{"string"}, Format: "", }, }, - "keyFile": { + "assetPublicURL": { SchemaProps: spec.SchemaProps{ - Description: "keyFile references a file containing the key to use to decrypt the value.", + Description: "assetPublicURL is used for building valid client redirect URLs for external access", Default: "", Type: []string{"string"}, Format: "", }, }, - }, - Required: []string{"value", "env", "file", "keyFile"}, - }, - }, - } -} - -func schema_openshift_api_legacyconfig_v1_StringSourceSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "StringSourceSpec specifies a string value, or external location", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "value": { + "alwaysShowProviderSelection": { SchemaProps: spec.SchemaProps{ - Description: "value specifies the cleartext value, or an encrypted value if keyFile is specified.", - Default: "", - Type: []string{"string"}, + Description: "alwaysShowProviderSelection will force the provider selection page to render even when there is only a single provider.", + Default: false, + Type: []string{"boolean"}, Format: "", }, }, - "env": { + "identityProviders": { SchemaProps: spec.SchemaProps{ - Description: "env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "identityProviders is an ordered list of ways for a user to identify themselves", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.IdentityProvider"), + }, + }, + }, }, }, - "file": { + "grantConfig": { SchemaProps: spec.SchemaProps{ - Description: "file references a file containing the cleartext value, or an encrypted value if a keyFile is specified.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "grantConfig describes how to handle grants", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.GrantConfig"), }, }, - "keyFile": { + "sessionConfig": { SchemaProps: spec.SchemaProps{ - Description: "keyFile references a file containing the key to use to decrypt the value.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "sessionConfig hold information about configuring sessions.", + Ref: ref("github.com/openshift/api/legacyconfig/v1.SessionConfig"), + }, + }, + "tokenConfig": { + SchemaProps: spec.SchemaProps{ + Description: "tokenConfig contains options for authorization and access tokens", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.TokenConfig"), + }, + }, + "templates": { + SchemaProps: spec.SchemaProps{ + Description: "templates allow you to customize pages like the login page.", + Ref: ref("github.com/openshift/api/legacyconfig/v1.OAuthTemplates"), }, }, }, - Required: []string{"value", "env", "file", "keyFile"}, + Required: []string{"masterCA", "masterURL", "masterPublicURL", "assetPublicURL", "alwaysShowProviderSelection", "identityProviders", "grantConfig", "sessionConfig", "tokenConfig", "templates"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/legacyconfig/v1.GrantConfig", "github.com/openshift/api/legacyconfig/v1.IdentityProvider", "github.com/openshift/api/legacyconfig/v1.OAuthTemplates", "github.com/openshift/api/legacyconfig/v1.SessionConfig", "github.com/openshift/api/legacyconfig/v1.TokenConfig"}, } } -func schema_openshift_api_legacyconfig_v1_TokenConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_OAuthTemplates(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "TokenConfig holds the necessary configuration options for authorization and access tokens", + Description: "OAuthTemplates allow for customization of pages like the login page", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "authorizeTokenMaxAgeSeconds": { + "login": { SchemaProps: spec.SchemaProps{ - Description: "authorizeTokenMaxAgeSeconds defines the maximum age of authorize tokens", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "login is a path to a file containing a go template used to render the login page. If unspecified, the default login page is used.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "accessTokenMaxAgeSeconds": { + "providerSelection": { SchemaProps: spec.SchemaProps{ - Description: "accessTokenMaxAgeSeconds defines the maximum age of access tokens", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "providerSelection is a path to a file containing a go template used to render the provider selection page. If unspecified, the default provider selection page is used.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "accessTokenInactivityTimeoutSeconds": { + "error": { SchemaProps: spec.SchemaProps{ - Description: "accessTokenInactivityTimeoutSeconds defined the default token inactivity timeout for tokens granted by any client. Setting it to nil means the feature is completely disabled (default) The default setting can be overridden on OAuthClient basis. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Valid values are: - 0: Tokens never time out - X: Tokens time out if there is no activity for X seconds The current minimum allowed value for X is 300 (5 minutes)", - Type: []string{"integer"}, - Format: "int32", + Description: "error is a path to a file containing a go template used to render error pages during the authentication or grant flow If unspecified, the default error page is used.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"authorizeTokenMaxAgeSeconds", "accessTokenMaxAgeSeconds"}, + Required: []string{"login", "providerSelection", "error"}, }, }, } } -func schema_openshift_api_legacyconfig_v1_UserAgentDenyRule(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_OpenIDClaims(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "UserAgentDenyRule adds a rejection message that can be used to help a user figure out how to get an approved client", + Description: "OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "regex": { + "id": { SchemaProps: spec.SchemaProps{ - Description: "UserAgentRegex is a regex that is checked against the User-Agent. Known variants of oc clients 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "id is the list of claims whose values should be used as the user ID. Required. OpenID standard identity claim is \"sub\"", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "httpVerbs": { + "preferredUsername": { SchemaProps: spec.SchemaProps{ - Description: "httpVerbs specifies which HTTP verbs should be matched. An empty list means \"match all verbs\".", + Description: "preferredUsername is the list of claims whose values should be used as the preferred username. If unspecified, the preferred username is determined from the value of the id claim", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -37338,39 +37487,89 @@ func schema_openshift_api_legacyconfig_v1_UserAgentDenyRule(ref common.Reference }, }, }, - "rejectionMessage": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "rejectionMessage is the message shown when rejecting a client. If it is not a set, the default message is used.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "name is the list of claims whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "email": { + SchemaProps: spec.SchemaProps{ + Description: "email is the list of claims whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, }, - Required: []string{"regex", "httpVerbs", "rejectionMessage"}, + Required: []string{"id", "preferredUsername", "name", "email"}, }, }, } } -func schema_openshift_api_legacyconfig_v1_UserAgentMatchRule(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_OpenIDIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "UserAgentMatchRule describes how to match a given request based on User-Agent and HTTPVerb", + Description: "OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "regex": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "UserAgentRegex is a regex that is checked against the User-Agent. Known variants of oc clients 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "ca": { + SchemaProps: spec.SchemaProps{ + Description: "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", Default: "", Type: []string{"string"}, Format: "", }, }, - "httpVerbs": { + "clientID": { SchemaProps: spec.SchemaProps{ - Description: "httpVerbs specifies which HTTP verbs should be matched. An empty list means \"match all verbs\".", + Description: "clientID is the oauth client ID", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "clientSecret": { + SchemaProps: spec.SchemaProps{ + Description: "clientSecret is the oauth client secret", + Ref: ref("github.com/openshift/api/legacyconfig/v1.StringSource"), + }, + }, + "extraScopes": { + SchemaProps: spec.SchemaProps{ + Description: "extraScopes are any scopes to request in addition to the standard \"openid\" scope.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -37383,168 +37582,207 @@ func schema_openshift_api_legacyconfig_v1_UserAgentMatchRule(ref common.Referenc }, }, }, + "extraAuthorizeParameters": { + SchemaProps: spec.SchemaProps{ + Description: "extraAuthorizeParameters are any custom parameters to add to the authorize request.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "urls": { + SchemaProps: spec.SchemaProps{ + Description: "urls to use to authenticate", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.OpenIDURLs"), + }, + }, + "claims": { + SchemaProps: spec.SchemaProps{ + Description: "claims mappings", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.OpenIDClaims"), + }, + }, }, - Required: []string{"regex", "httpVerbs"}, + Required: []string{"ca", "clientID", "clientSecret", "extraScopes", "extraAuthorizeParameters", "urls", "claims"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/legacyconfig/v1.OpenIDClaims", "github.com/openshift/api/legacyconfig/v1.OpenIDURLs", "github.com/openshift/api/legacyconfig/v1.StringSource"}, } } -func schema_openshift_api_legacyconfig_v1_UserAgentMatchingConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_OpenIDURLs(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "UserAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!", + Description: "OpenIDURLs are URLs to use when authenticating with an OpenID identity provider", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "requiredClients": { + "authorize": { SchemaProps: spec.SchemaProps{ - Description: "If this list is non-empty, then a User-Agent must match one of the UserAgentRegexes to be allowed", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.UserAgentMatchRule"), - }, - }, - }, + Description: "authorize is the oauth authorization URL", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "deniedClients": { + "token": { SchemaProps: spec.SchemaProps{ - Description: "If this list is non-empty, then a User-Agent must not match any of the UserAgentRegexes", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/legacyconfig/v1.UserAgentDenyRule"), - }, - }, - }, + Description: "token is the oauth token granting URL", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "defaultRejectionMessage": { + "userInfo": { SchemaProps: spec.SchemaProps{ - Description: "defaultRejectionMessage is the message shown when rejecting a client. If it is not a set, a generic message is given.", + Description: "userInfo is the optional userinfo URL. If present, a granted access_token is used to request claims If empty, a granted id_token is parsed for claims", Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"requiredClients", "deniedClients", "defaultRejectionMessage"}, + Required: []string{"authorize", "token", "userInfo"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/legacyconfig/v1.UserAgentDenyRule", "github.com/openshift/api/legacyconfig/v1.UserAgentMatchRule"}, } } -func schema_openshift_api_legacyconfig_v1_WebhookTokenAuthenticator(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_PodManifestConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "WebhookTokenAuthenticators holds the necessary configuation options for external token authenticators", + Description: "PodManifestConfig holds the necessary configuration options for using pod manifests", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "configFile": { + "path": { SchemaProps: spec.SchemaProps{ - Description: "configFile is a path to a Kubeconfig file with the webhook configuration", + Description: "path specifies the path for the pod manifest file or directory If its a directory, its expected to contain on or more manifest files This is used by the Kubelet to create pods on the node", Default: "", Type: []string{"string"}, Format: "", }, }, - "cacheTTL": { + "fileCheckIntervalSeconds": { SchemaProps: spec.SchemaProps{ - Description: "cacheTTL indicates how long an authentication result should be cached. It takes a valid time duration string (e.g. \"5m\"). If empty, you get a default timeout of 2 minutes. If zero (e.g. \"0m\"), caching is disabled", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "fileCheckIntervalSeconds is the interval in seconds for checking the manifest file(s) for new data The interval needs to be a positive value", + Default: 0, + Type: []string{"integer"}, + Format: "int64", }, }, }, - Required: []string{"configFile", "cacheTTL"}, + Required: []string{"path", "fileCheckIntervalSeconds"}, }, }, } } -func schema_openshift_api_machine_v1_AWSFailureDomain(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_PolicyConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "AWSFailureDomain configures failure domain information for the AWS platform.", + Description: "holds the necessary configuration options for", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "subnet": { - SchemaProps: spec.SchemaProps{ - Description: "subnet is a reference to the subnet to use for this instance.", - Ref: ref("github.com/openshift/api/machine/v1.AWSResourceReference"), - }, - }, - "placement": { + "userAgentMatchingConfig": { SchemaProps: spec.SchemaProps{ - Description: "placement configures the placement information for this instance.", + Description: "userAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.AWSFailureDomainPlacement"), + Ref: ref("github.com/openshift/api/legacyconfig/v1.UserAgentMatchingConfig"), }, }, }, + Required: []string{"userAgentMatchingConfig"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1.AWSFailureDomainPlacement", "github.com/openshift/api/machine/v1.AWSResourceReference"}, + "github.com/openshift/api/legacyconfig/v1.UserAgentMatchingConfig"}, } } -func schema_openshift_api_machine_v1_AWSFailureDomainPlacement(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_ProjectConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "AWSFailureDomainPlacement configures the placement information for the AWSFailureDomain.", + Description: "holds the necessary configuration options for", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "availabilityZone": { + "defaultNodeSelector": { SchemaProps: spec.SchemaProps{ - Description: "availabilityZone is the availability zone of the instance.", + Description: "defaultNodeSelector holds default project node label selector", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "projectRequestMessage": { + SchemaProps: spec.SchemaProps{ + Description: "projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "projectRequestTemplate": { + SchemaProps: spec.SchemaProps{ + Description: "projectRequestTemplate is the template to use for creating projects in response to projectrequest. It is in the format namespace/template and it is optional. If it is not specified, a default template is used.", Default: "", Type: []string{"string"}, Format: "", }, }, + "securityAllocator": { + SchemaProps: spec.SchemaProps{ + Description: "securityAllocator controls the automatic allocation of UIDs and MCS labels to a project. If nil, allocation is disabled.", + Ref: ref("github.com/openshift/api/legacyconfig/v1.SecurityAllocator"), + }, + }, }, - Required: []string{"availabilityZone"}, + Required: []string{"defaultNodeSelector", "projectRequestMessage", "projectRequestTemplate", "securityAllocator"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/legacyconfig/v1.SecurityAllocator"}, } } -func schema_openshift_api_machine_v1_AWSResourceFilter(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_RFC2307Config(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "AWSResourceFilter is a filter used to identify an AWS resource", + Description: "RFC2307Config holds the necessary configuration options to define how an LDAP group sync interacts with an LDAP server using the RFC2307 schema", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "groupsQuery": { SchemaProps: spec.SchemaProps{ - Description: "name of the filter. Filter names are case-sensitive.", + Description: "AllGroupsQuery holds the template for an LDAP query that returns group entries.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.LDAPQuery"), + }, + }, + "groupUIDAttribute": { + SchemaProps: spec.SchemaProps{ + Description: "GroupUIDAttributes defines which attribute on an LDAP group entry will be interpreted as its unique identifier. (ldapGroupUID)", Default: "", Type: []string{"string"}, Format: "", }, }, - "values": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, + "groupNameAttributes": { SchemaProps: spec.SchemaProps{ - Description: "values includes one or more filter values. Filter values are case-sensitive.", + Description: "groupNameAttributes defines which attributes on an LDAP group entry will be interpreted as its name to use for an OpenShift group", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -37557,312 +37795,238 @@ func schema_openshift_api_machine_v1_AWSResourceFilter(ref common.ReferenceCallb }, }, }, - }, - Required: []string{"name"}, - }, - }, - } -} - -func schema_openshift_api_machine_v1_AWSResourceReference(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "AWSResourceReference is a reference to a specific AWS resource by ID, ARN, or filters. Only one of ID, ARN or Filters may be specified. Specifying more than one will result in a validation error.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "type": { + "groupMembershipAttributes": { SchemaProps: spec.SchemaProps{ - Description: "type determines how the reference will fetch the AWS resource.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "groupMembershipAttributes defines which attributes on an LDAP group entry will be interpreted as its members. The values contained in those attributes must be queryable by your UserUIDAttribute", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "id": { + "usersQuery": { SchemaProps: spec.SchemaProps{ - Description: "id of resource.", - Type: []string{"string"}, - Format: "", + Description: "AllUsersQuery holds the template for an LDAP query that returns user entries.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.LDAPQuery"), }, }, - "arn": { + "userUIDAttribute": { SchemaProps: spec.SchemaProps{ - Description: "arn of resource.", + Description: "userUIDAttribute defines which attribute on an LDAP user entry will be interpreted as its unique identifier. It must correspond to values that will be found from the GroupMembershipAttributes", + Default: "", Type: []string{"string"}, Format: "", }, }, - "filters": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, + "userNameAttributes": { SchemaProps: spec.SchemaProps{ - Description: "filters is a set of filters used to identify a resource.", + Description: "userNameAttributes defines which attributes on an LDAP user entry will be used, in order, as its OpenShift user name. The first attribute with a non-empty value is used. This should match your PreferredUsername setting for your LDAPPasswordIdentityProvider", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.AWSResourceFilter"), + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, }, }, - }, - Required: []string{"type"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "type", - "fields-to-discriminateBy": map[string]interface{}{ - "arn": "ARN", - "filters": "Filters", - "id": "ID", - }, + "tolerateMemberNotFoundErrors": { + SchemaProps: spec.SchemaProps{ + Description: "tolerateMemberNotFoundErrors determines the behavior of the LDAP sync job when missing user entries are encountered. If 'true', an LDAP query for users that doesn't find any will be tolerated and an only and error will be logged. If 'false', the LDAP sync job will fail if a query for users doesn't find any. The default value is 'false'. Misconfigured LDAP sync jobs with this flag set to 'true' can cause group membership to be removed, so it is recommended to use this flag with caution.", + Default: false, + Type: []string{"boolean"}, + Format: "", + }, + }, + "tolerateMemberOutOfScopeErrors": { + SchemaProps: spec.SchemaProps{ + Description: "tolerateMemberOutOfScopeErrors determines the behavior of the LDAP sync job when out-of-scope user entries are encountered. If 'true', an LDAP query for a user that falls outside of the base DN given for the all user query will be tolerated and only an error will be logged. If 'false', the LDAP sync job will fail if a user query would search outside of the base DN specified by the all user query. Misconfigured LDAP sync jobs with this flag set to 'true' can result in groups missing users, so it is recommended to use this flag with caution.", + Default: false, + Type: []string{"boolean"}, + Format: "", }, }, }, + Required: []string{"groupsQuery", "groupUIDAttribute", "groupNameAttributes", "groupMembershipAttributes", "usersQuery", "userUIDAttribute", "userNameAttributes", "tolerateMemberNotFoundErrors", "tolerateMemberOutOfScopeErrors"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1.AWSResourceFilter"}, + "github.com/openshift/api/legacyconfig/v1.LDAPQuery"}, } } -func schema_openshift_api_machine_v1_AlibabaCloudMachineProviderConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_RegistryLocation(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "AlibabaCloudMachineProviderConfig is the Schema for the alibabacloudmachineproviderconfig API Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Description: "RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "domainName": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "domainName specifies a domain name for the registry In case the registry use non-standard (80 or 443) port, the port should be included in the domain name as well.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "insecure": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, + Description: "insecure indicates whether the registry is secure (https) or insecure (http) By default (if not specified) the registry is assumed as secure.", + Type: []string{"boolean"}, Format: "", }, }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), - }, - }, - "instanceType": { + }, + Required: []string{"domainName"}, + }, + }, + } +} + +func schema_openshift_api_legacyconfig_v1_RemoteConnectionInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RemoteConnectionInfo holds information necessary for establishing a remote connection", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "url": { SchemaProps: spec.SchemaProps{ - Description: "The instance type of the instance.", + Description: "url is the remote URL to connect to", Default: "", Type: []string{"string"}, Format: "", }, }, - "vpcId": { + "ca": { SchemaProps: spec.SchemaProps{ - Description: "The ID of the vpc", + Description: "ca is the CA for verifying TLS connections", Default: "", Type: []string{"string"}, Format: "", }, }, - "regionId": { + "certFile": { SchemaProps: spec.SchemaProps{ - Description: "The ID of the region in which to create the instance. You can call the DescribeRegions operation to query the most recent region list.", + Description: "certFile is a file containing a PEM-encoded certificate", Default: "", Type: []string{"string"}, Format: "", }, }, - "zoneId": { + "keyFile": { SchemaProps: spec.SchemaProps{ - Description: "The ID of the zone in which to create the instance. You can call the DescribeZones operation to query the most recent region list.", + Description: "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", Default: "", Type: []string{"string"}, Format: "", }, }, - "imageId": { + }, + Required: []string{"url", "ca", "certFile", "keyFile"}, + }, + }, + } +} + +func schema_openshift_api_legacyconfig_v1_RequestHeaderAuthenticationOptions(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RequestHeaderAuthenticationOptions provides options for setting up a front proxy against the entire API instead of against the /oauth endpoint.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "clientCA": { SchemaProps: spec.SchemaProps{ - Description: "The ID of the image used to create the instance.", + Description: "clientCA is a file with the trusted signer certs. It is required.", Default: "", Type: []string{"string"}, Format: "", }, }, - "dataDisk": { + "clientCommonNames": { SchemaProps: spec.SchemaProps{ - Description: "DataDisks holds information regarding the extra disks attached to the instance", + Description: "clientCommonNames is a required list of common names to require a match from.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.DataDiskProperties"), + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, }, }, - "securityGroups": { + "usernameHeaders": { SchemaProps: spec.SchemaProps{ - Description: "securityGroups is a list of security group references to assign to the instance. A reference holds either the security group ID, the resource name, or the required tags to search. When more than one security group is returned for a tag search, all the groups are associated with the instance up to the maximum number of security groups to which an instance can belong. For more information, see the \"Security group limits\" section in Limits. https://www.alibabacloud.com/help/en/doc-detail/25412.htm", + Description: "usernameHeaders is the list of headers to check for user information. First hit wins.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.AlibabaResourceReference"), + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, }, }, - "bandwidth": { - SchemaProps: spec.SchemaProps{ - Description: "bandwidth describes the internet bandwidth strategy for the instance", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.BandwidthProperties"), - }, - }, - "systemDisk": { - SchemaProps: spec.SchemaProps{ - Description: "systemDisk holds the properties regarding the system disk for the instance", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.SystemDiskProperties"), - }, - }, - "vSwitch": { - SchemaProps: spec.SchemaProps{ - Description: "vSwitch is a reference to the vswitch to use for this instance. A reference holds either the vSwitch ID, the resource name, or the required tags to search. When more than one vSwitch is returned for a tag search, only the first vSwitch returned will be used. This parameter is required when you create an instance of the VPC type. You can call the DescribeVSwitches operation to query the created vSwitches.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.AlibabaResourceReference"), - }, - }, - "ramRoleName": { - SchemaProps: spec.SchemaProps{ - Description: "ramRoleName is the name of the instance Resource Access Management (RAM) role. This allows the instance to perform API calls as this specified RAM role.", - Type: []string{"string"}, - Format: "", - }, - }, - "resourceGroup": { - SchemaProps: spec.SchemaProps{ - Description: "resourceGroup references the resource group to which to assign the instance. A reference holds either the resource group ID, the resource name, or the required tags to search. When more than one resource group are returned for a search, an error will be produced and the Machine will not be created. Resource Groups do not support searching by tags.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.AlibabaResourceReference"), - }, - }, - "tenancy": { - SchemaProps: spec.SchemaProps{ - Description: "tenancy specifies whether to create the instance on a dedicated host. Valid values:\n\ndefault: creates the instance on a non-dedicated host. host: creates the instance on a dedicated host. If you do not specify the DedicatedHostID parameter, Alibaba Cloud automatically selects a dedicated host for the instance. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `default`.", - Type: []string{"string"}, - Format: "", - }, - }, - "userDataSecret": { - SchemaProps: spec.SchemaProps{ - Description: "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), - }, - }, - "credentialsSecret": { - SchemaProps: spec.SchemaProps{ - Description: "credentialsSecret is a reference to the secret with alibabacloud credentials. Otherwise, defaults to permissions provided by attached RAM role where the actuator is running.", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), - }, - }, - "tag": { + "groupHeaders": { SchemaProps: spec.SchemaProps{ - Description: "Tags are the set of metadata to add to an instance.", + Description: "GroupNameHeader is the set of headers to check for group information. All are unioned.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.Tag"), + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, }, }, - }, - Required: []string{"instanceType", "vpcId", "regionId", "zoneId", "imageId", "vSwitch", "resourceGroup"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1.AlibabaResourceReference", "github.com/openshift/api/machine/v1.BandwidthProperties", "github.com/openshift/api/machine/v1.DataDiskProperties", "github.com/openshift/api/machine/v1.SystemDiskProperties", "github.com/openshift/api/machine/v1.Tag", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, - } -} - -func schema_openshift_api_machine_v1_AlibabaCloudMachineProviderConfigList(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "AlibabaCloudMachineProviderConfigList contains a list of AlibabaCloudMachineProviderConfig Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), - }, - }, - "items": { + "extraHeaderPrefixes": { SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, + Description: "extraHeaderPrefixes is the set of request header prefixes to inspect for user extra. X-Remote-Extra- is suggested.", + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.AlibabaCloudMachineProviderConfig"), + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, }, }, }, - Required: []string{"items"}, + Required: []string{"clientCA", "clientCommonNames", "usernameHeaders", "groupHeaders", "extraHeaderPrefixes"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1.AlibabaCloudMachineProviderConfig", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_machine_v1_AlibabaCloudMachineProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_RequestHeaderIdentityProvider(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "AlibabaCloudMachineProviderStatus is the Schema for the alibabacloudmachineproviderconfig API Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Description: "RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -37879,838 +38043,864 @@ func schema_openshift_api_machine_v1_AlibabaCloudMachineProviderStatus(ref commo Format: "", }, }, - "metadata": { + "loginURL": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Description: "loginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "instanceId": { + "challengeURL": { SchemaProps: spec.SchemaProps{ - Description: "instanceId is the instance ID of the machine created in alibabacloud", + Description: "challengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}", + Default: "", Type: []string{"string"}, Format: "", }, }, - "instanceState": { + "clientCA": { SchemaProps: spec.SchemaProps{ - Description: "instanceState is the state of the alibabacloud instance for this machine", + Description: "clientCA is a file with the trusted signer certs. If empty, no request verification is done, and any direct request to the OAuth server can impersonate any identity from this provider, merely by setting a request header.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", - }, - "x-kubernetes-list-type": "map", - }, - }, + "clientCommonNames": { SchemaProps: spec.SchemaProps{ - Description: "conditions is a set of conditions associated with the Machine to indicate errors or other status", + Description: "clientCommonNames is an optional list of common names to require a match from. If empty, any client certificate validated against the clientCA bundle is considered authoritative.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, }, }, - }, - }, - }, - Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, - } -} - -func schema_openshift_api_machine_v1_AlibabaResourceReference(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ResourceTagReference is a reference to a specific AlibabaCloud resource by ID, or tags. Only one of ID or Tags may be specified. Specifying more than one will result in a validation error.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "type": { + "headers": { SchemaProps: spec.SchemaProps{ - Description: "type identifies the resource reference type for this entry.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "headers is the set of headers to check for identity information", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "id": { + "preferredUsernameHeaders": { SchemaProps: spec.SchemaProps{ - Description: "id of resource", - Type: []string{"string"}, - Format: "", + Description: "preferredUsernameHeaders is the set of headers to check for the preferred username", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "name": { + "nameHeaders": { SchemaProps: spec.SchemaProps{ - Description: "name of the resource", - Type: []string{"string"}, - Format: "", + Description: "nameHeaders is the set of headers to check for the display name", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "tags": { + "emailHeaders": { SchemaProps: spec.SchemaProps{ - Description: "tags is a set of metadata based upon ECS object tags used to identify a resource. For details about usage when multiple resources are found, please see the owning parent field documentation.", + Description: "emailHeaders is the set of headers to check for the email address", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.Tag"), + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, }, }, }, - Required: []string{"type"}, + Required: []string{"loginURL", "challengeURL", "clientCA", "clientCommonNames", "headers", "preferredUsernameHeaders", "nameHeaders", "emailHeaders"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1.Tag"}, } } -func schema_openshift_api_machine_v1_AzureFailureDomain(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_RoutingConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "AzureFailureDomain configures failure domain information for the Azure platform.", + Description: "RoutingConfig holds the necessary configuration options for routing to subdomains", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "zone": { + "subdomain": { SchemaProps: spec.SchemaProps{ - Description: "Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone.", + Description: "subdomain is the suffix appended to $service.$namespace. to form the default route hostname DEPRECATED: This field is being replaced by routers setting their own defaults. This is the \"default\" route.", Default: "", Type: []string{"string"}, Format: "", }, }, - "subnet": { - SchemaProps: spec.SchemaProps{ - Description: "subnet is the name of the network subnet in which the VM will be created. When omitted, the subnet value from the machine providerSpec template will be used.", - Type: []string{"string"}, - Format: "", - }, - }, - }, - Required: []string{"zone"}, - }, - }, - } -} - -func schema_openshift_api_machine_v1_BandwidthProperties(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "Bandwidth describes the bandwidth strategy for the network of the instance", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "internetMaxBandwidthIn": { - SchemaProps: spec.SchemaProps{ - Description: "internetMaxBandwidthIn is the maximum inbound public bandwidth. Unit: Mbit/s. Valid values: When the purchased outbound public bandwidth is less than or equal to 10 Mbit/s, the valid values of this parameter are 1 to 10. Currently the default is `10` when outbound bandwidth is less than or equal to 10 Mbit/s. When the purchased outbound public bandwidth is greater than 10, the valid values are 1 to the InternetMaxBandwidthOut value. Currently the default is the value used for `InternetMaxBandwidthOut` when outbound public bandwidth is greater than 10.", - Type: []string{"integer"}, - Format: "int64", - }, - }, - "internetMaxBandwidthOut": { - SchemaProps: spec.SchemaProps{ - Description: "internetMaxBandwidthOut is the maximum outbound public bandwidth. Unit: Mbit/s. Valid values: 0 to 100. When a value greater than 0 is used then a public IP address is assigned to the instance. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `0`", - Type: []string{"integer"}, - Format: "int64", - }, - }, }, + Required: []string{"subdomain"}, }, }, } } -func schema_openshift_api_machine_v1_ControlPlaneMachineSet(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_SecurityAllocator(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ControlPlaneMachineSet ensures that a specified number of control plane machine replicas are running at any given time. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Description: "SecurityAllocator controls the automatic allocation of UIDs and MCS labels to a project. If nil, allocation is disabled.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "uidAllocatorRange": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "uidAllocatorRange defines the total set of Unix user IDs (UIDs) that will be allocated to projects automatically, and the size of the block each namespace gets. For example, 1000-1999/10 will allocate ten UIDs per namespace, and will be able to allocate up to 100 blocks before running out of space. The default is to allocate from 1 billion to 2 billion in 10k blocks (which is the expected size of the ranges container images will use once user namespaces are started).", + Default: "", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "mcsAllocatorRange": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "mcsAllocatorRange defines the range of MCS categories that will be assigned to namespaces. The format is \"/[,]\". The default is \"s0/2\" and will allocate from c0 -> c1023, which means a total of 535k labels are available (1024 choose 2 ~ 535k). If this value is changed after startup, new projects may receive labels that are already allocated to other projects. Prefix may be any valid SELinux set of terms (including user, role, and type), although leaving them as the default will allow the server to set them automatically.\n\nExamples: * s0:/2 - Allocate labels from s0:c0,c0 to s0:c511,c511 * s0:/2,512 - Allocate labels from s0:c0,c0,c0 to s0:c511,c511,511", + Default: "", Type: []string{"string"}, Format: "", }, }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), - }, - }, - "spec": { - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.ControlPlaneMachineSetSpec"), - }, - }, - "status": { + "mcsLabelsPerProject": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.ControlPlaneMachineSetStatus"), + Description: "mcsLabelsPerProject defines the number of labels that should be reserved per project. The default is 5 to match the default UID and MCS ranges (100k namespaces, 535k/5 labels).", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, }, + Required: []string{"uidAllocatorRange", "mcsAllocatorRange", "mcsLabelsPerProject"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1.ControlPlaneMachineSetSpec", "github.com/openshift/api/machine/v1.ControlPlaneMachineSetStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_machine_v1_ControlPlaneMachineSetList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_ServiceAccountConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ControlPlaneMachineSetList contains a list of ControlPlaneMachineSet Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Description: "ServiceAccountConfig holds the necessary configuration options for a service account", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "managedNames": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", + Description: "managedNames is a list of service account names that will be auto-created in every namespace. If no names are specified, the ServiceAccountsController will not be started.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "apiVersion": { + "limitSecretReferences": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, + Description: "limitSecretReferences controls whether or not to allow a service account to reference any secret in a namespace without explicitly referencing them", + Default: false, + Type: []string{"boolean"}, Format: "", }, }, - "metadata": { + "privateKeyFile": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Description: "privateKeyFile is a file containing a PEM-encoded private RSA key, used to sign service account tokens. If no private key is specified, the service account TokensController will not be started.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "items": { + "publicKeyFiles": { SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, + Description: "publicKeyFiles is a list of files, each containing a PEM-encoded public RSA key. (If any file contains a private key, the public portion of the key is used) The list of public keys is used to verify presented service account tokens. Each key is tried in order until the list is exhausted or verification succeeds. If no keys are specified, no service account authentication will be available.", + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.ControlPlaneMachineSet"), + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, }, }, + "masterCA": { + SchemaProps: spec.SchemaProps{ + Description: "masterCA is the CA for verifying the TLS connection back to the master. The service account controller will automatically inject the contents of this file into pods so they can verify connections to the master.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"managedNames", "limitSecretReferences", "privateKeyFile", "publicKeyFiles", "masterCA"}, + }, + }, + } +} + +func schema_openshift_api_legacyconfig_v1_ServiceServingCert(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ServiceServingCert holds configuration for service serving cert signer which creates cert/key pairs for pods fulfilling a service to serve with.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "signer": { + SchemaProps: spec.SchemaProps{ + Description: "signer holds the signing information used to automatically sign serving certificates. If this value is nil, then certs are not signed automatically.", + Ref: ref("github.com/openshift/api/legacyconfig/v1.CertInfo"), + }, + }, }, - Required: []string{"items"}, + Required: []string{"signer"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1.ControlPlaneMachineSet", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/legacyconfig/v1.CertInfo"}, } } -func schema_openshift_api_machine_v1_ControlPlaneMachineSetSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_ServingInfo(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ControlPlaneMachineSet represents the configuration of the ControlPlaneMachineSet.", + Description: "ServingInfo holds information about serving web pages", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "machineNamePrefix": { + "bindAddress": { SchemaProps: spec.SchemaProps{ - Description: "machineNamePrefix is the prefix used when creating machine names. Each machine name will consist of this prefix, followed by a randomly generated string of 5 characters, and the index of the machine. It must be a lowercase RFC 1123 subdomain, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.'). Each block, separated by periods, must start and end with an alphanumeric character. Hyphens are not allowed at the start or end of a block, and consecutive periods are not permitted. The prefix must be between 1 and 245 characters in length. For example, if machineNamePrefix is set to 'control-plane', and three machines are created, their names might be: control-plane-abcde-0, control-plane-fghij-1, control-plane-klmno-2", + Description: "bindAddress is the ip:port to serve on", + Default: "", Type: []string{"string"}, Format: "", }, }, - "state": { + "bindNetwork": { SchemaProps: spec.SchemaProps{ - Description: "state defines whether the ControlPlaneMachineSet is Active or Inactive. When Inactive, the ControlPlaneMachineSet will not take any action on the state of the Machines within the cluster. When Active, the ControlPlaneMachineSet will reconcile the Machines and will update the Machines as necessary. Once Active, a ControlPlaneMachineSet cannot be made Inactive. To prevent further action please remove the ControlPlaneMachineSet.", - Default: "Inactive", + Description: "bindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", + Default: "", Type: []string{"string"}, Format: "", }, }, - "replicas": { - SchemaProps: spec.SchemaProps{ - Description: "replicas defines how many Control Plane Machines should be created by this ControlPlaneMachineSet. This field is immutable and cannot be changed after cluster installation. The ControlPlaneMachineSet only operates with 3 or 5 node control planes, 3 and 5 are the only valid values for this field.", - Type: []string{"integer"}, - Format: "int32", - }, - }, - "strategy": { + "certFile": { SchemaProps: spec.SchemaProps{ - Description: "strategy defines how the ControlPlaneMachineSet will update Machines when it detects a change to the ProviderSpec.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.ControlPlaneMachineSetStrategy"), + Description: "certFile is a file containing a PEM-encoded certificate", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "selector": { + "keyFile": { SchemaProps: spec.SchemaProps{ - Description: "Label selector for Machines. Existing Machines selected by this selector will be the ones affected by this ControlPlaneMachineSet. It must match the template's labels. This field is considered immutable after creation of the resource.", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Description: "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "template": { + "clientCA": { SchemaProps: spec.SchemaProps{ - Description: "template describes the Control Plane Machines that will be created by this ControlPlaneMachineSet.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.ControlPlaneMachineSetTemplate"), + Description: "clientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - }, - Required: []string{"replicas", "selector", "template"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1.ControlPlaneMachineSetStrategy", "github.com/openshift/api/machine/v1.ControlPlaneMachineSetTemplate", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, - } -} - -func schema_openshift_api_machine_v1_ControlPlaneMachineSetStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ControlPlaneMachineSetStatus represents the status of the ControlPlaneMachineSet CRD.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", - }, - "x-kubernetes-list-type": "map", - }, - }, + "namedCertificates": { SchemaProps: spec.SchemaProps{ - Description: "conditions represents the observations of the ControlPlaneMachineSet's current state. Known .status.conditions.type are: Available, Degraded and Progressing.", + Description: "namedCertificates is a list of certificates to use to secure requests to specific hostnames", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref("github.com/openshift/api/legacyconfig/v1.NamedCertificate"), }, }, }, }, }, - "observedGeneration": { + "minTLSVersion": { SchemaProps: spec.SchemaProps{ - Description: "observedGeneration is the most recent generation observed for this ControlPlaneMachineSet. It corresponds to the ControlPlaneMachineSets's generation, which is updated on mutation by the API Server.", - Type: []string{"integer"}, - Format: "int64", + Description: "minTLSVersion is the minimum TLS version supported. Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants", + Type: []string{"string"}, + Format: "", }, }, - "replicas": { + "cipherSuites": { SchemaProps: spec.SchemaProps{ - Description: "replicas is the number of Control Plane Machines created by the ControlPlaneMachineSet controller. Note that during update operations this value may differ from the desired replica count.", - Type: []string{"integer"}, - Format: "int32", + Description: "cipherSuites contains an overridden list of ciphers for the server to support. Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "readyReplicas": { + }, + Required: []string{"bindAddress", "bindNetwork", "certFile", "keyFile", "clientCA", "namedCertificates"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/legacyconfig/v1.NamedCertificate"}, + } +} + +func schema_openshift_api_legacyconfig_v1_SessionConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "SessionConfig specifies options for cookie-based sessions. Used by AuthRequestHandlerSession", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "sessionSecretsFile": { SchemaProps: spec.SchemaProps{ - Description: "readyReplicas is the number of Control Plane Machines created by the ControlPlaneMachineSet controller which are ready. Note that this value may be higher than the desired number of replicas while rolling updates are in-progress.", - Type: []string{"integer"}, - Format: "int32", + Description: "sessionSecretsFile is a reference to a file containing a serialized SessionSecrets object If no file is specified, a random signing and encryption key are generated at each server start", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "updatedReplicas": { + "sessionMaxAgeSeconds": { SchemaProps: spec.SchemaProps{ - Description: "updatedReplicas is the number of non-terminated Control Plane Machines created by the ControlPlaneMachineSet controller that have the desired provider spec and are ready. This value is set to 0 when a change is detected to the desired spec. When the update strategy is RollingUpdate, this will also coincide with starting the process of updating the Machines. When the update strategy is OnDelete, this value will remain at 0 until a user deletes an existing replica and its replacement has become ready.", + Description: "sessionMaxAgeSeconds specifies how long created sessions last. Used by AuthRequestHandlerSession", + Default: 0, Type: []string{"integer"}, Format: "int32", }, }, - "unavailableReplicas": { + "sessionName": { SchemaProps: spec.SchemaProps{ - Description: "unavailableReplicas is the number of Control Plane Machines that are still required before the ControlPlaneMachineSet reaches the desired available capacity. When this value is non-zero, the number of ReadyReplicas is less than the desired Replicas.", - Type: []string{"integer"}, - Format: "int32", + Description: "sessionName is the cookie name used to store the session", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, + Required: []string{"sessionSecretsFile", "sessionMaxAgeSeconds", "sessionName"}, }, }, - Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, } } -func schema_openshift_api_machine_v1_ControlPlaneMachineSetStrategy(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_SessionSecret(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ControlPlaneMachineSetStrategy defines the strategy for applying updates to the Control Plane Machines managed by the ControlPlaneMachineSet.", + Description: "SessionSecret is a secret used to authenticate/decrypt cookie-based sessions", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "type": { + "authentication": { SchemaProps: spec.SchemaProps{ - Description: "type defines the type of update strategy that should be used when updating Machines owned by the ControlPlaneMachineSet. Valid values are \"RollingUpdate\" and \"OnDelete\". The current default value is \"RollingUpdate\".", - Default: "RollingUpdate", + Description: "authentication is used to authenticate sessions using HMAC. Recommended to use a secret with 32 or 64 bytes.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "encryption": { + SchemaProps: spec.SchemaProps{ + Description: "encryption is used to encrypt sessions. Must be 16, 24, or 32 characters long, to select AES-128, AES-", + Default: "", Type: []string{"string"}, Format: "", }, }, }, + Required: []string{"authentication", "encryption"}, }, }, } } -func schema_openshift_api_machine_v1_ControlPlaneMachineSetTemplate(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_SessionSecrets(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ControlPlaneMachineSetTemplate is a template used by the ControlPlaneMachineSet to create the Machines that it will manage in the future.", + Description: "SessionSecrets list the secrets to use to sign/encrypt and authenticate/decrypt created sessions.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "machineType": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "machineType determines the type of Machines that should be managed by the ControlPlaneMachineSet. Currently, the only valid value is machines_v1beta1_machine_openshift_io.", - Default: "", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "machines_v1beta1_machine_openshift_io": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "OpenShiftMachineV1Beta1Machine defines the template for creating Machines from the v1beta1.machine.openshift.io API group.", - Ref: ref("github.com/openshift/api/machine/v1.OpenShiftMachineV1Beta1MachineTemplate"), + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", }, }, - }, - Required: []string{"machineType"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "machineType", - "fields-to-discriminateBy": map[string]interface{}{ - "machines_v1beta1_machine_openshift_io": "OpenShiftMachineV1Beta1Machine", + "secrets": { + SchemaProps: spec.SchemaProps{ + Description: "secrets is a list of secrets New sessions are signed and encrypted using the first secret. Existing sessions are decrypted/authenticated by each secret until one succeeds. This allows rotating secrets.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/legacyconfig/v1.SessionSecret"), + }, + }, }, }, }, }, + Required: []string{"secrets"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1.OpenShiftMachineV1Beta1MachineTemplate"}, + "github.com/openshift/api/legacyconfig/v1.SessionSecret"}, } } -func schema_openshift_api_machine_v1_ControlPlaneMachineSetTemplateObjectMeta(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_SourceStrategyDefaultsConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ControlPlaneMachineSetTemplateObjectMeta is a subset of the metav1.ObjectMeta struct. It allows users to specify labels and annotations that will be copied onto Machines created from this template.", + Description: "SourceStrategyDefaultsConfig contains values that apply to builds using the source strategy.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "labels": { - SchemaProps: spec.SchemaProps{ - Description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels. This field must contain both the 'machine.openshift.io/cluster-api-machine-role' and 'machine.openshift.io/cluster-api-machine-type' labels, both with a value of 'master'. It must also contain a label with the key 'machine.openshift.io/cluster-api-cluster'.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "annotations": { + "incremental": { SchemaProps: spec.SchemaProps{ - Description: "annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "incremental indicates if s2i build strategies should perform an incremental build or not", + Type: []string{"boolean"}, + Format: "", }, }, }, - Required: []string{"labels"}, }, }, } } -func schema_openshift_api_machine_v1_DataDiskProperties(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_StringSource(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "DataDisk contains the information regarding the datadisk attached to an instance", + Description: "StringSource allows specifying a string inline, or externally via env var or file. When it contains only a string value, it marshals to a simple JSON string.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "Name": { + "value": { SchemaProps: spec.SchemaProps{ - Description: "Name is the name of data disk N. If the name is specified the name must be 2 to 128 characters in length. It must start with a letter and cannot start with http:// or https://. It can contain letters, digits, colons (:), underscores (_), and hyphens (-).\n\nEmpty value means the platform chooses a default, which is subject to change over time. Currently the default is `\"\"`.", + Description: "value specifies the cleartext value, or an encrypted value if keyFile is specified.", Default: "", Type: []string{"string"}, Format: "", }, }, - "SnapshotID": { + "env": { SchemaProps: spec.SchemaProps{ - Description: "SnapshotID is the ID of the snapshot used to create data disk N. Valid values of N: 1 to 16.\n\nWhen the DataDisk.N.SnapshotID parameter is specified, the DataDisk.N.Size parameter is ignored. The data disk is created based on the size of the specified snapshot. Use snapshots created after July 15, 2013. Otherwise, an error is returned and your request is rejected.", + Description: "env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified.", Default: "", Type: []string{"string"}, Format: "", }, }, - "Size": { + "file": { SchemaProps: spec.SchemaProps{ - Description: "Size of the data disk N. Valid values of N: 1 to 16. Unit: GiB. Valid values:\n\nValid values when DataDisk.N.Category is set to cloud_efficiency: 20 to 32768 Valid values when DataDisk.N.Category is set to cloud_ssd: 20 to 32768 Valid values when DataDisk.N.Category is set to cloud_essd: 20 to 32768 Valid values when DataDisk.N.Category is set to cloud: 5 to 2000 The value of this parameter must be greater than or equal to the size of the snapshot specified by the SnapshotID parameter.", - Default: 0, - Type: []string{"integer"}, - Format: "int64", + Description: "file references a file containing the cleartext value, or an encrypted value if a keyFile is specified.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "DiskEncryption": { + "keyFile": { SchemaProps: spec.SchemaProps{ - Description: "DiskEncryption specifies whether to encrypt data disk N.\n\nEmpty value means the platform chooses a default, which is subject to change over time. Currently the default is `disabled`.", + Description: "keyFile references a file containing the key to use to decrypt the value.", Default: "", Type: []string{"string"}, Format: "", }, }, - "PerformanceLevel": { + }, + Required: []string{"value", "env", "file", "keyFile"}, + }, + }, + } +} + +func schema_openshift_api_legacyconfig_v1_StringSourceSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "StringSourceSpec specifies a string value, or external location", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "value": { SchemaProps: spec.SchemaProps{ - Description: "PerformanceLevel is the performance level of the ESSD used as as data disk N. The N value must be the same as that in DataDisk.N.Category when DataDisk.N.Category is set to cloud_essd. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is `PL1`. Valid values:\n\nPL0: A single ESSD can deliver up to 10,000 random read/write IOPS. PL1: A single ESSD can deliver up to 50,000 random read/write IOPS. PL2: A single ESSD can deliver up to 100,000 random read/write IOPS. PL3: A single ESSD can deliver up to 1,000,000 random read/write IOPS. For more information about ESSD performance levels, see ESSDs.", + Description: "value specifies the cleartext value, or an encrypted value if keyFile is specified.", Default: "", Type: []string{"string"}, Format: "", }, }, - "Category": { + "env": { SchemaProps: spec.SchemaProps{ - Description: "Category describes the type of data disk N. Valid values: cloud_efficiency: ultra disk cloud_ssd: standard SSD cloud_essd: ESSD cloud: basic disk Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently for non-I/O optimized instances of retired instance types, the default is `cloud`. Currently for other instances, the default is `cloud_efficiency`.", + Description: "env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified.", Default: "", Type: []string{"string"}, Format: "", }, }, - "KMSKeyID": { + "file": { SchemaProps: spec.SchemaProps{ - Description: "KMSKeyID is the ID of the Key Management Service (KMS) key to be used by data disk N. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `\"\"` which is interpreted as do not use KMSKey encryption.", + Description: "file references a file containing the cleartext value, or an encrypted value if a keyFile is specified.", Default: "", Type: []string{"string"}, Format: "", }, }, - "DiskPreservation": { + "keyFile": { SchemaProps: spec.SchemaProps{ - Description: "DiskPreservation specifies whether to release data disk N along with the instance. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `DeleteWithInstance`", + Description: "keyFile references a file containing the key to use to decrypt the value.", Default: "", Type: []string{"string"}, Format: "", }, }, }, + Required: []string{"value", "env", "file", "keyFile"}, }, }, } } -func schema_openshift_api_machine_v1_FailureDomains(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_TokenConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "FailureDomain represents the different configurations required to spread Machines across failure domains on different platforms.", + Description: "TokenConfig holds the necessary configuration options for authorization and access tokens", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "platform": { + "authorizeTokenMaxAgeSeconds": { SchemaProps: spec.SchemaProps{ - Description: "platform identifies the platform for which the FailureDomain represents. Currently supported values are AWS, Azure, GCP, OpenStack, VSphere and Nutanix.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "authorizeTokenMaxAgeSeconds defines the maximum age of authorize tokens", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, - "aws": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, + "accessTokenMaxAgeSeconds": { + SchemaProps: spec.SchemaProps{ + Description: "accessTokenMaxAgeSeconds defines the maximum age of access tokens", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, + }, + "accessTokenInactivityTimeoutSeconds": { SchemaProps: spec.SchemaProps{ - Description: "aws configures failure domain information for the AWS platform.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.AWSFailureDomain"), - }, - }, - }, + Description: "accessTokenInactivityTimeoutSeconds defined the default token inactivity timeout for tokens granted by any client. Setting it to nil means the feature is completely disabled (default) The default setting can be overridden on OAuthClient basis. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Valid values are: - 0: Tokens never time out - X: Tokens time out if there is no activity for X seconds The current minimum allowed value for X is 300 (5 minutes)", + Type: []string{"integer"}, + Format: "int32", }, }, - "azure": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, + }, + Required: []string{"authorizeTokenMaxAgeSeconds", "accessTokenMaxAgeSeconds"}, + }, + }, + } +} + +func schema_openshift_api_legacyconfig_v1_UserAgentDenyRule(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "UserAgentDenyRule adds a rejection message that can be used to help a user figure out how to get an approved client", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "regex": { + SchemaProps: spec.SchemaProps{ + Description: "UserAgentRegex is a regex that is checked against the User-Agent. Known variants of oc clients 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f", + Default: "", + Type: []string{"string"}, + Format: "", }, + }, + "httpVerbs": { SchemaProps: spec.SchemaProps{ - Description: "azure configures failure domain information for the Azure platform.", + Description: "httpVerbs specifies which HTTP verbs should be matched. An empty list means \"match all verbs\".", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.AzureFailureDomain"), + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, }, }, - "gcp": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, + "rejectionMessage": { SchemaProps: spec.SchemaProps{ - Description: "gcp configures failure domain information for the GCP platform.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.GCPFailureDomain"), - }, - }, - }, + Description: "rejectionMessage is the message shown when rejecting a client. If it is not a set, the default message is used.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "vsphere": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, + }, + Required: []string{"regex", "httpVerbs", "rejectionMessage"}, + }, + }, + } +} + +func schema_openshift_api_legacyconfig_v1_UserAgentMatchRule(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "UserAgentMatchRule describes how to match a given request based on User-Agent and HTTPVerb", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "regex": { + SchemaProps: spec.SchemaProps{ + Description: "UserAgentRegex is a regex that is checked against the User-Agent. Known variants of oc clients 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f", + Default: "", + Type: []string{"string"}, + Format: "", }, + }, + "httpVerbs": { SchemaProps: spec.SchemaProps{ - Description: "vsphere configures failure domain information for the VSphere platform.", + Description: "httpVerbs specifies which HTTP verbs should be matched. An empty list means \"match all verbs\".", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.VSphereFailureDomain"), + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, }, }, - "openstack": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, + }, + Required: []string{"regex", "httpVerbs"}, + }, + }, + } +} + +func schema_openshift_api_legacyconfig_v1_UserAgentMatchingConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "UserAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "requiredClients": { SchemaProps: spec.SchemaProps{ - Description: "openstack configures failure domain information for the OpenStack platform.", + Description: "If this list is non-empty, then a User-Agent must match one of the UserAgentRegexes to be allowed", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.OpenStackFailureDomain"), + Ref: ref("github.com/openshift/api/legacyconfig/v1.UserAgentMatchRule"), }, }, }, }, }, - "nutanix": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, - }, + "deniedClients": { SchemaProps: spec.SchemaProps{ - Description: "nutanix configures failure domain information for the Nutanix platform.", + Description: "If this list is non-empty, then a User-Agent must not match any of the UserAgentRegexes", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.NutanixFailureDomainReference"), + Ref: ref("github.com/openshift/api/legacyconfig/v1.UserAgentDenyRule"), }, }, }, }, }, - }, - Required: []string{"platform"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "platform", - "fields-to-discriminateBy": map[string]interface{}{ - "aws": "AWS", - "azure": "Azure", - "gcp": "GCP", - "nutanix": "Nutanix", - "openstack": "OpenStack", - "vsphere": "VSphere", - }, + "defaultRejectionMessage": { + SchemaProps: spec.SchemaProps{ + Description: "defaultRejectionMessage is the message shown when rejecting a client. If it is not a set, a generic message is given.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, + Required: []string{"requiredClients", "deniedClients", "defaultRejectionMessage"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1.AWSFailureDomain", "github.com/openshift/api/machine/v1.AzureFailureDomain", "github.com/openshift/api/machine/v1.GCPFailureDomain", "github.com/openshift/api/machine/v1.NutanixFailureDomainReference", "github.com/openshift/api/machine/v1.OpenStackFailureDomain", "github.com/openshift/api/machine/v1.VSphereFailureDomain"}, + "github.com/openshift/api/legacyconfig/v1.UserAgentDenyRule", "github.com/openshift/api/legacyconfig/v1.UserAgentMatchRule"}, } } -func schema_openshift_api_machine_v1_GCPFailureDomain(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_legacyconfig_v1_WebhookTokenAuthenticator(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "GCPFailureDomain configures failure domain information for the GCP platform", + Description: "WebhookTokenAuthenticators holds the necessary configuation options for external token authenticators", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "zone": { + "configFile": { + SchemaProps: spec.SchemaProps{ + Description: "configFile is a path to a Kubeconfig file with the webhook configuration", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "cacheTTL": { SchemaProps: spec.SchemaProps{ - Description: "zone is the zone in which the GCP machine provider will create the VM.", + Description: "cacheTTL indicates how long an authentication result should be cached. It takes a valid time duration string (e.g. \"5m\"). If empty, you get a default timeout of 2 minutes. If zero (e.g. \"0m\"), caching is disabled", Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"zone"}, + Required: []string{"configFile", "cacheTTL"}, }, }, } } -func schema_openshift_api_machine_v1_LoadBalancerReference(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_AWSFailureDomain(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "LoadBalancerReference is a reference to a load balancer on IBM Cloud virtual private cloud(VPC).", + Description: "AWSFailureDomain configures failure domain information for the AWS platform.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "subnet": { SchemaProps: spec.SchemaProps{ - Description: "name of the LoadBalancer in IBM Cloud VPC. The name should be between 1 and 63 characters long and may consist of lowercase alphanumeric characters and hyphens only. The value must not end with a hyphen. It is a reference to existing LoadBalancer created by openshift installer component.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "subnet is a reference to the subnet to use for this instance.", + Ref: ref("github.com/openshift/api/machine/v1.AWSResourceReference"), }, }, - "type": { + "placement": { SchemaProps: spec.SchemaProps{ - Description: "type of the LoadBalancer service supported by IBM Cloud VPC. Currently, only Application LoadBalancer is supported. More details about Application LoadBalancer https://cloud.ibm.com/docs/vpc?topic=vpc-load-balancers-about&interface=ui Supported values are Application.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "placement configures the placement information for this instance.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.AWSFailureDomainPlacement"), }, }, }, - Required: []string{"name", "type"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1.AWSFailureDomainPlacement", "github.com/openshift/api/machine/v1.AWSResourceReference"}, } } -func schema_openshift_api_machine_v1_NutanixCategory(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_AWSFailureDomainPlacement(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "NutanixCategory identifies a pair of prism category key and value", + Description: "AWSFailureDomainPlacement configures the placement information for the AWSFailureDomain.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "key": { - SchemaProps: spec.SchemaProps{ - Description: "key is the prism category key name", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "value": { + "availabilityZone": { SchemaProps: spec.SchemaProps{ - Description: "value is the prism category value associated with the key", + Description: "availabilityZone is the availability zone of the instance.", Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"key", "value"}, + Required: []string{"availabilityZone"}, }, }, } } -func schema_openshift_api_machine_v1_NutanixFailureDomainReference(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_AWSResourceFilter(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "NutanixFailureDomainReference refers to the failure domain of the Nutanix platform.", + Description: "AWSResourceFilter is a filter used to identify an AWS resource", Type: []string{"object"}, Properties: map[string]spec.Schema{ "name": { SchemaProps: spec.SchemaProps{ - Description: "name of the failure domain in which the nutanix machine provider will create the VM. Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource.", + Description: "name of the filter. Filter names are case-sensitive.", Default: "", Type: []string{"string"}, Format: "", }, }, + "values": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "values includes one or more filter values. Filter values are case-sensitive.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, }, Required: []string{"name"}, }, @@ -38718,35 +38908,54 @@ func schema_openshift_api_machine_v1_NutanixFailureDomainReference(ref common.Re } } -func schema_openshift_api_machine_v1_NutanixGPU(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_AWSResourceReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "NutanixGPU holds the identity of a Nutanix GPU resource in the Prism Central", + Description: "AWSResourceReference is a reference to a specific AWS resource by ID, ARN, or filters. Only one of ID, ARN or Filters may be specified. Specifying more than one will result in a validation error.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "type": { SchemaProps: spec.SchemaProps{ - Description: "type is the identifier type of the GPU device. Valid values are Name and DeviceID.", + Description: "type determines how the reference will fetch the AWS resource.", Default: "", Type: []string{"string"}, Format: "", }, }, - "deviceID": { + "id": { SchemaProps: spec.SchemaProps{ - Description: "deviceID is the GPU device ID with the integer value.", - Type: []string{"integer"}, - Format: "int32", + Description: "id of resource.", + Type: []string{"string"}, + Format: "", }, }, - "name": { + "arn": { SchemaProps: spec.SchemaProps{ - Description: "name is the GPU device name", + Description: "arn of resource.", Type: []string{"string"}, Format: "", }, }, + "filters": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "filters is a set of filters used to identify a resource.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.AWSResourceFilter"), + }, + }, + }, + }, + }, }, Required: []string{"type"}, }, @@ -38756,22 +38965,25 @@ func schema_openshift_api_machine_v1_NutanixGPU(ref common.ReferenceCallback) co map[string]interface{}{ "discriminator": "type", "fields-to-discriminateBy": map[string]interface{}{ - "deviceID": "DeviceID", - "name": "Name", + "arn": "ARN", + "filters": "Filters", + "id": "ID", }, }, }, }, }, }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1.AWSResourceFilter"}, } } -func schema_openshift_api_machine_v1_NutanixMachineProviderConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_AlibabaCloudMachineProviderConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "NutanixMachineProviderConfig is the Schema for the nutanixmachineproviderconfigs API Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Description: "AlibabaCloudMachineProviderConfig is the Schema for the alibabacloudmachineproviderconfig API Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -38792,491 +39004,389 @@ func schema_openshift_api_machine_v1_NutanixMachineProviderConfig(ref common.Ref SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), - }, - }, - "cluster": { - SchemaProps: spec.SchemaProps{ - Description: "cluster is to identify the cluster (the Prism Element under management of the Prism Central), in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.NutanixResourceIdentifier"), - }, - }, - "image": { - SchemaProps: spec.SchemaProps{ - Description: "image is to identify the rhcos image uploaded to the Prism Central (PC) The image identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.NutanixResourceIdentifier"), - }, - }, - "subnets": { - SchemaProps: spec.SchemaProps{ - Description: "subnets holds a list of identifiers (one or more) of the cluster's network subnets for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.NutanixResourceIdentifier"), - }, - }, - }, - }, - }, - "vcpusPerSocket": { - SchemaProps: spec.SchemaProps{ - Description: "vcpusPerSocket is the number of vCPUs per socket of the VM", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, - "vcpuSockets": { + "instanceType": { SchemaProps: spec.SchemaProps{ - Description: "vcpuSockets is the number of vCPU sockets of the VM", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "The instance type of the instance.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "memorySize": { + "vpcId": { SchemaProps: spec.SchemaProps{ - Description: "memorySize is the memory size (in Quantity format) of the VM The minimum memorySize is 2Gi bytes", - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Description: "The ID of the vpc", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "systemDiskSize": { + "regionId": { SchemaProps: spec.SchemaProps{ - Description: "systemDiskSize is size (in Quantity format) of the system disk of the VM The minimum systemDiskSize is 20Gi bytes", - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Description: "The ID of the region in which to create the instance. You can call the DescribeRegions operation to query the most recent region list.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "bootType": { + "zoneId": { SchemaProps: spec.SchemaProps{ - Description: "bootType indicates the boot type (Legacy, UEFI or SecureBoot) the Machine's VM uses to boot. If this field is empty or omitted, the VM will use the default boot type \"Legacy\" to boot. \"SecureBoot\" depends on \"UEFI\" boot, i.e., enabling \"SecureBoot\" means that \"UEFI\" boot is also enabled.", + Description: "The ID of the zone in which to create the instance. You can call the DescribeZones operation to query the most recent region list.", Default: "", Type: []string{"string"}, Format: "", }, }, - "project": { + "imageId": { SchemaProps: spec.SchemaProps{ - Description: "project optionally identifies a Prism project for the Machine's VM to associate with.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.NutanixResourceIdentifier"), + Description: "The ID of the image used to create the instance.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "categories": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "key", - }, - "x-kubernetes-list-type": "map", - }, - }, + "dataDisk": { SchemaProps: spec.SchemaProps{ - Description: "categories optionally adds one or more prism categories (each with key and value) for the Machine's VM to associate with. All the category key and value pairs specified must already exist in the prism central.", + Description: "DataDisks holds information regarding the extra disks attached to the instance", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.NutanixCategory"), + Ref: ref("github.com/openshift/api/machine/v1.DataDiskProperties"), }, }, }, }, }, - "gpus": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "set", - }, - }, + "securityGroups": { SchemaProps: spec.SchemaProps{ - Description: "gpus is a list of GPU devices to attach to the machine's VM. The GPU devices should already exist in Prism Central and associated with one of the Prism Element's hosts and available for the VM to attach (in \"UNUSED\" status).", + Description: "securityGroups is a list of security group references to assign to the instance. A reference holds either the security group ID, the resource name, or the required tags to search. When more than one security group is returned for a tag search, all the groups are associated with the instance up to the maximum number of security groups to which an instance can belong. For more information, see the \"Security group limits\" section in Limits. https://www.alibabacloud.com/help/en/doc-detail/25412.htm", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.NutanixGPU"), + Ref: ref("github.com/openshift/api/machine/v1.AlibabaResourceReference"), }, }, }, }, }, - "dataDisks": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "set", - }, + "bandwidth": { + SchemaProps: spec.SchemaProps{ + Description: "bandwidth describes the internet bandwidth strategy for the instance", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.BandwidthProperties"), }, + }, + "systemDisk": { SchemaProps: spec.SchemaProps{ - Description: "dataDisks holds information of the data disks to attach to the Machine's VM", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.NutanixVMDisk"), - }, - }, - }, + Description: "systemDisk holds the properties regarding the system disk for the instance", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.SystemDiskProperties"), }, }, - "userDataSecret": { + "vSwitch": { SchemaProps: spec.SchemaProps{ - Description: "userDataSecret is a local reference to a secret that contains the UserData to apply to the VM", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Description: "vSwitch is a reference to the vswitch to use for this instance. A reference holds either the vSwitch ID, the resource name, or the required tags to search. When more than one vSwitch is returned for a tag search, only the first vSwitch returned will be used. This parameter is required when you create an instance of the VPC type. You can call the DescribeVSwitches operation to query the created vSwitches.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.AlibabaResourceReference"), }, }, - "credentialsSecret": { + "ramRoleName": { SchemaProps: spec.SchemaProps{ - Description: "credentialsSecret is a local reference to a secret that contains the credentials data to access Nutanix PC client", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Description: "ramRoleName is the name of the instance Resource Access Management (RAM) role. This allows the instance to perform API calls as this specified RAM role.", + Type: []string{"string"}, + Format: "", }, }, - "failureDomain": { + "resourceGroup": { SchemaProps: spec.SchemaProps{ - Description: "failureDomain refers to the name of the FailureDomain with which this Machine is associated. If this is configured, the Nutanix machine controller will use the prism_central endpoint and credentials defined in the referenced FailureDomain to communicate to the prism_central. It will also verify that the 'cluster' and subnets' configuration in the NutanixMachineProviderConfig is consistent with that in the referenced failureDomain.", - Ref: ref("github.com/openshift/api/machine/v1.NutanixFailureDomainReference"), + Description: "resourceGroup references the resource group to which to assign the instance. A reference holds either the resource group ID, the resource name, or the required tags to search. When more than one resource group are returned for a search, an error will be produced and the Machine will not be created. Resource Groups do not support searching by tags.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.AlibabaResourceReference"), }, }, - }, - Required: []string{"cluster", "image", "subnets", "vcpusPerSocket", "vcpuSockets", "memorySize", "systemDiskSize", "credentialsSecret"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1.NutanixCategory", "github.com/openshift/api/machine/v1.NutanixFailureDomainReference", "github.com/openshift/api/machine/v1.NutanixGPU", "github.com/openshift/api/machine/v1.NutanixResourceIdentifier", "github.com/openshift/api/machine/v1.NutanixVMDisk", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/apimachinery/pkg/api/resource.Quantity", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, - } -} - -func schema_openshift_api_machine_v1_NutanixMachineProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "NutanixMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains nutanix-specific status information. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { + "tenancy": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "tenancy specifies whether to create the instance on a dedicated host. Valid values:\n\ndefault: creates the instance on a non-dedicated host. host: creates the instance on a dedicated host. If you do not specify the DedicatedHostID parameter, Alibaba Cloud automatically selects a dedicated host for the instance. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `default`.", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "userDataSecret": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", + Description: "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", - }, - "x-kubernetes-list-type": "map", - }, + "credentialsSecret": { + SchemaProps: spec.SchemaProps{ + Description: "credentialsSecret is a reference to the secret with alibabacloud credentials. Otherwise, defaults to permissions provided by attached RAM role where the actuator is running.", + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, + }, + "tag": { SchemaProps: spec.SchemaProps{ - Description: "conditions is a set of conditions associated with the Machine to indicate errors or other status", + Description: "Tags are the set of metadata to add to an instance.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref("github.com/openshift/api/machine/v1.Tag"), }, }, }, }, }, - "vmUUID": { - SchemaProps: spec.SchemaProps{ - Description: "vmUUID is the Machine associated VM's UUID The field is missing before the VM is created. Once the VM is created, the field is filled with the VM's UUID and it will not change. The vmUUID is used to find the VM when updating the Machine status, and to delete the VM when the Machine is deleted.", - Type: []string{"string"}, - Format: "", - }, - }, }, + Required: []string{"instanceType", "vpcId", "regionId", "zoneId", "imageId", "vSwitch", "resourceGroup"}, }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + "github.com/openshift/api/machine/v1.AlibabaResourceReference", "github.com/openshift/api/machine/v1.BandwidthProperties", "github.com/openshift/api/machine/v1.DataDiskProperties", "github.com/openshift/api/machine/v1.SystemDiskProperties", "github.com/openshift/api/machine/v1.Tag", corev1.LocalObjectReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1_NutanixResourceIdentifier(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_AlibabaCloudMachineProviderConfigList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "NutanixResourceIdentifier holds the identity of a Nutanix PC resource (cluster, image, subnet, etc.)", + Description: "AlibabaCloudMachineProviderConfigList contains a list of AlibabaCloudMachineProviderConfig Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "type": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "type is the identifier type to use for this resource.", - Default: "", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "uuid": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "uuid is the UUID of the resource in the PC.", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - "name": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "name is the resource name in the PC", - Type: []string{"string"}, - Format: "", + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, - }, - Required: []string{"type"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "type", - "fields-to-discriminateBy": map[string]interface{}{ - "name": "Name", - "uuid": "UUID", + "items": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.AlibabaCloudMachineProviderConfig"), + }, + }, }, }, }, }, + Required: []string{"items"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1.AlibabaCloudMachineProviderConfig", metav1.ListMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1_NutanixStorageResourceIdentifier(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_AlibabaCloudMachineProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "NutanixStorageResourceIdentifier holds the identity of a Nutanix storage resource (storage_container, etc.)", + Description: "AlibabaCloudMachineProviderStatus is the Schema for the alibabacloudmachineproviderconfig API Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "type": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "type is the identifier type to use for this resource. The valid value is \"uuid\".", - Default: "", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "uuid": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "uuid is the UUID of the storage resource in the PC.", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - }, - Required: []string{"type"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "type", - "fields-to-discriminateBy": map[string]interface{}{ - "uuid": "UUID", - }, - }, - }, - }, - }, - }, - } -} - -func schema_openshift_api_machine_v1_NutanixVMDisk(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "NutanixDataDisk specifies the VM data disk configuration parameters.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "diskSize": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "diskSize is size (in Quantity format) of the disk attached to the VM. See https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Format for the Quantity format and example documentation. The minimum diskSize is 1GB.", - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, - "deviceProperties": { + "instanceId": { SchemaProps: spec.SchemaProps{ - Description: "deviceProperties are the properties of the disk device.", - Ref: ref("github.com/openshift/api/machine/v1.NutanixVMDiskDeviceProperties"), + Description: "instanceId is the instance ID of the machine created in alibabacloud", + Type: []string{"string"}, + Format: "", }, }, - "storageConfig": { + "instanceState": { SchemaProps: spec.SchemaProps{ - Description: "storageConfig are the storage configuration parameters of the VM disks.", - Ref: ref("github.com/openshift/api/machine/v1.NutanixVMStorageConfig"), + Description: "instanceState is the state of the alibabacloud instance for this machine", + Type: []string{"string"}, + Format: "", }, }, - "dataSource": { + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "dataSource refers to a data source image for the VM disk.", - Ref: ref("github.com/openshift/api/machine/v1.NutanixResourceIdentifier"), + Description: "conditions is a set of conditions associated with the Machine to indicate errors or other status", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(metav1.Condition{}.OpenAPIModelName()), + }, + }, + }, }, }, }, - Required: []string{"diskSize"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1.NutanixResourceIdentifier", "github.com/openshift/api/machine/v1.NutanixVMDiskDeviceProperties", "github.com/openshift/api/machine/v1.NutanixVMStorageConfig", "k8s.io/apimachinery/pkg/api/resource.Quantity"}, + metav1.Condition{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1_NutanixVMDiskDeviceProperties(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_AlibabaResourceReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "NutanixVMDiskDeviceProperties specifies the disk device properties.", + Description: "ResourceTagReference is a reference to a specific AlibabaCloud resource by ID, or tags. Only one of ID or Tags may be specified. Specifying more than one will result in a validation error.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "deviceType": { + "type": { SchemaProps: spec.SchemaProps{ - Description: "deviceType specifies the disk device type. The valid values are \"Disk\" and \"CDRom\", and the default is \"Disk\".", + Description: "type identifies the resource reference type for this entry.", Default: "", Type: []string{"string"}, Format: "", }, }, - "adapterType": { + "id": { SchemaProps: spec.SchemaProps{ - Description: "adapterType is the adapter type of the disk address. If the deviceType is \"Disk\", the valid adapterType can be \"SCSI\", \"IDE\", \"PCI\", \"SATA\" or \"SPAPR\". If the deviceType is \"CDRom\", the valid adapterType can be \"IDE\" or \"SATA\".", - Default: "", + Description: "id of resource", Type: []string{"string"}, Format: "", }, }, - "deviceIndex": { - SchemaProps: spec.SchemaProps{ - Description: "deviceIndex is the index of the disk address. The valid values are non-negative integers, with the default value 0. For a Machine VM, the deviceIndex for the disks with the same deviceType.adapterType combination should start from 0 and increase consecutively afterwards. Note that for each Machine VM, the Disk.SCSI.0 and CDRom.IDE.0 are reserved to be used by the VM's system. So for dataDisks of Disk.SCSI and CDRom.IDE, the deviceIndex should start from 1.", - Type: []string{"integer"}, - Format: "int32", - }, - }, - }, - Required: []string{"deviceType", "adapterType", "deviceIndex"}, - }, - }, - } -} - -func schema_openshift_api_machine_v1_NutanixVMStorageConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "NutanixVMStorageConfig specifies the storage configuration parameters for VM disks.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "diskMode": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "diskMode specifies the disk mode. The valid values are Standard and Flash, and the default is Standard.", - Default: "", + Description: "name of the resource", Type: []string{"string"}, Format: "", }, }, - "storageContainer": { + "tags": { SchemaProps: spec.SchemaProps{ - Description: "storageContainer refers to the storage_container used by the VM disk.", - Ref: ref("github.com/openshift/api/machine/v1.NutanixStorageResourceIdentifier"), + Description: "tags is a set of metadata based upon ECS object tags used to identify a resource. For details about usage when multiple resources are found, please see the owning parent field documentation.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.Tag"), + }, + }, + }, }, }, }, - Required: []string{"diskMode"}, + Required: []string{"type"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1.NutanixStorageResourceIdentifier"}, + "github.com/openshift/api/machine/v1.Tag"}, } } -func schema_openshift_api_machine_v1_OpenShiftMachineV1Beta1MachineTemplate(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_AzureFailureDomain(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "OpenShiftMachineV1Beta1MachineTemplate is a template for the ControlPlaneMachineSet to create Machines from the v1beta1.machine.openshift.io API group.", + Description: "AzureFailureDomain configures failure domain information for the Azure platform.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "failureDomains": { - SchemaProps: spec.SchemaProps{ - Description: "failureDomains is the list of failure domains (sometimes called availability zones) in which the ControlPlaneMachineSet should balance the Control Plane Machines. This will be merged into the ProviderSpec given in the template. This field is optional on platforms that do not require placement information.", - Ref: ref("github.com/openshift/api/machine/v1.FailureDomains"), - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "ObjectMeta is the standard object metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata Labels are required to match the ControlPlaneMachineSet selector.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.ControlPlaneMachineSetTemplateObjectMeta"), + "zone": { + SchemaProps: spec.SchemaProps{ + Description: "Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "spec": { + "subnet": { SchemaProps: spec.SchemaProps{ - Description: "spec contains the desired configuration of the Control Plane Machines. The ProviderSpec within contains platform specific details for creating the Control Plane Machines. The ProviderSe should be complete apart from the platform specific failure domain field. This will be overridden when the Machines are created based on the FailureDomains field.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.MachineSpec"), + Description: "subnet is the name of the network subnet in which the VM will be created. When omitted, the subnet value from the machine providerSpec template will be used.", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"metadata", "spec"}, + Required: []string{"zone"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1.ControlPlaneMachineSetTemplateObjectMeta", "github.com/openshift/api/machine/v1.FailureDomains", "github.com/openshift/api/machine/v1beta1.MachineSpec"}, } } -func schema_openshift_api_machine_v1_OpenStackFailureDomain(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_BandwidthProperties(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "OpenStackFailureDomain configures failure domain information for the OpenStack platform.", + Description: "Bandwidth describes the bandwidth strategy for the network of the instance", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "availabilityZone": { + "internetMaxBandwidthIn": { SchemaProps: spec.SchemaProps{ - Description: "availabilityZone is the nova availability zone in which the OpenStack machine provider will create the VM. If not specified, the VM will be created in the default availability zone specified in the nova configuration. Availability zone names must NOT contain : since it is used by admin users to specify hosts where instances are launched in server creation. Also, it must not contain spaces otherwise it will lead to node that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information. The maximum length of availability zone name is 63 as per labels limits.", - Type: []string{"string"}, - Format: "", + Description: "internetMaxBandwidthIn is the maximum inbound public bandwidth. Unit: Mbit/s. Valid values: When the purchased outbound public bandwidth is less than or equal to 10 Mbit/s, the valid values of this parameter are 1 to 10. Currently the default is `10` when outbound bandwidth is less than or equal to 10 Mbit/s. When the purchased outbound public bandwidth is greater than 10, the valid values are 1 to the InternetMaxBandwidthOut value. Currently the default is the value used for `InternetMaxBandwidthOut` when outbound public bandwidth is greater than 10.", + Type: []string{"integer"}, + Format: "int64", }, }, - "rootVolume": { + "internetMaxBandwidthOut": { SchemaProps: spec.SchemaProps{ - Description: "rootVolume contains settings that will be used by the OpenStack machine provider to create the root volume attached to the VM. If not specified, no root volume will be created.", - Ref: ref("github.com/openshift/api/machine/v1.RootVolume"), + Description: "internetMaxBandwidthOut is the maximum outbound public bandwidth. Unit: Mbit/s. Valid values: 0 to 100. When a value greater than 0 is used then a public IP address is assigned to the instance. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `0`", + Type: []string{"integer"}, + Format: "int64", }, }, }, }, }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1.RootVolume"}, } } -func schema_openshift_api_machine_v1_PowerVSMachineProviderConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_ControlPlaneMachineSet(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PowerVSMachineProviderConfig is the type that will be embedded in a Machine.Spec.ProviderSpec field for a PowerVS virtual machine. It is used by the PowerVS machine actuator to create a single Machine.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Description: "ControlPlaneMachineSet ensures that a specified number of control plane machine replicas are running at any given time. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -39295,122 +39405,147 @@ func schema_openshift_api_machine_v1_PowerVSMachineProviderConfig(ref common.Ref }, "metadata": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), - }, - }, - "userDataSecret": { - SchemaProps: spec.SchemaProps{ - Description: "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance.", - Ref: ref("github.com/openshift/api/machine/v1.PowerVSSecretReference"), - }, - }, - "credentialsSecret": { - SchemaProps: spec.SchemaProps{ - Description: "credentialsSecret is a reference to the secret with IBM Cloud credentials.", - Ref: ref("github.com/openshift/api/machine/v1.PowerVSSecretReference"), - }, - }, - "serviceInstance": { - SchemaProps: spec.SchemaProps{ - Description: "serviceInstance is the reference to the Power VS service on which the server instance(VM) will be created. Power VS service is a container for all Power VS instances at a specific geographic region. serviceInstance can be created via IBM Cloud catalog or CLI. supported serviceInstance identifier in PowerVSResource are Name and ID and that can be obtained from IBM Cloud UI or IBM Cloud cli. More detail about Power VS service instance. https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-creating-power-virtual-server", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.PowerVSResource"), - }, - }, - "image": { - SchemaProps: spec.SchemaProps{ - Description: "image is to identify the rhcos image uploaded to IBM COS bucket which is used to create the instance. supported image identifier in PowerVSResource are Name and ID and that can be obtained from IBM Cloud UI or IBM Cloud cli.", + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.PowerVSResource"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, - "network": { + "spec": { SchemaProps: spec.SchemaProps{ - Description: "network is the reference to the Network to use for this instance. supported network identifier in PowerVSResource are Name, ID and RegEx and that can be obtained from IBM Cloud UI or IBM Cloud cli.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.PowerVSResource"), + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.ControlPlaneMachineSetSpec"), }, }, - "keyPairName": { + "status": { SchemaProps: spec.SchemaProps{ - Description: "keyPairName is the name of the KeyPair to use for SSH. The key pair will be exposed to the instance via the instance metadata service. On boot, the OS will copy the public keypair into the authorized keys for the core user.", - Default: "", - Type: []string{"string"}, - Format: "", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.ControlPlaneMachineSetStatus"), }, }, - "systemType": { + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1.ControlPlaneMachineSetSpec", "github.com/openshift/api/machine/v1.ControlPlaneMachineSetStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_machine_v1_ControlPlaneMachineSetList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ControlPlaneMachineSetList contains a list of ControlPlaneMachineSet Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { SchemaProps: spec.SchemaProps{ - Description: "systemType is the System type used to host the instance. systemType determines the number of cores and memory that is available. Few of the supported SystemTypes are s922,e880,e980. e880 systemType available only in Dallas Datacenters. e980 systemType available in Datacenters except Dallas and Washington. When omitted, this means that the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is s922 which is generally available.", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "processorType": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "processorType is the VM instance processor type. It must be set to one of the following values: Dedicated, Capped or Shared. Dedicated: resources are allocated for a specific client, The hypervisor makes a 1:1 binding of a partition’s processor to a physical processor core. Shared: Shared among other clients. Capped: Shared, but resources do not expand beyond those that are requested, the amount of CPU time is Capped to the value specified for the entitlement. if the processorType is selected as Dedicated, then processors value cannot be fractional. When omitted, this means that the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is Shared.", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - "processors": { - SchemaProps: spec.SchemaProps{ - Description: "processors is the number of virtual processors in a virtual machine. when the processorType is selected as Dedicated the processors value cannot be fractional. maximum value for the Processors depends on the selected SystemType. when SystemType is set to e880 or e980 maximum Processors value is 143. when SystemType is set to s922 maximum Processors value is 15. minimum value for Processors depends on the selected ProcessorType. when ProcessorType is set as Shared or Capped, The minimum processors is 0.5. when ProcessorType is set as Dedicated, The minimum processors is 1. When omitted, this means that the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default is set based on the selected ProcessorType. when ProcessorType selected as Dedicated, the default is set to 1. when ProcessorType selected as Shared or Capped, the default is set to 0.5.", - Ref: ref("k8s.io/apimachinery/pkg/util/intstr.IntOrString"), - }, - }, - "memoryGiB": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "memoryGiB is the size of a virtual machine's memory, in GiB. maximum value for the MemoryGiB depends on the selected SystemType. when SystemType is set to e880 maximum MemoryGiB value is 7463 GiB. when SystemType is set to e980 maximum MemoryGiB value is 15307 GiB. when SystemType is set to s922 maximum MemoryGiB value is 942 GiB. The minimum memory is 32 GiB. When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 32.", - Type: []string{"integer"}, - Format: "int32", + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, - "loadBalancers": { + "items": { SchemaProps: spec.SchemaProps{ - Description: "loadBalancers is the set of load balancers to which the new control plane instance should be added once it is created.", - Type: []string{"array"}, + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1.LoadBalancerReference"), + Ref: ref("github.com/openshift/api/machine/v1.ControlPlaneMachineSet"), }, }, }, }, }, }, - Required: []string{"serviceInstance", "image", "network", "keyPairName"}, + Required: []string{"items"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1.LoadBalancerReference", "github.com/openshift/api/machine/v1.PowerVSResource", "github.com/openshift/api/machine/v1.PowerVSSecretReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta", "k8s.io/apimachinery/pkg/util/intstr.IntOrString"}, + "github.com/openshift/api/machine/v1.ControlPlaneMachineSet", metav1.ListMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1_PowerVSMachineProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_ControlPlaneMachineSetSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PowerVSMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains PowerVS-specific status information.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Description: "ControlPlaneMachineSet represents the configuration of the ControlPlaneMachineSet.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "machineNamePrefix": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "machineNamePrefix is the prefix used when creating machine names. Each machine name will consist of this prefix, followed by a randomly generated string of 5 characters, and the index of the machine. It must be a lowercase RFC 1123 subdomain, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.'). Each block, separated by periods, must start and end with an alphanumeric character. Hyphens are not allowed at the start or end of a block, and consecutive periods are not permitted. The prefix must be between 1 and 245 characters in length. For example, if machineNamePrefix is set to 'control-plane', and three machines are created, their names might be: control-plane-abcde-0, control-plane-fghij-1, control-plane-klmno-2", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "state": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "state defines whether the ControlPlaneMachineSet is Active or Inactive. When Inactive, the ControlPlaneMachineSet will not take any action on the state of the Machines within the cluster. When Active, the ControlPlaneMachineSet will reconcile the Machines and will update the Machines as necessary. Once Active, a ControlPlaneMachineSet cannot be made Inactive. To prevent further action please remove the ControlPlaneMachineSet.", + Default: "Inactive", Type: []string{"string"}, Format: "", }, }, + "replicas": { + SchemaProps: spec.SchemaProps{ + Description: "replicas defines how many Control Plane Machines should be created by this ControlPlaneMachineSet. This field is immutable and cannot be changed after cluster installation. The ControlPlaneMachineSet only operates with 3 or 5 node control planes, 3 and 5 are the only valid values for this field.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "strategy": { + SchemaProps: spec.SchemaProps{ + Description: "strategy defines how the ControlPlaneMachineSet will update Machines when it detects a change to the ProviderSpec.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.ControlPlaneMachineSetStrategy"), + }, + }, + "selector": { + SchemaProps: spec.SchemaProps{ + Description: "Label selector for Machines. Existing Machines selected by this selector will be the ones affected by this ControlPlaneMachineSet. It must match the template's labels. This field is considered immutable after creation of the resource.", + Default: map[string]interface{}{}, + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), + }, + }, + "template": { + SchemaProps: spec.SchemaProps{ + Description: "template describes the Control Plane Machines that will be created by this ControlPlaneMachineSet.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.ControlPlaneMachineSetTemplate"), + }, + }, + }, + Required: []string{"replicas", "selector", "template"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1.ControlPlaneMachineSetStrategy", "github.com/openshift/api/machine/v1.ControlPlaneMachineSetTemplate", metav1.LabelSelector{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_machine_v1_ControlPlaneMachineSetStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ControlPlaneMachineSetStatus represents the status of the ControlPlaneMachineSet CRD.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ "conditions": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ @@ -39421,331 +39556,539 @@ func schema_openshift_api_machine_v1_PowerVSMachineProviderStatus(ref common.Ref }, }, SchemaProps: spec.SchemaProps{ - Description: "conditions is a set of conditions associated with the Machine to indicate errors or other status", + Description: "conditions represents the observations of the ControlPlaneMachineSet's current state. Known .status.conditions.type are: Available, Degraded and Progressing.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, }, }, - "instanceId": { + "observedGeneration": { SchemaProps: spec.SchemaProps{ - Description: "instanceId is the instance ID of the machine created in PowerVS instanceId uniquely identifies a Power VS server instance(VM) under a Power VS service. This will help in updating or deleting a VM in Power VS Cloud", - Type: []string{"string"}, - Format: "", + Description: "observedGeneration is the most recent generation observed for this ControlPlaneMachineSet. It corresponds to the ControlPlaneMachineSets's generation, which is updated on mutation by the API Server.", + Type: []string{"integer"}, + Format: "int64", }, }, - "serviceInstanceID": { + "replicas": { SchemaProps: spec.SchemaProps{ - Description: "serviceInstanceID is the reference to the Power VS ServiceInstance on which the machine instance will be created. serviceInstanceID uniquely identifies the Power VS service By setting serviceInstanceID it will become easy and efficient to fetch a server instance(VM) within Power VS Cloud.", - Type: []string{"string"}, - Format: "", + Description: "replicas is the number of Control Plane Machines created by the ControlPlaneMachineSet controller. Note that during update operations this value may differ from the desired replica count.", + Type: []string{"integer"}, + Format: "int32", }, }, - "instanceState": { + "readyReplicas": { SchemaProps: spec.SchemaProps{ - Description: "instanceState is the state of the PowerVS instance for this machine Possible instance states are Active, Build, ShutOff, Reboot This is used to display additional information to user regarding instance current state", - Type: []string{"string"}, - Format: "", + Description: "readyReplicas is the number of Control Plane Machines created by the ControlPlaneMachineSet controller which are ready. Note that this value may be higher than the desired number of replicas while rolling updates are in-progress.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "updatedReplicas": { + SchemaProps: spec.SchemaProps{ + Description: "updatedReplicas is the number of non-terminated Control Plane Machines created by the ControlPlaneMachineSet controller that have the desired provider spec and are ready. This value is set to 0 when a change is detected to the desired spec. When the update strategy is RollingUpdate, this will also coincide with starting the process of updating the Machines. When the update strategy is OnDelete, this value will remain at 0 until a user deletes an existing replica and its replacement has become ready.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "unavailableReplicas": { + SchemaProps: spec.SchemaProps{ + Description: "unavailableReplicas is the number of Control Plane Machines that are still required before the ControlPlaneMachineSet reaches the desired available capacity. When this value is non-zero, the number of ReadyReplicas is less than the desired Replicas.", + Type: []string{"integer"}, + Format: "int32", }, }, }, }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + metav1.Condition{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1_PowerVSResource(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_ControlPlaneMachineSetStrategy(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PowerVSResource is a reference to a specific PowerVS resource by ID, Name or RegEx Only one of ID, Name or RegEx may be specified. Specifying more than one will result in a validation error.", + Description: "ControlPlaneMachineSetStrategy defines the strategy for applying updates to the Control Plane Machines managed by the ControlPlaneMachineSet.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "type": { SchemaProps: spec.SchemaProps{ - Description: "type identifies the resource type for this entry. Valid values are ID, Name and RegEx", - Type: []string{"string"}, - Format: "", - }, - }, - "id": { - SchemaProps: spec.SchemaProps{ - Description: "id of resource", + Description: "type defines the type of update strategy that should be used when updating Machines owned by the ControlPlaneMachineSet. Valid values are \"RollingUpdate\" and \"OnDelete\". The current default value is \"RollingUpdate\".", + Default: "RollingUpdate", Type: []string{"string"}, Format: "", }, }, - "name": { + }, + }, + }, + } +} + +func schema_openshift_api_machine_v1_ControlPlaneMachineSetTemplate(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ControlPlaneMachineSetTemplate is a template used by the ControlPlaneMachineSet to create the Machines that it will manage in the future.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "machineType": { SchemaProps: spec.SchemaProps{ - Description: "name of resource", + Description: "machineType determines the type of Machines that should be managed by the ControlPlaneMachineSet. Currently, the only valid value is machines_v1beta1_machine_openshift_io.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "regex": { + "machines_v1beta1_machine_openshift_io": { SchemaProps: spec.SchemaProps{ - Description: "regex to find resource Regex contains the pattern to match to find a resource", - Type: []string{"string"}, - Format: "", + Description: "OpenShiftMachineV1Beta1Machine defines the template for creating Machines from the v1beta1.machine.openshift.io API group.", + Ref: ref("github.com/openshift/api/machine/v1.OpenShiftMachineV1Beta1MachineTemplate"), }, }, }, + Required: []string{"machineType"}, }, VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ "x-kubernetes-unions": []interface{}{ map[string]interface{}{ + "discriminator": "machineType", "fields-to-discriminateBy": map[string]interface{}{ - "id": "ID", - "name": "Name", - "regex": "RegEx", - "type": "Type", + "machines_v1beta1_machine_openshift_io": "OpenShiftMachineV1Beta1Machine", }, }, }, }, }, }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1.OpenShiftMachineV1Beta1MachineTemplate"}, } } -func schema_openshift_api_machine_v1_PowerVSSecretReference(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_ControlPlaneMachineSetTemplateObjectMeta(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PowerVSSecretReference contains enough information to locate the referenced secret inside the same namespace.", + Description: "ControlPlaneMachineSetTemplateObjectMeta is a subset of the metav1.ObjectMeta struct. It allows users to specify labels and annotations that will be copied onto Machines created from this template.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "labels": { SchemaProps: spec.SchemaProps{ - Description: "name of the secret.", - Type: []string{"string"}, - Format: "", + Description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels. This field must contain both the 'machine.openshift.io/cluster-api-machine-role' and 'machine.openshift.io/cluster-api-machine-type' labels, both with a value of 'master'. It must also contain a label with the key 'machine.openshift.io/cluster-api-cluster'.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "annotations": { + SchemaProps: spec.SchemaProps{ + Description: "annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, }, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-map-type": "atomic", - }, + Required: []string{"labels"}, }, }, } } -func schema_openshift_api_machine_v1_RootVolume(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_DataDiskProperties(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "RootVolume represents the volume metadata to boot from. The original RootVolume struct is defined in the v1alpha1 but it's not best practice to use it directly here so we define a new one that should stay in sync with the original one.", + Description: "DataDisk contains the information regarding the datadisk attached to an instance", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "availabilityZone": { + "Name": { SchemaProps: spec.SchemaProps{ - Description: "availabilityZone specifies the Cinder availability zone where the root volume will be created. If not specifified, the root volume will be created in the availability zone specified by the volume type in the cinder configuration. If the volume type (configured in the OpenStack cluster) does not specify an availability zone, the root volume will be created in the default availability zone specified in the cinder configuration. See https://docs.openstack.org/cinder/latest/admin/availability-zone-type.html for more details. If the OpenStack cluster is deployed with the cross_az_attach configuration option set to false, the root volume will have to be in the same availability zone as the VM (defined by OpenStackFailureDomain.AvailabilityZone). Availability zone names must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information. The maximum length of availability zone name is 63 as per labels limits.", + Description: "Name is the name of data disk N. If the name is specified the name must be 2 to 128 characters in length. It must start with a letter and cannot start with http:// or https://. It can contain letters, digits, colons (:), underscores (_), and hyphens (-).\n\nEmpty value means the platform chooses a default, which is subject to change over time. Currently the default is `\"\"`.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "volumeType": { + "SnapshotID": { SchemaProps: spec.SchemaProps{ - Description: "volumeType specifies the type of the root volume that will be provisioned. The maximum length of a volume type name is 255 characters, as per the OpenStack limit.", + Description: "SnapshotID is the ID of the snapshot used to create data disk N. Valid values of N: 1 to 16.\n\nWhen the DataDisk.N.SnapshotID parameter is specified, the DataDisk.N.Size parameter is ignored. The data disk is created based on the size of the specified snapshot. Use snapshots created after July 15, 2013. Otherwise, an error is returned and your request is rejected.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "Size": { + SchemaProps: spec.SchemaProps{ + Description: "Size of the data disk N. Valid values of N: 1 to 16. Unit: GiB. Valid values:\n\nValid values when DataDisk.N.Category is set to cloud_efficiency: 20 to 32768 Valid values when DataDisk.N.Category is set to cloud_ssd: 20 to 32768 Valid values when DataDisk.N.Category is set to cloud_essd: 20 to 32768 Valid values when DataDisk.N.Category is set to cloud: 5 to 2000 The value of this parameter must be greater than or equal to the size of the snapshot specified by the SnapshotID parameter.", + Default: 0, + Type: []string{"integer"}, + Format: "int64", + }, + }, + "DiskEncryption": { + SchemaProps: spec.SchemaProps{ + Description: "DiskEncryption specifies whether to encrypt data disk N.\n\nEmpty value means the platform chooses a default, which is subject to change over time. Currently the default is `disabled`.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "PerformanceLevel": { + SchemaProps: spec.SchemaProps{ + Description: "PerformanceLevel is the performance level of the ESSD used as as data disk N. The N value must be the same as that in DataDisk.N.Category when DataDisk.N.Category is set to cloud_essd. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is `PL1`. Valid values:\n\nPL0: A single ESSD can deliver up to 10,000 random read/write IOPS. PL1: A single ESSD can deliver up to 50,000 random read/write IOPS. PL2: A single ESSD can deliver up to 100,000 random read/write IOPS. PL3: A single ESSD can deliver up to 1,000,000 random read/write IOPS. For more information about ESSD performance levels, see ESSDs.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "Category": { + SchemaProps: spec.SchemaProps{ + Description: "Category describes the type of data disk N. Valid values: cloud_efficiency: ultra disk cloud_ssd: standard SSD cloud_essd: ESSD cloud: basic disk Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently for non-I/O optimized instances of retired instance types, the default is `cloud`. Currently for other instances, the default is `cloud_efficiency`.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "KMSKeyID": { + SchemaProps: spec.SchemaProps{ + Description: "KMSKeyID is the ID of the Key Management Service (KMS) key to be used by data disk N. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `\"\"` which is interpreted as do not use KMSKey encryption.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "DiskPreservation": { + SchemaProps: spec.SchemaProps{ + Description: "DiskPreservation specifies whether to release data disk N along with the instance. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `DeleteWithInstance`", Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"volumeType"}, }, }, } } -func schema_openshift_api_machine_v1_SystemDiskProperties(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_FailureDomains(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "SystemDiskProperties contains the information regarding the system disk including performance, size, name, and category", + Description: "FailureDomain represents the different configurations required to spread Machines across failure domains on different platforms.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "category": { + "platform": { SchemaProps: spec.SchemaProps{ - Description: "category is the category of the system disk. Valid values: cloud_essd: ESSD. When the parameter is set to this value, you can use the SystemDisk.PerformanceLevel parameter to specify the performance level of the disk. cloud_efficiency: ultra disk. cloud_ssd: standard SSD. cloud: basic disk. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently for non-I/O optimized instances of retired instance types, the default is `cloud`. Currently for other instances, the default is `cloud_efficiency`.", + Description: "platform identifies the platform for which the FailureDomain represents. Currently supported values are AWS, Azure, GCP, OpenStack, VSphere and Nutanix.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "performanceLevel": { + "aws": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "performanceLevel is the performance level of the ESSD used as the system disk. Valid values:\n\nPL0: A single ESSD can deliver up to 10,000 random read/write IOPS. PL1: A single ESSD can deliver up to 50,000 random read/write IOPS. PL2: A single ESSD can deliver up to 100,000 random read/write IOPS. PL3: A single ESSD can deliver up to 1,000,000 random read/write IOPS. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is `PL1`. For more information about ESSD performance levels, see ESSDs.", - Type: []string{"string"}, - Format: "", + Description: "aws configures failure domain information for the AWS platform.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.AWSFailureDomain"), + }, + }, + }, }, }, - "name": { + "azure": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "name is the name of the system disk. If the name is specified the name must be 2 to 128 characters in length. It must start with a letter and cannot start with http:// or https://. It can contain letters, digits, colons (:), underscores (_), and hyphens (-). Empty value means the platform chooses a default, which is subject to change over time. Currently the default is `\"\"`.", - Type: []string{"string"}, - Format: "", + Description: "azure configures failure domain information for the Azure platform.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.AzureFailureDomain"), + }, + }, + }, }, }, - "size": { + "gcp": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "size is the size of the system disk. Unit: GiB. Valid values: 20 to 500. The value must be at least 20 and greater than or equal to the size of the image. Empty value means the platform chooses a default, which is subject to change over time. Currently the default is `40` or the size of the image depending on whichever is greater.", - Type: []string{"integer"}, - Format: "int64", + Description: "gcp configures failure domain information for the GCP platform.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.GCPFailureDomain"), + }, + }, + }, + }, + }, + "vsphere": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "vsphere configures failure domain information for the VSphere platform.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.VSphereFailureDomain"), + }, + }, + }, + }, + }, + "openstack": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "openstack configures failure domain information for the OpenStack platform.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.OpenStackFailureDomain"), + }, + }, + }, + }, + }, + "nutanix": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "nutanix configures failure domain information for the Nutanix platform.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.NutanixFailureDomainReference"), + }, + }, + }, + }, + }, + }, + Required: []string{"platform"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "platform", + "fields-to-discriminateBy": map[string]interface{}{ + "aws": "AWS", + "azure": "Azure", + "gcp": "GCP", + "nutanix": "Nutanix", + "openstack": "OpenStack", + "vsphere": "VSphere", + }, }, }, }, }, }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1.AWSFailureDomain", "github.com/openshift/api/machine/v1.AzureFailureDomain", "github.com/openshift/api/machine/v1.GCPFailureDomain", "github.com/openshift/api/machine/v1.NutanixFailureDomainReference", "github.com/openshift/api/machine/v1.OpenStackFailureDomain", "github.com/openshift/api/machine/v1.VSphereFailureDomain"}, } } -func schema_openshift_api_machine_v1_Tag(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_GCPFailureDomain(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "Tag The tags of ECS Instance", + Description: "GCPFailureDomain configures failure domain information for the GCP platform", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "Key": { - SchemaProps: spec.SchemaProps{ - Description: "Key is the name of the key pair", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "Value": { + "zone": { SchemaProps: spec.SchemaProps{ - Description: "Value is the value or data of the key pair", + Description: "zone is the zone in which the GCP machine provider will create the VM.", Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"Key", "Value"}, + Required: []string{"zone"}, }, }, } } -func schema_openshift_api_machine_v1_VSphereFailureDomain(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_LoadBalancerReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "VSphereFailureDomain configures failure domain information for the vSphere platform", + Description: "LoadBalancerReference is a reference to a load balancer on IBM Cloud virtual private cloud(VPC).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "name": { SchemaProps: spec.SchemaProps{ - Description: "name of the failure domain in which the vSphere machine provider will create the VM. Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource. When balancing machines across failure domains, the control plane machine set will inject configuration from the Infrastructure resource into the machine providerSpec to allocate the machine to a failure domain.", + Description: "name of the LoadBalancer in IBM Cloud VPC. The name should be between 1 and 63 characters long and may consist of lowercase alphanumeric characters and hyphens only. The value must not end with a hyphen. It is a reference to existing LoadBalancer created by openshift installer component.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "type": { + SchemaProps: spec.SchemaProps{ + Description: "type of the LoadBalancer service supported by IBM Cloud VPC. Currently, only Application LoadBalancer is supported. More details about Application LoadBalancer https://cloud.ibm.com/docs/vpc?topic=vpc-load-balancers-about&interface=ui Supported values are Application.", Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"name"}, + Required: []string{"name", "type"}, }, }, } } -func schema_openshift_api_machine_v1alpha1_AdditionalBlockDevice(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_NutanixCategory(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "additionalBlockDevice is a block device to attach to the server.", + Description: "NutanixCategory identifies a pair of prism category key and value", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "key": { SchemaProps: spec.SchemaProps{ - Description: "name of the block device in the context of a machine. If the block device is a volume, the Cinder volume will be named as a combination of the machine name and this name. Also, this name will be used for tagging the block device. Information about the block device tag can be obtained from the OpenStack metadata API or the config drive.", + Description: "key is the prism category key name", Default: "", Type: []string{"string"}, Format: "", }, }, - "sizeGiB": { - SchemaProps: spec.SchemaProps{ - Description: "sizeGiB is the size of the block device in gibibytes (GiB).", - Default: 0, - Type: []string{"integer"}, - Format: "int32", - }, - }, - "storage": { + "value": { SchemaProps: spec.SchemaProps{ - Description: "storage specifies the storage type of the block device and additional storage options.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1alpha1.BlockDeviceStorage"), + Description: "value is the prism category value associated with the key", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"name", "sizeGiB", "storage"}, + Required: []string{"key", "value"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1alpha1.BlockDeviceStorage"}, } } -func schema_openshift_api_machine_v1alpha1_AddressPair(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_NutanixFailureDomainReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "NutanixFailureDomainReference refers to the failure domain of the Nutanix platform.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "ipAddress": { - SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", - }, - }, - "macAddress": { + "name": { SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", + Description: "name of the failure domain in which the nutanix machine provider will create the VM. Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, + Required: []string{"name"}, }, }, } } -func schema_openshift_api_machine_v1alpha1_BlockDeviceStorage(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_NutanixGPU(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "blockDeviceStorage is the storage type of a block device to create and contains additional storage options.", + Description: "NutanixGPU holds the identity of a Nutanix GPU resource in the Prism Central", Type: []string{"object"}, Properties: map[string]spec.Schema{ "type": { SchemaProps: spec.SchemaProps{ - Description: "type is the type of block device to create. This can be either \"Volume\" or \"Local\".", + Description: "type is the identifier type of the GPU device. Valid values are Name and DeviceID.", Default: "", Type: []string{"string"}, Format: "", }, }, - "volume": { + "deviceID": { SchemaProps: spec.SchemaProps{ - Description: "volume contains additional storage options for a volume block device.", - Ref: ref("github.com/openshift/api/machine/v1alpha1.BlockDeviceVolume"), + Description: "deviceID is the GPU device ID with the integer value.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is the GPU device name", + Type: []string{"string"}, + Format: "", }, }, }, @@ -39757,159 +40100,249 @@ func schema_openshift_api_machine_v1alpha1_BlockDeviceStorage(ref common.Referen map[string]interface{}{ "discriminator": "type", "fields-to-discriminateBy": map[string]interface{}{ - "volume": "Volume", + "deviceID": "DeviceID", + "name": "Name", }, }, }, }, }, }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1alpha1.BlockDeviceVolume"}, } } -func schema_openshift_api_machine_v1alpha1_BlockDeviceVolume(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_NutanixMachineProviderConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "blockDeviceVolume contains additional storage options for a volume block device.", + Description: "NutanixMachineProviderConfig is the Schema for the nutanixmachineproviderconfigs API Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "type": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "type is the Cinder volume type of the volume. If omitted, the default Cinder volume type that is configured in the OpenStack cloud will be used.", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "availabilityZone": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "availabilityZone is the volume availability zone to create the volume in. If omitted, the availability zone of the server will be used. The availability zone must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information.", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - }, - }, - }, - } -} - -func schema_openshift_api_machine_v1alpha1_Filter(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "id": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: use NetworkParam.uuid instead. Ignored if NetworkParam.uuid is set.", - Type: []string{"string"}, - Format: "", + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, - "name": { + "cluster": { SchemaProps: spec.SchemaProps{ - Description: "name filters networks by name.", - Type: []string{"string"}, - Format: "", + Description: "cluster is to identify the cluster (the Prism Element under management of the Prism Central), in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.NutanixResourceIdentifier"), }, }, - "description": { + "image": { SchemaProps: spec.SchemaProps{ - Description: "description filters networks by description.", - Type: []string{"string"}, - Format: "", + Description: "image is to identify the rhcos image uploaded to the Prism Central (PC) The image identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.NutanixResourceIdentifier"), }, }, - "tenantId": { + "subnets": { SchemaProps: spec.SchemaProps{ - Description: "tenantId filters networks by tenant ID. Deprecated: use projectId instead. tenantId will be ignored if projectId is set.", - Type: []string{"string"}, - Format: "", + Description: "subnets holds a list of identifiers (one or more) of the cluster's network subnets for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.NutanixResourceIdentifier"), + }, + }, + }, }, }, - "projectId": { + "vcpusPerSocket": { SchemaProps: spec.SchemaProps{ - Description: "projectId filters networks by project ID.", - Type: []string{"string"}, - Format: "", + Description: "vcpusPerSocket is the number of vCPUs per socket of the VM", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, - "tags": { + "vcpuSockets": { SchemaProps: spec.SchemaProps{ - Description: "tags filters by networks containing all specified tags. Multiple tags are comma separated.", - Type: []string{"string"}, - Format: "", + Description: "vcpuSockets is the number of vCPU sockets of the VM", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, - "tagsAny": { + "memorySize": { SchemaProps: spec.SchemaProps{ - Description: "tagsAny filters by networks containing any specified tags. Multiple tags are comma separated.", - Type: []string{"string"}, - Format: "", + Description: "memorySize is the memory size (in Quantity format) of the VM The minimum memorySize is 2Gi bytes", + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, - "notTags": { + "systemDiskSize": { SchemaProps: spec.SchemaProps{ - Description: "notTags filters by networks which don't match all specified tags. NOT (t1 AND t2...) Multiple tags are comma separated.", - Type: []string{"string"}, - Format: "", + Description: "systemDiskSize is size (in Quantity format) of the system disk of the VM The minimum systemDiskSize is 20Gi bytes", + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, - "notTagsAny": { + "bootType": { SchemaProps: spec.SchemaProps{ - Description: "notTagsAny filters by networks which don't match any specified tags. NOT (t1 OR t2...) Multiple tags are comma separated.", + Description: "bootType indicates the boot type (Legacy, UEFI or SecureBoot) the Machine's VM uses to boot. If this field is empty or omitted, the VM will use the default boot type \"Legacy\" to boot. \"SecureBoot\" depends on \"UEFI\" boot, i.e., enabling \"SecureBoot\" means that \"UEFI\" boot is also enabled.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "status": { + "project": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: status is silently ignored. It has no replacement.", - Type: []string{"string"}, - Format: "", + Description: "project optionally identifies a Prism project for the Machine's VM to associate with.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.NutanixResourceIdentifier"), }, }, - "adminStateUp": { + "categories": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "key", + }, + "x-kubernetes-list-type": "map", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "Deprecated: adminStateUp is silently ignored. It has no replacement.", - Type: []string{"boolean"}, - Format: "", + Description: "categories optionally adds one or more prism categories (each with key and value) for the Machine's VM to associate with. All the category key and value pairs specified must already exist in the prism central.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.NutanixCategory"), + }, + }, + }, }, }, - "shared": { + "gpus": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "set", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "Deprecated: shared is silently ignored. It has no replacement.", - Type: []string{"boolean"}, - Format: "", + Description: "gpus is a list of GPU devices to attach to the machine's VM. The GPU devices should already exist in Prism Central and associated with one of the Prism Element's hosts and available for the VM to attach (in \"UNUSED\" status).", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.NutanixGPU"), + }, + }, + }, }, }, - "marker": { + "dataDisks": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "set", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "Deprecated: marker is silently ignored. It has no replacement.", - Type: []string{"string"}, - Format: "", + Description: "dataDisks holds information of the data disks to attach to the Machine's VM", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.NutanixVMDisk"), + }, + }, + }, }, }, - "limit": { + "userDataSecret": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: limit is silently ignored. It has no replacement.", - Type: []string{"integer"}, - Format: "int32", + Description: "userDataSecret is a local reference to a secret that contains the UserData to apply to the VM", + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, - "sortKey": { + "credentialsSecret": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: sortKey is silently ignored. It has no replacement.", + Description: "credentialsSecret is a local reference to a secret that contains the credentials data to access Nutanix PC client", + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), + }, + }, + "failureDomain": { + SchemaProps: spec.SchemaProps{ + Description: "failureDomain refers to the name of the FailureDomain with which this Machine is associated. If this is configured, the Nutanix machine controller will use the prism_central endpoint and credentials defined in the referenced FailureDomain to communicate to the prism_central. It will also verify that the 'cluster' and subnets' configuration in the NutanixMachineProviderConfig is consistent with that in the referenced failureDomain.", + Ref: ref("github.com/openshift/api/machine/v1.NutanixFailureDomainReference"), + }, + }, + }, + Required: []string{"cluster", "image", "subnets", "vcpusPerSocket", "vcpuSockets", "memorySize", "systemDiskSize", "credentialsSecret"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1.NutanixCategory", "github.com/openshift/api/machine/v1.NutanixFailureDomainReference", "github.com/openshift/api/machine/v1.NutanixGPU", "github.com/openshift/api/machine/v1.NutanixResourceIdentifier", "github.com/openshift/api/machine/v1.NutanixVMDisk", corev1.LocalObjectReference{}.OpenAPIModelName(), resource.Quantity{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_machine_v1_NutanixMachineProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "NutanixMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains nutanix-specific status information. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "sortDir": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: sortDir is silently ignored. It has no replacement.", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "conditions is a set of conditions associated with the Machine to indicate errors or other status", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(metav1.Condition{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + "vmUUID": { + SchemaProps: spec.SchemaProps{ + Description: "vmUUID is the Machine associated VM's UUID The field is missing before the VM is created. Once the VM is created, the field is filled with the VM's UUID and it will not change. The vmUUID is used to find the VM when updating the Machine status, and to delete the VM when the Machine is deleted.", Type: []string{"string"}, Format: "", }, @@ -39917,588 +40350,509 @@ func schema_openshift_api_machine_v1alpha1_Filter(ref common.ReferenceCallback) }, }, }, + Dependencies: []string{ + metav1.Condition{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1alpha1_FixedIPs(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_NutanixResourceIdentifier(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "NutanixResourceIdentifier holds the identity of a Nutanix PC resource (cluster, image, subnet, etc.)", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "subnetID": { + "type": { SchemaProps: spec.SchemaProps{ - Description: "subnetID specifies the ID of the subnet where the fixed IP will be allocated.", + Description: "type is the identifier type to use for this resource.", Default: "", Type: []string{"string"}, Format: "", }, }, - "ipAddress": { + "uuid": { SchemaProps: spec.SchemaProps{ - Description: "ipAddress is a specific IP address to use in the given subnet. Port creation will fail if the address is not available. If not specified, an available IP from the given subnet will be selected automatically.", + Description: "uuid is the UUID of the resource in the PC.", + Type: []string{"string"}, + Format: "", + }, + }, + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is the resource name in the PC", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"subnetID"}, + Required: []string{"type"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "type", + "fields-to-discriminateBy": map[string]interface{}{ + "name": "Name", + "uuid": "UUID", + }, + }, + }, + }, }, }, } } -func schema_openshift_api_machine_v1alpha1_NetworkParam(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_NutanixStorageResourceIdentifier(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "NutanixStorageResourceIdentifier holds the identity of a Nutanix storage resource (storage_container, etc.)", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "uuid": { + "type": { SchemaProps: spec.SchemaProps{ - Description: "The UUID of the network. Required if you omit the port attribute.", + Description: "type is the identifier type to use for this resource. The valid value is \"uuid\".", + Default: "", Type: []string{"string"}, Format: "", }, }, - "fixedIp": { + "uuid": { SchemaProps: spec.SchemaProps{ - Description: "A fixed IPv4 address for the NIC. Deprecated: fixedIP is silently ignored. Use subnets instead.", + Description: "uuid is the UUID of the storage resource in the PC.", Type: []string{"string"}, Format: "", }, }, - "filter": { + }, + Required: []string{"type"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "type", + "fields-to-discriminateBy": map[string]interface{}{ + "uuid": "UUID", + }, + }, + }, + }, + }, + }, + } +} + +func schema_openshift_api_machine_v1_NutanixVMDisk(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "NutanixDataDisk specifies the VM data disk configuration parameters.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "diskSize": { SchemaProps: spec.SchemaProps{ - Description: "Filters for optional network query", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1alpha1.Filter"), + Description: "diskSize is size (in Quantity format) of the disk attached to the VM. See https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Format for the Quantity format and example documentation. The minimum diskSize is 1GB.", + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, - "subnets": { + "deviceProperties": { SchemaProps: spec.SchemaProps{ - Description: "Subnet within a network to use", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1alpha1.SubnetParam"), - }, - }, - }, + Description: "deviceProperties are the properties of the disk device.", + Ref: ref("github.com/openshift/api/machine/v1.NutanixVMDiskDeviceProperties"), }, }, - "noAllowedAddressPairs": { + "storageConfig": { SchemaProps: spec.SchemaProps{ - Description: "noAllowedAddressPairs disables creation of allowed address pairs for the network ports", - Type: []string{"boolean"}, - Format: "", + Description: "storageConfig are the storage configuration parameters of the VM disks.", + Ref: ref("github.com/openshift/api/machine/v1.NutanixVMStorageConfig"), }, }, - "portTags": { + "dataSource": { SchemaProps: spec.SchemaProps{ - Description: "portTags allows users to specify a list of tags to add to ports created in a given network", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "dataSource refers to a data source image for the VM disk.", + Ref: ref("github.com/openshift/api/machine/v1.NutanixResourceIdentifier"), }, }, - "vnicType": { + }, + Required: []string{"diskSize"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1.NutanixResourceIdentifier", "github.com/openshift/api/machine/v1.NutanixVMDiskDeviceProperties", "github.com/openshift/api/machine/v1.NutanixVMStorageConfig", resource.Quantity{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_machine_v1_NutanixVMDiskDeviceProperties(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "NutanixVMDiskDeviceProperties specifies the disk device properties.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "deviceType": { SchemaProps: spec.SchemaProps{ - Description: "The virtual network interface card (vNIC) type that is bound to the neutron port.", + Description: "deviceType specifies the disk device type. The valid values are \"Disk\" and \"CDRom\", and the default is \"Disk\".", + Default: "", Type: []string{"string"}, Format: "", }, }, - "profile": { + "adapterType": { SchemaProps: spec.SchemaProps{ - Description: "A dictionary that enables the application running on the specified host to pass and receive virtual network interface (VIF) port-specific information to the plug-in.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "adapterType is the adapter type of the disk address. If the deviceType is \"Disk\", the valid adapterType can be \"SCSI\", \"IDE\", \"PCI\", \"SATA\" or \"SPAPR\". If the deviceType is \"CDRom\", the valid adapterType can be \"IDE\" or \"SATA\".", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "portSecurity": { + "deviceIndex": { SchemaProps: spec.SchemaProps{ - Description: "portSecurity optionally enables or disables security on ports managed by OpenStack", - Type: []string{"boolean"}, - Format: "", + Description: "deviceIndex is the index of the disk address. The valid values are non-negative integers, with the default value 0. For a Machine VM, the deviceIndex for the disks with the same deviceType.adapterType combination should start from 0 and increase consecutively afterwards. Note that for each Machine VM, the Disk.SCSI.0 and CDRom.IDE.0 are reserved to be used by the VM's system. So for dataDisks of Disk.SCSI and CDRom.IDE, the deviceIndex should start from 1.", + Type: []string{"integer"}, + Format: "int32", }, }, }, + Required: []string{"deviceType", "adapterType", "deviceIndex"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1alpha1.Filter", "github.com/openshift/api/machine/v1alpha1.SubnetParam"}, } } -func schema_openshift_api_machine_v1alpha1_OpenstackProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_NutanixVMStorageConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "OpenstackProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an OpenStack Instance. It is used by the Openstack machine actuator to create a single machine instance. Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "NutanixVMStorageConfig specifies the storage configuration parameters for VM disks.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "diskMode": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "diskMode specifies the disk mode. The valid values are Standard and Flash, and the default is Standard.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "storageContainer": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", + Description: "storageContainer refers to the storage_container used by the VM disk.", + Ref: ref("github.com/openshift/api/machine/v1.NutanixStorageResourceIdentifier"), }, }, - "metadata": { + }, + Required: []string{"diskMode"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1.NutanixStorageResourceIdentifier"}, + } +} + +func schema_openshift_api_machine_v1_OpenShiftMachineV1Beta1MachineTemplate(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "OpenShiftMachineV1Beta1MachineTemplate is a template for the ControlPlaneMachineSet to create Machines from the v1beta1.machine.openshift.io API group.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "failureDomains": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Description: "failureDomains is the list of failure domains (sometimes called availability zones) in which the ControlPlaneMachineSet should balance the Control Plane Machines. This will be merged into the ProviderSpec given in the template. This field is optional on platforms that do not require placement information.", + Ref: ref("github.com/openshift/api/machine/v1.FailureDomains"), }, }, - "cloudsSecret": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "The name of the secret containing the openstack credentials", - Ref: ref("k8s.io/api/core/v1.SecretReference"), + Description: "ObjectMeta is the standard object metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata Labels are required to match the ControlPlaneMachineSet selector.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.ControlPlaneMachineSetTemplateObjectMeta"), }, }, - "cloudName": { + "spec": { SchemaProps: spec.SchemaProps{ - Description: "The name of the cloud to use from the clouds secret", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "spec contains the desired configuration of the Control Plane Machines. The ProviderSpec within contains platform specific details for creating the Control Plane Machines. The ProviderSe should be complete apart from the platform specific failure domain field. This will be overridden when the Machines are created based on the FailureDomains field.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.MachineSpec"), }, }, - "flavor": { + }, + Required: []string{"metadata", "spec"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1.ControlPlaneMachineSetTemplateObjectMeta", "github.com/openshift/api/machine/v1.FailureDomains", "github.com/openshift/api/machine/v1beta1.MachineSpec"}, + } +} + +func schema_openshift_api_machine_v1_OpenStackFailureDomain(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "OpenStackFailureDomain configures failure domain information for the OpenStack platform.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "availabilityZone": { SchemaProps: spec.SchemaProps{ - Description: "The flavor reference for the flavor for your server instance.", - Default: "", + Description: "availabilityZone is the nova availability zone in which the OpenStack machine provider will create the VM. If not specified, the VM will be created in the default availability zone specified in the nova configuration. Availability zone names must NOT contain : since it is used by admin users to specify hosts where instances are launched in server creation. Also, it must not contain spaces otherwise it will lead to node that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information. The maximum length of availability zone name is 63 as per labels limits.", Type: []string{"string"}, Format: "", }, }, - "image": { + "rootVolume": { SchemaProps: spec.SchemaProps{ - Description: "The name of the image to use for your server instance. If the RootVolume is specified, this will be ignored and use rootVolume directly.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "rootVolume contains settings that will be used by the OpenStack machine provider to create the root volume attached to the VM. If not specified, no root volume will be created.", + Ref: ref("github.com/openshift/api/machine/v1.RootVolume"), }, }, - "keyName": { + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1.RootVolume"}, + } +} + +func schema_openshift_api_machine_v1_PowerVSMachineProviderConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "PowerVSMachineProviderConfig is the type that will be embedded in a Machine.Spec.ProviderSpec field for a PowerVS virtual machine. It is used by the PowerVS machine actuator to create a single Machine.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { SchemaProps: spec.SchemaProps{ - Description: "The ssh key to inject in the instance", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "sshUserName": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "The machine ssh username Deprecated: sshUserName is silently ignored.", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - "networks": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "A networks object. Required parameter when there are multiple networks defined for the tenant. When you do not specify the networks parameter, the server attaches to the only network created for the current tenant.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1alpha1.NetworkParam"), - }, - }, - }, + Default: map[string]interface{}{}, + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, - "ports": { + "userDataSecret": { SchemaProps: spec.SchemaProps{ - Description: "Create and assign additional ports to instances", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1alpha1.PortOpts"), - }, - }, - }, + Description: "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance.", + Ref: ref("github.com/openshift/api/machine/v1.PowerVSSecretReference"), }, }, - "floatingIP": { + "credentialsSecret": { SchemaProps: spec.SchemaProps{ - Description: "floatingIP specifies a floating IP to be associated with the machine. Note that it is not safe to use this parameter in a MachineSet, as only one Machine may be assigned the same floating IP.\n\nDeprecated: floatingIP will be removed in a future release as it cannot be implemented correctly.", - Type: []string{"string"}, - Format: "", + Description: "credentialsSecret is a reference to the secret with IBM Cloud credentials.", + Ref: ref("github.com/openshift/api/machine/v1.PowerVSSecretReference"), }, }, - "availabilityZone": { + "serviceInstance": { SchemaProps: spec.SchemaProps{ - Description: "The availability zone from which to launch the server.", - Type: []string{"string"}, - Format: "", + Description: "serviceInstance is the reference to the Power VS service on which the server instance(VM) will be created. Power VS service is a container for all Power VS instances at a specific geographic region. serviceInstance can be created via IBM Cloud catalog or CLI. supported serviceInstance identifier in PowerVSResource are Name and ID and that can be obtained from IBM Cloud UI or IBM Cloud cli. More detail about Power VS service instance. https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-creating-power-virtual-server", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.PowerVSResource"), }, }, - "securityGroups": { + "image": { SchemaProps: spec.SchemaProps{ - Description: "The names of the security groups to assign to the instance", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1alpha1.SecurityGroupParam"), - }, - }, - }, + Description: "image is to identify the rhcos image uploaded to IBM COS bucket which is used to create the instance. supported image identifier in PowerVSResource are Name and ID and that can be obtained from IBM Cloud UI or IBM Cloud cli.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.PowerVSResource"), }, }, - "userDataSecret": { + "network": { SchemaProps: spec.SchemaProps{ - Description: "The name of the secret containing the user data (startup script in most cases)", - Ref: ref("k8s.io/api/core/v1.SecretReference"), + Description: "network is the reference to the Network to use for this instance. supported network identifier in PowerVSResource are Name, ID and RegEx and that can be obtained from IBM Cloud UI or IBM Cloud cli.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1.PowerVSResource"), }, }, - "trunk": { + "keyPairName": { SchemaProps: spec.SchemaProps{ - Description: "Whether the server instance is created on a trunk port or not.", - Type: []string{"boolean"}, + Description: "keyPairName is the name of the KeyPair to use for SSH. The key pair will be exposed to the instance via the instance metadata service. On boot, the OS will copy the public keypair into the authorized keys for the core user.", + Default: "", + Type: []string{"string"}, Format: "", }, }, - "tags": { + "systemType": { SchemaProps: spec.SchemaProps{ - Description: "Machine tags Requires Nova api 2.52 minimum!", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "systemType is the System type used to host the instance. systemType determines the number of cores and memory that is available. Few of the supported SystemTypes are s922,e880,e980. e880 systemType available only in Dallas Datacenters. e980 systemType available in Datacenters except Dallas and Washington. When omitted, this means that the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is s922 which is generally available.", + Type: []string{"string"}, + Format: "", }, }, - "serverMetadata": { + "processorType": { SchemaProps: spec.SchemaProps{ - Description: "Metadata mapping. Allows you to create a map of key value pairs to add to the server instance.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "processorType is the VM instance processor type. It must be set to one of the following values: Dedicated, Capped or Shared. Dedicated: resources are allocated for a specific client, The hypervisor makes a 1:1 binding of a partition’s processor to a physical processor core. Shared: Shared among other clients. Capped: Shared, but resources do not expand beyond those that are requested, the amount of CPU time is Capped to the value specified for the entitlement. if the processorType is selected as Dedicated, then processors value cannot be fractional. When omitted, this means that the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is Shared.", + Type: []string{"string"}, + Format: "", }, }, - "configDrive": { + "processors": { SchemaProps: spec.SchemaProps{ - Description: "Config Drive support", - Type: []string{"boolean"}, - Format: "", + Description: "processors is the number of virtual processors in a virtual machine. when the processorType is selected as Dedicated the processors value cannot be fractional. maximum value for the Processors depends on the selected SystemType. when SystemType is set to e880 or e980 maximum Processors value is 143. when SystemType is set to s922 maximum Processors value is 15. minimum value for Processors depends on the selected ProcessorType. when ProcessorType is set as Shared or Capped, The minimum processors is 0.5. when ProcessorType is set as Dedicated, The minimum processors is 1. When omitted, this means that the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default is set based on the selected ProcessorType. when ProcessorType selected as Dedicated, the default is set to 1. when ProcessorType selected as Shared or Capped, the default is set to 0.5.", + Ref: ref(intstr.IntOrString{}.OpenAPIModelName()), }, }, - "rootVolume": { + "memoryGiB": { SchemaProps: spec.SchemaProps{ - Description: "The volume metadata to boot from", - Ref: ref("github.com/openshift/api/machine/v1alpha1.RootVolume"), + Description: "memoryGiB is the size of a virtual machine's memory, in GiB. maximum value for the MemoryGiB depends on the selected SystemType. when SystemType is set to e880 maximum MemoryGiB value is 7463 GiB. when SystemType is set to e980 maximum MemoryGiB value is 15307 GiB. when SystemType is set to s922 maximum MemoryGiB value is 942 GiB. The minimum memory is 32 GiB. When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 32.", + Type: []string{"integer"}, + Format: "int32", }, }, - "additionalBlockDevices": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, - }, + "loadBalancers": { SchemaProps: spec.SchemaProps{ - Description: "additionalBlockDevices is a list of specifications for additional block devices to attach to the server instance", + Description: "loadBalancers is the set of load balancers to which the new control plane instance should be added once it is created.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1alpha1.AdditionalBlockDevice"), + Ref: ref("github.com/openshift/api/machine/v1.LoadBalancerReference"), }, }, }, }, }, - "serverGroupID": { - SchemaProps: spec.SchemaProps{ - Description: "The server group to assign the machine to.", - Type: []string{"string"}, - Format: "", - }, - }, - "serverGroupName": { - SchemaProps: spec.SchemaProps{ - Description: "The server group to assign the machine to. A server group with that name will be created if it does not exist. If both ServerGroupID and ServerGroupName are non-empty, they must refer to the same OpenStack resource.", - Type: []string{"string"}, - Format: "", - }, - }, - "primarySubnet": { - SchemaProps: spec.SchemaProps{ - Description: "The subnet that a set of machines will get ingress/egress traffic from Deprecated: primarySubnet is silently ignored. Use subnets instead.", - Type: []string{"string"}, - Format: "", - }, - }, }, - Required: []string{"cloudsSecret", "cloudName", "flavor", "image"}, + Required: []string{"serviceInstance", "image", "network", "keyPairName"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1alpha1.AdditionalBlockDevice", "github.com/openshift/api/machine/v1alpha1.NetworkParam", "github.com/openshift/api/machine/v1alpha1.PortOpts", "github.com/openshift/api/machine/v1alpha1.RootVolume", "github.com/openshift/api/machine/v1alpha1.SecurityGroupParam", "k8s.io/api/core/v1.SecretReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/machine/v1.LoadBalancerReference", "github.com/openshift/api/machine/v1.PowerVSResource", "github.com/openshift/api/machine/v1.PowerVSSecretReference", metav1.ObjectMeta{}.OpenAPIModelName(), intstr.IntOrString{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1alpha1_PortOpts(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_PowerVSMachineProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "PowerVSMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains PowerVS-specific status information.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "networkID": { - SchemaProps: spec.SchemaProps{ - Description: "networkID is the ID of the network the port will be created in. It is required.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "nameSuffix": { - SchemaProps: spec.SchemaProps{ - Description: "If nameSuffix is specified the created port will be named -. If not specified the port will be named -.", - Type: []string{"string"}, - Format: "", - }, - }, - "description": { - SchemaProps: spec.SchemaProps{ - Description: "description specifies the description of the created port.", - Type: []string{"string"}, - Format: "", - }, - }, - "adminStateUp": { - SchemaProps: spec.SchemaProps{ - Description: "adminStateUp sets the administrative state of the created port to up (true), or down (false).", - Type: []string{"boolean"}, - Format: "", - }, - }, - "macAddress": { - SchemaProps: spec.SchemaProps{ - Description: "macAddress specifies the MAC address of the created port.", - Type: []string{"string"}, - Format: "", - }, - }, - "fixedIPs": { - SchemaProps: spec.SchemaProps{ - Description: "fixedIPs specifies a set of fixed IPs to assign to the port. They must all be valid for the port's network.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1alpha1.FixedIPs"), - }, - }, - }, - }, - }, - "tenantID": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "tenantID specifies the tenant ID of the created port. Note that this requires OpenShift to have administrative permissions, which is typically not the case. Use of this field is not recommended. Deprecated: tenantID is silently ignored.", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "projectID": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "projectID specifies the project ID of the created port. Note that this requires OpenShift to have administrative permissions, which is typically not the case. Use of this field is not recommended. Deprecated: projectID is silently ignored.", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - "securityGroups": { - SchemaProps: spec.SchemaProps{ - Description: "securityGroups specifies a set of security group UUIDs to use instead of the machine's default security groups. The default security groups will be used if this is left empty or not specified.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", }, + "x-kubernetes-list-type": "map", }, }, - }, - "allowedAddressPairs": { SchemaProps: spec.SchemaProps{ - Description: "allowedAddressPairs specifies a set of allowed address pairs to add to the port.", + Description: "conditions is a set of conditions associated with the Machine to indicate errors or other status", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1alpha1.AddressPair"), - }, - }, - }, - }, - }, - "tags": { - SchemaProps: spec.SchemaProps{ - Description: "tags species a set of tags to add to the port.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, }, }, - "vnicType": { + "instanceId": { SchemaProps: spec.SchemaProps{ - Description: "The virtual network interface card (vNIC) type that is bound to the neutron port.", + Description: "instanceId is the instance ID of the machine created in PowerVS instanceId uniquely identifies a Power VS server instance(VM) under a Power VS service. This will help in updating or deleting a VM in Power VS Cloud", Type: []string{"string"}, Format: "", }, }, - "profile": { - SchemaProps: spec.SchemaProps{ - Description: "A dictionary that enables the application running on the specified host to pass and receive virtual network interface (VIF) port-specific information to the plug-in.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, - "portSecurity": { - SchemaProps: spec.SchemaProps{ - Description: "enable or disable security on a given port incompatible with securityGroups and allowedAddressPairs", - Type: []string{"boolean"}, - Format: "", - }, - }, - "trunk": { + "serviceInstanceID": { SchemaProps: spec.SchemaProps{ - Description: "Enables and disables trunk at port level. If not provided, openStackMachine.Spec.Trunk is inherited.", - Type: []string{"boolean"}, + Description: "serviceInstanceID is the reference to the Power VS ServiceInstance on which the machine instance will be created. serviceInstanceID uniquely identifies the Power VS service By setting serviceInstanceID it will become easy and efficient to fetch a server instance(VM) within Power VS Cloud.", + Type: []string{"string"}, Format: "", }, }, - "hostID": { + "instanceState": { SchemaProps: spec.SchemaProps{ - Description: "The ID of the host where the port is allocated. Do not use this field: it cannot be used correctly. Deprecated: hostID is silently ignored. It will be removed with no replacement.", + Description: "instanceState is the state of the PowerVS instance for this machine Possible instance states are Active, Build, ShutOff, Reboot This is used to display additional information to user regarding instance current state", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"networkID"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1alpha1.AddressPair", "github.com/openshift/api/machine/v1alpha1.FixedIPs"}, + metav1.Condition{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1alpha1_RootVolume(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_PowerVSResource(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "PowerVSResource is a reference to a specific PowerVS resource by ID, Name or RegEx Only one of ID, Name or RegEx may be specified. Specifying more than one will result in a validation error.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "sourceUUID": { + "type": { SchemaProps: spec.SchemaProps{ - Description: "sourceUUID specifies the UUID of a glance image used to populate the root volume. Deprecated: set image in the platform spec instead. This will be ignored if image is set in the platform spec.", + Description: "type identifies the resource type for this entry. Valid values are ID, Name and RegEx", Type: []string{"string"}, Format: "", }, }, - "volumeType": { + "id": { SchemaProps: spec.SchemaProps{ - Description: "volumeType specifies a volume type to use when creating the root volume. If not specified the default volume type will be used.", + Description: "id of resource", Type: []string{"string"}, Format: "", }, }, - "diskSize": { - SchemaProps: spec.SchemaProps{ - Description: "diskSize specifies the size, in GiB, of the created root volume.", - Type: []string{"integer"}, - Format: "int32", - }, - }, - "availabilityZone": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "availabilityZone specifies the Cinder availability where the root volume will be created.", + Description: "name of resource", Type: []string{"string"}, Format: "", }, }, - "sourceType": { + "regex": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: sourceType will be silently ignored. There is no replacement.", + Description: "regex to find resource Regex contains the pattern to match to find a resource", Type: []string{"string"}, Format: "", }, }, - "deviceType": { - SchemaProps: spec.SchemaProps{ - Description: "Deprecated: deviceType will be silently ignored. There is no replacement.", - Type: []string{"string"}, - Format: "", + }, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "fields-to-discriminateBy": map[string]interface{}{ + "id": "ID", + "name": "Name", + "regex": "RegEx", + "type": "Type", + }, }, }, }, @@ -40507,274 +40861,373 @@ func schema_openshift_api_machine_v1alpha1_RootVolume(ref common.ReferenceCallba } } -func schema_openshift_api_machine_v1alpha1_SecurityGroupFilter(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1_PowerVSSecretReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "PowerVSSecretReference contains enough information to locate the referenced secret inside the same namespace.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "id": { - SchemaProps: spec.SchemaProps{ - Description: "id specifies the ID of a security group to use. If set, id will not be validated before use. An invalid id will result in failure to create a server with an appropriate error message.", - Type: []string{"string"}, - Format: "", - }, - }, "name": { SchemaProps: spec.SchemaProps{ - Description: "name filters security groups by name.", - Type: []string{"string"}, - Format: "", - }, - }, - "description": { - SchemaProps: spec.SchemaProps{ - Description: "description filters security groups by description.", - Type: []string{"string"}, - Format: "", - }, - }, - "tenantId": { - SchemaProps: spec.SchemaProps{ - Description: "tenantId filters security groups by tenant ID. Deprecated: use projectId instead. tenantId will be ignored if projectId is set.", + Description: "name of the secret.", Type: []string{"string"}, Format: "", }, }, - "projectId": { + }, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-map-type": "atomic", + }, + }, + }, + } +} + +func schema_openshift_api_machine_v1_RootVolume(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "RootVolume represents the volume metadata to boot from. The original RootVolume struct is defined in the v1alpha1 but it's not best practice to use it directly here so we define a new one that should stay in sync with the original one.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "availabilityZone": { SchemaProps: spec.SchemaProps{ - Description: "projectId filters security groups by project ID.", + Description: "availabilityZone specifies the Cinder availability zone where the root volume will be created. If not specifified, the root volume will be created in the availability zone specified by the volume type in the cinder configuration. If the volume type (configured in the OpenStack cluster) does not specify an availability zone, the root volume will be created in the default availability zone specified in the cinder configuration. See https://docs.openstack.org/cinder/latest/admin/availability-zone-type.html for more details. If the OpenStack cluster is deployed with the cross_az_attach configuration option set to false, the root volume will have to be in the same availability zone as the VM (defined by OpenStackFailureDomain.AvailabilityZone). Availability zone names must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information. The maximum length of availability zone name is 63 as per labels limits.", Type: []string{"string"}, Format: "", }, }, - "tags": { + "volumeType": { SchemaProps: spec.SchemaProps{ - Description: "tags filters by security groups containing all specified tags. Multiple tags are comma separated.", + Description: "volumeType specifies the type of the root volume that will be provisioned. The maximum length of a volume type name is 255 characters, as per the OpenStack limit.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "tagsAny": { + }, + Required: []string{"volumeType"}, + }, + }, + } +} + +func schema_openshift_api_machine_v1_SystemDiskProperties(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "SystemDiskProperties contains the information regarding the system disk including performance, size, name, and category", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "category": { SchemaProps: spec.SchemaProps{ - Description: "tagsAny filters by security groups containing any specified tags. Multiple tags are comma separated.", + Description: "category is the category of the system disk. Valid values: cloud_essd: ESSD. When the parameter is set to this value, you can use the SystemDisk.PerformanceLevel parameter to specify the performance level of the disk. cloud_efficiency: ultra disk. cloud_ssd: standard SSD. cloud: basic disk. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently for non-I/O optimized instances of retired instance types, the default is `cloud`. Currently for other instances, the default is `cloud_efficiency`.", Type: []string{"string"}, Format: "", }, }, - "notTags": { + "performanceLevel": { SchemaProps: spec.SchemaProps{ - Description: "notTags filters by security groups which don't match all specified tags. NOT (t1 AND t2...) Multiple tags are comma separated.", + Description: "performanceLevel is the performance level of the ESSD used as the system disk. Valid values:\n\nPL0: A single ESSD can deliver up to 10,000 random read/write IOPS. PL1: A single ESSD can deliver up to 50,000 random read/write IOPS. PL2: A single ESSD can deliver up to 100,000 random read/write IOPS. PL3: A single ESSD can deliver up to 1,000,000 random read/write IOPS. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is `PL1`. For more information about ESSD performance levels, see ESSDs.", Type: []string{"string"}, Format: "", }, }, - "notTagsAny": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "notTagsAny filters by security groups which don't match any specified tags. NOT (t1 OR t2...) Multiple tags are comma separated.", + Description: "name is the name of the system disk. If the name is specified the name must be 2 to 128 characters in length. It must start with a letter and cannot start with http:// or https://. It can contain letters, digits, colons (:), underscores (_), and hyphens (-). Empty value means the platform chooses a default, which is subject to change over time. Currently the default is `\"\"`.", Type: []string{"string"}, Format: "", }, }, - "limit": { + "size": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: limit is silently ignored. It has no replacement.", + Description: "size is the size of the system disk. Unit: GiB. Valid values: 20 to 500. The value must be at least 20 and greater than or equal to the size of the image. Empty value means the platform chooses a default, which is subject to change over time. Currently the default is `40` or the size of the image depending on whichever is greater.", Type: []string{"integer"}, - Format: "int32", + Format: "int64", }, }, - "marker": { + }, + }, + }, + } +} + +func schema_openshift_api_machine_v1_Tag(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Tag The tags of ECS Instance", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "Key": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: marker is silently ignored. It has no replacement.", + Description: "Key is the name of the key pair", + Default: "", Type: []string{"string"}, Format: "", }, }, - "sortKey": { + "Value": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: sortKey is silently ignored. It has no replacement.", + Description: "Value is the value or data of the key pair", + Default: "", Type: []string{"string"}, Format: "", }, }, - "sortDir": { + }, + Required: []string{"Key", "Value"}, + }, + }, + } +} + +func schema_openshift_api_machine_v1_VSphereFailureDomain(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "VSphereFailureDomain configures failure domain information for the vSphere platform", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: sortDir is silently ignored. It has no replacement.", + Description: "name of the failure domain in which the vSphere machine provider will create the VM. Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource. When balancing machines across failure domains, the control plane machine set will inject configuration from the Infrastructure resource into the machine providerSpec to allocate the machine to a failure domain.", + Default: "", Type: []string{"string"}, Format: "", }, }, }, + Required: []string{"name"}, }, }, } } -func schema_openshift_api_machine_v1alpha1_SecurityGroupParam(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1alpha1_AdditionalBlockDevice(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "additionalBlockDevice is a block device to attach to the server.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "uuid": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "Security Group UUID", + Description: "name of the block device in the context of a machine. If the block device is a volume, the Cinder volume will be named as a combination of the machine name and this name. Also, this name will be used for tagging the block device. Information about the block device tag can be obtained from the OpenStack metadata API or the config drive.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "name": { + "sizeGiB": { SchemaProps: spec.SchemaProps{ - Description: "Security Group name", - Type: []string{"string"}, - Format: "", + Description: "sizeGiB is the size of the block device in gibibytes (GiB).", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, - "filter": { + "storage": { SchemaProps: spec.SchemaProps{ - Description: "Filters used to query security groups in openstack", + Description: "storage specifies the storage type of the block device and additional storage options.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1alpha1.SecurityGroupFilter"), + Ref: ref("github.com/openshift/api/machine/v1alpha1.BlockDeviceStorage"), }, }, }, + Required: []string{"name", "sizeGiB", "storage"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1alpha1.SecurityGroupFilter"}, + "github.com/openshift/api/machine/v1alpha1.BlockDeviceStorage"}, } } -func schema_openshift_api_machine_v1alpha1_SubnetFilter(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1alpha1_AddressPair(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ Type: []string{"object"}, Properties: map[string]spec.Schema{ - "id": { + "ipAddress": { SchemaProps: spec.SchemaProps{ - Description: "id is the uuid of a specific subnet to use. If specified, id will not be validated. Instead server creation will fail with an appropriate error.", - Type: []string{"string"}, - Format: "", + Type: []string{"string"}, + Format: "", }, }, - "name": { + "macAddress": { SchemaProps: spec.SchemaProps{ - Description: "name filters subnets by name.", - Type: []string{"string"}, - Format: "", + Type: []string{"string"}, + Format: "", }, }, - "description": { + }, + }, + }, + } +} + +func schema_openshift_api_machine_v1alpha1_BlockDeviceStorage(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "blockDeviceStorage is the storage type of a block device to create and contains additional storage options.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { SchemaProps: spec.SchemaProps{ - Description: "description filters subnets by description.", + Description: "type is the type of block device to create. This can be either \"Volume\" or \"Local\".", + Default: "", Type: []string{"string"}, Format: "", }, }, - "networkId": { + "volume": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: networkId is silently ignored. Set uuid on the containing network definition instead.", - Type: []string{"string"}, - Format: "", + Description: "volume contains additional storage options for a volume block device.", + Ref: ref("github.com/openshift/api/machine/v1alpha1.BlockDeviceVolume"), }, }, - "tenantId": { - SchemaProps: spec.SchemaProps{ - Description: "tenantId filters subnets by tenant ID. Deprecated: use projectId instead. tenantId will be ignored if projectId is set.", - Type: []string{"string"}, - Format: "", + }, + Required: []string{"type"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "type", + "fields-to-discriminateBy": map[string]interface{}{ + "volume": "Volume", + }, }, }, - "projectId": { + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1alpha1.BlockDeviceVolume"}, + } +} + +func schema_openshift_api_machine_v1alpha1_BlockDeviceVolume(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "blockDeviceVolume contains additional storage options for a volume block device.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { SchemaProps: spec.SchemaProps{ - Description: "projectId filters subnets by project ID.", + Description: "type is the Cinder volume type of the volume. If omitted, the default Cinder volume type that is configured in the OpenStack cloud will be used.", Type: []string{"string"}, Format: "", }, }, - "ipVersion": { + "availabilityZone": { SchemaProps: spec.SchemaProps{ - Description: "ipVersion filters subnets by IP version.", - Type: []string{"integer"}, - Format: "int32", + Description: "availabilityZone is the volume availability zone to create the volume in. If omitted, the availability zone of the server will be used. The availability zone must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information.", + Type: []string{"string"}, + Format: "", }, }, - "gateway_ip": { + }, + }, + }, + } +} + +func schema_openshift_api_machine_v1alpha1_Filter(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "id": { SchemaProps: spec.SchemaProps{ - Description: "gateway_ip filters subnets by gateway IP.", + Description: "Deprecated: use NetworkParam.uuid instead. Ignored if NetworkParam.uuid is set.", Type: []string{"string"}, Format: "", }, }, - "cidr": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "cidr filters subnets by CIDR.", + Description: "name filters networks by name.", Type: []string{"string"}, Format: "", }, }, - "ipv6AddressMode": { + "description": { SchemaProps: spec.SchemaProps{ - Description: "ipv6AddressMode filters subnets by IPv6 address mode.", + Description: "description filters networks by description.", Type: []string{"string"}, Format: "", }, }, - "ipv6RaMode": { + "tenantId": { SchemaProps: spec.SchemaProps{ - Description: "ipv6RaMode filters subnets by IPv6 router adversiement mode.", + Description: "tenantId filters networks by tenant ID. Deprecated: use projectId instead. tenantId will be ignored if projectId is set.", Type: []string{"string"}, Format: "", }, }, - "subnetpoolId": { + "projectId": { SchemaProps: spec.SchemaProps{ - Description: "subnetpoolId filters subnets by subnet pool ID. Deprecated: subnetpoolId is silently ignored.", + Description: "projectId filters networks by project ID.", Type: []string{"string"}, Format: "", }, }, "tags": { SchemaProps: spec.SchemaProps{ - Description: "tags filters by subnets containing all specified tags. Multiple tags are comma separated.", + Description: "tags filters by networks containing all specified tags. Multiple tags are comma separated.", Type: []string{"string"}, Format: "", }, }, "tagsAny": { SchemaProps: spec.SchemaProps{ - Description: "tagsAny filters by subnets containing any specified tags. Multiple tags are comma separated.", + Description: "tagsAny filters by networks containing any specified tags. Multiple tags are comma separated.", Type: []string{"string"}, Format: "", }, }, "notTags": { SchemaProps: spec.SchemaProps{ - Description: "notTags filters by subnets which don't match all specified tags. NOT (t1 AND t2...) Multiple tags are comma separated.", + Description: "notTags filters by networks which don't match all specified tags. NOT (t1 AND t2...) Multiple tags are comma separated.", Type: []string{"string"}, Format: "", }, }, "notTagsAny": { SchemaProps: spec.SchemaProps{ - Description: "notTagsAny filters by subnets which don't match any specified tags. NOT (t1 OR t2...) Multiple tags are comma separated.", + Description: "notTagsAny filters by networks which don't match any specified tags. NOT (t1 OR t2...) Multiple tags are comma separated.", Type: []string{"string"}, Format: "", }, }, - "enableDhcp": { + "status": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: enableDhcp is silently ignored. It has no replacement.", + Description: "Deprecated: status is silently ignored. It has no replacement.", + Type: []string{"string"}, + Format: "", + }, + }, + "adminStateUp": { + SchemaProps: spec.SchemaProps{ + Description: "Deprecated: adminStateUp is silently ignored. It has no replacement.", Type: []string{"boolean"}, Format: "", }, }, - "limit": { + "shared": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: limit is silently ignored. It has no replacement.", - Type: []string{"integer"}, - Format: "int32", + Description: "Deprecated: shared is silently ignored. It has no replacement.", + Type: []string{"boolean"}, + Format: "", }, }, "marker": { @@ -40784,6 +41237,13 @@ func schema_openshift_api_machine_v1alpha1_SubnetFilter(ref common.ReferenceCall Format: "", }, }, + "limit": { + SchemaProps: spec.SchemaProps{ + Description: "Deprecated: limit is silently ignored. It has no replacement.", + Type: []string{"integer"}, + Format: "int32", + }, + }, "sortKey": { SchemaProps: spec.SchemaProps{ Description: "Deprecated: sortKey is silently ignored. It has no replacement.", @@ -40804,7 +41264,35 @@ func schema_openshift_api_machine_v1alpha1_SubnetFilter(ref common.ReferenceCall } } -func schema_openshift_api_machine_v1alpha1_SubnetParam(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1alpha1_FixedIPs(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "subnetID": { + SchemaProps: spec.SchemaProps{ + Description: "subnetID specifies the ID of the subnet where the fixed IP will be allocated.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "ipAddress": { + SchemaProps: spec.SchemaProps{ + Description: "ipAddress is a specific IP address to use in the given subnet. Port creation will fail if the address is not available. If not specified, an available IP from the given subnet will be selected automatically.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"subnetID"}, + }, + }, + } +} + +func schema_openshift_api_machine_v1alpha1_NetworkParam(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ @@ -40817,16 +41305,44 @@ func schema_openshift_api_machine_v1alpha1_SubnetParam(ref common.ReferenceCallb Format: "", }, }, + "fixedIp": { + SchemaProps: spec.SchemaProps{ + Description: "A fixed IPv4 address for the NIC. Deprecated: fixedIP is silently ignored. Use subnets instead.", + Type: []string{"string"}, + Format: "", + }, + }, "filter": { SchemaProps: spec.SchemaProps{ Description: "Filters for optional network query", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1alpha1.SubnetFilter"), + Ref: ref("github.com/openshift/api/machine/v1alpha1.Filter"), + }, + }, + "subnets": { + SchemaProps: spec.SchemaProps{ + Description: "Subnet within a network to use", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1alpha1.SubnetParam"), + }, + }, + }, + }, + }, + "noAllowedAddressPairs": { + SchemaProps: spec.SchemaProps{ + Description: "noAllowedAddressPairs disables creation of allowed address pairs for the network ports", + Type: []string{"boolean"}, + Format: "", }, }, "portTags": { SchemaProps: spec.SchemaProps{ - Description: "portTags are tags that are added to ports created on this subnet", + Description: "portTags allows users to specify a list of tags to add to ports created in a given network", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -40839,9 +41355,32 @@ func schema_openshift_api_machine_v1alpha1_SubnetParam(ref common.ReferenceCallb }, }, }, + "vnicType": { + SchemaProps: spec.SchemaProps{ + Description: "The virtual network interface card (vNIC) type that is bound to the neutron port.", + Type: []string{"string"}, + Format: "", + }, + }, + "profile": { + SchemaProps: spec.SchemaProps{ + Description: "A dictionary that enables the application running on the specified host to pass and receive virtual network interface (VIF) port-specific information to the plug-in.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, "portSecurity": { SchemaProps: spec.SchemaProps{ - Description: "portSecurity optionally enables or disables security on ports managed by OpenStack Deprecated: portSecurity is silently ignored. Set portSecurity on the parent network instead.", + Description: "portSecurity optionally enables or disables security on ports managed by OpenStack", Type: []string{"boolean"}, Format: "", }, @@ -40850,15 +41389,15 @@ func schema_openshift_api_machine_v1alpha1_SubnetParam(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1alpha1.SubnetFilter"}, + "github.com/openshift/api/machine/v1alpha1.Filter", "github.com/openshift/api/machine/v1alpha1.SubnetParam"}, } } -func schema_openshift_api_machine_v1beta1_AWSMachineProviderConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1alpha1_OpenstackProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "AWSMachineProviderConfig is the Schema for the awsmachineproviderconfigs API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "OpenstackProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an OpenStack Instance. It is used by the Openstack machine actuator to create a single machine instance. Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -40877,835 +41416,777 @@ func schema_openshift_api_machine_v1beta1_AWSMachineProviderConfig(ref common.Re }, "metadata": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, - "ami": { + "cloudsSecret": { SchemaProps: spec.SchemaProps{ - Description: "ami is the reference to the AMI from which to create the machine instance.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.AWSResourceReference"), + Description: "The name of the secret containing the openstack credentials", + Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), }, }, - "instanceType": { + "cloudName": { SchemaProps: spec.SchemaProps{ - Description: "instanceType is the type of instance to create. Example: m4.xlarge", + Description: "The name of the cloud to use from the clouds secret", Default: "", Type: []string{"string"}, Format: "", }, }, - "cpuOptions": { - SchemaProps: spec.SchemaProps{ - Description: "cpuOptions defines CPU-related settings for the instance, including the confidential computing policy. When omitted, this means no opinion and the AWS platform is left to choose a reasonable default. More info: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CpuOptionsRequest.html, https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cpu-options-supported-instances-values.html", - Ref: ref("github.com/openshift/api/machine/v1beta1.CPUOptions"), - }, - }, - "tags": { + "flavor": { SchemaProps: spec.SchemaProps{ - Description: "tags is the set of tags to add to apply to an instance, in addition to the ones added by default by the actuator. These tags are additive. The actuator will ensure these tags are present, but will not remove any other tags that may exist on the instance.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.TagSpecification"), - }, - }, - }, + Description: "The flavor reference for the flavor for your server instance.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "iamInstanceProfile": { + "image": { SchemaProps: spec.SchemaProps{ - Description: "iamInstanceProfile is a reference to an IAM role to assign to the instance", - Ref: ref("github.com/openshift/api/machine/v1beta1.AWSResourceReference"), + Description: "The name of the image to use for your server instance. If the RootVolume is specified, this will be ignored and use rootVolume directly.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "userDataSecret": { + "keyName": { SchemaProps: spec.SchemaProps{ - Description: "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Description: "The ssh key to inject in the instance", + Type: []string{"string"}, + Format: "", }, }, - "credentialsSecret": { + "sshUserName": { SchemaProps: spec.SchemaProps{ - Description: "credentialsSecret is a reference to the secret with AWS credentials. Otherwise, defaults to permissions provided by attached IAM role where the actuator is running.", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Description: "The machine ssh username Deprecated: sshUserName is silently ignored.", + Type: []string{"string"}, + Format: "", }, }, - "keyName": { + "networks": { SchemaProps: spec.SchemaProps{ - Description: "keyName is the name of the KeyPair to use for SSH", - Type: []string{"string"}, - Format: "", + Description: "A networks object. Required parameter when there are multiple networks defined for the tenant. When you do not specify the networks parameter, the server attaches to the only network created for the current tenant.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1alpha1.NetworkParam"), + }, + }, + }, }, }, - "deviceIndex": { + "ports": { SchemaProps: spec.SchemaProps{ - Description: "deviceIndex is the index of the device on the instance for the network interface attachment. Defaults to 0.", - Default: 0, - Type: []string{"integer"}, - Format: "int64", + Description: "Create and assign additional ports to instances", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1alpha1.PortOpts"), + }, + }, + }, }, }, - "publicIp": { + "floatingIP": { SchemaProps: spec.SchemaProps{ - Description: "publicIp specifies whether the instance should get a public IP. If not present, it should use the default of its subnet.", - Type: []string{"boolean"}, + Description: "floatingIP specifies a floating IP to be associated with the machine. Note that it is not safe to use this parameter in a MachineSet, as only one Machine may be assigned the same floating IP.\n\nDeprecated: floatingIP will be removed in a future release as it cannot be implemented correctly.", + Type: []string{"string"}, Format: "", }, }, - "networkInterfaceType": { + "availabilityZone": { SchemaProps: spec.SchemaProps{ - Description: "networkInterfaceType specifies the type of network interface to be used for the primary network interface. Valid values are \"ENA\", \"EFA\", and omitted, which means no opinion and the platform chooses a good default which may change over time. The current default value is \"ENA\". Please visit https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html to learn more about the AWS Elastic Fabric Adapter interface option.", + Description: "The availability zone from which to launch the server.", Type: []string{"string"}, Format: "", }, }, "securityGroups": { SchemaProps: spec.SchemaProps{ - Description: "securityGroups is an array of references to security groups that should be applied to the instance.", + Description: "The names of the security groups to assign to the instance", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.AWSResourceReference"), + Ref: ref("github.com/openshift/api/machine/v1alpha1.SecurityGroupParam"), }, }, }, }, }, - "subnet": { + "userDataSecret": { SchemaProps: spec.SchemaProps{ - Description: "subnet is a reference to the subnet to use for this instance", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.AWSResourceReference"), + Description: "The name of the secret containing the user data (startup script in most cases)", + Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), }, }, - "placement": { + "trunk": { SchemaProps: spec.SchemaProps{ - Description: "placement specifies where to create the instance in AWS", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.Placement"), + Description: "Whether the server instance is created on a trunk port or not.", + Type: []string{"boolean"}, + Format: "", }, }, - "loadBalancers": { + "tags": { SchemaProps: spec.SchemaProps{ - Description: "loadBalancers is the set of load balancers to which the new instance should be added once it is created.", + Description: "Machine tags Requires Nova api 2.52 minimum!", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.LoadBalancerReference"), + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, }, }, - "blockDevices": { + "serverMetadata": { SchemaProps: spec.SchemaProps{ - Description: "blockDevices is the set of block device mapping associated to this instance, block device without a name will be used as a root device and only one device without a name is allowed https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html", + Description: "Metadata mapping. Allows you to create a map of key value pairs to add to the server instance.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "configDrive": { + SchemaProps: spec.SchemaProps{ + Description: "Config Drive support", + Type: []string{"boolean"}, + Format: "", + }, + }, + "rootVolume": { + SchemaProps: spec.SchemaProps{ + Description: "The volume metadata to boot from", + Ref: ref("github.com/openshift/api/machine/v1alpha1.RootVolume"), + }, + }, + "additionalBlockDevices": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "additionalBlockDevices is a list of specifications for additional block devices to attach to the server instance", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.BlockDeviceMappingSpec"), + Ref: ref("github.com/openshift/api/machine/v1alpha1.AdditionalBlockDevice"), }, }, }, }, }, - "spotMarketOptions": { - SchemaProps: spec.SchemaProps{ - Description: "spotMarketOptions allows users to configure instances to be run using AWS Spot instances.", - Ref: ref("github.com/openshift/api/machine/v1beta1.SpotMarketOptions"), - }, - }, - "metadataServiceOptions": { - SchemaProps: spec.SchemaProps{ - Description: "metadataServiceOptions allows users to configure instance metadata service interaction options. If nothing specified, default AWS IMDS settings will be applied. https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_InstanceMetadataOptionsRequest.html", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.MetadataServiceOptions"), - }, - }, - "placementGroupName": { + "serverGroupID": { SchemaProps: spec.SchemaProps{ - Description: "placementGroupName specifies the name of the placement group in which to launch the instance. The placement group must already be created and may use any placement strategy. When omitted, no placement group is used when creating the EC2 instance.", + Description: "The server group to assign the machine to.", Type: []string{"string"}, Format: "", }, }, - "placementGroupPartition": { - SchemaProps: spec.SchemaProps{ - Description: "placementGroupPartition is the partition number within the placement group in which to launch the instance. This must be an integer value between 1 and 7. It is only valid if the placement group, referred in `PlacementGroupName` was created with strategy set to partition.", - Type: []string{"integer"}, - Format: "int32", - }, - }, - "capacityReservationId": { + "serverGroupName": { SchemaProps: spec.SchemaProps{ - Description: "capacityReservationId specifies the target Capacity Reservation into which the instance should be launched. The field size should be greater than 0 and the field input must start with cr-***", - Default: "", + Description: "The server group to assign the machine to. A server group with that name will be created if it does not exist. If both ServerGroupID and ServerGroupName are non-empty, they must refer to the same OpenStack resource.", Type: []string{"string"}, Format: "", }, }, - "marketType": { + "primarySubnet": { SchemaProps: spec.SchemaProps{ - Description: "marketType specifies the type of market for the EC2 instance. Valid values are OnDemand, Spot, CapacityBlock and omitted.\n\nDefaults to OnDemand. When SpotMarketOptions is provided, the marketType defaults to \"Spot\".\n\nWhen set to OnDemand the instance runs as a standard OnDemand instance. When set to Spot the instance runs as a Spot instance. When set to CapacityBlock the instance utilizes pre-purchased compute capacity (capacity blocks) with AWS Capacity Reservations. If this value is selected, capacityReservationID must be specified to identify the target reservation.", + Description: "The subnet that a set of machines will get ingress/egress traffic from Deprecated: primarySubnet is silently ignored. Use subnets instead.", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"ami", "instanceType", "deviceIndex", "subnet", "placement"}, + Required: []string{"cloudsSecret", "cloudName", "flavor", "image"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.AWSResourceReference", "github.com/openshift/api/machine/v1beta1.BlockDeviceMappingSpec", "github.com/openshift/api/machine/v1beta1.CPUOptions", "github.com/openshift/api/machine/v1beta1.LoadBalancerReference", "github.com/openshift/api/machine/v1beta1.MetadataServiceOptions", "github.com/openshift/api/machine/v1beta1.Placement", "github.com/openshift/api/machine/v1beta1.SpotMarketOptions", "github.com/openshift/api/machine/v1beta1.TagSpecification", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/machine/v1alpha1.AdditionalBlockDevice", "github.com/openshift/api/machine/v1alpha1.NetworkParam", "github.com/openshift/api/machine/v1alpha1.PortOpts", "github.com/openshift/api/machine/v1alpha1.RootVolume", "github.com/openshift/api/machine/v1alpha1.SecurityGroupParam", corev1.SecretReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1beta1_AWSMachineProviderConfigList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1alpha1_PortOpts(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "AWSMachineProviderConfigList contains a list of AWSMachineProviderConfig Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - Type: []string{"object"}, + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "networkID": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "networkID is the ID of the network the port will be created in. It is required.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "nameSuffix": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "If nameSuffix is specified the created port will be named -. If not specified the port will be named -.", Type: []string{"string"}, Format: "", }, }, - "metadata": { + "description": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Description: "description specifies the description of the created port.", + Type: []string{"string"}, + Format: "", }, }, - "items": { + "adminStateUp": { SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.AWSMachineProviderConfig"), - }, - }, - }, + Description: "adminStateUp sets the administrative state of the created port to up (true), or down (false).", + Type: []string{"boolean"}, + Format: "", }, }, - }, - Required: []string{"items"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.AWSMachineProviderConfig", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, - } -} - -func schema_openshift_api_machine_v1beta1_AWSMachineProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "AWSMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains AWS-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { + "macAddress": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "macAddress specifies the MAC address of the created port.", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "fixedIPs": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", + Description: "fixedIPs specifies a set of fixed IPs to assign to the port. They must all be valid for the port's network.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1alpha1.FixedIPs"), + }, + }, + }, }, }, - "instanceId": { + "tenantID": { SchemaProps: spec.SchemaProps{ - Description: "instanceId is the instance ID of the machine created in AWS", + Description: "tenantID specifies the tenant ID of the created port. Note that this requires OpenShift to have administrative permissions, which is typically not the case. Use of this field is not recommended. Deprecated: tenantID is silently ignored.", Type: []string{"string"}, Format: "", }, }, - "instanceState": { + "projectID": { SchemaProps: spec.SchemaProps{ - Description: "instanceState is the state of the AWS instance for this machine", + Description: "projectID specifies the project ID of the created port. Note that this requires OpenShift to have administrative permissions, which is typically not the case. Use of this field is not recommended. Deprecated: projectID is silently ignored.", Type: []string{"string"}, Format: "", }, }, - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", + "securityGroups": { + SchemaProps: spec.SchemaProps{ + Description: "securityGroups specifies a set of security group UUIDs to use instead of the machine's default security groups. The default security groups will be used if this is left empty or not specified.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, }, - "x-kubernetes-list-type": "map", }, }, + }, + "allowedAddressPairs": { SchemaProps: spec.SchemaProps{ - Description: "conditions is a set of conditions associated with the Machine to indicate errors or other status", + Description: "allowedAddressPairs specifies a set of allowed address pairs to add to the port.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref("github.com/openshift/api/machine/v1alpha1.AddressPair"), }, }, }, }, }, - }, - }, - }, - Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, - } -} - -func schema_openshift_api_machine_v1beta1_AWSResourceReference(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "AWSResourceReference is a reference to a specific AWS resource by ID, ARN, or filters. Only one of ID, ARN or Filters may be specified. Specifying more than one will result in a validation error.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "id": { + "tags": { SchemaProps: spec.SchemaProps{ - Description: "id of resource", - Type: []string{"string"}, - Format: "", + Description: "tags species a set of tags to add to the port.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "arn": { + "vnicType": { SchemaProps: spec.SchemaProps{ - Description: "arn of resource", + Description: "The virtual network interface card (vNIC) type that is bound to the neutron port.", Type: []string{"string"}, Format: "", }, }, - "filters": { + "profile": { SchemaProps: spec.SchemaProps{ - Description: "filters is a set of filters used to identify a resource", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ + Description: "A dictionary that enables the application running on the specified host to pass and receive virtual network interface (VIF) port-specific information to the plug-in.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.Filter"), + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, }, }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.Filter"}, - } -} - -func schema_openshift_api_machine_v1beta1_AddressesFromPool(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "AddressesFromPool is an IPAddressPool that will be used to create IPAddressClaims for fulfillment by an external controller.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "group": { + "portSecurity": { SchemaProps: spec.SchemaProps{ - Description: "group of the IP address pool type known to an external IPAM controller. This should be a fully qualified domain name, for example, externalipam.controller.io.", - Default: "", - Type: []string{"string"}, + Description: "enable or disable security on a given port incompatible with securityGroups and allowedAddressPairs", + Type: []string{"boolean"}, Format: "", }, }, - "resource": { + "trunk": { SchemaProps: spec.SchemaProps{ - Description: "resource of the IP address pool type known to an external IPAM controller. It is normally the plural form of the resource kind in lowercase, for example, ippools.", - Default: "", - Type: []string{"string"}, + Description: "Enables and disables trunk at port level. If not provided, openStackMachine.Spec.Trunk is inherited.", + Type: []string{"boolean"}, Format: "", }, }, - "name": { + "hostID": { SchemaProps: spec.SchemaProps{ - Description: "name of an IP address pool, for example, pool-config-1.", - Default: "", + Description: "The ID of the host where the port is allocated. Do not use this field: it cannot be used correctly. Deprecated: hostID is silently ignored. It will be removed with no replacement.", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"group", "resource", "name"}, + Required: []string{"networkID"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1alpha1.AddressPair", "github.com/openshift/api/machine/v1alpha1.FixedIPs"}, } } -func schema_openshift_api_machine_v1beta1_AzureBootDiagnostics(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1alpha1_RootVolume(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "AzureBootDiagnostics configures the boot diagnostics settings for the virtual machine. This allows you to configure capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", - Type: []string{"object"}, + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "storageAccountType": { + "sourceUUID": { SchemaProps: spec.SchemaProps{ - Description: "storageAccountType determines if the storage account for storing the diagnostics data should be provisioned by Azure (AzureManaged) or by the customer (CustomerManaged).", - Default: "", + Description: "sourceUUID specifies the UUID of a glance image used to populate the root volume. Deprecated: set image in the platform spec instead. This will be ignored if image is set in the platform spec.", Type: []string{"string"}, Format: "", }, }, - "customerManaged": { + "volumeType": { SchemaProps: spec.SchemaProps{ - Description: "customerManaged provides reference to the customer manager storage account.", - Ref: ref("github.com/openshift/api/machine/v1beta1.AzureCustomerManagedBootDiagnostics"), + Description: "volumeType specifies a volume type to use when creating the root volume. If not specified the default volume type will be used.", + Type: []string{"string"}, + Format: "", }, }, - }, - Required: []string{"storageAccountType"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "storageAccountType", - "fields-to-discriminateBy": map[string]interface{}{ - "customerManaged": "CustomerManaged", - }, + "diskSize": { + SchemaProps: spec.SchemaProps{ + Description: "diskSize specifies the size, in GiB, of the created root volume.", + Type: []string{"integer"}, + Format: "int32", }, }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.AzureCustomerManagedBootDiagnostics"}, - } -} - -func schema_openshift_api_machine_v1beta1_AzureCustomerManagedBootDiagnostics(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "AzureCustomerManagedBootDiagnostics provides reference to a customer managed storage account.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "storageAccountURI": { + "availabilityZone": { SchemaProps: spec.SchemaProps{ - Description: "storageAccountURI is the URI of the customer managed storage account. The URI typically will be `https://.blob.core.windows.net/` but may differ if you are using Azure DNS zone endpoints. You can find the correct endpoint by looking for the Blob Primary Endpoint in the endpoints tab in the Azure console.", - Default: "", + Description: "availabilityZone specifies the Cinder availability where the root volume will be created.", Type: []string{"string"}, Format: "", }, }, - }, - Required: []string{"storageAccountURI"}, - }, - }, - } -} - -func schema_openshift_api_machine_v1beta1_AzureDiagnostics(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "AzureDiagnostics is used to configure the diagnostic settings of the virtual machine.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "boot": { + "sourceType": { SchemaProps: spec.SchemaProps{ - Description: "AzureBootDiagnostics configures the boot diagnostics settings for the virtual machine. This allows you to configure capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", - Ref: ref("github.com/openshift/api/machine/v1beta1.AzureBootDiagnostics"), + Description: "Deprecated: sourceType will be silently ignored. There is no replacement.", + Type: []string{"string"}, + Format: "", + }, + }, + "deviceType": { + SchemaProps: spec.SchemaProps{ + Description: "Deprecated: deviceType will be silently ignored. There is no replacement.", + Type: []string{"string"}, + Format: "", }, }, }, }, }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.AzureBootDiagnostics"}, } } -func schema_openshift_api_machine_v1beta1_AzureMachineProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1alpha1_SecurityGroupFilter(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "AzureMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an Azure virtual machine. It is used by the Azure machine actuator to create a single Machine. Required parameters such as location that are not specified by this configuration, will be defaulted by the actuator. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - Type: []string{"object"}, + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "id": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "id specifies the ID of a security group to use. If set, id will not be validated before use. An invalid id will result in failure to create a server with an appropriate error message.", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "name filters security groups by name.", Type: []string{"string"}, Format: "", }, }, - "metadata": { + "description": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Description: "description filters security groups by description.", + Type: []string{"string"}, + Format: "", }, }, - "userDataSecret": { + "tenantId": { SchemaProps: spec.SchemaProps{ - Description: "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", - Ref: ref("k8s.io/api/core/v1.SecretReference"), + Description: "tenantId filters security groups by tenant ID. Deprecated: use projectId instead. tenantId will be ignored if projectId is set.", + Type: []string{"string"}, + Format: "", }, }, - "credentialsSecret": { + "projectId": { SchemaProps: spec.SchemaProps{ - Description: "credentialsSecret is a reference to the secret with Azure credentials.", - Ref: ref("k8s.io/api/core/v1.SecretReference"), + Description: "projectId filters security groups by project ID.", + Type: []string{"string"}, + Format: "", }, }, - "location": { + "tags": { SchemaProps: spec.SchemaProps{ - Description: "location is the region to use to create the instance", + Description: "tags filters by security groups containing all specified tags. Multiple tags are comma separated.", Type: []string{"string"}, Format: "", }, }, - "vmSize": { + "tagsAny": { SchemaProps: spec.SchemaProps{ - Description: "vmSize is the size of the VM to create.", + Description: "tagsAny filters by security groups containing any specified tags. Multiple tags are comma separated.", Type: []string{"string"}, Format: "", }, }, - "image": { + "notTags": { SchemaProps: spec.SchemaProps{ - Description: "image is the OS image to use to create the instance.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.Image"), + Description: "notTags filters by security groups which don't match all specified tags. NOT (t1 AND t2...) Multiple tags are comma separated.", + Type: []string{"string"}, + Format: "", }, }, - "osDisk": { + "notTagsAny": { SchemaProps: spec.SchemaProps{ - Description: "osDisk represents the parameters for creating the OS disk.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.OSDisk"), + Description: "notTagsAny filters by security groups which don't match any specified tags. NOT (t1 OR t2...) Multiple tags are comma separated.", + Type: []string{"string"}, + Format: "", }, }, - "dataDisks": { + "limit": { SchemaProps: spec.SchemaProps{ - Description: "DataDisk specifies the parameters that are used to add one or more data disks to the machine.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.DataDisk"), - }, - }, - }, + Description: "Deprecated: limit is silently ignored. It has no replacement.", + Type: []string{"integer"}, + Format: "int32", }, }, - "sshPublicKey": { + "marker": { SchemaProps: spec.SchemaProps{ - Description: "sshPublicKey is the public key to use to SSH to the virtual machine.", + Description: "Deprecated: marker is silently ignored. It has no replacement.", Type: []string{"string"}, Format: "", }, }, - "publicIP": { + "sortKey": { SchemaProps: spec.SchemaProps{ - Description: "publicIP if true a public IP will be used", - Default: false, - Type: []string{"boolean"}, + Description: "Deprecated: sortKey is silently ignored. It has no replacement.", + Type: []string{"string"}, Format: "", }, }, - "tags": { + "sortDir": { SchemaProps: spec.SchemaProps{ - Description: "tags is a list of tags to apply to the machine.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "Deprecated: sortDir is silently ignored. It has no replacement.", + Type: []string{"string"}, + Format: "", }, }, - "securityGroup": { + }, + }, + }, + } +} + +func schema_openshift_api_machine_v1alpha1_SecurityGroupParam(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "uuid": { SchemaProps: spec.SchemaProps{ - Description: "Network Security Group that needs to be attached to the machine's interface. No security group will be attached if empty.", + Description: "Security Group UUID", Type: []string{"string"}, Format: "", }, }, - "applicationSecurityGroups": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "Application Security Groups that need to be attached to the machine's interface. No application security groups will be attached if zero-length.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "Security Group name", + Type: []string{"string"}, + Format: "", }, }, - "subnet": { + "filter": { SchemaProps: spec.SchemaProps{ - Description: "subnet to use for this instance", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "Filters used to query security groups in openstack", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1alpha1.SecurityGroupFilter"), }, }, - "publicLoadBalancer": { + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1alpha1.SecurityGroupFilter"}, + } +} + +func schema_openshift_api_machine_v1alpha1_SubnetFilter(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "id": { SchemaProps: spec.SchemaProps{ - Description: "publicLoadBalancer to use for this instance", + Description: "id is the uuid of a specific subnet to use. If specified, id will not be validated. Instead server creation will fail with an appropriate error.", Type: []string{"string"}, Format: "", }, }, - "internalLoadBalancer": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "InternalLoadBalancerName to use for this instance", + Description: "name filters subnets by name.", Type: []string{"string"}, Format: "", }, }, - "natRule": { + "description": { SchemaProps: spec.SchemaProps{ - Description: "natRule to set inbound NAT rule of the load balancer", - Type: []string{"integer"}, - Format: "int64", + Description: "description filters subnets by description.", + Type: []string{"string"}, + Format: "", }, }, - "managedIdentity": { + "networkId": { SchemaProps: spec.SchemaProps{ - Description: "managedIdentity to set managed identity name", + Description: "Deprecated: networkId is silently ignored. Set uuid on the containing network definition instead.", Type: []string{"string"}, Format: "", }, }, - "vnet": { + "tenantId": { SchemaProps: spec.SchemaProps{ - Description: "vnet to set virtual network name", + Description: "tenantId filters subnets by tenant ID. Deprecated: use projectId instead. tenantId will be ignored if projectId is set.", Type: []string{"string"}, Format: "", }, }, - "zone": { + "projectId": { SchemaProps: spec.SchemaProps{ - Description: "Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone", + Description: "projectId filters subnets by project ID.", Type: []string{"string"}, Format: "", }, }, - "networkResourceGroup": { + "ipVersion": { SchemaProps: spec.SchemaProps{ - Description: "networkResourceGroup is the resource group for the virtual machine's network", - Type: []string{"string"}, - Format: "", + Description: "ipVersion filters subnets by IP version.", + Type: []string{"integer"}, + Format: "int32", }, }, - "resourceGroup": { + "gateway_ip": { SchemaProps: spec.SchemaProps{ - Description: "resourceGroup is the resource group for the virtual machine", + Description: "gateway_ip filters subnets by gateway IP.", Type: []string{"string"}, Format: "", }, }, - "spotVMOptions": { + "cidr": { SchemaProps: spec.SchemaProps{ - Description: "spotVMOptions allows the ability to specify the Machine should use a Spot VM", - Ref: ref("github.com/openshift/api/machine/v1beta1.SpotVMOptions"), + Description: "cidr filters subnets by CIDR.", + Type: []string{"string"}, + Format: "", }, }, - "securityProfile": { + "ipv6AddressMode": { SchemaProps: spec.SchemaProps{ - Description: "securityProfile specifies the Security profile settings for a virtual machine.", - Ref: ref("github.com/openshift/api/machine/v1beta1.SecurityProfile"), + Description: "ipv6AddressMode filters subnets by IPv6 address mode.", + Type: []string{"string"}, + Format: "", }, }, - "ultraSSDCapability": { + "ipv6RaMode": { SchemaProps: spec.SchemaProps{ - Description: "ultraSSDCapability enables or disables Azure UltraSSD capability for a virtual machine. This can be used to allow/disallow binding of Azure UltraSSD to the Machine both as Data Disks or via Persistent Volumes. This Azure feature is subject to a specific scope and certain limitations. More informations on this can be found in the official Azure documentation for Ultra Disks: (https://docs.microsoft.com/en-us/azure/virtual-machines/disks-enable-ultra-ssd?tabs=azure-portal#ga-scope-and-limitations).\n\nWhen omitted, if at least one Data Disk of type UltraSSD is specified, the platform will automatically enable the capability. If a Perisistent Volume backed by an UltraSSD is bound to a Pod on the Machine, when this field is ommitted, the platform will *not* automatically enable the capability (unless already enabled by the presence of an UltraSSD as Data Disk). This may manifest in the Pod being stuck in `ContainerCreating` phase. This defaulting behaviour may be subject to change in future.\n\nWhen set to \"Enabled\", if the capability is available for the Machine based on the scope and limitations described above, the capability will be set on the Machine. This will thus allow UltraSSD both as Data Disks and Persistent Volumes. If set to \"Enabled\" when the capability can't be available due to scope and limitations, the Machine will go into \"Failed\" state.\n\nWhen set to \"Disabled\", UltraSSDs will not be allowed either as Data Disks nor as Persistent Volumes. In this case if any UltraSSDs are specified as Data Disks on a Machine, the Machine will go into a \"Failed\" state. If instead any UltraSSDs are backing the volumes (via Persistent Volumes) of any Pods scheduled on a Node which is backed by the Machine, the Pod may get stuck in `ContainerCreating` phase.", + Description: "ipv6RaMode filters subnets by IPv6 router adversiement mode.", Type: []string{"string"}, Format: "", }, }, - "acceleratedNetworking": { + "subnetpoolId": { SchemaProps: spec.SchemaProps{ - Description: "acceleratedNetworking enables or disables Azure accelerated networking feature. Set to false by default. If true, then this will depend on whether the requested VMSize is supported. If set to true with an unsupported VMSize, Azure will return an error.", - Type: []string{"boolean"}, + Description: "subnetpoolId filters subnets by subnet pool ID. Deprecated: subnetpoolId is silently ignored.", + Type: []string{"string"}, Format: "", }, }, - "availabilitySet": { + "tags": { SchemaProps: spec.SchemaProps{ - Description: "availabilitySet specifies the availability set to use for this instance. Availability set should be precreated, before using this field.", + Description: "tags filters by subnets containing all specified tags. Multiple tags are comma separated.", Type: []string{"string"}, Format: "", }, }, - "diagnostics": { + "tagsAny": { SchemaProps: spec.SchemaProps{ - Description: "diagnostics configures the diagnostics settings for the virtual machine. This allows you to configure boot diagnostics such as capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.AzureDiagnostics"), + Description: "tagsAny filters by subnets containing any specified tags. Multiple tags are comma separated.", + Type: []string{"string"}, + Format: "", }, }, - "capacityReservationGroupID": { + "notTags": { SchemaProps: spec.SchemaProps{ - Description: "capacityReservationGroupID specifies the capacity reservation group resource id that should be used for allocating the virtual machine. The field size should be greater than 0 and the field input must start with '/'. The input for capacityReservationGroupID must be similar to '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/capacityReservationGroups/{capacityReservationGroupName}'. The keys which are used should be among 'subscriptions', 'providers' and 'resourcegroups' followed by valid ID or names respectively.", + Description: "notTags filters by subnets which don't match all specified tags. NOT (t1 AND t2...) Multiple tags are comma separated.", Type: []string{"string"}, Format: "", }, }, - }, - Required: []string{"image", "osDisk", "publicIP", "subnet"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.AzureDiagnostics", "github.com/openshift/api/machine/v1beta1.DataDisk", "github.com/openshift/api/machine/v1beta1.Image", "github.com/openshift/api/machine/v1beta1.OSDisk", "github.com/openshift/api/machine/v1beta1.SecurityProfile", "github.com/openshift/api/machine/v1beta1.SpotVMOptions", "k8s.io/api/core/v1.SecretReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, - } -} - -func schema_openshift_api_machine_v1beta1_AzureMachineProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "AzureMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains Azure-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { + "notTagsAny": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "notTagsAny filters by subnets which don't match any specified tags. NOT (t1 OR t2...) Multiple tags are comma separated.", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "enableDhcp": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, + Description: "Deprecated: enableDhcp is silently ignored. It has no replacement.", + Type: []string{"boolean"}, Format: "", }, }, - "metadata": { + "limit": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Description: "Deprecated: limit is silently ignored. It has no replacement.", + Type: []string{"integer"}, + Format: "int32", }, }, - "vmId": { + "marker": { SchemaProps: spec.SchemaProps{ - Description: "vmId is the ID of the virtual machine created in Azure.", + Description: "Deprecated: marker is silently ignored. It has no replacement.", Type: []string{"string"}, Format: "", }, }, - "vmState": { + "sortKey": { SchemaProps: spec.SchemaProps{ - Description: "vmState is the provisioning state of the Azure virtual machine.", + Description: "Deprecated: sortKey is silently ignored. It has no replacement.", Type: []string{"string"}, Format: "", }, }, - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", - }, - "x-kubernetes-list-type": "map", - }, - }, + "sortDir": { SchemaProps: spec.SchemaProps{ - Description: "conditions is a set of conditions associated with the Machine to indicate errors or other status.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), - }, - }, - }, + Description: "Deprecated: sortDir is silently ignored. It has no replacement.", + Type: []string{"string"}, + Format: "", }, }, }, }, }, - Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_machine_v1beta1_BlockDeviceMappingSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1alpha1_SubnetParam(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "BlockDeviceMappingSpec describes a block device mapping", - Type: []string{"object"}, + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "deviceName": { + "uuid": { SchemaProps: spec.SchemaProps{ - Description: "The device name exposed to the machine (for example, /dev/sdh or xvdh).", + Description: "The UUID of the network. Required if you omit the port attribute.", Type: []string{"string"}, Format: "", }, }, - "ebs": { + "filter": { SchemaProps: spec.SchemaProps{ - Description: "Parameters used to automatically set up EBS volumes when the machine is launched.", - Ref: ref("github.com/openshift/api/machine/v1beta1.EBSBlockDeviceSpec"), + Description: "Filters for optional network query", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1alpha1.SubnetFilter"), }, }, - "noDevice": { + "portTags": { SchemaProps: spec.SchemaProps{ - Description: "Suppresses the specified device included in the block device mapping of the AMI.", - Type: []string{"string"}, - Format: "", + Description: "portTags are tags that are added to ports created on this subnet", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "virtualName": { + "portSecurity": { SchemaProps: spec.SchemaProps{ - Description: "The virtual device name (ephemeralN). Machine store volumes are numbered starting from 0. An machine type with 2 available machine store volumes can specify mappings for ephemeral0 and ephemeral1.The number of available machine store volumes depends on the machine type. After you connect to the machine, you must mount the volume.\n\nConstraints: For M3 machines, you must specify machine store volumes in the block device mapping for the machine. When you launch an M3 machine, we ignore any machine store volumes specified in the block device mapping for the AMI.", - Type: []string{"string"}, + Description: "portSecurity optionally enables or disables security on ports managed by OpenStack Deprecated: portSecurity is silently ignored. Set portSecurity on the parent network instead.", + Type: []string{"boolean"}, Format: "", }, }, @@ -41713,552 +42194,517 @@ func schema_openshift_api_machine_v1beta1_BlockDeviceMappingSpec(ref common.Refe }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.EBSBlockDeviceSpec"}, - } -} - -func schema_openshift_api_machine_v1beta1_CPUOptions(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "CPUOptions defines CPU-related settings for the instance, including the confidential computing policy. If provided, it must not be empty — at least one field must be set.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "confidentialCompute": { - SchemaProps: spec.SchemaProps{ - Description: "confidentialCompute specifies whether confidential computing should be enabled for the instance, and, if so, which confidential computing technology to use. Valid values are: Disabled, AMDEncryptedVirtualizationNestedPaging and omitted. When set to Disabled, confidential computing will be disabled for the instance. When set to AMDEncryptedVirtualizationNestedPaging, AMD SEV-SNP will be used as the confidential computing technology for the instance. In this case, ensure the following conditions are met: 1) The selected instance type supports AMD SEV-SNP. 2) The selected AWS region supports AMD SEV-SNP. 3) The selected AMI supports AMD SEV-SNP. More details can be checked at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html When omitted, this means no opinion and the AWS platform is left to choose a reasonable default, which is subject to change without notice. The current default is Disabled.", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, + "github.com/openshift/api/machine/v1alpha1.SubnetFilter"}, } } -func schema_openshift_api_machine_v1beta1_Condition(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_AWSMachineProviderConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "Condition defines an observation of a Machine API resource operational state.", + Description: "AWSMachineProviderConfig is the Schema for the awsmachineproviderconfigs API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "type": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.", - Default: "", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "status": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "status of the condition, one of True, False, Unknown.", - Default: "", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - "severity": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.", - Type: []string{"string"}, - Format: "", + Default: map[string]interface{}{}, + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, - "lastTransitionTime": { + "ami": { SchemaProps: spec.SchemaProps{ - Description: "Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Description: "ami is the reference to the AMI from which to create the machine instance.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.AWSResourceReference"), }, }, - "reason": { + "instanceType": { SchemaProps: spec.SchemaProps{ - Description: "The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.", + Description: "instanceType is the type of instance to create. Example: m4.xlarge", + Default: "", Type: []string{"string"}, Format: "", }, }, - "message": { + "cpuOptions": { SchemaProps: spec.SchemaProps{ - Description: "A human readable message indicating details about the transition. This field may be empty.", - Type: []string{"string"}, - Format: "", + Description: "cpuOptions defines CPU-related settings for the instance, including the confidential computing policy. When omitted, this means no opinion and the AWS platform is left to choose a reasonable default. More info: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CpuOptionsRequest.html, https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cpu-options-supported-instances-values.html", + Ref: ref("github.com/openshift/api/machine/v1beta1.CPUOptions"), }, }, - }, - Required: []string{"type", "status", "lastTransitionTime"}, - }, - }, - Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, - } -} - -func schema_openshift_api_machine_v1beta1_ConfidentialVM(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ConfidentialVM defines the UEFI settings for the virtual machine.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "uefiSettings": { + "tags": { SchemaProps: spec.SchemaProps{ - Description: "uefiSettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.UEFISettings"), + Description: "tags is the set of tags to add to apply to an instance, in addition to the ones added by default by the actuator. These tags are additive. The actuator will ensure these tags are present, but will not remove any other tags that may exist on the instance.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.TagSpecification"), + }, + }, + }, }, }, - }, - Required: []string{"uefiSettings"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.UEFISettings"}, - } -} - -func schema_openshift_api_machine_v1beta1_DataDisk(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "DataDisk specifies the parameters that are used to add one or more data disks to the machine. A Data Disk is a managed disk that's attached to a virtual machine to store application data. It differs from an OS Disk as it doesn't come with a pre-installed OS, and it cannot contain the boot volume. It is registered as SCSI drive and labeled with the chosen `lun`. e.g. for `lun: 0` the raw disk device will be available at `/dev/disk/azure/scsi1/lun0`.\n\nAs the Data Disk disk device is attached raw to the virtual machine, it will need to be partitioned, formatted with a filesystem and mounted, in order for it to be usable. This can be done by creating a custom userdata Secret with custom Ignition configuration to achieve the desired initialization. At this stage the previously defined `lun` is to be used as the \"device\" key for referencing the raw disk device to be initialized. Once the custom userdata Secret has been created, it can be referenced in the Machine's `.providerSpec.userDataSecret`. For further guidance and examples, please refer to the official OpenShift docs.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "nameSuffix": { + "iamInstanceProfile": { SchemaProps: spec.SchemaProps{ - Description: "nameSuffix is the suffix to be appended to the machine name to generate the disk name. Each disk name will be in format _. NameSuffix name must start and finish with an alphanumeric character and can only contain letters, numbers, underscores, periods or hyphens. The overall disk name must not exceed 80 chars in length.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "iamInstanceProfile is a reference to an IAM role to assign to the instance", + Ref: ref("github.com/openshift/api/machine/v1beta1.AWSResourceReference"), }, }, - "diskSizeGB": { + "userDataSecret": { SchemaProps: spec.SchemaProps{ - Description: "diskSizeGB is the size in GB to assign to the data disk.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, - "managedDisk": { + "credentialsSecret": { SchemaProps: spec.SchemaProps{ - Description: "managedDisk specifies the Managed Disk parameters for the data disk. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is a ManagedDisk with with storageAccountType: \"Premium_LRS\" and diskEncryptionSet.id: \"Default\".", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.DataDiskManagedDiskParameters"), + Description: "credentialsSecret is a reference to the secret with AWS credentials. Otherwise, defaults to permissions provided by attached IAM role where the actuator is running.", + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, - "lun": { + "keyName": { SchemaProps: spec.SchemaProps{ - Description: "lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. This value is also needed for referencing the data disks devices within userdata to perform disk initialization through Ignition (e.g. partition/format/mount). The value must be between 0 and 63.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "keyName is the name of the KeyPair to use for SSH", + Type: []string{"string"}, + Format: "", }, }, - "cachingType": { + "deviceIndex": { SchemaProps: spec.SchemaProps{ - Description: "cachingType specifies the caching requirements. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is CachingTypeNone.", - Type: []string{"string"}, - Format: "", + Description: "deviceIndex is the index of the device on the instance for the network interface attachment. Defaults to 0.", + Default: 0, + Type: []string{"integer"}, + Format: "int64", }, }, - "deletionPolicy": { + "publicIp": { SchemaProps: spec.SchemaProps{ - Description: "deletionPolicy specifies the data disk deletion policy upon Machine deletion. Possible values are \"Delete\",\"Detach\". When \"Delete\" is used the data disk is deleted when the Machine is deleted. When \"Detach\" is used the data disk is detached from the Machine and retained when the Machine is deleted.", - Default: "", - Type: []string{"string"}, + Description: "publicIp specifies whether the instance should get a public IP. If not present, it should use the default of its subnet.", + Type: []string{"boolean"}, Format: "", }, }, - }, - Required: []string{"nameSuffix", "diskSizeGB", "lun", "deletionPolicy"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.DataDiskManagedDiskParameters"}, - } -} - -func schema_openshift_api_machine_v1beta1_DataDiskManagedDiskParameters(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "DataDiskManagedDiskParameters is the parameters of a DataDisk managed disk.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "storageAccountType": { + "networkInterfaceType": { SchemaProps: spec.SchemaProps{ - Description: "storageAccountType is the storage account type to use. Possible values include \"Standard_LRS\", \"Premium_LRS\" and \"UltraSSD_LRS\".", - Default: "", + Description: "networkInterfaceType specifies the type of network interface to be used for the primary network interface. Valid values are \"ENA\", \"EFA\", and omitted, which means no opinion and the platform chooses a good default which may change over time. The current default value is \"ENA\". Please visit https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html to learn more about the AWS Elastic Fabric Adapter interface option.", Type: []string{"string"}, Format: "", }, }, - "diskEncryptionSet": { + "securityGroups": { SchemaProps: spec.SchemaProps{ - Description: "diskEncryptionSet is the disk encryption set properties. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is a DiskEncryptionSet with id: \"Default\".", - Ref: ref("github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters"), + Description: "securityGroups is an array of references to security groups that should be applied to the instance.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.AWSResourceReference"), + }, + }, + }, }, }, - }, - Required: []string{"storageAccountType"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters"}, - } -} - -func schema_openshift_api_machine_v1beta1_DedicatedHost(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "DedicatedHost represents the configuration for the usage of dedicated host.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "id": { + "subnet": { SchemaProps: spec.SchemaProps{ - Description: "id identifies the AWS Dedicated Host on which the instance must run. The value must start with \"h-\" followed by either 8 or 17 lowercase hexadecimal characters (0-9 and a-f). The use of 8 lowercase hexadecimal characters is for older legacy hosts that may not have been migrated to newer format. Must be either 10 or 19 characters in length.", - Type: []string{"string"}, - Format: "", + Description: "subnet is a reference to the subnet to use for this instance", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.AWSResourceReference"), }, }, - }, - Required: []string{"id"}, - }, - }, - } -} - -func schema_openshift_api_machine_v1beta1_DiskEncryptionSetParameters(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "DiskEncryptionSetParameters is the disk encryption set properties", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "id": { + "placement": { SchemaProps: spec.SchemaProps{ - Description: "id is the disk encryption set ID Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is: \"Default\".", - Type: []string{"string"}, - Format: "", + Description: "placement specifies where to create the instance in AWS", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.Placement"), }, }, - }, - }, - }, - } -} - -func schema_openshift_api_machine_v1beta1_DiskSettings(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "DiskSettings describe ephemeral disk settings for the os disk.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "ephemeralStorageLocation": { + "loadBalancers": { SchemaProps: spec.SchemaProps{ - Description: "ephemeralStorageLocation enables ephemeral OS when set to 'Local'. Possible values include: 'Local'. See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks for full details. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is that disks are saved to remote Azure storage.", - Type: []string{"string"}, - Format: "", + Description: "loadBalancers is the set of load balancers to which the new instance should be added once it is created.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.LoadBalancerReference"), + }, + }, + }, }, }, - }, - }, - }, - } -} - -func schema_openshift_api_machine_v1beta1_EBSBlockDeviceSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "EBSBlockDeviceSpec describes a block device for an EBS volume. https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EbsBlockDevice", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "deleteOnTermination": { + "blockDevices": { SchemaProps: spec.SchemaProps{ - Description: "Indicates whether the EBS volume is deleted on machine termination.\n\nDeprecated: setting this field has no effect.", - Type: []string{"boolean"}, - Format: "", + Description: "blockDevices is the set of block device mapping associated to this instance, block device without a name will be used as a root device and only one device without a name is allowed https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.BlockDeviceMappingSpec"), + }, + }, + }, }, }, - "encrypted": { + "spotMarketOptions": { SchemaProps: spec.SchemaProps{ - Description: "Indicates whether the EBS volume is encrypted. Encrypted Amazon EBS volumes may only be attached to machines that support Amazon EBS encryption.", - Type: []string{"boolean"}, - Format: "", + Description: "spotMarketOptions allows users to configure instances to be run using AWS Spot instances.", + Ref: ref("github.com/openshift/api/machine/v1beta1.SpotMarketOptions"), }, }, - "kmsKey": { + "metadataServiceOptions": { SchemaProps: spec.SchemaProps{ - Description: "Indicates the KMS key that should be used to encrypt the Amazon EBS volume.", + Description: "metadataServiceOptions allows users to configure instance metadata service interaction options. If nothing specified, default AWS IMDS settings will be applied. https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_InstanceMetadataOptionsRequest.html", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.AWSResourceReference"), + Ref: ref("github.com/openshift/api/machine/v1beta1.MetadataServiceOptions"), }, }, - "iops": { + "placementGroupName": { SchemaProps: spec.SchemaProps{ - Description: "The number of I/O operations per second (IOPS) that the volume supports. For io1, this represents the number of IOPS that are provisioned for the volume. For gp2, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. For more information about General Purpose SSD baseline performance, I/O credits, and bursting, see Amazon EBS Volume Types (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the Amazon Elastic Compute Cloud User Guide.\n\nMinimal and maximal IOPS for io1 and gp2 are constrained. Please, check https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html for precise boundaries for individual volumes.\n\nCondition: This parameter is required for requests to create io1 volumes; it is not used in requests to create gp2, st1, sc1, or standard volumes.", - Type: []string{"integer"}, - Format: "int64", + Description: "placementGroupName specifies the name of the placement group in which to launch the instance. The placement group must already be created and may use any placement strategy. When omitted, no placement group is used when creating the EC2 instance.", + Type: []string{"string"}, + Format: "", }, }, - "throughputMib": { + "placementGroupPartition": { SchemaProps: spec.SchemaProps{ - Description: "throughputMib to provision in MiB/s supported for the volume type. Not applicable to all types.\n\nThis parameter is valid only for gp3 volumes. Valid Range: Minimum value of 125. Maximum value of 2000.\n\nWhen omitted, this means no opinion, and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 125.", + Description: "placementGroupPartition is the partition number within the placement group in which to launch the instance. This must be an integer value between 1 and 7. It is only valid if the placement group, referred in `PlacementGroupName` was created with strategy set to partition.", Type: []string{"integer"}, Format: "int32", }, }, - "volumeSize": { + "capacityReservationId": { SchemaProps: spec.SchemaProps{ - Description: "The size of the volume, in GiB.\n\nConstraints: 1-16384 for General Purpose SSD (gp2), 4-16384 for Provisioned IOPS SSD (io1), 500-16384 for Throughput Optimized HDD (st1), 500-16384 for Cold HDD (sc1), and 1-1024 for Magnetic (standard) volumes. If you specify a snapshot, the volume size must be equal to or larger than the snapshot size.\n\nDefault: If you're creating the volume from a snapshot and don't specify a volume size, the default is the snapshot size.", - Type: []string{"integer"}, - Format: "int64", + Description: "capacityReservationId specifies the target Capacity Reservation into which the instance should be launched. The field size should be greater than 0 and the field input must start with cr-***", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "volumeType": { + "marketType": { SchemaProps: spec.SchemaProps{ - Description: "volumeType can be of type gp2, gp3, io1, st1, sc1, or standard. Default: standard", + Description: "marketType specifies the type of market for the EC2 instance. Valid values are OnDemand, Spot, CapacityBlock and omitted.\n\nDefaults to OnDemand. When SpotMarketOptions is provided, the marketType defaults to \"Spot\".\n\nWhen set to OnDemand the instance runs as a standard OnDemand instance. When set to Spot the instance runs as a Spot instance. When set to CapacityBlock the instance utilizes pre-purchased compute capacity (capacity blocks) with AWS Capacity Reservations. If this value is selected, capacityReservationID must be specified to identify the target reservation.", Type: []string{"string"}, Format: "", }, }, }, + Required: []string{"ami", "instanceType", "deviceIndex", "subnet", "placement"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.AWSResourceReference"}, + "github.com/openshift/api/machine/v1beta1.AWSResourceReference", "github.com/openshift/api/machine/v1beta1.BlockDeviceMappingSpec", "github.com/openshift/api/machine/v1beta1.CPUOptions", "github.com/openshift/api/machine/v1beta1.LoadBalancerReference", "github.com/openshift/api/machine/v1beta1.MetadataServiceOptions", "github.com/openshift/api/machine/v1beta1.Placement", "github.com/openshift/api/machine/v1beta1.SpotMarketOptions", "github.com/openshift/api/machine/v1beta1.TagSpecification", corev1.LocalObjectReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1beta1_Filter(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_AWSMachineProviderConfigList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "Filter is a filter used to identify an AWS resource", + Description: "AWSMachineProviderConfigList contains a list of AWSMachineProviderConfig Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "name of the filter. Filter names are case-sensitive.", - Default: "", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "values": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "values includes one or more filter values. Filter values are case-sensitive.", - Type: []string{"array"}, + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.AWSMachineProviderConfig"), }, }, }, }, }, }, - Required: []string{"name"}, + Required: []string{"items"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.AWSMachineProviderConfig", metav1.ListMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1beta1_GCPDisk(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_AWSMachineProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "GCPDisk describes disks for GCP.", + Description: "AWSMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains AWS-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "autoDelete": { - SchemaProps: spec.SchemaProps{ - Description: "autoDelete indicates if the disk will be auto-deleted when the instance is deleted (default false).", - Default: false, - Type: []string{"boolean"}, - Format: "", - }, - }, - "boot": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "boot indicates if this is a boot disk (default false).", - Default: false, - Type: []string{"boolean"}, + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, Format: "", }, }, - "sizeGb": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "sizeGb is the size of the disk (in GB).", - Default: 0, - Type: []string{"integer"}, - Format: "int64", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", }, }, - "type": { + "instanceId": { SchemaProps: spec.SchemaProps{ - Description: "type is the type of the disk (eg: pd-standard).", - Default: "", + Description: "instanceId is the instance ID of the machine created in AWS", Type: []string{"string"}, Format: "", }, }, - "image": { + "instanceState": { SchemaProps: spec.SchemaProps{ - Description: "image is the source image to create this disk.", - Default: "", + Description: "instanceState is the state of the AWS instance for this machine", Type: []string{"string"}, Format: "", }, }, - "labels": { + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "labels list of labels to apply to the disk.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, + Description: "conditions is a set of conditions associated with the Machine to indicate errors or other status", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Default: map[string]interface{}{}, + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, }, }, - "encryptionKey": { + "dedicatedHost": { SchemaProps: spec.SchemaProps{ - Description: "encryptionKey is the customer-supplied encryption key of the disk.", - Ref: ref("github.com/openshift/api/machine/v1beta1.GCPEncryptionKeyReference"), + Description: "dedicatedHost tracks the dynamically allocated dedicated host. This field is populated when allocationStrategy is Dynamic (with or without DynamicHostAllocation). When omitted, this indicates that the dedicated host has not yet been allocated, or allocation is in progress.", + Ref: ref("github.com/openshift/api/machine/v1beta1.DedicatedHostStatus"), }, }, }, - Required: []string{"autoDelete", "boot", "sizeGb", "type", "image", "labels"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.GCPEncryptionKeyReference"}, + "github.com/openshift/api/machine/v1beta1.DedicatedHostStatus", metav1.Condition{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1beta1_GCPEncryptionKeyReference(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_AWSResourceReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "GCPEncryptionKeyReference describes the encryptionKey to use for a disk's encryption.", + Description: "AWSResourceReference is a reference to a specific AWS resource by ID, ARN, or filters. Only one of ID, ARN or Filters may be specified. Specifying more than one will result in a validation error.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kmsKey": { + "id": { SchemaProps: spec.SchemaProps{ - Description: "KMSKeyName is the reference KMS key, in the format", - Ref: ref("github.com/openshift/api/machine/v1beta1.GCPKMSKeyReference"), + Description: "id of resource", + Type: []string{"string"}, + Format: "", }, }, - "kmsKeyServiceAccount": { + "arn": { SchemaProps: spec.SchemaProps{ - Description: "kmsKeyServiceAccount is the service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. See https://cloud.google.com/compute/docs/access/service-accounts#compute_engine_service_account for details on the default service account.", + Description: "arn of resource", Type: []string{"string"}, Format: "", }, }, + "filters": { + SchemaProps: spec.SchemaProps{ + Description: "filters is a set of filters used to identify a resource", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.Filter"), + }, + }, + }, + }, + }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.GCPKMSKeyReference"}, + "github.com/openshift/api/machine/v1beta1.Filter"}, } } -func schema_openshift_api_machine_v1beta1_GCPGPUConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_AddressesFromPool(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "GCPGPUConfig describes type and count of GPUs attached to the instance on GCP.", + Description: "AddressesFromPool is an IPAddressPool that will be used to create IPAddressClaims for fulfillment by an external controller.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "count": { + "group": { SchemaProps: spec.SchemaProps{ - Description: "count is the number of GPUs to be attached to an instance.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "group of the IP address pool type known to an external IPAM controller. This should be a fully qualified domain name, for example, externalipam.controller.io.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "type": { + "resource": { SchemaProps: spec.SchemaProps{ - Description: "type is the type of GPU to be attached to an instance. Supported GPU types are: nvidia-tesla-k80, nvidia-tesla-p100, nvidia-tesla-v100, nvidia-tesla-p4, nvidia-tesla-t4", + Description: "resource of the IP address pool type known to an external IPAM controller. It is normally the plural form of the resource kind in lowercase, for example, ippools.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name of an IP address pool, for example, pool-config-1.", Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"count", "type"}, + Required: []string{"group", "resource", "name"}, }, }, } } -func schema_openshift_api_machine_v1beta1_GCPKMSKeyReference(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_AzureBootDiagnostics(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "GCPKMSKeyReference gathers required fields for looking up a GCP KMS Key", + Description: "AzureBootDiagnostics configures the boot diagnostics settings for the virtual machine. This allows you to configure capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "storageAccountType": { SchemaProps: spec.SchemaProps{ - Description: "name is the name of the customer managed encryption key to be used for the disk encryption.", + Description: "storageAccountType determines if the storage account for storing the diagnostics data should be provisioned by Azure (AzureManaged) or by the customer (CustomerManaged).", Default: "", Type: []string{"string"}, Format: "", }, }, - "keyRing": { + "customerManaged": { SchemaProps: spec.SchemaProps{ - Description: "keyRing is the name of the KMS Key Ring which the KMS Key belongs to.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "customerManaged provides reference to the customer manager storage account.", + Ref: ref("github.com/openshift/api/machine/v1beta1.AzureCustomerManagedBootDiagnostics"), }, }, - "projectID": { - SchemaProps: spec.SchemaProps{ - Description: "projectID is the ID of the Project in which the KMS Key Ring exists. Defaults to the VM ProjectID if not set.", - Type: []string{"string"}, - Format: "", + }, + Required: []string{"storageAccountType"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "storageAccountType", + "fields-to-discriminateBy": map[string]interface{}{ + "customerManaged": "CustomerManaged", + }, }, }, - "location": { + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.AzureCustomerManagedBootDiagnostics"}, + } +} + +func schema_openshift_api_machine_v1beta1_AzureCustomerManagedBootDiagnostics(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "AzureCustomerManagedBootDiagnostics provides reference to a customer managed storage account.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "storageAccountURI": { SchemaProps: spec.SchemaProps{ - Description: "location is the GCP location in which the Key Ring exists.", + Description: "storageAccountURI is the URI of the customer managed storage account. The URI typically will be `https://.blob.core.windows.net/` but may differ if you are using Azure DNS zone endpoints. You can find the correct endpoint by looking for the Blob Primary Endpoint in the endpoints tab in the Azure console.", Default: "", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"name", "keyRing", "location"}, + Required: []string{"storageAccountURI"}, }, }, } } -func schema_openshift_api_machine_v1beta1_GCPMachineProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_AzureDiagnostics(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "GCPMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an GCP virtual machine. It is used by the GCP machine actuator to create a single Machine. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "AzureDiagnostics is used to configure the diagnostic settings of the virtual machine.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "boot": { + SchemaProps: spec.SchemaProps{ + Description: "AzureBootDiagnostics configures the boot diagnostics settings for the virtual machine. This allows you to configure capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", + Ref: ref("github.com/openshift/api/machine/v1beta1.AzureBootDiagnostics"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.AzureBootDiagnostics"}, + } +} + +func schema_openshift_api_machine_v1beta1_AzureMachineProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "AzureMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an Azure virtual machine. It is used by the Azure machine actuator to create a single Machine. Required parameters such as location that are not specified by this configuration, will be defaulted by the actuator. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -42277,113 +42723,85 @@ func schema_openshift_api_machine_v1beta1_GCPMachineProviderSpec(ref common.Refe }, "metadata": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Default: map[string]interface{}{}, + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "userDataSecret": { SchemaProps: spec.SchemaProps{ Description: "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), }, }, "credentialsSecret": { SchemaProps: spec.SchemaProps{ - Description: "credentialsSecret is a reference to the secret with GCP credentials.", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Description: "credentialsSecret is a reference to the secret with Azure credentials.", + Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), }, }, - "canIPForward": { + "location": { SchemaProps: spec.SchemaProps{ - Description: "canIPForward Allows this instance to send and receive packets with non-matching destination or source IPs. This is required if you plan to use this instance to forward routes.", - Default: false, - Type: []string{"boolean"}, + Description: "location is the region to use to create the instance", + Type: []string{"string"}, Format: "", }, }, - "deletionProtection": { + "vmSize": { SchemaProps: spec.SchemaProps{ - Description: "deletionProtection whether the resource should be protected against deletion.", - Default: false, - Type: []string{"boolean"}, + Description: "vmSize is the size of the VM to create.", + Type: []string{"string"}, Format: "", }, }, - "disks": { + "image": { SchemaProps: spec.SchemaProps{ - Description: "disks is a list of disks to be attached to the VM.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Ref: ref("github.com/openshift/api/machine/v1beta1.GCPDisk"), - }, - }, - }, + Description: "image is the OS image to use to create the instance.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.Image"), }, }, - "labels": { + "osDisk": { SchemaProps: spec.SchemaProps{ - Description: "labels list of labels to apply to the VM.", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "osDisk represents the parameters for creating the OS disk.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.OSDisk"), }, }, - "gcpMetadata": { + "dataDisks": { SchemaProps: spec.SchemaProps{ - Description: "Metadata key/value pairs to apply to the VM.", + Description: "DataDisk specifies the parameters that are used to add one or more data disks to the machine.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("github.com/openshift/api/machine/v1beta1.GCPMetadata"), + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.DataDisk"), }, }, }, }, }, - "networkInterfaces": { + "sshPublicKey": { SchemaProps: spec.SchemaProps{ - Description: "networkInterfaces is a list of network interfaces to be attached to the VM.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Ref: ref("github.com/openshift/api/machine/v1beta1.GCPNetworkInterface"), - }, - }, - }, + Description: "sshPublicKey is the public key to use to SSH to the virtual machine.", + Type: []string{"string"}, + Format: "", }, }, - "serviceAccounts": { + "publicIP": { SchemaProps: spec.SchemaProps{ - Description: "serviceAccounts is a list of GCP service accounts to be used by the VM.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.GCPServiceAccount"), - }, - }, - }, + Description: "publicIP if true a public IP will be used", + Default: false, + Type: []string{"boolean"}, + Format: "", }, }, "tags": { SchemaProps: spec.SchemaProps{ - Description: "tags list of network tags to apply to the VM.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ + Description: "tags is a list of tags to apply to the machine.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: "", @@ -42394,9 +42812,16 @@ func schema_openshift_api_machine_v1beta1_GCPMachineProviderSpec(ref common.Refe }, }, }, - "targetPools": { + "securityGroup": { SchemaProps: spec.SchemaProps{ - Description: "targetPools are used for network TCP/UDP load balancing. A target pool references member instances, an associated legacy HttpHealthCheck resource, and, optionally, a backup target pool", + Description: "Network Security Group that needs to be attached to the machine's interface. No security group will be attached if empty.", + Type: []string{"string"}, + Format: "", + }, + }, + "applicationSecurityGroups": { + SchemaProps: spec.SchemaProps{ + Description: "Application Security Groups that need to be attached to the machine's interface. No application security groups will be attached if zero-length.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -42409,326 +42834,514 @@ func schema_openshift_api_machine_v1beta1_GCPMachineProviderSpec(ref common.Refe }, }, }, - "machineType": { + "subnet": { SchemaProps: spec.SchemaProps{ - Description: "machineType is the machine type to use for the VM.", + Description: "subnet to use for this instance", Default: "", Type: []string{"string"}, Format: "", }, }, - "region": { + "publicLoadBalancer": { SchemaProps: spec.SchemaProps{ - Description: "region is the region in which the GCP machine provider will create the VM.", - Default: "", + Description: "publicLoadBalancer to use for this instance", + Type: []string{"string"}, + Format: "", + }, + }, + "internalLoadBalancer": { + SchemaProps: spec.SchemaProps{ + Description: "InternalLoadBalancerName to use for this instance", + Type: []string{"string"}, + Format: "", + }, + }, + "natRule": { + SchemaProps: spec.SchemaProps{ + Description: "natRule to set inbound NAT rule of the load balancer", + Type: []string{"integer"}, + Format: "int64", + }, + }, + "managedIdentity": { + SchemaProps: spec.SchemaProps{ + Description: "managedIdentity to set managed identity name", + Type: []string{"string"}, + Format: "", + }, + }, + "vnet": { + SchemaProps: spec.SchemaProps{ + Description: "vnet to set virtual network name", Type: []string{"string"}, Format: "", }, }, "zone": { SchemaProps: spec.SchemaProps{ - Description: "zone is the zone in which the GCP machine provider will create the VM.", - Default: "", + Description: "Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone", Type: []string{"string"}, Format: "", }, }, - "projectID": { + "networkResourceGroup": { SchemaProps: spec.SchemaProps{ - Description: "projectID is the project in which the GCP machine provider will create the VM.", + Description: "networkResourceGroup is the resource group for the virtual machine's network", Type: []string{"string"}, Format: "", }, }, - "gpus": { + "resourceGroup": { SchemaProps: spec.SchemaProps{ - Description: "gpus is a list of GPUs to be attached to the VM.", + Description: "resourceGroup is the resource group for the virtual machine", + Type: []string{"string"}, + Format: "", + }, + }, + "spotVMOptions": { + SchemaProps: spec.SchemaProps{ + Description: "spotVMOptions allows the ability to specify the Machine should use a Spot VM", + Ref: ref("github.com/openshift/api/machine/v1beta1.SpotVMOptions"), + }, + }, + "securityProfile": { + SchemaProps: spec.SchemaProps{ + Description: "securityProfile specifies the Security profile settings for a virtual machine.", + Ref: ref("github.com/openshift/api/machine/v1beta1.SecurityProfile"), + }, + }, + "ultraSSDCapability": { + SchemaProps: spec.SchemaProps{ + Description: "ultraSSDCapability enables or disables Azure UltraSSD capability for a virtual machine. This can be used to allow/disallow binding of Azure UltraSSD to the Machine both as Data Disks or via Persistent Volumes. This Azure feature is subject to a specific scope and certain limitations. More informations on this can be found in the official Azure documentation for Ultra Disks: (https://docs.microsoft.com/en-us/azure/virtual-machines/disks-enable-ultra-ssd?tabs=azure-portal#ga-scope-and-limitations).\n\nWhen omitted, if at least one Data Disk of type UltraSSD is specified, the platform will automatically enable the capability. If a Perisistent Volume backed by an UltraSSD is bound to a Pod on the Machine, when this field is ommitted, the platform will *not* automatically enable the capability (unless already enabled by the presence of an UltraSSD as Data Disk). This may manifest in the Pod being stuck in `ContainerCreating` phase. This defaulting behaviour may be subject to change in future.\n\nWhen set to \"Enabled\", if the capability is available for the Machine based on the scope and limitations described above, the capability will be set on the Machine. This will thus allow UltraSSD both as Data Disks and Persistent Volumes. If set to \"Enabled\" when the capability can't be available due to scope and limitations, the Machine will go into \"Failed\" state.\n\nWhen set to \"Disabled\", UltraSSDs will not be allowed either as Data Disks nor as Persistent Volumes. In this case if any UltraSSDs are specified as Data Disks on a Machine, the Machine will go into a \"Failed\" state. If instead any UltraSSDs are backing the volumes (via Persistent Volumes) of any Pods scheduled on a Node which is backed by the Machine, the Pod may get stuck in `ContainerCreating` phase.", + Type: []string{"string"}, + Format: "", + }, + }, + "acceleratedNetworking": { + SchemaProps: spec.SchemaProps{ + Description: "acceleratedNetworking enables or disables Azure accelerated networking feature. Set to false by default. If true, then this will depend on whether the requested VMSize is supported. If set to true with an unsupported VMSize, Azure will return an error.", + Type: []string{"boolean"}, + Format: "", + }, + }, + "availabilitySet": { + SchemaProps: spec.SchemaProps{ + Description: "availabilitySet specifies the availability set to use for this instance. Availability set should be precreated, before using this field.", + Type: []string{"string"}, + Format: "", + }, + }, + "diagnostics": { + SchemaProps: spec.SchemaProps{ + Description: "diagnostics configures the diagnostics settings for the virtual machine. This allows you to configure boot diagnostics such as capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.AzureDiagnostics"), + }, + }, + "capacityReservationGroupID": { + SchemaProps: spec.SchemaProps{ + Description: "capacityReservationGroupID specifies the capacity reservation group resource id that should be used for allocating the virtual machine. The field size should be greater than 0 and the field input must start with '/'. The input for capacityReservationGroupID must be similar to '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/capacityReservationGroups/{capacityReservationGroupName}'. The keys which are used should be among 'subscriptions', 'providers' and 'resourcegroups' followed by valid ID or names respectively.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"image", "osDisk", "publicIP", "subnet"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.AzureDiagnostics", "github.com/openshift/api/machine/v1beta1.DataDisk", "github.com/openshift/api/machine/v1beta1.Image", "github.com/openshift/api/machine/v1beta1.OSDisk", "github.com/openshift/api/machine/v1beta1.SecurityProfile", "github.com/openshift/api/machine/v1beta1.SpotVMOptions", corev1.SecretReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_machine_v1beta1_AzureMachineProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "AzureMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains Azure-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + }, + }, + "vmId": { + SchemaProps: spec.SchemaProps{ + Description: "vmId is the ID of the virtual machine created in Azure.", + Type: []string{"string"}, + Format: "", + }, + }, + "vmState": { + SchemaProps: spec.SchemaProps{ + Description: "vmState is the provisioning state of the Azure virtual machine.", + Type: []string{"string"}, + Format: "", + }, + }, + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "conditions is a set of conditions associated with the Machine to indicate errors or other status.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.GCPGPUConfig"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, }, }, - "preemptible": { + }, + }, + }, + Dependencies: []string{ + metav1.Condition{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_machine_v1beta1_BlockDeviceMappingSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "BlockDeviceMappingSpec describes a block device mapping", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "deviceName": { SchemaProps: spec.SchemaProps{ - Description: "preemptible indicates if created instance is preemptible.", - Type: []string{"boolean"}, + Description: "The device name exposed to the machine (for example, /dev/sdh or xvdh).", + Type: []string{"string"}, Format: "", }, }, - "provisioningModel": { + "ebs": { + SchemaProps: spec.SchemaProps{ + Description: "Parameters used to automatically set up EBS volumes when the machine is launched.", + Ref: ref("github.com/openshift/api/machine/v1beta1.EBSBlockDeviceSpec"), + }, + }, + "noDevice": { + SchemaProps: spec.SchemaProps{ + Description: "Suppresses the specified device included in the block device mapping of the AMI.", + Type: []string{"string"}, + Format: "", + }, + }, + "virtualName": { + SchemaProps: spec.SchemaProps{ + Description: "The virtual device name (ephemeralN). Machine store volumes are numbered starting from 0. An machine type with 2 available machine store volumes can specify mappings for ephemeral0 and ephemeral1.The number of available machine store volumes depends on the machine type. After you connect to the machine, you must mount the volume.\n\nConstraints: For M3 machines, you must specify machine store volumes in the block device mapping for the machine. When you launch an M3 machine, we ignore any machine store volumes specified in the block device mapping for the AMI.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.EBSBlockDeviceSpec"}, + } +} + +func schema_openshift_api_machine_v1beta1_CPUOptions(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "CPUOptions defines CPU-related settings for the instance, including the confidential computing policy. If provided, it must not be empty — at least one field must be set.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "confidentialCompute": { + SchemaProps: spec.SchemaProps{ + Description: "confidentialCompute specifies whether confidential computing should be enabled for the instance, and, if so, which confidential computing technology to use. Valid values are: Disabled, AMDEncryptedVirtualizationNestedPaging and omitted. When set to Disabled, confidential computing will be disabled for the instance. When set to AMDEncryptedVirtualizationNestedPaging, AMD SEV-SNP will be used as the confidential computing technology for the instance. In this case, ensure the following conditions are met: 1) The selected instance type supports AMD SEV-SNP. 2) The selected AWS region supports AMD SEV-SNP. 3) The selected AMI supports AMD SEV-SNP. More details can be checked at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html When omitted, this means no opinion and the AWS platform is left to choose a reasonable default, which is subject to change without notice. The current default is Disabled.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + +func schema_openshift_api_machine_v1beta1_Condition(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Condition defines an observation of a Machine API resource operational state.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { SchemaProps: spec.SchemaProps{ - Description: "provisioningModel is an optional field that determines the provisioning model for the GCP machine instance. Valid values are \"Spot\" and omitted. When set to Spot, the instance runs as a Google Cloud Spot instance which provides significant cost savings but may be preempted by Google Cloud Platform when resources are needed elsewhere. When omitted, the machine will be provisioned as a standard on-demand instance. This field cannot be used together with the preemptible field.", + Description: "type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "onHostMaintenance": { + "status": { SchemaProps: spec.SchemaProps{ - Description: "onHostMaintenance determines the behavior when a maintenance event occurs that might cause the instance to reboot. This is required to be set to \"Terminate\" if you want to provision machine with attached GPUs. Otherwise, allowed values are \"Migrate\" and \"Terminate\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is \"Migrate\".", + Description: "status of the condition, one of True, False, Unknown.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "restartPolicy": { + "severity": { SchemaProps: spec.SchemaProps{ - Description: "restartPolicy determines the behavior when an instance crashes or the underlying infrastructure provider stops the instance as part of a maintenance event (default \"Always\"). Cannot be \"Always\" with preemptible instances. Otherwise, allowed values are \"Always\" and \"Never\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is \"Always\". RestartPolicy represents AutomaticRestart in GCP compute api", + Description: "severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.", Type: []string{"string"}, Format: "", }, }, - "shieldedInstanceConfig": { + "lastTransitionTime": { SchemaProps: spec.SchemaProps{ - Description: "shieldedInstanceConfig is the Shielded VM configuration for the VM", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.GCPShieldedInstanceConfig"), + Description: "Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, - "confidentialCompute": { + "reason": { SchemaProps: spec.SchemaProps{ - Description: "confidentialCompute is an optional field defining whether the instance should have confidential compute enabled or not, and the confidential computing technology of choice. Allowed values are omitted, Disabled, Enabled, AMDEncryptedVirtualization, AMDEncryptedVirtualizationNestedPaging, and IntelTrustedDomainExtensions When set to Disabled, the machine will not be configured to be a confidential computing instance. When set to Enabled, the machine will be configured as a confidential computing instance with no preference on the confidential compute policy used. In this mode, the platform chooses a default that is subject to change over time. Currently, the default is to use AMD Secure Encrypted Virtualization. When set to AMDEncryptedVirtualization, the machine will be configured as a confidential computing instance with AMD Secure Encrypted Virtualization (AMD SEV) as the confidential computing technology. When set to AMDEncryptedVirtualizationNestedPaging, the machine will be configured as a confidential computing instance with AMD Secure Encrypted Virtualization Secure Nested Paging (AMD SEV-SNP) as the confidential computing technology. When set to IntelTrustedDomainExtensions, the machine will be configured as a confidential computing instance with Intel Trusted Domain Extensions (Intel TDX) as the confidential computing technology. If any value other than Disabled is set the selected machine type must support that specific confidential computing technology. The machine series supporting confidential computing technologies can be checked at https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations#all-confidential-vm-instances Currently, AMDEncryptedVirtualization is supported in c2d, n2d, and c3d machines. AMDEncryptedVirtualizationNestedPaging is supported in n2d machines. IntelTrustedDomainExtensions is supported in c3 machines. If any value other than Disabled is set, the selected region must support that specific confidential computing technology. The list of regions supporting confidential computing technologies can be checked at https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations#supported-zones If any value other than Disabled is set onHostMaintenance is required to be set to \"Terminate\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled.", + Description: "The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.", Type: []string{"string"}, Format: "", }, }, - "resourceManagerTags": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "key", - }, - "x-kubernetes-list-type": "map", - }, + "message": { + SchemaProps: spec.SchemaProps{ + Description: "A human readable message indicating details about the transition. This field may be empty.", + Type: []string{"string"}, + Format: "", }, + }, + }, + Required: []string{"type", "status", "lastTransitionTime"}, + }, + }, + Dependencies: []string{ + metav1.Time{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_machine_v1beta1_ConfidentialVM(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ConfidentialVM defines the UEFI settings for the virtual machine.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "uefiSettings": { SchemaProps: spec.SchemaProps{ - Description: "resourceManagerTags is an optional list of tags to apply to the GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.ResourceManagerTag"), - }, - }, - }, + Description: "uefiSettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.UEFISettings"), }, }, }, - Required: []string{"canIPForward", "deletionProtection", "serviceAccounts", "machineType", "region", "zone"}, + Required: []string{"uefiSettings"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.GCPDisk", "github.com/openshift/api/machine/v1beta1.GCPGPUConfig", "github.com/openshift/api/machine/v1beta1.GCPMetadata", "github.com/openshift/api/machine/v1beta1.GCPNetworkInterface", "github.com/openshift/api/machine/v1beta1.GCPServiceAccount", "github.com/openshift/api/machine/v1beta1.GCPShieldedInstanceConfig", "github.com/openshift/api/machine/v1beta1.ResourceManagerTag", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/machine/v1beta1.UEFISettings"}, } } -func schema_openshift_api_machine_v1beta1_GCPMachineProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_DataDisk(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "GCPMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains GCP-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "DataDisk specifies the parameters that are used to add one or more data disks to the machine. A Data Disk is a managed disk that's attached to a virtual machine to store application data. It differs from an OS Disk as it doesn't come with a pre-installed OS, and it cannot contain the boot volume. It is registered as SCSI drive and labeled with the chosen `lun`. e.g. for `lun: 0` the raw disk device will be available at `/dev/disk/azure/scsi1/lun0`.\n\nAs the Data Disk disk device is attached raw to the virtual machine, it will need to be partitioned, formatted with a filesystem and mounted, in order for it to be usable. This can be done by creating a custom userdata Secret with custom Ignition configuration to achieve the desired initialization. At this stage the previously defined `lun` is to be used as the \"device\" key for referencing the raw disk device to be initialized. Once the custom userdata Secret has been created, it can be referenced in the Machine's `.providerSpec.userDataSecret`. For further guidance and examples, please refer to the official OpenShift docs.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "nameSuffix": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "nameSuffix is the suffix to be appended to the machine name to generate the disk name. Each disk name will be in format _. NameSuffix name must start and finish with an alphanumeric character and can only contain letters, numbers, underscores, periods or hyphens. The overall disk name must not exceed 80 chars in length.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "diskSizeGB": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", + Description: "diskSizeGB is the size in GB to assign to the data disk.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, - "metadata": { + "managedDisk": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Description: "managedDisk specifies the Managed Disk parameters for the data disk. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is a ManagedDisk with with storageAccountType: \"Premium_LRS\" and diskEncryptionSet.id: \"Default\".", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.DataDiskManagedDiskParameters"), }, }, - "instanceId": { + "lun": { SchemaProps: spec.SchemaProps{ - Description: "instanceId is the ID of the instance in GCP", - Type: []string{"string"}, - Format: "", + Description: "lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. This value is also needed for referencing the data disks devices within userdata to perform disk initialization through Ignition (e.g. partition/format/mount). The value must be between 0 and 63.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, - "instanceState": { + "cachingType": { SchemaProps: spec.SchemaProps{ - Description: "instanceState is the provisioning state of the GCP Instance.", + Description: "cachingType specifies the caching requirements. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is CachingTypeNone.", Type: []string{"string"}, Format: "", }, }, - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", - }, - "x-kubernetes-list-type": "map", - }, - }, + "deletionPolicy": { SchemaProps: spec.SchemaProps{ - Description: "conditions is a set of conditions associated with the Machine to indicate errors or other status", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), - }, - }, - }, + Description: "deletionPolicy specifies the data disk deletion policy upon Machine deletion. Possible values are \"Delete\",\"Detach\". When \"Delete\" is used the data disk is deleted when the Machine is deleted. When \"Detach\" is used the data disk is detached from the Machine and retained when the Machine is deleted.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, + Required: []string{"nameSuffix", "diskSizeGB", "lun", "deletionPolicy"}, }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/machine/v1beta1.DataDiskManagedDiskParameters"}, } } -func schema_openshift_api_machine_v1beta1_GCPMetadata(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_DataDiskManagedDiskParameters(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "GCPMetadata describes metadata for GCP.", + Description: "DataDiskManagedDiskParameters is the parameters of a DataDisk managed disk.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "key": { + "storageAccountType": { SchemaProps: spec.SchemaProps{ - Description: "key is the metadata key.", + Description: "storageAccountType is the storage account type to use. Possible values include \"Standard_LRS\", \"Premium_LRS\" and \"UltraSSD_LRS\".", Default: "", Type: []string{"string"}, Format: "", }, }, - "value": { + "diskEncryptionSet": { SchemaProps: spec.SchemaProps{ - Description: "value is the metadata value.", - Type: []string{"string"}, - Format: "", + Description: "diskEncryptionSet is the disk encryption set properties. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is a DiskEncryptionSet with id: \"Default\".", + Ref: ref("github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters"), }, }, }, - Required: []string{"key", "value"}, + Required: []string{"storageAccountType"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters"}, } } -func schema_openshift_api_machine_v1beta1_GCPNetworkInterface(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_DedicatedHost(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "GCPNetworkInterface describes network interfaces for GCP", + Description: "DedicatedHost represents the configuration for the usage of dedicated host.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "publicIP": { + "allocationStrategy": { SchemaProps: spec.SchemaProps{ - Description: "publicIP indicates if true a public IP will be used", - Type: []string{"boolean"}, + Description: "allocationStrategy specifies if the dedicated host will be provided by the admin through the id field or if the host will be dynamically allocated. Valid values are UserProvided and Dynamic. When omitted, the value defaults to \"UserProvided\", which requires the id field to be set. When allocationStrategy is set to UserProvided, an ID of the dedicated host to assign must be provided. When allocationStrategy is set to Dynamic, a dedicated host will be allocated and used to assign instances. When allocationStrategy is set to Dynamic, and dynamicHostAllocation is configured, a dedicated host will be allocated and the tags in dynamicHostAllocation will be assigned to that host.\n\nPossible enum values:\n - `\"Dynamic\"` specifies that the system should dynamically allocate a dedicated host for instances.\n - `\"UserProvided\"` specifies that the system should assign instances to a user-provided dedicated host.", + Default: "UserProvided", + Type: []string{"string"}, Format: "", + Enum: []interface{}{"Dynamic", "UserProvided"}, }, }, - "network": { + "id": { SchemaProps: spec.SchemaProps{ - Description: "network is the network name.", + Description: "id identifies the AWS Dedicated Host on which the instance must run. The value must start with \"h-\" followed by either 8 or 17 lowercase hexadecimal characters (0-9 and a-f). The use of 8 lowercase hexadecimal characters is for older legacy hosts that may not have been migrated to newer format. Must be either 10 or 19 characters in length. This field is required when allocationStrategy is UserProvided, and forbidden otherwise. When omitted with allocationStrategy set to Dynamic, the platform will dynamically allocate a dedicated host.", Type: []string{"string"}, Format: "", }, }, - "projectID": { + "dynamicHostAllocation": { SchemaProps: spec.SchemaProps{ - Description: "projectID is the project in which the GCP machine provider will create the VM.", - Type: []string{"string"}, - Format: "", + Description: "dynamicHostAllocation specifies tags to apply to a dynamically allocated dedicated host. This field is only allowed when allocationStrategy is Dynamic, and is mutually exclusive with id. When specified, a dedicated host will be allocated with the provided tags applied. When omitted (and allocationStrategy is Dynamic), a dedicated host will be allocated without any additional tags.", + Ref: ref("github.com/openshift/api/machine/v1beta1.DynamicHostAllocationSpec"), }, }, - "subnetwork": { - SchemaProps: spec.SchemaProps{ - Description: "subnetwork is the subnetwork name.", - Type: []string{"string"}, - Format: "", + }, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "allocationStrategy", + "fields-to-discriminateBy": map[string]interface{}{ + "dynamicHostAllocation": "DynamicHostAllocation", + "id": "ID", + }, }, }, }, }, }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.DynamicHostAllocationSpec"}, } } -func schema_openshift_api_machine_v1beta1_GCPServiceAccount(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_DedicatedHostStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "GCPServiceAccount describes service accounts for GCP.", + Description: "DedicatedHostStatus defines the observed state of a dynamically allocated dedicated host associated with an AWSMachine. This struct is used to track the ID of the dedicated host.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "email": { + "id": { SchemaProps: spec.SchemaProps{ - Description: "email is the service account email.", - Default: "", + Description: "id tracks the dynamically allocated dedicated host ID. This field is populated when allocationStrategy is Dynamic (with or without DynamicHostAllocation). The value must start with \"h-\" followed by either 8 or 17 lowercase hexadecimal characters (0-9 and a-f). The use of 8 lowercase hexadecimal characters is for older legacy hosts that may not have been migrated to newer format. Must be either 10 or 19 characters in length.", Type: []string{"string"}, Format: "", }, }, - "scopes": { - SchemaProps: spec.SchemaProps{ - Description: "scopes list of scopes to be assigned to the service account.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, }, - Required: []string{"email", "scopes"}, + Required: []string{"id"}, }, }, } } -func schema_openshift_api_machine_v1beta1_GCPShieldedInstanceConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_DiskEncryptionSetParameters(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "GCPShieldedInstanceConfig describes the shielded VM configuration of the instance on GCP. Shielded VM configuration allow users to enable and disable Secure Boot, vTPM, and Integrity Monitoring.", + Description: "DiskEncryptionSetParameters is the disk encryption set properties", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "secureBoot": { - SchemaProps: spec.SchemaProps{ - Description: "secureBoot Defines whether the instance should have secure boot enabled. Secure Boot verify the digital signature of all boot components, and halting the boot process if signature verification fails. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled.", - Type: []string{"string"}, - Format: "", - }, - }, - "virtualizedTrustedPlatformModule": { - SchemaProps: spec.SchemaProps{ - Description: "virtualizedTrustedPlatformModule enable virtualized trusted platform module measurements to create a known good boot integrity policy baseline. The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. This is required to be set to \"Enabled\" if IntegrityMonitoring is enabled. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled.", - Type: []string{"string"}, - Format: "", - }, - }, - "integrityMonitoring": { + "id": { SchemaProps: spec.SchemaProps{ - Description: "integrityMonitoring determines whether the instance should have integrity monitoring that verify the runtime boot integrity. Compares the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled.", + Description: "id is the disk encryption set ID Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is: \"Default\".", Type: []string{"string"}, Format: "", }, @@ -42739,36 +43352,52 @@ func schema_openshift_api_machine_v1beta1_GCPShieldedInstanceConfig(ref common.R } } -func schema_openshift_api_machine_v1beta1_HostPlacement(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_DiskSettings(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "HostPlacement is the type that will be used to configure the placement of AWS instances.", + Description: "DiskSettings describe ephemeral disk settings for the os disk.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "affinity": { + "ephemeralStorageLocation": { SchemaProps: spec.SchemaProps{ - Description: "affinity specifies the affinity setting for the instance. Allowed values are AnyAvailable and DedicatedHost. When Affinity is set to DedicatedHost, an instance started onto a specific host always restarts on the same host if stopped. In this scenario, the `dedicatedHost` field must be set. When Affinity is set to AnyAvailable, and you stop and restart the instance, it can be restarted on any available host. When Affinity is set to AnyAvailable and the `dedicatedHost` field is defined, it runs on specified Dedicated Host, but may move if stopped.", + Description: "ephemeralStorageLocation enables ephemeral OS when set to 'Local'. Possible values include: 'Local'. See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks for full details. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is that disks are saved to remote Azure storage.", Type: []string{"string"}, Format: "", }, }, - "dedicatedHost": { - SchemaProps: spec.SchemaProps{ - Description: "dedicatedHost specifies the exact host that an instance should be restarted on if stopped. dedicatedHost is required when 'affinity' is set to DedicatedHost, and optional otherwise.", - Ref: ref("github.com/openshift/api/machine/v1beta1.DedicatedHost"), - }, - }, }, - Required: []string{"affinity"}, }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "affinity", - "fields-to-discriminateBy": map[string]interface{}{ - "dedicatedHost": "DedicatedHost", + }, + } +} + +func schema_openshift_api_machine_v1beta1_DynamicHostAllocationSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "DynamicHostAllocationSpec defines the configuration for dynamic dedicated host allocation. This specification always allocates exactly one dedicated host per machine. At least one property must be specified when this struct is used. Currently only Tags are available for configuring, but in the future more configs may become available.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "tags": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "tags specifies a set of key-value pairs to apply to the allocated dedicated host. When omitted, no additional user-defined tags will be applied to the allocated host. A maximum of 50 tags can be specified.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.TagSpecification"), + }, + }, }, }, }, @@ -42776,283 +43405,297 @@ func schema_openshift_api_machine_v1beta1_HostPlacement(ref common.ReferenceCall }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.DedicatedHost"}, + "github.com/openshift/api/machine/v1beta1.TagSpecification"}, } } -func schema_openshift_api_machine_v1beta1_Image(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_EBSBlockDeviceSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "Image is a mirror of azure sdk compute.ImageReference", + Description: "EBSBlockDeviceSpec describes a block device for an EBS volume. https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EbsBlockDevice", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "publisher": { + "deleteOnTermination": { SchemaProps: spec.SchemaProps{ - Description: "publisher is the name of the organization that created the image", - Default: "", - Type: []string{"string"}, + Description: "Indicates whether the EBS volume is deleted on machine termination.\n\nDeprecated: setting this field has no effect.", + Type: []string{"boolean"}, Format: "", }, }, - "offer": { + "encrypted": { SchemaProps: spec.SchemaProps{ - Description: "offer specifies the name of a group of related images created by the publisher. For example, UbuntuServer, WindowsServer", - Default: "", - Type: []string{"string"}, + Description: "Indicates whether the EBS volume is encrypted. Encrypted Amazon EBS volumes may only be attached to machines that support Amazon EBS encryption.", + Type: []string{"boolean"}, Format: "", }, }, - "sku": { + "kmsKey": { SchemaProps: spec.SchemaProps{ - Description: "sku specifies an instance of an offer, such as a major release of a distribution. For example, 18.04-LTS, 2019-Datacenter", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "Indicates the KMS key that should be used to encrypt the Amazon EBS volume.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.AWSResourceReference"), }, }, - "version": { + "iops": { SchemaProps: spec.SchemaProps{ - Description: "version specifies the version of an image sku. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "The number of I/O operations per second (IOPS) that the volume supports. For io1, this represents the number of IOPS that are provisioned for the volume. For gp2, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. For more information about General Purpose SSD baseline performance, I/O credits, and bursting, see Amazon EBS Volume Types (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the Amazon Elastic Compute Cloud User Guide.\n\nMinimal and maximal IOPS for io1 and gp2 are constrained. Please, check https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html for precise boundaries for individual volumes.\n\nCondition: This parameter is required for requests to create io1 volumes; it is not used in requests to create gp2, st1, sc1, or standard volumes.", + Type: []string{"integer"}, + Format: "int64", }, }, - "resourceID": { + "throughputMib": { SchemaProps: spec.SchemaProps{ - Description: "resourceID specifies an image to use by ID", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "throughputMib to provision in MiB/s supported for the volume type. Not applicable to all types.\n\nThis parameter is valid only for gp3 volumes. Valid Range: Minimum value of 125. Maximum value of 2000.\n\nWhen omitted, this means no opinion, and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 125.", + Type: []string{"integer"}, + Format: "int32", }, }, - "type": { + "volumeSize": { SchemaProps: spec.SchemaProps{ - Description: "type identifies the source of the image and related information, such as purchase plans. Valid values are \"ID\", \"MarketplaceWithPlan\", \"MarketplaceNoPlan\", and omitted, which means no opinion and the platform chooses a good default which may change over time. Currently that default is \"MarketplaceNoPlan\" if publisher data is supplied, or \"ID\" if not. For more information about purchase plans, see: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/cli-ps-findimage#check-the-purchase-plan-information", + Description: "The size of the volume, in GiB.\n\nConstraints: 1-16384 for General Purpose SSD (gp2), 4-16384 for Provisioned IOPS SSD (io1), 500-16384 for Throughput Optimized HDD (st1), 500-16384 for Cold HDD (sc1), and 1-1024 for Magnetic (standard) volumes. If you specify a snapshot, the volume size must be equal to or larger than the snapshot size.\n\nDefault: If you're creating the volume from a snapshot and don't specify a volume size, the default is the snapshot size.", + Type: []string{"integer"}, + Format: "int64", + }, + }, + "volumeType": { + SchemaProps: spec.SchemaProps{ + Description: "volumeType can be of type gp2, gp3, io1, st1, sc1, or standard. Default: standard", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"publisher", "offer", "sku", "version", "resourceID"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.AWSResourceReference"}, } } -func schema_openshift_api_machine_v1beta1_LastOperation(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_Filter(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "LastOperation represents the detail of the last performed operation on the MachineObject.", + Description: "Filter is a filter used to identify an AWS resource", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "description": { - SchemaProps: spec.SchemaProps{ - Description: "description is the human-readable description of the last operation.", - Type: []string{"string"}, - Format: "", - }, - }, - "lastUpdated": { - SchemaProps: spec.SchemaProps{ - Description: "lastUpdated is the timestamp at which LastOperation API was last-updated.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), - }, - }, - "state": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "state is the current status of the last performed operation. E.g. Processing, Failed, Successful etc", + Description: "name of the filter. Filter names are case-sensitive.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "type": { + "values": { SchemaProps: spec.SchemaProps{ - Description: "type is the type of operation which was last performed. E.g. Create, Delete, Update etc", - Type: []string{"string"}, - Format: "", + Description: "values includes one or more filter values. Filter values are case-sensitive.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, }, + Required: []string{"name"}, }, }, - Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, } } -func schema_openshift_api_machine_v1beta1_LifecycleHook(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_GCPDisk(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "LifecycleHook represents a single instance of a lifecycle hook", + Description: "GCPDisk describes disks for GCP.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "autoDelete": { SchemaProps: spec.SchemaProps{ - Description: "name defines a unique name for the lifcycle hook. The name should be unique and descriptive, ideally 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. Names must be unique and should only be managed by a single entity.", + Description: "autoDelete indicates if the disk will be auto-deleted when the instance is deleted (default false).", + Default: false, + Type: []string{"boolean"}, + Format: "", + }, + }, + "boot": { + SchemaProps: spec.SchemaProps{ + Description: "boot indicates if this is a boot disk (default false).", + Default: false, + Type: []string{"boolean"}, + Format: "", + }, + }, + "sizeGb": { + SchemaProps: spec.SchemaProps{ + Description: "sizeGb is the size of the disk (in GB).", + Default: 0, + Type: []string{"integer"}, + Format: "int64", + }, + }, + "type": { + SchemaProps: spec.SchemaProps{ + Description: "type is the type of the disk (eg: pd-standard).", Default: "", Type: []string{"string"}, Format: "", }, }, - "owner": { + "image": { SchemaProps: spec.SchemaProps{ - Description: "owner defines the owner of the lifecycle hook. This should be descriptive enough so that users can identify who/what is responsible for blocking the lifecycle. This could be the name of a controller (e.g. clusteroperator/etcd) or an administrator managing the hook.", + Description: "image is the source image to create this disk.", Default: "", Type: []string{"string"}, Format: "", }, }, + "labels": { + SchemaProps: spec.SchemaProps{ + Description: "labels list of labels to apply to the disk.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "encryptionKey": { + SchemaProps: spec.SchemaProps{ + Description: "encryptionKey is the customer-supplied encryption key of the disk.", + Ref: ref("github.com/openshift/api/machine/v1beta1.GCPEncryptionKeyReference"), + }, + }, }, - Required: []string{"name", "owner"}, + Required: []string{"autoDelete", "boot", "sizeGb", "type", "image", "labels"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.GCPEncryptionKeyReference"}, } } -func schema_openshift_api_machine_v1beta1_LifecycleHooks(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_GCPEncryptionKeyReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "LifecycleHooks allow users to pause operations on the machine at certain prefedined points within the machine lifecycle.", + Description: "GCPEncryptionKeyReference describes the encryptionKey to use for a disk's encryption.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "preDrain": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, - }, + "kmsKey": { SchemaProps: spec.SchemaProps{ - Description: "preDrain hooks prevent the machine from being drained. This also blocks further lifecycle events, such as termination.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.LifecycleHook"), - }, - }, - }, + Description: "KMSKeyName is the reference KMS key, in the format", + Ref: ref("github.com/openshift/api/machine/v1beta1.GCPKMSKeyReference"), }, }, - "preTerminate": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, - }, + "kmsKeyServiceAccount": { SchemaProps: spec.SchemaProps{ - Description: "preTerminate hooks prevent the machine from being terminated. PreTerminate hooks be actioned after the Machine has been drained.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.LifecycleHook"), - }, - }, - }, + Description: "kmsKeyServiceAccount is the service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. See https://cloud.google.com/compute/docs/access/service-accounts#compute_engine_service_account for details on the default service account.", + Type: []string{"string"}, + Format: "", }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.LifecycleHook"}, + "github.com/openshift/api/machine/v1beta1.GCPKMSKeyReference"}, } } -func schema_openshift_api_machine_v1beta1_LoadBalancerReference(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_GCPGPUConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "LoadBalancerReference is a reference to a load balancer on AWS.", + Description: "GCPGPUConfig describes type and count of GPUs attached to the instance on GCP.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "count": { SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Description: "count is the number of GPUs to be attached to an instance.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, "type": { SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Description: "type is the type of GPU to be attached to an instance. Supported GPU types are: nvidia-tesla-k80, nvidia-tesla-p100, nvidia-tesla-v100, nvidia-tesla-p4, nvidia-tesla-t4", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"name", "type"}, + Required: []string{"count", "type"}, }, }, } } -func schema_openshift_api_machine_v1beta1_Machine(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_GCPKMSKeyReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "Machine is the Schema for the machines API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "GCPKMSKeyReference gathers required fields for looking up a GCP KMS Key", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "name is the name of the customer managed encryption key to be used for the disk encryption.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "keyRing": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "keyRing is the name of the KMS Key Ring which the KMS Key belongs to.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), - }, - }, - "spec": { + "projectID": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.MachineSpec"), + Description: "projectID is the ID of the Project in which the KMS Key Ring exists. Defaults to the VM ProjectID if not set.", + Type: []string{"string"}, + Format: "", }, }, - "status": { + "location": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.MachineStatus"), + Description: "location is the GCP location in which the Key Ring exists.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, + Required: []string{"name", "keyRing", "location"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.MachineSpec", "github.com/openshift/api/machine/v1beta1.MachineStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, } } -func schema_openshift_api_machine_v1beta1_MachineHealthCheck(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_GCPMachineProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MachineHealthCheck is the Schema for the machinehealthchecks API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "GCPMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an GCP virtual machine. It is used by the GCP machine actuator to create a single Machine. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -43073,250 +43716,259 @@ func schema_openshift_api_machine_v1beta1_MachineHealthCheck(ref common.Referenc SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, - "spec": { + "userDataSecret": { SchemaProps: spec.SchemaProps{ - Description: "Specification of machine health check policy", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.MachineHealthCheckSpec"), + Description: "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, - "status": { + "credentialsSecret": { SchemaProps: spec.SchemaProps{ - Description: "Most recently observed status of MachineHealthCheck resource", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.MachineHealthCheckStatus"), + Description: "credentialsSecret is a reference to the secret with GCP credentials.", + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.MachineHealthCheckSpec", "github.com/openshift/api/machine/v1beta1.MachineHealthCheckStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, - } -} - -func schema_openshift_api_machine_v1beta1_MachineHealthCheckList(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "MachineHealthCheckList contains a list of MachineHealthCheck Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { + "canIPForward": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, + Description: "canIPForward Allows this instance to send and receive packets with non-matching destination or source IPs. This is required if you plan to use this instance to forward routes.", + Default: false, + Type: []string{"boolean"}, Format: "", }, }, - "apiVersion": { + "deletionProtection": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, + Description: "deletionProtection whether the resource should be protected against deletion.", + Default: false, + Type: []string{"boolean"}, Format: "", }, }, - "metadata": { + "disks": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Description: "disks is a list of disks to be attached to the VM.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/openshift/api/machine/v1beta1.GCPDisk"), + }, + }, + }, }, }, - "items": { + "labels": { SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, + Description: "labels list of labels to apply to the VM.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "gcpMetadata": { + SchemaProps: spec.SchemaProps{ + Description: "Metadata key/value pairs to apply to the VM.", + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.MachineHealthCheck"), + Ref: ref("github.com/openshift/api/machine/v1beta1.GCPMetadata"), }, }, }, }, }, - }, - Required: []string{"items"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.MachineHealthCheck", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, - } -} - -func schema_openshift_api_machine_v1beta1_MachineHealthCheckSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "MachineHealthCheckSpec defines the desired state of MachineHealthCheck", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "selector": { + "networkInterfaces": { SchemaProps: spec.SchemaProps{ - Description: "Label selector to match machines whose health will be exercised. Note: An empty selector will match all machines.", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Description: "networkInterfaces is a list of network interfaces to be attached to the VM.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/openshift/api/machine/v1beta1.GCPNetworkInterface"), + }, + }, + }, }, }, - "unhealthyConditions": { + "serviceAccounts": { SchemaProps: spec.SchemaProps{ - Description: "unhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy.", + Description: "serviceAccounts is a list of GCP service accounts to be used by the VM.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.UnhealthyCondition"), + Ref: ref("github.com/openshift/api/machine/v1beta1.GCPServiceAccount"), }, }, }, }, }, - "maxUnhealthy": { + "tags": { SchemaProps: spec.SchemaProps{ - Description: "Any farther remediation is only allowed if at most \"MaxUnhealthy\" machines selected by \"selector\" are not healthy. Expects either a postive integer value or a percentage value. Percentage values must be positive whole numbers and are capped at 100%. Both 0 and 0% are valid and will block all remediation. Defaults to 100% if not set.", - Ref: ref("k8s.io/apimachinery/pkg/util/intstr.IntOrString"), + Description: "tags list of network tags to apply to the VM.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "nodeStartupTimeout": { + "targetPools": { SchemaProps: spec.SchemaProps{ - Description: "Machines older than this duration without a node will be considered to have failed and will be remediated. To prevent Machines without Nodes from being removed, disable startup checks by setting this value explicitly to \"0\". Expects an unsigned duration string of decimal numbers each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Description: "targetPools are used for network TCP/UDP load balancing. A target pool references member instances, an associated legacy HttpHealthCheck resource, and, optionally, a backup target pool", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "remediationTemplate": { + "machineType": { SchemaProps: spec.SchemaProps{ - Description: "remediationTemplate is a reference to a remediation template provided by an infrastructure provider.\n\nThis field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Machine API Operator.", - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Description: "machineType is the machine type to use for the VM.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - }, - Required: []string{"selector", "unhealthyConditions"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.UnhealthyCondition", "k8s.io/api/core/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.Duration", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector", "k8s.io/apimachinery/pkg/util/intstr.IntOrString"}, - } -} - -func schema_openshift_api_machine_v1beta1_MachineHealthCheckStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "MachineHealthCheckStatus defines the observed state of MachineHealthCheck", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "expectedMachines": { + "region": { SchemaProps: spec.SchemaProps{ - Description: "total number of machines counted by this machine health check", - Type: []string{"integer"}, - Format: "int32", + Description: "region is the region in which the GCP machine provider will create the VM.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "currentHealthy": { + "zone": { SchemaProps: spec.SchemaProps{ - Description: "total number of machines counted by this machine health check", - Type: []string{"integer"}, - Format: "int32", + Description: "zone is the zone in which the GCP machine provider will create the VM.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "remediationsAllowed": { + "projectID": { SchemaProps: spec.SchemaProps{ - Description: "remediationsAllowed is the number of further remediations allowed by this machine health check before maxUnhealthy short circuiting will be applied", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Description: "projectID is the project in which the GCP machine provider will create the VM.", + Type: []string{"string"}, + Format: "", }, }, - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", - }, - "x-kubernetes-list-type": "map", - }, - }, + "gpus": { SchemaProps: spec.SchemaProps{ - Description: "conditions defines the current state of the MachineHealthCheck", + Description: "gpus is a list of GPUs to be attached to the VM.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.Condition"), + Ref: ref("github.com/openshift/api/machine/v1beta1.GCPGPUConfig"), }, }, }, }, }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.Condition"}, - } -} - -func schema_openshift_api_machine_v1beta1_MachineList(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "MachineList contains a list of Machine Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { + "preemptible": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "preemptible indicates if created instance is preemptible.", + Type: []string{"boolean"}, + Format: "", + }, + }, + "provisioningModel": { + SchemaProps: spec.SchemaProps{ + Description: "provisioningModel is an optional field that determines the provisioning model for the GCP machine instance. Valid values are \"Spot\" and omitted. When set to Spot, the instance runs as a Google Cloud Spot instance which provides significant cost savings but may be preempted by Google Cloud Platform when resources are needed elsewhere. When omitted, the machine will be provisioned as a standard on-demand instance. This field cannot be used together with the preemptible field.", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "onHostMaintenance": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "onHostMaintenance determines the behavior when a maintenance event occurs that might cause the instance to reboot. This is required to be set to \"Terminate\" if you want to provision machine with attached GPUs. Otherwise, allowed values are \"Migrate\" and \"Terminate\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is \"Migrate\".", Type: []string{"string"}, Format: "", }, }, - "metadata": { + "restartPolicy": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Description: "restartPolicy determines the behavior when an instance crashes or the underlying infrastructure provider stops the instance as part of a maintenance event (default \"Always\"). Cannot be \"Always\" with preemptible instances. Otherwise, allowed values are \"Always\" and \"Never\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is \"Always\". RestartPolicy represents AutomaticRestart in GCP compute api", + Type: []string{"string"}, + Format: "", + }, + }, + "shieldedInstanceConfig": { + SchemaProps: spec.SchemaProps{ + Description: "shieldedInstanceConfig is the Shielded VM configuration for the VM", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref("github.com/openshift/api/machine/v1beta1.GCPShieldedInstanceConfig"), }, }, - "items": { + "confidentialCompute": { SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, + Description: "confidentialCompute is an optional field defining whether the instance should have confidential compute enabled or not, and the confidential computing technology of choice. Allowed values are omitted, Disabled, Enabled, AMDEncryptedVirtualization, AMDEncryptedVirtualizationNestedPaging, and IntelTrustedDomainExtensions When set to Disabled, the machine will not be configured to be a confidential computing instance. When set to Enabled, the machine will be configured as a confidential computing instance with no preference on the confidential compute policy used. In this mode, the platform chooses a default that is subject to change over time. Currently, the default is to use AMD Secure Encrypted Virtualization. When set to AMDEncryptedVirtualization, the machine will be configured as a confidential computing instance with AMD Secure Encrypted Virtualization (AMD SEV) as the confidential computing technology. When set to AMDEncryptedVirtualizationNestedPaging, the machine will be configured as a confidential computing instance with AMD Secure Encrypted Virtualization Secure Nested Paging (AMD SEV-SNP) as the confidential computing technology. When set to IntelTrustedDomainExtensions, the machine will be configured as a confidential computing instance with Intel Trusted Domain Extensions (Intel TDX) as the confidential computing technology. If any value other than Disabled is set the selected machine type must support that specific confidential computing technology. The machine series supporting confidential computing technologies can be checked at https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations#all-confidential-vm-instances Currently, AMDEncryptedVirtualization is supported in c2d, n2d, and c3d machines. AMDEncryptedVirtualizationNestedPaging is supported in n2d machines. IntelTrustedDomainExtensions is supported in c3 machines. If any value other than Disabled is set, the selected region must support that specific confidential computing technology. The list of regions supporting confidential computing technologies can be checked at https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations#supported-zones If any value other than Disabled is set onHostMaintenance is required to be set to \"Terminate\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled.", + Type: []string{"string"}, + Format: "", + }, + }, + "resourceManagerTags": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "key", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "resourceManagerTags is an optional list of tags to apply to the GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.Machine"), + Ref: ref("github.com/openshift/api/machine/v1beta1.ResourceManagerTag"), }, }, }, }, }, }, - Required: []string{"items"}, + Required: []string{"canIPForward", "deletionProtection", "serviceAccounts", "machineType", "region", "zone"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.Machine", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/machine/v1beta1.GCPDisk", "github.com/openshift/api/machine/v1beta1.GCPGPUConfig", "github.com/openshift/api/machine/v1beta1.GCPMetadata", "github.com/openshift/api/machine/v1beta1.GCPNetworkInterface", "github.com/openshift/api/machine/v1beta1.GCPServiceAccount", "github.com/openshift/api/machine/v1beta1.GCPShieldedInstanceConfig", "github.com/openshift/api/machine/v1beta1.ResourceManagerTag", corev1.LocalObjectReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1beta1_MachineSet(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_GCPMachineProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MachineSet ensures that a specified number of machines replicas are running at any given time. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "GCPMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains GCP-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -43334,760 +43986,706 @@ func schema_openshift_api_machine_v1beta1_MachineSet(ref common.ReferenceCallbac }, }, "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), - }, - }, - "spec": { - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.MachineSetSpec"), - }, - }, - "status": { SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.MachineSetStatus"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.MachineSetSpec", "github.com/openshift/api/machine/v1beta1.MachineSetStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, - } -} - -func schema_openshift_api_machine_v1beta1_MachineSetList(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "MachineSetList contains a list of MachineSet Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { + "instanceId": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "instanceId is the ID of the instance in GCP", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "instanceState": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "instanceState is the provisioning state of the GCP Instance.", Type: []string{"string"}, Format: "", }, }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + }, }, - }, - "items": { SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, + Description: "conditions is a set of conditions associated with the Machine to indicate errors or other status", + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.MachineSet"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, }, }, }, - Required: []string{"items"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.MachineSet", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + metav1.Condition{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1beta1_MachineSetSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_GCPMetadata(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MachineSetSpec defines the desired state of MachineSet", + Description: "GCPMetadata describes metadata for GCP.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "replicas": { + "key": { SchemaProps: spec.SchemaProps{ - Description: "replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1.", - Type: []string{"integer"}, - Format: "int32", + Description: "key is the metadata key.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "minReadySeconds": { + "value": { SchemaProps: spec.SchemaProps{ - Description: "minReadySeconds is the minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready)", - Type: []string{"integer"}, - Format: "int32", + Description: "value is the metadata value.", + Type: []string{"string"}, + Format: "", }, }, - "deletePolicy": { + }, + Required: []string{"key", "value"}, + }, + }, + } +} + +func schema_openshift_api_machine_v1beta1_GCPNetworkInterface(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "GCPNetworkInterface describes network interfaces for GCP", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "publicIP": { SchemaProps: spec.SchemaProps{ - Description: "deletePolicy defines the policy used to identify nodes to delete when downscaling. Defaults to \"Random\". Valid values are \"Random, \"Newest\", \"Oldest\"", - Type: []string{"string"}, + Description: "publicIP indicates if true a public IP will be used", + Type: []string{"boolean"}, Format: "", }, }, - "selector": { + "network": { SchemaProps: spec.SchemaProps{ - Description: "selector is a label query over machines that should match the replica count. Label keys and values that must match in order to be controlled by this MachineSet. It must match the machine template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Description: "network is the network name.", + Type: []string{"string"}, + Format: "", }, }, - "template": { + "projectID": { SchemaProps: spec.SchemaProps{ - Description: "template is the object that describes the machine that will be created if insufficient replicas are detected.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.MachineTemplateSpec"), + Description: "projectID is the project in which the GCP machine provider will create the VM.", + Type: []string{"string"}, + Format: "", }, }, - "authoritativeAPI": { + "subnetwork": { SchemaProps: spec.SchemaProps{ - Description: "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI and ClusterAPI. When set to MachineAPI, writes to the spec of the machine.openshift.io copy of this resource will be reflected into the cluster.x-k8s.io copy. When set to ClusterAPI, writes to the spec of the cluster.x-k8s.io copy of this resource will be reflected into the machine.openshift.io copy. Updates to the status will be reflected in both copies of the resource, based on the controller implementing the functionality of the API. Currently the authoritative API determines which controller will manage the resource, this will change in a future release. To ensure the change has been accepted, please verify that the `status.authoritativeAPI` field has been updated to the desired value and that the `Synchronized` condition is present and set to `True`.", - Default: "MachineAPI", + Description: "subnetwork is the subnetwork name.", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"selector"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.MachineTemplateSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, } } -func schema_openshift_api_machine_v1beta1_MachineSetStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_GCPServiceAccount(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MachineSetStatus defines the observed state of MachineSet", + Description: "GCPServiceAccount describes service accounts for GCP.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "replicas": { - SchemaProps: spec.SchemaProps{ - Description: "replicas is the most recently observed number of replicas.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", - }, - }, - "fullyLabeledReplicas": { - SchemaProps: spec.SchemaProps{ - Description: "The number of replicas that have labels matching the labels of the machine template of the MachineSet.", - Type: []string{"integer"}, - Format: "int32", - }, - }, - "readyReplicas": { - SchemaProps: spec.SchemaProps{ - Description: "The number of ready replicas for this MachineSet. A machine is considered ready when the node has been created and is \"Ready\".", - Type: []string{"integer"}, - Format: "int32", - }, - }, - "availableReplicas": { + "email": { SchemaProps: spec.SchemaProps{ - Description: "The number of available replicas (ready for at least minReadySeconds) for this MachineSet.", - Type: []string{"integer"}, - Format: "int32", + Description: "email is the service account email.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "observedGeneration": { + "scopes": { SchemaProps: spec.SchemaProps{ - Description: "observedGeneration reflects the generation of the most recently observed MachineSet.", - Type: []string{"integer"}, - Format: "int64", + Description: "scopes list of scopes to be assigned to the service account.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, - "errorReason": { + }, + Required: []string{"email", "scopes"}, + }, + }, + } +} + +func schema_openshift_api_machine_v1beta1_GCPShieldedInstanceConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "GCPShieldedInstanceConfig describes the shielded VM configuration of the instance on GCP. Shielded VM configuration allow users to enable and disable Secure Boot, vTPM, and Integrity Monitoring.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "secureBoot": { SchemaProps: spec.SchemaProps{ - Description: "In the event that there is a terminal problem reconciling the replicas, both ErrorReason and ErrorMessage will be set. ErrorReason will be populated with a succinct value suitable for machine interpretation, while ErrorMessage will contain a more verbose string suitable for logging and human consumption.\n\nThese fields should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the MachineTemplate's spec or the configuration of the machine controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the machine controller, or the responsible machine controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines can be added as events to the MachineSet object and/or logged in the controller's output.", + Description: "secureBoot Defines whether the instance should have secure boot enabled. Secure Boot verify the digital signature of all boot components, and halting the boot process if signature verification fails. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled.", Type: []string{"string"}, Format: "", }, }, - "errorMessage": { - SchemaProps: spec.SchemaProps{ - Type: []string{"string"}, - Format: "", - }, - }, - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", - }, - "x-kubernetes-list-type": "map", - }, - }, + "virtualizedTrustedPlatformModule": { SchemaProps: spec.SchemaProps{ - Description: "conditions defines the current state of the MachineSet", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.Condition"), - }, - }, - }, + Description: "virtualizedTrustedPlatformModule enable virtualized trusted platform module measurements to create a known good boot integrity policy baseline. The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. This is required to be set to \"Enabled\" if IntegrityMonitoring is enabled. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled.", + Type: []string{"string"}, + Format: "", }, }, - "authoritativeAPI": { + "integrityMonitoring": { SchemaProps: spec.SchemaProps{ - Description: "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI, ClusterAPI and Migrating. This value is updated by the migration controller to reflect the authoritative API. Machine API and Cluster API controllers use this value to determine whether or not to reconcile the resource. When set to Migrating, the migration controller is currently performing the handover of authority from one API to the other.", + Description: "integrityMonitoring determines whether the instance should have integrity monitoring that verify the runtime boot integrity. Compares the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled.", Type: []string{"string"}, Format: "", }, }, - "synchronizedAPI": { + }, + }, + }, + } +} + +func schema_openshift_api_machine_v1beta1_HostPlacement(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "HostPlacement is the type that will be used to configure the placement of AWS instances.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "affinity": { SchemaProps: spec.SchemaProps{ - Description: "synchronizedAPI holds the last stable value of authoritativeAPI. It is used to detect migration cancellation requests and to restore the resource to its previous state. Valid values are \"MachineAPI\" and \"ClusterAPI\". When omitted, the resource has not yet been reconciled by the migration controller.", + Description: "affinity specifies the affinity setting for the instance. Allowed values are AnyAvailable and DedicatedHost. When Affinity is set to DedicatedHost, an instance started onto a specific host always restarts on the same host if stopped. In this scenario, the `dedicatedHost` field must be set. When Affinity is set to AnyAvailable, and you stop and restart the instance, it can be restarted on any available host. When Affinity is set to AnyAvailable and the `dedicatedHost` field is defined, it runs on specified Dedicated Host, but may move if stopped.", Type: []string{"string"}, Format: "", }, }, - "synchronizedGeneration": { + "dedicatedHost": { SchemaProps: spec.SchemaProps{ - Description: "synchronizedGeneration is the generation of the authoritative resource that the non-authoritative resource is synchronised with. This field is set when the authoritative resource is updated and the sync controller has updated the non-authoritative resource to match.", - Type: []string{"integer"}, - Format: "int64", + Description: "dedicatedHost specifies the exact host that an instance should be restarted on if stopped. dedicatedHost is required when 'affinity' is set to DedicatedHost, and optional otherwise.", + Ref: ref("github.com/openshift/api/machine/v1beta1.DedicatedHost"), + }, + }, + }, + Required: []string{"affinity"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "affinity", + "fields-to-discriminateBy": map[string]interface{}{ + "dedicatedHost": "DedicatedHost", + }, }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.Condition"}, + "github.com/openshift/api/machine/v1beta1.DedicatedHost"}, } } -func schema_openshift_api_machine_v1beta1_MachineSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_Image(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MachineSpec defines the desired state of Machine", + Description: "Image is a mirror of azure sdk compute.ImageReference", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "metadata": { + "publisher": { SchemaProps: spec.SchemaProps{ - Description: "ObjectMeta will autopopulate the Node created. Use this to indicate what labels, annotations, name prefix, etc., should be used when creating the Node.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.ObjectMeta"), + Description: "publisher is the name of the organization that created the image", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "lifecycleHooks": { + "offer": { SchemaProps: spec.SchemaProps{ - Description: "lifecycleHooks allow users to pause operations on the machine at certain predefined points within the machine lifecycle.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.LifecycleHooks"), + Description: "offer specifies the name of a group of related images created by the publisher. For example, UbuntuServer, WindowsServer", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "taints": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, + "sku": { SchemaProps: spec.SchemaProps{ - Description: "The list of the taints to be applied to the corresponding Node in additive manner. This list will not overwrite any other taints added to the Node on an ongoing basis by other entities. These taints should be actively reconciled e.g. if you ask the machine controller to apply a taint and then manually remove the taint the machine controller will put it back) but not have the machine controller remove any taints", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.Taint"), - }, - }, - }, + Description: "sku specifies an instance of an offer, such as a major release of a distribution. For example, 18.04-LTS, 2019-Datacenter", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "providerSpec": { + "version": { SchemaProps: spec.SchemaProps{ - Description: "providerSpec details Provider-specific configuration to use during node creation.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.ProviderSpec"), + Description: "version specifies the version of an image sku. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "providerID": { + "resourceID": { SchemaProps: spec.SchemaProps{ - Description: "providerID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider.", + Description: "resourceID specifies an image to use by ID", + Default: "", Type: []string{"string"}, Format: "", }, }, - "authoritativeAPI": { + "type": { SchemaProps: spec.SchemaProps{ - Description: "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI and ClusterAPI. When set to MachineAPI, writes to the spec of the machine.openshift.io copy of this resource will be reflected into the cluster.x-k8s.io copy. When set to ClusterAPI, writes to the spec of the cluster.x-k8s.io copy of this resource will be reflected into the machine.openshift.io copy. Updates to the status will be reflected in both copies of the resource, based on the controller implementing the functionality of the API. Currently the authoritative API determines which controller will manage the resource, this will change in a future release. To ensure the change has been accepted, please verify that the `status.authoritativeAPI` field has been updated to the desired value and that the `Synchronized` condition is present and set to `True`.", - Default: "MachineAPI", + Description: "type identifies the source of the image and related information, such as purchase plans. Valid values are \"ID\", \"MarketplaceWithPlan\", \"MarketplaceNoPlan\", and omitted, which means no opinion and the platform chooses a good default which may change over time. Currently that default is \"MarketplaceNoPlan\" if publisher data is supplied, or \"ID\" if not. For more information about purchase plans, see: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/cli-ps-findimage#check-the-purchase-plan-information", Type: []string{"string"}, Format: "", }, }, }, + Required: []string{"publisher", "offer", "sku", "version", "resourceID"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.LifecycleHooks", "github.com/openshift/api/machine/v1beta1.ObjectMeta", "github.com/openshift/api/machine/v1beta1.ProviderSpec", "k8s.io/api/core/v1.Taint"}, } } -func schema_openshift_api_machine_v1beta1_MachineStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_LastOperation(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MachineStatus defines the observed state of Machine", + Description: "LastOperation represents the detail of the last performed operation on the MachineObject.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "nodeRef": { + "description": { SchemaProps: spec.SchemaProps{ - Description: "nodeRef will point to the corresponding Node if it exists.", - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Description: "description is the human-readable description of the last operation.", + Type: []string{"string"}, + Format: "", }, }, "lastUpdated": { SchemaProps: spec.SchemaProps{ - Description: "lastUpdated identifies when this status was last observed.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Description: "lastUpdated is the timestamp at which LastOperation API was last-updated.", + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, - "errorReason": { + "state": { SchemaProps: spec.SchemaProps{ - Description: "errorReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation.\n\nThis field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", + Description: "state is the current status of the last performed operation. E.g. Processing, Failed, Successful etc", Type: []string{"string"}, Format: "", }, }, - "errorMessage": { + "type": { SchemaProps: spec.SchemaProps{ - Description: "errorMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption.\n\nThis field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", + Description: "type is the type of operation which was last performed. E.g. Create, Delete, Update etc", Type: []string{"string"}, Format: "", }, }, - "providerStatus": { + }, + }, + }, + Dependencies: []string{ + metav1.Time{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_machine_v1beta1_LifecycleHook(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "LifecycleHook represents a single instance of a lifecycle hook", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { SchemaProps: spec.SchemaProps{ - Description: "providerStatus details a Provider-specific status. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Description: "name defines a unique name for the lifcycle hook. The name should be unique and descriptive, ideally 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. Names must be unique and should only be managed by a single entity.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "addresses": { + "owner": { + SchemaProps: spec.SchemaProps{ + Description: "owner defines the owner of the lifecycle hook. This should be descriptive enough so that users can identify who/what is responsible for blocking the lifecycle. This could be the name of a controller (e.g. clusteroperator/etcd) or an administrator managing the hook.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"name", "owner"}, + }, + }, + } +} + +func schema_openshift_api_machine_v1beta1_LifecycleHooks(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "LifecycleHooks allow users to pause operations on the machine at certain prefedined points within the machine lifecycle.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "preDrain": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", }, }, SchemaProps: spec.SchemaProps{ - Description: "addresses is a list of addresses assigned to the machine. Queried from cloud provider, if available.", + Description: "preDrain hooks prevent the machine from being drained. This also blocks further lifecycle events, such as termination.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.NodeAddress"), + Ref: ref("github.com/openshift/api/machine/v1beta1.LifecycleHook"), }, }, }, }, }, - "lastOperation": { - SchemaProps: spec.SchemaProps{ - Description: "lastOperation describes the last-operation performed by the machine-controller. This API should be useful as a history in terms of the latest operation performed on the specific machine. It should also convey the state of the latest-operation for example if it is still on-going, failed or completed successfully.", - Ref: ref("github.com/openshift/api/machine/v1beta1.LastOperation"), - }, - }, - "phase": { - SchemaProps: spec.SchemaProps{ - Description: "phase represents the current phase of machine actuation. One of: Failed, Provisioning, Provisioned, Running, Deleting", - Type: []string{"string"}, - Format: "", - }, - }, - "conditions": { + "preTerminate": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ "x-kubernetes-list-map-keys": []interface{}{ - "type", + "name", }, "x-kubernetes-list-type": "map", }, }, SchemaProps: spec.SchemaProps{ - Description: "conditions defines the current state of the Machine", + Description: "preTerminate hooks prevent the machine from being terminated. PreTerminate hooks be actioned after the Machine has been drained.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.Condition"), + Ref: ref("github.com/openshift/api/machine/v1beta1.LifecycleHook"), }, }, }, }, }, - "authoritativeAPI": { - SchemaProps: spec.SchemaProps{ - Description: "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI, ClusterAPI and Migrating. This value is updated by the migration controller to reflect the authoritative API. Machine API and Cluster API controllers use this value to determine whether or not to reconcile the resource. When set to Migrating, the migration controller is currently performing the handover of authority from one API to the other.", - Type: []string{"string"}, - Format: "", - }, - }, - "synchronizedAPI": { - SchemaProps: spec.SchemaProps{ - Description: "synchronizedAPI holds the last stable value of authoritativeAPI. It is used to detect migration cancellation requests and to restore the resource to its previous state. Valid values are \"MachineAPI\" and \"ClusterAPI\". When omitted, the resource has not yet been reconciled by the migration controller.", - Type: []string{"string"}, - Format: "", - }, - }, - "synchronizedGeneration": { - SchemaProps: spec.SchemaProps{ - Description: "synchronizedGeneration is the generation of the authoritative resource that the non-authoritative resource is synchronised with. This field is set when the authoritative resource is updated and the sync controller has updated the non-authoritative resource to match.", - Type: []string{"integer"}, - Format: "int64", - }, - }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.Condition", "github.com/openshift/api/machine/v1beta1.LastOperation", "k8s.io/api/core/v1.NodeAddress", "k8s.io/api/core/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.Time", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + "github.com/openshift/api/machine/v1beta1.LifecycleHook"}, } } -func schema_openshift_api_machine_v1beta1_MachineTemplateSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_LoadBalancerReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MachineTemplateSpec describes the data needed to create a Machine from a template", + Description: "LoadBalancerReference is a reference to a load balancer on AWS.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "metadata": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.ObjectMeta"), + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "spec": { + "type": { SchemaProps: spec.SchemaProps{ - Description: "Specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.MachineSpec"), + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, + Required: []string{"name", "type"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.MachineSpec", "github.com/openshift/api/machine/v1beta1.ObjectMeta"}, } } -func schema_openshift_api_machine_v1beta1_MetadataServiceOptions(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_Machine(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MetadataServiceOptions defines the options available to a user when configuring Instance Metadata Service (IMDS) Options.", + Description: "Machine is the Schema for the machines API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "authentication": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "authentication determines whether or not the host requires the use of authentication when interacting with the metadata service. When using authentication, this enforces v2 interaction method (IMDSv2) with the metadata service. When omitted, this means the user has no opinion and the value is left to the platform to choose a good default, which is subject to change over time. The current default is optional. At this point this field represents `HttpTokens` parameter from `InstanceMetadataOptionsRequest` structure in AWS EC2 API https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_InstanceMetadataOptionsRequest.html", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.MachineSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.MachineStatus"), + }, + }, }, }, }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.MachineSpec", "github.com/openshift/api/machine/v1beta1.MachineStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1beta1_NetworkDeviceSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_MachineHealthCheck(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "NetworkDeviceSpec defines the network configuration for a virtual machine's network device.", + Description: "MachineHealthCheck is the Schema for the machinehealthchecks API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "networkName": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "networkName is the name of the vSphere network or port group to which the network device will be connected, for example, port-group-1. When not provided, the vCenter API will attempt to select a default network. The available networks (port groups) can be listed using `govc ls 'network/*'`", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "gateway": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "gateway is an IPv4 or IPv6 address which represents the subnet gateway, for example, 192.168.1.1.", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - "ipAddrs": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "ipAddrs is a list of one or more IPv4 and/or IPv6 addresses and CIDR to assign to this device, for example, 192.168.1.100/24. IP addresses provided via ipAddrs are intended to allow explicit assignment of a machine's IP address. IP pool configurations provided via addressesFromPool, however, defer IP address assignment to an external controller. If both addressesFromPool and ipAddrs are empty or not defined, DHCP will be used to assign an IP address. If both ipAddrs and addressesFromPools are defined, the IP addresses associated with ipAddrs will be applied first followed by IP addresses from addressesFromPools.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, - "nameservers": { + "spec": { SchemaProps: spec.SchemaProps{ - Description: "nameservers is a list of IPv4 and/or IPv6 addresses used as DNS nameservers, for example, 8.8.8.8. a nameserver is not provided by a fulfilled IPAddressClaim. If DHCP is not the source of IP addresses for this network device, nameservers should include a valid nameserver.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "Specification of machine health check policy", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.MachineHealthCheckSpec"), }, }, - "addressesFromPools": { + "status": { SchemaProps: spec.SchemaProps{ - Description: "addressesFromPools is a list of references to IP pool types and instances which are handled by an external controller. addressesFromPool configurations provided via addressesFromPools defer IP address assignment to an external controller. IP addresses provided via ipAddrs, however, are intended to allow explicit assignment of a machine's IP address. If both addressesFromPool and ipAddrs are empty or not defined, DHCP will assign an IP address. If both ipAddrs and addressesFromPools are defined, the IP addresses associated with ipAddrs will be applied first followed by IP addresses from addressesFromPools.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.AddressesFromPool"), - }, - }, - }, + Description: "Most recently observed status of MachineHealthCheck resource", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.MachineHealthCheckStatus"), }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.AddressesFromPool"}, + "github.com/openshift/api/machine/v1beta1.MachineHealthCheckSpec", "github.com/openshift/api/machine/v1beta1.MachineHealthCheckStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1beta1_NetworkSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_MachineHealthCheckList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "NetworkSpec defines the virtual machine's network configuration.", + Description: "MachineHealthCheckList contains a list of MachineHealthCheck Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "devices": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "devices defines the virtual machine's network interfaces.", - Type: []string{"array"}, + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.NetworkDeviceSpec"), + Ref: ref("github.com/openshift/api/machine/v1beta1.MachineHealthCheck"), }, }, }, }, }, }, - Required: []string{"devices"}, + Required: []string{"items"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.NetworkDeviceSpec"}, + "github.com/openshift/api/machine/v1beta1.MachineHealthCheck", metav1.ListMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1beta1_OSDisk(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_MachineHealthCheckSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "MachineHealthCheckSpec defines the desired state of MachineHealthCheck", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "osType": { - SchemaProps: spec.SchemaProps{ - Description: "osType is the operating system type of the OS disk. Possible values include \"Linux\" and \"Windows\".", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "managedDisk": { - SchemaProps: spec.SchemaProps{ - Description: "managedDisk specifies the Managed Disk parameters for the OS disk.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.OSDiskManagedDiskParameters"), - }, - }, - "diskSizeGB": { - SchemaProps: spec.SchemaProps{ - Description: "diskSizeGB is the size in GB to assign to the data disk.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", - }, - }, - "diskSettings": { + "selector": { SchemaProps: spec.SchemaProps{ - Description: "diskSettings describe ephemeral disk settings for the os disk.", + Description: "Label selector to match machines whose health will be exercised. Note: An empty selector will match all machines.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.DiskSettings"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, - "cachingType": { + "unhealthyConditions": { SchemaProps: spec.SchemaProps{ - Description: "cachingType specifies the caching requirements. Possible values include: 'None', 'ReadOnly', 'ReadWrite'. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is `None`.", - Type: []string{"string"}, - Format: "", + Description: "unhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.UnhealthyCondition"), + }, + }, + }, }, }, - }, - Required: []string{"osType", "managedDisk", "diskSizeGB"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.DiskSettings", "github.com/openshift/api/machine/v1beta1.OSDiskManagedDiskParameters"}, - } -} - -func schema_openshift_api_machine_v1beta1_OSDiskManagedDiskParameters(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "OSDiskManagedDiskParameters is the parameters of a OSDisk managed disk.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "storageAccountType": { + "maxUnhealthy": { SchemaProps: spec.SchemaProps{ - Description: "storageAccountType is the storage account type to use. Possible values include \"Standard_LRS\", \"Premium_LRS\".", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "Any farther remediation is only allowed if at most \"MaxUnhealthy\" machines selected by \"selector\" are not healthy. Expects either a postive integer value or a percentage value. Percentage values must be positive whole numbers and are capped at 100%. Both 0 and 0% are valid and will block all remediation. Defaults to 100% if not set.", + Ref: ref(intstr.IntOrString{}.OpenAPIModelName()), }, }, - "diskEncryptionSet": { + "nodeStartupTimeout": { SchemaProps: spec.SchemaProps{ - Description: "diskEncryptionSet is the disk encryption set properties", - Ref: ref("github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters"), + Description: "Machines older than this duration without a node will be considered to have failed and will be remediated. To prevent Machines without Nodes from being removed, disable startup checks by setting this value explicitly to \"0\". Expects an unsigned duration string of decimal numbers each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".", + Ref: ref(metav1.Duration{}.OpenAPIModelName()), }, }, - "securityProfile": { + "remediationTemplate": { SchemaProps: spec.SchemaProps{ - Description: "securityProfile specifies the security profile for the managed disk.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.VMDiskSecurityProfile"), + Description: "remediationTemplate is a reference to a remediation template provided by an infrastructure provider.\n\nThis field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Machine API Operator.", + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, }, - Required: []string{"storageAccountType"}, + Required: []string{"selector", "unhealthyConditions"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters", "github.com/openshift/api/machine/v1beta1.VMDiskSecurityProfile"}, + "github.com/openshift/api/machine/v1beta1.UnhealthyCondition", corev1.ObjectReference{}.OpenAPIModelName(), metav1.Duration{}.OpenAPIModelName(), metav1.LabelSelector{}.OpenAPIModelName(), intstr.IntOrString{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1beta1_ObjectMeta(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_MachineHealthCheckStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. This is a copy of customizable fields from metav1.ObjectMeta.\n\nObjectMeta is embedded in `Machine.Spec`, `MachineDeployment.Template` and `MachineSet.Template`, which are not top-level Kubernetes objects. Given that metav1.ObjectMeta has lots of special cases and read-only fields which end up in the generated CRD validation, having it as a subset simplifies the API and some issues that can impact user experience.\n\nDuring the [upgrade to controller-tools@v2](https://github.com/kubernetes-sigs/cluster-api/pull/1054) for v1alpha2, we noticed a failure would occur running Cluster API test suite against the new CRDs, specifically `spec.metadata.creationTimestamp in body must be of type string: \"null\"`. The investigation showed that `controller-tools@v2` behaves differently than its previous version when handling types from [metav1](k8s.io/apimachinery/pkg/apis/meta/v1) package.\n\nIn more details, we found that embedded (non-top level) types that embedded `metav1.ObjectMeta` had validation properties, including for `creationTimestamp` (metav1.Time). The `metav1.Time` type specifies a custom json marshaller that, when IsZero() is true, returns `null` which breaks validation because the field isn't marked as nullable.\n\nIn future versions, controller-tools@v2 might allow overriding the type and validation for embedded types. When that happens, this hack should be revisited.", + Description: "MachineHealthCheckStatus defines the observed state of MachineHealthCheck", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { - SchemaProps: spec.SchemaProps{ - Description: "name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", - Type: []string{"string"}, - Format: "", - }, - }, - "generateName": { - SchemaProps: spec.SchemaProps{ - Description: "generateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", - Type: []string{"string"}, - Format: "", - }, - }, - "namespace": { + "expectedMachines": { SchemaProps: spec.SchemaProps{ - Description: "namespace defines the space within each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", - Type: []string{"string"}, - Format: "", + Description: "total number of machines counted by this machine health check", + Type: []string{"integer"}, + Format: "int32", }, }, - "labels": { - SchemaProps: spec.SchemaProps{ - Description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + "currentHealthy": { + SchemaProps: spec.SchemaProps{ + Description: "total number of machines counted by this machine health check", + Type: []string{"integer"}, + Format: "int32", }, }, - "annotations": { + "remediationsAllowed": { SchemaProps: spec.SchemaProps{ - Description: "annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", - Type: []string{"object"}, - AdditionalProperties: &spec.SchemaOrBool{ - Allows: true, - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, + Description: "remediationsAllowed is the number of further remediations allowed by this machine health check before maxUnhealthy short circuiting will be applied", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, - "ownerReferences": { + "conditions": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ "x-kubernetes-list-map-keys": []interface{}{ - "uid", + "type", }, - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "uid", - "x-kubernetes-patch-strategy": "merge", + "x-kubernetes-list-type": "map", }, }, SchemaProps: spec.SchemaProps{ - Description: "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", + Description: "conditions defines the current state of the MachineHealthCheck", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference"), + Ref: ref("github.com/openshift/api/machine/v1beta1.Condition"), }, }, }, @@ -44097,1300 +44695,1256 @@ func schema_openshift_api_machine_v1beta1_ObjectMeta(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference"}, + "github.com/openshift/api/machine/v1beta1.Condition"}, } } -func schema_openshift_api_machine_v1beta1_Placement(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_MachineList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "Placement indicates where to create the instance in AWS", + Description: "MachineList contains a list of Machine Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "region": { - SchemaProps: spec.SchemaProps{ - Description: "region is the region to use to create the instance", - Type: []string{"string"}, - Format: "", - }, - }, - "availabilityZone": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "availabilityZone is the availability zone of the instance", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "tenancy": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "tenancy indicates if instance should run on shared or single-tenant hardware. There are supported 3 options: default, dedicated and host. When set to default Runs on shared multi-tenant hardware. When dedicated Runs on single-tenant hardware (any dedicated instance hardware). When host and the host object is not provided: Runs on Dedicated Host; best-effort restart on same host. When `host` and `host` object is provided with affinity `dedicatedHost` defined: Runs on specified Dedicated Host.", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - "host": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "host configures placement on AWS Dedicated Hosts. This allows admins to assign instances to specific host for a variety of needs including for regulatory compliance, to leverage existing per-socket or per-core software licenses (BYOL), and to gain visibility and control over instance placement on a physical server. When omitted, the instance is not constrained to a dedicated host.", - Ref: ref("github.com/openshift/api/machine/v1beta1.HostPlacement"), + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.HostPlacement"}, - } -} - -func schema_openshift_api_machine_v1beta1_ProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ProviderSpec defines the configuration to use during node creation.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "value": { + "items": { SchemaProps: spec.SchemaProps{ - Description: "value is an inlined, serialized representation of the resource configuration. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field, akin to component config.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.Machine"), + }, + }, + }, }, }, }, + Required: []string{"items"}, }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + "github.com/openshift/api/machine/v1beta1.Machine", metav1.ListMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1beta1_ResourceManagerTag(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_MachineSet(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ResourceManagerTag is a tag to apply to GCP resources created for the cluster.", + Description: "MachineSet ensures that a specified number of machines replicas are running at any given time. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "parentID": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "parentID is the ID of the hierarchical resource where the tags are defined e.g. at the Organization or the Project level. To find the Organization or Project ID ref https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects An OrganizationID can have a maximum of 32 characters and must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.", - Default: "", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "key": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`.", - Default: "", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - "value": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, - }, - Required: []string{"parentID", "key", "value"}, - }, - }, - } -} - -func schema_openshift_api_machine_v1beta1_SecurityProfile(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "SecurityProfile specifies the Security profile settings for a virtual machine or virtual machine scale set.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "encryptionAtHost": { + "spec": { SchemaProps: spec.SchemaProps{ - Description: "encryptionAtHost indicates whether Host Encryption should be enabled or disabled for a virtual machine or virtual machine scale set. This should be disabled when SecurityEncryptionType is set to DiskWithVMGuestState. Default is disabled.", - Type: []string{"boolean"}, - Format: "", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.MachineSetSpec"), }, }, - "settings": { + "status": { SchemaProps: spec.SchemaProps{ - Description: "settings specify the security type and the UEFI settings of the virtual machine. This field can be set for Confidential VMs and Trusted Launch for VMs.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.SecuritySettings"), + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.MachineSetStatus"), }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.SecuritySettings"}, + "github.com/openshift/api/machine/v1beta1.MachineSetSpec", "github.com/openshift/api/machine/v1beta1.MachineSetStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1beta1_SecuritySettings(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_MachineSetList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "SecuritySettings define the security type and the UEFI settings of the virtual machine.", + Description: "MachineSetList contains a list of MachineSet Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "securityType": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "securityType specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UEFISettings. The default behavior is: UEFISettings will not be enabled unless this property is set.", - Default: "", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "confidentialVM": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "confidentialVM specifies the security configuration of the virtual machine. For more information regarding Confidential VMs, please refer to: https://learn.microsoft.com/azure/confidential-computing/confidential-vm-overview", - Ref: ref("github.com/openshift/api/machine/v1beta1.ConfidentialVM"), + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", }, }, - "trustedLaunch": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "trustedLaunch specifies the security configuration of the virtual machine. For more information regarding TrustedLaunch for VMs, please refer to: https://learn.microsoft.com/azure/virtual-machines/trusted-launch", - Ref: ref("github.com/openshift/api/machine/v1beta1.TrustedLaunch"), + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, - }, - Required: []string{"securityType"}, - }, - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-unions": []interface{}{ - map[string]interface{}{ - "discriminator": "securityType", - "fields-to-discriminateBy": map[string]interface{}{ - "confidentialVM": "ConfidentialVM", - "trustedLaunch": "TrustedLaunch", + "items": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.MachineSet"), + }, + }, }, }, }, }, + Required: []string{"items"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.ConfidentialVM", "github.com/openshift/api/machine/v1beta1.TrustedLaunch"}, - } -} - -func schema_openshift_api_machine_v1beta1_SpotMarketOptions(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "SpotMarketOptions defines the options available to a user when configuring Machines to run on Spot instances. Most users should provide an empty struct.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "maxPrice": { - SchemaProps: spec.SchemaProps{ - Description: "The maximum price the user is willing to pay for their instances Default: On-Demand price", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, + "github.com/openshift/api/machine/v1beta1.MachineSet", metav1.ListMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1beta1_SpotVMOptions(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_MachineSetSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "SpotVMOptions defines the options relevant to running the Machine on Spot VMs", + Description: "MachineSetSpec defines the desired state of MachineSet", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "maxPrice": { + "replicas": { SchemaProps: spec.SchemaProps{ - Description: "maxPrice defines the maximum price the user is willing to pay for Spot VM instances", - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Description: "replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1.", + Type: []string{"integer"}, + Format: "int32", }, }, - }, - }, - }, - Dependencies: []string{ - "k8s.io/apimachinery/pkg/api/resource.Quantity"}, - } -} - -func schema_openshift_api_machine_v1beta1_TagSpecification(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "TagSpecification is the name/value pair for a tag", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "name": { + "minReadySeconds": { SchemaProps: spec.SchemaProps{ - Description: "name of the tag", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "minReadySeconds is the minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready)", + Type: []string{"integer"}, + Format: "int32", }, }, - "value": { + "deletePolicy": { SchemaProps: spec.SchemaProps{ - Description: "value of the tag", - Default: "", + Description: "deletePolicy defines the policy used to identify nodes to delete when downscaling. Defaults to \"Random\". Valid values are \"Random, \"Newest\", \"Oldest\"", Type: []string{"string"}, Format: "", }, }, - }, - Required: []string{"name", "value"}, - }, - }, - } -} - -func schema_openshift_api_machine_v1beta1_TrustedLaunch(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "TrustedLaunch defines the UEFI settings for the virtual machine.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "uefiSettings": { + "selector": { SchemaProps: spec.SchemaProps{ - Description: "uefiSettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.", + Description: "selector is a label query over machines that should match the replica count. Label keys and values that must match in order to be controlled by this MachineSet. It must match the machine template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.UEFISettings"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, - }, - Required: []string{"uefiSettings"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.UEFISettings"}, - } -} - -func schema_openshift_api_machine_v1beta1_UEFISettings(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "UEFISettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "secureBoot": { + "template": { SchemaProps: spec.SchemaProps{ - Description: "secureBoot specifies whether secure boot should be enabled on the virtual machine. Secure Boot verifies the digital signature of all boot components and halts the boot process if signature verification fails. If omitted, the platform chooses a default, which is subject to change over time, currently that default is disabled.", - Type: []string{"string"}, - Format: "", + Description: "template is the object that describes the machine that will be created if insufficient replicas are detected.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.MachineTemplateSpec"), }, }, - "virtualizedTrustedPlatformModule": { + "authoritativeAPI": { SchemaProps: spec.SchemaProps{ - Description: "virtualizedTrustedPlatformModule specifies whether vTPM should be enabled on the virtual machine. When enabled the virtualized trusted platform module measurements are used to create a known good boot integrity policy baseline. The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. This is required to be enabled if SecurityEncryptionType is defined. If omitted, the platform chooses a default, which is subject to change over time, currently that default is disabled.", + Description: "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI and ClusterAPI. When set to MachineAPI, writes to the spec of the machine.openshift.io copy of this resource will be reflected into the cluster.x-k8s.io copy. When set to ClusterAPI, writes to the spec of the cluster.x-k8s.io copy of this resource will be reflected into the machine.openshift.io copy. Updates to the status will be reflected in both copies of the resource, based on the controller implementing the functionality of the API. Currently the authoritative API determines which controller will manage the resource, this will change in a future release. To ensure the change has been accepted, please verify that the `status.authoritativeAPI` field has been updated to the desired value and that the `Synchronized` condition is present and set to `True`.", + Default: "MachineAPI", Type: []string{"string"}, Format: "", }, }, }, + Required: []string{"selector"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.MachineTemplateSpec", metav1.LabelSelector{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1beta1_UnhealthyCondition(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_MachineSetStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "UnhealthyCondition represents a Node condition type and value with a timeout specified as a duration. When the named condition has been in the given status for at least the timeout value, a node is considered unhealthy.", + Description: "MachineSetStatus defines the observed state of MachineSet", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "type": { + "replicas": { SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Description: "replicas is the most recently observed number of replicas.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, - "status": { + "fullyLabeledReplicas": { SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Description: "The number of replicas that have labels matching the labels of the machine template of the MachineSet.", + Type: []string{"integer"}, + Format: "int32", }, }, - "timeout": { + "readyReplicas": { SchemaProps: spec.SchemaProps{ - Description: "Expects an unsigned duration string of decimal numbers each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Description: "The number of ready replicas for this MachineSet. A machine is considered ready when the node has been created and is \"Ready\".", + Type: []string{"integer"}, + Format: "int32", }, }, - }, - Required: []string{"type", "status", "timeout"}, - }, - }, - Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, - } -} - -func schema_openshift_api_machine_v1beta1_VMDiskSecurityProfile(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "VMDiskSecurityProfile specifies the security profile settings for the managed disk. It can be set only for Confidential VMs.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "diskEncryptionSet": { + "availableReplicas": { SchemaProps: spec.SchemaProps{ - Description: "diskEncryptionSet specifies the customer managed disk encryption set resource id for the managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and VMGuest blob.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters"), + Description: "The number of available replicas (ready for at least minReadySeconds) for this MachineSet.", + Type: []string{"integer"}, + Format: "int32", }, }, - "securityEncryptionType": { + "observedGeneration": { SchemaProps: spec.SchemaProps{ - Description: "securityEncryptionType specifies the encryption type of the managed disk. It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only. When set to VMGuestStateOnly, the vTPM should be enabled. When set to DiskWithVMGuestState, both SecureBoot and vTPM should be enabled. If the above conditions are not fulfilled, the VM will not be created and the respective error will be returned. It can be set only for Confidential VMs. Confidential VMs are defined by their SecurityProfile.SecurityType being set to ConfidentialVM, the SecurityEncryptionType of their OS disk being set to one of the allowed values and by enabling the respective SecurityProfile.UEFISettings of the VM (i.e. vTPM and SecureBoot), depending on the selected SecurityEncryptionType. For further details on Azure Confidential VMs, please refer to the respective documentation: https://learn.microsoft.com/azure/confidential-computing/confidential-vm-overview", - Type: []string{"string"}, - Format: "", + Description: "observedGeneration reflects the generation of the most recently observed MachineSet.", + Type: []string{"integer"}, + Format: "int64", }, }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters"}, - } -} - -func schema_openshift_api_machine_v1beta1_VSphereDisk(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "VSphereDisk describes additional disks for vSphere.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "name": { + "errorReason": { SchemaProps: spec.SchemaProps{ - Description: "name is used to identify the disk definition. name is required needs to be unique so that it can be used to clearly identify purpose of the disk. It must be at most 80 characters in length and must consist only of alphanumeric characters, hyphens and underscores, and must start and end with an alphanumeric character.", - Default: "", + Description: "In the event that there is a terminal problem reconciling the replicas, both ErrorReason and ErrorMessage will be set. ErrorReason will be populated with a succinct value suitable for machine interpretation, while ErrorMessage will contain a more verbose string suitable for logging and human consumption.\n\nThese fields should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the MachineTemplate's spec or the configuration of the machine controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the machine controller, or the responsible machine controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines can be added as events to the MachineSet object and/or logged in the controller's output.", Type: []string{"string"}, Format: "", }, }, - "sizeGiB": { + "errorMessage": { SchemaProps: spec.SchemaProps{ - Description: "sizeGiB is the size of the disk in GiB. The maximum supported size 16384 GiB.", - Default: 0, - Type: []string{"integer"}, - Format: "int32", + Type: []string{"string"}, + Format: "", }, }, - "provisioningMode": { + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "provisioningMode is an optional field that specifies the provisioning type to be used by this vSphere data disk. Allowed values are \"Thin\", \"Thick\", \"EagerlyZeroed\", and omitted. When set to Thin, the disk will be made using thin provisioning allocating the bare minimum space. When set to Thick, the full disk size will be allocated when disk is created. When set to EagerlyZeroed, the disk will be created using eager zero provisioning. An eager zeroed thick disk has all space allocated and wiped clean of any previous contents on the physical media at creation time. Such disks may take longer time during creation compared to other disk formats. When omitted, no setting will be applied to the data disk and the provisioning mode for the disk will be determined by the default storage policy configured for the datastore in vSphere.", + Description: "conditions defines the current state of the MachineSet", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.Condition"), + }, + }, + }, + }, + }, + "authoritativeAPI": { + SchemaProps: spec.SchemaProps{ + Description: "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI, ClusterAPI and Migrating. This value is updated by the migration controller to reflect the authoritative API. Machine API and Cluster API controllers use this value to determine whether or not to reconcile the resource. When set to Migrating, the migration controller is currently performing the handover of authority from one API to the other.", + Type: []string{"string"}, + Format: "", + }, + }, + "synchronizedAPI": { + SchemaProps: spec.SchemaProps{ + Description: "synchronizedAPI holds the last stable value of authoritativeAPI. It is used to detect migration cancellation requests and to restore the resource to its previous state. Valid values are \"MachineAPI\" and \"ClusterAPI\". When omitted, the resource has not yet been reconciled by the migration controller.", Type: []string{"string"}, Format: "", }, }, + "synchronizedGeneration": { + SchemaProps: spec.SchemaProps{ + Description: "synchronizedGeneration is the generation of the authoritative resource that the non-authoritative resource is synchronised with. This field is set when the authoritative resource is updated and the sync controller has updated the non-authoritative resource to match.", + Type: []string{"integer"}, + Format: "int64", + }, + }, }, - Required: []string{"name", "sizeGiB"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.Condition"}, } } -func schema_openshift_api_machine_v1beta1_VSphereMachineProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_MachineSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "VSphereMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an VSphere virtual machine. It is used by the vSphere machine actuator to create a single Machine. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "MachineSpec defines the desired state of Machine", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", + Description: "ObjectMeta will autopopulate the Node created. Use this to indicate what labels, annotations, name prefix, etc., should be used when creating the Node.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.ObjectMeta"), }, }, - "apiVersion": { + "lifecycleHooks": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", + Description: "lifecycleHooks allow users to pause operations on the machine at certain predefined points within the machine lifecycle.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.LifecycleHooks"), }, }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + "taints": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, }, - }, - "userDataSecret": { SchemaProps: spec.SchemaProps{ - Description: "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Description: "The list of the taints to be applied to the corresponding Node in additive manner. This list will not overwrite any other taints added to the Node on an ongoing basis by other entities. These taints should be actively reconciled e.g. if you ask the machine controller to apply a taint and then manually remove the taint the machine controller will put it back) but not have the machine controller remove any taints", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(corev1.Taint{}.OpenAPIModelName()), + }, + }, + }, }, }, - "credentialsSecret": { + "providerSpec": { SchemaProps: spec.SchemaProps{ - Description: "credentialsSecret is a reference to the secret with vSphere credentials.", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Description: "providerSpec details Provider-specific configuration to use during node creation.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.ProviderSpec"), }, }, - "template": { + "providerID": { SchemaProps: spec.SchemaProps{ - Description: "template is the name, inventory path, or instance UUID of the template used to clone new machines.", - Default: "", + Description: "providerID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider.", Type: []string{"string"}, Format: "", }, }, - "workspace": { + "authoritativeAPI": { SchemaProps: spec.SchemaProps{ - Description: "workspace describes the workspace to use for the machine.", - Ref: ref("github.com/openshift/api/machine/v1beta1.Workspace"), + Description: "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI and ClusterAPI. When set to MachineAPI, writes to the spec of the machine.openshift.io copy of this resource will be reflected into the cluster.x-k8s.io copy. When set to ClusterAPI, writes to the spec of the cluster.x-k8s.io copy of this resource will be reflected into the machine.openshift.io copy. Updates to the status will be reflected in both copies of the resource, based on the controller implementing the functionality of the API. Currently the authoritative API determines which controller will manage the resource, this will change in a future release. To ensure the change has been accepted, please verify that the `status.authoritativeAPI` field has been updated to the desired value and that the `Synchronized` condition is present and set to `True`.", + Default: "MachineAPI", + Type: []string{"string"}, + Format: "", }, }, - "network": { + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.LifecycleHooks", "github.com/openshift/api/machine/v1beta1.ObjectMeta", "github.com/openshift/api/machine/v1beta1.ProviderSpec", corev1.Taint{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_machine_v1beta1_MachineStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "MachineStatus defines the observed state of Machine", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "nodeRef": { SchemaProps: spec.SchemaProps{ - Description: "network is the network configuration for this machine's VM.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.NetworkSpec"), + Description: "nodeRef will point to the corresponding Node if it exists.", + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, - "numCPUs": { + "lastUpdated": { SchemaProps: spec.SchemaProps{ - Description: "numCPUs is the number of virtual processors in a virtual machine. Defaults to the analogue property value in the template from which this machine is cloned.", - Type: []string{"integer"}, - Format: "int32", + Description: "lastUpdated identifies when this status was last observed.", + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, - "numCoresPerSocket": { + "errorReason": { SchemaProps: spec.SchemaProps{ - Description: "NumCPUs is the number of cores among which to distribute CPUs in this virtual machine. Defaults to the analogue property value in the template from which this machine is cloned.", - Type: []string{"integer"}, - Format: "int32", + Description: "errorReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation.\n\nThis field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", + Type: []string{"string"}, + Format: "", }, }, - "memoryMiB": { + "errorMessage": { SchemaProps: spec.SchemaProps{ - Description: "memoryMiB is the size of a virtual machine's memory, in MiB. Defaults to the analogue property value in the template from which this machine is cloned.", - Type: []string{"integer"}, - Format: "int64", + Description: "errorMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption.\n\nThis field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", + Type: []string{"string"}, + Format: "", }, }, - "diskGiB": { + "providerStatus": { SchemaProps: spec.SchemaProps{ - Description: "diskGiB is the size of a virtual machine's disk, in GiB. Defaults to the analogue property value in the template from which this machine is cloned. This parameter will be ignored if 'LinkedClone' CloneMode is set.", - Type: []string{"integer"}, - Format: "int32", + Description: "providerStatus details a Provider-specific status. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field.", + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, - "tagIDs": { + "addresses": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ - Description: "tagIDs is an optional set of tags to add to an instance. Specified tagIDs must use URN-notation instead of display names. A maximum of 10 tag IDs may be specified.", + Description: "addresses is a list of addresses assigned to the machine. Queried from cloud provider, if available.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Default: map[string]interface{}{}, + Ref: ref(corev1.NodeAddress{}.OpenAPIModelName()), }, }, }, }, }, - "snapshot": { + "lastOperation": { SchemaProps: spec.SchemaProps{ - Description: "snapshot is the name of the snapshot from which the VM was cloned", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "lastOperation describes the last-operation performed by the machine-controller. This API should be useful as a history in terms of the latest operation performed on the specific machine. It should also convey the state of the latest-operation for example if it is still on-going, failed or completed successfully.", + Ref: ref("github.com/openshift/api/machine/v1beta1.LastOperation"), }, }, - "cloneMode": { + "phase": { SchemaProps: spec.SchemaProps{ - Description: "cloneMode specifies the type of clone operation. The LinkedClone mode is only support for templates that have at least one snapshot. If the template has no snapshots, then CloneMode defaults to FullClone. When LinkedClone mode is enabled the DiskGiB field is ignored as it is not possible to expand disks of linked clones. Defaults to FullClone. When using LinkedClone, if no snapshots exist for the source template, falls back to FullClone.", + Description: "phase represents the current phase of machine actuation. One of: Failed, Provisioning, Provisioned, Running, Deleting", Type: []string{"string"}, Format: "", }, }, - "dataDisks": { + "conditions": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ "x-kubernetes-list-map-keys": []interface{}{ - "name", + "type", }, "x-kubernetes-list-type": "map", }, }, SchemaProps: spec.SchemaProps{ - Description: "dataDisks is a list of non OS disks to be created and attached to the VM. The max number of disk allowed to be attached is currently 29. The max number of disks for any controller is 30, but VM template will always have OS disk so that will leave 29 disks on any controller type.", + Description: "conditions defines the current state of the Machine", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machine/v1beta1.VSphereDisk"), + Ref: ref("github.com/openshift/api/machine/v1beta1.Condition"), }, }, }, }, }, + "authoritativeAPI": { + SchemaProps: spec.SchemaProps{ + Description: "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI, ClusterAPI and Migrating. This value is updated by the migration controller to reflect the authoritative API. Machine API and Cluster API controllers use this value to determine whether or not to reconcile the resource. When set to Migrating, the migration controller is currently performing the handover of authority from one API to the other.", + Type: []string{"string"}, + Format: "", + }, + }, + "synchronizedAPI": { + SchemaProps: spec.SchemaProps{ + Description: "synchronizedAPI holds the last stable value of authoritativeAPI. It is used to detect migration cancellation requests and to restore the resource to its previous state. Valid values are \"MachineAPI\" and \"ClusterAPI\". When omitted, the resource has not yet been reconciled by the migration controller.", + Type: []string{"string"}, + Format: "", + }, + }, + "synchronizedGeneration": { + SchemaProps: spec.SchemaProps{ + Description: "synchronizedGeneration is the generation of the authoritative resource that the non-authoritative resource is synchronised with. This field is set when the authoritative resource is updated and the sync controller has updated the non-authoritative resource to match.", + Type: []string{"integer"}, + Format: "int64", + }, + }, }, - Required: []string{"template", "network"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machine/v1beta1.NetworkSpec", "github.com/openshift/api/machine/v1beta1.VSphereDisk", "github.com/openshift/api/machine/v1beta1.Workspace", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/machine/v1beta1.Condition", "github.com/openshift/api/machine/v1beta1.LastOperation", corev1.NodeAddress{}.OpenAPIModelName(), corev1.ObjectReference{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName(), runtime.RawExtension{}.OpenAPIModelName()}, } } -func schema_openshift_api_machine_v1beta1_VSphereMachineProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_MachineTemplateSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "VSphereMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains VSphere-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Description: "MachineTemplateSpec describes the data needed to create a Machine from a template", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "metadata": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", + Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.ObjectMeta"), }, }, - "apiVersion": { + "spec": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "Specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.MachineSpec"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.MachineSpec", "github.com/openshift/api/machine/v1beta1.ObjectMeta"}, + } +} + +func schema_openshift_api_machine_v1beta1_MetadataServiceOptions(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "MetadataServiceOptions defines the options available to a user when configuring Instance Metadata Service (IMDS) Options.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "authentication": { + SchemaProps: spec.SchemaProps{ + Description: "authentication determines whether or not the host requires the use of authentication when interacting with the metadata service. When using authentication, this enforces v2 interaction method (IMDSv2) with the metadata service. When omitted, this means the user has no opinion and the value is left to the platform to choose a good default, which is subject to change over time. The current default is optional. At this point this field represents `HttpTokens` parameter from `InstanceMetadataOptionsRequest` structure in AWS EC2 API https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_InstanceMetadataOptionsRequest.html", Type: []string{"string"}, Format: "", }, }, - "instanceId": { + }, + }, + }, + } +} + +func schema_openshift_api_machine_v1beta1_NetworkDeviceSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "NetworkDeviceSpec defines the network configuration for a virtual machine's network device.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "networkName": { SchemaProps: spec.SchemaProps{ - Description: "instanceId is the ID of the instance in VSphere", + Description: "networkName is the name of the vSphere network or port group to which the network device will be connected, for example, port-group-1. When not provided, the vCenter API will attempt to select a default network. The available networks (port groups) can be listed using `govc ls 'network/*'`", Type: []string{"string"}, Format: "", }, }, - "instanceState": { + "gateway": { SchemaProps: spec.SchemaProps{ - Description: "instanceState is the provisioning state of the VSphere Instance.", + Description: "gateway is an IPv4 or IPv6 address which represents the subnet gateway, for example, 192.168.1.1.", Type: []string{"string"}, Format: "", }, }, - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", + "ipAddrs": { + SchemaProps: spec.SchemaProps{ + Description: "ipAddrs is a list of one or more IPv4 and/or IPv6 addresses and CIDR to assign to this device, for example, 192.168.1.100/24. IP addresses provided via ipAddrs are intended to allow explicit assignment of a machine's IP address. IP pool configurations provided via addressesFromPool, however, defer IP address assignment to an external controller. If both addressesFromPool and ipAddrs are empty or not defined, DHCP will be used to assign an IP address. If both ipAddrs and addressesFromPools are defined, the IP addresses associated with ipAddrs will be applied first followed by IP addresses from addressesFromPools.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, }, - "x-kubernetes-list-type": "map", }, }, + }, + "nameservers": { SchemaProps: spec.SchemaProps{ - Description: "conditions is a set of conditions associated with the Machine to indicate errors or other status", + Description: "nameservers is a list of IPv4 and/or IPv6 addresses used as DNS nameservers, for example, 8.8.8.8. a nameserver is not provided by a fulfilled IPAddressClaim. If DHCP is not the source of IP addresses for this network device, nameservers should include a valid nameserver.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, }, }, - "taskRef": { + "addressesFromPools": { SchemaProps: spec.SchemaProps{ - Description: "taskRef is a managed object reference to a Task related to the machine. This value is set automatically at runtime and should not be set or modified by users.", - Type: []string{"string"}, - Format: "", + Description: "addressesFromPools is a list of references to IP pool types and instances which are handled by an external controller. addressesFromPool configurations provided via addressesFromPools defer IP address assignment to an external controller. IP addresses provided via ipAddrs, however, are intended to allow explicit assignment of a machine's IP address. If both addressesFromPool and ipAddrs are empty or not defined, DHCP will assign an IP address. If both ipAddrs and addressesFromPools are defined, the IP addresses associated with ipAddrs will be applied first followed by IP addresses from addressesFromPools.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.AddressesFromPool"), + }, + }, + }, }, }, }, }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + "github.com/openshift/api/machine/v1beta1.AddressesFromPool"}, } } -func schema_openshift_api_machine_v1beta1_Workspace(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_NetworkSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "WorkspaceConfig defines a workspace configuration for the vSphere cloud provider.", + Description: "NetworkSpec defines the virtual machine's network configuration.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "server": { + "devices": { SchemaProps: spec.SchemaProps{ - Description: "server is the IP address or FQDN of the vSphere endpoint.", - Type: []string{"string"}, - Format: "", + Description: "devices defines the virtual machine's network interfaces.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.NetworkDeviceSpec"), + }, + }, + }, }, }, - "datacenter": { + }, + Required: []string{"devices"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.NetworkDeviceSpec"}, + } +} + +func schema_openshift_api_machine_v1beta1_OSDisk(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "osType": { SchemaProps: spec.SchemaProps{ - Description: "datacenter is the datacenter in which VMs are created/located.", + Description: "osType is the operating system type of the OS disk. Possible values include \"Linux\" and \"Windows\".", + Default: "", Type: []string{"string"}, Format: "", }, }, - "folder": { + "managedDisk": { SchemaProps: spec.SchemaProps{ - Description: "folder is the folder in which VMs are created/located.", - Type: []string{"string"}, - Format: "", + Description: "managedDisk specifies the Managed Disk parameters for the OS disk.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.OSDiskManagedDiskParameters"), }, }, - "datastore": { + "diskSizeGB": { SchemaProps: spec.SchemaProps{ - Description: "datastore is the datastore in which VMs are created/located.", - Type: []string{"string"}, - Format: "", + Description: "diskSizeGB is the size in GB to assign to the data disk.", + Default: 0, + Type: []string{"integer"}, + Format: "int32", }, }, - "resourcePool": { + "diskSettings": { SchemaProps: spec.SchemaProps{ - Description: "resourcePool is the resource pool in which VMs are created/located.", - Type: []string{"string"}, - Format: "", + Description: "diskSettings describe ephemeral disk settings for the os disk.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.DiskSettings"), }, }, - "vmGroup": { + "cachingType": { SchemaProps: spec.SchemaProps{ - Description: "vmGroup is the cluster vm group in which virtual machines will be added for vm host group based zonal.", + Description: "cachingType specifies the caching requirements. Possible values include: 'None', 'ReadOnly', 'ReadWrite'. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is `None`.", Type: []string{"string"}, Format: "", }, }, }, + Required: []string{"osType", "managedDisk", "diskSizeGB"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.DiskSettings", "github.com/openshift/api/machine/v1beta1.OSDiskManagedDiskParameters"}, } } -func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImage(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_OSDiskManagedDiskParameters(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "InternalReleaseImage is used to keep track and manage a set of release bundles (OCP and OLM operators images) that are stored into the control planes nodes.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "OSDiskManagedDiskParameters is the parameters of a OSDisk managed disk.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { + "storageAccountType": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "storageAccountType is the storage account type to use. Possible values include \"Standard_LRS\", \"Premium_LRS\".", + Default: "", Type: []string{"string"}, Format: "", }, }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), - }, - }, - "spec": { + "diskEncryptionSet": { SchemaProps: spec.SchemaProps{ - Description: "spec describes the configuration of this internal release image.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageSpec"), + Description: "diskEncryptionSet is the disk encryption set properties", + Ref: ref("github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters"), }, }, - "status": { + "securityProfile": { SchemaProps: spec.SchemaProps{ - Description: "status describes the last observed state of this internal release image.", + Description: "securityProfile specifies the security profile for the managed disk.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageStatus"), + Ref: ref("github.com/openshift/api/machine/v1beta1.VMDiskSecurityProfile"), }, }, }, - Required: []string{"metadata", "spec"}, + Required: []string{"storageAccountType"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageSpec", "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters", "github.com/openshift/api/machine/v1beta1.VMDiskSecurityProfile"}, } } -func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageBundleStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_ObjectMeta(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. This is a copy of customizable fields from metav1.ObjectMeta.\n\nObjectMeta is embedded in `Machine.Spec`, `MachineDeployment.Template` and `MachineSet.Template`, which are not top-level Kubernetes objects. Given that metav1.ObjectMeta has lots of special cases and read-only fields which end up in the generated CRD validation, having it as a subset simplifies the API and some issues that can impact user experience.\n\nDuring the [upgrade to controller-tools@v2](https://github.com/kubernetes-sigs/cluster-api/pull/1054) for v1alpha2, we noticed a failure would occur running Cluster API test suite against the new CRDs, specifically `spec.metadata.creationTimestamp in body must be of type string: \"null\"`. The investigation showed that `controller-tools@v2` behaves differently than its previous version when handling types from [metav1](k8s.io/apimachinery/pkg/apis/meta/v1) package.\n\nIn more details, we found that embedded (non-top level) types that embedded `metav1.ObjectMeta` had validation properties, including for `creationTimestamp` (metav1.Time). The `metav1.Time` type specifies a custom json marshaller that, when IsZero() is true, returns `null` which breaks validation because the field isn't marked as nullable.\n\nIn future versions, controller-tools@v2 might allow overriding the type and validation for embedded types. When that happens, this hack should be revisited.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "conditions": { + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", + Type: []string{"string"}, + Format: "", + }, + }, + "generateName": { + SchemaProps: spec.SchemaProps{ + Description: "generateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", + Type: []string{"string"}, + Format: "", + }, + }, + "namespace": { + SchemaProps: spec.SchemaProps{ + Description: "namespace defines the space within each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", + Type: []string{"string"}, + Format: "", + }, + }, + "labels": { + SchemaProps: spec.SchemaProps{ + Description: "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "annotations": { + SchemaProps: spec.SchemaProps{ + Description: "annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "ownerReferences": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ "x-kubernetes-list-map-keys": []interface{}{ - "type", + "uid", }, - "x-kubernetes-list-type": "map", + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "uid", + "x-kubernetes-patch-strategy": "merge", }, }, SchemaProps: spec.SchemaProps{ - Description: "conditions represent the observations of an internal release image current state. Valid types are: Mounted, Installing, Available, Removing and Degraded.\n\nIf Mounted is true, that means that a valid ISO has been discovered and mounted on one of the cluster nodes. If Installing is true, that means that a new release bundle is currently being copied on one (or more) cluster nodes, and not yet completed. If Available is true, it means that the release has been previously installed on all the cluster nodes, and it can be used. If Removing is true, it means that a release deletion is in progress on one (or more) cluster nodes, and not yet completed. If Degraded is true, that means something has gone wrong (possibly on one or more cluster nodes).\n\nIn general, after installing a new release bundle, it is required to wait for the Conditions \"Available\" to become \"True\" (and all the other conditions to be equal to \"False\") before being able to pull its content.", + Description: "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.OwnerReference{}.OpenAPIModelName()), }, }, }, }, }, - "name": { - SchemaProps: spec.SchemaProps{ - Description: "name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. The expected name format is ocp-release-bundle--.", - Type: []string{"string"}, - Format: "", - }, - }, - "image": { - SchemaProps: spec.SchemaProps{ - Description: "image is an OCP release image referenced by digest. The format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters. The field is optional, and it will be provided after a release will be successfully installed.", - Type: []string{"string"}, - Format: "", - }, - }, }, - Required: []string{"name"}, }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + metav1.OwnerReference{}.OpenAPIModelName()}, } } -func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_Placement(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "InternalReleaseImageList is a list of InternalReleaseImage resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "Placement indicates where to create the instance in AWS", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "region": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "region is the region to use to create the instance", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "availabilityZone": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "availabilityZone is the availability zone of the instance", Type: []string{"string"}, Format: "", }, }, - "metadata": { + "tenancy": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Description: "tenancy indicates if instance should run on shared or single-tenant hardware. There are supported 3 options: default, dedicated and host. When set to default Runs on shared multi-tenant hardware. When dedicated Runs on single-tenant hardware (any dedicated instance hardware). When host and the host object is not provided: Runs on Dedicated Host; best-effort restart on same host. When `host` and `host` object is provided with affinity `dedicatedHost` defined: Runs on specified Dedicated Host.", + Type: []string{"string"}, + Format: "", }, }, - "items": { + "host": { SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImage"), - }, - }, - }, + Description: "host configures placement on AWS Dedicated Hosts. This allows admins to assign instances to specific host for a variety of needs including for regulatory compliance, to leverage existing per-socket or per-core software licenses (BYOL), and to gain visibility and control over instance placement on a physical server. When omitted, the instance is not constrained to a dedicated host.", + Ref: ref("github.com/openshift/api/machine/v1beta1.HostPlacement"), }, }, }, - Required: []string{"metadata", "items"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImage", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/machine/v1beta1.HostPlacement"}, } } -func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageRef(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_ProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "InternalReleaseImageRef is used to provide a simple reference for a release bundle. Currently it contains only the name field.", + Description: "ProviderSpec defines the configuration to use during node creation.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "value": { SchemaProps: spec.SchemaProps{ - Description: "name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. The expected name format is ocp-release-bundle--.", - Type: []string{"string"}, - Format: "", + Description: "value is an inlined, serialized representation of the resource configuration. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field, akin to component config.", + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, - Required: []string{"name"}, }, }, + Dependencies: []string{ + runtime.RawExtension{}.OpenAPIModelName()}, } } -func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_ResourceManagerTag(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "InternalReleaseImageSpec defines the desired state of a InternalReleaseImage.", + Description: "ResourceManagerTag is a tag to apply to GCP resources created for the cluster.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "releases": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, + "parentID": { + SchemaProps: spec.SchemaProps{ + Description: "parentID is the ID of the hierarchical resource where the tags are defined e.g. at the Organization or the Project level. To find the Organization or Project ID ref https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects An OrganizationID can have a maximum of 32 characters and must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.", + Default: "", + Type: []string{"string"}, + Format: "", }, + }, + "key": { SchemaProps: spec.SchemaProps{ - Description: "releases is a list of release bundle identifiers that the user wants to add/remove to/from the control plane nodes. Entries must be unique, keyed on the name field. releases must contain at least one entry and must not exceed 16 entries.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageRef"), - }, - }, - }, + Description: "key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "value": { + SchemaProps: spec.SchemaProps{ + Description: "value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces.", + Default: "", + Type: []string{"string"}, + Format: "", }, }, }, - Required: []string{"releases"}, + Required: []string{"parentID", "key", "value"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageRef"}, } } -func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_SecurityProfile(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "InternalReleaseImageStatus describes the current state of a InternalReleaseImage.", + Description: "SecurityProfile specifies the Security profile settings for a virtual machine or virtual machine scale set.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", - }, - "x-kubernetes-list-type": "map", - }, + "encryptionAtHost": { + SchemaProps: spec.SchemaProps{ + Description: "encryptionAtHost indicates whether Host Encryption should be enabled or disabled for a virtual machine or virtual machine scale set. This should be disabled when SecurityEncryptionType is set to DiskWithVMGuestState. Default is disabled.", + Type: []string{"boolean"}, + Format: "", }, + }, + "settings": { SchemaProps: spec.SchemaProps{ - Description: "conditions represent the observations of the InternalReleaseImage controller current state. Valid types are: Degraded. If Degraded is true, that means something has gone wrong in the controller.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), - }, - }, - }, + Description: "settings specify the security type and the UEFI settings of the virtual machine. This field can be set for Confidential VMs and Trusted Launch for VMs.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.SecuritySettings"), }, }, - "releases": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.SecuritySettings"}, + } +} + +func schema_openshift_api_machine_v1beta1_SecuritySettings(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "SecuritySettings define the security type and the UEFI settings of the virtual machine.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "securityType": { + SchemaProps: spec.SchemaProps{ + Description: "securityType specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UEFISettings. The default behavior is: UEFISettings will not be enabled unless this property is set.", + Default: "", + Type: []string{"string"}, + Format: "", }, + }, + "confidentialVM": { SchemaProps: spec.SchemaProps{ - Description: "releases is a list of the release bundles currently owned and managed by the cluster. A release bundle content could be safely pulled only when its Conditions field contains at least an Available entry set to \"True\" and Degraded to \"False\". Entries must be unique, keyed on the name field. releases must contain at least one entry and must not exceed 32 entries.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageBundleStatus"), - }, - }, + Description: "confidentialVM specifies the security configuration of the virtual machine. For more information regarding Confidential VMs, please refer to: https://learn.microsoft.com/azure/confidential-computing/confidential-vm-overview", + Ref: ref("github.com/openshift/api/machine/v1beta1.ConfidentialVM"), + }, + }, + "trustedLaunch": { + SchemaProps: spec.SchemaProps{ + Description: "trustedLaunch specifies the security configuration of the virtual machine. For more information regarding TrustedLaunch for VMs, please refer to: https://learn.microsoft.com/azure/virtual-machines/trusted-launch", + Ref: ref("github.com/openshift/api/machine/v1beta1.TrustedLaunch"), + }, + }, + }, + Required: []string{"securityType"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "securityType", + "fields-to-discriminateBy": map[string]interface{}{ + "confidentialVM": "ConfidentialVM", + "trustedLaunch": "TrustedLaunch", }, }, }, }, - Required: []string{"releases"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageBundleStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + "github.com/openshift/api/machine/v1beta1.ConfidentialVM", "github.com/openshift/api/machine/v1beta1.TrustedLaunch"}, } } -func schema_openshift_api_machineconfiguration_v1alpha1_MCOObjectReference(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_SpotMarketOptions(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MCOObjectReference holds information about an object the MCO either owns or modifies in some way", + Description: "SpotMarketOptions defines the options available to a user when configuring Machines to run on Spot instances. Most users should provide an empty struct.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "maxPrice": { SchemaProps: spec.SchemaProps{ - Description: "name is the name of the object being referenced. For example, this can represent a machine config pool or node name. Must be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting of only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end with an alphanumeric character, and be at most 253 characters in length.", - Default: "", + Description: "The maximum price the user is willing to pay for their instances Default: On-Demand price", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"name"}, }, }, } } -func schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNode(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_SpotVMOptions(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MachineConfigNode describes the health of the Machines on the system Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "SpotVMOptions defines the options relevant to running the Machine on Spot VMs", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object metadata.", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), - }, - }, - "spec": { - SchemaProps: spec.SchemaProps{ - Description: "spec describes the configuration of the machine config node.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeSpec"), - }, - }, - "status": { + "maxPrice": { SchemaProps: spec.SchemaProps{ - Description: "status describes the last observed state of this machine config node.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeStatus"), + Description: "maxPrice defines the maximum price the user is willing to pay for Spot VM instances", + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, }, - Required: []string{"spec"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeSpec", "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + resource.Quantity{}.OpenAPIModelName()}, } } -func schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_TagSpecification(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MachineConfigNodeList describes all of the MachinesStates on the system\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "TagSpecification is the name/value pair for a tag", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "kind": { + "name": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "name of the tag. This field is required and must be a non-empty string. Must be between 1 and 128 characters in length.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "value": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "value of the tag. When omitted, this creates a tag with an empty string as the value.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list metadata.", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), - }, - }, - "items": { - SchemaProps: spec.SchemaProps{ - Description: "items contains a collection of MachineConfigNode resources.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNode"), - }, - }, - }, - }, - }, }, + Required: []string{"name"}, }, }, - Dependencies: []string{ - "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNode", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, } } -func schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_TrustedLaunch(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MachineConfigNodeSpec describes the MachineConfigNode we are managing.", + Description: "TrustedLaunch defines the UEFI settings for the virtual machine.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "node": { - SchemaProps: spec.SchemaProps{ - Description: "node contains a reference to the node for this machine config node.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.MCOObjectReference"), - }, - }, - "pool": { - SchemaProps: spec.SchemaProps{ - Description: "pool contains a reference to the machine config pool that this machine config node's referenced node belongs to.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.MCOObjectReference"), - }, - }, - "configVersion": { + "uefiSettings": { SchemaProps: spec.SchemaProps{ - Description: "configVersion holds the desired config version for the node targeted by this machine config node resource. The desired version represents the machine config the node will attempt to update to and gets set before the machine config operator validates the new machine config against the current machine config.", + Description: "uefiSettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeSpecMachineConfigVersion"), + Ref: ref("github.com/openshift/api/machine/v1beta1.UEFISettings"), }, }, }, - Required: []string{"node", "pool", "configVersion"}, + Required: []string{"uefiSettings"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machineconfiguration/v1alpha1.MCOObjectReference", "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeSpecMachineConfigVersion"}, + "github.com/openshift/api/machine/v1beta1.UEFISettings"}, } } -func schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeSpecMachineConfigVersion(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_UEFISettings(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MachineConfigNodeSpecMachineConfigVersion holds the desired config version for the current observed machine config node. When Current is not equal to Desired, the MachineConfigOperator is in an upgrade phase and the machine config node will take account of upgrade related events. Otherwise, they will be ignored given that certain operations happen both during the MCO's upgrade mode and the daily operations mode.", + Description: "UEFISettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "desired": { + "secureBoot": { SchemaProps: spec.SchemaProps{ - Description: "desired is the name of the machine config that the the node should be upgraded to. This value is set when the machine config pool generates a new version of its rendered configuration. When this value is changed, the machine config daemon starts the node upgrade process. This value gets set in the machine config node spec once the machine config has been targeted for upgrade and before it is validated. Must be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting of only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end with an alphanumeric character, and be at most 253 characters in length.", - Default: "", + Description: "secureBoot specifies whether secure boot should be enabled on the virtual machine. Secure Boot verifies the digital signature of all boot components and halts the boot process if signature verification fails. If omitted, the platform chooses a default, which is subject to change over time, currently that default is disabled.", + Type: []string{"string"}, + Format: "", + }, + }, + "virtualizedTrustedPlatformModule": { + SchemaProps: spec.SchemaProps{ + Description: "virtualizedTrustedPlatformModule specifies whether vTPM should be enabled on the virtual machine. When enabled the virtualized trusted platform module measurements are used to create a known good boot integrity policy baseline. The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. This is required to be enabled if SecurityEncryptionType is defined. If omitted, the platform chooses a default, which is subject to change over time, currently that default is disabled.", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"desired"}, }, }, } } -func schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_UnhealthyCondition(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MachineConfigNodeStatus holds the reported information on a particular machine config node.", + Description: "UnhealthyCondition represents a Node condition type and value with a timeout specified as a duration. When the named condition has been in the given status for at least the timeout value, a node is considered unhealthy.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "conditions": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "type", - }, - "x-kubernetes-list-type": "map", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "conditions represent the observations of a machine config node's current state.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), - }, - }, - }, - }, - }, - "observedGeneration": { + "type": { SchemaProps: spec.SchemaProps{ - Description: "observedGeneration represents the generation of the MachineConfigNode object observed by the Machine Config Operator's controller. This field is updated when the controller observes a change to the desiredConfig in the configVersion of the machine config node spec.", - Type: []string{"integer"}, - Format: "int64", + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "configVersion": { + "status": { SchemaProps: spec.SchemaProps{ - Description: "configVersion describes the current and desired machine config version for this node.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeStatusMachineConfigVersion"), + Default: "", + Type: []string{"string"}, + Format: "", }, }, - "pinnedImageSets": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-map-keys": []interface{}{ - "name", - }, - "x-kubernetes-list-type": "map", - }, - }, + "timeout": { SchemaProps: spec.SchemaProps{ - Description: "pinnedImageSets describes the current and desired pinned image sets for this node.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeStatusPinnedImageSet"), - }, - }, - }, + Description: "Expects an unsigned duration string of decimal numbers each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".", + Ref: ref(metav1.Duration{}.OpenAPIModelName()), }, }, }, - Required: []string{"configVersion"}, + Required: []string{"type", "status", "timeout"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeStatusMachineConfigVersion", "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeStatusPinnedImageSet", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + metav1.Duration{}.OpenAPIModelName()}, } } -func schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeStatusMachineConfigVersion(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_VMDiskSecurityProfile(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MachineConfigNodeStatusMachineConfigVersion holds the current and desired config versions as last updated in the MCN status. When the current and desired versions do not match, the machine config pool is processing an upgrade and the machine config node will monitor the upgrade process. When the current and desired versions do match, the machine config node will ignore these events given that certain operations happen both during the MCO's upgrade mode and the daily operations mode.", + Description: "VMDiskSecurityProfile specifies the security profile settings for the managed disk. It can be set only for Confidential VMs.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "current": { + "diskEncryptionSet": { SchemaProps: spec.SchemaProps{ - Description: "current is the name of the machine config currently in use on the node. This value is updated once the machine config daemon has completed the update of the configuration for the node. This value should match the desired version unless an upgrade is in progress. Must be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting of only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end with an alphanumeric character, and be at most 253 characters in length.", - Default: "", - Type: []string{"string"}, - Format: "", + Description: "diskEncryptionSet specifies the customer managed disk encryption set resource id for the managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and VMGuest blob.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters"), }, }, - "desired": { + "securityEncryptionType": { SchemaProps: spec.SchemaProps{ - Description: "desired is the MachineConfig the node wants to upgrade to. This value gets set in the machine config node status once the machine config has been validated against the current machine config. Must be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting of only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end with an alphanumeric character, and be at most 253 characters in length.", - Default: "", + Description: "securityEncryptionType specifies the encryption type of the managed disk. It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only. When set to VMGuestStateOnly, the vTPM should be enabled. When set to DiskWithVMGuestState, both SecureBoot and vTPM should be enabled. If the above conditions are not fulfilled, the VM will not be created and the respective error will be returned. It can be set only for Confidential VMs. Confidential VMs are defined by their SecurityProfile.SecurityType being set to ConfidentialVM, the SecurityEncryptionType of their OS disk being set to one of the allowed values and by enabling the respective SecurityProfile.UEFISettings of the VM (i.e. vTPM and SecureBoot), depending on the selected SecurityEncryptionType. For further details on Azure Confidential VMs, please refer to the respective documentation: https://learn.microsoft.com/azure/confidential-computing/confidential-vm-overview", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"desired"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/machine/v1beta1.DiskEncryptionSetParameters"}, } } -func schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeStatusPinnedImageSet(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_VSphereDisk(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "MachineConfigNodeStatusPinnedImageSet holds information about the current, desired, and failed pinned image sets for the observed machine config node.", + Description: "VSphereDisk describes additional disks for vSphere.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "name": { SchemaProps: spec.SchemaProps{ - Description: "name is the name of the pinned image set. Must be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting of only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end with an alphanumeric character, and be at most 253 characters in length.", + Description: "name is used to identify the disk definition. name is required needs to be unique so that it can be used to clearly identify purpose of the disk. It must be at most 80 characters in length and must consist only of alphanumeric characters, hyphens and underscores, and must start and end with an alphanumeric character.", Default: "", Type: []string{"string"}, Format: "", }, }, - "currentGeneration": { - SchemaProps: spec.SchemaProps{ - Description: "currentGeneration is the generation of the pinned image set that has most recently been successfully pulled and pinned on this node.", - Type: []string{"integer"}, - Format: "int32", - }, - }, - "desiredGeneration": { - SchemaProps: spec.SchemaProps{ - Description: "desiredGeneration is the generation of the pinned image set that is targeted to be pulled and pinned on this node.", - Type: []string{"integer"}, - Format: "int32", - }, - }, - "lastFailedGeneration": { + "sizeGiB": { SchemaProps: spec.SchemaProps{ - Description: "lastFailedGeneration is the generation of the most recent pinned image set that failed to be pulled and pinned on this node.", + Description: "sizeGiB is the size of the disk in GiB. The maximum supported size 16384 GiB.", + Default: 0, Type: []string{"integer"}, Format: "int32", }, }, - "lastFailedGenerationError": { + "provisioningMode": { SchemaProps: spec.SchemaProps{ - Description: "lastFailedGenerationError is the error explaining why the desired images failed to be pulled and pinned. The error is an empty string if the image pull and pin is successful.", + Description: "provisioningMode is an optional field that specifies the provisioning type to be used by this vSphere data disk. Allowed values are \"Thin\", \"Thick\", \"EagerlyZeroed\", and omitted. When set to Thin, the disk will be made using thin provisioning allocating the bare minimum space. When set to Thick, the full disk size will be allocated when disk is created. When set to EagerlyZeroed, the disk will be created using eager zero provisioning. An eager zeroed thick disk has all space allocated and wiped clean of any previous contents on the physical media at creation time. Such disks may take longer time during creation compared to other disk formats. When omitted, no setting will be applied to the data disk and the provisioning mode for the disk will be determined by the default storage policy configured for the datastore in vSphere.", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"name"}, + Required: []string{"name", "sizeGiB"}, }, }, } } -func schema_openshift_api_machineconfiguration_v1alpha1_OSImageStream(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_VSphereMachineProviderSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "OSImageStream describes a set of streams and associated images available for the MachineConfigPools to be used as base OS images.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "VSphereMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an VSphere virtual machine. It is used by the vSphere machine actuator to create a single Machine. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -45409,198 +45963,264 @@ func schema_openshift_api_machineconfiguration_v1alpha1_OSImageStream(ref common }, "metadata": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Default: map[string]interface{}{}, + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, - "spec": { + "userDataSecret": { SchemaProps: spec.SchemaProps{ - Description: "spec contains the desired OSImageStream config configuration.", - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamSpec"), + Description: "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, - "status": { + "credentialsSecret": { SchemaProps: spec.SchemaProps{ - Description: "status describes the last observed state of this OSImageStream. Populated by the MachineConfigOperator after reading release metadata. When not present, the controller has not yet reconciled this resource.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamStatus"), + Description: "credentialsSecret is a reference to the secret with vSphere credentials.", + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, - }, - Required: []string{"spec"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamSpec", "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, - } -} - -func schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamList(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "OSImageStreamList is a list of OSImageStream resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { + "template": { SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Description: "template is the name, inventory path, or instance UUID of the template used to clone new machines.", + Default: "", Type: []string{"string"}, Format: "", }, }, - "apiVersion": { + "workspace": { SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Description: "workspace describes the workspace to use for the machine.", + Ref: ref("github.com/openshift/api/machine/v1beta1.Workspace"), + }, + }, + "network": { + SchemaProps: spec.SchemaProps{ + Description: "network is the network configuration for this machine's VM.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machine/v1beta1.NetworkSpec"), + }, + }, + "numCPUs": { + SchemaProps: spec.SchemaProps{ + Description: "numCPUs is the number of virtual processors in a virtual machine. Defaults to the analogue property value in the template from which this machine is cloned.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "numCoresPerSocket": { + SchemaProps: spec.SchemaProps{ + Description: "NumCPUs is the number of cores among which to distribute CPUs in this virtual machine. Defaults to the analogue property value in the template from which this machine is cloned.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "memoryMiB": { + SchemaProps: spec.SchemaProps{ + Description: "memoryMiB is the size of a virtual machine's memory, in MiB. Defaults to the analogue property value in the template from which this machine is cloned.", + Type: []string{"integer"}, + Format: "int64", + }, + }, + "diskGiB": { + SchemaProps: spec.SchemaProps{ + Description: "diskGiB is the size of a virtual machine's disk, in GiB. Defaults to the analogue property value in the template from which this machine is cloned. This parameter will be ignored if 'LinkedClone' CloneMode is set.", + Type: []string{"integer"}, + Format: "int32", + }, + }, + "tagIDs": { + SchemaProps: spec.SchemaProps{ + Description: "tagIDs is an optional set of tags to add to an instance. Specified tagIDs must use URN-notation instead of display names. A maximum of 10 tag IDs may be specified.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "snapshot": { + SchemaProps: spec.SchemaProps{ + Description: "snapshot is the name of the snapshot from which the VM was cloned", + Default: "", Type: []string{"string"}, Format: "", }, }, - "metadata": { + "cloneMode": { SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Description: "cloneMode specifies the type of clone operation. The LinkedClone mode is only support for templates that have at least one snapshot. If the template has no snapshots, then CloneMode defaults to FullClone. When LinkedClone mode is enabled the DiskGiB field is ignored as it is not possible to expand disks of linked clones. Defaults to FullClone. When using LinkedClone, if no snapshots exist for the source template, falls back to FullClone.", + Type: []string{"string"}, + Format: "", }, }, - "items": { + "dataDisks": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, SchemaProps: spec.SchemaProps{ - Type: []string{"array"}, + Description: "dataDisks is a list of non OS disks to be created and attached to the VM. The max number of disk allowed to be attached is currently 29. The max number of disks for any controller is 30, but VM template will always have OS disk so that will leave 29 disks on any controller type.", + Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStream"), + Ref: ref("github.com/openshift/api/machine/v1beta1.VSphereDisk"), }, }, }, }, }, }, - Required: []string{"metadata", "items"}, + Required: []string{"template", "network"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStream", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/machine/v1beta1.NetworkSpec", "github.com/openshift/api/machine/v1beta1.VSphereDisk", "github.com/openshift/api/machine/v1beta1.Workspace", corev1.LocalObjectReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamSet(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_VSphereMachineProviderStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "VSphereMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains VSphere-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "kind": { SchemaProps: spec.SchemaProps{ - Description: "name is the required identifier of the stream.\n\nname is determined by the operator based on the OCI label of the discovered OS or Extension Image.\n\nMust be a valid RFC 1123 subdomain between 1 and 253 characters in length, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.').", + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Type: []string{"string"}, Format: "", }, }, - "osImage": { + "apiVersion": { SchemaProps: spec.SchemaProps{ - Description: "osImage is a required OS Image referenced by digest.\n\nosImage contains the immutable, fundamental operating system components, including the kernel and base utilities, that define the core environment for the node's host operating system.\n\nThe format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters.", + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", Type: []string{"string"}, Format: "", }, }, - "osExtensionsImage": { + "instanceId": { SchemaProps: spec.SchemaProps{ - Description: "osExtensionsImage is a required OS Extensions Image referenced by digest.\n\nosExtensionsImage bundles the extra repositories used to enable extensions, augmenting the base operating system without modifying the underlying immutable osImage.\n\nThe format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters.", + Description: "instanceId is the ID of the instance in VSphere", Type: []string{"string"}, Format: "", }, }, - }, - Required: []string{"name", "osImage", "osExtensionsImage"}, - }, - }, - } -} - -func schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "OSImageStreamSpec defines the desired state of a OSImageStream.", - Type: []string{"object"}, - }, - }, - } -} - -func schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "OSImageStreamStatus describes the current state of a OSImageStream", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "availableStreams": { + "instanceState": { + SchemaProps: spec.SchemaProps{ + Description: "instanceState is the provisioning state of the VSphere Instance.", + Type: []string{"string"}, + Format: "", + }, + }, + "conditions": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ "x-kubernetes-list-map-keys": []interface{}{ - "name", + "type", }, "x-kubernetes-list-type": "map", }, }, SchemaProps: spec.SchemaProps{ - Description: "availableStreams is a list of the available OS Image Streams that can be used as the base image for MachineConfigPools. availableStreams is required, must have at least one item, must not exceed 100 items, and must have unique entries keyed on the name field.", + Description: "conditions is a set of conditions associated with the Machine to indicate errors or other status", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamSet"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, }, }, - "defaultStream": { + "taskRef": { SchemaProps: spec.SchemaProps{ - Description: "defaultStream is the name of the stream that should be used as the default when no specific stream is requested by a MachineConfigPool.\n\nIt must be a valid RFC 1123 subdomain between 1 and 253 characters in length, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.'), and must reference the name of one of the streams in availableStreams.", + Description: "taskRef is a managed object reference to a Task related to the machine. This value is set automatically at runtime and should not be set or modified by users.", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"availableStreams", "defaultStream"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamSet"}, + metav1.Condition{}.OpenAPIModelName()}, } } -func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageRef(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machine_v1beta1_Workspace(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, + Description: "WorkspaceConfig defines a workspace configuration for the vSphere cloud provider.", + Type: []string{"object"}, Properties: map[string]spec.Schema{ - "name": { + "server": { + SchemaProps: spec.SchemaProps{ + Description: "server is the IP address or FQDN of the vSphere endpoint.", + Type: []string{"string"}, + Format: "", + }, + }, + "datacenter": { + SchemaProps: spec.SchemaProps{ + Description: "datacenter is the datacenter in which VMs are created/located.", + Type: []string{"string"}, + Format: "", + }, + }, + "folder": { + SchemaProps: spec.SchemaProps{ + Description: "folder is the folder in which VMs are created/located.", + Type: []string{"string"}, + Format: "", + }, + }, + "datastore": { + SchemaProps: spec.SchemaProps{ + Description: "datastore is the datastore in which VMs are created/located.", + Type: []string{"string"}, + Format: "", + }, + }, + "resourcePool": { + SchemaProps: spec.SchemaProps{ + Description: "resourcePool is the resource pool in which VMs are created/located.", + Type: []string{"string"}, + Format: "", + }, + }, + "vmGroup": { SchemaProps: spec.SchemaProps{ - Description: "name is an OCI Image referenced by digest. The format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters.", + Description: "vmGroup is the cluster vm group in which virtual machines will be added for vm host group based zonal.", Type: []string{"string"}, Format: "", }, }, }, - Required: []string{"name"}, }, }, } } -func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSet(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImage(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PinnedImageSet describes a set of images that should be pinned by CRI-O and pulled to the nodes which are members of the declared MachineConfigPools.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "InternalReleaseImage is used to keep track and manage a set of release bundles (OCP and OLM operators images) that are stored into the control planes nodes.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -45619,38 +46239,90 @@ func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSet(ref commo }, "metadata": { SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { SchemaProps: spec.SchemaProps{ - Description: "spec describes the configuration of this pinned image set.", + Description: "spec describes the configuration of this internal release image.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetSpec"), + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageSpec"), }, }, "status": { SchemaProps: spec.SchemaProps{ - Description: "status describes the last observed state of this pinned image set.", + Description: "status describes the last observed state of this internal release image.", Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetStatus"), + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageStatus"), }, }, }, - Required: []string{"spec"}, + Required: []string{"metadata", "spec"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageSpec", "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageBundleStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "type", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "conditions represent the observations of an internal release image current state. Valid types are: Mounted, Installing, Available, Removing and Degraded.\n\nIf Mounted is true, that means that a valid ISO has been discovered and mounted on one of the cluster nodes. If Installing is true, that means that a new release bundle is currently being copied on one (or more) cluster nodes, and not yet completed. If Available is true, it means that the release has been previously installed on all the cluster nodes, and it can be used. If Removing is true, it means that a release deletion is in progress on one (or more) cluster nodes, and not yet completed. If Degraded is true, that means something has gone wrong (possibly on one or more cluster nodes).\n\nIn general, after installing a new release bundle, it is required to wait for the Conditions \"Available\" to become \"True\" (and all the other conditions to be equal to \"False\") before being able to pull its content.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(metav1.Condition{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. The expected name format is ocp-release-bundle--.", + Type: []string{"string"}, + Format: "", + }, + }, + "image": { + SchemaProps: spec.SchemaProps{ + Description: "image is an OCP release image referenced by digest. The format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters. The field is optional, and it will be provided after a release will be successfully installed.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"name"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetSpec", "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + metav1.Condition{}.OpenAPIModelName()}, } } -func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetList(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageList(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PinnedImageSetList is a list of PinnedImageSet resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Description: "InternalReleaseImageList is a list of InternalReleaseImage resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "kind": { @@ -45671,7 +46343,7 @@ func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetList(ref c SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -45681,7 +46353,7 @@ func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetList(ref c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSet"), + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImage"), }, }, }, @@ -45692,18 +46364,39 @@ func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetList(ref c }, }, Dependencies: []string{ - "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSet", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImage", metav1.ListMeta{}.OpenAPIModelName()}, } } -func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageRef(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PinnedImageSetSpec defines the desired state of a PinnedImageSet.", + Description: "InternalReleaseImageRef is used to provide a simple reference for a release bundle. Currently it contains only the name field.", Type: []string{"object"}, Properties: map[string]spec.Schema{ - "pinnedImages": { + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. The expected name format is ocp-release-bundle--.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"name"}, + }, + }, + } +} + +func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "InternalReleaseImageSpec defines the desired state of a InternalReleaseImage.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "releases": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ "x-kubernetes-list-map-keys": []interface{}{ @@ -45713,32 +46406,32 @@ func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetSpec(ref c }, }, SchemaProps: spec.SchemaProps{ - Description: "pinnedImages is a list of OCI Image referenced by digest that should be pinned and pre-loaded by the nodes of a MachineConfigPool. Translates into a new file inside the /etc/crio/crio.conf.d directory with content similar to this:\n\n pinned_images = [\n \"quay.io/openshift-release-dev/ocp-release@sha256:...\",\n \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\",\n \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\",\n ...\n ]\n\nThese image references should all be by digest, tags aren't allowed.", + Description: "releases is a list of release bundle identifiers that the user wants to add/remove to/from the control plane nodes. Entries must be unique, keyed on the name field. releases must contain at least one entry and must not exceed 16 entries.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageRef"), + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageRef"), }, }, }, }, }, }, - Required: []string{"pinnedImages"}, + Required: []string{"releases"}, }, }, Dependencies: []string{ - "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageRef"}, + "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageRef"}, } } -func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { +func schema_openshift_api_machineconfiguration_v1alpha1_InternalReleaseImageStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "PinnedImageSetStatus describes the current state of a PinnedImageSet.", + Description: "InternalReleaseImageStatus describes the current state of a InternalReleaseImage.", Type: []string{"object"}, Properties: map[string]spec.Schema{ "conditions": { @@ -45751,23 +46444,245 @@ func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetStatus(ref }, }, SchemaProps: spec.SchemaProps{ - Description: "conditions represent the observations of a pinned image set's current state.", + Description: "conditions represent the observations of the InternalReleaseImage controller current state. Valid types are: Degraded. If Degraded is true, that means something has gone wrong in the controller.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref(metav1.Condition{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + "releases": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "releases is a list of the release bundles currently owned and managed by the cluster. A release bundle content could be safely pulled only when its Conditions field contains at least an Available entry set to \"True\" and Degraded to \"False\". Entries must be unique, keyed on the name field. releases must contain at least one entry and must not exceed 32 entries.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageBundleStatus"), + }, + }, + }, + }, + }, + }, + Required: []string{"releases"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machineconfiguration/v1alpha1.InternalReleaseImageBundleStatus", metav1.Condition{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_machineconfiguration_v1alpha1_OSImageStream(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "OSImageStream describes a set of streams and associated images available for the MachineConfigPools to be used as base OS images.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Description: "spec contains the desired OSImageStream config configuration.", + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "status describes the last observed state of this OSImageStream. Populated by the MachineConfigOperator after reading release metadata. When not present, the controller has not yet reconciled this resource.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamStatus"), + }, + }, + }, + Required: []string{"spec"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamSpec", "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "OSImageStreamList is a list of OSImageStream resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStream"), + }, + }, + }, + }, + }, + }, + Required: []string{"metadata", "items"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStream", metav1.ListMeta{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamSet(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is the required identifier of the stream.\n\nname is determined by the operator based on the OCI label of the discovered OS or Extension Image.\n\nMust be a valid RFC 1123 subdomain between 1 and 253 characters in length, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.').", + Type: []string{"string"}, + Format: "", + }, + }, + "osImage": { + SchemaProps: spec.SchemaProps{ + Description: "osImage is a required OS Image referenced by digest.\n\nosImage contains the immutable, fundamental operating system components, including the kernel and base utilities, that define the core environment for the node's host operating system.\n\nThe format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters.", + Type: []string{"string"}, + Format: "", + }, + }, + "osExtensionsImage": { + SchemaProps: spec.SchemaProps{ + Description: "osExtensionsImage is a required OS Extensions Image referenced by digest.\n\nosExtensionsImage bundles the extra repositories used to enable extensions, augmenting the base operating system without modifying the underlying immutable osImage.\n\nThe format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"name", "osImage", "osExtensionsImage"}, + }, + }, + } +} + +func schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "OSImageStreamSpec defines the desired state of a OSImageStream.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "defaultStream": { + SchemaProps: spec.SchemaProps{ + Description: "defaultStream is the desired name of the stream that should be used as the default when no specific stream is requested by a MachineConfigPool.\n\nThis field is set by the installer during installation. Users may need to update it if the currently selected stream is no longer available, for example when the stream has reached its End of Life. The MachineConfigOperator uses this value to determine which stream from status.availableStreams to apply as the default for MachineConfigPools that do not specify a stream override.\n\nWhen status.availableStreams has been populated by the operator, updating this field requires that the new value references the name of one of the streams in status.availableStreams. Status-only updates by the operator are not subject to this constraint, allowing the operator to update availableStreams independently of this field. During initial creation, before the operator has populated status, any valid value is accepted.\n\nWhen omitted, the operator determines the default stream automatically. Once set, this field cannot be removed.\n\nIt must be a valid RFC 1123 subdomain between 1 and 253 characters in length, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.').", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + } +} + +func schema_openshift_api_machineconfiguration_v1alpha1_OSImageStreamStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "OSImageStreamStatus describes the current state of a OSImageStream", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "availableStreams": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "availableStreams is a list of the available OS Image Streams that can be used as the base image for MachineConfigPools. availableStreams is required, must have at least one item, must not exceed 100 items, and must have unique entries keyed on the name field.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamSet"), }, }, }, }, }, + "defaultStream": { + SchemaProps: spec.SchemaProps{ + Description: "defaultStream is the name of the stream that should be used as the default when no specific stream is requested by a MachineConfigPool.\n\nIt must be a valid RFC 1123 subdomain between 1 and 253 characters in length, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.'), and must reference the name of one of the streams in availableStreams.", + Type: []string{"string"}, + Format: "", + }, + }, }, + Required: []string{"availableStreams", "defaultStream"}, }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + "github.com/openshift/api/machineconfiguration/v1alpha1.OSImageStreamSet"}, } } @@ -45796,7 +46711,7 @@ func schema_openshift_api_monitoring_v1_AlertRelabelConfig(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -45818,7 +46733,7 @@ func schema_openshift_api_monitoring_v1_AlertRelabelConfig(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/monitoring/v1.AlertRelabelConfigSpec", "github.com/openshift/api/monitoring/v1.AlertRelabelConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/monitoring/v1.AlertRelabelConfigSpec", "github.com/openshift/api/monitoring/v1.AlertRelabelConfigStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -45847,7 +46762,7 @@ func schema_openshift_api_monitoring_v1_AlertRelabelConfigList(ref common.Refere SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -45868,7 +46783,7 @@ func schema_openshift_api_monitoring_v1_AlertRelabelConfigList(ref common.Refere }, }, Dependencies: []string{ - "github.com/openshift/api/monitoring/v1.AlertRelabelConfig", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/monitoring/v1.AlertRelabelConfig", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -45925,7 +46840,7 @@ func schema_openshift_api_monitoring_v1_AlertRelabelConfigStatus(ref common.Refe Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -45935,7 +46850,7 @@ func schema_openshift_api_monitoring_v1_AlertRelabelConfigStatus(ref common.Refe }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + metav1.Condition{}.OpenAPIModelName()}, } } @@ -45964,7 +46879,7 @@ func schema_openshift_api_monitoring_v1_AlertingRule(ref common.ReferenceCallbac SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -45986,7 +46901,7 @@ func schema_openshift_api_monitoring_v1_AlertingRule(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "github.com/openshift/api/monitoring/v1.AlertingRuleSpec", "github.com/openshift/api/monitoring/v1.AlertingRuleStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/monitoring/v1.AlertingRuleSpec", "github.com/openshift/api/monitoring/v1.AlertingRuleStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -46015,7 +46930,7 @@ func schema_openshift_api_monitoring_v1_AlertingRuleList(ref common.ReferenceCal SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -46036,7 +46951,7 @@ func schema_openshift_api_monitoring_v1_AlertingRuleList(ref common.ReferenceCal }, }, Dependencies: []string{ - "github.com/openshift/api/monitoring/v1.AlertingRule", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/monitoring/v1.AlertingRule", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -46217,7 +47132,7 @@ func schema_openshift_api_monitoring_v1_Rule(ref common.ReferenceCallback) commo "expr": { SchemaProps: spec.SchemaProps{ Description: "expr is the PromQL expression to evaluate. Every evaluation cycle this is evaluated at the current time, and all resultant time series become pending or firing alerts. This is most often a string representing a PromQL expression, e.g.: mapi_current_pending_csr > mapi_max_pending_csr In rare cases this could be a simple integer, e.g. a simple \"1\" if the intent is to create an alert that is always firing. This is sometimes used to create an always-firing \"Watchdog\" alert in order to ensure the alerting pipeline is functional.", - Ref: ref("k8s.io/apimachinery/pkg/util/intstr.IntOrString"), + Ref: ref(intstr.IntOrString{}.OpenAPIModelName()), }, }, "for": { @@ -46264,7 +47179,7 @@ func schema_openshift_api_monitoring_v1_Rule(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/util/intstr.IntOrString"}, + intstr.IntOrString{}.OpenAPIModelName()}, } } @@ -46338,7 +47253,7 @@ func schema_openshift_api_network_v1_ClusterNetwork(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "network": { @@ -46403,7 +47318,7 @@ func schema_openshift_api_network_v1_ClusterNetwork(ref common.ReferenceCallback }, }, Dependencies: []string{ - "github.com/openshift/api/network/v1.ClusterNetworkEntry", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/network/v1.ClusterNetworkEntry", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -46462,7 +47377,7 @@ func schema_openshift_api_network_v1_ClusterNetworkList(ref common.ReferenceCall SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -46484,7 +47399,7 @@ func schema_openshift_api_network_v1_ClusterNetworkList(ref common.ReferenceCall }, }, Dependencies: []string{ - "github.com/openshift/api/network/v1.ClusterNetwork", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/network/v1.ClusterNetwork", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -46513,7 +47428,7 @@ func schema_openshift_api_network_v1_EgressNetworkPolicy(ref common.ReferenceCal SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -46528,7 +47443,7 @@ func schema_openshift_api_network_v1_EgressNetworkPolicy(ref common.ReferenceCal }, }, Dependencies: []string{ - "github.com/openshift/api/network/v1.EgressNetworkPolicySpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/network/v1.EgressNetworkPolicySpec", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -46557,7 +47472,7 @@ func schema_openshift_api_network_v1_EgressNetworkPolicyList(ref common.Referenc SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -46579,7 +47494,7 @@ func schema_openshift_api_network_v1_EgressNetworkPolicyList(ref common.Referenc }, }, Dependencies: []string{ - "github.com/openshift/api/network/v1.EgressNetworkPolicy", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/network/v1.EgressNetworkPolicy", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -46696,7 +47611,7 @@ func schema_openshift_api_network_v1_HostSubnet(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "host": { @@ -46758,7 +47673,7 @@ func schema_openshift_api_network_v1_HostSubnet(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -46787,7 +47702,7 @@ func schema_openshift_api_network_v1_HostSubnetList(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -46809,7 +47724,7 @@ func schema_openshift_api_network_v1_HostSubnetList(ref common.ReferenceCallback }, }, Dependencies: []string{ - "github.com/openshift/api/network/v1.HostSubnet", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/network/v1.HostSubnet", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -46838,7 +47753,7 @@ func schema_openshift_api_network_v1_NetNamespace(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "netname": { @@ -46877,7 +47792,7 @@ func schema_openshift_api_network_v1_NetNamespace(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -46906,7 +47821,7 @@ func schema_openshift_api_network_v1_NetNamespaceList(ref common.ReferenceCallba SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -46928,7 +47843,7 @@ func schema_openshift_api_network_v1_NetNamespaceList(ref common.ReferenceCallba }, }, Dependencies: []string{ - "github.com/openshift/api/network/v1.NetNamespace", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/network/v1.NetNamespace", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -46957,7 +47872,7 @@ func schema_openshift_api_network_v1alpha1_DNSNameResolver(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -46979,7 +47894,7 @@ func schema_openshift_api_network_v1alpha1_DNSNameResolver(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/network/v1alpha1.DNSNameResolverSpec", "github.com/openshift/api/network/v1alpha1.DNSNameResolverStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/network/v1alpha1.DNSNameResolverSpec", "github.com/openshift/api/network/v1alpha1.DNSNameResolverStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -47008,7 +47923,7 @@ func schema_openshift_api_network_v1alpha1_DNSNameResolverList(ref common.Refere SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -47030,7 +47945,7 @@ func schema_openshift_api_network_v1alpha1_DNSNameResolverList(ref common.Refere }, }, Dependencies: []string{ - "github.com/openshift/api/network/v1alpha1.DNSNameResolver", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/network/v1alpha1.DNSNameResolver", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -47060,7 +47975,7 @@ func schema_openshift_api_network_v1alpha1_DNSNameResolverResolvedAddress(ref co "lastLookupTime": { SchemaProps: spec.SchemaProps{ Description: "lastLookupTime is the timestamp when the last DNS lookup was completed successfully. The validity of the IP address expires after lastLookupTime + ttlSeconds. The value of this field will be updated to the current time on a successful DNS lookup. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, }, @@ -47068,7 +47983,7 @@ func schema_openshift_api_network_v1alpha1_DNSNameResolverResolvedAddress(ref co }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -47095,7 +48010,7 @@ func schema_openshift_api_network_v1alpha1_DNSNameResolverResolvedName(ref commo Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -47143,7 +48058,7 @@ func schema_openshift_api_network_v1alpha1_DNSNameResolverResolvedName(ref commo }, }, Dependencies: []string{ - "github.com/openshift/api/network/v1alpha1.DNSNameResolverResolvedAddress", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + "github.com/openshift/api/network/v1alpha1.DNSNameResolverResolvedAddress", metav1.Condition{}.OpenAPIModelName()}, } } @@ -47233,7 +48148,7 @@ func schema_openshift_api_networkoperator_v1_EgressRouter(ref common.ReferenceCa SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -47255,7 +48170,7 @@ func schema_openshift_api_networkoperator_v1_EgressRouter(ref common.ReferenceCa }, }, Dependencies: []string{ - "github.com/openshift/api/networkoperator/v1.EgressRouterSpec", "github.com/openshift/api/networkoperator/v1.EgressRouterStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/networkoperator/v1.EgressRouterSpec", "github.com/openshift/api/networkoperator/v1.EgressRouterStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -47387,7 +48302,7 @@ func schema_openshift_api_oauth_v1_OAuthAccessToken(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "clientName": { @@ -47465,7 +48380,7 @@ func schema_openshift_api_oauth_v1_OAuthAccessToken(ref common.ReferenceCallback }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -47494,7 +48409,7 @@ func schema_openshift_api_oauth_v1_OAuthAccessTokenList(ref common.ReferenceCall SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -47516,7 +48431,7 @@ func schema_openshift_api_oauth_v1_OAuthAccessTokenList(ref common.ReferenceCall }, }, Dependencies: []string{ - "github.com/openshift/api/oauth/v1.OAuthAccessToken", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/oauth/v1.OAuthAccessToken", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -47545,7 +48460,7 @@ func schema_openshift_api_oauth_v1_OAuthAuthorizeToken(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "clientName": { @@ -47623,7 +48538,7 @@ func schema_openshift_api_oauth_v1_OAuthAuthorizeToken(ref common.ReferenceCallb }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -47652,7 +48567,7 @@ func schema_openshift_api_oauth_v1_OAuthAuthorizeTokenList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -47674,7 +48589,7 @@ func schema_openshift_api_oauth_v1_OAuthAuthorizeTokenList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/oauth/v1.OAuthAuthorizeToken", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/oauth/v1.OAuthAuthorizeToken", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -47703,7 +48618,7 @@ func schema_openshift_api_oauth_v1_OAuthClient(ref common.ReferenceCallback) com SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "secret": { @@ -47794,7 +48709,7 @@ func schema_openshift_api_oauth_v1_OAuthClient(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "github.com/openshift/api/oauth/v1.ScopeRestriction", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/oauth/v1.ScopeRestriction", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -47823,7 +48738,7 @@ func schema_openshift_api_oauth_v1_OAuthClientAuthorization(ref common.Reference SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "clientName": { @@ -47866,7 +48781,7 @@ func schema_openshift_api_oauth_v1_OAuthClientAuthorization(ref common.Reference }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -47895,7 +48810,7 @@ func schema_openshift_api_oauth_v1_OAuthClientAuthorizationList(ref common.Refer SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -47917,7 +48832,7 @@ func schema_openshift_api_oauth_v1_OAuthClientAuthorizationList(ref common.Refer }, }, Dependencies: []string{ - "github.com/openshift/api/oauth/v1.OAuthClientAuthorization", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/oauth/v1.OAuthClientAuthorization", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -47946,7 +48861,7 @@ func schema_openshift_api_oauth_v1_OAuthClientList(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -47968,7 +48883,7 @@ func schema_openshift_api_oauth_v1_OAuthClientList(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/oauth/v1.OAuthClient", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/oauth/v1.OAuthClient", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -47997,7 +48912,7 @@ func schema_openshift_api_oauth_v1_OAuthRedirectReference(ref common.ReferenceCa SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "reference": { @@ -48011,7 +48926,7 @@ func schema_openshift_api_oauth_v1_OAuthRedirectReference(ref common.ReferenceCa }, }, Dependencies: []string{ - "github.com/openshift/api/oauth/v1.RedirectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/oauth/v1.RedirectReference", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -48114,7 +49029,7 @@ func schema_openshift_api_oauth_v1_UserOAuthAccessToken(ref common.ReferenceCall SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "clientName": { @@ -48192,7 +49107,7 @@ func schema_openshift_api_oauth_v1_UserOAuthAccessToken(ref common.ReferenceCall }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -48221,7 +49136,7 @@ func schema_openshift_api_oauth_v1_UserOAuthAccessTokenList(ref common.Reference SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -48242,7 +49157,7 @@ func schema_openshift_api_oauth_v1_UserOAuthAccessTokenList(ref common.Reference }, }, Dependencies: []string{ - "github.com/openshift/api/oauth/v1.UserOAuthAccessToken", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/oauth/v1.UserOAuthAccessToken", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -48364,7 +49279,7 @@ func schema_openshift_api_openshiftcontrolplane_v1_BuildDefaultsConfig(ref commo Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.EnvVar"), + Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), }, }, }, @@ -48426,14 +49341,14 @@ func schema_openshift_api_openshiftcontrolplane_v1_BuildDefaultsConfig(ref commo SchemaProps: spec.SchemaProps{ Description: "resources defines resource requirements to execute the build.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), + Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.ImageLabel", "github.com/openshift/api/openshiftcontrolplane/v1.SourceStrategyDefaultsConfig", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.ResourceRequirements"}, + "github.com/openshift/api/build/v1.ImageLabel", "github.com/openshift/api/openshiftcontrolplane/v1.SourceStrategyDefaultsConfig", corev1.EnvVar{}.OpenAPIModelName(), corev1.ResourceRequirements{}.OpenAPIModelName()}, } } @@ -48519,7 +49434,7 @@ func schema_openshift_api_openshiftcontrolplane_v1_BuildOverridesConfig(ref comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.Toleration"), + Ref: ref(corev1.Toleration{}.OpenAPIModelName()), }, }, }, @@ -48529,7 +49444,7 @@ func schema_openshift_api_openshiftcontrolplane_v1_BuildOverridesConfig(ref comm }, }, Dependencies: []string{ - "github.com/openshift/api/build/v1.ImageLabel", "k8s.io/api/core/v1.Toleration"}, + "github.com/openshift/api/build/v1.ImageLabel", corev1.Toleration{}.OpenAPIModelName()}, } } @@ -49402,12 +50317,12 @@ func schema_openshift_api_openshiftcontrolplane_v1_ResourceQuotaControllerConfig }, "syncPeriod": { SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Ref: ref(metav1.Duration{}.OpenAPIModelName()), }, }, "minResyncPeriod": { SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Ref: ref(metav1.Duration{}.OpenAPIModelName()), }, }, }, @@ -49415,7 +50330,7 @@ func schema_openshift_api_openshiftcontrolplane_v1_ResourceQuotaControllerConfig }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, + metav1.Duration{}.OpenAPIModelName()}, } } @@ -49558,7 +50473,7 @@ func schema_openshift_api_operator_v1_AWSCSIDriverConfigSpec(ref common.Referenc Properties: map[string]spec.Schema{ "kmsKeyARN": { SchemaProps: spec.SchemaProps{ - Description: "kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, rather than the default KMS key used by AWS. The value may be either the ARN or Alias ARN of a KMS key.", + Description: "kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, rather than the default KMS key used by AWS. The value may be either the ARN or Alias ARN of a KMS key.\n\nThe ARN must follow the format: arn::kms:::(key|alias)/, where: is the AWS partition (aws, aws-cn, aws-us-gov, aws-iso, aws-iso-b, aws-iso-e, aws-iso-f, or aws-eusc), is the AWS region, is a 12-digit numeric identifier for the AWS account, is the KMS key ID or alias name.", Type: []string{"string"}, Format: "", }, @@ -49587,7 +50502,7 @@ func schema_openshift_api_operator_v1_AWSClassicLoadBalancerParameters(ref commo "connectionIdleTimeout": { SchemaProps: spec.SchemaProps{ Description: "connectionIdleTimeout specifies the maximum time period that a connection may be idle before the load balancer closes the connection. The value must be parseable as a time duration value; see . A nil or zero value means no opinion, in which case a default value is used. The default value for this field is 60s. This default is subject to change.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Ref: ref(metav1.Duration{}.OpenAPIModelName()), }, }, "subnets": { @@ -49600,7 +50515,7 @@ func schema_openshift_api_operator_v1_AWSClassicLoadBalancerParameters(ref commo }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.AWSSubnets", "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, + "github.com/openshift/api/operator/v1.AWSSubnets", metav1.Duration{}.OpenAPIModelName()}, } } @@ -50018,7 +50933,7 @@ func schema_openshift_api_operator_v1_Authentication(ref common.ReferenceCallbac SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -50038,7 +50953,7 @@ func schema_openshift_api_operator_v1_Authentication(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.AuthenticationSpec", "github.com/openshift/api/operator/v1.AuthenticationStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1.AuthenticationSpec", "github.com/openshift/api/operator/v1.AuthenticationStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -50067,7 +50982,7 @@ func schema_openshift_api_operator_v1_AuthenticationList(ref common.ReferenceCal SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -50088,7 +51003,7 @@ func schema_openshift_api_operator_v1_AuthenticationList(ref common.ReferenceCal }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.Authentication", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1.Authentication", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -50123,13 +51038,13 @@ func schema_openshift_api_operator_v1_AuthenticationSpec(ref common.ReferenceCal "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, @@ -50137,7 +51052,7 @@ func schema_openshift_api_operator_v1_AuthenticationSpec(ref common.ReferenceCal }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -50297,6 +51212,35 @@ func schema_openshift_api_operator_v1_AzureDiskEncryptionSet(ref common.Referenc } } +func schema_openshift_api_operator_v1_BGPManagedConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "BGPManagedConfig contains configuration options for BGP when routing is \"Managed\".", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "asNumber": { + SchemaProps: spec.SchemaProps{ + Description: "asNumber is the 2-byte or 4-byte Autonomous System Number (ASN) to be used in the generated FRR configuration. Valid values are 1 to 4294967295. When omitted, this defaults to 64512.", + Default: 64512, + Type: []string{"integer"}, + Format: "int64", + }, + }, + "bgpTopology": { + SchemaProps: spec.SchemaProps{ + Description: "bgpTopology defines the BGP topology to be used. Allowed values are \"FullMesh\". When set to \"FullMesh\", every node peers directly with every other node via BGP. This field is required when BGPManagedConfig is specified.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"bgpTopology"}, + }, + }, + } +} + func schema_openshift_api_operator_v1_BootImageSkewEnforcementConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -50484,7 +51428,7 @@ func schema_openshift_api_operator_v1_CSISnapshotController(ref common.Reference SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -50506,7 +51450,7 @@ func schema_openshift_api_operator_v1_CSISnapshotController(ref common.Reference }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.CSISnapshotControllerSpec", "github.com/openshift/api/operator/v1.CSISnapshotControllerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1.CSISnapshotControllerSpec", "github.com/openshift/api/operator/v1.CSISnapshotControllerStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -50535,7 +51479,7 @@ func schema_openshift_api_operator_v1_CSISnapshotControllerList(ref common.Refer SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -50556,7 +51500,7 @@ func schema_openshift_api_operator_v1_CSISnapshotControllerList(ref common.Refer }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.CSISnapshotController", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1.CSISnapshotController", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -50592,13 +51536,13 @@ func schema_openshift_api_operator_v1_CSISnapshotControllerSpec(ref common.Refer "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, @@ -50606,7 +51550,7 @@ func schema_openshift_api_operator_v1_CSISnapshotControllerSpec(ref common.Refer }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -50840,7 +51784,7 @@ func schema_openshift_api_operator_v1_CloudCredential(ref common.ReferenceCallba SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -50860,7 +51804,7 @@ func schema_openshift_api_operator_v1_CloudCredential(ref common.ReferenceCallba }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.CloudCredentialSpec", "github.com/openshift/api/operator/v1.CloudCredentialStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1.CloudCredentialSpec", "github.com/openshift/api/operator/v1.CloudCredentialStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -50889,7 +51833,7 @@ func schema_openshift_api_operator_v1_CloudCredentialList(ref common.ReferenceCa SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -50910,7 +51854,7 @@ func schema_openshift_api_operator_v1_CloudCredentialList(ref common.ReferenceCa }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.CloudCredential", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1.CloudCredential", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -50946,13 +51890,13 @@ func schema_openshift_api_operator_v1_CloudCredentialSpec(ref common.ReferenceCa "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "credentialsMode": { @@ -50967,7 +51911,7 @@ func schema_openshift_api_operator_v1_CloudCredentialSpec(ref common.ReferenceCa }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -51162,7 +52106,7 @@ func schema_openshift_api_operator_v1_ClusterCSIDriver(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -51184,7 +52128,7 @@ func schema_openshift_api_operator_v1_ClusterCSIDriver(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.ClusterCSIDriverSpec", "github.com/openshift/api/operator/v1.ClusterCSIDriverStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1.ClusterCSIDriverSpec", "github.com/openshift/api/operator/v1.ClusterCSIDriverStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -51213,7 +52157,7 @@ func schema_openshift_api_operator_v1_ClusterCSIDriverList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -51234,7 +52178,7 @@ func schema_openshift_api_operator_v1_ClusterCSIDriverList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.ClusterCSIDriver", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1.ClusterCSIDriver", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -51270,13 +52214,13 @@ func schema_openshift_api_operator_v1_ClusterCSIDriverSpec(ref common.ReferenceC "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "storageClassState": { @@ -51298,7 +52242,7 @@ func schema_openshift_api_operator_v1_ClusterCSIDriverSpec(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.CSIDriverConfigSpec", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + "github.com/openshift/api/operator/v1.CSIDriverConfigSpec", runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -51445,7 +52389,7 @@ func schema_openshift_api_operator_v1_Config(ref common.ReferenceCallback) commo SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -51467,7 +52411,7 @@ func schema_openshift_api_operator_v1_Config(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.ConfigSpec", "github.com/openshift/api/operator/v1.ConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1.ConfigSpec", "github.com/openshift/api/operator/v1.ConfigStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -51496,7 +52440,7 @@ func schema_openshift_api_operator_v1_ConfigList(ref common.ReferenceCallback) c SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -51518,7 +52462,7 @@ func schema_openshift_api_operator_v1_ConfigList(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.Config", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1.Config", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -51583,13 +52527,13 @@ func schema_openshift_api_operator_v1_ConfigSpec(ref common.ReferenceCallback) c "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, @@ -51597,7 +52541,7 @@ func schema_openshift_api_operator_v1_ConfigSpec(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -51716,7 +52660,7 @@ func schema_openshift_api_operator_v1_Console(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -51736,7 +52680,7 @@ func schema_openshift_api_operator_v1_Console(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.ConsoleSpec", "github.com/openshift/api/operator/v1.ConsoleStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1.ConsoleSpec", "github.com/openshift/api/operator/v1.ConsoleStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -51933,7 +52877,7 @@ func schema_openshift_api_operator_v1_ConsoleList(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -51954,7 +52898,7 @@ func schema_openshift_api_operator_v1_ConsoleList(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.Console", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1.Console", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -52011,13 +52955,13 @@ func schema_openshift_api_operator_v1_ConsoleSpec(ref common.ReferenceCallback) "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "customization": { @@ -52068,7 +53012,7 @@ func schema_openshift_api_operator_v1_ConsoleSpec(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.ConsoleConfigRoute", "github.com/openshift/api/operator/v1.ConsoleCustomization", "github.com/openshift/api/operator/v1.ConsoleProviders", "github.com/openshift/api/operator/v1.Ingress", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + "github.com/openshift/api/operator/v1.ConsoleConfigRoute", "github.com/openshift/api/operator/v1.ConsoleCustomization", "github.com/openshift/api/operator/v1.ConsoleProviders", "github.com/openshift/api/operator/v1.Ingress", runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -52208,7 +53152,7 @@ func schema_openshift_api_operator_v1_DNS(ref common.ReferenceCallback) common.O SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -52229,7 +53173,7 @@ func schema_openshift_api_operator_v1_DNS(ref common.ReferenceCallback) common.O }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.DNSSpec", "github.com/openshift/api/operator/v1.DNSStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1.DNSSpec", "github.com/openshift/api/operator/v1.DNSStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -52243,20 +53187,20 @@ func schema_openshift_api_operator_v1_DNSCache(ref common.ReferenceCallback) com "positiveTTL": { SchemaProps: spec.SchemaProps{ Description: "positiveTTL is optional and specifies the amount of time that a positive response should be cached.\n\nIf configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"100s\", \"1m30s\", \"12h30m10s\". Values that are fractions of a second are rounded down to the nearest second. If the configured value is less than 1s, the default value will be used. If not configured, the value will be 0s and OpenShift will use a default value of 900 seconds unless noted otherwise in the respective Corefile for your version of OpenShift. The default value of 900 seconds is subject to change.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Ref: ref(metav1.Duration{}.OpenAPIModelName()), }, }, "negativeTTL": { SchemaProps: spec.SchemaProps{ Description: "negativeTTL is optional and specifies the amount of time that a negative response should be cached.\n\nIf configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"100s\", \"1m30s\", \"12h30m10s\". Values that are fractions of a second are rounded down to the nearest second. If the configured value is less than 1s, the default value will be used. If not configured, the value will be 0s and OpenShift will use a default value of 30 seconds unless noted otherwise in the respective Corefile for your version of OpenShift. The default value of 30 seconds is subject to change.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Ref: ref(metav1.Duration{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, + metav1.Duration{}.OpenAPIModelName()}, } } @@ -52285,7 +53229,7 @@ func schema_openshift_api_operator_v1_DNSList(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -52306,7 +53250,7 @@ func schema_openshift_api_operator_v1_DNSList(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.DNS", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1.DNS", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -52341,7 +53285,7 @@ func schema_openshift_api_operator_v1_DNSNodePlacement(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.Toleration"), + Ref: ref(corev1.Toleration{}.OpenAPIModelName()), }, }, }, @@ -52351,7 +53295,7 @@ func schema_openshift_api_operator_v1_DNSNodePlacement(ref common.ReferenceCallb }, }, Dependencies: []string{ - "k8s.io/api/core/v1.Toleration"}, + corev1.Toleration{}.OpenAPIModelName()}, } } @@ -52910,7 +53854,7 @@ func schema_openshift_api_operator_v1_Etcd(ref common.ReferenceCallback) common. SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -52930,7 +53874,7 @@ func schema_openshift_api_operator_v1_Etcd(ref common.ReferenceCallback) common. }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.EtcdSpec", "github.com/openshift/api/operator/v1.EtcdStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1.EtcdSpec", "github.com/openshift/api/operator/v1.EtcdStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -52959,7 +53903,7 @@ func schema_openshift_api_operator_v1_EtcdList(ref common.ReferenceCallback) com SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -52981,7 +53925,7 @@ func schema_openshift_api_operator_v1_EtcdList(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.Etcd", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1.Etcd", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -53016,13 +53960,13 @@ func schema_openshift_api_operator_v1_EtcdSpec(ref common.ReferenceCallback) com "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "forceRedeploymentReason": { @@ -53069,7 +54013,7 @@ func schema_openshift_api_operator_v1_EtcdSpec(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -53489,13 +54433,13 @@ func schema_openshift_api_operator_v1_GatherStatus(ref common.ReferenceCallback) "lastGatherTime": { SchemaProps: spec.SchemaProps{ Description: "lastGatherTime is the last time when Insights data gathering finished. An empty value means that no data has been gathered yet.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "lastGatherDuration": { SchemaProps: spec.SchemaProps{ Description: "lastGatherDuration is the total time taken to process all gatherers during the last gather event.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Ref: ref(metav1.Duration{}.OpenAPIModelName()), }, }, "gatherers": { @@ -53521,7 +54465,7 @@ func schema_openshift_api_operator_v1_GatherStatus(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.GathererStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.Duration", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + "github.com/openshift/api/operator/v1.GathererStatus", metav1.Duration{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, } } @@ -53545,7 +54489,7 @@ func schema_openshift_api_operator_v1_GathererStatus(ref common.ReferenceCallbac Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -53562,7 +54506,7 @@ func schema_openshift_api_operator_v1_GathererStatus(ref common.ReferenceCallbac "lastGatherDuration": { SchemaProps: spec.SchemaProps{ Description: "lastGatherDuration represents the time spent gathering.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Ref: ref(metav1.Duration{}.OpenAPIModelName()), }, }, }, @@ -53570,7 +54514,7 @@ func schema_openshift_api_operator_v1_GathererStatus(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition", "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, + metav1.Condition{}.OpenAPIModelName(), metav1.Duration{}.OpenAPIModelName()}, } } @@ -54106,7 +55050,7 @@ func schema_openshift_api_operator_v1_IngressController(ref common.ReferenceCall SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -54127,7 +55071,7 @@ func schema_openshift_api_operator_v1_IngressController(ref common.ReferenceCall }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.IngressControllerSpec", "github.com/openshift/api/operator/v1.IngressControllerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1.IngressControllerSpec", "github.com/openshift/api/operator/v1.IngressControllerStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -54564,7 +55508,7 @@ func schema_openshift_api_operator_v1_IngressControllerList(ref common.Reference SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -54585,7 +55529,7 @@ func schema_openshift_api_operator_v1_IngressControllerList(ref common.Reference }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.IngressController", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1.IngressController", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -54669,19 +55613,19 @@ func schema_openshift_api_operator_v1_IngressControllerSpec(ref common.Reference "defaultCertificate": { SchemaProps: spec.SchemaProps{ Description: "defaultCertificate is a reference to a secret containing the default certificate served by the ingress controller. When Routes don't specify their own certificate, defaultCertificate is used.\n\nThe secret must contain the following keys and data:\n\n tls.crt: certificate file contents\n tls.key: key file contents\n\nIf unset, a wildcard certificate is automatically generated and used. The certificate is valid for the ingress controller domain (and subdomains) and the generated certificate's CA will be automatically integrated with the cluster's trust store.\n\nIf a wildcard certificate is used and shared by multiple HTTP/2 enabled routes (which implies ALPN) then clients (i.e., notably browsers) are at liberty to reuse open connections. This means a client can reuse a connection to another route and that is likely to fail. This behaviour is generally known as connection coalescing.\n\nThe in-use certificate (whether generated or user-specified) will be automatically integrated with OpenShift's built-in OAuth server.", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, "namespaceSelector": { SchemaProps: spec.SchemaProps{ Description: "namespaceSelector is used to filter the set of namespaces serviced by the ingress controller. This is useful for implementing shards.\n\nIf unset, the default is no filtering.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, "routeSelector": { SchemaProps: spec.SchemaProps{ Description: "routeSelector is used to filter the set of Routes serviced by the ingress controller. This is useful for implementing shards.\n\nIf unset, the default is no filtering.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, "nodePlacement": { @@ -54738,7 +55682,7 @@ func schema_openshift_api_operator_v1_IngressControllerSpec(ref common.Reference "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides allows specifying unsupported configuration options. Its use is unsupported.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "httpCompression": { @@ -54768,7 +55712,7 @@ func schema_openshift_api_operator_v1_IngressControllerSpec(ref common.Reference }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.ConfigMapNameReference", "github.com/openshift/api/config/v1.TLSSecurityProfile", "github.com/openshift/api/operator/v1.ClientTLS", "github.com/openshift/api/operator/v1.EndpointPublishingStrategy", "github.com/openshift/api/operator/v1.HTTPCompressionPolicy", "github.com/openshift/api/operator/v1.IngressControllerHTTPHeaders", "github.com/openshift/api/operator/v1.IngressControllerLogging", "github.com/openshift/api/operator/v1.IngressControllerTuningOptions", "github.com/openshift/api/operator/v1.NodePlacement", "github.com/openshift/api/operator/v1.RouteAdmissionPolicy", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + "github.com/openshift/api/config/v1.ConfigMapNameReference", "github.com/openshift/api/config/v1.TLSSecurityProfile", "github.com/openshift/api/operator/v1.ClientTLS", "github.com/openshift/api/operator/v1.EndpointPublishingStrategy", "github.com/openshift/api/operator/v1.HTTPCompressionPolicy", "github.com/openshift/api/operator/v1.IngressControllerHTTPHeaders", "github.com/openshift/api/operator/v1.IngressControllerLogging", "github.com/openshift/api/operator/v1.IngressControllerTuningOptions", "github.com/openshift/api/operator/v1.NodePlacement", "github.com/openshift/api/operator/v1.RouteAdmissionPolicy", corev1.LocalObjectReference{}.OpenAPIModelName(), metav1.LabelSelector{}.OpenAPIModelName(), runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -54847,20 +55791,20 @@ func schema_openshift_api_operator_v1_IngressControllerStatus(ref common.Referen "namespaceSelector": { SchemaProps: spec.SchemaProps{ Description: "namespaceSelector is the actual namespaceSelector in use.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, "routeSelector": { SchemaProps: spec.SchemaProps{ Description: "routeSelector is the actual routeSelector in use.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/config/v1.TLSProfileSpec", "github.com/openshift/api/operator/v1.EndpointPublishingStrategy", "github.com/openshift/api/operator/v1.OperatorCondition", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + "github.com/openshift/api/config/v1.TLSProfileSpec", "github.com/openshift/api/operator/v1.EndpointPublishingStrategy", "github.com/openshift/api/operator/v1.OperatorCondition", metav1.LabelSelector{}.OpenAPIModelName()}, } } @@ -54895,55 +55839,55 @@ func schema_openshift_api_operator_v1_IngressControllerTuningOptions(ref common. "clientTimeout": { SchemaProps: spec.SchemaProps{ Description: "clientTimeout defines how long a connection will be held open while waiting for a client response.\n\nIf unset, the default timeout is 30s", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Ref: ref(metav1.Duration{}.OpenAPIModelName()), }, }, "clientFinTimeout": { SchemaProps: spec.SchemaProps{ Description: "clientFinTimeout defines how long a connection will be held open while waiting for the client response to the server/backend closing the connection.\n\nIf unset, the default timeout is 1s", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Ref: ref(metav1.Duration{}.OpenAPIModelName()), }, }, "serverTimeout": { SchemaProps: spec.SchemaProps{ Description: "serverTimeout defines how long a connection will be held open while waiting for a server/backend response.\n\nIf unset, the default timeout is 30s", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Ref: ref(metav1.Duration{}.OpenAPIModelName()), }, }, "serverFinTimeout": { SchemaProps: spec.SchemaProps{ Description: "serverFinTimeout defines how long a connection will be held open while waiting for the server/backend response to the client closing the connection.\n\nIf unset, the default timeout is 1s", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Ref: ref(metav1.Duration{}.OpenAPIModelName()), }, }, "tunnelTimeout": { SchemaProps: spec.SchemaProps{ Description: "tunnelTimeout defines how long a tunnel connection (including websockets) will be held open while the tunnel is idle.\n\nIf unset, the default timeout is 1h", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Ref: ref(metav1.Duration{}.OpenAPIModelName()), }, }, "connectTimeout": { SchemaProps: spec.SchemaProps{ Description: "connectTimeout defines the maximum time to wait for a connection attempt to a server/backend to succeed.\n\nThis field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a reasonable default. This default is subject to change over time. The current default is 5s.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Ref: ref(metav1.Duration{}.OpenAPIModelName()), }, }, "httpKeepAliveTimeout": { SchemaProps: spec.SchemaProps{ Description: "httpKeepAliveTimeout defines the maximum allowed time to wait for a new HTTP request to appear on a connection from the client to the router.\n\nThis field expects an unsigned duration string of a decimal number, with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5s\" or \"2m45s\". Valid time units are \"ms\", \"s\", \"m\". The allowed range is from 1 millisecond to 15 minutes.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a reasonable default. This default is subject to change over time. The current default is 300s.\n\nLow values (tens of milliseconds or less) can cause clients to close and reopen connections for each request, leading to reduced connection sharing. For HTTP/2, special care should be taken with low values. A few seconds is a reasonable starting point to avoid holding idle connections open while still allowing subsequent requests to reuse the connection.\n\nHigh values (minutes or more) favor connection reuse but may cause idle connections to linger longer.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Ref: ref(metav1.Duration{}.OpenAPIModelName()), }, }, "tlsInspectDelay": { SchemaProps: spec.SchemaProps{ Description: "tlsInspectDelay defines how long the router can hold data to find a matching route.\n\nSetting this too short can cause the router to fall back to the default certificate for edge-terminated or reencrypt routes even when a better matching certificate could be used.\n\nIf unset, the default inspect delay is 5s", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Ref: ref(metav1.Duration{}.OpenAPIModelName()), }, }, "healthCheckInterval": { SchemaProps: spec.SchemaProps{ Description: "healthCheckInterval defines how long the router waits between two consecutive health checks on its configured backends. This value is applied globally as a default for all routes, but may be overridden per-route by the route annotation \"router.openshift.io/haproxy.health.check.interval\".\n\nExpects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nSetting this to less than 5s can cause excess traffic due to too frequent TCP health checks and accompanying SYN packet storms. Alternatively, setting this too high can result in increased latency, due to backend servers that are no longer available, but haven't yet been detected as such.\n\nAn empty or zero healthCheckInterval means no opinion and IngressController chooses a default, which is subject to change over time. Currently the default healthCheckInterval value is 5s.\n\nCurrently the minimum allowed value is 1s and the maximum allowed value is 2147483647ms (24.85 days). Both are subject to change over time.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Ref: ref(metav1.Duration{}.OpenAPIModelName()), }, }, "maxConnections": { @@ -54956,14 +55900,22 @@ func schema_openshift_api_operator_v1_IngressControllerTuningOptions(ref common. "reloadInterval": { SchemaProps: spec.SchemaProps{ Description: "reloadInterval defines the minimum interval at which the router is allowed to reload to accept new changes. Increasing this value can prevent the accumulation of HAProxy processes, depending on the scenario. Increasing this interval can also lessen load imbalance on a backend's servers when using the roundrobin balancing algorithm. Alternatively, decreasing this value may decrease latency since updates to HAProxy's configuration can take effect more quickly.\n\nThe value must be a time duration value; see . Currently, the minimum value allowed is 1s, and the maximum allowed value is 120s. Minimum and maximum allowed values may change in future versions of OpenShift. Note that if a duration outside of these bounds is provided, the value of reloadInterval will be capped/floored and not rejected (e.g. a duration of over 120s will be capped to 120s; the IngressController will not reject and replace this disallowed value with the default).\n\nA zero value for reloadInterval tells the IngressController to choose the default, which is currently 5s and subject to change without notice.\n\nThis field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nNote: Setting a value significantly larger than the default of 5s can cause latency in observing updates to routes and their endpoints. HAProxy's configuration will be reloaded less frequently, and newly created routes will not be served until the subsequent reload.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Ref: ref(metav1.Duration{}.OpenAPIModelName()), + }, + }, + "configurationManagement": { + SchemaProps: spec.SchemaProps{ + Description: "configurationManagement specifies how OpenShift router should update the HAProxy configuration. The following values are valid for this field:\n\n* \"ForkAndReload\". * \"Dynamic\".\n\nOmitting this field means that the user has no opinion and the platform may choose a reasonable default. This default is subject to change over time. The current default is \"ForkAndReload\".\n\n\"ForkAndReload\" means that OpenShift router should rewrite the HAProxy configuration file and instruct HAProxy to fork and reload. This is OpenShift router's traditional approach.\n\n\"Dynamic\" means that OpenShift router may use HAProxy's control socket for some configuration updates and fall back to fork and reload for other configuration updates. This is a newer approach, which may be less mature than ForkAndReload. This setting can improve load-balancing fairness and metrics accuracy and reduce CPU and memory usage if HAProxy has frequent configuration updates for route and endpoints updates.\n\nNote: The \"Dynamic\" option is currently experimental and should not be enabled on production clusters.\n\n\nPossible enum values:\n - `\"Dynamic\"`\n - `\"ForkAndReload\"`", + Type: []string{"string"}, + Format: "", + Enum: []interface{}{"Dynamic", "ForkAndReload"}, }, }, }, }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, + metav1.Duration{}.OpenAPIModelName()}, } } @@ -54992,7 +55944,7 @@ func schema_openshift_api_operator_v1_InsightsOperator(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -55014,7 +55966,7 @@ func schema_openshift_api_operator_v1_InsightsOperator(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.InsightsOperatorSpec", "github.com/openshift/api/operator/v1.InsightsOperatorStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1.InsightsOperatorSpec", "github.com/openshift/api/operator/v1.InsightsOperatorStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -55043,7 +55995,7 @@ func schema_openshift_api_operator_v1_InsightsOperatorList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -55064,7 +56016,7 @@ func schema_openshift_api_operator_v1_InsightsOperatorList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.InsightsOperator", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1.InsightsOperator", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -55099,13 +56051,13 @@ func schema_openshift_api_operator_v1_InsightsOperatorSpec(ref common.ReferenceC "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, @@ -55113,7 +56065,7 @@ func schema_openshift_api_operator_v1_InsightsOperatorSpec(ref common.ReferenceC }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -55231,7 +56183,7 @@ func schema_openshift_api_operator_v1_InsightsReport(ref common.ReferenceCallbac "downloadedAt": { SchemaProps: spec.SchemaProps{ Description: "downloadedAt is the time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled).", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "healthChecks": { @@ -55257,7 +56209,7 @@ func schema_openshift_api_operator_v1_InsightsReport(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.HealthCheck", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + "github.com/openshift/api/operator/v1.HealthCheck", metav1.Time{}.OpenAPIModelName()}, } } @@ -55319,7 +56271,7 @@ func schema_openshift_api_operator_v1_KubeAPIServer(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -55341,7 +56293,7 @@ func schema_openshift_api_operator_v1_KubeAPIServer(ref common.ReferenceCallback }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.KubeAPIServerSpec", "github.com/openshift/api/operator/v1.KubeAPIServerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1.KubeAPIServerSpec", "github.com/openshift/api/operator/v1.KubeAPIServerStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -55370,7 +56322,7 @@ func schema_openshift_api_operator_v1_KubeAPIServerList(ref common.ReferenceCall SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -55392,7 +56344,7 @@ func schema_openshift_api_operator_v1_KubeAPIServerList(ref common.ReferenceCall }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.KubeAPIServer", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1.KubeAPIServer", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -55427,13 +56379,13 @@ func schema_openshift_api_operator_v1_KubeAPIServerSpec(ref common.ReferenceCall "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "forceRedeploymentReason": { @@ -55470,7 +56422,7 @@ func schema_openshift_api_operator_v1_KubeAPIServerSpec(ref common.ReferenceCall }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -55637,7 +56589,7 @@ func schema_openshift_api_operator_v1_KubeControllerManager(ref common.Reference SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -55659,7 +56611,7 @@ func schema_openshift_api_operator_v1_KubeControllerManager(ref common.Reference }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.KubeControllerManagerSpec", "github.com/openshift/api/operator/v1.KubeControllerManagerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1.KubeControllerManagerSpec", "github.com/openshift/api/operator/v1.KubeControllerManagerStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -55688,7 +56640,7 @@ func schema_openshift_api_operator_v1_KubeControllerManagerList(ref common.Refer SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -55710,7 +56662,7 @@ func schema_openshift_api_operator_v1_KubeControllerManagerList(ref common.Refer }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.KubeControllerManager", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1.KubeControllerManager", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -55745,13 +56697,13 @@ func schema_openshift_api_operator_v1_KubeControllerManagerSpec(ref common.Refer "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "forceRedeploymentReason": { @@ -55789,7 +56741,7 @@ func schema_openshift_api_operator_v1_KubeControllerManagerSpec(ref common.Refer }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -55937,7 +56889,7 @@ func schema_openshift_api_operator_v1_KubeScheduler(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -55959,7 +56911,7 @@ func schema_openshift_api_operator_v1_KubeScheduler(ref common.ReferenceCallback }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.KubeSchedulerSpec", "github.com/openshift/api/operator/v1.KubeSchedulerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1.KubeSchedulerSpec", "github.com/openshift/api/operator/v1.KubeSchedulerStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -55988,7 +56940,7 @@ func schema_openshift_api_operator_v1_KubeSchedulerList(ref common.ReferenceCall SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -56010,7 +56962,7 @@ func schema_openshift_api_operator_v1_KubeSchedulerList(ref common.ReferenceCall }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.KubeScheduler", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1.KubeScheduler", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -56045,13 +56997,13 @@ func schema_openshift_api_operator_v1_KubeSchedulerSpec(ref common.ReferenceCall "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "forceRedeploymentReason": { @@ -56081,7 +57033,7 @@ func schema_openshift_api_operator_v1_KubeSchedulerSpec(ref common.ReferenceCall }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -56229,7 +57181,7 @@ func schema_openshift_api_operator_v1_KubeStorageVersionMigrator(ref common.Refe SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -56249,7 +57201,7 @@ func schema_openshift_api_operator_v1_KubeStorageVersionMigrator(ref common.Refe }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.KubeStorageVersionMigratorSpec", "github.com/openshift/api/operator/v1.KubeStorageVersionMigratorStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1.KubeStorageVersionMigratorSpec", "github.com/openshift/api/operator/v1.KubeStorageVersionMigratorStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -56278,7 +57230,7 @@ func schema_openshift_api_operator_v1_KubeStorageVersionMigratorList(ref common. SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -56300,7 +57252,7 @@ func schema_openshift_api_operator_v1_KubeStorageVersionMigratorList(ref common. }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.KubeStorageVersionMigrator", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1.KubeStorageVersionMigrator", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -56335,13 +57287,13 @@ func schema_openshift_api_operator_v1_KubeStorageVersionMigratorSpec(ref common. "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, @@ -56349,7 +57301,7 @@ func schema_openshift_api_operator_v1_KubeStorageVersionMigratorSpec(ref common. }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -56677,7 +57629,7 @@ func schema_openshift_api_operator_v1_MachineConfiguration(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -56699,7 +57651,7 @@ func schema_openshift_api_operator_v1_MachineConfiguration(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.MachineConfigurationSpec", "github.com/openshift/api/operator/v1.MachineConfigurationStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1.MachineConfigurationSpec", "github.com/openshift/api/operator/v1.MachineConfigurationStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -56728,7 +57680,7 @@ func schema_openshift_api_operator_v1_MachineConfigurationList(ref common.Refere SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -56750,7 +57702,7 @@ func schema_openshift_api_operator_v1_MachineConfigurationList(ref common.Refere }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.MachineConfiguration", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1.MachineConfiguration", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -56785,13 +57737,13 @@ func schema_openshift_api_operator_v1_MachineConfigurationSpec(ref common.Refere "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "forceRedeploymentReason": { @@ -56849,7 +57801,7 @@ func schema_openshift_api_operator_v1_MachineConfigurationSpec(ref common.Refere }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.BootImageSkewEnforcementConfig", "github.com/openshift/api/operator/v1.IrreconcilableValidationOverrides", "github.com/openshift/api/operator/v1.ManagedBootImages", "github.com/openshift/api/operator/v1.NodeDisruptionPolicyConfig", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + "github.com/openshift/api/operator/v1.BootImageSkewEnforcementConfig", "github.com/openshift/api/operator/v1.IrreconcilableValidationOverrides", "github.com/openshift/api/operator/v1.ManagedBootImages", "github.com/openshift/api/operator/v1.NodeDisruptionPolicyConfig", runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -56882,7 +57834,7 @@ func schema_openshift_api_operator_v1_MachineConfigurationStatus(ref common.Refe Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -56913,7 +57865,7 @@ func schema_openshift_api_operator_v1_MachineConfigurationStatus(ref common.Refe }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.BootImageSkewEnforcementStatus", "github.com/openshift/api/operator/v1.ManagedBootImages", "github.com/openshift/api/operator/v1.NodeDisruptionPolicyStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + "github.com/openshift/api/operator/v1.BootImageSkewEnforcementStatus", "github.com/openshift/api/operator/v1.ManagedBootImages", "github.com/openshift/api/operator/v1.NodeDisruptionPolicyStatus", metav1.Condition{}.OpenAPIModelName()}, } } @@ -57059,7 +58011,7 @@ func schema_openshift_api_operator_v1_MyOperatorResource(ref common.ReferenceCal SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -57079,7 +58031,7 @@ func schema_openshift_api_operator_v1_MyOperatorResource(ref common.ReferenceCal }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.MyOperatorResourceSpec", "github.com/openshift/api/operator/v1.MyOperatorResourceStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1.MyOperatorResourceSpec", "github.com/openshift/api/operator/v1.MyOperatorResourceStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -57114,13 +58066,13 @@ func schema_openshift_api_operator_v1_MyOperatorResourceSpec(ref common.Referenc "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, @@ -57128,7 +58080,7 @@ func schema_openshift_api_operator_v1_MyOperatorResourceSpec(ref common.Referenc }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -57279,7 +58231,7 @@ func schema_openshift_api_operator_v1_Network(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -57298,7 +58250,7 @@ func schema_openshift_api_operator_v1_Network(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.NetworkSpec", "github.com/openshift/api/operator/v1.NetworkStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1.NetworkSpec", "github.com/openshift/api/operator/v1.NetworkStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -57327,7 +58279,7 @@ func schema_openshift_api_operator_v1_NetworkList(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -57348,7 +58300,7 @@ func schema_openshift_api_operator_v1_NetworkList(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.Network", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1.Network", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -57425,13 +58377,13 @@ func schema_openshift_api_operator_v1_NetworkSpec(ref common.ReferenceCallback) "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "clusterNetwork": { @@ -57560,7 +58512,7 @@ func schema_openshift_api_operator_v1_NetworkSpec(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.AdditionalNetworkDefinition", "github.com/openshift/api/operator/v1.AdditionalRoutingCapabilities", "github.com/openshift/api/operator/v1.ClusterNetworkEntry", "github.com/openshift/api/operator/v1.DefaultNetworkDefinition", "github.com/openshift/api/operator/v1.ExportNetworkFlows", "github.com/openshift/api/operator/v1.NetworkMigration", "github.com/openshift/api/operator/v1.ProxyConfig", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + "github.com/openshift/api/operator/v1.AdditionalNetworkDefinition", "github.com/openshift/api/operator/v1.AdditionalRoutingCapabilities", "github.com/openshift/api/operator/v1.ClusterNetworkEntry", "github.com/openshift/api/operator/v1.DefaultNetworkDefinition", "github.com/openshift/api/operator/v1.ExportNetworkFlows", "github.com/openshift/api/operator/v1.NetworkMigration", "github.com/openshift/api/operator/v1.ProxyConfig", runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -57655,6 +58607,34 @@ func schema_openshift_api_operator_v1_NetworkStatus(ref common.ReferenceCallback } } +func schema_openshift_api_operator_v1_NoOverlayConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "NoOverlayConfig contains configuration options for networks operating in no-overlay mode.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "outboundSNAT": { + SchemaProps: spec.SchemaProps{ + Description: "outboundSNAT defines the SNAT behavior for outbound traffic from pods. Allowed values are \"Enabled\" and \"Disabled\". When set to \"Enabled\", SNAT is performed on outbound traffic from pods. When set to \"Disabled\", SNAT is not performed and pod IPs are preserved in outbound traffic. This field is required when the network operates in no-overlay mode. This field can be set to any value at installation time and can be changed afterwards.", + Type: []string{"string"}, + Format: "", + }, + }, + "routing": { + SchemaProps: spec.SchemaProps{ + Description: "routing specifies whether the pod network routing is managed by OVN-Kubernetes or users. Allowed values are \"Managed\" and \"Unmanaged\". When set to \"Managed\", OVN-Kubernetes manages the pod network routing configuration through BGP. When set to \"Unmanaged\", users are responsible for configuring the pod network routing. This field is required when the network operates in no-overlay mode. This field is immutable once set.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"outboundSNAT", "routing"}, + }, + }, + } +} + func schema_openshift_api_operator_v1_NodeDisruptionPolicyClusterStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -58156,7 +59136,7 @@ func schema_openshift_api_operator_v1_NodePlacement(ref common.ReferenceCallback "nodeSelector": { SchemaProps: spec.SchemaProps{ Description: "nodeSelector is the node selector applied to ingress controller deployments.\n\nIf set, the specified selector is used and replaces the default.\n\nIf unset, the default depends on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses status.\n\nWhen defaultPlacement is Workers, the default is:\n\n kubernetes.io/os: linux\n node-role.kubernetes.io/worker: ''\n\nWhen defaultPlacement is ControlPlane, the default is:\n\n kubernetes.io/os: linux\n node-role.kubernetes.io/master: ''\n\nThese defaults are subject to change.\n\nNote that using nodeSelector.matchExpressions is not supported. Only nodeSelector.matchLabels may be used. This is a limitation of the Kubernetes API: the pod spec does not allow complex expressions for node selectors.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, "tolerations": { @@ -58172,7 +59152,7 @@ func schema_openshift_api_operator_v1_NodePlacement(ref common.ReferenceCallback Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.Toleration"), + Ref: ref(corev1.Toleration{}.OpenAPIModelName()), }, }, }, @@ -58182,7 +59162,7 @@ func schema_openshift_api_operator_v1_NodePlacement(ref common.ReferenceCallback }, }, Dependencies: []string{ - "k8s.io/api/core/v1.Toleration", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + corev1.Toleration{}.OpenAPIModelName(), metav1.LabelSelector{}.OpenAPIModelName()}, } } @@ -58245,7 +59225,7 @@ func schema_openshift_api_operator_v1_NodeStatus(ref common.ReferenceCallback) c "lastFailedTime": { SchemaProps: spec.SchemaProps{ Description: "lastFailedTime is the time the last failed revision failed the last time.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "lastFailedReason": { @@ -58294,7 +59274,7 @@ func schema_openshift_api_operator_v1_NodeStatus(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -58342,7 +59322,7 @@ func schema_openshift_api_operator_v1_OLM(ref common.ReferenceCallback) common.O SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -58364,7 +59344,7 @@ func schema_openshift_api_operator_v1_OLM(ref common.ReferenceCallback) common.O }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.OLMSpec", "github.com/openshift/api/operator/v1.OLMStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1.OLMSpec", "github.com/openshift/api/operator/v1.OLMStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -58393,7 +59373,7 @@ func schema_openshift_api_operator_v1_OLMList(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -58415,7 +59395,7 @@ func schema_openshift_api_operator_v1_OLMList(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.OLM", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1.OLM", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -58450,13 +59430,13 @@ func schema_openshift_api_operator_v1_OLMSpec(ref common.ReferenceCallback) comm "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, @@ -58464,7 +59444,7 @@ func schema_openshift_api_operator_v1_OLMSpec(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -58644,11 +59624,32 @@ func schema_openshift_api_operator_v1_OVNKubernetesConfig(ref common.ReferenceCa Format: "", }, }, + "transport": { + SchemaProps: spec.SchemaProps{ + Description: "transport sets the transport mode for pods on the default network. Allowed values are \"NoOverlay\" and \"Geneve\". \"NoOverlay\" avoids tunnel encapsulation, routing pod traffic directly between nodes. \"Geneve\" encapsulates pod traffic using Geneve tunnels between nodes. When omitted, this means the user has no opinion and the platform chooses a reasonable default which is subject to change over time. The current default is \"Geneve\". \"NoOverlay\" can only be set at installation time and cannot be changed afterwards. \"Geneve\" may be set explicitly at any time to lock in the current default.", + Type: []string{"string"}, + Format: "", + }, + }, + "noOverlayConfig": { + SchemaProps: spec.SchemaProps{ + Description: "noOverlayConfig contains configuration for no-overlay mode. This configuration applies to the default network only. It is required when transport is \"NoOverlay\". When omitted, this means the user does not configure no-overlay mode options.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/operator/v1.NoOverlayConfig"), + }, + }, + "bgpManagedConfig": { + SchemaProps: spec.SchemaProps{ + Description: "bgpManagedConfig configures the BGP properties for networks (default network or CUDNs) in no-overlay mode that specify routing=\"Managed\" in their noOverlayConfig. It is required when noOverlayConfig.routing is set to \"Managed\". When omitted, this means the user does not configure BGP for managed routing. This field can be set at installation time or on day 2, and can be modified at any time.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/operator/v1.BGPManagedConfig"), + }, + }, }, }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.EgressIPConfig", "github.com/openshift/api/operator/v1.GatewayConfig", "github.com/openshift/api/operator/v1.HybridOverlayConfig", "github.com/openshift/api/operator/v1.IPsecConfig", "github.com/openshift/api/operator/v1.IPv4OVNKubernetesConfig", "github.com/openshift/api/operator/v1.IPv6OVNKubernetesConfig", "github.com/openshift/api/operator/v1.PolicyAuditConfig"}, + "github.com/openshift/api/operator/v1.BGPManagedConfig", "github.com/openshift/api/operator/v1.EgressIPConfig", "github.com/openshift/api/operator/v1.GatewayConfig", "github.com/openshift/api/operator/v1.HybridOverlayConfig", "github.com/openshift/api/operator/v1.IPsecConfig", "github.com/openshift/api/operator/v1.IPv4OVNKubernetesConfig", "github.com/openshift/api/operator/v1.IPv6OVNKubernetesConfig", "github.com/openshift/api/operator/v1.NoOverlayConfig", "github.com/openshift/api/operator/v1.PolicyAuditConfig"}, } } @@ -58677,7 +59678,7 @@ func schema_openshift_api_operator_v1_OpenShiftAPIServer(ref common.ReferenceCal SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -58699,7 +59700,7 @@ func schema_openshift_api_operator_v1_OpenShiftAPIServer(ref common.ReferenceCal }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.OpenShiftAPIServerSpec", "github.com/openshift/api/operator/v1.OpenShiftAPIServerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1.OpenShiftAPIServerSpec", "github.com/openshift/api/operator/v1.OpenShiftAPIServerStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -58728,7 +59729,7 @@ func schema_openshift_api_operator_v1_OpenShiftAPIServerList(ref common.Referenc SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -58750,7 +59751,7 @@ func schema_openshift_api_operator_v1_OpenShiftAPIServerList(ref common.Referenc }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.OpenShiftAPIServer", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1.OpenShiftAPIServer", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -58785,13 +59786,13 @@ func schema_openshift_api_operator_v1_OpenShiftAPIServerSpec(ref common.Referenc "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, @@ -58799,7 +59800,7 @@ func schema_openshift_api_operator_v1_OpenShiftAPIServerSpec(ref common.Referenc }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -58918,7 +59919,7 @@ func schema_openshift_api_operator_v1_OpenShiftControllerManager(ref common.Refe SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -58938,7 +59939,7 @@ func schema_openshift_api_operator_v1_OpenShiftControllerManager(ref common.Refe }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.OpenShiftControllerManagerSpec", "github.com/openshift/api/operator/v1.OpenShiftControllerManagerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1.OpenShiftControllerManagerSpec", "github.com/openshift/api/operator/v1.OpenShiftControllerManagerStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -58967,7 +59968,7 @@ func schema_openshift_api_operator_v1_OpenShiftControllerManagerList(ref common. SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -58989,7 +59990,7 @@ func schema_openshift_api_operator_v1_OpenShiftControllerManagerList(ref common. }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.OpenShiftControllerManager", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1.OpenShiftControllerManager", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -59024,13 +60025,13 @@ func schema_openshift_api_operator_v1_OpenShiftControllerManagerSpec(ref common. "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, @@ -59038,7 +60039,7 @@ func schema_openshift_api_operator_v1_OpenShiftControllerManagerSpec(ref common. }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -59228,7 +60229,7 @@ func schema_openshift_api_operator_v1_OperatorCondition(ref common.ReferenceCall "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "reason": { @@ -59248,7 +60249,7 @@ func schema_openshift_api_operator_v1_OperatorCondition(ref common.ReferenceCall }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -59284,13 +60285,13 @@ func schema_openshift_api_operator_v1_OperatorSpec(ref common.ReferenceCallback) "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, @@ -59298,7 +60299,7 @@ func schema_openshift_api_operator_v1_OperatorSpec(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -59402,7 +60403,7 @@ func schema_openshift_api_operator_v1_PartialSelector(ref common.ReferenceCallba "machineResourceSelector": { SchemaProps: spec.SchemaProps{ Description: "machineResourceSelector is a label selector that can be used to select machine resources like MachineSets.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, }, @@ -59410,7 +60411,7 @@ func schema_openshift_api_operator_v1_PartialSelector(ref common.ReferenceCallba }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + metav1.LabelSelector{}.OpenAPIModelName()}, } } @@ -59812,7 +60813,7 @@ func schema_openshift_api_operator_v1_ResourceAttributesAccessReview(ref common. Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/authorization/v1.ResourceAttributes"), + Ref: ref(authorizationv1.ResourceAttributes{}.OpenAPIModelName()), }, }, }, @@ -59826,7 +60827,7 @@ func schema_openshift_api_operator_v1_ResourceAttributesAccessReview(ref common. Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/authorization/v1.ResourceAttributes"), + Ref: ref(authorizationv1.ResourceAttributes{}.OpenAPIModelName()), }, }, }, @@ -59836,7 +60837,7 @@ func schema_openshift_api_operator_v1_ResourceAttributesAccessReview(ref common. }, }, Dependencies: []string{ - "k8s.io/api/authorization/v1.ResourceAttributes"}, + authorizationv1.ResourceAttributes{}.OpenAPIModelName()}, } } @@ -59984,7 +60985,7 @@ func schema_openshift_api_operator_v1_ServiceAccountIssuerStatus(ref common.Refe "expirationTime": { SchemaProps: spec.SchemaProps{ Description: "expirationTime is the time after which this service account issuer will be pruned and removed from the trusted list of service account issuers.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, }, @@ -59992,7 +60993,7 @@ func schema_openshift_api_operator_v1_ServiceAccountIssuerStatus(ref common.Refe }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -60021,7 +61022,7 @@ func schema_openshift_api_operator_v1_ServiceCA(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -60043,7 +61044,7 @@ func schema_openshift_api_operator_v1_ServiceCA(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.ServiceCASpec", "github.com/openshift/api/operator/v1.ServiceCAStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1.ServiceCASpec", "github.com/openshift/api/operator/v1.ServiceCAStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -60072,7 +61073,7 @@ func schema_openshift_api_operator_v1_ServiceCAList(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -60094,7 +61095,7 @@ func schema_openshift_api_operator_v1_ServiceCAList(ref common.ReferenceCallback }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.ServiceCA", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1.ServiceCA", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -60129,13 +61130,13 @@ func schema_openshift_api_operator_v1_ServiceCASpec(ref common.ReferenceCallback "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, @@ -60143,7 +61144,7 @@ func schema_openshift_api_operator_v1_ServiceCASpec(ref common.ReferenceCallback }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -60262,7 +61263,7 @@ func schema_openshift_api_operator_v1_ServiceCatalogAPIServer(ref common.Referen SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -60282,7 +61283,7 @@ func schema_openshift_api_operator_v1_ServiceCatalogAPIServer(ref common.Referen }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.ServiceCatalogAPIServerSpec", "github.com/openshift/api/operator/v1.ServiceCatalogAPIServerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1.ServiceCatalogAPIServerSpec", "github.com/openshift/api/operator/v1.ServiceCatalogAPIServerStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -60311,7 +61312,7 @@ func schema_openshift_api_operator_v1_ServiceCatalogAPIServerList(ref common.Ref SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -60333,7 +61334,7 @@ func schema_openshift_api_operator_v1_ServiceCatalogAPIServerList(ref common.Ref }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.ServiceCatalogAPIServer", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1.ServiceCatalogAPIServer", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -60368,13 +61369,13 @@ func schema_openshift_api_operator_v1_ServiceCatalogAPIServerSpec(ref common.Ref "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, @@ -60382,7 +61383,7 @@ func schema_openshift_api_operator_v1_ServiceCatalogAPIServerSpec(ref common.Ref }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -60501,7 +61502,7 @@ func schema_openshift_api_operator_v1_ServiceCatalogControllerManager(ref common SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -60521,7 +61522,7 @@ func schema_openshift_api_operator_v1_ServiceCatalogControllerManager(ref common }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.ServiceCatalogControllerManagerSpec", "github.com/openshift/api/operator/v1.ServiceCatalogControllerManagerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1.ServiceCatalogControllerManagerSpec", "github.com/openshift/api/operator/v1.ServiceCatalogControllerManagerStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -60550,7 +61551,7 @@ func schema_openshift_api_operator_v1_ServiceCatalogControllerManagerList(ref co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -60572,7 +61573,7 @@ func schema_openshift_api_operator_v1_ServiceCatalogControllerManagerList(ref co }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.ServiceCatalogControllerManager", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1.ServiceCatalogControllerManager", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -60607,13 +61608,13 @@ func schema_openshift_api_operator_v1_ServiceCatalogControllerManagerSpec(ref co "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, @@ -60621,7 +61622,7 @@ func schema_openshift_api_operator_v1_ServiceCatalogControllerManagerSpec(ref co }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -60965,13 +61966,13 @@ func schema_openshift_api_operator_v1_StaticPodOperatorSpec(ref common.Reference "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "forceRedeploymentReason": { @@ -61001,7 +62002,7 @@ func schema_openshift_api_operator_v1_StaticPodOperatorSpec(ref common.Reference }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -61172,7 +62173,7 @@ func schema_openshift_api_operator_v1_Storage(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -61194,7 +62195,7 @@ func schema_openshift_api_operator_v1_Storage(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.StorageSpec", "github.com/openshift/api/operator/v1.StorageStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1.StorageSpec", "github.com/openshift/api/operator/v1.StorageStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -61223,7 +62224,7 @@ func schema_openshift_api_operator_v1_StorageList(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -61244,7 +62245,7 @@ func schema_openshift_api_operator_v1_StorageList(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1.Storage", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1.Storage", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -61280,13 +62281,13 @@ func schema_openshift_api_operator_v1_StorageSpec(ref common.ReferenceCallback) "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "vsphereStorageDriver": { @@ -61302,7 +62303,7 @@ func schema_openshift_api_operator_v1_StorageSpec(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -61651,6 +62652,340 @@ func schema_openshift_api_operator_v1alpha1_BackupJobReference(ref common.Refere } } +func schema_openshift_api_operator_v1alpha1_ClusterAPI(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ClusterAPI provides configuration for the capi-operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Description: "spec is the specification of the desired behavior of the capi-operator.", + Ref: ref("github.com/openshift/api/operator/v1alpha1.ClusterAPISpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "status defines the observed status of the capi-operator.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/operator/v1alpha1.ClusterAPIStatus"), + }, + }, + }, + Required: []string{"metadata", "spec"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/operator/v1alpha1.ClusterAPISpec", "github.com/openshift/api/operator/v1alpha1.ClusterAPIStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_operator_v1alpha1_ClusterAPIInstallerComponent(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ClusterAPIInstallerComponent defines a component which will be installed by this revision.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "type": { + SchemaProps: spec.SchemaProps{ + Description: "type is the source type of the component. The only valid value is Image. When set to Image, the image field must be set and will define an image source for the component.\n\nPossible enum values:\n - `\"Image\"` is an image source for a component.", + Type: []string{"string"}, + Format: "", + Enum: []interface{}{"Image"}, + }, + }, + "image": { + SchemaProps: spec.SchemaProps{ + Description: "image defines an image source for a component. The image must contain a /capi-operator-installer directory containing the component manifests.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/operator/v1alpha1.ClusterAPIInstallerComponentImage"), + }, + }, + }, + Required: []string{"type"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-unions": []interface{}{ + map[string]interface{}{ + "discriminator": "type", + "fields-to-discriminateBy": map[string]interface{}{ + "image": "Image", + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/operator/v1alpha1.ClusterAPIInstallerComponentImage"}, + } +} + +func schema_openshift_api_operator_v1alpha1_ClusterAPIInstallerComponentImage(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ClusterAPIInstallerComponentImage defines an image source for a component.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "ref": { + SchemaProps: spec.SchemaProps{ + Description: "ref is an image reference to the image containing the component manifests. The reference must be a valid image digest reference in the format host[:port][/namespace]/name@sha256:. The digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the field must be between 1 to 447 characters.", + Type: []string{"string"}, + Format: "", + }, + }, + "profile": { + SchemaProps: spec.SchemaProps{ + Description: "profile is the name of a profile to use from the image.\n\nA profile name may be up to 255 characters long. It must consist of alphanumeric characters, '-', or '_'.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"ref", "profile"}, + }, + }, + } +} + +func schema_openshift_api_operator_v1alpha1_ClusterAPIInstallerRevision(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is the name of a revision.", + Type: []string{"string"}, + Format: "", + }, + }, + "revision": { + SchemaProps: spec.SchemaProps{ + Description: "revision is a monotonically increasing number that is assigned to a revision.", + Type: []string{"integer"}, + Format: "int64", + }, + }, + "contentID": { + SchemaProps: spec.SchemaProps{ + Description: "contentID uniquely identifies the content of this revision. The contentID must be between 1 and 255 characters long.", + Type: []string{"string"}, + Format: "", + }, + }, + "unmanagedCustomResourceDefinitions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "unmanagedCustomResourceDefinitions is a list of the names of ClusterResourceDefinition (CRD) objects which are included in this revision, but which should not be installed or updated. If not set, all CRDs in the revision will be managed by the CAPI operator.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "components": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "components is a list of components which will be installed by this revision. Components will be installed in the order they are listed. If omitted no components will be installed.\n\nThe maximum number of components is 32.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/operator/v1alpha1.ClusterAPIInstallerComponent"), + }, + }, + }, + }, + }, + }, + Required: []string{"name", "revision", "contentID"}, + }, + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-map-type": "atomic", + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/operator/v1alpha1.ClusterAPIInstallerComponent"}, + } +} + +func schema_openshift_api_operator_v1alpha1_ClusterAPIList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ClusterAPIList contains a list of ClusterAPI configurations\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Description: "items contains the items", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/operator/v1alpha1.ClusterAPI"), + }, + }, + }, + }, + }, + }, + Required: []string{"metadata", "items"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/operator/v1alpha1.ClusterAPI", metav1.ListMeta{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_operator_v1alpha1_ClusterAPISpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ClusterAPISpec defines the desired configuration of the capi-operator. The spec is required but we deliberately allow it to be empty.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "unmanagedCustomResourceDefinitions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "set", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "unmanagedCustomResourceDefinitions is a list of ClusterResourceDefinition (CRD) names that should not be managed by the capi-operator installer controller. This allows external actors to own specific CRDs while capi-operator manages others.\n\nEach CRD name must be a valid DNS-1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character, with a maximum length of 253 characters. CRD names must contain at least two '.' characters. Example: \"clusters.cluster.x-k8s.io\"\n\nItems cannot be removed from this list once added.\n\nThe maximum number of unmanagedCustomResourceDefinitions is 128.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, + }, + }, + } +} + +func schema_openshift_api_operator_v1alpha1_ClusterAPIStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "ClusterAPIStatus describes the current state of the capi-operator.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "currentRevision": { + SchemaProps: spec.SchemaProps{ + Description: "currentRevision is the name of the most recently fully applied revision. It is written by the installer controller. If it is absent, it indicates that no revision has been fully applied yet. If set, currentRevision must correspond to an entry in the revisions list.", + Type: []string{"string"}, + Format: "", + }, + }, + "desiredRevision": { + SchemaProps: spec.SchemaProps{ + Description: "desiredRevision is the name of the desired revision. It is written by the revision controller. It must be set to the name of the entry in the revisions list with the highest revision number.", + Type: []string{"string"}, + Format: "", + }, + }, + "revisions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "revisions is a list of all currently active revisions. A revision is active until the installer controller updates currentRevision to a later revision. It is written by the revision controller.\n\nThe maximum number of revisions is 16. All revisions must have a unique name. All revisions must have a unique revision number. When adding a revision, the revision number must be greater than the highest revision number in the list. Revisions are immutable, although they can be deleted.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/operator/v1alpha1.ClusterAPIInstallerRevision"), + }, + }, + }, + }, + }, + }, + Required: []string{"desiredRevision", "revisions"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/operator/v1alpha1.ClusterAPIInstallerRevision"}, + } +} + func schema_openshift_api_operator_v1alpha1_ClusterVersionOperator(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -61676,7 +63011,7 @@ func schema_openshift_api_operator_v1alpha1_ClusterVersionOperator(ref common.Re SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -61698,7 +63033,7 @@ func schema_openshift_api_operator_v1alpha1_ClusterVersionOperator(ref common.Re }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperatorSpec", "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperatorStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperatorSpec", "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperatorStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -61727,7 +63062,7 @@ func schema_openshift_api_operator_v1alpha1_ClusterVersionOperatorList(ref commo SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -61749,7 +63084,7 @@ func schema_openshift_api_operator_v1alpha1_ClusterVersionOperatorList(ref commo }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperator", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1alpha1.ClusterVersionOperator", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -61857,7 +63192,7 @@ func schema_openshift_api_operator_v1alpha1_EtcdBackup(ref common.ReferenceCallb "metadata": { SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -61879,7 +63214,7 @@ func schema_openshift_api_operator_v1alpha1_EtcdBackup(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1alpha1.EtcdBackupSpec", "github.com/openshift/api/operator/v1alpha1.EtcdBackupStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1alpha1.EtcdBackupSpec", "github.com/openshift/api/operator/v1alpha1.EtcdBackupStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -61907,7 +63242,7 @@ func schema_openshift_api_operator_v1alpha1_EtcdBackupList(ref common.ReferenceC "metadata": { SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -61928,7 +63263,7 @@ func schema_openshift_api_operator_v1alpha1_EtcdBackupList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1alpha1.EtcdBackup", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1alpha1.EtcdBackup", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -61974,7 +63309,7 @@ func schema_openshift_api_operator_v1alpha1_EtcdBackupStatus(ref common.Referenc Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -61990,7 +63325,7 @@ func schema_openshift_api_operator_v1alpha1_EtcdBackupStatus(ref common.Referenc }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1alpha1.BackupJobReference", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + "github.com/openshift/api/operator/v1alpha1.BackupJobReference", metav1.Condition{}.OpenAPIModelName()}, } } @@ -62130,7 +63465,7 @@ func schema_openshift_api_operator_v1alpha1_ImageContentSourcePolicy(ref common. SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -62145,7 +63480,7 @@ func schema_openshift_api_operator_v1alpha1_ImageContentSourcePolicy(ref common. }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1alpha1.ImageContentSourcePolicySpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1alpha1.ImageContentSourcePolicySpec", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -62174,7 +63509,7 @@ func schema_openshift_api_operator_v1alpha1_ImageContentSourcePolicyList(ref com SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -62195,7 +63530,7 @@ func schema_openshift_api_operator_v1alpha1_ImageContentSourcePolicyList(ref com }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1alpha1.ImageContentSourcePolicy", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1alpha1.ImageContentSourcePolicy", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -62344,7 +63679,7 @@ func schema_openshift_api_operator_v1alpha1_OLM(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -62366,7 +63701,7 @@ func schema_openshift_api_operator_v1alpha1_OLM(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1alpha1.OLMSpec", "github.com/openshift/api/operator/v1alpha1.OLMStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operator/v1alpha1.OLMSpec", "github.com/openshift/api/operator/v1alpha1.OLMStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -62395,7 +63730,7 @@ func schema_openshift_api_operator_v1alpha1_OLMList(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -62417,7 +63752,7 @@ func schema_openshift_api_operator_v1alpha1_OLMList(ref common.ReferenceCallback }, }, Dependencies: []string{ - "github.com/openshift/api/operator/v1alpha1.OLM", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operator/v1alpha1.OLM", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -62452,13 +63787,13 @@ func schema_openshift_api_operator_v1alpha1_OLMSpec(ref common.ReferenceCallback "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, @@ -62466,7 +63801,7 @@ func schema_openshift_api_operator_v1alpha1_OLMSpec(ref common.ReferenceCallback }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -62583,7 +63918,7 @@ func schema_openshift_api_operator_v1alpha1_OperatorCondition(ref common.Referen }, "lastTransitionTime": { SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "reason": { @@ -62603,7 +63938,7 @@ func schema_openshift_api_operator_v1alpha1_OperatorCondition(ref common.Referen }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -62925,7 +64260,7 @@ func schema_openshift_api_operatorcontrolplane_v1alpha1_LogEntry(ref common.Refe "time": { SchemaProps: spec.SchemaProps{ Description: "Start time of check action.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "success": { @@ -62953,7 +64288,7 @@ func schema_openshift_api_operatorcontrolplane_v1alpha1_LogEntry(ref common.Refe "latency": { SchemaProps: spec.SchemaProps{ Description: "latency records how long the action mentioned in the entry took.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Ref: ref(metav1.Duration{}.OpenAPIModelName()), }, }, }, @@ -62961,7 +64296,7 @@ func schema_openshift_api_operatorcontrolplane_v1alpha1_LogEntry(ref common.Refe }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Duration", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Duration{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, } } @@ -62975,13 +64310,13 @@ func schema_openshift_api_operatorcontrolplane_v1alpha1_OutageEntry(ref common.R "start": { SchemaProps: spec.SchemaProps{ Description: "start of outage detected", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "end": { SchemaProps: spec.SchemaProps{ Description: "end of outage detected", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "startLogs": { @@ -63024,7 +64359,7 @@ func schema_openshift_api_operatorcontrolplane_v1alpha1_OutageEntry(ref common.R }, }, Dependencies: []string{ - "github.com/openshift/api/operatorcontrolplane/v1alpha1.LogEntry", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + "github.com/openshift/api/operatorcontrolplane/v1alpha1.LogEntry", metav1.Time{}.OpenAPIModelName()}, } } @@ -63053,7 +64388,7 @@ func schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCh SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -63075,7 +64410,7 @@ func schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCh }, }, Dependencies: []string{ - "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckSpec", "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckSpec", "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -63119,7 +64454,7 @@ func schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCh "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "Last time the condition transitioned from one status to another.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, }, @@ -63127,7 +64462,7 @@ func schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCh }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -63156,226 +64491,231 @@ func schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCh SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Description: "items contains the items", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheck"), + }, + }, + }, + }, + }, + }, + Required: []string{"metadata", "items"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheck", metav1.ListMeta{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheckSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "sourcePod": { + SchemaProps: spec.SchemaProps{ + Description: "sourcePod names the pod from which the condition will be checked", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "targetEndpoint": { + SchemaProps: spec.SchemaProps{ + Description: "EndpointAddress to check. A TCP address of the form host:port. Note that if host is a DNS name, then the check would fail if the DNS name cannot be resolved. Specify an IP address for host to bypass DNS name lookup.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "tlsClientCert": { + SchemaProps: spec.SchemaProps{ + Description: "TLSClientCert, if specified, references a kubernetes.io/tls type secret with 'tls.crt' and 'tls.key' entries containing an optional TLS client certificate and key to be used when checking endpoints that require a client certificate in order to gracefully preform the scan without causing excessive logging in the endpoint process. The secret must exist in the same namespace as this resource.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/config/v1.SecretNameReference"), + }, + }, + }, + Required: []string{"sourcePod", "targetEndpoint"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/config/v1.SecretNameReference"}, + } +} + +func schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheckStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "successes": { + SchemaProps: spec.SchemaProps{ + Description: "successes contains logs successful check actions", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/operatorcontrolplane/v1alpha1.LogEntry"), + }, + }, + }, + }, + }, + "failures": { + SchemaProps: spec.SchemaProps{ + Description: "failures contains logs of unsuccessful check actions", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/operatorcontrolplane/v1alpha1.LogEntry"), + }, + }, + }, + }, + }, + "outages": { + SchemaProps: spec.SchemaProps{ + Description: "outages contains logs of time periods of outages", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/operatorcontrolplane/v1alpha1.OutageEntry"), + }, + }, + }, + }, + }, + "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "conditions summarize the status of the check", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckCondition"), + }, + }, + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/operatorcontrolplane/v1alpha1.LogEntry", "github.com/openshift/api/operatorcontrolplane/v1alpha1.OutageEntry", "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckCondition"}, + } +} + +func schema_openshift_api_operatoringress_v1_DNSRecord(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "DNSRecord is a DNS record managed in the zones defined by dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone.\n\nCluster admin manipulation of this resource is not supported. This resource is only for internal communication of OpenShift operators.\n\nIf DNSManagementPolicy is \"Unmanaged\", the operator will not be responsible for managing the DNS records on the cloud provider.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Description: "spec is the specification of the desired behavior of the dnsRecord.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/operatoringress/v1.DNSRecordSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Description: "status is the most recently observed status of the dnsRecord.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/operatoringress/v1.DNSRecordStatus"), + }, + }, + }, + Required: []string{"spec", "status"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/operatoringress/v1.DNSRecordSpec", "github.com/openshift/api/operatoringress/v1.DNSRecordStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, + } +} + +func schema_openshift_api_operatoringress_v1_DNSRecordList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "DNSRecordList contains a list of dnsrecords.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { - SchemaProps: spec.SchemaProps{ - Description: "items contains the items", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheck"), - }, - }, - }, - }, - }, - }, - Required: []string{"metadata", "items"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheck", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, - } -} - -func schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheckSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "sourcePod": { - SchemaProps: spec.SchemaProps{ - Description: "sourcePod names the pod from which the condition will be checked", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "targetEndpoint": { - SchemaProps: spec.SchemaProps{ - Description: "EndpointAddress to check. A TCP address of the form host:port. Note that if host is a DNS name, then the check would fail if the DNS name cannot be resolved. Specify an IP address for host to bypass DNS name lookup.", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - "tlsClientCert": { - SchemaProps: spec.SchemaProps{ - Description: "TLSClientCert, if specified, references a kubernetes.io/tls type secret with 'tls.crt' and 'tls.key' entries containing an optional TLS client certificate and key to be used when checking endpoints that require a client certificate in order to gracefully preform the scan without causing excessive logging in the endpoint process. The secret must exist in the same namespace as this resource.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/config/v1.SecretNameReference"), - }, - }, - }, - Required: []string{"sourcePod", "targetEndpoint"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/config/v1.SecretNameReference"}, - } -} - -func schema_openshift_api_operatorcontrolplane_v1alpha1_PodNetworkConnectivityCheckStatus(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "successes": { - SchemaProps: spec.SchemaProps{ - Description: "successes contains logs successful check actions", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/operatorcontrolplane/v1alpha1.LogEntry"), - }, - }, - }, - }, - }, - "failures": { - SchemaProps: spec.SchemaProps{ - Description: "failures contains logs of unsuccessful check actions", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/operatorcontrolplane/v1alpha1.LogEntry"), - }, - }, - }, - }, - }, - "outages": { - SchemaProps: spec.SchemaProps{ - Description: "outages contains logs of time periods of outages", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/operatorcontrolplane/v1alpha1.OutageEntry"), - }, - }, - }, - }, - }, - "conditions": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "conditions summarize the status of the check", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckCondition"), - }, - }, + "x-kubernetes-list-type": "atomic", }, }, - }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/operatorcontrolplane/v1alpha1.LogEntry", "github.com/openshift/api/operatorcontrolplane/v1alpha1.OutageEntry", "github.com/openshift/api/operatorcontrolplane/v1alpha1.PodNetworkConnectivityCheckCondition"}, - } -} - -func schema_openshift_api_operatoringress_v1_DNSRecord(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "DNSRecord is a DNS record managed in the zones defined by dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone.\n\nCluster admin manipulation of this resource is not supported. This resource is only for internal communication of OpenShift operators.\n\nIf DNSManagementPolicy is \"Unmanaged\", the operator will not be responsible for managing the DNS records on the cloud provider.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), - }, - }, - "spec": { - SchemaProps: spec.SchemaProps{ - Description: "spec is the specification of the desired behavior of the dnsRecord.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/operatoringress/v1.DNSRecordSpec"), - }, - }, - "status": { - SchemaProps: spec.SchemaProps{ - Description: "status is the most recently observed status of the dnsRecord.", - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/operatoringress/v1.DNSRecordStatus"), - }, - }, - }, - Required: []string{"spec", "status"}, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/operatoringress/v1.DNSRecordSpec", "github.com/openshift/api/operatoringress/v1.DNSRecordStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, - } -} - -func schema_openshift_api_operatoringress_v1_DNSRecordList(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "DNSRecordList contains a list of dnsrecords.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "kind": { - SchemaProps: spec.SchemaProps{ - Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - Type: []string{"string"}, - Format: "", - }, - }, - "apiVersion": { - SchemaProps: spec.SchemaProps{ - Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - Type: []string{"string"}, - Format: "", - }, - }, - "metadata": { - SchemaProps: spec.SchemaProps{ - Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), - }, - }, - "items": { SchemaProps: spec.SchemaProps{ Type: []string{"array"}, Items: &spec.SchemaOrArray{ @@ -63393,7 +64733,7 @@ func schema_openshift_api_operatoringress_v1_DNSRecordList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/operatoringress/v1.DNSRecord", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/operatoringress/v1.DNSRecord", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -63413,6 +64753,11 @@ func schema_openshift_api_operatoringress_v1_DNSRecordSpec(ref common.ReferenceC }, }, "targets": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "targets are record targets.", Type: []string{"array"}, @@ -63429,7 +64774,7 @@ func schema_openshift_api_operatoringress_v1_DNSRecordSpec(ref common.ReferenceC }, "recordType": { SchemaProps: spec.SchemaProps{ - Description: "recordType is the DNS record type. For example, \"A\" or \"CNAME\".", + Description: "recordType is the DNS record type. For example, \"A\", \"AAAA\", or \"CNAME\".", Default: "", Type: []string{"string"}, Format: "", @@ -63466,6 +64811,11 @@ func schema_openshift_api_operatoringress_v1_DNSRecordStatus(ref common.Referenc Type: []string{"object"}, Properties: map[string]spec.Schema{ "zones": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "zones are the status of the record in each zone.", Type: []string{"array"}, @@ -63517,7 +64867,7 @@ func schema_openshift_api_operatoringress_v1_DNSZoneCondition(ref common.Referen }, "lastTransitionTime": { SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "reason": { @@ -63537,7 +64887,7 @@ func schema_openshift_api_operatoringress_v1_DNSZoneCondition(ref common.Referen }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -63556,6 +64906,11 @@ func schema_openshift_api_operatoringress_v1_DNSZoneStatus(ref common.ReferenceC }, }, "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "conditions are any conditions associated with the record in the zone.\n\nIf publishing the record succeeds, the \"Published\" condition will be set with status \"True\" and upon failure it will be set to \"False\" along with the reason and message describing the cause of the failure.", Type: []string{"array"}, @@ -64009,7 +65364,7 @@ func schema_openshift_api_osin_v1_IdentityProvider(ref common.ReferenceCallback) "provider": { SchemaProps: spec.SchemaProps{ Description: "provider contains the information about how to set up a specific identity provider", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, @@ -64017,7 +65372,7 @@ func schema_openshift_api_osin_v1_IdentityProvider(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -64967,14 +66322,14 @@ func schema_openshift_api_osin_v1_TokenConfig(ref common.ReferenceCallback) comm "accessTokenInactivityTimeout": { SchemaProps: spec.SchemaProps{ Description: "accessTokenInactivityTimeout defines the token inactivity timeout for tokens granted by any client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Takes valid time duration string such as \"5m\", \"1.5h\" or \"2h45m\". The minimum allowed value for duration is 300s (5 minutes). If the timeout is configured per client, then that value takes precedence. If the timeout value is not specified and the client does not override the value, then tokens are valid until their lifetime.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Duration"), + Ref: ref(metav1.Duration{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Duration"}, + metav1.Duration{}.OpenAPIModelName()}, } } @@ -65003,7 +66358,7 @@ func schema_openshift_api_project_v1_Project(ref common.ReferenceCallback) commo SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -65024,7 +66379,7 @@ func schema_openshift_api_project_v1_Project(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - "github.com/openshift/api/project/v1.ProjectSpec", "github.com/openshift/api/project/v1.ProjectStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/project/v1.ProjectSpec", "github.com/openshift/api/project/v1.ProjectStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -65053,7 +66408,7 @@ func schema_openshift_api_project_v1_ProjectList(ref common.ReferenceCallback) c SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -65075,7 +66430,7 @@ func schema_openshift_api_project_v1_ProjectList(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - "github.com/openshift/api/project/v1.Project", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/project/v1.Project", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -65104,7 +66459,7 @@ func schema_openshift_api_project_v1_ProjectRequest(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "displayName": { @@ -65125,7 +66480,7 @@ func schema_openshift_api_project_v1_ProjectRequest(ref common.ReferenceCallback }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -65186,7 +66541,7 @@ func schema_openshift_api_project_v1_ProjectStatus(ref common.ReferenceCallback) Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.NamespaceCondition"), + Ref: ref(corev1.NamespaceCondition{}.OpenAPIModelName()), }, }, }, @@ -65196,7 +66551,7 @@ func schema_openshift_api_project_v1_ProjectStatus(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "k8s.io/api/core/v1.NamespaceCondition"}, + corev1.NamespaceCondition{}.OpenAPIModelName()}, } } @@ -65225,7 +66580,7 @@ func schema_openshift_api_quota_v1_AppliedClusterResourceQuota(ref common.Refere SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -65247,7 +66602,7 @@ func schema_openshift_api_quota_v1_AppliedClusterResourceQuota(ref common.Refere }, }, Dependencies: []string{ - "github.com/openshift/api/quota/v1.ClusterResourceQuotaSpec", "github.com/openshift/api/quota/v1.ClusterResourceQuotaStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/quota/v1.ClusterResourceQuotaSpec", "github.com/openshift/api/quota/v1.ClusterResourceQuotaStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -65276,7 +66631,7 @@ func schema_openshift_api_quota_v1_AppliedClusterResourceQuotaList(ref common.Re SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -65298,7 +66653,7 @@ func schema_openshift_api_quota_v1_AppliedClusterResourceQuotaList(ref common.Re }, }, Dependencies: []string{ - "github.com/openshift/api/quota/v1.AppliedClusterResourceQuota", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/quota/v1.AppliedClusterResourceQuota", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -65327,7 +66682,7 @@ func schema_openshift_api_quota_v1_ClusterResourceQuota(ref common.ReferenceCall SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -65349,7 +66704,7 @@ func schema_openshift_api_quota_v1_ClusterResourceQuota(ref common.ReferenceCall }, }, Dependencies: []string{ - "github.com/openshift/api/quota/v1.ClusterResourceQuotaSpec", "github.com/openshift/api/quota/v1.ClusterResourceQuotaStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/quota/v1.ClusterResourceQuotaSpec", "github.com/openshift/api/quota/v1.ClusterResourceQuotaStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -65378,7 +66733,7 @@ func schema_openshift_api_quota_v1_ClusterResourceQuotaList(ref common.Reference SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -65400,7 +66755,7 @@ func schema_openshift_api_quota_v1_ClusterResourceQuotaList(ref common.Reference }, }, Dependencies: []string{ - "github.com/openshift/api/quota/v1.ClusterResourceQuota", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/quota/v1.ClusterResourceQuota", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -65414,7 +66769,7 @@ func schema_openshift_api_quota_v1_ClusterResourceQuotaSelector(ref common.Refer "labels": { SchemaProps: spec.SchemaProps{ Description: "LabelSelector is used to select projects by label.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, "annotations": { @@ -65437,7 +66792,7 @@ func schema_openshift_api_quota_v1_ClusterResourceQuotaSelector(ref common.Refer }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + metav1.LabelSelector{}.OpenAPIModelName()}, } } @@ -65459,7 +66814,7 @@ func schema_openshift_api_quota_v1_ClusterResourceQuotaSpec(ref common.Reference SchemaProps: spec.SchemaProps{ Description: "quota defines the desired quota", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ResourceQuotaSpec"), + Ref: ref(corev1.ResourceQuotaSpec{}.OpenAPIModelName()), }, }, }, @@ -65467,7 +66822,7 @@ func schema_openshift_api_quota_v1_ClusterResourceQuotaSpec(ref common.Reference }, }, Dependencies: []string{ - "github.com/openshift/api/quota/v1.ClusterResourceQuotaSelector", "k8s.io/api/core/v1.ResourceQuotaSpec"}, + "github.com/openshift/api/quota/v1.ClusterResourceQuotaSelector", corev1.ResourceQuotaSpec{}.OpenAPIModelName()}, } } @@ -65482,7 +66837,7 @@ func schema_openshift_api_quota_v1_ClusterResourceQuotaStatus(ref common.Referen SchemaProps: spec.SchemaProps{ Description: "total defines the actual enforced quota and its current usage across all projects", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ResourceQuotaStatus"), + Ref: ref(corev1.ResourceQuotaStatus{}.OpenAPIModelName()), }, }, "namespaces": { @@ -65504,7 +66859,7 @@ func schema_openshift_api_quota_v1_ClusterResourceQuotaStatus(ref common.Referen }, }, Dependencies: []string{ - "github.com/openshift/api/quota/v1.ResourceQuotaStatusByNamespace", "k8s.io/api/core/v1.ResourceQuotaStatus"}, + "github.com/openshift/api/quota/v1.ResourceQuotaStatusByNamespace", corev1.ResourceQuotaStatus{}.OpenAPIModelName()}, } } @@ -65527,7 +66882,7 @@ func schema_openshift_api_quota_v1_ResourceQuotaStatusByNamespace(ref common.Ref SchemaProps: spec.SchemaProps{ Description: "status indicates how many resources have been consumed by this project", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ResourceQuotaStatus"), + Ref: ref(corev1.ResourceQuotaStatus{}.OpenAPIModelName()), }, }, }, @@ -65535,7 +66890,7 @@ func schema_openshift_api_quota_v1_ResourceQuotaStatusByNamespace(ref common.Ref }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ResourceQuotaStatus"}, + corev1.ResourceQuotaStatus{}.OpenAPIModelName()}, } } @@ -65589,7 +66944,7 @@ func schema_openshift_api_route_v1_Route(ref common.ReferenceCallback) common.Op SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -65611,7 +66966,7 @@ func schema_openshift_api_route_v1_Route(ref common.ReferenceCallback) common.Op }, }, Dependencies: []string{ - "github.com/openshift/api/route/v1.RouteSpec", "github.com/openshift/api/route/v1.RouteStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/route/v1.RouteSpec", "github.com/openshift/api/route/v1.RouteStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -65874,7 +67229,7 @@ func schema_openshift_api_route_v1_RouteIngressCondition(ref common.ReferenceCal "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "RFC 3339 date and time when this condition last transitioned", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, }, @@ -65882,7 +67237,7 @@ func schema_openshift_api_route_v1_RouteIngressCondition(ref common.ReferenceCal }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -65911,7 +67266,7 @@ func schema_openshift_api_route_v1_RouteList(ref common.ReferenceCallback) commo SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -65933,7 +67288,7 @@ func schema_openshift_api_route_v1_RouteList(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - "github.com/openshift/api/route/v1.Route", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/route/v1.Route", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -65947,7 +67302,7 @@ func schema_openshift_api_route_v1_RoutePort(ref common.ReferenceCallback) commo "targetPort": { SchemaProps: spec.SchemaProps{ Description: "The target port on pods selected by the service this route points to. If this is a string, it will be looked up as a named port in the target endpoints port list. Required", - Ref: ref("k8s.io/apimachinery/pkg/util/intstr.IntOrString"), + Ref: ref(intstr.IntOrString{}.OpenAPIModelName()), }, }, }, @@ -65955,7 +67310,7 @@ func schema_openshift_api_route_v1_RoutePort(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/util/intstr.IntOrString"}, + intstr.IntOrString{}.OpenAPIModelName()}, } } @@ -66264,7 +67619,7 @@ func schema_openshift_api_samples_v1_Config(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -66284,7 +67639,7 @@ func schema_openshift_api_samples_v1_Config(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - "github.com/openshift/api/samples/v1.ConfigSpec", "github.com/openshift/api/samples/v1.ConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/samples/v1.ConfigSpec", "github.com/openshift/api/samples/v1.ConfigStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -66314,13 +67669,13 @@ func schema_openshift_api_samples_v1_ConfigCondition(ref common.ReferenceCallbac "lastUpdateTime": { SchemaProps: spec.SchemaProps{ Description: "lastUpdateTime is the last time this condition was updated.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "lastTransitionTime is the last time the condition transitioned from one status to another.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "reason": { @@ -66342,7 +67697,7 @@ func schema_openshift_api_samples_v1_ConfigCondition(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -66371,7 +67726,7 @@ func schema_openshift_api_samples_v1_ConfigList(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -66392,7 +67747,7 @@ func schema_openshift_api_samples_v1_ConfigList(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "github.com/openshift/api/samples/v1.Config", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/samples/v1.Config", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -66740,7 +68095,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicyReview(ref common.Referen SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -66762,7 +68117,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicyReview(ref common.Referen }, }, Dependencies: []string{ - "github.com/openshift/api/security/v1.PodSecurityPolicyReviewSpec", "github.com/openshift/api/security/v1.PodSecurityPolicyReviewStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/security/v1.PodSecurityPolicyReviewSpec", "github.com/openshift/api/security/v1.PodSecurityPolicyReviewStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -66777,7 +68132,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicyReviewSpec(ref common.Ref SchemaProps: spec.SchemaProps{ Description: "template is the PodTemplateSpec to check. The template.spec.serviceAccountName field is used if serviceAccountNames is empty, unless the template.spec.serviceAccountName is empty, in which case \"default\" is used. If serviceAccountNames is specified, template.spec.serviceAccountName is ignored.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PodTemplateSpec"), + Ref: ref(corev1.PodTemplateSpec{}.OpenAPIModelName()), }, }, "serviceAccountNames": { @@ -66800,7 +68155,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicyReviewSpec(ref common.Ref }, }, Dependencies: []string{ - "k8s.io/api/core/v1.PodTemplateSpec"}, + corev1.PodTemplateSpec{}.OpenAPIModelName()}, } } @@ -66858,7 +68213,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicySelfSubjectReview(ref com SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -66880,7 +68235,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicySelfSubjectReview(ref com }, }, Dependencies: []string{ - "github.com/openshift/api/security/v1.PodSecurityPolicySelfSubjectReviewSpec", "github.com/openshift/api/security/v1.PodSecurityPolicySubjectReviewStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/security/v1.PodSecurityPolicySelfSubjectReviewSpec", "github.com/openshift/api/security/v1.PodSecurityPolicySubjectReviewStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -66895,7 +68250,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicySelfSubjectReviewSpec(ref SchemaProps: spec.SchemaProps{ Description: "template is the PodTemplateSpec to check.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PodTemplateSpec"), + Ref: ref(corev1.PodTemplateSpec{}.OpenAPIModelName()), }, }, }, @@ -66903,7 +68258,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicySelfSubjectReviewSpec(ref }, }, Dependencies: []string{ - "k8s.io/api/core/v1.PodTemplateSpec"}, + corev1.PodTemplateSpec{}.OpenAPIModelName()}, } } @@ -66932,7 +68287,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicySubjectReview(ref common. SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -66954,7 +68309,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicySubjectReview(ref common. }, }, Dependencies: []string{ - "github.com/openshift/api/security/v1.PodSecurityPolicySubjectReviewSpec", "github.com/openshift/api/security/v1.PodSecurityPolicySubjectReviewStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/security/v1.PodSecurityPolicySubjectReviewSpec", "github.com/openshift/api/security/v1.PodSecurityPolicySubjectReviewStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -66969,7 +68324,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicySubjectReviewSpec(ref com SchemaProps: spec.SchemaProps{ Description: "template is the PodTemplateSpec to check. If template.spec.serviceAccountName is empty it will not be defaulted. If its non-empty, it will be checked.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PodTemplateSpec"), + Ref: ref(corev1.PodTemplateSpec{}.OpenAPIModelName()), }, }, "user": { @@ -66999,7 +68354,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicySubjectReviewSpec(ref com }, }, Dependencies: []string{ - "k8s.io/api/core/v1.PodTemplateSpec"}, + corev1.PodTemplateSpec{}.OpenAPIModelName()}, } } @@ -67013,7 +68368,7 @@ func schema_openshift_api_security_v1_PodSecurityPolicySubjectReviewStatus(ref c "allowedBy": { SchemaProps: spec.SchemaProps{ Description: "allowedBy is a reference to the rule that allows the PodTemplateSpec. A rule can be a SecurityContextConstraint or a PodSecurityPolicy A `nil`, indicates that it was denied.", - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, "reason": { @@ -67027,14 +68382,14 @@ func schema_openshift_api_security_v1_PodSecurityPolicySubjectReviewStatus(ref c SchemaProps: spec.SchemaProps{ Description: "template is the PodTemplateSpec after the defaulting is applied.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PodTemplateSpec"), + Ref: ref(corev1.PodTemplateSpec{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ObjectReference", "k8s.io/api/core/v1.PodTemplateSpec"}, + corev1.ObjectReference{}.OpenAPIModelName(), corev1.PodTemplateSpec{}.OpenAPIModelName()}, } } @@ -67063,7 +68418,7 @@ func schema_openshift_api_security_v1_RangeAllocation(ref common.ReferenceCallba SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "range": { @@ -67086,7 +68441,7 @@ func schema_openshift_api_security_v1_RangeAllocation(ref common.ReferenceCallba }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -67115,7 +68470,7 @@ func schema_openshift_api_security_v1_RangeAllocationList(ref common.ReferenceCa SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -67137,7 +68492,7 @@ func schema_openshift_api_security_v1_RangeAllocationList(ref common.ReferenceCa }, }, Dependencies: []string{ - "github.com/openshift/api/security/v1.RangeAllocation", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/security/v1.RangeAllocation", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -67199,14 +68554,14 @@ func schema_openshift_api_security_v1_SELinuxContextStrategyOptions(ref common.R "seLinuxOptions": { SchemaProps: spec.SchemaProps{ Description: "seLinuxOptions required to run as; required for MustRunAs", - Ref: ref("k8s.io/api/core/v1.SELinuxOptions"), + Ref: ref(corev1.SELinuxOptions{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.SELinuxOptions"}, + corev1.SELinuxOptions{}.OpenAPIModelName()}, } } @@ -67235,7 +68590,7 @@ func schema_openshift_api_security_v1_SecurityContextConstraints(ref common.Refe SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "priority": { @@ -67555,7 +68910,7 @@ func schema_openshift_api_security_v1_SecurityContextConstraints(ref common.Refe }, }, Dependencies: []string{ - "github.com/openshift/api/security/v1.AllowedFlexVolume", "github.com/openshift/api/security/v1.FSGroupStrategyOptions", "github.com/openshift/api/security/v1.RunAsUserStrategyOptions", "github.com/openshift/api/security/v1.SELinuxContextStrategyOptions", "github.com/openshift/api/security/v1.SupplementalGroupsStrategyOptions", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/security/v1.AllowedFlexVolume", "github.com/openshift/api/security/v1.FSGroupStrategyOptions", "github.com/openshift/api/security/v1.RunAsUserStrategyOptions", "github.com/openshift/api/security/v1.SELinuxContextStrategyOptions", "github.com/openshift/api/security/v1.SupplementalGroupsStrategyOptions", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -67584,7 +68939,7 @@ func schema_openshift_api_security_v1_SecurityContextConstraintsList(ref common. SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -67606,7 +68961,7 @@ func schema_openshift_api_security_v1_SecurityContextConstraintsList(ref common. }, }, Dependencies: []string{ - "github.com/openshift/api/security/v1.SecurityContextConstraints", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/security/v1.SecurityContextConstraints", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -67620,7 +68975,7 @@ func schema_openshift_api_security_v1_ServiceAccountPodSecurityPolicyReviewStatu "allowedBy": { SchemaProps: spec.SchemaProps{ Description: "allowedBy is a reference to the rule that allows the PodTemplateSpec. A rule can be a SecurityContextConstraint or a PodSecurityPolicy A `nil`, indicates that it was denied.", - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, "reason": { @@ -67634,7 +68989,7 @@ func schema_openshift_api_security_v1_ServiceAccountPodSecurityPolicyReviewStatu SchemaProps: spec.SchemaProps{ Description: "template is the PodTemplateSpec after the defaulting is applied.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PodTemplateSpec"), + Ref: ref(corev1.PodTemplateSpec{}.OpenAPIModelName()), }, }, "name": { @@ -67650,7 +69005,7 @@ func schema_openshift_api_security_v1_ServiceAccountPodSecurityPolicyReviewStatu }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ObjectReference", "k8s.io/api/core/v1.PodTemplateSpec"}, + corev1.ObjectReference{}.OpenAPIModelName(), corev1.PodTemplateSpec{}.OpenAPIModelName()}, } } @@ -67720,7 +69075,7 @@ func schema_openshift_api_securityinternal_v1_RangeAllocation(ref common.Referen SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "range": { @@ -67743,7 +69098,7 @@ func schema_openshift_api_securityinternal_v1_RangeAllocation(ref common.Referen }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -67772,7 +69127,7 @@ func schema_openshift_api_securityinternal_v1_RangeAllocationList(ref common.Ref SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -67794,7 +69149,7 @@ func schema_openshift_api_securityinternal_v1_RangeAllocationList(ref common.Ref }, }, Dependencies: []string{ - "github.com/openshift/api/securityinternal/v1.RangeAllocation", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/securityinternal/v1.RangeAllocation", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -67823,7 +69178,7 @@ func schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorCo SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -67843,7 +69198,7 @@ func schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorCo }, }, Dependencies: []string{ - "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfigSpec", "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfigStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfigSpec", "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfigStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -67872,7 +69227,7 @@ func schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorCo SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -67894,7 +69249,7 @@ func schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorCo }, }, Dependencies: []string{ - "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfig", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/servicecertsigner/v1alpha1.ServiceCertSignerOperatorConfig", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -67929,13 +69284,13 @@ func schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorCo "unsupportedConfigOverrides": { SchemaProps: spec.SchemaProps{ Description: "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, "observedConfig": { SchemaProps: spec.SchemaProps{ Description: "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, @@ -67943,7 +69298,7 @@ func schema_openshift_api_servicecertsigner_v1alpha1_ServiceCertSignerOperatorCo }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -68062,7 +69417,7 @@ func schema_openshift_api_sharedresource_v1alpha1_SharedConfigMap(ref common.Ref SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -68084,7 +69439,7 @@ func schema_openshift_api_sharedresource_v1alpha1_SharedConfigMap(ref common.Ref }, }, Dependencies: []string{ - "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMapSpec", "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMapStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMapSpec", "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMapStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -68113,7 +69468,7 @@ func schema_openshift_api_sharedresource_v1alpha1_SharedConfigMapList(ref common SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -68134,7 +69489,7 @@ func schema_openshift_api_sharedresource_v1alpha1_SharedConfigMapList(ref common }, }, Dependencies: []string{ - "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMap", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/sharedresource/v1alpha1.SharedConfigMap", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -68221,7 +69576,7 @@ func schema_openshift_api_sharedresource_v1alpha1_SharedConfigMapStatus(ref comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -68231,7 +69586,7 @@ func schema_openshift_api_sharedresource_v1alpha1_SharedConfigMapStatus(ref comm }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + metav1.Condition{}.OpenAPIModelName()}, } } @@ -68260,7 +69615,7 @@ func schema_openshift_api_sharedresource_v1alpha1_SharedSecret(ref common.Refere SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -68282,7 +69637,7 @@ func schema_openshift_api_sharedresource_v1alpha1_SharedSecret(ref common.Refere }, }, Dependencies: []string{ - "github.com/openshift/api/sharedresource/v1alpha1.SharedSecretSpec", "github.com/openshift/api/sharedresource/v1alpha1.SharedSecretStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/sharedresource/v1alpha1.SharedSecretSpec", "github.com/openshift/api/sharedresource/v1alpha1.SharedSecretStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -68311,7 +69666,7 @@ func schema_openshift_api_sharedresource_v1alpha1_SharedSecretList(ref common.Re SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -68332,7 +69687,7 @@ func schema_openshift_api_sharedresource_v1alpha1_SharedSecretList(ref common.Re }, }, Dependencies: []string{ - "github.com/openshift/api/sharedresource/v1alpha1.SharedSecret", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/sharedresource/v1alpha1.SharedSecret", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -68419,7 +69774,7 @@ func schema_openshift_api_sharedresource_v1alpha1_SharedSecretStatus(ref common. Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -68429,7 +69784,7 @@ func schema_openshift_api_sharedresource_v1alpha1_SharedSecretStatus(ref common. }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + metav1.Condition{}.OpenAPIModelName()}, } } @@ -68458,7 +69813,7 @@ func schema_openshift_api_template_v1_BrokerTemplateInstance(ref common.Referenc SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -68473,7 +69828,7 @@ func schema_openshift_api_template_v1_BrokerTemplateInstance(ref common.Referenc }, }, Dependencies: []string{ - "github.com/openshift/api/template/v1.BrokerTemplateInstanceSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/template/v1.BrokerTemplateInstanceSpec", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -68502,7 +69857,7 @@ func schema_openshift_api_template_v1_BrokerTemplateInstanceList(ref common.Refe SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -68524,7 +69879,7 @@ func schema_openshift_api_template_v1_BrokerTemplateInstanceList(ref common.Refe }, }, Dependencies: []string{ - "github.com/openshift/api/template/v1.BrokerTemplateInstance", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/template/v1.BrokerTemplateInstance", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -68539,14 +69894,14 @@ func schema_openshift_api_template_v1_BrokerTemplateInstanceSpec(ref common.Refe SchemaProps: spec.SchemaProps{ Description: "templateInstance is a reference to a TemplateInstance object residing in a namespace.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, "secret": { SchemaProps: spec.SchemaProps{ Description: "secret is a reference to a Secret object residing in a namespace, containing the necessary template parameters.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, "bindingIDs": { @@ -68569,7 +69924,7 @@ func schema_openshift_api_template_v1_BrokerTemplateInstanceSpec(ref common.Refe }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ObjectReference"}, + corev1.ObjectReference{}.OpenAPIModelName()}, } } @@ -68662,7 +70017,7 @@ func schema_openshift_api_template_v1_Template(ref common.ReferenceCallback) com SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "message": { @@ -68679,7 +70034,7 @@ func schema_openshift_api_template_v1_Template(ref common.ReferenceCallback) com Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, @@ -68720,7 +70075,7 @@ func schema_openshift_api_template_v1_Template(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "github.com/openshift/api/template/v1.Parameter", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + "github.com/openshift/api/template/v1.Parameter", metav1.ObjectMeta{}.OpenAPIModelName(), runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -68749,7 +70104,7 @@ func schema_openshift_api_template_v1_TemplateInstance(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { @@ -68771,7 +70126,7 @@ func schema_openshift_api_template_v1_TemplateInstance(ref common.ReferenceCallb }, }, Dependencies: []string{ - "github.com/openshift/api/template/v1.TemplateInstanceSpec", "github.com/openshift/api/template/v1.TemplateInstanceStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + "github.com/openshift/api/template/v1.TemplateInstanceSpec", "github.com/openshift/api/template/v1.TemplateInstanceStatus", metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -68801,7 +70156,7 @@ func schema_openshift_api_template_v1_TemplateInstanceCondition(ref common.Refer "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "lastTransitionTime is the last time a condition status transitioned from one state to another.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "reason": { @@ -68825,7 +70180,7 @@ func schema_openshift_api_template_v1_TemplateInstanceCondition(ref common.Refer }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -68854,7 +70209,7 @@ func schema_openshift_api_template_v1_TemplateInstanceList(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -68876,7 +70231,7 @@ func schema_openshift_api_template_v1_TemplateInstanceList(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/template/v1.TemplateInstance", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/template/v1.TemplateInstance", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -68891,14 +70246,14 @@ func schema_openshift_api_template_v1_TemplateInstanceObject(ref common.Referenc SchemaProps: spec.SchemaProps{ Description: "ref is a reference to the created object. When used under .spec, only name and namespace are used; these can contain references to parameters which will be substituted following the usual rules.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ObjectReference"}, + corev1.ObjectReference{}.OpenAPIModelName()}, } } @@ -68984,7 +70339,7 @@ func schema_openshift_api_template_v1_TemplateInstanceSpec(ref common.ReferenceC "secret": { SchemaProps: spec.SchemaProps{ Description: "secret is a reference to a Secret object containing the necessary template parameters.", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, "requester": { @@ -68998,7 +70353,7 @@ func schema_openshift_api_template_v1_TemplateInstanceSpec(ref common.ReferenceC }, }, Dependencies: []string{ - "github.com/openshift/api/template/v1.Template", "github.com/openshift/api/template/v1.TemplateInstanceRequester", "k8s.io/api/core/v1.LocalObjectReference"}, + "github.com/openshift/api/template/v1.Template", "github.com/openshift/api/template/v1.TemplateInstanceRequester", corev1.LocalObjectReference{}.OpenAPIModelName()}, } } @@ -69070,7 +70425,7 @@ func schema_openshift_api_template_v1_TemplateList(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -69092,7 +70447,7 @@ func schema_openshift_api_template_v1_TemplateList(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "github.com/openshift/api/template/v1.Template", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/template/v1.Template", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -69121,7 +70476,7 @@ func schema_openshift_api_user_v1_Group(ref common.ReferenceCallback) common.Ope SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "users": { @@ -69144,7 +70499,7 @@ func schema_openshift_api_user_v1_Group(ref common.ReferenceCallback) common.Ope }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -69173,7 +70528,7 @@ func schema_openshift_api_user_v1_GroupList(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -69195,7 +70550,7 @@ func schema_openshift_api_user_v1_GroupList(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - "github.com/openshift/api/user/v1.Group", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/user/v1.Group", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -69224,7 +70579,7 @@ func schema_openshift_api_user_v1_Identity(ref common.ReferenceCallback) common. SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "providerName": { @@ -69247,7 +70602,7 @@ func schema_openshift_api_user_v1_Identity(ref common.ReferenceCallback) common. SchemaProps: spec.SchemaProps{ Description: "user is a reference to the user this identity is associated with Both Name and UID must be set", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, "extra": { @@ -69271,7 +70626,7 @@ func schema_openshift_api_user_v1_Identity(ref common.ReferenceCallback) common. }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + corev1.ObjectReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -69300,7 +70655,7 @@ func schema_openshift_api_user_v1_IdentityList(ref common.ReferenceCallback) com SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -69322,7 +70677,7 @@ func schema_openshift_api_user_v1_IdentityList(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "github.com/openshift/api/user/v1.Identity", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/user/v1.Identity", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -69351,7 +70706,7 @@ func schema_openshift_api_user_v1_User(ref common.ReferenceCallback) common.Open SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "fullName": { @@ -69396,7 +70751,7 @@ func schema_openshift_api_user_v1_User(ref common.ReferenceCallback) common.Open }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -69425,28 +70780,28 @@ func schema_openshift_api_user_v1_UserIdentityMapping(ref common.ReferenceCallba SchemaProps: spec.SchemaProps{ Description: "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "identity": { SchemaProps: spec.SchemaProps{ Description: "identity is a reference to an identity", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, "user": { SchemaProps: spec.SchemaProps{ Description: "user is a reference to a user", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + corev1.ObjectReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -69475,7 +70830,7 @@ func schema_openshift_api_user_v1_UserList(ref common.ReferenceCallback) common. SchemaProps: spec.SchemaProps{ Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -69497,7 +70852,7 @@ func schema_openshift_api_user_v1_UserList(ref common.ReferenceCallback) common. }, }, Dependencies: []string{ - "github.com/openshift/api/user/v1.User", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + "github.com/openshift/api/user/v1.User", metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -69601,13 +70956,13 @@ func schema_k8sio_api_admissionregistration_v1_MatchResources(ref common.Referen "namespaceSelector": { SchemaProps: spec.SchemaProps{ Description: "NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"runlevel\",\n \"operator\": \"NotIn\",\n \"values\": [\n \"0\",\n \"1\"\n ]\n }\n ]\n}\n\nIf instead you want to only run the policy on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"environment\",\n \"operator\": \"In\",\n \"values\": [\n \"prod\",\n \"staging\"\n ]\n }\n ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, "objectSelector": { SchemaProps: spec.SchemaProps{ Description: "ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, "resourceRules": { @@ -69623,7 +70978,7 @@ func schema_k8sio_api_admissionregistration_v1_MatchResources(ref common.Referen Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/admissionregistration/v1.NamedRuleWithOperations"), + Ref: ref(v1.NamedRuleWithOperations{}.OpenAPIModelName()), }, }, }, @@ -69642,7 +70997,7 @@ func schema_k8sio_api_admissionregistration_v1_MatchResources(ref common.Referen Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/admissionregistration/v1.NamedRuleWithOperations"), + Ref: ref(v1.NamedRuleWithOperations{}.OpenAPIModelName()), }, }, }, @@ -69665,7 +71020,7 @@ func schema_k8sio_api_admissionregistration_v1_MatchResources(ref common.Referen }, }, Dependencies: []string{ - "k8s.io/api/admissionregistration/v1.NamedRuleWithOperations", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + v1.NamedRuleWithOperations{}.OpenAPIModelName(), metav1.LabelSelector{}.OpenAPIModelName()}, } } @@ -69688,7 +71043,7 @@ func schema_k8sio_api_admissionregistration_v1_MutatingWebhook(ref common.Refere SchemaProps: spec.SchemaProps{ Description: "ClientConfig defines how to communicate with the hook. Required", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/admissionregistration/v1.WebhookClientConfig"), + Ref: ref(v1.WebhookClientConfig{}.OpenAPIModelName()), }, }, "rules": { @@ -69704,7 +71059,7 @@ func schema_k8sio_api_admissionregistration_v1_MutatingWebhook(ref common.Refere Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/admissionregistration/v1.RuleWithOperations"), + Ref: ref(v1.RuleWithOperations{}.OpenAPIModelName()), }, }, }, @@ -69729,13 +71084,13 @@ func schema_k8sio_api_admissionregistration_v1_MutatingWebhook(ref common.Refere "namespaceSelector": { SchemaProps: spec.SchemaProps{ Description: "NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"runlevel\",\n \"operator\": \"NotIn\",\n \"values\": [\n \"0\",\n \"1\"\n ]\n }\n ]\n}\n\nIf instead you want to only run the webhook on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"environment\",\n \"operator\": \"In\",\n \"values\": [\n \"prod\",\n \"staging\"\n ]\n }\n ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, "objectSelector": { SchemaProps: spec.SchemaProps{ Description: "ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, "sideEffects": { @@ -69775,7 +71130,7 @@ func schema_k8sio_api_admissionregistration_v1_MutatingWebhook(ref common.Refere }, "reinvocationPolicy": { SchemaProps: spec.SchemaProps{ - Description: "reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are \"Never\" and \"IfNeeded\".\n\nNever: the webhook will not be called more than once in a single admission evaluation.\n\nIfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.\n\nDefaults to \"Never\".\n\nPossible enum values:\n - `\"IfNeeded\"` indicates that the webhook may be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call.\n - `\"Never\"` indicates that the webhook must not be called more than once in a single admission evaluation.", + Description: "reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are \"Never\" and \"IfNeeded\".\n\nNever: the webhook will not be called more than once in a single admission evaluation.\n\nIfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.\n\nDefaults to \"Never\".\n\nPossible enum values:\n - `\"IfNeeded\"` indicates that the mutation may be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial mutation call.\n - `\"Never\"` indicates that the mutation must not be called more than once in a single admission evaluation.", Type: []string{"string"}, Format: "", Enum: []interface{}{"IfNeeded", "Never"}, @@ -69799,7 +71154,7 @@ func schema_k8sio_api_admissionregistration_v1_MutatingWebhook(ref common.Refere Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/admissionregistration/v1.MatchCondition"), + Ref: ref(v1.MatchCondition{}.OpenAPIModelName()), }, }, }, @@ -69810,7 +71165,7 @@ func schema_k8sio_api_admissionregistration_v1_MutatingWebhook(ref common.Refere }, }, Dependencies: []string{ - "k8s.io/api/admissionregistration/v1.MatchCondition", "k8s.io/api/admissionregistration/v1.RuleWithOperations", "k8s.io/api/admissionregistration/v1.WebhookClientConfig", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + v1.MatchCondition{}.OpenAPIModelName(), v1.RuleWithOperations{}.OpenAPIModelName(), v1.WebhookClientConfig{}.OpenAPIModelName(), metav1.LabelSelector{}.OpenAPIModelName()}, } } @@ -69839,7 +71194,7 @@ func schema_k8sio_api_admissionregistration_v1_MutatingWebhookConfiguration(ref SchemaProps: spec.SchemaProps{ Description: "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "webhooks": { @@ -69860,7 +71215,7 @@ func schema_k8sio_api_admissionregistration_v1_MutatingWebhookConfiguration(ref Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/admissionregistration/v1.MutatingWebhook"), + Ref: ref(v1.MutatingWebhook{}.OpenAPIModelName()), }, }, }, @@ -69870,7 +71225,7 @@ func schema_k8sio_api_admissionregistration_v1_MutatingWebhookConfiguration(ref }, }, Dependencies: []string{ - "k8s.io/api/admissionregistration/v1.MutatingWebhook", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + v1.MutatingWebhook{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -69899,7 +71254,7 @@ func schema_k8sio_api_admissionregistration_v1_MutatingWebhookConfigurationList( SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -69910,7 +71265,7 @@ func schema_k8sio_api_admissionregistration_v1_MutatingWebhookConfigurationList( Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/admissionregistration/v1.MutatingWebhookConfiguration"), + Ref: ref(v1.MutatingWebhookConfiguration{}.OpenAPIModelName()), }, }, }, @@ -69921,7 +71276,7 @@ func schema_k8sio_api_admissionregistration_v1_MutatingWebhookConfigurationList( }, }, Dependencies: []string{ - "k8s.io/api/admissionregistration/v1.MutatingWebhookConfiguration", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + v1.MutatingWebhookConfiguration{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -70108,7 +71463,7 @@ func schema_k8sio_api_admissionregistration_v1_ParamRef(ref common.ReferenceCall "selector": { SchemaProps: spec.SchemaProps{ Description: "selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.\n\nIf multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, "parameterNotFoundAction": { @@ -70127,7 +71482,7 @@ func schema_k8sio_api_admissionregistration_v1_ParamRef(ref common.ReferenceCall }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + metav1.LabelSelector{}.OpenAPIModelName()}, } } @@ -70378,7 +71733,7 @@ func schema_k8sio_api_admissionregistration_v1_TypeChecking(ref common.Reference Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/admissionregistration/v1.ExpressionWarning"), + Ref: ref(v1.ExpressionWarning{}.OpenAPIModelName()), }, }, }, @@ -70388,7 +71743,7 @@ func schema_k8sio_api_admissionregistration_v1_TypeChecking(ref common.Reference }, }, Dependencies: []string{ - "k8s.io/api/admissionregistration/v1.ExpressionWarning"}, + v1.ExpressionWarning{}.OpenAPIModelName()}, } } @@ -70417,28 +71772,28 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicy(ref com SchemaProps: spec.SchemaProps{ Description: "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Specification of the desired behavior of the ValidatingAdmissionPolicy.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicySpec"), + Ref: ref(v1.ValidatingAdmissionPolicySpec{}.OpenAPIModelName()), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicyStatus"), + Ref: ref(v1.ValidatingAdmissionPolicyStatus{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicySpec", "k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicyStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + v1.ValidatingAdmissionPolicySpec{}.OpenAPIModelName(), v1.ValidatingAdmissionPolicyStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -70467,21 +71822,21 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyBinding( SchemaProps: spec.SchemaProps{ Description: "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicyBindingSpec"), + Ref: ref(v1.ValidatingAdmissionPolicyBindingSpec{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicyBindingSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + v1.ValidatingAdmissionPolicyBindingSpec{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -70510,7 +71865,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyBindingL SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -70521,7 +71876,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyBindingL Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicyBinding"), + Ref: ref(v1.ValidatingAdmissionPolicyBinding{}.OpenAPIModelName()), }, }, }, @@ -70532,7 +71887,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyBindingL }, }, Dependencies: []string{ - "k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicyBinding", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + v1.ValidatingAdmissionPolicyBinding{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -70553,13 +71908,13 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyBindingS "paramRef": { SchemaProps: spec.SchemaProps{ Description: "paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.", - Ref: ref("k8s.io/api/admissionregistration/v1.ParamRef"), + Ref: ref(v1.ParamRef{}.OpenAPIModelName()), }, }, "matchResources": { SchemaProps: spec.SchemaProps{ Description: "MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.", - Ref: ref("k8s.io/api/admissionregistration/v1.MatchResources"), + Ref: ref(v1.MatchResources{}.OpenAPIModelName()), }, }, "validationActions": { @@ -70587,7 +71942,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyBindingS }, }, Dependencies: []string{ - "k8s.io/api/admissionregistration/v1.MatchResources", "k8s.io/api/admissionregistration/v1.ParamRef"}, + v1.MatchResources{}.OpenAPIModelName(), v1.ParamRef{}.OpenAPIModelName()}, } } @@ -70616,7 +71971,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyList(ref SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -70627,7 +71982,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyList(ref Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicy"), + Ref: ref(v1.ValidatingAdmissionPolicy{}.OpenAPIModelName()), }, }, }, @@ -70638,7 +71993,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyList(ref }, }, Dependencies: []string{ - "k8s.io/api/admissionregistration/v1.ValidatingAdmissionPolicy", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + v1.ValidatingAdmissionPolicy{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -70652,13 +72007,13 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicySpec(ref "paramKind": { SchemaProps: spec.SchemaProps{ Description: "ParamKind specifies the kind of resources used to parameterize this policy. If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.", - Ref: ref("k8s.io/api/admissionregistration/v1.ParamKind"), + Ref: ref(v1.ParamKind{}.OpenAPIModelName()), }, }, "matchConstraints": { SchemaProps: spec.SchemaProps{ Description: "MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request if it matches _all_ Constraints. However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Required.", - Ref: ref("k8s.io/api/admissionregistration/v1.MatchResources"), + Ref: ref(v1.MatchResources{}.OpenAPIModelName()), }, }, "validations": { @@ -70674,7 +72029,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicySpec(ref Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/admissionregistration/v1.Validation"), + Ref: ref(v1.Validation{}.OpenAPIModelName()), }, }, }, @@ -70701,7 +72056,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicySpec(ref Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/admissionregistration/v1.AuditAnnotation"), + Ref: ref(v1.AuditAnnotation{}.OpenAPIModelName()), }, }, }, @@ -70725,7 +72080,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicySpec(ref Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/admissionregistration/v1.MatchCondition"), + Ref: ref(v1.MatchCondition{}.OpenAPIModelName()), }, }, }, @@ -70749,7 +72104,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicySpec(ref Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/admissionregistration/v1.Variable"), + Ref: ref(v1.Variable{}.OpenAPIModelName()), }, }, }, @@ -70759,7 +72114,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicySpec(ref }, }, Dependencies: []string{ - "k8s.io/api/admissionregistration/v1.AuditAnnotation", "k8s.io/api/admissionregistration/v1.MatchCondition", "k8s.io/api/admissionregistration/v1.MatchResources", "k8s.io/api/admissionregistration/v1.ParamKind", "k8s.io/api/admissionregistration/v1.Validation", "k8s.io/api/admissionregistration/v1.Variable"}, + v1.AuditAnnotation{}.OpenAPIModelName(), v1.MatchCondition{}.OpenAPIModelName(), v1.MatchResources{}.OpenAPIModelName(), v1.ParamKind{}.OpenAPIModelName(), v1.Validation{}.OpenAPIModelName(), v1.Variable{}.OpenAPIModelName()}, } } @@ -70780,7 +72135,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyStatus(r "typeChecking": { SchemaProps: spec.SchemaProps{ Description: "The results of type checking for each expression. Presence of this field indicates the completion of the type checking.", - Ref: ref("k8s.io/api/admissionregistration/v1.TypeChecking"), + Ref: ref(v1.TypeChecking{}.OpenAPIModelName()), }, }, "conditions": { @@ -70799,7 +72154,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyStatus(r Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -70809,7 +72164,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingAdmissionPolicyStatus(r }, }, Dependencies: []string{ - "k8s.io/api/admissionregistration/v1.TypeChecking", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + v1.TypeChecking{}.OpenAPIModelName(), metav1.Condition{}.OpenAPIModelName()}, } } @@ -70832,7 +72187,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingWebhook(ref common.Refe SchemaProps: spec.SchemaProps{ Description: "ClientConfig defines how to communicate with the hook. Required", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/admissionregistration/v1.WebhookClientConfig"), + Ref: ref(v1.WebhookClientConfig{}.OpenAPIModelName()), }, }, "rules": { @@ -70848,7 +72203,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingWebhook(ref common.Refe Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/admissionregistration/v1.RuleWithOperations"), + Ref: ref(v1.RuleWithOperations{}.OpenAPIModelName()), }, }, }, @@ -70873,13 +72228,13 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingWebhook(ref common.Refe "namespaceSelector": { SchemaProps: spec.SchemaProps{ Description: "NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"runlevel\",\n \"operator\": \"NotIn\",\n \"values\": [\n \"0\",\n \"1\"\n ]\n }\n ]\n}\n\nIf instead you want to only run the webhook on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"environment\",\n \"operator\": \"In\",\n \"values\": [\n \"prod\",\n \"staging\"\n ]\n }\n ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, "objectSelector": { SchemaProps: spec.SchemaProps{ Description: "ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, "sideEffects": { @@ -70935,7 +72290,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingWebhook(ref common.Refe Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/admissionregistration/v1.MatchCondition"), + Ref: ref(v1.MatchCondition{}.OpenAPIModelName()), }, }, }, @@ -70946,7 +72301,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingWebhook(ref common.Refe }, }, Dependencies: []string{ - "k8s.io/api/admissionregistration/v1.MatchCondition", "k8s.io/api/admissionregistration/v1.RuleWithOperations", "k8s.io/api/admissionregistration/v1.WebhookClientConfig", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + v1.MatchCondition{}.OpenAPIModelName(), v1.RuleWithOperations{}.OpenAPIModelName(), v1.WebhookClientConfig{}.OpenAPIModelName(), metav1.LabelSelector{}.OpenAPIModelName()}, } } @@ -70975,7 +72330,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingWebhookConfiguration(re SchemaProps: spec.SchemaProps{ Description: "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "webhooks": { @@ -70996,7 +72351,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingWebhookConfiguration(re Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/admissionregistration/v1.ValidatingWebhook"), + Ref: ref(v1.ValidatingWebhook{}.OpenAPIModelName()), }, }, }, @@ -71006,7 +72361,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingWebhookConfiguration(re }, }, Dependencies: []string{ - "k8s.io/api/admissionregistration/v1.ValidatingWebhook", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + v1.ValidatingWebhook{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -71035,7 +72390,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingWebhookConfigurationLis SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -71046,7 +72401,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingWebhookConfigurationLis Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/admissionregistration/v1.ValidatingWebhookConfiguration"), + Ref: ref(v1.ValidatingWebhookConfiguration{}.OpenAPIModelName()), }, }, }, @@ -71057,7 +72412,7 @@ func schema_k8sio_api_admissionregistration_v1_ValidatingWebhookConfigurationLis }, }, Dependencies: []string{ - "k8s.io/api/admissionregistration/v1.ValidatingWebhookConfiguration", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + v1.ValidatingWebhookConfiguration{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -71156,7 +72511,7 @@ func schema_k8sio_api_admissionregistration_v1_WebhookClientConfig(ref common.Re "service": { SchemaProps: spec.SchemaProps{ Description: "`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.\n\nIf the webhook is running within the cluster, then you should use `service`.", - Ref: ref("k8s.io/api/admissionregistration/v1.ServiceReference"), + Ref: ref(v1.ServiceReference{}.OpenAPIModelName()), }, }, "caBundle": { @@ -71170,7 +72525,7 @@ func schema_k8sio_api_admissionregistration_v1_WebhookClientConfig(ref common.Re }, }, Dependencies: []string{ - "k8s.io/api/admissionregistration/v1.ServiceReference"}, + v1.ServiceReference{}.OpenAPIModelName()}, } } @@ -71201,7 +72556,7 @@ func schema_k8sio_api_authorization_v1_FieldSelectorAttributes(ref common.Refere Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.FieldSelectorRequirement"), + Ref: ref(metav1.FieldSelectorRequirement{}.OpenAPIModelName()), }, }, }, @@ -71211,7 +72566,7 @@ func schema_k8sio_api_authorization_v1_FieldSelectorAttributes(ref common.Refere }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.FieldSelectorRequirement"}, + metav1.FieldSelectorRequirement{}.OpenAPIModelName()}, } } @@ -71242,7 +72597,7 @@ func schema_k8sio_api_authorization_v1_LabelSelectorAttributes(ref common.Refere Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement"), + Ref: ref(metav1.LabelSelectorRequirement{}.OpenAPIModelName()), }, }, }, @@ -71252,7 +72607,7 @@ func schema_k8sio_api_authorization_v1_LabelSelectorAttributes(ref common.Refere }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement"}, + metav1.LabelSelectorRequirement{}.OpenAPIModelName()}, } } @@ -71281,21 +72636,21 @@ func schema_k8sio_api_authorization_v1_LocalSubjectAccessReview(ref common.Refer SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace you made the request against. If empty, it is defaulted.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/authorization/v1.SubjectAccessReviewSpec"), + Ref: ref(authorizationv1.SubjectAccessReviewSpec{}.OpenAPIModelName()), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "Status is filled in by the server and indicates whether the request is allowed or not", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/authorization/v1.SubjectAccessReviewStatus"), + Ref: ref(authorizationv1.SubjectAccessReviewStatus{}.OpenAPIModelName()), }, }, }, @@ -71303,7 +72658,7 @@ func schema_k8sio_api_authorization_v1_LocalSubjectAccessReview(ref common.Refer }, }, Dependencies: []string{ - "k8s.io/api/authorization/v1.SubjectAccessReviewSpec", "k8s.io/api/authorization/v1.SubjectAccessReviewStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + authorizationv1.SubjectAccessReviewSpec{}.OpenAPIModelName(), authorizationv1.SubjectAccessReviewStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -71447,20 +72802,20 @@ func schema_k8sio_api_authorization_v1_ResourceAttributes(ref common.ReferenceCa "fieldSelector": { SchemaProps: spec.SchemaProps{ Description: "fieldSelector describes the limitation on access based on field. It can only limit access, not broaden it.", - Ref: ref("k8s.io/api/authorization/v1.FieldSelectorAttributes"), + Ref: ref(authorizationv1.FieldSelectorAttributes{}.OpenAPIModelName()), }, }, "labelSelector": { SchemaProps: spec.SchemaProps{ Description: "labelSelector describes the limitation on access based on labels. It can only limit access, not broaden it.", - Ref: ref("k8s.io/api/authorization/v1.LabelSelectorAttributes"), + Ref: ref(authorizationv1.LabelSelectorAttributes{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/authorization/v1.FieldSelectorAttributes", "k8s.io/api/authorization/v1.LabelSelectorAttributes"}, + authorizationv1.FieldSelectorAttributes{}.OpenAPIModelName(), authorizationv1.LabelSelectorAttributes{}.OpenAPIModelName()}, } } @@ -71583,21 +72938,21 @@ func schema_k8sio_api_authorization_v1_SelfSubjectAccessReview(ref common.Refere SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec holds information about the request being evaluated. user and groups must be empty", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/authorization/v1.SelfSubjectAccessReviewSpec"), + Ref: ref(authorizationv1.SelfSubjectAccessReviewSpec{}.OpenAPIModelName()), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "Status is filled in by the server and indicates whether the request is allowed or not", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/authorization/v1.SubjectAccessReviewStatus"), + Ref: ref(authorizationv1.SubjectAccessReviewStatus{}.OpenAPIModelName()), }, }, }, @@ -71605,7 +72960,7 @@ func schema_k8sio_api_authorization_v1_SelfSubjectAccessReview(ref common.Refere }, }, Dependencies: []string{ - "k8s.io/api/authorization/v1.SelfSubjectAccessReviewSpec", "k8s.io/api/authorization/v1.SubjectAccessReviewStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + authorizationv1.SelfSubjectAccessReviewSpec{}.OpenAPIModelName(), authorizationv1.SubjectAccessReviewStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -71619,20 +72974,20 @@ func schema_k8sio_api_authorization_v1_SelfSubjectAccessReviewSpec(ref common.Re "resourceAttributes": { SchemaProps: spec.SchemaProps{ Description: "ResourceAuthorizationAttributes describes information for a resource access request", - Ref: ref("k8s.io/api/authorization/v1.ResourceAttributes"), + Ref: ref(authorizationv1.ResourceAttributes{}.OpenAPIModelName()), }, }, "nonResourceAttributes": { SchemaProps: spec.SchemaProps{ Description: "NonResourceAttributes describes information for a non-resource access request", - Ref: ref("k8s.io/api/authorization/v1.NonResourceAttributes"), + Ref: ref(authorizationv1.NonResourceAttributes{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/authorization/v1.NonResourceAttributes", "k8s.io/api/authorization/v1.ResourceAttributes"}, + authorizationv1.NonResourceAttributes{}.OpenAPIModelName(), authorizationv1.ResourceAttributes{}.OpenAPIModelName()}, } } @@ -71661,21 +73016,21 @@ func schema_k8sio_api_authorization_v1_SelfSubjectRulesReview(ref common.Referen SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec holds information about the request being evaluated.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/authorization/v1.SelfSubjectRulesReviewSpec"), + Ref: ref(authorizationv1.SelfSubjectRulesReviewSpec{}.OpenAPIModelName()), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "Status is filled in by the server and indicates the set of actions a user can perform.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/authorization/v1.SubjectRulesReviewStatus"), + Ref: ref(authorizationv1.SubjectRulesReviewStatus{}.OpenAPIModelName()), }, }, }, @@ -71683,7 +73038,7 @@ func schema_k8sio_api_authorization_v1_SelfSubjectRulesReview(ref common.Referen }, }, Dependencies: []string{ - "k8s.io/api/authorization/v1.SelfSubjectRulesReviewSpec", "k8s.io/api/authorization/v1.SubjectRulesReviewStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + authorizationv1.SelfSubjectRulesReviewSpec{}.OpenAPIModelName(), authorizationv1.SubjectRulesReviewStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -71732,21 +73087,21 @@ func schema_k8sio_api_authorization_v1_SubjectAccessReview(ref common.ReferenceC SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec holds information about the request being evaluated", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/authorization/v1.SubjectAccessReviewSpec"), + Ref: ref(authorizationv1.SubjectAccessReviewSpec{}.OpenAPIModelName()), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "Status is filled in by the server and indicates whether the request is allowed or not", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/authorization/v1.SubjectAccessReviewStatus"), + Ref: ref(authorizationv1.SubjectAccessReviewStatus{}.OpenAPIModelName()), }, }, }, @@ -71754,7 +73109,7 @@ func schema_k8sio_api_authorization_v1_SubjectAccessReview(ref common.ReferenceC }, }, Dependencies: []string{ - "k8s.io/api/authorization/v1.SubjectAccessReviewSpec", "k8s.io/api/authorization/v1.SubjectAccessReviewStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + authorizationv1.SubjectAccessReviewSpec{}.OpenAPIModelName(), authorizationv1.SubjectAccessReviewStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -71768,13 +73123,13 @@ func schema_k8sio_api_authorization_v1_SubjectAccessReviewSpec(ref common.Refere "resourceAttributes": { SchemaProps: spec.SchemaProps{ Description: "ResourceAuthorizationAttributes describes information for a resource access request", - Ref: ref("k8s.io/api/authorization/v1.ResourceAttributes"), + Ref: ref(authorizationv1.ResourceAttributes{}.OpenAPIModelName()), }, }, "nonResourceAttributes": { SchemaProps: spec.SchemaProps{ Description: "NonResourceAttributes describes information for a non-resource access request", - Ref: ref("k8s.io/api/authorization/v1.NonResourceAttributes"), + Ref: ref(authorizationv1.NonResourceAttributes{}.OpenAPIModelName()), }, }, "user": { @@ -71838,7 +73193,7 @@ func schema_k8sio_api_authorization_v1_SubjectAccessReviewSpec(ref common.Refere }, }, Dependencies: []string{ - "k8s.io/api/authorization/v1.NonResourceAttributes", "k8s.io/api/authorization/v1.ResourceAttributes"}, + authorizationv1.NonResourceAttributes{}.OpenAPIModelName(), authorizationv1.ResourceAttributes{}.OpenAPIModelName()}, } } @@ -71905,7 +73260,7 @@ func schema_k8sio_api_authorization_v1_SubjectRulesReviewStatus(ref common.Refer Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/authorization/v1.ResourceRule"), + Ref: ref(authorizationv1.ResourceRule{}.OpenAPIModelName()), }, }, }, @@ -71924,7 +73279,7 @@ func schema_k8sio_api_authorization_v1_SubjectRulesReviewStatus(ref common.Refer Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/authorization/v1.NonResourceRule"), + Ref: ref(authorizationv1.NonResourceRule{}.OpenAPIModelName()), }, }, }, @@ -71950,7 +73305,7 @@ func schema_k8sio_api_authorization_v1_SubjectRulesReviewStatus(ref common.Refer }, }, Dependencies: []string{ - "k8s.io/api/authorization/v1.NonResourceRule", "k8s.io/api/authorization/v1.ResourceRule"}, + authorizationv1.NonResourceRule{}.OpenAPIModelName(), authorizationv1.ResourceRule{}.OpenAPIModelName()}, } } @@ -72007,26 +73362,26 @@ func schema_k8sio_api_core_v1_Affinity(ref common.ReferenceCallback) common.Open "nodeAffinity": { SchemaProps: spec.SchemaProps{ Description: "Describes node affinity scheduling rules for the pod.", - Ref: ref("k8s.io/api/core/v1.NodeAffinity"), + Ref: ref(corev1.NodeAffinity{}.OpenAPIModelName()), }, }, "podAffinity": { SchemaProps: spec.SchemaProps{ Description: "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - Ref: ref("k8s.io/api/core/v1.PodAffinity"), + Ref: ref(corev1.PodAffinity{}.OpenAPIModelName()), }, }, "podAntiAffinity": { SchemaProps: spec.SchemaProps{ Description: "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - Ref: ref("k8s.io/api/core/v1.PodAntiAffinity"), + Ref: ref(corev1.PodAntiAffinity{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.NodeAffinity", "k8s.io/api/core/v1.PodAffinity", "k8s.io/api/core/v1.PodAntiAffinity"}, + corev1.NodeAffinity{}.OpenAPIModelName(), corev1.PodAffinity{}.OpenAPIModelName(), corev1.PodAntiAffinity{}.OpenAPIModelName()}, } } @@ -72122,7 +73477,7 @@ func schema_k8sio_api_core_v1_AvoidPods(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PreferAvoidPodsEntry"), + Ref: ref(corev1.PreferAvoidPodsEntry{}.OpenAPIModelName()), }, }, }, @@ -72132,7 +73487,7 @@ func schema_k8sio_api_core_v1_AvoidPods(ref common.ReferenceCallback) common.Ope }, }, Dependencies: []string{ - "k8s.io/api/core/v1.PreferAvoidPodsEntry"}, + corev1.PreferAvoidPodsEntry{}.OpenAPIModelName()}, } } @@ -72162,7 +73517,7 @@ func schema_k8sio_api_core_v1_AzureDiskVolumeSource(ref common.ReferenceCallback "cachingMode": { SchemaProps: spec.SchemaProps{ Description: "cachingMode is the Host Caching mode: None, Read Only, Read Write.\n\nPossible enum values:\n - `\"None\"`\n - `\"ReadOnly\"`\n - `\"ReadWrite\"`", - Default: v1.AzureDataDiskCachingReadWrite, + Default: corev1.AzureDataDiskCachingReadWrite, Type: []string{"string"}, Format: "", Enum: []interface{}{"None", "ReadOnly", "ReadWrite"}, @@ -72187,7 +73542,7 @@ func schema_k8sio_api_core_v1_AzureDiskVolumeSource(ref common.ReferenceCallback "kind": { SchemaProps: spec.SchemaProps{ Description: "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared\n\nPossible enum values:\n - `\"Dedicated\"`\n - `\"Managed\"`\n - `\"Shared\"`", - Default: v1.AzureSharedBlobDisk, + Default: corev1.AzureSharedBlobDisk, Type: []string{"string"}, Format: "", Enum: []interface{}{"Dedicated", "Managed", "Shared"}, @@ -72306,14 +73661,14 @@ func schema_k8sio_api_core_v1_Binding(ref common.ReferenceCallback) common.OpenA SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "target": { SchemaProps: spec.SchemaProps{ Description: "The target object that you want to bind to the standard object.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, }, @@ -72321,7 +73676,7 @@ func schema_k8sio_api_core_v1_Binding(ref common.ReferenceCallback) common.OpenA }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + corev1.ObjectReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -72381,31 +73736,31 @@ func schema_k8sio_api_core_v1_CSIPersistentVolumeSource(ref common.ReferenceCall "controllerPublishSecretRef": { SchemaProps: spec.SchemaProps{ Description: "controllerPublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerPublishVolume and ControllerUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", - Ref: ref("k8s.io/api/core/v1.SecretReference"), + Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), }, }, "nodeStageSecretRef": { SchemaProps: spec.SchemaProps{ Description: "nodeStageSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeStageVolume and NodeStageVolume and NodeUnstageVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", - Ref: ref("k8s.io/api/core/v1.SecretReference"), + Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), }, }, "nodePublishSecretRef": { SchemaProps: spec.SchemaProps{ Description: "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", - Ref: ref("k8s.io/api/core/v1.SecretReference"), + Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), }, }, "controllerExpandSecretRef": { SchemaProps: spec.SchemaProps{ Description: "controllerExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerExpandVolume call. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", - Ref: ref("k8s.io/api/core/v1.SecretReference"), + Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), }, }, "nodeExpandSecretRef": { SchemaProps: spec.SchemaProps{ Description: "nodeExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeExpandVolume call. This field is optional, may be omitted if no secret is required. If the secret object contains more than one secret, all secrets are passed.", - Ref: ref("k8s.io/api/core/v1.SecretReference"), + Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), }, }, }, @@ -72413,7 +73768,7 @@ func schema_k8sio_api_core_v1_CSIPersistentVolumeSource(ref common.ReferenceCall }, }, Dependencies: []string{ - "k8s.io/api/core/v1.SecretReference"}, + corev1.SecretReference{}.OpenAPIModelName()}, } } @@ -72465,7 +73820,7 @@ func schema_k8sio_api_core_v1_CSIVolumeSource(ref common.ReferenceCallback) comm "nodePublishSecretRef": { SchemaProps: spec.SchemaProps{ Description: "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, }, @@ -72473,7 +73828,7 @@ func schema_k8sio_api_core_v1_CSIVolumeSource(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "k8s.io/api/core/v1.LocalObjectReference"}, + corev1.LocalObjectReference{}.OpenAPIModelName()}, } } @@ -72581,7 +73936,7 @@ func schema_k8sio_api_core_v1_CephFSPersistentVolumeSource(ref common.ReferenceC "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - Ref: ref("k8s.io/api/core/v1.SecretReference"), + Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), }, }, "readOnly": { @@ -72596,7 +73951,7 @@ func schema_k8sio_api_core_v1_CephFSPersistentVolumeSource(ref common.ReferenceC }, }, Dependencies: []string{ - "k8s.io/api/core/v1.SecretReference"}, + corev1.SecretReference{}.OpenAPIModelName()}, } } @@ -72651,7 +74006,7 @@ func schema_k8sio_api_core_v1_CephFSVolumeSource(ref common.ReferenceCallback) c "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, "readOnly": { @@ -72666,7 +74021,7 @@ func schema_k8sio_api_core_v1_CephFSVolumeSource(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - "k8s.io/api/core/v1.LocalObjectReference"}, + corev1.LocalObjectReference{}.OpenAPIModelName()}, } } @@ -72702,7 +74057,7 @@ func schema_k8sio_api_core_v1_CinderPersistentVolumeSource(ref common.ReferenceC "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef is Optional: points to a secret object containing parameters used to connect to OpenStack.", - Ref: ref("k8s.io/api/core/v1.SecretReference"), + Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), }, }, }, @@ -72710,7 +74065,7 @@ func schema_k8sio_api_core_v1_CinderPersistentVolumeSource(ref common.ReferenceC }, }, Dependencies: []string{ - "k8s.io/api/core/v1.SecretReference"}, + corev1.SecretReference{}.OpenAPIModelName()}, } } @@ -72746,7 +74101,7 @@ func schema_k8sio_api_core_v1_CinderVolumeSource(ref common.ReferenceCallback) c "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, }, @@ -72754,7 +74109,7 @@ func schema_k8sio_api_core_v1_CinderVolumeSource(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - "k8s.io/api/core/v1.LocalObjectReference"}, + corev1.LocalObjectReference{}.OpenAPIModelName()}, } } @@ -72802,7 +74157,7 @@ func schema_k8sio_api_core_v1_ClusterTrustBundleProjection(ref common.ReferenceC "labelSelector": { SchemaProps: spec.SchemaProps{ Description: "Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as \"match nothing\". If set but empty, interpreted as \"match everything\".", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, "optional": { @@ -72825,7 +74180,7 @@ func schema_k8sio_api_core_v1_ClusterTrustBundleProjection(ref common.ReferenceC }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + metav1.LabelSelector{}.OpenAPIModelName()}, } } @@ -72898,7 +74253,7 @@ func schema_k8sio_api_core_v1_ComponentStatus(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "conditions": { @@ -72919,7 +74274,7 @@ func schema_k8sio_api_core_v1_ComponentStatus(ref common.ReferenceCallback) comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ComponentCondition"), + Ref: ref(corev1.ComponentCondition{}.OpenAPIModelName()), }, }, }, @@ -72929,7 +74284,7 @@ func schema_k8sio_api_core_v1_ComponentStatus(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ComponentCondition", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + corev1.ComponentCondition{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -72958,7 +74313,7 @@ func schema_k8sio_api_core_v1_ComponentStatusList(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -72969,7 +74324,7 @@ func schema_k8sio_api_core_v1_ComponentStatusList(ref common.ReferenceCallback) Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ComponentStatus"), + Ref: ref(corev1.ComponentStatus{}.OpenAPIModelName()), }, }, }, @@ -72980,7 +74335,7 @@ func schema_k8sio_api_core_v1_ComponentStatusList(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ComponentStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + corev1.ComponentStatus{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -73009,7 +74364,7 @@ func schema_k8sio_api_core_v1_ConfigMap(ref common.ReferenceCallback) common.Ope SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "immutable": { @@ -73054,7 +74409,7 @@ func schema_k8sio_api_core_v1_ConfigMap(ref common.ReferenceCallback) common.Ope }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -73153,7 +74508,7 @@ func schema_k8sio_api_core_v1_ConfigMapList(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -73164,7 +74519,7 @@ func schema_k8sio_api_core_v1_ConfigMapList(ref common.ReferenceCallback) common Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ConfigMap"), + Ref: ref(corev1.ConfigMap{}.OpenAPIModelName()), }, }, }, @@ -73175,7 +74530,7 @@ func schema_k8sio_api_core_v1_ConfigMapList(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ConfigMap", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + corev1.ConfigMap{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -73259,7 +74614,7 @@ func schema_k8sio_api_core_v1_ConfigMapProjection(ref common.ReferenceCallback) Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.KeyToPath"), + Ref: ref(corev1.KeyToPath{}.OpenAPIModelName()), }, }, }, @@ -73276,7 +74631,7 @@ func schema_k8sio_api_core_v1_ConfigMapProjection(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "k8s.io/api/core/v1.KeyToPath"}, + corev1.KeyToPath{}.OpenAPIModelName()}, } } @@ -73308,7 +74663,7 @@ func schema_k8sio_api_core_v1_ConfigMapVolumeSource(ref common.ReferenceCallback Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.KeyToPath"), + Ref: ref(corev1.KeyToPath{}.OpenAPIModelName()), }, }, }, @@ -73332,7 +74687,7 @@ func schema_k8sio_api_core_v1_ConfigMapVolumeSource(ref common.ReferenceCallback }, }, Dependencies: []string{ - "k8s.io/api/core/v1.KeyToPath"}, + corev1.KeyToPath{}.OpenAPIModelName()}, } } @@ -73424,7 +74779,7 @@ func schema_k8sio_api_core_v1_Container(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ContainerPort"), + Ref: ref(corev1.ContainerPort{}.OpenAPIModelName()), }, }, }, @@ -73443,7 +74798,7 @@ func schema_k8sio_api_core_v1_Container(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.EnvFromSource"), + Ref: ref(corev1.EnvFromSource{}.OpenAPIModelName()), }, }, }, @@ -73467,7 +74822,7 @@ func schema_k8sio_api_core_v1_Container(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.EnvVar"), + Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), }, }, }, @@ -73477,7 +74832,7 @@ func schema_k8sio_api_core_v1_Container(ref common.ReferenceCallback) common.Ope SchemaProps: spec.SchemaProps{ Description: "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), + Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), }, }, "resizePolicy": { @@ -73487,13 +74842,13 @@ func schema_k8sio_api_core_v1_Container(ref common.ReferenceCallback) common.Ope }, }, SchemaProps: spec.SchemaProps{ - Description: "Resources resize policy for the container.", + Description: "Resources resize policy for the container. This field cannot be set on ephemeral containers.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ContainerResizePolicy"), + Ref: ref(corev1.ContainerResizePolicy{}.OpenAPIModelName()), }, }, }, @@ -73519,7 +74874,7 @@ func schema_k8sio_api_core_v1_Container(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ContainerRestartRule"), + Ref: ref(corev1.ContainerRestartRule{}.OpenAPIModelName()), }, }, }, @@ -73543,7 +74898,7 @@ func schema_k8sio_api_core_v1_Container(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.VolumeMount"), + Ref: ref(corev1.VolumeMount{}.OpenAPIModelName()), }, }, }, @@ -73567,7 +74922,7 @@ func schema_k8sio_api_core_v1_Container(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.VolumeDevice"), + Ref: ref(corev1.VolumeDevice{}.OpenAPIModelName()), }, }, }, @@ -73576,25 +74931,25 @@ func schema_k8sio_api_core_v1_Container(ref common.ReferenceCallback) common.Ope "livenessProbe": { SchemaProps: spec.SchemaProps{ Description: "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - Ref: ref("k8s.io/api/core/v1.Probe"), + Ref: ref(corev1.Probe{}.OpenAPIModelName()), }, }, "readinessProbe": { SchemaProps: spec.SchemaProps{ Description: "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - Ref: ref("k8s.io/api/core/v1.Probe"), + Ref: ref(corev1.Probe{}.OpenAPIModelName()), }, }, "startupProbe": { SchemaProps: spec.SchemaProps{ Description: "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - Ref: ref("k8s.io/api/core/v1.Probe"), + Ref: ref(corev1.Probe{}.OpenAPIModelName()), }, }, "lifecycle": { SchemaProps: spec.SchemaProps{ Description: "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", - Ref: ref("k8s.io/api/core/v1.Lifecycle"), + Ref: ref(corev1.Lifecycle{}.OpenAPIModelName()), }, }, "terminationMessagePath": { @@ -73623,7 +74978,7 @@ func schema_k8sio_api_core_v1_Container(ref common.ReferenceCallback) common.Ope "securityContext": { SchemaProps: spec.SchemaProps{ Description: "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", - Ref: ref("k8s.io/api/core/v1.SecurityContext"), + Ref: ref(corev1.SecurityContext{}.OpenAPIModelName()), }, }, "stdin": { @@ -73652,7 +75007,7 @@ func schema_k8sio_api_core_v1_Container(ref common.ReferenceCallback) common.Ope }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ContainerPort", "k8s.io/api/core/v1.ContainerResizePolicy", "k8s.io/api/core/v1.ContainerRestartRule", "k8s.io/api/core/v1.EnvFromSource", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.Lifecycle", "k8s.io/api/core/v1.Probe", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.SecurityContext", "k8s.io/api/core/v1.VolumeDevice", "k8s.io/api/core/v1.VolumeMount"}, + corev1.ContainerPort{}.OpenAPIModelName(), corev1.ContainerResizePolicy{}.OpenAPIModelName(), corev1.ContainerRestartRule{}.OpenAPIModelName(), corev1.EnvFromSource{}.OpenAPIModelName(), corev1.EnvVar{}.OpenAPIModelName(), corev1.Lifecycle{}.OpenAPIModelName(), corev1.Probe{}.OpenAPIModelName(), corev1.ResourceRequirements{}.OpenAPIModelName(), corev1.SecurityContext{}.OpenAPIModelName(), corev1.VolumeDevice{}.OpenAPIModelName(), corev1.VolumeMount{}.OpenAPIModelName()}, } } @@ -73833,7 +75188,7 @@ func schema_k8sio_api_core_v1_ContainerRestartRule(ref common.ReferenceCallback) "exitCodes": { SchemaProps: spec.SchemaProps{ Description: "Represents the exit codes to check on container exits.", - Ref: ref("k8s.io/api/core/v1.ContainerRestartRuleOnExitCodes"), + Ref: ref(corev1.ContainerRestartRuleOnExitCodes{}.OpenAPIModelName()), }, }, }, @@ -73841,7 +75196,7 @@ func schema_k8sio_api_core_v1_ContainerRestartRule(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ContainerRestartRuleOnExitCodes"}, + corev1.ContainerRestartRuleOnExitCodes{}.OpenAPIModelName()}, } } @@ -73896,26 +75251,26 @@ func schema_k8sio_api_core_v1_ContainerState(ref common.ReferenceCallback) commo "waiting": { SchemaProps: spec.SchemaProps{ Description: "Details about a waiting container", - Ref: ref("k8s.io/api/core/v1.ContainerStateWaiting"), + Ref: ref(corev1.ContainerStateWaiting{}.OpenAPIModelName()), }, }, "running": { SchemaProps: spec.SchemaProps{ Description: "Details about a running container", - Ref: ref("k8s.io/api/core/v1.ContainerStateRunning"), + Ref: ref(corev1.ContainerStateRunning{}.OpenAPIModelName()), }, }, "terminated": { SchemaProps: spec.SchemaProps{ Description: "Details about a terminated container", - Ref: ref("k8s.io/api/core/v1.ContainerStateTerminated"), + Ref: ref(corev1.ContainerStateTerminated{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ContainerStateRunning", "k8s.io/api/core/v1.ContainerStateTerminated", "k8s.io/api/core/v1.ContainerStateWaiting"}, + corev1.ContainerStateRunning{}.OpenAPIModelName(), corev1.ContainerStateTerminated{}.OpenAPIModelName(), corev1.ContainerStateWaiting{}.OpenAPIModelName()}, } } @@ -73929,14 +75284,14 @@ func schema_k8sio_api_core_v1_ContainerStateRunning(ref common.ReferenceCallback "startedAt": { SchemaProps: spec.SchemaProps{ Description: "Time at which the container was last (re-)started", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -73979,13 +75334,13 @@ func schema_k8sio_api_core_v1_ContainerStateTerminated(ref common.ReferenceCallb "startedAt": { SchemaProps: spec.SchemaProps{ Description: "Time at which previous execution of the container started", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "finishedAt": { SchemaProps: spec.SchemaProps{ Description: "Time at which the container last terminated", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "containerID": { @@ -74000,7 +75355,7 @@ func schema_k8sio_api_core_v1_ContainerStateTerminated(ref common.ReferenceCallb }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -74050,14 +75405,14 @@ func schema_k8sio_api_core_v1_ContainerStatus(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "State holds details about the container's current condition.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ContainerState"), + Ref: ref(corev1.ContainerState{}.OpenAPIModelName()), }, }, "lastState": { SchemaProps: spec.SchemaProps{ Description: "LastTerminationState holds the last termination state of the container to help debug container crashes and restarts. This field is not populated if the container is still running and RestartCount is 0.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ContainerState"), + Ref: ref(corev1.ContainerState{}.OpenAPIModelName()), }, }, "ready": { @@ -74114,7 +75469,7 @@ func schema_k8sio_api_core_v1_ContainerStatus(ref common.ReferenceCallback) comm Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, }, @@ -74123,7 +75478,7 @@ func schema_k8sio_api_core_v1_ContainerStatus(ref common.ReferenceCallback) comm "resources": { SchemaProps: spec.SchemaProps{ Description: "Resources represents the compute resource requests and limits that have been successfully enacted on the running container after it has been started or has been successfully resized.", - Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), + Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), }, }, "volumeMounts": { @@ -74144,7 +75499,7 @@ func schema_k8sio_api_core_v1_ContainerStatus(ref common.ReferenceCallback) comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.VolumeMountStatus"), + Ref: ref(corev1.VolumeMountStatus{}.OpenAPIModelName()), }, }, }, @@ -74153,7 +75508,7 @@ func schema_k8sio_api_core_v1_ContainerStatus(ref common.ReferenceCallback) comm "user": { SchemaProps: spec.SchemaProps{ Description: "User represents user identity information initially attached to the first process of the container", - Ref: ref("k8s.io/api/core/v1.ContainerUser"), + Ref: ref(corev1.ContainerUser{}.OpenAPIModelName()), }, }, "allocatedResourcesStatus": { @@ -74174,7 +75529,7 @@ func schema_k8sio_api_core_v1_ContainerStatus(ref common.ReferenceCallback) comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ResourceStatus"), + Ref: ref(corev1.ResourceStatus{}.OpenAPIModelName()), }, }, }, @@ -74193,7 +75548,7 @@ func schema_k8sio_api_core_v1_ContainerStatus(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ContainerState", "k8s.io/api/core/v1.ContainerUser", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.ResourceStatus", "k8s.io/api/core/v1.VolumeMountStatus", "k8s.io/apimachinery/pkg/api/resource.Quantity"}, + corev1.ContainerState{}.OpenAPIModelName(), corev1.ContainerUser{}.OpenAPIModelName(), corev1.ResourceRequirements{}.OpenAPIModelName(), corev1.ResourceStatus{}.OpenAPIModelName(), corev1.VolumeMountStatus{}.OpenAPIModelName(), resource.Quantity{}.OpenAPIModelName()}, } } @@ -74207,14 +75562,14 @@ func schema_k8sio_api_core_v1_ContainerUser(ref common.ReferenceCallback) common "linux": { SchemaProps: spec.SchemaProps{ Description: "Linux holds user identity information initially attached to the first process of the containers in Linux. Note that the actual running identity can be changed if the process has enough privilege to do so.", - Ref: ref("k8s.io/api/core/v1.LinuxContainerUser"), + Ref: ref(corev1.LinuxContainerUser{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.LinuxContainerUser"}, + corev1.LinuxContainerUser{}.OpenAPIModelName()}, } } @@ -74260,7 +75615,7 @@ func schema_k8sio_api_core_v1_DownwardAPIProjection(ref common.ReferenceCallback Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.DownwardAPIVolumeFile"), + Ref: ref(corev1.DownwardAPIVolumeFile{}.OpenAPIModelName()), }, }, }, @@ -74270,7 +75625,7 @@ func schema_k8sio_api_core_v1_DownwardAPIProjection(ref common.ReferenceCallback }, }, Dependencies: []string{ - "k8s.io/api/core/v1.DownwardAPIVolumeFile"}, + corev1.DownwardAPIVolumeFile{}.OpenAPIModelName()}, } } @@ -74292,13 +75647,13 @@ func schema_k8sio_api_core_v1_DownwardAPIVolumeFile(ref common.ReferenceCallback "fieldRef": { SchemaProps: spec.SchemaProps{ Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", - Ref: ref("k8s.io/api/core/v1.ObjectFieldSelector"), + Ref: ref(corev1.ObjectFieldSelector{}.OpenAPIModelName()), }, }, "resourceFieldRef": { SchemaProps: spec.SchemaProps{ Description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", - Ref: ref("k8s.io/api/core/v1.ResourceFieldSelector"), + Ref: ref(corev1.ResourceFieldSelector{}.OpenAPIModelName()), }, }, "mode": { @@ -74313,7 +75668,7 @@ func schema_k8sio_api_core_v1_DownwardAPIVolumeFile(ref common.ReferenceCallback }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ObjectFieldSelector", "k8s.io/api/core/v1.ResourceFieldSelector"}, + corev1.ObjectFieldSelector{}.OpenAPIModelName(), corev1.ResourceFieldSelector{}.OpenAPIModelName()}, } } @@ -74337,7 +75692,7 @@ func schema_k8sio_api_core_v1_DownwardAPIVolumeSource(ref common.ReferenceCallba Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.DownwardAPIVolumeFile"), + Ref: ref(corev1.DownwardAPIVolumeFile{}.OpenAPIModelName()), }, }, }, @@ -74354,7 +75709,7 @@ func schema_k8sio_api_core_v1_DownwardAPIVolumeSource(ref common.ReferenceCallba }, }, Dependencies: []string{ - "k8s.io/api/core/v1.DownwardAPIVolumeFile"}, + corev1.DownwardAPIVolumeFile{}.OpenAPIModelName()}, } } @@ -74375,14 +75730,14 @@ func schema_k8sio_api_core_v1_EmptyDirVolumeSource(ref common.ReferenceCallback) "sizeLimit": { SchemaProps: spec.SchemaProps{ Description: "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/api/resource.Quantity"}, + resource.Quantity{}.OpenAPIModelName()}, } } @@ -74418,7 +75773,7 @@ func schema_k8sio_api_core_v1_EndpointAddress(ref common.ReferenceCallback) comm "targetRef": { SchemaProps: spec.SchemaProps{ Description: "Reference to object providing the endpoint.", - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, }, @@ -74431,7 +75786,7 @@ func schema_k8sio_api_core_v1_EndpointAddress(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ObjectReference"}, + corev1.ObjectReference{}.OpenAPIModelName()}, } } @@ -74504,7 +75859,7 @@ func schema_k8sio_api_core_v1_EndpointSubset(ref common.ReferenceCallback) commo Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.EndpointAddress"), + Ref: ref(corev1.EndpointAddress{}.OpenAPIModelName()), }, }, }, @@ -74523,7 +75878,7 @@ func schema_k8sio_api_core_v1_EndpointSubset(ref common.ReferenceCallback) commo Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.EndpointAddress"), + Ref: ref(corev1.EndpointAddress{}.OpenAPIModelName()), }, }, }, @@ -74542,7 +75897,7 @@ func schema_k8sio_api_core_v1_EndpointSubset(ref common.ReferenceCallback) commo Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.EndpointPort"), + Ref: ref(corev1.EndpointPort{}.OpenAPIModelName()), }, }, }, @@ -74552,7 +75907,7 @@ func schema_k8sio_api_core_v1_EndpointSubset(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - "k8s.io/api/core/v1.EndpointAddress", "k8s.io/api/core/v1.EndpointPort"}, + corev1.EndpointAddress{}.OpenAPIModelName(), corev1.EndpointPort{}.OpenAPIModelName()}, } } @@ -74581,7 +75936,7 @@ func schema_k8sio_api_core_v1_Endpoints(ref common.ReferenceCallback) common.Ope SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "subsets": { @@ -74597,7 +75952,7 @@ func schema_k8sio_api_core_v1_Endpoints(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.EndpointSubset"), + Ref: ref(corev1.EndpointSubset{}.OpenAPIModelName()), }, }, }, @@ -74607,7 +75962,7 @@ func schema_k8sio_api_core_v1_Endpoints(ref common.ReferenceCallback) common.Ope }, }, Dependencies: []string{ - "k8s.io/api/core/v1.EndpointSubset", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + corev1.EndpointSubset{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -74636,7 +75991,7 @@ func schema_k8sio_api_core_v1_EndpointsList(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -74647,7 +76002,7 @@ func schema_k8sio_api_core_v1_EndpointsList(ref common.ReferenceCallback) common Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.Endpoints"), + Ref: ref(corev1.Endpoints{}.OpenAPIModelName()), }, }, }, @@ -74658,7 +76013,7 @@ func schema_k8sio_api_core_v1_EndpointsList(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - "k8s.io/api/core/v1.Endpoints", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + corev1.Endpoints{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -74679,20 +76034,20 @@ func schema_k8sio_api_core_v1_EnvFromSource(ref common.ReferenceCallback) common "configMapRef": { SchemaProps: spec.SchemaProps{ Description: "The ConfigMap to select from", - Ref: ref("k8s.io/api/core/v1.ConfigMapEnvSource"), + Ref: ref(corev1.ConfigMapEnvSource{}.OpenAPIModelName()), }, }, "secretRef": { SchemaProps: spec.SchemaProps{ Description: "The Secret to select from", - Ref: ref("k8s.io/api/core/v1.SecretEnvSource"), + Ref: ref(corev1.SecretEnvSource{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ConfigMapEnvSource", "k8s.io/api/core/v1.SecretEnvSource"}, + corev1.ConfigMapEnvSource{}.OpenAPIModelName(), corev1.SecretEnvSource{}.OpenAPIModelName()}, } } @@ -74721,7 +76076,7 @@ func schema_k8sio_api_core_v1_EnvVar(ref common.ReferenceCallback) common.OpenAP "valueFrom": { SchemaProps: spec.SchemaProps{ Description: "Source for the environment variable's value. Cannot be used if value is not empty.", - Ref: ref("k8s.io/api/core/v1.EnvVarSource"), + Ref: ref(corev1.EnvVarSource{}.OpenAPIModelName()), }, }, }, @@ -74729,7 +76084,7 @@ func schema_k8sio_api_core_v1_EnvVar(ref common.ReferenceCallback) common.OpenAP }, }, Dependencies: []string{ - "k8s.io/api/core/v1.EnvVarSource"}, + corev1.EnvVarSource{}.OpenAPIModelName()}, } } @@ -74743,38 +76098,38 @@ func schema_k8sio_api_core_v1_EnvVarSource(ref common.ReferenceCallback) common. "fieldRef": { SchemaProps: spec.SchemaProps{ Description: "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - Ref: ref("k8s.io/api/core/v1.ObjectFieldSelector"), + Ref: ref(corev1.ObjectFieldSelector{}.OpenAPIModelName()), }, }, "resourceFieldRef": { SchemaProps: spec.SchemaProps{ Description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - Ref: ref("k8s.io/api/core/v1.ResourceFieldSelector"), + Ref: ref(corev1.ResourceFieldSelector{}.OpenAPIModelName()), }, }, "configMapKeyRef": { SchemaProps: spec.SchemaProps{ Description: "Selects a key of a ConfigMap.", - Ref: ref("k8s.io/api/core/v1.ConfigMapKeySelector"), + Ref: ref(corev1.ConfigMapKeySelector{}.OpenAPIModelName()), }, }, "secretKeyRef": { SchemaProps: spec.SchemaProps{ Description: "Selects a key of a secret in the pod's namespace", - Ref: ref("k8s.io/api/core/v1.SecretKeySelector"), + Ref: ref(corev1.SecretKeySelector{}.OpenAPIModelName()), }, }, "fileKeyRef": { SchemaProps: spec.SchemaProps{ Description: "FileKeyRef selects a key of the env file. Requires the EnvFiles feature gate to be enabled.", - Ref: ref("k8s.io/api/core/v1.FileKeySelector"), + Ref: ref(corev1.FileKeySelector{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ConfigMapKeySelector", "k8s.io/api/core/v1.FileKeySelector", "k8s.io/api/core/v1.ObjectFieldSelector", "k8s.io/api/core/v1.ResourceFieldSelector", "k8s.io/api/core/v1.SecretKeySelector"}, + corev1.ConfigMapKeySelector{}.OpenAPIModelName(), corev1.FileKeySelector{}.OpenAPIModelName(), corev1.ObjectFieldSelector{}.OpenAPIModelName(), corev1.ResourceFieldSelector{}.OpenAPIModelName(), corev1.SecretKeySelector{}.OpenAPIModelName()}, } } @@ -74866,7 +76221,7 @@ func schema_k8sio_api_core_v1_EphemeralContainer(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ContainerPort"), + Ref: ref(corev1.ContainerPort{}.OpenAPIModelName()), }, }, }, @@ -74885,7 +76240,7 @@ func schema_k8sio_api_core_v1_EphemeralContainer(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.EnvFromSource"), + Ref: ref(corev1.EnvFromSource{}.OpenAPIModelName()), }, }, }, @@ -74909,7 +76264,7 @@ func schema_k8sio_api_core_v1_EphemeralContainer(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.EnvVar"), + Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), }, }, }, @@ -74919,7 +76274,7 @@ func schema_k8sio_api_core_v1_EphemeralContainer(ref common.ReferenceCallback) c SchemaProps: spec.SchemaProps{ Description: "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), + Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), }, }, "resizePolicy": { @@ -74935,7 +76290,7 @@ func schema_k8sio_api_core_v1_EphemeralContainer(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ContainerResizePolicy"), + Ref: ref(corev1.ContainerResizePolicy{}.OpenAPIModelName()), }, }, }, @@ -74961,7 +76316,7 @@ func schema_k8sio_api_core_v1_EphemeralContainer(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ContainerRestartRule"), + Ref: ref(corev1.ContainerRestartRule{}.OpenAPIModelName()), }, }, }, @@ -74985,7 +76340,7 @@ func schema_k8sio_api_core_v1_EphemeralContainer(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.VolumeMount"), + Ref: ref(corev1.VolumeMount{}.OpenAPIModelName()), }, }, }, @@ -75009,7 +76364,7 @@ func schema_k8sio_api_core_v1_EphemeralContainer(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.VolumeDevice"), + Ref: ref(corev1.VolumeDevice{}.OpenAPIModelName()), }, }, }, @@ -75018,25 +76373,25 @@ func schema_k8sio_api_core_v1_EphemeralContainer(ref common.ReferenceCallback) c "livenessProbe": { SchemaProps: spec.SchemaProps{ Description: "Probes are not allowed for ephemeral containers.", - Ref: ref("k8s.io/api/core/v1.Probe"), + Ref: ref(corev1.Probe{}.OpenAPIModelName()), }, }, "readinessProbe": { SchemaProps: spec.SchemaProps{ Description: "Probes are not allowed for ephemeral containers.", - Ref: ref("k8s.io/api/core/v1.Probe"), + Ref: ref(corev1.Probe{}.OpenAPIModelName()), }, }, "startupProbe": { SchemaProps: spec.SchemaProps{ Description: "Probes are not allowed for ephemeral containers.", - Ref: ref("k8s.io/api/core/v1.Probe"), + Ref: ref(corev1.Probe{}.OpenAPIModelName()), }, }, "lifecycle": { SchemaProps: spec.SchemaProps{ Description: "Lifecycle is not allowed for ephemeral containers.", - Ref: ref("k8s.io/api/core/v1.Lifecycle"), + Ref: ref(corev1.Lifecycle{}.OpenAPIModelName()), }, }, "terminationMessagePath": { @@ -75065,7 +76420,7 @@ func schema_k8sio_api_core_v1_EphemeralContainer(ref common.ReferenceCallback) c "securityContext": { SchemaProps: spec.SchemaProps{ Description: "Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.", - Ref: ref("k8s.io/api/core/v1.SecurityContext"), + Ref: ref(corev1.SecurityContext{}.OpenAPIModelName()), }, }, "stdin": { @@ -75101,7 +76456,7 @@ func schema_k8sio_api_core_v1_EphemeralContainer(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ContainerPort", "k8s.io/api/core/v1.ContainerResizePolicy", "k8s.io/api/core/v1.ContainerRestartRule", "k8s.io/api/core/v1.EnvFromSource", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.Lifecycle", "k8s.io/api/core/v1.Probe", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.SecurityContext", "k8s.io/api/core/v1.VolumeDevice", "k8s.io/api/core/v1.VolumeMount"}, + corev1.ContainerPort{}.OpenAPIModelName(), corev1.ContainerResizePolicy{}.OpenAPIModelName(), corev1.ContainerRestartRule{}.OpenAPIModelName(), corev1.EnvFromSource{}.OpenAPIModelName(), corev1.EnvVar{}.OpenAPIModelName(), corev1.Lifecycle{}.OpenAPIModelName(), corev1.Probe{}.OpenAPIModelName(), corev1.ResourceRequirements{}.OpenAPIModelName(), corev1.SecurityContext{}.OpenAPIModelName(), corev1.VolumeDevice{}.OpenAPIModelName(), corev1.VolumeMount{}.OpenAPIModelName()}, } } @@ -75193,7 +76548,7 @@ func schema_k8sio_api_core_v1_EphemeralContainerCommon(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ContainerPort"), + Ref: ref(corev1.ContainerPort{}.OpenAPIModelName()), }, }, }, @@ -75212,7 +76567,7 @@ func schema_k8sio_api_core_v1_EphemeralContainerCommon(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.EnvFromSource"), + Ref: ref(corev1.EnvFromSource{}.OpenAPIModelName()), }, }, }, @@ -75236,7 +76591,7 @@ func schema_k8sio_api_core_v1_EphemeralContainerCommon(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.EnvVar"), + Ref: ref(corev1.EnvVar{}.OpenAPIModelName()), }, }, }, @@ -75246,7 +76601,7 @@ func schema_k8sio_api_core_v1_EphemeralContainerCommon(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), + Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), }, }, "resizePolicy": { @@ -75262,7 +76617,7 @@ func schema_k8sio_api_core_v1_EphemeralContainerCommon(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ContainerResizePolicy"), + Ref: ref(corev1.ContainerResizePolicy{}.OpenAPIModelName()), }, }, }, @@ -75288,7 +76643,7 @@ func schema_k8sio_api_core_v1_EphemeralContainerCommon(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ContainerRestartRule"), + Ref: ref(corev1.ContainerRestartRule{}.OpenAPIModelName()), }, }, }, @@ -75312,7 +76667,7 @@ func schema_k8sio_api_core_v1_EphemeralContainerCommon(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.VolumeMount"), + Ref: ref(corev1.VolumeMount{}.OpenAPIModelName()), }, }, }, @@ -75336,7 +76691,7 @@ func schema_k8sio_api_core_v1_EphemeralContainerCommon(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.VolumeDevice"), + Ref: ref(corev1.VolumeDevice{}.OpenAPIModelName()), }, }, }, @@ -75345,25 +76700,25 @@ func schema_k8sio_api_core_v1_EphemeralContainerCommon(ref common.ReferenceCallb "livenessProbe": { SchemaProps: spec.SchemaProps{ Description: "Probes are not allowed for ephemeral containers.", - Ref: ref("k8s.io/api/core/v1.Probe"), + Ref: ref(corev1.Probe{}.OpenAPIModelName()), }, }, "readinessProbe": { SchemaProps: spec.SchemaProps{ Description: "Probes are not allowed for ephemeral containers.", - Ref: ref("k8s.io/api/core/v1.Probe"), + Ref: ref(corev1.Probe{}.OpenAPIModelName()), }, }, "startupProbe": { SchemaProps: spec.SchemaProps{ Description: "Probes are not allowed for ephemeral containers.", - Ref: ref("k8s.io/api/core/v1.Probe"), + Ref: ref(corev1.Probe{}.OpenAPIModelName()), }, }, "lifecycle": { SchemaProps: spec.SchemaProps{ Description: "Lifecycle is not allowed for ephemeral containers.", - Ref: ref("k8s.io/api/core/v1.Lifecycle"), + Ref: ref(corev1.Lifecycle{}.OpenAPIModelName()), }, }, "terminationMessagePath": { @@ -75392,7 +76747,7 @@ func schema_k8sio_api_core_v1_EphemeralContainerCommon(ref common.ReferenceCallb "securityContext": { SchemaProps: spec.SchemaProps{ Description: "Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.", - Ref: ref("k8s.io/api/core/v1.SecurityContext"), + Ref: ref(corev1.SecurityContext{}.OpenAPIModelName()), }, }, "stdin": { @@ -75421,7 +76776,7 @@ func schema_k8sio_api_core_v1_EphemeralContainerCommon(ref common.ReferenceCallb }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ContainerPort", "k8s.io/api/core/v1.ContainerResizePolicy", "k8s.io/api/core/v1.ContainerRestartRule", "k8s.io/api/core/v1.EnvFromSource", "k8s.io/api/core/v1.EnvVar", "k8s.io/api/core/v1.Lifecycle", "k8s.io/api/core/v1.Probe", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.SecurityContext", "k8s.io/api/core/v1.VolumeDevice", "k8s.io/api/core/v1.VolumeMount"}, + corev1.ContainerPort{}.OpenAPIModelName(), corev1.ContainerResizePolicy{}.OpenAPIModelName(), corev1.ContainerRestartRule{}.OpenAPIModelName(), corev1.EnvFromSource{}.OpenAPIModelName(), corev1.EnvVar{}.OpenAPIModelName(), corev1.Lifecycle{}.OpenAPIModelName(), corev1.Probe{}.OpenAPIModelName(), corev1.ResourceRequirements{}.OpenAPIModelName(), corev1.SecurityContext{}.OpenAPIModelName(), corev1.VolumeDevice{}.OpenAPIModelName(), corev1.VolumeMount{}.OpenAPIModelName()}, } } @@ -75435,14 +76790,14 @@ func schema_k8sio_api_core_v1_EphemeralVolumeSource(ref common.ReferenceCallback "volumeClaimTemplate": { SchemaProps: spec.SchemaProps{ Description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes to the PVC after it has been created.\n\nRequired, must not be nil.", - Ref: ref("k8s.io/api/core/v1.PersistentVolumeClaimTemplate"), + Ref: ref(corev1.PersistentVolumeClaimTemplate{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.PersistentVolumeClaimTemplate"}, + corev1.PersistentVolumeClaimTemplate{}.OpenAPIModelName()}, } } @@ -75471,14 +76826,14 @@ func schema_k8sio_api_core_v1_Event(ref common.ReferenceCallback) common.OpenAPI SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "involvedObject": { SchemaProps: spec.SchemaProps{ Description: "The object that this event is about.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, "reason": { @@ -75499,19 +76854,19 @@ func schema_k8sio_api_core_v1_Event(ref common.ReferenceCallback) common.OpenAPI SchemaProps: spec.SchemaProps{ Description: "The component reporting this event. Should be a short machine understandable string.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.EventSource"), + Ref: ref(corev1.EventSource{}.OpenAPIModelName()), }, }, "firstTimestamp": { SchemaProps: spec.SchemaProps{ Description: "The time at which the event was first recorded. (Time of server receipt is in TypeMeta.)", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "lastTimestamp": { SchemaProps: spec.SchemaProps{ Description: "The time at which the most recent occurrence of this event was recorded.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "count": { @@ -75531,13 +76886,13 @@ func schema_k8sio_api_core_v1_Event(ref common.ReferenceCallback) common.OpenAPI "eventTime": { SchemaProps: spec.SchemaProps{ Description: "Time when this Event was first observed.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime"), + Ref: ref(metav1.MicroTime{}.OpenAPIModelName()), }, }, "series": { SchemaProps: spec.SchemaProps{ Description: "Data about the Event series this event represents or nil if it's a singleton Event.", - Ref: ref("k8s.io/api/core/v1.EventSeries"), + Ref: ref(corev1.EventSeries{}.OpenAPIModelName()), }, }, "action": { @@ -75550,7 +76905,7 @@ func schema_k8sio_api_core_v1_Event(ref common.ReferenceCallback) common.OpenAPI "related": { SchemaProps: spec.SchemaProps{ Description: "Optional secondary object for more complex actions.", - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, "reportingComponent": { @@ -75574,7 +76929,7 @@ func schema_k8sio_api_core_v1_Event(ref common.ReferenceCallback) common.OpenAPI }, }, Dependencies: []string{ - "k8s.io/api/core/v1.EventSeries", "k8s.io/api/core/v1.EventSource", "k8s.io/api/core/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + corev1.EventSeries{}.OpenAPIModelName(), corev1.EventSource{}.OpenAPIModelName(), corev1.ObjectReference{}.OpenAPIModelName(), metav1.MicroTime{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, } } @@ -75603,7 +76958,7 @@ func schema_k8sio_api_core_v1_EventList(ref common.ReferenceCallback) common.Ope SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -75614,7 +76969,7 @@ func schema_k8sio_api_core_v1_EventList(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.Event"), + Ref: ref(corev1.Event{}.OpenAPIModelName()), }, }, }, @@ -75625,7 +76980,7 @@ func schema_k8sio_api_core_v1_EventList(ref common.ReferenceCallback) common.Ope }, }, Dependencies: []string{ - "k8s.io/api/core/v1.Event", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + corev1.Event{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -75646,14 +77001,14 @@ func schema_k8sio_api_core_v1_EventSeries(ref common.ReferenceCallback) common.O "lastObservedTime": { SchemaProps: spec.SchemaProps{ Description: "Time of the last occurrence observed", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime"), + Ref: ref(metav1.MicroTime{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.MicroTime"}, + metav1.MicroTime{}.OpenAPIModelName()}, } } @@ -75867,7 +77222,7 @@ func schema_k8sio_api_core_v1_FlexPersistentVolumeSource(ref common.ReferenceCal "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef is Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.", - Ref: ref("k8s.io/api/core/v1.SecretReference"), + Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), }, }, "readOnly": { @@ -75898,7 +77253,7 @@ func schema_k8sio_api_core_v1_FlexPersistentVolumeSource(ref common.ReferenceCal }, }, Dependencies: []string{ - "k8s.io/api/core/v1.SecretReference"}, + corev1.SecretReference{}.OpenAPIModelName()}, } } @@ -75927,7 +77282,7 @@ func schema_k8sio_api_core_v1_FlexVolumeSource(ref common.ReferenceCallback) com "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, "readOnly": { @@ -75958,7 +77313,7 @@ func schema_k8sio_api_core_v1_FlexVolumeSource(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "k8s.io/api/core/v1.LocalObjectReference"}, + corev1.LocalObjectReference{}.OpenAPIModelName()}, } } @@ -76196,7 +77551,7 @@ func schema_k8sio_api_core_v1_HTTPGetAction(ref common.ReferenceCallback) common "port": { SchemaProps: spec.SchemaProps{ Description: "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", - Ref: ref("k8s.io/apimachinery/pkg/util/intstr.IntOrString"), + Ref: ref(intstr.IntOrString{}.OpenAPIModelName()), }, }, "host": { @@ -76227,7 +77582,7 @@ func schema_k8sio_api_core_v1_HTTPGetAction(ref common.ReferenceCallback) common Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.HTTPHeader"), + Ref: ref(corev1.HTTPHeader{}.OpenAPIModelName()), }, }, }, @@ -76238,7 +77593,7 @@ func schema_k8sio_api_core_v1_HTTPGetAction(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - "k8s.io/api/core/v1.HTTPHeader", "k8s.io/apimachinery/pkg/util/intstr.IntOrString"}, + corev1.HTTPHeader{}.OpenAPIModelName(), intstr.IntOrString{}.OpenAPIModelName()}, } } @@ -76456,7 +77811,7 @@ func schema_k8sio_api_core_v1_ISCSIPersistentVolumeSource(ref common.ReferenceCa "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication", - Ref: ref("k8s.io/api/core/v1.SecretReference"), + Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), }, }, "initiatorName": { @@ -76471,7 +77826,7 @@ func schema_k8sio_api_core_v1_ISCSIPersistentVolumeSource(ref common.ReferenceCa }, }, Dependencies: []string{ - "k8s.io/api/core/v1.SecretReference"}, + corev1.SecretReference{}.OpenAPIModelName()}, } } @@ -76565,7 +77920,7 @@ func schema_k8sio_api_core_v1_ISCSIVolumeSource(ref common.ReferenceCallback) co "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef is the CHAP Secret for iSCSI target and initiator authentication", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, "initiatorName": { @@ -76580,7 +77935,7 @@ func schema_k8sio_api_core_v1_ISCSIVolumeSource(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "k8s.io/api/core/v1.LocalObjectReference"}, + corev1.LocalObjectReference{}.OpenAPIModelName()}, } } @@ -76659,13 +78014,13 @@ func schema_k8sio_api_core_v1_Lifecycle(ref common.ReferenceCallback) common.Ope "postStart": { SchemaProps: spec.SchemaProps{ Description: "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - Ref: ref("k8s.io/api/core/v1.LifecycleHandler"), + Ref: ref(corev1.LifecycleHandler{}.OpenAPIModelName()), }, }, "preStop": { SchemaProps: spec.SchemaProps{ Description: "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - Ref: ref("k8s.io/api/core/v1.LifecycleHandler"), + Ref: ref(corev1.LifecycleHandler{}.OpenAPIModelName()), }, }, "stopSignal": { @@ -76680,7 +78035,7 @@ func schema_k8sio_api_core_v1_Lifecycle(ref common.ReferenceCallback) common.Ope }, }, Dependencies: []string{ - "k8s.io/api/core/v1.LifecycleHandler"}, + corev1.LifecycleHandler{}.OpenAPIModelName()}, } } @@ -76694,32 +78049,32 @@ func schema_k8sio_api_core_v1_LifecycleHandler(ref common.ReferenceCallback) com "exec": { SchemaProps: spec.SchemaProps{ Description: "Exec specifies a command to execute in the container.", - Ref: ref("k8s.io/api/core/v1.ExecAction"), + Ref: ref(corev1.ExecAction{}.OpenAPIModelName()), }, }, "httpGet": { SchemaProps: spec.SchemaProps{ Description: "HTTPGet specifies an HTTP GET request to perform.", - Ref: ref("k8s.io/api/core/v1.HTTPGetAction"), + Ref: ref(corev1.HTTPGetAction{}.OpenAPIModelName()), }, }, "tcpSocket": { SchemaProps: spec.SchemaProps{ Description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified.", - Ref: ref("k8s.io/api/core/v1.TCPSocketAction"), + Ref: ref(corev1.TCPSocketAction{}.OpenAPIModelName()), }, }, "sleep": { SchemaProps: spec.SchemaProps{ Description: "Sleep represents a duration that the container should sleep.", - Ref: ref("k8s.io/api/core/v1.SleepAction"), + Ref: ref(corev1.SleepAction{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ExecAction", "k8s.io/api/core/v1.HTTPGetAction", "k8s.io/api/core/v1.SleepAction", "k8s.io/api/core/v1.TCPSocketAction"}, + corev1.ExecAction{}.OpenAPIModelName(), corev1.HTTPGetAction{}.OpenAPIModelName(), corev1.SleepAction{}.OpenAPIModelName(), corev1.TCPSocketAction{}.OpenAPIModelName()}, } } @@ -76748,21 +78103,21 @@ func schema_k8sio_api_core_v1_LimitRange(ref common.ReferenceCallback) common.Op SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec defines the limits enforced. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.LimitRangeSpec"), + Ref: ref(corev1.LimitRangeSpec{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.LimitRangeSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + corev1.LimitRangeSpec{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -76789,7 +78144,7 @@ func schema_k8sio_api_core_v1_LimitRangeItem(ref common.ReferenceCallback) commo Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, }, @@ -76803,7 +78158,7 @@ func schema_k8sio_api_core_v1_LimitRangeItem(ref common.ReferenceCallback) commo Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, }, @@ -76817,7 +78172,7 @@ func schema_k8sio_api_core_v1_LimitRangeItem(ref common.ReferenceCallback) commo Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, }, @@ -76831,7 +78186,7 @@ func schema_k8sio_api_core_v1_LimitRangeItem(ref common.ReferenceCallback) commo Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, }, @@ -76845,7 +78200,7 @@ func schema_k8sio_api_core_v1_LimitRangeItem(ref common.ReferenceCallback) commo Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, }, @@ -76856,7 +78211,7 @@ func schema_k8sio_api_core_v1_LimitRangeItem(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/api/resource.Quantity"}, + resource.Quantity{}.OpenAPIModelName()}, } } @@ -76885,7 +78240,7 @@ func schema_k8sio_api_core_v1_LimitRangeList(ref common.ReferenceCallback) commo SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -76896,7 +78251,7 @@ func schema_k8sio_api_core_v1_LimitRangeList(ref common.ReferenceCallback) commo Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.LimitRange"), + Ref: ref(corev1.LimitRange{}.OpenAPIModelName()), }, }, }, @@ -76907,7 +78262,7 @@ func schema_k8sio_api_core_v1_LimitRangeList(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - "k8s.io/api/core/v1.LimitRange", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + corev1.LimitRange{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -76931,7 +78286,7 @@ func schema_k8sio_api_core_v1_LimitRangeSpec(ref common.ReferenceCallback) commo Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.LimitRangeItem"), + Ref: ref(corev1.LimitRangeItem{}.OpenAPIModelName()), }, }, }, @@ -76942,7 +78297,7 @@ func schema_k8sio_api_core_v1_LimitRangeSpec(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - "k8s.io/api/core/v1.LimitRangeItem"}, + corev1.LimitRangeItem{}.OpenAPIModelName()}, } } @@ -77021,7 +78376,7 @@ func schema_k8sio_api_core_v1_List(ref common.ReferenceCallback) common.OpenAPID SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -77031,7 +78386,7 @@ func schema_k8sio_api_core_v1_List(ref common.ReferenceCallback) common.OpenAPID Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, @@ -77042,7 +78397,7 @@ func schema_k8sio_api_core_v1_List(ref common.ReferenceCallback) common.OpenAPID }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + metav1.ListMeta{}.OpenAPIModelName(), runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -77087,7 +78442,7 @@ func schema_k8sio_api_core_v1_LoadBalancerIngress(ref common.ReferenceCallback) Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PortStatus"), + Ref: ref(corev1.PortStatus{}.OpenAPIModelName()), }, }, }, @@ -77097,7 +78452,7 @@ func schema_k8sio_api_core_v1_LoadBalancerIngress(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "k8s.io/api/core/v1.PortStatus"}, + corev1.PortStatus{}.OpenAPIModelName()}, } } @@ -77121,7 +78476,7 @@ func schema_k8sio_api_core_v1_LoadBalancerStatus(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.LoadBalancerIngress"), + Ref: ref(corev1.LoadBalancerIngress{}.OpenAPIModelName()), }, }, }, @@ -77131,7 +78486,7 @@ func schema_k8sio_api_core_v1_LoadBalancerStatus(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - "k8s.io/api/core/v1.LoadBalancerIngress"}, + corev1.LoadBalancerIngress{}.OpenAPIModelName()}, } } @@ -77282,28 +78637,28 @@ func schema_k8sio_api_core_v1_Namespace(ref common.ReferenceCallback) common.Ope SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec defines the behavior of the Namespace. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.NamespaceSpec"), + Ref: ref(corev1.NamespaceSpec{}.OpenAPIModelName()), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "Status describes the current status of a Namespace. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.NamespaceStatus"), + Ref: ref(corev1.NamespaceStatus{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.NamespaceSpec", "k8s.io/api/core/v1.NamespaceStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + corev1.NamespaceSpec{}.OpenAPIModelName(), corev1.NamespaceStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -77333,7 +78688,7 @@ func schema_k8sio_api_core_v1_NamespaceCondition(ref common.ReferenceCallback) c "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "Last time the condition transitioned from one status to another.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "reason": { @@ -77355,7 +78710,7 @@ func schema_k8sio_api_core_v1_NamespaceCondition(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -77384,7 +78739,7 @@ func schema_k8sio_api_core_v1_NamespaceList(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -77395,7 +78750,7 @@ func schema_k8sio_api_core_v1_NamespaceList(ref common.ReferenceCallback) common Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.Namespace"), + Ref: ref(corev1.Namespace{}.OpenAPIModelName()), }, }, }, @@ -77406,7 +78761,7 @@ func schema_k8sio_api_core_v1_NamespaceList(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - "k8s.io/api/core/v1.Namespace", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + corev1.Namespace{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -77476,7 +78831,7 @@ func schema_k8sio_api_core_v1_NamespaceStatus(ref common.ReferenceCallback) comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.NamespaceCondition"), + Ref: ref(corev1.NamespaceCondition{}.OpenAPIModelName()), }, }, }, @@ -77486,7 +78841,7 @@ func schema_k8sio_api_core_v1_NamespaceStatus(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "k8s.io/api/core/v1.NamespaceCondition"}, + corev1.NamespaceCondition{}.OpenAPIModelName()}, } } @@ -77515,28 +78870,28 @@ func schema_k8sio_api_core_v1_Node(ref common.ReferenceCallback) common.OpenAPID SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec defines the behavior of a node. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.NodeSpec"), + Ref: ref(corev1.NodeSpec{}.OpenAPIModelName()), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "Most recently observed status of the node. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.NodeStatus"), + Ref: ref(corev1.NodeStatus{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.NodeSpec", "k8s.io/api/core/v1.NodeStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + corev1.NodeSpec{}.OpenAPIModelName(), corev1.NodeStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -77580,7 +78935,7 @@ func schema_k8sio_api_core_v1_NodeAffinity(ref common.ReferenceCallback) common. "requiredDuringSchedulingIgnoredDuringExecution": { SchemaProps: spec.SchemaProps{ Description: "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", - Ref: ref("k8s.io/api/core/v1.NodeSelector"), + Ref: ref(corev1.NodeSelector{}.OpenAPIModelName()), }, }, "preferredDuringSchedulingIgnoredDuringExecution": { @@ -77596,7 +78951,7 @@ func schema_k8sio_api_core_v1_NodeAffinity(ref common.ReferenceCallback) common. Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PreferredSchedulingTerm"), + Ref: ref(corev1.PreferredSchedulingTerm{}.OpenAPIModelName()), }, }, }, @@ -77606,7 +78961,7 @@ func schema_k8sio_api_core_v1_NodeAffinity(ref common.ReferenceCallback) common. }, }, Dependencies: []string{ - "k8s.io/api/core/v1.NodeSelector", "k8s.io/api/core/v1.PreferredSchedulingTerm"}, + corev1.NodeSelector{}.OpenAPIModelName(), corev1.PreferredSchedulingTerm{}.OpenAPIModelName()}, } } @@ -77636,13 +78991,13 @@ func schema_k8sio_api_core_v1_NodeCondition(ref common.ReferenceCallback) common "lastHeartbeatTime": { SchemaProps: spec.SchemaProps{ Description: "Last time we got an update on a given condition.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "Last time the condition transit from one status to another.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "reason": { @@ -77664,7 +79019,7 @@ func schema_k8sio_api_core_v1_NodeCondition(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -77678,14 +79033,14 @@ func schema_k8sio_api_core_v1_NodeConfigSource(ref common.ReferenceCallback) com "configMap": { SchemaProps: spec.SchemaProps{ Description: "ConfigMap is a reference to a Node's ConfigMap", - Ref: ref("k8s.io/api/core/v1.ConfigMapNodeConfigSource"), + Ref: ref(corev1.ConfigMapNodeConfigSource{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ConfigMapNodeConfigSource"}, + corev1.ConfigMapNodeConfigSource{}.OpenAPIModelName()}, } } @@ -77699,19 +79054,19 @@ func schema_k8sio_api_core_v1_NodeConfigStatus(ref common.ReferenceCallback) com "assigned": { SchemaProps: spec.SchemaProps{ Description: "Assigned reports the checkpointed config the node will try to use. When Node.Spec.ConfigSource is updated, the node checkpoints the associated config payload to local disk, along with a record indicating intended config. The node refers to this record to choose its config checkpoint, and reports this record in Assigned. Assigned only updates in the status after the record has been checkpointed to disk. When the Kubelet is restarted, it tries to make the Assigned config the Active config by loading and validating the checkpointed payload identified by Assigned.", - Ref: ref("k8s.io/api/core/v1.NodeConfigSource"), + Ref: ref(corev1.NodeConfigSource{}.OpenAPIModelName()), }, }, "active": { SchemaProps: spec.SchemaProps{ Description: "Active reports the checkpointed config the node is actively using. Active will represent either the current version of the Assigned config, or the current LastKnownGood config, depending on whether attempting to use the Assigned config results in an error.", - Ref: ref("k8s.io/api/core/v1.NodeConfigSource"), + Ref: ref(corev1.NodeConfigSource{}.OpenAPIModelName()), }, }, "lastKnownGood": { SchemaProps: spec.SchemaProps{ Description: "LastKnownGood reports the checkpointed config the node will fall back to when it encounters an error attempting to use the Assigned config. The Assigned config becomes the LastKnownGood config when the node determines that the Assigned config is stable and correct. This is currently implemented as a 10-minute soak period starting when the local record of Assigned config is updated. If the Assigned config is Active at the end of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, because the local default config is always assumed good. You should not make assumptions about the node's method of determining config stability and correctness, as this may change or become configurable in the future.", - Ref: ref("k8s.io/api/core/v1.NodeConfigSource"), + Ref: ref(corev1.NodeConfigSource{}.OpenAPIModelName()), }, }, "error": { @@ -77725,7 +79080,7 @@ func schema_k8sio_api_core_v1_NodeConfigStatus(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "k8s.io/api/core/v1.NodeConfigSource"}, + corev1.NodeConfigSource{}.OpenAPIModelName()}, } } @@ -77740,14 +79095,14 @@ func schema_k8sio_api_core_v1_NodeDaemonEndpoints(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "Endpoint on which Kubelet is listening.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.DaemonEndpoint"), + Ref: ref(corev1.DaemonEndpoint{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.DaemonEndpoint"}, + corev1.DaemonEndpoint{}.OpenAPIModelName()}, } } @@ -77796,7 +79151,7 @@ func schema_k8sio_api_core_v1_NodeList(ref common.ReferenceCallback) common.Open SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -77807,7 +79162,7 @@ func schema_k8sio_api_core_v1_NodeList(ref common.ReferenceCallback) common.Open Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.Node"), + Ref: ref(corev1.Node{}.OpenAPIModelName()), }, }, }, @@ -77818,7 +79173,7 @@ func schema_k8sio_api_core_v1_NodeList(ref common.ReferenceCallback) common.Open }, }, Dependencies: []string{ - "k8s.io/api/core/v1.Node", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + corev1.Node{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -77874,14 +79229,14 @@ func schema_k8sio_api_core_v1_NodeRuntimeHandler(ref common.ReferenceCallback) c "features": { SchemaProps: spec.SchemaProps{ Description: "Supported features.", - Ref: ref("k8s.io/api/core/v1.NodeRuntimeHandlerFeatures"), + Ref: ref(corev1.NodeRuntimeHandlerFeatures{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.NodeRuntimeHandlerFeatures"}, + corev1.NodeRuntimeHandlerFeatures{}.OpenAPIModelName()}, } } @@ -77932,7 +79287,7 @@ func schema_k8sio_api_core_v1_NodeSelector(ref common.ReferenceCallback) common. Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.NodeSelectorTerm"), + Ref: ref(corev1.NodeSelectorTerm{}.OpenAPIModelName()), }, }, }, @@ -77948,7 +79303,7 @@ func schema_k8sio_api_core_v1_NodeSelector(ref common.ReferenceCallback) common. }, }, Dependencies: []string{ - "k8s.io/api/core/v1.NodeSelectorTerm"}, + corev1.NodeSelectorTerm{}.OpenAPIModelName()}, } } @@ -78023,7 +79378,7 @@ func schema_k8sio_api_core_v1_NodeSelectorTerm(ref common.ReferenceCallback) com Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.NodeSelectorRequirement"), + Ref: ref(corev1.NodeSelectorRequirement{}.OpenAPIModelName()), }, }, }, @@ -78042,7 +79397,7 @@ func schema_k8sio_api_core_v1_NodeSelectorTerm(ref common.ReferenceCallback) com Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.NodeSelectorRequirement"), + Ref: ref(corev1.NodeSelectorRequirement{}.OpenAPIModelName()), }, }, }, @@ -78057,7 +79412,7 @@ func schema_k8sio_api_core_v1_NodeSelectorTerm(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "k8s.io/api/core/v1.NodeSelectorRequirement"}, + corev1.NodeSelectorRequirement{}.OpenAPIModelName()}, } } @@ -78123,7 +79478,7 @@ func schema_k8sio_api_core_v1_NodeSpec(ref common.ReferenceCallback) common.Open Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.Taint"), + Ref: ref(corev1.Taint{}.OpenAPIModelName()), }, }, }, @@ -78132,7 +79487,7 @@ func schema_k8sio_api_core_v1_NodeSpec(ref common.ReferenceCallback) common.Open "configSource": { SchemaProps: spec.SchemaProps{ Description: "Deprecated: Previously used to specify the source of the node's configuration for the DynamicKubeletConfig feature. This feature is removed.", - Ref: ref("k8s.io/api/core/v1.NodeConfigSource"), + Ref: ref(corev1.NodeConfigSource{}.OpenAPIModelName()), }, }, "externalID": { @@ -78146,7 +79501,7 @@ func schema_k8sio_api_core_v1_NodeSpec(ref common.ReferenceCallback) common.Open }, }, Dependencies: []string{ - "k8s.io/api/core/v1.NodeConfigSource", "k8s.io/api/core/v1.Taint"}, + corev1.NodeConfigSource{}.OpenAPIModelName(), corev1.Taint{}.OpenAPIModelName()}, } } @@ -78165,7 +79520,7 @@ func schema_k8sio_api_core_v1_NodeStatus(ref common.ReferenceCallback) common.Op Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, }, @@ -78179,7 +79534,7 @@ func schema_k8sio_api_core_v1_NodeStatus(ref common.ReferenceCallback) common.Op Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, }, @@ -78211,7 +79566,7 @@ func schema_k8sio_api_core_v1_NodeStatus(ref common.ReferenceCallback) common.Op Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.NodeCondition"), + Ref: ref(corev1.NodeCondition{}.OpenAPIModelName()), }, }, }, @@ -78235,7 +79590,7 @@ func schema_k8sio_api_core_v1_NodeStatus(ref common.ReferenceCallback) common.Op Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.NodeAddress"), + Ref: ref(corev1.NodeAddress{}.OpenAPIModelName()), }, }, }, @@ -78245,14 +79600,14 @@ func schema_k8sio_api_core_v1_NodeStatus(ref common.ReferenceCallback) common.Op SchemaProps: spec.SchemaProps{ Description: "Endpoints of daemons running on the Node.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.NodeDaemonEndpoints"), + Ref: ref(corev1.NodeDaemonEndpoints{}.OpenAPIModelName()), }, }, "nodeInfo": { SchemaProps: spec.SchemaProps{ Description: "Set of ids/uuids to uniquely identify the node. More info: https://kubernetes.io/docs/reference/node/node-status/#info", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.NodeSystemInfo"), + Ref: ref(corev1.NodeSystemInfo{}.OpenAPIModelName()), }, }, "images": { @@ -78268,7 +79623,7 @@ func schema_k8sio_api_core_v1_NodeStatus(ref common.ReferenceCallback) common.Op Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ContainerImage"), + Ref: ref(corev1.ContainerImage{}.OpenAPIModelName()), }, }, }, @@ -78307,7 +79662,7 @@ func schema_k8sio_api_core_v1_NodeStatus(ref common.ReferenceCallback) common.Op Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.AttachedVolume"), + Ref: ref(corev1.AttachedVolume{}.OpenAPIModelName()), }, }, }, @@ -78316,7 +79671,7 @@ func schema_k8sio_api_core_v1_NodeStatus(ref common.ReferenceCallback) common.Op "config": { SchemaProps: spec.SchemaProps{ Description: "Status of the config assigned to the node via the dynamic Kubelet config feature.", - Ref: ref("k8s.io/api/core/v1.NodeConfigStatus"), + Ref: ref(corev1.NodeConfigStatus{}.OpenAPIModelName()), }, }, "runtimeHandlers": { @@ -78332,7 +79687,7 @@ func schema_k8sio_api_core_v1_NodeStatus(ref common.ReferenceCallback) common.Op Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.NodeRuntimeHandler"), + Ref: ref(corev1.NodeRuntimeHandler{}.OpenAPIModelName()), }, }, }, @@ -78341,14 +79696,34 @@ func schema_k8sio_api_core_v1_NodeStatus(ref common.ReferenceCallback) common.Op "features": { SchemaProps: spec.SchemaProps{ Description: "Features describes the set of features implemented by the CRI implementation.", - Ref: ref("k8s.io/api/core/v1.NodeFeatures"), + Ref: ref(corev1.NodeFeatures{}.OpenAPIModelName()), + }, + }, + "declaredFeatures": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "DeclaredFeatures represents the features related to feature gates that are declared by the node.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.AttachedVolume", "k8s.io/api/core/v1.ContainerImage", "k8s.io/api/core/v1.NodeAddress", "k8s.io/api/core/v1.NodeCondition", "k8s.io/api/core/v1.NodeConfigStatus", "k8s.io/api/core/v1.NodeDaemonEndpoints", "k8s.io/api/core/v1.NodeFeatures", "k8s.io/api/core/v1.NodeRuntimeHandler", "k8s.io/api/core/v1.NodeSystemInfo", "k8s.io/apimachinery/pkg/api/resource.Quantity"}, + corev1.AttachedVolume{}.OpenAPIModelName(), corev1.ContainerImage{}.OpenAPIModelName(), corev1.NodeAddress{}.OpenAPIModelName(), corev1.NodeCondition{}.OpenAPIModelName(), corev1.NodeConfigStatus{}.OpenAPIModelName(), corev1.NodeDaemonEndpoints{}.OpenAPIModelName(), corev1.NodeFeatures{}.OpenAPIModelName(), corev1.NodeRuntimeHandler{}.OpenAPIModelName(), corev1.NodeSystemInfo{}.OpenAPIModelName(), resource.Quantity{}.OpenAPIModelName()}, } } @@ -78462,7 +79837,7 @@ func schema_k8sio_api_core_v1_NodeSystemInfo(ref common.ReferenceCallback) commo "swap": { SchemaProps: spec.SchemaProps{ Description: "Swap Info reported by the node.", - Ref: ref("k8s.io/api/core/v1.NodeSwapStatus"), + Ref: ref(corev1.NodeSwapStatus{}.OpenAPIModelName()), }, }, }, @@ -78470,7 +79845,7 @@ func schema_k8sio_api_core_v1_NodeSystemInfo(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - "k8s.io/api/core/v1.NodeSwapStatus"}, + corev1.NodeSwapStatus{}.OpenAPIModelName()}, } } @@ -78600,28 +79975,28 @@ func schema_k8sio_api_core_v1_PersistentVolume(ref common.ReferenceCallback) com SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "spec defines a specification of a persistent volume owned by the cluster. Provisioned by an administrator. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PersistentVolumeSpec"), + Ref: ref(corev1.PersistentVolumeSpec{}.OpenAPIModelName()), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "status represents the current information/status for the persistent volume. Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PersistentVolumeStatus"), + Ref: ref(corev1.PersistentVolumeStatus{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.PersistentVolumeSpec", "k8s.io/api/core/v1.PersistentVolumeStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + corev1.PersistentVolumeSpec{}.OpenAPIModelName(), corev1.PersistentVolumeStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -78650,28 +80025,28 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaim(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PersistentVolumeClaimSpec"), + Ref: ref(corev1.PersistentVolumeClaimSpec{}.OpenAPIModelName()), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PersistentVolumeClaimStatus"), + Ref: ref(corev1.PersistentVolumeClaimStatus{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.PersistentVolumeClaimSpec", "k8s.io/api/core/v1.PersistentVolumeClaimStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + corev1.PersistentVolumeClaimSpec{}.OpenAPIModelName(), corev1.PersistentVolumeClaimStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -78701,13 +80076,13 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimCondition(ref common.Referenc "lastProbeTime": { SchemaProps: spec.SchemaProps{ Description: "lastProbeTime is the time we probed the condition.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "lastTransitionTime is the time the condition transitioned from one status to another.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "reason": { @@ -78729,7 +80104,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimCondition(ref common.Referenc }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -78758,7 +80133,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimList(ref common.ReferenceCall SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -78769,7 +80144,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimList(ref common.ReferenceCall Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PersistentVolumeClaim"), + Ref: ref(corev1.PersistentVolumeClaim{}.OpenAPIModelName()), }, }, }, @@ -78780,7 +80155,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimList(ref common.ReferenceCall }, }, Dependencies: []string{ - "k8s.io/api/core/v1.PersistentVolumeClaim", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + corev1.PersistentVolumeClaim{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -78815,14 +80190,14 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimSpec(ref common.ReferenceCall "selector": { SchemaProps: spec.SchemaProps{ Description: "selector is a label query over volumes to consider for binding.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, "resources": { SchemaProps: spec.SchemaProps{ - Description: "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", + Description: "resources represents the minimum resources the volume should have. Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.VolumeResourceRequirements"), + Ref: ref(corev1.VolumeResourceRequirements{}.OpenAPIModelName()), }, }, "volumeName": { @@ -78850,13 +80225,13 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimSpec(ref common.ReferenceCall "dataSource": { SchemaProps: spec.SchemaProps{ Description: "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.", - Ref: ref("k8s.io/api/core/v1.TypedLocalObjectReference"), + Ref: ref(corev1.TypedLocalObjectReference{}.OpenAPIModelName()), }, }, "dataSourceRef": { SchemaProps: spec.SchemaProps{ Description: "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - Ref: ref("k8s.io/api/core/v1.TypedObjectReference"), + Ref: ref(corev1.TypedObjectReference{}.OpenAPIModelName()), }, }, "volumeAttributesClassName": { @@ -78870,7 +80245,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimSpec(ref common.ReferenceCall }, }, Dependencies: []string{ - "k8s.io/api/core/v1.TypedLocalObjectReference", "k8s.io/api/core/v1.TypedObjectReference", "k8s.io/api/core/v1.VolumeResourceRequirements", "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + corev1.TypedLocalObjectReference{}.OpenAPIModelName(), corev1.TypedObjectReference{}.OpenAPIModelName(), corev1.VolumeResourceRequirements{}.OpenAPIModelName(), metav1.LabelSelector{}.OpenAPIModelName()}, } } @@ -78918,7 +80293,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimStatus(ref common.ReferenceCa Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, }, @@ -78942,7 +80317,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimStatus(ref common.ReferenceCa Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PersistentVolumeClaimCondition"), + Ref: ref(corev1.PersistentVolumeClaimCondition{}.OpenAPIModelName()), }, }, }, @@ -78950,13 +80325,13 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimStatus(ref common.ReferenceCa }, "allocatedResources": { SchemaProps: spec.SchemaProps{ - Description: "allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + Description: "allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.", Type: []string{"object"}, AdditionalProperties: &spec.SchemaOrBool{ Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, }, @@ -78969,7 +80344,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimStatus(ref common.ReferenceCa }, }, SchemaProps: spec.SchemaProps{ - Description: "allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", + Description: "allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.", Type: []string{"object"}, AdditionalProperties: &spec.SchemaOrBool{ Allows: true, @@ -78994,14 +80369,14 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimStatus(ref common.ReferenceCa "modifyVolumeStatus": { SchemaProps: spec.SchemaProps{ Description: "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted.", - Ref: ref("k8s.io/api/core/v1.ModifyVolumeStatus"), + Ref: ref(corev1.ModifyVolumeStatus{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ModifyVolumeStatus", "k8s.io/api/core/v1.PersistentVolumeClaimCondition", "k8s.io/apimachinery/pkg/api/resource.Quantity"}, + corev1.ModifyVolumeStatus{}.OpenAPIModelName(), corev1.PersistentVolumeClaimCondition{}.OpenAPIModelName(), resource.Quantity{}.OpenAPIModelName()}, } } @@ -79016,14 +80391,14 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimTemplate(ref common.Reference SchemaProps: spec.SchemaProps{ Description: "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PersistentVolumeClaimSpec"), + Ref: ref(corev1.PersistentVolumeClaimSpec{}.OpenAPIModelName()), }, }, }, @@ -79031,7 +80406,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeClaimTemplate(ref common.Reference }, }, Dependencies: []string{ - "k8s.io/api/core/v1.PersistentVolumeClaimSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + corev1.PersistentVolumeClaimSpec{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -79089,7 +80464,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeList(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -79100,7 +80475,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeList(ref common.ReferenceCallback) Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PersistentVolume"), + Ref: ref(corev1.PersistentVolume{}.OpenAPIModelName()), }, }, }, @@ -79111,7 +80486,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeList(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "k8s.io/api/core/v1.PersistentVolume", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + corev1.PersistentVolume{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -79125,140 +80500,140 @@ func schema_k8sio_api_core_v1_PersistentVolumeSource(ref common.ReferenceCallbac "gcePersistentDisk": { SchemaProps: spec.SchemaProps{ Description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - Ref: ref("k8s.io/api/core/v1.GCEPersistentDiskVolumeSource"), + Ref: ref(corev1.GCEPersistentDiskVolumeSource{}.OpenAPIModelName()), }, }, "awsElasticBlockStore": { SchemaProps: spec.SchemaProps{ Description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - Ref: ref("k8s.io/api/core/v1.AWSElasticBlockStoreVolumeSource"), + Ref: ref(corev1.AWSElasticBlockStoreVolumeSource{}.OpenAPIModelName()), }, }, "hostPath": { SchemaProps: spec.SchemaProps{ Description: "hostPath represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - Ref: ref("k8s.io/api/core/v1.HostPathVolumeSource"), + Ref: ref(corev1.HostPathVolumeSource{}.OpenAPIModelName()), }, }, "glusterfs": { SchemaProps: spec.SchemaProps{ Description: "glusterfs represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md", - Ref: ref("k8s.io/api/core/v1.GlusterfsPersistentVolumeSource"), + Ref: ref(corev1.GlusterfsPersistentVolumeSource{}.OpenAPIModelName()), }, }, "nfs": { SchemaProps: spec.SchemaProps{ Description: "nfs represents an NFS mount on the host. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - Ref: ref("k8s.io/api/core/v1.NFSVolumeSource"), + Ref: ref(corev1.NFSVolumeSource{}.OpenAPIModelName()), }, }, "rbd": { SchemaProps: spec.SchemaProps{ Description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md", - Ref: ref("k8s.io/api/core/v1.RBDPersistentVolumeSource"), + Ref: ref(corev1.RBDPersistentVolumeSource{}.OpenAPIModelName()), }, }, "iscsi": { SchemaProps: spec.SchemaProps{ Description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin.", - Ref: ref("k8s.io/api/core/v1.ISCSIPersistentVolumeSource"), + Ref: ref(corev1.ISCSIPersistentVolumeSource{}.OpenAPIModelName()), }, }, "cinder": { SchemaProps: spec.SchemaProps{ Description: "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - Ref: ref("k8s.io/api/core/v1.CinderPersistentVolumeSource"), + Ref: ref(corev1.CinderPersistentVolumeSource{}.OpenAPIModelName()), }, }, "cephfs": { SchemaProps: spec.SchemaProps{ Description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.CephFSPersistentVolumeSource"), + Ref: ref(corev1.CephFSPersistentVolumeSource{}.OpenAPIModelName()), }, }, "fc": { SchemaProps: spec.SchemaProps{ Description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", - Ref: ref("k8s.io/api/core/v1.FCVolumeSource"), + Ref: ref(corev1.FCVolumeSource{}.OpenAPIModelName()), }, }, "flocker": { SchemaProps: spec.SchemaProps{ Description: "flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.FlockerVolumeSource"), + Ref: ref(corev1.FlockerVolumeSource{}.OpenAPIModelName()), }, }, "flexVolume": { SchemaProps: spec.SchemaProps{ Description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", - Ref: ref("k8s.io/api/core/v1.FlexPersistentVolumeSource"), + Ref: ref(corev1.FlexPersistentVolumeSource{}.OpenAPIModelName()), }, }, "azureFile": { SchemaProps: spec.SchemaProps{ Description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver.", - Ref: ref("k8s.io/api/core/v1.AzureFilePersistentVolumeSource"), + Ref: ref(corev1.AzureFilePersistentVolumeSource{}.OpenAPIModelName()), }, }, "vsphereVolume": { SchemaProps: spec.SchemaProps{ Description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver.", - Ref: ref("k8s.io/api/core/v1.VsphereVirtualDiskVolumeSource"), + Ref: ref(corev1.VsphereVirtualDiskVolumeSource{}.OpenAPIModelName()), }, }, "quobyte": { SchemaProps: spec.SchemaProps{ Description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.QuobyteVolumeSource"), + Ref: ref(corev1.QuobyteVolumeSource{}.OpenAPIModelName()), }, }, "azureDisk": { SchemaProps: spec.SchemaProps{ Description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver.", - Ref: ref("k8s.io/api/core/v1.AzureDiskVolumeSource"), + Ref: ref(corev1.AzureDiskVolumeSource{}.OpenAPIModelName()), }, }, "photonPersistentDisk": { SchemaProps: spec.SchemaProps{ Description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.PhotonPersistentDiskVolumeSource"), + Ref: ref(corev1.PhotonPersistentDiskVolumeSource{}.OpenAPIModelName()), }, }, "portworxVolume": { SchemaProps: spec.SchemaProps{ Description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on.", - Ref: ref("k8s.io/api/core/v1.PortworxVolumeSource"), + Ref: ref(corev1.PortworxVolumeSource{}.OpenAPIModelName()), }, }, "scaleIO": { SchemaProps: spec.SchemaProps{ Description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.ScaleIOPersistentVolumeSource"), + Ref: ref(corev1.ScaleIOPersistentVolumeSource{}.OpenAPIModelName()), }, }, "local": { SchemaProps: spec.SchemaProps{ Description: "local represents directly-attached storage with node affinity", - Ref: ref("k8s.io/api/core/v1.LocalVolumeSource"), + Ref: ref(corev1.LocalVolumeSource{}.OpenAPIModelName()), }, }, "storageos": { SchemaProps: spec.SchemaProps{ Description: "storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. More info: https://examples.k8s.io/volumes/storageos/README.md", - Ref: ref("k8s.io/api/core/v1.StorageOSPersistentVolumeSource"), + Ref: ref(corev1.StorageOSPersistentVolumeSource{}.OpenAPIModelName()), }, }, "csi": { SchemaProps: spec.SchemaProps{ Description: "csi represents storage that is handled by an external CSI driver.", - Ref: ref("k8s.io/api/core/v1.CSIPersistentVolumeSource"), + Ref: ref(corev1.CSIPersistentVolumeSource{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.AWSElasticBlockStoreVolumeSource", "k8s.io/api/core/v1.AzureDiskVolumeSource", "k8s.io/api/core/v1.AzureFilePersistentVolumeSource", "k8s.io/api/core/v1.CSIPersistentVolumeSource", "k8s.io/api/core/v1.CephFSPersistentVolumeSource", "k8s.io/api/core/v1.CinderPersistentVolumeSource", "k8s.io/api/core/v1.FCVolumeSource", "k8s.io/api/core/v1.FlexPersistentVolumeSource", "k8s.io/api/core/v1.FlockerVolumeSource", "k8s.io/api/core/v1.GCEPersistentDiskVolumeSource", "k8s.io/api/core/v1.GlusterfsPersistentVolumeSource", "k8s.io/api/core/v1.HostPathVolumeSource", "k8s.io/api/core/v1.ISCSIPersistentVolumeSource", "k8s.io/api/core/v1.LocalVolumeSource", "k8s.io/api/core/v1.NFSVolumeSource", "k8s.io/api/core/v1.PhotonPersistentDiskVolumeSource", "k8s.io/api/core/v1.PortworxVolumeSource", "k8s.io/api/core/v1.QuobyteVolumeSource", "k8s.io/api/core/v1.RBDPersistentVolumeSource", "k8s.io/api/core/v1.ScaleIOPersistentVolumeSource", "k8s.io/api/core/v1.StorageOSPersistentVolumeSource", "k8s.io/api/core/v1.VsphereVirtualDiskVolumeSource"}, + corev1.AWSElasticBlockStoreVolumeSource{}.OpenAPIModelName(), corev1.AzureDiskVolumeSource{}.OpenAPIModelName(), corev1.AzureFilePersistentVolumeSource{}.OpenAPIModelName(), corev1.CSIPersistentVolumeSource{}.OpenAPIModelName(), corev1.CephFSPersistentVolumeSource{}.OpenAPIModelName(), corev1.CinderPersistentVolumeSource{}.OpenAPIModelName(), corev1.FCVolumeSource{}.OpenAPIModelName(), corev1.FlexPersistentVolumeSource{}.OpenAPIModelName(), corev1.FlockerVolumeSource{}.OpenAPIModelName(), corev1.GCEPersistentDiskVolumeSource{}.OpenAPIModelName(), corev1.GlusterfsPersistentVolumeSource{}.OpenAPIModelName(), corev1.HostPathVolumeSource{}.OpenAPIModelName(), corev1.ISCSIPersistentVolumeSource{}.OpenAPIModelName(), corev1.LocalVolumeSource{}.OpenAPIModelName(), corev1.NFSVolumeSource{}.OpenAPIModelName(), corev1.PhotonPersistentDiskVolumeSource{}.OpenAPIModelName(), corev1.PortworxVolumeSource{}.OpenAPIModelName(), corev1.QuobyteVolumeSource{}.OpenAPIModelName(), corev1.RBDPersistentVolumeSource{}.OpenAPIModelName(), corev1.ScaleIOPersistentVolumeSource{}.OpenAPIModelName(), corev1.StorageOSPersistentVolumeSource{}.OpenAPIModelName(), corev1.VsphereVirtualDiskVolumeSource{}.OpenAPIModelName()}, } } @@ -79277,7 +80652,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeSpec(ref common.ReferenceCallback) Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, }, @@ -79286,133 +80661,133 @@ func schema_k8sio_api_core_v1_PersistentVolumeSpec(ref common.ReferenceCallback) "gcePersistentDisk": { SchemaProps: spec.SchemaProps{ Description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - Ref: ref("k8s.io/api/core/v1.GCEPersistentDiskVolumeSource"), + Ref: ref(corev1.GCEPersistentDiskVolumeSource{}.OpenAPIModelName()), }, }, "awsElasticBlockStore": { SchemaProps: spec.SchemaProps{ Description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - Ref: ref("k8s.io/api/core/v1.AWSElasticBlockStoreVolumeSource"), + Ref: ref(corev1.AWSElasticBlockStoreVolumeSource{}.OpenAPIModelName()), }, }, "hostPath": { SchemaProps: spec.SchemaProps{ Description: "hostPath represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - Ref: ref("k8s.io/api/core/v1.HostPathVolumeSource"), + Ref: ref(corev1.HostPathVolumeSource{}.OpenAPIModelName()), }, }, "glusterfs": { SchemaProps: spec.SchemaProps{ Description: "glusterfs represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md", - Ref: ref("k8s.io/api/core/v1.GlusterfsPersistentVolumeSource"), + Ref: ref(corev1.GlusterfsPersistentVolumeSource{}.OpenAPIModelName()), }, }, "nfs": { SchemaProps: spec.SchemaProps{ Description: "nfs represents an NFS mount on the host. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - Ref: ref("k8s.io/api/core/v1.NFSVolumeSource"), + Ref: ref(corev1.NFSVolumeSource{}.OpenAPIModelName()), }, }, "rbd": { SchemaProps: spec.SchemaProps{ Description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md", - Ref: ref("k8s.io/api/core/v1.RBDPersistentVolumeSource"), + Ref: ref(corev1.RBDPersistentVolumeSource{}.OpenAPIModelName()), }, }, "iscsi": { SchemaProps: spec.SchemaProps{ Description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin.", - Ref: ref("k8s.io/api/core/v1.ISCSIPersistentVolumeSource"), + Ref: ref(corev1.ISCSIPersistentVolumeSource{}.OpenAPIModelName()), }, }, "cinder": { SchemaProps: spec.SchemaProps{ Description: "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - Ref: ref("k8s.io/api/core/v1.CinderPersistentVolumeSource"), + Ref: ref(corev1.CinderPersistentVolumeSource{}.OpenAPIModelName()), }, }, "cephfs": { SchemaProps: spec.SchemaProps{ Description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.CephFSPersistentVolumeSource"), + Ref: ref(corev1.CephFSPersistentVolumeSource{}.OpenAPIModelName()), }, }, "fc": { SchemaProps: spec.SchemaProps{ Description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", - Ref: ref("k8s.io/api/core/v1.FCVolumeSource"), + Ref: ref(corev1.FCVolumeSource{}.OpenAPIModelName()), }, }, "flocker": { SchemaProps: spec.SchemaProps{ Description: "flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.FlockerVolumeSource"), + Ref: ref(corev1.FlockerVolumeSource{}.OpenAPIModelName()), }, }, "flexVolume": { SchemaProps: spec.SchemaProps{ Description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", - Ref: ref("k8s.io/api/core/v1.FlexPersistentVolumeSource"), + Ref: ref(corev1.FlexPersistentVolumeSource{}.OpenAPIModelName()), }, }, "azureFile": { SchemaProps: spec.SchemaProps{ Description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver.", - Ref: ref("k8s.io/api/core/v1.AzureFilePersistentVolumeSource"), + Ref: ref(corev1.AzureFilePersistentVolumeSource{}.OpenAPIModelName()), }, }, "vsphereVolume": { SchemaProps: spec.SchemaProps{ Description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver.", - Ref: ref("k8s.io/api/core/v1.VsphereVirtualDiskVolumeSource"), + Ref: ref(corev1.VsphereVirtualDiskVolumeSource{}.OpenAPIModelName()), }, }, "quobyte": { SchemaProps: spec.SchemaProps{ Description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.QuobyteVolumeSource"), + Ref: ref(corev1.QuobyteVolumeSource{}.OpenAPIModelName()), }, }, "azureDisk": { SchemaProps: spec.SchemaProps{ Description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver.", - Ref: ref("k8s.io/api/core/v1.AzureDiskVolumeSource"), + Ref: ref(corev1.AzureDiskVolumeSource{}.OpenAPIModelName()), }, }, "photonPersistentDisk": { SchemaProps: spec.SchemaProps{ Description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.PhotonPersistentDiskVolumeSource"), + Ref: ref(corev1.PhotonPersistentDiskVolumeSource{}.OpenAPIModelName()), }, }, "portworxVolume": { SchemaProps: spec.SchemaProps{ Description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on.", - Ref: ref("k8s.io/api/core/v1.PortworxVolumeSource"), + Ref: ref(corev1.PortworxVolumeSource{}.OpenAPIModelName()), }, }, "scaleIO": { SchemaProps: spec.SchemaProps{ Description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.ScaleIOPersistentVolumeSource"), + Ref: ref(corev1.ScaleIOPersistentVolumeSource{}.OpenAPIModelName()), }, }, "local": { SchemaProps: spec.SchemaProps{ Description: "local represents directly-attached storage with node affinity", - Ref: ref("k8s.io/api/core/v1.LocalVolumeSource"), + Ref: ref(corev1.LocalVolumeSource{}.OpenAPIModelName()), }, }, "storageos": { SchemaProps: spec.SchemaProps{ Description: "storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. More info: https://examples.k8s.io/volumes/storageos/README.md", - Ref: ref("k8s.io/api/core/v1.StorageOSPersistentVolumeSource"), + Ref: ref(corev1.StorageOSPersistentVolumeSource{}.OpenAPIModelName()), }, }, "csi": { SchemaProps: spec.SchemaProps{ Description: "csi represents storage that is handled by an external CSI driver.", - Ref: ref("k8s.io/api/core/v1.CSIPersistentVolumeSource"), + Ref: ref(corev1.CSIPersistentVolumeSource{}.OpenAPIModelName()), }, }, "accessModes": { @@ -79444,7 +80819,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeSpec(ref common.ReferenceCallback) }, SchemaProps: spec.SchemaProps{ Description: "claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. claim.VolumeName is the authoritative bind between PV and PVC. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding", - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, "persistentVolumeReclaimPolicy": { @@ -79492,8 +80867,8 @@ func schema_k8sio_api_core_v1_PersistentVolumeSpec(ref common.ReferenceCallback) }, "nodeAffinity": { SchemaProps: spec.SchemaProps{ - Description: "nodeAffinity defines constraints that limit what nodes this volume can be accessed from. This field influences the scheduling of pods that use this volume.", - Ref: ref("k8s.io/api/core/v1.VolumeNodeAffinity"), + Description: "nodeAffinity defines constraints that limit what nodes this volume can be accessed from. This field influences the scheduling of pods that use this volume. This field is mutable if MutablePVNodeAffinity feature gate is enabled.", + Ref: ref(corev1.VolumeNodeAffinity{}.OpenAPIModelName()), }, }, "volumeAttributesClassName": { @@ -79507,7 +80882,7 @@ func schema_k8sio_api_core_v1_PersistentVolumeSpec(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "k8s.io/api/core/v1.AWSElasticBlockStoreVolumeSource", "k8s.io/api/core/v1.AzureDiskVolumeSource", "k8s.io/api/core/v1.AzureFilePersistentVolumeSource", "k8s.io/api/core/v1.CSIPersistentVolumeSource", "k8s.io/api/core/v1.CephFSPersistentVolumeSource", "k8s.io/api/core/v1.CinderPersistentVolumeSource", "k8s.io/api/core/v1.FCVolumeSource", "k8s.io/api/core/v1.FlexPersistentVolumeSource", "k8s.io/api/core/v1.FlockerVolumeSource", "k8s.io/api/core/v1.GCEPersistentDiskVolumeSource", "k8s.io/api/core/v1.GlusterfsPersistentVolumeSource", "k8s.io/api/core/v1.HostPathVolumeSource", "k8s.io/api/core/v1.ISCSIPersistentVolumeSource", "k8s.io/api/core/v1.LocalVolumeSource", "k8s.io/api/core/v1.NFSVolumeSource", "k8s.io/api/core/v1.ObjectReference", "k8s.io/api/core/v1.PhotonPersistentDiskVolumeSource", "k8s.io/api/core/v1.PortworxVolumeSource", "k8s.io/api/core/v1.QuobyteVolumeSource", "k8s.io/api/core/v1.RBDPersistentVolumeSource", "k8s.io/api/core/v1.ScaleIOPersistentVolumeSource", "k8s.io/api/core/v1.StorageOSPersistentVolumeSource", "k8s.io/api/core/v1.VolumeNodeAffinity", "k8s.io/api/core/v1.VsphereVirtualDiskVolumeSource", "k8s.io/apimachinery/pkg/api/resource.Quantity"}, + corev1.AWSElasticBlockStoreVolumeSource{}.OpenAPIModelName(), corev1.AzureDiskVolumeSource{}.OpenAPIModelName(), corev1.AzureFilePersistentVolumeSource{}.OpenAPIModelName(), corev1.CSIPersistentVolumeSource{}.OpenAPIModelName(), corev1.CephFSPersistentVolumeSource{}.OpenAPIModelName(), corev1.CinderPersistentVolumeSource{}.OpenAPIModelName(), corev1.FCVolumeSource{}.OpenAPIModelName(), corev1.FlexPersistentVolumeSource{}.OpenAPIModelName(), corev1.FlockerVolumeSource{}.OpenAPIModelName(), corev1.GCEPersistentDiskVolumeSource{}.OpenAPIModelName(), corev1.GlusterfsPersistentVolumeSource{}.OpenAPIModelName(), corev1.HostPathVolumeSource{}.OpenAPIModelName(), corev1.ISCSIPersistentVolumeSource{}.OpenAPIModelName(), corev1.LocalVolumeSource{}.OpenAPIModelName(), corev1.NFSVolumeSource{}.OpenAPIModelName(), corev1.ObjectReference{}.OpenAPIModelName(), corev1.PhotonPersistentDiskVolumeSource{}.OpenAPIModelName(), corev1.PortworxVolumeSource{}.OpenAPIModelName(), corev1.QuobyteVolumeSource{}.OpenAPIModelName(), corev1.RBDPersistentVolumeSource{}.OpenAPIModelName(), corev1.ScaleIOPersistentVolumeSource{}.OpenAPIModelName(), corev1.StorageOSPersistentVolumeSource{}.OpenAPIModelName(), corev1.VolumeNodeAffinity{}.OpenAPIModelName(), corev1.VsphereVirtualDiskVolumeSource{}.OpenAPIModelName(), resource.Quantity{}.OpenAPIModelName()}, } } @@ -79543,14 +80918,14 @@ func schema_k8sio_api_core_v1_PersistentVolumeStatus(ref common.ReferenceCallbac "lastPhaseTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "lastPhaseTransitionTime is the time the phase transitioned from one to another and automatically resets to current time everytime a volume phase transitions.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -79608,28 +80983,28 @@ func schema_k8sio_api_core_v1_Pod(ref common.ReferenceCallback) common.OpenAPIDe SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PodSpec"), + Ref: ref(corev1.PodSpec{}.OpenAPIModelName()), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "Most recently observed status of the pod. This data may not be up to date. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PodStatus"), + Ref: ref(corev1.PodStatus{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.PodSpec", "k8s.io/api/core/v1.PodStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + corev1.PodSpec{}.OpenAPIModelName(), corev1.PodStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -79653,7 +81028,7 @@ func schema_k8sio_api_core_v1_PodAffinity(ref common.ReferenceCallback) common.O Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PodAffinityTerm"), + Ref: ref(corev1.PodAffinityTerm{}.OpenAPIModelName()), }, }, }, @@ -79672,7 +81047,7 @@ func schema_k8sio_api_core_v1_PodAffinity(ref common.ReferenceCallback) common.O Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.WeightedPodAffinityTerm"), + Ref: ref(corev1.WeightedPodAffinityTerm{}.OpenAPIModelName()), }, }, }, @@ -79682,7 +81057,7 @@ func schema_k8sio_api_core_v1_PodAffinity(ref common.ReferenceCallback) common.O }, }, Dependencies: []string{ - "k8s.io/api/core/v1.PodAffinityTerm", "k8s.io/api/core/v1.WeightedPodAffinityTerm"}, + corev1.PodAffinityTerm{}.OpenAPIModelName(), corev1.WeightedPodAffinityTerm{}.OpenAPIModelName()}, } } @@ -79696,7 +81071,7 @@ func schema_k8sio_api_core_v1_PodAffinityTerm(ref common.ReferenceCallback) comm "labelSelector": { SchemaProps: spec.SchemaProps{ Description: "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, "namespaces": { @@ -79730,7 +81105,7 @@ func schema_k8sio_api_core_v1_PodAffinityTerm(ref common.ReferenceCallback) comm "namespaceSelector": { SchemaProps: spec.SchemaProps{ Description: "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, "matchLabelKeys": { @@ -79778,7 +81153,7 @@ func schema_k8sio_api_core_v1_PodAffinityTerm(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + metav1.LabelSelector{}.OpenAPIModelName()}, } } @@ -79802,7 +81177,7 @@ func schema_k8sio_api_core_v1_PodAntiAffinity(ref common.ReferenceCallback) comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PodAffinityTerm"), + Ref: ref(corev1.PodAffinityTerm{}.OpenAPIModelName()), }, }, }, @@ -79821,7 +81196,7 @@ func schema_k8sio_api_core_v1_PodAntiAffinity(ref common.ReferenceCallback) comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.WeightedPodAffinityTerm"), + Ref: ref(corev1.WeightedPodAffinityTerm{}.OpenAPIModelName()), }, }, }, @@ -79831,7 +81206,7 @@ func schema_k8sio_api_core_v1_PodAntiAffinity(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "k8s.io/api/core/v1.PodAffinityTerm", "k8s.io/api/core/v1.WeightedPodAffinityTerm"}, + corev1.PodAffinityTerm{}.OpenAPIModelName(), corev1.WeightedPodAffinityTerm{}.OpenAPIModelName()}, } } @@ -79946,6 +81321,22 @@ func schema_k8sio_api_core_v1_PodCertificateProjection(ref common.ReferenceCallb Format: "", }, }, + "userAnnotations": { + SchemaProps: spec.SchemaProps{ + Description: "userAnnotations allow pod authors to pass additional information to the signer implementation. Kubernetes does not restrict or validate this metadata in any way.\n\nThese values are copied verbatim into the `spec.unverifiedUserAnnotations` field of the PodCertificateRequest objects that Kubelet creates.\n\nEntries are subject to the same validation as object metadata annotations, with the addition that all keys must be domain-prefixed. No restrictions are placed on values, except an overall size limitation on the entire field.\n\nSigners should document the keys and values they support. Signers should deny requests that contain keys they do not recognize.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, }, Required: []string{"signerName", "keyType"}, }, @@ -79970,7 +81361,7 @@ func schema_k8sio_api_core_v1_PodCondition(ref common.ReferenceCallback) common. }, "observedGeneration": { SchemaProps: spec.SchemaProps{ - Description: "If set, this represents the .metadata.generation that the pod condition was set based upon. This is an alpha field. Enable PodObservedGenerationTracking to be able to use this field.", + Description: "If set, this represents the .metadata.generation that the pod condition was set based upon. The PodObservedGenerationTracking feature gate must be enabled to use this field.", Type: []string{"integer"}, Format: "int64", }, @@ -79986,13 +81377,13 @@ func schema_k8sio_api_core_v1_PodCondition(ref common.ReferenceCallback) common. "lastProbeTime": { SchemaProps: spec.SchemaProps{ Description: "Last time we probed the condition.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "Last time the condition transitioned from one status to another.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "reason": { @@ -80014,7 +81405,7 @@ func schema_k8sio_api_core_v1_PodCondition(ref common.ReferenceCallback) common. }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -80078,7 +81469,7 @@ func schema_k8sio_api_core_v1_PodDNSConfig(ref common.ReferenceCallback) common. Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PodDNSConfigOption"), + Ref: ref(corev1.PodDNSConfigOption{}.OpenAPIModelName()), }, }, }, @@ -80088,7 +81479,7 @@ func schema_k8sio_api_core_v1_PodDNSConfig(ref common.ReferenceCallback) common. }, }, Dependencies: []string{ - "k8s.io/api/core/v1.PodDNSConfigOption"}, + corev1.PodDNSConfigOption{}.OpenAPIModelName()}, } } @@ -80222,7 +81613,7 @@ func schema_k8sio_api_core_v1_PodExtendedResourceClaimStatus(ref common.Referenc Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ContainerExtendedResourceRequest"), + Ref: ref(corev1.ContainerExtendedResourceRequest{}.OpenAPIModelName()), }, }, }, @@ -80241,7 +81632,7 @@ func schema_k8sio_api_core_v1_PodExtendedResourceClaimStatus(ref common.Referenc }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ContainerExtendedResourceRequest"}, + corev1.ContainerExtendedResourceRequest{}.OpenAPIModelName()}, } } @@ -80292,7 +81683,7 @@ func schema_k8sio_api_core_v1_PodList(ref common.ReferenceCallback) common.OpenA SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -80303,7 +81694,7 @@ func schema_k8sio_api_core_v1_PodList(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.Pod"), + Ref: ref(corev1.Pod{}.OpenAPIModelName()), }, }, }, @@ -80314,7 +81705,7 @@ func schema_k8sio_api_core_v1_PodList(ref common.ReferenceCallback) common.OpenA }, }, Dependencies: []string{ - "k8s.io/api/core/v1.Pod", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + corev1.Pod{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -80370,7 +81761,7 @@ func schema_k8sio_api_core_v1_PodLogOptions(ref common.ReferenceCallback) common "sinceTime": { SchemaProps: spec.SchemaProps{ Description: "An RFC3339 timestamp from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "timestamps": { @@ -80412,7 +81803,7 @@ func schema_k8sio_api_core_v1_PodLogOptions(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -80638,13 +82029,13 @@ func schema_k8sio_api_core_v1_PodSecurityContext(ref common.ReferenceCallback) c "seLinuxOptions": { SchemaProps: spec.SchemaProps{ Description: "The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", - Ref: ref("k8s.io/api/core/v1.SELinuxOptions"), + Ref: ref(corev1.SELinuxOptions{}.OpenAPIModelName()), }, }, "windowsOptions": { SchemaProps: spec.SchemaProps{ Description: "The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", - Ref: ref("k8s.io/api/core/v1.WindowsSecurityContextOptions"), + Ref: ref(corev1.WindowsSecurityContextOptions{}.OpenAPIModelName()), }, }, "runAsUser": { @@ -80716,7 +82107,7 @@ func schema_k8sio_api_core_v1_PodSecurityContext(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.Sysctl"), + Ref: ref(corev1.Sysctl{}.OpenAPIModelName()), }, }, }, @@ -80733,13 +82124,13 @@ func schema_k8sio_api_core_v1_PodSecurityContext(ref common.ReferenceCallback) c "seccompProfile": { SchemaProps: spec.SchemaProps{ Description: "The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.", - Ref: ref("k8s.io/api/core/v1.SeccompProfile"), + Ref: ref(corev1.SeccompProfile{}.OpenAPIModelName()), }, }, "appArmorProfile": { SchemaProps: spec.SchemaProps{ Description: "appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.", - Ref: ref("k8s.io/api/core/v1.AppArmorProfile"), + Ref: ref(corev1.AppArmorProfile{}.OpenAPIModelName()), }, }, "seLinuxChangePolicy": { @@ -80753,7 +82144,7 @@ func schema_k8sio_api_core_v1_PodSecurityContext(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - "k8s.io/api/core/v1.AppArmorProfile", "k8s.io/api/core/v1.SELinuxOptions", "k8s.io/api/core/v1.SeccompProfile", "k8s.io/api/core/v1.Sysctl", "k8s.io/api/core/v1.WindowsSecurityContextOptions"}, + corev1.AppArmorProfile{}.OpenAPIModelName(), corev1.SELinuxOptions{}.OpenAPIModelName(), corev1.SeccompProfile{}.OpenAPIModelName(), corev1.Sysctl{}.OpenAPIModelName(), corev1.WindowsSecurityContextOptions{}.OpenAPIModelName()}, } } @@ -80767,14 +82158,14 @@ func schema_k8sio_api_core_v1_PodSignature(ref common.ReferenceCallback) common. "podController": { SchemaProps: spec.SchemaProps{ Description: "Reference to controller whose pods should avoid this node.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference"), + Ref: ref(metav1.OwnerReference{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference"}, + metav1.OwnerReference{}.OpenAPIModelName()}, } } @@ -80803,7 +82194,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.Volume"), + Ref: ref(corev1.Volume{}.OpenAPIModelName()), }, }, }, @@ -80827,7 +82218,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.Container"), + Ref: ref(corev1.Container{}.OpenAPIModelName()), }, }, }, @@ -80851,7 +82242,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.Container"), + Ref: ref(corev1.Container{}.OpenAPIModelName()), }, }, }, @@ -80875,7 +82266,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.EphemeralContainer"), + Ref: ref(corev1.EphemeralContainer{}.OpenAPIModelName()), }, }, }, @@ -80991,7 +82382,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA "securityContext": { SchemaProps: spec.SchemaProps{ Description: "SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.", - Ref: ref("k8s.io/api/core/v1.PodSecurityContext"), + Ref: ref(corev1.PodSecurityContext{}.OpenAPIModelName()), }, }, "imagePullSecrets": { @@ -81012,7 +82403,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, }, @@ -81035,7 +82426,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA "affinity": { SchemaProps: spec.SchemaProps{ Description: "If specified, the pod's scheduling constraints", - Ref: ref("k8s.io/api/core/v1.Affinity"), + Ref: ref(corev1.Affinity{}.OpenAPIModelName()), }, }, "schedulerName": { @@ -81058,7 +82449,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.Toleration"), + Ref: ref(corev1.Toleration{}.OpenAPIModelName()), }, }, }, @@ -81082,7 +82473,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.HostAlias"), + Ref: ref(corev1.HostAlias{}.OpenAPIModelName()), }, }, }, @@ -81105,7 +82496,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA "dnsConfig": { SchemaProps: spec.SchemaProps{ Description: "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.", - Ref: ref("k8s.io/api/core/v1.PodDNSConfig"), + Ref: ref(corev1.PodDNSConfig{}.OpenAPIModelName()), }, }, "readinessGates": { @@ -81121,7 +82512,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PodReadinessGate"), + Ref: ref(corev1.PodReadinessGate{}.OpenAPIModelName()), }, }, }, @@ -81157,7 +82548,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, }, @@ -81182,7 +82573,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.TopologySpreadConstraint"), + Ref: ref(corev1.TopologySpreadConstraint{}.OpenAPIModelName()), }, }, }, @@ -81198,7 +82589,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA "os": { SchemaProps: spec.SchemaProps{ Description: "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.resources - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.securityContext.supplementalGroupsPolicy - spec.containers[*].securityContext.appArmorProfile - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup", - Ref: ref("k8s.io/api/core/v1.PodOS"), + Ref: ref(corev1.PodOS{}.OpenAPIModelName()), }, }, "hostUsers": { @@ -81226,7 +82617,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PodSchedulingGate"), + Ref: ref(corev1.PodSchedulingGate{}.OpenAPIModelName()), }, }, }, @@ -81244,13 +82635,13 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA }, }, SchemaProps: spec.SchemaProps{ - Description: "ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable.", + Description: "ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name.\n\nThis is a stable field but requires that the DynamicResourceAllocation feature gate is enabled.\n\nThis field is immutable.", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PodResourceClaim"), + Ref: ref(corev1.PodResourceClaim{}.OpenAPIModelName()), }, }, }, @@ -81259,7 +82650,7 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA "resources": { SchemaProps: spec.SchemaProps{ Description: "Resources is the total amount of CPU and Memory resources required by all containers in the pod. It supports specifying Requests and Limits for \"cpu\", \"memory\" and \"hugepages-\" resource names only. ResourceClaims are not supported.\n\nThis field enables fine-grained control over resource allocation for the entire pod, allowing resource sharing among containers in a pod.\n\nThis is an alpha field and requires enabling the PodLevelResources feature gate.", - Ref: ref("k8s.io/api/core/v1.ResourceRequirements"), + Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), }, }, "hostnameOverride": { @@ -81269,12 +82660,18 @@ func schema_k8sio_api_core_v1_PodSpec(ref common.ReferenceCallback) common.OpenA Format: "", }, }, + "workloadRef": { + SchemaProps: spec.SchemaProps{ + Description: "WorkloadRef provides a reference to the Workload object that this Pod belongs to. This field is used by the scheduler to identify the PodGroup and apply the correct group scheduling policies. The Workload object referenced by this field may not exist at the time the Pod is created. This field is immutable, but a Workload object with the same name may be recreated with different policies. Doing this during pod scheduling may result in the placement not conforming to the expected policies.", + Ref: ref(corev1.WorkloadReference{}.OpenAPIModelName()), + }, + }, }, Required: []string{"containers"}, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.Affinity", "k8s.io/api/core/v1.Container", "k8s.io/api/core/v1.EphemeralContainer", "k8s.io/api/core/v1.HostAlias", "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.PodDNSConfig", "k8s.io/api/core/v1.PodOS", "k8s.io/api/core/v1.PodReadinessGate", "k8s.io/api/core/v1.PodResourceClaim", "k8s.io/api/core/v1.PodSchedulingGate", "k8s.io/api/core/v1.PodSecurityContext", "k8s.io/api/core/v1.ResourceRequirements", "k8s.io/api/core/v1.Toleration", "k8s.io/api/core/v1.TopologySpreadConstraint", "k8s.io/api/core/v1.Volume", "k8s.io/apimachinery/pkg/api/resource.Quantity"}, + corev1.Affinity{}.OpenAPIModelName(), corev1.Container{}.OpenAPIModelName(), corev1.EphemeralContainer{}.OpenAPIModelName(), corev1.HostAlias{}.OpenAPIModelName(), corev1.LocalObjectReference{}.OpenAPIModelName(), corev1.PodDNSConfig{}.OpenAPIModelName(), corev1.PodOS{}.OpenAPIModelName(), corev1.PodReadinessGate{}.OpenAPIModelName(), corev1.PodResourceClaim{}.OpenAPIModelName(), corev1.PodSchedulingGate{}.OpenAPIModelName(), corev1.PodSecurityContext{}.OpenAPIModelName(), corev1.ResourceRequirements{}.OpenAPIModelName(), corev1.Toleration{}.OpenAPIModelName(), corev1.TopologySpreadConstraint{}.OpenAPIModelName(), corev1.Volume{}.OpenAPIModelName(), corev1.WorkloadReference{}.OpenAPIModelName(), resource.Quantity{}.OpenAPIModelName()}, } } @@ -81287,7 +82684,7 @@ func schema_k8sio_api_core_v1_PodStatus(ref common.ReferenceCallback) common.Ope Properties: map[string]spec.Schema{ "observedGeneration": { SchemaProps: spec.SchemaProps{ - Description: "If set, this represents the .metadata.generation that the pod status was set based upon. This is an alpha field. Enable PodObservedGenerationTracking to be able to use this field.", + Description: "If set, this represents the .metadata.generation that the pod status was set based upon. The PodObservedGenerationTracking feature gate must be enabled to use this field.", Type: []string{"integer"}, Format: "int64", }, @@ -81318,7 +82715,7 @@ func schema_k8sio_api_core_v1_PodStatus(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PodCondition"), + Ref: ref(corev1.PodCondition{}.OpenAPIModelName()), }, }, }, @@ -81367,7 +82764,7 @@ func schema_k8sio_api_core_v1_PodStatus(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.HostIP"), + Ref: ref(corev1.HostIP{}.OpenAPIModelName()), }, }, }, @@ -81398,7 +82795,7 @@ func schema_k8sio_api_core_v1_PodStatus(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PodIP"), + Ref: ref(corev1.PodIP{}.OpenAPIModelName()), }, }, }, @@ -81407,7 +82804,7 @@ func schema_k8sio_api_core_v1_PodStatus(ref common.ReferenceCallback) common.Ope "startTime": { SchemaProps: spec.SchemaProps{ Description: "RFC 3339 date and time at which the object was acknowledged by the Kubelet. This is before the Kubelet pulled the container image(s) for the pod.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "initContainerStatuses": { @@ -81423,7 +82820,7 @@ func schema_k8sio_api_core_v1_PodStatus(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ContainerStatus"), + Ref: ref(corev1.ContainerStatus{}.OpenAPIModelName()), }, }, }, @@ -81442,7 +82839,7 @@ func schema_k8sio_api_core_v1_PodStatus(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ContainerStatus"), + Ref: ref(corev1.ContainerStatus{}.OpenAPIModelName()), }, }, }, @@ -81469,7 +82866,7 @@ func schema_k8sio_api_core_v1_PodStatus(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ContainerStatus"), + Ref: ref(corev1.ContainerStatus{}.OpenAPIModelName()), }, }, }, @@ -81500,7 +82897,7 @@ func schema_k8sio_api_core_v1_PodStatus(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PodResourceClaimStatus"), + Ref: ref(corev1.PodResourceClaimStatus{}.OpenAPIModelName()), }, }, }, @@ -81509,14 +82906,34 @@ func schema_k8sio_api_core_v1_PodStatus(ref common.ReferenceCallback) common.Ope "extendedResourceClaimStatus": { SchemaProps: spec.SchemaProps{ Description: "Status of extended resource claim backed by DRA.", - Ref: ref("k8s.io/api/core/v1.PodExtendedResourceClaimStatus"), + Ref: ref(corev1.PodExtendedResourceClaimStatus{}.OpenAPIModelName()), + }, + }, + "allocatedResources": { + SchemaProps: spec.SchemaProps{ + Description: "AllocatedResources is the total requests allocated for this pod by the node. If pod-level requests are not set, this will be the total requests aggregated across containers in the pod.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Allows: true, + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Ref: ref(resource.Quantity{}.OpenAPIModelName()), + }, + }, + }, + }, + }, + "resources": { + SchemaProps: spec.SchemaProps{ + Description: "Resources represents the compute resource requests and limits that have been applied at the pod level if pod-level requests or limits are set in PodSpec.Resources", + Ref: ref(corev1.ResourceRequirements{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ContainerStatus", "k8s.io/api/core/v1.HostIP", "k8s.io/api/core/v1.PodCondition", "k8s.io/api/core/v1.PodExtendedResourceClaimStatus", "k8s.io/api/core/v1.PodIP", "k8s.io/api/core/v1.PodResourceClaimStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + corev1.ContainerStatus{}.OpenAPIModelName(), corev1.HostIP{}.OpenAPIModelName(), corev1.PodCondition{}.OpenAPIModelName(), corev1.PodExtendedResourceClaimStatus{}.OpenAPIModelName(), corev1.PodIP{}.OpenAPIModelName(), corev1.PodResourceClaimStatus{}.OpenAPIModelName(), corev1.ResourceRequirements{}.OpenAPIModelName(), resource.Quantity{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, } } @@ -81545,21 +82962,21 @@ func schema_k8sio_api_core_v1_PodStatusResult(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "Most recently observed status of the pod. This data may not be up to date. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PodStatus"), + Ref: ref(corev1.PodStatus{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.PodStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + corev1.PodStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -81588,21 +83005,21 @@ func schema_k8sio_api_core_v1_PodTemplate(ref common.ReferenceCallback) common.O SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "template": { SchemaProps: spec.SchemaProps{ Description: "Template defines the pods that will be created from this pod template. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PodTemplateSpec"), + Ref: ref(corev1.PodTemplateSpec{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.PodTemplateSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + corev1.PodTemplateSpec{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -81631,7 +83048,7 @@ func schema_k8sio_api_core_v1_PodTemplateList(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -81642,7 +83059,7 @@ func schema_k8sio_api_core_v1_PodTemplateList(ref common.ReferenceCallback) comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PodTemplate"), + Ref: ref(corev1.PodTemplate{}.OpenAPIModelName()), }, }, }, @@ -81653,7 +83070,7 @@ func schema_k8sio_api_core_v1_PodTemplateList(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "k8s.io/api/core/v1.PodTemplate", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + corev1.PodTemplate{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -81668,21 +83085,21 @@ func schema_k8sio_api_core_v1_PodTemplateSpec(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PodSpec"), + Ref: ref(corev1.PodSpec{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.PodSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + corev1.PodSpec{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -81771,13 +83188,13 @@ func schema_k8sio_api_core_v1_PreferAvoidPodsEntry(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "The class of pods.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PodSignature"), + Ref: ref(corev1.PodSignature{}.OpenAPIModelName()), }, }, "evictionTime": { SchemaProps: spec.SchemaProps{ Description: "Time at which this entry was added to the list.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "reason": { @@ -81799,7 +83216,7 @@ func schema_k8sio_api_core_v1_PreferAvoidPodsEntry(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "k8s.io/api/core/v1.PodSignature", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + corev1.PodSignature{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, } } @@ -81822,7 +83239,7 @@ func schema_k8sio_api_core_v1_PreferredSchedulingTerm(ref common.ReferenceCallba SchemaProps: spec.SchemaProps{ Description: "A node selector term, associated with the corresponding weight.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.NodeSelectorTerm"), + Ref: ref(corev1.NodeSelectorTerm{}.OpenAPIModelName()), }, }, }, @@ -81830,7 +83247,7 @@ func schema_k8sio_api_core_v1_PreferredSchedulingTerm(ref common.ReferenceCallba }, }, Dependencies: []string{ - "k8s.io/api/core/v1.NodeSelectorTerm"}, + corev1.NodeSelectorTerm{}.OpenAPIModelName()}, } } @@ -81844,25 +83261,25 @@ func schema_k8sio_api_core_v1_Probe(ref common.ReferenceCallback) common.OpenAPI "exec": { SchemaProps: spec.SchemaProps{ Description: "Exec specifies a command to execute in the container.", - Ref: ref("k8s.io/api/core/v1.ExecAction"), + Ref: ref(corev1.ExecAction{}.OpenAPIModelName()), }, }, "httpGet": { SchemaProps: spec.SchemaProps{ Description: "HTTPGet specifies an HTTP GET request to perform.", - Ref: ref("k8s.io/api/core/v1.HTTPGetAction"), + Ref: ref(corev1.HTTPGetAction{}.OpenAPIModelName()), }, }, "tcpSocket": { SchemaProps: spec.SchemaProps{ Description: "TCPSocket specifies a connection to a TCP port.", - Ref: ref("k8s.io/api/core/v1.TCPSocketAction"), + Ref: ref(corev1.TCPSocketAction{}.OpenAPIModelName()), }, }, "grpc": { SchemaProps: spec.SchemaProps{ Description: "GRPC specifies a GRPC HealthCheckRequest.", - Ref: ref("k8s.io/api/core/v1.GRPCAction"), + Ref: ref(corev1.GRPCAction{}.OpenAPIModelName()), }, }, "initialDelaySeconds": { @@ -81911,7 +83328,7 @@ func schema_k8sio_api_core_v1_Probe(ref common.ReferenceCallback) common.OpenAPI }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ExecAction", "k8s.io/api/core/v1.GRPCAction", "k8s.io/api/core/v1.HTTPGetAction", "k8s.io/api/core/v1.TCPSocketAction"}, + corev1.ExecAction{}.OpenAPIModelName(), corev1.GRPCAction{}.OpenAPIModelName(), corev1.HTTPGetAction{}.OpenAPIModelName(), corev1.TCPSocketAction{}.OpenAPIModelName()}, } } @@ -81925,32 +83342,32 @@ func schema_k8sio_api_core_v1_ProbeHandler(ref common.ReferenceCallback) common. "exec": { SchemaProps: spec.SchemaProps{ Description: "Exec specifies a command to execute in the container.", - Ref: ref("k8s.io/api/core/v1.ExecAction"), + Ref: ref(corev1.ExecAction{}.OpenAPIModelName()), }, }, "httpGet": { SchemaProps: spec.SchemaProps{ Description: "HTTPGet specifies an HTTP GET request to perform.", - Ref: ref("k8s.io/api/core/v1.HTTPGetAction"), + Ref: ref(corev1.HTTPGetAction{}.OpenAPIModelName()), }, }, "tcpSocket": { SchemaProps: spec.SchemaProps{ Description: "TCPSocket specifies a connection to a TCP port.", - Ref: ref("k8s.io/api/core/v1.TCPSocketAction"), + Ref: ref(corev1.TCPSocketAction{}.OpenAPIModelName()), }, }, "grpc": { SchemaProps: spec.SchemaProps{ Description: "GRPC specifies a GRPC HealthCheckRequest.", - Ref: ref("k8s.io/api/core/v1.GRPCAction"), + Ref: ref(corev1.GRPCAction{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ExecAction", "k8s.io/api/core/v1.GRPCAction", "k8s.io/api/core/v1.HTTPGetAction", "k8s.io/api/core/v1.TCPSocketAction"}, + corev1.ExecAction{}.OpenAPIModelName(), corev1.GRPCAction{}.OpenAPIModelName(), corev1.HTTPGetAction{}.OpenAPIModelName(), corev1.TCPSocketAction{}.OpenAPIModelName()}, } } @@ -81974,7 +83391,7 @@ func schema_k8sio_api_core_v1_ProjectedVolumeSource(ref common.ReferenceCallback Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.VolumeProjection"), + Ref: ref(corev1.VolumeProjection{}.OpenAPIModelName()), }, }, }, @@ -81991,7 +83408,7 @@ func schema_k8sio_api_core_v1_ProjectedVolumeSource(ref common.ReferenceCallback }, }, Dependencies: []string{ - "k8s.io/api/core/v1.VolumeProjection"}, + corev1.VolumeProjection{}.OpenAPIModelName()}, } } @@ -82122,7 +83539,7 @@ func schema_k8sio_api_core_v1_RBDPersistentVolumeSource(ref common.ReferenceCall "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - Ref: ref("k8s.io/api/core/v1.SecretReference"), + Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), }, }, "readOnly": { @@ -82137,7 +83554,7 @@ func schema_k8sio_api_core_v1_RBDPersistentVolumeSource(ref common.ReferenceCall }, }, Dependencies: []string{ - "k8s.io/api/core/v1.SecretReference"}, + corev1.SecretReference{}.OpenAPIModelName()}, } } @@ -82210,7 +83627,7 @@ func schema_k8sio_api_core_v1_RBDVolumeSource(ref common.ReferenceCallback) comm "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, "readOnly": { @@ -82225,7 +83642,7 @@ func schema_k8sio_api_core_v1_RBDVolumeSource(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "k8s.io/api/core/v1.LocalObjectReference"}, + corev1.LocalObjectReference{}.OpenAPIModelName()}, } } @@ -82254,7 +83671,7 @@ func schema_k8sio_api_core_v1_RangeAllocation(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "range": { @@ -82277,7 +83694,7 @@ func schema_k8sio_api_core_v1_RangeAllocation(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -82306,28 +83723,28 @@ func schema_k8sio_api_core_v1_ReplicationController(ref common.ReferenceCallback SchemaProps: spec.SchemaProps{ Description: "If the Labels of a ReplicationController are empty, they are defaulted to be the same as the Pod(s) that the replication controller manages. Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec defines the specification of the desired behavior of the replication controller. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ReplicationControllerSpec"), + Ref: ref(corev1.ReplicationControllerSpec{}.OpenAPIModelName()), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "Status is the most recently observed status of the replication controller. This data may be out of date by some window of time. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ReplicationControllerStatus"), + Ref: ref(corev1.ReplicationControllerStatus{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ReplicationControllerSpec", "k8s.io/api/core/v1.ReplicationControllerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + corev1.ReplicationControllerSpec{}.OpenAPIModelName(), corev1.ReplicationControllerStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -82357,7 +83774,7 @@ func schema_k8sio_api_core_v1_ReplicationControllerCondition(ref common.Referenc "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "The last time the condition transitioned from one status to another.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "reason": { @@ -82379,7 +83796,7 @@ func schema_k8sio_api_core_v1_ReplicationControllerCondition(ref common.Referenc }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -82408,7 +83825,7 @@ func schema_k8sio_api_core_v1_ReplicationControllerList(ref common.ReferenceCall SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -82419,7 +83836,7 @@ func schema_k8sio_api_core_v1_ReplicationControllerList(ref common.ReferenceCall Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ReplicationController"), + Ref: ref(corev1.ReplicationController{}.OpenAPIModelName()), }, }, }, @@ -82430,7 +83847,7 @@ func schema_k8sio_api_core_v1_ReplicationControllerList(ref common.ReferenceCall }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ReplicationController", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + corev1.ReplicationController{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -82481,14 +83898,14 @@ func schema_k8sio_api_core_v1_ReplicationControllerSpec(ref common.ReferenceCall "template": { SchemaProps: spec.SchemaProps{ Description: "Template is the object that describes the pod that will be created if insufficient replicas are detected. This takes precedence over a TemplateRef. The only allowed template.spec.restartPolicy value is \"Always\". More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template", - Ref: ref("k8s.io/api/core/v1.PodTemplateSpec"), + Ref: ref(corev1.PodTemplateSpec{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.PodTemplateSpec"}, + corev1.PodTemplateSpec{}.OpenAPIModelName()}, } } @@ -82553,7 +83970,7 @@ func schema_k8sio_api_core_v1_ReplicationControllerStatus(ref common.ReferenceCa Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ReplicationControllerCondition"), + Ref: ref(corev1.ReplicationControllerCondition{}.OpenAPIModelName()), }, }, }, @@ -82564,7 +83981,7 @@ func schema_k8sio_api_core_v1_ReplicationControllerStatus(ref common.ReferenceCa }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ReplicationControllerCondition"}, + corev1.ReplicationControllerCondition{}.OpenAPIModelName()}, } } @@ -82622,7 +84039,7 @@ func schema_k8sio_api_core_v1_ResourceFieldSelector(ref common.ReferenceCallback "divisor": { SchemaProps: spec.SchemaProps{ Description: "Specifies the output format of the exposed resources, defaults to \"1\"", - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, }, @@ -82635,7 +84052,7 @@ func schema_k8sio_api_core_v1_ResourceFieldSelector(ref common.ReferenceCallback }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/api/resource.Quantity"}, + resource.Quantity{}.OpenAPIModelName()}, } } @@ -82693,28 +84110,28 @@ func schema_k8sio_api_core_v1_ResourceQuota(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec defines the desired quota. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ResourceQuotaSpec"), + Ref: ref(corev1.ResourceQuotaSpec{}.OpenAPIModelName()), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "Status defines the actual enforced quota and its current usage. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ResourceQuotaStatus"), + Ref: ref(corev1.ResourceQuotaStatus{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ResourceQuotaSpec", "k8s.io/api/core/v1.ResourceQuotaStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + corev1.ResourceQuotaSpec{}.OpenAPIModelName(), corev1.ResourceQuotaStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -82743,7 +84160,7 @@ func schema_k8sio_api_core_v1_ResourceQuotaList(ref common.ReferenceCallback) co SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -82754,7 +84171,7 @@ func schema_k8sio_api_core_v1_ResourceQuotaList(ref common.ReferenceCallback) co Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ResourceQuota"), + Ref: ref(corev1.ResourceQuota{}.OpenAPIModelName()), }, }, }, @@ -82765,7 +84182,7 @@ func schema_k8sio_api_core_v1_ResourceQuotaList(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ResourceQuota", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + corev1.ResourceQuota{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -82784,7 +84201,7 @@ func schema_k8sio_api_core_v1_ResourceQuotaSpec(ref common.ReferenceCallback) co Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, }, @@ -82814,14 +84231,14 @@ func schema_k8sio_api_core_v1_ResourceQuotaSpec(ref common.ReferenceCallback) co "scopeSelector": { SchemaProps: spec.SchemaProps{ Description: "scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.", - Ref: ref("k8s.io/api/core/v1.ScopeSelector"), + Ref: ref(corev1.ScopeSelector{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ScopeSelector", "k8s.io/apimachinery/pkg/api/resource.Quantity"}, + corev1.ScopeSelector{}.OpenAPIModelName(), resource.Quantity{}.OpenAPIModelName()}, } } @@ -82840,7 +84257,7 @@ func schema_k8sio_api_core_v1_ResourceQuotaStatus(ref common.ReferenceCallback) Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, }, @@ -82854,7 +84271,7 @@ func schema_k8sio_api_core_v1_ResourceQuotaStatus(ref common.ReferenceCallback) Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, }, @@ -82864,7 +84281,7 @@ func schema_k8sio_api_core_v1_ResourceQuotaStatus(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/api/resource.Quantity"}, + resource.Quantity{}.OpenAPIModelName()}, } } @@ -82883,7 +84300,7 @@ func schema_k8sio_api_core_v1_ResourceRequirements(ref common.ReferenceCallback) Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, }, @@ -82897,7 +84314,7 @@ func schema_k8sio_api_core_v1_ResourceRequirements(ref common.ReferenceCallback) Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, }, @@ -82919,7 +84336,7 @@ func schema_k8sio_api_core_v1_ResourceRequirements(ref common.ReferenceCallback) Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ResourceClaim"), + Ref: ref(corev1.ResourceClaim{}.OpenAPIModelName()), }, }, }, @@ -82929,7 +84346,7 @@ func schema_k8sio_api_core_v1_ResourceRequirements(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ResourceClaim", "k8s.io/apimachinery/pkg/api/resource.Quantity"}, + corev1.ResourceClaim{}.OpenAPIModelName(), resource.Quantity{}.OpenAPIModelName()}, } } @@ -82964,7 +84381,7 @@ func schema_k8sio_api_core_v1_ResourceStatus(ref common.ReferenceCallback) commo Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ResourceHealth"), + Ref: ref(corev1.ResourceHealth{}.OpenAPIModelName()), }, }, }, @@ -82975,7 +84392,7 @@ func schema_k8sio_api_core_v1_ResourceStatus(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ResourceHealth"}, + corev1.ResourceHealth{}.OpenAPIModelName()}, } } @@ -83046,7 +84463,7 @@ func schema_k8sio_api_core_v1_ScaleIOPersistentVolumeSource(ref common.Reference "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.", - Ref: ref("k8s.io/api/core/v1.SecretReference"), + Ref: ref(corev1.SecretReference{}.OpenAPIModelName()), }, }, "sslEnabled": { @@ -83105,7 +84522,7 @@ func schema_k8sio_api_core_v1_ScaleIOPersistentVolumeSource(ref common.Reference }, }, Dependencies: []string{ - "k8s.io/api/core/v1.SecretReference"}, + corev1.SecretReference{}.OpenAPIModelName()}, } } @@ -83135,7 +84552,7 @@ func schema_k8sio_api_core_v1_ScaleIOVolumeSource(ref common.ReferenceCallback) "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, "sslEnabled": { @@ -83194,7 +84611,7 @@ func schema_k8sio_api_core_v1_ScaleIOVolumeSource(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "k8s.io/api/core/v1.LocalObjectReference"}, + corev1.LocalObjectReference{}.OpenAPIModelName()}, } } @@ -83218,7 +84635,7 @@ func schema_k8sio_api_core_v1_ScopeSelector(ref common.ReferenceCallback) common Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ScopedResourceSelectorRequirement"), + Ref: ref(corev1.ScopedResourceSelectorRequirement{}.OpenAPIModelName()), }, }, }, @@ -83233,7 +84650,7 @@ func schema_k8sio_api_core_v1_ScopeSelector(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ScopedResourceSelectorRequirement"}, + corev1.ScopedResourceSelectorRequirement{}.OpenAPIModelName()}, } } @@ -83356,7 +84773,7 @@ func schema_k8sio_api_core_v1_Secret(ref common.ReferenceCallback) common.OpenAP SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "immutable": { @@ -83408,7 +84825,7 @@ func schema_k8sio_api_core_v1_Secret(ref common.ReferenceCallback) common.OpenAP }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -83507,7 +84924,7 @@ func schema_k8sio_api_core_v1_SecretList(ref common.ReferenceCallback) common.Op SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -83518,7 +84935,7 @@ func schema_k8sio_api_core_v1_SecretList(ref common.ReferenceCallback) common.Op Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.Secret"), + Ref: ref(corev1.Secret{}.OpenAPIModelName()), }, }, }, @@ -83529,7 +84946,7 @@ func schema_k8sio_api_core_v1_SecretList(ref common.ReferenceCallback) common.Op }, }, Dependencies: []string{ - "k8s.io/api/core/v1.Secret", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + corev1.Secret{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -83561,7 +84978,7 @@ func schema_k8sio_api_core_v1_SecretProjection(ref common.ReferenceCallback) com Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.KeyToPath"), + Ref: ref(corev1.KeyToPath{}.OpenAPIModelName()), }, }, }, @@ -83578,7 +84995,7 @@ func schema_k8sio_api_core_v1_SecretProjection(ref common.ReferenceCallback) com }, }, Dependencies: []string{ - "k8s.io/api/core/v1.KeyToPath"}, + corev1.KeyToPath{}.OpenAPIModelName()}, } } @@ -83641,7 +85058,7 @@ func schema_k8sio_api_core_v1_SecretVolumeSource(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.KeyToPath"), + Ref: ref(corev1.KeyToPath{}.OpenAPIModelName()), }, }, }, @@ -83665,7 +85082,7 @@ func schema_k8sio_api_core_v1_SecretVolumeSource(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - "k8s.io/api/core/v1.KeyToPath"}, + corev1.KeyToPath{}.OpenAPIModelName()}, } } @@ -83679,7 +85096,7 @@ func schema_k8sio_api_core_v1_SecurityContext(ref common.ReferenceCallback) comm "capabilities": { SchemaProps: spec.SchemaProps{ Description: "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", - Ref: ref("k8s.io/api/core/v1.Capabilities"), + Ref: ref(corev1.Capabilities{}.OpenAPIModelName()), }, }, "privileged": { @@ -83692,13 +85109,13 @@ func schema_k8sio_api_core_v1_SecurityContext(ref common.ReferenceCallback) comm "seLinuxOptions": { SchemaProps: spec.SchemaProps{ Description: "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", - Ref: ref("k8s.io/api/core/v1.SELinuxOptions"), + Ref: ref(corev1.SELinuxOptions{}.OpenAPIModelName()), }, }, "windowsOptions": { SchemaProps: spec.SchemaProps{ Description: "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", - Ref: ref("k8s.io/api/core/v1.WindowsSecurityContextOptions"), + Ref: ref(corev1.WindowsSecurityContextOptions{}.OpenAPIModelName()), }, }, "runAsUser": { @@ -83747,20 +85164,20 @@ func schema_k8sio_api_core_v1_SecurityContext(ref common.ReferenceCallback) comm "seccompProfile": { SchemaProps: spec.SchemaProps{ Description: "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", - Ref: ref("k8s.io/api/core/v1.SeccompProfile"), + Ref: ref(corev1.SeccompProfile{}.OpenAPIModelName()), }, }, "appArmorProfile": { SchemaProps: spec.SchemaProps{ Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows.", - Ref: ref("k8s.io/api/core/v1.AppArmorProfile"), + Ref: ref(corev1.AppArmorProfile{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.AppArmorProfile", "k8s.io/api/core/v1.Capabilities", "k8s.io/api/core/v1.SELinuxOptions", "k8s.io/api/core/v1.SeccompProfile", "k8s.io/api/core/v1.WindowsSecurityContextOptions"}, + corev1.AppArmorProfile{}.OpenAPIModelName(), corev1.Capabilities{}.OpenAPIModelName(), corev1.SELinuxOptions{}.OpenAPIModelName(), corev1.SeccompProfile{}.OpenAPIModelName(), corev1.WindowsSecurityContextOptions{}.OpenAPIModelName()}, } } @@ -83789,14 +85206,14 @@ func schema_k8sio_api_core_v1_SerializedReference(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "The reference to an object in the system.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ObjectReference"}, + corev1.ObjectReference{}.OpenAPIModelName()}, } } @@ -83825,28 +85242,28 @@ func schema_k8sio_api_core_v1_Service(ref common.ReferenceCallback) common.OpenA SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "spec": { SchemaProps: spec.SchemaProps{ Description: "Spec defines the behavior of a service. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ServiceSpec"), + Ref: ref(corev1.ServiceSpec{}.OpenAPIModelName()), }, }, "status": { SchemaProps: spec.SchemaProps{ Description: "Most recently observed status of the service. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ServiceStatus"), + Ref: ref(corev1.ServiceStatus{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ServiceSpec", "k8s.io/api/core/v1.ServiceStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + corev1.ServiceSpec{}.OpenAPIModelName(), corev1.ServiceStatus{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -83875,7 +85292,7 @@ func schema_k8sio_api_core_v1_ServiceAccount(ref common.ReferenceCallback) commo SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "secrets": { @@ -83896,7 +85313,7 @@ func schema_k8sio_api_core_v1_ServiceAccount(ref common.ReferenceCallback) commo Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, }, @@ -83915,7 +85332,7 @@ func schema_k8sio_api_core_v1_ServiceAccount(ref common.ReferenceCallback) commo Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, }, @@ -83932,7 +85349,7 @@ func schema_k8sio_api_core_v1_ServiceAccount(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - "k8s.io/api/core/v1.LocalObjectReference", "k8s.io/api/core/v1.ObjectReference", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + corev1.LocalObjectReference{}.OpenAPIModelName(), corev1.ObjectReference{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -83961,7 +85378,7 @@ func schema_k8sio_api_core_v1_ServiceAccountList(ref common.ReferenceCallback) c SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -83972,7 +85389,7 @@ func schema_k8sio_api_core_v1_ServiceAccountList(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ServiceAccount"), + Ref: ref(corev1.ServiceAccount{}.OpenAPIModelName()), }, }, }, @@ -83983,7 +85400,7 @@ func schema_k8sio_api_core_v1_ServiceAccountList(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ServiceAccount", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + corev1.ServiceAccount{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -84048,7 +85465,7 @@ func schema_k8sio_api_core_v1_ServiceList(ref common.ReferenceCallback) common.O SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -84059,7 +85476,7 @@ func schema_k8sio_api_core_v1_ServiceList(ref common.ReferenceCallback) common.O Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.Service"), + Ref: ref(corev1.Service{}.OpenAPIModelName()), }, }, }, @@ -84070,7 +85487,7 @@ func schema_k8sio_api_core_v1_ServiceList(ref common.ReferenceCallback) common.O }, }, Dependencies: []string{ - "k8s.io/api/core/v1.Service", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + corev1.Service{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -84115,7 +85532,7 @@ func schema_k8sio_api_core_v1_ServicePort(ref common.ReferenceCallback) common.O "targetPort": { SchemaProps: spec.SchemaProps{ Description: "Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service", - Ref: ref("k8s.io/apimachinery/pkg/util/intstr.IntOrString"), + Ref: ref(intstr.IntOrString{}.OpenAPIModelName()), }, }, "nodePort": { @@ -84130,7 +85547,7 @@ func schema_k8sio_api_core_v1_ServicePort(ref common.ReferenceCallback) common.O }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/util/intstr.IntOrString"}, + intstr.IntOrString{}.OpenAPIModelName()}, } } @@ -84194,7 +85611,7 @@ func schema_k8sio_api_core_v1_ServiceSpec(ref common.ReferenceCallback) common.O Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.ServicePort"), + Ref: ref(corev1.ServicePort{}.OpenAPIModelName()), }, }, }, @@ -84343,7 +85760,7 @@ func schema_k8sio_api_core_v1_ServiceSpec(ref common.ReferenceCallback) common.O "sessionAffinityConfig": { SchemaProps: spec.SchemaProps{ Description: "sessionAffinityConfig contains the configurations of session affinity.", - Ref: ref("k8s.io/api/core/v1.SessionAffinityConfig"), + Ref: ref(corev1.SessionAffinityConfig{}.OpenAPIModelName()), }, }, "ipFamilies": { @@ -84408,7 +85825,7 @@ func schema_k8sio_api_core_v1_ServiceSpec(ref common.ReferenceCallback) common.O }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ServicePort", "k8s.io/api/core/v1.SessionAffinityConfig"}, + corev1.ServicePort{}.OpenAPIModelName(), corev1.SessionAffinityConfig{}.OpenAPIModelName()}, } } @@ -84423,7 +85840,7 @@ func schema_k8sio_api_core_v1_ServiceStatus(ref common.ReferenceCallback) common SchemaProps: spec.SchemaProps{ Description: "LoadBalancer contains the current status of the load-balancer, if one is present.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.LoadBalancerStatus"), + Ref: ref(corev1.LoadBalancerStatus{}.OpenAPIModelName()), }, }, "conditions": { @@ -84444,7 +85861,7 @@ func schema_k8sio_api_core_v1_ServiceStatus(ref common.ReferenceCallback) common Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Condition"), + Ref: ref(metav1.Condition{}.OpenAPIModelName()), }, }, }, @@ -84454,7 +85871,7 @@ func schema_k8sio_api_core_v1_ServiceStatus(ref common.ReferenceCallback) common }, }, Dependencies: []string{ - "k8s.io/api/core/v1.LoadBalancerStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.Condition"}, + corev1.LoadBalancerStatus{}.OpenAPIModelName(), metav1.Condition{}.OpenAPIModelName()}, } } @@ -84468,14 +85885,14 @@ func schema_k8sio_api_core_v1_SessionAffinityConfig(ref common.ReferenceCallback "clientIP": { SchemaProps: spec.SchemaProps{ Description: "clientIP contains the configurations of Client IP based session affinity.", - Ref: ref("k8s.io/api/core/v1.ClientIPConfig"), + Ref: ref(corev1.ClientIPConfig{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ClientIPConfig"}, + corev1.ClientIPConfig{}.OpenAPIModelName()}, } } @@ -84539,14 +85956,14 @@ func schema_k8sio_api_core_v1_StorageOSPersistentVolumeSource(ref common.Referen "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.", - Ref: ref("k8s.io/api/core/v1.ObjectReference"), + Ref: ref(corev1.ObjectReference{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ObjectReference"}, + corev1.ObjectReference{}.OpenAPIModelName()}, } } @@ -84588,14 +86005,14 @@ func schema_k8sio_api_core_v1_StorageOSVolumeSource(ref common.ReferenceCallback "secretRef": { SchemaProps: spec.SchemaProps{ Description: "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.", - Ref: ref("k8s.io/api/core/v1.LocalObjectReference"), + Ref: ref(corev1.LocalObjectReference{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.LocalObjectReference"}, + corev1.LocalObjectReference{}.OpenAPIModelName()}, } } @@ -84639,7 +86056,7 @@ func schema_k8sio_api_core_v1_TCPSocketAction(ref common.ReferenceCallback) comm "port": { SchemaProps: spec.SchemaProps{ Description: "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", - Ref: ref("k8s.io/apimachinery/pkg/util/intstr.IntOrString"), + Ref: ref(intstr.IntOrString{}.OpenAPIModelName()), }, }, "host": { @@ -84654,7 +86071,7 @@ func schema_k8sio_api_core_v1_TCPSocketAction(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/util/intstr.IntOrString"}, + intstr.IntOrString{}.OpenAPIModelName()}, } } @@ -84692,7 +86109,7 @@ func schema_k8sio_api_core_v1_Taint(ref common.ReferenceCallback) common.OpenAPI "timeAdded": { SchemaProps: spec.SchemaProps{ Description: "TimeAdded represents the time at which the taint was added.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, }, @@ -84700,7 +86117,7 @@ func schema_k8sio_api_core_v1_Taint(ref common.ReferenceCallback) common.OpenAPI }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -84720,10 +86137,10 @@ func schema_k8sio_api_core_v1_Toleration(ref common.ReferenceCallback) common.Op }, "operator": { SchemaProps: spec.SchemaProps{ - Description: "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.\n\nPossible enum values:\n - `\"Equal\"`\n - `\"Exists\"`", + Description: "Operator represents a key's relationship to the value. Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).\n\nPossible enum values:\n - `\"Equal\"`\n - `\"Exists\"`\n - `\"Gt\"`\n - `\"Lt\"`", Type: []string{"string"}, Format: "", - Enum: []interface{}{"Equal", "Exists"}, + Enum: []interface{}{"Equal", "Exists", "Gt", "Lt"}, }, }, "value": { @@ -84816,7 +86233,7 @@ func schema_k8sio_api_core_v1_TopologySelectorTerm(ref common.ReferenceCallback) Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.TopologySelectorLabelRequirement"), + Ref: ref(corev1.TopologySelectorLabelRequirement{}.OpenAPIModelName()), }, }, }, @@ -84831,7 +86248,7 @@ func schema_k8sio_api_core_v1_TopologySelectorTerm(ref common.ReferenceCallback) }, }, Dependencies: []string{ - "k8s.io/api/core/v1.TopologySelectorLabelRequirement"}, + corev1.TopologySelectorLabelRequirement{}.OpenAPIModelName()}, } } @@ -84870,7 +86287,7 @@ func schema_k8sio_api_core_v1_TopologySpreadConstraint(ref common.ReferenceCallb "labelSelector": { SchemaProps: spec.SchemaProps{ Description: "LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, "minDomains": { @@ -84921,7 +86338,7 @@ func schema_k8sio_api_core_v1_TopologySpreadConstraint(ref common.ReferenceCallb }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + metav1.LabelSelector{}.OpenAPIModelName()}, } } @@ -85029,181 +86446,181 @@ func schema_k8sio_api_core_v1_Volume(ref common.ReferenceCallback) common.OpenAP "hostPath": { SchemaProps: spec.SchemaProps{ Description: "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - Ref: ref("k8s.io/api/core/v1.HostPathVolumeSource"), + Ref: ref(corev1.HostPathVolumeSource{}.OpenAPIModelName()), }, }, "emptyDir": { SchemaProps: spec.SchemaProps{ Description: "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - Ref: ref("k8s.io/api/core/v1.EmptyDirVolumeSource"), + Ref: ref(corev1.EmptyDirVolumeSource{}.OpenAPIModelName()), }, }, "gcePersistentDisk": { SchemaProps: spec.SchemaProps{ Description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - Ref: ref("k8s.io/api/core/v1.GCEPersistentDiskVolumeSource"), + Ref: ref(corev1.GCEPersistentDiskVolumeSource{}.OpenAPIModelName()), }, }, "awsElasticBlockStore": { SchemaProps: spec.SchemaProps{ Description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - Ref: ref("k8s.io/api/core/v1.AWSElasticBlockStoreVolumeSource"), + Ref: ref(corev1.AWSElasticBlockStoreVolumeSource{}.OpenAPIModelName()), }, }, "gitRepo": { SchemaProps: spec.SchemaProps{ Description: "gitRepo represents a git repository at a particular revision. Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", - Ref: ref("k8s.io/api/core/v1.GitRepoVolumeSource"), + Ref: ref(corev1.GitRepoVolumeSource{}.OpenAPIModelName()), }, }, "secret": { SchemaProps: spec.SchemaProps{ Description: "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - Ref: ref("k8s.io/api/core/v1.SecretVolumeSource"), + Ref: ref(corev1.SecretVolumeSource{}.OpenAPIModelName()), }, }, "nfs": { SchemaProps: spec.SchemaProps{ Description: "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - Ref: ref("k8s.io/api/core/v1.NFSVolumeSource"), + Ref: ref(corev1.NFSVolumeSource{}.OpenAPIModelName()), }, }, "iscsi": { SchemaProps: spec.SchemaProps{ Description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi", - Ref: ref("k8s.io/api/core/v1.ISCSIVolumeSource"), + Ref: ref(corev1.ISCSIVolumeSource{}.OpenAPIModelName()), }, }, "glusterfs": { SchemaProps: spec.SchemaProps{ Description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.GlusterfsVolumeSource"), + Ref: ref(corev1.GlusterfsVolumeSource{}.OpenAPIModelName()), }, }, "persistentVolumeClaim": { SchemaProps: spec.SchemaProps{ Description: "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - Ref: ref("k8s.io/api/core/v1.PersistentVolumeClaimVolumeSource"), + Ref: ref(corev1.PersistentVolumeClaimVolumeSource{}.OpenAPIModelName()), }, }, "rbd": { SchemaProps: spec.SchemaProps{ Description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.RBDVolumeSource"), + Ref: ref(corev1.RBDVolumeSource{}.OpenAPIModelName()), }, }, "flexVolume": { SchemaProps: spec.SchemaProps{ Description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", - Ref: ref("k8s.io/api/core/v1.FlexVolumeSource"), + Ref: ref(corev1.FlexVolumeSource{}.OpenAPIModelName()), }, }, "cinder": { SchemaProps: spec.SchemaProps{ Description: "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - Ref: ref("k8s.io/api/core/v1.CinderVolumeSource"), + Ref: ref(corev1.CinderVolumeSource{}.OpenAPIModelName()), }, }, "cephfs": { SchemaProps: spec.SchemaProps{ Description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.CephFSVolumeSource"), + Ref: ref(corev1.CephFSVolumeSource{}.OpenAPIModelName()), }, }, "flocker": { SchemaProps: spec.SchemaProps{ Description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.FlockerVolumeSource"), + Ref: ref(corev1.FlockerVolumeSource{}.OpenAPIModelName()), }, }, "downwardAPI": { SchemaProps: spec.SchemaProps{ Description: "downwardAPI represents downward API about the pod that should populate this volume", - Ref: ref("k8s.io/api/core/v1.DownwardAPIVolumeSource"), + Ref: ref(corev1.DownwardAPIVolumeSource{}.OpenAPIModelName()), }, }, "fc": { SchemaProps: spec.SchemaProps{ Description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", - Ref: ref("k8s.io/api/core/v1.FCVolumeSource"), + Ref: ref(corev1.FCVolumeSource{}.OpenAPIModelName()), }, }, "azureFile": { SchemaProps: spec.SchemaProps{ Description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver.", - Ref: ref("k8s.io/api/core/v1.AzureFileVolumeSource"), + Ref: ref(corev1.AzureFileVolumeSource{}.OpenAPIModelName()), }, }, "configMap": { SchemaProps: spec.SchemaProps{ Description: "configMap represents a configMap that should populate this volume", - Ref: ref("k8s.io/api/core/v1.ConfigMapVolumeSource"), + Ref: ref(corev1.ConfigMapVolumeSource{}.OpenAPIModelName()), }, }, "vsphereVolume": { SchemaProps: spec.SchemaProps{ Description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver.", - Ref: ref("k8s.io/api/core/v1.VsphereVirtualDiskVolumeSource"), + Ref: ref(corev1.VsphereVirtualDiskVolumeSource{}.OpenAPIModelName()), }, }, "quobyte": { SchemaProps: spec.SchemaProps{ Description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.QuobyteVolumeSource"), + Ref: ref(corev1.QuobyteVolumeSource{}.OpenAPIModelName()), }, }, "azureDisk": { SchemaProps: spec.SchemaProps{ Description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver.", - Ref: ref("k8s.io/api/core/v1.AzureDiskVolumeSource"), + Ref: ref(corev1.AzureDiskVolumeSource{}.OpenAPIModelName()), }, }, "photonPersistentDisk": { SchemaProps: spec.SchemaProps{ Description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.PhotonPersistentDiskVolumeSource"), + Ref: ref(corev1.PhotonPersistentDiskVolumeSource{}.OpenAPIModelName()), }, }, "projected": { SchemaProps: spec.SchemaProps{ Description: "projected items for all in one resources secrets, configmaps, and downward API", - Ref: ref("k8s.io/api/core/v1.ProjectedVolumeSource"), + Ref: ref(corev1.ProjectedVolumeSource{}.OpenAPIModelName()), }, }, "portworxVolume": { SchemaProps: spec.SchemaProps{ Description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on.", - Ref: ref("k8s.io/api/core/v1.PortworxVolumeSource"), + Ref: ref(corev1.PortworxVolumeSource{}.OpenAPIModelName()), }, }, "scaleIO": { SchemaProps: spec.SchemaProps{ Description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.ScaleIOVolumeSource"), + Ref: ref(corev1.ScaleIOVolumeSource{}.OpenAPIModelName()), }, }, "storageos": { SchemaProps: spec.SchemaProps{ Description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.StorageOSVolumeSource"), + Ref: ref(corev1.StorageOSVolumeSource{}.OpenAPIModelName()), }, }, "csi": { SchemaProps: spec.SchemaProps{ Description: "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", - Ref: ref("k8s.io/api/core/v1.CSIVolumeSource"), + Ref: ref(corev1.CSIVolumeSource{}.OpenAPIModelName()), }, }, "ephemeral": { SchemaProps: spec.SchemaProps{ Description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed.\n\nUse this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information.\n\nA pod can use both types of ephemeral volumes and persistent volumes at the same time.", - Ref: ref("k8s.io/api/core/v1.EphemeralVolumeSource"), + Ref: ref(corev1.EphemeralVolumeSource{}.OpenAPIModelName()), }, }, "image": { SchemaProps: spec.SchemaProps{ Description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", - Ref: ref("k8s.io/api/core/v1.ImageVolumeSource"), + Ref: ref(corev1.ImageVolumeSource{}.OpenAPIModelName()), }, }, }, @@ -85211,7 +86628,7 @@ func schema_k8sio_api_core_v1_Volume(ref common.ReferenceCallback) common.OpenAP }, }, Dependencies: []string{ - "k8s.io/api/core/v1.AWSElasticBlockStoreVolumeSource", "k8s.io/api/core/v1.AzureDiskVolumeSource", "k8s.io/api/core/v1.AzureFileVolumeSource", "k8s.io/api/core/v1.CSIVolumeSource", "k8s.io/api/core/v1.CephFSVolumeSource", "k8s.io/api/core/v1.CinderVolumeSource", "k8s.io/api/core/v1.ConfigMapVolumeSource", "k8s.io/api/core/v1.DownwardAPIVolumeSource", "k8s.io/api/core/v1.EmptyDirVolumeSource", "k8s.io/api/core/v1.EphemeralVolumeSource", "k8s.io/api/core/v1.FCVolumeSource", "k8s.io/api/core/v1.FlexVolumeSource", "k8s.io/api/core/v1.FlockerVolumeSource", "k8s.io/api/core/v1.GCEPersistentDiskVolumeSource", "k8s.io/api/core/v1.GitRepoVolumeSource", "k8s.io/api/core/v1.GlusterfsVolumeSource", "k8s.io/api/core/v1.HostPathVolumeSource", "k8s.io/api/core/v1.ISCSIVolumeSource", "k8s.io/api/core/v1.ImageVolumeSource", "k8s.io/api/core/v1.NFSVolumeSource", "k8s.io/api/core/v1.PersistentVolumeClaimVolumeSource", "k8s.io/api/core/v1.PhotonPersistentDiskVolumeSource", "k8s.io/api/core/v1.PortworxVolumeSource", "k8s.io/api/core/v1.ProjectedVolumeSource", "k8s.io/api/core/v1.QuobyteVolumeSource", "k8s.io/api/core/v1.RBDVolumeSource", "k8s.io/api/core/v1.ScaleIOVolumeSource", "k8s.io/api/core/v1.SecretVolumeSource", "k8s.io/api/core/v1.StorageOSVolumeSource", "k8s.io/api/core/v1.VsphereVirtualDiskVolumeSource"}, + corev1.AWSElasticBlockStoreVolumeSource{}.OpenAPIModelName(), corev1.AzureDiskVolumeSource{}.OpenAPIModelName(), corev1.AzureFileVolumeSource{}.OpenAPIModelName(), corev1.CSIVolumeSource{}.OpenAPIModelName(), corev1.CephFSVolumeSource{}.OpenAPIModelName(), corev1.CinderVolumeSource{}.OpenAPIModelName(), corev1.ConfigMapVolumeSource{}.OpenAPIModelName(), corev1.DownwardAPIVolumeSource{}.OpenAPIModelName(), corev1.EmptyDirVolumeSource{}.OpenAPIModelName(), corev1.EphemeralVolumeSource{}.OpenAPIModelName(), corev1.FCVolumeSource{}.OpenAPIModelName(), corev1.FlexVolumeSource{}.OpenAPIModelName(), corev1.FlockerVolumeSource{}.OpenAPIModelName(), corev1.GCEPersistentDiskVolumeSource{}.OpenAPIModelName(), corev1.GitRepoVolumeSource{}.OpenAPIModelName(), corev1.GlusterfsVolumeSource{}.OpenAPIModelName(), corev1.HostPathVolumeSource{}.OpenAPIModelName(), corev1.ISCSIVolumeSource{}.OpenAPIModelName(), corev1.ImageVolumeSource{}.OpenAPIModelName(), corev1.NFSVolumeSource{}.OpenAPIModelName(), corev1.PersistentVolumeClaimVolumeSource{}.OpenAPIModelName(), corev1.PhotonPersistentDiskVolumeSource{}.OpenAPIModelName(), corev1.PortworxVolumeSource{}.OpenAPIModelName(), corev1.ProjectedVolumeSource{}.OpenAPIModelName(), corev1.QuobyteVolumeSource{}.OpenAPIModelName(), corev1.RBDVolumeSource{}.OpenAPIModelName(), corev1.ScaleIOVolumeSource{}.OpenAPIModelName(), corev1.SecretVolumeSource{}.OpenAPIModelName(), corev1.StorageOSVolumeSource{}.OpenAPIModelName(), corev1.VsphereVirtualDiskVolumeSource{}.OpenAPIModelName()}, } } @@ -85365,14 +86782,14 @@ func schema_k8sio_api_core_v1_VolumeNodeAffinity(ref common.ReferenceCallback) c "required": { SchemaProps: spec.SchemaProps{ Description: "required specifies hard node constraints that must be met.", - Ref: ref("k8s.io/api/core/v1.NodeSelector"), + Ref: ref(corev1.NodeSelector{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.NodeSelector"}, + corev1.NodeSelector{}.OpenAPIModelName()}, } } @@ -85386,44 +86803,44 @@ func schema_k8sio_api_core_v1_VolumeProjection(ref common.ReferenceCallback) com "secret": { SchemaProps: spec.SchemaProps{ Description: "secret information about the secret data to project", - Ref: ref("k8s.io/api/core/v1.SecretProjection"), + Ref: ref(corev1.SecretProjection{}.OpenAPIModelName()), }, }, "downwardAPI": { SchemaProps: spec.SchemaProps{ Description: "downwardAPI information about the downwardAPI data to project", - Ref: ref("k8s.io/api/core/v1.DownwardAPIProjection"), + Ref: ref(corev1.DownwardAPIProjection{}.OpenAPIModelName()), }, }, "configMap": { SchemaProps: spec.SchemaProps{ Description: "configMap information about the configMap data to project", - Ref: ref("k8s.io/api/core/v1.ConfigMapProjection"), + Ref: ref(corev1.ConfigMapProjection{}.OpenAPIModelName()), }, }, "serviceAccountToken": { SchemaProps: spec.SchemaProps{ Description: "serviceAccountToken is information about the serviceAccountToken data to project", - Ref: ref("k8s.io/api/core/v1.ServiceAccountTokenProjection"), + Ref: ref(corev1.ServiceAccountTokenProjection{}.OpenAPIModelName()), }, }, "clusterTrustBundle": { SchemaProps: spec.SchemaProps{ Description: "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time.", - Ref: ref("k8s.io/api/core/v1.ClusterTrustBundleProjection"), + Ref: ref(corev1.ClusterTrustBundleProjection{}.OpenAPIModelName()), }, }, "podCertificate": { SchemaProps: spec.SchemaProps{ Description: "Projects an auto-rotating credential bundle (private key and certificate chain) that the pod can use either as a TLS client or server.\n\nKubelet generates a private key and uses it to send a PodCertificateRequest to the named signer. Once the signer approves the request and issues a certificate chain, Kubelet writes the key and certificate chain to the pod filesystem. The pod does not start until certificates have been issued for each podCertificate projected volume source in its spec.\n\nKubelet will begin trying to rotate the certificate at the time indicated by the signer using the PodCertificateRequest.Status.BeginRefreshAt timestamp.\n\nKubelet can write a single file, indicated by the credentialBundlePath field, or separate files, indicated by the keyPath and certificateChainPath fields.\n\nThe credential bundle is a single file in PEM format. The first PEM entry is the private key (in PKCS#8 format), and the remaining PEM entries are the certificate chain issued by the signer (typically, signers will return their certificate chain in leaf-to-root order).\n\nPrefer using the credential bundle format, since your application code can read it atomically. If you use keyPath and certificateChainPath, your application must make two separate file reads. If these coincide with a certificate rotation, it is possible that the private key and leaf certificate you read may not correspond to each other. Your application will need to check for this condition, and re-read until they are consistent.\n\nThe named signer controls chooses the format of the certificate it issues; consult the signer implementation's documentation to learn how to use the certificates it issues.", - Ref: ref("k8s.io/api/core/v1.PodCertificateProjection"), + Ref: ref(corev1.PodCertificateProjection{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.ClusterTrustBundleProjection", "k8s.io/api/core/v1.ConfigMapProjection", "k8s.io/api/core/v1.DownwardAPIProjection", "k8s.io/api/core/v1.PodCertificateProjection", "k8s.io/api/core/v1.SecretProjection", "k8s.io/api/core/v1.ServiceAccountTokenProjection"}, + corev1.ClusterTrustBundleProjection{}.OpenAPIModelName(), corev1.ConfigMapProjection{}.OpenAPIModelName(), corev1.DownwardAPIProjection{}.OpenAPIModelName(), corev1.PodCertificateProjection{}.OpenAPIModelName(), corev1.SecretProjection{}.OpenAPIModelName(), corev1.ServiceAccountTokenProjection{}.OpenAPIModelName()}, } } @@ -85442,7 +86859,7 @@ func schema_k8sio_api_core_v1_VolumeResourceRequirements(ref common.ReferenceCal Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, }, @@ -85456,7 +86873,7 @@ func schema_k8sio_api_core_v1_VolumeResourceRequirements(ref common.ReferenceCal Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/api/resource.Quantity"), + Ref: ref(resource.Quantity{}.OpenAPIModelName()), }, }, }, @@ -85466,7 +86883,7 @@ func schema_k8sio_api_core_v1_VolumeResourceRequirements(ref common.ReferenceCal }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/api/resource.Quantity"}, + resource.Quantity{}.OpenAPIModelName()}, } } @@ -85480,188 +86897,188 @@ func schema_k8sio_api_core_v1_VolumeSource(ref common.ReferenceCallback) common. "hostPath": { SchemaProps: spec.SchemaProps{ Description: "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - Ref: ref("k8s.io/api/core/v1.HostPathVolumeSource"), + Ref: ref(corev1.HostPathVolumeSource{}.OpenAPIModelName()), }, }, "emptyDir": { SchemaProps: spec.SchemaProps{ Description: "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - Ref: ref("k8s.io/api/core/v1.EmptyDirVolumeSource"), + Ref: ref(corev1.EmptyDirVolumeSource{}.OpenAPIModelName()), }, }, "gcePersistentDisk": { SchemaProps: spec.SchemaProps{ Description: "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - Ref: ref("k8s.io/api/core/v1.GCEPersistentDiskVolumeSource"), + Ref: ref(corev1.GCEPersistentDiskVolumeSource{}.OpenAPIModelName()), }, }, "awsElasticBlockStore": { SchemaProps: spec.SchemaProps{ Description: "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - Ref: ref("k8s.io/api/core/v1.AWSElasticBlockStoreVolumeSource"), + Ref: ref(corev1.AWSElasticBlockStoreVolumeSource{}.OpenAPIModelName()), }, }, "gitRepo": { SchemaProps: spec.SchemaProps{ Description: "gitRepo represents a git repository at a particular revision. Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", - Ref: ref("k8s.io/api/core/v1.GitRepoVolumeSource"), + Ref: ref(corev1.GitRepoVolumeSource{}.OpenAPIModelName()), }, }, "secret": { SchemaProps: spec.SchemaProps{ Description: "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - Ref: ref("k8s.io/api/core/v1.SecretVolumeSource"), + Ref: ref(corev1.SecretVolumeSource{}.OpenAPIModelName()), }, }, "nfs": { SchemaProps: spec.SchemaProps{ Description: "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - Ref: ref("k8s.io/api/core/v1.NFSVolumeSource"), + Ref: ref(corev1.NFSVolumeSource{}.OpenAPIModelName()), }, }, "iscsi": { SchemaProps: spec.SchemaProps{ Description: "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi", - Ref: ref("k8s.io/api/core/v1.ISCSIVolumeSource"), + Ref: ref(corev1.ISCSIVolumeSource{}.OpenAPIModelName()), }, }, "glusterfs": { SchemaProps: spec.SchemaProps{ Description: "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.GlusterfsVolumeSource"), + Ref: ref(corev1.GlusterfsVolumeSource{}.OpenAPIModelName()), }, }, "persistentVolumeClaim": { SchemaProps: spec.SchemaProps{ Description: "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - Ref: ref("k8s.io/api/core/v1.PersistentVolumeClaimVolumeSource"), + Ref: ref(corev1.PersistentVolumeClaimVolumeSource{}.OpenAPIModelName()), }, }, "rbd": { SchemaProps: spec.SchemaProps{ Description: "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.RBDVolumeSource"), + Ref: ref(corev1.RBDVolumeSource{}.OpenAPIModelName()), }, }, "flexVolume": { SchemaProps: spec.SchemaProps{ Description: "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", - Ref: ref("k8s.io/api/core/v1.FlexVolumeSource"), + Ref: ref(corev1.FlexVolumeSource{}.OpenAPIModelName()), }, }, "cinder": { SchemaProps: spec.SchemaProps{ Description: "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - Ref: ref("k8s.io/api/core/v1.CinderVolumeSource"), + Ref: ref(corev1.CinderVolumeSource{}.OpenAPIModelName()), }, }, "cephfs": { SchemaProps: spec.SchemaProps{ Description: "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.CephFSVolumeSource"), + Ref: ref(corev1.CephFSVolumeSource{}.OpenAPIModelName()), }, }, "flocker": { SchemaProps: spec.SchemaProps{ Description: "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.FlockerVolumeSource"), + Ref: ref(corev1.FlockerVolumeSource{}.OpenAPIModelName()), }, }, "downwardAPI": { SchemaProps: spec.SchemaProps{ Description: "downwardAPI represents downward API about the pod that should populate this volume", - Ref: ref("k8s.io/api/core/v1.DownwardAPIVolumeSource"), + Ref: ref(corev1.DownwardAPIVolumeSource{}.OpenAPIModelName()), }, }, "fc": { SchemaProps: spec.SchemaProps{ Description: "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", - Ref: ref("k8s.io/api/core/v1.FCVolumeSource"), + Ref: ref(corev1.FCVolumeSource{}.OpenAPIModelName()), }, }, "azureFile": { SchemaProps: spec.SchemaProps{ Description: "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver.", - Ref: ref("k8s.io/api/core/v1.AzureFileVolumeSource"), + Ref: ref(corev1.AzureFileVolumeSource{}.OpenAPIModelName()), }, }, "configMap": { SchemaProps: spec.SchemaProps{ Description: "configMap represents a configMap that should populate this volume", - Ref: ref("k8s.io/api/core/v1.ConfigMapVolumeSource"), + Ref: ref(corev1.ConfigMapVolumeSource{}.OpenAPIModelName()), }, }, "vsphereVolume": { SchemaProps: spec.SchemaProps{ Description: "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver.", - Ref: ref("k8s.io/api/core/v1.VsphereVirtualDiskVolumeSource"), + Ref: ref(corev1.VsphereVirtualDiskVolumeSource{}.OpenAPIModelName()), }, }, "quobyte": { SchemaProps: spec.SchemaProps{ Description: "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.QuobyteVolumeSource"), + Ref: ref(corev1.QuobyteVolumeSource{}.OpenAPIModelName()), }, }, "azureDisk": { SchemaProps: spec.SchemaProps{ Description: "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver.", - Ref: ref("k8s.io/api/core/v1.AzureDiskVolumeSource"), + Ref: ref(corev1.AzureDiskVolumeSource{}.OpenAPIModelName()), }, }, "photonPersistentDisk": { SchemaProps: spec.SchemaProps{ Description: "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.PhotonPersistentDiskVolumeSource"), + Ref: ref(corev1.PhotonPersistentDiskVolumeSource{}.OpenAPIModelName()), }, }, "projected": { SchemaProps: spec.SchemaProps{ Description: "projected items for all in one resources secrets, configmaps, and downward API", - Ref: ref("k8s.io/api/core/v1.ProjectedVolumeSource"), + Ref: ref(corev1.ProjectedVolumeSource{}.OpenAPIModelName()), }, }, "portworxVolume": { SchemaProps: spec.SchemaProps{ Description: "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on.", - Ref: ref("k8s.io/api/core/v1.PortworxVolumeSource"), + Ref: ref(corev1.PortworxVolumeSource{}.OpenAPIModelName()), }, }, "scaleIO": { SchemaProps: spec.SchemaProps{ Description: "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.ScaleIOVolumeSource"), + Ref: ref(corev1.ScaleIOVolumeSource{}.OpenAPIModelName()), }, }, "storageos": { SchemaProps: spec.SchemaProps{ Description: "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", - Ref: ref("k8s.io/api/core/v1.StorageOSVolumeSource"), + Ref: ref(corev1.StorageOSVolumeSource{}.OpenAPIModelName()), }, }, "csi": { SchemaProps: spec.SchemaProps{ Description: "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", - Ref: ref("k8s.io/api/core/v1.CSIVolumeSource"), + Ref: ref(corev1.CSIVolumeSource{}.OpenAPIModelName()), }, }, "ephemeral": { SchemaProps: spec.SchemaProps{ Description: "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed.\n\nUse this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information.\n\nA pod can use both types of ephemeral volumes and persistent volumes at the same time.", - Ref: ref("k8s.io/api/core/v1.EphemeralVolumeSource"), + Ref: ref(corev1.EphemeralVolumeSource{}.OpenAPIModelName()), }, }, "image": { SchemaProps: spec.SchemaProps{ Description: "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", - Ref: ref("k8s.io/api/core/v1.ImageVolumeSource"), + Ref: ref(corev1.ImageVolumeSource{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/core/v1.AWSElasticBlockStoreVolumeSource", "k8s.io/api/core/v1.AzureDiskVolumeSource", "k8s.io/api/core/v1.AzureFileVolumeSource", "k8s.io/api/core/v1.CSIVolumeSource", "k8s.io/api/core/v1.CephFSVolumeSource", "k8s.io/api/core/v1.CinderVolumeSource", "k8s.io/api/core/v1.ConfigMapVolumeSource", "k8s.io/api/core/v1.DownwardAPIVolumeSource", "k8s.io/api/core/v1.EmptyDirVolumeSource", "k8s.io/api/core/v1.EphemeralVolumeSource", "k8s.io/api/core/v1.FCVolumeSource", "k8s.io/api/core/v1.FlexVolumeSource", "k8s.io/api/core/v1.FlockerVolumeSource", "k8s.io/api/core/v1.GCEPersistentDiskVolumeSource", "k8s.io/api/core/v1.GitRepoVolumeSource", "k8s.io/api/core/v1.GlusterfsVolumeSource", "k8s.io/api/core/v1.HostPathVolumeSource", "k8s.io/api/core/v1.ISCSIVolumeSource", "k8s.io/api/core/v1.ImageVolumeSource", "k8s.io/api/core/v1.NFSVolumeSource", "k8s.io/api/core/v1.PersistentVolumeClaimVolumeSource", "k8s.io/api/core/v1.PhotonPersistentDiskVolumeSource", "k8s.io/api/core/v1.PortworxVolumeSource", "k8s.io/api/core/v1.ProjectedVolumeSource", "k8s.io/api/core/v1.QuobyteVolumeSource", "k8s.io/api/core/v1.RBDVolumeSource", "k8s.io/api/core/v1.ScaleIOVolumeSource", "k8s.io/api/core/v1.SecretVolumeSource", "k8s.io/api/core/v1.StorageOSVolumeSource", "k8s.io/api/core/v1.VsphereVirtualDiskVolumeSource"}, + corev1.AWSElasticBlockStoreVolumeSource{}.OpenAPIModelName(), corev1.AzureDiskVolumeSource{}.OpenAPIModelName(), corev1.AzureFileVolumeSource{}.OpenAPIModelName(), corev1.CSIVolumeSource{}.OpenAPIModelName(), corev1.CephFSVolumeSource{}.OpenAPIModelName(), corev1.CinderVolumeSource{}.OpenAPIModelName(), corev1.ConfigMapVolumeSource{}.OpenAPIModelName(), corev1.DownwardAPIVolumeSource{}.OpenAPIModelName(), corev1.EmptyDirVolumeSource{}.OpenAPIModelName(), corev1.EphemeralVolumeSource{}.OpenAPIModelName(), corev1.FCVolumeSource{}.OpenAPIModelName(), corev1.FlexVolumeSource{}.OpenAPIModelName(), corev1.FlockerVolumeSource{}.OpenAPIModelName(), corev1.GCEPersistentDiskVolumeSource{}.OpenAPIModelName(), corev1.GitRepoVolumeSource{}.OpenAPIModelName(), corev1.GlusterfsVolumeSource{}.OpenAPIModelName(), corev1.HostPathVolumeSource{}.OpenAPIModelName(), corev1.ISCSIVolumeSource{}.OpenAPIModelName(), corev1.ImageVolumeSource{}.OpenAPIModelName(), corev1.NFSVolumeSource{}.OpenAPIModelName(), corev1.PersistentVolumeClaimVolumeSource{}.OpenAPIModelName(), corev1.PhotonPersistentDiskVolumeSource{}.OpenAPIModelName(), corev1.PortworxVolumeSource{}.OpenAPIModelName(), corev1.ProjectedVolumeSource{}.OpenAPIModelName(), corev1.QuobyteVolumeSource{}.OpenAPIModelName(), corev1.RBDVolumeSource{}.OpenAPIModelName(), corev1.ScaleIOVolumeSource{}.OpenAPIModelName(), corev1.SecretVolumeSource{}.OpenAPIModelName(), corev1.StorageOSVolumeSource{}.OpenAPIModelName(), corev1.VsphereVirtualDiskVolumeSource{}.OpenAPIModelName()}, } } @@ -85727,7 +87144,7 @@ func schema_k8sio_api_core_v1_WeightedPodAffinityTerm(ref common.ReferenceCallba SchemaProps: spec.SchemaProps{ Description: "Required. A pod affinity term, associated with the corresponding weight.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/core/v1.PodAffinityTerm"), + Ref: ref(corev1.PodAffinityTerm{}.OpenAPIModelName()), }, }, }, @@ -85735,7 +87152,7 @@ func schema_k8sio_api_core_v1_WeightedPodAffinityTerm(ref common.ReferenceCallba }, }, Dependencies: []string{ - "k8s.io/api/core/v1.PodAffinityTerm"}, + corev1.PodAffinityTerm{}.OpenAPIModelName()}, } } @@ -85780,6 +87197,43 @@ func schema_k8sio_api_core_v1_WindowsSecurityContextOptions(ref common.Reference } } +func schema_k8sio_api_core_v1_WorkloadReference(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "WorkloadReference identifies the Workload object and PodGroup membership that a Pod belongs to. The scheduler uses this information to apply workload-aware scheduling semantics.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "Name defines the name of the Workload object this Pod belongs to. Workload must be in the same namespace as the Pod. If it doesn't match any existing Workload, the Pod will remain unschedulable until a Workload object is created and observed by the kube-scheduler. It must be a DNS subdomain.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "podGroup": { + SchemaProps: spec.SchemaProps{ + Description: "PodGroup is the name of the PodGroup within the Workload that this Pod belongs to. If it doesn't match any existing PodGroup within the Workload, the Pod will remain unschedulable until the Workload object is recreated and observed by the kube-scheduler. It must be a DNS label.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + "podGroupReplicaKey": { + SchemaProps: spec.SchemaProps{ + Description: "PodGroupReplicaKey specifies the replica key of the PodGroup to which this Pod belongs. It is used to distinguish pods belonging to different replicas of the same pod group. The pod group policy is applied separately to each replica. When set, it must be a DNS label.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"name", "podGroup"}, + }, + }, + } +} + func schema_k8sio_api_rbac_v1_AggregationRule(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -85800,7 +87254,7 @@ func schema_k8sio_api_rbac_v1_AggregationRule(ref common.ReferenceCallback) comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"), + Ref: ref(metav1.LabelSelector{}.OpenAPIModelName()), }, }, }, @@ -85810,7 +87264,7 @@ func schema_k8sio_api_rbac_v1_AggregationRule(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelector"}, + metav1.LabelSelector{}.OpenAPIModelName()}, } } @@ -85839,7 +87293,7 @@ func schema_k8sio_api_rbac_v1_ClusterRole(ref common.ReferenceCallback) common.O SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "rules": { @@ -85855,7 +87309,7 @@ func schema_k8sio_api_rbac_v1_ClusterRole(ref common.ReferenceCallback) common.O Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/rbac/v1.PolicyRule"), + Ref: ref(rbacv1.PolicyRule{}.OpenAPIModelName()), }, }, }, @@ -85864,14 +87318,14 @@ func schema_k8sio_api_rbac_v1_ClusterRole(ref common.ReferenceCallback) common.O "aggregationRule": { SchemaProps: spec.SchemaProps{ Description: "AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller.", - Ref: ref("k8s.io/api/rbac/v1.AggregationRule"), + Ref: ref(rbacv1.AggregationRule{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/api/rbac/v1.AggregationRule", "k8s.io/api/rbac/v1.PolicyRule", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + rbacv1.AggregationRule{}.OpenAPIModelName(), rbacv1.PolicyRule{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -85900,7 +87354,7 @@ func schema_k8sio_api_rbac_v1_ClusterRoleBinding(ref common.ReferenceCallback) c SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "subjects": { @@ -85916,7 +87370,7 @@ func schema_k8sio_api_rbac_v1_ClusterRoleBinding(ref common.ReferenceCallback) c Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/rbac/v1.Subject"), + Ref: ref(rbacv1.Subject{}.OpenAPIModelName()), }, }, }, @@ -85926,7 +87380,7 @@ func schema_k8sio_api_rbac_v1_ClusterRoleBinding(ref common.ReferenceCallback) c SchemaProps: spec.SchemaProps{ Description: "RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/rbac/v1.RoleRef"), + Ref: ref(rbacv1.RoleRef{}.OpenAPIModelName()), }, }, }, @@ -85934,7 +87388,7 @@ func schema_k8sio_api_rbac_v1_ClusterRoleBinding(ref common.ReferenceCallback) c }, }, Dependencies: []string{ - "k8s.io/api/rbac/v1.RoleRef", "k8s.io/api/rbac/v1.Subject", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + rbacv1.RoleRef{}.OpenAPIModelName(), rbacv1.Subject{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -85963,7 +87417,7 @@ func schema_k8sio_api_rbac_v1_ClusterRoleBindingList(ref common.ReferenceCallbac SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -85974,7 +87428,7 @@ func schema_k8sio_api_rbac_v1_ClusterRoleBindingList(ref common.ReferenceCallbac Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/rbac/v1.ClusterRoleBinding"), + Ref: ref(rbacv1.ClusterRoleBinding{}.OpenAPIModelName()), }, }, }, @@ -85985,7 +87439,7 @@ func schema_k8sio_api_rbac_v1_ClusterRoleBindingList(ref common.ReferenceCallbac }, }, Dependencies: []string{ - "k8s.io/api/rbac/v1.ClusterRoleBinding", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + rbacv1.ClusterRoleBinding{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -86014,7 +87468,7 @@ func schema_k8sio_api_rbac_v1_ClusterRoleList(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -86025,7 +87479,7 @@ func schema_k8sio_api_rbac_v1_ClusterRoleList(ref common.ReferenceCallback) comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/rbac/v1.ClusterRole"), + Ref: ref(rbacv1.ClusterRole{}.OpenAPIModelName()), }, }, }, @@ -86036,7 +87490,7 @@ func schema_k8sio_api_rbac_v1_ClusterRoleList(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "k8s.io/api/rbac/v1.ClusterRole", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + rbacv1.ClusterRole{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -86179,7 +87633,7 @@ func schema_k8sio_api_rbac_v1_Role(ref common.ReferenceCallback) common.OpenAPID SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "rules": { @@ -86195,7 +87649,7 @@ func schema_k8sio_api_rbac_v1_Role(ref common.ReferenceCallback) common.OpenAPID Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/rbac/v1.PolicyRule"), + Ref: ref(rbacv1.PolicyRule{}.OpenAPIModelName()), }, }, }, @@ -86205,7 +87659,7 @@ func schema_k8sio_api_rbac_v1_Role(ref common.ReferenceCallback) common.OpenAPID }, }, Dependencies: []string{ - "k8s.io/api/rbac/v1.PolicyRule", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + rbacv1.PolicyRule{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -86234,7 +87688,7 @@ func schema_k8sio_api_rbac_v1_RoleBinding(ref common.ReferenceCallback) common.O SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, "subjects": { @@ -86250,7 +87704,7 @@ func schema_k8sio_api_rbac_v1_RoleBinding(ref common.ReferenceCallback) common.O Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/rbac/v1.Subject"), + Ref: ref(rbacv1.Subject{}.OpenAPIModelName()), }, }, }, @@ -86260,7 +87714,7 @@ func schema_k8sio_api_rbac_v1_RoleBinding(ref common.ReferenceCallback) common.O SchemaProps: spec.SchemaProps{ Description: "RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/rbac/v1.RoleRef"), + Ref: ref(rbacv1.RoleRef{}.OpenAPIModelName()), }, }, }, @@ -86268,7 +87722,7 @@ func schema_k8sio_api_rbac_v1_RoleBinding(ref common.ReferenceCallback) common.O }, }, Dependencies: []string{ - "k8s.io/api/rbac/v1.RoleRef", "k8s.io/api/rbac/v1.Subject", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + rbacv1.RoleRef{}.OpenAPIModelName(), rbacv1.Subject{}.OpenAPIModelName(), metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -86297,7 +87751,7 @@ func schema_k8sio_api_rbac_v1_RoleBindingList(ref common.ReferenceCallback) comm SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -86308,7 +87762,7 @@ func schema_k8sio_api_rbac_v1_RoleBindingList(ref common.ReferenceCallback) comm Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/rbac/v1.RoleBinding"), + Ref: ref(rbacv1.RoleBinding{}.OpenAPIModelName()), }, }, }, @@ -86319,7 +87773,7 @@ func schema_k8sio_api_rbac_v1_RoleBindingList(ref common.ReferenceCallback) comm }, }, Dependencies: []string{ - "k8s.io/api/rbac/v1.RoleBinding", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + rbacv1.RoleBinding{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -86348,7 +87802,7 @@ func schema_k8sio_api_rbac_v1_RoleList(ref common.ReferenceCallback) common.Open SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -86359,7 +87813,7 @@ func schema_k8sio_api_rbac_v1_RoleList(ref common.ReferenceCallback) common.Open Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/api/rbac/v1.Role"), + Ref: ref(rbacv1.Role{}.OpenAPIModelName()), }, }, }, @@ -86370,7 +87824,7 @@ func schema_k8sio_api_rbac_v1_RoleList(ref common.ReferenceCallback) common.Open }, }, Dependencies: []string{ - "k8s.io/api/rbac/v1.Role", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + rbacv1.Role{}.OpenAPIModelName(), metav1.ListMeta{}.OpenAPIModelName()}, } } @@ -86556,7 +88010,7 @@ func schema_pkg_apis_meta_v1_APIGroup(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionForDiscovery"), + Ref: ref(metav1.GroupVersionForDiscovery{}.OpenAPIModelName()), }, }, }, @@ -86566,7 +88020,7 @@ func schema_pkg_apis_meta_v1_APIGroup(ref common.ReferenceCallback) common.OpenA SchemaProps: spec.SchemaProps{ Description: "preferredVersion is the version preferred by the API server, which probably is the storage version.", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionForDiscovery"), + Ref: ref(metav1.GroupVersionForDiscovery{}.OpenAPIModelName()), }, }, "serverAddressByClientCIDRs": { @@ -86582,7 +88036,7 @@ func schema_pkg_apis_meta_v1_APIGroup(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ServerAddressByClientCIDR"), + Ref: ref(metav1.ServerAddressByClientCIDR{}.OpenAPIModelName()), }, }, }, @@ -86593,7 +88047,7 @@ func schema_pkg_apis_meta_v1_APIGroup(ref common.ReferenceCallback) common.OpenA }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.GroupVersionForDiscovery", "k8s.io/apimachinery/pkg/apis/meta/v1.ServerAddressByClientCIDR"}, + metav1.GroupVersionForDiscovery{}.OpenAPIModelName(), metav1.ServerAddressByClientCIDR{}.OpenAPIModelName()}, } } @@ -86631,7 +88085,7 @@ func schema_pkg_apis_meta_v1_APIGroupList(ref common.ReferenceCallback) common.O Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.APIGroup"), + Ref: ref(metav1.APIGroup{}.OpenAPIModelName()), }, }, }, @@ -86642,7 +88096,7 @@ func schema_pkg_apis_meta_v1_APIGroupList(ref common.ReferenceCallback) common.O }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.APIGroup"}, + metav1.APIGroup{}.OpenAPIModelName()}, } } @@ -86810,7 +88264,7 @@ func schema_pkg_apis_meta_v1_APIResourceList(ref common.ReferenceCallback) commo Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.APIResource"), + Ref: ref(metav1.APIResource{}.OpenAPIModelName()), }, }, }, @@ -86821,7 +88275,7 @@ func schema_pkg_apis_meta_v1_APIResourceList(ref common.ReferenceCallback) commo }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.APIResource"}, + metav1.APIResource{}.OpenAPIModelName()}, } } @@ -86879,7 +88333,7 @@ func schema_pkg_apis_meta_v1_APIVersions(ref common.ReferenceCallback) common.Op Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ServerAddressByClientCIDR"), + Ref: ref(metav1.ServerAddressByClientCIDR{}.OpenAPIModelName()), }, }, }, @@ -86890,7 +88344,7 @@ func schema_pkg_apis_meta_v1_APIVersions(ref common.ReferenceCallback) common.Op }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ServerAddressByClientCIDR"}, + metav1.ServerAddressByClientCIDR{}.OpenAPIModelName()}, } } @@ -86991,7 +88445,7 @@ func schema_pkg_apis_meta_v1_Condition(ref common.ReferenceCallback) common.Open "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "reason": { @@ -87015,7 +88469,7 @@ func schema_pkg_apis_meta_v1_Condition(ref common.ReferenceCallback) common.Open }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.Time{}.OpenAPIModelName()}, } } @@ -87111,7 +88565,7 @@ func schema_pkg_apis_meta_v1_DeleteOptions(ref common.ReferenceCallback) common. "preconditions": { SchemaProps: spec.SchemaProps{ Description: "Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be returned.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Preconditions"), + Ref: ref(metav1.Preconditions{}.OpenAPIModelName()), }, }, "orphanDependents": { @@ -87159,7 +88613,7 @@ func schema_pkg_apis_meta_v1_DeleteOptions(ref common.ReferenceCallback) common. }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.Preconditions"}, + metav1.Preconditions{}.OpenAPIModelName()}, } } @@ -87471,15 +88925,12 @@ func schema_pkg_apis_meta_v1_InternalEvent(ref common.ReferenceCallback) common. "Object": { SchemaProps: spec.SchemaProps{ Description: "Object is:\n * If Type is Added or Modified: the new state of the object.\n * If Type is Deleted: the state of the object immediately before deletion.\n * If Type is Bookmark: the object (instance of a type being watched) where\n only ResourceVersion field is set. On successful restart of watch from a\n bookmark resourceVersion, client is guaranteed to not get repeat event\n nor miss any events.\n * If Type is Error: *api.Status is recommended; other types may make sense\n depending on context.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.Object"), }, }, }, Required: []string{"Type", "Object"}, }, }, - Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.Object"}, } } @@ -87519,7 +88970,7 @@ func schema_pkg_apis_meta_v1_LabelSelector(ref common.ReferenceCallback) common. Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement"), + Ref: ref(metav1.LabelSelectorRequirement{}.OpenAPIModelName()), }, }, }, @@ -87534,7 +88985,7 @@ func schema_pkg_apis_meta_v1_LabelSelector(ref common.ReferenceCallback) common. }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.LabelSelectorRequirement"}, + metav1.LabelSelectorRequirement{}.OpenAPIModelName()}, } } @@ -87613,7 +89064,7 @@ func schema_pkg_apis_meta_v1_List(ref common.ReferenceCallback) common.OpenAPIDe SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -87623,7 +89074,7 @@ func schema_pkg_apis_meta_v1_List(ref common.ReferenceCallback) common.OpenAPIDe Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, @@ -87634,7 +89085,7 @@ func schema_pkg_apis_meta_v1_List(ref common.ReferenceCallback) common.OpenAPIDe }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + metav1.ListMeta{}.OpenAPIModelName(), runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -87807,7 +89258,7 @@ func schema_pkg_apis_meta_v1_ManagedFieldsEntry(ref common.ReferenceCallback) co "time": { SchemaProps: spec.SchemaProps{ Description: "Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "fieldsType": { @@ -87820,7 +89271,7 @@ func schema_pkg_apis_meta_v1_ManagedFieldsEntry(ref common.ReferenceCallback) co "fieldsV1": { SchemaProps: spec.SchemaProps{ Description: "FieldsV1 holds the first JSON version format as described in the \"FieldsV1\" type.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.FieldsV1"), + Ref: ref(metav1.FieldsV1{}.OpenAPIModelName()), }, }, "subresource": { @@ -87834,7 +89285,7 @@ func schema_pkg_apis_meta_v1_ManagedFieldsEntry(ref common.ReferenceCallback) co }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.FieldsV1", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.FieldsV1{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, } } @@ -87909,13 +89360,13 @@ func schema_pkg_apis_meta_v1_ObjectMeta(ref common.ReferenceCallback) common.Ope "creationTimestamp": { SchemaProps: spec.SchemaProps{ Description: "CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "deletionTimestamp": { SchemaProps: spec.SchemaProps{ Description: "DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), + Ref: ref(metav1.Time{}.OpenAPIModelName()), }, }, "deletionGracePeriodSeconds": { @@ -87975,7 +89426,7 @@ func schema_pkg_apis_meta_v1_ObjectMeta(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference"), + Ref: ref(metav1.OwnerReference{}.OpenAPIModelName()), }, }, }, @@ -88015,7 +89466,7 @@ func schema_pkg_apis_meta_v1_ObjectMeta(ref common.ReferenceCallback) common.Ope Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ManagedFieldsEntry"), + Ref: ref(metav1.ManagedFieldsEntry{}.OpenAPIModelName()), }, }, }, @@ -88025,7 +89476,7 @@ func schema_pkg_apis_meta_v1_ObjectMeta(ref common.ReferenceCallback) common.Ope }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ManagedFieldsEntry", "k8s.io/apimachinery/pkg/apis/meta/v1.OwnerReference", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"}, + metav1.ManagedFieldsEntry{}.OpenAPIModelName(), metav1.OwnerReference{}.OpenAPIModelName(), metav1.Time{}.OpenAPIModelName()}, } } @@ -88119,14 +89570,14 @@ func schema_pkg_apis_meta_v1_PartialObjectMetadata(ref common.ReferenceCallback) SchemaProps: spec.SchemaProps{ Description: "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + Ref: ref(metav1.ObjectMeta{}.OpenAPIModelName()), }, }, }, }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + metav1.ObjectMeta{}.OpenAPIModelName()}, } } @@ -88155,7 +89606,7 @@ func schema_pkg_apis_meta_v1_PartialObjectMetadataList(ref common.ReferenceCallb SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "items": { @@ -88166,7 +89617,7 @@ func schema_pkg_apis_meta_v1_PartialObjectMetadataList(ref common.ReferenceCallb Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadata"), + Ref: ref(metav1.PartialObjectMetadata{}.OpenAPIModelName()), }, }, }, @@ -88177,7 +89628,7 @@ func schema_pkg_apis_meta_v1_PartialObjectMetadataList(ref common.ReferenceCallb }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta", "k8s.io/apimachinery/pkg/apis/meta/v1.PartialObjectMetadata"}, + metav1.ListMeta{}.OpenAPIModelName(), metav1.PartialObjectMetadata{}.OpenAPIModelName()}, } } @@ -88376,7 +89827,7 @@ func schema_pkg_apis_meta_v1_Status(ref common.ReferenceCallback) common.OpenAPI SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "status": { @@ -88401,14 +89852,9 @@ func schema_pkg_apis_meta_v1_Status(ref common.ReferenceCallback) common.OpenAPI }, }, "details": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, SchemaProps: spec.SchemaProps{ Description: "Extended data associated with the reason. Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type.", - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.StatusDetails"), + Ref: ref(metav1.StatusDetails{}.OpenAPIModelName()), }, }, "code": { @@ -88422,7 +89868,7 @@ func schema_pkg_apis_meta_v1_Status(ref common.ReferenceCallback) common.OpenAPI }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta", "k8s.io/apimachinery/pkg/apis/meta/v1.StatusDetails"}, + metav1.ListMeta{}.OpenAPIModelName(), metav1.StatusDetails{}.OpenAPIModelName()}, } } @@ -88508,7 +89954,7 @@ func schema_pkg_apis_meta_v1_StatusDetails(ref common.ReferenceCallback) common. Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.StatusCause"), + Ref: ref(metav1.StatusCause{}.OpenAPIModelName()), }, }, }, @@ -88525,7 +89971,7 @@ func schema_pkg_apis_meta_v1_StatusDetails(ref common.ReferenceCallback) common. }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.StatusCause"}, + metav1.StatusCause{}.OpenAPIModelName()}, } } @@ -88554,7 +90000,7 @@ func schema_pkg_apis_meta_v1_Table(ref common.ReferenceCallback) common.OpenAPID SchemaProps: spec.SchemaProps{ Description: "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + Ref: ref(metav1.ListMeta{}.OpenAPIModelName()), }, }, "columnDefinitions": { @@ -88570,7 +90016,7 @@ func schema_pkg_apis_meta_v1_Table(ref common.ReferenceCallback) common.OpenAPID Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.TableColumnDefinition"), + Ref: ref(metav1.TableColumnDefinition{}.OpenAPIModelName()), }, }, }, @@ -88589,7 +90035,7 @@ func schema_pkg_apis_meta_v1_Table(ref common.ReferenceCallback) common.OpenAPID Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.TableRow"), + Ref: ref(metav1.TableRow{}.OpenAPIModelName()), }, }, }, @@ -88600,7 +90046,7 @@ func schema_pkg_apis_meta_v1_Table(ref common.ReferenceCallback) common.OpenAPID }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta", "k8s.io/apimachinery/pkg/apis/meta/v1.TableColumnDefinition", "k8s.io/apimachinery/pkg/apis/meta/v1.TableRow"}, + metav1.ListMeta{}.OpenAPIModelName(), metav1.TableColumnDefinition{}.OpenAPIModelName(), metav1.TableRow{}.OpenAPIModelName()}, } } @@ -88731,7 +90177,7 @@ func schema_pkg_apis_meta_v1_TableRow(ref common.ReferenceCallback) common.OpenA Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.TableRowCondition"), + Ref: ref(metav1.TableRowCondition{}.OpenAPIModelName()), }, }, }, @@ -88740,7 +90186,7 @@ func schema_pkg_apis_meta_v1_TableRow(ref common.ReferenceCallback) common.OpenA "object": { SchemaProps: spec.SchemaProps{ Description: "This field contains the requested additional information about each object based on the includeObject policy when requesting the Table. If \"None\", this field is empty, if \"Object\" this will be the default serialization of the object for the current API version, and if \"Metadata\" (the default) will contain the object metadata. Check the returned kind and apiVersion of the object before parsing. The media type of the object will always match the enclosing list - if this as a JSON table, these will be JSON encoded objects.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, @@ -88748,7 +90194,7 @@ func schema_pkg_apis_meta_v1_TableRow(ref common.ReferenceCallback) common.OpenA }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/apis/meta/v1.TableRowCondition", "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + metav1.TableRowCondition{}.OpenAPIModelName(), runtime.RawExtension{}.OpenAPIModelName()}, } } @@ -88943,7 +90389,7 @@ func schema_pkg_apis_meta_v1_WatchEvent(ref common.ReferenceCallback) common.Ope "object": { SchemaProps: spec.SchemaProps{ Description: "Object is:\n * If Type is Added or Modified: the new state of the object.\n * If Type is Deleted: the state of the object immediately before deletion.\n * If Type is Error: *Status is recommended; other types may make sense\n depending on context.", - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref(runtime.RawExtension{}.OpenAPIModelName()), }, }, }, @@ -88951,7 +90397,7 @@ func schema_pkg_apis_meta_v1_WatchEvent(ref common.ReferenceCallback) common.Ope }, }, Dependencies: []string{ - "k8s.io/apimachinery/pkg/runtime.RawExtension"}, + runtime.RawExtension{}.OpenAPIModelName()}, } } diff --git a/openapi/openapi.json b/openapi/openapi.json index 350ccb3d897..324d440900e 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -6339,7 +6339,7 @@ ], "properties": { "ciphers": { - "description": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", + "description": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries that their operands do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml):\n\n ciphers:\n - ECDHE-RSA-AES128-GCM-SHA256\n\nTLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable and are always enabled when TLS 1.3 is negotiated.", "type": "array", "items": { "type": "string", @@ -6348,7 +6348,7 @@ "x-kubernetes-list-type": "atomic" }, "curves": { - "description": "curves is an optional field used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one curve.\n\nFor example, to use X25519 and SecP256r1 (yaml):\n\n curves:\n - X25519\n - SecP256r1", + "description": "curves is an optional field used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one curve and each curve must be unique.\n\nFor example, to use X25519 and secp256r1 (yaml):\n\n curves:\n - X25519\n - secp256r1", "type": "array", "items": { "type": "string", @@ -11320,7 +11320,7 @@ ], "properties": { "ciphers": { - "description": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries their operands do not support. For example, to use DES-CBC3-SHA (yaml):\n\n ciphers:\n - DES-CBC3-SHA", + "description": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries that their operands do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml):\n\n ciphers:\n - ECDHE-RSA-AES128-GCM-SHA256\n\nTLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable and are always enabled when TLS 1.3 is negotiated.", "type": "array", "items": { "type": "string", @@ -11329,7 +11329,7 @@ "x-kubernetes-list-type": "atomic" }, "curves": { - "description": "curves is an optional field used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one curve.\n\nFor example, to use X25519 and SecP256r1 (yaml):\n\n curves:\n - X25519\n - SecP256r1", + "description": "curves is an optional field used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one curve and each curve must be unique.\n\nFor example, to use X25519 and secp256r1 (yaml):\n\n curves:\n - X25519\n - secp256r1", "type": "array", "items": { "type": "string", @@ -11353,19 +11353,19 @@ "$ref": "#/definitions/com.github.openshift.api.config.v1.CustomTLSProfile" }, "intermediate": { - "description": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384", + "description": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe curve list includes by default the following curves: X25519, secp256r1, secp384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305", "$ref": "#/definitions/com.github.openshift.api.config.v1.IntermediateTLSProfile" }, "modern": { - "description": "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256", + "description": "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256", "$ref": "#/definitions/com.github.openshift.api.config.v1.ModernTLSProfile" }, "old": { - "description": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe curve list includes by default the following curves: X25519, SecP256r1, SecP384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - DHE-RSA-AES128-GCM-SHA256\n - DHE-RSA-AES256-GCM-SHA384\n - DHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA384\n - ECDHE-RSA-AES256-SHA384\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - DHE-RSA-AES128-SHA256\n - DHE-RSA-AES256-SHA256\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES256-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", + "description": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe curve list includes by default the following curves: X25519, secp256r1, secp384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", "$ref": "#/definitions/com.github.openshift.api.config.v1.OldTLSProfile" }, "type": { - "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe profiles are currently based on version 5.0 of the Mozilla Server Side TLS configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.", + "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe profiles are based on version 5.7 of the Mozilla Server Side TLS configuration guidelines. The cipher lists consist of the configuration's \"ciphersuites\" followed by the Go-specific \"ciphers\" from the guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.", "type": "string", "default": "" } @@ -35923,7 +35923,6 @@ }, "spec": { "description": "spec is the specification of the desired behavior of the capi-operator.", - "default": {}, "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterAPISpec" }, "status": { @@ -35933,6 +35932,96 @@ } } }, + "com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponent": { + "description": "ClusterAPIInstallerComponent defines a component which will be installed by this revision.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "image": { + "description": "image defines an image source for a component. The image must contain a /capi-operator-installer directory containing the component manifests.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponentImage" + }, + "type": { + "description": "type is the source type of the component. The only valid value is Image. When set to Image, the image field must be set and will define an image source for the component.\n\nPossible enum values:\n - `\"Image\"` is an image source for a component.", + "type": "string", + "enum": [ + "Image" + ] + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "image": "Image" + } + } + ] + }, + "com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponentImage": { + "description": "ClusterAPIInstallerComponentImage defines an image source for a component.", + "type": "object", + "required": [ + "ref", + "profile" + ], + "properties": { + "profile": { + "description": "profile is the name of a profile to use from the image.\n\nA profile name may be up to 255 characters long. It must consist of alphanumeric characters, '-', or '_'.", + "type": "string" + }, + "ref": { + "description": "ref is an image reference to the image containing the component manifests. The reference must be a valid image digest reference in the format host[:port][/namespace]/name@sha256:. The digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the field must be between 1 to 447 characters.", + "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerRevision": { + "type": "object", + "required": [ + "name", + "revision", + "contentID", + "components" + ], + "properties": { + "components": { + "description": "components is list of components which will be installed by this revision. Components will be installed in the order they are listed.\n\nThe maximum number of components is 32.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponent" + }, + "x-kubernetes-list-type": "atomic" + }, + "contentID": { + "description": "contentID uniquely identifies the content of this revision. The contentID must be between 1 and 255 characters long.", + "type": "string" + }, + "name": { + "description": "name is the name of a revision.", + "type": "string" + }, + "revision": { + "description": "revision is a monotonically increasing number that is assigned to a revision.", + "type": "integer", + "format": "int64" + }, + "unmanagedCustomResourceDefinitions": { + "description": "unmanagedCustomResourceDefinitions is a list of the names of ClusterResourceDefinition (CRD) objects which are included in this revision, but which should not be installed or updated. If not set, all CRDs in the revision will be managed by the CAPI operator.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + } + }, + "x-kubernetes-map-type": "atomic" + }, "com.github.openshift.api.operator.v1alpha1.ClusterAPIList": { "description": "ClusterAPIList contains a list of ClusterAPI configurations\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", @@ -35965,11 +36054,11 @@ } }, "com.github.openshift.api.operator.v1alpha1.ClusterAPISpec": { - "description": "ClusterAPISpec defines the desired configuration of the capi-operator.", + "description": "ClusterAPISpec defines the desired configuration of the capi-operator. The spec is required but we deliberately allow it to be empty.", "type": "object", "properties": { "unmanagedCustomResourceDefinitions": { - "description": "unmanagedCustomResourceDefinitions is a list of ClusterResourceDefinition (CRD) names that should not be managed by the capi-operator installer controller. This allows external actors to own specific CRDs while capi-operator manages others.\n\nEach CRD name must be a valid DNS-1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character, with a maximum length of 253 characters. Example: \"clusters.cluster.x-k8s.io\"\n\nItems cannot be removed from this list once added.\n\nThe maximum number of unmanagedCustomResourceDefinitions is 128.", + "description": "unmanagedCustomResourceDefinitions is a list of ClusterResourceDefinition (CRD) names that should not be managed by the capi-operator installer controller. This allows external actors to own specific CRDs while capi-operator manages others.\n\nEach CRD name must be a valid DNS-1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character, with a maximum length of 253 characters. CRD names must contain at least two '.' characters. Example: \"clusters.cluster.x-k8s.io\"\n\nItems cannot be removed from this list once added.\n\nThe maximum number of unmanagedCustomResourceDefinitions is 128.", "type": "array", "items": { "type": "string", @@ -35982,22 +36071,25 @@ "com.github.openshift.api.operator.v1alpha1.ClusterAPIStatus": { "description": "ClusterAPIStatus describes the current state of the capi-operator.", "type": "object", + "required": [ + "desiredRevision", + "revisions" + ], "properties": { - "activeConfigMaps": { - "description": "activeConfigMaps is a list of ConfigMap names that the installer controller has successfully reconciled. This represents the currently deployed CAPI provider components.\n\nEach ConfigMap name must be a valid DNS-1123 label consisting of lowercase alphanumeric characters or hyphens, starting and ending with an alphanumeric character, with a maximum length of 63 characters.\n\nThis field is owned by the installer controller and is updated atomically after a successful reconciliation.\n\nThe maximum number of activeConfigMaps is 128.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "currentRevision": { + "description": "currentRevision is the name of the most recently fully applied revision. It is written by the installer controller. If it is absent, it indicates that no revision has been fully applied yet. If set, currentRevision must correspond to an entry in the revisions list.", + "type": "string" + }, + "desiredRevision": { + "description": "desiredRevision is the name of the desired revision. It is written by the revision controller. It must be set to the name of the entry in the revisions list with the highest revision number.", + "type": "string" }, - "targetConfigMaps": { - "description": "targetConfigMaps is a list of ConfigMap names that the staging controller has validated and approved for reconciliation. The installer controller will reconcile these ConfigMaps.\n\nEach ConfigMap name must be a valid DNS-1123 label consisting of lowercase alphanumeric characters or hyphens, starting and ending with an alphanumeric character, with a maximum length of 63 characters.\n\nThis field is owned by the staging controller and is updated atomically to a consistent set of transport ConfigMaps that have passed validation checks.\n\nThe maximum number of targetConfigMaps is 128.", + "revisions": { + "description": "revisions is a list of all currently active revisions. A revision is active until the installer controller updates currentRevision to a later revision. It is written by the revision controller.\n\nThe maximum number of revisions is 16. All revisions must have a unique name. All revisions must have a unique revision number. When adding a revision, the revision number must be greater than the highest revision number in the list. Revisions are immutable, although they can be deleted.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerRevision" }, "x-kubernetes-list-type": "atomic" } @@ -52200,77 +52292,6 @@ "description": "IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number.", "type": "string", "format": "int-or-string" - }, - "io.k8s.apimachinery.pkg.version.Info": { - "description": "Info contains versioning information. how we'll want to distribute that information.", - "type": "object", - "required": [ - "major", - "minor", - "gitVersion", - "gitCommit", - "gitTreeState", - "buildDate", - "goVersion", - "compiler", - "platform" - ], - "properties": { - "buildDate": { - "type": "string", - "default": "" - }, - "compiler": { - "type": "string", - "default": "" - }, - "emulationMajor": { - "description": "EmulationMajor is the major version of the emulation version", - "type": "string" - }, - "emulationMinor": { - "description": "EmulationMinor is the minor version of the emulation version", - "type": "string" - }, - "gitCommit": { - "type": "string", - "default": "" - }, - "gitTreeState": { - "type": "string", - "default": "" - }, - "gitVersion": { - "type": "string", - "default": "" - }, - "goVersion": { - "type": "string", - "default": "" - }, - "major": { - "description": "Major is the major version of the binary version", - "type": "string", - "default": "" - }, - "minCompatibilityMajor": { - "description": "MinCompatibilityMajor is the major version of the minimum compatibility version", - "type": "string" - }, - "minCompatibilityMinor": { - "description": "MinCompatibilityMinor is the minor version of the minimum compatibility version", - "type": "string" - }, - "minor": { - "description": "Minor is the minor version of the binary version", - "type": "string", - "default": "" - }, - "platform": { - "type": "string", - "default": "" - } - } } } } diff --git a/operator/v1/tests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml b/operator/v1/tests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml index 59b1a7c276d..1989779f31b 100644 --- a/operator/v1/tests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml +++ b/operator/v1/tests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml @@ -22,7 +22,7 @@ tests: - TLS_AES_256_GCM_SHA384 curves: - X25519 - - SecP256r1 + - secp256r1 expected: | apiVersion: operator.openshift.io/v1 kind: IngressController @@ -42,7 +42,7 @@ tests: - TLS_AES_256_GCM_SHA384 curves: - X25519 - - SecP256r1 + - secp256r1 - name: Should be able to create with all supported curves initial: | apiVersion: operator.openshift.io/v1 @@ -59,9 +59,9 @@ tests: - TLS_AES_128_GCM_SHA256 curves: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 expected: | apiVersion: operator.openshift.io/v1 @@ -81,9 +81,9 @@ tests: - TLS_AES_128_GCM_SHA256 curves: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 - name: Should fail to create with Custom TLS profile and empty curves initial: | @@ -146,8 +146,8 @@ tests: ciphers: - TLS_AES_128_GCM_SHA256 curves: - - SecP256r1 - - SecP384r1 + - secp256r1 + - secp384r1 expected: | apiVersion: operator.openshift.io/v1 kind: IngressController @@ -165,8 +165,8 @@ tests: ciphers: - TLS_AES_128_GCM_SHA256 curves: - - SecP256r1 - - SecP384r1 + - secp256r1 + - secp384r1 - name: Should be able to create with Custom TLS profile VersionTLS11 and curves initial: | apiVersion: operator.openshift.io/v1 @@ -182,7 +182,7 @@ tests: ciphers: - TLS_AES_128_GCM_SHA256 curves: - - SecP384r1 + - secp384r1 expected: | apiVersion: operator.openshift.io/v1 kind: IngressController @@ -200,7 +200,7 @@ tests: ciphers: - TLS_AES_128_GCM_SHA256 curves: - - SecP384r1 + - secp384r1 - name: Should fail to create with more than 5 curves initial: | apiVersion: operator.openshift.io/v1 @@ -217,9 +217,9 @@ tests: - TLS_AES_128_GCM_SHA256 curves: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 - X25519 expectedError: "spec.tlsSecurityProfile.custom.curves: Too many: 6: must have at most 5 items" @@ -239,7 +239,7 @@ tests: - TLS_AES_128_GCM_SHA256 curves: - InvalidCurve - expectedError: "spec.tlsSecurityProfile.custom.curves[0]: Unsupported value: \"InvalidCurve\": supported values: \"X25519\", \"SecP256r1\", \"SecP384r1\", \"SecP521r1\", \"X25519MLKEM768\"" + expectedError: "spec.tlsSecurityProfile.custom.curves[0]: Unsupported value: \"InvalidCurve\": supported values: \"X25519\", \"secp256r1\", \"secp384r1\", \"secp521r1\", \"X25519MLKEM768\"" onUpdate: - name: Should be able to add curves to existing Custom TLS profile initial: | @@ -273,7 +273,7 @@ tests: - TLS_AES_128_GCM_SHA256 curves: - X25519 - - SecP256r1 + - secp256r1 expected: | apiVersion: operator.openshift.io/v1 kind: IngressController @@ -292,7 +292,7 @@ tests: - TLS_AES_128_GCM_SHA256 curves: - X25519 - - SecP256r1 + - secp256r1 - name: Should be able to update curves in existing Custom TLS profile initial: | apiVersion: operator.openshift.io/v1 @@ -326,8 +326,8 @@ tests: ciphers: - TLS_AES_128_GCM_SHA256 curves: - - SecP256r1 - - SecP384r1 + - secp256r1 + - secp384r1 expected: | apiVersion: operator.openshift.io/v1 kind: IngressController @@ -345,8 +345,8 @@ tests: ciphers: - TLS_AES_128_GCM_SHA256 curves: - - SecP256r1 - - SecP384r1 + - secp256r1 + - secp384r1 - name: Should be able to remove curves field from existing Custom TLS profile initial: | apiVersion: operator.openshift.io/v1 @@ -363,7 +363,7 @@ tests: - TLS_AES_128_GCM_SHA256 curves: - X25519 - - SecP256r1 + - secp256r1 updated: | apiVersion: operator.openshift.io/v1 kind: IngressController @@ -412,7 +412,7 @@ tests: - TLS_AES_128_GCM_SHA256 curves: - X25519 - - SecP256r1 + - secp256r1 updated: | apiVersion: operator.openshift.io/v1 kind: IngressController diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml index a03dd7d88db..cba799b53d1 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml @@ -135,7 +135,7 @@ spec: x-kubernetes-validations: - message: 'kmsKeyARN must be a valid AWS KMS key ARN in the format: arn::kms:::(key|alias)/' - rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f|aws-eusc):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.*$') + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.*$') type: object azure: description: azure is used to configure the Azure CSI driver. diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml index 3dc68028e00..b81cb645a36 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml @@ -135,7 +135,7 @@ spec: x-kubernetes-validations: - message: 'kmsKeyARN must be a valid AWS KMS key ARN in the format: arn::kms:::(key|alias)/' - rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f|aws-eusc):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.*$') + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.*$') type: object azure: description: azure is used to configure the Azure CSI driver. diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml index e857d998609..3b63c340eba 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml @@ -1843,9 +1843,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -2009,11 +2010,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -2026,13 +2030,13 @@ spec: When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve. + libraries they use. If specified, the list must contain at least one curve and each curve must be unique. - For example, to use X25519 and SecP256r1 (yaml): + For example, to use X25519 and secp256r1 (yaml): curves: - X25519 - - SecP256r1 + - secp256r1 items: description: |- TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. @@ -2041,9 +2045,9 @@ spec: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 enum: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 type: string maxItems: 5 @@ -2071,7 +2075,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -2085,8 +2089,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -2094,7 +2096,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -2109,7 +2111,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -2123,23 +2125,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -2150,9 +2144,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -2202,6 +2197,37 @@ spec: If unset, the default timeout is 30s format: duration type: string + configurationManagement: + description: |- + configurationManagement specifies how OpenShift router should update + the HAProxy configuration. The following values are valid for this + field: + + * "ForkAndReload". + * "Dynamic". + + Omitting this field means that the user has no opinion and the + platform may choose a reasonable default. This default is subject to + change over time. The current default is "ForkAndReload". + + "ForkAndReload" means that OpenShift router should rewrite the + HAProxy configuration file and instruct HAProxy to fork and reload. + This is OpenShift router's traditional approach. + + "Dynamic" means that OpenShift router may use HAProxy's control + socket for some configuration updates and fall back to fork and + reload for other configuration updates. This is a newer approach, + which may be less mature than ForkAndReload. This setting can + improve load-balancing fairness and metrics accuracy and reduce CPU + and memory usage if HAProxy has frequent configuration updates for + route and endpoints updates. + + Note: The "Dynamic" option is currently experimental and should not + be enabled on production clusters. + enum: + - Dynamic + - ForkAndReload + type: string connectTimeout: description: |- connectTimeout defines the maximum time to wait for @@ -3290,11 +3316,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -3307,13 +3336,13 @@ spec: When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve. + libraries they use. If specified, the list must contain at least one curve and each curve must be unique. - For example, to use X25519 and SecP256r1 (yaml): + For example, to use X25519 and secp256r1 (yaml): curves: - X25519 - - SecP256r1 + - secp256r1 items: description: |- TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. @@ -3322,9 +3351,9 @@ spec: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 enum: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 type: string maxItems: 5 diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml index 13c6c8aec62..026d2dcd509 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml @@ -1843,9 +1843,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -2009,11 +2010,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -2039,7 +2043,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -2053,8 +2057,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -2062,7 +2064,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -2077,7 +2079,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -2091,23 +2093,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -2118,9 +2112,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -3258,11 +3253,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml index 54921998907..4ffe3b4603d 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml @@ -1843,9 +1843,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -2009,11 +2010,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -2026,13 +2030,13 @@ spec: When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve. + libraries they use. If specified, the list must contain at least one curve and each curve must be unique. - For example, to use X25519 and SecP256r1 (yaml): + For example, to use X25519 and secp256r1 (yaml): curves: - X25519 - - SecP256r1 + - secp256r1 items: description: |- TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. @@ -2041,9 +2045,9 @@ spec: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 enum: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 type: string maxItems: 5 @@ -2071,7 +2075,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -2085,8 +2089,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -2094,7 +2096,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -2109,7 +2111,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -2123,23 +2125,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -2150,9 +2144,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -2202,6 +2197,37 @@ spec: If unset, the default timeout is 30s format: duration type: string + configurationManagement: + description: |- + configurationManagement specifies how OpenShift router should update + the HAProxy configuration. The following values are valid for this + field: + + * "ForkAndReload". + * "Dynamic". + + Omitting this field means that the user has no opinion and the + platform may choose a reasonable default. This default is subject to + change over time. The current default is "ForkAndReload". + + "ForkAndReload" means that OpenShift router should rewrite the + HAProxy configuration file and instruct HAProxy to fork and reload. + This is OpenShift router's traditional approach. + + "Dynamic" means that OpenShift router may use HAProxy's control + socket for some configuration updates and fall back to fork and + reload for other configuration updates. This is a newer approach, + which may be less mature than ForkAndReload. This setting can + improve load-balancing fairness and metrics accuracy and reduce CPU + and memory usage if HAProxy has frequent configuration updates for + route and endpoints updates. + + Note: The "Dynamic" option is currently experimental and should not + be enabled on production clusters. + enum: + - Dynamic + - ForkAndReload + type: string connectTimeout: description: |- connectTimeout defines the maximum time to wait for @@ -3290,11 +3316,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -3307,13 +3336,13 @@ spec: When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve. + libraries they use. If specified, the list must contain at least one curve and each curve must be unique. - For example, to use X25519 and SecP256r1 (yaml): + For example, to use X25519 and secp256r1 (yaml): curves: - X25519 - - SecP256r1 + - secp256r1 items: description: |- TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. @@ -3322,9 +3351,9 @@ spec: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 enum: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 type: string maxItems: 5 diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml index 4cd3e405431..fca028a1de7 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml @@ -2010,11 +2010,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -2040,7 +2043,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -2054,8 +2057,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -2063,7 +2064,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -2078,7 +2079,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -2092,23 +2093,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -2119,9 +2112,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -3259,11 +3253,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml index c752ebb4261..382b4e815ef 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml @@ -1843,9 +1843,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -2009,11 +2010,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -2026,13 +2030,13 @@ spec: When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve. + libraries they use. If specified, the list must contain at least one curve and each curve must be unique. - For example, to use X25519 and SecP256r1 (yaml): + For example, to use X25519 and secp256r1 (yaml): curves: - X25519 - - SecP256r1 + - secp256r1 items: description: |- TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. @@ -2041,9 +2045,9 @@ spec: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 enum: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 type: string maxItems: 5 @@ -2071,7 +2075,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -2085,8 +2089,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -2094,7 +2096,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -2109,7 +2111,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -2123,23 +2125,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -2150,9 +2144,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -2202,6 +2197,37 @@ spec: If unset, the default timeout is 30s format: duration type: string + configurationManagement: + description: |- + configurationManagement specifies how OpenShift router should update + the HAProxy configuration. The following values are valid for this + field: + + * "ForkAndReload". + * "Dynamic". + + Omitting this field means that the user has no opinion and the + platform may choose a reasonable default. This default is subject to + change over time. The current default is "ForkAndReload". + + "ForkAndReload" means that OpenShift router should rewrite the + HAProxy configuration file and instruct HAProxy to fork and reload. + This is OpenShift router's traditional approach. + + "Dynamic" means that OpenShift router may use HAProxy's control + socket for some configuration updates and fall back to fork and + reload for other configuration updates. This is a newer approach, + which may be less mature than ForkAndReload. This setting can + improve load-balancing fairness and metrics accuracy and reduce CPU + and memory usage if HAProxy has frequent configuration updates for + route and endpoints updates. + + Note: The "Dynamic" option is currently experimental and should not + be enabled on production clusters. + enum: + - Dynamic + - ForkAndReload + type: string connectTimeout: description: |- connectTimeout defines the maximum time to wait for @@ -3290,11 +3316,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -3307,13 +3336,13 @@ spec: When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve. + libraries they use. If specified, the list must contain at least one curve and each curve must be unique. - For example, to use X25519 and SecP256r1 (yaml): + For example, to use X25519 and secp256r1 (yaml): curves: - X25519 - - SecP256r1 + - secp256r1 items: description: |- TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. @@ -3322,9 +3351,9 @@ spec: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 enum: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 type: string maxItems: 5 diff --git a/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml index 7fcb1ab52e6..8a5b61589a9 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml @@ -273,37 +273,6 @@ spec: description: ovnKubernetesConfig configures the ovn-kubernetes plugin. properties: - bgpManagedConfig: - description: |- - bgpManagedConfig configures the BGP properties for networks (default network or CUDNs) - in no-overlay mode that specify routing="Managed" in their noOverlayConfig. - It is required when noOverlayConfig.routing is set to "Managed". - When omitted, this means the user does not configure BGP for managed routing. - This field can be set at installation time or on day 2, and can be modified at any time. - properties: - asNumber: - default: 64512 - description: |- - asNumber is the 2-byte or 4-byte Autonomous System Number (ASN) - to be used in the generated FRR configuration. - Valid values are 1 to 4294967295. - When omitted, this defaults to 64512. - format: int64 - maximum: 4294967295 - minimum: 1 - type: integer - bgpTopology: - description: |- - bgpTopology defines the BGP topology to be used. - Allowed values are "FullMesh". - When set to "FullMesh", every node peers directly with every other node via BGP. - This field is required when BGPManagedConfig is specified. - enum: - - FullMesh - type: string - required: - - bgpTopology - type: object egressIPConfig: description: egressIPConfig holds the configuration for EgressIP options. @@ -585,44 +554,6 @@ spec: format: int32 minimum: 0 type: integer - noOverlayConfig: - description: |- - noOverlayConfig contains configuration for no-overlay mode. - This configuration applies to the default network only. - It is required when transport is "NoOverlay". - When omitted, this means the user does not configure no-overlay mode options. - properties: - outboundSNAT: - description: |- - outboundSNAT defines the SNAT behavior for outbound traffic from pods. - Allowed values are "Enabled" and "Disabled". - When set to "Enabled", SNAT is performed on outbound traffic from pods. - When set to "Disabled", SNAT is not performed and pod IPs are preserved in outbound traffic. - This field is required when the network operates in no-overlay mode. - This field can be set to any value at installation time and can be changed afterwards. - enum: - - Enabled - - Disabled - type: string - routing: - description: |- - routing specifies whether the pod network routing is managed by OVN-Kubernetes or users. - Allowed values are "Managed" and "Unmanaged". - When set to "Managed", OVN-Kubernetes manages the pod network routing configuration through BGP. - When set to "Unmanaged", users are responsible for configuring the pod network routing. - This field is required when the network operates in no-overlay mode. - This field is immutable once set. - enum: - - Managed - - Unmanaged - type: string - x-kubernetes-validations: - - message: routing is immutable once set - rule: self == oldSelf - required: - - outboundSNAT - - routing - type: object policyAuditConfig: description: |- policyAuditConfig is the configuration for network policy audit events. If unset, @@ -687,24 +618,6 @@ spec: - Enabled - Disabled type: string - transport: - description: |- - transport sets the transport mode for pods on the default network. - Allowed values are "NoOverlay" and "Geneve". - "NoOverlay" avoids tunnel encapsulation, routing pod traffic directly between nodes. - "Geneve" encapsulates pod traffic using Geneve tunnels between nodes. - When omitted, this means the user has no opinion and the platform chooses - a reasonable default which is subject to change over time. - The current default is "Geneve". - "NoOverlay" can only be set at installation time and cannot be changed afterwards. - "Geneve" may be set explicitly at any time to lock in the current default. - enum: - - NoOverlay - - Geneve - type: string - x-kubernetes-validations: - - message: transport is immutable once set - rule: self == oldSelf v4InternalSubnet: description: |- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the @@ -722,26 +635,6 @@ spec: Default is fd98::/64 type: string type: object - x-kubernetes-validations: - - message: routeAdvertisements must be Enabled when transport - is NoOverlay - rule: 'self.?transport.orValue('''') == ''NoOverlay'' ? self.?routeAdvertisements.orValue('''') - == ''Enabled'' : true' - - message: noOverlayConfig must be set if transport is NoOverlay, - and is forbidden otherwise - rule: 'self.?transport.orValue('''') == ''NoOverlay'' ? has(self.noOverlayConfig) - : !has(self.noOverlayConfig)' - - message: bgpManagedConfig is required when noOverlayConfig.routing - is Managed - rule: 'self.?noOverlayConfig.routing.orValue('''') == ''Managed'' - ? has(self.bgpManagedConfig) : true' - - message: transport can only be set to Geneve after installation - rule: '!has(self.transport) || self.transport == ''Geneve'' - || has(oldSelf.transport)' - - message: transport may not be removed once set - rule: '!has(oldSelf.transport) || has(self.transport)' - - message: noOverlayConfig may not be removed once set - rule: '!has(oldSelf.noOverlayConfig) || has(self.noOverlayConfig)' type: description: |- type is the type of network diff --git a/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml index e6a3bedcebe..541ab3830ce 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml @@ -273,37 +273,6 @@ spec: description: ovnKubernetesConfig configures the ovn-kubernetes plugin. properties: - bgpManagedConfig: - description: |- - bgpManagedConfig configures the BGP properties for networks (default network or CUDNs) - in no-overlay mode that specify routing="Managed" in their noOverlayConfig. - It is required when noOverlayConfig.routing is set to "Managed". - When omitted, this means the user does not configure BGP for managed routing. - This field can be set at installation time or on day 2, and can be modified at any time. - properties: - asNumber: - default: 64512 - description: |- - asNumber is the 2-byte or 4-byte Autonomous System Number (ASN) - to be used in the generated FRR configuration. - Valid values are 1 to 4294967295. - When omitted, this defaults to 64512. - format: int64 - maximum: 4294967295 - minimum: 1 - type: integer - bgpTopology: - description: |- - bgpTopology defines the BGP topology to be used. - Allowed values are "FullMesh". - When set to "FullMesh", every node peers directly with every other node via BGP. - This field is required when BGPManagedConfig is specified. - enum: - - FullMesh - type: string - required: - - bgpTopology - type: object egressIPConfig: description: egressIPConfig holds the configuration for EgressIP options. @@ -585,44 +554,6 @@ spec: format: int32 minimum: 0 type: integer - noOverlayConfig: - description: |- - noOverlayConfig contains configuration for no-overlay mode. - This configuration applies to the default network only. - It is required when transport is "NoOverlay". - When omitted, this means the user does not configure no-overlay mode options. - properties: - outboundSNAT: - description: |- - outboundSNAT defines the SNAT behavior for outbound traffic from pods. - Allowed values are "Enabled" and "Disabled". - When set to "Enabled", SNAT is performed on outbound traffic from pods. - When set to "Disabled", SNAT is not performed and pod IPs are preserved in outbound traffic. - This field is required when the network operates in no-overlay mode. - This field can be set to any value at installation time and can be changed afterwards. - enum: - - Enabled - - Disabled - type: string - routing: - description: |- - routing specifies whether the pod network routing is managed by OVN-Kubernetes or users. - Allowed values are "Managed" and "Unmanaged". - When set to "Managed", OVN-Kubernetes manages the pod network routing configuration through BGP. - When set to "Unmanaged", users are responsible for configuring the pod network routing. - This field is required when the network operates in no-overlay mode. - This field is immutable once set. - enum: - - Managed - - Unmanaged - type: string - x-kubernetes-validations: - - message: routing is immutable once set - rule: self == oldSelf - required: - - outboundSNAT - - routing - type: object policyAuditConfig: description: |- policyAuditConfig is the configuration for network policy audit events. If unset, @@ -687,24 +618,6 @@ spec: - Enabled - Disabled type: string - transport: - description: |- - transport sets the transport mode for pods on the default network. - Allowed values are "NoOverlay" and "Geneve". - "NoOverlay" avoids tunnel encapsulation, routing pod traffic directly between nodes. - "Geneve" encapsulates pod traffic using Geneve tunnels between nodes. - When omitted, this means the user has no opinion and the platform chooses - a reasonable default which is subject to change over time. - The current default is "Geneve". - "NoOverlay" can only be set at installation time and cannot be changed afterwards. - "Geneve" may be set explicitly at any time to lock in the current default. - enum: - - NoOverlay - - Geneve - type: string - x-kubernetes-validations: - - message: transport is immutable once set - rule: self == oldSelf v4InternalSubnet: description: |- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the @@ -722,26 +635,6 @@ spec: Default is fd98::/64 type: string type: object - x-kubernetes-validations: - - message: routeAdvertisements must be Enabled when transport - is NoOverlay - rule: 'self.?transport.orValue('''') == ''NoOverlay'' ? self.?routeAdvertisements.orValue('''') - == ''Enabled'' : true' - - message: noOverlayConfig must be set if transport is NoOverlay, - and is forbidden otherwise - rule: 'self.?transport.orValue('''') == ''NoOverlay'' ? has(self.noOverlayConfig) - : !has(self.noOverlayConfig)' - - message: bgpManagedConfig is required when noOverlayConfig.routing - is Managed - rule: 'self.?noOverlayConfig.routing.orValue('''') == ''Managed'' - ? has(self.bgpManagedConfig) : true' - - message: transport can only be set to Geneve after installation - rule: '!has(self.transport) || self.transport == ''Geneve'' - || has(oldSelf.transport)' - - message: transport may not be removed once set - rule: '!has(oldSelf.transport) || has(self.transport)' - - message: noOverlayConfig may not be removed once set - rule: '!has(oldSelf.noOverlayConfig) || has(self.noOverlayConfig)' type: description: |- type is the type of network diff --git a/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-Default.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-Default.crd.yaml index 58dcee7c304..2e65e97c84d 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-Default.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-Default.crd.yaml @@ -46,98 +46,6 @@ spec: description: spec is the specification of the desired behavior of the Machine Config Operator properties: - bootImageSkewEnforcement: - description: |- - bootImageSkewEnforcement allows an admin to configure how boot image version skew is - enforced on the cluster. - When omitted, this will default to Automatic for clusters that support automatic boot image updates. - For clusters that do not support automatic boot image updates, cluster upgrades will be disabled until - a skew enforcement mode has been specified. - When version skew is being enforced, cluster upgrades will be disabled until the version skew is deemed - acceptable for the current release payload. - properties: - manual: - description: |- - manual describes the current boot image of the cluster. - This should be set to the oldest boot image used amongst all machine resources in the cluster. - This must include either the RHCOS version of the boot image or the OCP release version which shipped with that - RHCOS boot image. - Required when mode is set to "Manual" and forbidden otherwise. - properties: - mode: - description: |- - mode is used to configure which boot image field is defined in Manual mode. - Valid values are OCPVersion and RHCOSVersion. - OCPVersion means that the cluster admin is expected to set the OCP version associated with the last boot image update - in the OCPVersion field. - RHCOSVersion means that the cluster admin is expected to set the RHCOS version associated with the last boot image update - in the RHCOSVersion field. - This field is required. - enum: - - OCPVersion - - RHCOSVersion - type: string - ocpVersion: - description: |- - ocpVersion provides a string which represents the OCP version of the boot image. - This field must match the OCP semver compatible format of x.y.z. This field must be between - 5 and 10 characters long. - Required when mode is set to "OCPVersion" and forbidden otherwise. - maxLength: 10 - minLength: 5 - type: string - x-kubernetes-validations: - - message: ocpVersion must match the OCP semver compatible - format of x.y.z - rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') - rhcosVersion: - description: |- - rhcosVersion provides a string which represents the RHCOS version of the boot image - This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy - format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between - 14 and 21 characters long. - Required when mode is set to "RHCOSVersion" and forbidden otherwise. - maxLength: 21 - minLength: 14 - type: string - x-kubernetes-validations: - - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] - or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] - rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') - required: - - mode - type: object - x-kubernetes-validations: - - message: ocpVersion is required when mode is OCPVersion, and - forbidden otherwise - rule: 'has(self.mode) && (self.mode ==''OCPVersion'') ? has(self.ocpVersion) - : !has(self.ocpVersion)' - - message: rhcosVersion is required when mode is RHCOSVersion, - and forbidden otherwise - rule: 'has(self.mode) && (self.mode ==''RHCOSVersion'') ? has(self.rhcosVersion) - : !has(self.rhcosVersion)' - mode: - description: |- - mode determines the underlying behavior of skew enforcement mechanism. - Valid values are Manual and None. - Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP - & RHCOS version associated with the last boot image update in the manual field. - In Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the - skew limit described by the release image. - None means that the MCO will no longer monitor the boot image skew. This may affect - the cluster's ability to scale. - This field is required. - enum: - - Manual - - None - type: string - required: - - mode - type: object - x-kubernetes-validations: - - message: manual is required when mode is Manual, and forbidden otherwise - rule: 'has(self.mode) && (self.mode ==''Manual'') ? has(self.manual) - : !has(self.manual)' failedRevisionLimit: description: |- failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api @@ -749,140 +657,6 @@ spec: description: status is the most recently observed status of the Machine Config Operator properties: - bootImageSkewEnforcementStatus: - description: |- - bootImageSkewEnforcementStatus reflects what the latest cluster-validated boot image skew enforcement - configuration is and will be used by Machine Config Controller while performing boot image skew enforcement. - When omitted, the MCO has no knowledge of how to enforce boot image skew. When the MCO does not know how - boot image skew should be enforced, cluster upgrades will be blocked until it can either automatically - determine skew enforcement or there is an explicit skew enforcement configuration provided in the - spec.bootImageSkewEnforcement field. - properties: - automatic: - description: |- - automatic describes the current boot image of the cluster. - This will be populated by the MCO when performing boot image updates. This value will be compared against - the cluster's skew limit to determine skew compliance. - Required when mode is set to "Automatic" and forbidden otherwise. - minProperties: 1 - properties: - ocpVersion: - description: |- - ocpVersion provides a string which represents the OCP version of the boot image. - This field must match the OCP semver compatible format of x.y.z. This field must be between - 5 and 10 characters long. - maxLength: 10 - minLength: 5 - type: string - x-kubernetes-validations: - - message: ocpVersion must match the OCP semver compatible - format of x.y.z - rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') - rhcosVersion: - description: |- - rhcosVersion provides a string which represents the RHCOS version of the boot image - This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy - format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between - 14 and 21 characters long. - maxLength: 21 - minLength: 14 - type: string - x-kubernetes-validations: - - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] - or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] - rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') - type: object - x-kubernetes-validations: - - message: at least one of ocpVersion or rhcosVersion is required - rule: has(self.ocpVersion) || has(self.rhcosVersion) - manual: - description: |- - manual describes the current boot image of the cluster. - This will be populated by the MCO using the values provided in the spec.bootImageSkewEnforcement.manual field. - This value will be compared against the cluster's skew limit to determine skew compliance. - Required when mode is set to "Manual" and forbidden otherwise. - properties: - mode: - description: |- - mode is used to configure which boot image field is defined in Manual mode. - Valid values are OCPVersion and RHCOSVersion. - OCPVersion means that the cluster admin is expected to set the OCP version associated with the last boot image update - in the OCPVersion field. - RHCOSVersion means that the cluster admin is expected to set the RHCOS version associated with the last boot image update - in the RHCOSVersion field. - This field is required. - enum: - - OCPVersion - - RHCOSVersion - type: string - ocpVersion: - description: |- - ocpVersion provides a string which represents the OCP version of the boot image. - This field must match the OCP semver compatible format of x.y.z. This field must be between - 5 and 10 characters long. - Required when mode is set to "OCPVersion" and forbidden otherwise. - maxLength: 10 - minLength: 5 - type: string - x-kubernetes-validations: - - message: ocpVersion must match the OCP semver compatible - format of x.y.z - rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') - rhcosVersion: - description: |- - rhcosVersion provides a string which represents the RHCOS version of the boot image - This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy - format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between - 14 and 21 characters long. - Required when mode is set to "RHCOSVersion" and forbidden otherwise. - maxLength: 21 - minLength: 14 - type: string - x-kubernetes-validations: - - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] - or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] - rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') - required: - - mode - type: object - x-kubernetes-validations: - - message: ocpVersion is required when mode is OCPVersion, and - forbidden otherwise - rule: 'has(self.mode) && (self.mode ==''OCPVersion'') ? has(self.ocpVersion) - : !has(self.ocpVersion)' - - message: rhcosVersion is required when mode is RHCOSVersion, - and forbidden otherwise - rule: 'has(self.mode) && (self.mode ==''RHCOSVersion'') ? has(self.rhcosVersion) - : !has(self.rhcosVersion)' - mode: - description: |- - mode determines the underlying behavior of skew enforcement mechanism. - Valid values are Automatic, Manual and None. - Automatic means that the MCO will perform boot image updates and store the - OCP & RHCOS version associated with the last boot image update in the automatic field. - Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP - & RHCOS version associated with the last boot image update in the manual field. - In Automatic and Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the - skew limit described by the release image. - None means that the MCO will no longer monitor the boot image skew. This may affect - the cluster's ability to scale. - This field is required. - enum: - - Automatic - - Manual - - None - type: string - required: - - mode - type: object - x-kubernetes-validations: - - message: automatic is required when mode is Automatic, and forbidden - otherwise - rule: 'has(self.mode) && (self.mode == ''Automatic'') ? has(self.automatic) - : !has(self.automatic)' - - message: manual is required when mode is Manual, and forbidden otherwise - rule: 'has(self.mode) && (self.mode == ''Manual'') ? has(self.manual) - : !has(self.manual)' conditions: description: conditions is a list of conditions and their status items: @@ -1485,32 +1259,6 @@ spec: required: - spec type: object - x-kubernetes-validations: - - message: when skew enforcement is in Automatic mode, a boot image configuration - is required - rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' - ? self.?spec.managedBootImages.hasValue() || self.?status.managedBootImagesStatus.hasValue() - : true' - - message: when skew enforcement is in Automatic mode, managedBootImages.machineManagers - must not be an empty list - rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' - ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || size(self.spec.managedBootImages.machineManagers) - > 0 : true' - - message: when skew enforcement is in Automatic mode, any MachineAPI MachineSet - MachineManager must use selection mode 'All' - rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' - ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || !self.spec.managedBootImages.machineManagers.exists(m, - m.resource == ''machinesets'' && m.apiGroup == ''machine.openshift.io'') - || self.spec.managedBootImages.machineManagers.exists(m, m.resource == - ''machinesets'' && m.apiGroup == ''machine.openshift.io'' && m.selection.mode - == ''All'') : true' - - message: when skew enforcement is in Automatic mode, managedBootImagesStatus - must contain a MachineManager opting in all MachineAPI MachineSets - rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' - ? !(self.?status.managedBootImagesStatus.machineManagers.hasValue()) || - self.status.managedBootImagesStatus.machineManagers.exists(m, m.selection.mode - == ''All'' && m.resource == ''machinesets'' && m.apiGroup == ''machine.openshift.io''): - true' served: true storage: true subresources: diff --git a/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-OKD.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-OKD.crd.yaml index eaffd23a329..1d160022849 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-OKD.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-OKD.crd.yaml @@ -46,98 +46,6 @@ spec: description: spec is the specification of the desired behavior of the Machine Config Operator properties: - bootImageSkewEnforcement: - description: |- - bootImageSkewEnforcement allows an admin to configure how boot image version skew is - enforced on the cluster. - When omitted, this will default to Automatic for clusters that support automatic boot image updates. - For clusters that do not support automatic boot image updates, cluster upgrades will be disabled until - a skew enforcement mode has been specified. - When version skew is being enforced, cluster upgrades will be disabled until the version skew is deemed - acceptable for the current release payload. - properties: - manual: - description: |- - manual describes the current boot image of the cluster. - This should be set to the oldest boot image used amongst all machine resources in the cluster. - This must include either the RHCOS version of the boot image or the OCP release version which shipped with that - RHCOS boot image. - Required when mode is set to "Manual" and forbidden otherwise. - properties: - mode: - description: |- - mode is used to configure which boot image field is defined in Manual mode. - Valid values are OCPVersion and RHCOSVersion. - OCPVersion means that the cluster admin is expected to set the OCP version associated with the last boot image update - in the OCPVersion field. - RHCOSVersion means that the cluster admin is expected to set the RHCOS version associated with the last boot image update - in the RHCOSVersion field. - This field is required. - enum: - - OCPVersion - - RHCOSVersion - type: string - ocpVersion: - description: |- - ocpVersion provides a string which represents the OCP version of the boot image. - This field must match the OCP semver compatible format of x.y.z. This field must be between - 5 and 10 characters long. - Required when mode is set to "OCPVersion" and forbidden otherwise. - maxLength: 10 - minLength: 5 - type: string - x-kubernetes-validations: - - message: ocpVersion must match the OCP semver compatible - format of x.y.z - rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') - rhcosVersion: - description: |- - rhcosVersion provides a string which represents the RHCOS version of the boot image - This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy - format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between - 14 and 21 characters long. - Required when mode is set to "RHCOSVersion" and forbidden otherwise. - maxLength: 21 - minLength: 14 - type: string - x-kubernetes-validations: - - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] - or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] - rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') - required: - - mode - type: object - x-kubernetes-validations: - - message: ocpVersion is required when mode is OCPVersion, and - forbidden otherwise - rule: 'has(self.mode) && (self.mode ==''OCPVersion'') ? has(self.ocpVersion) - : !has(self.ocpVersion)' - - message: rhcosVersion is required when mode is RHCOSVersion, - and forbidden otherwise - rule: 'has(self.mode) && (self.mode ==''RHCOSVersion'') ? has(self.rhcosVersion) - : !has(self.rhcosVersion)' - mode: - description: |- - mode determines the underlying behavior of skew enforcement mechanism. - Valid values are Manual and None. - Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP - & RHCOS version associated with the last boot image update in the manual field. - In Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the - skew limit described by the release image. - None means that the MCO will no longer monitor the boot image skew. This may affect - the cluster's ability to scale. - This field is required. - enum: - - Manual - - None - type: string - required: - - mode - type: object - x-kubernetes-validations: - - message: manual is required when mode is Manual, and forbidden otherwise - rule: 'has(self.mode) && (self.mode ==''Manual'') ? has(self.manual) - : !has(self.manual)' failedRevisionLimit: description: |- failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api @@ -749,140 +657,6 @@ spec: description: status is the most recently observed status of the Machine Config Operator properties: - bootImageSkewEnforcementStatus: - description: |- - bootImageSkewEnforcementStatus reflects what the latest cluster-validated boot image skew enforcement - configuration is and will be used by Machine Config Controller while performing boot image skew enforcement. - When omitted, the MCO has no knowledge of how to enforce boot image skew. When the MCO does not know how - boot image skew should be enforced, cluster upgrades will be blocked until it can either automatically - determine skew enforcement or there is an explicit skew enforcement configuration provided in the - spec.bootImageSkewEnforcement field. - properties: - automatic: - description: |- - automatic describes the current boot image of the cluster. - This will be populated by the MCO when performing boot image updates. This value will be compared against - the cluster's skew limit to determine skew compliance. - Required when mode is set to "Automatic" and forbidden otherwise. - minProperties: 1 - properties: - ocpVersion: - description: |- - ocpVersion provides a string which represents the OCP version of the boot image. - This field must match the OCP semver compatible format of x.y.z. This field must be between - 5 and 10 characters long. - maxLength: 10 - minLength: 5 - type: string - x-kubernetes-validations: - - message: ocpVersion must match the OCP semver compatible - format of x.y.z - rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') - rhcosVersion: - description: |- - rhcosVersion provides a string which represents the RHCOS version of the boot image - This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy - format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between - 14 and 21 characters long. - maxLength: 21 - minLength: 14 - type: string - x-kubernetes-validations: - - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] - or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] - rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') - type: object - x-kubernetes-validations: - - message: at least one of ocpVersion or rhcosVersion is required - rule: has(self.ocpVersion) || has(self.rhcosVersion) - manual: - description: |- - manual describes the current boot image of the cluster. - This will be populated by the MCO using the values provided in the spec.bootImageSkewEnforcement.manual field. - This value will be compared against the cluster's skew limit to determine skew compliance. - Required when mode is set to "Manual" and forbidden otherwise. - properties: - mode: - description: |- - mode is used to configure which boot image field is defined in Manual mode. - Valid values are OCPVersion and RHCOSVersion. - OCPVersion means that the cluster admin is expected to set the OCP version associated with the last boot image update - in the OCPVersion field. - RHCOSVersion means that the cluster admin is expected to set the RHCOS version associated with the last boot image update - in the RHCOSVersion field. - This field is required. - enum: - - OCPVersion - - RHCOSVersion - type: string - ocpVersion: - description: |- - ocpVersion provides a string which represents the OCP version of the boot image. - This field must match the OCP semver compatible format of x.y.z. This field must be between - 5 and 10 characters long. - Required when mode is set to "OCPVersion" and forbidden otherwise. - maxLength: 10 - minLength: 5 - type: string - x-kubernetes-validations: - - message: ocpVersion must match the OCP semver compatible - format of x.y.z - rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') - rhcosVersion: - description: |- - rhcosVersion provides a string which represents the RHCOS version of the boot image - This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy - format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between - 14 and 21 characters long. - Required when mode is set to "RHCOSVersion" and forbidden otherwise. - maxLength: 21 - minLength: 14 - type: string - x-kubernetes-validations: - - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] - or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] - rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') - required: - - mode - type: object - x-kubernetes-validations: - - message: ocpVersion is required when mode is OCPVersion, and - forbidden otherwise - rule: 'has(self.mode) && (self.mode ==''OCPVersion'') ? has(self.ocpVersion) - : !has(self.ocpVersion)' - - message: rhcosVersion is required when mode is RHCOSVersion, - and forbidden otherwise - rule: 'has(self.mode) && (self.mode ==''RHCOSVersion'') ? has(self.rhcosVersion) - : !has(self.rhcosVersion)' - mode: - description: |- - mode determines the underlying behavior of skew enforcement mechanism. - Valid values are Automatic, Manual and None. - Automatic means that the MCO will perform boot image updates and store the - OCP & RHCOS version associated with the last boot image update in the automatic field. - Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP - & RHCOS version associated with the last boot image update in the manual field. - In Automatic and Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the - skew limit described by the release image. - None means that the MCO will no longer monitor the boot image skew. This may affect - the cluster's ability to scale. - This field is required. - enum: - - Automatic - - Manual - - None - type: string - required: - - mode - type: object - x-kubernetes-validations: - - message: automatic is required when mode is Automatic, and forbidden - otherwise - rule: 'has(self.mode) && (self.mode == ''Automatic'') ? has(self.automatic) - : !has(self.automatic)' - - message: manual is required when mode is Manual, and forbidden otherwise - rule: 'has(self.mode) && (self.mode == ''Manual'') ? has(self.manual) - : !has(self.manual)' conditions: description: conditions is a list of conditions and their status items: @@ -1485,32 +1259,6 @@ spec: required: - spec type: object - x-kubernetes-validations: - - message: when skew enforcement is in Automatic mode, a boot image configuration - is required - rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' - ? self.?spec.managedBootImages.hasValue() || self.?status.managedBootImagesStatus.hasValue() - : true' - - message: when skew enforcement is in Automatic mode, managedBootImages.machineManagers - must not be an empty list - rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' - ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || size(self.spec.managedBootImages.machineManagers) - > 0 : true' - - message: when skew enforcement is in Automatic mode, any MachineAPI MachineSet - MachineManager must use selection mode 'All' - rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' - ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || !self.spec.managedBootImages.machineManagers.exists(m, - m.resource == ''machinesets'' && m.apiGroup == ''machine.openshift.io'') - || self.spec.managedBootImages.machineManagers.exists(m, m.resource == - ''machinesets'' && m.apiGroup == ''machine.openshift.io'' && m.selection.mode - == ''All'') : true' - - message: when skew enforcement is in Automatic mode, managedBootImagesStatus - must contain a MachineManager opting in all MachineAPI MachineSets - rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' - ? !(self.?status.managedBootImagesStatus.machineManagers.hasValue()) || - self.status.managedBootImagesStatus.machineManagers.exists(m, m.selection.mode - == ''All'' && m.resource == ''machinesets'' && m.apiGroup == ''machine.openshift.io''): - true' served: true storage: true subresources: diff --git a/operator/v1/zz_generated.featuregated-crd-manifests.yaml b/operator/v1/zz_generated.featuregated-crd-manifests.yaml index c71164a5726..595040b2c65 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests.yaml @@ -69,6 +69,7 @@ clustercsidrivers.operator.openshift.io: Capability: "" Category: "" FeatureGates: + - AWSEuropeanSovereignCloudInstall - VSphereConfigurableMaxAllowedBlockVolumesPerNode FilenameOperatorName: csi-driver FilenameOperatorOrdering: "01" @@ -176,6 +177,7 @@ ingresscontrollers.operator.openshift.io: Capability: Ingress Category: "" FeatureGates: + - IngressControllerDynamicConfigurationManager - TLSCurvePreferences FilenameOperatorName: ingress FilenameOperatorOrdering: "00" @@ -306,8 +308,7 @@ machineconfigurations.operator.openshift.io: FeatureGates: - BootImageSkewEnforcement - IrreconcilableMachineConfig - - ManagedBootImages - - ManagedBootImages+ManagedBootImagesCPMS + - ManagedBootImagesCPMS FilenameOperatorName: machine-config FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_80" @@ -328,7 +329,8 @@ networks.operator.openshift.io: CRDName: networks.operator.openshift.io Capability: "" Category: "" - FeatureGates: [] + FeatureGates: + - NoOverlayMode FilenameOperatorName: network FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_70" diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml index 97248333389..6d54a080b9a 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml @@ -2003,11 +2003,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -2033,7 +2036,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -2047,8 +2050,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -2056,7 +2057,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -2071,7 +2072,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -2085,23 +2086,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -2112,9 +2105,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -3241,11 +3235,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/IngressControllerDynamicConfigurationManager.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/IngressControllerDynamicConfigurationManager.yaml index 883dd6d1ecb..3effd754604 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/IngressControllerDynamicConfigurationManager.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/IngressControllerDynamicConfigurationManager.yaml @@ -1986,8 +1986,11 @@ spec: custom: description: |- custom is a user-defined TLS security profile. Be extremely careful using a custom - profile as invalid configurations can be catastrophic. An example custom profile - looks like this: + profile as invalid configurations can be catastrophic. + + The curve list for this profile is empty by default. + + An example custom profile looks like this: minTLSVersion: VersionTLS11 ciphers: @@ -2032,6 +2035,9 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. + The curve list includes by default the following curves: + X25519, secp256r1, secp384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 ciphers: @@ -2050,7 +2056,8 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - + The curve list includes by default the following curves: + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -2064,6 +2071,9 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. + The curve list includes by default the following curves: + X25519, secp256r1, secp384r1, X25519MLKEM768. + This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 ciphers: diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml index 4527400dec1..e322f9f1aa8 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml @@ -1836,9 +1836,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -2002,11 +2003,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -2019,13 +2023,13 @@ spec: When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve. + libraries they use. If specified, the list must contain at least one curve and each curve must be unique. - For example, to use X25519 and SecP256r1 (yaml): + For example, to use X25519 and secp256r1 (yaml): curves: - X25519 - - SecP256r1 + - secp256r1 items: description: |- TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. @@ -2034,9 +2038,9 @@ spec: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 enum: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 type: string maxItems: 5 @@ -2064,7 +2068,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -2078,8 +2082,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -2087,7 +2089,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -2102,7 +2104,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -2116,23 +2118,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -2143,9 +2137,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -3272,11 +3267,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -3289,13 +3287,13 @@ spec: When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve. + libraries they use. If specified, the list must contain at least one curve and each curve must be unique. - For example, to use X25519 and SecP256r1 (yaml): + For example, to use X25519 and secp256r1 (yaml): curves: - X25519 - - SecP256r1 + - secp256r1 items: description: |- TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. @@ -3304,9 +3302,9 @@ spec: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 enum: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 type: string maxItems: 5 diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml index cd5c1a61a81..c14e3c36855 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml @@ -355,11 +355,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -372,13 +375,13 @@ spec: When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve. + libraries they use. If specified, the list must contain at least one curve and each curve must be unique. - For example, to use X25519 and SecP256r1 (yaml): + For example, to use X25519 and secp256r1 (yaml): curves: - X25519 - - SecP256r1 + - secp256r1 items: description: |- TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. @@ -387,9 +390,9 @@ spec: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 enum: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 type: string maxItems: 5 @@ -417,7 +420,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -431,8 +434,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -440,7 +441,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -455,7 +456,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -469,23 +470,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -496,9 +489,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-Default.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-Default.crd.yaml index 8ba7facfc69..a85382e5d90 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-Default.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-Default.crd.yaml @@ -250,11 +250,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -280,7 +283,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -294,8 +297,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -303,7 +304,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -318,7 +319,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -332,23 +333,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -359,9 +352,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml index 73781b19307..9c6194b3864 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml @@ -292,42 +292,6 @@ spec: type: array x-kubernetes-list-type: atomic type: object - tlsAdherence: - description: |- - tlsAdherence controls if components in the cluster adhere to the TLS security profile - configured on this APIServer resource. - - Valid values are "LegacyAdheringComponentsOnly" and "StrictAllComponents". - - When set to "LegacyAdheringComponentsOnly", components that already honor the - cluster-wide TLS profile continue to do so. Components that do not already honor - it continue to use their individual TLS configurations. - - When set to "StrictAllComponents", all components must honor the configured TLS - profile unless they have a component-specific TLS configuration that overrides - it. This mode is recommended for security-conscious deployments and is required - for certain compliance frameworks. - - Note: Some components such as Kubelet and IngressController have their own - dedicated TLS configuration mechanisms via KubeletConfig and IngressController - CRs respectively. When these component-specific TLS configurations are set, - they take precedence over the cluster-wide tlsSecurityProfile. When not set, - these components fall back to the cluster-wide default. - - Components that encounter an unknown value for tlsAdherence should treat it - as "StrictAllComponents" and log a warning to ensure forward compatibility - while defaulting to the more secure behavior. - - This field is optional. - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is LegacyAdheringComponentsOnly. - - Once set, this field may be changed to a different value, but may not be removed. - enum: - - LegacyAdheringComponentsOnly - - StrictAllComponents - type: string tlsSecurityProfile: description: |- tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. @@ -355,11 +319,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -372,13 +339,13 @@ spec: When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve. + libraries they use. If specified, the list must contain at least one curve and each curve must be unique. - For example, to use X25519 and SecP256r1 (yaml): + For example, to use X25519 and secp256r1 (yaml): curves: - X25519 - - SecP256r1 + - secp256r1 items: description: |- TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. @@ -387,9 +354,9 @@ spec: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 enum: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 type: string maxItems: 5 @@ -417,7 +384,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -431,8 +398,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -440,7 +405,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -455,7 +420,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -469,23 +434,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -496,9 +453,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -511,9 +469,6 @@ spec: type: string type: object type: object - x-kubernetes-validations: - - message: tlsAdherence may not be removed once set - rule: 'has(oldSelf.tlsAdherence) ? has(self.tlsAdherence) : true' status: description: status holds observed values from the cluster. They may not be overridden. diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-OKD.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-OKD.crd.yaml index 1b4e173f19c..653497138c1 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-OKD.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-OKD.crd.yaml @@ -250,11 +250,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -280,7 +283,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -294,8 +297,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -303,7 +304,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -318,7 +319,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -332,23 +333,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -359,9 +352,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml index d0ef4fc5ae4..4e977b3bac8 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml @@ -224,42 +224,6 @@ spec: type: array x-kubernetes-list-type: atomic type: object - tlsAdherence: - description: |- - tlsAdherence controls if components in the cluster adhere to the TLS security profile - configured on this APIServer resource. - - Valid values are "LegacyAdheringComponentsOnly" and "StrictAllComponents". - - When set to "LegacyAdheringComponentsOnly", components that already honor the - cluster-wide TLS profile continue to do so. Components that do not already honor - it continue to use their individual TLS configurations. - - When set to "StrictAllComponents", all components must honor the configured TLS - profile unless they have a component-specific TLS configuration that overrides - it. This mode is recommended for security-conscious deployments and is required - for certain compliance frameworks. - - Note: Some components such as Kubelet and IngressController have their own - dedicated TLS configuration mechanisms via KubeletConfig and IngressController - CRs respectively. When these component-specific TLS configurations are set, - they take precedence over the cluster-wide tlsSecurityProfile. When not set, - these components fall back to the cluster-wide default. - - Components that encounter an unknown value for tlsAdherence should treat it - as "StrictAllComponents" and log a warning to ensure forward compatibility - while defaulting to the more secure behavior. - - This field is optional. - When omitted, this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject to change over time. - The current default is LegacyAdheringComponentsOnly. - - Once set, this field may be changed to a different value, but may not be removed. - enum: - - LegacyAdheringComponentsOnly - - StrictAllComponents - type: string tlsSecurityProfile: description: |- tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. @@ -287,11 +251,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -304,13 +271,13 @@ spec: When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve. + libraries they use. If specified, the list must contain at least one curve and each curve must be unique. - For example, to use X25519 and SecP256r1 (yaml): + For example, to use X25519 and secp256r1 (yaml): curves: - X25519 - - SecP256r1 + - secp256r1 items: description: |- TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. @@ -319,9 +286,9 @@ spec: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 enum: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 type: string maxItems: 5 @@ -349,7 +316,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -363,8 +330,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -372,7 +337,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -387,7 +352,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -401,23 +366,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -428,9 +385,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -443,9 +401,6 @@ spec: type: string type: object type: object - x-kubernetes-validations: - - message: tlsAdherence may not be removed once set - rule: 'has(oldSelf.tlsAdherence) ? has(self.tlsAdherence) : true' status: description: status holds observed values from the cluster. They may not be overridden. diff --git a/payload-manifests/crds/0000_10_config-operator_01_dnses-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_dnses-DevPreviewNoUpgrade.crd.yaml index f2d9157713a..282c6b30021 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_dnses-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_dnses-DevPreviewNoUpgrade.crd.yaml @@ -81,7 +81,7 @@ spec: x-kubernetes-validations: - message: 'privateZoneIAMRole must be a valid AWS IAM role ARN in the format: arn::iam:::role/' - rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role/.*$') + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role/.*$') type: object type: description: |- diff --git a/payload-manifests/crds/0000_10_config-operator_01_dnses-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_dnses-TechPreviewNoUpgrade.crd.yaml index ce4e9b77f01..e7b1af06326 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_dnses-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_dnses-TechPreviewNoUpgrade.crd.yaml @@ -81,7 +81,7 @@ spec: x-kubernetes-validations: - message: 'privateZoneIAMRole must be a valid AWS IAM role ARN in the format: arn::iam:::role/' - rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role/.*$') + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role/.*$') type: object type: description: |- diff --git a/payload-manifests/crds/0000_10_config-operator_01_infrastructures-Default.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_infrastructures-Default.crd.yaml index cc7fe5e2a2e..9c9cfb6fe37 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_infrastructures-Default.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_infrastructures-Default.crd.yaml @@ -828,17 +828,6 @@ spec: - topology - zone type: object - x-kubernetes-validations: - - message: when zoneAffinity type is HostGroup, regionAffinity - type must be ComputeCluster - rule: 'has(self.zoneAffinity) && self.zoneAffinity.type - == ''HostGroup'' ? has(self.regionAffinity) && self.regionAffinity.type - == ''ComputeCluster'' : true' - - message: when zoneAffinity type is ComputeCluster, regionAffinity - type must be Datacenter - rule: 'has(self.zoneAffinity) && self.zoneAffinity.type - == ''ComputeCluster'' ? has(self.regionAffinity) && - self.regionAffinity.type == ''Datacenter'' : true' type: array x-kubernetes-list-map-keys: - name diff --git a/payload-manifests/crds/0000_10_config-operator_01_infrastructures-OKD.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_infrastructures-OKD.crd.yaml index 5a105a3c9b0..029cbc3f16b 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_infrastructures-OKD.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_infrastructures-OKD.crd.yaml @@ -828,17 +828,6 @@ spec: - topology - zone type: object - x-kubernetes-validations: - - message: when zoneAffinity type is HostGroup, regionAffinity - type must be ComputeCluster - rule: 'has(self.zoneAffinity) && self.zoneAffinity.type - == ''HostGroup'' ? has(self.regionAffinity) && self.regionAffinity.type - == ''ComputeCluster'' : true' - - message: when zoneAffinity type is ComputeCluster, regionAffinity - type must be Datacenter - rule: 'has(self.zoneAffinity) && self.zoneAffinity.type - == ''ComputeCluster'' ? has(self.regionAffinity) && - self.regionAffinity.type == ''Datacenter'' : true' type: array x-kubernetes-list-map-keys: - name diff --git a/payload-manifests/crds/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml index a03dd7d88db..cba799b53d1 100644 --- a/payload-manifests/crds/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml @@ -135,7 +135,7 @@ spec: x-kubernetes-validations: - message: 'kmsKeyARN must be a valid AWS KMS key ARN in the format: arn::kms:::(key|alias)/' - rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f|aws-eusc):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.*$') + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.*$') type: object azure: description: azure is used to configure the Azure CSI driver. diff --git a/payload-manifests/crds/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml index 3dc68028e00..b81cb645a36 100644 --- a/payload-manifests/crds/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml @@ -135,7 +135,7 @@ spec: x-kubernetes-validations: - message: 'kmsKeyARN must be a valid AWS KMS key ARN in the format: arn::kms:::(key|alias)/' - rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f|aws-eusc):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.*$') + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.*$') type: object azure: description: azure is used to configure the Azure CSI driver. diff --git a/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml index 8d918545b29..7402413ec5c 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml @@ -53,137 +53,6 @@ spec: description: containerRuntimeConfig defines the tuneables of the container runtime. properties: - additionalArtifactStores: - description: |- - additionalArtifactStores configures additional read-only artifact storage locations for Open Container Initiative (OCI) artifacts. - - Artifacts are checked in order: additional stores first, then the default location (/var/lib/containers/storage/artifacts). - Stores are read-only. - Maximum of 10 stores allowed. - Each path must be unique. - - When omitted, only the default artifact location is used. - When specified, at least one store must be provided. - items: - description: AdditionalArtifactStore defines an additional read-only - storage location for Open Container Initiative (OCI) artifacts. - properties: - path: - description: |- - path specifies the absolute location of the additional artifact store. - The path must exist on the node before configuration is applied. - When an artifact is requested, artifacts found at this location will be used instead of - retrieving from the registry. - The path is required and must be between 1 and 256 characters long, begin with a forward slash, - and only contain the characters a-z, A-Z, 0-9, '/', '.', '_', and '-'. - Consecutive forward slashes are not permitted. - maxLength: 256 - minLength: 1 - type: string - x-kubernetes-validations: - - message: path must be absolute and contain only alphanumeric - characters, '/', '.', '_', and '-' - rule: self.matches('^/[a-zA-Z0-9/._-]+$') - - message: path must not contain consecutive forward slashes - rule: '!self.contains(''//'')' - required: - - path - type: object - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - x-kubernetes-validations: - - message: additionalArtifactStores must not contain duplicate - paths - rule: self.all(x, self.exists_one(y, x.path == y.path)) - additionalImageStores: - description: |- - additionalImageStores configures additional read-only container image store locations for Open Container Initiative (OCI) images. - - Images are checked in order: additional stores first, then the default location. - Stores are read-only. - Maximum of 10 stores allowed. - Each path must be unique. - - When omitted, only the default image location is used. - When specified, at least one store must be provided. - items: - description: AdditionalImageStore defines an additional read-only - storage location for Open Container Initiative (OCI) images. - properties: - path: - description: |- - path specifies the absolute location of the additional image store. - The path must exist on the node before configuration is applied. - When a container image is requested, images found at this location will be used instead of - retrieving from the registry. - The path is required and must be between 1 and 256 characters long, begin with a forward slash, - and only contain the characters a-z, A-Z, 0-9, '/', '.', '_', and '-'. - Consecutive forward slashes are not permitted. - maxLength: 256 - minLength: 1 - type: string - x-kubernetes-validations: - - message: path must be absolute and contain only alphanumeric - characters, '/', '.', '_', and '-' - rule: self.matches('^/[a-zA-Z0-9/._-]+$') - - message: path must not contain consecutive forward slashes - rule: '!self.contains(''//'')' - required: - - path - type: object - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - x-kubernetes-validations: - - message: additionalImageStores must not contain duplicate paths - rule: self.all(x, self.exists_one(y, x.path == y.path)) - additionalLayerStores: - description: |- - additionalLayerStores configures additional read-only container image layer store locations for Open Container Initiative (OCI) images. - - Layers are checked in order: additional stores first, then the default location. - Stores are read-only. - Maximum of 5 stores allowed. - Each path must be unique. - - When omitted, only the default layer location is used. - When specified, at least one store must be provided. - items: - description: AdditionalLayerStore defines a read-only storage - location for Open Container Initiative (OCI) container image - layers. - properties: - path: - description: |- - path specifies the absolute location of the additional layer store. - The path must exist on the node before configuration is applied. - When a container image is requested, layers found at this location will be used instead of - retrieving from the registry. - The path is required and must be between 1 and 256 characters long, begin with a forward slash, - and only contain the characters a-z, A-Z, 0-9, '/', '.', '_', and '-'. - Consecutive forward slashes are not permitted. - maxLength: 256 - minLength: 1 - type: string - x-kubernetes-validations: - - message: path must be absolute and contain only alphanumeric - characters, '/', '.', '_', and '-' - rule: self.matches('^/[a-zA-Z0-9/._-]+$') - - message: path must not contain consecutive forward slashes - rule: '!self.contains(''//'')' - required: - - path - type: object - maxItems: 5 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - x-kubernetes-validations: - - message: additionalLayerStores must not contain duplicate paths - rule: self.all(x, self.exists_one(y, x.path == y.path)) defaultRuntime: description: |- defaultRuntime is the name of the OCI runtime to be used as the default for containers. diff --git a/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml index 27a0cb3c173..7b0902f8488 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml @@ -53,137 +53,6 @@ spec: description: containerRuntimeConfig defines the tuneables of the container runtime. properties: - additionalArtifactStores: - description: |- - additionalArtifactStores configures additional read-only artifact storage locations for Open Container Initiative (OCI) artifacts. - - Artifacts are checked in order: additional stores first, then the default location (/var/lib/containers/storage/artifacts). - Stores are read-only. - Maximum of 10 stores allowed. - Each path must be unique. - - When omitted, only the default artifact location is used. - When specified, at least one store must be provided. - items: - description: AdditionalArtifactStore defines an additional read-only - storage location for Open Container Initiative (OCI) artifacts. - properties: - path: - description: |- - path specifies the absolute location of the additional artifact store. - The path must exist on the node before configuration is applied. - When an artifact is requested, artifacts found at this location will be used instead of - retrieving from the registry. - The path is required and must be between 1 and 256 characters long, begin with a forward slash, - and only contain the characters a-z, A-Z, 0-9, '/', '.', '_', and '-'. - Consecutive forward slashes are not permitted. - maxLength: 256 - minLength: 1 - type: string - x-kubernetes-validations: - - message: path must be absolute and contain only alphanumeric - characters, '/', '.', '_', and '-' - rule: self.matches('^/[a-zA-Z0-9/._-]+$') - - message: path must not contain consecutive forward slashes - rule: '!self.contains(''//'')' - required: - - path - type: object - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - x-kubernetes-validations: - - message: additionalArtifactStores must not contain duplicate - paths - rule: self.all(x, self.exists_one(y, x.path == y.path)) - additionalImageStores: - description: |- - additionalImageStores configures additional read-only container image store locations for Open Container Initiative (OCI) images. - - Images are checked in order: additional stores first, then the default location. - Stores are read-only. - Maximum of 10 stores allowed. - Each path must be unique. - - When omitted, only the default image location is used. - When specified, at least one store must be provided. - items: - description: AdditionalImageStore defines an additional read-only - storage location for Open Container Initiative (OCI) images. - properties: - path: - description: |- - path specifies the absolute location of the additional image store. - The path must exist on the node before configuration is applied. - When a container image is requested, images found at this location will be used instead of - retrieving from the registry. - The path is required and must be between 1 and 256 characters long, begin with a forward slash, - and only contain the characters a-z, A-Z, 0-9, '/', '.', '_', and '-'. - Consecutive forward slashes are not permitted. - maxLength: 256 - minLength: 1 - type: string - x-kubernetes-validations: - - message: path must be absolute and contain only alphanumeric - characters, '/', '.', '_', and '-' - rule: self.matches('^/[a-zA-Z0-9/._-]+$') - - message: path must not contain consecutive forward slashes - rule: '!self.contains(''//'')' - required: - - path - type: object - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - x-kubernetes-validations: - - message: additionalImageStores must not contain duplicate paths - rule: self.all(x, self.exists_one(y, x.path == y.path)) - additionalLayerStores: - description: |- - additionalLayerStores configures additional read-only container image layer store locations for Open Container Initiative (OCI) images. - - Layers are checked in order: additional stores first, then the default location. - Stores are read-only. - Maximum of 5 stores allowed. - Each path must be unique. - - When omitted, only the default layer location is used. - When specified, at least one store must be provided. - items: - description: AdditionalLayerStore defines a read-only storage - location for Open Container Initiative (OCI) container image - layers. - properties: - path: - description: |- - path specifies the absolute location of the additional layer store. - The path must exist on the node before configuration is applied. - When a container image is requested, layers found at this location will be used instead of - retrieving from the registry. - The path is required and must be between 1 and 256 characters long, begin with a forward slash, - and only contain the characters a-z, A-Z, 0-9, '/', '.', '_', and '-'. - Consecutive forward slashes are not permitted. - maxLength: 256 - minLength: 1 - type: string - x-kubernetes-validations: - - message: path must be absolute and contain only alphanumeric - characters, '/', '.', '_', and '-' - rule: self.matches('^/[a-zA-Z0-9/._-]+$') - - message: path must not contain consecutive forward slashes - rule: '!self.contains(''//'')' - required: - - path - type: object - maxItems: 5 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - x-kubernetes-validations: - - message: additionalLayerStores must not contain duplicate paths - rule: self.all(x, self.exists_one(y, x.path == y.path)) defaultRuntime: description: |- defaultRuntime is the name of the OCI runtime to be used as the default for containers. diff --git a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml index d6ebfd67ce5..2b285e0e9c4 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml @@ -1119,19 +1119,6 @@ spec: - topology - zone type: object - x-kubernetes-validations: - - message: when zoneAffinity type is HostGroup, - regionAffinity type must be ComputeCluster - rule: 'has(self.zoneAffinity) && self.zoneAffinity.type - == ''HostGroup'' ? has(self.regionAffinity) - && self.regionAffinity.type == ''ComputeCluster'' - : true' - - message: when zoneAffinity type is ComputeCluster, - regionAffinity type must be Datacenter - rule: 'has(self.zoneAffinity) && self.zoneAffinity.type - == ''ComputeCluster'' ? has(self.regionAffinity) - && self.regionAffinity.type == ''Datacenter'' - : true' type: array x-kubernetes-list-map-keys: - name diff --git a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml index 0ae7a36d13f..76b336e4077 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml @@ -137,7 +137,7 @@ spec: x-kubernetes-validations: - message: 'privateZoneIAMRole must be a valid AWS IAM role ARN in the format: arn::iam:::role/' - rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role/.*$') + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role/.*$') type: object type: description: |- diff --git a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml index 512510c2092..a30c0002fe5 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml @@ -1119,19 +1119,6 @@ spec: - topology - zone type: object - x-kubernetes-validations: - - message: when zoneAffinity type is HostGroup, - regionAffinity type must be ComputeCluster - rule: 'has(self.zoneAffinity) && self.zoneAffinity.type - == ''HostGroup'' ? has(self.regionAffinity) - && self.regionAffinity.type == ''ComputeCluster'' - : true' - - message: when zoneAffinity type is ComputeCluster, - regionAffinity type must be Datacenter - rule: 'has(self.zoneAffinity) && self.zoneAffinity.type - == ''ComputeCluster'' ? has(self.regionAffinity) - && self.regionAffinity.type == ''Datacenter'' - : true' type: array x-kubernetes-list-map-keys: - name diff --git a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml index 99cb62c6039..603971241b1 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml @@ -137,7 +137,7 @@ spec: x-kubernetes-validations: - message: 'privateZoneIAMRole must be a valid AWS IAM role ARN in the format: arn::iam:::role/' - rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role/.*$') + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role/.*$') type: object type: description: |- diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml index f76d502a787..67dd0d7d9bc 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml @@ -134,11 +134,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -151,13 +154,13 @@ spec: When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve. + libraries they use. If specified, the list must contain at least one curve and each curve must be unique. - For example, to use X25519 and SecP256r1 (yaml): + For example, to use X25519 and secp256r1 (yaml): curves: - X25519 - - SecP256r1 + - secp256r1 items: description: |- TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. @@ -166,9 +169,9 @@ spec: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 enum: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 type: string maxItems: 5 @@ -196,7 +199,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -210,8 +213,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -219,7 +220,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -234,7 +235,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -248,23 +249,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -275,9 +268,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -323,6 +317,7 @@ spec: type: string type: object type: array + x-kubernetes-list-type: atomic observedGeneration: description: observedGeneration represents the generation observed by the controller. diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml index 0efeb5e4878..dc63d4a2864 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml @@ -134,11 +134,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -164,7 +167,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -178,8 +181,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -187,7 +188,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -202,7 +203,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -216,23 +217,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -243,9 +236,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -291,6 +285,7 @@ spec: type: string type: object type: array + x-kubernetes-list-type: atomic observedGeneration: description: observedGeneration represents the generation observed by the controller. diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml index a017bef104c..72555642770 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml @@ -134,11 +134,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -151,13 +154,13 @@ spec: When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve. + libraries they use. If specified, the list must contain at least one curve and each curve must be unique. - For example, to use X25519 and SecP256r1 (yaml): + For example, to use X25519 and secp256r1 (yaml): curves: - X25519 - - SecP256r1 + - secp256r1 items: description: |- TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. @@ -166,9 +169,9 @@ spec: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 enum: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 type: string maxItems: 5 @@ -196,7 +199,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -210,8 +213,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -219,7 +220,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -234,7 +235,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -248,23 +249,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -275,9 +268,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -323,6 +317,7 @@ spec: type: string type: object type: array + x-kubernetes-list-type: atomic observedGeneration: description: observedGeneration represents the generation observed by the controller. diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml index 8bd5df06334..f061015c4f5 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml @@ -149,11 +149,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -179,7 +182,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -193,8 +196,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -202,7 +203,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -217,7 +218,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -231,23 +232,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -258,9 +251,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml index 573ed55ddaa..cd3d4dcf4f7 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml @@ -134,11 +134,14 @@ spec: ciphers: description: |- ciphers is used to specify the cipher algorithms that are negotiated - during the TLS handshake. Operators may remove entries their operands - do not support. For example, to use DES-CBC3-SHA (yaml): + during the TLS handshake. Operators may remove entries that their operands + do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml): ciphers: - - DES-CBC3-SHA + - ECDHE-RSA-AES128-GCM-SHA256 + + TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable + and are always enabled when TLS 1.3 is negotiated. items: type: string type: array @@ -151,13 +154,13 @@ spec: When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve. + libraries they use. If specified, the list must contain at least one curve and each curve must be unique. - For example, to use X25519 and SecP256r1 (yaml): + For example, to use X25519 and secp256r1 (yaml): curves: - X25519 - - SecP256r1 + - secp256r1 items: description: |- TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. @@ -166,9 +169,9 @@ spec: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 enum: - X25519 - - SecP256r1 - - SecP384r1 - - SecP521r1 + - secp256r1 + - secp384r1 + - secp521r1 - X25519MLKEM768 type: string maxItems: 5 @@ -196,7 +199,7 @@ spec: most clients currently in use. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS12 @@ -210,8 +213,6 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 nullable: true type: object modern: @@ -219,7 +220,7 @@ spec: modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 ciphers: @@ -234,7 +235,7 @@ spec: clients or libraries and should be used only as a last resort. The curve list includes by default the following curves: - X25519, SecP256r1, SecP384r1, X25519MLKEM768. + X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS10 @@ -248,23 +249,15 @@ spec: - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - - DHE-RSA-AES128-GCM-SHA256 - - DHE-RSA-AES256-GCM-SHA384 - - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - - ECDHE-ECDSA-AES256-SHA384 - - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA @@ -275,9 +268,10 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are currently based on version 5.0 of the Mozilla Server Side TLS - configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for - forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json + The profiles are based on version 5.7 of the Mozilla Server Side TLS + configuration guidelines. The cipher lists consist of the configuration's + "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. + See: https://ssl-config.mozilla.org/guidelines/5.7.json The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -323,6 +317,7 @@ spec: type: string type: object type: array + x-kubernetes-list-type: atomic observedGeneration: description: observedGeneration represents the generation observed by the controller. diff --git a/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-Default.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-Default.crd.yaml index 58dcee7c304..2e65e97c84d 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-Default.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-Default.crd.yaml @@ -46,98 +46,6 @@ spec: description: spec is the specification of the desired behavior of the Machine Config Operator properties: - bootImageSkewEnforcement: - description: |- - bootImageSkewEnforcement allows an admin to configure how boot image version skew is - enforced on the cluster. - When omitted, this will default to Automatic for clusters that support automatic boot image updates. - For clusters that do not support automatic boot image updates, cluster upgrades will be disabled until - a skew enforcement mode has been specified. - When version skew is being enforced, cluster upgrades will be disabled until the version skew is deemed - acceptable for the current release payload. - properties: - manual: - description: |- - manual describes the current boot image of the cluster. - This should be set to the oldest boot image used amongst all machine resources in the cluster. - This must include either the RHCOS version of the boot image or the OCP release version which shipped with that - RHCOS boot image. - Required when mode is set to "Manual" and forbidden otherwise. - properties: - mode: - description: |- - mode is used to configure which boot image field is defined in Manual mode. - Valid values are OCPVersion and RHCOSVersion. - OCPVersion means that the cluster admin is expected to set the OCP version associated with the last boot image update - in the OCPVersion field. - RHCOSVersion means that the cluster admin is expected to set the RHCOS version associated with the last boot image update - in the RHCOSVersion field. - This field is required. - enum: - - OCPVersion - - RHCOSVersion - type: string - ocpVersion: - description: |- - ocpVersion provides a string which represents the OCP version of the boot image. - This field must match the OCP semver compatible format of x.y.z. This field must be between - 5 and 10 characters long. - Required when mode is set to "OCPVersion" and forbidden otherwise. - maxLength: 10 - minLength: 5 - type: string - x-kubernetes-validations: - - message: ocpVersion must match the OCP semver compatible - format of x.y.z - rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') - rhcosVersion: - description: |- - rhcosVersion provides a string which represents the RHCOS version of the boot image - This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy - format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between - 14 and 21 characters long. - Required when mode is set to "RHCOSVersion" and forbidden otherwise. - maxLength: 21 - minLength: 14 - type: string - x-kubernetes-validations: - - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] - or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] - rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') - required: - - mode - type: object - x-kubernetes-validations: - - message: ocpVersion is required when mode is OCPVersion, and - forbidden otherwise - rule: 'has(self.mode) && (self.mode ==''OCPVersion'') ? has(self.ocpVersion) - : !has(self.ocpVersion)' - - message: rhcosVersion is required when mode is RHCOSVersion, - and forbidden otherwise - rule: 'has(self.mode) && (self.mode ==''RHCOSVersion'') ? has(self.rhcosVersion) - : !has(self.rhcosVersion)' - mode: - description: |- - mode determines the underlying behavior of skew enforcement mechanism. - Valid values are Manual and None. - Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP - & RHCOS version associated with the last boot image update in the manual field. - In Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the - skew limit described by the release image. - None means that the MCO will no longer monitor the boot image skew. This may affect - the cluster's ability to scale. - This field is required. - enum: - - Manual - - None - type: string - required: - - mode - type: object - x-kubernetes-validations: - - message: manual is required when mode is Manual, and forbidden otherwise - rule: 'has(self.mode) && (self.mode ==''Manual'') ? has(self.manual) - : !has(self.manual)' failedRevisionLimit: description: |- failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api @@ -749,140 +657,6 @@ spec: description: status is the most recently observed status of the Machine Config Operator properties: - bootImageSkewEnforcementStatus: - description: |- - bootImageSkewEnforcementStatus reflects what the latest cluster-validated boot image skew enforcement - configuration is and will be used by Machine Config Controller while performing boot image skew enforcement. - When omitted, the MCO has no knowledge of how to enforce boot image skew. When the MCO does not know how - boot image skew should be enforced, cluster upgrades will be blocked until it can either automatically - determine skew enforcement or there is an explicit skew enforcement configuration provided in the - spec.bootImageSkewEnforcement field. - properties: - automatic: - description: |- - automatic describes the current boot image of the cluster. - This will be populated by the MCO when performing boot image updates. This value will be compared against - the cluster's skew limit to determine skew compliance. - Required when mode is set to "Automatic" and forbidden otherwise. - minProperties: 1 - properties: - ocpVersion: - description: |- - ocpVersion provides a string which represents the OCP version of the boot image. - This field must match the OCP semver compatible format of x.y.z. This field must be between - 5 and 10 characters long. - maxLength: 10 - minLength: 5 - type: string - x-kubernetes-validations: - - message: ocpVersion must match the OCP semver compatible - format of x.y.z - rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') - rhcosVersion: - description: |- - rhcosVersion provides a string which represents the RHCOS version of the boot image - This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy - format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between - 14 and 21 characters long. - maxLength: 21 - minLength: 14 - type: string - x-kubernetes-validations: - - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] - or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] - rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') - type: object - x-kubernetes-validations: - - message: at least one of ocpVersion or rhcosVersion is required - rule: has(self.ocpVersion) || has(self.rhcosVersion) - manual: - description: |- - manual describes the current boot image of the cluster. - This will be populated by the MCO using the values provided in the spec.bootImageSkewEnforcement.manual field. - This value will be compared against the cluster's skew limit to determine skew compliance. - Required when mode is set to "Manual" and forbidden otherwise. - properties: - mode: - description: |- - mode is used to configure which boot image field is defined in Manual mode. - Valid values are OCPVersion and RHCOSVersion. - OCPVersion means that the cluster admin is expected to set the OCP version associated with the last boot image update - in the OCPVersion field. - RHCOSVersion means that the cluster admin is expected to set the RHCOS version associated with the last boot image update - in the RHCOSVersion field. - This field is required. - enum: - - OCPVersion - - RHCOSVersion - type: string - ocpVersion: - description: |- - ocpVersion provides a string which represents the OCP version of the boot image. - This field must match the OCP semver compatible format of x.y.z. This field must be between - 5 and 10 characters long. - Required when mode is set to "OCPVersion" and forbidden otherwise. - maxLength: 10 - minLength: 5 - type: string - x-kubernetes-validations: - - message: ocpVersion must match the OCP semver compatible - format of x.y.z - rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') - rhcosVersion: - description: |- - rhcosVersion provides a string which represents the RHCOS version of the boot image - This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy - format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between - 14 and 21 characters long. - Required when mode is set to "RHCOSVersion" and forbidden otherwise. - maxLength: 21 - minLength: 14 - type: string - x-kubernetes-validations: - - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] - or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] - rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') - required: - - mode - type: object - x-kubernetes-validations: - - message: ocpVersion is required when mode is OCPVersion, and - forbidden otherwise - rule: 'has(self.mode) && (self.mode ==''OCPVersion'') ? has(self.ocpVersion) - : !has(self.ocpVersion)' - - message: rhcosVersion is required when mode is RHCOSVersion, - and forbidden otherwise - rule: 'has(self.mode) && (self.mode ==''RHCOSVersion'') ? has(self.rhcosVersion) - : !has(self.rhcosVersion)' - mode: - description: |- - mode determines the underlying behavior of skew enforcement mechanism. - Valid values are Automatic, Manual and None. - Automatic means that the MCO will perform boot image updates and store the - OCP & RHCOS version associated with the last boot image update in the automatic field. - Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP - & RHCOS version associated with the last boot image update in the manual field. - In Automatic and Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the - skew limit described by the release image. - None means that the MCO will no longer monitor the boot image skew. This may affect - the cluster's ability to scale. - This field is required. - enum: - - Automatic - - Manual - - None - type: string - required: - - mode - type: object - x-kubernetes-validations: - - message: automatic is required when mode is Automatic, and forbidden - otherwise - rule: 'has(self.mode) && (self.mode == ''Automatic'') ? has(self.automatic) - : !has(self.automatic)' - - message: manual is required when mode is Manual, and forbidden otherwise - rule: 'has(self.mode) && (self.mode == ''Manual'') ? has(self.manual) - : !has(self.manual)' conditions: description: conditions is a list of conditions and their status items: @@ -1485,32 +1259,6 @@ spec: required: - spec type: object - x-kubernetes-validations: - - message: when skew enforcement is in Automatic mode, a boot image configuration - is required - rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' - ? self.?spec.managedBootImages.hasValue() || self.?status.managedBootImagesStatus.hasValue() - : true' - - message: when skew enforcement is in Automatic mode, managedBootImages.machineManagers - must not be an empty list - rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' - ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || size(self.spec.managedBootImages.machineManagers) - > 0 : true' - - message: when skew enforcement is in Automatic mode, any MachineAPI MachineSet - MachineManager must use selection mode 'All' - rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' - ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || !self.spec.managedBootImages.machineManagers.exists(m, - m.resource == ''machinesets'' && m.apiGroup == ''machine.openshift.io'') - || self.spec.managedBootImages.machineManagers.exists(m, m.resource == - ''machinesets'' && m.apiGroup == ''machine.openshift.io'' && m.selection.mode - == ''All'') : true' - - message: when skew enforcement is in Automatic mode, managedBootImagesStatus - must contain a MachineManager opting in all MachineAPI MachineSets - rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' - ? !(self.?status.managedBootImagesStatus.machineManagers.hasValue()) || - self.status.managedBootImagesStatus.machineManagers.exists(m, m.selection.mode - == ''All'' && m.resource == ''machinesets'' && m.apiGroup == ''machine.openshift.io''): - true' served: true storage: true subresources: diff --git a/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-OKD.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-OKD.crd.yaml index eaffd23a329..1d160022849 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-OKD.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-OKD.crd.yaml @@ -46,98 +46,6 @@ spec: description: spec is the specification of the desired behavior of the Machine Config Operator properties: - bootImageSkewEnforcement: - description: |- - bootImageSkewEnforcement allows an admin to configure how boot image version skew is - enforced on the cluster. - When omitted, this will default to Automatic for clusters that support automatic boot image updates. - For clusters that do not support automatic boot image updates, cluster upgrades will be disabled until - a skew enforcement mode has been specified. - When version skew is being enforced, cluster upgrades will be disabled until the version skew is deemed - acceptable for the current release payload. - properties: - manual: - description: |- - manual describes the current boot image of the cluster. - This should be set to the oldest boot image used amongst all machine resources in the cluster. - This must include either the RHCOS version of the boot image or the OCP release version which shipped with that - RHCOS boot image. - Required when mode is set to "Manual" and forbidden otherwise. - properties: - mode: - description: |- - mode is used to configure which boot image field is defined in Manual mode. - Valid values are OCPVersion and RHCOSVersion. - OCPVersion means that the cluster admin is expected to set the OCP version associated with the last boot image update - in the OCPVersion field. - RHCOSVersion means that the cluster admin is expected to set the RHCOS version associated with the last boot image update - in the RHCOSVersion field. - This field is required. - enum: - - OCPVersion - - RHCOSVersion - type: string - ocpVersion: - description: |- - ocpVersion provides a string which represents the OCP version of the boot image. - This field must match the OCP semver compatible format of x.y.z. This field must be between - 5 and 10 characters long. - Required when mode is set to "OCPVersion" and forbidden otherwise. - maxLength: 10 - minLength: 5 - type: string - x-kubernetes-validations: - - message: ocpVersion must match the OCP semver compatible - format of x.y.z - rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') - rhcosVersion: - description: |- - rhcosVersion provides a string which represents the RHCOS version of the boot image - This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy - format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between - 14 and 21 characters long. - Required when mode is set to "RHCOSVersion" and forbidden otherwise. - maxLength: 21 - minLength: 14 - type: string - x-kubernetes-validations: - - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] - or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] - rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') - required: - - mode - type: object - x-kubernetes-validations: - - message: ocpVersion is required when mode is OCPVersion, and - forbidden otherwise - rule: 'has(self.mode) && (self.mode ==''OCPVersion'') ? has(self.ocpVersion) - : !has(self.ocpVersion)' - - message: rhcosVersion is required when mode is RHCOSVersion, - and forbidden otherwise - rule: 'has(self.mode) && (self.mode ==''RHCOSVersion'') ? has(self.rhcosVersion) - : !has(self.rhcosVersion)' - mode: - description: |- - mode determines the underlying behavior of skew enforcement mechanism. - Valid values are Manual and None. - Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP - & RHCOS version associated with the last boot image update in the manual field. - In Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the - skew limit described by the release image. - None means that the MCO will no longer monitor the boot image skew. This may affect - the cluster's ability to scale. - This field is required. - enum: - - Manual - - None - type: string - required: - - mode - type: object - x-kubernetes-validations: - - message: manual is required when mode is Manual, and forbidden otherwise - rule: 'has(self.mode) && (self.mode ==''Manual'') ? has(self.manual) - : !has(self.manual)' failedRevisionLimit: description: |- failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api @@ -749,140 +657,6 @@ spec: description: status is the most recently observed status of the Machine Config Operator properties: - bootImageSkewEnforcementStatus: - description: |- - bootImageSkewEnforcementStatus reflects what the latest cluster-validated boot image skew enforcement - configuration is and will be used by Machine Config Controller while performing boot image skew enforcement. - When omitted, the MCO has no knowledge of how to enforce boot image skew. When the MCO does not know how - boot image skew should be enforced, cluster upgrades will be blocked until it can either automatically - determine skew enforcement or there is an explicit skew enforcement configuration provided in the - spec.bootImageSkewEnforcement field. - properties: - automatic: - description: |- - automatic describes the current boot image of the cluster. - This will be populated by the MCO when performing boot image updates. This value will be compared against - the cluster's skew limit to determine skew compliance. - Required when mode is set to "Automatic" and forbidden otherwise. - minProperties: 1 - properties: - ocpVersion: - description: |- - ocpVersion provides a string which represents the OCP version of the boot image. - This field must match the OCP semver compatible format of x.y.z. This field must be between - 5 and 10 characters long. - maxLength: 10 - minLength: 5 - type: string - x-kubernetes-validations: - - message: ocpVersion must match the OCP semver compatible - format of x.y.z - rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') - rhcosVersion: - description: |- - rhcosVersion provides a string which represents the RHCOS version of the boot image - This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy - format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between - 14 and 21 characters long. - maxLength: 21 - minLength: 14 - type: string - x-kubernetes-validations: - - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] - or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] - rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') - type: object - x-kubernetes-validations: - - message: at least one of ocpVersion or rhcosVersion is required - rule: has(self.ocpVersion) || has(self.rhcosVersion) - manual: - description: |- - manual describes the current boot image of the cluster. - This will be populated by the MCO using the values provided in the spec.bootImageSkewEnforcement.manual field. - This value will be compared against the cluster's skew limit to determine skew compliance. - Required when mode is set to "Manual" and forbidden otherwise. - properties: - mode: - description: |- - mode is used to configure which boot image field is defined in Manual mode. - Valid values are OCPVersion and RHCOSVersion. - OCPVersion means that the cluster admin is expected to set the OCP version associated with the last boot image update - in the OCPVersion field. - RHCOSVersion means that the cluster admin is expected to set the RHCOS version associated with the last boot image update - in the RHCOSVersion field. - This field is required. - enum: - - OCPVersion - - RHCOSVersion - type: string - ocpVersion: - description: |- - ocpVersion provides a string which represents the OCP version of the boot image. - This field must match the OCP semver compatible format of x.y.z. This field must be between - 5 and 10 characters long. - Required when mode is set to "OCPVersion" and forbidden otherwise. - maxLength: 10 - minLength: 5 - type: string - x-kubernetes-validations: - - message: ocpVersion must match the OCP semver compatible - format of x.y.z - rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') - rhcosVersion: - description: |- - rhcosVersion provides a string which represents the RHCOS version of the boot image - This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy - format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between - 14 and 21 characters long. - Required when mode is set to "RHCOSVersion" and forbidden otherwise. - maxLength: 21 - minLength: 14 - type: string - x-kubernetes-validations: - - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] - or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] - rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') - required: - - mode - type: object - x-kubernetes-validations: - - message: ocpVersion is required when mode is OCPVersion, and - forbidden otherwise - rule: 'has(self.mode) && (self.mode ==''OCPVersion'') ? has(self.ocpVersion) - : !has(self.ocpVersion)' - - message: rhcosVersion is required when mode is RHCOSVersion, - and forbidden otherwise - rule: 'has(self.mode) && (self.mode ==''RHCOSVersion'') ? has(self.rhcosVersion) - : !has(self.rhcosVersion)' - mode: - description: |- - mode determines the underlying behavior of skew enforcement mechanism. - Valid values are Automatic, Manual and None. - Automatic means that the MCO will perform boot image updates and store the - OCP & RHCOS version associated with the last boot image update in the automatic field. - Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP - & RHCOS version associated with the last boot image update in the manual field. - In Automatic and Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the - skew limit described by the release image. - None means that the MCO will no longer monitor the boot image skew. This may affect - the cluster's ability to scale. - This field is required. - enum: - - Automatic - - Manual - - None - type: string - required: - - mode - type: object - x-kubernetes-validations: - - message: automatic is required when mode is Automatic, and forbidden - otherwise - rule: 'has(self.mode) && (self.mode == ''Automatic'') ? has(self.automatic) - : !has(self.automatic)' - - message: manual is required when mode is Manual, and forbidden otherwise - rule: 'has(self.mode) && (self.mode == ''Manual'') ? has(self.manual) - : !has(self.manual)' conditions: description: conditions is a list of conditions and their status items: @@ -1485,32 +1259,6 @@ spec: required: - spec type: object - x-kubernetes-validations: - - message: when skew enforcement is in Automatic mode, a boot image configuration - is required - rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' - ? self.?spec.managedBootImages.hasValue() || self.?status.managedBootImagesStatus.hasValue() - : true' - - message: when skew enforcement is in Automatic mode, managedBootImages.machineManagers - must not be an empty list - rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' - ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || size(self.spec.managedBootImages.machineManagers) - > 0 : true' - - message: when skew enforcement is in Automatic mode, any MachineAPI MachineSet - MachineManager must use selection mode 'All' - rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' - ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || !self.spec.managedBootImages.machineManagers.exists(m, - m.resource == ''machinesets'' && m.apiGroup == ''machine.openshift.io'') - || self.spec.managedBootImages.machineManagers.exists(m, m.resource == - ''machinesets'' && m.apiGroup == ''machine.openshift.io'' && m.selection.mode - == ''All'') : true' - - message: when skew enforcement is in Automatic mode, managedBootImagesStatus - must contain a MachineManager opting in all MachineAPI MachineSets - rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' - ? !(self.?status.managedBootImagesStatus.machineManagers.hasValue()) || - self.status.managedBootImagesStatus.machineManagers.exists(m, m.selection.mode - == ''All'' && m.resource == ''machinesets'' && m.apiGroup == ''machine.openshift.io''): - true' served: true storage: true subresources: diff --git a/payload-manifests/featuregates/featureGate-4-10-Hypershift-Default.yaml b/payload-manifests/featuregates/featureGate-4-10-Hypershift-Default.yaml index 761e90a6d4a..e6c281d85dd 100644 --- a/payload-manifests/featuregates/featureGate-4-10-Hypershift-Default.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-Hypershift-Default.yaml @@ -26,9 +26,15 @@ { "name": "AWSDualStackInstall" }, + { + "name": "AWSEuropeanSovereignCloudInstall" + }, { "name": "AWSServiceLBNetworkSecurityGroup" }, + { + "name": "AdditionalStorageConfig" + }, { "name": "AutomatedEtcdBackup" }, @@ -41,9 +47,6 @@ { "name": "AzureMultiDisk" }, - { - "name": "BootImageSkewEnforcement" - }, { "name": "BootcNodeManagement" }, @@ -104,6 +107,9 @@ { "name": "ClusterUpdateAcceptRisks" }, + { + "name": "ClusterUpdatePreflight" + }, { "name": "ClusterVersionOperatorConfiguration" }, @@ -143,6 +149,9 @@ { "name": "Example2" }, + { + "name": "ExternalOIDCExternalClaimsSourcing" + }, { "name": "ExternalOIDCWithUpstreamParity" }, @@ -188,6 +197,9 @@ { "name": "MachineAPIMigrationOpenStack" }, + { + "name": "MachineAPIMigrationVSphere" + }, { "name": "MachineAPIOperatorDisableMachineHealthCheckController" }, @@ -221,6 +233,9 @@ { "name": "NewOLMCatalogdAPIV1Metas" }, + { + "name": "NewOLMConfigAPI" + }, { "name": "NewOLMOwnSingleNamespace" }, @@ -230,6 +245,9 @@ { "name": "NewOLMWebhookProviderOpenshiftServiceCA" }, + { + "name": "NoOverlayMode" + }, { "name": "NoRegistryClusterInstall" }, @@ -258,13 +276,13 @@ "name": "SignatureStores" }, { - "name": "TLSCurvePreferences" + "name": "TLSAdherence" }, { - "name": "VSphereConfigurableMaxAllowedBlockVolumesPerNode" + "name": "TLSCurvePreferences" }, { - "name": "VSphereHostVMGroupZonal" + "name": "VSphereConfigurableMaxAllowedBlockVolumesPerNode" }, { "name": "VSphereMixedNodeEnv" @@ -283,6 +301,9 @@ { "name": "AzureWorkloadIdentity" }, + { + "name": "BootImageSkewEnforcement" + }, { "name": "BuildCSIVolumes" }, @@ -298,24 +319,12 @@ { "name": "GCPClusterHostedDNSInstall" }, - { - "name": "GatewayAPI" - }, - { - "name": "GatewayAPIController" - }, - { - "name": "HighlyAvailableArbiter" - }, { "name": "HyperShiftOnlyDynamicResourceAllocation" }, { "name": "ImageStreamImportMode" }, - { - "name": "ImageVolume" - }, { "name": "InsightsConfig" }, @@ -325,24 +334,9 @@ { "name": "KMSv1" }, - { - "name": "MachineConfigNodes" - }, - { - "name": "ManagedBootImages" - }, - { - "name": "ManagedBootImagesAWS" - }, - { - "name": "ManagedBootImagesAzure" - }, { "name": "ManagedBootImagesCPMS" }, - { - "name": "ManagedBootImagesvSphere" - }, { "name": "MetricsCollectionProfiles" }, @@ -352,9 +346,6 @@ { "name": "OpenShiftPodSecurityAdmission" }, - { - "name": "PinnedImages" - }, { "name": "RouteExternalCertificate" }, @@ -379,6 +370,9 @@ { "name": "UserNamespacesSupport" }, + { + "name": "VSphereHostVMGroupZonal" + }, { "name": "VSphereMultiDisk" }, diff --git a/payload-manifests/featuregates/featureGate-4-10-Hypershift-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-4-10-Hypershift-DevPreviewNoUpgrade.yaml index 984df4ba410..124301fa466 100644 --- a/payload-manifests/featuregates/featureGate-4-10-Hypershift-DevPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-Hypershift-DevPreviewNoUpgrade.yaml @@ -40,6 +40,9 @@ { "name": "NewOLMCatalogdAPIV1Metas" }, + { + "name": "NewOLMConfigAPI" + }, { "name": "NewOLMOwnSingleNamespace" }, @@ -69,9 +72,15 @@ { "name": "AWSDualStackInstall" }, + { + "name": "AWSEuropeanSovereignCloudInstall" + }, { "name": "AWSServiceLBNetworkSecurityGroup" }, + { + "name": "AdditionalStorageConfig" + }, { "name": "AutomatedEtcdBackup" }, @@ -150,6 +159,9 @@ { "name": "ClusterUpdateAcceptRisks" }, + { + "name": "ClusterUpdatePreflight" + }, { "name": "ClusterVersionOperatorConfiguration" }, @@ -192,6 +204,9 @@ { "name": "ExternalOIDC" }, + { + "name": "ExternalOIDCExternalClaimsSourcing" + }, { "name": "ExternalOIDCWithUIDAndExtraClaimMappings" }, @@ -216,18 +231,9 @@ { "name": "GCPDualStackInstall" }, - { - "name": "GatewayAPI" - }, - { - "name": "GatewayAPIController" - }, { "name": "GatewayAPIWithoutOLM" }, - { - "name": "HighlyAvailableArbiter" - }, { "name": "HyperShiftOnlyDynamicResourceAllocation" }, @@ -237,9 +243,6 @@ { "name": "ImageStreamImportMode" }, - { - "name": "ImageVolume" - }, { "name": "IngressControllerDynamicConfigurationManager" }, @@ -271,23 +274,11 @@ "name": "MachineAPIMigrationOpenStack" }, { - "name": "MachineConfigNodes" - }, - { - "name": "ManagedBootImages" - }, - { - "name": "ManagedBootImagesAWS" - }, - { - "name": "ManagedBootImagesAzure" + "name": "MachineAPIMigrationVSphere" }, { "name": "ManagedBootImagesCPMS" }, - { - "name": "ManagedBootImagesvSphere" - }, { "name": "MaxUnavailableStatefulSet" }, @@ -312,6 +303,9 @@ { "name": "NetworkConnect" }, + { + "name": "NoOverlayMode" + }, { "name": "NutanixMultiSubnets" }, @@ -327,9 +321,6 @@ { "name": "OpenShiftPodSecurityAdmission" }, - { - "name": "PinnedImages" - }, { "name": "ProvisioningRequestAvailable" }, @@ -354,6 +345,9 @@ { "name": "StoragePerformantSecurityPolicy" }, + { + "name": "TLSAdherence" + }, { "name": "TLSCurvePreferences" }, diff --git a/payload-manifests/featuregates/featureGate-4-10-Hypershift-OKD.yaml b/payload-manifests/featuregates/featureGate-4-10-Hypershift-OKD.yaml index 2c2d2f2d490..ee73bc206ba 100644 --- a/payload-manifests/featuregates/featureGate-4-10-Hypershift-OKD.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-Hypershift-OKD.yaml @@ -28,9 +28,15 @@ { "name": "AWSDualStackInstall" }, + { + "name": "AWSEuropeanSovereignCloudInstall" + }, { "name": "AWSServiceLBNetworkSecurityGroup" }, + { + "name": "AdditionalStorageConfig" + }, { "name": "AutomatedEtcdBackup" }, @@ -43,9 +49,6 @@ { "name": "AzureMultiDisk" }, - { - "name": "BootImageSkewEnforcement" - }, { "name": "BootcNodeManagement" }, @@ -106,6 +109,9 @@ { "name": "ClusterUpdateAcceptRisks" }, + { + "name": "ClusterUpdatePreflight" + }, { "name": "ClusterVersionOperatorConfiguration" }, @@ -145,6 +151,9 @@ { "name": "Example2" }, + { + "name": "ExternalOIDCExternalClaimsSourcing" + }, { "name": "ExternalOIDCWithUpstreamParity" }, @@ -190,6 +199,9 @@ { "name": "MachineAPIMigrationOpenStack" }, + { + "name": "MachineAPIMigrationVSphere" + }, { "name": "MachineAPIOperatorDisableMachineHealthCheckController" }, @@ -223,6 +235,9 @@ { "name": "NewOLMCatalogdAPIV1Metas" }, + { + "name": "NewOLMConfigAPI" + }, { "name": "NewOLMOwnSingleNamespace" }, @@ -232,6 +247,9 @@ { "name": "NewOLMWebhookProviderOpenshiftServiceCA" }, + { + "name": "NoOverlayMode" + }, { "name": "NoRegistryClusterInstall" }, @@ -260,13 +278,13 @@ "name": "SignatureStores" }, { - "name": "TLSCurvePreferences" + "name": "TLSAdherence" }, { - "name": "VSphereConfigurableMaxAllowedBlockVolumesPerNode" + "name": "TLSCurvePreferences" }, { - "name": "VSphereHostVMGroupZonal" + "name": "VSphereConfigurableMaxAllowedBlockVolumesPerNode" }, { "name": "VSphereMixedNodeEnv" @@ -285,6 +303,9 @@ { "name": "AzureWorkloadIdentity" }, + { + "name": "BootImageSkewEnforcement" + }, { "name": "BuildCSIVolumes" }, @@ -300,24 +321,12 @@ { "name": "GCPClusterHostedDNSInstall" }, - { - "name": "GatewayAPI" - }, - { - "name": "GatewayAPIController" - }, - { - "name": "HighlyAvailableArbiter" - }, { "name": "HyperShiftOnlyDynamicResourceAllocation" }, { "name": "ImageStreamImportMode" }, - { - "name": "ImageVolume" - }, { "name": "InsightsConfig" }, @@ -327,24 +336,9 @@ { "name": "KMSv1" }, - { - "name": "MachineConfigNodes" - }, - { - "name": "ManagedBootImages" - }, - { - "name": "ManagedBootImagesAWS" - }, - { - "name": "ManagedBootImagesAzure" - }, { "name": "ManagedBootImagesCPMS" }, - { - "name": "ManagedBootImagesvSphere" - }, { "name": "MetricsCollectionProfiles" }, @@ -354,9 +348,6 @@ { "name": "OpenShiftPodSecurityAdmission" }, - { - "name": "PinnedImages" - }, { "name": "RouteExternalCertificate" }, @@ -381,6 +372,9 @@ { "name": "UserNamespacesSupport" }, + { + "name": "VSphereHostVMGroupZonal" + }, { "name": "VSphereMultiDisk" }, diff --git a/payload-manifests/featuregates/featureGate-4-10-Hypershift-TechPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-4-10-Hypershift-TechPreviewNoUpgrade.yaml index e58468cafd0..c995ea77982 100644 --- a/payload-manifests/featuregates/featureGate-4-10-Hypershift-TechPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-Hypershift-TechPreviewNoUpgrade.yaml @@ -28,18 +28,27 @@ { "name": "ClusterAPIInstall" }, + { + "name": "ClusterUpdatePreflight" + }, { "name": "EventedPLEG" }, { "name": "Example2" }, + { + "name": "ExternalOIDCExternalClaimsSourcing" + }, { "name": "ExternalSnapshotMetadata" }, { "name": "KMSEncryptionProvider" }, + { + "name": "MachineAPIMigrationVSphere" + }, { "name": "MachineAPIOperatorDisableMachineHealthCheckController" }, @@ -58,6 +67,9 @@ { "name": "NewOLMCatalogdAPIV1Metas" }, + { + "name": "NewOLMConfigAPI" + }, { "name": "NewOLMOwnSingleNamespace" }, @@ -90,9 +102,15 @@ { "name": "AWSDualStackInstall" }, + { + "name": "AWSEuropeanSovereignCloudInstall" + }, { "name": "AWSServiceLBNetworkSecurityGroup" }, + { + "name": "AdditionalStorageConfig" + }, { "name": "AutomatedEtcdBackup" }, @@ -222,18 +240,9 @@ { "name": "GCPDualStackInstall" }, - { - "name": "GatewayAPI" - }, - { - "name": "GatewayAPIController" - }, { "name": "GatewayAPIWithoutOLM" }, - { - "name": "HighlyAvailableArbiter" - }, { "name": "HyperShiftOnlyDynamicResourceAllocation" }, @@ -243,9 +252,6 @@ { "name": "ImageStreamImportMode" }, - { - "name": "ImageVolume" - }, { "name": "IngressControllerDynamicConfigurationManager" }, @@ -273,24 +279,9 @@ { "name": "MachineAPIMigrationOpenStack" }, - { - "name": "MachineConfigNodes" - }, - { - "name": "ManagedBootImages" - }, - { - "name": "ManagedBootImagesAWS" - }, - { - "name": "ManagedBootImagesAzure" - }, { "name": "ManagedBootImagesCPMS" }, - { - "name": "ManagedBootImagesvSphere" - }, { "name": "MaxUnavailableStatefulSet" }, @@ -312,6 +303,9 @@ { "name": "MutatingAdmissionPolicy" }, + { + "name": "NoOverlayMode" + }, { "name": "NutanixMultiSubnets" }, @@ -327,9 +321,6 @@ { "name": "OpenShiftPodSecurityAdmission" }, - { - "name": "PinnedImages" - }, { "name": "RouteExternalCertificate" }, @@ -351,6 +342,9 @@ { "name": "StoragePerformantSecurityPolicy" }, + { + "name": "TLSAdherence" + }, { "name": "TLSCurvePreferences" }, diff --git a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-Default.yaml b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-Default.yaml index 5bcfb966e6f..1e6c316c9dc 100644 --- a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-Default.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-Default.yaml @@ -27,7 +27,10 @@ "name": "AWSDualStackInstall" }, { - "name": "AWSServiceLBNetworkSecurityGroup" + "name": "AWSEuropeanSovereignCloudInstall" + }, + { + "name": "AdditionalStorageConfig" }, { "name": "AutomatedEtcdBackup" @@ -44,9 +47,6 @@ { "name": "AzureMultiDisk" }, - { - "name": "BootImageSkewEnforcement" - }, { "name": "BootcNodeManagement" }, @@ -107,6 +107,9 @@ { "name": "ClusterUpdateAcceptRisks" }, + { + "name": "ClusterUpdatePreflight" + }, { "name": "ClusterVersionOperatorConfiguration" }, @@ -143,6 +146,9 @@ { "name": "Example2" }, + { + "name": "ExternalOIDCExternalClaimsSourcing" + }, { "name": "ExternalOIDCWithUpstreamParity" }, @@ -191,6 +197,9 @@ { "name": "MachineAPIMigrationOpenStack" }, + { + "name": "MachineAPIMigrationVSphere" + }, { "name": "MachineAPIOperatorDisableMachineHealthCheckController" }, @@ -221,9 +230,18 @@ { "name": "NewOLMCatalogdAPIV1Metas" }, + { + "name": "NewOLMConfigAPI" + }, + { + "name": "NewOLMOwnSingleNamespace" + }, { "name": "NewOLMPreflightPermissionChecks" }, + { + "name": "NoOverlayMode" + }, { "name": "NoRegistryClusterInstall" }, @@ -252,13 +270,13 @@ "name": "SignatureStores" }, { - "name": "TLSCurvePreferences" + "name": "TLSAdherence" }, { - "name": "VSphereConfigurableMaxAllowedBlockVolumesPerNode" + "name": "TLSCurvePreferences" }, { - "name": "VSphereHostVMGroupZonal" + "name": "VSphereConfigurableMaxAllowedBlockVolumesPerNode" }, { "name": "VSphereMixedNodeEnv" @@ -268,9 +286,15 @@ } ], "enabled": [ + { + "name": "AWSServiceLBNetworkSecurityGroup" + }, { "name": "AzureWorkloadIdentity" }, + { + "name": "BootImageSkewEnforcement" + }, { "name": "BuildCSIVolumes" }, @@ -286,21 +310,9 @@ { "name": "GCPClusterHostedDNSInstall" }, - { - "name": "GatewayAPI" - }, - { - "name": "GatewayAPIController" - }, - { - "name": "HighlyAvailableArbiter" - }, { "name": "ImageStreamImportMode" }, - { - "name": "ImageVolume" - }, { "name": "InsightsConfig" }, @@ -310,24 +322,9 @@ { "name": "KMSv1" }, - { - "name": "MachineConfigNodes" - }, - { - "name": "ManagedBootImages" - }, - { - "name": "ManagedBootImagesAWS" - }, - { - "name": "ManagedBootImagesAzure" - }, { "name": "ManagedBootImagesCPMS" }, - { - "name": "ManagedBootImagesvSphere" - }, { "name": "MetricsCollectionProfiles" }, @@ -337,18 +334,12 @@ { "name": "NewOLM" }, - { - "name": "NewOLMOwnSingleNamespace" - }, { "name": "NewOLMWebhookProviderOpenshiftServiceCA" }, { "name": "OpenShiftPodSecurityAdmission" }, - { - "name": "PinnedImages" - }, { "name": "RouteExternalCertificate" }, @@ -373,6 +364,9 @@ { "name": "UserNamespacesSupport" }, + { + "name": "VSphereHostVMGroupZonal" + }, { "name": "VSphereMultiDisk" }, diff --git a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-DevPreviewNoUpgrade.yaml index 7bdded5b27d..f5bad134891 100644 --- a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-DevPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-DevPreviewNoUpgrade.yaml @@ -51,9 +51,15 @@ { "name": "AWSDualStackInstall" }, + { + "name": "AWSEuropeanSovereignCloudInstall" + }, { "name": "AWSServiceLBNetworkSecurityGroup" }, + { + "name": "AdditionalStorageConfig" + }, { "name": "AutomatedEtcdBackup" }, @@ -132,6 +138,9 @@ { "name": "ClusterUpdateAcceptRisks" }, + { + "name": "ClusterUpdatePreflight" + }, { "name": "ClusterVersionOperatorConfiguration" }, @@ -174,6 +183,9 @@ { "name": "ExternalOIDC" }, + { + "name": "ExternalOIDCExternalClaimsSourcing" + }, { "name": "ExternalOIDCWithUIDAndExtraClaimMappings" }, @@ -198,27 +210,15 @@ { "name": "GCPDualStackInstall" }, - { - "name": "GatewayAPI" - }, - { - "name": "GatewayAPIController" - }, { "name": "GatewayAPIWithoutOLM" }, - { - "name": "HighlyAvailableArbiter" - }, { "name": "ImageModeStatusReporting" }, { "name": "ImageStreamImportMode" }, - { - "name": "ImageVolume" - }, { "name": "IngressControllerDynamicConfigurationManager" }, @@ -250,23 +250,11 @@ "name": "MachineAPIMigrationOpenStack" }, { - "name": "MachineConfigNodes" - }, - { - "name": "ManagedBootImages" - }, - { - "name": "ManagedBootImagesAWS" - }, - { - "name": "ManagedBootImagesAzure" + "name": "MachineAPIMigrationVSphere" }, { "name": "ManagedBootImagesCPMS" }, - { - "name": "ManagedBootImagesvSphere" - }, { "name": "MaxUnavailableStatefulSet" }, @@ -300,6 +288,9 @@ { "name": "NewOLMCatalogdAPIV1Metas" }, + { + "name": "NewOLMConfigAPI" + }, { "name": "NewOLMOwnSingleNamespace" }, @@ -309,6 +300,9 @@ { "name": "NewOLMWebhookProviderOpenshiftServiceCA" }, + { + "name": "NoOverlayMode" + }, { "name": "NoRegistryClusterInstall" }, @@ -327,9 +321,6 @@ { "name": "OpenShiftPodSecurityAdmission" }, - { - "name": "PinnedImages" - }, { "name": "ProvisioningRequestAvailable" }, @@ -354,6 +345,9 @@ { "name": "StoragePerformantSecurityPolicy" }, + { + "name": "TLSAdherence" + }, { "name": "TLSCurvePreferences" }, diff --git a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-OKD.yaml b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-OKD.yaml index f1549350c21..b5e89233476 100644 --- a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-OKD.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-OKD.yaml @@ -29,7 +29,10 @@ "name": "AWSDualStackInstall" }, { - "name": "AWSServiceLBNetworkSecurityGroup" + "name": "AWSEuropeanSovereignCloudInstall" + }, + { + "name": "AdditionalStorageConfig" }, { "name": "AutomatedEtcdBackup" @@ -46,9 +49,6 @@ { "name": "AzureMultiDisk" }, - { - "name": "BootImageSkewEnforcement" - }, { "name": "BootcNodeManagement" }, @@ -109,6 +109,9 @@ { "name": "ClusterUpdateAcceptRisks" }, + { + "name": "ClusterUpdatePreflight" + }, { "name": "ClusterVersionOperatorConfiguration" }, @@ -145,6 +148,9 @@ { "name": "Example2" }, + { + "name": "ExternalOIDCExternalClaimsSourcing" + }, { "name": "ExternalOIDCWithUpstreamParity" }, @@ -193,6 +199,9 @@ { "name": "MachineAPIMigrationOpenStack" }, + { + "name": "MachineAPIMigrationVSphere" + }, { "name": "MachineAPIOperatorDisableMachineHealthCheckController" }, @@ -223,9 +232,18 @@ { "name": "NewOLMCatalogdAPIV1Metas" }, + { + "name": "NewOLMConfigAPI" + }, + { + "name": "NewOLMOwnSingleNamespace" + }, { "name": "NewOLMPreflightPermissionChecks" }, + { + "name": "NoOverlayMode" + }, { "name": "NoRegistryClusterInstall" }, @@ -254,13 +272,13 @@ "name": "SignatureStores" }, { - "name": "TLSCurvePreferences" + "name": "TLSAdherence" }, { - "name": "VSphereConfigurableMaxAllowedBlockVolumesPerNode" + "name": "TLSCurvePreferences" }, { - "name": "VSphereHostVMGroupZonal" + "name": "VSphereConfigurableMaxAllowedBlockVolumesPerNode" }, { "name": "VSphereMixedNodeEnv" @@ -270,9 +288,15 @@ } ], "enabled": [ + { + "name": "AWSServiceLBNetworkSecurityGroup" + }, { "name": "AzureWorkloadIdentity" }, + { + "name": "BootImageSkewEnforcement" + }, { "name": "BuildCSIVolumes" }, @@ -288,21 +312,9 @@ { "name": "GCPClusterHostedDNSInstall" }, - { - "name": "GatewayAPI" - }, - { - "name": "GatewayAPIController" - }, - { - "name": "HighlyAvailableArbiter" - }, { "name": "ImageStreamImportMode" }, - { - "name": "ImageVolume" - }, { "name": "InsightsConfig" }, @@ -312,24 +324,9 @@ { "name": "KMSv1" }, - { - "name": "MachineConfigNodes" - }, - { - "name": "ManagedBootImages" - }, - { - "name": "ManagedBootImagesAWS" - }, - { - "name": "ManagedBootImagesAzure" - }, { "name": "ManagedBootImagesCPMS" }, - { - "name": "ManagedBootImagesvSphere" - }, { "name": "MetricsCollectionProfiles" }, @@ -339,18 +336,12 @@ { "name": "NewOLM" }, - { - "name": "NewOLMOwnSingleNamespace" - }, { "name": "NewOLMWebhookProviderOpenshiftServiceCA" }, { "name": "OpenShiftPodSecurityAdmission" }, - { - "name": "PinnedImages" - }, { "name": "RouteExternalCertificate" }, @@ -375,6 +366,9 @@ { "name": "UserNamespacesSupport" }, + { + "name": "VSphereHostVMGroupZonal" + }, { "name": "VSphereMultiDisk" }, diff --git a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-TechPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-TechPreviewNoUpgrade.yaml index 204b2e54551..ea764b717f7 100644 --- a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-TechPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-TechPreviewNoUpgrade.yaml @@ -28,12 +28,18 @@ { "name": "ClusterAPIInstall" }, + { + "name": "ClusterUpdatePreflight" + }, { "name": "EventedPLEG" }, { "name": "Example2" }, + { + "name": "ExternalOIDCExternalClaimsSourcing" + }, { "name": "ExternalSnapshotMetadata" }, @@ -43,6 +49,9 @@ { "name": "KMSEncryptionProvider" }, + { + "name": "MachineAPIMigrationVSphere" + }, { "name": "MachineAPIOperatorDisableMachineHealthCheckController" }, @@ -72,9 +81,15 @@ { "name": "AWSDualStackInstall" }, + { + "name": "AWSEuropeanSovereignCloudInstall" + }, { "name": "AWSServiceLBNetworkSecurityGroup" }, + { + "name": "AdditionalStorageConfig" + }, { "name": "AutomatedEtcdBackup" }, @@ -204,27 +219,15 @@ { "name": "GCPDualStackInstall" }, - { - "name": "GatewayAPI" - }, - { - "name": "GatewayAPIController" - }, { "name": "GatewayAPIWithoutOLM" }, - { - "name": "HighlyAvailableArbiter" - }, { "name": "ImageModeStatusReporting" }, { "name": "ImageStreamImportMode" }, - { - "name": "ImageVolume" - }, { "name": "IngressControllerDynamicConfigurationManager" }, @@ -252,24 +255,9 @@ { "name": "MachineAPIMigrationOpenStack" }, - { - "name": "MachineConfigNodes" - }, - { - "name": "ManagedBootImages" - }, - { - "name": "ManagedBootImagesAWS" - }, - { - "name": "ManagedBootImagesAzure" - }, { "name": "ManagedBootImagesCPMS" }, - { - "name": "ManagedBootImagesvSphere" - }, { "name": "MaxUnavailableStatefulSet" }, @@ -300,6 +288,9 @@ { "name": "NewOLMCatalogdAPIV1Metas" }, + { + "name": "NewOLMConfigAPI" + }, { "name": "NewOLMOwnSingleNamespace" }, @@ -309,6 +300,9 @@ { "name": "NewOLMWebhookProviderOpenshiftServiceCA" }, + { + "name": "NoOverlayMode" + }, { "name": "NoRegistryClusterInstall" }, @@ -327,9 +321,6 @@ { "name": "OpenShiftPodSecurityAdmission" }, - { - "name": "PinnedImages" - }, { "name": "RouteExternalCertificate" }, @@ -351,6 +342,9 @@ { "name": "StoragePerformantSecurityPolicy" }, + { + "name": "TLSAdherence" + }, { "name": "TLSCurvePreferences" }, From a5c30511ae9a71d030b35248382fa4a09adfdbab Mon Sep 17 00:00:00 2001 From: Davide Salerno Date: Wed, 1 Apr 2026 19:58:16 +0200 Subject: [PATCH 6/7] make update after rebase Regenerate CRD manifests, OpenAPI definitions, and swagger docs after rebasing on upstream/master Signed-off-by: Davide Salerno --- ...usterversions-DevPreviewNoUpgrade.crd.yaml | 17 ++ ...01_apiservers-DevPreviewNoUpgrade.crd.yaml | 39 +++ ...1_apiservers-TechPreviewNoUpgrade.crd.yaml | 39 +++ ...ator_01_dnses-DevPreviewNoUpgrade.crd.yaml | 2 +- ...tor_01_dnses-TechPreviewNoUpgrade.crd.yaml | 2 +- ...erator_01_infrastructures-Default.crd.yaml | 11 + ...g-operator_01_infrastructures-OKD.crd.yaml | 11 + features.md | 4 +- ...untimeconfigs-DevPreviewNoUpgrade.crd.yaml | 131 +++++++++ ...ntimeconfigs-TechPreviewNoUpgrade.crd.yaml | 131 +++++++++ ...nfig_01_controllerconfigs-Default.crd.yaml | 13 + ...rollerconfigs-DevPreviewNoUpgrade.crd.yaml | 2 +- ...e-config_01_controllerconfigs-OKD.crd.yaml | 13 + ...ollerconfigs-TechPreviewNoUpgrade.crd.yaml | 2 +- ...01_kubeletconfigs-CustomNoUpgrade.crd.yaml | 33 ++- ...-config_01_kubeletconfigs-Default.crd.yaml | 33 ++- ...ubeletconfigs-DevPreviewNoUpgrade.crd.yaml | 33 ++- ...beletconfigs-TechPreviewNoUpgrade.crd.yaml | 33 ++- .../TLSCurvePreferences.yaml | 33 ++- ...tercsidrivers-DevPreviewNoUpgrade.crd.yaml | 2 +- ...ercsidrivers-TechPreviewNoUpgrade.crd.yaml | 2 +- ...k_01_networks-DevPreviewNoUpgrade.crd.yaml | 107 ++++++++ ..._01_networks-TechPreviewNoUpgrade.crd.yaml | 107 ++++++++ ..._01_machineconfigurations-Default.crd.yaml | 252 ++++++++++++++++++ ...nfig_01_machineconfigurations-OKD.crd.yaml | 252 ++++++++++++++++++ ...01_apiservers-DevPreviewNoUpgrade.crd.yaml | 39 +++ ...1_apiservers-TechPreviewNoUpgrade.crd.yaml | 39 +++ ...ator_01_dnses-DevPreviewNoUpgrade.crd.yaml | 2 +- ...tor_01_dnses-TechPreviewNoUpgrade.crd.yaml | 2 +- ...erator_01_infrastructures-Default.crd.yaml | 11 + ...g-operator_01_infrastructures-OKD.crd.yaml | 11 + ...tercsidrivers-DevPreviewNoUpgrade.crd.yaml | 2 +- ...ercsidrivers-TechPreviewNoUpgrade.crd.yaml | 2 +- ...untimeconfigs-DevPreviewNoUpgrade.crd.yaml | 131 +++++++++ ...ntimeconfigs-TechPreviewNoUpgrade.crd.yaml | 131 +++++++++ ...nfig_01_controllerconfigs-Default.crd.yaml | 13 + ...rollerconfigs-DevPreviewNoUpgrade.crd.yaml | 2 +- ...e-config_01_controllerconfigs-OKD.crd.yaml | 13 + ...ollerconfigs-TechPreviewNoUpgrade.crd.yaml | 2 +- ...01_kubeletconfigs-CustomNoUpgrade.crd.yaml | 33 ++- ...-config_01_kubeletconfigs-Default.crd.yaml | 33 ++- ...ubeletconfigs-DevPreviewNoUpgrade.crd.yaml | 33 ++- ...beletconfigs-TechPreviewNoUpgrade.crd.yaml | 33 ++- ..._01_machineconfigurations-Default.crd.yaml | 252 ++++++++++++++++++ ...nfig_01_machineconfigurations-OKD.crd.yaml | 252 ++++++++++++++++++ ...-4-10-Hypershift-TechPreviewNoUpgrade.yaml | 6 + ...eatureGate-4-10-SelfManagedHA-Default.yaml | 12 +- .../featureGate-4-10-SelfManagedHA-OKD.yaml | 12 +- ...10-SelfManagedHA-TechPreviewNoUpgrade.yaml | 6 + 49 files changed, 2276 insertions(+), 100 deletions(-) diff --git a/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml index f24b2a16a15..70a09d3ff0a 100644 --- a/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_00_cluster-version-operator_01_clusterversions-DevPreviewNoUpgrade.crd.yaml @@ -218,6 +218,23 @@ spec: When image is set, architecture cannot be specified. If both version and image are set, the version extracted from the referenced image must match the specified version. type: string + mode: + description: |- + mode determines how an update should be processed. + The only valid value is "Preflight". + When omitted, the cluster performs a normal update by applying the specified version or image to the cluster. + This is the standard update behavior. + When set to "Preflight", the cluster runs compatibility checks against the target release without + performing an actual update. Compatibility results, including any detected risks, are reported + in status.conditionalUpdates and status.conditionalUpdateRisks alongside risks from the update + recommendation service. + This allows administrators to assess update readiness and address issues before committing to the update. + Preflight mode is particularly useful for skip-level updates where upgrade compatibility needs to be + verified across multiple minor versions. + When mode is set to "Preflight", the same rules for version, image, and architecture apply as for normal updates. + enum: + - Preflight + type: string version: description: |- version is a semantic version identifying the update version. diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml index 9c6194b3864..725b2c66f68 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml @@ -292,6 +292,42 @@ spec: type: array x-kubernetes-list-type: atomic type: object + tlsAdherence: + description: |- + tlsAdherence controls if components in the cluster adhere to the TLS security profile + configured on this APIServer resource. + + Valid values are "LegacyAdheringComponentsOnly" and "StrictAllComponents". + + When set to "LegacyAdheringComponentsOnly", components that already honor the + cluster-wide TLS profile continue to do so. Components that do not already honor + it continue to use their individual TLS configurations. + + When set to "StrictAllComponents", all components must honor the configured TLS + profile unless they have a component-specific TLS configuration that overrides + it. This mode is recommended for security-conscious deployments and is required + for certain compliance frameworks. + + Note: Some components such as Kubelet and IngressController have their own + dedicated TLS configuration mechanisms via KubeletConfig and IngressController + CRs respectively. When these component-specific TLS configurations are set, + they take precedence over the cluster-wide tlsSecurityProfile. When not set, + these components fall back to the cluster-wide default. + + Components that encounter an unknown value for tlsAdherence should treat it + as "StrictAllComponents" and log a warning to ensure forward compatibility + while defaulting to the more secure behavior. + + This field is optional. + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default is LegacyAdheringComponentsOnly. + + Once set, this field may be changed to a different value, but may not be removed. + enum: + - LegacyAdheringComponentsOnly + - StrictAllComponents + type: string tlsSecurityProfile: description: |- tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. @@ -469,6 +505,9 @@ spec: type: string type: object type: object + x-kubernetes-validations: + - message: tlsAdherence may not be removed once set + rule: 'has(oldSelf.tlsAdherence) ? has(self.tlsAdherence) : true' status: description: status holds observed values from the cluster. They may not be overridden. diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml index 4e977b3bac8..33c7fa21e73 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml @@ -224,6 +224,42 @@ spec: type: array x-kubernetes-list-type: atomic type: object + tlsAdherence: + description: |- + tlsAdherence controls if components in the cluster adhere to the TLS security profile + configured on this APIServer resource. + + Valid values are "LegacyAdheringComponentsOnly" and "StrictAllComponents". + + When set to "LegacyAdheringComponentsOnly", components that already honor the + cluster-wide TLS profile continue to do so. Components that do not already honor + it continue to use their individual TLS configurations. + + When set to "StrictAllComponents", all components must honor the configured TLS + profile unless they have a component-specific TLS configuration that overrides + it. This mode is recommended for security-conscious deployments and is required + for certain compliance frameworks. + + Note: Some components such as Kubelet and IngressController have their own + dedicated TLS configuration mechanisms via KubeletConfig and IngressController + CRs respectively. When these component-specific TLS configurations are set, + they take precedence over the cluster-wide tlsSecurityProfile. When not set, + these components fall back to the cluster-wide default. + + Components that encounter an unknown value for tlsAdherence should treat it + as "StrictAllComponents" and log a warning to ensure forward compatibility + while defaulting to the more secure behavior. + + This field is optional. + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default is LegacyAdheringComponentsOnly. + + Once set, this field may be changed to a different value, but may not be removed. + enum: + - LegacyAdheringComponentsOnly + - StrictAllComponents + type: string tlsSecurityProfile: description: |- tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. @@ -401,6 +437,9 @@ spec: type: string type: object type: object + x-kubernetes-validations: + - message: tlsAdherence may not be removed once set + rule: 'has(oldSelf.tlsAdherence) ? has(self.tlsAdherence) : true' status: description: status holds observed values from the cluster. They may not be overridden. diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-DevPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-DevPreviewNoUpgrade.crd.yaml index 282c6b30021..f2d9157713a 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-DevPreviewNoUpgrade.crd.yaml @@ -81,7 +81,7 @@ spec: x-kubernetes-validations: - message: 'privateZoneIAMRole must be a valid AWS IAM role ARN in the format: arn::iam:::role/' - rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role/.*$') + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role/.*$') type: object type: description: |- diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-TechPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-TechPreviewNoUpgrade.crd.yaml index e7b1af06326..ce4e9b77f01 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_dnses-TechPreviewNoUpgrade.crd.yaml @@ -81,7 +81,7 @@ spec: x-kubernetes-validations: - message: 'privateZoneIAMRole must be a valid AWS IAM role ARN in the format: arn::iam:::role/' - rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role/.*$') + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role/.*$') type: object type: description: |- diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml index 9c9cfb6fe37..cc7fe5e2a2e 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-Default.crd.yaml @@ -828,6 +828,17 @@ spec: - topology - zone type: object + x-kubernetes-validations: + - message: when zoneAffinity type is HostGroup, regionAffinity + type must be ComputeCluster + rule: 'has(self.zoneAffinity) && self.zoneAffinity.type + == ''HostGroup'' ? has(self.regionAffinity) && self.regionAffinity.type + == ''ComputeCluster'' : true' + - message: when zoneAffinity type is ComputeCluster, regionAffinity + type must be Datacenter + rule: 'has(self.zoneAffinity) && self.zoneAffinity.type + == ''ComputeCluster'' ? has(self.regionAffinity) && + self.regionAffinity.type == ''Datacenter'' : true' type: array x-kubernetes-list-map-keys: - name diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml index 029cbc3f16b..5a105a3c9b0 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_infrastructures-OKD.crd.yaml @@ -828,6 +828,17 @@ spec: - topology - zone type: object + x-kubernetes-validations: + - message: when zoneAffinity type is HostGroup, regionAffinity + type must be ComputeCluster + rule: 'has(self.zoneAffinity) && self.zoneAffinity.type + == ''HostGroup'' ? has(self.regionAffinity) && self.regionAffinity.type + == ''ComputeCluster'' : true' + - message: when zoneAffinity type is ComputeCluster, regionAffinity + type must be Datacenter + rule: 'has(self.zoneAffinity) && self.zoneAffinity.type + == ''ComputeCluster'' ? has(self.regionAffinity) && + self.regionAffinity.type == ''Datacenter'' : true' type: array x-kubernetes-list-map-keys: - name diff --git a/features.md b/features.md index dde5d0712d1..60b8f0b3352 100644 --- a/features.md +++ b/features.md @@ -9,6 +9,7 @@ | ClusterAPIComputeInstall| | | Enabled | Enabled | | | | | | ClusterAPIControlPlaneInstall| | | Enabled | Enabled | | | | | | ClusterUpdatePreflight| | | Enabled | Enabled | | | | | +| ConfidentialCluster| | | Enabled | Enabled | | | | | | Example2| | | Enabled | Enabled | | | | | | ExternalOIDCExternalClaimsSourcing| | | Enabled | Enabled | | | | | | ExternalSnapshotMetadata| | | Enabled | Enabled | | | | | @@ -22,6 +23,7 @@ | NewOLMPreflightPermissionChecks| | | | Enabled | | | | Enabled | | NoRegistryClusterInstall| | | | Enabled | | | | Enabled | | ProvisioningRequestAvailable| | | Enabled | Enabled | | | | | +| VSphereMultiVCenterDay2| | | Enabled | Enabled | | | | | | AWSClusterHostedDNS| | | Enabled | Enabled | | | Enabled | Enabled | | AWSClusterHostedDNSInstall| | | Enabled | Enabled | | | Enabled | Enabled | | AWSDedicatedHosts| | | Enabled | Enabled | | | Enabled | Enabled | @@ -29,7 +31,6 @@ | AWSEuropeanSovereignCloudInstall| | | Enabled | Enabled | | | Enabled | Enabled | | AdditionalStorageConfig| | | Enabled | Enabled | | | Enabled | Enabled | | AutomatedEtcdBackup| | | Enabled | Enabled | | | Enabled | Enabled | -| AzureClusterHostedDNSInstall| | | Enabled | Enabled | | | Enabled | Enabled | | AzureDedicatedHosts| | | Enabled | Enabled | | | Enabled | Enabled | | AzureDualStackInstall| | | Enabled | Enabled | | | Enabled | Enabled | | AzureMultiDisk| | | Enabled | Enabled | | | Enabled | Enabled | @@ -93,6 +94,7 @@ | VSphereMixedNodeEnv| | | Enabled | Enabled | | | Enabled | Enabled | | VolumeGroupSnapshot| | | Enabled | Enabled | | | Enabled | Enabled | | AWSServiceLBNetworkSecurityGroup| | Enabled | Enabled | Enabled | | Enabled | Enabled | Enabled | +| AzureClusterHostedDNSInstall| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | AzureWorkloadIdentity| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | BootImageSkewEnforcement| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | | BuildCSIVolumes| Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | Enabled | diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml index 7402413ec5c..8d918545b29 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml @@ -53,6 +53,137 @@ spec: description: containerRuntimeConfig defines the tuneables of the container runtime. properties: + additionalArtifactStores: + description: |- + additionalArtifactStores configures additional read-only artifact storage locations for Open Container Initiative (OCI) artifacts. + + Artifacts are checked in order: additional stores first, then the default location (/var/lib/containers/storage/artifacts). + Stores are read-only. + Maximum of 10 stores allowed. + Each path must be unique. + + When omitted, only the default artifact location is used. + When specified, at least one store must be provided. + items: + description: AdditionalArtifactStore defines an additional read-only + storage location for Open Container Initiative (OCI) artifacts. + properties: + path: + description: |- + path specifies the absolute location of the additional artifact store. + The path must exist on the node before configuration is applied. + When an artifact is requested, artifacts found at this location will be used instead of + retrieving from the registry. + The path is required and must be between 1 and 256 characters long, begin with a forward slash, + and only contain the characters a-z, A-Z, 0-9, '/', '.', '_', and '-'. + Consecutive forward slashes are not permitted. + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + - message: path must not contain consecutive forward slashes + rule: '!self.contains(''//'')' + required: + - path + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalArtifactStores must not contain duplicate + paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + additionalImageStores: + description: |- + additionalImageStores configures additional read-only container image store locations for Open Container Initiative (OCI) images. + + Images are checked in order: additional stores first, then the default location. + Stores are read-only. + Maximum of 10 stores allowed. + Each path must be unique. + + When omitted, only the default image location is used. + When specified, at least one store must be provided. + items: + description: AdditionalImageStore defines an additional read-only + storage location for Open Container Initiative (OCI) images. + properties: + path: + description: |- + path specifies the absolute location of the additional image store. + The path must exist on the node before configuration is applied. + When a container image is requested, images found at this location will be used instead of + retrieving from the registry. + The path is required and must be between 1 and 256 characters long, begin with a forward slash, + and only contain the characters a-z, A-Z, 0-9, '/', '.', '_', and '-'. + Consecutive forward slashes are not permitted. + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + - message: path must not contain consecutive forward slashes + rule: '!self.contains(''//'')' + required: + - path + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalImageStores must not contain duplicate paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + additionalLayerStores: + description: |- + additionalLayerStores configures additional read-only container image layer store locations for Open Container Initiative (OCI) images. + + Layers are checked in order: additional stores first, then the default location. + Stores are read-only. + Maximum of 5 stores allowed. + Each path must be unique. + + When omitted, only the default layer location is used. + When specified, at least one store must be provided. + items: + description: AdditionalLayerStore defines a read-only storage + location for Open Container Initiative (OCI) container image + layers. + properties: + path: + description: |- + path specifies the absolute location of the additional layer store. + The path must exist on the node before configuration is applied. + When a container image is requested, layers found at this location will be used instead of + retrieving from the registry. + The path is required and must be between 1 and 256 characters long, begin with a forward slash, + and only contain the characters a-z, A-Z, 0-9, '/', '.', '_', and '-'. + Consecutive forward slashes are not permitted. + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + - message: path must not contain consecutive forward slashes + rule: '!self.contains(''//'')' + required: + - path + type: object + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalLayerStores must not contain duplicate paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) defaultRuntime: description: |- defaultRuntime is the name of the OCI runtime to be used as the default for containers. diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml index 7b0902f8488..27a0cb3c173 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml @@ -53,6 +53,137 @@ spec: description: containerRuntimeConfig defines the tuneables of the container runtime. properties: + additionalArtifactStores: + description: |- + additionalArtifactStores configures additional read-only artifact storage locations for Open Container Initiative (OCI) artifacts. + + Artifacts are checked in order: additional stores first, then the default location (/var/lib/containers/storage/artifacts). + Stores are read-only. + Maximum of 10 stores allowed. + Each path must be unique. + + When omitted, only the default artifact location is used. + When specified, at least one store must be provided. + items: + description: AdditionalArtifactStore defines an additional read-only + storage location for Open Container Initiative (OCI) artifacts. + properties: + path: + description: |- + path specifies the absolute location of the additional artifact store. + The path must exist on the node before configuration is applied. + When an artifact is requested, artifacts found at this location will be used instead of + retrieving from the registry. + The path is required and must be between 1 and 256 characters long, begin with a forward slash, + and only contain the characters a-z, A-Z, 0-9, '/', '.', '_', and '-'. + Consecutive forward slashes are not permitted. + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + - message: path must not contain consecutive forward slashes + rule: '!self.contains(''//'')' + required: + - path + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalArtifactStores must not contain duplicate + paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + additionalImageStores: + description: |- + additionalImageStores configures additional read-only container image store locations for Open Container Initiative (OCI) images. + + Images are checked in order: additional stores first, then the default location. + Stores are read-only. + Maximum of 10 stores allowed. + Each path must be unique. + + When omitted, only the default image location is used. + When specified, at least one store must be provided. + items: + description: AdditionalImageStore defines an additional read-only + storage location for Open Container Initiative (OCI) images. + properties: + path: + description: |- + path specifies the absolute location of the additional image store. + The path must exist on the node before configuration is applied. + When a container image is requested, images found at this location will be used instead of + retrieving from the registry. + The path is required and must be between 1 and 256 characters long, begin with a forward slash, + and only contain the characters a-z, A-Z, 0-9, '/', '.', '_', and '-'. + Consecutive forward slashes are not permitted. + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + - message: path must not contain consecutive forward slashes + rule: '!self.contains(''//'')' + required: + - path + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalImageStores must not contain duplicate paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + additionalLayerStores: + description: |- + additionalLayerStores configures additional read-only container image layer store locations for Open Container Initiative (OCI) images. + + Layers are checked in order: additional stores first, then the default location. + Stores are read-only. + Maximum of 5 stores allowed. + Each path must be unique. + + When omitted, only the default layer location is used. + When specified, at least one store must be provided. + items: + description: AdditionalLayerStore defines a read-only storage + location for Open Container Initiative (OCI) container image + layers. + properties: + path: + description: |- + path specifies the absolute location of the additional layer store. + The path must exist on the node before configuration is applied. + When a container image is requested, layers found at this location will be used instead of + retrieving from the registry. + The path is required and must be between 1 and 256 characters long, begin with a forward slash, + and only contain the characters a-z, A-Z, 0-9, '/', '.', '_', and '-'. + Consecutive forward slashes are not permitted. + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + - message: path must not contain consecutive forward slashes + rule: '!self.contains(''//'')' + required: + - path + type: object + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalLayerStores must not contain duplicate paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) defaultRuntime: description: |- defaultRuntime is the name of the OCI runtime to be used as the default for containers. diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml index 2b285e0e9c4..d6ebfd67ce5 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml @@ -1119,6 +1119,19 @@ spec: - topology - zone type: object + x-kubernetes-validations: + - message: when zoneAffinity type is HostGroup, + regionAffinity type must be ComputeCluster + rule: 'has(self.zoneAffinity) && self.zoneAffinity.type + == ''HostGroup'' ? has(self.regionAffinity) + && self.regionAffinity.type == ''ComputeCluster'' + : true' + - message: when zoneAffinity type is ComputeCluster, + regionAffinity type must be Datacenter + rule: 'has(self.zoneAffinity) && self.zoneAffinity.type + == ''ComputeCluster'' ? has(self.regionAffinity) + && self.regionAffinity.type == ''Datacenter'' + : true' type: array x-kubernetes-list-map-keys: - name diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml index 76b336e4077..0ae7a36d13f 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml @@ -137,7 +137,7 @@ spec: x-kubernetes-validations: - message: 'privateZoneIAMRole must be a valid AWS IAM role ARN in the format: arn::iam:::role/' - rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role/.*$') + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role/.*$') type: object type: description: |- diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml index a30c0002fe5..512510c2092 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml @@ -1119,6 +1119,19 @@ spec: - topology - zone type: object + x-kubernetes-validations: + - message: when zoneAffinity type is HostGroup, + regionAffinity type must be ComputeCluster + rule: 'has(self.zoneAffinity) && self.zoneAffinity.type + == ''HostGroup'' ? has(self.regionAffinity) + && self.regionAffinity.type == ''ComputeCluster'' + : true' + - message: when zoneAffinity type is ComputeCluster, + regionAffinity type must be Datacenter + rule: 'has(self.zoneAffinity) && self.zoneAffinity.type + == ''ComputeCluster'' ? has(self.regionAffinity) + && self.regionAffinity.type == ''Datacenter'' + : true' type: array x-kubernetes-list-map-keys: - name diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml index 603971241b1..99cb62c6039 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml @@ -137,7 +137,7 @@ spec: x-kubernetes-validations: - message: 'privateZoneIAMRole must be a valid AWS IAM role ARN in the format: arn::iam:::role/' - rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role/.*$') + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role/.*$') type: object type: description: |- diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml index 67dd0d7d9bc..38d52fa9233 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml @@ -48,22 +48,37 @@ spec: description: spec contains the desired kubelet configuration. properties: autoSizingReserved: + description: |- + autoSizingReserved controls whether system-reserved CPU and memory are automatically + calculated based on each node's installed capacity. When set to true, this prevents node failure + from resource starvation of system components (kubelet, CRI-O) without manual configuration. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, + which is subject to change over time. The current default is true for worker nodes and false for control plane nodes. + When set to false, automatic resource reservation is disabled and manual settings must be configured. type: boolean kubeletConfig: description: |- - kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by - OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from - upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes - for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable. + kubeletConfig contains upstream Kubernetes kubelet configuration fields. + Values are validated by the kubelet itself. Invalid values may render nodes unusable. + Refer to OpenShift documentation for the Kubernetes version corresponding to your + OpenShift release to find valid kubelet configuration options. type: object x-kubernetes-preserve-unknown-fields: true logLevel: + description: |- + logLevel sets the kubelet log verbosity, controlling the amount of detail in kubelet logs. + Valid values range from 0 (minimal logging) to 10 (maximum verbosity with trace-level detail). + Higher log levels may impact node performance. When omitted, the platform chooses a reasonable default, + which is subject to change over time. The current default is 2 (standard informational logging). format: int32 + maximum: 10 + minimum: 0 type: integer machineConfigPoolSelector: description: |- - machineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. - A nil selector will result in no pools being selected. + machineConfigPoolSelector selects which pools the KubeletConfig should apply to. + When omitted or set to an empty selector {}, no pools are selected, which is equivalent + to not matching any MachineConfigPool. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -110,9 +125,9 @@ spec: x-kubernetes-map-type: atomic tlsSecurityProfile: description: |- - If unset, the default is based on the apiservers.config.openshift.io/cluster resource. - Note that only Old and Intermediate profiles are currently supported, and - the maximum available minTLSVersion is VersionTLS12. + tlsSecurityProfile configures TLS settings for the kubelet. + When omitted, the TLS configuration defaults to the value from apiservers.config.openshift.io/cluster. + When specified, the type field can be set to either "Old", "Intermediate", "Modern", "Custom" or omitted for backward compatibility. properties: custom: description: |- diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml index dc63d4a2864..26c7c533e16 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml @@ -48,22 +48,37 @@ spec: description: spec contains the desired kubelet configuration. properties: autoSizingReserved: + description: |- + autoSizingReserved controls whether system-reserved CPU and memory are automatically + calculated based on each node's installed capacity. When set to true, this prevents node failure + from resource starvation of system components (kubelet, CRI-O) without manual configuration. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, + which is subject to change over time. The current default is true for worker nodes and false for control plane nodes. + When set to false, automatic resource reservation is disabled and manual settings must be configured. type: boolean kubeletConfig: description: |- - kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by - OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from - upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes - for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable. + kubeletConfig contains upstream Kubernetes kubelet configuration fields. + Values are validated by the kubelet itself. Invalid values may render nodes unusable. + Refer to OpenShift documentation for the Kubernetes version corresponding to your + OpenShift release to find valid kubelet configuration options. type: object x-kubernetes-preserve-unknown-fields: true logLevel: + description: |- + logLevel sets the kubelet log verbosity, controlling the amount of detail in kubelet logs. + Valid values range from 0 (minimal logging) to 10 (maximum verbosity with trace-level detail). + Higher log levels may impact node performance. When omitted, the platform chooses a reasonable default, + which is subject to change over time. The current default is 2 (standard informational logging). format: int32 + maximum: 10 + minimum: 0 type: integer machineConfigPoolSelector: description: |- - machineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. - A nil selector will result in no pools being selected. + machineConfigPoolSelector selects which pools the KubeletConfig should apply to. + When omitted or set to an empty selector {}, no pools are selected, which is equivalent + to not matching any MachineConfigPool. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -110,9 +125,9 @@ spec: x-kubernetes-map-type: atomic tlsSecurityProfile: description: |- - If unset, the default is based on the apiservers.config.openshift.io/cluster resource. - Note that only Old and Intermediate profiles are currently supported, and - the maximum available minTLSVersion is VersionTLS12. + tlsSecurityProfile configures TLS settings for the kubelet. + When omitted, the TLS configuration defaults to the value from apiservers.config.openshift.io/cluster. + When specified, the type field can be set to either "Old", "Intermediate", "Modern", "Custom" or omitted for backward compatibility. properties: custom: description: |- diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml index 72555642770..ec26eef6462 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml @@ -48,22 +48,37 @@ spec: description: spec contains the desired kubelet configuration. properties: autoSizingReserved: + description: |- + autoSizingReserved controls whether system-reserved CPU and memory are automatically + calculated based on each node's installed capacity. When set to true, this prevents node failure + from resource starvation of system components (kubelet, CRI-O) without manual configuration. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, + which is subject to change over time. The current default is true for worker nodes and false for control plane nodes. + When set to false, automatic resource reservation is disabled and manual settings must be configured. type: boolean kubeletConfig: description: |- - kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by - OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from - upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes - for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable. + kubeletConfig contains upstream Kubernetes kubelet configuration fields. + Values are validated by the kubelet itself. Invalid values may render nodes unusable. + Refer to OpenShift documentation for the Kubernetes version corresponding to your + OpenShift release to find valid kubelet configuration options. type: object x-kubernetes-preserve-unknown-fields: true logLevel: + description: |- + logLevel sets the kubelet log verbosity, controlling the amount of detail in kubelet logs. + Valid values range from 0 (minimal logging) to 10 (maximum verbosity with trace-level detail). + Higher log levels may impact node performance. When omitted, the platform chooses a reasonable default, + which is subject to change over time. The current default is 2 (standard informational logging). format: int32 + maximum: 10 + minimum: 0 type: integer machineConfigPoolSelector: description: |- - machineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. - A nil selector will result in no pools being selected. + machineConfigPoolSelector selects which pools the KubeletConfig should apply to. + When omitted or set to an empty selector {}, no pools are selected, which is equivalent + to not matching any MachineConfigPool. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -110,9 +125,9 @@ spec: x-kubernetes-map-type: atomic tlsSecurityProfile: description: |- - If unset, the default is based on the apiservers.config.openshift.io/cluster resource. - Note that only Old and Intermediate profiles are currently supported, and - the maximum available minTLSVersion is VersionTLS12. + tlsSecurityProfile configures TLS settings for the kubelet. + When omitted, the TLS configuration defaults to the value from apiservers.config.openshift.io/cluster. + When specified, the type field can be set to either "Old", "Intermediate", "Modern", "Custom" or omitted for backward compatibility. properties: custom: description: |- diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml index cd3d4dcf4f7..d1a389124fc 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml @@ -48,22 +48,37 @@ spec: description: spec contains the desired kubelet configuration. properties: autoSizingReserved: + description: |- + autoSizingReserved controls whether system-reserved CPU and memory are automatically + calculated based on each node's installed capacity. When set to true, this prevents node failure + from resource starvation of system components (kubelet, CRI-O) without manual configuration. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, + which is subject to change over time. The current default is true for worker nodes and false for control plane nodes. + When set to false, automatic resource reservation is disabled and manual settings must be configured. type: boolean kubeletConfig: description: |- - kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by - OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from - upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes - for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable. + kubeletConfig contains upstream Kubernetes kubelet configuration fields. + Values are validated by the kubelet itself. Invalid values may render nodes unusable. + Refer to OpenShift documentation for the Kubernetes version corresponding to your + OpenShift release to find valid kubelet configuration options. type: object x-kubernetes-preserve-unknown-fields: true logLevel: + description: |- + logLevel sets the kubelet log verbosity, controlling the amount of detail in kubelet logs. + Valid values range from 0 (minimal logging) to 10 (maximum verbosity with trace-level detail). + Higher log levels may impact node performance. When omitted, the platform chooses a reasonable default, + which is subject to change over time. The current default is 2 (standard informational logging). format: int32 + maximum: 10 + minimum: 0 type: integer machineConfigPoolSelector: description: |- - machineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. - A nil selector will result in no pools being selected. + machineConfigPoolSelector selects which pools the KubeletConfig should apply to. + When omitted or set to an empty selector {}, no pools are selected, which is equivalent + to not matching any MachineConfigPool. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -110,9 +125,9 @@ spec: x-kubernetes-map-type: atomic tlsSecurityProfile: description: |- - If unset, the default is based on the apiservers.config.openshift.io/cluster resource. - Note that only Old and Intermediate profiles are currently supported, and - the maximum available minTLSVersion is VersionTLS12. + tlsSecurityProfile configures TLS settings for the kubelet. + When omitted, the TLS configuration defaults to the value from apiservers.config.openshift.io/cluster. + When specified, the type field can be set to either "Old", "Intermediate", "Modern", "Custom" or omitted for backward compatibility. properties: custom: description: |- diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml index 065a04603f8..f0b1485ae22 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml @@ -48,22 +48,37 @@ spec: description: spec contains the desired kubelet configuration. properties: autoSizingReserved: + description: |- + autoSizingReserved controls whether system-reserved CPU and memory are automatically + calculated based on each node's installed capacity. When set to true, this prevents node failure + from resource starvation of system components (kubelet, CRI-O) without manual configuration. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, + which is subject to change over time. The current default is true for worker nodes and false for control plane nodes. + When set to false, automatic resource reservation is disabled and manual settings must be configured. type: boolean kubeletConfig: description: |- - kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by - OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from - upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes - for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable. + kubeletConfig contains upstream Kubernetes kubelet configuration fields. + Values are validated by the kubelet itself. Invalid values may render nodes unusable. + Refer to OpenShift documentation for the Kubernetes version corresponding to your + OpenShift release to find valid kubelet configuration options. type: object x-kubernetes-preserve-unknown-fields: true logLevel: + description: |- + logLevel sets the kubelet log verbosity, controlling the amount of detail in kubelet logs. + Valid values range from 0 (minimal logging) to 10 (maximum verbosity with trace-level detail). + Higher log levels may impact node performance. When omitted, the platform chooses a reasonable default, + which is subject to change over time. The current default is 2 (standard informational logging). format: int32 + maximum: 10 + minimum: 0 type: integer machineConfigPoolSelector: description: |- - machineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. - A nil selector will result in no pools being selected. + machineConfigPoolSelector selects which pools the KubeletConfig should apply to. + When omitted or set to an empty selector {}, no pools are selected, which is equivalent + to not matching any MachineConfigPool. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -110,9 +125,9 @@ spec: x-kubernetes-map-type: atomic tlsSecurityProfile: description: |- - If unset, the default is based on the apiservers.config.openshift.io/cluster resource. - Note that only Old and Intermediate profiles are currently supported, and - the maximum available minTLSVersion is VersionTLS12. + tlsSecurityProfile configures TLS settings for the kubelet. + When omitted, the TLS configuration defaults to the value from apiservers.config.openshift.io/cluster. + When specified, the type field can be set to either "Old", "Intermediate", "Modern", "Custom" or omitted for backward compatibility. properties: custom: description: |- diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml index cba799b53d1..a03dd7d88db 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml @@ -135,7 +135,7 @@ spec: x-kubernetes-validations: - message: 'kmsKeyARN must be a valid AWS KMS key ARN in the format: arn::kms:::(key|alias)/' - rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.*$') + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f|aws-eusc):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.*$') type: object azure: description: azure is used to configure the Azure CSI driver. diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml index b81cb645a36..3dc68028e00 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml @@ -135,7 +135,7 @@ spec: x-kubernetes-validations: - message: 'kmsKeyARN must be a valid AWS KMS key ARN in the format: arn::kms:::(key|alias)/' - rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.*$') + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f|aws-eusc):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.*$') type: object azure: description: azure is used to configure the Azure CSI driver. diff --git a/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml index 8a5b61589a9..7fcb1ab52e6 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-DevPreviewNoUpgrade.crd.yaml @@ -273,6 +273,37 @@ spec: description: ovnKubernetesConfig configures the ovn-kubernetes plugin. properties: + bgpManagedConfig: + description: |- + bgpManagedConfig configures the BGP properties for networks (default network or CUDNs) + in no-overlay mode that specify routing="Managed" in their noOverlayConfig. + It is required when noOverlayConfig.routing is set to "Managed". + When omitted, this means the user does not configure BGP for managed routing. + This field can be set at installation time or on day 2, and can be modified at any time. + properties: + asNumber: + default: 64512 + description: |- + asNumber is the 2-byte or 4-byte Autonomous System Number (ASN) + to be used in the generated FRR configuration. + Valid values are 1 to 4294967295. + When omitted, this defaults to 64512. + format: int64 + maximum: 4294967295 + minimum: 1 + type: integer + bgpTopology: + description: |- + bgpTopology defines the BGP topology to be used. + Allowed values are "FullMesh". + When set to "FullMesh", every node peers directly with every other node via BGP. + This field is required when BGPManagedConfig is specified. + enum: + - FullMesh + type: string + required: + - bgpTopology + type: object egressIPConfig: description: egressIPConfig holds the configuration for EgressIP options. @@ -554,6 +585,44 @@ spec: format: int32 minimum: 0 type: integer + noOverlayConfig: + description: |- + noOverlayConfig contains configuration for no-overlay mode. + This configuration applies to the default network only. + It is required when transport is "NoOverlay". + When omitted, this means the user does not configure no-overlay mode options. + properties: + outboundSNAT: + description: |- + outboundSNAT defines the SNAT behavior for outbound traffic from pods. + Allowed values are "Enabled" and "Disabled". + When set to "Enabled", SNAT is performed on outbound traffic from pods. + When set to "Disabled", SNAT is not performed and pod IPs are preserved in outbound traffic. + This field is required when the network operates in no-overlay mode. + This field can be set to any value at installation time and can be changed afterwards. + enum: + - Enabled + - Disabled + type: string + routing: + description: |- + routing specifies whether the pod network routing is managed by OVN-Kubernetes or users. + Allowed values are "Managed" and "Unmanaged". + When set to "Managed", OVN-Kubernetes manages the pod network routing configuration through BGP. + When set to "Unmanaged", users are responsible for configuring the pod network routing. + This field is required when the network operates in no-overlay mode. + This field is immutable once set. + enum: + - Managed + - Unmanaged + type: string + x-kubernetes-validations: + - message: routing is immutable once set + rule: self == oldSelf + required: + - outboundSNAT + - routing + type: object policyAuditConfig: description: |- policyAuditConfig is the configuration for network policy audit events. If unset, @@ -618,6 +687,24 @@ spec: - Enabled - Disabled type: string + transport: + description: |- + transport sets the transport mode for pods on the default network. + Allowed values are "NoOverlay" and "Geneve". + "NoOverlay" avoids tunnel encapsulation, routing pod traffic directly between nodes. + "Geneve" encapsulates pod traffic using Geneve tunnels between nodes. + When omitted, this means the user has no opinion and the platform chooses + a reasonable default which is subject to change over time. + The current default is "Geneve". + "NoOverlay" can only be set at installation time and cannot be changed afterwards. + "Geneve" may be set explicitly at any time to lock in the current default. + enum: + - NoOverlay + - Geneve + type: string + x-kubernetes-validations: + - message: transport is immutable once set + rule: self == oldSelf v4InternalSubnet: description: |- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the @@ -635,6 +722,26 @@ spec: Default is fd98::/64 type: string type: object + x-kubernetes-validations: + - message: routeAdvertisements must be Enabled when transport + is NoOverlay + rule: 'self.?transport.orValue('''') == ''NoOverlay'' ? self.?routeAdvertisements.orValue('''') + == ''Enabled'' : true' + - message: noOverlayConfig must be set if transport is NoOverlay, + and is forbidden otherwise + rule: 'self.?transport.orValue('''') == ''NoOverlay'' ? has(self.noOverlayConfig) + : !has(self.noOverlayConfig)' + - message: bgpManagedConfig is required when noOverlayConfig.routing + is Managed + rule: 'self.?noOverlayConfig.routing.orValue('''') == ''Managed'' + ? has(self.bgpManagedConfig) : true' + - message: transport can only be set to Geneve after installation + rule: '!has(self.transport) || self.transport == ''Geneve'' + || has(oldSelf.transport)' + - message: transport may not be removed once set + rule: '!has(oldSelf.transport) || has(self.transport)' + - message: noOverlayConfig may not be removed once set + rule: '!has(oldSelf.noOverlayConfig) || has(self.noOverlayConfig)' type: description: |- type is the type of network diff --git a/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml index 541ab3830ce..e6a3bedcebe 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_70_network_01_networks-TechPreviewNoUpgrade.crd.yaml @@ -273,6 +273,37 @@ spec: description: ovnKubernetesConfig configures the ovn-kubernetes plugin. properties: + bgpManagedConfig: + description: |- + bgpManagedConfig configures the BGP properties for networks (default network or CUDNs) + in no-overlay mode that specify routing="Managed" in their noOverlayConfig. + It is required when noOverlayConfig.routing is set to "Managed". + When omitted, this means the user does not configure BGP for managed routing. + This field can be set at installation time or on day 2, and can be modified at any time. + properties: + asNumber: + default: 64512 + description: |- + asNumber is the 2-byte or 4-byte Autonomous System Number (ASN) + to be used in the generated FRR configuration. + Valid values are 1 to 4294967295. + When omitted, this defaults to 64512. + format: int64 + maximum: 4294967295 + minimum: 1 + type: integer + bgpTopology: + description: |- + bgpTopology defines the BGP topology to be used. + Allowed values are "FullMesh". + When set to "FullMesh", every node peers directly with every other node via BGP. + This field is required when BGPManagedConfig is specified. + enum: + - FullMesh + type: string + required: + - bgpTopology + type: object egressIPConfig: description: egressIPConfig holds the configuration for EgressIP options. @@ -554,6 +585,44 @@ spec: format: int32 minimum: 0 type: integer + noOverlayConfig: + description: |- + noOverlayConfig contains configuration for no-overlay mode. + This configuration applies to the default network only. + It is required when transport is "NoOverlay". + When omitted, this means the user does not configure no-overlay mode options. + properties: + outboundSNAT: + description: |- + outboundSNAT defines the SNAT behavior for outbound traffic from pods. + Allowed values are "Enabled" and "Disabled". + When set to "Enabled", SNAT is performed on outbound traffic from pods. + When set to "Disabled", SNAT is not performed and pod IPs are preserved in outbound traffic. + This field is required when the network operates in no-overlay mode. + This field can be set to any value at installation time and can be changed afterwards. + enum: + - Enabled + - Disabled + type: string + routing: + description: |- + routing specifies whether the pod network routing is managed by OVN-Kubernetes or users. + Allowed values are "Managed" and "Unmanaged". + When set to "Managed", OVN-Kubernetes manages the pod network routing configuration through BGP. + When set to "Unmanaged", users are responsible for configuring the pod network routing. + This field is required when the network operates in no-overlay mode. + This field is immutable once set. + enum: + - Managed + - Unmanaged + type: string + x-kubernetes-validations: + - message: routing is immutable once set + rule: self == oldSelf + required: + - outboundSNAT + - routing + type: object policyAuditConfig: description: |- policyAuditConfig is the configuration for network policy audit events. If unset, @@ -618,6 +687,24 @@ spec: - Enabled - Disabled type: string + transport: + description: |- + transport sets the transport mode for pods on the default network. + Allowed values are "NoOverlay" and "Geneve". + "NoOverlay" avoids tunnel encapsulation, routing pod traffic directly between nodes. + "Geneve" encapsulates pod traffic using Geneve tunnels between nodes. + When omitted, this means the user has no opinion and the platform chooses + a reasonable default which is subject to change over time. + The current default is "Geneve". + "NoOverlay" can only be set at installation time and cannot be changed afterwards. + "Geneve" may be set explicitly at any time to lock in the current default. + enum: + - NoOverlay + - Geneve + type: string + x-kubernetes-validations: + - message: transport is immutable once set + rule: self == oldSelf v4InternalSubnet: description: |- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the @@ -635,6 +722,26 @@ spec: Default is fd98::/64 type: string type: object + x-kubernetes-validations: + - message: routeAdvertisements must be Enabled when transport + is NoOverlay + rule: 'self.?transport.orValue('''') == ''NoOverlay'' ? self.?routeAdvertisements.orValue('''') + == ''Enabled'' : true' + - message: noOverlayConfig must be set if transport is NoOverlay, + and is forbidden otherwise + rule: 'self.?transport.orValue('''') == ''NoOverlay'' ? has(self.noOverlayConfig) + : !has(self.noOverlayConfig)' + - message: bgpManagedConfig is required when noOverlayConfig.routing + is Managed + rule: 'self.?noOverlayConfig.routing.orValue('''') == ''Managed'' + ? has(self.bgpManagedConfig) : true' + - message: transport can only be set to Geneve after installation + rule: '!has(self.transport) || self.transport == ''Geneve'' + || has(oldSelf.transport)' + - message: transport may not be removed once set + rule: '!has(oldSelf.transport) || has(self.transport)' + - message: noOverlayConfig may not be removed once set + rule: '!has(oldSelf.noOverlayConfig) || has(self.noOverlayConfig)' type: description: |- type is the type of network diff --git a/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-Default.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-Default.crd.yaml index 2e65e97c84d..58dcee7c304 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-Default.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-Default.crd.yaml @@ -46,6 +46,98 @@ spec: description: spec is the specification of the desired behavior of the Machine Config Operator properties: + bootImageSkewEnforcement: + description: |- + bootImageSkewEnforcement allows an admin to configure how boot image version skew is + enforced on the cluster. + When omitted, this will default to Automatic for clusters that support automatic boot image updates. + For clusters that do not support automatic boot image updates, cluster upgrades will be disabled until + a skew enforcement mode has been specified. + When version skew is being enforced, cluster upgrades will be disabled until the version skew is deemed + acceptable for the current release payload. + properties: + manual: + description: |- + manual describes the current boot image of the cluster. + This should be set to the oldest boot image used amongst all machine resources in the cluster. + This must include either the RHCOS version of the boot image or the OCP release version which shipped with that + RHCOS boot image. + Required when mode is set to "Manual" and forbidden otherwise. + properties: + mode: + description: |- + mode is used to configure which boot image field is defined in Manual mode. + Valid values are OCPVersion and RHCOSVersion. + OCPVersion means that the cluster admin is expected to set the OCP version associated with the last boot image update + in the OCPVersion field. + RHCOSVersion means that the cluster admin is expected to set the RHCOS version associated with the last boot image update + in the RHCOSVersion field. + This field is required. + enum: + - OCPVersion + - RHCOSVersion + type: string + ocpVersion: + description: |- + ocpVersion provides a string which represents the OCP version of the boot image. + This field must match the OCP semver compatible format of x.y.z. This field must be between + 5 and 10 characters long. + Required when mode is set to "OCPVersion" and forbidden otherwise. + maxLength: 10 + minLength: 5 + type: string + x-kubernetes-validations: + - message: ocpVersion must match the OCP semver compatible + format of x.y.z + rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') + rhcosVersion: + description: |- + rhcosVersion provides a string which represents the RHCOS version of the boot image + This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy + format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between + 14 and 21 characters long. + Required when mode is set to "RHCOSVersion" and forbidden otherwise. + maxLength: 21 + minLength: 14 + type: string + x-kubernetes-validations: + - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] + or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] + rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') + required: + - mode + type: object + x-kubernetes-validations: + - message: ocpVersion is required when mode is OCPVersion, and + forbidden otherwise + rule: 'has(self.mode) && (self.mode ==''OCPVersion'') ? has(self.ocpVersion) + : !has(self.ocpVersion)' + - message: rhcosVersion is required when mode is RHCOSVersion, + and forbidden otherwise + rule: 'has(self.mode) && (self.mode ==''RHCOSVersion'') ? has(self.rhcosVersion) + : !has(self.rhcosVersion)' + mode: + description: |- + mode determines the underlying behavior of skew enforcement mechanism. + Valid values are Manual and None. + Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP + & RHCOS version associated with the last boot image update in the manual field. + In Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the + skew limit described by the release image. + None means that the MCO will no longer monitor the boot image skew. This may affect + the cluster's ability to scale. + This field is required. + enum: + - Manual + - None + type: string + required: + - mode + type: object + x-kubernetes-validations: + - message: manual is required when mode is Manual, and forbidden otherwise + rule: 'has(self.mode) && (self.mode ==''Manual'') ? has(self.manual) + : !has(self.manual)' failedRevisionLimit: description: |- failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api @@ -657,6 +749,140 @@ spec: description: status is the most recently observed status of the Machine Config Operator properties: + bootImageSkewEnforcementStatus: + description: |- + bootImageSkewEnforcementStatus reflects what the latest cluster-validated boot image skew enforcement + configuration is and will be used by Machine Config Controller while performing boot image skew enforcement. + When omitted, the MCO has no knowledge of how to enforce boot image skew. When the MCO does not know how + boot image skew should be enforced, cluster upgrades will be blocked until it can either automatically + determine skew enforcement or there is an explicit skew enforcement configuration provided in the + spec.bootImageSkewEnforcement field. + properties: + automatic: + description: |- + automatic describes the current boot image of the cluster. + This will be populated by the MCO when performing boot image updates. This value will be compared against + the cluster's skew limit to determine skew compliance. + Required when mode is set to "Automatic" and forbidden otherwise. + minProperties: 1 + properties: + ocpVersion: + description: |- + ocpVersion provides a string which represents the OCP version of the boot image. + This field must match the OCP semver compatible format of x.y.z. This field must be between + 5 and 10 characters long. + maxLength: 10 + minLength: 5 + type: string + x-kubernetes-validations: + - message: ocpVersion must match the OCP semver compatible + format of x.y.z + rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') + rhcosVersion: + description: |- + rhcosVersion provides a string which represents the RHCOS version of the boot image + This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy + format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between + 14 and 21 characters long. + maxLength: 21 + minLength: 14 + type: string + x-kubernetes-validations: + - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] + or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] + rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') + type: object + x-kubernetes-validations: + - message: at least one of ocpVersion or rhcosVersion is required + rule: has(self.ocpVersion) || has(self.rhcosVersion) + manual: + description: |- + manual describes the current boot image of the cluster. + This will be populated by the MCO using the values provided in the spec.bootImageSkewEnforcement.manual field. + This value will be compared against the cluster's skew limit to determine skew compliance. + Required when mode is set to "Manual" and forbidden otherwise. + properties: + mode: + description: |- + mode is used to configure which boot image field is defined in Manual mode. + Valid values are OCPVersion and RHCOSVersion. + OCPVersion means that the cluster admin is expected to set the OCP version associated with the last boot image update + in the OCPVersion field. + RHCOSVersion means that the cluster admin is expected to set the RHCOS version associated with the last boot image update + in the RHCOSVersion field. + This field is required. + enum: + - OCPVersion + - RHCOSVersion + type: string + ocpVersion: + description: |- + ocpVersion provides a string which represents the OCP version of the boot image. + This field must match the OCP semver compatible format of x.y.z. This field must be between + 5 and 10 characters long. + Required when mode is set to "OCPVersion" and forbidden otherwise. + maxLength: 10 + minLength: 5 + type: string + x-kubernetes-validations: + - message: ocpVersion must match the OCP semver compatible + format of x.y.z + rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') + rhcosVersion: + description: |- + rhcosVersion provides a string which represents the RHCOS version of the boot image + This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy + format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between + 14 and 21 characters long. + Required when mode is set to "RHCOSVersion" and forbidden otherwise. + maxLength: 21 + minLength: 14 + type: string + x-kubernetes-validations: + - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] + or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] + rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') + required: + - mode + type: object + x-kubernetes-validations: + - message: ocpVersion is required when mode is OCPVersion, and + forbidden otherwise + rule: 'has(self.mode) && (self.mode ==''OCPVersion'') ? has(self.ocpVersion) + : !has(self.ocpVersion)' + - message: rhcosVersion is required when mode is RHCOSVersion, + and forbidden otherwise + rule: 'has(self.mode) && (self.mode ==''RHCOSVersion'') ? has(self.rhcosVersion) + : !has(self.rhcosVersion)' + mode: + description: |- + mode determines the underlying behavior of skew enforcement mechanism. + Valid values are Automatic, Manual and None. + Automatic means that the MCO will perform boot image updates and store the + OCP & RHCOS version associated with the last boot image update in the automatic field. + Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP + & RHCOS version associated with the last boot image update in the manual field. + In Automatic and Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the + skew limit described by the release image. + None means that the MCO will no longer monitor the boot image skew. This may affect + the cluster's ability to scale. + This field is required. + enum: + - Automatic + - Manual + - None + type: string + required: + - mode + type: object + x-kubernetes-validations: + - message: automatic is required when mode is Automatic, and forbidden + otherwise + rule: 'has(self.mode) && (self.mode == ''Automatic'') ? has(self.automatic) + : !has(self.automatic)' + - message: manual is required when mode is Manual, and forbidden otherwise + rule: 'has(self.mode) && (self.mode == ''Manual'') ? has(self.manual) + : !has(self.manual)' conditions: description: conditions is a list of conditions and their status items: @@ -1259,6 +1485,32 @@ spec: required: - spec type: object + x-kubernetes-validations: + - message: when skew enforcement is in Automatic mode, a boot image configuration + is required + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? self.?spec.managedBootImages.hasValue() || self.?status.managedBootImagesStatus.hasValue() + : true' + - message: when skew enforcement is in Automatic mode, managedBootImages.machineManagers + must not be an empty list + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || size(self.spec.managedBootImages.machineManagers) + > 0 : true' + - message: when skew enforcement is in Automatic mode, any MachineAPI MachineSet + MachineManager must use selection mode 'All' + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || !self.spec.managedBootImages.machineManagers.exists(m, + m.resource == ''machinesets'' && m.apiGroup == ''machine.openshift.io'') + || self.spec.managedBootImages.machineManagers.exists(m, m.resource == + ''machinesets'' && m.apiGroup == ''machine.openshift.io'' && m.selection.mode + == ''All'') : true' + - message: when skew enforcement is in Automatic mode, managedBootImagesStatus + must contain a MachineManager opting in all MachineAPI MachineSets + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? !(self.?status.managedBootImagesStatus.machineManagers.hasValue()) || + self.status.managedBootImagesStatus.machineManagers.exists(m, m.selection.mode + == ''All'' && m.resource == ''machinesets'' && m.apiGroup == ''machine.openshift.io''): + true' served: true storage: true subresources: diff --git a/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-OKD.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-OKD.crd.yaml index 1d160022849..eaffd23a329 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-OKD.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_80_machine-config_01_machineconfigurations-OKD.crd.yaml @@ -46,6 +46,98 @@ spec: description: spec is the specification of the desired behavior of the Machine Config Operator properties: + bootImageSkewEnforcement: + description: |- + bootImageSkewEnforcement allows an admin to configure how boot image version skew is + enforced on the cluster. + When omitted, this will default to Automatic for clusters that support automatic boot image updates. + For clusters that do not support automatic boot image updates, cluster upgrades will be disabled until + a skew enforcement mode has been specified. + When version skew is being enforced, cluster upgrades will be disabled until the version skew is deemed + acceptable for the current release payload. + properties: + manual: + description: |- + manual describes the current boot image of the cluster. + This should be set to the oldest boot image used amongst all machine resources in the cluster. + This must include either the RHCOS version of the boot image or the OCP release version which shipped with that + RHCOS boot image. + Required when mode is set to "Manual" and forbidden otherwise. + properties: + mode: + description: |- + mode is used to configure which boot image field is defined in Manual mode. + Valid values are OCPVersion and RHCOSVersion. + OCPVersion means that the cluster admin is expected to set the OCP version associated with the last boot image update + in the OCPVersion field. + RHCOSVersion means that the cluster admin is expected to set the RHCOS version associated with the last boot image update + in the RHCOSVersion field. + This field is required. + enum: + - OCPVersion + - RHCOSVersion + type: string + ocpVersion: + description: |- + ocpVersion provides a string which represents the OCP version of the boot image. + This field must match the OCP semver compatible format of x.y.z. This field must be between + 5 and 10 characters long. + Required when mode is set to "OCPVersion" and forbidden otherwise. + maxLength: 10 + minLength: 5 + type: string + x-kubernetes-validations: + - message: ocpVersion must match the OCP semver compatible + format of x.y.z + rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') + rhcosVersion: + description: |- + rhcosVersion provides a string which represents the RHCOS version of the boot image + This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy + format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between + 14 and 21 characters long. + Required when mode is set to "RHCOSVersion" and forbidden otherwise. + maxLength: 21 + minLength: 14 + type: string + x-kubernetes-validations: + - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] + or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] + rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') + required: + - mode + type: object + x-kubernetes-validations: + - message: ocpVersion is required when mode is OCPVersion, and + forbidden otherwise + rule: 'has(self.mode) && (self.mode ==''OCPVersion'') ? has(self.ocpVersion) + : !has(self.ocpVersion)' + - message: rhcosVersion is required when mode is RHCOSVersion, + and forbidden otherwise + rule: 'has(self.mode) && (self.mode ==''RHCOSVersion'') ? has(self.rhcosVersion) + : !has(self.rhcosVersion)' + mode: + description: |- + mode determines the underlying behavior of skew enforcement mechanism. + Valid values are Manual and None. + Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP + & RHCOS version associated with the last boot image update in the manual field. + In Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the + skew limit described by the release image. + None means that the MCO will no longer monitor the boot image skew. This may affect + the cluster's ability to scale. + This field is required. + enum: + - Manual + - None + type: string + required: + - mode + type: object + x-kubernetes-validations: + - message: manual is required when mode is Manual, and forbidden otherwise + rule: 'has(self.mode) && (self.mode ==''Manual'') ? has(self.manual) + : !has(self.manual)' failedRevisionLimit: description: |- failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api @@ -657,6 +749,140 @@ spec: description: status is the most recently observed status of the Machine Config Operator properties: + bootImageSkewEnforcementStatus: + description: |- + bootImageSkewEnforcementStatus reflects what the latest cluster-validated boot image skew enforcement + configuration is and will be used by Machine Config Controller while performing boot image skew enforcement. + When omitted, the MCO has no knowledge of how to enforce boot image skew. When the MCO does not know how + boot image skew should be enforced, cluster upgrades will be blocked until it can either automatically + determine skew enforcement or there is an explicit skew enforcement configuration provided in the + spec.bootImageSkewEnforcement field. + properties: + automatic: + description: |- + automatic describes the current boot image of the cluster. + This will be populated by the MCO when performing boot image updates. This value will be compared against + the cluster's skew limit to determine skew compliance. + Required when mode is set to "Automatic" and forbidden otherwise. + minProperties: 1 + properties: + ocpVersion: + description: |- + ocpVersion provides a string which represents the OCP version of the boot image. + This field must match the OCP semver compatible format of x.y.z. This field must be between + 5 and 10 characters long. + maxLength: 10 + minLength: 5 + type: string + x-kubernetes-validations: + - message: ocpVersion must match the OCP semver compatible + format of x.y.z + rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') + rhcosVersion: + description: |- + rhcosVersion provides a string which represents the RHCOS version of the boot image + This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy + format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between + 14 and 21 characters long. + maxLength: 21 + minLength: 14 + type: string + x-kubernetes-validations: + - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] + or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] + rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') + type: object + x-kubernetes-validations: + - message: at least one of ocpVersion or rhcosVersion is required + rule: has(self.ocpVersion) || has(self.rhcosVersion) + manual: + description: |- + manual describes the current boot image of the cluster. + This will be populated by the MCO using the values provided in the spec.bootImageSkewEnforcement.manual field. + This value will be compared against the cluster's skew limit to determine skew compliance. + Required when mode is set to "Manual" and forbidden otherwise. + properties: + mode: + description: |- + mode is used to configure which boot image field is defined in Manual mode. + Valid values are OCPVersion and RHCOSVersion. + OCPVersion means that the cluster admin is expected to set the OCP version associated with the last boot image update + in the OCPVersion field. + RHCOSVersion means that the cluster admin is expected to set the RHCOS version associated with the last boot image update + in the RHCOSVersion field. + This field is required. + enum: + - OCPVersion + - RHCOSVersion + type: string + ocpVersion: + description: |- + ocpVersion provides a string which represents the OCP version of the boot image. + This field must match the OCP semver compatible format of x.y.z. This field must be between + 5 and 10 characters long. + Required when mode is set to "OCPVersion" and forbidden otherwise. + maxLength: 10 + minLength: 5 + type: string + x-kubernetes-validations: + - message: ocpVersion must match the OCP semver compatible + format of x.y.z + rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') + rhcosVersion: + description: |- + rhcosVersion provides a string which represents the RHCOS version of the boot image + This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy + format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between + 14 and 21 characters long. + Required when mode is set to "RHCOSVersion" and forbidden otherwise. + maxLength: 21 + minLength: 14 + type: string + x-kubernetes-validations: + - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] + or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] + rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') + required: + - mode + type: object + x-kubernetes-validations: + - message: ocpVersion is required when mode is OCPVersion, and + forbidden otherwise + rule: 'has(self.mode) && (self.mode ==''OCPVersion'') ? has(self.ocpVersion) + : !has(self.ocpVersion)' + - message: rhcosVersion is required when mode is RHCOSVersion, + and forbidden otherwise + rule: 'has(self.mode) && (self.mode ==''RHCOSVersion'') ? has(self.rhcosVersion) + : !has(self.rhcosVersion)' + mode: + description: |- + mode determines the underlying behavior of skew enforcement mechanism. + Valid values are Automatic, Manual and None. + Automatic means that the MCO will perform boot image updates and store the + OCP & RHCOS version associated with the last boot image update in the automatic field. + Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP + & RHCOS version associated with the last boot image update in the manual field. + In Automatic and Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the + skew limit described by the release image. + None means that the MCO will no longer monitor the boot image skew. This may affect + the cluster's ability to scale. + This field is required. + enum: + - Automatic + - Manual + - None + type: string + required: + - mode + type: object + x-kubernetes-validations: + - message: automatic is required when mode is Automatic, and forbidden + otherwise + rule: 'has(self.mode) && (self.mode == ''Automatic'') ? has(self.automatic) + : !has(self.automatic)' + - message: manual is required when mode is Manual, and forbidden otherwise + rule: 'has(self.mode) && (self.mode == ''Manual'') ? has(self.manual) + : !has(self.manual)' conditions: description: conditions is a list of conditions and their status items: @@ -1259,6 +1485,32 @@ spec: required: - spec type: object + x-kubernetes-validations: + - message: when skew enforcement is in Automatic mode, a boot image configuration + is required + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? self.?spec.managedBootImages.hasValue() || self.?status.managedBootImagesStatus.hasValue() + : true' + - message: when skew enforcement is in Automatic mode, managedBootImages.machineManagers + must not be an empty list + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || size(self.spec.managedBootImages.machineManagers) + > 0 : true' + - message: when skew enforcement is in Automatic mode, any MachineAPI MachineSet + MachineManager must use selection mode 'All' + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || !self.spec.managedBootImages.machineManagers.exists(m, + m.resource == ''machinesets'' && m.apiGroup == ''machine.openshift.io'') + || self.spec.managedBootImages.machineManagers.exists(m, m.resource == + ''machinesets'' && m.apiGroup == ''machine.openshift.io'' && m.selection.mode + == ''All'') : true' + - message: when skew enforcement is in Automatic mode, managedBootImagesStatus + must contain a MachineManager opting in all MachineAPI MachineSets + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? !(self.?status.managedBootImagesStatus.machineManagers.hasValue()) || + self.status.managedBootImagesStatus.machineManagers.exists(m, m.selection.mode + == ''All'' && m.resource == ''machinesets'' && m.apiGroup == ''machine.openshift.io''): + true' served: true storage: true subresources: diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml index 9c6194b3864..725b2c66f68 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml @@ -292,6 +292,42 @@ spec: type: array x-kubernetes-list-type: atomic type: object + tlsAdherence: + description: |- + tlsAdherence controls if components in the cluster adhere to the TLS security profile + configured on this APIServer resource. + + Valid values are "LegacyAdheringComponentsOnly" and "StrictAllComponents". + + When set to "LegacyAdheringComponentsOnly", components that already honor the + cluster-wide TLS profile continue to do so. Components that do not already honor + it continue to use their individual TLS configurations. + + When set to "StrictAllComponents", all components must honor the configured TLS + profile unless they have a component-specific TLS configuration that overrides + it. This mode is recommended for security-conscious deployments and is required + for certain compliance frameworks. + + Note: Some components such as Kubelet and IngressController have their own + dedicated TLS configuration mechanisms via KubeletConfig and IngressController + CRs respectively. When these component-specific TLS configurations are set, + they take precedence over the cluster-wide tlsSecurityProfile. When not set, + these components fall back to the cluster-wide default. + + Components that encounter an unknown value for tlsAdherence should treat it + as "StrictAllComponents" and log a warning to ensure forward compatibility + while defaulting to the more secure behavior. + + This field is optional. + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default is LegacyAdheringComponentsOnly. + + Once set, this field may be changed to a different value, but may not be removed. + enum: + - LegacyAdheringComponentsOnly + - StrictAllComponents + type: string tlsSecurityProfile: description: |- tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. @@ -469,6 +505,9 @@ spec: type: string type: object type: object + x-kubernetes-validations: + - message: tlsAdherence may not be removed once set + rule: 'has(oldSelf.tlsAdherence) ? has(self.tlsAdherence) : true' status: description: status holds observed values from the cluster. They may not be overridden. diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml index 4e977b3bac8..33c7fa21e73 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml @@ -224,6 +224,42 @@ spec: type: array x-kubernetes-list-type: atomic type: object + tlsAdherence: + description: |- + tlsAdherence controls if components in the cluster adhere to the TLS security profile + configured on this APIServer resource. + + Valid values are "LegacyAdheringComponentsOnly" and "StrictAllComponents". + + When set to "LegacyAdheringComponentsOnly", components that already honor the + cluster-wide TLS profile continue to do so. Components that do not already honor + it continue to use their individual TLS configurations. + + When set to "StrictAllComponents", all components must honor the configured TLS + profile unless they have a component-specific TLS configuration that overrides + it. This mode is recommended for security-conscious deployments and is required + for certain compliance frameworks. + + Note: Some components such as Kubelet and IngressController have their own + dedicated TLS configuration mechanisms via KubeletConfig and IngressController + CRs respectively. When these component-specific TLS configurations are set, + they take precedence over the cluster-wide tlsSecurityProfile. When not set, + these components fall back to the cluster-wide default. + + Components that encounter an unknown value for tlsAdherence should treat it + as "StrictAllComponents" and log a warning to ensure forward compatibility + while defaulting to the more secure behavior. + + This field is optional. + When omitted, this means the user has no opinion and the platform is left + to choose reasonable defaults. These defaults are subject to change over time. + The current default is LegacyAdheringComponentsOnly. + + Once set, this field may be changed to a different value, but may not be removed. + enum: + - LegacyAdheringComponentsOnly + - StrictAllComponents + type: string tlsSecurityProfile: description: |- tlsSecurityProfile specifies settings for TLS connections for externally exposed servers. @@ -401,6 +437,9 @@ spec: type: string type: object type: object + x-kubernetes-validations: + - message: tlsAdherence may not be removed once set + rule: 'has(oldSelf.tlsAdherence) ? has(self.tlsAdherence) : true' status: description: status holds observed values from the cluster. They may not be overridden. diff --git a/payload-manifests/crds/0000_10_config-operator_01_dnses-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_dnses-DevPreviewNoUpgrade.crd.yaml index 282c6b30021..f2d9157713a 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_dnses-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_dnses-DevPreviewNoUpgrade.crd.yaml @@ -81,7 +81,7 @@ spec: x-kubernetes-validations: - message: 'privateZoneIAMRole must be a valid AWS IAM role ARN in the format: arn::iam:::role/' - rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role/.*$') + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role/.*$') type: object type: description: |- diff --git a/payload-manifests/crds/0000_10_config-operator_01_dnses-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_dnses-TechPreviewNoUpgrade.crd.yaml index e7b1af06326..ce4e9b77f01 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_dnses-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_dnses-TechPreviewNoUpgrade.crd.yaml @@ -81,7 +81,7 @@ spec: x-kubernetes-validations: - message: 'privateZoneIAMRole must be a valid AWS IAM role ARN in the format: arn::iam:::role/' - rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role/.*$') + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role/.*$') type: object type: description: |- diff --git a/payload-manifests/crds/0000_10_config-operator_01_infrastructures-Default.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_infrastructures-Default.crd.yaml index 9c9cfb6fe37..cc7fe5e2a2e 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_infrastructures-Default.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_infrastructures-Default.crd.yaml @@ -828,6 +828,17 @@ spec: - topology - zone type: object + x-kubernetes-validations: + - message: when zoneAffinity type is HostGroup, regionAffinity + type must be ComputeCluster + rule: 'has(self.zoneAffinity) && self.zoneAffinity.type + == ''HostGroup'' ? has(self.regionAffinity) && self.regionAffinity.type + == ''ComputeCluster'' : true' + - message: when zoneAffinity type is ComputeCluster, regionAffinity + type must be Datacenter + rule: 'has(self.zoneAffinity) && self.zoneAffinity.type + == ''ComputeCluster'' ? has(self.regionAffinity) && + self.regionAffinity.type == ''Datacenter'' : true' type: array x-kubernetes-list-map-keys: - name diff --git a/payload-manifests/crds/0000_10_config-operator_01_infrastructures-OKD.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_infrastructures-OKD.crd.yaml index 029cbc3f16b..5a105a3c9b0 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_infrastructures-OKD.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_infrastructures-OKD.crd.yaml @@ -828,6 +828,17 @@ spec: - topology - zone type: object + x-kubernetes-validations: + - message: when zoneAffinity type is HostGroup, regionAffinity + type must be ComputeCluster + rule: 'has(self.zoneAffinity) && self.zoneAffinity.type + == ''HostGroup'' ? has(self.regionAffinity) && self.regionAffinity.type + == ''ComputeCluster'' : true' + - message: when zoneAffinity type is ComputeCluster, regionAffinity + type must be Datacenter + rule: 'has(self.zoneAffinity) && self.zoneAffinity.type + == ''ComputeCluster'' ? has(self.regionAffinity) && + self.regionAffinity.type == ''Datacenter'' : true' type: array x-kubernetes-list-map-keys: - name diff --git a/payload-manifests/crds/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml index cba799b53d1..a03dd7d88db 100644 --- a/payload-manifests/crds/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_50_csi-driver_01_clustercsidrivers-DevPreviewNoUpgrade.crd.yaml @@ -135,7 +135,7 @@ spec: x-kubernetes-validations: - message: 'kmsKeyARN must be a valid AWS KMS key ARN in the format: arn::kms:::(key|alias)/' - rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.*$') + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f|aws-eusc):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.*$') type: object azure: description: azure is used to configure the Azure CSI driver. diff --git a/payload-manifests/crds/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml index b81cb645a36..3dc68028e00 100644 --- a/payload-manifests/crds/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_50_csi-driver_01_clustercsidrivers-TechPreviewNoUpgrade.crd.yaml @@ -135,7 +135,7 @@ spec: x-kubernetes-validations: - message: 'kmsKeyARN must be a valid AWS KMS key ARN in the format: arn::kms:::(key|alias)/' - rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.*$') + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f|aws-eusc):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)/.*$') type: object azure: description: azure is used to configure the Azure CSI driver. diff --git a/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml index 7402413ec5c..8d918545b29 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-DevPreviewNoUpgrade.crd.yaml @@ -53,6 +53,137 @@ spec: description: containerRuntimeConfig defines the tuneables of the container runtime. properties: + additionalArtifactStores: + description: |- + additionalArtifactStores configures additional read-only artifact storage locations for Open Container Initiative (OCI) artifacts. + + Artifacts are checked in order: additional stores first, then the default location (/var/lib/containers/storage/artifacts). + Stores are read-only. + Maximum of 10 stores allowed. + Each path must be unique. + + When omitted, only the default artifact location is used. + When specified, at least one store must be provided. + items: + description: AdditionalArtifactStore defines an additional read-only + storage location for Open Container Initiative (OCI) artifacts. + properties: + path: + description: |- + path specifies the absolute location of the additional artifact store. + The path must exist on the node before configuration is applied. + When an artifact is requested, artifacts found at this location will be used instead of + retrieving from the registry. + The path is required and must be between 1 and 256 characters long, begin with a forward slash, + and only contain the characters a-z, A-Z, 0-9, '/', '.', '_', and '-'. + Consecutive forward slashes are not permitted. + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + - message: path must not contain consecutive forward slashes + rule: '!self.contains(''//'')' + required: + - path + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalArtifactStores must not contain duplicate + paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + additionalImageStores: + description: |- + additionalImageStores configures additional read-only container image store locations for Open Container Initiative (OCI) images. + + Images are checked in order: additional stores first, then the default location. + Stores are read-only. + Maximum of 10 stores allowed. + Each path must be unique. + + When omitted, only the default image location is used. + When specified, at least one store must be provided. + items: + description: AdditionalImageStore defines an additional read-only + storage location for Open Container Initiative (OCI) images. + properties: + path: + description: |- + path specifies the absolute location of the additional image store. + The path must exist on the node before configuration is applied. + When a container image is requested, images found at this location will be used instead of + retrieving from the registry. + The path is required and must be between 1 and 256 characters long, begin with a forward slash, + and only contain the characters a-z, A-Z, 0-9, '/', '.', '_', and '-'. + Consecutive forward slashes are not permitted. + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + - message: path must not contain consecutive forward slashes + rule: '!self.contains(''//'')' + required: + - path + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalImageStores must not contain duplicate paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + additionalLayerStores: + description: |- + additionalLayerStores configures additional read-only container image layer store locations for Open Container Initiative (OCI) images. + + Layers are checked in order: additional stores first, then the default location. + Stores are read-only. + Maximum of 5 stores allowed. + Each path must be unique. + + When omitted, only the default layer location is used. + When specified, at least one store must be provided. + items: + description: AdditionalLayerStore defines a read-only storage + location for Open Container Initiative (OCI) container image + layers. + properties: + path: + description: |- + path specifies the absolute location of the additional layer store. + The path must exist on the node before configuration is applied. + When a container image is requested, layers found at this location will be used instead of + retrieving from the registry. + The path is required and must be between 1 and 256 characters long, begin with a forward slash, + and only contain the characters a-z, A-Z, 0-9, '/', '.', '_', and '-'. + Consecutive forward slashes are not permitted. + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + - message: path must not contain consecutive forward slashes + rule: '!self.contains(''//'')' + required: + - path + type: object + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalLayerStores must not contain duplicate paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) defaultRuntime: description: |- defaultRuntime is the name of the OCI runtime to be used as the default for containers. diff --git a/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml index 7b0902f8488..27a0cb3c173 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_containerruntimeconfigs-TechPreviewNoUpgrade.crd.yaml @@ -53,6 +53,137 @@ spec: description: containerRuntimeConfig defines the tuneables of the container runtime. properties: + additionalArtifactStores: + description: |- + additionalArtifactStores configures additional read-only artifact storage locations for Open Container Initiative (OCI) artifacts. + + Artifacts are checked in order: additional stores first, then the default location (/var/lib/containers/storage/artifacts). + Stores are read-only. + Maximum of 10 stores allowed. + Each path must be unique. + + When omitted, only the default artifact location is used. + When specified, at least one store must be provided. + items: + description: AdditionalArtifactStore defines an additional read-only + storage location for Open Container Initiative (OCI) artifacts. + properties: + path: + description: |- + path specifies the absolute location of the additional artifact store. + The path must exist on the node before configuration is applied. + When an artifact is requested, artifacts found at this location will be used instead of + retrieving from the registry. + The path is required and must be between 1 and 256 characters long, begin with a forward slash, + and only contain the characters a-z, A-Z, 0-9, '/', '.', '_', and '-'. + Consecutive forward slashes are not permitted. + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + - message: path must not contain consecutive forward slashes + rule: '!self.contains(''//'')' + required: + - path + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalArtifactStores must not contain duplicate + paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + additionalImageStores: + description: |- + additionalImageStores configures additional read-only container image store locations for Open Container Initiative (OCI) images. + + Images are checked in order: additional stores first, then the default location. + Stores are read-only. + Maximum of 10 stores allowed. + Each path must be unique. + + When omitted, only the default image location is used. + When specified, at least one store must be provided. + items: + description: AdditionalImageStore defines an additional read-only + storage location for Open Container Initiative (OCI) images. + properties: + path: + description: |- + path specifies the absolute location of the additional image store. + The path must exist on the node before configuration is applied. + When a container image is requested, images found at this location will be used instead of + retrieving from the registry. + The path is required and must be between 1 and 256 characters long, begin with a forward slash, + and only contain the characters a-z, A-Z, 0-9, '/', '.', '_', and '-'. + Consecutive forward slashes are not permitted. + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + - message: path must not contain consecutive forward slashes + rule: '!self.contains(''//'')' + required: + - path + type: object + maxItems: 10 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalImageStores must not contain duplicate paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) + additionalLayerStores: + description: |- + additionalLayerStores configures additional read-only container image layer store locations for Open Container Initiative (OCI) images. + + Layers are checked in order: additional stores first, then the default location. + Stores are read-only. + Maximum of 5 stores allowed. + Each path must be unique. + + When omitted, only the default layer location is used. + When specified, at least one store must be provided. + items: + description: AdditionalLayerStore defines a read-only storage + location for Open Container Initiative (OCI) container image + layers. + properties: + path: + description: |- + path specifies the absolute location of the additional layer store. + The path must exist on the node before configuration is applied. + When a container image is requested, layers found at this location will be used instead of + retrieving from the registry. + The path is required and must be between 1 and 256 characters long, begin with a forward slash, + and only contain the characters a-z, A-Z, 0-9, '/', '.', '_', and '-'. + Consecutive forward slashes are not permitted. + maxLength: 256 + minLength: 1 + type: string + x-kubernetes-validations: + - message: path must be absolute and contain only alphanumeric + characters, '/', '.', '_', and '-' + rule: self.matches('^/[a-zA-Z0-9/._-]+$') + - message: path must not contain consecutive forward slashes + rule: '!self.contains(''//'')' + required: + - path + type: object + maxItems: 5 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + x-kubernetes-validations: + - message: additionalLayerStores must not contain duplicate paths + rule: self.all(x, self.exists_one(y, x.path == y.path)) defaultRuntime: description: |- defaultRuntime is the name of the OCI runtime to be used as the default for containers. diff --git a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml index 2b285e0e9c4..d6ebfd67ce5 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-Default.crd.yaml @@ -1119,6 +1119,19 @@ spec: - topology - zone type: object + x-kubernetes-validations: + - message: when zoneAffinity type is HostGroup, + regionAffinity type must be ComputeCluster + rule: 'has(self.zoneAffinity) && self.zoneAffinity.type + == ''HostGroup'' ? has(self.regionAffinity) + && self.regionAffinity.type == ''ComputeCluster'' + : true' + - message: when zoneAffinity type is ComputeCluster, + regionAffinity type must be Datacenter + rule: 'has(self.zoneAffinity) && self.zoneAffinity.type + == ''ComputeCluster'' ? has(self.regionAffinity) + && self.regionAffinity.type == ''Datacenter'' + : true' type: array x-kubernetes-list-map-keys: - name diff --git a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml index 76b336e4077..0ae7a36d13f 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-DevPreviewNoUpgrade.crd.yaml @@ -137,7 +137,7 @@ spec: x-kubernetes-validations: - message: 'privateZoneIAMRole must be a valid AWS IAM role ARN in the format: arn::iam:::role/' - rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role/.*$') + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role/.*$') type: object type: description: |- diff --git a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml index a30c0002fe5..512510c2092 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-OKD.crd.yaml @@ -1119,6 +1119,19 @@ spec: - topology - zone type: object + x-kubernetes-validations: + - message: when zoneAffinity type is HostGroup, + regionAffinity type must be ComputeCluster + rule: 'has(self.zoneAffinity) && self.zoneAffinity.type + == ''HostGroup'' ? has(self.regionAffinity) + && self.regionAffinity.type == ''ComputeCluster'' + : true' + - message: when zoneAffinity type is ComputeCluster, + regionAffinity type must be Datacenter + rule: 'has(self.zoneAffinity) && self.zoneAffinity.type + == ''ComputeCluster'' ? has(self.regionAffinity) + && self.regionAffinity.type == ''Datacenter'' + : true' type: array x-kubernetes-list-map-keys: - name diff --git a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml index 603971241b1..99cb62c6039 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_controllerconfigs-TechPreviewNoUpgrade.crd.yaml @@ -137,7 +137,7 @@ spec: x-kubernetes-validations: - message: 'privateZoneIAMRole must be a valid AWS IAM role ARN in the format: arn::iam:::role/' - rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role/.*$') + rule: matches(self, '^arn:(aws|aws-cn|aws-us-gov|aws-eusc):iam::[0-9]{12}:role/.*$') type: object type: description: |- diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml index 67dd0d7d9bc..38d52fa9233 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml @@ -48,22 +48,37 @@ spec: description: spec contains the desired kubelet configuration. properties: autoSizingReserved: + description: |- + autoSizingReserved controls whether system-reserved CPU and memory are automatically + calculated based on each node's installed capacity. When set to true, this prevents node failure + from resource starvation of system components (kubelet, CRI-O) without manual configuration. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, + which is subject to change over time. The current default is true for worker nodes and false for control plane nodes. + When set to false, automatic resource reservation is disabled and manual settings must be configured. type: boolean kubeletConfig: description: |- - kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by - OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from - upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes - for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable. + kubeletConfig contains upstream Kubernetes kubelet configuration fields. + Values are validated by the kubelet itself. Invalid values may render nodes unusable. + Refer to OpenShift documentation for the Kubernetes version corresponding to your + OpenShift release to find valid kubelet configuration options. type: object x-kubernetes-preserve-unknown-fields: true logLevel: + description: |- + logLevel sets the kubelet log verbosity, controlling the amount of detail in kubelet logs. + Valid values range from 0 (minimal logging) to 10 (maximum verbosity with trace-level detail). + Higher log levels may impact node performance. When omitted, the platform chooses a reasonable default, + which is subject to change over time. The current default is 2 (standard informational logging). format: int32 + maximum: 10 + minimum: 0 type: integer machineConfigPoolSelector: description: |- - machineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. - A nil selector will result in no pools being selected. + machineConfigPoolSelector selects which pools the KubeletConfig should apply to. + When omitted or set to an empty selector {}, no pools are selected, which is equivalent + to not matching any MachineConfigPool. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -110,9 +125,9 @@ spec: x-kubernetes-map-type: atomic tlsSecurityProfile: description: |- - If unset, the default is based on the apiservers.config.openshift.io/cluster resource. - Note that only Old and Intermediate profiles are currently supported, and - the maximum available minTLSVersion is VersionTLS12. + tlsSecurityProfile configures TLS settings for the kubelet. + When omitted, the TLS configuration defaults to the value from apiservers.config.openshift.io/cluster. + When specified, the type field can be set to either "Old", "Intermediate", "Modern", "Custom" or omitted for backward compatibility. properties: custom: description: |- diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml index dc63d4a2864..26c7c533e16 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml @@ -48,22 +48,37 @@ spec: description: spec contains the desired kubelet configuration. properties: autoSizingReserved: + description: |- + autoSizingReserved controls whether system-reserved CPU and memory are automatically + calculated based on each node's installed capacity. When set to true, this prevents node failure + from resource starvation of system components (kubelet, CRI-O) without manual configuration. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, + which is subject to change over time. The current default is true for worker nodes and false for control plane nodes. + When set to false, automatic resource reservation is disabled and manual settings must be configured. type: boolean kubeletConfig: description: |- - kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by - OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from - upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes - for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable. + kubeletConfig contains upstream Kubernetes kubelet configuration fields. + Values are validated by the kubelet itself. Invalid values may render nodes unusable. + Refer to OpenShift documentation for the Kubernetes version corresponding to your + OpenShift release to find valid kubelet configuration options. type: object x-kubernetes-preserve-unknown-fields: true logLevel: + description: |- + logLevel sets the kubelet log verbosity, controlling the amount of detail in kubelet logs. + Valid values range from 0 (minimal logging) to 10 (maximum verbosity with trace-level detail). + Higher log levels may impact node performance. When omitted, the platform chooses a reasonable default, + which is subject to change over time. The current default is 2 (standard informational logging). format: int32 + maximum: 10 + minimum: 0 type: integer machineConfigPoolSelector: description: |- - machineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. - A nil selector will result in no pools being selected. + machineConfigPoolSelector selects which pools the KubeletConfig should apply to. + When omitted or set to an empty selector {}, no pools are selected, which is equivalent + to not matching any MachineConfigPool. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -110,9 +125,9 @@ spec: x-kubernetes-map-type: atomic tlsSecurityProfile: description: |- - If unset, the default is based on the apiservers.config.openshift.io/cluster resource. - Note that only Old and Intermediate profiles are currently supported, and - the maximum available minTLSVersion is VersionTLS12. + tlsSecurityProfile configures TLS settings for the kubelet. + When omitted, the TLS configuration defaults to the value from apiservers.config.openshift.io/cluster. + When specified, the type field can be set to either "Old", "Intermediate", "Modern", "Custom" or omitted for backward compatibility. properties: custom: description: |- diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml index 72555642770..ec26eef6462 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml @@ -48,22 +48,37 @@ spec: description: spec contains the desired kubelet configuration. properties: autoSizingReserved: + description: |- + autoSizingReserved controls whether system-reserved CPU and memory are automatically + calculated based on each node's installed capacity. When set to true, this prevents node failure + from resource starvation of system components (kubelet, CRI-O) without manual configuration. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, + which is subject to change over time. The current default is true for worker nodes and false for control plane nodes. + When set to false, automatic resource reservation is disabled and manual settings must be configured. type: boolean kubeletConfig: description: |- - kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by - OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from - upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes - for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable. + kubeletConfig contains upstream Kubernetes kubelet configuration fields. + Values are validated by the kubelet itself. Invalid values may render nodes unusable. + Refer to OpenShift documentation for the Kubernetes version corresponding to your + OpenShift release to find valid kubelet configuration options. type: object x-kubernetes-preserve-unknown-fields: true logLevel: + description: |- + logLevel sets the kubelet log verbosity, controlling the amount of detail in kubelet logs. + Valid values range from 0 (minimal logging) to 10 (maximum verbosity with trace-level detail). + Higher log levels may impact node performance. When omitted, the platform chooses a reasonable default, + which is subject to change over time. The current default is 2 (standard informational logging). format: int32 + maximum: 10 + minimum: 0 type: integer machineConfigPoolSelector: description: |- - machineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. - A nil selector will result in no pools being selected. + machineConfigPoolSelector selects which pools the KubeletConfig should apply to. + When omitted or set to an empty selector {}, no pools are selected, which is equivalent + to not matching any MachineConfigPool. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -110,9 +125,9 @@ spec: x-kubernetes-map-type: atomic tlsSecurityProfile: description: |- - If unset, the default is based on the apiservers.config.openshift.io/cluster resource. - Note that only Old and Intermediate profiles are currently supported, and - the maximum available minTLSVersion is VersionTLS12. + tlsSecurityProfile configures TLS settings for the kubelet. + When omitted, the TLS configuration defaults to the value from apiservers.config.openshift.io/cluster. + When specified, the type field can be set to either "Old", "Intermediate", "Modern", "Custom" or omitted for backward compatibility. properties: custom: description: |- diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml index cd3d4dcf4f7..d1a389124fc 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml @@ -48,22 +48,37 @@ spec: description: spec contains the desired kubelet configuration. properties: autoSizingReserved: + description: |- + autoSizingReserved controls whether system-reserved CPU and memory are automatically + calculated based on each node's installed capacity. When set to true, this prevents node failure + from resource starvation of system components (kubelet, CRI-O) without manual configuration. + When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, + which is subject to change over time. The current default is true for worker nodes and false for control plane nodes. + When set to false, automatic resource reservation is disabled and manual settings must be configured. type: boolean kubeletConfig: description: |- - kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by - OpenShift of the upstream kubernetes. It's important to note that, since the fields of the kubelet configuration are directly fetched from - upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes - for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable. + kubeletConfig contains upstream Kubernetes kubelet configuration fields. + Values are validated by the kubelet itself. Invalid values may render nodes unusable. + Refer to OpenShift documentation for the Kubernetes version corresponding to your + OpenShift release to find valid kubelet configuration options. type: object x-kubernetes-preserve-unknown-fields: true logLevel: + description: |- + logLevel sets the kubelet log verbosity, controlling the amount of detail in kubelet logs. + Valid values range from 0 (minimal logging) to 10 (maximum verbosity with trace-level detail). + Higher log levels may impact node performance. When omitted, the platform chooses a reasonable default, + which is subject to change over time. The current default is 2 (standard informational logging). format: int32 + maximum: 10 + minimum: 0 type: integer machineConfigPoolSelector: description: |- - machineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. - A nil selector will result in no pools being selected. + machineConfigPoolSelector selects which pools the KubeletConfig should apply to. + When omitted or set to an empty selector {}, no pools are selected, which is equivalent + to not matching any MachineConfigPool. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. @@ -110,9 +125,9 @@ spec: x-kubernetes-map-type: atomic tlsSecurityProfile: description: |- - If unset, the default is based on the apiservers.config.openshift.io/cluster resource. - Note that only Old and Intermediate profiles are currently supported, and - the maximum available minTLSVersion is VersionTLS12. + tlsSecurityProfile configures TLS settings for the kubelet. + When omitted, the TLS configuration defaults to the value from apiservers.config.openshift.io/cluster. + When specified, the type field can be set to either "Old", "Intermediate", "Modern", "Custom" or omitted for backward compatibility. properties: custom: description: |- diff --git a/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-Default.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-Default.crd.yaml index 2e65e97c84d..58dcee7c304 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-Default.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-Default.crd.yaml @@ -46,6 +46,98 @@ spec: description: spec is the specification of the desired behavior of the Machine Config Operator properties: + bootImageSkewEnforcement: + description: |- + bootImageSkewEnforcement allows an admin to configure how boot image version skew is + enforced on the cluster. + When omitted, this will default to Automatic for clusters that support automatic boot image updates. + For clusters that do not support automatic boot image updates, cluster upgrades will be disabled until + a skew enforcement mode has been specified. + When version skew is being enforced, cluster upgrades will be disabled until the version skew is deemed + acceptable for the current release payload. + properties: + manual: + description: |- + manual describes the current boot image of the cluster. + This should be set to the oldest boot image used amongst all machine resources in the cluster. + This must include either the RHCOS version of the boot image or the OCP release version which shipped with that + RHCOS boot image. + Required when mode is set to "Manual" and forbidden otherwise. + properties: + mode: + description: |- + mode is used to configure which boot image field is defined in Manual mode. + Valid values are OCPVersion and RHCOSVersion. + OCPVersion means that the cluster admin is expected to set the OCP version associated with the last boot image update + in the OCPVersion field. + RHCOSVersion means that the cluster admin is expected to set the RHCOS version associated with the last boot image update + in the RHCOSVersion field. + This field is required. + enum: + - OCPVersion + - RHCOSVersion + type: string + ocpVersion: + description: |- + ocpVersion provides a string which represents the OCP version of the boot image. + This field must match the OCP semver compatible format of x.y.z. This field must be between + 5 and 10 characters long. + Required when mode is set to "OCPVersion" and forbidden otherwise. + maxLength: 10 + minLength: 5 + type: string + x-kubernetes-validations: + - message: ocpVersion must match the OCP semver compatible + format of x.y.z + rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') + rhcosVersion: + description: |- + rhcosVersion provides a string which represents the RHCOS version of the boot image + This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy + format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between + 14 and 21 characters long. + Required when mode is set to "RHCOSVersion" and forbidden otherwise. + maxLength: 21 + minLength: 14 + type: string + x-kubernetes-validations: + - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] + or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] + rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') + required: + - mode + type: object + x-kubernetes-validations: + - message: ocpVersion is required when mode is OCPVersion, and + forbidden otherwise + rule: 'has(self.mode) && (self.mode ==''OCPVersion'') ? has(self.ocpVersion) + : !has(self.ocpVersion)' + - message: rhcosVersion is required when mode is RHCOSVersion, + and forbidden otherwise + rule: 'has(self.mode) && (self.mode ==''RHCOSVersion'') ? has(self.rhcosVersion) + : !has(self.rhcosVersion)' + mode: + description: |- + mode determines the underlying behavior of skew enforcement mechanism. + Valid values are Manual and None. + Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP + & RHCOS version associated with the last boot image update in the manual field. + In Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the + skew limit described by the release image. + None means that the MCO will no longer monitor the boot image skew. This may affect + the cluster's ability to scale. + This field is required. + enum: + - Manual + - None + type: string + required: + - mode + type: object + x-kubernetes-validations: + - message: manual is required when mode is Manual, and forbidden otherwise + rule: 'has(self.mode) && (self.mode ==''Manual'') ? has(self.manual) + : !has(self.manual)' failedRevisionLimit: description: |- failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api @@ -657,6 +749,140 @@ spec: description: status is the most recently observed status of the Machine Config Operator properties: + bootImageSkewEnforcementStatus: + description: |- + bootImageSkewEnforcementStatus reflects what the latest cluster-validated boot image skew enforcement + configuration is and will be used by Machine Config Controller while performing boot image skew enforcement. + When omitted, the MCO has no knowledge of how to enforce boot image skew. When the MCO does not know how + boot image skew should be enforced, cluster upgrades will be blocked until it can either automatically + determine skew enforcement or there is an explicit skew enforcement configuration provided in the + spec.bootImageSkewEnforcement field. + properties: + automatic: + description: |- + automatic describes the current boot image of the cluster. + This will be populated by the MCO when performing boot image updates. This value will be compared against + the cluster's skew limit to determine skew compliance. + Required when mode is set to "Automatic" and forbidden otherwise. + minProperties: 1 + properties: + ocpVersion: + description: |- + ocpVersion provides a string which represents the OCP version of the boot image. + This field must match the OCP semver compatible format of x.y.z. This field must be between + 5 and 10 characters long. + maxLength: 10 + minLength: 5 + type: string + x-kubernetes-validations: + - message: ocpVersion must match the OCP semver compatible + format of x.y.z + rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') + rhcosVersion: + description: |- + rhcosVersion provides a string which represents the RHCOS version of the boot image + This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy + format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between + 14 and 21 characters long. + maxLength: 21 + minLength: 14 + type: string + x-kubernetes-validations: + - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] + or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] + rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') + type: object + x-kubernetes-validations: + - message: at least one of ocpVersion or rhcosVersion is required + rule: has(self.ocpVersion) || has(self.rhcosVersion) + manual: + description: |- + manual describes the current boot image of the cluster. + This will be populated by the MCO using the values provided in the spec.bootImageSkewEnforcement.manual field. + This value will be compared against the cluster's skew limit to determine skew compliance. + Required when mode is set to "Manual" and forbidden otherwise. + properties: + mode: + description: |- + mode is used to configure which boot image field is defined in Manual mode. + Valid values are OCPVersion and RHCOSVersion. + OCPVersion means that the cluster admin is expected to set the OCP version associated with the last boot image update + in the OCPVersion field. + RHCOSVersion means that the cluster admin is expected to set the RHCOS version associated with the last boot image update + in the RHCOSVersion field. + This field is required. + enum: + - OCPVersion + - RHCOSVersion + type: string + ocpVersion: + description: |- + ocpVersion provides a string which represents the OCP version of the boot image. + This field must match the OCP semver compatible format of x.y.z. This field must be between + 5 and 10 characters long. + Required when mode is set to "OCPVersion" and forbidden otherwise. + maxLength: 10 + minLength: 5 + type: string + x-kubernetes-validations: + - message: ocpVersion must match the OCP semver compatible + format of x.y.z + rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') + rhcosVersion: + description: |- + rhcosVersion provides a string which represents the RHCOS version of the boot image + This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy + format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between + 14 and 21 characters long. + Required when mode is set to "RHCOSVersion" and forbidden otherwise. + maxLength: 21 + minLength: 14 + type: string + x-kubernetes-validations: + - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] + or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] + rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') + required: + - mode + type: object + x-kubernetes-validations: + - message: ocpVersion is required when mode is OCPVersion, and + forbidden otherwise + rule: 'has(self.mode) && (self.mode ==''OCPVersion'') ? has(self.ocpVersion) + : !has(self.ocpVersion)' + - message: rhcosVersion is required when mode is RHCOSVersion, + and forbidden otherwise + rule: 'has(self.mode) && (self.mode ==''RHCOSVersion'') ? has(self.rhcosVersion) + : !has(self.rhcosVersion)' + mode: + description: |- + mode determines the underlying behavior of skew enforcement mechanism. + Valid values are Automatic, Manual and None. + Automatic means that the MCO will perform boot image updates and store the + OCP & RHCOS version associated with the last boot image update in the automatic field. + Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP + & RHCOS version associated with the last boot image update in the manual field. + In Automatic and Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the + skew limit described by the release image. + None means that the MCO will no longer monitor the boot image skew. This may affect + the cluster's ability to scale. + This field is required. + enum: + - Automatic + - Manual + - None + type: string + required: + - mode + type: object + x-kubernetes-validations: + - message: automatic is required when mode is Automatic, and forbidden + otherwise + rule: 'has(self.mode) && (self.mode == ''Automatic'') ? has(self.automatic) + : !has(self.automatic)' + - message: manual is required when mode is Manual, and forbidden otherwise + rule: 'has(self.mode) && (self.mode == ''Manual'') ? has(self.manual) + : !has(self.manual)' conditions: description: conditions is a list of conditions and their status items: @@ -1259,6 +1485,32 @@ spec: required: - spec type: object + x-kubernetes-validations: + - message: when skew enforcement is in Automatic mode, a boot image configuration + is required + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? self.?spec.managedBootImages.hasValue() || self.?status.managedBootImagesStatus.hasValue() + : true' + - message: when skew enforcement is in Automatic mode, managedBootImages.machineManagers + must not be an empty list + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || size(self.spec.managedBootImages.machineManagers) + > 0 : true' + - message: when skew enforcement is in Automatic mode, any MachineAPI MachineSet + MachineManager must use selection mode 'All' + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || !self.spec.managedBootImages.machineManagers.exists(m, + m.resource == ''machinesets'' && m.apiGroup == ''machine.openshift.io'') + || self.spec.managedBootImages.machineManagers.exists(m, m.resource == + ''machinesets'' && m.apiGroup == ''machine.openshift.io'' && m.selection.mode + == ''All'') : true' + - message: when skew enforcement is in Automatic mode, managedBootImagesStatus + must contain a MachineManager opting in all MachineAPI MachineSets + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? !(self.?status.managedBootImagesStatus.machineManagers.hasValue()) || + self.status.managedBootImagesStatus.machineManagers.exists(m, m.selection.mode + == ''All'' && m.resource == ''machinesets'' && m.apiGroup == ''machine.openshift.io''): + true' served: true storage: true subresources: diff --git a/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-OKD.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-OKD.crd.yaml index 1d160022849..eaffd23a329 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-OKD.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_machineconfigurations-OKD.crd.yaml @@ -46,6 +46,98 @@ spec: description: spec is the specification of the desired behavior of the Machine Config Operator properties: + bootImageSkewEnforcement: + description: |- + bootImageSkewEnforcement allows an admin to configure how boot image version skew is + enforced on the cluster. + When omitted, this will default to Automatic for clusters that support automatic boot image updates. + For clusters that do not support automatic boot image updates, cluster upgrades will be disabled until + a skew enforcement mode has been specified. + When version skew is being enforced, cluster upgrades will be disabled until the version skew is deemed + acceptable for the current release payload. + properties: + manual: + description: |- + manual describes the current boot image of the cluster. + This should be set to the oldest boot image used amongst all machine resources in the cluster. + This must include either the RHCOS version of the boot image or the OCP release version which shipped with that + RHCOS boot image. + Required when mode is set to "Manual" and forbidden otherwise. + properties: + mode: + description: |- + mode is used to configure which boot image field is defined in Manual mode. + Valid values are OCPVersion and RHCOSVersion. + OCPVersion means that the cluster admin is expected to set the OCP version associated with the last boot image update + in the OCPVersion field. + RHCOSVersion means that the cluster admin is expected to set the RHCOS version associated with the last boot image update + in the RHCOSVersion field. + This field is required. + enum: + - OCPVersion + - RHCOSVersion + type: string + ocpVersion: + description: |- + ocpVersion provides a string which represents the OCP version of the boot image. + This field must match the OCP semver compatible format of x.y.z. This field must be between + 5 and 10 characters long. + Required when mode is set to "OCPVersion" and forbidden otherwise. + maxLength: 10 + minLength: 5 + type: string + x-kubernetes-validations: + - message: ocpVersion must match the OCP semver compatible + format of x.y.z + rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') + rhcosVersion: + description: |- + rhcosVersion provides a string which represents the RHCOS version of the boot image + This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy + format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between + 14 and 21 characters long. + Required when mode is set to "RHCOSVersion" and forbidden otherwise. + maxLength: 21 + minLength: 14 + type: string + x-kubernetes-validations: + - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] + or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] + rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') + required: + - mode + type: object + x-kubernetes-validations: + - message: ocpVersion is required when mode is OCPVersion, and + forbidden otherwise + rule: 'has(self.mode) && (self.mode ==''OCPVersion'') ? has(self.ocpVersion) + : !has(self.ocpVersion)' + - message: rhcosVersion is required when mode is RHCOSVersion, + and forbidden otherwise + rule: 'has(self.mode) && (self.mode ==''RHCOSVersion'') ? has(self.rhcosVersion) + : !has(self.rhcosVersion)' + mode: + description: |- + mode determines the underlying behavior of skew enforcement mechanism. + Valid values are Manual and None. + Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP + & RHCOS version associated with the last boot image update in the manual field. + In Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the + skew limit described by the release image. + None means that the MCO will no longer monitor the boot image skew. This may affect + the cluster's ability to scale. + This field is required. + enum: + - Manual + - None + type: string + required: + - mode + type: object + x-kubernetes-validations: + - message: manual is required when mode is Manual, and forbidden otherwise + rule: 'has(self.mode) && (self.mode ==''Manual'') ? has(self.manual) + : !has(self.manual)' failedRevisionLimit: description: |- failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api @@ -657,6 +749,140 @@ spec: description: status is the most recently observed status of the Machine Config Operator properties: + bootImageSkewEnforcementStatus: + description: |- + bootImageSkewEnforcementStatus reflects what the latest cluster-validated boot image skew enforcement + configuration is and will be used by Machine Config Controller while performing boot image skew enforcement. + When omitted, the MCO has no knowledge of how to enforce boot image skew. When the MCO does not know how + boot image skew should be enforced, cluster upgrades will be blocked until it can either automatically + determine skew enforcement or there is an explicit skew enforcement configuration provided in the + spec.bootImageSkewEnforcement field. + properties: + automatic: + description: |- + automatic describes the current boot image of the cluster. + This will be populated by the MCO when performing boot image updates. This value will be compared against + the cluster's skew limit to determine skew compliance. + Required when mode is set to "Automatic" and forbidden otherwise. + minProperties: 1 + properties: + ocpVersion: + description: |- + ocpVersion provides a string which represents the OCP version of the boot image. + This field must match the OCP semver compatible format of x.y.z. This field must be between + 5 and 10 characters long. + maxLength: 10 + minLength: 5 + type: string + x-kubernetes-validations: + - message: ocpVersion must match the OCP semver compatible + format of x.y.z + rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') + rhcosVersion: + description: |- + rhcosVersion provides a string which represents the RHCOS version of the boot image + This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy + format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between + 14 and 21 characters long. + maxLength: 21 + minLength: 14 + type: string + x-kubernetes-validations: + - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] + or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] + rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') + type: object + x-kubernetes-validations: + - message: at least one of ocpVersion or rhcosVersion is required + rule: has(self.ocpVersion) || has(self.rhcosVersion) + manual: + description: |- + manual describes the current boot image of the cluster. + This will be populated by the MCO using the values provided in the spec.bootImageSkewEnforcement.manual field. + This value will be compared against the cluster's skew limit to determine skew compliance. + Required when mode is set to "Manual" and forbidden otherwise. + properties: + mode: + description: |- + mode is used to configure which boot image field is defined in Manual mode. + Valid values are OCPVersion and RHCOSVersion. + OCPVersion means that the cluster admin is expected to set the OCP version associated with the last boot image update + in the OCPVersion field. + RHCOSVersion means that the cluster admin is expected to set the RHCOS version associated with the last boot image update + in the RHCOSVersion field. + This field is required. + enum: + - OCPVersion + - RHCOSVersion + type: string + ocpVersion: + description: |- + ocpVersion provides a string which represents the OCP version of the boot image. + This field must match the OCP semver compatible format of x.y.z. This field must be between + 5 and 10 characters long. + Required when mode is set to "OCPVersion" and forbidden otherwise. + maxLength: 10 + minLength: 5 + type: string + x-kubernetes-validations: + - message: ocpVersion must match the OCP semver compatible + format of x.y.z + rule: self.matches('^[0-9]+\\.[0-9]+\\.[0-9]+$') + rhcosVersion: + description: |- + rhcosVersion provides a string which represents the RHCOS version of the boot image + This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy + format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between + 14 and 21 characters long. + Required when mode is set to "RHCOSVersion" and forbidden otherwise. + maxLength: 21 + minLength: 14 + type: string + x-kubernetes-validations: + - message: rhcosVersion must match format [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] + or must match legacy format [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber] + rule: self.matches('^[0-9]+\\.[0-9]+\\.([0-9]{8}|[0-9]{12})-[0-9]+$') + required: + - mode + type: object + x-kubernetes-validations: + - message: ocpVersion is required when mode is OCPVersion, and + forbidden otherwise + rule: 'has(self.mode) && (self.mode ==''OCPVersion'') ? has(self.ocpVersion) + : !has(self.ocpVersion)' + - message: rhcosVersion is required when mode is RHCOSVersion, + and forbidden otherwise + rule: 'has(self.mode) && (self.mode ==''RHCOSVersion'') ? has(self.rhcosVersion) + : !has(self.rhcosVersion)' + mode: + description: |- + mode determines the underlying behavior of skew enforcement mechanism. + Valid values are Automatic, Manual and None. + Automatic means that the MCO will perform boot image updates and store the + OCP & RHCOS version associated with the last boot image update in the automatic field. + Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP + & RHCOS version associated with the last boot image update in the manual field. + In Automatic and Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the + skew limit described by the release image. + None means that the MCO will no longer monitor the boot image skew. This may affect + the cluster's ability to scale. + This field is required. + enum: + - Automatic + - Manual + - None + type: string + required: + - mode + type: object + x-kubernetes-validations: + - message: automatic is required when mode is Automatic, and forbidden + otherwise + rule: 'has(self.mode) && (self.mode == ''Automatic'') ? has(self.automatic) + : !has(self.automatic)' + - message: manual is required when mode is Manual, and forbidden otherwise + rule: 'has(self.mode) && (self.mode == ''Manual'') ? has(self.manual) + : !has(self.manual)' conditions: description: conditions is a list of conditions and their status items: @@ -1259,6 +1485,32 @@ spec: required: - spec type: object + x-kubernetes-validations: + - message: when skew enforcement is in Automatic mode, a boot image configuration + is required + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? self.?spec.managedBootImages.hasValue() || self.?status.managedBootImagesStatus.hasValue() + : true' + - message: when skew enforcement is in Automatic mode, managedBootImages.machineManagers + must not be an empty list + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || size(self.spec.managedBootImages.machineManagers) + > 0 : true' + - message: when skew enforcement is in Automatic mode, any MachineAPI MachineSet + MachineManager must use selection mode 'All' + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? !(self.?spec.managedBootImages.machineManagers.hasValue()) || !self.spec.managedBootImages.machineManagers.exists(m, + m.resource == ''machinesets'' && m.apiGroup == ''machine.openshift.io'') + || self.spec.managedBootImages.machineManagers.exists(m, m.resource == + ''machinesets'' && m.apiGroup == ''machine.openshift.io'' && m.selection.mode + == ''All'') : true' + - message: when skew enforcement is in Automatic mode, managedBootImagesStatus + must contain a MachineManager opting in all MachineAPI MachineSets + rule: 'self.?status.bootImageSkewEnforcementStatus.mode.orValue("") == ''Automatic'' + ? !(self.?status.managedBootImagesStatus.machineManagers.hasValue()) || + self.status.managedBootImagesStatus.machineManagers.exists(m, m.selection.mode + == ''All'' && m.resource == ''machinesets'' && m.apiGroup == ''machine.openshift.io''): + true' served: true storage: true subresources: diff --git a/payload-manifests/featuregates/featureGate-4-10-Hypershift-TechPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-4-10-Hypershift-TechPreviewNoUpgrade.yaml index c995ea77982..eba3c4913ac 100644 --- a/payload-manifests/featuregates/featureGate-4-10-Hypershift-TechPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-Hypershift-TechPreviewNoUpgrade.yaml @@ -31,6 +31,9 @@ { "name": "ClusterUpdatePreflight" }, + { + "name": "ConfidentialCluster" + }, { "name": "EventedPLEG" }, @@ -87,6 +90,9 @@ }, { "name": "ShortCertRotation" + }, + { + "name": "VSphereMultiVCenterDay2" } ], "enabled": [ diff --git a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-Default.yaml b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-Default.yaml index 1e6c316c9dc..e8c320db000 100644 --- a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-Default.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-Default.yaml @@ -35,9 +35,6 @@ { "name": "AutomatedEtcdBackup" }, - { - "name": "AzureClusterHostedDNSInstall" - }, { "name": "AzureDedicatedHosts" }, @@ -113,6 +110,9 @@ { "name": "ClusterVersionOperatorConfiguration" }, + { + "name": "ConfidentialCluster" + }, { "name": "ConfigurablePKI" }, @@ -281,6 +281,9 @@ { "name": "VSphereMixedNodeEnv" }, + { + "name": "VSphereMultiVCenterDay2" + }, { "name": "VolumeGroupSnapshot" } @@ -289,6 +292,9 @@ { "name": "AWSServiceLBNetworkSecurityGroup" }, + { + "name": "AzureClusterHostedDNSInstall" + }, { "name": "AzureWorkloadIdentity" }, diff --git a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-OKD.yaml b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-OKD.yaml index b5e89233476..7152f7a3771 100644 --- a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-OKD.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-OKD.yaml @@ -37,9 +37,6 @@ { "name": "AutomatedEtcdBackup" }, - { - "name": "AzureClusterHostedDNSInstall" - }, { "name": "AzureDedicatedHosts" }, @@ -115,6 +112,9 @@ { "name": "ClusterVersionOperatorConfiguration" }, + { + "name": "ConfidentialCluster" + }, { "name": "ConfigurablePKI" }, @@ -283,6 +283,9 @@ { "name": "VSphereMixedNodeEnv" }, + { + "name": "VSphereMultiVCenterDay2" + }, { "name": "VolumeGroupSnapshot" } @@ -291,6 +294,9 @@ { "name": "AWSServiceLBNetworkSecurityGroup" }, + { + "name": "AzureClusterHostedDNSInstall" + }, { "name": "AzureWorkloadIdentity" }, diff --git a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-TechPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-TechPreviewNoUpgrade.yaml index ea764b717f7..1423f0f2279 100644 --- a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-TechPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-TechPreviewNoUpgrade.yaml @@ -31,6 +31,9 @@ { "name": "ClusterUpdatePreflight" }, + { + "name": "ConfidentialCluster" + }, { "name": "EventedPLEG" }, @@ -66,6 +69,9 @@ }, { "name": "ShortCertRotation" + }, + { + "name": "VSphereMultiVCenterDay2" } ], "enabled": [ From 540566c49c682d2c00318ee00f96d4dbb583d8e2 Mon Sep 17 00:00:00 2001 From: Davide Salerno Date: Thu, 2 Apr 2026 18:28:33 +0200 Subject: [PATCH 7/7] Rename TLS "curves" to "groups" to align with IANA terminology MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The IANA "TLS Supported Groups" registry is the authoritative source for these identifiers, and the TLS specification uses the term "supported groups" rather than "curves". This distinction matters because not all supported groups are elliptic curves (e.g., X25519MLKEM768 is a post-quantum hybrid KEM). This change renames: - API field: `curves` → `groups` (JSON serialization) - Go type: `TLSCurve` → `TLSGroup` and all associated constants - FeatureGate: `TLSCurvePreferences` → `TLSGroupPreferences` - Godoc updated to document MaxItems/MinItems validation constraints No backward compatibility concerns as the field is gated behind a TechPreview/DevPreview-only FeatureGate Signed-off-by: Davide Salerno --- ...ferences.yaml => TLSGroupPreferences.yaml} | 68 +- config/v1/types_tlssecurityprofile.go | 109 +- ...tor_01_apiservers-CustomNoUpgrade.crd.yaml | 43 +- ...ig-operator_01_apiservers-Default.crd.yaml | 22 +- ...01_apiservers-DevPreviewNoUpgrade.crd.yaml | 43 +- ...config-operator_01_apiservers-OKD.crd.yaml | 22 +- ...1_apiservers-TechPreviewNoUpgrade.crd.yaml | 43 +- config/v1/zz_generated.deepcopy.go | 6 +- ..._generated.featuregated-crd-manifests.yaml | 2 +- .../AAA_ungated.yaml | 22 +- .../KMSEncryption.yaml | 22 +- .../KMSEncryptionProvider.yaml | 22 +- .../TLSAdherence.yaml | 22 +- ...ferences.yaml => TLSGroupPreferences.yaml} | 45 +- .../v1/zz_generated.swagger_doc_generated.go | 12 +- features.md | 2 +- features/features.go | 2 +- ...ferences.yaml => TLSGroupPreferences.yaml} | 68 +- ...01_kubeletconfigs-CustomNoUpgrade.crd.yaml | 43 +- ...-config_01_kubeletconfigs-Default.crd.yaml | 22 +- ...ubeletconfigs-DevPreviewNoUpgrade.crd.yaml | 43 +- ...hine-config_01_kubeletconfigs-OKD.crd.yaml | 22 +- ...beletconfigs-TechPreviewNoUpgrade.crd.yaml | 43 +- ..._generated.featuregated-crd-manifests.yaml | 2 +- .../AAA_ungated.yaml | 22 +- ...ferences.yaml => TLSGroupPreferences.yaml} | 45 +- .../generated_openapi/zz_generated.openapi.go | 18 +- openapi/openapi.json | 70420 ++++++++-------- ...ferences.yaml => TLSGroupPreferences.yaml} | 68 +- ...ngresscontrollers-CustomNoUpgrade.crd.yaml | 64 +- ...ess_00_ingresscontrollers-Default.crd.yaml | 22 +- ...sscontrollers-DevPreviewNoUpgrade.crd.yaml | 64 +- ...ingress_00_ingresscontrollers-OKD.crd.yaml | 22 +- ...scontrollers-TechPreviewNoUpgrade.crd.yaml | 64 +- ..._generated.featuregated-crd-manifests.yaml | 2 +- .../AAA_ungated.yaml | 22 +- ...ControllerDynamicConfigurationManager.yaml | 22 +- ...ferences.yaml => TLSGroupPreferences.yaml} | 66 +- ...tor_01_apiservers-CustomNoUpgrade.crd.yaml | 43 +- ...ig-operator_01_apiservers-Default.crd.yaml | 22 +- ...01_apiservers-DevPreviewNoUpgrade.crd.yaml | 43 +- ...config-operator_01_apiservers-OKD.crd.yaml | 22 +- ...1_apiservers-TechPreviewNoUpgrade.crd.yaml | 43 +- ...01_kubeletconfigs-CustomNoUpgrade.crd.yaml | 43 +- ...-config_01_kubeletconfigs-Default.crd.yaml | 22 +- ...ubeletconfigs-DevPreviewNoUpgrade.crd.yaml | 43 +- ...hine-config_01_kubeletconfigs-OKD.crd.yaml | 22 +- ...beletconfigs-TechPreviewNoUpgrade.crd.yaml | 43 +- .../featureGate-4-10-Hypershift-Default.yaml | 2 +- ...e-4-10-Hypershift-DevPreviewNoUpgrade.yaml | 2 +- .../featureGate-4-10-Hypershift-OKD.yaml | 2 +- ...-4-10-Hypershift-TechPreviewNoUpgrade.yaml | 2 +- ...eatureGate-4-10-SelfManagedHA-Default.yaml | 2 +- ...-10-SelfManagedHA-DevPreviewNoUpgrade.yaml | 2 +- .../featureGate-4-10-SelfManagedHA-OKD.yaml | 2 +- ...10-SelfManagedHA-TechPreviewNoUpgrade.yaml | 2 +- 56 files changed, 36441 insertions(+), 35592 deletions(-) rename config/v1/tests/apiservers.config.openshift.io/{TLSCurvePreferences.yaml => TLSGroupPreferences.yaml} (89%) rename config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/{TLSCurvePreferences.yaml => TLSGroupPreferences.yaml} (90%) rename machineconfiguration/v1/tests/kubeletconfigs.machineconfiguration.openshift.io/{TLSCurvePreferences.yaml => TLSGroupPreferences.yaml} (88%) rename machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/{TLSCurvePreferences.yaml => TLSGroupPreferences.yaml} (88%) rename operator/v1/tests/ingresscontrollers.operator.openshift.io/{TLSCurvePreferences.yaml => TLSGroupPreferences.yaml} (91%) rename operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/{TLSCurvePreferences.yaml => TLSGroupPreferences.yaml} (98%) diff --git a/config/v1/tests/apiservers.config.openshift.io/TLSCurvePreferences.yaml b/config/v1/tests/apiservers.config.openshift.io/TLSGroupPreferences.yaml similarity index 89% rename from config/v1/tests/apiservers.config.openshift.io/TLSCurvePreferences.yaml rename to config/v1/tests/apiservers.config.openshift.io/TLSGroupPreferences.yaml index 2d1b1677526..b618c76e2ca 100644 --- a/config/v1/tests/apiservers.config.openshift.io/TLSCurvePreferences.yaml +++ b/config/v1/tests/apiservers.config.openshift.io/TLSGroupPreferences.yaml @@ -2,10 +2,10 @@ apiVersion: apiextensions.k8s.io/v1 name: "APIServer" crdName: apiservers.config.openshift.io featureGates: - - TLSCurvePreferences + - TLSGroupPreferences tests: onCreate: - - name: Should be able to create with Custom TLS profile and curves + - name: Should be able to create with Custom TLS profile and groups initial: | apiVersion: config.openshift.io/v1 kind: APIServer @@ -17,7 +17,7 @@ tests: ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - curves: + groups: - X25519 - secp256r1 expected: | @@ -33,7 +33,7 @@ tests: ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - curves: + groups: - X25519 - secp256r1 - name: Should be able to create with all supported curves @@ -47,7 +47,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - X25519 - secp256r1 - secp384r1 @@ -65,7 +65,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - X25519 - secp256r1 - secp384r1 @@ -82,9 +82,9 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: [] - expectedError: "spec.tlsSecurityProfile.custom.curves in body should have at least 1 items" - - name: Should be able to create with Custom TLS profile and curves omitted + groups: [] + expectedError: "spec.tlsSecurityProfile.custom.groups in body should have at least 1 items" + - name: Should be able to create with Custom TLS profile and groups omitted initial: | apiVersion: config.openshift.io/v1 kind: APIServer @@ -107,7 +107,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - - name: Should be able to create with Custom TLS profile VersionTLS10 and curves + - name: Should be able to create with Custom TLS profile VersionTLS10 and groups initial: | apiVersion: config.openshift.io/v1 kind: APIServer @@ -118,7 +118,7 @@ tests: minTLSVersion: VersionTLS10 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - secp256r1 - secp384r1 expected: | @@ -133,10 +133,10 @@ tests: minTLSVersion: VersionTLS10 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - secp256r1 - secp384r1 - - name: Should be able to create with Custom TLS profile VersionTLS11 and curves + - name: Should be able to create with Custom TLS profile VersionTLS11 and groups initial: | apiVersion: config.openshift.io/v1 kind: APIServer @@ -147,7 +147,7 @@ tests: minTLSVersion: VersionTLS11 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - secp384r1 expected: | apiVersion: config.openshift.io/v1 @@ -161,9 +161,9 @@ tests: minTLSVersion: VersionTLS11 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - secp384r1 - - name: Should fail to create with more than 5 curves + - name: Should fail to create with more than 5 groups initial: | apiVersion: config.openshift.io/v1 kind: APIServer @@ -174,15 +174,15 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - X25519 - secp256r1 - secp384r1 - secp521r1 - X25519MLKEM768 - X25519 - expectedError: "spec.tlsSecurityProfile.custom.curves: Too many: 6: must have at most 5 items" - - name: Should fail to create with invalid curve value + expectedError: "spec.tlsSecurityProfile.custom.groups: Too many: 6: must have at most 5 items" + - name: Should fail to create with invalid group value initial: | apiVersion: config.openshift.io/v1 kind: APIServer @@ -193,11 +193,11 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - InvalidCurve - expectedError: "spec.tlsSecurityProfile.custom.curves[0]: Unsupported value: \"InvalidCurve\": supported values: \"X25519\", \"secp256r1\", \"secp384r1\", \"secp521r1\", \"X25519MLKEM768\"" + expectedError: "spec.tlsSecurityProfile.custom.groups[0]: Unsupported value: \"InvalidCurve\": supported values: \"X25519\", \"secp256r1\", \"secp384r1\", \"secp521r1\", \"X25519MLKEM768\"" onUpdate: - - name: Should be able to add curves to existing Custom TLS profile + - name: Should be able to add groups to existing Custom TLS profile initial: | apiVersion: config.openshift.io/v1 kind: APIServer @@ -220,7 +220,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - X25519 - secp256r1 expected: | @@ -235,10 +235,10 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - X25519 - secp256r1 - - name: Should be able to update curves in existing Custom TLS profile + - name: Should be able to update groups in existing Custom TLS profile initial: | apiVersion: config.openshift.io/v1 kind: APIServer @@ -249,7 +249,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - X25519 updated: | apiVersion: config.openshift.io/v1 @@ -263,7 +263,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - secp256r1 - secp384r1 expected: | @@ -278,10 +278,10 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - secp256r1 - secp384r1 - - name: Should be able to remove curves field from existing Custom TLS profile + - name: Should be able to remove groups field from existing Custom TLS profile initial: | apiVersion: config.openshift.io/v1 kind: APIServer @@ -292,7 +292,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - X25519 - secp256r1 updated: | @@ -319,7 +319,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - - name: Should fail to remove all curves from existing Custom TLS profile + - name: Should fail to remove all groups from existing Custom TLS profile initial: | apiVersion: config.openshift.io/v1 kind: APIServer @@ -330,7 +330,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - X25519 - secp256r1 updated: | @@ -345,5 +345,5 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: [] - expectedError: "spec.tlsSecurityProfile.custom.curves in body should have at least 1 items" + groups: [] + expectedError: "spec.tlsSecurityProfile.custom.groups in body should have at least 1 items" diff --git a/config/v1/types_tlssecurityprofile.go b/config/v1/types_tlssecurityprofile.go index ad5f76e22c3..ae8ca96d760 100644 --- a/config/v1/types_tlssecurityprofile.go +++ b/config/v1/types_tlssecurityprofile.go @@ -7,10 +7,16 @@ type TLSSecurityProfile struct { // type is one of Old, Intermediate, Modern or Custom. Custom provides the // ability to specify individual TLS security profile parameters. // - // The profiles are based on version 5.7 of the Mozilla Server Side TLS - // configuration guidelines. The cipher lists consist of the configuration's - // "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - // See: https://ssl-config.mozilla.org/guidelines/5.7.json + // The cipher lists in these profiles are based on version 5.7 of the Mozilla + // Server Side TLS configuration guidelines. The cipher lists consist of the + // configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + // guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + // + // The groups lists are based on Go's crypto/tls default curve preferences + // (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + // Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + // components running in FIPS mode. + // See: https://pkg.go.dev/crypto/tls#CurveID // // The profiles are intent based, so they may change over time as new ciphers are // developed and existing ciphers are found to be insecure. Depending on @@ -23,7 +29,7 @@ type TLSSecurityProfile struct { // old is a TLS profile for use when services need to be accessed by very old // clients or libraries and should be used only as a last resort. // - // The curve list includes by default the following curves: + // The supported groups list includes by default the following groups: // X25519, secp256r1, secp384r1, X25519MLKEM768. // // This profile is equivalent to a Custom profile specified as: @@ -59,7 +65,7 @@ type TLSSecurityProfile struct { // legacy clients and want to remain highly secure while being compatible with // most clients currently in use. // - // The curve list includes by default the following curves: + // The supported groups list includes by default the following groups: // X25519, secp256r1, secp384r1, X25519MLKEM768. // // This profile is equivalent to a Custom profile specified as: @@ -81,7 +87,7 @@ type TLSSecurityProfile struct { // modern is a TLS security profile for use with clients that support TLS 1.3 and // do not need backward compatibility for older clients. - // The curve list includes by default the following curves: + // The supported groups list includes by default the following groups: // X25519, secp256r1, secp384r1, X25519MLKEM768. // This profile is equivalent to a Custom profile specified as: // minTLSVersion: VersionTLS13 @@ -97,7 +103,7 @@ type TLSSecurityProfile struct { // custom is a user-defined TLS security profile. Be extremely careful using a custom // profile as invalid configurations can be catastrophic. // - // The curve list for this profile is empty by default. + // The supported groups list for this profile is empty by default. // // An example custom profile looks like this: // @@ -152,25 +158,27 @@ const ( TLSProfileCustomType TLSProfileType = "Custom" ) -// TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. -// There is a one-to-one mapping between these names and the curve IDs defined -// in crypto/tls package based on IANA's "TLS Supported Groups" registry: +// TLSGroup is a supported group identifier that can be used in TLSProfile.Groups. +// There is a one-to-one mapping between these names and the group IDs defined +// in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry: // https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 +// Note that X25519MLKEM768 is a post-quantum hybrid group that is not +// FIPS-approved and should be ignored by components running in FIPS mode. // // +kubebuilder:validation:Enum=X25519;secp256r1;secp384r1;secp521r1;X25519MLKEM768 -type TLSCurve string +type TLSGroup string const ( - // TLSCurveX25519 represents X25519. - TLSCurveX25519 TLSCurve = "X25519" - // TLSCurveSecp256r1 represents P-256 (secp256r1). - TLSCurveSecP256r1 TLSCurve = "secp256r1" - // TLSCurveSecP384r1 represents P-384 (secp384r1). - TLSCurveSecP384r1 TLSCurve = "secp384r1" - // TLSCurveSecP521r1 represents P-521 (secp521r1). - TLSCurveSecP521r1 TLSCurve = "secp521r1" - // TLSCurveX25519MLKEM768 represents X25519MLKEM768. - TLSCurveX25519MLKEM768 TLSCurve = "X25519MLKEM768" + // TLSGroupX25519 represents X25519. + TLSGroupX25519 TLSGroup = "X25519" + // TLSGroupSecP256r1 represents P-256 (secp256r1). + TLSGroupSecP256r1 TLSGroup = "secp256r1" + // TLSGroupSecP384r1 represents P-384 (secp384r1). + TLSGroupSecP384r1 TLSGroup = "secp384r1" + // TLSGroupSecP521r1 represents P-521 (secp521r1). + TLSGroupSecP521r1 TLSGroup = "secp521r1" + // TLSGroupX25519MLKEM768 represents X25519MLKEM768. + TLSGroupX25519MLKEM768 TLSGroup = "X25519MLKEM768" ) // TLSProfileSpec is the desired behavior of a TLSSecurityProfile. @@ -186,17 +194,18 @@ type TLSProfileSpec struct { // and are always enabled when TLS 1.3 is negotiated. // +listType=atomic Ciphers []string `json:"ciphers"` - // curves is an optional field used to specify the elliptic curves that are used during - // the TLS handshake. Operators may remove entries their operands do - // not support. + // groups is an optional field used to specify the supported groups (formerly known as + // elliptic curves) that are used during the TLS handshake. Operators may remove entries + // their operands do not support. // // When omitted, this means no opinion and the platform is left to choose reasonable defaults which are // subject to change over time and may be different per platform component depending on the underlying TLS - // libraries they use. If specified, the list must contain at least one curve and each curve must be unique. + // libraries they use. If specified, the list must contain at least one and at most 5 groups, + // and each group must be unique. // // For example, to use X25519 and secp256r1 (yaml): // - // curves: + // groups: // - X25519 // - secp256r1 // @@ -204,8 +213,8 @@ type TLSProfileSpec struct { // +listType=set // +kubebuilder:validation:MaxItems=5 // +kubebuilder:validation:MinItems=1 - // +openshift:enable:FeatureGate=TLSCurvePreferences - Curves []TLSCurve `json:"curves,omitempty"` + // +openshift:enable:FeatureGate=TLSGroupPreferences + Groups []TLSGroup `json:"groups,omitempty"` // minTLSVersion is used to specify the minimal version of the TLS protocol // that is negotiated during the TLS handshake. For example, to use TLS // versions 1.1, 1.2 and 1.3 (yaml): @@ -238,19 +247,23 @@ const ( // TLSProfiles contains a map of TLSProfileType names to TLSProfileSpec. // -// These profiles are based on version 5.7 of the Mozilla Server Side TLS -// configuration guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json +// The cipher lists in these profiles are based on version 5.7 of the Mozilla +// Server Side TLS configuration guidelines. +// See: https://ssl-config.mozilla.org/guidelines/5.7.json // // Each Ciphers slice is the configuration's "ciphersuites" followed by the // Go-specific "ciphers" from the guidelines JSON. // +// The groups lists are based on Go's crypto/tls default curve preferences +// (Go 1.24+). See: https://pkg.go.dev/crypto/tls#CurveID // TLSProfiles Old, Intermediate, Modern include by default the following -// curves: X25519, secp256r1, secp384r1, X25519MLKEM768 +// groups: X25519, secp256r1, secp384r1, X25519MLKEM768 // // NOTE: The caller needs to make sure to check that these constants are valid // for their binary. Not all entries map to values for all binaries. In the case // of ties, the kube-apiserver wins. Do not fail, just be sure to include only -// valid entries and everything will be ok. +// valid entries and everything will be ok. In particular, X25519MLKEM768 is +// not FIPS-approved and must be omitted by components running in FIPS mode. var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ TLSProfileOldType: { Ciphers: []string{ @@ -276,11 +289,11 @@ var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ "AES256-SHA", "DES-CBC3-SHA", }, - Curves: []TLSCurve{ - TLSCurveX25519, - TLSCurveSecP256r1, - TLSCurveSecP384r1, - TLSCurveX25519MLKEM768, + Groups: []TLSGroup{ + TLSGroupX25519, + TLSGroupSecP256r1, + TLSGroupSecP384r1, + TLSGroupX25519MLKEM768, }, MinTLSVersion: VersionTLS10, }, @@ -296,11 +309,11 @@ var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ "ECDHE-ECDSA-CHACHA20-POLY1305", "ECDHE-RSA-CHACHA20-POLY1305", }, - Curves: []TLSCurve{ - TLSCurveX25519, - TLSCurveSecP256r1, - TLSCurveSecP384r1, - TLSCurveX25519MLKEM768, + Groups: []TLSGroup{ + TLSGroupX25519, + TLSGroupSecP256r1, + TLSGroupSecP384r1, + TLSGroupX25519MLKEM768, }, MinTLSVersion: VersionTLS12, }, @@ -310,11 +323,11 @@ var TLSProfiles = map[TLSProfileType]*TLSProfileSpec{ "TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256", }, - Curves: []TLSCurve{ - TLSCurveX25519, - TLSCurveSecP256r1, - TLSCurveSecP384r1, - TLSCurveX25519MLKEM768, + Groups: []TLSGroup{ + TLSGroupX25519, + TLSGroupSecP256r1, + TLSGroupSecP384r1, + TLSGroupX25519MLKEM768, }, MinTLSVersion: VersionTLS13, }, diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml index c14e3c36855..de240a9a7c7 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml @@ -340,7 +340,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -367,27 +367,30 @@ spec: type: string type: array x-kubernetes-list-type: atomic - curves: + groups: description: |- - curves is an optional field used to specify the elliptic curves that are used during - the TLS handshake. Operators may remove entries their operands do - not support. + groups is an optional field used to specify the supported groups (formerly known as + elliptic curves) that are used during the TLS handshake. Operators may remove entries + their operands do not support. When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve and each curve must be unique. + libraries they use. If specified, the list must contain at least one and at most 5 groups, + and each group must be unique. For example, to use X25519 and secp256r1 (yaml): - curves: + groups: - X25519 - secp256r1 items: description: |- - TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. - There is a one-to-one mapping between these names and the curve IDs defined - in crypto/tls package based on IANA's "TLS Supported Groups" registry: + TLSGroup is a supported group identifier that can be used in TLSProfile.Groups. + There is a one-to-one mapping between these names and the group IDs defined + in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + Note that X25519MLKEM768 is a post-quantum hybrid group that is not + FIPS-approved and should be ignored by components running in FIPS mode. enum: - X25519 - secp256r1 @@ -419,7 +422,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -440,7 +443,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -455,7 +458,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -489,10 +492,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml index a85382e5d90..353ccf696b7 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml @@ -235,7 +235,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -282,7 +282,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -303,7 +303,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -318,7 +318,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -352,10 +352,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml index 725b2c66f68..df8e29089c6 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml @@ -340,7 +340,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -367,27 +367,30 @@ spec: type: string type: array x-kubernetes-list-type: atomic - curves: + groups: description: |- - curves is an optional field used to specify the elliptic curves that are used during - the TLS handshake. Operators may remove entries their operands do - not support. + groups is an optional field used to specify the supported groups (formerly known as + elliptic curves) that are used during the TLS handshake. Operators may remove entries + their operands do not support. When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve and each curve must be unique. + libraries they use. If specified, the list must contain at least one and at most 5 groups, + and each group must be unique. For example, to use X25519 and secp256r1 (yaml): - curves: + groups: - X25519 - secp256r1 items: description: |- - TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. - There is a one-to-one mapping between these names and the curve IDs defined - in crypto/tls package based on IANA's "TLS Supported Groups" registry: + TLSGroup is a supported group identifier that can be used in TLSProfile.Groups. + There is a one-to-one mapping between these names and the group IDs defined + in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + Note that X25519MLKEM768 is a post-quantum hybrid group that is not + FIPS-approved and should be ignored by components running in FIPS mode. enum: - X25519 - secp256r1 @@ -419,7 +422,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -440,7 +443,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -455,7 +458,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -489,10 +492,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml index 653497138c1..7ab7d3048ef 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml @@ -235,7 +235,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -282,7 +282,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -303,7 +303,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -318,7 +318,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -352,10 +352,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml index 33c7fa21e73..b493edb8e12 100644 --- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml +++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml @@ -272,7 +272,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -299,27 +299,30 @@ spec: type: string type: array x-kubernetes-list-type: atomic - curves: + groups: description: |- - curves is an optional field used to specify the elliptic curves that are used during - the TLS handshake. Operators may remove entries their operands do - not support. + groups is an optional field used to specify the supported groups (formerly known as + elliptic curves) that are used during the TLS handshake. Operators may remove entries + their operands do not support. When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve and each curve must be unique. + libraries they use. If specified, the list must contain at least one and at most 5 groups, + and each group must be unique. For example, to use X25519 and secp256r1 (yaml): - curves: + groups: - X25519 - secp256r1 items: description: |- - TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. - There is a one-to-one mapping between these names and the curve IDs defined - in crypto/tls package based on IANA's "TLS Supported Groups" registry: + TLSGroup is a supported group identifier that can be used in TLSProfile.Groups. + There is a one-to-one mapping between these names and the group IDs defined + in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + Note that X25519MLKEM768 is a post-quantum hybrid group that is not + FIPS-approved and should be ignored by components running in FIPS mode. enum: - X25519 - secp256r1 @@ -351,7 +354,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -372,7 +375,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -387,7 +390,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -421,10 +424,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/config/v1/zz_generated.deepcopy.go b/config/v1/zz_generated.deepcopy.go index 35267e8489b..5c4ce47d1d6 100644 --- a/config/v1/zz_generated.deepcopy.go +++ b/config/v1/zz_generated.deepcopy.go @@ -6246,9 +6246,9 @@ func (in *TLSProfileSpec) DeepCopyInto(out *TLSProfileSpec) { *out = make([]string, len(*in)) copy(*out, *in) } - if in.Curves != nil { - in, out := &in.Curves, &out.Curves - *out = make([]TLSCurve, len(*in)) + if in.Groups != nil { + in, out := &in.Groups, &out.Groups + *out = make([]TLSGroup, len(*in)) copy(*out, *in) } return diff --git a/config/v1/zz_generated.featuregated-crd-manifests.yaml b/config/v1/zz_generated.featuregated-crd-manifests.yaml index d542bae1b98..358841f1afc 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests.yaml @@ -9,7 +9,7 @@ apiservers.config.openshift.io: - KMSEncryption - KMSEncryptionProvider - TLSAdherence - - TLSCurvePreferences + - TLSGroupPreferences FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" diff --git a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/AAA_ungated.yaml b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/AAA_ungated.yaml index 43079a4c7e8..6d0ea597a5e 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/AAA_ungated.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/AAA_ungated.yaml @@ -235,7 +235,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -282,7 +282,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -303,7 +303,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -318,7 +318,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -352,10 +352,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryption.yaml b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryption.yaml index 3cd101714b0..7de55945171 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryption.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryption.yaml @@ -236,7 +236,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -283,7 +283,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -304,7 +304,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -319,7 +319,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -353,10 +353,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml index 7d9764f6480..8793f9e2f9d 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/KMSEncryptionProvider.yaml @@ -304,7 +304,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -351,7 +351,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -372,7 +372,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -387,7 +387,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -421,10 +421,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSAdherence.yaml b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSAdherence.yaml index 916475c4542..bcdf4894523 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSAdherence.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSAdherence.yaml @@ -266,7 +266,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -313,7 +313,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -334,7 +334,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -349,7 +349,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -383,10 +383,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSCurvePreferences.yaml b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSGroupPreferences.yaml similarity index 90% rename from config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSCurvePreferences.yaml rename to config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSGroupPreferences.yaml index 8780609bd3b..dc0a6f53aa3 100644 --- a/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSCurvePreferences.yaml +++ b/config/v1/zz_generated.featuregated-crd-manifests/apiservers.config.openshift.io/TLSGroupPreferences.yaml @@ -6,7 +6,7 @@ metadata: api.openshift.io/filename-cvo-runlevel: "0000_10" api.openshift.io/filename-operator: config-operator api.openshift.io/filename-ordering: "01" - feature-gate.release.openshift.io/TLSCurvePreferences: "true" + feature-gate.release.openshift.io/TLSGroupPreferences: "true" release.openshift.io/bootstrap-required: "true" name: apiservers.config.openshift.io spec: @@ -230,7 +230,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -257,27 +257,30 @@ spec: type: string type: array x-kubernetes-list-type: atomic - curves: + groups: description: |- - curves is an optional field used to specify the elliptic curves that are used during - the TLS handshake. Operators may remove entries their operands do - not support. + groups is an optional field used to specify the supported groups (formerly known as + elliptic curves) that are used during the TLS handshake. Operators may remove entries + their operands do not support. When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve and each curve must be unique. + libraries they use. If specified, the list must contain at least one and at most 5 groups, + and each group must be unique. For example, to use X25519 and secp256r1 (yaml): - curves: + groups: - X25519 - secp256r1 items: description: |- - TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. - There is a one-to-one mapping between these names and the curve IDs defined - in crypto/tls package based on IANA's "TLS Supported Groups" registry: + TLSGroup is a supported group identifier that can be used in TLSProfile.Groups. + There is a one-to-one mapping between these names and the group IDs defined + in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + Note that X25519MLKEM768 is a post-quantum hybrid group that is not + FIPS-approved and should be ignored by components running in FIPS mode. enum: - X25519 - secp256r1 @@ -309,7 +312,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -330,7 +333,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -345,7 +348,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -379,10 +382,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/config/v1/zz_generated.swagger_doc_generated.go b/config/v1/zz_generated.swagger_doc_generated.go index dc615f32ebe..7b03d13079a 100644 --- a/config/v1/zz_generated.swagger_doc_generated.go +++ b/config/v1/zz_generated.swagger_doc_generated.go @@ -3009,7 +3009,7 @@ func (OldTLSProfile) SwaggerDoc() map[string]string { var map_TLSProfileSpec = map[string]string{ "": "TLSProfileSpec is the desired behavior of a TLSSecurityProfile.", "ciphers": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries that their operands do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml):\n\n ciphers:\n - ECDHE-RSA-AES128-GCM-SHA256\n\nTLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable and are always enabled when TLS 1.3 is negotiated.", - "curves": "curves is an optional field used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one curve and each curve must be unique.\n\nFor example, to use X25519 and secp256r1 (yaml):\n\n curves:\n - X25519\n - secp256r1", + "groups": "groups is an optional field used to specify the supported groups (formerly known as elliptic curves) that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one and at most 5 groups, and each group must be unique.\n\nFor example, to use X25519 and secp256r1 (yaml):\n\n groups:\n - X25519\n - secp256r1", "minTLSVersion": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11", } @@ -3019,11 +3019,11 @@ func (TLSProfileSpec) SwaggerDoc() map[string]string { var map_TLSSecurityProfile = map[string]string{ "": "TLSSecurityProfile defines the schema for a TLS security profile. This object is used by operators to apply TLS security settings to operands.", - "type": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe profiles are based on version 5.7 of the Mozilla Server Side TLS configuration guidelines. The cipher lists consist of the configuration's \"ciphersuites\" followed by the Go-specific \"ciphers\" from the guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.", - "old": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe curve list includes by default the following curves: X25519, secp256r1, secp384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", - "intermediate": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe curve list includes by default the following curves: X25519, secp256r1, secp384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305", - "modern": "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256", - "custom": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic.\n\nThe curve list for this profile is empty by default.\n\nAn example custom profile looks like this:\n\n minTLSVersion: VersionTLS11\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256", + "type": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe cipher lists in these profiles are based on version 5.7 of the Mozilla Server Side TLS configuration guidelines. The cipher lists consist of the configuration's \"ciphersuites\" followed by the Go-specific \"ciphers\" from the guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json\n\nThe groups lists are based on Go's crypto/tls default curve preferences (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. Note that X25519MLKEM768 is not FIPS-approved and should be ignored by components running in FIPS mode. See: https://pkg.go.dev/crypto/tls#CurveID\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.", + "old": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", + "intermediate": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305", + "modern": "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256", + "custom": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic.\n\nThe supported groups list for this profile is empty by default.\n\nAn example custom profile looks like this:\n\n minTLSVersion: VersionTLS11\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256", } func (TLSSecurityProfile) SwaggerDoc() map[string]string { diff --git a/features.md b/features.md index 60b8f0b3352..3b19a09ea86 100644 --- a/features.md +++ b/features.md @@ -89,7 +89,7 @@ | SELinuxMount| | | Enabled | Enabled | | | Enabled | Enabled | | SignatureStores| | | Enabled | Enabled | | | Enabled | Enabled | | TLSAdherence| | | Enabled | Enabled | | | Enabled | Enabled | -| TLSCurvePreferences| | | Enabled | Enabled | | | Enabled | Enabled | +| TLSGroupPreferences| | | Enabled | Enabled | | | Enabled | Enabled | | VSphereConfigurableMaxAllowedBlockVolumesPerNode| | | Enabled | Enabled | | | Enabled | Enabled | | VSphereMixedNodeEnv| | | Enabled | Enabled | | | Enabled | Enabled | | VolumeGroupSnapshot| | | Enabled | Enabled | | | Enabled | Enabled | diff --git a/features/features.go b/features/features.go index 13c08b031d5..e1fe9ac28b7 100644 --- a/features/features.go +++ b/features/features.go @@ -1029,7 +1029,7 @@ var ( enable(inDevPreviewNoUpgrade()). mustRegister() - FeatureGateTLSCurvePreferences = newFeatureGate("TLSCurvePreferences"). + FeatureGateTLSGroupPreferences = newFeatureGate("TLSGroupPreferences"). reportProblemsToJiraComponent("Networking / router"). contactPerson("davidesalerno"). productScope(ocpSpecific). diff --git a/machineconfiguration/v1/tests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml b/machineconfiguration/v1/tests/kubeletconfigs.machineconfiguration.openshift.io/TLSGroupPreferences.yaml similarity index 88% rename from machineconfiguration/v1/tests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml rename to machineconfiguration/v1/tests/kubeletconfigs.machineconfiguration.openshift.io/TLSGroupPreferences.yaml index 93eeec4f83e..800c4baf551 100644 --- a/machineconfiguration/v1/tests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml +++ b/machineconfiguration/v1/tests/kubeletconfigs.machineconfiguration.openshift.io/TLSGroupPreferences.yaml @@ -2,10 +2,10 @@ apiVersion: apiextensions.k8s.io/v1 name: "KubeletConfig" crdName: kubeletconfigs.machineconfiguration.openshift.io featureGates: - - TLSCurvePreferences + - TLSGroupPreferences tests: onCreate: - - name: Should be able to create with Custom TLS profile and curves + - name: Should be able to create with Custom TLS profile and groups initial: | apiVersion: machineconfiguration.openshift.io/v1 kind: KubeletConfig @@ -17,7 +17,7 @@ tests: ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - curves: + groups: - X25519 - secp256r1 expected: | @@ -31,7 +31,7 @@ tests: ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - curves: + groups: - X25519 - secp256r1 - name: Should be able to create with all supported curves @@ -45,7 +45,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - X25519 - secp256r1 - secp384r1 @@ -61,7 +61,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - X25519 - secp256r1 - secp384r1 @@ -78,9 +78,9 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: [] - expectedError: "spec.tlsSecurityProfile.custom.curves in body should have at least 1 items" - - name: Should be able to create with Custom TLS profile and curves omitted + groups: [] + expectedError: "spec.tlsSecurityProfile.custom.groups in body should have at least 1 items" + - name: Should be able to create with Custom TLS profile and groups omitted initial: | apiVersion: machineconfiguration.openshift.io/v1 kind: KubeletConfig @@ -101,7 +101,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - - name: Should be able to create with Custom TLS profile VersionTLS10 and curves + - name: Should be able to create with Custom TLS profile VersionTLS10 and groups initial: | apiVersion: machineconfiguration.openshift.io/v1 kind: KubeletConfig @@ -112,7 +112,7 @@ tests: minTLSVersion: VersionTLS10 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - secp256r1 - secp384r1 expected: | @@ -125,10 +125,10 @@ tests: minTLSVersion: VersionTLS10 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - secp256r1 - secp384r1 - - name: Should be able to create with Custom TLS profile VersionTLS11 and curves + - name: Should be able to create with Custom TLS profile VersionTLS11 and groups initial: | apiVersion: machineconfiguration.openshift.io/v1 kind: KubeletConfig @@ -139,7 +139,7 @@ tests: minTLSVersion: VersionTLS11 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - secp384r1 expected: | apiVersion: machineconfiguration.openshift.io/v1 @@ -151,9 +151,9 @@ tests: minTLSVersion: VersionTLS11 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - secp384r1 - - name: Should fail to create with more than 5 curves + - name: Should fail to create with more than 5 groups initial: | apiVersion: machineconfiguration.openshift.io/v1 kind: KubeletConfig @@ -164,15 +164,15 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - X25519 - secp256r1 - secp384r1 - secp521r1 - X25519MLKEM768 - X25519 - expectedError: "spec.tlsSecurityProfile.custom.curves: Too many: 6: must have at most 5 items" - - name: Should fail to create with invalid curve value + expectedError: "spec.tlsSecurityProfile.custom.groups: Too many: 6: must have at most 5 items" + - name: Should fail to create with invalid group value initial: | apiVersion: machineconfiguration.openshift.io/v1 kind: KubeletConfig @@ -183,11 +183,11 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - InvalidCurve - expectedError: "spec.tlsSecurityProfile.custom.curves[0]: Unsupported value: \"InvalidCurve\": supported values: \"X25519\", \"secp256r1\", \"secp384r1\", \"secp521r1\", \"X25519MLKEM768\"" + expectedError: "spec.tlsSecurityProfile.custom.groups[0]: Unsupported value: \"InvalidCurve\": supported values: \"X25519\", \"secp256r1\", \"secp384r1\", \"secp521r1\", \"X25519MLKEM768\"" onUpdate: - - name: Should be able to add curves to existing Custom TLS profile + - name: Should be able to add groups to existing Custom TLS profile initial: | apiVersion: machineconfiguration.openshift.io/v1 kind: KubeletConfig @@ -208,7 +208,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - X25519 - secp256r1 expected: | @@ -221,10 +221,10 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - X25519 - secp256r1 - - name: Should be able to update curves in existing Custom TLS profile + - name: Should be able to update groups in existing Custom TLS profile initial: | apiVersion: machineconfiguration.openshift.io/v1 kind: KubeletConfig @@ -235,7 +235,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - X25519 updated: | apiVersion: machineconfiguration.openshift.io/v1 @@ -247,7 +247,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - secp256r1 - secp384r1 expected: | @@ -260,10 +260,10 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - secp256r1 - secp384r1 - - name: Should be able to remove curves field from existing Custom TLS profile + - name: Should be able to remove groups field from existing Custom TLS profile initial: | apiVersion: machineconfiguration.openshift.io/v1 kind: KubeletConfig @@ -274,7 +274,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - X25519 - secp256r1 updated: | @@ -297,7 +297,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - - name: Should fail to remove all curves from existing Custom TLS profile + - name: Should fail to remove all groups from existing Custom TLS profile initial: | apiVersion: machineconfiguration.openshift.io/v1 kind: KubeletConfig @@ -308,7 +308,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - X25519 - secp256r1 updated: | @@ -321,5 +321,5 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: [] - expectedError: "spec.tlsSecurityProfile.custom.curves in body should have at least 1 items" + groups: [] + expectedError: "spec.tlsSecurityProfile.custom.groups in body should have at least 1 items" diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml index 38d52fa9233..faac613f6e1 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml @@ -134,7 +134,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -161,27 +161,30 @@ spec: type: string type: array x-kubernetes-list-type: atomic - curves: + groups: description: |- - curves is an optional field used to specify the elliptic curves that are used during - the TLS handshake. Operators may remove entries their operands do - not support. + groups is an optional field used to specify the supported groups (formerly known as + elliptic curves) that are used during the TLS handshake. Operators may remove entries + their operands do not support. When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve and each curve must be unique. + libraries they use. If specified, the list must contain at least one and at most 5 groups, + and each group must be unique. For example, to use X25519 and secp256r1 (yaml): - curves: + groups: - X25519 - secp256r1 items: description: |- - TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. - There is a one-to-one mapping between these names and the curve IDs defined - in crypto/tls package based on IANA's "TLS Supported Groups" registry: + TLSGroup is a supported group identifier that can be used in TLSProfile.Groups. + There is a one-to-one mapping between these names and the group IDs defined + in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + Note that X25519MLKEM768 is a post-quantum hybrid group that is not + FIPS-approved and should be ignored by components running in FIPS mode. enum: - X25519 - secp256r1 @@ -213,7 +216,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -234,7 +237,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -249,7 +252,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -283,10 +286,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml index 26c7c533e16..7e3c236bcd9 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml @@ -134,7 +134,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -181,7 +181,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -202,7 +202,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -217,7 +217,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -251,10 +251,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml index ec26eef6462..7a0c49b6850 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml @@ -134,7 +134,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -161,27 +161,30 @@ spec: type: string type: array x-kubernetes-list-type: atomic - curves: + groups: description: |- - curves is an optional field used to specify the elliptic curves that are used during - the TLS handshake. Operators may remove entries their operands do - not support. + groups is an optional field used to specify the supported groups (formerly known as + elliptic curves) that are used during the TLS handshake. Operators may remove entries + their operands do not support. When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve and each curve must be unique. + libraries they use. If specified, the list must contain at least one and at most 5 groups, + and each group must be unique. For example, to use X25519 and secp256r1 (yaml): - curves: + groups: - X25519 - secp256r1 items: description: |- - TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. - There is a one-to-one mapping between these names and the curve IDs defined - in crypto/tls package based on IANA's "TLS Supported Groups" registry: + TLSGroup is a supported group identifier that can be used in TLSProfile.Groups. + There is a one-to-one mapping between these names and the group IDs defined + in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + Note that X25519MLKEM768 is a post-quantum hybrid group that is not + FIPS-approved and should be ignored by components running in FIPS mode. enum: - X25519 - secp256r1 @@ -213,7 +216,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -234,7 +237,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -249,7 +252,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -283,10 +286,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml index f061015c4f5..361d67727ef 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml @@ -134,7 +134,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -181,7 +181,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -202,7 +202,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -217,7 +217,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -251,10 +251,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml index d1a389124fc..5be28e37579 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml @@ -134,7 +134,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -161,27 +161,30 @@ spec: type: string type: array x-kubernetes-list-type: atomic - curves: + groups: description: |- - curves is an optional field used to specify the elliptic curves that are used during - the TLS handshake. Operators may remove entries their operands do - not support. + groups is an optional field used to specify the supported groups (formerly known as + elliptic curves) that are used during the TLS handshake. Operators may remove entries + their operands do not support. When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve and each curve must be unique. + libraries they use. If specified, the list must contain at least one and at most 5 groups, + and each group must be unique. For example, to use X25519 and secp256r1 (yaml): - curves: + groups: - X25519 - secp256r1 items: description: |- - TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. - There is a one-to-one mapping between these names and the curve IDs defined - in crypto/tls package based on IANA's "TLS Supported Groups" registry: + TLSGroup is a supported group identifier that can be used in TLSProfile.Groups. + There is a one-to-one mapping between these names and the group IDs defined + in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + Note that X25519MLKEM768 is a post-quantum hybrid group that is not + FIPS-approved and should be ignored by components running in FIPS mode. enum: - X25519 - secp256r1 @@ -213,7 +216,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -234,7 +237,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -249,7 +252,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -283,10 +286,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml index 47c8aa68135..33a4280a521 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml @@ -63,7 +63,7 @@ kubeletconfigs.machineconfiguration.openshift.io: Capability: "" Category: "" FeatureGates: - - TLSCurvePreferences + - TLSGroupPreferences FilenameOperatorName: machine-config FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_80" diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml index 9e234a258cf..fd9265b4216 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/AAA_ungated.yaml @@ -134,7 +134,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -181,7 +181,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -202,7 +202,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -217,7 +217,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -251,10 +251,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/TLSGroupPreferences.yaml similarity index 88% rename from machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml rename to machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/TLSGroupPreferences.yaml index f0b1485ae22..b6cf68de568 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/TLSCurvePreferences.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/kubeletconfigs.machineconfiguration.openshift.io/TLSGroupPreferences.yaml @@ -6,7 +6,7 @@ metadata: api.openshift.io/filename-cvo-runlevel: "0000_80" api.openshift.io/filename-operator: machine-config api.openshift.io/filename-ordering: "01" - feature-gate.release.openshift.io/TLSCurvePreferences: "true" + feature-gate.release.openshift.io/TLSGroupPreferences: "true" labels: openshift.io/operator-managed: "" name: kubeletconfigs.machineconfiguration.openshift.io @@ -134,7 +134,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -161,27 +161,30 @@ spec: type: string type: array x-kubernetes-list-type: atomic - curves: + groups: description: |- - curves is an optional field used to specify the elliptic curves that are used during - the TLS handshake. Operators may remove entries their operands do - not support. + groups is an optional field used to specify the supported groups (formerly known as + elliptic curves) that are used during the TLS handshake. Operators may remove entries + their operands do not support. When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve and each curve must be unique. + libraries they use. If specified, the list must contain at least one and at most 5 groups, + and each group must be unique. For example, to use X25519 and secp256r1 (yaml): - curves: + groups: - X25519 - secp256r1 items: description: |- - TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. - There is a one-to-one mapping between these names and the curve IDs defined - in crypto/tls package based on IANA's "TLS Supported Groups" registry: + TLSGroup is a supported group identifier that can be used in TLSProfile.Groups. + There is a one-to-one mapping between these names and the group IDs defined + in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + Note that X25519MLKEM768 is a post-quantum hybrid group that is not + FIPS-approved and should be ignored by components running in FIPS mode. enum: - X25519 - secp256r1 @@ -213,7 +216,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -234,7 +237,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -249,7 +252,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -283,10 +286,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index 4913e48fc8d..012709de858 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -12473,14 +12473,14 @@ func schema_openshift_api_config_v1_CustomTLSProfile(ref common.ReferenceCallbac }, }, }, - "curves": { + "groups": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ "x-kubernetes-list-type": "set", }, }, SchemaProps: spec.SchemaProps{ - Description: "curves is an optional field used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one curve and each curve must be unique.\n\nFor example, to use X25519 and secp256r1 (yaml):\n\n curves:\n - X25519\n - secp256r1", + Description: "groups is an optional field used to specify the supported groups (formerly known as elliptic curves) that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one and at most 5 groups, and each group must be unique.\n\nFor example, to use X25519 and secp256r1 (yaml):\n\n groups:\n - X25519\n - secp256r1", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -20967,14 +20967,14 @@ func schema_openshift_api_config_v1_TLSProfileSpec(ref common.ReferenceCallback) }, }, }, - "curves": { + "groups": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ "x-kubernetes-list-type": "set", }, }, SchemaProps: spec.SchemaProps{ - Description: "curves is an optional field used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one curve and each curve must be unique.\n\nFor example, to use X25519 and secp256r1 (yaml):\n\n curves:\n - X25519\n - secp256r1", + Description: "groups is an optional field used to specify the supported groups (formerly known as elliptic curves) that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one and at most 5 groups, and each group must be unique.\n\nFor example, to use X25519 and secp256r1 (yaml):\n\n groups:\n - X25519\n - secp256r1", Type: []string{"array"}, Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ @@ -21011,7 +21011,7 @@ func schema_openshift_api_config_v1_TLSSecurityProfile(ref common.ReferenceCallb Properties: map[string]spec.Schema{ "type": { SchemaProps: spec.SchemaProps{ - Description: "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe profiles are based on version 5.7 of the Mozilla Server Side TLS configuration guidelines. The cipher lists consist of the configuration's \"ciphersuites\" followed by the Go-specific \"ciphers\" from the guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.", + Description: "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe cipher lists in these profiles are based on version 5.7 of the Mozilla Server Side TLS configuration guidelines. The cipher lists consist of the configuration's \"ciphersuites\" followed by the Go-specific \"ciphers\" from the guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json\n\nThe groups lists are based on Go's crypto/tls default curve preferences (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. Note that X25519MLKEM768 is not FIPS-approved and should be ignored by components running in FIPS mode. See: https://pkg.go.dev/crypto/tls#CurveID\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.", Default: "", Type: []string{"string"}, Format: "", @@ -21019,25 +21019,25 @@ func schema_openshift_api_config_v1_TLSSecurityProfile(ref common.ReferenceCallb }, "old": { SchemaProps: spec.SchemaProps{ - Description: "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe curve list includes by default the following curves: X25519, secp256r1, secp384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", + Description: "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", Ref: ref("github.com/openshift/api/config/v1.OldTLSProfile"), }, }, "intermediate": { SchemaProps: spec.SchemaProps{ - Description: "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe curve list includes by default the following curves: X25519, secp256r1, secp384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305", + Description: "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305", Ref: ref("github.com/openshift/api/config/v1.IntermediateTLSProfile"), }, }, "modern": { SchemaProps: spec.SchemaProps{ - Description: "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256", + Description: "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256", Ref: ref("github.com/openshift/api/config/v1.ModernTLSProfile"), }, }, "custom": { SchemaProps: spec.SchemaProps{ - Description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic.\n\nThe curve list for this profile is empty by default.\n\nAn example custom profile looks like this:\n\n minTLSVersion: VersionTLS11\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256", + Description: "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic.\n\nThe supported groups list for this profile is empty by default.\n\nAn example custom profile looks like this:\n\n minTLSVersion: VersionTLS11\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256", Ref: ref("github.com/openshift/api/config/v1.CustomTLSProfile"), }, }, diff --git a/openapi/openapi.json b/openapi/openapi.json index 324d440900e..2df293d6a9c 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -6,288 +6,507 @@ }, "paths": null, "definitions": { - "com.github.openshift.api.apiextensions.v1alpha1.APIExcludedField": { - "description": "APIExcludedField describes a field in the schema which will not be validated by crdSchemaValidation or objectSchemaValidation.", + "APIGroup.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "APIGroup contains the name, the supported versions, and the preferred version of a group.", "type": "object", "required": [ - "path" + "name", + "versions" ], "properties": { - "path": { - "description": "path is the path to the field in the schema. Paths are dot-separated field names (e.g., \"fieldA.fieldB.fieldC\") representing nested object fields. If part of the path is a slice (e.g., \"status.conditions\") the remaining path is applied to all items in the slice (e.g., \"status.conditions.lastTransitionTimestamp\"). Each field name must be a valid Kubernetes CRD field name: start with a letter, contain only letters, digits, and underscores, and be between 1 and 63 characters in length. A path may contain at most 16 fields.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, + "name": { + "description": "name is the name of the group.", + "type": "string", + "default": "" + }, + "preferredVersion": { + "description": "preferredVersion is the version preferred by the API server, which probably is the storage version.", + "default": {}, + "$ref": "#/definitions/GroupVersionForDiscovery.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "serverAddressByClientCIDRs": { + "description": "a map of client CIDR to server address that is serving this group. This is to help clients reach servers in the most network-efficient way possible. Clients can use the appropriate server address as per the CIDR that they match. In case of multiple matches, clients should use the longest matching CIDR. The server returns only those CIDRs that it thinks that the client can match. For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/ServerAddressByClientCIDR.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-type": "atomic" + }, "versions": { - "description": "versions are the API versions the field is excluded from. When not specified, the field is excluded from all versions.\n\nEach item must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character. At most 32 versions may be specified.", + "description": "versions are the versions supported in this group.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/GroupVersionForDiscovery.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "x-kubernetes-list-type": "set" + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.apiextensions.v1alpha1.APIVersions": { - "description": "APIVersions specifies a set of API versions of a CRD.", + "APIGroupList.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "APIGroupList is a list of APIGroup, to allow clients to discover the API at /apis.", "type": "object", "required": [ - "defaultSelection" + "groups" ], "properties": { - "additionalVersions": { - "description": "additionalVersions specifies a set api versions to require in addition to the default selection. It is explicitly permitted to specify a version in additionalVersions which was also selected by the default selection. The selections will be merged and deduplicated.\n\nEach item must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character.// with an alphabetic character and end with an alphanumeric character. At most 32 additional versions may be specified.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "groups": { + "description": "groups is a list of APIGroup.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/APIGroup.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "x-kubernetes-list-type": "set" + "x-kubernetes-list-type": "atomic" }, - "defaultSelection": { - "description": "defaultSelection specifies a method for automatically selecting a set of versions to require.\n\nValid options are StorageOnly and AllServed. When set to StorageOnly, only the storage version is selected for compatibility assessment. When set to AllServed, all served versions are selected for compatibility assessment.\n\nThis field is required.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" } } }, - "com.github.openshift.api.apiextensions.v1alpha1.CRDData": { - "description": "CRDData contains the complete definition of a CRD.", + "APIResource.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "APIResource specifies the name of a resource and whether it is namespaced.", "type": "object", "required": [ - "type", - "data" + "name", + "singularName", + "namespaced", + "kind", + "verbs" ], "properties": { - "data": { - "description": "data contains the complete definition of the CRD. This field must be in the format specified by the type field. It may not be longer than 1572864 characters. This field is required.", + "categories": { + "description": "categories is a list of the grouped resources this resource belongs to (e.g. 'all')", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "group": { + "description": "group is the preferred group of the resource. Empty implies the group of the containing resource list. For subresources, this may have a different value, for example: Scale\".", "type": "string" }, - "type": { - "description": "type indicates the type of the CRD data. The only supported type is \"YAML\". This field is required.", + "kind": { + "description": "kind is the kind for the resource (e.g. 'Foo' is the kind for a resource 'foo')", + "type": "string", + "default": "" + }, + "name": { + "description": "name is the plural name of the resource.", + "type": "string", + "default": "" + }, + "namespaced": { + "description": "namespaced indicates if a resource is namespaced or not.", + "type": "boolean", + "default": false + }, + "shortNames": { + "description": "shortNames is a list of suggested short names of the resource.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "singularName": { + "description": "singularName is the singular name of the resource. This allows clients to handle plural and singular opaquely. The singularName is more correct for reporting status on a single item and both singular and plural are allowed from the kubectl CLI interface.", + "type": "string", + "default": "" + }, + "storageVersionHash": { + "description": "The hash value of the storage version, the version this resource is converted to when written to the data store. Value must be treated as opaque by clients. Only equality comparison on the value is valid. This is an alpha feature and may change or be removed in the future. The field is populated by the apiserver only if the StorageVersionHash feature gate is enabled. This field will remain optional even if it graduates.", + "type": "string" + }, + "verbs": { + "description": "verbs is a list of supported kube verbs (this includes get, list, watch, create, update, patch, delete, deletecollection, and proxy)", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "version": { + "description": "version is the preferred version of the resource. Empty implies the version of the containing resource list For subresources, this may have a different value, for example: v1 (while inside a v1beta1 version of the core resource's group)\".", "type": "string" } } }, - "com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirement": { - "description": "CompatibilityRequirement expresses a set of requirements on a target CRD. It is used to ensure compatibility between different actors using the same CRD.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "APIResourceList.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "APIResourceList is a list of APIResource, it is used to expose the name of the resources supported in a specific group and version, and if the resource is namespaced.", "type": "object", "required": [ - "metadata", - "spec" + "groupVersion", + "resources" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "groupVersion": { + "description": "groupVersion is the group and version this APIResourceList is for.", + "type": "string", + "default": "" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec is the specification of the desired behavior of the Compatibility Requirement.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirementSpec" - }, - "status": { - "description": "status is the most recently observed status of the Compatibility Requirement.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirementStatus" + "resources": { + "description": "resources contains the name of the resources and if they are namespaced.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/APIResource.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirementList": { - "description": "CompatibilityRequirementList is a collection of CompatibilityRequirements.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "APIVersions.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "APIVersions lists the versions that are available, to allow clients to discover the API at /api, which is the root path of the legacy v1 API.", "type": "object", + "required": [ + "versions", + "serverAddressByClientCIDRs" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "items is a list of CompatibilityRequirements.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirement" - } - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "serverAddressByClientCIDRs": { + "description": "a map of client CIDR to server address that is serving this group. This is to help clients reach servers in the most network-efficient way possible. Clients can use the appropriate server address as per the CIDR that they match. In case of multiple matches, clients should use the longest matching CIDR. The server returns only those CIDRs that it thinks that the client can match. For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/ServerAddressByClientCIDR.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-type": "atomic" + }, + "versions": { + "description": "versions are the api versions that are available.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirementSpec": { - "description": "CompatibilityRequirementSpec is the specification of the desired behavior of the Compatibility Requirement.", + "AWSElasticBlockStoreVolumeSource.v1.core.api.k8s.io": { + "description": "Represents a Persistent Disk resource in AWS.\n\nAn AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.", "type": "object", "required": [ - "compatibilitySchema" + "volumeID" ], "properties": { - "compatibilitySchema": { - "description": "compatibilitySchema defines the schema used by customResourceDefinitionSchemaValidation and objectSchemaValidation. This field is required.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.CompatibilitySchema" + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "string" }, - "customResourceDefinitionSchemaValidation": { - "description": "customResourceDefinitionSchemaValidation ensures that updates to the installed CRD are compatible with this compatibility requirement. If not specified, admission of the target CRD will not be validated. This field is optional.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.CustomResourceDefinitionSchemaValidation" + "partition": { + "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", + "type": "integer", + "format": "int32" }, - "objectSchemaValidation": { - "description": "objectSchemaValidation ensures that matching resources conform to compatibilitySchema. If not specified, admission of matching resources will not be validated. This field is optional.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.ObjectSchemaValidation" + "readOnly": { + "description": "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "boolean" + }, + "volumeID": { + "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirementStatus": { - "description": "CompatibilityRequirementStatus defines the observed status of the Compatibility Requirement.", + "Affinity.v1.core.api.k8s.io": { + "description": "Affinity is a group of affinity scheduling rules.", "type": "object", "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status. Known condition types are Progressing, Admitted, and Compatible.\n\nThe Progressing condition indicates if reconciliation of a CompatibilityRequirement is still progressing or has finished.\n\nThe Admitted condition indicates if the validating webhook has been configured.\n\nThe Compatible condition indicates if the observed CRD is compatible with the requirement.", + "nodeAffinity": { + "description": "Describes node affinity scheduling rules for the pod.", + "$ref": "#/definitions/NodeAffinity.v1.core.api.k8s.io" + }, + "podAffinity": { + "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", + "$ref": "#/definitions/PodAffinity.v1.core.api.k8s.io" + }, + "podAntiAffinity": { + "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", + "$ref": "#/definitions/PodAntiAffinity.v1.core.api.k8s.io" + } + } + }, + "AggregationRule.v1.rbac.api.k8s.io": { + "description": "AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole", + "type": "object", + "properties": { + "clusterRoleSelectors": { + "description": "ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. If any of the selectors match, then the ClusterRole's permissions will be added", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "crdName": { - "description": "crdName is the name of the target CRD. The target CRD is not required to exist, as we may legitimately place requirements on it before it is created. The observed CRD is given in status.observedCRD, which will be empty if no CRD is observed. When present, must be between 1 and 253 characters and conform to RFC 1123 subdomain format: lowercase alphanumeric characters, '-' or '.', starting and ending with alphanumeric characters. When not specified, the requirement applies to any CRD name discovered from the compatibility schema. This field is optional. Once set, the value cannot be changed and must always remain set.", + "x-kubernetes-list-type": "atomic" + } + } + }, + "AppArmorProfile.v1.core.api.k8s.io": { + "description": "AppArmorProfile defines a pod or container's AppArmor settings.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is \"Localhost\".", "type": "string" }, - "observedCRD": { - "description": "observedCRD documents the uid and generation of the CRD object when the current status was written. This field will be omitted if the target CRD does not exist or could not be retrieved.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.ObservedCRD" + "type": { + "description": "type indicates which kind of AppArmor profile will be applied. Valid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.\n\nPossible enum values:\n - `\"Localhost\"` indicates that a profile pre-loaded on the node should be used.\n - `\"RuntimeDefault\"` indicates that the container runtime's default AppArmor profile should be used.\n - `\"Unconfined\"` indicates that no AppArmor profile should be enforced.", + "type": "string", + "default": "", + "enum": [ + "Localhost", + "RuntimeDefault", + "Unconfined" + ] } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "localhostProfile": "LocalhostProfile" + } + } + ] }, - "com.github.openshift.api.apiextensions.v1alpha1.CompatibilitySchema": { - "description": "CompatibilitySchema defines the schema used by crdSchemaValidation and objectSchemaValidation.", + "ApplyOptions.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "ApplyOptions may be provided when applying an API object. FieldManager is required for apply requests. ApplyOptions is equivalent to PatchOptions. It is provided as a convenience with documentation that speaks specifically to how the options fields relate to apply.", "type": "object", "required": [ - "customResourceDefinition", - "requiredVersions" + "force", + "fieldManager" ], "properties": { - "customResourceDefinition": { - "description": "customResourceDefinition contains the complete definition of the CRD for schema and object validation purposes. This field is required.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.CRDData" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "excludedFields": { - "description": "excludedFields is a set of fields in the schema which will not be validated by crdSchemaValidation or objectSchemaValidation. The list may contain at most 64 fields. When not specified, all fields in the schema will be validated.", + "dryRun": { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.APIExcludedField" + "type": "string", + "default": "" }, "x-kubernetes-list-type": "atomic" }, - "requiredVersions": { - "description": "requiredVersions specifies a subset of the CRD's API versions which will be asserted for compatibility. This field is required.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.APIVersions" + "fieldManager": { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required.", + "type": "string", + "default": "" + }, + "force": { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people.", + "type": "boolean", + "default": false + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" } } }, - "com.github.openshift.api.apiextensions.v1alpha1.CustomResourceDefinitionSchemaValidation": { - "description": "CustomResourceDefinitionSchemaValidation ensures that updates to the installed CRD are compatible with this compatibility requirement.", + "AttachedVolume.v1.core.api.k8s.io": { + "description": "AttachedVolume describes a volume attached to a node", "type": "object", "required": [ - "action" + "name", + "devicePath" ], "properties": { - "action": { - "description": "action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). Valid options are Deny and Warn. When set to Deny, incompatible CRDs will be rejected and not admitted to the cluster. When set to Warn, incompatible CRDs will be allowed but a warning will be generated in the API response. This field is required.\n\nPossible enum values:\n - `\"Deny\"` means that incompatible CRDs will be rejected.\n - `\"Warn\"` means that incompatible CRDs will be allowed but a warning will be generated.", + "devicePath": { + "description": "DevicePath represents the device path where the volume should be available", "type": "string", - "enum": [ - "Deny", - "Warn" - ] + "default": "" + }, + "name": { + "description": "Name of the attached volume", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.apiextensions.v1alpha1.ObjectSchemaValidation": { - "description": "ObjectSchemaValidation ensures that matching objects conform to the compatibilitySchema.", + "AuditAnnotation.v1.admissionregistration.api.k8s.io": { + "description": "AuditAnnotation describes how to produce an audit annotation for an API request.", "type": "object", "required": [ - "action" + "key", + "valueExpression" ], "properties": { - "action": { - "description": "action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). Valid options are Deny and Warn. When set to Deny, incompatible Objects will be rejected and not admitted to the cluster. When set to Warn, incompatible Objects will be allowed but a warning will be generated in the API response. This field is required.\n\nPossible enum values:\n - `\"Deny\"` means that incompatible CRDs will be rejected.\n - `\"Warn\"` means that incompatible CRDs will be allowed but a warning will be generated.", + "key": { + "description": "key specifies the audit annotation key. The audit annotation keys of a ValidatingAdmissionPolicy must be unique. The key must be a qualified name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\nThe key is combined with the resource name of the ValidatingAdmissionPolicy to construct an audit annotation key: \"{ValidatingAdmissionPolicy name}/{key}\".\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy and the same audit annotation key, the annotation key will be identical. In this case, the first annotation written with the key will be included in the audit event and all subsequent annotations with the same key will be discarded.\n\nRequired.", "type": "string", - "enum": [ - "Deny", - "Warn" - ] + "default": "" }, - "matchConditions": { - "description": "matchConditions defines the matchConditions field of the resulting ValidatingWebhookConfiguration. When present, must contain between 1 and 64 match conditions. When not specified, the webhook will match all requests according to its other selectors.", + "valueExpression": { + "description": "valueExpression represents the expression which is evaluated by CEL to produce an audit annotation value. The expression must evaluate to either a string or null value. If the expression evaluates to a string, the audit annotation is included with the string value. If the expression evaluates to null or empty string the audit annotation will be omitted. The valueExpression may be no longer than 5kb in length. If the result of the valueExpression is more than 10kb in length, it will be truncated to 10kb.\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an API request, then the valueExpression will be evaluated for each binding. All unique values produced by the valueExpressions will be joined together in a comma-separated list.\n\nRequired.", + "type": "string", + "default": "" + } + } + }, + "AvoidPods.v1.core.api.k8s.io": { + "description": "AvoidPods describes pods that should avoid this node. This is the value for a Node annotation with key scheduler.alpha.kubernetes.io/preferAvoidPods and will eventually become a field of NodeStatus.", + "type": "object", + "properties": { + "preferAvoidPods": { + "description": "Bounded-sized list of signatures of pods that should avoid this node, sorted in timestamp order from oldest to newest. Size of the slice is unspecified.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.MatchCondition" + "$ref": "#/definitions/PreferAvoidPodsEntry.v1.core.api.k8s.io" }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" + } + } + }, + "AzureDiskVolumeSource.v1.core.api.k8s.io": { + "description": "AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.", + "type": "object", + "required": [ + "diskName", + "diskURI" + ], + "properties": { + "cachingMode": { + "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.\n\nPossible enum values:\n - `\"None\"`\n - `\"ReadOnly\"`\n - `\"ReadWrite\"`", + "type": "string", + "default": "ReadWrite", + "enum": [ + "None", + "ReadOnly", + "ReadWrite" + ] }, - "namespaceSelector": { - "description": "namespaceSelector defines a label selector for namespaces. If defined, only objects in a namespace with matching labels will be subject to validation. When not specified, objects for validation will not be filtered by namespace.", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + "diskName": { + "description": "diskName is the Name of the data disk in the blob storage", + "type": "string", + "default": "" }, - "objectSelector": { - "description": "objectSelector defines a label selector for objects. If defined, only objects with matching labels will be subject to validation. When not specified, objects for validation will not be filtered by label.", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + "diskURI": { + "description": "diskURI is the URI of data disk in the blob storage", + "type": "string", + "default": "" + }, + "fsType": { + "description": "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string", + "default": "ext4" + }, + "kind": { + "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared\n\nPossible enum values:\n - `\"Dedicated\"`\n - `\"Managed\"`\n - `\"Shared\"`", + "type": "string", + "default": "Shared", + "enum": [ + "Dedicated", + "Managed", + "Shared" + ] + }, + "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean", + "default": false } } }, - "com.github.openshift.api.apiextensions.v1alpha1.ObservedCRD": { - "description": "ObservedCRD contains information about the observed target CRD.", + "AzureFilePersistentVolumeSource.v1.core.api.k8s.io": { + "description": "AzureFile represents an Azure File Service mount on the host and bind mount to the pod.", "type": "object", "required": [ - "uid", - "generation" + "secretName", + "shareName" ], "properties": { - "generation": { - "description": "generation is the observed generation of the CRD. Must be a positive integer (minimum value of 1).", - "type": "integer", - "format": "int64" + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" }, - "uid": { - "description": "uid is the uid of the observed CRD. Must be a valid UUID consisting of lowercase hexadecimal digits in 5 hyphenated blocks (8-4-4-4-12 format). Length must be between 1 and 36 characters.", + "secretName": { + "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", + "type": "string", + "default": "" + }, + "secretNamespace": { + "description": "secretNamespace is the namespace of the secret that contains Azure Storage Account Name and Key default is the same as the Pod", "type": "string" + }, + "shareName": { + "description": "shareName is the azure Share Name", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.apiserver.v1.APIRequestCount": { - "description": "APIRequestCount tracks requests made to an API. The instance name must be of the form `resource.version.group`, matching the resource.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "AzureFileVolumeSource.v1.core.api.k8s.io": { + "description": "AzureFile represents an Azure File Service mount on the host and bind mount to the pod.", "type": "object", "required": [ - "spec" + "secretName", + "shareName" + ], + "properties": { + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretName": { + "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", + "type": "string", + "default": "" + }, + "shareName": { + "description": "shareName is the azure share Name", + "type": "string", + "default": "" + } + } + }, + "Binding.v1.core.api.k8s.io": { + "description": "Binding ties one object to another; for example, a pod is bound to a node by a scheduler.", + "type": "object", + "required": [ + "target" ], "properties": { "apiVersion": { @@ -299,344 +518,491 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec defines the characteristics of the resource.", + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.APIRequestCountSpec" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "status": { - "description": "status contains the observed state of the resource.", + "target": { + "description": "The target object that you want to bind to the standard object.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.APIRequestCountStatus" + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.apiserver.v1.APIRequestCountList": { - "description": "APIRequestCountList is a list of APIRequestCount resources.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "CSIPersistentVolumeSource.v1.core.api.k8s.io": { + "description": "Represents storage that is managed by an external CSI volume driver", "type": "object", "required": [ - "metadata", - "items" + "driver", + "volumeHandle" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "controllerExpandSecretRef": { + "description": "controllerExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerExpandVolume call. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", + "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.APIRequestCount" - } + "controllerPublishSecretRef": { + "description": "controllerPublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerPublishVolume and ControllerUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", + "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "driver": { + "description": "driver is the name of the driver to use for this volume. Required.", + "type": "string", + "default": "" + }, + "fsType": { + "description": "fsType to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\".", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "nodeExpandSecretRef": { + "description": "nodeExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeExpandVolume call. This field is optional, may be omitted if no secret is required. If the secret object contains more than one secret, all secrets are passed.", + "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" + }, + "nodePublishSecretRef": { + "description": "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", + "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" + }, + "nodeStageSecretRef": { + "description": "nodeStageSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeStageVolume and NodeStageVolume and NodeUnstageVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", + "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" + }, + "readOnly": { + "description": "readOnly value to pass to ControllerPublishVolumeRequest. Defaults to false (read/write).", + "type": "boolean" + }, + "volumeAttributes": { + "description": "volumeAttributes of the volume to publish.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "volumeHandle": { + "description": "volumeHandle is the unique volume name returned by the CSI volume plugin’s CreateVolume to refer to the volume on all subsequent calls. Required.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.apiserver.v1.APIRequestCountSpec": { + "CSIVolumeSource.v1.core.api.k8s.io": { + "description": "Represents a source location of a volume to mount, managed by an external CSI driver", "type": "object", + "required": [ + "driver" + ], "properties": { - "numberOfUsersToReport": { - "description": "numberOfUsersToReport is the number of users to include in the report. If unspecified or zero, the default is ten. This is default is subject to change.", - "type": "integer", - "format": "int64", - "default": 0 + "driver": { + "description": "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.", + "type": "string", + "default": "" + }, + "fsType": { + "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.", + "type": "string" + }, + "nodePublishSecretRef": { + "description": "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + }, + "readOnly": { + "description": "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).", + "type": "boolean" + }, + "volumeAttributes": { + "description": "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.apiserver.v1.APIRequestCountStatus": { + "Capabilities.v1.core.api.k8s.io": { + "description": "Adds and removes POSIX capabilities from running containers.", "type": "object", - "required": [ - "requestCount" - ], "properties": { - "conditions": { - "description": "conditions contains details of the current status of this API Resource.", + "add": { + "description": "Added capabilities", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "currentHour": { - "description": "currentHour contains request history for the current hour. This is porcelain to make the API easier to read by humans seeing if they addressed a problem. This field is reset on the hour.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.PerResourceAPIRequestLog" + "x-kubernetes-list-type": "atomic" }, - "last24h": { - "description": "last24h contains request history for the last 24 hours, indexed by the hour, so 12:00AM-12:59 is in index 0, 6am-6:59am is index 6, etc. The index of the current hour is updated live and then duplicated into the requestsLastHour field.", + "drop": { + "description": "Removed capabilities", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.PerResourceAPIRequestLog" - } - }, - "removedInRelease": { - "description": "removedInRelease is when the API will be removed.", - "type": "string" - }, - "requestCount": { - "description": "requestCount is a sum of all requestCounts across all current hours, nodes, and users.", - "type": "integer", - "format": "int64", - "default": 0 + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.apiserver.v1.PerNodeAPIRequestLog": { - "description": "PerNodeAPIRequestLog contains logs of requests to a certain node.", + "CephFSPersistentVolumeSource.v1.core.api.k8s.io": { + "description": "Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.", "type": "object", "required": [ - "nodeName", - "requestCount", - "byUser" + "monitors" ], "properties": { - "byUser": { - "description": "byUser contains request details by top .spec.numberOfUsersToReport users. Note that because in the case of an apiserver, restart the list of top users is determined on a best-effort basis, the list might be imprecise. In addition, some system users may be explicitly included in the list.", + "monitors": { + "description": "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.PerUserAPIRequestCount" - } + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "nodeName": { - "description": "nodeName where the request are being handled.", - "type": "string", - "default": "" + "path": { + "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", + "type": "string" }, - "requestCount": { - "description": "requestCount is a sum of all requestCounts across all users, even those outside of the top 10 users.", - "type": "integer", - "format": "int64", - "default": 0 + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "boolean" + }, + "secretFile": { + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" + }, + "secretRef": { + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" + }, + "user": { + "description": "user is Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" } } }, - "com.github.openshift.api.apiserver.v1.PerResourceAPIRequestLog": { - "description": "PerResourceAPIRequestLog logs request for various nodes.", + "CephFSVolumeSource.v1.core.api.k8s.io": { + "description": "Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.", "type": "object", "required": [ - "requestCount" + "monitors" ], "properties": { - "byNode": { - "description": "byNode contains logs of requests per node.", + "monitors": { + "description": "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.PerNodeAPIRequestLog" - } + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "requestCount": { - "description": "requestCount is a sum of all requestCounts across nodes.", - "type": "integer", - "format": "int64", - "default": 0 + "path": { + "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", + "type": "string" + }, + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "boolean" + }, + "secretFile": { + "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" + }, + "secretRef": { + "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + }, + "user": { + "description": "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "type": "string" } } }, - "com.github.openshift.api.apiserver.v1.PerUserAPIRequestCount": { - "description": "PerUserAPIRequestCount contains logs of a user's requests.", + "CinderPersistentVolumeSource.v1.core.api.k8s.io": { + "description": "Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.", "type": "object", "required": [ - "username", - "userAgent", - "requestCount", - "byVerb" + "volumeID" ], "properties": { - "byVerb": { - "description": "byVerb details by verb.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.PerVerbAPIRequestCount" - } + "fsType": { + "description": "fsType Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string" }, - "requestCount": { - "description": "requestCount of requests by the user across all verbs.", - "type": "integer", - "format": "int64", - "default": 0 + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "boolean" }, - "userAgent": { - "description": "userAgent that made the request. The same user often has multiple binaries which connect (pods with many containers). The different binaries will have different userAgents, but the same user. In addition, we have userAgents with version information embedded and the userName isn't likely to change.", - "type": "string", - "default": "" + "secretRef": { + "description": "secretRef is Optional: points to a secret object containing parameters used to connect to OpenStack.", + "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" }, - "username": { - "description": "username that made the request.", + "volumeID": { + "description": "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string", "default": "" } } }, - "com.github.openshift.api.apiserver.v1.PerVerbAPIRequestCount": { - "description": "PerVerbAPIRequestCount requestCounts requests by API request verb.", + "CinderVolumeSource.v1.core.api.k8s.io": { + "description": "Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.", "type": "object", "required": [ - "verb", - "requestCount" + "volumeID" ], "properties": { - "requestCount": { - "description": "requestCount of requests for verb.", - "type": "integer", - "format": "int64", - "default": 0 + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "string" }, - "verb": { - "description": "verb of API request (get, list, create, etc...)", + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + }, + "volumeID": { + "description": "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", "type": "string", "default": "" } } }, - "com.github.openshift.api.apps.v1.CustomDeploymentStrategyParams": { - "description": "CustomDeploymentStrategyParams are the input to the Custom deployment strategy.", + "ClientIPConfig.v1.core.api.k8s.io": { + "description": "ClientIPConfig represents the configurations of Client IP based session affinity.", "type": "object", "properties": { - "command": { - "description": "command is optional and overrides CMD in the container Image.", + "timeoutSeconds": { + "description": "timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == \"ClientIP\". Default value is 10800(for 3 hours).", + "type": "integer", + "format": "int32" + } + } + }, + "ClusterRole.v1.rbac.api.k8s.io": { + "description": "ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.", + "type": "object", + "properties": { + "aggregationRule": { + "description": "AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller.", + "$ref": "#/definitions/AggregationRule.v1.rbac.api.k8s.io" + }, + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard object's metadata.", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "rules": { + "description": "Rules holds all the PolicyRules for this ClusterRole", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/PolicyRule.v1.rbac.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "ClusterRoleBinding.v1.rbac.api.k8s.io": { + "description": "ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, and adds who information via Subject.", + "type": "object", + "required": [ + "roleRef" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "environment": { - "description": "environment holds the environment which will be given to the container for Image.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard object's metadata.", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "roleRef": { + "description": "RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable.", + "default": {}, + "$ref": "#/definitions/RoleRef.v1.rbac.api.k8s.io" + }, + "subjects": { + "description": "Subjects holds references to the objects the role applies to.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Subject.v1.rbac.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "ClusterRoleBindingList.v1.rbac.api.k8s.io": { + "description": "ClusterRoleBindingList is a collection of ClusterRoleBindings", + "type": "object", + "required": [ + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "Items is a list of ClusterRoleBindings", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + "$ref": "#/definitions/ClusterRoleBinding.v1.rbac.api.k8s.io" } }, - "image": { - "description": "image specifies a container image which can carry out a deployment.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "Standard object's metadata.", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.apps.v1.DeploymentCause": { - "description": "DeploymentCause captures information about a particular cause of a deployment.", + "ClusterRoleList.v1.rbac.api.k8s.io": { + "description": "ClusterRoleList is a collection of ClusterRoles", "type": "object", "required": [ - "type" + "items" ], "properties": { - "imageTrigger": { - "description": "imageTrigger contains the image trigger details, if this trigger was fired based on an image change", - "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentCauseImageTrigger" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "type": { - "description": "type of the trigger that resulted in the creation of a new deployment", - "type": "string", - "default": "" + "items": { + "description": "Items is a list of ClusterRoles", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/ClusterRole.v1.rbac.api.k8s.io" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard object's metadata.", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.apps.v1.DeploymentCauseImageTrigger": { - "description": "DeploymentCauseImageTrigger represents details about the cause of a deployment originating from an image change trigger", + "ClusterTrustBundleProjection.v1.core.api.k8s.io": { + "description": "ClusterTrustBundleProjection describes how to select a set of ClusterTrustBundle objects and project their contents into the pod filesystem.", "type": "object", "required": [ - "from" + "path" ], "properties": { - "from": { - "description": "from is a reference to the changed object which triggered a deployment. The field may have the kinds DockerImage, ImageStreamTag, or ImageStreamImage.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + "labelSelector": { + "description": "Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as \"match nothing\". If set but empty, interpreted as \"match everything\".", + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "name": { + "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector.", + "type": "string" + }, + "optional": { + "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles.", + "type": "boolean" + }, + "path": { + "description": "Relative path from the volume root to write the bundle.", + "type": "string", + "default": "" + }, + "signerName": { + "description": "Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated.", + "type": "string" } } }, - "com.github.openshift.api.apps.v1.DeploymentCondition": { - "description": "DeploymentCondition describes the state of a deployment config at a certain point.", + "ComponentCondition.v1.core.api.k8s.io": { + "description": "Information about the condition of a component.", "type": "object", "required": [ "type", "status" ], "properties": { - "lastTransitionTime": { - "description": "The last time the condition transitioned from one status to another.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "lastUpdateTime": { - "description": "The last time this condition was updated.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "message": { - "description": "A human readable message indicating details about the transition.", + "error": { + "description": "Condition error code for a component. For example, a health check error code.", "type": "string" }, - "reason": { - "description": "The reason for the condition's last transition.", + "message": { + "description": "Message about the condition for a component. For example, information about a health check.", "type": "string" }, "status": { - "description": "status of the condition, one of True, False, Unknown.", + "description": "Status of the condition for a component. Valid values for \"Healthy\": \"True\", \"False\", or \"Unknown\".", "type": "string", "default": "" }, "type": { - "description": "type of deployment condition.", + "description": "Type of condition for a component. Valid value: \"Healthy\"", "type": "string", "default": "" } } }, - "com.github.openshift.api.apps.v1.DeploymentConfig": { - "description": "Deployment Configs define the template for a pod and manages deploying new images or configuration changes. A single deployment configuration is usually analogous to a single micro-service. Can support many different deployment patterns, including full restart, customizable rolling updates, and fully custom behaviors, as well as pre- and post- deployment hooks. Each individual deployment is represented as a replication controller.\n\nA deployment is \"triggered\" when its configuration is changed or a tag in an Image Stream is changed. Triggers can be disabled to allow manual control over a deployment. The \"strategy\" determines how the deployment is carried out and may be changed at any time. The `latestVersion` field is updated when a new deployment is triggered by any means.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). Deprecated: Use deployments or other means for declarative updates for pods instead.", + "ComponentStatus.v1.core.api.k8s.io": { + "description": "ComponentStatus (and ComponentStatusList) holds the cluster validation info. Deprecated: This API is deprecated in v1.19+", "type": "object", - "required": [ - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "conditions": { + "description": "List of component conditions observed", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/ComponentCondition.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec represents a desired deployment state and how to deploy to it.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentConfigSpec" - }, - "status": { - "description": "status represents the current deployment state.", + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentConfigStatus" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.apps.v1.DeploymentConfigList": { - "description": "DeploymentConfigList is a collection of deployment configs.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "ComponentStatusList.v1.core.api.k8s.io": { + "description": "Status of all the conditions for the component as a list of ComponentStatus objects. Deprecated: This API is deprecated in v1.19+", "type": "object", "required": [ "items" @@ -647,11 +1013,11 @@ "type": "string" }, "items": { - "description": "items is a list of deployment configs", + "description": "List of ComponentStatus objects.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentConfig" + "$ref": "#/definitions/ComponentStatus.v1.core.api.k8s.io" } }, "kind": { @@ -659,1955 +1025,2046 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.apps.v1.DeploymentConfigRollback": { - "description": "DeploymentConfigRollback provides the input to rollback generation.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "Condition.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "Condition contains details for one aspect of the current state of this API Resource.", "type": "object", "required": [ - "name", - "spec" + "type", + "status", + "lastTransitionTime", + "reason", + "message" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "name": { - "description": "name of the deployment config that will be rolled back.", + "message": { + "description": "message is a human readable message indicating details about the transition. This may be an empty string.", "type": "string", "default": "" }, - "spec": { - "description": "spec defines the options to rollback generation.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentConfigRollbackSpec" + "observedGeneration": { + "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", + "type": "integer", + "format": "int64" }, - "updatedAnnotations": { - "description": "updatedAnnotations is a set of new annotations that will be added in the deployment config.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - } - } - }, - "com.github.openshift.api.apps.v1.DeploymentConfigRollbackSpec": { - "description": "DeploymentConfigRollbackSpec represents the options for rollback generation.", - "type": "object", - "required": [ - "from", - "includeTriggers", - "includeTemplate", - "includeReplicationMeta", - "includeStrategy" - ], - "properties": { - "from": { - "description": "from points to a ReplicationController which is a deployment.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" - }, - "includeReplicationMeta": { - "description": "includeReplicationMeta specifies whether to include the replica count and selector.", - "type": "boolean", - "default": false - }, - "includeStrategy": { - "description": "includeStrategy specifies whether to include the deployment Strategy.", - "type": "boolean", - "default": false - }, - "includeTemplate": { - "description": "includeTemplate specifies whether to include the PodTemplateSpec.", - "type": "boolean", - "default": false + "reason": { + "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", + "type": "string", + "default": "" }, - "includeTriggers": { - "description": "includeTriggers specifies whether to include config Triggers.", - "type": "boolean", - "default": false + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "type": "string", + "default": "" }, - "revision": { - "description": "revision to rollback to. If set to 0, rollback to the last revision.", - "type": "integer", - "format": "int64" + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.apps.v1.DeploymentConfigSpec": { - "description": "DeploymentConfigSpec represents the desired state of the deployment.", + "ConfigMap.v1.core.api.k8s.io": { + "description": "ConfigMap holds configuration data for pods to consume.", "type": "object", "properties": { - "minReadySeconds": { - "description": "minReadySeconds is the minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)", - "type": "integer", - "format": "int32" - }, - "paused": { - "description": "paused indicates that the deployment config is paused resulting in no new deployments on template changes or changes in the template caused by other triggers.", - "type": "boolean" - }, - "replicas": { - "description": "replicas is the number of desired replicas.", - "type": "integer", - "format": "int32", - "default": 0 + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "revisionHistoryLimit": { - "description": "revisionHistoryLimit is the number of old ReplicationControllers to retain to allow for rollbacks. This field is a pointer to allow for differentiation between an explicit zero and not specified. Defaults to 10. (This only applies to DeploymentConfigs created via the new group API resource, not the legacy resource.)", - "type": "integer", - "format": "int32" + "binaryData": { + "description": "BinaryData contains the binary data. Each key must consist of alphanumeric characters, '-', '_' or '.'. BinaryData can contain byte sequences that are not in the UTF-8 range. The keys stored in BinaryData must not overlap with the ones in the Data field, this is enforced during validation process. Using this field will require 1.10+ apiserver and kubelet.", + "type": "object", + "additionalProperties": { + "type": "string", + "format": "byte" + } }, - "selector": { - "description": "selector is a label query over pods that should match the Replicas count.", + "data": { + "description": "Data contains the configuration data. Each key must consist of alphanumeric characters, '-', '_' or '.'. Values with non-UTF-8 byte sequences must use the BinaryData field. The keys stored in Data must not overlap with the keys in the BinaryData field, this is enforced during validation process.", "type": "object", "additionalProperties": { "type": "string", "default": "" } }, - "strategy": { - "description": "strategy describes how a deployment is executed.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentStrategy" - }, - "template": { - "description": "template is the object that describes the pod that will be created if insufficient replicas are detected.", - "$ref": "#/definitions/io.k8s.api.core.v1.PodTemplateSpec" + "immutable": { + "description": "Immutable, if set to true, ensures that data stored in the ConfigMap cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil.", + "type": "boolean" }, - "test": { - "description": "test ensures that this deployment config will have zero replicas except while a deployment is running. This allows the deployment config to be used as a continuous deployment test - triggering on images, running the deployment, and then succeeding or failing. Post strategy hooks and After actions can be used to integrate successful deployment with an action.", - "type": "boolean", - "default": false + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "triggers": { - "description": "triggers determine how updates to a DeploymentConfig result in new deployments. If no triggers are defined, a new deployment can only occur as a result of an explicit client update to the DeploymentConfig with a new LatestVersion. If null, defaults to having a config change trigger.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentTriggerPolicy" - } + "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.apps.v1.DeploymentConfigStatus": { - "description": "DeploymentConfigStatus represents the current deployment state.", + "ConfigMapEnvSource.v1.core.api.k8s.io": { + "description": "ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.\n\nThe contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.", "type": "object", "properties": { - "availableReplicas": { - "description": "availableReplicas is the total number of available pods targeted by this deployment config.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "conditions": { - "description": "conditions represents the latest available observations of a deployment config's current state.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentCondition" - }, - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" - }, - "details": { - "description": "details are the reasons for the update to this deployment config. This could be based on a change made by the user or caused by an automatic trigger", - "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentDetails" - }, - "latestVersion": { - "description": "latestVersion is used to determine whether the current deployment associated with a deployment config is out of sync.", - "type": "integer", - "format": "int64", - "default": 0 - }, - "observedGeneration": { - "description": "observedGeneration is the most recent generation observed by the deployment config controller.", - "type": "integer", - "format": "int64", - "default": 0 - }, - "readyReplicas": { - "description": "Total number of ready pods targeted by this deployment.", - "type": "integer", - "format": "int32" - }, - "replicas": { - "description": "replicas is the total number of pods targeted by this deployment config.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "unavailableReplicas": { - "description": "unavailableReplicas is the total number of unavailable pods targeted by this deployment config.", - "type": "integer", - "format": "int32", - "default": 0 + "name": { + "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string", + "default": "" }, - "updatedReplicas": { - "description": "updatedReplicas is the total number of non-terminated pods targeted by this deployment config that have the desired template spec.", - "type": "integer", - "format": "int32", - "default": 0 + "optional": { + "description": "Specify whether the ConfigMap must be defined", + "type": "boolean" } } }, - "com.github.openshift.api.apps.v1.DeploymentDetails": { - "description": "DeploymentDetails captures information about the causes of a deployment.", + "ConfigMapKeySelector.v1.core.api.k8s.io": { + "description": "Selects a key from a ConfigMap.", "type": "object", "required": [ - "causes" + "key" ], "properties": { - "causes": { - "description": "causes are extended data associated with all the causes for creating a new deployment", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentCause" - } + "key": { + "description": "The key to select.", + "type": "string", + "default": "" }, - "message": { - "description": "message is the user specified change message, if this deployment was triggered manually by the user", - "type": "string" + "name": { + "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string", + "default": "" + }, + "optional": { + "description": "Specify whether the ConfigMap or its key must be defined", + "type": "boolean" } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.apps.v1.DeploymentLog": { - "description": "DeploymentLog represents the logs for a deployment\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "ConfigMapList.v1.core.api.k8s.io": { + "description": "ConfigMapList is a resource containing a list of ConfigMap objects.", "type": "object", + "required": [ + "items" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "description": "Items is the list of ConfigMaps.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/ConfigMap.v1.core.api.k8s.io" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.apps.v1.DeploymentLogOptions": { - "description": "DeploymentLogOptions is the REST options for a deployment log\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "ConfigMapNodeConfigSource.v1.core.api.k8s.io": { + "description": "ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration", "type": "object", + "required": [ + "namespace", + "name", + "kubeletConfigKey" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "kubeletConfigKey": { + "description": "KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure This field is required in all cases.", + "type": "string", + "default": "" }, - "container": { - "description": "The container for which to stream logs. Defaults to only container if there is one container in the pod.", - "type": "string" + "name": { + "description": "Name is the metadata.name of the referenced ConfigMap. This field is required in all cases.", + "type": "string", + "default": "" }, - "follow": { - "description": "follow if true indicates that the build log should be streamed until the build terminates.", - "type": "boolean" + "namespace": { + "description": "Namespace is the metadata.namespace of the referenced ConfigMap. This field is required in all cases.", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "resourceVersion": { + "description": "ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.", "type": "string" }, - "limitBytes": { - "description": "If set, the number of bytes to read from the server before terminating the log output. This may not display a complete final line of logging, and may return slightly more or slightly less than the specified limit.", - "type": "integer", - "format": "int64" - }, - "nowait": { - "description": "nowait if true causes the call to return immediately even if the deployment is not available yet. Otherwise the server will wait until the deployment has started.", - "type": "boolean" - }, - "previous": { - "description": "Return previous deployment logs. Defaults to false.", - "type": "boolean" - }, - "sinceSeconds": { - "description": "A relative time in seconds before the current time from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", - "type": "integer", - "format": "int64" - }, - "sinceTime": { - "description": "An RFC3339 timestamp from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "tailLines": { - "description": "If set, the number of lines from the end of the logs to show. If not specified, logs are shown from the creation of the container or sinceSeconds or sinceTime", - "type": "integer", - "format": "int64" - }, - "timestamps": { - "description": "If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line of log output. Defaults to false.", - "type": "boolean" - }, - "version": { - "description": "version of the deployment for which to view logs.", - "type": "integer", - "format": "int64" + "uid": { + "description": "UID is the metadata.UID of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.", + "type": "string" } } }, - "com.github.openshift.api.apps.v1.DeploymentRequest": { - "description": "DeploymentRequest is a request to a deployment config for a new deployment.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "ConfigMapProjection.v1.core.api.k8s.io": { + "description": "Adapts a ConfigMap into a projected volume.\n\nThe contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.", "type": "object", - "required": [ - "name", - "latest", - "force" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "excludeTriggers": { - "description": "excludeTriggers instructs the instantiator to avoid processing the specified triggers. This field overrides the triggers from latest and allows clients to control specific logic. This field is ignored if not specified.", + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", "type": "array", "items": { - "type": "string", - "default": "" - } - }, - "force": { - "description": "force will try to force a new deployment to run. If the deployment config is paused, then setting this to true will return an Invalid error.", - "type": "boolean", - "default": false - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "latest": { - "description": "latest will update the deployment config with the latest state from all triggers.", - "type": "boolean", - "default": false + "default": {}, + "$ref": "#/definitions/KeyToPath.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, "name": { - "description": "name of the deployment config for requesting a new deployment.", + "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string", "default": "" + }, + "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", + "type": "boolean" } } }, - "com.github.openshift.api.apps.v1.DeploymentStrategy": { - "description": "DeploymentStrategy describes how to perform a deployment.", + "ConfigMapVolumeSource.v1.core.api.k8s.io": { + "description": "Adapts a ConfigMap into a volume.\n\nThe contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. ConfigMap volumes support ownership management and SELinux relabeling.", "type": "object", "properties": { - "activeDeadlineSeconds": { - "description": "activeDeadlineSeconds is the duration in seconds that the deployer pods for this deployment config may be active on a node before the system actively tries to terminate them.", + "defaultMode": { + "description": "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", - "format": "int64" - }, - "annotations": { - "description": "annotations is a set of key, value pairs added to custom deployer and lifecycle pre/post hook pods.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "customParams": { - "description": "customParams are the input to the Custom deployment strategy, and may also be specified for the Recreate and Rolling strategies to customize the execution process that runs the deployment.", - "$ref": "#/definitions/com.github.openshift.api.apps.v1.CustomDeploymentStrategyParams" - }, - "labels": { - "description": "labels is a set of key, value pairs added to custom deployer and lifecycle pre/post hook pods.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "recreateParams": { - "description": "recreateParams are the input to the Recreate deployment strategy.", - "$ref": "#/definitions/com.github.openshift.api.apps.v1.RecreateDeploymentStrategyParams" + "format": "int32" }, - "resources": { - "description": "resources contains resource requirements to execute the deployment and any hooks.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/KeyToPath.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "rollingParams": { - "description": "rollingParams are the input to the Rolling deployment strategy.", - "$ref": "#/definitions/com.github.openshift.api.apps.v1.RollingDeploymentStrategyParams" + "name": { + "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string", + "default": "" }, - "type": { - "description": "type is the name of a deployment strategy.", - "type": "string" + "optional": { + "description": "optional specify whether the ConfigMap or its keys must be defined", + "type": "boolean" } } }, - "com.github.openshift.api.apps.v1.DeploymentTriggerImageChangeParams": { - "description": "DeploymentTriggerImageChangeParams represents the parameters to the ImageChange trigger.", + "Container.v1.core.api.k8s.io": { + "description": "A single application container that you want to run within a pod.", "type": "object", "required": [ - "from" + "name" ], "properties": { - "automatic": { - "description": "automatic means that the detection of a new tag value should result in an image update inside the pod template.", - "type": "boolean" - }, - "containerNames": { - "description": "containerNames is used to restrict tag updates to the specified set of container names in a pod. If multiple triggers point to the same containers, the resulting behavior is undefined. Future API versions will make this a validation error. If ContainerNames does not point to a valid container, the trigger will be ignored. Future API versions will make this a validation error.", + "args": { + "description": "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "type": "array", "items": { "type": "string", "default": "" - } - }, - "from": { - "description": "from is a reference to an image stream tag to watch for changes. From.Name is the only required subfield - if From.Namespace is blank, the namespace of the current deployment trigger will be used.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" - }, - "lastTriggeredImage": { - "description": "lastTriggeredImage is the last image to be triggered.", - "type": "string" - } - } - }, - "com.github.openshift.api.apps.v1.DeploymentTriggerPolicy": { - "description": "DeploymentTriggerPolicy describes a policy for a single trigger that results in a new deployment.", - "type": "object", - "properties": { - "imageChangeParams": { - "description": "imageChangeParams represents the parameters for the ImageChange trigger.", - "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentTriggerImageChangeParams" + }, + "x-kubernetes-list-type": "atomic" }, - "type": { - "description": "type of the trigger", - "type": "string" - } - } - }, - "com.github.openshift.api.apps.v1.ExecNewPodHook": { - "description": "ExecNewPodHook is a hook implementation which runs a command in a new pod based on the specified container which is assumed to be part of the deployment template.", - "type": "object", - "required": [ - "command", - "containerName" - ], - "properties": { "command": { - "description": "command is the action command and its arguments.", + "description": "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "type": "array", "items": { "type": "string", "default": "" - } - }, - "containerName": { - "description": "containerName is the name of a container in the deployment pod template whose container image will be used for the hook pod's container.", - "type": "string", - "default": "" + }, + "x-kubernetes-list-type": "atomic" }, "env": { - "description": "env is a set of environment variables to supply to the hook pod's container.", + "description": "List of environment variables to set in the container. Cannot be updated.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" - } + "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" }, - "volumes": { - "description": "volumes is a list of named volumes from the pod template which should be copied to the hook pod. Volumes names not found in pod spec are ignored. An empty list means no volumes will be copied.", + "envFrom": { + "description": "List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", "type": "array", "items": { - "type": "string", - "default": "" - } - } - } - }, - "com.github.openshift.api.apps.v1.LifecycleHook": { - "description": "LifecycleHook defines a specific deployment lifecycle action. Only one type of action may be specified at any time.", - "type": "object", - "required": [ - "failurePolicy" - ], - "properties": { - "execNewPod": { - "description": "execNewPod specifies the options for a lifecycle hook backed by a pod.", - "$ref": "#/definitions/com.github.openshift.api.apps.v1.ExecNewPodHook" + "default": {}, + "$ref": "#/definitions/EnvFromSource.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "failurePolicy": { - "description": "failurePolicy specifies what action to take if the hook fails.", + "image": { + "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", + "type": "string" + }, + "imagePullPolicy": { + "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images\n\nPossible enum values:\n - `\"Always\"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.\n - `\"IfNotPresent\"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.\n - `\"Never\"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present", + "type": "string", + "enum": [ + "Always", + "IfNotPresent", + "Never" + ] + }, + "lifecycle": { + "description": "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", + "$ref": "#/definitions/Lifecycle.v1.core.api.k8s.io" + }, + "livenessProbe": { + "description": "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "$ref": "#/definitions/Probe.v1.core.api.k8s.io" + }, + "name": { + "description": "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", "type": "string", "default": "" }, - "tagImages": { - "description": "tagImages instructs the deployer to tag the current image referenced under a container onto an image stream tag.", - "type": "array", + "ports": { + "description": "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.", + "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.apps.v1.TagImageHook" - } - } - } - }, - "com.github.openshift.api.apps.v1.RecreateDeploymentStrategyParams": { - "description": "RecreateDeploymentStrategyParams are the input to the Recreate deployment strategy.", - "type": "object", - "properties": { - "mid": { - "description": "mid is a lifecycle hook which is executed while the deployment is scaled down to zero before the first new pod is created. All LifecycleHookFailurePolicy values are supported.", - "$ref": "#/definitions/com.github.openshift.api.apps.v1.LifecycleHook" + "$ref": "#/definitions/ContainerPort.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "containerPort", + "x-kubernetes-patch-strategy": "merge" }, - "post": { - "description": "post is a lifecycle hook which is executed after the strategy has finished all deployment logic. All LifecycleHookFailurePolicy values are supported.", - "$ref": "#/definitions/com.github.openshift.api.apps.v1.LifecycleHook" + "readinessProbe": { + "description": "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "$ref": "#/definitions/Probe.v1.core.api.k8s.io" }, - "pre": { - "description": "pre is a lifecycle hook which is executed before the strategy manipulates the deployment. All LifecycleHookFailurePolicy values are supported.", - "$ref": "#/definitions/com.github.openshift.api.apps.v1.LifecycleHook" + "resizePolicy": { + "description": "Resources resize policy for the container. This field cannot be set on ephemeral containers.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/ContainerResizePolicy.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "timeoutSeconds": { - "description": "timeoutSeconds is the time to wait for updates before giving up. If the value is nil, a default will be used.", - "type": "integer", - "format": "int64" - } - } - }, - "com.github.openshift.api.apps.v1.RollingDeploymentStrategyParams": { - "description": "RollingDeploymentStrategyParams are the input to the Rolling deployment strategy.", - "type": "object", - "properties": { - "intervalSeconds": { - "description": "intervalSeconds is the time to wait between polling deployment status after update. If the value is nil, a default will be used.", - "type": "integer", - "format": "int64" + "resources": { + "description": "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "default": {}, + "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" }, - "maxSurge": { - "description": "maxSurge is the maximum number of pods that can be scheduled above the original number of pods. Value can be an absolute number (ex: 5) or a percentage of total pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up.\n\nThis cannot be 0 if MaxUnavailable is 0. By default, 25% is used.\n\nExample: when this is set to 30%, the new RC can be scaled up by 30% immediately when the rolling update starts. Once old pods have been killed, new RC can be scaled up further, ensuring that total number of pods running at any time during the update is atmost 130% of original pods.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + "restartPolicy": { + "description": "RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.", + "type": "string" }, - "maxUnavailable": { - "description": "maxUnavailable is the maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total pods at the start of update (ex: 10%). Absolute number is calculated from percentage by rounding down.\n\nThis cannot be 0 if MaxSurge is 0. By default, 25% is used.\n\nExample: when this is set to 30%, the old RC can be scaled down by 30% immediately when the rolling update starts. Once new pods are ready, old RC can be scaled down further, followed by scaling up the new RC, ensuring that at least 70% of original number of pods are available at all times during the update.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + "restartPolicyRules": { + "description": "Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/ContainerRestartRule.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "post": { - "description": "post is a lifecycle hook which is executed after the strategy has finished all deployment logic. All LifecycleHookFailurePolicy values are supported.", - "$ref": "#/definitions/com.github.openshift.api.apps.v1.LifecycleHook" + "securityContext": { + "description": "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "$ref": "#/definitions/SecurityContext.v1.core.api.k8s.io" }, - "pre": { - "description": "pre is a lifecycle hook which is executed before the deployment process begins. All LifecycleHookFailurePolicy values are supported.", - "$ref": "#/definitions/com.github.openshift.api.apps.v1.LifecycleHook" + "startupProbe": { + "description": "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "$ref": "#/definitions/Probe.v1.core.api.k8s.io" }, - "timeoutSeconds": { - "description": "timeoutSeconds is the time to wait for updates before giving up. If the value is nil, a default will be used.", - "type": "integer", - "format": "int64" + "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", + "type": "boolean" }, - "updatePeriodSeconds": { - "description": "updatePeriodSeconds is the time to wait between individual pod updates. If the value is nil, a default will be used.", - "type": "integer", - "format": "int64" - } - } - }, - "com.github.openshift.api.apps.v1.TagImageHook": { - "description": "TagImageHook is a request to tag the image in a particular container onto an ImageStreamTag.", - "type": "object", - "required": [ - "containerName", - "to" - ], - "properties": { - "containerName": { - "description": "containerName is the name of a container in the deployment config whose image value will be used as the source of the tag. If there is only a single container this value will be defaulted to the name of that container.", + "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", + "type": "boolean" + }, + "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", + "type": "string" + }, + "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.\n\nPossible enum values:\n - `\"FallbackToLogsOnError\"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.\n - `\"File\"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.", "type": "string", - "default": "" + "enum": [ + "FallbackToLogsOnError", + "File" + ] }, - "to": { - "description": "to is the target ImageStreamTag to set the container's image onto.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", + "type": "boolean" + }, + "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/VolumeDevice.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "devicePath", + "x-kubernetes-patch-strategy": "merge" + }, + "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem. Cannot be updated.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/VolumeMount.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "mountPath", + "x-kubernetes-patch-strategy": "merge" + }, + "workingDir": { + "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", + "type": "string" } } }, - "com.github.openshift.api.authorization.v1.Action": { - "description": "Action describes a request to the API server", + "ContainerExtendedResourceRequest.v1.core.api.k8s.io": { + "description": "ContainerExtendedResourceRequest has the mapping of container name, extended resource name to the device request name.", "type": "object", "required": [ - "namespace", - "verb", - "resourceAPIGroup", - "resourceAPIVersion", - "resource", + "containerName", "resourceName", - "path", - "isNonResourceURL" + "requestName" ], "properties": { - "content": { - "description": "content is the actual content of the request for create and update", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - }, - "isNonResourceURL": { - "description": "isNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hierarchy)", - "type": "boolean", - "default": false - }, - "namespace": { - "description": "namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces", - "type": "string", - "default": "" - }, - "path": { - "description": "path is the path of a non resource URL", - "type": "string", - "default": "" - }, - "resource": { - "description": "resource is one of the existing resource types", - "type": "string", - "default": "" - }, - "resourceAPIGroup": { - "description": "Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined", + "containerName": { + "description": "The name of the container requesting resources.", "type": "string", "default": "" }, - "resourceAPIVersion": { - "description": "Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined", + "requestName": { + "description": "The name of the request in the special ResourceClaim which corresponds to the extended resource.", "type": "string", "default": "" }, "resourceName": { - "description": "resourceName is the name of the resource being requested for a \"get\" or deleted for a \"delete\"", + "description": "The name of the extended resource in that container which gets backed by DRA.", "type": "string", "default": "" + } + } + }, + "ContainerImage.v1.core.api.k8s.io": { + "description": "Describe a container image", + "type": "object", + "properties": { + "names": { + "description": "Names by which this image is known. e.g. [\"kubernetes.example/hyperkube:v1.0.7\", \"cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7\"]", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "verb": { - "description": "verb is one of: get, list, watch, create, update, delete", - "type": "string", - "default": "" + "sizeBytes": { + "description": "The size of the image in bytes.", + "type": "integer", + "format": "int64" } } }, - "com.github.openshift.api.authorization.v1.ClusterRole": { - "description": "ClusterRole is a logical grouping of PolicyRules that can be referenced as a unit by ClusterRoleBindings.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "ContainerPort.v1.core.api.k8s.io": { + "description": "ContainerPort represents a network port in a single container.", "type": "object", "required": [ - "rules" + "containerPort" ], "properties": { - "aggregationRule": { - "description": "aggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller.", - "$ref": "#/definitions/io.k8s.api.rbac.v1.AggregationRule" + "containerPort": { + "description": "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.", + "type": "integer", + "format": "int32", + "default": 0 }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "hostIP": { + "description": "What host IP to bind the external port to.", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "hostPort": { + "description": "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", + "type": "integer", + "format": "int32" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "name": { + "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", + "type": "string" }, - "rules": { - "description": "rules holds all the PolicyRules for this ClusterRole", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.PolicyRule" - } + "protocol": { + "description": "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".\n\nPossible enum values:\n - `\"SCTP\"` is the SCTP protocol.\n - `\"TCP\"` is the TCP protocol.\n - `\"UDP\"` is the UDP protocol.", + "type": "string", + "default": "TCP", + "enum": [ + "SCTP", + "TCP", + "UDP" + ] } } }, - "com.github.openshift.api.authorization.v1.ClusterRoleBinding": { - "description": "ClusterRoleBinding references a ClusterRole, but not contain it. It can reference any ClusterRole in the same namespace or in the global namespace. It adds who information via (Users and Groups) OR Subjects and namespace information by which namespace it exists in. ClusterRoleBindings in a given namespace only have effect in that namespace (excepting the master namespace which has power in all namespaces).\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "ContainerResizePolicy.v1.core.api.k8s.io": { + "description": "ContainerResizePolicy represents resource resize policy for the container.", "type": "object", "required": [ - "subjects", - "roleRef" + "resourceName", + "restartPolicy" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "groupNames": { - "description": "groupNames holds all the groups directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "roleRef": { - "description": "roleRef can only reference the current namespace and the global namespace. If the ClusterRoleRef cannot be resolved, the Authorizer must return an error. Since Policy is a singleton, this is sufficient knowledge to locate a role.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" - }, - "subjects": { - "description": "subjects hold object references to authorize with this rule. This field is ignored if UserNames or GroupNames are specified to support legacy clients and servers. Thus newer clients that do not need to support backwards compatibility should send only fully qualified Subjects and should omit the UserNames and GroupNames fields. Clients that need to support backwards compatibility can use this field to build the UserNames and GroupNames.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" - } + "resourceName": { + "description": "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.", + "type": "string", + "default": "" }, - "userNames": { - "description": "userNames holds all the usernames directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "restartPolicy": { + "description": "Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.authorization.v1.ClusterRoleBindingList": { - "description": "ClusterRoleBindingList is a collection of ClusterRoleBindings\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "ContainerRestartRule.v1.core.api.k8s.io": { + "description": "ContainerRestartRule describes how a container exit is handled.", "type": "object", "required": [ - "items" + "action" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is a list of ClusterRoleBindings", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.ClusterRoleBinding" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "action": { + "description": "Specifies the action taken on a container exit if the requirements are satisfied. The only possible value is \"Restart\" to restart the container.", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "exitCodes": { + "description": "Represents the exit codes to check on container exits.", + "$ref": "#/definitions/ContainerRestartRuleOnExitCodes.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.authorization.v1.ClusterRoleList": { - "description": "ClusterRoleList is a collection of ClusterRoles\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "ContainerRestartRuleOnExitCodes.v1.core.api.k8s.io": { + "description": "ContainerRestartRuleOnExitCodes describes the condition for handling an exited container based on its exit codes.", "type": "object", "required": [ - "items" + "operator" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "operator": { + "description": "Represents the relationship between the container exit code(s) and the specified values. Possible values are: - In: the requirement is satisfied if the container exit code is in the\n set of specified values.\n- NotIn: the requirement is satisfied if the container exit code is\n not in the set of specified values.", "type": "string" }, - "items": { - "description": "items is a list of ClusterRoles", + "values": { + "description": "Specifies the set of values to check for container exit codes. At most 255 elements are allowed.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.ClusterRole" - } + "type": "integer", + "format": "int32", + "default": 0 + }, + "x-kubernetes-list-type": "set" + } + } + }, + "ContainerState.v1.core.api.k8s.io": { + "description": "ContainerState holds a possible state of container. Only one of its members may be specified. If none of them is specified, the default one is ContainerStateWaiting.", + "type": "object", + "properties": { + "running": { + "description": "Details about a running container", + "$ref": "#/definitions/ContainerStateRunning.v1.core.api.k8s.io" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "terminated": { + "description": "Details about a terminated container", + "$ref": "#/definitions/ContainerStateTerminated.v1.core.api.k8s.io" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "waiting": { + "description": "Details about a waiting container", + "$ref": "#/definitions/ContainerStateWaiting.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.authorization.v1.GroupRestriction": { - "description": "GroupRestriction matches a group either by a string match on the group name or a label selector applied to group labels.", + "ContainerStateRunning.v1.core.api.k8s.io": { + "description": "ContainerStateRunning is a running state of a container.", + "type": "object", + "properties": { + "startedAt": { + "description": "Time at which the container was last (re-)started", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "ContainerStateTerminated.v1.core.api.k8s.io": { + "description": "ContainerStateTerminated is a terminated state of a container.", "type": "object", "required": [ - "groups", - "labels" + "exitCode" ], "properties": { - "groups": { - "description": "groups is a list of groups used to match against an individual user's groups. If the user is a member of one of the whitelisted groups, the user is allowed to be bound to a role.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "containerID": { + "description": "Container's ID in the format '://'", + "type": "string" }, - "labels": { - "description": "Selectors specifies a list of label selectors over group labels.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" - } + "exitCode": { + "description": "Exit status from the last termination of the container", + "type": "integer", + "format": "int32", + "default": 0 + }, + "finishedAt": { + "description": "Time at which the container last terminated", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "message": { + "description": "Message regarding the last termination of the container", + "type": "string" + }, + "reason": { + "description": "(brief) reason from the last termination of the container", + "type": "string" + }, + "signal": { + "description": "Signal from the last termination of the container", + "type": "integer", + "format": "int32" + }, + "startedAt": { + "description": "Time at which previous execution of the container started", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.authorization.v1.IsPersonalSubjectAccessReview": { - "description": "IsPersonalSubjectAccessReview is a marker for PolicyRule.AttributeRestrictions that denotes that subjectaccessreviews on self should be allowed\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "ContainerStateWaiting.v1.core.api.k8s.io": { + "description": "ContainerStateWaiting is a waiting state of a container.", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "message": { + "description": "Message regarding why the container is not yet running.", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "reason": { + "description": "(brief) reason the container is not yet running.", "type": "string" } } }, - "com.github.openshift.api.authorization.v1.LocalResourceAccessReview": { - "description": "LocalResourceAccessReview is a means to request a list of which users and groups are authorized to perform the action specified by spec in a particular namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "ContainerStatus.v1.core.api.k8s.io": { + "description": "ContainerStatus contains details for the current status of this container.", "type": "object", "required": [ - "namespace", - "verb", - "resourceAPIGroup", - "resourceAPIVersion", - "resource", - "resourceName", - "path", - "isNonResourceURL" + "name", + "ready", + "restartCount", + "image", + "imageID" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "content": { - "description": "content is the actual content of the request for create and update", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "allocatedResources": { + "description": "AllocatedResources represents the compute resources allocated for this container by the node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission and after successfully admitting desired pod resize.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + } }, - "isNonResourceURL": { - "description": "isNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hierarchy)", - "type": "boolean", - "default": false + "allocatedResourcesStatus": { + "description": "AllocatedResourcesStatus represents the status of various resources allocated for this Pod.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/ResourceStatus.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "containerID": { + "description": "ContainerID is the ID of the container in the format '://'. Where type is a container runtime identifier, returned from Version call of CRI API (for example \"containerd\").", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "namespace": { - "description": "namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces", - "type": "string", - "default": "" - }, - "path": { - "description": "path is the path of a non resource URL", + "image": { + "description": "Image is the name of container image that the container is running. The container image may not match the image used in the PodSpec, as it may have been resolved by the runtime. More info: https://kubernetes.io/docs/concepts/containers/images.", "type": "string", "default": "" }, - "resource": { - "description": "resource is one of the existing resource types", + "imageID": { + "description": "ImageID is the image ID of the container's image. The image ID may not match the image ID of the image used in the PodSpec, as it may have been resolved by the runtime.", "type": "string", "default": "" }, - "resourceAPIGroup": { - "description": "Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined", - "type": "string", - "default": "" + "lastState": { + "description": "LastTerminationState holds the last termination state of the container to help debug container crashes and restarts. This field is not populated if the container is still running and RestartCount is 0.", + "default": {}, + "$ref": "#/definitions/ContainerState.v1.core.api.k8s.io" }, - "resourceAPIVersion": { - "description": "Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined", + "name": { + "description": "Name is a DNS_LABEL representing the unique name of the container. Each container in a pod must have a unique name across all container types. Cannot be updated.", "type": "string", "default": "" }, - "resourceName": { - "description": "resourceName is the name of the resource being requested for a \"get\" or deleted for a \"delete\"", - "type": "string", - "default": "" + "ready": { + "description": "Ready specifies whether the container is currently passing its readiness check. The value will change as readiness probes keep executing. If no readiness probes are specified, this field defaults to true once the container is fully started (see Started field).\n\nThe value is typically used to determine whether a container is ready to accept traffic.", + "type": "boolean", + "default": false }, - "verb": { - "description": "verb is one of: get, list, watch, create, update, delete", + "resources": { + "description": "Resources represents the compute resource requests and limits that have been successfully enacted on the running container after it has been started or has been successfully resized.", + "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" + }, + "restartCount": { + "description": "RestartCount holds the number of times the container has been restarted. Kubelet makes an effort to always increment the value, but there are cases when the state may be lost due to node restarts and then the value may be reset to 0. The value is never negative.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "started": { + "description": "Started indicates whether the container has finished its postStart lifecycle hook and passed its startup probe. Initialized as false, becomes true after startupProbe is considered successful. Resets to false when the container is restarted, or if kubelet loses state temporarily. In both cases, startup probes will run again. Is always true when no startupProbe is defined and container is running and has passed the postStart lifecycle hook. The null value must be treated the same as false.", + "type": "boolean" + }, + "state": { + "description": "State holds details about the container's current condition.", + "default": {}, + "$ref": "#/definitions/ContainerState.v1.core.api.k8s.io" + }, + "stopSignal": { + "description": "StopSignal reports the effective stop signal for this container\n\nPossible enum values:\n - `\"SIGABRT\"`\n - `\"SIGALRM\"`\n - `\"SIGBUS\"`\n - `\"SIGCHLD\"`\n - `\"SIGCLD\"`\n - `\"SIGCONT\"`\n - `\"SIGFPE\"`\n - `\"SIGHUP\"`\n - `\"SIGILL\"`\n - `\"SIGINT\"`\n - `\"SIGIO\"`\n - `\"SIGIOT\"`\n - `\"SIGKILL\"`\n - `\"SIGPIPE\"`\n - `\"SIGPOLL\"`\n - `\"SIGPROF\"`\n - `\"SIGPWR\"`\n - `\"SIGQUIT\"`\n - `\"SIGRTMAX\"`\n - `\"SIGRTMAX-1\"`\n - `\"SIGRTMAX-10\"`\n - `\"SIGRTMAX-11\"`\n - `\"SIGRTMAX-12\"`\n - `\"SIGRTMAX-13\"`\n - `\"SIGRTMAX-14\"`\n - `\"SIGRTMAX-2\"`\n - `\"SIGRTMAX-3\"`\n - `\"SIGRTMAX-4\"`\n - `\"SIGRTMAX-5\"`\n - `\"SIGRTMAX-6\"`\n - `\"SIGRTMAX-7\"`\n - `\"SIGRTMAX-8\"`\n - `\"SIGRTMAX-9\"`\n - `\"SIGRTMIN\"`\n - `\"SIGRTMIN+1\"`\n - `\"SIGRTMIN+10\"`\n - `\"SIGRTMIN+11\"`\n - `\"SIGRTMIN+12\"`\n - `\"SIGRTMIN+13\"`\n - `\"SIGRTMIN+14\"`\n - `\"SIGRTMIN+15\"`\n - `\"SIGRTMIN+2\"`\n - `\"SIGRTMIN+3\"`\n - `\"SIGRTMIN+4\"`\n - `\"SIGRTMIN+5\"`\n - `\"SIGRTMIN+6\"`\n - `\"SIGRTMIN+7\"`\n - `\"SIGRTMIN+8\"`\n - `\"SIGRTMIN+9\"`\n - `\"SIGSEGV\"`\n - `\"SIGSTKFLT\"`\n - `\"SIGSTOP\"`\n - `\"SIGSYS\"`\n - `\"SIGTERM\"`\n - `\"SIGTRAP\"`\n - `\"SIGTSTP\"`\n - `\"SIGTTIN\"`\n - `\"SIGTTOU\"`\n - `\"SIGURG\"`\n - `\"SIGUSR1\"`\n - `\"SIGUSR2\"`\n - `\"SIGVTALRM\"`\n - `\"SIGWINCH\"`\n - `\"SIGXCPU\"`\n - `\"SIGXFSZ\"`", "type": "string", - "default": "" + "enum": [ + "SIGABRT", + "SIGALRM", + "SIGBUS", + "SIGCHLD", + "SIGCLD", + "SIGCONT", + "SIGFPE", + "SIGHUP", + "SIGILL", + "SIGINT", + "SIGIO", + "SIGIOT", + "SIGKILL", + "SIGPIPE", + "SIGPOLL", + "SIGPROF", + "SIGPWR", + "SIGQUIT", + "SIGRTMAX", + "SIGRTMAX-1", + "SIGRTMAX-10", + "SIGRTMAX-11", + "SIGRTMAX-12", + "SIGRTMAX-13", + "SIGRTMAX-14", + "SIGRTMAX-2", + "SIGRTMAX-3", + "SIGRTMAX-4", + "SIGRTMAX-5", + "SIGRTMAX-6", + "SIGRTMAX-7", + "SIGRTMAX-8", + "SIGRTMAX-9", + "SIGRTMIN", + "SIGRTMIN+1", + "SIGRTMIN+10", + "SIGRTMIN+11", + "SIGRTMIN+12", + "SIGRTMIN+13", + "SIGRTMIN+14", + "SIGRTMIN+15", + "SIGRTMIN+2", + "SIGRTMIN+3", + "SIGRTMIN+4", + "SIGRTMIN+5", + "SIGRTMIN+6", + "SIGRTMIN+7", + "SIGRTMIN+8", + "SIGRTMIN+9", + "SIGSEGV", + "SIGSTKFLT", + "SIGSTOP", + "SIGSYS", + "SIGTERM", + "SIGTRAP", + "SIGTSTP", + "SIGTTIN", + "SIGTTOU", + "SIGURG", + "SIGUSR1", + "SIGUSR2", + "SIGVTALRM", + "SIGWINCH", + "SIGXCPU", + "SIGXFSZ" + ] + }, + "user": { + "description": "User represents user identity information initially attached to the first process of the container", + "$ref": "#/definitions/ContainerUser.v1.core.api.k8s.io" + }, + "volumeMounts": { + "description": "Status of volume mounts.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/VolumeMountStatus.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "mountPath", + "x-kubernetes-patch-strategy": "merge" } } }, - "com.github.openshift.api.authorization.v1.LocalSubjectAccessReview": { - "description": "LocalSubjectAccessReview is an object for requesting information about whether a user or group can perform an action in a particular namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "ContainerUser.v1.core.api.k8s.io": { + "description": "ContainerUser represents user identity information", + "type": "object", + "properties": { + "linux": { + "description": "Linux holds user identity information initially attached to the first process of the containers in Linux. Note that the actual running identity can be changed if the process has enough privilege to do so.", + "$ref": "#/definitions/LinuxContainerUser.v1.core.api.k8s.io" + } + } + }, + "CreateOptions.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "CreateOptions may be provided when creating an API object.", "type": "object", - "required": [ - "namespace", - "verb", - "resourceAPIGroup", - "resourceAPIVersion", - "resource", - "resourceName", - "path", - "isNonResourceURL", - "user", - "groups", - "scopes" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "content": { - "description": "content is the actual content of the request for create and update", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - }, - "groups": { - "description": "groups is optional. Groups is the list of groups to which the User belongs.", + "dryRun": { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" }, - "isNonResourceURL": { - "description": "isNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hierarchy)", - "type": "boolean", - "default": false + "fieldManager": { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "type": "string" + }, + "fieldValidation": { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + } + } + }, + "DaemonEndpoint.v1.core.api.k8s.io": { + "description": "DaemonEndpoint contains information about a single Daemon endpoint.", + "type": "object", + "required": [ + "Port" + ], + "properties": { + "Port": { + "description": "Port number of the given endpoint.", + "type": "integer", + "format": "int32", + "default": 0 + } + } + }, + "DeleteOptions.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "DeleteOptions may be provided when deleting an API object.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "namespace": { - "description": "namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces", - "type": "string", - "default": "" + "dryRun": { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "path": { - "description": "path is the path of a non resource URL", - "type": "string", - "default": "" + "gracePeriodSeconds": { + "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", + "type": "integer", + "format": "int64" }, - "resource": { - "description": "resource is one of the existing resource types", - "type": "string", - "default": "" + "ignoreStoreReadErrorWithClusterBreakingPotential": { + "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", + "type": "boolean" }, - "resourceAPIGroup": { - "description": "Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "resourceAPIVersion": { - "description": "Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined", - "type": "string", - "default": "" + "orphanDependents": { + "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", + "type": "boolean" }, - "resourceName": { - "description": "resourceName is the name of the resource being requested for a \"get\" or deleted for a \"delete\"", - "type": "string", - "default": "" + "preconditions": { + "description": "Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be returned.", + "$ref": "#/definitions/Preconditions.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "scopes": { - "description": "scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\". Nil for a self-SAR, means \"use the scopes on this request\". Nil for a regular SAR, means the same as empty.", + "propagationPolicy": { + "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", + "type": "string" + } + } + }, + "DownwardAPIProjection.v1.core.api.k8s.io": { + "description": "Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode.", + "type": "object", + "properties": { + "items": { + "description": "Items is a list of DownwardAPIVolume file", "type": "array", "items": { - "type": "string", - "default": "" - } - }, - "user": { - "description": "user is optional. If both User and Groups are empty, the current authenticated user is used.", - "type": "string", - "default": "" - }, - "verb": { - "description": "verb is one of: get, list, watch, create, update, delete", - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/DownwardAPIVolumeFile.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.authorization.v1.NamedClusterRole": { - "description": "NamedClusterRole relates a name with a cluster role", + "DownwardAPIVolumeFile.v1.core.api.k8s.io": { + "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", "type": "object", "required": [ - "name", - "role" + "path" ], "properties": { - "name": { - "description": "name is the name of the cluster role", + "fieldRef": { + "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + "$ref": "#/definitions/ObjectFieldSelector.v1.core.api.k8s.io" + }, + "mode": { + "description": "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" + }, + "path": { + "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", "type": "string", "default": "" }, - "role": { - "description": "role is the cluster role being named", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.ClusterRole" + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", + "$ref": "#/definitions/ResourceFieldSelector.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.authorization.v1.NamedClusterRoleBinding": { - "description": "NamedClusterRoleBinding relates a name with a cluster role binding", + "DownwardAPIVolumeSource.v1.core.api.k8s.io": { + "description": "DownwardAPIVolumeSource represents a volume containing downward API info. Downward API volumes support ownership management and SELinux relabeling.", "type": "object", - "required": [ - "name", - "roleBinding" - ], "properties": { - "name": { - "description": "name is the name of the cluster role binding", - "type": "string", - "default": "" + "defaultMode": { + "description": "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" }, - "roleBinding": { - "description": "roleBinding is the cluster role binding being named", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.ClusterRoleBinding" + "items": { + "description": "Items is a list of downward API volume file", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/DownwardAPIVolumeFile.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.authorization.v1.NamedRole": { - "description": "NamedRole relates a Role with a name", + "Duration.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "Duration is a wrapper around time.Duration which supports correct marshaling to YAML and JSON. In particular, it marshals into strings, which can be used as map keys in json.", + "type": "string" + }, + "EmptyDirVolumeSource.v1.core.api.k8s.io": { + "description": "Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling.", "type": "object", - "required": [ - "name", - "role" - ], "properties": { - "name": { - "description": "name is the name of the role", - "type": "string", - "default": "" + "medium": { + "description": "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "type": "string" }, - "role": { - "description": "role is the role being named", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.Role" + "sizeLimit": { + "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.authorization.v1.NamedRoleBinding": { - "description": "NamedRoleBinding relates a role binding with a name", + "EndpointAddress.v1.core.api.k8s.io": { + "description": "EndpointAddress is a tuple that describes single IP address. Deprecated: This API is deprecated in v1.33+.", "type": "object", "required": [ - "name", - "roleBinding" + "ip" ], "properties": { - "name": { - "description": "name is the name of the role binding", + "hostname": { + "description": "The Hostname of this endpoint", + "type": "string" + }, + "ip": { + "description": "The IP of this endpoint. May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10), or link-local multicast (224.0.0.0/24 or ff02::/16).", "type": "string", "default": "" }, - "roleBinding": { - "description": "roleBinding is the role binding being named", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.RoleBinding" + "nodeName": { + "description": "Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node.", + "type": "string" + }, + "targetRef": { + "description": "Reference to object providing the endpoint.", + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.authorization.v1.PolicyRule": { - "description": "PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.", + "EndpointPort.v1.core.api.k8s.io": { + "description": "EndpointPort is a tuple that describes a single port. Deprecated: This API is deprecated in v1.33+.", "type": "object", "required": [ - "verbs", - "resources" + "port" ], "properties": { - "apiGroups": { - "description": "apiGroups is the name of the APIGroup that contains the resources. If this field is empty, then both kubernetes and origin API groups are assumed. That means that if an action is requested against one of the enumerated resources in either the kubernetes or the origin API group, the request will be allowed", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "appProtocol": { + "description": "The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.", + "type": "string" }, - "attributeRestrictions": { - "description": "attributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder pair supports. If the Authorizer does not recognize how to handle the AttributeRestrictions, the Authorizer should report an error.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "name": { + "description": "The name of this port. This must match the 'name' field in the corresponding ServicePort. Must be a DNS_LABEL. Optional only if one port is defined.", + "type": "string" }, - "nonResourceURLs": { - "description": "NonResourceURLsSlice is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path This name is intentionally different than the internal type so that the DefaultConvert works nicely and because the ordering may be different.", + "port": { + "description": "The port number of the endpoint.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "protocol": { + "description": "The IP protocol for this port. Must be UDP, TCP, or SCTP. Default is TCP.\n\nPossible enum values:\n - `\"SCTP\"` is the SCTP protocol.\n - `\"TCP\"` is the TCP protocol.\n - `\"UDP\"` is the UDP protocol.", + "type": "string", + "enum": [ + "SCTP", + "TCP", + "UDP" + ] + } + }, + "x-kubernetes-map-type": "atomic" + }, + "EndpointSubset.v1.core.api.k8s.io": { + "description": "EndpointSubset is a group of addresses with a common set of ports. The expanded set of endpoints is the Cartesian product of Addresses x Ports. For example, given:\n\n\t{\n\t Addresses: [{\"ip\": \"10.10.1.1\"}, {\"ip\": \"10.10.2.2\"}],\n\t Ports: [{\"name\": \"a\", \"port\": 8675}, {\"name\": \"b\", \"port\": 309}]\n\t}\n\nThe resulting set of endpoints can be viewed as:\n\n\ta: [ 10.10.1.1:8675, 10.10.2.2:8675 ],\n\tb: [ 10.10.1.1:309, 10.10.2.2:309 ]\n\nDeprecated: This API is deprecated in v1.33+.", + "type": "object", + "properties": { + "addresses": { + "description": "IP addresses which offer the related ports that are marked as ready. These endpoints should be considered safe for load balancers and clients to utilize.", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/EndpointAddress.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "resourceNames": { - "description": "resourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.", + "notReadyAddresses": { + "description": "IP addresses which offer the related ports but are not currently marked as ready because they have not yet finished starting, have recently failed a readiness check, or have recently failed a liveness check.", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/EndpointAddress.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "resources": { - "description": "resources is a list of resources this rule applies to. ResourceAll represents all resources.", + "ports": { + "description": "Port numbers available on the related IP addresses.", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/EndpointPort.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "Endpoints.v1.core.api.k8s.io": { + "description": "Endpoints is a collection of endpoints that implement the actual service. Example:\n\n\t Name: \"mysvc\",\n\t Subsets: [\n\t {\n\t Addresses: [{\"ip\": \"10.10.1.1\"}, {\"ip\": \"10.10.2.2\"}],\n\t Ports: [{\"name\": \"a\", \"port\": 8675}, {\"name\": \"b\", \"port\": 309}]\n\t },\n\t {\n\t Addresses: [{\"ip\": \"10.10.3.3\"}],\n\t Ports: [{\"name\": \"a\", \"port\": 93}, {\"name\": \"b\", \"port\": 76}]\n\t },\n\t]\n\nEndpoints is a legacy API and does not contain information about all Service features. Use discoveryv1.EndpointSlice for complete information about Service endpoints.\n\nDeprecated: This API is deprecated in v1.33+. Use discoveryv1.EndpointSlice.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "verbs": { - "description": "verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "subsets": { + "description": "The set of all endpoints is the union of all subsets. Addresses are placed into subsets according to the IPs they share. A single address with multiple ports, some of which are ready and some of which are not (because they come from different containers) will result in the address being displayed in different subsets for the different ports. No address will appear in both Addresses and NotReadyAddresses in the same subset. Sets of addresses and ports that comprise a service.", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/EndpointSubset.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.authorization.v1.ResourceAccessReview": { - "description": "ResourceAccessReview is a means to request a list of which users and groups are authorized to perform the action specified by spec\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "EndpointsList.v1.core.api.k8s.io": { + "description": "EndpointsList is a list of endpoints. Deprecated: This API is deprecated in v1.33+.", "type": "object", "required": [ - "namespace", - "verb", - "resourceAPIGroup", - "resourceAPIVersion", - "resource", - "resourceName", - "path", - "isNonResourceURL" + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "content": { - "description": "content is the actual content of the request for create and update", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - }, - "isNonResourceURL": { - "description": "isNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hierarchy)", - "type": "boolean", - "default": false + "items": { + "description": "List of endpoints.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Endpoints.v1.core.api.k8s.io" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "namespace": { - "description": "namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces", - "type": "string", - "default": "" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "EnvFromSource.v1.core.api.k8s.io": { + "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", + "type": "object", + "properties": { + "configMapRef": { + "description": "The ConfigMap to select from", + "$ref": "#/definitions/ConfigMapEnvSource.v1.core.api.k8s.io" }, - "path": { - "description": "path is the path of a non resource URL", - "type": "string", - "default": "" - }, - "resource": { - "description": "resource is one of the existing resource types", - "type": "string", - "default": "" - }, - "resourceAPIGroup": { - "description": "Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined", - "type": "string", - "default": "" - }, - "resourceAPIVersion": { - "description": "Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined", - "type": "string", - "default": "" - }, - "resourceName": { - "description": "resourceName is the name of the resource being requested for a \"get\" or deleted for a \"delete\"", - "type": "string", - "default": "" + "prefix": { + "description": "Optional text to prepend to the name of each environment variable. May consist of any printable ASCII characters except '='.", + "type": "string" }, - "verb": { - "description": "verb is one of: get, list, watch, create, update, delete", - "type": "string", - "default": "" + "secretRef": { + "description": "The Secret to select from", + "$ref": "#/definitions/SecretEnvSource.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.authorization.v1.ResourceAccessReviewResponse": { - "description": "ResourceAccessReviewResponse describes who can perform the action\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "EnvVar.v1.core.api.k8s.io": { + "description": "EnvVar represents an environment variable present in a Container.", "type": "object", "required": [ - "users", - "groups", - "evalutionError" + "name" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "evalutionError": { - "description": "EvaluationError is an indication that some error occurred during resolution, but partial results can still be returned. It is entirely possible to get an error and be able to continue determine authorization status in spite of it. This is most common when a bound role is missing, but enough roles are still present and bound to reason about the request.", + "name": { + "description": "Name of the environment variable. May consist of any printable ASCII characters except '='.", "type": "string", "default": "" }, - "groups": { - "description": "GroupsSlice is the list of groups who can perform the action", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "namespace": { - "description": "namespace is the namespace used for the access review", + "value": { + "description": "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".", "type": "string" }, - "users": { - "description": "UsersSlice is the list of users who can perform the action", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "valueFrom": { + "description": "Source for the environment variable's value. Cannot be used if value is not empty.", + "$ref": "#/definitions/EnvVarSource.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.authorization.v1.Role": { - "description": "Role is a logical grouping of PolicyRules that can be referenced as a unit by RoleBindings.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "EnvVarSource.v1.core.api.k8s.io": { + "description": "EnvVarSource represents a source for the value of an EnvVar.", "type": "object", - "required": [ - "rules" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "configMapKeyRef": { + "description": "Selects a key of a ConfigMap.", + "$ref": "#/definitions/ConfigMapKeySelector.v1.core.api.k8s.io" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "fieldRef": { + "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", + "$ref": "#/definitions/ObjectFieldSelector.v1.core.api.k8s.io" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "fileKeyRef": { + "description": "FileKeyRef selects a key of the env file. Requires the EnvFiles feature gate to be enabled.", + "$ref": "#/definitions/FileKeySelector.v1.core.api.k8s.io" }, - "rules": { - "description": "rules holds all the PolicyRules for this Role", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.PolicyRule" - } + "resourceFieldRef": { + "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", + "$ref": "#/definitions/ResourceFieldSelector.v1.core.api.k8s.io" + }, + "secretKeyRef": { + "description": "Selects a key of a secret in the pod's namespace", + "$ref": "#/definitions/SecretKeySelector.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.authorization.v1.RoleBinding": { - "description": "RoleBinding references a Role, but not contain it. It can reference any Role in the same namespace or in the global namespace. It adds who information via (Users and Groups) OR Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace (excepting the master namespace which has power in all namespaces).\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "EphemeralContainer.v1.core.api.k8s.io": { + "description": "An EphemeralContainer is a temporary container that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a Pod is removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the Pod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod. Ephemeral containers may not be removed or restarted.", "type": "object", "required": [ - "subjects", - "roleRef" + "name" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "groupNames": { - "description": "groupNames holds all the groups directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.", + "args": { + "description": "Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "type": "array", "items": { "type": "string", "default": "" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "roleRef": { - "description": "roleRef can only reference the current namespace and the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. Since Policy is a singleton, this is sufficient knowledge to locate a role.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + }, + "x-kubernetes-list-type": "atomic" }, - "subjects": { - "description": "subjects hold object references to authorize with this rule. This field is ignored if UserNames or GroupNames are specified to support legacy clients and servers. Thus newer clients that do not need to support backwards compatibility should send only fully qualified Subjects and should omit the UserNames and GroupNames fields. Clients that need to support backwards compatibility can use this field to build the UserNames and GroupNames.", + "command": { + "description": "Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" - } + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "userNames": { - "description": "userNames holds all the usernames directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.", + "env": { + "description": "List of environment variables to set in the container. Cannot be updated.", "type": "array", "items": { - "type": "string", - "default": "" - } - } - } - }, - "com.github.openshift.api.authorization.v1.RoleBindingList": { - "description": "RoleBindingList is a collection of RoleBindings\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "items" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "default": {}, + "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" }, - "items": { - "description": "items is a list of RoleBindings", + "envFrom": { + "description": "List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.RoleBinding" - } + "$ref": "#/definitions/EnvFromSource.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "image": { + "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.authorization.v1.RoleBindingRestriction": { - "description": "RoleBindingRestriction is an object that can be matched against a subject (user, group, or service account) to determine whether rolebindings on that subject are allowed in the namespace to which the RoleBindingRestriction belongs. If any one of those RoleBindingRestriction objects matches a subject, rolebindings on that subject in the namespace are allowed.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "metadata", - "spec" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "imagePullPolicy": { + "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images\n\nPossible enum values:\n - `\"Always\"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.\n - `\"IfNotPresent\"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.\n - `\"Never\"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present", + "type": "string", + "enum": [ + "Always", + "IfNotPresent", + "Never" + ] }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "lifecycle": { + "description": "Lifecycle is not allowed for ephemeral containers.", + "$ref": "#/definitions/Lifecycle.v1.core.api.k8s.io" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "livenessProbe": { + "description": "Probes are not allowed for ephemeral containers.", + "$ref": "#/definitions/Probe.v1.core.api.k8s.io" }, - "spec": { - "description": "spec defines the matcher.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.RoleBindingRestrictionSpec" - } - } - }, - "com.github.openshift.api.authorization.v1.RoleBindingRestrictionList": { - "description": "RoleBindingRestrictionList is a collection of RoleBindingRestriction objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "items" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "name": { + "description": "Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.", + "type": "string", + "default": "" }, - "items": { - "description": "items is a list of RoleBindingRestriction objects.", + "ports": { + "description": "Ports are not allowed for ephemeral containers.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.RoleBindingRestriction" - } + "$ref": "#/definitions/ContainerPort.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "containerPort", + "x-kubernetes-patch-strategy": "merge" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "readinessProbe": { + "description": "Probes are not allowed for ephemeral containers.", + "$ref": "#/definitions/Probe.v1.core.api.k8s.io" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.authorization.v1.RoleBindingRestrictionSpec": { - "description": "RoleBindingRestrictionSpec defines a rolebinding restriction. Exactly one field must be non-nil.", - "type": "object", - "required": [ - "userrestriction", - "grouprestriction", - "serviceaccountrestriction" - ], - "properties": { - "grouprestriction": { - "description": "grouprestriction matches against group subjects.", - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.GroupRestriction" + "resizePolicy": { + "description": "Resources resize policy for the container.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/ContainerResizePolicy.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "serviceaccountrestriction": { - "description": "serviceaccountrestriction matches against service-account subjects.", - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.ServiceAccountRestriction" + "resources": { + "description": "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.", + "default": {}, + "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" }, - "userrestriction": { - "description": "userrestriction matches against user subjects.", - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.UserRestriction" - } - } - }, - "com.github.openshift.api.authorization.v1.RoleList": { - "description": "RoleList is a collection of Roles\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "items" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "restartPolicy": { + "description": "Restart policy for the container to manage the restart behavior of each container within a pod. You cannot set this field on ephemeral containers.", "type": "string" }, - "items": { - "description": "items is a list of Roles", + "restartPolicyRules": { + "description": "Represents a list of rules to be checked to determine if the container should be restarted on exit. You cannot set this field on ephemeral containers.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.Role" - } + "$ref": "#/definitions/ContainerRestartRule.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "securityContext": { + "description": "Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.", + "$ref": "#/definitions/SecurityContext.v1.core.api.k8s.io" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.authorization.v1.SelfSubjectRulesReview": { - "description": "SelfSubjectRulesReview is a resource you can create to determine which actions you can perform in a namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "spec" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "startupProbe": { + "description": "Probes are not allowed for ephemeral containers.", + "$ref": "#/definitions/Probe.v1.core.api.k8s.io" + }, + "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", + "type": "boolean" + }, + "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", + "type": "boolean" + }, + "targetContainerName": { + "description": "If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not support namespace targeting then the result of setting this field is undefined.", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.\n\nPossible enum values:\n - `\"FallbackToLogsOnError\"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.\n - `\"File\"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.", + "type": "string", + "enum": [ + "FallbackToLogsOnError", + "File" + ] }, - "spec": { - "description": "spec adds information about how to conduct the check", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.SelfSubjectRulesReviewSpec" + "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", + "type": "boolean" }, - "status": { - "description": "status is completed by the server to tell which permissions you have", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.SubjectRulesReviewStatus" + "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/VolumeDevice.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "devicePath", + "x-kubernetes-patch-strategy": "merge" + }, + "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/VolumeMount.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "mountPath", + "x-kubernetes-patch-strategy": "merge" + }, + "workingDir": { + "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", + "type": "string" } } }, - "com.github.openshift.api.authorization.v1.SelfSubjectRulesReviewSpec": { - "description": "SelfSubjectRulesReviewSpec adds information about how to conduct the check", + "EphemeralContainerCommon.v1.core.api.k8s.io": { + "description": "EphemeralContainerCommon is a copy of all fields in Container to be inlined in EphemeralContainer. This separate type allows easy conversion from EphemeralContainer to Container and allows separate documentation for the fields of EphemeralContainer. When a new field is added to Container it must be added here as well.", "type": "object", "required": [ - "scopes" + "name" ], "properties": { - "scopes": { - "description": "scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\". Nil means \"use the scopes on this request\".", + "args": { + "description": "Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "type": "array", "items": { "type": "string", "default": "" - } - } - } - }, - "com.github.openshift.api.authorization.v1.ServiceAccountReference": { - "description": "ServiceAccountReference specifies a service account and namespace by their names.", - "type": "object", - "required": [ - "name", - "namespace" - ], - "properties": { - "name": { - "description": "name is the name of the service account.", - "type": "string", - "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "namespace": { - "description": "namespace is the namespace of the service account. Service accounts from inside the whitelisted namespaces are allowed to be bound to roles. If Namespace is empty, then the namespace of the RoleBindingRestriction in which the ServiceAccountReference is embedded is used.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.authorization.v1.ServiceAccountRestriction": { - "description": "ServiceAccountRestriction matches a service account by a string match on either the service-account name or the name of the service account's namespace.", - "type": "object", - "required": [ - "serviceaccounts", - "namespaces" - ], - "properties": { - "namespaces": { - "description": "namespaces specifies a list of literal namespace names.", + "command": { + "description": "Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" }, - "serviceaccounts": { - "description": "serviceaccounts specifies a list of literal service-account names.", + "env": { + "description": "List of environment variables to set in the container. Cannot be updated.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.ServiceAccountReference" - } - } - } - }, - "com.github.openshift.api.authorization.v1.SubjectAccessReview": { - "description": "SubjectAccessReview is an object for requesting information about whether a user or group can perform an action\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "namespace", - "verb", - "resourceAPIGroup", - "resourceAPIVersion", - "resource", - "resourceName", - "path", - "isNonResourceURL", - "user", - "groups", - "scopes" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "content": { - "description": "content is the actual content of the request for create and update", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" }, - "groups": { - "description": "GroupsSlice is optional. Groups is the list of groups to which the User belongs.", + "envFrom": { + "description": "List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", "type": "array", "items": { - "type": "string", - "default": "" - } - }, - "isNonResourceURL": { - "description": "isNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hierarchy)", - "type": "boolean", - "default": false + "default": {}, + "$ref": "#/definitions/EnvFromSource.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "image": { + "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "namespace": { - "description": "namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces", + "imagePullPolicy": { + "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images\n\nPossible enum values:\n - `\"Always\"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.\n - `\"IfNotPresent\"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.\n - `\"Never\"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present", "type": "string", - "default": "" + "enum": [ + "Always", + "IfNotPresent", + "Never" + ] }, - "path": { - "description": "path is the path of a non resource URL", - "type": "string", - "default": "" + "lifecycle": { + "description": "Lifecycle is not allowed for ephemeral containers.", + "$ref": "#/definitions/Lifecycle.v1.core.api.k8s.io" }, - "resource": { - "description": "resource is one of the existing resource types", - "type": "string", - "default": "" + "livenessProbe": { + "description": "Probes are not allowed for ephemeral containers.", + "$ref": "#/definitions/Probe.v1.core.api.k8s.io" }, - "resourceAPIGroup": { - "description": "Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined", + "name": { + "description": "Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.", "type": "string", "default": "" }, - "resourceAPIVersion": { - "description": "Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined", - "type": "string", - "default": "" + "ports": { + "description": "Ports are not allowed for ephemeral containers.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/ContainerPort.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "containerPort", + "protocol" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "containerPort", + "x-kubernetes-patch-strategy": "merge" }, - "resourceName": { - "description": "resourceName is the name of the resource being requested for a \"get\" or deleted for a \"delete\"", - "type": "string", - "default": "" + "readinessProbe": { + "description": "Probes are not allowed for ephemeral containers.", + "$ref": "#/definitions/Probe.v1.core.api.k8s.io" }, - "scopes": { - "description": "scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\". Nil for a self-SAR, means \"use the scopes on this request\". Nil for a regular SAR, means the same as empty.", + "resizePolicy": { + "description": "Resources resize policy for the container.", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/ContainerResizePolicy.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "user": { - "description": "user is optional. If both User and Groups are empty, the current authenticated user is used.", - "type": "string", - "default": "" + "resources": { + "description": "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.", + "default": {}, + "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" }, - "verb": { - "description": "verb is one of: get, list, watch, create, update, delete", + "restartPolicy": { + "description": "Restart policy for the container to manage the restart behavior of each container within a pod. You cannot set this field on ephemeral containers.", + "type": "string" + }, + "restartPolicyRules": { + "description": "Represents a list of rules to be checked to determine if the container should be restarted on exit. You cannot set this field on ephemeral containers.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/ContainerRestartRule.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" + }, + "securityContext": { + "description": "Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.", + "$ref": "#/definitions/SecurityContext.v1.core.api.k8s.io" + }, + "startupProbe": { + "description": "Probes are not allowed for ephemeral containers.", + "$ref": "#/definitions/Probe.v1.core.api.k8s.io" + }, + "stdin": { + "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", + "type": "boolean" + }, + "stdinOnce": { + "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", + "type": "boolean" + }, + "terminationMessagePath": { + "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", + "type": "string" + }, + "terminationMessagePolicy": { + "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.\n\nPossible enum values:\n - `\"FallbackToLogsOnError\"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.\n - `\"File\"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.", "type": "string", - "default": "" + "enum": [ + "FallbackToLogsOnError", + "File" + ] + }, + "tty": { + "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", + "type": "boolean" + }, + "volumeDevices": { + "description": "volumeDevices is the list of block devices to be used by the container.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/VolumeDevice.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "devicePath" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "devicePath", + "x-kubernetes-patch-strategy": "merge" + }, + "volumeMounts": { + "description": "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/VolumeMount.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "mountPath" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "mountPath", + "x-kubernetes-patch-strategy": "merge" + }, + "workingDir": { + "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", + "type": "string" } } }, - "com.github.openshift.api.authorization.v1.SubjectAccessReviewResponse": { - "description": "SubjectAccessReviewResponse describes whether or not a user or group can perform an action\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "EphemeralVolumeSource.v1.core.api.k8s.io": { + "description": "Represents an ephemeral volume that is handled by a normal storage driver.", + "type": "object", + "properties": { + "volumeClaimTemplate": { + "description": "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes to the PVC after it has been created.\n\nRequired, must not be nil.", + "$ref": "#/definitions/PersistentVolumeClaimTemplate.v1.core.api.k8s.io" + } + } + }, + "Event.v1.core.api.k8s.io": { + "description": "Event is a report of an event somewhere in the cluster. Events have a limited retention time and triggers and messages may evolve with time. Event consumers should not rely on the timing of an event with a given Reason reflecting a consistent underlying trigger, or the continued existence of events with that Reason. Events should be treated as informative, best-effort, supplemental data.", "type": "object", "required": [ - "allowed" + "metadata", + "involvedObject" ], "properties": { - "allowed": { - "description": "allowed is required. True if the action would be allowed, false otherwise.", - "type": "boolean", - "default": false + "action": { + "description": "What action was taken/failed regarding to the Regarding object.", + "type": "string" }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "evaluationError": { - "description": "evaluationError is an indication that some error occurred during the authorization check. It is entirely possible to get an error and be able to continue determine authorization status in spite of it. This is most common when a bound role is missing, but enough roles are still present and bound to reason about the request.", - "type": "string" + "count": { + "description": "The number of times this event has occurred.", + "type": "integer", + "format": "int32" + }, + "eventTime": { + "description": "Time when this Event was first observed.", + "$ref": "#/definitions/MicroTime.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "firstTimestamp": { + "description": "The time at which the event was first recorded. (Time of server receipt is in TypeMeta.)", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "involvedObject": { + "description": "The object that this event is about.", + "default": {}, + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "namespace": { - "description": "namespace is the namespace used for the access review", + "lastTimestamp": { + "description": "The time at which the most recent occurrence of this event was recorded.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "message": { + "description": "A human-readable description of the status of this operation.", "type": "string" }, + "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, "reason": { - "description": "reason is optional. It indicates why a request was allowed or denied.", + "description": "This should be a short, machine understandable string that gives the reason for the transition into the object's current status.", + "type": "string" + }, + "related": { + "description": "Optional secondary object for more complex actions.", + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + }, + "reportingComponent": { + "description": "Name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`.", + "type": "string", + "default": "" + }, + "reportingInstance": { + "description": "ID of the controller instance, e.g. `kubelet-xyzf`.", + "type": "string", + "default": "" + }, + "series": { + "description": "Data about the Event series this event represents or nil if it's a singleton Event.", + "$ref": "#/definitions/EventSeries.v1.core.api.k8s.io" + }, + "source": { + "description": "The component reporting this event. Should be a short machine understandable string.", + "default": {}, + "$ref": "#/definitions/EventSource.v1.core.api.k8s.io" + }, + "type": { + "description": "Type of this event (Normal, Warning), new types could be added in the future", "type": "string" } } }, - "com.github.openshift.api.authorization.v1.SubjectRulesReview": { - "description": "SubjectRulesReview is a resource you can create to determine which actions another user can perform in a namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "EventList.v1.core.api.k8s.io": { + "description": "EventList is a list of events.", "type": "object", "required": [ - "spec" + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "description": "List of events", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Event.v1.core.api.k8s.io" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "EventSeries.v1.core.api.k8s.io": { + "description": "EventSeries contain information on series of events, i.e. thing that was/is happening continuously for some time.", + "type": "object", + "properties": { + "count": { + "description": "Number of occurrences in this series up to the last heartbeat time", + "type": "integer", + "format": "int32" }, - "spec": { - "description": "spec adds information about how to conduct the check", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.SubjectRulesReviewSpec" + "lastObservedTime": { + "description": "Time of the last occurrence observed", + "$ref": "#/definitions/MicroTime.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "EventSource.v1.core.api.k8s.io": { + "description": "EventSource contains information for an event.", + "type": "object", + "properties": { + "component": { + "description": "Component from which the event is generated.", + "type": "string" }, - "status": { - "description": "status is completed by the server to tell which permissions you have", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.SubjectRulesReviewStatus" + "host": { + "description": "Node name on which the event is generated.", + "type": "string" } } }, - "com.github.openshift.api.authorization.v1.SubjectRulesReviewSpec": { - "description": "SubjectRulesReviewSpec adds information about how to conduct the check", + "ExecAction.v1.core.api.k8s.io": { + "description": "ExecAction describes a \"run in container\" action.", + "type": "object", + "properties": { + "command": { + "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "ExpressionWarning.v1.admissionregistration.api.k8s.io": { + "description": "ExpressionWarning is a warning information that targets a specific expression.", "type": "object", "required": [ - "user", - "groups", - "scopes" + "fieldRef", + "warning" ], "properties": { - "groups": { - "description": "groups is optional. Groups is the list of groups to which the User belongs. At least one of User and Groups must be specified.", + "fieldRef": { + "description": "The path to the field that refers the expression. For example, the reference to the expression of the first item of validations is \"spec.validations[0].expression\"", + "type": "string", + "default": "" + }, + "warning": { + "description": "The content of type checking information in a human-readable form. Each line of the warning contains the type that the expression is checked against, followed by the type check error from the compiler.", + "type": "string", + "default": "" + } + } + }, + "FCVolumeSource.v1.core.api.k8s.io": { + "description": "Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.", + "type": "object", + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "lun": { + "description": "lun is Optional: FC target lun number", + "type": "integer", + "format": "int32" + }, + "readOnly": { + "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "targetWWNs": { + "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" }, - "scopes": { - "description": "scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\".", + "wwids": { + "description": "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", "type": "array", "items": { "type": "string", "default": "" - } - }, - "user": { - "description": "user is optional. At least one of User and Groups must be specified.", - "type": "string", - "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.authorization.v1.SubjectRulesReviewStatus": { - "description": "SubjectRulesReviewStatus is contains the result of a rules check", + "FieldSelectorAttributes.v1.authorization.api.k8s.io": { + "description": "FieldSelectorAttributes indicates a field limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.", "type": "object", "properties": { - "evaluationError": { - "description": "evaluationError can appear in combination with Rules. It means some error happened during evaluation that may have prevented additional rules from being populated.", + "rawSelector": { + "description": "rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.", "type": "string" }, - "rules": { - "description": "rules is the list of rules (no particular sort) that are allowed for the subject", + "requirements": { + "description": "requirements is the parsed interpretation of a field selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.authorization.v1.PolicyRule" - } + "$ref": "#/definitions/FieldSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.authorization.v1.UserRestriction": { - "description": "UserRestriction matches a user either by a string match on the user name, a string match on the name of a group to which the user belongs, or a label selector applied to the user labels.", + "FieldSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "FieldSelectorRequirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ - "users", - "groups", - "labels" + "key", + "operator" ], "properties": { - "groups": { - "description": "groups specifies a list of literal group names.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "key": { + "description": "key is the field selector key that the requirement applies to.", + "type": "string", + "default": "" }, - "labels": { - "description": "Selectors specifies a list of label selectors over user labels.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" - } + "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. The list of operators may grow in the future.", + "type": "string", + "default": "" }, - "users": { - "description": "users specifies a list of literal user names.", + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.build.v1.BinaryBuildRequestOptions": { - "description": "BinaryBuildRequestOptions are the options required to fully speficy a binary build request\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "FieldsV1.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format.\n\nEach key is either a '.' representing the field itself, and will always map to an empty set, or a string representing a sub-field or item. The string will follow one of these four formats: 'f:', where is the name of a field in a struct, or key in a map 'v:', where is the exact json formatted value of a list item 'i:', where is position of a item in a list 'k:', where is a map of a list item's key fields to their unique values If a key maps to an empty Fields value, the field that key represents is part of the set.\n\nThe exact format is defined in sigs.k8s.io/structured-merge-diff", + "type": "object" + }, + "FileKeySelector.v1.core.api.k8s.io": { + "description": "FileKeySelector selects a key of the env file.", "type": "object", + "required": [ + "volumeName", + "path", + "key" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "asFile": { - "description": "asFile determines if the binary should be created as a file within the source rather than extracted as an archive", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "key": { + "description": "The key within the env file. An invalid key will prevent the pod from starting. The keys defined within a source may consist of any printable ASCII characters except '='. During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.", + "type": "string", + "default": "" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "optional": { + "description": "Specify whether the file or its key must be defined. If the file or key does not exist, then the env var is not published. If optional is set to true and the specified key does not exist, the environment variable will not be set in the Pod's containers.\n\nIf optional is set to false and the specified key does not exist, an error will be returned during Pod creation.", + "type": "boolean", + "default": false }, - "revision.authorEmail": { - "description": "revision.authorEmail of the source control user", - "type": "string" + "path": { + "description": "The path within the volume from which to select the file. Must be relative and may not contain the '..' path or start with '..'.", + "type": "string", + "default": "" }, - "revision.authorName": { - "description": "revision.authorName of the source control user", - "type": "string" + "volumeName": { + "description": "The name of the volume mount containing the env file.", + "type": "string", + "default": "" + } + }, + "x-kubernetes-map-type": "atomic" + }, + "FlexPersistentVolumeSource.v1.core.api.k8s.io": { + "description": "FlexPersistentVolumeSource represents a generic persistent volume resource that is provisioned/attached using an exec based plugin.", + "type": "object", + "required": [ + "driver" + ], + "properties": { + "driver": { + "description": "driver is the name of the driver to use for this volume.", + "type": "string", + "default": "" }, - "revision.commit": { - "description": "revision.commit is the value identifying a specific commit", + "fsType": { + "description": "fsType is the Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", "type": "string" }, - "revision.committerEmail": { - "description": "revision.committerEmail of the source control user", - "type": "string" + "options": { + "description": "options is Optional: this field holds extra command options if any.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } }, - "revision.committerName": { - "description": "revision.committerName of the source control user", - "type": "string" + "readOnly": { + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" }, - "revision.message": { - "description": "revision.message is the description of a specific commit", - "type": "string" + "secretRef": { + "description": "secretRef is Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.", + "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.build.v1.BinaryBuildSource": { - "description": "BinaryBuildSource describes a binary file to be used for the Docker and Source build strategies, where the file will be extracted and used as the build source.", + "FlexVolumeSource.v1.core.api.k8s.io": { + "description": "FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.", "type": "object", + "required": [ + "driver" + ], "properties": { - "asFile": { - "description": "asFile indicates that the provided binary input should be considered a single file within the build input. For example, specifying \"webapp.war\" would place the provided binary as `/webapp.war` for the builder. If left empty, the Docker and Source build strategies assume this file is a zip, tar, or tar.gz file and extract it as the source. The custom strategy receives this binary as standard input. This filename may not contain slashes or be '..' or '.'.", + "driver": { + "description": "driver is the name of the driver to use for this volume.", + "type": "string", + "default": "" + }, + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", "type": "string" + }, + "options": { + "description": "options is Optional: this field holds extra command options if any.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "readOnly": { + "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.build.v1.BitbucketWebHookCause": { - "description": "BitbucketWebHookCause has information about a Bitbucket webhook that triggered a build.", + "FlockerVolumeSource.v1.core.api.k8s.io": { + "description": "Represents a Flocker volume mounted by the Flocker agent. One and only one of datasetName and datasetUUID should be set. Flocker volumes do not support ownership management or SELinux relabeling.", "type": "object", "properties": { - "revision": { - "description": "revision is the git source revision information of the trigger.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" + "datasetName": { + "description": "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated", + "type": "string" }, - "secret": { - "description": "secret is the obfuscated webhook secret that triggered a build.", + "datasetUUID": { + "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", "type": "string" } } }, - "com.github.openshift.api.build.v1.Build": { - "description": "Build encapsulates the inputs needed to produce a new deployable image, as well as the status of the execution and a reference to the Pod which executed the build.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "GCEPersistentDiskVolumeSource.v1.core.api.k8s.io": { + "description": "Represents a Persistent Disk resource in Google Compute Engine.\n\nA GCE PD must exist before mounting to a container. The disk must also be in the same GCE project and zone as the kubelet. A GCE PD can only be mounted as read/write once or read-only many times. GCE PDs support ownership management and SELinux relabeling.", "type": "object", + "required": [ + "pdName" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "fsType": { + "description": "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "partition": { + "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "integer", + "format": "int32" }, - "spec": { - "description": "spec is all the inputs used to execute the build.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildSpec" + "pdName": { + "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "string", + "default": "" }, - "status": { - "description": "status is the current status of the build.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildStatus" + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "type": "boolean" } } }, - "com.github.openshift.api.build.v1.BuildCondition": { - "description": "BuildCondition describes the state of a build at a certain point.", + "GRPCAction.v1.core.api.k8s.io": { + "description": "GRPCAction specifies an action involving a GRPC service.", "type": "object", "required": [ - "type", - "status" + "port" ], "properties": { - "lastTransitionTime": { - "description": "The last time the condition transitioned from one status to another.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "lastUpdateTime": { - "description": "The last time this condition was updated.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "message": { - "description": "A human readable message indicating details about the transition.", - "type": "string" - }, - "reason": { - "description": "The reason for the condition's last transition.", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "type": "string", - "default": "" + "port": { + "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", + "type": "integer", + "format": "int32", + "default": 0 }, - "type": { - "description": "type of build condition.", + "service": { + "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string", "default": "" } } }, - "com.github.openshift.api.build.v1.BuildConfig": { - "description": "Build configurations define a build process for new container images. There are three types of builds possible - a container image build using a Dockerfile, a Source-to-Image build that uses a specially prepared base image that accepts source code that it can make runnable, and a custom build that can run // arbitrary container images as a base and accept the build parameters. Builds run on the cluster and on completion are pushed to the container image registry specified in the \"output\" section. A build can be triggered via a webhook, when the base image changes, or when a user manually requests a new build be // created.\n\nEach build created by a build configuration is numbered and refers back to its parent configuration. Multiple builds can be triggered at once. Builds that do not have \"output\" set can be used to test code or run a verification build.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "GetOptions.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "GetOptions is the standard query options to the standard REST get call.", "type": "object", - "required": [ - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -2617,1462 +3074,1259 @@ "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec holds all the input necessary to produce a new build, and the conditions when to trigger them.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildConfigSpec" - }, - "status": { - "description": "status holds any relevant information about a build config", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildConfigStatus" + "resourceVersion": { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "type": "string" } } }, - "com.github.openshift.api.build.v1.BuildConfigList": { - "description": "BuildConfigList is a collection of BuildConfigs.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "GitRepoVolumeSource.v1.core.api.k8s.io": { + "description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.\n\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", "type": "object", "required": [ - "items" + "repository" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "directory": { + "description": "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.", "type": "string" }, - "items": { - "description": "items is a list of build configs", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildConfig" - } + "repository": { + "description": "repository is the URL", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "revision": { + "description": "revision is the commit hash for the specified revision.", "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.build.v1.BuildConfigSpec": { - "description": "BuildConfigSpec describes when and how builds are created", + "GlusterfsPersistentVolumeSource.v1.core.api.k8s.io": { + "description": "Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.", "type": "object", "required": [ - "strategy" + "endpoints", + "path" ], "properties": { - "completionDeadlineSeconds": { - "description": "completionDeadlineSeconds is an optional duration in seconds, counted from the time when a build pod gets scheduled in the system, that the build may be active on a node before the system actively tries to terminate the build; value must be positive integer", - "type": "integer", - "format": "int64" - }, - "failedBuildsHistoryLimit": { - "description": "failedBuildsHistoryLimit is the number of old failed builds to retain. When a BuildConfig is created, the 5 most recent failed builds are retained unless this value is set. If removed after the BuildConfig has been created, all failed builds are retained.", - "type": "integer", - "format": "int32" - }, - "mountTrustedCA": { - "description": "mountTrustedCA bind mounts the cluster's trusted certificate authorities, as defined in the cluster's proxy configuration, into the build. This lets processes within a build trust components signed by custom PKI certificate authorities, such as private artifact repositories and HTTPS proxies.\n\nWhen this field is set to true, the contents of `/etc/pki/ca-trust` within the build are managed by the build container, and any changes to this directory or its subdirectories (for example - within a Dockerfile `RUN` instruction) are not persisted in the build's output image.", - "type": "boolean" - }, - "nodeSelector": { - "description": "nodeSelector is a selector which must be true for the build pod to fit on a node If nil, it can be overridden by default build nodeselector values for the cluster. If set to an empty map or a map with any values, default build nodeselector values are ignored.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "output": { - "description": "output describes the container image the Strategy should produce.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildOutput" - }, - "postCommit": { - "description": "postCommit is a build hook executed after the build output image is committed, before it is pushed to a registry.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildPostCommitSpec" - }, - "resources": { - "description": "resources computes resource requirements to execute the build.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" - }, - "revision": { - "description": "revision is the information from the source for a specific repo snapshot. This is optional.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" - }, - "runPolicy": { - "description": "runPolicy describes how the new build created from this build configuration will be scheduled for execution. This is optional, if not specified we default to \"Serial\".", - "type": "string" + "endpoints": { + "description": "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string", + "default": "" }, - "serviceAccount": { - "description": "serviceAccount is the name of the ServiceAccount to use to run the pod created by this build. The pod will be allowed to use secrets referenced by the ServiceAccount", + "endpointsNamespace": { + "description": "endpointsNamespace is the namespace that contains Glusterfs endpoint. If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", "type": "string" }, - "source": { - "description": "source describes the SCM in use.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildSource" - }, - "strategy": { - "description": "strategy defines how to perform a build.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildStrategy" - }, - "successfulBuildsHistoryLimit": { - "description": "successfulBuildsHistoryLimit is the number of old successful builds to retain. When a BuildConfig is created, the 5 most recent successful builds are retained unless this value is set. If removed after the BuildConfig has been created, all successful builds are retained.", - "type": "integer", - "format": "int32" + "path": { + "description": "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string", + "default": "" }, - "triggers": { - "description": "triggers determine how new Builds can be launched from a BuildConfig. If no triggers are defined, a new build can only occur as a result of an explicit client build creation.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildTriggerPolicy" - } + "readOnly": { + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "boolean" } } }, - "com.github.openshift.api.build.v1.BuildConfigStatus": { - "description": "BuildConfigStatus contains current state of the build config object.", + "GlusterfsVolumeSource.v1.core.api.k8s.io": { + "description": "Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.", "type": "object", + "required": [ + "endpoints", + "path" + ], "properties": { - "imageChangeTriggers": { - "description": "imageChangeTriggers captures the runtime state of any ImageChangeTrigger specified in the BuildConfigSpec, including the value reconciled by the OpenShift APIServer for the lastTriggeredImageID. There is a single entry in this array for each image change trigger in spec. Each trigger status references the ImageStreamTag that acts as the source of the trigger.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageChangeTriggerStatus" - } + "endpoints": { + "description": "endpoints is the endpoint name that details Glusterfs topology.", + "type": "string", + "default": "" }, - "lastVersion": { - "description": "lastVersion is used to inform about number of last triggered build.", - "type": "integer", - "format": "int64", - "default": 0 + "path": { + "description": "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "string", + "default": "" + }, + "readOnly": { + "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": "boolean" } } }, - "com.github.openshift.api.build.v1.BuildList": { - "description": "BuildList is a collection of Builds.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "GroupKind.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types", "type": "object", "required": [ - "items" + "group", + "kind" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is a list of builds", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.Build" - } + "group": { + "type": "string", + "default": "" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "type": "string", + "default": "" } } }, - "com.github.openshift.api.build.v1.BuildLog": { - "description": "BuildLog is the (unused) resource associated with the build log redirector\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "GroupResource.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "GroupResource specifies a Group and a Resource, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types", "type": "object", + "required": [ + "group", + "resource" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "group": { + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "resource": { + "type": "string", + "default": "" } } }, - "com.github.openshift.api.build.v1.BuildLogOptions": { - "description": "BuildLogOptions is the REST options for a build log\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "GroupVersion.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "GroupVersion contains the \"group\" and the \"version\", which uniquely identifies the API.", "type": "object", + "required": [ + "group", + "version" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "container": { - "description": "cointainer for which to stream logs. Defaults to only container if there is one container in the pod.", - "type": "string" - }, - "follow": { - "description": "follow if true indicates that the build log should be streamed until the build terminates.", - "type": "boolean" - }, - "insecureSkipTLSVerifyBackend": { - "description": "insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the serving certificate of the backend it is connecting to. This will make the HTTPS connection between the apiserver and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real kubelet. If the kubelet is configured to verify the apiserver's TLS credentials, it does not mean the connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept the actual log data coming from the real kubelet).", - "type": "boolean" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "limitBytes": { - "description": "limitBytes, If set, is the number of bytes to read from the server before terminating the log output. This may not display a complete final line of logging, and may return slightly more or slightly less than the specified limit.", - "type": "integer", - "format": "int64" - }, - "nowait": { - "description": "nowait if true causes the call to return immediately even if the build is not available yet. Otherwise the server will wait until the build has started.", - "type": "boolean" - }, - "previous": { - "description": "previous returns previous build logs. Defaults to false.", - "type": "boolean" - }, - "sinceSeconds": { - "description": "sinceSeconds is a relative time in seconds before the current time from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", - "type": "integer", - "format": "int64" - }, - "sinceTime": { - "description": "sinceTime is an RFC3339 timestamp from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "tailLines": { - "description": "tailLines, If set, is the number of lines from the end of the logs to show. If not specified, logs are shown from the creation of the container or sinceSeconds or sinceTime", - "type": "integer", - "format": "int64" + "group": { + "type": "string", + "default": "" }, - "timestamps": { - "description": "timestamps, If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line of log output. Defaults to false.", - "type": "boolean" + "version": { + "type": "string", + "default": "" + } + } + }, + "GroupVersionForDiscovery.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "GroupVersion contains the \"group/version\" and \"version\" string of a version. It is made a struct to keep extensibility.", + "type": "object", + "required": [ + "groupVersion", + "version" + ], + "properties": { + "groupVersion": { + "description": "groupVersion specifies the API group and version in the form \"group/version\"", + "type": "string", + "default": "" }, "version": { - "description": "version of the build for which to view logs.", - "type": "integer", - "format": "int64" + "description": "version specifies the version in the form of \"version\". This is to save the clients the trouble of splitting the GroupVersion.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.build.v1.BuildOutput": { - "description": "BuildOutput is input to a build strategy and describes the container image that the strategy should produce.", + "GroupVersionKind.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling", "type": "object", + "required": [ + "group", + "version", + "kind" + ], "properties": { - "imageLabels": { - "description": "imageLabels define a list of labels that are applied to the resulting image. If there are multiple labels with the same name then the last one in the list is used.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageLabel" - } + "group": { + "type": "string", + "default": "" }, - "pushSecret": { - "description": "pushSecret is the name of a Secret that would be used for setting up the authentication for executing the Docker push to authentication enabled Docker Registry (or Docker Hub).", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + "kind": { + "type": "string", + "default": "" }, - "to": { - "description": "to defines an optional location to push the output of this build to. Kind must be one of 'ImageStreamTag' or 'DockerImage'. This value will be used to look up a container image repository to push to. In the case of an ImageStreamTag, the ImageStreamTag will be looked for in the namespace of the build unless Namespace is specified.", - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + "version": { + "type": "string", + "default": "" } } }, - "com.github.openshift.api.build.v1.BuildPostCommitSpec": { - "description": "A BuildPostCommitSpec holds a build post commit hook specification. The hook executes a command in a temporary container running the build output image, immediately after the last layer of the image is committed and before the image is pushed to a registry. The command is executed with the current working directory ($PWD) set to the image's WORKDIR.\n\nThe build will be marked as failed if the hook execution fails. It will fail if the script or command return a non-zero exit code, or if there is any other error related to starting the temporary container.\n\nThere are five different ways to configure the hook. As an example, all forms below are equivalent and will execute `rake test --verbose`.\n\n1. Shell script:\n\n\t \"postCommit\": {\n\t \"script\": \"rake test --verbose\",\n\t }\n\n\tThe above is a convenient form which is equivalent to:\n\n\t \"postCommit\": {\n\t \"command\": [\"/bin/sh\", \"-ic\"],\n\t \"args\": [\"rake test --verbose\"]\n\t }\n\n2. A command as the image entrypoint:\n\n\t \"postCommit\": {\n\t \"commit\": [\"rake\", \"test\", \"--verbose\"]\n\t }\n\n\tCommand overrides the image entrypoint in the exec form, as documented in\n\tDocker: https://docs.docker.com/engine/reference/builder/#entrypoint.\n\n3. Pass arguments to the default entrypoint:\n\n\t \"postCommit\": {\n\t\t\t \"args\": [\"rake\", \"test\", \"--verbose\"]\n\t\t }\n\n\t This form is only useful if the image entrypoint can handle arguments.\n\n4. Shell script with arguments:\n\n\t \"postCommit\": {\n\t \"script\": \"rake test $1\",\n\t \"args\": [\"--verbose\"]\n\t }\n\n\tThis form is useful if you need to pass arguments that would otherwise be\n\thard to quote properly in the shell script. In the script, $0 will be\n\t\"/bin/sh\" and $1, $2, etc, are the positional arguments from Args.\n\n5. Command with arguments:\n\n\t \"postCommit\": {\n\t \"command\": [\"rake\", \"test\"],\n\t \"args\": [\"--verbose\"]\n\t }\n\n\tThis form is equivalent to appending the arguments to the Command slice.\n\nIt is invalid to provide both Script and Command simultaneously. If none of the fields are specified, the hook is not executed.", + "GroupVersionResource.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "GroupVersionResource unambiguously identifies a resource. It doesn't anonymously include GroupVersion to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling", "type": "object", + "required": [ + "group", + "version", + "resource" + ], "properties": { - "args": { - "description": "args is a list of arguments that are provided to either Command, Script or the container image's default entrypoint. The arguments are placed immediately after the command to be run.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "group": { + "type": "string", + "default": "" }, - "command": { - "description": "command is the command to run. It may not be specified with Script. This might be needed if the image doesn't have `/bin/sh`, or if you do not want to use a shell. In all other cases, using Script might be more convenient.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "resource": { + "type": "string", + "default": "" }, - "script": { - "description": "script is a shell script to be run with `/bin/sh -ic`. It may not be specified with Command. Use Script when a shell script is appropriate to execute the post build hook, for example for running unit tests with `rake test`. If you need control over the image entrypoint, or if the image does not have `/bin/sh`, use Command and/or Args. The `-i` flag is needed to support CentOS and RHEL images that use Software Collections (SCL), in order to have the appropriate collections enabled in the shell. E.g., in the Ruby image, this is necessary to make `ruby`, `bundle` and other binaries available in the PATH.", - "type": "string" + "version": { + "type": "string", + "default": "" } } }, - "com.github.openshift.api.build.v1.BuildRequest": { - "description": "BuildRequest is the resource used to pass parameters to build generator\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "HTTPGetAction.v1.core.api.k8s.io": { + "description": "HTTPGetAction describes an action based on HTTP Get requests.", "type": "object", + "required": [ + "port" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "host": { + "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", "type": "string" }, - "binary": { - "description": "binary indicates a request to build from a binary provided to the builder", - "$ref": "#/definitions/com.github.openshift.api.build.v1.BinaryBuildSource" - }, - "dockerStrategyOptions": { - "description": "dockerStrategyOptions contains additional docker-strategy specific options for the build", - "$ref": "#/definitions/com.github.openshift.api.build.v1.DockerStrategyOptions" - }, - "env": { - "description": "env contains additional environment variables you want to pass into a builder container.", + "httpHeaders": { + "description": "Custom headers to set in the request. HTTP allows repeated headers.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" - } - }, - "from": { - "description": "from is the reference to the ImageStreamTag that triggered the build.", - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + "$ref": "#/definitions/HTTPHeader.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "path": { + "description": "Path to access on the HTTP server.", "type": "string" }, - "lastVersion": { - "description": "lastVersion (optional) is the LastVersion of the BuildConfig that was used to generate the build. If the BuildConfig in the generator doesn't match, a build will not be generated.", - "type": "integer", - "format": "int64" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "revision": { - "description": "revision is the information from the source for a specific repo snapshot.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" - }, - "sourceStrategyOptions": { - "description": "sourceStrategyOptions contains additional source-strategy specific options for the build", - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceStrategyOptions" - }, - "triggeredBy": { - "description": "triggeredBy describes which triggers started the most recent update to the build configuration and contains information about those triggers.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildTriggerCause" - } + "port": { + "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "$ref": "#/definitions/IntOrString.intstr.util.pkg.apimachinery.k8s.io" }, - "triggeredByImage": { - "description": "triggeredByImage is the Image that triggered this build.", - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + "scheme": { + "description": "Scheme to use for connecting to the host. Defaults to HTTP.\n\nPossible enum values:\n - `\"HTTP\"` means that the scheme used will be http://\n - `\"HTTPS\"` means that the scheme used will be https://", + "type": "string", + "enum": [ + "HTTP", + "HTTPS" + ] } } }, - "com.github.openshift.api.build.v1.BuildSource": { - "description": "BuildSource is the SCM used for the build.", + "HTTPHeader.v1.core.api.k8s.io": { + "description": "HTTPHeader describes a custom header to be used in HTTP probes", "type": "object", + "required": [ + "name", + "value" + ], "properties": { - "binary": { - "description": "binary builds accept a binary as their input. The binary is generally assumed to be a tar, gzipped tar, or zip file depending on the strategy. For container image builds, this is the build context and an optional Dockerfile may be specified to override any Dockerfile in the build context. For Source builds, this is assumed to be an archive as described above. For Source and container image builds, if binary.asFile is set the build will receive a directory with a single file. contextDir may be used when an archive is provided. Custom builds will receive this binary as input on STDIN.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.BinaryBuildSource" - }, - "configMaps": { - "description": "configMaps represents a list of configMaps and their destinations that will be used for the build.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.ConfigMapBuildSource" - } + "name": { + "description": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", + "type": "string", + "default": "" }, - "contextDir": { - "description": "contextDir specifies the sub-directory where the source code for the application exists. This allows to have buildable sources in directory other than root of repository.", - "type": "string" - }, - "dockerfile": { - "description": "dockerfile is the raw contents of a Dockerfile which should be built. When this option is specified, the FROM may be modified based on your strategy base image and additional ENV stanzas from your strategy environment will be added after the FROM, but before the rest of your Dockerfile stanzas. The Dockerfile source type may be used with other options like git - in those cases the Git repo will have any innate Dockerfile replaced in the context dir.", - "type": "string" - }, - "git": { - "description": "git contains optional information about git build source", - "$ref": "#/definitions/com.github.openshift.api.build.v1.GitBuildSource" - }, - "images": { - "description": "images describes a set of images to be used to provide source for the build", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageSource" - } - }, - "secrets": { - "description": "secrets represents a list of secrets and their destinations that will be used only for the build.", + "value": { + "description": "The header field value", + "type": "string", + "default": "" + } + } + }, + "HostAlias.v1.core.api.k8s.io": { + "description": "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.", + "type": "object", + "required": [ + "ip" + ], + "properties": { + "hostnames": { + "description": "Hostnames for the above IP address.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.SecretBuildSource" - } + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "sourceSecret": { - "description": "sourceSecret is the name of a Secret that would be used for setting up the authentication for cloning private repository. The secret contains valid credentials for remote repository, where the data's key represent the authentication method to be used and value is the base64 encoded credentials. Supported auth methods are: ssh-privatekey.", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + "ip": { + "description": "IP address of the host file entry.", + "type": "string", + "default": "" + } + } + }, + "HostIP.v1.core.api.k8s.io": { + "description": "HostIP represents a single IP address allocated to the host.", + "type": "object", + "required": [ + "ip" + ], + "properties": { + "ip": { + "description": "IP is the IP address assigned to the host", + "type": "string", + "default": "" + } + } + }, + "HostPathVolumeSource.v1.core.api.k8s.io": { + "description": "Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.", + "type": "object", + "required": [ + "path" + ], + "properties": { + "path": { + "description": "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "type": "string", + "default": "" }, "type": { - "description": "type of build input to accept", - "type": "string" + "description": "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n\nPossible enum values:\n - `\"\"` For backwards compatible, leave it empty if unset\n - `\"BlockDevice\"` A block device must exist at the given path\n - `\"CharDevice\"` A character device must exist at the given path\n - `\"Directory\"` A directory must exist at the given path\n - `\"DirectoryOrCreate\"` If nothing exists at the given path, an empty directory will be created there as needed with file mode 0755, having the same group and ownership with Kubelet.\n - `\"File\"` A file must exist at the given path\n - `\"FileOrCreate\"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet.\n - `\"Socket\"` A UNIX socket must exist at the given path", + "type": "string", + "enum": [ + "", + "BlockDevice", + "CharDevice", + "Directory", + "DirectoryOrCreate", + "File", + "FileOrCreate", + "Socket" + ] } } }, - "com.github.openshift.api.build.v1.BuildSpec": { - "description": "BuildSpec has the information to represent a build and also additional information about a build", + "ISCSIPersistentVolumeSource.v1.core.api.k8s.io": { + "description": "ISCSIPersistentVolumeSource represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.", "type": "object", "required": [ - "strategy" + "targetPortal", + "iqn", + "lun" ], "properties": { - "completionDeadlineSeconds": { - "description": "completionDeadlineSeconds is an optional duration in seconds, counted from the time when a build pod gets scheduled in the system, that the build may be active on a node before the system actively tries to terminate the build; value must be positive integer", - "type": "integer", - "format": "int64" + "chapAuthDiscovery": { + "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", + "type": "boolean" }, - "mountTrustedCA": { - "description": "mountTrustedCA bind mounts the cluster's trusted certificate authorities, as defined in the cluster's proxy configuration, into the build. This lets processes within a build trust components signed by custom PKI certificate authorities, such as private artifact repositories and HTTPS proxies.\n\nWhen this field is set to true, the contents of `/etc/pki/ca-trust` within the build are managed by the build container, and any changes to this directory or its subdirectories (for example - within a Dockerfile `RUN` instruction) are not persisted in the build's output image.", + "chapAuthSession": { + "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", "type": "boolean" }, - "nodeSelector": { - "description": "nodeSelector is a selector which must be true for the build pod to fit on a node If nil, it can be overridden by default build nodeselector values for the cluster. If set to an empty map or a map with any values, default build nodeselector values are ignored.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", + "type": "string" }, - "output": { - "description": "output describes the container image the Strategy should produce.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildOutput" + "initiatorName": { + "description": "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection.", + "type": "string" }, - "postCommit": { - "description": "postCommit is a build hook executed after the build output image is committed, before it is pushed to a registry.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildPostCommitSpec" + "iqn": { + "description": "iqn is Target iSCSI Qualified Name.", + "type": "string", + "default": "" }, - "resources": { - "description": "resources computes resource requirements to execute the build.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" + "iscsiInterface": { + "description": "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).", + "type": "string", + "default": "default" }, - "revision": { - "description": "revision is the information from the source for a specific repo snapshot. This is optional.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" + "lun": { + "description": "lun is iSCSI Target Lun number.", + "type": "integer", + "format": "int32", + "default": 0 }, - "serviceAccount": { - "description": "serviceAccount is the name of the ServiceAccount to use to run the pod created by this build. The pod will be allowed to use secrets referenced by the ServiceAccount", - "type": "string" + "portals": { + "description": "portals is the iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "source": { - "description": "source describes the SCM in use.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildSource" + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.", + "type": "boolean" }, - "strategy": { - "description": "strategy defines how to perform a build.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildStrategy" + "secretRef": { + "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", + "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" }, - "triggeredBy": { - "description": "triggeredBy describes which triggers started the most recent update to the build configuration and contains information about those triggers.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildTriggerCause" - } + "targetPortal": { + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.build.v1.BuildStatus": { - "description": "BuildStatus contains the status of a build", + "ISCSIVolumeSource.v1.core.api.k8s.io": { + "description": "Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.", "type": "object", + "required": [ + "targetPortal", + "iqn", + "lun" + ], "properties": { - "cancelled": { - "description": "cancelled describes if a cancel event was triggered for the build.", + "chapAuthDiscovery": { + "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", "type": "boolean" }, - "completionTimestamp": { - "description": "completionTimestamp is a timestamp representing the server time when this Build was finished, whether that build failed or succeeded. It reflects the time at which the Pod running the Build terminated. It is represented in RFC3339 form and is in UTC.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "conditions": { - "description": "conditions represents the latest available observations of a build's current state.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildCondition" - }, - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" - }, - "config": { - "description": "config is an ObjectReference to the BuildConfig this Build is based on.", - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" - }, - "duration": { - "description": "duration contains time.Duration object describing build time.", - "type": "integer", - "format": "int64" - }, - "logSnippet": { - "description": "logSnippet is the last few lines of the build log. This value is only set for builds that failed.", - "type": "string" + "chapAuthSession": { + "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", + "type": "boolean" }, - "message": { - "description": "message is a human-readable message indicating details about why the build has this status.", + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", "type": "string" }, - "output": { - "description": "output describes the container image the build has produced.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildStatusOutput" - }, - "outputDockerImageReference": { - "description": "outputDockerImageReference contains a reference to the container image that will be built by this build. Its value is computed from Build.Spec.Output.To, and should include the registry address, so that it can be used to push and pull the image.", + "initiatorName": { + "description": "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection.", "type": "string" }, - "phase": { - "description": "phase is the point in the build lifecycle. Possible values are \"New\", \"Pending\", \"Running\", \"Complete\", \"Failed\", \"Error\", and \"Cancelled\".", + "iqn": { + "description": "iqn is the target iSCSI Qualified Name.", "type": "string", "default": "" }, - "reason": { - "description": "reason is a brief CamelCase string that describes any failure and is meant for machine parsing and tidy display in the CLI.", - "type": "string" + "iscsiInterface": { + "description": "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).", + "type": "string", + "default": "default" }, - "stages": { - "description": "stages contains details about each stage that occurs during the build including start time, duration (in milliseconds), and the steps that occured within each stage.", + "lun": { + "description": "lun represents iSCSI Target Lun number.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "portals": { + "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.StageInfo" - } + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "startTimestamp": { - "description": "startTimestamp is a timestamp representing the server time when this Build started running in a Pod. It is represented in RFC3339 form and is in UTC.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - } - } - }, - "com.github.openshift.api.build.v1.BuildStatusOutput": { - "description": "BuildStatusOutput contains the status of the built image.", - "type": "object", - "properties": { - "to": { - "description": "to describes the status of the built image being pushed to a registry.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildStatusOutputTo" - } - } - }, - "com.github.openshift.api.build.v1.BuildStatusOutputTo": { - "description": "BuildStatusOutputTo describes the status of the built image with regards to image registry to which it was supposed to be pushed.", - "type": "object", - "properties": { - "imageDigest": { - "description": "imageDigest is the digest of the built container image. The digest uniquely identifies the image in the registry to which it was pushed.\n\nPlease note that this field may not always be set even if the push completes successfully - e.g. when the registry returns no digest or returns it in a format that the builder doesn't understand.", - "type": "string" + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + }, + "targetPortal": { + "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.build.v1.BuildStrategy": { - "description": "BuildStrategy contains the details of how to perform a build.", + "ImageVolumeSource.v1.core.api.k8s.io": { + "description": "ImageVolumeSource represents a image volume resource.", "type": "object", "properties": { - "customStrategy": { - "description": "customStrategy holds the parameters to the Custom build strategy", - "$ref": "#/definitions/com.github.openshift.api.build.v1.CustomBuildStrategy" - }, - "dockerStrategy": { - "description": "dockerStrategy holds the parameters to the container image build strategy.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.DockerBuildStrategy" - }, - "jenkinsPipelineStrategy": { - "description": "jenkinsPipelineStrategy holds the parameters to the Jenkins Pipeline build strategy. Deprecated: use OpenShift Pipelines", - "$ref": "#/definitions/com.github.openshift.api.build.v1.JenkinsPipelineBuildStrategy" - }, - "sourceStrategy": { - "description": "sourceStrategy holds the parameters to the Source build strategy.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceBuildStrategy" + "pullPolicy": { + "description": "Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.\n\nPossible enum values:\n - `\"Always\"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.\n - `\"IfNotPresent\"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.\n - `\"Never\"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present", + "type": "string", + "enum": [ + "Always", + "IfNotPresent", + "Never" + ] }, - "type": { - "description": "type is the kind of build strategy.", + "reference": { + "description": "Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", "type": "string" } } }, - "com.github.openshift.api.build.v1.BuildTriggerCause": { - "description": "BuildTriggerCause holds information about a triggered build. It is used for displaying build trigger data for each build and build configuration in oc describe. It is also used to describe which triggers led to the most recent update in the build configuration.", + "IntOrString.intstr.util.pkg.apimachinery.k8s.io": { + "description": "IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number.", + "type": "string", + "format": "int-or-string" + }, + "InternalEvent.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "InternalEvent makes watch.Event versioned", "type": "object", + "required": [ + "Type", + "Object" + ], "properties": { - "bitbucketWebHook": { - "description": "bitbucketWebHook represents data for a Bitbucket webhook that fired a specific build.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.BitbucketWebHookCause" - }, - "genericWebHook": { - "description": "genericWebHook holds data about a builds generic webhook trigger.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.GenericWebHookCause" - }, - "githubWebHook": { - "description": "githubWebHook represents data for a GitHub webhook that fired a specific build.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.GitHubWebHookCause" - }, - "gitlabWebHook": { - "description": "gitlabWebHook represents data for a GitLab webhook that fired a specific build.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.GitLabWebHookCause" - }, - "imageChangeBuild": { - "description": "imageChangeBuild stores information about an imagechange event that triggered a new build.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageChangeCause" + "Object": { + "description": "Object is:\n * If Type is Added or Modified: the new state of the object.\n * If Type is Deleted: the state of the object immediately before deletion.\n * If Type is Bookmark: the object (instance of a type being watched) where\n only ResourceVersion field is set. On successful restart of watch from a\n bookmark resourceVersion, client is guaranteed to not get repeat event\n nor miss any events.\n * If Type is Error: *api.Status is recommended; other types may make sense\n depending on context." }, - "message": { - "description": "message is used to store a human readable message for why the build was triggered. E.g.: \"Manually triggered by user\", \"Configuration change\",etc.", - "type": "string" + "Type": { + "type": "string", + "default": "" } } }, - "com.github.openshift.api.build.v1.BuildTriggerPolicy": { - "description": "BuildTriggerPolicy describes a policy for a single trigger that results in a new Build.", + "KeyToPath.v1.core.api.k8s.io": { + "description": "Maps a string key to a path within a volume.", "type": "object", "required": [ - "type" + "key", + "path" ], "properties": { - "bitbucket": { - "description": "BitbucketWebHook contains the parameters for a Bitbucket webhook type of trigger", - "$ref": "#/definitions/com.github.openshift.api.build.v1.WebHookTrigger" - }, - "generic": { - "description": "generic contains the parameters for a Generic webhook type of trigger", - "$ref": "#/definitions/com.github.openshift.api.build.v1.WebHookTrigger" - }, - "github": { - "description": "github contains the parameters for a GitHub webhook type of trigger", - "$ref": "#/definitions/com.github.openshift.api.build.v1.WebHookTrigger" - }, - "gitlab": { - "description": "GitLabWebHook contains the parameters for a GitLab webhook type of trigger", - "$ref": "#/definitions/com.github.openshift.api.build.v1.WebHookTrigger" + "key": { + "description": "key is the key to project.", + "type": "string", + "default": "" }, - "imageChange": { - "description": "imageChange contains parameters for an ImageChange type of trigger", - "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageChangeTrigger" + "mode": { + "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" }, - "type": { - "description": "type is the type of build trigger. Valid values:\n\n- GitHub GitHubWebHookBuildTriggerType represents a trigger that launches builds on GitHub webhook invocations\n\n- Generic GenericWebHookBuildTriggerType represents a trigger that launches builds on generic webhook invocations\n\n- GitLab GitLabWebHookBuildTriggerType represents a trigger that launches builds on GitLab webhook invocations\n\n- Bitbucket BitbucketWebHookBuildTriggerType represents a trigger that launches builds on Bitbucket webhook invocations\n\n- ImageChange ImageChangeBuildTriggerType represents a trigger that launches builds on availability of a new version of an image\n\n- ConfigChange ConfigChangeBuildTriggerType will trigger a build on an initial build config creation WARNING: In the future the behavior will change to trigger a build on any config change", + "path": { + "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", "type": "string", "default": "" } } }, - "com.github.openshift.api.build.v1.BuildVolume": { - "description": "BuildVolume describes a volume that is made available to build pods, such that it can be mounted into buildah's runtime environment. Only a subset of Kubernetes Volume sources are supported.", + "LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.", "type": "object", - "required": [ - "name", - "source", - "mounts" - ], "properties": { - "mounts": { - "description": "mounts represents the location of the volume in the image build container", + "matchExpressions": { + "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildVolumeMount" + "$ref": "#/definitions/LabelSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "x-kubernetes-list-map-keys": [ - "destinationPath" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "destinationPath", - "x-kubernetes-patch-strategy": "merge" - }, - "name": { - "description": "name is a unique identifier for this BuildVolume. It must conform to the Kubernetes DNS label standard and be unique within the pod. Names that collide with those added by the build controller will result in a failed build with an error message detailing which name caused the error. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string", - "default": "" + "x-kubernetes-list-type": "atomic" }, - "source": { - "description": "source represents the location and type of the mounted volume.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildVolumeSource" + "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.build.v1.BuildVolumeMount": { - "description": "BuildVolumeMount describes the mounting of a Volume within buildah's runtime environment.", + "LabelSelectorAttributes.v1.authorization.api.k8s.io": { + "description": "LabelSelectorAttributes indicates a label limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.", "type": "object", - "required": [ - "destinationPath" - ], "properties": { - "destinationPath": { - "description": "destinationPath is the path within the buildah runtime environment at which the volume should be mounted. The transient mount within the build image and the backing volume will both be mounted read only. Must be an absolute path, must not contain '..' or ':', and must not collide with a destination path generated by the builder process Paths that collide with those added by the build controller will result in a failed build with an error message detailing which path caused the error.", - "type": "string", - "default": "" + "rawSelector": { + "description": "rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.", + "type": "string" + }, + "requirements": { + "description": "requirements is the parsed interpretation of a label selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/LabelSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.build.v1.BuildVolumeSource": { - "description": "BuildVolumeSource represents the source of a volume to mount Only one of its supported types may be specified at any given time.", + "LabelSelectorRequirement.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ - "type" + "key", + "operator" ], "properties": { - "configMap": { - "description": "configMap represents a ConfigMap that should populate this volume", - "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapVolumeSource" - }, - "csi": { - "description": "csi represents ephemeral storage provided by external CSI drivers which support this capability", - "$ref": "#/definitions/io.k8s.api.core.v1.CSIVolumeSource" - }, - "secret": { - "description": "secret represents a Secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "$ref": "#/definitions/io.k8s.api.core.v1.SecretVolumeSource" + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string", + "default": "" }, - "type": { - "description": "type is the BuildVolumeSourceType for the volume source. Type must match the populated volume source. Valid types are: Secret, ConfigMap", + "operator": { + "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", "type": "string", "default": "" + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.build.v1.CommonSpec": { - "description": "CommonSpec encapsulates all the inputs necessary to represent a build.", + "Lifecycle.v1.core.api.k8s.io": { + "description": "Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.", "type": "object", - "required": [ - "strategy" - ], "properties": { - "completionDeadlineSeconds": { - "description": "completionDeadlineSeconds is an optional duration in seconds, counted from the time when a build pod gets scheduled in the system, that the build may be active on a node before the system actively tries to terminate the build; value must be positive integer", - "type": "integer", - "format": "int64" + "postStart": { + "description": "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "$ref": "#/definitions/LifecycleHandler.v1.core.api.k8s.io" }, - "mountTrustedCA": { - "description": "mountTrustedCA bind mounts the cluster's trusted certificate authorities, as defined in the cluster's proxy configuration, into the build. This lets processes within a build trust components signed by custom PKI certificate authorities, such as private artifact repositories and HTTPS proxies.\n\nWhen this field is set to true, the contents of `/etc/pki/ca-trust` within the build are managed by the build container, and any changes to this directory or its subdirectories (for example - within a Dockerfile `RUN` instruction) are not persisted in the build's output image.", - "type": "boolean" + "preStop": { + "description": "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", + "$ref": "#/definitions/LifecycleHandler.v1.core.api.k8s.io" }, - "nodeSelector": { - "description": "nodeSelector is a selector which must be true for the build pod to fit on a node If nil, it can be overridden by default build nodeselector values for the cluster. If set to an empty map or a map with any values, default build nodeselector values are ignored.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "output": { - "description": "output describes the container image the Strategy should produce.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildOutput" - }, - "postCommit": { - "description": "postCommit is a build hook executed after the build output image is committed, before it is pushed to a registry.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildPostCommitSpec" - }, - "resources": { - "description": "resources computes resource requirements to execute the build.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" - }, - "revision": { - "description": "revision is the information from the source for a specific repo snapshot. This is optional.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" - }, - "serviceAccount": { - "description": "serviceAccount is the name of the ServiceAccount to use to run the pod created by this build. The pod will be allowed to use secrets referenced by the ServiceAccount", - "type": "string" - }, - "source": { - "description": "source describes the SCM in use.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildSource" - }, - "strategy": { - "description": "strategy defines how to perform a build.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildStrategy" + "stopSignal": { + "description": "StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name\n\nPossible enum values:\n - `\"SIGABRT\"`\n - `\"SIGALRM\"`\n - `\"SIGBUS\"`\n - `\"SIGCHLD\"`\n - `\"SIGCLD\"`\n - `\"SIGCONT\"`\n - `\"SIGFPE\"`\n - `\"SIGHUP\"`\n - `\"SIGILL\"`\n - `\"SIGINT\"`\n - `\"SIGIO\"`\n - `\"SIGIOT\"`\n - `\"SIGKILL\"`\n - `\"SIGPIPE\"`\n - `\"SIGPOLL\"`\n - `\"SIGPROF\"`\n - `\"SIGPWR\"`\n - `\"SIGQUIT\"`\n - `\"SIGRTMAX\"`\n - `\"SIGRTMAX-1\"`\n - `\"SIGRTMAX-10\"`\n - `\"SIGRTMAX-11\"`\n - `\"SIGRTMAX-12\"`\n - `\"SIGRTMAX-13\"`\n - `\"SIGRTMAX-14\"`\n - `\"SIGRTMAX-2\"`\n - `\"SIGRTMAX-3\"`\n - `\"SIGRTMAX-4\"`\n - `\"SIGRTMAX-5\"`\n - `\"SIGRTMAX-6\"`\n - `\"SIGRTMAX-7\"`\n - `\"SIGRTMAX-8\"`\n - `\"SIGRTMAX-9\"`\n - `\"SIGRTMIN\"`\n - `\"SIGRTMIN+1\"`\n - `\"SIGRTMIN+10\"`\n - `\"SIGRTMIN+11\"`\n - `\"SIGRTMIN+12\"`\n - `\"SIGRTMIN+13\"`\n - `\"SIGRTMIN+14\"`\n - `\"SIGRTMIN+15\"`\n - `\"SIGRTMIN+2\"`\n - `\"SIGRTMIN+3\"`\n - `\"SIGRTMIN+4\"`\n - `\"SIGRTMIN+5\"`\n - `\"SIGRTMIN+6\"`\n - `\"SIGRTMIN+7\"`\n - `\"SIGRTMIN+8\"`\n - `\"SIGRTMIN+9\"`\n - `\"SIGSEGV\"`\n - `\"SIGSTKFLT\"`\n - `\"SIGSTOP\"`\n - `\"SIGSYS\"`\n - `\"SIGTERM\"`\n - `\"SIGTRAP\"`\n - `\"SIGTSTP\"`\n - `\"SIGTTIN\"`\n - `\"SIGTTOU\"`\n - `\"SIGURG\"`\n - `\"SIGUSR1\"`\n - `\"SIGUSR2\"`\n - `\"SIGVTALRM\"`\n - `\"SIGWINCH\"`\n - `\"SIGXCPU\"`\n - `\"SIGXFSZ\"`", + "type": "string", + "enum": [ + "SIGABRT", + "SIGALRM", + "SIGBUS", + "SIGCHLD", + "SIGCLD", + "SIGCONT", + "SIGFPE", + "SIGHUP", + "SIGILL", + "SIGINT", + "SIGIO", + "SIGIOT", + "SIGKILL", + "SIGPIPE", + "SIGPOLL", + "SIGPROF", + "SIGPWR", + "SIGQUIT", + "SIGRTMAX", + "SIGRTMAX-1", + "SIGRTMAX-10", + "SIGRTMAX-11", + "SIGRTMAX-12", + "SIGRTMAX-13", + "SIGRTMAX-14", + "SIGRTMAX-2", + "SIGRTMAX-3", + "SIGRTMAX-4", + "SIGRTMAX-5", + "SIGRTMAX-6", + "SIGRTMAX-7", + "SIGRTMAX-8", + "SIGRTMAX-9", + "SIGRTMIN", + "SIGRTMIN+1", + "SIGRTMIN+10", + "SIGRTMIN+11", + "SIGRTMIN+12", + "SIGRTMIN+13", + "SIGRTMIN+14", + "SIGRTMIN+15", + "SIGRTMIN+2", + "SIGRTMIN+3", + "SIGRTMIN+4", + "SIGRTMIN+5", + "SIGRTMIN+6", + "SIGRTMIN+7", + "SIGRTMIN+8", + "SIGRTMIN+9", + "SIGSEGV", + "SIGSTKFLT", + "SIGSTOP", + "SIGSYS", + "SIGTERM", + "SIGTRAP", + "SIGTSTP", + "SIGTTIN", + "SIGTTOU", + "SIGURG", + "SIGUSR1", + "SIGUSR2", + "SIGVTALRM", + "SIGWINCH", + "SIGXCPU", + "SIGXFSZ" + ] } } }, - "com.github.openshift.api.build.v1.CommonWebHookCause": { - "description": "CommonWebHookCause factors out the identical format of these webhook causes into struct so we can share it in the specific causes; it is too late for GitHub and Generic but we can leverage this pattern with GitLab and Bitbucket.", + "LifecycleHandler.v1.core.api.k8s.io": { + "description": "LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.", "type": "object", "properties": { - "revision": { - "description": "revision is the git source revision information of the trigger.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" + "exec": { + "description": "Exec specifies a command to execute in the container.", + "$ref": "#/definitions/ExecAction.v1.core.api.k8s.io" }, - "secret": { - "description": "secret is the obfuscated webhook secret that triggered a build.", - "type": "string" + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "$ref": "#/definitions/HTTPGetAction.v1.core.api.k8s.io" + }, + "sleep": { + "description": "Sleep represents a duration that the container should sleep.", + "$ref": "#/definitions/SleepAction.v1.core.api.k8s.io" + }, + "tcpSocket": { + "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified.", + "$ref": "#/definitions/TCPSocketAction.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.build.v1.ConfigMapBuildSource": { - "description": "ConfigMapBuildSource describes a configmap and its destination directory that will be used only at the build time. The content of the configmap referenced here will be copied into the destination directory instead of mounting.", + "LimitRange.v1.core.api.k8s.io": { + "description": "LimitRange sets resource usage limits for each kind of resource in a Namespace.", "type": "object", - "required": [ - "configMap" - ], "properties": { - "configMap": { - "description": "configMap is a reference to an existing configmap that you want to use in your build.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "destinationDir": { - "description": "destinationDir is the directory where the files from the configmap should be available for the build time. For the Source build strategy, these will be injected into a container where the assemble script runs. For the container image build strategy, these will be copied into the build directory, where the Dockerfile is located, so users can ADD or COPY them during container image build.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "Spec defines the limits enforced. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "default": {}, + "$ref": "#/definitions/LimitRangeSpec.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.build.v1.CustomBuildStrategy": { - "description": "CustomBuildStrategy defines input parameters specific to Custom build.", + "LimitRangeItem.v1.core.api.k8s.io": { + "description": "LimitRangeItem defines a min/max usage limit for any resource that matches on kind.", "type": "object", "required": [ - "from" + "type" ], "properties": { - "buildAPIVersion": { - "description": "buildAPIVersion is the requested API version for the Build object serialized and passed to the custom builder", - "type": "string" - }, - "env": { - "description": "env contains additional environment variables you want to pass into a builder container.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + "default": { + "description": "Default resource requirement limit value by resource name if resource limit is omitted.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" } }, - "exposeDockerSocket": { - "description": "exposeDockerSocket will allow running Docker commands (and build container images) from inside the container.", - "type": "boolean" - }, - "forcePull": { - "description": "forcePull describes if the controller should configure the build pod to always pull the images for the builder or only pull if it is not present locally", - "type": "boolean" + "defaultRequest": { + "description": "DefaultRequest is the default resource requirement request value by resource name if resource request is omitted.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + } }, - "from": { - "description": "from is reference to an DockerImage, ImageStreamTag, or ImageStreamImage from which the container image should be pulled", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + "max": { + "description": "Max usage constraints on this kind by resource name.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + } }, - "pullSecret": { - "description": "pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + "maxLimitRequestRatio": { + "description": "MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + } }, - "secrets": { - "description": "secrets is a list of additional secrets that will be included in the build pod", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.SecretSpec" + "min": { + "description": "Min usage constraints on this kind by resource name.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" } + }, + "type": { + "description": "Type of resource that this limit applies to.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.build.v1.DockerBuildStrategy": { - "description": "DockerBuildStrategy defines input parameters specific to container image build.", + "LimitRangeList.v1.core.api.k8s.io": { + "description": "LimitRangeList is a list of LimitRange items.", "type": "object", + "required": [ + "items" + ], "properties": { - "buildArgs": { - "description": "buildArgs contains build arguments that will be resolved in the Dockerfile. See https://docs.docker.com/engine/reference/builder/#/arg for more details. NOTE: Only the 'name' and 'value' fields are supported. Any settings on the 'valueFrom' field are ignored.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" - } - }, - "dockerfilePath": { - "description": "dockerfilePath is the path of the Dockerfile that will be used to build the container image, relative to the root of the context (contextDir). Defaults to `Dockerfile` if unset.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "env": { - "description": "env contains additional environment variables you want to pass into a builder container.", + "items": { + "description": "Items is a list of LimitRange objects. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + "$ref": "#/definitions/LimitRange.v1.core.api.k8s.io" } }, - "forcePull": { - "description": "forcePull describes if the builder should pull the images from registry prior to building.", - "type": "boolean" - }, - "from": { - "description": "from is a reference to an DockerImage, ImageStreamTag, or ImageStreamImage which overrides the FROM image in the Dockerfile for the build. If the Dockerfile uses multi-stage builds, this will replace the image in the last FROM directive of the file.", - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" - }, - "imageOptimizationPolicy": { - "description": "imageOptimizationPolicy describes what optimizations the system can use when building images to reduce the final size or time spent building the image. The default policy is 'None' which means the final build image will be equivalent to an image created by the container image build API. The experimental policy 'SkipLayers' will avoid commiting new layers in between each image step, and will fail if the Dockerfile cannot provide compatibility with the 'None' policy. An additional experimental policy 'SkipLayersAndWarn' is the same as 'SkipLayers' but simply warns if compatibility cannot be preserved.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "noCache": { - "description": "noCache if set to true indicates that the container image build must be executed with the --no-cache=true flag", - "type": "boolean" - }, - "pullSecret": { - "description": "pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" - }, - "volumes": { - "description": "volumes is a list of input volumes that can be mounted into the builds runtime environment. Only a subset of Kubernetes Volume sources are supported by builds. More info: https://kubernetes.io/docs/concepts/storage/volumes", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildVolume" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" + "metadata": { + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.build.v1.DockerStrategyOptions": { - "description": "DockerStrategyOptions contains extra strategy options for container image builds", + "LimitRangeSpec.v1.core.api.k8s.io": { + "description": "LimitRangeSpec defines a min/max usage limit for resources that match on kind.", "type": "object", + "required": [ + "limits" + ], "properties": { - "buildArgs": { - "description": "Args contains any build arguments that are to be passed to Docker. See https://docs.docker.com/engine/reference/builder/#/arg for more details", + "limits": { + "description": "Limits is the list of LimitRangeItem objects that are enforced.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" - } - }, - "noCache": { - "description": "noCache overrides the docker-strategy noCache option in the build config", - "type": "boolean" + "$ref": "#/definitions/LimitRangeItem.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.build.v1.GenericWebHookCause": { - "description": "GenericWebHookCause holds information about a generic WebHook that triggered a build.", + "LinuxContainerUser.v1.core.api.k8s.io": { + "description": "LinuxContainerUser represents user identity information in Linux containers", "type": "object", + "required": [ + "uid", + "gid" + ], "properties": { - "revision": { - "description": "revision is an optional field that stores the git source revision information of the generic webhook trigger when it is available.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" + "gid": { + "description": "GID is the primary gid initially attached to the first process in the container", + "type": "integer", + "format": "int64", + "default": 0 }, - "secret": { - "description": "secret is the obfuscated webhook secret that triggered a build.", - "type": "string" + "supplementalGroups": { + "description": "SupplementalGroups are the supplemental groups initially attached to the first process in the container", + "type": "array", + "items": { + "type": "integer", + "format": "int64", + "default": 0 + }, + "x-kubernetes-list-type": "atomic" + }, + "uid": { + "description": "UID is the primary uid initially attached to the first process in the container", + "type": "integer", + "format": "int64", + "default": 0 } } }, - "com.github.openshift.api.build.v1.GenericWebHookEvent": { - "description": "GenericWebHookEvent is the payload expected for a generic webhook post", + "List.v1.core.api.k8s.io": { + "description": "List holds a list of objects, which may not be known by the server.", "type": "object", + "required": [ + "items" + ], "properties": { - "dockerStrategyOptions": { - "description": "dockerStrategyOptions contains additional docker-strategy specific options for the build", - "$ref": "#/definitions/com.github.openshift.api.build.v1.DockerStrategyOptions" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "env": { - "description": "env contains additional environment variables you want to pass into a builder container. ValueFrom is not supported.", + "items": { + "description": "List of objects", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } }, - "git": { - "description": "git is the git information if the Type is BuildSourceGit", - "$ref": "#/definitions/com.github.openshift.api.build.v1.GitInfo" - }, - "type": { - "description": "type is the type of source repository", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.build.v1.GitBuildSource": { - "description": "GitBuildSource defines the parameters of a Git SCM", + "List.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "List holds a list of objects, which may not be known by the server.", "type": "object", "required": [ - "uri" + "items" ], "properties": { - "httpProxy": { - "description": "httpProxy is a proxy used to reach the git repository over http", - "type": "string" - }, - "httpsProxy": { - "description": "httpsProxy is a proxy used to reach the git repository over https", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "noProxy": { - "description": "noProxy is the list of domains for which the proxy should not be used", - "type": "string" + "items": { + "description": "List of objects", + "type": "array", + "items": { + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + } }, - "ref": { - "description": "ref is the branch/tag/ref to build.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "uri": { - "description": "uri points to the source that will be built. The structure of the source will depend on the type of build to run", - "type": "string", - "default": "" + "metadata": { + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.build.v1.GitHubWebHookCause": { - "description": "GitHubWebHookCause has information about a GitHub webhook that triggered a build.", + "ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.", "type": "object", "properties": { - "revision": { - "description": "revision is the git revision information of the trigger.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" + "continue": { + "description": "continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message.", + "type": "string" }, - "secret": { - "description": "secret is the obfuscated webhook secret that triggered a build.", + "remainingItemCount": { + "description": "remainingItemCount is the number of subsequent items in the list which are not included in this list response. If the list request contained label or field selectors, then the number of remaining items is unknown and the field will be left unset and omitted during serialization. If the list is complete (either because it is not chunking or because this is the last chunk), then there are no more remaining items and this field will be left unset and omitted during serialization. Servers older than v1.15 do not set this field. The intended use of the remainingItemCount is *estimating* the size of a collection. Clients should not rely on the remainingItemCount to be set or to be exact.", + "type": "integer", + "format": "int64" + }, + "resourceVersion": { + "description": "String that identifies the server's internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "selfLink": { + "description": "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.", "type": "string" } } }, - "com.github.openshift.api.build.v1.GitInfo": { - "description": "GitInfo is the aggregated git information for a generic webhook post", + "ListOptions.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "ListOptions is the query options to a standard REST list call.", "type": "object", - "required": [ - "uri", - "refs" - ], "properties": { - "author": { - "description": "author is the author of a specific commit", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceControlUser" + "allowWatchBookmarks": { + "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", + "type": "boolean" }, - "commit": { - "description": "commit is the commit hash identifying a specific commit", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "committer": { - "description": "committer is the committer of a specific commit", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceControlUser" + "continue": { + "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", + "type": "string" }, - "httpProxy": { - "description": "httpProxy is a proxy used to reach the git repository over http", + "fieldSelector": { + "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", "type": "string" }, - "httpsProxy": { - "description": "httpsProxy is a proxy used to reach the git repository over https", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "message": { - "description": "message is the description of a specific commit", + "labelSelector": { + "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", "type": "string" }, - "noProxy": { - "description": "noProxy is the list of domains for which the proxy should not be used", + "limit": { + "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", + "type": "integer", + "format": "int64" + }, + "resourceVersion": { + "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", "type": "string" }, - "ref": { - "description": "ref is the branch/tag/ref to build.", + "resourceVersionMatch": { + "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", "type": "string" }, - "refs": { - "description": "refs is a list of GitRefs for the provided repo - generally sent when used from a post-receive hook. This field is optional and is used when sending multiple refs", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.GitRefInfo" - } + "sendInitialEvents": { + "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "type": "boolean" }, - "uri": { - "description": "uri points to the source that will be built. The structure of the source will depend on the type of build to run", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.build.v1.GitLabWebHookCause": { - "description": "GitLabWebHookCause has information about a GitLab webhook that triggered a build.", - "type": "object", - "properties": { - "revision": { - "description": "revision is the git source revision information of the trigger.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" + "timeoutSeconds": { + "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", + "type": "integer", + "format": "int64" }, - "secret": { - "description": "secret is the obfuscated webhook secret that triggered a build.", - "type": "string" + "watch": { + "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", + "type": "boolean" } } }, - "com.github.openshift.api.build.v1.GitRefInfo": { - "description": "GitRefInfo is a single ref", + "LoadBalancerIngress.v1.core.api.k8s.io": { + "description": "LoadBalancerIngress represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.", "type": "object", - "required": [ - "uri" - ], "properties": { - "author": { - "description": "author is the author of a specific commit", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceControlUser" - }, - "commit": { - "description": "commit is the commit hash identifying a specific commit", - "type": "string" - }, - "committer": { - "description": "committer is the committer of a specific commit", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceControlUser" - }, - "httpProxy": { - "description": "httpProxy is a proxy used to reach the git repository over http", + "hostname": { + "description": "Hostname is set for load-balancer ingress points that are DNS based (typically AWS load-balancers)", "type": "string" }, - "httpsProxy": { - "description": "httpsProxy is a proxy used to reach the git repository over https", + "ip": { + "description": "IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers)", "type": "string" }, - "message": { - "description": "message is the description of a specific commit", + "ipMode": { + "description": "IPMode specifies how the load-balancer IP behaves, and may only be specified when the ip field is specified. Setting this to \"VIP\" indicates that traffic is delivered to the node with the destination set to the load-balancer's IP and port. Setting this to \"Proxy\" indicates that traffic is delivered to the node or pod with the destination set to the node's IP and node port or the pod's IP and port. Service implementations may use this information to adjust traffic routing.", "type": "string" }, - "noProxy": { - "description": "noProxy is the list of domains for which the proxy should not be used", - "type": "string" - }, - "ref": { - "description": "ref is the branch/tag/ref to build.", - "type": "string" - }, - "uri": { - "description": "uri points to the source that will be built. The structure of the source will depend on the type of build to run", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.build.v1.GitSourceRevision": { - "description": "GitSourceRevision is the commit information from a git source for a build", - "type": "object", - "properties": { - "author": { - "description": "author is the author of a specific commit", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceControlUser" - }, - "commit": { - "description": "commit is the commit hash identifying a specific commit", - "type": "string" - }, - "committer": { - "description": "committer is the committer of a specific commit", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceControlUser" - }, - "message": { - "description": "message is the description of a specific commit", - "type": "string" - } - } - }, - "com.github.openshift.api.build.v1.ImageChangeCause": { - "description": "ImageChangeCause contains information about the image that triggered a build", - "type": "object", - "properties": { - "fromRef": { - "description": "fromRef contains detailed information about an image that triggered a build.", - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" - }, - "imageID": { - "description": "imageID is the ID of the image that triggered a new build.", - "type": "string" - } - } - }, - "com.github.openshift.api.build.v1.ImageChangeTrigger": { - "description": "ImageChangeTrigger allows builds to be triggered when an ImageStream changes", - "type": "object", - "properties": { - "from": { - "description": "from is a reference to an ImageStreamTag that will trigger a build when updated It is optional. If no From is specified, the From image from the build strategy will be used. Only one ImageChangeTrigger with an empty From reference is allowed in a build configuration.", - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" - }, - "lastTriggeredImageID": { - "description": "lastTriggeredImageID is used internally by the ImageChangeController to save last used image ID for build This field is deprecated and will be removed in a future release. Deprecated", - "type": "string" - }, - "paused": { - "description": "paused is true if this trigger is temporarily disabled. Optional.", - "type": "boolean" + "ports": { + "description": "Ports is a list of records of service ports If used, every port defined in the service should have an entry in it", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/PortStatus.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.build.v1.ImageChangeTriggerStatus": { - "description": "ImageChangeTriggerStatus tracks the latest resolved status of the associated ImageChangeTrigger policy specified in the BuildConfigSpec.Triggers struct.", + "LoadBalancerStatus.v1.core.api.k8s.io": { + "description": "LoadBalancerStatus represents the status of a load-balancer.", "type": "object", "properties": { - "from": { - "description": "from is the ImageStreamTag that is the source of the trigger.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageStreamTagReference" - }, - "lastTriggerTime": { - "description": "lastTriggerTime is the last time this particular ImageStreamTag triggered a Build to start. This field is only updated when this trigger specifically started a Build.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "lastTriggeredImageID": { - "description": "lastTriggeredImageID represents the sha/id of the ImageStreamTag when a Build for this BuildConfig was started. The lastTriggeredImageID is updated each time a Build for this BuildConfig is started, even if this ImageStreamTag is not the reason the Build is started.", - "type": "string" + "ingress": { + "description": "Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/LoadBalancerIngress.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.build.v1.ImageLabel": { - "description": "ImageLabel represents a label applied to the resulting image.", + "LocalObjectReference.v1.core.api.k8s.io": { + "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", "type": "object", - "required": [ - "name" - ], "properties": { "name": { - "description": "name defines the name of the label. It must have non-zero length.", + "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string", "default": "" - }, - "value": { - "description": "value defines the literal value of the label.", - "type": "string" } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.build.v1.ImageSource": { - "description": "ImageSource is used to describe build source that will be extracted from an image or used during a multi stage build. A reference of type ImageStreamTag, ImageStreamImage or DockerImage may be used. A pull secret can be specified to pull the image from an external registry or override the default service account secret if pulling from the internal registry. Image sources can either be used to extract content from an image and place it into the build context along with the repository source, or used directly during a multi-stage container image build to allow content to be copied without overwriting the contents of the repository source (see the 'paths' and 'as' fields).", + "LocalSubjectAccessReview.v1.authorization.api.k8s.io": { + "description": "LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.", "type": "object", "required": [ - "from" + "spec" ], "properties": { - "as": { - "description": "A list of image names that this source will be used in place of during a multi-stage container image build. For instance, a Dockerfile that uses \"COPY --from=nginx:latest\" will first check for an image source that has \"nginx:latest\" in this field before attempting to pull directly. If the Dockerfile does not reference an image source it is ignored. This field and paths may both be set, in which case the contents will be used twice.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "from": { - "description": "from is a reference to an ImageStreamTag, ImageStreamImage, or DockerImage to copy source from.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "paths": { - "description": "paths is a list of source and destination paths to copy from the image. This content will be copied into the build context prior to starting the build. If no paths are set, the build context will not be altered.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageSourcePath" - } + "spec": { + "description": "Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace you made the request against. If empty, it is defaulted.", + "default": {}, + "$ref": "#/definitions/SubjectAccessReviewSpec.v1.authorization.api.k8s.io" }, - "pullSecret": { - "description": "pullSecret is a reference to a secret to be used to pull the image from a registry If the image is pulled from the OpenShift registry, this field does not need to be set.", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + "status": { + "description": "Status is filled in by the server and indicates whether the request is allowed or not", + "default": {}, + "$ref": "#/definitions/SubjectAccessReviewStatus.v1.authorization.api.k8s.io" } } }, - "com.github.openshift.api.build.v1.ImageSourcePath": { - "description": "ImageSourcePath describes a path to be copied from a source image and its destination within the build directory.", + "LocalVolumeSource.v1.core.api.k8s.io": { + "description": "Local represents directly-attached storage with node affinity", "type": "object", "required": [ - "sourcePath", - "destinationDir" + "path" ], "properties": { - "destinationDir": { - "description": "destinationDir is the relative directory within the build directory where files copied from the image are placed.", - "type": "string", - "default": "" + "fsType": { + "description": "fsType is the filesystem type to mount. It applies only when the Path is a block device. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default value is to auto-select a filesystem if unspecified.", + "type": "string" }, - "sourcePath": { - "description": "sourcePath is the absolute path of the file or directory inside the image to copy to the build directory. If the source path ends in /. then the content of the directory will be copied, but the directory itself will not be created at the destination.", + "path": { + "description": "path of the full path to the volume on the node. It can be either a directory or block device (disk, partition, ...).", "type": "string", "default": "" } } }, - "com.github.openshift.api.build.v1.ImageStreamTagReference": { - "description": "ImageStreamTagReference references the ImageStreamTag in an image change trigger by namespace and name.", + "ManagedFieldsEntry.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource that the fieldset applies to.", "type": "object", "properties": { - "name": { - "description": "name is the name of the ImageStreamTag for an ImageChangeTrigger", + "apiVersion": { + "description": "APIVersion defines the version of this resource that this field set applies to. The format is \"group/version\" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.", "type": "string" }, - "namespace": { - "description": "namespace is the namespace where the ImageStreamTag for an ImageChangeTrigger is located", + "fieldsType": { + "description": "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"", "type": "string" - } - } - }, - "com.github.openshift.api.build.v1.JenkinsPipelineBuildStrategy": { - "description": "JenkinsPipelineBuildStrategy holds parameters specific to a Jenkins Pipeline build. Deprecated: use OpenShift Pipelines", - "type": "object", - "properties": { - "env": { - "description": "env contains additional environment variables you want to pass into a build pipeline.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" - } }, - "jenkinsfile": { - "description": "jenkinsfile defines the optional raw contents of a Jenkinsfile which defines a Jenkins pipeline build.", - "type": "string" + "fieldsV1": { + "description": "FieldsV1 holds the first JSON version format as described in the \"FieldsV1\" type.", + "$ref": "#/definitions/FieldsV1.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "jenkinsfilePath": { - "description": "jenkinsfilePath is the optional path of the Jenkinsfile that will be used to configure the pipeline relative to the root of the context (contextDir). If both JenkinsfilePath & Jenkinsfile are both not specified, this defaults to Jenkinsfile in the root of the specified contextDir.", - "type": "string" - } - } - }, - "com.github.openshift.api.build.v1.ProxyConfig": { - "description": "ProxyConfig defines what proxies to use for an operation", - "type": "object", - "properties": { - "httpProxy": { - "description": "httpProxy is a proxy used to reach the git repository over http", + "manager": { + "description": "Manager is an identifier of the workflow managing these fields.", "type": "string" }, - "httpsProxy": { - "description": "httpsProxy is a proxy used to reach the git repository over https", + "operation": { + "description": "Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.", "type": "string" }, - "noProxy": { - "description": "noProxy is the list of domains for which the proxy should not be used", + "subresource": { + "description": "Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource.", "type": "string" + }, + "time": { + "description": "Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.build.v1.SecretBuildSource": { - "description": "SecretBuildSource describes a secret and its destination directory that will be used only at the build time. The content of the secret referenced here will be copied into the destination directory instead of mounting.", + "MatchCondition.v1.admissionregistration.api.k8s.io": { + "description": "MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.", "type": "object", "required": [ - "secret" + "name", + "expression" ], "properties": { - "destinationDir": { - "description": "destinationDir is the directory where the files from the secret should be available for the build time. For the Source build strategy, these will be injected into a container where the assemble script runs. Later, when the script finishes, all files injected will be truncated to zero length. For the container image build strategy, these will be copied into the build directory, where the Dockerfile is located, so users can ADD or COPY them during container image build.", - "type": "string" + "expression": { + "description": "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\nRequired.", + "type": "string", + "default": "" }, - "secret": { - "description": "secret is a reference to an existing secret that you want to use in your build.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + "name": { + "description": "Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\nRequired.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.build.v1.SecretLocalReference": { - "description": "SecretLocalReference contains information that points to the local secret being used", + "MatchResources.v1.admissionregistration.api.k8s.io": { + "description": "MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)", "type": "object", - "required": [ - "name" - ], "properties": { - "name": { - "description": "name is the name of the resource in the same namespace being referenced", + "excludeResourceRules": { + "description": "ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/NamedRuleWithOperations.v1.admissionregistration.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" + }, + "matchPolicy": { + "description": "matchPolicy defines how the \"MatchResources\" list is used to match incoming requests. Allowed values are \"Exact\" or \"Equivalent\".\n\n- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.\n\n- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.\n\nDefaults to \"Equivalent\"\n\nPossible enum values:\n - `\"Equivalent\"` means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version.\n - `\"Exact\"` means requests should only be sent to the webhook if they exactly match a given rule.", "type": "string", - "default": "" + "enum": [ + "Equivalent", + "Exact" + ] + }, + "namespaceSelector": { + "description": "NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"runlevel\",\n \"operator\": \"NotIn\",\n \"values\": [\n \"0\",\n \"1\"\n ]\n }\n ]\n}\n\nIf instead you want to only run the policy on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"environment\",\n \"operator\": \"In\",\n \"values\": [\n \"prod\",\n \"staging\"\n ]\n }\n ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything.", + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "objectSelector": { + "description": "ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.", + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "resourceRules": { + "description": "ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/NamedRuleWithOperations.v1.admissionregistration.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.build.v1.SecretSpec": { - "description": "SecretSpec specifies a secret to be included in a build pod and its corresponding mount point", + "MicroTime.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "MicroTime is version of Time with microsecond level precision.", + "type": "string", + "format": "date-time" + }, + "ModifyVolumeStatus.v1.core.api.k8s.io": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation", "type": "object", "required": [ - "secretSource", - "mountPath" + "status" ], "properties": { - "mountPath": { - "description": "mountPath is the path at which to mount the secret", + "status": { + "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.\n\nPossible enum values:\n - `\"InProgress\"` InProgress indicates that the volume is being modified\n - `\"Infeasible\"` Infeasible indicates that the request has been rejected as invalid by the CSI driver. To resolve the error, a valid VolumeAttributesClass needs to be specified\n - `\"Pending\"` Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as the specified VolumeAttributesClass not existing", "type": "string", - "default": "" + "default": "", + "enum": [ + "InProgress", + "Infeasible", + "Pending" + ] }, - "secretSource": { - "description": "secretSource is a reference to the secret", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + "targetVolumeAttributesClassName": { + "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", + "type": "string" } } }, - "com.github.openshift.api.build.v1.SourceBuildStrategy": { - "description": "SourceBuildStrategy defines input parameters specific to an Source build.", + "MutatingWebhook.v1.admissionregistration.api.k8s.io": { + "description": "MutatingWebhook describes an admission webhook and the resources and operations it applies to.", "type": "object", "required": [ - "from" + "name", + "clientConfig", + "sideEffects", + "admissionReviewVersions" ], "properties": { - "env": { - "description": "env contains additional environment variables you want to pass into a builder container.", + "admissionReviewVersions": { + "description": "AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" - } - }, - "forcePull": { - "description": "forcePull describes if the builder should pull the images from registry prior to building.", - "type": "boolean" + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "from": { - "description": "from is reference to an DockerImage, ImageStreamTag, or ImageStreamImage from which the container image should be pulled", + "clientConfig": { + "description": "ClientConfig defines how to communicate with the hook. Required", "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" - }, - "incremental": { - "description": "incremental flag forces the Source build to do incremental builds if true.", - "type": "boolean" - }, - "pullSecret": { - "description": "pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + "$ref": "#/definitions/WebhookClientConfig.v1.admissionregistration.api.k8s.io" }, - "scripts": { - "description": "scripts is the location of Source scripts", - "type": "string" + "failurePolicy": { + "description": "FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.\n\nPossible enum values:\n - `\"Fail\"` means that an error calling the webhook causes the admission to fail.\n - `\"Ignore\"` means that an error calling the webhook is ignored.", + "type": "string", + "enum": [ + "Fail", + "Ignore" + ] }, - "volumes": { - "description": "volumes is a list of input volumes that can be mounted into the builds runtime environment. Only a subset of Kubernetes Volume sources are supported by builds. More info: https://kubernetes.io/docs/concepts/storage/volumes", + "matchConditions": { + "description": "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n 1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n 2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n 3. If any matchCondition evaluates to an error (but none are FALSE):\n - If failurePolicy=Fail, reject the request\n - If failurePolicy=Ignore, the error is ignored and the webhook is skipped", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildVolume" + "$ref": "#/definitions/MatchCondition.v1.admissionregistration.api.k8s.io" }, "x-kubernetes-list-map-keys": [ "name" @@ -4080,192 +4334,220 @@ "x-kubernetes-list-type": "map", "x-kubernetes-patch-merge-key": "name", "x-kubernetes-patch-strategy": "merge" - } - } - }, - "com.github.openshift.api.build.v1.SourceControlUser": { - "description": "SourceControlUser defines the identity of a user of source control", - "type": "object", - "properties": { - "email": { - "description": "email of the source control user", - "type": "string" }, - "name": { - "description": "name of the source control user", - "type": "string" - } - } - }, - "com.github.openshift.api.build.v1.SourceRevision": { - "description": "SourceRevision is the revision or commit information from the source for the build", - "type": "object", - "required": [ - "type" - ], - "properties": { - "git": { - "description": "git contains information about git-based build source", - "$ref": "#/definitions/com.github.openshift.api.build.v1.GitSourceRevision" + "matchPolicy": { + "description": "matchPolicy defines how the \"rules\" list is used to match incoming requests. Allowed values are \"Exact\" or \"Equivalent\".\n\n- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.\n\n- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.\n\nDefaults to \"Equivalent\"\n\nPossible enum values:\n - `\"Equivalent\"` means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version.\n - `\"Exact\"` means requests should only be sent to the webhook if they exactly match a given rule.", + "type": "string", + "enum": [ + "Equivalent", + "Exact" + ] }, - "type": { - "description": "type of the build source, may be one of 'Source', 'Dockerfile', 'Binary', or 'Images'", + "name": { + "description": "The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where \"imagepolicy\" is the name of the webhook, and kubernetes.io is the name of the organization. Required.", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.build.v1.SourceStrategyOptions": { - "description": "SourceStrategyOptions contains extra strategy options for Source builds", - "type": "object", - "properties": { - "incremental": { - "description": "incremental overrides the source-strategy incremental option in the build config", - "type": "boolean" - } - } - }, - "com.github.openshift.api.build.v1.StageInfo": { - "description": "StageInfo contains details about a build stage.", - "type": "object", - "properties": { - "durationMilliseconds": { - "description": "durationMilliseconds identifies how long the stage took to complete in milliseconds. Note: the duration of a stage can exceed the sum of the duration of the steps within the stage as not all actions are accounted for in explicit build steps.", - "type": "integer", - "format": "int64" }, - "name": { - "description": "name is a unique identifier for each build stage that occurs.", - "type": "string" + "namespaceSelector": { + "description": "NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"runlevel\",\n \"operator\": \"NotIn\",\n \"values\": [\n \"0\",\n \"1\"\n ]\n }\n ]\n}\n\nIf instead you want to only run the webhook on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"environment\",\n \"operator\": \"In\",\n \"values\": [\n \"prod\",\n \"staging\"\n ]\n }\n ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything.", + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "startTime": { - "description": "startTime is a timestamp representing the server time when this Stage started. It is represented in RFC3339 form and is in UTC.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "objectSelector": { + "description": "ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.", + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "steps": { - "description": "steps contains details about each step that occurs during a build stage including start time and duration in milliseconds.", + "reinvocationPolicy": { + "description": "reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are \"Never\" and \"IfNeeded\".\n\nNever: the webhook will not be called more than once in a single admission evaluation.\n\nIfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.\n\nDefaults to \"Never\".\n\nPossible enum values:\n - `\"IfNeeded\"` indicates that the mutation may be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial mutation call.\n - `\"Never\"` indicates that the mutation must not be called more than once in a single admission evaluation.", + "type": "string", + "enum": [ + "IfNeeded", + "Never" + ] + }, + "rules": { + "description": "Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.StepInfo" - } - } - } - }, - "com.github.openshift.api.build.v1.StepInfo": { - "description": "StepInfo contains details about a build step.", - "type": "object", - "properties": { - "durationMilliseconds": { - "description": "durationMilliseconds identifies how long the step took to complete in milliseconds.", - "type": "integer", - "format": "int64" + "$ref": "#/definitions/RuleWithOperations.v1.admissionregistration.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "name": { - "description": "name is a unique identifier for each build step.", - "type": "string" + "sideEffects": { + "description": "SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.\n\nPossible enum values:\n - `\"None\"` means that calling the webhook will have no side effects.\n - `\"NoneOnDryRun\"` means that calling the webhook will possibly have side effects, but if the request being reviewed has the dry-run attribute, the side effects will be suppressed.\n - `\"Some\"` means that calling the webhook will possibly have side effects. If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.\n - `\"Unknown\"` means that no information is known about the side effects of calling the webhook. If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.", + "type": "string", + "enum": [ + "None", + "NoneOnDryRun", + "Some", + "Unknown" + ] }, - "startTime": { - "description": "startTime is a timestamp representing the server time when this Step started. it is represented in RFC3339 form and is in UTC.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "timeoutSeconds": { + "description": "TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.", + "type": "integer", + "format": "int32" } } }, - "com.github.openshift.api.build.v1.WebHookTrigger": { - "description": "WebHookTrigger is a trigger that gets invoked using a webhook type of post", + "MutatingWebhookConfiguration.v1.admissionregistration.api.k8s.io": { + "description": "MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.", "type": "object", "properties": { - "allowEnv": { - "description": "allowEnv determines whether the webhook can set environment variables; can only be set to true for GenericWebHook.", - "type": "boolean" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "secret": { - "description": "secret used to validate requests. Deprecated: use SecretReference instead.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "secretReference": { - "description": "secretReference is a reference to a secret in the same namespace, containing the value to be validated when the webhook is invoked. The secret being referenced must contain a key named \"WebHookSecretKey\", the value of which will be checked against the value supplied in the webhook invocation.", - "$ref": "#/definitions/com.github.openshift.api.build.v1.SecretLocalReference" + "metadata": { + "description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "webhooks": { + "description": "Webhooks is a list of webhooks and the affected resources and operations.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/MutatingWebhook.v1.admissionregistration.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" } } }, - "com.github.openshift.api.cloudnetwork.v1.CloudPrivateIPConfig": { - "description": "CloudPrivateIPConfig performs an assignment of a private IP address to the primary NIC associated with cloud VMs. This is done by specifying the IP and Kubernetes node which the IP should be assigned to. This CRD is intended to be used by the network plugin which manages the cluster network. The spec side represents the desired state requested by the network plugin, and the status side represents the current state that this CRD's controller has executed. No users will have permission to modify it, and if a cluster-admin decides to edit it for some reason, their changes will be overwritten the next time the network plugin reconciles the object. Note: the CR's name must specify the requested private IP address (can be IPv4 or IPv6).\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "MutatingWebhookConfigurationList.v1.admissionregistration.api.k8s.io": { + "description": "MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration.", "type": "object", "required": [ - "spec" + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "description": "List of MutatingWebhookConfiguration.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/MutatingWebhookConfiguration.v1.admissionregistration.api.k8s.io" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec is the definition of the desired private IP request.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.cloudnetwork.v1.CloudPrivateIPConfigSpec" - }, - "status": { - "description": "status is the observed status of the desired private IP request. Read-only.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.cloudnetwork.v1.CloudPrivateIPConfigStatus" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.cloudnetwork.v1.CloudPrivateIPConfigSpec": { - "description": "CloudPrivateIPConfigSpec consists of a node name which the private IP should be assigned to.", + "NFSVolumeSource.v1.core.api.k8s.io": { + "description": "Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling.", "type": "object", + "required": [ + "server", + "path" + ], "properties": { - "node": { - "description": "node is the node name, as specified by the Kubernetes field: node.metadata.name", + "path": { + "description": "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "string", + "default": "" + }, + "readOnly": { + "description": "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "type": "boolean" + }, + "server": { + "description": "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", "type": "string", "default": "" } } }, - "com.github.openshift.api.cloudnetwork.v1.CloudPrivateIPConfigStatus": { - "description": "CloudPrivateIPConfigStatus specifies the node assignment together with its assignment condition.", + "NamedRuleWithOperations.v1.admissionregistration.api.k8s.io": { + "description": "NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames.", "type": "object", - "required": [ - "conditions" - ], "properties": { - "conditions": { - "description": "condition is the assignment condition of the private IP and its status", + "apiGroups": { + "description": "APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + "x-kubernetes-list-type": "atomic" }, - "node": { - "description": "node is the node name, as specified by the Kubernetes field: node.metadata.name", + "apiVersions": { + "description": "APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "operations": { + "description": "Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.", + "type": "array", + "items": { + "type": "string", + "default": "", + "enum": [ + "*", + "CONNECT", + "CREATE", + "DELETE", + "UPDATE" + ] + }, + "x-kubernetes-list-type": "atomic" + }, + "resourceNames": { + "description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "description": "Resources is a list of resources this rule applies to.\n\nFor example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.\n\nIf wildcard is present, the validation rule will ensure resources do not overlap with each other.\n\nDepending on the enclosing object, subresources might not be allowed. Required.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "scope": { + "description": "scope specifies the scope of this rule. Valid values are \"Cluster\", \"Namespaced\", and \"*\" \"Cluster\" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. \"Namespaced\" means that only namespaced resources will match this rule. \"*\" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is \"*\".\n\n\nPossible enum values:\n - `\"*\"` means that all scopes are included.\n - `\"Cluster\"` means that scope is limited to cluster-scoped objects. Namespace objects are cluster-scoped.\n - `\"Namespaced\"` means that scope is limited to namespaced objects.", "type": "string", - "default": "" + "enum": [ + "*", + "Cluster", + "Namespaced" + ] } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.config.v1.APIServer": { - "description": "APIServer holds configuration (like serving certificates, client CA and CORS domains) shared by all API servers in the system, among them especially kube-apiserver and openshift-apiserver. The canonical name of an instance is 'cluster'.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "Namespace.v1.core.api.k8s.io": { + "description": "Namespace provides a scope for Names. Use of multiple namespaces is optional.", "type": "object", - "required": [ - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -4276,49 +4558,58 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { - "description": "spec holds user settable values for configuration", + "description": "Spec defines the behavior of the Namespace. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.APIServerSpec" + "$ref": "#/definitions/NamespaceSpec.v1.core.api.k8s.io" }, "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", + "description": "Status describes the current status of a Namespace. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.APIServerStatus" + "$ref": "#/definitions/NamespaceStatus.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.APIServerEncryption": { - "description": "APIServerEncryption is used to encrypt sensitive resources on the cluster.", + "NamespaceCondition.v1.core.api.k8s.io": { + "description": "NamespaceCondition contains details about state of namespace.", "type": "object", + "required": [ + "type", + "status" + ], "properties": { - "kms": { - "description": "kms defines the configuration for the external KMS instance that manages the encryption keys, when KMS encryption is enabled sensitive resources will be encrypted using keys managed by an externally configured KMS instance.\n\nThe Key Management Service (KMS) instance provides symmetric encryption and is responsible for managing the lifecyle of the encryption keys outside of the control plane. This allows integration with an external provider to manage the data encryption keys securely.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.KMSConfig" + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "type": { - "description": "type defines what encryption type should be used to encrypt resources at the datastore layer. When this field is unset (i.e. when it is set to the empty string), identity is implied. The behavior of unset can and will change over time. Even if encryption is enabled by default, the meaning of unset may change to a different encryption type based on changes in best practices.\n\nWhen encryption is enabled, all sensitive resources shipped with the platform are encrypted. This list of sensitive resources can and will change over time. The current authoritative list is:\n\n 1. secrets\n 2. configmaps\n 3. routes.route.openshift.io\n 4. oauthaccesstokens.oauth.openshift.io\n 5. oauthauthorizetokens.oauth.openshift.io", + "message": { + "description": "Human-readable message indicating details about last transition.", "type": "string" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status of the condition, one of True, False, Unknown.", + "type": "string", + "default": "" + }, + "type": { + "description": "Type of namespace controller condition.", + "type": "string", + "default": "" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "kms": "KMS" - } - } - ] + } }, - "com.github.openshift.api.config.v1.APIServerList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "NamespaceList.v1.core.api.k8s.io": { + "description": "NamespaceList is a list of Namespaces.", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -4327,10 +4618,11 @@ "type": "string" }, "items": { + "description": "Items is the list of Namespace objects in the list. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.APIServer" + "$ref": "#/definitions/Namespace.v1.core.api.k8s.io" } }, "kind": { @@ -4338,698 +4630,641 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1.APIServerNamedServingCert": { - "description": "APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate.", + "NamespaceSpec.v1.core.api.k8s.io": { + "description": "NamespaceSpec describes the attributes on a Namespace.", "type": "object", - "required": [ - "servingCertificate" - ], "properties": { - "names": { - "description": "names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.", + "finalizers": { + "description": "Finalizers is an opaque list of values that must be empty to permanently remove object from storage. More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/", "type": "array", "items": { "type": "string", "default": "" }, "x-kubernetes-list-type": "atomic" - }, - "servingCertificate": { - "description": "servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. The secret must exist in the openshift-config namespace and contain the following required fields: - Secret.Data[\"tls.key\"] - TLS private key. - Secret.Data[\"tls.crt\"] - TLS certificate.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" } } }, - "com.github.openshift.api.config.v1.APIServerServingCerts": { + "NamespaceStatus.v1.core.api.k8s.io": { + "description": "NamespaceStatus is information about the current status of a Namespace.", "type": "object", "properties": { - "namedCertificates": { - "description": "namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. If no named certificates are provided, or no named certificates match the server name as understood by a client, the defaultServingCertificate will be used.", + "conditions": { + "description": "Represents the latest available observations of a namespace's current state.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.APIServerNamedServingCert" + "$ref": "#/definitions/NamespaceCondition.v1.core.api.k8s.io" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, + "phase": { + "description": "Phase is the current lifecycle phase of the namespace. More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/\n\nPossible enum values:\n - `\"Active\"` means the namespace is available for use in the system\n - `\"Terminating\"` means the namespace is undergoing graceful termination", + "type": "string", + "enum": [ + "Active", + "Terminating" + ] } } }, - "com.github.openshift.api.config.v1.APIServerSpec": { + "Node.v1.core.api.k8s.io": { + "description": "Node is a worker node in Kubernetes. Each node will have a unique identifier in the cache (i.e. in etcd).", "type": "object", "properties": { - "additionalCORSAllowedOrigins": { - "description": "additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth server from JavaScript applications. The values are regular expressions that correspond to the Golang regular expression language.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "audit": { - "description": "audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Audit" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "clientCA": { - "description": "clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. You usually only have to set this if you have your own PKI you wish to honor client certificates from. The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - ConfigMap.Data[\"ca-bundle.crt\"] - CA bundle.", + "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "encryption": { - "description": "encryption allows the configuration of encryption of resources at the datastore layer.", + "spec": { + "description": "Spec defines the behavior of a node. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.APIServerEncryption" + "$ref": "#/definitions/NodeSpec.v1.core.api.k8s.io" }, - "servingCerts": { - "description": "servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates will be used for serving secure traffic.", + "status": { + "description": "Most recently observed status of the node. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.APIServerServingCerts" - }, - "tlsSecurityProfile": { - "description": "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers.\n\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is the Intermediate profile.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.TLSSecurityProfile" - } - } - }, - "com.github.openshift.api.config.v1.APIServerStatus": { - "type": "object" - }, - "com.github.openshift.api.config.v1.AWSDNSSpec": { - "description": "AWSDNSSpec contains DNS configuration specific to the Amazon Web Services cloud provider.", - "type": "object", - "properties": { - "privateZoneIAMRole": { - "description": "privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed.\n\nThe ARN must follow the format: arn::iam:::role/, where: is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc), is a 12-digit numeric identifier for the AWS account, is the IAM role name.", - "type": "string", - "default": "" + "$ref": "#/definitions/NodeStatus.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.AWSIngressSpec": { - "description": "AWSIngressSpec holds the desired state of the Ingress for Amazon Web Services infrastructure provider. This only includes fields that can be modified in the cluster.", - "type": "object", - "required": [ - "type" - ], - "properties": { - "type": { - "description": "type allows user to set a load balancer type. When this field is set the default ingresscontroller will get created using the specified LBType. If this field is not set then the default ingress controller of LBType Classic will be created. Valid values are:\n\n* \"Classic\": A Classic Load Balancer that makes routing decisions at either\n the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See\n the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb\n\n* \"NLB\": A Network Load Balancer that makes routing decisions at the\n transport layer (TCP/SSL). See the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb", - "type": "string", - "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": {} - } - ] - }, - "com.github.openshift.api.config.v1.AWSKMSConfig": { - "description": "AWSKMSConfig defines the KMS config specific to AWS KMS provider", + "NodeAddress.v1.core.api.k8s.io": { + "description": "NodeAddress contains information for the node's address.", "type": "object", "required": [ - "keyARN", - "region" + "type", + "address" ], "properties": { - "keyARN": { - "description": "keyARN specifies the Amazon Resource Name (ARN) of the AWS KMS key used for encryption. The value must adhere to the format `arn:aws:kms:::key/`, where: - `` is the AWS region consisting of lowercase letters and hyphens followed by a number. - `` is a 12-digit numeric identifier for the AWS account. - `` is a unique identifier for the KMS key, consisting of lowercase hexadecimal characters and hyphens.", + "address": { + "description": "The node address.", "type": "string", "default": "" }, - "region": { - "description": "region specifies the AWS region where the KMS instance exists, and follows the format `--`, e.g.: `us-east-1`. Only lowercase letters and hyphens followed by numbers are allowed.", + "type": { + "description": "Node address type, one of Hostname, ExternalIP or InternalIP.", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.AWSPlatformSpec": { - "description": "AWSPlatformSpec holds the desired state of the Amazon Web Services infrastructure provider. This only includes fields that can be modified in the cluster.", + "NodeAffinity.v1.core.api.k8s.io": { + "description": "Node affinity is a group of node affinity scheduling rules.", "type": "object", "properties": { - "serviceEndpoints": { - "description": "serviceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.", + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSServiceEndpoint" + "$ref": "#/definitions/PreferredSchedulingTerm.v1.core.api.k8s.io" }, "x-kubernetes-list-type": "atomic" + }, + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", + "$ref": "#/definitions/NodeSelector.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.AWSPlatformStatus": { - "description": "AWSPlatformStatus holds the current status of the Amazon Web Services infrastructure provider.", + "NodeCondition.v1.core.api.k8s.io": { + "description": "NodeCondition contains condition information for a node.", "type": "object", "required": [ - "region" + "type", + "status" ], "properties": { - "cloudLoadBalancerConfig": { - "description": "cloudLoadBalancerConfig holds configuration related to DNS and cloud load balancers. It allows configuration of in-cluster DNS as an alternative to the platform default DNS implementation. When using the ClusterHosted DNS type, Load Balancer IP addresses must be provided for the API and internal API load balancers as well as the ingress load balancer.", - "default": { - "dnsType": "PlatformDefault" - }, - "$ref": "#/definitions/com.github.openshift.api.config.v1.CloudLoadBalancerConfig" + "lastHeartbeatTime": { + "description": "Last time we got an update on a given condition.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "ipFamily": { - "description": "ipFamily specifies the IP protocol family that should be used for AWS network resources. This controls whether AWS resources are created with IPv4-only, or dual-stack networking with IPv4 or IPv6 as the primary protocol family.", - "type": "string", - "default": "IPv4" + "lastTransitionTime": { + "description": "Last time the condition transit from one status to another.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "region": { - "description": "region holds the default AWS region for new AWS resources created by the cluster.", - "type": "string", - "default": "" + "message": { + "description": "Human readable message indicating details about last transition.", + "type": "string" }, - "resourceTags": { - "description": "resourceTags is a list of additional tags to apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags available for the user.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSResourceTag" - }, - "x-kubernetes-list-type": "atomic" + "reason": { + "description": "(brief) reason for the condition's last transition.", + "type": "string" }, - "serviceEndpoints": { - "description": "serviceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSServiceEndpoint" - }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "com.github.openshift.api.config.v1.AWSResourceTag": { - "description": "AWSResourceTag is a tag to apply to AWS resources created for the cluster.", - "type": "object", - "required": [ - "key", - "value" - ], - "properties": { - "key": { - "description": "key sets the key of the AWS resource tag key-value pair. Key is required when defining an AWS resource tag. Key should consist of between 1 and 128 characters, and may contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'.", + "status": { + "description": "Status of the condition, one of True, False, Unknown.", "type": "string", "default": "" }, - "value": { - "description": "value sets the value of the AWS resource tag key-value pair. Value is required when defining an AWS resource tag. Value should consist of between 1 and 256 characters, and may contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'. Some AWS service do not support empty values. Since tags are added to resources in many services, the length of the tag value must meet the requirements of all services.", + "type": { + "description": "Type of node condition.", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.AWSServiceEndpoint": { - "description": "AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services.", + "NodeConfigSource.v1.core.api.k8s.io": { + "description": "NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22", "type": "object", - "required": [ - "name", - "url" - ], "properties": { - "name": { - "description": "name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty.", - "type": "string", - "default": "" - }, - "url": { - "description": "url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.", - "type": "string", - "default": "" + "configMap": { + "description": "ConfigMap is a reference to a Node's ConfigMap", + "$ref": "#/definitions/ConfigMapNodeConfigSource.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.AcceptRisk": { - "description": "AcceptRisk represents a risk that is considered acceptable.", + "NodeConfigStatus.v1.core.api.k8s.io": { + "description": "NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource.", "type": "object", - "required": [ - "name" - ], "properties": { - "name": { - "description": "name is the name of the acceptable risk. It must be a non-empty string and must not exceed 256 characters.", + "active": { + "description": "Active reports the checkpointed config the node is actively using. Active will represent either the current version of the Assigned config, or the current LastKnownGood config, depending on whether attempting to use the Assigned config results in an error.", + "$ref": "#/definitions/NodeConfigSource.v1.core.api.k8s.io" + }, + "assigned": { + "description": "Assigned reports the checkpointed config the node will try to use. When Node.Spec.ConfigSource is updated, the node checkpoints the associated config payload to local disk, along with a record indicating intended config. The node refers to this record to choose its config checkpoint, and reports this record in Assigned. Assigned only updates in the status after the record has been checkpointed to disk. When the Kubelet is restarted, it tries to make the Assigned config the Active config by loading and validating the checkpointed payload identified by Assigned.", + "$ref": "#/definitions/NodeConfigSource.v1.core.api.k8s.io" + }, + "error": { + "description": "Error describes any problems reconciling the Spec.ConfigSource to the Active config. Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting to load or validate the Assigned config, etc. Errors may occur at different points while syncing config. Earlier errors (e.g. download or checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error by fixing the config assigned in Spec.ConfigSource. You can find additional information for debugging by searching the error message in the Kubelet log. Error is a human-readable description of the error state; machines can check whether or not Error is empty, but should not rely on the stability of the Error text across Kubelet versions.", "type": "string" + }, + "lastKnownGood": { + "description": "LastKnownGood reports the checkpointed config the node will fall back to when it encounters an error attempting to use the Assigned config. The Assigned config becomes the LastKnownGood config when the node determines that the Assigned config is stable and correct. This is currently implemented as a 10-minute soak period starting when the local record of Assigned config is updated. If the Assigned config is Active at the end of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, because the local default config is always assumed good. You should not make assumptions about the node's method of determining config stability and correctness, as this may change or become configurable in the future.", + "$ref": "#/definitions/NodeConfigSource.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.AdmissionConfig": { + "NodeDaemonEndpoints.v1.core.api.k8s.io": { + "description": "NodeDaemonEndpoints lists ports opened by daemons running on the Node.", "type": "object", "properties": { - "disabledPlugins": { - "description": "disabledPlugins is a list of admission plugins that must be off. Putting something in this list is almost always a mistake and likely to result in cluster instability.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "enabledPlugins": { - "description": "enabledPlugins is a list of admission plugins that must be on in addition to the default list. Some admission plugins are disabled by default, but certain configurations require them. This is fairly uncommon and can result in performance penalties and unexpected behavior.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "pluginConfig": { - "type": "object", - "additionalProperties": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AdmissionPluginConfig" - } + "kubeletEndpoint": { + "description": "Endpoint on which Kubelet is listening.", + "default": {}, + "$ref": "#/definitions/DaemonEndpoint.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.AdmissionPluginConfig": { - "description": "AdmissionPluginConfig holds the necessary configuration options for admission plugins", + "NodeFeatures.v1.core.api.k8s.io": { + "description": "NodeFeatures describes the set of features implemented by the CRI implementation. The features contained in the NodeFeatures should depend only on the cri implementation independent of runtime handlers.", "type": "object", - "required": [ - "location", - "configuration" - ], "properties": { - "configuration": { - "description": "configuration is an embedded configuration object to be used as the plugin's configuration. If present, it will be used instead of the path to the configuration file.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - }, - "location": { - "description": "location is the path to a configuration file that contains the plugin's configuration", - "type": "string", - "default": "" + "supplementalGroupsPolicy": { + "description": "SupplementalGroupsPolicy is set to true if the runtime supports SupplementalGroupsPolicy and ContainerUser.", + "type": "boolean" } } }, - "com.github.openshift.api.config.v1.AlibabaCloudPlatformSpec": { - "description": "AlibabaCloudPlatformSpec holds the desired state of the Alibaba Cloud infrastructure provider. This only includes fields that can be modified in the cluster.", - "type": "object" - }, - "com.github.openshift.api.config.v1.AlibabaCloudPlatformStatus": { - "description": "AlibabaCloudPlatformStatus holds the current status of the Alibaba Cloud infrastructure provider.", + "NodeList.v1.core.api.k8s.io": { + "description": "NodeList is the whole list of all Nodes which have been registered with master.", "type": "object", "required": [ - "region" + "items" ], "properties": { - "region": { - "description": "region specifies the region for Alibaba Cloud resources created for the cluster.", - "type": "string", - "default": "" - }, - "resourceGroupID": { - "description": "resourceGroupID is the ID of the resource group for the cluster.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "resourceTags": { - "description": "resourceTags is a list of additional tags to apply to Alibaba Cloud resources created for the cluster.", + "items": { + "description": "List of nodes", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AlibabaCloudResourceTag" - }, - "x-kubernetes-list-map-keys": [ - "key" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/Node.v1.core.api.k8s.io" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1.AlibabaCloudResourceTag": { - "description": "AlibabaCloudResourceTag is the set of tags to add to apply to resources.", + "NodeProxyOptions.v1.core.api.k8s.io": { + "description": "NodeProxyOptions is the query options to a Node's proxy call.", "type": "object", - "required": [ - "key", - "value" - ], "properties": { - "key": { - "description": "key is the key of the tag.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "value": { - "description": "value is the value of the tag.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "path": { + "description": "Path is the URL path to use for the current proxy request to node.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.Audit": { + "NodeRuntimeHandler.v1.core.api.k8s.io": { + "description": "NodeRuntimeHandler is a set of runtime handler information.", "type": "object", "properties": { - "customRules": { - "description": "customRules specify profiles per group. These profile take precedence over the top-level profile field if they apply. They are evaluation from top to bottom and the first one that matches, applies.", + "features": { + "description": "Supported features.", + "$ref": "#/definitions/NodeRuntimeHandlerFeatures.v1.core.api.k8s.io" + }, + "name": { + "description": "Runtime handler name. Empty for the default runtime handler.", + "type": "string", + "default": "" + } + } + }, + "NodeRuntimeHandlerFeatures.v1.core.api.k8s.io": { + "description": "NodeRuntimeHandlerFeatures is a set of features implemented by the runtime handler.", + "type": "object", + "properties": { + "recursiveReadOnlyMounts": { + "description": "RecursiveReadOnlyMounts is set to true if the runtime handler supports RecursiveReadOnlyMounts.", + "type": "boolean" + }, + "userNamespaces": { + "description": "UserNamespaces is set to true if the runtime handler supports UserNamespaces, including for volumes.", + "type": "boolean" + } + } + }, + "NodeSelector.v1.core.api.k8s.io": { + "description": "A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.", + "type": "object", + "required": [ + "nodeSelectorTerms" + ], + "properties": { + "nodeSelectorTerms": { + "description": "Required. A list of node selector terms. The terms are ORed.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AuditCustomRule" + "$ref": "#/definitions/NodeSelectorTerm.v1.core.api.k8s.io" }, - "x-kubernetes-list-map-keys": [ - "group" - ], - "x-kubernetes-list-type": "map" - }, - "profile": { - "description": "profile specifies the name of the desired top-level audit profile to be applied to all requests sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, openshift-apiserver and oauth-apiserver), with the exception of those requests that match one or more of the customRules.\n\nThe following profiles are provided: - Default: default policy which means MetaData level logging with the exception of events\n (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody\n level).\n- WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens.\n\nWarning: It is not recommended to disable audit logging by using the `None` profile unless you are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. If you disable audit logging and a support situation arises, you might need to enable audit logging and reproduce the issue in order to troubleshoot properly.\n\nIf unset, the 'Default' profile is used as the default.", - "type": "string" + "x-kubernetes-list-type": "atomic" } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.config.v1.AuditConfig": { - "description": "AuditConfig holds configuration for the audit capabilities", + "NodeSelectorRequirement.v1.core.api.k8s.io": { + "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", "type": "object", "required": [ - "enabled", - "auditFilePath", - "maximumFileRetentionDays", - "maximumRetainedFiles", - "maximumFileSizeMegabytes", - "policyFile", - "policyConfiguration", - "logFormat", - "webHookKubeConfig", - "webHookMode" + "key", + "operator" ], "properties": { - "auditFilePath": { - "description": "All requests coming to the apiserver will be logged to this file.", - "type": "string", - "default": "" - }, - "enabled": { - "description": "If this flag is set, audit log will be printed in the logs. The logs contains, method, user and a requested URL.", - "type": "boolean", - "default": false - }, - "logFormat": { - "description": "Format of saved audits (legacy or json).", - "type": "string", - "default": "" - }, - "maximumFileRetentionDays": { - "description": "Maximum number of days to retain old log files based on the timestamp encoded in their filename.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "maximumFileSizeMegabytes": { - "description": "Maximum size in megabytes of the log file before it gets rotated. Defaults to 100MB.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "maximumRetainedFiles": { - "description": "Maximum number of old log files to retain.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "policyConfiguration": { - "description": "policyConfiguration is an embedded policy configuration object to be used as the audit policy configuration. If present, it will be used instead of the path to the policy file.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - }, - "policyFile": { - "description": "policyFile is a path to the file that defines the audit policy configuration.", + "key": { + "description": "The label key that the selector applies to.", "type": "string", "default": "" }, - "webHookKubeConfig": { - "description": "Path to a .kubeconfig formatted file that defines the audit webhook configuration.", + "operator": { + "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.\n\nPossible enum values:\n - `\"DoesNotExist\"`\n - `\"Exists\"`\n - `\"Gt\"`\n - `\"In\"`\n - `\"Lt\"`\n - `\"NotIn\"`", "type": "string", - "default": "" + "default": "", + "enum": [ + "DoesNotExist", + "Exists", + "Gt", + "In", + "Lt", + "NotIn" + ] }, - "webHookMode": { - "description": "Strategy for sending audit events (block or batch).", - "type": "string", - "default": "" + "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.config.v1.AuditCustomRule": { - "description": "AuditCustomRule describes a custom rule for an audit profile that takes precedence over the top-level profile.", + "NodeSelectorTerm.v1.core.api.k8s.io": { + "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", "type": "object", - "required": [ - "group", - "profile" - ], "properties": { - "group": { - "description": "group is a name of group a request user must be member of in order to this profile to apply.", - "type": "string", - "default": "" + "matchExpressions": { + "description": "A list of node selector requirements by node's labels.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/NodeSelectorRequirement.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "profile": { - "description": "profile specifies the name of the desired audit policy configuration to be deployed to all OpenShift-provided API servers in the cluster.\n\nThe following profiles are provided: - Default: the existing default policy. - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens.\n\nIf unset, the 'Default' profile is used as the default.", - "type": "string", - "default": "" + "matchFields": { + "description": "A list of node selector requirements by node's fields.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/NodeSelectorRequirement.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.config.v1.Authentication": { - "description": "Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "NodeSpec.v1.core.api.k8s.io": { + "description": "NodeSpec describes the attributes that a node is created with.", "type": "object", - "required": [ - "spec" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "configSource": { + "description": "Deprecated: Previously used to specify the source of the node's configuration for the DynamicKubeletConfig feature. This feature is removed.", + "$ref": "#/definitions/NodeConfigSource.v1.core.api.k8s.io" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "externalID": { + "description": "Deprecated. Not all kubelets will set this field. Remove field after 1.13. see: https://issues.k8s.io/61966", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "podCIDR": { + "description": "PodCIDR represents the pod IP range assigned to the node.", + "type": "string" }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AuthenticationSpec" + "podCIDRs": { + "description": "podCIDRs represents the IP ranges assigned to the node for usage by Pods on that node. If this field is specified, the 0th entry must match the podCIDR field. It may contain at most 1 value for each of IPv4 and IPv6.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set", + "x-kubernetes-patch-strategy": "merge" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AuthenticationStatus" - } - } - }, - "com.github.openshift.api.config.v1.AuthenticationList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "metadata", - "items" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "providerID": { + "description": "ID of the node assigned by the cloud provider in the format: ://", "type": "string" }, - "items": { + "taints": { + "description": "If specified, the node's taints.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Authentication" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "$ref": "#/definitions/Taint.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "unschedulable": { + "description": "Unschedulable controls node schedulability of new pods. By default, node is schedulable. More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration", + "type": "boolean" } } }, - "com.github.openshift.api.config.v1.AuthenticationSpec": { + "NodeStatus.v1.core.api.k8s.io": { + "description": "NodeStatus is information about the current status of a node.", "type": "object", "properties": { - "oauthMetadata": { - "description": "oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key \"oauthMetadata\" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "addresses": { + "description": "List of addresses reachable to the node. Queried from cloud provider, if available. More info: https://kubernetes.io/docs/reference/node/node-status/#addresses Note: This field is declared as mergeable, but the merge key is not sufficiently unique, which can cause data corruption when it is merged. Callers should instead use a full-replacement patch. See https://pr.k8s.io/79391 for an example. Consumers should assume that addresses can change during the lifetime of a Node. However, there are some exceptions where this may not be possible, such as Pods that inherit a Node's address in its own status or consumers of the downward API (status.hostIP).", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/NodeAddress.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "oidcProviders": { - "description": "oidcProviders are OIDC identity providers that can issue tokens for this cluster Can only be set if \"Type\" is set to \"OIDC\".\n\nAt most one provider can be configured.", + "allocatable": { + "description": "Allocatable represents the resources of a node that are available for scheduling. Defaults to Capacity.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + } + }, + "capacity": { + "description": "Capacity represents the total resources of a node. More info: https://kubernetes.io/docs/reference/node/node-status/#capacity", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + } + }, + "conditions": { + "description": "Conditions is an array of current observed node conditions. More info: https://kubernetes.io/docs/reference/node/node-status/#condition", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OIDCProvider" + "$ref": "#/definitions/NodeCondition.v1.core.api.k8s.io" }, "x-kubernetes-list-map-keys": [ - "name" + "type" ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "serviceAccountIssuer": { - "description": "serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the previous issuer value. Instead, the tokens issued by previous service account issuer will continue to be trusted for a time period chosen by the platform (currently set to 24h). This time period is subject to change over time. This allows internal components to transition to use new service account issuer without service distruption.", - "type": "string", - "default": "" + "config": { + "description": "Status of the config assigned to the node via the dynamic Kubelet config feature.", + "$ref": "#/definitions/NodeConfigStatus.v1.core.api.k8s.io" }, - "type": { - "description": "type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth.", - "type": "string", - "default": "" + "daemonEndpoints": { + "description": "Endpoints of daemons running on the Node.", + "default": {}, + "$ref": "#/definitions/NodeDaemonEndpoints.v1.core.api.k8s.io" }, - "webhookTokenAuthenticator": { - "description": "webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service.\n\nCan only be set if \"Type\" is set to \"None\".", - "$ref": "#/definitions/com.github.openshift.api.config.v1.WebhookTokenAuthenticator" + "declaredFeatures": { + "description": "DeclaredFeatures represents the features related to feature gates that are declared by the node.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "webhookTokenAuthenticators": { - "description": "webhookTokenAuthenticators is DEPRECATED, setting it has no effect.", + "features": { + "description": "Features describes the set of features implemented by the CRI implementation.", + "$ref": "#/definitions/NodeFeatures.v1.core.api.k8s.io" + }, + "images": { + "description": "List of container images on this node", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.DeprecatedWebhookTokenAuthenticator" + "$ref": "#/definitions/ContainerImage.v1.core.api.k8s.io" }, "x-kubernetes-list-type": "atomic" - } - } - }, - "com.github.openshift.api.config.v1.AuthenticationStatus": { - "type": "object", - "properties": { - "integratedOAuthMetadata": { - "description": "integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for the in-cluster integrated OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This contains the observed value based on cluster state. An explicitly set value in spec.oauthMetadata has precedence over this field. This field has no meaning if authentication spec.type is not set to IntegratedOAuth. The key \"oauthMetadata\" is used to locate the data. If the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config-managed.", + }, + "nodeInfo": { + "description": "Set of ids/uuids to uniquely identify the node. More info: https://kubernetes.io/docs/reference/node/node-status/#info", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "$ref": "#/definitions/NodeSystemInfo.v1.core.api.k8s.io" }, - "oidcClients": { - "description": "oidcClients is where participating operators place the current OIDC client status for OIDC clients that can be customized by the cluster-admin.", + "phase": { + "description": "NodePhase is the recently observed lifecycle phase of the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#phase The field is never populated, and now is deprecated.\n\nPossible enum values:\n - `\"Pending\"` means the node has been created/added by the system, but not configured.\n - `\"Running\"` means the node has been configured and has Kubernetes components running.\n - `\"Terminated\"` means the node has been removed from the cluster.", + "type": "string", + "enum": [ + "Pending", + "Running", + "Terminated" + ] + }, + "runtimeHandlers": { + "description": "The available runtime handlers.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OIDCClientStatus" + "$ref": "#/definitions/NodeRuntimeHandler.v1.core.api.k8s.io" }, - "x-kubernetes-list-map-keys": [ - "componentNamespace", - "componentName" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" + }, + "volumesAttached": { + "description": "List of volumes that are attached to the node.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/AttachedVolume.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" + }, + "volumesInUse": { + "description": "List of attachable volumes in use (mounted) by the node.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.config.v1.AzurePlatformSpec": { - "description": "AzurePlatformSpec holds the desired state of the Azure infrastructure provider. This only includes fields that can be modified in the cluster.", - "type": "object" + "NodeSwapStatus.v1.core.api.k8s.io": { + "description": "NodeSwapStatus represents swap memory information.", + "type": "object", + "properties": { + "capacity": { + "description": "Total amount of swap memory in bytes.", + "type": "integer", + "format": "int64" + } + } }, - "com.github.openshift.api.config.v1.AzurePlatformStatus": { - "description": "AzurePlatformStatus holds the current status of the Azure infrastructure provider.", + "NodeSystemInfo.v1.core.api.k8s.io": { + "description": "NodeSystemInfo is a set of ids/uuids to uniquely identify the node.", "type": "object", "required": [ - "resourceGroupName" + "machineID", + "systemUUID", + "bootID", + "kernelVersion", + "osImage", + "containerRuntimeVersion", + "kubeletVersion", + "kubeProxyVersion", + "operatingSystem", + "architecture" ], "properties": { - "armEndpoint": { - "description": "armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack.", - "type": "string" + "architecture": { + "description": "The Architecture reported by the node", + "type": "string", + "default": "" }, - "cloudLoadBalancerConfig": { - "description": "cloudLoadBalancerConfig holds configuration related to DNS and cloud load balancers. It allows configuration of in-cluster DNS as an alternative to the platform default DNS implementation. When using the ClusterHosted DNS type, Load Balancer IP addresses must be provided for the API and internal API load balancers as well as the ingress load balancer.", - "default": { - "dnsType": "PlatformDefault" - }, - "$ref": "#/definitions/com.github.openshift.api.config.v1.CloudLoadBalancerConfig" + "bootID": { + "description": "Boot ID reported by the node.", + "type": "string", + "default": "" }, - "cloudName": { - "description": "cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK with the appropriate Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`.", - "type": "string" + "containerRuntimeVersion": { + "description": "ContainerRuntime Version reported by the node through runtime remote API (e.g. containerd://1.4.2).", + "type": "string", + "default": "" }, - "ipFamily": { - "description": "ipFamily specifies the IP protocol family that should be used for Azure network resources. This controls whether Azure resources are created with IPv4-only, or dual-stack networking with IPv4 or IPv6 as the primary protocol family.", + "kernelVersion": { + "description": "Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64).", "type": "string", - "default": "IPv4" + "default": "" }, - "networkResourceGroupName": { - "description": "networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster. If empty, the value is same as ResourceGroupName.", - "type": "string" + "kubeProxyVersion": { + "description": "Deprecated: KubeProxy Version reported by the node.", + "type": "string", + "default": "" }, - "resourceGroupName": { - "description": "resourceGroupName is the Resource Group for new Azure resources created for the cluster.", + "kubeletVersion": { + "description": "Kubelet Version reported by the node.", "type": "string", "default": "" }, - "resourceTags": { - "description": "resourceTags is a list of additional tags to apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AzureResourceTag" - }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "com.github.openshift.api.config.v1.AzureResourceTag": { - "description": "AzureResourceTag is a tag to apply to Azure resources created for the cluster.", - "type": "object", - "required": [ - "key", - "value" - ], - "properties": { - "key": { - "description": "key is the key part of the tag. A tag key can have a maximum of 128 characters and cannot be empty. Key must begin with a letter, end with a letter, number or underscore, and must contain only alphanumeric characters and the following special characters `_ . -`.", + "machineID": { + "description": "MachineID reported by the node. For unique machine identification in the cluster this field is preferred. Learn more from man(5) machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html", "type": "string", "default": "" }, - "value": { - "description": "value is the value part of the tag. A tag value can have a maximum of 256 characters and cannot be empty. Value must contain only alphanumeric characters and the following special characters `_ + , - . / : ; < = > ? @`.", + "operatingSystem": { + "description": "The Operating System reported by the node", + "type": "string", + "default": "" + }, + "osImage": { + "description": "OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)).", + "type": "string", + "default": "" + }, + "swap": { + "description": "Swap Info reported by the node.", + "$ref": "#/definitions/NodeSwapStatus.v1.core.api.k8s.io" + }, + "systemUUID": { + "description": "SystemUUID reported by the node. For unique machine identification MachineID is preferred. This field is specific to Red Hat hosts https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.BareMetalPlatformLoadBalancer": { - "description": "BareMetalPlatformLoadBalancer defines the load balancer used by the cluster on BareMetal platform.", + "NonResourceAttributes.v1.authorization.api.k8s.io": { + "description": "NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface", "type": "object", "properties": { - "type": { - "description": "type defines the type of load balancer used by the cluster on BareMetal platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", - "type": "string", - "default": "OpenShiftManagedDefault" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": {} + "path": { + "description": "Path is the URL path of the request", + "type": "string" + }, + "verb": { + "description": "Verb is the standard HTTP verb", + "type": "string" } - ] + } }, - "com.github.openshift.api.config.v1.BareMetalPlatformSpec": { - "description": "BareMetalPlatformSpec holds the desired state of the BareMetal infrastructure provider. This only includes fields that can be modified in the cluster.", + "NonResourceRule.v1.authorization.api.k8s.io": { + "description": "NonResourceRule holds information that describes a rule for the non-resource", "type": "object", + "required": [ + "verbs" + ], "properties": { - "apiServerInternalIPs": { - "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "ingressIPs": { - "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", + "nonResourceURLs": { + "description": "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path. \"*\" means all.", "type": "array", "items": { "type": "string", @@ -5037,8 +5272,8 @@ }, "x-kubernetes-list-type": "atomic" }, - "machineNetworks": { - "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example \"10.0.0.0/8\" or \"fd00::/8\".", + "verbs": { + "description": "Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. \"*\" means all.", "type": "array", "items": { "type": "string", @@ -5048,165 +5283,259 @@ } } }, - "com.github.openshift.api.config.v1.BareMetalPlatformStatus": { - "description": "BareMetalPlatformStatus holds the current status of the BareMetal infrastructure provider. For more information about the network architecture used with the BareMetal platform type, see: https://github.com/openshift/installer/blob/master/docs/design/baremetal/networking-infrastructure.md", + "ObjectFieldSelector.v1.core.api.k8s.io": { + "description": "ObjectFieldSelector selects an APIVersioned field of an object.", "type": "object", "required": [ - "apiServerInternalIPs", - "ingressIPs" + "fieldPath" ], "properties": { - "apiServerInternalIP": { - "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", + "apiVersion": { + "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", "type": "string" }, - "apiServerInternalIPs": { - "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", + "fieldPath": { + "description": "Path of the field to select in the specified API version.", + "type": "string", + "default": "" + } + }, + "x-kubernetes-map-type": "atomic" + }, + "ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.", + "type": "object", + "properties": { + "annotations": { + "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "creationTimestamp": { + "description": "CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "deletionGracePeriodSeconds": { + "description": "Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.", + "type": "integer", + "format": "int64" + }, + "deletionTimestamp": { + "description": "DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "finalizers": { + "description": "Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.", "type": "array", "items": { "type": "string", "default": "" }, - "x-kubernetes-list-type": "atomic" - }, - "dnsRecordsType": { - "description": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.\n\nPossible enum values:\n - `\"External\"`\n - `\"Internal\"`", - "type": "string", - "enum": [ - "External", - "Internal" - ] + "x-kubernetes-list-type": "set", + "x-kubernetes-patch-strategy": "merge" }, - "ingressIP": { - "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", + "generateName": { + "description": "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will return a 409.\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", "type": "string" }, - "ingressIPs": { - "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", - "type": "array", - "items": { + "generation": { + "description": "A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.", + "type": "integer", + "format": "int64" + }, + "labels": { + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels", + "type": "object", + "additionalProperties": { "type": "string", "default": "" + } + }, + "managedFields": { + "description": "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/ManagedFieldsEntry.v1.meta.apis.pkg.apimachinery.k8s.io" }, "x-kubernetes-list-type": "atomic" }, - "loadBalancer": { - "description": "loadBalancer defines how the load balancer used by the cluster is configured.", - "default": { - "type": "OpenShiftManagedDefault" - }, - "$ref": "#/definitions/com.github.openshift.api.config.v1.BareMetalPlatformLoadBalancer" + "name": { + "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names", + "type": "string" }, - "machineNetworks": { - "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", + "namespace": { + "description": "Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces", + "type": "string" + }, + "ownerReferences": { + "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "uid" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "uid", + "x-kubernetes-patch-strategy": "merge" }, - "nodeDNSIP": { - "description": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", + "resourceVersion": { + "description": "An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "selfLink": { + "description": "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.", + "type": "string" + }, + "uid": { + "description": "UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", "type": "string" } } }, - "com.github.openshift.api.config.v1.BasicAuthIdentityProvider": { - "description": "BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials", + "ObjectReference.v1.core.api.k8s.io": { + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "type": "object", + "properties": { + "apiVersion": { + "description": "API version of the referent.", + "type": "string" + }, + "fieldPath": { + "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.", + "type": "string" + }, + "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + }, + "namespace": { + "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", + "type": "string" + }, + "resourceVersion": { + "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", + "type": "string" + }, + "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "type": "string" + } + }, + "x-kubernetes-map-type": "atomic" + }, + "OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.", "type": "object", "required": [ - "url" + "apiVersion", + "kind", + "name", + "uid" ], "properties": { - "ca": { - "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "apiVersion": { + "description": "API version of the referent.", + "type": "string", + "default": "" }, - "tlsClientCert": { - "description": "tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key \"tls.crt\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "blockOwnerDeletion": { + "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs \"delete\" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.", + "type": "boolean" }, - "tlsClientKey": { - "description": "tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key \"tls.key\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "controller": { + "description": "If true, this reference points to the managing controller.", + "type": "boolean" }, - "url": { - "description": "url is the remote URL to connect to", + "kind": { + "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string", + "default": "" + }, + "name": { + "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names", + "type": "string", + "default": "" + }, + "uid": { + "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", "type": "string", "default": "" } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.config.v1.Build": { - "description": "Build configures the behavior of OpenShift builds for the entire cluster. This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds.\n\nThe canonical name is \"cluster\"\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "ParamKind.v1.admissionregistration.api.k8s.io": { + "description": "ParamKind is a tuple of Group Kind and Version.", "type": "object", - "required": [ - "spec" - ], "properties": { "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": "APIVersion is the API group version the resources belong to. In format of \"group/version\". Required.", "type": "string" }, "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "Kind is the API kind the resources belong to. Required.", "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec holds user-settable values for the build controller configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.BuildSpec" } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.config.v1.BuildDefaults": { + "ParamRef.v1.admissionregistration.api.k8s.io": { + "description": "ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding.", "type": "object", "properties": { - "defaultProxy": { - "description": "defaultProxy contains the default proxy settings for all build operations, including image pull/push and source download.\n\nValues can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables in the build config's strategy.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.ProxySpec" + "name": { + "description": "name is the name of the resource being referenced.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.\n\nA single parameter used for all admission requests can be configured by setting the `name` field, leaving `selector` blank, and setting namespace if `paramKind` is namespace-scoped.", + "type": "string" }, - "env": { - "description": "env is a set of default environment variables that will be applied to the build if the specified variables do not exist on the build", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" - } + "namespace": { + "description": "namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.\n\nA per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.\n\n- If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.", + "type": "string" }, - "gitProxy": { - "description": "gitProxy contains the proxy settings for git operations only. If set, this will override any Proxy settings for all git commands, such as git clone.\n\nValues that are not set here will be inherited from DefaultProxy.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.ProxySpec" + "parameterNotFoundAction": { + "description": "`parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.\n\nAllowed values are `Allow` or `Deny`\n\nRequired", + "type": "string" }, - "imageLabels": { - "description": "imageLabels is a list of docker labels that are applied to the resulting image. User can override a default label by providing a label with the same name in their Build/BuildConfig.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageLabel" - } + "selector": { + "description": "selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.\n\nIf multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.", + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + } + }, + "x-kubernetes-map-type": "atomic" + }, + "PartialObjectMetadata.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "PartialObjectMetadata is a generic representation of any object with ObjectMeta. It allows clients to get access to a particular ObjectMeta schema without knowing the details of the version.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "resources": { - "description": "resources defines resource requirements to execute the build.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1.BuildList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "PartialObjectMetadataList.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "PartialObjectMetadataList contains a list of objects containing only their metadata", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -5215,10 +5544,11 @@ "type": "string" }, "items": { + "description": "items contains each of the included items.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Build" + "$ref": "#/definitions/PartialObjectMetadata.v1.meta.apis.pkg.apimachinery.k8s.io" } }, "kind": { @@ -5226,364 +5556,356 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1.BuildOverrides": { + "Patch.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "Patch is provided to give a concrete name and type to the Kubernetes PATCH request body.", + "type": "object" + }, + "PatchOptions.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "PatchOptions may be provided when patching an API object. PatchOptions is meant to be a superset of UpdateOptions.", "type": "object", "properties": { - "forcePull": { - "description": "forcePull overrides, if set, the equivalent value in the builds, i.e. false disables force pull for all builds, true enables force pull for all builds, independently of what each build specifies itself", - "type": "boolean" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "imageLabels": { - "description": "imageLabels is a list of docker labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten.", + "dryRun": { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageLabel" - } - }, - "nodeSelector": { - "description": "nodeSelector is a selector which must be true for the build pod to fit on a node", - "type": "object", - "additionalProperties": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" }, - "tolerations": { - "description": "tolerations is a list of Tolerations that will override any existing tolerations set on a build pod.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" - } + "fieldManager": { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", + "type": "string" + }, + "fieldValidation": { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "type": "string" + }, + "force": { + "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", + "type": "boolean" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" } } }, - "com.github.openshift.api.config.v1.BuildSpec": { + "PersistentVolume.v1.core.api.k8s.io": { + "description": "PersistentVolume (PV) is a storage resource provisioned by an administrator. It is analogous to a node. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes", "type": "object", "properties": { - "additionalTrustedCA": { - "description": "additionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted for image pushes and pulls during builds. The namespace for this config map is openshift-config.\n\nDEPRECATED: Additional CAs for image pull and push should be set on image.config.openshift.io/cluster instead.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "buildDefaults": { - "description": "buildDefaults controls the default information for Builds", + "spec": { + "description": "spec defines a specification of a persistent volume owned by the cluster. Provisioned by an administrator. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.BuildDefaults" + "$ref": "#/definitions/PersistentVolumeSpec.v1.core.api.k8s.io" }, - "buildOverrides": { - "description": "buildOverrides controls override settings for builds", + "status": { + "description": "status represents the current information/status for the persistent volume. Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.BuildOverrides" + "$ref": "#/definitions/PersistentVolumeStatus.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.CertInfo": { - "description": "CertInfo relates a certificate with a private key", + "PersistentVolumeClaim.v1.core.api.k8s.io": { + "description": "PersistentVolumeClaim is a user's request for and claim to a persistent volume", "type": "object", - "required": [ - "certFile", - "keyFile" - ], "properties": { - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "default": {}, + "$ref": "#/definitions/PersistentVolumeClaimSpec.v1.core.api.k8s.io" + }, + "status": { + "description": "status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "default": {}, + "$ref": "#/definitions/PersistentVolumeClaimStatus.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.ClientConnectionOverrides": { + "PersistentVolumeClaimCondition.v1.core.api.k8s.io": { + "description": "PersistentVolumeClaimCondition contains details about state of pvc", "type": "object", "required": [ - "acceptContentTypes", - "contentType", - "qps", - "burst" + "type", + "status" ], "properties": { - "acceptContentTypes": { - "description": "acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the default value of 'application/json'. This field will control all connections to the server used by a particular client.", - "type": "string", - "default": "" + "lastProbeTime": { + "description": "lastProbeTime is the time we probed the condition.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "burst": { - "description": "burst allows extra queries to accumulate when a client is exceeding its rate.", - "type": "integer", - "format": "int32", - "default": 0 + "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "contentType": { - "description": "contentType is the content type used when sending data to the server from this client.", - "type": "string", - "default": "" + "message": { + "description": "message is the human-readable message indicating details about last transition.", + "type": "string" }, - "qps": { - "description": "qps controls the number of queries per second allowed for this connection.", - "type": "number", - "format": "float", - "default": 0 - } - } - }, - "com.github.openshift.api.config.v1.CloudControllerManagerStatus": { - "description": "CloudControllerManagerStatus holds the state of Cloud Controller Manager (a.k.a. CCM or CPI) related settings", - "type": "object", - "properties": { - "state": { - "description": "state determines whether or not an external Cloud Controller Manager is expected to be installed within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager\n\nValid values are \"External\", \"None\" and omitted. When set to \"External\", new nodes will be tainted as uninitialized when created, preventing them from running workloads until they are initialized by the cloud controller manager. When omitted or set to \"None\", new nodes will be not tainted and no extra initialization from the cloud controller manager is expected.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.config.v1.CloudLoadBalancerConfig": { - "description": "CloudLoadBalancerConfig contains an union discriminator indicating the type of DNS solution in use within the cluster. When the DNSType is `ClusterHosted`, the cloud's Load Balancer configuration needs to be provided so that the DNS solution hosted within the cluster can be configured with those values.", - "type": "object", - "properties": { - "clusterHosted": { - "description": "clusterHosted holds the IP addresses of API, API-Int and Ingress Load Balancers on Cloud Platforms. The DNS solution hosted within the cluster use these IP addresses to provide resolution for API, API-Int and Ingress services.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.CloudLoadBalancerIPs" + "reason": { + "description": "reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports \"Resizing\" that means the underlying persistent volume is being resized.", + "type": "string" }, - "dnsType": { - "description": "dnsType indicates the type of DNS solution in use within the cluster. Its default value of `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform. It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode, the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed. The cluster's use of the cloud's Load Balancers is unaffected by this setting. The value is immutable after it has been set at install time. Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS. Enabling this functionality allows the user to start their own DNS solution outside the cluster after installation is complete. The customer would be responsible for configuring this custom DNS solution, and it can be run in addition to the in-cluster DNS solution.", + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown. More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", "type": "string", - "default": "PlatformDefault" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "dnsType", - "fields-to-discriminateBy": { - "clusterHosted": "ClusterHosted" - } - } - ] - }, - "com.github.openshift.api.config.v1.CloudLoadBalancerIPs": { - "description": "CloudLoadBalancerIPs contains the Load Balancer IPs for the cloud's API, API-Int and Ingress Load balancers. They will be populated as soon as the respective Load Balancers have been configured. These values are utilized to configure the DNS solution hosted within the cluster.", - "type": "object", - "properties": { - "apiIntLoadBalancerIPs": { - "description": "apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service. These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses. Entries in the apiIntLoadBalancerIPs must be unique. A maximum of 16 IP addresses are permitted.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" - }, - "apiLoadBalancerIPs": { - "description": "apiLoadBalancerIPs holds Load Balancer IPs for the API service. These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses. Could be empty for private clusters. Entries in the apiLoadBalancerIPs must be unique. A maximum of 16 IP addresses are permitted.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" - }, - "ingressLoadBalancerIPs": { - "description": "ingressLoadBalancerIPs holds IPs for Ingress Load Balancers. These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses. Entries in the ingressLoadBalancerIPs must be unique. A maximum of 16 IP addresses are permitted.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" - } - } - }, - "com.github.openshift.api.config.v1.ClusterCondition": { - "description": "ClusterCondition is a union of typed cluster conditions. The 'type' property determines which of the type-specific properties are relevant. When evaluated on a cluster, the condition may match, not match, or fail to evaluate.", - "type": "object", - "required": [ - "type" - ], - "properties": { - "promql": { - "description": "promql represents a cluster condition based on PromQL.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.PromQLClusterCondition" + "default": "" }, "type": { - "description": "type represents the cluster-condition type. This defines the members and semantics of any additional properties.", + "description": "Type is the type of the condition. More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.ClusterImagePolicy": { - "description": "ClusterImagePolicy holds cluster-wide configuration for image signature verification\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "PersistentVolumeClaimList.v1.core.api.k8s.io": { + "description": "PersistentVolumeClaimList is a list of PersistentVolumeClaim items.", "type": "object", "required": [ - "spec" + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "description": "items is a list of persistent volume claims. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/PersistentVolumeClaim.v1.core.api.k8s.io" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec contains the configuration for the cluster image policy.", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterImagePolicySpec" - }, - "status": { - "description": "status contains the observed state of the resource.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterImagePolicyStatus" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1.ClusterImagePolicyList": { - "description": "ClusterImagePolicyList is a list of ClusterImagePolicy resources\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "PersistentVolumeClaimSpec.v1.core.api.k8s.io": { + "description": "PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes", "type": "object", - "required": [ - "metadata", - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is a list of ClusterImagePolices", + "accessModes": { + "description": "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterImagePolicy" - } + "type": "string", + "default": "", + "enum": [ + "ReadOnlyMany", + "ReadWriteMany", + "ReadWriteOnce", + "ReadWriteOncePod" + ] + }, + "x-kubernetes-list-type": "atomic" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "dataSource": { + "description": "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.", + "$ref": "#/definitions/TypedLocalObjectReference.v1.core.api.k8s.io" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "dataSourceRef": { + "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "$ref": "#/definitions/TypedObjectReference.v1.core.api.k8s.io" + }, + "resources": { + "description": "resources represents the minimum resources the volume should have. Users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/VolumeResourceRequirements.v1.core.api.k8s.io" + }, + "selector": { + "description": "selector is a label query over volumes to consider for binding.", + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "storageClassName": { + "description": "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "type": "string" + }, + "volumeAttributesClassName": { + "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string or nil value indicates that no VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.\n\nPossible enum values:\n - `\"Block\"` means the volume will not be formatted with a filesystem and will remain a raw block device.\n - `\"Filesystem\"` means the volume will be or is formatted with a filesystem.", + "type": "string", + "enum": [ + "Block", + "Filesystem" + ] + }, + "volumeName": { + "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.ClusterImagePolicySpec": { - "description": "CLusterImagePolicySpec is the specification of the ClusterImagePolicy custom resource.", + "PersistentVolumeClaimStatus.v1.core.api.k8s.io": { + "description": "PersistentVolumeClaimStatus is the current status of a persistent volume claim.", "type": "object", - "required": [ - "scopes", - "policy" - ], "properties": { - "policy": { - "description": "policy is a required field that contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy" - }, - "scopes": { - "description": "scopes is a required field that defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. This support no more than 256 scopes in one object. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", + "accessModes": { + "description": "accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", "type": "array", "items": { "type": "string", - "default": "" + "default": "", + "enum": [ + "ReadOnlyMany", + "ReadWriteMany", + "ReadWriteOnce", + "ReadWriteOncePod" + ] }, - "x-kubernetes-list-type": "set" - } - } - }, - "com.github.openshift.api.config.v1.ClusterImagePolicyStatus": { - "type": "object", - "properties": { + "x-kubernetes-list-type": "atomic" + }, + "allocatedResourceStatuses": { + "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "", + "enum": [ + "ControllerResizeInProgress", + "ControllerResizeInfeasible", + "NodeResizeInProgress", + "NodeResizeInfeasible", + "NodeResizePending" + ] + }, + "x-kubernetes-map-type": "granular" + }, + "allocatedResources": { + "description": "allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + } + }, + "capacity": { + "description": "capacity represents the actual resources of the underlying volume.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + } + }, "conditions": { - "description": "conditions provide details on the status of this API Resource.", + "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'Resizing'.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "$ref": "#/definitions/PersistentVolumeClaimCondition.v1.core.api.k8s.io" }, "x-kubernetes-list-map-keys": [ "type" ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, + "currentVolumeAttributesClassName": { + "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim", + "type": "string" + }, + "modifyVolumeStatus": { + "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted.", + "$ref": "#/definitions/ModifyVolumeStatus.v1.core.api.k8s.io" + }, + "phase": { + "description": "phase represents the current phase of PersistentVolumeClaim.\n\nPossible enum values:\n - `\"Bound\"` used for PersistentVolumeClaims that are bound\n - `\"Lost\"` used for PersistentVolumeClaims that lost their underlying PersistentVolume. The claim was bound to a PersistentVolume and this volume does not exist any longer and all data on it was lost.\n - `\"Pending\"` used for PersistentVolumeClaims that are not yet bound", + "type": "string", + "enum": [ + "Bound", + "Lost", + "Pending" + ] } } }, - "com.github.openshift.api.config.v1.ClusterNetworkEntry": { - "description": "ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated.", + "PersistentVolumeClaimTemplate.v1.core.api.k8s.io": { + "description": "PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim objects as part of an EphemeralVolumeSource.", "type": "object", "required": [ - "cidr" + "spec" ], "properties": { - "cidr": { - "description": "The complete block for pod IPs.", - "type": "string", - "default": "" + "metadata": { + "description": "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "hostPrefix": { - "description": "The size (prefix) of block to allocate to each node. If this field is not used by the plugin, it can be left unset.", - "type": "integer", - "format": "int64" + "spec": { + "description": "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.", + "default": {}, + "$ref": "#/definitions/PersistentVolumeClaimSpec.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.ClusterOperator": { - "description": "ClusterOperator holds the status of a core or optional OpenShift component managed by the Cluster Version Operator (CVO). This object is used by operators to convey their state to the rest of the cluster. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "PersistentVolumeClaimVolumeSource.v1.core.api.k8s.io": { + "description": "PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system).", "type": "object", "required": [ - "metadata", - "spec" + "claimName" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec holds configuration that could apply to any operator.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterOperatorSpec" + "claimName": { + "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "type": "string", + "default": "" }, - "status": { - "description": "status holds the information about the state of an operator. It is consistent with status information across the Kubernetes ecosystem.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterOperatorStatus" + "readOnly": { + "description": "readOnly Will force the ReadOnly setting in VolumeMounts. Default false.", + "type": "boolean" } } }, - "com.github.openshift.api.config.v1.ClusterOperatorList": { - "description": "ClusterOperatorList is a list of OperatorStatus resources.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "PersistentVolumeList.v1.core.api.k8s.io": { + "description": "PersistentVolumeList is a list of PersistentVolume items.", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -5592,10 +5914,11 @@ "type": "string" }, "items": { + "description": "items is a list of persistent volumes. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterOperator" + "$ref": "#/definitions/PersistentVolume.v1.core.api.k8s.io" } }, "kind": { @@ -5603,95 +5926,315 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1.ClusterOperatorSpec": { - "description": "ClusterOperatorSpec is empty for now, but you could imagine holding information like \"pause\".", - "type": "object" + "PersistentVolumeSource.v1.core.api.k8s.io": { + "description": "PersistentVolumeSource is similar to VolumeSource but meant for the administrator who creates PVs. Exactly one of its members must be set.", + "type": "object", + "properties": { + "awsElasticBlockStore": { + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "$ref": "#/definitions/AWSElasticBlockStoreVolumeSource.v1.core.api.k8s.io" + }, + "azureDisk": { + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver.", + "$ref": "#/definitions/AzureDiskVolumeSource.v1.core.api.k8s.io" + }, + "azureFile": { + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver.", + "$ref": "#/definitions/AzureFilePersistentVolumeSource.v1.core.api.k8s.io" + }, + "cephfs": { + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", + "$ref": "#/definitions/CephFSPersistentVolumeSource.v1.core.api.k8s.io" + }, + "cinder": { + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "$ref": "#/definitions/CinderPersistentVolumeSource.v1.core.api.k8s.io" + }, + "csi": { + "description": "csi represents storage that is handled by an external CSI driver.", + "$ref": "#/definitions/CSIPersistentVolumeSource.v1.core.api.k8s.io" + }, + "fc": { + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", + "$ref": "#/definitions/FCVolumeSource.v1.core.api.k8s.io" + }, + "flexVolume": { + "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", + "$ref": "#/definitions/FlexPersistentVolumeSource.v1.core.api.k8s.io" + }, + "flocker": { + "description": "flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", + "$ref": "#/definitions/FlockerVolumeSource.v1.core.api.k8s.io" + }, + "gcePersistentDisk": { + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "$ref": "#/definitions/GCEPersistentDiskVolumeSource.v1.core.api.k8s.io" + }, + "glusterfs": { + "description": "glusterfs represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md", + "$ref": "#/definitions/GlusterfsPersistentVolumeSource.v1.core.api.k8s.io" + }, + "hostPath": { + "description": "hostPath represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "$ref": "#/definitions/HostPathVolumeSource.v1.core.api.k8s.io" + }, + "iscsi": { + "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin.", + "$ref": "#/definitions/ISCSIPersistentVolumeSource.v1.core.api.k8s.io" + }, + "local": { + "description": "local represents directly-attached storage with node affinity", + "$ref": "#/definitions/LocalVolumeSource.v1.core.api.k8s.io" + }, + "nfs": { + "description": "nfs represents an NFS mount on the host. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "$ref": "#/definitions/NFSVolumeSource.v1.core.api.k8s.io" + }, + "photonPersistentDisk": { + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", + "$ref": "#/definitions/PhotonPersistentDiskVolumeSource.v1.core.api.k8s.io" + }, + "portworxVolume": { + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on.", + "$ref": "#/definitions/PortworxVolumeSource.v1.core.api.k8s.io" + }, + "quobyte": { + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", + "$ref": "#/definitions/QuobyteVolumeSource.v1.core.api.k8s.io" + }, + "rbd": { + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md", + "$ref": "#/definitions/RBDPersistentVolumeSource.v1.core.api.k8s.io" + }, + "scaleIO": { + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", + "$ref": "#/definitions/ScaleIOPersistentVolumeSource.v1.core.api.k8s.io" + }, + "storageos": { + "description": "storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. More info: https://examples.k8s.io/volumes/storageos/README.md", + "$ref": "#/definitions/StorageOSPersistentVolumeSource.v1.core.api.k8s.io" + }, + "vsphereVolume": { + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver.", + "$ref": "#/definitions/VsphereVirtualDiskVolumeSource.v1.core.api.k8s.io" + } + } }, - "com.github.openshift.api.config.v1.ClusterOperatorStatus": { - "description": "ClusterOperatorStatus provides information about the status of the operator.", + "PersistentVolumeSpec.v1.core.api.k8s.io": { + "description": "PersistentVolumeSpec is the specification of a persistent volume.", "type": "object", "properties": { - "conditions": { - "description": "conditions describes the state of the operator's managed and monitored components.", + "accessModes": { + "description": "accessModes contains all ways the volume can be mounted. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterOperatorStatusCondition" + "type": "string", + "default": "", + "enum": [ + "ReadOnlyMany", + "ReadWriteMany", + "ReadWriteOnce", + "ReadWriteOncePod" + ] }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + "x-kubernetes-list-type": "atomic" }, - "extension": { - "description": "extension contains any additional status information specific to the operator which owns this status object.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "awsElasticBlockStore": { + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "$ref": "#/definitions/AWSElasticBlockStoreVolumeSource.v1.core.api.k8s.io" }, - "relatedObjects": { - "description": "relatedObjects is a list of objects that are \"interesting\" or related to this operator. Common uses are: 1. the detailed resource driving the operator 2. operator namespaces 3. operand namespaces", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ObjectReference" + "azureDisk": { + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver.", + "$ref": "#/definitions/AzureDiskVolumeSource.v1.core.api.k8s.io" + }, + "azureFile": { + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver.", + "$ref": "#/definitions/AzureFilePersistentVolumeSource.v1.core.api.k8s.io" + }, + "capacity": { + "description": "capacity is the description of the persistent volume's resources and capacity. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" } }, - "versions": { - "description": "versions is a slice of operator and operand version tuples. Operators which manage multiple operands will have multiple operand entries in the array. Available operators must report the version of the operator itself with the name \"operator\". An operator reports a new \"operator\" version when it has rolled out the new version to all of its operands.", + "cephfs": { + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", + "$ref": "#/definitions/CephFSPersistentVolumeSource.v1.core.api.k8s.io" + }, + "cinder": { + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "$ref": "#/definitions/CinderPersistentVolumeSource.v1.core.api.k8s.io" + }, + "claimRef": { + "description": "claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. claim.VolumeName is the authoritative bind between PV and PVC. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding", + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io", + "x-kubernetes-map-type": "granular" + }, + "csi": { + "description": "csi represents storage that is handled by an external CSI driver.", + "$ref": "#/definitions/CSIPersistentVolumeSource.v1.core.api.k8s.io" + }, + "fc": { + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", + "$ref": "#/definitions/FCVolumeSource.v1.core.api.k8s.io" + }, + "flexVolume": { + "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", + "$ref": "#/definitions/FlexPersistentVolumeSource.v1.core.api.k8s.io" + }, + "flocker": { + "description": "flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", + "$ref": "#/definitions/FlockerVolumeSource.v1.core.api.k8s.io" + }, + "gcePersistentDisk": { + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "$ref": "#/definitions/GCEPersistentDiskVolumeSource.v1.core.api.k8s.io" + }, + "glusterfs": { + "description": "glusterfs represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md", + "$ref": "#/definitions/GlusterfsPersistentVolumeSource.v1.core.api.k8s.io" + }, + "hostPath": { + "description": "hostPath represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "$ref": "#/definitions/HostPathVolumeSource.v1.core.api.k8s.io" + }, + "iscsi": { + "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin.", + "$ref": "#/definitions/ISCSIPersistentVolumeSource.v1.core.api.k8s.io" + }, + "local": { + "description": "local represents directly-attached storage with node affinity", + "$ref": "#/definitions/LocalVolumeSource.v1.core.api.k8s.io" + }, + "mountOptions": { + "description": "mountOptions is the list of mount options, e.g. [\"ro\", \"soft\"]. Not validated - mount will simply fail if one is invalid. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OperandVersion" - } + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "nfs": { + "description": "nfs represents an NFS mount on the host. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "$ref": "#/definitions/NFSVolumeSource.v1.core.api.k8s.io" + }, + "nodeAffinity": { + "description": "nodeAffinity defines constraints that limit what nodes this volume can be accessed from. This field influences the scheduling of pods that use this volume. This field is mutable if MutablePVNodeAffinity feature gate is enabled.", + "$ref": "#/definitions/VolumeNodeAffinity.v1.core.api.k8s.io" + }, + "persistentVolumeReclaimPolicy": { + "description": "persistentVolumeReclaimPolicy defines what happens to a persistent volume when released from its claim. Valid options are Retain (default for manually created PersistentVolumes), Delete (default for dynamically provisioned PersistentVolumes), and Recycle (deprecated). Recycle must be supported by the volume plugin underlying this PersistentVolume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming\n\nPossible enum values:\n - `\"Delete\"` means the volume will be deleted from Kubernetes on release from its claim. The volume plugin must support Deletion.\n - `\"Recycle\"` means the volume will be recycled back into the pool of unbound persistent volumes on release from its claim. The volume plugin must support Recycling.\n - `\"Retain\"` means the volume will be left in its current phase (Released) for manual reclamation by the administrator. The default policy is Retain.", + "type": "string", + "enum": [ + "Delete", + "Recycle", + "Retain" + ] + }, + "photonPersistentDisk": { + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", + "$ref": "#/definitions/PhotonPersistentDiskVolumeSource.v1.core.api.k8s.io" + }, + "portworxVolume": { + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on.", + "$ref": "#/definitions/PortworxVolumeSource.v1.core.api.k8s.io" + }, + "quobyte": { + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", + "$ref": "#/definitions/QuobyteVolumeSource.v1.core.api.k8s.io" + }, + "rbd": { + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md", + "$ref": "#/definitions/RBDPersistentVolumeSource.v1.core.api.k8s.io" + }, + "scaleIO": { + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", + "$ref": "#/definitions/ScaleIOPersistentVolumeSource.v1.core.api.k8s.io" + }, + "storageClassName": { + "description": "storageClassName is the name of StorageClass to which this persistent volume belongs. Empty value means that this volume does not belong to any StorageClass.", + "type": "string" + }, + "storageos": { + "description": "storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. More info: https://examples.k8s.io/volumes/storageos/README.md", + "$ref": "#/definitions/StorageOSPersistentVolumeSource.v1.core.api.k8s.io" + }, + "volumeAttributesClassName": { + "description": "Name of VolumeAttributesClass to which this persistent volume belongs. Empty value is not allowed. When this field is not set, it indicates that this volume does not belong to any VolumeAttributesClass. This field is mutable and can be changed by the CSI driver after a volume has been updated successfully to a new class. For an unbound PersistentVolume, the volumeAttributesClassName will be matched with unbound PersistentVolumeClaims during the binding process.", + "type": "string" + }, + "volumeMode": { + "description": "volumeMode defines if a volume is intended to be used with a formatted filesystem or to remain in raw block state. Value of Filesystem is implied when not included in spec.\n\nPossible enum values:\n - `\"Block\"` means the volume will not be formatted with a filesystem and will remain a raw block device.\n - `\"Filesystem\"` means the volume will be or is formatted with a filesystem.", + "type": "string", + "enum": [ + "Block", + "Filesystem" + ] + }, + "vsphereVolume": { + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver.", + "$ref": "#/definitions/VsphereVirtualDiskVolumeSource.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.ClusterOperatorStatusCondition": { - "description": "ClusterOperatorStatusCondition represents the state of the operator's managed and monitored components.", + "PersistentVolumeStatus.v1.core.api.k8s.io": { + "description": "PersistentVolumeStatus is the current status of a persistent volume.", "type": "object", - "required": [ - "type", - "status", - "lastTransitionTime" - ], "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the time of the last update to the current status property.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "lastPhaseTransitionTime": { + "description": "lastPhaseTransitionTime is the time the phase transitioned from one to another and automatically resets to current time everytime a volume phase transitions.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, "message": { - "description": "message provides additional information about the current condition. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.", + "description": "message is a human-readable message indicating details about why the volume is in this state.", "type": "string" }, + "phase": { + "description": "phase indicates if a volume is available, bound to a claim, or released by a claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase\n\nPossible enum values:\n - `\"Available\"` used for PersistentVolumes that are not yet bound Available volumes are held by the binder and matched to PersistentVolumeClaims\n - `\"Bound\"` used for PersistentVolumes that are bound\n - `\"Failed\"` used for PersistentVolumes that failed to be correctly recycled or deleted after being released from a claim\n - `\"Pending\"` used for PersistentVolumes that are not available\n - `\"Released\"` used for PersistentVolumes where the bound PersistentVolumeClaim was deleted released volumes must be recycled before becoming available again this phase is used by the persistent volume claim binder to signal to another process to reclaim the resource", + "type": "string", + "enum": [ + "Available", + "Bound", + "Failed", + "Pending", + "Released" + ] + }, "reason": { - "description": "reason is the CamelCase reason for the condition's current status.", + "description": "reason is a brief CamelCase string that describes any failure and is meant for machine parsing and tidy display in the CLI.", + "type": "string" + } + } + }, + "PhotonPersistentDiskVolumeSource.v1.core.api.k8s.io": { + "description": "Represents a Photon Controller persistent disk resource.", + "type": "object", + "required": [ + "pdID" + ], + "properties": { + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "type": "string", - "default": "" - }, - "type": { - "description": "type specifies the aspect reported by this condition.", + "pdID": { + "description": "pdID is the ID that identifies Photon Controller persistent disk", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.ClusterVersion": { - "description": "ClusterVersion is the configuration for the ClusterVersionOperator. This is where parameters related to automatic updates can be set.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "Pod.v1.core.api.k8s.io": { + "description": "Pod is a collection of containers that can run on a host. This resource is created by clients and scheduled onto hosts.", "type": "object", - "required": [ - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -5702,47 +6245,59 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { - "description": "spec is the desired state of the cluster version - the operator will work to ensure that the desired version is applied to the cluster.", + "description": "Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterVersionSpec" + "$ref": "#/definitions/PodSpec.v1.core.api.k8s.io" }, "status": { - "description": "status contains information about the available updates and any in-progress updates.", + "description": "Most recently observed status of the pod. This data may not be up to date. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterVersionStatus" + "$ref": "#/definitions/PodStatus.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.ClusterVersionCapabilitiesSpec": { - "description": "ClusterVersionCapabilitiesSpec selects the managed set of optional, core cluster components.", + "PodAffinity.v1.core.api.k8s.io": { + "description": "Pod affinity is a group of inter pod affinity scheduling rules.", "type": "object", "properties": { - "additionalEnabledCapabilities": { - "description": "additionalEnabledCapabilities extends the set of managed capabilities beyond the baseline defined in baselineCapabilitySet. The default is an empty set.", + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/WeightedPodAffinityTerm.v1.core.api.k8s.io" }, "x-kubernetes-list-type": "atomic" }, - "baselineCapabilitySet": { - "description": "baselineCapabilitySet selects an initial set of optional capabilities to enable, which can be extended via additionalEnabledCapabilities. If unset, the cluster will choose a default, and the default may change over time. The current default is vCurrent.", - "type": "string" + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/PodAffinityTerm.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.config.v1.ClusterVersionCapabilitiesStatus": { - "description": "ClusterVersionCapabilitiesStatus describes the state of optional, core cluster components.", + "PodAffinityTerm.v1.core.api.k8s.io": { + "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running", "type": "object", + "required": [ + "topologyKey" + ], "properties": { - "enabledCapabilities": { - "description": "enabledCapabilities lists all the capabilities that are currently managed.", + "labelSelector": { + "description": "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set.", "type": "array", "items": { "type": "string", @@ -5750,625 +6305,412 @@ }, "x-kubernetes-list-type": "atomic" }, - "knownCapabilities": { - "description": "knownCapabilities lists all the capabilities known to the current cluster.", + "mismatchLabelKeys": { + "description": "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set.", "type": "array", "items": { "type": "string", "default": "" }, "x-kubernetes-list-type": "atomic" - } - } - }, - "com.github.openshift.api.config.v1.ClusterVersionList": { - "description": "ClusterVersionList is a list of ClusterVersion resources.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "metadata", - "items" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" }, - "items": { + "namespaceSelector": { + "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "namespaces": { + "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterVersion" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "topologyKey": { + "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.ClusterVersionSpec": { - "description": "ClusterVersionSpec is the desired version state of the cluster. It includes the version the cluster should be at, how the cluster is identified, and where the cluster should look for version updates.", + "PodAntiAffinity.v1.core.api.k8s.io": { + "description": "Pod anti affinity is a group of inter pod anti affinity scheduling rules.", "type": "object", - "required": [ - "clusterID" - ], "properties": { - "capabilities": { - "description": "capabilities configures the installation of optional, core cluster components. A null value here is identical to an empty object; see the child properties for default semantics.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterVersionCapabilitiesSpec" - }, - "channel": { - "description": "channel is an identifier for explicitly requesting a non-default set of updates to be applied to this cluster. The default channel will contain stable updates that are appropriate for production clusters.", - "type": "string" - }, - "clusterID": { - "description": "clusterID uniquely identifies this cluster. This is expected to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in hexadecimal values). This is a required field.", - "type": "string", - "default": "" - }, - "desiredUpdate": { - "description": "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail.\n\nSome of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. The version extracted from the referenced image must match the specified version. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error.\n\nIf an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted if the previous version is within the current minor version. Not all rollbacks will succeed, and some may unrecoverably break the cluster.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.Update" - }, - "overrides": { - "description": "overrides is list of overides for components that are managed by cluster version operator. Marking a component unmanaged will prevent the operator from creating or updating the object.", + "preferredDuringSchedulingIgnoredDuringExecution": { + "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and subtracting \"weight\" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ComponentOverride" + "$ref": "#/definitions/WeightedPodAffinityTerm.v1.core.api.k8s.io" }, - "x-kubernetes-list-map-keys": [ - "kind", - "group", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" }, - "signatureStores": { - "description": "signatureStores contains the upstream URIs to verify release signatures and optional reference to a config map by name containing the PEM-encoded CA bundle.\n\nBy default, CVO will use existing signature stores if this property is empty. The CVO will check the release signatures in the local ConfigMaps first. It will search for a valid signature in these stores in parallel only when local ConfigMaps did not include a valid signature. Validation will fail if none of the signature stores reply with valid signature before timeout. Setting signatureStores will replace the default signature stores with custom signature stores. Default stores can be used with custom signature stores by adding them manually.\n\nA maximum of 32 signature stores may be configured.", + "requiredDuringSchedulingIgnoredDuringExecution": { + "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SignatureStore" + "$ref": "#/definitions/PodAffinityTerm.v1.core.api.k8s.io" }, - "x-kubernetes-list-map-keys": [ - "url" - ], - "x-kubernetes-list-type": "map" - }, - "upstream": { - "description": "upstream may be used to specify the preferred update server. By default it will use the appropriate update server for the cluster and region.", - "type": "string" + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.config.v1.ClusterVersionStatus": { - "description": "ClusterVersionStatus reports the status of the cluster versioning, including any upgrades that are in progress. The current field will be set to whichever version the cluster is reconciling to, and the conditions array will report whether the update succeeded, is in progress, or is failing.", + "PodAttachOptions.v1.core.api.k8s.io": { + "description": "PodAttachOptions is the query options to a Pod's remote attach call.", "type": "object", - "required": [ - "desired", - "observedGeneration", - "versionHash", - "availableUpdates" - ], "properties": { - "availableUpdates": { - "description": "availableUpdates contains updates recommended for this cluster. Updates which appear in conditionalUpdates but not in availableUpdates may expose this cluster to known issues. This list may be empty if no updates are recommended, if the update service is unavailable, or if an invalid channel has been specified.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Release" - }, - "x-kubernetes-list-type": "atomic" - }, - "capabilities": { - "description": "capabilities describes the state of optional, core cluster components.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterVersionCapabilitiesStatus" - }, - "conditionalUpdateRisks": { - "description": "conditionalUpdateRisks contains the list of risks associated with conditionalUpdates. When performing a conditional update, all its associated risks will be compared with the set of accepted risks in the spec.desiredUpdate.acceptRisks field. If all risks for a conditional update are included in the spec.desiredUpdate.acceptRisks set, the conditional update can proceed, otherwise it is blocked. The risk names in the list must be unique. conditionalUpdateRisks must not contain more than 500 entries.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConditionalUpdateRisk" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "conditionalUpdates": { - "description": "conditionalUpdates contains the list of updates that may be recommended for this cluster if it meets specific required conditions. Consumers interested in the set of updates that are actually recommended for this cluster should use availableUpdates. This list may be empty if no updates are recommended, if the update service is unavailable, or if an empty or invalid channel has been specified.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConditionalUpdate" - }, - "x-kubernetes-list-type": "atomic" + "container": { + "description": "The container in which to execute the command. Defaults to only container if there is only one container in the pod.", + "type": "string" }, - "conditions": { - "description": "conditions provides information about the cluster version. The condition \"Available\" is set to true if the desiredUpdate has been reached. The condition \"Progressing\" is set to true if an update is being applied. The condition \"Degraded\" is set to true if an update is currently blocked by a temporary or permanent error. Conditions are only valid for the current desiredUpdate when metadata.generation is equal to status.generation.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterOperatorStatusCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "desired": { - "description": "desired is the version that the cluster is reconciling towards. If the cluster is not yet fully initialized desired will be set with the information available, which may be an image or a tag.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Release" + "stderr": { + "description": "Stderr if true indicates that stderr is to be redirected for the attach call. Defaults to true.", + "type": "boolean" }, - "history": { - "description": "history contains a list of the most recent versions applied to the cluster. This value may be empty during cluster startup, and then will be updated when a new update is being applied. The newest update is first in the list and it is ordered by recency. Updates in the history have state Completed if the rollout completed - if an update was failing or halfway applied the state will be Partial. Only a limited amount of update history is preserved.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.UpdateHistory" - }, - "x-kubernetes-list-type": "atomic" + "stdin": { + "description": "Stdin if true, redirects the standard input stream of the pod for this call. Defaults to false.", + "type": "boolean" }, - "observedGeneration": { - "description": "observedGeneration reports which version of the spec is being synced. If this value is not equal to metadata.generation, then the desired and conditions fields may represent a previous version.", - "type": "integer", - "format": "int64", - "default": 0 + "stdout": { + "description": "Stdout if true indicates that stdout is to be redirected for the attach call. Defaults to true.", + "type": "boolean" }, - "versionHash": { - "description": "versionHash is a fingerprint of the content that the cluster will be updated with. It is used by the operator to avoid unnecessary work and is for internal use only.", - "type": "string", - "default": "" + "tty": { + "description": "TTY if true indicates that a tty will be allocated for the attach call. This is passed through the container runtime so the tty is allocated on the worker node by the container runtime. Defaults to false.", + "type": "boolean" } } }, - "com.github.openshift.api.config.v1.ComponentOverride": { - "description": "ComponentOverride allows overriding cluster version operator's behavior for a component.", + "PodCertificateProjection.v1.core.api.k8s.io": { + "description": "PodCertificateProjection provides a private key and X.509 certificate in the pod filesystem.", "type": "object", "required": [ - "kind", - "group", - "namespace", - "name", - "unmanaged" + "signerName", + "keyType" ], "properties": { - "group": { - "description": "group identifies the API group that the kind is in.", - "type": "string", - "default": "" + "certificateChainPath": { + "description": "Write the certificate chain at this path in the projected volume.\n\nMost applications should use credentialBundlePath. When using keyPath and certificateChainPath, your application needs to check that the key and leaf certificate are consistent, because it is possible to read the files mid-rotation.", + "type": "string" }, - "kind": { - "description": "kind indentifies which object to override.", - "type": "string", - "default": "" + "credentialBundlePath": { + "description": "Write the credential bundle at this path in the projected volume.\n\nThe credential bundle is a single file that contains multiple PEM blocks. The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private key.\n\nThe remaining blocks are CERTIFICATE blocks, containing the issued certificate chain from the signer (leaf and any intermediates).\n\nUsing credentialBundlePath lets your Pod's application code make a single atomic read that retrieves a consistent key and certificate chain. If you project them to separate files, your application code will need to additionally check that the leaf certificate was issued to the key.", + "type": "string" }, - "name": { - "description": "name is the component's name.", - "type": "string", - "default": "" + "keyPath": { + "description": "Write the key at this path in the projected volume.\n\nMost applications should use credentialBundlePath. When using keyPath and certificateChainPath, your application needs to check that the key and leaf certificate are consistent, because it is possible to read the files mid-rotation.", + "type": "string" }, - "namespace": { - "description": "namespace is the component's namespace. If the resource is cluster scoped, the namespace should be empty.", - "type": "string", - "default": "" + "keyType": { + "description": "The type of keypair Kubelet will generate for the pod.\n\nValid values are \"RSA3072\", \"RSA4096\", \"ECDSAP256\", \"ECDSAP384\", \"ECDSAP521\", and \"ED25519\".", + "type": "string" }, - "unmanaged": { - "description": "unmanaged controls if cluster version operator should stop managing the resources in this cluster. Default: false", - "type": "boolean", - "default": false + "maxExpirationSeconds": { + "description": "maxExpirationSeconds is the maximum lifetime permitted for the certificate.\n\nKubelet copies this value verbatim into the PodCertificateRequests it generates for this projection.\n\nIf omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver will reject values shorter than 3600 (1 hour). The maximum allowable value is 7862400 (91 days).\n\nThe signer implementation is then free to issue a certificate with any lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600 seconds (1 hour). This constraint is enforced by kube-apiserver. `kubernetes.io` signers will never issue certificates with a lifetime longer than 24 hours.", + "type": "integer", + "format": "int32" + }, + "signerName": { + "description": "Kubelet's generated CSRs will be addressed to this signer.", + "type": "string" + }, + "userAnnotations": { + "description": "userAnnotations allow pod authors to pass additional information to the signer implementation. Kubernetes does not restrict or validate this metadata in any way.\n\nThese values are copied verbatim into the `spec.unverifiedUserAnnotations` field of the PodCertificateRequest objects that Kubelet creates.\n\nEntries are subject to the same validation as object metadata annotations, with the addition that all keys must be domain-prefixed. No restrictions are placed on values, except an overall size limitation on the entire field.\n\nSigners should document the keys and values they support. Signers should deny requests that contain keys they do not recognize.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.config.v1.ComponentRouteSpec": { - "description": "ComponentRouteSpec allows for configuration of a route's hostname and serving certificate.", + "PodCondition.v1.core.api.k8s.io": { + "description": "PodCondition contains details for the current condition of this pod.", "type": "object", "required": [ - "namespace", - "name", - "hostname" + "type", + "status" ], "properties": { - "hostname": { - "description": "hostname is the hostname that should be used by the route.", - "type": "string", - "default": "" + "lastProbeTime": { + "description": "Last time we probed the condition.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "name": { - "description": "name is the logical name of the route to customize.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized.", + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "message": { + "description": "Human-readable message indicating details about last transition.", + "type": "string" + }, + "observedGeneration": { + "description": "If set, this represents the .metadata.generation that the pod condition was set based upon. The PodObservedGenerationTracking feature gate must be enabled to use this field.", + "type": "integer", + "format": "int64" + }, + "reason": { + "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "Status is the status of the condition. Can be True, False, Unknown. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions", "type": "string", "default": "" }, - "namespace": { - "description": "namespace is the namespace of the route to customize.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized.", + "type": { + "description": "Type is the type of the condition. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions", "type": "string", "default": "" - }, - "servingCertKeyPairSecret": { - "description": "servingCertKeyPairSecret is a reference to a secret of type `kubernetes.io/tls` in the openshift-config namespace. The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name. If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" } } }, - "com.github.openshift.api.config.v1.ComponentRouteStatus": { - "description": "ComponentRouteStatus contains information allowing configuration of a route's hostname and serving certificate.", + "PodDNSConfig.v1.core.api.k8s.io": { + "description": "PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.", "type": "object", - "required": [ - "namespace", - "name", - "defaultHostname", - "relatedObjects" - ], "properties": { - "conditions": { - "description": "conditions are used to communicate the state of the componentRoutes entry.\n\nSupported conditions include Available, Degraded and Progressing.\n\nIf available is true, the content served by the route can be accessed by users. This includes cases where a default may continue to serve content while the customized route specified by the cluster-admin is being configured.\n\nIf Degraded is true, that means something has gone wrong trying to handle the componentRoutes entry. The currentHostnames field may or may not be in effect.\n\nIf Progressing is true, that means the component is taking some action related to the componentRoutes entry.", + "nameservers": { + "description": "A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" }, - "consumingUsers": { - "description": "consumingUsers is a slice of ServiceAccounts that need to have read permission on the servingCertKeyPairSecret secret.", + "options": { + "description": "A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/PodDNSConfigOption.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "currentHostnames": { - "description": "currentHostnames is the list of current names used by the route. Typically, this list should consist of a single hostname, but if multiple hostnames are supported by the route the operator may write multiple entries to this list.", + "searches": { + "description": "A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.", "type": "array", "items": { "type": "string", "default": "" - } - }, - "defaultHostname": { - "description": "defaultHostname is the hostname of this route prior to customization.", - "type": "string", - "default": "" - }, - "name": { - "description": "name is the logical name of the route to customize. It does not have to be the actual name of a route resource but it cannot be renamed.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized.", - "type": "string", - "default": "" - }, - "namespace": { - "description": "namespace is the namespace of the route to customize. It must be a real namespace. Using an actual namespace ensures that no two components will conflict and the same component can be installed multiple times.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized.", - "type": "string", - "default": "" - }, - "relatedObjects": { - "description": "relatedObjects is a list of resources which are useful when debugging or inspecting how spec.componentRoutes is applied.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ObjectReference" - } + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.config.v1.ConditionalUpdate": { - "description": "ConditionalUpdate represents an update which is recommended to some clusters on the version the current cluster is reconciling, but which may not be recommended for the current cluster.", + "PodDNSConfigOption.v1.core.api.k8s.io": { + "description": "PodDNSConfigOption defines DNS resolver options of a pod.", "type": "object", - "required": [ - "release", - "risks" - ], "properties": { - "conditions": { - "description": "conditions represents the observations of the conditional update's current status. Known types are: * Recommended, for whether the update is recommended for the current cluster.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "release": { - "description": "release is the target of the update.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Release" - }, - "riskNames": { - "description": "riskNames represents the set of the names of conditionalUpdateRisks that are relevant to this update for some clusters. The Applies condition of each conditionalUpdateRisks entry declares if that risk applies to this cluster. A conditional update is accepted only if each of its risks either does not apply to the cluster or is considered acceptable by the cluster administrator. The latter means that the risk names are included in value of the spec.desiredUpdate.acceptRisks field. Entries must be unique and must not exceed 256 characters. riskNames must not contain more than 500 entries.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" + "name": { + "description": "Name is this DNS resolver option's name. Required.", + "type": "string" }, - "risks": { - "description": "risks represents the range of issues associated with updating to the target release. The cluster-version operator will evaluate all entries, and only recommend the update if there is at least one entry and all entries recommend the update.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConditionalUpdateRisk" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" + "value": { + "description": "Value is this DNS resolver option's value.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.ConditionalUpdateRisk": { - "description": "ConditionalUpdateRisk represents a reason and cluster-state for not recommending a conditional update.", + "PodExecOptions.v1.core.api.k8s.io": { + "description": "PodExecOptions is the query options to a Pod's remote exec call.", "type": "object", "required": [ - "url", - "name", - "message", - "matchingRules" + "command" ], "properties": { - "conditions": { - "description": "conditions represents the observations of the conditional update risk's current status. Known types are: * Applies, for whether the risk applies to the current cluster. The condition's types in the list must be unique. conditions must not contain more than one entry.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "matchingRules": { - "description": "matchingRules is a slice of conditions for deciding which clusters match the risk and which do not. The slice is ordered by decreasing precedence. The cluster-version operator will walk the slice in order, and stop after the first it can successfully evaluate. If no condition can be successfully evaluated, the update will not be recommended.", + "command": { + "description": "Command is the remote command to execute. argv array. Not executed within a shell.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterCondition" + "type": "string", + "default": "" }, "x-kubernetes-list-type": "atomic" }, - "message": { - "description": "message provides additional information about the risk of updating, in the event that matchingRules match the cluster state. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.", - "type": "string", - "default": "" + "container": { + "description": "Container in which to execute the command. Defaults to only container if there is only one container in the pod.", + "type": "string" }, - "name": { - "description": "name is the CamelCase reason for not recommending a conditional update, in the event that matchingRules match the cluster state.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "url": { - "description": "url contains information about this risk.", - "type": "string", - "default": "" + "stderr": { + "description": "Redirect the standard error stream of the pod for this call.", + "type": "boolean" + }, + "stdin": { + "description": "Redirect the standard input stream of the pod for this call. Defaults to false.", + "type": "boolean" + }, + "stdout": { + "description": "Redirect the standard output stream of the pod for this call.", + "type": "boolean" + }, + "tty": { + "description": "TTY if true indicates that a tty will be allocated for the exec call. Defaults to false.", + "type": "boolean" } } }, - "com.github.openshift.api.config.v1.ConfigMapFileReference": { - "description": "ConfigMapFileReference references a config map in a specific namespace. The namespace must be specified at the point of use.", + "PodExtendedResourceClaimStatus.v1.core.api.k8s.io": { + "description": "PodExtendedResourceClaimStatus is stored in the PodStatus for the extended resource requests backed by DRA. It stores the generated name for the corresponding special ResourceClaim created by the scheduler.", "type": "object", "required": [ - "name" + "requestMappings", + "resourceClaimName" ], "properties": { - "key": { - "description": "key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references.", - "type": "string" + "requestMappings": { + "description": "RequestMappings identifies the mapping of to device request in the generated ResourceClaim.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/ContainerExtendedResourceRequest.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "name": { + "resourceClaimName": { + "description": "ResourceClaimName is the name of the ResourceClaim that was generated for the Pod in the namespace of the Pod.", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.ConfigMapNameReference": { - "description": "ConfigMapNameReference references a config map in a specific namespace. The namespace must be specified at the point of use.", + "PodIP.v1.core.api.k8s.io": { + "description": "PodIP represents a single IP address allocated to the pod.", "type": "object", "required": [ - "name" + "ip" ], "properties": { - "name": { - "description": "name is the metadata.name of the referenced config map", + "ip": { + "description": "IP is the IP address assigned to the pod", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.Console": { - "description": "Console holds cluster-wide configuration for the web console, including the logout URL, and reports the public URL of the console. The canonical name is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "PodList.v1.core.api.k8s.io": { + "description": "PodList is a list of Pods.", "type": "object", "required": [ - "spec" + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "description": "List of pods. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Pod.v1.core.api.k8s.io" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec holds user settable values for configuration", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConsoleSpec" - }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConsoleStatus" - } - } - }, - "com.github.openshift.api.config.v1.ConsoleAuthentication": { - "description": "ConsoleAuthentication defines a list of optional configuration for console authentication.", - "type": "object", - "properties": { - "logoutRedirect": { - "description": "An optional, absolute URL to redirect web browsers to after logging out of the console. If not specified, it will redirect to the default login page. This is required when using an identity provider that supports single sign-on (SSO) such as: - OpenID (Keycloak, Azure) - RequestHeader (GSSAPI, SSPI, SAML) - OAuth (GitHub, GitLab, Google) Logging out of the console will destroy the user's token. The logoutRedirect provides the user the option to perform single logout (SLO) through the identity provider to destroy their single sign-on session.", - "type": "string" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1.ConsoleList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "PodLogOptions.v1.core.api.k8s.io": { + "description": "PodLogOptions is the query options for a Pod's logs REST call.", "type": "object", - "required": [ - "metadata", - "items" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Console" - } + "container": { + "description": "The container for which to stream logs. Defaults to only container if there is one container in the pod.", + "type": "string" + }, + "follow": { + "description": "Follow the log stream of the pod. Defaults to false.", + "type": "boolean" + }, + "insecureSkipTLSVerifyBackend": { + "description": "insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the serving certificate of the backend it is connecting to. This will make the HTTPS connection between the apiserver and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real kubelet. If the kubelet is configured to verify the apiserver's TLS credentials, it does not mean the connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept the actual log data coming from the real kubelet).", + "type": "boolean" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.config.v1.ConsoleSpec": { - "description": "ConsoleSpec is the specification of the desired behavior of the Console.", - "type": "object", - "properties": { - "authentication": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConsoleAuthentication" - } - } - }, - "com.github.openshift.api.config.v1.ConsoleStatus": { - "description": "ConsoleStatus defines the observed status of the Console.", - "type": "object", - "properties": { - "consoleURL": { - "description": "The URL for the console. This will be derived from the host for the route that is created for the console.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.config.v1.Custom": { - "description": "Custom provides the custom configuration of gatherers", - "type": "object", - "required": [ - "configs" - ], - "properties": { - "configs": { - "description": "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.GathererConfig" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - } - }, - "com.github.openshift.api.config.v1.CustomFeatureGates": { - "type": "object", - "properties": { - "disabled": { - "description": "disabled is a list of all feature gates that you want to force off", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "limitBytes": { + "description": "If set, the number of bytes to read from the server before terminating the log output. This may not display a complete final line of logging, and may return slightly more or slightly less than the specified limit.", + "type": "integer", + "format": "int64" }, - "enabled": { - "description": "enabled is a list of all feature gates that you want to force on", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "previous": { + "description": "Return previous terminated container logs. Defaults to false.", + "type": "boolean" + }, + "sinceSeconds": { + "description": "A relative time in seconds before the current time from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", + "type": "integer", + "format": "int64" + }, + "sinceTime": { + "description": "An RFC3339 timestamp from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "stream": { + "description": "Specify which container log stream to return to the client. Acceptable values are \"All\", \"Stdout\" and \"Stderr\". If not specified, \"All\" is used, and both stdout and stderr are returned interleaved. Note that when \"TailLines\" is specified, \"Stream\" can only be set to nil or \"All\".", + "type": "string" + }, + "tailLines": { + "description": "If set, the number of lines from the end of the logs to show. If not specified, logs are shown from the creation of the container or sinceSeconds or sinceTime. Note that when \"TailLines\" is specified, \"Stream\" can only be set to nil or \"All\".", + "type": "integer", + "format": "int64" + }, + "timestamps": { + "description": "If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line of log output. Defaults to false.", + "type": "boolean" } } }, - "com.github.openshift.api.config.v1.CustomTLSProfile": { - "description": "CustomTLSProfile is a user-defined TLS security profile. Be extremely careful using a custom TLS profile as invalid configurations can be catastrophic.", + "PodOS.v1.core.api.k8s.io": { + "description": "PodOS defines the OS parameters of a pod.", "type": "object", "required": [ - "ciphers", - "minTLSVersion" + "name" ], "properties": { - "ciphers": { - "description": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries that their operands do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml):\n\n ciphers:\n - ECDHE-RSA-AES128-GCM-SHA256\n\nTLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable and are always enabled when TLS 1.3 is negotiated.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "curves": { - "description": "curves is an optional field used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one curve and each curve must be unique.\n\nFor example, to use X25519 and secp256r1 (yaml):\n\n curves:\n - X25519\n - secp256r1", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" - }, - "minTLSVersion": { - "description": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11", + "name": { + "description": "Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: null", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.DNS": { - "description": "DNS holds cluster-wide information about DNS. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "PodPortForwardOptions.v1.core.api.k8s.io": { + "description": "PodPortForwardOptions is the query options to a Pod's port forward call when using WebSockets. The `port` query parameter must specify the port or ports (comma separated) to forward over. Port forwarding over SPDY does not use these options. It requires the port to be passed in the `port` header as part of request.", "type": "object", - "required": [ - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -6378,1196 +6720,655 @@ "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.DNSSpec" - }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.DNSStatus" + "ports": { + "description": "List of ports to forward Required when using WebSockets", + "type": "array", + "items": { + "type": "integer", + "format": "int32", + "default": 0 + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.config.v1.DNSList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "PodProxyOptions.v1.core.api.k8s.io": { + "description": "PodProxyOptions is the query options to a Pod's proxy call.", "type": "object", - "required": [ - "metadata", - "items" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.DNS" - } - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "path": { + "description": "Path is the URL path to use for the current proxy request to pod.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.DNSPlatformSpec": { - "description": "DNSPlatformSpec holds cloud-provider-specific configuration for DNS administration.", + "PodReadinessGate.v1.core.api.k8s.io": { + "description": "PodReadinessGate contains the reference to a pod condition", "type": "object", "required": [ - "type" + "conditionType" ], "properties": { - "aws": { - "description": "aws contains DNS configuration specific to the Amazon Web Services cloud provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSDNSSpec" - }, - "type": { - "description": "type is the underlying infrastructure provider for the cluster. Allowed values: \"\", \"AWS\".\n\nIndividual components may not support all platforms, and must handle unrecognized platforms with best-effort defaults.", + "conditionType": { + "description": "ConditionType refers to a condition in the pod's condition list with matching type.", "type": "string", "default": "" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "aws": "AWS" - } - } - ] + } }, - "com.github.openshift.api.config.v1.DNSSpec": { + "PodResourceClaim.v1.core.api.k8s.io": { + "description": "PodResourceClaim references exactly one ResourceClaim, either directly or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim for the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.", "type": "object", "required": [ - "baseDomain" + "name" ], "properties": { - "baseDomain": { - "description": "baseDomain is the base domain of the cluster. All managed DNS records will be sub-domains of this base.\n\nFor example, given the base domain `openshift.example.com`, an API server DNS record may be created for `cluster-api.openshift.example.com`.\n\nOnce set, this field cannot be changed.", + "name": { + "description": "Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL.", "type": "string", "default": "" }, - "platform": { - "description": "platform holds configuration specific to the underlying infrastructure provider for DNS. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.DNSPlatformSpec" - }, - "privateZone": { - "description": "privateZone is the location where all the DNS records that are only available internally to the cluster exist.\n\nIf this field is nil, no private records should be created.\n\nOnce set, this field cannot be changed.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.DNSZone" - }, - "publicZone": { - "description": "publicZone is the location where all the DNS records that are publicly accessible to the internet exist.\n\nIf this field is nil, no public records should be created.\n\nOnce set, this field cannot be changed.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.DNSZone" - } - } - }, - "com.github.openshift.api.config.v1.DNSStatus": { - "type": "object" - }, - "com.github.openshift.api.config.v1.DNSZone": { - "description": "DNSZone is used to define a DNS hosted zone. A zone can be identified by an ID or tags.", - "type": "object", - "properties": { - "id": { - "description": "id is the identifier that can be used to find the DNS hosted zone.\n\non AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3].\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get", + "resourceClaimName": { + "description": "ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must be set.", "type": "string" }, - "tags": { - "description": "tags can be used to query the DNS hosted zone.\n\non AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters,\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - } - } - }, - "com.github.openshift.api.config.v1.DelegatedAuthentication": { - "description": "DelegatedAuthentication allows authentication to be disabled.", - "type": "object", - "properties": { - "disabled": { - "description": "disabled indicates that authentication should be disabled. By default it will use delegated authentication.", - "type": "boolean" - } - } - }, - "com.github.openshift.api.config.v1.DelegatedAuthorization": { - "description": "DelegatedAuthorization allows authorization to be disabled.", - "type": "object", - "properties": { - "disabled": { - "description": "disabled indicates that authorization should be disabled. By default it will use delegated authorization.", - "type": "boolean" + "resourceClaimTemplateName": { + "description": "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must be set.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.DeprecatedWebhookTokenAuthenticator": { - "description": "deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field.", + "PodResourceClaimStatus.v1.core.api.k8s.io": { + "description": "PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim which references a ResourceClaimTemplate. It stores the generated name for the corresponding ResourceClaim.", "type": "object", "required": [ - "kubeConfig" + "name" ], "properties": { - "kubeConfig": { - "description": "kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" - } - } - }, - "com.github.openshift.api.config.v1.EquinixMetalPlatformSpec": { - "description": "EquinixMetalPlatformSpec holds the desired state of the Equinix Metal infrastructure provider. This only includes fields that can be modified in the cluster.", - "type": "object" - }, - "com.github.openshift.api.config.v1.EquinixMetalPlatformStatus": { - "description": "EquinixMetalPlatformStatus holds the current status of the Equinix Metal infrastructure provider.", - "type": "object", - "properties": { - "apiServerInternalIP": { - "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", - "type": "string" + "name": { + "description": "Name uniquely identifies this resource claim inside the pod. This must match the name of an entry in pod.spec.resourceClaims, which implies that the string must be a DNS_LABEL.", + "type": "string", + "default": "" }, - "ingressIP": { - "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.", + "resourceClaimName": { + "description": "ResourceClaimName is the name of the ResourceClaim that was generated for the Pod in the namespace of the Pod. If this is unset, then generating a ResourceClaim was not necessary. The pod.spec.resourceClaims entry can be ignored in this case.", "type": "string" } } }, - "com.github.openshift.api.config.v1.EtcdConnectionInfo": { - "description": "EtcdConnectionInfo holds information necessary for connecting to an etcd server", + "PodSchedulingGate.v1.core.api.k8s.io": { + "description": "PodSchedulingGate is associated to a Pod to guard its scheduling.", "type": "object", "required": [ - "ca", - "certFile", - "keyFile" + "name" ], "properties": { - "ca": { - "description": "ca is a file containing trusted roots for the etcd server certificates", - "type": "string", - "default": "" - }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" - }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "name": { + "description": "Name of the scheduling gate. Each scheduling gate must have a unique name field.", "type": "string", "default": "" - }, - "urls": { - "description": "urls are the URLs for etcd", - "type": "array", - "items": { - "type": "string", - "default": "" - } } } }, - "com.github.openshift.api.config.v1.EtcdStorageConfig": { + "PodSecurityContext.v1.core.api.k8s.io": { + "description": "PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.", "type": "object", - "required": [ - "ca", - "certFile", - "keyFile", - "storagePrefix" - ], "properties": { - "ca": { - "description": "ca is a file containing trusted roots for the etcd server certificates", - "type": "string", - "default": "" + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.", + "$ref": "#/definitions/AppArmorProfile.v1.core.api.k8s.io" }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" + "fsGroup": { + "description": "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:\n\n1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.", + "type": "integer", + "format": "int64" }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "fsGroupChangePolicy": { + "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used. Note that this field cannot be set when spec.os.name is windows.\n\nPossible enum values:\n - `\"Always\"` indicates that volume's ownership and permissions should always be changed whenever volume is mounted inside a Pod. This the default behavior.\n - `\"OnRootMismatch\"` indicates that volume's ownership and permissions will be changed only when permission and ownership of root directory does not match with expected permissions on the volume. This can help shorten the time it takes to change ownership and permissions of a volume.", "type": "string", - "default": "" + "enum": [ + "Always", + "OnRootMismatch" + ] }, - "storagePrefix": { - "description": "storagePrefix is the path within etcd that the OpenShift resources will be rooted under. This value, if changed, will mean existing objects in etcd will no longer be located.", - "type": "string", - "default": "" + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", + "type": "integer", + "format": "int64" }, - "urls": { - "description": "urls are the URLs for etcd", - "type": "array", - "items": { - "type": "string", - "default": "" - } - } - } - }, - "com.github.openshift.api.config.v1.ExternalIPConfig": { - "description": "ExternalIPConfig specifies some IP blocks relevant for the ExternalIP field of a Service resource.", - "type": "object", - "properties": { - "autoAssignCIDRs": { - "description": "autoAssignCIDRs is a list of CIDRs from which to automatically assign Service.ExternalIP. These are assigned when the service is of type LoadBalancer. In general, this is only useful for bare-metal clusters. In Openshift 3.x, this was misleadingly called \"IngressIPs\". Automatically assigned External IPs are not affected by any ExternalIPPolicy rules. Currently, only one entry may be provided.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" }, - "policy": { - "description": "policy is a set of restrictions applied to the ExternalIP field. If nil or empty, then ExternalIP is not allowed to be set.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.ExternalIPPolicy" - } - } - }, - "com.github.openshift.api.config.v1.ExternalIPPolicy": { - "description": "ExternalIPPolicy configures exactly which IPs are allowed for the ExternalIP field in a Service. If the zero struct is supplied, then none are permitted. The policy controller always allows automatically assigned external IPs.", - "type": "object", - "properties": { - "allowedCIDRs": { - "description": "allowedCIDRs is the list of allowed CIDRs.", + "runAsUser": { + "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", + "type": "integer", + "format": "int64" + }, + "seLinuxChangePolicy": { + "description": "seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are \"MountOption\" and \"Recursive\".\n\n\"Recursive\" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.\n\n\"MountOption\" mounts all eligible Pod volumes with `-o context` mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. \"MountOption\" value is allowed only when SELinuxMount feature gate is enabled.\n\nIf not specified and SELinuxMount feature gate is enabled, \"MountOption\" is used. If not specified and SELinuxMount feature gate is disabled, \"MountOption\" is used for ReadWriteOncePod volumes and \"Recursive\" for all other volumes.\n\nThis field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.\n\nAll Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows.", + "type": "string" + }, + "seLinuxOptions": { + "description": "The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", + "$ref": "#/definitions/SELinuxOptions.v1.core.api.k8s.io" + }, + "seccompProfile": { + "description": "The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.", + "$ref": "#/definitions/SeccompProfile.v1.core.api.k8s.io" + }, + "supplementalGroups": { + "description": "A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.", "type": "array", "items": { - "type": "string", - "default": "" + "type": "integer", + "format": "int64", + "default": 0 }, "x-kubernetes-list-type": "atomic" }, - "rejectedCIDRs": { - "description": "rejectedCIDRs is the list of disallowed CIDRs. These take precedence over allowedCIDRs.", + "supplementalGroupsPolicy": { + "description": "Defines how supplemental groups of the first container processes are calculated. Valid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.\n\nPossible enum values:\n - `\"Merge\"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be merged with the primary user's groups as defined in the container image (in /etc/group).\n - `\"Strict\"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be used instead of any groups defined in the container image.", + "type": "string", + "enum": [ + "Merge", + "Strict" + ] + }, + "sysctls": { + "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/Sysctl.v1.core.api.k8s.io" }, "x-kubernetes-list-type": "atomic" + }, + "windowsOptions": { + "description": "The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", + "$ref": "#/definitions/WindowsSecurityContextOptions.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.ExternalPlatformSpec": { - "description": "ExternalPlatformSpec holds the desired state for the generic External infrastructure provider.", - "type": "object", - "properties": { - "platformName": { - "description": "platformName holds the arbitrary string representing the infrastructure provider name, expected to be set at the installation time. This field is solely for informational and reporting purposes and is not expected to be used for decision-making.", - "type": "string", - "default": "Unknown" - } - } - }, - "com.github.openshift.api.config.v1.ExternalPlatformStatus": { - "description": "ExternalPlatformStatus holds the current status of the generic External infrastructure provider.", + "PodSignature.v1.core.api.k8s.io": { + "description": "Describes the class of pods that should avoid this node. Exactly one field should be set.", "type": "object", "properties": { - "cloudControllerManager": { - "description": "cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI). When omitted, new nodes will be not tainted and no extra initialization from the cloud controller manager is expected.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.CloudControllerManagerStatus" + "podController": { + "description": "Reference to controller whose pods should avoid this node.", + "$ref": "#/definitions/OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1.ExtraMapping": { - "description": "ExtraMapping allows specifying a key and CEL expression to evaluate the keys' value. It is used to create additional mappings and attributes added to a cluster identity from a provided authentication token.", + "PodSpec.v1.core.api.k8s.io": { + "description": "PodSpec is a description of a pod.", "type": "object", "required": [ - "key", - "valueExpression" + "containers" ], "properties": { - "key": { - "description": "key is a required field that specifies the string to use as the extra attribute key.\n\nkey must be a domain-prefix path (e.g 'example.org/foo'). key must not exceed 510 characters in length. key must contain the '/' character, separating the domain and path characters. key must not be empty.\n\nThe domain portion of the key (string of characters prior to the '/') must be a valid RFC1123 subdomain. It must not exceed 253 characters in length. It must start and end with an alphanumeric character. It must only contain lower case alphanumeric characters and '-' or '.'. It must not use the reserved domains, or be subdomains of, \"kubernetes.io\", \"k8s.io\", and \"openshift.io\".\n\nThe path portion of the key (string of characters after the '/') must not be empty and must consist of at least one alphanumeric character, percent-encoded octets, '-', '.', '_', '~', '!', '$', '&', ''', '(', ')', '*', '+', ',', ';', '=', and ':'. It must not exceed 256 characters in length.", - "type": "string", - "default": "" + "activeDeadlineSeconds": { + "description": "Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.", + "type": "integer", + "format": "int64" }, - "valueExpression": { - "description": "valueExpression is a required field to specify the CEL expression to extract the extra attribute value from a JWT token's claims. valueExpression must produce a string or string array value. \"\", [], and null are treated as the extra mapping not being present. Empty string values within an array are filtered out.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'. 'claims' is a map of claim names to claim values. For example, the 'sub' claim value can be accessed as 'claims.sub'. Nested claims can be accessed using dot notation ('claims.foo.bar').\n\nvalueExpression must not exceed 1024 characters in length. valueExpression must not be empty.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.config.v1.FeatureGate": { - "description": "Feature holds cluster-wide information about feature gates. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "spec" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "affinity": { + "description": "If specified, the pod's scheduling constraints", + "$ref": "#/definitions/Affinity.v1.core.api.k8s.io" }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGateSpec" + "automountServiceAccountToken": { + "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.", + "type": "boolean" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGateStatus" - } - } - }, - "com.github.openshift.api.config.v1.FeatureGateAttributes": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "description": "name is the name of the FeatureGate.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.config.v1.FeatureGateDetails": { - "type": "object", - "required": [ - "version" - ], - "properties": { - "disabled": { - "description": "disabled is a list of all feature gates that are disabled in the cluster for the named version.", + "containers": { + "description": "List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGateAttributes" - } + "$ref": "#/definitions/Container.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" }, - "enabled": { - "description": "enabled is a list of all feature gates that are enabled in the cluster for the named version.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGateAttributes" - } + "dnsConfig": { + "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.", + "$ref": "#/definitions/PodDNSConfig.v1.core.api.k8s.io" }, - "version": { - "description": "version matches the version provided by the ClusterVersion and in the ClusterOperator.Status.Versions field.", + "dnsPolicy": { + "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.\n\nPossible enum values:\n - `\"ClusterFirst\"` indicates that the pod should use cluster DNS first unless hostNetwork is true, if it is available, then fall back on the default (as determined by kubelet) DNS settings.\n - `\"ClusterFirstWithHostNet\"` indicates that the pod should use cluster DNS first, if it is available, then fall back on the default (as determined by kubelet) DNS settings.\n - `\"Default\"` indicates that the pod should use the default (as determined by kubelet) DNS settings.\n - `\"None\"` indicates that the pod should use empty DNS settings. DNS parameters such as nameservers and search paths should be defined via DNSConfig.", "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.config.v1.FeatureGateList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "metadata", - "items" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGate" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.config.v1.FeatureGateSelection": { - "type": "object", - "properties": { - "customNoUpgrade": { - "description": "customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations your cluster may fail in an unrecoverable way. featureSet must equal \"CustomNoUpgrade\" must be set to use this field.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.CustomFeatureGates" + "enum": [ + "ClusterFirst", + "ClusterFirstWithHostNet", + "Default", + "None" + ] }, - "featureSet": { - "description": "featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting. Turning on or off features may cause irreversible changes in your cluster which cannot be undone.", - "type": "string" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "featureSet", - "fields-to-discriminateBy": { - "customNoUpgrade": "CustomNoUpgrade" - } - } - ] - }, - "com.github.openshift.api.config.v1.FeatureGateSpec": { - "type": "object", - "properties": { - "customNoUpgrade": { - "description": "customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations your cluster may fail in an unrecoverable way. featureSet must equal \"CustomNoUpgrade\" must be set to use this field.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.CustomFeatureGates" + "enableServiceLinks": { + "description": "EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true.", + "type": "boolean" }, - "featureSet": { - "description": "featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting. Turning on or off features may cause irreversible changes in your cluster which cannot be undone.", - "type": "string" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "featureSet", - "fields-to-discriminateBy": { - "customNoUpgrade": "CustomNoUpgrade" - } - } - ] - }, - "com.github.openshift.api.config.v1.FeatureGateStatus": { - "type": "object", - "properties": { - "conditions": { - "description": "conditions represent the observations of the current state. Known .status.conditions.type are: \"DeterminationDegraded\"", + "ephemeralContainers": { + "description": "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "$ref": "#/definitions/EphemeralContainer.v1.core.api.k8s.io" }, "x-kubernetes-list-map-keys": [ - "type" + "name" ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" }, - "featureGates": { - "description": "featureGates contains a list of enabled and disabled featureGates that are keyed by payloadVersion. Operators other than the CVO and cluster-config-operator, must read the .status.featureGates, locate the version they are managing, find the enabled/disabled featuregates and make the operand and operator match. The enabled/disabled values for a particular version may change during the life of the cluster as various .spec.featureSet values are selected. Operators may choose to restart their processes to pick up these changes, but remembering past enable/disable lists is beyond the scope of this API and is the responsibility of individual operators. Only featureGates with .version in the ClusterVersion.status will be present in this list.", + "hostAliases": { + "description": "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGateDetails" + "$ref": "#/definitions/HostAlias.v1.core.api.k8s.io" }, "x-kubernetes-list-map-keys": [ - "version" + "ip" ], - "x-kubernetes-list-type": "map" - } - } - }, - "com.github.openshift.api.config.v1.FeatureGateTests": { - "type": "object", - "required": [ - "featureGate", - "tests" - ], - "properties": { - "featureGate": { - "description": "featureGate is the name of the FeatureGate as it appears in The FeatureGate CR instance.", - "type": "string", - "default": "" + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "ip", + "x-kubernetes-patch-strategy": "merge" }, - "tests": { - "description": "tests contains an item for every TestName", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.TestDetails" - } - } - } - }, - "com.github.openshift.api.config.v1.GCPPlatformSpec": { - "description": "GCPPlatformSpec holds the desired state of the Google Cloud Platform infrastructure provider. This only includes fields that can be modified in the cluster.", - "type": "object" - }, - "com.github.openshift.api.config.v1.GCPPlatformStatus": { - "description": "GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider.", - "type": "object", - "required": [ - "projectID", - "region" - ], - "properties": { - "cloudLoadBalancerConfig": { - "description": "cloudLoadBalancerConfig holds configuration related to DNS and cloud load balancers. It allows configuration of in-cluster DNS as an alternative to the platform default DNS implementation. When using the ClusterHosted DNS type, Load Balancer IP addresses must be provided for the API and internal API load balancers as well as the ingress load balancer.", - "default": { - "dnsType": "PlatformDefault" - }, - "$ref": "#/definitions/com.github.openshift.api.config.v1.CloudLoadBalancerConfig" + "hostIPC": { + "description": "Use the host's ipc namespace. Optional: Default to false.", + "type": "boolean" }, - "projectID": { - "description": "resourceGroupName is the Project ID for new GCP resources created for the cluster.", - "type": "string", - "default": "" + "hostNetwork": { + "description": "Host networking requested for this pod. Use the host's network namespace. When using HostNetwork you should specify ports so the scheduler is aware. When `hostNetwork` is true, specified `hostPort` fields in port definitions must match `containerPort`, and unspecified `hostPort` fields in port definitions are defaulted to match `containerPort`. Default to false.", + "type": "boolean" }, - "region": { - "description": "region holds the region for new GCP resources created for the cluster.", - "type": "string", - "default": "" + "hostPID": { + "description": "Use the host's pid namespace. Optional: Default to false.", + "type": "boolean" }, - "resourceLabels": { - "description": "resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration.", + "hostUsers": { + "description": "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.", + "type": "boolean" + }, + "hostname": { + "description": "Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.", + "type": "string" + }, + "hostnameOverride": { + "description": "HostnameOverride specifies an explicit override for the pod's hostname as perceived by the pod. This field only specifies the pod's hostname and does not affect its DNS records. When this field is set to a non-empty string: - It takes precedence over the values set in `hostname` and `subdomain`. - The Pod's hostname will be set to this value. - `setHostnameAsFQDN` must be nil or set to false. - `hostNetwork` must be set to false.\n\nThis field must be a valid DNS subdomain as defined in RFC 1123 and contain at most 64 characters. Requires the HostnameOverride feature gate to be enabled.", + "type": "string" + }, + "imagePullSecrets": { + "description": "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.GCPResourceLabel" + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" }, "x-kubernetes-list-map-keys": [ - "key" + "name" ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" }, - "resourceTags": { - "description": "resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", + "initContainers": { + "description": "List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.GCPResourceTag" + "$ref": "#/definitions/Container.v1.core.api.k8s.io" }, "x-kubernetes-list-map-keys": [ - "key" + "name" ], - "x-kubernetes-list-type": "map" - } - } - }, - "com.github.openshift.api.config.v1.GCPResourceLabel": { - "description": "GCPResourceLabel is a label to apply to GCP resources created for the cluster.", - "type": "object", - "required": [ - "key", - "value" - ], - "properties": { - "key": { - "description": "key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` and `openshift-io`.", - "type": "string", - "default": "" - }, - "value": { - "description": "value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. Value must contain only lowercase letters, numeric characters, and the following special characters `_-`.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.config.v1.GCPResourceTag": { - "description": "GCPResourceTag is a tag to apply to GCP resources created for the cluster.", - "type": "object", - "required": [ - "parentID", - "key", - "value" - ], - "properties": { - "key": { - "description": "key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`.", - "type": "string", - "default": "" - }, - "parentID": { - "description": "parentID is the ID of the hierarchical resource where the tags are defined, e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.", - "type": "string", - "default": "" - }, - "value": { - "description": "value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.config.v1.GatherConfig": { - "description": "GatherConfig provides data gathering configuration options.", - "type": "object", - "required": [ - "gatherers" - ], - "properties": { - "dataPolicy": { - "description": "dataPolicy is an optional list of DataPolicyOptions that allows user to enable additional obfuscation of the Insights archive data. It may not exceed 2 items and must not contain duplicates. Valid values are ObfuscateNetworking and WorkloadNames. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When set to WorkloadNames, the gathered data about cluster resources will not contain the workload names for your deployments. Resources UIDs will be used instead. When omitted no obfuscation is applied.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "gatherers": { - "description": "gatherers is a required field that specifies the configuration of the gatherers.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Gatherers" - }, - "storage": { - "description": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Storage" - } - } - }, - "com.github.openshift.api.config.v1.GathererConfig": { - "description": "GathererConfig allows to configure specific gatherers", - "type": "object", - "required": [ - "name", - "state" - ], - "properties": { - "name": { - "description": "name is the required name of a specific gatherer. It may not exceed 256 characters. The format for a gatherer name is: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", - "type": "string" - }, - "state": { - "description": "state is a required field that allows you to configure specific gatherer. Valid values are \"Enabled\" and \"Disabled\". When set to Enabled the gatherer will run. When set to Disabled the gatherer will not run.", - "type": "string" - } - } - }, - "com.github.openshift.api.config.v1.Gatherers": { - "description": "Gatherers specifies the configuration of the gatherers", - "type": "object", - "required": [ - "mode" - ], - "properties": { - "custom": { - "description": "custom provides gathering configuration. It is required when mode is Custom, and forbidden otherwise. Custom configuration allows user to disable only a subset of gatherers. Gatherers that are not explicitly disabled in custom configuration will run.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Custom" + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" }, - "mode": { - "description": "mode is a required field that specifies the mode for gatherers. Allowed values are All, None, and Custom. When set to All, all gatherers will run and gather data. When set to None, all gatherers will be disabled and no data will be gathered. When set to Custom, the custom configuration from the custom field will be applied.", + "nodeName": { + "description": "NodeName indicates in which node this pod is scheduled. If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. This field should not be used to express a desire for the pod to be scheduled on a specific node. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename", "type": "string" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "mode", - "fields-to-discriminateBy": { - "custom": "Custom" - } - } - ] - }, - "com.github.openshift.api.config.v1.GenericAPIServerConfig": { - "description": "GenericAPIServerConfig is an inline-able struct for aggregated apiservers that need to store data in etcd", - "type": "object", - "required": [ - "servingInfo", - "corsAllowedOrigins", - "auditConfig", - "storageConfig", - "admission", - "kubeClientConfig" - ], - "properties": { - "admission": { - "description": "admissionConfig holds information about how to configure admission.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AdmissionConfig" - }, - "auditConfig": { - "description": "auditConfig describes how to configure audit information", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AuditConfig" }, - "corsAllowedOrigins": { - "description": "corsAllowedOrigins", - "type": "array", - "items": { + "nodeSelector": { + "description": "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", + "type": "object", + "additionalProperties": { "type": "string", "default": "" - } - }, - "kubeClientConfig": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.KubeClientConfig" - }, - "servingInfo": { - "description": "servingInfo describes how to start serving", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" - }, - "storageConfig": { - "description": "storageConfig contains information about how to use", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.EtcdStorageConfig" - } - } - }, - "com.github.openshift.api.config.v1.GenericControllerConfig": { - "description": "GenericControllerConfig provides information to configure a controller", - "type": "object", - "required": [ - "servingInfo", - "leaderElection", - "authentication", - "authorization" - ], - "properties": { - "authentication": { - "description": "authentication allows configuration of authentication for the endpoints", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.DelegatedAuthentication" - }, - "authorization": { - "description": "authorization allows configuration of authentication for the endpoints", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.DelegatedAuthorization" - }, - "leaderElection": { - "description": "leaderElection provides information to elect a leader. Only override this if you have a specific need", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.LeaderElection" - }, - "servingInfo": { - "description": "servingInfo is the HTTP serving information for the controller's endpoints", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" - } - } - }, - "com.github.openshift.api.config.v1.GitHubIdentityProvider": { - "description": "GitHubIdentityProvider provides identities for users authenticating using GitHub credentials", - "type": "object", - "required": [ - "clientID", - "clientSecret" - ], - "properties": { - "ca": { - "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. This can only be configured when hostname is set to a non-empty value. The namespace for this config map is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" - }, - "clientID": { - "description": "clientID is the oauth client ID", - "type": "string", - "default": "" - }, - "clientSecret": { - "description": "clientSecret is a required reference to the secret by name containing the oauth client secret. The key \"clientSecret\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" - }, - "hostname": { - "description": "hostname is the optional domain (e.g. \"mycompany.com\") for use with a hosted instance of GitHub Enterprise. It must match the GitHub Enterprise settings value configured at /setup/settings#hostname.", - "type": "string", - "default": "" + }, + "x-kubernetes-map-type": "atomic" }, - "organizations": { - "description": "organizations optionally restricts which organizations are allowed to log in", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "os": { + "description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.resources - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.securityContext.supplementalGroupsPolicy - spec.containers[*].securityContext.appArmorProfile - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup", + "$ref": "#/definitions/PodOS.v1.core.api.k8s.io" }, - "teams": { - "description": "teams optionally restricts which teams are allowed to log in. Format is /.", - "type": "array", - "items": { - "type": "string", - "default": "" + "overhead": { + "description": "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" } - } - } - }, - "com.github.openshift.api.config.v1.GitLabIdentityProvider": { - "description": "GitLabIdentityProvider provides identities for users authenticating using GitLab credentials", - "type": "object", - "required": [ - "clientID", - "clientSecret", - "url" - ], - "properties": { - "ca": { - "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" - }, - "clientID": { - "description": "clientID is the oauth client ID", - "type": "string", - "default": "" - }, - "clientSecret": { - "description": "clientSecret is a required reference to the secret by name containing the oauth client secret. The key \"clientSecret\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" - }, - "url": { - "description": "url is the oauth server base URL", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.config.v1.GoogleIdentityProvider": { - "description": "GoogleIdentityProvider provides identities for users authenticating using Google credentials", - "type": "object", - "required": [ - "clientID", - "clientSecret" - ], - "properties": { - "clientID": { - "description": "clientID is the oauth client ID", - "type": "string", - "default": "" }, - "clientSecret": { - "description": "clientSecret is a required reference to the secret by name containing the oauth client secret. The key \"clientSecret\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" - }, - "hostedDomain": { - "description": "hostedDomain is the optional Google App domain (e.g. \"mycompany.com\") to restrict logins to", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.config.v1.HTPasswdIdentityProvider": { - "description": "HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials", - "type": "object", - "required": [ - "fileData" - ], - "properties": { - "fileData": { - "description": "fileData is a required reference to a secret by name containing the data to use as the htpasswd file. The key \"htpasswd\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. If the specified htpasswd data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" - } - } - }, - "com.github.openshift.api.config.v1.HTTPServingInfo": { - "description": "HTTPServingInfo holds configuration for serving HTTP", - "type": "object", - "required": [ - "bindAddress", - "bindNetwork", - "certFile", - "keyFile", - "maxRequestsInFlight", - "requestTimeoutSeconds" - ], - "properties": { - "bindAddress": { - "description": "bindAddress is the ip:port to serve on", + "preemptionPolicy": { + "description": "PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.\n\nPossible enum values:\n - `\"Never\"` means that pod never preempts other pods with lower priority.\n - `\"PreemptLowerPriority\"` means that pod can preempt other pods with lower priority.", "type": "string", - "default": "" + "enum": [ + "Never", + "PreemptLowerPriority" + ] }, - "bindNetwork": { - "description": "bindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", - "type": "string", - "default": "" + "priority": { + "description": "The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.", + "type": "integer", + "format": "int32" }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" + "priorityClassName": { + "description": "If specified, indicates the pod's priority. \"system-node-critical\" and \"system-cluster-critical\" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.", + "type": "string" }, - "cipherSuites": { - "description": "cipherSuites contains an overridden list of ciphers for the server to support. Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants", + "readinessGates": { + "description": "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates", "type": "array", "items": { - "type": "string", - "default": "" - } - }, - "clientCA": { - "description": "clientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates", - "type": "string" - }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - "type": "string", - "default": "" - }, - "maxRequestsInFlight": { - "description": "maxRequestsInFlight is the number of concurrent requests allowed to the server. If zero, no limit.", - "type": "integer", - "format": "int64", - "default": 0 - }, - "minTLSVersion": { - "description": "minTLSVersion is the minimum TLS version supported. Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants", - "type": "string" + "default": {}, + "$ref": "#/definitions/PodReadinessGate.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "namedCertificates": { - "description": "namedCertificates is a list of certificates to use to secure requests to specific hostnames", + "resourceClaims": { + "description": "ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name.\n\nThis is a stable field but requires that the DynamicResourceAllocation feature gate is enabled.\n\nThis field is immutable.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NamedCertificate" - } + "$ref": "#/definitions/PodResourceClaim.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge,retainKeys" }, - "requestTimeoutSeconds": { - "description": "requestTimeoutSeconds is the number of seconds before requests are timed out. The default is 60 minutes, if -1 there is no limit on requests.", - "type": "integer", - "format": "int64", - "default": 0 - } - } - }, - "com.github.openshift.api.config.v1.HubSource": { - "description": "HubSource is used to specify the hub source and its configuration", - "type": "object", - "required": [ - "name", - "disabled" - ], - "properties": { - "disabled": { - "description": "disabled is used to disable a default hub source on cluster", - "type": "boolean", - "default": false + "resources": { + "description": "Resources is the total amount of CPU and Memory resources required by all containers in the pod. It supports specifying Requests and Limits for \"cpu\", \"memory\" and \"hugepages-\" resource names only. ResourceClaims are not supported.\n\nThis field enables fine-grained control over resource allocation for the entire pod, allowing resource sharing among containers in a pod.\n\nThis is an alpha field and requires enabling the PodLevelResources feature gate.", + "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" }, - "name": { - "description": "name is the name of one of the default hub sources", + "restartPolicy": { + "description": "Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy\n\nPossible enum values:\n - `\"Always\"`\n - `\"Never\"`\n - `\"OnFailure\"`", "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.config.v1.HubSourceStatus": { - "description": "HubSourceStatus is used to reflect the current state of applying the configuration to a default source", - "type": "object", - "properties": { - "message": { - "description": "message provides more information regarding failures", + "enum": [ + "Always", + "Never", + "OnFailure" + ] + }, + "runtimeClassName": { + "description": "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class", "type": "string" }, - "status": { - "description": "status indicates success or failure in applying the configuration", + "schedulerName": { + "description": "If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.", "type": "string" - } - } - }, - "com.github.openshift.api.config.v1.IBMCloudPlatformSpec": { - "description": "IBMCloudPlatformSpec holds the desired state of the IBMCloud infrastructure provider. This only includes fields that can be modified in the cluster.", - "type": "object", - "properties": { - "serviceEndpoints": { - "description": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of an IBM service. These endpoints are used by components within the cluster when trying to reach the IBM Cloud Services that have been overridden. The CCCMO reads in the IBMCloudPlatformSpec and validates each endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus are updated to reflect the same custom endpoints. A maximum of 13 service endpoints overrides are supported.", + }, + "schedulingGates": { + "description": "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.IBMCloudServiceEndpoint" + "$ref": "#/definitions/PodSchedulingGate.v1.core.api.k8s.io" }, "x-kubernetes-list-map-keys": [ "name" ], - "x-kubernetes-list-type": "map" - } - } - }, - "com.github.openshift.api.config.v1.IBMCloudPlatformStatus": { - "description": "IBMCloudPlatformStatus holds the current status of the IBMCloud infrastructure provider.", - "type": "object", - "properties": { - "cisInstanceCRN": { - "description": "cisInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain", - "type": "string" + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" }, - "dnsInstanceCRN": { - "description": "dnsInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain", - "type": "string" + "securityContext": { + "description": "SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.", + "$ref": "#/definitions/PodSecurityContext.v1.core.api.k8s.io" }, - "location": { - "description": "location is where the cluster has been deployed", + "serviceAccount": { + "description": "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.", "type": "string" }, - "providerType": { - "description": "providerType indicates the type of cluster that was created", + "serviceAccountName": { + "description": "ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", "type": "string" }, - "resourceGroupName": { - "description": "resourceGroupName is the Resource Group for new IBMCloud resources created for the cluster.", + "setHostnameAsFQDN": { + "description": "If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false.", + "type": "boolean" + }, + "shareProcessNamespace": { + "description": "Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false.", + "type": "boolean" + }, + "subdomain": { + "description": "If specified, the fully qualified Pod hostname will be \"...svc.\". If not specified, the pod will not have a domainname at all.", "type": "string" }, - "serviceEndpoints": { - "description": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of an IBM service. These endpoints are used by components within the cluster when trying to reach the IBM Cloud Services that have been overridden. The CCCMO reads in the IBMCloudPlatformSpec and validates each endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus are updated to reflect the same custom endpoints.", + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.", + "type": "integer", + "format": "int64" + }, + "tolerations": { + "description": "If specified, the pod's tolerations.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.IBMCloudServiceEndpoint" + "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" + }, + "topologySpreadConstraints": { + "description": "TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/TopologySpreadConstraint.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "topologyKey", + "whenUnsatisfiable" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "topologyKey", + "x-kubernetes-patch-strategy": "merge" + }, + "volumes": { + "description": "List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Volume.v1.core.api.k8s.io" }, "x-kubernetes-list-map-keys": [ "name" ], - "x-kubernetes-list-type": "map" - } - } - }, - "com.github.openshift.api.config.v1.IBMCloudServiceEndpoint": { - "description": "IBMCloudServiceEndpoint stores the configuration of a custom url to override existing defaults of IBM Cloud Services.", - "type": "object", - "required": [ - "name", - "url" - ], - "properties": { - "name": { - "description": "name is the name of the IBM Cloud service. Possible values are: CIS, COS, COSConfig, DNSServices, GlobalCatalog, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC. For example, the IBM Cloud Private IAM service could be configured with the service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`", - "type": "string", - "default": "" + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge,retainKeys" }, - "url": { - "description": "url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. The path must follow the pattern /v[0,9]+ or /api/v[0,9]+", - "type": "string", - "default": "" + "workloadRef": { + "description": "WorkloadRef provides a reference to the Workload object that this Pod belongs to. This field is used by the scheduler to identify the PodGroup and apply the correct group scheduling policies. The Workload object referenced by this field may not exist at the time the Pod is created. This field is immutable, but a Workload object with the same name may be recreated with different policies. Doing this during pod scheduling may result in the placement not conforming to the expected policies.", + "$ref": "#/definitions/WorkloadReference.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.IdentityProvider": { - "description": "IdentityProvider provides identities for users authenticating using credentials", + "PodStatus.v1.core.api.k8s.io": { + "description": "PodStatus represents information about the status of a pod. Status may trail the actual state of a system, especially if the node that hosts the pod cannot contact the control plane.", "type": "object", - "required": [ - "name", - "type" - ], "properties": { - "basicAuth": { - "description": "basicAuth contains configuration options for the BasicAuth IdP", - "$ref": "#/definitions/com.github.openshift.api.config.v1.BasicAuthIdentityProvider" + "allocatedResources": { + "description": "AllocatedResources is the total requests allocated for this pod by the node. If pod-level requests are not set, this will be the total requests aggregated across containers in the pod.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + } }, - "github": { - "description": "github enables user authentication using GitHub credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.GitHubIdentityProvider" + "conditions": { + "description": "Current service state of pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/PodCondition.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "gitlab": { - "description": "gitlab enables user authentication using GitLab credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.GitLabIdentityProvider" + "containerStatuses": { + "description": "Statuses of containers in this pod. Each container in the pod should have at most one status in this list, and all statuses should be for containers in the pod. However this is not enforced. If a status for a non-existent container is present in the list, or the list has duplicate names, the behavior of various Kubernetes components is not defined and those statuses might be ignored. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/ContainerStatus.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "google": { - "description": "google enables user authentication using Google credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.GoogleIdentityProvider" + "ephemeralContainerStatuses": { + "description": "Statuses for any ephemeral containers that have run in this pod. Each ephemeral container in the pod should have at most one status in this list, and all statuses should be for containers in the pod. However this is not enforced. If a status for a non-existent container is present in the list, or the list has duplicate names, the behavior of various Kubernetes components is not defined and those statuses might be ignored. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/ContainerStatus.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "htpasswd": { - "description": "htpasswd enables user authentication using an HTPasswd file to validate credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.HTPasswdIdentityProvider" + "extendedResourceClaimStatus": { + "description": "Status of extended resource claim backed by DRA.", + "$ref": "#/definitions/PodExtendedResourceClaimStatus.v1.core.api.k8s.io" }, - "keystone": { - "description": "keystone enables user authentication using keystone password credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.KeystoneIdentityProvider" + "hostIP": { + "description": "hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet. A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will not be updated even if there is a node is assigned to pod", + "type": "string" }, - "ldap": { - "description": "ldap enables user authentication using LDAP credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.LDAPIdentityProvider" + "hostIPs": { + "description": "hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must match the hostIP field. This list is empty if the pod has not started yet. A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will not be updated even if there is a node is assigned to this pod.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/HostIP.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic", + "x-kubernetes-patch-merge-key": "ip", + "x-kubernetes-patch-strategy": "merge" }, - "mappingMethod": { - "description": "mappingMethod determines how identities from this provider are mapped to users Defaults to \"claim\"", - "type": "string" + "initContainerStatuses": { + "description": "Statuses of init containers in this pod. The most recent successful non-restartable init container will have ready = true, the most recently started container will have startTime set. Each init container in the pod should have at most one status in this list, and all statuses should be for containers in the pod. However this is not enforced. If a status for a non-existent container is present in the list, or the list has duplicate names, the behavior of various Kubernetes components is not defined and those statuses might be ignored. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-and-container-status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/ContainerStatus.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "name": { - "description": "name is used to qualify the identities returned by this provider. - It MUST be unique and not shared by any other identity provider used - It MUST be a valid path segment: name cannot equal \".\" or \"..\" or contain \"/\" or \"%\" or \":\"\n Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName", - "type": "string", - "default": "" + "message": { + "description": "A human readable message indicating details about why the pod is in this condition.", + "type": "string" }, - "openID": { - "description": "openID enables user authentication using OpenID credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.OpenIDIdentityProvider" + "nominatedNodeName": { + "description": "nominatedNodeName is set only when this pod preempts other pods on the node, but it cannot be scheduled right away as preemption victims receive their graceful termination periods. This field does not guarantee that the pod will be scheduled on this node. Scheduler may decide to place the pod elsewhere if other nodes become available sooner. Scheduler may also decide to give the resources on this node to a higher priority pod that is created after preemption. As a result, this field may be different than PodSpec.nodeName when the pod is scheduled.", + "type": "string" }, - "requestHeader": { - "description": "requestHeader enables user authentication using request header credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.RequestHeaderIdentityProvider" + "observedGeneration": { + "description": "If set, this represents the .metadata.generation that the pod status was set based upon. The PodObservedGenerationTracking feature gate must be enabled to use this field.", + "type": "integer", + "format": "int64" }, - "type": { - "description": "type identifies the identity provider type for this entry.", + "phase": { + "description": "The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle. The conditions array, the reason and message fields, and the individual container status arrays contain more detail about the pod's status. There are five possible phase values:\n\nPending: The pod has been accepted by the Kubernetes system, but one or more of the container images has not been created. This includes time before being scheduled as well as time spent downloading images over the network, which could take a while. Running: The pod has been bound to a node, and all of the containers have been created. At least one container is still running, or is in the process of starting or restarting. Succeeded: All containers in the pod have terminated in success, and will not be restarted. Failed: All containers in the pod have terminated, and at least one container has terminated in failure. The container either exited with non-zero status or was terminated by the system. Unknown: For some reason the state of the pod could not be obtained, typically due to an error in communicating with the host of the pod.\n\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase\n\nPossible enum values:\n - `\"Failed\"` means that all containers in the pod have terminated, and at least one container has terminated in a failure (exited with a non-zero exit code or was stopped by the system).\n - `\"Pending\"` means the pod has been accepted by the system, but one or more of the containers has not been started. This includes time before being bound to a node, as well as time spent pulling images onto the host.\n - `\"Running\"` means the pod has been bound to a node and all of the containers have been started. At least one container is still running or is in the process of being restarted.\n - `\"Succeeded\"` means that all containers in the pod have voluntarily terminated with a container exit code of 0, and the system is not going to restart any of these containers.\n - `\"Unknown\"` means that for some reason the state of the pod could not be obtained, typically due to an error in communicating with the host of the pod. Deprecated: It isn't being set since 2015 (74da3b14b0c0f658b3bb8d2def5094686d0e9095)", "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.config.v1.IdentityProviderConfig": { - "description": "IdentityProviderConfig contains configuration for using a specific identity provider", - "type": "object", - "required": [ - "type" - ], - "properties": { - "basicAuth": { - "description": "basicAuth contains configuration options for the BasicAuth IdP", - "$ref": "#/definitions/com.github.openshift.api.config.v1.BasicAuthIdentityProvider" - }, - "github": { - "description": "github enables user authentication using GitHub credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.GitHubIdentityProvider" + "enum": [ + "Failed", + "Pending", + "Running", + "Succeeded", + "Unknown" + ] }, - "gitlab": { - "description": "gitlab enables user authentication using GitLab credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.GitLabIdentityProvider" + "podIP": { + "description": "podIP address allocated to the pod. Routable at least within the cluster. Empty if not yet allocated.", + "type": "string" }, - "google": { - "description": "google enables user authentication using Google credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.GoogleIdentityProvider" + "podIPs": { + "description": "podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list is empty if no IPs have been allocated yet.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/PodIP.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "ip" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "ip", + "x-kubernetes-patch-strategy": "merge" }, - "htpasswd": { - "description": "htpasswd enables user authentication using an HTPasswd file to validate credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.HTPasswdIdentityProvider" + "qosClass": { + "description": "The Quality of Service (QOS) classification assigned to the pod based on resource requirements See PodQOSClass type for available QOS classes More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes\n\nPossible enum values:\n - `\"BestEffort\"` is the BestEffort qos class.\n - `\"Burstable\"` is the Burstable qos class.\n - `\"Guaranteed\"` is the Guaranteed qos class.", + "type": "string", + "enum": [ + "BestEffort", + "Burstable", + "Guaranteed" + ] }, - "keystone": { - "description": "keystone enables user authentication using keystone password credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.KeystoneIdentityProvider" + "reason": { + "description": "A brief CamelCase message indicating details about why the pod is in this state. e.g. 'Evicted'", + "type": "string" }, - "ldap": { - "description": "ldap enables user authentication using LDAP credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.LDAPIdentityProvider" + "resize": { + "description": "Status of resources resize desired for pod's containers. It is empty if no resources resize is pending. Any changes to container resources will automatically set this to \"Proposed\" Deprecated: Resize status is moved to two pod conditions PodResizePending and PodResizeInProgress. PodResizePending will track states where the spec has been resized, but the Kubelet has not yet allocated the resources. PodResizeInProgress will track in-progress resizes, and should be present whenever allocated resources != acknowledged resources.", + "type": "string" }, - "openID": { - "description": "openID enables user authentication using OpenID credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.OpenIDIdentityProvider" + "resourceClaimStatuses": { + "description": "Status of resource claims.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/PodResourceClaimStatus.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge,retainKeys" }, - "requestHeader": { - "description": "requestHeader enables user authentication using request header credentials", - "$ref": "#/definitions/com.github.openshift.api.config.v1.RequestHeaderIdentityProvider" + "resources": { + "description": "Resources represents the compute resource requests and limits that have been applied at the pod level if pod-level requests or limits are set in PodSpec.Resources", + "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" }, - "type": { - "description": "type identifies the identity provider type for this entry.", - "type": "string", - "default": "" + "startTime": { + "description": "RFC 3339 date and time at which the object was acknowledged by the Kubelet. This is before the Kubelet pulled the container image(s) for the pod.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1.Image": { - "description": "Image governs policies related to imagestream imports and runtime configuration for external registries. It allows cluster admins to configure which registries OpenShift is allowed to import images from, extra CA trust bundles for external registries, and policies to block or allow registry hostnames. When exposing OpenShift's image registry to the public, this also lets cluster admins specify the external hostname.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "PodStatusResult.v1.core.api.k8s.io": { + "description": "PodStatusResult is a wrapper for PodStatus returned by kubelet that can be encode/decoded", "type": "object", - "required": [ - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -7578,28 +7379,20 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec holds user settable values for configuration", + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageSpec" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", + "description": "Most recently observed status of the pod. This data may not be up to date. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageStatus" + "$ref": "#/definitions/PodStatus.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.ImageContentPolicy": { - "description": "ImageContentPolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "PodTemplate.v1.core.api.k8s.io": { + "description": "PodTemplate describes a template for creating copies of a predefined pod.", "type": "object", - "required": [ - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -7610,22 +7403,21 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "spec": { - "description": "spec holds user settable values for configuration", + "template": { + "description": "Template defines the pods that will be created from this pod template. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageContentPolicySpec" + "$ref": "#/definitions/PodTemplateSpec.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.ImageContentPolicyList": { - "description": "ImageContentPolicyList lists the items in the ImageContentPolicy CRD.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "PodTemplateList.v1.core.api.k8s.io": { + "description": "PodTemplateList is a list of PodTemplates.", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -7634,10 +7426,11 @@ "type": "string" }, "items": { + "description": "List of pod templates", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageContentPolicy" + "$ref": "#/definitions/PodTemplate.v1.core.api.k8s.io" } }, "kind": { @@ -7645,395 +7438,353 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.config.v1.ImageContentPolicySpec": { - "description": "ImageContentPolicySpec is the specification of the ImageContentPolicy CRD.", - "type": "object", - "properties": { - "repositoryDigestMirrors": { - "description": "repositoryDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in RepositoryDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To pull image from mirrors by tags, should set the \"allowMirrorByTags\".\n\nEach “source” repository is treated independently; configurations for different “source” repositories don’t interact.\n\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec.\n\nWhen multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.RepositoryDigestMirrors" - }, - "x-kubernetes-list-map-keys": [ - "source" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1.ImageDigestMirrorSet": { - "description": "ImageDigestMirrorSet holds cluster-wide information about how to handle registry mirror rules on using digest pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "PodTemplateSpec.v1.core.api.k8s.io": { + "description": "PodTemplateSpec describes the data a pod should have when created from a template", "type": "object", - "required": [ - "spec" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageDigestMirrorSetSpec" - }, - "status": { - "description": "status contains the observed state of the resource.", + "description": "Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageDigestMirrorSetStatus" + "$ref": "#/definitions/PodSpec.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.ImageDigestMirrorSetList": { - "description": "ImageDigestMirrorSetList lists the items in the ImageDigestMirrorSet CRD.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "PolicyRule.v1.rbac.api.k8s.io": { + "description": "PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.", "type": "object", "required": [ - "metadata", - "items" + "verbs" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "apiGroups": { + "description": "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. \"\" represents the core API group and \"*\" represents all API groups.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "items": { + "nonResourceURLs": { + "description": "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as \"pods\" or \"secrets\") or non-resource URL paths (such as \"/api\"), but not both.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageDigestMirrorSet" - } + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "resourceNames": { + "description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.config.v1.ImageDigestMirrorSetSpec": { - "description": "ImageDigestMirrorSetSpec is the specification of the ImageDigestMirrorSet CRD.", - "type": "object", - "properties": { - "imageDigestMirrors": { - "description": "imageDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using tag specification, users should configure a list of mirrors using \"ImageTagMirrorSet\" CRD.\n\nIf the image pull specification matches the repository of \"source\" in multiple imagedigestmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the \"source\", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact.\n\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec.\n\nWhen multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a specific order of mirrors, should configure them into one list of mirrors using the expected order.", + "resources": { + "description": "Resources is a list of resources this rule applies to. '*' represents all resources.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageDigestMirrors" + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "verbs": { + "description": "Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.", + "type": "array", + "items": { + "type": "string", + "default": "" }, "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.config.v1.ImageDigestMirrorSetStatus": { - "type": "object" - }, - "com.github.openshift.api.config.v1.ImageDigestMirrors": { - "description": "ImageDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config.", + "PortStatus.v1.core.api.k8s.io": { + "description": "PortStatus represents the error condition of a service port", "type": "object", "required": [ - "source" + "port", + "protocol" ], "properties": { - "mirrorSourcePolicy": { - "description": "mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. If unset, the image will continue to be pulled from the the repository in the pull spec. sourcePolicy is valid configuration only when one or more mirrors are in the mirror list.", + "error": { + "description": "Error is to record the problem with the service port The format of the error shall comply with the following rules: - built-in error values shall be specified in this file and those shall use\n CamelCase names\n- cloud provider specific error values must have names that comply with the\n format foo.example.com/CamelCase.", "type": "string" }, - "mirrors": { - "description": "mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. Images can be pulled from these mirrors only if they are referenced by their digests. The mirrored location is obtained by replacing the part of the input reference that matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo repository to be used. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be pulled from the repository in the pull spec unless explicitly prohibited by \"mirrorSourcePolicy\" Other cluster configuration, including (but not limited to) other imageDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. \"mirrors\" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" + "port": { + "description": "Port is the port number of the service port of which status is recorded here", + "type": "integer", + "format": "int32", + "default": 0 }, - "source": { - "description": "source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. \"source\" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo [*.]host for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", + "protocol": { + "description": "Protocol is the protocol of the service port of which status is recorded here The supported values are: \"TCP\", \"UDP\", \"SCTP\"\n\nPossible enum values:\n - `\"SCTP\"` is the SCTP protocol.\n - `\"TCP\"` is the TCP protocol.\n - `\"UDP\"` is the UDP protocol.", "type": "string", - "default": "" + "default": "", + "enum": [ + "SCTP", + "TCP", + "UDP" + ] } } }, - "com.github.openshift.api.config.v1.ImageLabel": { + "PortworxVolumeSource.v1.core.api.k8s.io": { + "description": "PortworxVolumeSource represents a Portworx volume resource.", "type": "object", "required": [ - "name" + "volumeID" ], "properties": { - "name": { - "description": "name defines the name of the label. It must have non-zero length.", + "fsType": { + "description": "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" + }, + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" + }, + "volumeID": { + "description": "volumeID uniquely identifies a Portworx volume", "type": "string", "default": "" - }, - "value": { - "description": "value defines the literal value of the label.", - "type": "string" } } }, - "com.github.openshift.api.config.v1.ImageList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "Preconditions.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out.", "type": "object", - "required": [ - "metadata", - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "resourceVersion": { + "description": "Specifies the target ResourceVersion", "type": "string" }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Image" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "uid": { + "description": "Specifies the target UID.", "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.config.v1.ImagePolicy": { - "description": "ImagePolicy holds namespace-wide configuration for image signature verification\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "PreferAvoidPodsEntry.v1.core.api.k8s.io": { + "description": "Describes a class of pods that should avoid this node.", "type": "object", "required": [ - "spec" + "podSignature" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "evictionTime": { + "description": "Time at which this entry was added to the list.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "message": { + "description": "Human readable message indicating why this entry was added to the list.", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec holds user settable values for configuration", + "podSignature": { + "description": "The class of pods.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicySpec" + "$ref": "#/definitions/PodSignature.v1.core.api.k8s.io" }, - "status": { - "description": "status contains the observed state of the resource.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicyStatus" + "reason": { + "description": "(brief) reason why this entry was added to the list.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.ImagePolicyFulcioCAWithRekorRootOfTrust": { - "description": "ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key.", + "PreferredSchedulingTerm.v1.core.api.k8s.io": { + "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", "type": "object", "required": [ - "fulcioCAData", - "rekorKeyData", - "fulcioSubject" + "weight", + "preference" ], "properties": { - "fulcioCAData": { - "description": "fulcioCAData is a required field contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters.", - "type": "string", - "format": "byte" - }, - "fulcioSubject": { - "description": "fulcioSubject is a required field specifies OIDC issuer and the email of the Fulcio authentication configuration.", + "preference": { + "description": "A node selector term, associated with the corresponding weight.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyFulcioSubject" + "$ref": "#/definitions/NodeSelectorTerm.v1.core.api.k8s.io" }, - "rekorKeyData": { - "description": "rekorKeyData is a required field contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", - "type": "string", - "format": "byte" + "weight": { + "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "com.github.openshift.api.config.v1.ImagePolicyList": { - "description": "ImagePolicyList is a list of ImagePolicy resources\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "Probe.v1.core.api.k8s.io": { + "description": "Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.", "type": "object", - "required": [ - "metadata", - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "exec": { + "description": "Exec specifies a command to execute in the container.", + "$ref": "#/definitions/ExecAction.v1.core.api.k8s.io" }, - "items": { - "description": "items is a list of ImagePolicies", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicy" - } + "failureThreshold": { + "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", + "type": "integer", + "format": "int32" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "$ref": "#/definitions/GRPCAction.v1.core.api.k8s.io" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.config.v1.ImagePolicyPKIRootOfTrust": { - "description": "ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates.", - "type": "object", - "required": [ - "caRootsData", - "pkiCertificateSubject" - ], - "properties": { - "caIntermediatesData": { - "description": "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set.", - "type": "string", - "format": "byte" + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "$ref": "#/definitions/HTTPGetAction.v1.core.api.k8s.io" }, - "caRootsData": { - "description": "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters.", - "type": "string", - "format": "byte" + "initialDelaySeconds": { + "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" }, - "pkiCertificateSubject": { - "description": "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.PKICertificateSubject" - } - } - }, - "com.github.openshift.api.config.v1.ImagePolicyPublicKeyRootOfTrust": { - "description": "ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key.", - "type": "object", - "required": [ - "keyData" - ], - "properties": { - "keyData": { - "description": "keyData is a required field contains inline base64-encoded data for the PEM format public key. keyData must be at most 8192 characters.", - "type": "string", - "format": "byte" + "periodSeconds": { + "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", + "type": "integer", + "format": "int32" }, - "rekorKeyData": { - "description": "rekorKeyData is an optional field contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", - "type": "string", - "format": "byte" + "successThreshold": { + "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", + "type": "integer", + "format": "int32" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "$ref": "#/definitions/TCPSocketAction.v1.core.api.k8s.io" + }, + "terminationGracePeriodSeconds": { + "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", + "type": "integer", + "format": "int64" + }, + "timeoutSeconds": { + "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "type": "integer", + "format": "int32" } } }, - "com.github.openshift.api.config.v1.ImagePolicySpec": { - "description": "ImagePolicySpec is the specification of the ImagePolicy CRD.", + "ProbeHandler.v1.core.api.k8s.io": { + "description": "ProbeHandler defines a specific action that should be taken in a probe. One and only one of the fields must be specified.", "type": "object", - "required": [ - "scopes", - "policy" - ], "properties": { - "policy": { - "description": "policy is a required field that contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy" + "exec": { + "description": "Exec specifies a command to execute in the container.", + "$ref": "#/definitions/ExecAction.v1.core.api.k8s.io" }, - "scopes": { - "description": "scopes is a required field that defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. This support no more than 256 scopes in one object. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" + "grpc": { + "description": "GRPC specifies a GRPC HealthCheckRequest.", + "$ref": "#/definitions/GRPCAction.v1.core.api.k8s.io" + }, + "httpGet": { + "description": "HTTPGet specifies an HTTP GET request to perform.", + "$ref": "#/definitions/HTTPGetAction.v1.core.api.k8s.io" + }, + "tcpSocket": { + "description": "TCPSocket specifies a connection to a TCP port.", + "$ref": "#/definitions/TCPSocketAction.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.ImagePolicyStatus": { + "ProjectedVolumeSource.v1.core.api.k8s.io": { + "description": "Represents a projected volume source", "type": "object", "properties": { - "conditions": { - "description": "conditions provide details on the status of this API Resource. condition type 'Pending' indicates that the customer resource contains a policy that cannot take effect. It is either overwritten by a global policy or the image scope is not valid.", + "defaultMode": { + "description": "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "type": "integer", + "format": "int32" + }, + "sources": { + "description": "sources is the list of volume projections. Each entry in this list handles one source.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "$ref": "#/definitions/VolumeProjection.v1.core.api.k8s.io" }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy": { - "description": "ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list.", + "Quantity.resource.api.pkg.apimachinery.k8s.io": { + "description": "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n``` ::= \n\n\t(Note that may be empty, from the \"\" case in .)\n\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\n\t(International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\n ::= m | \"\" | k | M | G | T | P | E\n\n\t(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\n ::= \"e\" | \"E\" ```\n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n\n- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.\n\nThe sign will be omitted unless the number is negative.\n\nExamples:\n\n- 1.5 will be serialized as \"1500m\" - 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation.", + "type": "string" + }, + "QuobyteVolumeSource.v1.core.api.k8s.io": { + "description": "Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling.", "type": "object", "required": [ - "rootOfTrust" + "registry", + "volume" ], "properties": { - "rootOfTrust": { - "description": "rootOfTrust is a required field that defines the root of trust for verifying image signatures during retrieval. This allows image consumers to specify policyType and corresponding configuration of the policy, matching how the policy was generated.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyRootOfTrust" + "group": { + "description": "group to map volume access to Default is no group", + "type": "string" }, - "signedIdentity": { - "description": "signedIdentity is an optional field specifies what image identity the signature claims about the image. This is useful when the image identity in the signature differs from the original image spec, such as when mirror registry is configured for the image scope, the signature from the mirror registry contains the image identity of the mirror instead of the original scope. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".", - "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyIdentity" + "readOnly": { + "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.", + "type": "boolean" + }, + "registry": { + "description": "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes", + "type": "string", + "default": "" + }, + "tenant": { + "description": "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin", + "type": "string" + }, + "user": { + "description": "user to map volume access to Defaults to serivceaccount user", + "type": "string" + }, + "volume": { + "description": "volume is a string that references an already created Quobyte volume by name.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.ImageSpec": { + "RBDPersistentVolumeSource.v1.core.api.k8s.io": { + "description": "Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.", "type": "object", + "required": [ + "monitors", + "image" + ], "properties": { - "additionalTrustedCA": { - "description": "additionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted during imagestream import, pod image pull, build image pull, and imageregistry pullthrough. The namespace for this config map is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", + "type": "string" }, - "allowedRegistriesForImport": { - "description": "allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.RegistryLocation" - }, - "x-kubernetes-list-type": "atomic" + "image": { + "description": "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string", + "default": "" }, - "externalRegistryHostnames": { - "description": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", + "keyring": { + "description": "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string", + "default": "/etc/ceph/keyring" + }, + "monitors": { + "description": "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "array", "items": { "type": "string", @@ -8041,27 +7792,50 @@ }, "x-kubernetes-list-type": "atomic" }, - "imageStreamImportMode": { - "description": "imageStreamImportMode controls the import mode behaviour of imagestreams. It can be set to `Legacy` or `PreserveOriginal` or the empty string. If this value is specified, this setting is applied to all newly created imagestreams which do not have the value set. `Legacy` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported. When empty, the behaviour will be decided based on the payload type advertised by the ClusterVersion status, i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal.\n\nPossible enum values:\n - `\"Legacy\"` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. This mode is the default.\n - `\"PreserveOriginal\"` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.", + "pool": { + "description": "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string", - "default": "", - "enum": [ - "Legacy", - "PreserveOriginal" - ] + "default": "rbd" }, - "registrySources": { - "description": "registrySources contains configuration that determines how the container runtime should treat individual registries when accessing images for builds+pods. (e.g. whether or not to allow insecure access). It does not contain configuration for the internal cluster registry.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.RegistrySources" + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" + }, + "user": { + "description": "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string", + "default": "admin" } } }, - "com.github.openshift.api.config.v1.ImageStatus": { + "RBDVolumeSource.v1.core.api.k8s.io": { + "description": "Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.", "type": "object", + "required": [ + "monitors", + "image" + ], "properties": { - "externalRegistryHostnames": { - "description": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", + "fsType": { + "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", + "type": "string" + }, + "image": { + "description": "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string", + "default": "" + }, + "keyring": { + "description": "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string", + "default": "/etc/ceph/keyring" + }, + "monitors": { + "description": "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "array", "items": { "type": "string", @@ -8069,259 +7843,338 @@ }, "x-kubernetes-list-type": "atomic" }, - "imageStreamImportMode": { - "description": "imageStreamImportMode controls the import mode behaviour of imagestreams. It can be `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported. This value will be reconciled based on either the spec value or if no spec value is specified, the image registry operator would look at the ClusterVersion status to determine the payload type and set the import mode accordingly, i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal.\n\nPossible enum values:\n - `\"Legacy\"` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. This mode is the default.\n - `\"PreserveOriginal\"` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.", + "pool": { + "description": "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", "type": "string", - "enum": [ - "Legacy", - "PreserveOriginal" - ] + "default": "rbd" }, - "internalRegistryHostname": { - "description": "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format. This value is set by the image registry operator which controls the internal registry hostname.", - "type": "string" + "readOnly": { + "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "boolean" + }, + "secretRef": { + "description": "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + }, + "user": { + "description": "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "type": "string", + "default": "admin" } } }, - "com.github.openshift.api.config.v1.ImageTagMirrorSet": { - "description": "ImageTagMirrorSet holds cluster-wide information about how to handle registry mirror rules on using tag pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "RangeAllocation.v1.core.api.k8s.io": { + "description": "RangeAllocation is not a public type.", "type": "object", "required": [ - "spec" + "range", + "data" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "data": { + "description": "Data is a bit array containing all allocated addresses in the previous segment.", + "type": "string", + "format": "byte" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec holds user settable values for configuration", + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageTagMirrorSetSpec" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "status": { - "description": "status contains the observed state of the resource.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageTagMirrorSetStatus" + "range": { + "description": "Range is string that identifies the range represented by 'data'.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.ImageTagMirrorSetList": { - "description": "ImageTagMirrorSetList lists the items in the ImageTagMirrorSet CRD.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "RawExtension.runtime.pkg.apimachinery.k8s.io": { + "description": "RawExtension is used to hold extensions in external versions.\n\nTo use this, make a field which has RawExtension as its type in your external, versioned struct, and Object in your internal struct. You also need to register your various plugin types.\n\n// Internal package:\n\n\ttype MyAPIObject struct {\n\t\truntime.TypeMeta `json:\",inline\"`\n\t\tMyPlugin runtime.Object `json:\"myPlugin\"`\n\t}\n\n\ttype PluginA struct {\n\t\tAOption string `json:\"aOption\"`\n\t}\n\n// External package:\n\n\ttype MyAPIObject struct {\n\t\truntime.TypeMeta `json:\",inline\"`\n\t\tMyPlugin runtime.RawExtension `json:\"myPlugin\"`\n\t}\n\n\ttype PluginA struct {\n\t\tAOption string `json:\"aOption\"`\n\t}\n\n// On the wire, the JSON will look something like this:\n\n\t{\n\t\t\"kind\":\"MyAPIObject\",\n\t\t\"apiVersion\":\"v1\",\n\t\t\"myPlugin\": {\n\t\t\t\"kind\":\"PluginA\",\n\t\t\t\"aOption\":\"foo\",\n\t\t},\n\t}\n\nSo what happens? Decode first uses json or yaml to unmarshal the serialized data into your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. The next step is to copy (using pkg/conversion) into the internal struct. The runtime package's DefaultScheme has conversion functions installed which will unpack the JSON stored in RawExtension, turning it into the correct object type, and storing it in the Object. (TODO: In the case where the object is of an unknown type, a runtime.Unknown object will be created and stored.)", + "type": "object" + }, + "ReplicationController.v1.core.api.k8s.io": { + "description": "ReplicationController represents the configuration of a replication controller.", "type": "object", - "required": [ - "metadata", - "items" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageTagMirrorSet" - } - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "If the Labels of a ReplicationController are empty, they are defaulted to be the same as the Pod(s) that the replication controller manages. Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.config.v1.ImageTagMirrorSetSpec": { - "description": "ImageTagMirrorSetSpec is the specification of the ImageTagMirrorSet CRD.", - "type": "object", - "properties": { - "imageTagMirrors": { - "description": "imageTagMirrors allows images referenced by image tags in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageTagMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using digest specification only, users should configure a list of mirrors using \"ImageDigestMirrorSet\" CRD.\n\nIf the image pull specification matches the repository of \"source\" in multiple imagetagmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the \"source\", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact.\n\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec.\n\nWhen multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a deterministic order of mirrors, should configure them into one list of mirrors using the expected order.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageTagMirrors" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "Spec defines the specification of the desired behavior of the replication controller. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "default": {}, + "$ref": "#/definitions/ReplicationControllerSpec.v1.core.api.k8s.io" + }, + "status": { + "description": "Status is the most recently observed status of the replication controller. This data may be out of date by some window of time. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "default": {}, + "$ref": "#/definitions/ReplicationControllerStatus.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.ImageTagMirrorSetStatus": { - "type": "object" - }, - "com.github.openshift.api.config.v1.ImageTagMirrors": { - "description": "ImageTagMirrors holds cluster-wide information about how to handle mirrors in the registries config.", + "ReplicationControllerCondition.v1.core.api.k8s.io": { + "description": "ReplicationControllerCondition describes the state of a replication controller at a certain point.", "type": "object", "required": [ - "source" + "type", + "status" ], "properties": { - "mirrorSourcePolicy": { - "description": "mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. If unset, the image will continue to be pulled from the repository in the pull spec. sourcePolicy is valid configuration only when one or more mirrors are in the mirror list.", + "lastTransitionTime": { + "description": "The last time the condition transitioned from one status to another.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "message": { + "description": "A human readable message indicating details about the transition.", "type": "string" }, - "mirrors": { - "description": "mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. Images can be pulled from these mirrors only if they are referenced by their tags. The mirrored location is obtained by replacing the part of the input reference that matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo repository to be used. Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. Configuring a list of mirrors using \"ImageDigestMirrorSet\" CRD and forcing digest-pulls for mirrors avoids that issue. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be pulled from the repository in the pull spec unless explicitly prohibited by \"mirrorSourcePolicy\". Other cluster configuration, including (but not limited to) other imageTagMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. \"mirrors\" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" + "reason": { + "description": "The reason for the condition's last transition.", + "type": "string" }, - "source": { - "description": "source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. \"source\" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo [*.]host for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", + "status": { + "description": "Status of the condition, one of True, False, Unknown.", + "type": "string", + "default": "" + }, + "type": { + "description": "Type of replication controller condition.", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.Infrastructure": { - "description": "Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "ReplicationControllerList.v1.core.api.k8s.io": { + "description": "ReplicationControllerList is a collection of replication controllers.", "type": "object", "required": [ - "spec" + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "description": "List of replication controllers. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/ReplicationController.v1.core.api.k8s.io" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "ReplicationControllerSpec.v1.core.api.k8s.io": { + "description": "ReplicationControllerSpec is the specification of a replication controller.", + "type": "object", + "properties": { + "minReadySeconds": { + "description": "Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)", + "type": "integer", + "format": "int32", + "default": 0 }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.InfrastructureSpec" + "replicas": { + "description": "Replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller", + "type": "integer", + "format": "int32", + "default": 1 }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.InfrastructureStatus" + "selector": { + "description": "Selector is a label query over pods that should match the Replicas count. If Selector is empty, it is defaulted to the labels present on the Pod template. Label keys and values that must match in order to be controlled by this replication controller, if empty defaulted to labels on Pod template. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + }, + "x-kubernetes-map-type": "atomic" + }, + "template": { + "description": "Template is the object that describes the pod that will be created if insufficient replicas are detected. This takes precedence over a TemplateRef. The only allowed template.spec.restartPolicy value is \"Always\". More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template", + "$ref": "#/definitions/PodTemplateSpec.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.InfrastructureList": { - "description": "InfrastructureList is\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "ReplicationControllerStatus.v1.core.api.k8s.io": { + "description": "ReplicationControllerStatus represents the current status of a replication controller.", "type": "object", "required": [ - "metadata", - "items" + "replicas" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "availableReplicas": { + "description": "The number of available replicas (ready for at least minReadySeconds) for this replication controller.", + "type": "integer", + "format": "int32" }, - "items": { + "conditions": { + "description": "Represents the latest available observations of a replication controller's current state.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Infrastructure" - } + "$ref": "#/definitions/ReplicationControllerCondition.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "fullyLabeledReplicas": { + "description": "The number of pods that have labels matching the labels of the pod template of the replication controller.", + "type": "integer", + "format": "int32" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "observedGeneration": { + "description": "ObservedGeneration reflects the generation of the most recently observed replication controller.", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "The number of ready replicas for this replication controller.", + "type": "integer", + "format": "int32" + }, + "replicas": { + "description": "Replicas is the most recently observed number of replicas. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "com.github.openshift.api.config.v1.InfrastructureSpec": { - "description": "InfrastructureSpec contains settings that apply to the cluster infrastructure.", + "ResourceAttributes.v1.authorization.api.k8s.io": { + "description": "ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface", "type": "object", "properties": { - "cloudConfig": { - "description": "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config.\n\ncloudConfig should only be consumed by the kube_cloud_config controller. The controller is responsible for using the user configuration in the spec for various platforms and combining that with the user provided ConfigMap in this field to create a stitched kube cloud config. The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace with the kube cloud config is stored in `cloud.conf` key. All the clients are expected to use the generated ConfigMap only.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapFileReference" + "fieldSelector": { + "description": "fieldSelector describes the limitation on access based on field. It can only limit access, not broaden it.", + "$ref": "#/definitions/FieldSelectorAttributes.v1.authorization.api.k8s.io" }, - "platformSpec": { - "description": "platformSpec holds desired information specific to the underlying infrastructure provider.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.PlatformSpec" + "group": { + "description": "Group is the API Group of the Resource. \"*\" means all.", + "type": "string" + }, + "labelSelector": { + "description": "labelSelector describes the limitation on access based on labels. It can only limit access, not broaden it.", + "$ref": "#/definitions/LabelSelectorAttributes.v1.authorization.api.k8s.io" + }, + "name": { + "description": "Name is the name of the resource being requested for a \"get\" or deleted for a \"delete\". \"\" (empty) means all.", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces \"\" (empty) is defaulted for LocalSubjectAccessReviews \"\" (empty) is empty for cluster-scoped resources \"\" (empty) means \"all\" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview", + "type": "string" + }, + "resource": { + "description": "Resource is one of the existing resource types. \"*\" means all.", + "type": "string" + }, + "subresource": { + "description": "Subresource is one of the existing resource types. \"\" means none.", + "type": "string" + }, + "verb": { + "description": "Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. \"*\" means all.", + "type": "string" + }, + "version": { + "description": "Version is the API Version of the Resource. \"*\" means all.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.InfrastructureStatus": { - "description": "InfrastructureStatus describes the infrastructure the cluster is leveraging.", + "ResourceClaim.v1.core.api.k8s.io": { + "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", "type": "object", + "required": [ + "name" + ], "properties": { - "apiServerInternalURI": { - "description": "apiServerInternalURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components like kubelets, to contact the Kubernetes API server using the infrastructure provider rather than Kubernetes networking.", - "type": "string", - "default": "" - }, - "apiServerURL": { - "description": "apiServerURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerURL can be used by components like the web console to tell users where to find the Kubernetes API.", + "name": { + "description": "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", "type": "string", "default": "" }, - "controlPlaneTopology": { - "description": "controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster. The 'HighlyAvailableArbiter' mode indicates that the control plane will consist of 2 control-plane nodes that run conventional services and 1 smaller sized arbiter node that runs a bare minimum of services to maintain quorum.", - "type": "string", - "default": "" + "request": { + "description": "Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.", + "type": "string" + } + } + }, + "ResourceFieldSelector.v1.core.api.k8s.io": { + "description": "ResourceFieldSelector represents container resources (cpu, memory) and their output format", + "type": "object", + "required": [ + "resource" + ], + "properties": { + "containerName": { + "description": "Container name: required for volumes, optional for env vars", + "type": "string" }, - "cpuPartitioning": { - "description": "cpuPartitioning expresses if CPU partitioning is a currently enabled feature in the cluster. CPU Partitioning means that this cluster can support partitioning workloads to specific CPU Sets. Valid values are \"None\" and \"AllNodes\". When omitted, the default value is \"None\". The default value of \"None\" indicates that no nodes will be setup with CPU partitioning. The \"AllNodes\" value indicates that all nodes have been setup with CPU partitioning, and can then be further configured via the PerformanceProfile API.", - "type": "string", - "default": "None" + "divisor": { + "description": "Specifies the output format of the exposed resources, defaults to \"1\"", + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" }, - "etcdDiscoveryDomain": { - "description": "etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.", + "resource": { + "description": "Required: resource to select", "type": "string", "default": "" + } + }, + "x-kubernetes-map-type": "atomic" + }, + "ResourceHealth.v1.core.api.k8s.io": { + "description": "ResourceHealth represents the health of a resource. It has the latest device health information. This is a part of KEP https://kep.k8s.io/4680.", + "type": "object", + "required": [ + "resourceID" + ], + "properties": { + "health": { + "description": "Health of the resource. can be one of:\n - Healthy: operates as normal\n - Unhealthy: reported unhealthy. We consider this a temporary health issue\n since we do not have a mechanism today to distinguish\n temporary and permanent issues.\n - Unknown: The status cannot be determined.\n For example, Device Plugin got unregistered and hasn't been re-registered since.\n\nIn future we may want to introduce the PermanentlyUnhealthy Status.", + "type": "string" }, - "infrastructureName": { - "description": "infrastructureName uniquely identifies a cluster with a human friendly name. Once set it should not be changed. Must be of max length 27 and must have only alphanumeric or hyphen characters.", + "resourceID": { + "description": "ResourceID is the unique identifier of the resource. See the ResourceID type for more information.", "type": "string", "default": "" - }, - "infrastructureTopology": { - "description": "infrastructureTopology expresses the expectations for infrastructure services that do not run on control plane nodes, usually indicated by a node selector for a `role` value other than `master`. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation NOTE: External topology mode is not applicable for this field.", - "type": "string" - }, - "platform": { - "description": "platform is the underlying infrastructure provider for the cluster.\n\nDeprecated: Use platformStatus.type instead.", - "type": "string" - }, - "platformStatus": { - "description": "platformStatus holds status information specific to the underlying infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.PlatformStatus" } } }, - "com.github.openshift.api.config.v1.Ingress": { - "description": "Ingress holds cluster-wide information about ingress, including the default ingress domain used for routes. The canonical name is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "ResourceQuota.v1.core.api.k8s.io": { + "description": "ResourceQuota sets aggregate quota restrictions enforced per namespace", "type": "object", - "required": [ - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -8332,27 +8185,26 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { - "description": "spec holds user settable values for configuration", + "description": "Spec defines the desired quota. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.IngressSpec" + "$ref": "#/definitions/ResourceQuotaSpec.v1.core.api.k8s.io" }, "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", + "description": "Status defines the actual enforced quota and its current usage. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.IngressStatus" + "$ref": "#/definitions/ResourceQuotaStatus.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.IngressList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "ResourceQuotaList.v1.core.api.k8s.io": { + "description": "ResourceQuotaList is a list of ResourceQuota items.", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -8361,10 +8213,11 @@ "type": "string" }, "items": { + "description": "Items is a list of ResourceQuota objects. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Ingress" + "$ref": "#/definitions/ResourceQuota.v1.core.api.k8s.io" } }, "kind": { @@ -8372,109 +8225,203 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1.IngressPlatformSpec": { - "description": "IngressPlatformSpec holds the desired state of Ingress specific to the underlying infrastructure provider of the current cluster. Since these are used at spec-level for the underlying cluster, it is supposed that only one of the spec structs is set.", + "ResourceQuotaSpec.v1.core.api.k8s.io": { + "description": "ResourceQuotaSpec defines the desired hard limits to enforce for Quota.", "type": "object", - "required": [ - "type" - ], "properties": { - "aws": { - "description": "aws contains settings specific to the Amazon Web Services infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSIngressSpec" + "hard": { + "description": "hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + } }, - "type": { - "description": "type is the underlying infrastructure provider for the cluster. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"KubeVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", - "type": "string", - "default": "" + "scopeSelector": { + "description": "scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.", + "$ref": "#/definitions/ScopeSelector.v1.core.api.k8s.io" + }, + "scopes": { + "description": "A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects.", + "type": "array", + "items": { + "type": "string", + "default": "", + "enum": [ + "BestEffort", + "CrossNamespacePodAffinity", + "NotBestEffort", + "NotTerminating", + "PriorityClass", + "Terminating", + "VolumeAttributesClass" + ] + }, + "x-kubernetes-list-type": "atomic" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "aws": "AWS" + } + }, + "ResourceQuotaStatus.v1.core.api.k8s.io": { + "description": "ResourceQuotaStatus defines the enforced hard limits and observed use.", + "type": "object", + "properties": { + "hard": { + "description": "Hard is the set of enforced hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + } + }, + "used": { + "description": "Used is the current observed total usage of the resource in the namespace.", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" } } - ] + } }, - "com.github.openshift.api.config.v1.IngressSpec": { + "ResourceRequirements.v1.core.api.k8s.io": { + "description": "ResourceRequirements describes the compute resource requirements.", "type": "object", - "required": [ - "domain" - ], "properties": { - "appsDomain": { - "description": "appsDomain is an optional domain to use instead of the one specified in the domain field when a Route is created without specifying an explicit host. If appsDomain is nonempty, this value is used to generate default host values for Route. Unlike domain, appsDomain may be modified after installation. This assumes a new ingresscontroller has been setup with a wildcard certificate.", - "type": "string" - }, - "componentRoutes": { - "description": "componentRoutes is an optional list of routes that are managed by OpenShift components that a cluster-admin is able to configure the hostname and serving certificate for. The namespace and name of each route in this list should match an existing entry in the status.componentRoutes list.\n\nTo determine the set of configurable Routes, look at namespace and name of entries in the .status.componentRoutes list, where participating operators write the status of configurable routes.", + "claims": { + "description": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis field depends on the DynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ComponentRouteSpec" + "$ref": "#/definitions/ResourceClaim.v1.core.api.k8s.io" }, "x-kubernetes-list-map-keys": [ - "namespace", "name" ], "x-kubernetes-list-type": "map" }, - "domain": { - "description": "domain is used to generate a default host name for a route when the route's host name is empty. The generated host name will follow this pattern: \"..\".\n\nIt is also used as the default wildcard domain suffix for ingress. The default ingresscontroller domain will follow this pattern: \"*.\".\n\nOnce set, changing domain is not currently supported.", - "type": "string", - "default": "" + "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + } }, - "loadBalancer": { - "description": "loadBalancer contains the load balancer details in general which are not only specific to the underlying infrastructure provider of the current cluster and are required for Ingress Controller to work on OpenShift.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.LoadBalancer" + "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + } + } + } + }, + "ResourceRule.v1.authorization.api.k8s.io": { + "description": "ResourceRule is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.", + "type": "object", + "required": [ + "verbs" + ], + "properties": { + "apiGroups": { + "description": "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. \"*\" means all.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "requiredHSTSPolicies": { - "description": "requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created or updated routes matching the domainPattern/s and namespaceSelector/s that are specified in the policy. Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route annotation, and affect route admission.\n\nA candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation: \"haproxy.router.openshift.io/hsts_header\" E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains\n\n- For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector, then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted. Otherwise, the route is rejected. - The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies determines the route's admission status. - If the candidate route doesn't match any requiredHSTSPolicy domainPattern and optional namespaceSelector, then it may use any HSTS Policy annotation.\n\nThe HSTS policy configuration may be changed after routes have already been created. An update to a previously admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration. However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working.\n\nNote that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid.", + "resourceNames": { + "description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. \"*\" means all.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.RequiredHSTSPolicy" - } + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "description": "Resources is a list of resources this rule applies to. \"*\" means all in the specified apiGroups.\n \"*/foo\" represents the subresource 'foo' for all resources in the specified apiGroups.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "verbs": { + "description": "Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. \"*\" means all.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.config.v1.IngressStatus": { + "ResourceStatus.v1.core.api.k8s.io": { + "description": "ResourceStatus represents the status of a single resource allocated to a Pod.", "type": "object", + "required": [ + "name" + ], "properties": { - "componentRoutes": { - "description": "componentRoutes is where participating operators place the current route status for routes whose hostnames and serving certificates can be customized by the cluster-admin.", + "name": { + "description": "Name of the resource. Must be unique within the pod and in case of non-DRA resource, match one of the resources from the pod spec. For DRA resources, the value must be \"claim:/\". When this status is reported about a container, the \"claim_name\" and \"request\" must match one of the claims of this container.", + "type": "string", + "default": "" + }, + "resources": { + "description": "List of unique resources health. Each element in the list contains an unique resource ID and its health. At a minimum, for the lifetime of a Pod, resource ID must uniquely identify the resource allocated to the Pod on the Node. If other Pod on the same Node reports the status with the same resource ID, it must be the same resource they share. See ResourceID type definition for a specific format it has in various use cases.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ComponentRouteStatus" + "$ref": "#/definitions/ResourceHealth.v1.core.api.k8s.io" }, "x-kubernetes-list-map-keys": [ - "namespace", - "name" + "resourceID" ], "x-kubernetes-list-type": "map" + } + } + }, + "Role.v1.rbac.api.k8s.io": { + "description": "Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "defaultPlacement": { - "description": "defaultPlacement is set at installation time to control which nodes will host the ingress router pods by default. The options are control-plane nodes or worker nodes.\n\nThis field works by dictating how the Cluster Ingress Operator will consider unset replicas and nodePlacement fields in IngressController resources when creating the corresponding Deployments.\n\nSee the documentation for the IngressController replicas and nodePlacement fields for more information.\n\nWhen omitted, the default value is Workers", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard object's metadata.", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "rules": { + "description": "Rules holds all the PolicyRules for this Role", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/PolicyRule.v1.rbac.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.config.v1.InsightsDataGather": { - "description": "InsightsDataGather provides data gather configuration options for the Insights Operator.\n\n\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "RoleBinding.v1.rbac.api.k8s.io": { + "description": "RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace.", "type": "object", "required": [ - "spec" + "roleRef" ], "properties": { "apiVersion": { @@ -8486,22 +8433,30 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard object's metadata.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "spec": { - "description": "spec holds user settable values for configuration", + "roleRef": { + "description": "RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.InsightsDataGatherSpec" + "$ref": "#/definitions/RoleRef.v1.rbac.api.k8s.io" + }, + "subjects": { + "description": "Subjects holds references to the objects the role applies to.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Subject.v1.rbac.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.config.v1.InsightsDataGatherList": { - "description": "InsightsDataGatherList is a collection of items Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "RoleBindingList.v1.rbac.api.k8s.io": { + "description": "RoleBindingList is a collection of RoleBindings", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -8510,11 +8465,11 @@ "type": "string" }, "items": { - "description": "items is the required list of InsightsDataGather objects it may not exceed 100 items", + "description": "Items is a list of RoleBindings", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.InsightsDataGather" + "$ref": "#/definitions/RoleBinding.v1.rbac.api.k8s.io" } }, "kind": { @@ -8522,439 +8477,496 @@ "type": "string" }, "metadata": { - "description": "metadata is the required standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.config.v1.InsightsDataGatherSpec": { - "description": "InsightsDataGatherSpec contains the configuration for the data gathering.", - "type": "object", - "required": [ - "gatherConfig" - ], - "properties": { - "gatherConfig": { - "description": "gatherConfig is a required spec attribute that includes all the configuration options related to gathering of the Insights data and its uploading to the ingress.", + "description": "Standard object's metadata.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.GatherConfig" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1.IntermediateTLSProfile": { - "description": "IntermediateTLSProfile is a TLS security profile based on the \"intermediate\" configuration of the Mozilla Server Side TLS configuration guidelines.", - "type": "object" - }, - "com.github.openshift.api.config.v1.KMSConfig": { - "description": "KMSConfig defines the configuration for the KMS instance that will be used with KMSEncryptionProvider encryption", + "RoleList.v1.rbac.api.k8s.io": { + "description": "RoleList is a collection of Roles", "type": "object", "required": [ - "type" + "items" ], "properties": { - "aws": { - "description": "aws defines the key config for using an AWS KMS instance for the encryption. The AWS KMS instance is managed by the user outside the purview of the control plane.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSKMSConfig" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "type": { - "description": "type defines the kind of platform for the KMS provider. Available provider types are AWS only.", - "type": "string", - "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "aws": "AWS" + "items": { + "description": "Items is a list of Roles", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Role.v1.rbac.api.k8s.io" } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard object's metadata.", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } - ] + } }, - "com.github.openshift.api.config.v1.KeystoneIdentityProvider": { - "description": "KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials", + "RoleRef.v1.rbac.api.k8s.io": { + "description": "RoleRef contains information that points to the role being used", "type": "object", "required": [ - "url", - "domainName" + "apiGroup", + "kind", + "name" ], "properties": { - "ca": { - "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" - }, - "domainName": { - "description": "domainName is required for keystone v3", + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced", "type": "string", "default": "" }, - "tlsClientCert": { - "description": "tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key \"tls.crt\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" - }, - "tlsClientKey": { - "description": "tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key \"tls.key\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string", + "default": "" }, - "url": { - "description": "url is the remote URL to connect to", + "name": { + "description": "Name is the name of resource being referenced", "type": "string", "default": "" } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.config.v1.KubeClientConfig": { + "RootPaths.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "RootPaths lists the paths available at root. For example: \"/healthz\", \"/apis\".", "type": "object", "required": [ - "kubeConfig", - "connectionOverrides" + "paths" ], "properties": { - "connectionOverrides": { - "description": "connectionOverrides specifies client overrides for system components to loop back to this master.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClientConnectionOverrides" - }, - "kubeConfig": { - "description": "kubeConfig is a .kubeconfig filename for going to the owning kube-apiserver. Empty uses an in-cluster-config", - "type": "string", - "default": "" + "paths": { + "description": "paths are the paths available at root.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.config.v1.KubevirtPlatformSpec": { - "description": "KubevirtPlatformSpec holds the desired state of the kubevirt infrastructure provider. This only includes fields that can be modified in the cluster.", - "type": "object" - }, - "com.github.openshift.api.config.v1.KubevirtPlatformStatus": { - "description": "KubevirtPlatformStatus holds the current status of the kubevirt infrastructure provider.", + "Rule.v1.admissionregistration.api.k8s.io": { + "description": "Rule is a tuple of APIGroups, APIVersion, and Resources.It is recommended to make sure that all the tuple expansions are valid.", "type": "object", "properties": { - "apiServerInternalIP": { - "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", - "type": "string" + "apiGroups": { + "description": "APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "ingressIP": { - "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.", - "type": "string" + "apiVersions": { + "description": "APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "resources": { + "description": "Resources is a list of resources this rule applies to.\n\nFor example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.\n\nIf wildcard is present, the validation rule will ensure resources do not overlap with each other.\n\nDepending on the enclosing object, subresources might not be allowed. Required.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "scope": { + "description": "scope specifies the scope of this rule. Valid values are \"Cluster\", \"Namespaced\", and \"*\" \"Cluster\" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. \"Namespaced\" means that only namespaced resources will match this rule. \"*\" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is \"*\".\n\n\nPossible enum values:\n - `\"*\"` means that all scopes are included.\n - `\"Cluster\"` means that scope is limited to cluster-scoped objects. Namespace objects are cluster-scoped.\n - `\"Namespaced\"` means that scope is limited to namespaced objects.", + "type": "string", + "enum": [ + "*", + "Cluster", + "Namespaced" + ] } } }, - "com.github.openshift.api.config.v1.LDAPAttributeMapping": { - "description": "LDAPAttributeMapping maps LDAP attributes to OpenShift identity fields", + "RuleWithOperations.v1.admissionregistration.api.k8s.io": { + "description": "RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.", "type": "object", - "required": [ - "id" - ], "properties": { - "email": { - "description": "email is the list of attributes whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", + "apiGroups": { + "description": "APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" }, - "id": { - "description": "id is the list of attributes whose values should be used as the user ID. Required. First non-empty attribute is used. At least one attribute is required. If none of the listed attribute have a value, authentication fails. LDAP standard identity attribute is \"dn\"", + "apiVersions": { + "description": "APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" }, - "name": { - "description": "name is the list of attributes whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity LDAP standard display name attribute is \"cn\"", + "operations": { + "description": "Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.", "type": "array", "items": { "type": "string", - "default": "" - } + "default": "", + "enum": [ + "*", + "CONNECT", + "CREATE", + "DELETE", + "UPDATE" + ] + }, + "x-kubernetes-list-type": "atomic" }, - "preferredUsername": { - "description": "preferredUsername is the list of attributes whose values should be used as the preferred username. LDAP standard login attribute is \"uid\"", + "resources": { + "description": "Resources is a list of resources this rule applies to.\n\nFor example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.\n\nIf wildcard is present, the validation rule will ensure resources do not overlap with each other.\n\nDepending on the enclosing object, subresources might not be allowed. Required.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" + }, + "scope": { + "description": "scope specifies the scope of this rule. Valid values are \"Cluster\", \"Namespaced\", and \"*\" \"Cluster\" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. \"Namespaced\" means that only namespaced resources will match this rule. \"*\" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is \"*\".\n\n\nPossible enum values:\n - `\"*\"` means that all scopes are included.\n - `\"Cluster\"` means that scope is limited to cluster-scoped objects. Namespace objects are cluster-scoped.\n - `\"Namespaced\"` means that scope is limited to namespaced objects.", + "type": "string", + "enum": [ + "*", + "Cluster", + "Namespaced" + ] } } }, - "com.github.openshift.api.config.v1.LDAPIdentityProvider": { - "description": "LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials", + "SELinuxOptions.v1.core.api.k8s.io": { + "description": "SELinuxOptions are the labels to be applied to the container", + "type": "object", + "properties": { + "level": { + "description": "Level is SELinux level label that applies to the container.", + "type": "string" + }, + "role": { + "description": "Role is a SELinux role label that applies to the container.", + "type": "string" + }, + "type": { + "description": "Type is a SELinux type label that applies to the container.", + "type": "string" + }, + "user": { + "description": "User is a SELinux user label that applies to the container.", + "type": "string" + } + } + }, + "ScaleIOPersistentVolumeSource.v1.core.api.k8s.io": { + "description": "ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume", "type": "object", "required": [ - "url", - "insecure", - "attributes" + "gateway", + "system", + "secretRef" ], "properties": { - "attributes": { - "description": "attributes maps LDAP attributes to identities", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.LDAPAttributeMapping" + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\"", + "type": "string", + "default": "xfs" }, - "bindDN": { - "description": "bindDN is an optional DN to bind with during the search phase.", + "gateway": { + "description": "gateway is the host address of the ScaleIO API Gateway.", "type": "string", "default": "" }, - "bindPassword": { - "description": "bindPassword is an optional reference to a secret by name containing a password to bind with during the search phase. The key \"bindPassword\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "protectionDomain": { + "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", + "type": "string" }, - "ca": { - "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" }, - "insecure": { - "description": "insecure, if true, indicates the connection should not use TLS WARNING: Should not be set to `true` with the URL scheme \"ldaps://\" as \"ldaps://\" URLs always\n attempt to connect using TLS, even when `insecure` is set to `true`\nWhen `true`, \"ldap://\" URLS connect insecurely. When `false`, \"ldap://\" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830.", - "type": "boolean", - "default": false + "secretRef": { + "description": "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.", + "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" }, - "url": { - "description": "url is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is: ldap://host:port/basedn?attribute?scope?filter", + "sslEnabled": { + "description": "sslEnabled is the flag to enable/disable SSL communication with Gateway, default false", + "type": "boolean" + }, + "storageMode": { + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.", + "type": "string", + "default": "ThinProvisioned" + }, + "storagePool": { + "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", + "type": "string" + }, + "system": { + "description": "system is the name of the storage system as configured in ScaleIO.", "type": "string", "default": "" + }, + "volumeName": { + "description": "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.LeaderElection": { - "description": "LeaderElection provides information to elect a leader", + "ScaleIOVolumeSource.v1.core.api.k8s.io": { + "description": "ScaleIOVolumeSource represents a persistent ScaleIO volume", "type": "object", "required": [ - "leaseDuration", - "renewDeadline", - "retryPeriod" + "gateway", + "system", + "secretRef" ], "properties": { - "disable": { - "description": "disable allows leader election to be suspended while allowing a fully defaulted \"normal\" startup case.", - "type": "boolean" + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\".", + "type": "string", + "default": "xfs" }, - "leaseDuration": { - "description": "leaseDuration is the duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate. This is only applicable if leader election is enabled.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + "gateway": { + "description": "gateway is the host address of the ScaleIO API Gateway.", + "type": "string", + "default": "" }, - "name": { - "description": "name indicates what name to use for the resource", + "protectionDomain": { + "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", "type": "string" }, - "namespace": { - "description": "namespace indicates which namespace the resource is in", - "type": "string" + "readOnly": { + "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" }, - "renewDeadline": { - "description": "renewDeadline is the interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. This is only applicable if leader election is enabled.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + "secretRef": { + "description": "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" }, - "retryPeriod": { - "description": "retryPeriod is the duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" - } - } - }, - "com.github.openshift.api.config.v1.LoadBalancer": { - "type": "object", - "properties": { - "platform": { - "description": "platform holds configuration specific to the underlying infrastructure provider for the ingress load balancers. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.IngressPlatformSpec" - } - } - }, - "com.github.openshift.api.config.v1.MTUMigration": { - "description": "MTUMigration contains infomation about MTU migration.", - "type": "object", - "properties": { - "machine": { - "description": "machine contains MTU migration configuration for the machine's uplink.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.MTUMigrationValues" + "sslEnabled": { + "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", + "type": "boolean" }, - "network": { - "description": "network contains MTU migration configuration for the default network.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.MTUMigrationValues" - } - } - }, - "com.github.openshift.api.config.v1.MTUMigrationValues": { - "description": "MTUMigrationValues contains the values for a MTU migration.", - "type": "object", - "required": [ - "to" - ], - "properties": { - "from": { - "description": "from is the MTU to migrate from.", - "type": "integer", - "format": "int64" + "storageMode": { + "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.", + "type": "string", + "default": "ThinProvisioned" }, - "to": { - "description": "to is the MTU to migrate to.", - "type": "integer", - "format": "int64" + "storagePool": { + "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", + "type": "string" + }, + "system": { + "description": "system is the name of the storage system as configured in ScaleIO.", + "type": "string", + "default": "" + }, + "volumeName": { + "description": "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.MaxAgePolicy": { - "description": "MaxAgePolicy contains a numeric range for specifying a compliant HSTS max-age for the enclosing RequiredHSTSPolicy", + "ScopeSelector.v1.core.api.k8s.io": { + "description": "A scope selector represents the AND of the selectors represented by the scoped-resource selector requirements.", "type": "object", "properties": { - "largestMaxAge": { - "description": "The largest allowed value (in seconds) of the RequiredHSTSPolicy max-age This value can be left unspecified, in which case no upper limit is enforced.", - "type": "integer", - "format": "int32" - }, - "smallestMaxAge": { - "description": "The smallest allowed value (in seconds) of the RequiredHSTSPolicy max-age Setting max-age=0 allows the deletion of an existing HSTS header from a host. This is a necessary tool for administrators to quickly correct mistakes. This value can be left unspecified, in which case no lower limit is enforced.", - "type": "integer", - "format": "int32" + "matchExpressions": { + "description": "A list of scope selector requirements by scope of the resources.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/ScopedResourceSelectorRequirement.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" } - } - }, - "com.github.openshift.api.config.v1.ModernTLSProfile": { - "description": "ModernTLSProfile is a TLS security profile based on the \"modern\" configuration of the Mozilla Server Side TLS configuration guidelines.", - "type": "object" + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.config.v1.NamedCertificate": { - "description": "NamedCertificate specifies a certificate/key, and the names it should be served for", + "ScopedResourceSelectorRequirement.v1.core.api.k8s.io": { + "description": "A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator that relates the scope name and values.", "type": "object", "required": [ - "certFile", - "keyFile" + "scopeName", + "operator" ], "properties": { - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", + "operator": { + "description": "Represents a scope's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist.\n\nPossible enum values:\n - `\"DoesNotExist\"`\n - `\"Exists\"`\n - `\"In\"`\n - `\"NotIn\"`", "type": "string", - "default": "" + "default": "", + "enum": [ + "DoesNotExist", + "Exists", + "In", + "NotIn" + ] }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "scopeName": { + "description": "The name of the scope that the selector applies to.\n\nPossible enum values:\n - `\"BestEffort\"` Match all pod objects that have best effort quality of service\n - `\"CrossNamespacePodAffinity\"` Match all pod objects that have cross-namespace pod (anti)affinity mentioned.\n - `\"NotBestEffort\"` Match all pod objects that do not have best effort quality of service\n - `\"NotTerminating\"` Match all pod objects where spec.activeDeadlineSeconds is nil\n - `\"PriorityClass\"` Match all pod objects that have priority class mentioned\n - `\"Terminating\"` Match all pod objects where spec.activeDeadlineSeconds >=0\n - `\"VolumeAttributesClass\"` Match all pvc objects that have volume attributes class mentioned.", "type": "string", - "default": "" + "default": "", + "enum": [ + "BestEffort", + "CrossNamespacePodAffinity", + "NotBestEffort", + "NotTerminating", + "PriorityClass", + "Terminating", + "VolumeAttributesClass" + ] }, - "names": { - "description": "names is a list of DNS names this certificate should be used to secure A name can be a normal DNS name, or can contain leading wildcard segments.", + "values": { + "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.config.v1.Network": { - "description": "Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. Please view network.spec for an explanation on what applies when configuring this resource.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "SeccompProfile.v1.core.api.k8s.io": { + "description": "SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.", "type": "object", "required": [ - "spec" + "type" ], + "properties": { + "localhostProfile": { + "description": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is \"Localhost\". Must NOT be set for any other type.", + "type": "string" + }, + "type": { + "description": "type indicates which kind of seccomp profile will be applied. Valid options are:\n\nLocalhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.\n\nPossible enum values:\n - `\"Localhost\"` indicates a profile defined in a file on the node should be used. The file's location relative to /seccomp.\n - `\"RuntimeDefault\"` represents the default container runtime seccomp profile.\n - `\"Unconfined\"` indicates no seccomp profile is applied (A.K.A. unconfined).", + "type": "string", + "default": "", + "enum": [ + "Localhost", + "RuntimeDefault", + "Unconfined" + ] + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "localhostProfile": "LocalhostProfile" + } + } + ] + }, + "Secret.v1.core.api.k8s.io": { + "description": "Secret holds secret data of a certain type. The total bytes of the values in the Data field must be less than MaxSecretSize bytes.", + "type": "object", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "data": { + "description": "Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4", + "type": "object", + "additionalProperties": { + "type": "string", + "format": "byte" + } + }, + "immutable": { + "description": "Immutable, if set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil.", + "type": "boolean" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "spec": { - "description": "spec holds user settable values for configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkSpec" + "stringData": { + "description": "stringData allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkStatus" + "type": { + "description": "Used to facilitate programmatic handling of secret data. More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types", + "type": "string" } } }, - "com.github.openshift.api.config.v1.NetworkDiagnostics": { + "SecretEnvSource.v1.core.api.k8s.io": { + "description": "SecretEnvSource selects a Secret to populate the environment variables with.\n\nThe contents of the target Secret's Data field will represent the key-value pairs as environment variables.", "type": "object", "properties": { - "mode": { - "description": "mode controls the network diagnostics mode\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is All.", + "name": { + "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string", "default": "" - }, - "sourcePlacement": { - "description": "sourcePlacement controls the scheduling of network diagnostics source deployment\n\nSee NetworkDiagnosticsSourcePlacement for more details about default values.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkDiagnosticsSourcePlacement" - }, - "targetPlacement": { - "description": "targetPlacement controls the scheduling of network diagnostics target daemonset\n\nSee NetworkDiagnosticsTargetPlacement for more details about default values.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkDiagnosticsTargetPlacement" - } - } - }, - "com.github.openshift.api.config.v1.NetworkDiagnosticsSourcePlacement": { - "description": "NetworkDiagnosticsSourcePlacement defines node scheduling configuration network diagnostics source components", - "type": "object", - "properties": { - "nodeSelector": { - "description": "nodeSelector is the node selector applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `kubernetes.io/os: linux`.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "tolerations": { - "description": "tolerations is a list of tolerations applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is an empty list.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" - }, - "x-kubernetes-list-type": "atomic" + }, + "optional": { + "description": "Specify whether the Secret must be defined", + "type": "boolean" } } }, - "com.github.openshift.api.config.v1.NetworkDiagnosticsTargetPlacement": { - "description": "NetworkDiagnosticsTargetPlacement defines node scheduling configuration network diagnostics target components", + "SecretKeySelector.v1.core.api.k8s.io": { + "description": "SecretKeySelector selects a key of a Secret.", "type": "object", + "required": [ + "key" + ], "properties": { - "nodeSelector": { - "description": "nodeSelector is the node selector applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `kubernetes.io/os: linux`.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "key": { + "description": "The key of the secret to select from. Must be a valid secret key.", + "type": "string", + "default": "" }, - "tolerations": { - "description": "tolerations is a list of tolerations applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `- operator: \"Exists\"` which means that all taints are tolerated.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" - }, - "x-kubernetes-list-type": "atomic" + "name": { + "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string", + "default": "" + }, + "optional": { + "description": "Specify whether the Secret or its key must be defined", + "type": "boolean" } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.config.v1.NetworkList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "SecretList.v1.core.api.k8s.io": { + "description": "SecretList is a list of Secret.", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -8963,10 +8975,11 @@ "type": "string" }, "items": { + "description": "Items is a list of secret objects. More info: https://kubernetes.io/docs/concepts/configuration/secret", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Network" + "$ref": "#/definitions/Secret.v1.core.api.k8s.io" } }, "kind": { @@ -8974,124 +8987,141 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.config.v1.NetworkMigration": { - "description": "NetworkMigration represents the network migration status.", - "type": "object", - "properties": { - "mtu": { - "description": "mtu is the MTU configuration that is being deployed.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.MTUMigration" - }, - "networkType": { - "description": "networkType is the target plugin that is being deployed. DEPRECATED: network type migration is no longer supported, so this should always be unset.", - "type": "string" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1.NetworkSpec": { - "description": "NetworkSpec is the desired network configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.", + "SecretProjection.v1.core.api.k8s.io": { + "description": "Adapts a secret into a projected volume.\n\nThe contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.", "type": "object", - "required": [ - "clusterNetwork", - "serviceNetwork", - "networkType" - ], "properties": { - "clusterNetwork": { - "description": "IP address pool to use for pod IPs. This field is immutable after installation.", + "items": { + "description": "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterNetworkEntry" + "$ref": "#/definitions/KeyToPath.v1.core.api.k8s.io" }, "x-kubernetes-list-type": "atomic" }, - "externalIP": { - "description": "externalIP defines configuration for controllers that affect Service.ExternalIP. If nil, then ExternalIP is not allowed to be set.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.ExternalIPConfig" - }, - "networkDiagnostics": { - "description": "networkDiagnostics defines network diagnostics configuration.\n\nTakes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. If networkDiagnostics is not specified or is empty, and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true, the network diagnostics feature will be disabled.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkDiagnostics" - }, - "networkType": { - "description": "networkType is the plugin that is to be deployed (e.g. OVNKubernetes). This should match a value that the cluster-network-operator understands, or else no networking will be installed. Currently supported values are: - OVNKubernetes This field is immutable after installation.", + "name": { + "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string", "default": "" }, - "serviceNetwork": { - "description": "IP address pool for services. Currently, we only support a single entry here. This field is immutable after installation.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "serviceNodePortRange": { - "description": "The port range allowed for Services of type NodePort. If not specified, the default of 30000-32767 will be used. Such Services without a NodePort specified will have one automatically allocated from this range. This parameter can be updated after the cluster is installed.", - "type": "string" + "optional": { + "description": "optional field specify whether the Secret or its key must be defined", + "type": "boolean" } } }, - "com.github.openshift.api.config.v1.NetworkStatus": { - "description": "NetworkStatus is the current network configuration.", + "SecretReference.v1.core.api.k8s.io": { + "description": "SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace", "type": "object", "properties": { - "clusterNetwork": { - "description": "IP address pool to use for pod IPs.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterNetworkEntry" - }, - "x-kubernetes-list-type": "atomic" + "name": { + "description": "name is unique within a namespace to reference a secret resource.", + "type": "string" }, - "clusterNetworkMTU": { - "description": "clusterNetworkMTU is the MTU for inter-pod networking.", + "namespace": { + "description": "namespace defines the space within which the secret name must be unique.", + "type": "string" + } + }, + "x-kubernetes-map-type": "atomic" + }, + "SecretVolumeSource.v1.core.api.k8s.io": { + "description": "Adapts a Secret into a volume.\n\nThe contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.", + "type": "object", + "properties": { + "defaultMode": { + "description": "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", "type": "integer", "format": "int32" }, - "conditions": { - "description": "conditions represents the observations of a network.config current state. Known .status.conditions.type are: \"NetworkDiagnosticsAvailable\"", + "items": { + "description": "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "$ref": "#/definitions/KeyToPath.v1.core.api.k8s.io" }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" }, - "migration": { - "description": "migration contains the cluster network migration configuration.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkMigration" + "optional": { + "description": "optional field specify whether the Secret or its keys must be defined", + "type": "boolean" }, - "networkType": { - "description": "networkType is the plugin that is deployed (e.g. OVNKubernetes).", + "secretName": { + "description": "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", "type": "string" + } + } + }, + "SecurityContext.v1.core.api.k8s.io": { + "description": "SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.", + "type": "object", + "properties": { + "allowPrivilegeEscalation": { + "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", + "type": "boolean" }, - "serviceNetwork": { - "description": "IP address pool for services. Currently, we only support a single entry here.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "appArmorProfile": { + "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows.", + "$ref": "#/definitions/AppArmorProfile.v1.core.api.k8s.io" + }, + "capabilities": { + "description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", + "$ref": "#/definitions/Capabilities.v1.core.api.k8s.io" + }, + "privileged": { + "description": "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "procMount": { + "description": "procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.\n\nPossible enum values:\n - `\"Default\"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.\n - `\"Unmasked\"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications.", + "type": "string", + "enum": [ + "Default", + "Unmasked" + ] + }, + "readOnlyRootFilesystem": { + "description": "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", + "type": "boolean" + }, + "runAsGroup": { + "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "type": "integer", + "format": "int64" + }, + "runAsNonRoot": { + "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "boolean" + }, + "runAsUser": { + "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "type": "integer", + "format": "int64" + }, + "seLinuxOptions": { + "description": "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", + "$ref": "#/definitions/SELinuxOptions.v1.core.api.k8s.io" + }, + "seccompProfile": { + "description": "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", + "$ref": "#/definitions/SeccompProfile.v1.core.api.k8s.io" + }, + "windowsOptions": { + "description": "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", + "$ref": "#/definitions/WindowsSecurityContextOptions.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.Node": { - "description": "Node holds cluster-wide information about node specific features.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "SelfSubjectAccessReview.v1.authorization.api.k8s.io": { + "description": "SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a spec.namespace means \"in all namespaces\". Self is a special case, because users should always be able to check whether they can perform an action", "type": "object", "required": [ "spec" @@ -9106,334 +9136,196 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { - "description": "spec holds user settable values for configuration", + "description": "Spec holds information about the request being evaluated. user and groups must be empty", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NodeSpec" + "$ref": "#/definitions/SelfSubjectAccessReviewSpec.v1.authorization.api.k8s.io" }, "status": { - "description": "status holds observed values.", + "description": "Status is filled in by the server and indicates whether the request is allowed or not", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NodeStatus" + "$ref": "#/definitions/SubjectAccessReviewStatus.v1.authorization.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.NodeList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "SelfSubjectAccessReviewSpec.v1.authorization.api.k8s.io": { + "description": "SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set", + "type": "object", + "properties": { + "nonResourceAttributes": { + "description": "NonResourceAttributes describes information for a non-resource access request", + "$ref": "#/definitions/NonResourceAttributes.v1.authorization.api.k8s.io" + }, + "resourceAttributes": { + "description": "ResourceAuthorizationAttributes describes information for a resource access request", + "$ref": "#/definitions/ResourceAttributes.v1.authorization.api.k8s.io" + } + } + }, + "SelfSubjectRulesReview.v1.authorization.api.k8s.io": { + "description": "SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace. The returned list of actions may be incomplete depending on the server's authorization mode, and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to show/hide actions, or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server.", "type": "object", "required": [ - "metadata", - "items" + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Node" - } - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.config.v1.NodeSpec": { - "type": "object", - "properties": { - "cgroupMode": { - "description": "cgroupMode determines the cgroups version on the node", - "type": "string" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "minimumKubeletVersion": { - "description": "minimumKubeletVersion is the lowest version of a kubelet that can join the cluster. Specifically, the apiserver will deny most authorization requests of kubelets that are older than the specified version, only allowing the kubelet to get and update its node object, and perform subjectaccessreviews. This means any kubelet that attempts to join the cluster will not be able to run any assigned workloads, and will eventually be marked as not ready. Its max length is 8, so maximum version allowed is either \"9.999.99\" or \"99.99.99\". Since the kubelet reports the version of the kubernetes release, not Openshift, this field references the underlying kubernetes version this version of Openshift is based off of. In other words: if an admin wishes to ensure no nodes run an older version than Openshift 4.17, then they should set the minimumKubeletVersion to 1.30.0. When comparing versions, the kubelet's version is stripped of any contents outside of major.minor.patch version. Thus, a kubelet with version \"1.0.0-ec.0\" will be compatible with minimumKubeletVersion \"1.0.0\" or earlier.", - "type": "string", - "default": "" - }, - "workerLatencyProfile": { - "description": "workerLatencyProfile determins the how fast the kubelet is updating the status and corresponding reaction of the cluster", - "type": "string" - } - } - }, - "com.github.openshift.api.config.v1.NodeStatus": { - "type": "object", - "properties": { - "conditions": { - "description": "conditions contain the details and the current state of the nodes.config object", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - } - } - }, - "com.github.openshift.api.config.v1.NutanixFailureDomain": { - "description": "NutanixFailureDomain configures failure domain information for the Nutanix platform.", - "type": "object", - "required": [ - "name", - "cluster", - "subnets" - ], - "properties": { - "cluster": { - "description": "cluster is to identify the cluster (the Prism Element under management of the Prism Central), in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", + "spec": { + "description": "Spec holds information about the request being evaluated.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixResourceIdentifier" - }, - "name": { - "description": "name defines the unique name of a failure domain. Name is required and must be at most 64 characters in length. It must consist of only lower case alphanumeric characters and hyphens (-). It must start and end with an alphanumeric character. This value is arbitrary and is used to identify the failure domain within the platform.", - "type": "string", - "default": "" + "$ref": "#/definitions/SelfSubjectRulesReviewSpec.v1.authorization.api.k8s.io" }, - "subnets": { - "description": "subnets holds a list of identifiers (one or more) of the cluster's network subnets If the feature gate NutanixMultiSubnets is enabled, up to 32 subnets may be configured. for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixResourceIdentifier" - }, - "x-kubernetes-list-type": "atomic" + "status": { + "description": "Status is filled in by the server and indicates the set of actions a user can perform.", + "default": {}, + "$ref": "#/definitions/SubjectRulesReviewStatus.v1.authorization.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.NutanixPlatformLoadBalancer": { - "description": "NutanixPlatformLoadBalancer defines the load balancer used by the cluster on Nutanix platform.", - "type": "object", - "properties": { - "type": { - "description": "type defines the type of load balancer used by the cluster on Nutanix platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", - "type": "string", - "default": "OpenShiftManagedDefault" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": {} - } - ] - }, - "com.github.openshift.api.config.v1.NutanixPlatformSpec": { - "description": "NutanixPlatformSpec holds the desired state of the Nutanix infrastructure provider. This only includes fields that can be modified in the cluster.", + "SelfSubjectRulesReviewSpec.v1.authorization.api.k8s.io": { + "description": "SelfSubjectRulesReviewSpec defines the specification for SelfSubjectRulesReview.", "type": "object", - "required": [ - "prismCentral", - "prismElements" - ], "properties": { - "failureDomains": { - "description": "failureDomains configures failure domains information for the Nutanix platform. When set, the failure domains defined here may be used to spread Machines across prism element clusters to improve fault tolerance of the cluster.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixFailureDomain" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "prismCentral": { - "description": "prismCentral holds the endpoint address and port to access the Nutanix Prism Central. When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixPrismEndpoint" - }, - "prismElements": { - "description": "prismElements holds one or more endpoint address and port data to access the Nutanix Prism Elements (clusters) of the Nutanix Prism Central. Currently we only support one Prism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.) used in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.) spread over multiple Prism Elements (clusters) of the Prism Central.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixPrismElementEndpoint" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "namespace": { + "description": "Namespace to evaluate rules for. Required.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.NutanixPlatformStatus": { - "description": "NutanixPlatformStatus holds the current status of the Nutanix infrastructure provider.", + "SerializedReference.v1.core.api.k8s.io": { + "description": "SerializedReference is a reference to serialized object.", "type": "object", - "required": [ - "apiServerInternalIPs", - "ingressIPs" - ], "properties": { - "apiServerInternalIP": { - "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "apiServerInternalIPs": { - "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" - }, - "dnsRecordsType": { - "description": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.\n\nPossible enum values:\n - `\"External\"`\n - `\"Internal\"`", - "type": "string", - "enum": [ - "External", - "Internal" - ] - }, - "ingressIP": { - "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "ingressIPs": { - "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" - }, - "loadBalancer": { - "description": "loadBalancer defines how the load balancer used by the cluster is configured.", - "default": { - "type": "OpenShiftManagedDefault" - }, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixPlatformLoadBalancer" - } - } - }, - "com.github.openshift.api.config.v1.NutanixPrismElementEndpoint": { - "description": "NutanixPrismElementEndpoint holds the name and endpoint data for a Prism Element (cluster)", - "type": "object", - "required": [ - "name", - "endpoint" - ], - "properties": { - "endpoint": { - "description": "endpoint holds the endpoint address and port data of the Prism Element (cluster). When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list.", + "reference": { + "description": "The reference to an object in the system.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixPrismEndpoint" - }, - "name": { - "description": "name is the name of the Prism Element (cluster). This value will correspond with the cluster field configured on other resources (eg Machines, PVCs, etc).", - "type": "string", - "default": "" + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.NutanixPrismEndpoint": { - "description": "NutanixPrismEndpoint holds the endpoint address and port to access the Nutanix Prism Central or Element (cluster)", + "ServerAddressByClientCIDR.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "ServerAddressByClientCIDR helps the client to determine the server address that they should use, depending on the clientCIDR that they match.", "type": "object", "required": [ - "address", - "port" + "clientCIDR", + "serverAddress" ], "properties": { - "address": { - "description": "address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster)", + "clientCIDR": { + "description": "The CIDR with which clients can match their IP to figure out the server address that they should use.", "type": "string", "default": "" }, - "port": { - "description": "port is the port number to access the Nutanix Prism Central or Element (cluster)", - "type": "integer", - "format": "int32", - "default": 0 + "serverAddress": { + "description": "Address of this server, suitable for a client that matches the above CIDR. This can be a hostname, hostname:port, IP or IP:port.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.NutanixResourceIdentifier": { - "description": "NutanixResourceIdentifier holds the identity of a Nutanix PC resource (cluster, image, subnet, etc.)", + "Service.v1.core.api.k8s.io": { + "description": "Service is a named abstraction of software service (for example, mysql) consisting of local port (for example 3306) that the proxy listens on, and the selector that determines which pods will answer requests sent through the proxy.", "type": "object", - "required": [ - "type" - ], "properties": { - "name": { - "description": "name is the resource name in the PC. It cannot be empty if the type is Name.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "type": { - "description": "type is the identifier type to use for this resource.", - "type": "string", - "default": "" - }, - "uuid": { - "description": "uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "Spec defines the behavior of a service. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "default": {}, + "$ref": "#/definitions/ServiceSpec.v1.core.api.k8s.io" + }, + "status": { + "description": "Most recently observed status of the service. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "default": {}, + "$ref": "#/definitions/ServiceStatus.v1.core.api.k8s.io" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "name": "Name", - "uuid": "UUID" - } - } - ] + } }, - "com.github.openshift.api.config.v1.OAuth": { - "description": "OAuth holds cluster-wide information about OAuth. The canonical name is `cluster`. It is used to configure the integrated OAuth server. This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "ServiceAccount.v1.core.api.k8s.io": { + "description": "ServiceAccount binds together: * a name, understood by users, and perhaps by peripheral systems, for an identity * a principal that can be authenticated and authorized * a set of secrets", "type": "object", - "required": [ - "metadata", - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "automountServiceAccountToken": { + "description": "AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. Can be overridden at the pod level.", + "type": "boolean" + }, + "imagePullSecrets": { + "description": "ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec holds user settable values for configuration", + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OAuthSpec" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OAuthStatus" + "secrets": { + "description": "Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use. Pods are only limited to this list if this service account has a \"kubernetes.io/enforce-mountable-secrets\" annotation set to \"true\". The \"kubernetes.io/enforce-mountable-secrets\" annotation is deprecated since v1.32. Prefer separate namespaces to isolate access to mounted secrets. This field should not be used to find auto-generated service account token secrets for use outside of pods. Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. More info: https://kubernetes.io/docs/concepts/configuration/secret", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" } } }, - "com.github.openshift.api.config.v1.OAuthList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "ServiceAccountList.v1.core.api.k8s.io": { + "description": "ServiceAccountList is a list of ServiceAccount objects", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -9442,10 +9334,11 @@ "type": "string" }, "items": { + "description": "List of ServiceAccounts. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OAuth" + "$ref": "#/definitions/ServiceAccount.v1.core.api.k8s.io" } }, "kind": { @@ -9453,434 +9346,579 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1.OAuthRemoteConnectionInfo": { - "description": "OAuthRemoteConnectionInfo holds information necessary for establishing a remote connection", + "ServiceAccountTokenProjection.v1.core.api.k8s.io": { + "description": "ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).", "type": "object", "required": [ - "url" + "path" ], "properties": { - "ca": { - "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" - }, - "tlsClientCert": { - "description": "tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key \"tls.crt\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "audience": { + "description": "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.", + "type": "string" }, - "tlsClientKey": { - "description": "tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key \"tls.key\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "expirationSeconds": { + "description": "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.", + "type": "integer", + "format": "int64" }, - "url": { - "description": "url is the remote URL to connect to", + "path": { + "description": "path is the path relative to the mount point of the file to project the token into.", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.OAuthSpec": { - "description": "OAuthSpec contains desired cluster auth configuration", + "ServiceList.v1.core.api.k8s.io": { + "description": "ServiceList holds a list of services.", "type": "object", "required": [ - "tokenConfig" + "items" ], "properties": { - "identityProviders": { - "description": "identityProviders is an ordered list of ways for a user to identify themselves. When this list is empty, no identities are provisioned for users.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "List of services", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.IdentityProvider" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/Service.v1.core.api.k8s.io" + } }, - "templates": { - "description": "templates allow you to customize pages like the login page.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OAuthTemplates" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "tokenConfig": { - "description": "tokenConfig contains options for authorization and access tokens", + "metadata": { + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenConfig" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1.OAuthStatus": { - "description": "OAuthStatus shows current known state of OAuth server in the cluster", - "type": "object" - }, - "com.github.openshift.api.config.v1.OAuthTemplates": { - "description": "OAuthTemplates allow for customization of pages like the login page", + "ServicePort.v1.core.api.k8s.io": { + "description": "ServicePort contains information on service's port.", "type": "object", + "required": [ + "port" + ], "properties": { - "error": { - "description": "error is the name of a secret that specifies a go template to use to render error pages during the authentication or grant flow. The key \"errors.html\" is used to locate the template data. If specified and the secret or expected key is not found, the default error page is used. If the specified template is not valid, the default error page is used. If unspecified, the default error page is used. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "appProtocol": { + "description": "The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.", + "type": "string" }, - "login": { - "description": "login is the name of a secret that specifies a go template to use to render the login page. The key \"login.html\" is used to locate the template data. If specified and the secret or expected key is not found, the default login page is used. If the specified template is not valid, the default login page is used. If unspecified, the default login page is used. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "name": { + "description": "The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.", + "type": "string" }, - "providerSelection": { - "description": "providerSelection is the name of a secret that specifies a go template to use to render the provider selection page. The key \"providers.html\" is used to locate the template data. If specified and the secret or expected key is not found, the default provider selection page is used. If the specified template is not valid, the default provider selection page is used. If unspecified, the default provider selection page is used. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "nodePort": { + "description": "The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport", + "type": "integer", + "format": "int32" + }, + "port": { + "description": "The port that will be exposed by this service.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "protocol": { + "description": "The IP protocol for this port. Supports \"TCP\", \"UDP\", and \"SCTP\". Default is TCP.\n\nPossible enum values:\n - `\"SCTP\"` is the SCTP protocol.\n - `\"TCP\"` is the TCP protocol.\n - `\"UDP\"` is the UDP protocol.", + "type": "string", + "default": "TCP", + "enum": [ + "SCTP", + "TCP", + "UDP" + ] + }, + "targetPort": { + "description": "Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service", + "$ref": "#/definitions/IntOrString.intstr.util.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1.OIDCClientConfig": { - "description": "OIDCClientConfig configures how platform clients interact with identity providers as an authentication method.", + "ServiceProxyOptions.v1.core.api.k8s.io": { + "description": "ServiceProxyOptions is the query options to a Service's proxy call.", "type": "object", - "required": [ - "componentName", - "componentNamespace", - "clientID" - ], "properties": { - "clientID": { - "description": "clientID is a required field that configures the client identifier, from the identity provider, that the platform component uses for authentication requests made to the identity provider. The identity provider must accept this identifier for platform components to be able to use the identity provider as an authentication mode.\n\nclientID must not be an empty string (\"\").", - "type": "string", - "default": "" - }, - "clientSecret": { - "description": "clientSecret is an optional field that configures the client secret used by the platform component when making authentication requests to the identity provider.\n\nWhen not specified, no client secret will be used when making authentication requests to the identity provider.\n\nWhen specified, clientSecret references a Secret in the 'openshift-config' namespace that contains the client secret in the 'clientSecret' key of the '.data' field.\n\nThe client secret will be used when making authentication requests to the identity provider.\n\nPublic clients do not require a client secret but private clients do require a client secret to work with the identity provider.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" - }, - "componentName": { - "description": "componentName is a required field that specifies the name of the platform component being configured to use the identity provider as an authentication mode.\n\nIt is used in combination with componentNamespace as a unique identifier.\n\ncomponentName must not be an empty string (\"\") and must not exceed 256 characters in length.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "componentNamespace": { - "description": "componentNamespace is a required field that specifies the namespace in which the platform component being configured to use the identity provider as an authentication mode is running.\n\nIt is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "extraScopes": { - "description": "extraScopes is an optional field that configures the extra scopes that should be requested by the platform component when making authentication requests to the identity provider. This is useful if you have configured claim mappings that requires specific scopes to be requested beyond the standard OIDC scopes.\n\nWhen omitted, no additional scopes are requested.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" + "path": { + "description": "Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.OIDCClientReference": { - "description": "OIDCClientReference is a reference to a platform component client configuration.", + "ServiceReference.v1.admissionregistration.api.k8s.io": { + "description": "ServiceReference holds a reference to Service.legacy.k8s.io", "type": "object", "required": [ - "oidcProviderName", - "issuerURL", - "clientID" + "namespace", + "name" ], "properties": { - "clientID": { - "description": "clientID is a required field that specifies the client identifier, from the identity provider, that the platform component is using for authentication requests made to the identity provider.\n\nclientID must not be empty.", + "name": { + "description": "`name` is the name of the service. Required", "type": "string", "default": "" }, - "issuerURL": { - "description": "issuerURL is a required field that specifies the URL of the identity provider that this client is configured to make requests against.\n\nissuerURL must use the 'https' scheme.", + "namespace": { + "description": "`namespace` is the namespace of the service. Required", "type": "string", "default": "" }, - "oidcProviderName": { - "description": "oidcProviderName is a required reference to the 'name' of the identity provider configured in 'oidcProviders' that this client is associated with.\n\noidcProviderName must not be an empty string (\"\").", - "type": "string", - "default": "" + "path": { + "description": "`path` is an optional URL path which will be sent in any request to this service.", + "type": "string" + }, + "port": { + "description": "If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).", + "type": "integer", + "format": "int32" } } }, - "com.github.openshift.api.config.v1.OIDCClientStatus": { - "description": "OIDCClientStatus represents the current state of platform components and how they interact with the configured identity providers.", + "ServiceSpec.v1.core.api.k8s.io": { + "description": "ServiceSpec describes the attributes that a user creates on a service.", "type": "object", - "required": [ - "componentName", - "componentNamespace" - ], "properties": { - "componentName": { - "description": "componentName is a required field that specifies the name of the platform component using the identity provider as an authentication mode. It is used in combination with componentNamespace as a unique identifier.\n\ncomponentName must not be an empty string (\"\") and must not exceed 256 characters in length.", + "allocateLoadBalancerNodePorts": { + "description": "allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is \"true\". It may be set to \"false\" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type.", + "type": "boolean" + }, + "clusterIP": { + "description": "clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", + "type": "string" + }, + "clusterIPs": { + "description": "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value.\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "externalIPs": { + "description": "externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "externalName": { + "description": "externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be \"ExternalName\".", + "type": "string" + }, + "externalTrafficPolicy": { + "description": "externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's \"externally-facing\" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to \"Local\", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get \"Cluster\" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.\n\nPossible enum values:\n - `\"Cluster\"` routes traffic to all endpoints.\n - `\"Local\"` preserves the source IP of the traffic by routing only to endpoints on the same node as the traffic was received on (dropping the traffic if there are no local endpoints).", "type": "string", - "default": "" + "enum": [ + "Cluster", + "Local" + ] }, - "componentNamespace": { - "description": "componentNamespace is a required field that specifies the namespace in which the platform component using the identity provider as an authentication mode is running.\n\nIt is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", + "healthCheckNodePort": { + "description": "healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set.", + "type": "integer", + "format": "int32" + }, + "internalTrafficPolicy": { + "description": "InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to \"Local\", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).\n\nPossible enum values:\n - `\"Cluster\"` routes traffic to all endpoints.\n - `\"Local\"` routes traffic only to endpoints on the same node as the client pod (dropping the traffic if there are no local endpoints).", "type": "string", - "default": "" + "enum": [ + "Cluster", + "Local" + ] }, - "conditions": { - "description": "conditions are used to communicate the state of the `oidcClients` entry.\n\nSupported conditions include Available, Degraded and Progressing.\n\nIf Available is true, the component is successfully using the configured client. If Degraded is true, that means something has gone wrong trying to handle the client configuration. If Progressing is true, that means the component is taking some action related to the `oidcClients` entry.", + "ipFamilies": { + "description": "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName.\n\nThis field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "type": "string", + "default": "", + "enum": [ + "", + "IPv4", + "IPv6" + ] }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" }, - "consumingUsers": { - "description": "consumingUsers is an optional list of ServiceAccounts requiring read permissions on the `clientSecret` secret.\n\nconsumingUsers must not exceed 5 entries.", + "ipFamilyPolicy": { + "description": "IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be \"SingleStack\" (a single IP family), \"PreferDualStack\" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or \"RequireDualStack\" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName.\n\nPossible enum values:\n - `\"PreferDualStack\"` indicates that this service prefers dual-stack when the cluster is configured for dual-stack. If the cluster is not configured for dual-stack the service will be assigned a single IPFamily. If the IPFamily is not set in service.spec.ipFamilies then the service will be assigned the default IPFamily configured on the cluster\n - `\"RequireDualStack\"` indicates that this service requires dual-stack. Using IPFamilyPolicyRequireDualStack on a single stack cluster will result in validation errors. The IPFamilies (and their order) assigned to this service is based on service.spec.ipFamilies. If service.spec.ipFamilies was not provided then it will be assigned according to how they are configured on the cluster. If service.spec.ipFamilies has only one entry then the alternative IPFamily will be added by apiserver\n - `\"SingleStack\"` indicates that this service is required to have a single IPFamily. The IPFamily assigned is based on the default IPFamily used by the cluster or as identified by service.spec.ipFamilies field", + "type": "string", + "enum": [ + "PreferDualStack", + "RequireDualStack", + "SingleStack" + ] + }, + "loadBalancerClass": { + "description": "loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. \"internal-vip\" or \"example.com/internal-vip\". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.", + "type": "string" + }, + "loadBalancerIP": { + "description": "Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations. Using it is non-portable and it may not support dual-stack. Users are encouraged to use implementation-specific annotations when available.", + "type": "string" + }, + "loadBalancerSourceRanges": { + "description": "If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature.\" More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/", "type": "array", "items": { "type": "string", "default": "" }, - "x-kubernetes-list-type": "set" + "x-kubernetes-list-type": "atomic" }, - "currentOIDCClients": { - "description": "currentOIDCClients is an optional list of clients that the component is currently using.\n\nEntries must have unique issuerURL/clientID pairs.", + "ports": { + "description": "The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OIDCClientReference" + "$ref": "#/definitions/ServicePort.v1.core.api.k8s.io" }, "x-kubernetes-list-map-keys": [ - "issuerURL", - "clientID" + "port", + "protocol" ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "port", + "x-kubernetes-patch-strategy": "merge" + }, + "publishNotReadyAddresses": { + "description": "publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered \"ready\" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior.", + "type": "boolean" + }, + "selector": { + "description": "Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + }, + "x-kubernetes-map-type": "atomic" + }, + "sessionAffinity": { + "description": "Supports \"ClientIP\" and \"None\". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies\n\nPossible enum values:\n - `\"ClientIP\"` is the Client IP based.\n - `\"None\"` - no session affinity.", + "type": "string", + "enum": [ + "ClientIP", + "None" + ] + }, + "sessionAffinityConfig": { + "description": "sessionAffinityConfig contains the configurations of session affinity.", + "$ref": "#/definitions/SessionAffinityConfig.v1.core.api.k8s.io" + }, + "trafficDistribution": { + "description": "TrafficDistribution offers a way to express preferences for how traffic is distributed to Service endpoints. Implementations can use this field as a hint, but are not required to guarantee strict adherence. If the field is not set, the implementation will apply its default routing strategy. If set to \"PreferClose\", implementations should prioritize endpoints that are in the same zone.", + "type": "string" + }, + "type": { + "description": "type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. \"ClusterIP\" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is \"None\", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. \"NodePort\" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. \"LoadBalancer\" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. \"ExternalName\" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types\n\nPossible enum values:\n - `\"ClusterIP\"` means a service will only be accessible inside the cluster, via the cluster IP.\n - `\"ExternalName\"` means a service consists of only a reference to an external name that kubedns or equivalent will return as a CNAME record, with no exposing or proxying of any pods involved.\n - `\"LoadBalancer\"` means a service will be exposed via an external load balancer (if the cloud provider supports it), in addition to 'NodePort' type.\n - `\"NodePort\"` means a service will be exposed on one port of every node, in addition to 'ClusterIP' type.", + "type": "string", + "enum": [ + "ClusterIP", + "ExternalName", + "LoadBalancer", + "NodePort" + ] } } }, - "com.github.openshift.api.config.v1.OIDCProvider": { + "ServiceStatus.v1.core.api.k8s.io": { + "description": "ServiceStatus represents the current status of a service.", "type": "object", - "required": [ - "name", - "issuer", - "claimMappings" - ], "properties": { - "claimMappings": { - "description": "claimMappings is a required field that configures the rules to be used by the Kubernetes API server for translating claims in a JWT token, issued by the identity provider, to a cluster identity.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenClaimMappings" - }, - "claimValidationRules": { - "description": "claimValidationRules is an optional field that configures the rules to be used by the Kubernetes API server for validating the claims in a JWT token issued by the identity provider.\n\nValidation rules are joined via an AND operation.", + "conditions": { + "description": "Current service state", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenClaimValidationRule" + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "issuer": { - "description": "issuer is a required field that configures how the platform interacts with the identity provider and how tokens issued from the identity provider are evaluated by the Kubernetes API server.", + "loadBalancer": { + "description": "LoadBalancer contains the current status of the load-balancer, if one is present.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenIssuer" + "$ref": "#/definitions/LoadBalancerStatus.v1.core.api.k8s.io" + } + } + }, + "SessionAffinityConfig.v1.core.api.k8s.io": { + "description": "SessionAffinityConfig represents the configurations of session affinity.", + "type": "object", + "properties": { + "clientIP": { + "description": "clientIP contains the configurations of Client IP based session affinity.", + "$ref": "#/definitions/ClientIPConfig.v1.core.api.k8s.io" + } + } + }, + "SleepAction.v1.core.api.k8s.io": { + "description": "SleepAction describes a \"sleep\" action.", + "type": "object", + "required": [ + "seconds" + ], + "properties": { + "seconds": { + "description": "Seconds is the number of seconds to sleep.", + "type": "integer", + "format": "int64", + "default": 0 + } + } + }, + "Status.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "Status is a return value for calls that don't return other objects.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "name": { - "description": "name is a required field that configures the unique human-readable identifier associated with the identity provider. It is used to distinguish between multiple identity providers and has no impact on token validation or authentication mechanics.\n\nname must not be an empty string (\"\").", - "type": "string", - "default": "" + "code": { + "description": "Suggested HTTP return code for this status, 0 if not set.", + "type": "integer", + "format": "int32" }, - "oidcClients": { - "description": "oidcClients is an optional field that configures how on-cluster, platform clients should request tokens from the identity provider. oidcClients must not exceed 20 entries and entries must have unique namespace/name pairs.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OIDCClientConfig" - }, - "x-kubernetes-list-map-keys": [ - "componentNamespace", - "componentName" - ], - "x-kubernetes-list-type": "map" + "details": { + "description": "Extended data associated with the reason. Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type.", + "$ref": "#/definitions/StatusDetails.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "userValidationRules": { - "description": "userValidationRules is an optional field that configures the set of rules used to validate the cluster user identity that was constructed via mapping token claims to user identity attributes. Rules are CEL expressions that must evaluate to 'true' for authentication to succeed. If any rule in the chain of rules evaluates to 'false', authentication will fail. When specified, at least one rule must be specified and no more than 64 rules may be specified.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "message": { + "description": "A human-readable description of the status of this operation.", + "type": "string" + }, + "metadata": { + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "reason": { + "description": "A machine-readable description of why this operation is in the \"Failure\" status. If this value is empty there is no information available. A Reason clarifies an HTTP status code but does not override it.", + "type": "string" + }, + "status": { + "description": "Status of the operation. One of: \"Success\" or \"Failure\". More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "type": "string" + } + } + }, + "StatusCause.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "StatusCause provides more information about an api.Status failure, including cases when multiple errors are encountered.", + "type": "object", + "properties": { + "field": { + "description": "The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional.\n\nExamples:\n \"name\" - the field \"name\" on the current resource\n \"items[0].name\" - the field \"name\" on the first array entry in \"items\"", + "type": "string" + }, + "message": { + "description": "A human-readable description of the cause of the error. This field may be presented as-is to a reader.", + "type": "string" + }, + "reason": { + "description": "A machine-readable description of the cause of the error. If this value is empty there is no information available.", + "type": "string" + } + } + }, + "StatusDetails.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "StatusDetails is a set of additional properties that MAY be set by the server to provide additional information about a response. The Reason field of a Status object defines what attributes will be set. Clients must ignore fields that do not match the defined type of each attribute, and should assume that any attribute may be empty, invalid, or under defined.", + "type": "object", + "properties": { + "causes": { + "description": "The Causes array includes more details associated with the StatusReason failure. Not all StatusReasons may provide detailed causes.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenUserValidationRule" + "$ref": "#/definitions/StatusCause.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "x-kubernetes-list-map-keys": [ - "expression" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" + }, + "group": { + "description": "The group attribute of the resource associated with the status StatusReason.", + "type": "string" + }, + "kind": { + "description": "The kind attribute of the resource associated with the status StatusReason. On some operations may differ from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "name": { + "description": "The name attribute of the resource associated with the status StatusReason (when there is a single name which can be described).", + "type": "string" + }, + "retryAfterSeconds": { + "description": "If specified, the time in seconds before the operation should be retried. Some errors may indicate the client must take an alternate action - for those errors this field may indicate how long to wait before taking the alternate action.", + "type": "integer", + "format": "int32" + }, + "uid": { + "description": "UID of the resource. (when there is a single resource which can be described). More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", + "type": "string" } } }, - "com.github.openshift.api.config.v1.ObjectReference": { - "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "StorageOSPersistentVolumeSource.v1.core.api.k8s.io": { + "description": "Represents a StorageOS persistent volume resource.", "type": "object", - "required": [ - "group", - "resource", - "name" - ], "properties": { - "group": { - "description": "group of the referent.", - "type": "string", - "default": "" + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" }, - "name": { - "description": "name of the referent.", - "type": "string", - "default": "" + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" }, - "namespace": { - "description": "namespace of the referent.", + "secretRef": { + "description": "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.", + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + }, + "volumeName": { + "description": "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.", "type": "string" }, - "resource": { - "description": "resource of the referent.", - "type": "string", - "default": "" + "volumeNamespace": { + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.OldTLSProfile": { - "description": "OldTLSProfile is a TLS security profile based on the \"old\" configuration of the Mozilla Server Side TLS configuration guidelines.", - "type": "object" - }, - "com.github.openshift.api.config.v1.OpenIDClaims": { - "description": "OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider", + "StorageOSVolumeSource.v1.core.api.k8s.io": { + "description": "Represents a StorageOS persistent volume resource.", "type": "object", "properties": { - "email": { - "description": "email is the list of claims whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "fsType": { + "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "type": "string" }, - "groups": { - "description": "groups is the list of claims value of which should be used to synchronize groups from the OIDC provider to OpenShift for the user. If multiple claims are specified, the first one with a non-empty value is used.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "readOnly": { + "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", + "type": "boolean" }, - "name": { - "description": "name is the list of claims whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "secretRef": { + "description": "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" }, - "preferredUsername": { - "description": "preferredUsername is the list of claims whose values should be used as the preferred username. If unspecified, the preferred username is determined from the value of the sub claim", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "volumeName": { + "description": "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.", + "type": "string" + }, + "volumeNamespace": { + "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.OpenIDIdentityProvider": { - "description": "OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials", + "Subject.v1.rbac.api.k8s.io": { + "description": "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names.", "type": "object", "required": [ - "clientID", - "clientSecret", - "issuer", - "claims" + "kind", + "name" ], "properties": { - "ca": { - "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" - }, - "claims": { - "description": "claims mappings", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OpenIDClaims" + "apiGroup": { + "description": "APIGroup holds the API group of the referenced subject. Defaults to \"\" for ServiceAccount subjects. Defaults to \"rbac.authorization.k8s.io\" for User and Group subjects.", + "type": "string" }, - "clientID": { - "description": "clientID is the oauth client ID", + "kind": { + "description": "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\". If the Authorizer does not recognized the kind value, the Authorizer should report an error.", "type": "string", "default": "" }, - "clientSecret": { - "description": "clientSecret is a required reference to the secret by name containing the oauth client secret. The key \"clientSecret\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" - }, - "extraAuthorizeParameters": { - "description": "extraAuthorizeParameters are any custom parameters to add to the authorize request.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "extraScopes": { - "description": "extraScopes are any scopes to request in addition to the standard \"openid\" scope.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "issuer": { - "description": "issuer is the URL that the OpenID Provider asserts as its Issuer Identifier. It must use the https scheme with no query or fragment component.", + "name": { + "description": "Name of the object being referenced.", "type": "string", "default": "" + }, + "namespace": { + "description": "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty the Authorizer should report an error.", + "type": "string" } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.config.v1.OpenStackPlatformLoadBalancer": { - "description": "OpenStackPlatformLoadBalancer defines the load balancer used by the cluster on OpenStack platform.", + "SubjectAccessReview.v1.authorization.api.k8s.io": { + "description": "SubjectAccessReview checks whether or not a user or group can perform an action.", "type": "object", + "required": [ + "spec" + ], "properties": { - "type": { - "description": "type defines the type of load balancer used by the cluster on OpenStack platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", - "type": "string", - "default": "OpenShiftManagedDefault" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": {} + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "Spec holds information about the request being evaluated", + "default": {}, + "$ref": "#/definitions/SubjectAccessReviewSpec.v1.authorization.api.k8s.io" + }, + "status": { + "description": "Status is filled in by the server and indicates whether the request is allowed or not", + "default": {}, + "$ref": "#/definitions/SubjectAccessReviewStatus.v1.authorization.api.k8s.io" } - ] + } }, - "com.github.openshift.api.config.v1.OpenStackPlatformSpec": { - "description": "OpenStackPlatformSpec holds the desired state of the OpenStack infrastructure provider. This only includes fields that can be modified in the cluster.", + "SubjectAccessReviewSpec.v1.authorization.api.k8s.io": { + "description": "SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set", "type": "object", "properties": { - "apiServerInternalIPs": { - "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "extra": { + "description": "Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer it needs a reflection here.", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string", + "default": "" + } + } }, - "ingressIPs": { - "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", + "groups": { + "description": "Groups is the groups you're testing for.", "type": "array", "items": { "type": "string", @@ -9888,728 +9926,754 @@ }, "x-kubernetes-list-type": "atomic" }, - "machineNetworks": { - "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example \"10.0.0.0/8\" or \"fd00::/8\".", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "nonResourceAttributes": { + "description": "NonResourceAttributes describes information for a non-resource access request", + "$ref": "#/definitions/NonResourceAttributes.v1.authorization.api.k8s.io" + }, + "resourceAttributes": { + "description": "ResourceAuthorizationAttributes describes information for a resource access request", + "$ref": "#/definitions/ResourceAttributes.v1.authorization.api.k8s.io" + }, + "uid": { + "description": "UID information about the requesting user.", + "type": "string" + }, + "user": { + "description": "User is the user you're testing for. If you specify \"User\" but not \"Groups\", then is it interpreted as \"What if User were not a member of any groups", + "type": "string" } } }, - "com.github.openshift.api.config.v1.OpenStackPlatformStatus": { - "description": "OpenStackPlatformStatus holds the current status of the OpenStack infrastructure provider.", + "SubjectAccessReviewStatus.v1.authorization.api.k8s.io": { + "description": "SubjectAccessReviewStatus", "type": "object", "required": [ - "apiServerInternalIPs", - "ingressIPs" + "allowed" ], "properties": { - "apiServerInternalIP": { - "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", - "type": "string" + "allowed": { + "description": "Allowed is required. True if the action would be allowed, false otherwise.", + "type": "boolean", + "default": false }, - "apiServerInternalIPs": { - "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "denied": { + "description": "Denied is optional. True if the action would be denied, otherwise false. If both allowed is false and denied is false, then the authorizer has no opinion on whether to authorize the action. Denied may not be true if Allowed is true.", + "type": "boolean" }, - "cloudName": { - "description": "cloudName is the name of the desired OpenStack cloud in the client configuration file (`clouds.yaml`).", + "evaluationError": { + "description": "EvaluationError is an indication that some error occurred during the authorization check. It is entirely possible to get an error and be able to continue determine authorization status in spite of it. For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.", "type": "string" }, - "dnsRecordsType": { - "description": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.\n\nPossible enum values:\n - `\"External\"`\n - `\"Internal\"`", - "type": "string", - "enum": [ - "External", - "Internal" - ] - }, - "ingressIP": { - "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", + "reason": { + "description": "Reason is optional. It indicates why a request was allowed or denied.", + "type": "string" + } + } + }, + "SubjectRulesReviewStatus.v1.authorization.api.k8s.io": { + "description": "SubjectRulesReviewStatus contains the result of a rules check. This check can be incomplete depending on the set of authorizers the server is configured with and any errors experienced during evaluation. Because authorization rules are additive, if a rule appears in a list it's safe to assume the subject has that permission, even if that list is incomplete.", + "type": "object", + "required": [ + "resourceRules", + "nonResourceRules", + "incomplete" + ], + "properties": { + "evaluationError": { + "description": "EvaluationError can appear in combination with Rules. It indicates an error occurred during rule evaluation, such as an authorizer that doesn't support rule evaluation, and that ResourceRules and/or NonResourceRules may be incomplete.", "type": "string" }, - "ingressIPs": { - "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", + "incomplete": { + "description": "Incomplete is true when the rules returned by this call are incomplete. This is most commonly encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation.", + "type": "boolean", + "default": false + }, + "nonResourceRules": { + "description": "NonResourceRules is the list of actions the subject is allowed to perform on non-resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/NonResourceRule.v1.authorization.api.k8s.io" }, "x-kubernetes-list-type": "atomic" }, - "loadBalancer": { - "description": "loadBalancer defines how the load balancer used by the cluster is configured.", - "default": { - "type": "OpenShiftManagedDefault" - }, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OpenStackPlatformLoadBalancer" - }, - "machineNetworks": { - "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", + "resourceRules": { + "description": "ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/ResourceRule.v1.authorization.api.k8s.io" }, "x-kubernetes-list-type": "atomic" - }, - "nodeDNSIP": { - "description": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", - "type": "string" } } }, - "com.github.openshift.api.config.v1.OperandVersion": { + "Sysctl.v1.core.api.k8s.io": { + "description": "Sysctl defines a kernel parameter to be set", "type": "object", "required": [ "name", - "version" + "value" ], "properties": { "name": { - "description": "name is the name of the particular operand this version is for. It usually matches container images, not operators.", + "description": "Name of a property to set", "type": "string", "default": "" }, - "version": { - "description": "version indicates which version of a particular operand is currently being managed. It must always match the Available operand. If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout 1.1.0", + "value": { + "description": "Value of a property to set", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.OperatorHub": { - "description": "OperatorHub is the Schema for the operatorhubs API. It can be used to change the state of the default hub sources for OperatorHub on the cluster from enabled to disabled and vice versa.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "TCPSocketAction.v1.core.api.k8s.io": { + "description": "TCPSocketAction describes an action based on opening a socket", "type": "object", "required": [ - "metadata", - "spec", - "status" + "port" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "host": { + "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OperatorHubSpec" - }, - "status": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OperatorHubStatus" + "port": { + "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", + "$ref": "#/definitions/IntOrString.intstr.util.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1.OperatorHubList": { - "description": "OperatorHubList contains a list of OperatorHub\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "Table.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "Table is a tabular representation of a set of API resources. The server transforms the object into a set of preferred columns for quickly reviewing the objects.", "type": "object", "required": [ - "metadata", - "items" + "columnDefinitions", + "rows" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { + "columnDefinitions": { + "description": "columnDefinitions describes each column in the returned items array. The number of cells per row will always match the number of column definitions.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OperatorHub" - } + "$ref": "#/definitions/TableColumnDefinition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.config.v1.OperatorHubSpec": { - "description": "OperatorHubSpec defines the desired state of OperatorHub", - "type": "object", - "properties": { - "disableAllDefaultSources": { - "description": "disableAllDefaultSources allows you to disable all the default hub sources. If this is true, a specific entry in sources can be used to enable a default source. If this is false, a specific entry in sources can be used to disable or enable a default source.", - "type": "boolean" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "sources": { - "description": "sources is the list of default hub sources and their configuration. If the list is empty, it implies that the default hub sources are enabled on the cluster unless disableAllDefaultSources is true. If disableAllDefaultSources is true and sources is not empty, the configuration present in sources will take precedence. The list of default hub sources and their current state will always be reflected in the status block.", + "rows": { + "description": "rows is the list of items in the table.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.HubSource" - } + "$ref": "#/definitions/TableRow.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.config.v1.OperatorHubStatus": { - "description": "OperatorHubStatus defines the observed state of OperatorHub. The current state of the default hub sources will always be reflected here.", + "TableColumnDefinition.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "TableColumnDefinition contains information about a column returned in the Table.", "type": "object", + "required": [ + "name", + "type", + "format", + "description", + "priority" + ], "properties": { - "sources": { - "description": "sources encapsulates the result of applying the configuration for each hub source", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.HubSourceStatus" - } + "description": { + "description": "description is a human readable description of this column.", + "type": "string", + "default": "" + }, + "format": { + "description": "format is an optional OpenAPI type modifier for this column. A format modifies the type and imposes additional rules, like date or time formatting for a string. The 'name' format is applied to the primary identifier column which has type 'string' to assist in clients identifying column is the resource name. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more.", + "type": "string", + "default": "" + }, + "name": { + "description": "name is a human readable name for the column.", + "type": "string", + "default": "" + }, + "priority": { + "description": "priority is an integer defining the relative importance of this column compared to others. Lower numbers are considered higher priority. Columns that may be omitted in limited space scenarios should be given a higher priority.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "type": { + "description": "type is an OpenAPI type definition for this column, such as number, integer, string, or array. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.OvirtPlatformLoadBalancer": { - "description": "OvirtPlatformLoadBalancer defines the load balancer used by the cluster on Ovirt platform.", + "TableOptions.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "TableOptions are used when a Table is requested by the caller.", "type": "object", "properties": { - "type": { - "description": "type defines the type of load balancer used by the cluster on Ovirt platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", - "type": "string", - "default": "OpenShiftManagedDefault" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": {} + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "includeObject": { + "description": "includeObject decides whether to include each object along with its columnar information. Specifying \"None\" will return no object, specifying \"Object\" will return the full object contents, and specifying \"Metadata\" (the default) will return the object's metadata in the PartialObjectMetadata kind in version v1beta1 of the meta.k8s.io API group.", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" } - ] - }, - "com.github.openshift.api.config.v1.OvirtPlatformSpec": { - "description": "OvirtPlatformSpec holds the desired state of the oVirt infrastructure provider. This only includes fields that can be modified in the cluster.", - "type": "object" + } }, - "com.github.openshift.api.config.v1.OvirtPlatformStatus": { - "description": "OvirtPlatformStatus holds the current status of the oVirt infrastructure provider.", + "TableRow.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "TableRow is an individual row in a table.", "type": "object", "required": [ - "apiServerInternalIPs", - "ingressIPs" + "cells" ], "properties": { - "apiServerInternalIP": { - "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", - "type": "string" - }, - "apiServerInternalIPs": { - "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", + "cells": { + "description": "cells will be as wide as the column definitions array and may contain strings, numbers (float64 or int64), booleans, simple maps, lists, or null. See the type field of the column definition for a more detailed description.", "type": "array", "items": { - "type": "string", - "default": "" + "type": "object" }, - "x-kubernetes-list-type": "set" - }, - "dnsRecordsType": { - "description": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.\n\nPossible enum values:\n - `\"External\"`\n - `\"Internal\"`", - "type": "string", - "enum": [ - "External", - "Internal" - ] - }, - "ingressIP": { - "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", - "type": "string" + "x-kubernetes-list-type": "atomic" }, - "ingressIPs": { - "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", + "conditions": { + "description": "conditions describe additional status of a row that are relevant for a human user. These conditions apply to the row, not to the object, and will be specific to table output. The only defined condition type is 'Completed', for a row that indicates a resource that has run to completion and can be given less visual priority.", "type": "array", "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" - }, - "loadBalancer": { - "description": "loadBalancer defines how the load balancer used by the cluster is configured.", - "default": { - "type": "OpenShiftManagedDefault" + "default": {}, + "$ref": "#/definitions/TableRowCondition.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "$ref": "#/definitions/com.github.openshift.api.config.v1.OvirtPlatformLoadBalancer" + "x-kubernetes-list-type": "atomic" }, - "nodeDNSIP": { - "description": "deprecated: as of 4.6, this field is no longer set or honored. It will be removed in a future release.", - "type": "string" + "object": { + "description": "This field contains the requested additional information about each object based on the includeObject policy when requesting the Table. If \"None\", this field is empty, if \"Object\" this will be the default serialization of the object for the current API version, and if \"Metadata\" (the default) will contain the object metadata. Check the returned kind and apiVersion of the object before parsing. The media type of the object will always match the enclosing list - if this as a JSON table, these will be JSON encoded objects.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1.PKICertificateSubject": { - "description": "PKICertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", + "TableRowCondition.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "TableRowCondition allows a row to be marked with additional information.", "type": "object", + "required": [ + "type", + "status" + ], "properties": { - "email": { - "description": "email specifies the expected email address imposed on the subject to which the certificate was issued, and must match the email address listed in the Subject Alternative Name (SAN) field of the certificate. The email must be a valid email address and at most 320 characters in length.", + "message": { + "description": "Human readable message indicating details about last transition.", "type": "string" }, - "hostname": { - "description": "hostname specifies the expected hostname imposed on the subject to which the certificate was issued, and it must match the hostname listed in the Subject Alternative Name (SAN) DNS field of the certificate. The hostname must be a valid dns 1123 subdomain name, optionally prefixed by '*.', and at most 253 characters in length. It must consist only of lowercase alphanumeric characters, hyphens, periods and the optional preceding asterisk.", + "reason": { + "description": "(brief) machine readable reason for the condition's last transition.", "type": "string" + }, + "status": { + "description": "Status of the condition, one of True, False, Unknown.", + "type": "string", + "default": "" + }, + "type": { + "description": "Type of row condition. The only defined value is 'Completed' indicating that the object this row represents has reached a completed state and may be given less visual priority than other rows. Clients are not required to honor any conditions but should be consistent where possible about handling the conditions.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.PersistentVolumeClaimReference": { - "description": "PersistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", + "Taint.v1.core.api.k8s.io": { + "description": "The node this Taint is attached to has the \"effect\" on any pod that does not tolerate the Taint.", "type": "object", "required": [ - "name" + "key", + "effect" ], "properties": { - "name": { - "description": "name is the name of the PersistentVolumeClaim that will be used to store the Insights data archive. It is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", + "effect": { + "description": "Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute.\n\nPossible enum values:\n - `\"NoExecute\"` Evict any already-running pods that do not tolerate the taint. Currently enforced by NodeController.\n - `\"NoSchedule\"` Do not allow new pods to schedule onto the node unless they tolerate the taint, but allow all pods submitted to Kubelet without going through the scheduler to start, and allow all already-running pods to continue running. Enforced by the scheduler.\n - `\"PreferNoSchedule\"` Like TaintEffectNoSchedule, but the scheduler tries not to schedule new pods onto the node, rather than prohibiting new pods from scheduling onto the node entirely. Enforced by the scheduler.", + "type": "string", + "default": "", + "enum": [ + "NoExecute", + "NoSchedule", + "PreferNoSchedule" + ] + }, + "key": { + "description": "Required. The taint key to be applied to a node.", + "type": "string", + "default": "" + }, + "timeAdded": { + "description": "TimeAdded represents the time at which the taint was added.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "value": { + "description": "The taint value corresponding to the taint key.", "type": "string" } } }, - "com.github.openshift.api.config.v1.PersistentVolumeConfig": { - "description": "PersistentVolumeConfig provides configuration options for PersistentVolume storage.", + "Time.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", + "type": "string", + "format": "date-time" + }, + "Timestamp.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "Timestamp is a struct that is equivalent to Time, but intended for protobuf marshalling/unmarshalling. It is generated into a serialization that matches Time. Do not use in Go structs.", "type": "object", "required": [ - "claim" + "seconds", + "nanos" ], "properties": { - "claim": { - "description": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.PersistentVolumeClaimReference" + "nanos": { + "description": "Non-negative fractions of a second at nanosecond resolution. Negative second values with fractions must still have non-negative nanos values that count forward in time. Must be from 0 to 999,999,999 inclusive. This field may be limited in precision depending on context.", + "type": "integer", + "format": "int32", + "default": 0 }, - "mountPath": { - "description": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", - "type": "string" + "seconds": { + "description": "Represents seconds of UTC time since Unix epoch 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59Z inclusive.", + "type": "integer", + "format": "int64", + "default": 0 } } }, - "com.github.openshift.api.config.v1.PlatformSpec": { - "description": "PlatformSpec holds the desired state specific to the underlying infrastructure provider of the current cluster. Since these are used at spec-level for the underlying cluster, it is supposed that only one of the spec structs is set.", + "Toleration.v1.core.api.k8s.io": { + "description": "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator .", "type": "object", - "required": [ - "type" - ], "properties": { - "alibabaCloud": { - "description": "alibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.AlibabaCloudPlatformSpec" - }, - "aws": { - "description": "aws contains settings specific to the Amazon Web Services infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSPlatformSpec" - }, - "azure": { - "description": "azure contains settings specific to the Azure infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.AzurePlatformSpec" - }, - "baremetal": { - "description": "baremetal contains settings specific to the BareMetal platform.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.BareMetalPlatformSpec" - }, - "equinixMetal": { - "description": "equinixMetal contains settings specific to the Equinix Metal infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.EquinixMetalPlatformSpec" - }, - "external": { - "description": "ExternalPlatformType represents generic infrastructure provider. Platform-specific components should be supplemented separately.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.ExternalPlatformSpec" - }, - "gcp": { - "description": "gcp contains settings specific to the Google Cloud Platform infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.GCPPlatformSpec" - }, - "ibmcloud": { - "description": "ibmcloud contains settings specific to the IBMCloud infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.IBMCloudPlatformSpec" - }, - "kubevirt": { - "description": "kubevirt contains settings specific to the kubevirt infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.KubevirtPlatformSpec" - }, - "nutanix": { - "description": "nutanix contains settings specific to the Nutanix infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixPlatformSpec" + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.\n\nPossible enum values:\n - `\"NoExecute\"` Evict any already-running pods that do not tolerate the taint. Currently enforced by NodeController.\n - `\"NoSchedule\"` Do not allow new pods to schedule onto the node unless they tolerate the taint, but allow all pods submitted to Kubelet without going through the scheduler to start, and allow all already-running pods to continue running. Enforced by the scheduler.\n - `\"PreferNoSchedule\"` Like TaintEffectNoSchedule, but the scheduler tries not to schedule new pods onto the node, rather than prohibiting new pods from scheduling onto the node entirely. Enforced by the scheduler.", + "type": "string", + "enum": [ + "NoExecute", + "NoSchedule", + "PreferNoSchedule" + ] }, - "openstack": { - "description": "openstack contains settings specific to the OpenStack infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.OpenStackPlatformSpec" + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "type": "string" }, - "ovirt": { - "description": "ovirt contains settings specific to the oVirt infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.OvirtPlatformSpec" + "operator": { + "description": "Operator represents a key's relationship to the value. Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).\n\nPossible enum values:\n - `\"Equal\"`\n - `\"Exists\"`\n - `\"Gt\"`\n - `\"Lt\"`", + "type": "string", + "enum": [ + "Equal", + "Exists", + "Gt", + "Lt" + ] }, - "powervs": { - "description": "powervs contains settings specific to the IBM Power Systems Virtual Servers infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.PowerVSPlatformSpec" + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", + "type": "integer", + "format": "int64" }, - "type": { - "description": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"IBMCloud\", \"KubeVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\", \"External\", and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", + "value": { + "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", + "type": "string" + } + } + }, + "TopologySelectorLabelRequirement.v1.core.api.k8s.io": { + "description": "A topology selector requirement is a selector that matches given label. This is an alpha feature and may change in the future.", + "type": "object", + "required": [ + "key", + "values" + ], + "properties": { + "key": { + "description": "The label key that the selector applies to.", "type": "string", "default": "" }, - "vsphere": { - "description": "vsphere contains settings specific to the VSphere infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformSpec" + "values": { + "description": "An array of string values. One value must match the label to be selected. Each entry in Values is ORed.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.config.v1.PlatformStatus": { - "description": "PlatformStatus holds the current status specific to the underlying infrastructure provider of the current cluster. Since these are used at status-level for the underlying cluster, it is supposed that only one of the status structs is set.", + "TopologySelectorTerm.v1.core.api.k8s.io": { + "description": "A topology selector term represents the result of label queries. A null or empty topology selector term matches no objects. The requirements of them are ANDed. It provides a subset of functionality as NodeSelectorTerm. This is an alpha feature and may change in the future.", + "type": "object", + "properties": { + "matchLabelExpressions": { + "description": "A list of topology selector requirements by labels.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/TopologySelectorLabelRequirement.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" + } + }, + "x-kubernetes-map-type": "atomic" + }, + "TopologySpreadConstraint.v1.core.api.k8s.io": { + "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", "type": "object", "required": [ - "type" + "maxSkew", + "topologyKey", + "whenUnsatisfiable" ], "properties": { - "alibabaCloud": { - "description": "alibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.AlibabaCloudPlatformStatus" - }, - "aws": { - "description": "aws contains settings specific to the Amazon Web Services infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSPlatformStatus" - }, - "azure": { - "description": "azure contains settings specific to the Azure infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.AzurePlatformStatus" - }, - "baremetal": { - "description": "baremetal contains settings specific to the BareMetal platform.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.BareMetalPlatformStatus" - }, - "equinixMetal": { - "description": "equinixMetal contains settings specific to the Equinix Metal infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.EquinixMetalPlatformStatus" - }, - "external": { - "description": "external contains settings specific to the generic External infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.ExternalPlatformStatus" - }, - "gcp": { - "description": "gcp contains settings specific to the Google Cloud Platform infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.GCPPlatformStatus" - }, - "ibmcloud": { - "description": "ibmcloud contains settings specific to the IBMCloud infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.IBMCloudPlatformStatus" + "labelSelector": { + "description": "LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.", + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "kubevirt": { - "description": "kubevirt contains settings specific to the kubevirt infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.KubevirtPlatformStatus" + "matchLabelKeys": { + "description": "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "nutanix": { - "description": "nutanix contains settings specific to the Nutanix infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixPlatformStatus" + "maxSkew": { + "description": "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.", + "type": "integer", + "format": "int32", + "default": 0 }, - "openstack": { - "description": "openstack contains settings specific to the OpenStack infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.OpenStackPlatformStatus" + "minDomains": { + "description": "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew.", + "type": "integer", + "format": "int32" }, - "ovirt": { - "description": "ovirt contains settings specific to the oVirt infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.OvirtPlatformStatus" + "nodeAffinityPolicy": { + "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\n\nPossible enum values:\n - `\"Honor\"` means use this scheduling directive when calculating pod topology spread skew.\n - `\"Ignore\"` means ignore this scheduling directive when calculating pod topology spread skew.", + "type": "string", + "enum": [ + "Honor", + "Ignore" + ] }, - "powervs": { - "description": "powervs contains settings specific to the Power Systems Virtual Servers infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.PowerVSPlatformStatus" + "nodeTaintsPolicy": { + "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\n\nPossible enum values:\n - `\"Honor\"` means use this scheduling directive when calculating pod topology spread skew.\n - `\"Ignore\"` means ignore this scheduling directive when calculating pod topology spread skew.", + "type": "string", + "enum": [ + "Honor", + "Ignore" + ] }, - "type": { - "description": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.\n\nThis value will be synced with to the `status.platform` and `status.platformStatus.type`. Currently this value cannot be changed once set.", + "topologyKey": { + "description": "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field.", "type": "string", "default": "" }, - "vsphere": { - "description": "vsphere contains settings specific to the VSphere infrastructure provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformStatus" + "whenUnsatisfiable": { + "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.\n\nPossible enum values:\n - `\"DoNotSchedule\"` instructs the scheduler not to schedule the pod when constraints are not satisfied.\n - `\"ScheduleAnyway\"` instructs the scheduler to schedule the pod even if constraints are not satisfied.", + "type": "string", + "default": "", + "enum": [ + "DoNotSchedule", + "ScheduleAnyway" + ] } } }, - "com.github.openshift.api.config.v1.PolicyFulcioSubject": { - "description": "PolicyFulcioSubject defines the OIDC issuer and the email of the Fulcio authentication configuration.", + "TypeChecking.v1.admissionregistration.api.k8s.io": { + "description": "TypeChecking contains results of type checking the expressions in the ValidatingAdmissionPolicy", "type": "object", - "required": [ - "oidcIssuer", - "signedEmail" - ], "properties": { - "oidcIssuer": { - "description": "oidcIssuer is a required filed contains the expected OIDC issuer. The oidcIssuer must be a valid URL and at most 2048 characters in length. It will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL. When Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token. Example: \"https://expected.OIDC.issuer/\"", - "type": "string", - "default": "" - }, - "signedEmail": { - "description": "signedEmail is a required field holds the email address that the Fulcio certificate is issued for. The signedEmail must be a valid email address and at most 320 characters in length. Example: \"expected-signing-user@example.com\"", - "type": "string", - "default": "" + "expressionWarnings": { + "description": "The type checking warnings for each expression.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/ExpressionWarning.v1.admissionregistration.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.config.v1.PolicyIdentity": { - "description": "PolicyIdentity defines image identity the signature claims about the image. When omitted, the default matchPolicy is \"MatchRepoDigestOrExact\".", + "TypeMeta.runtime.pkg.apimachinery.k8s.io": { + "description": "TypeMeta is shared by all top level objects. The proper way to use it is to inline it in your type, like this:\n\n\ttype MyAwesomeAPIObject struct {\n\t runtime.TypeMeta `json:\",inline\"`\n\t ... // other fields\n\t}\n\nfunc (obj *MyAwesomeAPIObject) SetGroupVersionKind(gvk *metav1.GroupVersionKind) { metav1.UpdateTypeMeta(obj,gvk) }; GroupVersionKind() *GroupVersionKind\n\nTypeMeta is provided here for convenience. You may use it directly from this package or define your own with the same fields.", "type": "object", - "required": [ - "matchPolicy" - ], "properties": { - "exactRepository": { - "description": "exactRepository specifies the repository that must be exactly matched by the identity in the signature. exactRepository is required if matchPolicy is set to \"ExactRepository\". It is used to verify that the signature claims an identity matching this exact repository, rather than the original image identity.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyMatchExactRepository" - }, - "matchPolicy": { - "description": "matchPolicy is a required filed specifies matching strategy to verify the image identity in the signature against the image scope. Allowed values are \"MatchRepoDigestOrExact\", \"MatchRepository\", \"ExactRepository\", \"RemapIdentity\". When omitted, the default value is \"MatchRepoDigestOrExact\". When set to \"MatchRepoDigestOrExact\", the identity in the signature must be in the same repository as the image identity if the image identity is referenced by a digest. Otherwise, the identity in the signature must be the same as the image identity. When set to \"MatchRepository\", the identity in the signature must be in the same repository as the image identity. When set to \"ExactRepository\", the exactRepository must be specified. The identity in the signature must be in the same repository as a specific identity specified by \"repository\". When set to \"RemapIdentity\", the remapIdentity must be specified. The signature must be in the same as the remapped image identity. Remapped image identity is obtained by replacing the \"prefix\" with the specified “signedPrefix” if the the image identity matches the specified remapPrefix.", - "type": "string", - "default": "" + "apiVersion": { + "type": "string" }, - "remapIdentity": { - "description": "remapIdentity specifies the prefix remapping rule for verifying image identity. remapIdentity is required if matchPolicy is set to \"RemapIdentity\". It is used to verify that the signature claims a different registry/repository prefix than the original image.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyMatchRemapIdentity" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "matchPolicy", - "fields-to-discriminateBy": { - "exactRepository": "PolicyMatchExactRepository", - "remapIdentity": "PolicyMatchRemapIdentity" - } + "kind": { + "type": "string" } - ] + } }, - "com.github.openshift.api.config.v1.PolicyMatchExactRepository": { + "TypeMeta.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "TypeMeta describes an individual object in an API response or request with strings representing the type of the object and its API schema version. Structures that are versioned or persisted should inline TypeMeta.", "type": "object", - "required": [ - "repository" - ], "properties": { - "repository": { - "description": "repository is the reference of the image identity to be matched. repository is required if matchPolicy is set to \"ExactRepository\". The value should be a repository name (by omitting the tag or digest) in a registry implementing the \"Docker Registry HTTP API V2\". For example, docker.io/library/busybox", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" } } }, - "com.github.openshift.api.config.v1.PolicyMatchRemapIdentity": { + "TypedLocalObjectReference.v1.core.api.k8s.io": { + "description": "TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.", "type": "object", "required": [ - "prefix", - "signedPrefix" + "kind", + "name" ], "properties": { - "prefix": { - "description": "prefix is required if matchPolicy is set to \"RemapIdentity\". prefix is the prefix of the image identity to be matched. If the image identity matches the specified prefix, that prefix is replaced by the specified “signedPrefix” (otherwise it is used as unchanged and no remapping takes place). This is useful when verifying signatures for a mirror of some other repository namespace that preserves the vendor’s repository structure. The prefix and signedPrefix values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", + "type": "string" + }, + "kind": { + "description": "Kind is the type of resource being referenced", "type": "string", "default": "" }, - "signedPrefix": { - "description": "signedPrefix is required if matchPolicy is set to \"RemapIdentity\". signedPrefix is the prefix of the image identity to be matched in the signature. The format is the same as \"prefix\". The values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", + "name": { + "description": "Name is the name of resource being referenced", "type": "string", "default": "" } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.config.v1.PolicyRootOfTrust": { - "description": "PolicyRootOfTrust defines the root of trust based on the selected policyType.", + "TypedObjectReference.v1.core.api.k8s.io": { + "description": "TypedObjectReference contains enough information to let you locate the typed referenced object", "type": "object", "required": [ - "policyType" + "kind", + "name" ], "properties": { - "fulcioCAWithRekor": { - "description": "fulcioCAWithRekor defines the root of trust configuration based on the Fulcio certificate and the Rekor public key. fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise For more information about Fulcio and Rekor, please refer to the document at: https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor", - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicyFulcioCAWithRekorRootOfTrust" + "apiGroup": { + "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", + "type": "string" }, - "pki": { - "description": "pki defines the root of trust configuration based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates. pki is required when policyType is PKI, and forbidden otherwise.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicyPKIRootOfTrust" + "kind": { + "description": "Kind is the type of resource being referenced", + "type": "string", + "default": "" }, - "policyType": { - "description": "policyType is a required field specifies the type of the policy for verification. This field must correspond to how the policy was generated. Allowed values are \"PublicKey\", \"FulcioCAWithRekor\", and \"PKI\". When set to \"PublicKey\", the policy relies on a sigstore publicKey and may optionally use a Rekor verification. When set to \"FulcioCAWithRekor\", the policy is based on the Fulcio certification and incorporates a Rekor verification. When set to \"PKI\", the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI).", + "name": { + "description": "Name is the name of resource being referenced", "type": "string", "default": "" }, - "publicKey": { - "description": "publicKey defines the root of trust configuration based on a sigstore public key. Optionally include a Rekor public key for Rekor verification. publicKey is required when policyType is PublicKey, and forbidden otherwise.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicyPublicKeyRootOfTrust" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "policyType", - "fields-to-discriminateBy": { - "fulcioCAWithRekor": "FulcioCAWithRekor", - "pki": "PKI", - "publicKey": "PublicKey" - } - } - ] - }, - "com.github.openshift.api.config.v1.PowerVSPlatformSpec": { - "description": "PowerVSPlatformSpec holds the desired state of the IBM Power Systems Virtual Servers infrastructure provider. This only includes fields that can be modified in the cluster.", - "type": "object", - "properties": { - "serviceEndpoints": { - "description": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.PowerVSServiceEndpoint" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "namespace": { + "description": "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.PowerVSPlatformStatus": { - "description": "PowerVSPlatformStatus holds the current status of the IBM Power Systems Virtual Servers infrastrucutre provider.", + "Unknown.runtime.pkg.apimachinery.k8s.io": { + "description": "Unknown allows api objects with unknown types to be passed-through. This can be used to deal with the API objects from a plug-in. Unknown objects still have functioning TypeMeta features-- kind, version, etc. metadata and field mutatation.", "type": "object", "required": [ - "region", - "zone" + "ContentEncoding", + "ContentType" ], "properties": { - "cisInstanceCRN": { - "description": "cisInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain", - "type": "string" - }, - "dnsInstanceCRN": { - "description": "dnsInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain", - "type": "string" - }, - "region": { - "description": "region holds the default Power VS region for new Power VS resources created by the cluster.", + "ContentEncoding": { + "description": "ContentEncoding is encoding used to encode 'Raw' data. Unspecified means no encoding.", "type": "string", "default": "" }, - "resourceGroup": { - "description": "resourceGroup is the resource group name for new IBMCloud resources created for a cluster. The resource group specified here will be used by cluster-image-registry-operator to set up a COS Instance in IBMCloud for the cluster registry. More about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs. When omitted, the image registry operator won't be able to configure storage, which results in the image registry cluster operator not being in an available state.", + "ContentType": { + "description": "ContentType is serialization method used to serialize 'Raw'. Unspecified means ContentTypeJSON.", "type": "string", "default": "" }, - "serviceEndpoints": { - "description": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.PowerVSServiceEndpoint" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "apiVersion": { + "type": "string" }, - "zone": { - "description": "zone holds the default zone for the new Power VS resources created by the cluster. Note: Currently only single-zone OCP clusters are supported", - "type": "string", - "default": "" + "kind": { + "type": "string" } } }, - "com.github.openshift.api.config.v1.PowerVSServiceEndpoint": { - "description": "PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services.", + "UpdateOptions.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "UpdateOptions may be provided when updating an API object. All fields in UpdateOptions should also be present in PatchOptions.", "type": "object", - "required": [ - "name", - "url" - ], "properties": { - "name": { - "description": "name is the name of the Power VS service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller Power Cloud - https://cloud.ibm.com/apidocs/power-cloud", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "url": { - "description": "url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.", - "type": "string", - "default": "" + "dryRun": { + "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "fieldManager": { + "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", + "type": "string" + }, + "fieldValidation": { + "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" } } }, - "com.github.openshift.api.config.v1.PrefixedClaimMapping": { - "description": "PrefixedClaimMapping configures a claim mapping that allows for an optional prefix.", + "ValidatingAdmissionPolicy.v1.admissionregistration.api.k8s.io": { + "description": "ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.", "type": "object", - "required": [ - "claim" - ], "properties": { - "claim": { - "description": "claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "prefix": { - "description": "prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes.\n\nWhen omitted (\"\"), no prefix is applied to the cluster identity attribute.\n\nExample: if `prefix` is set to \"myoidc:\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\".", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "Specification of the desired behavior of the ValidatingAdmissionPolicy.", + "default": {}, + "$ref": "#/definitions/ValidatingAdmissionPolicySpec.v1.admissionregistration.api.k8s.io" + }, + "status": { + "description": "The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.", + "default": {}, + "$ref": "#/definitions/ValidatingAdmissionPolicyStatus.v1.admissionregistration.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.ProfileCustomizations": { - "description": "ProfileCustomizations contains various parameters for modifying the default behavior of certain profiles", + "ValidatingAdmissionPolicyBinding.v1.admissionregistration.api.k8s.io": { + "description": "ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.\n\nFor a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.\n\nThe CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.", "type": "object", "properties": { - "dynamicResourceAllocation": { - "description": "dynamicResourceAllocation allows to enable or disable dynamic resource allocation within the scheduler. Dynamic resource allocation is an API for requesting and sharing resources between pods and containers inside a pod. Third-party resource drivers are responsible for tracking and allocating resources. Different kinds of resources support arbitrary parameters for defining requirements and initialization. Valid values are Enabled, Disabled and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is Disabled.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.", + "default": {}, + "$ref": "#/definitions/ValidatingAdmissionPolicyBindingSpec.v1.admissionregistration.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.Project": { - "description": "Project holds cluster-wide information about Project. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "ValidatingAdmissionPolicyBindingList.v1.admissionregistration.api.k8s.io": { + "description": "ValidatingAdmissionPolicyBindingList is a list of ValidatingAdmissionPolicyBinding.", "type": "object", "required": [ - "spec" + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "description": "List of PolicyBinding.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/ValidatingAdmissionPolicyBinding.v1.admissionregistration.api.k8s.io" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "ValidatingAdmissionPolicyBindingSpec.v1.admissionregistration.api.k8s.io": { + "description": "ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.", + "type": "object", + "properties": { + "matchResources": { + "description": "MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.", + "$ref": "#/definitions/MatchResources.v1.admissionregistration.api.k8s.io" }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ProjectSpec" + "paramRef": { + "description": "paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.", + "$ref": "#/definitions/ParamRef.v1.admissionregistration.api.k8s.io" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ProjectStatus" + "policyName": { + "description": "PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.", + "type": "string" + }, + "validationActions": { + "description": "validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.\n\nFailures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.\n\nvalidationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.\n\nThe supported actions values are:\n\n\"Deny\" specifies that a validation failure results in a denied request.\n\n\"Warn\" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.\n\n\"Audit\" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `\"validation.policy.admission.k8s.io/validation_failure\": \"[{\\\"message\\\": \\\"Invalid value\\\", {\\\"policy\\\": \\\"policy.example.com\\\", {\\\"binding\\\": \\\"policybinding.example.com\\\", {\\\"expressionIndex\\\": \\\"1\\\", {\\\"validationActions\\\": [\\\"Audit\\\"]}]\"`\n\nClients should expect to handle additional values by ignoring any values not recognized.\n\n\"Deny\" and \"Warn\" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.\n\nRequired.", + "type": "array", + "items": { + "type": "string", + "default": "", + "enum": [ + "Audit", + "Deny", + "Warn" + ] + }, + "x-kubernetes-list-type": "set" } } }, - "com.github.openshift.api.config.v1.ProjectList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "ValidatingAdmissionPolicyList.v1.admissionregistration.api.k8s.io": { + "description": "ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy.", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -10618,10 +10682,11 @@ "type": "string" }, "items": { + "description": "List of ValidatingAdmissionPolicy.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Project" + "$ref": "#/definitions/ValidatingAdmissionPolicy.v1.admissionregistration.api.k8s.io" } }, "kind": { @@ -10629,51 +10694,203 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1.ProjectSpec": { - "description": "ProjectSpec holds the project creation configuration.", + "ValidatingAdmissionPolicySpec.v1.admissionregistration.api.k8s.io": { + "description": "ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.", "type": "object", "properties": { - "projectRequestMessage": { - "description": "projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint", + "auditAnnotations": { + "description": "auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/AuditAnnotation.v1.admissionregistration.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" + }, + "failurePolicy": { + "description": "failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.\n\nA policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource.\n\nfailurePolicy does not define how validations that evaluate to false are handled.\n\nWhen failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.\n\nAllowed values are Ignore or Fail. Defaults to Fail.\n\nPossible enum values:\n - `\"Fail\"` means that an error calling the webhook causes the admission to fail.\n - `\"Ignore\"` means that an error calling the webhook is ignored.", "type": "string", - "default": "" + "enum": [ + "Fail", + "Ignore" + ] }, - "projectRequestTemplate": { - "description": "projectRequestTemplate is the template to use for creating projects in response to projectrequest. This must point to a template in 'openshift-config' namespace. It is optional. If it is not specified, a default template is used.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.TemplateReference" + "matchConditions": { + "description": "MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nIf a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.\n\nThe exact matching logic is (in order):\n 1. If ANY matchCondition evaluates to FALSE, the policy is skipped.\n 2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.\n 3. If any matchCondition evaluates to an error (but none are FALSE):\n - If failurePolicy=Fail, reject the request\n - If failurePolicy=Ignore, the policy is skipped", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/MatchCondition.v1.admissionregistration.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + }, + "matchConstraints": { + "description": "MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request if it matches _all_ Constraints. However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Required.", + "$ref": "#/definitions/MatchResources.v1.admissionregistration.api.k8s.io" + }, + "paramKind": { + "description": "ParamKind specifies the kind of resources used to parameterize this policy. If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.", + "$ref": "#/definitions/ParamKind.v1.admissionregistration.api.k8s.io" + }, + "validations": { + "description": "Validations contain CEL expressions which is used to apply the validation. Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is required.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Validation.v1.admissionregistration.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" + }, + "variables": { + "description": "Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.\n\nThe expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Variable.v1.admissionregistration.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" } } }, - "com.github.openshift.api.config.v1.ProjectStatus": { - "type": "object" + "ValidatingAdmissionPolicyStatus.v1.admissionregistration.api.k8s.io": { + "description": "ValidatingAdmissionPolicyStatus represents the status of an admission validation policy.", + "type": "object", + "properties": { + "conditions": { + "description": "The conditions represent the latest available observations of a policy's current state.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "observedGeneration": { + "description": "The generation observed by the controller.", + "type": "integer", + "format": "int64" + }, + "typeChecking": { + "description": "The results of type checking for each expression. Presence of this field indicates the completion of the type checking.", + "$ref": "#/definitions/TypeChecking.v1.admissionregistration.api.k8s.io" + } + } }, - "com.github.openshift.api.config.v1.PromQLClusterCondition": { - "description": "PromQLClusterCondition represents a cluster condition based on PromQL.", + "ValidatingWebhook.v1.admissionregistration.api.k8s.io": { + "description": "ValidatingWebhook describes an admission webhook and the resources and operations it applies to.", "type": "object", "required": [ - "promql" + "name", + "clientConfig", + "sideEffects", + "admissionReviewVersions" ], "properties": { - "promql": { - "description": "promql is a PromQL query classifying clusters. This query query should return a 1 in the match case and a 0 in the does-not-match case. Queries which return no time series, or which return values besides 0 or 1, are evaluation failures.", + "admissionReviewVersions": { + "description": "AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "clientConfig": { + "description": "ClientConfig defines how to communicate with the hook. Required", + "default": {}, + "$ref": "#/definitions/WebhookClientConfig.v1.admissionregistration.api.k8s.io" + }, + "failurePolicy": { + "description": "FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.\n\nPossible enum values:\n - `\"Fail\"` means that an error calling the webhook causes the admission to fail.\n - `\"Ignore\"` means that an error calling the webhook is ignored.", + "type": "string", + "enum": [ + "Fail", + "Ignore" + ] + }, + "matchConditions": { + "description": "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n 1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n 2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n 3. If any matchCondition evaluates to an error (but none are FALSE):\n - If failurePolicy=Fail, reject the request\n - If failurePolicy=Ignore, the error is ignored and the webhook is skipped", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/MatchCondition.v1.admissionregistration.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + }, + "matchPolicy": { + "description": "matchPolicy defines how the \"rules\" list is used to match incoming requests. Allowed values are \"Exact\" or \"Equivalent\".\n\n- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.\n\n- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.\n\nDefaults to \"Equivalent\"\n\nPossible enum values:\n - `\"Equivalent\"` means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version.\n - `\"Exact\"` means requests should only be sent to the webhook if they exactly match a given rule.", + "type": "string", + "enum": [ + "Equivalent", + "Exact" + ] + }, + "name": { + "description": "The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where \"imagepolicy\" is the name of the webhook, and kubernetes.io is the name of the organization. Required.", "type": "string", "default": "" + }, + "namespaceSelector": { + "description": "NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"runlevel\",\n \"operator\": \"NotIn\",\n \"values\": [\n \"0\",\n \"1\"\n ]\n }\n ]\n}\n\nIf instead you want to only run the webhook on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"environment\",\n \"operator\": \"In\",\n \"values\": [\n \"prod\",\n \"staging\"\n ]\n }\n ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything.", + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "objectSelector": { + "description": "ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.", + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "rules": { + "description": "Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/RuleWithOperations.v1.admissionregistration.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" + }, + "sideEffects": { + "description": "SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.\n\nPossible enum values:\n - `\"None\"` means that calling the webhook will have no side effects.\n - `\"NoneOnDryRun\"` means that calling the webhook will possibly have side effects, but if the request being reviewed has the dry-run attribute, the side effects will be suppressed.\n - `\"Some\"` means that calling the webhook will possibly have side effects. If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.\n - `\"Unknown\"` means that no information is known about the side effects of calling the webhook. If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.", + "type": "string", + "enum": [ + "None", + "NoneOnDryRun", + "Some", + "Unknown" + ] + }, + "timeoutSeconds": { + "description": "TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.", + "type": "integer", + "format": "int32" } } }, - "com.github.openshift.api.config.v1.Proxy": { - "description": "Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "ValidatingWebhookConfiguration.v1.admissionregistration.api.k8s.io": { + "description": "ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.", "type": "object", - "required": [ - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -10684,27 +10901,30 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec holds user-settable values for the proxy configuration", + "description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ProxySpec" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ProxyStatus" + "webhooks": { + "description": "Webhooks is a list of webhooks and the affected resources and operations.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/ValidatingWebhook.v1.admissionregistration.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" } } }, - "com.github.openshift.api.config.v1.ProxyList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "ValidatingWebhookConfigurationList.v1.admissionregistration.api.k8s.io": { + "description": "ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration.", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -10713,10 +10933,11 @@ "type": "string" }, "items": { + "description": "List of ValidatingWebhookConfiguration.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Proxy" + "$ref": "#/definitions/ValidatingWebhookConfiguration.v1.admissionregistration.api.k8s.io" } }, "kind": { @@ -10724,693 +10945,882 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1.ProxySpec": { - "description": "ProxySpec contains cluster proxy creation configuration.", + "Validation.v1.admissionregistration.api.k8s.io": { + "description": "Validation specifies the CEL expression which is used to apply the validation.", "type": "object", + "required": [ + "expression" + ], "properties": { - "httpProxy": { - "description": "httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var.", - "type": "string" - }, - "httpsProxy": { - "description": "httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var.", - "type": "string" - }, - "noProxy": { - "description": "noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. Empty means unset and will not result in an env var.", - "type": "string" - }, - "readinessEndpoints": { - "description": "readinessEndpoints is a list of endpoints used to verify readiness of the proxy.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "expression": { + "description": "Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. - 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object. No other metadata properties are accessible.\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.\nRequired.", + "type": "string", + "default": "" }, - "trustedCA": { - "description": "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well.\n\nThe namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml):\n\napiVersion: v1 kind: ConfigMap metadata:\n name: user-ca-bundle\n namespace: openshift-config\n data:\n ca-bundle.crt: |\n -----BEGIN CERTIFICATE-----\n Custom CA certificate bundle.\n -----END CERTIFICATE-----", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" - } - } - }, - "com.github.openshift.api.config.v1.ProxyStatus": { - "description": "ProxyStatus shows current known state of the cluster proxy.", - "type": "object", - "properties": { - "httpProxy": { - "description": "httpProxy is the URL of the proxy for HTTP requests.", + "message": { + "description": "Message represents the message displayed when validation fails. The message is required if the Expression contains line breaks. The message must not contain line breaks. If unset, the message is \"failed rule: {Rule}\". e.g. \"must be a URL with the host matching spec.host\" If the Expression contains line breaks. Message is required. The message must not contain line breaks. If unset, the message is \"failed Expression: {Expression}\".", "type": "string" }, - "httpsProxy": { - "description": "httpsProxy is the URL of the proxy for HTTPS requests.", + "messageExpression": { + "description": "messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'. Example: \"object.x must be less than max (\"+string(params.max)+\")\"", "type": "string" }, - "noProxy": { - "description": "noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used.", + "reason": { + "description": "Reason represents a machine-readable description of why this validation failed. If this is the first validation in the list to fail, this reason, as well as the corresponding HTTP response code, are used in the HTTP response to the client. The currently supported reasons are: \"Unauthorized\", \"Forbidden\", \"Invalid\", \"RequestEntityTooLarge\". If not set, StatusReasonInvalid is used in the response to the client.", "type": "string" } } }, - "com.github.openshift.api.config.v1.RegistryLocation": { - "description": "RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'.", + "Variable.v1.admissionregistration.api.k8s.io": { + "description": "Variable is the definition of a variable that is used for composition. A variable is defined as a named expression.", "type": "object", "required": [ - "domainName" + "name", + "expression" ], "properties": { - "domainName": { - "description": "domainName specifies a domain name for the registry In case the registry use non-standard (80 or 443) port, the port should be included in the domain name as well.", + "expression": { + "description": "Expression is the expression that will be evaluated as the value of the variable. The CEL expression has access to the same identifiers as the CEL expressions in Validation.", "type": "string", "default": "" }, - "insecure": { - "description": "insecure indicates whether the registry is secure (https) or insecure (http) By default (if not specified) the registry is assumed as secure.", - "type": "boolean" + "name": { + "description": "Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables. The variable can be accessed in other expressions through `variables` For example, if name is \"foo\", the variable will be available as `variables.foo`", + "type": "string", + "default": "" } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.config.v1.RegistrySources": { - "description": "RegistrySources holds cluster-wide information about how to handle the registries config.", + "Volume.v1.core.api.k8s.io": { + "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", "type": "object", + "required": [ + "name" + ], "properties": { - "allowedRegistries": { - "description": "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "awsElasticBlockStore": { + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "$ref": "#/definitions/AWSElasticBlockStoreVolumeSource.v1.core.api.k8s.io" + }, + "azureDisk": { + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver.", + "$ref": "#/definitions/AzureDiskVolumeSource.v1.core.api.k8s.io" + }, + "azureFile": { + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver.", + "$ref": "#/definitions/AzureFileVolumeSource.v1.core.api.k8s.io" + }, + "cephfs": { + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", + "$ref": "#/definitions/CephFSVolumeSource.v1.core.api.k8s.io" + }, + "cinder": { + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "$ref": "#/definitions/CinderVolumeSource.v1.core.api.k8s.io" + }, + "configMap": { + "description": "configMap represents a configMap that should populate this volume", + "$ref": "#/definitions/ConfigMapVolumeSource.v1.core.api.k8s.io" + }, + "csi": { + "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", + "$ref": "#/definitions/CSIVolumeSource.v1.core.api.k8s.io" + }, + "downwardAPI": { + "description": "downwardAPI represents downward API about the pod that should populate this volume", + "$ref": "#/definitions/DownwardAPIVolumeSource.v1.core.api.k8s.io" + }, + "emptyDir": { + "description": "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "$ref": "#/definitions/EmptyDirVolumeSource.v1.core.api.k8s.io" + }, + "ephemeral": { + "description": "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed.\n\nUse this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information.\n\nA pod can use both types of ephemeral volumes and persistent volumes at the same time.", + "$ref": "#/definitions/EphemeralVolumeSource.v1.core.api.k8s.io" + }, + "fc": { + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", + "$ref": "#/definitions/FCVolumeSource.v1.core.api.k8s.io" + }, + "flexVolume": { + "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", + "$ref": "#/definitions/FlexVolumeSource.v1.core.api.k8s.io" + }, + "flocker": { + "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", + "$ref": "#/definitions/FlockerVolumeSource.v1.core.api.k8s.io" + }, + "gcePersistentDisk": { + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "$ref": "#/definitions/GCEPersistentDiskVolumeSource.v1.core.api.k8s.io" + }, + "gitRepo": { + "description": "gitRepo represents a git repository at a particular revision. Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", + "$ref": "#/definitions/GitRepoVolumeSource.v1.core.api.k8s.io" + }, + "glusterfs": { + "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.", + "$ref": "#/definitions/GlusterfsVolumeSource.v1.core.api.k8s.io" + }, + "hostPath": { + "description": "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "$ref": "#/definitions/HostPathVolumeSource.v1.core.api.k8s.io" + }, + "image": { + "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", + "$ref": "#/definitions/ImageVolumeSource.v1.core.api.k8s.io" + }, + "iscsi": { + "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi", + "$ref": "#/definitions/ISCSIVolumeSource.v1.core.api.k8s.io" + }, + "name": { + "description": "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string", + "default": "" + }, + "nfs": { + "description": "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "$ref": "#/definitions/NFSVolumeSource.v1.core.api.k8s.io" + }, + "persistentVolumeClaim": { + "description": "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "$ref": "#/definitions/PersistentVolumeClaimVolumeSource.v1.core.api.k8s.io" + }, + "photonPersistentDisk": { + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", + "$ref": "#/definitions/PhotonPersistentDiskVolumeSource.v1.core.api.k8s.io" + }, + "portworxVolume": { + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on.", + "$ref": "#/definitions/PortworxVolumeSource.v1.core.api.k8s.io" + }, + "projected": { + "description": "projected items for all in one resources secrets, configmaps, and downward API", + "$ref": "#/definitions/ProjectedVolumeSource.v1.core.api.k8s.io" + }, + "quobyte": { + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", + "$ref": "#/definitions/QuobyteVolumeSource.v1.core.api.k8s.io" + }, + "rbd": { + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported.", + "$ref": "#/definitions/RBDVolumeSource.v1.core.api.k8s.io" + }, + "scaleIO": { + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", + "$ref": "#/definitions/ScaleIOVolumeSource.v1.core.api.k8s.io" }, - "blockedRegistries": { - "description": "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "secret": { + "description": "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "$ref": "#/definitions/SecretVolumeSource.v1.core.api.k8s.io" }, - "containerRuntimeSearchRegistries": { - "description": "containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified domains in their pull specs. Registries will be searched in the order provided in the list. Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" + "storageos": { + "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", + "$ref": "#/definitions/StorageOSVolumeSource.v1.core.api.k8s.io" }, - "insecureRegistries": { - "description": "insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "vsphereVolume": { + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver.", + "$ref": "#/definitions/VsphereVirtualDiskVolumeSource.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.Release": { - "description": "Release represents an OpenShift release image and associated metadata.", + "VolumeDevice.v1.core.api.k8s.io": { + "description": "volumeDevice describes a mapping of a raw block device within a container.", "type": "object", "required": [ - "version", - "image" + "name", + "devicePath" ], "properties": { - "architecture": { - "description": "architecture is an optional field that indicates the value of the cluster architecture. In this context cluster architecture means either a single architecture or a multi architecture. Valid values are 'Multi' and empty.", - "type": "string" - }, - "channels": { - "description": "channels is the set of Cincinnati channels to which the release currently belongs.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" - }, - "image": { - "description": "image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.", + "devicePath": { + "description": "devicePath is the path inside of the container that the device will be mapped to.", "type": "string", "default": "" }, - "url": { - "description": "url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases.", - "type": "string" - }, - "version": { - "description": "version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified.", + "name": { + "description": "name must match the name of a persistentVolumeClaim in the pod", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.RemoteConnectionInfo": { - "description": "RemoteConnectionInfo holds information necessary for establishing a remote connection", + "VolumeMount.v1.core.api.k8s.io": { + "description": "VolumeMount describes a mounting of a Volume within a container.", "type": "object", "required": [ - "url", - "ca", - "certFile", - "keyFile" + "name", + "mountPath" ], "properties": { - "ca": { - "description": "ca is the CA for verifying TLS connections", + "mountPath": { + "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", "type": "string", "default": "" }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", + "mountPropagation": { + "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).\n\nPossible enum values:\n - `\"Bidirectional\"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume (\"rshared\" in Linux terminology).\n - `\"HostToContainer\"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume (\"rslave\" in Linux terminology).\n - `\"None\"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to \"private\" in Linux terminology.", "type": "string", - "default": "" + "enum": [ + "Bidirectional", + "HostToContainer", + "None" + ] }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "name": { + "description": "This must match the Name of a Volume.", "type": "string", "default": "" }, - "url": { - "description": "url is the remote URL to connect to", - "type": "string", - "default": "" + "readOnly": { + "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", + "type": "boolean" + }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly specifies whether read-only mounts should be handled recursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "type": "string" + }, + "subPath": { + "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", + "type": "string" + }, + "subPathExpr": { + "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.RepositoryDigestMirrors": { - "description": "RepositoryDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config.", + "VolumeMountStatus.v1.core.api.k8s.io": { + "description": "VolumeMountStatus shows status of volume mounts.", "type": "object", "required": [ - "source" + "name", + "mountPath" ], "properties": { - "allowMirrorByTags": { - "description": "allowMirrorByTags if true, the mirrors can be used to pull the images that are referenced by their tags. Default is false, the mirrors only work when pulling the images that are referenced by their digests. Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. Forcing digest-pulls for mirrors avoids that issue.", - "type": "boolean" - }, - "mirrors": { - "description": "mirrors is zero or more repositories that may also contain the same images. If the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec. No mirror will be configured. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. Other cluster configuration, including (but not limited to) other repositoryDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" + "mountPath": { + "description": "MountPath corresponds to the original VolumeMount.", + "type": "string", + "default": "" }, - "source": { - "description": "source is the repository that users refer to, e.g. in image pull specifications.", + "name": { + "description": "Name corresponds to the name of the original VolumeMount.", "type": "string", "default": "" + }, + "readOnly": { + "description": "ReadOnly corresponds to the original VolumeMount.", + "type": "boolean" + }, + "recursiveReadOnly": { + "description": "RecursiveReadOnly must be set to Disabled, Enabled, or unspecified (for non-readonly mounts). An IfPossible value in the original VolumeMount must be translated to Disabled or Enabled, depending on the mount result.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.RequestHeaderIdentityProvider": { - "description": "RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials", + "VolumeNodeAffinity.v1.core.api.k8s.io": { + "description": "VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from.", "type": "object", - "required": [ - "loginURL", - "challengeURL", - "ca", - "headers", - "preferredUsernameHeaders", - "nameHeaders", - "emailHeaders" - ], "properties": { - "ca": { - "description": "ca is a required reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. Specifically, it allows verification of incoming requests to prevent header spoofing. The key \"ca.crt\" is used to locate the data. If the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. The namespace for this config map is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" - }, - "challengeURL": { - "description": "challengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here. ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}\nRequired when challenge is set to true.", - "type": "string", - "default": "" + "required": { + "description": "required specifies hard node constraints that must be met.", + "$ref": "#/definitions/NodeSelector.v1.core.api.k8s.io" + } + } + }, + "VolumeProjection.v1.core.api.k8s.io": { + "description": "Projection that may be projected along with other supported volume types. Exactly one of these fields must be set.", + "type": "object", + "properties": { + "clusterTrustBundle": { + "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time.", + "$ref": "#/definitions/ClusterTrustBundleProjection.v1.core.api.k8s.io" }, - "clientCommonNames": { - "description": "clientCommonNames is an optional list of common names to require a match from. If empty, any client certificate validated against the clientCA bundle is considered authoritative.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "configMap": { + "description": "configMap information about the configMap data to project", + "$ref": "#/definitions/ConfigMapProjection.v1.core.api.k8s.io" }, - "emailHeaders": { - "description": "emailHeaders is the set of headers to check for the email address", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "downwardAPI": { + "description": "downwardAPI information about the downwardAPI data to project", + "$ref": "#/definitions/DownwardAPIProjection.v1.core.api.k8s.io" }, - "headers": { - "description": "headers is the set of headers to check for identity information", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "podCertificate": { + "description": "Projects an auto-rotating credential bundle (private key and certificate chain) that the pod can use either as a TLS client or server.\n\nKubelet generates a private key and uses it to send a PodCertificateRequest to the named signer. Once the signer approves the request and issues a certificate chain, Kubelet writes the key and certificate chain to the pod filesystem. The pod does not start until certificates have been issued for each podCertificate projected volume source in its spec.\n\nKubelet will begin trying to rotate the certificate at the time indicated by the signer using the PodCertificateRequest.Status.BeginRefreshAt timestamp.\n\nKubelet can write a single file, indicated by the credentialBundlePath field, or separate files, indicated by the keyPath and certificateChainPath fields.\n\nThe credential bundle is a single file in PEM format. The first PEM entry is the private key (in PKCS#8 format), and the remaining PEM entries are the certificate chain issued by the signer (typically, signers will return their certificate chain in leaf-to-root order).\n\nPrefer using the credential bundle format, since your application code can read it atomically. If you use keyPath and certificateChainPath, your application must make two separate file reads. If these coincide with a certificate rotation, it is possible that the private key and leaf certificate you read may not correspond to each other. Your application will need to check for this condition, and re-read until they are consistent.\n\nThe named signer controls chooses the format of the certificate it issues; consult the signer implementation's documentation to learn how to use the certificates it issues.", + "$ref": "#/definitions/PodCertificateProjection.v1.core.api.k8s.io" }, - "loginURL": { - "description": "loginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}\nRequired when login is set to true.", - "type": "string", - "default": "" + "secret": { + "description": "secret information about the secret data to project", + "$ref": "#/definitions/SecretProjection.v1.core.api.k8s.io" }, - "nameHeaders": { - "description": "nameHeaders is the set of headers to check for the display name", - "type": "array", - "items": { - "type": "string", - "default": "" + "serviceAccountToken": { + "description": "serviceAccountToken is information about the serviceAccountToken data to project", + "$ref": "#/definitions/ServiceAccountTokenProjection.v1.core.api.k8s.io" + } + } + }, + "VolumeResourceRequirements.v1.core.api.k8s.io": { + "description": "VolumeResourceRequirements describes the storage resource requirements for a volume.", + "type": "object", + "properties": { + "limits": { + "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" } }, - "preferredUsernameHeaders": { - "description": "preferredUsernameHeaders is the set of headers to check for the preferred username", - "type": "array", - "items": { - "type": "string", - "default": "" + "requests": { + "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" } } } }, - "com.github.openshift.api.config.v1.RequiredHSTSPolicy": { + "VolumeSource.v1.core.api.k8s.io": { + "description": "Represents the source of a volume to mount. Only one of its members may be specified.", "type": "object", - "required": [ - "domainPatterns", - "maxAge" - ], "properties": { - "domainPatterns": { - "description": "domainPatterns is a list of domains for which the desired HSTS annotations are required. If domainPatterns is specified and a route is created with a spec.host matching one of the domains, the route must specify the HSTS Policy components described in the matching RequiredHSTSPolicy.\n\nThe use of wildcards is allowed like this: *.foo.com matches everything under foo.com. foo.com only matches foo.com, so to cover foo.com and everything under it, you must specify *both*.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "awsElasticBlockStore": { + "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "$ref": "#/definitions/AWSElasticBlockStoreVolumeSource.v1.core.api.k8s.io" }, - "includeSubDomainsPolicy": { - "description": "includeSubDomainsPolicy means the HSTS Policy should apply to any subdomains of the host's domain name. Thus, for the host bar.foo.com, if includeSubDomainsPolicy was set to RequireIncludeSubDomains: - the host app.bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host foo.com would NOT inherit the HSTS Policy of bar.foo.com - the host def.foo.com would NOT inherit the HSTS Policy of bar.foo.com", - "type": "string" + "azureDisk": { + "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver.", + "$ref": "#/definitions/AzureDiskVolumeSource.v1.core.api.k8s.io" }, - "maxAge": { - "description": "maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts. If set to 0, it negates the effect, and hosts are removed as HSTS hosts. If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts. maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS policy will eventually expire on that client.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.MaxAgePolicy" + "azureFile": { + "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver.", + "$ref": "#/definitions/AzureFileVolumeSource.v1.core.api.k8s.io" }, - "namespaceSelector": { - "description": "namespaceSelector specifies a label selector such that the policy applies only to those routes that are in namespaces with labels that match the selector, and are in one of the DomainPatterns. Defaults to the empty LabelSelector, which matches everything.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + "cephfs": { + "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", + "$ref": "#/definitions/CephFSVolumeSource.v1.core.api.k8s.io" }, - "preloadPolicy": { - "description": "preloadPolicy directs the client to include hosts in its host preload list so that it never needs to do an initial load to get the HSTS header (note that this is not defined in RFC 6797 and is therefore client implementation-dependent).", - "type": "string" + "cinder": { + "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "$ref": "#/definitions/CinderVolumeSource.v1.core.api.k8s.io" + }, + "configMap": { + "description": "configMap represents a configMap that should populate this volume", + "$ref": "#/definitions/ConfigMapVolumeSource.v1.core.api.k8s.io" + }, + "csi": { + "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", + "$ref": "#/definitions/CSIVolumeSource.v1.core.api.k8s.io" + }, + "downwardAPI": { + "description": "downwardAPI represents downward API about the pod that should populate this volume", + "$ref": "#/definitions/DownwardAPIVolumeSource.v1.core.api.k8s.io" + }, + "emptyDir": { + "description": "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", + "$ref": "#/definitions/EmptyDirVolumeSource.v1.core.api.k8s.io" + }, + "ephemeral": { + "description": "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed.\n\nUse this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information.\n\nA pod can use both types of ephemeral volumes and persistent volumes at the same time.", + "$ref": "#/definitions/EphemeralVolumeSource.v1.core.api.k8s.io" + }, + "fc": { + "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", + "$ref": "#/definitions/FCVolumeSource.v1.core.api.k8s.io" + }, + "flexVolume": { + "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", + "$ref": "#/definitions/FlexVolumeSource.v1.core.api.k8s.io" + }, + "flocker": { + "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", + "$ref": "#/definitions/FlockerVolumeSource.v1.core.api.k8s.io" + }, + "gcePersistentDisk": { + "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "$ref": "#/definitions/GCEPersistentDiskVolumeSource.v1.core.api.k8s.io" + }, + "gitRepo": { + "description": "gitRepo represents a git repository at a particular revision. Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", + "$ref": "#/definitions/GitRepoVolumeSource.v1.core.api.k8s.io" + }, + "glusterfs": { + "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.", + "$ref": "#/definitions/GlusterfsVolumeSource.v1.core.api.k8s.io" + }, + "hostPath": { + "description": "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", + "$ref": "#/definitions/HostPathVolumeSource.v1.core.api.k8s.io" + }, + "image": { + "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", + "$ref": "#/definitions/ImageVolumeSource.v1.core.api.k8s.io" + }, + "iscsi": { + "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi", + "$ref": "#/definitions/ISCSIVolumeSource.v1.core.api.k8s.io" + }, + "nfs": { + "description": "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "$ref": "#/definitions/NFSVolumeSource.v1.core.api.k8s.io" + }, + "persistentVolumeClaim": { + "description": "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "$ref": "#/definitions/PersistentVolumeClaimVolumeSource.v1.core.api.k8s.io" + }, + "photonPersistentDisk": { + "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", + "$ref": "#/definitions/PhotonPersistentDiskVolumeSource.v1.core.api.k8s.io" + }, + "portworxVolume": { + "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on.", + "$ref": "#/definitions/PortworxVolumeSource.v1.core.api.k8s.io" + }, + "projected": { + "description": "projected items for all in one resources secrets, configmaps, and downward API", + "$ref": "#/definitions/ProjectedVolumeSource.v1.core.api.k8s.io" + }, + "quobyte": { + "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", + "$ref": "#/definitions/QuobyteVolumeSource.v1.core.api.k8s.io" + }, + "rbd": { + "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported.", + "$ref": "#/definitions/RBDVolumeSource.v1.core.api.k8s.io" + }, + "scaleIO": { + "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", + "$ref": "#/definitions/ScaleIOVolumeSource.v1.core.api.k8s.io" + }, + "secret": { + "description": "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "$ref": "#/definitions/SecretVolumeSource.v1.core.api.k8s.io" + }, + "storageos": { + "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", + "$ref": "#/definitions/StorageOSVolumeSource.v1.core.api.k8s.io" + }, + "vsphereVolume": { + "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver.", + "$ref": "#/definitions/VsphereVirtualDiskVolumeSource.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.Scheduler": { - "description": "Scheduler holds cluster-wide config information to run the Kubernetes Scheduler and influence its placement decisions. The canonical name for this config is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "VsphereVirtualDiskVolumeSource.v1.core.api.k8s.io": { + "description": "Represents a vSphere volume resource.", "type": "object", "required": [ - "spec" + "volumePath" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "fsType": { + "description": "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "storagePolicyID": { + "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SchedulerSpec" + "storagePolicyName": { + "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", + "type": "string" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SchedulerStatus" + "volumePath": { + "description": "volumePath is the path that identifies vSphere volume vmdk", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.SchedulerList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "WatchEvent.v1.meta.apis.pkg.apimachinery.k8s.io": { + "description": "Event represents a single event to a watched resource.", "type": "object", "required": [ - "metadata", - "items" + "type", + "object" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.Scheduler" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "object": { + "description": "Object is:\n * If Type is Added or Modified: the new state of the object.\n * If Type is Deleted: the state of the object immediately before deletion.\n * If Type is Error: *Status is recommended; other types may make sense\n depending on context.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "type": { + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.SchedulerSpec": { + "WebhookClientConfig.v1.admissionregistration.api.k8s.io": { + "description": "WebhookClientConfig contains the information to make a TLS connection with the webhook", "type": "object", "properties": { - "defaultNodeSelector": { - "description": "defaultNodeSelector helps set the cluster-wide default node selector to restrict pod placement to specific nodes. This is applied to the pods created in all namespaces and creates an intersection with any existing nodeSelectors already set on a pod, additionally constraining that pod's selector. For example, defaultNodeSelector: \"type=user-node,region=east\" would set nodeSelector field in pod spec to \"type=user-node,region=east\" to all pods created in all namespaces. Namespaces having project-wide node selectors won't be impacted even if this field is set. This adds an annotation section to the namespace. For example, if a new namespace is created with node-selector='type=user-node,region=east', the annotation openshift.io/node-selector: type=user-node,region=east gets added to the project. When the openshift.io/node-selector annotation is set on the project the value is used in preference to the value we are setting for defaultNodeSelector field. For instance, openshift.io/node-selector: \"type=user-node,region=west\" means that the default of \"type=user-node,region=east\" set in defaultNodeSelector would not be applied.", - "type": "string" - }, - "mastersSchedulable": { - "description": "mastersSchedulable allows masters nodes to be schedulable. When this flag is turned on, all the master nodes in the cluster will be made schedulable, so that workload pods can run on them. The default value for this field is false, meaning none of the master nodes are schedulable. Important Note: Once the workload pods start running on the master nodes, extreme care must be taken to ensure that cluster-critical control plane components are not impacted. Please turn on this field after doing due diligence.", - "type": "boolean", - "default": false + "caBundle": { + "description": "`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.", + "type": "string", + "format": "byte" }, - "policy": { - "description": "DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. policy is a reference to a ConfigMap containing scheduler policy which has user specified predicates and priorities. If this ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. The namespace for this configmap is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "service": { + "description": "`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.\n\nIf the webhook is running within the cluster, then you should use `service`.", + "$ref": "#/definitions/ServiceReference.v1.admissionregistration.api.k8s.io" }, - "profile": { - "description": "profile sets which scheduling profile should be set in order to configure scheduling decisions for new pods.\n\nValid values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" Defaults to \"LowNodeUtilization\"", + "url": { + "description": "`url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.\n\nThe `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.\n\nPlease note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.\n\nThe scheme must be \"https\"; the URL must begin with \"https://\".\n\nA path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.\n\nAttempting to use a user or basic auth e.g. \"user:password@\" is not allowed. Fragments (\"#...\") and query parameters (\"?...\") are not allowed, either.", "type": "string" - }, - "profileCustomizations": { - "description": "profileCustomizations contains configuration for modifying the default behavior of existing scheduler profiles. Deprecated: no longer needed, since DRA is GA starting with 4.21, and is enabled by' default in the cluster, this field will be removed in 4.24.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ProfileCustomizations" } } }, - "com.github.openshift.api.config.v1.SchedulerStatus": { - "type": "object" - }, - "com.github.openshift.api.config.v1.SecretNameReference": { - "description": "SecretNameReference references a secret in a specific namespace. The namespace must be specified at the point of use.", + "WeightedPodAffinityTerm.v1.core.api.k8s.io": { + "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", "type": "object", "required": [ - "name" + "weight", + "podAffinityTerm" ], "properties": { - "name": { - "description": "name is the metadata.name of the referenced secret", - "type": "string", - "default": "" + "podAffinityTerm": { + "description": "Required. A pod affinity term, associated with the corresponding weight.", + "default": {}, + "$ref": "#/definitions/PodAffinityTerm.v1.core.api.k8s.io" + }, + "weight": { + "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "com.github.openshift.api.config.v1.ServingInfo": { - "description": "ServingInfo holds information about serving web pages", + "WindowsSecurityContextOptions.v1.core.api.k8s.io": { + "description": "WindowsSecurityContextOptions contain Windows-specific options and credentials.", + "type": "object", + "properties": { + "gmsaCredentialSpec": { + "description": "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", + "type": "string" + }, + "gmsaCredentialSpecName": { + "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", + "type": "string" + }, + "hostProcess": { + "description": "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", + "type": "boolean" + }, + "runAsUserName": { + "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", + "type": "string" + } + } + }, + "WorkloadReference.v1.core.api.k8s.io": { + "description": "WorkloadReference identifies the Workload object and PodGroup membership that a Pod belongs to. The scheduler uses this information to apply workload-aware scheduling semantics.", "type": "object", "required": [ - "bindAddress", - "bindNetwork", - "certFile", - "keyFile" + "name", + "podGroup" ], "properties": { - "bindAddress": { - "description": "bindAddress is the ip:port to serve on", - "type": "string", - "default": "" - }, - "bindNetwork": { - "description": "bindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", + "name": { + "description": "Name defines the name of the Workload object this Pod belongs to. Workload must be in the same namespace as the Pod. If it doesn't match any existing Workload, the Pod will remain unschedulable until a Workload object is created and observed by the kube-scheduler. It must be a DNS subdomain.", "type": "string", "default": "" }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", + "podGroup": { + "description": "PodGroup is the name of the PodGroup within the Workload that this Pod belongs to. If it doesn't match any existing PodGroup within the Workload, the Pod will remain unschedulable until the Workload object is recreated and observed by the kube-scheduler. It must be a DNS label.", "type": "string", "default": "" }, - "cipherSuites": { - "description": "cipherSuites contains an overridden list of ciphers for the server to support. Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "clientCA": { - "description": "clientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates", + "podGroupReplicaKey": { + "description": "PodGroupReplicaKey specifies the replica key of the PodGroup to which this Pod belongs. It is used to distinguish pods belonging to different replicas of the same pod group. The pod group policy is applied separately to each replica. When set, it must be a DNS label.", "type": "string" - }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - "type": "string", - "default": "" - }, - "minTLSVersion": { - "description": "minTLSVersion is the minimum TLS version supported. Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants", + } + } + }, + "com.github.openshift.api.apiextensions.v1alpha1.APIExcludedField": { + "description": "APIExcludedField describes a field in the schema which will not be validated by crdSchemaValidation or objectSchemaValidation.", + "type": "object", + "required": [ + "path", + "versions" + ], + "properties": { + "path": { + "description": "path is the path to the field in the schema. Paths are dot-separated field names (e.g., \"fieldA.fieldB.fieldC\") representing nested object fields. If part of the path is a slice (e.g., \"status.conditions\") the remaining path is applied to all items in the slice (e.g., \"status.conditions.lastTransitionTimestamp\"). Each field name must be a valid Kubernetes CRD field name: start with a letter, contain only letters, digits, and underscores, and be between 1 and 63 characters in length. A path may contain at most 16 fields.", "type": "string" }, - "namedCertificates": { - "description": "namedCertificates is a list of certificates to use to secure requests to specific hostnames", + "versions": { + "description": "versions are the API versions the field is excluded from. When not specified, the field is excluded from all versions.\n\nEach item must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character. At most 32 versions may be specified.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.NamedCertificate" - } + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" } } }, - "com.github.openshift.api.config.v1.SignatureStore": { - "description": "SignatureStore represents the URL of custom Signature Store", + "com.github.openshift.api.apiextensions.v1alpha1.APIVersions": { + "description": "APIVersions specifies a set of API versions of a CRD.", "type": "object", "required": [ - "url" + "defaultSelection" ], "properties": { - "ca": { - "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the signature store is not honored. If the specified ca data is not valid, the signature store is not honored. If empty, we fall back to the CA configured via Proxy, which is appended to the default system roots. The namespace for this config map is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "additionalVersions": { + "description": "additionalVersions specifies a set api versions to require in addition to the default selection. It is explicitly permitted to specify a version in additionalVersions which was also selected by the default selection. The selections will be merged and deduplicated.\n\nEach item must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character.// with an alphabetic character and end with an alphanumeric character. At most 32 additional versions may be specified.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" }, - "url": { - "description": "url contains the upstream custom signature store URL. url should be a valid absolute http/https URI of an upstream signature store as per rfc1738. This must be provided and cannot be empty.", - "type": "string", - "default": "" + "defaultSelection": { + "description": "defaultSelection specifies a method for automatically selecting a set of versions to require.\n\nValid options are StorageOnly and AllServed. When set to StorageOnly, only the storage version is selected for compatibility assessment. When set to AllServed, all served versions are selected for compatibility assessment.\n\nThis field is required.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.Storage": { - "description": "Storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", + "com.github.openshift.api.apiextensions.v1alpha1.CRDData": { + "description": "CRDData contains the complete definition of a CRD.", "type": "object", "required": [ - "type" + "type", + "data" ], "properties": { - "persistentVolume": { - "description": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.PersistentVolumeConfig" + "data": { + "description": "data contains the complete definition of the CRD. This field must be in the format specified by the type field. It may not be longer than 1572864 characters. This field is required.", + "type": "string" }, "type": { - "description": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field.", + "description": "type indicates the type of the CRD data. The only supported type is \"YAML\". This field is required.", "type": "string" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "persistentVolume": "PersistentVolume" - } - } - ] + } }, - "com.github.openshift.api.config.v1.StringSource": { - "description": "StringSource allows specifying a string inline, or externally via env var or file. When it contains only a string value, it marshals to a simple JSON string.", + "com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirement": { + "description": "CompatibilityRequirement expresses a set of requirements on a target CRD. It is used to ensure compatibility between different actors using the same CRD.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "value", - "env", - "file", - "keyFile" + "metadata", + "spec" ], "properties": { - "env": { - "description": "env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "file": { - "description": "file references a file containing the cleartext value, or an encrypted value if a keyFile is specified.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "keyFile": { - "description": "keyFile references a file containing the key to use to decrypt the value.", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "value": { - "description": "value specifies the cleartext value, or an encrypted value if keyFile is specified.", - "type": "string", - "default": "" + "spec": { + "description": "spec is the specification of the desired behavior of the Compatibility Requirement.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirementSpec" + }, + "status": { + "description": "status is the most recently observed status of the Compatibility Requirement.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirementStatus" } } }, - "com.github.openshift.api.config.v1.StringSourceSpec": { - "description": "StringSourceSpec specifies a string value, or external location", + "com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirementList": { + "description": "CompatibilityRequirementList is a collection of CompatibilityRequirements.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", - "required": [ - "value", - "env", - "file", - "keyFile" - ], "properties": { - "env": { - "description": "env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "file": { - "description": "file references a file containing the cleartext value, or an encrypted value if a keyFile is specified.", - "type": "string", - "default": "" + "items": { + "description": "items is a list of CompatibilityRequirements.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirement" + } }, - "keyFile": { - "description": "keyFile references a file containing the key to use to decrypt the value.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "value": { - "description": "value specifies the cleartext value, or an encrypted value if keyFile is specified.", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1.TLSProfileSpec": { - "description": "TLSProfileSpec is the desired behavior of a TLSSecurityProfile.", + "com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirementSpec": { + "description": "CompatibilityRequirementSpec is the specification of the desired behavior of the Compatibility Requirement.", "type": "object", "required": [ - "ciphers", - "minTLSVersion" + "compatibilitySchema" ], "properties": { - "ciphers": { - "description": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries that their operands do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml):\n\n ciphers:\n - ECDHE-RSA-AES128-GCM-SHA256\n\nTLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable and are always enabled when TLS 1.3 is negotiated.", + "compatibilitySchema": { + "description": "compatibilitySchema defines the schema used by customResourceDefinitionSchemaValidation and objectSchemaValidation. This field is required.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.CompatibilitySchema" + }, + "customResourceDefinitionSchemaValidation": { + "description": "customResourceDefinitionSchemaValidation ensures that updates to the installed CRD are compatible with this compatibility requirement. If not specified, admission of the target CRD will not be validated. This field is optional.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.CustomResourceDefinitionSchemaValidation" + }, + "objectSchemaValidation": { + "description": "objectSchemaValidation ensures that matching resources conform to compatibilitySchema. If not specified, admission of matching resources will not be validated. This field is optional.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.ObjectSchemaValidation" + } + } + }, + "com.github.openshift.api.apiextensions.v1alpha1.CompatibilityRequirementStatus": { + "description": "CompatibilityRequirementStatus defines the observed status of the Compatibility Requirement.", + "type": "object", + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status. Known condition types are Progressing, Admitted, and Compatible.\n\nThe Progressing condition indicates if reconciliation of a CompatibilityRequirement is still progressing or has finished.\n\nThe Admitted condition indicates if the validating webhook has been configured.\n\nThe Compatible condition indicates if the observed CRD is compatible with the requirement.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "crdName": { + "description": "crdName is the name of the target CRD. The target CRD is not required to exist, as we may legitimately place requirements on it before it is created. The observed CRD is given in status.observedCRD, which will be empty if no CRD is observed. When present, must be between 1 and 253 characters and conform to RFC 1123 subdomain format: lowercase alphanumeric characters, '-' or '.', starting and ending with alphanumeric characters. When not specified, the requirement applies to any CRD name discovered from the compatibility schema. This field is optional. Once set, the value cannot be changed and must always remain set.", + "type": "string" + }, + "observedCRD": { + "description": "observedCRD documents the uid and generation of the CRD object when the current status was written. This field will be omitted if the target CRD does not exist or could not be retrieved.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.ObservedCRD" + } + } + }, + "com.github.openshift.api.apiextensions.v1alpha1.CompatibilitySchema": { + "description": "CompatibilitySchema defines the schema used by crdSchemaValidation and objectSchemaValidation.", + "type": "object", + "required": [ + "customResourceDefinition", + "requiredVersions" + ], + "properties": { + "customResourceDefinition": { + "description": "customResourceDefinition contains the complete definition of the CRD for schema and object validation purposes. This field is required.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.CRDData" }, - "curves": { - "description": "curves is an optional field used to specify the elliptic curves that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one curve and each curve must be unique.\n\nFor example, to use X25519 and secp256r1 (yaml):\n\n curves:\n - X25519\n - secp256r1", + "excludedFields": { + "description": "excludedFields is a set of fields in the schema which will not be validated by crdSchemaValidation or objectSchemaValidation. The list may contain at most 64 fields. Each path in the list must be unique. When not specified, all fields in the schema will be validated.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.APIExcludedField" }, - "x-kubernetes-list-type": "set" + "x-kubernetes-list-type": "atomic" }, - "minTLSVersion": { - "description": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11", - "type": "string", - "default": "" + "requiredVersions": { + "description": "requiredVersions specifies a subset of the CRD's API versions which will be asserted for compatibility. This field is required.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiextensions.v1alpha1.APIVersions" } } }, - "com.github.openshift.api.config.v1.TLSSecurityProfile": { - "description": "TLSSecurityProfile defines the schema for a TLS security profile. This object is used by operators to apply TLS security settings to operands.", + "com.github.openshift.api.apiextensions.v1alpha1.CustomResourceDefinitionSchemaValidation": { + "description": "CustomResourceDefinitionSchemaValidation ensures that updates to the installed CRD are compatible with this compatibility requirement.", "type": "object", + "required": [ + "action" + ], "properties": { - "custom": { - "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic.\n\nThe curve list for this profile is empty by default.\n\nAn example custom profile looks like this:\n\n minTLSVersion: VersionTLS11\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256", - "$ref": "#/definitions/com.github.openshift.api.config.v1.CustomTLSProfile" - }, - "intermediate": { - "description": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe curve list includes by default the following curves: X25519, secp256r1, secp384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305", - "$ref": "#/definitions/com.github.openshift.api.config.v1.IntermediateTLSProfile" - }, - "modern": { - "description": "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The curve list includes by default the following curves: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256", - "$ref": "#/definitions/com.github.openshift.api.config.v1.ModernTLSProfile" - }, - "old": { - "description": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe curve list includes by default the following curves: X25519, secp256r1, secp384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", - "$ref": "#/definitions/com.github.openshift.api.config.v1.OldTLSProfile" - }, - "type": { - "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe profiles are based on version 5.7 of the Mozilla Server Side TLS configuration guidelines. The cipher lists consist of the configuration's \"ciphersuites\" followed by the Go-specific \"ciphers\" from the guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.", + "action": { + "description": "action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). Valid options are Deny and Warn. When set to Deny, incompatible CRDs will be rejected and not admitted to the cluster. When set to Warn, incompatible CRDs will be allowed but a warning will be generated in the API response. This field is required.\n\nPossible enum values:\n - `\"Deny\"` means that incompatible CRDs will be rejected.\n - `\"Warn\"` means that incompatible CRDs will be allowed but a warning will be generated.", "type": "string", - "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "custom": "Custom", - "intermediate": "Intermediate", - "modern": "Modern", - "old": "Old" - } + "enum": [ + "Deny", + "Warn" + ] } - ] + } }, - "com.github.openshift.api.config.v1.TemplateReference": { - "description": "TemplateReference references a template in a specific namespace. The namespace must be specified at the point of use.", + "com.github.openshift.api.apiextensions.v1alpha1.ObjectSchemaValidation": { + "description": "ObjectSchemaValidation ensures that matching objects conform to the compatibilitySchema.", "type": "object", "required": [ - "name" + "action" ], "properties": { - "name": { - "description": "name is the metadata.name of the referenced project request template", + "action": { + "description": "action determines whether violations are rejected (Deny) or admitted with an API warning (Warn). Valid options are Deny and Warn. When set to Deny, incompatible Objects will be rejected and not admitted to the cluster. When set to Warn, incompatible Objects will be allowed but a warning will be generated in the API response. This field is required.\n\nPossible enum values:\n - `\"Deny\"` means that incompatible CRDs will be rejected.\n - `\"Warn\"` means that incompatible CRDs will be allowed but a warning will be generated.", "type": "string", - "default": "" + "enum": [ + "Deny", + "Warn" + ] + }, + "matchConditions": { + "description": "matchConditions defines the matchConditions field of the resulting ValidatingWebhookConfiguration. When present, must contain between 1 and 64 match conditions. When not specified, the webhook will match all requests according to its other selectors.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/MatchCondition.v1.admissionregistration.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "namespaceSelector": { + "description": "namespaceSelector defines a label selector for namespaces. If defined, only objects in a namespace with matching labels will be subject to validation. When not specified, objects for validation will not be filtered by namespace.", + "default": {}, + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "objectSelector": { + "description": "objectSelector defines a label selector for objects. If defined, only objects with matching labels will be subject to validation. When not specified, objects for validation will not be filtered by label.", + "default": {}, + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1.TestDetails": { + "com.github.openshift.api.apiextensions.v1alpha1.ObservedCRD": { + "description": "ObservedCRD contains information about the observed target CRD.", "type": "object", "required": [ - "testName" + "uid", + "generation" ], "properties": { - "testName": { - "description": "testName is the name of the test as it appears in junit XMLs. It does not include the suite name since the same test can be executed in many suites.", - "type": "string", - "default": "" + "generation": { + "description": "generation is the observed generation of the CRD. Must be a positive integer (minimum value of 1).", + "type": "integer", + "format": "int64" + }, + "uid": { + "description": "uid is the uid of the observed CRD. Must be a valid UUID consisting of lowercase hexadecimal digits in 5 hyphenated blocks (8-4-4-4-12 format). Length must be between 1 and 36 characters.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.TestReporting": { - "description": "TestReporting is used for origin (and potentially others) to report the test names for a given FeatureGate into the payload for later analysis on a per-payload basis. This doesn't need any CRD because it's never stored in the cluster.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.apiserver.v1.APIRequestCount": { + "description": "APIRequestCount tracks requests made to an API. The instance name must be of the form `resource.version.group`, matching the resource.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "spec" @@ -11427,939 +11837,1009 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { + "description": "spec defines the characteristics of the resource.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.TestReportingSpec" + "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.APIRequestCountSpec" }, "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", + "description": "status contains the observed state of the resource.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.TestReportingStatus" + "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.APIRequestCountStatus" } } }, - "com.github.openshift.api.config.v1.TestReportingSpec": { + "com.github.openshift.api.apiserver.v1.APIRequestCountList": { + "description": "APIRequestCountList is a list of APIRequestCount resources.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "testsForFeatureGates" + "metadata", + "items" ], "properties": { - "testsForFeatureGates": { - "description": "testsForFeatureGates is a list, indexed by FeatureGate and includes information about testing.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGateTests" + "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.APIRequestCount" } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1.TestReportingStatus": { - "type": "object" - }, - "com.github.openshift.api.config.v1.TokenClaimMapping": { - "description": "TokenClaimMapping allows specifying a JWT token claim to be used when mapping claims from an authentication token to cluster identities.", + "com.github.openshift.api.apiserver.v1.APIRequestCountSpec": { "type": "object", - "required": [ - "claim" - ], "properties": { - "claim": { - "description": "claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping.", - "type": "string", - "default": "" + "numberOfUsersToReport": { + "description": "numberOfUsersToReport is the number of users to include in the report. If unspecified or zero, the default is ten. This is default is subject to change.", + "type": "integer", + "format": "int64", + "default": 0 } } }, - "com.github.openshift.api.config.v1.TokenClaimMappings": { + "com.github.openshift.api.apiserver.v1.APIRequestCountStatus": { "type": "object", "required": [ - "username" + "requestCount" ], "properties": { - "extra": { - "description": "extra is an optional field for configuring the mappings used to construct the extra attribute for the cluster identity. When omitted, no extra attributes will be present on the cluster identity.\n\nkey values for extra mappings must be unique. A maximum of 32 extra attribute mappings may be provided.", + "conditions": { + "description": "conditions contains details of the current status of this API Resource.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ExtraMapping" + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" }, "x-kubernetes-list-map-keys": [ - "key" + "type" ], "x-kubernetes-list-type": "map" }, - "groups": { - "description": "groups is an optional field that configures how the groups of a cluster identity should be constructed from the claims in a JWT token issued by the identity provider.\n\nWhen referencing a claim, if the claim is present in the JWT token, its value must be a list of groups separated by a comma (',').\n\nFor example - '\"example\"' and '\"exampleOne\", \"exampleTwo\", \"exampleThree\"' are valid claim values.", + "currentHour": { + "description": "currentHour contains request history for the current hour. This is porcelain to make the API easier to read by humans seeing if they addressed a problem. This field is reset on the hour.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.PrefixedClaimMapping" + "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.PerResourceAPIRequestLog" }, - "uid": { - "description": "uid is an optional field for configuring the claim mapping used to construct the uid for the cluster identity.\n\nWhen using uid.claim to specify the claim it must be a single string value. When using uid.expression the expression must result in a single string value.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a default, which is subject to change over time.\n\nThe current default is to use the 'sub' claim.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenClaimOrExpressionMapping" + "last24h": { + "description": "last24h contains request history for the last 24 hours, indexed by the hour, so 12:00AM-12:59 is in index 0, 6am-6:59am is index 6, etc. The index of the current hour is updated live and then duplicated into the requestsLastHour field.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.PerResourceAPIRequestLog" + } }, - "username": { - "description": "username is a required field that configures how the username of a cluster identity should be constructed from the claims in a JWT token issued by the identity provider.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.UsernameClaimMapping" + "removedInRelease": { + "description": "removedInRelease is when the API will be removed.", + "type": "string" + }, + "requestCount": { + "description": "requestCount is a sum of all requestCounts across all current hours, nodes, and users.", + "type": "integer", + "format": "int64", + "default": 0 } } }, - "com.github.openshift.api.config.v1.TokenClaimOrExpressionMapping": { - "description": "TokenClaimOrExpressionMapping allows specifying either a JWT token claim or CEL expression to be used when mapping claims from an authentication token to cluster identities.", + "com.github.openshift.api.apiserver.v1.PerNodeAPIRequestLog": { + "description": "PerNodeAPIRequestLog contains logs of requests to a certain node.", "type": "object", + "required": [ + "nodeName", + "requestCount", + "byUser" + ], "properties": { - "claim": { - "description": "claim is an optional field for specifying the JWT token claim that is used in the mapping. The value of this claim will be assigned to the field in which this mapping is associated.\n\nPrecisely one of claim or expression must be set. claim must not be specified when expression is set. When specified, claim must be at least 1 character in length and must not exceed 256 characters in length.", - "type": "string" + "byUser": { + "description": "byUser contains request details by top .spec.numberOfUsersToReport users. Note that because in the case of an apiserver, restart the list of top users is determined on a best-effort basis, the list might be imprecise. In addition, some system users may be explicitly included in the list.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.PerUserAPIRequestCount" + } }, - "expression": { - "description": "expression is an optional field for specifying a CEL expression that produces a string value from JWT token claims.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'. 'claims' is a map of claim names to claim values. For example, the 'sub' claim value can be accessed as 'claims.sub'. Nested claims can be accessed using dot notation ('claims.foo.bar').\n\nPrecisely one of claim or expression must be set. expression must not be specified when claim is set. When specified, expression must be at least 1 character in length and must not exceed 1024 characters in length.", - "type": "string" + "nodeName": { + "description": "nodeName where the request are being handled.", + "type": "string", + "default": "" + }, + "requestCount": { + "description": "requestCount is a sum of all requestCounts across all users, even those outside of the top 10 users.", + "type": "integer", + "format": "int64", + "default": 0 } } }, - "com.github.openshift.api.config.v1.TokenClaimValidationCELRule": { + "com.github.openshift.api.apiserver.v1.PerResourceAPIRequestLog": { + "description": "PerResourceAPIRequestLog logs request for various nodes.", "type": "object", "required": [ - "expression", - "message" + "requestCount" ], "properties": { - "expression": { - "description": "expression is a CEL expression evaluated against token claims. expression is required, must be at least 1 character in length and must not exceed 1024 characters. The expression must return a boolean value where 'true' signals a valid token and 'false' an invalid one.", - "type": "string" + "byNode": { + "description": "byNode contains logs of requests per node.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.PerNodeAPIRequestLog" + } }, - "message": { - "description": "message is a required human-readable message to be logged by the Kubernetes API server if the CEL expression defined in 'expression' fails. message must be at least 1 character in length and must not exceed 256 characters.", - "type": "string" + "requestCount": { + "description": "requestCount is a sum of all requestCounts across nodes.", + "type": "integer", + "format": "int64", + "default": 0 } } }, - "com.github.openshift.api.config.v1.TokenClaimValidationRule": { - "description": "TokenClaimValidationRule represents a validation rule based on token claims. If type is RequiredClaim, requiredClaim must be set. If Type is CEL, CEL must be set and RequiredClaim must be omitted.", + "com.github.openshift.api.apiserver.v1.PerUserAPIRequestCount": { + "description": "PerUserAPIRequestCount contains logs of a user's requests.", "type": "object", "required": [ - "type" + "username", + "userAgent", + "requestCount", + "byVerb" ], "properties": { - "cel": { - "description": "cel holds the CEL expression and message for validation. Must be set when Type is \"CEL\", and forbidden otherwise.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenClaimValidationCELRule" + "byVerb": { + "description": "byVerb details by verb.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apiserver.v1.PerVerbAPIRequestCount" + } }, - "requiredClaim": { - "description": "requiredClaim allows configuring a required claim name and its expected value. This field is required when `type` is set to RequiredClaim, and must be omitted when `type` is set to any other value. The Kubernetes API server uses this field to validate if an incoming JWT is valid for this identity provider.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenRequiredClaim" + "requestCount": { + "description": "requestCount of requests by the user across all verbs.", + "type": "integer", + "format": "int64", + "default": 0 + }, + "userAgent": { + "description": "userAgent that made the request. The same user often has multiple binaries which connect (pods with many containers). The different binaries will have different userAgents, but the same user. In addition, we have userAgents with version information embedded and the userName isn't likely to change.", + "type": "string", + "default": "" }, - "type": { - "description": "type is an optional field that configures the type of the validation rule.\n\nAllowed values are \"RequiredClaim\" and \"CEL\".\n\nWhen set to 'RequiredClaim', the Kubernetes API server will be configured to validate that the incoming JWT contains the required claim and that its value matches the required value.\n\nWhen set to 'CEL', the Kubernetes API server will be configured to validate the incoming JWT against the configured CEL expression.", + "username": { + "description": "username that made the request.", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.TokenConfig": { - "description": "TokenConfig holds the necessary configuration options for authorization and access tokens", + "com.github.openshift.api.apiserver.v1.PerVerbAPIRequestCount": { + "description": "PerVerbAPIRequestCount requestCounts requests by API request verb.", "type": "object", + "required": [ + "verb", + "requestCount" + ], "properties": { - "accessTokenInactivityTimeout": { - "description": "accessTokenInactivityTimeout defines the token inactivity timeout for tokens granted by any client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Takes valid time duration string such as \"5m\", \"1.5h\" or \"2h45m\". The minimum allowed value for duration is 300s (5 minutes). If the timeout is configured per client, then that value takes precedence. If the timeout value is not specified and the client does not override the value, then tokens are valid until their lifetime.\n\nWARNING: existing tokens' timeout will not be affected (lowered) by changing this value", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" - }, - "accessTokenInactivityTimeoutSeconds": { - "description": "accessTokenInactivityTimeoutSeconds - DEPRECATED: setting this field has no effect.", + "requestCount": { + "description": "requestCount of requests for verb.", "type": "integer", - "format": "int32" + "format": "int64", + "default": 0 }, - "accessTokenMaxAgeSeconds": { - "description": "accessTokenMaxAgeSeconds defines the maximum age of access tokens", - "type": "integer", - "format": "int32" + "verb": { + "description": "verb of API request (get, list, create, etc...)", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.TokenIssuer": { + "com.github.openshift.api.apps.v1.CustomDeploymentStrategyParams": { + "description": "CustomDeploymentStrategyParams are the input to the Custom deployment strategy.", "type": "object", - "required": [ - "issuerURL", - "audiences" - ], "properties": { - "audiences": { - "description": "audiences is a required field that configures the acceptable audiences the JWT token, issued by the identity provider, must be issued to. At least one of the entries must match the 'aud' claim in the JWT token.\n\naudiences must contain at least one entry and must not exceed ten entries.", + "command": { + "description": "command is optional and overrides CMD in the container Image.", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "set" - }, - "discoveryURL": { - "description": "discoveryURL is an optional field that, if specified, overrides the default discovery endpoint used to retrieve OIDC configuration metadata. By default, the discovery URL is derived from `issuerURL` as \"{issuerURL}/.well-known/openid-configuration\".\n\nThe discoveryURL must be a valid absolute HTTPS URL. It must not contain query parameters, user information, or fragments. Additionally, it must differ from the value of `issuerURL` (ignoring trailing slashes). The discoveryURL value must be at least 1 character long and no longer than 2048 characters.", - "type": "string" + } }, - "issuerCertificateAuthority": { - "description": "issuerCertificateAuthority is an optional field that configures the certificate authority, used by the Kubernetes API server, to validate the connection to the identity provider when fetching discovery information.\n\nWhen not specified, the system trust is used.\n\nWhen specified, it must reference a ConfigMap in the openshift-config namespace containing the PEM-encoded CA certificates under the 'ca-bundle.crt' key in the data field of the ConfigMap.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "environment": { + "description": "environment holds the environment which will be given to the container for Image.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" + } }, - "issuerURL": { - "description": "issuerURL is a required field that configures the URL used to issue tokens by the identity provider. The Kubernetes API server determines how authentication tokens should be handled by matching the 'iss' claim in the JWT to the issuerURL of configured identity providers.\n\nMust be at least 1 character and must not exceed 512 characters in length. Must be a valid URL that uses the 'https' scheme and does not contain a query, fragment or user.", - "type": "string", - "default": "" + "image": { + "description": "image specifies a container image which can carry out a deployment.", + "type": "string" } } }, - "com.github.openshift.api.config.v1.TokenRequiredClaim": { + "com.github.openshift.api.apps.v1.DeploymentCause": { + "description": "DeploymentCause captures information about a particular cause of a deployment.", "type": "object", "required": [ - "claim", - "requiredValue" + "type" ], "properties": { - "claim": { - "description": "claim is a required field that configures the name of the required claim. When taken from the JWT claims, claim must be a string value.\n\nclaim must not be an empty string (\"\").", - "type": "string", - "default": "" + "imageTrigger": { + "description": "imageTrigger contains the image trigger details, if this trigger was fired based on an image change", + "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentCauseImageTrigger" }, - "requiredValue": { - "description": "requiredValue is a required field that configures the value that 'claim' must have when taken from the incoming JWT claims. If the value in the JWT claims does not match, the token will be rejected for authentication.\n\nrequiredValue must not be an empty string (\"\").", + "type": { + "description": "type of the trigger that resulted in the creation of a new deployment", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.TokenUserValidationRule": { - "description": "TokenUserValidationRule provides a CEL-based rule used to validate a token subject. Each rule contains a CEL expression that is evaluated against the token’s claims.", + "com.github.openshift.api.apps.v1.DeploymentCauseImageTrigger": { + "description": "DeploymentCauseImageTrigger represents details about the cause of a deployment originating from an image change trigger", "type": "object", "required": [ - "expression", - "message" + "from" ], "properties": { - "expression": { - "description": "expression is a required CEL expression that performs a validation on cluster user identity attributes like username, groups, etc.\n\nThe expression must evaluate to a boolean value. When the expression evaluates to 'true', the cluster user identity is considered valid. When the expression evaluates to 'false', the cluster user identity is not considered valid. expression must be at least 1 character in length and must not exceed 1024 characters.", - "type": "string" - }, - "message": { - "description": "message is a required human-readable message to be logged by the Kubernetes API server if the CEL expression defined in 'expression' fails. message must be at least 1 character in length and must not exceed 256 characters.", - "type": "string" + "from": { + "description": "from is a reference to the changed object which triggered a deployment. The field may have the kinds DockerImage, ImageStreamTag, or ImageStreamImage.", + "default": {}, + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1.Update": { - "description": "Update represents an administrator update request.", + "com.github.openshift.api.apps.v1.DeploymentCondition": { + "description": "DeploymentCondition describes the state of a deployment config at a certain point.", "type": "object", + "required": [ + "type", + "status" + ], "properties": { - "acceptRisks": { - "description": "acceptRisks is an optional set of names of conditional update risks that are considered acceptable. A conditional update is performed only if all of its risks are acceptable. This list may contain entries that apply to current, previous or future updates. The entries therefore may not map directly to a risk in .status.conditionalUpdateRisks. acceptRisks must not contain more than 1000 entries. Entries in this list must be unique.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AcceptRisk" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "lastTransitionTime": { + "description": "The last time the condition transitioned from one status to another.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "architecture": { - "description": "architecture is an optional field that indicates the desired value of the cluster architecture. In this context cluster architecture means either a single architecture or a multi architecture. architecture can only be set to Multi thereby only allowing updates from single to multi architecture. If architecture is set, image cannot be set and version must be set. Valid values are 'Multi' and empty.", - "type": "string", - "default": "" + "lastUpdateTime": { + "description": "The last time this condition was updated.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "force": { - "description": "force allows an administrator to update to an image that has failed verification or upgradeable checks that are designed to keep your cluster safe. Only use this if: * you are testing unsigned release images in short-lived test clusters or * you are working around a known bug in the cluster-version\n operator and you have verified the authenticity of the provided\n image yourself.\nThe provided image will run with full administrative access to the cluster. Do not use this flag with images that come from unknown or potentially malicious sources.", - "type": "boolean", - "default": false + "message": { + "description": "A human readable message indicating details about the transition.", + "type": "string" }, - "image": { - "description": "image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. When image is set, architecture cannot be specified. If both version and image are set, the version extracted from the referenced image must match the specified version.", + "reason": { + "description": "The reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", "type": "string", "default": "" }, - "version": { - "description": "version is a semantic version identifying the update version. version is required if architecture is specified. If both version and image are set, the version extracted from the referenced image must match the specified version.", + "type": { + "description": "type of deployment condition.", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1.UpdateHistory": { - "description": "UpdateHistory is a single attempted update to the cluster.", + "com.github.openshift.api.apps.v1.DeploymentConfig": { + "description": "Deployment Configs define the template for a pod and manages deploying new images or configuration changes. A single deployment configuration is usually analogous to a single micro-service. Can support many different deployment patterns, including full restart, customizable rolling updates, and fully custom behaviors, as well as pre- and post- deployment hooks. Each individual deployment is represented as a replication controller.\n\nA deployment is \"triggered\" when its configuration is changed or a tag in an Image Stream is changed. Triggers can be disabled to allow manual control over a deployment. The \"strategy\" determines how the deployment is carried out and may be changed at any time. The `latestVersion` field is updated when a new deployment is triggered by any means.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). Deprecated: Use deployments or other means for declarative updates for pods instead.", "type": "object", "required": [ - "state", - "startedTime", - "completionTime", - "image", - "verified" + "spec" ], "properties": { - "acceptedRisks": { - "description": "acceptedRisks records risks which were accepted to initiate the update. For example, it may mention an Upgradeable=False or missing signature that was overridden via desiredUpdate.force, or an update that was initiated despite not being in the availableUpdates set of recommended update targets.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "completionTime": { - "description": "completionTime, if set, is when the update was fully applied. The update that is currently being applied will have a null completion time. Completion time will always be set for entries that are not the current update (usually to the started time of the next update).", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "image": { - "description": "image is a container image location that contains the update. This value is always populated.", - "type": "string", - "default": "" - }, - "startedTime": { - "description": "startedTime is the time at which the update was started.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "state": { - "description": "state reflects whether the update was fully applied. The Partial state indicates the update is not fully applied, while the Completed state indicates the update was successfully rolled out at least once (all parts of the update successfully applied).", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "verified": { - "description": "verified indicates whether the provided update was properly verified before it was installed. If this is false the cluster may not be trusted. Verified does not cover upgradeable checks that depend on the cluster state at the time when the update target was accepted.", - "type": "boolean", - "default": false + "spec": { + "description": "spec represents a desired deployment state and how to deploy to it.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentConfigSpec" }, - "version": { - "description": "version is a semantic version identifying the update version. If the requested image does not define a version, or if a failure occurs retrieving the image, this value may be empty.", - "type": "string", - "default": "" + "status": { + "description": "status represents the current deployment state.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentConfigStatus" } } }, - "com.github.openshift.api.config.v1.UsernameClaimMapping": { + "com.github.openshift.api.apps.v1.DeploymentConfigList": { + "description": "DeploymentConfigList is a collection of deployment configs.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "claim" + "items" ], "properties": { - "claim": { - "description": "claim is a required field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping.\n\nclaim must not be an empty string (\"\") and must not exceed 256 characters.", - "type": "string", - "default": "" - }, - "prefix": { - "description": "prefix configures the prefix that should be prepended to the value of the JWT claim.\n\nprefix must be set when prefixPolicy is set to 'Prefix' and must be unset otherwise.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.UsernamePrefix" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "prefixPolicy": { - "description": "prefixPolicy is an optional field that configures how a prefix should be applied to the value of the JWT claim specified in the 'claim' field.\n\nAllowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string).\n\nWhen set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim.\n\nThe prefix field must be set when prefixPolicy is 'Prefix'.\n\nWhen set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim.\n\nWhen omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'.\n\nAs an example, consider the following scenario:\n\n `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`,\n the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\",\n and `claim` is set to:\n - \"username\": the mapped value will be \"https://myoidc.tld#userA\"\n - \"email\": the mapped value will be \"userA@myoidc.tld\"", - "type": "string", - "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "prefixPolicy", - "fields-to-discriminateBy": { - "claim": "Claim", - "prefix": "Prefix" + "items": { + "description": "items is a list of deployment configs", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentConfig" } - } - ] - }, - "com.github.openshift.api.config.v1.UsernamePrefix": { - "description": "UsernamePrefix configures the string that should be used as a prefix for username claim mappings.", - "type": "object", - "required": [ - "prefixString" - ], - "properties": { - "prefixString": { - "description": "prefixString is a required field that configures the prefix that will be applied to cluster identity username attribute during the process of mapping JWT claims to cluster identity attributes.\n\nprefixString must not be an empty string (\"\").", - "type": "string", - "default": "" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1.VSphereFailureDomainHostGroup": { - "description": "VSphereFailureDomainHostGroup holds the vmGroup and the hostGroup names in vCenter corresponds to a vm-host group of type Virtual Machine and Host respectively. Is also contains the vmHostRule which is an affinity vm-host rule in vCenter.", + "com.github.openshift.api.apps.v1.DeploymentConfigRollback": { + "description": "DeploymentConfigRollback provides the input to rollback generation.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "vmGroup", - "hostGroup", - "vmHostRule" + "name", + "spec" ], "properties": { - "hostGroup": { - "description": "hostGroup is the name of the vm-host group of type host within vCenter for this failure domain. hostGroup is limited to 80 characters. This field is required when the VSphereFailureDomain ZoneType is HostGroup", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "vmGroup": { - "description": "vmGroup is the name of the vm-host group of type virtual machine within vCenter for this failure domain. vmGroup is limited to 80 characters. This field is required when the VSphereFailureDomain ZoneType is HostGroup", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "vmHostRule": { - "description": "vmHostRule is the name of the affinity vm-host rule within vCenter for this failure domain. vmHostRule is limited to 80 characters. This field is required when the VSphereFailureDomain ZoneType is HostGroup", + "name": { + "description": "name of the deployment config that will be rolled back.", "type": "string", "default": "" + }, + "spec": { + "description": "spec defines the options to rollback generation.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentConfigRollbackSpec" + }, + "updatedAnnotations": { + "description": "updatedAnnotations is a set of new annotations that will be added in the deployment config.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.config.v1.VSphereFailureDomainRegionAffinity": { - "description": "VSphereFailureDomainRegionAffinity contains the region type which is the string representation of the VSphereFailureDomainRegionType with available options of Datacenter and ComputeCluster.", - "type": "object", - "required": [ - "type" - ], - "properties": { - "type": { - "description": "type determines the vSphere object type for a region within this failure domain. Available types are Datacenter and ComputeCluster. When set to Datacenter, this means the vCenter Datacenter defined is the region. When set to ComputeCluster, this means the vCenter cluster defined is the region.\n\nPossible enum values:\n - `\"ComputeCluster\"` is a failure domain region for a vCenter compute cluster.\n - `\"Datacenter\"` is a failure domain region for a vCenter datacenter.", - "type": "string", - "default": "", - "enum": [ - "ComputeCluster", - "Datacenter" - ] - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": {} - } - ] - }, - "com.github.openshift.api.config.v1.VSphereFailureDomainZoneAffinity": { - "description": "VSphereFailureDomainZoneAffinity contains the vCenter cluster vm-host group (virtual machine and host types) and the vm-host affinity rule that together creates an affinity configuration for vm-host based zonal. This configuration within vCenter creates the required association between a failure domain, virtual machines and ESXi hosts to create a vm-host based zone.", + "com.github.openshift.api.apps.v1.DeploymentConfigRollbackSpec": { + "description": "DeploymentConfigRollbackSpec represents the options for rollback generation.", "type": "object", "required": [ - "type" + "from", + "includeTriggers", + "includeTemplate", + "includeReplicationMeta", + "includeStrategy" ], "properties": { - "hostGroup": { - "description": "hostGroup holds the vmGroup and the hostGroup names in vCenter corresponds to a vm-host group of type Virtual Machine and Host respectively. Is also contains the vmHostRule which is an affinity vm-host rule in vCenter.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.VSphereFailureDomainHostGroup" + "from": { + "description": "from points to a ReplicationController which is a deployment.", + "default": {}, + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" }, - "type": { - "description": "type determines the vSphere object type for a zone within this failure domain. Available types are ComputeCluster and HostGroup. When set to ComputeCluster, this means the vCenter cluster defined is the zone. When set to HostGroup, hostGroup must be configured with hostGroup, vmGroup and vmHostRule and this means the zone is defined by the grouping of those fields.\n\nPossible enum values:\n - `\"ComputeCluster\"` is a failure domain zone for a vCenter compute cluster.\n - `\"HostGroup\"` is a failure domain zone for a vCenter vm-host group.", - "type": "string", - "default": "", - "enum": [ - "ComputeCluster", - "HostGroup" - ] - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "hostGroup": "HostGroup" - } + "includeReplicationMeta": { + "description": "includeReplicationMeta specifies whether to include the replica count and selector.", + "type": "boolean", + "default": false + }, + "includeStrategy": { + "description": "includeStrategy specifies whether to include the deployment Strategy.", + "type": "boolean", + "default": false + }, + "includeTemplate": { + "description": "includeTemplate specifies whether to include the PodTemplateSpec.", + "type": "boolean", + "default": false + }, + "includeTriggers": { + "description": "includeTriggers specifies whether to include config Triggers.", + "type": "boolean", + "default": false + }, + "revision": { + "description": "revision to rollback to. If set to 0, rollback to the last revision.", + "type": "integer", + "format": "int64" } - ] + } }, - "com.github.openshift.api.config.v1.VSpherePlatformFailureDomainSpec": { - "description": "VSpherePlatformFailureDomainSpec holds the region and zone failure domain and the vCenter topology of that failure domain.", + "com.github.openshift.api.apps.v1.DeploymentConfigSpec": { + "description": "DeploymentConfigSpec represents the desired state of the deployment.", "type": "object", - "required": [ - "name", - "region", - "zone", - "server", - "topology" - ], "properties": { - "name": { - "description": "name defines the arbitrary but unique name of a failure domain.", - "type": "string", - "default": "" + "minReadySeconds": { + "description": "minReadySeconds is the minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)", + "type": "integer", + "format": "int32" }, - "region": { - "description": "region defines the name of a region tag that will be attached to a vCenter datacenter. The tag category in vCenter must be named openshift-region.", - "type": "string", - "default": "" + "paused": { + "description": "paused indicates that the deployment config is paused resulting in no new deployments on template changes or changes in the template caused by other triggers.", + "type": "boolean" }, - "regionAffinity": { - "description": "regionAffinity holds the type of region, Datacenter or ComputeCluster. When set to Datacenter, this means the region is a vCenter Datacenter as defined in topology. When set to ComputeCluster, this means the region is a vCenter Cluster as defined in topology.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.VSphereFailureDomainRegionAffinity" + "replicas": { + "description": "replicas is the number of desired replicas.", + "type": "integer", + "format": "int32", + "default": 0 }, - "server": { - "description": "server is the fully-qualified domain name or the IP address of the vCenter server.", - "type": "string", - "default": "" + "revisionHistoryLimit": { + "description": "revisionHistoryLimit is the number of old ReplicationControllers to retain to allow for rollbacks. This field is a pointer to allow for differentiation between an explicit zero and not specified. Defaults to 10. (This only applies to DeploymentConfigs created via the new group API resource, not the legacy resource.)", + "type": "integer", + "format": "int32" }, - "topology": { - "description": "topology describes a given failure domain using vSphere constructs", + "selector": { + "description": "selector is a label query over pods that should match the Replicas count.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "strategy": { + "description": "strategy describes how a deployment is executed.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformTopology" + "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentStrategy" }, - "zone": { - "description": "zone defines the name of a zone tag that will be attached to a vCenter cluster. The tag category in vCenter must be named openshift-zone.", - "type": "string", - "default": "" + "template": { + "description": "template is the object that describes the pod that will be created if insufficient replicas are detected.", + "$ref": "#/definitions/PodTemplateSpec.v1.core.api.k8s.io" }, - "zoneAffinity": { - "description": "zoneAffinity holds the type of the zone and the hostGroup which vmGroup and the hostGroup names in vCenter corresponds to a vm-host group of type Virtual Machine and Host respectively. Is also contains the vmHostRule which is an affinity vm-host rule in vCenter.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.VSphereFailureDomainZoneAffinity" + "test": { + "description": "test ensures that this deployment config will have zero replicas except while a deployment is running. This allows the deployment config to be used as a continuous deployment test - triggering on images, running the deployment, and then succeeding or failing. Post strategy hooks and After actions can be used to integrate successful deployment with an action.", + "type": "boolean", + "default": false + }, + "triggers": { + "description": "triggers determine how updates to a DeploymentConfig result in new deployments. If no triggers are defined, a new deployment can only occur as a result of an explicit client update to the DeploymentConfig with a new LatestVersion. If null, defaults to having a config change trigger.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentTriggerPolicy" + } } } }, - "com.github.openshift.api.config.v1.VSpherePlatformLoadBalancer": { - "description": "VSpherePlatformLoadBalancer defines the load balancer used by the cluster on VSphere platform.", + "com.github.openshift.api.apps.v1.DeploymentConfigStatus": { + "description": "DeploymentConfigStatus represents the current deployment state.", "type": "object", "properties": { - "type": { - "description": "type defines the type of load balancer used by the cluster on VSphere platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", - "type": "string", - "default": "OpenShiftManagedDefault" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": {} + "availableReplicas": { + "description": "availableReplicas is the total number of available pods targeted by this deployment config.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "conditions": { + "description": "conditions represents the latest available observations of a deployment config's current state.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentCondition" + }, + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" + }, + "details": { + "description": "details are the reasons for the update to this deployment config. This could be based on a change made by the user or caused by an automatic trigger", + "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentDetails" + }, + "latestVersion": { + "description": "latestVersion is used to determine whether the current deployment associated with a deployment config is out of sync.", + "type": "integer", + "format": "int64", + "default": 0 + }, + "observedGeneration": { + "description": "observedGeneration is the most recent generation observed by the deployment config controller.", + "type": "integer", + "format": "int64", + "default": 0 + }, + "readyReplicas": { + "description": "Total number of ready pods targeted by this deployment.", + "type": "integer", + "format": "int32" + }, + "replicas": { + "description": "replicas is the total number of pods targeted by this deployment config.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "unavailableReplicas": { + "description": "unavailableReplicas is the total number of unavailable pods targeted by this deployment config.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "updatedReplicas": { + "description": "updatedReplicas is the total number of non-terminated pods targeted by this deployment config that have the desired template spec.", + "type": "integer", + "format": "int32", + "default": 0 } - ] + } }, - "com.github.openshift.api.config.v1.VSpherePlatformNodeNetworking": { - "description": "VSpherePlatformNodeNetworking holds the external and internal node networking spec.", + "com.github.openshift.api.apps.v1.DeploymentDetails": { + "description": "DeploymentDetails captures information about the causes of a deployment.", "type": "object", + "required": [ + "causes" + ], "properties": { - "external": { - "description": "external represents the network configuration of the node that is externally routable.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformNodeNetworkingSpec" + "causes": { + "description": "causes are extended data associated with all the causes for creating a new deployment", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentCause" + } }, - "internal": { - "description": "internal represents the network configuration of the node that is routable only within the cluster.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformNodeNetworkingSpec" + "message": { + "description": "message is the user specified change message, if this deployment was triggered manually by the user", + "type": "string" } } }, - "com.github.openshift.api.config.v1.VSpherePlatformNodeNetworkingSpec": { - "description": "VSpherePlatformNodeNetworkingSpec holds the network CIDR(s) and port group name for including and excluding IP ranges in the cloud provider. This would be used for example when multiple network adapters are attached to a guest to help determine which IP address the cloud config manager should use for the external and internal node networking.", + "com.github.openshift.api.apps.v1.DeploymentLog": { + "description": "DeploymentLog represents the logs for a deployment\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "properties": { - "excludeNetworkSubnetCidr": { - "description": "excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting the IP address from the VirtualMachine's VM for use in the status.addresses fields.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "network": { - "description": "network VirtualMachine's VM Network names that will be used to when searching for status.addresses fields. Note that if internal.networkSubnetCIDR and external.networkSubnetCIDR are not set, then the vNIC associated to this network must only have a single IP address assigned to it. The available networks (port groups) can be listed using `govc ls 'network/*'`", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "networkSubnetCidr": { - "description": "networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs that will be used in respective status.addresses fields.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" } } }, - "com.github.openshift.api.config.v1.VSpherePlatformSpec": { - "description": "VSpherePlatformSpec holds the desired state of the vSphere infrastructure provider. In the future the cloud provider operator, storage operator and machine operator will use these fields for configuration.", + "com.github.openshift.api.apps.v1.DeploymentLogOptions": { + "description": "DeploymentLogOptions is the REST options for a deployment log\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "properties": { - "apiServerInternalIPs": { - "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "failureDomains": { - "description": "failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformFailureDomainSpec" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "container": { + "description": "The container for which to stream logs. Defaults to only container if there is one container in the pod.", + "type": "string" }, - "ingressIPs": { - "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "follow": { + "description": "follow if true indicates that the build log should be streamed until the build terminates.", + "type": "boolean" }, - "machineNetworks": { - "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example \"10.0.0.0/8\" or \"fd00::/8\".", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "nodeNetworking": { - "description": "nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformNodeNetworking" + "limitBytes": { + "description": "If set, the number of bytes to read from the server before terminating the log output. This may not display a complete final line of logging, and may return slightly more or slightly less than the specified limit.", + "type": "integer", + "format": "int64" }, - "vcenters": { - "description": "vcenters holds the connection details for services to communicate with vCenter. Currently, only a single vCenter is supported, but in tech preview 3 vCenters are supported. Once the cluster has been installed, you are unable to change the current number of defined vCenters except in the case where the cluster has been upgraded from a version of OpenShift where the vsphere platform spec was not present. You may make modifications to the existing vCenters that are defined in the vcenters list in order to match with any added or modified failure domains.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformVCenterSpec" - }, - "x-kubernetes-list-type": "atomic" + "nowait": { + "description": "nowait if true causes the call to return immediately even if the deployment is not available yet. Otherwise the server will wait until the deployment has started.", + "type": "boolean" + }, + "previous": { + "description": "Return previous deployment logs. Defaults to false.", + "type": "boolean" + }, + "sinceSeconds": { + "description": "A relative time in seconds before the current time from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", + "type": "integer", + "format": "int64" + }, + "sinceTime": { + "description": "An RFC3339 timestamp from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "tailLines": { + "description": "If set, the number of lines from the end of the logs to show. If not specified, logs are shown from the creation of the container or sinceSeconds or sinceTime", + "type": "integer", + "format": "int64" + }, + "timestamps": { + "description": "If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line of log output. Defaults to false.", + "type": "boolean" + }, + "version": { + "description": "version of the deployment for which to view logs.", + "type": "integer", + "format": "int64" } } }, - "com.github.openshift.api.config.v1.VSpherePlatformStatus": { - "description": "VSpherePlatformStatus holds the current status of the vSphere infrastructure provider.", + "com.github.openshift.api.apps.v1.DeploymentRequest": { + "description": "DeploymentRequest is a request to a deployment config for a new deployment.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "apiServerInternalIPs", - "ingressIPs" + "name", + "latest", + "force" ], "properties": { - "apiServerInternalIP": { - "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "apiServerInternalIPs": { - "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", + "excludeTriggers": { + "description": "excludeTriggers instructs the instantiator to avoid processing the specified triggers. This field overrides the triggers from latest and allows clients to control specific logic. This field is ignored if not specified.", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } }, - "dnsRecordsType": { - "description": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.\n\nPossible enum values:\n - `\"External\"`\n - `\"Internal\"`", - "type": "string", - "enum": [ - "External", - "Internal" - ] + "force": { + "description": "force will try to force a new deployment to run. If the deployment config is paused, then setting this to true will return an Invalid error.", + "type": "boolean", + "default": false }, - "ingressIP": { - "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "ingressIPs": { - "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "loadBalancer": { - "description": "loadBalancer defines how the load balancer used by the cluster is configured.", - "default": { - "type": "OpenShiftManagedDefault" - }, - "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformLoadBalancer" - }, - "machineNetworks": { - "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "latest": { + "description": "latest will update the deployment config with the latest state from all triggers.", + "type": "boolean", + "default": false }, - "nodeDNSIP": { - "description": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", - "type": "string" + "name": { + "description": "name of the deployment config for requesting a new deployment.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1.VSpherePlatformTopology": { - "description": "VSpherePlatformTopology holds the required and optional vCenter objects - datacenter, computeCluster, networks, datastore and resourcePool - to provision virtual machines.", + "com.github.openshift.api.apps.v1.DeploymentStrategy": { + "description": "DeploymentStrategy describes how to perform a deployment.", "type": "object", - "required": [ - "datacenter", - "computeCluster", - "networks", - "datastore" - ], "properties": { - "computeCluster": { - "description": "computeCluster the absolute path of the vCenter cluster in which virtual machine will be located. The absolute path is of the form //host/. The maximum length of the path is 2048 characters.", - "type": "string", - "default": "" - }, - "datacenter": { - "description": "datacenter is the name of vCenter datacenter in which virtual machines will be located. The maximum length of the datacenter name is 80 characters.", - "type": "string", - "default": "" + "activeDeadlineSeconds": { + "description": "activeDeadlineSeconds is the duration in seconds that the deployer pods for this deployment config may be active on a node before the system actively tries to terminate them.", + "type": "integer", + "format": "int64" }, - "datastore": { - "description": "datastore is the absolute path of the datastore in which the virtual machine is located. The absolute path is of the form //datastore/ The maximum length of the path is 2048 characters.", - "type": "string", - "default": "" + "annotations": { + "description": "annotations is a set of key, value pairs added to custom deployer and lifecycle pre/post hook pods.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } }, - "folder": { - "description": "folder is the absolute path of the folder where virtual machines are located. The absolute path is of the form //vm/. The maximum length of the path is 2048 characters.", - "type": "string" + "customParams": { + "description": "customParams are the input to the Custom deployment strategy, and may also be specified for the Recreate and Rolling strategies to customize the execution process that runs the deployment.", + "$ref": "#/definitions/com.github.openshift.api.apps.v1.CustomDeploymentStrategyParams" }, - "networks": { - "description": "networks is the list of port group network names within this failure domain. If feature gate VSphereMultiNetworks is enabled, up to 10 network adapters may be defined. 10 is the maximum number of virtual network devices which may be attached to a VM as defined by: https://configmax.esp.vmware.com/guest?vmwareproduct=vSphere&release=vSphere%208.0&categories=1-0 The available networks (port groups) can be listed using `govc ls 'network/*'` Networks should be in the form of an absolute path: //network/.", - "type": "array", - "items": { + "labels": { + "description": "labels is a set of key, value pairs added to custom deployer and lifecycle pre/post hook pods.", + "type": "object", + "additionalProperties": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } }, - "resourcePool": { - "description": "resourcePool is the absolute path of the resource pool where virtual machines will be created. The absolute path is of the form //host//Resources/. The maximum length of the path is 2048 characters.", - "type": "string" + "recreateParams": { + "description": "recreateParams are the input to the Recreate deployment strategy.", + "$ref": "#/definitions/com.github.openshift.api.apps.v1.RecreateDeploymentStrategyParams" }, - "template": { - "description": "template is the full inventory path of the virtual machine or template that will be cloned when creating new machines in this failure domain. The maximum length of the path is 2048 characters.\n\nWhen omitted, the template will be calculated by the control plane machineset operator based on the region and zone defined in VSpherePlatformFailureDomainSpec. For example, for zone=zonea, region=region1, and infrastructure name=test, the template path would be calculated as //vm/test-rhcos-region1-zonea.", + "resources": { + "description": "resources contains resource requirements to execute the deployment and any hooks.", + "default": {}, + "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" + }, + "rollingParams": { + "description": "rollingParams are the input to the Rolling deployment strategy.", + "$ref": "#/definitions/com.github.openshift.api.apps.v1.RollingDeploymentStrategyParams" + }, + "type": { + "description": "type is the name of a deployment strategy.", "type": "string" } } }, - "com.github.openshift.api.config.v1.VSpherePlatformVCenterSpec": { - "description": "VSpherePlatformVCenterSpec stores the vCenter connection fields. This is used by the vSphere CCM.", + "com.github.openshift.api.apps.v1.DeploymentTriggerImageChangeParams": { + "description": "DeploymentTriggerImageChangeParams represents the parameters to the ImageChange trigger.", "type": "object", "required": [ - "server", - "datacenters" + "from" ], "properties": { - "datacenters": { - "description": "The vCenter Datacenters in which the RHCOS vm guests are located. This field will be used by the Cloud Controller Manager. Each datacenter listed here should be used within a topology.", + "automatic": { + "description": "automatic means that the detection of a new tag value should result in an image update inside the pod template.", + "type": "boolean" + }, + "containerNames": { + "description": "containerNames is used to restrict tag updates to the specified set of container names in a pod. If multiple triggers point to the same containers, the resulting behavior is undefined. Future API versions will make this a validation error. If ContainerNames does not point to a valid container, the trigger will be ignored. Future API versions will make this a validation error.", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "set" - }, - "port": { - "description": "port is the TCP port that will be used to communicate to the vCenter endpoint. When omitted, this means the user has no opinion and it is up to the platform to choose a sensible default, which is subject to change over time.", - "type": "integer", - "format": "int32" + } }, - "server": { - "description": "server is the fully-qualified domain name or the IP address of the vCenter server.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.config.v1.WebhookTokenAuthenticator": { - "description": "webhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator", - "type": "object", - "required": [ - "kubeConfig" - ], - "properties": { - "kubeConfig": { - "description": "kubeConfig references a secret that contains kube config file data which describes how to access the remote webhook service. The namespace for the referenced secret is openshift-config.\n\nFor further details, see:\n\nhttps://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication\n\nThe key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored.", + "from": { + "description": "from is a reference to an image stream tag to watch for changes. From.Name is the only required subfield - if From.Namespace is blank, the namespace of the current deployment trigger will be used.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + }, + "lastTriggeredImage": { + "description": "lastTriggeredImage is the last image to be triggered.", + "type": "string" } } }, - "com.github.openshift.api.config.v1alpha1.AlertmanagerConfig": { - "description": "alertmanagerConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", + "com.github.openshift.api.apps.v1.DeploymentTriggerPolicy": { + "description": "DeploymentTriggerPolicy describes a policy for a single trigger that results in a new deployment.", "type": "object", - "required": [ - "deploymentMode" - ], "properties": { - "customConfig": { - "description": "customConfig must be set when deploymentMode is CustomConfig, and must be unset otherwise. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.AlertmanagerCustomConfig" + "imageChangeParams": { + "description": "imageChangeParams represents the parameters for the ImageChange trigger.", + "$ref": "#/definitions/com.github.openshift.api.apps.v1.DeploymentTriggerImageChangeParams" }, - "deploymentMode": { - "description": "deploymentMode determines whether the default Alertmanager instance should be deployed as part of the monitoring stack. Allowed values are Disabled, DefaultConfig, and CustomConfig. When set to Disabled, the Alertmanager instance will not be deployed. When set to DefaultConfig, the platform will deploy Alertmanager with default settings. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", + "type": { + "description": "type of the trigger", "type": "string" } } }, - "com.github.openshift.api.config.v1alpha1.AlertmanagerCustomConfig": { - "description": "AlertmanagerCustomConfig represents the configuration for a custom Alertmanager deployment. alertmanagerCustomConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", + "com.github.openshift.api.apps.v1.ExecNewPodHook": { + "description": "ExecNewPodHook is a hook implementation which runs a command in a new pod based on the specified container which is assumed to be part of the deployment template.", "type": "object", + "required": [ + "command", + "containerName" + ], "properties": { - "logLevel": { - "description": "logLevel defines the verbosity of logs emitted by Alertmanager. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", - "type": "string" - }, - "nodeSelector": { - "description": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", - "type": "object", - "additionalProperties": { + "command": { + "description": "command is the action command and its arguments.", + "type": "array", + "items": { "type": "string", "default": "" } }, - "resources": { - "description": "resources defines the compute resource requests and limits for the Alertmanager container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", + "containerName": { + "description": "containerName is the name of a container in the deployment pod template whose container image will be used for the hook pod's container.", + "type": "string", + "default": "" + }, + "env": { + "description": "env is a set of environment variables to supply to the hook pod's container.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" + } }, - "secrets": { - "description": "secrets defines a list of secrets that need to be mounted into the Alertmanager. The secrets must reside within the same namespace as the Alertmanager object. They will be added as volumes named secret- and mounted at /etc/alertmanager/secrets/ within the 'alertmanager' container of the Alertmanager Pods.\n\nThese secrets can be used to authenticate Alertmanager with endpoint receivers. For example, you can use secrets to: - Provide certificates for TLS authentication with receivers that require private CA certificates - Store credentials for Basic HTTP authentication with receivers that require password-based auth - Store any other authentication credentials needed by your alert receivers\n\nThis field is optional. Maximum length for this list is 10. Minimum length for this list is 1. Entries in this list must be unique.", + "volumes": { + "description": "volumes is a list of named volumes from the pod template which should be copied to the hook pod. Volumes names not found in pod spec are ignored. An empty list means no volumes will be copied.", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "set" + } + } + } + }, + "com.github.openshift.api.apps.v1.LifecycleHook": { + "description": "LifecycleHook defines a specific deployment lifecycle action. Only one type of action may be specified at any time.", + "type": "object", + "required": [ + "failurePolicy" + ], + "properties": { + "execNewPod": { + "description": "execNewPod specifies the options for a lifecycle hook backed by a pod.", + "$ref": "#/definitions/com.github.openshift.api.apps.v1.ExecNewPodHook" }, - "tolerations": { - "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" - }, - "x-kubernetes-list-type": "atomic" + "failurePolicy": { + "description": "failurePolicy specifies what action to take if the hook fails.", + "type": "string", + "default": "" }, - "topologySpreadConstraints": { - "description": "topologySpreadConstraints defines rules for how Alertmanager Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "tagImages": { + "description": "tagImages instructs the deployer to tag the current image referenced under a container onto an image stream tag.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint" - }, - "x-kubernetes-list-map-keys": [ - "topologyKey", - "whenUnsatisfiable" - ], - "x-kubernetes-list-type": "map" - }, - "volumeClaimTemplate": { - "description": "volumeClaimTemplate Defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class, volume size, and name. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts. This field is optional.", - "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaim" + "$ref": "#/definitions/com.github.openshift.api.apps.v1.TagImageHook" + } } } }, - "com.github.openshift.api.config.v1alpha1.Audit": { - "description": "Audit profile configurations", + "com.github.openshift.api.apps.v1.RecreateDeploymentStrategyParams": { + "description": "RecreateDeploymentStrategyParams are the input to the Recreate deployment strategy.", "type": "object", - "required": [ - "profile" - ], "properties": { - "profile": { - "description": "profile is a required field for configuring the audit log level of the Kubernetes Metrics Server. Allowed values are None, Metadata, Request, or RequestResponse. When set to None, audit logging is disabled and no audit events are recorded. When set to Metadata, only request metadata (such as requesting user, timestamp, resource, verb, etc.) is logged, but not the request or response body. When set to Request, event metadata and the request body are logged, but not the response body. When set to RequestResponse, event metadata, request body, and response body are all logged, providing the most detailed audit information.\n\nSee: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#audit-policy for more information about auditing and log levels.", - "type": "string" + "mid": { + "description": "mid is a lifecycle hook which is executed while the deployment is scaled down to zero before the first new pod is created. All LifecycleHookFailurePolicy values are supported.", + "$ref": "#/definitions/com.github.openshift.api.apps.v1.LifecycleHook" + }, + "post": { + "description": "post is a lifecycle hook which is executed after the strategy has finished all deployment logic. All LifecycleHookFailurePolicy values are supported.", + "$ref": "#/definitions/com.github.openshift.api.apps.v1.LifecycleHook" + }, + "pre": { + "description": "pre is a lifecycle hook which is executed before the strategy manipulates the deployment. All LifecycleHookFailurePolicy values are supported.", + "$ref": "#/definitions/com.github.openshift.api.apps.v1.LifecycleHook" + }, + "timeoutSeconds": { + "description": "timeoutSeconds is the time to wait for updates before giving up. If the value is nil, a default will be used.", + "type": "integer", + "format": "int64" } } }, - "com.github.openshift.api.config.v1alpha1.Backup": { - "description": "Backup provides configuration for performing backups of the openshift cluster.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.apps.v1.RollingDeploymentStrategyParams": { + "description": "RollingDeploymentStrategyParams are the input to the Rolling deployment strategy.", "type": "object", - "required": [ - "spec" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "intervalSeconds": { + "description": "intervalSeconds is the time to wait between polling deployment status after update. If the value is nil, a default will be used.", + "type": "integer", + "format": "int64" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "maxSurge": { + "description": "maxSurge is the maximum number of pods that can be scheduled above the original number of pods. Value can be an absolute number (ex: 5) or a percentage of total pods at the start of the update (ex: 10%). Absolute number is calculated from percentage by rounding up.\n\nThis cannot be 0 if MaxUnavailable is 0. By default, 25% is used.\n\nExample: when this is set to 30%, the new RC can be scaled up by 30% immediately when the rolling update starts. Once old pods have been killed, new RC can be scaled up further, ensuring that total number of pods running at any time during the update is atmost 130% of original pods.", + "$ref": "#/definitions/IntOrString.intstr.util.pkg.apimachinery.k8s.io" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "maxUnavailable": { + "description": "maxUnavailable is the maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of total pods at the start of update (ex: 10%). Absolute number is calculated from percentage by rounding down.\n\nThis cannot be 0 if MaxSurge is 0. By default, 25% is used.\n\nExample: when this is set to 30%, the old RC can be scaled down by 30% immediately when the rolling update starts. Once new pods are ready, old RC can be scaled down further, followed by scaling up the new RC, ensuring that at least 70% of original number of pods are available at all times during the update.", + "$ref": "#/definitions/IntOrString.intstr.util.pkg.apimachinery.k8s.io" }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.BackupSpec" + "post": { + "description": "post is a lifecycle hook which is executed after the strategy has finished all deployment logic. All LifecycleHookFailurePolicy values are supported.", + "$ref": "#/definitions/com.github.openshift.api.apps.v1.LifecycleHook" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.BackupStatus" + "pre": { + "description": "pre is a lifecycle hook which is executed before the deployment process begins. All LifecycleHookFailurePolicy values are supported.", + "$ref": "#/definitions/com.github.openshift.api.apps.v1.LifecycleHook" + }, + "timeoutSeconds": { + "description": "timeoutSeconds is the time to wait for updates before giving up. If the value is nil, a default will be used.", + "type": "integer", + "format": "int64" + }, + "updatePeriodSeconds": { + "description": "updatePeriodSeconds is the time to wait between individual pod updates. If the value is nil, a default will be used.", + "type": "integer", + "format": "int64" } } }, - "com.github.openshift.api.config.v1alpha1.BackupList": { - "description": "BackupList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.apps.v1.TagImageHook": { + "description": "TagImageHook is a request to tag the image in a particular container onto an ImageStreamTag.", "type": "object", "required": [ - "metadata", - "items" + "containerName", + "to" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Backup" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "containerName": { + "description": "containerName is the name of a container in the deployment config whose image value will be used as the source of the tag. If there is only a single container this value will be defaulted to the name of that container.", + "type": "string", + "default": "" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "to": { + "description": "to is the target ImageStreamTag to set the container's image onto.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.config.v1alpha1.BackupSpec": { + "com.github.openshift.api.authorization.v1.Action": { + "description": "Action describes a request to the API server", "type": "object", "required": [ - "etcd" + "namespace", + "verb", + "resourceAPIGroup", + "resourceAPIVersion", + "resource", + "resourceName", + "path", + "isNonResourceURL" ], "properties": { - "etcd": { - "description": "etcd specifies the configuration for periodic backups of the etcd cluster", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.EtcdBackupSpec" + "content": { + "description": "content is the actual content of the request for create and update", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + }, + "isNonResourceURL": { + "description": "isNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hierarchy)", + "type": "boolean", + "default": false + }, + "namespace": { + "description": "namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces", + "type": "string", + "default": "" + }, + "path": { + "description": "path is the path of a non resource URL", + "type": "string", + "default": "" + }, + "resource": { + "description": "resource is one of the existing resource types", + "type": "string", + "default": "" + }, + "resourceAPIGroup": { + "description": "Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined", + "type": "string", + "default": "" + }, + "resourceAPIVersion": { + "description": "Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined", + "type": "string", + "default": "" + }, + "resourceName": { + "description": "resourceName is the name of the resource being requested for a \"get\" or deleted for a \"delete\"", + "type": "string", + "default": "" + }, + "verb": { + "description": "verb is one of: get, list, watch, create, update, delete", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1alpha1.BackupStatus": { - "type": "object" - }, - "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfig": { - "description": "CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is \"cluster\". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.authorization.v1.ClusterRole": { + "description": "ClusterRole is a logical grouping of PolicyRules that can be referenced as a unit by ClusterRoleBindings.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "spec" + "rules" ], "properties": { + "aggregationRule": { + "description": "aggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller.", + "$ref": "#/definitions/AggregationRule.v1.rbac.api.k8s.io" + }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" @@ -12371,36 +12851,36 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec defines the desired configuration of the CRI-O Credential Provider. This field is required and must be provided when creating the resource.", - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigSpec" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "status": { - "description": "status represents the current state of the CRIOCredentialProviderConfig. When omitted or nil, it indicates that the status has not yet been set by the controller. The controller will populate this field with validation conditions and operational state.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigStatus" + "rules": { + "description": "rules holds all the PolicyRules for this ClusterRole", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.PolicyRule" + } } } }, - "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigList": { - "description": "CRIOCredentialProviderConfigList contains a list of CRIOCredentialProviderConfig resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.authorization.v1.ClusterRoleBinding": { + "description": "ClusterRoleBinding references a ClusterRole, but not contain it. It can reference any ClusterRole in the same namespace or in the global namespace. It adds who information via (Users and Groups) OR Subjects and namespace information by which namespace it exists in. ClusterRoleBindings in a given namespace only have effect in that namespace (excepting the master namespace which has power in all namespaces).\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "metadata", - "items" + "subjects", + "roleRef" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { + "groupNames": { + "description": "groupNames holds all the groups directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfig" + "type": "string", + "default": "" } }, "kind": { @@ -12408,82 +12888,67 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigSpec": { - "description": "CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider.", - "type": "object", - "properties": { - "matchImages": { - "description": "matchImages is a list of string patterns used to determine whether the CRI-O credential provider should be invoked for a given image. This list is passed to the kubelet CredentialProviderConfig, and if any pattern matches the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling that image or its mirrors. Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider. Conflicts between the existing platform specific provider image match configuration and this list will be handled by the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those from the CRIOCredentialProviderConfig when both match the same image. To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml). You can check the resource's Status conditions to see if any entries were ignored due to exact matches with known built-in provider patterns.\n\nThis field is optional, the items of the list must contain between 1 and 50 entries. The list is treated as a set, so duplicate entries are not allowed.\n\nFor more details, see: https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/ https://github.com/cri-o/crio-credential-provider#architecture\n\nEach entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters. Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io', and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net'). A global wildcard '*' (matching any domain) is not allowed. Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path. For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not. Each wildcard matches only a single domain label, so '*.io' does **not** match '*.k8s.io'.\n\nA match exists between an image and a matchImage when all of the below are true: Both contain the same number of domain parts and each part matches. The URL path of an matchImages must be a prefix of the target image URL path. If the matchImages contains a port, then the port must match in the image as well.\n\nExample values of matchImages: - 123456789.dkr.ecr.us-east-1.amazonaws.com - *.azurecr.io - gcr.io - *.*.registry.io - registry.io:8080/path", + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "roleRef": { + "description": "roleRef can only reference the current namespace and the global namespace. If the ClusterRoleRef cannot be resolved, the Authorizer must return an error. Since Policy is a singleton, this is sufficient knowledge to locate a role.", + "default": {}, + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + }, + "subjects": { + "description": "subjects hold object references to authorize with this rule. This field is ignored if UserNames or GroupNames are specified to support legacy clients and servers. Thus newer clients that do not need to support backwards compatibility should send only fully qualified Subjects and should omit the UserNames and GroupNames fields. Clients that need to support backwards compatibility can use this field to build the UserNames and GroupNames.", "type": "array", "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" - } - } - }, - "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigStatus": { - "description": "CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig", - "type": "object", - "properties": { - "conditions": { - "description": "conditions represent the latest available observations of the configuration state. When omitted, it indicates that no conditions have been reported yet. The maximum number of conditions is 16. Conditions are stored as a map keyed by condition type, ensuring uniqueness.\n\nExpected condition types include: \"Validated\": indicates whether the matchImages configuration is valid", + "default": {}, + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + } + }, + "userNames": { + "description": "userNames holds all the usernames directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.config.v1alpha1.ClusterImagePolicy": { - "description": "ClusterImagePolicy holds cluster-wide configuration for image signature verification\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.authorization.v1.ClusterRoleBindingList": { + "description": "ClusterRoleBindingList is a collection of ClusterRoleBindings\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "spec" + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "description": "items is a list of ClusterRoleBindings", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.ClusterRoleBinding" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec contains the configuration for the cluster image policy.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ClusterImagePolicySpec" - }, - "status": { - "description": "status contains the observed state of the resource.", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ClusterImagePolicyStatus" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1alpha1.ClusterImagePolicyList": { - "description": "ClusterImagePolicyList is a list of ClusterImagePolicy resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.authorization.v1.ClusterRoleList": { + "description": "ClusterRoleList is a collection of ClusterRoles\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -12492,10 +12957,11 @@ "type": "string" }, "items": { + "description": "items is a list of ClusterRoles", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ClusterImagePolicy" + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.ClusterRole" } }, "kind": { @@ -12505,220 +12971,381 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1alpha1.ClusterImagePolicySpec": { - "description": "CLusterImagePolicySpec is the specification of the ClusterImagePolicy custom resource.", + "com.github.openshift.api.authorization.v1.GroupRestriction": { + "description": "GroupRestriction matches a group either by a string match on the group name or a label selector applied to group labels.", "type": "object", "required": [ - "scopes", - "policy" + "groups", + "labels" ], "properties": { - "policy": { - "description": "policy contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ImageSigstoreVerificationPolicy" - }, - "scopes": { - "description": "scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", + "groups": { + "description": "groups is a list of groups used to match against an individual user's groups. If the user is a member of one of the whitelisted groups, the user is allowed to be bound to a role.", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "set" + } + }, + "labels": { + "description": "Selectors specifies a list of label selectors over group labels.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + } } } }, - "com.github.openshift.api.config.v1alpha1.ClusterImagePolicyStatus": { + "com.github.openshift.api.authorization.v1.IsPersonalSubjectAccessReview": { + "description": "IsPersonalSubjectAccessReview is a marker for PolicyRule.AttributeRestrictions that denotes that subjectaccessreviews on self should be allowed\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "properties": { - "conditions": { - "description": "conditions provide details on the status of this API Resource.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" } } }, - "com.github.openshift.api.config.v1alpha1.ClusterMonitoring": { - "description": "ClusterMonitoring is the Custom Resource object which holds the current status of Cluster Monitoring Operator. CMO is a central component of the monitoring stack.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. ClusterMonitoring is the Schema for the Cluster Monitoring Operators API", + "com.github.openshift.api.authorization.v1.LocalResourceAccessReview": { + "description": "LocalResourceAccessReview is a means to request a list of which users and groups are authorized to perform the action specified by spec in a particular namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "spec" + "namespace", + "verb", + "resourceAPIGroup", + "resourceAPIVersion", + "resource", + "resourceName", + "path", + "isNonResourceURL" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "content": { + "description": "content is the actual content of the request for create and update", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + }, + "isNonResourceURL": { + "description": "isNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hierarchy)", + "type": "boolean", + "default": false + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object metadata.", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "spec": { - "description": "spec holds user configuration for the Cluster Monitoring Operator", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ClusterMonitoringSpec" + "namespace": { + "description": "namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces", + "type": "string", + "default": "" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ClusterMonitoringStatus" + "path": { + "description": "path is the path of a non resource URL", + "type": "string", + "default": "" + }, + "resource": { + "description": "resource is one of the existing resource types", + "type": "string", + "default": "" + }, + "resourceAPIGroup": { + "description": "Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined", + "type": "string", + "default": "" + }, + "resourceAPIVersion": { + "description": "Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined", + "type": "string", + "default": "" + }, + "resourceName": { + "description": "resourceName is the name of the resource being requested for a \"get\" or deleted for a \"delete\"", + "type": "string", + "default": "" + }, + "verb": { + "description": "verb is one of: get, list, watch, create, update, delete", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1alpha1.ClusterMonitoringList": { - "description": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.authorization.v1.LocalSubjectAccessReview": { + "description": "LocalSubjectAccessReview is an object for requesting information about whether a user or group can perform an action in a particular namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "namespace", + "verb", + "resourceAPIGroup", + "resourceAPIVersion", + "resource", + "resourceName", + "path", + "isNonResourceURL", + "user", + "groups", + "scopes" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "items is a list of ClusterMonitoring", + "content": { + "description": "content is the actual content of the request for create and update", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + }, + "groups": { + "description": "groups is optional. Groups is the list of groups to which the User belongs.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ClusterMonitoring" + "type": "string", + "default": "" } }, + "isNonResourceURL": { + "description": "isNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hierarchy)", + "type": "boolean", + "default": false + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard list metadata.", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "namespace": { + "description": "namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces", + "type": "string", + "default": "" + }, + "path": { + "description": "path is the path of a non resource URL", + "type": "string", + "default": "" + }, + "resource": { + "description": "resource is one of the existing resource types", + "type": "string", + "default": "" + }, + "resourceAPIGroup": { + "description": "Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined", + "type": "string", + "default": "" + }, + "resourceAPIVersion": { + "description": "Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined", + "type": "string", + "default": "" + }, + "resourceName": { + "description": "resourceName is the name of the resource being requested for a \"get\" or deleted for a \"delete\"", + "type": "string", + "default": "" + }, + "scopes": { + "description": "scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\". Nil for a self-SAR, means \"use the scopes on this request\". Nil for a regular SAR, means the same as empty.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "user": { + "description": "user is optional. If both User and Groups are empty, the current authenticated user is used.", + "type": "string", + "default": "" + }, + "verb": { + "description": "verb is one of: get, list, watch, create, update, delete", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1alpha1.ClusterMonitoringSpec": { - "description": "ClusterMonitoringSpec defines the desired state of Cluster Monitoring Operator", + "com.github.openshift.api.authorization.v1.NamedClusterRole": { + "description": "NamedClusterRole relates a name with a cluster role", "type": "object", + "required": [ + "name", + "role" + ], "properties": { - "alertmanagerConfig": { - "description": "alertmanagerConfig allows users to configure how the default Alertmanager instance should be deployed in the `openshift-monitoring` namespace. alertmanagerConfig is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `DefaultConfig`.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.AlertmanagerConfig" - }, - "metricsServerConfig": { - "description": "metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.MetricsServerConfig" - }, - "prometheusOperatorConfig": { - "description": "prometheusOperatorConfig is an optional field that can be used to configure the Prometheus Operator component. Specifically, it can configure how the Prometheus Operator instance is deployed, pod scheduling, and resource allocation. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig" + "name": { + "description": "name is the name of the cluster role", + "type": "string", + "default": "" }, - "userDefined": { - "description": "userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. userDefined is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `Disabled`.", + "role": { + "description": "role is the cluster role being named", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring" + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.ClusterRole" } } }, - "com.github.openshift.api.config.v1alpha1.ClusterMonitoringStatus": { - "description": "ClusterMonitoringStatus defines the observed state of ClusterMonitoring", - "type": "object" - }, - "com.github.openshift.api.config.v1alpha1.ContainerResource": { - "description": "ContainerResource defines a single resource requirement for a container.", + "com.github.openshift.api.authorization.v1.NamedClusterRoleBinding": { + "description": "NamedClusterRoleBinding relates a name with a cluster role binding", "type": "object", "required": [ - "name" + "name", + "roleBinding" ], "properties": { - "limit": { - "description": "limit is the maximum amount of the resource allowed (e.g. \"2Mi\", \"1Gi\"). This field is optional. When request is specified, limit cannot be less than request. The value must be greater than 0 when specified.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" - }, "name": { - "description": "name of the resource (e.g. \"cpu\", \"memory\", \"hugepages-2Mi\"). This field is required. name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character.", - "type": "string" + "description": "name is the name of the cluster role binding", + "type": "string", + "default": "" }, - "request": { - "description": "request is the minimum amount of the resource required (e.g. \"2Mi\", \"1Gi\"). This field is optional. When limit is specified, request cannot be greater than limit.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + "roleBinding": { + "description": "roleBinding is the cluster role binding being named", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.ClusterRoleBinding" } } }, - "com.github.openshift.api.config.v1alpha1.EtcdBackupSpec": { - "description": "EtcdBackupSpec provides configuration for automated etcd backups to the cluster-etcd-operator", + "com.github.openshift.api.authorization.v1.NamedRole": { + "description": "NamedRole relates a Role with a name", "type": "object", + "required": [ + "name", + "role" + ], "properties": { - "pvcName": { - "description": "pvcName specifies the name of the PersistentVolumeClaim (PVC) which binds a PersistentVolume where the etcd backup files would be saved The PVC itself must always be created in the \"openshift-etcd\" namespace If the PVC is left unspecified \"\" then the platform will choose a reasonable default location to save the backup. In the future this would be backups saved across the control-plane master nodes.", + "name": { + "description": "name is the name of the role", "type": "string", "default": "" }, - "retentionPolicy": { - "description": "retentionPolicy defines the retention policy for retaining and deleting existing backups.", + "role": { + "description": "role is the role being named", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RetentionPolicy" - }, - "schedule": { - "description": "schedule defines the recurring backup schedule in Cron format every 2 hours: 0 */2 * * * every day at 3am: 0 3 * * * Empty string means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. The current default is \"no backups\", but will change in the future.", + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.Role" + } + } + }, + "com.github.openshift.api.authorization.v1.NamedRoleBinding": { + "description": "NamedRoleBinding relates a role binding with a name", + "type": "object", + "required": [ + "name", + "roleBinding" + ], + "properties": { + "name": { + "description": "name is the name of the role binding", "type": "string", "default": "" }, - "timeZone": { - "description": "The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. If not specified, this will default to the time zone of the kube-controller-manager process. See https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones", - "type": "string", - "default": "" + "roleBinding": { + "description": "roleBinding is the role binding being named", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.RoleBinding" } } }, - "com.github.openshift.api.config.v1alpha1.GatherConfig": { - "description": "gatherConfig provides data gathering configuration options.", + "com.github.openshift.api.authorization.v1.PolicyRule": { + "description": "PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.", "type": "object", + "required": [ + "verbs", + "resources" + ], "properties": { - "dataPolicy": { - "description": "dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. Valid values are \"None\" and \"ObfuscateNetworking\". When set to None the data is not obfuscated. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", - "type": "string" + "apiGroups": { + "description": "apiGroups is the name of the APIGroup that contains the resources. If this field is empty, then both kubernetes and origin API groups are assumed. That means that if an action is requested against one of the enumerated resources in either the kubernetes or the origin API group, the request will be allowed", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "attributeRestrictions": { + "description": "attributeRestrictions will vary depending on what the Authorizer/AuthorizationAttributeBuilder pair supports. If the Authorizer does not recognize how to handle the AttributeRestrictions, the Authorizer should report an error.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" }, - "disabledGatherers": { - "description": "disabledGatherers is a list of gatherers to be excluded from the gathering. All the gatherers can be disabled by providing \"all\" value. If all the gatherers are disabled, the Insights operator does not gather any data. The format for the disabledGatherer should be: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\" An example of disabling gatherers looks like this: `disabledGatherers: [\"clusterconfig/machine_configs\", \"workloads/workload_info\"]`", + "nonResourceURLs": { + "description": "NonResourceURLsSlice is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path This name is intentionally different than the internal type so that the DefaultConvert works nicely and because the ordering may be different.", "type": "array", "items": { "type": "string", "default": "" } }, - "storage": { - "description": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Storage" + "resourceNames": { + "description": "resourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "resources": { + "description": "resources is a list of resources this rule applies to. ResourceAll represents all resources.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "verbs": { + "description": "verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.config.v1alpha1.ImagePolicy": { - "description": "ImagePolicy holds namespace-wide configuration for image signature verification\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.authorization.v1.ResourceAccessReview": { + "description": "ResourceAccessReview is a means to request a list of which users and groups are authorized to perform the action specified by spec\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "spec" + "namespace", + "verb", + "resourceAPIGroup", + "resourceAPIVersion", + "resource", + "resourceName", + "path", + "isNonResourceURL" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "content": { + "description": "content is the actual content of the request for create and update", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + }, + "isNonResourceURL": { + "description": "isNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hierarchy)", + "type": "boolean", + "default": false + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -12726,185 +13353,94 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ImagePolicySpec" + "namespace": { + "description": "namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces", + "type": "string", + "default": "" }, - "status": { - "description": "status contains the observed state of the resource.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ImagePolicyStatus" - } - } - }, - "com.github.openshift.api.config.v1alpha1.ImagePolicyFulcioCAWithRekorRootOfTrust": { - "description": "ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key.", - "type": "object", - "required": [ - "fulcioCAData", - "rekorKeyData", - "fulcioSubject" - ], - "properties": { - "fulcioCAData": { - "description": "fulcioCAData contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters.", + "path": { + "description": "path is the path of a non resource URL", "type": "string", - "format": "byte" + "default": "" }, - "fulcioSubject": { - "description": "fulcioSubject specifies OIDC issuer and the email of the Fulcio authentication configuration.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PolicyFulcioSubject" + "resource": { + "description": "resource is one of the existing resource types", + "type": "string", + "default": "" }, - "rekorKeyData": { - "description": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", + "resourceAPIGroup": { + "description": "Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined", "type": "string", - "format": "byte" + "default": "" + }, + "resourceAPIVersion": { + "description": "Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined", + "type": "string", + "default": "" + }, + "resourceName": { + "description": "resourceName is the name of the resource being requested for a \"get\" or deleted for a \"delete\"", + "type": "string", + "default": "" + }, + "verb": { + "description": "verb is one of: get, list, watch, create, update, delete", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1alpha1.ImagePolicyList": { - "description": "ImagePolicyList is a list of ImagePolicy resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.authorization.v1.ResourceAccessReviewResponse": { + "description": "ResourceAccessReviewResponse describes who can perform the action\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "metadata", - "items" + "users", + "groups", + "evalutionError" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { + "evalutionError": { + "description": "EvaluationError is an indication that some error occurred during resolution, but partial results can still be returned. It is entirely possible to get an error and be able to continue determine authorization status in spite of it. This is most common when a bound role is missing, but enough roles are still present and bound to reason about the request.", + "type": "string", + "default": "" + }, + "groups": { + "description": "GroupsSlice is the list of groups who can perform the action", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ImagePolicy" + "type": "string", + "default": "" } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.config.v1alpha1.ImagePolicyPKIRootOfTrust": { - "description": "ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates.", - "type": "object", - "required": [ - "caRootsData", - "pkiCertificateSubject" - ], - "properties": { - "caIntermediatesData": { - "description": "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set.", - "type": "string", - "format": "byte" - }, - "caRootsData": { - "description": "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters.", - "type": "string", - "format": "byte" - }, - "pkiCertificateSubject": { - "description": "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PKICertificateSubject" - } - } - }, - "com.github.openshift.api.config.v1alpha1.ImagePolicyPublicKeyRootOfTrust": { - "description": "ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key.", - "type": "object", - "required": [ - "keyData" - ], - "properties": { - "keyData": { - "description": "keyData contains inline base64-encoded data for the PEM format public key. KeyData must be at most 8192 characters.", - "type": "string", - "format": "byte" - }, - "rekorKeyData": { - "description": "rekorKeyData contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", - "type": "string", - "format": "byte" - } - } - }, - "com.github.openshift.api.config.v1alpha1.ImagePolicySpec": { - "description": "ImagePolicySpec is the specification of the ImagePolicy CRD.", - "type": "object", - "required": [ - "scopes", - "policy" - ], - "properties": { - "policy": { - "description": "policy contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ImageSigstoreVerificationPolicy" + "namespace": { + "description": "namespace is the namespace used for the access review", + "type": "string" }, - "scopes": { - "description": "scopes defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", + "users": { + "description": "UsersSlice is the list of users who can perform the action", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "set" - } - } - }, - "com.github.openshift.api.config.v1alpha1.ImagePolicyStatus": { - "type": "object", - "properties": { - "conditions": { - "description": "conditions provide details on the status of this API Resource.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - } - } - }, - "com.github.openshift.api.config.v1alpha1.ImageSigstoreVerificationPolicy": { - "description": "ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list.", - "type": "object", - "required": [ - "rootOfTrust" - ], - "properties": { - "rootOfTrust": { - "description": "rootOfTrust specifies the root of trust for the policy.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PolicyRootOfTrust" - }, - "signedIdentity": { - "description": "signedIdentity specifies what image identity the signature claims about the image. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PolicyIdentity" + } } } }, - "com.github.openshift.api.config.v1alpha1.InsightsDataGather": { - "description": "InsightsDataGather provides data gather configuration options for the the Insights Operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.authorization.v1.Role": { + "description": "Role is a logical grouping of PolicyRules that can be referenced as a unit by RoleBindings.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "spec" + "rules" ], "properties": { "apiVersion": { @@ -12918,37 +13454,36 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.InsightsDataGatherSpec" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.InsightsDataGatherStatus" + "rules": { + "description": "rules holds all the PolicyRules for this Role", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.PolicyRule" + } } } }, - "com.github.openshift.api.config.v1alpha1.InsightsDataGatherList": { - "description": "InsightsDataGatherList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.authorization.v1.RoleBinding": { + "description": "RoleBinding references a Role, but not contain it. It can reference any Role in the same namespace or in the global namespace. It adds who information via (Users and Groups) OR Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace (excepting the master namespace which has power in all namespaces).\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "metadata", - "items" + "subjects", + "roleRef" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { + "groupNames": { + "description": "groupNames holds all the groups directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.InsightsDataGather" + "type": "string", + "default": "" } }, "kind": { @@ -12956,487 +13491,402 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.config.v1alpha1.InsightsDataGatherSpec": { - "type": "object", - "properties": { - "gatherConfig": { - "description": "gatherConfig spec attribute includes all the configuration options related to gathering of the Insights data and its uploading to the ingress.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.GatherConfig" - } - } - }, - "com.github.openshift.api.config.v1alpha1.InsightsDataGatherStatus": { - "type": "object" - }, - "com.github.openshift.api.config.v1alpha1.MetricsServerConfig": { - "description": "MetricsServerConfig provides configuration options for the Metrics Server instance that runs in the `openshift-monitoring` namespace. Use this configuration to control how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled.", - "type": "object", - "properties": { - "audit": { - "description": "audit defines the audit configuration used by the Metrics Server instance. audit is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default sets audit.profile to Metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Audit" - }, - "nodeSelector": { - "description": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "resources": { - "description": "resources defines the compute resource requests and limits for the Metrics Server container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "roleRef": { + "description": "roleRef can only reference the current namespace and the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. Since Policy is a singleton, this is sufficient knowledge to locate a role.", + "default": {}, + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" }, - "tolerations": { - "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "subjects": { + "description": "subjects hold object references to authorize with this rule. This field is ignored if UserNames or GroupNames are specified to support legacy clients and servers. Thus newer clients that do not need to support backwards compatibility should send only fully qualified Subjects and should omit the UserNames and GroupNames fields. Clients that need to support backwards compatibility can use this field to build the UserNames and GroupNames.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + } }, - "topologySpreadConstraints": { - "description": "topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "userNames": { + "description": "userNames holds all the usernames directly bound to the role. This field should only be specified when supporting legacy clients and servers. See Subjects for further details.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint" - }, - "x-kubernetes-list-map-keys": [ - "topologyKey", - "whenUnsatisfiable" - ], - "x-kubernetes-list-type": "map" - }, - "verbosity": { - "description": "verbosity defines the verbosity of log messages for Metrics Server. Valid values are Errors, Info, Trace, TraceAll and omitted. When set to Errors, only critical messages and errors are logged. When set to Info, only basic information messages are logged. When set to Trace, information useful for general debugging is logged. When set to TraceAll, detailed information about metric scraping is logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Errors`", - "type": "string" - } - } - }, - "com.github.openshift.api.config.v1alpha1.PKICertificateSubject": { - "description": "PKICertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", - "type": "object", - "properties": { - "email": { - "description": "email specifies the expected email address imposed on the subject to which the certificate was issued, and must match the email address listed in the Subject Alternative Name (SAN) field of the certificate. The email should be a valid email address and at most 320 characters in length.", - "type": "string" - }, - "hostname": { - "description": "hostname specifies the expected hostname imposed on the subject to which the certificate was issued, and it must match the hostname listed in the Subject Alternative Name (SAN) DNS field of the certificate. The hostname should be a valid dns 1123 subdomain name, optionally prefixed by '*.', and at most 253 characters in length. It should consist only of lowercase alphanumeric characters, hyphens, periods and the optional preceding asterisk.", - "type": "string" - } - } - }, - "com.github.openshift.api.config.v1alpha1.PersistentVolumeClaimReference": { - "description": "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "description": "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", - "type": "string", - "default": "" + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.config.v1alpha1.PersistentVolumeConfig": { - "description": "persistentVolumeConfig provides configuration options for PersistentVolume storage.", + "com.github.openshift.api.authorization.v1.RoleBindingList": { + "description": "RoleBindingList is a collection of RoleBindings\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "claim" + "items" ], "properties": { - "claim": { - "description": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PersistentVolumeClaimReference" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "mountPath": { - "description": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", + "items": { + "description": "items is a list of RoleBindings", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.RoleBinding" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - } - } - }, - "com.github.openshift.api.config.v1alpha1.PolicyFulcioSubject": { - "description": "PolicyFulcioSubject defines the OIDC issuer and the email of the Fulcio authentication configuration.", - "type": "object", - "required": [ - "oidcIssuer", - "signedEmail" - ], - "properties": { - "oidcIssuer": { - "description": "oidcIssuer contains the expected OIDC issuer. It will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL. When Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token. Example: \"https://expected.OIDC.issuer/\"", - "type": "string", - "default": "" }, - "signedEmail": { - "description": "signedEmail holds the email address the the Fulcio certificate is issued for. Example: \"expected-signing-user@example.com\"", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1alpha1.PolicyIdentity": { - "description": "PolicyIdentity defines image identity the signature claims about the image. When omitted, the default matchPolicy is \"MatchRepoDigestOrExact\".", + "com.github.openshift.api.authorization.v1.RoleBindingRestriction": { + "description": "RoleBindingRestriction is an object that can be matched against a subject (user, group, or service account) to determine whether rolebindings on that subject are allowed in the namespace to which the RoleBindingRestriction belongs. If any one of those RoleBindingRestriction objects matches a subject, rolebindings on that subject in the namespace are allowed.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "matchPolicy" + "metadata", + "spec" ], "properties": { - "exactRepository": { - "description": "exactRepository is required if matchPolicy is set to \"ExactRepository\".", - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PolicyMatchExactRepository" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "matchPolicy": { - "description": "matchPolicy sets the type of matching to be used. Valid values are \"MatchRepoDigestOrExact\", \"MatchRepository\", \"ExactRepository\", \"RemapIdentity\". When omitted, the default value is \"MatchRepoDigestOrExact\". If set matchPolicy to ExactRepository, then the exactRepository must be specified. If set matchPolicy to RemapIdentity, then the remapIdentity must be specified. \"MatchRepoDigestOrExact\" means that the identity in the signature must be in the same repository as the image identity if the image identity is referenced by a digest. Otherwise, the identity in the signature must be the same as the image identity. \"MatchRepository\" means that the identity in the signature must be in the same repository as the image identity. \"ExactRepository\" means that the identity in the signature must be in the same repository as a specific identity specified by \"repository\". \"RemapIdentity\" means that the signature must be in the same as the remapped image identity. Remapped image identity is obtained by replacing the \"prefix\" with the specified “signedPrefix” if the the image identity matches the specified remapPrefix.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "remapIdentity": { - "description": "remapIdentity is required if matchPolicy is set to \"RemapIdentity\".", - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PolicyMatchRemapIdentity" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "matchPolicy", - "fields-to-discriminateBy": { - "exactRepository": "PolicyMatchExactRepository", - "remapIdentity": "PolicyMatchRemapIdentity" - } - } - ] - }, - "com.github.openshift.api.config.v1alpha1.PolicyMatchExactRepository": { - "type": "object", - "required": [ - "repository" - ], - "properties": { - "repository": { - "description": "repository is the reference of the image identity to be matched. The value should be a repository name (by omitting the tag or digest) in a registry implementing the \"Docker Registry HTTP API V2\". For example, docker.io/library/busybox", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.config.v1alpha1.PolicyMatchRemapIdentity": { - "type": "object", - "required": [ - "prefix", - "signedPrefix" - ], - "properties": { - "prefix": { - "description": "prefix is the prefix of the image identity to be matched. If the image identity matches the specified prefix, that prefix is replaced by the specified “signedPrefix” (otherwise it is used as unchanged and no remapping takes place). This useful when verifying signatures for a mirror of some other repository namespace that preserves the vendor’s repository structure. The prefix and signedPrefix values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "signedPrefix": { - "description": "signedPrefix is the prefix of the image identity to be matched in the signature. The format is the same as \"prefix\". The values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", - "type": "string", - "default": "" + "spec": { + "description": "spec defines the matcher.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.RoleBindingRestrictionSpec" } } }, - "com.github.openshift.api.config.v1alpha1.PolicyRootOfTrust": { - "description": "PolicyRootOfTrust defines the root of trust based on the selected policyType.", + "com.github.openshift.api.authorization.v1.RoleBindingRestrictionList": { + "description": "RoleBindingRestrictionList is a collection of RoleBindingRestriction objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "policyType" + "items" ], "properties": { - "fulcioCAWithRekor": { - "description": "fulcioCAWithRekor defines the root of trust based on the Fulcio certificate and the Rekor public key. For more information about Fulcio and Rekor, please refer to the document at: https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor", - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ImagePolicyFulcioCAWithRekorRootOfTrust" - }, - "pki": { - "description": "pki defines the root of trust based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates.", - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ImagePolicyPKIRootOfTrust" - }, - "policyType": { - "description": "policyType serves as the union's discriminator. Users are required to assign a value to this field, choosing one of the policy types that define the root of trust. \"PublicKey\" indicates that the policy relies on a sigstore publicKey and may optionally use a Rekor verification. \"FulcioCAWithRekor\" indicates that the policy is based on the Fulcio certification and incorporates a Rekor verification. \"PKI\" indicates that the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate.", - "type": "string", - "default": "" - }, - "publicKey": { - "description": "publicKey defines the root of trust based on a sigstore public key.", - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ImagePolicyPublicKeyRootOfTrust" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "policyType", - "fields-to-discriminateBy": { - "fulcioCAWithRekor": "FulcioCAWithRekor", - "pki": "PKI", - "publicKey": "PublicKey" - } - } - ] - }, - "com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig": { - "description": "PrometheusOperatorConfig provides configuration options for the Prometheus Operator instance Use this configuration to control how the Prometheus Operator instance is deployed, how it logs, and how its pods are scheduled.", - "type": "object", - "properties": { - "logLevel": { - "description": "logLevel defines the verbosity of logs emitted by Prometheus Operator. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "nodeSelector": { - "description": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "resources": { - "description": "resources defines the compute resource requests and limits for the Prometheus Operator container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 10. Minimum length for this list is 1. Each resource name must be unique within this list.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "tolerations": { - "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" - }, - "x-kubernetes-list-type": "atomic" - }, - "topologySpreadConstraints": { - "description": "topologySpreadConstraints defines rules for how Prometheus Operator Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "items": { + "description": "items is a list of RoleBindingRestriction objects.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint" - }, - "x-kubernetes-list-map-keys": [ - "topologyKey", - "whenUnsatisfiable" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.RoleBindingRestriction" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.config.v1alpha1.RetentionNumberConfig": { - "description": "RetentionNumberConfig specifies the configuration of the retention policy on the number of backups", + "com.github.openshift.api.authorization.v1.RoleBindingRestrictionSpec": { + "description": "RoleBindingRestrictionSpec defines a rolebinding restriction. Exactly one field must be non-nil.", "type": "object", "required": [ - "maxNumberOfBackups" + "userrestriction", + "grouprestriction", + "serviceaccountrestriction" ], "properties": { - "maxNumberOfBackups": { - "description": "maxNumberOfBackups defines the maximum number of backups to retain. If the existing number of backups saved is equal to MaxNumberOfBackups then the oldest backup will be removed before a new backup is initiated.", - "type": "integer", - "format": "int32", - "default": 0 + "grouprestriction": { + "description": "grouprestriction matches against group subjects.", + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.GroupRestriction" + }, + "serviceaccountrestriction": { + "description": "serviceaccountrestriction matches against service-account subjects.", + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.ServiceAccountRestriction" + }, + "userrestriction": { + "description": "userrestriction matches against user subjects.", + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.UserRestriction" } } }, - "com.github.openshift.api.config.v1alpha1.RetentionPolicy": { - "description": "RetentionPolicy defines the retention policy for retaining and deleting existing backups. This struct is a discriminated union that allows users to select the type of retention policy from the supported types.", + "com.github.openshift.api.authorization.v1.RoleList": { + "description": "RoleList is a collection of Roles\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "retentionType" + "items" ], "properties": { - "retentionNumber": { - "description": "retentionNumber configures the retention policy based on the number of backups", - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RetentionNumberConfig" - }, - "retentionSize": { - "description": "retentionSize configures the retention policy based on the size of backups", - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RetentionSizeConfig" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "retentionType": { - "description": "retentionType sets the type of retention policy. Currently, the only valid policies are retention by number of backups (RetentionNumber), by the size of backups (RetentionSize). More policies or types may be added in the future. Empty string means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. The current default is RetentionNumber with 15 backups kept.\n\nPossible enum values:\n - `\"RetentionNumber\"` sets the retention policy based on the number of backup files saved\n - `\"RetentionSize\"` sets the retention policy based on the total size of the backup files saved", - "type": "string", - "default": "", - "enum": [ - "RetentionNumber", - "RetentionSize" - ] - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "retentionType", - "fields-to-discriminateBy": { - "retentionNumber": "RetentionNumber", - "retentionSize": "RetentionSize" + "items": { + "description": "items is a list of Roles", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.Role" } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } - ] + } }, - "com.github.openshift.api.config.v1alpha1.RetentionSizeConfig": { - "description": "RetentionSizeConfig specifies the configuration of the retention policy on the total size of backups", + "com.github.openshift.api.authorization.v1.SelfSubjectRulesReview": { + "description": "SelfSubjectRulesReview is a resource you can create to determine which actions you can perform in a namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "maxSizeOfBackupsGb" + "spec" ], "properties": { - "maxSizeOfBackupsGb": { - "description": "maxSizeOfBackupsGb defines the total size in GB of backups to retain. If the current total size backups exceeds MaxSizeOfBackupsGb then the oldest backup will be removed before a new backup is initiated.", - "type": "integer", - "format": "int32", - "default": 0 + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec adds information about how to conduct the check", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.SelfSubjectRulesReviewSpec" + }, + "status": { + "description": "status is completed by the server to tell which permissions you have", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.SubjectRulesReviewStatus" } } }, - "com.github.openshift.api.config.v1alpha1.Storage": { - "description": "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", + "com.github.openshift.api.authorization.v1.SelfSubjectRulesReviewSpec": { + "description": "SelfSubjectRulesReviewSpec adds information about how to conduct the check", "type": "object", "required": [ - "type" + "scopes" ], "properties": { - "persistentVolume": { - "description": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PersistentVolumeConfig" - }, - "type": { - "description": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field.", - "type": "string", - "default": "" + "scopes": { + "description": "scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\". Nil means \"use the scopes on this request\".", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring": { - "description": "UserDefinedMonitoring config for user-defined projects.", + "com.github.openshift.api.authorization.v1.ServiceAccountReference": { + "description": "ServiceAccountReference specifies a service account and namespace by their names.", "type": "object", "required": [ - "mode" + "name", + "namespace" ], "properties": { - "mode": { - "description": "mode defines the different configurations of UserDefinedMonitoring Valid values are Disabled and NamespaceIsolated Disabled disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces. NamespaceIsolated enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level. The current default value is `Disabled`.\n\nPossible enum values:\n - `\"Disabled\"` disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces.\n - `\"NamespaceIsolated\"` enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level.", + "name": { + "description": "name is the name of the service account.", "type": "string", - "default": "", - "enum": [ - "Disabled", - "NamespaceIsolated" - ] + "default": "" + }, + "namespace": { + "description": "namespace is the namespace of the service account. Service accounts from inside the whitelisted namespaces are allowed to be bound to roles. If Namespace is empty, then the namespace of the RoleBindingRestriction in which the ServiceAccountReference is embedded is used.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1alpha2.Custom": { - "description": "custom provides the custom configuration of gatherers", + "com.github.openshift.api.authorization.v1.ServiceAccountRestriction": { + "description": "ServiceAccountRestriction matches a service account by a string match on either the service-account name or the name of the service account's namespace.", "type": "object", "required": [ - "configs" + "serviceaccounts", + "namespaces" ], "properties": { - "configs": { - "description": "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + "namespaces": { + "description": "namespaces specifies a list of literal namespace names.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "serviceaccounts": { + "description": "serviceaccounts specifies a list of literal service-account names.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.GathererConfig" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.ServiceAccountReference" + } } } }, - "com.github.openshift.api.config.v1alpha2.GatherConfig": { - "description": "gatherConfig provides data gathering configuration options.", + "com.github.openshift.api.authorization.v1.SubjectAccessReview": { + "description": "SubjectAccessReview is an object for requesting information about whether a user or group can perform an action\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "gatherers" + "namespace", + "verb", + "resourceAPIGroup", + "resourceAPIVersion", + "resource", + "resourceName", + "path", + "isNonResourceURL", + "user", + "groups", + "scopes" ], "properties": { - "dataPolicy": { - "description": "dataPolicy is an optional list of DataPolicyOptions that allows user to enable additional obfuscation of the Insights archive data. It may not exceed 2 items and must not contain duplicates. Valid values are ObfuscateNetworking and WorkloadNames. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When set to WorkloadNames, the gathered data about cluster resources will not contain the workload names for your deployments. Resources UIDs will be used instead. When omitted no obfuscation is applied.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "content": { + "description": "content is the actual content of the request for create and update", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + }, + "groups": { + "description": "GroupsSlice is optional. Groups is the list of groups to which the User belongs.", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } }, - "gatherers": { - "description": "gatherers is a required field that specifies the configuration of the gatherers.", + "isNonResourceURL": { + "description": "isNonResourceURL is true if this is a request for a non-resource URL (outside of the resource hierarchy)", + "type": "boolean", + "default": false + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.Gatherers" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "storage": { - "description": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.Storage" - } - } - }, - "com.github.openshift.api.config.v1alpha2.GathererConfig": { - "description": "gathererConfig allows to configure specific gatherers", - "type": "object", - "required": [ - "name", - "state" - ], - "properties": { - "name": { - "description": "name is the required name of a specific gatherer It may not exceed 256 characters. The format for a gatherer name is: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + "namespace": { + "description": "namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces", "type": "string", "default": "" }, - "state": { - "description": "state is a required field that allows you to configure specific gatherer. Valid values are \"Enabled\" and \"Disabled\". When set to Enabled the gatherer will run. When set to Disabled the gatherer will not run.", + "path": { + "description": "path is the path of a non resource URL", + "type": "string", + "default": "" + }, + "resource": { + "description": "resource is one of the existing resource types", + "type": "string", + "default": "" + }, + "resourceAPIGroup": { + "description": "Group is the API group of the resource Serialized as resourceAPIGroup to avoid confusion with the 'groups' field when inlined", + "type": "string", + "default": "" + }, + "resourceAPIVersion": { + "description": "Version is the API version of the resource Serialized as resourceAPIVersion to avoid confusion with TypeMeta.apiVersion and ObjectMeta.resourceVersion when inlined", + "type": "string", + "default": "" + }, + "resourceName": { + "description": "resourceName is the name of the resource being requested for a \"get\" or deleted for a \"delete\"", + "type": "string", + "default": "" + }, + "scopes": { + "description": "scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\". Nil for a self-SAR, means \"use the scopes on this request\". Nil for a regular SAR, means the same as empty.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "user": { + "description": "user is optional. If both User and Groups are empty, the current authenticated user is used.", + "type": "string", + "default": "" + }, + "verb": { + "description": "verb is one of: get, list, watch, create, update, delete", "type": "string", "default": "" } } }, - "com.github.openshift.api.config.v1alpha2.Gatherers": { + "com.github.openshift.api.authorization.v1.SubjectAccessReviewResponse": { + "description": "SubjectAccessReviewResponse describes whether or not a user or group can perform an action\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "mode" + "allowed" ], "properties": { - "custom": { - "description": "custom provides gathering configuration. It is required when mode is Custom, and forbidden otherwise. Custom configuration allows user to disable only a subset of gatherers. Gatherers that are not explicitly disabled in custom configuration will run.", - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.Custom" + "allowed": { + "description": "allowed is required. True if the action would be allowed, false otherwise.", + "type": "boolean", + "default": false }, - "mode": { - "description": "mode is a required field that specifies the mode for gatherers. Allowed values are All, None, and Custom. When set to All, all gatherers wil run and gather data. When set to None, all gatherers will be disabled and no data will be gathered. When set to Custom, the custom configuration from the custom field will be applied.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "evaluationError": { + "description": "evaluationError is an indication that some error occurred during the authorization check. It is entirely possible to get an error and be able to continue determine authorization status in spite of it. This is most common when a bound role is missing, but enough roles are still present and bound to reason about the request.", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "namespace": { + "description": "namespace is the namespace used for the access review", + "type": "string" + }, + "reason": { + "description": "reason is optional. It indicates why a request was allowed or denied.", + "type": "string" } } }, - "com.github.openshift.api.config.v1alpha2.InsightsDataGather": { - "description": "InsightsDataGather provides data gather configuration options for the the Insights Operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.authorization.v1.SubjectRulesReview": { + "description": "SubjectRulesReview is a resource you can create to determine which actions another user can perform in a namespace\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "spec" @@ -13453,152 +13903,243 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { - "description": "spec holds user settable values for configuration", + "description": "spec adds information about how to conduct the check", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.InsightsDataGatherSpec" + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.SubjectRulesReviewSpec" }, "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", + "description": "status is completed by the server to tell which permissions you have", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.InsightsDataGatherStatus" + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.SubjectRulesReviewStatus" } } }, - "com.github.openshift.api.config.v1alpha2.InsightsDataGatherList": { - "description": "InsightsDataGatherList is a collection of items Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.authorization.v1.SubjectRulesReviewSpec": { + "description": "SubjectRulesReviewSpec adds information about how to conduct the check", "type": "object", "required": [ - "metadata", - "items" + "user", + "groups", + "scopes" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is the required list of InsightsDataGather objects it may not exceed 100 items", + "groups": { + "description": "groups is optional. Groups is the list of groups to which the User belongs. At least one of User and Groups must be specified.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.InsightsDataGather" + "type": "string", + "default": "" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "scopes": { + "description": "scopes to use for the evaluation. Empty means \"use the unscoped (full) permissions of the user/groups\".", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "metadata": { - "description": "metadata is the required standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "user": { + "description": "user is optional. At least one of User and Groups must be specified.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.config.v1alpha2.InsightsDataGatherSpec": { + "com.github.openshift.api.authorization.v1.SubjectRulesReviewStatus": { + "description": "SubjectRulesReviewStatus is contains the result of a rules check", "type": "object", "properties": { - "gatherConfig": { - "description": "gatherConfig is an optional spec attribute that includes all the configuration options related to gathering of the Insights data and its uploading to the ingress.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.GatherConfig" + "evaluationError": { + "description": "evaluationError can appear in combination with Rules. It means some error happened during evaluation that may have prevented additional rules from being populated.", + "type": "string" + }, + "rules": { + "description": "rules is the list of rules (no particular sort) that are allowed for the subject", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.authorization.v1.PolicyRule" + } } } }, - "com.github.openshift.api.config.v1alpha2.InsightsDataGatherStatus": { - "type": "object" - }, - "com.github.openshift.api.config.v1alpha2.PersistentVolumeClaimReference": { - "description": "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", + "com.github.openshift.api.authorization.v1.UserRestriction": { + "description": "UserRestriction matches a user either by a string match on the user name, a string match on the name of a group to which the user belongs, or a label selector applied to the user labels.", "type": "object", "required": [ - "name" + "users", + "groups", + "labels" ], "properties": { - "name": { - "description": "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", - "type": "string", - "default": "" + "groups": { + "description": "groups specifies a list of literal group names.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "labels": { + "description": "Selectors specifies a list of label selectors over user labels.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + } + }, + "users": { + "description": "users specifies a list of literal user names.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.config.v1alpha2.PersistentVolumeConfig": { - "description": "persistentVolumeConfig provides configuration options for PersistentVolume storage.", + "com.github.openshift.api.build.v1.BinaryBuildRequestOptions": { + "description": "BinaryBuildRequestOptions are the options required to fully speficy a binary build request\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "claim" - ], "properties": { - "claim": { - "description": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "asFile": { + "description": "asFile determines if the binary should be created as a file within the source rather than extracted as an archive", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.PersistentVolumeClaimReference" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "mountPath": { - "description": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", + "revision.authorEmail": { + "description": "revision.authorEmail of the source control user", + "type": "string" + }, + "revision.authorName": { + "description": "revision.authorName of the source control user", + "type": "string" + }, + "revision.commit": { + "description": "revision.commit is the value identifying a specific commit", + "type": "string" + }, + "revision.committerEmail": { + "description": "revision.committerEmail of the source control user", + "type": "string" + }, + "revision.committerName": { + "description": "revision.committerName of the source control user", + "type": "string" + }, + "revision.message": { + "description": "revision.message is the description of a specific commit", "type": "string" } } }, - "com.github.openshift.api.config.v1alpha2.Storage": { - "description": "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", + "com.github.openshift.api.build.v1.BinaryBuildSource": { + "description": "BinaryBuildSource describes a binary file to be used for the Docker and Source build strategies, where the file will be extracted and used as the build source.", "type": "object", - "required": [ - "type" - ], "properties": { - "persistentVolume": { - "description": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", - "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.PersistentVolumeConfig" + "asFile": { + "description": "asFile indicates that the provided binary input should be considered a single file within the build input. For example, specifying \"webapp.war\" would place the provided binary as `/webapp.war` for the builder. If left empty, the Docker and Source build strategies assume this file is a zip, tar, or tar.gz file and extract it as the source. The custom strategy receives this binary as standard input. This filename may not contain slashes or be '..' or '.'.", + "type": "string" + } + } + }, + "com.github.openshift.api.build.v1.BitbucketWebHookCause": { + "description": "BitbucketWebHookCause has information about a Bitbucket webhook that triggered a build.", + "type": "object", + "properties": { + "revision": { + "description": "revision is the git source revision information of the trigger.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" }, - "type": { - "description": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field.", - "type": "string", - "default": "" + "secret": { + "description": "secret is the obfuscated webhook secret that triggered a build.", + "type": "string" } } }, - "com.github.openshift.api.console.v1.ApplicationMenuSpec": { - "description": "ApplicationMenuSpec is the specification of the desired section and icon used for the link in the application menu.", + "com.github.openshift.api.build.v1.Build": { + "description": "Build encapsulates the inputs needed to produce a new deployable image, as well as the status of the execution and a reference to the Pod which executed the build.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "section" - ], "properties": { - "imageURL": { - "description": "imageURL is the URL for the icon used in front of the link in the application menu. The URL must be an HTTPS URL or a Data URI. The image should be square and will be shown at 24x24 pixels.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "section": { - "description": "section is the section of the application menu in which the link should appear. This can be any text that will appear as a subheading in the application menu dropdown. A new section will be created if the text does not match text of an existing section.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec is all the inputs used to execute the build.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildSpec" + }, + "status": { + "description": "status is the current status of the build.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildStatus" } } }, - "com.github.openshift.api.console.v1.CLIDownloadLink": { + "com.github.openshift.api.build.v1.BuildCondition": { + "description": "BuildCondition describes the state of a build at a certain point.", "type": "object", "required": [ - "href" + "type", + "status" ], "properties": { - "href": { - "description": "href is the absolute secure URL for the link (must use https)", + "lastTransitionTime": { + "description": "The last time the condition transitioned from one status to another.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "lastUpdateTime": { + "description": "The last time this condition was updated.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "message": { + "description": "A human readable message indicating details about the transition.", + "type": "string" + }, + "reason": { + "description": "The reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", "type": "string", "default": "" }, - "text": { - "description": "text is the display text for the link", + "type": { + "description": "type of build condition.", "type": "string", "default": "" } } }, - "com.github.openshift.api.console.v1.ConsoleCLIDownload": { - "description": "ConsoleCLIDownload is an extension for configuring openshift web console command line interface (CLI) downloads.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.build.v1.BuildConfig": { + "description": "Build configurations define a build process for new container images. There are three types of builds possible - a container image build using a Dockerfile, a Source-to-Image build that uses a specially prepared base image that accepts source code that it can make runnable, and a custom build that can run // arbitrary container images as a base and accept the build parameters. Builds run on the cluster and on completion are pushed to the container image registry specified in the \"output\" section. A build can be triggered via a webhook, when the base image changes, or when a user manually requests a new build be // created.\n\nEach build created by a build configuration is numbered and refers back to its parent configuration. Multiple builds can be triggered at once. Builds that do not have \"output\" set can be used to test code or run a verification build.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "spec" @@ -13615,19 +14156,24 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { + "description": "spec holds all the input necessary to produce a new build, and the conditions when to trigger them.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleCLIDownloadSpec" + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildConfigSpec" + }, + "status": { + "description": "status holds any relevant information about a build config", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildConfigStatus" } } }, - "com.github.openshift.api.console.v1.ConsoleCLIDownloadList": { - "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.build.v1.BuildConfigList": { + "description": "BuildConfigList is a collection of BuildConfigs.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -13636,10 +14182,11 @@ "type": "string" }, "items": { + "description": "items is a list of build configs", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleCLIDownload" + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildConfig" } }, "kind": { @@ -13649,70 +14196,115 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.console.v1.ConsoleCLIDownloadSpec": { - "description": "ConsoleCLIDownloadSpec is the desired cli download configuration.", + "com.github.openshift.api.build.v1.BuildConfigSpec": { + "description": "BuildConfigSpec describes when and how builds are created", "type": "object", "required": [ - "displayName", - "description", - "links" + "strategy" ], "properties": { - "description": { - "description": "description is the description of the CLI download (can include markdown).", - "type": "string", - "default": "" + "completionDeadlineSeconds": { + "description": "completionDeadlineSeconds is an optional duration in seconds, counted from the time when a build pod gets scheduled in the system, that the build may be active on a node before the system actively tries to terminate the build; value must be positive integer", + "type": "integer", + "format": "int64" }, - "displayName": { - "description": "displayName is the display name of the CLI download.", - "type": "string", - "default": "" + "failedBuildsHistoryLimit": { + "description": "failedBuildsHistoryLimit is the number of old failed builds to retain. When a BuildConfig is created, the 5 most recent failed builds are retained unless this value is set. If removed after the BuildConfig has been created, all failed builds are retained.", + "type": "integer", + "format": "int32" }, - "links": { - "description": "links is a list of objects that provide CLI download link details.", + "mountTrustedCA": { + "description": "mountTrustedCA bind mounts the cluster's trusted certificate authorities, as defined in the cluster's proxy configuration, into the build. This lets processes within a build trust components signed by custom PKI certificate authorities, such as private artifact repositories and HTTPS proxies.\n\nWhen this field is set to true, the contents of `/etc/pki/ca-trust` within the build are managed by the build container, and any changes to this directory or its subdirectories (for example - within a Dockerfile `RUN` instruction) are not persisted in the build's output image.", + "type": "boolean" + }, + "nodeSelector": { + "description": "nodeSelector is a selector which must be true for the build pod to fit on a node If nil, it can be overridden by default build nodeselector values for the cluster. If set to an empty map or a map with any values, default build nodeselector values are ignored.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "output": { + "description": "output describes the container image the Strategy should produce.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildOutput" + }, + "postCommit": { + "description": "postCommit is a build hook executed after the build output image is committed, before it is pushed to a registry.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildPostCommitSpec" + }, + "resources": { + "description": "resources computes resource requirements to execute the build.", + "default": {}, + "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" + }, + "revision": { + "description": "revision is the information from the source for a specific repo snapshot. This is optional.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" + }, + "runPolicy": { + "description": "runPolicy describes how the new build created from this build configuration will be scheduled for execution. This is optional, if not specified we default to \"Serial\".", + "type": "string" + }, + "serviceAccount": { + "description": "serviceAccount is the name of the ServiceAccount to use to run the pod created by this build. The pod will be allowed to use secrets referenced by the ServiceAccount", + "type": "string" + }, + "source": { + "description": "source describes the SCM in use.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildSource" + }, + "strategy": { + "description": "strategy defines how to perform a build.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildStrategy" + }, + "successfulBuildsHistoryLimit": { + "description": "successfulBuildsHistoryLimit is the number of old successful builds to retain. When a BuildConfig is created, the 5 most recent successful builds are retained unless this value is set. If removed after the BuildConfig has been created, all successful builds are retained.", + "type": "integer", + "format": "int32" + }, + "triggers": { + "description": "triggers determine how new Builds can be launched from a BuildConfig. If no triggers are defined, a new build can only occur as a result of an explicit client build creation.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.CLIDownloadLink" + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildTriggerPolicy" } } } }, - "com.github.openshift.api.console.v1.ConsoleExternalLogLink": { - "description": "ConsoleExternalLogLink is an extension for customizing OpenShift web console log links.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.build.v1.BuildConfigStatus": { + "description": "BuildConfigStatus contains current state of the build config object.", "type": "object", - "required": [ - "spec" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "imageChangeTriggers": { + "description": "imageChangeTriggers captures the runtime state of any ImageChangeTrigger specified in the BuildConfigSpec, including the value reconciled by the OpenShift APIServer for the lastTriggeredImageID. There is a single entry in this array for each image change trigger in spec. Each trigger status references the ImageStreamTag that acts as the source of the trigger.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageChangeTriggerStatus" + } }, - "spec": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleExternalLogLinkSpec" + "lastVersion": { + "description": "lastVersion is used to inform about number of last triggered build.", + "type": "integer", + "format": "int64", + "default": 0 } } }, - "com.github.openshift.api.console.v1.ConsoleExternalLogLinkList": { - "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.build.v1.BuildList": { + "description": "BuildList is a collection of Builds.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -13721,10 +14313,11 @@ "type": "string" }, "items": { + "description": "items is a list of builds", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleExternalLogLink" + "$ref": "#/definitions/com.github.openshift.api.build.v1.Build" } }, "kind": { @@ -13734,1430 +14327,1481 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.console.v1.ConsoleExternalLogLinkSpec": { - "description": "ConsoleExternalLogLinkSpec is the desired log link configuration. The log link will appear on the logs tab of the pod details page.", + "com.github.openshift.api.build.v1.BuildLog": { + "description": "BuildLog is the (unused) resource associated with the build log redirector\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "text", - "hrefTemplate" - ], "properties": { - "hrefTemplate": { - "description": "hrefTemplate is an absolute secure URL (must use https) for the log link including variables to be replaced. Variables are specified in the URL with the format ${variableName}, for instance, ${containerName} and will be replaced with the corresponding values from the resource. Resource is a pod. Supported variables are: - ${resourceName} - name of the resource which containes the logs - ${resourceUID} - UID of the resource which contains the logs\n - e.g. `11111111-2222-3333-4444-555555555555`\n- ${containerName} - name of the resource's container that contains the logs - ${resourceNamespace} - namespace of the resource that contains the logs - ${resourceNamespaceUID} - namespace UID of the resource that contains the logs - ${podLabels} - JSON representation of labels matching the pod with the logs\n - e.g. `{\"key1\":\"value1\",\"key2\":\"value2\"}`\n\ne.g., https://example.com/logs?resourceName=${resourceName}&containerName=${containerName}&resourceNamespace=${resourceNamespace}&podLabels=${podLabels}", - "type": "string", - "default": "" - }, - "namespaceFilter": { - "description": "namespaceFilter is a regular expression used to restrict a log link to a matching set of namespaces (e.g., `^openshift-`). The string is converted into a regular expression using the JavaScript RegExp constructor. If not specified, links will be displayed for all the namespaces.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "text": { - "description": "text is the display text for the link", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" } } }, - "com.github.openshift.api.console.v1.ConsoleLink": { - "description": "ConsoleLink is an extension for customizing OpenShift web console links.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.build.v1.BuildLogOptions": { + "description": "BuildLogOptions is the REST options for a build log\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "container": { + "description": "cointainer for which to stream logs. Defaults to only container if there is one container in the pod.", + "type": "string" + }, + "follow": { + "description": "follow if true indicates that the build log should be streamed until the build terminates.", + "type": "boolean" + }, + "insecureSkipTLSVerifyBackend": { + "description": "insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the serving certificate of the backend it is connecting to. This will make the HTTPS connection between the apiserver and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real kubelet. If the kubelet is configured to verify the apiserver's TLS credentials, it does not mean the connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept the actual log data coming from the real kubelet).", + "type": "boolean" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "limitBytes": { + "description": "limitBytes, If set, is the number of bytes to read from the server before terminating the log output. This may not display a complete final line of logging, and may return slightly more or slightly less than the specified limit.", + "type": "integer", + "format": "int64" }, - "spec": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleLinkSpec" + "nowait": { + "description": "nowait if true causes the call to return immediately even if the build is not available yet. Otherwise the server will wait until the build has started.", + "type": "boolean" + }, + "previous": { + "description": "previous returns previous build logs. Defaults to false.", + "type": "boolean" + }, + "sinceSeconds": { + "description": "sinceSeconds is a relative time in seconds before the current time from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", + "type": "integer", + "format": "int64" + }, + "sinceTime": { + "description": "sinceTime is an RFC3339 timestamp from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "tailLines": { + "description": "tailLines, If set, is the number of lines from the end of the logs to show. If not specified, logs are shown from the creation of the container or sinceSeconds or sinceTime", + "type": "integer", + "format": "int64" + }, + "timestamps": { + "description": "timestamps, If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line of log output. Defaults to false.", + "type": "boolean" + }, + "version": { + "description": "version of the build for which to view logs.", + "type": "integer", + "format": "int64" } } }, - "com.github.openshift.api.console.v1.ConsoleLinkList": { - "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.build.v1.BuildOutput": { + "description": "BuildOutput is input to a build strategy and describes the container image that the strategy should produce.", + "type": "object", + "properties": { + "imageLabels": { + "description": "imageLabels define a list of labels that are applied to the resulting image. If there are multiple labels with the same name then the last one in the list is used.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageLabel" + } + }, + "pushSecret": { + "description": "pushSecret is the name of a Secret that would be used for setting up the authentication for executing the Docker push to authentication enabled Docker Registry (or Docker Hub).", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + }, + "to": { + "description": "to defines an optional location to push the output of this build to. Kind must be one of 'ImageStreamTag' or 'DockerImage'. This value will be used to look up a container image repository to push to. In the case of an ImageStreamTag, the ImageStreamTag will be looked for in the namespace of the build unless Namespace is specified.", + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + } + } + }, + "com.github.openshift.api.build.v1.BuildPostCommitSpec": { + "description": "A BuildPostCommitSpec holds a build post commit hook specification. The hook executes a command in a temporary container running the build output image, immediately after the last layer of the image is committed and before the image is pushed to a registry. The command is executed with the current working directory ($PWD) set to the image's WORKDIR.\n\nThe build will be marked as failed if the hook execution fails. It will fail if the script or command return a non-zero exit code, or if there is any other error related to starting the temporary container.\n\nThere are five different ways to configure the hook. As an example, all forms below are equivalent and will execute `rake test --verbose`.\n\n1. Shell script:\n\n\t \"postCommit\": {\n\t \"script\": \"rake test --verbose\",\n\t }\n\n\tThe above is a convenient form which is equivalent to:\n\n\t \"postCommit\": {\n\t \"command\": [\"/bin/sh\", \"-ic\"],\n\t \"args\": [\"rake test --verbose\"]\n\t }\n\n2. A command as the image entrypoint:\n\n\t \"postCommit\": {\n\t \"commit\": [\"rake\", \"test\", \"--verbose\"]\n\t }\n\n\tCommand overrides the image entrypoint in the exec form, as documented in\n\tDocker: https://docs.docker.com/engine/reference/builder/#entrypoint.\n\n3. Pass arguments to the default entrypoint:\n\n\t \"postCommit\": {\n\t\t\t \"args\": [\"rake\", \"test\", \"--verbose\"]\n\t\t }\n\n\t This form is only useful if the image entrypoint can handle arguments.\n\n4. Shell script with arguments:\n\n\t \"postCommit\": {\n\t \"script\": \"rake test $1\",\n\t \"args\": [\"--verbose\"]\n\t }\n\n\tThis form is useful if you need to pass arguments that would otherwise be\n\thard to quote properly in the shell script. In the script, $0 will be\n\t\"/bin/sh\" and $1, $2, etc, are the positional arguments from Args.\n\n5. Command with arguments:\n\n\t \"postCommit\": {\n\t \"command\": [\"rake\", \"test\"],\n\t \"args\": [\"--verbose\"]\n\t }\n\n\tThis form is equivalent to appending the arguments to the Command slice.\n\nIt is invalid to provide both Script and Command simultaneously. If none of the fields are specified, the hook is not executed.", + "type": "object", + "properties": { + "args": { + "description": "args is a list of arguments that are provided to either Command, Script or the container image's default entrypoint. The arguments are placed immediately after the command to be run.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "command": { + "description": "command is the command to run. It may not be specified with Script. This might be needed if the image doesn't have `/bin/sh`, or if you do not want to use a shell. In all other cases, using Script might be more convenient.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "script": { + "description": "script is a shell script to be run with `/bin/sh -ic`. It may not be specified with Command. Use Script when a shell script is appropriate to execute the post build hook, for example for running unit tests with `rake test`. If you need control over the image entrypoint, or if the image does not have `/bin/sh`, use Command and/or Args. The `-i` flag is needed to support CentOS and RHEL images that use Software Collections (SCL), in order to have the appropriate collections enabled in the shell. E.g., in the Ruby image, this is necessary to make `ruby`, `bundle` and other binaries available in the PATH.", + "type": "string" + } + } + }, + "com.github.openshift.api.build.v1.BuildRequest": { + "description": "BuildRequest is the resource used to pass parameters to build generator\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "metadata", - "items" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { + "binary": { + "description": "binary indicates a request to build from a binary provided to the builder", + "$ref": "#/definitions/com.github.openshift.api.build.v1.BinaryBuildSource" + }, + "dockerStrategyOptions": { + "description": "dockerStrategyOptions contains additional docker-strategy specific options for the build", + "$ref": "#/definitions/com.github.openshift.api.build.v1.DockerStrategyOptions" + }, + "env": { + "description": "env contains additional environment variables you want to pass into a builder container.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleLink" + "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" } }, + "from": { + "description": "from is the reference to the ImageStreamTag that triggered the build.", + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, + "lastVersion": { + "description": "lastVersion (optional) is the LastVersion of the BuildConfig that was used to generate the build. If the BuildConfig in the generator doesn't match, a build will not be generated.", + "type": "integer", + "format": "int64" + }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "revision": { + "description": "revision is the information from the source for a specific repo snapshot.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" + }, + "sourceStrategyOptions": { + "description": "sourceStrategyOptions contains additional source-strategy specific options for the build", + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceStrategyOptions" + }, + "triggeredBy": { + "description": "triggeredBy describes which triggers started the most recent update to the build configuration and contains information about those triggers.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildTriggerCause" + } + }, + "triggeredByImage": { + "description": "triggeredByImage is the Image that triggered this build.", + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.console.v1.ConsoleLinkSpec": { - "description": "ConsoleLinkSpec is the desired console link configuration.", + "com.github.openshift.api.build.v1.BuildSource": { + "description": "BuildSource is the SCM used for the build.", "type": "object", - "required": [ - "text", - "href", - "location" - ], "properties": { - "applicationMenu": { - "description": "applicationMenu holds information about section and icon used for the link in the application menu, and it is applicable only when location is set to ApplicationMenu.", - "$ref": "#/definitions/com.github.openshift.api.console.v1.ApplicationMenuSpec" + "binary": { + "description": "binary builds accept a binary as their input. The binary is generally assumed to be a tar, gzipped tar, or zip file depending on the strategy. For container image builds, this is the build context and an optional Dockerfile may be specified to override any Dockerfile in the build context. For Source builds, this is assumed to be an archive as described above. For Source and container image builds, if binary.asFile is set the build will receive a directory with a single file. contextDir may be used when an archive is provided. Custom builds will receive this binary as input on STDIN.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.BinaryBuildSource" }, - "href": { - "description": "href is the absolute URL for the link. Must use https:// for web URLs or mailto: for email links.", - "type": "string", - "default": "" + "configMaps": { + "description": "configMaps represents a list of configMaps and their destinations that will be used for the build.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.ConfigMapBuildSource" + } }, - "location": { - "description": "location determines which location in the console the link will be appended to (ApplicationMenu, HelpMenu, UserMenu, NamespaceDashboard).", - "type": "string", - "default": "" + "contextDir": { + "description": "contextDir specifies the sub-directory where the source code for the application exists. This allows to have buildable sources in directory other than root of repository.", + "type": "string" }, - "namespaceDashboard": { - "description": "namespaceDashboard holds information about namespaces in which the dashboard link should appear, and it is applicable only when location is set to NamespaceDashboard. If not specified, the link will appear in all namespaces.", - "$ref": "#/definitions/com.github.openshift.api.console.v1.NamespaceDashboardSpec" + "dockerfile": { + "description": "dockerfile is the raw contents of a Dockerfile which should be built. When this option is specified, the FROM may be modified based on your strategy base image and additional ENV stanzas from your strategy environment will be added after the FROM, but before the rest of your Dockerfile stanzas. The Dockerfile source type may be used with other options like git - in those cases the Git repo will have any innate Dockerfile replaced in the context dir.", + "type": "string" }, - "text": { - "description": "text is the display text for the link", - "type": "string", - "default": "" + "git": { + "description": "git contains optional information about git build source", + "$ref": "#/definitions/com.github.openshift.api.build.v1.GitBuildSource" + }, + "images": { + "description": "images describes a set of images to be used to provide source for the build", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageSource" + } + }, + "secrets": { + "description": "secrets represents a list of secrets and their destinations that will be used only for the build.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.SecretBuildSource" + } + }, + "sourceSecret": { + "description": "sourceSecret is the name of a Secret that would be used for setting up the authentication for cloning private repository. The secret contains valid credentials for remote repository, where the data's key represent the authentication method to be used and value is the base64 encoded credentials. Supported auth methods are: ssh-privatekey.", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + }, + "type": { + "description": "type of build input to accept", + "type": "string" } } }, - "com.github.openshift.api.console.v1.ConsoleNotification": { - "description": "ConsoleNotification is the extension for configuring openshift web console notifications.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.build.v1.BuildSpec": { + "description": "BuildSpec has the information to represent a build and also additional information about a build", "type": "object", "required": [ - "spec" + "strategy" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "completionDeadlineSeconds": { + "description": "completionDeadlineSeconds is an optional duration in seconds, counted from the time when a build pod gets scheduled in the system, that the build may be active on a node before the system actively tries to terminate the build; value must be positive integer", + "type": "integer", + "format": "int64" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "mountTrustedCA": { + "description": "mountTrustedCA bind mounts the cluster's trusted certificate authorities, as defined in the cluster's proxy configuration, into the build. This lets processes within a build trust components signed by custom PKI certificate authorities, such as private artifact repositories and HTTPS proxies.\n\nWhen this field is set to true, the contents of `/etc/pki/ca-trust` within the build are managed by the build container, and any changes to this directory or its subdirectories (for example - within a Dockerfile `RUN` instruction) are not persisted in the build's output image.", + "type": "boolean" + }, + "nodeSelector": { + "description": "nodeSelector is a selector which must be true for the build pod to fit on a node If nil, it can be overridden by default build nodeselector values for the cluster. If set to an empty map or a map with any values, default build nodeselector values are ignored.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "output": { + "description": "output describes the container image the Strategy should produce.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildOutput" + }, + "postCommit": { + "description": "postCommit is a build hook executed after the build output image is committed, before it is pushed to a registry.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildPostCommitSpec" + }, + "resources": { + "description": "resources computes resource requirements to execute the build.", + "default": {}, + "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" + }, + "revision": { + "description": "revision is the information from the source for a specific repo snapshot. This is optional.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" + }, + "serviceAccount": { + "description": "serviceAccount is the name of the ServiceAccount to use to run the pod created by this build. The pod will be allowed to use secrets referenced by the ServiceAccount", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "source": { + "description": "source describes the SCM in use.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildSource" }, - "spec": { + "strategy": { + "description": "strategy defines how to perform a build.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleNotificationSpec" + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildStrategy" + }, + "triggeredBy": { + "description": "triggeredBy describes which triggers started the most recent update to the build configuration and contains information about those triggers.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildTriggerCause" + } } } }, - "com.github.openshift.api.console.v1.ConsoleNotificationList": { - "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.build.v1.BuildStatus": { + "description": "BuildStatus contains the status of a build", "type": "object", - "required": [ - "metadata", - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "cancelled": { + "description": "cancelled describes if a cancel event was triggered for the build.", + "type": "boolean" }, - "items": { + "completionTimestamp": { + "description": "completionTimestamp is a timestamp representing the server time when this Build was finished, whether that build failed or succeeded. It reflects the time at which the Pod running the Build terminated. It is represented in RFC3339 form and is in UTC.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "conditions": { + "description": "conditions represents the latest available observations of a build's current state.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleNotification" - } + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildCondition" + }, + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "config": { + "description": "config is an ObjectReference to the BuildConfig this Build is based on.", + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.console.v1.ConsoleNotificationSpec": { - "description": "ConsoleNotificationSpec is the desired console notification configuration.", - "type": "object", - "required": [ - "text" - ], - "properties": { - "backgroundColor": { - "description": "backgroundColor is the color of the background for the notification as CSS data type color.", + "duration": { + "description": "duration contains time.Duration object describing build time.", + "type": "integer", + "format": "int64" + }, + "logSnippet": { + "description": "logSnippet is the last few lines of the build log. This value is only set for builds that failed.", "type": "string" }, - "color": { - "description": "color is the color of the text for the notification as CSS data type color.", + "message": { + "description": "message is a human-readable message indicating details about why the build has this status.", "type": "string" }, - "link": { - "description": "link is an object that holds notification link details.", - "$ref": "#/definitions/com.github.openshift.api.console.v1.Link" + "output": { + "description": "output describes the container image the build has produced.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildStatusOutput" }, - "location": { - "description": "location is the location of the notification in the console. Valid values are: \"BannerTop\", \"BannerBottom\", \"BannerTopBottom\".", + "outputDockerImageReference": { + "description": "outputDockerImageReference contains a reference to the container image that will be built by this build. Its value is computed from Build.Spec.Output.To, and should include the registry address, so that it can be used to push and pull the image.", "type": "string" }, - "text": { - "description": "text is the visible text of the notification.", + "phase": { + "description": "phase is the point in the build lifecycle. Possible values are \"New\", \"Pending\", \"Running\", \"Complete\", \"Failed\", \"Error\", and \"Cancelled\".", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.console.v1.ConsolePlugin": { - "description": "ConsolePlugin is an extension for customizing OpenShift web console by dynamically loading code from another service running on the cluster.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "metadata", - "spec" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "reason": { + "description": "reason is a brief CamelCase string that describes any failure and is meant for machine parsing and tidy display in the CLI.", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "stages": { + "description": "stages contains details about each stage that occurs during the build including start time, duration (in milliseconds), and the steps that occured within each stage.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.StageInfo" + } }, - "spec": { - "description": "spec contains the desired configuration for the console plugin.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginSpec" + "startTimestamp": { + "description": "startTimestamp is a timestamp representing the server time when this Build started running in a Pod. It is represented in RFC3339 form and is in UTC.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.console.v1.ConsolePluginBackend": { - "description": "ConsolePluginBackend holds information about the endpoint which serves the console's plugin", - "type": "object", - "required": [ - "type" - ], - "properties": { - "service": { - "description": "service is a Kubernetes Service that exposes the plugin using a deployment with an HTTP server. The Service must use HTTPS and Service serving certificate. The console backend will proxy the plugins assets from the Service using the service CA bundle.", - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginService" - }, - "type": { - "description": "type is the backend type which servers the console's plugin. Currently only \"Service\" is supported.", - "type": "string", - "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "service": "Service" - } - } - ] - }, - "com.github.openshift.api.console.v1.ConsolePluginCSP": { - "description": "ConsolePluginCSP holds configuration for a specific CSP directive", + "com.github.openshift.api.build.v1.BuildStatusOutput": { + "description": "BuildStatusOutput contains the status of the built image.", "type": "object", - "required": [ - "directive", - "values" - ], "properties": { - "directive": { - "description": "directive specifies which Content-Security-Policy directive to configure. Available directive types are DefaultSrc, ScriptSrc, StyleSrc, ImgSrc, FontSrc and ConnectSrc. DefaultSrc directive serves as a fallback for the other CSP fetch directives. For more information about the DefaultSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src ScriptSrc directive specifies valid sources for JavaScript. For more information about the ScriptSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src StyleSrc directive specifies valid sources for stylesheets. For more information about the StyleSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src ImgSrc directive specifies a valid sources of images and favicons. For more information about the ImgSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src FontSrc directive specifies valid sources for fonts loaded using @font-face. For more information about the FontSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src ConnectSrc directive restricts the URLs which can be loaded using script interfaces. For more information about the ConnectSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src\n\nPossible enum values:\n - `\"ConnectSrc\"` directive restricts the URLs which can be loaded using script interfaces. For more information about the ConnectSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src\n - `\"DefaultSrc\"` directive serves as a fallback for the other CSP fetch directives. For more information about the DefaultSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src\n - `\"FontSrc\"` directive specifies valid sources for fonts loaded using @font-face. For more information about the FontSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src\n - `\"ImgSrc\"` directive specifies a valid sources of images and favicons. For more information about the ImgSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src\n - `\"ScriptSrc\"` directive specifies valid sources for JavaScript. For more information about the ScriptSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src\n - `\"StyleSrc\"` directive specifies valid sources for stylesheets. For more information about the StyleSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src", - "type": "string", - "default": "", - "enum": [ - "ConnectSrc", - "DefaultSrc", - "FontSrc", - "ImgSrc", - "ScriptSrc", - "StyleSrc" - ] - }, - "values": { - "description": "values defines an array of values to append to the console defaults for this directive. Each ConsolePlugin may define their own directives with their values. These will be set by the OpenShift web console's backend, as part of its Content-Security-Policy header. The array can contain at most 16 values. Each directive value must have a maximum length of 1024 characters and must not contain whitespace, commas (,), semicolons (;) or single quotes ('). The value '*' is not permitted. Each value in the array must be unique.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "to": { + "description": "to describes the status of the built image being pushed to a registry.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildStatusOutputTo" } } }, - "com.github.openshift.api.console.v1.ConsolePluginI18n": { - "description": "ConsolePluginI18n holds information on localization resources that are served by the dynamic plugin.", + "com.github.openshift.api.build.v1.BuildStatusOutputTo": { + "description": "BuildStatusOutputTo describes the status of the built image with regards to image registry to which it was supposed to be pushed.", "type": "object", - "required": [ - "loadType" - ], "properties": { - "loadType": { - "description": "loadType indicates how the plugin's localization resource should be loaded. Valid values are Preload, Lazy and the empty string. When set to Preload, all localization resources are fetched when the plugin is loaded. When set to Lazy, localization resources are lazily loaded as and when they are required by the console. When omitted or set to the empty string, the behaviour is equivalent to Lazy type.", - "type": "string", - "default": "" + "imageDigest": { + "description": "imageDigest is the digest of the built container image. The digest uniquely identifies the image in the registry to which it was pushed.\n\nPlease note that this field may not always be set even if the push completes successfully - e.g. when the registry returns no digest or returns it in a format that the builder doesn't understand.", + "type": "string" } } }, - "com.github.openshift.api.console.v1.ConsolePluginList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.build.v1.BuildStrategy": { + "description": "BuildStrategy contains the details of how to perform a build.", "type": "object", - "required": [ - "metadata", - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "customStrategy": { + "description": "customStrategy holds the parameters to the Custom build strategy", + "$ref": "#/definitions/com.github.openshift.api.build.v1.CustomBuildStrategy" }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePlugin" - } + "dockerStrategy": { + "description": "dockerStrategy holds the parameters to the container image build strategy.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.DockerBuildStrategy" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "jenkinsPipelineStrategy": { + "description": "jenkinsPipelineStrategy holds the parameters to the Jenkins Pipeline build strategy. Deprecated: use OpenShift Pipelines", + "$ref": "#/definitions/com.github.openshift.api.build.v1.JenkinsPipelineBuildStrategy" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "sourceStrategy": { + "description": "sourceStrategy holds the parameters to the Source build strategy.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceBuildStrategy" + }, + "type": { + "description": "type is the kind of build strategy.", + "type": "string" } } }, - "com.github.openshift.api.console.v1.ConsolePluginProxy": { - "description": "ConsolePluginProxy holds information on various service types to which console's backend will proxy the plugin's requests.", + "com.github.openshift.api.build.v1.BuildTriggerCause": { + "description": "BuildTriggerCause holds information about a triggered build. It is used for displaying build trigger data for each build and build configuration in oc describe. It is also used to describe which triggers led to the most recent update in the build configuration.", "type": "object", - "required": [ - "endpoint", - "alias" - ], "properties": { - "alias": { - "description": "alias is a proxy name that identifies the plugin's proxy. An alias name should be unique per plugin. The console backend exposes following proxy endpoint:\n\n/api/proxy/plugin///?\n\nRequest example path:\n\n/api/proxy/plugin/acm/search/pods?namespace=openshift-apiserver", - "type": "string", - "default": "" + "bitbucketWebHook": { + "description": "bitbucketWebHook represents data for a Bitbucket webhook that fired a specific build.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.BitbucketWebHookCause" }, - "authorization": { - "description": "authorization provides information about authorization type, which the proxied request should contain", - "type": "string" + "genericWebHook": { + "description": "genericWebHook holds data about a builds generic webhook trigger.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.GenericWebHookCause" }, - "caCertificate": { - "description": "caCertificate provides the cert authority certificate contents, in case the proxied Service is using custom service CA. By default, the service CA bundle provided by the service-ca operator is used.", - "type": "string" + "githubWebHook": { + "description": "githubWebHook represents data for a GitHub webhook that fired a specific build.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.GitHubWebHookCause" }, - "endpoint": { - "description": "endpoint provides information about endpoint to which the request is proxied to.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginProxyEndpoint" + "gitlabWebHook": { + "description": "gitlabWebHook represents data for a GitLab webhook that fired a specific build.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.GitLabWebHookCause" + }, + "imageChangeBuild": { + "description": "imageChangeBuild stores information about an imagechange event that triggered a new build.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageChangeCause" + }, + "message": { + "description": "message is used to store a human readable message for why the build was triggered. E.g.: \"Manually triggered by user\", \"Configuration change\",etc.", + "type": "string" } } }, - "com.github.openshift.api.console.v1.ConsolePluginProxyEndpoint": { - "description": "ConsolePluginProxyEndpoint holds information about the endpoint to which request will be proxied to.", + "com.github.openshift.api.build.v1.BuildTriggerPolicy": { + "description": "BuildTriggerPolicy describes a policy for a single trigger that results in a new Build.", "type": "object", "required": [ "type" ], "properties": { - "service": { - "description": "service is an in-cluster Service that the plugin will connect to. The Service must use HTTPS. The console backend exposes an endpoint in order to proxy communication between the plugin and the Service. Note: service field is required for now, since currently only \"Service\" type is supported.", - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginProxyServiceConfig" + "bitbucket": { + "description": "BitbucketWebHook contains the parameters for a Bitbucket webhook type of trigger", + "$ref": "#/definitions/com.github.openshift.api.build.v1.WebHookTrigger" + }, + "generic": { + "description": "generic contains the parameters for a Generic webhook type of trigger", + "$ref": "#/definitions/com.github.openshift.api.build.v1.WebHookTrigger" + }, + "github": { + "description": "github contains the parameters for a GitHub webhook type of trigger", + "$ref": "#/definitions/com.github.openshift.api.build.v1.WebHookTrigger" + }, + "gitlab": { + "description": "GitLabWebHook contains the parameters for a GitLab webhook type of trigger", + "$ref": "#/definitions/com.github.openshift.api.build.v1.WebHookTrigger" + }, + "imageChange": { + "description": "imageChange contains parameters for an ImageChange type of trigger", + "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageChangeTrigger" }, "type": { - "description": "type is the type of the console plugin's proxy. Currently only \"Service\" is supported.", + "description": "type is the type of build trigger. Valid values:\n\n- GitHub GitHubWebHookBuildTriggerType represents a trigger that launches builds on GitHub webhook invocations\n\n- Generic GenericWebHookBuildTriggerType represents a trigger that launches builds on generic webhook invocations\n\n- GitLab GitLabWebHookBuildTriggerType represents a trigger that launches builds on GitLab webhook invocations\n\n- Bitbucket BitbucketWebHookBuildTriggerType represents a trigger that launches builds on Bitbucket webhook invocations\n\n- ImageChange ImageChangeBuildTriggerType represents a trigger that launches builds on availability of a new version of an image\n\n- ConfigChange ConfigChangeBuildTriggerType will trigger a build on an initial build config creation WARNING: In the future the behavior will change to trigger a build on any config change", "type": "string", "default": "" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "service": "Service" - } - } - ] + } }, - "com.github.openshift.api.console.v1.ConsolePluginProxyServiceConfig": { - "description": "ProxyTypeServiceConfig holds information on Service to which console's backend will proxy the plugin's requests.", + "com.github.openshift.api.build.v1.BuildVolume": { + "description": "BuildVolume describes a volume that is made available to build pods, such that it can be mounted into buildah's runtime environment. Only a subset of Kubernetes Volume sources are supported.", "type": "object", "required": [ "name", - "namespace", - "port" + "source", + "mounts" ], "properties": { + "mounts": { + "description": "mounts represents the location of the volume in the image build container", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildVolumeMount" + }, + "x-kubernetes-list-map-keys": [ + "destinationPath" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "destinationPath", + "x-kubernetes-patch-strategy": "merge" + }, "name": { - "description": "name of Service that the plugin needs to connect to.", + "description": "name is a unique identifier for this BuildVolume. It must conform to the Kubernetes DNS label standard and be unique within the pod. Names that collide with those added by the build controller will result in a failed build with an error message detailing which name caused the error. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", "type": "string", "default": "" }, - "namespace": { - "description": "namespace of Service that the plugin needs to connect to", + "source": { + "description": "source represents the location and type of the mounted volume.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildVolumeSource" + } + } + }, + "com.github.openshift.api.build.v1.BuildVolumeMount": { + "description": "BuildVolumeMount describes the mounting of a Volume within buildah's runtime environment.", + "type": "object", + "required": [ + "destinationPath" + ], + "properties": { + "destinationPath": { + "description": "destinationPath is the path within the buildah runtime environment at which the volume should be mounted. The transient mount within the build image and the backing volume will both be mounted read only. Must be an absolute path, must not contain '..' or ':', and must not collide with a destination path generated by the builder process Paths that collide with those added by the build controller will result in a failed build with an error message detailing which path caused the error.", "type": "string", "default": "" - }, - "port": { - "description": "port on which the Service that the plugin needs to connect to is listening on.", - "type": "integer", - "format": "int32", - "default": 0 } } }, - "com.github.openshift.api.console.v1.ConsolePluginService": { - "description": "ConsolePluginService holds information on Service that is serving console dynamic plugin assets.", + "com.github.openshift.api.build.v1.BuildVolumeSource": { + "description": "BuildVolumeSource represents the source of a volume to mount Only one of its supported types may be specified at any given time.", "type": "object", "required": [ - "name", - "namespace", - "port" + "type" ], "properties": { - "basePath": { - "description": "basePath is the path to the plugin's assets. The primary asset it the manifest file called `plugin-manifest.json`, which is a JSON document that contains metadata about the plugin and the extensions.", - "type": "string" + "configMap": { + "description": "configMap represents a ConfigMap that should populate this volume", + "$ref": "#/definitions/ConfigMapVolumeSource.v1.core.api.k8s.io" }, - "name": { - "description": "name of Service that is serving the plugin assets.", - "type": "string", - "default": "" + "csi": { + "description": "csi represents ephemeral storage provided by external CSI drivers which support this capability", + "$ref": "#/definitions/CSIVolumeSource.v1.core.api.k8s.io" }, - "namespace": { - "description": "namespace of Service that is serving the plugin assets.", + "secret": { + "description": "secret represents a Secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", + "$ref": "#/definitions/SecretVolumeSource.v1.core.api.k8s.io" + }, + "type": { + "description": "type is the BuildVolumeSourceType for the volume source. Type must match the populated volume source. Valid types are: Secret, ConfigMap", "type": "string", "default": "" - }, - "port": { - "description": "port on which the Service that is serving the plugin is listening to.", - "type": "integer", - "format": "int32", - "default": 0 } } }, - "com.github.openshift.api.console.v1.ConsolePluginSpec": { - "description": "ConsolePluginSpec is the desired plugin configuration.", + "com.github.openshift.api.build.v1.CommonSpec": { + "description": "CommonSpec encapsulates all the inputs necessary to represent a build.", "type": "object", "required": [ - "displayName", - "backend" + "strategy" ], "properties": { - "backend": { - "description": "backend holds the configuration of backend which is serving console's plugin .", + "completionDeadlineSeconds": { + "description": "completionDeadlineSeconds is an optional duration in seconds, counted from the time when a build pod gets scheduled in the system, that the build may be active on a node before the system actively tries to terminate the build; value must be positive integer", + "type": "integer", + "format": "int64" + }, + "mountTrustedCA": { + "description": "mountTrustedCA bind mounts the cluster's trusted certificate authorities, as defined in the cluster's proxy configuration, into the build. This lets processes within a build trust components signed by custom PKI certificate authorities, such as private artifact repositories and HTTPS proxies.\n\nWhen this field is set to true, the contents of `/etc/pki/ca-trust` within the build are managed by the build container, and any changes to this directory or its subdirectories (for example - within a Dockerfile `RUN` instruction) are not persisted in the build's output image.", + "type": "boolean" + }, + "nodeSelector": { + "description": "nodeSelector is a selector which must be true for the build pod to fit on a node If nil, it can be overridden by default build nodeselector values for the cluster. If set to an empty map or a map with any values, default build nodeselector values are ignored.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "output": { + "description": "output describes the container image the Strategy should produce.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginBackend" + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildOutput" }, - "contentSecurityPolicy": { - "description": "contentSecurityPolicy is a list of Content-Security-Policy (CSP) directives for the plugin. Each directive specifies a list of values, appropriate for the given directive type, for example a list of remote endpoints for fetch directives such as ScriptSrc. Console web application uses CSP to detect and mitigate certain types of attacks, such as cross-site scripting (XSS) and data injection attacks. Dynamic plugins should specify this field if need to load assets from outside the cluster or if violation reports are observed. Dynamic plugins should always prefer loading their assets from within the cluster, either by vendoring them, or fetching from a cluster service. CSP violation reports can be viewed in the browser's console logs during development and testing of the plugin in the OpenShift web console. Available directive types are DefaultSrc, ScriptSrc, StyleSrc, ImgSrc, FontSrc and ConnectSrc. Each of the available directives may be defined only once in the list. The value 'self' is automatically included in all fetch directives by the OpenShift web console's backend. For more information about the CSP directives, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy\n\nThe OpenShift web console server aggregates the CSP directives and values across its own default values and all enabled ConsolePlugin CRs, merging them into a single policy string that is sent to the browser via `Content-Security-Policy` HTTP response header.\n\nExample:\n ConsolePlugin A directives:\n script-src: https://script1.com/, https://script2.com/\n font-src: https://font1.com/\n\n ConsolePlugin B directives:\n script-src: https://script2.com/, https://script3.com/\n font-src: https://font2.com/\n img-src: https://img1.com/\n\n Unified set of CSP directives, passed to the OpenShift web console server:\n script-src: https://script1.com/, https://script2.com/, https://script3.com/\n font-src: https://font1.com/, https://font2.com/\n img-src: https://img1.com/\n\n OpenShift web console server CSP response header:\n Content-Security-Policy: default-src 'self'; base-uri 'self'; script-src 'self' https://script1.com/ https://script2.com/ https://script3.com/; font-src 'self' https://font1.com/ https://font2.com/; img-src 'self' https://img1.com/; style-src 'self'; frame-src 'none'; object-src 'none'", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginCSP" - }, - "x-kubernetes-list-map-keys": [ - "directive" - ], - "x-kubernetes-list-type": "map" + "postCommit": { + "description": "postCommit is a build hook executed after the build output image is committed, before it is pushed to a registry.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildPostCommitSpec" }, - "displayName": { - "description": "displayName is the display name of the plugin. The dispalyName should be between 1 and 128 characters.", - "type": "string", - "default": "" + "resources": { + "description": "resources computes resource requirements to execute the build.", + "default": {}, + "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" }, - "i18n": { - "description": "i18n is the configuration of plugin's localization resources.", + "revision": { + "description": "revision is the information from the source for a specific repo snapshot. This is optional.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" + }, + "serviceAccount": { + "description": "serviceAccount is the name of the ServiceAccount to use to run the pod created by this build. The pod will be allowed to use secrets referenced by the ServiceAccount", + "type": "string" + }, + "source": { + "description": "source describes the SCM in use.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginI18n" + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildSource" }, - "proxy": { - "description": "proxy is a list of proxies that describe various service type to which the plugin needs to connect to.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginProxy" - }, - "x-kubernetes-list-type": "atomic" + "strategy": { + "description": "strategy defines how to perform a build.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildStrategy" } } }, - "com.github.openshift.api.console.v1.ConsoleQuickStart": { - "description": "ConsoleQuickStart is an extension for guiding user through various workflows in the OpenShift web console.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.build.v1.CommonWebHookCause": { + "description": "CommonWebHookCause factors out the identical format of these webhook causes into struct so we can share it in the specific causes; it is too late for GitHub and Generic but we can leverage this pattern with GitLab and Bitbucket.", "type": "object", - "required": [ - "spec" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "revision": { + "description": "revision is the git source revision information of the trigger.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "secret": { + "description": "secret is the obfuscated webhook secret that triggered a build.", "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + } + } + }, + "com.github.openshift.api.build.v1.ConfigMapBuildSource": { + "description": "ConfigMapBuildSource describes a configmap and its destination directory that will be used only at the build time. The content of the configmap referenced here will be copied into the destination directory instead of mounting.", + "type": "object", + "required": [ + "configMap" + ], + "properties": { + "configMap": { + "description": "configMap is a reference to an existing configmap that you want to use in your build.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" }, - "spec": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleQuickStartSpec" + "destinationDir": { + "description": "destinationDir is the directory where the files from the configmap should be available for the build time. For the Source build strategy, these will be injected into a container where the assemble script runs. For the container image build strategy, these will be copied into the build directory, where the Dockerfile is located, so users can ADD or COPY them during container image build.", + "type": "string" } } }, - "com.github.openshift.api.console.v1.ConsoleQuickStartList": { - "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.build.v1.CustomBuildStrategy": { + "description": "CustomBuildStrategy defines input parameters specific to Custom build.", "type": "object", "required": [ - "metadata", - "items" + "from" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "buildAPIVersion": { + "description": "buildAPIVersion is the requested API version for the Build object serialized and passed to the custom builder", "type": "string" }, - "items": { + "env": { + "description": "env contains additional environment variables you want to pass into a builder container.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleQuickStart" + "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "exposeDockerSocket": { + "description": "exposeDockerSocket will allow running Docker commands (and build container images) from inside the container.", + "type": "boolean" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "forcePull": { + "description": "forcePull describes if the controller should configure the build pod to always pull the images for the builder or only pull if it is not present locally", + "type": "boolean" + }, + "from": { + "description": "from is reference to an DockerImage, ImageStreamTag, or ImageStreamImage from which the container image should be pulled", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + }, + "pullSecret": { + "description": "pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + }, + "secrets": { + "description": "secrets is a list of additional secrets that will be included in the build pod", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.SecretSpec" + } } } }, - "com.github.openshift.api.console.v1.ConsoleQuickStartSpec": { - "description": "ConsoleQuickStartSpec is the desired quick start configuration.", + "com.github.openshift.api.build.v1.DockerBuildStrategy": { + "description": "DockerBuildStrategy defines input parameters specific to container image build.", "type": "object", - "required": [ - "displayName", - "durationMinutes", - "description", - "introduction", - "tasks" - ], "properties": { - "accessReviewResources": { - "description": "accessReviewResources contains a list of resources that the user's access will be reviewed against in order for the user to complete the Quick Start. The Quick Start will be hidden if any of the access reviews fail.", + "buildArgs": { + "description": "buildArgs contains build arguments that will be resolved in the Dockerfile. See https://docs.docker.com/engine/reference/builder/#/arg for more details. NOTE: Only the 'name' and 'value' fields are supported. Any settings on the 'valueFrom' field are ignored.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.authorization.v1.ResourceAttributes" + "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" } }, - "conclusion": { - "description": "conclusion sums up the Quick Start and suggests the possible next steps. (includes markdown)", + "dockerfilePath": { + "description": "dockerfilePath is the path of the Dockerfile that will be used to build the container image, relative to the root of the context (contextDir). Defaults to `Dockerfile` if unset.", "type": "string" }, - "description": { - "description": "description is the description of the Quick Start. (includes markdown)", - "type": "string", - "default": "" + "env": { + "description": "env contains additional environment variables you want to pass into a builder container.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" + } }, - "displayName": { - "description": "displayName is the display name of the Quick Start.", - "type": "string", - "default": "" + "forcePull": { + "description": "forcePull describes if the builder should pull the images from registry prior to building.", + "type": "boolean" }, - "durationMinutes": { - "description": "durationMinutes describes approximately how many minutes it will take to complete the Quick Start.", - "type": "integer", - "format": "int32", - "default": 0 + "from": { + "description": "from is a reference to an DockerImage, ImageStreamTag, or ImageStreamImage which overrides the FROM image in the Dockerfile for the build. If the Dockerfile uses multi-stage builds, this will replace the image in the last FROM directive of the file.", + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" }, - "icon": { - "description": "icon is a base64 encoded image that will be displayed beside the Quick Start display name. The icon should be an vector image for easy scaling. The size of the icon should be 40x40.", + "imageOptimizationPolicy": { + "description": "imageOptimizationPolicy describes what optimizations the system can use when building images to reduce the final size or time spent building the image. The default policy is 'None' which means the final build image will be equivalent to an image created by the container image build API. The experimental policy 'SkipLayers' will avoid commiting new layers in between each image step, and will fail if the Dockerfile cannot provide compatibility with the 'None' policy. An additional experimental policy 'SkipLayersAndWarn' is the same as 'SkipLayers' but simply warns if compatibility cannot be preserved.", "type": "string" }, - "introduction": { - "description": "introduction describes the purpose of the Quick Start. (includes markdown)", - "type": "string", - "default": "" - }, - "nextQuickStart": { - "description": "nextQuickStart is a list of the following Quick Starts, suggested for the user to try.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "prerequisites": { - "description": "prerequisites contains all prerequisites that need to be met before taking a Quick Start. (includes markdown)", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "noCache": { + "description": "noCache if set to true indicates that the container image build must be executed with the --no-cache=true flag", + "type": "boolean" }, - "tags": { - "description": "tags is a list of strings that describe the Quick Start.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "pullSecret": { + "description": "pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" }, - "tasks": { - "description": "tasks is the list of steps the user has to perform to complete the Quick Start.", + "volumes": { + "description": "volumes is a list of input volumes that can be mounted into the builds runtime environment. Only a subset of Kubernetes Volume sources are supported by builds. More info: https://kubernetes.io/docs/concepts/storage/volumes", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleQuickStartTask" - } + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildVolume" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" } } }, - "com.github.openshift.api.console.v1.ConsoleQuickStartTask": { - "description": "ConsoleQuickStartTask is a single step in a Quick Start.", + "com.github.openshift.api.build.v1.DockerStrategyOptions": { + "description": "DockerStrategyOptions contains extra strategy options for container image builds", "type": "object", - "required": [ - "title", - "description" - ], "properties": { - "description": { - "description": "description describes the steps needed to complete the task. (includes markdown)", - "type": "string", - "default": "" - }, - "review": { - "description": "review contains instructions to validate the task is complete. The user will select 'Yes' or 'No'. using a radio button, which indicates whether the step was completed successfully.", - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleQuickStartTaskReview" - }, - "summary": { - "description": "summary contains information about the passed step.", - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleQuickStartTaskSummary" + "buildArgs": { + "description": "Args contains any build arguments that are to be passed to Docker. See https://docs.docker.com/engine/reference/builder/#/arg for more details", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" + } }, - "title": { - "description": "title describes the task and is displayed as a step heading.", - "type": "string", - "default": "" + "noCache": { + "description": "noCache overrides the docker-strategy noCache option in the build config", + "type": "boolean" } } }, - "com.github.openshift.api.console.v1.ConsoleQuickStartTaskReview": { - "description": "ConsoleQuickStartTaskReview contains instructions that validate a task was completed successfully.", + "com.github.openshift.api.build.v1.GenericWebHookCause": { + "description": "GenericWebHookCause holds information about a generic WebHook that triggered a build.", "type": "object", - "required": [ - "instructions", - "failedTaskHelp" - ], "properties": { - "failedTaskHelp": { - "description": "failedTaskHelp contains suggestions for a failed task review and is shown at the end of task. (includes markdown)", - "type": "string", - "default": "" + "revision": { + "description": "revision is an optional field that stores the git source revision information of the generic webhook trigger when it is available.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" }, - "instructions": { - "description": "instructions contains steps that user needs to take in order to validate his work after going through a task. (includes markdown)", - "type": "string", - "default": "" + "secret": { + "description": "secret is the obfuscated webhook secret that triggered a build.", + "type": "string" } } }, - "com.github.openshift.api.console.v1.ConsoleQuickStartTaskSummary": { - "description": "ConsoleQuickStartTaskSummary contains information about a passed step.", + "com.github.openshift.api.build.v1.GenericWebHookEvent": { + "description": "GenericWebHookEvent is the payload expected for a generic webhook post", "type": "object", - "required": [ - "success", - "failed" - ], "properties": { - "failed": { - "description": "failed briefly describes the unsuccessfully passed task. (includes markdown)", - "type": "string", - "default": "" + "dockerStrategyOptions": { + "description": "dockerStrategyOptions contains additional docker-strategy specific options for the build", + "$ref": "#/definitions/com.github.openshift.api.build.v1.DockerStrategyOptions" }, - "success": { - "description": "success describes the succesfully passed task.", - "type": "string", - "default": "" + "env": { + "description": "env contains additional environment variables you want to pass into a builder container. ValueFrom is not supported.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" + } + }, + "git": { + "description": "git is the git information if the Type is BuildSourceGit", + "$ref": "#/definitions/com.github.openshift.api.build.v1.GitInfo" + }, + "type": { + "description": "type is the type of source repository", + "type": "string" } } }, - "com.github.openshift.api.console.v1.ConsoleSample": { - "description": "ConsoleSample is an extension to customizing OpenShift web console by adding samples.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.build.v1.GitBuildSource": { + "description": "GitBuildSource defines the parameters of a Git SCM", "type": "object", "required": [ - "metadata", - "spec" + "uri" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "httpProxy": { + "description": "httpProxy is a proxy used to reach the git repository over http", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "httpsProxy": { + "description": "httpsProxy is a proxy used to reach the git repository over https", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "noProxy": { + "description": "noProxy is the list of domains for which the proxy should not be used", + "type": "string" }, - "spec": { - "description": "spec contains configuration for a console sample.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleSpec" - } - } - }, - "com.github.openshift.api.console.v1.ConsoleSampleContainerImportSource": { - "description": "ConsoleSampleContainerImportSource let the user import a container image.", - "type": "object", - "required": [ - "image" - ], - "properties": { - "image": { - "description": "reference to a container image that provides a HTTP service. The service must be exposed on the default port (8080) unless otherwise configured with the port field.\n\nSupported formats:\n - /\n - docker.io//\n - quay.io//\n - quay.io//@sha256:\n - quay.io//:", + "ref": { + "description": "ref is the branch/tag/ref to build.", + "type": "string" + }, + "uri": { + "description": "uri points to the source that will be built. The structure of the source will depend on the type of build to run", "type": "string", "default": "" - }, - "service": { - "description": "service contains configuration for the Service resource created for this sample.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleContainerImportSourceService" } } }, - "com.github.openshift.api.console.v1.ConsoleSampleContainerImportSourceService": { - "description": "ConsoleSampleContainerImportSourceService let the samples author define defaults for the Service created for this sample.", + "com.github.openshift.api.build.v1.GitHubWebHookCause": { + "description": "GitHubWebHookCause has information about a GitHub webhook that triggered a build.", "type": "object", "properties": { - "targetPort": { - "description": "targetPort is the port that the service listens on for HTTP requests. This port will be used for Service and Route created for this sample. Port must be in the range 1 to 65535. Default port is 8080.", - "type": "integer", - "format": "int32" + "revision": { + "description": "revision is the git revision information of the trigger.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" + }, + "secret": { + "description": "secret is the obfuscated webhook secret that triggered a build.", + "type": "string" } } }, - "com.github.openshift.api.console.v1.ConsoleSampleGitImportSource": { - "description": "ConsoleSampleGitImportSource let the user import code from a public Git repository.", + "com.github.openshift.api.build.v1.GitInfo": { + "description": "GitInfo is the aggregated git information for a generic webhook post", "type": "object", "required": [ - "repository" + "uri", + "refs" ], "properties": { - "repository": { - "description": "repository contains the reference to the actual Git repository.", + "author": { + "description": "author is the author of a specific commit", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleGitImportSourceRepository" + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceControlUser" }, - "service": { - "description": "service contains configuration for the Service resource created for this sample.", + "commit": { + "description": "commit is the commit hash identifying a specific commit", + "type": "string" + }, + "committer": { + "description": "committer is the committer of a specific commit", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleGitImportSourceService" - } - } - }, - "com.github.openshift.api.console.v1.ConsoleSampleGitImportSourceRepository": { - "description": "ConsoleSampleGitImportSourceRepository let the user import code from a public git repository.", - "type": "object", - "required": [ - "url" - ], - "properties": { - "contextDir": { - "description": "contextDir is used to specify a directory within the repository to build the component. Must start with `/` and have a maximum length of 256 characters. When omitted, the default value is to build from the root of the repository.", - "type": "string", - "default": "" + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceControlUser" }, - "revision": { - "description": "revision is the git revision at which to clone the git repository Can be used to clone a specific branch, tag or commit SHA. Must be at most 256 characters in length. When omitted the repository's default branch is used.", - "type": "string", - "default": "" + "httpProxy": { + "description": "httpProxy is a proxy used to reach the git repository over http", + "type": "string" }, - "url": { - "description": "url of the Git repository that contains a HTTP service. The HTTP service must be exposed on the default port (8080) unless otherwise configured with the port field.\n\nOnly public repositories on GitHub, GitLab and Bitbucket are currently supported:\n\n - https://github.com//\n - https://gitlab.com//\n - https://bitbucket.org//\n\nThe url must have a maximum length of 256 characters.", + "httpsProxy": { + "description": "httpsProxy is a proxy used to reach the git repository over https", + "type": "string" + }, + "message": { + "description": "message is the description of a specific commit", + "type": "string" + }, + "noProxy": { + "description": "noProxy is the list of domains for which the proxy should not be used", + "type": "string" + }, + "ref": { + "description": "ref is the branch/tag/ref to build.", + "type": "string" + }, + "refs": { + "description": "refs is a list of GitRefs for the provided repo - generally sent when used from a post-receive hook. This field is optional and is used when sending multiple refs", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.GitRefInfo" + } + }, + "uri": { + "description": "uri points to the source that will be built. The structure of the source will depend on the type of build to run", "type": "string", "default": "" } } }, - "com.github.openshift.api.console.v1.ConsoleSampleGitImportSourceService": { - "description": "ConsoleSampleGitImportSourceService let the samples author define defaults for the Service created for this sample.", + "com.github.openshift.api.build.v1.GitLabWebHookCause": { + "description": "GitLabWebHookCause has information about a GitLab webhook that triggered a build.", "type": "object", "properties": { - "targetPort": { - "description": "targetPort is the port that the service listens on for HTTP requests. This port will be used for Service created for this sample. Port must be in the range 1 to 65535. Default port is 8080.", - "type": "integer", - "format": "int32" + "revision": { + "description": "revision is the git source revision information of the trigger.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceRevision" + }, + "secret": { + "description": "secret is the obfuscated webhook secret that triggered a build.", + "type": "string" } } }, - "com.github.openshift.api.console.v1.ConsoleSampleList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.build.v1.GitRefInfo": { + "description": "GitRefInfo is a single ref", "type": "object", "required": [ - "metadata", - "items" + "uri" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "author": { + "description": "author is the author of a specific commit", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceControlUser" + }, + "commit": { + "description": "commit is the commit hash identifying a specific commit", "type": "string" }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSample" - } + "committer": { + "description": "committer is the committer of a specific commit", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceControlUser" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "httpProxy": { + "description": "httpProxy is a proxy used to reach the git repository over http", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "httpsProxy": { + "description": "httpsProxy is a proxy used to reach the git repository over https", + "type": "string" + }, + "message": { + "description": "message is the description of a specific commit", + "type": "string" + }, + "noProxy": { + "description": "noProxy is the list of domains for which the proxy should not be used", + "type": "string" + }, + "ref": { + "description": "ref is the branch/tag/ref to build.", + "type": "string" + }, + "uri": { + "description": "uri points to the source that will be built. The structure of the source will depend on the type of build to run", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.console.v1.ConsoleSampleSource": { - "description": "ConsoleSampleSource is the actual sample definition and can hold different sample types. Unsupported sample types will be ignored in the web console.", + "com.github.openshift.api.build.v1.GitSourceRevision": { + "description": "GitSourceRevision is the commit information from a git source for a build", "type": "object", - "required": [ - "type" - ], "properties": { - "containerImport": { - "description": "containerImport allows the user import a container image.", - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleContainerImportSource" + "author": { + "description": "author is the author of a specific commit", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceControlUser" }, - "gitImport": { - "description": "gitImport allows the user to import code from a git repository.", - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleGitImportSource" + "commit": { + "description": "commit is the commit hash identifying a specific commit", + "type": "string" }, - "type": { - "description": "type of the sample, currently supported: \"GitImport\";\"ContainerImport\"\n\nPossible enum values:\n - `\"ContainerImport\"` A sample that let the user import a container image.\n - `\"GitImport\"` A sample that let the user import code from a git repository.", - "type": "string", - "default": "", - "enum": [ - "ContainerImport", - "GitImport" - ] - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "containerImport": "ContainerImport", - "gitImport": "GitImport" - } + "committer": { + "description": "committer is the committer of a specific commit", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.SourceControlUser" + }, + "message": { + "description": "message is the description of a specific commit", + "type": "string" } - ] + } }, - "com.github.openshift.api.console.v1.ConsoleSampleSpec": { - "description": "ConsoleSampleSpec is the desired sample for the web console. Samples will appear with their title, descriptions and a badge in a samples catalog.", + "com.github.openshift.api.build.v1.ImageChangeCause": { + "description": "ImageChangeCause contains information about the image that triggered a build", "type": "object", - "required": [ - "title", - "abstract", - "description", - "source" - ], "properties": { - "abstract": { - "description": "abstract is a short introduction to the sample.\n\nIt is required and must be no more than 100 characters in length.\n\nThe abstract is shown on the sample card tile below the title and provider and is limited to three lines of content.", - "type": "string", - "default": "" - }, - "description": { - "description": "description is a long form explanation of the sample.\n\nIt is required and can have a maximum length of **4096** characters.\n\nIt is a README.md-like content for additional information, links, pre-conditions, and other instructions. It will be rendered as Markdown so that it can contain line breaks, links, and other simple formatting.", - "type": "string", - "default": "" + "fromRef": { + "description": "fromRef contains detailed information about an image that triggered a build.", + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" }, - "icon": { - "description": "icon is an optional base64 encoded image and shown beside the sample title.\n\nThe format must follow the data: URL format and can have a maximum size of **10 KB**.\n\n data:[][;base64],\n\nFor example:\n\n data:image;base64, plus the base64 encoded image.\n\nVector images can also be used. SVG icons must start with:\n\n data:image/svg+xml;base64, plus the base64 encoded SVG image.\n\nAll sample catalog icons will be shown on a white background (also when the dark theme is used). The web console ensures that different aspect ratios work correctly. Currently, the surface of the icon is at most 40x100px.\n\nFor more information on the data URL format, please visit https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URLs.", - "type": "string", - "default": "" + "imageID": { + "description": "imageID is the ID of the image that triggered a new build.", + "type": "string" + } + } + }, + "com.github.openshift.api.build.v1.ImageChangeTrigger": { + "description": "ImageChangeTrigger allows builds to be triggered when an ImageStream changes", + "type": "object", + "properties": { + "from": { + "description": "from is a reference to an ImageStreamTag that will trigger a build when updated It is optional. If no From is specified, the From image from the build strategy will be used. Only one ImageChangeTrigger with an empty From reference is allowed in a build configuration.", + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" }, - "provider": { - "description": "provider is an optional label to honor who provides the sample.\n\nIt is optional and must be no more than 50 characters in length.\n\nA provider can be a company like \"Red Hat\" or an organization like \"CNCF\" or \"Knative\".\n\nCurrently, the provider is only shown on the sample card tile below the title with the prefix \"Provided by \"", - "type": "string", - "default": "" + "lastTriggeredImageID": { + "description": "lastTriggeredImageID is used internally by the ImageChangeController to save last used image ID for build This field is deprecated and will be removed in a future release. Deprecated", + "type": "string" }, - "source": { - "description": "source defines where to deploy the sample service from. The sample may be sourced from an external git repository or container image.", + "paused": { + "description": "paused is true if this trigger is temporarily disabled. Optional.", + "type": "boolean" + } + } + }, + "com.github.openshift.api.build.v1.ImageChangeTriggerStatus": { + "description": "ImageChangeTriggerStatus tracks the latest resolved status of the associated ImageChangeTrigger policy specified in the BuildConfigSpec.Triggers struct.", + "type": "object", + "properties": { + "from": { + "description": "from is the ImageStreamTag that is the source of the trigger.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleSource" - }, - "tags": { - "description": "tags are optional string values that can be used to find samples in the samples catalog.\n\nExamples of common tags may be \"Java\", \"Quarkus\", etc.\n\nThey will be displayed on the samples details page.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" + "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageStreamTagReference" }, - "title": { - "description": "title is the display name of the sample.\n\nIt is required and must be no more than 50 characters in length.", - "type": "string", - "default": "" + "lastTriggerTime": { + "description": "lastTriggerTime is the last time this particular ImageStreamTag triggered a Build to start. This field is only updated when this trigger specifically started a Build.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "type": { - "description": "type is an optional label to group multiple samples.\n\nIt is optional and must be no more than 20 characters in length.\n\nRecommendation is a singular term like \"Builder Image\", \"Devfile\" or \"Serverless Function\".\n\nCurrently, the type is shown a badge on the sample card tile in the top right corner.", - "type": "string", - "default": "" + "lastTriggeredImageID": { + "description": "lastTriggeredImageID represents the sha/id of the ImageStreamTag when a Build for this BuildConfig was started. The lastTriggeredImageID is updated each time a Build for this BuildConfig is started, even if this ImageStreamTag is not the reason the Build is started.", + "type": "string" } } }, - "com.github.openshift.api.console.v1.ConsoleYAMLSample": { - "description": "ConsoleYAMLSample is an extension for customizing OpenShift web console YAML samples.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.build.v1.ImageLabel": { + "description": "ImageLabel represents a label applied to the resulting image.", "type": "object", "required": [ - "metadata", - "spec" + "name" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "name": { + "description": "name defines the name of the label. It must have non-zero length.", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "value": { + "description": "value defines the literal value of the label.", "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleYAMLSampleSpec" } } }, - "com.github.openshift.api.console.v1.ConsoleYAMLSampleList": { - "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.build.v1.ImageSource": { + "description": "ImageSource is used to describe build source that will be extracted from an image or used during a multi stage build. A reference of type ImageStreamTag, ImageStreamImage or DockerImage may be used. A pull secret can be specified to pull the image from an external registry or override the default service account secret if pulling from the internal registry. Image sources can either be used to extract content from an image and place it into the build context along with the repository source, or used directly during a multi-stage container image build to allow content to be copied without overwriting the contents of the repository source (see the 'paths' and 'as' fields).", "type": "object", "required": [ - "metadata", - "items" + "from" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "as": { + "description": "A list of image names that this source will be used in place of during a multi-stage container image build. For instance, a Dockerfile that uses \"COPY --from=nginx:latest\" will first check for an image source that has \"nginx:latest\" in this field before attempting to pull directly. If the Dockerfile does not reference an image source it is ignored. This field and paths may both be set, in which case the contents will be used twice.", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "items": { + "from": { + "description": "from is a reference to an ImageStreamTag, ImageStreamImage, or DockerImage to copy source from.", + "default": {}, + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + }, + "paths": { + "description": "paths is a list of source and destination paths to copy from the image. This content will be copied into the build context prior to starting the build. If no paths are set, the build context will not be altered.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleYAMLSample" + "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageSourcePath" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "pullSecret": { + "description": "pullSecret is a reference to a secret to be used to pull the image from a registry If the image is pulled from the OpenShift registry, this field does not need to be set.", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.console.v1.ConsoleYAMLSampleSpec": { - "description": "ConsoleYAMLSampleSpec is the desired YAML sample configuration. Samples will appear with their descriptions in a samples sidebar when creating a resources in the web console.", + "com.github.openshift.api.build.v1.ImageSourcePath": { + "description": "ImageSourcePath describes a path to be copied from a source image and its destination within the build directory.", "type": "object", "required": [ - "targetResource", - "title", - "description", - "yaml" + "sourcePath", + "destinationDir" ], "properties": { - "description": { - "description": "description of the YAML sample.", - "type": "string", - "default": "" - }, - "snippet": { - "description": "snippet indicates that the YAML sample is not the full YAML resource definition, but a fragment that can be inserted into the existing YAML document at the user's cursor.", - "type": "boolean", - "default": false - }, - "targetResource": { - "description": "targetResource contains apiVersion and kind of the resource YAML sample is representating.", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.TypeMeta" - }, - "title": { - "description": "title of the YAML sample.", + "destinationDir": { + "description": "destinationDir is the relative directory within the build directory where files copied from the image are placed.", "type": "string", "default": "" }, - "yaml": { - "description": "yaml is the YAML sample to display.", + "sourcePath": { + "description": "sourcePath is the absolute path of the file or directory inside the image to copy to the build directory. If the source path ends in /. then the content of the directory will be copied, but the directory itself will not be created at the destination.", "type": "string", "default": "" } } }, - "com.github.openshift.api.console.v1.Link": { - "description": "Represents a standard link that could be generated in HTML", + "com.github.openshift.api.build.v1.ImageStreamTagReference": { + "description": "ImageStreamTagReference references the ImageStreamTag in an image change trigger by namespace and name.", "type": "object", - "required": [ - "text", - "href" - ], "properties": { - "href": { - "description": "href is the absolute URL for the link. Must use https:// for web URLs or mailto: for email links.", - "type": "string", - "default": "" + "name": { + "description": "name is the name of the ImageStreamTag for an ImageChangeTrigger", + "type": "string" }, - "text": { - "description": "text is the display text for the link", - "type": "string", - "default": "" + "namespace": { + "description": "namespace is the namespace where the ImageStreamTag for an ImageChangeTrigger is located", + "type": "string" } } }, - "com.github.openshift.api.console.v1.NamespaceDashboardSpec": { - "description": "NamespaceDashboardSpec is a specification of namespaces in which the dashboard link should appear. If both namespaces and namespaceSelector are specified, the link will appear in namespaces that match either", + "com.github.openshift.api.build.v1.JenkinsPipelineBuildStrategy": { + "description": "JenkinsPipelineBuildStrategy holds parameters specific to a Jenkins Pipeline build. Deprecated: use OpenShift Pipelines", "type": "object", "properties": { - "namespaceSelector": { - "description": "namespaceSelector is used to select the Namespaces that should contain dashboard link by label. If the namespace labels match, dashboard link will be shown for the namespaces.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" - }, - "namespaces": { - "description": "namespaces is an array of namespace names in which the dashboard link should appear.", + "env": { + "description": "env contains additional environment variables you want to pass into a build pipeline.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" } + }, + "jenkinsfile": { + "description": "jenkinsfile defines the optional raw contents of a Jenkinsfile which defines a Jenkins pipeline build.", + "type": "string" + }, + "jenkinsfilePath": { + "description": "jenkinsfilePath is the optional path of the Jenkinsfile that will be used to configure the pipeline relative to the root of the context (contextDir). If both JenkinsfilePath & Jenkinsfile are both not specified, this defaults to Jenkinsfile in the root of the specified contextDir.", + "type": "string" } } }, - "com.github.openshift.api.etcd.v1alpha1.PacemakerCluster": { - "description": "PacemakerCluster represents the current state of the pacemaker cluster as reported by the pcs status command. PacemakerCluster is a cluster-scoped singleton resource. The name of this instance is \"cluster\". This resource provides a view into the health and status of a pacemaker-managed cluster in Two Node OpenShift with Fencing deployments.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.build.v1.ProxyConfig": { + "description": "ProxyConfig defines what proxies to use for an operation", "type": "object", - "required": [ - "metadata" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "httpProxy": { + "description": "httpProxy is a proxy used to reach the git repository over http", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "httpsProxy": { + "description": "httpsProxy is a proxy used to reach the git repository over https", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "noProxy": { + "description": "noProxy is the list of domains for which the proxy should not be used", + "type": "string" + } + } + }, + "com.github.openshift.api.build.v1.SecretBuildSource": { + "description": "SecretBuildSource describes a secret and its destination directory that will be used only at the build time. The content of the secret referenced here will be copied into the destination directory instead of mounting.", + "type": "object", + "required": [ + "secret" + ], + "properties": { + "destinationDir": { + "description": "destinationDir is the directory where the files from the secret should be available for the build time. For the Source build strategy, these will be injected into a container where the assemble script runs. Later, when the script finishes, all files injected will be truncated to zero length. For the container image build strategy, these will be copied into the build directory, where the Dockerfile is located, so users can ADD or COPY them during container image build.", + "type": "string" }, - "status": { - "description": "status contains the actual pacemaker cluster status information collected from the cluster. The goal of this status is to be able to quickly identify if pacemaker is in a healthy state. In Two Node OpenShift with Fencing, a healthy pacemaker cluster has 2 nodes, both of which have healthy kubelet, etcd, and fencing resources. This field is optional on creation - the status collector populates it immediately after creating the resource via the status subresource.", + "secret": { + "description": "secret is a reference to an existing secret that you want to use in your build.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerClusterStatus" + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterFencingAgentStatus": { - "description": "PacemakerClusterFencingAgentStatus represents the status of a fencing agent that can fence a node. Fencing agents are STONITH (Shoot The Other Node In The Head) devices used to isolate failed nodes. Unlike regular pacemaker resources, fencing agents are mapped to their target node (the node they can fence), not the node where their monitoring operations are scheduled.", + "com.github.openshift.api.build.v1.SecretLocalReference": { + "description": "SecretLocalReference contains information that points to the local secret being used", "type": "object", "required": [ - "conditions", - "name", - "method" + "name" ], "properties": { - "conditions": { - "description": "conditions represent the observations of the fencing agent's current state. Known condition types are: \"Healthy\", \"InService\", \"Managed\", \"Enabled\", \"Operational\", \"Active\", \"Started\", \"Schedulable\". The \"Healthy\" condition is an aggregate that tracks the overall health of the fencing agent. The \"InService\" condition tracks whether the fencing agent is in service (not in maintenance mode). The \"Managed\" condition tracks whether the fencing agent is managed by pacemaker. The \"Enabled\" condition tracks whether the fencing agent is enabled. The \"Operational\" condition tracks whether the fencing agent is operational (not failed). The \"Active\" condition tracks whether the fencing agent is active (available to be used). The \"Started\" condition tracks whether the fencing agent is started. The \"Schedulable\" condition tracks whether the fencing agent is schedulable (not blocked). Each of these conditions is required, so the array must contain at least 8 items.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "method": { - "description": "method is the fencing method used by this agent. Valid values are \"Redfish\" and \"IPMI\". Redfish is a standard RESTful API for server management. IPMI (Intelligent Platform Management Interface) is a hardware management interface.\n\nPossible enum values:\n - `\"IPMI\"` uses IPMI (Intelligent Platform Management Interface), a hardware management interface.\n - `\"Redfish\"` uses Redfish, a standard RESTful API for server management.", - "type": "string", - "enum": [ - "IPMI", - "Redfish" - ] - }, "name": { - "description": "name is the unique identifier for this fencing agent (e.g., \"master-0_redfish\"). The name must be unique within the fencingAgents array for this node. It may contain alphanumeric characters, dots, hyphens, and underscores. Maximum length is 300 characters, providing headroom beyond the typical format of _ (253 for RFC 1123 node name + 1 underscore + type).", - "type": "string" + "description": "name is the name of the resource in the same namespace being referenced", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterList": { - "description": "PacemakerClusterList contains a list of PacemakerCluster objects. PacemakerCluster is a cluster-scoped singleton resource; only one instance named \"cluster\" may exist. This list type exists only to satisfy Kubernetes API conventions.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.build.v1.SecretSpec": { + "description": "SecretSpec specifies a secret to be included in a build pod and its corresponding mount point", "type": "object", "required": [ - "items" + "secretSource", + "mountPath" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is a list of PacemakerCluster objects.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerCluster" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "mountPath": { + "description": "mountPath is the path at which to mount the secret", + "type": "string", + "default": "" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "secretSource": { + "description": "secretSource is a reference to the secret", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterNodeStatus": { - "description": "PacemakerClusterNodeStatus represents the status of a single node in the pacemaker cluster including the node's conditions and the health of critical resources running on that node.", + "com.github.openshift.api.build.v1.SourceBuildStrategy": { + "description": "SourceBuildStrategy defines input parameters specific to an Source build.", "type": "object", "required": [ - "conditions", - "nodeName", - "addresses", - "resources", - "fencingAgents" + "from" ], "properties": { - "addresses": { - "description": "addresses is a list of IP addresses for the node. Pacemaker allows multiple IP addresses for Corosync communication between nodes. The first address in this list is used for IP-based peer URLs for etcd membership. Each address must be a valid global unicast IPv4 or IPv6 address in canonical form (e.g., \"192.168.1.1\" not \"192.168.001.001\", or \"2001:db8::1\" not \"2001:0db8::1\"). This excludes loopback, link-local, and multicast addresses.", + "env": { + "description": "env contains additional environment variables you want to pass into a builder container.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerNodeAddress" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" + } }, - "conditions": { - "description": "conditions represent the observations of the node's current state. Known condition types are: \"Healthy\", \"Online\", \"InService\", \"Active\", \"Ready\", \"Clean\", \"Member\", \"FencingAvailable\", \"FencingHealthy\". The \"Healthy\" condition is an aggregate that tracks the overall health of the node. The \"Online\" condition tracks whether the node is online. The \"InService\" condition tracks whether the node is in service (not in maintenance mode). The \"Active\" condition tracks whether the node is active (not in standby mode). The \"Ready\" condition tracks whether the node is ready (not in a pending state). The \"Clean\" condition tracks whether the node is in a clean (status known) state. The \"Member\" condition tracks whether the node is a member of the cluster. The \"FencingAvailable\" condition tracks whether this node can be fenced by at least one healthy agent. The \"FencingHealthy\" condition tracks whether all fencing agents for this node are healthy. Each of these conditions is required, so the array must contain at least 9 items.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "forcePull": { + "description": "forcePull describes if the builder should pull the images from registry prior to building.", + "type": "boolean" }, - "fencingAgents": { - "description": "fencingAgents contains the status of fencing agents that can fence this node. Unlike resources (which are scheduled to run on this node), fencing agents are mapped to the node they can fence (their target), not the node where monitoring operations run. Each fencing agent entry includes a unique name, fencing type, target node, and health conditions. A node is considered fence-capable if at least one fencing agent is healthy. Expected to have 1 fencing agent per node, but up to 8 are supported for redundancy. Names must be unique within this array.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerClusterFencingAgentStatus" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "from": { + "description": "from is reference to an DockerImage, ImageStreamTag, or ImageStreamImage from which the container image should be pulled", + "default": {}, + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" }, - "nodeName": { - "description": "nodeName is the name of the node. This is expected to match the Kubernetes node's name, which must be a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length.", + "incremental": { + "description": "incremental flag forces the Source build to do incremental builds if true.", + "type": "boolean" + }, + "pullSecret": { + "description": "pullSecret is the name of a Secret that would be used for setting up the authentication for pulling the container images from the private Docker registries", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + }, + "scripts": { + "description": "scripts is the location of Source scripts", "type": "string" }, - "resources": { - "description": "resources contains the status of pacemaker resources scheduled on this node. Each resource entry includes the resource name and its health conditions. For Two Node OpenShift with Fencing, we track Kubelet and Etcd resources per node. Both resources are required to be present, so the array must contain at least 2 items. Valid resource names are \"Kubelet\" and \"Etcd\". Fencing agents are tracked separately in the fencingAgents field.", + "volumes": { + "description": "volumes is a list of input volumes that can be mounted into the builds runtime environment. Only a subset of Kubernetes Volume sources are supported by builds. More info: https://kubernetes.io/docs/concepts/storage/volumes", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerClusterResourceStatus" + "$ref": "#/definitions/com.github.openshift.api.build.v1.BuildVolume" }, "x-kubernetes-list-map-keys": [ "name" ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" } } }, - "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterResourceStatus": { - "description": "PacemakerClusterResourceStatus represents the status of a pacemaker resource scheduled on a node. A pacemaker resource is a unit of work managed by pacemaker. In pacemaker terminology, resources are services or applications that pacemaker monitors, starts, stops, and moves between nodes to maintain high availability. For Two Node OpenShift with Fencing, we track two resources per node:\n - Kubelet (the Kubernetes node agent and a prerequisite for etcd)\n - Etcd (the distributed key-value store)\n\nFencing agents are tracked separately in the fencingAgents field because they are mapped to their target node (the node they can fence), not the node where monitoring operations are scheduled.", + "com.github.openshift.api.build.v1.SourceControlUser": { + "description": "SourceControlUser defines the identity of a user of source control", "type": "object", - "required": [ - "conditions", - "name" - ], "properties": { - "conditions": { - "description": "conditions represent the observations of the resource's current state. Known condition types are: \"Healthy\", \"InService\", \"Managed\", \"Enabled\", \"Operational\", \"Active\", \"Started\", \"Schedulable\". The \"Healthy\" condition is an aggregate that tracks the overall health of the resource. The \"InService\" condition tracks whether the resource is in service (not in maintenance mode). The \"Managed\" condition tracks whether the resource is managed by pacemaker. The \"Enabled\" condition tracks whether the resource is enabled. The \"Operational\" condition tracks whether the resource is operational (not failed). The \"Active\" condition tracks whether the resource is active (available to be used). The \"Started\" condition tracks whether the resource is started. The \"Schedulable\" condition tracks whether the resource is schedulable (not blocked). Each of these conditions is required, so the array must contain at least 8 items.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "email": { + "description": "email of the source control user", + "type": "string" }, "name": { - "description": "name is the name of the pacemaker resource. Valid values are \"Kubelet\" and \"Etcd\". The Kubelet resource is a prerequisite for etcd in Two Node OpenShift with Fencing deployments. The Etcd resource may temporarily transition to stopped during pacemaker quorum-recovery operations. Fencing agents are tracked separately in the node's fencingAgents field.\n\nPossible enum values:\n - `\"Etcd\"` is the etcd pacemaker resource. The etcd resource may temporarily transition to stopped during pacemaker quorum-recovery operations.\n - `\"Kubelet\"` is the kubelet pacemaker resource. The kubelet resource is a prerequisite for etcd in Two Node OpenShift with Fencing deployments.", - "type": "string", - "enum": [ - "Etcd", - "Kubelet" - ] + "description": "name of the source control user", + "type": "string" } } }, - "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterStatus": { - "description": "PacemakerClusterStatus contains the actual pacemaker cluster status information. As part of validating the status object, we need to ensure that the lastUpdated timestamp may not be set to an earlier timestamp than the current value. The validation rule checks if oldSelf has lastUpdated before comparing, to handle the initial status creation case.", + "com.github.openshift.api.build.v1.SourceRevision": { + "description": "SourceRevision is the revision or commit information from the source for the build", "type": "object", "required": [ - "conditions", - "lastUpdated", - "nodes" + "type" ], "properties": { - "conditions": { - "description": "conditions represent the observations of the pacemaker cluster's current state. Known condition types are: \"Healthy\", \"InService\", \"NodeCountAsExpected\". The \"Healthy\" condition is an aggregate that tracks the overall health of the cluster. The \"InService\" condition tracks whether the cluster is in service (not in maintenance mode). The \"NodeCountAsExpected\" condition tracks whether the expected number of nodes are present. Each of these conditions is required, so the array must contain at least 3 items.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "git": { + "description": "git contains information about git-based build source", + "$ref": "#/definitions/com.github.openshift.api.build.v1.GitSourceRevision" }, - "lastUpdated": { - "description": "lastUpdated is the timestamp when this status was last updated. This is useful for identifying stale status reports. It must be a valid timestamp in RFC3339 format. Once set, this field cannot be removed and cannot be set to an earlier timestamp than the current value.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "type": { + "description": "type of the build source, may be one of 'Source', 'Dockerfile', 'Binary', or 'Images'", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.build.v1.SourceStrategyOptions": { + "description": "SourceStrategyOptions contains extra strategy options for Source builds", + "type": "object", + "properties": { + "incremental": { + "description": "incremental overrides the source-strategy incremental option in the build config", + "type": "boolean" + } + } + }, + "com.github.openshift.api.build.v1.StageInfo": { + "description": "StageInfo contains details about a build stage.", + "type": "object", + "properties": { + "durationMilliseconds": { + "description": "durationMilliseconds identifies how long the stage took to complete in milliseconds. Note: the duration of a stage can exceed the sum of the duration of the steps within the stage as not all actions are accounted for in explicit build steps.", + "type": "integer", + "format": "int64" }, - "nodes": { - "description": "nodes provides detailed status for each control-plane node in the Pacemaker cluster. While Pacemaker supports up to 32 nodes, the limit is set to 5 (max OpenShift control-plane nodes). For Two Node OpenShift with Fencing, exactly 2 nodes are expected in a healthy cluster. An empty list indicates a catastrophic failure where Pacemaker reports no nodes.", + "name": { + "description": "name is a unique identifier for each build stage that occurs.", + "type": "string" + }, + "startTime": { + "description": "startTime is a timestamp representing the server time when this Stage started. It is represented in RFC3339 form and is in UTC.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "steps": { + "description": "steps contains details about each step that occurs during a build stage including start time and duration in milliseconds.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerClusterNodeStatus" - }, - "x-kubernetes-list-map-keys": [ - "nodeName" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/com.github.openshift.api.build.v1.StepInfo" + } } } }, - "com.github.openshift.api.etcd.v1alpha1.PacemakerNodeAddress": { - "description": "PacemakerNodeAddress contains information for a node's address. This is similar to corev1.NodeAddress but adds validation for IP addresses.", + "com.github.openshift.api.build.v1.StepInfo": { + "description": "StepInfo contains details about a build step.", "type": "object", - "required": [ - "type", - "address" - ], "properties": { - "address": { - "description": "address is the node address. For InternalIP, this must be a valid global unicast IPv4 or IPv6 address in canonical form. Canonical form means the shortest standard representation (e.g., \"192.168.1.1\" not \"192.168.001.001\", or \"2001:db8::1\" not \"2001:0db8::1\"). Maximum length is 39 characters (full IPv6 address). Global unicast includes private/RFC1918 addresses but excludes loopback, link-local, and multicast.", + "durationMilliseconds": { + "description": "durationMilliseconds identifies how long the step took to complete in milliseconds.", + "type": "integer", + "format": "int64" + }, + "name": { + "description": "name is a unique identifier for each build step.", "type": "string" }, - "type": { - "description": "type is the type of node address. Currently only \"InternalIP\" is supported.\n\nPossible enum values:\n - `\"InternalIP\"` is an internal IP address assigned to the node. This is typically the IP address used for intra-cluster communication.", - "type": "string", - "enum": [ - "InternalIP" - ] + "startTime": { + "description": "startTime is a timestamp representing the server time when this Step started. it is represented in RFC3339 form and is in UTC.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.example.v1.CELUnion": { - "description": "CELUnion demonstrates how to use a discriminated union and how to validate it using CEL.", + "com.github.openshift.api.build.v1.WebHookTrigger": { + "description": "WebHookTrigger is a trigger that gets invoked using a webhook type of post", + "type": "object", + "properties": { + "allowEnv": { + "description": "allowEnv determines whether the webhook can set environment variables; can only be set to true for GenericWebHook.", + "type": "boolean" + }, + "secret": { + "description": "secret used to validate requests. Deprecated: use SecretReference instead.", + "type": "string" + }, + "secretReference": { + "description": "secretReference is a reference to a secret in the same namespace, containing the value to be validated when the webhook is invoked. The secret being referenced must contain a key named \"WebHookSecretKey\", the value of which will be checked against the value supplied in the webhook invocation.", + "$ref": "#/definitions/com.github.openshift.api.build.v1.SecretLocalReference" + } + } + }, + "com.github.openshift.api.cloudnetwork.v1.CloudPrivateIPConfig": { + "description": "CloudPrivateIPConfig performs an assignment of a private IP address to the primary NIC associated with cloud VMs. This is done by specifying the IP and Kubernetes node which the IP should be assigned to. This CRD is intended to be used by the network plugin which manages the cluster network. The spec side represents the desired state requested by the network plugin, and the status side represents the current state that this CRD's controller has executed. No users will have permission to modify it, and if a cluster-admin decides to edit it for some reason, their changes will be overwritten the next time the network plugin reconciles the object. Note: the CR's name must specify the requested private IP address (can be IPv4 or IPv6).\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "type" + "spec" ], "properties": { - "optionalMember": { - "description": "optionalMember is a union member that is optional.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "requiredMember": { - "description": "requiredMember is a union member that is required.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "type": { - "description": "type determines which of the union members should be populated.", - "type": "string", - "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "optionalMember": "OptionalMember", - "requiredMember": "RequiredMember" - } + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec is the definition of the desired private IP request.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.cloudnetwork.v1.CloudPrivateIPConfigSpec" + }, + "status": { + "description": "status is the observed status of the desired private IP request. Read-only.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.cloudnetwork.v1.CloudPrivateIPConfigStatus" } - ] + } }, - "com.github.openshift.api.example.v1.EvolvingUnion": { + "com.github.openshift.api.cloudnetwork.v1.CloudPrivateIPConfigSpec": { + "description": "CloudPrivateIPConfigSpec consists of a node name which the private IP should be assigned to.", "type": "object", - "required": [ - "type" - ], "properties": { - "type": { - "description": "type is the discriminator. It has different values for Default and for TechPreviewNoUpgrade", + "node": { + "description": "node is the node name, as specified by the Kubernetes field: node.metadata.name", "type": "string", "default": "" } } }, - "com.github.openshift.api.example.v1.FormatMarkerExamples": { - "description": "FormatMarkerExamples demonstrates all Kubebuilder Format markers supported as of Kubernetes 1.33. This struct provides a comprehensive reference for format marker validation. Each field uses a different format marker to validate its value.", + "com.github.openshift.api.cloudnetwork.v1.CloudPrivateIPConfigStatus": { + "description": "CloudPrivateIPConfigStatus specifies the node assignment together with its assignment condition.", "type": "object", + "required": [ + "conditions" + ], "properties": { - "base64Data": { - "description": "base64Data must be valid base64-encoded data. Valid examples include aGVsbG8= (encodes \"hello\") or SGVsbG8gV29ybGQh (encodes \"Hello World!\").", - "type": "string" - }, - "cidrNotation": { - "description": "cidrNotation must be a valid CIDR notation IP address range. Valid examples include IPv4 CIDR (10.0.0.0/8, 192.168.1.0/24) or IPv6 CIDR (fd00::/8, 2001:db8::/32).\n\nUse of Format=cidr is not recommended due to CVE-2021-29923 and CVE-2024-24790. Instead, use the CEL expression `isCIDR(self)` to validate CIDR notation. Additionally, use `isCIDR(self) && cidr(self).ip().family() == X` to validate IPvX specifically.", - "type": "string" - }, - "dateField": { - "description": "dateField must be a valid date in RFC 3339 full-date format (YYYY-MM-DD). Valid examples include 2024-01-15 or 2023-12-31.", - "type": "string" - }, - "dateTimeField": { - "description": "dateTimeField must be a valid RFC 3339 date-time. Valid examples include 2024-01-15T14:30:00Z, 2024-01-15T14:30:00+00:00, or 2024-01-15T14:30:00.123Z.", - "type": "string" - }, - "durationField": { - "description": "durationField must be a valid duration string parseable by Go's time.ParseDuration. Valid time units are ns, us (or µs), ms, s, m, h. Valid examples include 30s, 5m, 1h30m, 100ms, or 1h.", - "type": "string" - }, - "emailAddress": { - "description": "emailAddress must be a valid email address. Valid examples include user@example.com or firstname.lastname@company.co.uk.", - "type": "string" - }, - "hostnameField": { - "description": "hostnameField must be a valid Internet hostname per RFC 1034. Valid examples include example.com, api.example.com, or my-service.", - "type": "string" - }, - "ipv4Address": { - "description": "ipv4Address must be a valid IPv4 address in dotted-quad notation. Valid values range from 0.0.0.0 to 255.255.255.255 (e.g., 192.168.1.1).\n\nUse of Format=ipv4 is not recommended due to CVE-2021-29923 and CVE-2024-24790. Instead, use the CEL expression `isIP(self) && ip(self).family() == 4` to validate IPv4 addresses.", - "type": "string" - }, - "ipv6Address": { - "description": "ipv6Address must be a valid IPv6 address. Valid examples include full form (2001:0db8:0000:0000:0000:0000:0000:0001) or compressed form (2001:db8::1 or ::1).\n\nUse of Format=ipv6 is not recommended due to CVE-2021-29923 and CVE-2024-24790. Instead, use the CEL expression `isIP(self) && ip(self).family() == 6` to validate IPv6 addresses.", - "type": "string" - }, - "macAddress": { - "description": "macAddress must be a valid MAC address. Valid examples include 00:1A:2B:3C:4D:5E or 00-1A-2B-3C-4D-5E.", - "type": "string" - }, - "passwordField": { - "description": "passwordField is a marker for sensitive data. Note that the password format marker does not perform any actual validation - it accepts any string value. This marker is primarily used to signal that the field contains sensitive information.", - "type": "string" - }, - "uriField": { - "description": "uriField must be a valid URI following RFC 3986 syntax. Valid examples include https://example.com/path?query=value or /absolute-path.", - "type": "string" - }, - "uuid3Field": { - "description": "uuid3Field must be a valid UUID version 3 (MD5 hash-based). Version 3 UUIDs are generated using MD5 hashing of a namespace and name. Valid example: a3bb189e-8bf9-3888-9912-ace4e6543002.", - "type": "string" - }, - "uuid4Field": { - "description": "uuid4Field must be a valid UUID version 4 (random). Version 4 UUIDs are randomly generated. Valid example: 550e8400-e29b-41d4-a716-446655440000.", - "type": "string" - }, - "uuid5Field": { - "description": "uuid5Field must be a valid UUID version 5 (SHA-1 hash-based). Version 5 UUIDs are generated using SHA-1 hashing of a namespace and name. Valid example: 74738ff5-5367-5958-9aee-98fffdcd1876.", - "type": "string" + "conditions": { + "description": "condition is the assignment condition of the private IP and its status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "uuidField": { - "description": "uuidField must be a valid UUID (any version) in 8-4-4-4-12 format. Valid examples include 550e8400-e29b-41d4-a716-446655440000 or 123e4567-e89b-12d3-a456-426614174000.", - "type": "string" + "node": { + "description": "node is the node name, as specified by the Kubernetes field: node.metadata.name", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.example.v1.StableConfigType": { - "description": "StableConfigType is a stable config type that may include TechPreviewNoUpgrade fields.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.APIServer": { + "description": "APIServer holds configuration (like serving certificates, client CA and CORS domains) shared by all API servers in the system, among them especially kube-apiserver and openshift-apiserver. The canonical name of an instance is 'cluster'.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -15170,24 +15814,47 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { - "description": "spec is the specification of the desired behavior of the StableConfigType.", + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.example.v1.StableConfigTypeSpec" + "$ref": "#/definitions/com.github.openshift.api.config.v1.APIServerSpec" }, "status": { - "description": "status is the most recently observed status of the StableConfigType.", + "description": "status holds observed values from the cluster. They may not be overridden.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.example.v1.StableConfigTypeStatus" + "$ref": "#/definitions/com.github.openshift.api.config.v1.APIServerStatus" } } }, - "com.github.openshift.api.example.v1.StableConfigTypeList": { - "description": "StableConfigTypeList contains a list of StableConfigTypes.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.APIServerEncryption": { + "description": "APIServerEncryption is used to encrypt sensitive resources on the cluster.", + "type": "object", + "properties": { + "kms": { + "description": "kms defines the configuration for the external KMS instance that manages the encryption keys, when KMS encryption is enabled sensitive resources will be encrypted using keys managed by an externally configured KMS instance.\n\nThe Key Management Service (KMS) instance provides symmetric encryption and is responsible for managing the lifecyle of the encryption keys outside of the control plane. This allows integration with an external provider to manage the data encryption keys securely.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.KMSConfig" + }, + "type": { + "description": "type defines what encryption type should be used to encrypt resources at the datastore layer. When this field is unset (i.e. when it is set to the empty string), identity is implied. The behavior of unset can and will change over time. Even if encryption is enabled by default, the meaning of unset may change to a different encryption type based on changes in best practices.\n\nWhen encryption is enabled, all sensitive resources shipped with the platform are encrypted. This list of sensitive resources can and will change over time. The current authoritative list is:\n\n 1. secrets\n 2. configmaps\n 3. routes.route.openshift.io\n 4. oauthaccesstokens.oauth.openshift.io\n 5. oauthauthorizetokens.oauth.openshift.io", + "type": "string" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "kms": "KMS" + } + } + ] + }, + "com.github.openshift.api.config.v1.APIServerList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -15199,7 +15866,7 @@ "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.example.v1.StableConfigType" + "$ref": "#/definitions/com.github.openshift.api.config.v1.APIServer" } }, "kind": { @@ -15209,29 +15876,19 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.example.v1.StableConfigTypeSpec": { - "description": "StableConfigTypeSpec is the desired state", + "com.github.openshift.api.config.v1.APIServerNamedServingCert": { + "description": "APIServerNamedServingCert maps a server DNS name, as understood by a client, to a certificate.", "type": "object", "required": [ - "immutableField" + "servingCertificate" ], "properties": { - "celUnion": { - "description": "celUnion demonstrates how to validate a discrminated union using CEL", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.example.v1.CELUnion" - }, - "coolNewField": { - "description": "coolNewField is a field that is for tech preview only. On normal clusters this shouldn't be present", - "type": "string", - "default": "" - }, - "evolvingCollection": { - "description": "evolvingCollection demonstrates how to have a collection where the maximum number of items varies on cluster type. For default clusters, this will be \"1\" but on TechPreview clusters, this value will be \"3\".", + "names": { + "description": "names is a optional list of explicit DNS names (leading wildcards allowed) that should use this certificate to serve secure traffic. If no names are provided, the implicit names will be extracted from the certificates. Exact names trump over wildcard names. Explicit names defined here trump over extracted implicit names.", "type": "array", "items": { "type": "string", @@ -15239,352 +15896,449 @@ }, "x-kubernetes-list-type": "atomic" }, - "evolvingUnion": { - "description": "evolvingUnion demonstrates how to phase in new values into discriminated union", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.example.v1.EvolvingUnion" - }, - "formatMarkerExamples": { - "description": "formatMarkerExamples demonstrates all Kubebuilder Format markers supported as of Kubernetes 1.33. This field serves as a comprehensive reference for format marker validation.", - "$ref": "#/definitions/com.github.openshift.api.example.v1.FormatMarkerExamples" - }, - "immutableField": { - "description": "immutableField is a field that is immutable once the object has been created. It is required at all times.", - "type": "string", - "default": "" - }, - "nonZeroDefault": { - "description": "nonZeroDefault is a demonstration of creating an integer field that has a non zero default. It required two default tags (one for CRD generation, one for client generation) and must have `omitempty` and be optional. A minimum value is added to demonstrate that a zero value would not be accepted.", - "type": "integer", - "format": "int32", - "default": 8 - }, - "optionalImmutableField": { - "description": "optionalImmutableField is a field that is immutable once set. It is optional but may not be changed once set.", - "type": "string", - "default": "" - }, - "set": { - "description": "set demonstrates how to define and validate set of strings", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "stableField": { - "description": "stableField is a field that is present on default clusters and on tech preview clusters\n\nIf empty, the platform will choose a good default, which may change over time without notice.", - "type": "string", - "default": "" - }, - "subdomainNameField": { - "description": "subdomainNameField represents a kubenetes name field. The intention is that it validates the name in the same way metadata.Name is validated. That is, it is a DNS-1123 subdomain.", - "type": "string" - }, - "subnetsWithExclusions": { - "description": "subnetsWithExclusions demonstrates how to validate a list of subnets with exclusions", + "servingCertificate": { + "description": "servingCertificate references a kubernetes.io/tls type secret containing the TLS cert info for serving secure traffic. The secret must exist in the openshift-config namespace and contain the following required fields: - Secret.Data[\"tls.key\"] - TLS private key. - Secret.Data[\"tls.crt\"] - TLS certificate.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.example.v1.SubnetsWithExclusions" + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" } } }, - "com.github.openshift.api.example.v1.StableConfigTypeStatus": { - "description": "StableConfigTypeStatus defines the observed status of the StableConfigType.", + "com.github.openshift.api.config.v1.APIServerServingCerts": { "type": "object", "properties": { - "conditions": { - "description": "Represents the observations of a foo's current state. Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"", + "namedCertificates": { + "description": "namedCertificates references secrets containing the TLS cert info for serving secure traffic to specific hostnames. If no named certificates are provided, or no named certificates match the server name as understood by a client, the defaultServingCertificate will be used.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "$ref": "#/definitions/com.github.openshift.api.config.v1.APIServerNamedServingCert" }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "immutableField": { - "description": "immutableField is a field that is immutable once the object has been created. It is required at all times.", - "type": "string" + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.example.v1.SubnetsWithExclusions": { - "description": "SubnetsWithExclusions is used to validate a list of subnets with exclusions. It demonstrates how exclusions should be validated as subnetworks of the networks listed in the subnets field.", + "com.github.openshift.api.config.v1.APIServerSpec": { "type": "object", - "required": [ - "subnets" - ], "properties": { - "excludeSubnets": { - "description": "excludeSubnets is a list of CIDR exclusions. The subnets in this list must be subnetworks of the subnets in the subnets list.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "subnets": { - "description": "subnets is a list of subnets. It may contain up to 2 subnets. The list may be either 1 IPv4 subnet, 1 IPv6 subnet, or 1 of each.", + "additionalCORSAllowedOrigins": { + "description": "additionalCORSAllowedOrigins lists additional, user-defined regular expressions describing hosts for which the API server allows access using the CORS headers. This may be needed to access the API and the integrated OAuth server from JavaScript applications. The values are regular expressions that correspond to the Golang regular expression language.", "type": "array", "items": { "type": "string", "default": "" }, "x-kubernetes-list-type": "atomic" - } - } - }, - "com.github.openshift.api.example.v1alpha1.NotStableConfigType": { - "description": "NotStableConfigType is a stable config type that is TechPreviewNoUpgrade only.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "audit": { + "description": "audit specifies the settings for audit configuration to be applied to all OpenShift-provided API servers in the cluster.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.Audit" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "clientCA": { + "description": "clientCA references a ConfigMap containing a certificate bundle for the signers that will be recognized for incoming client certificates in addition to the operator managed signers. If this is empty, then only operator managed signers are valid. You usually only have to set this if you have your own PKI you wish to honor client certificates from. The ConfigMap must exist in the openshift-config namespace and contain the following required fields: - ConfigMap.Data[\"ca-bundle.crt\"] - CA bundle.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "spec": { - "description": "spec is the specification of the desired behavior of the NotStableConfigType.", + "encryption": { + "description": "encryption allows the configuration of encryption of resources at the datastore layer.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.example.v1alpha1.NotStableConfigTypeSpec" + "$ref": "#/definitions/com.github.openshift.api.config.v1.APIServerEncryption" }, - "status": { - "description": "status is the most recently observed status of the NotStableConfigType.", + "servingCerts": { + "description": "servingCert is the TLS cert info for serving secure traffic. If not specified, operator managed certificates will be used for serving secure traffic.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.example.v1alpha1.NotStableConfigTypeStatus" + "$ref": "#/definitions/com.github.openshift.api.config.v1.APIServerServingCerts" + }, + "tlsAdherence": { + "description": "tlsAdherence controls if components in the cluster adhere to the TLS security profile configured on this APIServer resource.\n\nValid values are \"LegacyAdheringComponentsOnly\" and \"StrictAllComponents\".\n\nWhen set to \"LegacyAdheringComponentsOnly\", components that already honor the cluster-wide TLS profile continue to do so. Components that do not already honor it continue to use their individual TLS configurations.\n\nWhen set to \"StrictAllComponents\", all components must honor the configured TLS profile unless they have a component-specific TLS configuration that overrides it. This mode is recommended for security-conscious deployments and is required for certain compliance frameworks.\n\nNote: Some components such as Kubelet and IngressController have their own dedicated TLS configuration mechanisms via KubeletConfig and IngressController CRs respectively. When these component-specific TLS configurations are set, they take precedence over the cluster-wide tlsSecurityProfile. When not set, these components fall back to the cluster-wide default.\n\nComponents that encounter an unknown value for tlsAdherence should treat it as \"StrictAllComponents\" and log a warning to ensure forward compatibility while defaulting to the more secure behavior.\n\nThis field is optional. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is LegacyAdheringComponentsOnly.\n\nOnce set, this field may be changed to a different value, but may not be removed.", + "type": "string" + }, + "tlsSecurityProfile": { + "description": "tlsSecurityProfile specifies settings for TLS connections for externally exposed servers.\n\nWhen omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is the Intermediate profile.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.TLSSecurityProfile" } } }, - "com.github.openshift.api.example.v1alpha1.NotStableConfigTypeList": { - "description": "NotStableConfigTypeList contains a list of NotStableConfigTypes.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.APIServerStatus": { + "type": "object" + }, + "com.github.openshift.api.config.v1.AWSDNSSpec": { + "description": "AWSDNSSpec contains DNS configuration specific to the Amazon Web Services cloud provider.", + "type": "object", + "properties": { + "privateZoneIAMRole": { + "description": "privateZoneIAMRole contains the ARN of an IAM role that should be assumed when performing operations on the cluster's private hosted zone specified in the cluster DNS config. When left empty, no role should be assumed.\n\nThe ARN must follow the format: arn::iam:::role/, where: is the AWS partition (aws, aws-cn, aws-us-gov, or aws-eusc), is a 12-digit numeric identifier for the AWS account, is the IAM role name.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.AWSIngressSpec": { + "description": "AWSIngressSpec holds the desired state of the Ingress for Amazon Web Services infrastructure provider. This only includes fields that can be modified in the cluster.", "type": "object", "required": [ - "items" + "type" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.example.v1alpha1.NotStableConfigType" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "type": { + "description": "type allows user to set a load balancer type. When this field is set the default ingresscontroller will get created using the specified LBType. If this field is not set then the default ingress controller of LBType Classic will be created. Valid values are:\n\n* \"Classic\": A Classic Load Balancer that makes routing decisions at either\n the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See\n the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb\n\n* \"NLB\": A Network Load Balancer that makes routing decisions at the\n transport layer (TCP/SSL). See the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb", + "type": "string", + "default": "" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": {} + } + ] }, - "com.github.openshift.api.example.v1alpha1.NotStableConfigTypeSpec": { - "description": "NotStableConfigTypeSpec is the desired state", + "com.github.openshift.api.config.v1.AWSKMSConfig": { + "description": "AWSKMSConfig defines the KMS config specific to AWS KMS provider", "type": "object", "required": [ - "newField" + "keyARN", + "region" ], "properties": { - "newField": { - "description": "newField is a field that is tech preview, but because the entire type is gated, there is no marker on the field.", + "keyARN": { + "description": "keyARN specifies the Amazon Resource Name (ARN) of the AWS KMS key used for encryption. The value must adhere to the format `arn:aws:kms:::key/`, where: - `` is the AWS region consisting of lowercase letters and hyphens followed by a number. - `` is a 12-digit numeric identifier for the AWS account. - `` is a unique identifier for the KMS key, consisting of lowercase hexadecimal characters and hyphens.", + "type": "string", + "default": "" + }, + "region": { + "description": "region specifies the AWS region where the KMS instance exists, and follows the format `--`, e.g.: `us-east-1`. Only lowercase letters and hyphens followed by numbers are allowed.", "type": "string", "default": "" } } }, - "com.github.openshift.api.example.v1alpha1.NotStableConfigTypeStatus": { - "description": "NotStableConfigTypeStatus defines the observed status of the NotStableConfigType.", + "com.github.openshift.api.config.v1.AWSPlatformSpec": { + "description": "AWSPlatformSpec holds the desired state of the Amazon Web Services infrastructure provider. This only includes fields that can be modified in the cluster.", "type": "object", "properties": { - "conditions": { - "description": "Represents the observations of a foo's current state. Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"", + "serviceEndpoints": { + "description": "serviceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSServiceEndpoint" }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.helm.v1beta1.ConnectionConfig": { + "com.github.openshift.api.config.v1.AWSPlatformStatus": { + "description": "AWSPlatformStatus holds the current status of the Amazon Web Services infrastructure provider.", "type": "object", "required": [ - "url" + "region" ], "properties": { - "ca": { - "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca-bundle.crt\" is used to locate the data. If empty, the default system roots are used. The namespace for this config map is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "cloudLoadBalancerConfig": { + "description": "cloudLoadBalancerConfig holds configuration related to DNS and cloud load balancers. It allows configuration of in-cluster DNS as an alternative to the platform default DNS implementation. When using the ClusterHosted DNS type, Load Balancer IP addresses must be provided for the API and internal API load balancers as well as the ingress load balancer.", + "default": { + "dnsType": "PlatformDefault" + }, + "$ref": "#/definitions/com.github.openshift.api.config.v1.CloudLoadBalancerConfig" }, - "tlsClientConfig": { - "description": "tlsClientConfig is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate and private key to present when connecting to the server. The key \"tls.crt\" is used to locate the client certificate. The key \"tls.key\" is used to locate the private key. The namespace for this secret is openshift-config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "ipFamily": { + "description": "ipFamily specifies the IP protocol family that should be used for AWS network resources. This controls whether AWS resources are created with IPv4-only, or dual-stack networking with IPv4 or IPv6 as the primary protocol family.", + "type": "string", + "default": "IPv4" }, - "url": { - "description": "Chart repository URL", + "region": { + "description": "region holds the default AWS region for new AWS resources created by the cluster.", "type": "string", "default": "" + }, + "resourceTags": { + "description": "resourceTags is a list of additional tags to apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html for information on tagging AWS resources. AWS supports a maximum of 50 tags per resource. OpenShift reserves 25 tags for its use, leaving 25 tags available for the user.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSResourceTag" + }, + "x-kubernetes-list-type": "atomic" + }, + "serviceEndpoints": { + "description": "serviceEndpoints list contains custom endpoints which will override default service endpoint of AWS Services. There must be only one ServiceEndpoint for a service.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSServiceEndpoint" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.helm.v1beta1.ConnectionConfigNamespaceScoped": { + "com.github.openshift.api.config.v1.AWSResourceTag": { + "description": "AWSResourceTag is a tag to apply to AWS resources created for the cluster.", "type": "object", "required": [ - "url" + "key", + "value" ], "properties": { - "basicAuthConfig": { - "description": "basicAuthConfig is an optional reference to a secret by name that contains the basic authentication credentials to present when connecting to the server. The key \"username\" is used locate the username. The key \"password\" is used to locate the password. The namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" - }, - "ca": { - "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca-bundle.crt\" is used to locate the data. If empty, the default system roots are used. The namespace for this configmap must be same as the namespace where the project helm chart repository is getting instantiated.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "key": { + "description": "key sets the key of the AWS resource tag key-value pair. Key is required when defining an AWS resource tag. Key should consist of between 1 and 128 characters, and may contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'.", + "type": "string", + "default": "" }, - "tlsClientConfig": { - "description": "tlsClientConfig is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate and private key to present when connecting to the server. The key \"tls.crt\" is used to locate the client certificate. The key \"tls.key\" is used to locate the private key. The namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "value": { + "description": "value sets the value of the AWS resource tag key-value pair. Value is required when defining an AWS resource tag. Value should consist of between 1 and 256 characters, and may contain only the set of alphanumeric characters, space (' '), '_', '.', '/', '=', '+', '-', ':', and '@'. Some AWS service do not support empty values. Since tags are added to resources in many services, the length of the tag value must meet the requirements of all services.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.AWSServiceEndpoint": { + "description": "AWSServiceEndpoint store the configuration of a custom url to override existing defaults of AWS Services.", + "type": "object", + "required": [ + "name", + "url" + ], + "properties": { + "name": { + "description": "name is the name of the AWS service. The list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html This must be provided and cannot be empty.", + "type": "string", + "default": "" }, "url": { - "description": "Chart repository URL", + "description": "url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.", "type": "string", "default": "" } } }, - "com.github.openshift.api.helm.v1beta1.HelmChartRepository": { - "description": "HelmChartRepository holds cluster-wide configuration for proxied Helm chart repository\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.AcceptRisk": { + "description": "AcceptRisk represents a risk that is considered acceptable.", "type": "object", "required": [ - "spec" + "name" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "name": { + "description": "name is the name of the acceptable risk. It must be a non-empty string and must not exceed 256 characters.", "type": "string" + } + } + }, + "com.github.openshift.api.config.v1.AdmissionConfig": { + "type": "object", + "properties": { + "disabledPlugins": { + "description": "disabledPlugins is a list of admission plugins that must be off. Putting something in this list is almost always a mistake and likely to result in cluster instability.", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "enabledPlugins": { + "description": "enabledPlugins is a list of admission plugins that must be on in addition to the default list. Some admission plugins are disabled by default, but certain configurations require them. This is fairly uncommon and can result in performance penalties and unexpected behavior.", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.HelmChartRepositorySpec" + "pluginConfig": { + "type": "object", + "additionalProperties": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.AdmissionPluginConfig" + } + } + } + }, + "com.github.openshift.api.config.v1.AdmissionPluginConfig": { + "description": "AdmissionPluginConfig holds the necessary configuration options for admission plugins", + "type": "object", + "required": [ + "location", + "configuration" + ], + "properties": { + "configuration": { + "description": "configuration is an embedded configuration object to be used as the plugin's configuration. If present, it will be used instead of the path to the configuration file.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" }, - "status": { - "description": "Observed status of the repository within the cluster..", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.HelmChartRepositoryStatus" + "location": { + "description": "location is the path to a configuration file that contains the plugin's configuration", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.helm.v1beta1.HelmChartRepositoryList": { - "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.AlibabaCloudPlatformSpec": { + "description": "AlibabaCloudPlatformSpec holds the desired state of the Alibaba Cloud infrastructure provider. This only includes fields that can be modified in the cluster.", + "type": "object" + }, + "com.github.openshift.api.config.v1.AlibabaCloudPlatformStatus": { + "description": "AlibabaCloudPlatformStatus holds the current status of the Alibaba Cloud infrastructure provider.", "type": "object", "required": [ - "metadata", - "items" + "region" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "region": { + "description": "region specifies the region for Alibaba Cloud resources created for the cluster.", + "type": "string", + "default": "" + }, + "resourceGroupID": { + "description": "resourceGroupID is the ID of the resource group for the cluster.", "type": "string" }, - "items": { + "resourceTags": { + "description": "resourceTags is a list of additional tags to apply to Alibaba Cloud resources created for the cluster.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.HelmChartRepository" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/com.github.openshift.api.config.v1.AlibabaCloudResourceTag" + }, + "x-kubernetes-list-map-keys": [ + "key" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.helm.v1beta1.HelmChartRepositorySpec": { - "description": "Helm chart repository exposed within the cluster", + "com.github.openshift.api.config.v1.AlibabaCloudResourceTag": { + "description": "AlibabaCloudResourceTag is the set of tags to add to apply to resources.", "type": "object", "required": [ - "connectionConfig" + "key", + "value" ], "properties": { - "connectionConfig": { - "description": "Required configuration for connecting to the chart repo", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.ConnectionConfig" - }, - "description": { - "description": "Optional human readable repository description, it can be used by UI for displaying purposes", - "type": "string" - }, - "disabled": { - "description": "If set to true, disable the repo usage in the cluster/namespace", - "type": "boolean" + "key": { + "description": "key is the key of the tag.", + "type": "string", + "default": "" }, - "name": { - "description": "Optional associated human readable repository name, it can be used by UI for displaying purposes", - "type": "string" + "value": { + "description": "value is the value of the tag.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.helm.v1beta1.HelmChartRepositoryStatus": { + "com.github.openshift.api.config.v1.Audit": { "type": "object", "properties": { - "conditions": { - "description": "conditions is a list of conditions and their statuses", + "customRules": { + "description": "customRules specify profiles per group. These profile take precedence over the top-level profile field if they apply. They are evaluation from top to bottom and the first one that matches, applies.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "$ref": "#/definitions/com.github.openshift.api.config.v1.AuditCustomRule" }, "x-kubernetes-list-map-keys": [ - "type" + "group" ], "x-kubernetes-list-type": "map" + }, + "profile": { + "description": "profile specifies the name of the desired top-level audit profile to be applied to all requests sent to any of the OpenShift-provided API servers in the cluster (kube-apiserver, openshift-apiserver and oauth-apiserver), with the exception of those requests that match one or more of the customRules.\n\nThe following profiles are provided: - Default: default policy which means MetaData level logging with the exception of events\n (not logged at all), oauthaccesstokens and oauthauthorizetokens (both logged at RequestBody\n level).\n- WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens.\n\nWarning: It is not recommended to disable audit logging by using the `None` profile unless you are fully aware of the risks of not logging data that can be beneficial when troubleshooting issues. If you disable audit logging and a support situation arises, you might need to enable audit logging and reproduce the issue in order to troubleshoot properly.\n\nIf unset, the 'Default' profile is used as the default.", + "type": "string" } } }, - "com.github.openshift.api.helm.v1beta1.ProjectHelmChartRepository": { - "description": "ProjectHelmChartRepository holds namespace-wide configuration for proxied Helm chart repository\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.AuditConfig": { + "description": "AuditConfig holds configuration for the audit capabilities", + "type": "object", + "required": [ + "enabled", + "auditFilePath", + "maximumFileRetentionDays", + "maximumRetainedFiles", + "maximumFileSizeMegabytes", + "policyFile", + "policyConfiguration", + "logFormat", + "webHookKubeConfig", + "webHookMode" + ], + "properties": { + "auditFilePath": { + "description": "All requests coming to the apiserver will be logged to this file.", + "type": "string", + "default": "" + }, + "enabled": { + "description": "If this flag is set, audit log will be printed in the logs. The logs contains, method, user and a requested URL.", + "type": "boolean", + "default": false + }, + "logFormat": { + "description": "Format of saved audits (legacy or json).", + "type": "string", + "default": "" + }, + "maximumFileRetentionDays": { + "description": "Maximum number of days to retain old log files based on the timestamp encoded in their filename.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "maximumFileSizeMegabytes": { + "description": "Maximum size in megabytes of the log file before it gets rotated. Defaults to 100MB.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "maximumRetainedFiles": { + "description": "Maximum number of old log files to retain.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "policyConfiguration": { + "description": "policyConfiguration is an embedded policy configuration object to be used as the audit policy configuration. If present, it will be used instead of the path to the policy file.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + }, + "policyFile": { + "description": "policyFile is a path to the file that defines the audit policy configuration.", + "type": "string", + "default": "" + }, + "webHookKubeConfig": { + "description": "Path to a .kubeconfig formatted file that defines the audit webhook configuration.", + "type": "string", + "default": "" + }, + "webHookMode": { + "description": "Strategy for sending audit events (block or batch).", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.AuditCustomRule": { + "description": "AuditCustomRule describes a custom rule for an audit profile that takes precedence over the top-level profile.", + "type": "object", + "required": [ + "group", + "profile" + ], + "properties": { + "group": { + "description": "group is a name of group a request user must be member of in order to this profile to apply.", + "type": "string", + "default": "" + }, + "profile": { + "description": "profile specifies the name of the desired audit policy configuration to be deployed to all OpenShift-provided API servers in the cluster.\n\nThe following profiles are provided: - Default: the existing default policy. - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list). - None: no requests are logged at all, not even oauthaccesstokens and oauthauthorizetokens.\n\nIf unset, the 'Default' profile is used as the default.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.Authentication": { + "description": "Authentication specifies cluster-wide settings for authentication (like OAuth and webhook token authenticators). The canonical name of an instance is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "spec" @@ -15601,22 +16355,22 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.ProjectHelmChartRepositorySpec" + "$ref": "#/definitions/com.github.openshift.api.config.v1.AuthenticationSpec" }, "status": { - "description": "Observed status of the repository within the namespace..", + "description": "status holds observed values from the cluster. They may not be overridden.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.HelmChartRepositoryStatus" + "$ref": "#/definitions/com.github.openshift.api.config.v1.AuthenticationStatus" } } }, - "com.github.openshift.api.helm.v1beta1.ProjectHelmChartRepositoryList": { - "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.AuthenticationList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "metadata", @@ -15631,7 +16385,7 @@ "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.ProjectHelmChartRepository" + "$ref": "#/definitions/com.github.openshift.api.config.v1.Authentication" } }, "kind": { @@ -15641,508 +16395,297 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.helm.v1beta1.ProjectHelmChartRepositorySpec": { - "description": "Project Helm chart repository exposed within a namespace", + "com.github.openshift.api.config.v1.AuthenticationSpec": { "type": "object", - "required": [ - "connectionConfig" - ], "properties": { - "connectionConfig": { - "description": "Required configuration for connecting to the chart repo", + "oauthMetadata": { + "description": "oauthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for an external OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 If oauthMetadata.name is non-empty, this value has precedence over any metadata reference stored in status. The key \"oauthMetadata\" is used to locate the data. If specified and the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.ConnectionConfigNamespaceScoped" - }, - "description": { - "description": "Optional human readable repository description, it can be used by UI for displaying purposes", - "type": "string" - }, - "disabled": { - "description": "If set to true, disable the repo usage in the namespace", - "type": "boolean" - }, - "name": { - "description": "Optional associated human readable repository name, it can be used by UI for displaying purposes", - "type": "string" - } - } - }, - "com.github.openshift.api.image.v1.DockerImageReference": { - "description": "DockerImageReference points to a container image.", - "type": "object", - "required": [ - "Registry", - "Namespace", - "Name", - "Tag", - "ID" - ], - "properties": { - "ID": { - "description": "ID is the identifier for the container image", - "type": "string", - "default": "" - }, - "Name": { - "description": "Name is the name of the container image", - "type": "string", - "default": "" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "Namespace": { - "description": "Namespace is the namespace that contains the container image", - "type": "string", - "default": "" + "oidcProviders": { + "description": "oidcProviders are OIDC identity providers that can issue tokens for this cluster Can only be set if \"Type\" is set to \"OIDC\".\n\nAt most one provider can be configured.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.OIDCProvider" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "Registry": { - "description": "Registry is the registry that contains the container image", + "serviceAccountIssuer": { + "description": "serviceAccountIssuer is the identifier of the bound service account token issuer. The default is https://kubernetes.default.svc WARNING: Updating this field will not result in immediate invalidation of all bound tokens with the previous issuer value. Instead, the tokens issued by previous service account issuer will continue to be trusted for a time period chosen by the platform (currently set to 24h). This time period is subject to change over time. This allows internal components to transition to use new service account issuer without service distruption.", "type": "string", "default": "" }, - "Tag": { - "description": "Tag is which tag of the container image is being referenced", + "type": { + "description": "type identifies the cluster managed, user facing authentication mode in use. Specifically, it manages the component that responds to login attempts. The default is IntegratedOAuth.", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.image.v1.Image": { - "description": "Image is an immutable representation of a container image and its metadata at a point in time. Images are named by taking a hash of their contents (metadata and content) and any change in format, content, or metadata results in a new name. The images resource is primarily for use by cluster administrators and integrations like the cluster image registry - end users, instead, access images via the imagestreamtags or imagestreamimages resources. While image metadata is stored in the API, any integration that implements the container image registry API must provide its own storage for the raw manifest data, image config, and layer contents.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "dockerImageConfig": { - "description": "dockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. Will not be set when the image represents a manifest list.", - "type": "string" - }, - "dockerImageLayers": { - "description": "dockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageLayer" - } - }, - "dockerImageManifest": { - "description": "dockerImageManifest is the raw JSON of the manifest", - "type": "string" - }, - "dockerImageManifestMediaType": { - "description": "dockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2.", - "type": "string" - }, - "dockerImageManifests": { - "description": "dockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageManifest" - } - }, - "dockerImageMetadata": { - "description": "dockerImageMetadata contains metadata about this image", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension", - "x-kubernetes-patch-strategy": "replace" - }, - "dockerImageMetadataVersion": { - "description": "dockerImageMetadataVersion conveys the version of the object, which if empty defaults to \"1.0\"", - "type": "string" - }, - "dockerImageReference": { - "description": "dockerImageReference is the string that can be used to pull this image.", - "type": "string" - }, - "dockerImageSignatures": { - "description": "dockerImageSignatures provides the signatures as opaque blobs. This is a part of manifest schema v1.", - "type": "array", - "items": { - "type": "string", - "format": "byte" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "webhookTokenAuthenticator": { + "description": "webhookTokenAuthenticator configures a remote token reviewer. These remote authentication webhooks can be used to verify bearer tokens via the tokenreviews.authentication.k8s.io REST API. This is required to honor bearer tokens that are provisioned by an external authentication service.\n\nCan only be set if \"Type\" is set to \"None\".", + "$ref": "#/definitions/com.github.openshift.api.config.v1.WebhookTokenAuthenticator" }, - "signatures": { - "description": "signatures holds all signatures of the image.", + "webhookTokenAuthenticators": { + "description": "webhookTokenAuthenticators is DEPRECATED, setting it has no effect.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageSignature" + "$ref": "#/definitions/com.github.openshift.api.config.v1.DeprecatedWebhookTokenAuthenticator" }, - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.image.v1.ImageBlobReferences": { - "description": "ImageBlobReferences describes the blob references within an image.", + "com.github.openshift.api.config.v1.AuthenticationStatus": { "type": "object", "properties": { - "config": { - "description": "config, if set, is the blob that contains the image config. Some images do not have separate config blobs and this field will be set to nil if so.", - "type": "string" - }, - "imageMissing": { - "description": "imageMissing is true if the image is referenced by the image stream but the image object has been deleted from the API by an administrator. When this field is set, layers and config fields may be empty and callers that depend on the image metadata should consider the image to be unavailable for download or viewing.", - "type": "boolean", - "default": false - }, - "layers": { - "description": "layers is the list of blobs that compose this image, from base layer to top layer. All layers referenced by this array will be defined in the blobs map. Some images may have zero layers.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "integratedOAuthMetadata": { + "description": "integratedOAuthMetadata contains the discovery endpoint data for OAuth 2.0 Authorization Server Metadata for the in-cluster integrated OAuth server. This discovery document can be viewed from its served location: oc get --raw '/.well-known/oauth-authorization-server' For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This contains the observed value based on cluster state. An explicitly set value in spec.oauthMetadata has precedence over this field. This field has no meaning if authentication spec.type is not set to IntegratedOAuth. The key \"oauthMetadata\" is used to locate the data. If the config map or expected key is not found, no metadata is served. If the specified metadata is not valid, no metadata is served. The namespace for this config map is openshift-config-managed.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "manifests": { - "description": "manifests is the list of other image names that this image points to. For a single architecture image, it is empty. For a multi-arch image, it consists of the digests of single architecture images, such images shouldn't have layers nor config.", + "oidcClients": { + "description": "oidcClients is where participating operators place the current OIDC client status for OIDC clients that can be customized by the cluster-admin.", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.OIDCClientStatus" + }, + "x-kubernetes-list-map-keys": [ + "componentNamespace", + "componentName" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.image.v1.ImageImportSpec": { - "description": "ImageImportSpec describes a request to import a specific image.", - "type": "object", - "required": [ - "from" - ], - "properties": { - "from": { - "description": "from is the source of an image to import; only kind DockerImage is allowed", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" - }, - "importPolicy": { - "description": "importPolicy is the policy controlling how the image is imported", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.TagImportPolicy" - }, - "includeManifest": { - "description": "includeManifest determines if the manifest for each image is returned in the response", - "type": "boolean" - }, - "referencePolicy": { - "description": "referencePolicy defines how other components should consume the image", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.TagReferencePolicy" - }, - "to": { - "description": "to is a tag in the current image stream to assign the imported image to, if name is not specified the default tag from from.name will be used", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" - } - } + "com.github.openshift.api.config.v1.AzurePlatformSpec": { + "description": "AzurePlatformSpec holds the desired state of the Azure infrastructure provider. This only includes fields that can be modified in the cluster.", + "type": "object" }, - "com.github.openshift.api.image.v1.ImageImportStatus": { - "description": "ImageImportStatus describes the result of an image import.", + "com.github.openshift.api.config.v1.AzurePlatformStatus": { + "description": "AzurePlatformStatus holds the current status of the Azure infrastructure provider.", "type": "object", "required": [ - "status" + "resourceGroupName" ], "properties": { - "image": { - "description": "image is the metadata of that image, if the image was located", - "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" - }, - "manifests": { - "description": "manifests holds sub-manifests metadata when importing a manifest list", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" - } + "armEndpoint": { + "description": "armEndpoint specifies a URL to use for resource management in non-soverign clouds such as Azure Stack.", + "type": "string" }, - "status": { - "description": "status is the status of the image import, including errors encountered while retrieving the image", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + "cloudLoadBalancerConfig": { + "description": "cloudLoadBalancerConfig holds configuration related to DNS and cloud load balancers. It allows configuration of in-cluster DNS as an alternative to the platform default DNS implementation. When using the ClusterHosted DNS type, Load Balancer IP addresses must be provided for the API and internal API load balancers as well as the ingress load balancer.", + "default": { + "dnsType": "PlatformDefault" + }, + "$ref": "#/definitions/com.github.openshift.api.config.v1.CloudLoadBalancerConfig" }, - "tag": { - "description": "tag is the tag this image was located under, if any", + "cloudName": { + "description": "cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK with the appropriate Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`.", "type": "string" - } - } - }, - "com.github.openshift.api.image.v1.ImageLayer": { - "description": "ImageLayer represents a single layer of the image. Some images may have multiple layers. Some may have none.", - "type": "object", - "required": [ - "name", - "size", - "mediaType" - ], - "properties": { - "mediaType": { - "description": "mediaType of the referenced object.", - "type": "string", - "default": "" }, - "name": { - "description": "name of the layer as defined by the underlying store.", + "ipFamily": { + "description": "ipFamily specifies the IP protocol family that should be used for Azure network resources. This controls whether Azure resources are created with IPv4-only, or dual-stack networking with IPv4 or IPv6 as the primary protocol family.", "type": "string", - "default": "" + "default": "IPv4" }, - "size": { - "description": "size of the layer in bytes as defined by the underlying store.", - "type": "integer", - "format": "int64", - "default": 0 - } - } - }, - "com.github.openshift.api.image.v1.ImageLayerData": { - "description": "ImageLayerData contains metadata about an image layer.", - "type": "object", - "required": [ - "size", - "mediaType" - ], - "properties": { - "mediaType": { - "description": "mediaType of the referenced object.", + "networkResourceGroupName": { + "description": "networkResourceGroupName is the Resource Group for network resources like the Virtual Network and Subnets used by the cluster. If empty, the value is same as ResourceGroupName.", + "type": "string" + }, + "resourceGroupName": { + "description": "resourceGroupName is the Resource Group for new Azure resources created for the cluster.", "type": "string", "default": "" }, - "size": { - "description": "size of the layer in bytes as defined by the underlying store. This field is optional if the necessary information about size is not available.", - "type": "integer", - "format": "int64" - } - } - }, - "com.github.openshift.api.image.v1.ImageList": { - "description": "ImageList is a list of Image objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "items" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is a list of images", + "resourceTags": { + "description": "resourceTags is a list of additional tags to apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags for information on tagging Azure resources. Due to limitations on Automation, Content Delivery Network, DNS Azure resources, a maximum of 15 tags may be applied. OpenShift reserves 5 tags for internal use, allowing 10 tags for user configuration.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.image.v1.ImageLookupPolicy": { - "description": "ImageLookupPolicy describes how an image stream can be used to override the image references used by pods, builds, and other resources in a namespace.", - "type": "object", - "required": [ - "local" - ], - "properties": { - "local": { - "description": "local will change the docker short image references (like \"mysql\" or \"php:latest\") on objects in this namespace to the image ID whenever they match this image stream, instead of reaching out to a remote registry. The name will be fully qualified to an image ID if found. The tag's referencePolicy is taken into account on the replaced value. Only works within the current namespace.", - "type": "boolean", - "default": false + "$ref": "#/definitions/com.github.openshift.api.config.v1.AzureResourceTag" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.image.v1.ImageManifest": { - "description": "ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object.", + "com.github.openshift.api.config.v1.AzureResourceTag": { + "description": "AzureResourceTag is a tag to apply to Azure resources created for the cluster.", "type": "object", "required": [ - "digest", - "mediaType", - "manifestSize", - "architecture", - "os" + "key", + "value" ], "properties": { - "architecture": { - "description": "architecture specifies the supported CPU architecture, for example `amd64` or `ppc64le`.", + "key": { + "description": "key is the key part of the tag. A tag key can have a maximum of 128 characters and cannot be empty. Key must begin with a letter, end with a letter, number or underscore, and must contain only alphanumeric characters and the following special characters `_ . -`.", "type": "string", "default": "" }, - "digest": { - "description": "digest is the unique identifier for the manifest. It refers to an Image object.", + "value": { + "description": "value is the value part of the tag. A tag value can have a maximum of 256 characters and cannot be empty. Value must contain only alphanumeric characters and the following special characters `_ + , - . / : ; < = > ? @`.", "type": "string", "default": "" - }, - "manifestSize": { - "description": "manifestSize represents the size of the raw object contents, in bytes.", - "type": "integer", - "format": "int64", - "default": 0 - }, - "mediaType": { - "description": "mediaType defines the type of the manifest, possible values are application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json or application/vnd.docker.distribution.manifest.v1+json.", + } + } + }, + "com.github.openshift.api.config.v1.BareMetalPlatformLoadBalancer": { + "description": "BareMetalPlatformLoadBalancer defines the load balancer used by the cluster on BareMetal platform.", + "type": "object", + "properties": { + "type": { + "description": "type defines the type of load balancer used by the cluster on BareMetal platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", "type": "string", - "default": "" + "default": "OpenShiftManagedDefault" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": {} + } + ] + }, + "com.github.openshift.api.config.v1.BareMetalPlatformSpec": { + "description": "BareMetalPlatformSpec holds the desired state of the BareMetal infrastructure provider. This only includes fields that can be modified in the cluster.", + "type": "object", + "properties": { + "apiServerInternalIPs": { + "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "os": { - "description": "os specifies the operating system, for example `linux`.", - "type": "string", - "default": "" + "ingressIPs": { + "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "variant": { - "description": "variant is an optional field repreenting a variant of the CPU, for example v6 to specify a particular CPU variant of the ARM CPU.", - "type": "string" + "machineNetworks": { + "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example \"10.0.0.0/8\" or \"fd00::/8\".", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.image.v1.ImageSignature": { - "description": "ImageSignature holds a signature of an image. It allows to verify image identity and possibly other claims as long as the signature is trusted. Based on this information it is possible to restrict runnable images to those matching cluster-wide policy. Mandatory fields should be parsed by clients doing image verification. The others are parsed from signature's content by the server. They serve just an informative purpose.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.BareMetalPlatformStatus": { + "description": "BareMetalPlatformStatus holds the current status of the BareMetal infrastructure provider. For more information about the network architecture used with the BareMetal platform type, see: https://github.com/openshift/installer/blob/master/docs/design/baremetal/networking-infrastructure.md", "type": "object", "required": [ - "type", - "content" + "apiServerInternalIPs", + "ingressIPs" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "apiServerInternalIP": { + "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", "type": "string" }, - "conditions": { - "description": "conditions represent the latest available observations of a signature's current state.", + "apiServerInternalIPs": { + "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.SignatureCondition" + "type": "string", + "default": "" }, - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + "x-kubernetes-list-type": "atomic" }, - "content": { - "description": "Required: An opaque binary string which is an image's signature.", + "dnsRecordsType": { + "description": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.\n\nPossible enum values:\n - `\"External\"`\n - `\"Internal\"`", "type": "string", - "format": "byte" - }, - "created": { - "description": "If specified, it is the time of signature's creation.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "enum": [ + "External", + "Internal" + ] }, - "imageIdentity": { - "description": "A human readable string representing image's identity. It could be a product name and version, or an image pull spec (e.g. \"registry.access.redhat.com/rhel7/rhel:7.2\").", + "ingressIP": { + "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", "type": "string" }, - "issuedBy": { - "description": "If specified, it holds information about an issuer of signing certificate or key (a person or entity who signed the signing certificate or key).", - "$ref": "#/definitions/com.github.openshift.api.image.v1.SignatureIssuer" - }, - "issuedTo": { - "description": "If specified, it holds information about a subject of signing certificate or key (a person or entity who signed the image).", - "$ref": "#/definitions/com.github.openshift.api.image.v1.SignatureSubject" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "ingressIPs": { + "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "loadBalancer": { + "description": "loadBalancer defines how the load balancer used by the cluster is configured.", + "default": { + "type": "OpenShiftManagedDefault" + }, + "$ref": "#/definitions/com.github.openshift.api.config.v1.BareMetalPlatformLoadBalancer" }, - "signedClaims": { - "description": "Contains claims from the signature.", - "type": "object", - "additionalProperties": { + "machineNetworks": { + "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", + "type": "array", + "items": { "type": "string", "default": "" - } - }, - "type": { - "description": "Required: Describes a type of stored blob.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.image.v1.ImageStream": { - "description": "An ImageStream stores a mapping of tags to images, metadata overrides that are applied when images are tagged in a stream, and an optional reference to a container image repository on a registry. Users typically update the spec.tags field to point to external images which are imported from container registries using credentials in your namespace with the pull secret type, or to existing image stream tags and images which are immediately accessible for tagging or pulling. The history of images applied to a tag is visible in the status.tags field and any user who can view an image stream is allowed to tag that image into their own image streams. Access to pull images from the integrated registry is granted by having the \"get imagestreams/layers\" permission on a given image stream. Users may remove a tag by deleting the imagestreamtag resource, which causes both spec and status for that tag to be removed. Image stream history is retained until an administrator runs the prune operation, which removes references that are no longer in use. To preserve a historical image, ensure there is a tag in spec pointing to that image by its digest.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + }, + "x-kubernetes-list-type": "atomic" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "nodeDNSIP": { + "description": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for BareMetal deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec describes the desired state of this stream", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStreamSpec" - }, - "status": { - "description": "status describes the current state of this stream", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStreamStatus" } } }, - "com.github.openshift.api.image.v1.ImageStreamImage": { - "description": "ImageStreamImage represents an Image that is retrieved by image name from an ImageStream. User interfaces and regular users can use this resource to access the metadata details of a tagged image in the image stream history for viewing, since Image resources are not directly accessible to end users. A not found error will be returned if no such image is referenced by a tag within the ImageStream. Images are created when spec tags are set on an image stream that represent an image in an external registry, when pushing to the integrated registry, or when tagging an existing image from one image stream to another. The name of an image stream image is in the form \"@\", where the digest is the content addressible identifier for the image (sha256:xxxxx...). You can use ImageStreamImages as the from.kind of an image stream spec tag to reference an image exactly. The only operations supported on the imagestreamimage endpoint are retrieving the image.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.BasicAuthIdentityProvider": { + "description": "BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials", "type": "object", "required": [ - "image" + "url" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "image": { - "description": "image associated with the ImageStream and image name.", + "ca": { + "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "tlsClientCert": { + "description": "tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key \"tls.crt\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "tlsClientKey": { + "description": "tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key \"tls.key\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + }, + "url": { + "description": "url is the remote URL to connect to", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.image.v1.ImageStreamImport": { - "description": "The image stream import resource provides an easy way for a user to find and import container images from other container image registries into the server. Individual images or an entire image repository may be imported, and users may choose to see the results of the import prior to tagging the resulting images into the specified image stream.\n\nThis API is intended for end-user tools that need to see the metadata of the image prior to import (for instance, to generate an application from it). Clients that know the desired image can continue to create spec.tags directly into their image streams.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.Build": { + "description": "Build configures the behavior of OpenShift builds for the entire cluster. This includes default settings that can be overridden in BuildConfig objects, and overrides which are applied to all builds.\n\nThe canonical name is \"cluster\"\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "spec", - "status" + "spec" ], "properties": { "apiVersion": { @@ -16156,94 +16699,66 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { - "description": "spec is a description of the images that the user wishes to import", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStreamImportSpec" - }, - "status": { - "description": "status is the result of importing the image", + "description": "spec holds user-settable values for the build controller configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStreamImportStatus" + "$ref": "#/definitions/com.github.openshift.api.config.v1.BuildSpec" } } }, - "com.github.openshift.api.image.v1.ImageStreamImportSpec": { - "description": "ImageStreamImportSpec defines what images should be imported.", + "com.github.openshift.api.config.v1.BuildDefaults": { "type": "object", - "required": [ - "import" - ], "properties": { - "images": { - "description": "images are a list of individual images to import.", + "defaultProxy": { + "description": "defaultProxy contains the default proxy settings for all build operations, including image pull/push and source download.\n\nValues can be overrode by setting the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` environment variables in the build config's strategy.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.ProxySpec" + }, + "env": { + "description": "env is a set of default environment variables that will be applied to the build if the specified variables do not exist on the build", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageImportSpec" + "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" } }, - "import": { - "description": "import indicates whether to perform an import - if so, the specified tags are set on the spec and status of the image stream defined by the type meta.", - "type": "boolean", - "default": false + "gitProxy": { + "description": "gitProxy contains the proxy settings for git operations only. If set, this will override any Proxy settings for all git commands, such as git clone.\n\nValues that are not set here will be inherited from DefaultProxy.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.ProxySpec" }, - "repository": { - "description": "repository is an optional import of an entire container image repository. A maximum limit on the number of tags imported this way is imposed by the server.", - "$ref": "#/definitions/com.github.openshift.api.image.v1.RepositoryImportSpec" - } - } - }, - "com.github.openshift.api.image.v1.ImageStreamImportStatus": { - "description": "ImageStreamImportStatus contains information about the status of an image stream import.", - "type": "object", - "properties": { - "images": { - "description": "images is set with the result of importing spec.images", + "imageLabels": { + "description": "imageLabels is a list of docker labels that are applied to the resulting image. User can override a default label by providing a label with the same name in their Build/BuildConfig.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageImportStatus" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageLabel" } }, - "import": { - "description": "import is the image stream that was successfully updated or created when 'to' was set.", - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStream" - }, - "repository": { - "description": "repository is set if spec.repository was set to the outcome of the import", - "$ref": "#/definitions/com.github.openshift.api.image.v1.RepositoryImportStatus" + "resources": { + "description": "resources defines resource requirements to execute the build.", + "default": {}, + "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.image.v1.ImageStreamLayers": { - "description": "ImageStreamLayers describes information about the layers referenced by images in this image stream.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.BuildList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "blobs", - "images" + "metadata", + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "blobs": { - "description": "blobs is a map of blob name to metadata about the blob.", - "type": "object", - "additionalProperties": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageLayerData" - } - }, - "images": { - "description": "images is a map between an image name and the names of the blobs and config that comprise the image.", - "type": "object", - "additionalProperties": { + "items": { + "type": "array", + "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageBlobReferences" + "$ref": "#/definitions/com.github.openshift.api.config.v1.Build" } }, "kind": { @@ -16251,182 +16766,240 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.image.v1.ImageStreamList": { - "description": "ImageStreamList is a list of ImageStream objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.BuildOverrides": { "type": "object", - "required": [ - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "forcePull": { + "description": "forcePull overrides, if set, the equivalent value in the builds, i.e. false disables force pull for all builds, true enables force pull for all builds, independently of what each build specifies itself", + "type": "boolean" }, - "items": { - "description": "items is a list of imageStreams", + "imageLabels": { + "description": "imageLabels is a list of docker labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStream" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageLabel" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "nodeSelector": { + "description": "nodeSelector is a selector which must be true for the build pod to fit on a node", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "tolerations": { + "description": "tolerations is a list of Tolerations that will override any existing tolerations set on a build pod.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" + } + } + } + }, + "com.github.openshift.api.config.v1.BuildSpec": { + "type": "object", + "properties": { + "additionalTrustedCA": { + "description": "additionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted for image pushes and pulls during builds. The namespace for this config map is openshift-config.\n\nDEPRECATED: Additional CAs for image pull and push should be set on image.config.openshift.io/cluster instead.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + }, + "buildDefaults": { + "description": "buildDefaults controls the default information for Builds", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.BuildDefaults" + }, + "buildOverrides": { + "description": "buildOverrides controls override settings for builds", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/com.github.openshift.api.config.v1.BuildOverrides" } } }, - "com.github.openshift.api.image.v1.ImageStreamMapping": { - "description": "ImageStreamMapping represents a mapping from a single image stream tag to a container image as well as the reference to the container image stream the image came from. This resource is used by privileged integrators to create an image resource and to associate it with an image stream in the status tags field. Creating an ImageStreamMapping will allow any user who can view the image stream to tag or pull that image, so only create mappings where the user has proven they have access to the image contents directly. The only operation supported for this resource is create and the metadata name and namespace should be set to the image stream containing the tag that should be updated.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.CertInfo": { + "description": "CertInfo relates a certificate with a private key", "type": "object", "required": [ - "image", - "tag" + "certFile", + "keyFile" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", + "type": "string", + "default": "" }, - "image": { - "description": "image is a container image.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.ClientConnectionOverrides": { + "type": "object", + "required": [ + "acceptContentTypes", + "contentType", + "qps", + "burst" + ], + "properties": { + "acceptContentTypes": { + "description": "acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the default value of 'application/json'. This field will control all connections to the server used by a particular client.", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "burst": { + "description": "burst allows extra queries to accumulate when a client is exceeding its rate.", + "type": "integer", + "format": "int32", + "default": 0 }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "contentType": { + "description": "contentType is the content type used when sending data to the server from this client.", + "type": "string", + "default": "" }, - "tag": { - "description": "tag is a string value this image can be located with inside the stream.", + "qps": { + "description": "qps controls the number of queries per second allowed for this connection.", + "type": "number", + "format": "float", + "default": 0 + } + } + }, + "com.github.openshift.api.config.v1.CloudControllerManagerStatus": { + "description": "CloudControllerManagerStatus holds the state of Cloud Controller Manager (a.k.a. CCM or CPI) related settings", + "type": "object", + "properties": { + "state": { + "description": "state determines whether or not an external Cloud Controller Manager is expected to be installed within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager\n\nValid values are \"External\", \"None\" and omitted. When set to \"External\", new nodes will be tainted as uninitialized when created, preventing them from running workloads until they are initialized by the cloud controller manager. When omitted or set to \"None\", new nodes will be not tainted and no extra initialization from the cloud controller manager is expected.", "type": "string", "default": "" } } }, - "com.github.openshift.api.image.v1.ImageStreamSpec": { - "description": "ImageStreamSpec represents options for ImageStreams.", + "com.github.openshift.api.config.v1.CloudLoadBalancerConfig": { + "description": "CloudLoadBalancerConfig contains an union discriminator indicating the type of DNS solution in use within the cluster. When the DNSType is `ClusterHosted`, the cloud's Load Balancer configuration needs to be provided so that the DNS solution hosted within the cluster can be configured with those values.", "type": "object", "properties": { - "dockerImageRepository": { - "description": "dockerImageRepository is optional, if specified this stream is backed by a container repository on this server Deprecated: This field is deprecated as of v3.7 and will be removed in a future release. Specify the source for the tags to be imported in each tag via the spec.tags.from reference instead.", - "type": "string" + "clusterHosted": { + "description": "clusterHosted holds the IP addresses of API, API-Int and Ingress Load Balancers on Cloud Platforms. The DNS solution hosted within the cluster use these IP addresses to provide resolution for API, API-Int and Ingress services.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.CloudLoadBalancerIPs" }, - "lookupPolicy": { - "description": "lookupPolicy controls how other resources reference images within this namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageLookupPolicy" + "dnsType": { + "description": "dnsType indicates the type of DNS solution in use within the cluster. Its default value of `PlatformDefault` indicates that the cluster's DNS is the default provided by the cloud platform. It can be set to `ClusterHosted` to bypass the configuration of the cloud default DNS. In this mode, the cluster needs to provide a self-hosted DNS solution for the cluster's installation to succeed. The cluster's use of the cloud's Load Balancers is unaffected by this setting. The value is immutable after it has been set at install time. Currently, there is no way for the customer to add additional DNS entries into the cluster hosted DNS. Enabling this functionality allows the user to start their own DNS solution outside the cluster after installation is complete. The customer would be responsible for configuring this custom DNS solution, and it can be run in addition to the in-cluster DNS solution.", + "type": "string", + "default": "PlatformDefault" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "dnsType", + "fields-to-discriminateBy": { + "clusterHosted": "ClusterHosted" + } + } + ] + }, + "com.github.openshift.api.config.v1.CloudLoadBalancerIPs": { + "description": "CloudLoadBalancerIPs contains the Load Balancer IPs for the cloud's API, API-Int and Ingress Load balancers. They will be populated as soon as the respective Load Balancers have been configured. These values are utilized to configure the DNS solution hosted within the cluster.", + "type": "object", + "properties": { + "apiIntLoadBalancerIPs": { + "description": "apiIntLoadBalancerIPs holds Load Balancer IPs for the internal API service. These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses. Entries in the apiIntLoadBalancerIPs must be unique. A maximum of 16 IP addresses are permitted.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" }, - "tags": { - "description": "tags map arbitrary string values to specific image locators", + "apiLoadBalancerIPs": { + "description": "apiLoadBalancerIPs holds Load Balancer IPs for the API service. These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses. Could be empty for private clusters. Entries in the apiLoadBalancerIPs must be unique. A maximum of 16 IP addresses are permitted.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.TagReference" + "type": "string", + "default": "" }, - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" + "x-kubernetes-list-type": "set" + }, + "ingressLoadBalancerIPs": { + "description": "ingressLoadBalancerIPs holds IPs for Ingress Load Balancers. These Load Balancer IP addresses can be IPv4 and/or IPv6 addresses. Entries in the ingressLoadBalancerIPs must be unique. A maximum of 16 IP addresses are permitted.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" } } }, - "com.github.openshift.api.image.v1.ImageStreamStatus": { - "description": "ImageStreamStatus contains information about the state of this image stream.", + "com.github.openshift.api.config.v1.ClusterCondition": { + "description": "ClusterCondition is a union of typed cluster conditions. The 'type' property determines which of the type-specific properties are relevant. When evaluated on a cluster, the condition may match, not match, or fail to evaluate.", "type": "object", + "required": [ + "type" + ], "properties": { - "dockerImageRepository": { - "description": "dockerImageRepository represents the effective location this stream may be accessed at. May be empty until the server determines where the repository is located", + "promql": { + "description": "promql represents a cluster condition based on PromQL.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.PromQLClusterCondition" + }, + "type": { + "description": "type represents the cluster-condition type. This defines the members and semantics of any additional properties.", "type": "string", "default": "" - }, - "publicDockerImageRepository": { - "description": "publicDockerImageRepository represents the public location from where the image can be pulled outside the cluster. This field may be empty if the administrator has not exposed the integrated registry externally.", - "type": "string" - }, - "tags": { - "description": "tags are a historical record of images associated with each tag. The first entry in the TagEvent array is the currently tagged image.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.NamedTagEventList" - }, - "x-kubernetes-patch-merge-key": "tag", - "x-kubernetes-patch-strategy": "merge" } } }, - "com.github.openshift.api.image.v1.ImageStreamTag": { - "description": "ImageStreamTag represents an Image that is retrieved by tag name from an ImageStream. Use this resource to interact with the tags and images in an image stream by tag, or to see the image details for a particular tag. The image associated with this resource is the most recently successfully tagged, imported, or pushed image (as described in the image stream status.tags.items list for this tag). If an import is in progress or has failed the previous image will be shown. Deleting an image stream tag clears both the status and spec fields of an image stream. If no image can be retrieved for a given tag, a not found error will be returned.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.ClusterImagePolicy": { + "description": "ClusterImagePolicy holds cluster-wide configuration for image signature verification\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "tag", - "generation", - "lookupPolicy", - "image" + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "conditions": { - "description": "conditions is an array of conditions that apply to the image stream tag.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.TagEventCondition" - } - }, - "generation": { - "description": "generation is the current generation of the tagged image - if tag is provided and this value is not equal to the tag generation, a user has requested an import that has not completed, or conditions will be filled out indicating any error.", - "type": "integer", - "format": "int64", - "default": 0 - }, - "image": { - "description": "image associated with the ImageStream and tag.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "lookupPolicy": { - "description": "lookupPolicy indicates whether this tag will handle image references in this namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageLookupPolicy" - }, "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "tag": { - "description": "tag is the spec tag associated with this image stream tag, and it may be null if only pushes have occurred to this image stream.", - "$ref": "#/definitions/com.github.openshift.api.image.v1.TagReference" + "spec": { + "description": "spec contains the configuration for the cluster image policy.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterImagePolicySpec" + }, + "status": { + "description": "status contains the observed state of the resource.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterImagePolicyStatus" } } }, - "com.github.openshift.api.image.v1.ImageStreamTagList": { - "description": "ImageStreamTagList is a list of ImageStreamTag objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.ClusterImagePolicyList": { + "description": "ClusterImagePolicyList is a list of ClusterImagePolicy resources\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -16435,11 +17008,11 @@ "type": "string" }, "items": { - "description": "items is the list of image stream tags", + "description": "items is a list of ClusterImagePolices", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStreamTag" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterImagePolicy" } }, "kind": { @@ -16449,166 +17022,108 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.image.v1.ImageTag": { - "description": "ImageTag represents a single tag within an image stream and includes the spec, the status history, and the currently referenced image (if any) of the provided tag. This type replaces the ImageStreamTag by providing a full view of the tag. ImageTags are returned for every spec or status tag present on the image stream. If no tag exists in either form, a not found error will be returned by the API. A create operation will succeed if no spec tag has already been defined and the spec field is set. Delete will remove both spec and status elements from the image stream.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.ClusterImagePolicySpec": { + "description": "CLusterImagePolicySpec is the specification of the ClusterImagePolicy custom resource.", "type": "object", "required": [ - "spec", - "status", - "image" + "scopes", + "policy" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "image": { - "description": "image is the details of the most recent image stream status tag, and it may be null if import has not completed or an administrator has deleted the image object. To verify this is the most recent image, you must verify the generation of the most recent status.items entry matches the spec tag (if a spec tag is set). This field will not be set when listing image tags.", - "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "policy": { + "description": "policy is a required field that contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec is the spec tag associated with this image stream tag, and it may be null if only pushes have occurred to this image stream.", - "$ref": "#/definitions/com.github.openshift.api.image.v1.TagReference" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy" }, - "status": { - "description": "status is the status tag details associated with this image stream tag, and it may be null if no push or import has been performed.", - "$ref": "#/definitions/com.github.openshift.api.image.v1.NamedTagEventList" + "scopes": { + "description": "scopes is a required field that defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. This support no more than 256 scopes in one object. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" } } }, - "com.github.openshift.api.image.v1.ImageTagList": { - "description": "ImageTagList is a list of ImageTag objects. When listing image tags, the image field is not populated. Tags are returned in alphabetical order by image stream and then tag.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.ClusterImagePolicyStatus": { "type": "object", - "required": [ - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is the list of image stream tags", + "conditions": { + "description": "conditions provide details on the status of this API Resource.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageTag" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.image.v1.NamedTagEventList": { - "description": "NamedTagEventList relates a tag to its image history.", + "com.github.openshift.api.config.v1.ClusterNetworkEntry": { + "description": "ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated.", "type": "object", "required": [ - "tag", - "items" + "cidr" ], "properties": { - "conditions": { - "description": "conditions is an array of conditions that apply to the tag event list.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.TagEventCondition" - } - }, - "items": { - "description": "Standard object's metadata.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.TagEvent" - } - }, - "tag": { - "description": "tag is the tag for which the history is recorded", + "cidr": { + "description": "The complete block for pod IPs.", "type": "string", "default": "" + }, + "hostPrefix": { + "description": "The size (prefix) of block to allocate to each node. If this field is not used by the plugin, it can be left unset.", + "type": "integer", + "format": "int64" } } }, - "com.github.openshift.api.image.v1.RepositoryImportSpec": { - "description": "RepositoryImportSpec describes a request to import images from a container image repository.", + "com.github.openshift.api.config.v1.ClusterOperator": { + "description": "ClusterOperator holds the status of a core or optional OpenShift component managed by the Cluster Version Operator (CVO). This object is used by operators to convey their state to the rest of the cluster. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "from" + "metadata", + "spec" ], "properties": { - "from": { - "description": "from is the source for the image repository to import; only kind DockerImage and a name of a container image repository is allowed", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" - }, - "importPolicy": { - "description": "importPolicy is the policy controlling how the image is imported", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.TagImportPolicy" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "includeManifest": { - "description": "includeManifest determines if the manifest for each image is returned in the response", - "type": "boolean" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "referencePolicy": { - "description": "referencePolicy defines how other components should consume the image", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.TagReferencePolicy" - } - } - }, - "com.github.openshift.api.image.v1.RepositoryImportStatus": { - "description": "RepositoryImportStatus describes the result of an image repository import", - "type": "object", - "properties": { - "additionalTags": { - "description": "additionalTags are tags that exist in the repository but were not imported because a maximum limit of automatic imports was applied.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "images": { - "description": "images is a list of images successfully retrieved by the import of the repository.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageImportStatus" - } + "spec": { + "description": "spec holds configuration that could apply to any operator.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterOperatorSpec" }, "status": { - "description": "status reflects whether any failure occurred during import", + "description": "status holds the information about the state of an operator. It is consistent with status information across the Kubernetes ecosystem.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Status" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterOperatorStatus" } } }, - "com.github.openshift.api.image.v1.SecretList": { - "description": "SecretList is a list of Secret.", + "com.github.openshift.api.config.v1.ClusterOperatorList": { + "description": "ClusterOperatorList is a list of OperatorStatus resources.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -16617,11 +17132,10 @@ "type": "string" }, "items": { - "description": "Items is a list of secret objects. More info: https://kubernetes.io/docs/concepts/configuration/secret", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.Secret" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterOperator" } }, "kind": { @@ -16629,269 +17143,91 @@ "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.image.v1.SignatureCondition": { - "description": "SignatureCondition describes an image signature condition of particular kind at particular probe time.", - "type": "object", - "required": [ - "type", - "status" - ], - "properties": { - "lastProbeTime": { - "description": "Last time the condition was checked.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "lastTransitionTime": { - "description": "Last time the condition transit from one status to another.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "message": { - "description": "Human readable message indicating details about last transition.", - "type": "string" - }, - "reason": { - "description": "(brief) reason for the condition's last transition.", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "type": "string", - "default": "" - }, - "type": { - "description": "type of signature condition, Complete or Failed.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.image.v1.SignatureGenericEntity": { - "description": "SignatureGenericEntity holds a generic information about a person or entity who is an issuer or a subject of signing certificate or key.", - "type": "object", - "properties": { - "commonName": { - "description": "Common name (e.g. openshift-signing-service).", - "type": "string" - }, - "organization": { - "description": "organization name.", - "type": "string" - } - } - }, - "com.github.openshift.api.image.v1.SignatureIssuer": { - "description": "SignatureIssuer holds information about an issuer of signing certificate or key.", - "type": "object", - "properties": { - "commonName": { - "description": "Common name (e.g. openshift-signing-service).", - "type": "string" - }, - "organization": { - "description": "organization name.", - "type": "string" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.image.v1.SignatureSubject": { - "description": "SignatureSubject holds information about a person or entity who created the signature.", - "type": "object", - "required": [ - "publicKeyID" - ], - "properties": { - "commonName": { - "description": "Common name (e.g. openshift-signing-service).", - "type": "string" - }, - "organization": { - "description": "organization name.", - "type": "string" - }, - "publicKeyID": { - "description": "If present, it is a human readable key id of public key belonging to the subject used to verify image signature. It should contain at least 64 lowest bits of public key's fingerprint (e.g. 0x685ebe62bf278440).", - "type": "string", - "default": "" - } - } + "com.github.openshift.api.config.v1.ClusterOperatorSpec": { + "description": "ClusterOperatorSpec is empty for now, but you could imagine holding information like \"pause\".", + "type": "object" }, - "com.github.openshift.api.image.v1.TagEvent": { - "description": "TagEvent is used by ImageStreamStatus to keep a historical record of images associated with a tag.", + "com.github.openshift.api.config.v1.ClusterOperatorStatus": { + "description": "ClusterOperatorStatus provides information about the status of the operator.", "type": "object", - "required": [ - "created", - "dockerImageReference", - "image", - "generation" - ], "properties": { - "created": { - "description": "created holds the time the TagEvent was created", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "conditions": { + "description": "conditions describes the state of the operator's managed and monitored components.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterOperatorStatusCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "dockerImageReference": { - "description": "dockerImageReference is the string that can be used to pull this image", - "type": "string", - "default": "" + "extension": { + "description": "extension contains any additional status information specific to the operator which owns this status object.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" }, - "generation": { - "description": "generation is the spec tag generation that resulted in this tag being updated", - "type": "integer", - "format": "int64", - "default": 0 + "relatedObjects": { + "description": "relatedObjects is a list of objects that are \"interesting\" or related to this operator. Common uses are: 1. the detailed resource driving the operator 2. operator namespaces 3. operand namespaces", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ObjectReference" + } }, - "image": { - "description": "image is the image", - "type": "string", - "default": "" + "versions": { + "description": "versions is a slice of operator and operand version tuples. Operators which manage multiple operands will have multiple operand entries in the array. Available operators must report the version of the operator itself with the name \"operator\". An operator reports a new \"operator\" version when it has rolled out the new version to all of its operands.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.OperandVersion" + } } } }, - "com.github.openshift.api.image.v1.TagEventCondition": { - "description": "TagEventCondition contains condition information for a tag event.", + "com.github.openshift.api.config.v1.ClusterOperatorStatusCondition": { + "description": "ClusterOperatorStatusCondition represents the state of the operator's managed and monitored components.", "type": "object", "required": [ "type", "status", - "generation" + "lastTransitionTime" ], "properties": { - "generation": { - "description": "generation is the spec tag generation that this status corresponds to", - "type": "integer", - "format": "int64", - "default": 0 - }, "lastTransitionTime": { - "description": "lastTransitionTime is the time the condition transitioned from one status to another.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "description": "lastTransitionTime is the time of the last update to the current status property.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, "message": { - "description": "message is a human readable description of the details about last transition, complementing reason.", - "type": "string" - }, - "reason": { - "description": "reason is a brief machine readable explanation for the condition's last transition.", - "type": "string" - }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "type": "string", - "default": "" - }, - "type": { - "description": "type of tag event condition, currently only ImportSuccess", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.image.v1.TagImportPolicy": { - "description": "TagImportPolicy controls how images related to this tag will be imported.", - "type": "object", - "properties": { - "importMode": { - "description": "importMode describes how to import an image manifest.", + "description": "message provides additional information about the current condition. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.", "type": "string" }, - "insecure": { - "description": "insecure is true if the server may bypass certificate verification or connect directly over HTTP during image import.", - "type": "boolean" - }, - "scheduled": { - "description": "scheduled indicates to the server that this tag should be periodically checked to ensure it is up to date, and imported", - "type": "boolean" - } - } - }, - "com.github.openshift.api.image.v1.TagReference": { - "description": "TagReference specifies optional annotations for images using this tag and an optional reference to an ImageStreamTag, ImageStreamImage, or DockerImage this tag should track.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "annotations": { - "description": "Optional; if specified, annotations that are applied to images retrieved via ImageStreamTags.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "from": { - "description": "Optional; if specified, a reference to another image that this tag should point to. Valid values are ImageStreamTag, ImageStreamImage, and DockerImage. ImageStreamTag references can only reference a tag within this same ImageStream.", - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" - }, - "generation": { - "description": "generation is a counter that tracks mutations to the spec tag (user intent). When a tag reference is changed the generation is set to match the current stream generation (which is incremented every time spec is changed). Other processes in the system like the image importer observe that the generation of spec tag is newer than the generation recorded in the status and use that as a trigger to import the newest remote tag. To trigger a new import, clients may set this value to zero which will reset the generation to the latest stream generation. Legacy clients will send this value as nil which will be merged with the current tag generation.", - "type": "integer", - "format": "int64" - }, - "importPolicy": { - "description": "importPolicy is information that controls how images may be imported by the server.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.TagImportPolicy" - }, - "name": { - "description": "name of the tag", - "type": "string", - "default": "" - }, - "reference": { - "description": "reference states if the tag will be imported. Default value is false, which means the tag will be imported.", - "type": "boolean" - }, - "referencePolicy": { - "description": "referencePolicy defines how other components should consume the image.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.image.v1.TagReferencePolicy" - } - } - }, - "com.github.openshift.api.image.v1.TagReferencePolicy": { - "description": "TagReferencePolicy describes how pull-specs for images in this image stream tag are generated when image change triggers in deployment configs or builds are resolved. This allows the image stream author to control how images are accessed.", - "type": "object", - "required": [ - "type" - ], - "properties": { + "reason": { + "description": "reason is the CamelCase reason for the condition's current status.", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "type": "string", + "default": "" + }, "type": { - "description": "type determines how the image pull spec should be transformed when the image stream tag is used in deployment config triggers or new builds. The default value is `Source`, indicating the original location of the image should be used (if imported). The user may also specify `Local`, indicating that the pull spec should point to the integrated container image registry and leverage the registry's ability to proxy the pull to an upstream registry. `Local` allows the credentials used to pull this image to be managed from the image stream's namespace, so others on the platform can access a remote image but have no access to the remote secret. It also allows the image layers to be mirrored into the local registry which the images can still be pulled even if the upstream registry is unavailable.", + "description": "type specifies the aspect reported by this condition.", "type": "string", "default": "" } } }, - "com.github.openshift.api.insights.v1.Custom": { - "description": "Custom provides the custom configuration of gatherers", - "type": "object", - "required": [ - "configs" - ], - "properties": { - "configs": { - "description": "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.GathererConfig" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - } - }, - "com.github.openshift.api.insights.v1.DataGather": { - "description": "DataGather provides data gather configuration options and status for the particular Insights data gathering.\n\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.ClusterVersion": { + "description": "ClusterVersion is the configuration for the ClusterVersionOperator. This is where parameters related to automatic updates can be set.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "spec" @@ -16908,57 +17244,45 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { - "description": "spec holds user settable values for configuration", + "description": "spec is the desired state of the cluster version - the operator will work to ensure that the desired version is applied to the cluster.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.DataGatherSpec" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterVersionSpec" }, "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", + "description": "status contains information about the available updates and any in-progress updates.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.DataGatherStatus" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterVersionStatus" } } }, - "com.github.openshift.api.insights.v1.DataGatherList": { - "description": "DataGatherList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.ClusterVersionCapabilitiesSpec": { + "description": "ClusterVersionCapabilitiesSpec selects the managed set of optional, core cluster components.", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items contains a list of DataGather resources.", + "additionalEnabledCapabilities": { + "description": "additionalEnabledCapabilities extends the set of managed capabilities beyond the baseline defined in baselineCapabilitySet. The default is an empty set.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.DataGather" + "type": "string", + "default": "" }, "x-kubernetes-list-type": "atomic" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "baselineCapabilitySet": { + "description": "baselineCapabilitySet selects an initial set of optional capabilities to enable, which can be extended via additionalEnabledCapabilities. If unset, the cluster will choose a default, and the default may change over time. The current default is vCurrent.", "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.insights.v1.DataGatherSpec": { - "description": "DataGatherSpec contains the configuration for the DataGather.", + "com.github.openshift.api.config.v1.ClusterVersionCapabilitiesStatus": { + "description": "ClusterVersionCapabilitiesStatus describes the state of optional, core cluster components.", "type": "object", - "required": [ - "gatherers" - ], "properties": { - "dataPolicy": { - "description": "dataPolicy is an optional list of DataPolicyOptions that allows user to enable additional obfuscation of the Insights archive data. It may not exceed 2 items and must not contain duplicates. Valid values are ObfuscateNetworking and WorkloadNames. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When set to WorkloadNames, the gathered data about cluster resources will not contain the workload names for your deployments. Resources UIDs will be used instead. When omitted no obfuscation is applied.", + "enabledCapabilities": { + "description": "enabledCapabilities lists all the capabilities that are currently managed.", "type": "array", "items": { "type": "string", @@ -16966,645 +17290,453 @@ }, "x-kubernetes-list-type": "atomic" }, - "gatherers": { - "description": "gatherers is a required field that specifies the configuration of the gatherers.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.Gatherers" - }, - "storage": { - "description": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.Storage" + "knownCapabilities": { + "description": "knownCapabilities lists all the capabilities known to the current cluster.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.insights.v1.DataGatherStatus": { - "description": "DataGatherStatus contains information relating to the DataGather state.", + "com.github.openshift.api.config.v1.ClusterVersionList": { + "description": "ClusterVersionList is a list of ClusterVersion resources.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { - "conditions": { - "description": "conditions is an optional field that provides details on the status of the gatherer job. It may not exceed 100 items and must not contain duplicates.\n\nThe current condition types are DataUploaded, DataRecorded, DataProcessed, RemoteConfigurationNotAvailable, RemoteConfigurationInvalid\n\nThe DataUploaded condition is used to represent whether or not the archive was successfully uploaded for further processing. When it has a status of True and a reason of Succeeded, the archive was successfully uploaded. When it has a status of Unknown and a reason of NoUploadYet, the upload has not occurred, or there was no data to upload. When it has a status of False and a reason Failed, the upload failed. The accompanying message will include the specific error encountered.\n\nThe DataRecorded condition is used to represent whether or not the archive was successfully recorded. When it has a status of True and a reason of Succeeded, the archive was recorded successfully. When it has a status of Unknown and a reason of NoDataGatheringYet, the data gathering process has not started yet. When it has a status of False and a reason of RecordingFailed, the recording failed and a message will include the specific error encountered.\n\nThe DataProcessed condition is used to represent whether or not the archive was processed by the processing service. When it has a status of True and a reason of Processed, the data was processed successfully. When it has a status of Unknown and a reason of NothingToProcessYet, there is no data to process at the moment. When it has a status of False and a reason of Failure, processing failed and a message will include the specific error encountered.\n\nThe RemoteConfigurationAvailable condition is used to represent whether the remote configuration is available. When it has a status of Unknown and a reason of Unknown or RemoteConfigNotRequestedYet, the state of the remote configuration is unknown—typically at startup. When it has a status of True and a reason of Succeeded, the configuration is available. When it has a status of False and a reason of NoToken, the configuration was disabled by removing the cloud.openshift.com field from the pull secret. When it has a status of False and a reason of DisabledByConfiguration, the configuration was disabled in insightsdatagather.config.openshift.io.\n\nThe RemoteConfigurationValid condition is used to represent whether the remote configuration is valid. When it has a status of Unknown and a reason of Unknown or NoValidationYet, the validity of the remote configuration is unknown—typically at startup. When it has a status of True and a reason of Succeeded, the configuration is valid. When it has a status of False and a reason of Invalid, the configuration is invalid.\n\nThe Progressing condition is used to represent the phase of gathering When it has a status of False and the reason is DataGatherPending, the gathering has not started yet. When it has a status of True and reason is Gathering, the gathering is running. When it has a status of False and reason is GatheringSucceeded, the gathering successfully finished. When it has a status of False and reason is GatheringFailed, the gathering failed.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterVersion" + } }, - "finishTime": { - "description": "finishTime is the time when Insights data gathering finished.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "gatherers": { - "description": "gatherers is a list of active gatherers (and their statuses) in the last gathering.", + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.config.v1.ClusterVersionSpec": { + "description": "ClusterVersionSpec is the desired version state of the cluster. It includes the version the cluster should be at, how the cluster is identified, and where the cluster should look for version updates.", + "type": "object", + "required": [ + "clusterID" + ], + "properties": { + "capabilities": { + "description": "capabilities configures the installation of optional, core cluster components. A null value here is identical to an empty object; see the child properties for default semantics.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterVersionCapabilitiesSpec" + }, + "channel": { + "description": "channel is an identifier for explicitly requesting a non-default set of updates to be applied to this cluster. The default channel will contain stable updates that are appropriate for production clusters.", + "type": "string" + }, + "clusterID": { + "description": "clusterID uniquely identifies this cluster. This is expected to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx in hexadecimal values). This is a required field.", + "type": "string", + "default": "" + }, + "desiredUpdate": { + "description": "desiredUpdate is an optional field that indicates the desired value of the cluster version. Setting this value will trigger an upgrade (if the current version does not match the desired version). The set of recommended update values is listed as part of available updates in status, and setting values outside that range may cause the upgrade to fail.\n\nSome of the fields are inter-related with restrictions and meanings described here. 1. image is specified, version is specified, architecture is specified. API validation error. 2. image is specified, version is specified, architecture is not specified. The version extracted from the referenced image must match the specified version. 3. image is specified, version is not specified, architecture is specified. API validation error. 4. image is specified, version is not specified, architecture is not specified. image is used. 5. image is not specified, version is specified, architecture is specified. version and desired architecture are used to select an image. 6. image is not specified, version is specified, architecture is not specified. version and current architecture are used to select an image. 7. image is not specified, version is not specified, architecture is specified. API validation error. 8. image is not specified, version is not specified, architecture is not specified. API validation error.\n\nIf an upgrade fails the operator will halt and report status about the failing component. Setting the desired update value back to the previous version will cause a rollback to be attempted if the previous version is within the current minor version. Not all rollbacks will succeed, and some may unrecoverably break the cluster.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.Update" + }, + "overrides": { + "description": "overrides is list of overides for components that are managed by cluster version operator. Marking a component unmanaged will prevent the operator from creating or updating the object.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.GathererStatus" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ComponentOverride" }, "x-kubernetes-list-map-keys": [ + "kind", + "group", + "namespace", "name" ], "x-kubernetes-list-type": "map" }, - "insightsReport": { - "description": "insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet or the corresponding Insights analysis (identified by \"insightsRequestID\") is not available.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.InsightsReport" - }, - "insightsRequestID": { - "description": "insightsRequestID is an optional Insights request ID to track the status of the Insights analysis (in console.redhat.com processing pipeline) for the corresponding Insights data archive. It may not exceed 256 characters and is immutable once set.", - "type": "string" - }, - "relatedObjects": { - "description": "relatedObjects is an optional list of resources which are useful when debugging or inspecting the data gathering Pod It may not exceed 100 items and must not contain duplicates.", + "signatureStores": { + "description": "signatureStores contains the upstream URIs to verify release signatures and optional reference to a config map by name containing the PEM-encoded CA bundle.\n\nBy default, CVO will use existing signature stores if this property is empty. The CVO will check the release signatures in the local ConfigMaps first. It will search for a valid signature in these stores in parallel only when local ConfigMaps did not include a valid signature. Validation will fail if none of the signature stores reply with valid signature before timeout. Setting signatureStores will replace the default signature stores with custom signature stores. Default stores can be used with custom signature stores by adding them manually.\n\nA maximum of 32 signature stores may be configured.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.ObjectReference" + "$ref": "#/definitions/com.github.openshift.api.config.v1.SignatureStore" }, "x-kubernetes-list-map-keys": [ - "name", - "namespace" + "url" ], "x-kubernetes-list-type": "map" }, - "startTime": { - "description": "startTime is the time when Insights data gathering started.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - } - } - }, - "com.github.openshift.api.insights.v1.GathererConfig": { - "description": "GathererConfig allows to configure specific gatherers", - "type": "object", - "required": [ - "name", - "state" - ], - "properties": { - "name": { - "description": "name is the required name of a specific gatherer. It may not exceed 256 characters. The format for a gatherer name is: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", - "type": "string" - }, - "state": { - "description": "state is a required field that allows you to configure specific gatherer. Valid values are \"Enabled\" and \"Disabled\". When set to Enabled the gatherer will run. When set to Disabled the gatherer will not run.", + "upstream": { + "description": "upstream may be used to specify the preferred update server. By default it will use the appropriate update server for the cluster and region.", "type": "string" } } }, - "com.github.openshift.api.insights.v1.GathererStatus": { - "description": "GathererStatus represents information about a particular data gatherer.", + "com.github.openshift.api.config.v1.ClusterVersionStatus": { + "description": "ClusterVersionStatus reports the status of the cluster versioning, including any upgrades that are in progress. The current field will be set to whichever version the cluster is reconciling to, and the conditions array will report whether the update succeeded, is in progress, or is failing.", "type": "object", "required": [ - "name", - "lastGatherSeconds" + "desired", + "observedGeneration", + "versionHash", + "availableUpdates" ], "properties": { - "conditions": { - "description": "conditions provide details on the status of each gatherer.\n\nThe current condition type is DataGathered\n\nThe DataGathered condition is used to represent whether or not the data was gathered by a gatherer specified by name. When it has a status of True and a reason of GatheredOK, the data has been successfully gathered as expected. When it has a status of False and a reason of NoData, no data was gathered—for example, when the resource is not present in the cluster. When it has a status of False and a reason of GatherError, an error occurred and no data was gathered. When it has a status of False and a reason of GatherPanic, a panic occurred during gathering and no data was collected. When it has a status of False and a reason of GatherWithErrorReason, data was partially gathered or gathered with an error message.", + "availableUpdates": { + "description": "availableUpdates contains updates recommended for this cluster. Updates which appear in conditionalUpdates but not in availableUpdates may expose this cluster to known issues. This list may be empty if no updates are recommended, if the update service is unavailable, or if an invalid channel has been specified.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "$ref": "#/definitions/com.github.openshift.api.config.v1.Release" }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "lastGatherSeconds": { - "description": "lastGatherSeconds is required field that represents the time spent gathering in seconds", - "type": "integer", - "format": "int32" + "x-kubernetes-list-type": "atomic" }, - "name": { - "description": "name is the required name of the gatherer. It must contain at least 5 characters and may not exceed 256 characters.", - "type": "string" - } - } - }, - "com.github.openshift.api.insights.v1.Gatherers": { - "description": "Gatherers specifies the configuration of the gatherers", - "type": "object", - "required": [ - "mode" - ], - "properties": { - "custom": { - "description": "custom provides gathering configuration. It is required when mode is Custom, and forbidden otherwise. Custom configuration allows user to disable only a subset of gatherers. Gatherers that are not explicitly disabled in custom configuration will run.", + "capabilities": { + "description": "capabilities describes the state of optional, core cluster components.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.Custom" - }, - "mode": { - "description": "mode is a required field that specifies the mode for gatherers. Allowed values are All and Custom. When set to All, all gatherers will run and gather data. When set to Custom, the custom configuration from the custom field will be applied.", - "type": "string" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "mode", - "fields-to-discriminateBy": { - "custom": "Custom" - } - } - ] - }, - "com.github.openshift.api.insights.v1.HealthCheck": { - "description": "HealthCheck represents an Insights health check attributes.", - "type": "object", - "required": [ - "description", - "totalRisk", - "advisorURI" - ], - "properties": { - "advisorURI": { - "description": "advisorURI is required field that provides the URL link to the Insights Advisor. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterVersionCapabilitiesStatus" }, - "description": { - "description": "description is required field that provides basic description of the healthcheck. It must contain at least 10 characters and may not exceed 2048 characters.", - "type": "string" + "conditionalUpdateRisks": { + "description": "conditionalUpdateRisks contains the list of risks associated with conditionalUpdates. When performing a conditional update, all its associated risks will be compared with the set of accepted risks in the spec.desiredUpdate.acceptRisks field. If all risks for a conditional update are included in the spec.desiredUpdate.acceptRisks set, the conditional update can proceed, otherwise it is blocked. The risk names in the list must be unique. conditionalUpdateRisks must not contain more than 500 entries.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConditionalUpdateRisk" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "totalRisk": { - "description": "totalRisk is the required field of the healthcheck. It is indicator of the total risk posed by the detected issue; combination of impact and likelihood. Allowed values are Low, Moderate, Important and Critical. The value represents the severity of the issue.", - "type": "string" - } - } - }, - "com.github.openshift.api.insights.v1.InsightsReport": { - "description": "InsightsReport provides Insights health check report based on the most recently sent Insights data.", - "type": "object", - "required": [ - "downloadedTime", - "uri" - ], - "properties": { - "downloadedTime": { - "description": "downloadedTime is a required field that specifies when the Insights report was last downloaded.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "conditionalUpdates": { + "description": "conditionalUpdates contains the list of updates that may be recommended for this cluster if it meets specific required conditions. Consumers interested in the set of updates that are actually recommended for this cluster should use availableUpdates. This list may be empty if no updates are recommended, if the update service is unavailable, or if an empty or invalid channel has been specified.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConditionalUpdate" + }, + "x-kubernetes-list-type": "atomic" }, - "healthChecks": { - "description": "healthChecks is an optional field that provides basic information about active Insights recommendations, which serve as proactive notifications for potential issues in the cluster. When omitted, it means that there are no active recommendations in the cluster.", + "conditions": { + "description": "conditions provides information about the cluster version. The condition \"Available\" is set to true if the desiredUpdate has been reached. The condition \"Progressing\" is set to true if an update is being applied. The condition \"Degraded\" is set to true if an update is currently blocked by a temporary or permanent error. Conditions are only valid for the current desiredUpdate when metadata.generation is equal to status.generation.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.HealthCheck" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterOperatorStatusCondition" }, "x-kubernetes-list-map-keys": [ - "advisorURI", - "totalRisk", - "description" + "type" ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "uri": { - "description": "uri is a required field that provides the URL link from which the report was downloaded. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", - "type": "string" + "desired": { + "description": "desired is the version that the cluster is reconciling towards. If the cluster is not yet fully initialized desired will be set with the information available, which may be an image or a tag.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.Release" + }, + "history": { + "description": "history contains a list of the most recent versions applied to the cluster. This value may be empty during cluster startup, and then will be updated when a new update is being applied. The newest update is first in the list and it is ordered by recency. Updates in the history have state Completed if the rollout completed - if an update was failing or halfway applied the state will be Partial. Only a limited amount of update history is preserved.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.UpdateHistory" + }, + "x-kubernetes-list-type": "atomic" + }, + "observedGeneration": { + "description": "observedGeneration reports which version of the spec is being synced. If this value is not equal to metadata.generation, then the desired and conditions fields may represent a previous version.", + "type": "integer", + "format": "int64", + "default": 0 + }, + "versionHash": { + "description": "versionHash is a fingerprint of the content that the cluster will be updated with. It is used by the operator to avoid unnecessary work and is for internal use only.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.insights.v1.ObjectReference": { - "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "com.github.openshift.api.config.v1.ComponentOverride": { + "description": "ComponentOverride allows overriding cluster version operator's behavior for a component.", "type": "object", "required": [ + "kind", "group", - "resource", + "namespace", "name", - "namespace" + "unmanaged" ], "properties": { "group": { - "description": "group is required field that specifies the API Group of the Resource. Enter empty string for the core group. This value is empty or it should follow the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start with an alphabetic character and end with an alphanumeric character. Example: \"\", \"apps\", \"build.openshift.io\", etc.", - "type": "string" + "description": "group identifies the API group that the kind is in.", + "type": "string", + "default": "" + }, + "kind": { + "description": "kind indentifies which object to override.", + "type": "string", + "default": "" }, "name": { - "description": "name is required field that specifies the referent that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start with an alphabetic character and end with an alphanumeric character..", - "type": "string" + "description": "name is the component's name.", + "type": "string", + "default": "" }, "namespace": { - "description": "namespace if required field of the referent that follows the DNS1123 labels format. It must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character.", - "type": "string" - }, - "resource": { - "description": "resource is required field of the type that is being referenced and follows the DNS1035 format. It is normally the plural form of the resource kind in lowercase. It must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character. Example: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", - "type": "string" - } - } - }, - "com.github.openshift.api.insights.v1.PersistentVolumeClaimReference": { - "description": "PersistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "description": "name is the name of the PersistentVolumeClaim that will be used to store the Insights data archive. It is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", - "type": "string" - } - } - }, - "com.github.openshift.api.insights.v1.PersistentVolumeConfig": { - "description": "PersistentVolumeConfig provides configuration options for PersistentVolume storage.", - "type": "object", - "required": [ - "claim" - ], - "properties": { - "claim": { - "description": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.PersistentVolumeClaimReference" + "description": "namespace is the component's namespace. If the resource is cluster scoped, the namespace should be empty.", + "type": "string", + "default": "" }, - "mountPath": { - "description": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", - "type": "string" + "unmanaged": { + "description": "unmanaged controls if cluster version operator should stop managing the resources in this cluster. Default: false", + "type": "boolean", + "default": false } } }, - "com.github.openshift.api.insights.v1.Storage": { - "description": "Storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", - "type": "object", - "required": [ - "type" - ], - "properties": { - "persistentVolume": { - "description": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1.PersistentVolumeConfig" - }, - "type": { - "description": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the PersistentVolume field.", - "type": "string" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "persistentVolume": "PersistentVolume" - } - } - ] - }, - "com.github.openshift.api.insights.v1alpha1.DataGather": { - "description": "DataGather provides data gather configuration options and status for the particular Insights data gathering.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.ComponentRouteSpec": { + "description": "ComponentRouteSpec allows for configuration of a route's hostname and serving certificate.", "type": "object", "required": [ - "spec" + "namespace", + "name", + "hostname" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.DataGatherSpec" - }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.DataGatherStatus" - } - } - }, - "com.github.openshift.api.insights.v1alpha1.DataGatherList": { - "description": "DataGatherList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items contains a list of DataGather resources.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.DataGather" - }, - "x-kubernetes-list-type": "atomic" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.insights.v1alpha1.DataGatherSpec": { - "description": "DataGatherSpec contains the configuration for the DataGather.", - "type": "object", - "properties": { - "dataPolicy": { - "description": "dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. Valid values are \"ClearText\" and \"ObfuscateNetworking\". When set to ClearText the data is not obfuscated. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is ClearText.", + "hostname": { + "description": "hostname is the hostname that should be used by the route.", + "type": "string", + "default": "" + }, + "name": { + "description": "name is the logical name of the route to customize.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized.", "type": "string", "default": "" }, - "gatherers": { - "description": "gatherers is an optional list of gatherers configurations. The list must not exceed 100 items. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.GathererConfig" - } + "namespace": { + "description": "namespace is the namespace of the route to customize.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of status.componentRoutes if the route is to be customized.", + "type": "string", + "default": "" }, - "storage": { - "description": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.Storage" + "servingCertKeyPairSecret": { + "description": "servingCertKeyPairSecret is a reference to a secret of type `kubernetes.io/tls` in the openshift-config namespace. The serving cert/key pair must match and will be used by the operator to fulfill the intent of serving with this name. If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" } } }, - "com.github.openshift.api.insights.v1alpha1.DataGatherStatus": { - "description": "DataGatherStatus contains information relating to the DataGather state.", + "com.github.openshift.api.config.v1.ComponentRouteStatus": { + "description": "ComponentRouteStatus contains information allowing configuration of a route's hostname and serving certificate.", "type": "object", + "required": [ + "namespace", + "name", + "defaultHostname", + "relatedObjects" + ], "properties": { "conditions": { - "description": "conditions provide details on the status of the gatherer job.", + "description": "conditions are used to communicate the state of the componentRoutes entry.\n\nSupported conditions include Available, Degraded and Progressing.\n\nIf available is true, the content served by the route can be accessed by users. This includes cases where a default may continue to serve content while the customized route specified by the cluster-admin is being configured.\n\nIf Degraded is true, that means something has gone wrong trying to handle the componentRoutes entry. The currentHostnames field may or may not be in effect.\n\nIf Progressing is true, that means the component is taking some action related to the componentRoutes entry.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" }, "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, - "dataGatherState": { - "description": "dataGatherState reflects the current state of the data gathering process.", - "type": "string" - }, - "finishTime": { - "description": "finishTime is the time when Insights data gathering finished.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "gatherers": { - "description": "gatherers is a list of active gatherers (and their statuses) in the last gathering.", + "consumingUsers": { + "description": "consumingUsers is a slice of ServiceAccounts that need to have read permission on the servingCertKeyPairSecret secret.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.GathererStatus" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "insightsReport": { - "description": "insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet or the corresponding Insights analysis (identified by \"insightsRequestID\") is not available.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.InsightsReport" - }, - "insightsRequestID": { - "description": "insightsRequestID is an Insights request ID to track the status of the Insights analysis (in console.redhat.com processing pipeline) for the corresponding Insights data archive.", - "type": "string" + "type": "string", + "default": "" + } }, - "relatedObjects": { - "description": "relatedObjects is a list of resources which are useful when debugging or inspecting the data gathering Pod", + "currentHostnames": { + "description": "currentHostnames is the list of current names used by the route. Typically, this list should consist of a single hostname, but if multiple hostnames are supported by the route the operator may write multiple entries to this list.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.ObjectReference" + "type": "string", + "default": "" } }, - "startTime": { - "description": "startTime is the time when Insights data gathering started.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - } - } - }, - "com.github.openshift.api.insights.v1alpha1.GathererConfig": { - "description": "gathererConfig allows to configure specific gatherers", - "type": "object", - "required": [ - "name" - ], - "properties": { + "defaultHostname": { + "description": "defaultHostname is the hostname of this route prior to customization.", + "type": "string", + "default": "" + }, "name": { - "description": "name is the required name of specific gatherer It must be at most 256 characters in length. The format for the gatherer name should be: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md.", + "description": "name is the logical name of the route to customize. It does not have to be the actual name of a route resource but it cannot be renamed.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized.", "type": "string", "default": "" }, - "state": { - "description": "state allows you to configure specific gatherer. Valid values are \"Enabled\", \"Disabled\" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default. The current default is Enabled.", + "namespace": { + "description": "namespace is the namespace of the route to customize. It must be a real namespace. Using an actual namespace ensures that no two components will conflict and the same component can be installed multiple times.\n\nThe namespace and name of this componentRoute must match a corresponding entry in the list of spec.componentRoutes if the route is to be customized.", "type": "string", "default": "" + }, + "relatedObjects": { + "description": "relatedObjects is a list of resources which are useful when debugging or inspecting how spec.componentRoutes is applied.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ObjectReference" + } } } }, - "com.github.openshift.api.insights.v1alpha1.GathererStatus": { - "description": "gathererStatus represents information about a particular data gatherer.", + "com.github.openshift.api.config.v1.ConditionalUpdate": { + "description": "ConditionalUpdate represents an update which is recommended to some clusters on the version the current cluster is reconciling, but which may not be recommended for the current cluster.", "type": "object", "required": [ - "conditions", - "name", - "lastGatherDuration" + "release", + "risks" ], "properties": { "conditions": { - "description": "conditions provide details on the status of each gatherer.", + "description": "conditions represents the observations of the conditional update's current status. Known types are: * Recommended, for whether the update is recommended for the current cluster.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" }, "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, - "lastGatherDuration": { - "description": "lastGatherDuration represents the time spent gathering.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + "release": { + "description": "release is the target of the update.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.Release" }, - "name": { - "description": "name is the name of the gatherer.", - "type": "string", - "default": "" + "riskNames": { + "description": "riskNames represents the set of the names of conditionalUpdateRisks that are relevant to this update for some clusters. The Applies condition of each conditionalUpdateRisks entry declares if that risk applies to this cluster. A conditional update is accepted only if each of its risks either does not apply to the cluster or is considered acceptable by the cluster administrator. The latter means that the risk names are included in value of the spec.desiredUpdate.acceptRisks field. Entries must be unique and must not exceed 256 characters. riskNames must not contain more than 500 entries.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" + }, + "risks": { + "description": "risks represents the range of issues associated with updating to the target release. The cluster-version operator will evaluate all entries, and only recommend the update if there is at least one entry and all entries recommend the update.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConditionalUpdateRisk" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" } } }, - "com.github.openshift.api.insights.v1alpha1.HealthCheck": { - "description": "healthCheck represents an Insights health check attributes.", + "com.github.openshift.api.config.v1.ConditionalUpdateRisk": { + "description": "ConditionalUpdateRisk represents a reason and cluster-state for not recommending a conditional update.", "type": "object", "required": [ - "description", - "totalRisk", - "advisorURI", - "state" + "url", + "name", + "message", + "matchingRules" ], "properties": { - "advisorURI": { - "description": "advisorURI is required field that provides the URL link to the Insights Advisor. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", - "type": "string", - "default": "" - }, - "description": { - "description": "description provides basic description of the healtcheck.", - "type": "string", - "default": "" - }, - "state": { - "description": "state determines what the current state of the health check is. Health check is enabled by default and can be disabled by the user in the Insights advisor user interface.", - "type": "string", - "default": "" - }, - "totalRisk": { - "description": "totalRisk of the healthcheck. Indicator of the total risk posed by the detected issue; combination of impact and likelihood. The values can be from 1 to 4, and the higher the number, the more important the issue.", - "type": "integer", - "format": "int32", - "default": 0 - } - } - }, - "com.github.openshift.api.insights.v1alpha1.InsightsReport": { - "description": "insightsReport provides Insights health check report based on the most recently sent Insights data.", - "type": "object", - "properties": { - "downloadedAt": { - "description": "downloadedAt is the time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled).", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "conditions": { + "description": "conditions represents the observations of the conditional update risk's current status. Known types are: * Applies, for whether the risk applies to the current cluster. The condition's types in the list must be unique. conditions must not contain more than one entry.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "healthChecks": { - "description": "healthChecks provides basic information about active Insights health checks in a cluster.", + "matchingRules": { + "description": "matchingRules is a slice of conditions for deciding which clusters match the risk and which do not. The slice is ordered by decreasing precedence. The cluster-version operator will walk the slice in order, and stop after the first it can successfully evaluate. If no condition can be successfully evaluated, the update will not be recommended.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.HealthCheck" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterCondition" }, "x-kubernetes-list-type": "atomic" }, - "uri": { - "description": "uri is optional field that provides the URL link from which the report was downloaded. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", - "type": "string" - } - } - }, - "com.github.openshift.api.insights.v1alpha1.ObjectReference": { - "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", - "type": "object", - "required": [ - "group", - "resource", - "name" - ], - "properties": { - "group": { - "description": "group is the API Group of the Resource. Enter empty string for the core group. This value is empty or should follow the DNS1123 subdomain format and it must be at most 253 characters in length. Example: \"\", \"apps\", \"build.openshift.io\", etc.", + "message": { + "description": "message provides additional information about the risk of updating, in the event that matchingRules match the cluster state. This is only to be consumed by humans. It may contain Line Feed characters (U+000A), which should be rendered as new lines.", "type": "string", "default": "" }, "name": { - "description": "name of the referent that follows the DNS1123 subdomain format. It must be at most 256 characters in length.", + "description": "name is the CamelCase reason for not recommending a conditional update, in the event that matchingRules match the cluster state.", "type": "string", "default": "" }, - "namespace": { - "description": "namespace of the referent that follows the DNS1123 subdomain format. It must be at most 253 characters in length.", - "type": "string" - }, - "resource": { - "description": "resource is required field of the type that is being referenced. It is normally the plural form of the resource kind in lowercase. This value should consist of only lowercase alphanumeric characters and hyphens. Example: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", + "url": { + "description": "url contains information about this risk.", "type": "string", "default": "" } } }, - "com.github.openshift.api.insights.v1alpha1.PersistentVolumeClaimReference": { - "description": "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", + "com.github.openshift.api.config.v1.ConfigMapFileReference": { + "description": "ConfigMapFileReference references a config map in a specific namespace. The namespace must be specified at the point of use.", "type": "object", "required": [ "name" ], "properties": { + "key": { + "description": "key allows pointing to a specific key/value inside of the configmap. This is useful for logical file references.", + "type": "string" + }, "name": { - "description": "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", "type": "string", "default": "" } } }, - "com.github.openshift.api.insights.v1alpha1.PersistentVolumeConfig": { - "description": "persistentVolumeConfig provides configuration options for PersistentVolume storage.", - "type": "object", - "required": [ - "claim" - ], - "properties": { - "claim": { - "description": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.PersistentVolumeClaimReference" - }, - "mountPath": { - "description": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", - "type": "string" - } - } - }, - "com.github.openshift.api.insights.v1alpha1.Storage": { - "description": "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", + "com.github.openshift.api.config.v1.ConfigMapNameReference": { + "description": "ConfigMapNameReference references a config map in a specific namespace. The namespace must be specified at the point of use.", "type": "object", "required": [ - "type" + "name" ], "properties": { - "persistentVolume": { - "description": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.PersistentVolumeConfig" - }, - "type": { - "description": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the PersistentVolume field.", + "name": { + "description": "name is the metadata.name of the referenced config map", "type": "string", "default": "" } } }, - "com.github.openshift.api.insights.v1alpha2.Custom": { - "description": "custom provides the custom configuration of gatherers", - "type": "object", - "required": [ - "configs" - ], - "properties": { - "configs": { - "description": "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.GathererConfig" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - } - }, - "com.github.openshift.api.insights.v1alpha2.DataGather": { - "description": "DataGather provides data gather configuration options and status for the particular Insights data gathering.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.Console": { + "description": "Console holds cluster-wide configuration for the web console, including the logout URL, and reports the public URL of the console. The canonical name is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "spec" @@ -17621,36 +17753,48 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.DataGatherSpec" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConsoleSpec" }, "status": { "description": "status holds observed values from the cluster. They may not be overridden.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.DataGatherStatus" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConsoleStatus" } } }, - "com.github.openshift.api.insights.v1alpha2.DataGatherList": { - "description": "DataGatherList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.ConsoleAuthentication": { + "description": "ConsoleAuthentication defines a list of optional configuration for console authentication.", + "type": "object", + "properties": { + "logoutRedirect": { + "description": "An optional, absolute URL to redirect web browsers to after logging out of the console. If not specified, it will redirect to the default login page. This is required when using an identity provider that supports single sign-on (SSO) such as: - OpenID (Keycloak, Azure) - RequestHeader (GSSAPI, SSPI, SAML) - OAuth (GitHub, GitLab, Google) Logging out of the console will destroy the user's token. The logoutRedirect provides the user the option to perform single logout (SLO) through the identity provider to destroy their single sign-on session.", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1.ConsoleList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "items": { - "description": "items contains a list of DataGather resources.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.DataGather" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.config.v1.Console" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", @@ -17659,3016 +17803,2595 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.insights.v1alpha2.DataGatherSpec": { - "description": "DataGatherSpec contains the configuration for the DataGather.", + "com.github.openshift.api.config.v1.ConsoleSpec": { + "description": "ConsoleSpec is the specification of the desired behavior of the Console.", "type": "object", "properties": { - "dataPolicy": { - "description": "dataPolicy is an optional list of DataPolicyOptions that allows user to enable additional obfuscation of the Insights archive data. It may not exceed 2 items and must not contain duplicates. Valid values are ObfuscateNetworking and WorkloadNames. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When set to WorkloadNames, the gathered data about cluster resources will not contain the workload names for your deployments. Resources UIDs will be used instead. When omitted no obfuscation is applied.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "gatherers": { - "description": "gatherers is an optional field that specifies the configuration of the gatherers. If omitted, all gatherers will be run.", - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.Gatherers" - }, - "storage": { - "description": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.Storage" + "authentication": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConsoleAuthentication" } } }, - "com.github.openshift.api.insights.v1alpha2.DataGatherStatus": { - "description": "DataGatherStatus contains information relating to the DataGather state.", + "com.github.openshift.api.config.v1.ConsoleStatus": { + "description": "ConsoleStatus defines the observed status of the Console.", "type": "object", "properties": { - "conditions": { - "description": "conditions is an optional field that provides details on the status of the gatherer job. It may not exceed 100 items and must not contain duplicates.\n\nThe current condition types are DataUploaded, DataRecorded, DataProcessed, RemoteConfigurationNotAvailable, RemoteConfigurationInvalid\n\nThe DataUploaded condition is used to represent whether or not the archive was successfully uploaded for further processing. When it has a status of True and a reason of Succeeded, the archive was successfully uploaded. When it has a status of Unknown and a reason of NoUploadYet, the upload has not occurred, or there was no data to upload. When it has a status of False and a reason Failed, the upload failed. The accompanying message will include the specific error encountered.\n\nThe DataRecorded condition is used to represent whether or not the archive was successfully recorded. When it has a status of True and a reason of Succeeded, the archive was recorded successfully. When it has a status of Unknown and a reason of NoDataGatheringYet, the data gathering process has not started yet. When it has a status of False and a reason of RecordingFailed, the recording failed and a message will include the specific error encountered.\n\nThe DataProcessed condition is used to represent whether or not the archive was processed by the processing service. When it has a status of True and a reason of Processed, the data was processed successfully. When it has a status of Unknown and a reason of NothingToProcessYet, there is no data to process at the moment. When it has a status of False and a reason of Failure, processing failed and a message will include the specific error encountered.\n\nThe RemoteConfigurationAvailable condition is used to represent whether the remote configuration is available. When it has a status of Unknown and a reason of Unknown or RemoteConfigNotRequestedYet, the state of the remote configuration is unknown—typically at startup. When it has a status of True and a reason of Succeeded, the configuration is available. When it has a status of False and a reason of NoToken, the configuration was disabled by removing the cloud.openshift.com field from the pull secret. When it has a status of False and a reason of DisabledByConfiguration, the configuration was disabled in insightsdatagather.config.openshift.io.\n\nThe RemoteConfigurationValid condition is used to represent whether the remote configuration is valid. When it has a status of Unknown and a reason of Unknown or NoValidationYet, the validity of the remote configuration is unknown—typically at startup. When it has a status of True and a reason of Succeeded, the configuration is valid. When it has a status of False and a reason of Invalid, the configuration is invalid.\n\nThe Progressing condition is used to represent the phase of gathering When it has a status of False and the reason is DataGatherPending, the gathering has not started yet. When it has a status of True and reason is Gathering, the gathering is running. When it has a status of False and reason is GatheringSucceeded, the gathering succesfully finished. When it has a status of False and reason is GatheringFailed, the gathering failed.", + "consoleURL": { + "description": "The URL for the console. This will be derived from the host for the route that is created for the console.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.Custom": { + "description": "Custom provides the custom configuration of gatherers", + "type": "object", + "required": [ + "configs" + ], + "properties": { + "configs": { + "description": "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "$ref": "#/definitions/com.github.openshift.api.config.v1.GathererConfig" }, "x-kubernetes-list-map-keys": [ - "type" + "name" ], "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.config.v1.CustomFeatureGates": { + "type": "object", + "properties": { + "disabled": { + "description": "disabled is a list of all feature gates that you want to force off", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "finishTime": { - "description": "finishTime is the time when Insights data gathering finished.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "gatherers": { - "description": "gatherers is a list of active gatherers (and their statuses) in the last gathering.", + "enabled": { + "description": "enabled is a list of all feature gates that you want to force on", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.GathererStatus" + "type": "string", + "default": "" + } + } + } + }, + "com.github.openshift.api.config.v1.CustomTLSProfile": { + "description": "CustomTLSProfile is a user-defined TLS security profile. Be extremely careful using a custom TLS profile as invalid configurations can be catastrophic.", + "type": "object", + "required": [ + "ciphers", + "minTLSVersion" + ], + "properties": { + "ciphers": { + "description": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries that their operands do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml):\n\n ciphers:\n - ECDHE-RSA-AES128-GCM-SHA256\n\nTLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable and are always enabled when TLS 1.3 is negotiated.", + "type": "array", + "items": { + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "insightsReport": { - "description": "insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet or the corresponding Insights analysis (identified by \"insightsRequestID\") is not available.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.InsightsReport" - }, - "insightsRequestID": { - "description": "insightsRequestID is an optional Insights request ID to track the status of the Insights analysis (in console.redhat.com processing pipeline) for the corresponding Insights data archive. It may not exceed 256 characters and is immutable once set.", - "type": "string" + "x-kubernetes-list-type": "atomic" }, - "relatedObjects": { - "description": "relatedObjects is an optional list of resources which are useful when debugging or inspecting the data gathering Pod It may not exceed 100 items and must not contain duplicates.", + "groups": { + "description": "groups is an optional field used to specify the supported groups (formerly known as elliptic curves) that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one and at most 5 groups, and each group must be unique.\n\nFor example, to use X25519 and secp256r1 (yaml):\n\n groups:\n - X25519\n - secp256r1", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.ObjectReference" + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "name", - "namespace" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "set" }, - "startTime": { - "description": "startTime is the time when Insights data gathering started.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "minTLSVersion": { + "description": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.insights.v1alpha2.GathererConfig": { - "description": "gathererConfig allows to configure specific gatherers", + "com.github.openshift.api.config.v1.DNS": { + "description": "DNS holds cluster-wide information about DNS. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "name", - "state" + "spec" ], "properties": { - "name": { - "description": "name is the required name of a specific gatherer It may not exceed 256 characters. The format for a gatherer name is: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "state": { - "description": "state is a required field that allows you to configure specific gatherer. Valid values are \"Enabled\" and \"Disabled\". When set to Enabled the gatherer will run. When set to Disabled the gatherer will not run.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.DNSSpec" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.DNSStatus" } } }, - "com.github.openshift.api.insights.v1alpha2.GathererStatus": { - "description": "gathererStatus represents information about a particular data gatherer.", + "com.github.openshift.api.config.v1.DNSList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "name", - "lastGatherSeconds" + "metadata", + "items" ], "properties": { - "conditions": { - "description": "conditions provide details on the status of each gatherer.\n\nThe current condition type is DataGathered\n\nThe DataGathered condition is used to represent whether or not the data was gathered by a gatherer specified by name. When it has a status of True and a reason of GatheredOK, the data has been successfully gathered as expected. When it has a status of False and a reason of NoData, no data was gathered—for example, when the resource is not present in the cluster. When it has a status of False and a reason of GatherError, an error occurred and no data was gathered. When it has a status of False and a reason of GatherPanic, a panic occurred during gathering and no data was collected. When it has a status of False and a reason of GatherWithErrorReason, data was partially gathered or gathered with an error message.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/com.github.openshift.api.config.v1.DNS" + } }, - "lastGatherSeconds": { - "description": "lastGatherSeconds is required field that represents the time spent gathering in seconds", - "type": "integer", - "format": "int32", - "default": 0 + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "name": { - "description": "name is the required name of the gatherer. It must contain at least 5 characters and may not exceed 256 characters.", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.insights.v1alpha2.Gatherers": { - "description": "Gathereres specifies the configuration of the gatherers", + "com.github.openshift.api.config.v1.DNSPlatformSpec": { + "description": "DNSPlatformSpec holds cloud-provider-specific configuration for DNS administration.", "type": "object", "required": [ - "mode" + "type" ], "properties": { - "custom": { - "description": "custom provides gathering configuration. It is required when mode is Custom, and forbidden otherwise. Custom configuration allows user to disable only a subset of gatherers. Gatherers that are not explicitly disabled in custom configuration will run.", - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.Custom" + "aws": { + "description": "aws contains DNS configuration specific to the Amazon Web Services cloud provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSDNSSpec" }, - "mode": { - "description": "mode is a required field that specifies the mode for gatherers. Allowed values are All and Custom. When set to All, all gatherers wil run and gather data. When set to Custom, the custom configuration from the custom field will be applied.", + "type": { + "description": "type is the underlying infrastructure provider for the cluster. Allowed values: \"\", \"AWS\".\n\nIndividual components may not support all platforms, and must handle unrecognized platforms with best-effort defaults.", "type": "string", "default": "" } }, "x-kubernetes-unions": [ { - "discriminator": "mode", + "discriminator": "type", "fields-to-discriminateBy": { - "custom": "Custom" + "aws": "AWS" } } ] }, - "com.github.openshift.api.insights.v1alpha2.HealthCheck": { - "description": "healthCheck represents an Insights health check attributes.", + "com.github.openshift.api.config.v1.DNSSpec": { "type": "object", "required": [ - "description", - "totalRisk", - "advisorURI" + "baseDomain" ], "properties": { - "advisorURI": { - "description": "advisorURI is required field that provides the URL link to the Insights Advisor. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", + "baseDomain": { + "description": "baseDomain is the base domain of the cluster. All managed DNS records will be sub-domains of this base.\n\nFor example, given the base domain `openshift.example.com`, an API server DNS record may be created for `cluster-api.openshift.example.com`.\n\nOnce set, this field cannot be changed.", "type": "string", "default": "" }, - "description": { - "description": "description is required field that provides basic description of the healtcheck. It must contain at least 10 characters and may not exceed 2048 characters.", - "type": "string", - "default": "" + "platform": { + "description": "platform holds configuration specific to the underlying infrastructure provider for DNS. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.DNSPlatformSpec" }, - "totalRisk": { - "description": "totalRisk is the required field of the healthcheck. It is indicator of the total risk posed by the detected issue; combination of impact and likelihood. Allowed values are Low, Medium, Important and Critical. The value represents the severity of the issue.", - "type": "string", - "default": "" + "privateZone": { + "description": "privateZone is the location where all the DNS records that are only available internally to the cluster exist.\n\nIf this field is nil, no private records should be created.\n\nOnce set, this field cannot be changed.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.DNSZone" + }, + "publicZone": { + "description": "publicZone is the location where all the DNS records that are publicly accessible to the internet exist.\n\nIf this field is nil, no public records should be created.\n\nOnce set, this field cannot be changed.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.DNSZone" } } }, - "com.github.openshift.api.insights.v1alpha2.InsightsReport": { - "description": "insightsReport provides Insights health check report based on the most recently sent Insights data.", + "com.github.openshift.api.config.v1.DNSStatus": { + "type": "object" + }, + "com.github.openshift.api.config.v1.DNSZone": { + "description": "DNSZone is used to define a DNS hosted zone. A zone can be identified by an ID or tags.", "type": "object", "properties": { - "downloadedTime": { - "description": "downloadedTime is an optional time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled).", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "healthChecks": { - "description": "healthChecks provides basic information about active Insights health checks in a cluster.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.HealthCheck" - }, - "x-kubernetes-list-map-keys": [ - "advisorURI", - "totalRisk", - "description" - ], - "x-kubernetes-list-type": "map" - }, - "uri": { - "description": "uri is optional field that provides the URL link from which the report was downloaded. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", + "id": { + "description": "id is the identifier that can be used to find the DNS hosted zone.\n\non AWS zone can be fetched using `ID` as id in [1] on Azure zone can be fetched using `ID` as a pre-determined name in [2], on GCP zone can be fetched using `ID` as a pre-determined name in [3].\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get", "type": "string" + }, + "tags": { + "description": "tags can be used to query the DNS hosted zone.\n\non AWS, resourcegroupstaggingapi [1] can be used to fetch a zone using `Tags` as tag-filters,\n\n[1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.insights.v1alpha2.ObjectReference": { - "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "com.github.openshift.api.config.v1.DelegatedAuthentication": { + "description": "DelegatedAuthentication allows authentication to be disabled.", "type": "object", - "required": [ - "group", - "resource", - "name", - "namespace" - ], "properties": { - "group": { - "description": "group is required field that specifies the API Group of the Resource. Enter empty string for the core group. This value is empty or it should follow the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start with an alphabetic character and end with an alphanumeric character. Example: \"\", \"apps\", \"build.openshift.io\", etc.", - "type": "string", - "default": "" - }, - "name": { - "description": "name is required field that specifies the referent that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start with an alphabetic character and end with an alphanumeric character..", - "type": "string", - "default": "" - }, - "namespace": { - "description": "namespace if required field of the referent that follows the DNS1123 labels format. It must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character.", - "type": "string", - "default": "" - }, - "resource": { - "description": "resource is required field of the type that is being referenced and follows the DNS1035 format. It is normally the plural form of the resource kind in lowercase. It must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character. Example: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", - "type": "string", - "default": "" + "disabled": { + "description": "disabled indicates that authentication should be disabled. By default it will use delegated authentication.", + "type": "boolean" } } }, - "com.github.openshift.api.insights.v1alpha2.PersistentVolumeClaimReference": { - "description": "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", + "com.github.openshift.api.config.v1.DelegatedAuthorization": { + "description": "DelegatedAuthorization allows authorization to be disabled.", "type": "object", - "required": [ - "name" - ], "properties": { - "name": { - "description": "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", - "type": "string", - "default": "" + "disabled": { + "description": "disabled indicates that authorization should be disabled. By default it will use delegated authorization.", + "type": "boolean" } } }, - "com.github.openshift.api.insights.v1alpha2.PersistentVolumeConfig": { - "description": "persistentVolumeConfig provides configuration options for PersistentVolume storage.", + "com.github.openshift.api.config.v1.DeprecatedWebhookTokenAuthenticator": { + "description": "deprecatedWebhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator. It's the same as WebhookTokenAuthenticator but it's missing the 'required' validation on KubeConfig field.", "type": "object", "required": [ - "claim" + "kubeConfig" ], "properties": { - "claim": { - "description": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", + "kubeConfig": { + "description": "kubeConfig contains kube config file data which describes how to access the remote webhook service. For further details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication The key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored. The namespace for this secret is determined by the point of use.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.PersistentVolumeClaimReference" + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + } + } + }, + "com.github.openshift.api.config.v1.EquinixMetalPlatformSpec": { + "description": "EquinixMetalPlatformSpec holds the desired state of the Equinix Metal infrastructure provider. This only includes fields that can be modified in the cluster.", + "type": "object" + }, + "com.github.openshift.api.config.v1.EquinixMetalPlatformStatus": { + "description": "EquinixMetalPlatformStatus holds the current status of the Equinix Metal infrastructure provider.", + "type": "object", + "properties": { + "apiServerInternalIP": { + "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", + "type": "string" }, - "mountPath": { - "description": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", + "ingressIP": { + "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.", "type": "string" } } }, - "com.github.openshift.api.insights.v1alpha2.Storage": { - "description": "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", + "com.github.openshift.api.config.v1.EtcdConnectionInfo": { + "description": "EtcdConnectionInfo holds information necessary for connecting to an etcd server", "type": "object", "required": [ - "type" + "ca", + "certFile", + "keyFile" ], "properties": { - "persistentVolume": { - "description": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", - "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.PersistentVolumeConfig" + "ca": { + "description": "ca is a file containing trusted roots for the etcd server certificates", + "type": "string", + "default": "" }, - "type": { - "description": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the PersistentVolume field.", + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", "type": "string", "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "persistentVolume": "PersistentVolume" + }, + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" + }, + "urls": { + "description": "urls are the URLs for etcd", + "type": "array", + "items": { + "type": "string", + "default": "" } } - ] - }, - "com.github.openshift.api.kubecontrolplane.v1.AggregatorConfig": { - "description": "AggregatorConfig holds information required to make the aggregator function.", - "type": "object", - "required": [ - "proxyClientInfo" - ], - "properties": { - "proxyClientInfo": { - "description": "proxyClientInfo specifies the client cert/key to use when proxying to aggregated API servers", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.CertInfo" - } } }, - "com.github.openshift.api.kubecontrolplane.v1.KubeAPIServerConfig": { - "description": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.EtcdStorageConfig": { "type": "object", "required": [ - "servingInfo", - "corsAllowedOrigins", - "auditConfig", - "storageConfig", - "admission", - "kubeClientConfig", - "authConfig", - "aggregatorConfig", - "kubeletClientInfo", - "servicesSubnet", - "servicesNodePortRange", - "consolePublicURL", - "userAgentMatchingConfig", - "imagePolicyConfig", - "projectConfig", - "serviceAccountPublicKeyFiles", - "oauthConfig", - "apiServerArguments" + "ca", + "certFile", + "keyFile", + "storagePrefix" ], "properties": { - "admission": { - "description": "admissionConfig holds information about how to configure admission.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AdmissionConfig" - }, - "aggregatorConfig": { - "description": "aggregatorConfig has options for configuring the aggregator component of the API server.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.AggregatorConfig" - }, - "apiServerArguments": { - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string", - "default": "" - } - } - }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "ca": { + "description": "ca is a file containing trusted roots for the etcd server certificates", + "type": "string", + "default": "" }, - "auditConfig": { - "description": "auditConfig describes how to configure audit information", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AuditConfig" + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", + "type": "string", + "default": "" }, - "authConfig": { - "description": "authConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.MasterAuthConfig" + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" }, - "consolePublicURL": { - "description": "DEPRECATED: consolePublicURL has been deprecated and setting it has no effect.", + "storagePrefix": { + "description": "storagePrefix is the path within etcd that the OpenShift resources will be rooted under. This value, if changed, will mean existing objects in etcd will no longer be located.", "type": "string", "default": "" }, - "corsAllowedOrigins": { - "description": "corsAllowedOrigins", + "urls": { + "description": "urls are the URLs for etcd", "type": "array", "items": { "type": "string", "default": "" } - }, - "imagePolicyConfig": { - "description": "imagePolicyConfig feeds the image policy admission plugin", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.KubeAPIServerImagePolicyConfig" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "kubeClientConfig": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.KubeClientConfig" - }, - "kubeletClientInfo": { - "description": "kubeletClientInfo contains information about how to connect to kubelets", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.KubeletConnectionInfo" - }, - "minimumKubeletVersion": { - "description": "minimumKubeletVersion is the lowest version of a kubelet that can join the cluster. Specifically, the apiserver will deny most authorization requests of kubelets that are older than the specified version, only allowing the kubelet to get and update its node object, and perform subjectaccessreviews. This means any kubelet that attempts to join the cluster will not be able to run any assigned workloads, and will eventually be marked as not ready. Its max length is 8, so maximum version allowed is either \"9.999.99\" or \"99.99.99\". Since the kubelet reports the version of the kubernetes release, not Openshift, this field references the underlying kubernetes version this version of Openshift is based off of. In other words: if an admin wishes to ensure no nodes run an older version than Openshift 4.17, then they should set the minimumKubeletVersion to 1.30.0. When comparing versions, the kubelet's version is stripped of any contents outside of major.minor.patch version. Thus, a kubelet with version \"1.0.0-ec.0\" will be compatible with minimumKubeletVersion \"1.0.0\" or earlier.", - "type": "string", - "default": "" - }, - "oauthConfig": { - "description": "oauthConfig, if present start the /oauth endpoint in this process", - "$ref": "#/definitions/com.github.openshift.api.osin.v1.OAuthConfig" - }, - "projectConfig": { - "description": "projectConfig feeds an admission plugin", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.KubeAPIServerProjectConfig" - }, - "serviceAccountPublicKeyFiles": { - "description": "serviceAccountPublicKeyFiles is a list of files, each containing a PEM-encoded public RSA key. (If any file contains a private key, the public portion of the key is used) The list of public keys is used to verify presented service account tokens. Each key is tried in order until the list is exhausted or verification succeeds. If no keys are specified, no service account authentication will be available.", + } + } + }, + "com.github.openshift.api.config.v1.ExternalIPConfig": { + "description": "ExternalIPConfig specifies some IP blocks relevant for the ExternalIP field of a Service resource.", + "type": "object", + "properties": { + "autoAssignCIDRs": { + "description": "autoAssignCIDRs is a list of CIDRs from which to automatically assign Service.ExternalIP. These are assigned when the service is of type LoadBalancer. In general, this is only useful for bare-metal clusters. In Openshift 3.x, this was misleadingly called \"IngressIPs\". Automatically assigned External IPs are not affected by any ExternalIPPolicy rules. Currently, only one entry may be provided.", "type": "array", "items": { "type": "string", "default": "" - } - }, - "servicesNodePortRange": { - "description": "servicesNodePortRange is the range to use for assigning service public ports on a host.", - "type": "string", - "default": "" - }, - "servicesSubnet": { - "description": "servicesSubnet is the subnet to use for assigning service IPs", - "type": "string", - "default": "" - }, - "servingInfo": { - "description": "servingInfo describes how to start serving", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" - }, - "storageConfig": { - "description": "storageConfig contains information about how to use", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.EtcdStorageConfig" + }, + "x-kubernetes-list-type": "atomic" }, - "userAgentMatchingConfig": { - "description": "userAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.UserAgentMatchingConfig" + "policy": { + "description": "policy is a set of restrictions applied to the ExternalIP field. If nil or empty, then ExternalIP is not allowed to be set.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.ExternalIPPolicy" } } }, - "com.github.openshift.api.kubecontrolplane.v1.KubeAPIServerImagePolicyConfig": { + "com.github.openshift.api.config.v1.ExternalIPPolicy": { + "description": "ExternalIPPolicy configures exactly which IPs are allowed for the ExternalIP field in a Service. If the zero struct is supplied, then none are permitted. The policy controller always allows automatically assigned external IPs.", "type": "object", - "required": [ - "internalRegistryHostname", - "externalRegistryHostnames" - ], "properties": { - "externalRegistryHostnames": { - "description": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", + "allowedCIDRs": { + "description": "allowedCIDRs is the list of allowed CIDRs.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" }, - "internalRegistryHostname": { - "description": "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format.", + "rejectedCIDRs": { + "description": "rejectedCIDRs is the list of disallowed CIDRs. These take precedence over allowedCIDRs.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "com.github.openshift.api.config.v1.ExternalPlatformSpec": { + "description": "ExternalPlatformSpec holds the desired state for the generic External infrastructure provider.", + "type": "object", + "properties": { + "platformName": { + "description": "platformName holds the arbitrary string representing the infrastructure provider name, expected to be set at the installation time. This field is solely for informational and reporting purposes and is not expected to be used for decision-making.", "type": "string", - "default": "" + "default": "Unknown" } } }, - "com.github.openshift.api.kubecontrolplane.v1.KubeAPIServerProjectConfig": { + "com.github.openshift.api.config.v1.ExternalPlatformStatus": { + "description": "ExternalPlatformStatus holds the current status of the generic External infrastructure provider.", + "type": "object", + "properties": { + "cloudControllerManager": { + "description": "cloudControllerManager contains settings specific to the external Cloud Controller Manager (a.k.a. CCM or CPI). When omitted, new nodes will be not tainted and no extra initialization from the cloud controller manager is expected.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.CloudControllerManagerStatus" + } + } + }, + "com.github.openshift.api.config.v1.ExtraMapping": { + "description": "ExtraMapping allows specifying a key and CEL expression to evaluate the keys' value. It is used to create additional mappings and attributes added to a cluster identity from a provided authentication token.", "type": "object", "required": [ - "defaultNodeSelector" + "key", + "valueExpression" ], "properties": { - "defaultNodeSelector": { - "description": "defaultNodeSelector holds default project node label selector", + "key": { + "description": "key is a required field that specifies the string to use as the extra attribute key.\n\nkey must be a domain-prefix path (e.g 'example.org/foo'). key must not exceed 510 characters in length. key must contain the '/' character, separating the domain and path characters. key must not be empty.\n\nThe domain portion of the key (string of characters prior to the '/') must be a valid RFC1123 subdomain. It must not exceed 253 characters in length. It must start and end with an alphanumeric character. It must only contain lower case alphanumeric characters and '-' or '.'. It must not use the reserved domains, or be subdomains of, \"kubernetes.io\", \"k8s.io\", and \"openshift.io\".\n\nThe path portion of the key (string of characters after the '/') must not be empty and must consist of at least one alphanumeric character, percent-encoded octets, '-', '.', '_', '~', '!', '$', '&', ''', '(', ')', '*', '+', ',', ';', '=', and ':'. It must not exceed 256 characters in length.", + "type": "string", + "default": "" + }, + "valueExpression": { + "description": "valueExpression is a required field to specify the CEL expression to extract the extra attribute value from a JWT token's claims. valueExpression must produce a string or string array value. \"\", [], and null are treated as the extra mapping not being present. Empty string values within an array are filtered out.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'. 'claims' is a map of claim names to claim values. For example, the 'sub' claim value can be accessed as 'claims.sub'. Nested claims can be accessed using dot notation ('claims.foo.bar').\n\nvalueExpression must not exceed 1024 characters in length. valueExpression must not be empty.", "type": "string", "default": "" } } }, - "com.github.openshift.api.kubecontrolplane.v1.KubeControllerManagerConfig": { - "description": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.FeatureGate": { + "description": "Feature holds cluster-wide information about feature gates. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "serviceServingCert", - "projectConfig", - "extendedArguments" + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "extendedArguments": { - "description": "extendedArguments is used to configure the kube-controller-manager", - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string", - "default": "" - } - } - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "projectConfig": { - "description": "projectConfig is an optimization for the daemonset controller", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.KubeControllerManagerProjectConfig" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "serviceServingCert": { - "description": "serviceServingCert provides support for the old alpha service serving cert signer CA bundle", + "spec": { + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.ServiceServingCert" - } - } - }, - "com.github.openshift.api.kubecontrolplane.v1.KubeControllerManagerProjectConfig": { - "type": "object", - "required": [ - "defaultNodeSelector" - ], - "properties": { - "defaultNodeSelector": { - "description": "defaultNodeSelector holds default project node label selector", - "type": "string", - "default": "" + "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGateSpec" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGateStatus" } } }, - "com.github.openshift.api.kubecontrolplane.v1.KubeletConnectionInfo": { - "description": "KubeletConnectionInfo holds information necessary for connecting to a kubelet", + "com.github.openshift.api.config.v1.FeatureGateAttributes": { "type": "object", "required": [ - "port", - "ca", - "certFile", - "keyFile" + "name" ], "properties": { - "ca": { - "description": "ca is the CA for verifying TLS connections to kubelets", - "type": "string", - "default": "" - }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" - }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "name": { + "description": "name is the name of the FeatureGate.", "type": "string", "default": "" - }, - "port": { - "description": "port is the port to connect to kubelets on", - "type": "integer", - "format": "int64", - "default": 0 } } }, - "com.github.openshift.api.kubecontrolplane.v1.MasterAuthConfig": { - "description": "MasterAuthConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", + "com.github.openshift.api.config.v1.FeatureGateDetails": { "type": "object", "required": [ - "requestHeader", - "webhookTokenAuthenticators", - "oauthMetadataFile" + "version" ], "properties": { - "oauthMetadataFile": { - "description": "oauthMetadataFile is a path to a file containing the discovery endpoint for OAuth 2.0 Authorization Server Metadata for an external OAuth server. See IETF Draft: // https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This option is mutually exclusive with OAuthConfig", - "type": "string", - "default": "" - }, - "requestHeader": { - "description": "requestHeader holds options for setting up a front proxy against the API. It is optional.", - "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.RequestHeaderAuthenticationOptions" + "disabled": { + "description": "disabled is a list of all feature gates that are disabled in the cluster for the named version.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGateAttributes" + } }, - "webhookTokenAuthenticators": { - "description": "webhookTokenAuthenticators, if present configures remote token reviewers", + "enabled": { + "description": "enabled is a list of all feature gates that are enabled in the cluster for the named version.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.WebhookTokenAuthenticator" + "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGateAttributes" } + }, + "version": { + "description": "version matches the version provided by the ClusterVersion and in the ClusterOperator.Status.Versions field.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.kubecontrolplane.v1.RequestHeaderAuthenticationOptions": { - "description": "RequestHeaderAuthenticationOptions provides options for setting up a front proxy against the entire API instead of against the /oauth endpoint.", + "com.github.openshift.api.config.v1.FeatureGateList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "clientCA", - "clientCommonNames", - "usernameHeaders", - "groupHeaders", - "extraHeaderPrefixes" + "metadata", + "items" ], "properties": { - "clientCA": { - "description": "clientCA is a file with the trusted signer certs. It is required.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "clientCommonNames": { - "description": "clientCommonNames is a required list of common names to require a match from.", + "items": { "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGate" } }, - "extraHeaderPrefixes": { - "description": "extraHeaderPrefixes is the set of request header prefixes to inspect for user extra. X-Remote-Extra- is suggested.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "groupHeaders": { - "description": "groupHeaders is the set of headers to check for group information. All are unioned.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.config.v1.FeatureGateSelection": { + "type": "object", + "properties": { + "customNoUpgrade": { + "description": "customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations your cluster may fail in an unrecoverable way. featureSet must equal \"CustomNoUpgrade\" must be set to use this field.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.CustomFeatureGates" }, - "usernameHeaders": { - "description": "usernameHeaders is the list of headers to check for user information. First hit wins.", - "type": "array", - "items": { - "type": "string", - "default": "" + "featureSet": { + "description": "featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting. Turning on or off features may cause irreversible changes in your cluster which cannot be undone.", + "type": "string" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "featureSet", + "fields-to-discriminateBy": { + "customNoUpgrade": "CustomNoUpgrade" } } - } + ] }, - "com.github.openshift.api.kubecontrolplane.v1.ServiceServingCert": { - "description": "ServiceServingCert holds configuration for service serving cert signer which creates cert/key pairs for pods fulfilling a service to serve with.", + "com.github.openshift.api.config.v1.FeatureGateSpec": { "type": "object", - "required": [ - "certFile" - ], "properties": { - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" + "customNoUpgrade": { + "description": "customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations your cluster may fail in an unrecoverable way. featureSet must equal \"CustomNoUpgrade\" must be set to use this field.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.CustomFeatureGates" + }, + "featureSet": { + "description": "featureSet changes the list of features in the cluster. The default is empty. Be very careful adjusting this setting. Turning on or off features may cause irreversible changes in your cluster which cannot be undone.", + "type": "string" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "featureSet", + "fields-to-discriminateBy": { + "customNoUpgrade": "CustomNoUpgrade" + } + } + ] }, - "com.github.openshift.api.kubecontrolplane.v1.UserAgentDenyRule": { - "description": "UserAgentDenyRule adds a rejection message that can be used to help a user figure out how to get an approved client", + "com.github.openshift.api.config.v1.FeatureGateStatus": { "type": "object", - "required": [ - "regex", - "httpVerbs", - "rejectionMessage" - ], "properties": { - "httpVerbs": { - "description": "httpVerbs specifies which HTTP verbs should be matched. An empty list means \"match all verbs\".", + "conditions": { + "description": "conditions represent the observations of the current state. Known .status.conditions.type are: \"DeterminationDegraded\"", "type": "array", "items": { - "type": "string", - "default": "" - } - }, - "regex": { - "description": "regex is a regex that is checked against the User-Agent. Known variants of oc clients 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f", - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "rejectionMessage": { - "description": "rejectionMessage is the message shown when rejecting a client. If it is not a set, the default message is used.", - "type": "string", - "default": "" + "featureGates": { + "description": "featureGates contains a list of enabled and disabled featureGates that are keyed by payloadVersion. Operators other than the CVO and cluster-config-operator, must read the .status.featureGates, locate the version they are managing, find the enabled/disabled featuregates and make the operand and operator match. The enabled/disabled values for a particular version may change during the life of the cluster as various .spec.featureSet values are selected. Operators may choose to restart their processes to pick up these changes, but remembering past enable/disable lists is beyond the scope of this API and is the responsibility of individual operators. Only featureGates with .version in the ClusterVersion.status will be present in this list.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGateDetails" + }, + "x-kubernetes-list-map-keys": [ + "version" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.kubecontrolplane.v1.UserAgentMatchRule": { - "description": "UserAgentMatchRule describes how to match a given request based on User-Agent and HTTPVerb", + "com.github.openshift.api.config.v1.FeatureGateTests": { "type": "object", "required": [ - "regex", - "httpVerbs" + "featureGate", + "tests" ], "properties": { - "httpVerbs": { - "description": "httpVerbs specifies which HTTP verbs should be matched. An empty list means \"match all verbs\".", + "featureGate": { + "description": "featureGate is the name of the FeatureGate as it appears in The FeatureGate CR instance.", + "type": "string", + "default": "" + }, + "tests": { + "description": "tests contains an item for every TestName", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.TestDetails" } - }, - "regex": { - "description": "regex is a regex that is checked against the User-Agent. Known variants of oc clients 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f", - "type": "string", - "default": "" } } }, - "com.github.openshift.api.kubecontrolplane.v1.UserAgentMatchingConfig": { - "description": "UserAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!", + "com.github.openshift.api.config.v1.GCPPlatformSpec": { + "description": "GCPPlatformSpec holds the desired state of the Google Cloud Platform infrastructure provider. This only includes fields that can be modified in the cluster.", + "type": "object" + }, + "com.github.openshift.api.config.v1.GCPPlatformStatus": { + "description": "GCPPlatformStatus holds the current status of the Google Cloud Platform infrastructure provider.", "type": "object", "required": [ - "requiredClients", - "deniedClients", - "defaultRejectionMessage" + "projectID", + "region" ], "properties": { - "defaultRejectionMessage": { - "description": "defaultRejectionMessage is the message shown when rejecting a client. If it is not a set, a generic message is given.", + "cloudLoadBalancerConfig": { + "description": "cloudLoadBalancerConfig holds configuration related to DNS and cloud load balancers. It allows configuration of in-cluster DNS as an alternative to the platform default DNS implementation. When using the ClusterHosted DNS type, Load Balancer IP addresses must be provided for the API and internal API load balancers as well as the ingress load balancer.", + "default": { + "dnsType": "PlatformDefault" + }, + "$ref": "#/definitions/com.github.openshift.api.config.v1.CloudLoadBalancerConfig" + }, + "projectID": { + "description": "resourceGroupName is the Project ID for new GCP resources created for the cluster.", "type": "string", "default": "" }, - "deniedClients": { - "description": "deniedClients if this list is non-empty, then a User-Agent must not match any of the UserAgentRegexes", + "region": { + "description": "region holds the region for new GCP resources created for the cluster.", + "type": "string", + "default": "" + }, + "resourceLabels": { + "description": "resourceLabels is a list of additional labels to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources for information on labeling GCP resources. GCP supports a maximum of 64 labels per resource. OpenShift reserves 32 labels for internal use, allowing 32 labels for user configuration.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.UserAgentDenyRule" - } + "$ref": "#/definitions/com.github.openshift.api.config.v1.GCPResourceLabel" + }, + "x-kubernetes-list-map-keys": [ + "key" + ], + "x-kubernetes-list-type": "map" }, - "requiredClients": { - "description": "requiredClients if this list is non-empty, then a User-Agent must match one of the UserAgentRegexes to be allowed", + "resourceTags": { + "description": "resourceTags is a list of additional tags to apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.UserAgentMatchRule" - } + "$ref": "#/definitions/com.github.openshift.api.config.v1.GCPResourceTag" + }, + "x-kubernetes-list-map-keys": [ + "key" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.kubecontrolplane.v1.WebhookTokenAuthenticator": { - "description": "WebhookTokenAuthenticators holds the necessary configuation options for external token authenticators", + "com.github.openshift.api.config.v1.GCPResourceLabel": { + "description": "GCPResourceLabel is a label to apply to GCP resources created for the cluster.", "type": "object", "required": [ - "configFile", - "cacheTTL" + "key", + "value" ], "properties": { - "cacheTTL": { - "description": "cacheTTL indicates how long an authentication result should be cached. It takes a valid time duration string (e.g. \"5m\"). If empty, you get a default timeout of 2 minutes. If zero (e.g. \"0m\"), caching is disabled", + "key": { + "description": "key is the key part of the label. A label key can have a maximum of 63 characters and cannot be empty. Label key must begin with a lowercase letter, and must contain only lowercase letters, numeric characters, and the following special characters `_-`. Label key must not have the reserved prefixes `kubernetes-io` and `openshift-io`.", "type": "string", "default": "" }, - "configFile": { - "description": "configFile is a path to a Kubeconfig file with the webhook configuration", + "value": { + "description": "value is the value part of the label. A label value can have a maximum of 63 characters and cannot be empty. Value must contain only lowercase letters, numeric characters, and the following special characters `_-`.", "type": "string", "default": "" } } }, - "com.github.openshift.api.legacyconfig.v1.ActiveDirectoryConfig": { - "description": "ActiveDirectoryConfig holds the necessary configuration options to define how an LDAP group sync interacts with an LDAP server using the Active Directory schema", + "com.github.openshift.api.config.v1.GCPResourceTag": { + "description": "GCPResourceTag is a tag to apply to GCP resources created for the cluster.", "type": "object", "required": [ - "usersQuery", - "userNameAttributes", - "groupMembershipAttributes" + "parentID", + "key", + "value" ], "properties": { - "groupMembershipAttributes": { - "description": "groupMembershipAttributes defines which attributes on an LDAP user entry will be interpreted as the groups it is a member of", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "key": { + "description": "key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`.", + "type": "string", + "default": "" }, - "userNameAttributes": { - "description": "userNameAttributes defines which attributes on an LDAP user entry will be interpreted as its OpenShift user name.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "parentID": { + "description": "parentID is the ID of the hierarchical resource where the tags are defined, e.g. at the Organization or the Project level. To find the Organization or Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. An OrganizationID must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.", + "type": "string", + "default": "" }, - "usersQuery": { - "description": "AllUsersQuery holds the template for an LDAP query that returns user entries.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LDAPQuery" + "value": { + "description": "value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.legacyconfig.v1.AdmissionConfig": { - "description": "AdmissionConfig holds the necessary configuration options for admission", + "com.github.openshift.api.config.v1.GatherConfig": { + "description": "GatherConfig provides data gathering configuration options.", "type": "object", "required": [ - "pluginConfig" + "gatherers" ], "properties": { - "pluginConfig": { - "description": "pluginConfig allows specifying a configuration file per admission control plugin", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.AdmissionPluginConfig" - } - }, - "pluginOrderOverride": { - "description": "pluginOrderOverride is a list of admission control plugin names that will be installed on the master. Order is significant. If empty, a default list of plugins is used.", + "dataPolicy": { + "description": "dataPolicy is an optional list of DataPolicyOptions that allows user to enable additional obfuscation of the Insights archive data. It may not exceed 2 items and must not contain duplicates. Valid values are ObfuscateNetworking and WorkloadNames. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When set to WorkloadNames, the gathered data about cluster resources will not contain the workload names for your deployments. Resources UIDs will be used instead. When omitted no obfuscation is applied.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" + }, + "gatherers": { + "description": "gatherers is a required field that specifies the configuration of the gatherers.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.Gatherers" + }, + "storage": { + "description": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.Storage" } } }, - "com.github.openshift.api.legacyconfig.v1.AdmissionPluginConfig": { - "description": "AdmissionPluginConfig holds the necessary configuration options for admission plugins", + "com.github.openshift.api.config.v1.GathererConfig": { + "description": "GathererConfig allows to configure specific gatherers", "type": "object", "required": [ - "location", - "configuration" + "name", + "state" ], "properties": { - "configuration": { - "description": "configuration is an embedded configuration object to be used as the plugin's configuration. If present, it will be used instead of the path to the configuration file.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "name": { + "description": "name is the required name of a specific gatherer. It may not exceed 256 characters. The format for a gatherer name is: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + "type": "string" }, - "location": { - "description": "location is the path to a configuration file that contains the plugin's configuration", - "type": "string", - "default": "" + "state": { + "description": "state is a required field that allows you to configure specific gatherer. Valid values are \"Enabled\" and \"Disabled\". When set to Enabled the gatherer will run. When set to Disabled the gatherer will not run.", + "type": "string" } } }, - "com.github.openshift.api.legacyconfig.v1.AggregatorConfig": { - "description": "AggregatorConfig holds information required to make the aggregator function.", + "com.github.openshift.api.config.v1.Gatherers": { + "description": "Gatherers specifies the configuration of the gatherers", "type": "object", "required": [ - "proxyClientInfo" + "mode" ], "properties": { - "proxyClientInfo": { - "description": "proxyClientInfo specifies the client cert/key to use when proxying to aggregated API servers", + "custom": { + "description": "custom provides gathering configuration. It is required when mode is Custom, and forbidden otherwise. Custom configuration allows user to disable only a subset of gatherers. Gatherers that are not explicitly disabled in custom configuration will run.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.CertInfo" - } - } - }, - "com.github.openshift.api.legacyconfig.v1.AllowAllPasswordIdentityProvider": { - "description": "AllowAllPasswordIdentityProvider provides identities for users authenticating using non-empty passwords\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.config.v1.Custom" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "mode": { + "description": "mode is a required field that specifies the mode for gatherers. Allowed values are All, None, and Custom. When set to All, all gatherers will run and gather data. When set to None, all gatherers will be disabled and no data will be gathered. When set to Custom, the custom configuration from the custom field will be applied.", "type": "string" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "mode", + "fields-to-discriminateBy": { + "custom": "Custom" + } + } + ] }, - "com.github.openshift.api.legacyconfig.v1.AuditConfig": { - "description": "AuditConfig holds configuration for the audit capabilities", + "com.github.openshift.api.config.v1.GenericAPIServerConfig": { + "description": "GenericAPIServerConfig is an inline-able struct for aggregated apiservers that need to store data in etcd", "type": "object", "required": [ - "enabled", - "auditFilePath", - "maximumFileRetentionDays", - "maximumRetainedFiles", - "maximumFileSizeMegabytes", - "policyFile", - "policyConfiguration", - "logFormat", - "webHookKubeConfig", - "webHookMode" + "servingInfo", + "corsAllowedOrigins", + "auditConfig", + "storageConfig", + "admission", + "kubeClientConfig" ], "properties": { - "auditFilePath": { - "description": "All requests coming to the apiserver will be logged to this file.", - "type": "string", - "default": "" + "admission": { + "description": "admissionConfig holds information about how to configure admission.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.AdmissionConfig" }, - "enabled": { - "description": "If this flag is set, audit log will be printed in the logs. The logs contains, method, user and a requested URL.", - "type": "boolean", - "default": false + "auditConfig": { + "description": "auditConfig describes how to configure audit information", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.AuditConfig" }, - "logFormat": { - "description": "Format of saved audits (legacy or json).", - "type": "string", - "default": "" + "corsAllowedOrigins": { + "description": "corsAllowedOrigins", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "maximumFileRetentionDays": { - "description": "Maximum number of days to retain old log files based on the timestamp encoded in their filename.", - "type": "integer", - "format": "int32", - "default": 0 + "kubeClientConfig": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.KubeClientConfig" }, - "maximumFileSizeMegabytes": { - "description": "Maximum size in megabytes of the log file before it gets rotated. Defaults to 100MB.", - "type": "integer", - "format": "int32", - "default": 0 + "servingInfo": { + "description": "servingInfo describes how to start serving", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" }, - "maximumRetainedFiles": { - "description": "Maximum number of old log files to retain.", - "type": "integer", - "format": "int32", - "default": 0 + "storageConfig": { + "description": "storageConfig contains information about how to use", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.EtcdStorageConfig" + } + } + }, + "com.github.openshift.api.config.v1.GenericControllerConfig": { + "description": "GenericControllerConfig provides information to configure a controller\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "servingInfo", + "leaderElection", + "authentication", + "authorization" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "policyConfiguration": { - "description": "policyConfiguration is an embedded policy configuration object to be used as the audit policy configuration. If present, it will be used instead of the path to the policy file.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "authentication": { + "description": "authentication allows configuration of authentication for the endpoints", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.DelegatedAuthentication" }, - "policyFile": { - "description": "policyFile is a path to the file that defines the audit policy configuration.", - "type": "string", - "default": "" + "authorization": { + "description": "authorization allows configuration of authentication for the endpoints", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.DelegatedAuthorization" }, - "webHookKubeConfig": { - "description": "Path to a .kubeconfig formatted file that defines the audit webhook configuration.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "webHookMode": { - "description": "Strategy for sending audit events (block or batch).", - "type": "string", - "default": "" + "leaderElection": { + "description": "leaderElection provides information to elect a leader. Only override this if you have a specific need", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.LeaderElection" + }, + "servingInfo": { + "description": "servingInfo is the HTTP serving information for the controller's endpoints", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" } } }, - "com.github.openshift.api.legacyconfig.v1.AugmentedActiveDirectoryConfig": { - "description": "AugmentedActiveDirectoryConfig holds the necessary configuration options to define how an LDAP group sync interacts with an LDAP server using the augmented Active Directory schema", + "com.github.openshift.api.config.v1.GitHubIdentityProvider": { + "description": "GitHubIdentityProvider provides identities for users authenticating using GitHub credentials", "type": "object", "required": [ - "usersQuery", - "userNameAttributes", - "groupMembershipAttributes", - "groupsQuery", - "groupUIDAttribute", - "groupNameAttributes" + "clientID", + "clientSecret" ], "properties": { - "groupMembershipAttributes": { - "description": "groupMembershipAttributes defines which attributes on an LDAP user entry will be interpreted as the groups it is a member of", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "groupNameAttributes": { - "description": "groupNameAttributes defines which attributes on an LDAP group entry will be interpreted as its name to use for an OpenShift group", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "ca": { + "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. This can only be configured when hostname is set to a non-empty value. The namespace for this config map is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "groupUIDAttribute": { - "description": "GroupUIDAttributes defines which attribute on an LDAP group entry will be interpreted as its unique identifier. (ldapGroupUID)", + "clientID": { + "description": "clientID is the oauth client ID", "type": "string", "default": "" }, - "groupsQuery": { - "description": "AllGroupsQuery holds the template for an LDAP query that returns group entries.", + "clientSecret": { + "description": "clientSecret is a required reference to the secret by name containing the oauth client secret. The key \"clientSecret\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LDAPQuery" + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" }, - "userNameAttributes": { - "description": "userNameAttributes defines which attributes on an LDAP user entry will be interpreted as its OpenShift user name.", + "hostname": { + "description": "hostname is the optional domain (e.g. \"mycompany.com\") for use with a hosted instance of GitHub Enterprise. It must match the GitHub Enterprise settings value configured at /setup/settings#hostname.", + "type": "string", + "default": "" + }, + "organizations": { + "description": "organizations optionally restricts which organizations are allowed to log in", "type": "array", "items": { "type": "string", "default": "" } }, - "usersQuery": { - "description": "AllUsersQuery holds the template for an LDAP query that returns user entries.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LDAPQuery" + "teams": { + "description": "teams optionally restricts which teams are allowed to log in. Format is /.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.legacyconfig.v1.BasicAuthPasswordIdentityProvider": { - "description": "BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.GitLabIdentityProvider": { + "description": "GitLabIdentityProvider provides identities for users authenticating using GitLab credentials", "type": "object", "required": [ - "url", - "ca", - "certFile", - "keyFile" + "clientID", + "clientSecret", + "url" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, "ca": { - "description": "ca is the CA for verifying TLS connections", + "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + }, + "clientID": { + "description": "clientID is the oauth client ID", "type": "string", "default": "" }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", + "clientSecret": { + "description": "clientSecret is a required reference to the secret by name containing the oauth client secret. The key \"clientSecret\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + }, + "url": { + "description": "url is the oauth server base URL", "type": "string", "default": "" - }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + } + } + }, + "com.github.openshift.api.config.v1.GoogleIdentityProvider": { + "description": "GoogleIdentityProvider provides identities for users authenticating using Google credentials", + "type": "object", + "required": [ + "clientID", + "clientSecret" + ], + "properties": { + "clientID": { + "description": "clientID is the oauth client ID", "type": "string", "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "clientSecret": { + "description": "clientSecret is a required reference to the secret by name containing the oauth client secret. The key \"clientSecret\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" }, - "url": { - "description": "url is the remote URL to connect to", + "hostedDomain": { + "description": "hostedDomain is the optional Google App domain (e.g. \"mycompany.com\") to restrict logins to", "type": "string", "default": "" } } }, - "com.github.openshift.api.legacyconfig.v1.BuildDefaultsConfig": { - "description": "BuildDefaultsConfig controls the default information for Builds\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.HTPasswdIdentityProvider": { + "description": "HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials", "type": "object", + "required": [ + "fileData" + ], "properties": { - "annotations": { - "description": "annotations are annotations that will be added to the build pod", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "fileData": { + "description": "fileData is a required reference to a secret by name containing the data to use as the htpasswd file. The key \"htpasswd\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. If the specified htpasswd data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + } + } + }, + "com.github.openshift.api.config.v1.HTTPServingInfo": { + "description": "HTTPServingInfo holds configuration for serving HTTP", + "type": "object", + "required": [ + "bindAddress", + "bindNetwork", + "certFile", + "keyFile", + "maxRequestsInFlight", + "requestTimeoutSeconds" + ], + "properties": { + "bindAddress": { + "description": "bindAddress is the ip:port to serve on", + "type": "string", + "default": "" }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "bindNetwork": { + "description": "bindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", + "type": "string", + "default": "" }, - "env": { - "description": "env is a set of default environment variables that will be applied to the build if the specified variables do not exist on the build", + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", + "type": "string", + "default": "" + }, + "cipherSuites": { + "description": "cipherSuites contains an overridden list of ciphers for the server to support. Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + "type": "string", + "default": "" } }, - "gitHTTPProxy": { - "description": "gitHTTPProxy is the location of the HTTPProxy for Git source", + "clientCA": { + "description": "clientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates", "type": "string" }, - "gitHTTPSProxy": { - "description": "gitHTTPSProxy is the location of the HTTPSProxy for Git source", - "type": "string" + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" }, - "gitNoProxy": { - "description": "gitNoProxy is the list of domains for which the proxy should not be used", + "maxRequestsInFlight": { + "description": "maxRequestsInFlight is the number of concurrent requests allowed to the server. If zero, no limit.", + "type": "integer", + "format": "int64", + "default": 0 + }, + "minTLSVersion": { + "description": "minTLSVersion is the minimum TLS version supported. Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants", "type": "string" }, - "imageLabels": { - "description": "imageLabels is a list of labels that are applied to the resulting image. User can override a default label by providing a label with the same name in their Build/BuildConfig.", + "namedCertificates": { + "description": "namedCertificates is a list of certificates to use to secure requests to specific hostnames", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageLabel" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "nodeSelector": { - "description": "nodeSelector is a selector which must be true for the build pod to fit on a node", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" + "$ref": "#/definitions/com.github.openshift.api.config.v1.NamedCertificate" } }, - "resources": { - "description": "resources defines resource requirements to execute the build.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" - }, - "sourceStrategyDefaults": { - "description": "sourceStrategyDefaults are default values that apply to builds using the source strategy.", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.SourceStrategyDefaultsConfig" + "requestTimeoutSeconds": { + "description": "requestTimeoutSeconds is the number of seconds before requests are timed out. The default is 60 minutes, if -1 there is no limit on requests.", + "type": "integer", + "format": "int64", + "default": 0 } } }, - "com.github.openshift.api.legacyconfig.v1.BuildOverridesConfig": { - "description": "BuildOverridesConfig controls override settings for builds\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.HubSource": { + "description": "HubSource is used to specify the hub source and its configuration", "type": "object", "required": [ - "forcePull" + "name", + "disabled" ], "properties": { - "annotations": { - "description": "annotations are annotations that will be added to the build pod", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "forcePull": { - "description": "forcePull indicates whether the build strategy should always be set to ForcePull=true", + "disabled": { + "description": "disabled is used to disable a default hub source on cluster", "type": "boolean", "default": false }, - "imageLabels": { - "description": "imageLabels is a list of labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten.", + "name": { + "description": "name is the name of one of the default hub sources", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.HubSourceStatus": { + "description": "HubSourceStatus is used to reflect the current state of applying the configuration to a default source", + "type": "object", + "properties": { + "message": { + "description": "message provides more information regarding failures", + "type": "string" + }, + "status": { + "description": "status indicates success or failure in applying the configuration", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1.IBMCloudPlatformSpec": { + "description": "IBMCloudPlatformSpec holds the desired state of the IBMCloud infrastructure provider. This only includes fields that can be modified in the cluster.", + "type": "object", + "properties": { + "serviceEndpoints": { + "description": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of an IBM service. These endpoints are used by components within the cluster when trying to reach the IBM Cloud Services that have been overridden. The CCCMO reads in the IBMCloudPlatformSpec and validates each endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus are updated to reflect the same custom endpoints. A maximum of 13 service endpoints overrides are supported.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageLabel" - } + "$ref": "#/definitions/com.github.openshift.api.config.v1.IBMCloudServiceEndpoint" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.config.v1.IBMCloudPlatformStatus": { + "description": "IBMCloudPlatformStatus holds the current status of the IBMCloud infrastructure provider.", + "type": "object", + "properties": { + "cisInstanceCRN": { + "description": "cisInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain", + "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "dnsInstanceCRN": { + "description": "dnsInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain", "type": "string" }, - "nodeSelector": { - "description": "nodeSelector is a selector which must be true for the build pod to fit on a node", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "location": { + "description": "location is where the cluster has been deployed", + "type": "string" }, - "tolerations": { - "description": "tolerations is a list of Tolerations that will override any existing tolerations set on a build pod.", + "providerType": { + "description": "providerType indicates the type of cluster that was created", + "type": "string" + }, + "resourceGroupName": { + "description": "resourceGroupName is the Resource Group for new IBMCloud resources created for the cluster.", + "type": "string" + }, + "serviceEndpoints": { + "description": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of an IBM service. These endpoints are used by components within the cluster when trying to reach the IBM Cloud Services that have been overridden. The CCCMO reads in the IBMCloudPlatformSpec and validates each endpoint is resolvable. Once validated, the cloud config and IBMCloudPlatformStatus are updated to reflect the same custom endpoints.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" - } + "$ref": "#/definitions/com.github.openshift.api.config.v1.IBMCloudServiceEndpoint" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.legacyconfig.v1.CertInfo": { - "description": "CertInfo relates a certificate with a private key", + "com.github.openshift.api.config.v1.IBMCloudServiceEndpoint": { + "description": "IBMCloudServiceEndpoint stores the configuration of a custom url to override existing defaults of IBM Cloud Services.", "type": "object", "required": [ - "certFile", - "keyFile" + "name", + "url" ], "properties": { - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", + "name": { + "description": "name is the name of the IBM Cloud service. Possible values are: CIS, COS, COSConfig, DNSServices, GlobalCatalog, GlobalSearch, GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, ResourceManager, or VPC. For example, the IBM Cloud Private IAM service could be configured with the service `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` Whereas the IBM Cloud Private VPC service for US South (Dallas) could be configured with the service `name` of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`", "type": "string", "default": "" }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "url": { + "description": "url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty. The path must follow the pattern /v[0,9]+ or /api/v[0,9]+", "type": "string", "default": "" } } }, - "com.github.openshift.api.legacyconfig.v1.ClientConnectionOverrides": { - "description": "ClientConnectionOverrides are a set of overrides to the default client connection settings.", + "com.github.openshift.api.config.v1.IdentityProvider": { + "description": "IdentityProvider provides identities for users authenticating using credentials", "type": "object", "required": [ - "acceptContentTypes", - "contentType", - "qps", - "burst" + "name", + "type" ], "properties": { - "acceptContentTypes": { - "description": "acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the default value of 'application/json'. This field will control all connections to the server used by a particular client.", - "type": "string", - "default": "" + "basicAuth": { + "description": "basicAuth contains configuration options for the BasicAuth IdP", + "$ref": "#/definitions/com.github.openshift.api.config.v1.BasicAuthIdentityProvider" }, - "burst": { - "description": "burst allows extra queries to accumulate when a client is exceeding its rate.", - "type": "integer", - "format": "int32", - "default": 0 + "github": { + "description": "github enables user authentication using GitHub credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.GitHubIdentityProvider" }, - "contentType": { - "description": "contentType is the content type used when sending data to the server from this client.", + "gitlab": { + "description": "gitlab enables user authentication using GitLab credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.GitLabIdentityProvider" + }, + "google": { + "description": "google enables user authentication using Google credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.GoogleIdentityProvider" + }, + "htpasswd": { + "description": "htpasswd enables user authentication using an HTPasswd file to validate credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.HTPasswdIdentityProvider" + }, + "keystone": { + "description": "keystone enables user authentication using keystone password credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.KeystoneIdentityProvider" + }, + "ldap": { + "description": "ldap enables user authentication using LDAP credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.LDAPIdentityProvider" + }, + "mappingMethod": { + "description": "mappingMethod determines how identities from this provider are mapped to users Defaults to \"claim\"", + "type": "string" + }, + "name": { + "description": "name is used to qualify the identities returned by this provider. - It MUST be unique and not shared by any other identity provider used - It MUST be a valid path segment: name cannot equal \".\" or \"..\" or contain \"/\" or \"%\" or \":\"\n Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName", "type": "string", "default": "" }, - "qps": { - "description": "qps controls the number of queries per second allowed for this connection.", - "type": "number", - "format": "float", - "default": 0 - } - } - }, - "com.github.openshift.api.legacyconfig.v1.ClusterNetworkEntry": { - "description": "ClusterNetworkEntry defines an individual cluster network. The CIDRs cannot overlap with other cluster network CIDRs, CIDRs reserved for external ips, CIDRs reserved for service networks, and CIDRs reserved for ingress ips.", - "type": "object", - "required": [ - "cidr", - "hostSubnetLength" - ], - "properties": { - "cidr": { - "description": "cidr defines the total range of a cluster networks address space.", + "openID": { + "description": "openID enables user authentication using OpenID credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.OpenIDIdentityProvider" + }, + "requestHeader": { + "description": "requestHeader enables user authentication using request header credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.RequestHeaderIdentityProvider" + }, + "type": { + "description": "type identifies the identity provider type for this entry.", "type": "string", "default": "" - }, - "hostSubnetLength": { - "description": "hostSubnetLength is the number of bits of the accompanying CIDR address to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pod.", - "type": "integer", - "format": "int64", - "default": 0 } } }, - "com.github.openshift.api.legacyconfig.v1.ControllerConfig": { - "description": "ControllerConfig holds configuration values for controllers", + "com.github.openshift.api.config.v1.IdentityProviderConfig": { + "description": "IdentityProviderConfig contains configuration for using a specific identity provider", "type": "object", "required": [ - "controllers", - "election", - "serviceServingCert" + "type" ], "properties": { - "controllers": { - "description": "controllers is a list of controllers to enable. '*' enables all on-by-default controllers, 'foo' enables the controller \"+ named 'foo', '-foo' disables the controller named 'foo'. Defaults to \"*\".", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "basicAuth": { + "description": "basicAuth contains configuration options for the BasicAuth IdP", + "$ref": "#/definitions/com.github.openshift.api.config.v1.BasicAuthIdentityProvider" }, - "election": { - "description": "election defines the configuration for electing a controller instance to make changes to the cluster. If unspecified, the ControllerTTL value is checked to determine whether the legacy direct etcd election code will be used.", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ControllerElectionConfig" + "github": { + "description": "github enables user authentication using GitHub credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.GitHubIdentityProvider" }, - "serviceServingCert": { - "description": "serviceServingCert holds configuration for service serving cert signer which creates cert/key pairs for pods fulfilling a service to serve with.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ServiceServingCert" - } - } - }, - "com.github.openshift.api.legacyconfig.v1.ControllerElectionConfig": { - "description": "ControllerElectionConfig contains configuration values for deciding how a controller will be elected to act as leader.", - "type": "object", - "required": [ - "lockName", - "lockNamespace", - "lockResource" - ], - "properties": { - "lockName": { - "description": "lockName is the resource name used to act as the lock for determining which controller instance should lead.", - "type": "string", - "default": "" + "gitlab": { + "description": "gitlab enables user authentication using GitLab credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.GitLabIdentityProvider" }, - "lockNamespace": { - "description": "lockNamespace is the resource namespace used to act as the lock for determining which controller instance should lead. It defaults to \"kube-system\"", - "type": "string", - "default": "" + "google": { + "description": "google enables user authentication using Google credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.GoogleIdentityProvider" }, - "lockResource": { - "description": "lockResource is the group and resource name to use to coordinate for the controller lock. If unset, defaults to \"configmaps\".", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.GroupResource" + "htpasswd": { + "description": "htpasswd enables user authentication using an HTPasswd file to validate credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.HTPasswdIdentityProvider" + }, + "keystone": { + "description": "keystone enables user authentication using keystone password credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.KeystoneIdentityProvider" + }, + "ldap": { + "description": "ldap enables user authentication using LDAP credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.LDAPIdentityProvider" + }, + "openID": { + "description": "openID enables user authentication using OpenID credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.OpenIDIdentityProvider" + }, + "requestHeader": { + "description": "requestHeader enables user authentication using request header credentials", + "$ref": "#/definitions/com.github.openshift.api.config.v1.RequestHeaderIdentityProvider" + }, + "type": { + "description": "type identifies the identity provider type for this entry.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.legacyconfig.v1.DNSConfig": { - "description": "DNSConfig holds the necessary configuration options for DNS", + "com.github.openshift.api.config.v1.Image": { + "description": "Image governs policies related to imagestream imports and runtime configuration for external registries. It allows cluster admins to configure which registries OpenShift is allowed to import images from, extra CA trust bundles for external registries, and policies to block or allow registry hostnames. When exposing OpenShift's image registry to the public, this also lets cluster admins specify the external hostname.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "bindAddress", - "bindNetwork", - "allowRecursiveQueries" + "spec" ], "properties": { - "allowRecursiveQueries": { - "description": "allowRecursiveQueries allows the DNS server on the master to answer queries recursively. Note that open resolvers can be used for DNS amplification attacks and the master DNS should not be made accessible to public networks.", - "type": "boolean", - "default": false + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "bindAddress": { - "description": "bindAddress is the ip:port to serve DNS on", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "bindNetwork": { - "description": "bindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageSpec" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageStatus" } } }, - "com.github.openshift.api.legacyconfig.v1.DefaultAdmissionConfig": { - "description": "DefaultAdmissionConfig can be used to enable or disable various admission plugins. When this type is present as the `configuration` object under `pluginConfig` and *if* the admission plugin supports it, this will cause an \"off by default\" admission plugin to be enabled\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.ImageContentPolicy": { + "description": "ImageContentPolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "disable" + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "disable": { - "description": "disable turns off an admission plugin that is enabled by default.", - "type": "boolean", - "default": false - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageContentPolicySpec" } } }, - "com.github.openshift.api.legacyconfig.v1.DenyAllPasswordIdentityProvider": { - "description": "DenyAllPasswordIdentityProvider provides no identities for users\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.ImageContentPolicyList": { + "description": "ImageContentPolicyList lists the items in the ImageContentPolicy CRD.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageContentPolicy" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.legacyconfig.v1.DockerConfig": { - "description": "DockerConfig holds Docker related configuration options.", + "com.github.openshift.api.config.v1.ImageContentPolicySpec": { + "description": "ImageContentPolicySpec is the specification of the ImageContentPolicy CRD.", "type": "object", - "required": [ - "execHandlerName", - "dockerShimSocket", - "dockerShimRootDirectory" - ], "properties": { - "dockerShimRootDirectory": { - "description": "dockerShimRootDirectory is the dockershim root directory.", - "type": "string", - "default": "" - }, - "dockerShimSocket": { - "description": "dockerShimSocket is the location of the dockershim socket the kubelet uses. Currently unix socket is supported on Linux, and tcp is supported on windows. Examples:'unix:///var/run/dockershim.sock', 'tcp://localhost:3735'", - "type": "string", - "default": "" - }, - "execHandlerName": { - "description": "execHandlerName is the name of the handler to use for executing commands in containers.", - "type": "string", - "default": "" + "repositoryDigestMirrors": { + "description": "repositoryDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in RepositoryDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To pull image from mirrors by tags, should set the \"allowMirrorByTags\".\n\nEach “source” repository is treated independently; configurations for different “source” repositories don’t interact.\n\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec.\n\nWhen multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.RepositoryDigestMirrors" + }, + "x-kubernetes-list-map-keys": [ + "source" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.legacyconfig.v1.EtcdConfig": { - "description": "EtcdConfig holds the necessary configuration options for connecting with an etcd database", + "com.github.openshift.api.config.v1.ImageDigestMirrorSet": { + "description": "ImageDigestMirrorSet holds cluster-wide information about how to handle registry mirror rules on using digest pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "servingInfo", - "address", - "peerServingInfo", - "peerAddress", - "storageDirectory" + "spec" ], "properties": { - "address": { - "description": "address is the advertised host:port for client connections to etcd", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "peerAddress": { - "description": "peerAddress is the advertised host:port for peer connections to etcd", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "peerServingInfo": { - "description": "peerServingInfo describes how to start serving the etcd peer", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ServingInfo" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "servingInfo": { - "description": "servingInfo describes how to start serving the etcd master", + "spec": { + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ServingInfo" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageDigestMirrorSetSpec" }, - "storageDirectory": { - "description": "StorageDir is the path to the etcd storage directory", - "type": "string", - "default": "" + "status": { + "description": "status contains the observed state of the resource.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageDigestMirrorSetStatus" } } }, - "com.github.openshift.api.legacyconfig.v1.EtcdConnectionInfo": { - "description": "EtcdConnectionInfo holds information necessary for connecting to an etcd server", + "com.github.openshift.api.config.v1.ImageDigestMirrorSetList": { + "description": "ImageDigestMirrorSetList lists the items in the ImageDigestMirrorSet CRD.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "urls", - "ca", - "certFile", - "keyFile" + "metadata", + "items" ], "properties": { - "ca": { - "description": "ca is a file containing trusted roots for the etcd server certificates", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageDigestMirrorSet" + } }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "urls": { - "description": "urls are the URLs for etcd", + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.config.v1.ImageDigestMirrorSetSpec": { + "description": "ImageDigestMirrorSetSpec is the specification of the ImageDigestMirrorSet CRD.", + "type": "object", + "properties": { + "imageDigestMirrors": { + "description": "imageDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using tag specification, users should configure a list of mirrors using \"ImageTagMirrorSet\" CRD.\n\nIf the image pull specification matches the repository of \"source\" in multiple imagedigestmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the \"source\", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact.\n\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec.\n\nWhen multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a specific order of mirrors, should configure them into one list of mirrors using the expected order.", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageDigestMirrors" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.legacyconfig.v1.EtcdStorageConfig": { - "description": "EtcdStorageConfig holds the necessary configuration options for the etcd storage underlying OpenShift and Kubernetes", + "com.github.openshift.api.config.v1.ImageDigestMirrorSetStatus": { + "type": "object" + }, + "com.github.openshift.api.config.v1.ImageDigestMirrors": { + "description": "ImageDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config.", "type": "object", "required": [ - "kubernetesStorageVersion", - "kubernetesStoragePrefix", - "openShiftStorageVersion", - "openShiftStoragePrefix" + "source" ], "properties": { - "kubernetesStoragePrefix": { - "description": "kubernetesStoragePrefix is the path within etcd that the Kubernetes resources will be rooted under. This value, if changed, will mean existing objects in etcd will no longer be located. The default value is 'kubernetes.io'.", - "type": "string", - "default": "" - }, - "kubernetesStorageVersion": { - "description": "kubernetesStorageVersion is the API version that Kube resources in etcd should be serialized to. This value should *not* be advanced until all clients in the cluster that read from etcd have code that allows them to read the new version.", - "type": "string", - "default": "" + "mirrorSourcePolicy": { + "description": "mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. If unset, the image will continue to be pulled from the the repository in the pull spec. sourcePolicy is valid configuration only when one or more mirrors are in the mirror list.", + "type": "string" }, - "openShiftStoragePrefix": { - "description": "openShiftStoragePrefix is the path within etcd that the OpenShift resources will be rooted under. This value, if changed, will mean existing objects in etcd will no longer be located. The default value is 'openshift.io'.", - "type": "string", - "default": "" + "mirrors": { + "description": "mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. Images can be pulled from these mirrors only if they are referenced by their digests. The mirrored location is obtained by replacing the part of the input reference that matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo repository to be used. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be pulled from the repository in the pull spec unless explicitly prohibited by \"mirrorSourcePolicy\" Other cluster configuration, including (but not limited to) other imageDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. \"mirrors\" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" }, - "openShiftStorageVersion": { - "description": "openShiftStorageVersion is the API version that OS resources in etcd should be serialized to. This value should *not* be advanced until all clients in the cluster that read from etcd have code that allows them to read the new version.", + "source": { + "description": "source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. \"source\" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo [*.]host for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", "type": "string", "default": "" } } }, - "com.github.openshift.api.legacyconfig.v1.GitHubIdentityProvider": { - "description": "GitHubIdentityProvider provides identities for users authenticating using GitHub credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.ImageLabel": { "type": "object", "required": [ - "clientID", - "clientSecret", - "organizations", - "teams", - "hostname", - "ca" + "name" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "ca": { - "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server. If empty, the default system roots are used. This can only be configured when hostname is set to a non-empty value.", - "type": "string", - "default": "" - }, - "clientID": { - "description": "clientID is the oauth client ID", - "type": "string", - "default": "" - }, - "clientSecret": { - "description": "clientSecret is the oauth client secret", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.StringSource" - }, - "hostname": { - "description": "hostname is the optional domain (e.g. \"mycompany.com\") for use with a hosted instance of GitHub Enterprise. It must match the GitHub Enterprise settings value that is configured at /setup/settings#hostname.", + "name": { + "description": "name defines the name of the label. It must have non-zero length.", "type": "string", "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "value": { + "description": "value defines the literal value of the label.", "type": "string" - }, - "organizations": { - "description": "organizations optionally restricts which organizations are allowed to log in", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "teams": { - "description": "teams optionally restricts which teams are allowed to log in. Format is /.", - "type": "array", - "items": { - "type": "string", - "default": "" - } } } }, - "com.github.openshift.api.legacyconfig.v1.GitLabIdentityProvider": { - "description": "GitLabIdentityProvider provides identities for users authenticating using GitLab credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.ImageList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "ca", - "url", - "clientID", - "clientSecret" + "metadata", + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "ca": { - "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", - "type": "string", - "default": "" - }, - "clientID": { - "description": "clientID is the oauth client ID", - "type": "string", - "default": "" - }, - "clientSecret": { - "description": "clientSecret is the oauth client secret", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.StringSource" + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.Image" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "legacy": { - "description": "legacy determines if OAuth2 or OIDC should be used If true, OAuth2 is used If false, OIDC is used If nil and the URL's host is gitlab.com, OIDC is used Otherwise, OAuth2 is used In a future release, nil will default to using OIDC Eventually this flag will be removed and only OIDC will be used", - "type": "boolean" - }, - "url": { - "description": "url is the oauth server base URL", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.legacyconfig.v1.GoogleIdentityProvider": { - "description": "GoogleIdentityProvider provides identities for users authenticating using Google credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.ImagePolicy": { + "description": "ImagePolicy holds namespace-wide configuration for image signature verification\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "clientID", - "clientSecret", - "hostedDomain" + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "clientID": { - "description": "clientID is the oauth client ID", - "type": "string", - "default": "" - }, - "clientSecret": { - "description": "clientSecret is the oauth client secret", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.StringSource" - }, - "hostedDomain": { - "description": "hostedDomain is the optional Google App domain (e.g. \"mycompany.com\") to restrict logins to", - "type": "string", - "default": "" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - } - } - }, - "com.github.openshift.api.legacyconfig.v1.GrantConfig": { - "description": "GrantConfig holds the necessary configuration options for grant handlers", - "type": "object", - "required": [ - "method", - "serviceAccountMethod" - ], - "properties": { - "method": { - "description": "method determines the default strategy to use when an OAuth client requests a grant. This method will be used only if the specific OAuth client doesn't provide a strategy of their own. Valid grant handling methods are:\n - auto: always approves grant requests, useful for trusted clients\n - prompt: prompts the end user for approval of grant requests, useful for third-party clients\n - deny: always denies grant requests, useful for black-listed clients", - "type": "string", - "default": "" }, - "serviceAccountMethod": { - "description": "serviceAccountMethod is used for determining client authorization for service account oauth client. It must be either: deny, prompt", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicySpec" + }, + "status": { + "description": "status contains the observed state of the resource.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicyStatus" } } }, - "com.github.openshift.api.legacyconfig.v1.GroupResource": { - "description": "GroupResource points to a resource by its name and API group.", + "com.github.openshift.api.config.v1.ImagePolicyFulcioCAWithRekorRootOfTrust": { + "description": "ImagePolicyFulcioCAWithRekorRootOfTrust defines the root of trust based on the Fulcio certificate and the Rekor public key.", "type": "object", "required": [ - "group", - "resource" + "fulcioCAData", + "rekorKeyData", + "fulcioSubject" ], "properties": { - "group": { - "description": "group is the name of an API group", + "fulcioCAData": { + "description": "fulcioCAData is a required field contains inline base64-encoded data for the PEM format fulcio CA. fulcioCAData must be at most 8192 characters.", "type": "string", - "default": "" + "format": "byte" }, - "resource": { - "description": "resource is the name of a resource.", + "fulcioSubject": { + "description": "fulcioSubject is a required field specifies OIDC issuer and the email of the Fulcio authentication configuration.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyFulcioSubject" + }, + "rekorKeyData": { + "description": "rekorKeyData is a required field contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", "type": "string", - "default": "" + "format": "byte" } } }, - "com.github.openshift.api.legacyconfig.v1.HTPasswdPasswordIdentityProvider": { - "description": "HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.ImagePolicyList": { + "description": "ImagePolicyList is a list of ImagePolicy resources\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "file" + "metadata", + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "file": { - "description": "file is a reference to your htpasswd file", - "type": "string", - "default": "" + "items": { + "description": "items is a list of ImagePolicies", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicy" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.legacyconfig.v1.HTTPServingInfo": { - "description": "HTTPServingInfo holds configuration for serving HTTP", + "com.github.openshift.api.config.v1.ImagePolicyPKIRootOfTrust": { + "description": "ImagePolicyPKIRootOfTrust defines the root of trust based on Root CA(s) and corresponding intermediate certificates.", "type": "object", "required": [ - "bindAddress", - "bindNetwork", - "certFile", - "keyFile", - "clientCA", - "namedCertificates", - "maxRequestsInFlight", - "requestTimeoutSeconds" + "caRootsData", + "pkiCertificateSubject" ], "properties": { - "bindAddress": { - "description": "bindAddress is the ip:port to serve on", - "type": "string", - "default": "" - }, - "bindNetwork": { - "description": "bindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", - "type": "string", - "default": "" - }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" - }, - "cipherSuites": { - "description": "cipherSuites contains an overridden list of ciphers for the server to support. Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "clientCA": { - "description": "clientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates", - "type": "string", - "default": "" - }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "caIntermediatesData": { + "description": "caIntermediatesData contains base64-encoded data of a certificate bundle PEM file, which contains one or more intermediate certificates in the PEM format. The total length of the data must not exceed 8192 characters. caIntermediatesData requires caRootsData to be set.", "type": "string", - "default": "" - }, - "maxRequestsInFlight": { - "description": "maxRequestsInFlight is the number of concurrent requests allowed to the server. If zero, no limit.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "minTLSVersion": { - "description": "minTLSVersion is the minimum TLS version supported. Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants", - "type": "string" - }, - "namedCertificates": { - "description": "namedCertificates is a list of certificates to use to secure requests to specific hostnames", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.NamedCertificate" - } + "format": "byte" }, - "requestTimeoutSeconds": { - "description": "requestTimeoutSeconds is the number of seconds before requests are timed out. The default is 60 minutes, if -1 there is no limit on requests.", - "type": "integer", - "format": "int32", - "default": 0 + "caRootsData": { + "description": "caRootsData contains base64-encoded data of a certificate bundle PEM file, which contains one or more CA roots in the PEM format. The total length of the data must not exceed 8192 characters.", + "type": "string", + "format": "byte" + }, + "pkiCertificateSubject": { + "description": "pkiCertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.PKICertificateSubject" } } }, - "com.github.openshift.api.legacyconfig.v1.IdentityProvider": { - "description": "IdentityProvider provides identities for users authenticating using credentials", + "com.github.openshift.api.config.v1.ImagePolicyPublicKeyRootOfTrust": { + "description": "ImagePolicyPublicKeyRootOfTrust defines the root of trust based on a sigstore public key.", "type": "object", "required": [ - "name", - "challenge", - "login", - "mappingMethod", - "provider" + "keyData" ], "properties": { - "challenge": { - "description": "UseAsChallenger indicates whether to issue WWW-Authenticate challenges for this provider", - "type": "boolean", - "default": false - }, - "login": { - "description": "UseAsLogin indicates whether to use this identity provider for unauthenticated browsers to login against", - "type": "boolean", - "default": false - }, - "mappingMethod": { - "description": "mappingMethod determines how identities from this provider are mapped to users", + "keyData": { + "description": "keyData is a required field contains inline base64-encoded data for the PEM format public key. keyData must be at most 8192 characters.", "type": "string", - "default": "" + "format": "byte" }, - "name": { - "description": "name is used to qualify the identities returned by this provider", + "rekorKeyData": { + "description": "rekorKeyData is an optional field contains inline base64-encoded data for the PEM format from the Rekor public key. rekorKeyData must be at most 8192 characters.", "type": "string", - "default": "" - }, - "provider": { - "description": "provider contains the information about how to set up a specific identity provider", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "format": "byte" } } }, - "com.github.openshift.api.legacyconfig.v1.ImageConfig": { - "description": "ImageConfig holds the necessary configuration options for building image names for system components", + "com.github.openshift.api.config.v1.ImagePolicySpec": { + "description": "ImagePolicySpec is the specification of the ImagePolicy CRD.", "type": "object", "required": [ - "format", - "latest" + "scopes", + "policy" ], "properties": { - "format": { - "description": "format is the format of the name to be built for the system component", - "type": "string", - "default": "" + "policy": { + "description": "policy is a required field that contains configuration to allow scopes to be verified, and defines how images not matching the verification policy will be treated.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy" }, - "latest": { - "description": "latest determines if the latest tag will be pulled from the registry", - "type": "boolean", - "default": false + "scopes": { + "description": "scopes is a required field that defines the list of image identities assigned to a policy. Each item refers to a scope in a registry implementing the \"Docker Registry HTTP API V2\". Scopes matching individual images are named Docker references in the fully expanded form, either using a tag or digest. For example, docker.io/library/busybox:latest (not busybox:latest). More general scopes are prefixes of individual-image scopes, and specify a repository (by omitting the tag or digest), a repository namespace, or a registry host (by only specifying the host name and possibly a port number) or a wildcard expression starting with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid case, but example*.*.com is not. This support no more than 256 scopes in one object. If multiple scopes match a given image, only the policy requirements for the most specific scope apply. The policy requirements for more general scopes are ignored. In addition to setting a policy appropriate for your own deployed applications, make sure that a policy on the OpenShift image repositories quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev (or on a more general scope) allows deployment of the OpenShift images required for cluster operation. If a scope is configured in both the ClusterImagePolicy and the ImagePolicy, or if the scope in ImagePolicy is nested under one of the scopes from the ClusterImagePolicy, only the policy from the ClusterImagePolicy will be applied. For additional details about the format, please refer to the document explaining the docker transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" } } }, - "com.github.openshift.api.legacyconfig.v1.ImagePolicyConfig": { - "description": "ImagePolicyConfig holds the necessary configuration options for limits and behavior for importing images", + "com.github.openshift.api.config.v1.ImagePolicyStatus": { + "type": "object", + "properties": { + "conditions": { + "description": "conditions provide details on the status of this API Resource. condition type 'Pending' indicates that the customer resource contains a policy that cannot take effect. It is either overwritten by a global policy or the image scope is not valid.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.config.v1.ImageSigstoreVerificationPolicy": { + "description": "ImageSigstoreVerificationPolicy defines the verification policy for the items in the scopes list.", "type": "object", "required": [ - "maxImagesBulkImportedPerRepository", - "disableScheduledImport", - "scheduledImageImportMinimumIntervalSeconds", - "maxScheduledImageImportsPerMinute" + "rootOfTrust" ], + "properties": { + "rootOfTrust": { + "description": "rootOfTrust is a required field that defines the root of trust for verifying image signatures during retrieval. This allows image consumers to specify policyType and corresponding configuration of the policy, matching how the policy was generated.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyRootOfTrust" + }, + "signedIdentity": { + "description": "signedIdentity is an optional field specifies what image identity the signature claims about the image. This is useful when the image identity in the signature differs from the original image spec, such as when mirror registry is configured for the image scope, the signature from the mirror registry contains the image identity of the mirror instead of the original scope. The required matchPolicy field specifies the approach used in the verification process to verify the identity in the signature and the actual image identity, the default matchPolicy is \"MatchRepoDigestOrExact\".", + "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyIdentity" + } + } + }, + "com.github.openshift.api.config.v1.ImageSpec": { + "type": "object", "properties": { "additionalTrustedCA": { - "description": "additionalTrustedCA is a path to a pem bundle file containing additional CAs that should be trusted during imagestream import.", - "type": "string" + "description": "additionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted during imagestream import, pod image pull, build image pull, and imageregistry pullthrough. The namespace for this config map is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, "allowedRegistriesForImport": { "description": "allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.RegistryLocation" - } - }, - "disableScheduledImport": { - "description": "disableScheduledImport allows scheduled background import of images to be disabled.", - "type": "boolean", - "default": false - }, - "externalRegistryHostname": { - "description": "externalRegistryHostname sets the hostname for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", - "type": "string" - }, - "internalRegistryHostname": { - "description": "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format.", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.config.v1.RegistryLocation" + }, + "x-kubernetes-list-type": "atomic" }, - "maxImagesBulkImportedPerRepository": { - "description": "maxImagesBulkImportedPerRepository controls the number of images that are imported when a user does a bulk import of a container repository. This number defaults to 50 to prevent users from importing large numbers of images accidentally. Set -1 for no limit.", - "type": "integer", - "format": "int32", - "default": 0 + "externalRegistryHostnames": { + "description": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "maxScheduledImageImportsPerMinute": { - "description": "maxScheduledImageImportsPerMinute is the maximum number of scheduled image streams that will be imported in the background per minute. The default value is 60. Set to -1 for unlimited.", - "type": "integer", - "format": "int32", - "default": 0 + "imageStreamImportMode": { + "description": "imageStreamImportMode controls the import mode behaviour of imagestreams. It can be set to `Legacy` or `PreserveOriginal` or the empty string. If this value is specified, this setting is applied to all newly created imagestreams which do not have the value set. `Legacy` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported. When empty, the behaviour will be decided based on the payload type advertised by the ClusterVersion status, i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal.\n\nPossible enum values:\n - `\"Legacy\"` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. This mode is the default.\n - `\"PreserveOriginal\"` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.", + "type": "string", + "default": "", + "enum": [ + "Legacy", + "PreserveOriginal" + ] }, - "scheduledImageImportMinimumIntervalSeconds": { - "description": "scheduledImageImportMinimumIntervalSeconds is the minimum number of seconds that can elapse between when image streams scheduled for background import are checked against the upstream repository. The default value is 15 minutes.", - "type": "integer", - "format": "int32", - "default": 0 + "registrySources": { + "description": "registrySources contains configuration that determines how the container runtime should treat individual registries when accessing images for builds+pods. (e.g. whether or not to allow insecure access). It does not contain configuration for the internal cluster registry.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.RegistrySources" } } }, - "com.github.openshift.api.legacyconfig.v1.JenkinsPipelineConfig": { - "description": "JenkinsPipelineConfig holds configuration for the Jenkins pipeline strategy", + "com.github.openshift.api.config.v1.ImageStatus": { "type": "object", - "required": [ - "autoProvisionEnabled", - "templateNamespace", - "templateName", - "serviceName", - "parameters" - ], "properties": { - "autoProvisionEnabled": { - "description": "autoProvisionEnabled determines whether a Jenkins server will be spawned from the provided template when the first build config in the project with type JenkinsPipeline is created. When not specified this option defaults to true.", - "type": "boolean" - }, - "parameters": { - "description": "parameters specifies a set of optional parameters to the Jenkins template.", - "type": "object", - "additionalProperties": { + "externalRegistryHostnames": { + "description": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", + "type": "array", + "items": { "type": "string", "default": "" - } - }, - "serviceName": { - "description": "serviceName is the name of the Jenkins service OpenShift uses to detect whether a Jenkins pipeline handler has already been installed in a project. This value *must* match a service name in the provided template.", - "type": "string", - "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "templateName": { - "description": "templateName is the name of the default Jenkins template", + "imageStreamImportMode": { + "description": "imageStreamImportMode controls the import mode behaviour of imagestreams. It can be `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported. This value will be reconciled based on either the spec value or if no spec value is specified, the image registry operator would look at the ClusterVersion status to determine the payload type and set the import mode accordingly, i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal.\n\nPossible enum values:\n - `\"Legacy\"` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. This mode is the default.\n - `\"PreserveOriginal\"` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.", "type": "string", - "default": "" + "enum": [ + "Legacy", + "PreserveOriginal" + ] }, - "templateNamespace": { - "description": "templateNamespace contains the namespace name where the Jenkins template is stored", - "type": "string", - "default": "" + "internalRegistryHostname": { + "description": "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format. This value is set by the image registry operator which controls the internal registry hostname.", + "type": "string" } } }, - "com.github.openshift.api.legacyconfig.v1.KeystonePasswordIdentityProvider": { - "description": "KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.ImageTagMirrorSet": { + "description": "ImageTagMirrorSet holds cluster-wide information about how to handle registry mirror rules on using tag pull specification. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "url", - "ca", - "certFile", - "keyFile", - "domainName", - "useKeystoneIdentity" + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "ca": { - "description": "ca is the CA for verifying TLS connections", - "type": "string", - "default": "" - }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" - }, - "domainName": { - "description": "Domain Name is required for keystone v3", - "type": "string", - "default": "" - }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - "type": "string", - "default": "" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "url": { - "description": "url is the remote URL to connect to", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "useKeystoneIdentity": { - "description": "useKeystoneIdentity flag indicates that user should be authenticated by keystone ID, not by username", - "type": "boolean", - "default": false + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageTagMirrorSetSpec" + }, + "status": { + "description": "status contains the observed state of the resource.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageTagMirrorSetStatus" } } }, - "com.github.openshift.api.legacyconfig.v1.KubeletConnectionInfo": { - "description": "KubeletConnectionInfo holds information necessary for connecting to a kubelet", + "com.github.openshift.api.config.v1.ImageTagMirrorSetList": { + "description": "ImageTagMirrorSetList lists the items in the ImageTagMirrorSet CRD.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "port", - "ca", - "certFile", - "keyFile" + "metadata", + "items" ], "properties": { - "ca": { - "description": "ca is the CA for verifying TLS connections to kubelets", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageTagMirrorSet" + } }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "port": { - "description": "port is the port to connect to kubelets on", - "type": "integer", - "format": "int32", - "default": 0 + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.legacyconfig.v1.KubernetesMasterConfig": { - "description": "KubernetesMasterConfig holds the necessary configuration options for the Kubernetes master", + "com.github.openshift.api.config.v1.ImageTagMirrorSetSpec": { + "description": "ImageTagMirrorSetSpec is the specification of the ImageTagMirrorSet CRD.", + "type": "object", + "properties": { + "imageTagMirrors": { + "description": "imageTagMirrors allows images referenced by image tags in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in imageTagMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. To use mirrors to pull images using digest specification only, users should configure a list of mirrors using \"ImageDigestMirrorSet\" CRD.\n\nIf the image pull specification matches the repository of \"source\" in multiple imagetagmirrorset objects, only the objects which define the most specific namespace match will be used. For example, if there are objects using quay.io/libpod and quay.io/libpod/busybox as the \"source\", only the objects using quay.io/libpod/busybox are going to apply for pull specification quay.io/libpod/busybox. Each “source” repository is treated independently; configurations for different “source” repositories don’t interact.\n\nIf the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec.\n\nWhen multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified. Users who want to use a deterministic order of mirrors, should configure them into one list of mirrors using the expected order.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImageTagMirrors" + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "com.github.openshift.api.config.v1.ImageTagMirrorSetStatus": { + "type": "object" + }, + "com.github.openshift.api.config.v1.ImageTagMirrors": { + "description": "ImageTagMirrors holds cluster-wide information about how to handle mirrors in the registries config.", "type": "object", "required": [ - "apiLevels", - "disabledAPIGroupVersions", - "masterIP", - "masterEndpointReconcileTTL", - "servicesSubnet", - "servicesNodePortRange", - "schedulerConfigFile", - "podEvictionTimeout", - "proxyClientInfo", - "apiServerArguments", - "controllerArguments", - "schedulerArguments" + "source" ], "properties": { - "apiLevels": { - "description": "apiLevels is a list of API levels that should be enabled on startup: v1 as examples", + "mirrorSourcePolicy": { + "description": "mirrorSourcePolicy defines the fallback policy if fails to pull image from the mirrors. If unset, the image will continue to be pulled from the repository in the pull spec. sourcePolicy is valid configuration only when one or more mirrors are in the mirror list.", + "type": "string" + }, + "mirrors": { + "description": "mirrors is zero or more locations that may also contain the same images. No mirror will be configured if not specified. Images can be pulled from these mirrors only if they are referenced by their tags. The mirrored location is obtained by replacing the part of the input reference that matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat causes a mirror.local/redhat/product/repo repository to be used. Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. Configuring a list of mirrors using \"ImageDigestMirrorSet\" CRD and forcing digest-pulls for mirrors avoids that issue. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. If no mirror is specified or all image pulls from the mirror list fail, the image will continue to be pulled from the repository in the pull spec unless explicitly prohibited by \"mirrorSourcePolicy\". Other cluster configuration, including (but not limited to) other imageTagMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering. \"mirrors\" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", "type": "array", "items": { "type": "string", "default": "" - } - }, - "apiServerArguments": { - "description": "apiServerArguments are key value pairs that will be passed directly to the Kube apiserver that match the apiservers's command line arguments. These are not migrated, but if you reference a value that does not exist the server will not start. These values may override other settings in KubernetesMasterConfig which may cause invalid configurations.", - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string", - "default": "" - } - } - }, - "controllerArguments": { - "description": "controllerArguments are key value pairs that will be passed directly to the Kube controller manager that match the controller manager's command line arguments. These are not migrated, but if you reference a value that does not exist the server will not start. These values may override other settings in KubernetesMasterConfig which may cause invalid configurations.", - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string", - "default": "" - } - } - }, - "disabledAPIGroupVersions": { - "description": "disabledAPIGroupVersions is a map of groups to the versions (or *) that should be disabled.", - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string", - "default": "" - } - } - }, - "masterEndpointReconcileTTL": { - "description": "masterEndpointReconcileTTL sets the time to live in seconds of an endpoint record recorded by each master. The endpoints are checked at an interval that is 2/3 of this value and this value defaults to 15s if unset. In very large clusters, this value may be increased to reduce the possibility that the master endpoint record expires (due to other load on the etcd server) and causes masters to drop in and out of the kubernetes service record. It is not recommended to set this value below 15s.", - "type": "integer", - "format": "int32", - "default": 0 + }, + "x-kubernetes-list-type": "set" }, - "masterIP": { - "description": "masterIP is the public IP address of kubernetes stuff. If empty, the first result from net.InterfaceAddrs will be used.", + "source": { + "description": "source matches the repository that users refer to, e.g. in image pull specifications. Setting source to a registry hostname e.g. docker.io. quay.io, or registry.redhat.io, will match the image pull specification of corressponding registry. \"source\" uses one of the following formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo [*.]host for more information about the format, see the document about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table", "type": "string", "default": "" + } + } + }, + "com.github.openshift.api.config.v1.Infrastructure": { + "description": "Infrastructure holds cluster-wide information about Infrastructure. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "podEvictionTimeout": { - "description": "podEvictionTimeout controls grace period for deleting pods on failed nodes. It takes valid time duration string. If empty, you get the default pod eviction timeout.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "proxyClientInfo": { - "description": "proxyClientInfo specifies the client cert/key to use when proxying to pods", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.CertInfo" - }, - "schedulerArguments": { - "description": "schedulerArguments are key value pairs that will be passed directly to the Kube scheduler that match the scheduler's command line arguments. These are not migrated, but if you reference a value that does not exist the server will not start. These values may override other settings in KubernetesMasterConfig which may cause invalid configurations.", - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string", - "default": "" - } - } - }, - "schedulerConfigFile": { - "description": "schedulerConfigFile points to a file that describes how to set up the scheduler. If empty, you get the default scheduling rules.", - "type": "string", - "default": "" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "servicesNodePortRange": { - "description": "servicesNodePortRange is the range to use for assigning service public ports on a host.", - "type": "string", - "default": "" + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.InfrastructureSpec" }, - "servicesSubnet": { - "description": "servicesSubnet is the subnet to use for assigning service IPs", - "type": "string", - "default": "" + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.InfrastructureStatus" } } }, - "com.github.openshift.api.legacyconfig.v1.LDAPAttributeMapping": { - "description": "LDAPAttributeMapping maps LDAP attributes to OpenShift identity fields", + "com.github.openshift.api.config.v1.InfrastructureList": { + "description": "InfrastructureList is\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "id", - "preferredUsername", - "name", - "email" + "metadata", + "items" ], "properties": { - "email": { - "description": "email is the list of attributes whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "id": { - "description": "id is the list of attributes whose values should be used as the user ID. Required. LDAP standard identity attribute is \"dn\"", + "items": { "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.Infrastructure" } }, - "name": { - "description": "name is the list of attributes whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity LDAP standard display name attribute is \"cn\"", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.config.v1.InfrastructureSpec": { + "description": "InfrastructureSpec contains settings that apply to the cluster infrastructure.", + "type": "object", + "properties": { + "cloudConfig": { + "description": "cloudConfig is a reference to a ConfigMap containing the cloud provider configuration file. This configuration file is used to configure the Kubernetes cloud provider integration when using the built-in cloud provider integration or the external cloud controller manager. The namespace for this config map is openshift-config.\n\ncloudConfig should only be consumed by the kube_cloud_config controller. The controller is responsible for using the user configuration in the spec for various platforms and combining that with the user provided ConfigMap in this field to create a stitched kube cloud config. The controller generates a ConfigMap `kube-cloud-config` in `openshift-config-managed` namespace with the kube cloud config is stored in `cloud.conf` key. All the clients are expected to use the generated ConfigMap only.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapFileReference" }, - "preferredUsername": { - "description": "preferredUsername is the list of attributes whose values should be used as the preferred username. LDAP standard login attribute is \"uid\"", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "platformSpec": { + "description": "platformSpec holds desired information specific to the underlying infrastructure provider.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.PlatformSpec" } } }, - "com.github.openshift.api.legacyconfig.v1.LDAPPasswordIdentityProvider": { - "description": "LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.InfrastructureStatus": { + "description": "InfrastructureStatus describes the infrastructure the cluster is leveraging.", "type": "object", - "required": [ - "url", - "bindDN", - "bindPassword", - "insecure", - "ca", - "attributes" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "apiServerInternalURI": { + "description": "apiServerInternalURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerInternalURL can be used by components like kubelets, to contact the Kubernetes API server using the infrastructure provider rather than Kubernetes networking.", + "type": "string", + "default": "" }, - "attributes": { - "description": "attributes maps LDAP attributes to identities", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LDAPAttributeMapping" + "apiServerURL": { + "description": "apiServerURL is a valid URI with scheme 'https', address and optionally a port (defaulting to 443). apiServerURL can be used by components like the web console to tell users where to find the Kubernetes API.", + "type": "string", + "default": "" }, - "bindDN": { - "description": "bindDN is an optional DN to bind with during the search phase.", + "controlPlaneTopology": { + "description": "controlPlaneTopology expresses the expectations for operands that normally run on control nodes. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation The 'External' mode indicates that the control plane is hosted externally to the cluster and that its components are not visible within the cluster. The 'HighlyAvailableArbiter' mode indicates that the control plane will consist of 2 control-plane nodes that run conventional services and 1 smaller sized arbiter node that runs a bare minimum of services to maintain quorum.", "type": "string", "default": "" }, - "bindPassword": { - "description": "bindPassword is an optional password to bind with during the search phase.", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.StringSource" + "cpuPartitioning": { + "description": "cpuPartitioning expresses if CPU partitioning is a currently enabled feature in the cluster. CPU Partitioning means that this cluster can support partitioning workloads to specific CPU Sets. Valid values are \"None\" and \"AllNodes\". When omitted, the default value is \"None\". The default value of \"None\" indicates that no nodes will be setup with CPU partitioning. The \"AllNodes\" value indicates that all nodes have been setup with CPU partitioning, and can then be further configured via the PerformanceProfile API.", + "type": "string", + "default": "None" }, - "ca": { - "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", + "etcdDiscoveryDomain": { + "description": "etcdDiscoveryDomain is the domain used to fetch the SRV records for discovering etcd servers and clients. For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery deprecated: as of 4.7, this field is no longer set or honored. It will be removed in a future release.", "type": "string", "default": "" }, - "insecure": { - "description": "Insecure, if true, indicates the connection should not use TLS. Cannot be set to true with a URL scheme of \"ldaps://\" If false, \"ldaps://\" URLs connect using TLS, and \"ldap://\" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830", - "type": "boolean", - "default": false + "infrastructureName": { + "description": "infrastructureName uniquely identifies a cluster with a human friendly name. Once set it should not be changed. Must be of max length 27 and must have only alphanumeric or hyphen characters.", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "infrastructureTopology": { + "description": "infrastructureTopology expresses the expectations for infrastructure services that do not run on control plane nodes, usually indicated by a node selector for a `role` value other than `master`. The default is 'HighlyAvailable', which represents the behavior operators have in a \"normal\" cluster. The 'SingleReplica' mode will be used in single-node deployments and the operators should not configure the operand for highly-available operation NOTE: External topology mode is not applicable for this field.", "type": "string" }, - "url": { - "description": "url is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is\n ldap://host:port/basedn?attribute?scope?filter", - "type": "string", - "default": "" + "platform": { + "description": "platform is the underlying infrastructure provider for the cluster.\n\nDeprecated: Use platformStatus.type instead.", + "type": "string" + }, + "platformStatus": { + "description": "platformStatus holds status information specific to the underlying infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.PlatformStatus" } } }, - "com.github.openshift.api.legacyconfig.v1.LDAPQuery": { - "description": "LDAPQuery holds the options necessary to build an LDAP query", + "com.github.openshift.api.config.v1.Ingress": { + "description": "Ingress holds cluster-wide information about ingress, including the default ingress domain used for routes. The canonical name is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "baseDN", - "scope", - "derefAliases", - "timeout", - "filter", - "pageSize" + "spec" ], "properties": { - "baseDN": { - "description": "The DN of the branch of the directory where all searches should start from", - "type": "string", - "default": "" - }, - "derefAliases": { - "description": "The (optional) behavior of the search with regards to alisases. Can be: never: never dereference aliases, search: only dereference in searching, base: only dereference in finding the base object, always: always dereference Defaults to always dereferencing if not set", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "filter": { - "description": "filter is a valid LDAP search filter that retrieves all relevant entries from the LDAP server with the base DN", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "pageSize": { - "description": "pageSize is the maximum preferred page size, measured in LDAP entries. A page size of 0 means no paging will be done.", - "type": "integer", - "format": "int32", - "default": 0 + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "scope": { - "description": "The (optional) scope of the search. Can be: base: only the base object, one: all object on the base level, sub: the entire subtree Defaults to the entire subtree if not set", - "type": "string", - "default": "" + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.IngressSpec" }, - "timeout": { - "description": "TimeLimit holds the limit of time in seconds that any request to the server can remain outstanding before the wait for a response is given up. If this is 0, no client-side limit is imposed", - "type": "integer", - "format": "int32", - "default": 0 + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.IngressStatus" } } }, - "com.github.openshift.api.legacyconfig.v1.LDAPSyncConfig": { - "description": "LDAPSyncConfig holds the necessary configuration options to define an LDAP group sync\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.IngressList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "url", - "bindDN", - "bindPassword", - "insecure", - "ca", - "groupUIDNameMapping" + "metadata", + "items" ], "properties": { - "activeDirectory": { - "description": "ActiveDirectoryConfig holds the configuration for extracting data from an LDAP server set up in a fashion similar to that used in Active Directory: first-class user entries, with group membership determined by a multi-valued attribute on members listing groups they are a member of", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ActiveDirectoryConfig" - }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "augmentedActiveDirectory": { - "description": "AugmentedActiveDirectoryConfig holds the configuration for extracting data from an LDAP server set up in a fashion similar to that used in Active Directory as described above, with one addition: first-class group entries exist and are used to hold metadata but not group membership", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.AugmentedActiveDirectoryConfig" - }, - "bindDN": { - "description": "bindDN is an optional DN to bind to the LDAP server with", - "type": "string", - "default": "" - }, - "bindPassword": { - "description": "bindPassword is an optional password to bind with during the search phase.", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.StringSource" - }, - "ca": { - "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", - "type": "string", - "default": "" - }, - "groupUIDNameMapping": { - "description": "LDAPGroupUIDToOpenShiftGroupNameMapping is an optional direct mapping of LDAP group UIDs to OpenShift Group names", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.Ingress" } }, - "insecure": { - "description": "Insecure, if true, indicates the connection should not use TLS. Cannot be set to true with a URL scheme of \"ldaps://\" If false, \"ldaps://\" URLs connect using TLS, and \"ldap://\" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830", - "type": "boolean", - "default": false - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "rfc2307": { - "description": "RFC2307Config holds the configuration for extracting data from an LDAP server set up in a fashion similar to RFC2307: first-class group and user entries, with group membership determined by a multi-valued attribute on the group entry listing its members", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.RFC2307Config" - }, - "url": { - "description": "Host is the scheme, host and port of the LDAP server to connect to: scheme://host:port", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.legacyconfig.v1.LocalQuota": { - "description": "LocalQuota contains options for controlling local volume quota on the node.", + "com.github.openshift.api.config.v1.IngressPlatformSpec": { + "description": "IngressPlatformSpec holds the desired state of Ingress specific to the underlying infrastructure provider of the current cluster. Since these are used at spec-level for the underlying cluster, it is supposed that only one of the spec structs is set.", "type": "object", "required": [ - "perFSGroup" + "type" ], "properties": { - "perFSGroup": { - "description": "FSGroup can be specified to enable a quota on local storage use per unique FSGroup ID. At present this is only implemented for emptyDir volumes, and if the underlying volumeDirectory is on an XFS filesystem.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + "aws": { + "description": "aws contains settings specific to the Amazon Web Services infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSIngressSpec" + }, + "type": { + "description": "type is the underlying infrastructure provider for the cluster. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"KubeVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", + "type": "string", + "default": "" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "aws": "AWS" + } + } + ] }, - "com.github.openshift.api.legacyconfig.v1.MasterAuthConfig": { - "description": "MasterAuthConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", + "com.github.openshift.api.config.v1.IngressSpec": { "type": "object", "required": [ - "requestHeader", - "webhookTokenAuthenticators", - "oauthMetadataFile" + "domain" ], "properties": { - "oauthMetadataFile": { - "description": "oauthMetadataFile is a path to a file containing the discovery endpoint for OAuth 2.0 Authorization Server Metadata for an external OAuth server. See IETF Draft: // https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This option is mutually exclusive with OAuthConfig", + "appsDomain": { + "description": "appsDomain is an optional domain to use instead of the one specified in the domain field when a Route is created without specifying an explicit host. If appsDomain is nonempty, this value is used to generate default host values for Route. Unlike domain, appsDomain may be modified after installation. This assumes a new ingresscontroller has been setup with a wildcard certificate.", + "type": "string" + }, + "componentRoutes": { + "description": "componentRoutes is an optional list of routes that are managed by OpenShift components that a cluster-admin is able to configure the hostname and serving certificate for. The namespace and name of each route in this list should match an existing entry in the status.componentRoutes list.\n\nTo determine the set of configurable Routes, look at namespace and name of entries in the .status.componentRoutes list, where participating operators write the status of configurable routes.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ComponentRouteSpec" + }, + "x-kubernetes-list-map-keys": [ + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" + }, + "domain": { + "description": "domain is used to generate a default host name for a route when the route's host name is empty. The generated host name will follow this pattern: \"..\".\n\nIt is also used as the default wildcard domain suffix for ingress. The default ingresscontroller domain will follow this pattern: \"*.\".\n\nOnce set, changing domain is not currently supported.", "type": "string", "default": "" }, - "requestHeader": { - "description": "requestHeader holds options for setting up a front proxy against the API. It is optional.", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.RequestHeaderAuthenticationOptions" + "loadBalancer": { + "description": "loadBalancer contains the load balancer details in general which are not only specific to the underlying infrastructure provider of the current cluster and are required for Ingress Controller to work on OpenShift.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.LoadBalancer" }, - "webhookTokenAuthenticators": { - "description": "WebhookTokenAuthnConfig, if present configures remote token reviewers", + "requiredHSTSPolicies": { + "description": "requiredHSTSPolicies specifies HSTS policies that are required to be set on newly created or updated routes matching the domainPattern/s and namespaceSelector/s that are specified in the policy. Each requiredHSTSPolicy must have at least a domainPattern and a maxAge to validate a route HSTS Policy route annotation, and affect route admission.\n\nA candidate route is checked for HSTS Policies if it has the HSTS Policy route annotation: \"haproxy.router.openshift.io/hsts_header\" E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains\n\n- For each candidate route, if it matches a requiredHSTSPolicy domainPattern and optional namespaceSelector, then the maxAge, preloadPolicy, and includeSubdomainsPolicy must be valid to be admitted. Otherwise, the route is rejected. - The first match, by domainPattern and optional namespaceSelector, in the ordering of the RequiredHSTSPolicies determines the route's admission status. - If the candidate route doesn't match any requiredHSTSPolicy domainPattern and optional namespaceSelector, then it may use any HSTS Policy annotation.\n\nThe HSTS policy configuration may be changed after routes have already been created. An update to a previously admitted route may then fail if the updated route does not conform to the updated HSTS policy configuration. However, changing the HSTS policy configuration will not cause a route that is already admitted to stop working.\n\nNote that if there are no RequiredHSTSPolicies, any HSTS Policy annotation on the route is valid.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.WebhookTokenAuthenticator" + "$ref": "#/definitions/com.github.openshift.api.config.v1.RequiredHSTSPolicy" } } } }, - "com.github.openshift.api.legacyconfig.v1.MasterClients": { - "description": "MasterClients holds references to `.kubeconfig` files that qualify master clients for OpenShift and Kubernetes", + "com.github.openshift.api.config.v1.IngressStatus": { "type": "object", - "required": [ - "openshiftLoopbackKubeConfig", - "openshiftLoopbackClientConnectionOverrides" - ], "properties": { - "openshiftLoopbackClientConnectionOverrides": { - "description": "openshiftLoopbackClientConnectionOverrides specifies client overrides for system components to loop back to this master.", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ClientConnectionOverrides" + "componentRoutes": { + "description": "componentRoutes is where participating operators place the current route status for routes whose hostnames and serving certificates can be customized by the cluster-admin.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ComponentRouteStatus" + }, + "x-kubernetes-list-map-keys": [ + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "openshiftLoopbackKubeConfig": { - "description": "openshiftLoopbackKubeConfig is a .kubeconfig filename for system components to loopback to this master", + "defaultPlacement": { + "description": "defaultPlacement is set at installation time to control which nodes will host the ingress router pods by default. The options are control-plane nodes or worker nodes.\n\nThis field works by dictating how the Cluster Ingress Operator will consider unset replicas and nodePlacement fields in IngressController resources when creating the corresponding Deployments.\n\nSee the documentation for the IngressController replicas and nodePlacement fields for more information.\n\nWhen omitted, the default value is Workers", "type": "string", "default": "" } } }, - "com.github.openshift.api.legacyconfig.v1.MasterConfig": { - "description": "MasterConfig holds the necessary configuration options for the OpenShift master\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.InsightsDataGather": { + "description": "InsightsDataGather provides data gather configuration options for the Insights Operator.\n\n\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "servingInfo", - "authConfig", - "aggregatorConfig", - "corsAllowedOrigins", - "apiLevels", - "masterPublicURL", - "controllers", - "admissionConfig", - "controllerConfig", - "etcdStorageConfig", - "etcdClientInfo", - "kubeletClientInfo", - "kubernetesMasterConfig", - "etcdConfig", - "oauthConfig", - "dnsConfig", - "serviceAccountConfig", - "masterClients", - "imageConfig", - "imagePolicyConfig", - "policyConfig", - "projectConfig", - "routingConfig", - "networkConfig", - "volumeConfig", - "jenkinsPipelineConfig", - "auditConfig" + "spec" ], "properties": { - "admissionConfig": { - "description": "admissionConfig contains admission control plugin configuration.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.AdmissionConfig" - }, - "aggregatorConfig": { - "description": "aggregatorConfig has options for configuring the aggregator component of the API server.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.AggregatorConfig" - }, - "apiLevels": { - "description": "apiLevels is a list of API levels that should be enabled on startup: v1 as examples", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "auditConfig": { - "description": "auditConfig holds information related to auditing capabilities.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.AuditConfig" - }, - "authConfig": { - "description": "authConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.MasterAuthConfig" - }, - "controllerConfig": { - "description": "controllerConfig holds configuration values for controllers", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ControllerConfig" - }, - "controllers": { - "description": "controllers is a list of the controllers that should be started. If set to \"none\", no controllers will start automatically. The default value is \"*\" which will start all controllers. When using \"*\", you may exclude controllers by prepending a \"-\" in front of their name. No other values are recognized at this time.", - "type": "string", - "default": "" - }, - "corsAllowedOrigins": { - "description": "CORSAllowedOrigins", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "dnsConfig": { - "description": "DNSConfig, if present start the DNS server in this process", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.DNSConfig" - }, - "etcdClientInfo": { - "description": "etcdClientInfo contains information about how to connect to etcd", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.EtcdConnectionInfo" - }, - "etcdConfig": { - "description": "EtcdConfig, if present start etcd in this process", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.EtcdConfig" - }, - "etcdStorageConfig": { - "description": "etcdStorageConfig contains information about how API resources are stored in Etcd. These values are only relevant when etcd is the backing store for the cluster.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.EtcdStorageConfig" - }, - "imageConfig": { - "description": "imageConfig holds options that describe how to build image names for system components", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ImageConfig" - }, - "imagePolicyConfig": { - "description": "imagePolicyConfig controls limits and behavior for importing images", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ImagePolicyConfig" - }, - "jenkinsPipelineConfig": { - "description": "jenkinsPipelineConfig holds information about the default Jenkins template used for JenkinsPipeline build strategy.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.JenkinsPipelineConfig" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "kubeletClientInfo": { - "description": "kubeletClientInfo contains information about how to connect to kubelets", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.KubeletConnectionInfo" - }, - "kubernetesMasterConfig": { - "description": "KubernetesMasterConfig, if present start the kubernetes master in this process", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.KubernetesMasterConfig" - }, - "masterClients": { - "description": "masterClients holds all the client connection information for controllers and other system components", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.MasterClients" - }, - "masterPublicURL": { - "description": "masterPublicURL is how clients can access the OpenShift API server", - "type": "string", - "default": "" - }, - "networkConfig": { - "description": "networkConfig to be passed to the compiled in network plugin", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.MasterNetworkConfig" - }, - "oauthConfig": { - "description": "OAuthConfig, if present start the /oauth endpoint in this process", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.OAuthConfig" - }, - "policyConfig": { - "description": "policyConfig holds information about where to locate critical pieces of bootstrapping policy", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.PolicyConfig" - }, - "projectConfig": { - "description": "projectConfig holds information about project creation and defaults", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ProjectConfig" - }, - "routingConfig": { - "description": "routingConfig holds information about routing and route generation", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.RoutingConfig" - }, - "serviceAccountConfig": { - "description": "serviceAccountConfig holds options related to service accounts", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ServiceAccountConfig" - }, - "servingInfo": { - "description": "servingInfo describes how to start serving", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.HTTPServingInfo" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "volumeConfig": { - "description": "MasterVolumeConfig contains options for configuring volume plugins in the master node.", + "spec": { + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.MasterVolumeConfig" + "$ref": "#/definitions/com.github.openshift.api.config.v1.InsightsDataGatherSpec" } } }, - "com.github.openshift.api.legacyconfig.v1.MasterNetworkConfig": { - "description": "MasterNetworkConfig to be passed to the compiled in network plugin", + "com.github.openshift.api.config.v1.InsightsDataGatherList": { + "description": "InsightsDataGatherList is a collection of items Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "networkPluginName", - "clusterNetworks", - "serviceNetworkCIDR", - "externalIPNetworkCIDRs", - "ingressIPNetworkCIDR" + "metadata", + "items" ], "properties": { - "clusterNetworkCIDR": { - "description": "clusterNetworkCIDR is the CIDR string to specify the global overlay network's L3 space. Deprecated, but maintained for backwards compatibility, use ClusterNetworks instead.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "clusterNetworks": { - "description": "clusterNetworks is a list of ClusterNetwork objects that defines the global overlay network's L3 space by specifying a set of CIDR and netmasks that the SDN can allocate addressed from. If this is specified, then ClusterNetworkCIDR and HostSubnetLength may not be set.", + "items": { + "description": "items is the required list of InsightsDataGather objects it may not exceed 100 items", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ClusterNetworkEntry" - } - }, - "externalIPNetworkCIDRs": { - "description": "externalIPNetworkCIDRs controls what values are acceptable for the service external IP field. If empty, no externalIP may be set. It may contain a list of CIDRs which are checked for access. If a CIDR is prefixed with !, IPs in that CIDR will be rejected. Rejections will be applied first, then the IP checked against one of the allowed CIDRs. You should ensure this range does not overlap with your nodes, pods, or service CIDRs for security reasons.", - "type": "array", - "items": { - "type": "string", - "default": "" + "$ref": "#/definitions/com.github.openshift.api.config.v1.InsightsDataGather" } }, - "hostSubnetLength": { - "description": "hostSubnetLength is the number of bits to allocate to each host's subnet e.g. 8 would mean a /24 network on the host. Deprecated, but maintained for backwards compatibility, use ClusterNetworks instead.", - "type": "integer", - "format": "int64" - }, - "ingressIPNetworkCIDR": { - "description": "ingressIPNetworkCIDR controls the range to assign ingress ips from for services of type LoadBalancer on bare metal. If empty, ingress ips will not be assigned. It may contain a single CIDR that will be allocated from. For security reasons, you should ensure that this range does not overlap with the CIDRs reserved for external ips, nodes, pods, or services.", - "type": "string", - "default": "" - }, - "networkPluginName": { - "description": "networkPluginName is the name of the network plugin to use", - "type": "string", - "default": "" - }, - "serviceNetworkCIDR": { - "description": "ServiceNetwork is the CIDR string to specify the service networks", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "vxlanPort": { - "description": "vxlanPort is the VXLAN port used by the cluster defaults. If it is not set, 4789 is the default value", - "type": "integer", - "format": "int64" + "metadata": { + "description": "metadata is the required standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.legacyconfig.v1.MasterVolumeConfig": { - "description": "MasterVolumeConfig contains options for configuring volume plugins in the master node.", + "com.github.openshift.api.config.v1.InsightsDataGatherSpec": { + "description": "InsightsDataGatherSpec contains the configuration for the data gathering.", "type": "object", "required": [ - "dynamicProvisioningEnabled" + "gatherConfig" ], "properties": { - "dynamicProvisioningEnabled": { - "description": "dynamicProvisioningEnabled is a boolean that toggles dynamic provisioning off when false, defaults to true", - "type": "boolean" + "gatherConfig": { + "description": "gatherConfig is a required spec attribute that includes all the configuration options related to gathering of the Insights data and its uploading to the ingress.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.GatherConfig" } } }, - "com.github.openshift.api.legacyconfig.v1.NamedCertificate": { - "description": "NamedCertificate specifies a certificate/key, and the names it should be served for", + "com.github.openshift.api.config.v1.IntermediateTLSProfile": { + "description": "IntermediateTLSProfile is a TLS security profile based on the \"intermediate\" configuration of the Mozilla Server Side TLS configuration guidelines.", + "type": "object" + }, + "com.github.openshift.api.config.v1.KMSConfig": { + "description": "KMSConfig defines the configuration for the KMS instance that will be used with KMSEncryptionProvider encryption", "type": "object", "required": [ - "names", - "certFile", - "keyFile" + "type" ], "properties": { - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" + "aws": { + "description": "aws defines the key config for using an AWS KMS instance for the encryption. The AWS KMS instance is managed by the user outside the purview of the control plane.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSKMSConfig" }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": { + "description": "type defines the kind of platform for the KMS provider. Available provider types are AWS only.", "type": "string", "default": "" - }, - "names": { - "description": "names is a list of DNS names this certificate should be used to secure A name can be a normal DNS name, or can contain leading wildcard segments.", - "type": "array", - "items": { - "type": "string", - "default": "" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "aws": "AWS" } } - } + ] }, - "com.github.openshift.api.legacyconfig.v1.NodeAuthConfig": { - "description": "NodeAuthConfig holds authn/authz configuration options", + "com.github.openshift.api.config.v1.KeystoneIdentityProvider": { + "description": "KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials", "type": "object", "required": [ - "authenticationCacheTTL", - "authenticationCacheSize", - "authorizationCacheTTL", - "authorizationCacheSize" + "url", + "domainName" ], "properties": { - "authenticationCacheSize": { - "description": "authenticationCacheSize indicates how many authentication results should be cached. If 0, the default cache size is used.", - "type": "integer", - "format": "int32", - "default": 0 + "ca": { + "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "authenticationCacheTTL": { - "description": "authenticationCacheTTL indicates how long an authentication result should be cached. It takes a valid time duration string (e.g. \"5m\"). If empty, you get the default timeout. If zero (e.g. \"0m\"), caching is disabled", + "domainName": { + "description": "domainName is required for keystone v3", "type": "string", "default": "" }, - "authorizationCacheSize": { - "description": "authorizationCacheSize indicates how many authorization results should be cached. If 0, the default cache size is used.", - "type": "integer", - "format": "int32", - "default": 0 + "tlsClientCert": { + "description": "tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key \"tls.crt\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" }, - "authorizationCacheTTL": { - "description": "authorizationCacheTTL indicates how long an authorization result should be cached. It takes a valid time duration string (e.g. \"5m\"). If empty, you get the default timeout. If zero (e.g. \"0m\"), caching is disabled", + "tlsClientKey": { + "description": "tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key \"tls.key\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + }, + "url": { + "description": "url is the remote URL to connect to", "type": "string", "default": "" } } }, - "com.github.openshift.api.legacyconfig.v1.NodeConfig": { - "description": "NodeConfig is the fully specified config starting an OpenShift node\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.KubeClientConfig": { "type": "object", "required": [ - "nodeName", - "nodeIP", - "servingInfo", - "masterKubeConfig", - "masterClientConnectionOverrides", - "dnsDomain", - "dnsIP", - "dnsBindAddress", - "dnsNameservers", - "dnsRecursiveResolvConf", - "networkConfig", - "volumeDirectory", - "imageConfig", - "allowDisabledDocker", - "podManifestConfig", - "authConfig", - "dockerConfig", - "iptablesSyncPeriod", - "enableUnidling", - "volumeConfig" + "kubeConfig", + "connectionOverrides" ], "properties": { - "allowDisabledDocker": { - "description": "allowDisabledDocker if true, the Kubelet will ignore errors from Docker. This means that a node can start on a machine that doesn't have docker started.", - "type": "boolean", - "default": false - }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "authConfig": { - "description": "authConfig holds authn/authz configuration options", + "connectionOverrides": { + "description": "connectionOverrides specifies client overrides for system components to loop back to this master.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.NodeAuthConfig" - }, - "dnsBindAddress": { - "description": "dnsBindAddress is the ip:port to serve DNS on. If this is not set, the DNS server will not be started. Because most DNS resolvers will only listen on port 53, if you select an alternative port you will need a DNS proxy like dnsmasq to answer queries for containers. A common configuration is dnsmasq configured on a node IP listening on 53 and delegating queries for dnsDomain to this process, while sending other queries to the host environments nameservers.", - "type": "string", - "default": "" - }, - "dnsDomain": { - "description": "dnsDomain holds the domain suffix that will be used for the DNS search path inside each container. Defaults to 'cluster.local'.", - "type": "string", - "default": "" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClientConnectionOverrides" }, - "dnsIP": { - "description": "dnsIP is the IP address that pods will use to access cluster DNS. Defaults to the service IP of the Kubernetes master. This IP must be listening on port 53 for compatibility with libc resolvers (which cannot be configured to resolve names from any other port). When running more complex local DNS configurations, this is often set to the local address of a DNS proxy like dnsmasq, which then will consult either the local DNS (see dnsBindAddress) or the master DNS.", + "kubeConfig": { + "description": "kubeConfig is a .kubeconfig filename for going to the owning kube-apiserver. Empty uses an in-cluster-config", "type": "string", "default": "" + } + } + }, + "com.github.openshift.api.config.v1.KubevirtPlatformSpec": { + "description": "KubevirtPlatformSpec holds the desired state of the kubevirt infrastructure provider. This only includes fields that can be modified in the cluster.", + "type": "object" + }, + "com.github.openshift.api.config.v1.KubevirtPlatformStatus": { + "description": "KubevirtPlatformStatus holds the current status of the kubevirt infrastructure provider.", + "type": "object", + "properties": { + "apiServerInternalIP": { + "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.", + "type": "string" }, - "dnsNameservers": { - "description": "dnsNameservers is a list of ip:port values of recursive nameservers to forward queries to when running a local DNS server if dnsBindAddress is set. If this value is empty, the DNS server will default to the nameservers listed in /etc/resolv.conf. If you have configured dnsmasq or another DNS proxy on the system, this value should be set to the upstream nameservers dnsmasq resolves with.", + "ingressIP": { + "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1.LDAPAttributeMapping": { + "description": "LDAPAttributeMapping maps LDAP attributes to OpenShift identity fields", + "type": "object", + "required": [ + "id" + ], + "properties": { + "email": { + "description": "email is the list of attributes whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", "type": "array", "items": { "type": "string", "default": "" } }, - "dnsRecursiveResolvConf": { - "description": "dnsRecursiveResolvConf is a path to a resolv.conf file that contains settings for an upstream server. Only the nameservers and port fields are used. The file must exist and parse correctly. It adds extra nameservers to DNSNameservers if set.", - "type": "string", - "default": "" - }, - "dockerConfig": { - "description": "dockerConfig holds Docker related configuration options.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.DockerConfig" - }, - "enableUnidling": { - "description": "enableUnidling controls whether or not the hybrid unidling proxy will be set up", - "type": "boolean" - }, - "imageConfig": { - "description": "imageConfig holds options that describe how to build image names for system components", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ImageConfig" - }, - "iptablesSyncPeriod": { - "description": "iptablesSyncPeriod is how often iptable rules are refreshed", - "type": "string", - "default": "" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "kubeletArguments": { - "description": "kubeletArguments are key value pairs that will be passed directly to the Kubelet that match the Kubelet's command line arguments. These are not migrated or validated, so if you use them they may become invalid. These values override other settings in NodeConfig which may cause invalid configurations.", - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string", - "default": "" - } + "id": { + "description": "id is the list of attributes whose values should be used as the user ID. Required. First non-empty attribute is used. At least one attribute is required. If none of the listed attribute have a value, authentication fails. LDAP standard identity attribute is \"dn\"", + "type": "array", + "items": { + "type": "string", + "default": "" } }, - "masterClientConnectionOverrides": { - "description": "masterClientConnectionOverrides provides overrides to the client connection used to connect to the master.", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ClientConnectionOverrides" - }, - "masterKubeConfig": { - "description": "masterKubeConfig is a filename for the .kubeconfig file that describes how to connect this node to the master", - "type": "string", - "default": "" + "name": { + "description": "name is the list of attributes whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity LDAP standard display name attribute is \"cn\"", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "networkConfig": { - "description": "networkConfig provides network options for the node", + "preferredUsername": { + "description": "preferredUsername is the list of attributes whose values should be used as the preferred username. LDAP standard login attribute is \"uid\"", + "type": "array", + "items": { + "type": "string", + "default": "" + } + } + } + }, + "com.github.openshift.api.config.v1.LDAPIdentityProvider": { + "description": "LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials", + "type": "object", + "required": [ + "url", + "insecure", + "attributes" + ], + "properties": { + "attributes": { + "description": "attributes maps LDAP attributes to identities", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.NodeNetworkConfig" - }, - "networkPluginName": { - "description": "Deprecated and maintained for backward compatibility, use NetworkConfig.NetworkPluginName instead", - "type": "string" - }, - "nodeIP": { - "description": "Node may have multiple IPs, specify the IP to use for pod traffic routing If not specified, network parse/lookup on the nodeName is performed and the first non-loopback address is used", - "type": "string", - "default": "" + "$ref": "#/definitions/com.github.openshift.api.config.v1.LDAPAttributeMapping" }, - "nodeName": { - "description": "nodeName is the value used to identify this particular node in the cluster. If possible, this should be your fully qualified hostname. If you're describing a set of static nodes to the master, this value must match one of the values in the list", + "bindDN": { + "description": "bindDN is an optional DN to bind with during the search phase.", "type": "string", "default": "" }, - "podManifestConfig": { - "description": "podManifestConfig holds the configuration for enabling the Kubelet to create pods based from a manifest file(s) placed locally on the node", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.PodManifestConfig" - }, - "proxyArguments": { - "description": "proxyArguments are key value pairs that will be passed directly to the Proxy that match the Proxy's command line arguments. These are not migrated or validated, so if you use them they may become invalid. These values override other settings in NodeConfig which may cause invalid configurations.", - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string", - "default": "" - } - } - }, - "servingInfo": { - "description": "servingInfo describes how to start serving", + "bindPassword": { + "description": "bindPassword is an optional reference to a secret by name containing a password to bind with during the search phase. The key \"bindPassword\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ServingInfo" + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" }, - "volumeConfig": { - "description": "volumeConfig contains options for configuring volumes on the node.", + "ca": { + "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.NodeVolumeConfig" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "volumeDirectory": { - "description": "volumeDirectory is the directory that volumes will be stored under", + "insecure": { + "description": "insecure, if true, indicates the connection should not use TLS WARNING: Should not be set to `true` with the URL scheme \"ldaps://\" as \"ldaps://\" URLs always\n attempt to connect using TLS, even when `insecure` is set to `true`\nWhen `true`, \"ldap://\" URLS connect insecurely. When `false`, \"ldap://\" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830.", + "type": "boolean", + "default": false + }, + "url": { + "description": "url is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is: ldap://host:port/basedn?attribute?scope?filter", "type": "string", "default": "" } } }, - "com.github.openshift.api.legacyconfig.v1.NodeNetworkConfig": { - "description": "NodeNetworkConfig provides network options for the node", + "com.github.openshift.api.config.v1.LeaderElection": { + "description": "LeaderElection provides information to elect a leader", "type": "object", "required": [ - "networkPluginName", - "mtu" + "leaseDuration", + "renewDeadline", + "retryPeriod" ], "properties": { - "mtu": { - "description": "Maximum transmission unit for the network packets", - "type": "integer", - "format": "int64", - "default": 0 + "disable": { + "description": "disable allows leader election to be suspended while allowing a fully defaulted \"normal\" startup case.", + "type": "boolean" }, - "networkPluginName": { - "description": "networkPluginName is a string specifying the networking plugin", - "type": "string", - "default": "" + "leaseDuration": { + "description": "leaseDuration is the duration that non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate. This is only applicable if leader election is enabled.", + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "name": { + "description": "name indicates what name to use for the resource", + "type": "string" + }, + "namespace": { + "description": "namespace indicates which namespace the resource is in", + "type": "string" + }, + "renewDeadline": { + "description": "renewDeadline is the interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. This is only applicable if leader election is enabled.", + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "retryPeriod": { + "description": "retryPeriod is the duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled.", + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.legacyconfig.v1.NodeVolumeConfig": { - "description": "NodeVolumeConfig contains options for configuring volumes on the node.", + "com.github.openshift.api.config.v1.LoadBalancer": { "type": "object", - "required": [ - "localQuota" - ], "properties": { - "localQuota": { - "description": "localQuota contains options for controlling local volume quota on the node.", + "platform": { + "description": "platform holds configuration specific to the underlying infrastructure provider for the ingress load balancers. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LocalQuota" + "$ref": "#/definitions/com.github.openshift.api.config.v1.IngressPlatformSpec" } } }, - "com.github.openshift.api.legacyconfig.v1.OAuthConfig": { - "description": "OAuthConfig holds the necessary configuration options for OAuth authentication", + "com.github.openshift.api.config.v1.MTUMigration": { + "description": "MTUMigration contains infomation about MTU migration.", "type": "object", - "required": [ - "masterCA", - "masterURL", - "masterPublicURL", - "assetPublicURL", - "alwaysShowProviderSelection", - "identityProviders", - "grantConfig", - "sessionConfig", - "tokenConfig", - "templates" - ], "properties": { - "alwaysShowProviderSelection": { - "description": "alwaysShowProviderSelection will force the provider selection page to render even when there is only a single provider.", - "type": "boolean", - "default": false - }, - "assetPublicURL": { - "description": "assetPublicURL is used for building valid client redirect URLs for external access", - "type": "string", - "default": "" - }, - "grantConfig": { - "description": "grantConfig describes how to handle grants", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.GrantConfig" - }, - "identityProviders": { - "description": "identityProviders is an ordered list of ways for a user to identify themselves", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.IdentityProvider" - } - }, - "masterCA": { - "description": "masterCA is the CA for verifying the TLS connection back to the MasterURL.", - "type": "string" - }, - "masterPublicURL": { - "description": "masterPublicURL is used for building valid client redirect URLs for internal and external access", - "type": "string", - "default": "" - }, - "masterURL": { - "description": "masterURL is used for making server-to-server calls to exchange authorization codes for access tokens", - "type": "string", - "default": "" - }, - "sessionConfig": { - "description": "sessionConfig hold information about configuring sessions.", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.SessionConfig" - }, - "templates": { - "description": "templates allow you to customize pages like the login page.", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.OAuthTemplates" + "machine": { + "description": "machine contains MTU migration configuration for the machine's uplink.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.MTUMigrationValues" }, - "tokenConfig": { - "description": "tokenConfig contains options for authorization and access tokens", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.TokenConfig" + "network": { + "description": "network contains MTU migration configuration for the default network.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.MTUMigrationValues" } } }, - "com.github.openshift.api.legacyconfig.v1.OAuthTemplates": { - "description": "OAuthTemplates allow for customization of pages like the login page", + "com.github.openshift.api.config.v1.MTUMigrationValues": { + "description": "MTUMigrationValues contains the values for a MTU migration.", "type": "object", "required": [ - "login", - "providerSelection", - "error" + "to" ], "properties": { - "error": { - "description": "error is a path to a file containing a go template used to render error pages during the authentication or grant flow If unspecified, the default error page is used.", - "type": "string", - "default": "" + "from": { + "description": "from is the MTU to migrate from.", + "type": "integer", + "format": "int64" }, - "login": { - "description": "login is a path to a file containing a go template used to render the login page. If unspecified, the default login page is used.", - "type": "string", - "default": "" + "to": { + "description": "to is the MTU to migrate to.", + "type": "integer", + "format": "int64" + } + } + }, + "com.github.openshift.api.config.v1.MaxAgePolicy": { + "description": "MaxAgePolicy contains a numeric range for specifying a compliant HSTS max-age for the enclosing RequiredHSTSPolicy", + "type": "object", + "properties": { + "largestMaxAge": { + "description": "The largest allowed value (in seconds) of the RequiredHSTSPolicy max-age This value can be left unspecified, in which case no upper limit is enforced.", + "type": "integer", + "format": "int32" }, - "providerSelection": { - "description": "providerSelection is a path to a file containing a go template used to render the provider selection page. If unspecified, the default provider selection page is used.", - "type": "string", - "default": "" + "smallestMaxAge": { + "description": "The smallest allowed value (in seconds) of the RequiredHSTSPolicy max-age Setting max-age=0 allows the deletion of an existing HSTS header from a host. This is a necessary tool for administrators to quickly correct mistakes. This value can be left unspecified, in which case no lower limit is enforced.", + "type": "integer", + "format": "int32" } } }, - "com.github.openshift.api.legacyconfig.v1.OpenIDClaims": { - "description": "OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider", + "com.github.openshift.api.config.v1.ModernTLSProfile": { + "description": "ModernTLSProfile is a TLS security profile based on the \"modern\" configuration of the Mozilla Server Side TLS configuration guidelines.", + "type": "object" + }, + "com.github.openshift.api.config.v1.NamedCertificate": { + "description": "NamedCertificate specifies a certificate/key, and the names it should be served for", "type": "object", "required": [ - "id", - "preferredUsername", - "name", - "email" + "certFile", + "keyFile" ], "properties": { - "email": { - "description": "email is the list of claims whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "id": { - "description": "id is the list of claims whose values should be used as the user ID. Required. OpenID standard identity claim is \"sub\"", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "name": { - "description": "name is the list of claims whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", + "type": "string", + "default": "" }, - "preferredUsername": { - "description": "preferredUsername is the list of claims whose values should be used as the preferred username. If unspecified, the preferred username is determined from the value of the id claim", + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" + }, + "names": { + "description": "names is a list of DNS names this certificate should be used to secure A name can be a normal DNS name, or can contain leading wildcard segments.", "type": "array", "items": { "type": "string", @@ -20677,1186 +20400,1148 @@ } } }, - "com.github.openshift.api.legacyconfig.v1.OpenIDIdentityProvider": { - "description": "OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.Network": { + "description": "Network holds cluster-wide information about Network. The canonical name is `cluster`. It is used to configure the desired network configuration, such as: IP address pools for services/pod IPs, network plugin, etc. Please view network.spec for an explanation on what applies when configuring this resource.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "ca", - "clientID", - "clientSecret", - "extraScopes", - "extraAuthorizeParameters", - "urls", - "claims" + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "ca": { - "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "claims": { - "description": "claims mappings", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.OpenIDClaims" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "clientID": { - "description": "clientID is the oauth client ID", + "spec": { + "description": "spec holds user settable values for configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkSpec" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkStatus" + } + } + }, + "com.github.openshift.api.config.v1.NetworkDiagnostics": { + "type": "object", + "properties": { + "mode": { + "description": "mode controls the network diagnostics mode\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is All.", "type": "string", "default": "" }, - "clientSecret": { - "description": "clientSecret is the oauth client secret", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.StringSource" + "sourcePlacement": { + "description": "sourcePlacement controls the scheduling of network diagnostics source deployment\n\nSee NetworkDiagnosticsSourcePlacement for more details about default values.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkDiagnosticsSourcePlacement" }, - "extraAuthorizeParameters": { - "description": "extraAuthorizeParameters are any custom parameters to add to the authorize request.", + "targetPlacement": { + "description": "targetPlacement controls the scheduling of network diagnostics target daemonset\n\nSee NetworkDiagnosticsTargetPlacement for more details about default values.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkDiagnosticsTargetPlacement" + } + } + }, + "com.github.openshift.api.config.v1.NetworkDiagnosticsSourcePlacement": { + "description": "NetworkDiagnosticsSourcePlacement defines node scheduling configuration network diagnostics source components", + "type": "object", + "properties": { + "nodeSelector": { + "description": "nodeSelector is the node selector applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `kubernetes.io/os: linux`.", "type": "object", "additionalProperties": { "type": "string", "default": "" } }, - "extraScopes": { - "description": "extraScopes are any scopes to request in addition to the standard \"openid\" scope.", + "tolerations": { + "description": "tolerations is a list of tolerations applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is an empty list.", "type": "array", "items": { + "default": {}, + "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "com.github.openshift.api.config.v1.NetworkDiagnosticsTargetPlacement": { + "description": "NetworkDiagnosticsTargetPlacement defines node scheduling configuration network diagnostics target components", + "type": "object", + "properties": { + "nodeSelector": { + "description": "nodeSelector is the node selector applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `kubernetes.io/os: linux`.", + "type": "object", + "additionalProperties": { "type": "string", "default": "" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "urls": { - "description": "urls to use to authenticate", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.OpenIDURLs" + "tolerations": { + "description": "tolerations is a list of tolerations applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `- operator: \"Exists\"` which means that all taints are tolerated.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.legacyconfig.v1.OpenIDURLs": { - "description": "OpenIDURLs are URLs to use when authenticating with an OpenID identity provider", + "com.github.openshift.api.config.v1.NetworkList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "authorize", - "token", - "userInfo" + "metadata", + "items" ], "properties": { - "authorize": { - "description": "authorize is the oauth authorization URL", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "token": { - "description": "token is the oauth token granting URL", - "type": "string", - "default": "" + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.Network" + } }, - "userInfo": { - "description": "userInfo is the optional userinfo URL. If present, a granted access_token is used to request claims If empty, a granted id_token is parsed for claims", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.legacyconfig.v1.PodManifestConfig": { - "description": "PodManifestConfig holds the necessary configuration options for using pod manifests", + "com.github.openshift.api.config.v1.NetworkMigration": { + "description": "NetworkMigration represents the network migration status.", "type": "object", - "required": [ - "path", - "fileCheckIntervalSeconds" - ], "properties": { - "fileCheckIntervalSeconds": { - "description": "fileCheckIntervalSeconds is the interval in seconds for checking the manifest file(s) for new data The interval needs to be a positive value", - "type": "integer", - "format": "int64", - "default": 0 + "mtu": { + "description": "mtu is the MTU configuration that is being deployed.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.MTUMigration" }, - "path": { - "description": "path specifies the path for the pod manifest file or directory If its a directory, its expected to contain on or more manifest files This is used by the Kubelet to create pods on the node", - "type": "string", - "default": "" + "networkType": { + "description": "networkType is the target plugin that is being deployed. DEPRECATED: network type migration is no longer supported, so this should always be unset.", + "type": "string" } } }, - "com.github.openshift.api.legacyconfig.v1.PolicyConfig": { - "description": "holds the necessary configuration options for", + "com.github.openshift.api.config.v1.NetworkSpec": { + "description": "NetworkSpec is the desired network configuration. As a general rule, this SHOULD NOT be read directly. Instead, you should consume the NetworkStatus, as it indicates the currently deployed configuration. Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each.", "type": "object", "required": [ - "userAgentMatchingConfig" + "clusterNetwork", + "serviceNetwork", + "networkType" ], "properties": { - "userAgentMatchingConfig": { - "description": "userAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!", + "clusterNetwork": { + "description": "IP address pool to use for pod IPs. This field is immutable after installation.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterNetworkEntry" + }, + "x-kubernetes-list-type": "atomic" + }, + "externalIP": { + "description": "externalIP defines configuration for controllers that affect Service.ExternalIP. If nil, then ExternalIP is not allowed to be set.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.ExternalIPConfig" + }, + "networkDiagnostics": { + "description": "networkDiagnostics defines network diagnostics configuration.\n\nTakes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. If networkDiagnostics is not specified or is empty, and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true, the network diagnostics feature will be disabled.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.UserAgentMatchingConfig" - } - } - }, - "com.github.openshift.api.legacyconfig.v1.ProjectConfig": { - "description": "holds the necessary configuration options for", - "type": "object", - "required": [ - "defaultNodeSelector", - "projectRequestMessage", - "projectRequestTemplate", - "securityAllocator" - ], - "properties": { - "defaultNodeSelector": { - "description": "defaultNodeSelector holds default project node label selector", - "type": "string", - "default": "" + "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkDiagnostics" }, - "projectRequestMessage": { - "description": "projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint", + "networkType": { + "description": "networkType is the plugin that is to be deployed (e.g. OVNKubernetes). This should match a value that the cluster-network-operator understands, or else no networking will be installed. Currently supported values are: - OVNKubernetes This field is immutable after installation.", "type": "string", "default": "" }, - "projectRequestTemplate": { - "description": "projectRequestTemplate is the template to use for creating projects in response to projectrequest. It is in the format namespace/template and it is optional. If it is not specified, a default template is used.", - "type": "string", - "default": "" + "serviceNetwork": { + "description": "IP address pool for services. Currently, we only support a single entry here. This field is immutable after installation.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "securityAllocator": { - "description": "securityAllocator controls the automatic allocation of UIDs and MCS labels to a project. If nil, allocation is disabled.", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.SecurityAllocator" + "serviceNodePortRange": { + "description": "The port range allowed for Services of type NodePort. If not specified, the default of 30000-32767 will be used. Such Services without a NodePort specified will have one automatically allocated from this range. This parameter can be updated after the cluster is installed.", + "type": "string" } } }, - "com.github.openshift.api.legacyconfig.v1.RFC2307Config": { - "description": "RFC2307Config holds the necessary configuration options to define how an LDAP group sync interacts with an LDAP server using the RFC2307 schema", + "com.github.openshift.api.config.v1.NetworkStatus": { + "description": "NetworkStatus is the current network configuration.", "type": "object", - "required": [ - "groupsQuery", - "groupUIDAttribute", - "groupNameAttributes", - "groupMembershipAttributes", - "usersQuery", - "userUIDAttribute", - "userNameAttributes", - "tolerateMemberNotFoundErrors", - "tolerateMemberOutOfScopeErrors" - ], "properties": { - "groupMembershipAttributes": { - "description": "groupMembershipAttributes defines which attributes on an LDAP group entry will be interpreted as its members. The values contained in those attributes must be queryable by your UserUIDAttribute", + "clusterNetwork": { + "description": "IP address pool to use for pod IPs.", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ClusterNetworkEntry" + }, + "x-kubernetes-list-type": "atomic" }, - "groupNameAttributes": { - "description": "groupNameAttributes defines which attributes on an LDAP group entry will be interpreted as its name to use for an OpenShift group", + "clusterNetworkMTU": { + "description": "clusterNetworkMTU is the MTU for inter-pod networking.", + "type": "integer", + "format": "int32" + }, + "conditions": { + "description": "conditions represents the observations of a network.config current state. Known .status.conditions.type are: \"NetworkDiagnosticsAvailable\"", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "migration": { + "description": "migration contains the cluster network migration configuration.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.NetworkMigration" + }, + "networkType": { + "description": "networkType is the plugin that is deployed (e.g. OVNKubernetes).", + "type": "string" + }, + "serviceNetwork": { + "description": "IP address pool for services. Currently, we only support a single entry here.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "com.github.openshift.api.config.v1.Node": { + "description": "Node holds cluster-wide information about node specific features.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "groupUIDAttribute": { - "description": "GroupUIDAttributes defines which attribute on an LDAP group entry will be interpreted as its unique identifier. (ldapGroupUID)", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "groupsQuery": { - "description": "AllGroupsQuery holds the template for an LDAP query that returns group entries.", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LDAPQuery" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "tolerateMemberNotFoundErrors": { - "description": "tolerateMemberNotFoundErrors determines the behavior of the LDAP sync job when missing user entries are encountered. If 'true', an LDAP query for users that doesn't find any will be tolerated and an only and error will be logged. If 'false', the LDAP sync job will fail if a query for users doesn't find any. The default value is 'false'. Misconfigured LDAP sync jobs with this flag set to 'true' can cause group membership to be removed, so it is recommended to use this flag with caution.", - "type": "boolean", - "default": false + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NodeSpec" }, - "tolerateMemberOutOfScopeErrors": { - "description": "tolerateMemberOutOfScopeErrors determines the behavior of the LDAP sync job when out-of-scope user entries are encountered. If 'true', an LDAP query for a user that falls outside of the base DN given for the all user query will be tolerated and only an error will be logged. If 'false', the LDAP sync job will fail if a user query would search outside of the base DN specified by the all user query. Misconfigured LDAP sync jobs with this flag set to 'true' can result in groups missing users, so it is recommended to use this flag with caution.", - "type": "boolean", - "default": false + "status": { + "description": "status holds observed values.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NodeStatus" + } + } + }, + "com.github.openshift.api.config.v1.NodeList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "metadata", + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "userNameAttributes": { - "description": "userNameAttributes defines which attributes on an LDAP user entry will be used, in order, as its OpenShift user name. The first attribute with a non-empty value is used. This should match your PreferredUsername setting for your LDAPPasswordIdentityProvider", + "items": { "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.Node" } }, - "userUIDAttribute": { - "description": "userUIDAttribute defines which attribute on an LDAP user entry will be interpreted as its unique identifier. It must correspond to values that will be found from the GroupMembershipAttributes", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "usersQuery": { - "description": "AllUsersQuery holds the template for an LDAP query that returns user entries.", + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LDAPQuery" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.legacyconfig.v1.RegistryLocation": { - "description": "RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'.", + "com.github.openshift.api.config.v1.NodeSpec": { "type": "object", - "required": [ - "domainName" - ], "properties": { - "domainName": { - "description": "domainName specifies a domain name for the registry In case the registry use non-standard (80 or 443) port, the port should be included in the domain name as well.", + "cgroupMode": { + "description": "cgroupMode determines the cgroups version on the node", + "type": "string" + }, + "minimumKubeletVersion": { + "description": "minimumKubeletVersion is the lowest version of a kubelet that can join the cluster. Specifically, the apiserver will deny most authorization requests of kubelets that are older than the specified version, only allowing the kubelet to get and update its node object, and perform subjectaccessreviews. This means any kubelet that attempts to join the cluster will not be able to run any assigned workloads, and will eventually be marked as not ready. Its max length is 8, so maximum version allowed is either \"9.999.99\" or \"99.99.99\". Since the kubelet reports the version of the kubernetes release, not Openshift, this field references the underlying kubernetes version this version of Openshift is based off of. In other words: if an admin wishes to ensure no nodes run an older version than Openshift 4.17, then they should set the minimumKubeletVersion to 1.30.0. When comparing versions, the kubelet's version is stripped of any contents outside of major.minor.patch version. Thus, a kubelet with version \"1.0.0-ec.0\" will be compatible with minimumKubeletVersion \"1.0.0\" or earlier.", "type": "string", "default": "" }, - "insecure": { - "description": "insecure indicates whether the registry is secure (https) or insecure (http) By default (if not specified) the registry is assumed as secure.", - "type": "boolean" + "workerLatencyProfile": { + "description": "workerLatencyProfile determins the how fast the kubelet is updating the status and corresponding reaction of the cluster", + "type": "string" } } }, - "com.github.openshift.api.legacyconfig.v1.RemoteConnectionInfo": { - "description": "RemoteConnectionInfo holds information necessary for establishing a remote connection", + "com.github.openshift.api.config.v1.NodeStatus": { + "type": "object", + "properties": { + "conditions": { + "description": "conditions contain the details and the current state of the nodes.config object", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.config.v1.NutanixFailureDomain": { + "description": "NutanixFailureDomain configures failure domain information for the Nutanix platform.", "type": "object", "required": [ - "url", - "ca", - "certFile", - "keyFile" + "name", + "cluster", + "subnets" ], "properties": { - "ca": { - "description": "ca is the CA for verifying TLS connections", - "type": "string", - "default": "" - }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" + "cluster": { + "description": "cluster is to identify the cluster (the Prism Element under management of the Prism Central), in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixResourceIdentifier" }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "name": { + "description": "name defines the unique name of a failure domain. Name is required and must be at most 64 characters in length. It must consist of only lower case alphanumeric characters and hyphens (-). It must start and end with an alphanumeric character. This value is arbitrary and is used to identify the failure domain within the platform.", "type": "string", "default": "" }, - "url": { - "description": "url is the remote URL to connect to", - "type": "string", - "default": "" + "subnets": { + "description": "subnets holds a list of identifiers (one or more) of the cluster's network subnets If the feature gate NutanixMultiSubnets is enabled, up to 32 subnets may be configured. for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixResourceIdentifier" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.legacyconfig.v1.RequestHeaderAuthenticationOptions": { - "description": "RequestHeaderAuthenticationOptions provides options for setting up a front proxy against the entire API instead of against the /oauth endpoint.", + "com.github.openshift.api.config.v1.NutanixPlatformLoadBalancer": { + "description": "NutanixPlatformLoadBalancer defines the load balancer used by the cluster on Nutanix platform.", + "type": "object", + "properties": { + "type": { + "description": "type defines the type of load balancer used by the cluster on Nutanix platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", + "type": "string", + "default": "OpenShiftManagedDefault" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": {} + } + ] + }, + "com.github.openshift.api.config.v1.NutanixPlatformSpec": { + "description": "NutanixPlatformSpec holds the desired state of the Nutanix infrastructure provider. This only includes fields that can be modified in the cluster.", "type": "object", "required": [ - "clientCA", - "clientCommonNames", - "usernameHeaders", - "groupHeaders", - "extraHeaderPrefixes" + "prismCentral", + "prismElements" ], "properties": { - "clientCA": { - "description": "clientCA is a file with the trusted signer certs. It is required.", - "type": "string", - "default": "" - }, - "clientCommonNames": { - "description": "clientCommonNames is a required list of common names to require a match from.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "extraHeaderPrefixes": { - "description": "extraHeaderPrefixes is the set of request header prefixes to inspect for user extra. X-Remote-Extra- is suggested.", + "failureDomains": { + "description": "failureDomains configures failure domains information for the Nutanix platform. When set, the failure domains defined here may be used to spread Machines across prism element clusters to improve fault tolerance of the cluster.", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixFailureDomain" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "groupHeaders": { - "description": "GroupNameHeader is the set of headers to check for group information. All are unioned.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "prismCentral": { + "description": "prismCentral holds the endpoint address and port to access the Nutanix Prism Central. When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixPrismEndpoint" }, - "usernameHeaders": { - "description": "usernameHeaders is the list of headers to check for user information. First hit wins.", + "prismElements": { + "description": "prismElements holds one or more endpoint address and port data to access the Nutanix Prism Elements (clusters) of the Nutanix Prism Central. Currently we only support one Prism Element (cluster) for an OpenShift cluster, where all the Nutanix resources (VMs, subnets, volumes, etc.) used in the OpenShift cluster are located. In the future, we may support Nutanix resources (VMs, etc.) spread over multiple Prism Elements (clusters) of the Prism Central.", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixPrismElementEndpoint" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.legacyconfig.v1.RequestHeaderIdentityProvider": { - "description": "RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.NutanixPlatformStatus": { + "description": "NutanixPlatformStatus holds the current status of the Nutanix infrastructure provider.", "type": "object", "required": [ - "loginURL", - "challengeURL", - "clientCA", - "clientCommonNames", - "headers", - "preferredUsernameHeaders", - "nameHeaders", - "emailHeaders" + "apiServerInternalIPs", + "ingressIPs" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "apiServerInternalIP": { + "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", "type": "string" }, - "challengeURL": { - "description": "challengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}", - "type": "string", - "default": "" - }, - "clientCA": { - "description": "clientCA is a file with the trusted signer certs. If empty, no request verification is done, and any direct request to the OAuth server can impersonate any identity from this provider, merely by setting a request header.", - "type": "string", - "default": "" - }, - "clientCommonNames": { - "description": "clientCommonNames is an optional list of common names to require a match from. If empty, any client certificate validated against the clientCA bundle is considered authoritative.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "emailHeaders": { - "description": "emailHeaders is the set of headers to check for the email address", + "apiServerInternalIPs": { + "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "set" }, - "headers": { - "description": "headers is the set of headers to check for identity information", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "dnsRecordsType": { + "description": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.\n\nPossible enum values:\n - `\"External\"`\n - `\"Internal\"`", + "type": "string", + "enum": [ + "External", + "Internal" + ] }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "ingressIP": { + "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", "type": "string" }, - "loginURL": { - "description": "loginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}", - "type": "string", - "default": "" - }, - "nameHeaders": { - "description": "nameHeaders is the set of headers to check for the display name", + "ingressIPs": { + "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "set" }, - "preferredUsernameHeaders": { - "description": "preferredUsernameHeaders is the set of headers to check for the preferred username", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "loadBalancer": { + "description": "loadBalancer defines how the load balancer used by the cluster is configured.", + "default": { + "type": "OpenShiftManagedDefault" + }, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixPlatformLoadBalancer" } } }, - "com.github.openshift.api.legacyconfig.v1.RoutingConfig": { - "description": "RoutingConfig holds the necessary configuration options for routing to subdomains", + "com.github.openshift.api.config.v1.NutanixPrismElementEndpoint": { + "description": "NutanixPrismElementEndpoint holds the name and endpoint data for a Prism Element (cluster)", "type": "object", "required": [ - "subdomain" + "name", + "endpoint" ], "properties": { - "subdomain": { - "description": "subdomain is the suffix appended to $service.$namespace. to form the default route hostname DEPRECATED: This field is being replaced by routers setting their own defaults. This is the \"default\" route.", + "endpoint": { + "description": "endpoint holds the endpoint address and port data of the Prism Element (cluster). When a cluster-wide proxy is installed, by default, this endpoint will be accessed via the proxy. Should you wish for communication with this endpoint not to be proxied, please add the endpoint to the proxy spec.noProxy list.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixPrismEndpoint" + }, + "name": { + "description": "name is the name of the Prism Element (cluster). This value will correspond with the cluster field configured on other resources (eg Machines, PVCs, etc).", "type": "string", "default": "" } } }, - "com.github.openshift.api.legacyconfig.v1.SecurityAllocator": { - "description": "SecurityAllocator controls the automatic allocation of UIDs and MCS labels to a project. If nil, allocation is disabled.", + "com.github.openshift.api.config.v1.NutanixPrismEndpoint": { + "description": "NutanixPrismEndpoint holds the endpoint address and port to access the Nutanix Prism Central or Element (cluster)", "type": "object", "required": [ - "uidAllocatorRange", - "mcsAllocatorRange", - "mcsLabelsPerProject" + "address", + "port" ], "properties": { - "mcsAllocatorRange": { - "description": "mcsAllocatorRange defines the range of MCS categories that will be assigned to namespaces. The format is \"/[,]\". The default is \"s0/2\" and will allocate from c0 -> c1023, which means a total of 535k labels are available (1024 choose 2 ~ 535k). If this value is changed after startup, new projects may receive labels that are already allocated to other projects. Prefix may be any valid SELinux set of terms (including user, role, and type), although leaving them as the default will allow the server to set them automatically.\n\nExamples: * s0:/2 - Allocate labels from s0:c0,c0 to s0:c511,c511 * s0:/2,512 - Allocate labels from s0:c0,c0,c0 to s0:c511,c511,511", + "address": { + "description": "address is the endpoint address (DNS name or IP address) of the Nutanix Prism Central or Element (cluster)", "type": "string", "default": "" }, - "mcsLabelsPerProject": { - "description": "mcsLabelsPerProject defines the number of labels that should be reserved per project. The default is 5 to match the default UID and MCS ranges (100k namespaces, 535k/5 labels).", + "port": { + "description": "port is the port number to access the Nutanix Prism Central or Element (cluster)", "type": "integer", "format": "int32", "default": 0 - }, - "uidAllocatorRange": { - "description": "uidAllocatorRange defines the total set of Unix user IDs (UIDs) that will be allocated to projects automatically, and the size of the block each namespace gets. For example, 1000-1999/10 will allocate ten UIDs per namespace, and will be able to allocate up to 100 blocks before running out of space. The default is to allocate from 1 billion to 2 billion in 10k blocks (which is the expected size of the ranges container images will use once user namespaces are started).", - "type": "string", - "default": "" } } }, - "com.github.openshift.api.legacyconfig.v1.ServiceAccountConfig": { - "description": "ServiceAccountConfig holds the necessary configuration options for a service account", + "com.github.openshift.api.config.v1.NutanixResourceIdentifier": { + "description": "NutanixResourceIdentifier holds the identity of a Nutanix PC resource (cluster, image, subnet, etc.)", "type": "object", "required": [ - "managedNames", - "limitSecretReferences", - "privateKeyFile", - "publicKeyFiles", - "masterCA" + "type" ], "properties": { - "limitSecretReferences": { - "description": "limitSecretReferences controls whether or not to allow a service account to reference any secret in a namespace without explicitly referencing them", - "type": "boolean", - "default": false - }, - "managedNames": { - "description": "managedNames is a list of service account names that will be auto-created in every namespace. If no names are specified, the ServiceAccountsController will not be started.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "masterCA": { - "description": "masterCA is the CA for verifying the TLS connection back to the master. The service account controller will automatically inject the contents of this file into pods so they can verify connections to the master.", - "type": "string", - "default": "" + "name": { + "description": "name is the resource name in the PC. It cannot be empty if the type is Name.", + "type": "string" }, - "privateKeyFile": { - "description": "privateKeyFile is a file containing a PEM-encoded private RSA key, used to sign service account tokens. If no private key is specified, the service account TokensController will not be started.", + "type": { + "description": "type is the identifier type to use for this resource.", "type": "string", "default": "" }, - "publicKeyFiles": { - "description": "publicKeyFiles is a list of files, each containing a PEM-encoded public RSA key. (If any file contains a private key, the public portion of the key is used) The list of public keys is used to verify presented service account tokens. Each key is tried in order until the list is exhausted or verification succeeds. If no keys are specified, no service account authentication will be available.", - "type": "array", - "items": { - "type": "string", - "default": "" + "uuid": { + "description": "uuid is the UUID of the resource in the PC. It cannot be empty if the type is UUID.", + "type": "string" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "name": "Name", + "uuid": "UUID" } } - } + ] }, - "com.github.openshift.api.legacyconfig.v1.ServiceServingCert": { - "description": "ServiceServingCert holds configuration for service serving cert signer which creates cert/key pairs for pods fulfilling a service to serve with.", + "com.github.openshift.api.config.v1.OAuth": { + "description": "OAuth holds cluster-wide information about OAuth. The canonical name is `cluster`. It is used to configure the integrated OAuth server. This configuration is only honored when the top level Authentication config has type set to IntegratedOAuth.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "signer" + "metadata", + "spec" ], "properties": { - "signer": { - "description": "signer holds the signing information used to automatically sign serving certificates. If this value is nil, then certs are not signed automatically.", - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.CertInfo" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.OAuthSpec" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.OAuthStatus" } } }, - "com.github.openshift.api.legacyconfig.v1.ServingInfo": { - "description": "ServingInfo holds information about serving web pages", + "com.github.openshift.api.config.v1.OAuthList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "bindAddress", - "bindNetwork", - "certFile", - "keyFile", - "clientCA", - "namedCertificates" + "metadata", + "items" ], "properties": { - "bindAddress": { - "description": "bindAddress is the ip:port to serve on", - "type": "string", - "default": "" - }, - "bindNetwork": { - "description": "bindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", - "type": "string", - "default": "" - }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "cipherSuites": { - "description": "cipherSuites contains an overridden list of ciphers for the server to support. Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants", + "items": { "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.OAuth" } }, - "clientCA": { - "description": "clientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates", - "type": "string", - "default": "" - }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - "type": "string", - "default": "" - }, - "minTLSVersion": { - "description": "minTLSVersion is the minimum TLS version supported. Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "namedCertificates": { - "description": "namedCertificates is a list of certificates to use to secure requests to specific hostnames", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.NamedCertificate" - } + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.legacyconfig.v1.SessionConfig": { - "description": "SessionConfig specifies options for cookie-based sessions. Used by AuthRequestHandlerSession", + "com.github.openshift.api.config.v1.OAuthRemoteConnectionInfo": { + "description": "OAuthRemoteConnectionInfo holds information necessary for establishing a remote connection", "type": "object", "required": [ - "sessionSecretsFile", - "sessionMaxAgeSeconds", - "sessionName" + "url" ], "properties": { - "sessionMaxAgeSeconds": { - "description": "sessionMaxAgeSeconds specifies how long created sessions last. Used by AuthRequestHandlerSession", - "type": "integer", - "format": "int32", - "default": 0 + "ca": { + "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "sessionName": { - "description": "sessionName is the cookie name used to store the session", - "type": "string", - "default": "" + "tlsClientCert": { + "description": "tlsClientCert is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate to present when connecting to the server. The key \"tls.crt\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" }, - "sessionSecretsFile": { - "description": "sessionSecretsFile is a reference to a file containing a serialized SessionSecrets object If no file is specified, a random signing and encryption key are generated at each server start", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.legacyconfig.v1.SessionSecret": { - "description": "SessionSecret is a secret used to authenticate/decrypt cookie-based sessions", - "type": "object", - "required": [ - "authentication", - "encryption" - ], - "properties": { - "authentication": { - "description": "authentication is used to authenticate sessions using HMAC. Recommended to use a secret with 32 or 64 bytes.", - "type": "string", - "default": "" + "tlsClientKey": { + "description": "tlsClientKey is an optional reference to a secret by name that contains the PEM-encoded TLS private key for the client certificate referenced in tlsClientCert. The key \"tls.key\" is used to locate the data. If specified and the secret or expected key is not found, the identity provider is not honored. If the specified certificate data is not valid, the identity provider is not honored. The namespace for this secret is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" }, - "encryption": { - "description": "encryption is used to encrypt sessions. Must be 16, 24, or 32 characters long, to select AES-128, AES-", + "url": { + "description": "url is the remote URL to connect to", "type": "string", "default": "" } } }, - "com.github.openshift.api.legacyconfig.v1.SessionSecrets": { - "description": "SessionSecrets list the secrets to use to sign/encrypt and authenticate/decrypt created sessions.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.OAuthSpec": { + "description": "OAuthSpec contains desired cluster auth configuration", "type": "object", "required": [ - "secrets" + "tokenConfig" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "secrets": { - "description": "secrets is a list of secrets New sessions are signed and encrypted using the first secret. Existing sessions are decrypted/authenticated by each secret until one succeeds. This allows rotating secrets.", + "identityProviders": { + "description": "identityProviders is an ordered list of ways for a user to identify themselves. When this list is empty, no identities are provisioned for users.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.SessionSecret" - } + "$ref": "#/definitions/com.github.openshift.api.config.v1.IdentityProvider" + }, + "x-kubernetes-list-type": "atomic" + }, + "templates": { + "description": "templates allow you to customize pages like the login page.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.OAuthTemplates" + }, + "tokenConfig": { + "description": "tokenConfig contains options for authorization and access tokens", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenConfig" } } }, - "com.github.openshift.api.legacyconfig.v1.SourceStrategyDefaultsConfig": { - "description": "SourceStrategyDefaultsConfig contains values that apply to builds using the source strategy.", + "com.github.openshift.api.config.v1.OAuthStatus": { + "description": "OAuthStatus shows current known state of OAuth server in the cluster", + "type": "object" + }, + "com.github.openshift.api.config.v1.OAuthTemplates": { + "description": "OAuthTemplates allow for customization of pages like the login page", "type": "object", "properties": { - "incremental": { - "description": "incremental indicates if s2i build strategies should perform an incremental build or not", - "type": "boolean" + "error": { + "description": "error is the name of a secret that specifies a go template to use to render error pages during the authentication or grant flow. The key \"errors.html\" is used to locate the template data. If specified and the secret or expected key is not found, the default error page is used. If the specified template is not valid, the default error page is used. If unspecified, the default error page is used. The namespace for this secret is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + }, + "login": { + "description": "login is the name of a secret that specifies a go template to use to render the login page. The key \"login.html\" is used to locate the template data. If specified and the secret or expected key is not found, the default login page is used. If the specified template is not valid, the default login page is used. If unspecified, the default login page is used. The namespace for this secret is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + }, + "providerSelection": { + "description": "providerSelection is the name of a secret that specifies a go template to use to render the provider selection page. The key \"providers.html\" is used to locate the template data. If specified and the secret or expected key is not found, the default provider selection page is used. If the specified template is not valid, the default provider selection page is used. If unspecified, the default provider selection page is used. The namespace for this secret is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" } } }, - "com.github.openshift.api.legacyconfig.v1.StringSource": { - "description": "StringSource allows specifying a string inline, or externally via env var or file. When it contains only a string value, it marshals to a simple JSON string.", + "com.github.openshift.api.config.v1.OIDCClientConfig": { + "description": "OIDCClientConfig configures how platform clients interact with identity providers as an authentication method.", "type": "object", "required": [ - "value", - "env", - "file", - "keyFile" + "componentName", + "componentNamespace", + "clientID" ], "properties": { - "env": { - "description": "env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified.", + "clientID": { + "description": "clientID is a required field that configures the client identifier, from the identity provider, that the platform component uses for authentication requests made to the identity provider. The identity provider must accept this identifier for platform components to be able to use the identity provider as an authentication mode.\n\nclientID must not be an empty string (\"\").", "type": "string", "default": "" }, - "file": { - "description": "file references a file containing the cleartext value, or an encrypted value if a keyFile is specified.", - "type": "string", - "default": "" + "clientSecret": { + "description": "clientSecret is an optional field that configures the client secret used by the platform component when making authentication requests to the identity provider.\n\nWhen not specified, no client secret will be used when making authentication requests to the identity provider.\n\nWhen specified, clientSecret references a Secret in the 'openshift-config' namespace that contains the client secret in the 'clientSecret' key of the '.data' field.\n\nThe client secret will be used when making authentication requests to the identity provider.\n\nPublic clients do not require a client secret but private clients do require a client secret to work with the identity provider.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" }, - "keyFile": { - "description": "keyFile references a file containing the key to use to decrypt the value.", + "componentName": { + "description": "componentName is a required field that specifies the name of the platform component being configured to use the identity provider as an authentication mode.\n\nIt is used in combination with componentNamespace as a unique identifier.\n\ncomponentName must not be an empty string (\"\") and must not exceed 256 characters in length.", "type": "string", "default": "" }, - "value": { - "description": "value specifies the cleartext value, or an encrypted value if keyFile is specified.", + "componentNamespace": { + "description": "componentNamespace is a required field that specifies the namespace in which the platform component being configured to use the identity provider as an authentication mode is running.\n\nIt is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", "type": "string", "default": "" + }, + "extraScopes": { + "description": "extraScopes is an optional field that configures the extra scopes that should be requested by the platform component when making authentication requests to the identity provider. This is useful if you have configured claim mappings that requires specific scopes to be requested beyond the standard OIDC scopes.\n\nWhen omitted, no additional scopes are requested.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" } } }, - "com.github.openshift.api.legacyconfig.v1.StringSourceSpec": { - "description": "StringSourceSpec specifies a string value, or external location", + "com.github.openshift.api.config.v1.OIDCClientReference": { + "description": "OIDCClientReference is a reference to a platform component client configuration.", "type": "object", "required": [ - "value", - "env", - "file", - "keyFile" + "oidcProviderName", + "issuerURL", + "clientID" ], "properties": { - "env": { - "description": "env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified.", - "type": "string", - "default": "" - }, - "file": { - "description": "file references a file containing the cleartext value, or an encrypted value if a keyFile is specified.", + "clientID": { + "description": "clientID is a required field that specifies the client identifier, from the identity provider, that the platform component is using for authentication requests made to the identity provider.\n\nclientID must not be empty.", "type": "string", "default": "" }, - "keyFile": { - "description": "keyFile references a file containing the key to use to decrypt the value.", + "issuerURL": { + "description": "issuerURL is a required field that specifies the URL of the identity provider that this client is configured to make requests against.\n\nissuerURL must use the 'https' scheme.", "type": "string", "default": "" }, - "value": { - "description": "value specifies the cleartext value, or an encrypted value if keyFile is specified.", + "oidcProviderName": { + "description": "oidcProviderName is a required reference to the 'name' of the identity provider configured in 'oidcProviders' that this client is associated with.\n\noidcProviderName must not be an empty string (\"\").", "type": "string", "default": "" } } }, - "com.github.openshift.api.legacyconfig.v1.TokenConfig": { - "description": "TokenConfig holds the necessary configuration options for authorization and access tokens", + "com.github.openshift.api.config.v1.OIDCClientStatus": { + "description": "OIDCClientStatus represents the current state of platform components and how they interact with the configured identity providers.", "type": "object", "required": [ - "authorizeTokenMaxAgeSeconds", - "accessTokenMaxAgeSeconds" + "componentName", + "componentNamespace" ], "properties": { - "accessTokenInactivityTimeoutSeconds": { - "description": "accessTokenInactivityTimeoutSeconds defined the default token inactivity timeout for tokens granted by any client. Setting it to nil means the feature is completely disabled (default) The default setting can be overridden on OAuthClient basis. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Valid values are: - 0: Tokens never time out - X: Tokens time out if there is no activity for X seconds The current minimum allowed value for X is 300 (5 minutes)", - "type": "integer", - "format": "int32" + "componentName": { + "description": "componentName is a required field that specifies the name of the platform component using the identity provider as an authentication mode. It is used in combination with componentNamespace as a unique identifier.\n\ncomponentName must not be an empty string (\"\") and must not exceed 256 characters in length.", + "type": "string", + "default": "" }, - "accessTokenMaxAgeSeconds": { - "description": "accessTokenMaxAgeSeconds defines the maximum age of access tokens", - "type": "integer", - "format": "int32", - "default": 0 + "componentNamespace": { + "description": "componentNamespace is a required field that specifies the namespace in which the platform component using the identity provider as an authentication mode is running.\n\nIt is used in combination with componentName as a unique identifier.\n\ncomponentNamespace must not be an empty string (\"\") and must not exceed 63 characters in length.", + "type": "string", + "default": "" }, - "authorizeTokenMaxAgeSeconds": { - "description": "authorizeTokenMaxAgeSeconds defines the maximum age of authorize tokens", - "type": "integer", - "format": "int32", - "default": 0 - } - } - }, - "com.github.openshift.api.legacyconfig.v1.UserAgentDenyRule": { - "description": "UserAgentDenyRule adds a rejection message that can be used to help a user figure out how to get an approved client", - "type": "object", - "required": [ - "regex", - "httpVerbs", - "rejectionMessage" - ], - "properties": { - "httpVerbs": { - "description": "httpVerbs specifies which HTTP verbs should be matched. An empty list means \"match all verbs\".", + "conditions": { + "description": "conditions are used to communicate the state of the `oidcClients` entry.\n\nSupported conditions include Available, Degraded and Progressing.\n\nIf Available is true, the component is successfully using the configured client. If Degraded is true, that means something has gone wrong trying to handle the client configuration. If Progressing is true, that means the component is taking some action related to the `oidcClients` entry.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "consumingUsers": { + "description": "consumingUsers is an optional list of ServiceAccounts requiring read permissions on the `clientSecret` secret.\n\nconsumingUsers must not exceed 5 entries.", "type": "array", "items": { "type": "string", "default": "" - } - }, - "regex": { - "description": "UserAgentRegex is a regex that is checked against the User-Agent. Known variants of oc clients 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f", - "type": "string", - "default": "" + }, + "x-kubernetes-list-type": "set" }, - "rejectionMessage": { - "description": "rejectionMessage is the message shown when rejecting a client. If it is not a set, the default message is used.", - "type": "string", - "default": "" + "currentOIDCClients": { + "description": "currentOIDCClients is an optional list of clients that the component is currently using.\n\nEntries must have unique issuerURL/clientID pairs.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.OIDCClientReference" + }, + "x-kubernetes-list-map-keys": [ + "issuerURL", + "clientID" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.legacyconfig.v1.UserAgentMatchRule": { - "description": "UserAgentMatchRule describes how to match a given request based on User-Agent and HTTPVerb", + "com.github.openshift.api.config.v1.OIDCProvider": { "type": "object", "required": [ - "regex", - "httpVerbs" + "name", + "issuer", + "claimMappings" ], "properties": { - "httpVerbs": { - "description": "httpVerbs specifies which HTTP verbs should be matched. An empty list means \"match all verbs\".", + "claimMappings": { + "description": "claimMappings is a required field that configures the rules to be used by the Kubernetes API server for translating claims in a JWT token, issued by the identity provider, to a cluster identity.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenClaimMappings" + }, + "claimValidationRules": { + "description": "claimValidationRules is an optional field that configures the rules to be used by the Kubernetes API server for validating the claims in a JWT token issued by the identity provider.\n\nValidation rules are joined via an AND operation.", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenClaimValidationRule" + }, + "x-kubernetes-list-type": "atomic" }, - "regex": { - "description": "UserAgentRegex is a regex that is checked against the User-Agent. Known variants of oc clients 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.legacyconfig.v1.UserAgentMatchingConfig": { - "description": "UserAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!", - "type": "object", - "required": [ - "requiredClients", - "deniedClients", - "defaultRejectionMessage" - ], - "properties": { - "defaultRejectionMessage": { - "description": "defaultRejectionMessage is the message shown when rejecting a client. If it is not a set, a generic message is given.", + "issuer": { + "description": "issuer is a required field that configures how the platform interacts with the identity provider and how tokens issued from the identity provider are evaluated by the Kubernetes API server.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenIssuer" + }, + "name": { + "description": "name is a required field that configures the unique human-readable identifier associated with the identity provider. It is used to distinguish between multiple identity providers and has no impact on token validation or authentication mechanics.\n\nname must not be an empty string (\"\").", "type": "string", "default": "" }, - "deniedClients": { - "description": "If this list is non-empty, then a User-Agent must not match any of the UserAgentRegexes", + "oidcClients": { + "description": "oidcClients is an optional field that configures how on-cluster, platform clients should request tokens from the identity provider. oidcClients must not exceed 20 entries and entries must have unique namespace/name pairs.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.UserAgentDenyRule" - } + "$ref": "#/definitions/com.github.openshift.api.config.v1.OIDCClientConfig" + }, + "x-kubernetes-list-map-keys": [ + "componentNamespace", + "componentName" + ], + "x-kubernetes-list-type": "map" }, - "requiredClients": { - "description": "If this list is non-empty, then a User-Agent must match one of the UserAgentRegexes to be allowed", + "userValidationRules": { + "description": "userValidationRules is an optional field that configures the set of rules used to validate the cluster user identity that was constructed via mapping token claims to user identity attributes. Rules are CEL expressions that must evaluate to 'true' for authentication to succeed. If any rule in the chain of rules evaluates to 'false', authentication will fail. When specified, at least one rule must be specified and no more than 64 rules may be specified.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.UserAgentMatchRule" - } + "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenUserValidationRule" + }, + "x-kubernetes-list-map-keys": [ + "expression" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.legacyconfig.v1.WebhookTokenAuthenticator": { - "description": "WebhookTokenAuthenticators holds the necessary configuation options for external token authenticators", + "com.github.openshift.api.config.v1.ObjectReference": { + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", "type": "object", "required": [ - "configFile", - "cacheTTL" + "group", + "resource", + "name" ], "properties": { - "cacheTTL": { - "description": "cacheTTL indicates how long an authentication result should be cached. It takes a valid time duration string (e.g. \"5m\"). If empty, you get a default timeout of 2 minutes. If zero (e.g. \"0m\"), caching is disabled", + "group": { + "description": "group of the referent.", "type": "string", "default": "" }, - "configFile": { - "description": "configFile is a path to a Kubeconfig file with the webhook configuration", + "name": { + "description": "name of the referent.", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.machine.v1.AWSFailureDomain": { - "description": "AWSFailureDomain configures failure domain information for the AWS platform.", - "type": "object", - "properties": { - "placement": { - "description": "placement configures the placement information for this instance.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.AWSFailureDomainPlacement" }, - "subnet": { - "description": "subnet is a reference to the subnet to use for this instance.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1.AWSResourceReference" - } - } - }, - "com.github.openshift.api.machine.v1.AWSFailureDomainPlacement": { - "description": "AWSFailureDomainPlacement configures the placement information for the AWSFailureDomain.", - "type": "object", - "required": [ - "availabilityZone" - ], - "properties": { - "availabilityZone": { - "description": "availabilityZone is the availability zone of the instance.", + "namespace": { + "description": "namespace of the referent.", + "type": "string" + }, + "resource": { + "description": "resource of the referent.", "type": "string", "default": "" } } }, - "com.github.openshift.api.machine.v1.AWSResourceFilter": { - "description": "AWSResourceFilter is a filter used to identify an AWS resource", + "com.github.openshift.api.config.v1.OldTLSProfile": { + "description": "OldTLSProfile is a TLS security profile based on the \"old\" configuration of the Mozilla Server Side TLS configuration guidelines.", + "type": "object" + }, + "com.github.openshift.api.config.v1.OpenIDClaims": { + "description": "OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider", "type": "object", - "required": [ - "name" - ], "properties": { - "name": { - "description": "name of the filter. Filter names are case-sensitive.", - "type": "string", - "default": "" - }, - "values": { - "description": "values includes one or more filter values. Filter values are case-sensitive.", + "email": { + "description": "email is the list of claims whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", "type": "array", "items": { "type": "string", "default": "" }, "x-kubernetes-list-type": "atomic" - } - } - }, - "com.github.openshift.api.machine.v1.AWSResourceReference": { - "description": "AWSResourceReference is a reference to a specific AWS resource by ID, ARN, or filters. Only one of ID, ARN or Filters may be specified. Specifying more than one will result in a validation error.", - "type": "object", - "required": [ - "type" - ], - "properties": { - "arn": { - "description": "arn of resource.", - "type": "string" }, - "filters": { - "description": "filters is a set of filters used to identify a resource.", + "groups": { + "description": "groups is the list of claims value of which should be used to synchronize groups from the OIDC provider to OpenShift for the user. If multiple claims are specified, the first one with a non-empty value is used.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.AWSResourceFilter" + "type": "string", + "default": "" }, "x-kubernetes-list-type": "atomic" }, - "id": { - "description": "id of resource.", - "type": "string" + "name": { + "description": "name is the list of claims whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "type": { - "description": "type determines how the reference will fetch the AWS resource.", - "type": "string", - "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "arn": "ARN", - "filters": "Filters", - "id": "ID" - } + "preferredUsername": { + "description": "preferredUsername is the list of claims whose values should be used as the preferred username. If unspecified, the preferred username is determined from the value of the sub claim", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } - ] + } }, - "com.github.openshift.api.machine.v1.AlibabaCloudMachineProviderConfig": { - "description": "AlibabaCloudMachineProviderConfig is the Schema for the alibabacloudmachineproviderconfig API Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.OpenIDIdentityProvider": { + "description": "OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials", "type": "object", "required": [ - "instanceType", - "vpcId", - "regionId", - "zoneId", - "imageId", - "vSwitch", - "resourceGroup" + "clientID", + "clientSecret", + "issuer", + "claims" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "bandwidth": { - "description": "bandwidth describes the internet bandwidth strategy for the instance", + "ca": { + "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. If empty, the default system roots are used. The namespace for this config map is openshift-config.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.BandwidthProperties" - }, - "credentialsSecret": { - "description": "credentialsSecret is a reference to the secret with alibabacloud credentials. Otherwise, defaults to permissions provided by attached RAM role where the actuator is running.", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" - }, - "dataDisk": { - "description": "DataDisks holds information regarding the extra disks attached to the instance", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.DataDiskProperties" - } - }, - "imageId": { - "description": "The ID of the image used to create the instance.", - "type": "string", - "default": "" - }, - "instanceType": { - "description": "The instance type of the instance.", - "type": "string", - "default": "" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "claims": { + "description": "claims mappings", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "ramRoleName": { - "description": "ramRoleName is the name of the instance Resource Access Management (RAM) role. This allows the instance to perform API calls as this specified RAM role.", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.config.v1.OpenIDClaims" }, - "regionId": { - "description": "The ID of the region in which to create the instance. You can call the DescribeRegions operation to query the most recent region list.", + "clientID": { + "description": "clientID is the oauth client ID", "type": "string", "default": "" }, - "resourceGroup": { - "description": "resourceGroup references the resource group to which to assign the instance. A reference holds either the resource group ID, the resource name, or the required tags to search. When more than one resource group are returned for a search, an error will be produced and the Machine will not be created. Resource Groups do not support searching by tags.", + "clientSecret": { + "description": "clientSecret is a required reference to the secret by name containing the oauth client secret. The key \"clientSecret\" is used to locate the data. If the secret or expected key is not found, the identity provider is not honored. The namespace for this secret is openshift-config.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.AlibabaResourceReference" + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" }, - "securityGroups": { - "description": "securityGroups is a list of security group references to assign to the instance. A reference holds either the security group ID, the resource name, or the required tags to search. When more than one security group is returned for a tag search, all the groups are associated with the instance up to the maximum number of security groups to which an instance can belong. For more information, see the \"Security group limits\" section in Limits. https://www.alibabacloud.com/help/en/doc-detail/25412.htm", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.AlibabaResourceReference" + "extraAuthorizeParameters": { + "description": "extraAuthorizeParameters are any custom parameters to add to the authorize request.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" } }, - "systemDisk": { - "description": "systemDisk holds the properties regarding the system disk for the instance", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.SystemDiskProperties" - }, - "tag": { - "description": "Tags are the set of metadata to add to an instance.", + "extraScopes": { + "description": "extraScopes are any scopes to request in addition to the standard \"openid\" scope.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.Tag" + "type": "string", + "default": "" } }, - "tenancy": { - "description": "tenancy specifies whether to create the instance on a dedicated host. Valid values:\n\ndefault: creates the instance on a non-dedicated host. host: creates the instance on a dedicated host. If you do not specify the DedicatedHostID parameter, Alibaba Cloud automatically selects a dedicated host for the instance. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `default`.", - "type": "string" - }, - "userDataSecret": { - "description": "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" - }, - "vSwitch": { - "description": "vSwitch is a reference to the vswitch to use for this instance. A reference holds either the vSwitch ID, the resource name, or the required tags to search. When more than one vSwitch is returned for a tag search, only the first vSwitch returned will be used. This parameter is required when you create an instance of the VPC type. You can call the DescribeVSwitches operation to query the created vSwitches.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.AlibabaResourceReference" - }, - "vpcId": { - "description": "The ID of the vpc", - "type": "string", - "default": "" - }, - "zoneId": { - "description": "The ID of the zone in which to create the instance. You can call the DescribeZones operation to query the most recent region list.", + "issuer": { + "description": "issuer is the URL that the OpenID Provider asserts as its Issuer Identifier. It must use the https scheme with no query or fragment component.", "type": "string", "default": "" } } }, - "com.github.openshift.api.machine.v1.AlibabaCloudMachineProviderConfigList": { - "description": "AlibabaCloudMachineProviderConfigList contains a list of AlibabaCloudMachineProviderConfig Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.OpenStackPlatformLoadBalancer": { + "description": "OpenStackPlatformLoadBalancer defines the load balancer used by the cluster on OpenStack platform.", "type": "object", - "required": [ - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { + "type": { + "description": "type defines the type of load balancer used by the cluster on OpenStack platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", + "type": "string", + "default": "OpenShiftManagedDefault" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": {} + } + ] + }, + "com.github.openshift.api.config.v1.OpenStackPlatformSpec": { + "description": "OpenStackPlatformSpec holds the desired state of the OpenStack infrastructure provider. This only includes fields that can be modified in the cluster.", + "type": "object", + "properties": { + "apiServerInternalIPs": { + "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.AlibabaCloudMachineProviderConfig" - } + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "ingressIPs": { + "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "machineNetworks": { + "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example \"10.0.0.0/8\" or \"fd00::/8\".", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.machine.v1.AlibabaCloudMachineProviderStatus": { - "description": "AlibabaCloudMachineProviderStatus is the Schema for the alibabacloudmachineproviderconfig API Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.OpenStackPlatformStatus": { + "description": "OpenStackPlatformStatus holds the current status of the OpenStack infrastructure provider.", "type": "object", + "required": [ + "apiServerInternalIPs", + "ingressIPs" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "apiServerInternalIP": { + "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", "type": "string" }, - "conditions": { - "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status", + "apiServerInternalIPs": { + "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" }, - "instanceId": { - "description": "instanceId is the instance ID of the machine created in alibabacloud", + "cloudName": { + "description": "cloudName is the name of the desired OpenStack cloud in the client configuration file (`clouds.yaml`).", "type": "string" }, - "instanceState": { - "description": "instanceState is the state of the alibabacloud instance for this machine", - "type": "string" + "dnsRecordsType": { + "description": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.\n\nPossible enum values:\n - `\"External\"`\n - `\"Internal\"`", + "type": "string", + "enum": [ + "External", + "Internal" + ] }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "ingressIP": { + "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - } - }, - "com.github.openshift.api.machine.v1.AlibabaResourceReference": { - "description": "ResourceTagReference is a reference to a specific AlibabaCloud resource by ID, or tags. Only one of ID or Tags may be specified. Specifying more than one will result in a validation error.", - "type": "object", - "required": [ - "type" - ], - "properties": { - "id": { - "description": "id of resource", - "type": "string" + "ingressIPs": { + "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "name": { - "description": "name of the resource", - "type": "string" + "loadBalancer": { + "description": "loadBalancer defines how the load balancer used by the cluster is configured.", + "default": { + "type": "OpenShiftManagedDefault" + }, + "$ref": "#/definitions/com.github.openshift.api.config.v1.OpenStackPlatformLoadBalancer" }, - "tags": { - "description": "tags is a set of metadata based upon ECS object tags used to identify a resource. For details about usage when multiple resources are found, please see the owning parent field documentation.", + "machineNetworks": { + "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.Tag" - } + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "type": { - "description": "type identifies the resource reference type for this entry.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.machine.v1.AzureFailureDomain": { - "description": "AzureFailureDomain configures failure domain information for the Azure platform.", - "type": "object", - "required": [ - "zone" - ], - "properties": { - "subnet": { - "description": "subnet is the name of the network subnet in which the VM will be created. When omitted, the subnet value from the machine providerSpec template will be used.", + "nodeDNSIP": { + "description": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for OpenStack deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", "type": "string" - }, - "zone": { - "description": "Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone.", - "type": "string", - "default": "" } } - }, - "com.github.openshift.api.machine.v1.BandwidthProperties": { - "description": "Bandwidth describes the bandwidth strategy for the network of the instance", + }, + "com.github.openshift.api.config.v1.OperandVersion": { "type": "object", + "required": [ + "name", + "version" + ], "properties": { - "internetMaxBandwidthIn": { - "description": "internetMaxBandwidthIn is the maximum inbound public bandwidth. Unit: Mbit/s. Valid values: When the purchased outbound public bandwidth is less than or equal to 10 Mbit/s, the valid values of this parameter are 1 to 10. Currently the default is `10` when outbound bandwidth is less than or equal to 10 Mbit/s. When the purchased outbound public bandwidth is greater than 10, the valid values are 1 to the InternetMaxBandwidthOut value. Currently the default is the value used for `InternetMaxBandwidthOut` when outbound public bandwidth is greater than 10.", - "type": "integer", - "format": "int64" + "name": { + "description": "name is the name of the particular operand this version is for. It usually matches container images, not operators.", + "type": "string", + "default": "" }, - "internetMaxBandwidthOut": { - "description": "internetMaxBandwidthOut is the maximum outbound public bandwidth. Unit: Mbit/s. Valid values: 0 to 100. When a value greater than 0 is used then a public IP address is assigned to the instance. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `0`", - "type": "integer", - "format": "int64" + "version": { + "description": "version indicates which version of a particular operand is currently being managed. It must always match the Available operand. If 1.0.0 is Available, then this must indicate 1.0.0 even if the operator is trying to rollout 1.1.0", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.machine.v1.ControlPlaneMachineSet": { - "description": "ControlPlaneMachineSet ensures that a specified number of control plane machine replicas are running at any given time. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.OperatorHub": { + "description": "OperatorHub is the Schema for the operatorhubs API. It can be used to change the state of the default hub sources for OperatorHub on the cluster from enabled to disabled and vice versa.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "spec", + "status" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -21869,22 +21554,23 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.ControlPlaneMachineSetSpec" + "$ref": "#/definitions/com.github.openshift.api.config.v1.OperatorHubSpec" }, "status": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.ControlPlaneMachineSetStatus" + "$ref": "#/definitions/com.github.openshift.api.config.v1.OperatorHubStatus" } } }, - "com.github.openshift.api.machine.v1.ControlPlaneMachineSetList": { - "description": "ControlPlaneMachineSetList contains a list of ControlPlaneMachineSet Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.OperatorHubList": { + "description": "OperatorHubList contains a list of OperatorHub\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -21896,7 +21582,7 @@ "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.ControlPlaneMachineSet" + "$ref": "#/definitions/com.github.openshift.api.config.v1.OperatorHub" } }, "kind": { @@ -21906,2950 +21592,2795 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.machine.v1.ControlPlaneMachineSetSpec": { - "description": "ControlPlaneMachineSet represents the configuration of the ControlPlaneMachineSet.", + "com.github.openshift.api.config.v1.OperatorHubSpec": { + "description": "OperatorHubSpec defines the desired state of OperatorHub", "type": "object", - "required": [ - "replicas", - "selector", - "template" - ], "properties": { - "machineNamePrefix": { - "description": "machineNamePrefix is the prefix used when creating machine names. Each machine name will consist of this prefix, followed by a randomly generated string of 5 characters, and the index of the machine. It must be a lowercase RFC 1123 subdomain, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.'). Each block, separated by periods, must start and end with an alphanumeric character. Hyphens are not allowed at the start or end of a block, and consecutive periods are not permitted. The prefix must be between 1 and 245 characters in length. For example, if machineNamePrefix is set to 'control-plane', and three machines are created, their names might be: control-plane-abcde-0, control-plane-fghij-1, control-plane-klmno-2", - "type": "string" - }, - "replicas": { - "description": "replicas defines how many Control Plane Machines should be created by this ControlPlaneMachineSet. This field is immutable and cannot be changed after cluster installation. The ControlPlaneMachineSet only operates with 3 or 5 node control planes, 3 and 5 are the only valid values for this field.", - "type": "integer", - "format": "int32" - }, - "selector": { - "description": "Label selector for Machines. Existing Machines selected by this selector will be the ones affected by this ControlPlaneMachineSet. It must match the template's labels. This field is considered immutable after creation of the resource.", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" - }, - "state": { - "description": "state defines whether the ControlPlaneMachineSet is Active or Inactive. When Inactive, the ControlPlaneMachineSet will not take any action on the state of the Machines within the cluster. When Active, the ControlPlaneMachineSet will reconcile the Machines and will update the Machines as necessary. Once Active, a ControlPlaneMachineSet cannot be made Inactive. To prevent further action please remove the ControlPlaneMachineSet.", - "type": "string", - "default": "Inactive" - }, - "strategy": { - "description": "strategy defines how the ControlPlaneMachineSet will update Machines when it detects a change to the ProviderSpec.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.ControlPlaneMachineSetStrategy" + "disableAllDefaultSources": { + "description": "disableAllDefaultSources allows you to disable all the default hub sources. If this is true, a specific entry in sources can be used to enable a default source. If this is false, a specific entry in sources can be used to disable or enable a default source.", + "type": "boolean" }, - "template": { - "description": "template describes the Control Plane Machines that will be created by this ControlPlaneMachineSet.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.ControlPlaneMachineSetTemplate" + "sources": { + "description": "sources is the list of default hub sources and their configuration. If the list is empty, it implies that the default hub sources are enabled on the cluster unless disableAllDefaultSources is true. If disableAllDefaultSources is true and sources is not empty, the configuration present in sources will take precedence. The list of default hub sources and their current state will always be reflected in the status block.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.HubSource" + } } } }, - "com.github.openshift.api.machine.v1.ControlPlaneMachineSetStatus": { - "description": "ControlPlaneMachineSetStatus represents the status of the ControlPlaneMachineSet CRD.", + "com.github.openshift.api.config.v1.OperatorHubStatus": { + "description": "OperatorHubStatus defines the observed state of OperatorHub. The current state of the default hub sources will always be reflected here.", "type": "object", "properties": { - "conditions": { - "description": "conditions represents the observations of the ControlPlaneMachineSet's current state. Known .status.conditions.type are: Available, Degraded and Progressing.", + "sources": { + "description": "sources encapsulates the result of applying the configuration for each hub source", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "$ref": "#/definitions/com.github.openshift.api.config.v1.HubSourceStatus" + } + } + } + }, + "com.github.openshift.api.config.v1.OvirtPlatformLoadBalancer": { + "description": "OvirtPlatformLoadBalancer defines the load balancer used by the cluster on Ovirt platform.", + "type": "object", + "properties": { + "type": { + "description": "type defines the type of load balancer used by the cluster on Ovirt platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", + "type": "string", + "default": "OpenShiftManagedDefault" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": {} + } + ] + }, + "com.github.openshift.api.config.v1.OvirtPlatformSpec": { + "description": "OvirtPlatformSpec holds the desired state of the oVirt infrastructure provider. This only includes fields that can be modified in the cluster.", + "type": "object" + }, + "com.github.openshift.api.config.v1.OvirtPlatformStatus": { + "description": "OvirtPlatformStatus holds the current status of the oVirt infrastructure provider.", + "type": "object", + "required": [ + "apiServerInternalIPs", + "ingressIPs" + ], + "properties": { + "apiServerInternalIP": { + "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", + "type": "string" + }, + "apiServerInternalIPs": { + "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", + "type": "array", + "items": { + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "set" }, - "observedGeneration": { - "description": "observedGeneration is the most recent generation observed for this ControlPlaneMachineSet. It corresponds to the ControlPlaneMachineSets's generation, which is updated on mutation by the API Server.", - "type": "integer", - "format": "int64" + "dnsRecordsType": { + "description": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.\n\nPossible enum values:\n - `\"External\"`\n - `\"Internal\"`", + "type": "string", + "enum": [ + "External", + "Internal" + ] }, - "readyReplicas": { - "description": "readyReplicas is the number of Control Plane Machines created by the ControlPlaneMachineSet controller which are ready. Note that this value may be higher than the desired number of replicas while rolling updates are in-progress.", - "type": "integer", - "format": "int32" + "ingressIP": { + "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", + "type": "string" }, - "replicas": { - "description": "replicas is the number of Control Plane Machines created by the ControlPlaneMachineSet controller. Note that during update operations this value may differ from the desired replica count.", - "type": "integer", - "format": "int32" + "ingressIPs": { + "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" }, - "unavailableReplicas": { - "description": "unavailableReplicas is the number of Control Plane Machines that are still required before the ControlPlaneMachineSet reaches the desired available capacity. When this value is non-zero, the number of ReadyReplicas is less than the desired Replicas.", - "type": "integer", - "format": "int32" + "loadBalancer": { + "description": "loadBalancer defines how the load balancer used by the cluster is configured.", + "default": { + "type": "OpenShiftManagedDefault" + }, + "$ref": "#/definitions/com.github.openshift.api.config.v1.OvirtPlatformLoadBalancer" }, - "updatedReplicas": { - "description": "updatedReplicas is the number of non-terminated Control Plane Machines created by the ControlPlaneMachineSet controller that have the desired provider spec and are ready. This value is set to 0 when a change is detected to the desired spec. When the update strategy is RollingUpdate, this will also coincide with starting the process of updating the Machines. When the update strategy is OnDelete, this value will remain at 0 until a user deletes an existing replica and its replacement has become ready.", - "type": "integer", - "format": "int32" + "nodeDNSIP": { + "description": "deprecated: as of 4.6, this field is no longer set or honored. It will be removed in a future release.", + "type": "string" } } }, - "com.github.openshift.api.machine.v1.ControlPlaneMachineSetStrategy": { - "description": "ControlPlaneMachineSetStrategy defines the strategy for applying updates to the Control Plane Machines managed by the ControlPlaneMachineSet.", + "com.github.openshift.api.config.v1.PKICertificateSubject": { + "description": "PKICertificateSubject defines the requirements imposed on the subject to which the certificate was issued.", "type": "object", "properties": { - "type": { - "description": "type defines the type of update strategy that should be used when updating Machines owned by the ControlPlaneMachineSet. Valid values are \"RollingUpdate\" and \"OnDelete\". The current default value is \"RollingUpdate\".", - "type": "string", - "default": "RollingUpdate" + "email": { + "description": "email specifies the expected email address imposed on the subject to which the certificate was issued, and must match the email address listed in the Subject Alternative Name (SAN) field of the certificate. The email must be a valid email address and at most 320 characters in length.", + "type": "string" + }, + "hostname": { + "description": "hostname specifies the expected hostname imposed on the subject to which the certificate was issued, and it must match the hostname listed in the Subject Alternative Name (SAN) DNS field of the certificate. The hostname must be a valid dns 1123 subdomain name, optionally prefixed by '*.', and at most 253 characters in length. It must consist only of lowercase alphanumeric characters, hyphens, periods and the optional preceding asterisk.", + "type": "string" } } }, - "com.github.openshift.api.machine.v1.ControlPlaneMachineSetTemplate": { - "description": "ControlPlaneMachineSetTemplate is a template used by the ControlPlaneMachineSet to create the Machines that it will manage in the future.", + "com.github.openshift.api.config.v1.PersistentVolumeClaimReference": { + "description": "PersistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", "type": "object", "required": [ - "machineType" + "name" ], "properties": { - "machineType": { - "description": "machineType determines the type of Machines that should be managed by the ControlPlaneMachineSet. Currently, the only valid value is machines_v1beta1_machine_openshift_io.", - "type": "string", - "default": "" - }, - "machines_v1beta1_machine_openshift_io": { - "description": "OpenShiftMachineV1Beta1Machine defines the template for creating Machines from the v1beta1.machine.openshift.io API group.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1.OpenShiftMachineV1Beta1MachineTemplate" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "machineType", - "fields-to-discriminateBy": { - "machines_v1beta1_machine_openshift_io": "OpenShiftMachineV1Beta1Machine" - } + "name": { + "description": "name is the name of the PersistentVolumeClaim that will be used to store the Insights data archive. It is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", + "type": "string" } - ] + } }, - "com.github.openshift.api.machine.v1.ControlPlaneMachineSetTemplateObjectMeta": { - "description": "ControlPlaneMachineSetTemplateObjectMeta is a subset of the metav1.ObjectMeta struct. It allows users to specify labels and annotations that will be copied onto Machines created from this template.", + "com.github.openshift.api.config.v1.PersistentVolumeConfig": { + "description": "PersistentVolumeConfig provides configuration options for PersistentVolume storage.", "type": "object", "required": [ - "labels" + "claim" ], "properties": { - "annotations": { - "description": "annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "claim": { + "description": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.PersistentVolumeClaimReference" }, - "labels": { - "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels. This field must contain both the 'machine.openshift.io/cluster-api-machine-role' and 'machine.openshift.io/cluster-api-machine-type' labels, both with a value of 'master'. It must also contain a label with the key 'machine.openshift.io/cluster-api-cluster'.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "mountPath": { + "description": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", + "type": "string" } } }, - "com.github.openshift.api.machine.v1.DataDiskProperties": { - "description": "DataDisk contains the information regarding the datadisk attached to an instance", + "com.github.openshift.api.config.v1.PlatformSpec": { + "description": "PlatformSpec holds the desired state specific to the underlying infrastructure provider of the current cluster. Since these are used at spec-level for the underlying cluster, it is supposed that only one of the spec structs is set.", "type": "object", + "required": [ + "type" + ], "properties": { - "Category": { - "description": "Category describes the type of data disk N. Valid values: cloud_efficiency: ultra disk cloud_ssd: standard SSD cloud_essd: ESSD cloud: basic disk Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently for non-I/O optimized instances of retired instance types, the default is `cloud`. Currently for other instances, the default is `cloud_efficiency`.", - "type": "string", - "default": "" + "alibabaCloud": { + "description": "alibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.AlibabaCloudPlatformSpec" }, - "DiskEncryption": { - "description": "DiskEncryption specifies whether to encrypt data disk N.\n\nEmpty value means the platform chooses a default, which is subject to change over time. Currently the default is `disabled`.", - "type": "string", - "default": "" + "aws": { + "description": "aws contains settings specific to the Amazon Web Services infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSPlatformSpec" }, - "DiskPreservation": { - "description": "DiskPreservation specifies whether to release data disk N along with the instance. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `DeleteWithInstance`", - "type": "string", - "default": "" + "azure": { + "description": "azure contains settings specific to the Azure infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.AzurePlatformSpec" }, - "KMSKeyID": { - "description": "KMSKeyID is the ID of the Key Management Service (KMS) key to be used by data disk N. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `\"\"` which is interpreted as do not use KMSKey encryption.", - "type": "string", - "default": "" + "baremetal": { + "description": "baremetal contains settings specific to the BareMetal platform.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.BareMetalPlatformSpec" }, - "Name": { - "description": "Name is the name of data disk N. If the name is specified the name must be 2 to 128 characters in length. It must start with a letter and cannot start with http:// or https://. It can contain letters, digits, colons (:), underscores (_), and hyphens (-).\n\nEmpty value means the platform chooses a default, which is subject to change over time. Currently the default is `\"\"`.", - "type": "string", - "default": "" + "equinixMetal": { + "description": "equinixMetal contains settings specific to the Equinix Metal infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.EquinixMetalPlatformSpec" }, - "PerformanceLevel": { - "description": "PerformanceLevel is the performance level of the ESSD used as as data disk N. The N value must be the same as that in DataDisk.N.Category when DataDisk.N.Category is set to cloud_essd. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is `PL1`. Valid values:\n\nPL0: A single ESSD can deliver up to 10,000 random read/write IOPS. PL1: A single ESSD can deliver up to 50,000 random read/write IOPS. PL2: A single ESSD can deliver up to 100,000 random read/write IOPS. PL3: A single ESSD can deliver up to 1,000,000 random read/write IOPS. For more information about ESSD performance levels, see ESSDs.", - "type": "string", - "default": "" + "external": { + "description": "ExternalPlatformType represents generic infrastructure provider. Platform-specific components should be supplemented separately.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.ExternalPlatformSpec" }, - "Size": { - "description": "Size of the data disk N. Valid values of N: 1 to 16. Unit: GiB. Valid values:\n\nValid values when DataDisk.N.Category is set to cloud_efficiency: 20 to 32768 Valid values when DataDisk.N.Category is set to cloud_ssd: 20 to 32768 Valid values when DataDisk.N.Category is set to cloud_essd: 20 to 32768 Valid values when DataDisk.N.Category is set to cloud: 5 to 2000 The value of this parameter must be greater than or equal to the size of the snapshot specified by the SnapshotID parameter.", - "type": "integer", - "format": "int64", - "default": 0 + "gcp": { + "description": "gcp contains settings specific to the Google Cloud Platform infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.GCPPlatformSpec" }, - "SnapshotID": { - "description": "SnapshotID is the ID of the snapshot used to create data disk N. Valid values of N: 1 to 16.\n\nWhen the DataDisk.N.SnapshotID parameter is specified, the DataDisk.N.Size parameter is ignored. The data disk is created based on the size of the specified snapshot. Use snapshots created after July 15, 2013. Otherwise, an error is returned and your request is rejected.", + "ibmcloud": { + "description": "ibmcloud contains settings specific to the IBMCloud infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.IBMCloudPlatformSpec" + }, + "kubevirt": { + "description": "kubevirt contains settings specific to the kubevirt infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.KubevirtPlatformSpec" + }, + "nutanix": { + "description": "nutanix contains settings specific to the Nutanix infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixPlatformSpec" + }, + "openstack": { + "description": "openstack contains settings specific to the OpenStack infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.OpenStackPlatformSpec" + }, + "ovirt": { + "description": "ovirt contains settings specific to the oVirt infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.OvirtPlatformSpec" + }, + "powervs": { + "description": "powervs contains settings specific to the IBM Power Systems Virtual Servers infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.PowerVSPlatformSpec" + }, + "type": { + "description": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"IBMCloud\", \"KubeVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\", \"External\", and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.", "type": "string", "default": "" + }, + "vsphere": { + "description": "vsphere contains settings specific to the VSphere infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformSpec" } } }, - "com.github.openshift.api.machine.v1.FailureDomains": { - "description": "FailureDomain represents the different configurations required to spread Machines across failure domains on different platforms.", + "com.github.openshift.api.config.v1.PlatformStatus": { + "description": "PlatformStatus holds the current status specific to the underlying infrastructure provider of the current cluster. Since these are used at status-level for the underlying cluster, it is supposed that only one of the status structs is set.", "type": "object", "required": [ - "platform" + "type" ], "properties": { + "alibabaCloud": { + "description": "alibabaCloud contains settings specific to the Alibaba Cloud infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.AlibabaCloudPlatformStatus" + }, "aws": { - "description": "aws configures failure domain information for the AWS platform.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.AWSFailureDomain" - }, - "x-kubernetes-list-type": "atomic" + "description": "aws contains settings specific to the Amazon Web Services infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.AWSPlatformStatus" }, "azure": { - "description": "azure configures failure domain information for the Azure platform.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.AzureFailureDomain" - }, - "x-kubernetes-list-type": "atomic" + "description": "azure contains settings specific to the Azure infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.AzurePlatformStatus" + }, + "baremetal": { + "description": "baremetal contains settings specific to the BareMetal platform.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.BareMetalPlatformStatus" + }, + "equinixMetal": { + "description": "equinixMetal contains settings specific to the Equinix Metal infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.EquinixMetalPlatformStatus" + }, + "external": { + "description": "external contains settings specific to the generic External infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.ExternalPlatformStatus" }, "gcp": { - "description": "gcp configures failure domain information for the GCP platform.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.GCPFailureDomain" - }, - "x-kubernetes-list-type": "atomic" + "description": "gcp contains settings specific to the Google Cloud Platform infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.GCPPlatformStatus" + }, + "ibmcloud": { + "description": "ibmcloud contains settings specific to the IBMCloud infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.IBMCloudPlatformStatus" + }, + "kubevirt": { + "description": "kubevirt contains settings specific to the kubevirt infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.KubevirtPlatformStatus" }, "nutanix": { - "description": "nutanix configures failure domain information for the Nutanix platform.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixFailureDomainReference" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "description": "nutanix contains settings specific to the Nutanix infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.NutanixPlatformStatus" }, "openstack": { - "description": "openstack configures failure domain information for the OpenStack platform.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.OpenStackFailureDomain" - }, - "x-kubernetes-list-type": "atomic" + "description": "openstack contains settings specific to the OpenStack infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.OpenStackPlatformStatus" }, - "platform": { - "description": "platform identifies the platform for which the FailureDomain represents. Currently supported values are AWS, Azure, GCP, OpenStack, VSphere and Nutanix.", + "ovirt": { + "description": "ovirt contains settings specific to the oVirt infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.OvirtPlatformStatus" + }, + "powervs": { + "description": "powervs contains settings specific to the Power Systems Virtual Servers infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.PowerVSPlatformStatus" + }, + "type": { + "description": "type is the underlying infrastructure provider for the cluster. This value controls whether infrastructure automation such as service load balancers, dynamic volume provisioning, machine creation and deletion, and other integrations are enabled. If None, no infrastructure automation is enabled. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components may not support all platforms, and must handle unrecognized platforms as None if they do not support that platform.\n\nThis value will be synced with to the `status.platform` and `status.platformStatus.type`. Currently this value cannot be changed once set.", "type": "string", "default": "" }, "vsphere": { - "description": "vsphere configures failure domain information for the VSphere platform.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.VSphereFailureDomain" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "platform", - "fields-to-discriminateBy": { - "aws": "AWS", - "azure": "Azure", - "gcp": "GCP", - "nutanix": "Nutanix", - "openstack": "OpenStack", - "vsphere": "VSphere" - } + "description": "vsphere contains settings specific to the VSphere infrastructure provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformStatus" } - ] + } }, - "com.github.openshift.api.machine.v1.GCPFailureDomain": { - "description": "GCPFailureDomain configures failure domain information for the GCP platform", + "com.github.openshift.api.config.v1.PolicyFulcioSubject": { + "description": "PolicyFulcioSubject defines the OIDC issuer and the email of the Fulcio authentication configuration.", "type": "object", "required": [ - "zone" + "oidcIssuer", + "signedEmail" ], "properties": { - "zone": { - "description": "zone is the zone in which the GCP machine provider will create the VM.", + "oidcIssuer": { + "description": "oidcIssuer is a required filed contains the expected OIDC issuer. The oidcIssuer must be a valid URL and at most 2048 characters in length. It will be verified that the Fulcio-issued certificate contains a (Fulcio-defined) certificate extension pointing at this OIDC issuer URL. When Fulcio issues certificates, it includes a value based on an URL inside the client-provided ID token. Example: \"https://expected.OIDC.issuer/\"", + "type": "string", + "default": "" + }, + "signedEmail": { + "description": "signedEmail is a required field holds the email address that the Fulcio certificate is issued for. The signedEmail must be a valid email address and at most 320 characters in length. Example: \"expected-signing-user@example.com\"", "type": "string", "default": "" } } }, - "com.github.openshift.api.machine.v1.LoadBalancerReference": { - "description": "LoadBalancerReference is a reference to a load balancer on IBM Cloud virtual private cloud(VPC).", + "com.github.openshift.api.config.v1.PolicyIdentity": { + "description": "PolicyIdentity defines image identity the signature claims about the image. When omitted, the default matchPolicy is \"MatchRepoDigestOrExact\".", "type": "object", "required": [ - "name", - "type" + "matchPolicy" ], "properties": { - "name": { - "description": "name of the LoadBalancer in IBM Cloud VPC. The name should be between 1 and 63 characters long and may consist of lowercase alphanumeric characters and hyphens only. The value must not end with a hyphen. It is a reference to existing LoadBalancer created by openshift installer component.", - "type": "string", - "default": "" + "exactRepository": { + "description": "exactRepository specifies the repository that must be exactly matched by the identity in the signature. exactRepository is required if matchPolicy is set to \"ExactRepository\". It is used to verify that the signature claims an identity matching this exact repository, rather than the original image identity.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyMatchExactRepository" }, - "type": { - "description": "type of the LoadBalancer service supported by IBM Cloud VPC. Currently, only Application LoadBalancer is supported. More details about Application LoadBalancer https://cloud.ibm.com/docs/vpc?topic=vpc-load-balancers-about&interface=ui Supported values are Application.", + "matchPolicy": { + "description": "matchPolicy is a required filed specifies matching strategy to verify the image identity in the signature against the image scope. Allowed values are \"MatchRepoDigestOrExact\", \"MatchRepository\", \"ExactRepository\", \"RemapIdentity\". When omitted, the default value is \"MatchRepoDigestOrExact\". When set to \"MatchRepoDigestOrExact\", the identity in the signature must be in the same repository as the image identity if the image identity is referenced by a digest. Otherwise, the identity in the signature must be the same as the image identity. When set to \"MatchRepository\", the identity in the signature must be in the same repository as the image identity. When set to \"ExactRepository\", the exactRepository must be specified. The identity in the signature must be in the same repository as a specific identity specified by \"repository\". When set to \"RemapIdentity\", the remapIdentity must be specified. The signature must be in the same as the remapped image identity. Remapped image identity is obtained by replacing the \"prefix\" with the specified “signedPrefix” if the the image identity matches the specified remapPrefix.", "type": "string", "default": "" + }, + "remapIdentity": { + "description": "remapIdentity specifies the prefix remapping rule for verifying image identity. remapIdentity is required if matchPolicy is set to \"RemapIdentity\". It is used to verify that the signature claims a different registry/repository prefix than the original image.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.PolicyMatchRemapIdentity" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "matchPolicy", + "fields-to-discriminateBy": { + "exactRepository": "PolicyMatchExactRepository", + "remapIdentity": "PolicyMatchRemapIdentity" + } } - } + ] }, - "com.github.openshift.api.machine.v1.NutanixCategory": { - "description": "NutanixCategory identifies a pair of prism category key and value", + "com.github.openshift.api.config.v1.PolicyMatchExactRepository": { "type": "object", "required": [ - "key", - "value" + "repository" ], "properties": { - "key": { - "description": "key is the prism category key name", - "type": "string", - "default": "" - }, - "value": { - "description": "value is the prism category value associated with the key", + "repository": { + "description": "repository is the reference of the image identity to be matched. repository is required if matchPolicy is set to \"ExactRepository\". The value should be a repository name (by omitting the tag or digest) in a registry implementing the \"Docker Registry HTTP API V2\". For example, docker.io/library/busybox", "type": "string", "default": "" } } }, - "com.github.openshift.api.machine.v1.NutanixFailureDomainReference": { - "description": "NutanixFailureDomainReference refers to the failure domain of the Nutanix platform.", + "com.github.openshift.api.config.v1.PolicyMatchRemapIdentity": { "type": "object", "required": [ - "name" + "prefix", + "signedPrefix" ], "properties": { - "name": { - "description": "name of the failure domain in which the nutanix machine provider will create the VM. Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource.", + "prefix": { + "description": "prefix is required if matchPolicy is set to \"RemapIdentity\". prefix is the prefix of the image identity to be matched. If the image identity matches the specified prefix, that prefix is replaced by the specified “signedPrefix” (otherwise it is used as unchanged and no remapping takes place). This is useful when verifying signatures for a mirror of some other repository namespace that preserves the vendor’s repository structure. The prefix and signedPrefix values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", + "type": "string", + "default": "" + }, + "signedPrefix": { + "description": "signedPrefix is required if matchPolicy is set to \"RemapIdentity\". signedPrefix is the prefix of the image identity to be matched in the signature. The format is the same as \"prefix\". The values can be either host[:port] values (matching exactly the same host[:port], string), repository namespaces, or repositories (i.e. they must not contain tags/digests), and match as prefixes of the fully expanded form. For example, docker.io/library/busybox (not busybox) to specify that single repository, or docker.io/library (not an empty string) to specify the parent namespace of docker.io/library/busybox.", "type": "string", "default": "" } } }, - "com.github.openshift.api.machine.v1.NutanixGPU": { - "description": "NutanixGPU holds the identity of a Nutanix GPU resource in the Prism Central", + "com.github.openshift.api.config.v1.PolicyRootOfTrust": { + "description": "PolicyRootOfTrust defines the root of trust based on the selected policyType.", "type": "object", "required": [ - "type" + "policyType" ], "properties": { - "deviceID": { - "description": "deviceID is the GPU device ID with the integer value.", - "type": "integer", - "format": "int32" + "fulcioCAWithRekor": { + "description": "fulcioCAWithRekor defines the root of trust configuration based on the Fulcio certificate and the Rekor public key. fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise For more information about Fulcio and Rekor, please refer to the document at: https://github.com/sigstore/fulcio and https://github.com/sigstore/rekor", + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicyFulcioCAWithRekorRootOfTrust" }, - "name": { - "description": "name is the GPU device name", - "type": "string" + "pki": { + "description": "pki defines the root of trust configuration based on Bring Your Own Public Key Infrastructure (BYOPKI) Root CA(s) and corresponding intermediate certificates. pki is required when policyType is PKI, and forbidden otherwise.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicyPKIRootOfTrust" }, - "type": { - "description": "type is the identifier type of the GPU device. Valid values are Name and DeviceID.", + "policyType": { + "description": "policyType is a required field specifies the type of the policy for verification. This field must correspond to how the policy was generated. Allowed values are \"PublicKey\", \"FulcioCAWithRekor\", and \"PKI\". When set to \"PublicKey\", the policy relies on a sigstore publicKey and may optionally use a Rekor verification. When set to \"FulcioCAWithRekor\", the policy is based on the Fulcio certification and incorporates a Rekor verification. When set to \"PKI\", the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI).", "type": "string", "default": "" + }, + "publicKey": { + "description": "publicKey defines the root of trust configuration based on a sigstore public key. Optionally include a Rekor public key for Rekor verification. publicKey is required when policyType is PublicKey, and forbidden otherwise.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.ImagePolicyPublicKeyRootOfTrust" } }, "x-kubernetes-unions": [ { - "discriminator": "type", + "discriminator": "policyType", "fields-to-discriminateBy": { - "deviceID": "DeviceID", - "name": "Name" + "fulcioCAWithRekor": "FulcioCAWithRekor", + "pki": "PKI", + "publicKey": "PublicKey" } } ] }, - "com.github.openshift.api.machine.v1.NutanixMachineProviderConfig": { - "description": "NutanixMachineProviderConfig is the Schema for the nutanixmachineproviderconfigs API Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.PowerVSPlatformSpec": { + "description": "PowerVSPlatformSpec holds the desired state of the IBM Power Systems Virtual Servers infrastructure provider. This only includes fields that can be modified in the cluster.", "type": "object", - "required": [ - "cluster", - "image", - "subnets", - "vcpusPerSocket", - "vcpuSockets", - "memorySize", - "systemDiskSize", - "credentialsSecret" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "bootType": { - "description": "bootType indicates the boot type (Legacy, UEFI or SecureBoot) the Machine's VM uses to boot. If this field is empty or omitted, the VM will use the default boot type \"Legacy\" to boot. \"SecureBoot\" depends on \"UEFI\" boot, i.e., enabling \"SecureBoot\" means that \"UEFI\" boot is also enabled.", - "type": "string", - "default": "" - }, - "categories": { - "description": "categories optionally adds one or more prism categories (each with key and value) for the Machine's VM to associate with. All the category key and value pairs specified must already exist in the prism central.", + "serviceEndpoints": { + "description": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixCategory" + "$ref": "#/definitions/com.github.openshift.api.config.v1.PowerVSServiceEndpoint" }, "x-kubernetes-list-map-keys": [ - "key" + "name" ], "x-kubernetes-list-type": "map" - }, - "cluster": { - "description": "cluster is to identify the cluster (the Prism Element under management of the Prism Central), in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixResourceIdentifier" - }, - "credentialsSecret": { - "description": "credentialsSecret is a local reference to a secret that contains the credentials data to access Nutanix PC client", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" - }, - "dataDisks": { - "description": "dataDisks holds information of the data disks to attach to the Machine's VM", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixVMDisk" - }, - "x-kubernetes-list-type": "set" - }, - "failureDomain": { - "description": "failureDomain refers to the name of the FailureDomain with which this Machine is associated. If this is configured, the Nutanix machine controller will use the prism_central endpoint and credentials defined in the referenced FailureDomain to communicate to the prism_central. It will also verify that the 'cluster' and subnets' configuration in the NutanixMachineProviderConfig is consistent with that in the referenced failureDomain.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixFailureDomainReference" - }, - "gpus": { - "description": "gpus is a list of GPU devices to attach to the machine's VM. The GPU devices should already exist in Prism Central and associated with one of the Prism Element's hosts and available for the VM to attach (in \"UNUSED\" status).", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixGPU" - }, - "x-kubernetes-list-type": "set" - }, - "image": { - "description": "image is to identify the rhcos image uploaded to the Prism Central (PC) The image identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixResourceIdentifier" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "memorySize": { - "description": "memorySize is the memory size (in Quantity format) of the VM The minimum memorySize is 2Gi bytes", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "project": { - "description": "project optionally identifies a Prism project for the Machine's VM to associate with.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixResourceIdentifier" - }, - "subnets": { - "description": "subnets holds a list of identifiers (one or more) of the cluster's network subnets for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixResourceIdentifier" - } - }, - "systemDiskSize": { - "description": "systemDiskSize is size (in Quantity format) of the system disk of the VM The minimum systemDiskSize is 20Gi bytes", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" - }, - "userDataSecret": { - "description": "userDataSecret is a local reference to a secret that contains the UserData to apply to the VM", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" - }, - "vcpuSockets": { - "description": "vcpuSockets is the number of vCPU sockets of the VM", - "type": "integer", - "format": "int32", - "default": 0 - }, - "vcpusPerSocket": { - "description": "vcpusPerSocket is the number of vCPUs per socket of the VM", - "type": "integer", - "format": "int32", - "default": 0 } } }, - "com.github.openshift.api.machine.v1.NutanixMachineProviderStatus": { - "description": "NutanixMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains nutanix-specific status information. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.PowerVSPlatformStatus": { + "description": "PowerVSPlatformStatus holds the current status of the IBM Power Systems Virtual Servers infrastrucutre provider.", "type": "object", + "required": [ + "region", + "zone" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "cisInstanceCRN": { + "description": "cisInstanceCRN is the CRN of the Cloud Internet Services instance managing the DNS zone for the cluster's base domain", "type": "string" }, - "conditions": { - "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status", + "dnsInstanceCRN": { + "description": "dnsInstanceCRN is the CRN of the DNS Services instance managing the DNS zone for the cluster's base domain", + "type": "string" + }, + "region": { + "description": "region holds the default Power VS region for new Power VS resources created by the cluster.", + "type": "string", + "default": "" + }, + "resourceGroup": { + "description": "resourceGroup is the resource group name for new IBMCloud resources created for a cluster. The resource group specified here will be used by cluster-image-registry-operator to set up a COS Instance in IBMCloud for the cluster registry. More about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs. When omitted, the image registry operator won't be able to configure storage, which results in the image registry cluster operator not being in an available state.", + "type": "string", + "default": "" + }, + "serviceEndpoints": { + "description": "serviceEndpoints is a list of custom endpoints which will override the default service endpoints of a Power VS service.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "$ref": "#/definitions/com.github.openshift.api.config.v1.PowerVSServiceEndpoint" }, "x-kubernetes-list-map-keys": [ - "type" + "name" ], "x-kubernetes-list-type": "map" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "vmUUID": { - "description": "vmUUID is the Machine associated VM's UUID The field is missing before the VM is created. Once the VM is created, the field is filled with the VM's UUID and it will not change. The vmUUID is used to find the VM when updating the Machine status, and to delete the VM when the Machine is deleted.", - "type": "string" + "zone": { + "description": "zone holds the default zone for the new Power VS resources created by the cluster. Note: Currently only single-zone OCP clusters are supported", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.machine.v1.NutanixResourceIdentifier": { - "description": "NutanixResourceIdentifier holds the identity of a Nutanix PC resource (cluster, image, subnet, etc.)", + "com.github.openshift.api.config.v1.PowerVSServiceEndpoint": { + "description": "PowervsServiceEndpoint stores the configuration of a custom url to override existing defaults of PowerVS Services.", "type": "object", "required": [ - "type" + "name", + "url" ], "properties": { "name": { - "description": "name is the resource name in the PC", - "type": "string" - }, - "type": { - "description": "type is the identifier type to use for this resource.", + "description": "name is the name of the Power VS service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller Power Cloud - https://cloud.ibm.com/apidocs/power-cloud", "type": "string", "default": "" }, - "uuid": { - "description": "uuid is the UUID of the resource in the PC.", - "type": "string" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "name": "Name", - "uuid": "UUID" - } + "url": { + "description": "url is fully qualified URI with scheme https, that overrides the default generated endpoint for a client. This must be provided and cannot be empty.", + "type": "string", + "default": "" } - ] + } }, - "com.github.openshift.api.machine.v1.NutanixStorageResourceIdentifier": { - "description": "NutanixStorageResourceIdentifier holds the identity of a Nutanix storage resource (storage_container, etc.)", + "com.github.openshift.api.config.v1.PrefixedClaimMapping": { + "description": "PrefixedClaimMapping configures a claim mapping that allows for an optional prefix.", "type": "object", - "required": [ - "type" - ], "properties": { - "type": { - "description": "type is the identifier type to use for this resource. The valid value is \"uuid\".", + "claim": { + "description": "claim is an optional field for specifying the JWT token claim that is used in the mapping. The value of this claim will be assigned to the field in which this mapping is associated. claim must not exceed 256 characters in length. When set to the empty string `\"\"`, this means that no named claim should be used for the group mapping. claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled.", "type": "string", "default": "" }, - "uuid": { - "description": "uuid is the UUID of the storage resource in the PC.", + "expression": { + "description": "expression is an optional CEL expression used to derive group values from JWT claims.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length .\n\nWhen specified, claim must not be set or be explicitly set to the empty string (`\"\"`).", "type": "string" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "uuid": "UUID" - } - } - ] - }, - "com.github.openshift.api.machine.v1.NutanixVMDisk": { - "description": "NutanixDataDisk specifies the VM data disk configuration parameters.", - "type": "object", - "required": [ - "diskSize" - ], - "properties": { - "dataSource": { - "description": "dataSource refers to a data source image for the VM disk.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixResourceIdentifier" - }, - "deviceProperties": { - "description": "deviceProperties are the properties of the disk device.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixVMDiskDeviceProperties" }, - "diskSize": { - "description": "diskSize is size (in Quantity format) of the disk attached to the VM. See https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Format for the Quantity format and example documentation. The minimum diskSize is 1GB.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" - }, - "storageConfig": { - "description": "storageConfig are the storage configuration parameters of the VM disks.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixVMStorageConfig" + "prefix": { + "description": "prefix is an optional field that configures the prefix that will be applied to the cluster identity attribute during the process of mapping JWT claims to cluster identity attributes.\n\nWhen omitted or set to an empty string (\"\"), no prefix is applied to the cluster identity attribute. Must not be set to a non-empty value when expression is set.\n\nExample: if `prefix` is set to \"myoidc:\" and the `claim` in JWT contains an array of strings \"a\", \"b\" and \"c\", the mapping will result in an array of string \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\".", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.machine.v1.NutanixVMDiskDeviceProperties": { - "description": "NutanixVMDiskDeviceProperties specifies the disk device properties.", + "com.github.openshift.api.config.v1.ProfileCustomizations": { + "description": "ProfileCustomizations contains various parameters for modifying the default behavior of certain profiles", "type": "object", - "required": [ - "deviceType", - "adapterType", - "deviceIndex" - ], "properties": { - "adapterType": { - "description": "adapterType is the adapter type of the disk address. If the deviceType is \"Disk\", the valid adapterType can be \"SCSI\", \"IDE\", \"PCI\", \"SATA\" or \"SPAPR\". If the deviceType is \"CDRom\", the valid adapterType can be \"IDE\" or \"SATA\".", - "type": "string", - "default": "" - }, - "deviceIndex": { - "description": "deviceIndex is the index of the disk address. The valid values are non-negative integers, with the default value 0. For a Machine VM, the deviceIndex for the disks with the same deviceType.adapterType combination should start from 0 and increase consecutively afterwards. Note that for each Machine VM, the Disk.SCSI.0 and CDRom.IDE.0 are reserved to be used by the VM's system. So for dataDisks of Disk.SCSI and CDRom.IDE, the deviceIndex should start from 1.", - "type": "integer", - "format": "int32" - }, - "deviceType": { - "description": "deviceType specifies the disk device type. The valid values are \"Disk\" and \"CDRom\", and the default is \"Disk\".", + "dynamicResourceAllocation": { + "description": "dynamicResourceAllocation allows to enable or disable dynamic resource allocation within the scheduler. Dynamic resource allocation is an API for requesting and sharing resources between pods and containers inside a pod. Third-party resource drivers are responsible for tracking and allocating resources. Different kinds of resources support arbitrary parameters for defining requirements and initialization. Valid values are Enabled, Disabled and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is Disabled.", "type": "string", "default": "" } } }, - "com.github.openshift.api.machine.v1.NutanixVMStorageConfig": { - "description": "NutanixVMStorageConfig specifies the storage configuration parameters for VM disks.", + "com.github.openshift.api.config.v1.Project": { + "description": "Project holds cluster-wide information about Project. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "diskMode" + "spec" ], "properties": { - "diskMode": { - "description": "diskMode specifies the disk mode. The valid values are Standard and Flash, and the default is Standard.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "storageContainer": { - "description": "storageContainer refers to the storage_container used by the VM disk.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixStorageResourceIdentifier" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ProjectSpec" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ProjectStatus" } } }, - "com.github.openshift.api.machine.v1.OpenShiftMachineV1Beta1MachineTemplate": { - "description": "OpenShiftMachineV1Beta1MachineTemplate is a template for the ControlPlaneMachineSet to create Machines from the v1beta1.machine.openshift.io API group.", + "com.github.openshift.api.config.v1.ProjectList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "metadata", - "spec" + "items" ], "properties": { - "failureDomains": { - "description": "failureDomains is the list of failure domains (sometimes called availability zones) in which the ControlPlaneMachineSet should balance the Control Plane Machines. This will be merged into the ProviderSpec given in the template. This field is optional on platforms that do not require placement information.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1.FailureDomains" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.Project" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, "metadata": { - "description": "ObjectMeta is the standard object metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata Labels are required to match the ControlPlaneMachineSet selector.", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.ControlPlaneMachineSetTemplateObjectMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.config.v1.ProjectSpec": { + "description": "ProjectSpec holds the project creation configuration.", + "type": "object", + "properties": { + "projectRequestMessage": { + "description": "projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint", + "type": "string", + "default": "" }, - "spec": { - "description": "spec contains the desired configuration of the Control Plane Machines. The ProviderSpec within contains platform specific details for creating the Control Plane Machines. The ProviderSe should be complete apart from the platform specific failure domain field. This will be overridden when the Machines are created based on the FailureDomains field.", + "projectRequestTemplate": { + "description": "projectRequestTemplate is the template to use for creating projects in response to projectrequest. This must point to a template in 'openshift-config' namespace. It is optional. If it is not specified, a default template is used.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineSpec" + "$ref": "#/definitions/com.github.openshift.api.config.v1.TemplateReference" } } }, - "com.github.openshift.api.machine.v1.OpenStackFailureDomain": { - "description": "OpenStackFailureDomain configures failure domain information for the OpenStack platform.", + "com.github.openshift.api.config.v1.ProjectStatus": { + "type": "object" + }, + "com.github.openshift.api.config.v1.PromQLClusterCondition": { + "description": "PromQLClusterCondition represents a cluster condition based on PromQL.", "type": "object", + "required": [ + "promql" + ], "properties": { - "availabilityZone": { - "description": "availabilityZone is the nova availability zone in which the OpenStack machine provider will create the VM. If not specified, the VM will be created in the default availability zone specified in the nova configuration. Availability zone names must NOT contain : since it is used by admin users to specify hosts where instances are launched in server creation. Also, it must not contain spaces otherwise it will lead to node that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information. The maximum length of availability zone name is 63 as per labels limits.", - "type": "string" - }, - "rootVolume": { - "description": "rootVolume contains settings that will be used by the OpenStack machine provider to create the root volume attached to the VM. If not specified, no root volume will be created.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1.RootVolume" + "promql": { + "description": "promql is a PromQL query classifying clusters. This query query should return a 1 in the match case and a 0 in the does-not-match case. Queries which return no time series, or which return values besides 0 or 1, are evaluation failures.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.machine.v1.PowerVSMachineProviderConfig": { - "description": "PowerVSMachineProviderConfig is the type that will be embedded in a Machine.Spec.ProviderSpec field for a PowerVS virtual machine. It is used by the PowerVS machine actuator to create a single Machine.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.Proxy": { + "description": "Proxy holds cluster-wide information on how to configure default proxies for the cluster. The canonical name is `cluster`\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "serviceInstance", - "image", - "network", - "keyPairName" + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "credentialsSecret": { - "description": "credentialsSecret is a reference to the secret with IBM Cloud credentials.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1.PowerVSSecretReference" - }, - "image": { - "description": "image is to identify the rhcos image uploaded to IBM COS bucket which is used to create the instance. supported image identifier in PowerVSResource are Name and ID and that can be obtained from IBM Cloud UI or IBM Cloud cli.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.PowerVSResource" - }, - "keyPairName": { - "description": "keyPairName is the name of the KeyPair to use for SSH. The key pair will be exposed to the instance via the instance metadata service. On boot, the OS will copy the public keypair into the authorized keys for the core user.", - "type": "string", - "default": "" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "loadBalancers": { - "description": "loadBalancers is the set of load balancers to which the new control plane instance should be added once it is created.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.LoadBalancerReference" - } - }, - "memoryGiB": { - "description": "memoryGiB is the size of a virtual machine's memory, in GiB. maximum value for the MemoryGiB depends on the selected SystemType. when SystemType is set to e880 maximum MemoryGiB value is 7463 GiB. when SystemType is set to e980 maximum MemoryGiB value is 15307 GiB. when SystemType is set to s922 maximum MemoryGiB value is 942 GiB. The minimum memory is 32 GiB. When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 32.", - "type": "integer", - "format": "int32" - }, "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "network": { - "description": "network is the reference to the Network to use for this instance. supported network identifier in PowerVSResource are Name, ID and RegEx and that can be obtained from IBM Cloud UI or IBM Cloud cli.", + "spec": { + "description": "spec holds user-settable values for the proxy configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.PowerVSResource" - }, - "processorType": { - "description": "processorType is the VM instance processor type. It must be set to one of the following values: Dedicated, Capped or Shared. Dedicated: resources are allocated for a specific client, The hypervisor makes a 1:1 binding of a partition’s processor to a physical processor core. Shared: Shared among other clients. Capped: Shared, but resources do not expand beyond those that are requested, the amount of CPU time is Capped to the value specified for the entitlement. if the processorType is selected as Dedicated, then processors value cannot be fractional. When omitted, this means that the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is Shared.", - "type": "string" - }, - "processors": { - "description": "processors is the number of virtual processors in a virtual machine. when the processorType is selected as Dedicated the processors value cannot be fractional. maximum value for the Processors depends on the selected SystemType. when SystemType is set to e880 or e980 maximum Processors value is 143. when SystemType is set to s922 maximum Processors value is 15. minimum value for Processors depends on the selected ProcessorType. when ProcessorType is set as Shared or Capped, The minimum processors is 0.5. when ProcessorType is set as Dedicated, The minimum processors is 1. When omitted, this means that the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default is set based on the selected ProcessorType. when ProcessorType selected as Dedicated, the default is set to 1. when ProcessorType selected as Shared or Capped, the default is set to 0.5.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ProxySpec" }, - "serviceInstance": { - "description": "serviceInstance is the reference to the Power VS service on which the server instance(VM) will be created. Power VS service is a container for all Power VS instances at a specific geographic region. serviceInstance can be created via IBM Cloud catalog or CLI. supported serviceInstance identifier in PowerVSResource are Name and ID and that can be obtained from IBM Cloud UI or IBM Cloud cli. More detail about Power VS service instance. https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-creating-power-virtual-server", + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1.PowerVSResource" - }, - "systemType": { - "description": "systemType is the System type used to host the instance. systemType determines the number of cores and memory that is available. Few of the supported SystemTypes are s922,e880,e980. e880 systemType available only in Dallas Datacenters. e980 systemType available in Datacenters except Dallas and Washington. When omitted, this means that the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is s922 which is generally available.", - "type": "string" - }, - "userDataSecret": { - "description": "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1.PowerVSSecretReference" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ProxyStatus" } } }, - "com.github.openshift.api.machine.v1.PowerVSMachineProviderStatus": { - "description": "PowerVSMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains PowerVS-specific status information.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.ProxyList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "conditions": { - "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status", + "items": { "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "instanceId": { - "description": "instanceId is the instance ID of the machine created in PowerVS instanceId uniquely identifies a Power VS server instance(VM) under a Power VS service. This will help in updating or deleting a VM in Power VS Cloud", - "type": "string" - }, - "instanceState": { - "description": "instanceState is the state of the PowerVS instance for this machine Possible instance states are Active, Build, ShutOff, Reboot This is used to display additional information to user regarding instance current state", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.config.v1.Proxy" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "serviceInstanceID": { - "description": "serviceInstanceID is the reference to the Power VS ServiceInstance on which the machine instance will be created. serviceInstanceID uniquely identifies the Power VS service By setting serviceInstanceID it will become easy and efficient to fetch a server instance(VM) within Power VS Cloud.", - "type": "string" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.machine.v1.PowerVSResource": { - "description": "PowerVSResource is a reference to a specific PowerVS resource by ID, Name or RegEx Only one of ID, Name or RegEx may be specified. Specifying more than one will result in a validation error.", + "com.github.openshift.api.config.v1.ProxySpec": { + "description": "ProxySpec contains cluster proxy creation configuration.", "type": "object", "properties": { - "id": { - "description": "id of resource", + "httpProxy": { + "description": "httpProxy is the URL of the proxy for HTTP requests. Empty means unset and will not result in an env var.", "type": "string" }, - "name": { - "description": "name of resource", + "httpsProxy": { + "description": "httpsProxy is the URL of the proxy for HTTPS requests. Empty means unset and will not result in an env var.", "type": "string" }, - "regex": { - "description": "regex to find resource Regex contains the pattern to match to find a resource", + "noProxy": { + "description": "noProxy is a comma-separated list of hostnames and/or CIDRs and/or IPs for which the proxy should not be used. Empty means unset and will not result in an env var.", "type": "string" }, - "type": { - "description": "type identifies the resource type for this entry. Valid values are ID, Name and RegEx", - "type": "string" - } - }, - "x-kubernetes-unions": [ - { - "fields-to-discriminateBy": { - "id": "ID", - "name": "Name", - "regex": "RegEx", - "type": "Type" + "readinessEndpoints": { + "description": "readinessEndpoints is a list of endpoints used to verify readiness of the proxy.", + "type": "array", + "items": { + "type": "string", + "default": "" } + }, + "trustedCA": { + "description": "trustedCA is a reference to a ConfigMap containing a CA certificate bundle. The trustedCA field should only be consumed by a proxy validator. The validator is responsible for reading the certificate bundle from the required key \"ca-bundle.crt\", merging it with the system default trust bundle, and writing the merged trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" namespace. Clients that expect to make proxy connections must use the trusted-ca-bundle for all HTTPS requests to the proxy, and may use the trusted-ca-bundle for non-proxy HTTPS requests as well.\n\nThe namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". Here is an example ConfigMap (in yaml):\n\napiVersion: v1 kind: ConfigMap metadata:\n name: user-ca-bundle\n namespace: openshift-config\n data:\n ca-bundle.crt: |\n -----BEGIN CERTIFICATE-----\n Custom CA certificate bundle.\n -----END CERTIFICATE-----", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" } - ] + } }, - "com.github.openshift.api.machine.v1.PowerVSSecretReference": { - "description": "PowerVSSecretReference contains enough information to locate the referenced secret inside the same namespace.", + "com.github.openshift.api.config.v1.ProxyStatus": { + "description": "ProxyStatus shows current known state of the cluster proxy.", "type": "object", "properties": { - "name": { - "description": "name of the secret.", + "httpProxy": { + "description": "httpProxy is the URL of the proxy for HTTP requests.", + "type": "string" + }, + "httpsProxy": { + "description": "httpsProxy is the URL of the proxy for HTTPS requests.", + "type": "string" + }, + "noProxy": { + "description": "noProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used.", "type": "string" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "com.github.openshift.api.machine.v1.RootVolume": { - "description": "RootVolume represents the volume metadata to boot from. The original RootVolume struct is defined in the v1alpha1 but it's not best practice to use it directly here so we define a new one that should stay in sync with the original one.", + "com.github.openshift.api.config.v1.RegistryLocation": { + "description": "RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'.", "type": "object", "required": [ - "volumeType" + "domainName" ], "properties": { - "availabilityZone": { - "description": "availabilityZone specifies the Cinder availability zone where the root volume will be created. If not specifified, the root volume will be created in the availability zone specified by the volume type in the cinder configuration. If the volume type (configured in the OpenStack cluster) does not specify an availability zone, the root volume will be created in the default availability zone specified in the cinder configuration. See https://docs.openstack.org/cinder/latest/admin/availability-zone-type.html for more details. If the OpenStack cluster is deployed with the cross_az_attach configuration option set to false, the root volume will have to be in the same availability zone as the VM (defined by OpenStackFailureDomain.AvailabilityZone). Availability zone names must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information. The maximum length of availability zone name is 63 as per labels limits.", - "type": "string" - }, - "volumeType": { - "description": "volumeType specifies the type of the root volume that will be provisioned. The maximum length of a volume type name is 255 characters, as per the OpenStack limit.", + "domainName": { + "description": "domainName specifies a domain name for the registry In case the registry use non-standard (80 or 443) port, the port should be included in the domain name as well.", "type": "string", "default": "" + }, + "insecure": { + "description": "insecure indicates whether the registry is secure (https) or insecure (http) By default (if not specified) the registry is assumed as secure.", + "type": "boolean" } } }, - "com.github.openshift.api.machine.v1.SystemDiskProperties": { - "description": "SystemDiskProperties contains the information regarding the system disk including performance, size, name, and category", + "com.github.openshift.api.config.v1.RegistrySources": { + "description": "RegistrySources holds cluster-wide information about how to handle the registries config.", "type": "object", "properties": { - "category": { - "description": "category is the category of the system disk. Valid values: cloud_essd: ESSD. When the parameter is set to this value, you can use the SystemDisk.PerformanceLevel parameter to specify the performance level of the disk. cloud_efficiency: ultra disk. cloud_ssd: standard SSD. cloud: basic disk. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently for non-I/O optimized instances of retired instance types, the default is `cloud`. Currently for other instances, the default is `cloud_efficiency`.", - "type": "string" + "allowedRegistries": { + "description": "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "name": { - "description": "name is the name of the system disk. If the name is specified the name must be 2 to 128 characters in length. It must start with a letter and cannot start with http:// or https://. It can contain letters, digits, colons (:), underscores (_), and hyphens (-). Empty value means the platform chooses a default, which is subject to change over time. Currently the default is `\"\"`.", - "type": "string" + "blockedRegistries": { + "description": "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "performanceLevel": { - "description": "performanceLevel is the performance level of the ESSD used as the system disk. Valid values:\n\nPL0: A single ESSD can deliver up to 10,000 random read/write IOPS. PL1: A single ESSD can deliver up to 50,000 random read/write IOPS. PL2: A single ESSD can deliver up to 100,000 random read/write IOPS. PL3: A single ESSD can deliver up to 1,000,000 random read/write IOPS. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is `PL1`. For more information about ESSD performance levels, see ESSDs.", - "type": "string" + "containerRuntimeSearchRegistries": { + "description": "containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified domains in their pull specs. Registries will be searched in the order provided in the list. Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" }, - "size": { - "description": "size is the size of the system disk. Unit: GiB. Valid values: 20 to 500. The value must be at least 20 and greater than or equal to the size of the image. Empty value means the platform chooses a default, which is subject to change over time. Currently the default is `40` or the size of the image depending on whichever is greater.", - "type": "integer", - "format": "int64" + "insecureRegistries": { + "description": "insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.machine.v1.Tag": { - "description": "Tag The tags of ECS Instance", + "com.github.openshift.api.config.v1.Release": { + "description": "Release represents an OpenShift release image and associated metadata.", "type": "object", "required": [ - "Key", - "Value" + "version", + "image" ], "properties": { - "Key": { - "description": "Key is the name of the key pair", + "architecture": { + "description": "architecture is an optional field that indicates the value of the cluster architecture. In this context cluster architecture means either a single architecture or a multi architecture. Valid values are 'Multi' and empty.", + "type": "string" + }, + "channels": { + "description": "channels is the set of Cincinnati channels to which the release currently belongs.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" + }, + "image": { + "description": "image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.", "type": "string", "default": "" }, - "Value": { - "description": "Value is the value or data of the key pair", + "url": { + "description": "url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases.", + "type": "string" + }, + "version": { + "description": "version is a semantic version identifying the update version. When this field is part of spec, version is optional if image is specified.", "type": "string", "default": "" } } }, - "com.github.openshift.api.machine.v1.VSphereFailureDomain": { - "description": "VSphereFailureDomain configures failure domain information for the vSphere platform", + "com.github.openshift.api.config.v1.RemoteConnectionInfo": { + "description": "RemoteConnectionInfo holds information necessary for establishing a remote connection", "type": "object", "required": [ - "name" + "url", + "ca", + "certFile", + "keyFile" ], "properties": { - "name": { - "description": "name of the failure domain in which the vSphere machine provider will create the VM. Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource. When balancing machines across failure domains, the control plane machine set will inject configuration from the Infrastructure resource into the machine providerSpec to allocate the machine to a failure domain.", + "ca": { + "description": "ca is the CA for verifying TLS connections", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.machine.v1alpha1.AdditionalBlockDevice": { - "description": "additionalBlockDevice is a block device to attach to the server.", - "type": "object", - "required": [ - "name", - "sizeGiB", - "storage" - ], - "properties": { - "name": { - "description": "name of the block device in the context of a machine. If the block device is a volume, the Cinder volume will be named as a combination of the machine name and this name. Also, this name will be used for tagging the block device. Information about the block device tag can be obtained from the OpenStack metadata API or the config drive.", + }, + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", "type": "string", "default": "" }, - "sizeGiB": { - "description": "sizeGiB is the size of the block device in gibibytes (GiB).", - "type": "integer", - "format": "int32", - "default": 0 + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" }, - "storage": { - "description": "storage specifies the storage type of the block device and additional storage options.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.BlockDeviceStorage" + "url": { + "description": "url is the remote URL to connect to", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.machine.v1alpha1.AddressPair": { + "com.github.openshift.api.config.v1.RepositoryDigestMirrors": { + "description": "RepositoryDigestMirrors holds cluster-wide information about how to handle mirrors in the registries config.", "type": "object", + "required": [ + "source" + ], "properties": { - "ipAddress": { - "type": "string" + "allowMirrorByTags": { + "description": "allowMirrorByTags if true, the mirrors can be used to pull the images that are referenced by their tags. Default is false, the mirrors only work when pulling the images that are referenced by their digests. Pulling images by tag can potentially yield different images, depending on which endpoint we pull from. Forcing digest-pulls for mirrors avoids that issue.", + "type": "boolean" }, - "macAddress": { - "type": "string" + "mirrors": { + "description": "mirrors is zero or more repositories that may also contain the same images. If the \"mirrors\" is not specified, the image will continue to be pulled from the specified repository in the pull spec. No mirror will be configured. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. Other cluster configuration, including (but not limited to) other repositoryDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" + }, + "source": { + "description": "source is the repository that users refer to, e.g. in image pull specifications.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.machine.v1alpha1.BlockDeviceStorage": { - "description": "blockDeviceStorage is the storage type of a block device to create and contains additional storage options.", + "com.github.openshift.api.config.v1.RequestHeaderIdentityProvider": { + "description": "RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials", "type": "object", "required": [ - "type" + "loginURL", + "challengeURL", + "ca", + "headers", + "preferredUsernameHeaders", + "nameHeaders", + "emailHeaders" ], "properties": { - "type": { - "description": "type is the type of block device to create. This can be either \"Volume\" or \"Local\".", + "ca": { + "description": "ca is a required reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. Specifically, it allows verification of incoming requests to prevent header spoofing. The key \"ca.crt\" is used to locate the data. If the config map or expected key is not found, the identity provider is not honored. If the specified ca data is not valid, the identity provider is not honored. The namespace for this config map is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + }, + "challengeURL": { + "description": "challengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here. ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}\nRequired when challenge is set to true.", "type": "string", "default": "" }, - "volume": { - "description": "volume contains additional storage options for a volume block device.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.BlockDeviceVolume" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "volume": "Volume" + "clientCommonNames": { + "description": "clientCommonNames is an optional list of common names to require a match from. If empty, any client certificate validated against the clientCA bundle is considered authoritative.", + "type": "array", + "items": { + "type": "string", + "default": "" } - } - ] - }, - "com.github.openshift.api.machine.v1alpha1.BlockDeviceVolume": { - "description": "blockDeviceVolume contains additional storage options for a volume block device.", - "type": "object", - "properties": { - "availabilityZone": { - "description": "availabilityZone is the volume availability zone to create the volume in. If omitted, the availability zone of the server will be used. The availability zone must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information.", - "type": "string" }, - "type": { - "description": "type is the Cinder volume type of the volume. If omitted, the default Cinder volume type that is configured in the OpenStack cloud will be used.", - "type": "string" + "emailHeaders": { + "description": "emailHeaders is the set of headers to check for the email address", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "headers": { + "description": "headers is the set of headers to check for identity information", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "loginURL": { + "description": "loginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}\nRequired when login is set to true.", + "type": "string", + "default": "" + }, + "nameHeaders": { + "description": "nameHeaders is the set of headers to check for the display name", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "preferredUsernameHeaders": { + "description": "preferredUsernameHeaders is the set of headers to check for the preferred username", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.machine.v1alpha1.Filter": { + "com.github.openshift.api.config.v1.RequiredHSTSPolicy": { "type": "object", + "required": [ + "domainPatterns", + "maxAge" + ], "properties": { - "adminStateUp": { - "description": "Deprecated: adminStateUp is silently ignored. It has no replacement.", - "type": "boolean" - }, - "description": { - "description": "description filters networks by description.", - "type": "string" + "domainPatterns": { + "description": "domainPatterns is a list of domains for which the desired HSTS annotations are required. If domainPatterns is specified and a route is created with a spec.host matching one of the domains, the route must specify the HSTS Policy components described in the matching RequiredHSTSPolicy.\n\nThe use of wildcards is allowed like this: *.foo.com matches everything under foo.com. foo.com only matches foo.com, so to cover foo.com and everything under it, you must specify *both*.", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "id": { - "description": "Deprecated: use NetworkParam.uuid instead. Ignored if NetworkParam.uuid is set.", + "includeSubDomainsPolicy": { + "description": "includeSubDomainsPolicy means the HSTS Policy should apply to any subdomains of the host's domain name. Thus, for the host bar.foo.com, if includeSubDomainsPolicy was set to RequireIncludeSubDomains: - the host app.bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host bar.foo.com would inherit the HSTS Policy of bar.foo.com - the host foo.com would NOT inherit the HSTS Policy of bar.foo.com - the host def.foo.com would NOT inherit the HSTS Policy of bar.foo.com", "type": "string" }, - "limit": { - "description": "Deprecated: limit is silently ignored. It has no replacement.", - "type": "integer", - "format": "int32" - }, - "marker": { - "description": "Deprecated: marker is silently ignored. It has no replacement.", - "type": "string" + "maxAge": { + "description": "maxAge is the delta time range in seconds during which hosts are regarded as HSTS hosts. If set to 0, it negates the effect, and hosts are removed as HSTS hosts. If set to 0 and includeSubdomains is specified, all subdomains of the host are also removed as HSTS hosts. maxAge is a time-to-live value, and if this policy is not refreshed on a client, the HSTS policy will eventually expire on that client.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.MaxAgePolicy" }, - "name": { - "description": "name filters networks by name.", - "type": "string" + "namespaceSelector": { + "description": "namespaceSelector specifies a label selector such that the policy applies only to those routes that are in namespaces with labels that match the selector, and are in one of the DomainPatterns. Defaults to the empty LabelSelector, which matches everything.", + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "notTags": { - "description": "notTags filters by networks which don't match all specified tags. NOT (t1 AND t2...) Multiple tags are comma separated.", + "preloadPolicy": { + "description": "preloadPolicy directs the client to include hosts in its host preload list so that it never needs to do an initial load to get the HSTS header (note that this is not defined in RFC 6797 and is therefore client implementation-dependent).", "type": "string" - }, - "notTagsAny": { - "description": "notTagsAny filters by networks which don't match any specified tags. NOT (t1 OR t2...) Multiple tags are comma separated.", + } + } + }, + "com.github.openshift.api.config.v1.Scheduler": { + "description": "Scheduler holds cluster-wide config information to run the Kubernetes Scheduler and influence its placement decisions. The canonical name for this config is `cluster`.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "projectId": { - "description": "projectId filters networks by project ID.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "shared": { - "description": "Deprecated: shared is silently ignored. It has no replacement.", - "type": "boolean" - }, - "sortDir": { - "description": "Deprecated: sortDir is silently ignored. It has no replacement.", - "type": "string" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "sortKey": { - "description": "Deprecated: sortKey is silently ignored. It has no replacement.", - "type": "string" + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SchedulerSpec" }, "status": { - "description": "Deprecated: status is silently ignored. It has no replacement.", - "type": "string" - }, - "tags": { - "description": "tags filters by networks containing all specified tags. Multiple tags are comma separated.", - "type": "string" - }, - "tagsAny": { - "description": "tagsAny filters by networks containing any specified tags. Multiple tags are comma separated.", - "type": "string" - }, - "tenantId": { - "description": "tenantId filters networks by tenant ID. Deprecated: use projectId instead. tenantId will be ignored if projectId is set.", - "type": "string" + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SchedulerStatus" } } }, - "com.github.openshift.api.machine.v1alpha1.FixedIPs": { + "com.github.openshift.api.config.v1.SchedulerList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "subnetID" + "metadata", + "items" ], "properties": { - "ipAddress": { - "description": "ipAddress is a specific IP address to use in the given subnet. Port creation will fail if the address is not available. If not specified, an available IP from the given subnet will be selected automatically.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "subnetID": { - "description": "subnetID specifies the ID of the subnet where the fixed IP will be allocated.", - "type": "string", - "default": "" + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.Scheduler" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.machine.v1alpha1.NetworkParam": { + "com.github.openshift.api.config.v1.SchedulerSpec": { "type": "object", "properties": { - "filter": { - "description": "Filters for optional network query", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.Filter" - }, - "fixedIp": { - "description": "A fixed IPv4 address for the NIC. Deprecated: fixedIP is silently ignored. Use subnets instead.", + "defaultNodeSelector": { + "description": "defaultNodeSelector helps set the cluster-wide default node selector to restrict pod placement to specific nodes. This is applied to the pods created in all namespaces and creates an intersection with any existing nodeSelectors already set on a pod, additionally constraining that pod's selector. For example, defaultNodeSelector: \"type=user-node,region=east\" would set nodeSelector field in pod spec to \"type=user-node,region=east\" to all pods created in all namespaces. Namespaces having project-wide node selectors won't be impacted even if this field is set. This adds an annotation section to the namespace. For example, if a new namespace is created with node-selector='type=user-node,region=east', the annotation openshift.io/node-selector: type=user-node,region=east gets added to the project. When the openshift.io/node-selector annotation is set on the project the value is used in preference to the value we are setting for defaultNodeSelector field. For instance, openshift.io/node-selector: \"type=user-node,region=west\" means that the default of \"type=user-node,region=east\" set in defaultNodeSelector would not be applied.", "type": "string" }, - "noAllowedAddressPairs": { - "description": "noAllowedAddressPairs disables creation of allowed address pairs for the network ports", - "type": "boolean" - }, - "portSecurity": { - "description": "portSecurity optionally enables or disables security on ports managed by OpenStack", - "type": "boolean" + "mastersSchedulable": { + "description": "mastersSchedulable allows masters nodes to be schedulable. When this flag is turned on, all the master nodes in the cluster will be made schedulable, so that workload pods can run on them. The default value for this field is false, meaning none of the master nodes are schedulable. Important Note: Once the workload pods start running on the master nodes, extreme care must be taken to ensure that cluster-critical control plane components are not impacted. Please turn on this field after doing due diligence.", + "type": "boolean", + "default": false }, - "portTags": { - "description": "portTags allows users to specify a list of tags to add to ports created in a given network", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "policy": { + "description": "DEPRECATED: the scheduler Policy API has been deprecated and will be removed in a future release. policy is a reference to a ConfigMap containing scheduler policy which has user specified predicates and priorities. If this ConfigMap is not available scheduler will default to use DefaultAlgorithmProvider. The namespace for this configmap is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, "profile": { - "description": "A dictionary that enables the application running on the specified host to pass and receive virtual network interface (VIF) port-specific information to the plug-in.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "subnets": { - "description": "Subnet within a network to use", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.SubnetParam" - } - }, - "uuid": { - "description": "The UUID of the network. Required if you omit the port attribute.", + "description": "profile sets which scheduling profile should be set in order to configure scheduling decisions for new pods.\n\nValid values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" Defaults to \"LowNodeUtilization\"", "type": "string" }, - "vnicType": { - "description": "The virtual network interface card (vNIC) type that is bound to the neutron port.", - "type": "string" + "profileCustomizations": { + "description": "profileCustomizations contains configuration for modifying the default behavior of existing scheduler profiles. Deprecated: no longer needed, since DRA is GA starting with 4.21, and is enabled by' default in the cluster, this field will be removed in 4.24.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ProfileCustomizations" + } + } + }, + "com.github.openshift.api.config.v1.SchedulerStatus": { + "type": "object" + }, + "com.github.openshift.api.config.v1.SecretNameReference": { + "description": "SecretNameReference references a secret in a specific namespace. The namespace must be specified at the point of use.", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "name is the metadata.name of the referenced secret", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.machine.v1alpha1.OpenstackProviderSpec": { - "description": "OpenstackProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an OpenStack Instance. It is used by the Openstack machine actuator to create a single machine instance. Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1.ServingInfo": { + "description": "ServingInfo holds information about serving web pages", "type": "object", "required": [ - "cloudsSecret", - "cloudName", - "flavor", - "image" + "bindAddress", + "bindNetwork", + "certFile", + "keyFile" ], "properties": { - "additionalBlockDevices": { - "description": "additionalBlockDevices is a list of specifications for additional block devices to attach to the server instance", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.AdditionalBlockDevice" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "availabilityZone": { - "description": "The availability zone from which to launch the server.", - "type": "string" - }, - "cloudName": { - "description": "The name of the cloud to use from the clouds secret", + "bindAddress": { + "description": "bindAddress is the ip:port to serve on", "type": "string", "default": "" }, - "cloudsSecret": { - "description": "The name of the secret containing the openstack credentials", - "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" - }, - "configDrive": { - "description": "Config Drive support", - "type": "boolean" - }, - "flavor": { - "description": "The flavor reference for the flavor for your server instance.", + "bindNetwork": { + "description": "bindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", "type": "string", "default": "" }, - "floatingIP": { - "description": "floatingIP specifies a floating IP to be associated with the machine. Note that it is not safe to use this parameter in a MachineSet, as only one Machine may be assigned the same floating IP.\n\nDeprecated: floatingIP will be removed in a future release as it cannot be implemented correctly.", - "type": "string" - }, - "image": { - "description": "The name of the image to use for your server instance. If the RootVolume is specified, this will be ignored and use rootVolume directly.", + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", "type": "string", "default": "" }, - "keyName": { - "description": "The ssh key to inject in the instance", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "networks": { - "description": "A networks object. Required parameter when there are multiple networks defined for the tenant. When you do not specify the networks parameter, the server attaches to the only network created for the current tenant.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.NetworkParam" - } - }, - "ports": { - "description": "Create and assign additional ports to instances", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.PortOpts" - } - }, - "primarySubnet": { - "description": "The subnet that a set of machines will get ingress/egress traffic from Deprecated: primarySubnet is silently ignored. Use subnets instead.", - "type": "string" - }, - "rootVolume": { - "description": "The volume metadata to boot from", - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.RootVolume" - }, - "securityGroups": { - "description": "The names of the security groups to assign to the instance", + "cipherSuites": { + "description": "cipherSuites contains an overridden list of ciphers for the server to support. Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.SecurityGroupParam" + "type": "string", + "default": "" } }, - "serverGroupID": { - "description": "The server group to assign the machine to.", - "type": "string" - }, - "serverGroupName": { - "description": "The server group to assign the machine to. A server group with that name will be created if it does not exist. If both ServerGroupID and ServerGroupName are non-empty, they must refer to the same OpenStack resource.", + "clientCA": { + "description": "clientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates", "type": "string" }, - "serverMetadata": { - "description": "Metadata mapping. Allows you to create a map of key value pairs to add to the server instance.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" }, - "sshUserName": { - "description": "The machine ssh username Deprecated: sshUserName is silently ignored.", + "minTLSVersion": { + "description": "minTLSVersion is the minimum TLS version supported. Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants", "type": "string" }, - "tags": { - "description": "Machine tags Requires Nova api 2.52 minimum!", + "namedCertificates": { + "description": "namedCertificates is a list of certificates to use to secure requests to specific hostnames", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.NamedCertificate" } - }, - "trunk": { - "description": "Whether the server instance is created on a trunk port or not.", - "type": "boolean" - }, - "userDataSecret": { - "description": "The name of the secret containing the user data (startup script in most cases)", - "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" } } }, - "com.github.openshift.api.machine.v1alpha1.PortOpts": { + "com.github.openshift.api.config.v1.SignatureStore": { + "description": "SignatureStore represents the URL of custom Signature Store", "type": "object", "required": [ - "networkID" + "url" ], "properties": { - "adminStateUp": { - "description": "adminStateUp sets the administrative state of the created port to up (true), or down (false).", - "type": "boolean" + "ca": { + "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca.crt\" is used to locate the data. If specified and the config map or expected key is not found, the signature store is not honored. If the specified ca data is not valid, the signature store is not honored. If empty, we fall back to the CA configured via Proxy, which is appended to the default system roots. The namespace for this config map is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "allowedAddressPairs": { - "description": "allowedAddressPairs specifies a set of allowed address pairs to add to the port.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.AddressPair" - } + "url": { + "description": "url contains the upstream custom signature store URL. url should be a valid absolute http/https URI of an upstream signature store as per rfc1738. This must be provided and cannot be empty.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.Storage": { + "description": "Storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "persistentVolume": { + "description": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.PersistentVolumeConfig" }, - "description": { - "description": "description specifies the description of the created port.", + "type": { + "description": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field.", "type": "string" - }, - "fixedIPs": { - "description": "fixedIPs specifies a set of fixed IPs to assign to the port. They must all be valid for the port's network.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.FixedIPs" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "persistentVolume": "PersistentVolume" } + } + ] + }, + "com.github.openshift.api.config.v1.StringSource": { + "description": "StringSource allows specifying a string inline, or externally via env var or file. When it contains only a string value, it marshals to a simple JSON string.", + "type": "object", + "required": [ + "value", + "env", + "file", + "keyFile" + ], + "properties": { + "env": { + "description": "env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified.", + "type": "string", + "default": "" }, - "hostID": { - "description": "The ID of the host where the port is allocated. Do not use this field: it cannot be used correctly. Deprecated: hostID is silently ignored. It will be removed with no replacement.", - "type": "string" - }, - "macAddress": { - "description": "macAddress specifies the MAC address of the created port.", - "type": "string" - }, - "nameSuffix": { - "description": "If nameSuffix is specified the created port will be named -. If not specified the port will be named -.", - "type": "string" + "file": { + "description": "file references a file containing the cleartext value, or an encrypted value if a keyFile is specified.", + "type": "string", + "default": "" }, - "networkID": { - "description": "networkID is the ID of the network the port will be created in. It is required.", + "keyFile": { + "description": "keyFile references a file containing the key to use to decrypt the value.", "type": "string", "default": "" }, - "portSecurity": { - "description": "enable or disable security on a given port incompatible with securityGroups and allowedAddressPairs", - "type": "boolean" + "value": { + "description": "value specifies the cleartext value, or an encrypted value if keyFile is specified.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.StringSourceSpec": { + "description": "StringSourceSpec specifies a string value, or external location", + "type": "object", + "required": [ + "value", + "env", + "file", + "keyFile" + ], + "properties": { + "env": { + "description": "env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified.", + "type": "string", + "default": "" }, - "profile": { - "description": "A dictionary that enables the application running on the specified host to pass and receive virtual network interface (VIF) port-specific information to the plug-in.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "file": { + "description": "file references a file containing the cleartext value, or an encrypted value if a keyFile is specified.", + "type": "string", + "default": "" }, - "projectID": { - "description": "projectID specifies the project ID of the created port. Note that this requires OpenShift to have administrative permissions, which is typically not the case. Use of this field is not recommended. Deprecated: projectID is silently ignored.", - "type": "string" + "keyFile": { + "description": "keyFile references a file containing the key to use to decrypt the value.", + "type": "string", + "default": "" }, - "securityGroups": { - "description": "securityGroups specifies a set of security group UUIDs to use instead of the machine's default security groups. The default security groups will be used if this is left empty or not specified.", + "value": { + "description": "value specifies the cleartext value, or an encrypted value if keyFile is specified.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.TLSProfileSpec": { + "description": "TLSProfileSpec is the desired behavior of a TLSSecurityProfile.", + "type": "object", + "required": [ + "ciphers", + "minTLSVersion" + ], + "properties": { + "ciphers": { + "description": "ciphers is used to specify the cipher algorithms that are negotiated during the TLS handshake. Operators may remove entries that their operands do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml):\n\n ciphers:\n - ECDHE-RSA-AES128-GCM-SHA256\n\nTLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable and are always enabled when TLS 1.3 is negotiated.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" }, - "tags": { - "description": "tags species a set of tags to add to the port.", + "groups": { + "description": "groups is an optional field used to specify the supported groups (formerly known as elliptic curves) that are used during the TLS handshake. Operators may remove entries their operands do not support.\n\nWhen omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS libraries they use. If specified, the list must contain at least one and at most 5 groups, and each group must be unique.\n\nFor example, to use X25519 and secp256r1 (yaml):\n\n groups:\n - X25519\n - secp256r1", "type": "array", "items": { "type": "string", "default": "" - } - }, - "tenantID": { - "description": "tenantID specifies the tenant ID of the created port. Note that this requires OpenShift to have administrative permissions, which is typically not the case. Use of this field is not recommended. Deprecated: tenantID is silently ignored.", - "type": "string" - }, - "trunk": { - "description": "Enables and disables trunk at port level. If not provided, openStackMachine.Spec.Trunk is inherited.", - "type": "boolean" + }, + "x-kubernetes-list-type": "set" }, - "vnicType": { - "description": "The virtual network interface card (vNIC) type that is bound to the neutron port.", - "type": "string" + "minTLSVersion": { + "description": "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the TLS handshake. For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml):\n\n minTLSVersion: VersionTLS11", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.machine.v1alpha1.RootVolume": { + "com.github.openshift.api.config.v1.TLSSecurityProfile": { + "description": "TLSSecurityProfile defines the schema for a TLS security profile. This object is used by operators to apply TLS security settings to operands.", "type": "object", "properties": { - "availabilityZone": { - "description": "availabilityZone specifies the Cinder availability where the root volume will be created.", - "type": "string" - }, - "deviceType": { - "description": "Deprecated: deviceType will be silently ignored. There is no replacement.", - "type": "string" + "custom": { + "description": "custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic.\n\nThe supported groups list for this profile is empty by default.\n\nAn example custom profile looks like this:\n\n minTLSVersion: VersionTLS11\n ciphers:\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256", + "$ref": "#/definitions/com.github.openshift.api.config.v1.CustomTLSProfile" }, - "diskSize": { - "description": "diskSize specifies the size, in GiB, of the created root volume.", - "type": "integer", - "format": "int32" + "intermediate": { + "description": "intermediate is a TLS profile for use when you do not need compatibility with legacy clients and want to remain highly secure while being compatible with most clients currently in use.\n\nThe supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS12\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305", + "$ref": "#/definitions/com.github.openshift.api.config.v1.IntermediateTLSProfile" }, - "sourceType": { - "description": "Deprecated: sourceType will be silently ignored. There is no replacement.", - "type": "string" + "modern": { + "description": "modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS13\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256", + "$ref": "#/definitions/com.github.openshift.api.config.v1.ModernTLSProfile" }, - "sourceUUID": { - "description": "sourceUUID specifies the UUID of a glance image used to populate the root volume. Deprecated: set image in the platform spec instead. This will be ignored if image is set in the platform spec.", - "type": "string" + "old": { + "description": "old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort.\n\nThe supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768.\n\nThis profile is equivalent to a Custom profile specified as:\n minTLSVersion: VersionTLS10\n ciphers:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - ECDHE-ECDSA-AES128-GCM-SHA256\n - ECDHE-RSA-AES128-GCM-SHA256\n - ECDHE-ECDSA-AES256-GCM-SHA384\n - ECDHE-RSA-AES256-GCM-SHA384\n - ECDHE-ECDSA-CHACHA20-POLY1305\n - ECDHE-RSA-CHACHA20-POLY1305\n - ECDHE-ECDSA-AES128-SHA256\n - ECDHE-RSA-AES128-SHA256\n - ECDHE-ECDSA-AES128-SHA\n - ECDHE-RSA-AES128-SHA\n - ECDHE-ECDSA-AES256-SHA\n - ECDHE-RSA-AES256-SHA\n - AES128-GCM-SHA256\n - AES256-GCM-SHA384\n - AES128-SHA256\n - AES128-SHA\n - AES256-SHA\n - DES-CBC3-SHA", + "$ref": "#/definitions/com.github.openshift.api.config.v1.OldTLSProfile" }, - "volumeType": { - "description": "volumeType specifies a volume type to use when creating the root volume. If not specified the default volume type will be used.", - "type": "string" + "type": { + "description": "type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters.\n\nThe profiles are based on version 5.7 of the Mozilla Server Side TLS configuration guidelines. The cipher lists consist of the configuration's \"ciphersuites\" followed by the Go-specific \"ciphers\" from the guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json\n\nThe profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced.", + "type": "string", + "default": "" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "custom": "Custom", + "intermediate": "Intermediate", + "modern": "Modern", + "old": "Old" + } + } + ] + }, + "com.github.openshift.api.config.v1.TemplateReference": { + "description": "TemplateReference references a template in a specific namespace. The namespace must be specified at the point of use.", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "name is the metadata.name of the referenced project request template", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.machine.v1alpha1.SecurityGroupFilter": { + "com.github.openshift.api.config.v1.TestDetails": { "type": "object", + "required": [ + "testName" + ], "properties": { - "description": { - "description": "description filters security groups by description.", + "testName": { + "description": "testName is the name of the test as it appears in junit XMLs. It does not include the suite name since the same test can be executed in many suites.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.TestReporting": { + "description": "TestReporting is used for origin (and potentially others) to report the test names for a given FeatureGate into the payload for later analysis on a per-payload basis. This doesn't need any CRD because it's never stored in the cluster.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "required": [ + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "id": { - "description": "id specifies the ID of a security group to use. If set, id will not be validated before use. An invalid id will result in failure to create a server with an appropriate error message.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "limit": { - "description": "Deprecated: limit is silently ignored. It has no replacement.", - "type": "integer", - "format": "int32" - }, - "marker": { - "description": "Deprecated: marker is silently ignored. It has no replacement.", - "type": "string" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "name": { - "description": "name filters security groups by name.", - "type": "string" + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.TestReportingSpec" }, - "notTags": { - "description": "notTags filters by security groups which don't match all specified tags. NOT (t1 AND t2...) Multiple tags are comma separated.", - "type": "string" + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.TestReportingStatus" + } + } + }, + "com.github.openshift.api.config.v1.TestReportingSpec": { + "type": "object", + "required": [ + "testsForFeatureGates" + ], + "properties": { + "testsForFeatureGates": { + "description": "testsForFeatureGates is a list, indexed by FeatureGate and includes information about testing.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.FeatureGateTests" + } + } + } + }, + "com.github.openshift.api.config.v1.TestReportingStatus": { + "type": "object" + }, + "com.github.openshift.api.config.v1.TokenClaimMapping": { + "description": "TokenClaimMapping allows specifying a JWT token claim to be used when mapping claims from an authentication token to cluster identities.", + "type": "object", + "properties": { + "claim": { + "description": "claim is an optional field for specifying the JWT token claim that is used in the mapping. The value of this claim will be assigned to the field in which this mapping is associated. claim must not exceed 256 characters in length. When set to the empty string `\"\"`, this means that no named claim should be used for the group mapping. claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled.", + "type": "string", + "default": "" }, - "notTagsAny": { - "description": "notTagsAny filters by security groups which don't match any specified tags. NOT (t1 OR t2...) Multiple tags are comma separated.", + "expression": { + "description": "expression is an optional CEL expression used to derive group values from JWT claims.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length .\n\nWhen specified, claim must not be set or be explicitly set to the empty string (`\"\"`).", "type": "string" + } + } + }, + "com.github.openshift.api.config.v1.TokenClaimMappings": { + "type": "object", + "required": [ + "username" + ], + "properties": { + "extra": { + "description": "extra is an optional field for configuring the mappings used to construct the extra attribute for the cluster identity. When omitted, no extra attributes will be present on the cluster identity.\n\nkey values for extra mappings must be unique. A maximum of 32 extra attribute mappings may be provided.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ExtraMapping" + }, + "x-kubernetes-list-map-keys": [ + "key" + ], + "x-kubernetes-list-type": "map" }, - "projectId": { - "description": "projectId filters security groups by project ID.", - "type": "string" + "groups": { + "description": "groups is an optional field that configures how the groups of a cluster identity should be constructed from the claims in a JWT token issued by the identity provider.\n\nWhen referencing a claim, if the claim is present in the JWT token, its value must be a list of groups separated by a comma (',').\n\nFor example - '\"example\"' and '\"exampleOne\", \"exampleTwo\", \"exampleThree\"' are valid claim values.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.PrefixedClaimMapping" }, - "sortDir": { - "description": "Deprecated: sortDir is silently ignored. It has no replacement.", - "type": "string" + "uid": { + "description": "uid is an optional field for configuring the claim mapping used to construct the uid for the cluster identity.\n\nWhen using uid.claim to specify the claim it must be a single string value. When using uid.expression the expression must result in a single string value.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a default, which is subject to change over time.\n\nThe current default is to use the 'sub' claim.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenClaimOrExpressionMapping" }, - "sortKey": { - "description": "Deprecated: sortKey is silently ignored. It has no replacement.", + "username": { + "description": "username is a required field that configures how the username of a cluster identity should be constructed from the claims in a JWT token issued by the identity provider.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.UsernameClaimMapping" + } + } + }, + "com.github.openshift.api.config.v1.TokenClaimOrExpressionMapping": { + "description": "TokenClaimOrExpressionMapping allows specifying either a JWT token claim or CEL expression to be used when mapping claims from an authentication token to cluster identities.", + "type": "object", + "properties": { + "claim": { + "description": "claim is an optional field for specifying the JWT token claim that is used in the mapping. The value of this claim will be assigned to the field in which this mapping is associated.\n\nPrecisely one of claim or expression must be set. claim must not be specified when expression is set. When specified, claim must be at least 1 character in length and must not exceed 256 characters in length.", "type": "string" }, - "tags": { - "description": "tags filters by security groups containing all specified tags. Multiple tags are comma separated.", + "expression": { + "description": "expression is an optional field for specifying a CEL expression that produces a string value from JWT token claims.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'. 'claims' is a map of claim names to claim values. For example, the 'sub' claim value can be accessed as 'claims.sub'. Nested claims can be accessed using dot notation ('claims.foo.bar').\n\nPrecisely one of claim or expression must be set. expression must not be specified when claim is set. When specified, expression must be at least 1 character in length and must not exceed 1024 characters in length.", "type": "string" - }, - "tagsAny": { - "description": "tagsAny filters by security groups containing any specified tags. Multiple tags are comma separated.", + } + } + }, + "com.github.openshift.api.config.v1.TokenClaimValidationCELRule": { + "type": "object", + "required": [ + "expression", + "message" + ], + "properties": { + "expression": { + "description": "expression is a CEL expression evaluated against token claims. expression is required, must be at least 1 character in length and must not exceed 1024 characters. The expression must return a boolean value where 'true' signals a valid token and 'false' an invalid one.", "type": "string" }, - "tenantId": { - "description": "tenantId filters security groups by tenant ID. Deprecated: use projectId instead. tenantId will be ignored if projectId is set.", + "message": { + "description": "message is a required human-readable message to be logged by the Kubernetes API server if the CEL expression defined in 'expression' fails. message must be at least 1 character in length and must not exceed 256 characters.", "type": "string" } } }, - "com.github.openshift.api.machine.v1alpha1.SecurityGroupParam": { + "com.github.openshift.api.config.v1.TokenClaimValidationRule": { + "description": "TokenClaimValidationRule represents a validation rule based on token claims. If type is RequiredClaim, requiredClaim must be set. If Type is CEL, CEL must be set and RequiredClaim must be omitted.", "type": "object", + "required": [ + "type" + ], "properties": { - "filter": { - "description": "Filters used to query security groups in openstack", + "cel": { + "description": "cel holds the CEL expression and message for validation. Must be set when Type is \"CEL\", and forbidden otherwise.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.SecurityGroupFilter" + "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenClaimValidationCELRule" }, - "name": { - "description": "Security Group name", - "type": "string" + "requiredClaim": { + "description": "requiredClaim allows configuring a required claim name and its expected value. This field is required when `type` is set to RequiredClaim, and must be omitted when `type` is set to any other value. The Kubernetes API server uses this field to validate if an incoming JWT is valid for this identity provider.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.TokenRequiredClaim" }, - "uuid": { - "description": "Security Group UUID", - "type": "string" + "type": { + "description": "type is an optional field that configures the type of the validation rule.\n\nAllowed values are \"RequiredClaim\" and \"CEL\".\n\nWhen set to 'RequiredClaim', the Kubernetes API server will be configured to validate that the incoming JWT contains the required claim and that its value matches the required value.\n\nWhen set to 'CEL', the Kubernetes API server will be configured to validate the incoming JWT against the configured CEL expression.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.machine.v1alpha1.SubnetFilter": { + "com.github.openshift.api.config.v1.TokenConfig": { + "description": "TokenConfig holds the necessary configuration options for authorization and access tokens", "type": "object", "properties": { - "cidr": { - "description": "cidr filters subnets by CIDR.", - "type": "string" - }, - "description": { - "description": "description filters subnets by description.", - "type": "string" - }, - "enableDhcp": { - "description": "Deprecated: enableDhcp is silently ignored. It has no replacement.", - "type": "boolean" - }, - "gateway_ip": { - "description": "gateway_ip filters subnets by gateway IP.", - "type": "string" - }, - "id": { - "description": "id is the uuid of a specific subnet to use. If specified, id will not be validated. Instead server creation will fail with an appropriate error.", - "type": "string" + "accessTokenInactivityTimeout": { + "description": "accessTokenInactivityTimeout defines the token inactivity timeout for tokens granted by any client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Takes valid time duration string such as \"5m\", \"1.5h\" or \"2h45m\". The minimum allowed value for duration is 300s (5 minutes). If the timeout is configured per client, then that value takes precedence. If the timeout value is not specified and the client does not override the value, then tokens are valid until their lifetime.\n\nWARNING: existing tokens' timeout will not be affected (lowered) by changing this value", + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "ipVersion": { - "description": "ipVersion filters subnets by IP version.", + "accessTokenInactivityTimeoutSeconds": { + "description": "accessTokenInactivityTimeoutSeconds - DEPRECATED: setting this field has no effect.", "type": "integer", "format": "int32" }, - "ipv6AddressMode": { - "description": "ipv6AddressMode filters subnets by IPv6 address mode.", - "type": "string" - }, - "ipv6RaMode": { - "description": "ipv6RaMode filters subnets by IPv6 router adversiement mode.", - "type": "string" - }, - "limit": { - "description": "Deprecated: limit is silently ignored. It has no replacement.", + "accessTokenMaxAgeSeconds": { + "description": "accessTokenMaxAgeSeconds defines the maximum age of access tokens", "type": "integer", "format": "int32" - }, - "marker": { - "description": "Deprecated: marker is silently ignored. It has no replacement.", - "type": "string" - }, - "name": { - "description": "name filters subnets by name.", - "type": "string" - }, - "networkId": { - "description": "Deprecated: networkId is silently ignored. Set uuid on the containing network definition instead.", - "type": "string" - }, - "notTags": { - "description": "notTags filters by subnets which don't match all specified tags. NOT (t1 AND t2...) Multiple tags are comma separated.", - "type": "string" - }, - "notTagsAny": { - "description": "notTagsAny filters by subnets which don't match any specified tags. NOT (t1 OR t2...) Multiple tags are comma separated.", - "type": "string" - }, - "projectId": { - "description": "projectId filters subnets by project ID.", - "type": "string" - }, - "sortDir": { - "description": "Deprecated: sortDir is silently ignored. It has no replacement.", - "type": "string" - }, - "sortKey": { - "description": "Deprecated: sortKey is silently ignored. It has no replacement.", - "type": "string" - }, - "subnetpoolId": { - "description": "subnetpoolId filters subnets by subnet pool ID. Deprecated: subnetpoolId is silently ignored.", - "type": "string" - }, - "tags": { - "description": "tags filters by subnets containing all specified tags. Multiple tags are comma separated.", - "type": "string" - }, - "tagsAny": { - "description": "tagsAny filters by subnets containing any specified tags. Multiple tags are comma separated.", - "type": "string" - }, - "tenantId": { - "description": "tenantId filters subnets by tenant ID. Deprecated: use projectId instead. tenantId will be ignored if projectId is set.", - "type": "string" } } }, - "com.github.openshift.api.machine.v1alpha1.SubnetParam": { + "com.github.openshift.api.config.v1.TokenIssuer": { "type": "object", + "required": [ + "issuerURL", + "audiences" + ], "properties": { - "filter": { - "description": "Filters for optional network query", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.SubnetFilter" - }, - "portSecurity": { - "description": "portSecurity optionally enables or disables security on ports managed by OpenStack Deprecated: portSecurity is silently ignored. Set portSecurity on the parent network instead.", - "type": "boolean" - }, - "portTags": { - "description": "portTags are tags that are added to ports created on this subnet", + "audiences": { + "description": "audiences is a required field that configures the acceptable audiences the JWT token, issued by the identity provider, must be issued to. At least one of the entries must match the 'aud' claim in the JWT token.\n\naudiences must contain at least one entry and must not exceed ten entries.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "set" }, - "uuid": { - "description": "The UUID of the network. Required if you omit the port attribute.", + "discoveryURL": { + "description": "discoveryURL is an optional field that, if specified, overrides the default discovery endpoint used to retrieve OIDC configuration metadata. By default, the discovery URL is derived from `issuerURL` as \"{issuerURL}/.well-known/openid-configuration\".\n\nThe discoveryURL must be a valid absolute HTTPS URL. It must not contain query parameters, user information, or fragments. Additionally, it must differ from the value of `issuerURL` (ignoring trailing slashes). The discoveryURL value must be at least 1 character long and no longer than 2048 characters.", "type": "string" + }, + "issuerCertificateAuthority": { + "description": "issuerCertificateAuthority is an optional field that configures the certificate authority, used by the Kubernetes API server, to validate the connection to the identity provider when fetching discovery information.\n\nWhen not specified, the system trust is used.\n\nWhen specified, it must reference a ConfigMap in the openshift-config namespace containing the PEM-encoded CA certificates under the 'ca-bundle.crt' key in the data field of the ConfigMap.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + }, + "issuerURL": { + "description": "issuerURL is a required field that configures the URL used to issue tokens by the identity provider. The Kubernetes API server determines how authentication tokens should be handled by matching the 'iss' claim in the JWT to the issuerURL of configured identity providers.\n\nMust be at least 1 character and must not exceed 512 characters in length. Must be a valid URL that uses the 'https' scheme and does not contain a query, fragment or user.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.machine.v1beta1.AWSMachineProviderConfig": { - "description": "AWSMachineProviderConfig is the Schema for the awsmachineproviderconfigs API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.TokenRequiredClaim": { "type": "object", "required": [ - "ami", - "instanceType", - "deviceIndex", - "subnet", - "placement" + "claim", + "requiredValue" ], "properties": { - "ami": { - "description": "ami is the reference to the AMI from which to create the machine instance.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AWSResourceReference" + "claim": { + "description": "claim is a required field that configures the name of the required claim. When taken from the JWT claims, claim must be a string value.\n\nclaim must not be an empty string (\"\").", + "type": "string", + "default": "" }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "requiredValue": { + "description": "requiredValue is a required field that configures the value that 'claim' must have when taken from the incoming JWT claims. If the value in the JWT claims does not match, the token will be rejected for authentication.\n\nrequiredValue must not be an empty string (\"\").", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.TokenUserValidationRule": { + "description": "TokenUserValidationRule provides a CEL-based rule used to validate a token subject. Each rule contains a CEL expression that is evaluated against the token’s claims.", + "type": "object", + "required": [ + "expression", + "message" + ], + "properties": { + "expression": { + "description": "expression is a required CEL expression that performs a validation on cluster user identity attributes like username, groups, etc.\n\nThe expression must evaluate to a boolean value. When the expression evaluates to 'true', the cluster user identity is considered valid. When the expression evaluates to 'false', the cluster user identity is not considered valid. expression must be at least 1 character in length and must not exceed 1024 characters.", "type": "string" }, - "blockDevices": { - "description": "blockDevices is the set of block device mapping associated to this instance, block device without a name will be used as a root device and only one device without a name is allowed https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html", + "message": { + "description": "message is a required human-readable message to be logged by the Kubernetes API server if the CEL expression defined in 'expression' fails. message must be at least 1 character in length and must not exceed 256 characters.", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1.Update": { + "description": "Update represents an administrator update request.", + "type": "object", + "properties": { + "acceptRisks": { + "description": "acceptRisks is an optional set of names of conditional update risks that are considered acceptable. A conditional update is performed only if all of its risks are acceptable. This list may contain entries that apply to current, previous or future updates. The entries therefore may not map directly to a risk in .status.conditionalUpdateRisks. acceptRisks must not contain more than 1000 entries. Entries in this list must be unique.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.BlockDeviceMappingSpec" - } + "$ref": "#/definitions/com.github.openshift.api.config.v1.AcceptRisk" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "capacityReservationId": { - "description": "capacityReservationId specifies the target Capacity Reservation into which the instance should be launched. The field size should be greater than 0 and the field input must start with cr-***", + "architecture": { + "description": "architecture is an optional field that indicates the desired value of the cluster architecture. In this context cluster architecture means either a single architecture or a multi architecture. architecture can only be set to Multi thereby only allowing updates from single to multi architecture. If architecture is set, image cannot be set and version must be set. Valid values are 'Multi' and empty.", "type": "string", "default": "" }, - "cpuOptions": { - "description": "cpuOptions defines CPU-related settings for the instance, including the confidential computing policy. When omitted, this means no opinion and the AWS platform is left to choose a reasonable default. More info: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CpuOptionsRequest.html, https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cpu-options-supported-instances-values.html", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.CPUOptions" - }, - "credentialsSecret": { - "description": "credentialsSecret is a reference to the secret with AWS credentials. Otherwise, defaults to permissions provided by attached IAM role where the actuator is running.", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + "force": { + "description": "force allows an administrator to update to an image that has failed verification or upgradeable checks that are designed to keep your cluster safe. Only use this if: * you are testing unsigned release images in short-lived test clusters or * you are working around a known bug in the cluster-version\n operator and you have verified the authenticity of the provided\n image yourself.\nThe provided image will run with full administrative access to the cluster. Do not use this flag with images that come from unknown or potentially malicious sources.", + "type": "boolean", + "default": false }, - "deviceIndex": { - "description": "deviceIndex is the index of the device on the instance for the network interface attachment. Defaults to 0.", - "type": "integer", - "format": "int64", - "default": 0 + "image": { + "description": "image is a container image location that contains the update. image should be used when the desired version does not exist in availableUpdates or history. When image is set, architecture cannot be specified. If both version and image are set, the version extracted from the referenced image must match the specified version.", + "type": "string", + "default": "" }, - "iamInstanceProfile": { - "description": "iamInstanceProfile is a reference to an IAM role to assign to the instance", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AWSResourceReference" + "mode": { + "description": "mode determines how an update should be processed. The only valid value is \"Preflight\". When omitted, the cluster performs a normal update by applying the specified version or image to the cluster. This is the standard update behavior. When set to \"Preflight\", the cluster runs compatibility checks against the target release without performing an actual update. Compatibility results, including any detected risks, are reported in status.conditionalUpdates and status.conditionalUpdateRisks alongside risks from the update recommendation service. This allows administrators to assess update readiness and address issues before committing to the update. Preflight mode is particularly useful for skip-level updates where upgrade compatibility needs to be verified across multiple minor versions. When mode is set to \"Preflight\", the same rules for version, image, and architecture apply as for normal updates.\n\nPossible enum values:\n - `\"Preflight\"` allows an update to be checked for compatibility without committing to updating the cluster.", + "type": "string", + "enum": [ + "Preflight" + ] }, - "instanceType": { - "description": "instanceType is the type of instance to create. Example: m4.xlarge", + "version": { + "description": "version is a semantic version identifying the update version. version is required if architecture is specified. If both version and image are set, the version extracted from the referenced image must match the specified version.", "type": "string", "default": "" - }, - "keyName": { - "description": "keyName is the name of the KeyPair to use for SSH", + } + } + }, + "com.github.openshift.api.config.v1.UpdateHistory": { + "description": "UpdateHistory is a single attempted update to the cluster.", + "type": "object", + "required": [ + "state", + "startedTime", + "completionTime", + "image", + "verified" + ], + "properties": { + "acceptedRisks": { + "description": "acceptedRisks records risks which were accepted to initiate the update. For example, it may mention an Upgradeable=False or missing signature that was overridden via desiredUpdate.force, or an update that was initiated despite not being in the availableUpdates set of recommended update targets.", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "completionTime": { + "description": "completionTime, if set, is when the update was fully applied. The update that is currently being applied will have a null completion time. Completion time will always be set for entries that are not the current update (usually to the started time of the next update).", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "loadBalancers": { - "description": "loadBalancers is the set of load balancers to which the new instance should be added once it is created.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.LoadBalancerReference" - } + "image": { + "description": "image is a container image location that contains the update. This value is always populated.", + "type": "string", + "default": "" }, - "marketType": { - "description": "marketType specifies the type of market for the EC2 instance. Valid values are OnDemand, Spot, CapacityBlock and omitted.\n\nDefaults to OnDemand. When SpotMarketOptions is provided, the marketType defaults to \"Spot\".\n\nWhen set to OnDemand the instance runs as a standard OnDemand instance. When set to Spot the instance runs as a Spot instance. When set to CapacityBlock the instance utilizes pre-purchased compute capacity (capacity blocks) with AWS Capacity Reservations. If this value is selected, capacityReservationID must be specified to identify the target reservation.", - "type": "string" + "startedTime": { + "description": "startedTime is the time at which the update was started.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "metadata": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "state": { + "description": "state reflects whether the update was fully applied. The Partial state indicates the update is not fully applied, while the Completed state indicates the update was successfully rolled out at least once (all parts of the update successfully applied).", + "type": "string", + "default": "" }, - "metadataServiceOptions": { - "description": "metadataServiceOptions allows users to configure instance metadata service interaction options. If nothing specified, default AWS IMDS settings will be applied. https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_InstanceMetadataOptionsRequest.html", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MetadataServiceOptions" + "verified": { + "description": "verified indicates whether the provided update was properly verified before it was installed. If this is false the cluster may not be trusted. Verified does not cover upgradeable checks that depend on the cluster state at the time when the update target was accepted.", + "type": "boolean", + "default": false }, - "networkInterfaceType": { - "description": "networkInterfaceType specifies the type of network interface to be used for the primary network interface. Valid values are \"ENA\", \"EFA\", and omitted, which means no opinion and the platform chooses a good default which may change over time. The current default value is \"ENA\". Please visit https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html to learn more about the AWS Elastic Fabric Adapter interface option.", + "version": { + "description": "version is a semantic version identifying the update version. If the requested image does not define a version, or if a failure occurs retrieving the image, this value may be empty.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1.UsernameClaimMapping": { + "type": "object", + "properties": { + "claim": { + "description": "claim is an optional field that configures the JWT token claim whose value is assigned to the cluster identity field associated with this mapping. claim is required when the ExternalOIDCWithUpstreamParity feature gate is not enabled. When the ExternalOIDCWithUpstreamParity feature gate is enabled, claim must not be set when expression is set.\n\nclaim must not be an empty string (\"\") and must not exceed 256 characters.", "type": "string" }, - "placement": { - "description": "placement specifies where to create the instance in AWS", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Placement" - }, - "placementGroupName": { - "description": "placementGroupName specifies the name of the placement group in which to launch the instance. The placement group must already be created and may use any placement strategy. When omitted, no placement group is used when creating the EC2 instance.", + "expression": { + "description": "expression is an optional CEL expression used to derive the username from JWT claims.\n\nCEL expressions have access to the token claims through a CEL variable, 'claims'.\n\nexpression must be at least 1 character and must not exceed 1024 characters in length. expression must not be set when claim is set.", "type": "string" }, - "placementGroupPartition": { - "description": "placementGroupPartition is the partition number within the placement group in which to launch the instance. This must be an integer value between 1 and 7. It is only valid if the placement group, referred in `PlacementGroupName` was created with strategy set to partition.", - "type": "integer", - "format": "int32" - }, - "publicIp": { - "description": "publicIp specifies whether the instance should get a public IP. If not present, it should use the default of its subnet.", - "type": "boolean" - }, - "securityGroups": { - "description": "securityGroups is an array of references to security groups that should be applied to the instance.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AWSResourceReference" - } - }, - "spotMarketOptions": { - "description": "spotMarketOptions allows users to configure instances to be run using AWS Spot instances.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.SpotMarketOptions" - }, - "subnet": { - "description": "subnet is a reference to the subnet to use for this instance", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AWSResourceReference" + "prefix": { + "description": "prefix configures the prefix that should be prepended to the value of the JWT claim.\n\nprefix must be set when prefixPolicy is set to 'Prefix' and must be unset otherwise.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.UsernamePrefix" }, - "tags": { - "description": "tags is the set of tags to add to apply to an instance, in addition to the ones added by default by the actuator. These tags are additive. The actuator will ensure these tags are present, but will not remove any other tags that may exist on the instance.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.TagSpecification" + "prefixPolicy": { + "description": "prefixPolicy is an optional field that configures how a prefix should be applied to the value of the JWT claim specified in the 'claim' field.\n\nAllowed values are 'Prefix', 'NoPrefix', and omitted (not provided or an empty string).\n\nWhen set to 'Prefix', the value specified in the prefix field will be prepended to the value of the JWT claim. The prefix field must be set when prefixPolicy is 'Prefix'. Must not be set to 'Prefix' when expression is set. When set to 'NoPrefix', no prefix will be prepended to the value of the JWT claim. When omitted, this means no opinion and the platform is left to choose any prefixes that are applied which is subject to change over time. Currently, the platform prepends `{issuerURL}#` to the value of the JWT claim when the claim is not 'email'.\n\nAs an example, consider the following scenario:\n\n `prefix` is unset, `issuerURL` is set to `https://myoidc.tld`,\n the JWT claims include \"username\":\"userA\" and \"email\":\"userA@myoidc.tld\",\n and `claim` is set to:\n - \"username\": the mapped value will be \"https://myoidc.tld#userA\"\n - \"email\": the mapped value will be \"userA@myoidc.tld\"", + "type": "string", + "default": "" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "prefixPolicy", + "fields-to-discriminateBy": { + "claim": "Claim", + "expression": "Expression", + "prefix": "Prefix" } - }, - "userDataSecret": { - "description": "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" } - } + ] }, - "com.github.openshift.api.machine.v1beta1.AWSMachineProviderConfigList": { - "description": "AWSMachineProviderConfigList contains a list of AWSMachineProviderConfig Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.UsernamePrefix": { + "description": "UsernamePrefix configures the string that should be used as a prefix for username claim mappings.", "type": "object", "required": [ - "items" + "prefixString" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AWSMachineProviderConfig" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "prefixString": { + "description": "prefixString is a required field that configures the prefix that will be applied to cluster identity username attribute during the process of mapping JWT claims to cluster identity attributes.\n\nprefixString must not be an empty string (\"\").", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.machine.v1beta1.AWSMachineProviderStatus": { - "description": "AWSMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains AWS-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.VSphereFailureDomainHostGroup": { + "description": "VSphereFailureDomainHostGroup holds the vmGroup and the hostGroup names in vCenter corresponds to a vm-host group of type Virtual Machine and Host respectively. Is also contains the vmHostRule which is an affinity vm-host rule in vCenter.", "type": "object", + "required": [ + "vmGroup", + "hostGroup", + "vmHostRule" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "conditions": { - "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "dedicatedHost": { - "description": "dedicatedHost tracks the dynamically allocated dedicated host. This field is populated when allocationStrategy is Dynamic (with or without DynamicHostAllocation). When omitted, this indicates that the dedicated host has not yet been allocated, or allocation is in progress.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DedicatedHostStatus" - }, - "instanceId": { - "description": "instanceId is the instance ID of the machine created in AWS", - "type": "string" + "hostGroup": { + "description": "hostGroup is the name of the vm-host group of type host within vCenter for this failure domain. hostGroup is limited to 80 characters. This field is required when the VSphereFailureDomain ZoneType is HostGroup", + "type": "string", + "default": "" }, - "instanceState": { - "description": "instanceState is the state of the AWS instance for this machine", - "type": "string" + "vmGroup": { + "description": "vmGroup is the name of the vm-host group of type virtual machine within vCenter for this failure domain. vmGroup is limited to 80 characters. This field is required when the VSphereFailureDomain ZoneType is HostGroup", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "vmHostRule": { + "description": "vmHostRule is the name of the affinity vm-host rule within vCenter for this failure domain. vmHostRule is limited to 80 characters. This field is required when the VSphereFailureDomain ZoneType is HostGroup", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.machine.v1beta1.AWSResourceReference": { - "description": "AWSResourceReference is a reference to a specific AWS resource by ID, ARN, or filters. Only one of ID, ARN or Filters may be specified. Specifying more than one will result in a validation error.", + "com.github.openshift.api.config.v1.VSphereFailureDomainRegionAffinity": { + "description": "VSphereFailureDomainRegionAffinity contains the region type which is the string representation of the VSphereFailureDomainRegionType with available options of Datacenter and ComputeCluster.", "type": "object", + "required": [ + "type" + ], "properties": { - "arn": { - "description": "arn of resource", - "type": "string" - }, - "filters": { - "description": "filters is a set of filters used to identify a resource", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Filter" - } + "type": { + "description": "type determines the vSphere object type for a region within this failure domain. Available types are Datacenter and ComputeCluster. When set to Datacenter, this means the vCenter Datacenter defined is the region. When set to ComputeCluster, this means the vCenter cluster defined is the region.\n\nPossible enum values:\n - `\"ComputeCluster\"` is a failure domain region for a vCenter compute cluster.\n - `\"Datacenter\"` is a failure domain region for a vCenter datacenter.", + "type": "string", + "default": "", + "enum": [ + "ComputeCluster", + "Datacenter" + ] + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": {} + } + ] + }, + "com.github.openshift.api.config.v1.VSphereFailureDomainZoneAffinity": { + "description": "VSphereFailureDomainZoneAffinity contains the vCenter cluster vm-host group (virtual machine and host types) and the vm-host affinity rule that together creates an affinity configuration for vm-host based zonal. This configuration within vCenter creates the required association between a failure domain, virtual machines and ESXi hosts to create a vm-host based zone.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "hostGroup": { + "description": "hostGroup holds the vmGroup and the hostGroup names in vCenter corresponds to a vm-host group of type Virtual Machine and Host respectively. Is also contains the vmHostRule which is an affinity vm-host rule in vCenter.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.VSphereFailureDomainHostGroup" }, - "id": { - "description": "id of resource", - "type": "string" + "type": { + "description": "type determines the vSphere object type for a zone within this failure domain. Available types are ComputeCluster and HostGroup. When set to ComputeCluster, this means the vCenter cluster defined is the zone. When set to HostGroup, hostGroup must be configured with hostGroup, vmGroup and vmHostRule and this means the zone is defined by the grouping of those fields.\n\nPossible enum values:\n - `\"ComputeCluster\"` is a failure domain zone for a vCenter compute cluster.\n - `\"HostGroup\"` is a failure domain zone for a vCenter vm-host group.", + "type": "string", + "default": "", + "enum": [ + "ComputeCluster", + "HostGroup" + ] } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "hostGroup": "HostGroup" + } + } + ] }, - "com.github.openshift.api.machine.v1beta1.AddressesFromPool": { - "description": "AddressesFromPool is an IPAddressPool that will be used to create IPAddressClaims for fulfillment by an external controller.", + "com.github.openshift.api.config.v1.VSpherePlatformFailureDomainSpec": { + "description": "VSpherePlatformFailureDomainSpec holds the region and zone failure domain and the vCenter topology of that failure domain.", "type": "object", "required": [ - "group", - "resource", - "name" + "name", + "region", + "zone", + "server", + "topology" ], "properties": { - "group": { - "description": "group of the IP address pool type known to an external IPAM controller. This should be a fully qualified domain name, for example, externalipam.controller.io.", + "name": { + "description": "name defines the arbitrary but unique name of a failure domain.", "type": "string", "default": "" }, - "name": { - "description": "name of an IP address pool, for example, pool-config-1.", + "region": { + "description": "region defines the name of a region tag that will be attached to a vCenter datacenter. The tag category in vCenter must be named openshift-region.", "type": "string", "default": "" }, - "resource": { - "description": "resource of the IP address pool type known to an external IPAM controller. It is normally the plural form of the resource kind in lowercase, for example, ippools.", + "regionAffinity": { + "description": "regionAffinity holds the type of region, Datacenter or ComputeCluster. When set to Datacenter, this means the region is a vCenter Datacenter as defined in topology. When set to ComputeCluster, this means the region is a vCenter Cluster as defined in topology.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.VSphereFailureDomainRegionAffinity" + }, + "server": { + "description": "server is the fully-qualified domain name or the IP address of the vCenter server.", + "type": "string", + "default": "" + }, + "topology": { + "description": "topology describes a given failure domain using vSphere constructs", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformTopology" + }, + "zone": { + "description": "zone defines the name of a zone tag that will be attached to a vCenter cluster. The tag category in vCenter must be named openshift-zone.", "type": "string", "default": "" + }, + "zoneAffinity": { + "description": "zoneAffinity holds the type of the zone and the hostGroup which vmGroup and the hostGroup names in vCenter corresponds to a vm-host group of type Virtual Machine and Host respectively. Is also contains the vmHostRule which is an affinity vm-host rule in vCenter.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.VSphereFailureDomainZoneAffinity" } } }, - "com.github.openshift.api.machine.v1beta1.AzureBootDiagnostics": { - "description": "AzureBootDiagnostics configures the boot diagnostics settings for the virtual machine. This allows you to configure capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", + "com.github.openshift.api.config.v1.VSpherePlatformLoadBalancer": { + "description": "VSpherePlatformLoadBalancer defines the load balancer used by the cluster on VSphere platform.", "type": "object", - "required": [ - "storageAccountType" - ], "properties": { - "customerManaged": { - "description": "customerManaged provides reference to the customer manager storage account.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AzureCustomerManagedBootDiagnostics" - }, - "storageAccountType": { - "description": "storageAccountType determines if the storage account for storing the diagnostics data should be provisioned by Azure (AzureManaged) or by the customer (CustomerManaged).", + "type": { + "description": "type defines the type of load balancer used by the cluster on VSphere platform which can be a user-managed or openshift-managed load balancer that is to be used for the OpenShift API and Ingress endpoints. When set to OpenShiftManagedDefault the static pods in charge of API and Ingress traffic load-balancing defined in the machine config operator will be deployed. When set to UserManaged these static pods will not be deployed and it is expected that the load balancer is configured out of band by the deployer. When omitted, this means no opinion and the platform is left to choose a reasonable default. The default value is OpenShiftManagedDefault.", "type": "string", - "default": "" + "default": "OpenShiftManagedDefault" } }, "x-kubernetes-unions": [ { - "discriminator": "storageAccountType", - "fields-to-discriminateBy": { - "customerManaged": "CustomerManaged" - } + "discriminator": "type", + "fields-to-discriminateBy": {} } ] }, - "com.github.openshift.api.machine.v1beta1.AzureCustomerManagedBootDiagnostics": { - "description": "AzureCustomerManagedBootDiagnostics provides reference to a customer managed storage account.", - "type": "object", - "required": [ - "storageAccountURI" - ], - "properties": { - "storageAccountURI": { - "description": "storageAccountURI is the URI of the customer managed storage account. The URI typically will be `https://.blob.core.windows.net/` but may differ if you are using Azure DNS zone endpoints. You can find the correct endpoint by looking for the Blob Primary Endpoint in the endpoints tab in the Azure console.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.machine.v1beta1.AzureDiagnostics": { - "description": "AzureDiagnostics is used to configure the diagnostic settings of the virtual machine.", + "com.github.openshift.api.config.v1.VSpherePlatformNodeNetworking": { + "description": "VSpherePlatformNodeNetworking holds the external and internal node networking spec.", "type": "object", "properties": { - "boot": { - "description": "AzureBootDiagnostics configures the boot diagnostics settings for the virtual machine. This allows you to configure capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AzureBootDiagnostics" + "external": { + "description": "external represents the network configuration of the node that is externally routable.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformNodeNetworkingSpec" + }, + "internal": { + "description": "internal represents the network configuration of the node that is routable only within the cluster.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformNodeNetworkingSpec" } } }, - "com.github.openshift.api.machine.v1beta1.AzureMachineProviderSpec": { - "description": "AzureMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an Azure virtual machine. It is used by the Azure machine actuator to create a single Machine. Required parameters such as location that are not specified by this configuration, will be defaulted by the actuator. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.VSpherePlatformNodeNetworkingSpec": { + "description": "VSpherePlatformNodeNetworkingSpec holds the network CIDR(s) and port group name for including and excluding IP ranges in the cloud provider. This would be used for example when multiple network adapters are attached to a guest to help determine which IP address the cloud config manager should use for the external and internal node networking.", "type": "object", - "required": [ - "image", - "osDisk", - "publicIP", - "subnet" - ], "properties": { - "acceleratedNetworking": { - "description": "acceleratedNetworking enables or disables Azure accelerated networking feature. Set to false by default. If true, then this will depend on whether the requested VMSize is supported. If set to true with an unsupported VMSize, Azure will return an error.", - "type": "boolean" - }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "applicationSecurityGroups": { - "description": "Application Security Groups that need to be attached to the machine's interface. No application security groups will be attached if zero-length.", + "excludeNetworkSubnetCidr": { + "description": "excludeNetworkSubnetCidr IP addresses in subnet ranges will be excluded when selecting the IP address from the VirtualMachine's VM for use in the status.addresses fields.", "type": "array", "items": { "type": "string", "default": "" - } - }, - "availabilitySet": { - "description": "availabilitySet specifies the availability set to use for this instance. Availability set should be precreated, before using this field.", - "type": "string" + }, + "x-kubernetes-list-type": "atomic" }, - "capacityReservationGroupID": { - "description": "capacityReservationGroupID specifies the capacity reservation group resource id that should be used for allocating the virtual machine. The field size should be greater than 0 and the field input must start with '/'. The input for capacityReservationGroupID must be similar to '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/capacityReservationGroups/{capacityReservationGroupName}'. The keys which are used should be among 'subscriptions', 'providers' and 'resourcegroups' followed by valid ID or names respectively.", + "network": { + "description": "network VirtualMachine's VM Network names that will be used to when searching for status.addresses fields. Note that if internal.networkSubnetCIDR and external.networkSubnetCIDR are not set, then the vNIC associated to this network must only have a single IP address assigned to it. The available networks (port groups) can be listed using `govc ls 'network/*'`", "type": "string" }, - "credentialsSecret": { - "description": "credentialsSecret is a reference to the secret with Azure credentials.", - "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" - }, - "dataDisks": { - "description": "DataDisk specifies the parameters that are used to add one or more data disks to the machine.", + "networkSubnetCidr": { + "description": "networkSubnetCidr IP address on VirtualMachine's network interfaces included in the fields' CIDRs that will be used in respective status.addresses fields.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DataDisk" - } - }, - "diagnostics": { - "description": "diagnostics configures the diagnostics settings for the virtual machine. This allows you to configure boot diagnostics such as capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AzureDiagnostics" - }, - "image": { - "description": "image is the OS image to use to create the instance.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Image" - }, - "internalLoadBalancer": { - "description": "InternalLoadBalancerName to use for this instance", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "location": { - "description": "location is the region to use to create the instance", - "type": "string" - }, - "managedIdentity": { - "description": "managedIdentity to set managed identity name", - "type": "string" - }, - "metadata": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "natRule": { - "description": "natRule to set inbound NAT rule of the load balancer", - "type": "integer", - "format": "int64" - }, - "networkResourceGroup": { - "description": "networkResourceGroup is the resource group for the virtual machine's network", - "type": "string" - }, - "osDisk": { - "description": "osDisk represents the parameters for creating the OS disk.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.OSDisk" - }, - "publicIP": { - "description": "publicIP if true a public IP will be used", - "type": "boolean", - "default": false - }, - "publicLoadBalancer": { - "description": "publicLoadBalancer to use for this instance", - "type": "string" - }, - "resourceGroup": { - "description": "resourceGroup is the resource group for the virtual machine", - "type": "string" - }, - "securityGroup": { - "description": "Network Security Group that needs to be attached to the machine's interface. No security group will be attached if empty.", - "type": "string" - }, - "securityProfile": { - "description": "securityProfile specifies the Security profile settings for a virtual machine.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.SecurityProfile" - }, - "spotVMOptions": { - "description": "spotVMOptions allows the ability to specify the Machine should use a Spot VM", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.SpotVMOptions" - }, - "sshPublicKey": { - "description": "sshPublicKey is the public key to use to SSH to the virtual machine.", - "type": "string" - }, - "subnet": { - "description": "subnet to use for this instance", - "type": "string", - "default": "" - }, - "tags": { - "description": "tags is a list of tags to apply to the machine.", - "type": "object", - "additionalProperties": { "type": "string", "default": "" - } - }, - "ultraSSDCapability": { - "description": "ultraSSDCapability enables or disables Azure UltraSSD capability for a virtual machine. This can be used to allow/disallow binding of Azure UltraSSD to the Machine both as Data Disks or via Persistent Volumes. This Azure feature is subject to a specific scope and certain limitations. More informations on this can be found in the official Azure documentation for Ultra Disks: (https://docs.microsoft.com/en-us/azure/virtual-machines/disks-enable-ultra-ssd?tabs=azure-portal#ga-scope-and-limitations).\n\nWhen omitted, if at least one Data Disk of type UltraSSD is specified, the platform will automatically enable the capability. If a Perisistent Volume backed by an UltraSSD is bound to a Pod on the Machine, when this field is ommitted, the platform will *not* automatically enable the capability (unless already enabled by the presence of an UltraSSD as Data Disk). This may manifest in the Pod being stuck in `ContainerCreating` phase. This defaulting behaviour may be subject to change in future.\n\nWhen set to \"Enabled\", if the capability is available for the Machine based on the scope and limitations described above, the capability will be set on the Machine. This will thus allow UltraSSD both as Data Disks and Persistent Volumes. If set to \"Enabled\" when the capability can't be available due to scope and limitations, the Machine will go into \"Failed\" state.\n\nWhen set to \"Disabled\", UltraSSDs will not be allowed either as Data Disks nor as Persistent Volumes. In this case if any UltraSSDs are specified as Data Disks on a Machine, the Machine will go into a \"Failed\" state. If instead any UltraSSDs are backing the volumes (via Persistent Volumes) of any Pods scheduled on a Node which is backed by the Machine, the Pod may get stuck in `ContainerCreating` phase.", - "type": "string" - }, - "userDataSecret": { - "description": "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", - "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" - }, - "vmSize": { - "description": "vmSize is the size of the VM to create.", - "type": "string" - }, - "vnet": { - "description": "vnet to set virtual network name", - "type": "string" - }, - "zone": { - "description": "Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone", - "type": "string" + }, + "x-kubernetes-list-type": "set" } } }, - "com.github.openshift.api.machine.v1beta1.AzureMachineProviderStatus": { - "description": "AzureMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains Azure-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1.VSpherePlatformSpec": { + "description": "VSpherePlatformSpec holds the desired state of the vSphere infrastructure provider. In the future the cloud provider operator, storage operator and machine operator will use these fields for configuration.", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "apiServerInternalIPs": { + "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.apiServerInternalIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "conditions": { - "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status.", + "failureDomains": { + "description": "failureDomains contains the definition of region, zone and the vCenter topology. If this is omitted failure domains (regions and zones) will not be used.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformFailureDomainSpec" }, "x-kubernetes-list-map-keys": [ - "type" + "name" ], "x-kubernetes-list-type": "map" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "ingressIPs": { + "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IP addresses, one from IPv4 family and one from IPv6. In single stack clusters a single IP address is expected. When omitted, values from the status.ingressIPs will be used. Once set, the list cannot be completely removed (but its second entry can).", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "metadata": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "machineNetworks": { + "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, for example \"10.0.0.0/8\" or \"fd00::/8\".", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "vmId": { - "description": "vmId is the ID of the virtual machine created in Azure.", - "type": "string" + "nodeNetworking": { + "description": "nodeNetworking contains the definition of internal and external network constraints for assigning the node's networking. If this field is omitted, networking defaults to the legacy address selection behavior which is to only support a single address and return the first one found.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformNodeNetworking" }, - "vmState": { - "description": "vmState is the provisioning state of the Azure virtual machine.", - "type": "string" + "vcenters": { + "description": "vcenters holds the connection details for services to communicate with vCenter. Currently, only a single vCenter is supported, but in tech preview 3 vCenters are supported. Once the cluster has been installed, you are unable to change the current number of defined vCenters except in the case where the cluster has been upgraded from a version of OpenShift where the vsphere platform spec was not present. You may make modifications to the existing vCenters that are defined in the vcenters list in order to match with any added or modified failure domains.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformVCenterSpec" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.machine.v1beta1.BlockDeviceMappingSpec": { - "description": "BlockDeviceMappingSpec describes a block device mapping", + "com.github.openshift.api.config.v1.VSpherePlatformStatus": { + "description": "VSpherePlatformStatus holds the current status of the vSphere infrastructure provider.", "type": "object", + "required": [ + "apiServerInternalIPs", + "ingressIPs" + ], "properties": { - "deviceName": { - "description": "The device name exposed to the machine (for example, /dev/sdh or xvdh).", + "apiServerInternalIP": { + "description": "apiServerInternalIP is an IP address to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. It is the IP that the Infrastructure.status.apiServerInternalURI points to. It is the IP for a self-hosted load balancer in front of the API servers.\n\nDeprecated: Use APIServerInternalIPs instead.", "type": "string" }, - "ebs": { - "description": "Parameters used to automatically set up EBS volumes when the machine is launched.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.EBSBlockDeviceSpec" + "apiServerInternalIPs": { + "description": "apiServerInternalIPs are the IP addresses to contact the Kubernetes API server that can be used by components inside the cluster, like kubelets using the infrastructure rather than Kubernetes networking. These are the IPs for a self-hosted load balancer in front of the API servers. In dual stack clusters this list contains two IPs otherwise only one.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "noDevice": { - "description": "Suppresses the specified device included in the block device mapping of the AMI.", - "type": "string" + "dnsRecordsType": { + "description": "dnsRecordsType determines whether records for api, api-int, and ingress are provided by the internal DNS service or externally. Allowed values are `Internal`, `External`, and omitted. When set to `Internal`, records are provided by the internal infrastructure and no additional user configuration is required for the cluster to function. When set to `External`, records are not provided by the internal infrastructure and must be configured by the user on a DNS server outside the cluster. Cluster nodes must use this external server for their upstream DNS requests. This value may only be set when loadBalancer.type is set to UserManaged. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `Internal`.\n\nPossible enum values:\n - `\"External\"`\n - `\"Internal\"`", + "type": "string", + "enum": [ + "External", + "Internal" + ] }, - "virtualName": { - "description": "The virtual device name (ephemeralN). Machine store volumes are numbered starting from 0. An machine type with 2 available machine store volumes can specify mappings for ephemeral0 and ephemeral1.The number of available machine store volumes depends on the machine type. After you connect to the machine, you must mount the volume.\n\nConstraints: For M3 machines, you must specify machine store volumes in the block device mapping for the machine. When you launch an M3 machine, we ignore any machine store volumes specified in the block device mapping for the AMI.", + "ingressIP": { + "description": "ingressIP is an external IP which routes to the default ingress controller. The IP is a suitable target of a wildcard DNS record used to resolve default route host names.\n\nDeprecated: Use IngressIPs instead.", "type": "string" - } - } - }, - "com.github.openshift.api.machine.v1beta1.CPUOptions": { - "description": "CPUOptions defines CPU-related settings for the instance, including the confidential computing policy. If provided, it must not be empty — at least one field must be set.", - "type": "object", - "properties": { - "confidentialCompute": { - "description": "confidentialCompute specifies whether confidential computing should be enabled for the instance, and, if so, which confidential computing technology to use. Valid values are: Disabled, AMDEncryptedVirtualizationNestedPaging and omitted. When set to Disabled, confidential computing will be disabled for the instance. When set to AMDEncryptedVirtualizationNestedPaging, AMD SEV-SNP will be used as the confidential computing technology for the instance. In this case, ensure the following conditions are met: 1) The selected instance type supports AMD SEV-SNP. 2) The selected AWS region supports AMD SEV-SNP. 3) The selected AMI supports AMD SEV-SNP. More details can be checked at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html When omitted, this means no opinion and the AWS platform is left to choose a reasonable default, which is subject to change without notice. The current default is Disabled.", + }, + "ingressIPs": { + "description": "ingressIPs are the external IPs which route to the default ingress controller. The IPs are suitable targets of a wildcard DNS record used to resolve default route host names. In dual stack clusters this list contains two IPs otherwise only one.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "loadBalancer": { + "description": "loadBalancer defines how the load balancer used by the cluster is configured.", + "default": { + "type": "OpenShiftManagedDefault" + }, + "$ref": "#/definitions/com.github.openshift.api.config.v1.VSpherePlatformLoadBalancer" + }, + "machineNetworks": { + "description": "machineNetworks are IP networks used to connect all the OpenShift cluster nodes.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "nodeDNSIP": { + "description": "nodeDNSIP is the IP address for the internal DNS used by the nodes. Unlike the one managed by the DNS operator, `NodeDNSIP` provides name resolution for the nodes themselves. There is no DNS-as-a-service for vSphere deployments. In order to minimize necessary changes to the datacenter DNS, a DNS service is hosted as a static pod to serve those hostnames to the nodes in the cluster.", "type": "string" } } }, - "com.github.openshift.api.machine.v1beta1.Condition": { - "description": "Condition defines an observation of a Machine API resource operational state.", + "com.github.openshift.api.config.v1.VSpherePlatformTopology": { + "description": "VSpherePlatformTopology holds the required and optional vCenter objects - datacenter, computeCluster, networks, datastore and resourcePool - to provision virtual machines.", "type": "object", "required": [ - "type", - "status", - "lastTransitionTime" + "datacenter", + "computeCluster", + "networks", + "datastore" ], "properties": { - "lastTransitionTime": { - "description": "Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "message": { - "description": "A human readable message indicating details about the transition. This field may be empty.", - "type": "string" - }, - "reason": { - "description": "The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.", - "type": "string" - }, - "severity": { - "description": "severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.", - "type": "string" + "computeCluster": { + "description": "computeCluster the absolute path of the vCenter cluster in which virtual machine will be located. The absolute path is of the form //host/. The maximum length of the path is 2048 characters.", + "type": "string", + "default": "" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", + "datacenter": { + "description": "datacenter is the name of vCenter datacenter in which virtual machines will be located. The maximum length of the datacenter name is 80 characters.", "type": "string", "default": "" }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.", + "datastore": { + "description": "datastore is the absolute path of the datastore in which the virtual machine is located. The absolute path is of the form //datastore/ The maximum length of the path is 2048 characters.", "type": "string", "default": "" + }, + "folder": { + "description": "folder is the absolute path of the folder where virtual machines are located. The absolute path is of the form //vm/. The maximum length of the path is 2048 characters.", + "type": "string" + }, + "networks": { + "description": "networks is the list of port group network names within this failure domain. If feature gate VSphereMultiNetworks is enabled, up to 10 network adapters may be defined. 10 is the maximum number of virtual network devices which may be attached to a VM as defined by: https://configmax.esp.vmware.com/guest?vmwareproduct=vSphere&release=vSphere%208.0&categories=1-0 The available networks (port groups) can be listed using `govc ls 'network/*'` Networks should be in the form of an absolute path: //network/.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "resourcePool": { + "description": "resourcePool is the absolute path of the resource pool where virtual machines will be created. The absolute path is of the form //host//Resources/. The maximum length of the path is 2048 characters.", + "type": "string" + }, + "template": { + "description": "template is the full inventory path of the virtual machine or template that will be cloned when creating new machines in this failure domain. The maximum length of the path is 2048 characters.\n\nWhen omitted, the template will be calculated by the control plane machineset operator based on the region and zone defined in VSpherePlatformFailureDomainSpec. For example, for zone=zonea, region=region1, and infrastructure name=test, the template path would be calculated as //vm/test-rhcos-region1-zonea.", + "type": "string" } } }, - "com.github.openshift.api.machine.v1beta1.ConfidentialVM": { - "description": "ConfidentialVM defines the UEFI settings for the virtual machine.", - "type": "object", - "required": [ - "uefiSettings" - ], - "properties": { - "uefiSettings": { - "description": "uefiSettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.UEFISettings" - } - } - }, - "com.github.openshift.api.machine.v1beta1.DataDisk": { - "description": "DataDisk specifies the parameters that are used to add one or more data disks to the machine. A Data Disk is a managed disk that's attached to a virtual machine to store application data. It differs from an OS Disk as it doesn't come with a pre-installed OS, and it cannot contain the boot volume. It is registered as SCSI drive and labeled with the chosen `lun`. e.g. for `lun: 0` the raw disk device will be available at `/dev/disk/azure/scsi1/lun0`.\n\nAs the Data Disk disk device is attached raw to the virtual machine, it will need to be partitioned, formatted with a filesystem and mounted, in order for it to be usable. This can be done by creating a custom userdata Secret with custom Ignition configuration to achieve the desired initialization. At this stage the previously defined `lun` is to be used as the \"device\" key for referencing the raw disk device to be initialized. Once the custom userdata Secret has been created, it can be referenced in the Machine's `.providerSpec.userDataSecret`. For further guidance and examples, please refer to the official OpenShift docs.", + "com.github.openshift.api.config.v1.VSpherePlatformVCenterSpec": { + "description": "VSpherePlatformVCenterSpec stores the vCenter connection fields. This is used by the vSphere CCM.", "type": "object", "required": [ - "nameSuffix", - "diskSizeGB", - "lun", - "deletionPolicy" + "server", + "datacenters" ], "properties": { - "cachingType": { - "description": "cachingType specifies the caching requirements. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is CachingTypeNone.", - "type": "string" - }, - "deletionPolicy": { - "description": "deletionPolicy specifies the data disk deletion policy upon Machine deletion. Possible values are \"Delete\",\"Detach\". When \"Delete\" is used the data disk is deleted when the Machine is deleted. When \"Detach\" is used the data disk is detached from the Machine and retained when the Machine is deleted.", - "type": "string", - "default": "" - }, - "diskSizeGB": { - "description": "diskSizeGB is the size in GB to assign to the data disk.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "lun": { - "description": "lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. This value is also needed for referencing the data disks devices within userdata to perform disk initialization through Ignition (e.g. partition/format/mount). The value must be between 0 and 63.", - "type": "integer", - "format": "int32", - "default": 0 + "datacenters": { + "description": "The vCenter Datacenters in which the RHCOS vm guests are located. This field will be used by the Cloud Controller Manager. Each datacenter listed here should be used within a topology.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" }, - "managedDisk": { - "description": "managedDisk specifies the Managed Disk parameters for the data disk. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is a ManagedDisk with with storageAccountType: \"Premium_LRS\" and diskEncryptionSet.id: \"Default\".", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DataDiskManagedDiskParameters" + "port": { + "description": "port is the TCP port that will be used to communicate to the vCenter endpoint. When omitted, this means the user has no opinion and it is up to the platform to choose a sensible default, which is subject to change over time.", + "type": "integer", + "format": "int32" }, - "nameSuffix": { - "description": "nameSuffix is the suffix to be appended to the machine name to generate the disk name. Each disk name will be in format _. NameSuffix name must start and finish with an alphanumeric character and can only contain letters, numbers, underscores, periods or hyphens. The overall disk name must not exceed 80 chars in length.", + "server": { + "description": "server is the fully-qualified domain name or the IP address of the vCenter server.", "type": "string", "default": "" } } }, - "com.github.openshift.api.machine.v1beta1.DataDiskManagedDiskParameters": { - "description": "DataDiskManagedDiskParameters is the parameters of a DataDisk managed disk.", + "com.github.openshift.api.config.v1.WebhookTokenAuthenticator": { + "description": "webhookTokenAuthenticator holds the necessary configuration options for a remote token authenticator", "type": "object", "required": [ - "storageAccountType" + "kubeConfig" ], "properties": { - "diskEncryptionSet": { - "description": "diskEncryptionSet is the disk encryption set properties. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is a DiskEncryptionSet with id: \"Default\".", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DiskEncryptionSetParameters" - }, - "storageAccountType": { - "description": "storageAccountType is the storage account type to use. Possible values include \"Standard_LRS\", \"Premium_LRS\" and \"UltraSSD_LRS\".", - "type": "string", - "default": "" + "kubeConfig": { + "description": "kubeConfig references a secret that contains kube config file data which describes how to access the remote webhook service. The namespace for the referenced secret is openshift-config.\n\nFor further details, see:\n\nhttps://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication\n\nThe key \"kubeConfig\" is used to locate the data. If the secret or expected key is not found, the webhook is not honored. If the specified kube config data is not valid, the webhook is not honored.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" } } }, - "com.github.openshift.api.machine.v1beta1.DedicatedHost": { - "description": "DedicatedHost represents the configuration for the usage of dedicated host.", + "com.github.openshift.api.config.v1alpha1.AdditionalAlertmanagerConfig": { + "description": "AdditionalAlertmanagerConfig represents configuration for additional Alertmanager instances. The `AdditionalAlertmanagerConfig` resource defines settings for how a component communicates with additional Alertmanager instances.", "type": "object", + "required": [ + "name", + "staticConfigs" + ], "properties": { - "allocationStrategy": { - "description": "allocationStrategy specifies if the dedicated host will be provided by the admin through the id field or if the host will be dynamically allocated. Valid values are UserProvided and Dynamic. When omitted, the value defaults to \"UserProvided\", which requires the id field to be set. When allocationStrategy is set to UserProvided, an ID of the dedicated host to assign must be provided. When allocationStrategy is set to Dynamic, a dedicated host will be allocated and used to assign instances. When allocationStrategy is set to Dynamic, and dynamicHostAllocation is configured, a dedicated host will be allocated and the tags in dynamicHostAllocation will be assigned to that host.\n\nPossible enum values:\n - `\"Dynamic\"` specifies that the system should dynamically allocate a dedicated host for instances.\n - `\"UserProvided\"` specifies that the system should assign instances to a user-provided dedicated host.", - "type": "string", - "default": "UserProvided", - "enum": [ - "Dynamic", - "UserProvided" - ] + "authorization": { + "description": "authorization configures the authentication method for Alertmanager connections. Supports bearer token authentication. When omitted, no authentication is used.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.AuthorizationConfig" }, - "dynamicHostAllocation": { - "description": "dynamicHostAllocation specifies tags to apply to a dynamically allocated dedicated host. This field is only allowed when allocationStrategy is Dynamic, and is mutually exclusive with id. When specified, a dedicated host will be allocated with the provided tags applied. When omitted (and allocationStrategy is Dynamic), a dedicated host will be allocated without any additional tags.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DynamicHostAllocationSpec" + "name": { + "description": "name is a unique identifier for this Alertmanager configuration entry. The name must be a valid DNS subdomain (RFC 1123): lowercase alphanumeric characters, hyphens, or periods, and must start and end with an alphanumeric character. Minimum length is 1 character (empty string is invalid). Maximum length is 253 characters.", + "type": "string" }, - "id": { - "description": "id identifies the AWS Dedicated Host on which the instance must run. The value must start with \"h-\" followed by either 8 or 17 lowercase hexadecimal characters (0-9 and a-f). The use of 8 lowercase hexadecimal characters is for older legacy hosts that may not have been migrated to newer format. Must be either 10 or 19 characters in length. This field is required when allocationStrategy is UserProvided, and forbidden otherwise. When omitted with allocationStrategy set to Dynamic, the platform will dynamically allocate a dedicated host.", + "pathPrefix": { + "description": "pathPrefix defines an optional URL path prefix to prepend to the Alertmanager API endpoints. For example, if your Alertmanager is behind a reverse proxy at \"/alertmanager/\", set this to \"/alertmanager\" so requests go to \"/alertmanager/api/v1/alerts\" instead of \"/api/v1/alerts\". This is commonly needed when Alertmanager is deployed behind ingress controllers or load balancers. When no prefix is needed, omit this field; do not set it to \"/\" as that would produce paths with double slashes (e.g. \"//api/v1/alerts\"). Must start with \"/\", must not end with \"/\", and must not be exactly \"/\". Must not contain query strings (\"?\") or fragments (\"#\").", "type": "string" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "allocationStrategy", - "fields-to-discriminateBy": { - "dynamicHostAllocation": "DynamicHostAllocation", - "id": "ID" - } - } - ] - }, - "com.github.openshift.api.machine.v1beta1.DedicatedHostStatus": { - "description": "DedicatedHostStatus defines the observed state of a dynamically allocated dedicated host associated with an AWSMachine. This struct is used to track the ID of the dedicated host.", - "type": "object", - "required": [ - "id" - ], - "properties": { - "id": { - "description": "id tracks the dynamically allocated dedicated host ID. This field is populated when allocationStrategy is Dynamic (with or without DynamicHostAllocation). The value must start with \"h-\" followed by either 8 or 17 lowercase hexadecimal characters (0-9 and a-f). The use of 8 lowercase hexadecimal characters is for older legacy hosts that may not have been migrated to newer format. Must be either 10 or 19 characters in length.", + }, + "scheme": { + "description": "scheme defines the URL scheme to use when communicating with Alertmanager instances. Possible values are `HTTP` or `HTTPS`. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `HTTP`.", "type": "string" + }, + "staticConfigs": { + "description": "staticConfigs is a list of statically configured Alertmanager endpoints in the form of `:`. Each entry must be a valid hostname, IPv4 address, or IPv6 address (in brackets) followed by a colon and a valid port number (1-65535). Examples: \"alertmanager.example.com:9093\", \"192.168.1.100:9093\", \"[::1]:9093\" At least one endpoint must be specified (minimum 1, maximum 10 endpoints). Each entry must be unique and non-empty (empty string is invalid).", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" + }, + "timeoutSeconds": { + "description": "timeoutSeconds defines the timeout in seconds for requests to Alertmanager. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Currently the default is 10 seconds. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", + "type": "integer", + "format": "int32" + }, + "tlsConfig": { + "description": "tlsConfig defines the TLS settings to use for Alertmanager connections. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.TLSConfig" } } }, - "com.github.openshift.api.machine.v1beta1.DiskEncryptionSetParameters": { - "description": "DiskEncryptionSetParameters is the disk encryption set properties", + "com.github.openshift.api.config.v1alpha1.AlertmanagerConfig": { + "description": "alertmanagerConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", "type": "object", + "required": [ + "deploymentMode" + ], "properties": { - "id": { - "description": "id is the disk encryption set ID Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is: \"Default\".", + "customConfig": { + "description": "customConfig must be set when deploymentMode is CustomConfig, and must be unset otherwise. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.AlertmanagerCustomConfig" + }, + "deploymentMode": { + "description": "deploymentMode determines whether the default Alertmanager instance should be deployed as part of the monitoring stack. Allowed values are Disabled, DefaultConfig, and CustomConfig. When set to Disabled, the Alertmanager instance will not be deployed. When set to DefaultConfig, the platform will deploy Alertmanager with default settings. When set to CustomConfig, the Alertmanager will be deployed with custom configuration.", "type": "string" } } }, - "com.github.openshift.api.machine.v1beta1.DiskSettings": { - "description": "DiskSettings describe ephemeral disk settings for the os disk.", + "com.github.openshift.api.config.v1alpha1.AlertmanagerCustomConfig": { + "description": "AlertmanagerCustomConfig represents the configuration for a custom Alertmanager deployment. alertmanagerCustomConfig provides configuration options for the default Alertmanager instance that runs in the `openshift-monitoring` namespace. Use this configuration to control whether the default Alertmanager is deployed, how it logs, and how its pods are scheduled.", "type": "object", "properties": { - "ephemeralStorageLocation": { - "description": "ephemeralStorageLocation enables ephemeral OS when set to 'Local'. Possible values include: 'Local'. See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks for full details. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is that disks are saved to remote Azure storage.", + "logLevel": { + "description": "logLevel defines the verbosity of logs emitted by Alertmanager. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", "type": "string" - } - } - }, - "com.github.openshift.api.machine.v1beta1.DynamicHostAllocationSpec": { - "description": "DynamicHostAllocationSpec defines the configuration for dynamic dedicated host allocation. This specification always allocates exactly one dedicated host per machine. At least one property must be specified when this struct is used. Currently only Tags are available for configuring, but in the future more configs may become available.", - "type": "object", - "properties": { - "tags": { - "description": "tags specifies a set of key-value pairs to apply to the allocated dedicated host. When omitted, no additional user-defined tags will be applied to the allocated host. A maximum of 50 tags can be specified.", + }, + "nodeSelector": { + "description": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "resources": { + "description": "resources defines the compute resource requests and limits for the Alertmanager container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.TagSpecification" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" }, "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" + }, + "secrets": { + "description": "secrets defines a list of secrets that need to be mounted into the Alertmanager. The secrets must reside within the same namespace as the Alertmanager object. They will be added as volumes named secret- and mounted at /etc/alertmanager/secrets/ within the 'alertmanager' container of the Alertmanager Pods.\n\nThese secrets can be used to authenticate Alertmanager with endpoint receivers. For example, you can use secrets to: - Provide certificates for TLS authentication with receivers that require private CA certificates - Store credentials for Basic HTTP authentication with receivers that require password-based auth - Store any other authentication credentials needed by your alert receivers\n\nThis field is optional. Maximum length for this list is 10. Minimum length for this list is 1. Entries in this list must be unique.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" + }, + "tolerations": { + "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" + }, + "topologySpreadConstraints": { + "description": "topologySpreadConstraints defines rules for how Alertmanager Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/TopologySpreadConstraint.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "topologyKey", + "whenUnsatisfiable" + ], + "x-kubernetes-list-type": "map" + }, + "volumeClaimTemplate": { + "description": "volumeClaimTemplate defines persistent storage for Alertmanager. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and alert data will not persist across restarts.", + "$ref": "#/definitions/PersistentVolumeClaim.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.machine.v1beta1.EBSBlockDeviceSpec": { - "description": "EBSBlockDeviceSpec describes a block device for an EBS volume. https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EbsBlockDevice", + "com.github.openshift.api.config.v1alpha1.Audit": { + "description": "Audit profile configurations", "type": "object", + "required": [ + "profile" + ], "properties": { - "deleteOnTermination": { - "description": "Indicates whether the EBS volume is deleted on machine termination.\n\nDeprecated: setting this field has no effect.", - "type": "boolean" - }, - "encrypted": { - "description": "Indicates whether the EBS volume is encrypted. Encrypted Amazon EBS volumes may only be attached to machines that support Amazon EBS encryption.", - "type": "boolean" - }, - "iops": { - "description": "The number of I/O operations per second (IOPS) that the volume supports. For io1, this represents the number of IOPS that are provisioned for the volume. For gp2, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. For more information about General Purpose SSD baseline performance, I/O credits, and bursting, see Amazon EBS Volume Types (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the Amazon Elastic Compute Cloud User Guide.\n\nMinimal and maximal IOPS for io1 and gp2 are constrained. Please, check https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html for precise boundaries for individual volumes.\n\nCondition: This parameter is required for requests to create io1 volumes; it is not used in requests to create gp2, st1, sc1, or standard volumes.", - "type": "integer", - "format": "int64" - }, - "kmsKey": { - "description": "Indicates the KMS key that should be used to encrypt the Amazon EBS volume.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AWSResourceReference" - }, - "throughputMib": { - "description": "throughputMib to provision in MiB/s supported for the volume type. Not applicable to all types.\n\nThis parameter is valid only for gp3 volumes. Valid Range: Minimum value of 125. Maximum value of 2000.\n\nWhen omitted, this means no opinion, and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 125.", - "type": "integer", - "format": "int32" - }, - "volumeSize": { - "description": "The size of the volume, in GiB.\n\nConstraints: 1-16384 for General Purpose SSD (gp2), 4-16384 for Provisioned IOPS SSD (io1), 500-16384 for Throughput Optimized HDD (st1), 500-16384 for Cold HDD (sc1), and 1-1024 for Magnetic (standard) volumes. If you specify a snapshot, the volume size must be equal to or larger than the snapshot size.\n\nDefault: If you're creating the volume from a snapshot and don't specify a volume size, the default is the snapshot size.", - "type": "integer", - "format": "int64" - }, - "volumeType": { - "description": "volumeType can be of type gp2, gp3, io1, st1, sc1, or standard. Default: standard", + "profile": { + "description": "profile is a required field for configuring the audit log level of the Kubernetes Metrics Server. Allowed values are None, Metadata, Request, or RequestResponse. When set to None, audit logging is disabled and no audit events are recorded. When set to Metadata, only request metadata (such as requesting user, timestamp, resource, verb, etc.) is logged, but not the request or response body. When set to Request, event metadata and the request body are logged, but not the response body. When set to RequestResponse, event metadata, request body, and response body are all logged, providing the most detailed audit information.\n\nSee: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#audit-policy for more information about auditing and log levels.", "type": "string" } } }, - "com.github.openshift.api.machine.v1beta1.Filter": { - "description": "Filter is a filter used to identify an AWS resource", + "com.github.openshift.api.config.v1alpha1.AuthorizationConfig": { + "description": "AuthorizationConfig defines the authentication method for Alertmanager connections.", "type": "object", "required": [ - "name" + "type" ], "properties": { - "name": { - "description": "name of the filter. Filter names are case-sensitive.", - "type": "string", - "default": "" + "bearerToken": { + "description": "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", and forbidden otherwise. The secret must exist in the openshift-monitoring namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" }, - "values": { - "description": "values includes one or more filter values. Filter values are case-sensitive.", - "type": "array", - "items": { - "type": "string", - "default": "" + "type": { + "description": "type specifies the authentication type to use. Valid value is \"BearerToken\" (bearer token authentication). When set to BearerToken, the bearerToken field must be specified.", + "type": "string" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "bearerToken": "BearerToken" } } - } + ] }, - "com.github.openshift.api.machine.v1beta1.GCPDisk": { - "description": "GCPDisk describes disks for GCP.", + "com.github.openshift.api.config.v1alpha1.Backup": { + "description": "Backup provides configuration for performing backups of the openshift cluster.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "autoDelete", - "boot", - "sizeGb", - "type", - "image", - "labels" + "spec" ], "properties": { - "autoDelete": { - "description": "autoDelete indicates if the disk will be auto-deleted when the instance is deleted (default false).", - "type": "boolean", - "default": false - }, - "boot": { - "description": "boot indicates if this is a boot disk (default false).", - "type": "boolean", - "default": false - }, - "encryptionKey": { - "description": "encryptionKey is the customer-supplied encryption key of the disk.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPEncryptionKeyReference" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "image": { - "description": "image is the source image to create this disk.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "labels": { - "description": "labels list of labels to apply to the disk.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "sizeGb": { - "description": "sizeGb is the size of the disk (in GB).", - "type": "integer", - "format": "int64", - "default": 0 + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.BackupSpec" }, - "type": { - "description": "type is the type of the disk (eg: pd-standard).", - "type": "string", - "default": "" + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.BackupStatus" } } }, - "com.github.openshift.api.machine.v1beta1.GCPEncryptionKeyReference": { - "description": "GCPEncryptionKeyReference describes the encryptionKey to use for a disk's encryption.", + "com.github.openshift.api.config.v1alpha1.BackupList": { + "description": "BackupList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { - "kmsKey": { - "description": "KMSKeyName is the reference KMS key, in the format", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPKMSKeyReference" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "kmsKeyServiceAccount": { - "description": "kmsKeyServiceAccount is the service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. See https://cloud.google.com/compute/docs/access/service-accounts#compute_engine_service_account for details on the default service account.", + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Backup" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.machine.v1beta1.GCPGPUConfig": { - "description": "GCPGPUConfig describes type and count of GPUs attached to the instance on GCP.", + "com.github.openshift.api.config.v1alpha1.BackupSpec": { "type": "object", "required": [ - "count", - "type" + "etcd" ], "properties": { - "count": { - "description": "count is the number of GPUs to be attached to an instance.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "type": { - "description": "type is the type of GPU to be attached to an instance. Supported GPU types are: nvidia-tesla-k80, nvidia-tesla-p100, nvidia-tesla-v100, nvidia-tesla-p4, nvidia-tesla-t4", - "type": "string", - "default": "" + "etcd": { + "description": "etcd specifies the configuration for periodic backups of the etcd cluster", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.EtcdBackupSpec" } } }, - "com.github.openshift.api.machine.v1beta1.GCPKMSKeyReference": { - "description": "GCPKMSKeyReference gathers required fields for looking up a GCP KMS Key", + "com.github.openshift.api.config.v1alpha1.BackupStatus": { + "type": "object" + }, + "com.github.openshift.api.config.v1alpha1.BasicAuth": { + "description": "BasicAuth defines basic authentication settings for the remote write endpoint URL.", "type": "object", "required": [ - "name", - "keyRing", - "location" + "username", + "password" ], "properties": { - "keyRing": { - "description": "keyRing is the name of the KMS Key Ring which the KMS Key belongs to.", - "type": "string", - "default": "" - }, - "location": { - "description": "location is the GCP location in which the Key Ring exists.", - "type": "string", - "default": "" - }, - "name": { - "description": "name is the name of the customer managed encryption key to be used for the disk encryption.", - "type": "string", - "default": "" + "password": { + "description": "password defines the secret reference containing the password for basic authentication. The secret must exist in the openshift-monitoring namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" }, - "projectID": { - "description": "projectID is the ID of the Project in which the KMS Key Ring exists. Defaults to the VM ProjectID if not set.", - "type": "string" + "username": { + "description": "username defines the secret reference containing the username for basic authentication. The secret must exist in the openshift-monitoring namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" } } }, - "com.github.openshift.api.machine.v1beta1.GCPMachineProviderSpec": { - "description": "GCPMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an GCP virtual machine. It is used by the GCP machine actuator to create a single Machine. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfig": { + "description": "CRIOCredentialProviderConfig holds cluster-wide singleton resource configurations for CRI-O credential provider, the name of this instance is \"cluster\". CRI-O credential provider is a binary shipped with CRI-O that provides a way to obtain container image pull credentials from external sources. For example, it can be used to fetch mirror registry credentials from secrets resources in the cluster within the same namespace the pod will be running in. CRIOCredentialProviderConfig configuration specifies the pod image sources registries that should trigger the CRI-O credential provider execution, which will resolve the CRI-O mirror configurations and obtain the necessary credentials for pod creation. Note: Configuration changes will only take effect after the kubelet restarts, which is automatically managed by the cluster during rollout.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "canIPForward", - "deletionProtection", - "serviceAccounts", - "machineType", - "region", - "zone" + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "canIPForward": { - "description": "canIPForward Allows this instance to send and receive packets with non-matching destination or source IPs. This is required if you plan to use this instance to forward routes.", - "type": "boolean", - "default": false - }, - "confidentialCompute": { - "description": "confidentialCompute is an optional field defining whether the instance should have confidential compute enabled or not, and the confidential computing technology of choice. Allowed values are omitted, Disabled, Enabled, AMDEncryptedVirtualization, AMDEncryptedVirtualizationNestedPaging, and IntelTrustedDomainExtensions When set to Disabled, the machine will not be configured to be a confidential computing instance. When set to Enabled, the machine will be configured as a confidential computing instance with no preference on the confidential compute policy used. In this mode, the platform chooses a default that is subject to change over time. Currently, the default is to use AMD Secure Encrypted Virtualization. When set to AMDEncryptedVirtualization, the machine will be configured as a confidential computing instance with AMD Secure Encrypted Virtualization (AMD SEV) as the confidential computing technology. When set to AMDEncryptedVirtualizationNestedPaging, the machine will be configured as a confidential computing instance with AMD Secure Encrypted Virtualization Secure Nested Paging (AMD SEV-SNP) as the confidential computing technology. When set to IntelTrustedDomainExtensions, the machine will be configured as a confidential computing instance with Intel Trusted Domain Extensions (Intel TDX) as the confidential computing technology. If any value other than Disabled is set the selected machine type must support that specific confidential computing technology. The machine series supporting confidential computing technologies can be checked at https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations#all-confidential-vm-instances Currently, AMDEncryptedVirtualization is supported in c2d, n2d, and c3d machines. AMDEncryptedVirtualizationNestedPaging is supported in n2d machines. IntelTrustedDomainExtensions is supported in c3 machines. If any value other than Disabled is set, the selected region must support that specific confidential computing technology. The list of regions supporting confidential computing technologies can be checked at https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations#supported-zones If any value other than Disabled is set onHostMaintenance is required to be set to \"Terminate\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled.", - "type": "string" - }, - "credentialsSecret": { - "description": "credentialsSecret is a reference to the secret with GCP credentials.", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" - }, - "deletionProtection": { - "description": "deletionProtection whether the resource should be protected against deletion.", - "type": "boolean", - "default": false - }, - "disks": { - "description": "disks is a list of disks to be attached to the VM.", - "type": "array", - "items": { - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPDisk" - } - }, - "gcpMetadata": { - "description": "Metadata key/value pairs to apply to the VM.", - "type": "array", - "items": { - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPMetadata" - } - }, - "gpus": { - "description": "gpus is a list of GPUs to be attached to the VM.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPGPUConfig" - } - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "labels": { - "description": "labels list of labels to apply to the VM.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "machineType": { - "description": "machineType is the machine type to use for the VM.", - "type": "string", - "default": "" - }, "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "networkInterfaces": { - "description": "networkInterfaces is a list of network interfaces to be attached to the VM.", - "type": "array", - "items": { - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPNetworkInterface" - } - }, - "onHostMaintenance": { - "description": "onHostMaintenance determines the behavior when a maintenance event occurs that might cause the instance to reboot. This is required to be set to \"Terminate\" if you want to provision machine with attached GPUs. Otherwise, allowed values are \"Migrate\" and \"Terminate\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is \"Migrate\".", - "type": "string" - }, - "preemptible": { - "description": "preemptible indicates if created instance is preemptible.", - "type": "boolean" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "projectID": { - "description": "projectID is the project in which the GCP machine provider will create the VM.", - "type": "string" + "spec": { + "description": "spec defines the desired configuration of the CRI-O Credential Provider. This field is required and must be provided when creating the resource.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigSpec" }, - "provisioningModel": { - "description": "provisioningModel is an optional field that determines the provisioning model for the GCP machine instance. Valid values are \"Spot\" and omitted. When set to Spot, the instance runs as a Google Cloud Spot instance which provides significant cost savings but may be preempted by Google Cloud Platform when resources are needed elsewhere. When omitted, the machine will be provisioned as a standard on-demand instance. This field cannot be used together with the preemptible field.", + "status": { + "description": "status represents the current state of the CRIOCredentialProviderConfig. When omitted or nil, it indicates that the status has not yet been set by the controller. The controller will populate this field with validation conditions and operational state.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigStatus" + } + } + }, + "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigList": { + "description": "CRIOCredentialProviderConfigList contains a list of CRIOCredentialProviderConfig resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "required": [ + "metadata", + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "region": { - "description": "region is the region in which the GCP machine provider will create the VM.", - "type": "string", - "default": "" - }, - "resourceManagerTags": { - "description": "resourceManagerTags is an optional list of tags to apply to the GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", + "items": { "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.ResourceManagerTag" - }, - "x-kubernetes-list-map-keys": [ - "key" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfig" + } }, - "restartPolicy": { - "description": "restartPolicy determines the behavior when an instance crashes or the underlying infrastructure provider stops the instance as part of a maintenance event (default \"Always\"). Cannot be \"Always\" with preemptible instances. Otherwise, allowed values are \"Always\" and \"Never\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is \"Always\". RestartPolicy represents AutomaticRestart in GCP compute api", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "serviceAccounts": { - "description": "serviceAccounts is a list of GCP service accounts to be used by the VM.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPServiceAccount" - } - }, - "shieldedInstanceConfig": { - "description": "shieldedInstanceConfig is the Shielded VM configuration for the VM", + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPShieldedInstanceConfig" - }, - "tags": { - "description": "tags list of network tags to apply to the VM.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "targetPools": { - "description": "targetPools are used for network TCP/UDP load balancing. A target pool references member instances, an associated legacy HttpHealthCheck resource, and, optionally, a backup target pool", + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigSpec": { + "description": "CRIOCredentialProviderConfigSpec defines the desired configuration of the CRI-O Credential Provider.", + "type": "object", + "properties": { + "matchImages": { + "description": "matchImages is a list of string patterns used to determine whether the CRI-O credential provider should be invoked for a given image. This list is passed to the kubelet CredentialProviderConfig, and if any pattern matches the requested image, CRI-O credential provider will be invoked to obtain credentials for pulling that image or its mirrors. Depending on the platform, the CRI-O credential provider may be installed alongside an existing platform specific provider. Conflicts between the existing platform specific provider image match configuration and this list will be handled by the following precedence rule: credentials from built-in kubelet providers (e.g., ECR, GCR, ACR) take precedence over those from the CRIOCredentialProviderConfig when both match the same image. To avoid uncertainty, it is recommended to avoid configuring your private image patterns to overlap with existing platform specific provider config(e.g., the entries from https://github.com/openshift/machine-config-operator/blob/main/templates/common/aws/files/etc-kubernetes-credential-providers-ecr-credential-provider.yaml). You can check the resource's Status conditions to see if any entries were ignored due to exact matches with known built-in provider patterns.\n\nThis field is optional, the items of the list must contain between 1 and 50 entries. The list is treated as a set, so duplicate entries are not allowed.\n\nFor more details, see: https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/ https://github.com/cri-o/crio-credential-provider#architecture\n\nEach entry in matchImages is a pattern which can optionally contain a port and a path. Each entry must be no longer than 512 characters. Wildcards ('*') are supported for full subdomain labels, such as '*.k8s.io' or 'k8s.*.io', and for top-level domains, such as 'k8s.*' (which matches 'k8s.io' or 'k8s.net'). A global wildcard '*' (matching any domain) is not allowed. Wildcards may replace an entire hostname label (e.g., *.example.com), but they cannot appear within a label (e.g., f*oo.example.com) and are not allowed in the port or path. For example, 'example.*.com' is valid, but 'exa*mple.*.com' is not. Each wildcard matches only a single domain label, so '*.io' does **not** match '*.k8s.io'.\n\nA match exists between an image and a matchImage when all of the below are true: Both contain the same number of domain parts and each part matches. The URL path of an matchImages must be a prefix of the target image URL path. If the matchImages contains a port, then the port must match in the image as well.\n\nExample values of matchImages: - 123456789.dkr.ecr.us-east-1.amazonaws.com - *.azurecr.io - gcr.io - *.*.registry.io - registry.io:8080/path", "type": "array", "items": { "type": "string", "default": "" - } - }, - "userDataSecret": { - "description": "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" - }, - "zone": { - "description": "zone is the zone in which the GCP machine provider will create the VM.", - "type": "string", - "default": "" + }, + "x-kubernetes-list-type": "set" } } }, - "com.github.openshift.api.machine.v1beta1.GCPMachineProviderStatus": { - "description": "GCPMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains GCP-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1alpha1.CRIOCredentialProviderConfigStatus": { + "description": "CRIOCredentialProviderConfigStatus defines the observed state of CRIOCredentialProviderConfig", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, "conditions": { - "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status", + "description": "conditions represent the latest available observations of the configuration state. When omitted, it indicates that no conditions have been reported yet. The maximum number of conditions is 16. Conditions are stored as a map keyed by condition type, ensuring uniqueness.\n\nExpected condition types include: \"Validated\": indicates whether the matchImages configuration is valid", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" }, "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" - }, - "instanceId": { - "description": "instanceId is the ID of the instance in GCP", - "type": "string" - }, - "instanceState": { - "description": "instanceState is the provisioning state of the GCP Instance.", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } } }, - "com.github.openshift.api.machine.v1beta1.GCPMetadata": { - "description": "GCPMetadata describes metadata for GCP.", + "com.github.openshift.api.config.v1alpha1.CertificateConfig": { + "description": "CertificateConfig specifies configuration parameters for certificates. At least one property must be specified.", "type": "object", - "required": [ - "key", - "value" - ], "properties": { "key": { - "description": "key is the metadata key.", - "type": "string", - "default": "" - }, - "value": { - "description": "value is the metadata value.", - "type": "string" + "description": "key specifies the cryptographic parameters for the certificate's key pair. Currently this is the only configurable parameter. When omitted in an overrides entry, the key configuration from defaults is used.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.KeyConfig" } } }, - "com.github.openshift.api.machine.v1beta1.GCPNetworkInterface": { - "description": "GCPNetworkInterface describes network interfaces for GCP", + "com.github.openshift.api.config.v1alpha1.ClusterMonitoring": { + "description": "ClusterMonitoring is the Custom Resource object which holds the current status of Cluster Monitoring Operator. CMO is a central component of the monitoring stack.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. ClusterMonitoring is the Schema for the Cluster Monitoring Operators API", "type": "object", + "required": [ + "spec" + ], "properties": { - "network": { - "description": "network is the network name.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "projectID": { - "description": "projectID is the project in which the GCP machine provider will create the VM.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "publicIP": { - "description": "publicIP indicates if true a public IP will be used", - "type": "boolean" + "metadata": { + "description": "metadata is the standard object metadata.", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "subnetwork": { - "description": "subnetwork is the subnetwork name.", - "type": "string" + "spec": { + "description": "spec holds user configuration for the Cluster Monitoring Operator", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ClusterMonitoringSpec" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ClusterMonitoringStatus" } } }, - "com.github.openshift.api.machine.v1beta1.GCPServiceAccount": { - "description": "GCPServiceAccount describes service accounts for GCP.", + "com.github.openshift.api.config.v1alpha1.ClusterMonitoringList": { + "description": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", - "required": [ - "email", - "scopes" - ], "properties": { - "email": { - "description": "email is the service account email.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "scopes": { - "description": "scopes list of scopes to be assigned to the service account.", + "items": { + "description": "items is a list of ClusterMonitoring", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ClusterMonitoring" } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list metadata.", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.machine.v1beta1.GCPShieldedInstanceConfig": { - "description": "GCPShieldedInstanceConfig describes the shielded VM configuration of the instance on GCP. Shielded VM configuration allow users to enable and disable Secure Boot, vTPM, and Integrity Monitoring.", + "com.github.openshift.api.config.v1alpha1.ClusterMonitoringSpec": { + "description": "ClusterMonitoringSpec defines the desired state of Cluster Monitoring Operator", "type": "object", "properties": { - "integrityMonitoring": { - "description": "integrityMonitoring determines whether the instance should have integrity monitoring that verify the runtime boot integrity. Compares the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled.", - "type": "string" + "alertmanagerConfig": { + "description": "alertmanagerConfig allows users to configure how the default Alertmanager instance should be deployed in the `openshift-monitoring` namespace. alertmanagerConfig is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `DefaultConfig`.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.AlertmanagerConfig" }, - "secureBoot": { - "description": "secureBoot Defines whether the instance should have secure boot enabled. Secure Boot verify the digital signature of all boot components, and halting the boot process if signature verification fails. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled.", - "type": "string" + "metricsServerConfig": { + "description": "metricsServerConfig is an optional field that can be used to configure the Kubernetes Metrics Server that runs in the openshift-monitoring namespace. Specifically, it can configure how the Metrics Server instance is deployed, pod scheduling, its audit policy and log verbosity. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.MetricsServerConfig" }, - "virtualizedTrustedPlatformModule": { - "description": "virtualizedTrustedPlatformModule enable virtualized trusted platform module measurements to create a known good boot integrity policy baseline. The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. This is required to be set to \"Enabled\" if IntegrityMonitoring is enabled. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled.", - "type": "string" + "openShiftStateMetricsConfig": { + "description": "openShiftStateMetricsConfig is an optional field that can be used to configure the openshift-state-metrics agent that runs in the openshift-monitoring namespace. The openshift-state-metrics agent generates metrics about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.OpenShiftStateMetricsConfig" + }, + "prometheusConfig": { + "description": "prometheusConfig provides configuration options for the default platform Prometheus instance that runs in the `openshift-monitoring` namespace. This configuration applies only to the platform Prometheus instance; user-workload Prometheus instances are configured separately.\n\nThis field allows you to customize how the platform Prometheus is deployed and operated, including:\n - Pod scheduling (node selectors, tolerations, topology spread constraints)\n - Resource allocation (CPU, memory requests/limits)\n - Retention policies (how long metrics are stored)\n - External integrations (remote write, additional alertmanagers)\n\nThis field is optional. When omitted, the platform chooses reasonable defaults, which may change over time.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PrometheusConfig" + }, + "prometheusOperatorAdmissionWebhookConfig": { + "description": "prometheusOperatorAdmissionWebhookConfig is an optional field that can be used to configure the admission webhook component of Prometheus Operator that runs in the openshift-monitoring namespace. The admission webhook validates PrometheusRule and AlertmanagerConfig objects to ensure they are semantically valid, mutates PrometheusRule annotations, and converts AlertmanagerConfig objects between API versions. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PrometheusOperatorAdmissionWebhookConfig" + }, + "prometheusOperatorConfig": { + "description": "prometheusOperatorConfig is an optional field that can be used to configure the Prometheus Operator component. Specifically, it can configure how the Prometheus Operator instance is deployed, pod scheduling, and resource allocation. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig" + }, + "telemeterClientConfig": { + "description": "telemeterClientConfig is an optional field that can be used to configure the Telemeter Client component that runs in the openshift-monitoring namespace. The Telemeter Client collects selected monitoring metrics and forwards them to Red Hat for telemetry purposes. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. When set, at least one field must be specified within telemeterClientConfig.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.TelemeterClientConfig" + }, + "userDefined": { + "description": "userDefined set the deployment mode for user-defined monitoring in addition to the default platform monitoring. userDefined is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is `Disabled`.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring" } } }, - "com.github.openshift.api.machine.v1beta1.HostPlacement": { - "description": "HostPlacement is the type that will be used to configure the placement of AWS instances.", + "com.github.openshift.api.config.v1alpha1.ClusterMonitoringStatus": { + "description": "ClusterMonitoringStatus defines the observed state of ClusterMonitoring", + "type": "object" + }, + "com.github.openshift.api.config.v1alpha1.ContainerResource": { + "description": "ContainerResource defines a single resource requirement for a container.", "type": "object", "required": [ - "affinity" + "name" ], "properties": { - "affinity": { - "description": "affinity specifies the affinity setting for the instance. Allowed values are AnyAvailable and DedicatedHost. When Affinity is set to DedicatedHost, an instance started onto a specific host always restarts on the same host if stopped. In this scenario, the `dedicatedHost` field must be set. When Affinity is set to AnyAvailable, and you stop and restart the instance, it can be restarted on any available host. When Affinity is set to AnyAvailable and the `dedicatedHost` field is defined, it runs on specified Dedicated Host, but may move if stopped.", + "limit": { + "description": "limit is the maximum amount of the resource allowed (e.g. \"2Mi\", \"1Gi\"). This field is optional. When request is specified, limit cannot be less than request. The value must be greater than 0 when specified.", + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + }, + "name": { + "description": "name of the resource (e.g. \"cpu\", \"memory\", \"hugepages-2Mi\"). This field is required. name must consist only of alphanumeric characters, `-`, `_` and `.` and must start and end with an alphanumeric character.", "type": "string" }, - "dedicatedHost": { - "description": "dedicatedHost specifies the exact host that an instance should be restarted on if stopped. dedicatedHost is required when 'affinity' is set to DedicatedHost, and optional otherwise.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DedicatedHost" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "affinity", - "fields-to-discriminateBy": { - "dedicatedHost": "DedicatedHost" - } + "request": { + "description": "request is the minimum amount of the resource required (e.g. \"2Mi\", \"1Gi\"). This field is optional. When limit is specified, request cannot be greater than limit.", + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" } - ] + } }, - "com.github.openshift.api.machine.v1beta1.Image": { - "description": "Image is a mirror of azure sdk compute.ImageReference", + "com.github.openshift.api.config.v1alpha1.CustomPKIPolicy": { + "description": "CustomPKIPolicy contains administrator-specified cryptographic configuration. Administrators must specify defaults for all certificates and may optionally override specific categories of certificates.", "type": "object", "required": [ - "publisher", - "offer", - "sku", - "version", - "resourceID" + "defaults" ], "properties": { - "offer": { - "description": "offer specifies the name of a group of related images created by the publisher. For example, UbuntuServer, WindowsServer", - "type": "string", - "default": "" - }, - "publisher": { - "description": "publisher is the name of the organization that created the image", - "type": "string", - "default": "" - }, - "resourceID": { - "description": "resourceID specifies an image to use by ID", - "type": "string", - "default": "" + "clientCertificates": { + "description": "clientCertificates optionally overrides certificate parameters for client authentication certificates used to authenticate to servers. When set, these parameters take precedence over defaults for all client certificates. When omitted, the defaults are used for client certificates.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CertificateConfig" }, - "sku": { - "description": "sku specifies an instance of an offer, such as a major release of a distribution. For example, 18.04-LTS, 2019-Datacenter", - "type": "string", - "default": "" + "defaults": { + "description": "defaults specifies the default certificate configuration that applies to all certificates unless overridden by a category override.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.DefaultCertificateConfig" }, - "type": { - "description": "type identifies the source of the image and related information, such as purchase plans. Valid values are \"ID\", \"MarketplaceWithPlan\", \"MarketplaceNoPlan\", and omitted, which means no opinion and the platform chooses a good default which may change over time. Currently that default is \"MarketplaceNoPlan\" if publisher data is supplied, or \"ID\" if not. For more information about purchase plans, see: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/cli-ps-findimage#check-the-purchase-plan-information", - "type": "string" + "servingCertificates": { + "description": "servingCertificates optionally overrides certificate parameters for TLS server certificates used to serve HTTPS endpoints. When set, these parameters take precedence over defaults for all serving certificates. When omitted, the defaults are used for serving certificates.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CertificateConfig" }, - "version": { - "description": "version specifies the version of an image sku. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available.", - "type": "string", - "default": "" + "signerCertificates": { + "description": "signerCertificates optionally overrides certificate parameters for certificate authority (CA) certificates that sign other certificates. When set, these parameters take precedence over defaults for all signer certificates. When omitted, the defaults are used for signer certificates.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CertificateConfig" } } }, - "com.github.openshift.api.machine.v1beta1.LastOperation": { - "description": "LastOperation represents the detail of the last performed operation on the MachineObject.", + "com.github.openshift.api.config.v1alpha1.DefaultCertificateConfig": { + "description": "DefaultCertificateConfig specifies the default certificate configuration parameters. All fields are required to ensure that defaults are fully specified for all certificates.", "type": "object", + "required": [ + "key" + ], "properties": { - "description": { - "description": "description is the human-readable description of the last operation.", - "type": "string" - }, - "lastUpdated": { - "description": "lastUpdated is the timestamp at which LastOperation API was last-updated.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "state": { - "description": "state is the current status of the last performed operation. E.g. Processing, Failed, Successful etc", - "type": "string" - }, - "type": { - "description": "type is the type of operation which was last performed. E.g. Create, Delete, Update etc", + "key": { + "description": "key specifies the cryptographic parameters for the certificate's key pair. This field is required in defaults to ensure all certificates have a well-defined key configuration.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.KeyConfig" + } + } + }, + "com.github.openshift.api.config.v1alpha1.DropEqualActionConfig": { + "description": "DropEqualActionConfig configures the DropEqual action. Drops targets for which the concatenated source_labels do match the value of target_label. Requires Prometheus >= v2.41.0.", + "type": "object", + "required": [ + "targetLabel" + ], + "properties": { + "targetLabel": { + "description": "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that match are dropped. Must be between 1 and 128 characters in length.", "type": "string" } } }, - "com.github.openshift.api.machine.v1beta1.LifecycleHook": { - "description": "LifecycleHook represents a single instance of a lifecycle hook", + "com.github.openshift.api.config.v1alpha1.ECDSAKeyConfig": { + "description": "ECDSAKeyConfig specifies parameters for ECDSA key generation.", "type": "object", "required": [ - "name", - "owner" + "curve" ], "properties": { - "name": { - "description": "name defines a unique name for the lifcycle hook. The name should be unique and descriptive, ideally 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. Names must be unique and should only be managed by a single entity.", + "curve": { + "description": "curve specifies the NIST elliptic curve for ECDSA keys. Valid values are \"P256\", \"P384\", and \"P521\".\n\nWhen set to P256, the NIST P-256 curve (also known as secp256r1) is used, providing 128-bit security.\n\nWhen set to P384, the NIST P-384 curve (also known as secp384r1) is used, providing 192-bit security.\n\nWhen set to P521, the NIST P-521 curve (also known as secp521r1) is used, providing 256-bit security.", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1alpha1.EtcdBackupSpec": { + "description": "EtcdBackupSpec provides configuration for automated etcd backups to the cluster-etcd-operator", + "type": "object", + "properties": { + "pvcName": { + "description": "pvcName specifies the name of the PersistentVolumeClaim (PVC) which binds a PersistentVolume where the etcd backup files would be saved The PVC itself must always be created in the \"openshift-etcd\" namespace If the PVC is left unspecified \"\" then the platform will choose a reasonable default location to save the backup. In the future this would be backups saved across the control-plane master nodes.", "type": "string", "default": "" }, - "owner": { - "description": "owner defines the owner of the lifecycle hook. This should be descriptive enough so that users can identify who/what is responsible for blocking the lifecycle. This could be the name of a controller (e.g. clusteroperator/etcd) or an administrator managing the hook.", + "retentionPolicy": { + "description": "retentionPolicy defines the retention policy for retaining and deleting existing backups.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RetentionPolicy" + }, + "schedule": { + "description": "schedule defines the recurring backup schedule in Cron format every 2 hours: 0 */2 * * * every day at 3am: 0 3 * * * Empty string means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. The current default is \"no backups\", but will change in the future.", + "type": "string", + "default": "" + }, + "timeZone": { + "description": "The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. If not specified, this will default to the time zone of the kube-controller-manager process. See https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones", "type": "string", "default": "" } } }, - "com.github.openshift.api.machine.v1beta1.LifecycleHooks": { - "description": "LifecycleHooks allow users to pause operations on the machine at certain prefedined points within the machine lifecycle.", + "com.github.openshift.api.config.v1alpha1.GatherConfig": { + "description": "gatherConfig provides data gathering configuration options.", "type": "object", "properties": { - "preDrain": { - "description": "preDrain hooks prevent the machine from being drained. This also blocks further lifecycle events, such as termination.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.LifecycleHook" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "dataPolicy": { + "description": "dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. Valid values are \"None\" and \"ObfuscateNetworking\". When set to None the data is not obfuscated. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "type": "string" }, - "preTerminate": { - "description": "preTerminate hooks prevent the machine from being terminated. PreTerminate hooks be actioned after the Machine has been drained.", + "disabledGatherers": { + "description": "disabledGatherers is a list of gatherers to be excluded from the gathering. All the gatherers can be disabled by providing \"all\" value. If all the gatherers are disabled, the Insights operator does not gather any data. The format for the disabledGatherer should be: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\" An example of disabling gatherers looks like this: `disabledGatherers: [\"clusterconfig/machine_configs\", \"workloads/workload_info\"]`", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.LifecycleHook" + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" + }, + "storage": { + "description": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Storage" } } }, - "com.github.openshift.api.machine.v1beta1.LoadBalancerReference": { - "description": "LoadBalancerReference is a reference to a load balancer on AWS.", + "com.github.openshift.api.config.v1alpha1.HashModActionConfig": { + "description": "HashModActionConfig configures the HashMod action. target_label is set to the modulus of a hash of the concatenated source_labels (target = hash % modulus).", "type": "object", "required": [ - "name", - "type" + "targetLabel", + "modulus" ], "properties": { - "name": { - "type": "string", - "default": "" + "modulus": { + "description": "modulus is the divisor applied to the hash of the concatenated source label values (target = hash % modulus). Required when using the HashMod action so the intended behavior is explicit. Must be between 1 and 1000000.", + "type": "integer", + "format": "int64" }, - "type": { - "type": "string", - "default": "" + "targetLabel": { + "description": "targetLabel is the label name where the hash modulus result is written. Must be between 1 and 128 characters in length.", + "type": "string" } } }, - "com.github.openshift.api.machine.v1beta1.Machine": { - "description": "Machine is the Schema for the machines API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1alpha1.InsightsDataGather": { + "description": "InsightsDataGather provides data gather configuration options for the the Insights Operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -24862,203 +24393,404 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineSpec" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.InsightsDataGatherSpec" }, "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineStatus" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.InsightsDataGatherStatus" } } }, - "com.github.openshift.api.machine.v1beta1.MachineHealthCheck": { - "description": "MachineHealthCheck is the Schema for the machinehealthchecks API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1alpha1.InsightsDataGatherList": { + "description": "InsightsDataGatherList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.InsightsDataGather" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.config.v1alpha1.InsightsDataGatherSpec": { + "type": "object", + "properties": { + "gatherConfig": { + "description": "gatherConfig spec attribute includes all the configuration options related to gathering of the Insights data and its uploading to the ingress.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.GatherConfig" + } + } + }, + "com.github.openshift.api.config.v1alpha1.InsightsDataGatherStatus": { + "type": "object" + }, + "com.github.openshift.api.config.v1alpha1.KeepEqualActionConfig": { + "description": "KeepEqualActionConfig configures the KeepEqual action. Drops targets for which the concatenated source_labels do not match the value of target_label. Requires Prometheus >= v2.41.0.", + "type": "object", + "required": [ + "targetLabel" + ], + "properties": { + "targetLabel": { + "description": "targetLabel is the label name whose value is compared to the concatenated source_labels; targets that do not match are dropped. Must be between 1 and 128 characters in length.", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1alpha1.KeyConfig": { + "description": "KeyConfig specifies cryptographic parameters for key generation.", + "type": "object", + "required": [ + "algorithm" + ], + "properties": { + "algorithm": { + "description": "algorithm specifies the key generation algorithm. Valid values are \"RSA\" and \"ECDSA\".\n\nWhen set to RSA, the rsa field must be specified and the generated key will be an RSA key with the configured key size.\n\nWhen set to ECDSA, the ecdsa field must be specified and the generated key will be an ECDSA key using the configured elliptic curve.", + "type": "string" + }, + "ecdsa": { + "description": "ecdsa specifies ECDSA key parameters. Required when algorithm is ECDSA, and forbidden otherwise.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ECDSAKeyConfig" }, - "spec": { - "description": "Specification of machine health check policy", + "rsa": { + "description": "rsa specifies RSA key parameters. Required when algorithm is RSA, and forbidden otherwise.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineHealthCheckSpec" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RSAKeyConfig" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "algorithm", + "fields-to-discriminateBy": { + "ecdsa": "ECDSA", + "rsa": "RSA" + } + } + ] + }, + "com.github.openshift.api.config.v1alpha1.Label": { + "description": "Label represents a key/value pair for external labels.", + "type": "object", + "required": [ + "key", + "value" + ], + "properties": { + "key": { + "description": "key is the name of the label. Prometheus supports UTF-8 label names, so any valid UTF-8 string is allowed. Must be between 1 and 128 characters in length.", + "type": "string" }, - "status": { - "description": "Most recently observed status of MachineHealthCheck resource", + "value": { + "description": "value is the value of the label. Must be between 1 and 128 characters in length.", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1alpha1.LabelMapActionConfig": { + "description": "LabelMapActionConfig configures the LabelMap action. Regex is matched against all source label names (not just source_labels). Matching label values are copied to new label names given by replacement, with match group references (${1}, ${2}, ...) substituted.", + "type": "object", + "required": [ + "replacement" + ], + "properties": { + "replacement": { + "description": "replacement is the template for new label names; match group references (${1}, ${2}, ...) are substituted from the matched label name. Required when using the LabelMap action so the intended behavior is explicit and the platform does not need to apply defaults. Use \"$1\" for the first capture group, \"$2\" for the second, etc. Must be between 1 and 255 characters in length. Empty string is invalid as it would produce invalid label names.", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1alpha1.LowercaseActionConfig": { + "description": "LowercaseActionConfig configures the Lowercase action. Maps the concatenated source_labels to their lower case and writes to target_label. Requires Prometheus >= v2.36.0.", + "type": "object", + "required": [ + "targetLabel" + ], + "properties": { + "targetLabel": { + "description": "targetLabel is the label name where the lower-cased value is written. Must be between 1 and 128 characters in length.", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1alpha1.MetadataConfig": { + "description": "MetadataConfig defines whether and how to send series metadata to remote write storage.", + "type": "object", + "required": [ + "sendPolicy" + ], + "properties": { + "custom": { + "description": "custom defines custom metadata send settings. Required when sendPolicy is Custom (must have at least one property), and forbidden when sendPolicy is Default.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineHealthCheckStatus" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.MetadataConfigCustom" + }, + "sendPolicy": { + "description": "sendPolicy specifies whether to send metadata and how it is configured. Default: send metadata using platform-chosen defaults (e.g. send interval 30 seconds). Custom: send metadata using the settings in the custom field.", + "type": "string" } } }, - "com.github.openshift.api.machine.v1beta1.MachineHealthCheckList": { - "description": "MachineHealthCheckList contains a list of MachineHealthCheck Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1alpha1.MetadataConfigCustom": { + "description": "MetadataConfigCustom defines custom settings for sending series metadata when sendPolicy is Custom. At least one property must be set when sendPolicy is Custom (e.g. sendIntervalSeconds).", + "type": "object", + "properties": { + "sendIntervalSeconds": { + "description": "sendIntervalSeconds is the interval in seconds at which metadata is sent. When omitted, the platform chooses a reasonable default (e.g. 30 seconds). Minimum value is 1 second. Maximum value is 86400 seconds (24 hours).", + "type": "integer", + "format": "int32" + } + } + }, + "com.github.openshift.api.config.v1alpha1.MetricsServerConfig": { + "description": "MetricsServerConfig provides configuration options for the Metrics Server instance that runs in the `openshift-monitoring` namespace. Use this configuration to control how the Metrics Server instance is deployed, how it logs, and how its pods are scheduled.", + "type": "object", + "properties": { + "audit": { + "description": "audit defines the audit configuration used by the Metrics Server instance. audit is optional. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default sets audit.profile to Metadata", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Audit" + }, + "nodeSelector": { + "description": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "resources": { + "description": "resources defines the compute resource requests and limits for the Metrics Server container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "tolerations": { + "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" + }, + "topologySpreadConstraints": { + "description": "topologySpreadConstraints defines rules for how Metrics Server Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/TopologySpreadConstraint.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "topologyKey", + "whenUnsatisfiable" + ], + "x-kubernetes-list-type": "map" + }, + "verbosity": { + "description": "verbosity defines the verbosity of log messages for Metrics Server. Valid values are Errors, Info, Trace, TraceAll and omitted. When set to Errors, only critical messages and errors are logged. When set to Info, only basic information messages are logged. When set to Trace, information useful for general debugging is logged. When set to TraceAll, detailed information about metric scraping is logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Errors`", + "type": "string" + } + } + }, + "com.github.openshift.api.config.v1alpha1.OAuth2": { + "description": "OAuth2 defines OAuth2 authentication settings for the remote write endpoint.", "type": "object", "required": [ - "items" + "clientId", + "clientSecret", + "tokenUrl" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "clientId": { + "description": "clientId defines the secret reference containing the OAuth2 client ID. The secret must exist in the openshift-monitoring namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" }, - "items": { + "clientSecret": { + "description": "clientSecret defines the secret reference containing the OAuth2 client secret. The secret must exist in the openshift-monitoring namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + }, + "endpointParams": { + "description": "endpointParams defines additional parameters to append to the token URL. When omitted, no additional parameters are sent. Maximum of 20 parameters can be specified. Entries must have unique names (name is the list key).", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineHealthCheck" - } + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.OAuth2EndpointParam" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "scopes": { + "description": "scopes is a list of OAuth2 scopes to request. When omitted, no scopes are requested. Maximum of 20 scopes can be specified. Each scope must be between 1 and 256 characters.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "tokenUrl": { + "description": "tokenUrl is the URL to fetch the token from. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + "type": "string" } } }, - "com.github.openshift.api.machine.v1beta1.MachineHealthCheckSpec": { - "description": "MachineHealthCheckSpec defines the desired state of MachineHealthCheck", + "com.github.openshift.api.config.v1alpha1.OAuth2EndpointParam": { + "description": "OAuth2EndpointParam defines a name/value parameter for the OAuth2 token URL.", "type": "object", "required": [ - "selector", - "unhealthyConditions" + "name" ], "properties": { - "maxUnhealthy": { - "description": "Any farther remediation is only allowed if at most \"MaxUnhealthy\" machines selected by \"selector\" are not healthy. Expects either a postive integer value or a percentage value. Percentage values must be positive whole numbers and are capped at 100%. Both 0 and 0% are valid and will block all remediation. Defaults to 100% if not set.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" - }, - "nodeStartupTimeout": { - "description": "Machines older than this duration without a node will be considered to have failed and will be remediated. To prevent Machines without Nodes from being removed, disable startup checks by setting this value explicitly to \"0\". Expects an unsigned duration string of decimal numbers each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" - }, - "remediationTemplate": { - "description": "remediationTemplate is a reference to a remediation template provided by an infrastructure provider.\n\nThis field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Machine API Operator.", - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" - }, - "selector": { - "description": "Label selector to match machines whose health will be exercised. Note: An empty selector will match all machines.", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + "name": { + "description": "name is the parameter name. Must be between 1 and 256 characters.", + "type": "string" }, - "unhealthyConditions": { - "description": "unhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.UnhealthyCondition" - } + "value": { + "description": "value is the optional parameter value. When omitted, the query parameter is applied as ?name (no value). When set (including to the empty string), it is applied as ?name=value. Empty string may be used when the external system expects a parameter with an empty value (e.g. ?parameter=\"\"). Must be between 0 and 2048 characters when present (aligned with common URL length recommendations).", + "type": "string" } } }, - "com.github.openshift.api.machine.v1beta1.MachineHealthCheckStatus": { - "description": "MachineHealthCheckStatus defines the observed state of MachineHealthCheck", + "com.github.openshift.api.config.v1alpha1.OpenShiftStateMetricsConfig": { + "description": "OpenShiftStateMetricsConfig provides configuration options for the openshift-state-metrics agent that runs in the `openshift-monitoring` namespace. The openshift-state-metrics agent generates metrics about the state of OpenShift-specific Kubernetes objects, such as routes, builds, and deployments.", "type": "object", "properties": { - "conditions": { - "description": "conditions defines the current state of the MachineHealthCheck", + "nodeSelector": { + "description": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "resources": { + "description": "resources defines the compute resource requests and limits for the openshift-state-metrics container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 1m\n limit: null\n - name: memory\n request: 32Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Condition" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" }, "x-kubernetes-list-map-keys": [ - "type" + "name" ], "x-kubernetes-list-type": "map" }, - "currentHealthy": { - "description": "total number of machines counted by this machine health check", - "type": "integer", - "format": "int32" - }, - "expectedMachines": { - "description": "total number of machines counted by this machine health check", - "type": "integer", - "format": "int32" + "tolerations": { + "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "remediationsAllowed": { - "description": "remediationsAllowed is the number of further remediations allowed by this machine health check before maxUnhealthy short circuiting will be applied", - "type": "integer", - "format": "int32", - "default": 0 + "topologySpreadConstraints": { + "description": "topologySpreadConstraints defines rules for how openshift-state-metrics Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/TopologySpreadConstraint.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "topologyKey", + "whenUnsatisfiable" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.machine.v1beta1.MachineList": { - "description": "MachineList contains a list of Machine Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1alpha1.PKI": { + "description": "PKI configures cryptographic parameters for certificates generated internally by OpenShift components.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "items" + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Machine" - } - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PKISpec" } } }, - "com.github.openshift.api.machine.v1beta1.MachineSet": { - "description": "MachineSet ensures that a specified number of machines replicas are running at any given time. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1alpha1.PKICertificateManagement": { + "description": "PKICertificateManagement determines whether components use hardcoded defaults (Unmanaged), follow OpenShift best practices (Default), or use administrator-specified cryptographic parameters (Custom). This provides flexibility for organizations with specific compliance requirements or security policies while maintaining backwards compatibility for existing clusters.", "type": "object", + "required": [ + "mode" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { + "custom": { + "description": "custom contains administrator-specified cryptographic configuration. Use the defaults and category override fields to specify certificate generation parameters. Required when mode is Custom, and forbidden otherwise.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineSetSpec" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CustomPKIPolicy" }, - "status": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineSetStatus" + "mode": { + "description": "mode determines how PKI configuration is managed. Valid values are \"Unmanaged\", \"Default\", and \"Custom\".\n\nWhen set to Unmanaged, components use their existing hardcoded certificate generation behavior, exactly as if this feature did not exist. Each component generates certificates using whatever parameters it was using before this feature. While most components use RSA 2048, some may use different parameters. Use of this mode might prevent upgrading to the next major OpenShift release.\n\nWhen set to Default, OpenShift-recommended best practices for certificate generation are applied. The specific parameters may evolve across OpenShift releases to adopt improved cryptographic standards. In the initial release, this matches Unmanaged behavior for each component. In future releases, this may adopt ECDSA or larger RSA keys based on industry best practices. Recommended for most customers who want to benefit from security improvements automatically.\n\nWhen set to Custom, the certificate management parameters can be set explicitly. Use the custom field to specify certificate generation parameters.", + "type": "string" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "mode", + "fields-to-discriminateBy": { + "custom": "Custom" + } + } + ] }, - "com.github.openshift.api.machine.v1beta1.MachineSetList": { - "description": "MachineSetList contains a list of MachineSet Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1alpha1.PKIList": { + "description": "PKIList is a collection of PKI resources.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ "items" @@ -25069,10 +24801,11 @@ "type": "string" }, "items": { + "description": "items is a list of PKI resources", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineSet" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PKI" } }, "kind": { @@ -25082,918 +24815,862 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.machine.v1beta1.MachineSetSpec": { - "description": "MachineSetSpec defines the desired state of MachineSet", + "com.github.openshift.api.config.v1alpha1.PKIProfile": { + "description": "PKIProfile defines the certificate generation parameters that OpenShift components use to create certificates. Category overrides take precedence over defaults.", "type": "object", "required": [ - "selector" + "defaults" ], "properties": { - "authoritativeAPI": { - "description": "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI and ClusterAPI. When set to MachineAPI, writes to the spec of the machine.openshift.io copy of this resource will be reflected into the cluster.x-k8s.io copy. When set to ClusterAPI, writes to the spec of the cluster.x-k8s.io copy of this resource will be reflected into the machine.openshift.io copy. Updates to the status will be reflected in both copies of the resource, based on the controller implementing the functionality of the API. Currently the authoritative API determines which controller will manage the resource, this will change in a future release. To ensure the change has been accepted, please verify that the `status.authoritativeAPI` field has been updated to the desired value and that the `Synchronized` condition is present and set to `True`.", - "type": "string", - "default": "MachineAPI" - }, - "deletePolicy": { - "description": "deletePolicy defines the policy used to identify nodes to delete when downscaling. Defaults to \"Random\". Valid values are \"Random, \"Newest\", \"Oldest\"", - "type": "string" - }, - "minReadySeconds": { - "description": "minReadySeconds is the minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready)", - "type": "integer", - "format": "int32" + "clientCertificates": { + "description": "clientCertificates optionally overrides certificate parameters for client authentication certificates used to authenticate to servers. When set, these parameters take precedence over defaults for all client certificates. When omitted, the defaults are used for client certificates.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CertificateConfig" }, - "replicas": { - "description": "replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1.", - "type": "integer", - "format": "int32" + "defaults": { + "description": "defaults specifies the default certificate configuration that applies to all certificates unless overridden by a category override.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.DefaultCertificateConfig" }, - "selector": { - "description": "selector is a label query over machines that should match the replica count. Label keys and values that must match in order to be controlled by this MachineSet. It must match the machine template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors", + "servingCertificates": { + "description": "servingCertificates optionally overrides certificate parameters for TLS server certificates used to serve HTTPS endpoints. When set, these parameters take precedence over defaults for all serving certificates. When omitted, the defaults are used for serving certificates.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CertificateConfig" }, - "template": { - "description": "template is the object that describes the machine that will be created if insufficient replicas are detected.", + "signerCertificates": { + "description": "signerCertificates optionally overrides certificate parameters for certificate authority (CA) certificates that sign other certificates. When set, these parameters take precedence over defaults for all signer certificates. When omitted, the defaults are used for signer certificates.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineTemplateSpec" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.CertificateConfig" } } }, - "com.github.openshift.api.machine.v1beta1.MachineSetStatus": { - "description": "MachineSetStatus defines the observed state of MachineSet", + "com.github.openshift.api.config.v1alpha1.PKISpec": { + "description": "PKISpec holds the specification for PKI configuration.", "type": "object", + "required": [ + "certificateManagement" + ], "properties": { - "authoritativeAPI": { - "description": "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI, ClusterAPI and Migrating. This value is updated by the migration controller to reflect the authoritative API. Machine API and Cluster API controllers use this value to determine whether or not to reconcile the resource. When set to Migrating, the migration controller is currently performing the handover of authority from one API to the other.", - "type": "string" - }, - "availableReplicas": { - "description": "The number of available replicas (ready for at least minReadySeconds) for this MachineSet.", - "type": "integer", - "format": "int32" - }, - "conditions": { - "description": "conditions defines the current state of the MachineSet", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "errorMessage": { - "type": "string" - }, - "errorReason": { - "description": "In the event that there is a terminal problem reconciling the replicas, both ErrorReason and ErrorMessage will be set. ErrorReason will be populated with a succinct value suitable for machine interpretation, while ErrorMessage will contain a more verbose string suitable for logging and human consumption.\n\nThese fields should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the MachineTemplate's spec or the configuration of the machine controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the machine controller, or the responsible machine controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines can be added as events to the MachineSet object and/or logged in the controller's output.", - "type": "string" - }, - "fullyLabeledReplicas": { - "description": "The number of replicas that have labels matching the labels of the machine template of the MachineSet.", - "type": "integer", - "format": "int32" - }, - "observedGeneration": { - "description": "observedGeneration reflects the generation of the most recently observed MachineSet.", - "type": "integer", - "format": "int64" - }, - "readyReplicas": { - "description": "The number of ready replicas for this MachineSet. A machine is considered ready when the node has been created and is \"Ready\".", - "type": "integer", - "format": "int32" - }, - "replicas": { - "description": "replicas is the most recently observed number of replicas.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "synchronizedAPI": { - "description": "synchronizedAPI holds the last stable value of authoritativeAPI. It is used to detect migration cancellation requests and to restore the resource to its previous state. Valid values are \"MachineAPI\" and \"ClusterAPI\". When omitted, the resource has not yet been reconciled by the migration controller.", - "type": "string" - }, - "synchronizedGeneration": { - "description": "synchronizedGeneration is the generation of the authoritative resource that the non-authoritative resource is synchronised with. This field is set when the authoritative resource is updated and the sync controller has updated the non-authoritative resource to match.", - "type": "integer", - "format": "int64" + "certificateManagement": { + "description": "certificateManagement specifies how PKI configuration is managed for internally-generated certificates. This controls the certificate generation approach for all OpenShift components that create certificates internally, including certificate authorities, serving certificates, and client certificates.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PKICertificateManagement" } } }, - "com.github.openshift.api.machine.v1beta1.MachineSpec": { - "description": "MachineSpec defines the desired state of Machine", + "com.github.openshift.api.config.v1alpha1.PersistentVolumeClaimReference": { + "description": "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", "type": "object", + "required": [ + "name" + ], "properties": { - "authoritativeAPI": { - "description": "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI and ClusterAPI. When set to MachineAPI, writes to the spec of the machine.openshift.io copy of this resource will be reflected into the cluster.x-k8s.io copy. When set to ClusterAPI, writes to the spec of the cluster.x-k8s.io copy of this resource will be reflected into the machine.openshift.io copy. Updates to the status will be reflected in both copies of the resource, based on the controller implementing the functionality of the API. Currently the authoritative API determines which controller will manage the resource, this will change in a future release. To ensure the change has been accepted, please verify that the `status.authoritativeAPI` field has been updated to the desired value and that the `Synchronized` condition is present and set to `True`.", + "name": { + "description": "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", "type": "string", - "default": "MachineAPI" - }, - "lifecycleHooks": { - "description": "lifecycleHooks allow users to pause operations on the machine at certain predefined points within the machine lifecycle.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.LifecycleHooks" - }, - "metadata": { - "description": "ObjectMeta will autopopulate the Node created. Use this to indicate what labels, annotations, name prefix, etc., should be used when creating the Node.", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1alpha1.PersistentVolumeConfig": { + "description": "persistentVolumeConfig provides configuration options for PersistentVolume storage.", + "type": "object", + "required": [ + "claim" + ], + "properties": { + "claim": { + "description": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.ObjectMeta" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PersistentVolumeClaimReference" }, - "providerID": { - "description": "providerID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider.", + "mountPath": { + "description": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", "type": "string" - }, - "providerSpec": { - "description": "providerSpec details Provider-specific configuration to use during node creation.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.ProviderSpec" - }, - "taints": { - "description": "The list of the taints to be applied to the corresponding Node in additive manner. This list will not overwrite any other taints added to the Node on an ongoing basis by other entities. These taints should be actively reconciled e.g. if you ask the machine controller to apply a taint and then manually remove the taint the machine controller will put it back) but not have the machine controller remove any taints", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.Taint" - }, - "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.machine.v1beta1.MachineStatus": { - "description": "MachineStatus defines the observed state of Machine", + "com.github.openshift.api.config.v1alpha1.PrometheusConfig": { + "description": "PrometheusConfig provides configuration options for the Prometheus instance. Use this configuration to control Prometheus deployment, pod scheduling, resource allocation, retention policies, and external integrations.", "type": "object", "properties": { - "addresses": { - "description": "addresses is a list of addresses assigned to the machine. Queried from cloud provider, if available.", + "additionalAlertmanagerConfigs": { + "description": "additionalAlertmanagerConfigs configures additional Alertmanager instances that receive alerts from the Prometheus component. This is useful for organizations that need to:\n - Send alerts to external monitoring systems (like PagerDuty, Slack, or custom webhooks)\n - Route different types of alerts to different teams or systems\n - Integrate with existing enterprise alerting infrastructure\n - Maintain separate alert routing for compliance or organizational requirements\nWhen omitted, no additional Alertmanager instances are configured (default behavior). When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Entries must have unique names (name is the list key).", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.NodeAddress" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.AdditionalAlertmanagerConfig" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "authoritativeAPI": { - "description": "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI, ClusterAPI and Migrating. This value is updated by the migration controller to reflect the authoritative API. Machine API and Cluster API controllers use this value to determine whether or not to reconcile the resource. When set to Migrating, the migration controller is currently performing the handover of authority from one API to the other.", + "collectionProfile": { + "description": "collectionProfile defines the metrics collection profile that Prometheus uses to collect metrics from the platform components. Supported values are `Full` or `Minimal`. In the `Full` profile (default), Prometheus collects all metrics that are exposed by the platform components. In the `Minimal` profile, Prometheus only collects metrics necessary for the default platform alerts, recording rules, telemetry and console dashboards. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is `Full`.", "type": "string" }, - "conditions": { - "description": "conditions defines the current state of the Machine", + "enforcedBodySizeLimitBytes": { + "description": "enforcedBodySizeLimitBytes enforces a body size limit (in bytes) for Prometheus scraped metrics. If a scraped target's body response is larger than the limit, the scrape will fail. This helps protect Prometheus from targets that return excessively large responses. The value is specified in bytes (e.g., 4194304 for 4MB, 1073741824 for 1GB). When omitted, the Cluster Monitoring Operator automatically calculates an appropriate limit based on cluster capacity. Set an explicit value to override the automatic calculation. Minimum value is 10240 (10kB). Maximum value is 1073741824 (1GB).", + "type": "integer", + "format": "int64" + }, + "externalLabels": { + "description": "externalLabels defines labels to be attached to time series and alerts when communicating with external systems such as federation, remote storage, and Alertmanager. These labels are not stored with metrics on disk; they are only added when data leaves Prometheus (e.g., during federation queries, remote write, or alert notifications). At least 1 label must be specified when set, with a maximum of 50 labels allowed. Each label key must be unique within this list. When omitted, no external labels are applied.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Condition" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Label" }, "x-kubernetes-list-map-keys": [ - "type" + "key" ], "x-kubernetes-list-type": "map" }, - "errorMessage": { - "description": "errorMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption.\n\nThis field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", - "type": "string" - }, - "errorReason": { - "description": "errorReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation.\n\nThis field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", - "type": "string" - }, - "lastOperation": { - "description": "lastOperation describes the last-operation performed by the machine-controller. This API should be useful as a history in terms of the latest operation performed on the specific machine. It should also convey the state of the latest-operation for example if it is still on-going, failed or completed successfully.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.LastOperation" - }, - "lastUpdated": { - "description": "lastUpdated identifies when this status was last observed.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "nodeRef": { - "description": "nodeRef will point to the corresponding Node if it exists.", - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" - }, - "phase": { - "description": "phase represents the current phase of machine actuation. One of: Failed, Provisioning, Provisioned, Running, Deleting", + "logLevel": { + "description": "logLevel defines the verbosity of logs emitted by Prometheus. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", "type": "string" }, - "providerStatus": { - "description": "providerStatus details a Provider-specific status. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "nodeSelector": { + "description": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least one key-value pair (minimum of 1) and must not contain more than 10 entries.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } }, - "synchronizedAPI": { - "description": "synchronizedAPI holds the last stable value of authoritativeAPI. It is used to detect migration cancellation requests and to restore the resource to its previous state. Valid values are \"MachineAPI\" and \"ClusterAPI\". When omitted, the resource has not yet been reconciled by the migration controller.", + "queryLogFile": { + "description": "queryLogFile specifies the file to which PromQL queries are logged. This setting can be either a filename, in which case the queries are saved to an `emptyDir` volume at `/var/log/prometheus`, or a full path to a location where an `emptyDir` volume will be mounted and the queries saved. Writing to `/dev/stderr`, `/dev/stdout` or `/dev/null` is supported, but writing to any other `/dev/` path is not supported. Relative paths are also not supported. By default, PromQL queries are not logged. Must be an absolute path starting with `/` or a simple filename without path separators. Must not contain consecutive slashes, end with a slash, or include '..' path traversal. Must contain only alphanumeric characters, '.', '_', '-', or '/'. Must be between 1 and 255 characters in length.", "type": "string" }, - "synchronizedGeneration": { - "description": "synchronizedGeneration is the generation of the authoritative resource that the non-authoritative resource is synchronised with. This field is set when the authoritative resource is updated and the sync controller has updated the non-authoritative resource to match.", - "type": "integer", - "format": "int64" - } - } - }, - "com.github.openshift.api.machine.v1beta1.MachineTemplateSpec": { - "description": "MachineTemplateSpec describes the data needed to create a Machine from a template", - "type": "object", - "properties": { - "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.ObjectMeta" + "remoteWrite": { + "description": "remoteWrite defines the remote write configuration, including URL, authentication, and relabeling settings. Remote write allows Prometheus to send metrics it collects to external long-term storage systems. When omitted, no remote write endpoints are configured. When provided, at least one configuration must be specified (minimum 1, maximum 10 items). Entries must have unique names (name is the list key).", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RemoteWriteSpec" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "spec": { - "description": "Specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineSpec" - } - } - }, - "com.github.openshift.api.machine.v1beta1.MetadataServiceOptions": { - "description": "MetadataServiceOptions defines the options available to a user when configuring Instance Metadata Service (IMDS) Options.", - "type": "object", - "properties": { - "authentication": { - "description": "authentication determines whether or not the host requires the use of authentication when interacting with the metadata service. When using authentication, this enforces v2 interaction method (IMDSv2) with the metadata service. When omitted, this means the user has no opinion and the value is left to the platform to choose a good default, which is subject to change over time. The current default is optional. At this point this field represents `HttpTokens` parameter from `InstanceMetadataOptionsRequest` structure in AWS EC2 API https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_InstanceMetadataOptionsRequest.html", - "type": "string" - } - } - }, - "com.github.openshift.api.machine.v1beta1.NetworkDeviceSpec": { - "description": "NetworkDeviceSpec defines the network configuration for a virtual machine's network device.", - "type": "object", - "properties": { - "addressesFromPools": { - "description": "addressesFromPools is a list of references to IP pool types and instances which are handled by an external controller. addressesFromPool configurations provided via addressesFromPools defer IP address assignment to an external controller. IP addresses provided via ipAddrs, however, are intended to allow explicit assignment of a machine's IP address. If both addressesFromPool and ipAddrs are empty or not defined, DHCP will assign an IP address. If both ipAddrs and addressesFromPools are defined, the IP addresses associated with ipAddrs will be applied first followed by IP addresses from addressesFromPools.", + "resources": { + "description": "resources defines the compute resource requests and limits for the Prometheus container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AddressesFromPool" - } + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "gateway": { - "description": "gateway is an IPv4 or IPv6 address which represents the subnet gateway, for example, 192.168.1.1.", - "type": "string" + "retention": { + "description": "retention configures how long Prometheus retains metrics data and how much storage it can use. When omitted, the platform chooses reasonable defaults (currently 15 days retention, no size limit).", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Retention" }, - "ipAddrs": { - "description": "ipAddrs is a list of one or more IPv4 and/or IPv6 addresses and CIDR to assign to this device, for example, 192.168.1.100/24. IP addresses provided via ipAddrs are intended to allow explicit assignment of a machine's IP address. IP pool configurations provided via addressesFromPool, however, defer IP address assignment to an external controller. If both addressesFromPool and ipAddrs are empty or not defined, DHCP will be used to assign an IP address. If both ipAddrs and addressesFromPools are defined, the IP addresses associated with ipAddrs will be applied first followed by IP addresses from addressesFromPools.", + "tolerations": { + "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10 Minimum length for this list is 1", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "nameservers": { - "description": "nameservers is a list of IPv4 and/or IPv6 addresses used as DNS nameservers, for example, 8.8.8.8. a nameserver is not provided by a fulfilled IPAddressClaim. If DHCP is not the source of IP addresses for this network device, nameservers should include a valid nameserver.", + "topologySpreadConstraints": { + "description": "topologySpreadConstraints defines rules for how Prometheus Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1 Entries must have unique topologyKey and whenUnsatisfiable pairs.", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/TopologySpreadConstraint.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "topologyKey", + "whenUnsatisfiable" + ], + "x-kubernetes-list-type": "map" }, - "networkName": { - "description": "networkName is the name of the vSphere network or port group to which the network device will be connected, for example, port-group-1. When not provided, the vCenter API will attempt to select a default network. The available networks (port groups) can be listed using `govc ls 'network/*'`", - "type": "string" + "volumeClaimTemplate": { + "description": "volumeClaimTemplate defines persistent storage for Prometheus. Use this setting to configure the persistent volume claim, including storage class and volume size. If omitted, the Pod uses ephemeral storage and Prometheus data will not persist across restarts.", + "$ref": "#/definitions/PersistentVolumeClaim.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.machine.v1beta1.NetworkSpec": { - "description": "NetworkSpec defines the virtual machine's network configuration.", + "com.github.openshift.api.config.v1alpha1.PrometheusOperatorAdmissionWebhookConfig": { + "description": "PrometheusOperatorAdmissionWebhookConfig provides configuration options for the admission webhook component of Prometheus Operator that runs in the `openshift-monitoring` namespace. The admission webhook validates PrometheusRule and AlertmanagerConfig objects, mutates PrometheusRule annotations, and converts AlertmanagerConfig objects between API versions.", "type": "object", - "required": [ - "devices" - ], "properties": { - "devices": { - "description": "devices defines the virtual machine's network interfaces.", + "resources": { + "description": "resources defines the compute resource requests and limits for the prometheus-operator-admission-webhook container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 5m\n limit: null\n - name: memory\n request: 30Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.NetworkDeviceSpec" - } - } - } - }, - "com.github.openshift.api.machine.v1beta1.OSDisk": { - "type": "object", - "required": [ - "osType", - "managedDisk", - "diskSizeGB" - ], - "properties": { - "cachingType": { - "description": "cachingType specifies the caching requirements. Possible values include: 'None', 'ReadOnly', 'ReadWrite'. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is `None`.", - "type": "string" - }, - "diskSettings": { - "description": "diskSettings describe ephemeral disk settings for the os disk.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DiskSettings" - }, - "diskSizeGB": { - "description": "diskSizeGB is the size in GB to assign to the data disk.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "managedDisk": { - "description": "managedDisk specifies the Managed Disk parameters for the OS disk.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.OSDiskManagedDiskParameters" - }, - "osType": { - "description": "osType is the operating system type of the OS disk. Possible values include \"Linux\" and \"Windows\".", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.machine.v1beta1.OSDiskManagedDiskParameters": { - "description": "OSDiskManagedDiskParameters is the parameters of a OSDisk managed disk.", - "type": "object", - "required": [ - "storageAccountType" - ], - "properties": { - "diskEncryptionSet": { - "description": "diskEncryptionSet is the disk encryption set properties", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DiskEncryptionSetParameters" - }, - "securityProfile": { - "description": "securityProfile specifies the security profile for the managed disk.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.VMDiskSecurityProfile" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "storageAccountType": { - "description": "storageAccountType is the storage account type to use. Possible values include \"Standard_LRS\", \"Premium_LRS\".", - "type": "string", - "default": "" + "topologySpreadConstraints": { + "description": "topologySpreadConstraints defines rules for how admission webhook Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/TopologySpreadConstraint.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "topologyKey", + "whenUnsatisfiable" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.machine.v1beta1.ObjectMeta": { - "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. This is a copy of customizable fields from metav1.ObjectMeta.\n\nObjectMeta is embedded in `Machine.Spec`, `MachineDeployment.Template` and `MachineSet.Template`, which are not top-level Kubernetes objects. Given that metav1.ObjectMeta has lots of special cases and read-only fields which end up in the generated CRD validation, having it as a subset simplifies the API and some issues that can impact user experience.\n\nDuring the [upgrade to controller-tools@v2](https://github.com/kubernetes-sigs/cluster-api/pull/1054) for v1alpha2, we noticed a failure would occur running Cluster API test suite against the new CRDs, specifically `spec.metadata.creationTimestamp in body must be of type string: \"null\"`. The investigation showed that `controller-tools@v2` behaves differently than its previous version when handling types from [metav1](k8s.io/apimachinery/pkg/apis/meta/v1) package.\n\nIn more details, we found that embedded (non-top level) types that embedded `metav1.ObjectMeta` had validation properties, including for `creationTimestamp` (metav1.Time). The `metav1.Time` type specifies a custom json marshaller that, when IsZero() is true, returns `null` which breaks validation because the field isn't marked as nullable.\n\nIn future versions, controller-tools@v2 might allow overriding the type and validation for embedded types. When that happens, this hack should be revisited.", + "com.github.openshift.api.config.v1alpha1.PrometheusOperatorConfig": { + "description": "PrometheusOperatorConfig provides configuration options for the Prometheus Operator instance Use this configuration to control how the Prometheus Operator instance is deployed, how it logs, and how its pods are scheduled.", "type": "object", "properties": { - "annotations": { - "description": "annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "generateName": { - "description": "generateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", + "logLevel": { + "description": "logLevel defines the verbosity of logs emitted by Prometheus Operator. This field allows users to control the amount and severity of logs generated, which can be useful for debugging issues or reducing noise in production environments. Allowed values are Error, Warn, Info, and Debug. When set to Error, only errors will be logged. When set to Warn, both warnings and errors will be logged. When set to Info, general information, warnings, and errors will all be logged. When set to Debug, detailed debugging information will be logged. When omitted, this means no opinion and the platform is left to choose a reasonable default, that is subject to change over time. The current default value is `Info`.", "type": "string" }, - "labels": { - "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", + "nodeSelector": { + "description": "nodeSelector defines the nodes on which the Pods are scheduled nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", "type": "object", "additionalProperties": { "type": "string", "default": "" } }, - "name": { - "description": "name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", - "type": "string" + "resources": { + "description": "resources defines the compute resource requests and limits for the Prometheus Operator container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 4m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "namespace": { - "description": "namespace defines the space within each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", - "type": "string" + "tolerations": { + "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "ownerReferences": { - "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", + "topologySpreadConstraints": { + "description": "topologySpreadConstraints defines rules for how Prometheus Operator Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference" + "$ref": "#/definitions/TopologySpreadConstraint.v1.core.api.k8s.io" }, "x-kubernetes-list-map-keys": [ - "uid" + "topologyKey", + "whenUnsatisfiable" ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "uid", - "x-kubernetes-patch-strategy": "merge" + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.machine.v1beta1.Placement": { - "description": "Placement indicates where to create the instance in AWS", + "com.github.openshift.api.config.v1alpha1.PrometheusRemoteWriteHeader": { + "description": "PrometheusRemoteWriteHeader defines a custom HTTP header for remote write requests. The header name must not be one of the reserved headers set by Prometheus (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate). Header names must contain only case-insensitive alphanumeric characters, hyphens (-), and underscores (_); other characters (e.g. emoji) are rejected by validation. Validation is enforced on the Headers field in RemoteWriteSpec.", "type": "object", + "required": [ + "name", + "value" + ], "properties": { - "availabilityZone": { - "description": "availabilityZone is the availability zone of the instance", - "type": "string" - }, - "host": { - "description": "host configures placement on AWS Dedicated Hosts. This allows admins to assign instances to specific host for a variety of needs including for regulatory compliance, to leverage existing per-socket or per-core software licenses (BYOL), and to gain visibility and control over instance placement on a physical server. When omitted, the instance is not constrained to a dedicated host.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.HostPlacement" - }, - "region": { - "description": "region is the region to use to create the instance", + "name": { + "description": "name is the HTTP header name. Must not be a reserved header (see type documentation). Must contain only alphanumeric characters, hyphens, and underscores; invalid characters are rejected. Must be between 1 and 256 characters.", "type": "string" }, - "tenancy": { - "description": "tenancy indicates if instance should run on shared or single-tenant hardware. There are supported 3 options: default, dedicated and host. When set to default Runs on shared multi-tenant hardware. When dedicated Runs on single-tenant hardware (any dedicated instance hardware). When host and the host object is not provided: Runs on Dedicated Host; best-effort restart on same host. When `host` and `host` object is provided with affinity `dedicatedHost` defined: Runs on specified Dedicated Host.", - "type": "string" - } - } - }, - "com.github.openshift.api.machine.v1beta1.ProviderSpec": { - "description": "ProviderSpec defines the configuration to use during node creation.", - "type": "object", - "properties": { "value": { - "description": "value is an inlined, serialized representation of the resource configuration. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field, akin to component config.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "description": "value is the HTTP header value. Must be at most 4096 characters.", + "type": "string" } } }, - "com.github.openshift.api.machine.v1beta1.ResourceManagerTag": { - "description": "ResourceManagerTag is a tag to apply to GCP resources created for the cluster.", + "com.github.openshift.api.config.v1alpha1.QueueConfig": { + "description": "QueueConfig allows tuning configuration for remote write queue parameters. Configure this when you need to control throughput, backpressure, or retry behavior—for example to avoid overloading the remote endpoint, to reduce memory usage, or to tune for high-cardinality workloads. Consider capacity, maxShards, and batchSendDeadlineSeconds for throughput; minBackoffMilliseconds and maxBackoffMilliseconds for retries; and rateLimitedAction when the remote returns HTTP 429.", "type": "object", - "required": [ - "parentID", - "key", - "value" - ], "properties": { - "key": { - "description": "key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`.", - "type": "string", - "default": "" + "batchSendDeadlineSeconds": { + "description": "batchSendDeadlineSeconds is the maximum time in seconds a sample will wait in buffer before being sent. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 3600 seconds (1 hour).", + "type": "integer", + "format": "int32" }, - "parentID": { - "description": "parentID is the ID of the hierarchical resource where the tags are defined e.g. at the Organization or the Project level. To find the Organization or Project ID ref https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects An OrganizationID can have a maximum of 32 characters and must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.", - "type": "string", - "default": "" + "capacity": { + "description": "capacity is the number of samples to buffer per shard before we start dropping them. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 10000. Minimum value is 1. Maximum value is 1000000.", + "type": "integer", + "format": "int32" }, - "value": { - "description": "value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces.", - "type": "string", - "default": "" + "maxBackoffMilliseconds": { + "description": "maxBackoffMilliseconds is the maximum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", + "type": "integer", + "format": "int32" + }, + "maxSamplesPerSend": { + "description": "maxSamplesPerSend is the maximum number of samples per send. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1000. Minimum value is 1. Maximum value is 100000.", + "type": "integer", + "format": "int32" + }, + "maxShards": { + "description": "maxShards is the maximum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 200. Minimum value is 1. Maximum value is 10000.", + "type": "integer", + "format": "int32" + }, + "minBackoffMilliseconds": { + "description": "minBackoffMilliseconds is the minimum retry delay in milliseconds. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 millisecond. Maximum value is 3600000 milliseconds (1 hour).", + "type": "integer", + "format": "int32" + }, + "minShards": { + "description": "minShards is the minimum number of shards, i.e. amount of concurrency. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 1. Minimum value is 1. Maximum value is 10000.", + "type": "integer", + "format": "int32" + }, + "rateLimitedAction": { + "description": "rateLimitedAction controls what to do when the remote write endpoint returns HTTP 429 (Too Many Requests). When omitted, no retries are performed on rate limit responses. When set to \"Retry\", Prometheus will retry such requests using the backoff settings above. Valid value when set is \"Retry\".", + "type": "string" } } }, - "com.github.openshift.api.machine.v1beta1.SecurityProfile": { - "description": "SecurityProfile specifies the Security profile settings for a virtual machine or virtual machine scale set.", + "com.github.openshift.api.config.v1alpha1.RSAKeyConfig": { + "description": "RSAKeyConfig specifies parameters for RSA key generation.", "type": "object", + "required": [ + "keySize" + ], "properties": { - "encryptionAtHost": { - "description": "encryptionAtHost indicates whether Host Encryption should be enabled or disabled for a virtual machine or virtual machine scale set. This should be disabled when SecurityEncryptionType is set to DiskWithVMGuestState. Default is disabled.", - "type": "boolean" - }, - "settings": { - "description": "settings specify the security type and the UEFI settings of the virtual machine. This field can be set for Confidential VMs and Trusted Launch for VMs.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.SecuritySettings" + "keySize": { + "description": "keySize specifies the size of RSA keys in bits. Valid values are multiples of 1024 from 2048 to 8192.", + "type": "integer", + "format": "int32" } } }, - "com.github.openshift.api.machine.v1beta1.SecuritySettings": { - "description": "SecuritySettings define the security type and the UEFI settings of the virtual machine.", + "com.github.openshift.api.config.v1alpha1.RelabelActionConfig": { + "description": "RelabelActionConfig represents the action to perform and its configuration. Exactly one action-specific configuration must be specified based on the action type.", "type": "object", "required": [ - "securityType" + "type" ], "properties": { - "confidentialVM": { - "description": "confidentialVM specifies the security configuration of the virtual machine. For more information regarding Confidential VMs, please refer to: https://learn.microsoft.com/azure/confidential-computing/confidential-vm-overview", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.ConfidentialVM" + "dropEqual": { + "description": "dropEqual configures the DropEqual action. Required when type is DropEqual, and forbidden otherwise. Requires Prometheus >= v2.41.0.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.DropEqualActionConfig" }, - "securityType": { - "description": "securityType specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UEFISettings. The default behavior is: UEFISettings will not be enabled unless this property is set.", - "type": "string", - "default": "" + "hashMod": { + "description": "hashMod configures the HashMod action. Required when type is HashMod, and forbidden otherwise.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.HashModActionConfig" }, - "trustedLaunch": { - "description": "trustedLaunch specifies the security configuration of the virtual machine. For more information regarding TrustedLaunch for VMs, please refer to: https://learn.microsoft.com/azure/virtual-machines/trusted-launch", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.TrustedLaunch" + "keepEqual": { + "description": "keepEqual configures the KeepEqual action. Required when type is KeepEqual, and forbidden otherwise. Requires Prometheus >= v2.41.0.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.KeepEqualActionConfig" + }, + "labelMap": { + "description": "labelMap configures the LabelMap action. Required when type is LabelMap, and forbidden otherwise.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.LabelMapActionConfig" + }, + "lowercase": { + "description": "lowercase configures the Lowercase action. Required when type is Lowercase, and forbidden otherwise. Requires Prometheus >= v2.36.0.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.LowercaseActionConfig" + }, + "replace": { + "description": "replace configures the Replace action. Required when type is Replace, and forbidden otherwise.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ReplaceActionConfig" + }, + "type": { + "description": "type specifies the action to perform on the matched labels. Allowed values are Replace, Lowercase, Uppercase, Keep, Drop, KeepEqual, DropEqual, HashMod, LabelMap, LabelDrop, LabelKeep.\n\nWhen set to Replace, regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. If regex does not match, no replacement takes place.\n\nWhen set to Lowercase, the concatenated source_labels are mapped to their lower case. Requires Prometheus >= v2.36.0.\n\nWhen set to Uppercase, the concatenated source_labels are mapped to their upper case. Requires Prometheus >= v2.36.0.\n\nWhen set to Keep, targets for which regex does not match the concatenated source_labels are dropped.\n\nWhen set to Drop, targets for which regex matches the concatenated source_labels are dropped.\n\nWhen set to KeepEqual, targets for which the concatenated source_labels do not match target_label are dropped. Requires Prometheus >= v2.41.0.\n\nWhen set to DropEqual, targets for which the concatenated source_labels do match target_label are dropped. Requires Prometheus >= v2.41.0.\n\nWhen set to HashMod, target_label is set to the modulus of a hash of the concatenated source_labels.\n\nWhen set to LabelMap, regex is matched against all source label names (not just source_labels); matching label values are copied to new names given by replacement with ${1}, ${2}, ... substituted.\n\nWhen set to LabelDrop, regex is matched against all label names; any label that matches is removed.\n\nWhen set to LabelKeep, regex is matched against all label names; any label that does not match is removed.", + "type": "string" + }, + "uppercase": { + "description": "uppercase configures the Uppercase action. Required when type is Uppercase, and forbidden otherwise. Requires Prometheus >= v2.36.0.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.UppercaseActionConfig" } }, "x-kubernetes-unions": [ { - "discriminator": "securityType", + "discriminator": "type", "fields-to-discriminateBy": { - "confidentialVM": "ConfidentialVM", - "trustedLaunch": "TrustedLaunch" + "dropEqual": "DropEqual", + "hashMod": "HashMod", + "keepEqual": "KeepEqual", + "labelMap": "LabelMap", + "lowercase": "Lowercase", + "replace": "Replace", + "uppercase": "Uppercase" } } ] }, - "com.github.openshift.api.machine.v1beta1.SpotMarketOptions": { - "description": "SpotMarketOptions defines the options available to a user when configuring Machines to run on Spot instances. Most users should provide an empty struct.", - "type": "object", - "properties": { - "maxPrice": { - "description": "The maximum price the user is willing to pay for their instances Default: On-Demand price", - "type": "string" - } - } - }, - "com.github.openshift.api.machine.v1beta1.SpotVMOptions": { - "description": "SpotVMOptions defines the options relevant to running the Machine on Spot VMs", - "type": "object", - "properties": { - "maxPrice": { - "description": "maxPrice defines the maximum price the user is willing to pay for Spot VM instances", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" - } - } - }, - "com.github.openshift.api.machine.v1beta1.TagSpecification": { - "description": "TagSpecification is the name/value pair for a tag", + "com.github.openshift.api.config.v1alpha1.RelabelConfig": { + "description": "RelabelConfig represents a relabeling rule.", "type": "object", "required": [ - "name" + "name", + "action" ], "properties": { + "action": { + "description": "action defines the action to perform on the matched labels and its configuration. Exactly one action-specific configuration must be specified based on the action type.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RelabelActionConfig" + }, "name": { - "description": "name of the tag. This field is required and must be a non-empty string. Must be between 1 and 128 characters in length.", - "type": "string", - "default": "" + "description": "name is a unique identifier for this relabel configuration. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", + "type": "string" }, - "value": { - "description": "value of the tag. When omitted, this creates a tag with an empty string as the value.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.machine.v1beta1.TrustedLaunch": { - "description": "TrustedLaunch defines the UEFI settings for the virtual machine.", - "type": "object", - "required": [ - "uefiSettings" - ], - "properties": { - "uefiSettings": { - "description": "uefiSettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.UEFISettings" - } - } - }, - "com.github.openshift.api.machine.v1beta1.UEFISettings": { - "description": "UEFISettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.", - "type": "object", - "properties": { - "secureBoot": { - "description": "secureBoot specifies whether secure boot should be enabled on the virtual machine. Secure Boot verifies the digital signature of all boot components and halts the boot process if signature verification fails. If omitted, the platform chooses a default, which is subject to change over time, currently that default is disabled.", + "regex": { + "description": "regex is the regular expression to match against the concatenated source label values. Must be a valid RE2 regular expression (https://github.com/google/re2/wiki/Syntax). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"(.*)\" to match everything. Must be between 1 and 1000 characters in length when specified.", "type": "string" }, - "virtualizedTrustedPlatformModule": { - "description": "virtualizedTrustedPlatformModule specifies whether vTPM should be enabled on the virtual machine. When enabled the virtualized trusted platform module measurements are used to create a known good boot integrity policy baseline. The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. This is required to be enabled if SecurityEncryptionType is defined. If omitted, the platform chooses a default, which is subject to change over time, currently that default is disabled.", + "separator": { + "description": "separator is the character sequence used to join source label values. Common examples: \";\", \",\", \"::\", \"|||\". When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \";\". Must be between 1 and 5 characters in length when specified.", "type": "string" + }, + "sourceLabels": { + "description": "sourceLabels specifies which label names to extract from each series for this relabeling rule. The values of these labels are joined together using the configured separator, and the resulting string is then matched against the regular expression. If a referenced label does not exist on a series, Prometheus substitutes an empty string. When omitted, the rule operates without extracting source labels (useful for actions like labelmap). Minimum of 1 and maximum of 10 source labels can be specified, each between 1 and 128 characters. Each entry must be unique. Label names beginning with \"__\" (two underscores) are reserved for internal Prometheus use and are not allowed. Label names SHOULD start with a letter (a-z, A-Z) or underscore (_), followed by zero or more letters, digits (0-9), or underscores for best compatibility. While Prometheus supports UTF-8 characters in label names (since v3.0.0), using the recommended character set ensures better compatibility with the wider ecosystem (tooling, third-party instrumentation, etc.).", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" } } }, - "com.github.openshift.api.machine.v1beta1.UnhealthyCondition": { - "description": "UnhealthyCondition represents a Node condition type and value with a timeout specified as a duration. When the named condition has been in the given status for at least the timeout value, a node is considered unhealthy.", + "com.github.openshift.api.config.v1alpha1.RemoteWriteAuthorization": { + "description": "RemoteWriteAuthorization defines the authorization method for a remote write endpoint. Exactly one of the nested configs must be set according to the type discriminator.", "type": "object", "required": [ - "type", - "status", - "timeout" + "type" ], "properties": { - "status": { - "type": "string", - "default": "" + "basicAuth": { + "description": "basicAuth defines HTTP basic authentication credentials. Required when type is \"BasicAuth\", and forbidden otherwise.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.BasicAuth" }, - "timeout": { - "description": "Expects an unsigned duration string of decimal numbers each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + "bearerToken": { + "description": "bearerToken defines the secret reference containing the bearer token. Required when type is \"BearerToken\", and forbidden otherwise.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" }, - "type": { - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.machine.v1beta1.VMDiskSecurityProfile": { - "description": "VMDiskSecurityProfile specifies the security profile settings for the managed disk. It can be set only for Confidential VMs.", - "type": "object", - "properties": { - "diskEncryptionSet": { - "description": "diskEncryptionSet specifies the customer managed disk encryption set resource id for the managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and VMGuest blob.", + "oauth2": { + "description": "oauth2 defines OAuth2 client credentials authentication. Required when type is \"OAuth2\", and forbidden otherwise.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DiskEncryptionSetParameters" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.OAuth2" }, - "securityEncryptionType": { - "description": "securityEncryptionType specifies the encryption type of the managed disk. It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only. When set to VMGuestStateOnly, the vTPM should be enabled. When set to DiskWithVMGuestState, both SecureBoot and vTPM should be enabled. If the above conditions are not fulfilled, the VM will not be created and the respective error will be returned. It can be set only for Confidential VMs. Confidential VMs are defined by their SecurityProfile.SecurityType being set to ConfidentialVM, the SecurityEncryptionType of their OS disk being set to one of the allowed values and by enabling the respective SecurityProfile.UEFISettings of the VM (i.e. vTPM and SecureBoot), depending on the selected SecurityEncryptionType. For further details on Azure Confidential VMs, please refer to the respective documentation: https://learn.microsoft.com/azure/confidential-computing/confidential-vm-overview", - "type": "string" - } - } - }, - "com.github.openshift.api.machine.v1beta1.VSphereDisk": { - "description": "VSphereDisk describes additional disks for vSphere.", - "type": "object", - "required": [ - "name", - "sizeGiB" - ], - "properties": { - "name": { - "description": "name is used to identify the disk definition. name is required needs to be unique so that it can be used to clearly identify purpose of the disk. It must be at most 80 characters in length and must consist only of alphanumeric characters, hyphens and underscores, and must start and end with an alphanumeric character.", - "type": "string", - "default": "" + "safeAuthorization": { + "description": "safeAuthorization defines the secret reference containing the credentials for authentication (e.g. Bearer token). Required when type is \"SafeAuthorization\", and forbidden otherwise. Maps to Prometheus SafeAuthorization. The secret must exist in the openshift-monitoring namespace.", + "$ref": "#/definitions/SecretKeySelector.v1.core.api.k8s.io" }, - "provisioningMode": { - "description": "provisioningMode is an optional field that specifies the provisioning type to be used by this vSphere data disk. Allowed values are \"Thin\", \"Thick\", \"EagerlyZeroed\", and omitted. When set to Thin, the disk will be made using thin provisioning allocating the bare minimum space. When set to Thick, the full disk size will be allocated when disk is created. When set to EagerlyZeroed, the disk will be created using eager zero provisioning. An eager zeroed thick disk has all space allocated and wiped clean of any previous contents on the physical media at creation time. Such disks may take longer time during creation compared to other disk formats. When omitted, no setting will be applied to the data disk and the provisioning mode for the disk will be determined by the default storage policy configured for the datastore in vSphere.", - "type": "string" + "sigv4": { + "description": "sigv4 defines AWS Signature Version 4 authentication. Required when type is \"SigV4\", and forbidden otherwise.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.Sigv4" }, - "sizeGiB": { - "description": "sizeGiB is the size of the disk in GiB. The maximum supported size 16384 GiB.", - "type": "integer", - "format": "int32", - "default": 0 + "type": { + "description": "type specifies the authorization method to use. Allowed values are BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, ServiceAccount.\n\nWhen set to BearerToken, the bearer token is read from a Secret referenced by the bearerToken field.\n\nWhen set to BasicAuth, HTTP basic authentication is used; the basicAuth field (username and password from Secrets) must be set.\n\nWhen set to OAuth2, OAuth2 client credentials flow is used; the oauth2 field (clientId, clientSecret, tokenUrl) must be set.\n\nWhen set to SigV4, AWS Signature Version 4 is used for authentication; the sigv4 field must be set.\n\nWhen set to SafeAuthorization, credentials are read from a single Secret key (Prometheus SafeAuthorization pattern). The secret key typically contains a Bearer token. Use the safeAuthorization field.\n\nWhen set to ServiceAccount, the pod's service account token is used for machine identity. No additional field is required; the operator configures the token path.", + "type": "string" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "basicAuth": "BasicAuth", + "bearerToken": "BearerToken", + "oauth2": "OAuth2", + "safeAuthorization": "SafeAuthorization", + "sigv4": "Sigv4" + } + } + ] }, - "com.github.openshift.api.machine.v1beta1.VSphereMachineProviderSpec": { - "description": "VSphereMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an VSphere virtual machine. It is used by the vSphere machine actuator to create a single Machine. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.config.v1alpha1.RemoteWriteSpec": { + "description": "RemoteWriteSpec represents configuration for remote write endpoints.", "type": "object", "required": [ - "template", - "network" + "url", + "name" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "authorization": { + "description": "authorization defines the authorization method for the remote write endpoint. When omitted, no authorization is performed. When set, type must be one of BearerToken, BasicAuth, OAuth2, SigV4, SafeAuthorization, or ServiceAccount; the corresponding nested config must be set (ServiceAccount has no config).", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RemoteWriteAuthorization" }, - "cloneMode": { - "description": "cloneMode specifies the type of clone operation. The LinkedClone mode is only support for templates that have at least one snapshot. If the template has no snapshots, then CloneMode defaults to FullClone. When LinkedClone mode is enabled the DiskGiB field is ignored as it is not possible to expand disks of linked clones. Defaults to FullClone. When using LinkedClone, if no snapshots exist for the source template, falls back to FullClone.", + "exemplarsMode": { + "description": "exemplarsMode controls whether exemplars are sent via remote write. Valid values are \"Send\", \"DoNotSend\" and omitted. When set to \"Send\", Prometheus is configured to store a maximum of 100,000 exemplars in memory and send them with remote write. Note that this setting only applies to user-defined monitoring. It is not applicable to default in-cluster monitoring. When omitted or set to \"DoNotSend\", exemplars are not sent.", "type": "string" }, - "credentialsSecret": { - "description": "credentialsSecret is a reference to the secret with vSphere credentials.", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" - }, - "dataDisks": { - "description": "dataDisks is a list of non OS disks to be created and attached to the VM. The max number of disk allowed to be attached is currently 29. The max number of disks for any controller is 30, but VM template will always have OS disk so that will leave 29 disks on any controller type.", + "headers": { + "description": "headers specifies the custom HTTP headers to be sent along with each remote write request. Sending custom headers makes the configuration of a proxy in between optional and helps the receiver recognize the given source better. Clients MAY allow users to send custom HTTP headers; they MUST NOT allow users to configure them in such a way as to send reserved headers. Headers set by Prometheus cannot be overwritten. When omitted, no custom headers are sent. Maximum of 50 headers can be specified. Each header name must be unique. Each header name must contain only alphanumeric characters, hyphens, and underscores, and must not be a reserved Prometheus header (Host, Authorization, Content-Encoding, Content-Type, X-Prometheus-Remote-Write-Version, User-Agent, Connection, Keep-Alive, Proxy-Authenticate, Proxy-Authorization, WWW-Authenticate).", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.VSphereDisk" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PrometheusRemoteWriteHeader" }, "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, - "diskGiB": { - "description": "diskGiB is the size of a virtual machine's disk, in GiB. Defaults to the analogue property value in the template from which this machine is cloned. This parameter will be ignored if 'LinkedClone' CloneMode is set.", - "type": "integer", - "format": "int32" + "metadataConfig": { + "description": "metadataConfig configures the sending of series metadata to remote storage. When omitted, no metadata is sent. When set to sendPolicy: Default, metadata is sent using platform-chosen defaults (e.g. send interval 30 seconds). When set to sendPolicy: Custom, metadata is sent using the settings in the custom field (e.g. custom.sendIntervalSeconds).", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.MetadataConfig" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "name": { + "description": "name is a required identifier for this remote write configuration (name is the list key for the remoteWrite list). This name is used in metrics and logging to differentiate remote write queues. Must contain only alphanumeric characters, hyphens, and underscores. Must be between 1 and 63 characters in length.", "type": "string" }, - "memoryMiB": { - "description": "memoryMiB is the size of a virtual machine's memory, in MiB. Defaults to the analogue property value in the template from which this machine is cloned.", - "type": "integer", - "format": "int64" - }, - "metadata": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "proxyUrl": { + "description": "proxyUrl defines an optional proxy URL. If the cluster-wide proxy is enabled, it replaces the proxyUrl setting. The cluster-wide proxy supports both HTTP and HTTPS proxies, with HTTPS taking precedence. When omitted, no proxy is used. Must be a valid URL with http or https scheme. Must be between 1 and 2048 characters in length.", + "type": "string" }, - "network": { - "description": "network is the network configuration for this machine's VM.", + "queueConfig": { + "description": "queueConfig allows tuning configuration for remote write queue parameters. When omitted, default queue configuration is used.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.NetworkSpec" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.QueueConfig" }, - "numCPUs": { - "description": "numCPUs is the number of virtual processors in a virtual machine. Defaults to the analogue property value in the template from which this machine is cloned.", - "type": "integer", - "format": "int32" - }, - "numCoresPerSocket": { - "description": "NumCPUs is the number of cores among which to distribute CPUs in this virtual machine. Defaults to the analogue property value in the template from which this machine is cloned.", + "remoteTimeoutSeconds": { + "description": "remoteTimeoutSeconds defines the timeout in seconds for requests to the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. Minimum value is 1 second. Maximum value is 600 seconds (10 minutes).", "type": "integer", "format": "int32" }, - "snapshot": { - "description": "snapshot is the name of the snapshot from which the VM was cloned", - "type": "string", - "default": "" - }, - "tagIDs": { - "description": "tagIDs is an optional set of tags to add to an instance. Specified tagIDs must use URN-notation instead of display names. A maximum of 10 tag IDs may be specified.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "template": { - "description": "template is the name, inventory path, or instance UUID of the template used to clone new machines.", - "type": "string", - "default": "" - }, - "userDataSecret": { - "description": "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + "tlsConfig": { + "description": "tlsConfig defines TLS authentication settings for the remote write endpoint. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.TLSConfig" }, - "workspace": { - "description": "workspace describes the workspace to use for the machine.", - "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Workspace" - } - } - }, - "com.github.openshift.api.machine.v1beta1.VSphereMachineProviderStatus": { - "description": "VSphereMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains VSphere-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "url": { + "description": "url is the URL of the remote write endpoint. Must be a valid URL with http or https scheme and a non-empty hostname. Query parameters, fragments, and user information (e.g. user:password@host) are not allowed. Empty string is invalid. Must be between 1 and 2048 characters in length.", "type": "string" }, - "conditions": { - "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status", + "writeRelabelConfigs": { + "description": "writeRelabelConfigs is a list of relabeling rules to apply before sending data to the remote endpoint. When omitted, no relabeling is performed and all metrics are sent as-is. Minimum of 1 and maximum of 10 relabeling rules can be specified. Each rule must have a unique name.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RelabelConfig" }, "x-kubernetes-list-map-keys": [ - "type" + "name" ], "x-kubernetes-list-type": "map" - }, - "instanceId": { - "description": "instanceId is the ID of the instance in VSphere", - "type": "string" - }, - "instanceState": { - "description": "instanceState is the provisioning state of the VSphere Instance.", + } + } + }, + "com.github.openshift.api.config.v1alpha1.ReplaceActionConfig": { + "description": "ReplaceActionConfig configures the Replace action. Regex is matched against the concatenated source_labels; target_label is set to replacement with match group references (${1}, ${2}, ...) substituted. No replacement if regex does not match.", + "type": "object", + "required": [ + "targetLabel", + "replacement" + ], + "properties": { + "replacement": { + "description": "replacement is the value written to target_label when regex matches; match group references (${1}, ${2}, ...) are substituted. Required when using the Replace action so the intended behavior is explicit and the platform does not need to apply defaults. Use \"$1\" for the first capture group, \"$2\" for the second, etc. Use an empty string (\"\") to explicitly clear the target label value. Must be between 0 and 255 characters in length.", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "targetLabel": { + "description": "targetLabel is the label name where the replacement result is written. Must be between 1 and 128 characters in length.", "type": "string" + } + } + }, + "com.github.openshift.api.config.v1alpha1.Retention": { + "description": "Retention configures how long Prometheus retains metrics data and how much storage it can use.", + "type": "object", + "properties": { + "durationInDays": { + "description": "durationInDays specifies how many days Prometheus will retain metrics data. Prometheus automatically deletes data older than this duration. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is 15. Minimum value is 1 day. Maximum value is 365 days (1 year).", + "type": "integer", + "format": "int32" }, - "taskRef": { - "description": "taskRef is a managed object reference to a Task related to the machine. This value is set automatically at runtime and should not be set or modified by users.", - "type": "string" + "sizeInGiB": { + "description": "sizeInGiB specifies the maximum storage size in gibibytes (GiB) that Prometheus can use for data blocks and the write-ahead log (WAL). When the limit is reached, Prometheus will delete oldest data first. When omitted, no size limit is enforced and Prometheus uses available PersistentVolume capacity. Minimum value is 1 GiB. Maximum value is 16384 GiB (16 TiB).", + "type": "integer", + "format": "int32" } } }, - "com.github.openshift.api.machine.v1beta1.Workspace": { - "description": "WorkspaceConfig defines a workspace configuration for the vSphere cloud provider.", + "com.github.openshift.api.config.v1alpha1.RetentionNumberConfig": { + "description": "RetentionNumberConfig specifies the configuration of the retention policy on the number of backups", "type": "object", + "required": [ + "maxNumberOfBackups" + ], "properties": { - "datacenter": { - "description": "datacenter is the datacenter in which VMs are created/located.", - "type": "string" + "maxNumberOfBackups": { + "description": "maxNumberOfBackups defines the maximum number of backups to retain. If the existing number of backups saved is equal to MaxNumberOfBackups then the oldest backup will be removed before a new backup is initiated.", + "type": "integer", + "format": "int32", + "default": 0 + } + } + }, + "com.github.openshift.api.config.v1alpha1.RetentionPolicy": { + "description": "RetentionPolicy defines the retention policy for retaining and deleting existing backups. This struct is a discriminated union that allows users to select the type of retention policy from the supported types.", + "type": "object", + "required": [ + "retentionType" + ], + "properties": { + "retentionNumber": { + "description": "retentionNumber configures the retention policy based on the number of backups", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RetentionNumberConfig" }, - "datastore": { - "description": "datastore is the datastore in which VMs are created/located.", + "retentionSize": { + "description": "retentionSize configures the retention policy based on the size of backups", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.RetentionSizeConfig" + }, + "retentionType": { + "description": "retentionType sets the type of retention policy. Currently, the only valid policies are retention by number of backups (RetentionNumber), by the size of backups (RetentionSize). More policies or types may be added in the future. Empty string means no opinion and the platform is left to choose a reasonable default which is subject to change without notice. The current default is RetentionNumber with 15 backups kept.\n\nPossible enum values:\n - `\"RetentionNumber\"` sets the retention policy based on the number of backup files saved\n - `\"RetentionSize\"` sets the retention policy based on the total size of the backup files saved", + "type": "string", + "default": "", + "enum": [ + "RetentionNumber", + "RetentionSize" + ] + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "retentionType", + "fields-to-discriminateBy": { + "retentionNumber": "RetentionNumber", + "retentionSize": "RetentionSize" + } + } + ] + }, + "com.github.openshift.api.config.v1alpha1.RetentionSizeConfig": { + "description": "RetentionSizeConfig specifies the configuration of the retention policy on the total size of backups", + "type": "object", + "required": [ + "maxSizeOfBackupsGb" + ], + "properties": { + "maxSizeOfBackupsGb": { + "description": "maxSizeOfBackupsGb defines the total size in GB of backups to retain. If the current total size backups exceeds MaxSizeOfBackupsGb then the oldest backup will be removed before a new backup is initiated.", + "type": "integer", + "format": "int32", + "default": 0 + } + } + }, + "com.github.openshift.api.config.v1alpha1.SecretKeySelector": { + "description": "SecretKeySelector selects a key of a Secret in the `openshift-monitoring` namespace.", + "type": "object", + "required": [ + "name", + "key" + ], + "properties": { + "key": { + "description": "key is the key of the secret to select from. Must consist of alphanumeric characters, '-', '_', or '.'. Must be between 1 and 253 characters in length.", "type": "string" }, - "folder": { - "description": "folder is the folder in which VMs are created/located.", + "name": { + "description": "name is the name of the secret in the `openshift-monitoring` namespace to select from. Must be a valid Kubernetes secret name (lowercase alphanumeric, '-' or '.', start/end with alphanumeric). Must be between 1 and 253 characters in length.", "type": "string" + } + }, + "x-kubernetes-map-type": "atomic" + }, + "com.github.openshift.api.config.v1alpha1.Sigv4": { + "description": "Sigv4 defines AWS Signature Version 4 authentication settings. At least one of region, accessKey/secretKey, profile, or roleArn must be set so the platform can perform authentication.", + "type": "object", + "properties": { + "accessKey": { + "description": "accessKey defines the secret reference containing the AWS access key ID. The secret must exist in the openshift-monitoring namespace. When omitted, the access key is derived from the environment or instance metadata.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" }, - "resourcePool": { - "description": "resourcePool is the resource pool in which VMs are created/located.", + "profile": { + "description": "profile is the named AWS profile used to authenticate. When omitted, the default profile is used. Must be between 1 and 128 characters.", "type": "string" }, - "server": { - "description": "server is the IP address or FQDN of the vSphere endpoint.", + "region": { + "description": "region is the AWS region. When omitted, the region is derived from the environment or instance metadata. Must be between 1 and 128 characters.", "type": "string" }, - "vmGroup": { - "description": "vmGroup is the cluster vm group in which virtual machines will be added for vm host group based zonal.", + "roleArn": { + "description": "roleArn is the AWS Role ARN, an alternative to using AWS API keys. When omitted, API keys are used for authentication. Must be a valid AWS ARN format (e.g., \"arn:aws:iam::123456789012:role/MyRole\"). Must be between 1 and 512 characters.", "type": "string" + }, + "secretKey": { + "description": "secretKey defines the secret reference containing the AWS secret access key. The secret must exist in the openshift-monitoring namespace. When omitted, the secret key is derived from the environment or instance metadata.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImage": { - "description": "InternalReleaseImage is used to keep track and manage a set of release bundles (OCP and OLM operators images) that are stored into the control planes nodes.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1alpha1.Storage": { + "description": "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", "type": "object", "required": [ - "metadata", - "spec" + "type" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "persistentVolume": { + "description": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.PersistentVolumeConfig" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "type": { + "description": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1alpha1.TLSConfig": { + "description": "TLSConfig represents TLS configuration for Alertmanager connections. At least one TLS configuration option must be specified. For mutual TLS (mTLS), both cert and key must be specified together, or both omitted.", + "type": "object", + "properties": { + "ca": { + "description": "ca is an optional CA certificate to use for TLS connections. When omitted, the system's default CA bundle is used.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" }, - "spec": { - "description": "spec describes the configuration of this internal release image.", + "cert": { + "description": "cert is an optional client certificate to use for mutual TLS connections. When omitted, no client certificate is presented.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageSpec" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" }, - "status": { - "description": "status describes the last observed state of this internal release image.", + "certificateVerification": { + "description": "certificateVerification determines the policy for TLS certificate verification. Allowed values are \"Verify\" (performs certificate verification, secure) and \"SkipVerify\" (skips verification, insecure). When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default value is \"Verify\".", + "type": "string" + }, + "key": { + "description": "key is an optional client key to use for mutual TLS connections. When omitted, no client key is used.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageStatus" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.SecretKeySelector" + }, + "serverName": { + "description": "serverName is an optional server name to use for TLS connections. When specified, must be a valid DNS subdomain as per RFC 1123. When omitted, the server name is derived from the URL. Must be between 1 and 253 characters in length.", + "type": "string" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageBundleStatus": { + "com.github.openshift.api.config.v1alpha1.TelemeterClientConfig": { + "description": "TelemeterClientConfig provides configuration options for the Telemeter Client component that runs in the `openshift-monitoring` namespace. The Telemeter Client collects selected monitoring metrics and forwards them to Red Hat for telemetry purposes. At least one field must be specified.", "type": "object", - "required": [ - "name" - ], "properties": { - "conditions": { - "description": "conditions represent the observations of an internal release image current state. Valid types are: Mounted, Installing, Available, Removing and Degraded.\n\nIf Mounted is true, that means that a valid ISO has been discovered and mounted on one of the cluster nodes. If Installing is true, that means that a new release bundle is currently being copied on one (or more) cluster nodes, and not yet completed. If Available is true, it means that the release has been previously installed on all the cluster nodes, and it can be used. If Removing is true, it means that a release deletion is in progress on one (or more) cluster nodes, and not yet completed. If Degraded is true, that means something has gone wrong (possibly on one or more cluster nodes).\n\nIn general, after installing a new release bundle, it is required to wait for the Conditions \"Available\" to become \"True\" (and all the other conditions to be equal to \"False\") before being able to pull its content.", + "nodeSelector": { + "description": "nodeSelector defines the nodes on which the Pods are scheduled. nodeSelector is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default value is `kubernetes.io/os: linux`. When specified, nodeSelector must contain at least 1 entry and must not contain more than 10 entries.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "resources": { + "description": "resources defines the compute resource requests and limits for the Telemeter Client container. This includes CPU, memory and HugePages constraints to help control scheduling and resource usage. When not specified, defaults are used by the platform. Requests cannot exceed limits. This field is optional. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ This is a simplified API that maps to Kubernetes ResourceRequirements. The current default values are:\n resources:\n - name: cpu\n request: 1m\n limit: null\n - name: memory\n request: 40Mi\n limit: null\nMaximum length for this list is 5. Minimum length for this list is 1. Each resource name must be unique within this list.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha1.ContainerResource" }, "x-kubernetes-list-map-keys": [ - "type" + "name" ], "x-kubernetes-list-type": "map" }, - "image": { - "description": "image is an OCP release image referenced by digest. The format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters. The field is optional, and it will be provided after a release will be successfully installed.", - "type": "string" + "tolerations": { + "description": "tolerations defines tolerations for the pods. tolerations is optional.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. Defaults are empty/unset. Maximum length for this list is 10. Minimum length for this list is 1.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "name": { - "description": "name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. The expected name format is ocp-release-bundle--.", - "type": "string" + "topologySpreadConstraints": { + "description": "topologySpreadConstraints defines rules for how Telemeter Client Pods should be distributed across topology domains such as zones, nodes, or other user-defined labels. topologySpreadConstraints is optional. This helps improve high availability and resource efficiency by avoiding placing too many replicas in the same failure domain.\n\nWhen omitted, this means no opinion and the platform is left to choose a default, which is subject to change over time. This field maps directly to the `topologySpreadConstraints` field in the Pod spec. Default is empty list. Maximum length for this list is 10. Minimum length for this list is 1. Entries must have unique topologyKey and whenUnsatisfiable pairs.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/TopologySpreadConstraint.v1.core.api.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "topologyKey", + "whenUnsatisfiable" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageList": { - "description": "InternalReleaseImageList is a list of InternalReleaseImage resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1alpha1.UppercaseActionConfig": { + "description": "UppercaseActionConfig configures the Uppercase action. Maps the concatenated source_labels to their upper case and writes to target_label. Requires Prometheus >= v2.36.0.", "type": "object", "required": [ - "metadata", - "items" + "targetLabel" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImage" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "targetLabel": { + "description": "targetLabel is the label name where the upper-cased value is written. Must be between 1 and 128 characters in length.", "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageRef": { - "description": "InternalReleaseImageRef is used to provide a simple reference for a release bundle. Currently it contains only the name field.", + "com.github.openshift.api.config.v1alpha1.UserDefinedMonitoring": { + "description": "UserDefinedMonitoring config for user-defined projects.", "type": "object", "required": [ - "name" + "mode" ], "properties": { - "name": { - "description": "name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. The expected name format is ocp-release-bundle--.", - "type": "string" + "mode": { + "description": "mode defines the different configurations of UserDefinedMonitoring Valid values are Disabled and NamespaceIsolated Disabled disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces. NamespaceIsolated enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level. The current default value is `Disabled`.\n\nPossible enum values:\n - `\"Disabled\"` disables monitoring for user-defined projects. This restricts the default monitoring stack, installed in the openshift-monitoring project, to monitor only platform namespaces, which prevents any custom monitoring configurations or resources from being applied to user-defined namespaces.\n - `\"NamespaceIsolated\"` enables monitoring for user-defined projects with namespace-scoped tenancy. This ensures that metrics, alerts, and monitoring data are isolated at the namespace level.", + "type": "string", + "default": "", + "enum": [ + "Disabled", + "NamespaceIsolated" + ] } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageSpec": { - "description": "InternalReleaseImageSpec defines the desired state of a InternalReleaseImage.", + "com.github.openshift.api.config.v1alpha2.Custom": { + "description": "custom provides the custom configuration of gatherers", "type": "object", "required": [ - "releases" + "configs" ], "properties": { - "releases": { - "description": "releases is a list of release bundle identifiers that the user wants to add/remove to/from the control plane nodes. Entries must be unique, keyed on the name field. releases must contain at least one entry and must not exceed 16 entries.", + "configs": { + "description": "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageRef" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.GathererConfig" }, "x-kubernetes-list-map-keys": [ "name" @@ -26002,55 +25679,72 @@ } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageStatus": { - "description": "InternalReleaseImageStatus describes the current state of a InternalReleaseImage.", + "com.github.openshift.api.config.v1alpha2.GatherConfig": { + "description": "gatherConfig provides data gathering configuration options.", "type": "object", "required": [ - "releases" + "gatherers" ], "properties": { - "conditions": { - "description": "conditions represent the observations of the InternalReleaseImage controller current state. Valid types are: Degraded. If Degraded is true, that means something has gone wrong in the controller.", + "dataPolicy": { + "description": "dataPolicy is an optional list of DataPolicyOptions that allows user to enable additional obfuscation of the Insights archive data. It may not exceed 2 items and must not contain duplicates. Valid values are ObfuscateNetworking and WorkloadNames. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When set to WorkloadNames, the gathered data about cluster resources will not contain the workload names for your deployments. Resources UIDs will be used instead. When omitted no obfuscation is applied.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" }, - "releases": { - "description": "releases is a list of the release bundles currently owned and managed by the cluster. A release bundle content could be safely pulled only when its Conditions field contains at least an Available entry set to \"True\" and Degraded to \"False\". Entries must be unique, keyed on the name field. releases must contain at least one entry and must not exceed 32 entries.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageBundleStatus" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "gatherers": { + "description": "gatherers is a required field that specifies the configuration of the gatherers.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.Gatherers" + }, + "storage": { + "description": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.Storage" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.MCOObjectReference": { - "description": "MCOObjectReference holds information about an object the MCO either owns or modifies in some way", + "com.github.openshift.api.config.v1alpha2.GathererConfig": { + "description": "gathererConfig allows to configure specific gatherers", "type": "object", "required": [ - "name" + "name", + "state" ], "properties": { "name": { - "description": "name is the name of the object being referenced. For example, this can represent a machine config pool or node name. Must be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting of only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end with an alphanumeric character, and be at most 253 characters in length.", + "description": "name is the required name of a specific gatherer It may not exceed 256 characters. The format for a gatherer name is: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + "type": "string", + "default": "" + }, + "state": { + "description": "state is a required field that allows you to configure specific gatherer. Valid values are \"Enabled\" and \"Disabled\". When set to Enabled the gatherer will run. When set to Disabled the gatherer will not run.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1alpha2.Gatherers": { + "type": "object", + "required": [ + "mode" + ], + "properties": { + "custom": { + "description": "custom provides gathering configuration. It is required when mode is Custom, and forbidden otherwise. Custom configuration allows user to disable only a subset of gatherers. Gatherers that are not explicitly disabled in custom configuration will run.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.Custom" + }, + "mode": { + "description": "mode is a required field that specifies the mode for gatherers. Allowed values are All, None, and Custom. When set to All, all gatherers wil run and gather data. When set to None, all gatherers will be disabled and no data will be gathered. When set to Custom, the custom configuration from the custom field will be applied.", "type": "string", "default": "" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNode": { - "description": "MachineConfigNode describes the health of the Machines on the system Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1alpha2.InsightsDataGather": { + "description": "InsightsDataGather provides data gather configuration options for the the Insights Operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ "spec" @@ -26065,36 +25759,40 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard object metadata.", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { - "description": "spec describes the configuration of the machine config node.", + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeSpec" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.InsightsDataGatherSpec" }, "status": { - "description": "status describes the last observed state of this machine config node.", + "description": "status holds observed values from the cluster. They may not be overridden.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeStatus" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.InsightsDataGatherStatus" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeList": { - "description": "MachineConfigNodeList describes all of the MachinesStates on the system\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.config.v1alpha2.InsightsDataGatherList": { + "description": "InsightsDataGatherList is a collection of items Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "items": { - "description": "items contains a collection of MachineConfigNode resources.", + "description": "items is the required list of InsightsDataGather objects it may not exceed 100 items", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNode" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.InsightsDataGather" } }, "kind": { @@ -26102,149 +25800,198 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list metadata.", + "description": "metadata is the required standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.config.v1alpha2.InsightsDataGatherSpec": { + "type": "object", + "properties": { + "gatherConfig": { + "description": "gatherConfig is an optional spec attribute that includes all the configuration options related to gathering of the Insights data and its uploading to the ingress.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.GatherConfig" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeSpec": { - "description": "MachineConfigNodeSpec describes the MachineConfigNode we are managing.", + "com.github.openshift.api.config.v1alpha2.InsightsDataGatherStatus": { + "type": "object" + }, + "com.github.openshift.api.config.v1alpha2.PersistentVolumeClaimReference": { + "description": "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", "type": "object", "required": [ - "node", - "pool", - "configVersion" + "name" ], "properties": { - "configVersion": { - "description": "configVersion holds the desired config version for the node targeted by this machine config node resource. The desired version represents the machine config the node will attempt to update to and gets set before the machine config operator validates the new machine config against the current machine config.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeSpecMachineConfigVersion" - }, - "node": { - "description": "node contains a reference to the node for this machine config node.", + "name": { + "description": "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.config.v1alpha2.PersistentVolumeConfig": { + "description": "persistentVolumeConfig provides configuration options for PersistentVolume storage.", + "type": "object", + "required": [ + "claim" + ], + "properties": { + "claim": { + "description": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.MCOObjectReference" + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.PersistentVolumeClaimReference" }, - "pool": { - "description": "pool contains a reference to the machine config pool that this machine config node's referenced node belongs to.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.MCOObjectReference" + "mountPath": { + "description": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", + "type": "string" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeSpecMachineConfigVersion": { - "description": "MachineConfigNodeSpecMachineConfigVersion holds the desired config version for the current observed machine config node. When Current is not equal to Desired, the MachineConfigOperator is in an upgrade phase and the machine config node will take account of upgrade related events. Otherwise, they will be ignored given that certain operations happen both during the MCO's upgrade mode and the daily operations mode.", + "com.github.openshift.api.config.v1alpha2.Storage": { + "description": "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", "type": "object", "required": [ - "desired" + "type" ], "properties": { - "desired": { - "description": "desired is the name of the machine config that the the node should be upgraded to. This value is set when the machine config pool generates a new version of its rendered configuration. When this value is changed, the machine config daemon starts the node upgrade process. This value gets set in the machine config node spec once the machine config has been targeted for upgrade and before it is validated. Must be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting of only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end with an alphanumeric character, and be at most 253 characters in length.", + "persistentVolume": { + "description": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", + "$ref": "#/definitions/com.github.openshift.api.config.v1alpha2.PersistentVolumeConfig" + }, + "type": { + "description": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the persistentVolume field.", "type": "string", "default": "" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeStatus": { - "description": "MachineConfigNodeStatus holds the reported information on a particular machine config node.", + "com.github.openshift.api.console.v1.ApplicationMenuSpec": { + "description": "ApplicationMenuSpec is the specification of the desired section and icon used for the link in the application menu.", "type": "object", "required": [ - "configVersion" + "section" ], "properties": { - "conditions": { - "description": "conditions represent the observations of a machine config node's current state.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "configVersion": { - "description": "configVersion describes the current and desired machine config version for this node.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeStatusMachineConfigVersion" - }, - "observedGeneration": { - "description": "observedGeneration represents the generation of the MachineConfigNode object observed by the Machine Config Operator's controller. This field is updated when the controller observes a change to the desiredConfig in the configVersion of the machine config node spec.", - "type": "integer", - "format": "int64" + "imageURL": { + "description": "imageURL is the URL for the icon used in front of the link in the application menu. The URL must be an HTTPS URL or a Data URI. The image should be square and will be shown at 24x24 pixels.", + "type": "string" }, - "pinnedImageSets": { - "description": "pinnedImageSets describes the current and desired pinned image sets for this node.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeStatusPinnedImageSet" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "section": { + "description": "section is the section of the application menu in which the link should appear. This can be any text that will appear as a subheading in the application menu dropdown. A new section will be created if the text does not match text of an existing section.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeStatusMachineConfigVersion": { - "description": "MachineConfigNodeStatusMachineConfigVersion holds the current and desired config versions as last updated in the MCN status. When the current and desired versions do not match, the machine config pool is processing an upgrade and the machine config node will monitor the upgrade process. When the current and desired versions do match, the machine config node will ignore these events given that certain operations happen both during the MCO's upgrade mode and the daily operations mode.", + "com.github.openshift.api.console.v1.CLIDownloadLink": { "type": "object", "required": [ - "desired" + "href" ], "properties": { - "current": { - "description": "current is the name of the machine config currently in use on the node. This value is updated once the machine config daemon has completed the update of the configuration for the node. This value should match the desired version unless an upgrade is in progress. Must be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting of only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end with an alphanumeric character, and be at most 253 characters in length.", + "href": { + "description": "href is the absolute secure URL for the link (must use https)", "type": "string", "default": "" }, - "desired": { - "description": "desired is the MachineConfig the node wants to upgrade to. This value gets set in the machine config node status once the machine config has been validated against the current machine config. Must be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting of only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end with an alphanumeric character, and be at most 253 characters in length.", + "text": { + "description": "text is the display text for the link", "type": "string", "default": "" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigNodeStatusPinnedImageSet": { - "description": "MachineConfigNodeStatusPinnedImageSet holds information about the current, desired, and failed pinned image sets for the observed machine config node.", + "com.github.openshift.api.console.v1.ConsoleCLIDownload": { + "description": "ConsoleCLIDownload is an extension for configuring openshift web console command line interface (CLI) downloads.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "name" + "spec" ], "properties": { - "currentGeneration": { - "description": "currentGeneration is the generation of the pinned image set that has most recently been successfully pulled and pinned on this node.", - "type": "integer", - "format": "int32" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "desiredGeneration": { - "description": "desiredGeneration is the generation of the pinned image set that is targeted to be pulled and pinned on this node.", - "type": "integer", - "format": "int32" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "lastFailedGeneration": { - "description": "lastFailedGeneration is the generation of the most recent pinned image set that failed to be pulled and pinned on this node.", - "type": "integer", - "format": "int32" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleCLIDownloadSpec" + } + } + }, + "com.github.openshift.api.console.v1.ConsoleCLIDownloadList": { + "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "metadata", + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleCLIDownload" + } }, - "lastFailedGenerationError": { - "description": "lastFailedGenerationError is the error explaining why the desired images failed to be pulled and pinned. The error is an empty string if the image pull and pin is successful.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "name": { - "description": "name is the name of the pinned image set. Must be a lowercase RFC-1123 subdomain name (https://tools.ietf.org/html/rfc1123) consisting of only lowercase alphanumeric characters, hyphens (-), and periods (.), and must start and end with an alphanumeric character, and be at most 253 characters in length.", + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.console.v1.ConsoleCLIDownloadSpec": { + "description": "ConsoleCLIDownloadSpec is the desired cli download configuration.", + "type": "object", + "required": [ + "displayName", + "description", + "links" + ], + "properties": { + "description": { + "description": "description is the description of the CLI download (can include markdown).", + "type": "string", + "default": "" + }, + "displayName": { + "description": "displayName is the display name of the CLI download.", "type": "string", "default": "" + }, + "links": { + "description": "links is a list of objects that provide CLI download link details.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.CLIDownloadLink" + } } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStream": { - "description": "OSImageStream describes a set of streams and associated images available for the MachineConfigPools to be used as base OS images.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.console.v1.ConsoleExternalLogLink": { + "description": "ConsoleExternalLogLink is an extension for customizing OpenShift web console log links.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "spec" @@ -26261,21 +26008,16 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { - "description": "spec contains the desired OSImageStream config configuration.", - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamSpec" - }, - "status": { - "description": "status describes the last observed state of this OSImageStream. Populated by the MachineConfigOperator after reading release metadata. When not present, the controller has not yet reconciled this resource.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamStatus" + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleExternalLogLinkSpec" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamList": { - "description": "OSImageStreamList is a list of OSImageStream resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.console.v1.ConsoleExternalLogLinkList": { + "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "metadata", @@ -26290,7 +26032,7 @@ "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStream" + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleExternalLogLink" } }, "kind": { @@ -26300,76 +26042,126 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamSet": { + "com.github.openshift.api.console.v1.ConsoleExternalLogLinkSpec": { + "description": "ConsoleExternalLogLinkSpec is the desired log link configuration. The log link will appear on the logs tab of the pod details page.", "type": "object", "required": [ - "name", - "osImage", - "osExtensionsImage" + "text", + "hrefTemplate" ], "properties": { - "name": { - "description": "name is the required identifier of the stream.\n\nname is determined by the operator based on the OCI label of the discovered OS or Extension Image.\n\nMust be a valid RFC 1123 subdomain between 1 and 253 characters in length, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.').", + "hrefTemplate": { + "description": "hrefTemplate is an absolute secure URL (must use https) for the log link including variables to be replaced. Variables are specified in the URL with the format ${variableName}, for instance, ${containerName} and will be replaced with the corresponding values from the resource. Resource is a pod. Supported variables are: - ${resourceName} - name of the resource which containes the logs - ${resourceUID} - UID of the resource which contains the logs\n - e.g. `11111111-2222-3333-4444-555555555555`\n- ${containerName} - name of the resource's container that contains the logs - ${resourceNamespace} - namespace of the resource that contains the logs - ${resourceNamespaceUID} - namespace UID of the resource that contains the logs - ${podLabels} - JSON representation of labels matching the pod with the logs\n - e.g. `{\"key1\":\"value1\",\"key2\":\"value2\"}`\n\ne.g., https://example.com/logs?resourceName=${resourceName}&containerName=${containerName}&resourceNamespace=${resourceNamespace}&podLabels=${podLabels}", + "type": "string", + "default": "" + }, + "namespaceFilter": { + "description": "namespaceFilter is a regular expression used to restrict a log link to a matching set of namespaces (e.g., `^openshift-`). The string is converted into a regular expression using the JavaScript RegExp constructor. If not specified, links will be displayed for all the namespaces.", "type": "string" }, - "osExtensionsImage": { - "description": "osExtensionsImage is a required OS Extensions Image referenced by digest.\n\nosExtensionsImage bundles the extra repositories used to enable extensions, augmenting the base operating system without modifying the underlying immutable osImage.\n\nThe format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters.", + "text": { + "description": "text is the display text for the link", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.console.v1.ConsoleLink": { + "description": "ConsoleLink is an extension for customizing OpenShift web console links.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "osImage": { - "description": "osImage is a required OS Image referenced by digest.\n\nosImage contains the immutable, fundamental operating system components, including the kernel and base utilities, that define the core environment for the node's host operating system.\n\nThe format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleLinkSpec" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamSpec": { - "description": "OSImageStreamSpec defines the desired state of a OSImageStream.", - "type": "object" - }, - "com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamStatus": { - "description": "OSImageStreamStatus describes the current state of a OSImageStream", + "com.github.openshift.api.console.v1.ConsoleLinkList": { + "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "availableStreams", - "defaultStream" + "metadata", + "items" ], "properties": { - "availableStreams": { - "description": "availableStreams is a list of the available OS Image Streams that can be used as the base image for MachineConfigPools. availableStreams is required, must have at least one item, must not exceed 100 items, and must have unique entries keyed on the name field.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamSet" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleLink" + } }, - "defaultStream": { - "description": "defaultStream is the name of the stream that should be used as the default when no specific stream is requested by a MachineConfigPool.\n\nIt must be a valid RFC 1123 subdomain between 1 and 253 characters in length, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.'), and must reference the name of one of the streams in availableStreams.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageRef": { + "com.github.openshift.api.console.v1.ConsoleLinkSpec": { + "description": "ConsoleLinkSpec is the desired console link configuration.", "type": "object", "required": [ - "name" + "text", + "href", + "location" ], "properties": { - "name": { - "description": "name is an OCI Image referenced by digest. The format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters.", - "type": "string" + "applicationMenu": { + "description": "applicationMenu holds information about section and icon used for the link in the application menu, and it is applicable only when location is set to ApplicationMenu.", + "$ref": "#/definitions/com.github.openshift.api.console.v1.ApplicationMenuSpec" + }, + "href": { + "description": "href is the absolute URL for the link. Must use https:// for web URLs or mailto: for email links.", + "type": "string", + "default": "" + }, + "location": { + "description": "location determines which location in the console the link will be appended to (ApplicationMenu, HelpMenu, UserMenu, NamespaceDashboard).", + "type": "string", + "default": "" + }, + "namespaceDashboard": { + "description": "namespaceDashboard holds information about namespaces in which the dashboard link should appear, and it is applicable only when location is set to NamespaceDashboard. If not specified, the link will appear in all namespaces.", + "$ref": "#/definitions/com.github.openshift.api.console.v1.NamespaceDashboardSpec" + }, + "text": { + "description": "text is the display text for the link", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSet": { - "description": "PinnedImageSet describes a set of images that should be pinned by CRI-O and pulled to the nodes which are members of the declared MachineConfigPools.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.console.v1.ConsoleNotification": { + "description": "ConsoleNotification is the extension for configuring openshift web console notifications.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "spec" @@ -26384,23 +26176,18 @@ "type": "string" }, "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { - "description": "spec describes the configuration of this pinned image set.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSetSpec" - }, - "status": { - "description": "status describes the last observed state of this pinned image set.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSetStatus" + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleNotificationSpec" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSetList": { - "description": "PinnedImageSetList is a list of PinnedImageSet resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.console.v1.ConsoleNotificationList": { + "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "metadata", @@ -26415,7 +26202,7 @@ "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSet" + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleNotification" } }, "kind": { @@ -26425,53 +26212,45 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSetSpec": { - "description": "PinnedImageSetSpec defines the desired state of a PinnedImageSet.", + "com.github.openshift.api.console.v1.ConsoleNotificationSpec": { + "description": "ConsoleNotificationSpec is the desired console notification configuration.", "type": "object", "required": [ - "pinnedImages" + "text" ], "properties": { - "pinnedImages": { - "description": "pinnedImages is a list of OCI Image referenced by digest that should be pinned and pre-loaded by the nodes of a MachineConfigPool. Translates into a new file inside the /etc/crio/crio.conf.d directory with content similar to this:\n\n pinned_images = [\n \"quay.io/openshift-release-dev/ocp-release@sha256:...\",\n \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\",\n \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\",\n ...\n ]\n\nThese image references should all be by digest, tags aren't allowed.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageRef" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - } - }, - "com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSetStatus": { - "description": "PinnedImageSetStatus describes the current state of a PinnedImageSet.", - "type": "object", - "properties": { - "conditions": { - "description": "conditions represent the observations of a pinned image set's current state.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "backgroundColor": { + "description": "backgroundColor is the color of the background for the notification as CSS data type color.", + "type": "string" + }, + "color": { + "description": "color is the color of the text for the notification as CSS data type color.", + "type": "string" + }, + "link": { + "description": "link is an object that holds notification link details.", + "$ref": "#/definitions/com.github.openshift.api.console.v1.Link" + }, + "location": { + "description": "location is the location of the notification in the console. Valid values are: \"BannerTop\", \"BannerBottom\", \"BannerTopBottom\".", + "type": "string" + }, + "text": { + "description": "text is the visible text of the notification.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.monitoring.v1.AlertRelabelConfig": { - "description": "AlertRelabelConfig defines a set of relabel configs for alerts.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.console.v1.ConsolePlugin": { + "description": "ConsolePlugin is an extension for customizing OpenShift web console by dynamically loading code from another service running on the cluster.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ + "metadata", "spec" ], "properties": { @@ -26486,34 +26265,104 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { - "description": "spec describes the desired state of this AlertRelabelConfig object.", + "description": "spec contains the desired configuration for the console plugin.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.AlertRelabelConfigSpec" + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginSpec" + } + } + }, + "com.github.openshift.api.console.v1.ConsolePluginBackend": { + "description": "ConsolePluginBackend holds information about the endpoint which serves the console's plugin", + "type": "object", + "required": [ + "type" + ], + "properties": { + "service": { + "description": "service is a Kubernetes Service that exposes the plugin using a deployment with an HTTP server. The Service must use HTTPS and Service serving certificate. The console backend will proxy the plugins assets from the Service using the service CA bundle.", + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginService" }, - "status": { - "description": "status describes the current state of this AlertRelabelConfig object.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.AlertRelabelConfigStatus" + "type": { + "description": "type is the backend type which servers the console's plugin. Currently only \"Service\" is supported.", + "type": "string", + "default": "" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "service": "Service" + } + } + ] + }, + "com.github.openshift.api.console.v1.ConsolePluginCSP": { + "description": "ConsolePluginCSP holds configuration for a specific CSP directive", + "type": "object", + "required": [ + "directive", + "values" + ], + "properties": { + "directive": { + "description": "directive specifies which Content-Security-Policy directive to configure. Available directive types are DefaultSrc, ScriptSrc, StyleSrc, ImgSrc, FontSrc and ConnectSrc. DefaultSrc directive serves as a fallback for the other CSP fetch directives. For more information about the DefaultSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src ScriptSrc directive specifies valid sources for JavaScript. For more information about the ScriptSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src StyleSrc directive specifies valid sources for stylesheets. For more information about the StyleSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src ImgSrc directive specifies a valid sources of images and favicons. For more information about the ImgSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src FontSrc directive specifies valid sources for fonts loaded using @font-face. For more information about the FontSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src ConnectSrc directive restricts the URLs which can be loaded using script interfaces. For more information about the ConnectSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src\n\nPossible enum values:\n - `\"ConnectSrc\"` directive restricts the URLs which can be loaded using script interfaces. For more information about the ConnectSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src\n - `\"DefaultSrc\"` directive serves as a fallback for the other CSP fetch directives. For more information about the DefaultSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/default-src\n - `\"FontSrc\"` directive specifies valid sources for fonts loaded using @font-face. For more information about the FontSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/font-src\n - `\"ImgSrc\"` directive specifies a valid sources of images and favicons. For more information about the ImgSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/img-src\n - `\"ScriptSrc\"` directive specifies valid sources for JavaScript. For more information about the ScriptSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src\n - `\"StyleSrc\"` directive specifies valid sources for stylesheets. For more information about the StyleSrc directive, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/style-src", + "type": "string", + "default": "", + "enum": [ + "ConnectSrc", + "DefaultSrc", + "FontSrc", + "ImgSrc", + "ScriptSrc", + "StyleSrc" + ] + }, + "values": { + "description": "values defines an array of values to append to the console defaults for this directive. Each ConsolePlugin may define their own directives with their values. These will be set by the OpenShift web console's backend, as part of its Content-Security-Policy header. The array can contain at most 16 values. Each directive value must have a maximum length of 1024 characters and must not contain whitespace, commas (,), semicolons (;) or single quotes ('). The value '*' is not permitted. Each value in the array must be unique.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.monitoring.v1.AlertRelabelConfigList": { - "description": "AlertRelabelConfigList is a list of AlertRelabelConfigs.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.console.v1.ConsolePluginI18n": { + "description": "ConsolePluginI18n holds information on localization resources that are served by the dynamic plugin.", + "type": "object", + "required": [ + "loadType" + ], + "properties": { + "loadType": { + "description": "loadType indicates how the plugin's localization resource should be loaded. Valid values are Preload, Lazy and the empty string. When set to Preload, all localization resources are fetched when the plugin is loaded. When set to Lazy, localization resources are lazily loaded as and when they are required by the console. When omitted or set to the empty string, the behaviour is equivalent to Lazy type.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.console.v1.ConsolePluginList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "items": { - "description": "items is a list of AlertRelabelConfigs.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.AlertRelabelConfig" + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePlugin" } }, "kind": { @@ -26521,49 +26370,172 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.monitoring.v1.AlertRelabelConfigSpec": { - "description": "AlertRelabelConfigsSpec is the desired state of an AlertRelabelConfig resource.", + "com.github.openshift.api.console.v1.ConsolePluginProxy": { + "description": "ConsolePluginProxy holds information on various service types to which console's backend will proxy the plugin's requests.", "type": "object", "required": [ - "configs" + "endpoint", + "alias" ], "properties": { - "configs": { - "description": "configs is a list of sequentially evaluated alert relabel configs.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.RelabelConfig" + "alias": { + "description": "alias is a proxy name that identifies the plugin's proxy. An alias name should be unique per plugin. The console backend exposes following proxy endpoint:\n\n/api/proxy/plugin///?\n\nRequest example path:\n\n/api/proxy/plugin/acm/search/pods?namespace=openshift-apiserver", + "type": "string", + "default": "" + }, + "authorization": { + "description": "authorization provides information about authorization type, which the proxied request should contain", + "type": "string" + }, + "caCertificate": { + "description": "caCertificate provides the cert authority certificate contents, in case the proxied Service is using custom service CA. By default, the service CA bundle provided by the service-ca operator is used.", + "type": "string" + }, + "endpoint": { + "description": "endpoint provides information about endpoint to which the request is proxied to.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginProxyEndpoint" + } + } + }, + "com.github.openshift.api.console.v1.ConsolePluginProxyEndpoint": { + "description": "ConsolePluginProxyEndpoint holds information about the endpoint to which request will be proxied to.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "service": { + "description": "service is an in-cluster Service that the plugin will connect to. The Service must use HTTPS. The console backend exposes an endpoint in order to proxy communication between the plugin and the Service. Note: service field is required for now, since currently only \"Service\" type is supported.", + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginProxyServiceConfig" + }, + "type": { + "description": "type is the type of the console plugin's proxy. Currently only \"Service\" is supported.", + "type": "string", + "default": "" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "service": "Service" } } + ] + }, + "com.github.openshift.api.console.v1.ConsolePluginProxyServiceConfig": { + "description": "ProxyTypeServiceConfig holds information on Service to which console's backend will proxy the plugin's requests.", + "type": "object", + "required": [ + "name", + "namespace", + "port" + ], + "properties": { + "name": { + "description": "name of Service that the plugin needs to connect to.", + "type": "string", + "default": "" + }, + "namespace": { + "description": "namespace of Service that the plugin needs to connect to", + "type": "string", + "default": "" + }, + "port": { + "description": "port on which the Service that the plugin needs to connect to is listening on.", + "type": "integer", + "format": "int32", + "default": 0 + } } }, - "com.github.openshift.api.monitoring.v1.AlertRelabelConfigStatus": { - "description": "AlertRelabelConfigStatus is the status of an AlertRelabelConfig resource.", + "com.github.openshift.api.console.v1.ConsolePluginService": { + "description": "ConsolePluginService holds information on Service that is serving console dynamic plugin assets.", "type": "object", + "required": [ + "name", + "namespace", + "port" + ], "properties": { - "conditions": { - "description": "conditions contains details on the state of the AlertRelabelConfig, may be empty.", + "basePath": { + "description": "basePath is the path to the plugin's assets. The primary asset it the manifest file called `plugin-manifest.json`, which is a JSON document that contains metadata about the plugin and the extensions.", + "type": "string" + }, + "name": { + "description": "name of Service that is serving the plugin assets.", + "type": "string", + "default": "" + }, + "namespace": { + "description": "namespace of Service that is serving the plugin assets.", + "type": "string", + "default": "" + }, + "port": { + "description": "port on which the Service that is serving the plugin is listening to.", + "type": "integer", + "format": "int32", + "default": 0 + } + } + }, + "com.github.openshift.api.console.v1.ConsolePluginSpec": { + "description": "ConsolePluginSpec is the desired plugin configuration.", + "type": "object", + "required": [ + "displayName", + "backend" + ], + "properties": { + "backend": { + "description": "backend holds the configuration of backend which is serving console's plugin .", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginBackend" + }, + "contentSecurityPolicy": { + "description": "contentSecurityPolicy is a list of Content-Security-Policy (CSP) directives for the plugin. Each directive specifies a list of values, appropriate for the given directive type, for example a list of remote endpoints for fetch directives such as ScriptSrc. Console web application uses CSP to detect and mitigate certain types of attacks, such as cross-site scripting (XSS) and data injection attacks. Dynamic plugins should specify this field if need to load assets from outside the cluster or if violation reports are observed. Dynamic plugins should always prefer loading their assets from within the cluster, either by vendoring them, or fetching from a cluster service. CSP violation reports can be viewed in the browser's console logs during development and testing of the plugin in the OpenShift web console. Available directive types are DefaultSrc, ScriptSrc, StyleSrc, ImgSrc, FontSrc and ConnectSrc. Each of the available directives may be defined only once in the list. The value 'self' is automatically included in all fetch directives by the OpenShift web console's backend. For more information about the CSP directives, see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy\n\nThe OpenShift web console server aggregates the CSP directives and values across its own default values and all enabled ConsolePlugin CRs, merging them into a single policy string that is sent to the browser via `Content-Security-Policy` HTTP response header.\n\nExample:\n ConsolePlugin A directives:\n script-src: https://script1.com/, https://script2.com/\n font-src: https://font1.com/\n\n ConsolePlugin B directives:\n script-src: https://script2.com/, https://script3.com/\n font-src: https://font2.com/\n img-src: https://img1.com/\n\n Unified set of CSP directives, passed to the OpenShift web console server:\n script-src: https://script1.com/, https://script2.com/, https://script3.com/\n font-src: https://font1.com/, https://font2.com/\n img-src: https://img1.com/\n\n OpenShift web console server CSP response header:\n Content-Security-Policy: default-src 'self'; base-uri 'self'; script-src 'self' https://script1.com/ https://script2.com/ https://script3.com/; font-src 'self' https://font1.com/ https://font2.com/; img-src 'self' https://img1.com/; style-src 'self'; frame-src 'none'; object-src 'none'", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginCSP" }, "x-kubernetes-list-map-keys": [ - "type" + "directive" ], "x-kubernetes-list-type": "map" + }, + "displayName": { + "description": "displayName is the display name of the plugin. The dispalyName should be between 1 and 128 characters.", + "type": "string", + "default": "" + }, + "i18n": { + "description": "i18n is the configuration of plugin's localization resources.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginI18n" + }, + "proxy": { + "description": "proxy is a list of proxies that describe various service type to which the plugin needs to connect to.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsolePluginProxy" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.monitoring.v1.AlertingRule": { - "description": "AlertingRule represents a set of user-defined Prometheus rule groups containing alerting rules. This resource is the supported method for cluster admins to create alerts based on metrics recorded by the platform monitoring stack in OpenShift, i.e. the Prometheus instance deployed to the openshift-monitoring namespace. You might use this to create custom alerting rules not shipped with OpenShift based on metrics from components such as the node_exporter, which provides machine-level metrics such as CPU usage, or kube-state-metrics, which provides metrics on Kubernetes usage.\n\nThe API is mostly compatible with the upstream PrometheusRule type from the prometheus-operator. The primary difference being that recording rules are not allowed here -- only alerting rules. For each AlertingRule resource created, a corresponding PrometheusRule will be created in the openshift-monitoring namespace. OpenShift requires admins to use the AlertingRule resource rather than the upstream type in order to allow better OpenShift specific defaulting and validation, while not modifying the upstream APIs directly.\n\nYou can find upstream API documentation for PrometheusRule resources here:\n\nhttps://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.console.v1.ConsoleQuickStart": { + "description": "ConsoleQuickStart is an extension for guiding user through various workflows in the OpenShift web console.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "spec" @@ -26580,34 +26552,31 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { - "description": "spec describes the desired state of this AlertingRule object.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.AlertingRuleSpec" - }, - "status": { - "description": "status describes the current state of this AlertOverrides object.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.AlertingRuleStatus" + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleQuickStartSpec" } } }, - "com.github.openshift.api.monitoring.v1.AlertingRuleList": { - "description": "AlertingRuleList is a list of AlertingRule objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.console.v1.ConsoleQuickStartList": { + "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "items": { - "description": "items is a list of AlertingRule objects.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.AlertingRule" + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleQuickStart" } }, "kind": { @@ -26615,193 +26584,174 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.monitoring.v1.AlertingRuleSpec": { - "description": "AlertingRuleSpec is the desired state of an AlertingRule resource.", + "com.github.openshift.api.console.v1.ConsoleQuickStartSpec": { + "description": "ConsoleQuickStartSpec is the desired quick start configuration.", "type": "object", "required": [ - "groups" + "displayName", + "durationMinutes", + "description", + "introduction", + "tasks" ], "properties": { - "groups": { - "description": "groups is a list of grouped alerting rules. Rule groups are the unit at which Prometheus parallelizes rule processing. All rules in a single group share a configured evaluation interval. All rules in the group will be processed together on this interval, sequentially, and all rules will be processed.\n\nIt's common to group related alerting rules into a single AlertingRule resources, and within that resource, closely related alerts, or simply alerts with the same interval, into individual groups. You are also free to create AlertingRule resources with only a single rule group, but be aware that this can have a performance impact on Prometheus if the group is extremely large or has very complex query expressions to evaluate. Spreading very complex rules across multiple groups to allow them to be processed in parallel is also a common use-case.", + "accessReviewResources": { + "description": "accessReviewResources contains a list of resources that the user's access will be reviewed against in order for the user to complete the Quick Start. The Quick Start will be hidden if any of the access reviews fail.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.RuleGroup" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - } - }, - "com.github.openshift.api.monitoring.v1.AlertingRuleStatus": { - "description": "AlertingRuleStatus is the status of an AlertingRule resource.", - "type": "object", - "properties": { - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with.", - "type": "integer", - "format": "int64" + "$ref": "#/definitions/ResourceAttributes.v1.authorization.api.k8s.io" + } }, - "prometheusRule": { - "description": "prometheusRule is the generated PrometheusRule for this AlertingRule. Each AlertingRule instance results in a generated PrometheusRule object in the same namespace, which is always the openshift-monitoring namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.PrometheusRuleRef" - } - } - }, - "com.github.openshift.api.monitoring.v1.PrometheusRuleRef": { - "description": "PrometheusRuleRef is a reference to an existing PrometheusRule object. Each AlertingRule instance results in a generated PrometheusRule object in the same namespace, which is always the openshift-monitoring namespace. This is used to point to the generated PrometheusRule object in the AlertingRule status.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "description": "name of the referenced PrometheusRule.", + "conclusion": { + "description": "conclusion sums up the Quick Start and suggests the possible next steps. (includes markdown)", + "type": "string" + }, + "description": { + "description": "description is the description of the Quick Start. (includes markdown)", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.monitoring.v1.RelabelConfig": { - "description": "RelabelConfig allows dynamic rewriting of label sets for alerts. See Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", - "type": "object", - "properties": { - "action": { - "description": "action to perform based on regex matching. Must be one of: 'Replace', 'Keep', 'Drop', 'HashMod', 'LabelMap', 'LabelDrop', or 'LabelKeep'. Default is: 'Replace'", - "type": "string" }, - "modulus": { - "description": "modulus to take of the hash of the source label values. This can be combined with the 'HashMod' action to set 'target_label' to the 'modulus' of a hash of the concatenated 'source_labels'. This is only valid if sourceLabels is not empty and action is not 'LabelKeep' or 'LabelDrop'.", + "displayName": { + "description": "displayName is the display name of the Quick Start.", + "type": "string", + "default": "" + }, + "durationMinutes": { + "description": "durationMinutes describes approximately how many minutes it will take to complete the Quick Start.", "type": "integer", - "format": "int64" + "format": "int32", + "default": 0 }, - "regex": { - "description": "regex against which the extracted value is matched. Default is: '(.*)' regex is required for all actions except 'HashMod'", + "icon": { + "description": "icon is a base64 encoded image that will be displayed beside the Quick Start display name. The icon should be an vector image for easy scaling. The size of the icon should be 40x40.", "type": "string" }, - "replacement": { - "description": "replacement value against which a regex replace is performed if the regular expression matches. This is required if the action is 'Replace' or 'LabelMap' and forbidden for actions 'LabelKeep' and 'LabelDrop'. Regex capture groups are available. Default is: '$1'", - "type": "string" + "introduction": { + "description": "introduction describes the purpose of the Quick Start. (includes markdown)", + "type": "string", + "default": "" }, - "separator": { - "description": "separator placed between concatenated source label values. When omitted, Prometheus will use its default value of ';'.", - "type": "string" + "nextQuickStart": { + "description": "nextQuickStart is a list of the following Quick Starts, suggested for the user to try.", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "sourceLabels": { - "description": "sourceLabels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the 'Replace', 'Keep', and 'Drop' actions. Not allowed for actions 'LabelKeep' and 'LabelDrop'.", + "prerequisites": { + "description": "prerequisites contains all prerequisites that need to be met before taking a Quick Start. (includes markdown)", "type": "array", "items": { "type": "string", "default": "" } }, - "targetLabel": { - "description": "targetLabel to which the resulting value is written in a 'Replace' action. It is required for 'Replace' and 'HashMod' actions and forbidden for actions 'LabelKeep' and 'LabelDrop'. Regex capture groups are available.", - "type": "string" + "tags": { + "description": "tags is a list of strings that describe the Quick Start.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "tasks": { + "description": "tasks is the list of steps the user has to perform to complete the Quick Start.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleQuickStartTask" + } } } }, - "com.github.openshift.api.monitoring.v1.Rule": { - "description": "Rule describes an alerting rule. See Prometheus documentation: - https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules", + "com.github.openshift.api.console.v1.ConsoleQuickStartTask": { + "description": "ConsoleQuickStartTask is a single step in a Quick Start.", "type": "object", "required": [ - "alert", - "expr" + "title", + "description" ], "properties": { - "alert": { - "description": "alert is the name of the alert. Must be a valid label value, i.e. may contain any Unicode character.", + "description": { + "description": "description describes the steps needed to complete the task. (includes markdown)", "type": "string", "default": "" }, - "annotations": { - "description": "annotations to add to each alert. These are values that can be used to store longer additional information that you won't query on, such as alert descriptions or runbook links.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "expr": { - "description": "expr is the PromQL expression to evaluate. Every evaluation cycle this is evaluated at the current time, and all resultant time series become pending or firing alerts. This is most often a string representing a PromQL expression, e.g.: mapi_current_pending_csr > mapi_max_pending_csr In rare cases this could be a simple integer, e.g. a simple \"1\" if the intent is to create an alert that is always firing. This is sometimes used to create an always-firing \"Watchdog\" alert in order to ensure the alerting pipeline is functional.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + "review": { + "description": "review contains instructions to validate the task is complete. The user will select 'Yes' or 'No'. using a radio button, which indicates whether the step was completed successfully.", + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleQuickStartTaskReview" }, - "for": { - "description": "for is the time period after which alerts are considered firing after first returning results. Alerts which have not yet fired for long enough are considered pending.", - "type": "string" + "summary": { + "description": "summary contains information about the passed step.", + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleQuickStartTaskSummary" }, - "labels": { - "description": "labels to add or overwrite for each alert. The results of the PromQL expression for the alert will result in an existing set of labels for the alert, after evaluating the expression, for any label specified here with the same name as a label in that set, the label here wins and overwrites the previous value. These should typically be short identifying values that may be useful to query against. A common example is the alert severity, where one sets `severity: warning` under the `labels` key:", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "title": { + "description": "title describes the task and is displayed as a step heading.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.console.v1.ConsoleQuickStartTaskReview": { + "description": "ConsoleQuickStartTaskReview contains instructions that validate a task was completed successfully.", + "type": "object", + "required": [ + "instructions", + "failedTaskHelp" + ], + "properties": { + "failedTaskHelp": { + "description": "failedTaskHelp contains suggestions for a failed task review and is shown at the end of task. (includes markdown)", + "type": "string", + "default": "" + }, + "instructions": { + "description": "instructions contains steps that user needs to take in order to validate his work after going through a task. (includes markdown)", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.monitoring.v1.RuleGroup": { - "description": "RuleGroup is a list of sequentially evaluated alerting rules.", + "com.github.openshift.api.console.v1.ConsoleQuickStartTaskSummary": { + "description": "ConsoleQuickStartTaskSummary contains information about a passed step.", "type": "object", "required": [ - "name", - "rules" + "success", + "failed" ], "properties": { - "interval": { - "description": "interval is how often rules in the group are evaluated. If not specified, it defaults to the global.evaluation_interval configured in Prometheus, which itself defaults to 30 seconds. You can check if this value has been modified from the default on your cluster by inspecting the platform Prometheus configuration: The relevant field in that resource is: spec.evaluationInterval", - "type": "string" - }, - "name": { - "description": "name is the name of the group.", + "failed": { + "description": "failed briefly describes the unsuccessfully passed task. (includes markdown)", "type": "string", "default": "" }, - "rules": { - "description": "rules is a list of sequentially evaluated alerting rules. Prometheus may process rule groups in parallel, but rules within a single group are always processed sequentially, and all rules are processed.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.Rule" - } + "success": { + "description": "success describes the succesfully passed task.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.network.v1.ClusterNetwork": { - "description": "ClusterNetwork was used by OpenShift SDN. DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in any way by OpenShift.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.console.v1.ConsoleSample": { + "description": "ConsoleSample is an extension to customizing OpenShift web console by adding samples.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "serviceNetwork", - "clusterNetworks" + "metadata", + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "clusterNetworks": { - "description": "clusterNetworks is a list of ClusterNetwork objects that defines the global overlay network's L3 space by specifying a set of CIDR and netmasks that the SDN can allocate addresses from.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1.ClusterNetworkEntry" - } - }, - "hostsubnetlength": { - "description": "hostsubnetlength is the number of bits of network to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pods", - "type": "integer", - "format": "int64" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -26809,115 +26759,104 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "mtu": { - "description": "mtu is the MTU for the overlay network. This should be 50 less than the MTU of the network connecting the nodes. It is normally autodetected by the cluster network operator.", - "type": "integer", - "format": "int64" - }, - "network": { - "description": "network is a CIDR string specifying the global overlay network's L3 space", - "type": "string" - }, - "pluginName": { - "description": "pluginName is the name of the network plugin being used", - "type": "string" - }, - "serviceNetwork": { - "description": "serviceNetwork is the CIDR range that Service IP addresses are allocated from", - "type": "string", - "default": "" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "vxlanPort": { - "description": "vxlanPort sets the VXLAN destination port used by the cluster. It is set by the master configuration file on startup and cannot be edited manually. Valid values for VXLANPort are integers 1-65535 inclusive and if unset defaults to 4789. Changing VXLANPort allows users to resolve issues between openshift SDN and other software trying to use the same VXLAN destination port.", - "type": "integer", - "format": "int64" + "spec": { + "description": "spec contains configuration for a console sample.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleSpec" } } }, - "com.github.openshift.api.network.v1.ClusterNetworkEntry": { - "description": "ClusterNetworkEntry defines an individual cluster network. The CIDRs cannot overlap with other cluster network CIDRs, CIDRs reserved for external ips, CIDRs reserved for service networks, and CIDRs reserved for ingress ips.", + "com.github.openshift.api.console.v1.ConsoleSampleContainerImportSource": { + "description": "ConsoleSampleContainerImportSource let the user import a container image.", "type": "object", "required": [ - "CIDR", - "hostSubnetLength" + "image" ], "properties": { - "CIDR": { - "description": "CIDR defines the total range of a cluster networks address space.", + "image": { + "description": "reference to a container image that provides a HTTP service. The service must be exposed on the default port (8080) unless otherwise configured with the port field.\n\nSupported formats:\n - /\n - docker.io//\n - quay.io//\n - quay.io//@sha256:\n - quay.io//:", "type": "string", "default": "" }, - "hostSubnetLength": { - "description": "hostSubnetLength is the number of bits of the accompanying CIDR address to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pods.", + "service": { + "description": "service contains configuration for the Service resource created for this sample.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleContainerImportSourceService" + } + } + }, + "com.github.openshift.api.console.v1.ConsoleSampleContainerImportSourceService": { + "description": "ConsoleSampleContainerImportSourceService let the samples author define defaults for the Service created for this sample.", + "type": "object", + "properties": { + "targetPort": { + "description": "targetPort is the port that the service listens on for HTTP requests. This port will be used for Service and Route created for this sample. Port must be in the range 1 to 65535. Default port is 8080.", "type": "integer", - "format": "int64", - "default": 0 + "format": "int32" } } }, - "com.github.openshift.api.network.v1.ClusterNetworkList": { - "description": "ClusterNetworkList is a collection of ClusterNetworks\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.console.v1.ConsoleSampleGitImportSource": { + "description": "ConsoleSampleGitImportSource let the user import code from a public Git repository.", "type": "object", "required": [ - "items" + "repository" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is the list of cluster networks", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1.ClusterNetwork" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "repository": { + "description": "repository contains the reference to the actual Git repository.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleGitImportSourceRepository" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "service": { + "description": "service contains configuration for the Service resource created for this sample.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleGitImportSourceService" } } }, - "com.github.openshift.api.network.v1.EgressNetworkPolicy": { - "description": "EgressNetworkPolicy was used by OpenShift SDN. DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in any way by OpenShift.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.console.v1.ConsoleSampleGitImportSourceRepository": { + "description": "ConsoleSampleGitImportSourceRepository let the user import code from a public git repository.", "type": "object", "required": [ - "spec" + "url" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "contextDir": { + "description": "contextDir is used to specify a directory within the repository to build the component. Must start with `/` and have a maximum length of 256 characters. When omitted, the default value is to build from the root of the repository.", + "type": "string", + "default": "" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "revision": { + "description": "revision is the git revision at which to clone the git repository Can be used to clone a specific branch, tag or commit SHA. Must be at most 256 characters in length. When omitted the repository's default branch is used.", + "type": "string", + "default": "" }, - "spec": { - "description": "spec is the specification of the current egress network policy", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1.EgressNetworkPolicySpec" + "url": { + "description": "url of the Git repository that contains a HTTP service. The HTTP service must be exposed on the default port (8080) unless otherwise configured with the port field.\n\nOnly public repositories on GitHub, GitLab and Bitbucket are currently supported:\n\n - https://github.com//\n - https://gitlab.com//\n - https://bitbucket.org//\n\nThe url must have a maximum length of 256 characters.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.network.v1.EgressNetworkPolicyList": { - "description": "EgressNetworkPolicyList is a collection of EgressNetworkPolicy\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.console.v1.ConsoleSampleGitImportSourceService": { + "description": "ConsoleSampleGitImportSourceService let the samples author define defaults for the Service created for this sample.", + "type": "object", + "properties": { + "targetPort": { + "description": "targetPort is the port that the service listens on for HTTP requests. This port will be used for Service created for this sample. Port must be in the range 1 to 65535. Default port is 8080.", + "type": "integer", + "format": "int32" + } + } + }, + "com.github.openshift.api.console.v1.ConsoleSampleList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -26926,11 +26865,10 @@ "type": "string" }, "items": { - "description": "items is the list of policies", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1.EgressNetworkPolicy" + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSample" } }, "kind": { @@ -26940,99 +26878,112 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.network.v1.EgressNetworkPolicyPeer": { - "description": "EgressNetworkPolicyPeer specifies a target to apply egress network policy to", - "type": "object", - "properties": { - "cidrSelector": { - "description": "cidrSelector is the CIDR range to allow/deny traffic to. If this is set, dnsName must be unset Ideally we would have liked to use the cidr openapi format for this property. But openshift-sdn only supports v4 while specifying the cidr format allows both v4 and v6 cidrs We are therefore using a regex pattern to validate instead.", - "type": "string" - }, - "dnsName": { - "description": "dnsName is the domain name to allow/deny traffic to. If this is set, cidrSelector must be unset", - "type": "string" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.network.v1.EgressNetworkPolicyRule": { - "description": "EgressNetworkPolicyRule contains a single egress network policy rule", + "com.github.openshift.api.console.v1.ConsoleSampleSource": { + "description": "ConsoleSampleSource is the actual sample definition and can hold different sample types. Unsupported sample types will be ignored in the web console.", "type": "object", "required": [ - "type", - "to" + "type" ], "properties": { - "to": { - "description": "to is the target that traffic is allowed/denied to", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1.EgressNetworkPolicyPeer" + "containerImport": { + "description": "containerImport allows the user import a container image.", + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleContainerImportSource" + }, + "gitImport": { + "description": "gitImport allows the user to import code from a git repository.", + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleGitImportSource" }, "type": { - "description": "type marks this as an \"Allow\" or \"Deny\" rule", + "description": "type of the sample, currently supported: \"GitImport\";\"ContainerImport\"\n\nPossible enum values:\n - `\"ContainerImport\"` A sample that let the user import a container image.\n - `\"GitImport\"` A sample that let the user import code from a git repository.", "type": "string", - "default": "" + "default": "", + "enum": [ + "ContainerImport", + "GitImport" + ] } - } - }, - "com.github.openshift.api.network.v1.EgressNetworkPolicySpec": { - "description": "EgressNetworkPolicySpec provides a list of policies on outgoing network traffic", - "type": "object", - "required": [ - "egress" - ], - "properties": { - "egress": { - "description": "egress contains the list of egress policy rules", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1.EgressNetworkPolicyRule" + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "containerImport": "ContainerImport", + "gitImport": "GitImport" } } - } + ] }, - "com.github.openshift.api.network.v1.HostSubnet": { - "description": "HostSubnet was used by OpenShift SDN. DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in any way by OpenShift.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.console.v1.ConsoleSampleSpec": { + "description": "ConsoleSampleSpec is the desired sample for the web console. Samples will appear with their title, descriptions and a badge in a samples catalog.", "type": "object", "required": [ - "host", - "hostIP", - "subnet" + "title", + "abstract", + "description", + "source" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "abstract": { + "description": "abstract is a short introduction to the sample.\n\nIt is required and must be no more than 100 characters in length.\n\nThe abstract is shown on the sample card tile below the title and provider and is limited to three lines of content.", + "type": "string", + "default": "" }, - "egressCIDRs": { - "description": "egressCIDRs is the list of CIDR ranges available for automatically assigning egress IPs to this node from. If this field is set then EgressIPs should be treated as read-only.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "description": { + "description": "description is a long form explanation of the sample.\n\nIt is required and can have a maximum length of **4096** characters.\n\nIt is a README.md-like content for additional information, links, pre-conditions, and other instructions. It will be rendered as Markdown so that it can contain line breaks, links, and other simple formatting.", + "type": "string", + "default": "" }, - "egressIPs": { - "description": "egressIPs is the list of automatic egress IP addresses currently hosted by this node. If EgressCIDRs is empty, this can be set by hand; if EgressCIDRs is set then the master will overwrite the value here with its own allocation of egress IPs.", + "icon": { + "description": "icon is an optional base64 encoded image and shown beside the sample title.\n\nThe format must follow the data: URL format and can have a maximum size of **10 KB**.\n\n data:[][;base64],\n\nFor example:\n\n data:image;base64, plus the base64 encoded image.\n\nVector images can also be used. SVG icons must start with:\n\n data:image/svg+xml;base64, plus the base64 encoded SVG image.\n\nAll sample catalog icons will be shown on a white background (also when the dark theme is used). The web console ensures that different aspect ratios work correctly. Currently, the surface of the icon is at most 40x100px.\n\nFor more information on the data URL format, please visit https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URLs.", + "type": "string", + "default": "" + }, + "provider": { + "description": "provider is an optional label to honor who provides the sample.\n\nIt is optional and must be no more than 50 characters in length.\n\nA provider can be a company like \"Red Hat\" or an organization like \"CNCF\" or \"Knative\".\n\nCurrently, the provider is only shown on the sample card tile below the title with the prefix \"Provided by \"", + "type": "string", + "default": "" + }, + "source": { + "description": "source defines where to deploy the sample service from. The sample may be sourced from an external git repository or container image.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleSampleSource" + }, + "tags": { + "description": "tags are optional string values that can be used to find samples in the samples catalog.\n\nExamples of common tags may be \"Java\", \"Quarkus\", etc.\n\nThey will be displayed on the samples details page.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "set" }, - "host": { - "description": "host is the name of the node. (This is the same as the object's name, but both fields must be set.)", + "title": { + "description": "title is the display name of the sample.\n\nIt is required and must be no more than 50 characters in length.", "type": "string", "default": "" }, - "hostIP": { - "description": "hostIP is the IP address to be used as a VTEP by other nodes in the overlay network", + "type": { + "description": "type is an optional label to group multiple samples.\n\nIt is optional and must be no more than 20 characters in length.\n\nRecommendation is a singular term like \"Builder Image\", \"Devfile\" or \"Serverless Function\".\n\nCurrently, the type is shown a badge on the sample card tile in the top right corner.", "type": "string", "default": "" + } + } + }, + "com.github.openshift.api.console.v1.ConsoleYAMLSample": { + "description": "ConsoleYAMLSample is an extension for customizing OpenShift web console YAML samples.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "metadata", + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", @@ -27041,19 +26992,19 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "subnet": { - "description": "subnet is the CIDR range of the overlay network assigned to the node for its pods", - "type": "string", - "default": "" + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleYAMLSampleSpec" } } }, - "com.github.openshift.api.network.v1.HostSubnetList": { - "description": "HostSubnetList is a collection of HostSubnets\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.console.v1.ConsoleYAMLSampleList": { + "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -27062,11 +27013,10 @@ "type": "string" }, "items": { - "description": "items is the list of host subnets", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1.HostSubnet" + "$ref": "#/definitions/com.github.openshift.api.console.v1.ConsoleYAMLSample" } }, "kind": { @@ -27076,87 +27026,90 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.network.v1.NetNamespace": { - "description": "NetNamespace was used by OpenShift SDN. DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in any way by OpenShift.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.console.v1.ConsoleYAMLSampleSpec": { + "description": "ConsoleYAMLSampleSpec is the desired YAML sample configuration. Samples will appear with their descriptions in a samples sidebar when creating a resources in the web console.", "type": "object", "required": [ - "netname", - "netid" + "targetResource", + "title", + "description", + "yaml" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "egressIPs": { - "description": "egressIPs is a list of reserved IPs that will be used as the source for external traffic coming from pods in this namespace. (If empty, external traffic will be masqueraded to Node IPs.)", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "description": { + "description": "description of the YAML sample.", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "snippet": { + "description": "snippet indicates that the YAML sample is not the full YAML resource definition, but a fragment that can be inserted into the existing YAML document at the user's cursor.", + "type": "boolean", + "default": false }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "targetResource": { + "description": "targetResource contains apiVersion and kind of the resource YAML sample is representating.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/TypeMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "netid": { - "description": "netid is the network identifier of the network namespace assigned to each overlay network packet. This can be manipulated with the \"oc adm pod-network\" commands.", - "type": "integer", - "format": "int64", - "default": 0 + "title": { + "description": "title of the YAML sample.", + "type": "string", + "default": "" }, - "netname": { - "description": "netname is the name of the network namespace. (This is the same as the object's name, but both fields must be set.)", + "yaml": { + "description": "yaml is the YAML sample to display.", "type": "string", "default": "" } } }, - "com.github.openshift.api.network.v1.NetNamespaceList": { - "description": "NetNamespaceList is a collection of NetNamespaces\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.console.v1.Link": { + "description": "Represents a standard link that could be generated in HTML", "type": "object", "required": [ - "items" + "text", + "href" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "href": { + "description": "href is the absolute URL for the link. Must use https:// for web URLs or mailto: for email links.", + "type": "string", + "default": "" }, - "items": { - "description": "items is the list of net namespaces", + "text": { + "description": "text is the display text for the link", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.console.v1.NamespaceDashboardSpec": { + "description": "NamespaceDashboardSpec is a specification of namespaces in which the dashboard link should appear. If both namespaces and namespaceSelector are specified, the link will appear in namespaces that match either", + "type": "object", + "properties": { + "namespaceSelector": { + "description": "namespaceSelector is used to select the Namespaces that should contain dashboard link by label. If the namespace labels match, dashboard link will be shown for the namespaces.", + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "namespaces": { + "description": "namespaces is an array of namespace names in which the dashboard link should appear.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1.NetNamespace" + "type": "string", + "default": "" } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.network.v1alpha1.DNSNameResolver": { - "description": "DNSNameResolver stores the DNS name resolution information of a DNS name. It can be enabled by the TechPreviewNoUpgrade feature set. It can also be enabled by the feature gate DNSNameResolver when using CustomNoUpgrade feature set.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.etcd.v1alpha1.PacemakerCluster": { + "description": "PacemakerCluster represents the current state of the pacemaker cluster as reported by the pcs status command. PacemakerCluster is a cluster-scoped singleton resource. The name of this instance is \"cluster\". This resource provides a view into the health and status of a pacemaker-managed cluster in Two Node OpenShift with Fencing deployments.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "spec" + "metadata" ], "properties": { "apiVersion": { @@ -27170,314 +27123,377 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec is the specification of the desired behavior of the DNSNameResolver.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1alpha1.DNSNameResolverSpec" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "status": { - "description": "status is the most recently observed status of the DNSNameResolver.", + "description": "status contains the actual pacemaker cluster status information collected from the cluster. The goal of this status is to be able to quickly identify if pacemaker is in a healthy state. In Two Node OpenShift with Fencing, a healthy pacemaker cluster has 2 nodes, both of which have healthy kubelet, etcd, and fencing resources. This field is optional on creation - the status collector populates it immediately after creating the resource via the status subresource.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1alpha1.DNSNameResolverStatus" + "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerClusterStatus" } } }, - "com.github.openshift.api.network.v1alpha1.DNSNameResolverList": { - "description": "DNSNameResolverList contains a list of DNSNameResolvers.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterFencingAgentStatus": { + "description": "PacemakerClusterFencingAgentStatus represents the status of a fencing agent that can fence a node. Fencing agents are STONITH (Shoot The Other Node In The Head) devices used to isolate failed nodes. Unlike regular pacemaker resources, fencing agents are mapped to their target node (the node they can fence), not the node where their monitoring operations are scheduled.", "type": "object", "required": [ - "items" + "conditions", + "name", + "method" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items gives the list of DNSNameResolvers.", + "conditions": { + "description": "conditions represent the observations of the fencing agent's current state. Known condition types are: \"Healthy\", \"InService\", \"Managed\", \"Enabled\", \"Operational\", \"Active\", \"Started\", \"Schedulable\". The \"Healthy\" condition is an aggregate that tracks the overall health of the fencing agent. The \"InService\" condition tracks whether the fencing agent is in service (not in maintenance mode). The \"Managed\" condition tracks whether the fencing agent is managed by pacemaker. The \"Enabled\" condition tracks whether the fencing agent is enabled. The \"Operational\" condition tracks whether the fencing agent is operational (not failed). The \"Active\" condition tracks whether the fencing agent is active (available to be used). The \"Started\" condition tracks whether the fencing agent is started. The \"Schedulable\" condition tracks whether the fencing agent is schedulable (not blocked). Each of these conditions is required, so the array must contain at least 8 items.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1alpha1.DNSNameResolver" - } + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "method": { + "description": "method is the fencing method used by this agent. Valid values are \"Redfish\" and \"IPMI\". Redfish is a standard RESTful API for server management. IPMI (Intelligent Platform Management Interface) is a hardware management interface.\n\nPossible enum values:\n - `\"IPMI\"` uses IPMI (Intelligent Platform Management Interface), a hardware management interface.\n - `\"Redfish\"` uses Redfish, a standard RESTful API for server management.", + "type": "string", + "enum": [ + "IPMI", + "Redfish" + ] }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "name": { + "description": "name is the unique identifier for this fencing agent (e.g., \"master-0_redfish\"). The name must be unique within the fencingAgents array for this node. It may contain alphanumeric characters, dots, hyphens, and underscores. Maximum length is 300 characters, providing headroom beyond the typical format of _ (253 for RFC 1123 node name + 1 underscore + type).", + "type": "string" } } }, - "com.github.openshift.api.network.v1alpha1.DNSNameResolverResolvedAddress": { - "description": "DNSNameResolverResolvedAddress describes the details of an IP address for a resolved DNS name.", + "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterList": { + "description": "PacemakerClusterList contains a list of PacemakerCluster objects. PacemakerCluster is a cluster-scoped singleton resource; only one instance named \"cluster\" may exist. This list type exists only to satisfy Kubernetes API conventions.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "ip", - "ttlSeconds", - "lastLookupTime" + "items" ], "properties": { - "ip": { - "description": "ip is an IP address associated with the dnsName. The validity of the IP address expires after lastLookupTime + ttlSeconds. To refresh the information, a DNS lookup will be performed upon the expiration of the IP address's validity. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is a list of PacemakerCluster objects.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerCluster" + } }, - "lastLookupTime": { - "description": "lastLookupTime is the timestamp when the last DNS lookup was completed successfully. The validity of the IP address expires after lastLookupTime + ttlSeconds. The value of this field will be updated to the current time on a successful DNS lookup. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "ttlSeconds": { - "description": "ttlSeconds is the time-to-live value of the IP address. The validity of the IP address expires after lastLookupTime + ttlSeconds. On a successful DNS lookup the value of this field will be updated with the current time-to-live value. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity.", - "type": "integer", - "format": "int32", - "default": 0 + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.network.v1alpha1.DNSNameResolverResolvedName": { - "description": "DNSNameResolverResolvedName describes the details of a resolved DNS name.", + "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterNodeStatus": { + "description": "PacemakerClusterNodeStatus represents the status of a single node in the pacemaker cluster including the node's conditions and the health of critical resources running on that node.", "type": "object", "required": [ - "dnsName", - "resolvedAddresses" + "conditions", + "nodeName", + "addresses", + "resources", + "fencingAgents" ], "properties": { + "addresses": { + "description": "addresses is a list of IP addresses for the node. Pacemaker allows multiple IP addresses for Corosync communication between nodes. The first address in this list is used for IP-based peer URLs for etcd membership. Each address must be a valid global unicast IPv4 or IPv6 address in canonical form (e.g., \"192.168.1.1\" not \"192.168.001.001\", or \"2001:db8::1\" not \"2001:0db8::1\"). This excludes loopback, link-local, and multicast addresses.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerNodeAddress" + }, + "x-kubernetes-list-type": "atomic" + }, "conditions": { - "description": "conditions provide information about the state of the DNS name. Known .status.conditions.type is: \"Degraded\". \"Degraded\" is true when the last resolution failed for the DNS name, and false otherwise.", + "description": "conditions represent the observations of the node's current state. Known condition types are: \"Healthy\", \"Online\", \"InService\", \"Active\", \"Ready\", \"Clean\", \"Member\", \"FencingAvailable\", \"FencingHealthy\". The \"Healthy\" condition is an aggregate that tracks the overall health of the node. The \"Online\" condition tracks whether the node is online. The \"InService\" condition tracks whether the node is in service (not in maintenance mode). The \"Active\" condition tracks whether the node is active (not in standby mode). The \"Ready\" condition tracks whether the node is ready (not in a pending state). The \"Clean\" condition tracks whether the node is in a clean (status known) state. The \"Member\" condition tracks whether the node is a member of the cluster. The \"FencingAvailable\" condition tracks whether this node can be fenced by at least one healthy agent. The \"FencingHealthy\" condition tracks whether all fencing agents for this node are healthy. Each of these conditions is required, so the array must contain at least 9 items.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" }, "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, - "dnsName": { - "description": "dnsName is the resolved DNS name matching the name field of DNSNameResolverSpec. This field can store both regular and wildcard DNS names which match the spec.name field. When the spec.name field contains a regular DNS name, this field will store the same regular DNS name after it is successfully resolved. When the spec.name field contains a wildcard DNS name, each resolvedName.dnsName will store the regular DNS names which match the wildcard DNS name and have been successfully resolved. If the wildcard DNS name can also be successfully resolved, then this field will store the wildcard DNS name as well.", - "type": "string", - "default": "" + "fencingAgents": { + "description": "fencingAgents contains the status of fencing agents that can fence this node. Unlike resources (which are scheduled to run on this node), fencing agents are mapped to the node they can fence (their target), not the node where monitoring operations run. Each fencing agent entry includes a unique name, fencing type, target node, and health conditions. A node is considered fence-capable if at least one fencing agent is healthy. Expected to have 1 fencing agent per node, but up to 8 are supported for redundancy. Names must be unique within this array.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerClusterFencingAgentStatus" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "resolutionFailures": { - "description": "resolutionFailures keeps the count of how many consecutive times the DNS resolution failed for the dnsName. If the DNS resolution succeeds then the field will be set to zero. Upon every failure, the value of the field will be incremented by one. The details about the DNS name will be removed, if the value of resolutionFailures reaches 5 and the TTL of all the associated IP addresses have expired.", - "type": "integer", - "format": "int32" + "nodeName": { + "description": "nodeName is the name of the node. This is expected to match the Kubernetes node's name, which must be a lowercase RFC 1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', starting and ending with an alphanumeric character, and be at most 253 characters in length.", + "type": "string" }, - "resolvedAddresses": { - "description": "resolvedAddresses gives the list of associated IP addresses and their corresponding TTLs and last lookup times for the dnsName.", + "resources": { + "description": "resources contains the status of pacemaker resources scheduled on this node. Each resource entry includes the resource name and its health conditions. For Two Node OpenShift with Fencing, we track Kubelet and Etcd resources per node. Both resources are required to be present, so the array must contain at least 2 items. Valid resource names are \"Kubelet\" and \"Etcd\". Fencing agents are tracked separately in the fencingAgents field.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1alpha1.DNSNameResolverResolvedAddress" + "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerClusterResourceStatus" }, "x-kubernetes-list-map-keys": [ - "ip" + "name" ], "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.network.v1alpha1.DNSNameResolverSpec": { - "description": "DNSNameResolverSpec is a desired state description of DNSNameResolver.", + "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterResourceStatus": { + "description": "PacemakerClusterResourceStatus represents the status of a pacemaker resource scheduled on a node. A pacemaker resource is a unit of work managed by pacemaker. In pacemaker terminology, resources are services or applications that pacemaker monitors, starts, stops, and moves between nodes to maintain high availability. For Two Node OpenShift with Fencing, we track two resources per node:\n - Kubelet (the Kubernetes node agent and a prerequisite for etcd)\n - Etcd (the distributed key-value store)\n\nFencing agents are tracked separately in the fencingAgents field because they are mapped to their target node (the node they can fence), not the node where monitoring operations are scheduled.", "type": "object", "required": [ + "conditions", "name" ], "properties": { + "conditions": { + "description": "conditions represent the observations of the resource's current state. Known condition types are: \"Healthy\", \"InService\", \"Managed\", \"Enabled\", \"Operational\", \"Active\", \"Started\", \"Schedulable\". The \"Healthy\" condition is an aggregate that tracks the overall health of the resource. The \"InService\" condition tracks whether the resource is in service (not in maintenance mode). The \"Managed\" condition tracks whether the resource is managed by pacemaker. The \"Enabled\" condition tracks whether the resource is enabled. The \"Operational\" condition tracks whether the resource is operational (not failed). The \"Active\" condition tracks whether the resource is active (available to be used). The \"Started\" condition tracks whether the resource is started. The \"Schedulable\" condition tracks whether the resource is schedulable (not blocked). Each of these conditions is required, so the array must contain at least 8 items.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, "name": { - "description": "name is the DNS name for which the DNS name resolution information will be stored. For a regular DNS name, only the DNS name resolution information of the regular DNS name will be stored. For a wildcard DNS name, the DNS name resolution information of all the DNS names that match the wildcard DNS name will be stored. For a wildcard DNS name, the '*' will match only one label. Additionally, only a single '*' can be used at the beginning of the wildcard DNS name. For example, '*.example.com.' will match 'sub1.example.com.' but won't match 'sub2.sub1.example.com.'", + "description": "name is the name of the pacemaker resource. Valid values are \"Kubelet\" and \"Etcd\". The Kubelet resource is a prerequisite for etcd in Two Node OpenShift with Fencing deployments. The Etcd resource may temporarily transition to stopped during pacemaker quorum-recovery operations. Fencing agents are tracked separately in the node's fencingAgents field.\n\nPossible enum values:\n - `\"Etcd\"` is the etcd pacemaker resource. The etcd resource may temporarily transition to stopped during pacemaker quorum-recovery operations.\n - `\"Kubelet\"` is the kubelet pacemaker resource. The kubelet resource is a prerequisite for etcd in Two Node OpenShift with Fencing deployments.", "type": "string", - "default": "" + "enum": [ + "Etcd", + "Kubelet" + ] } } }, - "com.github.openshift.api.network.v1alpha1.DNSNameResolverStatus": { - "description": "DNSNameResolverStatus defines the observed status of DNSNameResolver.", + "com.github.openshift.api.etcd.v1alpha1.PacemakerClusterStatus": { + "description": "PacemakerClusterStatus contains the actual pacemaker cluster status information. As part of validating the status object, we need to ensure that the lastUpdated timestamp may not be set to an earlier timestamp than the current value. The validation rule checks if oldSelf has lastUpdated before comparing, to handle the initial status creation case.", "type": "object", + "required": [ + "conditions", + "lastUpdated", + "nodes" + ], "properties": { - "resolvedNames": { - "description": "resolvedNames contains a list of matching DNS names and their corresponding IP addresses along with their TTL and last DNS lookup times.", + "conditions": { + "description": "conditions represent the observations of the pacemaker cluster's current state. Known condition types are: \"Healthy\", \"InService\", \"NodeCountAsExpected\". The \"Healthy\" condition is an aggregate that tracks the overall health of the cluster. The \"InService\" condition tracks whether the cluster is in service (not in maintenance mode). The \"NodeCountAsExpected\" condition tracks whether the expected number of nodes are present. Each of these conditions is required, so the array must contain at least 3 items.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.network.v1alpha1.DNSNameResolverResolvedName" + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" }, "x-kubernetes-list-map-keys": [ - "dnsName" + "type" ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "dnsName", - "x-kubernetes-patch-strategy": "merge" + "x-kubernetes-list-type": "map" + }, + "lastUpdated": { + "description": "lastUpdated is the timestamp when this status was last updated. This is useful for identifying stale status reports. It must be a valid timestamp in RFC3339 format. Once set, this field cannot be removed and cannot be set to an earlier timestamp than the current value.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "nodes": { + "description": "nodes provides detailed status for each control-plane node in the Pacemaker cluster. While Pacemaker supports up to 32 nodes, the limit is set to 5 (max OpenShift control-plane nodes). For Two Node OpenShift with Fencing, exactly 2 nodes are expected in a healthy cluster. An empty list indicates a catastrophic failure where Pacemaker reports no nodes.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.etcd.v1alpha1.PacemakerClusterNodeStatus" + }, + "x-kubernetes-list-map-keys": [ + "nodeName" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.networkoperator.v1.EgressRouter": { - "description": "EgressRouter is a feature allowing the user to define an egress router that acts as a bridge between pods and external systems. The egress router runs a service that redirects egress traffic originating from a pod or a group of pods to a remote external system or multiple destinations as per configuration.\n\nIt is consumed by the cluster-network-operator. More specifically, given an EgressRouter CR with , the CNO will create and manage: - A service called - An egress pod called - A NAD called \n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).\n\nEgressRouter is a single egressrouter pod configuration object.", + "com.github.openshift.api.etcd.v1alpha1.PacemakerNodeAddress": { + "description": "PacemakerNodeAddress contains information for a node's address. This is similar to corev1.NodeAddress but adds validation for IP addresses.", "type": "object", "required": [ - "spec" + "type", + "address" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "address": { + "description": "address is the node address. For InternalIP, this must be a valid global unicast IPv4 or IPv6 address in canonical form. Canonical form means the shortest standard representation (e.g., \"192.168.1.1\" not \"192.168.001.001\", or \"2001:db8::1\" not \"2001:0db8::1\"). Maximum length is 39 characters (full IPv6 address). Global unicast includes private/RFC1918 addresses but excludes loopback, link-local, and multicast.", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "Specification of the desired egress router.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.networkoperator.v1.EgressRouterSpec" - }, - "status": { - "description": "Observed status of EgressRouter.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.networkoperator.v1.EgressRouterStatus" + "type": { + "description": "type is the type of node address. Currently only \"InternalIP\" is supported.\n\nPossible enum values:\n - `\"InternalIP\"` is an internal IP address assigned to the node. This is typically the IP address used for intra-cluster communication.", + "type": "string", + "enum": [ + "InternalIP" + ] } } }, - "com.github.openshift.api.networkoperator.v1.EgressRouterSpec": { - "description": "EgressRouterSpec contains the configuration for an egress router. Mode, networkInterface and addresses fields must be specified along with exactly one \"Config\" that matches the mode. Each config consists of parameters specific to that mode.", + "com.github.openshift.api.example.v1.CELUnion": { + "description": "CELUnion demonstrates how to use a discriminated union and how to validate it using CEL.", "type": "object", "required": [ - "mode", - "networkInterface", - "addresses" + "type" ], "properties": { - "addresses": { - "description": "List of IP addresses to configure on the pod's secondary interface.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.networkoperator.v1.EgressRouterAddress" - } + "optionalMember": { + "description": "optionalMember is a union member that is optional.", + "type": "string" }, - "mode": { - "description": "mode depicts the mode that is used for the egress router. The default mode is \"Redirect\" and is the only supported mode currently.", + "requiredMember": { + "description": "requiredMember is a union member that is required.", + "type": "string" + }, + "type": { + "description": "type determines which of the union members should be populated.", "type": "string", "default": "" - }, - "networkInterface": { - "description": "Specification of interface to create/use. The default is macvlan. Currently only macvlan is supported.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.networkoperator.v1.EgressRouterInterface" - }, - "redirect": { - "description": "redirect represents the configuration parameters specific to redirect mode.", - "$ref": "#/definitions/com.github.openshift.api.networkoperator.v1.RedirectConfig" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "optionalMember": "OptionalMember", + "requiredMember": "RequiredMember" + } + } + ] }, - "com.github.openshift.api.oauth.v1.ClusterRoleScopeRestriction": { - "description": "ClusterRoleScopeRestriction describes restrictions on cluster role scopes", + "com.github.openshift.api.example.v1.EvolvingUnion": { "type": "object", "required": [ - "roleNames", - "namespaces", - "allowEscalation" + "type" ], "properties": { - "allowEscalation": { - "description": "allowEscalation indicates whether you can request roles and their escalating resources", - "type": "boolean", - "default": false - }, - "namespaces": { - "description": "namespaces is the list of namespaces that can be referenced. * means any of them (including *)", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "roleNames": { - "description": "roleNames is the list of cluster roles that can referenced. * means anything", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "type": { + "description": "type is the discriminator. It has different values for Default and for TechPreviewNoUpgrade", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.oauth.v1.OAuthAccessToken": { - "description": "OAuthAccessToken describes an OAuth access token. The name of a token must be prefixed with a `sha256~` string, must not contain \"/\" or \"%\" characters and must be at least 32 characters long.\n\nThe name of the token is constructed from the actual token by sha256-hashing it and using URL-safe unpadded base64-encoding (as described in RFC4648) on the hashed result.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.example.v1.FormatMarkerExamples": { + "description": "FormatMarkerExamples demonstrates all Kubebuilder Format markers supported as of Kubernetes 1.33. This struct provides a comprehensive reference for format marker validation. Each field uses a different format marker to validate its value.", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "base64Data": { + "description": "base64Data must be valid base64-encoded data. Valid examples include aGVsbG8= (encodes \"hello\") or SGVsbG8gV29ybGQh (encodes \"Hello World!\").", "type": "string" }, - "authorizeToken": { - "description": "authorizeToken contains the token that authorized this token", + "cidrNotation": { + "description": "cidrNotation must be a valid CIDR notation IP address range. Valid examples include IPv4 CIDR (10.0.0.0/8, 192.168.1.0/24) or IPv6 CIDR (fd00::/8, 2001:db8::/32).\n\nUse of Format=cidr is not recommended due to CVE-2021-29923 and CVE-2024-24790. Instead, use the CEL expression `isCIDR(self)` to validate CIDR notation. Additionally, use `isCIDR(self) && cidr(self).ip().family() == X` to validate IPvX specifically.", "type": "string" }, - "clientName": { - "description": "clientName references the client that created this token.", + "dateField": { + "description": "dateField must be a valid date in RFC 3339 full-date format (YYYY-MM-DD). Valid examples include 2024-01-15 or 2023-12-31.", "type": "string" }, - "expiresIn": { - "description": "expiresIn is the seconds from CreationTime before this token expires.", - "type": "integer", - "format": "int64" + "dateTimeField": { + "description": "dateTimeField must be a valid RFC 3339 date-time. Valid examples include 2024-01-15T14:30:00Z, 2024-01-15T14:30:00+00:00, or 2024-01-15T14:30:00.123Z.", + "type": "string" }, - "inactivityTimeoutSeconds": { - "description": "inactivityTimeoutSeconds is the value in seconds, from the CreationTimestamp, after which this token can no longer be used. The value is automatically incremented when the token is used.", - "type": "integer", - "format": "int32" + "durationField": { + "description": "durationField must be a valid duration string parseable by Go's time.ParseDuration. Valid time units are ns, us (or µs), ms, s, m, h. Valid examples include 30s, 5m, 1h30m, 100ms, or 1h.", + "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "emailAddress": { + "description": "emailAddress must be a valid email address. Valid examples include user@example.com or firstname.lastname@company.co.uk.", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "hostnameField": { + "description": "hostnameField must be a valid Internet hostname per RFC 1034. Valid examples include example.com, api.example.com, or my-service.", + "type": "string" }, - "redirectURI": { - "description": "redirectURI is the redirection associated with the token.", + "ipv4Address": { + "description": "ipv4Address must be a valid IPv4 address in dotted-quad notation. Valid values range from 0.0.0.0 to 255.255.255.255 (e.g., 192.168.1.1).\n\nUse of Format=ipv4 is not recommended due to CVE-2021-29923 and CVE-2024-24790. Instead, use the CEL expression `isIP(self) && ip(self).family() == 4` to validate IPv4 addresses.", "type": "string" }, - "refreshToken": { - "description": "refreshToken is the value by which this token can be renewed. Can be blank.", + "ipv6Address": { + "description": "ipv6Address must be a valid IPv6 address. Valid examples include full form (2001:0db8:0000:0000:0000:0000:0000:0001) or compressed form (2001:db8::1 or ::1).\n\nUse of Format=ipv6 is not recommended due to CVE-2021-29923 and CVE-2024-24790. Instead, use the CEL expression `isIP(self) && ip(self).family() == 6` to validate IPv6 addresses.", "type": "string" }, - "scopes": { - "description": "scopes is an array of the requested scopes.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "macAddress": { + "description": "macAddress must be a valid MAC address. Valid examples include 00:1A:2B:3C:4D:5E or 00-1A-2B-3C-4D-5E.", + "type": "string" }, - "userName": { - "description": "userName is the user name associated with this token", + "passwordField": { + "description": "passwordField is a marker for sensitive data. Note that the password format marker does not perform any actual validation - it accepts any string value. This marker is primarily used to signal that the field contains sensitive information.", "type": "string" }, - "userUID": { - "description": "userUID is the unique UID associated with this token", + "uriField": { + "description": "uriField must be a valid URI following RFC 3986 syntax. Valid examples include https://example.com/path?query=value or /absolute-path.", + "type": "string" + }, + "uuid3Field": { + "description": "uuid3Field must be a valid UUID version 3 (MD5 hash-based). Version 3 UUIDs are generated using MD5 hashing of a namespace and name. Valid example: a3bb189e-8bf9-3888-9912-ace4e6543002.", + "type": "string" + }, + "uuid4Field": { + "description": "uuid4Field must be a valid UUID version 4 (random). Version 4 UUIDs are randomly generated. Valid example: 550e8400-e29b-41d4-a716-446655440000.", + "type": "string" + }, + "uuid5Field": { + "description": "uuid5Field must be a valid UUID version 5 (SHA-1 hash-based). Version 5 UUIDs are generated using SHA-1 hashing of a namespace and name. Valid example: 74738ff5-5367-5958-9aee-98fffdcd1876.", + "type": "string" + }, + "uuidField": { + "description": "uuidField must be a valid UUID (any version) in 8-4-4-4-12 format. Valid examples include 550e8400-e29b-41d4-a716-446655440000 or 123e4567-e89b-12d3-a456-426614174000.", "type": "string" } } }, - "com.github.openshift.api.oauth.v1.OAuthAccessTokenList": { - "description": "OAuthAccessTokenList is a collection of OAuth access tokens\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.example.v1.StableConfigType": { + "description": "StableConfigType is a stable config type that may include TechPreviewNoUpgrade fields.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec is the specification of the desired behavior of the StableConfigType.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.example.v1.StableConfigTypeSpec" + }, + "status": { + "description": "status is the most recently observed status of the StableConfigType.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.example.v1.StableConfigTypeStatus" + } + } + }, + "com.github.openshift.api.example.v1.StableConfigTypeList": { + "description": "StableConfigTypeList contains a list of StableConfigTypes.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "items" @@ -27488,11 +27504,10 @@ "type": "string" }, "items": { - "description": "items is the list of OAuth access tokens", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.oauth.v1.OAuthAccessToken" + "$ref": "#/definitions/com.github.openshift.api.example.v1.StableConfigType" } }, "kind": { @@ -27502,72 +27517,165 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.oauth.v1.OAuthAuthorizeToken": { - "description": "OAuthAuthorizeToken describes an OAuth authorization token\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.example.v1.StableConfigTypeSpec": { + "description": "StableConfigTypeSpec is the desired state", "type": "object", + "required": [ + "immutableField" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "celUnion": { + "description": "celUnion demonstrates how to validate a discrminated union using CEL", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.example.v1.CELUnion" }, - "clientName": { - "description": "clientName references the client that created this token.", - "type": "string" + "coolNewField": { + "description": "coolNewField is a field that is for tech preview only. On normal clusters this shouldn't be present", + "type": "string", + "default": "" }, - "codeChallenge": { - "description": "codeChallenge is the optional code_challenge associated with this authorization code, as described in rfc7636", - "type": "string" + "evolvingCollection": { + "description": "evolvingCollection demonstrates how to have a collection where the maximum number of items varies on cluster type. For default clusters, this will be \"1\" but on TechPreview clusters, this value will be \"3\".", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "codeChallengeMethod": { - "description": "codeChallengeMethod is the optional code_challenge_method associated with this authorization code, as described in rfc7636", - "type": "string" + "evolvingUnion": { + "description": "evolvingUnion demonstrates how to phase in new values into discriminated union", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.example.v1.EvolvingUnion" }, - "expiresIn": { - "description": "expiresIn is the seconds from CreationTime before this token expires.", + "formatMarkerExamples": { + "description": "formatMarkerExamples demonstrates all Kubebuilder Format markers supported as of Kubernetes 1.33. This field serves as a comprehensive reference for format marker validation.", + "$ref": "#/definitions/com.github.openshift.api.example.v1.FormatMarkerExamples" + }, + "immutableField": { + "description": "immutableField is a field that is immutable once the object has been created. It is required at all times.", + "type": "string", + "default": "" + }, + "nonZeroDefault": { + "description": "nonZeroDefault is a demonstration of creating an integer field that has a non zero default. It required two default tags (one for CRD generation, one for client generation) and must have `omitempty` and be optional. A minimum value is added to demonstrate that a zero value would not be accepted.", "type": "integer", - "format": "int64" + "format": "int32", + "default": 8 }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "optionalImmutableField": { + "description": "optionalImmutableField is a field that is immutable once set. It is optional but may not be changed once set.", + "type": "string", + "default": "" + }, + "set": { + "description": "set demonstrates how to define and validate set of strings", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "stableField": { + "description": "stableField is a field that is present on default clusters and on tech preview clusters\n\nIf empty, the platform will choose a good default, which may change over time without notice.", + "type": "string", + "default": "" + }, + "subdomainNameField": { + "description": "subdomainNameField represents a kubenetes name field. The intention is that it validates the name in the same way metadata.Name is validated. That is, it is a DNS-1123 subdomain.", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "subnetsWithExclusions": { + "description": "subnetsWithExclusions demonstrates how to validate a list of subnets with exclusions", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/com.github.openshift.api.example.v1.SubnetsWithExclusions" + } + } + }, + "com.github.openshift.api.example.v1.StableConfigTypeStatus": { + "description": "StableConfigTypeStatus defines the observed status of the StableConfigType.", + "type": "object", + "properties": { + "conditions": { + "description": "Represents the observations of a foo's current state. Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "redirectURI": { - "description": "redirectURI is the redirection associated with the token.", + "immutableField": { + "description": "immutableField is a field that is immutable once the object has been created. It is required at all times.", "type": "string" - }, - "scopes": { - "description": "scopes is an array of the requested scopes.", + } + } + }, + "com.github.openshift.api.example.v1.SubnetsWithExclusions": { + "description": "SubnetsWithExclusions is used to validate a list of subnets with exclusions. It demonstrates how exclusions should be validated as subnetworks of the networks listed in the subnets field.", + "type": "object", + "required": [ + "subnets" + ], + "properties": { + "excludeSubnets": { + "description": "excludeSubnets is a list of CIDR exclusions. The subnets in this list must be subnetworks of the subnets in the subnets list.", "type": "array", "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" }, - "state": { - "description": "state data from request", + "subnets": { + "description": "subnets is a list of subnets. It may contain up to 2 subnets. The list may be either 1 IPv4 subnet, 1 IPv6 subnet, or 1 of each.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "com.github.openshift.api.example.v1alpha1.NotStableConfigType": { + "description": "NotStableConfigType is a stable config type that is TechPreviewNoUpgrade only.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "userName": { - "description": "userName is the user name associated with this token", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "userUID": { - "description": "userUID is the unique UID associated with this token. UserUID and UserName must both match for this token to be valid.", - "type": "string" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec is the specification of the desired behavior of the NotStableConfigType.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.example.v1alpha1.NotStableConfigTypeSpec" + }, + "status": { + "description": "status is the most recently observed status of the NotStableConfigType.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.example.v1alpha1.NotStableConfigTypeStatus" } } }, - "com.github.openshift.api.oauth.v1.OAuthAuthorizeTokenList": { - "description": "OAuthAuthorizeTokenList is a collection of OAuth authorization tokens\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.example.v1alpha1.NotStableConfigTypeList": { + "description": "NotStableConfigTypeList contains a list of NotStableConfigTypes.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ "items" @@ -27578,11 +27686,10 @@ "type": "string" }, "items": { - "description": "items is the list of OAuth authorization tokens", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.oauth.v1.OAuthAuthorizeToken" + "$ref": "#/definitions/com.github.openshift.api.example.v1alpha1.NotStableConfigType" } }, "kind": { @@ -27592,149 +27699,130 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.oauth.v1.OAuthClient": { - "description": "OAuthClient describes an OAuth client\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.example.v1alpha1.NotStableConfigTypeSpec": { + "description": "NotStableConfigTypeSpec is the desired state", "type": "object", + "required": [ + "newField" + ], "properties": { - "accessTokenInactivityTimeoutSeconds": { - "description": "accessTokenInactivityTimeoutSeconds overrides the default token inactivity timeout for tokens granted to this client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. This value needs to be set only if the default set in configuration is not appropriate for this client. Valid values are: - 0: Tokens for this client never time out - X: Tokens time out if there is no activity for X seconds The current minimum allowed value for X is 300 (5 minutes)\n\nWARNING: existing tokens' timeout will not be affected (lowered) by changing this value", - "type": "integer", - "format": "int32" - }, - "accessTokenMaxAgeSeconds": { - "description": "accessTokenMaxAgeSeconds overrides the default access token max age for tokens granted to this client. 0 means no expiration.", - "type": "integer", - "format": "int32" - }, - "additionalSecrets": { - "description": "additionalSecrets holds other secrets that may be used to identify the client. This is useful for rotation and for service account token validation", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "grantMethod": { - "description": "grantMethod is a required field which determines how to handle grants for this client. Valid grant handling methods are:\n - auto: always approves grant requests, useful for trusted clients\n - prompt: prompts the end user for approval of grant requests, useful for third-party clients", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "redirectURIs": { - "description": "redirectURIs is the valid redirection URIs associated with a client", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-patch-strategy": "merge" - }, - "respondWithChallenges": { - "description": "respondWithChallenges indicates whether the client wants authentication needed responses made in the form of challenges instead of redirects", - "type": "boolean" - }, - "scopeRestrictions": { - "description": "scopeRestrictions describes which scopes this client can request. Each requested scope is checked against each restriction. If any restriction matches, then the scope is allowed. If no restriction matches, then the scope is denied.", + "newField": { + "description": "newField is a field that is tech preview, but because the entire type is gated, there is no marker on the field.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.example.v1alpha1.NotStableConfigTypeStatus": { + "description": "NotStableConfigTypeStatus defines the observed status of the NotStableConfigType.", + "type": "object", + "properties": { + "conditions": { + "description": "Represents the observations of a foo's current state. Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\"", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.oauth.v1.ScopeRestriction" - } - }, - "secret": { - "description": "secret is the unique secret associated with a client", - "type": "string" + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.oauth.v1.OAuthClientAuthorization": { - "description": "OAuthClientAuthorization describes an authorization created by an OAuth client\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.helm.v1beta1.ConnectionConfig": { "type": "object", + "required": [ + "url" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "clientName": { - "description": "clientName references the client that created this authorization", - "type": "string" + "ca": { + "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca-bundle.crt\" is used to locate the data. If empty, the default system roots are used. The namespace for this config map is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "tlsClientConfig": { + "description": "tlsClientConfig is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate and private key to present when connecting to the server. The key \"tls.crt\" is used to locate the client certificate. The key \"tls.key\" is used to locate the private key. The namespace for this secret is openshift-config.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "url": { + "description": "Chart repository URL", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.helm.v1beta1.ConnectionConfigNamespaceScoped": { + "type": "object", + "required": [ + "url" + ], + "properties": { + "basicAuthConfig": { + "description": "basicAuthConfig is an optional reference to a secret by name that contains the basic authentication credentials to present when connecting to the server. The key \"username\" is used locate the username. The key \"password\" is used to locate the password. The namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" }, - "scopes": { - "description": "scopes is an array of the granted scopes.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "ca": { + "description": "ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. It is used as a trust anchor to validate the TLS certificate presented by the remote server. The key \"ca-bundle.crt\" is used to locate the data. If empty, the default system roots are used. The namespace for this configmap must be same as the namespace where the project helm chart repository is getting instantiated.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "userName": { - "description": "userName is the user name that authorized this client", - "type": "string" + "tlsClientConfig": { + "description": "tlsClientConfig is an optional reference to a secret by name that contains the PEM-encoded TLS client certificate and private key to present when connecting to the server. The key \"tls.crt\" is used to locate the client certificate. The key \"tls.key\" is used to locate the private key. The namespace for this secret must be same as the namespace where the project helm chart repository is getting instantiated.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" }, - "userUID": { - "description": "userUID is the unique UID associated with this authorization. UserUID and UserName must both match for this authorization to be valid.", - "type": "string" + "url": { + "description": "Chart repository URL", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.oauth.v1.OAuthClientAuthorizationList": { - "description": "OAuthClientAuthorizationList is a collection of OAuth client authorizations\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.helm.v1beta1.HelmChartRepository": { + "description": "HelmChartRepository holds cluster-wide configuration for proxied Helm chart repository\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "items" + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "items is the list of OAuth client authorizations", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.oauth.v1.OAuthClientAuthorization" - } - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.HelmChartRepositorySpec" + }, + "status": { + "description": "Observed status of the repository within the cluster..", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.HelmChartRepositoryStatus" } } }, - "com.github.openshift.api.oauth.v1.OAuthClientList": { - "description": "OAuthClientList is a collection of OAuth clients\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.helm.v1beta1.HelmChartRepositoryList": { + "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -27743,11 +27831,10 @@ "type": "string" }, "items": { - "description": "items is the list of OAuth clients", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.oauth.v1.OAuthClient" + "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.HelmChartRepository" } }, "kind": { @@ -27757,104 +27844,64 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.oauth.v1.OAuthRedirectReference": { - "description": "OAuthRedirectReference is a reference to an OAuth redirect object.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "reference": { - "description": "The reference to an redirect object in the current namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.oauth.v1.RedirectReference" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.oauth.v1.RedirectReference": { - "description": "RedirectReference specifies the target in the current namespace that resolves into redirect URIs. Only the 'Route' kind is currently allowed.", + "com.github.openshift.api.helm.v1beta1.HelmChartRepositorySpec": { + "description": "Helm chart repository exposed within the cluster", "type": "object", "required": [ - "group", - "kind", - "name" + "connectionConfig" ], "properties": { - "group": { - "description": "The group of the target that is being referred to.", - "type": "string", - "default": "" + "connectionConfig": { + "description": "Required configuration for connecting to the chart repo", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.ConnectionConfig" }, - "kind": { - "description": "The kind of the target that is being referred to. Currently, only 'Route' is allowed.", - "type": "string", - "default": "" + "description": { + "description": "Optional human readable repository description, it can be used by UI for displaying purposes", + "type": "string" + }, + "disabled": { + "description": "If set to true, disable the repo usage in the cluster/namespace", + "type": "boolean" }, "name": { - "description": "The name of the target that is being referred to. e.g. name of the Route.", - "type": "string", - "default": "" + "description": "Optional associated human readable repository name, it can be used by UI for displaying purposes", + "type": "string" } } }, - "com.github.openshift.api.oauth.v1.ScopeRestriction": { - "description": "ScopeRestriction describe one restriction on scopes. Exactly one option must be non-nil.", + "com.github.openshift.api.helm.v1beta1.HelmChartRepositoryStatus": { "type": "object", "properties": { - "clusterRole": { - "description": "clusterRole describes a set of restrictions for cluster role scoping.", - "$ref": "#/definitions/com.github.openshift.api.oauth.v1.ClusterRoleScopeRestriction" - }, - "literals": { - "description": "ExactValues means the scope has to match a particular set of strings exactly", + "conditions": { + "description": "conditions is a list of conditions and their statuses", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.oauth.v1.UserOAuthAccessToken": { - "description": "UserOAuthAccessToken is a virtual resource to mirror OAuthAccessTokens to the user the access token was issued for", + "com.github.openshift.api.helm.v1beta1.ProjectHelmChartRepository": { + "description": "ProjectHelmChartRepository holds namespace-wide configuration for proxied Helm chart repository\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "authorizeToken": { - "description": "authorizeToken contains the token that authorized this token", - "type": "string" - }, - "clientName": { - "description": "clientName references the client that created this token.", - "type": "string" - }, - "expiresIn": { - "description": "expiresIn is the seconds from CreationTime before this token expires.", - "type": "integer", - "format": "int64" - }, - "inactivityTimeoutSeconds": { - "description": "inactivityTimeoutSeconds is the value in seconds, from the CreationTimestamp, after which this token can no longer be used. The value is automatically incremented when the token is used.", - "type": "integer", - "format": "int32" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -27862,38 +27909,25 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "redirectURI": { - "description": "redirectURI is the redirection associated with the token.", - "type": "string" - }, - "refreshToken": { - "description": "refreshToken is the value by which this token can be renewed. Can be blank.", - "type": "string" - }, - "scopes": { - "description": "scopes is an array of the requested scopes.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "userName": { - "description": "userName is the user name associated with this token", - "type": "string" + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.ProjectHelmChartRepositorySpec" }, - "userUID": { - "description": "userUID is the unique UID associated with this token", - "type": "string" + "status": { + "description": "Observed status of the repository within the namespace..", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.HelmChartRepositoryStatus" } } }, - "com.github.openshift.api.oauth.v1.UserOAuthAccessTokenList": { - "description": "UserOAuthAccessTokenList is a collection of access tokens issued on behalf of the requesting user\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.helm.v1beta1.ProjectHelmChartRepositoryList": { + "description": "Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -27905,7 +27939,7 @@ "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.oauth.v1.UserOAuthAccessToken" + "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.ProjectHelmChartRepository" } }, "kind": { @@ -27915,1088 +27949,1257 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.APIServers": { + "com.github.openshift.api.helm.v1beta1.ProjectHelmChartRepositorySpec": { + "description": "Project Helm chart repository exposed within a namespace", "type": "object", "required": [ - "perGroupOptions" + "connectionConfig" ], "properties": { - "perGroupOptions": { - "description": "perGroupOptions is a list of enabled/disabled API servers in addition to the defaults", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.PerGroupOptions" - } + "connectionConfig": { + "description": "Required configuration for connecting to the chart repo", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.helm.v1beta1.ConnectionConfigNamespaceScoped" + }, + "description": { + "description": "Optional human readable repository description, it can be used by UI for displaying purposes", + "type": "string" + }, + "disabled": { + "description": "If set to true, disable the repo usage in the namespace", + "type": "boolean" + }, + "name": { + "description": "Optional associated human readable repository name, it can be used by UI for displaying purposes", + "type": "string" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.BuildControllerConfig": { + "com.github.openshift.api.image.v1.DockerImageReference": { + "description": "DockerImageReference points to a container image.", "type": "object", "required": [ - "imageTemplateFormat", - "buildDefaults", - "buildOverrides", - "additionalTrustedCA" + "Registry", + "Namespace", + "Name", + "Tag", + "ID" ], "properties": { - "additionalTrustedCA": { - "description": "additionalTrustedCA is a path to a pem bundle file containing additional CAs that should be trusted for image pushes and pulls during builds.", + "ID": { + "description": "ID is the identifier for the container image", "type": "string", "default": "" }, - "buildDefaults": { - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.BuildDefaultsConfig" + "Name": { + "description": "Name is the name of the container image", + "type": "string", + "default": "" }, - "buildOverrides": { - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.BuildOverridesConfig" + "Namespace": { + "description": "Namespace is the namespace that contains the container image", + "type": "string", + "default": "" }, - "imageTemplateFormat": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ImageConfig" + "Registry": { + "description": "Registry is the registry that contains the container image", + "type": "string", + "default": "" + }, + "Tag": { + "description": "Tag is which tag of the container image is being referenced", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.BuildDefaultsConfig": { - "description": "BuildDefaultsConfig controls the default information for Builds\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.image.v1.Image": { + "description": "Image is an immutable representation of a container image and its metadata at a point in time. Images are named by taking a hash of their contents (metadata and content) and any change in format, content, or metadata results in a new name. The images resource is primarily for use by cluster administrators and integrations like the cluster image registry - end users, instead, access images via the imagestreamtags or imagestreamimages resources. While image metadata is stored in the API, any integration that implements the container image registry API must provide its own storage for the raw manifest data, image config, and layer contents.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "properties": { - "annotations": { - "description": "annotations are annotations that will be added to the build pod", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "env": { - "description": "env is a set of default environment variables that will be applied to the build if the specified variables do not exist on the build", + "dockerImageConfig": { + "description": "dockerImageConfig is a JSON blob that the runtime uses to set up the container. This is a part of manifest schema v2. Will not be set when the image represents a manifest list.", + "type": "string" + }, + "dockerImageLayers": { + "description": "dockerImageLayers represents the layers in the image. May not be set if the image does not define that data or if the image represents a manifest list.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageLayer" } }, - "gitHTTPProxy": { - "description": "gitHTTPProxy is the location of the HTTPProxy for Git source", + "dockerImageManifest": { + "description": "dockerImageManifest is the raw JSON of the manifest", "type": "string" }, - "gitHTTPSProxy": { - "description": "gitHTTPSProxy is the location of the HTTPSProxy for Git source", + "dockerImageManifestMediaType": { + "description": "dockerImageManifestMediaType specifies the mediaType of manifest. This is a part of manifest schema v2.", "type": "string" }, - "gitNoProxy": { - "description": "gitNoProxy is the list of domains for which the proxy should not be used", + "dockerImageManifests": { + "description": "dockerImageManifests holds information about sub-manifests when the image represents a manifest list. When this field is present, no DockerImageLayers should be specified.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageManifest" + } + }, + "dockerImageMetadata": { + "description": "dockerImageMetadata contains metadata about this image", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io", + "x-kubernetes-patch-strategy": "replace" + }, + "dockerImageMetadataVersion": { + "description": "dockerImageMetadataVersion conveys the version of the object, which if empty defaults to \"1.0\"", "type": "string" }, - "imageLabels": { - "description": "imageLabels is a list of labels that are applied to the resulting image. User can override a default label by providing a label with the same name in their Build/BuildConfig.", + "dockerImageReference": { + "description": "dockerImageReference is the string that can be used to pull this image.", + "type": "string" + }, + "dockerImageSignatures": { + "description": "dockerImageSignatures provides the signatures as opaque blobs. This is a part of manifest schema v1.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageLabel" + "type": "string", + "format": "byte" } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "nodeSelector": { - "description": "nodeSelector is a selector which must be true for the build pod to fit on a node", - "type": "object", - "additionalProperties": { + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "signatures": { + "description": "signatures holds all signatures of the image.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageSignature" + }, + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + } + } + }, + "com.github.openshift.api.image.v1.ImageBlobReferences": { + "description": "ImageBlobReferences describes the blob references within an image.", + "type": "object", + "properties": { + "config": { + "description": "config, if set, is the blob that contains the image config. Some images do not have separate config blobs and this field will be set to nil if so.", + "type": "string" + }, + "imageMissing": { + "description": "imageMissing is true if the image is referenced by the image stream but the image object has been deleted from the API by an administrator. When this field is set, layers and config fields may be empty and callers that depend on the image metadata should consider the image to be unavailable for download or viewing.", + "type": "boolean", + "default": false + }, + "layers": { + "description": "layers is the list of blobs that compose this image, from base layer to top layer. All layers referenced by this array will be defined in the blobs map. Some images may have zero layers.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "manifests": { + "description": "manifests is the list of other image names that this image points to. For a single architecture image, it is empty. For a multi-arch image, it consists of the digests of single architecture images, such images shouldn't have layers nor config.", + "type": "array", + "items": { "type": "string", "default": "" } + } + } + }, + "com.github.openshift.api.image.v1.ImageImportSpec": { + "description": "ImageImportSpec describes a request to import a specific image.", + "type": "object", + "required": [ + "from" + ], + "properties": { + "from": { + "description": "from is the source of an image to import; only kind DockerImage is allowed", + "default": {}, + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + }, + "importPolicy": { + "description": "importPolicy is the policy controlling how the image is imported", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.TagImportPolicy" }, - "resources": { - "description": "resources defines resource requirements to execute the build.", + "includeManifest": { + "description": "includeManifest determines if the manifest for each image is returned in the response", + "type": "boolean" + }, + "referencePolicy": { + "description": "referencePolicy defines how other components should consume the image", "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" + "$ref": "#/definitions/com.github.openshift.api.image.v1.TagReferencePolicy" }, - "sourceStrategyDefaults": { - "description": "sourceStrategyDefaults are default values that apply to builds using the source strategy.", - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.SourceStrategyDefaultsConfig" + "to": { + "description": "to is a tag in the current image stream to assign the imported image to, if name is not specified the default tag from from.name will be used", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.BuildOverridesConfig": { - "description": "BuildOverridesConfig controls override settings for builds\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.image.v1.ImageImportStatus": { + "description": "ImageImportStatus describes the result of an image import.", "type": "object", + "required": [ + "status" + ], "properties": { - "annotations": { - "description": "annotations are annotations that will be added to the build pod", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "forcePull": { - "description": "forcePull overrides, if set, the equivalent value in the builds, i.e. false disables force pull for all builds, true enables force pull for all builds, independently of what each build specifies itself", - "type": "boolean" + "image": { + "description": "image is the metadata of that image, if the image was located", + "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" }, - "imageLabels": { - "description": "imageLabels is a list of labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten.", + "manifests": { + "description": "manifests holds sub-manifests metadata when importing a manifest list", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageLabel" + "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "nodeSelector": { - "description": "nodeSelector is a selector which must be true for the build pod to fit on a node", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "status": { + "description": "status is the status of the image import, including errors encountered while retrieving the image", + "default": {}, + "$ref": "#/definitions/Status.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "tolerations": { - "description": "tolerations is a list of Tolerations that will override any existing tolerations set on a build pod.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" - } + "tag": { + "description": "tag is the tag this image was located under, if any", + "type": "string" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.ClusterNetworkEntry": { - "description": "ClusterNetworkEntry defines an individual cluster network. The CIDRs cannot overlap with other cluster network CIDRs, CIDRs reserved for external ips, CIDRs reserved for service networks, and CIDRs reserved for ingress ips.", + "com.github.openshift.api.image.v1.ImageLayer": { + "description": "ImageLayer represents a single layer of the image. Some images may have multiple layers. Some may have none.", "type": "object", "required": [ - "cidr", - "hostSubnetLength" + "name", + "size", + "mediaType" ], "properties": { - "cidr": { - "description": "cidr defines the total range of a cluster networks address space.", + "mediaType": { + "description": "mediaType of the referenced object.", "type": "string", "default": "" }, - "hostSubnetLength": { - "description": "hostSubnetLength is the number of bits of the accompanying CIDR address to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pod.", + "name": { + "description": "name of the layer as defined by the underlying store.", + "type": "string", + "default": "" + }, + "size": { + "description": "size of the layer in bytes as defined by the underlying store.", "type": "integer", "format": "int64", "default": 0 } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.DeployerControllerConfig": { - "type": "object", - "required": [ - "imageTemplateFormat" - ], - "properties": { - "imageTemplateFormat": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ImageConfig" - } - } - }, - "com.github.openshift.api.openshiftcontrolplane.v1.DockerPullSecretControllerConfig": { + "com.github.openshift.api.image.v1.ImageLayerData": { + "description": "ImageLayerData contains metadata about an image layer.", "type": "object", "required": [ - "registryURLs", - "internalRegistryHostname" + "size", + "mediaType" ], "properties": { - "internalRegistryHostname": { - "description": "internalRegistryHostname is the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format. Docker pull secrets will be generated for this registry.", + "mediaType": { + "description": "mediaType of the referenced object.", "type": "string", "default": "" }, - "registryURLs": { - "description": "registryURLs is a list of urls that the docker pull secrets should be valid for.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "size": { + "description": "size of the layer in bytes as defined by the underlying store. This field is optional if the necessary information about size is not available.", + "type": "integer", + "format": "int64" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.FrontProxyConfig": { + "com.github.openshift.api.image.v1.ImageList": { + "description": "ImageList is a list of Image objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "clientCA", - "allowedNames", - "usernameHeaders", - "groupHeaders", - "extraHeaderPrefixes" + "items" ], "properties": { - "allowedNames": { - "description": "allowedNames is an optional list of common names to require a match from.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "clientCA": { - "description": "clientCA is a path to the CA bundle to use to verify the common name of the front proxy's client cert", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "extraHeaderPrefixes": { - "description": "extraHeaderPrefixes is the set of header prefixes to check for user extra", + "items": { + "description": "items is a list of images", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" } }, - "groupHeaders": { - "description": "groupHeaders is the set of headers to check for groups", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "usernameHeaders": { - "description": "usernameHeaders is the set of headers to check for the username", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.ImageConfig": { - "description": "ImageConfig holds the necessary configuration options for building image names for system components", + "com.github.openshift.api.image.v1.ImageLookupPolicy": { + "description": "ImageLookupPolicy describes how an image stream can be used to override the image references used by pods, builds, and other resources in a namespace.", "type": "object", "required": [ - "format", - "latest" + "local" ], "properties": { - "format": { - "description": "format is the format of the name to be built for the system component", - "type": "string", - "default": "" - }, - "latest": { - "description": "latest determines if the latest tag will be pulled from the registry", + "local": { + "description": "local will change the docker short image references (like \"mysql\" or \"php:latest\") on objects in this namespace to the image ID whenever they match this image stream, instead of reaching out to a remote registry. The name will be fully qualified to an image ID if found. The tag's referencePolicy is taken into account on the replaced value. Only works within the current namespace.", "type": "boolean", "default": false } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.ImageImportControllerConfig": { + "com.github.openshift.api.image.v1.ImageManifest": { + "description": "ImageManifest represents sub-manifests of a manifest list. The Digest field points to a regular Image object.", "type": "object", "required": [ - "maxScheduledImageImportsPerMinute", - "disableScheduledImport", - "scheduledImageImportMinimumIntervalSeconds" + "digest", + "mediaType", + "manifestSize", + "architecture", + "os" ], "properties": { - "disableScheduledImport": { - "description": "disableScheduledImport allows scheduled background import of images to be disabled.", - "type": "boolean", - "default": false + "architecture": { + "description": "architecture specifies the supported CPU architecture, for example `amd64` or `ppc64le`.", + "type": "string", + "default": "" }, - "maxScheduledImageImportsPerMinute": { - "description": "maxScheduledImageImportsPerMinute is the maximum number of image streams that will be imported in the background per minute. The default value is 60. Set to -1 for unlimited.", - "type": "integer", - "format": "int32", - "default": 0 + "digest": { + "description": "digest is the unique identifier for the manifest. It refers to an Image object.", + "type": "string", + "default": "" }, - "scheduledImageImportMinimumIntervalSeconds": { - "description": "scheduledImageImportMinimumIntervalSeconds is the minimum number of seconds that can elapse between when image streams scheduled for background import are checked against the upstream repository. The default value is 15 minutes.", + "manifestSize": { + "description": "manifestSize represents the size of the raw object contents, in bytes.", "type": "integer", - "format": "int32", + "format": "int64", "default": 0 + }, + "mediaType": { + "description": "mediaType defines the type of the manifest, possible values are application/vnd.oci.image.manifest.v1+json, application/vnd.docker.distribution.manifest.v2+json or application/vnd.docker.distribution.manifest.v1+json.", + "type": "string", + "default": "" + }, + "os": { + "description": "os specifies the operating system, for example `linux`.", + "type": "string", + "default": "" + }, + "variant": { + "description": "variant is an optional field repreenting a variant of the CPU, for example v6 to specify a particular CPU variant of the ARM CPU.", + "type": "string" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.ImagePolicyConfig": { + "com.github.openshift.api.image.v1.ImageSignature": { + "description": "ImageSignature holds a signature of an image. It allows to verify image identity and possibly other claims as long as the signature is trusted. Based on this information it is possible to restrict runnable images to those matching cluster-wide policy. Mandatory fields should be parsed by clients doing image verification. The others are parsed from signature's content by the server. They serve just an informative purpose.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "maxImagesBulkImportedPerRepository", - "allowedRegistriesForImport", - "internalRegistryHostname", - "externalRegistryHostnames", - "additionalTrustedCA" + "type", + "content" ], "properties": { - "additionalTrustedCA": { - "description": "additionalTrustedCA is a path to a pem bundle file containing additional CAs that should be trusted during imagestream import.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "allowedRegistriesForImport": { - "description": "allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions.", + "conditions": { + "description": "conditions represent the latest available observations of a signature's current state.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.RegistryLocation" - } + "$ref": "#/definitions/com.github.openshift.api.image.v1.SignatureCondition" + }, + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "externalRegistryHostnames": { - "description": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", - "type": "array", - "items": { + "content": { + "description": "Required: An opaque binary string which is an image's signature.", + "type": "string", + "format": "byte" + }, + "created": { + "description": "If specified, it is the time of signature's creation.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "imageIdentity": { + "description": "A human readable string representing image's identity. It could be a product name and version, or an image pull spec (e.g. \"registry.access.redhat.com/rhel7/rhel:7.2\").", + "type": "string" + }, + "issuedBy": { + "description": "If specified, it holds information about an issuer of signing certificate or key (a person or entity who signed the signing certificate or key).", + "$ref": "#/definitions/com.github.openshift.api.image.v1.SignatureIssuer" + }, + "issuedTo": { + "description": "If specified, it holds information about a subject of signing certificate or key (a person or entity who signed the image).", + "$ref": "#/definitions/com.github.openshift.api.image.v1.SignatureSubject" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "signedClaims": { + "description": "Contains claims from the signature.", + "type": "object", + "additionalProperties": { "type": "string", "default": "" } }, - "imageStreamImportMode": { - "description": "imageStreamImportMode provides the import mode value for imagestreams. It can be `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.If this value is specified, this setting is applied to all newly created imagestreams which do not have the value set.\n\nPossible enum values:\n - `\"Legacy\"` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. This mode is the default.\n - `\"PreserveOriginal\"` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.", - "type": "string", - "default": "", - "enum": [ - "Legacy", - "PreserveOriginal" - ] - }, - "internalRegistryHostname": { - "description": "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format.", + "type": { + "description": "Required: Describes a type of stored blob.", "type": "string", "default": "" + } + } + }, + "com.github.openshift.api.image.v1.ImageStream": { + "description": "An ImageStream stores a mapping of tags to images, metadata overrides that are applied when images are tagged in a stream, and an optional reference to a container image repository on a registry. Users typically update the spec.tags field to point to external images which are imported from container registries using credentials in your namespace with the pull secret type, or to existing image stream tags and images which are immediately accessible for tagging or pulling. The history of images applied to a tag is visible in the status.tags field and any user who can view an image stream is allowed to tag that image into their own image streams. Access to pull images from the integrated registry is granted by having the \"get imagestreams/layers\" permission on a given image stream. Users may remove a tag by deleting the imagestreamtag resource, which causes both spec and status for that tag to be removed. Image stream history is retained until an administrator runs the prune operation, which removes references that are no longer in use. To preserve a historical image, ensure there is a tag in spec pointing to that image by its digest.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "maxImagesBulkImportedPerRepository": { - "description": "maxImagesBulkImportedPerRepository controls the number of images that are imported when a user does a bulk import of a container repository. This number is set low to prevent users from importing large numbers of images accidentally. Set -1 for no limit.", - "type": "integer", - "format": "int32", - "default": 0 + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec describes the desired state of this stream", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStreamSpec" + }, + "status": { + "description": "status describes the current state of this stream", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStreamStatus" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.IngressControllerConfig": { + "com.github.openshift.api.image.v1.ImageStreamImage": { + "description": "ImageStreamImage represents an Image that is retrieved by image name from an ImageStream. User interfaces and regular users can use this resource to access the metadata details of a tagged image in the image stream history for viewing, since Image resources are not directly accessible to end users. A not found error will be returned if no such image is referenced by a tag within the ImageStream. Images are created when spec tags are set on an image stream that represent an image in an external registry, when pushing to the integrated registry, or when tagging an existing image from one image stream to another. The name of an image stream image is in the form \"@\", where the digest is the content addressible identifier for the image (sha256:xxxxx...). You can use ImageStreamImages as the from.kind of an image stream spec tag to reference an image exactly. The only operations supported on the imagestreamimage endpoint are retrieving the image.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "ingressIPNetworkCIDR" + "image" ], "properties": { - "ingressIPNetworkCIDR": { - "description": "ingressIPNetworkCIDR controls the range to assign ingress ips from for services of type LoadBalancer on bare metal. If empty, ingress ips will not be assigned. It may contain a single CIDR that will be allocated from. For security reasons, you should ensure that this range does not overlap with the CIDRs reserved for external ips, nodes, pods, or services.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "image": { + "description": "image associated with the ImageStream and image name.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.JenkinsPipelineConfig": { - "description": "JenkinsPipelineConfig holds configuration for the Jenkins pipeline strategy", + "com.github.openshift.api.image.v1.ImageStreamImport": { + "description": "The image stream import resource provides an easy way for a user to find and import container images from other container image registries into the server. Individual images or an entire image repository may be imported, and users may choose to see the results of the import prior to tagging the resulting images into the specified image stream.\n\nThis API is intended for end-user tools that need to see the metadata of the image prior to import (for instance, to generate an application from it). Clients that know the desired image can continue to create spec.tags directly into their image streams.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "autoProvisionEnabled", - "templateNamespace", - "templateName", - "serviceName", - "parameters" + "spec", + "status" ], "properties": { - "autoProvisionEnabled": { - "description": "autoProvisionEnabled determines whether a Jenkins server will be spawned from the provided template when the first build config in the project with type JenkinsPipeline is created. When not specified this option defaults to true.", - "type": "boolean" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "parameters": { - "description": "parameters specifies a set of optional parameters to the Jenkins template.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "serviceName": { - "description": "serviceName is the name of the Jenkins service OpenShift uses to detect whether a Jenkins pipeline handler has already been installed in a project. This value *must* match a service name in the provided template.", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "templateName": { - "description": "templateName is the name of the default Jenkins template", - "type": "string", - "default": "" + "spec": { + "description": "spec is a description of the images that the user wishes to import", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStreamImportSpec" }, - "templateNamespace": { - "description": "templateNamespace contains the namespace name where the Jenkins template is stored", - "type": "string", - "default": "" + "status": { + "description": "status is the result of importing the image", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStreamImportStatus" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.NetworkControllerConfig": { - "description": "MasterNetworkConfig to be passed to the compiled in network plugin", + "com.github.openshift.api.image.v1.ImageStreamImportSpec": { + "description": "ImageStreamImportSpec defines what images should be imported.", "type": "object", "required": [ - "networkPluginName", - "clusterNetworks", - "serviceNetworkCIDR", - "vxlanPort" + "import" ], "properties": { - "clusterNetworks": { - "description": "clusterNetworks contains a list of cluster networks that defines the global overlay networks L3 space.", + "images": { + "description": "images are a list of individual images to import.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ClusterNetworkEntry" + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageImportSpec" } }, - "networkPluginName": { - "type": "string", - "default": "" + "import": { + "description": "import indicates whether to perform an import - if so, the specified tags are set on the spec and status of the image stream defined by the type meta.", + "type": "boolean", + "default": false }, - "serviceNetworkCIDR": { - "type": "string", - "default": "" + "repository": { + "description": "repository is an optional import of an entire container image repository. A maximum limit on the number of tags imported this way is imposed by the server.", + "$ref": "#/definitions/com.github.openshift.api.image.v1.RepositoryImportSpec" + } + } + }, + "com.github.openshift.api.image.v1.ImageStreamImportStatus": { + "description": "ImageStreamImportStatus contains information about the status of an image stream import.", + "type": "object", + "properties": { + "images": { + "description": "images is set with the result of importing spec.images", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageImportStatus" + } }, - "vxlanPort": { - "type": "integer", - "format": "int64", - "default": 0 + "import": { + "description": "import is the image stream that was successfully updated or created when 'to' was set.", + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStream" + }, + "repository": { + "description": "repository is set if spec.repository was set to the outcome of the import", + "$ref": "#/definitions/com.github.openshift.api.image.v1.RepositoryImportStatus" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.OpenShiftAPIServerConfig": { - "description": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.image.v1.ImageStreamLayers": { + "description": "ImageStreamLayers describes information about the layers referenced by images in this image stream.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "servingInfo", - "corsAllowedOrigins", - "auditConfig", - "storageConfig", - "admission", - "kubeClientConfig", - "aggregatorConfig", - "imagePolicyConfig", - "projectConfig", - "routingConfig", - "serviceAccountOAuthGrantMethod", - "jenkinsPipelineConfig", - "cloudProviderFile", - "apiServerArguments", - "apiServers" + "blobs", + "images" ], "properties": { - "admission": { - "description": "admissionConfig holds information about how to configure admission.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AdmissionConfig" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "aggregatorConfig": { - "description": "aggregatorConfig contains information about how to verify the aggregator front proxy", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.FrontProxyConfig" + "blobs": { + "description": "blobs is a map of blob name to metadata about the blob.", + "type": "object", + "additionalProperties": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageLayerData" + } }, - "apiServerArguments": { + "images": { + "description": "images is a map between an image name and the names of the blobs and config that comprise the image.", "type": "object", "additionalProperties": { - "type": "array", - "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageBlobReferences" } }, - "apiServers": { - "description": "apiServers holds information about enabled/disabled API servers", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.APIServers" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.image.v1.ImageStreamList": { + "description": "ImageStreamList is a list of ImageStream objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "items" + ], + "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "auditConfig": { - "description": "auditConfig describes how to configure audit information", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AuditConfig" - }, - "cloudProviderFile": { - "description": "cloudProviderFile points to the cloud config file", - "type": "string", - "default": "" - }, - "corsAllowedOrigins": { - "description": "corsAllowedOrigins", + "items": { + "description": "items is a list of imageStreams", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStream" } }, - "imagePolicyConfig": { - "description": "imagePolicyConfig feeds the image policy admission plugin", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ImagePolicyConfig" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.image.v1.ImageStreamMapping": { + "description": "ImageStreamMapping represents a mapping from a single image stream tag to a container image as well as the reference to the container image stream the image came from. This resource is used by privileged integrators to create an image resource and to associate it with an image stream in the status tags field. Creating an ImageStreamMapping will allow any user who can view the image stream to tag or pull that image, so only create mappings where the user has proven they have access to the image contents directly. The only operation supported for this resource is create and the metadata name and namespace should be set to the image stream containing the tag that should be updated.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "image", + "tag" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "jenkinsPipelineConfig": { - "description": "jenkinsPipelineConfig holds information about the default Jenkins template used for JenkinsPipeline build strategy.", + "image": { + "description": "image is a container image.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.JenkinsPipelineConfig" + "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "kubeClientConfig": { + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.KubeClientConfig" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "projectConfig": { - "description": "projectConfig feeds an admission plugin", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ProjectConfig" + "tag": { + "description": "tag is a string value this image can be located with inside the stream.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.image.v1.ImageStreamSpec": { + "description": "ImageStreamSpec represents options for ImageStreams.", + "type": "object", + "properties": { + "dockerImageRepository": { + "description": "dockerImageRepository is optional, if specified this stream is backed by a container repository on this server Deprecated: This field is deprecated as of v3.7 and will be removed in a future release. Specify the source for the tags to be imported in each tag via the spec.tags.from reference instead.", + "type": "string" }, - "routingConfig": { - "description": "routingConfig holds information about routing and route generation", + "lookupPolicy": { + "description": "lookupPolicy controls how other resources reference images within this namespace.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.RoutingConfig" + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageLookupPolicy" }, - "serviceAccountOAuthGrantMethod": { - "description": "serviceAccountOAuthGrantMethod is used for determining client authorization for service account oauth client. It must be either: deny, prompt, or \"\"", + "tags": { + "description": "tags map arbitrary string values to specific image locators", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.TagReference" + }, + "x-kubernetes-patch-merge-key": "name", + "x-kubernetes-patch-strategy": "merge" + } + } + }, + "com.github.openshift.api.image.v1.ImageStreamStatus": { + "description": "ImageStreamStatus contains information about the state of this image stream.", + "type": "object", + "properties": { + "dockerImageRepository": { + "description": "dockerImageRepository represents the effective location this stream may be accessed at. May be empty until the server determines where the repository is located", "type": "string", "default": "" }, - "servingInfo": { - "description": "servingInfo describes how to start serving", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" + "publicDockerImageRepository": { + "description": "publicDockerImageRepository represents the public location from where the image can be pulled outside the cluster. This field may be empty if the administrator has not exposed the integrated registry externally.", + "type": "string" }, - "storageConfig": { - "description": "storageConfig contains information about how to use", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.EtcdStorageConfig" + "tags": { + "description": "tags are a historical record of images associated with each tag. The first entry in the TagEvent array is the currently tagged image.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.NamedTagEventList" + }, + "x-kubernetes-patch-merge-key": "tag", + "x-kubernetes-patch-strategy": "merge" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.OpenShiftControllerManagerConfig": { - "description": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.image.v1.ImageStreamTag": { + "description": "ImageStreamTag represents an Image that is retrieved by tag name from an ImageStream. Use this resource to interact with the tags and images in an image stream by tag, or to see the image details for a particular tag. The image associated with this resource is the most recently successfully tagged, imported, or pushed image (as described in the image stream status.tags.items list for this tag). If an import is in progress or has failed the previous image will be shown. Deleting an image stream tag clears both the status and spec fields of an image stream. If no image can be retrieved for a given tag, a not found error will be returned.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "servingInfo", - "leaderElection", - "controllers", - "resourceQuota", - "serviceServingCert", - "deployer", - "build", - "serviceAccount", - "dockerPullSecret", - "network", - "ingress", - "imageImport", - "securityAllocator", - "featureGates" + "tag", + "generation", + "lookupPolicy", + "image" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "build": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.BuildControllerConfig" - }, - "controllers": { - "description": "controllers is a list of controllers to enable. '*' enables all on-by-default controllers, 'foo' enables the controller \"+ named 'foo', '-foo' disables the controller named 'foo'. Defaults to \"*\".", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "deployer": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.DeployerControllerConfig" - }, - "dockerPullSecret": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.DockerPullSecretControllerConfig" - }, - "featureGates": { - "description": "featureGates are the set of extra OpenShift feature gates for openshift-controller-manager. These feature gates can be used to enable features that are tech preview or otherwise not available on OpenShift by default.", + "conditions": { + "description": "conditions is an array of conditions that apply to the image stream tag.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.TagEventCondition" } }, - "imageImport": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ImageImportControllerConfig" + "generation": { + "description": "generation is the current generation of the tagged image - if tag is provided and this value is not equal to the tag generation, a user has requested an import that has not completed, or conditions will be filled out indicating any error.", + "type": "integer", + "format": "int64", + "default": 0 }, - "ingress": { + "image": { + "description": "image associated with the ImageStream and tag.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.IngressControllerConfig" + "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "leaderElection": { - "description": "leaderElection defines the configuration for electing a controller instance to make changes to the cluster. If unspecified, the ControllerTTL value is checked to determine whether the legacy direct etcd election code will be used.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.LeaderElection" - }, - "network": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.NetworkControllerConfig" - }, - "resourceQuota": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ResourceQuotaControllerConfig" - }, - "securityAllocator": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.SecurityAllocator" - }, - "serviceAccount": { + "lookupPolicy": { + "description": "lookupPolicy indicates whether this tag will handle image references in this namespace.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ServiceAccountControllerConfig" + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageLookupPolicy" }, - "serviceServingCert": { + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ServiceServingCert" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "servingInfo": { - "description": "servingInfo describes how to start serving", - "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" + "tag": { + "description": "tag is the spec tag associated with this image stream tag, and it may be null if only pushes have occurred to this image stream.", + "$ref": "#/definitions/com.github.openshift.api.image.v1.TagReference" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.PerGroupOptions": { + "com.github.openshift.api.image.v1.ImageStreamTagList": { + "description": "ImageStreamTagList is a list of ImageStreamTag objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "name", - "enabledVersions", - "disabledVersions" + "items" ], "properties": { - "disabledVersions": { - "description": "disabledVersions is a list of versions that must be disabled in addition to the defaults. Must not collide with the list of enabled versions", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "enabledVersions": { - "description": "enabledVersions is a list of versions that must be enabled in addition to the defaults. Must not collide with the list of disabled versions", + "items": { + "description": "items is the list of image stream tags", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageStreamTag" } }, - "name": { - "description": "name is an API server name (see OpenShiftAPIserverName typed constants for a complete list of available API servers).", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.ProjectConfig": { + "com.github.openshift.api.image.v1.ImageTag": { + "description": "ImageTag represents a single tag within an image stream and includes the spec, the status history, and the currently referenced image (if any) of the provided tag. This type replaces the ImageStreamTag by providing a full view of the tag. ImageTags are returned for every spec or status tag present on the image stream. If no tag exists in either form, a not found error will be returned by the API. A create operation will succeed if no spec tag has already been defined and the spec field is set. Delete will remove both spec and status elements from the image stream.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "defaultNodeSelector", - "projectRequestMessage", - "projectRequestTemplate" + "spec", + "status", + "image" ], "properties": { - "defaultNodeSelector": { - "description": "defaultNodeSelector holds default project node label selector", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "projectRequestMessage": { - "description": "projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint", - "type": "string", - "default": "" + "image": { + "description": "image is the details of the most recent image stream status tag, and it may be null if import has not completed or an administrator has deleted the image object. To verify this is the most recent image, you must verify the generation of the most recent status.items entry matches the spec tag (if a spec tag is set). This field will not be set when listing image tags.", + "$ref": "#/definitions/com.github.openshift.api.image.v1.Image" }, - "projectRequestTemplate": { - "description": "projectRequestTemplate is the template to use for creating projects in response to projectrequest. It is in the format namespace/template and it is optional. If it is not specified, a default template is used.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.openshiftcontrolplane.v1.RegistryLocation": { - "description": "RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'.", - "type": "object", - "required": [ - "domainName" - ], - "properties": { - "domainName": { - "description": "domainName specifies a domain name for the registry In case the registry use non-standard (80 or 443) port, the port should be included in the domain name as well.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "insecure": { - "description": "insecure indicates whether the registry is secure (https) or insecure (http) By default (if not specified) the registry is assumed as secure.", - "type": "boolean" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec is the spec tag associated with this image stream tag, and it may be null if only pushes have occurred to this image stream.", + "$ref": "#/definitions/com.github.openshift.api.image.v1.TagReference" + }, + "status": { + "description": "status is the status tag details associated with this image stream tag, and it may be null if no push or import has been performed.", + "$ref": "#/definitions/com.github.openshift.api.image.v1.NamedTagEventList" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.ResourceQuotaControllerConfig": { + "com.github.openshift.api.image.v1.ImageTagList": { + "description": "ImageTagList is a list of ImageTag objects. When listing image tags, the image field is not populated. Tags are returned in alphabetical order by image stream and then tag.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "concurrentSyncs", - "syncPeriod", - "minResyncPeriod" + "items" ], "properties": { - "concurrentSyncs": { - "type": "integer", - "format": "int32", - "default": 0 + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "minResyncPeriod": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + "items": { + "description": "items is the list of image stream tags", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageTag" + } }, - "syncPeriod": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.RoutingConfig": { - "description": "RoutingConfig holds the necessary configuration options for routing to subdomains", + "com.github.openshift.api.image.v1.NamedTagEventList": { + "description": "NamedTagEventList relates a tag to its image history.", "type": "object", "required": [ - "subdomain" + "tag", + "items" ], "properties": { - "subdomain": { - "description": "subdomain is the suffix appended to $service.$namespace. to form the default route hostname DEPRECATED: This field is being replaced by routers setting their own defaults. This is the \"default\" route.", + "conditions": { + "description": "conditions is an array of conditions that apply to the tag event list.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.TagEventCondition" + } + }, + "items": { + "description": "Standard object's metadata.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.TagEvent" + } + }, + "tag": { + "description": "tag is the tag for which the history is recorded", "type": "string", "default": "" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.SecurityAllocator": { - "description": "SecurityAllocator controls the automatic allocation of UIDs and MCS labels to a project. If nil, allocation is disabled.", + "com.github.openshift.api.image.v1.RepositoryImportSpec": { + "description": "RepositoryImportSpec describes a request to import images from a container image repository.", "type": "object", "required": [ - "uidAllocatorRange", - "mcsAllocatorRange", - "mcsLabelsPerProject" + "from" ], "properties": { - "mcsAllocatorRange": { - "description": "mcsAllocatorRange defines the range of MCS categories that will be assigned to namespaces. The format is \"/[,]\". The default is \"s0/2\" and will allocate from c0 -> c1023, which means a total of 535k labels are available (1024 choose 2 ~ 535k). If this value is changed after startup, new projects may receive labels that are already allocated to other projects. Prefix may be any valid SELinux set of terms (including user, role, and type), although leaving them as the default will allow the server to set them automatically.\n\nExamples: * s0:/2 - Allocate labels from s0:c0,c0 to s0:c511,c511 * s0:/2,512 - Allocate labels from s0:c0,c0,c0 to s0:c511,c511,511", - "type": "string", - "default": "" + "from": { + "description": "from is the source for the image repository to import; only kind DockerImage and a name of a container image repository is allowed", + "default": {}, + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" }, - "mcsLabelsPerProject": { - "description": "mcsLabelsPerProject defines the number of labels that should be reserved per project. The default is 5 to match the default UID and MCS ranges (100k namespaces, 535k/5 labels).", - "type": "integer", - "format": "int32", - "default": 0 + "importPolicy": { + "description": "importPolicy is the policy controlling how the image is imported", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.TagImportPolicy" }, - "uidAllocatorRange": { - "description": "uidAllocatorRange defines the total set of Unix user IDs (UIDs) that will be allocated to projects automatically, and the size of the block each namespace gets. For example, 1000-1999/10 will allocate ten UIDs per namespace, and will be able to allocate up to 100 blocks before running out of space. The default is to allocate from 1 billion to 2 billion in 10k blocks (which is the expected size of the ranges container images will use once user namespaces are started).", - "type": "string", - "default": "" + "includeManifest": { + "description": "includeManifest determines if the manifest for each image is returned in the response", + "type": "boolean" + }, + "referencePolicy": { + "description": "referencePolicy defines how other components should consume the image", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.TagReferencePolicy" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.ServiceAccountControllerConfig": { + "com.github.openshift.api.image.v1.RepositoryImportStatus": { + "description": "RepositoryImportStatus describes the result of an image repository import", "type": "object", - "required": [ - "managedNames" - ], "properties": { - "managedNames": { - "description": "managedNames is a list of service account names that will be auto-created in every namespace. If no names are specified, the ServiceAccountsController will not be started.", + "additionalTags": { + "description": "additionalTags are tags that exist in the repository but were not imported because a maximum limit of automatic imports was applied.", "type": "array", "items": { "type": "string", "default": "" } + }, + "images": { + "description": "images is a list of images successfully retrieved by the import of the repository.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.ImageImportStatus" + } + }, + "status": { + "description": "status reflects whether any failure occurred during import", + "default": {}, + "$ref": "#/definitions/Status.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.ServiceServingCert": { - "description": "ServiceServingCert holds configuration for service serving cert signer which creates cert/key pairs for pods fulfilling a service to serve with.", + "com.github.openshift.api.image.v1.SecretList": { + "description": "SecretList is a list of Secret.", "type": "object", "required": [ - "signer" + "items" ], "properties": { - "signer": { - "description": "signer holds the signing information used to automatically sign serving certificates. If this value is nil, then certs are not signed automatically.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.CertInfo" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "Items is a list of secret objects. More info: https://kubernetes.io/docs/concepts/configuration/secret", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Secret.v1.core.api.k8s.io" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.openshiftcontrolplane.v1.SourceStrategyDefaultsConfig": { - "description": "SourceStrategyDefaultsConfig contains values that apply to builds using the source strategy.", + "com.github.openshift.api.image.v1.SignatureCondition": { + "description": "SignatureCondition describes an image signature condition of particular kind at particular probe time.", "type": "object", + "required": [ + "type", + "status" + ], "properties": { - "incremental": { - "description": "incremental indicates if s2i build strategies should perform an incremental build or not", - "type": "boolean" + "lastProbeTime": { + "description": "Last time the condition was checked.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "lastTransitionTime": { + "description": "Last time the condition transit from one status to another.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "message": { + "description": "Human readable message indicating details about last transition.", + "type": "string" + }, + "reason": { + "description": "(brief) reason for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", + "type": "string", + "default": "" + }, + "type": { + "description": "type of signature condition, Complete or Failed.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.AWSCSIDriverConfigSpec": { - "description": "AWSCSIDriverConfigSpec defines properties that can be configured for the AWS CSI driver.", + "com.github.openshift.api.image.v1.SignatureGenericEntity": { + "description": "SignatureGenericEntity holds a generic information about a person or entity who is an issuer or a subject of signing certificate or key.", "type": "object", "properties": { - "efsVolumeMetrics": { - "description": "efsVolumeMetrics sets the configuration for collecting metrics from EFS volumes used by the EFS CSI Driver.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSEFSVolumeMetrics" + "commonName": { + "description": "Common name (e.g. openshift-signing-service).", + "type": "string" }, - "kmsKeyARN": { - "description": "kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, rather than the default KMS key used by AWS. The value may be either the ARN or Alias ARN of a KMS key.\n\nThe ARN must follow the format: arn::kms:::(key|alias)/, where: is the AWS partition (aws, aws-cn, aws-us-gov, aws-iso, aws-iso-b, aws-iso-e, aws-iso-f, or aws-eusc), is the AWS region, is a 12-digit numeric identifier for the AWS account, is the KMS key ID or alias name.", + "organization": { + "description": "organization name.", "type": "string" } } }, - "com.github.openshift.api.operator.v1.AWSClassicLoadBalancerParameters": { - "description": "AWSClassicLoadBalancerParameters holds configuration parameters for an AWS Classic load balancer.", + "com.github.openshift.api.image.v1.SignatureIssuer": { + "description": "SignatureIssuer holds information about an issuer of signing certificate or key.", "type": "object", "properties": { - "connectionIdleTimeout": { - "description": "connectionIdleTimeout specifies the maximum time period that a connection may be idle before the load balancer closes the connection. The value must be parseable as a time duration value; see . A nil or zero value means no opinion, in which case a default value is used. The default value for this field is 60s. This default is subject to change.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + "commonName": { + "description": "Common name (e.g. openshift-signing-service).", + "type": "string" }, - "subnets": { - "description": "subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10.\n\nIn order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values.\n\nWhen omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSSubnets" + "organization": { + "description": "organization name.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.AWSEFSVolumeMetrics": { - "description": "AWSEFSVolumeMetrics defines the configuration for volume metrics in the EFS CSI Driver.", + "com.github.openshift.api.image.v1.SignatureSubject": { + "description": "SignatureSubject holds information about a person or entity who created the signature.", "type": "object", "required": [ - "state" + "publicKeyID" ], "properties": { - "recursiveWalk": { - "description": "recursiveWalk provides additional configuration for collecting volume metrics in the AWS EFS CSI Driver when the state is set to RecursiveWalk.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSEFSVolumeMetricsRecursiveWalkConfig" + "commonName": { + "description": "Common name (e.g. openshift-signing-service).", + "type": "string" }, - "state": { - "description": "state defines the state of metric collection in the AWS EFS CSI Driver. This field is required and must be set to one of the following values: Disabled or RecursiveWalk. Disabled means no metrics collection will be performed. This is the default value. RecursiveWalk means the AWS EFS CSI Driver will recursively scan volumes to collect metrics. This process may result in high CPU and memory usage, depending on the volume size.", + "organization": { + "description": "organization name.", + "type": "string" + }, + "publicKeyID": { + "description": "If present, it is a human readable key id of public key belonging to the subject used to verify image signature. It should contain at least 64 lowest bits of public key's fingerprint (e.g. 0x685ebe62bf278440).", "type": "string", "default": "" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "state", - "fields-to-discriminateBy": { - "recursiveWalk": "RecursiveWalk" - } - } - ] + } }, - "com.github.openshift.api.operator.v1.AWSEFSVolumeMetricsRecursiveWalkConfig": { - "description": "AWSEFSVolumeMetricsRecursiveWalkConfig defines options for volume metrics in the EFS CSI Driver.", + "com.github.openshift.api.image.v1.TagEvent": { + "description": "TagEvent is used by ImageStreamStatus to keep a historical record of images associated with a tag.", "type": "object", + "required": [ + "created", + "dockerImageReference", + "image", + "generation" + ], "properties": { - "fsRateLimit": { - "description": "fsRateLimit defines the rate limit, in goroutines per file system, for processing volume metrics. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 5. The valid range is from 1 to 100 goroutines.", - "type": "integer", - "format": "int32" + "created": { + "description": "created holds the time the TagEvent was created", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "refreshPeriodMinutes": { - "description": "refreshPeriodMinutes specifies the frequency, in minutes, at which volume metrics are refreshed. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 240. The valid range is from 1 to 43200 minutes (30 days).", + "dockerImageReference": { + "description": "dockerImageReference is the string that can be used to pull this image", + "type": "string", + "default": "" + }, + "generation": { + "description": "generation is the spec tag generation that resulted in this tag being updated", "type": "integer", - "format": "int32" + "format": "int64", + "default": 0 + }, + "image": { + "description": "image is the image", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.AWSLoadBalancerParameters": { - "description": "AWSLoadBalancerParameters provides configuration settings that are specific to AWS load balancers.", + "com.github.openshift.api.image.v1.TagEventCondition": { + "description": "TagEventCondition contains condition information for a tag event.", "type": "object", "required": [ - "type" + "type", + "status", + "generation" ], "properties": { - "classicLoadBalancer": { - "description": "classicLoadBalancerParameters holds configuration parameters for an AWS classic load balancer. Present only if type is Classic.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSClassicLoadBalancerParameters" + "generation": { + "description": "generation is the spec tag generation that this status corresponds to", + "type": "integer", + "format": "int64", + "default": 0 }, - "networkLoadBalancer": { - "description": "networkLoadBalancerParameters holds configuration parameters for an AWS network load balancer. Present only if type is NLB.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSNetworkLoadBalancerParameters" + "lastTransitionTime": { + "description": "lastTransitionTime is the time the condition transitioned from one status to another.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "type": { - "description": "type is the type of AWS load balancer to instantiate for an ingresscontroller.\n\nValid values are:\n\n* \"Classic\": A Classic Load Balancer that makes routing decisions at either\n the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See\n the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb\n\n* \"NLB\": A Network Load Balancer that makes routing decisions at the\n transport layer (TCP/SSL). See the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb", + "message": { + "description": "message is a human readable description of the details about last transition, complementing reason.", + "type": "string" + }, + "reason": { + "description": "reason is a brief machine readable explanation for the condition's last transition.", + "type": "string" + }, + "status": { + "description": "status of the condition, one of True, False, Unknown.", "type": "string", "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "classicLoadBalancer": "ClassicLoadBalancerParameters", - "networkLoadBalancer": "NetworkLoadBalancerParameters" - } - } - ] - }, - "com.github.openshift.api.operator.v1.AWSNetworkLoadBalancerParameters": { - "description": "AWSNetworkLoadBalancerParameters holds configuration parameters for an AWS Network load balancer. For Example: Setting AWS EIPs https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html", - "type": "object", - "properties": { - "eipAllocations": { - "description": "eipAllocations is a list of IDs for Elastic IP (EIP) addresses that are assigned to the Network Load Balancer. The following restrictions apply:\n\neipAllocations can only be used with external scope, not internal. An EIP can be allocated to only a single IngressController. The number of EIP allocations must match the number of subnets that are used for the load balancer. Each EIP allocation must be unique. A maximum of 10 EIP allocations are permitted.\n\nSee https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general information about configuration, characteristics, and limitations of Elastic IP addresses.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" }, - "subnets": { - "description": "subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10.\n\nIn order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values.\n\nWhen omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSSubnets" + "type": { + "description": "type of tag event condition, currently only ImportSuccess", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.AWSSubnets": { - "description": "AWSSubnets contains a list of references to AWS subnets by ID or name.", + "com.github.openshift.api.image.v1.TagImportPolicy": { + "description": "TagImportPolicy controls how images related to this tag will be imported.", "type": "object", "properties": { - "ids": { - "description": "ids specifies a list of AWS subnets by subnet ID. Subnet IDs must start with \"subnet-\", consist only of alphanumeric characters, must be exactly 24 characters long, must be unique, and the total number of subnets specified by ids and names must not exceed 10.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "importMode": { + "description": "importMode describes how to import an image manifest.", + "type": "string" }, - "names": { - "description": "names specifies a list of AWS subnets by subnet name. Subnet names must not start with \"subnet-\", must not include commas, must be under 256 characters in length, must be unique, and the total number of subnets specified by ids and names must not exceed 10.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "insecure": { + "description": "insecure is true if the server may bypass certificate verification or connect directly over HTTP during image import.", + "type": "boolean" + }, + "scheduled": { + "description": "scheduled indicates to the server that this tag should be periodically checked to ensure it is up to date, and imported", + "type": "boolean" } } }, - "com.github.openshift.api.operator.v1.AccessLogging": { - "description": "AccessLogging describes how client requests should be logged.", + "com.github.openshift.api.image.v1.TagReference": { + "description": "TagReference specifies optional annotations for images using this tag and an optional reference to an ImageStreamTag, ImageStreamImage, or DockerImage this tag should track.", "type": "object", "required": [ - "destination" + "name" ], "properties": { - "destination": { - "description": "destination is where access logs go.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.LoggingDestination" + "annotations": { + "description": "Optional; if specified, annotations that are applied to images retrieved via ImageStreamTags.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } }, - "httpCaptureCookies": { - "description": "httpCaptureCookies specifies HTTP cookies that should be captured in access logs. If this field is empty, no cookies are captured.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookie" - }, - "x-kubernetes-list-type": "atomic" + "from": { + "description": "Optional; if specified, a reference to another image that this tag should point to. Valid values are ImageStreamTag, ImageStreamImage, and DockerImage. ImageStreamTag references can only reference a tag within this same ImageStream.", + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" }, - "httpCaptureHeaders": { - "description": "httpCaptureHeaders defines HTTP headers that should be captured in access logs. If this field is empty, no headers are captured.\n\nNote that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be captured for TLS passthrough connections.", + "generation": { + "description": "generation is a counter that tracks mutations to the spec tag (user intent). When a tag reference is changed the generation is set to match the current stream generation (which is incremented every time spec is changed). Other processes in the system like the image importer observe that the generation of spec tag is newer than the generation recorded in the status and use that as a trigger to import the newest remote tag. To trigger a new import, clients may set this value to zero which will reset the generation to the latest stream generation. Legacy clients will send this value as nil which will be merged with the current tag generation.", + "type": "integer", + "format": "int64" + }, + "importPolicy": { + "description": "importPolicy is information that controls how images may be imported by the server.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeaders" + "$ref": "#/definitions/com.github.openshift.api.image.v1.TagImportPolicy" }, - "httpLogFormat": { - "description": "httpLogFormat specifies the format of the log message for an HTTP request.\n\nIf this field is empty, log messages use the implementation's default HTTP log format. For HAProxy's default HTTP log format, see the HAProxy documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3\n\nNote that this format only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). It does not affect the log format for TLS passthrough connections.", - "type": "string" + "name": { + "description": "name of the tag", + "type": "string", + "default": "" }, - "logEmptyRequests": { - "description": "logEmptyRequests specifies how connections on which no request is received should be logged. Typically, these empty requests come from load balancers' health probes or Web browsers' speculative connections (\"preconnect\"), in which case logging these requests may be undesirable. However, these requests may also be caused by network errors, in which case logging empty requests may be useful for diagnosing the errors. In addition, these requests may be caused by port scans, in which case logging empty requests may aid in detecting intrusion attempts. Allowed values for this field are \"Log\" and \"Ignore\". The default value is \"Log\".", - "type": "string" - } - } - }, - "com.github.openshift.api.operator.v1.AddPage": { - "description": "AddPage allows customizing actions on the Add page in developer perspective.", - "type": "object", - "properties": { - "disabledActions": { - "description": "disabledActions is a list of actions that are not shown to users. Each action in the list is represented by its ID.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "reference": { + "description": "reference states if the tag will be imported. Default value is false, which means the tag will be imported.", + "type": "boolean" + }, + "referencePolicy": { + "description": "referencePolicy defines how other components should consume the image.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.image.v1.TagReferencePolicy" } } }, - "com.github.openshift.api.operator.v1.AdditionalNetworkDefinition": { - "description": "AdditionalNetworkDefinition configures an extra network that is available but not created by default. Instead, pods must request them by name. type must be specified, along with exactly one \"Config\" that matches the type.", + "com.github.openshift.api.image.v1.TagReferencePolicy": { + "description": "TagReferencePolicy describes how pull-specs for images in this image stream tag are generated when image change triggers in deployment configs or builds are resolved. This allows the image stream author to control how images are accessed.", "type": "object", "required": [ - "type", - "name" + "type" ], "properties": { - "name": { - "description": "name is the name of the network. This will be populated in the resulting CRD This must be unique.", - "type": "string", - "default": "" - }, - "namespace": { - "description": "namespace is the namespace of the network. This will be populated in the resulting CRD If not given the network will be created in the default namespace.", - "type": "string" - }, - "rawCNIConfig": { - "description": "rawCNIConfig is the raw CNI configuration json to create in the NetworkAttachmentDefinition CRD", - "type": "string" - }, - "simpleMacvlanConfig": { - "description": "simpleMacvlanConfig configures the macvlan interface in case of type:NetworkTypeSimpleMacvlan", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.SimpleMacvlanConfig" - }, "type": { - "description": "type is the type of network The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan", + "description": "type determines how the image pull spec should be transformed when the image stream tag is used in deployment config triggers or new builds. The default value is `Source`, indicating the original location of the image should be used (if imported). The user may also specify `Local`, indicating that the pull spec should point to the integrated container image registry and leverage the registry's ability to proxy the pull to an upstream registry. `Local` allows the credentials used to pull this image to be managed from the image stream's namespace, so others on the platform can access a remote image but have no access to the remote secret. It also allows the image layers to be mirrored into the local registry which the images can still be pulled even if the upstream registry is unavailable.", "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1.AdditionalRoutingCapabilities": { - "description": "AdditionalRoutingCapabilities describes components and relevant configuration providing advanced routing capabilities.", + "com.github.openshift.api.insights.v1.Custom": { + "description": "Custom provides the custom configuration of gatherers", "type": "object", "required": [ - "providers" + "configs" ], "properties": { - "providers": { - "description": "providers is a set of enabled components that provide additional routing capabilities. Entries on this list must be unique. The only valid value is currrently \"FRR\" which provides FRR routing capabilities through the deployment of FRR.", + "configs": { + "description": "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1.GathererConfig" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.operator.v1.Authentication": { - "description": "Authentication provides information to configure an operator to manage authentication.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.insights.v1.DataGather": { + "description": "DataGather provides data gather configuration options and status for the particular Insights data gathering.\n\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "spec" @@ -29013,36 +29216,36 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AuthenticationSpec" + "$ref": "#/definitions/com.github.openshift.api.insights.v1.DataGatherSpec" }, "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AuthenticationStatus" + "$ref": "#/definitions/com.github.openshift.api.insights.v1.DataGatherStatus" } } }, - "com.github.openshift.api.operator.v1.AuthenticationList": { - "description": "AuthenticationList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.insights.v1.DataGatherList": { + "description": "DataGatherList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "metadata", - "items" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "items": { + "description": "items contains a list of DataGather resources.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Authentication" - } + "$ref": "#/definitions/com.github.openshift.api.insights.v1.DataGather" + }, + "x-kubernetes-list-type": "atomic" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", @@ -29051,238 +29254,315 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.operator.v1.AuthenticationSpec": { + "com.github.openshift.api.insights.v1.DataGatherSpec": { + "description": "DataGatherSpec contains the configuration for the DataGather.", "type": "object", "required": [ - "managementState" + "gatherers" ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "type": "string", - "default": "" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "dataPolicy": { + "description": "dataPolicy is an optional list of DataPolicyOptions that allows user to enable additional obfuscation of the Insights archive data. It may not exceed 2 items and must not contain duplicates. Valid values are ObfuscateNetworking and WorkloadNames. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When set to WorkloadNames, the gathered data about cluster resources will not contain the workload names for your deployments. Resources UIDs will be used instead. When omitted no obfuscation is applied.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "gatherers": { + "description": "gatherers is a required field that specifies the configuration of the gatherers.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1.Gatherers" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "storage": { + "description": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1.Storage" } } }, - "com.github.openshift.api.operator.v1.AuthenticationStatus": { + "com.github.openshift.api.insights.v1.DataGatherStatus": { + "description": "DataGatherStatus contains information relating to the DataGather state.", "type": "object", "properties": { "conditions": { - "description": "conditions is a list of conditions and their status", + "description": "conditions is an optional field that provides details on the status of the gatherer job. It may not exceed 100 items and must not contain duplicates.\n\nThe current condition types are DataUploaded, DataRecorded, DataProcessed, RemoteConfigurationNotAvailable, RemoteConfigurationInvalid\n\nThe DataUploaded condition is used to represent whether or not the archive was successfully uploaded for further processing. When it has a status of True and a reason of Succeeded, the archive was successfully uploaded. When it has a status of Unknown and a reason of NoUploadYet, the upload has not occurred, or there was no data to upload. When it has a status of False and a reason Failed, the upload failed. The accompanying message will include the specific error encountered.\n\nThe DataRecorded condition is used to represent whether or not the archive was successfully recorded. When it has a status of True and a reason of Succeeded, the archive was recorded successfully. When it has a status of Unknown and a reason of NoDataGatheringYet, the data gathering process has not started yet. When it has a status of False and a reason of RecordingFailed, the recording failed and a message will include the specific error encountered.\n\nThe DataProcessed condition is used to represent whether or not the archive was processed by the processing service. When it has a status of True and a reason of Processed, the data was processed successfully. When it has a status of Unknown and a reason of NothingToProcessYet, there is no data to process at the moment. When it has a status of False and a reason of Failure, processing failed and a message will include the specific error encountered.\n\nThe RemoteConfigurationAvailable condition is used to represent whether the remote configuration is available. When it has a status of Unknown and a reason of Unknown or RemoteConfigNotRequestedYet, the state of the remote configuration is unknown—typically at startup. When it has a status of True and a reason of Succeeded, the configuration is available. When it has a status of False and a reason of NoToken, the configuration was disabled by removing the cloud.openshift.com field from the pull secret. When it has a status of False and a reason of DisabledByConfiguration, the configuration was disabled in insightsdatagather.config.openshift.io.\n\nThe RemoteConfigurationValid condition is used to represent whether the remote configuration is valid. When it has a status of Unknown and a reason of Unknown or NoValidationYet, the validity of the remote configuration is unknown—typically at startup. When it has a status of True and a reason of Succeeded, the configuration is valid. When it has a status of False and a reason of Invalid, the configuration is invalid.\n\nThe Progressing condition is used to represent the phase of gathering When it has a status of False and the reason is DataGatherPending, the gathering has not started yet. When it has a status of True and reason is Gathering, the gathering is running. When it has a status of False and reason is GatheringSucceeded, the gathering successfully finished. When it has a status of False and reason is GatheringFailed, the gathering failed.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" }, "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "finishTime": { + "description": "finishTime is the time when Insights data gathering finished.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "gatherers": { + "description": "gatherers is a list of active gatherers (and their statuses) in the last gathering.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + "$ref": "#/definitions/com.github.openshift.api.insights.v1.GathererStatus" }, "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", "name" ], "x-kubernetes-list-type": "map" }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "insightsReport": { + "description": "insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet or the corresponding Insights analysis (identified by \"insightsRequestID\") is not available.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1.InsightsReport" + }, + "insightsRequestID": { + "description": "insightsRequestID is an optional Insights request ID to track the status of the Insights analysis (in console.redhat.com processing pipeline) for the corresponding Insights data archive. It may not exceed 256 characters and is immutable once set.", + "type": "string" + }, + "relatedObjects": { + "description": "relatedObjects is an optional list of resources which are useful when debugging or inspecting the data gathering Pod It may not exceed 100 items and must not contain duplicates.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1.ObjectReference" + }, + "x-kubernetes-list-map-keys": [ + "name", + "namespace" + ], + "x-kubernetes-list-type": "map" + }, + "startTime": { + "description": "startTime is the time when Insights data gathering started.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.insights.v1.GathererConfig": { + "description": "GathererConfig allows to configure specific gatherers", + "type": "object", + "required": [ + "name", + "state" + ], + "properties": { + "name": { + "description": "name is the required name of a specific gatherer. It may not exceed 256 characters. The format for a gatherer name is: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + "type": "string" + }, + "state": { + "description": "state is a required field that allows you to configure specific gatherer. Valid values are \"Enabled\" and \"Disabled\". When set to Enabled the gatherer will run. When set to Disabled the gatherer will not run.", + "type": "string" + } + } + }, + "com.github.openshift.api.insights.v1.GathererStatus": { + "description": "GathererStatus represents information about a particular data gatherer.", + "type": "object", + "required": [ + "name", + "lastGatherSeconds" + ], + "properties": { + "conditions": { + "description": "conditions provide details on the status of each gatherer.\n\nThe current condition type is DataGathered\n\nThe DataGathered condition is used to represent whether or not the data was gathered by a gatherer specified by name. When it has a status of True and a reason of GatheredOK, the data has been successfully gathered as expected. When it has a status of False and a reason of NoData, no data was gathered—for example, when the resource is not present in the cluster. When it has a status of False and a reason of GatherError, an error occurred and no data was gathered. When it has a status of False and a reason of GatherPanic, a panic occurred during gathering and no data was collected. When it has a status of False and a reason of GatherWithErrorReason, data was partially gathered or gathered with an error message.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "lastGatherSeconds": { + "description": "lastGatherSeconds is required field that represents the time spent gathering in seconds", "type": "integer", "format": "int32" }, - "oauthAPIServer": { - "description": "oauthAPIServer holds status specific only to oauth-apiserver", + "name": { + "description": "name is the required name of the gatherer. It must contain at least 5 characters and may not exceed 256 characters.", + "type": "string" + } + } + }, + "com.github.openshift.api.insights.v1.Gatherers": { + "description": "Gatherers specifies the configuration of the gatherers", + "type": "object", + "required": [ + "mode" + ], + "properties": { + "custom": { + "description": "custom provides gathering configuration. It is required when mode is Custom, and forbidden otherwise. Custom configuration allows user to disable only a subset of gatherers. Gatherers that are not explicitly disabled in custom configuration will run.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OAuthAPIServerStatus" + "$ref": "#/definitions/com.github.openshift.api.insights.v1.Custom" }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" + "mode": { + "description": "mode is a required field that specifies the mode for gatherers. Allowed values are All and Custom. When set to All, all gatherers will run and gather data. When set to Custom, the custom configuration from the custom field will be applied.", + "type": "string" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "mode", + "fields-to-discriminateBy": { + "custom": "Custom" + } + } + ] + }, + "com.github.openshift.api.insights.v1.HealthCheck": { + "description": "HealthCheck represents an Insights health check attributes.", + "type": "object", + "required": [ + "description", + "totalRisk", + "advisorURI" + ], + "properties": { + "advisorURI": { + "description": "advisorURI is required field that provides the URL link to the Insights Advisor. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", + "type": "string" }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "description": { + "description": "description is required field that provides basic description of the healthcheck. It must contain at least 10 characters and may not exceed 2048 characters.", + "type": "string" }, - "version": { - "description": "version is the level this availability applies to", + "totalRisk": { + "description": "totalRisk is the required field of the healthcheck. It is indicator of the total risk posed by the detected issue; combination of impact and likelihood. Allowed values are Low, Moderate, Important and Critical. The value represents the severity of the issue.", "type": "string" } } }, - "com.github.openshift.api.operator.v1.AzureCSIDriverConfigSpec": { - "description": "AzureCSIDriverConfigSpec defines properties that can be configured for the Azure CSI driver.", + "com.github.openshift.api.insights.v1.InsightsReport": { + "description": "InsightsReport provides Insights health check report based on the most recently sent Insights data.", "type": "object", + "required": [ + "downloadedTime", + "uri" + ], "properties": { - "diskEncryptionSet": { - "description": "diskEncryptionSet sets the cluster default storage class to encrypt volumes with a customer-managed encryption set, rather than the default platform-managed keys.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AzureDiskEncryptionSet" + "downloadedTime": { + "description": "downloadedTime is a required field that specifies when the Insights report was last downloaded.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "healthChecks": { + "description": "healthChecks is an optional field that provides basic information about active Insights recommendations, which serve as proactive notifications for potential issues in the cluster. When omitted, it means that there are no active recommendations in the cluster.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1.HealthCheck" + }, + "x-kubernetes-list-map-keys": [ + "advisorURI", + "totalRisk", + "description" + ], + "x-kubernetes-list-type": "map" + }, + "uri": { + "description": "uri is a required field that provides the URL link from which the report was downloaded. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.AzureDiskEncryptionSet": { - "description": "AzureDiskEncryptionSet defines the configuration for a disk encryption set.", + "com.github.openshift.api.insights.v1.ObjectReference": { + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", "type": "object", "required": [ - "subscriptionID", - "resourceGroup", - "name" + "group", + "resource", + "name", + "namespace" ], "properties": { + "group": { + "description": "group is required field that specifies the API Group of the Resource. Enter empty string for the core group. This value is empty or it should follow the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start with an alphabetic character and end with an alphanumeric character. Example: \"\", \"apps\", \"build.openshift.io\", etc.", + "type": "string" + }, "name": { - "description": "name is the name of the disk encryption set that will be set on the default storage class. The value should consist of only alphanumberic characters, underscores (_), hyphens, and be at most 80 characters in length.", - "type": "string", - "default": "" + "description": "name is required field that specifies the referent that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start with an alphabetic character and end with an alphanumeric character..", + "type": "string" }, - "resourceGroup": { - "description": "resourceGroup defines the Azure resource group that contains the disk encryption set. The value should consist of only alphanumberic characters, underscores (_), parentheses, hyphens and periods. The value should not end in a period and be at most 90 characters in length.", - "type": "string", - "default": "" + "namespace": { + "description": "namespace if required field of the referent that follows the DNS1123 labels format. It must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character.", + "type": "string" }, - "subscriptionID": { - "description": "subscriptionID defines the Azure subscription that contains the disk encryption set. The value should meet the following conditions: 1. It should be a 128-bit number. 2. It should be 36 characters (32 hexadecimal characters and 4 hyphens) long. 3. It should be displayed in five groups separated by hyphens (-). 4. The first group should be 8 characters long. 5. The second, third, and fourth groups should be 4 characters long. 6. The fifth group should be 12 characters long. An Example SubscrionID: f2007bbf-f802-4a47-9336-cf7c6b89b378", - "type": "string", - "default": "" + "resource": { + "description": "resource is required field of the type that is being referenced and follows the DNS1035 format. It is normally the plural form of the resource kind in lowercase. It must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character. Example: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.BootImageSkewEnforcementConfig": { - "description": "BootImageSkewEnforcementConfig is used to configure how boot image version skew is enforced on the cluster.", + "com.github.openshift.api.insights.v1.PersistentVolumeClaimReference": { + "description": "PersistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", "type": "object", "required": [ - "mode" + "name" ], "properties": { - "manual": { - "description": "manual describes the current boot image of the cluster. This should be set to the oldest boot image used amongst all machine resources in the cluster. This must include either the RHCOS version of the boot image or the OCP release version which shipped with that RHCOS boot image. Required when mode is set to \"Manual\" and forbidden otherwise.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterBootImageManual" - }, - "mode": { - "description": "mode determines the underlying behavior of skew enforcement mechanism. Valid values are Manual and None. Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP & RHCOS version associated with the last boot image update in the manual field. In Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the skew limit described by the release image. None means that the MCO will no longer monitor the boot image skew. This may affect the cluster's ability to scale. This field is required.", + "name": { + "description": "name is the name of the PersistentVolumeClaim that will be used to store the Insights data archive. It is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", "type": "string" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "mode", - "fields-to-discriminateBy": { - "manual": "Manual" - } - } - ] + } }, - "com.github.openshift.api.operator.v1.BootImageSkewEnforcementStatus": { - "description": "BootImageSkewEnforcementStatus is the type for the status object. It represents the cluster defaults when the boot image skew enforcement configuration is undefined and reflects the actual configuration when it is defined.", + "com.github.openshift.api.insights.v1.PersistentVolumeConfig": { + "description": "PersistentVolumeConfig provides configuration options for PersistentVolume storage.", "type": "object", "required": [ - "mode" + "claim" ], "properties": { - "automatic": { - "description": "automatic describes the current boot image of the cluster. This will be populated by the MCO when performing boot image updates. This value will be compared against the cluster's skew limit to determine skew compliance. Required when mode is set to \"Automatic\" and forbidden otherwise.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterBootImageAutomatic" - }, - "manual": { - "description": "manual describes the current boot image of the cluster. This will be populated by the MCO using the values provided in the spec.bootImageSkewEnforcement.manual field. This value will be compared against the cluster's skew limit to determine skew compliance. Required when mode is set to \"Manual\" and forbidden otherwise.", + "claim": { + "description": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterBootImageManual" + "$ref": "#/definitions/com.github.openshift.api.insights.v1.PersistentVolumeClaimReference" }, - "mode": { - "description": "mode determines the underlying behavior of skew enforcement mechanism. Valid values are Automatic, Manual and None. Automatic means that the MCO will perform boot image updates and store the OCP & RHCOS version associated with the last boot image update in the automatic field. Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP & RHCOS version associated with the last boot image update in the manual field. In Automatic and Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the skew limit described by the release image. None means that the MCO will no longer monitor the boot image skew. This may affect the cluster's ability to scale. This field is required.", + "mountPath": { + "description": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", "type": "string" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "mode", - "fields-to-discriminateBy": { - "automatic": "Automatic", - "manual": "Manual" - } - } - ] + } }, - "com.github.openshift.api.operator.v1.CSIDriverConfigSpec": { - "description": "CSIDriverConfigSpec defines configuration spec that can be used to optionally configure a specific CSI Driver.", + "com.github.openshift.api.insights.v1.Storage": { + "description": "Storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", "type": "object", "required": [ - "driverType" + "type" ], "properties": { - "aws": { - "description": "aws is used to configure the AWS CSI driver.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSCSIDriverConfigSpec" - }, - "azure": { - "description": "azure is used to configure the Azure CSI driver.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AzureCSIDriverConfigSpec" - }, - "driverType": { - "description": "driverType indicates type of CSI driver for which the driverConfig is being applied to. Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. Consumers should treat unknown values as a NO-OP.", - "type": "string", - "default": "" - }, - "gcp": { - "description": "gcp is used to configure the GCP CSI driver.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GCPCSIDriverConfigSpec" - }, - "ibmcloud": { - "description": "ibmcloud is used to configure the IBM Cloud CSI driver.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IBMCloudCSIDriverConfigSpec" + "persistentVolume": { + "description": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1.PersistentVolumeConfig" }, - "vSphere": { - "description": "vSphere is used to configure the vsphere CSI driver.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.VSphereCSIDriverConfigSpec" + "type": { + "description": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the PersistentVolume field.", + "type": "string" } }, "x-kubernetes-unions": [ { - "discriminator": "driverType", + "discriminator": "type", "fields-to-discriminateBy": { - "aws": "AWS", - "azure": "Azure", - "gcp": "GCP", - "ibmcloud": "IBMCloud", - "vSphere": "VSphere" + "persistentVolume": "PersistentVolume" } } ] }, - "com.github.openshift.api.operator.v1.CSISnapshotController": { - "description": "CSISnapshotController provides a means to configure an operator to manage the CSI snapshots. `cluster` is the canonical name.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.insights.v1alpha1.DataGather": { + "description": "DataGather provides data gather configuration options and status for the particular Insights data gathering.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ "spec" @@ -29299,37 +29579,36 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.CSISnapshotControllerSpec" + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.DataGatherSpec" }, "status": { "description": "status holds observed values from the cluster. They may not be overridden.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.CSISnapshotControllerStatus" + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.DataGatherStatus" } } }, - "com.github.openshift.api.operator.v1.CSISnapshotControllerList": { - "description": "CSISnapshotControllerList contains a list of CSISnapshotControllers.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.insights.v1alpha1.DataGatherList": { + "description": "DataGatherList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", - "required": [ - "items" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "items": { + "description": "items contains a list of DataGather resources.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.CSISnapshotController" - } + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.DataGather" + }, + "x-kubernetes-list-type": "atomic" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", @@ -29338,164 +29617,313 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.operator.v1.CSISnapshotControllerSpec": { - "description": "CSISnapshotControllerSpec is the specification of the desired behavior of the CSISnapshotController operator.", + "com.github.openshift.api.insights.v1alpha1.DataGatherSpec": { + "description": "DataGatherSpec contains the configuration for the DataGather.", "type": "object", - "required": [ - "managementState" - ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "dataPolicy": { + "description": "dataPolicy allows user to enable additional global obfuscation of the IP addresses and base domain in the Insights archive data. Valid values are \"ClearText\" and \"ObfuscateNetworking\". When set to ClearText the data is not obfuscated. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is ClearText.", "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "gatherers": { + "description": "gatherers is an optional list of gatherers configurations. The list must not exceed 100 items. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.GathererConfig" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "storage": { + "description": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.Storage" } } }, - "com.github.openshift.api.operator.v1.CSISnapshotControllerStatus": { - "description": "CSISnapshotControllerStatus defines the observed status of the CSISnapshotController operator.", + "com.github.openshift.api.insights.v1alpha1.DataGatherStatus": { + "description": "DataGatherStatus contains information relating to the DataGather state.", "type": "object", "properties": { "conditions": { - "description": "conditions is a list of conditions and their status", + "description": "conditions provide details on the status of the gatherer job.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" }, "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "dataGatherState": { + "description": "dataGatherState reflects the current state of the data gathering process.", + "type": "string" + }, + "finishTime": { + "description": "finishTime is the time when Insights data gathering finished.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "gatherers": { + "description": "gatherers is a list of active gatherers (and their statuses) in the last gathering.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.GathererStatus" }, "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", "name" ], "x-kubernetes-list-type": "map" }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" + "insightsReport": { + "description": "insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet or the corresponding Insights analysis (identified by \"insightsRequestID\") is not available.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.InsightsReport" }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" + "insightsRequestID": { + "description": "insightsRequestID is an Insights request ID to track the status of the Insights analysis (in console.redhat.com processing pipeline) for the corresponding Insights data archive.", + "type": "string" }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "relatedObjects": { + "description": "relatedObjects is a list of resources which are useful when debugging or inspecting the data gathering Pod", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.ObjectReference" + }, + "x-kubernetes-list-map-keys": [ + "name", + "namespace" + ], + "x-kubernetes-list-type": "map" }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + "startTime": { + "description": "startTime is the time when Insights data gathering started.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.operator.v1.Capability": { - "description": "Capabilities contains set of UI capabilities and their state in the console UI.", + "com.github.openshift.api.insights.v1alpha1.GathererConfig": { + "description": "gathererConfig allows to configure specific gatherers", "type": "object", "required": [ - "name", - "visibility" + "name" ], "properties": { "name": { - "description": "name is the unique name of a capability. Available capabilities are LightspeedButton, GettingStartedBanner, and GuidedTour.", + "description": "name is the required name of specific gatherer It must be at most 256 characters in length. The format for the gatherer name should be: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md.", "type": "string", "default": "" }, - "visibility": { - "description": "visibility defines the visibility state of the capability.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.CapabilityVisibility" + "state": { + "description": "state allows you to configure specific gatherer. Valid values are \"Enabled\", \"Disabled\" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default. The current default is Enabled.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.CapabilityVisibility": { - "description": "CapabilityVisibility defines the criteria to enable/disable a capability.", + "com.github.openshift.api.insights.v1alpha1.GathererStatus": { + "description": "gathererStatus represents information about a particular data gatherer.", "type": "object", "required": [ - "state" + "conditions", + "name", + "lastGatherDuration" ], "properties": { - "state": { - "description": "state defines if the capability is enabled or disabled in the console UI. Enabling the capability in the console UI is represented by the \"Enabled\" value. Disabling the capability in the console UI is represented by the \"Disabled\" value.", + "conditions": { + "description": "conditions provide details on the status of each gatherer.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "lastGatherDuration": { + "description": "lastGatherDuration represents the time spent gathering.", + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "name": { + "description": "name is the name of the gatherer.", "type": "string", "default": "" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "state", - "fields-to-discriminateBy": {} - } - ] + } }, - "com.github.openshift.api.operator.v1.ClientTLS": { - "description": "ClientTLS specifies TLS configuration to enable client-to-server authentication, which can be used for mutual TLS.", + "com.github.openshift.api.insights.v1alpha1.HealthCheck": { + "description": "healthCheck represents an Insights health check attributes.", "type": "object", "required": [ - "clientCertificatePolicy", - "clientCA" + "description", + "totalRisk", + "advisorURI", + "state" ], "properties": { - "allowedSubjectPatterns": { - "description": "allowedSubjectPatterns specifies a list of regular expressions that should be matched against the distinguished name on a valid client certificate to filter requests. The regular expressions must use PCRE syntax. If this list is empty, no filtering is performed. If the list is nonempty, then at least one pattern must match a client certificate's distinguished name or else the ingress controller rejects the certificate and denies the connection.", + "advisorURI": { + "description": "advisorURI is required field that provides the URL link to the Insights Advisor. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", + "type": "string", + "default": "" + }, + "description": { + "description": "description provides basic description of the healtcheck.", + "type": "string", + "default": "" + }, + "state": { + "description": "state determines what the current state of the health check is. Health check is enabled by default and can be disabled by the user in the Insights advisor user interface.", + "type": "string", + "default": "" + }, + "totalRisk": { + "description": "totalRisk of the healthcheck. Indicator of the total risk posed by the detected issue; combination of impact and likelihood. The values can be from 1 to 4, and the higher the number, the more important the issue.", + "type": "integer", + "format": "int32", + "default": 0 + } + } + }, + "com.github.openshift.api.insights.v1alpha1.InsightsReport": { + "description": "insightsReport provides Insights health check report based on the most recently sent Insights data.", + "type": "object", + "properties": { + "downloadedAt": { + "description": "downloadedAt is the time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled).", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "healthChecks": { + "description": "healthChecks provides basic information about active Insights health checks in a cluster.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.HealthCheck" }, "x-kubernetes-list-type": "atomic" }, - "clientCA": { - "description": "clientCA specifies a configmap containing the PEM-encoded CA certificate bundle that should be used to verify a client's certificate. The administrator must create this configmap in the openshift-config namespace.", + "uri": { + "description": "uri is optional field that provides the URL link from which the report was downloaded. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", + "type": "string" + } + } + }, + "com.github.openshift.api.insights.v1alpha1.ObjectReference": { + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "type": "object", + "required": [ + "group", + "resource", + "name", + "namespace" + ], + "properties": { + "group": { + "description": "group is the API Group of the Resource. Enter empty string for the core group. This value is empty or should follow the DNS1123 subdomain format and it must be at most 253 characters in length. Example: \"\", \"apps\", \"build.openshift.io\", etc.", + "type": "string", + "default": "" + }, + "name": { + "description": "name of the referent that follows the DNS1123 subdomain format. It must be at most 256 characters in length.", + "type": "string", + "default": "" + }, + "namespace": { + "description": "namespace of the referent that follows the DNS1123 subdomain format. It must be at most 253 characters in length.", + "type": "string", + "default": "" + }, + "resource": { + "description": "resource is required field of the type that is being referenced. It is normally the plural form of the resource kind in lowercase. This value should consist of only lowercase alphanumeric characters and hyphens. Example: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.insights.v1alpha1.PersistentVolumeClaimReference": { + "description": "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.insights.v1alpha1.PersistentVolumeConfig": { + "description": "persistentVolumeConfig provides configuration options for PersistentVolume storage.", + "type": "object", + "required": [ + "claim" + ], + "properties": { + "claim": { + "description": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.PersistentVolumeClaimReference" }, - "clientCertificatePolicy": { - "description": "clientCertificatePolicy specifies whether the ingress controller requires clients to provide certificates. This field accepts the values \"Required\" or \"Optional\".\n\nNote that the ingress controller only checks client certificates for edge-terminated and reencrypt TLS routes; it cannot check certificates for cleartext HTTP or passthrough TLS routes.", + "mountPath": { + "description": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", + "type": "string" + } + } + }, + "com.github.openshift.api.insights.v1alpha1.Storage": { + "description": "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "persistentVolume": { + "description": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha1.PersistentVolumeConfig" + }, + "type": { + "description": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the PersistentVolume field.", "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1.CloudCredential": { - "description": "CloudCredential provides a means to configure an operator to manage CredentialsRequests.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.insights.v1alpha2.Custom": { + "description": "custom provides the custom configuration of gatherers", + "type": "object", + "required": [ + "configs" + ], + "properties": { + "configs": { + "description": "configs is a required list of gatherers configurations that can be used to enable or disable specific gatherers. It may not exceed 100 items and each gatherer can be present only once. It is possible to disable an entire set of gatherers while allowing a specific function within that set. The particular gatherers IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.GathererConfig" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.insights.v1alpha2.DataGather": { + "description": "DataGather provides data gather configuration options and status for the particular Insights data gathering.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ "spec" @@ -29512,36 +29940,36 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.CloudCredentialSpec" + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.DataGatherSpec" }, "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.CloudCredentialStatus" + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.DataGatherStatus" } } }, - "com.github.openshift.api.operator.v1.CloudCredentialList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.insights.v1alpha2.DataGatherList": { + "description": "DataGatherList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", - "required": [ - "metadata", - "items" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "items": { + "description": "items contains a list of DataGather resources.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.CloudCredential" - } + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.DataGather" + }, + "x-kubernetes-list-type": "atomic" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", @@ -29550,3660 +29978,3638 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.operator.v1.CloudCredentialSpec": { - "description": "CloudCredentialSpec is the specification of the desired behavior of the cloud-credential-operator.", + "com.github.openshift.api.insights.v1alpha2.DataGatherSpec": { + "description": "DataGatherSpec contains the configuration for the DataGather.", "type": "object", - "required": [ - "managementState" - ], "properties": { - "credentialsMode": { - "description": "credentialsMode allows informing CCO that it should not attempt to dynamically determine the root cloud credentials capabilities, and it should just run in the specified mode. It also allows putting the operator into \"manual\" mode if desired. Leaving the field in default mode runs CCO so that the cluster's cloud credentials will be dynamically probed for capabilities (on supported clouds/platforms). Supported modes:\n AWS/Azure/GCP: \"\" (Default), \"Mint\", \"Passthrough\", \"Manual\"\n Others: Do not set value as other platforms only support running in \"Passthrough\"", - "type": "string" - }, - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "type": "string", - "default": "" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "dataPolicy": { + "description": "dataPolicy is an optional list of DataPolicyOptions that allows user to enable additional obfuscation of the Insights archive data. It may not exceed 2 items and must not contain duplicates. Valid values are ObfuscateNetworking and WorkloadNames. When set to ObfuscateNetworking the IP addresses and the cluster domain name are obfuscated. When set to WorkloadNames, the gathered data about cluster resources will not contain the workload names for your deployments. Resources UIDs will be used instead. When omitted no obfuscation is applied.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "gatherers": { + "description": "gatherers is an optional field that specifies the configuration of the gatherers. If omitted, all gatherers will be run.", + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.Gatherers" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "storage": { + "description": "storage is an optional field that allows user to define persistent storage for gathering jobs to store the Insights data archive. If omitted, the gathering job will use ephemeral storage.", + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.Storage" } } }, - "com.github.openshift.api.operator.v1.CloudCredentialStatus": { - "description": "CloudCredentialStatus defines the observed status of the cloud-credential-operator.", + "com.github.openshift.api.insights.v1alpha2.DataGatherStatus": { + "description": "DataGatherStatus contains information relating to the DataGather state.", "type": "object", "properties": { "conditions": { - "description": "conditions is a list of conditions and their status", + "description": "conditions is an optional field that provides details on the status of the gatherer job. It may not exceed 100 items and must not contain duplicates.\n\nThe current condition types are DataUploaded, DataRecorded, DataProcessed, RemoteConfigurationNotAvailable, RemoteConfigurationInvalid\n\nThe DataUploaded condition is used to represent whether or not the archive was successfully uploaded for further processing. When it has a status of True and a reason of Succeeded, the archive was successfully uploaded. When it has a status of Unknown and a reason of NoUploadYet, the upload has not occurred, or there was no data to upload. When it has a status of False and a reason Failed, the upload failed. The accompanying message will include the specific error encountered.\n\nThe DataRecorded condition is used to represent whether or not the archive was successfully recorded. When it has a status of True and a reason of Succeeded, the archive was recorded successfully. When it has a status of Unknown and a reason of NoDataGatheringYet, the data gathering process has not started yet. When it has a status of False and a reason of RecordingFailed, the recording failed and a message will include the specific error encountered.\n\nThe DataProcessed condition is used to represent whether or not the archive was processed by the processing service. When it has a status of True and a reason of Processed, the data was processed successfully. When it has a status of Unknown and a reason of NothingToProcessYet, there is no data to process at the moment. When it has a status of False and a reason of Failure, processing failed and a message will include the specific error encountered.\n\nThe RemoteConfigurationAvailable condition is used to represent whether the remote configuration is available. When it has a status of Unknown and a reason of Unknown or RemoteConfigNotRequestedYet, the state of the remote configuration is unknown—typically at startup. When it has a status of True and a reason of Succeeded, the configuration is available. When it has a status of False and a reason of NoToken, the configuration was disabled by removing the cloud.openshift.com field from the pull secret. When it has a status of False and a reason of DisabledByConfiguration, the configuration was disabled in insightsdatagather.config.openshift.io.\n\nThe RemoteConfigurationValid condition is used to represent whether the remote configuration is valid. When it has a status of Unknown and a reason of Unknown or NoValidationYet, the validity of the remote configuration is unknown—typically at startup. When it has a status of True and a reason of Succeeded, the configuration is valid. When it has a status of False and a reason of Invalid, the configuration is invalid.\n\nThe Progressing condition is used to represent the phase of gathering When it has a status of False and the reason is DataGatherPending, the gathering has not started yet. When it has a status of True and reason is Gathering, the gathering is running. When it has a status of False and reason is GatheringSucceeded, the gathering succesfully finished. When it has a status of False and reason is GatheringFailed, the gathering failed.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" }, "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "finishTime": { + "description": "finishTime is the time when Insights data gathering finished.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "gatherers": { + "description": "gatherers is a list of active gatherers (and their statuses) in the last gathering.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.GathererStatus" }, "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", "name" ], "x-kubernetes-list-type": "map" }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" + "insightsReport": { + "description": "insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet or the corresponding Insights analysis (identified by \"insightsRequestID\") is not available.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.InsightsReport" }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" + "insightsRequestID": { + "description": "insightsRequestID is an optional Insights request ID to track the status of the Insights analysis (in console.redhat.com processing pipeline) for the corresponding Insights data archive. It may not exceed 256 characters and is immutable once set.", + "type": "string" }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "relatedObjects": { + "description": "relatedObjects is an optional list of resources which are useful when debugging or inspecting the data gathering Pod It may not exceed 100 items and must not contain duplicates.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.ObjectReference" + }, + "x-kubernetes-list-map-keys": [ + "name", + "namespace" + ], + "x-kubernetes-list-type": "map" }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + "startTime": { + "description": "startTime is the time when Insights data gathering started.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.operator.v1.ClusterBootImageAutomatic": { - "description": "ClusterBootImageAutomatic is used to describe the cluster boot image in Automatic mode. It stores the RHCOS version of the boot image and the OCP release version which shipped with that RHCOS boot image. At least one of these values are required. If ocpVersion and rhcosVersion are defined, both values will be used for checking skew compliance. If only ocpVersion is defined, only that value will be used for checking skew compliance. If only rhcosVersion is defined, only that value will be used for checking skew compliance.", + "com.github.openshift.api.insights.v1alpha2.GathererConfig": { + "description": "gathererConfig allows to configure specific gatherers", "type": "object", + "required": [ + "name", + "state" + ], "properties": { - "ocpVersion": { - "description": "ocpVersion provides a string which represents the OCP version of the boot image. This field must match the OCP semver compatible format of x.y.z. This field must be between 5 and 10 characters long.", - "type": "string" + "name": { + "description": "name is the required name of a specific gatherer It may not exceed 256 characters. The format for a gatherer name is: {gatherer}/{function} where the function is optional. Gatherer consists of a lowercase letters only that may include underscores (_). Function consists of a lowercase letters only that may include underscores (_) and is separated from the gatherer by a forward slash (/). The particular gatherers can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. Run the following command to get the names of last active gatherers: \"oc get insightsoperators.operator.openshift.io cluster -o json | jq '.status.gatherStatus.gatherers[].name'\"", + "type": "string", + "default": "" }, - "rhcosVersion": { - "description": "rhcosVersion provides a string which represents the RHCOS version of the boot image This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between 14 and 21 characters long.", - "type": "string" + "state": { + "description": "state is a required field that allows you to configure specific gatherer. Valid values are \"Enabled\" and \"Disabled\". When set to Enabled the gatherer will run. When set to Disabled the gatherer will not run.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.ClusterBootImageManual": { - "description": "ClusterBootImageManual is used to describe the cluster boot image in Manual mode.", + "com.github.openshift.api.insights.v1alpha2.GathererStatus": { + "description": "gathererStatus represents information about a particular data gatherer.", "type": "object", "required": [ - "mode" + "name", + "lastGatherSeconds" ], "properties": { - "mode": { - "description": "mode is used to configure which boot image field is defined in Manual mode. Valid values are OCPVersion and RHCOSVersion. OCPVersion means that the cluster admin is expected to set the OCP version associated with the last boot image update in the OCPVersion field. RHCOSVersion means that the cluster admin is expected to set the RHCOS version associated with the last boot image update in the RHCOSVersion field. This field is required.", - "type": "string" + "conditions": { + "description": "conditions provide details on the status of each gatherer.\n\nThe current condition type is DataGathered\n\nThe DataGathered condition is used to represent whether or not the data was gathered by a gatherer specified by name. When it has a status of True and a reason of GatheredOK, the data has been successfully gathered as expected. When it has a status of False and a reason of NoData, no data was gathered—for example, when the resource is not present in the cluster. When it has a status of False and a reason of GatherError, an error occurred and no data was gathered. When it has a status of False and a reason of GatherPanic, a panic occurred during gathering and no data was collected. When it has a status of False and a reason of GatherWithErrorReason, data was partially gathered or gathered with an error message.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "ocpVersion": { - "description": "ocpVersion provides a string which represents the OCP version of the boot image. This field must match the OCP semver compatible format of x.y.z. This field must be between 5 and 10 characters long. Required when mode is set to \"OCPVersion\" and forbidden otherwise.", - "type": "string" + "lastGatherSeconds": { + "description": "lastGatherSeconds is required field that represents the time spent gathering in seconds", + "type": "integer", + "format": "int32", + "default": 0 }, - "rhcosVersion": { - "description": "rhcosVersion provides a string which represents the RHCOS version of the boot image This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between 14 and 21 characters long. Required when mode is set to \"RHCOSVersion\" and forbidden otherwise.", - "type": "string" + "name": { + "description": "name is the required name of the gatherer. It must contain at least 5 characters and may not exceed 256 characters.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.insights.v1alpha2.Gatherers": { + "description": "Gathereres specifies the configuration of the gatherers", + "type": "object", + "required": [ + "mode" + ], + "properties": { + "custom": { + "description": "custom provides gathering configuration. It is required when mode is Custom, and forbidden otherwise. Custom configuration allows user to disable only a subset of gatherers. Gatherers that are not explicitly disabled in custom configuration will run.", + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.Custom" + }, + "mode": { + "description": "mode is a required field that specifies the mode for gatherers. Allowed values are All and Custom. When set to All, all gatherers wil run and gather data. When set to Custom, the custom configuration from the custom field will be applied.", + "type": "string", + "default": "" } }, "x-kubernetes-unions": [ { "discriminator": "mode", "fields-to-discriminateBy": { - "ocpVersion": "OCPVersion", - "rhcosVersion": "RHCOSVersion" + "custom": "Custom" } } ] }, - "com.github.openshift.api.operator.v1.ClusterCSIDriver": { - "description": "ClusterCSIDriver object allows management and configuration of a CSI driver operator installed by default in OpenShift. Name of the object must be name of the CSI driver it operates. See CSIDriverName type for list of allowed values.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.insights.v1alpha2.HealthCheck": { + "description": "healthCheck represents an Insights health check attributes.", "type": "object", "required": [ - "spec" + "description", + "totalRisk", + "advisorURI" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "advisorURI": { + "description": "advisorURI is required field that provides the URL link to the Insights Advisor. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", + "type": "string", + "default": "" }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterCSIDriverSpec" + "description": { + "description": "description is required field that provides basic description of the healtcheck. It must contain at least 10 characters and may not exceed 2048 characters.", + "type": "string", + "default": "" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterCSIDriverStatus" + "totalRisk": { + "description": "totalRisk is the required field of the healthcheck. It is indicator of the total risk posed by the detected issue; combination of impact and likelihood. Allowed values are Low, Medium, Important and Critical. The value represents the severity of the issue.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.ClusterCSIDriverList": { - "description": "ClusterCSIDriverList contains a list of ClusterCSIDriver\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.insights.v1alpha2.InsightsReport": { + "description": "insightsReport provides Insights health check report based on the most recently sent Insights data.", "type": "object", - "required": [ - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "downloadedTime": { + "description": "downloadedTime is an optional time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled).", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "items": { + "healthChecks": { + "description": "healthChecks provides basic information about active Insights health checks in a cluster.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterCSIDriver" - } + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.HealthCheck" + }, + "x-kubernetes-list-map-keys": [ + "advisorURI", + "totalRisk", + "description" + ], + "x-kubernetes-list-type": "map" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "uri": { + "description": "uri is optional field that provides the URL link from which the report was downloaded. The link must be a valid HTTPS URL and the maximum length is 2048 characters.", "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1.ClusterCSIDriverSpec": { - "description": "ClusterCSIDriverSpec is the desired behavior of CSI driver operator", + "com.github.openshift.api.insights.v1alpha2.ObjectReference": { + "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", "type": "object", "required": [ - "managementState" + "group", + "resource", + "name", + "namespace" ], "properties": { - "driverConfig": { - "description": "driverConfig can be used to specify platform specific driver configuration. When omitted, this means no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.CSIDriverConfigSpec" - }, - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "group": { + "description": "group is required field that specifies the API Group of the Resource. Enter empty string for the core group. This value is empty or it should follow the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start with an alphabetic character and end with an alphanumeric character. Example: \"\", \"apps\", \"build.openshift.io\", etc.", "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "name": { + "description": "name is required field that specifies the referent that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start with an alphabetic character and end with an alphanumeric character..", + "type": "string", + "default": "" }, - "storageClassState": { - "description": "storageClassState determines if CSI operator should create and manage storage classes. If this field value is empty or Managed - CSI operator will continuously reconcile storage class and create if necessary. If this field value is Unmanaged - CSI operator will not reconcile any previously created storage class. If this field value is Removed - CSI operator will delete the storage class it created previously. When omitted, this means the user has no opinion and the platform chooses a reasonable default, which is subject to change over time. The current default behaviour is Managed.", - "type": "string" + "namespace": { + "description": "namespace if required field of the referent that follows the DNS1123 labels format. It must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character.", + "type": "string", + "default": "" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "resource": { + "description": "resource is required field of the type that is being referenced and follows the DNS1035 format. It is normally the plural form of the resource kind in lowercase. It must be at most 63 characters in length, and must must consist of only lowercase alphanumeric characters and hyphens, and must start with an alphabetic character and end with an alphanumeric character. Example: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.ClusterCSIDriverStatus": { - "description": "ClusterCSIDriverStatus is the observed status of CSI driver operator", + "com.github.openshift.api.insights.v1alpha2.PersistentVolumeClaimReference": { + "description": "persistentVolumeClaimReference is a reference to a PersistentVolumeClaim.", "type": "object", + "required": [ + "name" + ], "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "name": { + "description": "name is a string that follows the DNS1123 subdomain format. It must be at most 253 characters in length, and must consist only of lower case alphanumeric characters, '-' and '.', and must start and end with an alphanumeric character.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.insights.v1alpha2.PersistentVolumeConfig": { + "description": "persistentVolumeConfig provides configuration options for PersistentVolume storage.", + "type": "object", + "required": [ + "claim" + ], + "properties": { + "claim": { + "description": "claim is a required field that specifies the configuration of the PersistentVolumeClaim that will be used to store the Insights data archive. The PersistentVolumeClaim must be created in the openshift-insights namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.PersistentVolumeClaimReference" }, - "version": { - "description": "version is the level this availability applies to", + "mountPath": { + "description": "mountPath is an optional field specifying the directory where the PVC will be mounted inside the Insights data gathering Pod. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default mount path is /var/lib/insights-operator The path may not exceed 1024 characters and must not contain a colon.", "type": "string" } } }, - "com.github.openshift.api.operator.v1.ClusterNetworkEntry": { - "description": "ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks", + "com.github.openshift.api.insights.v1alpha2.Storage": { + "description": "storage provides persistent storage configuration options for gathering jobs. If the type is set to PersistentVolume, then the PersistentVolume must be defined. If the type is set to Ephemeral, then the PersistentVolume must not be defined.", "type": "object", "required": [ - "cidr" + "type" ], "properties": { - "cidr": { + "persistentVolume": { + "description": "persistentVolume is an optional field that specifies the PersistentVolume that will be used to store the Insights data archive. The PersistentVolume must be created in the openshift-insights namespace.", + "$ref": "#/definitions/com.github.openshift.api.insights.v1alpha2.PersistentVolumeConfig" + }, + "type": { + "description": "type is a required field that specifies the type of storage that will be used to store the Insights data archive. Valid values are \"PersistentVolume\" and \"Ephemeral\". When set to Ephemeral, the Insights data archive is stored in the ephemeral storage of the gathering job. When set to PersistentVolume, the Insights data archive is stored in the PersistentVolume that is defined by the PersistentVolume field.", "type": "string", "default": "" - }, - "hostPrefix": { - "type": "integer", - "format": "int64" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "persistentVolume": "PersistentVolume" + } + } + ] + }, + "com.github.openshift.api.kubecontrolplane.v1.AggregatorConfig": { + "description": "AggregatorConfig holds information required to make the aggregator function.", + "type": "object", + "required": [ + "proxyClientInfo" + ], + "properties": { + "proxyClientInfo": { + "description": "proxyClientInfo specifies the client cert/key to use when proxying to aggregated API servers", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.CertInfo" } } }, - "com.github.openshift.api.operator.v1.Config": { - "description": "Config specifies the behavior of the config operator which is responsible for creating the initial configuration of other components on the cluster. The operator also handles installation, migration or synchronization of cloud configurations for AWS and Azure cloud based clusters\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.kubecontrolplane.v1.KubeAPIServerConfig": { + "description": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "metadata", - "spec" + "servingInfo", + "corsAllowedOrigins", + "auditConfig", + "storageConfig", + "admission", + "kubeClientConfig", + "authConfig", + "aggregatorConfig", + "kubeletClientInfo", + "servicesSubnet", + "servicesNodePortRange", + "consolePublicURL", + "userAgentMatchingConfig", + "imagePolicyConfig", + "projectConfig", + "serviceAccountPublicKeyFiles", + "oauthConfig", + "apiServerArguments" ], "properties": { + "admission": { + "description": "admissionConfig holds information about how to configure admission.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.AdmissionConfig" + }, + "aggregatorConfig": { + "description": "aggregatorConfig has options for configuring the aggregator component of the API server.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.AggregatorConfig" + }, + "apiServerArguments": { + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string", + "default": "" + } + } + }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "auditConfig": { + "description": "auditConfig describes how to configure audit information", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.AuditConfig" + }, + "authConfig": { + "description": "authConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.MasterAuthConfig" + }, + "consolePublicURL": { + "description": "DEPRECATED: consolePublicURL has been deprecated and setting it has no effect.", + "type": "string", + "default": "" + }, + "corsAllowedOrigins": { + "description": "corsAllowedOrigins", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "imagePolicyConfig": { + "description": "imagePolicyConfig feeds the image policy admission plugin", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.KubeAPIServerImagePolicyConfig" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "kubeClientConfig": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.KubeClientConfig" + }, + "kubeletClientInfo": { + "description": "kubeletClientInfo contains information about how to connect to kubelets", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.KubeletConnectionInfo" + }, + "minimumKubeletVersion": { + "description": "minimumKubeletVersion is the lowest version of a kubelet that can join the cluster. Specifically, the apiserver will deny most authorization requests of kubelets that are older than the specified version, only allowing the kubelet to get and update its node object, and perform subjectaccessreviews. This means any kubelet that attempts to join the cluster will not be able to run any assigned workloads, and will eventually be marked as not ready. Its max length is 8, so maximum version allowed is either \"9.999.99\" or \"99.99.99\". Since the kubelet reports the version of the kubernetes release, not Openshift, this field references the underlying kubernetes version this version of Openshift is based off of. In other words: if an admin wishes to ensure no nodes run an older version than Openshift 4.17, then they should set the minimumKubeletVersion to 1.30.0. When comparing versions, the kubelet's version is stripped of any contents outside of major.minor.patch version. Thus, a kubelet with version \"1.0.0-ec.0\" will be compatible with minimumKubeletVersion \"1.0.0\" or earlier.", + "type": "string", + "default": "" + }, + "oauthConfig": { + "description": "oauthConfig, if present start the /oauth endpoint in this process", + "$ref": "#/definitions/com.github.openshift.api.osin.v1.OAuthConfig" + }, + "projectConfig": { + "description": "projectConfig feeds an admission plugin", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.KubeAPIServerProjectConfig" + }, + "serviceAccountPublicKeyFiles": { + "description": "serviceAccountPublicKeyFiles is a list of files, each containing a PEM-encoded public RSA key. (If any file contains a private key, the public portion of the key is used) The list of public keys is used to verify presented service account tokens. Each key is tried in order until the list is exhausted or verification succeeds. If no keys are specified, no service account authentication will be available.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "servicesNodePortRange": { + "description": "servicesNodePortRange is the range to use for assigning service public ports on a host.", + "type": "string", + "default": "" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "servicesSubnet": { + "description": "servicesSubnet is the subnet to use for assigning service IPs", + "type": "string", + "default": "" + }, + "servingInfo": { + "description": "servingInfo describes how to start serving", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" }, - "spec": { - "description": "spec is the specification of the desired behavior of the Config Operator.", + "storageConfig": { + "description": "storageConfig contains information about how to use", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConfigSpec" + "$ref": "#/definitions/com.github.openshift.api.config.v1.EtcdStorageConfig" }, - "status": { - "description": "status defines the observed status of the Config Operator.", + "userAgentMatchingConfig": { + "description": "userAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConfigStatus" + "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.UserAgentMatchingConfig" } } }, - "com.github.openshift.api.operator.v1.ConfigList": { - "description": "ConfigList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.kubecontrolplane.v1.KubeAPIServerImagePolicyConfig": { "type": "object", "required": [ - "metadata", - "items" + "internalRegistryHostname", + "externalRegistryHostnames" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items contains the items", + "externalRegistryHostnames": { + "description": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Config" + "type": "string", + "default": "" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.operator.v1.ConfigMapFileReference": { - "description": "ConfigMapFileReference references a specific file within a ConfigMap.", - "type": "object", - "required": [ - "name", - "key" - ], - "properties": { - "key": { - "description": "key is the logo key inside the referenced ConfigMap. Must consist only of alphanumeric characters, dashes (-), underscores (_), and periods (.). Must be at most 253 characters in length. Must end in a valid file extension. A valid file extension must consist of a period followed by 2 to 5 alpha characters.", - "type": "string", - "default": "" - }, - "name": { - "description": "name is the name of the ConfigMap. name is a required field. Must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. Must be at most 253 characters in length.", + "internalRegistryHostname": { + "description": "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format.", "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1.ConfigSpec": { + "com.github.openshift.api.kubecontrolplane.v1.KubeAPIServerProjectConfig": { "type": "object", "required": [ - "managementState" + "defaultNodeSelector" ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "defaultNodeSelector": { + "description": "defaultNodeSelector holds default project node label selector", "type": "string", "default": "" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - } - } - }, - "com.github.openshift.api.operator.v1.ConfigStatus": { - "type": "object", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" } } }, - "com.github.openshift.api.operator.v1.Console": { - "description": "Console provides a means to configure an operator to manage the console.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.kubecontrolplane.v1.KubeControllerManagerConfig": { + "description": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "spec" + "serviceServingCert", + "projectConfig", + "extendedArguments" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "extendedArguments": { + "description": "extendedArguments is used to configure the kube-controller-manager", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string", + "default": "" + } + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { + "projectConfig": { + "description": "projectConfig is an optimization for the daemonset controller", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConsoleSpec" + "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.KubeControllerManagerProjectConfig" }, - "status": { + "serviceServingCert": { + "description": "serviceServingCert provides support for the old alpha service serving cert signer CA bundle", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConsoleStatus" + "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.ServiceServingCert" } } }, - "com.github.openshift.api.operator.v1.ConsoleConfigRoute": { - "description": "ConsoleConfigRoute holds information on external route access to console. DEPRECATED", + "com.github.openshift.api.kubecontrolplane.v1.KubeControllerManagerProjectConfig": { "type": "object", "required": [ - "hostname" + "defaultNodeSelector" ], "properties": { - "hostname": { - "description": "hostname is the desired custom domain under which console will be available.", + "defaultNodeSelector": { + "description": "defaultNodeSelector holds default project node label selector", "type": "string", "default": "" - }, - "secret": { - "description": "secret points to secret in the openshift-config namespace that contains custom certificate and key and needs to be created manually by the cluster admin. Referenced Secret is required to contain following key value pairs: - \"tls.crt\" - to specifies custom certificate - \"tls.key\" - to specifies private key of the custom certificate If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" } } }, - "com.github.openshift.api.operator.v1.ConsoleCustomization": { - "description": "ConsoleCustomization defines a list of optional configuration for the console UI. Ensure that Logos and CustomLogoFile cannot be set at the same time.", + "com.github.openshift.api.kubecontrolplane.v1.KubeletConnectionInfo": { + "description": "KubeletConnectionInfo holds information necessary for connecting to a kubelet", "type": "object", + "required": [ + "port", + "ca", + "certFile", + "keyFile" + ], "properties": { - "addPage": { - "description": "addPage allows customizing actions on the Add page in developer perspective.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AddPage" - }, - "brand": { - "description": "brand is the default branding of the web console which can be overridden by providing the brand field. There is a limited set of specific brand options. This field controls elements of the console such as the logo. Invalid value will prevent a console rollout.", - "type": "string" - }, - "capabilities": { - "description": "capabilities defines an array of capabilities that can be interacted with in the console UI. Each capability defines a visual state that can be interacted with the console to render in the UI. Available capabilities are LightspeedButton, GettingStartedBanner, and GuidedTour. Each of the available capabilities may appear only once in the list.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Capability" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "customLogoFile": { - "description": "customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a Only one of customLogoFile or logos can be set at a time. ConfigMap in the openshift-config namespace. This can be created with a command like 'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'. Image size must be less than 1 MB due to constraints on the ConfigMap size. The ConfigMap key should include a file extension so that the console serves the file with the correct MIME type. The recommended file format for the logo is SVG, but other file formats are allowed if supported by the browser. Deprecated: Use logos instead.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapFileReference" - }, - "customProductName": { - "description": "customProductName is the name that will be displayed in page titles, logo alt text, and the about dialog instead of the normal OpenShift product name.", - "type": "string" - }, - "developerCatalog": { - "description": "developerCatalog allows to configure the shown developer catalog categories (filters) and types (sub-catalogs).", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCustomization" - }, - "documentationBaseURL": { - "description": "documentationBaseURL links to external documentation are shown in various sections of the web console. Providing documentationBaseURL will override the default documentation URL. Invalid value will prevent a console rollout.", - "type": "string" - }, - "logos": { - "description": "logos is used to replace the OpenShift Masthead and Favicon logos in the console UI with custom logos. logos is an optional field that allows a list of logos. Only one of logos or customLogoFile can be set at a time. If logos is set, customLogoFile must be unset. When specified, there must be at least one entry and no more than 2 entries. Each type must appear only once in the list.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Logo" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "ca": { + "description": "ca is the CA for verifying TLS connections to kubelets", + "type": "string", + "default": "" }, - "perspectives": { - "description": "perspectives allows enabling/disabling of perspective(s) that user can see in the Perspective switcher dropdown.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Perspective" - }, - "x-kubernetes-list-map-keys": [ - "id" - ], - "x-kubernetes-list-type": "map" + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", + "type": "string", + "default": "" }, - "projectAccess": { - "description": "projectAccess allows customizing the available list of ClusterRoles in the Developer perspective Project access page which can be used by a project admin to specify roles to other users and restrict access within the project. If set, the list will replace the default ClusterRole options.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ProjectAccess" + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" }, - "quickStarts": { - "description": "quickStarts allows customization of available ConsoleQuickStart resources in console.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.QuickStarts" + "port": { + "description": "port is the port to connect to kubelets on", + "type": "integer", + "format": "int64", + "default": 0 } } }, - "com.github.openshift.api.operator.v1.ConsoleList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.kubecontrolplane.v1.MasterAuthConfig": { + "description": "MasterAuthConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", "type": "object", "required": [ - "metadata", - "items" + "requestHeader", + "webhookTokenAuthenticators", + "oauthMetadataFile" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "oauthMetadataFile": { + "description": "oauthMetadataFile is a path to a file containing the discovery endpoint for OAuth 2.0 Authorization Server Metadata for an external OAuth server. See IETF Draft: // https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This option is mutually exclusive with OAuthConfig", + "type": "string", + "default": "" }, - "items": { + "requestHeader": { + "description": "requestHeader holds options for setting up a front proxy against the API. It is optional.", + "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.RequestHeaderAuthenticationOptions" + }, + "webhookTokenAuthenticators": { + "description": "webhookTokenAuthenticators, if present configures remote token reviewers", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Console" + "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.WebhookTokenAuthenticator" } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.operator.v1.ConsoleProviders": { - "description": "ConsoleProviders defines a list of optional additional providers of functionality to the console.", - "type": "object", - "properties": { - "statuspage": { - "description": "statuspage contains ID for statuspage.io page that provides status info about.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.StatuspageProvider" } } }, - "com.github.openshift.api.operator.v1.ConsoleSpec": { - "description": "ConsoleSpec is the specification of the desired behavior of the Console.", + "com.github.openshift.api.kubecontrolplane.v1.RequestHeaderAuthenticationOptions": { + "description": "RequestHeaderAuthenticationOptions provides options for setting up a front proxy against the entire API instead of against the /oauth endpoint.", "type": "object", "required": [ - "managementState", - "providers" + "clientCA", + "clientCommonNames", + "usernameHeaders", + "groupHeaders", + "extraHeaderPrefixes" ], "properties": { - "customization": { - "description": "customization is used to optionally provide a small set of customization options to the web console.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConsoleCustomization" - }, - "ingress": { - "description": "ingress allows to configure the alternative ingress for the console. This field is intended for clusters without ingress capability, where access to routes is not possible.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Ingress" - }, - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "clientCA": { + "description": "clientCA is a file with the trusted signer certs. It is required.", "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "plugins": { - "description": "plugins defines a list of enabled console plugin names.", + "clientCommonNames": { + "description": "clientCommonNames is a required list of common names to require a match from.", "type": "array", "items": { "type": "string", "default": "" } }, - "providers": { - "description": "providers contains configuration for using specific service providers.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConsoleProviders" - }, - "route": { - "description": "route contains hostname and secret reference that contains the serving certificate. If a custom route is specified, a new route will be created with the provided hostname, under which console will be available. In case of custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed. In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. The default console route will be maintained to reserve the default hostname for console if the custom route is removed. If not specified, default route will be used. DEPRECATED", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConsoleConfigRoute" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - } - } - }, - "com.github.openshift.api.operator.v1.ConsoleStatus": { - "description": "ConsoleStatus defines the observed status of the Console.", - "type": "object", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", + "extraHeaderPrefixes": { + "description": "extraHeaderPrefixes is the set of request header prefixes to inspect for user extra. X-Remote-Extra- is suggested.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "type": "string", + "default": "" + } }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "groupHeaders": { + "description": "groupHeaders is the set of headers to check for group information. All are unioned.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "type": "string", + "default": "" + } }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + "usernameHeaders": { + "description": "usernameHeaders is the list of headers to check for user information. First hit wins.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.operator.v1.ContainerLoggingDestinationParameters": { - "description": "ContainerLoggingDestinationParameters describes parameters for the Container logging destination type.", + "com.github.openshift.api.kubecontrolplane.v1.ServiceServingCert": { + "description": "ServiceServingCert holds configuration for service serving cert signer which creates cert/key pairs for pods fulfilling a service to serve with.", "type": "object", + "required": [ + "certFile" + ], "properties": { - "maxLength": { - "description": "maxLength is the maximum length of the log message.\n\nValid values are integers in the range 480 to 8192, inclusive.\n\nWhen omitted, the default value is 1024.", - "type": "integer", - "format": "int32" + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.DNS": { - "description": "DNS manages the CoreDNS component to provide a name resolution service for pods and services in the cluster.\n\nThis supports the DNS-based service discovery specification: https://github.com/kubernetes/dns/blob/master/docs/specification.md\n\nMore details: https://kubernetes.io/docs/tasks/administer-cluster/coredns\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.kubecontrolplane.v1.UserAgentDenyRule": { + "description": "UserAgentDenyRule adds a rejection message that can be used to help a user figure out how to get an approved client", "type": "object", + "required": [ + "regex", + "httpVerbs", + "rejectionMessage" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec is the specification of the desired behavior of the DNS.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSSpec" + "httpVerbs": { + "description": "httpVerbs specifies which HTTP verbs should be matched. An empty list means \"match all verbs\".", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "status": { - "description": "status is the most recently observed status of the DNS.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSStatus" - } - } - }, - "com.github.openshift.api.operator.v1.DNSCache": { - "description": "DNSCache defines the fields for configuring DNS caching.", - "type": "object", - "properties": { - "negativeTTL": { - "description": "negativeTTL is optional and specifies the amount of time that a negative response should be cached.\n\nIf configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"100s\", \"1m30s\", \"12h30m10s\". Values that are fractions of a second are rounded down to the nearest second. If the configured value is less than 1s, the default value will be used. If not configured, the value will be 0s and OpenShift will use a default value of 30 seconds unless noted otherwise in the respective Corefile for your version of OpenShift. The default value of 30 seconds is subject to change.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + "regex": { + "description": "regex is a regex that is checked against the User-Agent. Known variants of oc clients 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f", + "type": "string", + "default": "" }, - "positiveTTL": { - "description": "positiveTTL is optional and specifies the amount of time that a positive response should be cached.\n\nIf configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"100s\", \"1m30s\", \"12h30m10s\". Values that are fractions of a second are rounded down to the nearest second. If the configured value is less than 1s, the default value will be used. If not configured, the value will be 0s and OpenShift will use a default value of 900 seconds unless noted otherwise in the respective Corefile for your version of OpenShift. The default value of 900 seconds is subject to change.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + "rejectionMessage": { + "description": "rejectionMessage is the message shown when rejecting a client. If it is not a set, the default message is used.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.DNSList": { - "description": "DNSList contains a list of DNS\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.kubecontrolplane.v1.UserAgentMatchRule": { + "description": "UserAgentMatchRule describes how to match a given request based on User-Agent and HTTPVerb", "type": "object", "required": [ - "items" + "regex", + "httpVerbs" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { + "httpVerbs": { + "description": "httpVerbs specifies which HTTP verbs should be matched. An empty list means \"match all verbs\".", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNS" + "type": "string", + "default": "" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "regex": { + "description": "regex is a regex that is checked against the User-Agent. Known variants of oc clients 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.DNSNodePlacement": { - "description": "DNSNodePlacement describes the node scheduling configuration for DNS pods.", + "com.github.openshift.api.kubecontrolplane.v1.UserAgentMatchingConfig": { + "description": "UserAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!", "type": "object", + "required": [ + "requiredClients", + "deniedClients", + "defaultRejectionMessage" + ], "properties": { - "nodeSelector": { - "description": "nodeSelector is the node selector applied to DNS pods.\n\nIf empty, the default is used, which is currently the following:\n\n kubernetes.io/os: linux\n\nThis default is subject to change.\n\nIf set, the specified selector is used and replaces the default.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" + "defaultRejectionMessage": { + "description": "defaultRejectionMessage is the message shown when rejecting a client. If it is not a set, a generic message is given.", + "type": "string", + "default": "" + }, + "deniedClients": { + "description": "deniedClients if this list is non-empty, then a User-Agent must not match any of the UserAgentRegexes", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.UserAgentDenyRule" } }, - "tolerations": { - "description": "tolerations is a list of tolerations applied to DNS pods.\n\nIf empty, the DNS operator sets a toleration for the \"node-role.kubernetes.io/master\" taint. This default is subject to change. Specifying tolerations without including a toleration for the \"node-role.kubernetes.io/master\" taint may be risky as it could lead to an outage if all worker nodes become unavailable.\n\nNote that the daemon controller adds some tolerations as well. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/", + "requiredClients": { + "description": "requiredClients if this list is non-empty, then a User-Agent must match one of the UserAgentRegexes to be allowed", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" + "$ref": "#/definitions/com.github.openshift.api.kubecontrolplane.v1.UserAgentMatchRule" } } } }, - "com.github.openshift.api.operator.v1.DNSOverTLSConfig": { - "description": "DNSOverTLSConfig describes optional DNSTransportConfig fields that should be captured.", + "com.github.openshift.api.kubecontrolplane.v1.WebhookTokenAuthenticator": { + "description": "WebhookTokenAuthenticators holds the necessary configuation options for external token authenticators", "type": "object", "required": [ - "serverName" + "configFile", + "cacheTTL" ], "properties": { - "caBundle": { - "description": "caBundle references a ConfigMap that must contain either a single CA Certificate or a CA Bundle. This allows cluster administrators to provide their own CA or CA bundle for validating the certificate of upstream resolvers.\n\n1. The configmap must contain a `ca-bundle.crt` key. 2. The value must be a PEM encoded CA certificate or CA bundle. 3. The administrator must create this configmap in the openshift-config namespace. 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "cacheTTL": { + "description": "cacheTTL indicates how long an authentication result should be cached. It takes a valid time duration string (e.g. \"5m\"). If empty, you get a default timeout of 2 minutes. If zero (e.g. \"0m\"), caching is disabled", + "type": "string", + "default": "" }, - "serverName": { - "description": "serverName is the upstream server to connect to when forwarding DNS queries. This is required when Transport is set to \"TLS\". ServerName will be validated against the DNS naming conventions in RFC 1123 and should match the TLS certificate installed in the upstream resolver(s).", + "configFile": { + "description": "configFile is a path to a Kubeconfig file with the webhook configuration", "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1.DNSSpec": { - "description": "DNSSpec is the specification of the desired behavior of the DNS.", + "com.github.openshift.api.legacyconfig.v1.ActiveDirectoryConfig": { + "description": "ActiveDirectoryConfig holds the necessary configuration options to define how an LDAP group sync interacts with an LDAP server using the Active Directory schema", "type": "object", + "required": [ + "usersQuery", + "userNameAttributes", + "groupMembershipAttributes" + ], "properties": { - "cache": { - "description": "cache describes the caching configuration that applies to all server blocks listed in the Corefile. This field allows a cluster admin to optionally configure: * positiveTTL which is a duration for which positive responses should be cached. * negativeTTL which is a duration for which negative responses should be cached. If this is not configured, OpenShift will configure positive and negative caching with a default value that is subject to change. At the time of writing, the default positiveTTL is 900 seconds and the default negativeTTL is 30 seconds or as noted in the respective Corefile for your version of OpenShift.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSCache" - }, - "logLevel": { - "description": "logLevel describes the desired logging verbosity for CoreDNS. Any one of the following values may be specified: * Normal logs errors from upstream resolvers. * Debug logs errors, NXDOMAIN responses, and NODATA responses. * Trace logs errors and all responses.\n Setting logLevel: Trace will produce extremely verbose logs.\nValid values are: \"Normal\", \"Debug\", \"Trace\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether the DNS operator should manage cluster DNS", - "type": "string" - }, - "nodePlacement": { - "description": "nodePlacement provides explicit control over the scheduling of DNS pods.\n\nGenerally, it is useful to run a DNS pod on every node so that DNS queries are always handled by a local DNS pod instead of going over the network to a DNS pod on another node. However, security policies may require restricting the placement of DNS pods to specific nodes. For example, if a security policy prohibits pods on arbitrary nodes from communicating with the API, a node selector can be specified to restrict DNS pods to nodes that are permitted to communicate with the API. Conversely, if running DNS pods on nodes with a particular taint is desired, a toleration can be specified for that taint.\n\nIf unset, defaults are used. See nodePlacement for more details.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSNodePlacement" - }, - "operatorLogLevel": { - "description": "operatorLogLevel controls the logging level of the DNS Operator. Valid values are: \"Normal\", \"Debug\", \"Trace\". Defaults to \"Normal\". setting operatorLogLevel: Trace will produce extremely verbose logs.", - "type": "string" + "groupMembershipAttributes": { + "description": "groupMembershipAttributes defines which attributes on an LDAP user entry will be interpreted as the groups it is a member of", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "servers": { - "description": "servers is a list of DNS resolvers that provide name query delegation for one or more subdomains outside the scope of the cluster domain. If servers consists of more than one Server, longest suffix match will be used to determine the Server.\n\nFor example, if there are two Servers, one for \"foo.com\" and another for \"a.foo.com\", and the name query is for \"www.a.foo.com\", it will be routed to the Server with Zone \"a.foo.com\".\n\nIf this field is nil, no servers are created.", + "userNameAttributes": { + "description": "userNameAttributes defines which attributes on an LDAP user entry will be interpreted as its OpenShift user name.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Server" + "type": "string", + "default": "" } }, - "upstreamResolvers": { - "description": "upstreamResolvers defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers for the case of the default (\".\") server\n\nIf this field is not specified, the upstream used will default to /etc/resolv.conf, with policy \"sequential\"", + "usersQuery": { + "description": "AllUsersQuery holds the template for an LDAP query that returns user entries.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.UpstreamResolvers" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LDAPQuery" } } }, - "com.github.openshift.api.operator.v1.DNSStatus": { - "description": "DNSStatus defines the observed status of the DNS.", + "com.github.openshift.api.legacyconfig.v1.AdmissionConfig": { + "description": "AdmissionConfig holds the necessary configuration options for admission", "type": "object", "required": [ - "clusterIP", - "clusterDomain" + "pluginConfig" ], "properties": { - "clusterDomain": { - "description": "clusterDomain is the local cluster DNS domain suffix for DNS services. This will be a subdomain as defined in RFC 1034, section 3.5: https://tools.ietf.org/html/rfc1034#section-3.5 Example: \"cluster.local\"\n\nMore info: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service", - "type": "string", - "default": "" - }, - "clusterIP": { - "description": "clusterIP is the service IP through which this DNS is made available.\n\nIn the case of the default DNS, this will be a well known IP that is used as the default nameserver for pods that are using the default ClusterFirst DNS policy.\n\nIn general, this IP can be specified in a pod's spec.dnsConfig.nameservers list or used explicitly when performing name resolution from within the cluster. Example: dig foo.com @\n\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "type": "string", - "default": "" + "pluginConfig": { + "description": "pluginConfig allows specifying a configuration file per admission control plugin", + "type": "object", + "additionalProperties": { + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.AdmissionPluginConfig" + } }, - "conditions": { - "description": "conditions provide information about the state of the DNS on the cluster.\n\nThese are the supported DNS conditions:\n\n * Available\n - True if the following conditions are met:\n * DNS controller daemonset is available.\n - False if any of those conditions are unsatisfied.", + "pluginOrderOverride": { + "description": "pluginOrderOverride is a list of admission control plugin names that will be installed on the master. Order is significant. If empty, a default list of plugins is used.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.operator.v1.DNSTransportConfig": { - "description": "DNSTransportConfig groups related configuration parameters used for configuring forwarding to upstream resolvers that support DNS-over-TLS.", + "com.github.openshift.api.legacyconfig.v1.AdmissionPluginConfig": { + "description": "AdmissionPluginConfig holds the necessary configuration options for admission plugins", "type": "object", + "required": [ + "location", + "configuration" + ], "properties": { - "tls": { - "description": "tls contains the additional configuration options to use when Transport is set to \"TLS\".", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSOverTLSConfig" + "configuration": { + "description": "configuration is an embedded configuration object to be used as the plugin's configuration. If present, it will be used instead of the path to the configuration file.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" }, - "transport": { - "description": "transport allows cluster administrators to opt-in to using a DNS-over-TLS connection between cluster DNS and an upstream resolver(s). Configuring TLS as the transport at this level without configuring a CABundle will result in the system certificates being used to verify the serving certificate of the upstream resolver(s).\n\nPossible values: \"\" (empty) - This means no explicit choice has been made and the platform chooses the default which is subject to change over time. The current default is \"Cleartext\". \"Cleartext\" - Cluster admin specified cleartext option. This results in the same functionality as an empty value but may be useful when a cluster admin wants to be more explicit about the transport, or wants to switch from \"TLS\" to \"Cleartext\" explicitly. \"TLS\" - This indicates that DNS queries should be sent over a TLS connection. If Transport is set to TLS, you MUST also set ServerName. If a port is not included with the upstream IP, port 853 will be tried by default per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1.", - "type": "string" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "transport", - "fields-to-discriminateBy": { - "tls": "TLS" - } + "location": { + "description": "location is the path to a configuration file that contains the plugin's configuration", + "type": "string", + "default": "" } - ] + } }, - "com.github.openshift.api.operator.v1.DefaultNetworkDefinition": { - "description": "DefaultNetworkDefinition represents a single network plugin's configuration. type must be specified, along with exactly one \"Config\" that matches the type.", + "com.github.openshift.api.legacyconfig.v1.AggregatorConfig": { + "description": "AggregatorConfig holds information required to make the aggregator function.", "type": "object", "required": [ - "type" + "proxyClientInfo" ], "properties": { - "openshiftSDNConfig": { - "description": "openshiftSDNConfig was previously used to configure the openshift-sdn plugin. DEPRECATED: OpenShift SDN is no longer supported.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftSDNConfig" - }, - "ovnKubernetesConfig": { - "description": "ovnKubernetesConfig configures the ovn-kubernetes plugin.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OVNKubernetesConfig" + "proxyClientInfo": { + "description": "proxyClientInfo specifies the client cert/key to use when proxying to aggregated API servers", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.CertInfo" + } + } + }, + "com.github.openshift.api.legacyconfig.v1.AllowAllPasswordIdentityProvider": { + "description": "AllowAllPasswordIdentityProvider provides identities for users authenticating using non-empty passwords\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "type": { - "description": "type is the type of network All NetworkTypes are supported except for NetworkTypeRaw", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategory": { - "description": "DeveloperConsoleCatalogCategory for the developer console catalog.", + "com.github.openshift.api.legacyconfig.v1.AuditConfig": { + "description": "AuditConfig holds configuration for the audit capabilities", "type": "object", "required": [ - "id", - "label" + "enabled", + "auditFilePath", + "maximumFileRetentionDays", + "maximumRetainedFiles", + "maximumFileSizeMegabytes", + "policyFile", + "policyConfiguration", + "logFormat", + "webHookKubeConfig", + "webHookMode" ], "properties": { - "id": { - "description": "id is an identifier used in the URL to enable deep linking in console. ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters.", + "auditFilePath": { + "description": "All requests coming to the apiserver will be logged to this file.", "type": "string", "default": "" }, - "label": { - "description": "label defines a category display label. It is required and must have 1-64 characters.", + "enabled": { + "description": "If this flag is set, audit log will be printed in the logs. The logs contains, method, user and a requested URL.", + "type": "boolean", + "default": false + }, + "logFormat": { + "description": "Format of saved audits (legacy or json).", "type": "string", "default": "" }, - "subcategories": { - "description": "subcategories defines a list of child categories.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategoryMeta" - } + "maximumFileRetentionDays": { + "description": "Maximum number of days to retain old log files based on the timestamp encoded in their filename.", + "type": "integer", + "format": "int32", + "default": 0 }, - "tags": { - "description": "tags is a list of strings that will match the category. A selected category show all items which has at least one overlapping tag between category and item.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - } - } - }, - "com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategoryMeta": { - "description": "DeveloperConsoleCatalogCategoryMeta are the key identifiers of a developer catalog category.", - "type": "object", - "required": [ - "id", - "label" - ], - "properties": { - "id": { - "description": "id is an identifier used in the URL to enable deep linking in console. ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters.", + "maximumFileSizeMegabytes": { + "description": "Maximum size in megabytes of the log file before it gets rotated. Defaults to 100MB.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "maximumRetainedFiles": { + "description": "Maximum number of old log files to retain.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "policyConfiguration": { + "description": "policyConfiguration is an embedded policy configuration object to be used as the audit policy configuration. If present, it will be used instead of the path to the policy file.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + }, + "policyFile": { + "description": "policyFile is a path to the file that defines the audit policy configuration.", "type": "string", "default": "" }, - "label": { - "description": "label defines a category display label. It is required and must have 1-64 characters.", + "webHookKubeConfig": { + "description": "Path to a .kubeconfig formatted file that defines the audit webhook configuration.", "type": "string", "default": "" }, - "tags": { - "description": "tags is a list of strings that will match the category. A selected category show all items which has at least one overlapping tag between category and item.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - } - } - }, - "com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCustomization": { - "description": "DeveloperConsoleCatalogCustomization allow cluster admin to configure developer catalog.", - "type": "object", - "properties": { - "categories": { - "description": "categories which are shown in the developer catalog.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategory" - } - }, - "types": { - "description": "types allows enabling or disabling of sub-catalog types that user can see in the Developer catalog. When omitted, all the sub-catalog types will be shown.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DeveloperConsoleCatalogTypes" + "webHookMode": { + "description": "Strategy for sending audit events (block or batch).", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.DeveloperConsoleCatalogTypes": { - "description": "DeveloperConsoleCatalogTypes defines the state of the sub-catalog types.", + "com.github.openshift.api.legacyconfig.v1.AugmentedActiveDirectoryConfig": { + "description": "AugmentedActiveDirectoryConfig holds the necessary configuration options to define how an LDAP group sync interacts with an LDAP server using the augmented Active Directory schema", "type": "object", "required": [ - "state" + "usersQuery", + "userNameAttributes", + "groupMembershipAttributes", + "groupsQuery", + "groupUIDAttribute", + "groupNameAttributes" ], "properties": { - "disabled": { - "description": "disabled is a list of developer catalog types (sub-catalogs IDs) that are not shown to users. Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available in the console on the cluster configuration page, or when editing the YAML in the console. Example: \"Devfile\", \"HelmChart\", \"BuilderImage\" If the list is empty or all the available sub-catalog types are added, then the complete developer catalog should be hidden.", + "groupMembershipAttributes": { + "description": "groupMembershipAttributes defines which attributes on an LDAP user entry will be interpreted as the groups it is a member of", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "set" + } }, - "enabled": { - "description": "enabled is a list of developer catalog types (sub-catalogs IDs) that will be shown to users. Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available in the console on the cluster configuration page, or when editing the YAML in the console. Example: \"Devfile\", \"HelmChart\", \"BuilderImage\" If the list is non-empty, a new type will not be shown to the user until it is added to list. If the list is empty the complete developer catalog will be shown.", + "groupNameAttributes": { + "description": "groupNameAttributes defines which attributes on an LDAP group entry will be interpreted as its name to use for an OpenShift group", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "set" + } }, - "state": { - "description": "state defines if a list of catalog types should be enabled or disabled.", + "groupUIDAttribute": { + "description": "GroupUIDAttributes defines which attribute on an LDAP group entry will be interpreted as its unique identifier. (ldapGroupUID)", "type": "string", - "default": "Enabled" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "state", - "fields-to-discriminateBy": { - "disabled": "Disabled", - "enabled": "Enabled" + "default": "" + }, + "groupsQuery": { + "description": "AllGroupsQuery holds the template for an LDAP query that returns group entries.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LDAPQuery" + }, + "userNameAttributes": { + "description": "userNameAttributes defines which attributes on an LDAP user entry will be interpreted as its OpenShift user name.", + "type": "array", + "items": { + "type": "string", + "default": "" } - } - ] - }, - "com.github.openshift.api.operator.v1.EgressIPConfig": { - "description": "EgressIPConfig defines the configuration knobs for egressip", - "type": "object", - "properties": { - "reachabilityTotalTimeoutSeconds": { - "description": "reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. If the EgressIP node cannot be reached within this timeout, the node is declared down. Setting a large value may cause the EgressIP feature to react slowly to node changes. In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 1 second. A value of 0 disables the EgressIP node's reachability check.", - "type": "integer", - "format": "int64" + }, + "usersQuery": { + "description": "AllUsersQuery holds the template for an LDAP query that returns user entries.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LDAPQuery" } } }, - "com.github.openshift.api.operator.v1.EndpointPublishingStrategy": { - "description": "EndpointPublishingStrategy is a way to publish the endpoints of an IngressController, and represents the type and any additional configuration for a specific type.", + "com.github.openshift.api.legacyconfig.v1.BasicAuthPasswordIdentityProvider": { + "description": "BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "type" + "url", + "ca", + "certFile", + "keyFile" ], "properties": { - "hostNetwork": { - "description": "hostNetwork holds parameters for the HostNetwork endpoint publishing strategy. Present only if type is HostNetwork.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.HostNetworkStrategy" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "loadBalancer": { - "description": "loadBalancer holds parameters for the load balancer. Present only if type is LoadBalancerService.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.LoadBalancerStrategy" + "ca": { + "description": "ca is the CA for verifying TLS connections", + "type": "string", + "default": "" }, - "nodePort": { - "description": "nodePort holds parameters for the NodePortService endpoint publishing strategy. Present only if type is NodePortService.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodePortStrategy" + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", + "type": "string", + "default": "" }, - "private": { - "description": "private holds parameters for the Private endpoint publishing strategy. Present only if type is Private.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.PrivateStrategy" + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" }, - "type": { - "description": "type is the publishing strategy to use. Valid values are:\n\n* LoadBalancerService\n\nPublishes the ingress controller using a Kubernetes LoadBalancer Service.\n\nIn this configuration, the ingress controller deployment uses container networking. A LoadBalancer Service is created to publish the deployment.\n\nSee: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer\n\nIf domain is set, a wildcard DNS record will be managed to point at the LoadBalancer Service's external name. DNS records are managed only in DNS zones defined by dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone.\n\nWildcard DNS management is currently supported only on the AWS, Azure, and GCP platforms.\n\n* HostNetwork\n\nPublishes the ingress controller on node ports where the ingress controller is deployed.\n\nIn this configuration, the ingress controller deployment uses host networking, bound to node ports 80 and 443. The user is responsible for configuring an external load balancer to publish the ingress controller via the node ports.\n\n* Private\n\nDoes not publish the ingress controller.\n\nIn this configuration, the ingress controller deployment uses container networking, and is not explicitly published. The user must manually publish the ingress controller.\n\n* NodePortService\n\nPublishes the ingress controller using a Kubernetes NodePort Service.\n\nIn this configuration, the ingress controller deployment uses container networking. A NodePort Service is created to publish the deployment. The specific node ports are dynamically allocated by OpenShift; however, to support static port allocations, user changes to the node port field of the managed NodePort Service will preserved.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "url": { + "description": "url is the remote URL to connect to", "type": "string", "default": "" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "hostNetwork": "HostNetwork", - "loadBalancer": "LoadBalancer", - "nodePort": "NodePort", - "private": "Private" - } - } - ] + } }, - "com.github.openshift.api.operator.v1.Etcd": { - "description": "Etcd provides information to configure an operator to manage etcd.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.BuildDefaultsConfig": { + "description": "BuildDefaultsConfig controls the default information for Builds\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", - "required": [ - "metadata", - "spec" - ], "properties": { + "annotations": { + "description": "annotations are annotations that will be added to the build pod", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "env": { + "description": "env is a set of default environment variables that will be applied to the build if the specified variables do not exist on the build", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" + } + }, + "gitHTTPProxy": { + "description": "gitHTTPProxy is the location of the HTTPProxy for Git source", + "type": "string" + }, + "gitHTTPSProxy": { + "description": "gitHTTPSProxy is the location of the HTTPSProxy for Git source", + "type": "string" + }, + "gitNoProxy": { + "description": "gitNoProxy is the list of domains for which the proxy should not be used", + "type": "string" + }, + "imageLabels": { + "description": "imageLabels is a list of labels that are applied to the resulting image. User can override a default label by providing a label with the same name in their Build/BuildConfig.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageLabel" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "nodeSelector": { + "description": "nodeSelector is a selector which must be true for the build pod to fit on a node", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } }, - "spec": { + "resources": { + "description": "resources defines resource requirements to execute the build.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.EtcdSpec" + "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" }, - "status": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.EtcdStatus" + "sourceStrategyDefaults": { + "description": "sourceStrategyDefaults are default values that apply to builds using the source strategy.", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.SourceStrategyDefaultsConfig" } } }, - "com.github.openshift.api.operator.v1.EtcdList": { - "description": "KubeAPISOperatorConfigList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.BuildOverridesConfig": { + "description": "BuildOverridesConfig controls override settings for builds\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "metadata", - "items" + "forcePull" ], "properties": { + "annotations": { + "description": "annotations are annotations that will be added to the build pod", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "items contains the items", + "forcePull": { + "description": "forcePull indicates whether the build strategy should always be set to ForcePull=true", + "type": "boolean", + "default": false + }, + "imageLabels": { + "description": "imageLabels is a list of labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Etcd" + "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageLabel" } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "nodeSelector": { + "description": "nodeSelector is a selector which must be true for the build pod to fit on a node", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "tolerations": { + "description": "tolerations is a list of Tolerations that will override any existing tolerations set on a build pod.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" + } } } }, - "com.github.openshift.api.operator.v1.EtcdSpec": { + "com.github.openshift.api.legacyconfig.v1.CertInfo": { + "description": "CertInfo relates a certificate with a private key", "type": "object", "required": [ - "managementState", - "forceRedeploymentReason" + "certFile", + "keyFile" ], "properties": { - "backendQuotaGiB": { - "description": "backendQuotaGiB sets the etcd backend storage size limit in gibibytes. The value should be an integer not less than 8 and not more than 32. When not specified, the default value is 8.", - "type": "integer", - "format": "int32", - "default": 8 - }, - "controlPlaneHardwareSpeed": { - "description": "HardwareSpeed allows user to change the etcd tuning profile which configures the latency parameters for heartbeat interval and leader election timeouts allowing the cluster to tolerate longer round-trip-times between etcd members. Valid values are \"\", \"Standard\" and \"Slower\".\n\t\"\" means no opinion and the platform is left to choose a reasonable default\n\twhich is subject to change without notice.\n\nPossible enum values:\n - `\"Slower\"` provides more tolerance for slower hardware and/or higher latency networks. Sets (values subject to change): ETCD_HEARTBEAT_INTERVAL: 5x Standard ETCD_LEADER_ELECTION_TIMEOUT: 2.5x Standard\n - `\"Standard\"` provides the normal tolerances for hardware speed and latency. Currently sets (values subject to change at any time): ETCD_HEARTBEAT_INTERVAL: 100ms ETCD_LEADER_ELECTION_TIMEOUT: 1000ms", - "type": "string", - "default": "", - "enum": [ - "Slower", - "Standard" - ] - }, - "failedRevisionLimit": { - "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", - "type": "integer", - "format": "int32" - }, - "forceRedeploymentReason": { - "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.", + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", "type": "string", "default": "" }, - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", "type": "string", "default": "" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "succeededRevisionLimit": { - "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", - "type": "integer", - "format": "int32" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" } } }, - "com.github.openshift.api.operator.v1.EtcdStatus": { + "com.github.openshift.api.legacyconfig.v1.ClientConnectionOverrides": { + "description": "ClientConnectionOverrides are a set of overrides to the default client connection settings.", "type": "object", + "required": [ + "acceptContentTypes", + "contentType", + "qps", + "burst" + ], "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "controlPlaneHardwareSpeed": { - "description": "Possible enum values:\n - `\"Slower\"` provides more tolerance for slower hardware and/or higher latency networks. Sets (values subject to change): ETCD_HEARTBEAT_INTERVAL: 5x Standard ETCD_LEADER_ELECTION_TIMEOUT: 2.5x Standard\n - `\"Standard\"` provides the normal tolerances for hardware speed and latency. Currently sets (values subject to change at any time): ETCD_HEARTBEAT_INTERVAL: 100ms ETCD_LEADER_ELECTION_TIMEOUT: 1000ms", + "acceptContentTypes": { + "description": "acceptContentTypes defines the Accept header sent by clients when connecting to a server, overriding the default value of 'application/json'. This field will control all connections to the server used by a particular client.", "type": "string", - "default": "", - "enum": [ - "Slower", - "Standard" - ] - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" + "default": "" }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "burst": { + "description": "burst allows extra queries to accumulate when a client is exceeding its rate.", "type": "integer", - "format": "int32" - }, - "latestAvailableRevisionReason": { - "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", - "type": "string" + "format": "int32", + "default": 0 }, - "nodeStatuses": { - "description": "nodeStatuses track the deployment values and errors across individual nodes", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeStatus" - }, - "x-kubernetes-list-map-keys": [ - "nodeName" - ], - "x-kubernetes-list-type": "map" + "contentType": { + "description": "contentType is the content type used when sending data to the server from this client.", + "type": "string", + "default": "" }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" + "qps": { + "description": "qps controls the number of queries per second allowed for this connection.", + "type": "number", + "format": "float", + "default": 0 + } + } + }, + "com.github.openshift.api.legacyconfig.v1.ClusterNetworkEntry": { + "description": "ClusterNetworkEntry defines an individual cluster network. The CIDRs cannot overlap with other cluster network CIDRs, CIDRs reserved for external ips, CIDRs reserved for service networks, and CIDRs reserved for ingress ips.", + "type": "object", + "required": [ + "cidr", + "hostSubnetLength" + ], + "properties": { + "cidr": { + "description": "cidr defines the total range of a cluster networks address space.", + "type": "string", + "default": "" }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "hostSubnetLength": { + "description": "hostSubnetLength is the number of bits of the accompanying CIDR address to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pod.", "type": "integer", - "format": "int32", + "format": "int64", "default": 0 - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" } } }, - "com.github.openshift.api.operator.v1.ExportNetworkFlows": { + "com.github.openshift.api.legacyconfig.v1.ControllerConfig": { + "description": "ControllerConfig holds configuration values for controllers", "type": "object", + "required": [ + "controllers", + "election", + "serviceServingCert" + ], "properties": { - "ipfix": { - "description": "ipfix defines IPFIX configuration.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPFIXConfig" + "controllers": { + "description": "controllers is a list of controllers to enable. '*' enables all on-by-default controllers, 'foo' enables the controller \"+ named 'foo', '-foo' disables the controller named 'foo'. Defaults to \"*\".", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "netFlow": { - "description": "netFlow defines the NetFlow configuration.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NetFlowConfig" + "election": { + "description": "election defines the configuration for electing a controller instance to make changes to the cluster. If unspecified, the ControllerTTL value is checked to determine whether the legacy direct etcd election code will be used.", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ControllerElectionConfig" }, - "sFlow": { - "description": "sFlow defines the SFlow configuration.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.SFlowConfig" + "serviceServingCert": { + "description": "serviceServingCert holds configuration for service serving cert signer which creates cert/key pairs for pods fulfilling a service to serve with.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ServiceServingCert" } } }, - "com.github.openshift.api.operator.v1.FeaturesMigration": { + "com.github.openshift.api.legacyconfig.v1.ControllerElectionConfig": { + "description": "ControllerElectionConfig contains configuration values for deciding how a controller will be elected to act as leader.", "type": "object", + "required": [ + "lockName", + "lockNamespace", + "lockResource" + ], "properties": { - "egressFirewall": { - "description": "egressFirewall specified whether or not the Egress Firewall configuration was migrated. DEPRECATED: network type migration is no longer supported.", - "type": "boolean" + "lockName": { + "description": "lockName is the resource name used to act as the lock for determining which controller instance should lead.", + "type": "string", + "default": "" }, - "egressIP": { - "description": "egressIP specified whether or not the Egress IP configuration was migrated. DEPRECATED: network type migration is no longer supported.", - "type": "boolean" + "lockNamespace": { + "description": "lockNamespace is the resource namespace used to act as the lock for determining which controller instance should lead. It defaults to \"kube-system\"", + "type": "string", + "default": "" }, - "multicast": { - "description": "multicast specified whether or not the multicast configuration was migrated. DEPRECATED: network type migration is no longer supported.", - "type": "boolean" + "lockResource": { + "description": "lockResource is the group and resource name to use to coordinate for the controller lock. If unset, defaults to \"configmaps\".", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.GroupResource" } } }, - "com.github.openshift.api.operator.v1.FileReferenceSource": { - "description": "FileReferenceSource is used by the console to locate the specified file containing a custom logo.", + "com.github.openshift.api.legacyconfig.v1.DNSConfig": { + "description": "DNSConfig holds the necessary configuration options for DNS", "type": "object", "required": [ - "from" + "bindAddress", + "bindNetwork", + "allowRecursiveQueries" ], "properties": { - "configMap": { - "description": "configMap specifies the ConfigMap sourcing details such as the name of the ConfigMap and the key for the file. The ConfigMap must exist in the openshift-config namespace. Required when from is \"ConfigMap\", and forbidden otherwise.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConfigMapFileReference" + "allowRecursiveQueries": { + "description": "allowRecursiveQueries allows the DNS server on the master to answer queries recursively. Note that open resolvers can be used for DNS amplification attacks and the master DNS should not be made accessible to public networks.", + "type": "boolean", + "default": false }, - "from": { - "description": "from is a required field to specify the source type of the file reference. Allowed values are ConfigMap. When set to ConfigMap, the file will be sourced from a ConfigMap in the openshift-config namespace. The configMap field must be set when from is set to ConfigMap.\n\nPossible enum values:\n - `\"ConfigMap\"` represents a ConfigMap source.", + "bindAddress": { + "description": "bindAddress is the ip:port to serve DNS on", "type": "string", - "default": "", - "enum": [ - "ConfigMap" - ] + "default": "" + }, + "bindNetwork": { + "description": "bindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.ForwardPlugin": { - "description": "ForwardPlugin defines a schema for configuring the CoreDNS forward plugin.", + "com.github.openshift.api.legacyconfig.v1.DefaultAdmissionConfig": { + "description": "DefaultAdmissionConfig can be used to enable or disable various admission plugins. When this type is present as the `configuration` object under `pluginConfig` and *if* the admission plugin supports it, this will cause an \"off by default\" admission plugin to be enabled\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "upstreams" + "disable" ], "properties": { - "policy": { - "description": "policy is used to determine the order in which upstream servers are selected for querying. Any one of the following values may be specified:\n\n* \"Random\" picks a random upstream server for each query. * \"RoundRobin\" picks upstream servers in a round-robin order, moving to the next server for each new query. * \"Sequential\" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query.\n\nThe default value is \"Random\"", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "protocolStrategy": { - "description": "protocolStrategy specifies the protocol to use for upstream DNS requests. Valid values for protocolStrategy are \"TCP\" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is to use the protocol of the original client request. \"TCP\" specifies that the platform should use TCP for all upstream DNS requests, even if the client request uses UDP. \"TCP\" is useful for UDP-specific issues such as those created by non-compliant upstream resolvers, but may consume more bandwidth or increase DNS response time. Note that protocolStrategy only affects the protocol of DNS requests that CoreDNS makes to upstream resolvers. It does not affect the protocol of DNS requests between clients and CoreDNS.", - "type": "string", - "default": "" - }, - "transportConfig": { - "description": "transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver.\n\nThe default value is \"\" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSTransportConfig" + "disable": { + "description": "disable turns off an admission plugin that is enabled by default.", + "type": "boolean", + "default": false }, - "upstreams": { - "description": "upstreams is a list of resolvers to forward name queries for subdomains of Zones. Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream returns an error during the exchange, another resolver is tried from Upstreams. The Upstreams are selected in the order specified in Policy. Each upstream is represented by an IP address or IP:port if the upstream listens on a port other than 53.\n\nA maximum of 15 upstreams is allowed per ForwardPlugin.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.GCPCSIDriverConfigSpec": { - "description": "GCPCSIDriverConfigSpec defines properties that can be configured for the GCP CSI driver.", + "com.github.openshift.api.legacyconfig.v1.DenyAllPasswordIdentityProvider": { + "description": "DenyAllPasswordIdentityProvider provides no identities for users\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "properties": { - "kmsKey": { - "description": "kmsKey sets the cluster default storage class to encrypt volumes with customer-supplied encryption keys, rather than the default keys managed by GCP.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GCPKMSKeyReference" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.GCPKMSKeyReference": { - "description": "GCPKMSKeyReference gathers required fields for looking up a GCP KMS Key", + "com.github.openshift.api.legacyconfig.v1.DockerConfig": { + "description": "DockerConfig holds Docker related configuration options.", "type": "object", "required": [ - "name", - "keyRing", - "projectID" + "execHandlerName", + "dockerShimSocket", + "dockerShimRootDirectory" ], "properties": { - "keyRing": { - "description": "keyRing is the name of the KMS Key Ring which the KMS Key belongs to. The value should correspond to an existing KMS key ring and should consist of only alphanumeric characters, hyphens (-) and underscores (_), and be at most 63 characters in length.", + "dockerShimRootDirectory": { + "description": "dockerShimRootDirectory is the dockershim root directory.", "type": "string", "default": "" }, - "location": { - "description": "location is the GCP location in which the Key Ring exists. The value must match an existing GCP location, or \"global\". Defaults to global, if not set.", - "type": "string" - }, - "name": { - "description": "name is the name of the customer-managed encryption key to be used for disk encryption. The value should correspond to an existing KMS key and should consist of only alphanumeric characters, hyphens (-) and underscores (_), and be at most 63 characters in length.", + "dockerShimSocket": { + "description": "dockerShimSocket is the location of the dockershim socket the kubelet uses. Currently unix socket is supported on Linux, and tcp is supported on windows. Examples:'unix:///var/run/dockershim.sock', 'tcp://localhost:3735'", "type": "string", "default": "" }, - "projectID": { - "description": "projectID is the ID of the Project in which the KMS Key Ring exists. It must be 6 to 30 lowercase letters, digits, or hyphens. It must start with a letter. Trailing hyphens are prohibited.", + "execHandlerName": { + "description": "execHandlerName is the name of the handler to use for executing commands in containers.", "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1.GCPLoadBalancerParameters": { - "description": "GCPLoadBalancerParameters provides configuration settings that are specific to GCP load balancers.", - "type": "object", - "properties": { - "clientAccess": { - "description": "clientAccess describes how client access is restricted for internal load balancers.\n\nValid values are: * \"Global\": Specifying an internal load balancer with Global client access\n allows clients from any region within the VPC to communicate with the load\n balancer.\n\n https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access\n\n* \"Local\": Specifying an internal load balancer with Local client access\n means only clients within the same region (and VPC) as the GCP load balancer\n can communicate with the load balancer. Note that this is the default behavior.\n\n https://cloud.google.com/load-balancing/docs/internal#client_access", - "type": "string" - } - } - }, - "com.github.openshift.api.operator.v1.GatewayConfig": { - "description": "GatewayConfig holds node gateway-related parsed config file parameters and command-line overrides", + "com.github.openshift.api.legacyconfig.v1.EtcdConfig": { + "description": "EtcdConfig holds the necessary configuration options for connecting with an etcd database", "type": "object", + "required": [ + "servingInfo", + "address", + "peerServingInfo", + "peerAddress", + "storageDirectory" + ], "properties": { - "ipForwarding": { - "description": "ipForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across OVN-Kubernetes managed interfaces, then set this field to \"Global\". The supported values are \"Restricted\" and \"Global\".", - "type": "string" + "address": { + "description": "address is the advertised host:port for client connections to etcd", + "type": "string", + "default": "" }, - "ipv4": { - "description": "ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv4 for details of default values.", + "peerAddress": { + "description": "peerAddress is the advertised host:port for peer connections to etcd", + "type": "string", + "default": "" + }, + "peerServingInfo": { + "description": "peerServingInfo describes how to start serving the etcd peer", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPv4GatewayConfig" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ServingInfo" }, - "ipv6": { - "description": "ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv6 for details of default values.", + "servingInfo": { + "description": "servingInfo describes how to start serving the etcd master", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPv6GatewayConfig" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ServingInfo" }, - "routingViaHost": { - "description": "routingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port into the host before sending it out. If this is not set, traffic will always egress directly from OVN to outside without touching the host stack. Setting this to true means hardware offload will not be supported. Default is false if GatewayConfig is specified.", - "type": "boolean" + "storageDirectory": { + "description": "StorageDir is the path to the etcd storage directory", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.GatherStatus": { - "description": "gatherStatus provides information about the last known gather event.", + "com.github.openshift.api.legacyconfig.v1.EtcdConnectionInfo": { + "description": "EtcdConnectionInfo holds information necessary for connecting to an etcd server", "type": "object", + "required": [ + "urls", + "ca", + "certFile", + "keyFile" + ], "properties": { - "gatherers": { - "description": "gatherers is a list of active gatherers (and their statuses) in the last gathering.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GathererStatus" - }, - "x-kubernetes-list-type": "atomic" + "ca": { + "description": "ca is a file containing trusted roots for the etcd server certificates", + "type": "string", + "default": "" }, - "lastGatherDuration": { - "description": "lastGatherDuration is the total time taken to process all gatherers during the last gather event.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", + "type": "string", + "default": "" }, - "lastGatherTime": { - "description": "lastGatherTime is the last time when Insights data gathering finished. An empty value means that no data has been gathered yet.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" + }, + "urls": { + "description": "urls are the URLs for etcd", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.operator.v1.GathererStatus": { - "description": "gathererStatus represents information about a particular data gatherer.", + "com.github.openshift.api.legacyconfig.v1.EtcdStorageConfig": { + "description": "EtcdStorageConfig holds the necessary configuration options for the etcd storage underlying OpenShift and Kubernetes", "type": "object", "required": [ - "conditions", - "name", - "lastGatherDuration" + "kubernetesStorageVersion", + "kubernetesStoragePrefix", + "openShiftStorageVersion", + "openShiftStoragePrefix" ], "properties": { - "conditions": { - "description": "conditions provide details on the status of each gatherer.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" - }, - "x-kubernetes-list-type": "atomic" + "kubernetesStoragePrefix": { + "description": "kubernetesStoragePrefix is the path within etcd that the Kubernetes resources will be rooted under. This value, if changed, will mean existing objects in etcd will no longer be located. The default value is 'kubernetes.io'.", + "type": "string", + "default": "" }, - "lastGatherDuration": { - "description": "lastGatherDuration represents the time spent gathering.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + "kubernetesStorageVersion": { + "description": "kubernetesStorageVersion is the API version that Kube resources in etcd should be serialized to. This value should *not* be advanced until all clients in the cluster that read from etcd have code that allows them to read the new version.", + "type": "string", + "default": "" + }, + "openShiftStoragePrefix": { + "description": "openShiftStoragePrefix is the path within etcd that the OpenShift resources will be rooted under. This value, if changed, will mean existing objects in etcd will no longer be located. The default value is 'openshift.io'.", + "type": "string", + "default": "" }, - "name": { - "description": "name is the name of the gatherer.", + "openShiftStorageVersion": { + "description": "openShiftStorageVersion is the API version that OS resources in etcd should be serialized to. This value should *not* be advanced until all clients in the cluster that read from etcd have code that allows them to read the new version.", "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1.GenerationStatus": { - "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "com.github.openshift.api.legacyconfig.v1.GitHubIdentityProvider": { + "description": "GitHubIdentityProvider provides identities for users authenticating using GitHub credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "group", - "resource", - "namespace", - "name", - "lastGeneration", - "hash" + "clientID", + "clientSecret", + "organizations", + "teams", + "hostname", + "ca" ], "properties": { - "group": { - "description": "group is the group of the thing you're tracking", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "ca": { + "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server. If empty, the default system roots are used. This can only be configured when hostname is set to a non-empty value.", "type": "string", "default": "" }, - "hash": { - "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", + "clientID": { + "description": "clientID is the oauth client ID", "type": "string", "default": "" }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "type": "integer", - "format": "int64", - "default": 0 + "clientSecret": { + "description": "clientSecret is the oauth client secret", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.StringSource" }, - "name": { - "description": "name is the name of the thing you're tracking", + "hostname": { + "description": "hostname is the optional domain (e.g. \"mycompany.com\") for use with a hosted instance of GitHub Enterprise. It must match the GitHub Enterprise settings value that is configured at /setup/settings#hostname.", "type": "string", "default": "" }, - "namespace": { - "description": "namespace is where the thing you're tracking is", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.operator.v1.HTTPCompressionPolicy": { - "description": "httpCompressionPolicy turns on compression for the specified MIME types.\n\nThis field is optional, and its absence implies that compression should not be enabled globally in HAProxy.\n\nIf httpCompressionPolicy exists, compression should be enabled only for the specified MIME types.", - "type": "object", - "properties": { - "mimeTypes": { - "description": "mimeTypes is a list of MIME types that should have compression applied. This list can be empty, in which case the ingress controller does not apply compression.\n\nNote: Not all MIME types benefit from compression, but HAProxy will still use resources to try to compress if instructed to. Generally speaking, text (html, css, js, etc.) formats benefit from compression, but formats that are already compressed (image, audio, video, etc.) benefit little in exchange for the time and cpu spent on compressing again. See https://joehonton.medium.com/the-gzip-penalty-d31bd697f1a2", + "organizations": { + "description": "organizations optionally restricts which organizations are allowed to log in", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "set" + } + }, + "teams": { + "description": "teams optionally restricts which teams are allowed to log in. Format is /.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.operator.v1.HealthCheck": { - "description": "healthCheck represents an Insights health check attributes.", + "com.github.openshift.api.legacyconfig.v1.GitLabIdentityProvider": { + "description": "GitLabIdentityProvider provides identities for users authenticating using GitLab credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "description", - "totalRisk", - "advisorURI", - "state" + "ca", + "url", + "clientID", + "clientSecret" ], "properties": { - "advisorURI": { - "description": "advisorURI provides the URL link to the Insights Advisor.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "ca": { + "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", "type": "string", "default": "" }, - "description": { - "description": "description provides basic description of the healtcheck.", + "clientID": { + "description": "clientID is the oauth client ID", "type": "string", "default": "" }, - "state": { - "description": "state determines what the current state of the health check is. Health check is enabled by default and can be disabled by the user in the Insights advisor user interface.", + "clientSecret": { + "description": "clientSecret is the oauth client secret", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.StringSource" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "legacy": { + "description": "legacy determines if OAuth2 or OIDC should be used If true, OAuth2 is used If false, OIDC is used If nil and the URL's host is gitlab.com, OIDC is used Otherwise, OAuth2 is used In a future release, nil will default to using OIDC Eventually this flag will be removed and only OIDC will be used", + "type": "boolean" + }, + "url": { + "description": "url is the oauth server base URL", "type": "string", "default": "" - }, - "totalRisk": { - "description": "totalRisk of the healthcheck. Indicator of the total risk posed by the detected issue; combination of impact and likelihood. The values can be from 1 to 4, and the higher the number, the more important the issue.", - "type": "integer", - "format": "int32", - "default": 0 } } }, - "com.github.openshift.api.operator.v1.HostNetworkStrategy": { - "description": "HostNetworkStrategy holds parameters for the HostNetwork endpoint publishing strategy.", + "com.github.openshift.api.legacyconfig.v1.GoogleIdentityProvider": { + "description": "GoogleIdentityProvider provides identities for users authenticating using Google credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "clientID", + "clientSecret", + "hostedDomain" + ], "properties": { - "httpPort": { - "description": "httpPort is the port on the host which should be used to listen for HTTP requests. This field should be set when port 80 is already in use. The value should not coincide with the NodePort range of the cluster. When the value is 0 or is not specified it defaults to 80.", - "type": "integer", - "format": "int32" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "httpsPort": { - "description": "httpsPort is the port on the host which should be used to listen for HTTPS requests. This field should be set when port 443 is already in use. The value should not coincide with the NodePort range of the cluster. When the value is 0 or is not specified it defaults to 443.", - "type": "integer", - "format": "int32" + "clientID": { + "description": "clientID is the oauth client ID", + "type": "string", + "default": "" }, - "protocol": { - "description": "protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string. * \"TCP\". * \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change.", - "type": "string" + "clientSecret": { + "description": "clientSecret is the oauth client secret", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.StringSource" }, - "statsPort": { - "description": "statsPort is the port on the host where the stats from the router are published. The value should not coincide with the NodePort range of the cluster. If an external load balancer is configured to forward connections to this IngressController, the load balancer should use this port for health checks. The load balancer can send HTTP probes on this port on a given node, with the path /healthz/ready to determine if the ingress controller is ready to receive traffic on the node. For proper operation the load balancer must not forward traffic to a node until the health check reports ready. The load balancer should also stop forwarding requests within a maximum of 45 seconds after /healthz/ready starts reporting not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with a threshold of two successful or failed requests to become healthy or unhealthy respectively, are well-tested values. When the value is 0 or is not specified it defaults to 1936.", - "type": "integer", - "format": "int32" + "hostedDomain": { + "description": "hostedDomain is the optional Google App domain (e.g. \"mycompany.com\") to restrict logins to", + "type": "string", + "default": "" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.HybridOverlayConfig": { + "com.github.openshift.api.legacyconfig.v1.GrantConfig": { + "description": "GrantConfig holds the necessary configuration options for grant handlers", "type": "object", "required": [ - "hybridClusterNetwork" + "method", + "serviceAccountMethod" ], "properties": { - "hybridClusterNetwork": { - "description": "hybridClusterNetwork defines a network space given to nodes on an additional overlay network.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterNetworkEntry" - }, - "x-kubernetes-list-type": "atomic" + "method": { + "description": "method determines the default strategy to use when an OAuth client requests a grant. This method will be used only if the specific OAuth client doesn't provide a strategy of their own. Valid grant handling methods are:\n - auto: always approves grant requests, useful for trusted clients\n - prompt: prompts the end user for approval of grant requests, useful for third-party clients\n - deny: always denies grant requests, useful for black-listed clients", + "type": "string", + "default": "" }, - "hybridOverlayVXLANPort": { - "description": "hybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. Default is 4789", - "type": "integer", - "format": "int64" + "serviceAccountMethod": { + "description": "serviceAccountMethod is used for determining client authorization for service account oauth client. It must be either: deny, prompt", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.IBMCloudCSIDriverConfigSpec": { - "description": "IBMCloudCSIDriverConfigSpec defines the properties that can be configured for the IBM Cloud CSI driver.", + "com.github.openshift.api.legacyconfig.v1.GroupResource": { + "description": "GroupResource points to a resource by its name and API group.", "type": "object", "required": [ - "encryptionKeyCRN" + "group", + "resource" ], "properties": { - "encryptionKeyCRN": { - "description": "encryptionKeyCRN is the IBM Cloud CRN of the customer-managed root key to use for disk encryption of volumes for the default storage classes.", + "group": { + "description": "group is the name of an API group", + "type": "string", + "default": "" + }, + "resource": { + "description": "resource is the name of a resource.", "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1.IBMLoadBalancerParameters": { - "description": "IBMLoadBalancerParameters provides configuration settings that are specific to IBM Cloud load balancers.", + "com.github.openshift.api.legacyconfig.v1.HTPasswdPasswordIdentityProvider": { + "description": "HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "file" + ], "properties": { - "protocol": { - "description": "protocol specifies whether the load balancer uses PROXY protocol to forward connections to the IngressController. See \"service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: \"proxy-protocol\"\" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas\"\n\nPROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol.\n\nValid values for protocol are TCP, PROXY and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is TCP, without the proxy protocol enabled.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "file": { + "description": "file is a reference to your htpasswd file", + "type": "string", + "default": "" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" } } }, - "com.github.openshift.api.operator.v1.IPAMConfig": { - "description": "IPAMConfig contains configurations for IPAM (IP Address Management)", + "com.github.openshift.api.legacyconfig.v1.HTTPServingInfo": { + "description": "HTTPServingInfo holds configuration for serving HTTP", "type": "object", "required": [ - "type" + "bindAddress", + "bindNetwork", + "certFile", + "keyFile", + "clientCA", + "namedCertificates", + "maxRequestsInFlight", + "requestTimeoutSeconds" ], "properties": { - "staticIPAMConfig": { - "description": "staticIPAMConfig configures the static IP address in case of type:IPAMTypeStatic", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.StaticIPAMConfig" + "bindAddress": { + "description": "bindAddress is the ip:port to serve on", + "type": "string", + "default": "" }, - "type": { - "description": "type is the type of IPAM module will be used for IP Address Management(IPAM). The supported values are IPAMTypeDHCP, IPAMTypeStatic", + "bindNetwork": { + "description": "bindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.operator.v1.IPFIXConfig": { - "type": "object", - "properties": { - "collectors": { - "description": "ipfixCollectors is list of strings formatted as ip:port with a maximum of ten items", + }, + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", + "type": "string", + "default": "" + }, + "cipherSuites": { + "description": "cipherSuites contains an overridden list of ciphers for the server to support. Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "com.github.openshift.api.operator.v1.IPsecConfig": { - "type": "object", - "properties": { - "full": { - "description": "full defines configuration parameters for the IPsec `Full` mode. This is permitted only when mode is configured with `Full`, and forbidden otherwise.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPsecFullModeConfig" + } }, - "mode": { - "description": "mode defines the behaviour of the ipsec configuration within the platform. Valid values are `Disabled`, `External` and `Full`. When 'Disabled', ipsec will not be enabled at the node level. When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), this is left to the user to configure.", + "clientCA": { + "description": "clientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates", + "type": "string", + "default": "" + }, + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" + }, + "maxRequestsInFlight": { + "description": "maxRequestsInFlight is the number of concurrent requests allowed to the server. If zero, no limit.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "minTLSVersion": { + "description": "minTLSVersion is the minimum TLS version supported. Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants", "type": "string" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "mode", - "fields-to-discriminateBy": { - "full": "Full" + }, + "namedCertificates": { + "description": "namedCertificates is a list of certificates to use to secure requests to specific hostnames", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.NamedCertificate" } + }, + "requestTimeoutSeconds": { + "description": "requestTimeoutSeconds is the number of seconds before requests are timed out. The default is 60 minutes, if -1 there is no limit on requests.", + "type": "integer", + "format": "int32", + "default": 0 } - ] + } }, - "com.github.openshift.api.operator.v1.IPsecFullModeConfig": { - "description": "IPsecFullModeConfig defines configuration parameters for the IPsec `Full` mode.", + "com.github.openshift.api.legacyconfig.v1.IdentityProvider": { + "description": "IdentityProvider provides identities for users authenticating using credentials", "type": "object", + "required": [ + "name", + "challenge", + "login", + "mappingMethod", + "provider" + ], "properties": { - "encapsulation": { - "description": "encapsulation option to configure libreswan on how inter-pod traffic across nodes are encapsulated to handle NAT traversal. When configured it uses UDP port 4500 for the encapsulation. Valid values are Always, Auto and omitted. Always means enable UDP encapsulation regardless of whether NAT is detected. Auto means enable UDP encapsulation based on the detection of NAT. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is Auto.", - "type": "string" + "challenge": { + "description": "UseAsChallenger indicates whether to issue WWW-Authenticate challenges for this provider", + "type": "boolean", + "default": false + }, + "login": { + "description": "UseAsLogin indicates whether to use this identity provider for unauthenticated browsers to login against", + "type": "boolean", + "default": false + }, + "mappingMethod": { + "description": "mappingMethod determines how identities from this provider are mapped to users", + "type": "string", + "default": "" + }, + "name": { + "description": "name is used to qualify the identities returned by this provider", + "type": "string", + "default": "" + }, + "provider": { + "description": "provider contains the information about how to set up a specific identity provider", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.operator.v1.IPv4GatewayConfig": { - "description": "IPV4GatewayConfig holds the configuration paramaters for IPV4 connections in the GatewayConfig for OVN-Kubernetes", + "com.github.openshift.api.legacyconfig.v1.ImageConfig": { + "description": "ImageConfig holds the necessary configuration options for building image names for system components", "type": "object", + "required": [ + "format", + "latest" + ], "properties": { - "internalMasqueradeSubnet": { - "description": "internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /29). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 169.254.0.0/17 The value must be in proper IPV4 CIDR format", - "type": "string" + "format": { + "description": "format is the format of the name to be built for the system component", + "type": "string", + "default": "" + }, + "latest": { + "description": "latest determines if the latest tag will be pulled from the registry", + "type": "boolean", + "default": false } } }, - "com.github.openshift.api.operator.v1.IPv4OVNKubernetesConfig": { + "com.github.openshift.api.legacyconfig.v1.ImagePolicyConfig": { + "description": "ImagePolicyConfig holds the necessary configuration options for limits and behavior for importing images", "type": "object", + "required": [ + "maxImagesBulkImportedPerRepository", + "disableScheduledImport", + "scheduledImageImportMinimumIntervalSeconds", + "maxScheduledImageImportsPerMinute" + ], "properties": { - "internalJoinSubnet": { - "description": "internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The current default value is 100.64.0.0/16 The subnet must be large enough to accommodate one IP per node in your cluster The value must be in proper IPV4 CIDR format", + "additionalTrustedCA": { + "description": "additionalTrustedCA is a path to a pem bundle file containing additional CAs that should be trusted during imagestream import.", "type": "string" }, - "internalTransitSwitchSubnet": { - "description": "internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 100.88.0.0/16 The subnet must be large enough to accommodate one IP per node in your cluster The value must be in proper IPV4 CIDR format", + "allowedRegistriesForImport": { + "description": "allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.RegistryLocation" + } + }, + "disableScheduledImport": { + "description": "disableScheduledImport allows scheduled background import of images to be disabled.", + "type": "boolean", + "default": false + }, + "externalRegistryHostname": { + "description": "externalRegistryHostname sets the hostname for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", "type": "string" - } - } - }, - "com.github.openshift.api.operator.v1.IPv6GatewayConfig": { - "description": "IPV6GatewayConfig holds the configuration paramaters for IPV6 connections in the GatewayConfig for OVN-Kubernetes", - "type": "object", - "properties": { - "internalMasqueradeSubnet": { - "description": "internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /125). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is fd69::/112 Note that IPV6 dual addresses are not permitted", + }, + "internalRegistryHostname": { + "description": "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format.", "type": "string" + }, + "maxImagesBulkImportedPerRepository": { + "description": "maxImagesBulkImportedPerRepository controls the number of images that are imported when a user does a bulk import of a container repository. This number defaults to 50 to prevent users from importing large numbers of images accidentally. Set -1 for no limit.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "maxScheduledImageImportsPerMinute": { + "description": "maxScheduledImageImportsPerMinute is the maximum number of scheduled image streams that will be imported in the background per minute. The default value is 60. Set to -1 for unlimited.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "scheduledImageImportMinimumIntervalSeconds": { + "description": "scheduledImageImportMinimumIntervalSeconds is the minimum number of seconds that can elapse between when image streams scheduled for background import are checked against the upstream repository. The default value is 15 minutes.", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "com.github.openshift.api.operator.v1.IPv6OVNKubernetesConfig": { + "com.github.openshift.api.legacyconfig.v1.JenkinsPipelineConfig": { + "description": "JenkinsPipelineConfig holds configuration for the Jenkins pipeline strategy", "type": "object", + "required": [ + "autoProvisionEnabled", + "templateNamespace", + "templateName", + "serviceName", + "parameters" + ], "properties": { - "internalJoinSubnet": { - "description": "internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The subnet must be large enough to accommodate one IP per node in your cluster The current default value is fd98::/64 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted", - "type": "string" + "autoProvisionEnabled": { + "description": "autoProvisionEnabled determines whether a Jenkins server will be spawned from the provided template when the first build config in the project with type JenkinsPipeline is created. When not specified this option defaults to true.", + "type": "boolean" }, - "internalTransitSwitchSubnet": { - "description": "internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The subnet must be large enough to accommodate one IP per node in your cluster The current default subnet is fd97::/64 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted", - "type": "string" + "parameters": { + "description": "parameters specifies a set of optional parameters to the Jenkins template.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "serviceName": { + "description": "serviceName is the name of the Jenkins service OpenShift uses to detect whether a Jenkins pipeline handler has already been installed in a project. This value *must* match a service name in the provided template.", + "type": "string", + "default": "" + }, + "templateName": { + "description": "templateName is the name of the default Jenkins template", + "type": "string", + "default": "" + }, + "templateNamespace": { + "description": "templateNamespace contains the namespace name where the Jenkins template is stored", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.Ingress": { - "description": "Ingress allows cluster admin to configure alternative ingress for the console.", + "com.github.openshift.api.legacyconfig.v1.KeystonePasswordIdentityProvider": { + "description": "KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "url", + "ca", + "certFile", + "keyFile", + "domainName", + "useKeystoneIdentity" + ], "properties": { - "clientDownloadsURL": { - "description": "clientDownloadsURL is a URL to be used as the address to download client binaries. If not specified, the downloads route hostname will be used. This field is required for clusters without ingress capability, where access to routes is not possible. The console operator will monitor the URL and may go degraded if it's unreachable for an extended period. Must use the HTTPS scheme.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "ca": { + "description": "ca is the CA for verifying TLS connections", + "type": "string", + "default": "" + }, + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", + "type": "string", + "default": "" + }, + "domainName": { + "description": "Domain Name is required for keystone v3", "type": "string", "default": "" }, - "consoleURL": { - "description": "consoleURL is a URL to be used as the base console address. If not specified, the console route hostname will be used. This field is required for clusters without ingress capability, where access to routes is not possible. Make sure that appropriate ingress is set up at this URL. The console operator will monitor the URL and may go degraded if it's unreachable for an extended period. Must use the HTTPS scheme.", + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.operator.v1.IngressController": { - "description": "IngressController describes a managed ingress controller for the cluster. The controller can service OpenShift Route and Kubernetes Ingress resources.\n\nWhen an IngressController is created, a new ingress controller deployment is created to allow external traffic to reach the services that expose Ingress or Route resources. Updating this resource may lead to disruption for public facing network connections as a new ingress controller revision may be rolled out.\n\nhttps://kubernetes.io/docs/concepts/services-networking/ingress-controllers\n\nWhenever possible, sensible defaults for the platform are used. See each field for more details.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec is the specification of the desired behavior of the IngressController.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerSpec" + "url": { + "description": "url is the remote URL to connect to", + "type": "string", + "default": "" }, - "status": { - "description": "status is the most recently observed status of the IngressController.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerStatus" + "useKeystoneIdentity": { + "description": "useKeystoneIdentity flag indicates that user should be authenticated by keystone ID, not by username", + "type": "boolean", + "default": false } } }, - "com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookie": { - "description": "IngressControllerCaptureHTTPCookie describes an HTTP cookie that should be captured.", + "com.github.openshift.api.legacyconfig.v1.KubeletConnectionInfo": { + "description": "KubeletConnectionInfo holds information necessary for connecting to a kubelet", "type": "object", "required": [ - "matchType", - "maxLength" + "port", + "ca", + "certFile", + "keyFile" ], "properties": { - "matchType": { - "description": "matchType specifies the type of match to be performed on the cookie name. Allowed values are \"Exact\" for an exact string match and \"Prefix\" for a string prefix match. If \"Exact\" is specified, a name must be specified in the name field. If \"Prefix\" is provided, a prefix must be specified in the namePrefix field. For example, specifying matchType \"Prefix\" and namePrefix \"foo\" will capture a cookie named \"foo\" or \"foobar\" but not one named \"bar\". The first matching cookie is captured.", + "ca": { + "description": "ca is the CA for verifying TLS connections to kubelets", "type": "string", "default": "" }, - "maxLength": { - "description": "maxLength specifies a maximum length of the string that will be logged, which includes the cookie name, cookie value, and one-character delimiter. If the log entry exceeds this length, the value will be truncated in the log message. Note that the ingress controller may impose a separate bound on the total length of HTTP headers in a request.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "name": { - "description": "name specifies a cookie name. Its value must be a valid HTTP cookie name as defined in RFC 6265 section 4.1.", + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", "type": "string", "default": "" }, - "namePrefix": { - "description": "namePrefix specifies a cookie name prefix. Its value must be a valid HTTP cookie name as defined in RFC 6265 section 4.1.", + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", "type": "string", "default": "" + }, + "port": { + "description": "port is the port to connect to kubelets on", + "type": "integer", + "format": "int32", + "default": 0 } - }, - "x-kubernetes-unions": [ - { - "discriminator": "matchType", - "fields-to-discriminateBy": { - "name": "Name", - "namePrefix": "NamePrefix" - } - } - ] + } }, - "com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookieUnion": { - "description": "IngressControllerCaptureHTTPCookieUnion describes optional fields of an HTTP cookie that should be captured.", + "com.github.openshift.api.legacyconfig.v1.KubernetesMasterConfig": { + "description": "KubernetesMasterConfig holds the necessary configuration options for the Kubernetes master", "type": "object", "required": [ - "matchType" + "apiLevels", + "disabledAPIGroupVersions", + "masterIP", + "masterEndpointReconcileTTL", + "servicesSubnet", + "servicesNodePortRange", + "schedulerConfigFile", + "podEvictionTimeout", + "proxyClientInfo", + "apiServerArguments", + "controllerArguments", + "schedulerArguments" ], "properties": { - "matchType": { - "description": "matchType specifies the type of match to be performed on the cookie name. Allowed values are \"Exact\" for an exact string match and \"Prefix\" for a string prefix match. If \"Exact\" is specified, a name must be specified in the name field. If \"Prefix\" is provided, a prefix must be specified in the namePrefix field. For example, specifying matchType \"Prefix\" and namePrefix \"foo\" will capture a cookie named \"foo\" or \"foobar\" but not one named \"bar\". The first matching cookie is captured.", + "apiLevels": { + "description": "apiLevels is a list of API levels that should be enabled on startup: v1 as examples", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "apiServerArguments": { + "description": "apiServerArguments are key value pairs that will be passed directly to the Kube apiserver that match the apiservers's command line arguments. These are not migrated, but if you reference a value that does not exist the server will not start. These values may override other settings in KubernetesMasterConfig which may cause invalid configurations.", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string", + "default": "" + } + } + }, + "controllerArguments": { + "description": "controllerArguments are key value pairs that will be passed directly to the Kube controller manager that match the controller manager's command line arguments. These are not migrated, but if you reference a value that does not exist the server will not start. These values may override other settings in KubernetesMasterConfig which may cause invalid configurations.", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string", + "default": "" + } + } + }, + "disabledAPIGroupVersions": { + "description": "disabledAPIGroupVersions is a map of groups to the versions (or *) that should be disabled.", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string", + "default": "" + } + } + }, + "masterEndpointReconcileTTL": { + "description": "masterEndpointReconcileTTL sets the time to live in seconds of an endpoint record recorded by each master. The endpoints are checked at an interval that is 2/3 of this value and this value defaults to 15s if unset. In very large clusters, this value may be increased to reduce the possibility that the master endpoint record expires (due to other load on the etcd server) and causes masters to drop in and out of the kubernetes service record. It is not recommended to set this value below 15s.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "masterIP": { + "description": "masterIP is the public IP address of kubernetes stuff. If empty, the first result from net.InterfaceAddrs will be used.", "type": "string", "default": "" }, - "name": { - "description": "name specifies a cookie name. Its value must be a valid HTTP cookie name as defined in RFC 6265 section 4.1.", + "podEvictionTimeout": { + "description": "podEvictionTimeout controls grace period for deleting pods on failed nodes. It takes valid time duration string. If empty, you get the default pod eviction timeout.", "type": "string", "default": "" }, - "namePrefix": { - "description": "namePrefix specifies a cookie name prefix. Its value must be a valid HTTP cookie name as defined in RFC 6265 section 4.1.", + "proxyClientInfo": { + "description": "proxyClientInfo specifies the client cert/key to use when proxying to pods", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.CertInfo" + }, + "schedulerArguments": { + "description": "schedulerArguments are key value pairs that will be passed directly to the Kube scheduler that match the scheduler's command line arguments. These are not migrated, but if you reference a value that does not exist the server will not start. These values may override other settings in KubernetesMasterConfig which may cause invalid configurations.", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string", + "default": "" + } + } + }, + "schedulerConfigFile": { + "description": "schedulerConfigFile points to a file that describes how to set up the scheduler. If empty, you get the default scheduling rules.", + "type": "string", + "default": "" + }, + "servicesNodePortRange": { + "description": "servicesNodePortRange is the range to use for assigning service public ports on a host.", + "type": "string", + "default": "" + }, + "servicesSubnet": { + "description": "servicesSubnet is the subnet to use for assigning service IPs", "type": "string", "default": "" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "matchType", - "fields-to-discriminateBy": { - "name": "Name", - "namePrefix": "NamePrefix" - } - } - ] + } }, - "com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader": { - "description": "IngressControllerCaptureHTTPHeader describes an HTTP header that should be captured.", + "com.github.openshift.api.legacyconfig.v1.LDAPAttributeMapping": { + "description": "LDAPAttributeMapping maps LDAP attributes to OpenShift identity fields", "type": "object", "required": [ + "id", + "preferredUsername", "name", - "maxLength" + "email" ], "properties": { - "maxLength": { - "description": "maxLength specifies a maximum length for the header value. If a header value exceeds this length, the value will be truncated in the log message. Note that the ingress controller may impose a separate bound on the total length of HTTP headers in a request.", - "type": "integer", - "format": "int32", - "default": 0 + "email": { + "description": "email is the list of attributes whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "id": { + "description": "id is the list of attributes whose values should be used as the user ID. Required. LDAP standard identity attribute is \"dn\"", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, "name": { - "description": "name specifies a header name. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2.", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeaders": { - "description": "IngressControllerCaptureHTTPHeaders specifies which HTTP headers the IngressController captures.", - "type": "object", - "properties": { - "request": { - "description": "request specifies which HTTP request headers to capture.\n\nIf this field is empty, no request headers are captured.", + "description": "name is the list of attributes whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity LDAP standard display name attribute is \"cn\"", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader" - }, - "x-kubernetes-list-type": "atomic" + "type": "string", + "default": "" + } }, - "response": { - "description": "response specifies which HTTP response headers to capture.\n\nIf this field is empty, no response headers are captured.", + "preferredUsername": { + "description": "preferredUsername is the list of attributes whose values should be used as the preferred username. LDAP standard login attribute is \"uid\"", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader" - }, - "x-kubernetes-list-type": "atomic" + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.operator.v1.IngressControllerHTTPHeader": { - "description": "IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header.", + "com.github.openshift.api.legacyconfig.v1.LDAPPasswordIdentityProvider": { + "description": "LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "name", - "action" + "url", + "bindDN", + "bindPassword", + "insecure", + "ca", + "attributes" ], "properties": { - "action": { - "description": "action specifies actions to perform on headers, such as setting or deleting headers.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "attributes": { + "description": "attributes maps LDAP attributes to identities", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActionUnion" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LDAPAttributeMapping" }, - "name": { - "description": "name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, \"-!#$%&'*+.^_`\". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.", + "bindDN": { + "description": "bindDN is an optional DN to bind with during the search phase.", + "type": "string", + "default": "" + }, + "bindPassword": { + "description": "bindPassword is an optional password to bind with during the search phase.", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.StringSource" + }, + "ca": { + "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", + "type": "string", + "default": "" + }, + "insecure": { + "description": "Insecure, if true, indicates the connection should not use TLS. Cannot be set to true with a URL scheme of \"ldaps://\" If false, \"ldaps://\" URLs connect using TLS, and \"ldap://\" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830", + "type": "boolean", + "default": false + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "url": { + "description": "url is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is\n ldap://host:port/basedn?attribute?scope?filter", "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActionUnion": { - "description": "IngressControllerHTTPHeaderActionUnion specifies an action to take on an HTTP header.", + "com.github.openshift.api.legacyconfig.v1.LDAPQuery": { + "description": "LDAPQuery holds the options necessary to build an LDAP query", "type": "object", "required": [ - "type" + "baseDN", + "scope", + "derefAliases", + "timeout", + "filter", + "pageSize" ], "properties": { - "set": { - "description": "set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerSetHTTPHeader" + "baseDN": { + "description": "The DN of the branch of the directory where all searches should start from", + "type": "string", + "default": "" }, - "type": { - "description": "type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.", + "derefAliases": { + "description": "The (optional) behavior of the search with regards to alisases. Can be: never: never dereference aliases, search: only dereference in searching, base: only dereference in finding the base object, always: always dereference Defaults to always dereferencing if not set", "type": "string", "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "set": "Set" - } - } - ] - }, - "com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActions": { - "description": "IngressControllerHTTPHeaderActions defines configuration for actions on HTTP request and response headers.", - "type": "object", - "properties": { - "request": { - "description": "request is a list of HTTP request headers to modify. Actions defined here will modify the request headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for request headers will be executed before Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. Sample fetchers allowed are \"req.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[req.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\".", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerHTTPHeader" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" }, - "response": { - "description": "response is a list of HTTP response headers to modify. Actions defined here will modify the response headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for response headers will be executed after Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. Sample fetchers allowed are \"res.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[res.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\".", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerHTTPHeader" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "filter": { + "description": "filter is a valid LDAP search filter that retrieves all relevant entries from the LDAP server with the base DN", + "type": "string", + "default": "" + }, + "pageSize": { + "description": "pageSize is the maximum preferred page size, measured in LDAP entries. A page size of 0 means no paging will be done.", + "type": "integer", + "format": "int32", + "default": 0 + }, + "scope": { + "description": "The (optional) scope of the search. Can be: base: only the base object, one: all object on the base level, sub: the entire subtree Defaults to the entire subtree if not set", + "type": "string", + "default": "" + }, + "timeout": { + "description": "TimeLimit holds the limit of time in seconds that any request to the server can remain outstanding before the wait for a response is given up. If this is 0, no client-side limit is imposed", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "com.github.openshift.api.operator.v1.IngressControllerHTTPHeaders": { - "description": "IngressControllerHTTPHeaders specifies how the IngressController handles certain HTTP headers.", + "com.github.openshift.api.legacyconfig.v1.LDAPSyncConfig": { + "description": "LDAPSyncConfig holds the necessary configuration options to define an LDAP group sync\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "url", + "bindDN", + "bindPassword", + "insecure", + "ca", + "groupUIDNameMapping" + ], "properties": { - "actions": { - "description": "actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the \"haproxy.router.openshift.io/hsts_header\" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController's spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route's spec.httpHeaders.actions field. Headers set using this API cannot be captured for use in access logs. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActions" + "activeDirectory": { + "description": "ActiveDirectoryConfig holds the configuration for extracting data from an LDAP server set up in a fashion similar to that used in Active Directory: first-class user entries, with group membership determined by a multi-valued attribute on members listing groups they are a member of", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ActiveDirectoryConfig" }, - "forwardedHeaderPolicy": { - "description": "forwardedHeaderPolicy specifies when and how the IngressController sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version HTTP headers. The value may be one of the following:\n\n* \"Append\", which specifies that the IngressController appends the\n headers, preserving existing headers.\n\n* \"Replace\", which specifies that the IngressController sets the\n headers, replacing any existing Forwarded or X-Forwarded-* headers.\n\n* \"IfNone\", which specifies that the IngressController sets the\n headers if they are not already set.\n\n* \"Never\", which specifies that the IngressController never sets the\n headers, preserving any existing headers.\n\nBy default, the policy is \"Append\".", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "headerNameCaseAdjustments": { - "description": "headerNameCaseAdjustments specifies case adjustments that can be applied to HTTP header names. Each adjustment is specified as an HTTP header name with the desired capitalization. For example, specifying \"X-Forwarded-For\" indicates that the \"x-forwarded-for\" HTTP header should be adjusted to have the specified capitalization.\n\nThese adjustments are only applied to cleartext, edge-terminated, and re-encrypt routes, and only when using HTTP/1.\n\nFor request headers, these adjustments are applied only for routes that have the haproxy.router.openshift.io/h1-adjust-case=true annotation. For response headers, these adjustments are applied to all HTTP responses.\n\nIf this field is empty, no request headers are adjusted.", - "type": "array", - "items": { + "augmentedActiveDirectory": { + "description": "AugmentedActiveDirectoryConfig holds the configuration for extracting data from an LDAP server set up in a fashion similar to that used in Active Directory as described above, with one addition: first-class group entries exist and are used to hold metadata but not group membership", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.AugmentedActiveDirectoryConfig" + }, + "bindDN": { + "description": "bindDN is an optional DN to bind to the LDAP server with", + "type": "string", + "default": "" + }, + "bindPassword": { + "description": "bindPassword is an optional password to bind with during the search phase.", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.StringSource" + }, + "ca": { + "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", + "type": "string", + "default": "" + }, + "groupUIDNameMapping": { + "description": "LDAPGroupUIDToOpenShiftGroupNameMapping is an optional direct mapping of LDAP group UIDs to OpenShift Group names", + "type": "object", + "additionalProperties": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } }, - "uniqueId": { - "description": "uniqueId describes configuration for a custom HTTP header that the ingress controller should inject into incoming HTTP requests. Typically, this header is configured to have a value that is unique to the HTTP request. The header can be used by applications or included in access logs to facilitate tracing individual HTTP requests.\n\nIf this field is empty, no such header is injected into requests.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerHTTPUniqueIdHeaderPolicy" + "insecure": { + "description": "Insecure, if true, indicates the connection should not use TLS. Cannot be set to true with a URL scheme of \"ldaps://\" If false, \"ldaps://\" URLs connect using TLS, and \"ldap://\" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830", + "type": "boolean", + "default": false + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "rfc2307": { + "description": "RFC2307Config holds the configuration for extracting data from an LDAP server set up in a fashion similar to RFC2307: first-class group and user entries, with group membership determined by a multi-valued attribute on the group entry listing its members", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.RFC2307Config" + }, + "url": { + "description": "Host is the scheme, host and port of the LDAP server to connect to: scheme://host:port", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.IngressControllerHTTPUniqueIdHeaderPolicy": { - "description": "IngressControllerHTTPUniqueIdHeaderPolicy describes configuration for a unique id header.", + "com.github.openshift.api.legacyconfig.v1.LocalQuota": { + "description": "LocalQuota contains options for controlling local volume quota on the node.", "type": "object", + "required": [ + "perFSGroup" + ], "properties": { - "format": { - "description": "format specifies the format for the injected HTTP header's value. This field has no effect unless name is specified. For the HAProxy-based ingress controller implementation, this format uses the same syntax as the HTTP log format. If the field is empty, the default value is \"%{+X}o\\\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid\"; see the corresponding HAProxy documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3", - "type": "string" - }, - "name": { - "description": "name specifies the name of the HTTP header (for example, \"unique-id\") that the ingress controller should inject into HTTP requests. The field's value must be a valid HTTP header name as defined in RFC 2616 section 4.2. If the field is empty, no header is injected.", - "type": "string" + "perFSGroup": { + "description": "FSGroup can be specified to enable a quota on local storage use per unique FSGroup ID. At present this is only implemented for emptyDir volumes, and if the underlying volumeDirectory is on an XFS filesystem.", + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.operator.v1.IngressControllerList": { - "description": "IngressControllerList contains a list of IngressControllers.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.MasterAuthConfig": { + "description": "MasterAuthConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", "type": "object", "required": [ - "items" + "requestHeader", + "webhookTokenAuthenticators", + "oauthMetadataFile" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "oauthMetadataFile": { + "description": "oauthMetadataFile is a path to a file containing the discovery endpoint for OAuth 2.0 Authorization Server Metadata for an external OAuth server. See IETF Draft: // https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 This option is mutually exclusive with OAuthConfig", + "type": "string", + "default": "" }, - "items": { + "requestHeader": { + "description": "requestHeader holds options for setting up a front proxy against the API. It is optional.", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.RequestHeaderAuthenticationOptions" + }, + "webhookTokenAuthenticators": { + "description": "WebhookTokenAuthnConfig, if present configures remote token reviewers", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressController" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.operator.v1.IngressControllerLogging": { - "description": "IngressControllerLogging describes what should be logged where.", - "type": "object", - "properties": { - "access": { - "description": "access describes how the client requests should be logged.\n\nIf this field is empty, access logging is disabled.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AccessLogging" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.WebhookTokenAuthenticator" + } } } }, - "com.github.openshift.api.operator.v1.IngressControllerSetHTTPHeader": { - "description": "IngressControllerSetHTTPHeader defines the value which needs to be set on an HTTP header.", + "com.github.openshift.api.legacyconfig.v1.MasterClients": { + "description": "MasterClients holds references to `.kubeconfig` files that qualify master clients for OpenShift and Kubernetes", "type": "object", "required": [ - "value" + "openshiftLoopbackKubeConfig", + "openshiftLoopbackClientConnectionOverrides" ], "properties": { - "value": { - "description": "value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController.", + "openshiftLoopbackClientConnectionOverrides": { + "description": "openshiftLoopbackClientConnectionOverrides specifies client overrides for system components to loop back to this master.", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ClientConnectionOverrides" + }, + "openshiftLoopbackKubeConfig": { + "description": "openshiftLoopbackKubeConfig is a .kubeconfig filename for system components to loopback to this master", "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1.IngressControllerSpec": { - "description": "IngressControllerSpec is the specification of the desired behavior of the IngressController.", + "com.github.openshift.api.legacyconfig.v1.MasterConfig": { + "description": "MasterConfig holds the necessary configuration options for the OpenShift master\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "servingInfo", + "authConfig", + "aggregatorConfig", + "corsAllowedOrigins", + "apiLevels", + "masterPublicURL", + "controllers", + "admissionConfig", + "controllerConfig", + "etcdStorageConfig", + "etcdClientInfo", + "kubeletClientInfo", + "kubernetesMasterConfig", + "etcdConfig", + "oauthConfig", + "dnsConfig", + "serviceAccountConfig", + "masterClients", + "imageConfig", + "imagePolicyConfig", + "policyConfig", + "projectConfig", + "routingConfig", + "networkConfig", + "volumeConfig", + "jenkinsPipelineConfig", + "auditConfig" + ], "properties": { - "clientTLS": { - "description": "clientTLS specifies settings for requesting and verifying client certificates, which can be used to enable mutual TLS for edge-terminated and reencrypt routes.", + "admissionConfig": { + "description": "admissionConfig contains admission control plugin configuration.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClientTLS" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.AdmissionConfig" }, - "closedClientConnectionPolicy": { - "description": "closedClientConnectionPolicy controls how the IngressController behaves when the client closes the TCP connection while the TLS handshake or HTTP request is in progress. This option maps directly to HAProxy’s \"abortonclose\" option.\n\nValid values are: \"Abort\" and \"Continue\". The default value is \"Continue\".\n\nWhen set to \"Abort\", the router will stop processing the TLS handshake if it is in progress, and it will not send an HTTP request to the backend server if the request has not yet been sent when the client closes the connection.\n\nWhen set to \"Continue\", the router will complete the TLS handshake if it is in progress, or send an HTTP request to the backend server and wait for the backend server's response, regardless of whether the client has closed the connection.\n\nSetting \"Abort\" can help free CPU resources otherwise spent on TLS computation for connections the client has already closed, and can reduce request queue size, thereby reducing the load on saturated backend servers.\n\nImportant Considerations:\n\n - The default policy (\"Continue\") is HTTP-compliant, and requests\n for aborted client connections will still be served.\n Use the \"Continue\" policy to allow a client to send a request\n and then immediately close its side of the connection while\n still receiving a response on the half-closed connection.\n\n - When clients use keep-alive connections, the most common case for premature\n closure is when the user wants to cancel the transfer or when a timeout\n occurs. In that case, the \"Abort\" policy may be used to reduce resource consumption.\n\n - Using RSA keys larger than 2048 bits can significantly slow down\n TLS computations. Consider using the \"Abort\" policy to reduce CPU usage.", - "type": "string", - "default": "Continue" + "aggregatorConfig": { + "description": "aggregatorConfig has options for configuring the aggregator component of the API server.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.AggregatorConfig" }, - "defaultCertificate": { - "description": "defaultCertificate is a reference to a secret containing the default certificate served by the ingress controller. When Routes don't specify their own certificate, defaultCertificate is used.\n\nThe secret must contain the following keys and data:\n\n tls.crt: certificate file contents\n tls.key: key file contents\n\nIf unset, a wildcard certificate is automatically generated and used. The certificate is valid for the ingress controller domain (and subdomains) and the generated certificate's CA will be automatically integrated with the cluster's trust store.\n\nIf a wildcard certificate is used and shared by multiple HTTP/2 enabled routes (which implies ALPN) then clients (i.e., notably browsers) are at liberty to reuse open connections. This means a client can reuse a connection to another route and that is likely to fail. This behaviour is generally known as connection coalescing.\n\nThe in-use certificate (whether generated or user-specified) will be automatically integrated with OpenShift's built-in OAuth server.", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + "apiLevels": { + "description": "apiLevels is a list of API levels that should be enabled on startup: v1 as examples", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "domain": { - "description": "domain is a DNS name serviced by the ingress controller and is used to configure multiple features:\n\n* For the LoadBalancerService endpoint publishing strategy, domain is\n used to configure DNS records. See endpointPublishingStrategy.\n\n* When using a generated default certificate, the certificate will be valid\n for domain and its subdomains. See defaultCertificate.\n\n* The value is published to individual Route statuses so that end-users\n know where to target external DNS records.\n\ndomain must be unique among all IngressControllers, and cannot be updated.\n\nIf empty, defaults to ingress.config.openshift.io/cluster .spec.domain.\n\nThe domain value must be a valid DNS name. It must consist of lowercase alphanumeric characters, '-' or '.', and each label must start and end with an alphanumeric character and not exceed 63 characters. Maximum length of a valid DNS domain is 253 characters.\n\nThe implementation may add a prefix such as \"router-default.\" to the domain when constructing the router canonical hostname. To ensure the resulting hostname does not exceed the DNS maximum length of 253 characters, the domain length is additionally validated at the IngressController object level. For the maximum length of the domain value itself, the shortest possible variant of the prefix and the ingress controller name was considered for example \"router-a.\"", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "endpointPublishingStrategy": { - "description": "endpointPublishingStrategy is used to publish the ingress controller endpoints to other networks, enable load balancer integrations, etc.\n\nIf unset, the default is based on infrastructure.config.openshift.io/cluster .status.platform:\n\n AWS: LoadBalancerService (with External scope)\n Azure: LoadBalancerService (with External scope)\n GCP: LoadBalancerService (with External scope)\n IBMCloud: LoadBalancerService (with External scope)\n AlibabaCloud: LoadBalancerService (with External scope)\n Libvirt: HostNetwork\n\nAny other platform types (including None) default to HostNetwork.\n\nendpointPublishingStrategy cannot be updated.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.EndpointPublishingStrategy" - }, - "httpCompression": { - "description": "httpCompression defines a policy for HTTP traffic compression. By default, there is no HTTP compression.", + "auditConfig": { + "description": "auditConfig holds information related to auditing capabilities.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.HTTPCompressionPolicy" - }, - "httpEmptyRequestsPolicy": { - "description": "httpEmptyRequestsPolicy describes how HTTP connections should be handled if the connection times out before a request is received. Allowed values for this field are \"Respond\" and \"Ignore\". If the field is set to \"Respond\", the ingress controller sends an HTTP 400 or 408 response, logs the connection (if access logging is enabled), and counts the connection in the appropriate metrics. If the field is set to \"Ignore\", the ingress controller closes the connection without sending a response, logging the connection, or incrementing metrics. The default value is \"Respond\".\n\nTypically, these connections come from load balancers' health probes or Web browsers' speculative connections (\"preconnect\") and can be safely ignored. However, these requests may also be caused by network errors, and so setting this field to \"Ignore\" may impede detection and diagnosis of problems. In addition, these requests may be caused by port scans, in which case logging empty requests may aid in detecting intrusion attempts.", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.AuditConfig" }, - "httpErrorCodePages": { - "description": "httpErrorCodePages specifies a configmap with custom error pages. The administrator must create this configmap in the openshift-config namespace. This configmap should have keys in the format \"error-page-.http\", where is an HTTP error code. For example, \"error-page-503.http\" defines an error page for HTTP 503 responses. Currently only error pages for 503 and 404 responses can be customized. Each value in the configmap should be the full response, including HTTP headers. Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http If this field is empty, the ingress controller uses the default error pages.", + "authConfig": { + "description": "authConfig configures authentication options in addition to the standard oauth token and client certificate authenticators", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.MasterAuthConfig" }, - "httpHeaders": { - "description": "httpHeaders defines policy for HTTP headers.\n\nIf this field is empty, the default values are used.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerHTTPHeaders" + "controllerConfig": { + "description": "controllerConfig holds configuration values for controllers", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ControllerConfig" }, - "idleConnectionTerminationPolicy": { - "description": "idleConnectionTerminationPolicy maps directly to HAProxy's idle-close-on-response option and controls whether HAProxy keeps idle frontend connections open during a soft stop (router reload).\n\nAllowed values for this field are \"Immediate\" and \"Deferred\". The default value is \"Immediate\".\n\nWhen set to \"Immediate\", idle connections are closed immediately during router reloads. This ensures immediate propagation of route changes but may impact clients sensitive to connection resets.\n\nWhen set to \"Deferred\", HAProxy will maintain idle connections during a soft reload instead of closing them immediately. These connections remain open until any of the following occurs:\n\n - A new request is received on the connection, in which\n case HAProxy handles it in the old process and closes\n the connection after sending the response.\n\n - HAProxy's `timeout http-keep-alive` duration expires.\n By default this is 300 seconds, but it can be changed\n using httpKeepAliveTimeout tuning option.\n\n - The client's keep-alive timeout expires, causing the\n client to close the connection.\n\nSetting Deferred can help prevent errors in clients or load balancers that do not properly handle connection resets. Additionally, this option allows you to retain the pre-2.4 HAProxy behaviour: in HAProxy version 2.2 (OpenShift versions < 4.14), maintaining idle connections during a soft reload was the default behaviour, but starting with HAProxy 2.4, the default changed to closing idle connections immediately.\n\nImportant Consideration:\n\n - Using Deferred will result in temporary inconsistencies\n for the first request on each persistent connection\n after a route update and router reload. This request\n will be processed by the old HAProxy process using its\n old configuration. Subsequent requests will use the\n updated configuration.\n\nOperational Considerations:\n\n - Keeping idle connections open during reloads may lead\n to an accumulation of old HAProxy processes if\n connections remain idle for extended periods,\n especially in environments where frequent reloads\n occur.\n\n - Consider monitoring the number of HAProxy processes in\n the router pods when Deferred is set.\n\n - You may need to enable or adjust the\n `ingress.operator.openshift.io/hard-stop-after`\n duration (configured via an annotation on the\n IngressController resource) in environments with\n frequent reloads to prevent resource exhaustion.", + "controllers": { + "description": "controllers is a list of the controllers that should be started. If set to \"none\", no controllers will start automatically. The default value is \"*\" which will start all controllers. When using \"*\", you may exclude controllers by prepending a \"-\" in front of their name. No other values are recognized at this time.", "type": "string", - "default": "Immediate" - }, - "logging": { - "description": "logging defines parameters for what should be logged where. If this field is empty, operational logs are enabled but access logs are disabled.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerLogging" - }, - "namespaceSelector": { - "description": "namespaceSelector is used to filter the set of namespaces serviced by the ingress controller. This is useful for implementing shards.\n\nIf unset, the default is no filtering.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" - }, - "nodePlacement": { - "description": "nodePlacement enables explicit control over the scheduling of the ingress controller.\n\nIf unset, defaults are used. See NodePlacement for more details.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodePlacement" + "default": "" }, - "replicas": { - "description": "replicas is the desired number of ingress controller replicas. If unset, the default depends on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses status.\n\nThe value of replicas is set based on the value of a chosen field in the Infrastructure CR. If defaultPlacement is set to ControlPlane, the chosen field will be controlPlaneTopology. If it is set to Workers the chosen field will be infrastructureTopology. Replicas will then be set to 1 or 2 based whether the chosen field's value is SingleReplica or HighlyAvailable, respectively.\n\nThese defaults are subject to change.", - "type": "integer", - "format": "int32" + "corsAllowedOrigins": { + "description": "CORSAllowedOrigins", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "routeAdmission": { - "description": "routeAdmission defines a policy for handling new route claims (for example, to allow or deny claims across namespaces).\n\nIf empty, defaults will be applied. See specific routeAdmission fields for details about their defaults.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.RouteAdmissionPolicy" + "dnsConfig": { + "description": "DNSConfig, if present start the DNS server in this process", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.DNSConfig" }, - "routeSelector": { - "description": "routeSelector is used to filter the set of Routes serviced by the ingress controller. This is useful for implementing shards.\n\nIf unset, the default is no filtering.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + "etcdClientInfo": { + "description": "etcdClientInfo contains information about how to connect to etcd", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.EtcdConnectionInfo" }, - "tlsSecurityProfile": { - "description": "tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers.\n\nIf unset, the default is based on the apiservers.config.openshift.io/cluster resource.\n\nNote that when using the Old, Intermediate, and Modern profile types, the effective profile configuration is subject to change between releases. For example, given a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress controller, resulting in a rollout.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.TLSSecurityProfile" + "etcdConfig": { + "description": "EtcdConfig, if present start etcd in this process", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.EtcdConfig" }, - "tuningOptions": { - "description": "tuningOptions defines parameters for adjusting the performance of ingress controller pods. All fields are optional and will use their respective defaults if not set. See specific tuningOptions fields for more details.\n\nSetting fields within tuningOptions is generally not recommended. The default values are suitable for most configurations.", + "etcdStorageConfig": { + "description": "etcdStorageConfig contains information about how API resources are stored in Etcd. These values are only relevant when etcd is the backing store for the cluster.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerTuningOptions" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.EtcdStorageConfig" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides allows specifying unsupported configuration options. Its use is unsupported.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - } - } - }, - "com.github.openshift.api.operator.v1.IngressControllerStatus": { - "description": "IngressControllerStatus defines the observed status of the IngressController.", - "type": "object", - "properties": { - "availableReplicas": { - "description": "availableReplicas is number of observed available replicas according to the ingress controller deployment.", - "type": "integer", - "format": "int32", - "default": 0 + "imageConfig": { + "description": "imageConfig holds options that describe how to build image names for system components", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ImageConfig" }, - "conditions": { - "description": "conditions is a list of conditions and their status.\n\nAvailable means the ingress controller deployment is available and servicing route and ingress resources (i.e, .status.availableReplicas equals .spec.replicas)\n\nThere are additional conditions which indicate the status of other ingress controller features and capabilities.\n\n * LoadBalancerManaged\n - True if the following conditions are met:\n * The endpoint publishing strategy requires a service load balancer.\n - False if any of those conditions are unsatisfied.\n\n * LoadBalancerReady\n - True if the following conditions are met:\n * A load balancer is managed.\n * The load balancer is ready.\n - False if any of those conditions are unsatisfied.\n\n * DNSManaged\n - True if the following conditions are met:\n * The endpoint publishing strategy and platform support DNS.\n * The ingress controller domain is set.\n * dns.config.openshift.io/cluster configures DNS zones.\n - False if any of those conditions are unsatisfied.\n\n * DNSReady\n - True if the following conditions are met:\n * DNS is managed.\n * DNS records have been successfully created.\n - False if any of those conditions are unsatisfied.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "imagePolicyConfig": { + "description": "imagePolicyConfig controls limits and behavior for importing images", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ImagePolicyConfig" }, - "domain": { - "description": "domain is the actual domain in use.", - "type": "string", - "default": "" + "jenkinsPipelineConfig": { + "description": "jenkinsPipelineConfig holds information about the default Jenkins template used for JenkinsPipeline build strategy.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.JenkinsPipelineConfig" }, - "endpointPublishingStrategy": { - "description": "endpointPublishingStrategy is the actual strategy in use.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.EndpointPublishingStrategy" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "namespaceSelector": { - "description": "namespaceSelector is the actual namespaceSelector in use.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + "kubeletClientInfo": { + "description": "kubeletClientInfo contains information about how to connect to kubelets", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.KubeletConnectionInfo" }, - "observedGeneration": { - "description": "observedGeneration is the most recent generation observed.", - "type": "integer", - "format": "int64" + "kubernetesMasterConfig": { + "description": "KubernetesMasterConfig, if present start the kubernetes master in this process", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.KubernetesMasterConfig" }, - "routeSelector": { - "description": "routeSelector is the actual routeSelector in use.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + "masterClients": { + "description": "masterClients holds all the client connection information for controllers and other system components", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.MasterClients" }, - "selector": { - "description": "selector is a label selector, in string format, for ingress controller pods corresponding to the IngressController. The number of matching pods should equal the value of availableReplicas.", + "masterPublicURL": { + "description": "masterPublicURL is how clients can access the OpenShift API server", "type": "string", "default": "" }, - "tlsProfile": { - "description": "tlsProfile is the TLS connection configuration that is in effect.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.TLSProfileSpec" - } - } - }, - "com.github.openshift.api.operator.v1.IngressControllerTuningOptions": { - "description": "IngressControllerTuningOptions specifies options for tuning the performance of ingress controller pods", - "type": "object", - "properties": { - "clientFinTimeout": { - "description": "clientFinTimeout defines how long a connection will be held open while waiting for the client response to the server/backend closing the connection.\n\nIf unset, the default timeout is 1s", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" - }, - "clientTimeout": { - "description": "clientTimeout defines how long a connection will be held open while waiting for a client response.\n\nIf unset, the default timeout is 30s", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" - }, - "configurationManagement": { - "description": "configurationManagement specifies how OpenShift router should update the HAProxy configuration. The following values are valid for this field:\n\n* \"ForkAndReload\". * \"Dynamic\".\n\nOmitting this field means that the user has no opinion and the platform may choose a reasonable default. This default is subject to change over time. The current default is \"ForkAndReload\".\n\n\"ForkAndReload\" means that OpenShift router should rewrite the HAProxy configuration file and instruct HAProxy to fork and reload. This is OpenShift router's traditional approach.\n\n\"Dynamic\" means that OpenShift router may use HAProxy's control socket for some configuration updates and fall back to fork and reload for other configuration updates. This is a newer approach, which may be less mature than ForkAndReload. This setting can improve load-balancing fairness and metrics accuracy and reduce CPU and memory usage if HAProxy has frequent configuration updates for route and endpoints updates.\n\nNote: The \"Dynamic\" option is currently experimental and should not be enabled on production clusters.\n\n\nPossible enum values:\n - `\"Dynamic\"`\n - `\"ForkAndReload\"`", - "type": "string", - "enum": [ - "Dynamic", - "ForkAndReload" - ] - }, - "connectTimeout": { - "description": "connectTimeout defines the maximum time to wait for a connection attempt to a server/backend to succeed.\n\nThis field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a reasonable default. This default is subject to change over time. The current default is 5s.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" - }, - "headerBufferBytes": { - "description": "headerBufferBytes describes how much memory should be reserved (in bytes) for IngressController connection sessions. Note that this value must be at least 16384 if HTTP/2 is enabled for the IngressController (https://tools.ietf.org/html/rfc7540). If this field is empty, the IngressController will use a default value of 32768 bytes.\n\nSetting this field is generally not recommended as headerBufferBytes values that are too small may break the IngressController and headerBufferBytes values that are too large could cause the IngressController to use significantly more memory than necessary.", - "type": "integer", - "format": "int32" - }, - "headerBufferMaxRewriteBytes": { - "description": "headerBufferMaxRewriteBytes describes how much memory should be reserved (in bytes) from headerBufferBytes for HTTP header rewriting and appending for IngressController connection sessions. Note that incoming HTTP requests will be limited to (headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning headerBufferBytes must be greater than headerBufferMaxRewriteBytes. If this field is empty, the IngressController will use a default value of 8192 bytes.\n\nSetting this field is generally not recommended as headerBufferMaxRewriteBytes values that are too small may break the IngressController and headerBufferMaxRewriteBytes values that are too large could cause the IngressController to use significantly more memory than necessary.", - "type": "integer", - "format": "int32" - }, - "healthCheckInterval": { - "description": "healthCheckInterval defines how long the router waits between two consecutive health checks on its configured backends. This value is applied globally as a default for all routes, but may be overridden per-route by the route annotation \"router.openshift.io/haproxy.health.check.interval\".\n\nExpects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nSetting this to less than 5s can cause excess traffic due to too frequent TCP health checks and accompanying SYN packet storms. Alternatively, setting this too high can result in increased latency, due to backend servers that are no longer available, but haven't yet been detected as such.\n\nAn empty or zero healthCheckInterval means no opinion and IngressController chooses a default, which is subject to change over time. Currently the default healthCheckInterval value is 5s.\n\nCurrently the minimum allowed value is 1s and the maximum allowed value is 2147483647ms (24.85 days). Both are subject to change over time.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" - }, - "httpKeepAliveTimeout": { - "description": "httpKeepAliveTimeout defines the maximum allowed time to wait for a new HTTP request to appear on a connection from the client to the router.\n\nThis field expects an unsigned duration string of a decimal number, with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5s\" or \"2m45s\". Valid time units are \"ms\", \"s\", \"m\". The allowed range is from 1 millisecond to 15 minutes.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a reasonable default. This default is subject to change over time. The current default is 300s.\n\nLow values (tens of milliseconds or less) can cause clients to close and reopen connections for each request, leading to reduced connection sharing. For HTTP/2, special care should be taken with low values. A few seconds is a reasonable starting point to avoid holding idle connections open while still allowing subsequent requests to reuse the connection.\n\nHigh values (minutes or more) favor connection reuse but may cause idle connections to linger longer.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" - }, - "maxConnections": { - "description": "maxConnections defines the maximum number of simultaneous connections that can be established per HAProxy process. Increasing this value allows each ingress controller pod to handle more connections but at the cost of additional system resources being consumed.\n\nPermitted values are: empty, 0, -1, and the range 2000-2000000.\n\nIf this field is empty or 0, the IngressController will use the default value of 50000, but the default is subject to change in future releases.\n\nIf the value is -1 then HAProxy will dynamically compute a maximum value based on the available ulimits in the running container. Selecting -1 (i.e., auto) will result in a large value being computed (~520000 on OpenShift >=4.10 clusters) and therefore each HAProxy process will incur significant memory usage compared to the current default of 50000.\n\nSetting a value that is greater than the current operating system limit will prevent the HAProxy process from starting.\n\nIf you choose a discrete value (e.g., 750000) and the router pod is migrated to a new node, there's no guarantee that that new node has identical ulimits configured. In such a scenario the pod would fail to start. If you have nodes with different ulimits configured (e.g., different tuned profiles) and you choose a discrete value then the guidance is to use -1 and let the value be computed dynamically at runtime.\n\nYou can monitor memory usage for router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}'.\n\nYou can monitor memory usage of individual HAProxy processes in router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}/container_processes{container=\"router\",namespace=\"openshift-ingress\"}'.", - "type": "integer", - "format": "int32" - }, - "reloadInterval": { - "description": "reloadInterval defines the minimum interval at which the router is allowed to reload to accept new changes. Increasing this value can prevent the accumulation of HAProxy processes, depending on the scenario. Increasing this interval can also lessen load imbalance on a backend's servers when using the roundrobin balancing algorithm. Alternatively, decreasing this value may decrease latency since updates to HAProxy's configuration can take effect more quickly.\n\nThe value must be a time duration value; see . Currently, the minimum value allowed is 1s, and the maximum allowed value is 120s. Minimum and maximum allowed values may change in future versions of OpenShift. Note that if a duration outside of these bounds is provided, the value of reloadInterval will be capped/floored and not rejected (e.g. a duration of over 120s will be capped to 120s; the IngressController will not reject and replace this disallowed value with the default).\n\nA zero value for reloadInterval tells the IngressController to choose the default, which is currently 5s and subject to change without notice.\n\nThis field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nNote: Setting a value significantly larger than the default of 5s can cause latency in observing updates to routes and their endpoints. HAProxy's configuration will be reloaded less frequently, and newly created routes will not be served until the subsequent reload.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" - }, - "serverFinTimeout": { - "description": "serverFinTimeout defines how long a connection will be held open while waiting for the server/backend response to the client closing the connection.\n\nIf unset, the default timeout is 1s", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" - }, - "serverTimeout": { - "description": "serverTimeout defines how long a connection will be held open while waiting for a server/backend response.\n\nIf unset, the default timeout is 30s", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + "networkConfig": { + "description": "networkConfig to be passed to the compiled in network plugin", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.MasterNetworkConfig" }, - "threadCount": { - "description": "threadCount defines the number of threads created per HAProxy process. Creating more threads allows each ingress controller pod to handle more connections, at the cost of more system resources being used. HAProxy currently supports up to 64 threads. If this field is empty, the IngressController will use the default value. The current default is 4 threads, but this may change in future releases.\n\nSetting this field is generally not recommended. Increasing the number of HAProxy threads allows ingress controller pods to utilize more CPU time under load, potentially starving other pods if set too high. Reducing the number of threads may cause the ingress controller to perform poorly.", - "type": "integer", - "format": "int32" + "oauthConfig": { + "description": "OAuthConfig, if present start the /oauth endpoint in this process", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.OAuthConfig" }, - "tlsInspectDelay": { - "description": "tlsInspectDelay defines how long the router can hold data to find a matching route.\n\nSetting this too short can cause the router to fall back to the default certificate for edge-terminated or reencrypt routes even when a better matching certificate could be used.\n\nIf unset, the default inspect delay is 5s", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + "policyConfig": { + "description": "policyConfig holds information about where to locate critical pieces of bootstrapping policy", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.PolicyConfig" }, - "tunnelTimeout": { - "description": "tunnelTimeout defines how long a tunnel connection (including websockets) will be held open while the tunnel is idle.\n\nIf unset, the default timeout is 1h", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" - } - } - }, - "com.github.openshift.api.operator.v1.InsightsOperator": { - "description": "InsightsOperator holds cluster-wide information about the Insights Operator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "metadata", - "spec" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "projectConfig": { + "description": "projectConfig holds information about project creation and defaults", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ProjectConfig" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "routingConfig": { + "description": "routingConfig holds information about routing and route generation", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.RoutingConfig" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "serviceAccountConfig": { + "description": "serviceAccountConfig holds options related to service accounts", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ServiceAccountConfig" }, - "spec": { - "description": "spec is the specification of the desired behavior of the Insights.", + "servingInfo": { + "description": "servingInfo describes how to start serving", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.InsightsOperatorSpec" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.HTTPServingInfo" }, - "status": { - "description": "status is the most recently observed status of the Insights operator.", + "volumeConfig": { + "description": "MasterVolumeConfig contains options for configuring volume plugins in the master node.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.InsightsOperatorStatus" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.MasterVolumeConfig" } } }, - "com.github.openshift.api.operator.v1.InsightsOperatorList": { - "description": "InsightsOperatorList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.MasterNetworkConfig": { + "description": "MasterNetworkConfig to be passed to the compiled in network plugin", "type": "object", "required": [ - "metadata", - "items" + "networkPluginName", + "clusterNetworks", + "serviceNetworkCIDR", + "externalIPNetworkCIDRs", + "ingressIPNetworkCIDR" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "clusterNetworkCIDR": { + "description": "clusterNetworkCIDR is the CIDR string to specify the global overlay network's L3 space. Deprecated, but maintained for backwards compatibility, use ClusterNetworks instead.", "type": "string" }, - "items": { + "clusterNetworks": { + "description": "clusterNetworks is a list of ClusterNetwork objects that defines the global overlay network's L3 space by specifying a set of CIDR and netmasks that the SDN can allocate addressed from. If this is specified, then ClusterNetworkCIDR and HostSubnetLength may not be set.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.InsightsOperator" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ClusterNetworkEntry" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.operator.v1.InsightsOperatorSpec": { - "type": "object", - "required": [ - "managementState" - ], - "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "type": "string", - "default": "" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - } - } - }, - "com.github.openshift.api.operator.v1.InsightsOperatorStatus": { - "type": "object", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", + "externalIPNetworkCIDRs": { + "description": "externalIPNetworkCIDRs controls what values are acceptable for the service external IP field. If empty, no externalIP may be set. It may contain a list of CIDRs which are checked for access. If a CIDR is prefixed with !, IPs in that CIDR will be rejected. Rejections will be applied first, then the IP checked against one of the allowed CIDRs. You should ensure this range does not overlap with your nodes, pods, or service CIDRs for security reasons.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "type": "string", + "default": "" + } }, - "gatherStatus": { - "description": "gatherStatus provides basic information about the last Insights data gathering. When omitted, this means no data gathering has taken place yet.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GatherStatus" + "hostSubnetLength": { + "description": "hostSubnetLength is the number of bits to allocate to each host's subnet e.g. 8 would mean a /24 network on the host. Deprecated, but maintained for backwards compatibility, use ClusterNetworks instead.", + "type": "integer", + "format": "int64" }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" + "ingressIPNetworkCIDR": { + "description": "ingressIPNetworkCIDR controls the range to assign ingress ips from for services of type LoadBalancer on bare metal. If empty, ingress ips will not be assigned. It may contain a single CIDR that will be allocated from. For security reasons, you should ensure that this range does not overlap with the CIDRs reserved for external ips, nodes, pods, or services.", + "type": "string", + "default": "" }, - "insightsReport": { - "description": "insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.InsightsReport" + "networkPluginName": { + "description": "networkPluginName is the name of the network plugin to use", + "type": "string", + "default": "" }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" + "serviceNetworkCIDR": { + "description": "ServiceNetwork is the CIDR string to specify the service networks", + "type": "string", + "default": "" }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", + "vxlanPort": { + "description": "vxlanPort is the VXLAN port used by the cluster defaults. If it is not set, 4789 is the default value", "type": "integer", "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" } } }, - "com.github.openshift.api.operator.v1.InsightsReport": { - "description": "insightsReport provides Insights health check report based on the most recently sent Insights data.", + "com.github.openshift.api.legacyconfig.v1.MasterVolumeConfig": { + "description": "MasterVolumeConfig contains options for configuring volume plugins in the master node.", "type": "object", + "required": [ + "dynamicProvisioningEnabled" + ], "properties": { - "downloadedAt": { - "description": "downloadedAt is the time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled).", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "healthChecks": { - "description": "healthChecks provides basic information about active Insights health checks in a cluster.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.HealthCheck" - }, - "x-kubernetes-list-type": "atomic" + "dynamicProvisioningEnabled": { + "description": "dynamicProvisioningEnabled is a boolean that toggles dynamic provisioning off when false, defaults to true", + "type": "boolean" } } }, - "com.github.openshift.api.operator.v1.IrreconcilableValidationOverrides": { - "description": "IrreconcilableValidationOverrides holds the irreconcilable validations overrides to be applied on each rendered MachineConfig generation.", + "com.github.openshift.api.legacyconfig.v1.NamedCertificate": { + "description": "NamedCertificate specifies a certificate/key, and the names it should be served for", "type": "object", + "required": [ + "names", + "certFile", + "keyFile" + ], "properties": { - "storage": { - "description": "storage can be used to allow making irreconcilable changes to the selected sections under the `spec.config.storage` field of MachineConfig CRs It must have at least one item, may not exceed 3 items and must not contain duplicates. Allowed element values are \"Disks\", \"FileSystems\", \"Raid\" and omitted. When contains \"Disks\" changes to the `spec.config.storage.disks` section of MachineConfig CRs are allowed. When contains \"FileSystems\" changes to the `spec.config.storage.filesystems` section of MachineConfig CRs are allowed. When contains \"Raid\" changes to the `spec.config.storage.raid` section of MachineConfig CRs are allowed. When omitted changes to the `spec.config.storage` section are forbidden.", + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", + "type": "string", + "default": "" + }, + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" + }, + "names": { + "description": "names is a list of DNS names this certificate should be used to secure A name can be a normal DNS name, or can contain leading wildcard segments.", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "set" + } } } }, - "com.github.openshift.api.operator.v1.KubeAPIServer": { - "description": "KubeAPIServer provides information to configure an operator to manage kube-apiserver.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.NodeAuthConfig": { + "description": "NodeAuthConfig holds authn/authz configuration options", "type": "object", "required": [ - "metadata", - "spec" + "authenticationCacheTTL", + "authenticationCacheSize", + "authorizationCacheTTL", + "authorizationCacheSize" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "authenticationCacheSize": { + "description": "authenticationCacheSize indicates how many authentication results should be cached. If 0, the default cache size is used.", + "type": "integer", + "format": "int32", + "default": 0 }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "authenticationCacheTTL": { + "description": "authenticationCacheTTL indicates how long an authentication result should be cached. It takes a valid time duration string (e.g. \"5m\"). If empty, you get the default timeout. If zero (e.g. \"0m\"), caching is disabled", + "type": "string", + "default": "" }, - "spec": { - "description": "spec is the specification of the desired behavior of the Kubernetes API Server", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeAPIServerSpec" + "authorizationCacheSize": { + "description": "authorizationCacheSize indicates how many authorization results should be cached. If 0, the default cache size is used.", + "type": "integer", + "format": "int32", + "default": 0 }, - "status": { - "description": "status is the most recently observed status of the Kubernetes API Server", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeAPIServerStatus" + "authorizationCacheTTL": { + "description": "authorizationCacheTTL indicates how long an authorization result should be cached. It takes a valid time duration string (e.g. \"5m\"). If empty, you get the default timeout. If zero (e.g. \"0m\"), caching is disabled", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.KubeAPIServerList": { - "description": "KubeAPIServerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.NodeConfig": { + "description": "NodeConfig is the fully specified config starting an OpenShift node\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "metadata", - "items" + "nodeName", + "nodeIP", + "servingInfo", + "masterKubeConfig", + "masterClientConnectionOverrides", + "dnsDomain", + "dnsIP", + "dnsBindAddress", + "dnsNameservers", + "dnsRecursiveResolvConf", + "networkConfig", + "volumeDirectory", + "imageConfig", + "allowDisabledDocker", + "podManifestConfig", + "authConfig", + "dockerConfig", + "iptablesSyncPeriod", + "enableUnidling", + "volumeConfig" ], "properties": { + "allowDisabledDocker": { + "description": "allowDisabledDocker if true, the Kubelet will ignore errors from Docker. This means that a node can start on a machine that doesn't have docker started.", + "type": "boolean", + "default": false + }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "items contains the items", + "authConfig": { + "description": "authConfig holds authn/authz configuration options", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.NodeAuthConfig" + }, + "dnsBindAddress": { + "description": "dnsBindAddress is the ip:port to serve DNS on. If this is not set, the DNS server will not be started. Because most DNS resolvers will only listen on port 53, if you select an alternative port you will need a DNS proxy like dnsmasq to answer queries for containers. A common configuration is dnsmasq configured on a node IP listening on 53 and delegating queries for dnsDomain to this process, while sending other queries to the host environments nameservers.", + "type": "string", + "default": "" + }, + "dnsDomain": { + "description": "dnsDomain holds the domain suffix that will be used for the DNS search path inside each container. Defaults to 'cluster.local'.", + "type": "string", + "default": "" + }, + "dnsIP": { + "description": "dnsIP is the IP address that pods will use to access cluster DNS. Defaults to the service IP of the Kubernetes master. This IP must be listening on port 53 for compatibility with libc resolvers (which cannot be configured to resolve names from any other port). When running more complex local DNS configurations, this is often set to the local address of a DNS proxy like dnsmasq, which then will consult either the local DNS (see dnsBindAddress) or the master DNS.", + "type": "string", + "default": "" + }, + "dnsNameservers": { + "description": "dnsNameservers is a list of ip:port values of recursive nameservers to forward queries to when running a local DNS server if dnsBindAddress is set. If this value is empty, the DNS server will default to the nameservers listed in /etc/resolv.conf. If you have configured dnsmasq or another DNS proxy on the system, this value should be set to the upstream nameservers dnsmasq resolves with.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeAPIServer" + "type": "string", + "default": "" } }, + "dnsRecursiveResolvConf": { + "description": "dnsRecursiveResolvConf is a path to a resolv.conf file that contains settings for an upstream server. Only the nameservers and port fields are used. The file must exist and parse correctly. It adds extra nameservers to DNSNameservers if set.", + "type": "string", + "default": "" + }, + "dockerConfig": { + "description": "dockerConfig holds Docker related configuration options.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.DockerConfig" + }, + "enableUnidling": { + "description": "enableUnidling controls whether or not the hybrid unidling proxy will be set up", + "type": "boolean" + }, + "imageConfig": { + "description": "imageConfig holds options that describe how to build image names for system components", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ImageConfig" + }, + "iptablesSyncPeriod": { + "description": "iptablesSyncPeriod is how often iptable rules are refreshed", + "type": "string", + "default": "" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.operator.v1.KubeAPIServerSpec": { - "type": "object", - "required": [ - "managementState", - "forceRedeploymentReason" - ], - "properties": { - "eventTTLMinutes": { - "description": "eventTTLMinutes specifies the amount of time that the events are stored before being deleted. The TTL is allowed between 5 minutes minimum up to a maximum of 180 minutes (3 hours).\n\nLowering this value will reduce the storage required in etcd. Note that this setting will only apply to new events being created and will not update existing events.\n\nWhen omitted this means no opinion, and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is 3h (180 minutes).", - "type": "integer", - "format": "int32" + "kubeletArguments": { + "description": "kubeletArguments are key value pairs that will be passed directly to the Kubelet that match the Kubelet's command line arguments. These are not migrated or validated, so if you use them they may become invalid. These values override other settings in NodeConfig which may cause invalid configurations.", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string", + "default": "" + } + } }, - "failedRevisionLimit": { - "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", - "type": "integer", - "format": "int32" + "masterClientConnectionOverrides": { + "description": "masterClientConnectionOverrides provides overrides to the client connection used to connect to the master.", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ClientConnectionOverrides" }, - "forceRedeploymentReason": { - "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.", + "masterKubeConfig": { + "description": "masterKubeConfig is a filename for the .kubeconfig file that describes how to connect this node to the master", "type": "string", "default": "" }, - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "networkConfig": { + "description": "networkConfig provides network options for the node", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.NodeNetworkConfig" + }, + "networkPluginName": { + "description": "Deprecated and maintained for backward compatibility, use NetworkConfig.NetworkPluginName instead", "type": "string" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "nodeIP": { + "description": "Node may have multiple IPs, specify the IP to use for pod traffic routing If not specified, network parse/lookup on the nodeName is performed and the first non-loopback address is used", "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "nodeName": { + "description": "nodeName is the value used to identify this particular node in the cluster. If possible, this should be your fully qualified hostname. If you're describing a set of static nodes to the master, this value must match one of the values in the list", + "type": "string", + "default": "" }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "podManifestConfig": { + "description": "podManifestConfig holds the configuration for enabling the Kubelet to create pods based from a manifest file(s) placed locally on the node", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.PodManifestConfig" }, - "succeededRevisionLimit": { - "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", - "type": "integer", - "format": "int32" + "proxyArguments": { + "description": "proxyArguments are key value pairs that will be passed directly to the Proxy that match the Proxy's command line arguments. These are not migrated or validated, so if you use them they may become invalid. These values override other settings in NodeConfig which may cause invalid configurations.", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string", + "default": "" + } + } }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "servingInfo": { + "description": "servingInfo describes how to start serving", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.ServingInfo" + }, + "volumeConfig": { + "description": "volumeConfig contains options for configuring volumes on the node.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.NodeVolumeConfig" + }, + "volumeDirectory": { + "description": "volumeDirectory is the directory that volumes will be stored under", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.KubeAPIServerStatus": { + "com.github.openshift.api.legacyconfig.v1.NodeNetworkConfig": { + "description": "NodeNetworkConfig provides network options for the node", "type": "object", + "required": [ + "networkPluginName", + "mtu" + ], "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "latestAvailableRevisionReason": { - "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", - "type": "string" - }, - "nodeStatuses": { - "description": "nodeStatuses track the deployment values and errors across individual nodes", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeStatus" - }, - "x-kubernetes-list-map-keys": [ - "nodeName" - ], - "x-kubernetes-list-type": "map" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "mtu": { + "description": "Maximum transmission unit for the network packets", "type": "integer", - "format": "int32", + "format": "int64", "default": 0 }, - "serviceAccountIssuers": { - "description": "serviceAccountIssuers tracks history of used service account issuers. The item without expiration time represents the currently used service account issuer. The other items represents service account issuers that were used previously and are still being trusted. The default expiration for the items is set by the platform and it defaults to 24h. see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceAccountIssuerStatus" - }, - "x-kubernetes-list-type": "atomic" - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + "networkPluginName": { + "description": "networkPluginName is a string specifying the networking plugin", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.KubeControllerManager": { - "description": "KubeControllerManager provides information to configure an operator to manage kube-controller-manager.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.NodeVolumeConfig": { + "description": "NodeVolumeConfig contains options for configuring volumes on the node.", "type": "object", "required": [ - "metadata", - "spec" + "localQuota" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec is the specification of the desired behavior of the Kubernetes Controller Manager", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeControllerManagerSpec" - }, - "status": { - "description": "status is the most recently observed status of the Kubernetes Controller Manager", + "localQuota": { + "description": "localQuota contains options for controlling local volume quota on the node.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeControllerManagerStatus" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LocalQuota" } } }, - "com.github.openshift.api.operator.v1.KubeControllerManagerList": { - "description": "KubeControllerManagerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.OAuthConfig": { + "description": "OAuthConfig holds the necessary configuration options for OAuth authentication", "type": "object", "required": [ - "metadata", - "items" + "masterCA", + "masterURL", + "masterPublicURL", + "assetPublicURL", + "alwaysShowProviderSelection", + "identityProviders", + "grantConfig", + "sessionConfig", + "tokenConfig", + "templates" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "alwaysShowProviderSelection": { + "description": "alwaysShowProviderSelection will force the provider selection page to render even when there is only a single provider.", + "type": "boolean", + "default": false }, - "items": { - "description": "items contains the items", + "assetPublicURL": { + "description": "assetPublicURL is used for building valid client redirect URLs for external access", + "type": "string", + "default": "" + }, + "grantConfig": { + "description": "grantConfig describes how to handle grants", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.GrantConfig" + }, + "identityProviders": { + "description": "identityProviders is an ordered list of ways for a user to identify themselves", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeControllerManager" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.IdentityProvider" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "masterCA": { + "description": "masterCA is the CA for verifying the TLS connection back to the MasterURL.", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "masterPublicURL": { + "description": "masterPublicURL is used for building valid client redirect URLs for internal and external access", + "type": "string", + "default": "" + }, + "masterURL": { + "description": "masterURL is used for making server-to-server calls to exchange authorization codes for access tokens", + "type": "string", + "default": "" + }, + "sessionConfig": { + "description": "sessionConfig hold information about configuring sessions.", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.SessionConfig" + }, + "templates": { + "description": "templates allow you to customize pages like the login page.", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.OAuthTemplates" + }, + "tokenConfig": { + "description": "tokenConfig contains options for authorization and access tokens", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.TokenConfig" } } }, - "com.github.openshift.api.operator.v1.KubeControllerManagerSpec": { + "com.github.openshift.api.legacyconfig.v1.OAuthTemplates": { + "description": "OAuthTemplates allow for customization of pages like the login page", "type": "object", "required": [ - "managementState", - "forceRedeploymentReason", - "useMoreSecureServiceCA" + "login", + "providerSelection", + "error" ], "properties": { - "failedRevisionLimit": { - "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", - "type": "integer", - "format": "int32" - }, - "forceRedeploymentReason": { - "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.", + "error": { + "description": "error is a path to a file containing a go template used to render error pages during the authentication or grant flow If unspecified, the default error page is used.", "type": "string", "default": "" }, - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "login": { + "description": "login is a path to a file containing a go template used to render the login page. If unspecified, the default login page is used.", "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "succeededRevisionLimit": { - "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", - "type": "integer", - "format": "int32" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - }, - "useMoreSecureServiceCA": { - "description": "useMoreSecureServiceCA indicates that the service-ca.crt provided in SA token volumes should include only enough certificates to validate service serving certificates. Once set to true, it cannot be set to false. Even if someone finds a way to set it back to false, the service-ca.crt files that previously existed will only have the more secure content.", - "type": "boolean", - "default": false + "providerSelection": { + "description": "providerSelection is a path to a file containing a go template used to render the provider selection page. If unspecified, the default provider selection page is used.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.KubeControllerManagerStatus": { + "com.github.openshift.api.legacyconfig.v1.OpenIDClaims": { + "description": "OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider", "type": "object", + "required": [ + "id", + "preferredUsername", + "name", + "email" + ], "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", + "email": { + "description": "email is the list of claims whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "type": "string", + "default": "" + } }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "id": { + "description": "id is the list of claims whose values should be used as the user ID. Required. OpenID standard identity claim is \"sub\"", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "latestAvailableRevisionReason": { - "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", - "type": "string" + "type": "string", + "default": "" + } }, - "nodeStatuses": { - "description": "nodeStatuses track the deployment values and errors across individual nodes", + "name": { + "description": "name is the list of claims whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeStatus" - }, - "x-kubernetes-list-map-keys": [ - "nodeName" - ], - "x-kubernetes-list-type": "map" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "type": "string", + "default": "" + } }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + "preferredUsername": { + "description": "preferredUsername is the list of claims whose values should be used as the preferred username. If unspecified, the preferred username is determined from the value of the id claim", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.operator.v1.KubeScheduler": { - "description": "KubeScheduler provides information to configure an operator to manage scheduler.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.OpenIDIdentityProvider": { + "description": "OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "metadata", - "spec" + "ca", + "clientID", + "clientSecret", + "extraScopes", + "extraAuthorizeParameters", + "urls", + "claims" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "ca": { + "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", + "type": "string", + "default": "" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "claims": { + "description": "claims mappings", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.OpenIDClaims" }, - "spec": { - "description": "spec is the specification of the desired behavior of the Kubernetes Scheduler", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeSchedulerSpec" + "clientID": { + "description": "clientID is the oauth client ID", + "type": "string", + "default": "" }, - "status": { - "description": "status is the most recently observed status of the Kubernetes Scheduler", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeSchedulerStatus" - } - } - }, - "com.github.openshift.api.operator.v1.KubeSchedulerList": { - "description": "KubeSchedulerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "metadata", - "items" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "clientSecret": { + "description": "clientSecret is the oauth client secret", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.StringSource" }, - "items": { - "description": "items contains the items", + "extraAuthorizeParameters": { + "description": "extraAuthorizeParameters are any custom parameters to add to the authorize request.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "extraScopes": { + "description": "extraScopes are any scopes to request in addition to the standard \"openid\" scope.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeScheduler" + "type": "string", + "default": "" } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "urls": { + "description": "urls to use to authenticate", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.OpenIDURLs" } } }, - "com.github.openshift.api.operator.v1.KubeSchedulerSpec": { + "com.github.openshift.api.legacyconfig.v1.OpenIDURLs": { + "description": "OpenIDURLs are URLs to use when authenticating with an OpenID identity provider", "type": "object", "required": [ - "managementState", - "forceRedeploymentReason" + "authorize", + "token", + "userInfo" ], "properties": { - "failedRevisionLimit": { - "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", - "type": "integer", - "format": "int32" - }, - "forceRedeploymentReason": { - "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.", + "authorize": { + "description": "authorize is the oauth authorization URL", "type": "string", "default": "" }, - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "token": { + "description": "token is the oauth token granting URL", "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "succeededRevisionLimit": { - "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", - "type": "integer", - "format": "int32" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "userInfo": { + "description": "userInfo is the optional userinfo URL. If present, a granted access_token is used to request claims If empty, a granted id_token is parsed for claims", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.KubeSchedulerStatus": { + "com.github.openshift.api.legacyconfig.v1.PodManifestConfig": { + "description": "PodManifestConfig holds the necessary configuration options for using pod manifests", "type": "object", + "required": [ + "path", + "fileCheckIntervalSeconds" + ], "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "latestAvailableRevisionReason": { - "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", - "type": "string" - }, - "nodeStatuses": { - "description": "nodeStatuses track the deployment values and errors across individual nodes", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeStatus" - }, - "x-kubernetes-list-map-keys": [ - "nodeName" - ], - "x-kubernetes-list-type": "map" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "fileCheckIntervalSeconds": { + "description": "fileCheckIntervalSeconds is the interval in seconds for checking the manifest file(s) for new data The interval needs to be a positive value", "type": "integer", - "format": "int32", + "format": "int64", "default": 0 }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + "path": { + "description": "path specifies the path for the pod manifest file or directory If its a directory, its expected to contain on or more manifest files This is used by the Kubelet to create pods on the node", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.KubeStorageVersionMigrator": { - "description": "KubeStorageVersionMigrator provides information to configure an operator to manage kube-storage-version-migrator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.PolicyConfig": { + "description": "holds the necessary configuration options for", "type": "object", "required": [ - "metadata", - "spec" + "userAgentMatchingConfig" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "userAgentMatchingConfig": { + "description": "userAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.UserAgentMatchingConfig" + } + } + }, + "com.github.openshift.api.legacyconfig.v1.ProjectConfig": { + "description": "holds the necessary configuration options for", + "type": "object", + "required": [ + "defaultNodeSelector", + "projectRequestMessage", + "projectRequestTemplate", + "securityAllocator" + ], + "properties": { + "defaultNodeSelector": { + "description": "defaultNodeSelector holds default project node label selector", + "type": "string", + "default": "" }, - "spec": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeStorageVersionMigratorSpec" + "projectRequestMessage": { + "description": "projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint", + "type": "string", + "default": "" }, - "status": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeStorageVersionMigratorStatus" + "projectRequestTemplate": { + "description": "projectRequestTemplate is the template to use for creating projects in response to projectrequest. It is in the format namespace/template and it is optional. If it is not specified, a default template is used.", + "type": "string", + "default": "" + }, + "securityAllocator": { + "description": "securityAllocator controls the automatic allocation of UIDs and MCS labels to a project. If nil, allocation is disabled.", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.SecurityAllocator" } } }, - "com.github.openshift.api.operator.v1.KubeStorageVersionMigratorList": { - "description": "KubeStorageVersionMigratorList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.RFC2307Config": { + "description": "RFC2307Config holds the necessary configuration options to define how an LDAP group sync interacts with an LDAP server using the RFC2307 schema", "type": "object", "required": [ - "metadata", - "items" + "groupsQuery", + "groupUIDAttribute", + "groupNameAttributes", + "groupMembershipAttributes", + "usersQuery", + "userUIDAttribute", + "userNameAttributes", + "tolerateMemberNotFoundErrors", + "tolerateMemberOutOfScopeErrors" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "groupMembershipAttributes": { + "description": "groupMembershipAttributes defines which attributes on an LDAP group entry will be interpreted as its members. The values contained in those attributes must be queryable by your UserUIDAttribute", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "items": { - "description": "items contains the items", + "groupNameAttributes": { + "description": "groupNameAttributes defines which attributes on an LDAP group entry will be interpreted as its name to use for an OpenShift group", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeStorageVersionMigrator" + "type": "string", + "default": "" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "groupUIDAttribute": { + "description": "GroupUIDAttributes defines which attribute on an LDAP group entry will be interpreted as its unique identifier. (ldapGroupUID)", + "type": "string", + "default": "" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "groupsQuery": { + "description": "AllGroupsQuery holds the template for an LDAP query that returns group entries.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LDAPQuery" + }, + "tolerateMemberNotFoundErrors": { + "description": "tolerateMemberNotFoundErrors determines the behavior of the LDAP sync job when missing user entries are encountered. If 'true', an LDAP query for users that doesn't find any will be tolerated and an only and error will be logged. If 'false', the LDAP sync job will fail if a query for users doesn't find any. The default value is 'false'. Misconfigured LDAP sync jobs with this flag set to 'true' can cause group membership to be removed, so it is recommended to use this flag with caution.", + "type": "boolean", + "default": false + }, + "tolerateMemberOutOfScopeErrors": { + "description": "tolerateMemberOutOfScopeErrors determines the behavior of the LDAP sync job when out-of-scope user entries are encountered. If 'true', an LDAP query for a user that falls outside of the base DN given for the all user query will be tolerated and only an error will be logged. If 'false', the LDAP sync job will fail if a user query would search outside of the base DN specified by the all user query. Misconfigured LDAP sync jobs with this flag set to 'true' can result in groups missing users, so it is recommended to use this flag with caution.", + "type": "boolean", + "default": false + }, + "userNameAttributes": { + "description": "userNameAttributes defines which attributes on an LDAP user entry will be used, in order, as its OpenShift user name. The first attribute with a non-empty value is used. This should match your PreferredUsername setting for your LDAPPasswordIdentityProvider", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "userUIDAttribute": { + "description": "userUIDAttribute defines which attribute on an LDAP user entry will be interpreted as its unique identifier. It must correspond to values that will be found from the GroupMembershipAttributes", + "type": "string", + "default": "" + }, + "usersQuery": { + "description": "AllUsersQuery holds the template for an LDAP query that returns user entries.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.LDAPQuery" } } }, - "com.github.openshift.api.operator.v1.KubeStorageVersionMigratorSpec": { + "com.github.openshift.api.legacyconfig.v1.RegistryLocation": { + "description": "RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'.", "type": "object", "required": [ - "managementState" + "domainName" ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "domainName": { + "description": "domainName specifies a domain name for the registry In case the registry use non-standard (80 or 443) port, the port should be included in the domain name as well.", + "type": "string", + "default": "" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "insecure": { + "description": "insecure indicates whether the registry is secure (https) or insecure (http) By default (if not specified) the registry is assumed as secure.", + "type": "boolean" + } + } + }, + "com.github.openshift.api.legacyconfig.v1.RemoteConnectionInfo": { + "description": "RemoteConnectionInfo holds information necessary for establishing a remote connection", + "type": "object", + "required": [ + "url", + "ca", + "certFile", + "keyFile" + ], + "properties": { + "ca": { + "description": "ca is the CA for verifying TLS connections", "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", + "type": "string", + "default": "" }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "url": { + "description": "url is the remote URL to connect to", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.KubeStorageVersionMigratorStatus": { + "com.github.openshift.api.legacyconfig.v1.RequestHeaderAuthenticationOptions": { + "description": "RequestHeaderAuthenticationOptions provides options for setting up a front proxy against the entire API instead of against the /oauth endpoint.", "type": "object", + "required": [ + "clientCA", + "clientCommonNames", + "usernameHeaders", + "groupHeaders", + "extraHeaderPrefixes" + ], "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", + "clientCA": { + "description": "clientCA is a file with the trusted signer certs. It is required.", + "type": "string", + "default": "" + }, + "clientCommonNames": { + "description": "clientCommonNames is a required list of common names to require a match from.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "type": "string", + "default": "" + } }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "extraHeaderPrefixes": { + "description": "extraHeaderPrefixes is the set of request header prefixes to inspect for user extra. X-Remote-Extra- is suggested.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" + "type": "string", + "default": "" + } }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "groupHeaders": { + "description": "GroupNameHeader is the set of headers to check for group information. All are unioned.", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + "usernameHeaders": { + "description": "usernameHeaders is the list of headers to check for user information. First hit wins.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.operator.v1.LoadBalancerStrategy": { - "description": "LoadBalancerStrategy holds parameters for a load balancer.", + "com.github.openshift.api.legacyconfig.v1.RequestHeaderIdentityProvider": { + "description": "RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "scope", - "dnsManagementPolicy" + "loginURL", + "challengeURL", + "clientCA", + "clientCommonNames", + "headers", + "preferredUsernameHeaders", + "nameHeaders", + "emailHeaders" ], "properties": { - "allowedSourceRanges": { - "description": "allowedSourceRanges specifies an allowlist of IP address ranges to which access to the load balancer should be restricted. Each range must be specified using CIDR notation (e.g. \"10.0.0.0/8\" or \"fd00::/8\"). If no range is specified, \"0.0.0.0/0\" for IPv4 and \"::/0\" for IPv6 are used by default, which allows all source addresses.\n\nTo facilitate migration from earlier versions of OpenShift that did not have the allowedSourceRanges field, you may set the service.beta.kubernetes.io/load-balancer-source-ranges annotation on the \"router-\" service in the \"openshift-ingress\" namespace, and this annotation will take effect if allowedSourceRanges is empty on OpenShift 4.12.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "challengeURL": { + "description": "challengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}", + "type": "string", + "default": "" + }, + "clientCA": { + "description": "clientCA is a file with the trusted signer certs. If empty, no request verification is done, and any direct request to the OAuth server can impersonate any identity from this provider, merely by setting a request header.", + "type": "string", + "default": "" + }, + "clientCommonNames": { + "description": "clientCommonNames is an optional list of common names to require a match from. If empty, any client certificate validated against the clientCA bundle is considered authoritative.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "emailHeaders": { + "description": "emailHeaders is the set of headers to check for the email address", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } }, - "dnsManagementPolicy": { - "description": "dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record associated with the load balancer service will be managed by the ingress operator. It defaults to Managed. Valid values are: Managed and Unmanaged.", - "type": "string", - "default": "Managed" + "headers": { + "description": "headers is the set of headers to check for identity information", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "providerParameters": { - "description": "providerParameters holds desired load balancer information specific to the underlying infrastructure provider.\n\nIf empty, defaults will be applied. See specific providerParameters fields for details about their defaults.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ProviderLoadBalancerParameters" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "scope": { - "description": "scope indicates the scope at which the load balancer is exposed. Possible values are \"External\" and \"Internal\".", + "loginURL": { + "description": "loginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.operator.v1.LoggingDestination": { - "description": "LoggingDestination describes a destination for log messages.", - "type": "object", - "required": [ - "type" - ], - "properties": { - "container": { - "description": "container holds parameters for the Container logging destination. Present only if type is Container.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ContainerLoggingDestinationParameters" }, - "syslog": { - "description": "syslog holds parameters for a syslog endpoint. Present only if type is Syslog.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.SyslogLoggingDestinationParameters" + "nameHeaders": { + "description": "nameHeaders is the set of headers to check for the display name", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "type": { - "description": "type is the type of destination for logs. It must be one of the following:\n\n* Container\n\nThe ingress operator configures the sidecar container named \"logs\" on the ingress controller pod and configures the ingress controller to write logs to the sidecar. The logs are then available as container logs. The expectation is that the administrator configures a custom logging solution that reads logs from this sidecar. Note that using container logs means that logs may be dropped if the rate of logs exceeds the container runtime's or the custom logging solution's capacity.\n\n* Syslog\n\nLogs are sent to a syslog endpoint. The administrator must specify an endpoint that can receive syslog messages. The expectation is that the administrator has configured a custom syslog instance.", - "type": "string", - "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "container": "Container", - "syslog": "Syslog" + "preferredUsernameHeaders": { + "description": "preferredUsernameHeaders is the set of headers to check for the preferred username", + "type": "array", + "items": { + "type": "string", + "default": "" } } - ] + } }, - "com.github.openshift.api.operator.v1.Logo": { - "description": "Logo defines a configuration based on theme modes for the console UI logo.", + "com.github.openshift.api.legacyconfig.v1.RoutingConfig": { + "description": "RoutingConfig holds the necessary configuration options for routing to subdomains", "type": "object", "required": [ - "type", - "themes" + "subdomain" ], "properties": { - "themes": { - "description": "themes specifies the themes for the console UI logo. themes is a required field that allows a list of themes. Each item in the themes list must have a unique mode and a source field. Each mode determines whether the logo is for the dark or light mode of the console UI. If a theme is not specified, the default OpenShift logo will be displayed for that theme. There must be at least one entry and no more than 2 entries.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Theme" - }, - "x-kubernetes-list-map-keys": [ - "mode" - ], - "x-kubernetes-list-type": "map" - }, - "type": { - "description": "type specifies the type of the logo for the console UI. It determines whether the logo is for the masthead or favicon. type is a required field that allows values of Masthead and Favicon. When set to \"Masthead\", the logo will be used in the masthead and about modal of the console UI. When set to \"Favicon\", the logo will be used as the favicon of the console UI.\n\nPossible enum values:\n - `\"Favicon\"` Favicon represents the favicon logo.\n - `\"Masthead\"` Masthead represents the logo in the masthead.", + "subdomain": { + "description": "subdomain is the suffix appended to $service.$namespace. to form the default route hostname DEPRECATED: This field is being replaced by routers setting their own defaults. This is the \"default\" route.", "type": "string", - "default": "", - "enum": [ - "Favicon", - "Masthead" - ] - } - } - }, - "com.github.openshift.api.operator.v1.MTUMigration": { - "description": "MTUMigration contains infomation about MTU migration.", - "type": "object", - "properties": { - "machine": { - "description": "machine contains MTU migration configuration for the machine's uplink. Needs to be migrated along with the default network MTU unless the current uplink MTU already accommodates the default network MTU.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.MTUMigrationValues" - }, - "network": { - "description": "network contains information about MTU migration for the default network. Migrations are only allowed to MTU values lower than the machine's uplink MTU by the minimum appropriate offset.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.MTUMigrationValues" + "default": "" } } }, - "com.github.openshift.api.operator.v1.MTUMigrationValues": { - "description": "MTUMigrationValues contains the values for a MTU migration.", + "com.github.openshift.api.legacyconfig.v1.SecurityAllocator": { + "description": "SecurityAllocator controls the automatic allocation of UIDs and MCS labels to a project. If nil, allocation is disabled.", "type": "object", "required": [ - "to" + "uidAllocatorRange", + "mcsAllocatorRange", + "mcsLabelsPerProject" ], "properties": { - "from": { - "description": "from is the MTU to migrate from.", - "type": "integer", - "format": "int64" + "mcsAllocatorRange": { + "description": "mcsAllocatorRange defines the range of MCS categories that will be assigned to namespaces. The format is \"/[,]\". The default is \"s0/2\" and will allocate from c0 -> c1023, which means a total of 535k labels are available (1024 choose 2 ~ 535k). If this value is changed after startup, new projects may receive labels that are already allocated to other projects. Prefix may be any valid SELinux set of terms (including user, role, and type), although leaving them as the default will allow the server to set them automatically.\n\nExamples: * s0:/2 - Allocate labels from s0:c0,c0 to s0:c511,c511 * s0:/2,512 - Allocate labels from s0:c0,c0,c0 to s0:c511,c511,511", + "type": "string", + "default": "" }, - "to": { - "description": "to is the MTU to migrate to.", + "mcsLabelsPerProject": { + "description": "mcsLabelsPerProject defines the number of labels that should be reserved per project. The default is 5 to match the default UID and MCS ranges (100k namespaces, 535k/5 labels).", "type": "integer", - "format": "int64" + "format": "int32", + "default": 0 + }, + "uidAllocatorRange": { + "description": "uidAllocatorRange defines the total set of Unix user IDs (UIDs) that will be allocated to projects automatically, and the size of the block each namespace gets. For example, 1000-1999/10 will allocate ten UIDs per namespace, and will be able to allocate up to 100 blocks before running out of space. The default is to allocate from 1 billion to 2 billion in 10k blocks (which is the expected size of the ranges container images will use once user namespaces are started).", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.MachineConfiguration": { - "description": "MachineConfiguration provides information to configure an operator to manage Machine Configuration.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.ServiceAccountConfig": { + "description": "ServiceAccountConfig holds the necessary configuration options for a service account", "type": "object", "required": [ - "metadata", - "spec" + "managedNames", + "limitSecretReferences", + "privateKeyFile", + "publicKeyFiles", + "masterCA" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "limitSecretReferences": { + "description": "limitSecretReferences controls whether or not to allow a service account to reference any secret in a namespace without explicitly referencing them", + "type": "boolean", + "default": false }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "managedNames": { + "description": "managedNames is a list of service account names that will be auto-created in every namespace. If no names are specified, the ServiceAccountsController will not be started.", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "masterCA": { + "description": "masterCA is the CA for verifying the TLS connection back to the master. The service account controller will automatically inject the contents of this file into pods so they can verify connections to the master.", + "type": "string", + "default": "" }, - "spec": { - "description": "spec is the specification of the desired behavior of the Machine Config Operator", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.MachineConfigurationSpec" + "privateKeyFile": { + "description": "privateKeyFile is a file containing a PEM-encoded private RSA key, used to sign service account tokens. If no private key is specified, the service account TokensController will not be started.", + "type": "string", + "default": "" }, - "status": { - "description": "status is the most recently observed status of the Machine Config Operator", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.MachineConfigurationStatus" + "publicKeyFiles": { + "description": "publicKeyFiles is a list of files, each containing a PEM-encoded public RSA key. (If any file contains a private key, the public portion of the key is used) The list of public keys is used to verify presented service account tokens. Each key is tried in order until the list is exhausted or verification succeeds. If no keys are specified, no service account authentication will be available.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.operator.v1.MachineConfigurationList": { - "description": "MachineConfigurationList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.ServiceServingCert": { + "description": "ServiceServingCert holds configuration for service serving cert signer which creates cert/key pairs for pods fulfilling a service to serve with.", "type": "object", "required": [ - "metadata", - "items" + "signer" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items contains the items", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.MachineConfiguration" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "signer": { + "description": "signer holds the signing information used to automatically sign serving certificates. If this value is nil, then certs are not signed automatically.", + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.CertInfo" } } }, - "com.github.openshift.api.operator.v1.MachineConfigurationSpec": { + "com.github.openshift.api.legacyconfig.v1.ServingInfo": { + "description": "ServingInfo holds information about serving web pages", "type": "object", "required": [ - "managementState", - "forceRedeploymentReason" + "bindAddress", + "bindNetwork", + "certFile", + "keyFile", + "clientCA", + "namedCertificates" ], "properties": { - "bootImageSkewEnforcement": { - "description": "bootImageSkewEnforcement allows an admin to configure how boot image version skew is enforced on the cluster. When omitted, this will default to Automatic for clusters that support automatic boot image updates. For clusters that do not support automatic boot image updates, cluster upgrades will be disabled until a skew enforcement mode has been specified. When version skew is being enforced, cluster upgrades will be disabled until the version skew is deemed acceptable for the current release payload.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.BootImageSkewEnforcementConfig" - }, - "failedRevisionLimit": { - "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", - "type": "integer", - "format": "int32" - }, - "forceRedeploymentReason": { - "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.", + "bindAddress": { + "description": "bindAddress is the ip:port to serve on", "type": "string", "default": "" }, - "irreconcilableValidationOverrides": { - "description": "irreconcilableValidationOverrides is an optional field that can used to make changes to a MachineConfig that cannot be applied to existing nodes. When specified, the fields configured with validation overrides will no longer reject changes to those respective fields due to them not being able to be applied to existing nodes. Only newly provisioned nodes will have these configurations applied. Existing nodes will report observed configuration differences in their MachineConfigNode status.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IrreconcilableValidationOverrides" + "bindNetwork": { + "description": "bindNetwork is the type of network to bind to - defaults to \"tcp4\", accepts \"tcp\", \"tcp4\", and \"tcp6\"", + "type": "string", + "default": "" }, - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", + "type": "string", + "default": "" }, - "managedBootImages": { - "description": "managedBootImages allows configuration for the management of boot images for machine resources within the cluster. This configuration allows users to select resources that should be updated to the latest boot images during cluster upgrades, ensuring that new machines always boot with the current cluster version's boot image. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default for each machine manager mode is All for GCP and AWS platforms, and None for all other platforms.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ManagedBootImages" + "cipherSuites": { + "description": "cipherSuites contains an overridden list of ciphers for the server to support. Values must match cipher suite IDs from https://golang.org/pkg/crypto/tls/#pkg-constants", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "clientCA": { + "description": "clientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates", "type": "string", "default": "" }, - "nodeDisruptionPolicy": { - "description": "nodeDisruptionPolicy allows an admin to set granular node disruption actions for MachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow for less downtime when doing small configuration updates to the cluster. This configuration has no effect on cluster upgrades which will still incur node disruption where required.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyConfig" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": "string", + "default": "" }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "minTLSVersion": { + "description": "minTLSVersion is the minimum TLS version supported. Values must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants", "type": "string" }, - "succeededRevisionLimit": { - "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", - "type": "integer", - "format": "int32" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - } - } - }, - "com.github.openshift.api.operator.v1.MachineConfigurationStatus": { - "type": "object", - "properties": { - "bootImageSkewEnforcementStatus": { - "description": "bootImageSkewEnforcementStatus reflects what the latest cluster-validated boot image skew enforcement configuration is and will be used by Machine Config Controller while performing boot image skew enforcement. When omitted, the MCO has no knowledge of how to enforce boot image skew. When the MCO does not know how boot image skew should be enforced, cluster upgrades will be blocked until it can either automatically determine skew enforcement or there is an explicit skew enforcement configuration provided in the spec.bootImageSkewEnforcement field.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.BootImageSkewEnforcementStatus" - }, - "conditions": { - "description": "conditions is a list of conditions and their status", + "namedCertificates": { + "description": "namedCertificates is a list of certificates to use to secure requests to specific hostnames", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "managedBootImagesStatus": { - "description": "managedBootImagesStatus reflects what the latest cluster-validated boot image configuration is and will be used by Machine Config Controller while performing boot image updates.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ManagedBootImages" - }, - "nodeDisruptionPolicyStatus": { - "description": "nodeDisruptionPolicyStatus status reflects what the latest cluster-validated policies are, and will be used by the Machine Config Daemon during future node updates.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatus" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.NamedCertificate" + } } } }, - "com.github.openshift.api.operator.v1.MachineManager": { - "description": "MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information such as the resource type and the API Group of the resource. It also provides granular control via the selection field.", + "com.github.openshift.api.legacyconfig.v1.SessionConfig": { + "description": "SessionConfig specifies options for cookie-based sessions. Used by AuthRequestHandlerSession", "type": "object", "required": [ - "resource", - "apiGroup", - "selection" + "sessionSecretsFile", + "sessionMaxAgeSeconds", + "sessionName" ], "properties": { - "apiGroup": { - "description": "apiGroup is name of the APIGroup that the machine management resource belongs to. The only current valid value is machine.openshift.io. machine.openshift.io means that the machine manager will only register resources that belong to OpenShift machine API group.", + "sessionMaxAgeSeconds": { + "description": "sessionMaxAgeSeconds specifies how long created sessions last. Used by AuthRequestHandlerSession", + "type": "integer", + "format": "int32", + "default": 0 + }, + "sessionName": { + "description": "sessionName is the cookie name used to store the session", "type": "string", "default": "" }, - "resource": { - "description": "resource is the machine management resource's type. Valid values are machinesets and controlplanemachinesets. machinesets means that the machine manager will only register resources of the kind MachineSet. controlplanemachinesets means that the machine manager will only register resources of the kind ControlPlaneMachineSet.", + "sessionSecretsFile": { + "description": "sessionSecretsFile is a reference to a file containing a serialized SessionSecrets object If no file is specified, a random signing and encryption key are generated at each server start", "type": "string", "default": "" - }, - "selection": { - "description": "selection allows granular control of the machine management resources that will be registered for boot image updates.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.MachineManagerSelector" } } }, - "com.github.openshift.api.operator.v1.MachineManagerSelector": { + "com.github.openshift.api.legacyconfig.v1.SessionSecret": { + "description": "SessionSecret is a secret used to authenticate/decrypt cookie-based sessions", "type": "object", "required": [ - "mode" + "authentication", + "encryption" ], "properties": { - "mode": { - "description": "mode determines how machine managers will be selected for updates. Valid values are All, Partial and None. All means that every resource matched by the machine manager will be updated. Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated. Partial is not permitted for the controlplanemachinesets resource type as they are a singleton within the cluster. None means that every resource matched by the machine manager will not be updated.", + "authentication": { + "description": "authentication is used to authenticate sessions using HMAC. Recommended to use a secret with 32 or 64 bytes.", "type": "string", "default": "" }, - "partial": { - "description": "partial provides label selector(s) that can be used to match machine management resources. Only permitted when mode is set to \"Partial\".", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.PartialSelector" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "mode", - "fields-to-discriminateBy": { - "partial": "Partial" - } - } - ] - }, - "com.github.openshift.api.operator.v1.ManagedBootImages": { - "type": "object", - "properties": { - "machineManagers": { - "description": "machineManagers can be used to register machine management resources for boot image updates. The Machine Config Operator will watch for changes to this list. Only one entry is permitted per type of machine management resource.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.MachineManager" - }, - "x-kubernetes-list-map-keys": [ - "resource", - "apiGroup" - ], - "x-kubernetes-list-type": "map" + "encryption": { + "description": "encryption is used to encrypt sessions. Must be 16, 24, or 32 characters long, to select AES-128, AES-", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.MyOperatorResource": { - "description": "MyOperatorResource is an example operator configuration type\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.legacyconfig.v1.SessionSecrets": { + "description": "SessionSecrets list the secrets to use to sign/encrypt and authenticate/decrypt created sessions.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "metadata", - "spec", - "status" + "secrets" ], "properties": { "apiVersion": { @@ -33214,1892 +33620,2357 @@ "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "secrets": { + "description": "secrets is a list of secrets New sessions are signed and encrypted using the first secret. Existing sessions are decrypted/authenticated by each secret until one succeeds. This allows rotating secrets.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.SessionSecret" + } + } + } + }, + "com.github.openshift.api.legacyconfig.v1.SourceStrategyDefaultsConfig": { + "description": "SourceStrategyDefaultsConfig contains values that apply to builds using the source strategy.", + "type": "object", + "properties": { + "incremental": { + "description": "incremental indicates if s2i build strategies should perform an incremental build or not", + "type": "boolean" + } + } + }, + "com.github.openshift.api.legacyconfig.v1.StringSource": { + "description": "StringSource allows specifying a string inline, or externally via env var or file. When it contains only a string value, it marshals to a simple JSON string.", + "type": "object", + "required": [ + "value", + "env", + "file", + "keyFile" + ], + "properties": { + "env": { + "description": "env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified.", + "type": "string", + "default": "" }, - "spec": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.MyOperatorResourceSpec" + "file": { + "description": "file references a file containing the cleartext value, or an encrypted value if a keyFile is specified.", + "type": "string", + "default": "" }, - "status": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.MyOperatorResourceStatus" + "keyFile": { + "description": "keyFile references a file containing the key to use to decrypt the value.", + "type": "string", + "default": "" + }, + "value": { + "description": "value specifies the cleartext value, or an encrypted value if keyFile is specified.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.MyOperatorResourceSpec": { + "com.github.openshift.api.legacyconfig.v1.StringSourceSpec": { + "description": "StringSourceSpec specifies a string value, or external location", "type": "object", "required": [ - "managementState" + "value", + "env", + "file", + "keyFile" ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "env": { + "description": "env specifies an envvar containing the cleartext value, or an encrypted value if the keyFile is specified.", "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "file": { + "description": "file references a file containing the cleartext value, or an encrypted value if a keyFile is specified.", + "type": "string", + "default": "" }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "keyFile": { + "description": "keyFile references a file containing the key to use to decrypt the value.", + "type": "string", + "default": "" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "value": { + "description": "value specifies the cleartext value, or an encrypted value if keyFile is specified.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.MyOperatorResourceStatus": { + "com.github.openshift.api.legacyconfig.v1.TokenConfig": { + "description": "TokenConfig holds the necessary configuration options for authorization and access tokens", "type": "object", + "required": [ + "authorizeTokenMaxAgeSeconds", + "accessTokenMaxAgeSeconds" + ], "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "accessTokenInactivityTimeoutSeconds": { + "description": "accessTokenInactivityTimeoutSeconds defined the default token inactivity timeout for tokens granted by any client. Setting it to nil means the feature is completely disabled (default) The default setting can be overridden on OAuthClient basis. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Valid values are: - 0: Tokens never time out - X: Tokens time out if there is no activity for X seconds The current minimum allowed value for X is 300 (5 minutes)", "type": "integer", "format": "int32" }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", + "accessTokenMaxAgeSeconds": { + "description": "accessTokenMaxAgeSeconds defines the maximum age of access tokens", "type": "integer", - "format": "int64" + "format": "int32", + "default": 0 }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "authorizeTokenMaxAgeSeconds": { + "description": "authorizeTokenMaxAgeSeconds defines the maximum age of authorize tokens", "type": "integer", "format": "int32", "default": 0 - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" } } }, - "com.github.openshift.api.operator.v1.NetFlowConfig": { + "com.github.openshift.api.legacyconfig.v1.UserAgentDenyRule": { + "description": "UserAgentDenyRule adds a rejection message that can be used to help a user figure out how to get an approved client", "type": "object", + "required": [ + "regex", + "httpVerbs", + "rejectionMessage" + ], "properties": { - "collectors": { - "description": "netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. It is a list of strings formatted as ip:port with a maximum of ten items", + "httpVerbs": { + "description": "httpVerbs specifies which HTTP verbs should be matched. An empty list means \"match all verbs\".", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } + }, + "regex": { + "description": "UserAgentRegex is a regex that is checked against the User-Agent. Known variants of oc clients 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f", + "type": "string", + "default": "" + }, + "rejectionMessage": { + "description": "rejectionMessage is the message shown when rejecting a client. If it is not a set, the default message is used.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.Network": { - "description": "Network describes the cluster's desired network configuration. It is consumed by the cluster-network-operator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.UserAgentMatchRule": { + "description": "UserAgentMatchRule describes how to match a given request based on User-Agent and HTTPVerb", "type": "object", + "required": [ + "regex", + "httpVerbs" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NetworkSpec" + "httpVerbs": { + "description": "httpVerbs specifies which HTTP verbs should be matched. An empty list means \"match all verbs\".", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "status": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NetworkStatus" + "regex": { + "description": "UserAgentRegex is a regex that is checked against the User-Agent. Known variants of oc clients 1. oc accessing kube resources: oc/v1.2.0 (linux/amd64) kubernetes/bc4550d 2. oc accessing openshift resources: oc/v1.1.3 (linux/amd64) openshift/b348c2f 3. openshift kubectl accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 4. openshift kubectl accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f 5. oadm accessing kube resources: oadm/v1.2.0 (linux/amd64) kubernetes/bc4550d 6. oadm accessing openshift resources: oadm/v1.1.3 (linux/amd64) openshift/b348c2f 7. openshift cli accessing kube resources: openshift/v1.2.0 (linux/amd64) kubernetes/bc4550d 8. openshift cli accessing openshift resources: openshift/v1.1.3 (linux/amd64) openshift/b348c2f", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.NetworkList": { - "description": "NetworkList contains a list of Network configurations\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.legacyconfig.v1.UserAgentMatchingConfig": { + "description": "UserAgentMatchingConfig controls how API calls from *voluntarily* identifying clients will be handled. THIS DOES NOT DEFEND AGAINST MALICIOUS CLIENTS!", "type": "object", "required": [ - "items" + "requiredClients", + "deniedClients", + "defaultRejectionMessage" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "defaultRejectionMessage": { + "description": "defaultRejectionMessage is the message shown when rejecting a client. If it is not a set, a generic message is given.", + "type": "string", + "default": "" }, - "items": { + "deniedClients": { + "description": "If this list is non-empty, then a User-Agent must not match any of the UserAgentRegexes", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Network" + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.UserAgentDenyRule" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "requiredClients": { + "description": "If this list is non-empty, then a User-Agent must match one of the UserAgentRegexes to be allowed", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.legacyconfig.v1.UserAgentMatchRule" + } } } }, - "com.github.openshift.api.operator.v1.NetworkMigration": { - "description": "NetworkMigration represents the cluster network migration configuration.", + "com.github.openshift.api.legacyconfig.v1.WebhookTokenAuthenticator": { + "description": "WebhookTokenAuthenticators holds the necessary configuation options for external token authenticators", "type": "object", + "required": [ + "configFile", + "cacheTTL" + ], "properties": { - "features": { - "description": "features was previously used to configure which network plugin features would be migrated in a network type migration. DEPRECATED: network type migration is no longer supported, and setting this to a non-empty value will result in the network operator rejecting the configuration.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.FeaturesMigration" - }, - "mode": { - "description": "mode indicates the mode of network type migration. DEPRECATED: network type migration is no longer supported, and setting this to a non-empty value will result in the network operator rejecting the configuration.", - "type": "string" + "cacheTTL": { + "description": "cacheTTL indicates how long an authentication result should be cached. It takes a valid time duration string (e.g. \"5m\"). If empty, you get a default timeout of 2 minutes. If zero (e.g. \"0m\"), caching is disabled", + "type": "string", + "default": "" }, - "mtu": { - "description": "mtu contains the MTU migration configuration. Set this to allow changing the MTU values for the default network. If unset, the operation of changing the MTU for the default network will be rejected.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.MTUMigration" + "configFile": { + "description": "configFile is a path to a Kubeconfig file with the webhook configuration", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.machine.v1.AWSFailureDomain": { + "description": "AWSFailureDomain configures failure domain information for the AWS platform.", + "type": "object", + "properties": { + "placement": { + "description": "placement configures the placement information for this instance.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.AWSFailureDomainPlacement" }, - "networkType": { - "description": "networkType was previously used when changing the default network type. DEPRECATED: network type migration is no longer supported, and setting this to a non-empty value will result in the network operator rejecting the configuration.", - "type": "string" + "subnet": { + "description": "subnet is a reference to the subnet to use for this instance.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1.AWSResourceReference" } } }, - "com.github.openshift.api.operator.v1.NetworkSpec": { - "description": "NetworkSpec is the top-level network configuration object.", + "com.github.openshift.api.machine.v1.AWSFailureDomainPlacement": { + "description": "AWSFailureDomainPlacement configures the placement information for the AWSFailureDomain.", "type": "object", "required": [ - "managementState", - "clusterNetwork", - "serviceNetwork", - "defaultNetwork" + "availabilityZone" ], "properties": { - "additionalNetworks": { - "description": "additionalNetworks is a list of extra networks to make available to pods when multiple networks are enabled.", + "availabilityZone": { + "description": "availabilityZone is the availability zone of the instance.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.machine.v1.AWSResourceFilter": { + "description": "AWSResourceFilter is a filter used to identify an AWS resource", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "name of the filter. Filter names are case-sensitive.", + "type": "string", + "default": "" + }, + "values": { + "description": "values includes one or more filter values. Filter values are case-sensitive.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AdditionalNetworkDefinition" + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "additionalRoutingCapabilities": { - "description": "additionalRoutingCapabilities describes components and relevant configuration providing additional routing capabilities. When set, it enables such components and the usage of the routing capabilities they provide for the machine network. Upstream operators, like MetalLB operator, requiring these capabilities may rely on, or automatically set this attribute. Network plugins may leverage advanced routing capabilities acquired through the enablement of these components but may require specific configuration on their side to do so; refer to their respective documentation and configuration options.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AdditionalRoutingCapabilities" + "x-kubernetes-list-type": "atomic" + } + } + }, + "com.github.openshift.api.machine.v1.AWSResourceReference": { + "description": "AWSResourceReference is a reference to a specific AWS resource by ID, ARN, or filters. Only one of ID, ARN or Filters may be specified. Specifying more than one will result in a validation error.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "arn": { + "description": "arn of resource.", + "type": "string" }, - "clusterNetwork": { - "description": "clusterNetwork is the IP address pool to use for pod IPs. Some network providers support multiple ClusterNetworks. Others only support one. This is equivalent to the cluster-cidr.", + "filters": { + "description": "filters is a set of filters used to identify a resource.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterNetworkEntry" + "$ref": "#/definitions/com.github.openshift.api.machine.v1.AWSResourceFilter" }, "x-kubernetes-list-type": "atomic" }, - "defaultNetwork": { - "description": "defaultNetwork is the \"default\" network that all pods will receive", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DefaultNetworkDefinition" - }, - "deployKubeProxy": { - "description": "deployKubeProxy specifies whether or not a standalone kube-proxy should be deployed by the operator. Some network providers include kube-proxy or similar functionality. If unset, the plugin will attempt to select the correct value, which is false when ovn-kubernetes is used and true otherwise.", - "type": "boolean" + "id": { + "description": "id of resource.", + "type": "string" }, - "disableMultiNetwork": { - "description": "disableMultiNetwork defaults to 'false' and this setting enables the pod multi-networking capability. disableMultiNetwork when set to 'true' at cluster install time does not install the components, typically the Multus CNI and the network-attachment-definition CRD, that enable the pod multi-networking capability. Setting the parameter to 'true' might be useful when you need install third-party CNI plugins, but these plugins are not supported by Red Hat. Changing the parameter value as a postinstallation cluster task has no effect.", - "type": "boolean" + "type": { + "description": "type determines how the reference will fetch the AWS resource.", + "type": "string", + "default": "" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "arn": "ARN", + "filters": "Filters", + "id": "ID" + } + } + ] + }, + "com.github.openshift.api.machine.v1.AlibabaCloudMachineProviderConfig": { + "description": "AlibabaCloudMachineProviderConfig is the Schema for the alibabacloudmachineproviderconfig API Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "instanceType", + "vpcId", + "regionId", + "zoneId", + "imageId", + "vSwitch", + "resourceGroup" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "disableNetworkDiagnostics": { - "description": "disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck CRs from a test pod to every node, apiserver and LB should be disabled or not. If unset, this property defaults to 'false' and network diagnostics is enabled. Setting this to 'true' would reduce the additional load of the pods performing the checks.", - "type": "boolean", - "default": false + "bandwidth": { + "description": "bandwidth describes the internet bandwidth strategy for the instance", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.BandwidthProperties" }, - "exportNetworkFlows": { - "description": "exportNetworkFlows enables and configures the export of network flow metadata from the pod network by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. If unset, flows will not be exported to any collector.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ExportNetworkFlows" + "credentialsSecret": { + "description": "credentialsSecret is a reference to the secret with alibabacloud credentials. Otherwise, defaults to permissions provided by attached RAM role where the actuator is running.", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" }, - "kubeProxyConfig": { - "description": "kubeProxyConfig lets us configure desired proxy configuration, if deployKubeProxy is true. If not specified, sensible defaults will be chosen by OpenShift directly.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ProxyConfig" + "dataDisk": { + "description": "DataDisks holds information regarding the extra disks attached to the instance", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.DataDiskProperties" + } }, - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "imageId": { + "description": "The ID of the image used to create the instance.", + "type": "string", + "default": "" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "instanceType": { + "description": "The instance type of the instance.", "type": "string", "default": "" }, - "migration": { - "description": "migration enables and configures cluster network migration, for network changes that cannot be made instantly.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NetworkMigration" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "ramRoleName": { + "description": "ramRoleName is the name of the instance Resource Access Management (RAM) role. This allows the instance to perform API calls as this specified RAM role.", "type": "string" }, - "serviceNetwork": { - "description": "serviceNetwork is the ip address pool to use for Service IPs Currently, all existing network providers only support a single value here, but this is an array to allow for growth.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "regionId": { + "description": "The ID of the region in which to create the instance. You can call the DescribeRegions operation to query the most recent region list.", + "type": "string", + "default": "" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "resourceGroup": { + "description": "resourceGroup references the resource group to which to assign the instance. A reference holds either the resource group ID, the resource name, or the required tags to search. When more than one resource group are returned for a search, an error will be produced and the Machine will not be created. Resource Groups do not support searching by tags.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.AlibabaResourceReference" }, - "useMultiNetworkPolicy": { - "description": "useMultiNetworkPolicy enables a controller which allows for MultiNetworkPolicy objects to be used on additional networks as created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy objects, but NetworkPolicy objects only apply to the primary interface. With MultiNetworkPolicy, you can control the traffic that a pod can receive over the secondary interfaces. If unset, this property defaults to 'false' and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is 'true' then the value of this field is ignored.", - "type": "boolean" - } - } - }, - "com.github.openshift.api.operator.v1.NetworkStatus": { - "description": "NetworkStatus is detailed operator status, which is distilled up to the Network clusteroperator object.", - "type": "object", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", + "securityGroups": { + "description": "securityGroups is a list of security group references to assign to the instance. A reference holds either the security group ID, the resource name, or the required tags to search. When more than one security group is returned for a tag search, all the groups are associated with the instance up to the maximum number of security groups to which an instance can belong. For more information, see the \"Security group limits\" section in Limits. https://www.alibabacloud.com/help/en/doc-detail/25412.htm", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/com.github.openshift.api.machine.v1.AlibabaResourceReference" + } }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "systemDisk": { + "description": "systemDisk holds the properties regarding the system disk for the instance", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.SystemDiskProperties" + }, + "tag": { + "description": "Tags are the set of metadata to add to an instance.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/com.github.openshift.api.machine.v1.Tag" + } }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" + "tenancy": { + "description": "tenancy specifies whether to create the instance on a dedicated host. Valid values:\n\ndefault: creates the instance on a non-dedicated host. host: creates the instance on a dedicated host. If you do not specify the DedicatedHostID parameter, Alibaba Cloud automatically selects a dedicated host for the instance. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `default`.", + "type": "string" }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" + "userDataSecret": { + "description": "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "vSwitch": { + "description": "vSwitch is a reference to the vswitch to use for this instance. A reference holds either the vSwitch ID, the resource name, or the required tags to search. When more than one vSwitch is returned for a tag search, only the first vSwitch returned will be used. This parameter is required when you create an instance of the VPC type. You can call the DescribeVSwitches operation to query the created vSwitches.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.AlibabaResourceReference" }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + "vpcId": { + "description": "The ID of the vpc", + "type": "string", + "default": "" + }, + "zoneId": { + "description": "The ID of the zone in which to create the instance. You can call the DescribeZones operation to query the most recent region list.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.NodeDisruptionPolicyClusterStatus": { - "description": "NodeDisruptionPolicyClusterStatus is the type for the status object, rendered by the controller as a merge of cluster defaults and user provided policies", + "com.github.openshift.api.machine.v1.AlibabaCloudMachineProviderConfigList": { + "description": "AlibabaCloudMachineProviderConfigList contains a list of AlibabaCloudMachineProviderConfig Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "items" + ], "properties": { - "files": { - "description": "files is a list of MachineConfig file definitions and actions to take to changes on those paths", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusFile" - }, - "x-kubernetes-list-map-keys": [ - "path" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/com.github.openshift.api.machine.v1.AlibabaCloudMachineProviderConfig" + } }, - "sshkey": { - "description": "sshkey is the overall sshkey MachineConfig definition", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusSSHKey" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "units": { - "description": "units is a list MachineConfig unit definitions and actions to take on changes to those services", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusUnit" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.operator.v1.NodeDisruptionPolicyConfig": { - "description": "NodeDisruptionPolicyConfig is the overall spec definition for files/units/sshkeys", - "type": "object", - "properties": { - "files": { - "description": "files is a list of MachineConfig file definitions and actions to take to changes on those paths This list supports a maximum of 50 entries.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecFile" - }, - "x-kubernetes-list-map-keys": [ - "path" - ], - "x-kubernetes-list-type": "map" - }, - "sshkey": { - "description": "sshkey maps to the ignition.sshkeys field in the MachineConfig object, definition an action for this will apply to all sshkey changes in the cluster", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecSSHKey" + "com.github.openshift.api.machine.v1.AlibabaCloudMachineProviderStatus": { + "description": "AlibabaCloudMachineProviderStatus is the Schema for the alibabacloudmachineproviderconfig API Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "units": { - "description": "units is a list MachineConfig unit definitions and actions to take on changes to those services This list supports a maximum of 50 entries.", + "conditions": { + "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecUnit" + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" }, "x-kubernetes-list-map-keys": [ - "name" + "type" ], "x-kubernetes-list-type": "map" + }, + "instanceId": { + "description": "instanceId is the instance ID of the machine created in alibabacloud", + "type": "string" + }, + "instanceState": { + "description": "instanceState is the state of the alibabacloud instance for this machine", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction": { + "com.github.openshift.api.machine.v1.AlibabaResourceReference": { + "description": "ResourceTagReference is a reference to a specific AlibabaCloud resource by ID, or tags. Only one of ID or Tags may be specified. Specifying more than one will result in a validation error.", "type": "object", "required": [ "type" ], "properties": { - "reload": { - "description": "reload specifies the service to reload, only valid if type is reload", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ReloadService" + "id": { + "description": "id of resource", + "type": "string" }, - "restart": { - "description": "restart specifies the service to restart, only valid if type is restart", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.RestartService" + "name": { + "description": "name of the resource", + "type": "string" + }, + "tags": { + "description": "tags is a set of metadata based upon ECS object tags used to identify a resource. For details about usage when multiple resources are found, please see the owning parent field documentation.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.Tag" + } }, "type": { - "description": "type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration", + "description": "type identifies the resource reference type for this entry.", "type": "string", "default": "" } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "reload": "Reload", - "restart": "Restart" - } - } - ] + } }, - "com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecFile": { - "description": "NodeDisruptionPolicySpecFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object", + "com.github.openshift.api.machine.v1.AzureFailureDomain": { + "description": "AzureFailureDomain configures failure domain information for the Azure platform.", "type": "object", "required": [ - "path", - "actions" + "zone" ], "properties": { - "actions": { - "description": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction" - }, - "x-kubernetes-list-type": "atomic" + "subnet": { + "description": "subnet is the name of the network subnet in which the VM will be created. When omitted, the subnet value from the machine providerSpec template will be used.", + "type": "string" }, - "path": { - "description": "path is the location of a file being managed through a MachineConfig. The Actions in the policy will apply to changes to the file at this path.", + "zone": { + "description": "Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone.", "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecSSHKey": { - "description": "NodeDisruptionPolicySpecSSHKey is actions to take for any SSHKey change and is used in the NodeDisruptionPolicyConfig object", + "com.github.openshift.api.machine.v1.BandwidthProperties": { + "description": "Bandwidth describes the bandwidth strategy for the network of the instance", + "type": "object", + "properties": { + "internetMaxBandwidthIn": { + "description": "internetMaxBandwidthIn is the maximum inbound public bandwidth. Unit: Mbit/s. Valid values: When the purchased outbound public bandwidth is less than or equal to 10 Mbit/s, the valid values of this parameter are 1 to 10. Currently the default is `10` when outbound bandwidth is less than or equal to 10 Mbit/s. When the purchased outbound public bandwidth is greater than 10, the valid values are 1 to the InternetMaxBandwidthOut value. Currently the default is the value used for `InternetMaxBandwidthOut` when outbound public bandwidth is greater than 10.", + "type": "integer", + "format": "int64" + }, + "internetMaxBandwidthOut": { + "description": "internetMaxBandwidthOut is the maximum outbound public bandwidth. Unit: Mbit/s. Valid values: 0 to 100. When a value greater than 0 is used then a public IP address is assigned to the instance. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `0`", + "type": "integer", + "format": "int64" + } + } + }, + "com.github.openshift.api.machine.v1.ControlPlaneMachineSet": { + "description": "ControlPlaneMachineSet ensures that a specified number of control plane machine replicas are running at any given time. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.ControlPlaneMachineSetSpec" + }, + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.ControlPlaneMachineSetStatus" + } + } + }, + "com.github.openshift.api.machine.v1.ControlPlaneMachineSetList": { + "description": "ControlPlaneMachineSetList contains a list of ControlPlaneMachineSet Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "actions" + "items" ], "properties": { - "actions": { - "description": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.machine.v1.ControlPlaneMachineSet" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecUnit": { - "description": "NodeDisruptionPolicySpecUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object", + "com.github.openshift.api.machine.v1.ControlPlaneMachineSetSpec": { + "description": "ControlPlaneMachineSet represents the configuration of the ControlPlaneMachineSet.", "type": "object", "required": [ - "name", - "actions" + "replicas", + "selector", + "template" ], "properties": { - "actions": { - "description": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", + "machineNamePrefix": { + "description": "machineNamePrefix is the prefix used when creating machine names. Each machine name will consist of this prefix, followed by a randomly generated string of 5 characters, and the index of the machine. It must be a lowercase RFC 1123 subdomain, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.'). Each block, separated by periods, must start and end with an alphanumeric character. Hyphens are not allowed at the start or end of a block, and consecutive periods are not permitted. The prefix must be between 1 and 245 characters in length. For example, if machineNamePrefix is set to 'control-plane', and three machines are created, their names might be: control-plane-abcde-0, control-plane-fghij-1, control-plane-klmno-2", + "type": "string" + }, + "replicas": { + "description": "replicas defines how many Control Plane Machines should be created by this ControlPlaneMachineSet. This field is immutable and cannot be changed after cluster installation. The ControlPlaneMachineSet only operates with 3 or 5 node control planes, 3 and 5 are the only valid values for this field.", + "type": "integer", + "format": "int32" + }, + "selector": { + "description": "Label selector for Machines. Existing Machines selected by this selector will be the ones affected by this ControlPlaneMachineSet. It must match the template's labels. This field is considered immutable after creation of the resource.", + "default": {}, + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "state": { + "description": "state defines whether the ControlPlaneMachineSet is Active or Inactive. When Inactive, the ControlPlaneMachineSet will not take any action on the state of the Machines within the cluster. When Active, the ControlPlaneMachineSet will reconcile the Machines and will update the Machines as necessary. Once Active, a ControlPlaneMachineSet cannot be made Inactive. To prevent further action please remove the ControlPlaneMachineSet.", + "type": "string", + "default": "Inactive" + }, + "strategy": { + "description": "strategy defines how the ControlPlaneMachineSet will update Machines when it detects a change to the ProviderSpec.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.ControlPlaneMachineSetStrategy" + }, + "template": { + "description": "template describes the Control Plane Machines that will be created by this ControlPlaneMachineSet.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.ControlPlaneMachineSetTemplate" + } + } + }, + "com.github.openshift.api.machine.v1.ControlPlaneMachineSetStatus": { + "description": "ControlPlaneMachineSetStatus represents the status of the ControlPlaneMachineSet CRD.", + "type": "object", + "properties": { + "conditions": { + "description": "conditions represents the observations of the ControlPlaneMachineSet's current state. Known .status.conditions.type are: Available, Degraded and Progressing.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction" + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "name": { - "description": "name represents the service name of a systemd service managed through a MachineConfig Actions specified will be applied for changes to the named service. Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", - "type": "string", - "default": "" + "observedGeneration": { + "description": "observedGeneration is the most recent generation observed for this ControlPlaneMachineSet. It corresponds to the ControlPlaneMachineSets's generation, which is updated on mutation by the API Server.", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas is the number of Control Plane Machines created by the ControlPlaneMachineSet controller which are ready. Note that this value may be higher than the desired number of replicas while rolling updates are in-progress.", + "type": "integer", + "format": "int32" + }, + "replicas": { + "description": "replicas is the number of Control Plane Machines created by the ControlPlaneMachineSet controller. Note that during update operations this value may differ from the desired replica count.", + "type": "integer", + "format": "int32" + }, + "unavailableReplicas": { + "description": "unavailableReplicas is the number of Control Plane Machines that are still required before the ControlPlaneMachineSet reaches the desired available capacity. When this value is non-zero, the number of ReadyReplicas is less than the desired Replicas.", + "type": "integer", + "format": "int32" + }, + "updatedReplicas": { + "description": "updatedReplicas is the number of non-terminated Control Plane Machines created by the ControlPlaneMachineSet controller that have the desired provider spec and are ready. This value is set to 0 when a change is detected to the desired spec. When the update strategy is RollingUpdate, this will also coincide with starting the process of updating the Machines. When the update strategy is OnDelete, this value will remain at 0 until a user deletes an existing replica and its replacement has become ready.", + "type": "integer", + "format": "int32" } } }, - "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatus": { + "com.github.openshift.api.machine.v1.ControlPlaneMachineSetStrategy": { + "description": "ControlPlaneMachineSetStrategy defines the strategy for applying updates to the Control Plane Machines managed by the ControlPlaneMachineSet.", "type": "object", "properties": { - "clusterPolicies": { - "description": "clusterPolicies is a merge of cluster default and user provided node disruption policies.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyClusterStatus" + "type": { + "description": "type defines the type of update strategy that should be used when updating Machines owned by the ControlPlaneMachineSet. Valid values are \"RollingUpdate\" and \"OnDelete\". The current default value is \"RollingUpdate\".", + "type": "string", + "default": "RollingUpdate" } } }, - "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction": { + "com.github.openshift.api.machine.v1.ControlPlaneMachineSetTemplate": { + "description": "ControlPlaneMachineSetTemplate is a template used by the ControlPlaneMachineSet to create the Machines that it will manage in the future.", "type": "object", "required": [ - "type" + "machineType" ], "properties": { - "reload": { - "description": "reload specifies the service to reload, only valid if type is reload", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ReloadService" - }, - "restart": { - "description": "restart specifies the service to restart, only valid if type is restart", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.RestartService" - }, - "type": { - "description": "type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration", + "machineType": { + "description": "machineType determines the type of Machines that should be managed by the ControlPlaneMachineSet. Currently, the only valid value is machines_v1beta1_machine_openshift_io.", "type": "string", "default": "" + }, + "machines_v1beta1_machine_openshift_io": { + "description": "OpenShiftMachineV1Beta1Machine defines the template for creating Machines from the v1beta1.machine.openshift.io API group.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1.OpenShiftMachineV1Beta1MachineTemplate" } }, "x-kubernetes-unions": [ { - "discriminator": "type", + "discriminator": "machineType", "fields-to-discriminateBy": { - "reload": "Reload", - "restart": "Restart" + "machines_v1beta1_machine_openshift_io": "OpenShiftMachineV1Beta1Machine" } } ] }, - "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusFile": { - "description": "NodeDisruptionPolicyStatusFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object", + "com.github.openshift.api.machine.v1.ControlPlaneMachineSetTemplateObjectMeta": { + "description": "ControlPlaneMachineSetTemplateObjectMeta is a subset of the metav1.ObjectMeta struct. It allows users to specify labels and annotations that will be copied onto Machines created from this template.", "type": "object", "required": [ - "path", - "actions" + "labels" ], "properties": { - "actions": { - "description": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction" - }, - "x-kubernetes-list-type": "atomic" + "annotations": { + "description": "annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } }, - "path": { - "description": "path is the location of a file being managed through a MachineConfig. The Actions in the policy will apply to changes to the file at this path.", + "labels": { + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels. This field must contain both the 'machine.openshift.io/cluster-api-machine-role' and 'machine.openshift.io/cluster-api-machine-type' labels, both with a value of 'master'. It must also contain a label with the key 'machine.openshift.io/cluster-api-cluster'.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + } + } + }, + "com.github.openshift.api.machine.v1.DataDiskProperties": { + "description": "DataDisk contains the information regarding the datadisk attached to an instance", + "type": "object", + "properties": { + "Category": { + "description": "Category describes the type of data disk N. Valid values: cloud_efficiency: ultra disk cloud_ssd: standard SSD cloud_essd: ESSD cloud: basic disk Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently for non-I/O optimized instances of retired instance types, the default is `cloud`. Currently for other instances, the default is `cloud_efficiency`.", + "type": "string", + "default": "" + }, + "DiskEncryption": { + "description": "DiskEncryption specifies whether to encrypt data disk N.\n\nEmpty value means the platform chooses a default, which is subject to change over time. Currently the default is `disabled`.", + "type": "string", + "default": "" + }, + "DiskPreservation": { + "description": "DiskPreservation specifies whether to release data disk N along with the instance. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `DeleteWithInstance`", + "type": "string", + "default": "" + }, + "KMSKeyID": { + "description": "KMSKeyID is the ID of the Key Management Service (KMS) key to be used by data disk N. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently the default is `\"\"` which is interpreted as do not use KMSKey encryption.", + "type": "string", + "default": "" + }, + "Name": { + "description": "Name is the name of data disk N. If the name is specified the name must be 2 to 128 characters in length. It must start with a letter and cannot start with http:// or https://. It can contain letters, digits, colons (:), underscores (_), and hyphens (-).\n\nEmpty value means the platform chooses a default, which is subject to change over time. Currently the default is `\"\"`.", + "type": "string", + "default": "" + }, + "PerformanceLevel": { + "description": "PerformanceLevel is the performance level of the ESSD used as as data disk N. The N value must be the same as that in DataDisk.N.Category when DataDisk.N.Category is set to cloud_essd. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is `PL1`. Valid values:\n\nPL0: A single ESSD can deliver up to 10,000 random read/write IOPS. PL1: A single ESSD can deliver up to 50,000 random read/write IOPS. PL2: A single ESSD can deliver up to 100,000 random read/write IOPS. PL3: A single ESSD can deliver up to 1,000,000 random read/write IOPS. For more information about ESSD performance levels, see ESSDs.", + "type": "string", + "default": "" + }, + "Size": { + "description": "Size of the data disk N. Valid values of N: 1 to 16. Unit: GiB. Valid values:\n\nValid values when DataDisk.N.Category is set to cloud_efficiency: 20 to 32768 Valid values when DataDisk.N.Category is set to cloud_ssd: 20 to 32768 Valid values when DataDisk.N.Category is set to cloud_essd: 20 to 32768 Valid values when DataDisk.N.Category is set to cloud: 5 to 2000 The value of this parameter must be greater than or equal to the size of the snapshot specified by the SnapshotID parameter.", + "type": "integer", + "format": "int64", + "default": 0 + }, + "SnapshotID": { + "description": "SnapshotID is the ID of the snapshot used to create data disk N. Valid values of N: 1 to 16.\n\nWhen the DataDisk.N.SnapshotID parameter is specified, the DataDisk.N.Size parameter is ignored. The data disk is created based on the size of the specified snapshot. Use snapshots created after July 15, 2013. Otherwise, an error is returned and your request is rejected.", "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusSSHKey": { - "description": "NodeDisruptionPolicyStatusSSHKey is actions to take for any SSHKey change and is used in the NodeDisruptionPolicyClusterStatus object", + "com.github.openshift.api.machine.v1.FailureDomains": { + "description": "FailureDomain represents the different configurations required to spread Machines across failure domains on different platforms.", "type": "object", "required": [ - "actions" + "platform" ], "properties": { - "actions": { - "description": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", + "aws": { + "description": "aws configures failure domain information for the AWS platform.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction" + "$ref": "#/definitions/com.github.openshift.api.machine.v1.AWSFailureDomain" }, "x-kubernetes-list-type": "atomic" - } - } - }, - "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusUnit": { - "description": "NodeDisruptionPolicyStatusUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object", - "type": "object", - "required": [ - "name", - "actions" - ], - "properties": { - "actions": { - "description": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", + }, + "azure": { + "description": "azure configures failure domain information for the Azure platform.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction" + "$ref": "#/definitions/com.github.openshift.api.machine.v1.AzureFailureDomain" }, "x-kubernetes-list-type": "atomic" }, - "name": { - "description": "name represents the service name of a systemd service managed through a MachineConfig Actions specified will be applied for changes to the named service. Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", + "gcp": { + "description": "gcp configures failure domain information for the GCP platform.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.GCPFailureDomain" + }, + "x-kubernetes-list-type": "atomic" + }, + "nutanix": { + "description": "nutanix configures failure domain information for the Nutanix platform.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixFailureDomainReference" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + }, + "openstack": { + "description": "openstack configures failure domain information for the OpenStack platform.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.OpenStackFailureDomain" + }, + "x-kubernetes-list-type": "atomic" + }, + "platform": { + "description": "platform identifies the platform for which the FailureDomain represents. Currently supported values are AWS, Azure, GCP, OpenStack, VSphere and Nutanix.", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.operator.v1.NodePlacement": { - "description": "NodePlacement describes node scheduling configuration for an ingress controller.", - "type": "object", - "properties": { - "nodeSelector": { - "description": "nodeSelector is the node selector applied to ingress controller deployments.\n\nIf set, the specified selector is used and replaces the default.\n\nIf unset, the default depends on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses status.\n\nWhen defaultPlacement is Workers, the default is:\n\n kubernetes.io/os: linux\n node-role.kubernetes.io/worker: ''\n\nWhen defaultPlacement is ControlPlane, the default is:\n\n kubernetes.io/os: linux\n node-role.kubernetes.io/master: ''\n\nThese defaults are subject to change.\n\nNote that using nodeSelector.matchExpressions is not supported. Only nodeSelector.matchLabels may be used. This is a limitation of the Kubernetes API: the pod spec does not allow complex expressions for node selectors.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" }, - "tolerations": { - "description": "tolerations is a list of tolerations applied to ingress controller deployments.\n\nThe default is an empty list.\n\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/", + "vsphere": { + "description": "vsphere configures failure domain information for the VSphere platform.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" + "$ref": "#/definitions/com.github.openshift.api.machine.v1.VSphereFailureDomain" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "platform", + "fields-to-discriminateBy": { + "aws": "AWS", + "azure": "Azure", + "gcp": "GCP", + "nutanix": "Nutanix", + "openstack": "OpenStack", + "vsphere": "VSphere" + } + } + ] }, - "com.github.openshift.api.operator.v1.NodePortStrategy": { - "description": "NodePortStrategy holds parameters for the NodePortService endpoint publishing strategy.", + "com.github.openshift.api.machine.v1.GCPFailureDomain": { + "description": "GCPFailureDomain configures failure domain information for the GCP platform", "type": "object", + "required": [ + "zone" + ], "properties": { - "protocol": { - "description": "protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string. * \"TCP\". * \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change.", - "type": "string" + "zone": { + "description": "zone is the zone in which the GCP machine provider will create the VM.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.NodeStatus": { - "description": "NodeStatus provides information about the current state of a particular node managed by this operator.", + "com.github.openshift.api.machine.v1.LoadBalancerReference": { + "description": "LoadBalancerReference is a reference to a load balancer on IBM Cloud virtual private cloud(VPC).", "type": "object", "required": [ - "nodeName" + "name", + "type" ], "properties": { - "currentRevision": { - "description": "currentRevision is the generation of the most recently successful deployment. Can not be set on creation of a nodeStatus. Updates must only increase the value.", - "type": "integer", - "format": "int32" - }, - "lastFailedCount": { - "description": "lastFailedCount is how often the installer pod of the last failed revision failed.", - "type": "integer", - "format": "int32" - }, - "lastFailedReason": { - "description": "lastFailedReason is a machine readable failure reason string.", - "type": "string" - }, - "lastFailedRevision": { - "description": "lastFailedRevision is the generation of the deployment we tried and failed to deploy.", - "type": "integer", - "format": "int32" - }, - "lastFailedRevisionErrors": { - "description": "lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "lastFailedTime": { - "description": "lastFailedTime is the time the last failed revision failed the last time.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "lastFallbackCount": { - "description": "lastFallbackCount is how often a fallback to a previous revision happened.", - "type": "integer", - "format": "int32" - }, - "nodeName": { - "description": "nodeName is the name of the node", + "name": { + "description": "name of the LoadBalancer in IBM Cloud VPC. The name should be between 1 and 63 characters long and may consist of lowercase alphanumeric characters and hyphens only. The value must not end with a hyphen. It is a reference to existing LoadBalancer created by openshift installer component.", "type": "string", "default": "" }, - "targetRevision": { - "description": "targetRevision is the generation of the deployment we're trying to apply. Can not be set on creation of a nodeStatus.", - "type": "integer", - "format": "int32" + "type": { + "description": "type of the LoadBalancer service supported by IBM Cloud VPC. Currently, only Application LoadBalancer is supported. More details about Application LoadBalancer https://cloud.ibm.com/docs/vpc?topic=vpc-load-balancers-about&interface=ui Supported values are Application.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.OAuthAPIServerStatus": { + "com.github.openshift.api.machine.v1.NutanixCategory": { + "description": "NutanixCategory identifies a pair of prism category key and value", "type": "object", + "required": [ + "key", + "value" + ], "properties": { - "latestAvailableRevision": { - "description": "latestAvailableRevision is the latest revision used as suffix of revisioned secrets like encryption-config. A new revision causes a new deployment of pods.", - "type": "integer", - "format": "int32" + "key": { + "description": "key is the prism category key name", + "type": "string", + "default": "" + }, + "value": { + "description": "value is the prism category value associated with the key", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.OLM": { - "description": "OLM provides information to configure an operator to manage the OLM controllers\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1.NutanixFailureDomainReference": { + "description": "NutanixFailureDomainReference refers to the failure domain of the Nutanix platform.", "type": "object", "required": [ - "metadata", - "spec" + "name" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OLMSpec" - }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OLMStatus" + "name": { + "description": "name of the failure domain in which the nutanix machine provider will create the VM. Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.OLMList": { - "description": "OLMList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1.NutanixGPU": { + "description": "NutanixGPU holds the identity of a Nutanix GPU resource in the Prism Central", "type": "object", "required": [ - "metadata", - "items" + "type" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items contains the items", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OLM" - } + "deviceID": { + "description": "deviceID is the GPU device ID with the integer value.", + "type": "integer", + "format": "int32" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "name": { + "description": "name is the GPU device name", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "type": { + "description": "type is the identifier type of the GPU device. Valid values are Name and DeviceID.", + "type": "string", + "default": "" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "deviceID": "DeviceID", + "name": "Name" + } + } + ] }, - "com.github.openshift.api.operator.v1.OLMSpec": { + "com.github.openshift.api.machine.v1.NutanixMachineProviderConfig": { + "description": "NutanixMachineProviderConfig is the Schema for the nutanixmachineproviderconfigs API Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "managementState" + "cluster", + "image", + "subnets", + "vcpusPerSocket", + "vcpuSockets", + "memorySize", + "systemDiskSize", + "credentialsSecret" ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "bootType": { + "description": "bootType indicates the boot type (Legacy, UEFI or SecureBoot) the Machine's VM uses to boot. If this field is empty or omitted, the VM will use the default boot type \"Legacy\" to boot. \"SecureBoot\" depends on \"UEFI\" boot, i.e., enabling \"SecureBoot\" means that \"UEFI\" boot is also enabled.", "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - } - } - }, - "com.github.openshift.api.operator.v1.OLMStatus": { - "type": "object", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", + "categories": { + "description": "categories optionally adds one or more prism categories (each with key and value) for the Machine's VM to associate with. All the category key and value pairs specified must already exist in the prism central.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixCategory" }, "x-kubernetes-list-map-keys": [ - "type" + "key" ], "x-kubernetes-list-type": "map" }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "cluster": { + "description": "cluster is to identify the cluster (the Prism Element under management of the Prism Central), in which the Machine's VM will be created. The cluster identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixResourceIdentifier" + }, + "credentialsSecret": { + "description": "credentialsSecret is a local reference to a secret that contains the credentials data to access Nutanix PC client", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + }, + "dataDisks": { + "description": "dataDisks holds information of the data disks to attach to the Machine's VM", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixVMDisk" }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "set" }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" + "failureDomain": { + "description": "failureDomain refers to the name of the FailureDomain with which this Machine is associated. If this is configured, the Nutanix machine controller will use the prism_central endpoint and credentials defined in the referenced FailureDomain to communicate to the prism_central. It will also verify that the 'cluster' and subnets' configuration in the NutanixMachineProviderConfig is consistent with that in the referenced failureDomain.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixFailureDomainReference" }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" + "gpus": { + "description": "gpus is a list of GPU devices to attach to the machine's VM. The GPU devices should already exist in Prism Central and associated with one of the Prism Element's hosts and available for the VM to attach (in \"UNUSED\" status).", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixGPU" + }, + "x-kubernetes-list-type": "set" }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "image": { + "description": "image is to identify the rhcos image uploaded to the Prism Central (PC) The image identifier (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixResourceIdentifier" }, - "version": { - "description": "version is the level this availability applies to", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - } - } - }, - "com.github.openshift.api.operator.v1.OVNKubernetesConfig": { - "description": "ovnKubernetesConfig contains the configuration parameters for networks using the ovn-kubernetes network project", - "type": "object", - "properties": { - "egressIPConfig": { - "description": "egressIPConfig holds the configuration for EgressIP options.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.EgressIPConfig" }, - "gatewayConfig": { - "description": "gatewayConfig holds the configuration for node gateway options.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GatewayConfig" + "memorySize": { + "description": "memorySize is the memory size (in Quantity format) of the VM The minimum memorySize is 2Gi bytes", + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" }, - "genevePort": { - "description": "geneve port is the UDP port to be used by geneve encapulation. Default is 6081", - "type": "integer", - "format": "int64" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "hybridOverlayConfig": { - "description": "hybridOverlayConfig configures an additional overlay network for peers that are not using OVN.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.HybridOverlayConfig" + "project": { + "description": "project optionally identifies a Prism project for the Machine's VM to associate with.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixResourceIdentifier" }, - "ipsecConfig": { - "description": "ipsecConfig enables and configures IPsec for pods on the pod network within the cluster.", - "default": { - "mode": "Disabled" - }, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPsecConfig" + "subnets": { + "description": "subnets holds a list of identifiers (one or more) of the cluster's network subnets for the Machine's VM to connect to. The subnet identifiers (uuid or name) can be obtained from the Prism Central console or using the prism_central API.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixResourceIdentifier" + } }, - "ipv4": { - "description": "ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPv4OVNKubernetesConfig" + "systemDiskSize": { + "description": "systemDiskSize is size (in Quantity format) of the system disk of the VM The minimum systemDiskSize is 20Gi bytes", + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" }, - "ipv6": { - "description": "ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPv6OVNKubernetesConfig" + "userDataSecret": { + "description": "userDataSecret is a local reference to a secret that contains the UserData to apply to the VM", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" }, - "mtu": { - "description": "mtu is the MTU to use for the tunnel interface. This must be 100 bytes smaller than the uplink mtu. Default is 1400", + "vcpuSockets": { + "description": "vcpuSockets is the number of vCPU sockets of the VM", "type": "integer", - "format": "int64" - }, - "policyAuditConfig": { - "description": "policyAuditConfig is the configuration for network policy audit events. If unset, reported defaults are used.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.PolicyAuditConfig" - }, - "routeAdvertisements": { - "description": "routeAdvertisements determines if the functionality to advertise cluster network routes through a dynamic routing protocol, such as BGP, is enabled or not. This functionality is configured through the ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing capability provider to be enabled as an additional routing capability. Allowed values are \"Enabled\", \"Disabled\" and ommited. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is \"Disabled\".", - "type": "string" - }, - "v4InternalSubnet": { - "description": "v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. Default is 100.64.0.0/16", - "type": "string" + "format": "int32", + "default": 0 }, - "v6InternalSubnet": { - "description": "v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. Default is fd98::/64", - "type": "string" + "vcpusPerSocket": { + "description": "vcpusPerSocket is the number of vCPUs per socket of the VM", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "com.github.openshift.api.operator.v1.OpenShiftAPIServer": { - "description": "OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1.NutanixMachineProviderStatus": { + "description": "NutanixMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains nutanix-specific status information. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "metadata", - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "conditions": { + "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec is the specification of the desired behavior of the OpenShift API Server.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftAPIServerSpec" - }, - "status": { - "description": "status defines the observed status of the OpenShift API Server.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftAPIServerStatus" + "vmUUID": { + "description": "vmUUID is the Machine associated VM's UUID The field is missing before the VM is created. Once the VM is created, the field is filled with the VM's UUID and it will not change. The vmUUID is used to find the VM when updating the Machine status, and to delete the VM when the Machine is deleted.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.OpenShiftAPIServerList": { - "description": "OpenShiftAPIServerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1.NutanixResourceIdentifier": { + "description": "NutanixResourceIdentifier holds the identity of a Nutanix PC resource (cluster, image, subnet, etc.)", "type": "object", "required": [ - "metadata", - "items" + "type" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "name": { + "description": "name is the resource name in the PC", "type": "string" }, - "items": { - "description": "items contains the items", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftAPIServer" - } + "type": { + "description": "type is the identifier type to use for this resource.", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "uuid": { + "description": "uuid is the UUID of the resource in the PC.", "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "name": "Name", + "uuid": "UUID" + } + } + ] }, - "com.github.openshift.api.operator.v1.OpenShiftAPIServerSpec": { + "com.github.openshift.api.machine.v1.NutanixStorageResourceIdentifier": { + "description": "NutanixStorageResourceIdentifier holds the identity of a Nutanix storage resource (storage_container, etc.)", "type": "object", "required": [ - "managementState" + "type" ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "type": { + "description": "type is the identifier type to use for this resource. The valid value is \"uuid\".", "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "uuid": { + "description": "uuid is the UUID of the storage resource in the PC.", "type": "string" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "uuid": "UUID" + } + } + ] + }, + "com.github.openshift.api.machine.v1.NutanixVMDisk": { + "description": "NutanixDataDisk specifies the VM data disk configuration parameters.", + "type": "object", + "required": [ + "diskSize" + ], + "properties": { + "dataSource": { + "description": "dataSource refers to a data source image for the VM disk.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixResourceIdentifier" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "deviceProperties": { + "description": "deviceProperties are the properties of the disk device.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixVMDiskDeviceProperties" + }, + "diskSize": { + "description": "diskSize is size (in Quantity format) of the disk attached to the VM. See https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Format for the Quantity format and example documentation. The minimum diskSize is 1GB.", + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + }, + "storageConfig": { + "description": "storageConfig are the storage configuration parameters of the VM disks.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixVMStorageConfig" } } }, - "com.github.openshift.api.operator.v1.OpenShiftAPIServerStatus": { + "com.github.openshift.api.machine.v1.NutanixVMDiskDeviceProperties": { + "description": "NutanixVMDiskDeviceProperties specifies the disk device properties.", "type": "object", + "required": [ + "deviceType", + "adapterType", + "deviceIndex" + ], "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" + "adapterType": { + "description": "adapterType is the adapter type of the disk address. If the deviceType is \"Disk\", the valid adapterType can be \"SCSI\", \"IDE\", \"PCI\", \"SATA\" or \"SPAPR\". If the deviceType is \"CDRom\", the valid adapterType can be \"IDE\" or \"SATA\".", + "type": "string", + "default": "" }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "deviceIndex": { + "description": "deviceIndex is the index of the disk address. The valid values are non-negative integers, with the default value 0. For a Machine VM, the deviceIndex for the disks with the same deviceType.adapterType combination should start from 0 and increase consecutively afterwards. Note that for each Machine VM, the Disk.SCSI.0 and CDRom.IDE.0 are reserved to be used by the VM's system. So for dataDisks of Disk.SCSI and CDRom.IDE, the deviceIndex should start from 1.", "type": "integer", "format": "int32" }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" + "deviceType": { + "description": "deviceType specifies the disk device type. The valid values are \"Disk\" and \"CDRom\", and the default is \"Disk\".", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.machine.v1.NutanixVMStorageConfig": { + "description": "NutanixVMStorageConfig specifies the storage configuration parameters for VM disks.", + "type": "object", + "required": [ + "diskMode" + ], + "properties": { + "diskMode": { + "description": "diskMode specifies the disk mode. The valid values are Standard and Flash, and the default is Standard.", + "type": "string", + "default": "" }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "storageContainer": { + "description": "storageContainer refers to the storage_container used by the VM disk.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1.NutanixStorageResourceIdentifier" + } + } + }, + "com.github.openshift.api.machine.v1.OpenShiftMachineV1Beta1MachineTemplate": { + "description": "OpenShiftMachineV1Beta1MachineTemplate is a template for the ControlPlaneMachineSet to create Machines from the v1beta1.machine.openshift.io API group.", + "type": "object", + "required": [ + "metadata", + "spec" + ], + "properties": { + "failureDomains": { + "description": "failureDomains is the list of failure domains (sometimes called availability zones) in which the ControlPlaneMachineSet should balance the Control Plane Machines. This will be merged into the ProviderSpec given in the template. This field is optional on platforms that do not require placement information.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1.FailureDomains" }, - "version": { - "description": "version is the level this availability applies to", + "metadata": { + "description": "ObjectMeta is the standard object metadata More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata Labels are required to match the ControlPlaneMachineSet selector.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.ControlPlaneMachineSetTemplateObjectMeta" + }, + "spec": { + "description": "spec contains the desired configuration of the Control Plane Machines. The ProviderSpec within contains platform specific details for creating the Control Plane Machines. The ProviderSe should be complete apart from the platform specific failure domain field. This will be overridden when the Machines are created based on the FailureDomains field.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineSpec" + } + } + }, + "com.github.openshift.api.machine.v1.OpenStackFailureDomain": { + "description": "OpenStackFailureDomain configures failure domain information for the OpenStack platform.", + "type": "object", + "properties": { + "availabilityZone": { + "description": "availabilityZone is the nova availability zone in which the OpenStack machine provider will create the VM. If not specified, the VM will be created in the default availability zone specified in the nova configuration. Availability zone names must NOT contain : since it is used by admin users to specify hosts where instances are launched in server creation. Also, it must not contain spaces otherwise it will lead to node that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information. The maximum length of availability zone name is 63 as per labels limits.", "type": "string" + }, + "rootVolume": { + "description": "rootVolume contains settings that will be used by the OpenStack machine provider to create the root volume attached to the VM. If not specified, no root volume will be created.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1.RootVolume" } } }, - "com.github.openshift.api.operator.v1.OpenShiftControllerManager": { - "description": "OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1.PowerVSMachineProviderConfig": { + "description": "PowerVSMachineProviderConfig is the type that will be embedded in a Machine.Spec.ProviderSpec field for a PowerVS virtual machine. It is used by the PowerVS machine actuator to create a single Machine.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "metadata", - "spec" + "serviceInstance", + "image", + "network", + "keyPairName" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "credentialsSecret": { + "description": "credentialsSecret is a reference to the secret with IBM Cloud credentials.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1.PowerVSSecretReference" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "image": { + "description": "image is to identify the rhcos image uploaded to IBM COS bucket which is used to create the instance. supported image identifier in PowerVSResource are Name and ID and that can be obtained from IBM Cloud UI or IBM Cloud cli.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/com.github.openshift.api.machine.v1.PowerVSResource" }, - "spec": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftControllerManagerSpec" + "keyPairName": { + "description": "keyPairName is the name of the KeyPair to use for SSH. The key pair will be exposed to the instance via the instance metadata service. On boot, the OS will copy the public keypair into the authorized keys for the core user.", + "type": "string", + "default": "" }, - "status": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftControllerManagerStatus" - } - } - }, - "com.github.openshift.api.operator.v1.OpenShiftControllerManagerList": { - "description": "OpenShiftControllerManagerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "metadata", - "items" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "items": { - "description": "items contains the items", + "loadBalancers": { + "description": "loadBalancers is the set of load balancers to which the new control plane instance should be added once it is created.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftControllerManager" + "$ref": "#/definitions/com.github.openshift.api.machine.v1.LoadBalancerReference" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "memoryGiB": { + "description": "memoryGiB is the size of a virtual machine's memory, in GiB. maximum value for the MemoryGiB depends on the selected SystemType. when SystemType is set to e880 maximum MemoryGiB value is 7463 GiB. when SystemType is set to e980 maximum MemoryGiB value is 15307 GiB. when SystemType is set to s922 maximum MemoryGiB value is 942 GiB. The minimum memory is 32 GiB. When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 32.", + "type": "integer", + "format": "int32" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.operator.v1.OpenShiftControllerManagerSpec": { - "type": "object", - "required": [ - "managementState" - ], - "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "network": { + "description": "network is the reference to the Network to use for this instance. supported network identifier in PowerVSResource are Name, ID and RegEx and that can be obtained from IBM Cloud UI or IBM Cloud cli.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.PowerVSResource" + }, + "processorType": { + "description": "processorType is the VM instance processor type. It must be set to one of the following values: Dedicated, Capped or Shared. Dedicated: resources are allocated for a specific client, The hypervisor makes a 1:1 binding of a partition’s processor to a physical processor core. Shared: Shared among other clients. Capped: Shared, but resources do not expand beyond those that are requested, the amount of CPU time is Capped to the value specified for the entitlement. if the processorType is selected as Dedicated, then processors value cannot be fractional. When omitted, this means that the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is Shared.", "type": "string" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "type": "string", - "default": "" + "processors": { + "description": "processors is the number of virtual processors in a virtual machine. when the processorType is selected as Dedicated the processors value cannot be fractional. maximum value for the Processors depends on the selected SystemType. when SystemType is set to e880 or e980 maximum Processors value is 143. when SystemType is set to s922 maximum Processors value is 15. minimum value for Processors depends on the selected ProcessorType. when ProcessorType is set as Shared or Capped, The minimum processors is 0.5. when ProcessorType is set as Dedicated, The minimum processors is 1. When omitted, this means that the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default is set based on the selected ProcessorType. when ProcessorType selected as Dedicated, the default is set to 1. when ProcessorType selected as Shared or Capped, the default is set to 0.5.", + "$ref": "#/definitions/IntOrString.intstr.util.pkg.apimachinery.k8s.io" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "serviceInstance": { + "description": "serviceInstance is the reference to the Power VS service on which the server instance(VM) will be created. Power VS service is a container for all Power VS instances at a specific geographic region. serviceInstance can be created via IBM Cloud catalog or CLI. supported serviceInstance identifier in PowerVSResource are Name and ID and that can be obtained from IBM Cloud UI or IBM Cloud cli. More detail about Power VS service instance. https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-creating-power-virtual-server", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1.PowerVSResource" }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "systemType": { + "description": "systemType is the System type used to host the instance. systemType determines the number of cores and memory that is available. Few of the supported SystemTypes are s922,e880,e980. e880 systemType available only in Dallas Datacenters. e980 systemType available in Datacenters except Dallas and Washington. When omitted, this means that the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is s922 which is generally available.", "type": "string" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "userDataSecret": { + "description": "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1.PowerVSSecretReference" } } }, - "com.github.openshift.api.operator.v1.OpenShiftControllerManagerStatus": { + "com.github.openshift.api.machine.v1.PowerVSMachineProviderStatus": { + "description": "PowerVSMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains PowerVS-specific status information.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, "conditions": { - "description": "conditions is a list of conditions and their status", + "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" }, "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" + "instanceId": { + "description": "instanceId is the instance ID of the machine created in PowerVS instanceId uniquely identifies a Power VS server instance(VM) under a Power VS service. This will help in updating or deleting a VM in Power VS Cloud", + "type": "string" }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" + "instanceState": { + "description": "instanceState is the state of the PowerVS instance for this machine Possible instance states are Active, Build, ShutOff, Reboot This is used to display additional information to user regarding instance current state", + "type": "string" }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "version": { - "description": "version is the level this availability applies to", + "serviceInstanceID": { + "description": "serviceInstanceID is the reference to the Power VS ServiceInstance on which the machine instance will be created. serviceInstanceID uniquely identifies the Power VS service By setting serviceInstanceID it will become easy and efficient to fetch a server instance(VM) within Power VS Cloud.", "type": "string" } } }, - "com.github.openshift.api.operator.v1.OpenShiftSDNConfig": { - "description": "OpenShiftSDNConfig was used to configure the OpenShift SDN plugin. It is no longer used.", + "com.github.openshift.api.machine.v1.PowerVSResource": { + "description": "PowerVSResource is a reference to a specific PowerVS resource by ID, Name or RegEx Only one of ID, Name or RegEx may be specified. Specifying more than one will result in a validation error.", "type": "object", - "required": [ - "mode" - ], "properties": { - "enableUnidling": { - "description": "enableUnidling controls whether or not the service proxy will support idling and unidling of services. By default, unidling is enabled.", - "type": "boolean" - }, - "mode": { - "description": "mode is one of \"Multitenant\", \"Subnet\", or \"NetworkPolicy\"", - "type": "string", - "default": "" + "id": { + "description": "id of resource", + "type": "string" }, - "mtu": { - "description": "mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. This must be 50 bytes smaller than the machine's uplink.", - "type": "integer", - "format": "int64" + "name": { + "description": "name of resource", + "type": "string" }, - "useExternalOpenvswitch": { - "description": "useExternalOpenvswitch used to control whether the operator would deploy an OVS DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always run as a system service, and this flag is ignored.", - "type": "boolean" + "regex": { + "description": "regex to find resource Regex contains the pattern to match to find a resource", + "type": "string" }, - "vxlanPort": { - "description": "vxlanPort is the port to use for all vxlan packets. The default is 4789.", - "type": "integer", - "format": "int64" + "type": { + "description": "type identifies the resource type for this entry. Valid values are ID, Name and RegEx", + "type": "string" } - } + }, + "x-kubernetes-unions": [ + { + "fields-to-discriminateBy": { + "id": "ID", + "name": "Name", + "regex": "RegEx", + "type": "Type" + } + } + ] }, - "com.github.openshift.api.operator.v1.OpenStackLoadBalancerParameters": { - "description": "OpenStackLoadBalancerParameters provides configuration settings that are specific to OpenStack load balancers.", + "com.github.openshift.api.machine.v1.PowerVSSecretReference": { + "description": "PowerVSSecretReference contains enough information to locate the referenced secret inside the same namespace.", "type": "object", "properties": { - "floatingIP": { - "description": "floatingIP specifies the IP address that the load balancer will use. When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. When specified, the floating IP has to be pre-created. If the specified value is not a floating IP or is already claimed, the OpenStack cloud provider won't be able to provision the load balancer. This field may only be used if the IngressController has External scope. This value must be a valid IPv4 or IPv6 address.", + "name": { + "description": "name of the secret.", "type": "string" } - } + }, + "x-kubernetes-map-type": "atomic" }, - "com.github.openshift.api.operator.v1.OperatorCondition": { - "description": "OperatorCondition is just the standard condition fields.", + "com.github.openshift.api.machine.v1.RootVolume": { + "description": "RootVolume represents the volume metadata to boot from. The original RootVolume struct is defined in the v1alpha1 but it's not best practice to use it directly here so we define a new one that should stay in sync with the original one.", "type": "object", "required": [ - "type", - "status", - "lastTransitionTime" + "volumeType" ], "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "message": { - "type": "string" - }, - "reason": { + "availabilityZone": { + "description": "availabilityZone specifies the Cinder availability zone where the root volume will be created. If not specifified, the root volume will be created in the availability zone specified by the volume type in the cinder configuration. If the volume type (configured in the OpenStack cluster) does not specify an availability zone, the root volume will be created in the default availability zone specified in the cinder configuration. See https://docs.openstack.org/cinder/latest/admin/availability-zone-type.html for more details. If the OpenStack cluster is deployed with the cross_az_attach configuration option set to false, the root volume will have to be in the same availability zone as the VM (defined by OpenStackFailureDomain.AvailabilityZone). Availability zone names must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information. The maximum length of availability zone name is 63 as per labels limits.", "type": "string" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "type": "string", - "default": "" - }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", + "volumeType": { + "description": "volumeType specifies the type of the root volume that will be provisioned. The maximum length of a volume type name is 255 characters, as per the OpenStack limit.", "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1.OperatorSpec": { - "description": "OperatorSpec contains common fields operators need. It is intended to be anonymous included inside of the Spec struct for your particular operator.", + "com.github.openshift.api.machine.v1.SystemDiskProperties": { + "description": "SystemDiskProperties contains the information regarding the system disk including performance, size, name, and category", "type": "object", - "required": [ - "managementState" - ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "category": { + "description": "category is the category of the system disk. Valid values: cloud_essd: ESSD. When the parameter is set to this value, you can use the SystemDisk.PerformanceLevel parameter to specify the performance level of the disk. cloud_efficiency: ultra disk. cloud_ssd: standard SSD. cloud: basic disk. Empty value means no opinion and the platform chooses the a default, which is subject to change over time. Currently for non-I/O optimized instances of retired instance types, the default is `cloud`. Currently for other instances, the default is `cloud_efficiency`.", "type": "string" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "type": "string", - "default": "" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "name": { + "description": "name is the name of the system disk. If the name is specified the name must be 2 to 128 characters in length. It must start with a letter and cannot start with http:// or https://. It can contain letters, digits, colons (:), underscores (_), and hyphens (-). Empty value means the platform chooses a default, which is subject to change over time. Currently the default is `\"\"`.", + "type": "string" }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "performanceLevel": { + "description": "performanceLevel is the performance level of the ESSD used as the system disk. Valid values:\n\nPL0: A single ESSD can deliver up to 10,000 random read/write IOPS. PL1: A single ESSD can deliver up to 50,000 random read/write IOPS. PL2: A single ESSD can deliver up to 100,000 random read/write IOPS. PL3: A single ESSD can deliver up to 1,000,000 random read/write IOPS. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is `PL1`. For more information about ESSD performance levels, see ESSDs.", "type": "string" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "size": { + "description": "size is the size of the system disk. Unit: GiB. Valid values: 20 to 500. The value must be at least 20 and greater than or equal to the size of the image. Empty value means the platform chooses a default, which is subject to change over time. Currently the default is `40` or the size of the image depending on whichever is greater.", + "type": "integer", + "format": "int64" } } }, - "com.github.openshift.api.operator.v1.OperatorStatus": { + "com.github.openshift.api.machine.v1.Tag": { + "description": "Tag The tags of ECS Instance", "type": "object", + "required": [ + "Key", + "Value" + ], "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "Key": { + "description": "Key is the name of the key pair", + "type": "string", + "default": "" }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + "Value": { + "description": "Value is the value or data of the key pair", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.PartialSelector": { - "description": "PartialSelector provides label selector(s) that can be used to match machine management resources.", + "com.github.openshift.api.machine.v1.VSphereFailureDomain": { + "description": "VSphereFailureDomain configures failure domain information for the vSphere platform", "type": "object", "required": [ - "machineResourceSelector" + "name" ], "properties": { - "machineResourceSelector": { - "description": "machineResourceSelector is a label selector that can be used to select machine resources like MachineSets.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + "name": { + "description": "name of the failure domain in which the vSphere machine provider will create the VM. Failure domains are defined in a cluster's config.openshift.io/Infrastructure resource. When balancing machines across failure domains, the control plane machine set will inject configuration from the Infrastructure resource into the machine providerSpec to allocate the machine to a failure domain.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.Perspective": { - "description": "Perspective defines a perspective that cluster admins want to show/hide in the perspective switcher dropdown", + "com.github.openshift.api.machine.v1alpha1.AdditionalBlockDevice": { + "description": "additionalBlockDevice is a block device to attach to the server.", "type": "object", "required": [ - "id", - "visibility" + "name", + "sizeGiB", + "storage" ], "properties": { - "id": { - "description": "id defines the id of the perspective. Example: \"dev\", \"admin\". The available perspective ids can be found in the code snippet section next to the yaml editor. Incorrect or unknown ids will be ignored.", + "name": { + "description": "name of the block device in the context of a machine. If the block device is a volume, the Cinder volume will be named as a combination of the machine name and this name. Also, this name will be used for tagging the block device. Information about the block device tag can be obtained from the OpenStack metadata API or the config drive.", "type": "string", "default": "" }, - "pinnedResources": { - "description": "pinnedResources defines the list of default pinned resources that users will see on the perspective navigation if they have not customized these pinned resources themselves. The list of available Kubernetes resources could be read via `kubectl api-resources`. The console will also provide a configuration UI and a YAML snippet that will list the available resources that can be pinned to the navigation. Incorrect or unknown resources will be ignored.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.PinnedResourceReference" - } + "sizeGiB": { + "description": "sizeGiB is the size of the block device in gibibytes (GiB).", + "type": "integer", + "format": "int32", + "default": 0 }, - "visibility": { - "description": "visibility defines the state of perspective along with access review checks if needed for that perspective.", + "storage": { + "description": "storage specifies the storage type of the block device and additional storage options.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.PerspectiveVisibility" + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.BlockDeviceStorage" } } }, - "com.github.openshift.api.operator.v1.PerspectiveVisibility": { - "description": "PerspectiveVisibility defines the criteria to show/hide a perspective", + "com.github.openshift.api.machine.v1alpha1.AddressPair": { + "type": "object", + "properties": { + "ipAddress": { + "type": "string" + }, + "macAddress": { + "type": "string" + } + } + }, + "com.github.openshift.api.machine.v1alpha1.BlockDeviceStorage": { + "description": "blockDeviceStorage is the storage type of a block device to create and contains additional storage options.", "type": "object", "required": [ - "state" + "type" ], "properties": { - "accessReview": { - "description": "accessReview defines required and missing access review checks.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ResourceAttributesAccessReview" - }, - "state": { - "description": "state defines the perspective is enabled or disabled or access review check is required.", + "type": { + "description": "type is the type of block device to create. This can be either \"Volume\" or \"Local\".", "type": "string", "default": "" + }, + "volume": { + "description": "volume contains additional storage options for a volume block device.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.BlockDeviceVolume" } }, "x-kubernetes-unions": [ { - "discriminator": "state", + "discriminator": "type", "fields-to-discriminateBy": { - "accessReview": "AccessReview" + "volume": "Volume" } } ] }, - "com.github.openshift.api.operator.v1.PinnedResourceReference": { - "description": "PinnedResourceReference includes the group, version and type of resource", + "com.github.openshift.api.machine.v1alpha1.BlockDeviceVolume": { + "description": "blockDeviceVolume contains additional storage options for a volume block device.", "type": "object", - "required": [ - "group", - "version", - "resource" - ], "properties": { - "group": { - "description": "group is the API Group of the Resource. Enter empty string for the core group. This value should consist of only lowercase alphanumeric characters, hyphens and periods. Example: \"\", \"apps\", \"build.openshift.io\", etc.", - "type": "string", - "default": "" - }, - "resource": { - "description": "resource is the type that is being referenced. It is normally the plural form of the resource kind in lowercase. This value should consist of only lowercase alphanumeric characters and hyphens. Example: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", - "type": "string", - "default": "" + "availabilityZone": { + "description": "availabilityZone is the volume availability zone to create the volume in. If omitted, the availability zone of the server will be used. The availability zone must NOT contain spaces otherwise it will lead to volume that belongs to this availability zone register failure, see kubernetes/cloud-provider-openstack#1379 for further information.", + "type": "string" }, - "version": { - "description": "version is the API Version of the Resource. This value should consist of only lowercase alphanumeric characters. Example: \"v1\", \"v1beta1\", etc.", - "type": "string", - "default": "" + "type": { + "description": "type is the Cinder volume type of the volume. If omitted, the default Cinder volume type that is configured in the OpenStack cloud will be used.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.PolicyAuditConfig": { + "com.github.openshift.api.machine.v1alpha1.Filter": { "type": "object", "properties": { - "destination": { - "description": "destination is the location for policy log messages. Regardless of this config, persistent logs will always be dumped to the host at /var/log/ovn/ however Additionally syslog output may be configured as follows. Valid values are: - \"libc\" -> to use the libc syslog() function of the host node's journdald process - \"udp:host:port\" -> for sending syslog over UDP - \"unix:file\" -> for using the UNIX domain socket directly - \"null\" -> to discard all messages logged to syslog The default is \"null\"", + "adminStateUp": { + "description": "Deprecated: adminStateUp is silently ignored. It has no replacement.", + "type": "boolean" + }, + "description": { + "description": "description filters networks by description.", "type": "string" }, - "maxFileSize": { - "description": "maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs Units are in MB and the Default is 50MB", - "type": "integer", - "format": "int64" + "id": { + "description": "Deprecated: use NetworkParam.uuid instead. Ignored if NetworkParam.uuid is set.", + "type": "string" }, - "maxLogFiles": { - "description": "maxLogFiles specifies the maximum number of ACL_audit log files that can be present.", + "limit": { + "description": "Deprecated: limit is silently ignored. It has no replacement.", "type": "integer", "format": "int32" }, - "rateLimit": { - "description": "rateLimit is the approximate maximum number of messages to generate per-second per-node. If unset the default of 20 msg/sec is used.", - "type": "integer", - "format": "int64" + "marker": { + "description": "Deprecated: marker is silently ignored. It has no replacement.", + "type": "string" }, - "syslogFacility": { - "description": "syslogFacility the RFC5424 facility for generated messages, e.g. \"kern\". Default is \"local0\"", + "name": { + "description": "name filters networks by name.", + "type": "string" + }, + "notTags": { + "description": "notTags filters by networks which don't match all specified tags. NOT (t1 AND t2...) Multiple tags are comma separated.", + "type": "string" + }, + "notTagsAny": { + "description": "notTagsAny filters by networks which don't match any specified tags. NOT (t1 OR t2...) Multiple tags are comma separated.", + "type": "string" + }, + "projectId": { + "description": "projectId filters networks by project ID.", + "type": "string" + }, + "shared": { + "description": "Deprecated: shared is silently ignored. It has no replacement.", + "type": "boolean" + }, + "sortDir": { + "description": "Deprecated: sortDir is silently ignored. It has no replacement.", + "type": "string" + }, + "sortKey": { + "description": "Deprecated: sortKey is silently ignored. It has no replacement.", + "type": "string" + }, + "status": { + "description": "Deprecated: status is silently ignored. It has no replacement.", + "type": "string" + }, + "tags": { + "description": "tags filters by networks containing all specified tags. Multiple tags are comma separated.", + "type": "string" + }, + "tagsAny": { + "description": "tagsAny filters by networks containing any specified tags. Multiple tags are comma separated.", + "type": "string" + }, + "tenantId": { + "description": "tenantId filters networks by tenant ID. Deprecated: use projectId instead. tenantId will be ignored if projectId is set.", "type": "string" } } }, - "com.github.openshift.api.operator.v1.PrivateStrategy": { - "description": "PrivateStrategy holds parameters for the Private endpoint publishing strategy.", + "com.github.openshift.api.machine.v1alpha1.FixedIPs": { "type": "object", + "required": [ + "subnetID" + ], "properties": { - "protocol": { - "description": "protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string. * \"TCP\". * \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change.", + "ipAddress": { + "description": "ipAddress is a specific IP address to use in the given subnet. Port creation will fail if the address is not available. If not specified, an available IP from the given subnet will be selected automatically.", "type": "string" + }, + "subnetID": { + "description": "subnetID specifies the ID of the subnet where the fixed IP will be allocated.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.ProjectAccess": { - "description": "ProjectAccess contains options for project access roles", + "com.github.openshift.api.machine.v1alpha1.NetworkParam": { "type": "object", "properties": { - "availableClusterRoles": { - "description": "availableClusterRoles is the list of ClusterRole names that are assignable to users through the project access tab.", + "filter": { + "description": "Filters for optional network query", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.Filter" + }, + "fixedIp": { + "description": "A fixed IPv4 address for the NIC. Deprecated: fixedIP is silently ignored. Use subnets instead.", + "type": "string" + }, + "noAllowedAddressPairs": { + "description": "noAllowedAddressPairs disables creation of allowed address pairs for the network ports", + "type": "boolean" + }, + "portSecurity": { + "description": "portSecurity optionally enables or disables security on ports managed by OpenStack", + "type": "boolean" + }, + "portTags": { + "description": "portTags allows users to specify a list of tags to add to ports created in a given network", "type": "array", "items": { "type": "string", "default": "" } + }, + "profile": { + "description": "A dictionary that enables the application running on the specified host to pass and receive virtual network interface (VIF) port-specific information to the plug-in.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "subnets": { + "description": "Subnet within a network to use", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.SubnetParam" + } + }, + "uuid": { + "description": "The UUID of the network. Required if you omit the port attribute.", + "type": "string" + }, + "vnicType": { + "description": "The virtual network interface card (vNIC) type that is bound to the neutron port.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.ProviderLoadBalancerParameters": { - "description": "ProviderLoadBalancerParameters holds desired load balancer information specific to the underlying infrastructure provider.", + "com.github.openshift.api.machine.v1alpha1.OpenstackProviderSpec": { + "description": "OpenstackProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an OpenStack Instance. It is used by the Openstack machine actuator to create a single machine instance. Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "type" + "cloudsSecret", + "cloudName", + "flavor", + "image" ], "properties": { - "aws": { - "description": "aws provides configuration settings that are specific to AWS load balancers.\n\nIf empty, defaults will be applied. See specific aws fields for details about their defaults.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSLoadBalancerParameters" + "additionalBlockDevices": { + "description": "additionalBlockDevices is a list of specifications for additional block devices to attach to the server instance", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.AdditionalBlockDevice" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "gcp": { - "description": "gcp provides configuration settings that are specific to GCP load balancers.\n\nIf empty, defaults will be applied. See specific gcp fields for details about their defaults.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GCPLoadBalancerParameters" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "ibm": { - "description": "ibm provides configuration settings that are specific to IBM Cloud load balancers.\n\nIf empty, defaults will be applied. See specific ibm fields for details about their defaults.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IBMLoadBalancerParameters" + "availabilityZone": { + "description": "The availability zone from which to launch the server.", + "type": "string" }, - "openstack": { - "description": "openstack provides configuration settings that are specific to OpenStack load balancers.\n\nIf empty, defaults will be applied. See specific openstack fields for details about their defaults.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenStackLoadBalancerParameters" + "cloudName": { + "description": "The name of the cloud to use from the clouds secret", + "type": "string", + "default": "" }, - "type": { - "description": "type is the underlying infrastructure provider for the load balancer. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"IBM\", \"Nutanix\", \"OpenStack\", and \"VSphere\".", + "cloudsSecret": { + "description": "The name of the secret containing the openstack credentials", + "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" + }, + "configDrive": { + "description": "Config Drive support", + "type": "boolean" + }, + "flavor": { + "description": "The flavor reference for the flavor for your server instance.", "type": "string", "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "aws": "AWS", - "gcp": "GCP", - "ibm": "IBM", - "openstack": "OpenStack" + }, + "floatingIP": { + "description": "floatingIP specifies a floating IP to be associated with the machine. Note that it is not safe to use this parameter in a MachineSet, as only one Machine may be assigned the same floating IP.\n\nDeprecated: floatingIP will be removed in a future release as it cannot be implemented correctly.", + "type": "string" + }, + "image": { + "description": "The name of the image to use for your server instance. If the RootVolume is specified, this will be ignored and use rootVolume directly.", + "type": "string", + "default": "" + }, + "keyName": { + "description": "The ssh key to inject in the instance", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "networks": { + "description": "A networks object. Required parameter when there are multiple networks defined for the tenant. When you do not specify the networks parameter, the server attaches to the only network created for the current tenant.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.NetworkParam" } - } - ] - }, - "com.github.openshift.api.operator.v1.ProxyConfig": { - "description": "ProxyConfig defines the configuration knobs for kubeproxy All of these are optional and have sensible defaults", - "type": "object", - "properties": { - "bindAddress": { - "description": "The address to \"bind\" on Defaults to 0.0.0.0", + }, + "ports": { + "description": "Create and assign additional ports to instances", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.PortOpts" + } + }, + "primarySubnet": { + "description": "The subnet that a set of machines will get ingress/egress traffic from Deprecated: primarySubnet is silently ignored. Use subnets instead.", "type": "string" }, - "iptablesSyncPeriod": { - "description": "An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted in large clusters for performance reasons, but this is no longer necessary, and there is no reason to change this from the default value. Default: 30s", + "rootVolume": { + "description": "The volume metadata to boot from", + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.RootVolume" + }, + "securityGroups": { + "description": "The names of the security groups to assign to the instance", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.SecurityGroupParam" + } + }, + "serverGroupID": { + "description": "The server group to assign the machine to.", "type": "string" }, - "proxyArguments": { - "description": "Any additional arguments to pass to the kubeproxy process", + "serverGroupName": { + "description": "The server group to assign the machine to. A server group with that name will be created if it does not exist. If both ServerGroupID and ServerGroupName are non-empty, they must refer to the same OpenStack resource.", + "type": "string" + }, + "serverMetadata": { + "description": "Metadata mapping. Allows you to create a map of key value pairs to add to the server instance.", "type": "object", "additionalProperties": { - "type": "array", - "items": { - "type": "string", - "default": "" - } + "type": "string", + "default": "" } - } - } - }, - "com.github.openshift.api.operator.v1.QuickStarts": { - "description": "QuickStarts allow cluster admins to customize available ConsoleQuickStart resources.", - "type": "object", - "properties": { - "disabled": { - "description": "disabled is a list of ConsoleQuickStart resource names that are not shown to users.", + }, + "sshUserName": { + "description": "The machine ssh username Deprecated: sshUserName is silently ignored.", + "type": "string" + }, + "tags": { + "description": "Machine tags Requires Nova api 2.52 minimum!", "type": "array", "items": { "type": "string", "default": "" } + }, + "trunk": { + "description": "Whether the server instance is created on a trunk port or not.", + "type": "boolean" + }, + "userDataSecret": { + "description": "The name of the secret containing the user data (startup script in most cases)", + "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.operator.v1.ReloadService": { - "description": "ReloadService allows the user to specify the services to be reloaded", + "com.github.openshift.api.machine.v1alpha1.PortOpts": { "type": "object", "required": [ - "serviceName" + "networkID" ], "properties": { - "serviceName": { - "description": "serviceName is the full name (e.g. crio.service) of the service to be reloaded Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.operator.v1.ResourceAttributesAccessReview": { - "description": "ResourceAttributesAccessReview defines the visibility of the perspective depending on the access review checks. `required` and `missing` can work together esp. in the case where the cluster admin wants to show another perspective to users without specific permissions. Out of `required` and `missing` atleast one property should be non-empty.", - "type": "object", - "properties": { - "missing": { - "description": "missing defines a list of permission checks. The perspective will only be shown when at least one check fails. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the required access review list.", + "adminStateUp": { + "description": "adminStateUp sets the administrative state of the created port to up (true), or down (false).", + "type": "boolean" + }, + "allowedAddressPairs": { + "description": "allowedAddressPairs specifies a set of allowed address pairs to add to the port.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.authorization.v1.ResourceAttributes" + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.AddressPair" } }, - "required": { - "description": "required defines a list of permission checks. The perspective will only be shown when all checks are successful. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the missing access review list.", + "description": { + "description": "description specifies the description of the created port.", + "type": "string" + }, + "fixedIPs": { + "description": "fixedIPs specifies a set of fixed IPs to assign to the port. They must all be valid for the port's network.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.authorization.v1.ResourceAttributes" + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.FixedIPs" } - } - } - }, - "com.github.openshift.api.operator.v1.RestartService": { - "description": "RestartService allows the user to specify the services to be restarted", - "type": "object", - "required": [ - "serviceName" - ], - "properties": { - "serviceName": { - "description": "serviceName is the full name (e.g. crio.service) of the service to be restarted Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", + }, + "hostID": { + "description": "The ID of the host where the port is allocated. Do not use this field: it cannot be used correctly. Deprecated: hostID is silently ignored. It will be removed with no replacement.", + "type": "string" + }, + "macAddress": { + "description": "macAddress specifies the MAC address of the created port.", + "type": "string" + }, + "nameSuffix": { + "description": "If nameSuffix is specified the created port will be named -. If not specified the port will be named -.", + "type": "string" + }, + "networkID": { + "description": "networkID is the ID of the network the port will be created in. It is required.", "type": "string", "default": "" + }, + "portSecurity": { + "description": "enable or disable security on a given port incompatible with securityGroups and allowedAddressPairs", + "type": "boolean" + }, + "profile": { + "description": "A dictionary that enables the application running on the specified host to pass and receive virtual network interface (VIF) port-specific information to the plug-in.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "projectID": { + "description": "projectID specifies the project ID of the created port. Note that this requires OpenShift to have administrative permissions, which is typically not the case. Use of this field is not recommended. Deprecated: projectID is silently ignored.", + "type": "string" + }, + "securityGroups": { + "description": "securityGroups specifies a set of security group UUIDs to use instead of the machine's default security groups. The default security groups will be used if this is left empty or not specified.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "tags": { + "description": "tags species a set of tags to add to the port.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "tenantID": { + "description": "tenantID specifies the tenant ID of the created port. Note that this requires OpenShift to have administrative permissions, which is typically not the case. Use of this field is not recommended. Deprecated: tenantID is silently ignored.", + "type": "string" + }, + "trunk": { + "description": "Enables and disables trunk at port level. If not provided, openStackMachine.Spec.Trunk is inherited.", + "type": "boolean" + }, + "vnicType": { + "description": "The virtual network interface card (vNIC) type that is bound to the neutron port.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.RouteAdmissionPolicy": { - "description": "RouteAdmissionPolicy is an admission policy for allowing new route claims.", + "com.github.openshift.api.machine.v1alpha1.RootVolume": { "type": "object", "properties": { - "namespaceOwnership": { - "description": "namespaceOwnership describes how host name claims across namespaces should be handled.\n\nValue must be one of:\n\n- Strict: Do not allow routes in different namespaces to claim the same host.\n\n- InterNamespaceAllowed: Allow routes to claim different paths of the same\n host name across namespaces.\n\nIf empty, the default is Strict.", + "availabilityZone": { + "description": "availabilityZone specifies the Cinder availability where the root volume will be created.", "type": "string" }, - "wildcardPolicy": { - "description": "wildcardPolicy describes how routes with wildcard policies should be handled for the ingress controller. WildcardPolicy controls use of routes [1] exposed by the ingress controller based on the route's wildcard policy.\n\n[1] https://github.com/openshift/api/blob/master/route/v1/types.go\n\nNote: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed will cause admitted routes with a wildcard policy of Subdomain to stop working. These routes must be updated to a wildcard policy of None to be readmitted by the ingress controller.\n\nWildcardPolicy supports WildcardsAllowed and WildcardsDisallowed values.\n\nIf empty, defaults to \"WildcardsDisallowed\".", + "deviceType": { + "description": "Deprecated: deviceType will be silently ignored. There is no replacement.", + "type": "string" + }, + "diskSize": { + "description": "diskSize specifies the size, in GiB, of the created root volume.", + "type": "integer", + "format": "int32" + }, + "sourceType": { + "description": "Deprecated: sourceType will be silently ignored. There is no replacement.", + "type": "string" + }, + "sourceUUID": { + "description": "sourceUUID specifies the UUID of a glance image used to populate the root volume. Deprecated: set image in the platform spec instead. This will be ignored if image is set in the platform spec.", + "type": "string" + }, + "volumeType": { + "description": "volumeType specifies a volume type to use when creating the root volume. If not specified the default volume type will be used.", "type": "string" } } }, - "com.github.openshift.api.operator.v1.SFlowConfig": { + "com.github.openshift.api.machine.v1alpha1.SecurityGroupFilter": { "type": "object", "properties": { - "collectors": { - "description": "sFlowCollectors is list of strings formatted as ip:port with a maximum of ten items", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "description": { + "description": "description filters security groups by description.", + "type": "string" + }, + "id": { + "description": "id specifies the ID of a security group to use. If set, id will not be validated before use. An invalid id will result in failure to create a server with an appropriate error message.", + "type": "string" + }, + "limit": { + "description": "Deprecated: limit is silently ignored. It has no replacement.", + "type": "integer", + "format": "int32" + }, + "marker": { + "description": "Deprecated: marker is silently ignored. It has no replacement.", + "type": "string" + }, + "name": { + "description": "name filters security groups by name.", + "type": "string" + }, + "notTags": { + "description": "notTags filters by security groups which don't match all specified tags. NOT (t1 AND t2...) Multiple tags are comma separated.", + "type": "string" + }, + "notTagsAny": { + "description": "notTagsAny filters by security groups which don't match any specified tags. NOT (t1 OR t2...) Multiple tags are comma separated.", + "type": "string" + }, + "projectId": { + "description": "projectId filters security groups by project ID.", + "type": "string" + }, + "sortDir": { + "description": "Deprecated: sortDir is silently ignored. It has no replacement.", + "type": "string" + }, + "sortKey": { + "description": "Deprecated: sortKey is silently ignored. It has no replacement.", + "type": "string" + }, + "tags": { + "description": "tags filters by security groups containing all specified tags. Multiple tags are comma separated.", + "type": "string" + }, + "tagsAny": { + "description": "tagsAny filters by security groups containing any specified tags. Multiple tags are comma separated.", + "type": "string" + }, + "tenantId": { + "description": "tenantId filters security groups by tenant ID. Deprecated: use projectId instead. tenantId will be ignored if projectId is set.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.Server": { - "description": "Server defines the schema for a server that runs per instance of CoreDNS.", + "com.github.openshift.api.machine.v1alpha1.SecurityGroupParam": { "type": "object", - "required": [ - "name", - "zones", - "forwardPlugin" - ], "properties": { - "forwardPlugin": { - "description": "forwardPlugin defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers.", + "filter": { + "description": "Filters used to query security groups in openstack", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ForwardPlugin" + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.SecurityGroupFilter" }, "name": { - "description": "name is required and specifies a unique name for the server. Name must comply with the Service Name Syntax of rfc6335.", - "type": "string", - "default": "" + "description": "Security Group name", + "type": "string" }, - "zones": { - "description": "zones is required and specifies the subdomains that Server is authoritative for. Zones must conform to the rfc1123 definition of a subdomain. Specifying the cluster domain (i.e., \"cluster.local\") is invalid.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "uuid": { + "description": "Security Group UUID", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.ServiceAccountIssuerStatus": { + "com.github.openshift.api.machine.v1alpha1.SubnetFilter": { "type": "object", - "required": [ - "name" - ], "properties": { - "expirationTime": { - "description": "expirationTime is the time after which this service account issuer will be pruned and removed from the trusted list of service account issuers.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "cidr": { + "description": "cidr filters subnets by CIDR.", + "type": "string" + }, + "description": { + "description": "description filters subnets by description.", + "type": "string" + }, + "enableDhcp": { + "description": "Deprecated: enableDhcp is silently ignored. It has no replacement.", + "type": "boolean" + }, + "gateway_ip": { + "description": "gateway_ip filters subnets by gateway IP.", + "type": "string" + }, + "id": { + "description": "id is the uuid of a specific subnet to use. If specified, id will not be validated. Instead server creation will fail with an appropriate error.", + "type": "string" + }, + "ipVersion": { + "description": "ipVersion filters subnets by IP version.", + "type": "integer", + "format": "int32" + }, + "ipv6AddressMode": { + "description": "ipv6AddressMode filters subnets by IPv6 address mode.", + "type": "string" + }, + "ipv6RaMode": { + "description": "ipv6RaMode filters subnets by IPv6 router adversiement mode.", + "type": "string" + }, + "limit": { + "description": "Deprecated: limit is silently ignored. It has no replacement.", + "type": "integer", + "format": "int32" + }, + "marker": { + "description": "Deprecated: marker is silently ignored. It has no replacement.", + "type": "string" + }, + "name": { + "description": "name filters subnets by name.", + "type": "string" + }, + "networkId": { + "description": "Deprecated: networkId is silently ignored. Set uuid on the containing network definition instead.", + "type": "string" + }, + "notTags": { + "description": "notTags filters by subnets which don't match all specified tags. NOT (t1 AND t2...) Multiple tags are comma separated.", + "type": "string" + }, + "notTagsAny": { + "description": "notTagsAny filters by subnets which don't match any specified tags. NOT (t1 OR t2...) Multiple tags are comma separated.", + "type": "string" }, - "name": { - "description": "name is the name of the service account issuer", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.operator.v1.ServiceCA": { - "description": "ServiceCA provides information to configure an operator to manage the service cert controllers\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "metadata", - "spec" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "projectId": { + "description": "projectId filters subnets by project ID.", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "sortDir": { + "description": "Deprecated: sortDir is silently ignored. It has no replacement.", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "sortKey": { + "description": "Deprecated: sortKey is silently ignored. It has no replacement.", + "type": "string" }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCASpec" + "subnetpoolId": { + "description": "subnetpoolId filters subnets by subnet pool ID. Deprecated: subnetpoolId is silently ignored.", + "type": "string" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCAStatus" + "tags": { + "description": "tags filters by subnets containing all specified tags. Multiple tags are comma separated.", + "type": "string" + }, + "tagsAny": { + "description": "tagsAny filters by subnets containing any specified tags. Multiple tags are comma separated.", + "type": "string" + }, + "tenantId": { + "description": "tenantId filters subnets by tenant ID. Deprecated: use projectId instead. tenantId will be ignored if projectId is set.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.ServiceCAList": { - "description": "ServiceCAList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1alpha1.SubnetParam": { "type": "object", - "required": [ - "metadata", - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "filter": { + "description": "Filters for optional network query", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1alpha1.SubnetFilter" }, - "items": { - "description": "items contains the items", + "portSecurity": { + "description": "portSecurity optionally enables or disables security on ports managed by OpenStack Deprecated: portSecurity is silently ignored. Set portSecurity on the parent network instead.", + "type": "boolean" + }, + "portTags": { + "description": "portTags are tags that are added to ports created on this subnet", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCA" + "type": "string", + "default": "" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "uuid": { + "description": "The UUID of the network. Required if you omit the port attribute.", "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1.ServiceCASpec": { + "com.github.openshift.api.machine.v1beta1.AWSMachineProviderConfig": { + "description": "AWSMachineProviderConfig is the Schema for the awsmachineproviderconfigs API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "managementState" + "ami", + "instanceType", + "deviceIndex", + "subnet", + "placement" ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "type": "string", - "default": "" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "ami": { + "description": "ami is the reference to the AMI from which to create the machine instance.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AWSResourceReference" }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - } - } - }, - "com.github.openshift.api.operator.v1.ServiceCAStatus": { - "type": "object", - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", + "blockDevices": { + "description": "blockDevices is the set of block device mapping associated to this instance, block device without a name will be used as a root device and only one device without a name is allowed https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.BlockDeviceMappingSpec" + } }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" + "capacityReservationId": { + "description": "capacityReservationId specifies the target Capacity Reservation into which the instance should be launched. The field size should be greater than 0 and the field input must start with cr-***", + "type": "string", + "default": "" }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" + "cpuOptions": { + "description": "cpuOptions defines CPU-related settings for the instance, including the confidential computing policy. When omitted, this means no opinion and the AWS platform is left to choose a reasonable default. More info: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CpuOptionsRequest.html, https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cpu-options-supported-instances-values.html", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.CPUOptions" }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" + "credentialsSecret": { + "description": "credentialsSecret is a reference to the secret with AWS credentials. Otherwise, defaults to permissions provided by attached IAM role where the actuator is running.", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "deviceIndex": { + "description": "deviceIndex is the index of the device on the instance for the network interface attachment. Defaults to 0.", "type": "integer", - "format": "int32", + "format": "int64", "default": 0 }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" - } - } - }, - "com.github.openshift.api.operator.v1.ServiceCatalogAPIServer": { - "description": "ServiceCatalogAPIServer provides information to configure an operator to manage Service Catalog API Server DEPRECATED: will be removed in 4.6\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "spec" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "iamInstanceProfile": { + "description": "iamInstanceProfile is a reference to an IAM role to assign to the instance", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AWSResourceReference" + }, + "instanceType": { + "description": "instanceType is the type of instance to create. Example: m4.xlarge", + "type": "string", + "default": "" + }, + "keyName": { + "description": "keyName is the name of the KeyPair to use for SSH", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, + "loadBalancers": { + "description": "loadBalancers is the set of load balancers to which the new instance should be added once it is created.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.LoadBalancerReference" + } + }, + "marketType": { + "description": "marketType specifies the type of market for the EC2 instance. Valid values are OnDemand, Spot, CapacityBlock and omitted.\n\nDefaults to OnDemand. When SpotMarketOptions is provided, the marketType defaults to \"Spot\".\n\nWhen set to OnDemand the instance runs as a standard OnDemand instance. When set to Spot the instance runs as a Spot instance. When set to CapacityBlock the instance utilizes pre-purchased compute capacity (capacity blocks) with AWS Capacity Reservations. If this value is selected, capacityReservationID must be specified to identify the target reservation.", + "type": "string" + }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "spec": { + "metadataServiceOptions": { + "description": "metadataServiceOptions allows users to configure instance metadata service interaction options. If nothing specified, default AWS IMDS settings will be applied. https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_InstanceMetadataOptionsRequest.html", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCatalogAPIServerSpec" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MetadataServiceOptions" }, - "status": { + "networkInterfaceType": { + "description": "networkInterfaceType specifies the type of network interface to be used for the primary network interface. Valid values are \"ENA\", \"EFA\", and omitted, which means no opinion and the platform chooses a good default which may change over time. The current default value is \"ENA\". Please visit https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html to learn more about the AWS Elastic Fabric Adapter interface option.", + "type": "string" + }, + "placement": { + "description": "placement specifies where to create the instance in AWS", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCatalogAPIServerStatus" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Placement" + }, + "placementGroupName": { + "description": "placementGroupName specifies the name of the placement group in which to launch the instance. The placement group must already be created and may use any placement strategy. When omitted, no placement group is used when creating the EC2 instance.", + "type": "string" + }, + "placementGroupPartition": { + "description": "placementGroupPartition is the partition number within the placement group in which to launch the instance. This must be an integer value between 1 and 7. It is only valid if the placement group, referred in `PlacementGroupName` was created with strategy set to partition.", + "type": "integer", + "format": "int32" + }, + "publicIp": { + "description": "publicIp specifies whether the instance should get a public IP. If not present, it should use the default of its subnet.", + "type": "boolean" + }, + "securityGroups": { + "description": "securityGroups is an array of references to security groups that should be applied to the instance.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AWSResourceReference" + } + }, + "spotMarketOptions": { + "description": "spotMarketOptions allows users to configure instances to be run using AWS Spot instances.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.SpotMarketOptions" + }, + "subnet": { + "description": "subnet is a reference to the subnet to use for this instance", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AWSResourceReference" + }, + "tags": { + "description": "tags is the set of tags to add to apply to an instance, in addition to the ones added by default by the actuator. These tags are additive. The actuator will ensure these tags are present, but will not remove any other tags that may exist on the instance.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.TagSpecification" + } + }, + "userDataSecret": { + "description": "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" } } }, - "com.github.openshift.api.operator.v1.ServiceCatalogAPIServerList": { - "description": "ServiceCatalogAPIServerList is a collection of items DEPRECATED: will be removed in 4.6\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1beta1.AWSMachineProviderConfigList": { + "description": "AWSMachineProviderConfigList contains a list of AWSMachineProviderConfig Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -35108,11 +35979,10 @@ "type": "string" }, "items": { - "description": "items contains the items", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCatalogAPIServer" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AWSMachineProviderConfig" } }, "kind": { @@ -35120,1392 +35990,1212 @@ "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.operator.v1.ServiceCatalogAPIServerSpec": { + "com.github.openshift.api.machine.v1beta1.AWSMachineProviderStatus": { + "description": "AWSMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains AWS-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "managementState" - ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "type": "string", - "default": "" - }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - } - } - }, - "com.github.openshift.api.operator.v1.ServiceCatalogAPIServerStatus": { - "type": "object", - "properties": { "conditions": { - "description": "conditions is a list of conditions and their status", + "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" }, "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "dedicatedHost": { + "description": "dedicatedHost tracks the dynamically allocated dedicated host. This field is populated when allocationStrategy is Dynamic (with or without DynamicHostAllocation). When omitted, this indicates that the dedicated host has not yet been allocated, or allocation is in progress.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DedicatedHostStatus" }, - "version": { - "description": "version is the level this availability applies to", + "instanceId": { + "description": "instanceId is the instance ID of the machine created in AWS", "type": "string" - } - } - }, - "com.github.openshift.api.operator.v1.ServiceCatalogControllerManager": { - "description": "ServiceCatalogControllerManager provides information to configure an operator to manage Service Catalog Controller Manager DEPRECATED: will be removed in 4.6\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "metadata", - "spec" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + }, + "instanceState": { + "description": "instanceState is the state of the AWS instance for this machine", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerSpec" - }, - "status": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerStatus" } } }, - "com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerList": { - "description": "ServiceCatalogControllerManagerList is a collection of items DEPRECATED: will be removed in 4.6\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1beta1.AWSResourceReference": { + "description": "AWSResourceReference is a reference to a specific AWS resource by ID, ARN, or filters. Only one of ID, ARN or Filters may be specified. Specifying more than one will result in a validation error.", "type": "object", - "required": [ - "metadata", - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "arn": { + "description": "arn of resource", "type": "string" }, - "items": { - "description": "items contains the items", + "filters": { + "description": "filters is a set of filters used to identify a resource", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCatalogControllerManager" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Filter" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "id": { + "description": "id of resource", "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerSpec": { + "com.github.openshift.api.machine.v1beta1.AddressesFromPool": { + "description": "AddressesFromPool is an IPAddressPool that will be used to create IPAddressClaims for fulfillment by an external controller.", "type": "object", "required": [ - "managementState" + "group", + "resource", + "name" ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "group": { + "description": "group of the IP address pool type known to an external IPAM controller. This should be a fully qualified domain name, for example, externalipam.controller.io.", "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "name": { + "description": "name of an IP address pool, for example, pool-config-1.", + "type": "string", + "default": "" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "resource": { + "description": "resource of the IP address pool type known to an external IPAM controller. It is normally the plural form of the resource kind in lowercase, for example, ippools.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerStatus": { + "com.github.openshift.api.machine.v1beta1.AzureBootDiagnostics": { + "description": "AzureBootDiagnostics configures the boot diagnostics settings for the virtual machine. This allows you to configure capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", "type": "object", + "required": [ + "storageAccountType" + ], "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "customerManaged": { + "description": "customerManaged provides reference to the customer manager storage account.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AzureCustomerManagedBootDiagnostics" }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + "storageAccountType": { + "description": "storageAccountType determines if the storage account for storing the diagnostics data should be provisioned by Azure (AzureManaged) or by the customer (CustomerManaged).", + "type": "string", + "default": "" } - } - }, - "com.github.openshift.api.operator.v1.SimpleMacvlanConfig": { - "description": "SimpleMacvlanConfig contains configurations for macvlan interface.", - "type": "object", - "properties": { - "ipamConfig": { - "description": "ipamConfig configures IPAM module will be used for IP Address Management (IPAM).", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPAMConfig" - }, - "master": { - "description": "master is the host interface to create the macvlan interface from. If not specified, it will be default route interface", - "type": "string" - }, - "mode": { - "description": "mode is the macvlan mode: bridge, private, vepa, passthru. The default is bridge", - "type": "string" - }, - "mtu": { - "description": "mtu is the mtu to use for the macvlan interface. if unset, host's kernel will select the value.", - "type": "integer", - "format": "int64" + }, + "x-kubernetes-unions": [ + { + "discriminator": "storageAccountType", + "fields-to-discriminateBy": { + "customerManaged": "CustomerManaged" + } } - } + ] }, - "com.github.openshift.api.operator.v1.StaticIPAMAddresses": { - "description": "StaticIPAMAddresses provides IP address and Gateway for static IPAM addresses", + "com.github.openshift.api.machine.v1beta1.AzureCustomerManagedBootDiagnostics": { + "description": "AzureCustomerManagedBootDiagnostics provides reference to a customer managed storage account.", "type": "object", + "required": [ + "storageAccountURI" + ], "properties": { - "address": { - "description": "address is the IP address in CIDR format", + "storageAccountURI": { + "description": "storageAccountURI is the URI of the customer managed storage account. The URI typically will be `https://.blob.core.windows.net/` but may differ if you are using Azure DNS zone endpoints. You can find the correct endpoint by looking for the Blob Primary Endpoint in the endpoints tab in the Azure console.", "type": "string", "default": "" - }, - "gateway": { - "description": "gateway is IP inside of subnet to designate as the gateway", - "type": "string" } } }, - "com.github.openshift.api.operator.v1.StaticIPAMConfig": { - "description": "StaticIPAMConfig contains configurations for static IPAM (IP Address Management)", + "com.github.openshift.api.machine.v1beta1.AzureDiagnostics": { + "description": "AzureDiagnostics is used to configure the diagnostic settings of the virtual machine.", "type": "object", "properties": { - "addresses": { - "description": "addresses configures IP address for the interface", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.StaticIPAMAddresses" - }, - "x-kubernetes-list-type": "atomic" - }, - "dns": { - "description": "dns configures DNS for the interface", - "$ref": "#/definitions/com.github.openshift.api.operator.v1.StaticIPAMDNS" - }, - "routes": { - "description": "routes configures IP routes for the interface", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.StaticIPAMRoutes" - }, - "x-kubernetes-list-type": "atomic" + "boot": { + "description": "AzureBootDiagnostics configures the boot diagnostics settings for the virtual machine. This allows you to configure capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AzureBootDiagnostics" } } }, - "com.github.openshift.api.operator.v1.StaticIPAMDNS": { - "description": "StaticIPAMDNS provides DNS related information for static IPAM", + "com.github.openshift.api.machine.v1beta1.AzureMachineProviderSpec": { + "description": "AzureMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an Azure virtual machine. It is used by the Azure machine actuator to create a single Machine. Required parameters such as location that are not specified by this configuration, will be defaulted by the actuator. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "image", + "osDisk", + "publicIP", + "subnet" + ], "properties": { - "domain": { - "description": "domain configures the domainname the local domain used for short hostname lookups", + "acceleratedNetworking": { + "description": "acceleratedNetworking enables or disables Azure accelerated networking feature. Set to false by default. If true, then this will depend on whether the requested VMSize is supported. If set to true with an unsupported VMSize, Azure will return an error.", + "type": "boolean" + }, + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "nameservers": { - "description": "nameservers points DNS servers for IP lookup", + "applicationSecurityGroups": { + "description": "Application Security Groups that need to be attached to the machine's interface. No application security groups will be attached if zero-length.", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } }, - "search": { - "description": "search configures priority ordered search domains for short hostname lookups", + "availabilitySet": { + "description": "availabilitySet specifies the availability set to use for this instance. Availability set should be precreated, before using this field.", + "type": "string" + }, + "capacityReservationGroupID": { + "description": "capacityReservationGroupID specifies the capacity reservation group resource id that should be used for allocating the virtual machine. The field size should be greater than 0 and the field input must start with '/'. The input for capacityReservationGroupID must be similar to '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/capacityReservationGroups/{capacityReservationGroupName}'. The keys which are used should be among 'subscriptions', 'providers' and 'resourcegroups' followed by valid ID or names respectively.", + "type": "string" + }, + "credentialsSecret": { + "description": "credentialsSecret is a reference to the secret with Azure credentials.", + "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" + }, + "dataDisks": { + "description": "DataDisk specifies the parameters that are used to add one or more data disks to the machine.", "type": "array", "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "com.github.openshift.api.operator.v1.StaticIPAMRoutes": { - "description": "StaticIPAMRoutes provides Destination/Gateway pairs for static IPAM routes", - "type": "object", - "required": [ - "destination" - ], - "properties": { - "destination": { - "description": "destination points the IP route destination", - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DataDisk" + } }, - "gateway": { - "description": "gateway is the route's next-hop IP address If unset, a default gateway is assumed (as determined by the CNI plugin).", + "diagnostics": { + "description": "diagnostics configures the diagnostics settings for the virtual machine. This allows you to configure boot diagnostics such as capturing serial output from the virtual machine on boot. This is useful for debugging software based launch issues.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AzureDiagnostics" + }, + "image": { + "description": "image is the OS image to use to create the instance.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Image" + }, + "internalLoadBalancer": { + "description": "InternalLoadBalancerName to use for this instance", "type": "string" - } - } - }, - "com.github.openshift.api.operator.v1.StaticPodOperatorSpec": { - "description": "StaticPodOperatorSpec is spec for controllers that manage static pods.", - "type": "object", - "required": [ - "managementState", - "forceRedeploymentReason" - ], - "properties": { - "failedRevisionLimit": { - "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "location": { + "description": "location is the region to use to create the instance", + "type": "string" + }, + "managedIdentity": { + "description": "managedIdentity to set managed identity name", + "type": "string" + }, + "metadata": { + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "natRule": { + "description": "natRule to set inbound NAT rule of the load balancer", "type": "integer", - "format": "int32" + "format": "int64" }, - "forceRedeploymentReason": { - "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.", - "type": "string", - "default": "" + "networkResourceGroup": { + "description": "networkResourceGroup is the resource group for the virtual machine's network", + "type": "string" }, - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "osDisk": { + "description": "osDisk represents the parameters for creating the OS disk.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.OSDisk" + }, + "publicIP": { + "description": "publicIP if true a public IP will be used", + "type": "boolean", + "default": false + }, + "publicLoadBalancer": { + "description": "publicLoadBalancer to use for this instance", "type": "string" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "resourceGroup": { + "description": "resourceGroup is the resource group for the virtual machine", + "type": "string" + }, + "securityGroup": { + "description": "Network Security Group that needs to be attached to the machine's interface. No security group will be attached if empty.", + "type": "string" + }, + "securityProfile": { + "description": "securityProfile specifies the Security profile settings for a virtual machine.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.SecurityProfile" + }, + "spotVMOptions": { + "description": "spotVMOptions allows the ability to specify the Machine should use a Spot VM", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.SpotVMOptions" + }, + "sshPublicKey": { + "description": "sshPublicKey is the public key to use to SSH to the virtual machine.", + "type": "string" + }, + "subnet": { + "description": "subnet to use for this instance", "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "tags": { + "description": "tags is a list of tags to apply to the machine.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "ultraSSDCapability": { + "description": "ultraSSDCapability enables or disables Azure UltraSSD capability for a virtual machine. This can be used to allow/disallow binding of Azure UltraSSD to the Machine both as Data Disks or via Persistent Volumes. This Azure feature is subject to a specific scope and certain limitations. More informations on this can be found in the official Azure documentation for Ultra Disks: (https://docs.microsoft.com/en-us/azure/virtual-machines/disks-enable-ultra-ssd?tabs=azure-portal#ga-scope-and-limitations).\n\nWhen omitted, if at least one Data Disk of type UltraSSD is specified, the platform will automatically enable the capability. If a Perisistent Volume backed by an UltraSSD is bound to a Pod on the Machine, when this field is ommitted, the platform will *not* automatically enable the capability (unless already enabled by the presence of an UltraSSD as Data Disk). This may manifest in the Pod being stuck in `ContainerCreating` phase. This defaulting behaviour may be subject to change in future.\n\nWhen set to \"Enabled\", if the capability is available for the Machine based on the scope and limitations described above, the capability will be set on the Machine. This will thus allow UltraSSD both as Data Disks and Persistent Volumes. If set to \"Enabled\" when the capability can't be available due to scope and limitations, the Machine will go into \"Failed\" state.\n\nWhen set to \"Disabled\", UltraSSDs will not be allowed either as Data Disks nor as Persistent Volumes. In this case if any UltraSSDs are specified as Data Disks on a Machine, the Machine will go into a \"Failed\" state. If instead any UltraSSDs are backing the volumes (via Persistent Volumes) of any Pods scheduled on a Node which is backed by the Machine, the Pod may get stuck in `ContainerCreating` phase.", "type": "string" }, - "succeededRevisionLimit": { - "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", - "type": "integer", - "format": "int32" + "userDataSecret": { + "description": "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", + "$ref": "#/definitions/SecretReference.v1.core.api.k8s.io" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "vmSize": { + "description": "vmSize is the size of the VM to create.", + "type": "string" + }, + "vnet": { + "description": "vnet to set virtual network name", + "type": "string" + }, + "zone": { + "description": "Availability Zone for the virtual machine. If nil, the virtual machine should be deployed to no zone", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.StaticPodOperatorStatus": { - "description": "StaticPodOperatorStatus is status for controllers that manage static pods. There are different needs because individual node status must be tracked.", + "com.github.openshift.api.machine.v1beta1.AzureMachineProviderStatus": { + "description": "AzureMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains Azure-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, "conditions": { - "description": "conditions is a list of conditions and their status", + "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" }, "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" + "metadata": { + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "latestAvailableRevisionReason": { - "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", + "vmId": { + "description": "vmId is the ID of the virtual machine created in Azure.", "type": "string" }, - "nodeStatuses": { - "description": "nodeStatuses track the deployment values and errors across individual nodes", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeStatus" - }, - "x-kubernetes-list-map-keys": [ - "nodeName" - ], - "x-kubernetes-list-type": "map" + "vmState": { + "description": "vmState is the provisioning state of the Azure virtual machine.", + "type": "string" + } + } + }, + "com.github.openshift.api.machine.v1beta1.BlockDeviceMappingSpec": { + "description": "BlockDeviceMappingSpec describes a block device mapping", + "type": "object", + "properties": { + "deviceName": { + "description": "The device name exposed to the machine (for example, /dev/sdh or xvdh).", + "type": "string" }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" + "ebs": { + "description": "Parameters used to automatically set up EBS volumes when the machine is launched.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.EBSBlockDeviceSpec" }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "noDevice": { + "description": "Suppresses the specified device included in the block device mapping of the AMI.", + "type": "string" }, - "version": { - "description": "version is the level this availability applies to", + "virtualName": { + "description": "The virtual device name (ephemeralN). Machine store volumes are numbered starting from 0. An machine type with 2 available machine store volumes can specify mappings for ephemeral0 and ephemeral1.The number of available machine store volumes depends on the machine type. After you connect to the machine, you must mount the volume.\n\nConstraints: For M3 machines, you must specify machine store volumes in the block device mapping for the machine. When you launch an M3 machine, we ignore any machine store volumes specified in the block device mapping for the AMI.", "type": "string" } } }, - "com.github.openshift.api.operator.v1.StatuspageProvider": { - "description": "StatuspageProvider provides identity for statuspage account.", + "com.github.openshift.api.machine.v1beta1.CPUOptions": { + "description": "CPUOptions defines CPU-related settings for the instance, including the confidential computing policy. If provided, it must not be empty — at least one field must be set.", "type": "object", - "required": [ - "pageID" - ], "properties": { - "pageID": { - "description": "pageID is the unique ID assigned by Statuspage for your page. This must be a public page.", - "type": "string", - "default": "" + "confidentialCompute": { + "description": "confidentialCompute specifies whether confidential computing should be enabled for the instance, and, if so, which confidential computing technology to use. Valid values are: Disabled, AMDEncryptedVirtualizationNestedPaging and omitted. When set to Disabled, confidential computing will be disabled for the instance. When set to AMDEncryptedVirtualizationNestedPaging, AMD SEV-SNP will be used as the confidential computing technology for the instance. In this case, ensure the following conditions are met: 1) The selected instance type supports AMD SEV-SNP. 2) The selected AWS region supports AMD SEV-SNP. 3) The selected AMI supports AMD SEV-SNP. More details can be checked at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html When omitted, this means no opinion and the AWS platform is left to choose a reasonable default, which is subject to change without notice. The current default is Disabled.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.Storage": { - "description": "Storage provides a means to configure an operator to manage the cluster storage operator. `cluster` is the canonical name.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1beta1.Condition": { + "description": "Condition defines an observation of a Machine API resource operational state.", "type": "object", "required": [ - "spec" + "type", + "status", + "lastTransitionTime" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "message": { + "description": "A human readable message indicating details about the transition. This field may be empty.", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "reason": { + "description": "The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty.", + "type": "string" }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.StorageSpec" + "severity": { + "description": "severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False.", + "type": "string" }, "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.StorageStatus" + "description": "status of the condition, one of True, False, Unknown.", + "type": "string", + "default": "" + }, + "type": { + "description": "type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1.StorageList": { - "description": "StorageList contains a list of Storages.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1beta1.ConfidentialVM": { + "description": "ConfidentialVM defines the UEFI settings for the virtual machine.", "type": "object", "required": [ - "items" + "uefiSettings" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Storage" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "uefiSettings": { + "description": "uefiSettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.UEFISettings" } } }, - "com.github.openshift.api.operator.v1.StorageSpec": { - "description": "StorageSpec is the specification of the desired behavior of the cluster storage operator.", + "com.github.openshift.api.machine.v1beta1.DataDisk": { + "description": "DataDisk specifies the parameters that are used to add one or more data disks to the machine. A Data Disk is a managed disk that's attached to a virtual machine to store application data. It differs from an OS Disk as it doesn't come with a pre-installed OS, and it cannot contain the boot volume. It is registered as SCSI drive and labeled with the chosen `lun`. e.g. for `lun: 0` the raw disk device will be available at `/dev/disk/azure/scsi1/lun0`.\n\nAs the Data Disk disk device is attached raw to the virtual machine, it will need to be partitioned, formatted with a filesystem and mounted, in order for it to be usable. This can be done by creating a custom userdata Secret with custom Ignition configuration to achieve the desired initialization. At this stage the previously defined `lun` is to be used as the \"device\" key for referencing the raw disk device to be initialized. Once the custom userdata Secret has been created, it can be referenced in the Machine's `.providerSpec.userDataSecret`. For further guidance and examples, please refer to the official OpenShift docs.", "type": "object", "required": [ - "managementState" + "nameSuffix", + "diskSizeGB", + "lun", + "deletionPolicy" ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "cachingType": { + "description": "cachingType specifies the caching requirements. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is CachingTypeNone.", "type": "string" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "deletionPolicy": { + "description": "deletionPolicy specifies the data disk deletion policy upon Machine deletion. Possible values are \"Delete\",\"Detach\". When \"Delete\" is used the data disk is deleted when the Machine is deleted. When \"Detach\" is used the data disk is detached from the Machine and retained when the Machine is deleted.", "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "diskSizeGB": { + "description": "diskSizeGB is the size in GB to assign to the data disk.", + "type": "integer", + "format": "int32", + "default": 0 }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "lun": { + "description": "lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. This value is also needed for referencing the data disks devices within userdata to perform disk initialization through Ignition (e.g. partition/format/mount). The value must be between 0 and 63.", + "type": "integer", + "format": "int32", + "default": 0 }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "managedDisk": { + "description": "managedDisk specifies the Managed Disk parameters for the data disk. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is a ManagedDisk with with storageAccountType: \"Premium_LRS\" and diskEncryptionSet.id: \"Default\".", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DataDiskManagedDiskParameters" }, - "vsphereStorageDriver": { - "description": "vsphereStorageDriver indicates the storage driver to use on VSphere clusters. Once this field is set to CSIWithMigrationDriver, it can not be changed. If this is empty, the platform will choose a good default, which may change over time without notice. The current default is CSIWithMigrationDriver and may not be changed. DEPRECATED: This field will be removed in a future release.", + "nameSuffix": { + "description": "nameSuffix is the suffix to be appended to the machine name to generate the disk name. Each disk name will be in format _. NameSuffix name must start and finish with an alphanumeric character and can only contain letters, numbers, underscores, periods or hyphens. The overall disk name must not exceed 80 chars in length.", "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1.StorageStatus": { - "description": "StorageStatus defines the observed status of the cluster storage operator.", + "com.github.openshift.api.machine.v1beta1.DataDiskManagedDiskParameters": { + "description": "DataDiskManagedDiskParameters is the parameters of a DataDisk managed disk.", "type": "object", + "required": [ + "storageAccountType" + ], "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" + "diskEncryptionSet": { + "description": "diskEncryptionSet is the disk encryption set properties. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is a DiskEncryptionSet with id: \"Default\".", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DiskEncryptionSetParameters" }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" + "storageAccountType": { + "description": "storageAccountType is the storage account type to use. Possible values include \"Standard_LRS\", \"Premium_LRS\" and \"UltraSSD_LRS\".", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.machine.v1beta1.DedicatedHost": { + "description": "DedicatedHost represents the configuration for the usage of dedicated host.", + "type": "object", + "properties": { + "allocationStrategy": { + "description": "allocationStrategy specifies if the dedicated host will be provided by the admin through the id field or if the host will be dynamically allocated. Valid values are UserProvided and Dynamic. When omitted, the value defaults to \"UserProvided\", which requires the id field to be set. When allocationStrategy is set to UserProvided, an ID of the dedicated host to assign must be provided. When allocationStrategy is set to Dynamic, a dedicated host will be allocated and used to assign instances. When allocationStrategy is set to Dynamic, and dynamicHostAllocation is configured, a dedicated host will be allocated and the tags in dynamicHostAllocation will be assigned to that host.\n\nPossible enum values:\n - `\"Dynamic\"` specifies that the system should dynamically allocate a dedicated host for instances.\n - `\"UserProvided\"` specifies that the system should assign instances to a user-provided dedicated host.", + "type": "string", + "default": "UserProvided", + "enum": [ + "Dynamic", + "UserProvided" + ] }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 + "dynamicHostAllocation": { + "description": "dynamicHostAllocation specifies tags to apply to a dynamically allocated dedicated host. This field is only allowed when allocationStrategy is Dynamic, and is mutually exclusive with id. When specified, a dedicated host will be allocated with the provided tags applied. When omitted (and allocationStrategy is Dynamic), a dedicated host will be allocated without any additional tags.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DynamicHostAllocationSpec" }, - "version": { - "description": "version is the level this availability applies to", + "id": { + "description": "id identifies the AWS Dedicated Host on which the instance must run. The value must start with \"h-\" followed by either 8 or 17 lowercase hexadecimal characters (0-9 and a-f). The use of 8 lowercase hexadecimal characters is for older legacy hosts that may not have been migrated to newer format. Must be either 10 or 19 characters in length. This field is required when allocationStrategy is UserProvided, and forbidden otherwise. When omitted with allocationStrategy set to Dynamic, the platform will dynamically allocate a dedicated host.", "type": "string" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "allocationStrategy", + "fields-to-discriminateBy": { + "dynamicHostAllocation": "DynamicHostAllocation", + "id": "ID" + } + } + ] }, - "com.github.openshift.api.operator.v1.SyslogLoggingDestinationParameters": { - "description": "SyslogLoggingDestinationParameters describes parameters for the Syslog logging destination type.", + "com.github.openshift.api.machine.v1beta1.DedicatedHostStatus": { + "description": "DedicatedHostStatus defines the observed state of a dynamically allocated dedicated host associated with an AWSMachine. This struct is used to track the ID of the dedicated host.", "type": "object", "required": [ - "address", - "port" + "id" ], "properties": { - "address": { - "description": "address is the IP address of the syslog endpoint that receives log messages.", - "type": "string", - "default": "" - }, - "facility": { - "description": "facility specifies the syslog facility of log messages.\n\nIf this field is empty, the facility is \"local1\".", + "id": { + "description": "id tracks the dynamically allocated dedicated host ID. This field is populated when allocationStrategy is Dynamic (with or without DynamicHostAllocation). The value must start with \"h-\" followed by either 8 or 17 lowercase hexadecimal characters (0-9 and a-f). The use of 8 lowercase hexadecimal characters is for older legacy hosts that may not have been migrated to newer format. Must be either 10 or 19 characters in length.", "type": "string" - }, - "maxLength": { - "description": "maxLength is the maximum length of the log message.\n\nValid values are integers in the range 480 to 4096, inclusive.\n\nWhen omitted, the default value is 1024.", - "type": "integer", - "format": "int64" - }, - "port": { - "description": "port is the UDP port number of the syslog endpoint that receives log messages.", - "type": "integer", - "format": "int64", - "default": 0 } } }, - "com.github.openshift.api.operator.v1.Theme": { - "description": "Theme defines a theme mode for the console UI.", + "com.github.openshift.api.machine.v1beta1.DiskEncryptionSetParameters": { + "description": "DiskEncryptionSetParameters is the disk encryption set properties", "type": "object", - "required": [ - "mode", - "source" - ], "properties": { - "mode": { - "description": "mode is used to specify what theme mode a logo will apply to in the console UI. mode is a required field that allows values of Dark and Light. When set to Dark, the logo file referenced in the 'file' field will be used when an end-user of the console UI enables the Dark mode. When set to Light, the logo file referenced in the 'file' field will be used when an end-user of the console UI enables the Light mode.\n\nPossible enum values:\n - `\"Dark\"` represents the dark mode for a console theme.\n - `\"Light\"` represents the light mode for a console theme.", - "type": "string", - "default": "", - "enum": [ - "Dark", - "Light" - ] - }, - "source": { - "description": "source is used by the console to locate the specified file containing a custom logo. source is a required field that references a ConfigMap name and key that contains the custom logo file in the openshift-config namespace. You can create it with a command like: - 'oc create configmap custom-logos-config --namespace=openshift-config --from-file=/path/to/file' The ConfigMap key must include the file extension so that the console serves the file with the correct MIME type. The recommended file format for the Masthead and Favicon logos is SVG, but other file formats are allowed if supported by the browser. The logo image size must be less than 1 MB due to constraints on the ConfigMap size. For more information, see the documentation: https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/web_console/customizing-web-console#customizing-web-console", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.FileReferenceSource" + "id": { + "description": "id is the disk encryption set ID Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is: \"Default\".", + "type": "string" } } }, - "com.github.openshift.api.operator.v1.Upstream": { - "description": "Upstream can either be of type SystemResolvConf, or of type Network.\n\n - For an Upstream of type SystemResolvConf, no further fields are necessary:\n The upstream will be configured to use /etc/resolv.conf.\n - For an Upstream of type Network, a NetworkResolver field needs to be defined\n with an IP address or IP:port if the upstream listens on a port other than 53.", + "com.github.openshift.api.machine.v1beta1.DiskSettings": { + "description": "DiskSettings describe ephemeral disk settings for the os disk.", "type": "object", - "required": [ - "type" - ], "properties": { - "address": { - "description": "address must be defined when Type is set to Network. It will be ignored otherwise. It must be a valid ipv4 or ipv6 address.", + "ephemeralStorageLocation": { + "description": "ephemeralStorageLocation enables ephemeral OS when set to 'Local'. Possible values include: 'Local'. See https://docs.microsoft.com/en-us/azure/virtual-machines/ephemeral-os-disks for full details. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is that disks are saved to remote Azure storage.", "type": "string" - }, - "port": { - "description": "port may be defined when Type is set to Network. It will be ignored otherwise. Port must be between 65535", - "type": "integer", - "format": "int64" - }, - "type": { - "description": "type defines whether this upstream contains an IP/IP:port resolver or the local /etc/resolv.conf. Type accepts 2 possible values: SystemResolvConf or Network.\n\n* When SystemResolvConf is used, the Upstream structure does not require any further fields to be defined:\n /etc/resolv.conf will be used\n* When Network is used, the Upstream structure must contain at least an Address", - "type": "string", - "default": "" } } }, - "com.github.openshift.api.operator.v1.UpstreamResolvers": { - "description": "UpstreamResolvers defines a schema for configuring the CoreDNS forward plugin in the specific case of the default (\".\") server. It defers from ForwardPlugin in the default values it accepts: * At least one upstream should be specified. * the default policy is Sequential", + "com.github.openshift.api.machine.v1beta1.DynamicHostAllocationSpec": { + "description": "DynamicHostAllocationSpec defines the configuration for dynamic dedicated host allocation. This specification always allocates exactly one dedicated host per machine. At least one property must be specified when this struct is used. Currently only Tags are available for configuring, but in the future more configs may become available.", "type": "object", "properties": { - "policy": { - "description": "policy is used to determine the order in which upstream servers are selected for querying. Any one of the following values may be specified:\n\n* \"Random\" picks a random upstream server for each query. * \"RoundRobin\" picks upstream servers in a round-robin order, moving to the next server for each new query. * \"Sequential\" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query.\n\nThe default value is \"Sequential\"", - "type": "string" - }, - "protocolStrategy": { - "description": "protocolStrategy specifies the protocol to use for upstream DNS requests. Valid values for protocolStrategy are \"TCP\" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is to use the protocol of the original client request. \"TCP\" specifies that the platform should use TCP for all upstream DNS requests, even if the client request uses UDP. \"TCP\" is useful for UDP-specific issues such as those created by non-compliant upstream resolvers, but may consume more bandwidth or increase DNS response time. Note that protocolStrategy only affects the protocol of DNS requests that CoreDNS makes to upstream resolvers. It does not affect the protocol of DNS requests between clients and CoreDNS.", - "type": "string", - "default": "" - }, - "transportConfig": { - "description": "transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver.\n\nThe default value is \"\" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSTransportConfig" - }, - "upstreams": { - "description": "upstreams is a list of resolvers to forward name queries for the \".\" domain. Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream returns an error during the exchange, another resolver is tried from Upstreams. The Upstreams are selected in the order specified in Policy.\n\nA maximum of 15 upstreams is allowed per ForwardPlugin. If no Upstreams are specified, /etc/resolv.conf is used by default", + "tags": { + "description": "tags specifies a set of key-value pairs to apply to the allocated dedicated host. When omitted, no additional user-defined tags will be applied to the allocated host. A maximum of 50 tags can be specified.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.Upstream" - } + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.TagSpecification" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.operator.v1.VSphereCSIDriverConfigSpec": { - "description": "VSphereCSIDriverConfigSpec defines properties that can be configured for vsphere CSI driver.", + "com.github.openshift.api.machine.v1beta1.EBSBlockDeviceSpec": { + "description": "EBSBlockDeviceSpec describes a block device for an EBS volume. https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EbsBlockDevice", "type": "object", "properties": { - "globalMaxSnapshotsPerBlockVolume": { - "description": "globalMaxSnapshotsPerBlockVolume is a global configuration parameter that applies to volumes on all kinds of datastores. If omitted, the platform chooses a default, which is subject to change over time, currently that default is 3. Snapshots can not be disabled using this parameter. Increasing number of snapshots above 3 can have negative impact on performance, for more details see: https://kb.vmware.com/s/article/1025279 Volume snapshot documentation: https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/3.0/vmware-vsphere-csp-getting-started/GUID-E0B41C69-7EEB-450F-A73D-5FD2FF39E891.html", - "type": "integer", - "format": "int64" + "deleteOnTermination": { + "description": "Indicates whether the EBS volume is deleted on machine termination.\n\nDeprecated: setting this field has no effect.", + "type": "boolean" }, - "granularMaxSnapshotsPerBlockVolumeInVSAN": { - "description": "granularMaxSnapshotsPerBlockVolumeInVSAN is a granular configuration parameter on vSAN datastore only. It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. Snapshots for VSAN can not be disabled using this parameter.", - "type": "integer", - "format": "int64" + "encrypted": { + "description": "Indicates whether the EBS volume is encrypted. Encrypted Amazon EBS volumes may only be attached to machines that support Amazon EBS encryption.", + "type": "boolean" }, - "granularMaxSnapshotsPerBlockVolumeInVVOL": { - "description": "granularMaxSnapshotsPerBlockVolumeInVVOL is a granular configuration parameter on Virtual Volumes datastore only. It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. Snapshots for VVOL can not be disabled using this parameter.", + "iops": { + "description": "The number of I/O operations per second (IOPS) that the volume supports. For io1, this represents the number of IOPS that are provisioned for the volume. For gp2, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting. For more information about General Purpose SSD baseline performance, I/O credits, and bursting, see Amazon EBS Volume Types (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the Amazon Elastic Compute Cloud User Guide.\n\nMinimal and maximal IOPS for io1 and gp2 are constrained. Please, check https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html for precise boundaries for individual volumes.\n\nCondition: This parameter is required for requests to create io1 volumes; it is not used in requests to create gp2, st1, sc1, or standard volumes.", "type": "integer", "format": "int64" }, - "maxAllowedBlockVolumesPerNode": { - "description": "maxAllowedBlockVolumesPerNode is an optional configuration parameter that allows setting a custom value for the limit of the number of PersistentVolumes attached to a node. In vSphere version 7 this limit was set to 59 by default, however in vSphere version 8 this limit was increased to 255. Before increasing this value above 59 the cluster administrator needs to ensure that every node forming the cluster is updated to ESXi version 8 or higher and that all nodes are running the same version. The limit must be between 1 and 255, which matches the vSphere version 8 maximum. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 59, which matches the limit for vSphere version 7.", + "kmsKey": { + "description": "Indicates the KMS key that should be used to encrypt the Amazon EBS volume.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AWSResourceReference" + }, + "throughputMib": { + "description": "throughputMib to provision in MiB/s supported for the volume type. Not applicable to all types.\n\nThis parameter is valid only for gp3 volumes. Valid Range: Minimum value of 125. Maximum value of 2000.\n\nWhen omitted, this means no opinion, and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 125.", "type": "integer", "format": "int32" }, - "topologyCategories": { - "description": "topologyCategories indicates tag categories with which vcenter resources such as hostcluster or datacenter were tagged with. If cluster Infrastructure object has a topology, values specified in Infrastructure object will be used and modifications to topologyCategories will be rejected.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "volumeSize": { + "description": "The size of the volume, in GiB.\n\nConstraints: 1-16384 for General Purpose SSD (gp2), 4-16384 for Provisioned IOPS SSD (io1), 500-16384 for Throughput Optimized HDD (st1), 500-16384 for Cold HDD (sc1), and 1-1024 for Magnetic (standard) volumes. If you specify a snapshot, the volume size must be equal to or larger than the snapshot size.\n\nDefault: If you're creating the volume from a snapshot and don't specify a volume size, the default is the snapshot size.", + "type": "integer", + "format": "int64" + }, + "volumeType": { + "description": "volumeType can be of type gp2, gp3, io1, st1, sc1, or standard. Default: standard", + "type": "string" } } }, - "com.github.openshift.api.operator.v1alpha1.BackupJobReference": { - "description": "BackupJobReference holds a reference to the batch/v1 Job created to run the etcd backup", + "com.github.openshift.api.machine.v1beta1.Filter": { + "description": "Filter is a filter used to identify an AWS resource", "type": "object", "required": [ - "namespace", "name" ], "properties": { "name": { - "description": "name is the name of the Job. Required", + "description": "name of the filter. Filter names are case-sensitive.", "type": "string", "default": "" }, - "namespace": { - "description": "namespace is the namespace of the Job. this is always expected to be \"openshift-etcd\" since the user provided PVC is also required to be in \"openshift-etcd\" Required", - "type": "string", - "default": "" + "values": { + "description": "values includes one or more filter values. Filter values are case-sensitive.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.operator.v1alpha1.ClusterAPI": { - "description": "ClusterAPI provides configuration for the capi-operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machine.v1beta1.GCPDisk": { + "description": "GCPDisk describes disks for GCP.", "type": "object", "required": [ - "metadata", - "spec" + "autoDelete", + "boot", + "sizeGb", + "type", + "image", + "labels" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "autoDelete": { + "description": "autoDelete indicates if the disk will be auto-deleted when the instance is deleted (default false).", + "type": "boolean", + "default": false }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "boot": { + "description": "boot indicates if this is a boot disk (default false).", + "type": "boolean", + "default": false }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "encryptionKey": { + "description": "encryptionKey is the customer-supplied encryption key of the disk.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPEncryptionKeyReference" }, - "spec": { - "description": "spec is the specification of the desired behavior of the capi-operator.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterAPISpec" + "image": { + "description": "image is the source image to create this disk.", + "type": "string", + "default": "" }, - "status": { - "description": "status defines the observed status of the capi-operator.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterAPIStatus" + "labels": { + "description": "labels list of labels to apply to the disk.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "sizeGb": { + "description": "sizeGb is the size of the disk (in GB).", + "type": "integer", + "format": "int64", + "default": 0 + }, + "type": { + "description": "type is the type of the disk (eg: pd-standard).", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponent": { - "description": "ClusterAPIInstallerComponent defines a component which will be installed by this revision.", + "com.github.openshift.api.machine.v1beta1.GCPEncryptionKeyReference": { + "description": "GCPEncryptionKeyReference describes the encryptionKey to use for a disk's encryption.", "type": "object", - "required": [ - "type" - ], "properties": { - "image": { - "description": "image defines an image source for a component. The image must contain a /capi-operator-installer directory containing the component manifests.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponentImage" + "kmsKey": { + "description": "KMSKeyName is the reference KMS key, in the format", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPKMSKeyReference" }, - "type": { - "description": "type is the source type of the component. The only valid value is Image. When set to Image, the image field must be set and will define an image source for the component.\n\nPossible enum values:\n - `\"Image\"` is an image source for a component.", - "type": "string", - "enum": [ - "Image" - ] - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "image": "Image" - } + "kmsKeyServiceAccount": { + "description": "kmsKeyServiceAccount is the service account being used for the encryption request for the given KMS key. If absent, the Compute Engine default service account is used. See https://cloud.google.com/compute/docs/access/service-accounts#compute_engine_service_account for details on the default service account.", + "type": "string" } - ] + } }, - "com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponentImage": { - "description": "ClusterAPIInstallerComponentImage defines an image source for a component.", + "com.github.openshift.api.machine.v1beta1.GCPGPUConfig": { + "description": "GCPGPUConfig describes type and count of GPUs attached to the instance on GCP.", "type": "object", "required": [ - "ref", - "profile" + "count", + "type" ], "properties": { - "profile": { - "description": "profile is the name of a profile to use from the image.\n\nA profile name may be up to 255 characters long. It must consist of alphanumeric characters, '-', or '_'.", - "type": "string" + "count": { + "description": "count is the number of GPUs to be attached to an instance.", + "type": "integer", + "format": "int32", + "default": 0 }, - "ref": { - "description": "ref is an image reference to the image containing the component manifests. The reference must be a valid image digest reference in the format host[:port][/namespace]/name@sha256:. The digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the field must be between 1 to 447 characters.", - "type": "string" + "type": { + "description": "type is the type of GPU to be attached to an instance. Supported GPU types are: nvidia-tesla-k80, nvidia-tesla-p100, nvidia-tesla-v100, nvidia-tesla-p4, nvidia-tesla-t4", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerRevision": { + "com.github.openshift.api.machine.v1beta1.GCPKMSKeyReference": { + "description": "GCPKMSKeyReference gathers required fields for looking up a GCP KMS Key", "type": "object", "required": [ "name", - "revision", - "contentID", - "components" + "keyRing", + "location" ], "properties": { - "components": { - "description": "components is list of components which will be installed by this revision. Components will be installed in the order they are listed.\n\nThe maximum number of components is 32.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponent" - }, - "x-kubernetes-list-type": "atomic" + "keyRing": { + "description": "keyRing is the name of the KMS Key Ring which the KMS Key belongs to.", + "type": "string", + "default": "" }, - "contentID": { - "description": "contentID uniquely identifies the content of this revision. The contentID must be between 1 and 255 characters long.", - "type": "string" + "location": { + "description": "location is the GCP location in which the Key Ring exists.", + "type": "string", + "default": "" }, "name": { - "description": "name is the name of a revision.", - "type": "string" - }, - "revision": { - "description": "revision is a monotonically increasing number that is assigned to a revision.", - "type": "integer", - "format": "int64" + "description": "name is the name of the customer managed encryption key to be used for the disk encryption.", + "type": "string", + "default": "" }, - "unmanagedCustomResourceDefinitions": { - "description": "unmanagedCustomResourceDefinitions is a list of the names of ClusterResourceDefinition (CRD) objects which are included in this revision, but which should not be installed or updated. If not set, all CRDs in the revision will be managed by the CAPI operator.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "projectID": { + "description": "projectID is the ID of the Project in which the KMS Key Ring exists. Defaults to the VM ProjectID if not set.", + "type": "string" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "com.github.openshift.api.operator.v1alpha1.ClusterAPIList": { - "description": "ClusterAPIList contains a list of ClusterAPI configurations\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machine.v1beta1.GCPMachineProviderSpec": { + "description": "GCPMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an GCP virtual machine. It is used by the GCP machine actuator to create a single Machine. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "metadata", - "items" + "canIPForward", + "deletionProtection", + "serviceAccounts", + "machineType", + "region", + "zone" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "items contains the items", + "canIPForward": { + "description": "canIPForward Allows this instance to send and receive packets with non-matching destination or source IPs. This is required if you plan to use this instance to forward routes.", + "type": "boolean", + "default": false + }, + "confidentialCompute": { + "description": "confidentialCompute is an optional field defining whether the instance should have confidential compute enabled or not, and the confidential computing technology of choice. Allowed values are omitted, Disabled, Enabled, AMDEncryptedVirtualization, AMDEncryptedVirtualizationNestedPaging, and IntelTrustedDomainExtensions When set to Disabled, the machine will not be configured to be a confidential computing instance. When set to Enabled, the machine will be configured as a confidential computing instance with no preference on the confidential compute policy used. In this mode, the platform chooses a default that is subject to change over time. Currently, the default is to use AMD Secure Encrypted Virtualization. When set to AMDEncryptedVirtualization, the machine will be configured as a confidential computing instance with AMD Secure Encrypted Virtualization (AMD SEV) as the confidential computing technology. When set to AMDEncryptedVirtualizationNestedPaging, the machine will be configured as a confidential computing instance with AMD Secure Encrypted Virtualization Secure Nested Paging (AMD SEV-SNP) as the confidential computing technology. When set to IntelTrustedDomainExtensions, the machine will be configured as a confidential computing instance with Intel Trusted Domain Extensions (Intel TDX) as the confidential computing technology. If any value other than Disabled is set the selected machine type must support that specific confidential computing technology. The machine series supporting confidential computing technologies can be checked at https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations#all-confidential-vm-instances Currently, AMDEncryptedVirtualization is supported in c2d, n2d, and c3d machines. AMDEncryptedVirtualizationNestedPaging is supported in n2d machines. IntelTrustedDomainExtensions is supported in c3 machines. If any value other than Disabled is set, the selected region must support that specific confidential computing technology. The list of regions supporting confidential computing technologies can be checked at https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations#supported-zones If any value other than Disabled is set onHostMaintenance is required to be set to \"Terminate\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled.", + "type": "string" + }, + "credentialsSecret": { + "description": "credentialsSecret is a reference to the secret with GCP credentials.", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + }, + "deletionProtection": { + "description": "deletionProtection whether the resource should be protected against deletion.", + "type": "boolean", + "default": false + }, + "disks": { + "description": "disks is a list of disks to be attached to the VM.", + "type": "array", + "items": { + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPDisk" + } + }, + "gcpMetadata": { + "description": "Metadata key/value pairs to apply to the VM.", + "type": "array", + "items": { + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPMetadata" + } + }, + "gpus": { + "description": "gpus is a list of GPUs to be attached to the VM.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterAPI" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPGPUConfig" } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, + "labels": { + "description": "labels list of labels to apply to the VM.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "machineType": { + "description": "machineType is the machine type to use for the VM.", + "type": "string", + "default": "" + }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.operator.v1alpha1.ClusterAPISpec": { - "description": "ClusterAPISpec defines the desired configuration of the capi-operator. The spec is required but we deliberately allow it to be empty.", - "type": "object", - "properties": { - "unmanagedCustomResourceDefinitions": { - "description": "unmanagedCustomResourceDefinitions is a list of ClusterResourceDefinition (CRD) names that should not be managed by the capi-operator installer controller. This allows external actors to own specific CRDs while capi-operator manages others.\n\nEach CRD name must be a valid DNS-1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character, with a maximum length of 253 characters. CRD names must contain at least two '.' characters. Example: \"clusters.cluster.x-k8s.io\"\n\nItems cannot be removed from this list once added.\n\nThe maximum number of unmanagedCustomResourceDefinitions is 128.", + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "networkInterfaces": { + "description": "networkInterfaces is a list of network interfaces to be attached to the VM.", "type": "array", "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set" - } - } - }, - "com.github.openshift.api.operator.v1alpha1.ClusterAPIStatus": { - "description": "ClusterAPIStatus describes the current state of the capi-operator.", - "type": "object", - "required": [ - "desiredRevision", - "revisions" - ], - "properties": { - "currentRevision": { - "description": "currentRevision is the name of the most recently fully applied revision. It is written by the installer controller. If it is absent, it indicates that no revision has been fully applied yet. If set, currentRevision must correspond to an entry in the revisions list.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPNetworkInterface" + } + }, + "onHostMaintenance": { + "description": "onHostMaintenance determines the behavior when a maintenance event occurs that might cause the instance to reboot. This is required to be set to \"Terminate\" if you want to provision machine with attached GPUs. Otherwise, allowed values are \"Migrate\" and \"Terminate\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is \"Migrate\".", "type": "string" }, - "desiredRevision": { - "description": "desiredRevision is the name of the desired revision. It is written by the revision controller. It must be set to the name of the entry in the revisions list with the highest revision number.", + "preemptible": { + "description": "preemptible indicates if created instance is preemptible.", + "type": "boolean" + }, + "projectID": { + "description": "projectID is the project in which the GCP machine provider will create the VM.", "type": "string" }, - "revisions": { - "description": "revisions is a list of all currently active revisions. A revision is active until the installer controller updates currentRevision to a later revision. It is written by the revision controller.\n\nThe maximum number of revisions is 16. All revisions must have a unique name. All revisions must have a unique revision number. When adding a revision, the revision number must be greater than the highest revision number in the list. Revisions are immutable, although they can be deleted.", + "provisioningModel": { + "description": "provisioningModel is an optional field that determines the provisioning model for the GCP machine instance. Valid values are \"Spot\" and omitted. When set to Spot, the instance runs as a Google Cloud Spot instance which provides significant cost savings but may be preempted by Google Cloud Platform when resources are needed elsewhere. When omitted, the machine will be provisioned as a standard on-demand instance. This field cannot be used together with the preemptible field.", + "type": "string" + }, + "region": { + "description": "region is the region in which the GCP machine provider will create the VM.", + "type": "string", + "default": "" + }, + "resourceManagerTags": { + "description": "resourceManagerTags is an optional list of tags to apply to the GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview for information on tagging GCP resources. GCP supports a maximum of 50 tags per resource.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerRevision" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.ResourceManagerTag" }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "com.github.openshift.api.operator.v1alpha1.ClusterVersionOperator": { - "description": "ClusterVersionOperator holds cluster-wide information about the Cluster Version Operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "type": "object", - "required": [ - "metadata", - "spec" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "x-kubernetes-list-map-keys": [ + "key" + ], + "x-kubernetes-list-type": "map" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "restartPolicy": { + "description": "restartPolicy determines the behavior when an instance crashes or the underlying infrastructure provider stops the instance as part of a maintenance event (default \"Always\"). Cannot be \"Always\" with preemptible instances. Otherwise, allowed values are \"Always\" and \"Never\". If omitted, the platform chooses a default, which is subject to change over time, currently that default is \"Always\". RestartPolicy represents AutomaticRestart in GCP compute api", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "serviceAccounts": { + "description": "serviceAccounts is a list of GCP service accounts to be used by the VM.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPServiceAccount" + } + }, + "shieldedInstanceConfig": { + "description": "shieldedInstanceConfig is the Shielded VM configuration for the VM", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.GCPShieldedInstanceConfig" + }, + "tags": { + "description": "tags list of network tags to apply to the VM.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "targetPools": { + "description": "targetPools are used for network TCP/UDP load balancing. A target pool references member instances, an associated legacy HttpHealthCheck resource, and, optionally, a backup target pool", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "spec": { - "description": "spec is the specification of the desired behavior of the Cluster Version Operator.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorSpec" + "userDataSecret": { + "description": "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" }, - "status": { - "description": "status is the most recently observed status of the Cluster Version Operator.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorStatus" + "zone": { + "description": "zone is the zone in which the GCP machine provider will create the VM.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorList": { - "description": "ClusterVersionOperatorList is a collection of ClusterVersionOperators.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machine.v1beta1.GCPMachineProviderStatus": { + "description": "GCPMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains GCP-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "metadata" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "items is a list of ClusterVersionOperators.", + "conditions": { + "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterVersionOperator" - } + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "instanceId": { + "description": "instanceId is the ID of the instance in GCP", + "type": "string" + }, + "instanceState": { + "description": "instanceState is the provisioning state of the GCP Instance.", + "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorSpec": { - "description": "ClusterVersionOperatorSpec is the specification of the desired behavior of the Cluster Version Operator.", + "com.github.openshift.api.machine.v1beta1.GCPMetadata": { + "description": "GCPMetadata describes metadata for GCP.", "type": "object", + "required": [ + "key", + "value" + ], "properties": { - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "key": { + "description": "key is the metadata key.", + "type": "string", + "default": "" + }, + "value": { + "description": "value is the metadata value.", "type": "string" } } }, - "com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorStatus": { - "description": "ClusterVersionOperatorStatus defines the observed status of the Cluster Version Operator.", - "type": "object", - "properties": { - "observedGeneration": { - "description": "observedGeneration represents the most recent generation observed by the operator and specifies the version of the spec field currently being synced.", - "type": "integer", - "format": "int64" - } - } - }, - "com.github.openshift.api.operator.v1alpha1.DelegatedAuthentication": { - "description": "DelegatedAuthentication allows authentication to be disabled.", - "type": "object", - "properties": { - "disabled": { - "description": "disabled indicates that authentication should be disabled. By default it will use delegated authentication.", - "type": "boolean" - } - } - }, - "com.github.openshift.api.operator.v1alpha1.DelegatedAuthorization": { - "description": "DelegatedAuthorization allows authorization to be disabled.", - "type": "object", - "properties": { - "disabled": { - "description": "disabled indicates that authorization should be disabled. By default it will use delegated authorization.", - "type": "boolean" - } - } - }, - "com.github.openshift.api.operator.v1alpha1.EtcdBackup": { - "description": "# EtcdBackup provides configuration options and status for a one-time backup attempt of the etcd cluster\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machine.v1beta1.GCPNetworkInterface": { + "description": "GCPNetworkInterface describes network interfaces for GCP", "type": "object", - "required": [ - "spec" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "network": { + "description": "network is the network name.", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "projectID": { + "description": "projectID is the project in which the GCP machine provider will create the VM.", "type": "string" }, - "metadata": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.EtcdBackupSpec" + "publicIP": { + "description": "publicIP indicates if true a public IP will be used", + "type": "boolean" }, - "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.EtcdBackupStatus" + "subnetwork": { + "description": "subnetwork is the subnetwork name.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1alpha1.EtcdBackupList": { - "description": "EtcdBackupList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machine.v1beta1.GCPServiceAccount": { + "description": "GCPServiceAccount describes service accounts for GCP.", "type": "object", "required": [ - "metadata", - "items" + "email", + "scopes" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "email": { + "description": "email is the service account email.", + "type": "string", + "default": "" }, - "items": { + "scopes": { + "description": "scopes list of scopes to be assigned to the service account.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.EtcdBackup" + "type": "string", + "default": "" } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.operator.v1alpha1.EtcdBackupSpec": { + "com.github.openshift.api.machine.v1beta1.GCPShieldedInstanceConfig": { + "description": "GCPShieldedInstanceConfig describes the shielded VM configuration of the instance on GCP. Shielded VM configuration allow users to enable and disable Secure Boot, vTPM, and Integrity Monitoring.", "type": "object", "properties": { - "pvcName": { - "description": "pvcName specifies the name of the PersistentVolumeClaim (PVC) which binds a PersistentVolume where the etcd backup file would be saved The PVC itself must always be created in the \"openshift-etcd\" namespace If the PVC is left unspecified \"\" then the platform will choose a reasonable default location to save the backup. In the future this would be backups saved across the control-plane master nodes.", - "type": "string", - "default": "" + "integrityMonitoring": { + "description": "integrityMonitoring determines whether the instance should have integrity monitoring that verify the runtime boot integrity. Compares the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled.", + "type": "string" + }, + "secureBoot": { + "description": "secureBoot Defines whether the instance should have secure boot enabled. Secure Boot verify the digital signature of all boot components, and halting the boot process if signature verification fails. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Disabled.", + "type": "string" + }, + "virtualizedTrustedPlatformModule": { + "description": "virtualizedTrustedPlatformModule enable virtualized trusted platform module measurements to create a known good boot integrity policy baseline. The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. This is required to be set to \"Enabled\" if IntegrityMonitoring is enabled. If omitted, the platform chooses a default, which is subject to change over time, currently that default is Enabled.", + "type": "string" } } }, - "com.github.openshift.api.operator.v1alpha1.EtcdBackupStatus": { + "com.github.openshift.api.machine.v1beta1.HostPlacement": { + "description": "HostPlacement is the type that will be used to configure the placement of AWS instances.", "type": "object", + "required": [ + "affinity" + ], "properties": { - "backupJob": { - "description": "backupJob is the reference to the Job that executes the backup. Optional", - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.BackupJobReference" + "affinity": { + "description": "affinity specifies the affinity setting for the instance. Allowed values are AnyAvailable and DedicatedHost. When Affinity is set to DedicatedHost, an instance started onto a specific host always restarts on the same host if stopped. In this scenario, the `dedicatedHost` field must be set. When Affinity is set to AnyAvailable, and you stop and restart the instance, it can be restarted on any available host. When Affinity is set to AnyAvailable and the `dedicatedHost` field is defined, it runs on specified Dedicated Host, but may move if stopped.", + "type": "string" }, - "conditions": { - "description": "conditions provide details on the status of the etcd backup job.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "dedicatedHost": { + "description": "dedicatedHost specifies the exact host that an instance should be restarted on if stopped. dedicatedHost is required when 'affinity' is set to DedicatedHost, and optional otherwise.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DedicatedHost" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "affinity", + "fields-to-discriminateBy": { + "dedicatedHost": "DedicatedHost" + } + } + ] }, - "com.github.openshift.api.operator.v1alpha1.GenerationHistory": { - "description": "GenerationHistory keeps track of the generation for a given resource so that decisions about forced updated can be made. DEPRECATED: Use fields in v1.GenerationStatus instead", + "com.github.openshift.api.machine.v1beta1.Image": { + "description": "Image is a mirror of azure sdk compute.ImageReference", "type": "object", "required": [ - "group", - "resource", - "namespace", - "name", - "lastGeneration" + "publisher", + "offer", + "sku", + "version", + "resourceID" ], "properties": { - "group": { - "description": "group is the group of the thing you're tracking", + "offer": { + "description": "offer specifies the name of a group of related images created by the publisher. For example, UbuntuServer, WindowsServer", "type": "string", "default": "" }, - "lastGeneration": { - "description": "lastGeneration is the last generation of the workload controller involved", - "type": "integer", - "format": "int64", - "default": 0 + "publisher": { + "description": "publisher is the name of the organization that created the image", + "type": "string", + "default": "" }, - "name": { - "description": "name is the name of the thing you're tracking", + "resourceID": { + "description": "resourceID specifies an image to use by ID", "type": "string", "default": "" }, - "namespace": { - "description": "namespace is where the thing you're tracking is", + "sku": { + "description": "sku specifies an instance of an offer, such as a major release of a distribution. For example, 18.04-LTS, 2019-Datacenter", "type": "string", "default": "" }, - "resource": { - "description": "resource is the resource type of the thing you're tracking", + "type": { + "description": "type identifies the source of the image and related information, such as purchase plans. Valid values are \"ID\", \"MarketplaceWithPlan\", \"MarketplaceNoPlan\", and omitted, which means no opinion and the platform chooses a good default which may change over time. Currently that default is \"MarketplaceNoPlan\" if publisher data is supplied, or \"ID\" if not. For more information about purchase plans, see: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/cli-ps-findimage#check-the-purchase-plan-information", + "type": "string" + }, + "version": { + "description": "version specifies the version of an image sku. The allowed formats are Major.Minor.Build or 'latest'. Major, Minor, and Build are decimal numbers. Specify 'latest' to use the latest version of an image available at deploy time. Even if you use 'latest', the VM image will not automatically update after deploy time even if a new version becomes available.", "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1alpha1.GenericOperatorConfig": { - "description": "GenericOperatorConfig provides information to configure an operator\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machine.v1beta1.LastOperation": { + "description": "LastOperation represents the detail of the last performed operation on the MachineObject.", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "description": { + "description": "description is the human-readable description of the last operation.", "type": "string" }, - "authentication": { - "description": "authentication allows configuration of authentication for the endpoints", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.DelegatedAuthentication" - }, - "authorization": { - "description": "authorization allows configuration of authentication for the endpoints", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.DelegatedAuthorization" + "lastUpdated": { + "description": "lastUpdated is the timestamp at which LastOperation API was last-updated.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "state": { + "description": "state is the current status of the last performed operation. E.g. Processing, Failed, Successful etc", "type": "string" }, - "leaderElection": { - "description": "leaderElection provides information to elect a leader. Only override this if you have a specific need", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.LeaderElection" - }, - "servingInfo": { - "description": "servingInfo is the HTTP serving information for the controller's endpoints", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" + "type": { + "description": "type is the type of operation which was last performed. E.g. Create, Delete, Update etc", + "type": "string" } } }, - "com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicy": { - "description": "ImageContentSourcePolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machine.v1beta1.LifecycleHook": { + "description": "LifecycleHook represents a single instance of a lifecycle hook", "type": "object", "required": [ - "spec" + "name", + "owner" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "name": { + "description": "name defines a unique name for the lifcycle hook. The name should be unique and descriptive, ideally 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. Names must be unique and should only be managed by a single entity.", + "type": "string", + "default": "" }, - "spec": { - "description": "spec holds user settable values for configuration", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicySpec" + "owner": { + "description": "owner defines the owner of the lifecycle hook. This should be descriptive enough so that users can identify who/what is responsible for blocking the lifecycle. This could be the name of a controller (e.g. clusteroperator/etcd) or an administrator managing the hook.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicyList": { - "description": "ImageContentSourcePolicyList lists the items in the ImageContentSourcePolicy CRD.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machine.v1beta1.LifecycleHooks": { + "description": "LifecycleHooks allow users to pause operations on the machine at certain prefedined points within the machine lifecycle.", "type": "object", - "required": [ - "metadata", - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { + "preDrain": { + "description": "preDrain hooks prevent the machine from being drained. This also blocks further lifecycle events, such as termination.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicy" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.LifecycleHook" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicySpec": { - "description": "ImageContentSourcePolicySpec is the specification of the ImageContentSourcePolicy CRD.", - "type": "object", - "properties": { - "repositoryDigestMirrors": { - "description": "repositoryDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in RepositoryDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. Only image pull specifications that have an image digest will have this behavior applied to them - tags will continue to be pulled from the specified repository in the pull spec.\n\nEach “source” repository is treated independently; configurations for different “source” repositories don’t interact.\n\nWhen multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.", + "preTerminate": { + "description": "preTerminate hooks prevent the machine from being terminated. PreTerminate hooks be actioned after the Machine has been drained.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.RepositoryDigestMirrors" - } + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.LifecycleHook" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.operator.v1alpha1.LoggingConfig": { - "description": "LoggingConfig holds information about configuring logging DEPRECATED: Use v1.LogLevel instead", + "com.github.openshift.api.machine.v1beta1.LoadBalancerReference": { + "description": "LoadBalancerReference is a reference to a load balancer on AWS.", "type": "object", "required": [ - "level", - "vmodule" + "name", + "type" ], "properties": { - "level": { - "description": "level is passed to glog.", - "type": "integer", - "format": "int64", - "default": 0 + "name": { + "type": "string", + "default": "" }, - "vmodule": { - "description": "vmodule is passed to glog.", + "type": { "type": "string", "default": "" } } }, - "com.github.openshift.api.operator.v1alpha1.NodeStatus": { - "description": "NodeStatus provides information about the current state of a particular node managed by this operator. Deprecated: Use v1.NodeStatus instead", + "com.github.openshift.api.machine.v1beta1.Machine": { + "description": "Machine is the Schema for the machines API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "nodeName", - "currentDeploymentGeneration", - "targetDeploymentGeneration", - "lastFailedDeploymentGeneration", - "lastFailedDeploymentErrors" - ], "properties": { - "currentDeploymentGeneration": { - "description": "currentDeploymentGeneration is the generation of the most recently successful deployment", - "type": "integer", - "format": "int32", - "default": 0 + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "lastFailedDeploymentErrors": { - "description": "lastFailedDeploymentGenerationErrors is a list of the errors during the failed deployment referenced in lastFailedDeploymentGeneration", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "lastFailedDeploymentGeneration": { - "description": "lastFailedDeploymentGeneration is the generation of the deployment we tried and failed to deploy.", - "type": "integer", - "format": "int32", - "default": 0 + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "nodeName": { - "description": "nodeName is the name of the node", - "type": "string", - "default": "" + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineSpec" }, - "targetDeploymentGeneration": { - "description": "targetDeploymentGeneration is the generation of the deployment we're trying to apply", - "type": "integer", - "format": "int32", - "default": 0 + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineStatus" } } }, - "com.github.openshift.api.operator.v1alpha1.OLM": { - "description": "OLM provides information to configure an operator to manage the OLM controllers\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machine.v1beta1.MachineHealthCheck": { + "description": "MachineHealthCheck is the Schema for the machinehealthchecks API Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "metadata", - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -36518,25 +37208,24 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { - "description": "spec holds user settable values for configuration", + "description": "Specification of machine health check policy", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.OLMSpec" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineHealthCheckSpec" }, "status": { - "description": "status holds observed values from the cluster. They may not be overridden.", + "description": "Most recently observed status of MachineHealthCheck resource", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.OLMStatus" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineHealthCheckStatus" } } }, - "com.github.openshift.api.operator.v1alpha1.OLMList": { - "description": "OLMList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machine.v1beta1.MachineHealthCheckList": { + "description": "MachineHealthCheckList contains a list of MachineHealthCheck Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -36545,11 +37234,10 @@ "type": "string" }, "items": { - "description": "items contains the items", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.OLM" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineHealthCheck" } }, "kind": { @@ -36559,1619 +37247,1657 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.operator.v1alpha1.OLMSpec": { + "com.github.openshift.api.machine.v1beta1.MachineHealthCheckSpec": { + "description": "MachineHealthCheckSpec defines the desired state of MachineHealthCheck", "type": "object", "required": [ - "managementState" + "selector", + "unhealthyConditions" ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "maxUnhealthy": { + "description": "Any farther remediation is only allowed if at most \"MaxUnhealthy\" machines selected by \"selector\" are not healthy. Expects either a postive integer value or a percentage value. Percentage values must be positive whole numbers and are capped at 100%. Both 0 and 0% are valid and will block all remediation. Defaults to 100% if not set.", + "$ref": "#/definitions/IntOrString.intstr.util.pkg.apimachinery.k8s.io" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "type": "string", - "default": "" + "nodeStartupTimeout": { + "description": "Machines older than this duration without a node will be considered to have failed and will be remediated. To prevent Machines without Nodes from being removed, disable startup checks by setting this value explicitly to \"0\". Expects an unsigned duration string of decimal numbers each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".", + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "remediationTemplate": { + "description": "remediationTemplate is a reference to a remediation template provided by an infrastructure provider.\n\nThis field is completely optional, when filled, the MachineHealthCheck controller creates a new object from the template referenced and hands off remediation of the machine to a controller that lives outside of Machine API Operator.", + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "selector": { + "description": "Label selector to match machines whose health will be exercised. Note: An empty selector will match all machines.", + "default": {}, + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "unhealthyConditions": { + "description": "unhealthyConditions contains a list of the conditions that determine whether a node is considered unhealthy. The conditions are combined in a logical OR, i.e. if any of the conditions is met, the node is unhealthy.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.UnhealthyCondition" + } } } }, - "com.github.openshift.api.operator.v1alpha1.OLMStatus": { + "com.github.openshift.api.machine.v1beta1.MachineHealthCheckStatus": { + "description": "MachineHealthCheckStatus defines the observed state of MachineHealthCheck", "type": "object", "properties": { "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "description": "conditions defines the current state of the MachineHealthCheck", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Condition" }, "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" + "type" ], "x-kubernetes-list-type": "map" }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "currentHealthy": { + "description": "total number of machines counted by this machine health check", "type": "integer", "format": "int32" }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", + "expectedMachines": { + "description": "total number of machines counted by this machine health check", "type": "integer", - "format": "int64" + "format": "int32" }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "remediationsAllowed": { + "description": "remediationsAllowed is the number of further remediations allowed by this machine health check before maxUnhealthy short circuiting will be applied", "type": "integer", "format": "int32", "default": 0 - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" } } }, - "com.github.openshift.api.operator.v1alpha1.OperatorCondition": { - "description": "OperatorCondition is just the standard condition fields. DEPRECATED: Use v1.OperatorCondition instead", + "com.github.openshift.api.machine.v1beta1.MachineList": { + "description": "MachineList contains a list of Machine Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "type", - "status" + "items" ], "properties": { - "lastTransitionTime": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "message": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "reason": { - "type": "string" + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Machine" + } }, - "status": { - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "type": { - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.operator.v1alpha1.OperatorSpec": { - "description": "OperatorSpec contains common fields for an operator to need. It is intended to be anonymous included inside of the Spec struct for you particular operator. DEPRECATED: Use v1.OperatorSpec instead", + "com.github.openshift.api.machine.v1beta1.MachineSet": { + "description": "MachineSet ensures that a specified number of machines replicas are running at any given time. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "managementState", - "imagePullSpec", - "imagePullPolicy", - "version" - ], "properties": { - "imagePullPolicy": { - "description": "imagePullPolicy specifies the image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "imagePullSpec": { - "description": "imagePullSpec is the image to use for the component.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "logging": { - "description": "logging contains glog parameters for the component pods. It's always a command line arg for the moment", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.LoggingConfig" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", - "type": "string", - "default": "" + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineSetSpec" }, - "version": { - "description": "version is the desired state in major.minor.micro-patch. Usually patch is ignored.", - "type": "string", - "default": "" + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineSetStatus" } } }, - "com.github.openshift.api.operator.v1alpha1.OperatorStatus": { - "description": "OperatorStatus contains common fields for an operator to need. It is intended to be anonymous included inside of the Status struct for you particular operator. DEPRECATED: Use v1.OperatorStatus instead", + "com.github.openshift.api.machine.v1beta1.MachineSetList": { + "description": "MachineSetList contains a list of MachineSet Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "items" + ], "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.OperatorCondition" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineSet" } }, - "currentVersionAvailability": { - "description": "currentVersionAvailability is availability information for the current version. If it is unmanged or removed, this doesn't exist.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.VersionAvailability" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" - }, - "state": { - "description": "state indicates what the operator has observed to be its current operational status.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "targetVersionAvailability": { - "description": "targetVersionAvailability is availability information for the target version if we are migrating", - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.VersionAvailability" - }, - "taskSummary": { - "description": "taskSummary is a high level summary of what the controller is currently attempting to do. It is high-level, human-readable and not guaranteed in any way. (I needed this for debugging and realized it made a great summary).", - "type": "string" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.operator.v1alpha1.RepositoryDigestMirrors": { - "description": "RepositoryDigestMirrors holds cluster-wide information about how to handle mirros in the registries config. Note: the mirrors only work when pulling the images that are referenced by their digests.", + "com.github.openshift.api.machine.v1beta1.MachineSetSpec": { + "description": "MachineSetSpec defines the desired state of MachineSet", "type": "object", "required": [ - "source" + "selector" ], "properties": { - "mirrors": { - "description": "mirrors is one or more repositories that may also contain the same images. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. Other cluster configuration, including (but not limited to) other repositoryDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "source": { - "description": "source is the repository that users refer to, e.g. in image pull specifications.", + "authoritativeAPI": { + "description": "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI and ClusterAPI. When set to MachineAPI, writes to the spec of the machine.openshift.io copy of this resource will be reflected into the cluster.x-k8s.io copy. When set to ClusterAPI, writes to the spec of the cluster.x-k8s.io copy of this resource will be reflected into the machine.openshift.io copy. Updates to the status will be reflected in both copies of the resource, based on the controller implementing the functionality of the API. Currently the authoritative API determines which controller will manage the resource, this will change in a future release. To ensure the change has been accepted, please verify that the `status.authoritativeAPI` field has been updated to the desired value and that the `Synchronized` condition is present and set to `True`.", "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.operator.v1alpha1.StaticPodOperatorStatus": { - "description": "StaticPodOperatorStatus is status for controllers that manage static pods. There are different needs because individual node status must be tracked. DEPRECATED: Use v1.StaticPodOperatorStatus instead", - "type": "object", - "required": [ - "latestAvailableDeploymentGeneration", - "nodeStatuses" - ], - "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.OperatorCondition" - } + "default": "MachineAPI" }, - "currentVersionAvailability": { - "description": "currentVersionAvailability is availability information for the current version. If it is unmanged or removed, this doesn't exist.", - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.VersionAvailability" + "deletePolicy": { + "description": "deletePolicy defines the policy used to identify nodes to delete when downscaling. Defaults to \"Random\". Valid values are \"Random, \"Newest\", \"Oldest\"", + "type": "string" }, - "latestAvailableDeploymentGeneration": { - "description": "latestAvailableDeploymentGeneration is the deploymentID of the most recent deployment", + "minReadySeconds": { + "description": "minReadySeconds is the minimum number of seconds for which a newly created machine should be ready. Defaults to 0 (machine will be considered available as soon as it is ready)", "type": "integer", - "format": "int32", - "default": 0 - }, - "nodeStatuses": { - "description": "nodeStatuses track the deployment values and errors across individual nodes", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.NodeStatus" - } + "format": "int32" }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", + "replicas": { + "description": "replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1.", "type": "integer", - "format": "int64" - }, - "state": { - "description": "state indicates what the operator has observed to be its current operational status.", - "type": "string" + "format": "int32" }, - "targetVersionAvailability": { - "description": "targetVersionAvailability is availability information for the target version if we are migrating", - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.VersionAvailability" + "selector": { + "description": "selector is a label query over machines that should match the replica count. Label keys and values that must match in order to be controlled by this MachineSet. It must match the machine template's labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors", + "default": {}, + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "taskSummary": { - "description": "taskSummary is a high level summary of what the controller is currently attempting to do. It is high-level, human-readable and not guaranteed in any way. (I needed this for debugging and realized it made a great summary).", - "type": "string" + "template": { + "description": "template is the object that describes the machine that will be created if insufficient replicas are detected.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineTemplateSpec" } } }, - "com.github.openshift.api.operator.v1alpha1.VersionAvailability": { - "description": "VersionAvailability gives information about the synchronization and operational status of a particular version of the component DEPRECATED: Use fields in v1.OperatorStatus instead", + "com.github.openshift.api.machine.v1beta1.MachineSetStatus": { + "description": "MachineSetStatus defines the observed state of MachineSet", "type": "object", - "required": [ - "version", - "updatedReplicas", - "readyReplicas", - "errors", - "generations" - ], "properties": { - "errors": { - "description": "errors indicates what failures are associated with the operator trying to manage this version", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "authoritativeAPI": { + "description": "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI, ClusterAPI and Migrating. This value is updated by the migration controller to reflect the authoritative API. Machine API and Cluster API controllers use this value to determine whether or not to reconcile the resource. When set to Migrating, the migration controller is currently performing the handover of authority from one API to the other.", + "type": "string" }, - "generations": { - "description": "generations allows an operator to track what the generation of \"important\" resources was the last time we updated them", + "availableReplicas": { + "description": "The number of available replicas (ready for at least minReadySeconds) for this MachineSet.", + "type": "integer", + "format": "int32" + }, + "conditions": { + "description": "conditions defines the current state of the MachineSet", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.GenerationHistory" - } + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "errorMessage": { + "type": "string" + }, + "errorReason": { + "description": "In the event that there is a terminal problem reconciling the replicas, both ErrorReason and ErrorMessage will be set. ErrorReason will be populated with a succinct value suitable for machine interpretation, while ErrorMessage will contain a more verbose string suitable for logging and human consumption.\n\nThese fields should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the MachineTemplate's spec or the configuration of the machine controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the machine controller, or the responsible machine controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines can be added as events to the MachineSet object and/or logged in the controller's output.", + "type": "string" + }, + "fullyLabeledReplicas": { + "description": "The number of replicas that have labels matching the labels of the machine template of the MachineSet.", + "type": "integer", + "format": "int32" + }, + "observedGeneration": { + "description": "observedGeneration reflects the generation of the most recently observed MachineSet.", + "type": "integer", + "format": "int64" }, "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "description": "The number of ready replicas for this MachineSet. A machine is considered ready when the node has been created and is \"Ready\".", "type": "integer", - "format": "int32", - "default": 0 + "format": "int32" }, - "updatedReplicas": { - "description": "updatedReplicas indicates how many replicas are at the desired state", + "replicas": { + "description": "replicas is the most recently observed number of replicas.", "type": "integer", "format": "int32", "default": 0 }, - "version": { - "description": "version is the level this availability applies to", - "type": "string", - "default": "" + "synchronizedAPI": { + "description": "synchronizedAPI holds the last stable value of authoritativeAPI. It is used to detect migration cancellation requests and to restore the resource to its previous state. Valid values are \"MachineAPI\" and \"ClusterAPI\". When omitted, the resource has not yet been reconciled by the migration controller.", + "type": "string" + }, + "synchronizedGeneration": { + "description": "synchronizedGeneration is the generation of the authoritative resource that the non-authoritative resource is synchronised with. This field is set when the authoritative resource is updated and the sync controller has updated the non-authoritative resource to match.", + "type": "integer", + "format": "int64" } } }, - "com.github.openshift.api.operatorcontrolplane.v1alpha1.LogEntry": { - "description": "LogEntry records events", + "com.github.openshift.api.machine.v1beta1.MachineSpec": { + "description": "MachineSpec defines the desired state of Machine", "type": "object", - "required": [ - "time", - "success" - ], "properties": { - "latency": { - "description": "latency records how long the action mentioned in the entry took.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" + "authoritativeAPI": { + "description": "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI and ClusterAPI. When set to MachineAPI, writes to the spec of the machine.openshift.io copy of this resource will be reflected into the cluster.x-k8s.io copy. When set to ClusterAPI, writes to the spec of the cluster.x-k8s.io copy of this resource will be reflected into the machine.openshift.io copy. Updates to the status will be reflected in both copies of the resource, based on the controller implementing the functionality of the API. Currently the authoritative API determines which controller will manage the resource, this will change in a future release. To ensure the change has been accepted, please verify that the `status.authoritativeAPI` field has been updated to the desired value and that the `Synchronized` condition is present and set to `True`.", + "type": "string", + "default": "MachineAPI" }, - "message": { - "description": "message explaining status in a human readable format.", - "type": "string" + "lifecycleHooks": { + "description": "lifecycleHooks allow users to pause operations on the machine at certain predefined points within the machine lifecycle.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.LifecycleHooks" }, - "reason": { - "description": "reason for status in a machine readable format.", + "metadata": { + "description": "ObjectMeta will autopopulate the Node created. Use this to indicate what labels, annotations, name prefix, etc., should be used when creating the Node.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.ObjectMeta" + }, + "providerID": { + "description": "providerID is the identification ID of the machine provided by the provider. This field must match the provider ID as seen on the node object corresponding to this machine. This field is required by higher level consumers of cluster-api. Example use case is cluster autoscaler with cluster-api as provider. Clean-up logic in the autoscaler compares machines to nodes to find out machines at provider which could not get registered as Kubernetes nodes. With cluster-api as a generic out-of-tree provider for autoscaler, this field is required by autoscaler to be able to have a provider view of the list of machines. Another list of nodes is queried from the k8s apiserver and then a comparison is done to find out unregistered machines and are marked for delete. This field will be set by the actuators and consumed by higher level entities like autoscaler that will be interfacing with cluster-api as generic provider.", "type": "string" }, - "success": { - "description": "success indicates if the log entry indicates a success or failure.", - "type": "boolean", - "default": false + "providerSpec": { + "description": "providerSpec details Provider-specific configuration to use during node creation.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.ProviderSpec" }, - "time": { - "description": "Start time of check action.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "taints": { + "description": "The list of the taints to be applied to the corresponding Node in additive manner. This list will not overwrite any other taints added to the Node on an ongoing basis by other entities. These taints should be actively reconciled e.g. if you ask the machine controller to apply a taint and then manually remove the taint the machine controller will put it back) but not have the machine controller remove any taints", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Taint.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.operatorcontrolplane.v1alpha1.OutageEntry": { - "description": "OutageEntry records time period of an outage", + "com.github.openshift.api.machine.v1beta1.MachineStatus": { + "description": "MachineStatus defines the observed state of Machine", "type": "object", - "required": [ - "start" - ], "properties": { - "end": { - "description": "end of outage detected", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "endLogs": { - "description": "endLogs contains log entries related to the end of this outage. Should contain the success entry that resolved the outage and possibly a few of the failure log entries that preceded it.", + "addresses": { + "description": "addresses is a list of addresses assigned to the machine. Queried from cloud provider, if available.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.LogEntry" - } + "$ref": "#/definitions/NodeAddress.v1.core.api.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "message": { - "description": "message summarizes outage details in a human readable format.", + "authoritativeAPI": { + "description": "authoritativeAPI is the API that is authoritative for this resource. Valid values are MachineAPI, ClusterAPI and Migrating. This value is updated by the migration controller to reflect the authoritative API. Machine API and Cluster API controllers use this value to determine whether or not to reconcile the resource. When set to Migrating, the migration controller is currently performing the handover of authority from one API to the other.", "type": "string" }, - "start": { - "description": "start of outage detected", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "startLogs": { - "description": "startLogs contains log entries related to the start of this outage. Should contain the original failure, any entries where the failure mode changed.", + "conditions": { + "description": "conditions defines the current state of the Machine", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.LogEntry" - } - } - } - }, - "com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheck": { - "description": "PodNetworkConnectivityCheck\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "type": "object", - "required": [ - "metadata", - "spec" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Condition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "errorMessage": { + "description": "errorMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption.\n\nThis field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "errorReason": { + "description": "errorReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation.\n\nThis field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured.\n\nAny transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output.", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "lastOperation": { + "description": "lastOperation describes the last-operation performed by the machine-controller. This API should be useful as a history in terms of the latest operation performed on the specific machine. It should also convey the state of the latest-operation for example if it is still on-going, failed or completed successfully.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.LastOperation" }, - "spec": { - "description": "spec defines the source and target of the connectivity check", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckSpec" + "lastUpdated": { + "description": "lastUpdated identifies when this status was last observed.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "status": { - "description": "status contains the observed status of the connectivity check", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckStatus" - } - } - }, - "com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckCondition": { - "description": "PodNetworkConnectivityCheckCondition represents the overall status of the pod network connectivity.", - "type": "object", - "required": [ - "type", - "status", - "lastTransitionTime" - ], - "properties": { - "lastTransitionTime": { - "description": "Last time the condition transitioned from one status to another.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "nodeRef": { + "description": "nodeRef will point to the corresponding Node if it exists.", + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" }, - "message": { - "description": "message indicating details about last transition in a human readable format.", + "phase": { + "description": "phase represents the current phase of machine actuation. One of: Failed, Provisioning, Provisioned, Running, Deleting", "type": "string" }, - "reason": { - "description": "reason for the condition's last status transition in a machine readable format.", - "type": "string" + "providerStatus": { + "description": "providerStatus details a Provider-specific status. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" }, - "status": { - "description": "status of the condition", - "type": "string", - "default": "" + "synchronizedAPI": { + "description": "synchronizedAPI holds the last stable value of authoritativeAPI. It is used to detect migration cancellation requests and to restore the resource to its previous state. Valid values are \"MachineAPI\" and \"ClusterAPI\". When omitted, the resource has not yet been reconciled by the migration controller.", + "type": "string" }, - "type": { - "description": "type of the condition", - "type": "string", - "default": "" + "synchronizedGeneration": { + "description": "synchronizedGeneration is the generation of the authoritative resource that the non-authoritative resource is synchronised with. This field is set when the authoritative resource is updated and the sync controller has updated the non-authoritative resource to match.", + "type": "integer", + "format": "int64" } } }, - "com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckList": { - "description": "PodNetworkConnectivityCheckList is a collection of PodNetworkConnectivityCheck\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machine.v1beta1.MachineTemplateSpec": { + "description": "MachineTemplateSpec describes the data needed to create a Machine from a template", "type": "object", - "required": [ - "metadata", - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items contains the items", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheck" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.ObjectMeta" + }, + "spec": { + "description": "Specification of the desired behavior of the machine. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.MachineSpec" } } }, - "com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckSpec": { - "type": "object", - "required": [ - "sourcePod", - "targetEndpoint" - ], - "properties": { - "sourcePod": { - "description": "sourcePod names the pod from which the condition will be checked", - "type": "string", - "default": "" - }, - "targetEndpoint": { - "description": "EndpointAddress to check. A TCP address of the form host:port. Note that if host is a DNS name, then the check would fail if the DNS name cannot be resolved. Specify an IP address for host to bypass DNS name lookup.", - "type": "string", - "default": "" - }, - "tlsClientCert": { - "description": "TLSClientCert, if specified, references a kubernetes.io/tls type secret with 'tls.crt' and 'tls.key' entries containing an optional TLS client certificate and key to be used when checking endpoints that require a client certificate in order to gracefully preform the scan without causing excessive logging in the endpoint process. The secret must exist in the same namespace as this resource.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" + "com.github.openshift.api.machine.v1beta1.MetadataServiceOptions": { + "description": "MetadataServiceOptions defines the options available to a user when configuring Instance Metadata Service (IMDS) Options.", + "type": "object", + "properties": { + "authentication": { + "description": "authentication determines whether or not the host requires the use of authentication when interacting with the metadata service. When using authentication, this enforces v2 interaction method (IMDSv2) with the metadata service. When omitted, this means the user has no opinion and the value is left to the platform to choose a good default, which is subject to change over time. The current default is optional. At this point this field represents `HttpTokens` parameter from `InstanceMetadataOptionsRequest` structure in AWS EC2 API https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_InstanceMetadataOptionsRequest.html", + "type": "string" } } }, - "com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckStatus": { + "com.github.openshift.api.machine.v1beta1.NetworkDeviceSpec": { + "description": "NetworkDeviceSpec defines the network configuration for a virtual machine's network device.", "type": "object", "properties": { - "conditions": { - "description": "conditions summarize the status of the check", + "addressesFromPools": { + "description": "addressesFromPools is a list of references to IP pool types and instances which are handled by an external controller. addressesFromPool configurations provided via addressesFromPools defer IP address assignment to an external controller. IP addresses provided via ipAddrs, however, are intended to allow explicit assignment of a machine's IP address. If both addressesFromPool and ipAddrs are empty or not defined, DHCP will assign an IP address. If both ipAddrs and addressesFromPools are defined, the IP addresses associated with ipAddrs will be applied first followed by IP addresses from addressesFromPools.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckCondition" - }, - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.AddressesFromPool" + } }, - "failures": { - "description": "failures contains logs of unsuccessful check actions", + "gateway": { + "description": "gateway is an IPv4 or IPv6 address which represents the subnet gateway, for example, 192.168.1.1.", + "type": "string" + }, + "ipAddrs": { + "description": "ipAddrs is a list of one or more IPv4 and/or IPv6 addresses and CIDR to assign to this device, for example, 192.168.1.100/24. IP addresses provided via ipAddrs are intended to allow explicit assignment of a machine's IP address. IP pool configurations provided via addressesFromPool, however, defer IP address assignment to an external controller. If both addressesFromPool and ipAddrs are empty or not defined, DHCP will be used to assign an IP address. If both ipAddrs and addressesFromPools are defined, the IP addresses associated with ipAddrs will be applied first followed by IP addresses from addressesFromPools.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.LogEntry" + "type": "string", + "default": "" } }, - "outages": { - "description": "outages contains logs of time periods of outages", + "nameservers": { + "description": "nameservers is a list of IPv4 and/or IPv6 addresses used as DNS nameservers, for example, 8.8.8.8. a nameserver is not provided by a fulfilled IPAddressClaim. If DHCP is not the source of IP addresses for this network device, nameservers should include a valid nameserver.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.OutageEntry" + "type": "string", + "default": "" } }, - "successes": { - "description": "successes contains logs successful check actions", + "networkName": { + "description": "networkName is the name of the vSphere network or port group to which the network device will be connected, for example, port-group-1. When not provided, the vCenter API will attempt to select a default network. The available networks (port groups) can be listed using `govc ls 'network/*'`", + "type": "string" + } + } + }, + "com.github.openshift.api.machine.v1beta1.NetworkSpec": { + "description": "NetworkSpec defines the virtual machine's network configuration.", + "type": "object", + "required": [ + "devices" + ], + "properties": { + "devices": { + "description": "devices defines the virtual machine's network interfaces.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.LogEntry" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.NetworkDeviceSpec" } } } }, - "com.github.openshift.api.operatoringress.v1.DNSRecord": { - "description": "DNSRecord is a DNS record managed in the zones defined by dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone.\n\nCluster admin manipulation of this resource is not supported. This resource is only for internal communication of OpenShift operators.\n\nIf DNSManagementPolicy is \"Unmanaged\", the operator will not be responsible for managing the DNS records on the cloud provider.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1beta1.OSDisk": { "type": "object", "required": [ - "spec", - "status" + "osType", + "managedDisk", + "diskSizeGB" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "cachingType": { + "description": "cachingType specifies the caching requirements. Possible values include: 'None', 'ReadOnly', 'ReadWrite'. Empty value means no opinion and the platform chooses a default, which is subject to change over time. Currently the default is `None`.", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "diskSettings": { + "description": "diskSettings describe ephemeral disk settings for the os disk.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DiskSettings" }, - "spec": { - "description": "spec is the specification of the desired behavior of the dnsRecord.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatoringress.v1.DNSRecordSpec" + "diskSizeGB": { + "description": "diskSizeGB is the size in GB to assign to the data disk.", + "type": "integer", + "format": "int32", + "default": 0 }, - "status": { - "description": "status is the most recently observed status of the dnsRecord.", + "managedDisk": { + "description": "managedDisk specifies the Managed Disk parameters for the OS disk.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatoringress.v1.DNSRecordStatus" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.OSDiskManagedDiskParameters" + }, + "osType": { + "description": "osType is the operating system type of the OS disk. Possible values include \"Linux\" and \"Windows\".", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.operatoringress.v1.DNSRecordList": { - "description": "DNSRecordList contains a list of dnsrecords.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.machine.v1beta1.OSDiskManagedDiskParameters": { + "description": "OSDiskManagedDiskParameters is the parameters of a OSDisk managed disk.", "type": "object", "required": [ - "items" + "storageAccountType" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "diskEncryptionSet": { + "description": "diskEncryptionSet is the disk encryption set properties", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DiskEncryptionSetParameters" + }, + "securityProfile": { + "description": "securityProfile specifies the security profile for the managed disk.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.VMDiskSecurityProfile" + }, + "storageAccountType": { + "description": "storageAccountType is the storage account type to use. Possible values include \"Standard_LRS\", \"Premium_LRS\".", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.machine.v1beta1.ObjectMeta": { + "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create. This is a copy of customizable fields from metav1.ObjectMeta.\n\nObjectMeta is embedded in `Machine.Spec`, `MachineDeployment.Template` and `MachineSet.Template`, which are not top-level Kubernetes objects. Given that metav1.ObjectMeta has lots of special cases and read-only fields which end up in the generated CRD validation, having it as a subset simplifies the API and some issues that can impact user experience.\n\nDuring the [upgrade to controller-tools@v2](https://github.com/kubernetes-sigs/cluster-api/pull/1054) for v1alpha2, we noticed a failure would occur running Cluster API test suite against the new CRDs, specifically `spec.metadata.creationTimestamp in body must be of type string: \"null\"`. The investigation showed that `controller-tools@v2` behaves differently than its previous version when handling types from [metav1](k8s.io/apimachinery/pkg/apis/meta/v1) package.\n\nIn more details, we found that embedded (non-top level) types that embedded `metav1.ObjectMeta` had validation properties, including for `creationTimestamp` (metav1.Time). The `metav1.Time` type specifies a custom json marshaller that, when IsZero() is true, returns `null` which breaks validation because the field isn't marked as nullable.\n\nIn future versions, controller-tools@v2 might allow overriding the type and validation for embedded types. When that happens, this hack should be revisited.", + "type": "object", + "properties": { + "annotations": { + "description": "annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "generateName": { + "description": "generateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header).\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", "type": "string" }, - "items": { + "labels": { + "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } + }, + "name": { + "description": "name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names", + "type": "string" + }, + "namespace": { + "description": "namespace defines the space within each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces", + "type": "string" + }, + "ownerReferences": { + "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatoringress.v1.DNSRecord" - } + "$ref": "#/definitions/OwnerReference.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "uid" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "uid", + "x-kubernetes-patch-strategy": "merge" + } + } + }, + "com.github.openshift.api.machine.v1beta1.Placement": { + "description": "Placement indicates where to create the instance in AWS", + "type": "object", + "properties": { + "availabilityZone": { + "description": "availabilityZone is the availability zone of the instance", + "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "host": { + "description": "host configures placement on AWS Dedicated Hosts. This allows admins to assign instances to specific host for a variety of needs including for regulatory compliance, to leverage existing per-socket or per-core software licenses (BYOL), and to gain visibility and control over instance placement on a physical server. When omitted, the instance is not constrained to a dedicated host.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.HostPlacement" + }, + "region": { + "description": "region is the region to use to create the instance", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "tenancy": { + "description": "tenancy indicates if instance should run on shared or single-tenant hardware. There are supported 3 options: default, dedicated and host. When set to default Runs on shared multi-tenant hardware. When dedicated Runs on single-tenant hardware (any dedicated instance hardware). When host and the host object is not provided: Runs on Dedicated Host; best-effort restart on same host. When `host` and `host` object is provided with affinity `dedicatedHost` defined: Runs on specified Dedicated Host.", + "type": "string" } } }, - "com.github.openshift.api.operatoringress.v1.DNSRecordSpec": { - "description": "DNSRecordSpec contains the details of a DNS record.", + "com.github.openshift.api.machine.v1beta1.ProviderSpec": { + "description": "ProviderSpec defines the configuration to use during node creation.", + "type": "object", + "properties": { + "value": { + "description": "value is an inlined, serialized representation of the resource configuration. It is recommended that providers maintain their own versioned API types that should be serialized/deserialized from this field, akin to component config.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.machine.v1beta1.ResourceManagerTag": { + "description": "ResourceManagerTag is a tag to apply to GCP resources created for the cluster.", "type": "object", "required": [ - "dnsName", - "targets", - "recordType", - "recordTTL", - "dnsManagementPolicy" + "parentID", + "key", + "value" ], "properties": { - "dnsManagementPolicy": { - "description": "dnsManagementPolicy denotes the current policy applied on the DNS record. Records that have policy set as \"Unmanaged\" are ignored by the ingress operator. This means that the DNS record on the cloud provider is not managed by the operator, and the \"Published\" status condition will be updated to \"Unknown\" status, since it is externally managed. Any existing record on the cloud provider can be deleted at the discretion of the cluster admin.\n\nThis field defaults to Managed. Valid values are \"Managed\" and \"Unmanaged\".", + "key": { + "description": "key is the key part of the tag. A tag key can have a maximum of 63 characters and cannot be empty. Tag key must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `._-`.", "type": "string", - "default": "Managed" + "default": "" }, - "dnsName": { - "description": "dnsName is the hostname of the DNS record", + "parentID": { + "description": "parentID is the ID of the hierarchical resource where the tags are defined e.g. at the Organization or the Project level. To find the Organization or Project ID ref https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects An OrganizationID can have a maximum of 32 characters and must consist of decimal numbers, and cannot have leading zeroes. A ProjectID must be 6 to 30 characters in length, can only contain lowercase letters, numbers, and hyphens, and must start with a letter, and cannot end with a hyphen.", "type": "string", "default": "" }, - "recordTTL": { - "description": "recordTTL is the record TTL in seconds. If zero, the default is 30. RecordTTL will not be used in AWS regions Alias targets, but will be used in CNAME targets, per AWS API contract.", - "type": "integer", - "format": "int64", - "default": 0 - }, - "recordType": { - "description": "recordType is the DNS record type. For example, \"A\", \"AAAA\", or \"CNAME\".", + "value": { + "description": "value is the value part of the tag. A tag value can have a maximum of 63 characters and cannot be empty. Tag value must begin and end with an alphanumeric character, and must contain only uppercase, lowercase alphanumeric characters, and the following special characters `_-.@%=+:,*#&(){}[]` and spaces.", "type": "string", "default": "" - }, - "targets": { - "description": "targets are record targets.", - "type": "array", - "items": { - "type": "string", - "default": "" - } } } }, - "com.github.openshift.api.operatoringress.v1.DNSRecordStatus": { - "description": "DNSRecordStatus is the most recently observed status of each record.", + "com.github.openshift.api.machine.v1beta1.SecurityProfile": { + "description": "SecurityProfile specifies the Security profile settings for a virtual machine or virtual machine scale set.", "type": "object", "properties": { - "observedGeneration": { - "description": "observedGeneration is the most recently observed generation of the DNSRecord. When the DNSRecord is updated, the controller updates the corresponding record in each managed zone. If an update for a particular zone fails, that failure is recorded in the status condition for the zone so that the controller can determine that it needs to retry the update for that specific zone.", - "type": "integer", - "format": "int64" + "encryptionAtHost": { + "description": "encryptionAtHost indicates whether Host Encryption should be enabled or disabled for a virtual machine or virtual machine scale set. This should be disabled when SecurityEncryptionType is set to DiskWithVMGuestState. Default is disabled.", + "type": "boolean" }, - "zones": { - "description": "zones are the status of the record in each zone.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatoringress.v1.DNSZoneStatus" - } + "settings": { + "description": "settings specify the security type and the UEFI settings of the virtual machine. This field can be set for Confidential VMs and Trusted Launch for VMs.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.SecuritySettings" } } }, - "com.github.openshift.api.operatoringress.v1.DNSZoneCondition": { - "description": "DNSZoneCondition is just the standard condition fields.", + "com.github.openshift.api.machine.v1beta1.SecuritySettings": { + "description": "SecuritySettings define the security type and the UEFI settings of the virtual machine.", "type": "object", "required": [ - "type", - "status" + "securityType" ], "properties": { - "lastTransitionTime": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "confidentialVM": { + "description": "confidentialVM specifies the security configuration of the virtual machine. For more information regarding Confidential VMs, please refer to: https://learn.microsoft.com/azure/confidential-computing/confidential-vm-overview", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.ConfidentialVM" }, - "message": { - "type": "string" + "securityType": { + "description": "securityType specifies the SecurityType of the virtual machine. It has to be set to any specified value to enable UEFISettings. The default behavior is: UEFISettings will not be enabled unless this property is set.", + "type": "string", + "default": "" }, - "reason": { + "trustedLaunch": { + "description": "trustedLaunch specifies the security configuration of the virtual machine. For more information regarding TrustedLaunch for VMs, please refer to: https://learn.microsoft.com/azure/virtual-machines/trusted-launch", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.TrustedLaunch" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "securityType", + "fields-to-discriminateBy": { + "confidentialVM": "ConfidentialVM", + "trustedLaunch": "TrustedLaunch" + } + } + ] + }, + "com.github.openshift.api.machine.v1beta1.SpotMarketOptions": { + "description": "SpotMarketOptions defines the options available to a user when configuring Machines to run on Spot instances. Most users should provide an empty struct.", + "type": "object", + "properties": { + "maxPrice": { + "description": "The maximum price the user is willing to pay for their instances Default: On-Demand price", "type": "string" - }, - "status": { + } + } + }, + "com.github.openshift.api.machine.v1beta1.SpotVMOptions": { + "description": "SpotVMOptions defines the options relevant to running the Machine on Spot VMs", + "type": "object", + "properties": { + "maxPrice": { + "description": "maxPrice defines the maximum price the user is willing to pay for Spot VM instances", + "$ref": "#/definitions/Quantity.resource.api.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.machine.v1beta1.TagSpecification": { + "description": "TagSpecification is the name/value pair for a tag", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "name of the tag. This field is required and must be a non-empty string. Must be between 1 and 128 characters in length.", "type": "string", "default": "" }, - "type": { + "value": { + "description": "value of the tag. When omitted, this creates a tag with an empty string as the value.", "type": "string", "default": "" } } }, - "com.github.openshift.api.operatoringress.v1.DNSZoneStatus": { - "description": "DNSZoneStatus is the status of a record within a specific zone.", + "com.github.openshift.api.machine.v1beta1.TrustedLaunch": { + "description": "TrustedLaunch defines the UEFI settings for the virtual machine.", "type": "object", "required": [ - "dnsZone" + "uefiSettings" ], "properties": { - "conditions": { - "description": "conditions are any conditions associated with the record in the zone.\n\nIf publishing the record succeeds, the \"Published\" condition will be set with status \"True\" and upon failure it will be set to \"False\" along with the reason and message describing the cause of the failure.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operatoringress.v1.DNSZoneCondition" - } - }, - "dnsZone": { - "description": "dnsZone is the zone where the record is published.", + "uefiSettings": { + "description": "uefiSettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.DNSZone" + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.UEFISettings" } } }, - "com.github.openshift.api.osin.v1.AllowAllPasswordIdentityProvider": { - "description": "AllowAllPasswordIdentityProvider provides identities for users authenticating using non-empty passwords\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machine.v1beta1.UEFISettings": { + "description": "UEFISettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "secureBoot": { + "description": "secureBoot specifies whether secure boot should be enabled on the virtual machine. Secure Boot verifies the digital signature of all boot components and halts the boot process if signature verification fails. If omitted, the platform chooses a default, which is subject to change over time, currently that default is disabled.", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "virtualizedTrustedPlatformModule": { + "description": "virtualizedTrustedPlatformModule specifies whether vTPM should be enabled on the virtual machine. When enabled the virtualized trusted platform module measurements are used to create a known good boot integrity policy baseline. The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed. This is required to be enabled if SecurityEncryptionType is defined. If omitted, the platform chooses a default, which is subject to change over time, currently that default is disabled.", "type": "string" } } }, - "com.github.openshift.api.osin.v1.BasicAuthPasswordIdentityProvider": { - "description": "BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machine.v1beta1.UnhealthyCondition": { + "description": "UnhealthyCondition represents a Node condition type and value with a timeout specified as a duration. When the named condition has been in the given status for at least the timeout value, a node is considered unhealthy.", "type": "object", "required": [ - "url", - "ca", - "certFile", - "keyFile" + "type", + "status", + "timeout" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "ca": { - "description": "ca is the CA for verifying TLS connections", + "status": { "type": "string", "default": "" }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" + "timeout": { + "description": "Expects an unsigned duration string of decimal numbers each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\"), \"ms\", \"s\", \"m\", \"h\".", + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", + "type": { "type": "string", "default": "" + } + } + }, + "com.github.openshift.api.machine.v1beta1.VMDiskSecurityProfile": { + "description": "VMDiskSecurityProfile specifies the security profile settings for the managed disk. It can be set only for Confidential VMs.", + "type": "object", + "properties": { + "diskEncryptionSet": { + "description": "diskEncryptionSet specifies the customer managed disk encryption set resource id for the managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and VMGuest blob.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.DiskEncryptionSetParameters" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "securityEncryptionType": { + "description": "securityEncryptionType specifies the encryption type of the managed disk. It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only. When set to VMGuestStateOnly, the vTPM should be enabled. When set to DiskWithVMGuestState, both SecureBoot and vTPM should be enabled. If the above conditions are not fulfilled, the VM will not be created and the respective error will be returned. It can be set only for Confidential VMs. Confidential VMs are defined by their SecurityProfile.SecurityType being set to ConfidentialVM, the SecurityEncryptionType of their OS disk being set to one of the allowed values and by enabling the respective SecurityProfile.UEFISettings of the VM (i.e. vTPM and SecureBoot), depending on the selected SecurityEncryptionType. For further details on Azure Confidential VMs, please refer to the respective documentation: https://learn.microsoft.com/azure/confidential-computing/confidential-vm-overview", "type": "string" - }, - "url": { - "description": "url is the remote URL to connect to", - "type": "string", - "default": "" } } }, - "com.github.openshift.api.osin.v1.DenyAllPasswordIdentityProvider": { - "description": "DenyAllPasswordIdentityProvider provides no identities for users\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machine.v1beta1.VSphereDisk": { + "description": "VSphereDisk describes additional disks for vSphere.", "type": "object", + "required": [ + "name", + "sizeGiB" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "name": { + "description": "name is used to identify the disk definition. name is required needs to be unique so that it can be used to clearly identify purpose of the disk. It must be at most 80 characters in length and must consist only of alphanumeric characters, hyphens and underscores, and must start and end with an alphanumeric character.", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "provisioningMode": { + "description": "provisioningMode is an optional field that specifies the provisioning type to be used by this vSphere data disk. Allowed values are \"Thin\", \"Thick\", \"EagerlyZeroed\", and omitted. When set to Thin, the disk will be made using thin provisioning allocating the bare minimum space. When set to Thick, the full disk size will be allocated when disk is created. When set to EagerlyZeroed, the disk will be created using eager zero provisioning. An eager zeroed thick disk has all space allocated and wiped clean of any previous contents on the physical media at creation time. Such disks may take longer time during creation compared to other disk formats. When omitted, no setting will be applied to the data disk and the provisioning mode for the disk will be determined by the default storage policy configured for the datastore in vSphere.", "type": "string" + }, + "sizeGiB": { + "description": "sizeGiB is the size of the disk in GiB. The maximum supported size 16384 GiB.", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "com.github.openshift.api.osin.v1.GitHubIdentityProvider": { - "description": "GitHubIdentityProvider provides identities for users authenticating using GitHub credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machine.v1beta1.VSphereMachineProviderSpec": { + "description": "VSphereMachineProviderSpec is the type that will be embedded in a Machine.Spec.ProviderSpec field for an VSphere virtual machine. It is used by the vSphere machine actuator to create a single Machine. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "clientID", - "clientSecret", - "organizations", - "teams", - "hostname", - "ca" + "template", + "network" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "ca": { - "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server. If empty, the default system roots are used. This can only be configured when hostname is set to a non-empty value.", - "type": "string", - "default": "" + "cloneMode": { + "description": "cloneMode specifies the type of clone operation. The LinkedClone mode is only support for templates that have at least one snapshot. If the template has no snapshots, then CloneMode defaults to FullClone. When LinkedClone mode is enabled the DiskGiB field is ignored as it is not possible to expand disks of linked clones. Defaults to FullClone. When using LinkedClone, if no snapshots exist for the source template, falls back to FullClone.", + "type": "string" }, - "clientID": { - "description": "clientID is the oauth client ID", - "type": "string", - "default": "" + "credentialsSecret": { + "description": "credentialsSecret is a reference to the secret with vSphere credentials.", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" }, - "clientSecret": { - "description": "clientSecret is the oauth client secret", - "$ref": "#/definitions/com.github.openshift.api.config.v1.StringSource" + "dataDisks": { + "description": "dataDisks is a list of non OS disks to be created and attached to the VM. The max number of disk allowed to be attached is currently 29. The max number of disks for any controller is 30, but VM template will always have OS disk so that will leave 29 disks on any controller type.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.VSphereDisk" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "hostname": { - "description": "hostname is the optional domain (e.g. \"mycompany.com\") for use with a hosted instance of GitHub Enterprise. It must match the GitHub Enterprise settings value that is configured at /setup/settings#hostname.", - "type": "string", - "default": "" + "diskGiB": { + "description": "diskGiB is the size of a virtual machine's disk, in GiB. Defaults to the analogue property value in the template from which this machine is cloned. This parameter will be ignored if 'LinkedClone' CloneMode is set.", + "type": "integer", + "format": "int32" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "organizations": { - "description": "organizations optionally restricts which organizations are allowed to log in", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "memoryMiB": { + "description": "memoryMiB is the size of a virtual machine's memory, in MiB. Defaults to the analogue property value in the template from which this machine is cloned.", + "type": "integer", + "format": "int64" }, - "teams": { - "description": "teams optionally restricts which teams are allowed to log in. Format is /.", + "metadata": { + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "network": { + "description": "network is the network configuration for this machine's VM.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.NetworkSpec" + }, + "numCPUs": { + "description": "numCPUs is the number of virtual processors in a virtual machine. Defaults to the analogue property value in the template from which this machine is cloned.", + "type": "integer", + "format": "int32" + }, + "numCoresPerSocket": { + "description": "NumCPUs is the number of cores among which to distribute CPUs in this virtual machine. Defaults to the analogue property value in the template from which this machine is cloned.", + "type": "integer", + "format": "int32" + }, + "snapshot": { + "description": "snapshot is the name of the snapshot from which the VM was cloned", + "type": "string", + "default": "" + }, + "tagIDs": { + "description": "tagIDs is an optional set of tags to add to an instance. Specified tagIDs must use URN-notation instead of display names. A maximum of 10 tag IDs may be specified.", "type": "array", "items": { "type": "string", "default": "" } + }, + "template": { + "description": "template is the name, inventory path, or instance UUID of the template used to clone new machines.", + "type": "string", + "default": "" + }, + "userDataSecret": { + "description": "userDataSecret contains a local reference to a secret that contains the UserData to apply to the instance", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + }, + "workspace": { + "description": "workspace describes the workspace to use for the machine.", + "$ref": "#/definitions/com.github.openshift.api.machine.v1beta1.Workspace" } } }, - "com.github.openshift.api.osin.v1.GitLabIdentityProvider": { - "description": "GitLabIdentityProvider provides identities for users authenticating using GitLab credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machine.v1beta1.VSphereMachineProviderStatus": { + "description": "VSphereMachineProviderStatus is the type that will be embedded in a Machine.Status.ProviderStatus field. It contains VSphere-specific status information. Compatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "ca", - "url", - "clientID", - "clientSecret" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "ca": { - "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", - "type": "string", - "default": "" + "conditions": { + "description": "conditions is a set of conditions associated with the Machine to indicate errors or other status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "clientID": { - "description": "clientID is the oauth client ID", - "type": "string", - "default": "" + "instanceId": { + "description": "instanceId is the ID of the instance in VSphere", + "type": "string" }, - "clientSecret": { - "description": "clientSecret is the oauth client secret", - "$ref": "#/definitions/com.github.openshift.api.config.v1.StringSource" + "instanceState": { + "description": "instanceState is the provisioning state of the VSphere Instance.", + "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "legacy": { - "description": "legacy determines if OAuth2 or OIDC should be used If true, OAuth2 is used If false, OIDC is used If nil and the URL's host is gitlab.com, OIDC is used Otherwise, OAuth2 is used In a future release, nil will default to using OIDC Eventually this flag will be removed and only OIDC will be used", - "type": "boolean" - }, - "url": { - "description": "url is the oauth server base URL", - "type": "string", - "default": "" + "taskRef": { + "description": "taskRef is a managed object reference to a Task related to the machine. This value is set automatically at runtime and should not be set or modified by users.", + "type": "string" } } }, - "com.github.openshift.api.osin.v1.GoogleIdentityProvider": { - "description": "GoogleIdentityProvider provides identities for users authenticating using Google credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machine.v1beta1.Workspace": { + "description": "WorkspaceConfig defines a workspace configuration for the vSphere cloud provider.", "type": "object", - "required": [ - "clientID", - "clientSecret", - "hostedDomain" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "datacenter": { + "description": "datacenter is the datacenter in which VMs are created/located.", "type": "string" }, - "clientID": { - "description": "clientID is the oauth client ID", - "type": "string", - "default": "" + "datastore": { + "description": "datastore is the datastore in which VMs are created/located.", + "type": "string" }, - "clientSecret": { - "description": "clientSecret is the oauth client secret", - "$ref": "#/definitions/com.github.openshift.api.config.v1.StringSource" + "folder": { + "description": "folder is the folder in which VMs are created/located.", + "type": "string" }, - "hostedDomain": { - "description": "hostedDomain is the optional Google App domain (e.g. \"mycompany.com\") to restrict logins to", - "type": "string", - "default": "" + "resourcePool": { + "description": "resourcePool is the resource pool in which VMs are created/located.", + "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "server": { + "description": "server is the IP address or FQDN of the vSphere endpoint.", "type": "string" - } - } - }, - "com.github.openshift.api.osin.v1.GrantConfig": { - "description": "GrantConfig holds the necessary configuration options for grant handlers", - "type": "object", - "required": [ - "method", - "serviceAccountMethod" - ], - "properties": { - "method": { - "description": "method determines the default strategy to use when an OAuth client requests a grant. This method will be used only if the specific OAuth client doesn't provide a strategy of their own. Valid grant handling methods are:\n - auto: always approves grant requests, useful for trusted clients\n - prompt: prompts the end user for approval of grant requests, useful for third-party clients\n - deny: always denies grant requests, useful for black-listed clients", - "type": "string", - "default": "" }, - "serviceAccountMethod": { - "description": "serviceAccountMethod is used for determining client authorization for service account oauth client. It must be either: deny, prompt", - "type": "string", - "default": "" + "vmGroup": { + "description": "vmGroup is the cluster vm group in which virtual machines will be added for vm host group based zonal.", + "type": "string" } } }, - "com.github.openshift.api.osin.v1.HTPasswdPasswordIdentityProvider": { - "description": "HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImage": { + "description": "InternalReleaseImage is used to keep track and manage a set of release bundles (OCP and OLM operators images) that are stored into the control planes nodes.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "file" + "metadata", + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "file": { - "description": "file is a reference to your htpasswd file", - "type": "string", - "default": "" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec describes the configuration of this internal release image.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageSpec" + }, + "status": { + "description": "status describes the last observed state of this internal release image.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageStatus" } } }, - "com.github.openshift.api.osin.v1.IdentityProvider": { - "description": "IdentityProvider provides identities for users authenticating using credentials", + "com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageBundleStatus": { "type": "object", "required": [ - "name", - "challenge", - "login", - "mappingMethod", - "provider" + "name" ], "properties": { - "challenge": { - "description": "challenge indicates whether to issue WWW-Authenticate challenges for this provider", - "type": "boolean", - "default": false - }, - "login": { - "description": "login indicates whether to use this identity provider for unauthenticated browsers to login against", - "type": "boolean", - "default": false + "conditions": { + "description": "conditions represent the observations of an internal release image current state. Valid types are: Mounted, Installing, Available, Removing and Degraded.\n\nIf Mounted is true, that means that a valid ISO has been discovered and mounted on one of the cluster nodes. If Installing is true, that means that a new release bundle is currently being copied on one (or more) cluster nodes, and not yet completed. If Available is true, it means that the release has been previously installed on all the cluster nodes, and it can be used. If Removing is true, it means that a release deletion is in progress on one (or more) cluster nodes, and not yet completed. If Degraded is true, that means something has gone wrong (possibly on one or more cluster nodes).\n\nIn general, after installing a new release bundle, it is required to wait for the Conditions \"Available\" to become \"True\" (and all the other conditions to be equal to \"False\") before being able to pull its content.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "mappingMethod": { - "description": "mappingMethod determines how identities from this provider are mapped to users", - "type": "string", - "default": "" + "image": { + "description": "image is an OCP release image referenced by digest. The format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters. The field is optional, and it will be provided after a release will be successfully installed.", + "type": "string" }, "name": { - "description": "name is used to qualify the identities returned by this provider", - "type": "string", - "default": "" - }, - "provider": { - "description": "provider contains the information about how to set up a specific identity provider", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "description": "name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. The expected name format is ocp-release-bundle--.", + "type": "string" } } }, - "com.github.openshift.api.osin.v1.KeystonePasswordIdentityProvider": { - "description": "KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageList": { + "description": "InternalReleaseImageList is a list of InternalReleaseImage resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "url", - "ca", - "certFile", - "keyFile", - "domainName", - "useKeystoneIdentity" + "metadata", + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "ca": { - "description": "ca is the CA for verifying TLS connections", - "type": "string", - "default": "" - }, - "certFile": { - "description": "certFile is a file containing a PEM-encoded certificate", - "type": "string", - "default": "" - }, - "domainName": { - "description": "domainName is required for keystone v3", - "type": "string", - "default": "" - }, - "keyFile": { - "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", - "type": "string", - "default": "" + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImage" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "url": { - "description": "url is the remote URL to connect to", - "type": "string", - "default": "" - }, - "useKeystoneIdentity": { - "description": "useKeystoneIdentity flag indicates that user should be authenticated by keystone ID, not by username", - "type": "boolean", - "default": false + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.osin.v1.LDAPAttributeMapping": { - "description": "LDAPAttributeMapping maps LDAP attributes to OpenShift identity fields", + "com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageRef": { + "description": "InternalReleaseImageRef is used to provide a simple reference for a release bundle. Currently it contains only the name field.", "type": "object", "required": [ - "id", - "preferredUsername", - "name", - "email" + "name" ], "properties": { - "email": { - "description": "email is the list of attributes whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "id": { - "description": "id is the list of attributes whose values should be used as the user ID. Required. LDAP standard identity attribute is \"dn\"", + "name": { + "description": "name indicates the desired release bundle identifier. This field is required and must be between 1 and 64 characters long. The expected name format is ocp-release-bundle--.", + "type": "string" + } + } + }, + "com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageSpec": { + "description": "InternalReleaseImageSpec defines the desired state of a InternalReleaseImage.", + "type": "object", + "required": [ + "releases" + ], + "properties": { + "releases": { + "description": "releases is a list of release bundle identifiers that the user wants to add/remove to/from the control plane nodes. Entries must be unique, keyed on the name field. releases must contain at least one entry and must not exceed 16 entries.", "type": "array", "items": { - "type": "string", - "default": "" - } - }, - "name": { - "description": "name is the list of attributes whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity LDAP standard display name attribute is \"cn\"", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageRef" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageStatus": { + "description": "InternalReleaseImageStatus describes the current state of a InternalReleaseImage.", + "type": "object", + "required": [ + "releases" + ], + "properties": { + "conditions": { + "description": "conditions represent the observations of the InternalReleaseImage controller current state. Valid types are: Degraded. If Degraded is true, that means something has gone wrong in the controller.", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "preferredUsername": { - "description": "preferredUsername is the list of attributes whose values should be used as the preferred username. LDAP standard login attribute is \"uid\"", + "releases": { + "description": "releases is a list of the release bundles currently owned and managed by the cluster. A release bundle content could be safely pulled only when its Conditions field contains at least an Available entry set to \"True\" and Degraded to \"False\". Entries must be unique, keyed on the name field. releases must contain at least one entry and must not exceed 32 entries.", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.InternalReleaseImageBundleStatus" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.osin.v1.LDAPPasswordIdentityProvider": { - "description": "LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStream": { + "description": "OSImageStream describes a set of streams and associated images available for the MachineConfigPools to be used as base OS images.\n\nThe resource is a singleton named \"cluster\".\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "url", - "bindDN", - "bindPassword", - "insecure", - "ca", - "attributes" + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "attributes": { - "description": "attributes maps LDAP attributes to identities", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.osin.v1.LDAPAttributeMapping" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "bindDN": { - "description": "bindDN is an optional DN to bind with during the search phase.", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "bindPassword": { - "description": "bindPassword is an optional password to bind with during the search phase.", - "$ref": "#/definitions/com.github.openshift.api.config.v1.StringSource" + "spec": { + "description": "spec contains the desired OSImageStream config configuration.", + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamSpec" }, - "ca": { - "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", - "type": "string", - "default": "" + "status": { + "description": "status describes the last observed state of this OSImageStream. Populated by the MachineConfigOperator after reading release metadata. When not present, the controller has not yet reconciled this resource.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamStatus" + } + } + }, + "com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamList": { + "description": "OSImageStreamList is a list of OSImageStream resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "required": [ + "metadata", + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "insecure": { - "description": "insecure, if true, indicates the connection should not use TLS. Cannot be set to true with a URL scheme of \"ldaps://\" If false, \"ldaps://\" URLs connect using TLS, and \"ldap://\" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830", - "type": "boolean", - "default": false + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStream" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "url": { - "description": "url is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is\n ldap://host:port/basedn?attribute?scope?filter", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.osin.v1.OAuthConfig": { - "description": "OAuthConfig holds the necessary configuration options for OAuth authentication", + "com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamSet": { "type": "object", "required": [ - "masterCA", - "masterURL", - "masterPublicURL", - "loginURL", - "assetPublicURL", - "alwaysShowProviderSelection", - "identityProviders", - "grantConfig", - "sessionConfig", - "tokenConfig", - "templates" + "name", + "osImage", + "osExtensionsImage" ], "properties": { - "alwaysShowProviderSelection": { - "description": "alwaysShowProviderSelection will force the provider selection page to render even when there is only a single provider.", - "type": "boolean", - "default": false - }, - "assetPublicURL": { - "description": "assetPublicURL is used for building valid client redirect URLs for external access", - "type": "string", - "default": "" + "name": { + "description": "name is the required identifier of the stream.\n\nname is determined by the operator based on the OCI label of the discovered OS or Extension Image.\n\nMust be a valid RFC 1123 subdomain between 1 and 253 characters in length, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.').", + "type": "string" }, - "grantConfig": { - "description": "grantConfig describes how to handle grants", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.osin.v1.GrantConfig" + "osExtensionsImage": { + "description": "osExtensionsImage is a required OS Extensions Image referenced by digest.\n\nosExtensionsImage bundles the extra repositories used to enable extensions, augmenting the base operating system without modifying the underlying immutable osImage.\n\nThe format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters.", + "type": "string" }, - "identityProviders": { - "description": "identityProviders is an ordered list of ways for a user to identify themselves", + "osImage": { + "description": "osImage is a required OS Image referenced by digest.\n\nosImage contains the immutable, fundamental operating system components, including the kernel and base utilities, that define the core environment for the node's host operating system.\n\nThe format of the image pull spec is: host[:port][/namespace]/name@sha256:, where the digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the whole spec must be between 1 to 447 characters.", + "type": "string" + } + } + }, + "com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamSpec": { + "description": "OSImageStreamSpec defines the desired state of a OSImageStream.", + "type": "object", + "properties": { + "defaultStream": { + "description": "defaultStream is the desired name of the stream that should be used as the default when no specific stream is requested by a MachineConfigPool.\n\nThis field is set by the installer during installation. Users may need to update it if the currently selected stream is no longer available, for example when the stream has reached its End of Life. The MachineConfigOperator uses this value to determine which stream from status.availableStreams to apply as the default for MachineConfigPools that do not specify a stream override.\n\nWhen status.availableStreams has been populated by the operator, updating this field requires that the new value references the name of one of the streams in status.availableStreams. Status-only updates by the operator are not subject to this constraint, allowing the operator to update availableStreams independently of this field. During initial creation, before the operator has populated status, any valid value is accepted.\n\nWhen omitted, the operator determines the default stream automatically. Once set, this field cannot be removed.\n\nIt must be a valid RFC 1123 subdomain between 1 and 253 characters in length, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.').", + "type": "string" + } + } + }, + "com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamStatus": { + "description": "OSImageStreamStatus describes the current state of a OSImageStream", + "type": "object", + "required": [ + "availableStreams", + "defaultStream" + ], + "properties": { + "availableStreams": { + "description": "availableStreams is a list of the available OS Image Streams that can be used as the base image for MachineConfigPools. availableStreams is required, must have at least one item, must not exceed 100 items, and must have unique entries keyed on the name field.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.osin.v1.IdentityProvider" - } - }, - "loginURL": { - "description": "loginURL, along with masterCA, masterURL and masterPublicURL have distinct meanings depending on how the OAuth server is run. The two states are: 1. embedded in the kube api server (all 3.x releases) 2. as a standalone external process (all 4.x releases) in the embedded configuration, loginURL is equivalent to masterPublicURL and the other fields have functionality that matches their docs. in the standalone configuration, the fields are used as: loginURL is the URL required to login to the cluster: oc login --server= masterPublicURL is the issuer URL it is accessible from inside (service network) and outside (ingress) of the cluster masterURL is the loopback variation of the token_endpoint URL with no path component it is only accessible from inside (service network) of the cluster masterCA is used to perform TLS verification for connections made to masterURL For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2", - "type": "string", - "default": "" + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.OSImageStreamSet" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "masterCA": { - "description": "masterCA is the CA for verifying the TLS connection back to the MasterURL. This field is deprecated and will be removed in a future release. See loginURL for details. Deprecated", + "defaultStream": { + "description": "defaultStream is the name of the stream that should be used as the default when no specific stream is requested by a MachineConfigPool.\n\nIt must be a valid RFC 1123 subdomain between 1 and 253 characters in length, consisting of lowercase alphanumeric characters, hyphens ('-'), and periods ('.'), and must reference the name of one of the streams in availableStreams.", + "type": "string" + } + } + }, + "com.github.openshift.api.monitoring.v1.AlertRelabelConfig": { + "description": "AlertRelabelConfig defines a set of relabel configs for alerts.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "masterPublicURL": { - "description": "masterPublicURL is used for building valid client redirect URLs for internal and external access This field is deprecated and will be removed in a future release. See loginURL for details. Deprecated", - "type": "string", - "default": "" - }, - "masterURL": { - "description": "masterURL is used for making server-to-server calls to exchange authorization codes for access tokens This field is deprecated and will be removed in a future release. See loginURL for details. Deprecated", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "sessionConfig": { - "description": "sessionConfig hold information about configuring sessions.", - "$ref": "#/definitions/com.github.openshift.api.osin.v1.SessionConfig" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "templates": { - "description": "templates allow you to customize pages like the login page.", - "$ref": "#/definitions/com.github.openshift.api.osin.v1.OAuthTemplates" + "spec": { + "description": "spec describes the desired state of this AlertRelabelConfig object.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.AlertRelabelConfigSpec" }, - "tokenConfig": { - "description": "tokenConfig contains options for authorization and access tokens", + "status": { + "description": "status describes the current state of this AlertRelabelConfig object.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.osin.v1.TokenConfig" + "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.AlertRelabelConfigStatus" } } }, - "com.github.openshift.api.osin.v1.OAuthTemplates": { - "description": "OAuthTemplates allow for customization of pages like the login page", + "com.github.openshift.api.monitoring.v1.AlertRelabelConfigList": { + "description": "AlertRelabelConfigList is a list of AlertRelabelConfigs.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "login", - "providerSelection", - "error" - ], "properties": { - "error": { - "description": "error is a path to a file containing a go template used to render error pages during the authentication or grant flow If unspecified, the default error page is used.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "login": { - "description": "login is a path to a file containing a go template used to render the login page. If unspecified, the default login page is used.", - "type": "string", - "default": "" + "items": { + "description": "items is a list of AlertRelabelConfigs.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.AlertRelabelConfig" + } }, - "providerSelection": { - "description": "providerSelection is a path to a file containing a go template used to render the provider selection page. If unspecified, the default provider selection page is used.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.osin.v1.OpenIDClaims": { - "description": "OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider", + "com.github.openshift.api.monitoring.v1.AlertRelabelConfigSpec": { + "description": "AlertRelabelConfigsSpec is the desired state of an AlertRelabelConfig resource.", "type": "object", "required": [ - "id", - "preferredUsername", - "name", - "email", - "groups" + "configs" ], "properties": { - "email": { - "description": "email is the list of claims whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "groups": { - "description": "groups is the list of claims value of which should be used to synchronize groups from the OIDC provider to OpenShift for the user", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "id": { - "description": "id is the list of claims whose values should be used as the user ID. Required. OpenID standard identity claim is \"sub\"", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "name": { - "description": "name is the list of claims whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity", + "configs": { + "description": "configs is a list of sequentially evaluated alert relabel configs.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.RelabelConfig" } - }, - "preferredUsername": { - "description": "preferredUsername is the list of claims whose values should be used as the preferred username. If unspecified, the preferred username is determined from the value of the id claim", + } + } + }, + "com.github.openshift.api.monitoring.v1.AlertRelabelConfigStatus": { + "description": "AlertRelabelConfigStatus is the status of an AlertRelabelConfig resource.", + "type": "object", + "properties": { + "conditions": { + "description": "conditions contains details on the state of the AlertRelabelConfig, may be empty.", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" } } }, - "com.github.openshift.api.osin.v1.OpenIDIdentityProvider": { - "description": "OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.monitoring.v1.AlertingRule": { + "description": "AlertingRule represents a set of user-defined Prometheus rule groups containing alerting rules. This resource is the supported method for cluster admins to create alerts based on metrics recorded by the platform monitoring stack in OpenShift, i.e. the Prometheus instance deployed to the openshift-monitoring namespace. You might use this to create custom alerting rules not shipped with OpenShift based on metrics from components such as the node_exporter, which provides machine-level metrics such as CPU usage, or kube-state-metrics, which provides metrics on Kubernetes usage.\n\nThe API is mostly compatible with the upstream PrometheusRule type from the prometheus-operator. The primary difference being that recording rules are not allowed here -- only alerting rules. For each AlertingRule resource created, a corresponding PrometheusRule will be created in the openshift-monitoring namespace. OpenShift requires admins to use the AlertingRule resource rather than the upstream type in order to allow better OpenShift specific defaulting and validation, while not modifying the upstream APIs directly.\n\nYou can find upstream API documentation for PrometheusRule resources here:\n\nhttps://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "ca", - "clientID", - "clientSecret", - "extraScopes", - "extraAuthorizeParameters", - "urls", - "claims" + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "ca": { - "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "claims": { - "description": "claims mappings", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.osin.v1.OpenIDClaims" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "clientID": { - "description": "clientID is the oauth client ID", - "type": "string", - "default": "" - }, - "clientSecret": { - "description": "clientSecret is the oauth client secret", - "$ref": "#/definitions/com.github.openshift.api.config.v1.StringSource" + "spec": { + "description": "spec describes the desired state of this AlertingRule object.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.AlertingRuleSpec" }, - "extraAuthorizeParameters": { - "description": "extraAuthorizeParameters are any custom parameters to add to the authorize request.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "status": { + "description": "status describes the current state of this AlertOverrides object.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.AlertingRuleStatus" + } + } + }, + "com.github.openshift.api.monitoring.v1.AlertingRuleList": { + "description": "AlertingRuleList is a list of AlertingRule objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "extraScopes": { - "description": "extraScopes are any scopes to request in addition to the standard \"openid\" scope.", + "items": { + "description": "items is a list of AlertingRule objects.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.AlertingRule" } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "urls": { - "description": "urls to use to authenticate", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.osin.v1.OpenIDURLs" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.osin.v1.OpenIDURLs": { - "description": "OpenIDURLs are URLs to use when authenticating with an OpenID identity provider", + "com.github.openshift.api.monitoring.v1.AlertingRuleSpec": { + "description": "AlertingRuleSpec is the desired state of an AlertingRule resource.", "type": "object", "required": [ - "authorize", - "token", - "userInfo" + "groups" ], "properties": { - "authorize": { - "description": "authorize is the oauth authorization URL", - "type": "string", - "default": "" - }, - "token": { - "description": "token is the oauth token granting URL", - "type": "string", - "default": "" + "groups": { + "description": "groups is a list of grouped alerting rules. Rule groups are the unit at which Prometheus parallelizes rule processing. All rules in a single group share a configured evaluation interval. All rules in the group will be processed together on this interval, sequentially, and all rules will be processed.\n\nIt's common to group related alerting rules into a single AlertingRule resources, and within that resource, closely related alerts, or simply alerts with the same interval, into individual groups. You are also free to create AlertingRule resources with only a single rule group, but be aware that this can have a performance impact on Prometheus if the group is extremely large or has very complex query expressions to evaluate. Spreading very complex rules across multiple groups to allow them to be processed in parallel is also a common use-case.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.RuleGroup" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.monitoring.v1.AlertingRuleStatus": { + "description": "AlertingRuleStatus is the status of an AlertingRule resource.", + "type": "object", + "properties": { + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with.", + "type": "integer", + "format": "int64" }, - "userInfo": { - "description": "userInfo is the optional userinfo URL. If present, a granted access_token is used to request claims If empty, a granted id_token is parsed for claims", - "type": "string", - "default": "" + "prometheusRule": { + "description": "prometheusRule is the generated PrometheusRule for this AlertingRule. Each AlertingRule instance results in a generated PrometheusRule object in the same namespace, which is always the openshift-monitoring namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.PrometheusRuleRef" } } }, - "com.github.openshift.api.osin.v1.OsinServerConfig": { - "description": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.monitoring.v1.PrometheusRuleRef": { + "description": "PrometheusRuleRef is a reference to an existing PrometheusRule object. Each AlertingRule instance results in a generated PrometheusRule object in the same namespace, which is always the openshift-monitoring namespace. This is used to point to the generated PrometheusRule object in the AlertingRule status.", "type": "object", "required": [ - "servingInfo", - "corsAllowedOrigins", - "auditConfig", - "storageConfig", - "admission", - "kubeClientConfig", - "oauthConfig" + "name" ], "properties": { - "admission": { - "description": "admissionConfig holds information about how to configure admission.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AdmissionConfig" + "name": { + "description": "name of the referenced PrometheusRule.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.monitoring.v1.RelabelConfig": { + "description": "RelabelConfig allows dynamic rewriting of label sets for alerts. See Prometheus documentation: - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#alert_relabel_configs - https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config", + "type": "object", + "properties": { + "action": { + "description": "action to perform based on regex matching. Must be one of: 'Replace', 'Keep', 'Drop', 'HashMod', 'LabelMap', 'LabelDrop', or 'LabelKeep'. Default is: 'Replace'", + "type": "string" }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "modulus": { + "description": "modulus to take of the hash of the source label values. This can be combined with the 'HashMod' action to set 'target_label' to the 'modulus' of a hash of the concatenated 'source_labels'. This is only valid if sourceLabels is not empty and action is not 'LabelKeep' or 'LabelDrop'.", + "type": "integer", + "format": "int64" + }, + "regex": { + "description": "regex against which the extracted value is matched. Default is: '(.*)' regex is required for all actions except 'HashMod'", "type": "string" }, - "auditConfig": { - "description": "auditConfig describes how to configure audit information", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.AuditConfig" + "replacement": { + "description": "replacement value against which a regex replace is performed if the regular expression matches. This is required if the action is 'Replace' or 'LabelMap' and forbidden for actions 'LabelKeep' and 'LabelDrop'. Regex capture groups are available. Default is: '$1'", + "type": "string" }, - "corsAllowedOrigins": { - "description": "corsAllowedOrigins", + "separator": { + "description": "separator placed between concatenated source label values. When omitted, Prometheus will use its default value of ';'.", + "type": "string" + }, + "sourceLabels": { + "description": "sourceLabels select values from existing labels. Their content is concatenated using the configured separator and matched against the configured regular expression for the 'Replace', 'Keep', and 'Drop' actions. Not allowed for actions 'LabelKeep' and 'LabelDrop'.", "type": "array", "items": { "type": "string", "default": "" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "targetLabel": { + "description": "targetLabel to which the resulting value is written in a 'Replace' action. It is required for 'Replace' and 'HashMod' actions and forbidden for actions 'LabelKeep' and 'LabelDrop'. Regex capture groups are available.", "type": "string" - }, - "kubeClientConfig": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.KubeClientConfig" - }, - "oauthConfig": { - "description": "oauthConfig holds the necessary configuration options for OAuth authentication", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.osin.v1.OAuthConfig" - }, - "servingInfo": { - "description": "servingInfo describes how to start serving", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" - }, - "storageConfig": { - "description": "storageConfig contains information about how to use", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.config.v1.EtcdStorageConfig" } } }, - "com.github.openshift.api.osin.v1.RequestHeaderIdentityProvider": { - "description": "RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.monitoring.v1.Rule": { + "description": "Rule describes an alerting rule. See Prometheus documentation: - https://www.prometheus.io/docs/prometheus/latest/configuration/alerting_rules", "type": "object", "required": [ - "loginURL", - "challengeURL", - "clientCA", - "clientCommonNames", - "headers", - "preferredUsernameHeaders", - "nameHeaders", - "emailHeaders" + "alert", + "expr" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "challengeURL": { - "description": "challengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}", - "type": "string", - "default": "" - }, - "clientCA": { - "description": "clientCA is a file with the trusted signer certs. If empty, no request verification is done, and any direct request to the OAuth server can impersonate any identity from this provider, merely by setting a request header.", + "alert": { + "description": "alert is the name of the alert. Must be a valid label value, i.e. may contain any Unicode character.", "type": "string", "default": "" }, - "clientCommonNames": { - "description": "clientCommonNames is an optional list of common names to require a match from. If empty, any client certificate validated against the clientCA bundle is considered authoritative.", - "type": "array", - "items": { + "annotations": { + "description": "annotations to add to each alert. These are values that can be used to store longer additional information that you won't query on, such as alert descriptions or runbook links.", + "type": "object", + "additionalProperties": { "type": "string", "default": "" } }, - "emailHeaders": { - "description": "emailHeaders is the set of headers to check for the email address", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "expr": { + "description": "expr is the PromQL expression to evaluate. Every evaluation cycle this is evaluated at the current time, and all resultant time series become pending or firing alerts. This is most often a string representing a PromQL expression, e.g.: mapi_current_pending_csr > mapi_max_pending_csr In rare cases this could be a simple integer, e.g. a simple \"1\" if the intent is to create an alert that is always firing. This is sometimes used to create an always-firing \"Watchdog\" alert in order to ensure the alerting pipeline is functional.", + "$ref": "#/definitions/IntOrString.intstr.util.pkg.apimachinery.k8s.io" }, - "headers": { - "description": "headers is the set of headers to check for identity information", - "type": "array", - "items": { + "for": { + "description": "for is the time period after which alerts are considered firing after first returning results. Alerts which have not yet fired for long enough are considered pending.", + "type": "string" + }, + "labels": { + "description": "labels to add or overwrite for each alert. The results of the PromQL expression for the alert will result in an existing set of labels for the alert, after evaluating the expression, for any label specified here with the same name as a label in that set, the label here wins and overwrites the previous value. These should typically be short identifying values that may be useful to query against. A common example is the alert severity, where one sets `severity: warning` under the `labels` key:", + "type": "object", + "additionalProperties": { "type": "string", "default": "" } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + } + } + }, + "com.github.openshift.api.monitoring.v1.RuleGroup": { + "description": "RuleGroup is a list of sequentially evaluated alerting rules.", + "type": "object", + "required": [ + "name", + "rules" + ], + "properties": { + "interval": { + "description": "interval is how often rules in the group are evaluated. If not specified, it defaults to the global.evaluation_interval configured in Prometheus, which itself defaults to 30 seconds. You can check if this value has been modified from the default on your cluster by inspecting the platform Prometheus configuration: The relevant field in that resource is: spec.evaluationInterval", "type": "string" }, - "loginURL": { - "description": "loginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}", + "name": { + "description": "name is the name of the group.", "type": "string", "default": "" }, - "nameHeaders": { - "description": "nameHeaders is the set of headers to check for the display name", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "preferredUsernameHeaders": { - "description": "preferredUsernameHeaders is the set of headers to check for the preferred username", + "rules": { + "description": "rules is a list of sequentially evaluated alerting rules. Prometheus may process rule groups in parallel, but rules within a single group are always processed sequentially, and all rules are processed.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.monitoring.v1.Rule" } } } }, - "com.github.openshift.api.osin.v1.SessionConfig": { - "description": "SessionConfig specifies options for cookie-based sessions. Used by AuthRequestHandlerSession", + "com.github.openshift.api.network.v1.ClusterNetwork": { + "description": "ClusterNetwork was used by OpenShift SDN. DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in any way by OpenShift.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "sessionSecretsFile", - "sessionMaxAgeSeconds", - "sessionName" + "serviceNetwork", + "clusterNetworks" ], "properties": { - "sessionMaxAgeSeconds": { - "description": "sessionMaxAgeSeconds specifies how long created sessions last. Used by AuthRequestHandlerSession", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "clusterNetworks": { + "description": "clusterNetworks is a list of ClusterNetwork objects that defines the global overlay network's L3 space by specifying a set of CIDR and netmasks that the SDN can allocate addresses from.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.network.v1.ClusterNetworkEntry" + } + }, + "hostsubnetlength": { + "description": "hostsubnetlength is the number of bits of network to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pods", "type": "integer", - "format": "int32", - "default": 0 + "format": "int64" }, - "sessionName": { - "description": "sessionName is the cookie name used to store the session", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "sessionSecretsFile": { - "description": "sessionSecretsFile is a reference to a file containing a serialized SessionSecrets object If no file is specified, a random signing and encryption key are generated at each server start", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "mtu": { + "description": "mtu is the MTU for the overlay network. This should be 50 less than the MTU of the network connecting the nodes. It is normally autodetected by the cluster network operator.", + "type": "integer", + "format": "int64" + }, + "network": { + "description": "network is a CIDR string specifying the global overlay network's L3 space", + "type": "string" + }, + "pluginName": { + "description": "pluginName is the name of the network plugin being used", + "type": "string" + }, + "serviceNetwork": { + "description": "serviceNetwork is the CIDR range that Service IP addresses are allocated from", "type": "string", "default": "" + }, + "vxlanPort": { + "description": "vxlanPort sets the VXLAN destination port used by the cluster. It is set by the master configuration file on startup and cannot be edited manually. Valid values for VXLANPort are integers 1-65535 inclusive and if unset defaults to 4789. Changing VXLANPort allows users to resolve issues between openshift SDN and other software trying to use the same VXLAN destination port.", + "type": "integer", + "format": "int64" } } }, - "com.github.openshift.api.osin.v1.SessionSecret": { - "description": "SessionSecret is a secret used to authenticate/decrypt cookie-based sessions", + "com.github.openshift.api.network.v1.ClusterNetworkEntry": { + "description": "ClusterNetworkEntry defines an individual cluster network. The CIDRs cannot overlap with other cluster network CIDRs, CIDRs reserved for external ips, CIDRs reserved for service networks, and CIDRs reserved for ingress ips.", "type": "object", "required": [ - "authentication", - "encryption" + "CIDR", + "hostSubnetLength" ], "properties": { - "authentication": { - "description": "authentication is used to authenticate sessions using HMAC. Recommended to use a secret with 32 or 64 bytes.", + "CIDR": { + "description": "CIDR defines the total range of a cluster networks address space.", "type": "string", "default": "" }, - "encryption": { - "description": "encryption is used to encrypt sessions. Must be 16, 24, or 32 characters long, to select AES-128, AES-", - "type": "string", - "default": "" + "hostSubnetLength": { + "description": "hostSubnetLength is the number of bits of the accompanying CIDR address to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pods.", + "type": "integer", + "format": "int64", + "default": 0 } } }, - "com.github.openshift.api.osin.v1.SessionSecrets": { - "description": "SessionSecrets list the secrets to use to sign/encrypt and authenticate/decrypt created sessions.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.network.v1.ClusterNetworkList": { + "description": "ClusterNetworkList is a collection of ClusterNetworks\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "secrets" + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "secrets": { - "description": "secrets is a list of secrets New sessions are signed and encrypted using the first secret. Existing sessions are decrypted/authenticated by each secret until one succeeds. This allows rotating secrets.", + "items": { + "description": "items is the list of cluster networks", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.osin.v1.SessionSecret" + "$ref": "#/definitions/com.github.openshift.api.network.v1.ClusterNetwork" } - } - } - }, - "com.github.openshift.api.osin.v1.TokenConfig": { - "description": "TokenConfig holds the necessary configuration options for authorization and access tokens", - "type": "object", - "properties": { - "accessTokenInactivityTimeout": { - "description": "accessTokenInactivityTimeout defines the token inactivity timeout for tokens granted by any client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Takes valid time duration string such as \"5m\", \"1.5h\" or \"2h45m\". The minimum allowed value for duration is 300s (5 minutes). If the timeout is configured per client, then that value takes precedence. If the timeout value is not specified and the client does not override the value, then tokens are valid until their lifetime.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Duration" - }, - "accessTokenInactivityTimeoutSeconds": { - "description": "accessTokenInactivityTimeoutSeconds - DEPRECATED: setting this field has no effect.", - "type": "integer", - "format": "int32" - }, - "accessTokenMaxAgeSeconds": { - "description": "accessTokenMaxAgeSeconds defines the maximum age of access tokens", - "type": "integer", - "format": "int32" }, - "authorizeTokenMaxAgeSeconds": { - "description": "authorizeTokenMaxAgeSeconds defines the maximum age of authorize tokens", - "type": "integer", - "format": "int32" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.project.v1.Project": { - "description": "Projects are the unit of isolation and collaboration in OpenShift. A project has one or more members, a quota on the resources that the project may consume, and the security controls on the resources in the project. Within a project, members may have different roles - project administrators can set membership, editors can create and manage the resources, and viewers can see but not access running containers. In a normal cluster project administrators are not able to alter their quotas - that is restricted to cluster administrators.\n\nListing or watching projects will return only projects the user has the reader role on.\n\nAn OpenShift project is an alternative representation of a Kubernetes namespace. Projects are exposed as editable to end users while namespaces are not. Direct creation of a project is typically restricted to administrators, while end users should use the requestproject resource.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.network.v1.EgressNetworkPolicy": { + "description": "EgressNetworkPolicy was used by OpenShift SDN. DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in any way by OpenShift.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -38184,22 +38910,17 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { - "description": "spec defines the behavior of the Namespace.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.project.v1.ProjectSpec" - }, - "status": { - "description": "status describes the current status of a Namespace", + "description": "spec is the specification of the current egress network policy", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.project.v1.ProjectStatus" + "$ref": "#/definitions/com.github.openshift.api.network.v1.EgressNetworkPolicySpec" } } }, - "com.github.openshift.api.project.v1.ProjectList": { - "description": "ProjectList is a list of Project objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.network.v1.EgressNetworkPolicyList": { + "description": "EgressNetworkPolicyList is a collection of EgressNetworkPolicy\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "items" @@ -38210,11 +38931,11 @@ "type": "string" }, "items": { - "description": "items is the list of projects", + "description": "items is the list of policies", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.project.v1.Project" + "$ref": "#/definitions/com.github.openshift.api.network.v1.EgressNetworkPolicy" } }, "kind": { @@ -38224,87 +38945,166 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.project.v1.ProjectRequest": { - "description": "ProjectRequest is the set of options necessary to fully qualify a project request\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.network.v1.EgressNetworkPolicyPeer": { + "description": "EgressNetworkPolicyPeer specifies a target to apply egress network policy to", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "description": { - "description": "description is the description to apply to a project", - "type": "string" - }, - "displayName": { - "description": "displayName is the display name to apply to a project", + "cidrSelector": { + "description": "cidrSelector is the CIDR range to allow/deny traffic to. If this is set, dnsName must be unset Ideally we would have liked to use the cidr openapi format for this property. But openshift-sdn only supports v4 while specifying the cidr format allows both v4 and v6 cidrs We are therefore using a regex pattern to validate instead.", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "dnsName": { + "description": "dnsName is the domain name to allow/deny traffic to. If this is set, cidrSelector must be unset", "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + } + } + }, + "com.github.openshift.api.network.v1.EgressNetworkPolicyRule": { + "description": "EgressNetworkPolicyRule contains a single egress network policy rule", + "type": "object", + "required": [ + "type", + "to" + ], + "properties": { + "to": { + "description": "to is the target that traffic is allowed/denied to", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/com.github.openshift.api.network.v1.EgressNetworkPolicyPeer" + }, + "type": { + "description": "type marks this as an \"Allow\" or \"Deny\" rule", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.project.v1.ProjectSpec": { - "description": "ProjectSpec describes the attributes on a Project", + "com.github.openshift.api.network.v1.EgressNetworkPolicySpec": { + "description": "EgressNetworkPolicySpec provides a list of policies on outgoing network traffic", "type": "object", + "required": [ + "egress" + ], "properties": { - "finalizers": { - "description": "finalizers is an opaque list of values that must be empty to permanently remove object from storage", + "egress": { + "description": "egress contains the list of egress policy rules", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.network.v1.EgressNetworkPolicyRule" + } + } + } + }, + "com.github.openshift.api.network.v1.HostSubnet": { + "description": "HostSubnet was used by OpenShift SDN. DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in any way by OpenShift.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "host", + "hostIP", + "subnet" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "egressCIDRs": { + "description": "egressCIDRs is the list of CIDR ranges available for automatically assigning egress IPs to this node from. If this field is set then EgressIPs should be treated as read-only.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "egressIPs": { + "description": "egressIPs is the list of automatic egress IP addresses currently hosted by this node. If EgressCIDRs is empty, this can be set by hand; if EgressCIDRs is set then the master will overwrite the value here with its own allocation of egress IPs.", "type": "array", "items": { "type": "string", "default": "" } + }, + "host": { + "description": "host is the name of the node. (This is the same as the object's name, but both fields must be set.)", + "type": "string", + "default": "" + }, + "hostIP": { + "description": "hostIP is the IP address to be used as a VTEP by other nodes in the overlay network", + "type": "string", + "default": "" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "subnet": { + "description": "subnet is the CIDR range of the overlay network assigned to the node for its pods", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.project.v1.ProjectStatus": { - "description": "ProjectStatus is information about the current status of a Project", + "com.github.openshift.api.network.v1.HostSubnetList": { + "description": "HostSubnetList is a collection of HostSubnets\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "items" + ], "properties": { - "conditions": { - "description": "Represents the latest available observations of the project current state.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is the list of host subnets", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.NamespaceCondition" - }, - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + "$ref": "#/definitions/com.github.openshift.api.network.v1.HostSubnet" + } }, - "phase": { - "description": "phase is the current lifecycle phase of the project\n\nPossible enum values:\n - `\"Active\"` means the namespace is available for use in the system\n - `\"Terminating\"` means the namespace is undergoing graceful termination", - "type": "string", - "enum": [ - "Active", - "Terminating" - ] + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.quota.v1.AppliedClusterResourceQuota": { - "description": "AppliedClusterResourceQuota mirrors ClusterResourceQuota at a project scope, for projection into a project. It allows a project-admin to know which ClusterResourceQuotas are applied to his project and their associated usage.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.network.v1.NetNamespace": { + "description": "NetNamespace was used by OpenShift SDN. DEPRECATED: OpenShift SDN is no longer supported and this object is no longer used in any way by OpenShift.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "metadata", - "spec" + "netname", + "netid" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "egressIPs": { + "description": "egressIPs is a list of reserved IPs that will be used as the source for external traffic coming from pods in this namespace. (If empty, external traffic will be masqueraded to Node IPs.)", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -38312,22 +39112,23 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "spec": { - "description": "spec defines the desired quota", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.quota.v1.ClusterResourceQuotaSpec" + "netid": { + "description": "netid is the network identifier of the network namespace assigned to each overlay network packet. This can be manipulated with the \"oc adm pod-network\" commands.", + "type": "integer", + "format": "int64", + "default": 0 }, - "status": { - "description": "status defines the actual enforced quota and its current usage", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.quota.v1.ClusterResourceQuotaStatus" + "netname": { + "description": "netname is the name of the network namespace. (This is the same as the object's name, but both fields must be set.)", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.quota.v1.AppliedClusterResourceQuotaList": { - "description": "AppliedClusterResourceQuotaList is a collection of AppliedClusterResourceQuotas\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.network.v1.NetNamespaceList": { + "description": "NetNamespaceList is a collection of NetNamespaces\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "items" @@ -38338,11 +39139,11 @@ "type": "string" }, "items": { - "description": "items is a list of AppliedClusterResourceQuota", + "description": "items is the list of net namespaces", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.quota.v1.AppliedClusterResourceQuota" + "$ref": "#/definitions/com.github.openshift.api.network.v1.NetNamespace" } }, "kind": { @@ -38352,15 +39153,14 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.quota.v1.ClusterResourceQuota": { - "description": "ClusterResourceQuota mirrors ResourceQuota at a cluster scope. This object is easily convertible to synthetic ResourceQuota object to allow quota evaluation re-use.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.network.v1alpha1.DNSNameResolver": { + "description": "DNSNameResolver stores the DNS name resolution information of a DNS name. It can be enabled by the TechPreviewNoUpgrade feature set. It can also be enabled by the feature gate DNSNameResolver when using CustomNoUpgrade feature set.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "metadata", "spec" ], "properties": { @@ -38375,22 +39175,22 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { - "description": "spec defines the desired quota", + "description": "spec is the specification of the desired behavior of the DNSNameResolver.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.quota.v1.ClusterResourceQuotaSpec" + "$ref": "#/definitions/com.github.openshift.api.network.v1alpha1.DNSNameResolverSpec" }, "status": { - "description": "status defines the actual enforced quota and its current usage", + "description": "status is the most recently observed status of the DNSNameResolver.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.quota.v1.ClusterResourceQuotaStatus" + "$ref": "#/definitions/com.github.openshift.api.network.v1alpha1.DNSNameResolverStatus" } } }, - "com.github.openshift.api.quota.v1.ClusterResourceQuotaList": { - "description": "ClusterResourceQuotaList is a collection of ClusterResourceQuotas\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.network.v1alpha1.DNSNameResolverList": { + "description": "DNSNameResolverList contains a list of DNSNameResolvers.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ "items" @@ -38401,11 +39201,11 @@ "type": "string" }, "items": { - "description": "items is a list of ClusterResourceQuotas", + "description": "items gives the list of DNSNameResolvers.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.quota.v1.ClusterResourceQuota" + "$ref": "#/definitions/com.github.openshift.api.network.v1alpha1.DNSNameResolver" } }, "kind": { @@ -38415,112 +39215,327 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.quota.v1.ClusterResourceQuotaSelector": { - "description": "ClusterResourceQuotaSelector is used to select projects. At least one of LabelSelector or AnnotationSelector must present. If only one is present, it is the only selection criteria. If both are specified, the project must match both restrictions.", + "com.github.openshift.api.network.v1alpha1.DNSNameResolverResolvedAddress": { + "description": "DNSNameResolverResolvedAddress describes the details of an IP address for a resolved DNS name.", "type": "object", + "required": [ + "ip", + "ttlSeconds", + "lastLookupTime" + ], "properties": { - "annotations": { - "description": "AnnotationSelector is used to select projects by annotation.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "ip": { + "description": "ip is an IP address associated with the dnsName. The validity of the IP address expires after lastLookupTime + ttlSeconds. To refresh the information, a DNS lookup will be performed upon the expiration of the IP address's validity. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity.", + "type": "string", + "default": "" }, - "labels": { - "description": "LabelSelector is used to select projects by label.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + "lastLookupTime": { + "description": "lastLookupTime is the timestamp when the last DNS lookup was completed successfully. The validity of the IP address expires after lastLookupTime + ttlSeconds. The value of this field will be updated to the current time on a successful DNS lookup. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "ttlSeconds": { + "description": "ttlSeconds is the time-to-live value of the IP address. The validity of the IP address expires after lastLookupTime + ttlSeconds. On a successful DNS lookup the value of this field will be updated with the current time-to-live value. If the information is not refreshed then it will be removed with a grace period after the expiration of the IP address's validity.", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "com.github.openshift.api.quota.v1.ClusterResourceQuotaSpec": { - "description": "ClusterResourceQuotaSpec defines the desired quota restrictions", + "com.github.openshift.api.network.v1alpha1.DNSNameResolverResolvedName": { + "description": "DNSNameResolverResolvedName describes the details of a resolved DNS name.", "type": "object", "required": [ - "selector", - "quota" + "dnsName", + "resolvedAddresses" ], "properties": { - "quota": { - "description": "quota defines the desired quota", + "conditions": { + "description": "conditions provide information about the state of the DNS name. Known .status.conditions.type is: \"Degraded\". \"Degraded\" is true when the last resolution failed for the DNS name, and false otherwise.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "dnsName": { + "description": "dnsName is the resolved DNS name matching the name field of DNSNameResolverSpec. This field can store both regular and wildcard DNS names which match the spec.name field. When the spec.name field contains a regular DNS name, this field will store the same regular DNS name after it is successfully resolved. When the spec.name field contains a wildcard DNS name, each resolvedName.dnsName will store the regular DNS names which match the wildcard DNS name and have been successfully resolved. If the wildcard DNS name can also be successfully resolved, then this field will store the wildcard DNS name as well.", + "type": "string", + "default": "" + }, + "resolutionFailures": { + "description": "resolutionFailures keeps the count of how many consecutive times the DNS resolution failed for the dnsName. If the DNS resolution succeeds then the field will be set to zero. Upon every failure, the value of the field will be incremented by one. The details about the DNS name will be removed, if the value of resolutionFailures reaches 5 and the TTL of all the associated IP addresses have expired.", + "type": "integer", + "format": "int32" + }, + "resolvedAddresses": { + "description": "resolvedAddresses gives the list of associated IP addresses and their corresponding TTLs and last lookup times for the dnsName.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.network.v1alpha1.DNSNameResolverResolvedAddress" + }, + "x-kubernetes-list-map-keys": [ + "ip" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.network.v1alpha1.DNSNameResolverSpec": { + "description": "DNSNameResolverSpec is a desired state description of DNSNameResolver.", + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "name is the DNS name for which the DNS name resolution information will be stored. For a regular DNS name, only the DNS name resolution information of the regular DNS name will be stored. For a wildcard DNS name, the DNS name resolution information of all the DNS names that match the wildcard DNS name will be stored. For a wildcard DNS name, the '*' will match only one label. Additionally, only a single '*' can be used at the beginning of the wildcard DNS name. For example, '*.example.com.' will match 'sub1.example.com.' but won't match 'sub2.sub1.example.com.'", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.network.v1alpha1.DNSNameResolverStatus": { + "description": "DNSNameResolverStatus defines the observed status of DNSNameResolver.", + "type": "object", + "properties": { + "resolvedNames": { + "description": "resolvedNames contains a list of matching DNS names and their corresponding IP addresses along with their TTL and last DNS lookup times.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.network.v1alpha1.DNSNameResolverResolvedName" + }, + "x-kubernetes-list-map-keys": [ + "dnsName" + ], + "x-kubernetes-list-type": "map", + "x-kubernetes-patch-merge-key": "dnsName", + "x-kubernetes-patch-strategy": "merge" + } + } + }, + "com.github.openshift.api.networkoperator.v1.EgressRouter": { + "description": "EgressRouter is a feature allowing the user to define an egress router that acts as a bridge between pods and external systems. The egress router runs a service that redirects egress traffic originating from a pod or a group of pods to a remote external system or multiple destinations as per configuration.\n\nIt is consumed by the cluster-network-operator. More specifically, given an EgressRouter CR with , the CNO will create and manage: - A service called - An egress pod called - A NAD called \n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).\n\nEgressRouter is a single egressrouter pod configuration object.", + "type": "object", + "required": [ + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ResourceQuotaSpec" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "selector": { - "description": "selector is the selector used to match projects. It should only select active projects on the scale of dozens (though it can select many more less active projects). These projects will contend on object creation through this resource.", + "spec": { + "description": "Specification of the desired egress router.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.quota.v1.ClusterResourceQuotaSelector" + "$ref": "#/definitions/com.github.openshift.api.networkoperator.v1.EgressRouterSpec" + }, + "status": { + "description": "Observed status of EgressRouter.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.networkoperator.v1.EgressRouterStatus" } } }, - "com.github.openshift.api.quota.v1.ClusterResourceQuotaStatus": { - "description": "ClusterResourceQuotaStatus defines the actual enforced quota and its current usage", + "com.github.openshift.api.networkoperator.v1.EgressRouterSpec": { + "description": "EgressRouterSpec contains the configuration for an egress router. Mode, networkInterface and addresses fields must be specified along with exactly one \"Config\" that matches the mode. Each config consists of parameters specific to that mode.", "type": "object", "required": [ - "total" + "mode", + "networkInterface", + "addresses" ], "properties": { - "namespaces": { - "description": "namespaces slices the usage by project. This division allows for quick resolution of deletion reconciliation inside of a single project without requiring a recalculation across all projects. This can be used to pull the deltas for a given project.", + "addresses": { + "description": "List of IP addresses to configure on the pod's secondary interface.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.quota.v1.ResourceQuotaStatusByNamespace" + "$ref": "#/definitions/com.github.openshift.api.networkoperator.v1.EgressRouterAddress" } }, - "total": { - "description": "total defines the actual enforced quota and its current usage across all projects", + "mode": { + "description": "mode depicts the mode that is used for the egress router. The default mode is \"Redirect\" and is the only supported mode currently.", + "type": "string", + "default": "" + }, + "networkInterface": { + "description": "Specification of interface to create/use. The default is macvlan. Currently only macvlan is supported.", "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ResourceQuotaStatus" + "$ref": "#/definitions/com.github.openshift.api.networkoperator.v1.EgressRouterInterface" + }, + "redirect": { + "description": "redirect represents the configuration parameters specific to redirect mode.", + "$ref": "#/definitions/com.github.openshift.api.networkoperator.v1.RedirectConfig" } } }, - "com.github.openshift.api.quota.v1.ResourceQuotaStatusByNamespace": { - "description": "ResourceQuotaStatusByNamespace gives status for a particular project", + "com.github.openshift.api.oauth.v1.ClusterRoleScopeRestriction": { + "description": "ClusterRoleScopeRestriction describes restrictions on cluster role scopes", "type": "object", "required": [ - "namespace", - "status" + "roleNames", + "namespaces", + "allowEscalation" ], "properties": { - "namespace": { - "description": "namespace the project this status applies to", - "type": "string", - "default": "" + "allowEscalation": { + "description": "allowEscalation indicates whether you can request roles and their escalating resources", + "type": "boolean", + "default": false }, - "status": { - "description": "status indicates how many resources have been consumed by this project", + "namespaces": { + "description": "namespaces is the list of namespaces that can be referenced. * means any of them (including *)", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "roleNames": { + "description": "roleNames is the list of cluster roles that can referenced. * means anything", + "type": "array", + "items": { + "type": "string", + "default": "" + } + } + } + }, + "com.github.openshift.api.oauth.v1.OAuthAccessToken": { + "description": "OAuthAccessToken describes an OAuth access token. The name of a token must be prefixed with a `sha256~` string, must not contain \"/\" or \"%\" characters and must be at least 32 characters long.\n\nThe name of the token is constructed from the actual token by sha256-hashing it and using URL-safe unpadded base64-encoding (as described in RFC4648) on the hashed result.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "authorizeToken": { + "description": "authorizeToken contains the token that authorized this token", + "type": "string" + }, + "clientName": { + "description": "clientName references the client that created this token.", + "type": "string" + }, + "expiresIn": { + "description": "expiresIn is the seconds from CreationTime before this token expires.", + "type": "integer", + "format": "int64" + }, + "inactivityTimeoutSeconds": { + "description": "inactivityTimeoutSeconds is the value in seconds, from the CreationTimestamp, after which this token can no longer be used. The value is automatically incremented when the token is used.", + "type": "integer", + "format": "int32" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ResourceQuotaStatus" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "redirectURI": { + "description": "redirectURI is the redirection associated with the token.", + "type": "string" + }, + "refreshToken": { + "description": "refreshToken is the value by which this token can be renewed. Can be blank.", + "type": "string" + }, + "scopes": { + "description": "scopes is an array of the requested scopes.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "userName": { + "description": "userName is the user name associated with this token", + "type": "string" + }, + "userUID": { + "description": "userUID is the unique UID associated with this token", + "type": "string" } } }, - "com.github.openshift.api.route.v1.LocalObjectReference": { - "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", + "com.github.openshift.api.oauth.v1.OAuthAccessTokenList": { + "description": "OAuthAccessTokenList is a collection of OAuth access tokens\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "items" + ], "properties": { - "name": { - "description": "name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is the list of OAuth access tokens", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.oauth.v1.OAuthAccessToken" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "com.github.openshift.api.route.v1.Route": { - "description": "A route allows developers to expose services through an HTTP(S) aware load balancing and proxy layer via a public DNS entry. The route may further specify TLS options and a certificate, or specify a public CNAME that the router should also accept for HTTP and HTTPS traffic. An administrator typically configures their router to be visible outside the cluster firewall, and may also add additional security, caching, or traffic controls on the service content. Routers usually talk directly to the service endpoints.\n\nOnce a route is created, the `host` field may not be changed. Generally, routers use the oldest route with a given host when resolving conflicts.\n\nRouters are subject to additional customization and may support additional controls via the annotations field.\n\nBecause administrators may configure multiple routers, the route status field is used to return information to clients about the names and states of the route under each router. If a client chooses a duplicate name, for instance, the route status conditions are used to indicate the route cannot be chosen.\n\nTo enable HTTP/2 ALPN on a route it requires a custom (non-wildcard) certificate. This prevents connection coalescing by clients, notably web browsers. We do not support HTTP/2 ALPN on routes that use the default certificate because of the risk of connection re-use/coalescing. Routes that do not have their own custom certificate will not be HTTP/2 ALPN-enabled on either the frontend or the backend.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.oauth.v1.OAuthAuthorizeToken": { + "description": "OAuthAuthorizeToken describes an OAuth authorization token\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "spec" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "clientName": { + "description": "clientName references the client that created this token.", + "type": "string" + }, + "codeChallenge": { + "description": "codeChallenge is the optional code_challenge associated with this authorization code, as described in rfc7636", + "type": "string" + }, + "codeChallengeMethod": { + "description": "codeChallengeMethod is the optional code_challenge_method associated with this authorization code, as described in rfc7636", + "type": "string" + }, + "expiresIn": { + "description": "expiresIn is the seconds from CreationTime before this token expires.", + "type": "integer", + "format": "int64" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -38528,175 +39543,171 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "spec": { - "description": "spec is the desired state of the route", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteSpec" + "redirectURI": { + "description": "redirectURI is the redirection associated with the token.", + "type": "string" }, - "status": { - "description": "status is the current state of the route", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteStatus" - } - } - }, - "com.github.openshift.api.route.v1.RouteHTTPHeader": { - "description": "RouteHTTPHeader specifies configuration for setting or deleting an HTTP header.", - "type": "object", - "required": [ - "name", - "action" - ], - "properties": { - "action": { - "description": "action specifies actions to perform on headers, such as setting or deleting headers.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteHTTPHeaderActionUnion" + "scopes": { + "description": "scopes is an array of the requested scopes.", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "name": { - "description": "name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, \"-!#$%&'*+.^_`\". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.", - "type": "string", - "default": "" + "state": { + "description": "state data from request", + "type": "string" + }, + "userName": { + "description": "userName is the user name associated with this token", + "type": "string" + }, + "userUID": { + "description": "userUID is the unique UID associated with this token. UserUID and UserName must both match for this token to be valid.", + "type": "string" } } }, - "com.github.openshift.api.route.v1.RouteHTTPHeaderActionUnion": { - "description": "RouteHTTPHeaderActionUnion specifies an action to take on an HTTP header.", + "com.github.openshift.api.oauth.v1.OAuthAuthorizeTokenList": { + "description": "OAuthAuthorizeTokenList is a collection of OAuth authorization tokens\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "type" + "items" ], "properties": { - "set": { - "description": "set defines the HTTP header that should be set: added if it doesn't exist or replaced if it does. This field is required when type is Set and forbidden otherwise.", - "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteSetHTTPHeader" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "type": { - "description": "type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.", - "type": "string", - "default": "" - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "set": "Set" - } - } - ] - }, - "com.github.openshift.api.route.v1.RouteHTTPHeaderActions": { - "description": "RouteHTTPHeaderActions defines configuration for actions on HTTP request and response headers.", - "type": "object", - "properties": { - "request": { - "description": "request is a list of HTTP request headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the request headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Currently, actions may define to either `Set` or `Delete` headers values. Route actions will be executed after IngressController actions for request headers. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. You can use this field to specify HTTP request headers that should be set or deleted when forwarding connections from the client to your application. Sample fetchers allowed are \"req.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[req.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\". Any request header configuration applied directly via a Route resource using this API will override header configuration for a header of the same name applied via spec.httpHeaders.actions on the IngressController or route annotation. Note: This field cannot be used if your route uses TLS passthrough.", + "items": { + "description": "items is the list of OAuth authorization tokens", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteHTTPHeader" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" + "$ref": "#/definitions/com.github.openshift.api.oauth.v1.OAuthAuthorizeToken" + } }, - "response": { - "description": "response is a list of HTTP response headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the response headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Route actions will be executed before IngressController actions for response headers. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. You can use this field to specify HTTP response headers that should be set or deleted when forwarding responses from your application to the client. Sample fetchers allowed are \"res.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[res.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\". Note: This field cannot be used if your route uses TLS passthrough.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteHTTPHeader" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - } - } - }, - "com.github.openshift.api.route.v1.RouteHTTPHeaders": { - "description": "RouteHTTPHeaders defines policy for HTTP headers.", - "type": "object", - "properties": { - "actions": { - "description": "actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the \"haproxy.router.openshift.io/hsts_header\" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController's spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route's spec.httpHeaders.actions field. The headers set via this API will not appear in access logs. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteHTTPHeaderActions" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.route.v1.RouteIngress": { - "description": "RouteIngress holds information about the places where a route is exposed.", + "com.github.openshift.api.oauth.v1.OAuthClient": { + "description": "OAuthClient describes an OAuth client\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "properties": { - "conditions": { - "description": "conditions is the state of the route, may be empty.", + "accessTokenInactivityTimeoutSeconds": { + "description": "accessTokenInactivityTimeoutSeconds overrides the default token inactivity timeout for tokens granted to this client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. This value needs to be set only if the default set in configuration is not appropriate for this client. Valid values are: - 0: Tokens for this client never time out - X: Tokens time out if there is no activity for X seconds The current minimum allowed value for X is 300 (5 minutes)\n\nWARNING: existing tokens' timeout will not be affected (lowered) by changing this value", + "type": "integer", + "format": "int32" + }, + "accessTokenMaxAgeSeconds": { + "description": "accessTokenMaxAgeSeconds overrides the default access token max age for tokens granted to this client. 0 means no expiration.", + "type": "integer", + "format": "int32" + }, + "additionalSecrets": { + "description": "additionalSecrets holds other secrets that may be used to identify the client. This is useful for rotation and for service account token validation", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteIngressCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "type": "string", + "default": "" + } }, - "host": { - "description": "host is the host string under which the route is exposed; this value is required", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "routerCanonicalHostname": { - "description": "CanonicalHostname is the external host name for the router that can be used as a CNAME for the host requested for this route. This value is optional and may not be set in all cases.", + "grantMethod": { + "description": "grantMethod is a required field which determines how to handle grants for this client. Valid grant handling methods are:\n - auto: always approves grant requests, useful for trusted clients\n - prompt: prompts the end user for approval of grant requests, useful for third-party clients", "type": "string" }, - "routerName": { - "description": "Name is a name chosen by the router to identify itself; this value is required", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "wildcardPolicy": { - "description": "Wildcard policy is the wildcard policy that was allowed where this route is exposed.", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "redirectURIs": { + "description": "redirectURIs is the valid redirection URIs associated with a client", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-patch-strategy": "merge" + }, + "respondWithChallenges": { + "description": "respondWithChallenges indicates whether the client wants authentication needed responses made in the form of challenges instead of redirects", + "type": "boolean" + }, + "scopeRestrictions": { + "description": "scopeRestrictions describes which scopes this client can request. Each requested scope is checked against each restriction. If any restriction matches, then the scope is allowed. If no restriction matches, then the scope is denied.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.oauth.v1.ScopeRestriction" + } + }, + "secret": { + "description": "secret is the unique secret associated with a client", "type": "string" } } }, - "com.github.openshift.api.route.v1.RouteIngressCondition": { - "description": "RouteIngressCondition contains details for the current condition of this route on a particular router.", + "com.github.openshift.api.oauth.v1.OAuthClientAuthorization": { + "description": "OAuthClientAuthorization describes an authorization created by an OAuth client\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "type", - "status" - ], "properties": { - "lastTransitionTime": { - "description": "RFC 3339 date and time when this condition last transitioned", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "message": { - "description": "Human readable message indicating details about last transition.", + "clientName": { + "description": "clientName references the client that created this authorization", "type": "string" }, - "reason": { - "description": "(brief) reason for the condition's last transition, and is usually a machine and human readable constant", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "status": { - "description": "status is the status of the condition. Can be True, False, Unknown.", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "type": { - "description": "type is the type of the condition. Currently only Admitted or UnservableInFutureVersions.", - "type": "string", - "default": "" + "scopes": { + "description": "scopes is an array of the granted scopes.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "userName": { + "description": "userName is the user name that authorized this client", + "type": "string" + }, + "userUID": { + "description": "userUID is the unique UID associated with this authorization. UserUID and UserName must both match for this authorization to be valid.", + "type": "string" } } }, - "com.github.openshift.api.route.v1.RouteList": { - "description": "RouteList is a collection of Routes.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.oauth.v1.OAuthClientAuthorizationList": { + "description": "OAuthClientAuthorizationList is a collection of OAuth client authorizations\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "items" @@ -38707,11 +39718,11 @@ "type": "string" }, "items": { - "description": "items is a list of routes", + "description": "items is the list of OAuth client authorizations", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.route.v1.Route" + "$ref": "#/definitions/com.github.openshift.api.oauth.v1.OAuthClientAuthorization" } }, "kind": { @@ -38721,262 +39732,173 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.route.v1.RoutePort": { - "description": "RoutePort defines a port mapping from a router to an endpoint in the service endpoints.", - "type": "object", - "required": [ - "targetPort" - ], - "properties": { - "targetPort": { - "description": "The target port on pods selected by the service this route points to. If this is a string, it will be looked up as a named port in the target endpoints port list. Required", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" - } - } - }, - "com.github.openshift.api.route.v1.RouteSetHTTPHeader": { - "description": "RouteSetHTTPHeader specifies what value needs to be set on an HTTP header.", - "type": "object", - "required": [ - "value" - ], - "properties": { - "value": { - "description": "value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController.", - "type": "string", - "default": "" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.route.v1.RouteSpec": { - "description": "RouteSpec describes the hostname or path the route exposes, any security information, and one to four backends (services) the route points to. Requests are distributed among the backends depending on the weights assigned to each backend. When using roundrobin scheduling the portion of requests that go to each backend is the backend weight divided by the sum of all of the backend weights. When the backend has more than one endpoint the requests that end up on the backend are roundrobin distributed among the endpoints. Weights are between 0 and 256 with default 100. Weight 0 causes no requests to the backend. If all weights are zero the route will be considered to have no backends and return a standard 503 response.\n\nThe `tls` field is optional and allows specific certificates or behavior for the route. Routers typically configure a default certificate on a wildcard domain to terminate routes without explicit certificates, but custom hostnames usually must choose passthrough (send traffic directly to the backend via the TLS Server-Name- Indication field) or provide a certificate.", + "com.github.openshift.api.oauth.v1.OAuthClientList": { + "description": "OAuthClientList is a collection of OAuth clients\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "to" + "items" ], "properties": { - "alternateBackends": { - "description": "alternateBackends allows up to 3 additional backends to be assigned to the route. Only the Service kind is allowed, and it will be defaulted to Service. Use the weight field in RouteTargetReference object to specify relative preference.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items is the list of OAuth clients", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteTargetReference" - }, - "x-kubernetes-list-map-keys": [ - "name", - "kind" - ], - "x-kubernetes-list-type": "map" - }, - "host": { - "description": "host is an alias/DNS that points to the service. Optional. If not specified a route name will typically be automatically chosen. Must follow DNS952 subdomain conventions.", - "type": "string" - }, - "httpHeaders": { - "description": "httpHeaders defines policy for HTTP headers.", - "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteHTTPHeaders" - }, - "path": { - "description": "path that the router watches for, to route traffic for to the service. Optional", - "type": "string" - }, - "port": { - "description": "If specified, the port to be used by the router. Most routers will use all endpoints exposed by the service by default - set this value to instruct routers which port to use.", - "$ref": "#/definitions/com.github.openshift.api.route.v1.RoutePort" + "$ref": "#/definitions/com.github.openshift.api.oauth.v1.OAuthClient" + } }, - "subdomain": { - "description": "subdomain is a DNS subdomain that is requested within the ingress controller's domain (as a subdomain). If host is set this field is ignored. An ingress controller may choose to ignore this suggested name, in which case the controller will report the assigned name in the status.ingress array or refuse to admit the route. If this value is set and the server does not support this field host will be populated automatically. Otherwise host is left empty. The field may have multiple parts separated by a dot, but not all ingress controllers may honor the request. This field may not be changed after creation except by a user with the update routes/custom-host permission.\n\nExample: subdomain `frontend` automatically receives the router subdomain `apps.mycluster.com` to have a full hostname `frontend.apps.mycluster.com`.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "tls": { - "description": "The tls field provides the ability to configure certificates and termination for the route.", - "$ref": "#/definitions/com.github.openshift.api.route.v1.TLSConfig" - }, - "to": { - "description": "to is an object the route should use as the primary backend. Only the Service kind is allowed, and it will be defaulted to Service. If the weight field (0-256 default 100) is set to zero, no traffic will be sent to this backend.", + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteTargetReference" - }, - "wildcardPolicy": { - "description": "Wildcard policy if any for the route. Currently only 'Subdomain' or 'None' is allowed.", - "type": "string" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.route.v1.RouteStatus": { - "description": "RouteStatus provides relevant info about the status of a route, including which routers acknowledge it.", + "com.github.openshift.api.oauth.v1.OAuthRedirectReference": { + "description": "OAuthRedirectReference is a reference to an OAuth redirect object.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "properties": { - "ingress": { - "description": "ingress describes the places where the route may be exposed. The list of ingress points may contain duplicate Host or RouterName values. Routes are considered live once they are `Ready`", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteIngress" - }, - "x-kubernetes-list-type": "atomic" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "reference": { + "description": "The reference to an redirect object in the current namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.oauth.v1.RedirectReference" } } }, - "com.github.openshift.api.route.v1.RouteTargetReference": { - "description": "RouteTargetReference specifies the target that resolve into endpoints. Only the 'Service' kind is allowed. Use 'weight' field to emphasize one over others.", + "com.github.openshift.api.oauth.v1.RedirectReference": { + "description": "RedirectReference specifies the target in the current namespace that resolves into redirect URIs. Only the 'Route' kind is currently allowed.", "type": "object", "required": [ + "group", "kind", "name" ], "properties": { + "group": { + "description": "The group of the target that is being referred to.", + "type": "string", + "default": "" + }, "kind": { - "description": "The kind of target that the route is referring to. Currently, only 'Service' is allowed", + "description": "The kind of the target that is being referred to. Currently, only 'Route' is allowed.", "type": "string", "default": "" }, "name": { - "description": "name of the service/target that is being referred to. e.g. name of the service", + "description": "The name of the target that is being referred to. e.g. name of the Route.", "type": "string", "default": "" - }, - "weight": { - "description": "weight as an integer between 0 and 256, default 100, that specifies the target's relative weight against other target reference objects. 0 suppresses requests to this backend.", - "type": "integer", - "format": "int32" } } }, - "com.github.openshift.api.route.v1.RouterShard": { - "description": "RouterShard has information of a routing shard and is used to generate host names and routing table entries when a routing shard is allocated for a specific route. Caveat: This is WIP and will likely undergo modifications when sharding support is added.", + "com.github.openshift.api.oauth.v1.ScopeRestriction": { + "description": "ScopeRestriction describe one restriction on scopes. Exactly one option must be non-nil.", "type": "object", - "required": [ - "shardName", - "dnsSuffix" - ], "properties": { - "dnsSuffix": { - "description": "dnsSuffix for the shard ala: shard-1.v3.openshift.com", - "type": "string", - "default": "" + "clusterRole": { + "description": "clusterRole describes a set of restrictions for cluster role scoping.", + "$ref": "#/definitions/com.github.openshift.api.oauth.v1.ClusterRoleScopeRestriction" }, - "shardName": { - "description": "shardName uniquely identifies a router shard in the \"set\" of routers used for routing traffic to the services.", - "type": "string", - "default": "" + "literals": { + "description": "ExactValues means the scope has to match a particular set of strings exactly", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.route.v1.TLSConfig": { - "description": "TLSConfig defines config used to secure a route and provide termination", + "com.github.openshift.api.oauth.v1.UserOAuthAccessToken": { + "description": "UserOAuthAccessToken is a virtual resource to mirror OAuthAccessTokens to the user the access token was issued for", "type": "object", - "required": [ - "termination" - ], "properties": { - "caCertificate": { - "description": "caCertificate provides the cert authority certificate contents", - "type": "string" - }, - "certificate": { - "description": "certificate provides certificate contents. This should be a single serving certificate, not a certificate chain. Do not include a CA certificate.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "destinationCACertificate": { - "description": "destinationCACertificate provides the contents of the ca certificate of the final destination. When using reencrypt termination this file should be provided in order to have routers use it for health checks on the secure connection. If this field is not specified, the router may provide its own destination CA and perform hostname validation using the short service name (service.namespace.svc), which allows infrastructure generated certificates to automatically verify.", + "authorizeToken": { + "description": "authorizeToken contains the token that authorized this token", "type": "string" }, - "externalCertificate": { - "description": "externalCertificate provides certificate contents as a secret reference. This should be a single serving certificate, not a certificate chain. Do not include a CA certificate. The secret referenced should be present in the same namespace as that of the Route. Forbidden when `certificate` is set. The router service account needs to be granted with read-only access to this secret, please refer to openshift docs for additional details.", - "$ref": "#/definitions/com.github.openshift.api.route.v1.LocalObjectReference" - }, - "insecureEdgeTerminationPolicy": { - "description": "insecureEdgeTerminationPolicy indicates the desired behavior for insecure connections to a route. While each router may make its own decisions on which ports to expose, this is normally port 80.\n\nIf a route does not specify insecureEdgeTerminationPolicy, then the default behavior is \"None\".\n\n* Allow - traffic is sent to the server on the insecure port (edge/reencrypt terminations only).\n\n* None - no traffic is allowed on the insecure port (default).\n\n* Redirect - clients are redirected to the secure port.", + "clientName": { + "description": "clientName references the client that created this token.", "type": "string" }, - "key": { - "description": "key provides key file contents", - "type": "string" + "expiresIn": { + "description": "expiresIn is the seconds from CreationTime before this token expires.", + "type": "integer", + "format": "int64" }, - "termination": { - "description": "termination indicates the TLS termination type.\n\n* edge - TLS termination is done by the router and http is used to communicate with the backend (default)\n\n* passthrough - Traffic is sent straight to the destination without the router providing TLS termination\n\n* reencrypt - TLS termination is done by the router and https is used to communicate with the backend\n\nNote: passthrough termination is incompatible with httpHeader actions", - "type": "string", - "default": "" - } - } - }, - "com.github.openshift.api.samples.v1.Config": { - "description": "Config contains the configuration and detailed condition status for the Samples Operator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "metadata", - "spec" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "inactivityTimeoutSeconds": { + "description": "inactivityTimeoutSeconds is the value in seconds, from the CreationTimestamp, after which this token can no longer be used. The value is automatically incremented when the token is used.", + "type": "integer", + "format": "int32" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.samples.v1.ConfigSpec" - }, - "status": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.samples.v1.ConfigStatus" - } - } - }, - "com.github.openshift.api.samples.v1.ConfigCondition": { - "description": "ConfigCondition captures various conditions of the Config as entries are processed.", - "type": "object", - "required": [ - "type", - "status" - ], - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "lastUpdateTime": { - "description": "lastUpdateTime is the last time this condition was updated.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "message": { - "description": "message is a human readable message indicating details about the transition.", + "redirectURI": { + "description": "redirectURI is the redirection associated with the token.", "type": "string" }, - "reason": { - "description": "reason is what caused the condition's last transition.", + "refreshToken": { + "description": "refreshToken is the value by which this token can be renewed. Can be blank.", "type": "string" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "type": "string", - "default": "" + "scopes": { + "description": "scopes is an array of the requested scopes.", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "type": { - "description": "type of condition.", - "type": "string", - "default": "" + "userName": { + "description": "userName is the user name associated with this token", + "type": "string" + }, + "userUID": { + "description": "userUID is the unique UID associated with this token", + "type": "string" } } }, - "com.github.openshift.api.samples.v1.ConfigList": { - "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.oauth.v1.UserOAuthAccessTokenList": { + "description": "UserOAuthAccessTokenList is a collection of access tokens issued on behalf of the requesting user\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "metadata", "items" ], "properties": { @@ -38988,7 +39910,7 @@ "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.samples.v1.Config" + "$ref": "#/definitions/com.github.openshift.api.oauth.v1.UserOAuthAccessToken" } }, "kind": { @@ -38998,1177 +39920,1088 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.samples.v1.ConfigSpec": { - "description": "ConfigSpec contains the desired configuration and state for the Samples Operator, controlling various behavior around the imagestreams and templates it creates/updates in the openshift namespace.", + "com.github.openshift.api.openshiftcontrolplane.v1.APIServers": { "type": "object", + "required": [ + "perGroupOptions" + ], "properties": { - "architectures": { - "description": "architectures determine which hardware architecture(s) to install, where x86_64, ppc64le, and s390x are the only supported choices currently.", + "perGroupOptions": { + "description": "perGroupOptions is a list of enabled/disabled API servers in addition to the defaults", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.PerGroupOptions" } + } + } + }, + "com.github.openshift.api.openshiftcontrolplane.v1.BuildControllerConfig": { + "type": "object", + "required": [ + "imageTemplateFormat", + "buildDefaults", + "buildOverrides", + "additionalTrustedCA" + ], + "properties": { + "additionalTrustedCA": { + "description": "additionalTrustedCA is a path to a pem bundle file containing additional CAs that should be trusted for image pushes and pulls during builds.", + "type": "string", + "default": "" }, - "managementState": { - "description": "managementState is top level on/off type of switch for all operators. When \"Managed\", this operator processes config and manipulates the samples accordingly. When \"Unmanaged\", this operator ignores any updates to the resources it watches. When \"Removed\", it reacts that same wasy as it does if the Config object is deleted, meaning any ImageStreams or Templates it manages (i.e. it honors the skipped lists) and the registry secret are deleted, along with the ConfigMap in the operator's namespace that represents the last config used to manipulate the samples,", - "type": "string" + "buildDefaults": { + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.BuildDefaultsConfig" }, - "samplesRegistry": { - "description": "samplesRegistry allows for the specification of which registry is accessed by the ImageStreams for their image content. Defaults on the content in https://github.com/openshift/library that are pulled into this github repository, but based on our pulling only ocp content it typically defaults to registry.redhat.io.", - "type": "string" + "buildOverrides": { + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.BuildOverridesConfig" }, - "skippedHelmCharts": { - "description": "skippedHelmCharts specifies names of helm charts that should NOT be managed. Admins can use this to allow them to delete content they don’t want. They will still have to MANUALLY DELETE the content but the operator will not recreate(or update) anything listed here. Few examples of the name of helmcharts which can be skipped are 'redhat-redhat-perl-imagestreams','redhat-redhat-nodejs-imagestreams','redhat-nginx-imagestreams', 'redhat-redhat-ruby-imagestreams','redhat-redhat-python-imagestreams','redhat-redhat-php-imagestreams', 'redhat-httpd-imagestreams','redhat-redhat-dotnet-imagestreams'. Rest of the names can be obtained from openshift console --> helmcharts -->installed helmcharts. This will display the list of all the 12 helmcharts(of imagestreams)being installed by Samples Operator. The skippedHelmCharts must be a valid Kubernetes resource name. May contain only lowercase alphanumeric characters, hyphens and periods, and each period separated segment must begin and end with an alphanumeric character. It must be non-empty and at most 253 characters in length", - "type": "array", - "items": { + "imageTemplateFormat": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ImageConfig" + } + } + }, + "com.github.openshift.api.openshiftcontrolplane.v1.BuildDefaultsConfig": { + "description": "BuildDefaultsConfig controls the default information for Builds\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "properties": { + "annotations": { + "description": "annotations are annotations that will be added to the build pod", + "type": "object", + "additionalProperties": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "set" + } }, - "skippedImagestreams": { - "description": "skippedImagestreams specifies names of image streams that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "env": { + "description": "env is a set of default environment variables that will be applied to the build if the specified variables do not exist on the build", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/EnvVar.v1.core.api.k8s.io" } }, - "skippedTemplates": { - "description": "skippedTemplates specifies names of templates that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", + "gitHTTPProxy": { + "description": "gitHTTPProxy is the location of the HTTPProxy for Git source", + "type": "string" + }, + "gitHTTPSProxy": { + "description": "gitHTTPSProxy is the location of the HTTPSProxy for Git source", + "type": "string" + }, + "gitNoProxy": { + "description": "gitNoProxy is the list of domains for which the proxy should not be used", + "type": "string" + }, + "imageLabels": { + "description": "imageLabels is a list of labels that are applied to the resulting image. User can override a default label by providing a label with the same name in their Build/BuildConfig.", "type": "array", "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageLabel" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "nodeSelector": { + "description": "nodeSelector is a selector which must be true for the build pod to fit on a node", + "type": "object", + "additionalProperties": { "type": "string", "default": "" } + }, + "resources": { + "description": "resources defines resource requirements to execute the build.", + "default": {}, + "$ref": "#/definitions/ResourceRequirements.v1.core.api.k8s.io" + }, + "sourceStrategyDefaults": { + "description": "sourceStrategyDefaults are default values that apply to builds using the source strategy.", + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.SourceStrategyDefaultsConfig" } } }, - "com.github.openshift.api.samples.v1.ConfigStatus": { - "description": "ConfigStatus contains the actual configuration in effect, as well as various details that describe the state of the Samples Operator.", + "com.github.openshift.api.openshiftcontrolplane.v1.BuildOverridesConfig": { + "description": "BuildOverridesConfig controls override settings for builds\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "properties": { - "architectures": { - "description": "architectures determine which hardware architecture(s) to install, where x86_64 and ppc64le are the supported choices.", - "type": "array", - "items": { + "annotations": { + "description": "annotations are annotations that will be added to the build pod", + "type": "object", + "additionalProperties": { "type": "string", "default": "" - }, - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + } }, - "conditions": { - "description": "conditions represents the available maintenance status of the sample imagestreams and templates.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "forcePull": { + "description": "forcePull overrides, if set, the equivalent value in the builds, i.e. false disables force pull for all builds, true enables force pull for all builds, independently of what each build specifies itself", + "type": "boolean" + }, + "imageLabels": { + "description": "imageLabels is a list of labels that are applied to the resulting image. If user provided a label in their Build/BuildConfig with the same name as one in this list, the user's label will be overwritten.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.samples.v1.ConfigCondition" - }, - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" - }, - "managementState": { - "description": "managementState reflects the current operational status of the on/off switch for the operator. This operator compares the ManagementState as part of determining that we are turning the operator back on (i.e. \"Managed\") when it was previously \"Unmanaged\".", - "type": "string", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + "$ref": "#/definitions/com.github.openshift.api.build.v1.ImageLabel" + } }, - "samplesRegistry": { - "description": "samplesRegistry allows for the specification of which registry is accessed by the ImageStreams for their image content. Defaults on the content in https://github.com/openshift/library that are pulled into this github repository, but based on our pulling only ocp content it typically defaults to registry.redhat.io.", - "type": "string", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "skippedImagestreams": { - "description": "skippedImagestreams specifies names of image streams that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", - "type": "array", - "items": { + "nodeSelector": { + "description": "nodeSelector is a selector which must be true for the build pod to fit on a node", + "type": "object", + "additionalProperties": { "type": "string", "default": "" - }, - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + } }, - "skippedTemplates": { - "description": "skippedTemplates specifies names of templates that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", + "tolerations": { + "description": "tolerations is a list of Tolerations that will override any existing tolerations set on a build pod.", "type": "array", "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" - }, - "version": { - "description": "version is the value of the operator's payload based version indicator when it was last successfully processed", - "type": "string", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + "default": {}, + "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" + } } } }, - "com.github.openshift.api.security.v1.AllowedFlexVolume": { - "description": "AllowedFlexVolume represents a single Flexvolume that is allowed to be used.", + "com.github.openshift.api.openshiftcontrolplane.v1.ClusterNetworkEntry": { + "description": "ClusterNetworkEntry defines an individual cluster network. The CIDRs cannot overlap with other cluster network CIDRs, CIDRs reserved for external ips, CIDRs reserved for service networks, and CIDRs reserved for ingress ips.", "type": "object", "required": [ - "driver" + "cidr", + "hostSubnetLength" ], "properties": { - "driver": { - "description": "driver is the name of the Flexvolume driver.", + "cidr": { + "description": "cidr defines the total range of a cluster networks address space.", "type": "string", "default": "" - } - } - }, - "com.github.openshift.api.security.v1.FSGroupStrategyOptions": { - "description": "FSGroupStrategyOptions defines the strategy type and options used to create the strategy.", - "type": "object", - "properties": { - "ranges": { - "description": "ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.IDRange" - }, - "x-kubernetes-list-type": "atomic" - }, - "type": { - "description": "type is the strategy that will dictate what FSGroup is used in the SecurityContext.", - "type": "string" - } - } - }, - "com.github.openshift.api.security.v1.IDRange": { - "description": "IDRange provides a min/max of an allowed range of IDs.", - "type": "object", - "properties": { - "max": { - "description": "max is the end of the range, inclusive.", - "type": "integer", - "format": "int64" }, - "min": { - "description": "min is the start of the range, inclusive.", + "hostSubnetLength": { + "description": "hostSubnetLength is the number of bits of the accompanying CIDR address to allocate to each node. eg, 8 would mean that each node would have a /24 slice of the overlay network for its pod.", "type": "integer", - "format": "int64" + "format": "int64", + "default": 0 } } }, - "com.github.openshift.api.security.v1.PodSecurityPolicyReview": { - "description": "PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the `PodTemplateSpec` in question.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.openshiftcontrolplane.v1.DeployerControllerConfig": { "type": "object", "required": [ - "spec" + "imageTemplateFormat" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec is the PodSecurityPolicy to check.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.PodSecurityPolicyReviewSpec" - }, - "status": { - "description": "status represents the current information/status for the PodSecurityPolicyReview.", + "imageTemplateFormat": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.PodSecurityPolicyReviewStatus" + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ImageConfig" } } }, - "com.github.openshift.api.security.v1.PodSecurityPolicyReviewSpec": { - "description": "PodSecurityPolicyReviewSpec defines specification for PodSecurityPolicyReview", + "com.github.openshift.api.openshiftcontrolplane.v1.DockerPullSecretControllerConfig": { "type": "object", "required": [ - "template" + "registryURLs", + "internalRegistryHostname" ], "properties": { - "serviceAccountNames": { - "description": "serviceAccountNames is an optional set of ServiceAccounts to run the check with. If serviceAccountNames is empty, the template.spec.serviceAccountName is used, unless it's empty, in which case \"default\" is used instead. If serviceAccountNames is specified, template.spec.serviceAccountName is ignored.", + "internalRegistryHostname": { + "description": "internalRegistryHostname is the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format. Docker pull secrets will be generated for this registry.", + "type": "string", + "default": "" + }, + "registryURLs": { + "description": "registryURLs is a list of urls that the docker pull secrets should be valid for.", "type": "array", "items": { "type": "string", "default": "" } - }, - "template": { - "description": "template is the PodTemplateSpec to check. The template.spec.serviceAccountName field is used if serviceAccountNames is empty, unless the template.spec.serviceAccountName is empty, in which case \"default\" is used. If serviceAccountNames is specified, template.spec.serviceAccountName is ignored.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PodTemplateSpec" } } }, - "com.github.openshift.api.security.v1.PodSecurityPolicyReviewStatus": { - "description": "PodSecurityPolicyReviewStatus represents the status of PodSecurityPolicyReview.", + "com.github.openshift.api.openshiftcontrolplane.v1.FrontProxyConfig": { "type": "object", + "required": [ + "clientCA", + "allowedNames", + "usernameHeaders", + "groupHeaders", + "extraHeaderPrefixes" + ], "properties": { - "allowedServiceAccounts": { - "description": "allowedServiceAccounts returns the list of service accounts in *this* namespace that have the power to create the PodTemplateSpec.", + "allowedNames": { + "description": "allowedNames is an optional list of common names to require a match from.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.ServiceAccountPodSecurityPolicyReviewStatus" + "type": "string", + "default": "" } - } - } - }, - "com.github.openshift.api.security.v1.PodSecurityPolicySelfSubjectReview": { - "description": "PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodTemplateSpec\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", - "type": "object", - "required": [ - "spec" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "clientCA": { + "description": "clientCA is a path to the CA bundle to use to verify the common name of the front proxy's client cert", + "type": "string", + "default": "" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "extraHeaderPrefixes": { + "description": "extraHeaderPrefixes is the set of header prefixes to check for user extra", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "spec": { - "description": "spec defines specification the PodSecurityPolicySelfSubjectReview.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.PodSecurityPolicySelfSubjectReviewSpec" + "groupHeaders": { + "description": "groupHeaders is the set of headers to check for groups", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "status": { - "description": "status represents the current information/status for the PodSecurityPolicySelfSubjectReview.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewStatus" + "usernameHeaders": { + "description": "usernameHeaders is the set of headers to check for the username", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.security.v1.PodSecurityPolicySelfSubjectReviewSpec": { - "description": "PodSecurityPolicySelfSubjectReviewSpec contains specification for PodSecurityPolicySelfSubjectReview.", + "com.github.openshift.api.openshiftcontrolplane.v1.ImageConfig": { + "description": "ImageConfig holds the necessary configuration options for building image names for system components", "type": "object", "required": [ - "template" + "format", + "latest" ], "properties": { - "template": { - "description": "template is the PodTemplateSpec to check.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PodTemplateSpec" + "format": { + "description": "format is the format of the name to be built for the system component", + "type": "string", + "default": "" + }, + "latest": { + "description": "latest determines if the latest tag will be pulled from the registry", + "type": "boolean", + "default": false } } }, - "com.github.openshift.api.security.v1.PodSecurityPolicySubjectReview": { - "description": "PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.openshiftcontrolplane.v1.ImageImportControllerConfig": { "type": "object", "required": [ - "spec" + "maxScheduledImageImportsPerMinute", + "disableScheduledImport", + "scheduledImageImportMinimumIntervalSeconds" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "disableScheduledImport": { + "description": "disableScheduledImport allows scheduled background import of images to be disabled.", + "type": "boolean", + "default": false }, - "spec": { - "description": "spec defines specification for the PodSecurityPolicySubjectReview.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewSpec" + "maxScheduledImageImportsPerMinute": { + "description": "maxScheduledImageImportsPerMinute is the maximum number of image streams that will be imported in the background per minute. The default value is 60. Set to -1 for unlimited.", + "type": "integer", + "format": "int32", + "default": 0 }, - "status": { - "description": "status represents the current information/status for the PodSecurityPolicySubjectReview.", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewStatus" + "scheduledImageImportMinimumIntervalSeconds": { + "description": "scheduledImageImportMinimumIntervalSeconds is the minimum number of seconds that can elapse between when image streams scheduled for background import are checked against the upstream repository. The default value is 15 minutes.", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewSpec": { - "description": "PodSecurityPolicySubjectReviewSpec defines specification for PodSecurityPolicySubjectReview", + "com.github.openshift.api.openshiftcontrolplane.v1.ImagePolicyConfig": { "type": "object", "required": [ - "template" + "maxImagesBulkImportedPerRepository", + "allowedRegistriesForImport", + "internalRegistryHostname", + "externalRegistryHostnames", + "additionalTrustedCA" ], "properties": { - "groups": { - "description": "groups is the groups you're testing for.", + "additionalTrustedCA": { + "description": "additionalTrustedCA is a path to a pem bundle file containing additional CAs that should be trusted during imagestream import.", + "type": "string", + "default": "" + }, + "allowedRegistriesForImport": { + "description": "allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.RegistryLocation" + } + }, + "externalRegistryHostnames": { + "description": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.", "type": "array", "items": { "type": "string", "default": "" } }, - "template": { - "description": "template is the PodTemplateSpec to check. If template.spec.serviceAccountName is empty it will not be defaulted. If its non-empty, it will be checked.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PodTemplateSpec" + "imageStreamImportMode": { + "description": "imageStreamImportMode provides the import mode value for imagestreams. It can be `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.If this value is specified, this setting is applied to all newly created imagestreams which do not have the value set.\n\nPossible enum values:\n - `\"Legacy\"` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. This mode is the default.\n - `\"PreserveOriginal\"` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.", + "type": "string", + "default": "", + "enum": [ + "Legacy", + "PreserveOriginal" + ] }, - "user": { - "description": "user is the user you're testing for. If you specify \"user\" but not \"group\", then is it interpreted as \"What if user were not a member of any groups. If user and groups are empty, then the check is performed using *only* the serviceAccountName in the template.", - "type": "string" + "internalRegistryHostname": { + "description": "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format.", + "type": "string", + "default": "" + }, + "maxImagesBulkImportedPerRepository": { + "description": "maxImagesBulkImportedPerRepository controls the number of images that are imported when a user does a bulk import of a container repository. This number is set low to prevent users from importing large numbers of images accidentally. Set -1 for no limit.", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewStatus": { - "description": "PodSecurityPolicySubjectReviewStatus contains information/status for PodSecurityPolicySubjectReview.", + "com.github.openshift.api.openshiftcontrolplane.v1.IngressControllerConfig": { "type": "object", - "properties": { - "allowedBy": { - "description": "allowedBy is a reference to the rule that allows the PodTemplateSpec. A rule can be a SecurityContextConstraint or a PodSecurityPolicy A `nil`, indicates that it was denied.", - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" - }, - "reason": { - "description": "A machine-readable description of why this operation is in the \"Failure\" status. If this value is empty there is no information available.", - "type": "string" - }, - "template": { - "description": "template is the PodTemplateSpec after the defaulting is applied.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PodTemplateSpec" + "required": [ + "ingressIPNetworkCIDR" + ], + "properties": { + "ingressIPNetworkCIDR": { + "description": "ingressIPNetworkCIDR controls the range to assign ingress ips from for services of type LoadBalancer on bare metal. If empty, ingress ips will not be assigned. It may contain a single CIDR that will be allocated from. For security reasons, you should ensure that this range does not overlap with the CIDRs reserved for external ips, nodes, pods, or services.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.security.v1.RangeAllocation": { - "description": "RangeAllocation is used so we can easily expose a RangeAllocation typed for security group\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.openshiftcontrolplane.v1.JenkinsPipelineConfig": { + "description": "JenkinsPipelineConfig holds configuration for the Jenkins pipeline strategy", "type": "object", "required": [ - "range", - "data" + "autoProvisionEnabled", + "templateNamespace", + "templateName", + "serviceName", + "parameters" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "autoProvisionEnabled": { + "description": "autoProvisionEnabled determines whether a Jenkins server will be spawned from the provided template when the first build config in the project with type JenkinsPipeline is created. When not specified this option defaults to true.", + "type": "boolean" }, - "data": { - "description": "data is a byte array representing the serialized state of a range allocation. It is a bitmap with each bit set to one to represent a range is taken.", - "type": "string", - "format": "byte" + "parameters": { + "description": "parameters specifies a set of optional parameters to the Jenkins template.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "serviceName": { + "description": "serviceName is the name of the Jenkins service OpenShift uses to detect whether a Jenkins pipeline handler has already been installed in a project. This value *must* match a service name in the provided template.", + "type": "string", + "default": "" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "templateName": { + "description": "templateName is the name of the default Jenkins template", + "type": "string", + "default": "" }, - "range": { - "description": "range is a string representing a unique label for a range of uids, \"1000000000-2000000000/10000\".", + "templateNamespace": { + "description": "templateNamespace contains the namespace name where the Jenkins template is stored", "type": "string", "default": "" } } }, - "com.github.openshift.api.security.v1.RangeAllocationList": { - "description": "RangeAllocationList is a list of RangeAllocations objects\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.openshiftcontrolplane.v1.NetworkControllerConfig": { + "description": "MasterNetworkConfig to be passed to the compiled in network plugin", "type": "object", "required": [ - "items" + "networkPluginName", + "clusterNetworks", + "serviceNetworkCIDR", + "vxlanPort" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of RangeAllocations.", + "clusterNetworks": { + "description": "clusterNetworks contains a list of cluster networks that defines the global overlay networks L3 space.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.RangeAllocation" + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ClusterNetworkEntry" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.security.v1.RunAsUserStrategyOptions": { - "description": "RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.", - "type": "object", - "properties": { - "type": { - "description": "type is the strategy that will dictate what RunAsUser is used in the SecurityContext.", - "type": "string" - }, - "uid": { - "description": "uid is the user id that containers must run as. Required for the MustRunAs strategy if not using namespace/service account allocated uids.", - "type": "integer", - "format": "int64" + "networkPluginName": { + "type": "string", + "default": "" }, - "uidRangeMax": { - "description": "uidRangeMax defines the max value for a strategy that allocates by range.", - "type": "integer", - "format": "int64" + "serviceNetworkCIDR": { + "type": "string", + "default": "" }, - "uidRangeMin": { - "description": "uidRangeMin defines the min value for a strategy that allocates by range.", + "vxlanPort": { "type": "integer", - "format": "int64" - } - } - }, - "com.github.openshift.api.security.v1.SELinuxContextStrategyOptions": { - "description": "SELinuxContextStrategyOptions defines the strategy type and any options used to create the strategy.", - "type": "object", - "properties": { - "seLinuxOptions": { - "description": "seLinuxOptions required to run as; required for MustRunAs", - "$ref": "#/definitions/io.k8s.api.core.v1.SELinuxOptions" - }, - "type": { - "description": "type is the strategy that will dictate what SELinux context is used in the SecurityContext.", - "type": "string" + "format": "int64", + "default": 0 } } }, - "com.github.openshift.api.security.v1.SecurityContextConstraints": { - "description": "SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.openshiftcontrolplane.v1.OpenShiftAPIServerConfig": { + "description": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "priority", - "allowPrivilegedContainer", - "defaultAddCapabilities", - "requiredDropCapabilities", - "allowedCapabilities", - "allowHostDirVolumePlugin", - "volumes", - "allowHostNetwork", - "allowHostPorts", - "allowHostPID", - "allowHostIPC", - "readOnlyRootFilesystem" + "servingInfo", + "corsAllowedOrigins", + "auditConfig", + "storageConfig", + "admission", + "kubeClientConfig", + "aggregatorConfig", + "imagePolicyConfig", + "projectConfig", + "routingConfig", + "serviceAccountOAuthGrantMethod", + "jenkinsPipelineConfig", + "cloudProviderFile", + "apiServerArguments", + "apiServers" ], "properties": { - "allowHostDirVolumePlugin": { - "description": "allowHostDirVolumePlugin determines if the policy allow containers to use the HostDir volume plugin", - "type": "boolean", - "default": false - }, - "allowHostIPC": { - "description": "allowHostIPC determines if the policy allows host ipc in the containers.", - "type": "boolean", - "default": false - }, - "allowHostNetwork": { - "description": "allowHostNetwork determines if the policy allows the use of HostNetwork in the pod spec.", - "type": "boolean", - "default": false - }, - "allowHostPID": { - "description": "allowHostPID determines if the policy allows host pid in the containers.", - "type": "boolean", - "default": false - }, - "allowHostPorts": { - "description": "allowHostPorts determines if the policy allows host ports in the containers.", - "type": "boolean", - "default": false - }, - "allowPrivilegeEscalation": { - "description": "allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.", - "type": "boolean" - }, - "allowPrivilegedContainer": { - "description": "allowPrivilegedContainer determines if a container can request to be run as privileged.", - "type": "boolean", - "default": false + "admission": { + "description": "admissionConfig holds information about how to configure admission.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.AdmissionConfig" }, - "allowedCapabilities": { - "description": "allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field maybe added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities. To allow all capabilities you may use '*'.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "aggregatorConfig": { + "description": "aggregatorConfig contains information about how to verify the aggregator front proxy", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.FrontProxyConfig" }, - "allowedFlexVolumes": { - "description": "allowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the \"Volumes\" field.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.AllowedFlexVolume" - }, - "x-kubernetes-list-type": "atomic" + "apiServerArguments": { + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string", + "default": "" + } + } }, - "allowedUnsafeSysctls": { - "description": "allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.\n\nExamples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "apiServers": { + "description": "apiServers holds information about enabled/disabled API servers", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.APIServers" }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "defaultAddCapabilities": { - "description": "defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "auditConfig": { + "description": "auditConfig describes how to configure audit information", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.AuditConfig" }, - "defaultAllowPrivilegeEscalation": { - "description": "defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.", - "type": "boolean" + "cloudProviderFile": { + "description": "cloudProviderFile points to the cloud config file", + "type": "string", + "default": "" }, - "forbiddenSysctls": { - "description": "forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.\n\nExamples: e.g. \"foo/*\" forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", \"foo.baz\", etc.", + "corsAllowedOrigins": { + "description": "corsAllowedOrigins", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } }, - "fsGroup": { - "description": "fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.", + "imagePolicyConfig": { + "description": "imagePolicyConfig feeds the image policy admission plugin", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.FSGroupStrategyOptions" + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ImagePolicyConfig" }, - "groups": { - "description": "The groups that have permission to use this security context constraints", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "jenkinsPipelineConfig": { + "description": "jenkinsPipelineConfig holds information about the default Jenkins template used for JenkinsPipeline build strategy.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.JenkinsPipelineConfig" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "priority": { - "description": "priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields. The higher the int, the higher priority. An unset value is considered a 0 priority. If scores for multiple SCCs are equal they will be sorted from most restrictive to least restrictive. If both priorities and restrictions are equal the SCCs will be sorted by name.", - "type": "integer", - "format": "int32" - }, - "readOnlyRootFilesystem": { - "description": "readOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the SCC should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.", - "type": "boolean", - "default": false - }, - "requiredDropCapabilities": { - "description": "requiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "runAsUser": { - "description": "runAsUser is the strategy that will dictate what RunAsUser is used in the SecurityContext.", + "kubeClientConfig": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.RunAsUserStrategyOptions" + "$ref": "#/definitions/com.github.openshift.api.config.v1.KubeClientConfig" }, - "seLinuxContext": { - "description": "seLinuxContext is the strategy that will dictate what labels will be set in the SecurityContext.", + "projectConfig": { + "description": "projectConfig feeds an admission plugin", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.SELinuxContextStrategyOptions" - }, - "seccompProfiles": { - "description": "seccompProfiles lists the allowed profiles that may be set for the pod or container's seccomp annotations. An unset (nil) or empty value means that no profiles may be specifid by the pod or container.\tThe wildcard '*' may be used to allow all profiles. When used to generate a value for a pod the first non-wildcard profile will be used as the default.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ProjectConfig" }, - "supplementalGroups": { - "description": "supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.", + "routingConfig": { + "description": "routingConfig holds information about routing and route generation", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.SupplementalGroupsStrategyOptions" + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.RoutingConfig" }, - "userNamespaceLevel": { - "description": "userNamespaceLevel determines if the policy allows host users in containers. Valid values are \"AllowHostLevel\", \"RequirePodLevel\", and omitted. When \"AllowHostLevel\" is set, a pod author may set `hostUsers` to either `true` or `false`. When \"RequirePodLevel\" is set, a pod author must set `hostUsers` to `false`. When omitted, the default value is \"AllowHostLevel\".", + "serviceAccountOAuthGrantMethod": { + "description": "serviceAccountOAuthGrantMethod is used for determining client authorization for service account oauth client. It must be either: deny, prompt, or \"\"", "type": "string", - "default": "AllowHostLevel" + "default": "" }, - "users": { - "description": "The users who have permissions to use this security context constraints", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "servingInfo": { + "description": "servingInfo describes how to start serving", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" }, - "volumes": { - "description": "volumes is a white list of allowed volume plugins. FSType corresponds directly with the field names of a VolumeSource (azureFile, configMap, emptyDir). To allow all volumes you may use \"*\". To allow no volumes, set to [\"none\"].", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "storageConfig": { + "description": "storageConfig contains information about how to use", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.EtcdStorageConfig" } } }, - "com.github.openshift.api.security.v1.SecurityContextConstraintsList": { - "description": "SecurityContextConstraintsList is a list of SecurityContextConstraints objects\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.openshiftcontrolplane.v1.OpenShiftControllerManagerConfig": { + "description": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "items" + "servingInfo", + "leaderElection", + "controllers", + "resourceQuota", + "serviceServingCert", + "deployer", + "build", + "serviceAccount", + "dockerPullSecret", + "network", + "ingress", + "imageImport", + "securityAllocator", + "featureGates" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "List of security context constraints.", + "build": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.BuildControllerConfig" + }, + "controllers": { + "description": "controllers is a list of controllers to enable. '*' enables all on-by-default controllers, 'foo' enables the controller \"+ named 'foo', '-foo' disables the controller named 'foo'. Defaults to \"*\".", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.SecurityContextConstraints" + "type": "string", + "default": "" + } + }, + "deployer": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.DeployerControllerConfig" + }, + "dockerPullSecret": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.DockerPullSecretControllerConfig" + }, + "featureGates": { + "description": "featureGates are the set of extra OpenShift feature gates for openshift-controller-manager. These feature gates can be used to enable features that are tech preview or otherwise not available on OpenShift by default.", + "type": "array", + "items": { + "type": "string", + "default": "" } }, + "imageImport": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ImageImportControllerConfig" + }, + "ingress": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.IngressControllerConfig" + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "leaderElection": { + "description": "leaderElection defines the configuration for electing a controller instance to make changes to the cluster. If unspecified, the ControllerTTL value is checked to determine whether the legacy direct etcd election code will be used.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "com.github.openshift.api.security.v1.ServiceAccountPodSecurityPolicyReviewStatus": { - "description": "ServiceAccountPodSecurityPolicyReviewStatus represents ServiceAccount name and related review status", - "type": "object", - "required": [ - "name" - ], - "properties": { - "allowedBy": { - "description": "allowedBy is a reference to the rule that allows the PodTemplateSpec. A rule can be a SecurityContextConstraint or a PodSecurityPolicy A `nil`, indicates that it was denied.", - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + "$ref": "#/definitions/com.github.openshift.api.config.v1.LeaderElection" }, - "name": { - "description": "name contains the allowed and the denied ServiceAccount name", - "type": "string", - "default": "" + "network": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.NetworkControllerConfig" }, - "reason": { - "description": "A machine-readable description of why this operation is in the \"Failure\" status. If this value is empty there is no information available.", - "type": "string" + "resourceQuota": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ResourceQuotaControllerConfig" }, - "template": { - "description": "template is the PodTemplateSpec after the defaulting is applied.", + "securityAllocator": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.SecurityAllocator" + }, + "serviceAccount": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ServiceAccountControllerConfig" + }, + "serviceServingCert": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PodTemplateSpec" + "$ref": "#/definitions/com.github.openshift.api.openshiftcontrolplane.v1.ServiceServingCert" + }, + "servingInfo": { + "description": "servingInfo describes how to start serving", + "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" } } }, - "com.github.openshift.api.security.v1.SupplementalGroupsStrategyOptions": { - "description": "SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.", + "com.github.openshift.api.openshiftcontrolplane.v1.PerGroupOptions": { "type": "object", + "required": [ + "name", + "enabledVersions", + "disabledVersions" + ], "properties": { - "ranges": { - "description": "ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end.", + "disabledVersions": { + "description": "disabledVersions is a list of versions that must be disabled in addition to the defaults. Must not collide with the list of enabled versions", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.security.v1.IDRange" - }, - "x-kubernetes-list-type": "atomic" + "type": "string", + "default": "" + } }, - "type": { - "description": "type is the strategy that will dictate what supplemental groups is used in the SecurityContext.", - "type": "string" + "enabledVersions": { + "description": "enabledVersions is a list of versions that must be enabled in addition to the defaults. Must not collide with the list of disabled versions", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "name": { + "description": "name is an API server name (see OpenShiftAPIserverName typed constants for a complete list of available API servers).", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.securityinternal.v1.RangeAllocation": { - "description": "RangeAllocation is used so we can easily expose a RangeAllocation typed for security group This is an internal API, not intended for external consumption.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.openshiftcontrolplane.v1.ProjectConfig": { "type": "object", "required": [ - "range", - "data" + "defaultNodeSelector", + "projectRequestMessage", + "projectRequestTemplate" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "data": { - "description": "data is a byte array representing the serialized state of a range allocation. It is a bitmap with each bit set to one to represent a range is taken.", + "defaultNodeSelector": { + "description": "defaultNodeSelector holds default project node label selector", "type": "string", - "format": "byte" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "default": "" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "projectRequestMessage": { + "description": "projectRequestMessage is the string presented to a user if they are unable to request a project via the projectrequest api endpoint", + "type": "string", + "default": "" }, - "range": { - "description": "range is a string representing a unique label for a range of uids, \"1000000000-2000000000/10000\".", + "projectRequestTemplate": { + "description": "projectRequestTemplate is the template to use for creating projects in response to projectrequest. It is in the format namespace/template and it is optional. If it is not specified, a default template is used.", "type": "string", "default": "" } } }, - "com.github.openshift.api.securityinternal.v1.RangeAllocationList": { - "description": "RangeAllocationList is a list of RangeAllocations objects This is an internal API, not intended for external consumption.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.openshiftcontrolplane.v1.RegistryLocation": { + "description": "RegistryLocation contains a location of the registry specified by the registry domain name. The domain name might include wildcards, like '*' or '??'.", "type": "object", "required": [ - "items" + "domainName" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of RangeAllocations.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.securityinternal.v1.RangeAllocation" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "domainName": { + "description": "domainName specifies a domain name for the registry In case the registry use non-standard (80 or 443) port, the port should be included in the domain name as well.", + "type": "string", + "default": "" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "insecure": { + "description": "insecure indicates whether the registry is secure (https) or insecure (http) By default (if not specified) the registry is assumed as secure.", + "type": "boolean" } } }, - "com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfig": { - "description": "ServiceCertSignerOperatorConfig provides information to configure an operator to manage the service cert signing controllers\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.openshiftcontrolplane.v1.ResourceQuotaControllerConfig": { "type": "object", "required": [ - "metadata", - "spec", - "status" + "concurrentSyncs", + "syncPeriod", + "minResyncPeriod" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "concurrentSyncs": { + "type": "integer", + "format": "int32", + "default": 0 }, - "spec": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfigSpec" + "minResyncPeriod": { + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "status": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfigStatus" + "syncPeriod": { + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfigList": { - "description": "ServiceCertSignerOperatorConfigList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.openshiftcontrolplane.v1.RoutingConfig": { + "description": "RoutingConfig holds the necessary configuration options for routing to subdomains", "type": "object", "required": [ - "items" + "subdomain" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items contains the items", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfig" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "subdomain": { + "description": "subdomain is the suffix appended to $service.$namespace. to form the default route hostname DEPRECATED: This field is being replaced by routers setting their own defaults. This is the \"default\" route.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfigSpec": { + "com.github.openshift.api.openshiftcontrolplane.v1.SecurityAllocator": { + "description": "SecurityAllocator controls the automatic allocation of UIDs and MCS labels to a project. If nil, allocation is disabled.", "type": "object", "required": [ - "managementState" + "uidAllocatorRange", + "mcsAllocatorRange", + "mcsLabelsPerProject" ], "properties": { - "logLevel": { - "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" - }, - "managementState": { - "description": "managementState indicates whether and how the operator should manage the component", + "mcsAllocatorRange": { + "description": "mcsAllocatorRange defines the range of MCS categories that will be assigned to namespaces. The format is \"/[,]\". The default is \"s0/2\" and will allocate from c0 -> c1023, which means a total of 535k labels are available (1024 choose 2 ~ 535k). If this value is changed after startup, new projects may receive labels that are already allocated to other projects. Prefix may be any valid SELinux set of terms (including user, role, and type), although leaving them as the default will allow the server to set them automatically.\n\nExamples: * s0:/2 - Allocate labels from s0:c0,c0 to s0:c511,c511 * s0:/2,512 - Allocate labels from s0:c0,c0,c0 to s0:c511,c511,511", "type": "string", "default": "" }, - "observedConfig": { - "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - }, - "operatorLogLevel": { - "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", - "type": "string" + "mcsLabelsPerProject": { + "description": "mcsLabelsPerProject defines the number of labels that should be reserved per project. The default is 5 to match the default UID and MCS ranges (100k namespaces, 535k/5 labels).", + "type": "integer", + "format": "int32", + "default": 0 }, - "unsupportedConfigOverrides": { - "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "uidAllocatorRange": { + "description": "uidAllocatorRange defines the total set of Unix user IDs (UIDs) that will be allocated to projects automatically, and the size of the block each namespace gets. For example, 1000-1999/10 will allocate ten UIDs per namespace, and will be able to allocate up to 100 blocks before running out of space. The default is to allocate from 1 billion to 2 billion in 10k blocks (which is the expected size of the ranges container images will use once user namespaces are started).", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfigStatus": { + "com.github.openshift.api.openshiftcontrolplane.v1.ServiceAccountControllerConfig": { "type": "object", + "required": [ + "managedNames" + ], "properties": { - "conditions": { - "description": "conditions is a list of conditions and their status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "generations": { - "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "managedNames": { + "description": "managedNames is a list of service account names that will be auto-created in every namespace. If no names are specified, the ServiceAccountsController will not be started.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" - }, - "x-kubernetes-list-map-keys": [ - "group", - "resource", - "namespace", - "name" - ], - "x-kubernetes-list-type": "map" - }, - "latestAvailableRevision": { - "description": "latestAvailableRevision is the deploymentID of the most recent deployment", - "type": "integer", - "format": "int32" - }, - "observedGeneration": { - "description": "observedGeneration is the last generation change you've dealt with", - "type": "integer", - "format": "int64" - }, - "readyReplicas": { - "description": "readyReplicas indicates how many replicas are ready and at the desired state", - "type": "integer", - "format": "int32", - "default": 0 - }, - "version": { - "description": "version is the level this availability applies to", - "type": "string" + "type": "string", + "default": "" + } } } }, - "com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMap": { - "description": "SharedConfigMap allows a ConfigMap to be shared across namespaces. Pods can mount the shared ConfigMap by adding a CSI volume to the pod specification using the \"csi.sharedresource.openshift.io\" CSI driver and a reference to the SharedConfigMap in the volume attributes:\n\nspec:\n\n\tvolumes:\n\t- name: shared-configmap\n\t csi:\n\t driver: csi.sharedresource.openshift.io\n\t volumeAttributes:\n\t sharedConfigMap: my-share\n\nFor the mount to be successful, the pod's service account must be granted permission to 'use' the named SharedConfigMap object within its namespace with an appropriate Role and RoleBinding. For compactness, here are example `oc` invocations for creating such Role and RoleBinding objects.\n\n\t`oc create role shared-resource-my-share --verb=use --resource=sharedconfigmaps.sharedresource.openshift.io --resource-name=my-share`\n\t`oc create rolebinding shared-resource-my-share --role=shared-resource-my-share --serviceaccount=my-namespace:default`\n\nShared resource objects, in this case ConfigMaps, have default permissions of list, get, and watch for system authenticated users.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.openshiftcontrolplane.v1.ServiceServingCert": { + "description": "ServiceServingCert holds configuration for service serving cert signer which creates cert/key pairs for pods fulfilling a service to serve with.", "type": "object", "required": [ - "spec" + "signer" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "signer": { + "description": "signer holds the signing information used to automatically sign serving certificates. If this value is nil, then certs are not signed automatically.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.CertInfo" + } + } + }, + "com.github.openshift.api.openshiftcontrolplane.v1.SourceStrategyDefaultsConfig": { + "description": "SourceStrategyDefaultsConfig contains values that apply to builds using the source strategy.", + "type": "object", + "properties": { + "incremental": { + "description": "incremental indicates if s2i build strategies should perform an incremental build or not", + "type": "boolean" + } + } + }, + "com.github.openshift.api.operator.v1.AWSCSIDriverConfigSpec": { + "description": "AWSCSIDriverConfigSpec defines properties that can be configured for the AWS CSI driver.", + "type": "object", + "properties": { + "efsVolumeMetrics": { + "description": "efsVolumeMetrics sets the configuration for collecting metrics from EFS volumes used by the EFS CSI Driver.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSEFSVolumeMetrics" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "kmsKeyARN": { + "description": "kmsKeyARN sets the cluster default storage class to encrypt volumes with a user-defined KMS key, rather than the default KMS key used by AWS. The value may be either the ARN or Alias ARN of a KMS key.\n\nThe ARN must follow the format: arn::kms:::(key|alias)/, where: is the AWS partition (aws, aws-cn, aws-us-gov, aws-iso, aws-iso-b, aws-iso-e, aws-iso-f, or aws-eusc), is the AWS region, is a 12-digit numeric identifier for the AWS account, is the KMS key ID or alias name.", "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.AWSClassicLoadBalancerParameters": { + "description": "AWSClassicLoadBalancerParameters holds configuration parameters for an AWS Classic load balancer.", + "type": "object", + "properties": { + "connectionIdleTimeout": { + "description": "connectionIdleTimeout specifies the maximum time period that a connection may be idle before the load balancer closes the connection. The value must be parseable as a time duration value; see . A nil or zero value means no opinion, in which case a default value is used. The default value for this field is 60s. This default is subject to change.", + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec is the specification of the desired shared configmap", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapSpec" - }, - "status": { - "description": "status is the observed status of the shared configmap", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapStatus" + "subnets": { + "description": "subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10.\n\nIn order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values.\n\nWhen omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSSubnets" } } }, - "com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapList": { - "description": "SharedConfigMapList contains a list of SharedConfigMap objects.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.operator.v1.AWSEFSVolumeMetrics": { + "description": "AWSEFSVolumeMetrics defines the configuration for volume metrics in the EFS CSI Driver.", "type": "object", "required": [ - "items" + "state" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "recursiveWalk": { + "description": "recursiveWalk provides additional configuration for collecting volume metrics in the AWS EFS CSI Driver when the state is set to RecursiveWalk.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSEFSVolumeMetricsRecursiveWalkConfig" }, - "items": { - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMap" + "state": { + "description": "state defines the state of metric collection in the AWS EFS CSI Driver. This field is required and must be set to one of the following values: Disabled or RecursiveWalk. Disabled means no metrics collection will be performed. This is the default value. RecursiveWalk means the AWS EFS CSI Driver will recursively scan volumes to collect metrics. This process may result in high CPU and memory usage, depending on the volume size.", + "type": "string", + "default": "" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "state", + "fields-to-discriminateBy": { + "recursiveWalk": "RecursiveWalk" } + } + ] + }, + "com.github.openshift.api.operator.v1.AWSEFSVolumeMetricsRecursiveWalkConfig": { + "description": "AWSEFSVolumeMetricsRecursiveWalkConfig defines options for volume metrics in the EFS CSI Driver.", + "type": "object", + "properties": { + "fsRateLimit": { + "description": "fsRateLimit defines the rate limit, in goroutines per file system, for processing volume metrics. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 5. The valid range is from 1 to 100 goroutines.", + "type": "integer", + "format": "int32" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "refreshPeriodMinutes": { + "description": "refreshPeriodMinutes specifies the frequency, in minutes, at which volume metrics are refreshed. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 240. The valid range is from 1 to 43200 minutes (30 days).", + "type": "integer", + "format": "int32" } } }, - "com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapReference": { - "description": "SharedConfigMapReference contains information about which ConfigMap to share", + "com.github.openshift.api.operator.v1.AWSLoadBalancerParameters": { + "description": "AWSLoadBalancerParameters provides configuration settings that are specific to AWS load balancers.", "type": "object", "required": [ - "name", - "namespace" + "type" ], "properties": { - "name": { - "description": "name represents the name of the ConfigMap that is being referenced.", - "type": "string", - "default": "" + "classicLoadBalancer": { + "description": "classicLoadBalancerParameters holds configuration parameters for an AWS classic load balancer. Present only if type is Classic.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSClassicLoadBalancerParameters" }, - "namespace": { - "description": "namespace represents the namespace where the referenced ConfigMap is located.", + "networkLoadBalancer": { + "description": "networkLoadBalancerParameters holds configuration parameters for an AWS network load balancer. Present only if type is NLB.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSNetworkLoadBalancerParameters" + }, + "type": { + "description": "type is the type of AWS load balancer to instantiate for an ingresscontroller.\n\nValid values are:\n\n* \"Classic\": A Classic Load Balancer that makes routing decisions at either\n the transport layer (TCP/SSL) or the application layer (HTTP/HTTPS). See\n the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb\n\n* \"NLB\": A Network Load Balancer that makes routing decisions at the\n transport layer (TCP/SSL). See the following for additional details:\n\n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb", "type": "string", "default": "" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "classicLoadBalancer": "ClassicLoadBalancerParameters", + "networkLoadBalancer": "NetworkLoadBalancerParameters" + } + } + ] }, - "com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapSpec": { - "description": "SharedConfigMapSpec defines the desired state of a SharedConfigMap", + "com.github.openshift.api.operator.v1.AWSNetworkLoadBalancerParameters": { + "description": "AWSNetworkLoadBalancerParameters holds configuration parameters for an AWS Network load balancer. For Example: Setting AWS EIPs https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html", "type": "object", - "required": [ - "configMapRef" - ], "properties": { - "configMapRef": { - "description": "configMapRef is a reference to the ConfigMap to share", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapReference" + "eipAllocations": { + "description": "eipAllocations is a list of IDs for Elastic IP (EIP) addresses that are assigned to the Network Load Balancer. The following restrictions apply:\n\neipAllocations can only be used with external scope, not internal. An EIP can be allocated to only a single IngressController. The number of EIP allocations must match the number of subnets that are used for the load balancer. Each EIP allocation must be unique. A maximum of 10 EIP allocations are permitted.\n\nSee https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html for general information about configuration, characteristics, and limitations of Elastic IP addresses.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "description": { - "description": "description is a user readable explanation of what the backing resource provides.", - "type": "string" + "subnets": { + "description": "subnets specifies the subnets to which the load balancer will attach. The subnets may be specified by either their ID or name. The total number of subnets is limited to 10.\n\nIn order for the load balancer to be provisioned with subnets, each subnet must exist, each subnet must be from a different availability zone, and the load balancer service must be recreated to pick up new values.\n\nWhen omitted from the spec, the subnets will be auto-discovered for each availability zone. Auto-discovered subnets are not reported in the status of the IngressController object.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSSubnets" } } }, - "com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapStatus": { - "description": "SharedSecretStatus contains the observed status of the shared resource", + "com.github.openshift.api.operator.v1.AWSSubnets": { + "description": "AWSSubnets contains a list of references to AWS subnets by ID or name.", "type": "object", "properties": { - "conditions": { - "description": "conditions represents any observations made on this particular shared resource by the underlying CSI driver or Share controller.", + "ids": { + "description": "ids specifies a list of AWS subnets by subnet ID. Subnet IDs must start with \"subnet-\", consist only of alphanumeric characters, must be exactly 24 characters long, must be unique, and the total number of subnets specified by ids and names must not exceed 10.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" + }, + "names": { + "description": "names specifies a list of AWS subnets by subnet name. Subnet names must not start with \"subnet-\", must not include commas, must be under 256 characters in length, must be unique, and the total number of subnets specified by ids and names must not exceed 10.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "com.github.openshift.api.sharedresource.v1alpha1.SharedSecret": { - "description": "SharedSecret allows a Secret to be shared across namespaces. Pods can mount the shared Secret by adding a CSI volume to the pod specification using the \"csi.sharedresource.openshift.io\" CSI driver and a reference to the SharedSecret in the volume attributes:\n\nspec:\n\n\tvolumes:\n\t- name: shared-secret\n\t csi:\n\t driver: csi.sharedresource.openshift.io\n\t volumeAttributes:\n\t sharedSecret: my-share\n\nFor the mount to be successful, the pod's service account must be granted permission to 'use' the named SharedSecret object within its namespace with an appropriate Role and RoleBinding. For compactness, here are example `oc` invocations for creating such Role and RoleBinding objects.\n\n\t`oc create role shared-resource-my-share --verb=use --resource=sharedsecrets.sharedresource.openshift.io --resource-name=my-share`\n\t`oc create rolebinding shared-resource-my-share --role=shared-resource-my-share --serviceaccount=my-namespace:default`\n\nShared resource objects, in this case Secrets, have default permissions of list, get, and watch for system authenticated users.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.operator.v1.AccessLogging": { + "description": "AccessLogging describes how client requests should be logged.", "type": "object", "required": [ - "spec" + "destination" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "destination": { + "description": "destination is where access logs go.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.LoggingDestination" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "httpCaptureCookies": { + "description": "httpCaptureCookies specifies HTTP cookies that should be captured in access logs. If this field is empty, no cookies are captured.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookie" + }, + "x-kubernetes-list-type": "atomic" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "httpCaptureHeaders": { + "description": "httpCaptureHeaders defines HTTP headers that should be captured in access logs. If this field is empty, no headers are captured.\n\nNote that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be captured for TLS passthrough connections.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeaders" }, - "spec": { - "description": "spec is the specification of the desired shared secret", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedSecretSpec" + "httpLogFormat": { + "description": "httpLogFormat specifies the format of the log message for an HTTP request.\n\nIf this field is empty, log messages use the implementation's default HTTP log format. For HAProxy's default HTTP log format, see the HAProxy documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3\n\nNote that this format only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). It does not affect the log format for TLS passthrough connections.", + "type": "string" }, - "status": { - "description": "status is the observed status of the shared secret", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedSecretStatus" + "logEmptyRequests": { + "description": "logEmptyRequests specifies how connections on which no request is received should be logged. Typically, these empty requests come from load balancers' health probes or Web browsers' speculative connections (\"preconnect\"), in which case logging these requests may be undesirable. However, these requests may also be caused by network errors, in which case logging empty requests may be useful for diagnosing the errors. In addition, these requests may be caused by port scans, in which case logging empty requests may aid in detecting intrusion attempts. Allowed values for this field are \"Log\" and \"Ignore\". The default value is \"Log\".", + "type": "string" } } }, - "com.github.openshift.api.sharedresource.v1alpha1.SharedSecretList": { - "description": "SharedSecretList contains a list of SharedSecret objects.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support.", + "com.github.openshift.api.operator.v1.AddPage": { + "description": "AddPage allows customizing actions on the Add page in developer perspective.", "type": "object", - "required": [ - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { + "disabledActions": { + "description": "disabledActions is a list of actions that are not shown to users. Each action in the list is represented by its ID.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedSecret" + "type": "string", + "default": "" } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "com.github.openshift.api.sharedresource.v1alpha1.SharedSecretReference": { - "description": "SharedSecretReference contains information about which Secret to share", + "com.github.openshift.api.operator.v1.AdditionalNetworkDefinition": { + "description": "AdditionalNetworkDefinition configures an extra network that is available but not created by default. Instead, pods must request them by name. type must be specified, along with exactly one \"Config\" that matches the type.", "type": "object", "required": [ - "name", - "namespace" + "type", + "name" ], "properties": { "name": { - "description": "name represents the name of the Secret that is being referenced.", + "description": "name is the name of the network. This will be populated in the resulting CRD This must be unique.", "type": "string", "default": "" }, "namespace": { - "description": "namespace represents the namespace where the referenced Secret is located.", + "description": "namespace is the namespace of the network. This will be populated in the resulting CRD If not given the network will be created in the default namespace.", + "type": "string" + }, + "rawCNIConfig": { + "description": "rawCNIConfig is the raw CNI configuration json to create in the NetworkAttachmentDefinition CRD", + "type": "string" + }, + "simpleMacvlanConfig": { + "description": "simpleMacvlanConfig configures the macvlan interface in case of type:NetworkTypeSimpleMacvlan", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.SimpleMacvlanConfig" + }, + "type": { + "description": "type is the type of network The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan", "type": "string", "default": "" } } }, - "com.github.openshift.api.sharedresource.v1alpha1.SharedSecretSpec": { - "description": "SharedSecretSpec defines the desired state of a SharedSecret", + "com.github.openshift.api.operator.v1.AdditionalRoutingCapabilities": { + "description": "AdditionalRoutingCapabilities describes components and relevant configuration providing advanced routing capabilities.", "type": "object", "required": [ - "secretRef" + "providers" ], "properties": { - "description": { - "description": "description is a user readable explanation of what the backing resource provides.", - "type": "string" - }, - "secretRef": { - "description": "secretRef is a reference to the Secret to share", - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedSecretReference" - } - } - }, - "com.github.openshift.api.sharedresource.v1alpha1.SharedSecretStatus": { - "description": "SharedSecretStatus contains the observed status of the shared resource", - "type": "object", - "properties": { - "conditions": { - "description": "conditions represents any observations made on this particular shared resource by the underlying CSI driver or Share controller.", + "providers": { + "description": "providers is a set of enabled components that provide additional routing capabilities. Entries on this list must be unique. The only valid value is currrently \"FRR\" which provides FRR routing capabilities through the deployment of FRR.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "type": "string", + "default": "" }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" + "x-kubernetes-list-type": "atomic" } } - }, - "com.github.openshift.api.template.v1.BrokerTemplateInstance": { - "description": "BrokerTemplateInstance holds the service broker-related state associated with a TemplateInstance. BrokerTemplateInstance is part of an experimental API.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + }, + "com.github.openshift.api.operator.v1.Authentication": { + "description": "Authentication provides information to configure an operator to manage authentication.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "spec" @@ -40185,19 +41018,23 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { - "description": "spec describes the state of this BrokerTemplateInstance.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.template.v1.BrokerTemplateInstanceSpec" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AuthenticationSpec" + }, + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AuthenticationStatus" } } }, - "com.github.openshift.api.template.v1.BrokerTemplateInstanceList": { - "description": "BrokerTemplateInstanceList is a list of BrokerTemplateInstance objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.AuthenticationList": { + "description": "AuthenticationList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -40206,11 +41043,10 @@ "type": "string" }, "items": { - "description": "items is a list of BrokerTemplateInstances", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.template.v1.BrokerTemplateInstance" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Authentication" } }, "kind": { @@ -40220,127 +41056,257 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.template.v1.BrokerTemplateInstanceSpec": { - "description": "BrokerTemplateInstanceSpec describes the state of a BrokerTemplateInstance.", + "com.github.openshift.api.operator.v1.AuthenticationSpec": { "type": "object", "required": [ - "templateInstance", - "secret" + "managementState" ], "properties": { - "bindingIDs": { - "description": "bindingIDs is a list of 'binding_id's provided during successive bind calls to the template service broker.", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.operator.v1.AuthenticationStatus": { + "type": "object", + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "secret": { - "description": "secret is a reference to a Secret object residing in a namespace, containing the necessary template parameters.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "templateInstance": { - "description": "templateInstance is a reference to a TemplateInstance object residing in a namespace.", + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" + }, + "oauthAPIServer": { + "description": "oauthAPIServer holds status specific only to oauth-apiserver", "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OAuthAPIServerStatus" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } } }, - "com.github.openshift.api.template.v1.Parameter": { - "description": "Parameter defines a name/value variable that is to be processed during the Template to Config transformation.", + "com.github.openshift.api.operator.v1.AzureCSIDriverConfigSpec": { + "description": "AzureCSIDriverConfigSpec defines properties that can be configured for the Azure CSI driver.", + "type": "object", + "properties": { + "diskEncryptionSet": { + "description": "diskEncryptionSet sets the cluster default storage class to encrypt volumes with a customer-managed encryption set, rather than the default platform-managed keys.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AzureDiskEncryptionSet" + } + } + }, + "com.github.openshift.api.operator.v1.AzureDiskEncryptionSet": { + "description": "AzureDiskEncryptionSet defines the configuration for a disk encryption set.", "type": "object", "required": [ + "subscriptionID", + "resourceGroup", "name" ], "properties": { - "description": { - "description": "description of a parameter. Optional.", - "type": "string" - }, - "displayName": { - "description": "Optional: The name that will show in UI instead of parameter 'Name'", - "type": "string" - }, - "from": { - "description": "from is an input value for the generator. Optional.", - "type": "string" - }, - "generate": { - "description": "generate specifies the generator to be used to generate random string from an input value specified by From field. The result string is stored into Value field. If empty, no generator is being used, leaving the result Value untouched. Optional.\n\nThe only supported generator is \"expression\", which accepts a \"from\" value in the form of a simple regular expression containing the range expression \"[a-zA-Z0-9]\", and the length expression \"a{length}\".\n\nExamples:\n\nfrom | value ----------------------------- \"test[0-9]{1}x\" | \"test7x\" \"[0-1]{8}\" | \"01001100\" \"0x[A-F0-9]{4}\" | \"0xB3AF\" \"[a-zA-Z0-9]{8}\" | \"hW4yQU5i\"", - "type": "string" - }, "name": { - "description": "name must be set and it can be referenced in Template Items using ${PARAMETER_NAME}. Required.", + "description": "name is the name of the disk encryption set that will be set on the default storage class. The value should consist of only alphanumberic characters, underscores (_), hyphens, and be at most 80 characters in length.", "type": "string", "default": "" }, - "required": { - "description": "Optional: Indicates the parameter must have a value. Defaults to false.", - "type": "boolean" + "resourceGroup": { + "description": "resourceGroup defines the Azure resource group that contains the disk encryption set. The value should consist of only alphanumberic characters, underscores (_), parentheses, hyphens and periods. The value should not end in a period and be at most 90 characters in length.", + "type": "string", + "default": "" }, - "value": { - "description": "value holds the Parameter data. If specified, the generator will be ignored. The value replaces all occurrences of the Parameter ${Name} expression during the Template to Config transformation. Optional.", - "type": "string" + "subscriptionID": { + "description": "subscriptionID defines the Azure subscription that contains the disk encryption set. The value should meet the following conditions: 1. It should be a 128-bit number. 2. It should be 36 characters (32 hexadecimal characters and 4 hyphens) long. 3. It should be displayed in five groups separated by hyphens (-). 4. The first group should be 8 characters long. 5. The second, third, and fourth groups should be 4 characters long. 6. The fifth group should be 12 characters long. An Example SubscrionID: f2007bbf-f802-4a47-9336-cf7c6b89b378", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.template.v1.Template": { - "description": "Template contains the inputs needed to produce a Config.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.BGPManagedConfig": { + "description": "BGPManagedConfig contains configuration options for BGP when routing is \"Managed\".", "type": "object", "required": [ - "objects" + "bgpTopology" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "asNumber": { + "description": "asNumber is the 2-byte or 4-byte Autonomous System Number (ASN) to be used in the generated FRR configuration. Valid values are 1 to 4294967295. When omitted, this defaults to 64512.", + "type": "integer", + "format": "int64", + "default": 64512 }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "bgpTopology": { + "description": "bgpTopology defines the BGP topology to be used. Allowed values are \"FullMesh\". When set to \"FullMesh\", every node peers directly with every other node via BGP. This field is required when BGPManagedConfig is specified.", "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.BootImageSkewEnforcementConfig": { + "description": "BootImageSkewEnforcementConfig is used to configure how boot image version skew is enforced on the cluster.", + "type": "object", + "required": [ + "mode" + ], + "properties": { + "manual": { + "description": "manual describes the current boot image of the cluster. This should be set to the oldest boot image used amongst all machine resources in the cluster. This must include either the RHCOS version of the boot image or the OCP release version which shipped with that RHCOS boot image. Required when mode is set to \"Manual\" and forbidden otherwise.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterBootImageManual" }, - "labels": { - "description": "labels is a optional set of labels that are applied to every object during the Template to Config transformation.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "message": { - "description": "message is an optional instructional message that will be displayed when this template is instantiated. This field should inform the user how to utilize the newly created resources. Parameter substitution will be performed on the message before being displayed so that generated credentials and other parameters can be included in the output.", + "mode": { + "description": "mode determines the underlying behavior of skew enforcement mechanism. Valid values are Manual and None. Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP & RHCOS version associated with the last boot image update in the manual field. In Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the skew limit described by the release image. None means that the MCO will no longer monitor the boot image skew. This may affect the cluster's ability to scale. This field is required.", "type": "string" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "mode", + "fields-to-discriminateBy": { + "manual": "Manual" + } + } + ] + }, + "com.github.openshift.api.operator.v1.BootImageSkewEnforcementStatus": { + "description": "BootImageSkewEnforcementStatus is the type for the status object. It represents the cluster defaults when the boot image skew enforcement configuration is undefined and reflects the actual configuration when it is defined.", + "type": "object", + "required": [ + "mode" + ], + "properties": { + "automatic": { + "description": "automatic describes the current boot image of the cluster. This will be populated by the MCO when performing boot image updates. This value will be compared against the cluster's skew limit to determine skew compliance. Required when mode is set to \"Automatic\" and forbidden otherwise.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterBootImageAutomatic" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "manual": { + "description": "manual describes the current boot image of the cluster. This will be populated by the MCO using the values provided in the spec.bootImageSkewEnforcement.manual field. This value will be compared against the cluster's skew limit to determine skew compliance. Required when mode is set to \"Manual\" and forbidden otherwise.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterBootImageManual" }, - "objects": { - "description": "objects is an array of resources to include in this template. If a namespace value is hardcoded in the object, it will be removed during template instantiation, however if the namespace value is, or contains, a ${PARAMETER_REFERENCE}, the resolved value after parameter substitution will be respected and the object will be created in that namespace.", - "type": "array", - "items": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "mode": { + "description": "mode determines the underlying behavior of skew enforcement mechanism. Valid values are Automatic, Manual and None. Automatic means that the MCO will perform boot image updates and store the OCP & RHCOS version associated with the last boot image update in the automatic field. Manual means that the cluster admin is expected to perform manual boot image updates and store the OCP & RHCOS version associated with the last boot image update in the manual field. In Automatic and Manual mode, the MCO will prevent upgrades when the boot image skew exceeds the skew limit described by the release image. None means that the MCO will no longer monitor the boot image skew. This may affect the cluster's ability to scale. This field is required.", + "type": "string" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "mode", + "fields-to-discriminateBy": { + "automatic": "Automatic", + "manual": "Manual" } + } + ] + }, + "com.github.openshift.api.operator.v1.CSIDriverConfigSpec": { + "description": "CSIDriverConfigSpec defines configuration spec that can be used to optionally configure a specific CSI Driver.", + "type": "object", + "required": [ + "driverType" + ], + "properties": { + "aws": { + "description": "aws is used to configure the AWS CSI driver.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSCSIDriverConfigSpec" }, - "parameters": { - "description": "parameters is an optional array of Parameters used during the Template to Config transformation.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.template.v1.Parameter" + "azure": { + "description": "azure is used to configure the Azure CSI driver.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AzureCSIDriverConfigSpec" + }, + "driverType": { + "description": "driverType indicates type of CSI driver for which the driverConfig is being applied to. Valid values are: AWS, Azure, GCP, IBMCloud, vSphere and omitted. Consumers should treat unknown values as a NO-OP.", + "type": "string", + "default": "" + }, + "gcp": { + "description": "gcp is used to configure the GCP CSI driver.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GCPCSIDriverConfigSpec" + }, + "ibmcloud": { + "description": "ibmcloud is used to configure the IBM Cloud CSI driver.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IBMCloudCSIDriverConfigSpec" + }, + "vSphere": { + "description": "vSphere is used to configure the vsphere CSI driver.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.VSphereCSIDriverConfigSpec" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "driverType", + "fields-to-discriminateBy": { + "aws": "AWS", + "azure": "Azure", + "gcp": "GCP", + "ibmcloud": "IBMCloud", + "vSphere": "VSphere" } } - } + ] }, - "com.github.openshift.api.template.v1.TemplateInstance": { - "description": "TemplateInstance requests and records the instantiation of a Template. TemplateInstance is part of an experimental API.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.CSISnapshotController": { + "description": "CSISnapshotController provides a means to configure an operator to manage the CSI snapshots. `cluster` is the canonical name.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "spec" @@ -40357,59 +41323,22 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { - "description": "spec describes the desired state of this TemplateInstance.", + "description": "spec holds user settable values for configuration", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.template.v1.TemplateInstanceSpec" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.CSISnapshotControllerSpec" }, "status": { - "description": "status describes the current state of this TemplateInstance.", + "description": "status holds observed values from the cluster. They may not be overridden.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.template.v1.TemplateInstanceStatus" - } - } - }, - "com.github.openshift.api.template.v1.TemplateInstanceCondition": { - "description": "TemplateInstanceCondition contains condition information for a TemplateInstance.", - "type": "object", - "required": [ - "type", - "status", - "lastTransitionTime", - "reason", - "message" - ], - "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time a condition status transitioned from one state to another.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "message": { - "description": "message is a human readable description of the details of the last transition, complementing reason.", - "type": "string", - "default": "" - }, - "reason": { - "description": "reason is a brief machine readable explanation for the condition's last transition.", - "type": "string", - "default": "" - }, - "status": { - "description": "status of the condition, one of True, False or Unknown.", - "type": "string", - "default": "" - }, - "type": { - "description": "type of the condition, currently Ready or InstantiateFailure.", - "type": "string", - "default": "" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.CSISnapshotControllerStatus" } } }, - "com.github.openshift.api.template.v1.TemplateInstanceList": { - "description": "TemplateInstanceList is a list of TemplateInstance objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.CSISnapshotControllerList": { + "description": "CSISnapshotControllerList contains a list of CSISnapshotControllers.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "items" @@ -40420,11 +41349,10 @@ "type": "string" }, "items": { - "description": "items is a list of Templateinstances", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.template.v1.TemplateInstance" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.CSISnapshotController" } }, "kind": { @@ -40434,133 +41362,167 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.template.v1.TemplateInstanceObject": { - "description": "TemplateInstanceObject references an object created by a TemplateInstance.", + "com.github.openshift.api.operator.v1.CSISnapshotControllerSpec": { + "description": "CSISnapshotControllerSpec is the specification of the desired behavior of the CSISnapshotController operator.", "type": "object", + "required": [ + "managementState" + ], "properties": { - "ref": { - "description": "ref is a reference to the created object. When used under .spec, only name and namespace are used; these can contain references to parameters which will be substituted following the usual rules.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.template.v1.TemplateInstanceRequester": { - "description": "TemplateInstanceRequester holds the identity of an agent requesting a template instantiation.", + "com.github.openshift.api.operator.v1.CSISnapshotControllerStatus": { + "description": "CSISnapshotControllerStatus defines the observed status of the CSISnapshotController operator.", "type": "object", "properties": { - "extra": { - "description": "extra holds additional information provided by the authenticator.", - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string", - "default": "" - } - } + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "groups": { - "description": "groups represent the groups this user is a part of.", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { - "type": "string", - "default": "" - } + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "uid": { - "description": "uid is a unique value that identifies this user across time; if this user is deleted and another user by the same name is added, they will have different UIDs.", - "type": "string" + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" }, - "username": { - "description": "username uniquely identifies this user among all active users.", + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", "type": "string" } } }, - "com.github.openshift.api.template.v1.TemplateInstanceSpec": { - "description": "TemplateInstanceSpec describes the desired state of a TemplateInstance.", + "com.github.openshift.api.operator.v1.Capability": { + "description": "Capabilities contains set of UI capabilities and their state in the console UI.", "type": "object", "required": [ - "template" + "name", + "visibility" ], "properties": { - "requester": { - "description": "requester holds the identity of the agent requesting the template instantiation.", - "$ref": "#/definitions/com.github.openshift.api.template.v1.TemplateInstanceRequester" - }, - "secret": { - "description": "secret is a reference to a Secret object containing the necessary template parameters.", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + "name": { + "description": "name is the unique name of a capability. Available capabilities are LightspeedButton, GettingStartedBanner, and GuidedTour.", + "type": "string", + "default": "" }, - "template": { - "description": "template is a full copy of the template for instantiation.", + "visibility": { + "description": "visibility defines the visibility state of the capability.", "default": {}, - "$ref": "#/definitions/com.github.openshift.api.template.v1.Template" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.CapabilityVisibility" } } }, - "com.github.openshift.api.template.v1.TemplateInstanceStatus": { - "description": "TemplateInstanceStatus describes the current state of a TemplateInstance.", + "com.github.openshift.api.operator.v1.CapabilityVisibility": { + "description": "CapabilityVisibility defines the criteria to enable/disable a capability.", "type": "object", + "required": [ + "state" + ], "properties": { - "conditions": { - "description": "conditions represent the latest available observations of a TemplateInstance's current state.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.template.v1.TemplateInstanceCondition" - } - }, - "objects": { - "description": "objects references the objects created by the TemplateInstance.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.template.v1.TemplateInstanceObject" - } + "state": { + "description": "state defines if the capability is enabled or disabled in the console UI. Enabling the capability in the console UI is represented by the \"Enabled\" value. Disabling the capability in the console UI is represented by the \"Disabled\" value.", + "type": "string", + "default": "" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "state", + "fields-to-discriminateBy": {} + } + ] }, - "com.github.openshift.api.template.v1.TemplateList": { - "description": "TemplateList is a list of Template objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.ClientTLS": { + "description": "ClientTLS specifies TLS configuration to enable client-to-server authentication, which can be used for mutual TLS.", "type": "object", "required": [ - "items" + "clientCertificatePolicy", + "clientCA" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "items is a list of templates", + "allowedSubjectPatterns": { + "description": "allowedSubjectPatterns specifies a list of regular expressions that should be matched against the distinguished name on a valid client certificate to filter requests. The regular expressions must use PCRE syntax. If this list is empty, no filtering is performed. If the list is nonempty, then at least one pattern must match a client certificate's distinguished name or else the ingress controller rejects the certificate and denies the connection.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.template.v1.Template" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "clientCA": { + "description": "clientCA specifies a configmap containing the PEM-encoded CA certificate bundle that should be used to verify a client's certificate. The administrator must create this configmap in the openshift-config namespace.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + }, + "clientCertificatePolicy": { + "description": "clientCertificatePolicy specifies whether the ingress controller requires clients to provide certificates. This field accepts the values \"Required\" or \"Optional\".\n\nNote that the ingress controller only checks client certificates for edge-terminated and reencrypt TLS routes; it cannot check certificates for cleartext HTTP or passthrough TLS routes.", + "type": "string", + "default": "" } } }, - "com.github.openshift.api.user.v1.Group": { - "description": "Group represents a referenceable set of Users\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.CloudCredential": { + "description": "CloudCredential provides a means to configure an operator to manage CredentialsRequests.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "users" + "spec" ], "properties": { "apiVersion": { @@ -40574,22 +41536,23 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "users": { - "description": "users is the list of users in this group.", - "type": "array", - "items": { - "type": "string", - "default": "" - } + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.CloudCredentialSpec" + }, + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.CloudCredentialStatus" } } }, - "com.github.openshift.api.user.v1.GroupList": { - "description": "GroupList is a collection of Groups\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.CloudCredentialList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -40598,11 +41561,10 @@ "type": "string" }, "items": { - "description": "items is the list of groups", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.user.v1.Group" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.CloudCredential" } }, "kind": { @@ -40612,142 +41574,152 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.user.v1.Identity": { - "description": "Identity records a successful authentication of a user with an identity provider. The information about the source of authentication is stored on the identity, and the identity is then associated with a single user object. Multiple identities can reference a single user. Information retrieved from the authentication provider is stored in the extra field using a schema determined by the provider.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.CloudCredentialSpec": { + "description": "CloudCredentialSpec is the specification of the desired behavior of the cloud-credential-operator.", "type": "object", "required": [ - "providerName", - "providerUserName", - "user" + "managementState" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "credentialsMode": { + "description": "credentialsMode allows informing CCO that it should not attempt to dynamically determine the root cloud credentials capabilities, and it should just run in the specified mode. It also allows putting the operator into \"manual\" mode if desired. Leaving the field in default mode runs CCO so that the cluster's cloud credentials will be dynamically probed for capabilities (on supported clouds/platforms). Supported modes:\n AWS/Azure/GCP: \"\" (Default), \"Mint\", \"Passthrough\", \"Manual\"\n Others: Do not set value as other platforms only support running in \"Passthrough\"", "type": "string" }, - "extra": { - "description": "extra holds extra information about this identity", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "providerName": { - "description": "providerName is the source of identity information", + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", "default": "" }, - "providerUserName": { - "description": "providerUserName uniquely represents this identity in the scope of the provider", - "type": "string", - "default": "" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" }, - "user": { - "description": "user is a reference to the user this identity is associated with Both Name and UID must be set", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } } }, - "com.github.openshift.api.user.v1.IdentityList": { - "description": "IdentityList is a collection of Identities\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.CloudCredentialStatus": { + "description": "CloudCredentialStatus defines the observed status of the cloud-credential-operator.", "type": "object", - "required": [ - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "items": { - "description": "items is the list of identities", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.user.v1.Identity" - } + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.ClusterBootImageAutomatic": { + "description": "ClusterBootImageAutomatic is used to describe the cluster boot image in Automatic mode. It stores the RHCOS version of the boot image and the OCP release version which shipped with that RHCOS boot image. At least one of these values are required. If ocpVersion and rhcosVersion are defined, both values will be used for checking skew compliance. If only ocpVersion is defined, only that value will be used for checking skew compliance. If only rhcosVersion is defined, only that value will be used for checking skew compliance.", + "type": "object", + "properties": { + "ocpVersion": { + "description": "ocpVersion provides a string which represents the OCP version of the boot image. This field must match the OCP semver compatible format of x.y.z. This field must be between 5 and 10 characters long.", "type": "string" }, - "metadata": { - "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "rhcosVersion": { + "description": "rhcosVersion provides a string which represents the RHCOS version of the boot image This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between 14 and 21 characters long.", + "type": "string" } } }, - "com.github.openshift.api.user.v1.User": { - "description": "Upon log in, every user of the system receives a User and Identity resource. Administrators may directly manipulate the attributes of the users for their own tracking, or set groups via the API. The user name is unique and is chosen based on the value provided by the identity provider - if a user already exists with the incoming name, the user name may have a number appended to it depending on the configuration of the system.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.ClusterBootImageManual": { + "description": "ClusterBootImageManual is used to describe the cluster boot image in Manual mode.", "type": "object", "required": [ - "groups" + "mode" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "mode": { + "description": "mode is used to configure which boot image field is defined in Manual mode. Valid values are OCPVersion and RHCOSVersion. OCPVersion means that the cluster admin is expected to set the OCP version associated with the last boot image update in the OCPVersion field. RHCOSVersion means that the cluster admin is expected to set the RHCOS version associated with the last boot image update in the RHCOSVersion field. This field is required.", "type": "string" }, - "fullName": { - "description": "fullName is the full name of user", + "ocpVersion": { + "description": "ocpVersion provides a string which represents the OCP version of the boot image. This field must match the OCP semver compatible format of x.y.z. This field must be between 5 and 10 characters long. Required when mode is set to \"OCPVersion\" and forbidden otherwise.", "type": "string" }, - "groups": { - "description": "groups specifies group names this user is a member of. This field is deprecated and will be removed in a future release. Instead, create a Group object containing the name of this User.", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "identities": { - "description": "identities are the identities associated with this user", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "rhcosVersion": { + "description": "rhcosVersion provides a string which represents the RHCOS version of the boot image This field must match rhcosVersion formatting of [major].[minor].[datestamp(YYYYMMDD)]-[buildnumber] or the legacy format of [major].[minor].[timestamp(YYYYMMDDHHmm)]-[buildnumber]. This field must be between 14 and 21 characters long. Required when mode is set to \"RHCOSVersion\" and forbidden otherwise.", "type": "string" - }, - "metadata": { - "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "mode", + "fields-to-discriminateBy": { + "ocpVersion": "OCPVersion", + "rhcosVersion": "RHCOSVersion" + } + } + ] }, - "com.github.openshift.api.user.v1.UserIdentityMapping": { - "description": "UserIdentityMapping maps a user to an identity\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.ClusterCSIDriver": { + "description": "ClusterCSIDriver object allows management and configuration of a CSI driver operator installed by default in OpenShift. Name of the object must be name of the CSI driver it operates. See CSIDriverName type for list of allowed values.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "identity": { - "description": "identity is a reference to an identity", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" @@ -40755,17 +41727,22 @@ "metadata": { "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "user": { - "description": "user is a reference to a user", + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterCSIDriverSpec" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterCSIDriverStatus" } } }, - "com.github.openshift.api.user.v1.UserList": { - "description": "UserList is a collection of Users\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "com.github.openshift.api.operator.v1.ClusterCSIDriverList": { + "description": "ClusterCSIDriverList contains a list of ClusterCSIDriver\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "items" @@ -40776,11 +41753,10 @@ "type": "string" }, "items": { - "description": "items is the list of users", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/com.github.openshift.api.user.v1.User" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterCSIDriver" } }, "kind": { @@ -40790,642 +41766,620 @@ "metadata": { "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "io.k8s.api.admissionregistration.v1.AuditAnnotation": { - "description": "AuditAnnotation describes how to produce an audit annotation for an API request.", - "type": "object", - "required": [ - "key", - "valueExpression" - ], - "properties": { - "key": { - "description": "key specifies the audit annotation key. The audit annotation keys of a ValidatingAdmissionPolicy must be unique. The key must be a qualified name ([A-Za-z0-9][-A-Za-z0-9_.]*) no more than 63 bytes in length.\n\nThe key is combined with the resource name of the ValidatingAdmissionPolicy to construct an audit annotation key: \"{ValidatingAdmissionPolicy name}/{key}\".\n\nIf an admission webhook uses the same resource name as this ValidatingAdmissionPolicy and the same audit annotation key, the annotation key will be identical. In this case, the first annotation written with the key will be included in the audit event and all subsequent annotations with the same key will be discarded.\n\nRequired.", - "type": "string", - "default": "" - }, - "valueExpression": { - "description": "valueExpression represents the expression which is evaluated by CEL to produce an audit annotation value. The expression must evaluate to either a string or null value. If the expression evaluates to a string, the audit annotation is included with the string value. If the expression evaluates to null or empty string the audit annotation will be omitted. The valueExpression may be no longer than 5kb in length. If the result of the valueExpression is more than 10kb in length, it will be truncated to 10kb.\n\nIf multiple ValidatingAdmissionPolicyBinding resources match an API request, then the valueExpression will be evaluated for each binding. All unique values produced by the valueExpressions will be joined together in a comma-separated list.\n\nRequired.", - "type": "string", - "default": "" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.admissionregistration.v1.ExpressionWarning": { - "description": "ExpressionWarning is a warning information that targets a specific expression.", + "com.github.openshift.api.operator.v1.ClusterCSIDriverSpec": { + "description": "ClusterCSIDriverSpec is the desired behavior of CSI driver operator", "type": "object", "required": [ - "fieldRef", - "warning" + "managementState" ], "properties": { - "fieldRef": { - "description": "The path to the field that refers the expression. For example, the reference to the expression of the first item of validations is \"spec.validations[0].expression\"", - "type": "string", - "default": "" + "driverConfig": { + "description": "driverConfig can be used to specify platform specific driver configuration. When omitted, this means no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.CSIDriverConfigSpec" }, - "warning": { - "description": "The content of type checking information in a human-readable form. Each line of the warning contains the type that the expression is checked against, followed by the type check error from the compiler.", - "type": "string", - "default": "" - } - } - }, - "io.k8s.api.admissionregistration.v1.MatchCondition": { - "description": "MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.", - "type": "object", - "required": [ - "name", - "expression" - ], - "properties": { - "expression": { - "description": "Expression represents the expression which will be evaluated by CEL. Must evaluate to bool. CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:\n\n'object' - The object from the incoming request. The value is null for DELETE requests. 'oldObject' - The existing object. The value is null for CREATE requests. 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest). 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\nDocumentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/\n\nRequired.", - "type": "string", - "default": "" + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" }, - "name": { - "description": "Name is an identifier for this match condition, used for strategic merging of MatchConditions, as well as providing an identifier for logging purposes. A good name should be descriptive of the associated expression. Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')\n\nRequired.", + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", "default": "" - } - } - }, - "io.k8s.api.admissionregistration.v1.MatchResources": { - "description": "MatchResources decides whether to run the admission control policy on an object based on whether it meets the match criteria. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)", - "type": "object", - "properties": { - "excludeResourceRules": { - "description": "ExcludeResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy should not care about. The exclude rules take precedence over include rules (if a resource matches both, it is excluded)", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.NamedRuleWithOperations" - }, - "x-kubernetes-list-type": "atomic" }, - "matchPolicy": { - "description": "matchPolicy defines how the \"MatchResources\" list is used to match incoming requests. Allowed values are \"Exact\" or \"Equivalent\".\n\n- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the ValidatingAdmissionPolicy.\n\n- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the ValidatingAdmissionPolicy.\n\nDefaults to \"Equivalent\"\n\nPossible enum values:\n - `\"Equivalent\"` means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version.\n - `\"Exact\"` means requests should only be sent to the webhook if they exactly match a given rule.", - "type": "string", - "enum": [ - "Equivalent", - "Exact" - ] + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" }, - "namespaceSelector": { - "description": "NamespaceSelector decides whether to run the admission control policy on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the policy.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"runlevel\",\n \"operator\": \"NotIn\",\n \"values\": [\n \"0\",\n \"1\"\n ]\n }\n ]\n}\n\nIf instead you want to only run the policy on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"environment\",\n \"operator\": \"In\",\n \"values\": [\n \"prod\",\n \"staging\"\n ]\n }\n ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" }, - "objectSelector": { - "description": "ObjectSelector decides whether to run the validation based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the cel validation, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + "storageClassState": { + "description": "storageClassState determines if CSI operator should create and manage storage classes. If this field value is empty or Managed - CSI operator will continuously reconcile storage class and create if necessary. If this field value is Unmanaged - CSI operator will not reconcile any previously created storage class. If this field value is Removed - CSI operator will delete the storage class it created previously. When omitted, this means the user has no opinion and the platform chooses a reasonable default, which is subject to change over time. The current default behaviour is Managed.", + "type": "string" }, - "resourceRules": { - "description": "ResourceRules describes what operations on what resources/subresources the ValidatingAdmissionPolicy matches. The policy cares about an operation if it matches _any_ Rule.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.NamedRuleWithOperations" - }, - "x-kubernetes-list-type": "atomic" + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "io.k8s.api.admissionregistration.v1.MutatingWebhook": { - "description": "MutatingWebhook describes an admission webhook and the resources and operations it applies to.", + "com.github.openshift.api.operator.v1.ClusterCSIDriverStatus": { + "description": "ClusterCSIDriverStatus is the observed status of CSI driver operator", "type": "object", - "required": [ - "name", - "clientConfig", - "sideEffects", - "admissionReviewVersions" - ], "properties": { - "admissionReviewVersions": { - "description": "AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.", + "conditions": { + "description": "conditions is a list of conditions and their status", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" }, - "x-kubernetes-list-type": "atomic" - }, - "clientConfig": { - "description": "ClientConfig defines how to communicate with the hook. Required", - "default": {}, - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.WebhookClientConfig" - }, - "failurePolicy": { - "description": "FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.\n\nPossible enum values:\n - `\"Fail\"` means that an error calling the webhook causes the admission to fail.\n - `\"Ignore\"` means that an error calling the webhook is ignored.", - "type": "string", - "enum": [ - "Fail", - "Ignore" - ] + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "matchConditions": { - "description": "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n 1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n 2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n 3. If any matchCondition evaluates to an error (but none are FALSE):\n - If failurePolicy=Fail, reject the request\n - If failurePolicy=Ignore, the error is ignored and the webhook is skipped", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.MatchCondition" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" }, "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", "name" ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" + "x-kubernetes-list-type": "map" }, - "matchPolicy": { - "description": "matchPolicy defines how the \"rules\" list is used to match incoming requests. Allowed values are \"Exact\" or \"Equivalent\".\n\n- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.\n\n- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.\n\nDefaults to \"Equivalent\"\n\nPossible enum values:\n - `\"Equivalent\"` means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version.\n - `\"Exact\"` means requests should only be sent to the webhook if they exactly match a given rule.", - "type": "string", - "enum": [ - "Equivalent", - "Exact" - ] + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" }, - "name": { - "description": "The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where \"imagepolicy\" is the name of the webhook, and kubernetes.io is the name of the organization. Required.", + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.ClusterNetworkEntry": { + "description": "ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks", + "type": "object", + "required": [ + "cidr" + ], + "properties": { + "cidr": { "type": "string", "default": "" }, - "namespaceSelector": { - "description": "NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"runlevel\",\n \"operator\": \"NotIn\",\n \"values\": [\n \"0\",\n \"1\"\n ]\n }\n ]\n}\n\nIf instead you want to only run the webhook on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"environment\",\n \"operator\": \"In\",\n \"values\": [\n \"prod\",\n \"staging\"\n ]\n }\n ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" - }, - "objectSelector": { - "description": "ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + "hostPrefix": { + "type": "integer", + "format": "int64" + } + } + }, + "com.github.openshift.api.operator.v1.Config": { + "description": "Config specifies the behavior of the config operator which is responsible for creating the initial configuration of other components on the cluster. The operator also handles installation, migration or synchronization of cloud configurations for AWS and Azure cloud based clusters\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "metadata", + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "reinvocationPolicy": { - "description": "reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation. Allowed values are \"Never\" and \"IfNeeded\".\n\nNever: the webhook will not be called more than once in a single admission evaluation.\n\nIfNeeded: the webhook will be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call. Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted. Note: * the number of additional invocations is not guaranteed to be exactly one. * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again. * webhooks that use this option may be reordered to minimize the number of additional invocations. * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.\n\nDefaults to \"Never\".\n\nPossible enum values:\n - `\"IfNeeded\"` indicates that the webhook may be called at least one additional time as part of the admission evaluation if the object being admitted is modified by other admission plugins after the initial webhook call.\n - `\"Never\"` indicates that the webhook must not be called more than once in a single admission evaluation.", - "type": "string", - "enum": [ - "IfNeeded", - "Never" - ] + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "rules": { - "description": "Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.RuleWithOperations" - }, - "x-kubernetes-list-type": "atomic" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "sideEffects": { - "description": "SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.\n\nPossible enum values:\n - `\"None\"` means that calling the webhook will have no side effects.\n - `\"NoneOnDryRun\"` means that calling the webhook will possibly have side effects, but if the request being reviewed has the dry-run attribute, the side effects will be suppressed.\n - `\"Some\"` means that calling the webhook will possibly have side effects. If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.\n - `\"Unknown\"` means that no information is known about the side effects of calling the webhook. If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.", - "type": "string", - "enum": [ - "None", - "NoneOnDryRun", - "Some", - "Unknown" - ] + "spec": { + "description": "spec is the specification of the desired behavior of the Config Operator.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConfigSpec" }, - "timeoutSeconds": { - "description": "TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.", - "type": "integer", - "format": "int32" + "status": { + "description": "status defines the observed status of the Config Operator.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConfigStatus" } } }, - "io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration": { - "description": "MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.", + "com.github.openshift.api.operator.v1.ConfigList": { + "description": "ConfigList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "description": "items contains the items", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Config" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.operator.v1.ConfigMapFileReference": { + "description": "ConfigMapFileReference references a specific file within a ConfigMap.", + "type": "object", + "required": [ + "name", + "key" + ], + "properties": { + "key": { + "description": "key is the logo key inside the referenced ConfigMap. Must consist only of alphanumeric characters, dashes (-), underscores (_), and periods (.). Must be at most 253 characters in length. Must end in a valid file extension. A valid file extension must consist of a period followed by 2 to 5 alpha characters.", + "type": "string", + "default": "" }, - "webhooks": { - "description": "Webhooks is a list of webhooks and the affected resources and operations.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.MutatingWebhook" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" + "name": { + "description": "name is the name of the ConfigMap. name is a required field. Must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character. Must be at most 253 characters in length.", + "type": "string", + "default": "" } } }, - "io.k8s.api.admissionregistration.v1.MutatingWebhookConfigurationList": { - "description": "MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration.", + "com.github.openshift.api.operator.v1.ConfigSpec": { "type": "object", "required": [ - "items" + "managementState" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "items": { - "description": "List of MutatingWebhookConfiguration.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.MutatingWebhookConfiguration" - } + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.admissionregistration.v1.NamedRuleWithOperations": { - "description": "NamedRuleWithOperations is a tuple of Operations and Resources with ResourceNames.", + "com.github.openshift.api.operator.v1.ConfigStatus": { "type": "object", "properties": { - "apiGroups": { - "description": "APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.", + "conditions": { + "description": "conditions is a list of conditions and their status", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "apiVersions": { - "description": "APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "operations": { - "description": "Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.", - "type": "array", - "items": { - "type": "string", - "default": "", - "enum": [ - "*", - "CONNECT", - "CREATE", - "DELETE", - "UPDATE" - ] - }, - "x-kubernetes-list-type": "atomic" + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" }, - "resourceNames": { - "description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" }, - "resources": { - "description": "Resources is a list of resources this rule applies to.\n\nFor example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.\n\nIf wildcard is present, the validation rule will ensure resources do not overlap with each other.\n\nDepending on the enclosing object, subresources might not be allowed. Required.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 }, - "scope": { - "description": "scope specifies the scope of this rule. Valid values are \"Cluster\", \"Namespaced\", and \"*\" \"Cluster\" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. \"Namespaced\" means that only namespaced resources will match this rule. \"*\" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is \"*\".\n\n\nPossible enum values:\n - `\"*\"` means that all scopes are included.\n - `\"Cluster\"` means that scope is limited to cluster-scoped objects. Namespace objects are cluster-scoped.\n - `\"Namespaced\"` means that scope is limited to namespaced objects.", - "type": "string", - "enum": [ - "*", - "Cluster", - "Namespaced" - ] + "version": { + "description": "version is the level this availability applies to", + "type": "string" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "io.k8s.api.admissionregistration.v1.ParamKind": { - "description": "ParamKind is a tuple of Group Kind and Version.", + "com.github.openshift.api.operator.v1.Console": { + "description": "Console provides a means to configure an operator to manage the console.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "spec" + ], "properties": { "apiVersion": { - "description": "APIVersion is the API group version the resources belong to. In format of \"group/version\". Required.", + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "Kind is the API kind the resources belong to. Required.", - "type": "string" - } - }, - "x-kubernetes-map-type": "atomic" - }, - "io.k8s.api.admissionregistration.v1.ParamRef": { - "description": "ParamRef describes how to locate the params to be used as input to expressions of rules applied by a policy binding.", - "type": "object", - "properties": { - "name": { - "description": "name is the name of the resource being referenced.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.\n\nA single parameter used for all admission requests can be configured by setting the `name` field, leaving `selector` blank, and setting namespace if `paramKind` is namespace-scoped.", + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "namespace": { - "description": "namespace is the namespace of the referenced resource. Allows limiting the search for params to a specific namespace. Applies to both `name` and `selector` fields.\n\nA per-namespace parameter may be used by specifying a namespace-scoped `paramKind` in the policy and leaving this field empty.\n\n- If `paramKind` is cluster-scoped, this field MUST be unset. Setting this field results in a configuration error.\n\n- If `paramKind` is namespace-scoped, the namespace of the object being evaluated for admission will be used when this field is left unset. Take care that if this is left empty the binding must not match any cluster-scoped resources, which will result in an error.", - "type": "string" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "parameterNotFoundAction": { - "description": "`parameterNotFoundAction` controls the behavior of the binding when the resource exists, and name or selector is valid, but there are no parameters matched by the binding. If the value is set to `Allow`, then no matched parameters will be treated as successful validation by the binding. If set to `Deny`, then no matched parameters will be subject to the `failurePolicy` of the policy.\n\nAllowed values are `Allow` or `Deny`\n\nRequired", - "type": "string" + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConsoleSpec" }, - "selector": { - "description": "selector can be used to match multiple param objects based on their labels. Supply selector: {} to match all resources of the ParamKind.\n\nIf multiple params are found, they are all evaluated with the policy expressions and the results are ANDed together.\n\nOne of `name` or `selector` must be set, but `name` and `selector` are mutually exclusive properties. If one is set, the other must be unset.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConsoleStatus" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "io.k8s.api.admissionregistration.v1.Rule": { - "description": "Rule is a tuple of APIGroups, APIVersion, and Resources.It is recommended to make sure that all the tuple expansions are valid.", + "com.github.openshift.api.operator.v1.ConsoleConfigRoute": { + "description": "ConsoleConfigRoute holds information on external route access to console. DEPRECATED", "type": "object", + "required": [ + "hostname" + ], "properties": { - "apiGroups": { - "description": "APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "apiVersions": { - "description": "APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "resources": { - "description": "Resources is a list of resources this rule applies to.\n\nFor example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.\n\nIf wildcard is present, the validation rule will ensure resources do not overlap with each other.\n\nDepending on the enclosing object, subresources might not be allowed. Required.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "scope": { - "description": "scope specifies the scope of this rule. Valid values are \"Cluster\", \"Namespaced\", and \"*\" \"Cluster\" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. \"Namespaced\" means that only namespaced resources will match this rule. \"*\" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is \"*\".\n\n\nPossible enum values:\n - `\"*\"` means that all scopes are included.\n - `\"Cluster\"` means that scope is limited to cluster-scoped objects. Namespace objects are cluster-scoped.\n - `\"Namespaced\"` means that scope is limited to namespaced objects.", + "hostname": { + "description": "hostname is the desired custom domain under which console will be available.", "type": "string", - "enum": [ - "*", - "Cluster", - "Namespaced" - ] + "default": "" + }, + "secret": { + "description": "secret points to secret in the openshift-config namespace that contains custom certificate and key and needs to be created manually by the cluster admin. Referenced Secret is required to contain following key value pairs: - \"tls.crt\" - to specifies custom certificate - \"tls.key\" - to specifies private key of the custom certificate If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" } } }, - "io.k8s.api.admissionregistration.v1.RuleWithOperations": { - "description": "RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid.", + "com.github.openshift.api.operator.v1.ConsoleCustomization": { + "description": "ConsoleCustomization defines a list of optional configuration for the console UI. Ensure that Logos and CustomLogoFile cannot be set at the same time.", "type": "object", "properties": { - "apiGroups": { - "description": "APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "addPage": { + "description": "addPage allows customizing actions on the Add page in developer perspective.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AddPage" }, - "apiVersions": { - "description": "APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required.", + "brand": { + "description": "brand is the default branding of the web console which can be overridden by providing the brand field. There is a limited set of specific brand options. This field controls elements of the console such as the logo. Invalid value will prevent a console rollout.", + "type": "string" + }, + "capabilities": { + "description": "capabilities defines an array of capabilities that can be interacted with in the console UI. Each capability defines a visual state that can be interacted with the console to render in the UI. Available capabilities are LightspeedButton, GettingStartedBanner, and GuidedTour. Each of the available capabilities may appear only once in the list.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Capability" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "operations": { - "description": "Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required.", + "customLogoFile": { + "description": "customLogoFile replaces the default OpenShift logo in the masthead and about dialog. It is a reference to a Only one of customLogoFile or logos can be set at a time. ConfigMap in the openshift-config namespace. This can be created with a command like 'oc create configmap custom-logo --from-file=/path/to/file -n openshift-config'. Image size must be less than 1 MB due to constraints on the ConfigMap size. The ConfigMap key should include a file extension so that the console serves the file with the correct MIME type. The recommended file format for the logo is SVG, but other file formats are allowed if supported by the browser. Deprecated: Use logos instead.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapFileReference" + }, + "customProductName": { + "description": "customProductName is the name that will be displayed in page titles, logo alt text, and the about dialog instead of the normal OpenShift product name.", + "type": "string" + }, + "developerCatalog": { + "description": "developerCatalog allows to configure the shown developer catalog categories (filters) and types (sub-catalogs).", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCustomization" + }, + "documentationBaseURL": { + "description": "documentationBaseURL links to external documentation are shown in various sections of the web console. Providing documentationBaseURL will override the default documentation URL. Invalid value will prevent a console rollout.", + "type": "string" + }, + "logos": { + "description": "logos is used to replace the OpenShift Masthead and Favicon logos in the console UI with custom logos. logos is an optional field that allows a list of logos. Only one of logos or customLogoFile can be set at a time. If logos is set, customLogoFile must be unset. When specified, there must be at least one entry and no more than 2 entries. Each type must appear only once in the list.", "type": "array", "items": { - "type": "string", - "default": "", - "enum": [ - "*", - "CONNECT", - "CREATE", - "DELETE", - "UPDATE" - ] + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Logo" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "resources": { - "description": "Resources is a list of resources this rule applies to.\n\nFor example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources.\n\nIf wildcard is present, the validation rule will ensure resources do not overlap with each other.\n\nDepending on the enclosing object, subresources might not be allowed. Required.", + "perspectives": { + "description": "perspectives allows enabling/disabling of perspective(s) that user can see in the Perspective switcher dropdown.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Perspective" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "id" + ], + "x-kubernetes-list-type": "map" }, - "scope": { - "description": "scope specifies the scope of this rule. Valid values are \"Cluster\", \"Namespaced\", and \"*\" \"Cluster\" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. \"Namespaced\" means that only namespaced resources will match this rule. \"*\" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is \"*\".\n\n\nPossible enum values:\n - `\"*\"` means that all scopes are included.\n - `\"Cluster\"` means that scope is limited to cluster-scoped objects. Namespace objects are cluster-scoped.\n - `\"Namespaced\"` means that scope is limited to namespaced objects.", - "type": "string", - "enum": [ - "*", - "Cluster", - "Namespaced" - ] + "projectAccess": { + "description": "projectAccess allows customizing the available list of ClusterRoles in the Developer perspective Project access page which can be used by a project admin to specify roles to other users and restrict access within the project. If set, the list will replace the default ClusterRole options.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ProjectAccess" + }, + "quickStarts": { + "description": "quickStarts allows customization of available ConsoleQuickStart resources in console.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.QuickStarts" } } }, - "io.k8s.api.admissionregistration.v1.ServiceReference": { - "description": "ServiceReference holds a reference to Service.legacy.k8s.io", + "com.github.openshift.api.operator.v1.ConsoleList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "namespace", - "name" + "metadata", + "items" ], "properties": { - "name": { - "description": "`name` is the name of the service. Required", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "namespace": { - "description": "`namespace` is the namespace of the service. Required", - "type": "string", - "default": "" + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Console" + } }, - "path": { - "description": "`path` is an optional URL path which will be sent in any request to this service.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "port": { - "description": "If specified, the port on the service that hosting webhook. Default to 443 for backward compatibility. `port` should be a valid port number (1-65535, inclusive).", - "type": "integer", - "format": "int32" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.admissionregistration.v1.TypeChecking": { - "description": "TypeChecking contains results of type checking the expressions in the ValidatingAdmissionPolicy", + "com.github.openshift.api.operator.v1.ConsoleProviders": { + "description": "ConsoleProviders defines a list of optional additional providers of functionality to the console.", "type": "object", "properties": { - "expressionWarnings": { - "description": "The type checking warnings for each expression.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ExpressionWarning" - }, - "x-kubernetes-list-type": "atomic" + "statuspage": { + "description": "statuspage contains ID for statuspage.io page that provides status info about.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.StatuspageProvider" } } }, - "io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy": { - "description": "ValidatingAdmissionPolicy describes the definition of an admission validation policy that accepts or rejects an object without changing it.", + "com.github.openshift.api.operator.v1.ConsoleSpec": { + "description": "ConsoleSpec is the specification of the desired behavior of the Console.", "type": "object", + "required": [ + "managementState", + "providers" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "customization": { + "description": "customization is used to optionally provide a small set of customization options to the web console.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConsoleCustomization" + }, + "ingress": { + "description": "ingress allows to configure the alternative ingress for the console. This field is intended for clusters without ingress capability, where access to routes is not possible.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Ingress" + }, + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "metadata": { - "description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "plugins": { + "description": "plugins defines a list of enabled console plugin names.", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "spec": { - "description": "Specification of the desired behavior of the ValidatingAdmissionPolicy.", + "providers": { + "description": "providers contains configuration for using specific service providers.", "default": {}, - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicySpec" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConsoleProviders" }, - "status": { - "description": "The status of the ValidatingAdmissionPolicy, including warnings that are useful to determine if the policy behaves in the expected way. Populated by the system. Read-only.", + "route": { + "description": "route contains hostname and secret reference that contains the serving certificate. If a custom route is specified, a new route will be created with the provided hostname, under which console will be available. In case of custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed. In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. The default console route will be maintained to reserve the default hostname for console if the custom route is removed. If not specified, default route will be used. DEPRECATED", "default": {}, - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyStatus" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConsoleConfigRoute" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding": { - "description": "ValidatingAdmissionPolicyBinding binds the ValidatingAdmissionPolicy with paramerized resources. ValidatingAdmissionPolicyBinding and parameter CRDs together define how cluster administrators configure policies for clusters.\n\nFor a given admission request, each binding will cause its policy to be evaluated N times, where N is 1 for policies/bindings that don't use params, otherwise N is the number of parameters selected by the binding.\n\nThe CEL expressions of a policy must have a computed CEL cost below the maximum CEL budget. Each evaluation of the policy is given an independent CEL cost budget. Adding/removing policies, bindings, or params can not affect whether a given (policy, binding, param) combination is within its own CEL budget.", + "com.github.openshift.api.operator.v1.ConsoleStatus": { + "description": "ConsoleStatus defines the observed status of the Console.", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "metadata": { - "description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" }, - "spec": { - "description": "Specification of the desired behavior of the ValidatingAdmissionPolicyBinding.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBindingSpec" + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } } }, - "io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBindingList": { - "description": "ValidatingAdmissionPolicyBindingList is a list of ValidatingAdmissionPolicyBinding.", + "com.github.openshift.api.operator.v1.ContainerLoggingDestinationParameters": { + "description": "ContainerLoggingDestinationParameters describes parameters for the Container logging destination type.", "type": "object", - "required": [ - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of PolicyBinding.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBinding" - } + "maxLength": { + "description": "maxLength is the maximum length of the log message.\n\nValid values are integers in the range 480 to 8192, inclusive.\n\nWhen omitted, the default value is 1024.", + "type": "integer", + "format": "int32" + } + } + }, + "com.github.openshift.api.operator.v1.DNS": { + "description": "DNS manages the CoreDNS component to provide a name resolution service for pods and services in the cluster.\n\nThis supports the DNS-based service discovery specification: https://github.com/kubernetes/dns/blob/master/docs/specification.md\n\nMore details: https://kubernetes.io/docs/tasks/administer-cluster/coredns\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec is the specification of the desired behavior of the DNS.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSSpec" + }, + "status": { + "description": "status is the most recently observed status of the DNS.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSStatus" } } }, - "io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyBindingSpec": { - "description": "ValidatingAdmissionPolicyBindingSpec is the specification of the ValidatingAdmissionPolicyBinding.", + "com.github.openshift.api.operator.v1.DNSCache": { + "description": "DNSCache defines the fields for configuring DNS caching.", "type": "object", "properties": { - "matchResources": { - "description": "MatchResources declares what resources match this binding and will be validated by it. Note that this is intersected with the policy's matchConstraints, so only requests that are matched by the policy can be selected by this. If this is unset, all resources matched by the policy are validated by this binding When resourceRules is unset, it does not constrain resource matching. If a resource is matched by the other fields of this object, it will be validated. Note that this is differs from ValidatingAdmissionPolicy matchConstraints, where resourceRules are required.", - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.MatchResources" - }, - "paramRef": { - "description": "paramRef specifies the parameter resource used to configure the admission control policy. It should point to a resource of the type specified in ParamKind of the bound ValidatingAdmissionPolicy. If the policy specifies a ParamKind and the resource referred to by ParamRef does not exist, this binding is considered mis-configured and the FailurePolicy of the ValidatingAdmissionPolicy applied. If the policy does not specify a ParamKind then this field is ignored, and the rules are evaluated without a param.", - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ParamRef" - }, - "policyName": { - "description": "PolicyName references a ValidatingAdmissionPolicy name which the ValidatingAdmissionPolicyBinding binds to. If the referenced resource does not exist, this binding is considered invalid and will be ignored Required.", - "type": "string" + "negativeTTL": { + "description": "negativeTTL is optional and specifies the amount of time that a negative response should be cached.\n\nIf configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"100s\", \"1m30s\", \"12h30m10s\". Values that are fractions of a second are rounded down to the nearest second. If the configured value is less than 1s, the default value will be used. If not configured, the value will be 0s and OpenShift will use a default value of 30 seconds unless noted otherwise in the respective Corefile for your version of OpenShift. The default value of 30 seconds is subject to change.", + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "validationActions": { - "description": "validationActions declares how Validations of the referenced ValidatingAdmissionPolicy are enforced. If a validation evaluates to false it is always enforced according to these actions.\n\nFailures defined by the ValidatingAdmissionPolicy's FailurePolicy are enforced according to these actions only if the FailurePolicy is set to Fail, otherwise the failures are ignored. This includes compilation errors, runtime errors and misconfigurations of the policy.\n\nvalidationActions is declared as a set of action values. Order does not matter. validationActions may not contain duplicates of the same action.\n\nThe supported actions values are:\n\n\"Deny\" specifies that a validation failure results in a denied request.\n\n\"Warn\" specifies that a validation failure is reported to the request client in HTTP Warning headers, with a warning code of 299. Warnings can be sent both for allowed or denied admission responses.\n\n\"Audit\" specifies that a validation failure is included in the published audit event for the request. The audit event will contain a `validation.policy.admission.k8s.io/validation_failure` audit annotation with a value containing the details of the validation failures, formatted as a JSON list of objects, each with the following fields: - message: The validation failure message string - policy: The resource name of the ValidatingAdmissionPolicy - binding: The resource name of the ValidatingAdmissionPolicyBinding - expressionIndex: The index of the failed validations in the ValidatingAdmissionPolicy - validationActions: The enforcement actions enacted for the validation failure Example audit annotation: `\"validation.policy.admission.k8s.io/validation_failure\": \"[{\\\"message\\\": \\\"Invalid value\\\", {\\\"policy\\\": \\\"policy.example.com\\\", {\\\"binding\\\": \\\"policybinding.example.com\\\", {\\\"expressionIndex\\\": \\\"1\\\", {\\\"validationActions\\\": [\\\"Audit\\\"]}]\"`\n\nClients should expect to handle additional values by ignoring any values not recognized.\n\n\"Deny\" and \"Warn\" may not be used together since this combination needlessly duplicates the validation failure both in the API response body and the HTTP warning headers.\n\nRequired.", - "type": "array", - "items": { - "type": "string", - "default": "", - "enum": [ - "Audit", - "Deny", - "Warn" - ] - }, - "x-kubernetes-list-type": "set" + "positiveTTL": { + "description": "positiveTTL is optional and specifies the amount of time that a positive response should be cached.\n\nIf configured, it must be a value of 1s (1 second) or greater up to a theoretical maximum of several years. This field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"100s\", \"1m30s\", \"12h30m10s\". Values that are fractions of a second are rounded down to the nearest second. If the configured value is less than 1s, the default value will be used. If not configured, the value will be 0s and OpenShift will use a default value of 900 seconds unless noted otherwise in the respective Corefile for your version of OpenShift. The default value of 900 seconds is subject to change.", + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyList": { - "description": "ValidatingAdmissionPolicyList is a list of ValidatingAdmissionPolicy.", + "com.github.openshift.api.operator.v1.DNSList": { + "description": "DNSList contains a list of DNS\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "items" @@ -41436,11 +42390,10 @@ "type": "string" }, "items": { - "description": "List of ValidatingAdmissionPolicy.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicy" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNS" } }, "kind": { @@ -41448,371 +42401,349 @@ "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicySpec": { - "description": "ValidatingAdmissionPolicySpec is the specification of the desired behavior of the AdmissionPolicy.", + "com.github.openshift.api.operator.v1.DNSNodePlacement": { + "description": "DNSNodePlacement describes the node scheduling configuration for DNS pods.", "type": "object", "properties": { - "auditAnnotations": { - "description": "auditAnnotations contains CEL expressions which are used to produce audit annotations for the audit event of the API request. validations and auditAnnotations may not both be empty; a least one of validations or auditAnnotations is required.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.AuditAnnotation" - }, - "x-kubernetes-list-type": "atomic" - }, - "failurePolicy": { - "description": "failurePolicy defines how to handle failures for the admission policy. Failures can occur from CEL expression parse errors, type check errors, runtime errors and invalid or mis-configured policy definitions or bindings.\n\nA policy is invalid if spec.paramKind refers to a non-existent Kind. A binding is invalid if spec.paramRef.name refers to a non-existent resource.\n\nfailurePolicy does not define how validations that evaluate to false are handled.\n\nWhen failurePolicy is set to Fail, ValidatingAdmissionPolicyBinding validationActions define how failures are enforced.\n\nAllowed values are Ignore or Fail. Defaults to Fail.\n\nPossible enum values:\n - `\"Fail\"` means that an error calling the webhook causes the admission to fail.\n - `\"Ignore\"` means that an error calling the webhook is ignored.", - "type": "string", - "enum": [ - "Fail", - "Ignore" - ] - }, - "matchConditions": { - "description": "MatchConditions is a list of conditions that must be met for a request to be validated. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nIf a parameter object is provided, it can be accessed via the `params` handle in the same manner as validation expressions.\n\nThe exact matching logic is (in order):\n 1. If ANY matchCondition evaluates to FALSE, the policy is skipped.\n 2. If ALL matchConditions evaluate to TRUE, the policy is evaluated.\n 3. If any matchCondition evaluates to an error (but none are FALSE):\n - If failurePolicy=Fail, reject the request\n - If failurePolicy=Ignore, the policy is skipped", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.MatchCondition" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" - }, - "matchConstraints": { - "description": "MatchConstraints specifies what resources this policy is designed to validate. The AdmissionPolicy cares about a request if it matches _all_ Constraints. However, in order to prevent clusters from being put into an unstable state that cannot be recovered from via the API ValidatingAdmissionPolicy cannot match ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding. Required.", - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.MatchResources" - }, - "paramKind": { - "description": "ParamKind specifies the kind of resources used to parameterize this policy. If absent, there are no parameters for this policy and the param CEL variable will not be provided to validation expressions. If ParamKind refers to a non-existent kind, this policy definition is mis-configured and the FailurePolicy is applied. If paramKind is specified but paramRef is unset in ValidatingAdmissionPolicyBinding, the params variable will be null.", - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ParamKind" - }, - "validations": { - "description": "Validations contain CEL expressions which is used to apply the validation. Validations and AuditAnnotations may not both be empty; a minimum of one Validations or AuditAnnotations is required.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.Validation" - }, - "x-kubernetes-list-type": "atomic" + "nodeSelector": { + "description": "nodeSelector is the node selector applied to DNS pods.\n\nIf empty, the default is used, which is currently the following:\n\n kubernetes.io/os: linux\n\nThis default is subject to change.\n\nIf set, the specified selector is used and replaces the default.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } }, - "variables": { - "description": "Variables contain definitions of variables that can be used in composition of other expressions. Each variable is defined as a named CEL expression. The variables defined here will be available under `variables` in other expressions of the policy except MatchConditions because MatchConditions are evaluated before the rest of the policy.\n\nThe expression of a variable can refer to other variables defined earlier in the list but not those after. Thus, Variables must be sorted by the order of first appearance and acyclic.", + "tolerations": { + "description": "tolerations is a list of tolerations applied to DNS pods.\n\nIf empty, the DNS operator sets a toleration for the \"node-role.kubernetes.io/master\" taint. This default is subject to change. Specifying tolerations without including a toleration for the \"node-role.kubernetes.io/master\" taint may be risky as it could lead to an outage if all worker nodes become unavailable.\n\nNote that the daemon controller adds some tolerations as well. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.Variable" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" + "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" + } } } }, - "io.k8s.api.admissionregistration.v1.ValidatingAdmissionPolicyStatus": { - "description": "ValidatingAdmissionPolicyStatus represents the status of an admission validation policy.", + "com.github.openshift.api.operator.v1.DNSOverTLSConfig": { + "description": "DNSOverTLSConfig describes optional DNSTransportConfig fields that should be captured.", "type": "object", + "required": [ + "serverName" + ], "properties": { - "conditions": { - "description": "The conditions represent the latest available observations of a policy's current state.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map" - }, - "observedGeneration": { - "description": "The generation observed by the controller.", - "type": "integer", - "format": "int64" + "caBundle": { + "description": "caBundle references a ConfigMap that must contain either a single CA Certificate or a CA Bundle. This allows cluster administrators to provide their own CA or CA bundle for validating the certificate of upstream resolvers.\n\n1. The configmap must contain a `ca-bundle.crt` key. 2. The value must be a PEM encoded CA certificate or CA bundle. 3. The administrator must create this configmap in the openshift-config namespace. 4. The upstream server certificate must contain a Subject Alternative Name (SAN) that matches ServerName.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" }, - "typeChecking": { - "description": "The results of type checking for each expression. Presence of this field indicates the completion of the type checking.", - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.TypeChecking" + "serverName": { + "description": "serverName is the upstream server to connect to when forwarding DNS queries. This is required when Transport is set to \"TLS\". ServerName will be validated against the DNS naming conventions in RFC 1123 and should match the TLS certificate installed in the upstream resolver(s).", + "type": "string", + "default": "" } } }, - "io.k8s.api.admissionregistration.v1.ValidatingWebhook": { - "description": "ValidatingWebhook describes an admission webhook and the resources and operations it applies to.", + "com.github.openshift.api.operator.v1.DNSSpec": { + "description": "DNSSpec is the specification of the desired behavior of the DNS.", "type": "object", - "required": [ - "name", - "clientConfig", - "sideEffects", - "admissionReviewVersions" - ], "properties": { - "admissionReviewVersions": { - "description": "AdmissionReviewVersions is an ordered list of preferred `AdmissionReview` versions the Webhook expects. API server will try to use first version in the list which it supports. If none of the versions specified in this list supported by API server, validation will fail for this object. If a persisted webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail and be subject to the failure policy.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "cache": { + "description": "cache describes the caching configuration that applies to all server blocks listed in the Corefile. This field allows a cluster admin to optionally configure: * positiveTTL which is a duration for which positive responses should be cached. * negativeTTL which is a duration for which negative responses should be cached. If this is not configured, OpenShift will configure positive and negative caching with a default value that is subject to change. At the time of writing, the default positiveTTL is 900 seconds and the default negativeTTL is 30 seconds or as noted in the respective Corefile for your version of OpenShift.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSCache" }, - "clientConfig": { - "description": "ClientConfig defines how to communicate with the hook. Required", + "logLevel": { + "description": "logLevel describes the desired logging verbosity for CoreDNS. Any one of the following values may be specified: * Normal logs errors from upstream resolvers. * Debug logs errors, NXDOMAIN responses, and NODATA responses. * Trace logs errors and all responses.\n Setting logLevel: Trace will produce extremely verbose logs.\nValid values are: \"Normal\", \"Debug\", \"Trace\". Defaults to \"Normal\".", + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether the DNS operator should manage cluster DNS", + "type": "string" + }, + "nodePlacement": { + "description": "nodePlacement provides explicit control over the scheduling of DNS pods.\n\nGenerally, it is useful to run a DNS pod on every node so that DNS queries are always handled by a local DNS pod instead of going over the network to a DNS pod on another node. However, security policies may require restricting the placement of DNS pods to specific nodes. For example, if a security policy prohibits pods on arbitrary nodes from communicating with the API, a node selector can be specified to restrict DNS pods to nodes that are permitted to communicate with the API. Conversely, if running DNS pods on nodes with a particular taint is desired, a toleration can be specified for that taint.\n\nIf unset, defaults are used. See nodePlacement for more details.", "default": {}, - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.WebhookClientConfig" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSNodePlacement" }, - "failurePolicy": { - "description": "FailurePolicy defines how unrecognized errors from the admission endpoint are handled - allowed values are Ignore or Fail. Defaults to Fail.\n\nPossible enum values:\n - `\"Fail\"` means that an error calling the webhook causes the admission to fail.\n - `\"Ignore\"` means that an error calling the webhook is ignored.", - "type": "string", - "enum": [ - "Fail", - "Ignore" - ] + "operatorLogLevel": { + "description": "operatorLogLevel controls the logging level of the DNS Operator. Valid values are: \"Normal\", \"Debug\", \"Trace\". Defaults to \"Normal\". setting operatorLogLevel: Trace will produce extremely verbose logs.", + "type": "string" }, - "matchConditions": { - "description": "MatchConditions is a list of conditions that must be met for a request to be sent to this webhook. Match conditions filter requests that have already been matched by the rules, namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests. There are a maximum of 64 match conditions allowed.\n\nThe exact matching logic is (in order):\n 1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.\n 2. If ALL matchConditions evaluate to TRUE, the webhook is called.\n 3. If any matchCondition evaluates to an error (but none are FALSE):\n - If failurePolicy=Fail, reject the request\n - If failurePolicy=Ignore, the error is ignored and the webhook is skipped", + "servers": { + "description": "servers is a list of DNS resolvers that provide name query delegation for one or more subdomains outside the scope of the cluster domain. If servers consists of more than one Server, longest suffix match will be used to determine the Server.\n\nFor example, if there are two Servers, one for \"foo.com\" and another for \"a.foo.com\", and the name query is for \"www.a.foo.com\", it will be routed to the Server with Zone \"a.foo.com\".\n\nIf this field is nil, no servers are created.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.MatchCondition" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Server" + } }, - "matchPolicy": { - "description": "matchPolicy defines how the \"rules\" list is used to match incoming requests. Allowed values are \"Exact\" or \"Equivalent\".\n\n- Exact: match a request only if it exactly matches a specified rule. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, but \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.\n\n- Equivalent: match a request if modifies a resource listed in rules, even via another API group or version. For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1, and \"rules\" only included `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]`, a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.\n\nDefaults to \"Equivalent\"\n\nPossible enum values:\n - `\"Equivalent\"` means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version.\n - `\"Exact\"` means requests should only be sent to the webhook if they exactly match a given rule.", + "upstreamResolvers": { + "description": "upstreamResolvers defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers for the case of the default (\".\") server\n\nIf this field is not specified, the upstream used will default to /etc/resolv.conf, with policy \"sequential\"", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.UpstreamResolvers" + } + } + }, + "com.github.openshift.api.operator.v1.DNSStatus": { + "description": "DNSStatus defines the observed status of the DNS.", + "type": "object", + "required": [ + "clusterIP", + "clusterDomain" + ], + "properties": { + "clusterDomain": { + "description": "clusterDomain is the local cluster DNS domain suffix for DNS services. This will be a subdomain as defined in RFC 1034, section 3.5: https://tools.ietf.org/html/rfc1034#section-3.5 Example: \"cluster.local\"\n\nMore info: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service", "type": "string", - "enum": [ - "Equivalent", - "Exact" - ] + "default": "" }, - "name": { - "description": "The name of the admission webhook. Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where \"imagepolicy\" is the name of the webhook, and kubernetes.io is the name of the organization. Required.", + "clusterIP": { + "description": "clusterIP is the service IP through which this DNS is made available.\n\nIn the case of the default DNS, this will be a well known IP that is used as the default nameserver for pods that are using the default ClusterFirst DNS policy.\n\nIn general, this IP can be specified in a pod's spec.dnsConfig.nameservers list or used explicitly when performing name resolution from within the cluster. Example: dig foo.com @\n\nMore info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", "type": "string", "default": "" }, - "namespaceSelector": { - "description": "NamespaceSelector decides whether to run the webhook on an object based on whether the namespace for that object matches the selector. If the object itself is a namespace, the matching is performed on object.metadata.labels. If the object is another cluster scoped resource, it never skips the webhook.\n\nFor example, to run the webhook on any objects whose namespace is not associated with \"runlevel\" of \"0\" or \"1\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"runlevel\",\n \"operator\": \"NotIn\",\n \"values\": [\n \"0\",\n \"1\"\n ]\n }\n ]\n}\n\nIf instead you want to only run the webhook on any objects whose namespace is associated with the \"environment\" of \"prod\" or \"staging\"; you will set the selector as follows: \"namespaceSelector\": {\n \"matchExpressions\": [\n {\n \"key\": \"environment\",\n \"operator\": \"In\",\n \"values\": [\n \"prod\",\n \"staging\"\n ]\n }\n ]\n}\n\nSee https://kubernetes.io/docs/concepts/overview/working-with-objects/labels for more examples of label selectors.\n\nDefault to the empty LabelSelector, which matches everything.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" - }, - "objectSelector": { - "description": "ObjectSelector decides whether to run the webhook based on if the object has matching labels. objectSelector is evaluated against both the oldObject and newObject that would be sent to the webhook, and is considered to match if either object matches the selector. A null object (oldObject in the case of create, or newObject in the case of delete) or an object that cannot have labels (like a DeploymentRollback or a PodProxyOptions object) is not considered to match. Use the object selector only if the webhook is opt-in, because end users may skip the admission webhook by setting the labels. Default to the empty LabelSelector, which matches everything.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" - }, - "rules": { - "description": "Rules describes what operations on what resources/subresources the webhook cares about. The webhook cares about an operation if it matches _any_ Rule. However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks from putting the cluster in a state which cannot be recovered from without completely disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.", + "conditions": { + "description": "conditions provide information about the state of the DNS on the cluster.\n\nThese are the supported DNS conditions:\n\n * Available\n - True if the following conditions are met:\n * DNS controller daemonset is available.\n - False if any of those conditions are unsatisfied.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.RuleWithOperations" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" }, - "x-kubernetes-list-type": "atomic" - }, - "sideEffects": { - "description": "SideEffects states whether this webhook has side effects. Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown). Webhooks with side effects MUST implement a reconciliation system, since a request may be rejected by a future step in the admission chain and the side effects therefore need to be undone. Requests with the dryRun attribute will be auto-rejected if they match a webhook with sideEffects == Unknown or Some.\n\nPossible enum values:\n - `\"None\"` means that calling the webhook will have no side effects.\n - `\"NoneOnDryRun\"` means that calling the webhook will possibly have side effects, but if the request being reviewed has the dry-run attribute, the side effects will be suppressed.\n - `\"Some\"` means that calling the webhook will possibly have side effects. If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.\n - `\"Unknown\"` means that no information is known about the side effects of calling the webhook. If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.", - "type": "string", - "enum": [ - "None", - "NoneOnDryRun", - "Some", - "Unknown" - ] - }, - "timeoutSeconds": { - "description": "TimeoutSeconds specifies the timeout for this webhook. After the timeout passes, the webhook call will be ignored or the API call will fail based on the failure policy. The timeout value must be between 1 and 30 seconds. Default to 10 seconds.", - "type": "integer", - "format": "int32" + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" } } }, - "io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration": { - "description": "ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.", + "com.github.openshift.api.operator.v1.DNSTransportConfig": { + "description": "DNSTransportConfig groups related configuration parameters used for configuring forwarding to upstream resolvers that support DNS-over-TLS.", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "tls": { + "description": "tls contains the additional configuration options to use when Transport is set to \"TLS\".", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSOverTLSConfig" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "transport": { + "description": "transport allows cluster administrators to opt-in to using a DNS-over-TLS connection between cluster DNS and an upstream resolver(s). Configuring TLS as the transport at this level without configuring a CABundle will result in the system certificates being used to verify the serving certificate of the upstream resolver(s).\n\nPossible values: \"\" (empty) - This means no explicit choice has been made and the platform chooses the default which is subject to change over time. The current default is \"Cleartext\". \"Cleartext\" - Cluster admin specified cleartext option. This results in the same functionality as an empty value but may be useful when a cluster admin wants to be more explicit about the transport, or wants to switch from \"TLS\" to \"Cleartext\" explicitly. \"TLS\" - This indicates that DNS queries should be sent over a TLS connection. If Transport is set to TLS, you MUST also set ServerName. If a port is not included with the upstream IP, port 853 will be tried by default per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1.", "type": "string" - }, - "metadata": { - "description": "Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "webhooks": { - "description": "Webhooks is a list of webhooks and the affected resources and operations.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ValidatingWebhook" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "transport", + "fields-to-discriminateBy": { + "tls": "TLS" + } + } + ] }, - "io.k8s.api.admissionregistration.v1.ValidatingWebhookConfigurationList": { - "description": "ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration.", + "com.github.openshift.api.operator.v1.DefaultNetworkDefinition": { + "description": "DefaultNetworkDefinition represents a single network plugin's configuration. type must be specified, along with exactly one \"Config\" that matches the type.", "type": "object", "required": [ - "items" + "type" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of ValidatingWebhookConfiguration.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ValidatingWebhookConfiguration" - } + "openshiftSDNConfig": { + "description": "openshiftSDNConfig was previously used to configure the openshift-sdn plugin. DEPRECATED: OpenShift SDN is no longer supported.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftSDNConfig" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "ovnKubernetesConfig": { + "description": "ovnKubernetesConfig configures the ovn-kubernetes plugin.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OVNKubernetesConfig" }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "type": { + "description": "type is the type of network All NetworkTypes are supported except for NetworkTypeRaw", + "type": "string", + "default": "" } } }, - "io.k8s.api.admissionregistration.v1.Validation": { - "description": "Validation specifies the CEL expression which is used to apply the validation.", + "com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategory": { + "description": "DeveloperConsoleCatalogCategory for the developer console catalog.", "type": "object", "required": [ - "expression" + "id", + "label" ], "properties": { - "expression": { - "description": "Expression represents the expression which will be evaluated by CEL. ref: https://github.com/google/cel-spec CEL expressions have access to the contents of the API request/response, organized into CEL variables as well as some other useful variables:\n\n- 'object' - The object from the incoming request. The value is null for DELETE requests. - 'oldObject' - The existing object. The value is null for CREATE requests. - 'request' - Attributes of the API request([ref](/pkg/apis/admission/types.go#AdmissionRequest)). - 'params' - Parameter resource referred to by the policy binding being evaluated. Only populated if the policy has a ParamKind. - 'namespaceObject' - The namespace object that the incoming object belongs to. The value is null for cluster-scoped resources. - 'variables' - Map of composited variables, from its name to its lazily evaluated value.\n For example, a variable named 'foo' can be accessed as 'variables.foo'.\n- 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.\n See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz\n- 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the\n request resource.\n\nThe `apiVersion`, `kind`, `metadata.name` and `metadata.generateName` are always accessible from the root of the object. No other metadata properties are accessible.\n\nOnly property names of the form `[a-zA-Z_.-/][a-zA-Z0-9_.-/]*` are accessible. Accessible property names are escaped according to the following rules when accessed in the expression: - '__' escapes to '__underscores__' - '.' escapes to '__dot__' - '-' escapes to '__dash__' - '/' escapes to '__slash__' - Property names that exactly match a CEL RESERVED keyword escape to '__{keyword}__'. The keywords are:\n\t \"true\", \"false\", \"null\", \"in\", \"as\", \"break\", \"const\", \"continue\", \"else\", \"for\", \"function\", \"if\",\n\t \"import\", \"let\", \"loop\", \"package\", \"namespace\", \"return\".\nExamples:\n - Expression accessing a property named \"namespace\": {\"Expression\": \"object.__namespace__ > 0\"}\n - Expression accessing a property named \"x-prop\": {\"Expression\": \"object.x__dash__prop > 0\"}\n - Expression accessing a property named \"redact__d\": {\"Expression\": \"object.redact__underscores__d > 0\"}\n\nEquality on arrays with list type of 'set' or 'map' ignores element order, i.e. [1, 2] == [2, 1]. Concatenation on arrays with x-kubernetes-list-type use the semantics of the list type:\n - 'set': `X + Y` performs a union where the array positions of all elements in `X` are preserved and\n non-intersecting elements in `Y` are appended, retaining their partial order.\n - 'map': `X + Y` performs a merge where the array positions of all keys in `X` are preserved but the values\n are overwritten by values in `Y` when the key sets of `X` and `Y` intersect. Elements in `Y` with\n non-intersecting keys are appended, retaining their partial order.\nRequired.", + "id": { + "description": "id is an identifier used in the URL to enable deep linking in console. ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters.", "type": "string", "default": "" }, - "message": { - "description": "Message represents the message displayed when validation fails. The message is required if the Expression contains line breaks. The message must not contain line breaks. If unset, the message is \"failed rule: {Rule}\". e.g. \"must be a URL with the host matching spec.host\" If the Expression contains line breaks. Message is required. The message must not contain line breaks. If unset, the message is \"failed Expression: {Expression}\".", - "type": "string" + "label": { + "description": "label defines a category display label. It is required and must have 1-64 characters.", + "type": "string", + "default": "" }, - "messageExpression": { - "description": "messageExpression declares a CEL expression that evaluates to the validation failure message that is returned when this rule fails. Since messageExpression is used as a failure message, it must evaluate to a string. If both message and messageExpression are present on a validation, then messageExpression will be used if validation fails. If messageExpression results in a runtime error, the runtime error is logged, and the validation failure message is produced as if the messageExpression field were unset. If messageExpression evaluates to an empty string, a string with only spaces, or a string that contains line breaks, then the validation failure message will also be produced as if the messageExpression field were unset, and the fact that messageExpression produced an empty string/string with only spaces/string with line breaks will be logged. messageExpression has access to all the same variables as the `expression` except for 'authorizer' and 'authorizer.requestResource'. Example: \"object.x must be less than max (\"+string(params.max)+\")\"", - "type": "string" + "subcategories": { + "description": "subcategories defines a list of child categories.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategoryMeta" + } }, - "reason": { - "description": "Reason represents a machine-readable description of why this validation failed. If this is the first validation in the list to fail, this reason, as well as the corresponding HTTP response code, are used in the HTTP response to the client. The currently supported reasons are: \"Unauthorized\", \"Forbidden\", \"Invalid\", \"RequestEntityTooLarge\". If not set, StatusReasonInvalid is used in the response to the client.", - "type": "string" + "tags": { + "description": "tags is a list of strings that will match the category. A selected category show all items which has at least one overlapping tag between category and item.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "io.k8s.api.admissionregistration.v1.Variable": { - "description": "Variable is the definition of a variable that is used for composition. A variable is defined as a named expression.", + "com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategoryMeta": { + "description": "DeveloperConsoleCatalogCategoryMeta are the key identifiers of a developer catalog category.", "type": "object", "required": [ - "name", - "expression" + "id", + "label" ], "properties": { - "expression": { - "description": "Expression is the expression that will be evaluated as the value of the variable. The CEL expression has access to the same identifiers as the CEL expressions in Validation.", + "id": { + "description": "id is an identifier used in the URL to enable deep linking in console. ID is required and must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters.", "type": "string", "default": "" }, - "name": { - "description": "Name is the name of the variable. The name must be a valid CEL identifier and unique among all variables. The variable can be accessed in other expressions through `variables` For example, if name is \"foo\", the variable will be available as `variables.foo`", + "label": { + "description": "label defines a category display label. It is required and must have 1-64 characters.", "type": "string", "default": "" + }, + "tags": { + "description": "tags is a list of strings that will match the category. A selected category show all items which has at least one overlapping tag between category and item.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } - }, - "x-kubernetes-map-type": "atomic" + } }, - "io.k8s.api.admissionregistration.v1.WebhookClientConfig": { - "description": "WebhookClientConfig contains the information to make a TLS connection with the webhook", + "com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCustomization": { + "description": "DeveloperConsoleCatalogCustomization allow cluster admin to configure developer catalog.", "type": "object", "properties": { - "caBundle": { - "description": "`caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate. If unspecified, system trust roots on the apiserver are used.", - "type": "string", - "format": "byte" - }, - "service": { - "description": "`service` is a reference to the service for this webhook. Either `service` or `url` must be specified.\n\nIf the webhook is running within the cluster, then you should use `service`.", - "$ref": "#/definitions/io.k8s.api.admissionregistration.v1.ServiceReference" + "categories": { + "description": "categories which are shown in the developer catalog.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DeveloperConsoleCatalogCategory" + } }, - "url": { - "description": "`url` gives the location of the webhook, in standard URL form (`scheme://host:port/path`). Exactly one of `url` or `service` must be specified.\n\nThe `host` should not refer to a service running in the cluster; use the `service` field instead. The host might be resolved via external DNS in some apiservers (e.g., `kube-apiserver` cannot resolve in-cluster DNS as that would be a layering violation). `host` may also be an IP address.\n\nPlease note that using `localhost` or `127.0.0.1` as a `host` is risky unless you take great care to run this webhook on all hosts which run an apiserver which might need to make calls to this webhook. Such installs are likely to be non-portable, i.e., not easy to turn up in a new cluster.\n\nThe scheme must be \"https\"; the URL must begin with \"https://\".\n\nA path is optional, and if present may be any string permissible in a URL. You may use the path to pass an arbitrary string to the webhook, for example, a cluster identifier.\n\nAttempting to use a user or basic auth e.g. \"user:password@\" is not allowed. Fragments (\"#...\") and query parameters (\"?...\") are not allowed, either.", - "type": "string" + "types": { + "description": "types allows enabling or disabling of sub-catalog types that user can see in the Developer catalog. When omitted, all the sub-catalog types will be shown.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DeveloperConsoleCatalogTypes" } } }, - "io.k8s.api.authorization.v1.FieldSelectorAttributes": { - "description": "FieldSelectorAttributes indicates a field limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.", + "com.github.openshift.api.operator.v1.DeveloperConsoleCatalogTypes": { + "description": "DeveloperConsoleCatalogTypes defines the state of the sub-catalog types.", "type": "object", + "required": [ + "state" + ], "properties": { - "rawSelector": { - "description": "rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.", - "type": "string" + "disabled": { + "description": "disabled is a list of developer catalog types (sub-catalogs IDs) that are not shown to users. Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available in the console on the cluster configuration page, or when editing the YAML in the console. Example: \"Devfile\", \"HelmChart\", \"BuilderImage\" If the list is empty or all the available sub-catalog types are added, then the complete developer catalog should be hidden.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" }, - "requirements": { - "description": "requirements is the parsed interpretation of a field selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.", + "enabled": { + "description": "enabled is a list of developer catalog types (sub-catalogs IDs) that will be shown to users. Types (sub-catalogs) are added via console plugins, the available types (sub-catalog IDs) are available in the console on the cluster configuration page, or when editing the YAML in the console. Example: \"Devfile\", \"HelmChart\", \"BuilderImage\" If the list is non-empty, a new type will not be shown to the user until it is added to list. If the list is empty the complete developer catalog will be shown.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.FieldSelectorRequirement" + "type": "string", + "default": "" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-type": "set" + }, + "state": { + "description": "state defines if a list of catalog types should be enabled or disabled.", + "type": "string", + "default": "Enabled" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "state", + "fields-to-discriminateBy": { + "disabled": "Disabled", + "enabled": "Enabled" + } + } + ] + }, + "com.github.openshift.api.operator.v1.EgressIPConfig": { + "description": "EgressIPConfig defines the configuration knobs for egressip", + "type": "object", + "properties": { + "reachabilityTotalTimeoutSeconds": { + "description": "reachabilityTotalTimeout configures the EgressIP node reachability check total timeout in seconds. If the EgressIP node cannot be reached within this timeout, the node is declared down. Setting a large value may cause the EgressIP feature to react slowly to node changes. In particular, it may react slowly for EgressIP nodes that really have a genuine problem and are unreachable. When omitted, this means the user has no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 1 second. A value of 0 disables the EgressIP node's reachability check.", + "type": "integer", + "format": "int64" } } }, - "io.k8s.api.authorization.v1.LabelSelectorAttributes": { - "description": "LabelSelectorAttributes indicates a label limited access. Webhook authors are encouraged to * ensure rawSelector and requirements are not both set * consider the requirements field if set * not try to parse or consider the rawSelector field if set. This is to avoid another CVE-2022-2880 (i.e. getting different systems to agree on how exactly to parse a query is not something we want), see https://www.oxeye.io/resources/golang-parameter-smuggling-attack for more details. For the *SubjectAccessReview endpoints of the kube-apiserver: * If rawSelector is empty and requirements are empty, the request is not limited. * If rawSelector is present and requirements are empty, the rawSelector will be parsed and limited if the parsing succeeds. * If rawSelector is empty and requirements are present, the requirements should be honored * If rawSelector is present and requirements are present, the request is invalid.", + "com.github.openshift.api.operator.v1.EndpointPublishingStrategy": { + "description": "EndpointPublishingStrategy is a way to publish the endpoints of an IngressController, and represents the type and any additional configuration for a specific type.", "type": "object", + "required": [ + "type" + ], "properties": { - "rawSelector": { - "description": "rawSelector is the serialization of a field selector that would be included in a query parameter. Webhook implementations are encouraged to ignore rawSelector. The kube-apiserver's *SubjectAccessReview will parse the rawSelector as long as the requirements are not present.", - "type": "string" + "hostNetwork": { + "description": "hostNetwork holds parameters for the HostNetwork endpoint publishing strategy. Present only if type is HostNetwork.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.HostNetworkStrategy" }, - "requirements": { - "description": "requirements is the parsed interpretation of a label selector. All requirements must be met for a resource instance to match the selector. Webhook implementations should handle requirements, but how to handle them is up to the webhook. Since requirements can only limit the request, it is safe to authorize as unlimited request if the requirements are not understood.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement" - }, - "x-kubernetes-list-type": "atomic" + "loadBalancer": { + "description": "loadBalancer holds parameters for the load balancer. Present only if type is LoadBalancerService.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.LoadBalancerStrategy" + }, + "nodePort": { + "description": "nodePort holds parameters for the NodePortService endpoint publishing strategy. Present only if type is NodePortService.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodePortStrategy" + }, + "private": { + "description": "private holds parameters for the Private endpoint publishing strategy. Present only if type is Private.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.PrivateStrategy" + }, + "type": { + "description": "type is the publishing strategy to use. Valid values are:\n\n* LoadBalancerService\n\nPublishes the ingress controller using a Kubernetes LoadBalancer Service.\n\nIn this configuration, the ingress controller deployment uses container networking. A LoadBalancer Service is created to publish the deployment.\n\nSee: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer\n\nIf domain is set, a wildcard DNS record will be managed to point at the LoadBalancer Service's external name. DNS records are managed only in DNS zones defined by dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone.\n\nWildcard DNS management is currently supported only on the AWS, Azure, and GCP platforms.\n\n* HostNetwork\n\nPublishes the ingress controller on node ports where the ingress controller is deployed.\n\nIn this configuration, the ingress controller deployment uses host networking, bound to node ports 80 and 443. The user is responsible for configuring an external load balancer to publish the ingress controller via the node ports.\n\n* Private\n\nDoes not publish the ingress controller.\n\nIn this configuration, the ingress controller deployment uses container networking, and is not explicitly published. The user must manually publish the ingress controller.\n\n* NodePortService\n\nPublishes the ingress controller using a Kubernetes NodePort Service.\n\nIn this configuration, the ingress controller deployment uses container networking. A NodePort Service is created to publish the deployment. The specific node ports are dynamically allocated by OpenShift; however, to support static port allocations, user changes to the node port field of the managed NodePort Service will preserved.", + "type": "string", + "default": "" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "hostNetwork": "HostNetwork", + "loadBalancer": "LoadBalancer", + "nodePort": "NodePort", + "private": "Private" + } } - } + ] }, - "io.k8s.api.authorization.v1.LocalSubjectAccessReview": { - "description": "LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace. Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions checking.", + "com.github.openshift.api.operator.v1.Etcd": { + "description": "Etcd provides information to configure an operator to manage etcd.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ + "metadata", "spec" ], "properties": { @@ -41825,595 +42756,692 @@ "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { - "description": "Spec holds information about the request being evaluated. spec.namespace must be equal to the namespace you made the request against. If empty, it is defaulted.", "default": {}, - "$ref": "#/definitions/io.k8s.api.authorization.v1.SubjectAccessReviewSpec" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.EtcdSpec" }, "status": { - "description": "Status is filled in by the server and indicates whether the request is allowed or not", "default": {}, - "$ref": "#/definitions/io.k8s.api.authorization.v1.SubjectAccessReviewStatus" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.EtcdStatus" } } }, - "io.k8s.api.authorization.v1.NonResourceAttributes": { - "description": "NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface", + "com.github.openshift.api.operator.v1.EtcdList": { + "description": "KubeAPISOperatorConfigList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { - "path": { - "description": "Path is the URL path of the request", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "verb": { - "description": "Verb is the standard HTTP verb", + "items": { + "description": "items contains the items", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Etcd" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.authorization.v1.NonResourceRule": { - "description": "NonResourceRule holds information that describes a rule for the non-resource", + "com.github.openshift.api.operator.v1.EtcdSpec": { "type": "object", "required": [ - "verbs" + "managementState", + "forceRedeploymentReason" ], "properties": { - "nonResourceURLs": { - "description": "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path. \"*\" means all.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "backendQuotaGiB": { + "description": "backendQuotaGiB sets the etcd backend storage size limit in gibibytes. The value should be an integer not less than 8 and not more than 32. When not specified, the default value is 8.", + "type": "integer", + "format": "int32", + "default": 8 }, - "verbs": { - "description": "Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options. \"*\" means all.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "io.k8s.api.authorization.v1.ResourceAttributes": { - "description": "ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface", - "type": "object", - "properties": { - "fieldSelector": { - "description": "fieldSelector describes the limitation on access based on field. It can only limit access, not broaden it.", - "$ref": "#/definitions/io.k8s.api.authorization.v1.FieldSelectorAttributes" + "controlPlaneHardwareSpeed": { + "description": "HardwareSpeed allows user to change the etcd tuning profile which configures the latency parameters for heartbeat interval and leader election timeouts allowing the cluster to tolerate longer round-trip-times between etcd members. Valid values are \"\", \"Standard\" and \"Slower\".\n\t\"\" means no opinion and the platform is left to choose a reasonable default\n\twhich is subject to change without notice.\n\nPossible enum values:\n - `\"Slower\"` provides more tolerance for slower hardware and/or higher latency networks. Sets (values subject to change): ETCD_HEARTBEAT_INTERVAL: 5x Standard ETCD_LEADER_ELECTION_TIMEOUT: 2.5x Standard\n - `\"Standard\"` provides the normal tolerances for hardware speed and latency. Currently sets (values subject to change at any time): ETCD_HEARTBEAT_INTERVAL: 100ms ETCD_LEADER_ELECTION_TIMEOUT: 1000ms", + "type": "string", + "default": "", + "enum": [ + "Slower", + "Standard" + ] }, - "group": { - "description": "Group is the API Group of the Resource. \"*\" means all.", - "type": "string" + "failedRevisionLimit": { + "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", + "type": "integer", + "format": "int32" }, - "labelSelector": { - "description": "labelSelector describes the limitation on access based on labels. It can only limit access, not broaden it.", - "$ref": "#/definitions/io.k8s.api.authorization.v1.LabelSelectorAttributes" + "forceRedeploymentReason": { + "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.", + "type": "string", + "default": "" }, - "name": { - "description": "Name is the name of the resource being requested for a \"get\" or deleted for a \"delete\". \"\" (empty) means all.", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "namespace": { - "description": "Namespace is the namespace of the action being requested. Currently, there is no distinction between no namespace and all namespaces \"\" (empty) is defaulted for LocalSubjectAccessReviews \"\" (empty) is empty for cluster-scoped resources \"\" (empty) means \"all\" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview", - "type": "string" + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" }, - "resource": { - "description": "Resource is one of the existing resource types. \"*\" means all.", - "type": "string" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" }, - "subresource": { - "description": "Subresource is one of the existing resource types. \"\" means none.", + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "verb": { - "description": "Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy. \"*\" means all.", - "type": "string" + "succeededRevisionLimit": { + "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", + "type": "integer", + "format": "int32" }, - "version": { - "description": "Version is the API Version of the Resource. \"*\" means all.", - "type": "string" + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.authorization.v1.ResourceRule": { - "description": "ResourceRule is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.", + "com.github.openshift.api.operator.v1.EtcdStatus": { "type": "object", - "required": [ - "verbs" - ], "properties": { - "apiGroups": { - "description": "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. \"*\" means all.", + "conditions": { + "description": "conditions is a list of conditions and their status", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "resourceNames": { - "description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. \"*\" means all.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "controlPlaneHardwareSpeed": { + "description": "Possible enum values:\n - `\"Slower\"` provides more tolerance for slower hardware and/or higher latency networks. Sets (values subject to change): ETCD_HEARTBEAT_INTERVAL: 5x Standard ETCD_LEADER_ELECTION_TIMEOUT: 2.5x Standard\n - `\"Standard\"` provides the normal tolerances for hardware speed and latency. Currently sets (values subject to change at any time): ETCD_HEARTBEAT_INTERVAL: 100ms ETCD_LEADER_ELECTION_TIMEOUT: 1000ms", + "type": "string", + "default": "", + "enum": [ + "Slower", + "Standard" + ] }, - "resources": { - "description": "Resources is a list of resources this rule applies to. \"*\" means all in the specified apiGroups.\n \"*/foo\" represents the subresource 'foo' for all resources in the specified apiGroups.", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "verbs": { - "description": "Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy. \"*\" means all.", + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" + }, + "latestAvailableRevisionReason": { + "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", + "type": "string" + }, + "nodeStatuses": { + "description": "nodeStatuses track the deployment values and errors across individual nodes", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeStatus" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "nodeName" + ], + "x-kubernetes-list-type": "map" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } } }, - "io.k8s.api.authorization.v1.SelfSubjectAccessReview": { - "description": "SelfSubjectAccessReview checks whether or the current user can perform an action. Not filling in a spec.namespace means \"in all namespaces\". Self is a special case, because users should always be able to check whether they can perform an action", + "com.github.openshift.api.operator.v1.ExportNetworkFlows": { + "type": "object", + "properties": { + "ipfix": { + "description": "ipfix defines IPFIX configuration.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPFIXConfig" + }, + "netFlow": { + "description": "netFlow defines the NetFlow configuration.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NetFlowConfig" + }, + "sFlow": { + "description": "sFlow defines the SFlow configuration.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.SFlowConfig" + } + } + }, + "com.github.openshift.api.operator.v1.FeaturesMigration": { + "type": "object", + "properties": { + "egressFirewall": { + "description": "egressFirewall specified whether or not the Egress Firewall configuration was migrated. DEPRECATED: network type migration is no longer supported.", + "type": "boolean" + }, + "egressIP": { + "description": "egressIP specified whether or not the Egress IP configuration was migrated. DEPRECATED: network type migration is no longer supported.", + "type": "boolean" + }, + "multicast": { + "description": "multicast specified whether or not the multicast configuration was migrated. DEPRECATED: network type migration is no longer supported.", + "type": "boolean" + } + } + }, + "com.github.openshift.api.operator.v1.FileReferenceSource": { + "description": "FileReferenceSource is used by the console to locate the specified file containing a custom logo.", "type": "object", "required": [ - "spec" + "from" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "configMap": { + "description": "configMap specifies the ConfigMap sourcing details such as the name of the ConfigMap and the key for the file. The ConfigMap must exist in the openshift-config namespace. Required when from is \"ConfigMap\", and forbidden otherwise.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ConfigMapFileReference" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "from": { + "description": "from is a required field to specify the source type of the file reference. Allowed values are ConfigMap. When set to ConfigMap, the file will be sourced from a ConfigMap in the openshift-config namespace. The configMap field must be set when from is set to ConfigMap.\n\nPossible enum values:\n - `\"ConfigMap\"` represents a ConfigMap source.", + "type": "string", + "default": "", + "enum": [ + "ConfigMap" + ] + } + } + }, + "com.github.openshift.api.operator.v1.ForwardPlugin": { + "description": "ForwardPlugin defines a schema for configuring the CoreDNS forward plugin.", + "type": "object", + "required": [ + "upstreams" + ], + "properties": { + "policy": { + "description": "policy is used to determine the order in which upstream servers are selected for querying. Any one of the following values may be specified:\n\n* \"Random\" picks a random upstream server for each query. * \"RoundRobin\" picks upstream servers in a round-robin order, moving to the next server for each new query. * \"Sequential\" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query.\n\nThe default value is \"Random\"", "type": "string" }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "protocolStrategy": { + "description": "protocolStrategy specifies the protocol to use for upstream DNS requests. Valid values for protocolStrategy are \"TCP\" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is to use the protocol of the original client request. \"TCP\" specifies that the platform should use TCP for all upstream DNS requests, even if the client request uses UDP. \"TCP\" is useful for UDP-specific issues such as those created by non-compliant upstream resolvers, but may consume more bandwidth or increase DNS response time. Note that protocolStrategy only affects the protocol of DNS requests that CoreDNS makes to upstream resolvers. It does not affect the protocol of DNS requests between clients and CoreDNS.", + "type": "string", + "default": "" }, - "spec": { - "description": "Spec holds information about the request being evaluated. user and groups must be empty", + "transportConfig": { + "description": "transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver.\n\nThe default value is \"\" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver.", "default": {}, - "$ref": "#/definitions/io.k8s.api.authorization.v1.SelfSubjectAccessReviewSpec" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSTransportConfig" }, - "status": { - "description": "Status is filled in by the server and indicates whether the request is allowed or not", - "default": {}, - "$ref": "#/definitions/io.k8s.api.authorization.v1.SubjectAccessReviewStatus" + "upstreams": { + "description": "upstreams is a list of resolvers to forward name queries for subdomains of Zones. Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream returns an error during the exchange, another resolver is tried from Upstreams. The Upstreams are selected in the order specified in Policy. Each upstream is represented by an IP address or IP:port if the upstream listens on a port other than 53.\n\nA maximum of 15 upstreams is allowed per ForwardPlugin.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "io.k8s.api.authorization.v1.SelfSubjectAccessReviewSpec": { - "description": "SelfSubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set", + "com.github.openshift.api.operator.v1.GCPCSIDriverConfigSpec": { + "description": "GCPCSIDriverConfigSpec defines properties that can be configured for the GCP CSI driver.", "type": "object", "properties": { - "nonResourceAttributes": { - "description": "NonResourceAttributes describes information for a non-resource access request", - "$ref": "#/definitions/io.k8s.api.authorization.v1.NonResourceAttributes" - }, - "resourceAttributes": { - "description": "ResourceAuthorizationAttributes describes information for a resource access request", - "$ref": "#/definitions/io.k8s.api.authorization.v1.ResourceAttributes" + "kmsKey": { + "description": "kmsKey sets the cluster default storage class to encrypt volumes with customer-supplied encryption keys, rather than the default keys managed by GCP.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GCPKMSKeyReference" } } }, - "io.k8s.api.authorization.v1.SelfSubjectRulesReview": { - "description": "SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace. The returned list of actions may be incomplete depending on the server's authorization mode, and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to show/hide actions, or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns. SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server.", + "com.github.openshift.api.operator.v1.GCPKMSKeyReference": { + "description": "GCPKMSKeyReference gathers required fields for looking up a GCP KMS Key", "type": "object", "required": [ - "spec" + "name", + "keyRing", + "projectID" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "keyRing": { + "description": "keyRing is the name of the KMS Key Ring which the KMS Key belongs to. The value should correspond to an existing KMS key ring and should consist of only alphanumeric characters, hyphens (-) and underscores (_), and be at most 63 characters in length.", + "type": "string", + "default": "" + }, + "location": { + "description": "location is the GCP location in which the Key Ring exists. The value must match an existing GCP location, or \"global\". Defaults to global, if not set.", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "name": { + "description": "name is the name of the customer-managed encryption key to be used for disk encryption. The value should correspond to an existing KMS key and should consist of only alphanumeric characters, hyphens (-) and underscores (_), and be at most 63 characters in length.", + "type": "string", + "default": "" + }, + "projectID": { + "description": "projectID is the ID of the Project in which the KMS Key Ring exists. It must be 6 to 30 lowercase letters, digits, or hyphens. It must start with a letter. Trailing hyphens are prohibited.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.operator.v1.GCPLoadBalancerParameters": { + "description": "GCPLoadBalancerParameters provides configuration settings that are specific to GCP load balancers.", + "type": "object", + "properties": { + "clientAccess": { + "description": "clientAccess describes how client access is restricted for internal load balancers.\n\nValid values are: * \"Global\": Specifying an internal load balancer with Global client access\n allows clients from any region within the VPC to communicate with the load\n balancer.\n\n https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access\n\n* \"Local\": Specifying an internal load balancer with Local client access\n means only clients within the same region (and VPC) as the GCP load balancer\n can communicate with the load balancer. Note that this is the default behavior.\n\n https://cloud.google.com/load-balancing/docs/internal#client_access", + "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.GatewayConfig": { + "description": "GatewayConfig holds node gateway-related parsed config file parameters and command-line overrides", + "type": "object", + "properties": { + "ipForwarding": { + "description": "ipForwarding controls IP forwarding for all traffic on OVN-Kubernetes managed interfaces (such as br-ex). By default this is set to Restricted, and Kubernetes related traffic is still forwarded appropriately, but other IP traffic will not be routed by the OCP node. If there is a desire to allow the host to forward traffic across OVN-Kubernetes managed interfaces, then set this field to \"Global\". The supported values are \"Restricted\" and \"Global\".", "type": "string" }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "ipv4": { + "description": "ipv4 allows users to configure IP settings for IPv4 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv4 for details of default values.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPv4GatewayConfig" }, - "spec": { - "description": "Spec holds information about the request being evaluated.", + "ipv6": { + "description": "ipv6 allows users to configure IP settings for IPv6 connections. When omitted, this means no opinion and the default configuration is used. Check individual members fields within ipv6 for details of default values.", "default": {}, - "$ref": "#/definitions/io.k8s.api.authorization.v1.SelfSubjectRulesReviewSpec" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPv6GatewayConfig" }, - "status": { - "description": "Status is filled in by the server and indicates the set of actions a user can perform.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.authorization.v1.SubjectRulesReviewStatus" + "routingViaHost": { + "description": "routingViaHost allows pod egress traffic to exit via the ovn-k8s-mp0 management port into the host before sending it out. If this is not set, traffic will always egress directly from OVN to outside without touching the host stack. Setting this to true means hardware offload will not be supported. Default is false if GatewayConfig is specified.", + "type": "boolean" } } }, - "io.k8s.api.authorization.v1.SelfSubjectRulesReviewSpec": { - "description": "SelfSubjectRulesReviewSpec defines the specification for SelfSubjectRulesReview.", + "com.github.openshift.api.operator.v1.GatherStatus": { + "description": "gatherStatus provides information about the last known gather event.", "type": "object", "properties": { - "namespace": { - "description": "Namespace to evaluate rules for. Required.", - "type": "string" + "gatherers": { + "description": "gatherers is a list of active gatherers (and their statuses) in the last gathering.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GathererStatus" + }, + "x-kubernetes-list-type": "atomic" + }, + "lastGatherDuration": { + "description": "lastGatherDuration is the total time taken to process all gatherers during the last gather event.", + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "lastGatherTime": { + "description": "lastGatherTime is the last time when Insights data gathering finished. An empty value means that no data has been gathered yet.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.authorization.v1.SubjectAccessReview": { - "description": "SubjectAccessReview checks whether or not a user or group can perform an action.", + "com.github.openshift.api.operator.v1.GathererStatus": { + "description": "gathererStatus represents information about a particular data gatherer.", "type": "object", "required": [ - "spec" + "conditions", + "name", + "lastGatherDuration" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "conditions": { + "description": "conditions provide details on the status of each gatherer.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-type": "atomic" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "lastGatherDuration": { + "description": "lastGatherDuration represents the time spent gathering.", + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "name": { + "description": "name is the name of the gatherer.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.operator.v1.GenerationStatus": { + "description": "GenerationStatus keeps track of the generation for a given resource so that decisions about forced updates can be made.", + "type": "object", + "required": [ + "group", + "resource", + "namespace", + "name", + "lastGeneration", + "hash" + ], + "properties": { + "group": { + "description": "group is the group of the thing you're tracking", + "type": "string", + "default": "" }, - "spec": { - "description": "Spec holds information about the request being evaluated", - "default": {}, - "$ref": "#/definitions/io.k8s.api.authorization.v1.SubjectAccessReviewSpec" + "hash": { + "description": "hash is an optional field set for resources without generation that are content sensitive like secrets and configmaps", + "type": "string", + "default": "" }, - "status": { - "description": "Status is filled in by the server and indicates whether the request is allowed or not", - "default": {}, - "$ref": "#/definitions/io.k8s.api.authorization.v1.SubjectAccessReviewStatus" + "lastGeneration": { + "description": "lastGeneration is the last generation of the workload controller involved", + "type": "integer", + "format": "int64", + "default": 0 + }, + "name": { + "description": "name is the name of the thing you're tracking", + "type": "string", + "default": "" + }, + "namespace": { + "description": "namespace is where the thing you're tracking is", + "type": "string", + "default": "" + }, + "resource": { + "description": "resource is the resource type of the thing you're tracking", + "type": "string", + "default": "" } } }, - "io.k8s.api.authorization.v1.SubjectAccessReviewSpec": { - "description": "SubjectAccessReviewSpec is a description of the access request. Exactly one of ResourceAuthorizationAttributes and NonResourceAuthorizationAttributes must be set", + "com.github.openshift.api.operator.v1.HTTPCompressionPolicy": { + "description": "httpCompressionPolicy turns on compression for the specified MIME types.\n\nThis field is optional, and its absence implies that compression should not be enabled globally in HAProxy.\n\nIf httpCompressionPolicy exists, compression should be enabled only for the specified MIME types.", "type": "object", "properties": { - "extra": { - "description": "Extra corresponds to the user.Info.GetExtra() method from the authenticator. Since that is input to the authorizer it needs a reflection here.", - "type": "object", - "additionalProperties": { - "type": "array", - "items": { - "type": "string", - "default": "" - } - } - }, - "groups": { - "description": "Groups is the groups you're testing for.", + "mimeTypes": { + "description": "mimeTypes is a list of MIME types that should have compression applied. This list can be empty, in which case the ingress controller does not apply compression.\n\nNote: Not all MIME types benefit from compression, but HAProxy will still use resources to try to compress if instructed to. Generally speaking, text (html, css, js, etc.) formats benefit from compression, but formats that are already compressed (image, audio, video, etc.) benefit little in exchange for the time and cpu spent on compressing again. See https://joehonton.medium.com/the-gzip-penalty-d31bd697f1a2", "type": "array", "items": { "type": "string", "default": "" }, - "x-kubernetes-list-type": "atomic" - }, - "nonResourceAttributes": { - "description": "NonResourceAttributes describes information for a non-resource access request", - "$ref": "#/definitions/io.k8s.api.authorization.v1.NonResourceAttributes" + "x-kubernetes-list-type": "set" + } + } + }, + "com.github.openshift.api.operator.v1.HealthCheck": { + "description": "healthCheck represents an Insights health check attributes.", + "type": "object", + "required": [ + "description", + "totalRisk", + "advisorURI", + "state" + ], + "properties": { + "advisorURI": { + "description": "advisorURI provides the URL link to the Insights Advisor.", + "type": "string", + "default": "" }, - "resourceAttributes": { - "description": "ResourceAuthorizationAttributes describes information for a resource access request", - "$ref": "#/definitions/io.k8s.api.authorization.v1.ResourceAttributes" + "description": { + "description": "description provides basic description of the healtcheck.", + "type": "string", + "default": "" }, - "uid": { - "description": "UID information about the requesting user.", - "type": "string" + "state": { + "description": "state determines what the current state of the health check is. Health check is enabled by default and can be disabled by the user in the Insights advisor user interface.", + "type": "string", + "default": "" }, - "user": { - "description": "User is the user you're testing for. If you specify \"User\" but not \"Groups\", then is it interpreted as \"What if User were not a member of any groups", - "type": "string" + "totalRisk": { + "description": "totalRisk of the healthcheck. Indicator of the total risk posed by the detected issue; combination of impact and likelihood. The values can be from 1 to 4, and the higher the number, the more important the issue.", + "type": "integer", + "format": "int32", + "default": 0 } } }, - "io.k8s.api.authorization.v1.SubjectAccessReviewStatus": { - "description": "SubjectAccessReviewStatus", + "com.github.openshift.api.operator.v1.HostNetworkStrategy": { + "description": "HostNetworkStrategy holds parameters for the HostNetwork endpoint publishing strategy.", "type": "object", - "required": [ - "allowed" - ], "properties": { - "allowed": { - "description": "Allowed is required. True if the action would be allowed, false otherwise.", - "type": "boolean", - "default": false + "httpPort": { + "description": "httpPort is the port on the host which should be used to listen for HTTP requests. This field should be set when port 80 is already in use. The value should not coincide with the NodePort range of the cluster. When the value is 0 or is not specified it defaults to 80.", + "type": "integer", + "format": "int32" }, - "denied": { - "description": "Denied is optional. True if the action would be denied, otherwise false. If both allowed is false and denied is false, then the authorizer has no opinion on whether to authorize the action. Denied may not be true if Allowed is true.", - "type": "boolean" + "httpsPort": { + "description": "httpsPort is the port on the host which should be used to listen for HTTPS requests. This field should be set when port 443 is already in use. The value should not coincide with the NodePort range of the cluster. When the value is 0 or is not specified it defaults to 443.", + "type": "integer", + "format": "int32" }, - "evaluationError": { - "description": "EvaluationError is an indication that some error occurred during the authorization check. It is entirely possible to get an error and be able to continue determine authorization status in spite of it. For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.", + "protocol": { + "description": "protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string. * \"TCP\". * \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change.", "type": "string" }, - "reason": { - "description": "Reason is optional. It indicates why a request was allowed or denied.", - "type": "string" + "statsPort": { + "description": "statsPort is the port on the host where the stats from the router are published. The value should not coincide with the NodePort range of the cluster. If an external load balancer is configured to forward connections to this IngressController, the load balancer should use this port for health checks. The load balancer can send HTTP probes on this port on a given node, with the path /healthz/ready to determine if the ingress controller is ready to receive traffic on the node. For proper operation the load balancer must not forward traffic to a node until the health check reports ready. The load balancer should also stop forwarding requests within a maximum of 45 seconds after /healthz/ready starts reporting not-ready. Probing every 5 to 10 seconds, with a 5-second timeout and with a threshold of two successful or failed requests to become healthy or unhealthy respectively, are well-tested values. When the value is 0 or is not specified it defaults to 1936.", + "type": "integer", + "format": "int32" } } }, - "io.k8s.api.authorization.v1.SubjectRulesReviewStatus": { - "description": "SubjectRulesReviewStatus contains the result of a rules check. This check can be incomplete depending on the set of authorizers the server is configured with and any errors experienced during evaluation. Because authorization rules are additive, if a rule appears in a list it's safe to assume the subject has that permission, even if that list is incomplete.", + "com.github.openshift.api.operator.v1.HybridOverlayConfig": { "type": "object", "required": [ - "resourceRules", - "nonResourceRules", - "incomplete" + "hybridClusterNetwork" ], "properties": { - "evaluationError": { - "description": "EvaluationError can appear in combination with Rules. It indicates an error occurred during rule evaluation, such as an authorizer that doesn't support rule evaluation, and that ResourceRules and/or NonResourceRules may be incomplete.", - "type": "string" - }, - "incomplete": { - "description": "Incomplete is true when the rules returned by this call are incomplete. This is most commonly encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation.", - "type": "boolean", - "default": false - }, - "nonResourceRules": { - "description": "NonResourceRules is the list of actions the subject is allowed to perform on non-resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.", + "hybridClusterNetwork": { + "description": "hybridClusterNetwork defines a network space given to nodes on an additional overlay network.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.authorization.v1.NonResourceRule" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterNetworkEntry" }, "x-kubernetes-list-type": "atomic" }, - "resourceRules": { - "description": "ResourceRules is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant, may contain duplicates, and possibly be incomplete.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.authorization.v1.ResourceRule" - }, - "x-kubernetes-list-type": "atomic" + "hybridOverlayVXLANPort": { + "description": "hybridOverlayVXLANPort defines the VXLAN port number to be used by the additional overlay network. Default is 4789", + "type": "integer", + "format": "int64" } } }, - "io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource": { - "description": "Represents a Persistent Disk resource in AWS.\n\nAn AWS EBS disk must exist before mounting to a container. The disk must also be in the same AWS zone as the kubelet. An AWS EBS disk can only be mounted as read/write once. AWS EBS volumes support ownership management and SELinux relabeling.", + "com.github.openshift.api.operator.v1.IBMCloudCSIDriverConfigSpec": { + "description": "IBMCloudCSIDriverConfigSpec defines the properties that can be configured for the IBM Cloud CSI driver.", "type": "object", "required": [ - "volumeID" + "encryptionKeyCRN" ], "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "string" - }, - "partition": { - "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty).", - "type": "integer", - "format": "int32" - }, - "readOnly": { - "description": "readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "type": "boolean" - }, - "volumeID": { - "description": "volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", + "encryptionKeyCRN": { + "description": "encryptionKeyCRN is the IBM Cloud CRN of the customer-managed root key to use for disk encryption of volumes for the default storage classes.", "type": "string", "default": "" } } }, - "io.k8s.api.core.v1.Affinity": { - "description": "Affinity is a group of affinity scheduling rules.", + "com.github.openshift.api.operator.v1.IBMLoadBalancerParameters": { + "description": "IBMLoadBalancerParameters provides configuration settings that are specific to IBM Cloud load balancers.", "type": "object", "properties": { - "nodeAffinity": { - "description": "Describes node affinity scheduling rules for the pod.", - "$ref": "#/definitions/io.k8s.api.core.v1.NodeAffinity" - }, - "podAffinity": { - "description": "Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)).", - "$ref": "#/definitions/io.k8s.api.core.v1.PodAffinity" - }, - "podAntiAffinity": { - "description": "Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)).", - "$ref": "#/definitions/io.k8s.api.core.v1.PodAntiAffinity" + "protocol": { + "description": "protocol specifies whether the load balancer uses PROXY protocol to forward connections to the IngressController. See \"service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: \"proxy-protocol\"\" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas\"\n\nPROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol.\n\nValid values for protocol are TCP, PROXY and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is TCP, without the proxy protocol enabled.", + "type": "string" } } }, - "io.k8s.api.core.v1.AppArmorProfile": { - "description": "AppArmorProfile defines a pod or container's AppArmor settings.", + "com.github.openshift.api.operator.v1.IPAMConfig": { + "description": "IPAMConfig contains configurations for IPAM (IP Address Management)", "type": "object", "required": [ "type" ], "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is \"Localhost\".", - "type": "string" + "staticIPAMConfig": { + "description": "staticIPAMConfig configures the static IP address in case of type:IPAMTypeStatic", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.StaticIPAMConfig" }, "type": { - "description": "type indicates which kind of AppArmor profile will be applied. Valid options are:\n Localhost - a profile pre-loaded on the node.\n RuntimeDefault - the container runtime's default profile.\n Unconfined - no AppArmor enforcement.\n\nPossible enum values:\n - `\"Localhost\"` indicates that a profile pre-loaded on the node should be used.\n - `\"RuntimeDefault\"` indicates that the container runtime's default AppArmor profile should be used.\n - `\"Unconfined\"` indicates that no AppArmor profile should be enforced.", + "description": "type is the type of IPAM module will be used for IP Address Management(IPAM). The supported values are IPAMTypeDHCP, IPAMTypeStatic", "type": "string", - "default": "", - "enum": [ - "Localhost", - "RuntimeDefault", - "Unconfined" - ] + "default": "" + } + } + }, + "com.github.openshift.api.operator.v1.IPFIXConfig": { + "type": "object", + "properties": { + "collectors": { + "description": "ipfixCollectors is list of strings formatted as ip:port with a maximum of ten items", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "com.github.openshift.api.operator.v1.IPsecConfig": { + "type": "object", + "properties": { + "full": { + "description": "full defines configuration parameters for the IPsec `Full` mode. This is permitted only when mode is configured with `Full`, and forbidden otherwise.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPsecFullModeConfig" + }, + "mode": { + "description": "mode defines the behaviour of the ipsec configuration within the platform. Valid values are `Disabled`, `External` and `Full`. When 'Disabled', ipsec will not be enabled at the node level. When 'External', ipsec is enabled on the node level but requires the user to configure the secure communication parameters. This mode is for external secure communications and the configuration can be done using the k8s-nmstate operator. When 'Full', ipsec is configured on the node level and inter-pod secure communication within the cluster is configured. Note with `Full`, if ipsec is desired for communication with external (to the cluster) entities (such as storage arrays), this is left to the user to configure.", + "type": "string" } }, "x-kubernetes-unions": [ { - "discriminator": "type", + "discriminator": "mode", "fields-to-discriminateBy": { - "localhostProfile": "LocalhostProfile" + "full": "Full" } } ] }, - "io.k8s.api.core.v1.AttachedVolume": { - "description": "AttachedVolume describes a volume attached to a node", + "com.github.openshift.api.operator.v1.IPsecFullModeConfig": { + "description": "IPsecFullModeConfig defines configuration parameters for the IPsec `Full` mode.", "type": "object", - "required": [ - "name", - "devicePath" - ], "properties": { - "devicePath": { - "description": "DevicePath represents the device path where the volume should be available", - "type": "string", - "default": "" - }, - "name": { - "description": "Name of the attached volume", - "type": "string", - "default": "" + "encapsulation": { + "description": "encapsulation option to configure libreswan on how inter-pod traffic across nodes are encapsulated to handle NAT traversal. When configured it uses UDP port 4500 for the encapsulation. Valid values are Always, Auto and omitted. Always means enable UDP encapsulation regardless of whether NAT is detected. Auto means enable UDP encapsulation based on the detection of NAT. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is Auto.", + "type": "string" } } }, - "io.k8s.api.core.v1.AvoidPods": { - "description": "AvoidPods describes pods that should avoid this node. This is the value for a Node annotation with key scheduler.alpha.kubernetes.io/preferAvoidPods and will eventually become a field of NodeStatus.", + "com.github.openshift.api.operator.v1.IPv4GatewayConfig": { + "description": "IPV4GatewayConfig holds the configuration paramaters for IPV4 connections in the GatewayConfig for OVN-Kubernetes", "type": "object", "properties": { - "preferAvoidPods": { - "description": "Bounded-sized list of signatures of pods that should avoid this node, sorted in timestamp order from oldest to newest. Size of the slice is unspecified.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PreferAvoidPodsEntry" - }, - "x-kubernetes-list-type": "atomic" + "internalMasqueradeSubnet": { + "description": "internalMasqueradeSubnet contains the masquerade addresses in IPV4 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /29). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 169.254.0.0/17 The value must be in proper IPV4 CIDR format", + "type": "string" } } }, - "io.k8s.api.core.v1.AzureDiskVolumeSource": { - "description": "AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod.", + "com.github.openshift.api.operator.v1.IPv4OVNKubernetesConfig": { "type": "object", - "required": [ - "diskName", - "diskURI" - ], "properties": { - "cachingMode": { - "description": "cachingMode is the Host Caching mode: None, Read Only, Read Write.\n\nPossible enum values:\n - `\"None\"`\n - `\"ReadOnly\"`\n - `\"ReadWrite\"`", - "type": "string", - "default": "ReadWrite", - "enum": [ - "None", - "ReadOnly", - "ReadWrite" - ] - }, - "diskName": { - "description": "diskName is the Name of the data disk in the blob storage", - "type": "string", - "default": "" - }, - "diskURI": { - "description": "diskURI is the URI of data disk in the blob storage", - "type": "string", - "default": "" - }, - "fsType": { - "description": "fsType is Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string", - "default": "ext4" - }, - "kind": { - "description": "kind expected values are Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared\n\nPossible enum values:\n - `\"Dedicated\"`\n - `\"Managed\"`\n - `\"Shared\"`", - "type": "string", - "default": "Shared", - "enum": [ - "Dedicated", - "Managed", - "Shared" - ] + "internalJoinSubnet": { + "description": "internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The current default value is 100.64.0.0/16 The subnet must be large enough to accommodate one IP per node in your cluster The value must be in proper IPV4 CIDR format", + "type": "string" }, - "readOnly": { - "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean", - "default": false + "internalTransitSwitchSubnet": { + "description": "internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 100.88.0.0/16 The subnet must be large enough to accommodate one IP per node in your cluster The value must be in proper IPV4 CIDR format", + "type": "string" } } }, - "io.k8s.api.core.v1.AzureFilePersistentVolumeSource": { - "description": "AzureFile represents an Azure File Service mount on the host and bind mount to the pod.", + "com.github.openshift.api.operator.v1.IPv6GatewayConfig": { + "description": "IPV6GatewayConfig holds the configuration paramaters for IPV6 connections in the GatewayConfig for OVN-Kubernetes", "type": "object", - "required": [ - "secretName", - "shareName" - ], "properties": { - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretName": { - "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", - "type": "string", - "default": "" - }, - "secretNamespace": { - "description": "secretNamespace is the namespace of the secret that contains Azure Storage Account Name and Key default is the same as the Pod", + "internalMasqueradeSubnet": { + "description": "internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /125). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is fd69::/112 Note that IPV6 dual addresses are not permitted", "type": "string" - }, - "shareName": { - "description": "shareName is the azure Share Name", - "type": "string", - "default": "" } } }, - "io.k8s.api.core.v1.AzureFileVolumeSource": { - "description": "AzureFile represents an Azure File Service mount on the host and bind mount to the pod.", + "com.github.openshift.api.operator.v1.IPv6OVNKubernetesConfig": { "type": "object", - "required": [ - "secretName", - "shareName" - ], "properties": { - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" + "internalJoinSubnet": { + "description": "internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The subnet must be large enough to accommodate one IP per node in your cluster The current default value is fd98::/64 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted", + "type": "string" }, - "secretName": { - "description": "secretName is the name of secret that contains Azure Storage Account Name and Key", + "internalTransitSwitchSubnet": { + "description": "internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The subnet must be large enough to accommodate one IP per node in your cluster The current default subnet is fd97::/64 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted", + "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.Ingress": { + "description": "Ingress allows cluster admin to configure alternative ingress for the console.", + "type": "object", + "properties": { + "clientDownloadsURL": { + "description": "clientDownloadsURL is a URL to be used as the address to download client binaries. If not specified, the downloads route hostname will be used. This field is required for clusters without ingress capability, where access to routes is not possible. The console operator will monitor the URL and may go degraded if it's unreachable for an extended period. Must use the HTTPS scheme.", "type": "string", "default": "" }, - "shareName": { - "description": "shareName is the azure share Name", + "consoleURL": { + "description": "consoleURL is a URL to be used as the base console address. If not specified, the console route hostname will be used. This field is required for clusters without ingress capability, where access to routes is not possible. Make sure that appropriate ingress is set up at this URL. The console operator will monitor the URL and may go degraded if it's unreachable for an extended period. Must use the HTTPS scheme.", "type": "string", "default": "" } } }, - "io.k8s.api.core.v1.Binding": { - "description": "Binding ties one object to another; for example, a pod is bound to a node by a scheduler.", + "com.github.openshift.api.operator.v1.IngressController": { + "description": "IngressController describes a managed ingress controller for the cluster. The controller can service OpenShift Route and Kubernetes Ingress resources.\n\nWhen an IngressController is created, a new ingress controller deployment is created to allow external traffic to reach the services that expose Ingress or Route resources. Updating this resource may lead to disruption for public facing network connections as a new ingress controller revision may be rolled out.\n\nhttps://kubernetes.io/docs/concepts/services-networking/ingress-controllers\n\nWhenever possible, sensible defaults for the platform are used. See each field for more details.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "target" - ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -42424,140 +43452,231 @@ "type": "string" }, "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "target": { - "description": "The target object that you want to bind to the standard object.", + "spec": { + "description": "spec is the specification of the desired behavior of the IngressController.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerSpec" + }, + "status": { + "description": "status is the most recently observed status of the IngressController.", "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerStatus" } } }, - "io.k8s.api.core.v1.CSIPersistentVolumeSource": { - "description": "Represents storage that is managed by an external CSI volume driver", + "com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookie": { + "description": "IngressControllerCaptureHTTPCookie describes an HTTP cookie that should be captured.", "type": "object", "required": [ - "driver", - "volumeHandle" + "matchType", + "maxLength" ], "properties": { - "controllerExpandSecretRef": { - "description": "controllerExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerExpandVolume call. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", - "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" - }, - "controllerPublishSecretRef": { - "description": "controllerPublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI ControllerPublishVolume and ControllerUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", - "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" - }, - "driver": { - "description": "driver is the name of the driver to use for this volume. Required.", + "matchType": { + "description": "matchType specifies the type of match to be performed on the cookie name. Allowed values are \"Exact\" for an exact string match and \"Prefix\" for a string prefix match. If \"Exact\" is specified, a name must be specified in the name field. If \"Prefix\" is provided, a prefix must be specified in the namePrefix field. For example, specifying matchType \"Prefix\" and namePrefix \"foo\" will capture a cookie named \"foo\" or \"foobar\" but not one named \"bar\". The first matching cookie is captured.", "type": "string", "default": "" }, - "fsType": { - "description": "fsType to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\".", - "type": "string" - }, - "nodeExpandSecretRef": { - "description": "nodeExpandSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeExpandVolume call. This field is optional, may be omitted if no secret is required. If the secret object contains more than one secret, all secrets are passed.", - "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" + "maxLength": { + "description": "maxLength specifies a maximum length of the string that will be logged, which includes the cookie name, cookie value, and one-character delimiter. If the log entry exceeds this length, the value will be truncated in the log message. Note that the ingress controller may impose a separate bound on the total length of HTTP headers in a request.", + "type": "integer", + "format": "int32", + "default": 0 }, - "nodePublishSecretRef": { - "description": "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", - "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" + "name": { + "description": "name specifies a cookie name. Its value must be a valid HTTP cookie name as defined in RFC 6265 section 4.1.", + "type": "string", + "default": "" }, - "nodeStageSecretRef": { - "description": "nodeStageSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodeStageVolume and NodeStageVolume and NodeUnstageVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secrets are passed.", - "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" + "namePrefix": { + "description": "namePrefix specifies a cookie name prefix. Its value must be a valid HTTP cookie name as defined in RFC 6265 section 4.1.", + "type": "string", + "default": "" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "matchType", + "fields-to-discriminateBy": { + "name": "Name", + "namePrefix": "NamePrefix" + } + } + ] + }, + "com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPCookieUnion": { + "description": "IngressControllerCaptureHTTPCookieUnion describes optional fields of an HTTP cookie that should be captured.", + "type": "object", + "required": [ + "matchType" + ], + "properties": { + "matchType": { + "description": "matchType specifies the type of match to be performed on the cookie name. Allowed values are \"Exact\" for an exact string match and \"Prefix\" for a string prefix match. If \"Exact\" is specified, a name must be specified in the name field. If \"Prefix\" is provided, a prefix must be specified in the namePrefix field. For example, specifying matchType \"Prefix\" and namePrefix \"foo\" will capture a cookie named \"foo\" or \"foobar\" but not one named \"bar\". The first matching cookie is captured.", + "type": "string", + "default": "" }, - "readOnly": { - "description": "readOnly value to pass to ControllerPublishVolumeRequest. Defaults to false (read/write).", - "type": "boolean" + "name": { + "description": "name specifies a cookie name. Its value must be a valid HTTP cookie name as defined in RFC 6265 section 4.1.", + "type": "string", + "default": "" }, - "volumeAttributes": { - "description": "volumeAttributes of the volume to publish.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" + "namePrefix": { + "description": "namePrefix specifies a cookie name prefix. Its value must be a valid HTTP cookie name as defined in RFC 6265 section 4.1.", + "type": "string", + "default": "" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "matchType", + "fields-to-discriminateBy": { + "name": "Name", + "namePrefix": "NamePrefix" } + } + ] + }, + "com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader": { + "description": "IngressControllerCaptureHTTPHeader describes an HTTP header that should be captured.", + "type": "object", + "required": [ + "name", + "maxLength" + ], + "properties": { + "maxLength": { + "description": "maxLength specifies a maximum length for the header value. If a header value exceeds this length, the value will be truncated in the log message. Note that the ingress controller may impose a separate bound on the total length of HTTP headers in a request.", + "type": "integer", + "format": "int32", + "default": 0 }, - "volumeHandle": { - "description": "volumeHandle is the unique volume name returned by the CSI volume plugin’s CreateVolume to refer to the volume on all subsequent calls. Required.", + "name": { + "description": "name specifies a header name. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2.", "type": "string", "default": "" } } }, - "io.k8s.api.core.v1.CSIVolumeSource": { - "description": "Represents a source location of a volume to mount, managed by an external CSI driver", + "com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeaders": { + "description": "IngressControllerCaptureHTTPHeaders specifies which HTTP headers the IngressController captures.", + "type": "object", + "properties": { + "request": { + "description": "request specifies which HTTP request headers to capture.\n\nIf this field is empty, no request headers are captured.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader" + }, + "x-kubernetes-list-type": "atomic" + }, + "response": { + "description": "response specifies which HTTP response headers to capture.\n\nIf this field is empty, no response headers are captured.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerCaptureHTTPHeader" + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "com.github.openshift.api.operator.v1.IngressControllerHTTPHeader": { + "description": "IngressControllerHTTPHeader specifies configuration for setting or deleting an HTTP header.", "type": "object", "required": [ - "driver" + "name", + "action" ], "properties": { - "driver": { - "description": "driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster.", + "action": { + "description": "action specifies actions to perform on headers, such as setting or deleting headers.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActionUnion" + }, + "name": { + "description": "name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, \"-!#$%&'*+.^_`\". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.", "type": "string", "default": "" + } + } + }, + "com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActionUnion": { + "description": "IngressControllerHTTPHeaderActionUnion specifies an action to take on an HTTP header.", + "type": "object", + "required": [ + "type" + ], + "properties": { + "set": { + "description": "set specifies how the HTTP header should be set. This field is required when type is Set and forbidden otherwise.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerSetHTTPHeader" }, - "fsType": { - "description": "fsType to mount. Ex. \"ext4\", \"xfs\", \"ntfs\". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply.", - "type": "string" - }, - "nodePublishSecretRef": { - "description": "nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed.", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" - }, - "readOnly": { - "description": "readOnly specifies a read-only configuration for the volume. Defaults to false (read/write).", - "type": "boolean" - }, - "volumeAttributes": { - "description": "volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" + "type": { + "description": "type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.", + "type": "string", + "default": "" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "set": "Set" } } - } + ] }, - "io.k8s.api.core.v1.Capabilities": { - "description": "Adds and removes POSIX capabilities from running containers.", + "com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActions": { + "description": "IngressControllerHTTPHeaderActions defines configuration for actions on HTTP request and response headers.", "type": "object", "properties": { - "add": { - "description": "Added capabilities", + "request": { + "description": "request is a list of HTTP request headers to modify. Actions defined here will modify the request headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for request headers will be executed before Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. Sample fetchers allowed are \"req.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[req.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\".", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerHTTPHeader" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "drop": { - "description": "Removed capabilities", + "response": { + "description": "response is a list of HTTP response headers to modify. Actions defined here will modify the response headers of all requests passing through an ingress controller. These actions are applied to all Routes i.e. for all connections handled by the ingress controller defined within a cluster. IngressController actions for response headers will be executed after Route actions. Currently, actions may define to either `Set` or `Delete` headers values. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. Sample fetchers allowed are \"res.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[res.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\".", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerHTTPHeader" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } } }, - "io.k8s.api.core.v1.CephFSPersistentVolumeSource": { - "description": "Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.", + "com.github.openshift.api.operator.v1.IngressControllerHTTPHeaders": { + "description": "IngressControllerHTTPHeaders specifies how the IngressController handles certain HTTP headers.", "type": "object", - "required": [ - "monitors" - ], "properties": { - "monitors": { - "description": "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "actions": { + "description": "actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the \"haproxy.router.openshift.io/hsts_header\" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController's spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route's spec.httpHeaders.actions field. Headers set using this API cannot be captured for use in access logs. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Host, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerHTTPHeaderActions" + }, + "forwardedHeaderPolicy": { + "description": "forwardedHeaderPolicy specifies when and how the IngressController sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version HTTP headers. The value may be one of the following:\n\n* \"Append\", which specifies that the IngressController appends the\n headers, preserving existing headers.\n\n* \"Replace\", which specifies that the IngressController sets the\n headers, replacing any existing Forwarded or X-Forwarded-* headers.\n\n* \"IfNone\", which specifies that the IngressController sets the\n headers if they are not already set.\n\n* \"Never\", which specifies that the IngressController never sets the\n headers, preserving any existing headers.\n\nBy default, the policy is \"Append\".", + "type": "string" + }, + "headerNameCaseAdjustments": { + "description": "headerNameCaseAdjustments specifies case adjustments that can be applied to HTTP header names. Each adjustment is specified as an HTTP header name with the desired capitalization. For example, specifying \"X-Forwarded-For\" indicates that the \"x-forwarded-for\" HTTP header should be adjusted to have the specified capitalization.\n\nThese adjustments are only applied to cleartext, edge-terminated, and re-encrypt routes, and only when using HTTP/1.\n\nFor request headers, these adjustments are applied only for routes that have the haproxy.router.openshift.io/h1-adjust-case=true annotation. For response headers, these adjustments are applied to all HTTP responses.\n\nIf this field is empty, no request headers are adjusted.", "type": "array", "items": { "type": "string", @@ -42565,332 +43684,524 @@ }, "x-kubernetes-list-type": "atomic" }, - "path": { - "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", - "type": "string" - }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "boolean" - }, - "secretFile": { - "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "uniqueId": { + "description": "uniqueId describes configuration for a custom HTTP header that the ingress controller should inject into incoming HTTP requests. Typically, this header is configured to have a value that is unique to the HTTP request. The header can be used by applications or included in access logs to facilitate tracing individual HTTP requests.\n\nIf this field is empty, no such header is injected into requests.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerHTTPUniqueIdHeaderPolicy" + } + } + }, + "com.github.openshift.api.operator.v1.IngressControllerHTTPUniqueIdHeaderPolicy": { + "description": "IngressControllerHTTPUniqueIdHeaderPolicy describes configuration for a unique id header.", + "type": "object", + "properties": { + "format": { + "description": "format specifies the format for the injected HTTP header's value. This field has no effect unless name is specified. For the HAProxy-based ingress controller implementation, this format uses the same syntax as the HTTP log format. If the field is empty, the default value is \"%{+X}o\\\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid\"; see the corresponding HAProxy documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3", "type": "string" }, - "secretRef": { - "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" - }, - "user": { - "description": "user is Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "name": { + "description": "name specifies the name of the HTTP header (for example, \"unique-id\") that the ingress controller should inject into HTTP requests. The field's value must be a valid HTTP header name as defined in RFC 2616 section 4.2. If the field is empty, no header is injected.", "type": "string" } } }, - "io.k8s.api.core.v1.CephFSVolumeSource": { - "description": "Represents a Ceph Filesystem mount that lasts the lifetime of a pod Cephfs volumes do not support ownership management or SELinux relabeling.", + "com.github.openshift.api.operator.v1.IngressControllerList": { + "description": "IngressControllerList contains a list of IngressControllers.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "monitors" + "items" ], "properties": { - "monitors": { - "description": "monitors is Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "path is Optional: Used as the mounted root, rather than the full Ceph tree, default is /", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "boolean" + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressController" + } }, - "secretFile": { - "description": "secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "secretRef": { - "description": "secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" - }, - "user": { - "description": "user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it", - "type": "string" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.CinderPersistentVolumeSource": { - "description": "Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.", + "com.github.openshift.api.operator.v1.IngressControllerLogging": { + "description": "IngressControllerLogging describes what should be logged where.", + "type": "object", + "properties": { + "access": { + "description": "access describes how the client requests should be logged.\n\nIf this field is empty, access logging is disabled.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AccessLogging" + } + } + }, + "com.github.openshift.api.operator.v1.IngressControllerSetHTTPHeader": { + "description": "IngressControllerSetHTTPHeader defines the value which needs to be set on an HTTP header.", "type": "object", "required": [ - "volumeID" + "value" ], "properties": { - "fsType": { - "description": "fsType Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "value": { + "description": "value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.operator.v1.IngressControllerSpec": { + "description": "IngressControllerSpec is the specification of the desired behavior of the IngressController.", + "type": "object", + "properties": { + "clientTLS": { + "description": "clientTLS specifies settings for requesting and verifying client certificates, which can be used to enable mutual TLS for edge-terminated and reencrypt routes.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClientTLS" + }, + "closedClientConnectionPolicy": { + "description": "closedClientConnectionPolicy controls how the IngressController behaves when the client closes the TCP connection while the TLS handshake or HTTP request is in progress. This option maps directly to HAProxy’s \"abortonclose\" option.\n\nValid values are: \"Abort\" and \"Continue\". The default value is \"Continue\".\n\nWhen set to \"Abort\", the router will stop processing the TLS handshake if it is in progress, and it will not send an HTTP request to the backend server if the request has not yet been sent when the client closes the connection.\n\nWhen set to \"Continue\", the router will complete the TLS handshake if it is in progress, or send an HTTP request to the backend server and wait for the backend server's response, regardless of whether the client has closed the connection.\n\nSetting \"Abort\" can help free CPU resources otherwise spent on TLS computation for connections the client has already closed, and can reduce request queue size, thereby reducing the load on saturated backend servers.\n\nImportant Considerations:\n\n - The default policy (\"Continue\") is HTTP-compliant, and requests\n for aborted client connections will still be served.\n Use the \"Continue\" policy to allow a client to send a request\n and then immediately close its side of the connection while\n still receiving a response on the half-closed connection.\n\n - When clients use keep-alive connections, the most common case for premature\n closure is when the user wants to cancel the transfer or when a timeout\n occurs. In that case, the \"Abort\" policy may be used to reduce resource consumption.\n\n - Using RSA keys larger than 2048 bits can significantly slow down\n TLS computations. Consider using the \"Abort\" policy to reduce CPU usage.", + "type": "string", + "default": "Continue" + }, + "defaultCertificate": { + "description": "defaultCertificate is a reference to a secret containing the default certificate served by the ingress controller. When Routes don't specify their own certificate, defaultCertificate is used.\n\nThe secret must contain the following keys and data:\n\n tls.crt: certificate file contents\n tls.key: key file contents\n\nIf unset, a wildcard certificate is automatically generated and used. The certificate is valid for the ingress controller domain (and subdomains) and the generated certificate's CA will be automatically integrated with the cluster's trust store.\n\nIf a wildcard certificate is used and shared by multiple HTTP/2 enabled routes (which implies ALPN) then clients (i.e., notably browsers) are at liberty to reuse open connections. This means a client can reuse a connection to another route and that is likely to fail. This behaviour is generally known as connection coalescing.\n\nThe in-use certificate (whether generated or user-specified) will be automatically integrated with OpenShift's built-in OAuth server.", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + }, + "domain": { + "description": "domain is a DNS name serviced by the ingress controller and is used to configure multiple features:\n\n* For the LoadBalancerService endpoint publishing strategy, domain is\n used to configure DNS records. See endpointPublishingStrategy.\n\n* When using a generated default certificate, the certificate will be valid\n for domain and its subdomains. See defaultCertificate.\n\n* The value is published to individual Route statuses so that end-users\n know where to target external DNS records.\n\ndomain must be unique among all IngressControllers, and cannot be updated.\n\nIf empty, defaults to ingress.config.openshift.io/cluster .spec.domain.\n\nThe domain value must be a valid DNS name. It must consist of lowercase alphanumeric characters, '-' or '.', and each label must start and end with an alphanumeric character and not exceed 63 characters. Maximum length of a valid DNS domain is 253 characters.\n\nThe implementation may add a prefix such as \"router-default.\" to the domain when constructing the router canonical hostname. To ensure the resulting hostname does not exceed the DNS maximum length of 253 characters, the domain length is additionally validated at the IngressController object level. For the maximum length of the domain value itself, the shortest possible variant of the prefix and the ingress controller name was considered for example \"router-a.\"", "type": "string" }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "boolean" + "endpointPublishingStrategy": { + "description": "endpointPublishingStrategy is used to publish the ingress controller endpoints to other networks, enable load balancer integrations, etc.\n\nIf unset, the default is based on infrastructure.config.openshift.io/cluster .status.platform:\n\n AWS: LoadBalancerService (with External scope)\n Azure: LoadBalancerService (with External scope)\n GCP: LoadBalancerService (with External scope)\n IBMCloud: LoadBalancerService (with External scope)\n AlibabaCloud: LoadBalancerService (with External scope)\n Libvirt: HostNetwork\n\nAny other platform types (including None) default to HostNetwork.\n\nendpointPublishingStrategy cannot be updated.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.EndpointPublishingStrategy" }, - "secretRef": { - "description": "secretRef is Optional: points to a secret object containing parameters used to connect to OpenStack.", - "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" + "httpCompression": { + "description": "httpCompression defines a policy for HTTP traffic compression. By default, there is no HTTP compression.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.HTTPCompressionPolicy" }, - "volumeID": { - "description": "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "httpEmptyRequestsPolicy": { + "description": "httpEmptyRequestsPolicy describes how HTTP connections should be handled if the connection times out before a request is received. Allowed values for this field are \"Respond\" and \"Ignore\". If the field is set to \"Respond\", the ingress controller sends an HTTP 400 or 408 response, logs the connection (if access logging is enabled), and counts the connection in the appropriate metrics. If the field is set to \"Ignore\", the ingress controller closes the connection without sending a response, logging the connection, or incrementing metrics. The default value is \"Respond\".\n\nTypically, these connections come from load balancers' health probes or Web browsers' speculative connections (\"preconnect\") and can be safely ignored. However, these requests may also be caused by network errors, and so setting this field to \"Ignore\" may impede detection and diagnosis of problems. In addition, these requests may be caused by port scans, in which case logging empty requests may aid in detecting intrusion attempts.", + "type": "string" + }, + "httpErrorCodePages": { + "description": "httpErrorCodePages specifies a configmap with custom error pages. The administrator must create this configmap in the openshift-config namespace. This configmap should have keys in the format \"error-page-.http\", where is an HTTP error code. For example, \"error-page-503.http\" defines an error page for HTTP 503 responses. Currently only error pages for 503 and 404 responses can be customized. Each value in the configmap should be the full response, including HTTP headers. Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http If this field is empty, the ingress controller uses the default error pages.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.ConfigMapNameReference" + }, + "httpHeaders": { + "description": "httpHeaders defines policy for HTTP headers.\n\nIf this field is empty, the default values are used.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerHTTPHeaders" + }, + "idleConnectionTerminationPolicy": { + "description": "idleConnectionTerminationPolicy maps directly to HAProxy's idle-close-on-response option and controls whether HAProxy keeps idle frontend connections open during a soft stop (router reload).\n\nAllowed values for this field are \"Immediate\" and \"Deferred\". The default value is \"Immediate\".\n\nWhen set to \"Immediate\", idle connections are closed immediately during router reloads. This ensures immediate propagation of route changes but may impact clients sensitive to connection resets.\n\nWhen set to \"Deferred\", HAProxy will maintain idle connections during a soft reload instead of closing them immediately. These connections remain open until any of the following occurs:\n\n - A new request is received on the connection, in which\n case HAProxy handles it in the old process and closes\n the connection after sending the response.\n\n - HAProxy's `timeout http-keep-alive` duration expires.\n By default this is 300 seconds, but it can be changed\n using httpKeepAliveTimeout tuning option.\n\n - The client's keep-alive timeout expires, causing the\n client to close the connection.\n\nSetting Deferred can help prevent errors in clients or load balancers that do not properly handle connection resets. Additionally, this option allows you to retain the pre-2.4 HAProxy behaviour: in HAProxy version 2.2 (OpenShift versions < 4.14), maintaining idle connections during a soft reload was the default behaviour, but starting with HAProxy 2.4, the default changed to closing idle connections immediately.\n\nImportant Consideration:\n\n - Using Deferred will result in temporary inconsistencies\n for the first request on each persistent connection\n after a route update and router reload. This request\n will be processed by the old HAProxy process using its\n old configuration. Subsequent requests will use the\n updated configuration.\n\nOperational Considerations:\n\n - Keeping idle connections open during reloads may lead\n to an accumulation of old HAProxy processes if\n connections remain idle for extended periods,\n especially in environments where frequent reloads\n occur.\n\n - Consider monitoring the number of HAProxy processes in\n the router pods when Deferred is set.\n\n - You may need to enable or adjust the\n `ingress.operator.openshift.io/hard-stop-after`\n duration (configured via an annotation on the\n IngressController resource) in environments with\n frequent reloads to prevent resource exhaustion.", "type": "string", - "default": "" + "default": "Immediate" + }, + "logging": { + "description": "logging defines parameters for what should be logged where. If this field is empty, operational logs are enabled but access logs are disabled.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerLogging" + }, + "namespaceSelector": { + "description": "namespaceSelector is used to filter the set of namespaces serviced by the ingress controller. This is useful for implementing shards.\n\nIf unset, the default is no filtering.", + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "nodePlacement": { + "description": "nodePlacement enables explicit control over the scheduling of the ingress controller.\n\nIf unset, defaults are used. See NodePlacement for more details.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodePlacement" + }, + "replicas": { + "description": "replicas is the desired number of ingress controller replicas. If unset, the default depends on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses status.\n\nThe value of replicas is set based on the value of a chosen field in the Infrastructure CR. If defaultPlacement is set to ControlPlane, the chosen field will be controlPlaneTopology. If it is set to Workers the chosen field will be infrastructureTopology. Replicas will then be set to 1 or 2 based whether the chosen field's value is SingleReplica or HighlyAvailable, respectively.\n\nThese defaults are subject to change.", + "type": "integer", + "format": "int32" + }, + "routeAdmission": { + "description": "routeAdmission defines a policy for handling new route claims (for example, to allow or deny claims across namespaces).\n\nIf empty, defaults will be applied. See specific routeAdmission fields for details about their defaults.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.RouteAdmissionPolicy" + }, + "routeSelector": { + "description": "routeSelector is used to filter the set of Routes serviced by the ingress controller. This is useful for implementing shards.\n\nIf unset, the default is no filtering.", + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "tlsSecurityProfile": { + "description": "tlsSecurityProfile specifies settings for TLS connections for ingresscontrollers.\n\nIf unset, the default is based on the apiservers.config.openshift.io/cluster resource.\n\nNote that when using the Old, Intermediate, and Modern profile types, the effective profile configuration is subject to change between releases. For example, given a specification to use the Intermediate profile deployed on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new profile configuration to be applied to the ingress controller, resulting in a rollout.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.TLSSecurityProfile" + }, + "tuningOptions": { + "description": "tuningOptions defines parameters for adjusting the performance of ingress controller pods. All fields are optional and will use their respective defaults if not set. See specific tuningOptions fields for more details.\n\nSetting fields within tuningOptions is generally not recommended. The default values are suitable for most configurations.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IngressControllerTuningOptions" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides allows specifying unsupported configuration options. Its use is unsupported.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.CinderVolumeSource": { - "description": "Represents a cinder volume resource in Openstack. A Cinder volume must exist before mounting to a container. The volume must also be in the same region as the kubelet. Cinder volumes support ownership management and SELinux relabeling.", + "com.github.openshift.api.operator.v1.IngressControllerStatus": { + "description": "IngressControllerStatus defines the observed status of the IngressController.", "type": "object", - "required": [ - "volumeID" - ], "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "string" + "availableReplicas": { + "description": "availableReplicas is number of observed available replicas according to the ingress controller deployment.", + "type": "integer", + "format": "int32", + "default": 0 }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "type": "boolean" + "conditions": { + "description": "conditions is a list of conditions and their status.\n\nAvailable means the ingress controller deployment is available and servicing route and ingress resources (i.e, .status.availableReplicas equals .spec.replicas)\n\nThere are additional conditions which indicate the status of other ingress controller features and capabilities.\n\n * LoadBalancerManaged\n - True if the following conditions are met:\n * The endpoint publishing strategy requires a service load balancer.\n - False if any of those conditions are unsatisfied.\n\n * LoadBalancerReady\n - True if the following conditions are met:\n * A load balancer is managed.\n * The load balancer is ready.\n - False if any of those conditions are unsatisfied.\n\n * DNSManaged\n - True if the following conditions are met:\n * The endpoint publishing strategy and platform support DNS.\n * The ingress controller domain is set.\n * dns.config.openshift.io/cluster configures DNS zones.\n - False if any of those conditions are unsatisfied.\n\n * DNSReady\n - True if the following conditions are met:\n * DNS is managed.\n * DNS records have been successfully created.\n - False if any of those conditions are unsatisfied.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "secretRef": { - "description": "secretRef is optional: points to a secret object containing parameters used to connect to OpenStack.", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + "domain": { + "description": "domain is the actual domain in use.", + "type": "string", + "default": "" }, - "volumeID": { - "description": "volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", + "endpointPublishingStrategy": { + "description": "endpointPublishingStrategy is the actual strategy in use.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.EndpointPublishingStrategy" + }, + "namespaceSelector": { + "description": "namespaceSelector is the actual namespaceSelector in use.", + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "observedGeneration": { + "description": "observedGeneration is the most recent generation observed.", + "type": "integer", + "format": "int64" + }, + "routeSelector": { + "description": "routeSelector is the actual routeSelector in use.", + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "selector": { + "description": "selector is a label selector, in string format, for ingress controller pods corresponding to the IngressController. The number of matching pods should equal the value of availableReplicas.", "type": "string", "default": "" + }, + "tlsProfile": { + "description": "tlsProfile is the TLS connection configuration that is in effect.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.TLSProfileSpec" } } }, - "io.k8s.api.core.v1.ClientIPConfig": { - "description": "ClientIPConfig represents the configurations of Client IP based session affinity.", + "com.github.openshift.api.operator.v1.IngressControllerTuningOptions": { + "description": "IngressControllerTuningOptions specifies options for tuning the performance of ingress controller pods", "type": "object", "properties": { - "timeoutSeconds": { - "description": "timeoutSeconds specifies the seconds of ClientIP type session sticky time. The value must be >0 && <=86400(for 1 day) if ServiceAffinity == \"ClientIP\". Default value is 10800(for 3 hours).", + "clientFinTimeout": { + "description": "clientFinTimeout defines how long a connection will be held open while waiting for the client response to the server/backend closing the connection.\n\nIf unset, the default timeout is 1s", + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "clientTimeout": { + "description": "clientTimeout defines how long a connection will be held open while waiting for a client response.\n\nIf unset, the default timeout is 30s", + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "configurationManagement": { + "description": "configurationManagement specifies how OpenShift router should update the HAProxy configuration. The following values are valid for this field:\n\n* \"ForkAndReload\". * \"Dynamic\".\n\nOmitting this field means that the user has no opinion and the platform may choose a reasonable default. This default is subject to change over time. The current default is \"ForkAndReload\".\n\n\"ForkAndReload\" means that OpenShift router should rewrite the HAProxy configuration file and instruct HAProxy to fork and reload. This is OpenShift router's traditional approach.\n\n\"Dynamic\" means that OpenShift router may use HAProxy's control socket for some configuration updates and fall back to fork and reload for other configuration updates. This is a newer approach, which may be less mature than ForkAndReload. This setting can improve load-balancing fairness and metrics accuracy and reduce CPU and memory usage if HAProxy has frequent configuration updates for route and endpoints updates.\n\nNote: The \"Dynamic\" option is currently experimental and should not be enabled on production clusters.\n\n\nPossible enum values:\n - `\"Dynamic\"`\n - `\"ForkAndReload\"`", + "type": "string", + "enum": [ + "Dynamic", + "ForkAndReload" + ] + }, + "connectTimeout": { + "description": "connectTimeout defines the maximum time to wait for a connection attempt to a server/backend to succeed.\n\nThis field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a reasonable default. This default is subject to change over time. The current default is 5s.", + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "headerBufferBytes": { + "description": "headerBufferBytes describes how much memory should be reserved (in bytes) for IngressController connection sessions. Note that this value must be at least 16384 if HTTP/2 is enabled for the IngressController (https://tools.ietf.org/html/rfc7540). If this field is empty, the IngressController will use a default value of 32768 bytes.\n\nSetting this field is generally not recommended as headerBufferBytes values that are too small may break the IngressController and headerBufferBytes values that are too large could cause the IngressController to use significantly more memory than necessary.", + "type": "integer", + "format": "int32" + }, + "headerBufferMaxRewriteBytes": { + "description": "headerBufferMaxRewriteBytes describes how much memory should be reserved (in bytes) from headerBufferBytes for HTTP header rewriting and appending for IngressController connection sessions. Note that incoming HTTP requests will be limited to (headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning headerBufferBytes must be greater than headerBufferMaxRewriteBytes. If this field is empty, the IngressController will use a default value of 8192 bytes.\n\nSetting this field is generally not recommended as headerBufferMaxRewriteBytes values that are too small may break the IngressController and headerBufferMaxRewriteBytes values that are too large could cause the IngressController to use significantly more memory than necessary.", "type": "integer", "format": "int32" + }, + "healthCheckInterval": { + "description": "healthCheckInterval defines how long the router waits between two consecutive health checks on its configured backends. This value is applied globally as a default for all routes, but may be overridden per-route by the route annotation \"router.openshift.io/haproxy.health.check.interval\".\n\nExpects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nSetting this to less than 5s can cause excess traffic due to too frequent TCP health checks and accompanying SYN packet storms. Alternatively, setting this too high can result in increased latency, due to backend servers that are no longer available, but haven't yet been detected as such.\n\nAn empty or zero healthCheckInterval means no opinion and IngressController chooses a default, which is subject to change over time. Currently the default healthCheckInterval value is 5s.\n\nCurrently the minimum allowed value is 1s and the maximum allowed value is 2147483647ms (24.85 days). Both are subject to change over time.", + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "httpKeepAliveTimeout": { + "description": "httpKeepAliveTimeout defines the maximum allowed time to wait for a new HTTP request to appear on a connection from the client to the router.\n\nThis field expects an unsigned duration string of a decimal number, with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5s\" or \"2m45s\". Valid time units are \"ms\", \"s\", \"m\". The allowed range is from 1 millisecond to 15 minutes.\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a reasonable default. This default is subject to change over time. The current default is 300s.\n\nLow values (tens of milliseconds or less) can cause clients to close and reopen connections for each request, leading to reduced connection sharing. For HTTP/2, special care should be taken with low values. A few seconds is a reasonable starting point to avoid holding idle connections open while still allowing subsequent requests to reuse the connection.\n\nHigh values (minutes or more) favor connection reuse but may cause idle connections to linger longer.", + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "maxConnections": { + "description": "maxConnections defines the maximum number of simultaneous connections that can be established per HAProxy process. Increasing this value allows each ingress controller pod to handle more connections but at the cost of additional system resources being consumed.\n\nPermitted values are: empty, 0, -1, and the range 2000-2000000.\n\nIf this field is empty or 0, the IngressController will use the default value of 50000, but the default is subject to change in future releases.\n\nIf the value is -1 then HAProxy will dynamically compute a maximum value based on the available ulimits in the running container. Selecting -1 (i.e., auto) will result in a large value being computed (~520000 on OpenShift >=4.10 clusters) and therefore each HAProxy process will incur significant memory usage compared to the current default of 50000.\n\nSetting a value that is greater than the current operating system limit will prevent the HAProxy process from starting.\n\nIf you choose a discrete value (e.g., 750000) and the router pod is migrated to a new node, there's no guarantee that that new node has identical ulimits configured. In such a scenario the pod would fail to start. If you have nodes with different ulimits configured (e.g., different tuned profiles) and you choose a discrete value then the guidance is to use -1 and let the value be computed dynamically at runtime.\n\nYou can monitor memory usage for router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}'.\n\nYou can monitor memory usage of individual HAProxy processes in router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}/container_processes{container=\"router\",namespace=\"openshift-ingress\"}'.", + "type": "integer", + "format": "int32" + }, + "reloadInterval": { + "description": "reloadInterval defines the minimum interval at which the router is allowed to reload to accept new changes. Increasing this value can prevent the accumulation of HAProxy processes, depending on the scenario. Increasing this interval can also lessen load imbalance on a backend's servers when using the roundrobin balancing algorithm. Alternatively, decreasing this value may decrease latency since updates to HAProxy's configuration can take effect more quickly.\n\nThe value must be a time duration value; see . Currently, the minimum value allowed is 1s, and the maximum allowed value is 120s. Minimum and maximum allowed values may change in future versions of OpenShift. Note that if a duration outside of these bounds is provided, the value of reloadInterval will be capped/floored and not rejected (e.g. a duration of over 120s will be capped to 120s; the IngressController will not reject and replace this disallowed value with the default).\n\nA zero value for reloadInterval tells the IngressController to choose the default, which is currently 5s and subject to change without notice.\n\nThis field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nNote: Setting a value significantly larger than the default of 5s can cause latency in observing updates to routes and their endpoints. HAProxy's configuration will be reloaded less frequently, and newly created routes will not be served until the subsequent reload.", + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "serverFinTimeout": { + "description": "serverFinTimeout defines how long a connection will be held open while waiting for the server/backend response to the client closing the connection.\n\nIf unset, the default timeout is 1s", + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "serverTimeout": { + "description": "serverTimeout defines how long a connection will be held open while waiting for a server/backend response.\n\nIf unset, the default timeout is 30s", + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "threadCount": { + "description": "threadCount defines the number of threads created per HAProxy process. Creating more threads allows each ingress controller pod to handle more connections, at the cost of more system resources being used. HAProxy currently supports up to 64 threads. If this field is empty, the IngressController will use the default value. The current default is 4 threads, but this may change in future releases.\n\nSetting this field is generally not recommended. Increasing the number of HAProxy threads allows ingress controller pods to utilize more CPU time under load, potentially starving other pods if set too high. Reducing the number of threads may cause the ingress controller to perform poorly.", + "type": "integer", + "format": "int32" + }, + "tlsInspectDelay": { + "description": "tlsInspectDelay defines how long the router can hold data to find a matching route.\n\nSetting this too short can cause the router to fall back to the default certificate for edge-terminated or reencrypt routes even when a better matching certificate could be used.\n\nIf unset, the default inspect delay is 5s", + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "tunnelTimeout": { + "description": "tunnelTimeout defines how long a tunnel connection (including websockets) will be held open while the tunnel is idle.\n\nIf unset, the default timeout is 1h", + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.ClusterTrustBundleProjection": { - "description": "ClusterTrustBundleProjection describes how to select a set of ClusterTrustBundle objects and project their contents into the pod filesystem.", + "com.github.openshift.api.operator.v1.InsightsOperator": { + "description": "InsightsOperator holds cluster-wide information about the Insights Operator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "path" + "metadata", + "spec" ], "properties": { - "labelSelector": { - "description": "Select all ClusterTrustBundles that match this label selector. Only has effect if signerName is set. Mutually-exclusive with name. If unset, interpreted as \"match nothing\". If set but empty, interpreted as \"match everything\".", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "name": { - "description": "Select a single ClusterTrustBundle by object name. Mutually-exclusive with signerName and labelSelector.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "optional": { - "description": "If true, don't block pod startup if the referenced ClusterTrustBundle(s) aren't available. If using name, then the named ClusterTrustBundle is allowed not to exist. If using signerName, then the combination of signerName and labelSelector is allowed to match zero ClusterTrustBundles.", - "type": "boolean" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "path": { - "description": "Relative path from the volume root to write the bundle.", - "type": "string", - "default": "" + "spec": { + "description": "spec is the specification of the desired behavior of the Insights.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.InsightsOperatorSpec" }, - "signerName": { - "description": "Select all ClusterTrustBundles that match this signer name. Mutually-exclusive with name. The contents of all selected ClusterTrustBundles will be unified and deduplicated.", - "type": "string" + "status": { + "description": "status is the most recently observed status of the Insights operator.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.InsightsOperatorStatus" } } }, - "io.k8s.api.core.v1.ComponentCondition": { - "description": "Information about the condition of a component.", + "com.github.openshift.api.operator.v1.InsightsOperatorList": { + "description": "InsightsOperatorList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "type", - "status" + "metadata", + "items" ], "properties": { - "error": { - "description": "Condition error code for a component. For example, a health check error code.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "message": { - "description": "Message about the condition for a component. For example, information about a health check.", + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.InsightsOperator" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "status": { - "description": "Status of the condition for a component. Valid values for \"Healthy\": \"True\", \"False\", or \"Unknown\".", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.operator.v1.InsightsOperatorSpec": { + "type": "object", + "required": [ + "managementState" + ], + "properties": { + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" }, - "type": { - "description": "Type of condition for a component. Valid value: \"Healthy\"", + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", "default": "" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.ComponentStatus": { - "description": "ComponentStatus (and ComponentStatusList) holds the cluster validation info. Deprecated: This API is deprecated in v1.19+", + "com.github.openshift.api.operator.v1.InsightsOperatorStatus": { "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, "conditions": { - "description": "List of component conditions observed", + "description": "conditions is a list of conditions and their status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ComponentCondition" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" }, "x-kubernetes-list-map-keys": [ "type" ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + "x-kubernetes-list-type": "map" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "gatherStatus": { + "description": "gatherStatus provides basic information about the last Insights data gathering. When omitted, this means no data gathering has taken place yet.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GatherStatus" }, - "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" + }, + "insightsReport": { + "description": "insightsReport provides general Insights analysis results. When omitted, this means no data gathering has taken place yet.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.InsightsReport" + }, + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.InsightsReport": { + "description": "insightsReport provides Insights health check report based on the most recently sent Insights data.", + "type": "object", + "properties": { + "downloadedAt": { + "description": "downloadedAt is the time when the last Insights report was downloaded. An empty value means that there has not been any Insights report downloaded yet and it usually appears in disconnected clusters (or clusters when the Insights data gathering is disabled).", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "healthChecks": { + "description": "healthChecks provides basic information about active Insights health checks in a cluster.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.HealthCheck" + }, + "x-kubernetes-list-type": "atomic" } } }, - "io.k8s.api.core.v1.ComponentStatusList": { - "description": "Status of all the conditions for the component as a list of ComponentStatus objects. Deprecated: This API is deprecated in v1.19+", + "com.github.openshift.api.operator.v1.IrreconcilableValidationOverrides": { + "description": "IrreconcilableValidationOverrides holds the irreconcilable validations overrides to be applied on each rendered MachineConfig generation.", "type": "object", - "required": [ - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of ComponentStatus objects.", + "storage": { + "description": "storage can be used to allow making irreconcilable changes to the selected sections under the `spec.config.storage` field of MachineConfig CRs It must have at least one item, may not exceed 3 items and must not contain duplicates. Allowed element values are \"Disks\", \"FileSystems\", \"Raid\" and omitted. When contains \"Disks\" changes to the `spec.config.storage.disks` section of MachineConfig CRs are allowed. When contains \"FileSystems\" changes to the `spec.config.storage.filesystems` section of MachineConfig CRs are allowed. When contains \"Raid\" changes to the `spec.config.storage.raid` section of MachineConfig CRs are allowed. When omitted changes to the `spec.config.storage` section are forbidden.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ComponentStatus" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" } } }, - "io.k8s.api.core.v1.ConfigMap": { - "description": "ConfigMap holds configuration data for pods to consume.", + "com.github.openshift.api.operator.v1.KubeAPIServer": { + "description": "KubeAPIServer provides information to configure an operator to manage kube-apiserver.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "binaryData": { - "description": "BinaryData contains the binary data. Each key must consist of alphanumeric characters, '-', '_' or '.'. BinaryData can contain byte sequences that are not in the UTF-8 range. The keys stored in BinaryData must not overlap with the ones in the Data field, this is enforced during validation process. Using this field will require 1.10+ apiserver and kubelet.", - "type": "object", - "additionalProperties": { - "type": "string", - "format": "byte" - } - }, - "data": { - "description": "Data contains the configuration data. Each key must consist of alphanumeric characters, '-', '_' or '.'. Values with non-UTF-8 byte sequences must use the BinaryData field. The keys stored in Data must not overlap with the keys in the BinaryData field, this is enforced during validation process.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "immutable": { - "description": "Immutable, if set to true, ensures that data stored in the ConfigMap cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil.", - "type": "boolean" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } - } - }, - "io.k8s.api.core.v1.ConfigMapEnvSource": { - "description": "ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.\n\nThe contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables.", - "type": "object", - "properties": { - "name": { - "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string", - "default": "" - }, - "optional": { - "description": "Specify whether the ConfigMap must be defined", - "type": "boolean" - } - } - }, - "io.k8s.api.core.v1.ConfigMapKeySelector": { - "description": "Selects a key from a ConfigMap.", - "type": "object", - "required": [ - "key" - ], - "properties": { - "key": { - "description": "The key to select.", - "type": "string", - "default": "" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "name": { - "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string", - "default": "" + "spec": { + "description": "spec is the specification of the desired behavior of the Kubernetes API Server", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeAPIServerSpec" }, - "optional": { - "description": "Specify whether the ConfigMap or its key must be defined", - "type": "boolean" + "status": { + "description": "status is the most recently observed status of the Kubernetes API Server", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeAPIServerStatus" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "io.k8s.api.core.v1.ConfigMapList": { - "description": "ConfigMapList is a resource containing a list of ConfigMap objects.", + "com.github.openshift.api.operator.v1.KubeAPIServerList": { + "description": "KubeAPIServerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -42899,11 +44210,11 @@ "type": "string" }, "items": { - "description": "Items is the list of ConfigMaps.", + "description": "items contains the items", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMap" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeAPIServer" } }, "kind": { @@ -42911,879 +44222,777 @@ "type": "string" }, "metadata": { - "description": "More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.ConfigMapNodeConfigSource": { - "description": "ConfigMapNodeConfigSource contains the information to reference a ConfigMap as a config source for the Node. This API is deprecated since 1.22: https://git.k8s.io/enhancements/keps/sig-node/281-dynamic-kubelet-configuration", + "com.github.openshift.api.operator.v1.KubeAPIServerSpec": { "type": "object", "required": [ - "namespace", - "name", - "kubeletConfigKey" + "managementState", + "forceRedeploymentReason" ], "properties": { - "kubeletConfigKey": { - "description": "KubeletConfigKey declares which key of the referenced ConfigMap corresponds to the KubeletConfiguration structure This field is required in all cases.", - "type": "string", - "default": "" + "eventTTLMinutes": { + "description": "eventTTLMinutes specifies the amount of time that the events are stored before being deleted. The TTL is allowed between 5 minutes minimum up to a maximum of 180 minutes (3 hours).\n\nLowering this value will reduce the storage required in etcd. Note that this setting will only apply to new events being created and will not update existing events.\n\nWhen omitted this means no opinion, and the platform is left to choose a reasonable default, which is subject to change over time. The current default value is 3h (180 minutes).", + "type": "integer", + "format": "int32" }, - "name": { - "description": "Name is the metadata.name of the referenced ConfigMap. This field is required in all cases.", - "type": "string", - "default": "" + "failedRevisionLimit": { + "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", + "type": "integer", + "format": "int32" }, - "namespace": { - "description": "Namespace is the metadata.namespace of the referenced ConfigMap. This field is required in all cases.", + "forceRedeploymentReason": { + "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.", "type": "string", "default": "" }, - "resourceVersion": { - "description": "ResourceVersion is the metadata.ResourceVersion of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.", - "type": "string" - }, - "uid": { - "description": "UID is the metadata.UID of the referenced ConfigMap. This field is forbidden in Node.Spec, and required in Node.Status.", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" - } - } - }, - "io.k8s.api.core.v1.ConfigMapProjection": { - "description": "Adapts a ConfigMap into a projected volume.\n\nThe contents of the target ConfigMap's Data field will be presented in a projected volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. Note that this is identical to a configmap volume source without the default mode.", - "type": "object", - "properties": { - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.KeyToPath" - }, - "x-kubernetes-list-type": "atomic" }, - "name": { - "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", "default": "" }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" - } - } - }, - "io.k8s.api.core.v1.ConfigMapVolumeSource": { - "description": "Adapts a ConfigMap into a volume.\n\nThe contents of the target ConfigMap's Data field will be presented in a volume as files using the keys in the Data field as the file names, unless the items element is populated with specific mappings of keys to paths. ConfigMap volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "defaultMode": { - "description": "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" }, - "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.KeyToPath" - }, - "x-kubernetes-list-type": "atomic" + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" }, - "name": { - "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string", - "default": "" + "succeededRevisionLimit": { + "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", + "type": "integer", + "format": "int32" }, - "optional": { - "description": "optional specify whether the ConfigMap or its keys must be defined", - "type": "boolean" + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.Container": { - "description": "A single application container that you want to run within a pod.", + "com.github.openshift.api.operator.v1.KubeAPIServerStatus": { "type": "object", - "required": [ - "name" - ], "properties": { - "args": { - "description": "Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "command": { - "description": "Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", + "conditions": { + "description": "conditions is a list of conditions and their status", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "env": { - "description": "List of environment variables to set in the container. Cannot be updated.", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" }, "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", "name" ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" + "x-kubernetes-list-type": "map" }, - "envFrom": { - "description": "List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.EnvFromSource" - }, - "x-kubernetes-list-type": "atomic" + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" }, - "image": { - "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", + "latestAvailableRevisionReason": { + "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", "type": "string" }, - "imagePullPolicy": { - "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images\n\nPossible enum values:\n - `\"Always\"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.\n - `\"IfNotPresent\"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.\n - `\"Never\"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present", - "type": "string", - "enum": [ - "Always", - "IfNotPresent", - "Never" - ] - }, - "lifecycle": { - "description": "Actions that the management system should take in response to container lifecycle events. Cannot be updated.", - "$ref": "#/definitions/io.k8s.api.core.v1.Lifecycle" - }, - "livenessProbe": { - "description": "Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "$ref": "#/definitions/io.k8s.api.core.v1.Probe" - }, - "name": { - "description": "Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated.", - "type": "string", - "default": "" - }, - "ports": { - "description": "List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated.", + "nodeStatuses": { + "description": "nodeStatuses track the deployment values and errors across individual nodes", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ContainerPort" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeStatus" }, "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" + "nodeName" ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "containerPort", - "x-kubernetes-patch-strategy": "merge" + "x-kubernetes-list-type": "map" }, - "readinessProbe": { - "description": "Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "$ref": "#/definitions/io.k8s.api.core.v1.Probe" + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" }, - "resizePolicy": { - "description": "Resources resize policy for the container.", + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "serviceAccountIssuers": { + "description": "serviceAccountIssuers tracks history of used service account issuers. The item without expiration time represents the currently used service account issuer. The other items represents service account issuers that were used previously and are still being trusted. The default expiration for the items is set by the platform and it defaults to 24h. see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ContainerResizePolicy" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceAccountIssuerStatus" }, "x-kubernetes-list-type": "atomic" }, - "resources": { - "description": "Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "version": { + "description": "version is the level this availability applies to", + "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.KubeControllerManager": { + "description": "KubeControllerManager provides information to configure an operator to manage kube-controller-manager.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "metadata", + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "restartPolicy": { - "description": "RestartPolicy defines the restart behavior of individual containers in a pod. This overrides the pod-level restart policy. When this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Additionally, setting the RestartPolicy as \"Always\" for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy \"Always\" will be shut down. This lifecycle differs from normal init containers and is often referred to as a \"sidecar\" container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed.", + "spec": { + "description": "spec is the specification of the desired behavior of the Kubernetes Controller Manager", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeControllerManagerSpec" + }, + "status": { + "description": "status is the most recently observed status of the Kubernetes Controller Manager", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeControllerManagerStatus" + } + } + }, + "com.github.openshift.api.operator.v1.KubeControllerManagerList": { + "description": "KubeControllerManagerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "metadata", + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "restartPolicyRules": { - "description": "Represents a list of rules to be checked to determine if the container should be restarted on exit. The rules are evaluated in order. Once a rule matches a container exit condition, the remaining rules are ignored. If no rule matches the container exit condition, the Container-level restart policy determines the whether the container is restarted or not. Constraints on the rules: - At most 20 rules are allowed. - Rules can have the same action. - Identical rules are not forbidden in validations. When rules are specified, container MUST set RestartPolicy explicitly even it if matches the Pod's RestartPolicy.", + "items": { + "description": "items contains the items", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ContainerRestartRule" - }, - "x-kubernetes-list-type": "atomic" - }, - "securityContext": { - "description": "SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", - "$ref": "#/definitions/io.k8s.api.core.v1.SecurityContext" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeControllerManager" + } }, - "startupProbe": { - "description": "StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "$ref": "#/definitions/io.k8s.api.core.v1.Probe" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", - "type": "boolean" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.operator.v1.KubeControllerManagerSpec": { + "type": "object", + "required": [ + "managementState", + "forceRedeploymentReason", + "useMoreSecureServiceCA" + ], + "properties": { + "failedRevisionLimit": { + "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", + "type": "integer", + "format": "int32" }, - "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", - "type": "boolean" + "forceRedeploymentReason": { + "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.", + "type": "string", + "default": "" }, - "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.\n\nPossible enum values:\n - `\"FallbackToLogsOnError\"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.\n - `\"File\"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.", + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", - "enum": [ - "FallbackToLogsOnError", - "File" - ] + "default": "" }, - "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", - "type": "boolean" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" }, - "volumeDevices": { - "description": "volumeDevices is the list of block devices to be used by the container.", + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "succeededRevisionLimit": { + "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", + "type": "integer", + "format": "int32" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + }, + "useMoreSecureServiceCA": { + "description": "useMoreSecureServiceCA indicates that the service-ca.crt provided in SA token volumes should include only enough certificates to validate service serving certificates. Once set to true, it cannot be set to false. Even if someone finds a way to set it back to false, the service-ca.crt files that previously existed will only have the more secure content.", + "type": "boolean", + "default": false + } + } + }, + "com.github.openshift.api.operator.v1.KubeControllerManagerStatus": { + "type": "object", + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.VolumeDevice" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" }, "x-kubernetes-list-map-keys": [ - "devicePath" + "type" ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "devicePath", - "x-kubernetes-patch-strategy": "merge" + "x-kubernetes-list-type": "map" }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem. Cannot be updated.", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.VolumeMount" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" }, "x-kubernetes-list-map-keys": [ - "mountPath" + "group", + "resource", + "namespace", + "name" ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "mountPath", - "x-kubernetes-patch-strategy": "merge" - }, - "workingDir": { - "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", - "type": "string" - } - } - }, - "io.k8s.api.core.v1.ContainerExtendedResourceRequest": { - "description": "ContainerExtendedResourceRequest has the mapping of container name, extended resource name to the device request name.", - "type": "object", - "required": [ - "containerName", - "resourceName", - "requestName" - ], - "properties": { - "containerName": { - "description": "The name of the container requesting resources.", - "type": "string", - "default": "" + "x-kubernetes-list-type": "map" }, - "requestName": { - "description": "The name of the request in the special ResourceClaim which corresponds to the extended resource.", - "type": "string", - "default": "" + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" }, - "resourceName": { - "description": "The name of the extended resource in that container which gets backed by DRA.", - "type": "string", - "default": "" - } - } - }, - "io.k8s.api.core.v1.ContainerImage": { - "description": "Describe a container image", - "type": "object", - "properties": { - "names": { - "description": "Names by which this image is known. e.g. [\"kubernetes.example/hyperkube:v1.0.7\", \"cloud-vendor.registry.example/cloud-vendor/hyperkube:v1.0.7\"]", + "latestAvailableRevisionReason": { + "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", + "type": "string" + }, + "nodeStatuses": { + "description": "nodeStatuses track the deployment values and errors across individual nodes", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeStatus" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "nodeName" + ], + "x-kubernetes-list-type": "map" }, - "sizeBytes": { - "description": "The size of the image in bytes.", + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", "type": "integer", "format": "int64" - } - } - }, - "io.k8s.api.core.v1.ContainerPort": { - "description": "ContainerPort represents a network port in a single container.", - "type": "object", - "required": [ - "containerPort" - ], - "properties": { - "containerPort": { - "description": "Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536.", + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", "type": "integer", "format": "int32", "default": 0 }, - "hostIP": { - "description": "What host IP to bind the external port to.", - "type": "string" - }, - "hostPort": { - "description": "Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this.", - "type": "integer", - "format": "int32" - }, - "name": { - "description": "If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services.", + "version": { + "description": "version is the level this availability applies to", "type": "string" - }, - "protocol": { - "description": "Protocol for port. Must be UDP, TCP, or SCTP. Defaults to \"TCP\".\n\nPossible enum values:\n - `\"SCTP\"` is the SCTP protocol.\n - `\"TCP\"` is the TCP protocol.\n - `\"UDP\"` is the UDP protocol.", - "type": "string", - "default": "TCP", - "enum": [ - "SCTP", - "TCP", - "UDP" - ] } } }, - "io.k8s.api.core.v1.ContainerResizePolicy": { - "description": "ContainerResizePolicy represents resource resize policy for the container.", + "com.github.openshift.api.operator.v1.KubeScheduler": { + "description": "KubeScheduler provides information to configure an operator to manage scheduler.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "resourceName", - "restartPolicy" + "metadata", + "spec" ], "properties": { - "resourceName": { - "description": "Name of the resource to which this resource resize policy applies. Supported values: cpu, memory.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "restartPolicy": { - "description": "Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired.", - "type": "string", - "default": "" - } - } - }, - "io.k8s.api.core.v1.ContainerRestartRule": { - "description": "ContainerRestartRule describes how a container exit is handled.", - "type": "object", - "required": [ - "action" - ], - "properties": { - "action": { - "description": "Specifies the action taken on a container exit if the requirements are satisfied. The only possible value is \"Restart\" to restart the container.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "exitCodes": { - "description": "Represents the exit codes to check on container exits.", - "$ref": "#/definitions/io.k8s.api.core.v1.ContainerRestartRuleOnExitCodes" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec is the specification of the desired behavior of the Kubernetes Scheduler", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeSchedulerSpec" + }, + "status": { + "description": "status is the most recently observed status of the Kubernetes Scheduler", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeSchedulerStatus" } } }, - "io.k8s.api.core.v1.ContainerRestartRuleOnExitCodes": { - "description": "ContainerRestartRuleOnExitCodes describes the condition for handling an exited container based on its exit codes.", + "com.github.openshift.api.operator.v1.KubeSchedulerList": { + "description": "KubeSchedulerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "operator" + "metadata", + "items" ], "properties": { - "operator": { - "description": "Represents the relationship between the container exit code(s) and the specified values. Possible values are: - In: the requirement is satisfied if the container exit code is in the\n set of specified values.\n- NotIn: the requirement is satisfied if the container exit code is\n not in the set of specified values.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "values": { - "description": "Specifies the set of values to check for container exit codes. At most 255 elements are allowed.", + "items": { + "description": "items contains the items", "type": "array", "items": { - "type": "integer", - "format": "int32", - "default": 0 - }, - "x-kubernetes-list-type": "set" - } - } - }, - "io.k8s.api.core.v1.ContainerState": { - "description": "ContainerState holds a possible state of container. Only one of its members may be specified. If none of them is specified, the default one is ContainerStateWaiting.", - "type": "object", - "properties": { - "running": { - "description": "Details about a running container", - "$ref": "#/definitions/io.k8s.api.core.v1.ContainerStateRunning" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeScheduler" + } }, - "terminated": { - "description": "Details about a terminated container", - "$ref": "#/definitions/io.k8s.api.core.v1.ContainerStateTerminated" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "waiting": { - "description": "Details about a waiting container", - "$ref": "#/definitions/io.k8s.api.core.v1.ContainerStateWaiting" - } - } - }, - "io.k8s.api.core.v1.ContainerStateRunning": { - "description": "ContainerStateRunning is a running state of a container.", - "type": "object", - "properties": { - "startedAt": { - "description": "Time at which the container was last (re-)started", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.ContainerStateTerminated": { - "description": "ContainerStateTerminated is a terminated state of a container.", + "com.github.openshift.api.operator.v1.KubeSchedulerSpec": { "type": "object", "required": [ - "exitCode" + "managementState", + "forceRedeploymentReason" ], "properties": { - "containerID": { - "description": "Container's ID in the format '://'", - "type": "string" - }, - "exitCode": { - "description": "Exit status from the last termination of the container", + "failedRevisionLimit": { + "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", "type": "integer", - "format": "int32", - "default": 0 + "format": "int32" }, - "finishedAt": { - "description": "Time at which the container last terminated", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "forceRedeploymentReason": { + "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.", + "type": "string", + "default": "" }, - "message": { - "description": "Message regarding the last termination of the container", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "reason": { - "description": "(brief) reason from the last termination of the container", + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "signal": { - "description": "Signal from the last termination of the container", + "succeededRevisionLimit": { + "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", "type": "integer", "format": "int32" }, - "startedAt": { - "description": "Time at which previous execution of the container started", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - } - } - }, - "io.k8s.api.core.v1.ContainerStateWaiting": { - "description": "ContainerStateWaiting is a waiting state of a container.", - "type": "object", - "properties": { - "message": { - "description": "Message regarding why the container is not yet running.", - "type": "string" - }, - "reason": { - "description": "(brief) reason the container is not yet running.", - "type": "string" + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.ContainerStatus": { - "description": "ContainerStatus contains details for the current status of this container.", + "com.github.openshift.api.operator.v1.KubeSchedulerStatus": { "type": "object", - "required": [ - "name", - "ready", - "restartCount", - "image", - "imageID" - ], "properties": { - "allocatedResources": { - "description": "AllocatedResources represents the compute resources allocated for this container by the node. Kubelet sets this value to Container.Resources.Requests upon successful pod admission and after successfully admitting desired pod resize.", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" - } + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "allocatedResourcesStatus": { - "description": "AllocatedResourcesStatus represents the status of various resources allocated for this Pod.", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ResourceStatus" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" }, "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", "name" ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" - }, - "containerID": { - "description": "ContainerID is the ID of the container in the format '://'. Where type is a container runtime identifier, returned from Version call of CRI API (for example \"containerd\").", - "type": "string" - }, - "image": { - "description": "Image is the name of container image that the container is running. The container image may not match the image used in the PodSpec, as it may have been resolved by the runtime. More info: https://kubernetes.io/docs/concepts/containers/images.", - "type": "string", - "default": "" - }, - "imageID": { - "description": "ImageID is the image ID of the container's image. The image ID may not match the image ID of the image used in the PodSpec, as it may have been resolved by the runtime.", - "type": "string", - "default": "" + "x-kubernetes-list-type": "map" }, - "lastState": { - "description": "LastTerminationState holds the last termination state of the container to help debug container crashes and restarts. This field is not populated if the container is still running and RestartCount is 0.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ContainerState" + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" }, - "name": { - "description": "Name is a DNS_LABEL representing the unique name of the container. Each container in a pod must have a unique name across all container types. Cannot be updated.", - "type": "string", - "default": "" + "latestAvailableRevisionReason": { + "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", + "type": "string" }, - "ready": { - "description": "Ready specifies whether the container is currently passing its readiness check. The value will change as readiness probes keep executing. If no readiness probes are specified, this field defaults to true once the container is fully started (see Started field).\n\nThe value is typically used to determine whether a container is ready to accept traffic.", - "type": "boolean", - "default": false + "nodeStatuses": { + "description": "nodeStatuses track the deployment values and errors across individual nodes", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeStatus" + }, + "x-kubernetes-list-map-keys": [ + "nodeName" + ], + "x-kubernetes-list-type": "map" }, - "resources": { - "description": "Resources represents the compute resource requests and limits that have been successfully enacted on the running container after it has been started or has been successfully resized.", - "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" }, - "restartCount": { - "description": "RestartCount holds the number of times the container has been restarted. Kubelet makes an effort to always increment the value, but there are cases when the state may be lost due to node restarts and then the value may be reset to 0. The value is never negative.", + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", "type": "integer", "format": "int32", "default": 0 }, - "started": { - "description": "Started indicates whether the container has finished its postStart lifecycle hook and passed its startup probe. Initialized as false, becomes true after startupProbe is considered successful. Resets to false when the container is restarted, or if kubelet loses state temporarily. In both cases, startup probes will run again. Is always true when no startupProbe is defined and container is running and has passed the postStart lifecycle hook. The null value must be treated the same as false.", - "type": "boolean" + "version": { + "description": "version is the level this availability applies to", + "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.KubeStorageVersionMigrator": { + "description": "KubeStorageVersionMigrator provides information to configure an operator to manage kube-storage-version-migrator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "metadata", + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "state": { - "description": "State holds details about the container's current condition.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ContainerState" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "stopSignal": { - "description": "StopSignal reports the effective stop signal for this container\n\nPossible enum values:\n - `\"SIGABRT\"`\n - `\"SIGALRM\"`\n - `\"SIGBUS\"`\n - `\"SIGCHLD\"`\n - `\"SIGCLD\"`\n - `\"SIGCONT\"`\n - `\"SIGFPE\"`\n - `\"SIGHUP\"`\n - `\"SIGILL\"`\n - `\"SIGINT\"`\n - `\"SIGIO\"`\n - `\"SIGIOT\"`\n - `\"SIGKILL\"`\n - `\"SIGPIPE\"`\n - `\"SIGPOLL\"`\n - `\"SIGPROF\"`\n - `\"SIGPWR\"`\n - `\"SIGQUIT\"`\n - `\"SIGRTMAX\"`\n - `\"SIGRTMAX-1\"`\n - `\"SIGRTMAX-10\"`\n - `\"SIGRTMAX-11\"`\n - `\"SIGRTMAX-12\"`\n - `\"SIGRTMAX-13\"`\n - `\"SIGRTMAX-14\"`\n - `\"SIGRTMAX-2\"`\n - `\"SIGRTMAX-3\"`\n - `\"SIGRTMAX-4\"`\n - `\"SIGRTMAX-5\"`\n - `\"SIGRTMAX-6\"`\n - `\"SIGRTMAX-7\"`\n - `\"SIGRTMAX-8\"`\n - `\"SIGRTMAX-9\"`\n - `\"SIGRTMIN\"`\n - `\"SIGRTMIN+1\"`\n - `\"SIGRTMIN+10\"`\n - `\"SIGRTMIN+11\"`\n - `\"SIGRTMIN+12\"`\n - `\"SIGRTMIN+13\"`\n - `\"SIGRTMIN+14\"`\n - `\"SIGRTMIN+15\"`\n - `\"SIGRTMIN+2\"`\n - `\"SIGRTMIN+3\"`\n - `\"SIGRTMIN+4\"`\n - `\"SIGRTMIN+5\"`\n - `\"SIGRTMIN+6\"`\n - `\"SIGRTMIN+7\"`\n - `\"SIGRTMIN+8\"`\n - `\"SIGRTMIN+9\"`\n - `\"SIGSEGV\"`\n - `\"SIGSTKFLT\"`\n - `\"SIGSTOP\"`\n - `\"SIGSYS\"`\n - `\"SIGTERM\"`\n - `\"SIGTRAP\"`\n - `\"SIGTSTP\"`\n - `\"SIGTTIN\"`\n - `\"SIGTTOU\"`\n - `\"SIGURG\"`\n - `\"SIGUSR1\"`\n - `\"SIGUSR2\"`\n - `\"SIGVTALRM\"`\n - `\"SIGWINCH\"`\n - `\"SIGXCPU\"`\n - `\"SIGXFSZ\"`", - "type": "string", - "enum": [ - "SIGABRT", - "SIGALRM", - "SIGBUS", - "SIGCHLD", - "SIGCLD", - "SIGCONT", - "SIGFPE", - "SIGHUP", - "SIGILL", - "SIGINT", - "SIGIO", - "SIGIOT", - "SIGKILL", - "SIGPIPE", - "SIGPOLL", - "SIGPROF", - "SIGPWR", - "SIGQUIT", - "SIGRTMAX", - "SIGRTMAX-1", - "SIGRTMAX-10", - "SIGRTMAX-11", - "SIGRTMAX-12", - "SIGRTMAX-13", - "SIGRTMAX-14", - "SIGRTMAX-2", - "SIGRTMAX-3", - "SIGRTMAX-4", - "SIGRTMAX-5", - "SIGRTMAX-6", - "SIGRTMAX-7", - "SIGRTMAX-8", - "SIGRTMAX-9", - "SIGRTMIN", - "SIGRTMIN+1", - "SIGRTMIN+10", - "SIGRTMIN+11", - "SIGRTMIN+12", - "SIGRTMIN+13", - "SIGRTMIN+14", - "SIGRTMIN+15", - "SIGRTMIN+2", - "SIGRTMIN+3", - "SIGRTMIN+4", - "SIGRTMIN+5", - "SIGRTMIN+6", - "SIGRTMIN+7", - "SIGRTMIN+8", - "SIGRTMIN+9", - "SIGSEGV", - "SIGSTKFLT", - "SIGSTOP", - "SIGSYS", - "SIGTERM", - "SIGTRAP", - "SIGTSTP", - "SIGTTIN", - "SIGTTOU", - "SIGURG", - "SIGUSR1", - "SIGUSR2", - "SIGVTALRM", - "SIGWINCH", - "SIGXCPU", - "SIGXFSZ" - ] + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeStorageVersionMigratorSpec" }, - "user": { - "description": "User represents user identity information initially attached to the first process of the container", - "$ref": "#/definitions/io.k8s.api.core.v1.ContainerUser" + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeStorageVersionMigratorStatus" + } + } + }, + "com.github.openshift.api.operator.v1.KubeStorageVersionMigratorList": { + "description": "KubeStorageVersionMigratorList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "metadata", + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "volumeMounts": { - "description": "Status of volume mounts.", + "items": { + "description": "items contains the items", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.VolumeMountStatus" - }, - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "mountPath", - "x-kubernetes-patch-strategy": "merge" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.KubeStorageVersionMigrator" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.ContainerUser": { - "description": "ContainerUser represents user identity information", + "com.github.openshift.api.operator.v1.KubeStorageVersionMigratorSpec": { "type": "object", + "required": [ + "managementState" + ], "properties": { - "linux": { - "description": "Linux holds user identity information initially attached to the first process of the containers in Linux. Note that the actual running identity can be changed if the process has enough privilege to do so.", - "$ref": "#/definitions/io.k8s.api.core.v1.LinuxContainerUser" + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.DaemonEndpoint": { - "description": "DaemonEndpoint contains information about a single Daemon endpoint.", + "com.github.openshift.api.operator.v1.KubeStorageVersionMigratorStatus": { "type": "object", - "required": [ - "Port" - ], "properties": { - "Port": { - "description": "Port number of the given endpoint.", + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" + }, + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", "type": "integer", "format": "int32", "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } } }, - "io.k8s.api.core.v1.DownwardAPIProjection": { - "description": "Represents downward API info for projecting into a projected volume. Note that this is identical to a downwardAPI volume source without the default mode.", + "com.github.openshift.api.operator.v1.LoadBalancerStrategy": { + "description": "LoadBalancerStrategy holds parameters for a load balancer.", "type": "object", + "required": [ + "scope", + "dnsManagementPolicy" + ], "properties": { - "items": { - "description": "Items is a list of DownwardAPIVolume file", + "allowedSourceRanges": { + "description": "allowedSourceRanges specifies an allowlist of IP address ranges to which access to the load balancer should be restricted. Each range must be specified using CIDR notation (e.g. \"10.0.0.0/8\" or \"fd00::/8\"). If no range is specified, \"0.0.0.0/0\" for IPv4 and \"::/0\" for IPv6 are used by default, which allows all source addresses.\n\nTo facilitate migration from earlier versions of OpenShift that did not have the allowedSourceRanges field, you may set the service.beta.kubernetes.io/load-balancer-source-ranges annotation on the \"router-\" service in the \"openshift-ingress\" namespace, and this annotation will take effect if allowedSourceRanges is empty on OpenShift 4.12.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIVolumeFile" + "type": "string", + "default": "" }, "x-kubernetes-list-type": "atomic" + }, + "dnsManagementPolicy": { + "description": "dnsManagementPolicy indicates if the lifecycle of the wildcard DNS record associated with the load balancer service will be managed by the ingress operator. It defaults to Managed. Valid values are: Managed and Unmanaged.", + "type": "string", + "default": "Managed" + }, + "providerParameters": { + "description": "providerParameters holds desired load balancer information specific to the underlying infrastructure provider.\n\nIf empty, defaults will be applied. See specific providerParameters fields for details about their defaults.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ProviderLoadBalancerParameters" + }, + "scope": { + "description": "scope indicates the scope at which the load balancer is exposed. Possible values are \"External\" and \"Internal\".", + "type": "string", + "default": "" } } }, - "io.k8s.api.core.v1.DownwardAPIVolumeFile": { - "description": "DownwardAPIVolumeFile represents information to create the file containing the pod field", + "com.github.openshift.api.operator.v1.LoggingDestination": { + "description": "LoggingDestination describes a destination for log messages.", "type": "object", "required": [ - "path" + "type" ], "properties": { - "fieldRef": { - "description": "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectFieldSelector" + "container": { + "description": "container holds parameters for the Container logging destination. Present only if type is Container.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ContainerLoggingDestinationParameters" }, - "mode": { - "description": "Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" + "syslog": { + "description": "syslog holds parameters for a syslog endpoint. Present only if type is Syslog.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.SyslogLoggingDestinationParameters" }, - "path": { - "description": "Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'", + "type": { + "description": "type is the type of destination for logs. It must be one of the following:\n\n* Container\n\nThe ingress operator configures the sidecar container named \"logs\" on the ingress controller pod and configures the ingress controller to write logs to the sidecar. The logs are then available as container logs. The expectation is that the administrator configures a custom logging solution that reads logs from this sidecar. Note that using container logs means that logs may be dropped if the rate of logs exceeds the container runtime's or the custom logging solution's capacity.\n\n* Syslog\n\nLogs are sent to a syslog endpoint. The administrator must specify an endpoint that can receive syslog messages. The expectation is that the administrator has configured a custom syslog instance.", "type": "string", "default": "" - }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.ResourceFieldSelector" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "container": "Container", + "syslog": "Syslog" + } + } + ] }, - "io.k8s.api.core.v1.DownwardAPIVolumeSource": { - "description": "DownwardAPIVolumeSource represents a volume containing downward API info. Downward API volumes support ownership management and SELinux relabeling.", + "com.github.openshift.api.operator.v1.Logo": { + "description": "Logo defines a configuration based on theme modes for the console UI logo.", "type": "object", + "required": [ + "type", + "themes" + ], "properties": { - "defaultMode": { - "description": "Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" - }, - "items": { - "description": "Items is a list of downward API volume file", + "themes": { + "description": "themes specifies the themes for the console UI logo. themes is a required field that allows a list of themes. Each item in the themes list must have a unique mode and a source field. Each mode determines whether the logo is for the dark or light mode of the console UI. If a theme is not specified, the default OpenShift logo will be displayed for that theme. There must be at least one entry and no more than 2 entries.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIVolumeFile" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Theme" }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "io.k8s.api.core.v1.EmptyDirVolumeSource": { - "description": "Represents an empty directory for a pod. Empty directory volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "medium": { - "description": "medium represents what type of storage medium should back this directory. The default is \"\" which means to use the node's default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "type": "string" + "x-kubernetes-list-map-keys": [ + "mode" + ], + "x-kubernetes-list-type": "map" }, - "sizeLimit": { - "description": "sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + "type": { + "description": "type specifies the type of the logo for the console UI. It determines whether the logo is for the masthead or favicon. type is a required field that allows values of Masthead and Favicon. When set to \"Masthead\", the logo will be used in the masthead and about modal of the console UI. When set to \"Favicon\", the logo will be used as the favicon of the console UI.\n\nPossible enum values:\n - `\"Favicon\"` Favicon represents the favicon logo.\n - `\"Masthead\"` Masthead represents the logo in the masthead.", + "type": "string", + "default": "", + "enum": [ + "Favicon", + "Masthead" + ] } } }, - "io.k8s.api.core.v1.EndpointAddress": { - "description": "EndpointAddress is a tuple that describes single IP address. Deprecated: This API is deprecated in v1.33+.", + "com.github.openshift.api.operator.v1.MTUMigration": { + "description": "MTUMigration contains infomation about MTU migration.", "type": "object", - "required": [ - "ip" - ], "properties": { - "hostname": { - "description": "The Hostname of this endpoint", - "type": "string" - }, - "ip": { - "description": "The IP of this endpoint. May not be loopback (127.0.0.0/8 or ::1), link-local (169.254.0.0/16 or fe80::/10), or link-local multicast (224.0.0.0/24 or ff02::/16).", - "type": "string", - "default": "" - }, - "nodeName": { - "description": "Optional: Node hosting this endpoint. This can be used to determine endpoints local to a node.", - "type": "string" + "machine": { + "description": "machine contains MTU migration configuration for the machine's uplink. Needs to be migrated along with the default network MTU unless the current uplink MTU already accommodates the default network MTU.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.MTUMigrationValues" }, - "targetRef": { - "description": "Reference to object providing the endpoint.", - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + "network": { + "description": "network contains information about MTU migration for the default network. Migrations are only allowed to MTU values lower than the machine's uplink MTU by the minimum appropriate offset.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.MTUMigrationValues" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "io.k8s.api.core.v1.EndpointPort": { - "description": "EndpointPort is a tuple that describes a single port. Deprecated: This API is deprecated in v1.33+.", + "com.github.openshift.api.operator.v1.MTUMigrationValues": { + "description": "MTUMigrationValues contains the values for a MTU migration.", "type": "object", "required": [ - "port" + "to" ], "properties": { - "appProtocol": { - "description": "The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.", - "type": "string" - }, - "name": { - "description": "The name of this port. This must match the 'name' field in the corresponding ServicePort. Must be a DNS_LABEL. Optional only if one port is defined.", - "type": "string" - }, - "port": { - "description": "The port number of the endpoint.", + "from": { + "description": "from is the MTU to migrate from.", "type": "integer", - "format": "int32", - "default": 0 - }, - "protocol": { - "description": "The IP protocol for this port. Must be UDP, TCP, or SCTP. Default is TCP.\n\nPossible enum values:\n - `\"SCTP\"` is the SCTP protocol.\n - `\"TCP\"` is the TCP protocol.\n - `\"UDP\"` is the UDP protocol.", - "type": "string", - "enum": [ - "SCTP", - "TCP", - "UDP" - ] - } - }, - "x-kubernetes-map-type": "atomic" - }, - "io.k8s.api.core.v1.EndpointSubset": { - "description": "EndpointSubset is a group of addresses with a common set of ports. The expanded set of endpoints is the Cartesian product of Addresses x Ports. For example, given:\n\n\t{\n\t Addresses: [{\"ip\": \"10.10.1.1\"}, {\"ip\": \"10.10.2.2\"}],\n\t Ports: [{\"name\": \"a\", \"port\": 8675}, {\"name\": \"b\", \"port\": 309}]\n\t}\n\nThe resulting set of endpoints can be viewed as:\n\n\ta: [ 10.10.1.1:8675, 10.10.2.2:8675 ],\n\tb: [ 10.10.1.1:309, 10.10.2.2:309 ]\n\nDeprecated: This API is deprecated in v1.33+.", - "type": "object", - "properties": { - "addresses": { - "description": "IP addresses which offer the related ports that are marked as ready. These endpoints should be considered safe for load balancers and clients to utilize.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.EndpointAddress" - }, - "x-kubernetes-list-type": "atomic" - }, - "notReadyAddresses": { - "description": "IP addresses which offer the related ports but are not currently marked as ready because they have not yet finished starting, have recently failed a readiness check, or have recently failed a liveness check.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.EndpointAddress" - }, - "x-kubernetes-list-type": "atomic" + "format": "int64" }, - "ports": { - "description": "Port numbers available on the related IP addresses.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.EndpointPort" - }, - "x-kubernetes-list-type": "atomic" + "to": { + "description": "to is the MTU to migrate to.", + "type": "integer", + "format": "int64" } } }, - "io.k8s.api.core.v1.Endpoints": { - "description": "Endpoints is a collection of endpoints that implement the actual service. Example:\n\n\t Name: \"mysvc\",\n\t Subsets: [\n\t {\n\t Addresses: [{\"ip\": \"10.10.1.1\"}, {\"ip\": \"10.10.2.2\"}],\n\t Ports: [{\"name\": \"a\", \"port\": 8675}, {\"name\": \"b\", \"port\": 309}]\n\t },\n\t {\n\t Addresses: [{\"ip\": \"10.10.3.3\"}],\n\t Ports: [{\"name\": \"a\", \"port\": 93}, {\"name\": \"b\", \"port\": 76}]\n\t },\n\t]\n\nEndpoints is a legacy API and does not contain information about all Service features. Use discoveryv1.EndpointSlice for complete information about Service endpoints.\n\nDeprecated: This API is deprecated in v1.33+. Use discoveryv1.EndpointSlice.", + "com.github.openshift.api.operator.v1.MachineConfiguration": { + "description": "MachineConfiguration provides information to configure an operator to manage Machine Configuration.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -43794,25 +45003,27 @@ "type": "string" }, "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "subsets": { - "description": "The set of all endpoints is the union of all subsets. Addresses are placed into subsets according to the IPs they share. A single address with multiple ports, some of which are ready and some of which are not (because they come from different containers) will result in the address being displayed in different subsets for the different ports. No address will appear in both Addresses and NotReadyAddresses in the same subset. Sets of addresses and ports that comprise a service.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.EndpointSubset" - }, - "x-kubernetes-list-type": "atomic" + "spec": { + "description": "spec is the specification of the desired behavior of the Machine Config Operator", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.MachineConfigurationSpec" + }, + "status": { + "description": "status is the most recently observed status of the Machine Config Operator", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.MachineConfigurationStatus" } } }, - "io.k8s.api.core.v1.EndpointsList": { - "description": "EndpointsList is a list of endpoints. Deprecated: This API is deprecated in v1.33+.", + "com.github.openshift.api.operator.v1.MachineConfigurationList": { + "description": "MachineConfigurationList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -43821,11 +45032,11 @@ "type": "string" }, "items": { - "description": "List of endpoints.", + "description": "items contains the items", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.Endpoints" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.MachineConfiguration" } }, "kind": { @@ -43833,550 +45044,339 @@ "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "io.k8s.api.core.v1.EnvFromSource": { - "description": "EnvFromSource represents the source of a set of ConfigMaps or Secrets", - "type": "object", - "properties": { - "configMapRef": { - "description": "The ConfigMap to select from", - "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapEnvSource" - }, - "prefix": { - "description": "Optional text to prepend to the name of each environment variable. May consist of any printable ASCII characters except '='.", - "type": "string" - }, - "secretRef": { - "description": "The Secret to select from", - "$ref": "#/definitions/io.k8s.api.core.v1.SecretEnvSource" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.EnvVar": { - "description": "EnvVar represents an environment variable present in a Container.", + "com.github.openshift.api.operator.v1.MachineConfigurationSpec": { "type": "object", "required": [ - "name" + "managementState", + "forceRedeploymentReason" ], "properties": { - "name": { - "description": "Name of the environment variable. May consist of any printable ASCII characters except '='.", + "bootImageSkewEnforcement": { + "description": "bootImageSkewEnforcement allows an admin to configure how boot image version skew is enforced on the cluster. When omitted, this will default to Automatic for clusters that support automatic boot image updates. For clusters that do not support automatic boot image updates, cluster upgrades will be disabled until a skew enforcement mode has been specified. When version skew is being enforced, cluster upgrades will be disabled until the version skew is deemed acceptable for the current release payload.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.BootImageSkewEnforcementConfig" + }, + "failedRevisionLimit": { + "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", + "type": "integer", + "format": "int32" + }, + "forceRedeploymentReason": { + "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.", "type": "string", "default": "" }, - "value": { - "description": "Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to \"\".", + "irreconcilableValidationOverrides": { + "description": "irreconcilableValidationOverrides is an optional field that can used to make changes to a MachineConfig that cannot be applied to existing nodes. When specified, the fields configured with validation overrides will no longer reject changes to those respective fields due to them not being able to be applied to existing nodes. Only newly provisioned nodes will have these configurations applied. Existing nodes will report observed configuration differences in their MachineConfigNode status.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IrreconcilableValidationOverrides" + }, + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "valueFrom": { - "description": "Source for the environment variable's value. Cannot be used if value is not empty.", - "$ref": "#/definitions/io.k8s.api.core.v1.EnvVarSource" - } - } - }, - "io.k8s.api.core.v1.EnvVarSource": { - "description": "EnvVarSource represents a source for the value of an EnvVar.", - "type": "object", - "properties": { - "configMapKeyRef": { - "description": "Selects a key of a ConfigMap.", - "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapKeySelector" + "managedBootImages": { + "description": "managedBootImages allows configuration for the management of boot images for machine resources within the cluster. This configuration allows users to select resources that should be updated to the latest boot images during cluster upgrades, ensuring that new machines always boot with the current cluster version's boot image. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The default for each machine manager mode is All for GCP and AWS platforms, and None for all other platforms.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ManagedBootImages" }, - "fieldRef": { - "description": "Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.", - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectFieldSelector" + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" }, - "fileKeyRef": { - "description": "FileKeyRef selects a key of the env file. Requires the EnvFiles feature gate to be enabled.", - "$ref": "#/definitions/io.k8s.api.core.v1.FileKeySelector" + "nodeDisruptionPolicy": { + "description": "nodeDisruptionPolicy allows an admin to set granular node disruption actions for MachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow for less downtime when doing small configuration updates to the cluster. This configuration has no effect on cluster upgrades which will still incur node disruption where required.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyConfig" }, - "resourceFieldRef": { - "description": "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.ResourceFieldSelector" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" }, - "secretKeyRef": { - "description": "Selects a key of a secret in the pod's namespace", - "$ref": "#/definitions/io.k8s.api.core.v1.SecretKeySelector" + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "succeededRevisionLimit": { + "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", + "type": "integer", + "format": "int32" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.EphemeralContainer": { - "description": "An EphemeralContainer is a temporary container that you may add to an existing Pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a Pod is removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the Pod to exceed its resource allocation.\n\nTo add an ephemeral container, use the ephemeralcontainers subresource of an existing Pod. Ephemeral containers may not be removed or restarted.", + "com.github.openshift.api.operator.v1.MachineConfigurationStatus": { "type": "object", - "required": [ - "name" - ], "properties": { - "args": { - "description": "Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "command": { - "description": "Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "bootImageSkewEnforcementStatus": { + "description": "bootImageSkewEnforcementStatus reflects what the latest cluster-validated boot image skew enforcement configuration is and will be used by Machine Config Controller while performing boot image skew enforcement. When omitted, the MCO has no knowledge of how to enforce boot image skew. When the MCO does not know how boot image skew should be enforced, cluster upgrades will be blocked until it can either automatically determine skew enforcement or there is an explicit skew enforcement configuration provided in the spec.bootImageSkewEnforcement field.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.BootImageSkewEnforcementStatus" }, - "env": { - "description": "List of environment variables to set in the container. Cannot be updated.", + "conditions": { + "description": "conditions is a list of conditions and their status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" }, "x-kubernetes-list-map-keys": [ - "name" + "type" ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" + "x-kubernetes-list-type": "map" }, - "envFrom": { - "description": "List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.EnvFromSource" - }, - "x-kubernetes-list-type": "atomic" + "managedBootImagesStatus": { + "description": "managedBootImagesStatus reflects what the latest cluster-validated boot image configuration is and will be used by Machine Config Controller while performing boot image updates.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ManagedBootImages" }, - "image": { - "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images", - "type": "string" + "nodeDisruptionPolicyStatus": { + "description": "nodeDisruptionPolicyStatus status reflects what the latest cluster-validated policies are, and will be used by the Machine Config Daemon during future node updates.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatus" }, - "imagePullPolicy": { - "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images\n\nPossible enum values:\n - `\"Always\"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.\n - `\"IfNotPresent\"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.\n - `\"Never\"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present", + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + } + } + }, + "com.github.openshift.api.operator.v1.MachineManager": { + "description": "MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information such as the resource type and the API Group of the resource. It also provides granular control via the selection field.", + "type": "object", + "required": [ + "resource", + "apiGroup", + "selection" + ], + "properties": { + "apiGroup": { + "description": "apiGroup is name of the APIGroup that the machine management resource belongs to. The only current valid value is machine.openshift.io. machine.openshift.io means that the machine manager will only register resources that belong to OpenShift machine API group.", "type": "string", - "enum": [ - "Always", - "IfNotPresent", - "Never" - ] - }, - "lifecycle": { - "description": "Lifecycle is not allowed for ephemeral containers.", - "$ref": "#/definitions/io.k8s.api.core.v1.Lifecycle" - }, - "livenessProbe": { - "description": "Probes are not allowed for ephemeral containers.", - "$ref": "#/definitions/io.k8s.api.core.v1.Probe" + "default": "" }, - "name": { - "description": "Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.", + "resource": { + "description": "resource is the machine management resource's type. Valid values are machinesets and controlplanemachinesets. machinesets means that the machine manager will only register resources of the kind MachineSet. controlplanemachinesets means that the machine manager will only register resources of the kind ControlPlaneMachineSet.", "type": "string", "default": "" }, - "ports": { - "description": "Ports are not allowed for ephemeral containers.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ContainerPort" - }, - "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "containerPort", - "x-kubernetes-patch-strategy": "merge" - }, - "readinessProbe": { - "description": "Probes are not allowed for ephemeral containers.", - "$ref": "#/definitions/io.k8s.api.core.v1.Probe" - }, - "resizePolicy": { - "description": "Resources resize policy for the container.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ContainerResizePolicy" - }, - "x-kubernetes-list-type": "atomic" - }, - "resources": { - "description": "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.", + "selection": { + "description": "selection allows granular control of the machine management resources that will be registered for boot image updates.", "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" - }, - "restartPolicy": { - "description": "Restart policy for the container to manage the restart behavior of each container within a pod. You cannot set this field on ephemeral containers.", - "type": "string" - }, - "restartPolicyRules": { - "description": "Represents a list of rules to be checked to determine if the container should be restarted on exit. You cannot set this field on ephemeral containers.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ContainerRestartRule" - }, - "x-kubernetes-list-type": "atomic" - }, - "securityContext": { - "description": "Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.", - "$ref": "#/definitions/io.k8s.api.core.v1.SecurityContext" - }, - "startupProbe": { - "description": "Probes are not allowed for ephemeral containers.", - "$ref": "#/definitions/io.k8s.api.core.v1.Probe" - }, - "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", - "type": "boolean" - }, - "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", - "type": "boolean" - }, - "targetContainerName": { - "description": "If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container uses the namespaces configured in the Pod spec.\n\nThe container runtime must implement support for this feature. If the runtime does not support namespace targeting then the result of setting this field is undefined.", - "type": "string" - }, - "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", - "type": "string" - }, - "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.\n\nPossible enum values:\n - `\"FallbackToLogsOnError\"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.\n - `\"File\"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.", - "type": "string", - "enum": [ - "FallbackToLogsOnError", - "File" - ] - }, - "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", - "type": "boolean" - }, - "volumeDevices": { - "description": "volumeDevices is the list of block devices to be used by the container.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.VolumeDevice" - }, - "x-kubernetes-list-map-keys": [ - "devicePath" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "devicePath", - "x-kubernetes-patch-strategy": "merge" - }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.VolumeMount" - }, - "x-kubernetes-list-map-keys": [ - "mountPath" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "mountPath", - "x-kubernetes-patch-strategy": "merge" - }, - "workingDir": { - "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.MachineManagerSelector" } } }, - "io.k8s.api.core.v1.EphemeralContainerCommon": { - "description": "EphemeralContainerCommon is a copy of all fields in Container to be inlined in EphemeralContainer. This separate type allows easy conversion from EphemeralContainer to Container and allows separate documentation for the fields of EphemeralContainer. When a new field is added to Container it must be added here as well.", + "com.github.openshift.api.operator.v1.MachineManagerSelector": { "type": "object", "required": [ - "name" + "mode" ], "properties": { - "args": { - "description": "Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "command": { - "description": "Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will produce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "env": { - "description": "List of environment variables to set in the container. Cannot be updated.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.EnvVar" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" - }, - "envFrom": { - "description": "List of sources to populate environment variables in the container. The keys defined within a source may consist of any printable ASCII characters except '='. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.EnvFromSource" - }, - "x-kubernetes-list-type": "atomic" - }, - "image": { - "description": "Container image name. More info: https://kubernetes.io/docs/concepts/containers/images", - "type": "string" - }, - "imagePullPolicy": { - "description": "Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images\n\nPossible enum values:\n - `\"Always\"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.\n - `\"IfNotPresent\"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.\n - `\"Never\"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present", - "type": "string", - "enum": [ - "Always", - "IfNotPresent", - "Never" - ] - }, - "lifecycle": { - "description": "Lifecycle is not allowed for ephemeral containers.", - "$ref": "#/definitions/io.k8s.api.core.v1.Lifecycle" - }, - "livenessProbe": { - "description": "Probes are not allowed for ephemeral containers.", - "$ref": "#/definitions/io.k8s.api.core.v1.Probe" - }, - "name": { - "description": "Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers.", + "mode": { + "description": "mode determines how machine managers will be selected for updates. Valid values are All, Partial and None. All means that every resource matched by the machine manager will be updated. Partial requires specified selector(s) and allows customisation of which resources matched by the machine manager will be updated. Partial is not permitted for the controlplanemachinesets resource type as they are a singleton within the cluster. None means that every resource matched by the machine manager will not be updated.", "type": "string", "default": "" }, - "ports": { - "description": "Ports are not allowed for ephemeral containers.", + "partial": { + "description": "partial provides label selector(s) that can be used to match machine management resources. Only permitted when mode is set to \"Partial\".", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.PartialSelector" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "mode", + "fields-to-discriminateBy": { + "partial": "Partial" + } + } + ] + }, + "com.github.openshift.api.operator.v1.ManagedBootImages": { + "type": "object", + "properties": { + "machineManagers": { + "description": "machineManagers can be used to register machine management resources for boot image updates. The Machine Config Operator will watch for changes to this list. Only one entry is permitted per type of machine management resource.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ContainerPort" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.MachineManager" }, "x-kubernetes-list-map-keys": [ - "containerPort", - "protocol" + "resource", + "apiGroup" ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "containerPort", - "x-kubernetes-patch-strategy": "merge" + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.operator.v1.MyOperatorResource": { + "description": "MyOperatorResource is an example operator configuration type\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "required": [ + "metadata", + "spec", + "status" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "readinessProbe": { - "description": "Probes are not allowed for ephemeral containers.", - "$ref": "#/definitions/io.k8s.api.core.v1.Probe" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "resizePolicy": { - "description": "Resources resize policy for the container.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ContainerResizePolicy" - }, - "x-kubernetes-list-type": "atomic" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "resources": { - "description": "Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod.", + "spec": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.MyOperatorResourceSpec" }, - "restartPolicy": { - "description": "Restart policy for the container to manage the restart behavior of each container within a pod. You cannot set this field on ephemeral containers.", + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.MyOperatorResourceStatus" + } + } + }, + "com.github.openshift.api.operator.v1.MyOperatorResourceSpec": { + "type": "object", + "required": [ + "managementState" + ], + "properties": { + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "restartPolicyRules": { - "description": "Represents a list of rules to be checked to determine if the container should be restarted on exit. You cannot set this field on ephemeral containers.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ContainerRestartRule" - }, - "x-kubernetes-list-type": "atomic" - }, - "securityContext": { - "description": "Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.", - "$ref": "#/definitions/io.k8s.api.core.v1.SecurityContext" - }, - "startupProbe": { - "description": "Probes are not allowed for ephemeral containers.", - "$ref": "#/definitions/io.k8s.api.core.v1.Probe" - }, - "stdin": { - "description": "Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false.", - "type": "boolean" + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" }, - "stdinOnce": { - "description": "Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false", - "type": "boolean" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" }, - "terminationMessagePath": { - "description": "Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.", + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "terminationMessagePolicy": { - "description": "Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated.\n\nPossible enum values:\n - `\"FallbackToLogsOnError\"` will read the most recent contents of the container logs for the container status message when the container exits with an error and the terminationMessagePath has no contents.\n - `\"File\"` is the default behavior and will set the container status message to the contents of the container's terminationMessagePath when the container exits.", - "type": "string", - "enum": [ - "FallbackToLogsOnError", - "File" - ] - }, - "tty": { - "description": "Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false.", - "type": "boolean" - }, - "volumeDevices": { - "description": "volumeDevices is the list of block devices to be used by the container.", + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.operator.v1.MyOperatorResourceStatus": { + "type": "object", + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.VolumeDevice" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" }, "x-kubernetes-list-map-keys": [ - "devicePath" + "type" ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "devicePath", - "x-kubernetes-patch-strategy": "merge" + "x-kubernetes-list-type": "map" }, - "volumeMounts": { - "description": "Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated.", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.VolumeMount" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" }, "x-kubernetes-list-map-keys": [ - "mountPath" + "group", + "resource", + "namespace", + "name" ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "mountPath", - "x-kubernetes-patch-strategy": "merge" + "x-kubernetes-list-type": "map" }, - "workingDir": { - "description": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", "type": "string" } } }, - "io.k8s.api.core.v1.EphemeralVolumeSource": { - "description": "Represents an ephemeral volume that is handled by a normal storage driver.", + "com.github.openshift.api.operator.v1.NetFlowConfig": { "type": "object", "properties": { - "volumeClaimTemplate": { - "description": "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long).\n\nAn existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster.\n\nThis field is read-only and no changes will be made by Kubernetes to the PVC after it has been created.\n\nRequired, must not be nil.", - "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimTemplate" + "collectors": { + "description": "netFlow defines the NetFlow collectors that will consume the flow data exported from OVS. It is a list of strings formatted as ip:port with a maximum of ten items", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "io.k8s.api.core.v1.Event": { - "description": "Event is a report of an event somewhere in the cluster. Events have a limited retention time and triggers and messages may evolve with time. Event consumers should not rely on the timing of an event with a given Reason reflecting a consistent underlying trigger, or the continued existence of events with that Reason. Events should be treated as informative, best-effort, supplemental data.", + "com.github.openshift.api.operator.v1.Network": { + "description": "Network describes the cluster's desired network configuration. It is consumed by the cluster-network-operator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", - "required": [ - "metadata", - "involvedObject" - ], "properties": { - "action": { - "description": "What action was taken/failed regarding to the Regarding object.", - "type": "string" - }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "count": { - "description": "The number of times this event has occurred.", - "type": "integer", - "format": "int32" - }, - "eventTime": { - "description": "Time when this Event was first observed.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.MicroTime" - }, - "firstTimestamp": { - "description": "The time at which the event was first recorded. (Time of server receipt is in TypeMeta.)", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "involvedObject": { - "description": "The object that this event is about.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "lastTimestamp": { - "description": "The time at which the most recent occurrence of this event was recorded.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "message": { - "description": "A human-readable description of the status of this operation.", - "type": "string" - }, "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "reason": { - "description": "This should be a short, machine understandable string that gives the reason for the transition into the object's current status.", - "type": "string" - }, - "related": { - "description": "Optional secondary object for more complex actions.", - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" - }, - "reportingComponent": { - "description": "Name of the controller that emitted this Event, e.g. `kubernetes.io/kubelet`.", - "type": "string", - "default": "" - }, - "reportingInstance": { - "description": "ID of the controller instance, e.g. `kubelet-xyzf`.", - "type": "string", - "default": "" - }, - "series": { - "description": "Data about the Event series this event represents or nil if it's a singleton Event.", - "$ref": "#/definitions/io.k8s.api.core.v1.EventSeries" - }, - "source": { - "description": "The component reporting this event. Should be a short machine understandable string.", + "spec": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.EventSource" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NetworkSpec" }, - "type": { - "description": "Type of this event (Normal, Warning), new types could be added in the future", - "type": "string" + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NetworkStatus" } } }, - "io.k8s.api.core.v1.EventList": { - "description": "EventList is a list of events.", + "com.github.openshift.api.operator.v1.NetworkList": { + "description": "NetworkList contains a list of Network configurations\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "items" @@ -44387,11 +45387,10 @@ "type": "string" }, "items": { - "description": "List of events", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.Event" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Network" } }, "kind": { @@ -44399,559 +45398,535 @@ "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.EventSeries": { - "description": "EventSeries contain information on series of events, i.e. thing that was/is happening continuously for some time.", + "com.github.openshift.api.operator.v1.NetworkMigration": { + "description": "NetworkMigration represents the cluster network migration configuration.", "type": "object", "properties": { - "count": { - "description": "Number of occurrences in this series up to the last heartbeat time", - "type": "integer", - "format": "int32" + "features": { + "description": "features was previously used to configure which network plugin features would be migrated in a network type migration. DEPRECATED: network type migration is no longer supported, and setting this to a non-empty value will result in the network operator rejecting the configuration.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.FeaturesMigration" }, - "lastObservedTime": { - "description": "Time of the last occurrence observed", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.MicroTime" - } - } - }, - "io.k8s.api.core.v1.EventSource": { - "description": "EventSource contains information for an event.", - "type": "object", - "properties": { - "component": { - "description": "Component from which the event is generated.", + "mode": { + "description": "mode indicates the mode of network type migration. DEPRECATED: network type migration is no longer supported, and setting this to a non-empty value will result in the network operator rejecting the configuration.", "type": "string" }, - "host": { - "description": "Node name on which the event is generated.", + "mtu": { + "description": "mtu contains the MTU migration configuration. Set this to allow changing the MTU values for the default network. If unset, the operation of changing the MTU for the default network will be rejected.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.MTUMigration" + }, + "networkType": { + "description": "networkType was previously used when changing the default network type. DEPRECATED: network type migration is no longer supported, and setting this to a non-empty value will result in the network operator rejecting the configuration.", "type": "string" } } }, - "io.k8s.api.core.v1.ExecAction": { - "description": "ExecAction describes a \"run in container\" action.", + "com.github.openshift.api.operator.v1.NetworkSpec": { + "description": "NetworkSpec is the top-level network configuration object.", "type": "object", + "required": [ + "managementState", + "clusterNetwork", + "serviceNetwork", + "defaultNetwork" + ], "properties": { - "command": { - "description": "Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", + "additionalNetworks": { + "description": "additionalNetworks is a list of extra networks to make available to pods when multiple networks are enabled.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AdditionalNetworkDefinition" }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "io.k8s.api.core.v1.FCVolumeSource": { - "description": "Represents a Fibre Channel volume. Fibre Channel volumes can only be mounted as read/write once. Fibre Channel volumes support ownership management and SELinux relabeling.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "lun": { - "description": "lun is Optional: FC target lun number", - "type": "integer", - "format": "int32" + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "readOnly": { - "description": "readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" + "additionalRoutingCapabilities": { + "description": "additionalRoutingCapabilities describes components and relevant configuration providing additional routing capabilities. When set, it enables such components and the usage of the routing capabilities they provide for the machine network. Upstream operators, like MetalLB operator, requiring these capabilities may rely on, or automatically set this attribute. Network plugins may leverage advanced routing capabilities acquired through the enablement of these components but may require specific configuration on their side to do so; refer to their respective documentation and configuration options.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AdditionalRoutingCapabilities" }, - "targetWWNs": { - "description": "targetWWNs is Optional: FC target worldwide names (WWNs)", + "clusterNetwork": { + "description": "clusterNetwork is the IP address pool to use for pod IPs. Some network providers support multiple ClusterNetworks. Others only support one. This is equivalent to the cluster-cidr.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ClusterNetworkEntry" }, "x-kubernetes-list-type": "atomic" }, - "wwids": { - "description": "wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "io.k8s.api.core.v1.FileKeySelector": { - "description": "FileKeySelector selects a key of the env file.", - "type": "object", - "required": [ - "volumeName", - "path", - "key" - ], - "properties": { - "key": { - "description": "The key within the env file. An invalid key will prevent the pod from starting. The keys defined within a source may consist of any printable ASCII characters except '='. During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.", - "type": "string", - "default": "" + "defaultNetwork": { + "description": "defaultNetwork is the \"default\" network that all pods will receive", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DefaultNetworkDefinition" }, - "optional": { - "description": "Specify whether the file or its key must be defined. If the file or key does not exist, then the env var is not published. If optional is set to true and the specified key does not exist, the environment variable will not be set in the Pod's containers.\n\nIf optional is set to false and the specified key does not exist, an error will be returned during Pod creation.", + "deployKubeProxy": { + "description": "deployKubeProxy specifies whether or not a standalone kube-proxy should be deployed by the operator. Some network providers include kube-proxy or similar functionality. If unset, the plugin will attempt to select the correct value, which is false when ovn-kubernetes is used and true otherwise.", + "type": "boolean" + }, + "disableMultiNetwork": { + "description": "disableMultiNetwork defaults to 'false' and this setting enables the pod multi-networking capability. disableMultiNetwork when set to 'true' at cluster install time does not install the components, typically the Multus CNI and the network-attachment-definition CRD, that enable the pod multi-networking capability. Setting the parameter to 'true' might be useful when you need install third-party CNI plugins, but these plugins are not supported by Red Hat. Changing the parameter value as a postinstallation cluster task has no effect.", + "type": "boolean" + }, + "disableNetworkDiagnostics": { + "description": "disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck CRs from a test pod to every node, apiserver and LB should be disabled or not. If unset, this property defaults to 'false' and network diagnostics is enabled. Setting this to 'true' would reduce the additional load of the pods performing the checks.", "type": "boolean", "default": false }, - "path": { - "description": "The path within the volume from which to select the file. Must be relative and may not contain the '..' path or start with '..'.", - "type": "string", - "default": "" + "exportNetworkFlows": { + "description": "exportNetworkFlows enables and configures the export of network flow metadata from the pod network by using protocols NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes plugin. If unset, flows will not be exported to any collector.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ExportNetworkFlows" }, - "volumeName": { - "description": "The name of the volume mount containing the env file.", - "type": "string", - "default": "" - } - }, - "x-kubernetes-map-type": "atomic" - }, - "io.k8s.api.core.v1.FlexPersistentVolumeSource": { - "description": "FlexPersistentVolumeSource represents a generic persistent volume resource that is provisioned/attached using an exec based plugin.", - "type": "object", - "required": [ - "driver" - ], - "properties": { - "driver": { - "description": "driver is the name of the driver to use for this volume.", - "type": "string", - "default": "" + "kubeProxyConfig": { + "description": "kubeProxyConfig lets us configure desired proxy configuration, if deployKubeProxy is true. If not specified, sensible defaults will be chosen by OpenShift directly.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ProxyConfig" }, - "fsType": { - "description": "fsType is the Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "options": { - "description": "options is Optional: this field holds extra command options if any.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } - }, - "readOnly": { - "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.", - "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" - } - } - }, - "io.k8s.api.core.v1.FlexVolumeSource": { - "description": "FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin.", - "type": "object", - "required": [ - "driver" - ], - "properties": { - "driver": { - "description": "driver is the name of the driver to use for this volume.", + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", "default": "" }, - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default filesystem depends on FlexVolume script.", + "migration": { + "description": "migration enables and configures cluster network migration, for network changes that cannot be made instantly.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NetworkMigration" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "options": { - "description": "options is Optional: this field holds extra command options if any.", - "type": "object", - "additionalProperties": { + "serviceNetwork": { + "description": "serviceNetwork is the ip address pool to use for Service IPs Currently, all existing network providers only support a single value here, but this is an array to allow for growth.", + "type": "array", + "items": { "type": "string", "default": "" - } + }, + "x-kubernetes-list-type": "atomic" }, - "readOnly": { - "description": "readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" }, - "secretRef": { - "description": "secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + "useMultiNetworkPolicy": { + "description": "useMultiNetworkPolicy enables a controller which allows for MultiNetworkPolicy objects to be used on additional networks as created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy objects, but NetworkPolicy objects only apply to the primary interface. With MultiNetworkPolicy, you can control the traffic that a pod can receive over the secondary interfaces. If unset, this property defaults to 'false' and MultiNetworkPolicy objects are ignored. If 'disableMultiNetwork' is 'true' then the value of this field is ignored.", + "type": "boolean" } } }, - "io.k8s.api.core.v1.FlockerVolumeSource": { - "description": "Represents a Flocker volume mounted by the Flocker agent. One and only one of datasetName and datasetUUID should be set. Flocker volumes do not support ownership management or SELinux relabeling.", + "com.github.openshift.api.operator.v1.NetworkStatus": { + "description": "NetworkStatus is detailed operator status, which is distilled up to the Network clusteroperator object.", "type": "object", "properties": { - "datasetName": { - "description": "datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated", - "type": "string" + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "datasetUUID": { - "description": "datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" + }, + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", "type": "string" } } }, - "io.k8s.api.core.v1.GCEPersistentDiskVolumeSource": { - "description": "Represents a Persistent Disk resource in Google Compute Engine.\n\nA GCE PD must exist before mounting to a container. The disk must also be in the same GCE project and zone as the kubelet. A GCE PD can only be mounted as read/write once or read-only many times. GCE PDs support ownership management and SELinux relabeling.", + "com.github.openshift.api.operator.v1.NoOverlayConfig": { + "description": "NoOverlayConfig contains configuration options for networks operating in no-overlay mode.", "type": "object", "required": [ - "pdName" + "outboundSNAT", + "routing" ], "properties": { - "fsType": { - "description": "fsType is filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", + "outboundSNAT": { + "description": "outboundSNAT defines the SNAT behavior for outbound traffic from pods. Allowed values are \"Enabled\" and \"Disabled\". When set to \"Enabled\", SNAT is performed on outbound traffic from pods. When set to \"Disabled\", SNAT is not performed and pod IPs are preserved in outbound traffic. This field is required when the network operates in no-overlay mode. This field can be set to any value at installation time and can be changed afterwards.", "type": "string" }, - "partition": { - "description": "partition is the partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as \"1\". Similarly, the volume partition for /dev/sda is \"0\" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "integer", - "format": "int32" - }, - "pdName": { - "description": "pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "string", - "default": "" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "type": "boolean" + "routing": { + "description": "routing specifies whether the pod network routing is managed by OVN-Kubernetes or users. Allowed values are \"Managed\" and \"Unmanaged\". When set to \"Managed\", OVN-Kubernetes manages the pod network routing configuration through BGP. When set to \"Unmanaged\", users are responsible for configuring the pod network routing. This field is required when the network operates in no-overlay mode. This field is immutable once set.", + "type": "string" } } }, - "io.k8s.api.core.v1.GRPCAction": { - "description": "GRPCAction specifies an action involving a GRPC service.", + "com.github.openshift.api.operator.v1.NodeDisruptionPolicyClusterStatus": { + "description": "NodeDisruptionPolicyClusterStatus is the type for the status object, rendered by the controller as a merge of cluster defaults and user provided policies", "type": "object", - "required": [ - "port" - ], "properties": { - "port": { - "description": "Port number of the gRPC service. Number must be in the range 1 to 65535.", - "type": "integer", - "format": "int32", - "default": 0 + "files": { + "description": "files is a list of MachineConfig file definitions and actions to take to changes on those paths", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusFile" + }, + "x-kubernetes-list-map-keys": [ + "path" + ], + "x-kubernetes-list-type": "map" }, - "service": { - "description": "Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", - "type": "string", - "default": "" + "sshkey": { + "description": "sshkey is the overall sshkey MachineConfig definition", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusSSHKey" + }, + "units": { + "description": "units is a list MachineConfig unit definitions and actions to take on changes to those services", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusUnit" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } } }, - "io.k8s.api.core.v1.GitRepoVolumeSource": { - "description": "Represents a volume that is populated with the contents of a git repository. Git repo volumes do not support ownership management. Git repo volumes support SELinux relabeling.\n\nDEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", + "com.github.openshift.api.operator.v1.NodeDisruptionPolicyConfig": { + "description": "NodeDisruptionPolicyConfig is the overall spec definition for files/units/sshkeys", "type": "object", - "required": [ - "repository" - ], "properties": { - "directory": { - "description": "directory is the target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name.", - "type": "string" + "files": { + "description": "files is a list of MachineConfig file definitions and actions to take to changes on those paths This list supports a maximum of 50 entries.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecFile" + }, + "x-kubernetes-list-map-keys": [ + "path" + ], + "x-kubernetes-list-type": "map" }, - "repository": { - "description": "repository is the URL", - "type": "string", - "default": "" + "sshkey": { + "description": "sshkey maps to the ignition.sshkeys field in the MachineConfig object, definition an action for this will apply to all sshkey changes in the cluster", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecSSHKey" }, - "revision": { - "description": "revision is the commit hash for the specified revision.", - "type": "string" + "units": { + "description": "units is a list MachineConfig unit definitions and actions to take on changes to those services This list supports a maximum of 50 entries.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecUnit" + }, + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } } }, - "io.k8s.api.core.v1.GlusterfsPersistentVolumeSource": { - "description": "Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.", + "com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction": { "type": "object", "required": [ - "endpoints", - "path" + "type" ], "properties": { - "endpoints": { - "description": "endpoints is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string", - "default": "" + "reload": { + "description": "reload specifies the service to reload, only valid if type is reload", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ReloadService" }, - "endpointsNamespace": { - "description": "endpointsNamespace is the namespace that contains Glusterfs endpoint. If this field is empty, the EndpointNamespace defaults to the same namespace as the bound PVC. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "string" + "restart": { + "description": "restart specifies the service to restart, only valid if type is restart", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.RestartService" }, - "path": { - "description": "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "type": { + "description": "type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration", "type": "string", "default": "" - }, - "readOnly": { - "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "boolean" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "reload": "Reload", + "restart": "Restart" + } + } + ] }, - "io.k8s.api.core.v1.GlusterfsVolumeSource": { - "description": "Represents a Glusterfs mount that lasts the lifetime of a pod. Glusterfs volumes do not support ownership management or SELinux relabeling.", + "com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecFile": { + "description": "NodeDisruptionPolicySpecFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object", "type": "object", "required": [ - "endpoints", - "path" + "path", + "actions" ], "properties": { - "endpoints": { - "description": "endpoints is the endpoint name that details Glusterfs topology.", - "type": "string", - "default": "" + "actions": { + "description": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction" + }, + "x-kubernetes-list-type": "atomic" }, "path": { - "description": "path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", + "description": "path is the location of a file being managed through a MachineConfig. The Actions in the policy will apply to changes to the file at this path.", "type": "string", "default": "" - }, - "readOnly": { - "description": "readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod", - "type": "boolean" } } }, - "io.k8s.api.core.v1.HTTPGetAction": { - "description": "HTTPGetAction describes an action based on HTTP Get requests.", + "com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecSSHKey": { + "description": "NodeDisruptionPolicySpecSSHKey is actions to take for any SSHKey change and is used in the NodeDisruptionPolicyConfig object", "type": "object", "required": [ - "port" + "actions" ], "properties": { - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", - "type": "string" - }, - "httpHeaders": { - "description": "Custom headers to set in the request. HTTP allows repeated headers.", + "actions": { + "description": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.HTTPHeader" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction" }, "x-kubernetes-list-type": "atomic" - }, - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "description": "Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" - }, - "scheme": { - "description": "Scheme to use for connecting to the host. Defaults to HTTP.\n\nPossible enum values:\n - `\"HTTP\"` means that the scheme used will be http://\n - `\"HTTPS\"` means that the scheme used will be https://", - "type": "string", - "enum": [ - "HTTP", - "HTTPS" - ] } } }, - "io.k8s.api.core.v1.HTTPHeader": { - "description": "HTTPHeader describes a custom header to be used in HTTP probes", + "com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecUnit": { + "description": "NodeDisruptionPolicySpecUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object", "type": "object", "required": [ "name", - "value" + "actions" ], "properties": { + "actions": { + "description": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicySpecAction" + }, + "x-kubernetes-list-type": "atomic" + }, "name": { - "description": "The header field name. This will be canonicalized upon output, so case-variant names will be understood as the same header.", + "description": "name represents the service name of a systemd service managed through a MachineConfig Actions specified will be applied for changes to the named service. Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", "type": "string", "default": "" + } + } + }, + "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatus": { + "type": "object", + "properties": { + "clusterPolicies": { + "description": "clusterPolicies is a merge of cluster default and user provided node disruption policies.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyClusterStatus" + } + } + }, + "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction": { + "type": "object", + "required": [ + "type" + ], + "properties": { + "reload": { + "description": "reload specifies the service to reload, only valid if type is reload", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ReloadService" }, - "value": { - "description": "The header field value", + "restart": { + "description": "restart specifies the service to restart, only valid if type is restart", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.RestartService" + }, + "type": { + "description": "type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration", "type": "string", "default": "" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "reload": "Reload", + "restart": "Restart" + } + } + ] }, - "io.k8s.api.core.v1.HostAlias": { - "description": "HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file.", + "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusFile": { + "description": "NodeDisruptionPolicyStatusFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object", "type": "object", "required": [ - "ip" + "path", + "actions" ], "properties": { - "hostnames": { - "description": "Hostnames for the above IP address.", + "actions": { + "description": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction" }, "x-kubernetes-list-type": "atomic" }, - "ip": { - "description": "IP address of the host file entry.", + "path": { + "description": "path is the location of a file being managed through a MachineConfig. The Actions in the policy will apply to changes to the file at this path.", "type": "string", "default": "" } } }, - "io.k8s.api.core.v1.HostIP": { - "description": "HostIP represents a single IP address allocated to the host.", + "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusSSHKey": { + "description": "NodeDisruptionPolicyStatusSSHKey is actions to take for any SSHKey change and is used in the NodeDisruptionPolicyClusterStatus object", "type": "object", "required": [ - "ip" + "actions" ], "properties": { - "ip": { - "description": "IP is the IP address assigned to the host", - "type": "string", - "default": "" + "actions": { + "description": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction" + }, + "x-kubernetes-list-type": "atomic" } } }, - "io.k8s.api.core.v1.HostPathVolumeSource": { - "description": "Represents a host path mapped into a pod. Host path volumes do not support ownership management or SELinux relabeling.", + "com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusUnit": { + "description": "NodeDisruptionPolicyStatusUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object", "type": "object", "required": [ - "path" + "name", + "actions" ], "properties": { - "path": { - "description": "path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "type": "string", - "default": "" + "actions": { + "description": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeDisruptionPolicyStatusAction" + }, + "x-kubernetes-list-type": "atomic" }, - "type": { - "description": "type for HostPath Volume Defaults to \"\" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath\n\nPossible enum values:\n - `\"\"` For backwards compatible, leave it empty if unset\n - `\"BlockDevice\"` A block device must exist at the given path\n - `\"CharDevice\"` A character device must exist at the given path\n - `\"Directory\"` A directory must exist at the given path\n - `\"DirectoryOrCreate\"` If nothing exists at the given path, an empty directory will be created there as needed with file mode 0755, having the same group and ownership with Kubelet.\n - `\"File\"` A file must exist at the given path\n - `\"FileOrCreate\"` If nothing exists at the given path, an empty file will be created there as needed with file mode 0644, having the same group and ownership with Kubelet.\n - `\"Socket\"` A UNIX socket must exist at the given path", + "name": { + "description": "name represents the service name of a systemd service managed through a MachineConfig Actions specified will be applied for changes to the named service. Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", "type": "string", - "enum": [ - "", - "BlockDevice", - "CharDevice", - "Directory", - "DirectoryOrCreate", - "File", - "FileOrCreate", - "Socket" - ] + "default": "" } } }, - "io.k8s.api.core.v1.ISCSIPersistentVolumeSource": { - "description": "ISCSIPersistentVolumeSource represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.", + "com.github.openshift.api.operator.v1.NodePlacement": { + "description": "NodePlacement describes node scheduling configuration for an ingress controller.", "type": "object", - "required": [ - "targetPortal", - "iqn", - "lun" - ], "properties": { - "chapAuthDiscovery": { - "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", - "type": "boolean" - }, - "chapAuthSession": { - "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", - "type": "boolean" - }, - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", - "type": "string" - }, - "initiatorName": { - "description": "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection.", - "type": "string" - }, - "iqn": { - "description": "iqn is Target iSCSI Qualified Name.", - "type": "string", - "default": "" - }, - "iscsiInterface": { - "description": "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).", - "type": "string", - "default": "default" - }, - "lun": { - "description": "lun is iSCSI Target Lun number.", - "type": "integer", - "format": "int32", - "default": 0 + "nodeSelector": { + "description": "nodeSelector is the node selector applied to ingress controller deployments.\n\nIf set, the specified selector is used and replaces the default.\n\nIf unset, the default depends on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses status.\n\nWhen defaultPlacement is Workers, the default is:\n\n kubernetes.io/os: linux\n node-role.kubernetes.io/worker: ''\n\nWhen defaultPlacement is ControlPlane, the default is:\n\n kubernetes.io/os: linux\n node-role.kubernetes.io/master: ''\n\nThese defaults are subject to change.\n\nNote that using nodeSelector.matchExpressions is not supported. Only nodeSelector.matchLabels may be used. This is a limitation of the Kubernetes API: the pod spec does not allow complex expressions for node selectors.", + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "portals": { - "description": "portals is the iSCSI Target Portal List. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", + "tolerations": { + "description": "tolerations is a list of tolerations applied to ingress controller deployments.\n\nThe default is an empty list.\n\nSee https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/Toleration.v1.core.api.k8s.io" }, "x-kubernetes-list-type": "atomic" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", - "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" - }, - "targetPortal": { - "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", - "type": "string", - "default": "" } } }, - "io.k8s.api.core.v1.ISCSIVolumeSource": { - "description": "Represents an ISCSI disk. ISCSI volumes can only be mounted as read/write once. ISCSI volumes support ownership management and SELinux relabeling.", + "com.github.openshift.api.operator.v1.NodePortStrategy": { + "description": "NodePortStrategy holds parameters for the NodePortService endpoint publishing strategy.", + "type": "object", + "properties": { + "protocol": { + "description": "protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string. * \"TCP\". * \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change.", + "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.NodeStatus": { + "description": "NodeStatus provides information about the current state of a particular node managed by this operator.", "type": "object", "required": [ - "targetPortal", - "iqn", - "lun" + "nodeName" ], "properties": { - "chapAuthDiscovery": { - "description": "chapAuthDiscovery defines whether support iSCSI Discovery CHAP authentication", - "type": "boolean" - }, - "chapAuthSession": { - "description": "chapAuthSession defines whether support iSCSI Session CHAP authentication", - "type": "boolean" + "currentRevision": { + "description": "currentRevision is the generation of the most recently successful deployment. Can not be set on creation of a nodeStatus. Updates must only increase the value.", + "type": "integer", + "format": "int32" }, - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi", - "type": "string" + "lastFailedCount": { + "description": "lastFailedCount is how often the installer pod of the last failed revision failed.", + "type": "integer", + "format": "int32" }, - "initiatorName": { - "description": "initiatorName is the custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection.", + "lastFailedReason": { + "description": "lastFailedReason is a machine readable failure reason string.", "type": "string" }, - "iqn": { - "description": "iqn is the target iSCSI Qualified Name.", - "type": "string", - "default": "" - }, - "iscsiInterface": { - "description": "iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp).", - "type": "string", - "default": "default" - }, - "lun": { - "description": "lun represents iSCSI Target Lun number.", + "lastFailedRevision": { + "description": "lastFailedRevision is the generation of the deployment we tried and failed to deploy.", "type": "integer", - "format": "int32", - "default": 0 + "format": "int32" }, - "portals": { - "description": "portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", + "lastFailedRevisionErrors": { + "description": "lastFailedRevisionErrors is a list of human readable errors during the failed deployment referenced in lastFailedRevision.", "type": "array", "items": { "type": "string", @@ -44959,249 +45934,294 @@ }, "x-kubernetes-list-type": "atomic" }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false.", - "type": "boolean" + "lastFailedTime": { + "description": "lastFailedTime is the time the last failed revision failed the last time.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "secretRef": { - "description": "secretRef is the CHAP Secret for iSCSI target and initiator authentication", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + "lastFallbackCount": { + "description": "lastFallbackCount is how often a fallback to a previous revision happened.", + "type": "integer", + "format": "int32" }, - "targetPortal": { - "description": "targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260).", + "nodeName": { + "description": "nodeName is the name of the node", "type": "string", "default": "" + }, + "targetRevision": { + "description": "targetRevision is the generation of the deployment we're trying to apply. Can not be set on creation of a nodeStatus.", + "type": "integer", + "format": "int32" } } }, - "io.k8s.api.core.v1.ImageVolumeSource": { - "description": "ImageVolumeSource represents a image volume resource.", + "com.github.openshift.api.operator.v1.OAuthAPIServerStatus": { "type": "object", "properties": { - "pullPolicy": { - "description": "Policy for pulling OCI objects. Possible values are: Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.\n\nPossible enum values:\n - `\"Always\"` means that kubelet always attempts to pull the latest image. Container will fail If the pull fails.\n - `\"IfNotPresent\"` means that kubelet pulls if the image isn't present on disk. Container will fail if the image isn't present and the pull fails.\n - `\"Never\"` means that kubelet never pulls an image, but only uses a local image. Container will fail if the image isn't present", - "type": "string", - "enum": [ - "Always", - "IfNotPresent", - "Never" - ] + "latestAvailableRevision": { + "description": "latestAvailableRevision is the latest revision used as suffix of revisioned secrets like encryption-config. A new revision causes a new deployment of pods.", + "type": "integer", + "format": "int32" + } + } + }, + "com.github.openshift.api.operator.v1.OLM": { + "description": "OLM provides information to configure an operator to manage the OLM controllers\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "metadata", + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "reference": { - "description": "Required: Image or artifact reference to be used. Behaves in the same way as pod.spec.containers[*].image. Pull secrets will be assembled in the same way as for the container image by looking up node credentials, SA image pull secrets, and pod spec image pull secrets. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OLMSpec" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OLMStatus" } } }, - "io.k8s.api.core.v1.KeyToPath": { - "description": "Maps a string key to a path within a volume.", + "com.github.openshift.api.operator.v1.OLMList": { + "description": "OLMList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "key", - "path" + "metadata", + "items" ], "properties": { - "key": { - "description": "key is the key to project.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "mode": { - "description": "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" + "items": { + "description": "items contains the items", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OLM" + } }, - "path": { - "description": "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.Lifecycle": { - "description": "Lifecycle describes actions that the management system should take in response to container lifecycle events. For the PostStart and PreStop lifecycle handlers, management of the container blocks until the action is complete, unless the container process fails, in which case the handler is aborted.", + "com.github.openshift.api.operator.v1.OLMSpec": { "type": "object", + "required": [ + "managementState" + ], "properties": { - "postStart": { - "description": "PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "$ref": "#/definitions/io.k8s.api.core.v1.LifecycleHandler" - }, - "preStop": { - "description": "PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks", - "$ref": "#/definitions/io.k8s.api.core.v1.LifecycleHandler" + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" }, - "stopSignal": { - "description": "StopSignal defines which signal will be sent to a container when it is being stopped. If not specified, the default is defined by the container runtime in use. StopSignal can only be set for Pods with a non-empty .spec.os.name\n\nPossible enum values:\n - `\"SIGABRT\"`\n - `\"SIGALRM\"`\n - `\"SIGBUS\"`\n - `\"SIGCHLD\"`\n - `\"SIGCLD\"`\n - `\"SIGCONT\"`\n - `\"SIGFPE\"`\n - `\"SIGHUP\"`\n - `\"SIGILL\"`\n - `\"SIGINT\"`\n - `\"SIGIO\"`\n - `\"SIGIOT\"`\n - `\"SIGKILL\"`\n - `\"SIGPIPE\"`\n - `\"SIGPOLL\"`\n - `\"SIGPROF\"`\n - `\"SIGPWR\"`\n - `\"SIGQUIT\"`\n - `\"SIGRTMAX\"`\n - `\"SIGRTMAX-1\"`\n - `\"SIGRTMAX-10\"`\n - `\"SIGRTMAX-11\"`\n - `\"SIGRTMAX-12\"`\n - `\"SIGRTMAX-13\"`\n - `\"SIGRTMAX-14\"`\n - `\"SIGRTMAX-2\"`\n - `\"SIGRTMAX-3\"`\n - `\"SIGRTMAX-4\"`\n - `\"SIGRTMAX-5\"`\n - `\"SIGRTMAX-6\"`\n - `\"SIGRTMAX-7\"`\n - `\"SIGRTMAX-8\"`\n - `\"SIGRTMAX-9\"`\n - `\"SIGRTMIN\"`\n - `\"SIGRTMIN+1\"`\n - `\"SIGRTMIN+10\"`\n - `\"SIGRTMIN+11\"`\n - `\"SIGRTMIN+12\"`\n - `\"SIGRTMIN+13\"`\n - `\"SIGRTMIN+14\"`\n - `\"SIGRTMIN+15\"`\n - `\"SIGRTMIN+2\"`\n - `\"SIGRTMIN+3\"`\n - `\"SIGRTMIN+4\"`\n - `\"SIGRTMIN+5\"`\n - `\"SIGRTMIN+6\"`\n - `\"SIGRTMIN+7\"`\n - `\"SIGRTMIN+8\"`\n - `\"SIGRTMIN+9\"`\n - `\"SIGSEGV\"`\n - `\"SIGSTKFLT\"`\n - `\"SIGSTOP\"`\n - `\"SIGSYS\"`\n - `\"SIGTERM\"`\n - `\"SIGTRAP\"`\n - `\"SIGTSTP\"`\n - `\"SIGTTIN\"`\n - `\"SIGTTOU\"`\n - `\"SIGURG\"`\n - `\"SIGUSR1\"`\n - `\"SIGUSR2\"`\n - `\"SIGVTALRM\"`\n - `\"SIGWINCH\"`\n - `\"SIGXCPU\"`\n - `\"SIGXFSZ\"`", + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", - "enum": [ - "SIGABRT", - "SIGALRM", - "SIGBUS", - "SIGCHLD", - "SIGCLD", - "SIGCONT", - "SIGFPE", - "SIGHUP", - "SIGILL", - "SIGINT", - "SIGIO", - "SIGIOT", - "SIGKILL", - "SIGPIPE", - "SIGPOLL", - "SIGPROF", - "SIGPWR", - "SIGQUIT", - "SIGRTMAX", - "SIGRTMAX-1", - "SIGRTMAX-10", - "SIGRTMAX-11", - "SIGRTMAX-12", - "SIGRTMAX-13", - "SIGRTMAX-14", - "SIGRTMAX-2", - "SIGRTMAX-3", - "SIGRTMAX-4", - "SIGRTMAX-5", - "SIGRTMAX-6", - "SIGRTMAX-7", - "SIGRTMAX-8", - "SIGRTMAX-9", - "SIGRTMIN", - "SIGRTMIN+1", - "SIGRTMIN+10", - "SIGRTMIN+11", - "SIGRTMIN+12", - "SIGRTMIN+13", - "SIGRTMIN+14", - "SIGRTMIN+15", - "SIGRTMIN+2", - "SIGRTMIN+3", - "SIGRTMIN+4", - "SIGRTMIN+5", - "SIGRTMIN+6", - "SIGRTMIN+7", - "SIGRTMIN+8", - "SIGRTMIN+9", - "SIGSEGV", - "SIGSTKFLT", - "SIGSTOP", - "SIGSYS", - "SIGTERM", - "SIGTRAP", - "SIGTSTP", - "SIGTTIN", - "SIGTTOU", - "SIGURG", - "SIGUSR1", - "SIGUSR2", - "SIGVTALRM", - "SIGWINCH", - "SIGXCPU", - "SIGXFSZ" - ] + "default": "" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.LifecycleHandler": { - "description": "LifecycleHandler defines a specific action that should be taken in a lifecycle hook. One and only one of the fields, except TCPSocket must be specified.", + "com.github.openshift.api.operator.v1.OLMStatus": { "type": "object", "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "$ref": "#/definitions/io.k8s.api.core.v1.ExecAction" + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "$ref": "#/definitions/io.k8s.api.core.v1.HTTPGetAction" + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "sleep": { - "description": "Sleep represents a duration that the container should sleep.", - "$ref": "#/definitions/io.k8s.api.core.v1.SleepAction" + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" }, - "tcpSocket": { - "description": "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for backward compatibility. There is no validation of this field and lifecycle hooks will fail at runtime when it is specified.", - "$ref": "#/definitions/io.k8s.api.core.v1.TCPSocketAction" + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } } }, - "io.k8s.api.core.v1.LimitRange": { - "description": "LimitRange sets resource usage limits for each kind of resource in a Namespace.", + "com.github.openshift.api.operator.v1.OVNKubernetesConfig": { + "description": "ovnKubernetesConfig contains the configuration parameters for networks using the ovn-kubernetes network project", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "bgpManagedConfig": { + "description": "bgpManagedConfig configures the BGP properties for networks (default network or CUDNs) in no-overlay mode that specify routing=\"Managed\" in their noOverlayConfig. It is required when noOverlayConfig.routing is set to \"Managed\". When omitted, this means the user does not configure BGP for managed routing. This field can be set at installation time or on day 2, and can be modified at any time.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.BGPManagedConfig" + }, + "egressIPConfig": { + "description": "egressIPConfig holds the configuration for EgressIP options.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.EgressIPConfig" + }, + "gatewayConfig": { + "description": "gatewayConfig holds the configuration for node gateway options.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GatewayConfig" + }, + "genevePort": { + "description": "geneve port is the UDP port to be used by geneve encapulation. Default is 6081", + "type": "integer", + "format": "int64" + }, + "hybridOverlayConfig": { + "description": "hybridOverlayConfig configures an additional overlay network for peers that are not using OVN.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.HybridOverlayConfig" + }, + "ipsecConfig": { + "description": "ipsecConfig enables and configures IPsec for pods on the pod network within the cluster.", + "default": { + "mode": "Disabled" + }, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPsecConfig" + }, + "ipv4": { + "description": "ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPv4OVNKubernetesConfig" + }, + "ipv6": { + "description": "ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPv6OVNKubernetesConfig" + }, + "mtu": { + "description": "mtu is the MTU to use for the tunnel interface. This must be 100 bytes smaller than the uplink mtu. Default is 1400", + "type": "integer", + "format": "int64" + }, + "noOverlayConfig": { + "description": "noOverlayConfig contains configuration for no-overlay mode. This configuration applies to the default network only. It is required when transport is \"NoOverlay\". When omitted, this means the user does not configure no-overlay mode options.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NoOverlayConfig" + }, + "policyAuditConfig": { + "description": "policyAuditConfig is the configuration for network policy audit events. If unset, reported defaults are used.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.PolicyAuditConfig" + }, + "routeAdvertisements": { + "description": "routeAdvertisements determines if the functionality to advertise cluster network routes through a dynamic routing protocol, such as BGP, is enabled or not. This functionality is configured through the ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing capability provider to be enabled as an additional routing capability. Allowed values are \"Enabled\", \"Disabled\" and ommited. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is \"Disabled\".", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "transport": { + "description": "transport sets the transport mode for pods on the default network. Allowed values are \"NoOverlay\" and \"Geneve\". \"NoOverlay\" avoids tunnel encapsulation, routing pod traffic directly between nodes. \"Geneve\" encapsulates pod traffic using Geneve tunnels between nodes. When omitted, this means the user has no opinion and the platform chooses a reasonable default which is subject to change over time. The current default is \"Geneve\". \"NoOverlay\" can only be set at installation time and cannot be changed afterwards. \"Geneve\" may be set explicitly at any time to lock in the current default.", "type": "string" }, - "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "v4InternalSubnet": { + "description": "v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. Default is 100.64.0.0/16", + "type": "string" }, - "spec": { - "description": "Spec defines the limits enforced. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.LimitRangeSpec" + "v6InternalSubnet": { + "description": "v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. Default is fd98::/64", + "type": "string" } } }, - "io.k8s.api.core.v1.LimitRangeItem": { - "description": "LimitRangeItem defines a min/max usage limit for any resource that matches on kind.", + "com.github.openshift.api.operator.v1.OpenShiftAPIServer": { + "description": "OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "type" + "metadata", + "spec" ], "properties": { - "default": { - "description": "Default resource requirement limit value by resource name if resource limit is omitted.", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" - } - }, - "defaultRequest": { - "description": "DefaultRequest is the default resource requirement request value by resource name if resource request is omitted.", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" - } + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "max": { - "description": "Max usage constraints on this kind by resource name.", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" - } + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "maxLimitRequestRatio": { - "description": "MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource.", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" - } + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "min": { - "description": "Min usage constraints on this kind by resource name.", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" - } + "spec": { + "description": "spec is the specification of the desired behavior of the OpenShift API Server.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftAPIServerSpec" }, - "type": { - "description": "Type of resource that this limit applies to.", - "type": "string", - "default": "" + "status": { + "description": "status defines the observed status of the OpenShift API Server.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftAPIServerStatus" } } }, - "io.k8s.api.core.v1.LimitRangeList": { - "description": "LimitRangeList is a list of LimitRange items.", + "com.github.openshift.api.operator.v1.OpenShiftAPIServerList": { + "description": "OpenShiftAPIServerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -45210,11 +46230,11 @@ "type": "string" }, "items": { - "description": "Items is a list of LimitRange objects. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", + "description": "items contains the items", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.LimitRange" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftAPIServer" } }, "kind": { @@ -45222,955 +46242,1034 @@ "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.LimitRangeSpec": { - "description": "LimitRangeSpec defines a min/max usage limit for resources that match on kind.", + "com.github.openshift.api.operator.v1.OpenShiftAPIServerSpec": { "type": "object", "required": [ - "limits" + "managementState" ], "properties": { - "limits": { - "description": "Limits is the list of LimitRangeItem objects that are enforced.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.LimitRangeItem" - }, - "x-kubernetes-list-type": "atomic" + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.LinuxContainerUser": { - "description": "LinuxContainerUser represents user identity information in Linux containers", + "com.github.openshift.api.operator.v1.OpenShiftAPIServerStatus": { "type": "object", - "required": [ - "uid", - "gid" - ], "properties": { - "gid": { - "description": "GID is the primary gid initially attached to the first process in the container", - "type": "integer", - "format": "int64", - "default": 0 + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "supplementalGroups": { - "description": "SupplementalGroups are the supplemental groups initially attached to the first process in the container", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { - "type": "integer", - "format": "int64", - "default": 0 + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "uid": { - "description": "UID is the primary uid initially attached to the first process in the container", + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", "type": "integer", - "format": "int64", + "format": "int32" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } } }, - "io.k8s.api.core.v1.List": { - "description": "List holds a list of objects, which may not be known by the server.", + "com.github.openshift.api.operator.v1.OpenShiftControllerManager": { + "description": "OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "items" + "metadata", + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "List of objects", - "type": "array", - "items": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - } - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "io.k8s.api.core.v1.LoadBalancerIngress": { - "description": "LoadBalancerIngress represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.", - "type": "object", - "properties": { - "hostname": { - "description": "Hostname is set for load-balancer ingress points that are DNS based (typically AWS load-balancers)", - "type": "string" - }, - "ip": { - "description": "IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers)", - "type": "string" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "ipMode": { - "description": "IPMode specifies how the load-balancer IP behaves, and may only be specified when the ip field is specified. Setting this to \"VIP\" indicates that traffic is delivered to the node with the destination set to the load-balancer's IP and port. Setting this to \"Proxy\" indicates that traffic is delivered to the node or pod with the destination set to the node's IP and node port or the pod's IP and port. Service implementations may use this information to adjust traffic routing.", - "type": "string" + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftControllerManagerSpec" }, - "ports": { - "description": "Ports is a list of records of service ports If used, every port defined in the service should have an entry in it", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PortStatus" - }, - "x-kubernetes-list-type": "atomic" + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftControllerManagerStatus" } } }, - "io.k8s.api.core.v1.LoadBalancerStatus": { - "description": "LoadBalancerStatus represents the status of a load-balancer.", + "com.github.openshift.api.operator.v1.OpenShiftControllerManagerList": { + "description": "OpenShiftControllerManagerList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { - "ingress": { - "description": "Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items contains the items", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.LoadBalancerIngress" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenShiftControllerManager" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.LocalObjectReference": { - "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", - "type": "object", - "properties": { - "name": { - "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string", - "default": "" - } - }, - "x-kubernetes-map-type": "atomic" - }, - "io.k8s.api.core.v1.LocalVolumeSource": { - "description": "Local represents directly-attached storage with node affinity", + "com.github.openshift.api.operator.v1.OpenShiftControllerManagerSpec": { "type": "object", "required": [ - "path" + "managementState" ], "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. It applies only when the Path is a block device. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". The default value is to auto-select a filesystem if unspecified.", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "path": { - "description": "path of the full path to the volume on the node. It can be either a directory or block device (disk, partition, ...).", + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", "default": "" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.ModifyVolumeStatus": { - "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation", + "com.github.openshift.api.operator.v1.OpenShiftControllerManagerStatus": { "type": "object", - "required": [ - "status" - ], "properties": { - "status": { - "description": "status is the status of the ControllerModifyVolume operation. It can be in any of following states:\n - Pending\n Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as\n the specified VolumeAttributesClass not existing.\n - InProgress\n InProgress indicates that the volume is being modified.\n - Infeasible\n Infeasible indicates that the request has been rejected as invalid by the CSI driver. To\n\t resolve the error, a valid VolumeAttributesClass needs to be specified.\nNote: New statuses can be added in the future. Consumers should check for unknown statuses and fail appropriately.\n\nPossible enum values:\n - `\"InProgress\"` InProgress indicates that the volume is being modified\n - `\"Infeasible\"` Infeasible indicates that the request has been rejected as invalid by the CSI driver. To resolve the error, a valid VolumeAttributesClass needs to be specified\n - `\"Pending\"` Pending indicates that the PersistentVolumeClaim cannot be modified due to unmet requirements, such as the specified VolumeAttributesClass not existing", - "type": "string", - "default": "", - "enum": [ - "InProgress", - "Infeasible", - "Pending" - ] + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "targetVolumeAttributesClassName": { - "description": "targetVolumeAttributesClassName is the name of the VolumeAttributesClass the PVC currently being reconciled", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" + }, + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", "type": "string" } } }, - "io.k8s.api.core.v1.NFSVolumeSource": { - "description": "Represents an NFS mount that lasts the lifetime of a pod. NFS volumes do not support ownership management or SELinux relabeling.", + "com.github.openshift.api.operator.v1.OpenShiftSDNConfig": { + "description": "OpenShiftSDNConfig was used to configure the OpenShift SDN plugin. It is no longer used.", "type": "object", "required": [ - "server", - "path" + "mode" ], "properties": { - "path": { - "description": "path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "enableUnidling": { + "description": "enableUnidling controls whether or not the service proxy will support idling and unidling of services. By default, unidling is enabled.", + "type": "boolean" + }, + "mode": { + "description": "mode is one of \"Multitenant\", \"Subnet\", or \"NetworkPolicy\"", "type": "string", "default": "" }, - "readOnly": { - "description": "readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", + "mtu": { + "description": "mtu is the mtu to use for the tunnel interface. Defaults to 1450 if unset. This must be 50 bytes smaller than the machine's uplink.", + "type": "integer", + "format": "int64" + }, + "useExternalOpenvswitch": { + "description": "useExternalOpenvswitch used to control whether the operator would deploy an OVS DaemonSet itself or expect someone else to start OVS. As of 4.6, OVS is always run as a system service, and this flag is ignored.", "type": "boolean" }, - "server": { - "description": "server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "type": "string", - "default": "" + "vxlanPort": { + "description": "vxlanPort is the port to use for all vxlan packets. The default is 4789.", + "type": "integer", + "format": "int64" } } }, - "io.k8s.api.core.v1.Namespace": { - "description": "Namespace provides a scope for Names. Use of multiple namespaces is optional.", + "com.github.openshift.api.operator.v1.OpenStackLoadBalancerParameters": { + "description": "OpenStackLoadBalancerParameters provides configuration settings that are specific to OpenStack load balancers.", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "floatingIP": { + "description": "floatingIP specifies the IP address that the load balancer will use. When not specified, an IP address will be assigned randomly by the OpenStack cloud provider. When specified, the floating IP has to be pre-created. If the specified value is not a floating IP or is already claimed, the OpenStack cloud provider won't be able to provision the load balancer. This field may only be used if the IngressController has External scope. This value must be a valid IPv4 or IPv6 address.", "type": "string" - }, - "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "Spec defines the behavior of the Namespace. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.NamespaceSpec" - }, - "status": { - "description": "Status describes the current status of a Namespace. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.NamespaceStatus" } } }, - "io.k8s.api.core.v1.NamespaceCondition": { - "description": "NamespaceCondition contains details about state of namespace.", + "com.github.openshift.api.operator.v1.OperatorCondition": { + "description": "OperatorCondition is just the standard condition fields.", "type": "object", "required": [ "type", - "status" + "status", + "lastTransitionTime" ], "properties": { "lastTransitionTime": { - "description": "Last time the condition transitioned from one status to another.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, "message": { - "description": "Human-readable message indicating details about last transition.", "type": "string" }, "reason": { - "description": "Unique, one-word, CamelCase reason for the condition's last transition.", "type": "string" }, "status": { - "description": "Status of the condition, one of True, False, Unknown.", + "description": "status of the condition, one of True, False, Unknown.", "type": "string", "default": "" }, "type": { - "description": "Type of namespace controller condition.", + "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", "type": "string", "default": "" } } }, - "io.k8s.api.core.v1.NamespaceList": { - "description": "NamespaceList is a list of Namespaces.", + "com.github.openshift.api.operator.v1.OperatorSpec": { + "description": "OperatorSpec contains common fields operators need. It is intended to be anonymous included inside of the Spec struct for your particular operator.", "type": "object", "required": [ - "items" + "managementState" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "items": { - "description": "Items is the list of Namespace objects in the list. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.Namespace" - } + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.NamespaceSpec": { - "description": "NamespaceSpec describes the attributes on a Namespace.", + "com.github.openshift.api.operator.v1.OperatorStatus": { "type": "object", "properties": { - "finalizers": { - "description": "Finalizers is an opaque list of values that must be empty to permanently remove object from storage. More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/", + "conditions": { + "description": "conditions is a list of conditions and their status", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" }, - "x-kubernetes-list-type": "atomic" - } - } - }, - "io.k8s.api.core.v1.NamespaceStatus": { - "description": "NamespaceStatus is information about the current status of a Namespace.", - "type": "object", - "properties": { - "conditions": { - "description": "Represents the latest available observations of a namespace's current state.", + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + }, + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.NamespaceCondition" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" }, "x-kubernetes-list-map-keys": [ - "type" + "group", + "resource", + "namespace", + "name" ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + "x-kubernetes-list-type": "map" }, - "phase": { - "description": "Phase is the current lifecycle phase of the namespace. More info: https://kubernetes.io/docs/tasks/administer-cluster/namespaces/\n\nPossible enum values:\n - `\"Active\"` means the namespace is available for use in the system\n - `\"Terminating\"` means the namespace is undergoing graceful termination", - "type": "string", - "enum": [ - "Active", - "Terminating" - ] + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", + "type": "string" } } }, - "io.k8s.api.core.v1.Node": { - "description": "Node is a worker node in Kubernetes. Each node will have a unique identifier in the cache (i.e. in etcd).", + "com.github.openshift.api.operator.v1.PartialSelector": { + "description": "PartialSelector provides label selector(s) that can be used to match machine management resources.", "type": "object", + "required": [ + "machineResourceSelector" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "machineResourceSelector": { + "description": "machineResourceSelector is a label selector that can be used to select machine resources like MachineSets.", + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.operator.v1.Perspective": { + "description": "Perspective defines a perspective that cluster admins want to show/hide in the perspective switcher dropdown", + "type": "object", + "required": [ + "id", + "visibility" + ], + "properties": { + "id": { + "description": "id defines the id of the perspective. Example: \"dev\", \"admin\". The available perspective ids can be found in the code snippet section next to the yaml editor. Incorrect or unknown ids will be ignored.", + "type": "string", + "default": "" }, - "spec": { - "description": "Spec defines the behavior of a node. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.NodeSpec" + "pinnedResources": { + "description": "pinnedResources defines the list of default pinned resources that users will see on the perspective navigation if they have not customized these pinned resources themselves. The list of available Kubernetes resources could be read via `kubectl api-resources`. The console will also provide a configuration UI and a YAML snippet that will list the available resources that can be pinned to the navigation. Incorrect or unknown resources will be ignored.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.PinnedResourceReference" + } }, - "status": { - "description": "Most recently observed status of the node. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "visibility": { + "description": "visibility defines the state of perspective along with access review checks if needed for that perspective.", "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.NodeStatus" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.PerspectiveVisibility" } } }, - "io.k8s.api.core.v1.NodeAddress": { - "description": "NodeAddress contains information for the node's address.", + "com.github.openshift.api.operator.v1.PerspectiveVisibility": { + "description": "PerspectiveVisibility defines the criteria to show/hide a perspective", "type": "object", "required": [ - "type", - "address" + "state" ], "properties": { - "address": { - "description": "The node address.", + "accessReview": { + "description": "accessReview defines required and missing access review checks.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ResourceAttributesAccessReview" + }, + "state": { + "description": "state defines the perspective is enabled or disabled or access review check is required.", + "type": "string", + "default": "" + } + }, + "x-kubernetes-unions": [ + { + "discriminator": "state", + "fields-to-discriminateBy": { + "accessReview": "AccessReview" + } + } + ] + }, + "com.github.openshift.api.operator.v1.PinnedResourceReference": { + "description": "PinnedResourceReference includes the group, version and type of resource", + "type": "object", + "required": [ + "group", + "version", + "resource" + ], + "properties": { + "group": { + "description": "group is the API Group of the Resource. Enter empty string for the core group. This value should consist of only lowercase alphanumeric characters, hyphens and periods. Example: \"\", \"apps\", \"build.openshift.io\", etc.", "type": "string", "default": "" }, - "type": { - "description": "Node address type, one of Hostname, ExternalIP or InternalIP.", + "resource": { + "description": "resource is the type that is being referenced. It is normally the plural form of the resource kind in lowercase. This value should consist of only lowercase alphanumeric characters and hyphens. Example: \"deployments\", \"deploymentconfigs\", \"pods\", etc.", + "type": "string", + "default": "" + }, + "version": { + "description": "version is the API Version of the Resource. This value should consist of only lowercase alphanumeric characters. Example: \"v1\", \"v1beta1\", etc.", "type": "string", "default": "" } } }, - "io.k8s.api.core.v1.NodeAffinity": { - "description": "Node affinity is a group of node affinity scheduling rules.", + "com.github.openshift.api.operator.v1.PolicyAuditConfig": { "type": "object", "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred.", + "destination": { + "description": "destination is the location for policy log messages. Regardless of this config, persistent logs will always be dumped to the host at /var/log/ovn/ however Additionally syslog output may be configured as follows. Valid values are: - \"libc\" -> to use the libc syslog() function of the host node's journdald process - \"udp:host:port\" -> for sending syslog over UDP - \"unix:file\" -> for using the UNIX domain socket directly - \"null\" -> to discard all messages logged to syslog The default is \"null\"", + "type": "string" + }, + "maxFileSize": { + "description": "maxFilesSize is the max size an ACL_audit log file is allowed to reach before rotation occurs Units are in MB and the Default is 50MB", + "type": "integer", + "format": "int64" + }, + "maxLogFiles": { + "description": "maxLogFiles specifies the maximum number of ACL_audit log files that can be present.", + "type": "integer", + "format": "int32" + }, + "rateLimit": { + "description": "rateLimit is the approximate maximum number of messages to generate per-second per-node. If unset the default of 20 msg/sec is used.", + "type": "integer", + "format": "int64" + }, + "syslogFacility": { + "description": "syslogFacility the RFC5424 facility for generated messages, e.g. \"kern\". Default is \"local0\"", + "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.PrivateStrategy": { + "description": "PrivateStrategy holds parameters for the Private endpoint publishing strategy.", + "type": "object", + "properties": { + "protocol": { + "description": "protocol specifies whether the IngressController expects incoming connections to use plain TCP or whether the IngressController expects PROXY protocol.\n\nPROXY protocol can be used with load balancers that support it to communicate the source addresses of client connections when forwarding those connections to the IngressController. Using PROXY protocol enables the IngressController to report those source addresses instead of reporting the load balancer's address in HTTP headers and logs. Note that enabling PROXY protocol on the IngressController will cause connections to fail if you are not using a load balancer that uses PROXY protocol to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt for information about PROXY protocol.\n\nThe following values are valid for this field:\n\n* The empty string. * \"TCP\". * \"PROXY\".\n\nThe empty string specifies the default, which is TCP without PROXY protocol. Note that the default is subject to change.", + "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.ProjectAccess": { + "description": "ProjectAccess contains options for project access roles", + "type": "object", + "properties": { + "availableClusterRoles": { + "description": "availableClusterRoles is the list of ClusterRole names that are assignable to users through the project access tab.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PreferredSchedulingTerm" - }, - "x-kubernetes-list-type": "atomic" - }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node.", - "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelector" + "type": "string", + "default": "" + } } } }, - "io.k8s.api.core.v1.NodeCondition": { - "description": "NodeCondition contains condition information for a node.", + "com.github.openshift.api.operator.v1.ProviderLoadBalancerParameters": { + "description": "ProviderLoadBalancerParameters holds desired load balancer information specific to the underlying infrastructure provider.", "type": "object", "required": [ - "type", - "status" + "type" ], "properties": { - "lastHeartbeatTime": { - "description": "Last time we got an update on a given condition.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "lastTransitionTime": { - "description": "Last time the condition transit from one status to another.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "aws": { + "description": "aws provides configuration settings that are specific to AWS load balancers.\n\nIf empty, defaults will be applied. See specific aws fields for details about their defaults.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.AWSLoadBalancerParameters" }, - "message": { - "description": "Human readable message indicating details about last transition.", - "type": "string" + "gcp": { + "description": "gcp provides configuration settings that are specific to GCP load balancers.\n\nIf empty, defaults will be applied. See specific gcp fields for details about their defaults.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GCPLoadBalancerParameters" }, - "reason": { - "description": "(brief) reason for the condition's last transition.", - "type": "string" + "ibm": { + "description": "ibm provides configuration settings that are specific to IBM Cloud load balancers.\n\nIf empty, defaults will be applied. See specific ibm fields for details about their defaults.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IBMLoadBalancerParameters" }, - "status": { - "description": "Status of the condition, one of True, False, Unknown.", - "type": "string", - "default": "" + "openstack": { + "description": "openstack provides configuration settings that are specific to OpenStack load balancers.\n\nIf empty, defaults will be applied. See specific openstack fields for details about their defaults.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OpenStackLoadBalancerParameters" }, "type": { - "description": "Type of node condition.", + "description": "type is the underlying infrastructure provider for the load balancer. Allowed values are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"IBM\", \"Nutanix\", \"OpenStack\", and \"VSphere\".", "type": "string", "default": "" } - } - }, - "io.k8s.api.core.v1.NodeConfigSource": { - "description": "NodeConfigSource specifies a source of node configuration. Exactly one subfield (excluding metadata) must be non-nil. This API is deprecated since 1.22", - "type": "object", - "properties": { - "configMap": { - "description": "ConfigMap is a reference to a Node's ConfigMap", - "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapNodeConfigSource" + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "aws": "AWS", + "gcp": "GCP", + "ibm": "IBM", + "openstack": "OpenStack" + } } - } + ] }, - "io.k8s.api.core.v1.NodeConfigStatus": { - "description": "NodeConfigStatus describes the status of the config assigned by Node.Spec.ConfigSource.", + "com.github.openshift.api.operator.v1.ProxyConfig": { + "description": "ProxyConfig defines the configuration knobs for kubeproxy All of these are optional and have sensible defaults", "type": "object", "properties": { - "active": { - "description": "Active reports the checkpointed config the node is actively using. Active will represent either the current version of the Assigned config, or the current LastKnownGood config, depending on whether attempting to use the Assigned config results in an error.", - "$ref": "#/definitions/io.k8s.api.core.v1.NodeConfigSource" - }, - "assigned": { - "description": "Assigned reports the checkpointed config the node will try to use. When Node.Spec.ConfigSource is updated, the node checkpoints the associated config payload to local disk, along with a record indicating intended config. The node refers to this record to choose its config checkpoint, and reports this record in Assigned. Assigned only updates in the status after the record has been checkpointed to disk. When the Kubelet is restarted, it tries to make the Assigned config the Active config by loading and validating the checkpointed payload identified by Assigned.", - "$ref": "#/definitions/io.k8s.api.core.v1.NodeConfigSource" + "bindAddress": { + "description": "The address to \"bind\" on Defaults to 0.0.0.0", + "type": "string" }, - "error": { - "description": "Error describes any problems reconciling the Spec.ConfigSource to the Active config. Errors may occur, for example, attempting to checkpoint Spec.ConfigSource to the local Assigned record, attempting to checkpoint the payload associated with Spec.ConfigSource, attempting to load or validate the Assigned config, etc. Errors may occur at different points while syncing config. Earlier errors (e.g. download or checkpointing errors) will not result in a rollback to LastKnownGood, and may resolve across Kubelet retries. Later errors (e.g. loading or validating a checkpointed config) will result in a rollback to LastKnownGood. In the latter case, it is usually possible to resolve the error by fixing the config assigned in Spec.ConfigSource. You can find additional information for debugging by searching the error message in the Kubelet log. Error is a human-readable description of the error state; machines can check whether or not Error is empty, but should not rely on the stability of the Error text across Kubelet versions.", + "iptablesSyncPeriod": { + "description": "An internal kube-proxy parameter. In older releases of OCP, this sometimes needed to be adjusted in large clusters for performance reasons, but this is no longer necessary, and there is no reason to change this from the default value. Default: 30s", "type": "string" }, - "lastKnownGood": { - "description": "LastKnownGood reports the checkpointed config the node will fall back to when it encounters an error attempting to use the Assigned config. The Assigned config becomes the LastKnownGood config when the node determines that the Assigned config is stable and correct. This is currently implemented as a 10-minute soak period starting when the local record of Assigned config is updated. If the Assigned config is Active at the end of this period, it becomes the LastKnownGood. Note that if Spec.ConfigSource is reset to nil (use local defaults), the LastKnownGood is also immediately reset to nil, because the local default config is always assumed good. You should not make assumptions about the node's method of determining config stability and correctness, as this may change or become configurable in the future.", - "$ref": "#/definitions/io.k8s.api.core.v1.NodeConfigSource" + "proxyArguments": { + "description": "Any additional arguments to pass to the kubeproxy process", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string", + "default": "" + } + } } } }, - "io.k8s.api.core.v1.NodeDaemonEndpoints": { - "description": "NodeDaemonEndpoints lists ports opened by daemons running on the Node.", + "com.github.openshift.api.operator.v1.QuickStarts": { + "description": "QuickStarts allow cluster admins to customize available ConsoleQuickStart resources.", "type": "object", "properties": { - "kubeletEndpoint": { - "description": "Endpoint on which Kubelet is listening.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.DaemonEndpoint" + "disabled": { + "description": "disabled is a list of ConsoleQuickStart resource names that are not shown to users.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "io.k8s.api.core.v1.NodeFeatures": { - "description": "NodeFeatures describes the set of features implemented by the CRI implementation. The features contained in the NodeFeatures should depend only on the cri implementation independent of runtime handlers.", + "com.github.openshift.api.operator.v1.ReloadService": { + "description": "ReloadService allows the user to specify the services to be reloaded", "type": "object", + "required": [ + "serviceName" + ], "properties": { - "supplementalGroupsPolicy": { - "description": "SupplementalGroupsPolicy is set to true if the runtime supports SupplementalGroupsPolicy and ContainerUser.", - "type": "boolean" + "serviceName": { + "description": "serviceName is the full name (e.g. crio.service) of the service to be reloaded Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", + "type": "string", + "default": "" } } }, - "io.k8s.api.core.v1.NodeList": { - "description": "NodeList is the whole list of all Nodes which have been registered with master.", + "com.github.openshift.api.operator.v1.ResourceAttributesAccessReview": { + "description": "ResourceAttributesAccessReview defines the visibility of the perspective depending on the access review checks. `required` and `missing` can work together esp. in the case where the cluster admin wants to show another perspective to users without specific permissions. Out of `required` and `missing` atleast one property should be non-empty.", "type": "object", - "required": [ - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "items": { - "description": "List of nodes", + "missing": { + "description": "missing defines a list of permission checks. The perspective will only be shown when at least one check fails. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the required access review list.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.Node" + "$ref": "#/definitions/ResourceAttributes.v1.authorization.api.k8s.io" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - } - } - }, - "io.k8s.api.core.v1.NodeProxyOptions": { - "description": "NodeProxyOptions is the query options to a Node's proxy call.", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "path": { - "description": "Path is the URL path to use for the current proxy request to node.", - "type": "string" + "required": { + "description": "required defines a list of permission checks. The perspective will only be shown when all checks are successful. When omitted, the access review is skipped and the perspective will not be shown unless it is required to do so based on the configuration of the missing access review list.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/ResourceAttributes.v1.authorization.api.k8s.io" + } } } }, - "io.k8s.api.core.v1.NodeRuntimeHandler": { - "description": "NodeRuntimeHandler is a set of runtime handler information.", + "com.github.openshift.api.operator.v1.RestartService": { + "description": "RestartService allows the user to specify the services to be restarted", "type": "object", + "required": [ + "serviceName" + ], "properties": { - "features": { - "description": "Supported features.", - "$ref": "#/definitions/io.k8s.api.core.v1.NodeRuntimeHandlerFeatures" - }, - "name": { - "description": "Runtime handler name. Empty for the default runtime handler.", + "serviceName": { + "description": "serviceName is the full name (e.g. crio.service) of the service to be restarted Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", "type": "string", "default": "" } } }, - "io.k8s.api.core.v1.NodeRuntimeHandlerFeatures": { - "description": "NodeRuntimeHandlerFeatures is a set of features implemented by the runtime handler.", + "com.github.openshift.api.operator.v1.RouteAdmissionPolicy": { + "description": "RouteAdmissionPolicy is an admission policy for allowing new route claims.", "type": "object", "properties": { - "recursiveReadOnlyMounts": { - "description": "RecursiveReadOnlyMounts is set to true if the runtime handler supports RecursiveReadOnlyMounts.", - "type": "boolean" + "namespaceOwnership": { + "description": "namespaceOwnership describes how host name claims across namespaces should be handled.\n\nValue must be one of:\n\n- Strict: Do not allow routes in different namespaces to claim the same host.\n\n- InterNamespaceAllowed: Allow routes to claim different paths of the same\n host name across namespaces.\n\nIf empty, the default is Strict.", + "type": "string" }, - "userNamespaces": { - "description": "UserNamespaces is set to true if the runtime handler supports UserNamespaces, including for volumes.", - "type": "boolean" + "wildcardPolicy": { + "description": "wildcardPolicy describes how routes with wildcard policies should be handled for the ingress controller. WildcardPolicy controls use of routes [1] exposed by the ingress controller based on the route's wildcard policy.\n\n[1] https://github.com/openshift/api/blob/master/route/v1/types.go\n\nNote: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed will cause admitted routes with a wildcard policy of Subdomain to stop working. These routes must be updated to a wildcard policy of None to be readmitted by the ingress controller.\n\nWildcardPolicy supports WildcardsAllowed and WildcardsDisallowed values.\n\nIf empty, defaults to \"WildcardsDisallowed\".", + "type": "string" } } }, - "io.k8s.api.core.v1.NodeSelector": { - "description": "A node selector represents the union of the results of one or more label queries over a set of nodes; that is, it represents the OR of the selectors represented by the node selector terms.", + "com.github.openshift.api.operator.v1.SFlowConfig": { "type": "object", - "required": [ - "nodeSelectorTerms" - ], "properties": { - "nodeSelectorTerms": { - "description": "Required. A list of node selector terms. The terms are ORed.", + "collectors": { + "description": "sFlowCollectors is list of strings formatted as ip:port with a maximum of ten items", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorTerm" + "type": "string", + "default": "" }, "x-kubernetes-list-type": "atomic" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "io.k8s.api.core.v1.NodeSelectorRequirement": { - "description": "A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "com.github.openshift.api.operator.v1.Server": { + "description": "Server defines the schema for a server that runs per instance of CoreDNS.", "type": "object", "required": [ - "key", - "operator" + "name", + "zones", + "forwardPlugin" ], "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string", - "default": "" + "forwardPlugin": { + "description": "forwardPlugin defines a schema for configuring CoreDNS to proxy DNS messages to upstream resolvers.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ForwardPlugin" }, - "operator": { - "description": "Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.\n\nPossible enum values:\n - `\"DoesNotExist\"`\n - `\"Exists\"`\n - `\"Gt\"`\n - `\"In\"`\n - `\"Lt\"`\n - `\"NotIn\"`", + "name": { + "description": "name is required and specifies a unique name for the server. Name must comply with the Service Name Syntax of rfc6335.", "type": "string", - "default": "", - "enum": [ - "DoesNotExist", - "Exists", - "Gt", - "In", - "Lt", - "NotIn" - ] + "default": "" }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.", + "zones": { + "description": "zones is required and specifies the subdomains that Server is authoritative for. Zones must conform to the rfc1123 definition of a subdomain. Specifying the cluster domain (i.e., \"cluster.local\") is invalid.", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } } } }, - "io.k8s.api.core.v1.NodeSelectorTerm": { - "description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.", + "com.github.openshift.api.operator.v1.ServiceAccountIssuerStatus": { "type": "object", + "required": [ + "name" + ], "properties": { - "matchExpressions": { - "description": "A list of node selector requirements by node's labels.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorRequirement" - }, - "x-kubernetes-list-type": "atomic" + "expirationTime": { + "description": "expirationTime is the time after which this service account issuer will be pruned and removed from the trusted list of service account issuers.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "matchFields": { - "description": "A list of node selector requirements by node's fields.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorRequirement" - }, - "x-kubernetes-list-type": "atomic" + "name": { + "description": "name is the name of the service account issuer", + "type": "string", + "default": "" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "io.k8s.api.core.v1.NodeSpec": { - "description": "NodeSpec describes the attributes that a node is created with.", + "com.github.openshift.api.operator.v1.ServiceCA": { + "description": "ServiceCA provides information to configure an operator to manage the service cert controllers\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "spec" + ], "properties": { - "configSource": { - "description": "Deprecated: Previously used to specify the source of the node's configuration for the DynamicKubeletConfig feature. This feature is removed.", - "$ref": "#/definitions/io.k8s.api.core.v1.NodeConfigSource" - }, - "externalID": { - "description": "Deprecated. Not all kubelets will set this field. Remove field after 1.13. see: https://issues.k8s.io/61966", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "podCIDR": { - "description": "PodCIDR represents the pod IP range assigned to the node.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "podCIDRs": { - "description": "podCIDRs represents the IP ranges assigned to the node for usage by Pods on that node. If this field is specified, the 0th entry must match the podCIDR field. It may contain at most 1 value for each of IPv4 and IPv6.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set", - "x-kubernetes-patch-strategy": "merge" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "providerID": { - "description": "ID of the node assigned by the cloud provider in the format: ://", + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCASpec" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCAStatus" + } + } + }, + "com.github.openshift.api.operator.v1.ServiceCAList": { + "description": "ServiceCAList is a collection of items\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "metadata", + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "taints": { - "description": "If specified, the node's taints.", + "items": { + "description": "items contains the items", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.Taint" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCA" + } }, - "unschedulable": { - "description": "Unschedulable controls node schedulability of new pods. By default, node is schedulable. More info: https://kubernetes.io/docs/concepts/nodes/node/#manual-node-administration", - "type": "boolean" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.NodeStatus": { - "description": "NodeStatus is information about the current status of a node.", + "com.github.openshift.api.operator.v1.ServiceCASpec": { "type": "object", + "required": [ + "managementState" + ], "properties": { - "addresses": { - "description": "List of addresses reachable to the node. Queried from cloud provider, if available. More info: https://kubernetes.io/docs/reference/node/node-status/#addresses Note: This field is declared as mergeable, but the merge key is not sufficiently unique, which can cause data corruption when it is merged. Callers should instead use a full-replacement patch. See https://pr.k8s.io/79391 for an example. Consumers should assume that addresses can change during the lifetime of a Node. However, there are some exceptions where this may not be possible, such as Pods that inherit a Node's address in its own status or consumers of the downward API (status.hostIP).", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.NodeAddress" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" }, - "allocatable": { - "description": "Allocatable represents the resources of a node that are available for scheduling. Defaults to Capacity.", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" - } + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" }, - "capacity": { - "description": "Capacity represents the total resources of a node. More info: https://kubernetes.io/docs/reference/node/node-status/#capacity", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" - } + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.operator.v1.ServiceCAStatus": { + "type": "object", + "properties": { "conditions": { - "description": "Conditions is an array of current observed node conditions. More info: https://kubernetes.io/docs/reference/node/node-status/#condition", + "description": "conditions is a list of conditions and their status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.NodeCondition" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" }, "x-kubernetes-list-map-keys": [ "type" ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" - }, - "config": { - "description": "Status of the config assigned to the node via the dynamic Kubelet config feature.", - "$ref": "#/definitions/io.k8s.api.core.v1.NodeConfigStatus" - }, - "daemonEndpoints": { - "description": "Endpoints of daemons running on the Node.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.NodeDaemonEndpoints" - }, - "features": { - "description": "Features describes the set of features implemented by the CRI implementation.", - "$ref": "#/definitions/io.k8s.api.core.v1.NodeFeatures" + "x-kubernetes-list-type": "map" }, - "images": { - "description": "List of container images on this node", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ContainerImage" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" }, - "x-kubernetes-list-type": "atomic" - }, - "nodeInfo": { - "description": "Set of ids/uuids to uniquely identify the node. More info: https://kubernetes.io/docs/reference/node/node-status/#info", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.NodeSystemInfo" + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "phase": { - "description": "NodePhase is the recently observed lifecycle phase of the node. More info: https://kubernetes.io/docs/concepts/nodes/node/#phase The field is never populated, and now is deprecated.\n\nPossible enum values:\n - `\"Pending\"` means the node has been created/added by the system, but not configured.\n - `\"Running\"` means the node has been configured and has Kubernetes components running.\n - `\"Terminated\"` means the node has been removed from the cluster.", - "type": "string", - "enum": [ - "Pending", - "Running", - "Terminated" - ] + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" }, - "runtimeHandlers": { - "description": "The available runtime handlers.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.NodeRuntimeHandler" - }, - "x-kubernetes-list-type": "atomic" + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" }, - "volumesAttached": { - "description": "List of volumes that are attached to the node.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.AttachedVolume" - }, - "x-kubernetes-list-type": "atomic" + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 }, - "volumesInUse": { - "description": "List of attachable volumes in use (mounted) by the node.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "version": { + "description": "version is the level this availability applies to", + "type": "string" } } }, - "io.k8s.api.core.v1.NodeSwapStatus": { - "description": "NodeSwapStatus represents swap memory information.", + "com.github.openshift.api.operator.v1.ServiceCatalogAPIServer": { + "description": "ServiceCatalogAPIServer provides information to configure an operator to manage Service Catalog API Server DEPRECATED: will be removed in 4.6\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "spec" + ], "properties": { - "capacity": { - "description": "Total amount of swap memory in bytes.", - "type": "integer", - "format": "int64" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCatalogAPIServerSpec" + }, + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCatalogAPIServerStatus" } } }, - "io.k8s.api.core.v1.NodeSystemInfo": { - "description": "NodeSystemInfo is a set of ids/uuids to uniquely identify the node.", + "com.github.openshift.api.operator.v1.ServiceCatalogAPIServerList": { + "description": "ServiceCatalogAPIServerList is a collection of items DEPRECATED: will be removed in 4.6\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "machineID", - "systemUUID", - "bootID", - "kernelVersion", - "osImage", - "containerRuntimeVersion", - "kubeletVersion", - "kubeProxyVersion", - "operatingSystem", - "architecture" + "metadata", + "items" ], "properties": { - "architecture": { - "description": "The Architecture reported by the node", - "type": "string", - "default": "" - }, - "bootID": { - "description": "Boot ID reported by the node.", - "type": "string", - "default": "" - }, - "containerRuntimeVersion": { - "description": "ContainerRuntime Version reported by the node through runtime remote API (e.g. containerd://1.4.2).", - "type": "string", - "default": "" - }, - "kernelVersion": { - "description": "Kernel Version reported by the node from 'uname -r' (e.g. 3.16.0-0.bpo.4-amd64).", - "type": "string", - "default": "" - }, - "kubeProxyVersion": { - "description": "Deprecated: KubeProxy Version reported by the node.", - "type": "string", - "default": "" - }, - "kubeletVersion": { - "description": "Kubelet Version reported by the node.", - "type": "string", - "default": "" - }, - "machineID": { - "description": "MachineID reported by the node. For unique machine identification in the cluster this field is preferred. Learn more from man(5) machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html", - "type": "string", - "default": "" - }, - "operatingSystem": { - "description": "The Operating System reported by the node", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "osImage": { - "description": "OS Image reported by the node from /etc/os-release (e.g. Debian GNU/Linux 7 (wheezy)).", - "type": "string", - "default": "" + "items": { + "description": "items contains the items", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCatalogAPIServer" + } }, - "swap": { - "description": "Swap Info reported by the node.", - "$ref": "#/definitions/io.k8s.api.core.v1.NodeSwapStatus" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "systemUUID": { - "description": "SystemUUID reported by the node. For unique machine identification MachineID is preferred. This field is specific to Red Hat hosts https://access.redhat.com/documentation/en-us/red_hat_subscription_management/1/html/rhsm/uuid", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.ObjectFieldSelector": { - "description": "ObjectFieldSelector selects an APIVersioned field of an object.", + "com.github.openshift.api.operator.v1.ServiceCatalogAPIServerSpec": { "type": "object", "required": [ - "fieldPath" + "managementState" ], "properties": { - "apiVersion": { - "description": "Version of the schema the FieldPath is written in terms of, defaults to \"v1\".", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "fieldPath": { - "description": "Path of the field to select in the specified API version.", + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", "default": "" + }, + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "io.k8s.api.core.v1.ObjectReference": { - "description": "ObjectReference contains enough information to let you inspect or modify the referred object.", + "com.github.openshift.api.operator.v1.ServiceCatalogAPIServerStatus": { "type": "object", "properties": { - "apiVersion": { - "description": "API version of the referent.", - "type": "string" - }, - "fieldPath": { - "description": "If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: \"spec.containers{name}\" (where \"name\" refers to the name of the container that triggered the event) or if no container name is specified \"spec.containers[2]\" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.", - "type": "string" + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "kind": { - "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string" + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" }, - "namespace": { - "description": "Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/", - "type": "string" + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" }, - "resourceVersion": { - "description": "Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 }, - "uid": { - "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids", + "version": { + "description": "version is the level this availability applies to", "type": "string" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "io.k8s.api.core.v1.PersistentVolume": { - "description": "PersistentVolume (PV) is a storage resource provisioned by an administrator. It is analogous to a node. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes", + "com.github.openshift.api.operator.v1.ServiceCatalogControllerManager": { + "description": "ServiceCatalogControllerManager provides information to configure an operator to manage Service Catalog Controller Manager DEPRECATED: will be removed in 4.6\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -46181,296 +47280,407 @@ "type": "string" }, "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { - "description": "spec defines a specification of a persistent volume owned by the cluster. Provisioned by an administrator. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes", "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeSpec" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerSpec" }, "status": { - "description": "status represents the current information/status for the persistent volume. Populated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistent-volumes", "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeStatus" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerStatus" } } }, - "io.k8s.api.core.v1.PersistentVolumeClaim": { - "description": "PersistentVolumeClaim is a user's request for and claim to a persistent volume", + "com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerList": { + "description": "ServiceCatalogControllerManagerList is a collection of items DEPRECATED: will be removed in 4.6\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "description": "items contains the items", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.ServiceCatalogControllerManager" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "spec defines the desired characteristics of a volume requested by a pod author. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimSpec" - }, - "status": { - "description": "status represents the current information/status of a persistent volume claim. Read-only. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimStatus" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.PersistentVolumeClaimCondition": { - "description": "PersistentVolumeClaimCondition contains details about state of pvc", + "com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerSpec": { "type": "object", "required": [ - "type", - "status" + "managementState" ], "properties": { - "lastProbeTime": { - "description": "lastProbeTime is the time we probed the condition.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "lastTransitionTime": { - "description": "lastTransitionTime is the time the condition transitioned from one status to another.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "message": { - "description": "message is the human-readable message indicating details about last transition.", - "type": "string" - }, - "reason": { - "description": "reason is a unique, this should be a short, machine understandable string that gives the reason for condition's last transition. If it reports \"Resizing\" that means the underlying persistent volume is being resized.", + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "status": { - "description": "Status is the status of the condition. Can be True, False, Unknown. More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=state%20of%20pvc-,conditions.status,-(string)%2C%20required", + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", "default": "" }, - "type": { - "description": "Type is the type of the condition. More info: https://kubernetes.io/docs/reference/kubernetes-api/config-and-storage-resources/persistent-volume-claim-v1/#:~:text=set%20to%20%27ResizeStarted%27.-,PersistentVolumeClaimCondition,-contains%20details%20about", - "type": "string", - "default": "" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.PersistentVolumeClaimList": { - "description": "PersistentVolumeClaimList is a list of PersistentVolumeClaim items.", + "com.github.openshift.api.operator.v1.ServiceCatalogControllerManagerStatus": { "type": "object", - "required": [ - "items" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "items": { - "description": "items is a list of persistent volume claims. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaim" - } + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" + }, + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" + }, + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" + }, + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.SimpleMacvlanConfig": { + "description": "SimpleMacvlanConfig contains configurations for macvlan interface.", + "type": "object", + "properties": { + "ipamConfig": { + "description": "ipamConfig configures IPAM module will be used for IP Address Management (IPAM).", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPAMConfig" }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "master": { + "description": "master is the host interface to create the macvlan interface from. If not specified, it will be default route interface", + "type": "string" + }, + "mode": { + "description": "mode is the macvlan mode: bridge, private, vepa, passthru. The default is bridge", + "type": "string" + }, + "mtu": { + "description": "mtu is the mtu to use for the macvlan interface. if unset, host's kernel will select the value.", + "type": "integer", + "format": "int64" } } }, - "io.k8s.api.core.v1.PersistentVolumeClaimSpec": { - "description": "PersistentVolumeClaimSpec describes the common attributes of storage devices and allows a Source for provider-specific attributes", + "com.github.openshift.api.operator.v1.StaticIPAMAddresses": { + "description": "StaticIPAMAddresses provides IP address and Gateway for static IPAM addresses", "type": "object", "properties": { - "accessModes": { - "description": "accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "address": { + "description": "address is the IP address in CIDR format", + "type": "string", + "default": "" + }, + "gateway": { + "description": "gateway is IP inside of subnet to designate as the gateway", + "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.StaticIPAMConfig": { + "description": "StaticIPAMConfig contains configurations for static IPAM (IP Address Management)", + "type": "object", + "properties": { + "addresses": { + "description": "addresses configures IP address for the interface", "type": "array", "items": { - "type": "string", - "default": "", - "enum": [ - "ReadOnlyMany", - "ReadWriteMany", - "ReadWriteOnce", - "ReadWriteOncePod" - ] + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.StaticIPAMAddresses" }, "x-kubernetes-list-type": "atomic" }, - "dataSource": { - "description": "dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource.", - "$ref": "#/definitions/io.k8s.api.core.v1.TypedLocalObjectReference" + "dns": { + "description": "dns configures DNS for the interface", + "$ref": "#/definitions/com.github.openshift.api.operator.v1.StaticIPAMDNS" }, - "dataSourceRef": { - "description": "dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef\n allows any non-core object, as well as PersistentVolumeClaim objects.\n* While dataSource ignores disallowed values (dropping them), dataSourceRef\n preserves all values, and generates an error if a disallowed value is\n specified.\n* While dataSource only allows local objects, dataSourceRef allows objects\n in any namespaces.\n(Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "$ref": "#/definitions/io.k8s.api.core.v1.TypedObjectReference" + "routes": { + "description": "routes configures IP routes for the interface", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.StaticIPAMRoutes" + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "com.github.openshift.api.operator.v1.StaticIPAMDNS": { + "description": "StaticIPAMDNS provides DNS related information for static IPAM", + "type": "object", + "properties": { + "domain": { + "description": "domain configures the domainname the local domain used for short hostname lookups", + "type": "string" }, - "resources": { - "description": "resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.VolumeResourceRequirements" + "nameservers": { + "description": "nameservers points DNS servers for IP lookup", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" }, - "selector": { - "description": "selector is a label query over volumes to consider for binding.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + "search": { + "description": "search configures priority ordered search domains for short hostname lookups", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "com.github.openshift.api.operator.v1.StaticIPAMRoutes": { + "description": "StaticIPAMRoutes provides Destination/Gateway pairs for static IPAM routes", + "type": "object", + "required": [ + "destination" + ], + "properties": { + "destination": { + "description": "destination points the IP route destination", + "type": "string", + "default": "" }, - "storageClassName": { - "description": "storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1", + "gateway": { + "description": "gateway is the route's next-hop IP address If unset, a default gateway is assumed (as determined by the CNI plugin).", "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.StaticPodOperatorSpec": { + "description": "StaticPodOperatorSpec is spec for controllers that manage static pods.", + "type": "object", + "required": [ + "managementState", + "forceRedeploymentReason" + ], + "properties": { + "failedRevisionLimit": { + "description": "failedRevisionLimit is the number of failed static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", + "type": "integer", + "format": "int32" }, - "volumeAttributesClassName": { - "description": "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim. If specified, the CSI driver will create or update the volume with the attributes defined in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName, it can be changed after the claim is created. An empty string or nil value indicates that no VolumeAttributesClass will be applied to the claim. If the claim enters an Infeasible error state, this field can be reset to its previous value (including nil) to cancel the modification. If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource exists. More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/", + "forceRedeploymentReason": { + "description": "forceRedeploymentReason can be used to force the redeployment of the operand by providing a unique string. This provides a mechanism to kick a previously failed deployment and provide a reason why you think it will work this time instead of failing again on the same config.", + "type": "string", + "default": "" + }, + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "volumeMode": { - "description": "volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec.\n\nPossible enum values:\n - `\"Block\"` means the volume will not be formatted with a filesystem and will remain a raw block device.\n - `\"Filesystem\"` means the volume will be or is formatted with a filesystem.", + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", - "enum": [ - "Block", - "Filesystem" - ] + "default": "" }, - "volumeName": { - "description": "volumeName is the binding reference to the PersistentVolume backing this claim.", + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + }, + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" + }, + "succeededRevisionLimit": { + "description": "succeededRevisionLimit is the number of successful static pod installer revisions to keep on disk and in the api -1 = unlimited, 0 or unset = 5 (default)", + "type": "integer", + "format": "int32" + }, + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.PersistentVolumeClaimStatus": { - "description": "PersistentVolumeClaimStatus is the current status of a persistent volume claim.", + "com.github.openshift.api.operator.v1.StaticPodOperatorStatus": { + "description": "StaticPodOperatorStatus is status for controllers that manage static pods. There are different needs because individual node status must be tracked.", "type": "object", "properties": { - "accessModes": { - "description": "accessModes contains the actual access modes the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1", + "conditions": { + "description": "conditions is a list of conditions and their status", "type": "array", "items": { - "type": "string", - "default": "", - "enum": [ - "ReadOnlyMany", - "ReadWriteMany", - "ReadWriteOnce", - "ReadWriteOncePod" - ] + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "allocatedResourceStatuses": { - "description": "allocatedResourceStatuses stores status of resource being resized for the given PVC. Key names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.\n\nClaimResourceStatus can be in any of following states:\n\t- ControllerResizeInProgress:\n\t\tState set when resize controller starts resizing the volume in control-plane.\n\t- ControllerResizeFailed:\n\t\tState set when resize has failed in resize controller with a terminal error.\n\t- NodeResizePending:\n\t\tState set when resize controller has finished resizing the volume but further resizing of\n\t\tvolume is needed on the node.\n\t- NodeResizeInProgress:\n\t\tState set when kubelet starts resizing the volume.\n\t- NodeResizeFailed:\n\t\tState set when resizing has failed in kubelet with a terminal error. Transient errors don't set\n\t\tNodeResizeFailed.\nFor example: if expanding a PVC for more capacity - this field can be one of the following states:\n\t- pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"ControllerResizeFailed\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizePending\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeInProgress\"\n - pvc.status.allocatedResourceStatus['storage'] = \"NodeResizeFailed\"\nWhen this field is not set, it means that no resize operation is in progress for the given PVC.\n\nA controller that receives PVC update with previously unknown resourceName or ClaimResourceStatus should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "", - "enum": [ - "ControllerResizeInProgress", - "ControllerResizeInfeasible", - "NodeResizeInProgress", - "NodeResizeInfeasible", - "NodeResizePending" - ] + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" }, - "x-kubernetes-map-type": "granular" + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "allocatedResources": { - "description": "allocatedResources tracks the resources allocated to a PVC including its capacity. Key names follow standard Kubernetes label syntax. Valid values are either:\n\t* Un-prefixed keys:\n\t\t- storage - the capacity of the volume.\n\t* Custom resources must use implementation-defined prefixed names such as \"example.com/my-custom-resource\"\nApart from above values - keys that are unprefixed or have kubernetes.io prefix are considered reserved and hence may not be used.\n\nCapacity reported here may be larger than the actual capacity when a volume expansion operation is requested. For storage quota, the larger value from allocatedResources and PVC.spec.resources is used. If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation. If a volume expansion capacity request is lowered, allocatedResources is only lowered if there are no expansion operations in progress and if the actual volume capacity is equal or lower than the requested capacity.\n\nA controller that receives PVC update with previously unknown resourceName should ignore the update for the purpose it was designed. For example - a controller that only is responsible for resizing capacity of the volume, should ignore PVC updates that change other valid resources associated with PVC.\n\nThis is an alpha field and requires enabling RecoverVolumeExpansionFailure feature.", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" - } + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" }, - "capacity": { - "description": "capacity represents the actual resources of the underlying volume.", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" - } + "latestAvailableRevisionReason": { + "description": "latestAvailableRevisionReason describe the detailed reason for the most recent deployment", + "type": "string" }, - "conditions": { - "description": "conditions is the current Condition of persistent volume claim. If underlying persistent volume is being resized then the Condition will be set to 'Resizing'.", + "nodeStatuses": { + "description": "nodeStatuses track the deployment values and errors across individual nodes", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimCondition" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.NodeStatus" }, "x-kubernetes-list-map-keys": [ - "type" + "nodeName" ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + "x-kubernetes-list-type": "map" }, - "currentVolumeAttributesClassName": { - "description": "currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using. When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaim", - "type": "string" + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" }, - "modifyVolumeStatus": { - "description": "ModifyVolumeStatus represents the status object of ControllerModifyVolume operation. When this is unset, there is no ModifyVolume operation being attempted.", - "$ref": "#/definitions/io.k8s.api.core.v1.ModifyVolumeStatus" + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 }, - "phase": { - "description": "phase represents the current phase of PersistentVolumeClaim.\n\nPossible enum values:\n - `\"Bound\"` used for PersistentVolumeClaims that are bound\n - `\"Lost\"` used for PersistentVolumeClaims that lost their underlying PersistentVolume. The claim was bound to a PersistentVolume and this volume does not exist any longer and all data on it was lost.\n - `\"Pending\"` used for PersistentVolumeClaims that are not yet bound", - "type": "string", - "enum": [ - "Bound", - "Lost", - "Pending" - ] + "version": { + "description": "version is the level this availability applies to", + "type": "string" } } }, - "io.k8s.api.core.v1.PersistentVolumeClaimTemplate": { - "description": "PersistentVolumeClaimTemplate is used to produce PersistentVolumeClaim objects as part of an EphemeralVolumeSource.", + "com.github.openshift.api.operator.v1.StatuspageProvider": { + "description": "StatuspageProvider provides identity for statuspage account.", "type": "object", "required": [ - "spec" + "pageID" ], "properties": { - "metadata": { - "description": "May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation.", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimSpec" + "pageID": { + "description": "pageID is the unique ID assigned by Statuspage for your page. This must be a public page.", + "type": "string", + "default": "" } } }, - "io.k8s.api.core.v1.PersistentVolumeClaimVolumeSource": { - "description": "PersistentVolumeClaimVolumeSource references the user's PVC in the same namespace. This volume finds the bound PV and mounts that volume for the pod. A PersistentVolumeClaimVolumeSource is, essentially, a wrapper around another type of volume that is owned by someone else (the system).", + "com.github.openshift.api.operator.v1.Storage": { + "description": "Storage provides a means to configure an operator to manage the cluster storage operator. `cluster` is the canonical name.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "claimName" + "spec" ], "properties": { - "claimName": { - "description": "claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "readOnly": { - "description": "readOnly Will force the ReadOnly setting in VolumeMounts. Default false.", - "type": "boolean" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.StorageSpec" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.StorageStatus" } } }, - "io.k8s.api.core.v1.PersistentVolumeList": { - "description": "PersistentVolumeList is a list of PersistentVolume items.", + "com.github.openshift.api.operator.v1.StorageList": { + "description": "StorageList contains a list of Storages.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "items" @@ -46481,11 +47691,10 @@ "type": "string" }, "items": { - "description": "items is a list of persistent volumes. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolume" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Storage" } }, "kind": { @@ -46493,572 +47702,371 @@ "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.PersistentVolumeSource": { - "description": "PersistentVolumeSource is similar to VolumeSource but meant for the administrator who creates PVs. Exactly one of its members must be set.", + "com.github.openshift.api.operator.v1.StorageSpec": { + "description": "StorageSpec is the specification of the desired behavior of the cluster storage operator.", "type": "object", + "required": [ + "managementState" + ], "properties": { - "awsElasticBlockStore": { - "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "$ref": "#/definitions/io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource" - }, - "azureDisk": { - "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver.", - "$ref": "#/definitions/io.k8s.api.core.v1.AzureDiskVolumeSource" - }, - "azureFile": { - "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver.", - "$ref": "#/definitions/io.k8s.api.core.v1.AzureFilePersistentVolumeSource" - }, - "cephfs": { - "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.CephFSPersistentVolumeSource" - }, - "cinder": { - "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "$ref": "#/definitions/io.k8s.api.core.v1.CinderPersistentVolumeSource" - }, - "csi": { - "description": "csi represents storage that is handled by an external CSI driver.", - "$ref": "#/definitions/io.k8s.api.core.v1.CSIPersistentVolumeSource" - }, - "fc": { - "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", - "$ref": "#/definitions/io.k8s.api.core.v1.FCVolumeSource" - }, - "flexVolume": { - "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", - "$ref": "#/definitions/io.k8s.api.core.v1.FlexPersistentVolumeSource" - }, - "flocker": { - "description": "flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.FlockerVolumeSource" - }, - "gcePersistentDisk": { - "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "$ref": "#/definitions/io.k8s.api.core.v1.GCEPersistentDiskVolumeSource" - }, - "glusterfs": { - "description": "glusterfs represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md", - "$ref": "#/definitions/io.k8s.api.core.v1.GlusterfsPersistentVolumeSource" - }, - "hostPath": { - "description": "hostPath represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "$ref": "#/definitions/io.k8s.api.core.v1.HostPathVolumeSource" - }, - "iscsi": { - "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin.", - "$ref": "#/definitions/io.k8s.api.core.v1.ISCSIPersistentVolumeSource" - }, - "local": { - "description": "local represents directly-attached storage with node affinity", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalVolumeSource" - }, - "nfs": { - "description": "nfs represents an NFS mount on the host. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "$ref": "#/definitions/io.k8s.api.core.v1.NFSVolumeSource" - }, - "photonPersistentDisk": { - "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource" - }, - "portworxVolume": { - "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on.", - "$ref": "#/definitions/io.k8s.api.core.v1.PortworxVolumeSource" + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" }, - "quobyte": { - "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.QuobyteVolumeSource" + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" }, - "rbd": { - "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md", - "$ref": "#/definitions/io.k8s.api.core.v1.RBDPersistentVolumeSource" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" }, - "scaleIO": { - "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.ScaleIOPersistentVolumeSource" + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" }, - "storageos": { - "description": "storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. More info: https://examples.k8s.io/volumes/storageos/README.md", - "$ref": "#/definitions/io.k8s.api.core.v1.StorageOSPersistentVolumeSource" + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" }, - "vsphereVolume": { - "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver.", - "$ref": "#/definitions/io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource" + "vsphereStorageDriver": { + "description": "vsphereStorageDriver indicates the storage driver to use on VSphere clusters. Once this field is set to CSIWithMigrationDriver, it can not be changed. If this is empty, the platform will choose a good default, which may change over time without notice. The current default is CSIWithMigrationDriver and may not be changed. DEPRECATED: This field will be removed in a future release.", + "type": "string", + "default": "" } } }, - "io.k8s.api.core.v1.PersistentVolumeSpec": { - "description": "PersistentVolumeSpec is the specification of a persistent volume.", + "com.github.openshift.api.operator.v1.StorageStatus": { + "description": "StorageStatus defines the observed status of the cluster storage operator.", "type": "object", "properties": { - "accessModes": { - "description": "accessModes contains all ways the volume can be mounted. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes", + "conditions": { + "description": "conditions is a list of conditions and their status", "type": "array", "items": { - "type": "string", - "default": "", - "enum": [ - "ReadOnlyMany", - "ReadWriteMany", - "ReadWriteOnce", - "ReadWriteOncePod" - ] + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" }, - "x-kubernetes-list-type": "atomic" - }, - "awsElasticBlockStore": { - "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "$ref": "#/definitions/io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource" - }, - "azureDisk": { - "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver.", - "$ref": "#/definitions/io.k8s.api.core.v1.AzureDiskVolumeSource" - }, - "azureFile": { - "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver.", - "$ref": "#/definitions/io.k8s.api.core.v1.AzureFilePersistentVolumeSource" - }, - "capacity": { - "description": "capacity is the description of the persistent volume's resources and capacity. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#capacity", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" - } - }, - "cephfs": { - "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.CephFSPersistentVolumeSource" - }, - "cinder": { - "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "$ref": "#/definitions/io.k8s.api.core.v1.CinderPersistentVolumeSource" - }, - "claimRef": { - "description": "claimRef is part of a bi-directional binding between PersistentVolume and PersistentVolumeClaim. Expected to be non-nil when bound. claim.VolumeName is the authoritative bind between PV and PVC. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#binding", - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference", - "x-kubernetes-map-type": "granular" - }, - "csi": { - "description": "csi represents storage that is handled by an external CSI driver.", - "$ref": "#/definitions/io.k8s.api.core.v1.CSIPersistentVolumeSource" - }, - "fc": { - "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", - "$ref": "#/definitions/io.k8s.api.core.v1.FCVolumeSource" - }, - "flexVolume": { - "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", - "$ref": "#/definitions/io.k8s.api.core.v1.FlexPersistentVolumeSource" - }, - "flocker": { - "description": "flocker represents a Flocker volume attached to a kubelet's host machine and exposed to the pod for its usage. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.FlockerVolumeSource" - }, - "gcePersistentDisk": { - "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "$ref": "#/definitions/io.k8s.api.core.v1.GCEPersistentDiskVolumeSource" - }, - "glusterfs": { - "description": "glusterfs represents a Glusterfs volume that is attached to a host and exposed to the pod. Provisioned by an admin. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported. More info: https://examples.k8s.io/volumes/glusterfs/README.md", - "$ref": "#/definitions/io.k8s.api.core.v1.GlusterfsPersistentVolumeSource" - }, - "hostPath": { - "description": "hostPath represents a directory on the host. Provisioned by a developer or tester. This is useful for single-node development and testing only! On-host storage is not supported in any way and WILL NOT WORK in a multi-node cluster. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "$ref": "#/definitions/io.k8s.api.core.v1.HostPathVolumeSource" - }, - "iscsi": { - "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Provisioned by an admin.", - "$ref": "#/definitions/io.k8s.api.core.v1.ISCSIPersistentVolumeSource" - }, - "local": { - "description": "local represents directly-attached storage with node affinity", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalVolumeSource" + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "mountOptions": { - "description": "mountOptions is the list of mount options, e.g. [\"ro\", \"soft\"]. Not validated - mount will simply fail if one is invalid. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#mount-options", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" }, - "x-kubernetes-list-type": "atomic" - }, - "nfs": { - "description": "nfs represents an NFS mount on the host. Provisioned by an admin. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "$ref": "#/definitions/io.k8s.api.core.v1.NFSVolumeSource" - }, - "nodeAffinity": { - "description": "nodeAffinity defines constraints that limit what nodes this volume can be accessed from. This field influences the scheduling of pods that use this volume.", - "$ref": "#/definitions/io.k8s.api.core.v1.VolumeNodeAffinity" - }, - "persistentVolumeReclaimPolicy": { - "description": "persistentVolumeReclaimPolicy defines what happens to a persistent volume when released from its claim. Valid options are Retain (default for manually created PersistentVolumes), Delete (default for dynamically provisioned PersistentVolumes), and Recycle (deprecated). Recycle must be supported by the volume plugin underlying this PersistentVolume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#reclaiming\n\nPossible enum values:\n - `\"Delete\"` means the volume will be deleted from Kubernetes on release from its claim. The volume plugin must support Deletion.\n - `\"Recycle\"` means the volume will be recycled back into the pool of unbound persistent volumes on release from its claim. The volume plugin must support Recycling.\n - `\"Retain\"` means the volume will be left in its current phase (Released) for manual reclamation by the administrator. The default policy is Retain.", - "type": "string", - "enum": [ - "Delete", - "Recycle", - "Retain" - ] - }, - "photonPersistentDisk": { - "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource" - }, - "portworxVolume": { - "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on.", - "$ref": "#/definitions/io.k8s.api.core.v1.PortworxVolumeSource" + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "quobyte": { - "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.QuobyteVolumeSource" + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" }, - "rbd": { - "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported. More info: https://examples.k8s.io/volumes/rbd/README.md", - "$ref": "#/definitions/io.k8s.api.core.v1.RBDPersistentVolumeSource" + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" }, - "scaleIO": { - "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.ScaleIOPersistentVolumeSource" + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 }, - "storageClassName": { - "description": "storageClassName is the name of StorageClass to which this persistent volume belongs. Empty value means that this volume does not belong to any StorageClass.", + "version": { + "description": "version is the level this availability applies to", "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1.SyslogLoggingDestinationParameters": { + "description": "SyslogLoggingDestinationParameters describes parameters for the Syslog logging destination type.", + "type": "object", + "required": [ + "address", + "port" + ], + "properties": { + "address": { + "description": "address is the IP address of the syslog endpoint that receives log messages.", + "type": "string", + "default": "" }, - "storageos": { - "description": "storageOS represents a StorageOS volume that is attached to the kubelet's host machine and mounted into the pod. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported. More info: https://examples.k8s.io/volumes/storageos/README.md", - "$ref": "#/definitions/io.k8s.api.core.v1.StorageOSPersistentVolumeSource" - }, - "volumeAttributesClassName": { - "description": "Name of VolumeAttributesClass to which this persistent volume belongs. Empty value is not allowed. When this field is not set, it indicates that this volume does not belong to any VolumeAttributesClass. This field is mutable and can be changed by the CSI driver after a volume has been updated successfully to a new class. For an unbound PersistentVolume, the volumeAttributesClassName will be matched with unbound PersistentVolumeClaims during the binding process.", + "facility": { + "description": "facility specifies the syslog facility of log messages.\n\nIf this field is empty, the facility is \"local1\".", "type": "string" }, - "volumeMode": { - "description": "volumeMode defines if a volume is intended to be used with a formatted filesystem or to remain in raw block state. Value of Filesystem is implied when not included in spec.\n\nPossible enum values:\n - `\"Block\"` means the volume will not be formatted with a filesystem and will remain a raw block device.\n - `\"Filesystem\"` means the volume will be or is formatted with a filesystem.", - "type": "string", - "enum": [ - "Block", - "Filesystem" - ] + "maxLength": { + "description": "maxLength is the maximum length of the log message.\n\nValid values are integers in the range 480 to 4096, inclusive.\n\nWhen omitted, the default value is 1024.", + "type": "integer", + "format": "int64" }, - "vsphereVolume": { - "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver.", - "$ref": "#/definitions/io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource" + "port": { + "description": "port is the UDP port number of the syslog endpoint that receives log messages.", + "type": "integer", + "format": "int64", + "default": 0 } } }, - "io.k8s.api.core.v1.PersistentVolumeStatus": { - "description": "PersistentVolumeStatus is the current status of a persistent volume.", + "com.github.openshift.api.operator.v1.Theme": { + "description": "Theme defines a theme mode for the console UI.", "type": "object", + "required": [ + "mode", + "source" + ], "properties": { - "lastPhaseTransitionTime": { - "description": "lastPhaseTransitionTime is the time the phase transitioned from one to another and automatically resets to current time everytime a volume phase transitions.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "message": { - "description": "message is a human-readable message indicating details about why the volume is in this state.", - "type": "string" - }, - "phase": { - "description": "phase indicates if a volume is available, bound to a claim, or released by a claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#phase\n\nPossible enum values:\n - `\"Available\"` used for PersistentVolumes that are not yet bound Available volumes are held by the binder and matched to PersistentVolumeClaims\n - `\"Bound\"` used for PersistentVolumes that are bound\n - `\"Failed\"` used for PersistentVolumes that failed to be correctly recycled or deleted after being released from a claim\n - `\"Pending\"` used for PersistentVolumes that are not available\n - `\"Released\"` used for PersistentVolumes where the bound PersistentVolumeClaim was deleted released volumes must be recycled before becoming available again this phase is used by the persistent volume claim binder to signal to another process to reclaim the resource", + "mode": { + "description": "mode is used to specify what theme mode a logo will apply to in the console UI. mode is a required field that allows values of Dark and Light. When set to Dark, the logo file referenced in the 'file' field will be used when an end-user of the console UI enables the Dark mode. When set to Light, the logo file referenced in the 'file' field will be used when an end-user of the console UI enables the Light mode.\n\nPossible enum values:\n - `\"Dark\"` represents the dark mode for a console theme.\n - `\"Light\"` represents the light mode for a console theme.", "type": "string", + "default": "", "enum": [ - "Available", - "Bound", - "Failed", - "Pending", - "Released" + "Dark", + "Light" ] }, - "reason": { - "description": "reason is a brief CamelCase string that describes any failure and is meant for machine parsing and tidy display in the CLI.", - "type": "string" + "source": { + "description": "source is used by the console to locate the specified file containing a custom logo. source is a required field that references a ConfigMap name and key that contains the custom logo file in the openshift-config namespace. You can create it with a command like: - 'oc create configmap custom-logos-config --namespace=openshift-config --from-file=/path/to/file' The ConfigMap key must include the file extension so that the console serves the file with the correct MIME type. The recommended file format for the Masthead and Favicon logos is SVG, but other file formats are allowed if supported by the browser. The logo image size must be less than 1 MB due to constraints on the ConfigMap size. For more information, see the documentation: https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/web_console/customizing-web-console#customizing-web-console", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.FileReferenceSource" } } }, - "io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource": { - "description": "Represents a Photon Controller persistent disk resource.", + "com.github.openshift.api.operator.v1.Upstream": { + "description": "Upstream can either be of type SystemResolvConf, or of type Network.\n\n - For an Upstream of type SystemResolvConf, no further fields are necessary:\n The upstream will be configured to use /etc/resolv.conf.\n - For an Upstream of type Network, a NetworkResolver field needs to be defined\n with an IP address or IP:port if the upstream listens on a port other than 53.", "type": "object", "required": [ - "pdID" + "type" ], "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "address": { + "description": "address must be defined when Type is set to Network. It will be ignored otherwise. It must be a valid ipv4 or ipv6 address.", "type": "string" }, - "pdID": { - "description": "pdID is the ID that identifies Photon Controller persistent disk", + "port": { + "description": "port may be defined when Type is set to Network. It will be ignored otherwise. Port must be between 65535", + "type": "integer", + "format": "int64" + }, + "type": { + "description": "type defines whether this upstream contains an IP/IP:port resolver or the local /etc/resolv.conf. Type accepts 2 possible values: SystemResolvConf or Network.\n\n* When SystemResolvConf is used, the Upstream structure does not require any further fields to be defined:\n /etc/resolv.conf will be used\n* When Network is used, the Upstream structure must contain at least an Address", "type": "string", "default": "" } } }, - "io.k8s.api.core.v1.Pod": { - "description": "Pod is a collection of containers that can run on a host. This resource is created by clients and scheduled onto hosts.", + "com.github.openshift.api.operator.v1.UpstreamResolvers": { + "description": "UpstreamResolvers defines a schema for configuring the CoreDNS forward plugin in the specific case of the default (\".\") server. It defers from ForwardPlugin in the default values it accepts: * At least one upstream should be specified. * the default policy is Sequential", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "policy": { + "description": "policy is used to determine the order in which upstream servers are selected for querying. Any one of the following values may be specified:\n\n* \"Random\" picks a random upstream server for each query. * \"RoundRobin\" picks upstream servers in a round-robin order, moving to the next server for each new query. * \"Sequential\" tries querying upstream servers in a sequential order until one responds, starting with the first server for each new query.\n\nThe default value is \"Sequential\"", "type": "string" }, - "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PodSpec" + "protocolStrategy": { + "description": "protocolStrategy specifies the protocol to use for upstream DNS requests. Valid values for protocolStrategy are \"TCP\" and omitted. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is to use the protocol of the original client request. \"TCP\" specifies that the platform should use TCP for all upstream DNS requests, even if the client request uses UDP. \"TCP\" is useful for UDP-specific issues such as those created by non-compliant upstream resolvers, but may consume more bandwidth or increase DNS response time. Note that protocolStrategy only affects the protocol of DNS requests that CoreDNS makes to upstream resolvers. It does not affect the protocol of DNS requests between clients and CoreDNS.", + "type": "string", + "default": "" }, - "status": { - "description": "Most recently observed status of the pod. This data may not be up to date. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "transportConfig": { + "description": "transportConfig is used to configure the transport type, server name, and optional custom CA or CA bundle to use when forwarding DNS requests to an upstream resolver.\n\nThe default value is \"\" (empty) which results in a standard cleartext connection being used when forwarding DNS requests to an upstream resolver.", "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PodStatus" - } - } - }, - "io.k8s.api.core.v1.PodAffinity": { - "description": "Pod affinity is a group of inter pod affinity scheduling rules.", - "type": "object", - "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding \"weight\" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.WeightedPodAffinityTerm" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.DNSTransportConfig" }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", + "upstreams": { + "description": "upstreams is a list of resolvers to forward name queries for the \".\" domain. Each instance of CoreDNS performs health checking of Upstreams. When a healthy upstream returns an error during the exchange, another resolver is tried from Upstreams. The Upstreams are selected in the order specified in Policy.\n\nA maximum of 15 upstreams is allowed per ForwardPlugin. If no Upstreams are specified, /etc/resolv.conf is used by default", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PodAffinityTerm" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.Upstream" + } } } }, - "io.k8s.api.core.v1.PodAffinityTerm": { - "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running", + "com.github.openshift.api.operator.v1.VSphereCSIDriverConfigSpec": { + "description": "VSphereCSIDriverConfigSpec defines properties that can be configured for vsphere CSI driver.", "type": "object", - "required": [ - "topologyKey" - ], "properties": { - "labelSelector": { - "description": "A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + "globalMaxSnapshotsPerBlockVolume": { + "description": "globalMaxSnapshotsPerBlockVolume is a global configuration parameter that applies to volumes on all kinds of datastores. If omitted, the platform chooses a default, which is subject to change over time, currently that default is 3. Snapshots can not be disabled using this parameter. Increasing number of snapshots above 3 can have negative impact on performance, for more details see: https://kb.vmware.com/s/article/1025279 Volume snapshot documentation: https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/3.0/vmware-vsphere-csp-getting-started/GUID-E0B41C69-7EEB-450F-A73D-5FD2FF39E891.html", + "type": "integer", + "format": "int64" }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both matchLabelKeys and labelSelector. Also, matchLabelKeys cannot be set when labelSelector isn't set.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "granularMaxSnapshotsPerBlockVolumeInVSAN": { + "description": "granularMaxSnapshotsPerBlockVolumeInVSAN is a granular configuration parameter on vSAN datastore only. It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. Snapshots for VSAN can not be disabled using this parameter.", + "type": "integer", + "format": "int64" }, - "mismatchLabelKeys": { - "description": "MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. Also, mismatchLabelKeys cannot be set when labelSelector isn't set.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "granularMaxSnapshotsPerBlockVolumeInVVOL": { + "description": "granularMaxSnapshotsPerBlockVolumeInVVOL is a granular configuration parameter on Virtual Volumes datastore only. It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. Snapshots for VVOL can not be disabled using this parameter.", + "type": "integer", + "format": "int64" }, - "namespaceSelector": { - "description": "A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means \"this pod's namespace\". An empty selector ({}) matches all namespaces.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" + "maxAllowedBlockVolumesPerNode": { + "description": "maxAllowedBlockVolumesPerNode is an optional configuration parameter that allows setting a custom value for the limit of the number of PersistentVolumes attached to a node. In vSphere version 7 this limit was set to 59 by default, however in vSphere version 8 this limit was increased to 255. Before increasing this value above 59 the cluster administrator needs to ensure that every node forming the cluster is updated to ESXi version 8 or higher and that all nodes are running the same version. The limit must be between 1 and 255, which matches the vSphere version 8 maximum. When omitted, this means no opinion and the platform is left to choose a reasonable default, which is subject to change over time. The current default is 59, which matches the limit for vSphere version 7.", + "type": "integer", + "format": "int32" }, - "namespaces": { - "description": "namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means \"this pod's namespace\".", + "topologyCategories": { + "description": "topologyCategories indicates tag categories with which vcenter resources such as hostcluster or datacenter were tagged with. If cluster Infrastructure object has a topology, values specified in Infrastructure object will be used and modifications to topologyCategories will be rejected.", "type": "array", "items": { "type": "string", "default": "" }, "x-kubernetes-list-type": "atomic" - }, - "topologyKey": { - "description": "This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed.", - "type": "string", - "default": "" } } }, - "io.k8s.api.core.v1.PodAntiAffinity": { - "description": "Pod anti affinity is a group of inter pod anti affinity scheduling rules.", + "com.github.openshift.api.operator.v1alpha1.BackupJobReference": { + "description": "BackupJobReference holds a reference to the batch/v1 Job created to run the etcd backup", "type": "object", + "required": [ + "namespace", + "name" + ], "properties": { - "preferredDuringSchedulingIgnoredDuringExecution": { - "description": "The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and subtracting \"weight\" from the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.WeightedPodAffinityTerm" - }, - "x-kubernetes-list-type": "atomic" + "name": { + "description": "name is the name of the Job. Required", + "type": "string", + "default": "" }, - "requiredDuringSchedulingIgnoredDuringExecution": { - "description": "If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PodAffinityTerm" - }, - "x-kubernetes-list-type": "atomic" + "namespace": { + "description": "namespace is the namespace of the Job. this is always expected to be \"openshift-etcd\" since the user provided PVC is also required to be in \"openshift-etcd\" Required", + "type": "string", + "default": "" } } }, - "io.k8s.api.core.v1.PodAttachOptions": { - "description": "PodAttachOptions is the query options to a Pod's remote attach call.", + "com.github.openshift.api.operator.v1alpha1.ClusterAPI": { + "description": "ClusterAPI provides configuration for the capi-operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "metadata", + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "container": { - "description": "The container in which to execute the command. Defaults to only container if there is only one container in the pod.", - "type": "string" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "stderr": { - "description": "Stderr if true indicates that stderr is to be redirected for the attach call. Defaults to true.", - "type": "boolean" - }, - "stdin": { - "description": "Stdin if true, redirects the standard input stream of the pod for this call. Defaults to false.", - "type": "boolean" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "stdout": { - "description": "Stdout if true indicates that stdout is to be redirected for the attach call. Defaults to true.", - "type": "boolean" + "spec": { + "description": "spec is the specification of the desired behavior of the capi-operator.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterAPISpec" }, - "tty": { - "description": "TTY if true indicates that a tty will be allocated for the attach call. This is passed through the container runtime so the tty is allocated on the worker node by the container runtime. Defaults to false.", - "type": "boolean" + "status": { + "description": "status defines the observed status of the capi-operator.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterAPIStatus" } } }, - "io.k8s.api.core.v1.PodCertificateProjection": { - "description": "PodCertificateProjection provides a private key and X.509 certificate in the pod filesystem.", + "com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponent": { + "description": "ClusterAPIInstallerComponent defines a component which will be installed by this revision.", "type": "object", "required": [ - "signerName", - "keyType" + "type" ], "properties": { - "certificateChainPath": { - "description": "Write the certificate chain at this path in the projected volume.\n\nMost applications should use credentialBundlePath. When using keyPath and certificateChainPath, your application needs to check that the key and leaf certificate are consistent, because it is possible to read the files mid-rotation.", - "type": "string" - }, - "credentialBundlePath": { - "description": "Write the credential bundle at this path in the projected volume.\n\nThe credential bundle is a single file that contains multiple PEM blocks. The first PEM block is a PRIVATE KEY block, containing a PKCS#8 private key.\n\nThe remaining blocks are CERTIFICATE blocks, containing the issued certificate chain from the signer (leaf and any intermediates).\n\nUsing credentialBundlePath lets your Pod's application code make a single atomic read that retrieves a consistent key and certificate chain. If you project them to separate files, your application code will need to additionally check that the leaf certificate was issued to the key.", - "type": "string" - }, - "keyPath": { - "description": "Write the key at this path in the projected volume.\n\nMost applications should use credentialBundlePath. When using keyPath and certificateChainPath, your application needs to check that the key and leaf certificate are consistent, because it is possible to read the files mid-rotation.", - "type": "string" - }, - "keyType": { - "description": "The type of keypair Kubelet will generate for the pod.\n\nValid values are \"RSA3072\", \"RSA4096\", \"ECDSAP256\", \"ECDSAP384\", \"ECDSAP521\", and \"ED25519\".", - "type": "string" - }, - "maxExpirationSeconds": { - "description": "maxExpirationSeconds is the maximum lifetime permitted for the certificate.\n\nKubelet copies this value verbatim into the PodCertificateRequests it generates for this projection.\n\nIf omitted, kube-apiserver will set it to 86400(24 hours). kube-apiserver will reject values shorter than 3600 (1 hour). The maximum allowable value is 7862400 (91 days).\n\nThe signer implementation is then free to issue a certificate with any lifetime *shorter* than MaxExpirationSeconds, but no shorter than 3600 seconds (1 hour). This constraint is enforced by kube-apiserver. `kubernetes.io` signers will never issue certificates with a lifetime longer than 24 hours.", - "type": "integer", - "format": "int32" + "image": { + "description": "image defines an image source for a component. The image must contain a /capi-operator-installer directory containing the component manifests.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponentImage" }, - "signerName": { - "description": "Kubelet's generated CSRs will be addressed to this signer.", - "type": "string" + "type": { + "description": "type is the source type of the component. The only valid value is Image. When set to Image, the image field must be set and will define an image source for the component.\n\nPossible enum values:\n - `\"Image\"` is an image source for a component.", + "type": "string", + "enum": [ + "Image" + ] } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "image": "Image" + } + } + ] }, - "io.k8s.api.core.v1.PodCondition": { - "description": "PodCondition contains details for the current condition of this pod.", + "com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponentImage": { + "description": "ClusterAPIInstallerComponentImage defines an image source for a component.", "type": "object", "required": [ - "type", - "status" + "ref", + "profile" ], "properties": { - "lastProbeTime": { - "description": "Last time we probed the condition.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "lastTransitionTime": { - "description": "Last time the condition transitioned from one status to another.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "message": { - "description": "Human-readable message indicating details about last transition.", + "profile": { + "description": "profile is the name of a profile to use from the image.\n\nA profile name may be up to 255 characters long. It must consist of alphanumeric characters, '-', or '_'.", "type": "string" }, - "observedGeneration": { - "description": "If set, this represents the .metadata.generation that the pod condition was set based upon. This is an alpha field. Enable PodObservedGenerationTracking to be able to use this field.", - "type": "integer", - "format": "int64" - }, - "reason": { - "description": "Unique, one-word, CamelCase reason for the condition's last transition.", + "ref": { + "description": "ref is an image reference to the image containing the component manifests. The reference must be a valid image digest reference in the format host[:port][/namespace]/name@sha256:. The digest must be 64 characters long, and consist only of lowercase hexadecimal characters, a-f and 0-9. The length of the field must be between 1 to 447 characters.", "type": "string" - }, - "status": { - "description": "Status is the status of the condition. Can be True, False, Unknown. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions", - "type": "string", - "default": "" - }, - "type": { - "description": "Type is the type of the condition. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions", - "type": "string", - "default": "" } } }, - "io.k8s.api.core.v1.PodDNSConfig": { - "description": "PodDNSConfig defines the DNS parameters of a pod in addition to those generated from DNSPolicy.", + "com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerRevision": { "type": "object", + "required": [ + "name", + "revision", + "contentID" + ], "properties": { - "nameservers": { - "description": "A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "options": { - "description": "A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy.", + "components": { + "description": "components is a list of components which will be installed by this revision. Components will be installed in the order they are listed. If omitted no components will be installed.\n\nThe maximum number of components is 32.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PodDNSConfigOption" + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerComponent" }, "x-kubernetes-list-type": "atomic" }, - "searches": { - "description": "A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed.", + "contentID": { + "description": "contentID uniquely identifies the content of this revision. The contentID must be between 1 and 255 characters long.", + "type": "string" + }, + "name": { + "description": "name is the name of a revision.", + "type": "string" + }, + "revision": { + "description": "revision is a monotonically increasing number that is assigned to a revision.", + "type": "integer", + "format": "int64" + }, + "unmanagedCustomResourceDefinitions": { + "description": "unmanagedCustomResourceDefinitions is a list of the names of ClusterResourceDefinition (CRD) objects which are included in this revision, but which should not be installed or updated. If not set, all CRDs in the revision will be managed by the CAPI operator.", "type": "array", "items": { "type": "string", @@ -47066,111 +48074,120 @@ }, "x-kubernetes-list-type": "atomic" } - } - }, - "io.k8s.api.core.v1.PodDNSConfigOption": { - "description": "PodDNSConfigOption defines DNS resolver options of a pod.", - "type": "object", - "properties": { - "name": { - "description": "Name is this DNS resolver option's name. Required.", - "type": "string" - }, - "value": { - "description": "Value is this DNS resolver option's value.", - "type": "string" - } - } + }, + "x-kubernetes-map-type": "atomic" }, - "io.k8s.api.core.v1.PodExecOptions": { - "description": "PodExecOptions is the query options to a Pod's remote exec call.", + "com.github.openshift.api.operator.v1alpha1.ClusterAPIList": { + "description": "ClusterAPIList contains a list of ClusterAPI configurations\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "command" + "metadata", + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "command": { - "description": "Command is the remote command to execute. argv array. Not executed within a shell.", + "items": { + "description": "items contains the items", "type": "array", "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "container": { - "description": "Container in which to execute the command. Defaults to only container if there is only one container in the pod.", - "type": "string" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterAPI" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "stderr": { - "description": "Redirect the standard error stream of the pod for this call.", - "type": "boolean" - }, - "stdin": { - "description": "Redirect the standard input stream of the pod for this call. Defaults to false.", - "type": "boolean" - }, - "stdout": { - "description": "Redirect the standard output stream of the pod for this call.", - "type": "boolean" - }, - "tty": { - "description": "TTY if true indicates that a tty will be allocated for the exec call. Defaults to false.", - "type": "boolean" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.PodExtendedResourceClaimStatus": { - "description": "PodExtendedResourceClaimStatus is stored in the PodStatus for the extended resource requests backed by DRA. It stores the generated name for the corresponding special ResourceClaim created by the scheduler.", + "com.github.openshift.api.operator.v1alpha1.ClusterAPISpec": { + "description": "ClusterAPISpec defines the desired configuration of the capi-operator. The spec is required but we deliberately allow it to be empty.", + "type": "object", + "properties": { + "unmanagedCustomResourceDefinitions": { + "description": "unmanagedCustomResourceDefinitions is a list of ClusterResourceDefinition (CRD) names that should not be managed by the capi-operator installer controller. This allows external actors to own specific CRDs while capi-operator manages others.\n\nEach CRD name must be a valid DNS-1123 subdomain consisting of lowercase alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character, with a maximum length of 253 characters. CRD names must contain at least two '.' characters. Example: \"clusters.cluster.x-k8s.io\"\n\nItems cannot be removed from this list once added.\n\nThe maximum number of unmanagedCustomResourceDefinitions is 128.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" + } + } + }, + "com.github.openshift.api.operator.v1alpha1.ClusterAPIStatus": { + "description": "ClusterAPIStatus describes the current state of the capi-operator.", "type": "object", "required": [ - "requestMappings", - "resourceClaimName" + "desiredRevision", + "revisions" ], "properties": { - "requestMappings": { - "description": "RequestMappings identifies the mapping of to device request in the generated ResourceClaim.", + "currentRevision": { + "description": "currentRevision is the name of the most recently fully applied revision. It is written by the installer controller. If it is absent, it indicates that no revision has been fully applied yet. If set, currentRevision must correspond to an entry in the revisions list.", + "type": "string" + }, + "desiredRevision": { + "description": "desiredRevision is the name of the desired revision. It is written by the revision controller. It must be set to the name of the entry in the revisions list with the highest revision number.", + "type": "string" + }, + "revisions": { + "description": "revisions is a list of all currently active revisions. A revision is active until the installer controller updates currentRevision to a later revision. It is written by the revision controller.\n\nThe maximum number of revisions is 16. All revisions must have a unique name. All revisions must have a unique revision number. When adding a revision, the revision number must be greater than the highest revision number in the list. Revisions are immutable, although they can be deleted.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ContainerExtendedResourceRequest" + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterAPIInstallerRevision" }, "x-kubernetes-list-type": "atomic" - }, - "resourceClaimName": { - "description": "ResourceClaimName is the name of the ResourceClaim that was generated for the Pod in the namespace of the Pod.", - "type": "string", - "default": "" } } }, - "io.k8s.api.core.v1.PodIP": { - "description": "PodIP represents a single IP address allocated to the pod.", + "com.github.openshift.api.operator.v1alpha1.ClusterVersionOperator": { + "description": "ClusterVersionOperator holds cluster-wide information about the Cluster Version Operator.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "ip" + "metadata", + "spec" ], "properties": { - "ip": { - "description": "IP is the IP address assigned to the pod", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec is the specification of the desired behavior of the Cluster Version Operator.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorSpec" + }, + "status": { + "description": "status is the most recently observed status of the Cluster Version Operator.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorStatus" } } }, - "io.k8s.api.core.v1.PodList": { - "description": "PodList is a list of Pods.", + "com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorList": { + "description": "ClusterVersionOperatorList is a collection of ClusterVersionOperators.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "items" + "metadata" ], "properties": { "apiVersion": { @@ -47178,11 +48195,11 @@ "type": "string" }, "items": { - "description": "List of pods. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md", + "description": "items is a list of ClusterVersionOperators.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.Pod" + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ClusterVersionOperator" } }, "kind": { @@ -47190,86 +48207,59 @@ "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.PodLogOptions": { - "description": "PodLogOptions is the query options for a Pod's logs REST call.", + "com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorSpec": { + "description": "ClusterVersionOperatorSpec is the specification of the desired behavior of the Cluster Version Operator.", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "container": { - "description": "The container for which to stream logs. Defaults to only container if there is one container in the pod.", - "type": "string" - }, - "follow": { - "description": "Follow the log stream of the pod. Defaults to false.", - "type": "boolean" - }, - "insecureSkipTLSVerifyBackend": { - "description": "insecureSkipTLSVerifyBackend indicates that the apiserver should not confirm the validity of the serving certificate of the backend it is connecting to. This will make the HTTPS connection between the apiserver and the backend insecure. This means the apiserver cannot verify the log data it is receiving came from the real kubelet. If the kubelet is configured to verify the apiserver's TLS credentials, it does not mean the connection to the real kubelet is vulnerable to a man in the middle attack (e.g. an attacker could not intercept the actual log data coming from the real kubelet).", - "type": "boolean" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "limitBytes": { - "description": "If set, the number of bytes to read from the server before terminating the log output. This may not display a complete final line of logging, and may return slightly more or slightly less than the specified limit.", - "type": "integer", - "format": "int64" - }, - "previous": { - "description": "Return previous terminated container logs. Defaults to false.", - "type": "boolean" - }, - "sinceSeconds": { - "description": "A relative time in seconds before the current time from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", - "type": "integer", - "format": "int64" - }, - "sinceTime": { - "description": "An RFC3339 timestamp from which to show logs. If this value precedes the time a pod was started, only logs since the pod start will be returned. If this value is in the future, no logs will be returned. Only one of sinceSeconds or sinceTime may be specified.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "stream": { - "description": "Specify which container log stream to return to the client. Acceptable values are \"All\", \"Stdout\" and \"Stderr\". If not specified, \"All\" is used, and both stdout and stderr are returned interleaved. Note that when \"TailLines\" is specified, \"Stream\" can only be set to nil or \"All\".", + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" - }, - "tailLines": { - "description": "If set, the number of lines from the end of the logs to show. If not specified, logs are shown from the creation of the container or sinceSeconds or sinceTime. Note that when \"TailLines\" is specified, \"Stream\" can only be set to nil or \"All\".", + } + } + }, + "com.github.openshift.api.operator.v1alpha1.ClusterVersionOperatorStatus": { + "description": "ClusterVersionOperatorStatus defines the observed status of the Cluster Version Operator.", + "type": "object", + "properties": { + "observedGeneration": { + "description": "observedGeneration represents the most recent generation observed by the operator and specifies the version of the spec field currently being synced.", "type": "integer", "format": "int64" - }, - "timestamps": { - "description": "If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line of log output. Defaults to false.", + } + } + }, + "com.github.openshift.api.operator.v1alpha1.DelegatedAuthentication": { + "description": "DelegatedAuthentication allows authentication to be disabled.", + "type": "object", + "properties": { + "disabled": { + "description": "disabled indicates that authentication should be disabled. By default it will use delegated authentication.", "type": "boolean" } } }, - "io.k8s.api.core.v1.PodOS": { - "description": "PodOS defines the OS parameters of a pod.", + "com.github.openshift.api.operator.v1alpha1.DelegatedAuthorization": { + "description": "DelegatedAuthorization allows authorization to be disabled.", "type": "object", - "required": [ - "name" - ], "properties": { - "name": { - "description": "Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: null", - "type": "string", - "default": "" + "disabled": { + "description": "disabled indicates that authorization should be disabled. By default it will use delegated authorization.", + "type": "boolean" } } }, - "io.k8s.api.core.v1.PodPortForwardOptions": { - "description": "PodPortForwardOptions is the query options to a Pod's port forward call when using WebSockets. The `port` query parameter must specify the port or ports (comma separated) to forward over. Port forwarding over SPDY does not use these options. It requires the port to be passed in the `port` header as part of request.", + "com.github.openshift.api.operator.v1alpha1.EtcdBackup": { + "description": "# EtcdBackup provides configuration options and status for a one-time backup attempt of the etcd cluster\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -47279,640 +48269,731 @@ "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "ports": { - "description": "List of ports to forward Required when using WebSockets", - "type": "array", - "items": { - "type": "integer", - "format": "int32", - "default": 0 - }, - "x-kubernetes-list-type": "atomic" + "metadata": { + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.EtcdBackupSpec" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.EtcdBackupStatus" } } }, - "io.k8s.api.core.v1.PodProxyOptions": { - "description": "PodProxyOptions is the query options to a Pod's proxy call.", + "com.github.openshift.api.operator.v1alpha1.EtcdBackupList": { + "description": "EtcdBackupList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.EtcdBackup" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "path": { - "description": "Path is the URL path to use for the current proxy request to pod.", - "type": "string" + "metadata": { + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.PodReadinessGate": { - "description": "PodReadinessGate contains the reference to a pod condition", + "com.github.openshift.api.operator.v1alpha1.EtcdBackupSpec": { "type": "object", - "required": [ - "conditionType" - ], "properties": { - "conditionType": { - "description": "ConditionType refers to a condition in the pod's condition list with matching type.", + "pvcName": { + "description": "pvcName specifies the name of the PersistentVolumeClaim (PVC) which binds a PersistentVolume where the etcd backup file would be saved The PVC itself must always be created in the \"openshift-etcd\" namespace If the PVC is left unspecified \"\" then the platform will choose a reasonable default location to save the backup. In the future this would be backups saved across the control-plane master nodes.", "type": "string", "default": "" } } }, - "io.k8s.api.core.v1.PodResourceClaim": { - "description": "PodResourceClaim references exactly one ResourceClaim, either directly or by naming a ResourceClaimTemplate which is then turned into a ResourceClaim for the pod.\n\nIt adds a name to it that uniquely identifies the ResourceClaim inside the Pod. Containers that need access to the ResourceClaim reference it with this name.", + "com.github.openshift.api.operator.v1alpha1.EtcdBackupStatus": { + "type": "object", + "properties": { + "backupJob": { + "description": "backupJob is the reference to the Job that executes the backup. Optional", + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.BackupJobReference" + }, + "conditions": { + "description": "conditions provide details on the status of the etcd backup job.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" + } + } + }, + "com.github.openshift.api.operator.v1alpha1.GenerationHistory": { + "description": "GenerationHistory keeps track of the generation for a given resource so that decisions about forced updated can be made. DEPRECATED: Use fields in v1.GenerationStatus instead", "type": "object", "required": [ - "name" + "group", + "resource", + "namespace", + "name", + "lastGeneration" ], "properties": { + "group": { + "description": "group is the group of the thing you're tracking", + "type": "string", + "default": "" + }, + "lastGeneration": { + "description": "lastGeneration is the last generation of the workload controller involved", + "type": "integer", + "format": "int64", + "default": 0 + }, "name": { - "description": "Name uniquely identifies this resource claim inside the pod. This must be a DNS_LABEL.", + "description": "name is the name of the thing you're tracking", "type": "string", "default": "" }, - "resourceClaimName": { - "description": "ResourceClaimName is the name of a ResourceClaim object in the same namespace as this pod.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must be set.", - "type": "string" + "namespace": { + "description": "namespace is where the thing you're tracking is", + "type": "string", + "default": "" }, - "resourceClaimTemplateName": { - "description": "ResourceClaimTemplateName is the name of a ResourceClaimTemplate object in the same namespace as this pod.\n\nThe template will be used to create a new ResourceClaim, which will be bound to this pod. When this pod is deleted, the ResourceClaim will also be deleted. The pod name and resource name, along with a generated component, will be used to form a unique name for the ResourceClaim, which will be recorded in pod.status.resourceClaimStatuses.\n\nThis field is immutable and no changes will be made to the corresponding ResourceClaim by the control plane after creating the ResourceClaim.\n\nExactly one of ResourceClaimName and ResourceClaimTemplateName must be set.", - "type": "string" + "resource": { + "description": "resource is the resource type of the thing you're tracking", + "type": "string", + "default": "" } } }, - "io.k8s.api.core.v1.PodResourceClaimStatus": { - "description": "PodResourceClaimStatus is stored in the PodStatus for each PodResourceClaim which references a ResourceClaimTemplate. It stores the generated name for the corresponding ResourceClaim.", + "com.github.openshift.api.operator.v1alpha1.GenericOperatorConfig": { + "description": "GenericOperatorConfig provides information to configure an operator\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", - "required": [ - "name" - ], "properties": { - "name": { - "description": "Name uniquely identifies this resource claim inside the pod. This must match the name of an entry in pod.spec.resourceClaims, which implies that the string must be a DNS_LABEL.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "resourceClaimName": { - "description": "ResourceClaimName is the name of the ResourceClaim that was generated for the Pod in the namespace of the Pod. If this is unset, then generating a ResourceClaim was not necessary. The pod.spec.resourceClaims entry can be ignored in this case.", + "authentication": { + "description": "authentication allows configuration of authentication for the endpoints", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.DelegatedAuthentication" + }, + "authorization": { + "description": "authorization allows configuration of authentication for the endpoints", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.DelegatedAuthorization" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "leaderElection": { + "description": "leaderElection provides information to elect a leader. Only override this if you have a specific need", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.LeaderElection" + }, + "servingInfo": { + "description": "servingInfo is the HTTP serving information for the controller's endpoints", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" } } }, - "io.k8s.api.core.v1.PodSchedulingGate": { - "description": "PodSchedulingGate is associated to a Pod to guard its scheduling.", + "com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicy": { + "description": "ImageContentSourcePolicy holds cluster-wide information about how to handle registry mirror rules. When multiple policies are defined, the outcome of the behavior is defined on each field.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "name" + "spec" ], "properties": { - "name": { - "description": "Name of the scheduling gate. Each scheduling gate must have a unique name field.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicySpec" } } }, - "io.k8s.api.core.v1.PodSecurityContext": { - "description": "PodSecurityContext holds pod-level security attributes and common container settings. Some fields are also present in container.securityContext. Field values of container.securityContext take precedence over field values of PodSecurityContext.", + "com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicyList": { + "description": "ImageContentSourcePolicyList lists the items in the ImageContentSourcePolicy CRD.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.", - "$ref": "#/definitions/io.k8s.api.core.v1.AppArmorProfile" - }, - "fsGroup": { - "description": "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod:\n\n1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw----\n\nIf unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.", - "type": "integer", - "format": "int64" - }, - "fsGroupChangePolicy": { - "description": "fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are \"OnRootMismatch\" and \"Always\". If not specified, \"Always\" is used. Note that this field cannot be set when spec.os.name is windows.\n\nPossible enum values:\n - `\"Always\"` indicates that volume's ownership and permissions should always be changed whenever volume is mounted inside a Pod. This the default behavior.\n - `\"OnRootMismatch\"` indicates that volume's ownership and permissions will be changed only when permission and ownership of root directory does not match with expected permissions on the volume. This can help shorten the time it takes to change ownership and permissions of a volume.", - "type": "string", - "enum": [ - "Always", - "OnRootMismatch" - ] - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", - "type": "integer", - "format": "int64" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", - "type": "integer", - "format": "int64" - }, - "seLinuxChangePolicy": { - "description": "seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are \"MountOption\" and \"Recursive\".\n\n\"Recursive\" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.\n\n\"MountOption\" mounts all eligible Pod volumes with `-o context` mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. \"MountOption\" value is allowed only when SELinuxMount feature gate is enabled.\n\nIf not specified and SELinuxMount feature gate is enabled, \"MountOption\" is used. If not specified and SELinuxMount feature gate is disabled, \"MountOption\" is used for ReadWriteOncePod volumes and \"Recursive\" for all other volumes.\n\nThis field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.\n\nAll Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.", - "$ref": "#/definitions/io.k8s.api.core.v1.SELinuxOptions" - }, - "seccompProfile": { - "description": "The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.", - "$ref": "#/definitions/io.k8s.api.core.v1.SeccompProfile" - }, - "supplementalGroups": { - "description": "A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.", + "items": { "type": "array", "items": { - "type": "integer", - "format": "int64", - "default": 0 - }, - "x-kubernetes-list-type": "atomic" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicy" + } }, - "supplementalGroupsPolicy": { - "description": "Defines how supplemental groups of the first container processes are calculated. Valid values are \"Merge\" and \"Strict\". If not specified, \"Merge\" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.\n\nPossible enum values:\n - `\"Merge\"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be merged with the primary user's groups as defined in the container image (in /etc/group).\n - `\"Strict\"` means that the container's provided SupplementalGroups and FsGroup (specified in SecurityContext) will be used instead of any groups defined in the container image.", - "type": "string", - "enum": [ - "Merge", - "Strict" - ] + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "sysctls": { - "description": "Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.", + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.operator.v1alpha1.ImageContentSourcePolicySpec": { + "description": "ImageContentSourcePolicySpec is the specification of the ImageContentSourcePolicy CRD.", + "type": "object", + "properties": { + "repositoryDigestMirrors": { + "description": "repositoryDigestMirrors allows images referenced by image digests in pods to be pulled from alternative mirrored repository locations. The image pull specification provided to the pod will be compared to the source locations described in RepositoryDigestMirrors and the image may be pulled down from any of the mirrors in the list instead of the specified repository allowing administrators to choose a potentially faster mirror. Only image pull specifications that have an image digest will have this behavior applied to them - tags will continue to be pulled from the specified repository in the pull spec.\n\nEach “source” repository is treated independently; configurations for different “source” repositories don’t interact.\n\nWhen multiple policies are defined for the same “source” repository, the sets of defined mirrors will be merged together, preserving the relative order of the mirrors, if possible. For example, if policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be used in the order `a, b, c, d, e`. If the orders of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the resulting order is unspecified.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.Sysctl" - }, - "x-kubernetes-list-type": "atomic" - }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", - "$ref": "#/definitions/io.k8s.api.core.v1.WindowsSecurityContextOptions" + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.RepositoryDigestMirrors" + } } } }, - "io.k8s.api.core.v1.PodSignature": { - "description": "Describes the class of pods that should avoid this node. Exactly one field should be set.", + "com.github.openshift.api.operator.v1alpha1.LoggingConfig": { + "description": "LoggingConfig holds information about configuring logging DEPRECATED: Use v1.LogLevel instead", "type": "object", + "required": [ + "level", + "vmodule" + ], "properties": { - "podController": { - "description": "Reference to controller whose pods should avoid this node.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference" + "level": { + "description": "level is passed to glog.", + "type": "integer", + "format": "int64", + "default": 0 + }, + "vmodule": { + "description": "vmodule is passed to glog.", + "type": "string", + "default": "" } } }, - "io.k8s.api.core.v1.PodSpec": { - "description": "PodSpec is a description of a pod.", + "com.github.openshift.api.operator.v1alpha1.NodeStatus": { + "description": "NodeStatus provides information about the current state of a particular node managed by this operator. Deprecated: Use v1.NodeStatus instead", "type": "object", "required": [ - "containers" + "nodeName", + "currentDeploymentGeneration", + "targetDeploymentGeneration", + "lastFailedDeploymentGeneration", + "lastFailedDeploymentErrors" ], "properties": { - "activeDeadlineSeconds": { - "description": "Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer.", + "currentDeploymentGeneration": { + "description": "currentDeploymentGeneration is the generation of the most recently successful deployment", "type": "integer", - "format": "int64" - }, - "affinity": { - "description": "If specified, the pod's scheduling constraints", - "$ref": "#/definitions/io.k8s.api.core.v1.Affinity" - }, - "automountServiceAccountToken": { - "description": "AutomountServiceAccountToken indicates whether a service account token should be automatically mounted.", - "type": "boolean" + "format": "int32", + "default": 0 }, - "containers": { - "description": "List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.", + "lastFailedDeploymentErrors": { + "description": "lastFailedDeploymentGenerationErrors is a list of the errors during the failed deployment referenced in lastFailedDeploymentGeneration", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.Container" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" + "type": "string", + "default": "" + } }, - "dnsConfig": { - "description": "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.", - "$ref": "#/definitions/io.k8s.api.core.v1.PodDNSConfig" + "lastFailedDeploymentGeneration": { + "description": "lastFailedDeploymentGeneration is the generation of the deployment we tried and failed to deploy.", + "type": "integer", + "format": "int32", + "default": 0 }, - "dnsPolicy": { - "description": "Set DNS policy for the pod. Defaults to \"ClusterFirst\". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.\n\nPossible enum values:\n - `\"ClusterFirst\"` indicates that the pod should use cluster DNS first unless hostNetwork is true, if it is available, then fall back on the default (as determined by kubelet) DNS settings.\n - `\"ClusterFirstWithHostNet\"` indicates that the pod should use cluster DNS first, if it is available, then fall back on the default (as determined by kubelet) DNS settings.\n - `\"Default\"` indicates that the pod should use the default (as determined by kubelet) DNS settings.\n - `\"None\"` indicates that the pod should use empty DNS settings. DNS parameters such as nameservers and search paths should be defined via DNSConfig.", + "nodeName": { + "description": "nodeName is the name of the node", "type": "string", - "enum": [ - "ClusterFirst", - "ClusterFirstWithHostNet", - "Default", - "None" - ] + "default": "" }, - "enableServiceLinks": { - "description": "EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true.", - "type": "boolean" + "targetDeploymentGeneration": { + "description": "targetDeploymentGeneration is the generation of the deployment we're trying to apply", + "type": "integer", + "format": "int32", + "default": 0 + } + } + }, + "com.github.openshift.api.operator.v1alpha1.OLM": { + "description": "OLM provides information to configure an operator to manage the OLM controllers\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "required": [ + "metadata", + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "ephemeralContainers": { - "description": "List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.EphemeralContainer" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "hostAliases": { - "description": "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified.", + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec holds user settable values for configuration", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.OLMSpec" + }, + "status": { + "description": "status holds observed values from the cluster. They may not be overridden.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.OLMStatus" + } + } + }, + "com.github.openshift.api.operator.v1alpha1.OLMList": { + "description": "OLMList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "required": [ + "metadata", + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "description": "items contains the items", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.HostAlias" - }, - "x-kubernetes-list-map-keys": [ - "ip" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "ip", - "x-kubernetes-patch-strategy": "merge" - }, - "hostIPC": { - "description": "Use the host's ipc namespace. Optional: Default to false.", - "type": "boolean" + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.OLM" + } }, - "hostNetwork": { - "description": "Host networking requested for this pod. Use the host's network namespace. When using HostNetwork you should specify ports so the scheduler is aware. When `hostNetwork` is true, specified `hostPort` fields in port definitions must match `containerPort`, and unspecified `hostPort` fields in port definitions are defaulted to match `containerPort`. Default to false.", - "type": "boolean" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "hostPID": { - "description": "Use the host's pid namespace. Optional: Default to false.", - "type": "boolean" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.operator.v1alpha1.OLMSpec": { + "type": "object", + "required": [ + "managementState" + ], + "properties": { + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" }, - "hostUsers": { - "description": "Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature.", - "type": "boolean" + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" }, - "hostname": { - "description": "Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value.", - "type": "string" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" }, - "hostnameOverride": { - "description": "HostnameOverride specifies an explicit override for the pod's hostname as perceived by the pod. This field only specifies the pod's hostname and does not affect its DNS records. When this field is set to a non-empty string: - It takes precedence over the values set in `hostname` and `subdomain`. - The Pod's hostname will be set to this value. - `setHostnameAsFQDN` must be nil or set to false. - `hostNetwork` must be set to false.\n\nThis field must be a valid DNS subdomain as defined in RFC 1123 and contain at most 64 characters. Requires the HostnameOverride feature gate to be enabled.", + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "type": "string" }, - "imagePullSecrets": { - "description": "ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod", + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.operator.v1alpha1.OLMStatus": { + "type": "object", + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" }, "x-kubernetes-list-map-keys": [ - "name" + "type" ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" + "x-kubernetes-list-type": "map" }, - "initContainers": { - "description": "List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.Container" + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" }, "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", "name" ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" - }, - "nodeName": { - "description": "NodeName indicates in which node this pod is scheduled. If empty, this pod is a candidate for scheduling by the scheduler defined in schedulerName. Once this field is set, the kubelet for this node becomes responsible for the lifecycle of this pod. This field should not be used to express a desire for the pod to be scheduled on a specific node. https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodename", - "type": "string" - }, - "nodeSelector": { - "description": "NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - }, - "x-kubernetes-map-type": "atomic" - }, - "os": { - "description": "Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set.\n\nIf the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions\n\nIf the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.resources - spec.securityContext.appArmorProfile - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.securityContext.supplementalGroupsPolicy - spec.containers[*].securityContext.appArmorProfile - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup", - "$ref": "#/definitions/io.k8s.api.core.v1.PodOS" + "x-kubernetes-list-type": "map" }, - "overhead": { - "description": "Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" - } + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" }, - "preemptionPolicy": { - "description": "PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset.\n\nPossible enum values:\n - `\"Never\"` means that pod never preempts other pods with lower priority.\n - `\"PreemptLowerPriority\"` means that pod can preempt other pods with lower priority.", - "type": "string", - "enum": [ - "Never", - "PreemptLowerPriority" - ] + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" }, - "priority": { - "description": "The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority.", + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", "type": "integer", - "format": "int32" + "format": "int32", + "default": 0 }, - "priorityClassName": { - "description": "If specified, indicates the pod's priority. \"system-node-critical\" and \"system-cluster-critical\" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default.", + "version": { + "description": "version is the level this availability applies to", "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1alpha1.OperatorCondition": { + "description": "OperatorCondition is just the standard condition fields. DEPRECATED: Use v1.OperatorCondition instead", + "type": "object", + "required": [ + "type", + "status" + ], + "properties": { + "lastTransitionTime": { + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "readinessGates": { - "description": "If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to \"True\" More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PodReadinessGate" - }, - "x-kubernetes-list-type": "atomic" + "message": { + "type": "string" }, - "resourceClaims": { - "description": "ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name.\n\nThis is an alpha field and requires enabling the DynamicResourceAllocation feature gate.\n\nThis field is immutable.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PodResourceClaim" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge,retainKeys" + "reason": { + "type": "string" }, - "resources": { - "description": "Resources is the total amount of CPU and Memory resources required by all containers in the pod. It supports specifying Requests and Limits for \"cpu\", \"memory\" and \"hugepages-\" resource names only. ResourceClaims are not supported.\n\nThis field enables fine-grained control over resource allocation for the entire pod, allowing resource sharing among containers in a pod.\n\nThis is an alpha field and requires enabling the PodLevelResources feature gate.", - "$ref": "#/definitions/io.k8s.api.core.v1.ResourceRequirements" + "status": { + "type": "string", + "default": "" }, - "restartPolicy": { - "description": "Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy\n\nPossible enum values:\n - `\"Always\"`\n - `\"Never\"`\n - `\"OnFailure\"`", + "type": { "type": "string", - "enum": [ - "Always", - "Never", - "OnFailure" - ] + "default": "" + } + } + }, + "com.github.openshift.api.operator.v1alpha1.OperatorSpec": { + "description": "OperatorSpec contains common fields for an operator to need. It is intended to be anonymous included inside of the Spec struct for you particular operator. DEPRECATED: Use v1.OperatorSpec instead", + "type": "object", + "required": [ + "managementState", + "imagePullSpec", + "imagePullPolicy", + "version" + ], + "properties": { + "imagePullPolicy": { + "description": "imagePullPolicy specifies the image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.", + "type": "string", + "default": "" }, - "runtimeClassName": { - "description": "RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the \"legacy\" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class", - "type": "string" + "imagePullSpec": { + "description": "imagePullSpec is the image to use for the component.", + "type": "string", + "default": "" }, - "schedulerName": { - "description": "If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler.", - "type": "string" + "logging": { + "description": "logging contains glog parameters for the component pods. It's always a command line arg for the moment", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.LoggingConfig" }, - "schedulingGates": { - "description": "SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod.\n\nSchedulingGates can only be set at pod creation time, and be removed only afterwards.", + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", + "type": "string", + "default": "" + }, + "version": { + "description": "version is the desired state in major.minor.micro-patch. Usually patch is ignored.", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.operator.v1alpha1.OperatorStatus": { + "description": "OperatorStatus contains common fields for an operator to need. It is intended to be anonymous included inside of the Status struct for you particular operator. DEPRECATED: Use v1.OperatorStatus instead", + "type": "object", + "properties": { + "conditions": { + "description": "conditions is a list of conditions and their status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PodSchedulingGate" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" - }, - "securityContext": { - "description": "SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.", - "$ref": "#/definitions/io.k8s.api.core.v1.PodSecurityContext" - }, - "serviceAccount": { - "description": "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.", - "type": "string" - }, - "serviceAccountName": { - "description": "ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", - "type": "string" - }, - "setHostnameAsFQDN": { - "description": "If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Tcpip\\\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false.", - "type": "boolean" - }, - "shareProcessNamespace": { - "description": "Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false.", - "type": "boolean" + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.OperatorCondition" + } }, - "subdomain": { - "description": "If specified, the fully qualified Pod hostname will be \"...svc.\". If not specified, the pod will not have a domainname at all.", - "type": "string" + "currentVersionAvailability": { + "description": "currentVersionAvailability is availability information for the current version. If it is unmanged or removed, this doesn't exist.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.VersionAvailability" }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds.", + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", "type": "integer", "format": "int64" }, - "tolerations": { - "description": "If specified, the pod's tolerations.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.Toleration" - }, - "x-kubernetes-list-type": "atomic" + "state": { + "description": "state indicates what the operator has observed to be its current operational status.", + "type": "string" }, - "topologySpreadConstraints": { - "description": "TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.TopologySpreadConstraint" - }, - "x-kubernetes-list-map-keys": [ - "topologyKey", - "whenUnsatisfiable" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "topologyKey", - "x-kubernetes-patch-strategy": "merge" + "targetVersionAvailability": { + "description": "targetVersionAvailability is availability information for the target version if we are migrating", + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.VersionAvailability" }, - "volumes": { - "description": "List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes", + "taskSummary": { + "description": "taskSummary is a high level summary of what the controller is currently attempting to do. It is high-level, human-readable and not guaranteed in any way. (I needed this for debugging and realized it made a great summary).", + "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1alpha1.RepositoryDigestMirrors": { + "description": "RepositoryDigestMirrors holds cluster-wide information about how to handle mirros in the registries config. Note: the mirrors only work when pulling the images that are referenced by their digests.", + "type": "object", + "required": [ + "source" + ], + "properties": { + "mirrors": { + "description": "mirrors is one or more repositories that may also contain the same images. The order of mirrors in this list is treated as the user's desired priority, while source is by default considered lower priority than all mirrors. Other cluster configuration, including (but not limited to) other repositoryDigestMirrors objects, may impact the exact order mirrors are contacted in, or some mirrors may be contacted in parallel, so this should be considered a preference rather than a guarantee of ordering.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.Volume" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge,retainKeys" + "type": "string", + "default": "" + } + }, + "source": { + "description": "source is the repository that users refer to, e.g. in image pull specifications.", + "type": "string", + "default": "" } } }, - "io.k8s.api.core.v1.PodStatus": { - "description": "PodStatus represents information about the status of a pod. Status may trail the actual state of a system, especially if the node that hosts the pod cannot contact the control plane.", + "com.github.openshift.api.operator.v1alpha1.StaticPodOperatorStatus": { + "description": "StaticPodOperatorStatus is status for controllers that manage static pods. There are different needs because individual node status must be tracked. DEPRECATED: Use v1.StaticPodOperatorStatus instead", "type": "object", + "required": [ + "latestAvailableDeploymentGeneration", + "nodeStatuses" + ], "properties": { "conditions": { - "description": "Current service state of pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions", + "description": "conditions is a list of conditions and their status", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PodCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.OperatorCondition" + } }, - "containerStatuses": { - "description": "Statuses of containers in this pod. Each container in the pod should have at most one status in this list, and all statuses should be for containers in the pod. However this is not enforced. If a status for a non-existent container is present in the list, or the list has duplicate names, the behavior of various Kubernetes components is not defined and those statuses might be ignored. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ContainerStatus" - }, - "x-kubernetes-list-type": "atomic" + "currentVersionAvailability": { + "description": "currentVersionAvailability is availability information for the current version. If it is unmanged or removed, this doesn't exist.", + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.VersionAvailability" }, - "ephemeralContainerStatuses": { - "description": "Statuses for any ephemeral containers that have run in this pod. Each ephemeral container in the pod should have at most one status in this list, and all statuses should be for containers in the pod. However this is not enforced. If a status for a non-existent container is present in the list, or the list has duplicate names, the behavior of various Kubernetes components is not defined and those statuses might be ignored. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status", + "latestAvailableDeploymentGeneration": { + "description": "latestAvailableDeploymentGeneration is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32", + "default": 0 + }, + "nodeStatuses": { + "description": "nodeStatuses track the deployment values and errors across individual nodes", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ContainerStatus" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.NodeStatus" + } }, - "extendedResourceClaimStatus": { - "description": "Status of extended resource claim backed by DRA.", - "$ref": "#/definitions/io.k8s.api.core.v1.PodExtendedResourceClaimStatus" + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" }, - "hostIP": { - "description": "hostIP holds the IP address of the host to which the pod is assigned. Empty if the pod has not started yet. A pod can be assigned to a node that has a problem in kubelet which in turns mean that HostIP will not be updated even if there is a node is assigned to pod", + "state": { + "description": "state indicates what the operator has observed to be its current operational status.", "type": "string" }, - "hostIPs": { - "description": "hostIPs holds the IP addresses allocated to the host. If this field is specified, the first entry must match the hostIP field. This list is empty if the pod has not started yet. A pod can be assigned to a node that has a problem in kubelet which in turns means that HostIPs will not be updated even if there is a node is assigned to this pod.", + "targetVersionAvailability": { + "description": "targetVersionAvailability is availability information for the target version if we are migrating", + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.VersionAvailability" + }, + "taskSummary": { + "description": "taskSummary is a high level summary of what the controller is currently attempting to do. It is high-level, human-readable and not guaranteed in any way. (I needed this for debugging and realized it made a great summary).", + "type": "string" + } + } + }, + "com.github.openshift.api.operator.v1alpha1.VersionAvailability": { + "description": "VersionAvailability gives information about the synchronization and operational status of a particular version of the component DEPRECATED: Use fields in v1.OperatorStatus instead", + "type": "object", + "required": [ + "version", + "updatedReplicas", + "readyReplicas", + "errors", + "generations" + ], + "properties": { + "errors": { + "description": "errors indicates what failures are associated with the operator trying to manage this version", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.HostIP" - }, - "x-kubernetes-list-type": "atomic", - "x-kubernetes-patch-merge-key": "ip", - "x-kubernetes-patch-strategy": "merge" + "type": "string", + "default": "" + } }, - "initContainerStatuses": { - "description": "Statuses of init containers in this pod. The most recent successful non-restartable init container will have ready = true, the most recently started container will have startTime set. Each init container in the pod should have at most one status in this list, and all statuses should be for containers in the pod. However this is not enforced. If a status for a non-existent container is present in the list, or the list has duplicate names, the behavior of various Kubernetes components is not defined and those statuses might be ignored. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-and-container-status", + "generations": { + "description": "generations allows an operator to track what the generation of \"important\" resources was the last time we updated them", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ContainerStatus" - }, - "x-kubernetes-list-type": "atomic" - }, - "message": { - "description": "A human readable message indicating details about why the pod is in this condition.", - "type": "string" + "$ref": "#/definitions/com.github.openshift.api.operator.v1alpha1.GenerationHistory" + } }, - "nominatedNodeName": { - "description": "nominatedNodeName is set only when this pod preempts other pods on the node, but it cannot be scheduled right away as preemption victims receive their graceful termination periods. This field does not guarantee that the pod will be scheduled on this node. Scheduler may decide to place the pod elsewhere if other nodes become available sooner. Scheduler may also decide to give the resources on this node to a higher priority pod that is created after preemption. As a result, this field may be different than PodSpec.nodeName when the pod is scheduled.", - "type": "string" + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 }, - "observedGeneration": { - "description": "If set, this represents the .metadata.generation that the pod status was set based upon. This is an alpha field. Enable PodObservedGenerationTracking to be able to use this field.", + "updatedReplicas": { + "description": "updatedReplicas indicates how many replicas are at the desired state", "type": "integer", - "format": "int64" + "format": "int32", + "default": 0 }, - "phase": { - "description": "The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle. The conditions array, the reason and message fields, and the individual container status arrays contain more detail about the pod's status. There are five possible phase values:\n\nPending: The pod has been accepted by the Kubernetes system, but one or more of the container images has not been created. This includes time before being scheduled as well as time spent downloading images over the network, which could take a while. Running: The pod has been bound to a node, and all of the containers have been created. At least one container is still running, or is in the process of starting or restarting. Succeeded: All containers in the pod have terminated in success, and will not be restarted. Failed: All containers in the pod have terminated, and at least one container has terminated in failure. The container either exited with non-zero status or was terminated by the system. Unknown: For some reason the state of the pod could not be obtained, typically due to an error in communicating with the host of the pod.\n\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase\n\nPossible enum values:\n - `\"Failed\"` means that all containers in the pod have terminated, and at least one container has terminated in a failure (exited with a non-zero exit code or was stopped by the system).\n - `\"Pending\"` means the pod has been accepted by the system, but one or more of the containers has not been started. This includes time before being bound to a node, as well as time spent pulling images onto the host.\n - `\"Running\"` means the pod has been bound to a node and all of the containers have been started. At least one container is still running or is in the process of being restarted.\n - `\"Succeeded\"` means that all containers in the pod have voluntarily terminated with a container exit code of 0, and the system is not going to restart any of these containers.\n - `\"Unknown\"` means that for some reason the state of the pod could not be obtained, typically due to an error in communicating with the host of the pod. Deprecated: It isn't being set since 2015 (74da3b14b0c0f658b3bb8d2def5094686d0e9095)", + "version": { + "description": "version is the level this availability applies to", "type": "string", - "enum": [ - "Failed", - "Pending", - "Running", - "Succeeded", - "Unknown" - ] + "default": "" + } + } + }, + "com.github.openshift.api.operatorcontrolplane.v1alpha1.LogEntry": { + "description": "LogEntry records events", + "type": "object", + "required": [ + "time", + "success" + ], + "properties": { + "latency": { + "description": "latency records how long the action mentioned in the entry took.", + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "podIP": { - "description": "podIP address allocated to the pod. Routable at least within the cluster. Empty if not yet allocated.", + "message": { + "description": "message explaining status in a human readable format.", "type": "string" }, - "podIPs": { - "description": "podIPs holds the IP addresses allocated to the pod. If this field is specified, the 0th entry must match the podIP field. Pods may be allocated at most 1 value for each of IPv4 and IPv6. This list is empty if no IPs have been allocated yet.", + "reason": { + "description": "reason for status in a machine readable format.", + "type": "string" + }, + "success": { + "description": "success indicates if the log entry indicates a success or failure.", + "type": "boolean", + "default": false + }, + "time": { + "description": "Start time of check action.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.operatorcontrolplane.v1alpha1.OutageEntry": { + "description": "OutageEntry records time period of an outage", + "type": "object", + "required": [ + "start" + ], + "properties": { + "end": { + "description": "end of outage detected", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "endLogs": { + "description": "endLogs contains log entries related to the end of this outage. Should contain the success entry that resolved the outage and possibly a few of the failure log entries that preceded it.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PodIP" - }, - "x-kubernetes-list-map-keys": [ - "ip" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "ip", - "x-kubernetes-patch-strategy": "merge" - }, - "qosClass": { - "description": "The Quality of Service (QOS) classification assigned to the pod based on resource requirements See PodQOSClass type for available QOS classes More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes\n\nPossible enum values:\n - `\"BestEffort\"` is the BestEffort qos class.\n - `\"Burstable\"` is the Burstable qos class.\n - `\"Guaranteed\"` is the Guaranteed qos class.", - "type": "string", - "enum": [ - "BestEffort", - "Burstable", - "Guaranteed" - ] + "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.LogEntry" + } }, - "reason": { - "description": "A brief CamelCase message indicating details about why the pod is in this state. e.g. 'Evicted'", + "message": { + "description": "message summarizes outage details in a human readable format.", "type": "string" }, - "resize": { - "description": "Status of resources resize desired for pod's containers. It is empty if no resources resize is pending. Any changes to container resources will automatically set this to \"Proposed\" Deprecated: Resize status is moved to two pod conditions PodResizePending and PodResizeInProgress. PodResizePending will track states where the spec has been resized, but the Kubelet has not yet allocated the resources. PodResizeInProgress will track in-progress resizes, and should be present whenever allocated resources != acknowledged resources.", - "type": "string" + "start": { + "description": "start of outage detected", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "resourceClaimStatuses": { - "description": "Status of resource claims.", + "startLogs": { + "description": "startLogs contains log entries related to the start of this outage. Should contain the original failure, any entries where the failure mode changed.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PodResourceClaimStatus" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge,retainKeys" - }, - "startTime": { - "description": "RFC 3339 date and time at which the object was acknowledged by the Kubelet. This is before the Kubelet pulled the container image(s) for the pod.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.LogEntry" + } } } }, - "io.k8s.api.core.v1.PodStatusResult": { - "description": "PodStatusResult is a wrapper for PodStatus returned by kubelet that can be encode/decoded", + "com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheck": { + "description": "PodNetworkConnectivityCheck\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "metadata", + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -47923,45 +49004,60 @@ "type": "string" }, "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec defines the source and target of the connectivity check", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckSpec" }, "status": { - "description": "Most recently observed status of the pod. This data may not be up to date. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "description": "status contains the observed status of the connectivity check", "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PodStatus" + "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckStatus" } } }, - "io.k8s.api.core.v1.PodTemplate": { - "description": "PodTemplate describes a template for creating copies of a predefined pod.", + "com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckCondition": { + "description": "PodNetworkConnectivityCheckCondition represents the overall status of the pod network connectivity.", "type": "object", + "required": [ + "type", + "status", + "lastTransitionTime" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "lastTransitionTime": { + "description": "Last time the condition transitioned from one status to another.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "message": { + "description": "message indicating details about last transition in a human readable format.", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "reason": { + "description": "reason for the condition's last status transition in a machine readable format.", "type": "string" }, - "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "status": { + "description": "status of the condition", + "type": "string", + "default": "" }, - "template": { - "description": "Template defines the pods that will be created from this pod template. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PodTemplateSpec" + "type": { + "description": "type of the condition", + "type": "string", + "default": "" } } }, - "io.k8s.api.core.v1.PodTemplateList": { - "description": "PodTemplateList is a list of PodTemplates.", + "com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckList": { + "description": "PodNetworkConnectivityCheckList is a collection of PodNetworkConnectivityCheck\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ + "metadata", "items" ], "properties": { @@ -47970,11 +49066,11 @@ "type": "string" }, "items": { - "description": "List of pod templates", + "description": "items contains the items", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PodTemplate" + "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheck" } }, "kind": { @@ -47982,1278 +49078,1350 @@ "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.PodTemplateSpec": { - "description": "PodTemplateSpec describes the data a pod should have when created from a template", + "com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckSpec": { "type": "object", + "required": [ + "sourcePod", + "targetEndpoint" + ], "properties": { - "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "sourcePod": { + "description": "sourcePod names the pod from which the condition will be checked", + "type": "string", + "default": "" }, - "spec": { - "description": "Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "targetEndpoint": { + "description": "EndpointAddress to check. A TCP address of the form host:port. Note that if host is a DNS name, then the check would fail if the DNS name cannot be resolved. Specify an IP address for host to bypass DNS name lookup.", + "type": "string", + "default": "" + }, + "tlsClientCert": { + "description": "TLSClientCert, if specified, references a kubernetes.io/tls type secret with 'tls.crt' and 'tls.key' entries containing an optional TLS client certificate and key to be used when checking endpoints that require a client certificate in order to gracefully preform the scan without causing excessive logging in the endpoint process. The secret must exist in the same namespace as this resource.", "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PodSpec" + "$ref": "#/definitions/com.github.openshift.api.config.v1.SecretNameReference" } } }, - "io.k8s.api.core.v1.PortStatus": { - "description": "PortStatus represents the error condition of a service port", + "com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckStatus": { "type": "object", - "required": [ - "port", - "protocol" - ], "properties": { - "error": { - "description": "Error is to record the problem with the service port The format of the error shall comply with the following rules: - built-in error values shall be specified in this file and those shall use\n CamelCase names\n- cloud provider specific error values must have names that comply with the\n format foo.example.com/CamelCase.", - "type": "string" + "conditions": { + "description": "conditions summarize the status of the check", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.PodNetworkConnectivityCheckCondition" + }, + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "port": { - "description": "Port is the port number of the service port of which status is recorded here", - "type": "integer", - "format": "int32", - "default": 0 + "failures": { + "description": "failures contains logs of unsuccessful check actions", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.LogEntry" + } }, - "protocol": { - "description": "Protocol is the protocol of the service port of which status is recorded here The supported values are: \"TCP\", \"UDP\", \"SCTP\"\n\nPossible enum values:\n - `\"SCTP\"` is the SCTP protocol.\n - `\"TCP\"` is the TCP protocol.\n - `\"UDP\"` is the UDP protocol.", - "type": "string", - "default": "", - "enum": [ - "SCTP", - "TCP", - "UDP" - ] + "outages": { + "description": "outages contains logs of time periods of outages", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.OutageEntry" + } + }, + "successes": { + "description": "successes contains logs successful check actions", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operatorcontrolplane.v1alpha1.LogEntry" + } } } }, - "io.k8s.api.core.v1.PortworxVolumeSource": { - "description": "PortworxVolumeSource represents a Portworx volume resource.", + "com.github.openshift.api.operatoringress.v1.DNSRecord": { + "description": "DNSRecord is a DNS record managed in the zones defined by dns.config.openshift.io/cluster .spec.publicZone and .spec.privateZone.\n\nCluster admin manipulation of this resource is not supported. This resource is only for internal communication of OpenShift operators.\n\nIf DNSManagementPolicy is \"Unmanaged\", the operator will not be responsible for managing the DNS records on the cloud provider.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "volumeID" + "spec", + "status" ], "properties": { - "fsType": { - "description": "fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "volumeID": { - "description": "volumeID uniquely identifies a Portworx volume", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec is the specification of the desired behavior of the dnsRecord.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operatoringress.v1.DNSRecordSpec" + }, + "status": { + "description": "status is the most recently observed status of the dnsRecord.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operatoringress.v1.DNSRecordStatus" } } }, - "io.k8s.api.core.v1.PreferAvoidPodsEntry": { - "description": "Describes a class of pods that should avoid this node.", + "com.github.openshift.api.operatoringress.v1.DNSRecordList": { + "description": "DNSRecordList contains a list of dnsrecords.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "podSignature" + "items" ], "properties": { - "evictionTime": { - "description": "Time at which this entry was added to the list.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "message": { - "description": "Human readable message indicating why this entry was added to the list.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "podSignature": { - "description": "The class of pods.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PodSignature" + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operatoringress.v1.DNSRecord" + }, + "x-kubernetes-list-type": "atomic" }, - "reason": { - "description": "(brief) reason why this entry was added to the list.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.PreferredSchedulingTerm": { - "description": "An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).", + "com.github.openshift.api.operatoringress.v1.DNSRecordSpec": { + "description": "DNSRecordSpec contains the details of a DNS record.", "type": "object", "required": [ - "weight", - "preference" + "dnsName", + "targets", + "recordType", + "recordTTL", + "dnsManagementPolicy" ], "properties": { - "preference": { - "description": "A node selector term, associated with the corresponding weight.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelectorTerm" - }, - "weight": { - "description": "Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100.", - "type": "integer", - "format": "int32", - "default": 0 - } - } - }, - "io.k8s.api.core.v1.Probe": { - "description": "Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.", - "type": "object", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "$ref": "#/definitions/io.k8s.api.core.v1.ExecAction" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.", - "type": "integer", - "format": "int32" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "$ref": "#/definitions/io.k8s.api.core.v1.GRPCAction" - }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "$ref": "#/definitions/io.k8s.api.core.v1.HTTPGetAction" - }, - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", - "type": "integer", - "format": "int32" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.", - "type": "integer", - "format": "int32" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.", - "type": "integer", - "format": "int32" - }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "$ref": "#/definitions/io.k8s.api.core.v1.TCPSocketAction" + "dnsManagementPolicy": { + "description": "dnsManagementPolicy denotes the current policy applied on the DNS record. Records that have policy set as \"Unmanaged\" are ignored by the ingress operator. This means that the DNS record on the cloud provider is not managed by the operator, and the \"Published\" status condition will be updated to \"Unknown\" status, since it is externally managed. Any existing record on the cloud provider can be deleted at the discretion of the cluster admin.\n\nThis field defaults to Managed. Valid values are \"Managed\" and \"Unmanaged\".", + "type": "string", + "default": "Managed" }, - "terminationGracePeriodSeconds": { - "description": "Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.", - "type": "integer", - "format": "int64" + "dnsName": { + "description": "dnsName is the hostname of the DNS record", + "type": "string", + "default": "" }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", + "recordTTL": { + "description": "recordTTL is the record TTL in seconds. If zero, the default is 30. RecordTTL will not be used in AWS regions Alias targets, but will be used in CNAME targets, per AWS API contract.", "type": "integer", - "format": "int32" - } - } - }, - "io.k8s.api.core.v1.ProbeHandler": { - "description": "ProbeHandler defines a specific action that should be taken in a probe. One and only one of the fields must be specified.", - "type": "object", - "properties": { - "exec": { - "description": "Exec specifies a command to execute in the container.", - "$ref": "#/definitions/io.k8s.api.core.v1.ExecAction" - }, - "grpc": { - "description": "GRPC specifies a GRPC HealthCheckRequest.", - "$ref": "#/definitions/io.k8s.api.core.v1.GRPCAction" + "format": "int64", + "default": 0 }, - "httpGet": { - "description": "HTTPGet specifies an HTTP GET request to perform.", - "$ref": "#/definitions/io.k8s.api.core.v1.HTTPGetAction" + "recordType": { + "description": "recordType is the DNS record type. For example, \"A\", \"AAAA\", or \"CNAME\".", + "type": "string", + "default": "" }, - "tcpSocket": { - "description": "TCPSocket specifies a connection to a TCP port.", - "$ref": "#/definitions/io.k8s.api.core.v1.TCPSocketAction" + "targets": { + "description": "targets are record targets.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "io.k8s.api.core.v1.ProjectedVolumeSource": { - "description": "Represents a projected volume source", + "com.github.openshift.api.operatoringress.v1.DNSRecordStatus": { + "description": "DNSRecordStatus is the most recently observed status of each record.", "type": "object", "properties": { - "defaultMode": { - "description": "defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + "observedGeneration": { + "description": "observedGeneration is the most recently observed generation of the DNSRecord. When the DNSRecord is updated, the controller updates the corresponding record in each managed zone. If an update for a particular zone fails, that failure is recorded in the status condition for the zone so that the controller can determine that it needs to retry the update for that specific zone.", "type": "integer", - "format": "int32" + "format": "int64" }, - "sources": { - "description": "sources is the list of volume projections. Each entry in this list handles one source.", + "zones": { + "description": "zones are the status of the record in each zone.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.VolumeProjection" + "$ref": "#/definitions/com.github.openshift.api.operatoringress.v1.DNSZoneStatus" }, "x-kubernetes-list-type": "atomic" } } }, - "io.k8s.api.core.v1.QuobyteVolumeSource": { - "description": "Represents a Quobyte mount that lasts the lifetime of a pod. Quobyte volumes do not support ownership management or SELinux relabeling.", + "com.github.openshift.api.operatoringress.v1.DNSZoneCondition": { + "description": "DNSZoneCondition is just the standard condition fields.", "type": "object", "required": [ - "registry", - "volume" + "type", + "status" ], "properties": { - "group": { - "description": "group to map volume access to Default is no group", + "lastTransitionTime": { + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "message": { "type": "string" }, - "readOnly": { - "description": "readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false.", - "type": "boolean" + "reason": { + "type": "string" }, - "registry": { - "description": "registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes", + "status": { "type": "string", "default": "" }, - "tenant": { - "description": "tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin", - "type": "string" + "type": { + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.operatoringress.v1.DNSZoneStatus": { + "description": "DNSZoneStatus is the status of a record within a specific zone.", + "type": "object", + "required": [ + "dnsZone" + ], + "properties": { + "conditions": { + "description": "conditions are any conditions associated with the record in the zone.\n\nIf publishing the record succeeds, the \"Published\" condition will be set with status \"True\" and upon failure it will be set to \"False\" along with the reason and message describing the cause of the failure.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operatoringress.v1.DNSZoneCondition" + }, + "x-kubernetes-list-type": "atomic" }, - "user": { - "description": "user to map volume access to Defaults to serivceaccount user", + "dnsZone": { + "description": "dnsZone is the zone where the record is published.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.DNSZone" + } + } + }, + "com.github.openshift.api.osin.v1.AllowAllPasswordIdentityProvider": { + "description": "AllowAllPasswordIdentityProvider provides identities for users authenticating using non-empty passwords\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "volume": { - "description": "volume is a string that references an already created Quobyte volume by name.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" } } }, - "io.k8s.api.core.v1.RBDPersistentVolumeSource": { - "description": "Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.", + "com.github.openshift.api.osin.v1.BasicAuthPasswordIdentityProvider": { + "description": "BasicAuthPasswordIdentityProvider provides identities for users authenticating using HTTP basic auth credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "monitors", - "image" + "url", + "ca", + "certFile", + "keyFile" ], "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "image": { - "description": "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "ca": { + "description": "ca is the CA for verifying TLS connections", "type": "string", "default": "" }, - "keyring": { - "description": "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", "type": "string", - "default": "/etc/ceph/keyring" - }, - "monitors": { - "description": "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "default": "" }, - "pool": { - "description": "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", "type": "string", - "default": "rbd" - }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "boolean" + "default": "" }, - "secretRef": { - "description": "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "user": { - "description": "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "url": { + "description": "url is the remote URL to connect to", "type": "string", - "default": "admin" + "default": "" } } }, - "io.k8s.api.core.v1.RBDVolumeSource": { - "description": "Represents a Rados Block Device mount that lasts the lifetime of a pod. RBD volumes support ownership management and SELinux relabeling.", + "com.github.openshift.api.osin.v1.DenyAllPasswordIdentityProvider": { + "description": "DenyAllPasswordIdentityProvider provides no identities for users\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + } + } + }, + "com.github.openshift.api.osin.v1.GitHubIdentityProvider": { + "description": "GitHubIdentityProvider provides identities for users authenticating using GitHub credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "monitors", - "image" + "clientID", + "clientSecret", + "organizations", + "teams", + "hostname", + "ca" ], "properties": { - "fsType": { - "description": "fsType is the filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "image": { - "description": "image is the rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "ca": { + "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server. If empty, the default system roots are used. This can only be configured when hostname is set to a non-empty value.", "type": "string", "default": "" }, - "keyring": { - "description": "keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "clientID": { + "description": "clientID is the oauth client ID", "type": "string", - "default": "/etc/ceph/keyring" + "default": "" }, - "monitors": { - "description": "monitors is a collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "clientSecret": { + "description": "clientSecret is the oauth client secret", + "$ref": "#/definitions/com.github.openshift.api.config.v1.StringSource" }, - "pool": { - "description": "pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", + "hostname": { + "description": "hostname is the optional domain (e.g. \"mycompany.com\") for use with a hosted instance of GitHub Enterprise. It must match the GitHub Enterprise settings value that is configured at /setup/settings#hostname.", "type": "string", - "default": "rbd" + "default": "" }, - "readOnly": { - "description": "readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "boolean" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "secretRef": { - "description": "secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + "organizations": { + "description": "organizations optionally restricts which organizations are allowed to log in", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "user": { - "description": "user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it", - "type": "string", - "default": "admin" + "teams": { + "description": "teams optionally restricts which teams are allowed to log in. Format is /.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "io.k8s.api.core.v1.RangeAllocation": { - "description": "RangeAllocation is not a public type.", + "com.github.openshift.api.osin.v1.GitLabIdentityProvider": { + "description": "GitLabIdentityProvider provides identities for users authenticating using GitLab credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "range", - "data" + "ca", + "url", + "clientID", + "clientSecret" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "data": { - "description": "Data is a bit array containing all allocated addresses in the previous segment.", + "ca": { + "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", "type": "string", - "format": "byte" + "default": "" + }, + "clientID": { + "description": "clientID is the oauth client ID", + "type": "string", + "default": "" + }, + "clientSecret": { + "description": "clientSecret is the oauth client secret", + "$ref": "#/definitions/com.github.openshift.api.config.v1.StringSource" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "legacy": { + "description": "legacy determines if OAuth2 or OIDC should be used If true, OAuth2 is used If false, OIDC is used If nil and the URL's host is gitlab.com, OIDC is used Otherwise, OAuth2 is used In a future release, nil will default to using OIDC Eventually this flag will be removed and only OIDC will be used", + "type": "boolean" }, - "range": { - "description": "Range is string that identifies the range represented by 'data'.", + "url": { + "description": "url is the oauth server base URL", "type": "string", "default": "" } } }, - "io.k8s.api.core.v1.ReplicationController": { - "description": "ReplicationController represents the configuration of a replication controller.", + "com.github.openshift.api.osin.v1.GoogleIdentityProvider": { + "description": "GoogleIdentityProvider provides identities for users authenticating using Google credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "clientID", + "clientSecret", + "hostedDomain" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "clientID": { + "description": "clientID is the oauth client ID", + "type": "string", + "default": "" }, - "metadata": { - "description": "If the Labels of a ReplicationController are empty, they are defaulted to be the same as the Pod(s) that the replication controller manages. Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "clientSecret": { + "description": "clientSecret is the oauth client secret", + "$ref": "#/definitions/com.github.openshift.api.config.v1.StringSource" }, - "spec": { - "description": "Spec defines the specification of the desired behavior of the replication controller. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ReplicationControllerSpec" + "hostedDomain": { + "description": "hostedDomain is the optional Google App domain (e.g. \"mycompany.com\") to restrict logins to", + "type": "string", + "default": "" }, - "status": { - "description": "Status is the most recently observed status of the replication controller. This data may be out of date by some window of time. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ReplicationControllerStatus" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" } } }, - "io.k8s.api.core.v1.ReplicationControllerCondition": { - "description": "ReplicationControllerCondition describes the state of a replication controller at a certain point.", + "com.github.openshift.api.osin.v1.GrantConfig": { + "description": "GrantConfig holds the necessary configuration options for grant handlers", "type": "object", "required": [ - "type", - "status" + "method", + "serviceAccountMethod" ], "properties": { - "lastTransitionTime": { - "description": "The last time the condition transitioned from one status to another.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "message": { - "description": "A human readable message indicating details about the transition.", - "type": "string" - }, - "reason": { - "description": "The reason for the condition's last transition.", - "type": "string" - }, - "status": { - "description": "Status of the condition, one of True, False, Unknown.", + "method": { + "description": "method determines the default strategy to use when an OAuth client requests a grant. This method will be used only if the specific OAuth client doesn't provide a strategy of their own. Valid grant handling methods are:\n - auto: always approves grant requests, useful for trusted clients\n - prompt: prompts the end user for approval of grant requests, useful for third-party clients\n - deny: always denies grant requests, useful for black-listed clients", "type": "string", "default": "" }, - "type": { - "description": "Type of replication controller condition.", + "serviceAccountMethod": { + "description": "serviceAccountMethod is used for determining client authorization for service account oauth client. It must be either: deny, prompt", "type": "string", "default": "" } } }, - "io.k8s.api.core.v1.ReplicationControllerList": { - "description": "ReplicationControllerList is a collection of replication controllers.", + "com.github.openshift.api.osin.v1.HTPasswdPasswordIdentityProvider": { + "description": "HTPasswdPasswordIdentityProvider provides identities for users authenticating using htpasswd credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "items" + "file" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "List of replication controllers. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ReplicationController" - } + "file": { + "description": "file is a reference to your htpasswd file", + "type": "string", + "default": "" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" } } }, - "io.k8s.api.core.v1.ReplicationControllerSpec": { - "description": "ReplicationControllerSpec is the specification of a replication controller.", + "com.github.openshift.api.osin.v1.IdentityProvider": { + "description": "IdentityProvider provides identities for users authenticating using credentials", "type": "object", + "required": [ + "name", + "challenge", + "login", + "mappingMethod", + "provider" + ], "properties": { - "minReadySeconds": { - "description": "Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready)", - "type": "integer", - "format": "int32", - "default": 0 + "challenge": { + "description": "challenge indicates whether to issue WWW-Authenticate challenges for this provider", + "type": "boolean", + "default": false }, - "replicas": { - "description": "Replicas is the number of desired replicas. This is a pointer to distinguish between explicit zero and unspecified. Defaults to 1. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller", - "type": "integer", - "format": "int32", - "default": 1 + "login": { + "description": "login indicates whether to use this identity provider for unauthenticated browsers to login against", + "type": "boolean", + "default": false }, - "selector": { - "description": "Selector is a label query over pods that should match the Replicas count. If Selector is empty, it is defaulted to the labels present on the Pod template. Label keys and values that must match in order to be controlled by this replication controller, if empty defaulted to labels on Pod template. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - }, - "x-kubernetes-map-type": "atomic" + "mappingMethod": { + "description": "mappingMethod determines how identities from this provider are mapped to users", + "type": "string", + "default": "" }, - "template": { - "description": "Template is the object that describes the pod that will be created if insufficient replicas are detected. This takes precedence over a TemplateRef. The only allowed template.spec.restartPolicy value is \"Always\". More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template", - "$ref": "#/definitions/io.k8s.api.core.v1.PodTemplateSpec" + "name": { + "description": "name is used to qualify the identities returned by this provider", + "type": "string", + "default": "" + }, + "provider": { + "description": "provider contains the information about how to set up a specific identity provider", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.ReplicationControllerStatus": { - "description": "ReplicationControllerStatus represents the current status of a replication controller.", + "com.github.openshift.api.osin.v1.KeystonePasswordIdentityProvider": { + "description": "KeystonePasswordIdentityProvider provides identities for users authenticating using keystone password credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "replicas" + "url", + "ca", + "certFile", + "keyFile", + "domainName", + "useKeystoneIdentity" ], "properties": { - "availableReplicas": { - "description": "The number of available replicas (ready for at least minReadySeconds) for this replication controller.", - "type": "integer", - "format": "int32" - }, - "conditions": { - "description": "Represents the latest available observations of a replication controller's current state.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ReplicationControllerCondition" - }, - "x-kubernetes-list-map-keys": [ - "type" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "fullyLabeledReplicas": { - "description": "The number of pods that have labels matching the labels of the pod template of the replication controller.", - "type": "integer", - "format": "int32" + "ca": { + "description": "ca is the CA for verifying TLS connections", + "type": "string", + "default": "" }, - "observedGeneration": { - "description": "ObservedGeneration reflects the generation of the most recently observed replication controller.", - "type": "integer", - "format": "int64" + "certFile": { + "description": "certFile is a file containing a PEM-encoded certificate", + "type": "string", + "default": "" }, - "readyReplicas": { - "description": "The number of ready replicas for this replication controller.", - "type": "integer", - "format": "int32" + "domainName": { + "description": "domainName is required for keystone v3", + "type": "string", + "default": "" }, - "replicas": { - "description": "Replicas is the most recently observed number of replicas. More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#what-is-a-replicationcontroller", - "type": "integer", - "format": "int32", - "default": 0 - } - } - }, - "io.k8s.api.core.v1.ResourceClaim": { - "description": "ResourceClaim references one entry in PodSpec.ResourceClaims.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "description": "Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.", + "keyFile": { + "description": "keyFile is a file containing a PEM-encoded private key for the certificate specified by CertFile", "type": "string", "default": "" }, - "request": { - "description": "Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "url": { + "description": "url is the remote URL to connect to", + "type": "string", + "default": "" + }, + "useKeystoneIdentity": { + "description": "useKeystoneIdentity flag indicates that user should be authenticated by keystone ID, not by username", + "type": "boolean", + "default": false } } }, - "io.k8s.api.core.v1.ResourceFieldSelector": { - "description": "ResourceFieldSelector represents container resources (cpu, memory) and their output format", + "com.github.openshift.api.osin.v1.LDAPAttributeMapping": { + "description": "LDAPAttributeMapping maps LDAP attributes to OpenShift identity fields", "type": "object", "required": [ - "resource" + "id", + "preferredUsername", + "name", + "email" ], "properties": { - "containerName": { - "description": "Container name: required for volumes, optional for env vars", - "type": "string" + "email": { + "description": "email is the list of attributes whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "divisor": { - "description": "Specifies the output format of the exposed resources, defaults to \"1\"", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + "id": { + "description": "id is the list of attributes whose values should be used as the user ID. Required. LDAP standard identity attribute is \"dn\"", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "resource": { - "description": "Required: resource to select", - "type": "string", - "default": "" + "name": { + "description": "name is the list of attributes whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity LDAP standard display name attribute is \"cn\"", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "preferredUsername": { + "description": "preferredUsername is the list of attributes whose values should be used as the preferred username. LDAP standard login attribute is \"uid\"", + "type": "array", + "items": { + "type": "string", + "default": "" + } } - }, - "x-kubernetes-map-type": "atomic" + } }, - "io.k8s.api.core.v1.ResourceHealth": { - "description": "ResourceHealth represents the health of a resource. It has the latest device health information. This is a part of KEP https://kep.k8s.io/4680.", + "com.github.openshift.api.osin.v1.LDAPPasswordIdentityProvider": { + "description": "LDAPPasswordIdentityProvider provides identities for users authenticating using LDAP credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "resourceID" + "url", + "bindDN", + "bindPassword", + "insecure", + "ca", + "attributes" ], "properties": { - "health": { - "description": "Health of the resource. can be one of:\n - Healthy: operates as normal\n - Unhealthy: reported unhealthy. We consider this a temporary health issue\n since we do not have a mechanism today to distinguish\n temporary and permanent issues.\n - Unknown: The status cannot be determined.\n For example, Device Plugin got unregistered and hasn't been re-registered since.\n\nIn future we may want to introduce the PermanentlyUnhealthy Status.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "resourceID": { - "description": "ResourceID is the unique identifier of the resource. See the ResourceID type for more information.", + "attributes": { + "description": "attributes maps LDAP attributes to identities", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.osin.v1.LDAPAttributeMapping" + }, + "bindDN": { + "description": "bindDN is an optional DN to bind with during the search phase.", "type": "string", "default": "" - } - } - }, - "io.k8s.api.core.v1.ResourceQuota": { - "description": "ResourceQuota sets aggregate quota restrictions enforced per namespace", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + }, + "bindPassword": { + "description": "bindPassword is an optional password to bind with during the search phase.", + "$ref": "#/definitions/com.github.openshift.api.config.v1.StringSource" + }, + "ca": { + "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", + "type": "string", + "default": "" + }, + "insecure": { + "description": "insecure, if true, indicates the connection should not use TLS. Cannot be set to true with a URL scheme of \"ldaps://\" If false, \"ldaps://\" URLs connect using TLS, and \"ldap://\" URLs are upgraded to a TLS connection using StartTLS as specified in https://tools.ietf.org/html/rfc2830", + "type": "boolean", + "default": false }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - }, - "spec": { - "description": "Spec defines the desired quota. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ResourceQuotaSpec" - }, - "status": { - "description": "Status defines the actual enforced quota and its current usage. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ResourceQuotaStatus" + "url": { + "description": "url is an RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is\n ldap://host:port/basedn?attribute?scope?filter", + "type": "string", + "default": "" } } }, - "io.k8s.api.core.v1.ResourceQuotaList": { - "description": "ResourceQuotaList is a list of ResourceQuota items.", + "com.github.openshift.api.osin.v1.OAuthConfig": { + "description": "OAuthConfig holds the necessary configuration options for OAuth authentication", "type": "object", "required": [ - "items" + "masterCA", + "masterURL", + "masterPublicURL", + "loginURL", + "assetPublicURL", + "alwaysShowProviderSelection", + "identityProviders", + "grantConfig", + "sessionConfig", + "tokenConfig", + "templates" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "alwaysShowProviderSelection": { + "description": "alwaysShowProviderSelection will force the provider selection page to render even when there is only a single provider.", + "type": "boolean", + "default": false }, - "items": { - "description": "Items is a list of ResourceQuota objects. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", + "assetPublicURL": { + "description": "assetPublicURL is used for building valid client redirect URLs for external access", + "type": "string", + "default": "" + }, + "grantConfig": { + "description": "grantConfig describes how to handle grants", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.osin.v1.GrantConfig" + }, + "identityProviders": { + "description": "identityProviders is an ordered list of ways for a user to identify themselves", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ResourceQuota" + "$ref": "#/definitions/com.github.openshift.api.osin.v1.IdentityProvider" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "loginURL": { + "description": "loginURL, along with masterCA, masterURL and masterPublicURL have distinct meanings depending on how the OAuth server is run. The two states are: 1. embedded in the kube api server (all 3.x releases) 2. as a standalone external process (all 4.x releases) in the embedded configuration, loginURL is equivalent to masterPublicURL and the other fields have functionality that matches their docs. in the standalone configuration, the fields are used as: loginURL is the URL required to login to the cluster: oc login --server= masterPublicURL is the issuer URL it is accessible from inside (service network) and outside (ingress) of the cluster masterURL is the loopback variation of the token_endpoint URL with no path component it is only accessible from inside (service network) of the cluster masterCA is used to perform TLS verification for connections made to masterURL For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2", + "type": "string", + "default": "" + }, + "masterCA": { + "description": "masterCA is the CA for verifying the TLS connection back to the MasterURL. This field is deprecated and will be removed in a future release. See loginURL for details. Deprecated", "type": "string" }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "masterPublicURL": { + "description": "masterPublicURL is used for building valid client redirect URLs for internal and external access This field is deprecated and will be removed in a future release. See loginURL for details. Deprecated", + "type": "string", + "default": "" + }, + "masterURL": { + "description": "masterURL is used for making server-to-server calls to exchange authorization codes for access tokens This field is deprecated and will be removed in a future release. See loginURL for details. Deprecated", + "type": "string", + "default": "" + }, + "sessionConfig": { + "description": "sessionConfig hold information about configuring sessions.", + "$ref": "#/definitions/com.github.openshift.api.osin.v1.SessionConfig" + }, + "templates": { + "description": "templates allow you to customize pages like the login page.", + "$ref": "#/definitions/com.github.openshift.api.osin.v1.OAuthTemplates" + }, + "tokenConfig": { + "description": "tokenConfig contains options for authorization and access tokens", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/com.github.openshift.api.osin.v1.TokenConfig" } } }, - "io.k8s.api.core.v1.ResourceQuotaSpec": { - "description": "ResourceQuotaSpec defines the desired hard limits to enforce for Quota.", + "com.github.openshift.api.osin.v1.OAuthTemplates": { + "description": "OAuthTemplates allow for customization of pages like the login page", "type": "object", + "required": [ + "login", + "providerSelection", + "error" + ], "properties": { - "hard": { - "description": "hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" - } + "error": { + "description": "error is a path to a file containing a go template used to render error pages during the authentication or grant flow If unspecified, the default error page is used.", + "type": "string", + "default": "" }, - "scopeSelector": { - "description": "scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.", - "$ref": "#/definitions/io.k8s.api.core.v1.ScopeSelector" + "login": { + "description": "login is a path to a file containing a go template used to render the login page. If unspecified, the default login page is used.", + "type": "string", + "default": "" }, - "scopes": { - "description": "A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects.", - "type": "array", - "items": { - "type": "string", - "default": "", - "enum": [ - "BestEffort", - "CrossNamespacePodAffinity", - "NotBestEffort", - "NotTerminating", - "PriorityClass", - "Terminating", - "VolumeAttributesClass" - ] - }, - "x-kubernetes-list-type": "atomic" + "providerSelection": { + "description": "providerSelection is a path to a file containing a go template used to render the provider selection page. If unspecified, the default provider selection page is used.", + "type": "string", + "default": "" } } }, - "io.k8s.api.core.v1.ResourceQuotaStatus": { - "description": "ResourceQuotaStatus defines the enforced hard limits and observed use.", + "com.github.openshift.api.osin.v1.OpenIDClaims": { + "description": "OpenIDClaims contains a list of OpenID claims to use when authenticating with an OpenID identity provider", "type": "object", + "required": [ + "id", + "preferredUsername", + "name", + "email", + "groups" + ], "properties": { - "hard": { - "description": "Hard is the set of enforced hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + "email": { + "description": "email is the list of claims whose values should be used as the email address. Optional. If unspecified, no email is set for the identity", + "type": "array", + "items": { + "type": "string", + "default": "" } }, - "used": { - "description": "Used is the current observed total usage of the resource in the namespace.", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" - } - } - } - }, - "io.k8s.api.core.v1.ResourceRequirements": { - "description": "ResourceRequirements describes the compute resource requirements.", - "type": "object", - "properties": { - "claims": { - "description": "Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container.\n\nThis field depends on the DynamicResourceAllocation feature gate.\n\nThis field is immutable. It can only be set for containers.", + "groups": { + "description": "groups is the list of claims value of which should be used to synchronize groups from the OIDC provider to OpenShift for the user", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ResourceClaim" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map" - }, - "limits": { - "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + "type": "string", + "default": "" } }, - "requests": { - "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + "id": { + "description": "id is the list of claims whose values should be used as the user ID. Required. OpenID standard identity claim is \"sub\"", + "type": "array", + "items": { + "type": "string", + "default": "" } - } - } - }, - "io.k8s.api.core.v1.ResourceStatus": { - "description": "ResourceStatus represents the status of a single resource allocated to a Pod.", - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "description": "Name of the resource. Must be unique within the pod and in case of non-DRA resource, match one of the resources from the pod spec. For DRA resources, the value must be \"claim:/\". When this status is reported about a container, the \"claim_name\" and \"request\" must match one of the claims of this container.", - "type": "string", - "default": "" }, - "resources": { - "description": "List of unique resources health. Each element in the list contains an unique resource ID and its health. At a minimum, for the lifetime of a Pod, resource ID must uniquely identify the resource allocated to the Pod on the Node. If other Pod on the same Node reports the status with the same resource ID, it must be the same resource they share. See ResourceID type definition for a specific format it has in various use cases.", + "name": { + "description": "name is the list of claims whose values should be used as the display name. Optional. If unspecified, no display name is set for the identity", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ResourceHealth" - }, - "x-kubernetes-list-map-keys": [ - "resourceID" - ], - "x-kubernetes-list-type": "map" - } - } - }, - "io.k8s.api.core.v1.SELinuxOptions": { - "description": "SELinuxOptions are the labels to be applied to the container", - "type": "object", - "properties": { - "level": { - "description": "Level is SELinux level label that applies to the container.", - "type": "string" - }, - "role": { - "description": "Role is a SELinux role label that applies to the container.", - "type": "string" - }, - "type": { - "description": "Type is a SELinux type label that applies to the container.", - "type": "string" + "type": "string", + "default": "" + } }, - "user": { - "description": "User is a SELinux user label that applies to the container.", - "type": "string" + "preferredUsername": { + "description": "preferredUsername is the list of claims whose values should be used as the preferred username. If unspecified, the preferred username is determined from the value of the id claim", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "io.k8s.api.core.v1.ScaleIOPersistentVolumeSource": { - "description": "ScaleIOPersistentVolumeSource represents a persistent ScaleIO volume", + "com.github.openshift.api.osin.v1.OpenIDIdentityProvider": { + "description": "OpenIDIdentityProvider provides identities for users authenticating using OpenID credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "gateway", - "system", - "secretRef" + "ca", + "clientID", + "clientSecret", + "extraScopes", + "extraAuthorizeParameters", + "urls", + "claims" ], "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\"", - "type": "string", - "default": "xfs" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "gateway": { - "description": "gateway is the host address of the ScaleIO API Gateway.", + "ca": { + "description": "ca is the optional trusted certificate authority bundle to use when making requests to the server If empty, the default system roots are used", "type": "string", "default": "" }, - "protectionDomain": { - "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", - "type": "string" + "claims": { + "description": "claims mappings", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.osin.v1.OpenIDClaims" }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" + "clientID": { + "description": "clientID is the oauth client ID", + "type": "string", + "default": "" }, - "secretRef": { - "description": "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.", - "$ref": "#/definitions/io.k8s.api.core.v1.SecretReference" + "clientSecret": { + "description": "clientSecret is the oauth client secret", + "$ref": "#/definitions/com.github.openshift.api.config.v1.StringSource" }, - "sslEnabled": { - "description": "sslEnabled is the flag to enable/disable SSL communication with Gateway, default false", - "type": "boolean" + "extraAuthorizeParameters": { + "description": "extraAuthorizeParameters are any custom parameters to add to the authorize request.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } }, - "storageMode": { - "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.", - "type": "string", - "default": "ThinProvisioned" + "extraScopes": { + "description": "extraScopes are any scopes to request in addition to the standard \"openid\" scope.", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "storagePool": { - "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "system": { - "description": "system is the name of the storage system as configured in ScaleIO.", - "type": "string", - "default": "" - }, - "volumeName": { - "description": "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.", - "type": "string" + "urls": { + "description": "urls to use to authenticate", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.osin.v1.OpenIDURLs" } } }, - "io.k8s.api.core.v1.ScaleIOVolumeSource": { - "description": "ScaleIOVolumeSource represents a persistent ScaleIO volume", + "com.github.openshift.api.osin.v1.OpenIDURLs": { + "description": "OpenIDURLs are URLs to use when authenticating with an OpenID identity provider", "type": "object", "required": [ - "gateway", - "system", - "secretRef" + "authorize", + "token", + "userInfo" ], "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Default is \"xfs\".", - "type": "string", - "default": "xfs" - }, - "gateway": { - "description": "gateway is the host address of the ScaleIO API Gateway.", + "authorize": { + "description": "authorize is the oauth authorization URL", "type": "string", "default": "" }, - "protectionDomain": { - "description": "protectionDomain is the name of the ScaleIO Protection Domain for the configured storage.", - "type": "string" - }, - "readOnly": { - "description": "readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail.", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" - }, - "sslEnabled": { - "description": "sslEnabled Flag enable/disable SSL communication with Gateway, default false", - "type": "boolean" - }, - "storageMode": { - "description": "storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned.", + "token": { + "description": "token is the oauth token granting URL", "type": "string", - "default": "ThinProvisioned" - }, - "storagePool": { - "description": "storagePool is the ScaleIO Storage Pool associated with the protection domain.", - "type": "string" + "default": "" }, - "system": { - "description": "system is the name of the storage system as configured in ScaleIO.", + "userInfo": { + "description": "userInfo is the optional userinfo URL. If present, a granted access_token is used to request claims If empty, a granted id_token is parsed for claims", "type": "string", "default": "" - }, - "volumeName": { - "description": "volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source.", - "type": "string" } } }, - "io.k8s.api.core.v1.ScopeSelector": { - "description": "A scope selector represents the AND of the selectors represented by the scoped-resource selector requirements.", - "type": "object", - "properties": { - "matchExpressions": { - "description": "A list of scope selector requirements by scope of the resources.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ScopedResourceSelectorRequirement" - }, - "x-kubernetes-list-type": "atomic" - } - }, - "x-kubernetes-map-type": "atomic" - }, - "io.k8s.api.core.v1.ScopedResourceSelectorRequirement": { - "description": "A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator that relates the scope name and values.", + "com.github.openshift.api.osin.v1.OsinServerConfig": { + "description": "Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "scopeName", - "operator" + "servingInfo", + "corsAllowedOrigins", + "auditConfig", + "storageConfig", + "admission", + "kubeClientConfig", + "oauthConfig" ], "properties": { - "operator": { - "description": "Represents a scope's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist.\n\nPossible enum values:\n - `\"DoesNotExist\"`\n - `\"Exists\"`\n - `\"In\"`\n - `\"NotIn\"`", - "type": "string", - "default": "", - "enum": [ - "DoesNotExist", - "Exists", - "In", - "NotIn" - ] + "admission": { + "description": "admissionConfig holds information about how to configure admission.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.AdmissionConfig" }, - "scopeName": { - "description": "The name of the scope that the selector applies to.\n\nPossible enum values:\n - `\"BestEffort\"` Match all pod objects that have best effort quality of service\n - `\"CrossNamespacePodAffinity\"` Match all pod objects that have cross-namespace pod (anti)affinity mentioned.\n - `\"NotBestEffort\"` Match all pod objects that do not have best effort quality of service\n - `\"NotTerminating\"` Match all pod objects where spec.activeDeadlineSeconds is nil\n - `\"PriorityClass\"` Match all pod objects that have priority class mentioned\n - `\"Terminating\"` Match all pod objects where spec.activeDeadlineSeconds >=0\n - `\"VolumeAttributesClass\"` Match all pvc objects that have volume attributes class mentioned.", - "type": "string", - "default": "", - "enum": [ - "BestEffort", - "CrossNamespacePodAffinity", - "NotBestEffort", - "NotTerminating", - "PriorityClass", - "Terminating", - "VolumeAttributesClass" - ] + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "values": { - "description": "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + "auditConfig": { + "description": "auditConfig describes how to configure audit information", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.AuditConfig" + }, + "corsAllowedOrigins": { + "description": "corsAllowedOrigins", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "kubeClientConfig": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.KubeClientConfig" + }, + "oauthConfig": { + "description": "oauthConfig holds the necessary configuration options for OAuth authentication", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.osin.v1.OAuthConfig" + }, + "servingInfo": { + "description": "servingInfo describes how to start serving", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.HTTPServingInfo" + }, + "storageConfig": { + "description": "storageConfig contains information about how to use", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.config.v1.EtcdStorageConfig" } } }, - "io.k8s.api.core.v1.SeccompProfile": { - "description": "SeccompProfile defines a pod/container's seccomp profile settings. Only one profile source may be set.", + "com.github.openshift.api.osin.v1.RequestHeaderIdentityProvider": { + "description": "RequestHeaderIdentityProvider provides identities for users authenticating using request header credentials\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "type" + "loginURL", + "challengeURL", + "clientCA", + "clientCommonNames", + "headers", + "preferredUsernameHeaders", + "nameHeaders", + "emailHeaders" ], "properties": { - "localhostProfile": { - "description": "localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is \"Localhost\". Must NOT be set for any other type.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "type": { - "description": "type indicates which kind of seccomp profile will be applied. Valid options are:\n\nLocalhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.\n\nPossible enum values:\n - `\"Localhost\"` indicates a profile defined in a file on the node should be used. The file's location relative to /seccomp.\n - `\"RuntimeDefault\"` represents the default container runtime seccomp profile.\n - `\"Unconfined\"` indicates no seccomp profile is applied (A.K.A. unconfined).", + "challengeURL": { + "description": "challengeURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect WWW-Authenticate challenges will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}", "type": "string", - "default": "", - "enum": [ - "Localhost", - "RuntimeDefault", - "Unconfined" - ] - } - }, - "x-kubernetes-unions": [ - { - "discriminator": "type", - "fields-to-discriminateBy": { - "localhostProfile": "LocalhostProfile" + "default": "" + }, + "clientCA": { + "description": "clientCA is a file with the trusted signer certs. If empty, no request verification is done, and any direct request to the OAuth server can impersonate any identity from this provider, merely by setting a request header.", + "type": "string", + "default": "" + }, + "clientCommonNames": { + "description": "clientCommonNames is an optional list of common names to require a match from. If empty, any client certificate validated against the clientCA bundle is considered authoritative.", + "type": "array", + "items": { + "type": "string", + "default": "" } - } - ] - }, - "io.k8s.api.core.v1.Secret": { - "description": "Secret holds secret data of a certain type. The total bytes of the values in the Data field must be less than MaxSecretSize bytes.", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" }, - "data": { - "description": "Data contains the secret data. Each key must consist of alphanumeric characters, '-', '_' or '.'. The serialized form of the secret data is a base64 encoded string, representing the arbitrary (possibly non-string) data value here. Described in https://tools.ietf.org/html/rfc4648#section-4", - "type": "object", - "additionalProperties": { + "emailHeaders": { + "description": "emailHeaders is the set of headers to check for the email address", + "type": "array", + "items": { "type": "string", - "format": "byte" + "default": "" } }, - "immutable": { - "description": "Immutable, if set to true, ensures that data stored in the Secret cannot be updated (only object metadata can be modified). If not set to true, the field can be modified at any time. Defaulted to nil.", - "type": "boolean" + "headers": { + "description": "headers is the set of headers to check for identity information", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "loginURL": { + "description": "loginURL is a URL to redirect unauthenticated /authorize requests to Unauthenticated requests from OAuth clients which expect interactive logins will be redirected here ${url} is replaced with the current URL, escaped to be safe in a query parameter\n https://www.example.com/sso-login?then=${url}\n${query} is replaced with the current query string\n https://www.example.com/auth-proxy/oauth/authorize?${query}", + "type": "string", + "default": "" }, - "stringData": { - "description": "stringData allows specifying non-binary secret data in string form. It is provided as a write-only input field for convenience. All keys and values are merged into the data field on write, overwriting any existing values. The stringData field is never output when reading from the API.", - "type": "object", - "additionalProperties": { + "nameHeaders": { + "description": "nameHeaders is the set of headers to check for the display name", + "type": "array", + "items": { "type": "string", "default": "" } }, - "type": { - "description": "Used to facilitate programmatic handling of secret data. More info: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types", - "type": "string" + "preferredUsernameHeaders": { + "description": "preferredUsernameHeaders is the set of headers to check for the preferred username", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "io.k8s.api.core.v1.SecretEnvSource": { - "description": "SecretEnvSource selects a Secret to populate the environment variables with.\n\nThe contents of the target Secret's Data field will represent the key-value pairs as environment variables.", + "com.github.openshift.api.osin.v1.SessionConfig": { + "description": "SessionConfig specifies options for cookie-based sessions. Used by AuthRequestHandlerSession", "type": "object", + "required": [ + "sessionSecretsFile", + "sessionMaxAgeSeconds", + "sessionName" + ], "properties": { - "name": { - "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "sessionMaxAgeSeconds": { + "description": "sessionMaxAgeSeconds specifies how long created sessions last. Used by AuthRequestHandlerSession", + "type": "integer", + "format": "int32", + "default": 0 + }, + "sessionName": { + "description": "sessionName is the cookie name used to store the session", "type": "string", "default": "" }, - "optional": { - "description": "Specify whether the Secret must be defined", - "type": "boolean" + "sessionSecretsFile": { + "description": "sessionSecretsFile is a reference to a file containing a serialized SessionSecrets object If no file is specified, a random signing and encryption key are generated at each server start", + "type": "string", + "default": "" } } }, - "io.k8s.api.core.v1.SecretKeySelector": { - "description": "SecretKeySelector selects a key of a Secret.", + "com.github.openshift.api.osin.v1.SessionSecret": { + "description": "SessionSecret is a secret used to authenticate/decrypt cookie-based sessions", "type": "object", "required": [ - "key" + "authentication", + "encryption" ], "properties": { - "key": { - "description": "The key of the secret to select from. Must be a valid secret key.", + "authentication": { + "description": "authentication is used to authenticate sessions using HMAC. Recommended to use a secret with 32 or 64 bytes.", "type": "string", "default": "" }, - "name": { - "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "encryption": { + "description": "encryption is used to encrypt sessions. Must be 16, 24, or 32 characters long, to select AES-128, AES-", "type": "string", "default": "" - }, - "optional": { - "description": "Specify whether the Secret or its key must be defined", - "type": "boolean" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "io.k8s.api.core.v1.SecretList": { - "description": "SecretList is a list of Secret.", + "com.github.openshift.api.osin.v1.SessionSecrets": { + "description": "SessionSecrets list the secrets to use to sign/encrypt and authenticate/decrypt created sessions.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "items" + "secrets" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "Items is a list of secret objects. More info: https://kubernetes.io/docs/concepts/configuration/secret", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "secrets": { + "description": "secrets is a list of secrets New sessions are signed and encrypted using the first secret. Existing sessions are decrypted/authenticated by each secret until one succeeds. This allows rotating secrets.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.Secret" + "$ref": "#/definitions/com.github.openshift.api.osin.v1.SessionSecret" } + } + } + }, + "com.github.openshift.api.osin.v1.TokenConfig": { + "description": "TokenConfig holds the necessary configuration options for authorization and access tokens", + "type": "object", + "properties": { + "accessTokenInactivityTimeout": { + "description": "accessTokenInactivityTimeout defines the token inactivity timeout for tokens granted by any client. The value represents the maximum amount of time that can occur between consecutive uses of the token. Tokens become invalid if they are not used within this temporal window. The user will need to acquire a new token to regain access once a token times out. Takes valid time duration string such as \"5m\", \"1.5h\" or \"2h45m\". The minimum allowed value for duration is 300s (5 minutes). If the timeout is configured per client, then that value takes precedence. If the timeout value is not specified and the client does not override the value, then tokens are valid until their lifetime.", + "$ref": "#/definitions/Duration.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "accessTokenInactivityTimeoutSeconds": { + "description": "accessTokenInactivityTimeoutSeconds - DEPRECATED: setting this field has no effect.", + "type": "integer", + "format": "int32" + }, + "accessTokenMaxAgeSeconds": { + "description": "accessTokenMaxAgeSeconds defines the maximum age of access tokens", + "type": "integer", + "format": "int32" + }, + "authorizeTokenMaxAgeSeconds": { + "description": "authorizeTokenMaxAgeSeconds defines the maximum age of authorize tokens", + "type": "integer", + "format": "int32" + } + } + }, + "com.github.openshift.api.project.v1.Project": { + "description": "Projects are the unit of isolation and collaboration in OpenShift. A project has one or more members, a quota on the resources that the project may consume, and the security controls on the resources in the project. Within a project, members may have different roles - project administrators can set membership, editors can create and manage the resources, and viewers can see but not access running containers. In a normal cluster project administrators are not able to alter their quotas - that is restricted to cluster administrators.\n\nListing or watching projects will return only projects the user has the reader role on.\n\nAn OpenShift project is an alternative representation of a Kubernetes namespace. Projects are exposed as editable to end users while namespaces are not. Direct creation of a project is typically restricted to administrators, while end users should use the requestproject resource.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec defines the behavior of the Namespace.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.project.v1.ProjectSpec" + }, + "status": { + "description": "status describes the current status of a Namespace", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/com.github.openshift.api.project.v1.ProjectStatus" } } }, - "io.k8s.api.core.v1.SecretProjection": { - "description": "Adapts a secret into a projected volume.\n\nThe contents of the target Secret's Data field will be presented in a projected volume as files using the keys in the Data field as the file names. Note that this is identical to a secret volume source without the default mode.", + "com.github.openshift.api.project.v1.ProjectList": { + "description": "ProjectList is a list of Project objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "items" + ], "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, "items": { - "description": "items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "description": "items is the list of projects", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.KeyToPath" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.project.v1.Project" + } }, - "name": { - "description": "Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "optional": { - "description": "optional field specify whether the Secret or its key must be defined", - "type": "boolean" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.SecretReference": { - "description": "SecretReference represents a Secret Reference. It has enough information to retrieve secret in any namespace", + "com.github.openshift.api.project.v1.ProjectRequest": { + "description": "ProjectRequest is the set of options necessary to fully qualify a project request\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "properties": { - "name": { - "description": "name is unique within a namespace to reference a secret resource.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "namespace": { - "description": "namespace defines the space within which the secret name must be unique.", + "description": { + "description": "description is the description to apply to a project", + "type": "string" + }, + "displayName": { + "description": "displayName is the display name to apply to a project", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "io.k8s.api.core.v1.SecretVolumeSource": { - "description": "Adapts a Secret into a volume.\n\nThe contents of the target Secret's Data field will be presented in a volume as files using the keys in the Data field as the file names. Secret volumes support ownership management and SELinux relabeling.", + "com.github.openshift.api.project.v1.ProjectSpec": { + "description": "ProjectSpec describes the attributes on a Project", "type": "object", "properties": { - "defaultMode": { - "description": "defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - "type": "integer", - "format": "int32" - }, - "items": { - "description": "items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + "finalizers": { + "description": "finalizers is an opaque list of values that must be empty to permanently remove object from storage", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.KeyToPath" - }, - "x-kubernetes-list-type": "atomic" - }, - "optional": { - "description": "optional field specify whether the Secret or its keys must be defined", - "type": "boolean" - }, - "secretName": { - "description": "secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "type": "string" + "type": "string", + "default": "" + } } } }, - "io.k8s.api.core.v1.SecurityContext": { - "description": "SecurityContext holds security configuration that will be applied to a container. Some fields are present in both SecurityContext and PodSecurityContext. When both are set, the values in SecurityContext take precedence.", + "com.github.openshift.api.project.v1.ProjectStatus": { + "description": "ProjectStatus is information about the current status of a Project", "type": "object", "properties": { - "allowPrivilegeEscalation": { - "description": "AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "appArmorProfile": { - "description": "appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows.", - "$ref": "#/definitions/io.k8s.api.core.v1.AppArmorProfile" - }, - "capabilities": { - "description": "The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.", - "$ref": "#/definitions/io.k8s.api.core.v1.Capabilities" - }, - "privileged": { - "description": "Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.", - "type": "boolean" + "conditions": { + "description": "Represents the latest available observations of the project current state.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/NamespaceCondition.v1.core.api.k8s.io" + }, + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "procMount": { - "description": "procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.\n\nPossible enum values:\n - `\"Default\"` uses the container runtime defaults for readonly and masked paths for /proc. Most container runtimes mask certain paths in /proc to avoid accidental security exposure of special devices or information.\n - `\"Unmasked\"` bypasses the default masking behavior of the container runtime and ensures the newly created /proc the container stays in tact with no modifications.", + "phase": { + "description": "phase is the current lifecycle phase of the project\n\nPossible enum values:\n - `\"Active\"` means the namespace is available for use in the system\n - `\"Terminating\"` means the namespace is undergoing graceful termination", "type": "string", "enum": [ - "Default", - "Unmasked" + "Active", + "Terminating" ] + } + } + }, + "com.github.openshift.api.quota.v1.AppliedClusterResourceQuota": { + "description": "AppliedClusterResourceQuota mirrors ClusterResourceQuota at a project scope, for projection into a project. It allows a project-admin to know which ClusterResourceQuotas are applied to his project and their associated usage.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "metadata", + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "readOnlyRootFilesystem": { - "description": "Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.", - "type": "boolean" - }, - "runAsGroup": { - "description": "The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", - "type": "integer", - "format": "int64" - }, - "runAsNonRoot": { - "description": "Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "boolean" - }, - "runAsUser": { - "description": "The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", - "type": "integer", - "format": "int64" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "seLinuxOptions": { - "description": "The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.", - "$ref": "#/definitions/io.k8s.api.core.v1.SELinuxOptions" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "seccompProfile": { - "description": "The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.", - "$ref": "#/definitions/io.k8s.api.core.v1.SeccompProfile" + "spec": { + "description": "spec defines the desired quota", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.quota.v1.ClusterResourceQuotaSpec" }, - "windowsOptions": { - "description": "The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.", - "$ref": "#/definitions/io.k8s.api.core.v1.WindowsSecurityContextOptions" + "status": { + "description": "status defines the actual enforced quota and its current usage", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.quota.v1.ClusterResourceQuotaStatus" } } }, - "io.k8s.api.core.v1.SerializedReference": { - "description": "SerializedReference is a reference to serialized object.", + "com.github.openshift.api.quota.v1.AppliedClusterResourceQuotaList": { + "description": "AppliedClusterResourceQuotaList is a collection of AppliedClusterResourceQuotas\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "items" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "description": "items is a list of AppliedClusterResourceQuota", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.quota.v1.AppliedClusterResourceQuota" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "reference": { - "description": "The reference to an object in the system.", + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.Service": { - "description": "Service is a named abstraction of software service (for example, mysql) consisting of local port (for example 3306) that the proxy listens on, and the selector that determines which pods will answer requests sent through the proxy.", + "com.github.openshift.api.quota.v1.ClusterResourceQuota": { + "description": "ClusterResourceQuota mirrors ResourceQuota at a cluster scope. This object is easily convertible to synthetic ResourceQuota object to allow quota evaluation re-use.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", @@ -49264,1233 +50432,870 @@ "type": "string" }, "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, "spec": { - "description": "Spec defines the behavior of a service. https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "description": "spec defines the desired quota", "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ServiceSpec" + "$ref": "#/definitions/com.github.openshift.api.quota.v1.ClusterResourceQuotaSpec" }, "status": { - "description": "Most recently observed status of the service. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", + "description": "status defines the actual enforced quota and its current usage", "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ServiceStatus" + "$ref": "#/definitions/com.github.openshift.api.quota.v1.ClusterResourceQuotaStatus" } } }, - "io.k8s.api.core.v1.ServiceAccount": { - "description": "ServiceAccount binds together: * a name, understood by users, and perhaps by peripheral systems, for an identity * a principal that can be authenticated and authorized * a set of secrets", + "com.github.openshift.api.quota.v1.ClusterResourceQuotaList": { + "description": "ClusterResourceQuotaList is a collection of ClusterResourceQuotas\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "items" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "automountServiceAccountToken": { - "description": "AutomountServiceAccountToken indicates whether pods running as this service account should have an API token automatically mounted. Can be overridden at the pod level.", - "type": "boolean" - }, - "imagePullSecrets": { - "description": "ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet. More info: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod", + "items": { + "description": "items is a list of ClusterResourceQuotas", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.quota.v1.ClusterResourceQuota" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + } + } + }, + "com.github.openshift.api.quota.v1.ClusterResourceQuotaSelector": { + "description": "ClusterResourceQuotaSelector is used to select projects. At least one of LabelSelector or AnnotationSelector must present. If only one is present, it is the only selection criteria. If both are specified, the project must match both restrictions.", + "type": "object", + "properties": { + "annotations": { + "description": "AnnotationSelector is used to select projects by annotation.", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } }, - "secrets": { - "description": "Secrets is a list of the secrets in the same namespace that pods running using this ServiceAccount are allowed to use. Pods are only limited to this list if this service account has a \"kubernetes.io/enforce-mountable-secrets\" annotation set to \"true\". The \"kubernetes.io/enforce-mountable-secrets\" annotation is deprecated since v1.32. Prefer separate namespaces to isolate access to mounted secrets. This field should not be used to find auto-generated service account token secrets for use outside of pods. Instead, tokens can be requested directly using the TokenRequest API, or service account token secrets can be manually created. More info: https://kubernetes.io/docs/concepts/configuration/secret", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" - }, - "x-kubernetes-list-map-keys": [ - "name" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "name", - "x-kubernetes-patch-strategy": "merge" + "labels": { + "description": "LabelSelector is used to select projects by label.", + "$ref": "#/definitions/LabelSelector.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.ServiceAccountList": { - "description": "ServiceAccountList is a list of ServiceAccount objects", + "com.github.openshift.api.quota.v1.ClusterResourceQuotaSpec": { + "description": "ClusterResourceQuotaSpec defines the desired quota restrictions", "type": "object", "required": [ - "items" + "selector", + "quota" ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "quota": { + "description": "quota defines the desired quota", + "default": {}, + "$ref": "#/definitions/ResourceQuotaSpec.v1.core.api.k8s.io" }, - "items": { - "description": "List of ServiceAccounts. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/", + "selector": { + "description": "selector is the selector used to match projects. It should only select active projects on the scale of dozens (though it can select many more less active projects). These projects will contend on object creation through this resource.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.quota.v1.ClusterResourceQuotaSelector" + } + } + }, + "com.github.openshift.api.quota.v1.ClusterResourceQuotaStatus": { + "description": "ClusterResourceQuotaStatus defines the actual enforced quota and its current usage", + "type": "object", + "required": [ + "total" + ], + "properties": { + "namespaces": { + "description": "namespaces slices the usage by project. This division allows for quick resolution of deletion reconciliation inside of a single project without requiring a recalculation across all projects. This can be used to pull the deltas for a given project.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ServiceAccount" + "$ref": "#/definitions/com.github.openshift.api.quota.v1.ResourceQuotaStatusByNamespace" } }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "total": { + "description": "total defines the actual enforced quota and its current usage across all projects", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ResourceQuotaStatus.v1.core.api.k8s.io" } } }, - "io.k8s.api.core.v1.ServiceAccountTokenProjection": { - "description": "ServiceAccountTokenProjection represents a projected service account token volume. This projection can be used to insert a service account token into the pods runtime filesystem for use against APIs (Kubernetes API Server or otherwise).", + "com.github.openshift.api.quota.v1.ResourceQuotaStatusByNamespace": { + "description": "ResourceQuotaStatusByNamespace gives status for a particular project", "type": "object", "required": [ - "path" + "namespace", + "status" ], "properties": { - "audience": { - "description": "audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver.", - "type": "string" - }, - "expirationSeconds": { - "description": "expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes.", - "type": "integer", - "format": "int64" - }, - "path": { - "description": "path is the path relative to the mount point of the file to project the token into.", + "namespace": { + "description": "namespace the project this status applies to", "type": "string", "default": "" + }, + "status": { + "description": "status indicates how many resources have been consumed by this project", + "default": {}, + "$ref": "#/definitions/ResourceQuotaStatus.v1.core.api.k8s.io" } } }, - "io.k8s.api.core.v1.ServiceList": { - "description": "ServiceList holds a list of services.", + "com.github.openshift.api.route.v1.LocalObjectReference": { + "description": "LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace.", + "type": "object", + "properties": { + "name": { + "description": "name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "type": "string" + } + }, + "x-kubernetes-map-type": "atomic" + }, + "com.github.openshift.api.route.v1.Route": { + "description": "A route allows developers to expose services through an HTTP(S) aware load balancing and proxy layer via a public DNS entry. The route may further specify TLS options and a certificate, or specify a public CNAME that the router should also accept for HTTP and HTTPS traffic. An administrator typically configures their router to be visible outside the cluster firewall, and may also add additional security, caching, or traffic controls on the service content. Routers usually talk directly to the service endpoints.\n\nOnce a route is created, the `host` field may not be changed. Generally, routers use the oldest route with a given host when resolving conflicts.\n\nRouters are subject to additional customization and may support additional controls via the annotations field.\n\nBecause administrators may configure multiple routers, the route status field is used to return information to clients about the names and states of the route under each router. If a client chooses a duplicate name, for instance, the route status conditions are used to indicate the route cannot be chosen.\n\nTo enable HTTP/2 ALPN on a route it requires a custom (non-wildcard) certificate. This prevents connection coalescing by clients, notably web browsers. We do not support HTTP/2 ALPN on routes that use the default certificate because of the risk of connection re-use/coalescing. Routes that do not have their own custom certificate will not be HTTP/2 ALPN-enabled on either the frontend or the backend.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "items" + "spec" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "List of services", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.Service" - } - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec is the desired state of the route", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteSpec" + }, + "status": { + "description": "status is the current state of the route", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteStatus" } } }, - "io.k8s.api.core.v1.ServicePort": { - "description": "ServicePort contains information on service's port.", + "com.github.openshift.api.route.v1.RouteHTTPHeader": { + "description": "RouteHTTPHeader specifies configuration for setting or deleting an HTTP header.", "type": "object", "required": [ - "port" + "name", + "action" ], "properties": { - "appProtocol": { - "description": "The application protocol for this port. This is used as a hint for implementations to offer richer behavior for protocols that they understand. This field follows standard Kubernetes label syntax. Valid values are either:\n\n* Un-prefixed protocol names - reserved for IANA standard service names (as per RFC-6335 and https://www.iana.org/assignments/service-names).\n\n* Kubernetes-defined prefixed names:\n * 'kubernetes.io/h2c' - HTTP/2 prior knowledge over cleartext as described in https://www.rfc-editor.org/rfc/rfc9113.html#name-starting-http-2-with-prior-\n * 'kubernetes.io/ws' - WebSocket over cleartext as described in https://www.rfc-editor.org/rfc/rfc6455\n * 'kubernetes.io/wss' - WebSocket over TLS as described in https://www.rfc-editor.org/rfc/rfc6455\n\n* Other protocols should use implementation-defined prefixed names such as mycompany.com/my-custom-protocol.", - "type": "string" + "action": { + "description": "action specifies actions to perform on headers, such as setting or deleting headers.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteHTTPHeaderActionUnion" }, "name": { - "description": "The name of this port within the service. This must be a DNS_LABEL. All ports within a ServiceSpec must have unique names. When considering the endpoints for a Service, this must match the 'name' field in the EndpointPort. Optional if only one ServicePort is defined on this service.", - "type": "string" - }, - "nodePort": { - "description": "The port on each node on which this service is exposed when type is NodePort or LoadBalancer. Usually assigned by the system. If a value is specified, in-range, and not in use it will be used, otherwise the operation will fail. If not specified, a port will be allocated if this Service requires one. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type from NodePort to ClusterIP). More info: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport", - "type": "integer", - "format": "int32" - }, - "port": { - "description": "The port that will be exposed by this service.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "protocol": { - "description": "The IP protocol for this port. Supports \"TCP\", \"UDP\", and \"SCTP\". Default is TCP.\n\nPossible enum values:\n - `\"SCTP\"` is the SCTP protocol.\n - `\"TCP\"` is the TCP protocol.\n - `\"UDP\"` is the UDP protocol.", + "description": "name specifies the name of a header on which to perform an action. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2. The name must consist only of alphanumeric and the following special characters, \"-!#$%&'*+.^_`\". The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. It must be no more than 255 characters in length. Header name must be unique.", "type": "string", - "default": "TCP", - "enum": [ - "SCTP", - "TCP", - "UDP" - ] - }, - "targetPort": { - "description": "Number or name of the port to access on the pods targeted by the service. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. If this is a string, it will be looked up as a named port in the target Pod's container ports. If this is not specified, the value of the 'port' field is used (an identity map). This field is ignored for services with clusterIP=None, and should be omitted or set equal to the 'port' field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + "default": "" } } }, - "io.k8s.api.core.v1.ServiceProxyOptions": { - "description": "ServiceProxyOptions is the query options to a Service's proxy call.", + "com.github.openshift.api.route.v1.RouteHTTPHeaderActionUnion": { + "description": "RouteHTTPHeaderActionUnion specifies an action to take on an HTTP header.", "type": "object", + "required": [ + "type" + ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "set": { + "description": "set defines the HTTP header that should be set: added if it doesn't exist or replaced if it does. This field is required when type is Set and forbidden otherwise.", + "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteSetHTTPHeader" }, - "path": { - "description": "Path is the part of URLs that include service endpoints, suffixes, and parameters to use for the current proxy request to service. For example, the whole request URL is http://localhost/api/v1/namespaces/kube-system/services/elasticsearch-logging/_search?q=user:kimchy. Path is _search?q=user:kimchy.", - "type": "string" + "type": { + "description": "type defines the type of the action to be applied on the header. Possible values are Set or Delete. Set allows you to set HTTP request and response headers. Delete allows you to delete HTTP request and response headers.", + "type": "string", + "default": "" } - } + }, + "x-kubernetes-unions": [ + { + "discriminator": "type", + "fields-to-discriminateBy": { + "set": "Set" + } + } + ] }, - "io.k8s.api.core.v1.ServiceSpec": { - "description": "ServiceSpec describes the attributes that a user creates on a service.", + "com.github.openshift.api.route.v1.RouteHTTPHeaderActions": { + "description": "RouteHTTPHeaderActions defines configuration for actions on HTTP request and response headers.", "type": "object", "properties": { - "allocateLoadBalancerNodePorts": { - "description": "allocateLoadBalancerNodePorts defines if NodePorts will be automatically allocated for services with type LoadBalancer. Default is \"true\". It may be set to \"false\" if the cluster load-balancer does not rely on NodePorts. If the caller requests specific NodePorts (by specifying a value), those requests will be respected, regardless of this field. This field may only be set for services with type LoadBalancer and will be cleared if the type is changed to any other type.", - "type": "boolean" - }, - "clusterIP": { - "description": "clusterIP is the IP address of the service and is usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be blank) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "type": "string" - }, - "clusterIPs": { - "description": "ClusterIPs is a list of IP addresses assigned to this service, and are usually assigned randomly. If an address is specified manually, is in-range (as per system configuration), and is not in use, it will be allocated to the service; otherwise creation of the service will fail. This field may not be changed through updates unless the type field is also being changed to ExternalName (which requires this field to be empty) or the type field is being changed from ExternalName (in which case this field may optionally be specified, as describe above). Valid values are \"None\", empty string (\"\"), or a valid IP address. Setting this to \"None\" makes a \"headless service\" (no virtual IP), which is useful when direct endpoint connections are preferred and proxying is not required. Only applies to types ClusterIP, NodePort, and LoadBalancer. If this field is specified when creating a Service of type ExternalName, creation will fail. This field will be wiped when updating a Service to type ExternalName. If this field is not specified, it will be initialized from the clusterIP field. If this field is specified, clients must ensure that clusterIPs[0] and clusterIP have the same value.\n\nThis field may hold a maximum of two entries (dual-stack IPs, in either order). These IPs must correspond to the values of the ipFamilies field. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "externalIPs": { - "description": "externalIPs is a list of IP addresses for which nodes in the cluster will also accept traffic for this service. These IPs are not managed by Kubernetes. The user is responsible for ensuring that traffic arrives at a node with this IP. A common example is external load-balancers that are not part of the Kubernetes system.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "externalName": { - "description": "externalName is the external reference that discovery mechanisms will return as an alias for this service (e.g. a DNS CNAME record). No proxying will be involved. Must be a lowercase RFC-1123 hostname (https://tools.ietf.org/html/rfc1123) and requires `type` to be \"ExternalName\".", - "type": "string" - }, - "externalTrafficPolicy": { - "description": "externalTrafficPolicy describes how nodes distribute service traffic they receive on one of the Service's \"externally-facing\" addresses (NodePorts, ExternalIPs, and LoadBalancer IPs). If set to \"Local\", the proxy will configure the service in a way that assumes that external load balancers will take care of balancing the service traffic between nodes, and so each node will deliver traffic only to the node-local endpoints of the service, without masquerading the client source IP. (Traffic mistakenly sent to a node with no endpoints will be dropped.) The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features). Note that traffic sent to an External IP or LoadBalancer IP from within the cluster will always get \"Cluster\" semantics, but clients sending to a NodePort from within the cluster may need to take traffic policy into account when picking a node.\n\nPossible enum values:\n - `\"Cluster\"` routes traffic to all endpoints.\n - `\"Local\"` preserves the source IP of the traffic by routing only to endpoints on the same node as the traffic was received on (dropping the traffic if there are no local endpoints).", - "type": "string", - "enum": [ - "Cluster", - "Local" - ] - }, - "healthCheckNodePort": { - "description": "healthCheckNodePort specifies the healthcheck nodePort for the service. This only applies when type is set to LoadBalancer and externalTrafficPolicy is set to Local. If a value is specified, is in-range, and is not in use, it will be used. If not specified, a value will be automatically allocated. External systems (e.g. load-balancers) can use this port to determine if a given node holds endpoints for this service or not. If this field is specified when creating a Service which does not need it, creation will fail. This field will be wiped when updating a Service to no longer need it (e.g. changing type). This field cannot be updated once set.", - "type": "integer", - "format": "int32" - }, - "internalTrafficPolicy": { - "description": "InternalTrafficPolicy describes how nodes distribute service traffic they receive on the ClusterIP. If set to \"Local\", the proxy will assume that pods only want to talk to endpoints of the service on the same node as the pod, dropping the traffic if there are no local endpoints. The default value, \"Cluster\", uses the standard behavior of routing to all endpoints evenly (possibly modified by topology and other features).\n\nPossible enum values:\n - `\"Cluster\"` routes traffic to all endpoints.\n - `\"Local\"` routes traffic only to endpoints on the same node as the client pod (dropping the traffic if there are no local endpoints).", - "type": "string", - "enum": [ - "Cluster", - "Local" - ] - }, - "ipFamilies": { - "description": "IPFamilies is a list of IP families (e.g. IPv4, IPv6) assigned to this service. This field is usually assigned automatically based on cluster configuration and the ipFamilyPolicy field. If this field is specified manually, the requested family is available in the cluster, and ipFamilyPolicy allows it, it will be used; otherwise creation of the service will fail. This field is conditionally mutable: it allows for adding or removing a secondary IP family, but it does not allow changing the primary IP family of the Service. Valid values are \"IPv4\" and \"IPv6\". This field only applies to Services of types ClusterIP, NodePort, and LoadBalancer, and does apply to \"headless\" services. This field will be wiped when updating a Service to type ExternalName.\n\nThis field may hold a maximum of two entries (dual-stack families, in either order). These families must correspond to the values of the clusterIPs field, if specified. Both clusterIPs and ipFamilies are governed by the ipFamilyPolicy field.", - "type": "array", - "items": { - "type": "string", - "default": "", - "enum": [ - "", - "IPv4", - "IPv6" - ] - }, - "x-kubernetes-list-type": "atomic" - }, - "ipFamilyPolicy": { - "description": "IPFamilyPolicy represents the dual-stack-ness requested or required by this Service. If there is no value provided, then this field will be set to SingleStack. Services can be \"SingleStack\" (a single IP family), \"PreferDualStack\" (two IP families on dual-stack configured clusters or a single IP family on single-stack clusters), or \"RequireDualStack\" (two IP families on dual-stack configured clusters, otherwise fail). The ipFamilies and clusterIPs fields depend on the value of this field. This field will be wiped when updating a service to type ExternalName.\n\nPossible enum values:\n - `\"PreferDualStack\"` indicates that this service prefers dual-stack when the cluster is configured for dual-stack. If the cluster is not configured for dual-stack the service will be assigned a single IPFamily. If the IPFamily is not set in service.spec.ipFamilies then the service will be assigned the default IPFamily configured on the cluster\n - `\"RequireDualStack\"` indicates that this service requires dual-stack. Using IPFamilyPolicyRequireDualStack on a single stack cluster will result in validation errors. The IPFamilies (and their order) assigned to this service is based on service.spec.ipFamilies. If service.spec.ipFamilies was not provided then it will be assigned according to how they are configured on the cluster. If service.spec.ipFamilies has only one entry then the alternative IPFamily will be added by apiserver\n - `\"SingleStack\"` indicates that this service is required to have a single IPFamily. The IPFamily assigned is based on the default IPFamily used by the cluster or as identified by service.spec.ipFamilies field", - "type": "string", - "enum": [ - "PreferDualStack", - "RequireDualStack", - "SingleStack" - ] - }, - "loadBalancerClass": { - "description": "loadBalancerClass is the class of the load balancer implementation this Service belongs to. If specified, the value of this field must be a label-style identifier, with an optional prefix, e.g. \"internal-vip\" or \"example.com/internal-vip\". Unprefixed names are reserved for end-users. This field can only be set when the Service type is 'LoadBalancer'. If not set, the default load balancer implementation is used, today this is typically done through the cloud provider integration, but should apply for any default implementation. If set, it is assumed that a load balancer implementation is watching for Services with a matching class. Any default load balancer implementation (e.g. cloud providers) should ignore Services that set this field. This field can only be set when creating or updating a Service to type 'LoadBalancer'. Once set, it can not be changed. This field will be wiped when a service is updated to a non 'LoadBalancer' type.", - "type": "string" - }, - "loadBalancerIP": { - "description": "Only applies to Service Type: LoadBalancer. This feature depends on whether the underlying cloud-provider supports specifying the loadBalancerIP when a load balancer is created. This field will be ignored if the cloud-provider does not support the feature. Deprecated: This field was under-specified and its meaning varies across implementations. Using it is non-portable and it may not support dual-stack. Users are encouraged to use implementation-specific annotations when available.", - "type": "string" - }, - "loadBalancerSourceRanges": { - "description": "If specified and supported by the platform, this will restrict traffic through the cloud-provider load-balancer will be restricted to the specified client IPs. This field will be ignored if the cloud-provider does not support the feature.\" More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/", + "request": { + "description": "request is a list of HTTP request headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the request headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Currently, actions may define to either `Set` or `Delete` headers values. Route actions will be executed after IngressController actions for request headers. Actions are applied in sequence as defined in this list. A maximum of 20 request header actions may be configured. You can use this field to specify HTTP request headers that should be set or deleted when forwarding connections from the client to your application. Sample fetchers allowed are \"req.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[req.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\". Any request header configuration applied directly via a Route resource using this API will override header configuration for a header of the same name applied via spec.httpHeaders.actions on the IngressController or route annotation. Note: This field cannot be used if your route uses TLS passthrough.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteHTTPHeader" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" }, - "ports": { - "description": "The list of ports that are exposed by this service. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies", + "response": { + "description": "response is a list of HTTP response headers to modify. Currently, actions may define to either `Set` or `Delete` headers values. Actions defined here will modify the response headers of all requests made through a route. These actions are applied to a specific Route defined within a cluster i.e. connections made through a route. Route actions will be executed before IngressController actions for response headers. Actions are applied in sequence as defined in this list. A maximum of 20 response header actions may be configured. You can use this field to specify HTTP response headers that should be set or deleted when forwarding responses from your application to the client. Sample fetchers allowed are \"res.hdr\" and \"ssl_c_der\". Converters allowed are \"lower\" and \"base64\". Example header values: \"%[res.hdr(X-target),lower]\", \"%{+Q}[ssl_c_der,base64]\". Note: This field cannot be used if your route uses TLS passthrough.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.ServicePort" + "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteHTTPHeader" }, "x-kubernetes-list-map-keys": [ - "port", - "protocol" + "name" ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "port", - "x-kubernetes-patch-strategy": "merge" - }, - "publishNotReadyAddresses": { - "description": "publishNotReadyAddresses indicates that any agent which deals with endpoints for this Service should disregard any indications of ready/not-ready. The primary use case for setting this field is for a StatefulSet's Headless Service to propagate SRV DNS records for its Pods for the purpose of peer discovery. The Kubernetes controllers that generate Endpoints and EndpointSlice resources for Services interpret this to mean that all endpoints are considered \"ready\" even if the Pods themselves are not. Agents which consume only Kubernetes generated endpoints through the Endpoints or EndpointSlice resources can safely assume this behavior.", - "type": "boolean" - }, - "selector": { - "description": "Route service traffic to pods with label keys and values matching this selector. If empty or not present, the service is assumed to have an external process managing its endpoints, which Kubernetes will not modify. Only applies to types ClusterIP, NodePort, and LoadBalancer. Ignored if type is ExternalName. More info: https://kubernetes.io/docs/concepts/services-networking/service/", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - }, - "x-kubernetes-map-type": "atomic" - }, - "sessionAffinity": { - "description": "Supports \"ClientIP\" and \"None\". Used to maintain session affinity. Enable client IP based session affinity. Must be ClientIP or None. Defaults to None. More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies\n\nPossible enum values:\n - `\"ClientIP\"` is the Client IP based.\n - `\"None\"` - no session affinity.", - "type": "string", - "enum": [ - "ClientIP", - "None" - ] - }, - "sessionAffinityConfig": { - "description": "sessionAffinityConfig contains the configurations of session affinity.", - "$ref": "#/definitions/io.k8s.api.core.v1.SessionAffinityConfig" - }, - "trafficDistribution": { - "description": "TrafficDistribution offers a way to express preferences for how traffic is distributed to Service endpoints. Implementations can use this field as a hint, but are not required to guarantee strict adherence. If the field is not set, the implementation will apply its default routing strategy. If set to \"PreferClose\", implementations should prioritize endpoints that are in the same zone.", - "type": "string" - }, - "type": { - "description": "type determines how the Service is exposed. Defaults to ClusterIP. Valid options are ExternalName, ClusterIP, NodePort, and LoadBalancer. \"ClusterIP\" allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, by manual construction of an Endpoints object or EndpointSlice objects. If clusterIP is \"None\", no virtual IP is allocated and the endpoints are published as a set of endpoints rather than a virtual IP. \"NodePort\" builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. \"LoadBalancer\" builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. \"ExternalName\" aliases this service to the specified externalName. Several other fields do not apply to ExternalName services. More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types\n\nPossible enum values:\n - `\"ClusterIP\"` means a service will only be accessible inside the cluster, via the cluster IP.\n - `\"ExternalName\"` means a service consists of only a reference to an external name that kubedns or equivalent will return as a CNAME record, with no exposing or proxying of any pods involved.\n - `\"LoadBalancer\"` means a service will be exposed via an external load balancer (if the cloud provider supports it), in addition to 'NodePort' type.\n - `\"NodePort\"` means a service will be exposed on one port of every node, in addition to 'ClusterIP' type.", - "type": "string", - "enum": [ - "ClusterIP", - "ExternalName", - "LoadBalancer", - "NodePort" - ] + "x-kubernetes-list-type": "map" } } }, - "io.k8s.api.core.v1.ServiceStatus": { - "description": "ServiceStatus represents the current status of a service.", + "com.github.openshift.api.route.v1.RouteHTTPHeaders": { + "description": "RouteHTTPHeaders defines policy for HTTP headers.", + "type": "object", + "properties": { + "actions": { + "description": "actions specifies options for modifying headers and their values. Note that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be modified for TLS passthrough connections. Setting the HSTS (`Strict-Transport-Security`) header is not supported via actions. `Strict-Transport-Security` may only be configured using the \"haproxy.router.openshift.io/hsts_header\" route annotation, and only in accordance with the policy specified in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request headers, the actions specified in spec.httpHeaders.actions on the Route will be executed after the actions specified in the IngressController's spec.httpHeaders.actions field. In case of HTTP response headers, the actions specified in spec.httpHeaders.actions on the IngressController will be executed after the actions specified in the Route's spec.httpHeaders.actions field. The headers set via this API will not appear in access logs. Any actions defined here are applied after any actions related to the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. The following header names are reserved and may not be modified via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. Please refer to the documentation for that API field for more details.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteHTTPHeaderActions" + } + } + }, + "com.github.openshift.api.route.v1.RouteIngress": { + "description": "RouteIngress holds information about the places where a route is exposed.", "type": "object", "properties": { "conditions": { - "description": "Current service state", + "description": "conditions is the state of the route, may be empty.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Condition" + "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteIngressCondition" }, "x-kubernetes-list-map-keys": [ "type" ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "type", - "x-kubernetes-patch-strategy": "merge" + "x-kubernetes-list-type": "map" }, - "loadBalancer": { - "description": "LoadBalancer contains the current status of the load-balancer, if one is present.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.LoadBalancerStatus" - } - } - }, - "io.k8s.api.core.v1.SessionAffinityConfig": { - "description": "SessionAffinityConfig represents the configurations of session affinity.", - "type": "object", - "properties": { - "clientIP": { - "description": "clientIP contains the configurations of Client IP based session affinity.", - "$ref": "#/definitions/io.k8s.api.core.v1.ClientIPConfig" - } - } - }, - "io.k8s.api.core.v1.SleepAction": { - "description": "SleepAction describes a \"sleep\" action.", - "type": "object", - "required": [ - "seconds" - ], - "properties": { - "seconds": { - "description": "Seconds is the number of seconds to sleep.", - "type": "integer", - "format": "int64", - "default": 0 - } - } - }, - "io.k8s.api.core.v1.StorageOSPersistentVolumeSource": { - "description": "Represents a StorageOS persistent volume resource.", - "type": "object", - "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", + "host": { + "description": "host is the host string under which the route is exposed; this value is required", "type": "string" }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.", - "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference" + "routerCanonicalHostname": { + "description": "CanonicalHostname is the external host name for the router that can be used as a CNAME for the host requested for this route. This value is optional and may not be set in all cases.", + "type": "string" }, - "volumeName": { - "description": "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.", + "routerName": { + "description": "Name is a name chosen by the router to identify itself; this value is required", "type": "string" }, - "volumeNamespace": { - "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.", + "wildcardPolicy": { + "description": "Wildcard policy is the wildcard policy that was allowed where this route is exposed.", "type": "string" } } }, - "io.k8s.api.core.v1.StorageOSVolumeSource": { - "description": "Represents a StorageOS persistent volume resource.", + "com.github.openshift.api.route.v1.RouteIngressCondition": { + "description": "RouteIngressCondition contains details for the current condition of this route on a particular router.", "type": "object", + "required": [ + "type", + "status" + ], "properties": { - "fsType": { - "description": "fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "readOnly": { - "description": "readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.", - "type": "boolean" - }, - "secretRef": { - "description": "secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted.", - "$ref": "#/definitions/io.k8s.api.core.v1.LocalObjectReference" + "lastTransitionTime": { + "description": "RFC 3339 date and time when this condition last transitioned", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "volumeName": { - "description": "volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace.", + "message": { + "description": "Human readable message indicating details about last transition.", "type": "string" }, - "volumeNamespace": { - "description": "volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to \"default\" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created.", + "reason": { + "description": "(brief) reason for the condition's last transition, and is usually a machine and human readable constant", "type": "string" + }, + "status": { + "description": "status is the status of the condition. Can be True, False, Unknown.", + "type": "string", + "default": "" + }, + "type": { + "description": "type is the type of the condition. Currently only Admitted or UnservableInFutureVersions.", + "type": "string", + "default": "" } } }, - "io.k8s.api.core.v1.Sysctl": { - "description": "Sysctl defines a kernel parameter to be set", + "com.github.openshift.api.route.v1.RouteList": { + "description": "RouteList is a collection of Routes.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "name", - "value" + "items" ], "properties": { - "name": { - "description": "Name of a property to set", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "value": { - "description": "Value of a property to set", - "type": "string", - "default": "" + "items": { + "description": "items is a list of routes", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.route.v1.Route" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.TCPSocketAction": { - "description": "TCPSocketAction describes an action based on opening a socket", + "com.github.openshift.api.route.v1.RoutePort": { + "description": "RoutePort defines a port mapping from a router to an endpoint in the service endpoints.", "type": "object", "required": [ - "port" + "targetPort" ], "properties": { - "host": { - "description": "Optional: Host name to connect to, defaults to the pod IP.", - "type": "string" - }, - "port": { - "description": "Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.util.intstr.IntOrString" + "targetPort": { + "description": "The target port on pods selected by the service this route points to. If this is a string, it will be looked up as a named port in the target endpoints port list. Required", + "$ref": "#/definitions/IntOrString.intstr.util.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.Taint": { - "description": "The node this Taint is attached to has the \"effect\" on any pod that does not tolerate the Taint.", + "com.github.openshift.api.route.v1.RouteSetHTTPHeader": { + "description": "RouteSetHTTPHeader specifies what value needs to be set on an HTTP header.", "type": "object", "required": [ - "key", - "effect" + "value" ], "properties": { - "effect": { - "description": "Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute.\n\nPossible enum values:\n - `\"NoExecute\"` Evict any already-running pods that do not tolerate the taint. Currently enforced by NodeController.\n - `\"NoSchedule\"` Do not allow new pods to schedule onto the node unless they tolerate the taint, but allow all pods submitted to Kubelet without going through the scheduler to start, and allow all already-running pods to continue running. Enforced by the scheduler.\n - `\"PreferNoSchedule\"` Like TaintEffectNoSchedule, but the scheduler tries not to schedule new pods onto the node, rather than prohibiting new pods from scheduling onto the node entirely. Enforced by the scheduler.", - "type": "string", - "default": "", - "enum": [ - "NoExecute", - "NoSchedule", - "PreferNoSchedule" - ] - }, - "key": { - "description": "Required. The taint key to be applied to a node.", + "value": { + "description": "value specifies a header value. Dynamic values can be added. The value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. The value of this field must be no more than 16384 characters in length. Note that the total size of all net added headers *after* interpolating dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController.", "type": "string", "default": "" - }, - "timeAdded": { - "description": "TimeAdded represents the time at which the taint was added.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "value": { - "description": "The taint value corresponding to the taint key.", - "type": "string" } } }, - "io.k8s.api.core.v1.Toleration": { - "description": "The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator .", + "com.github.openshift.api.route.v1.RouteSpec": { + "description": "RouteSpec describes the hostname or path the route exposes, any security information, and one to four backends (services) the route points to. Requests are distributed among the backends depending on the weights assigned to each backend. When using roundrobin scheduling the portion of requests that go to each backend is the backend weight divided by the sum of all of the backend weights. When the backend has more than one endpoint the requests that end up on the backend are roundrobin distributed among the endpoints. Weights are between 0 and 256 with default 100. Weight 0 causes no requests to the backend. If all weights are zero the route will be considered to have no backends and return a standard 503 response.\n\nThe `tls` field is optional and allows specific certificates or behavior for the route. Routers typically configure a default certificate on a wildcard domain to terminate routes without explicit certificates, but custom hostnames usually must choose passthrough (send traffic directly to the backend via the TLS Server-Name- Indication field) or provide a certificate.", "type": "object", + "required": [ + "to" + ], "properties": { - "effect": { - "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.\n\nPossible enum values:\n - `\"NoExecute\"` Evict any already-running pods that do not tolerate the taint. Currently enforced by NodeController.\n - `\"NoSchedule\"` Do not allow new pods to schedule onto the node unless they tolerate the taint, but allow all pods submitted to Kubelet without going through the scheduler to start, and allow all already-running pods to continue running. Enforced by the scheduler.\n - `\"PreferNoSchedule\"` Like TaintEffectNoSchedule, but the scheduler tries not to schedule new pods onto the node, rather than prohibiting new pods from scheduling onto the node entirely. Enforced by the scheduler.", - "type": "string", - "enum": [ - "NoExecute", - "NoSchedule", - "PreferNoSchedule" - ] + "alternateBackends": { + "description": "alternateBackends allows up to 3 additional backends to be assigned to the route. Only the Service kind is allowed, and it will be defaulted to Service. Use the weight field in RouteTargetReference object to specify relative preference.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteTargetReference" + }, + "x-kubernetes-list-map-keys": [ + "name", + "kind" + ], + "x-kubernetes-list-type": "map" }, - "key": { - "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + "host": { + "description": "host is an alias/DNS that points to the service. Optional. If not specified a route name will typically be automatically chosen. Must follow DNS952 subdomain conventions.", "type": "string" }, - "operator": { - "description": "Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.\n\nPossible enum values:\n - `\"Equal\"`\n - `\"Exists\"`", - "type": "string", - "enum": [ - "Equal", - "Exists" - ] + "httpHeaders": { + "description": "httpHeaders defines policy for HTTP headers.", + "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteHTTPHeaders" }, - "tolerationSeconds": { - "description": "TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.", - "type": "integer", - "format": "int64" + "path": { + "description": "path that the router watches for, to route traffic for to the service. Optional", + "type": "string" }, - "value": { - "description": "Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string.", + "port": { + "description": "If specified, the port to be used by the router. Most routers will use all endpoints exposed by the service by default - set this value to instruct routers which port to use.", + "$ref": "#/definitions/com.github.openshift.api.route.v1.RoutePort" + }, + "subdomain": { + "description": "subdomain is a DNS subdomain that is requested within the ingress controller's domain (as a subdomain). If host is set this field is ignored. An ingress controller may choose to ignore this suggested name, in which case the controller will report the assigned name in the status.ingress array or refuse to admit the route. If this value is set and the server does not support this field host will be populated automatically. Otherwise host is left empty. The field may have multiple parts separated by a dot, but not all ingress controllers may honor the request. This field may not be changed after creation except by a user with the update routes/custom-host permission.\n\nExample: subdomain `frontend` automatically receives the router subdomain `apps.mycluster.com` to have a full hostname `frontend.apps.mycluster.com`.", "type": "string" - } - } - }, - "io.k8s.api.core.v1.TopologySelectorLabelRequirement": { - "description": "A topology selector requirement is a selector that matches given label. This is an alpha feature and may change in the future.", - "type": "object", - "required": [ - "key", - "values" - ], - "properties": { - "key": { - "description": "The label key that the selector applies to.", - "type": "string", - "default": "" }, - "values": { - "description": "An array of string values. One value must match the label to be selected. Each entry in Values is ORed.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "tls": { + "description": "The tls field provides the ability to configure certificates and termination for the route.", + "$ref": "#/definitions/com.github.openshift.api.route.v1.TLSConfig" + }, + "to": { + "description": "to is an object the route should use as the primary backend. Only the Service kind is allowed, and it will be defaulted to Service. If the weight field (0-256 default 100) is set to zero, no traffic will be sent to this backend.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteTargetReference" + }, + "wildcardPolicy": { + "description": "Wildcard policy if any for the route. Currently only 'Subdomain' or 'None' is allowed.", + "type": "string" } } }, - "io.k8s.api.core.v1.TopologySelectorTerm": { - "description": "A topology selector term represents the result of label queries. A null or empty topology selector term matches no objects. The requirements of them are ANDed. It provides a subset of functionality as NodeSelectorTerm. This is an alpha feature and may change in the future.", + "com.github.openshift.api.route.v1.RouteStatus": { + "description": "RouteStatus provides relevant info about the status of a route, including which routers acknowledge it.", "type": "object", "properties": { - "matchLabelExpressions": { - "description": "A list of topology selector requirements by labels.", + "ingress": { + "description": "ingress describes the places where the route may be exposed. The list of ingress points may contain duplicate Host or RouterName values. Routes are considered live once they are `Ready`", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.TopologySelectorLabelRequirement" - }, - "x-kubernetes-list-type": "atomic" - } - }, - "x-kubernetes-map-type": "atomic" - }, - "io.k8s.api.core.v1.TopologySpreadConstraint": { - "description": "TopologySpreadConstraint specifies how to spread matching pods among the given topology.", - "type": "object", - "required": [ - "maxSkew", - "topologyKey", - "whenUnsatisfiable" - ], - "properties": { - "labelSelector": { - "description": "LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" - }, - "matchLabelKeys": { - "description": "MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector.\n\nThis is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).", - "type": "array", - "items": { - "type": "string", - "default": "" + "$ref": "#/definitions/com.github.openshift.api.route.v1.RouteIngress" }, "x-kubernetes-list-type": "atomic" - }, - "maxSkew": { - "description": "MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It's a required field. Default value is 1 and 0 is not allowed.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "minDomains": { - "description": "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule.\n\nFor example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew.", - "type": "integer", - "format": "int32" - }, - "nodeAffinityPolicy": { - "description": "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.\n\nIf this value is nil, the behavior is equivalent to the Honor policy.\n\nPossible enum values:\n - `\"Honor\"` means use this scheduling directive when calculating pod topology spread skew.\n - `\"Ignore\"` means ignore this scheduling directive when calculating pod topology spread skew.", - "type": "string", - "enum": [ - "Honor", - "Ignore" - ] - }, - "nodeTaintsPolicy": { - "description": "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included.\n\nIf this value is nil, the behavior is equivalent to the Ignore policy.\n\nPossible enum values:\n - `\"Honor\"` means use this scheduling directive when calculating pod topology spread skew.\n - `\"Ignore\"` means ignore this scheduling directive when calculating pod topology spread skew.", - "type": "string", - "enum": [ - "Honor", - "Ignore" - ] - }, - "topologyKey": { - "description": "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a \"bucket\", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is \"kubernetes.io/hostname\", each Node is a domain of that topology. And, if TopologyKey is \"topology.kubernetes.io/zone\", each zone is a domain of that topology. It's a required field.", - "type": "string", - "default": "" - }, - "whenUnsatisfiable": { - "description": "WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location,\n but giving higher precedence to topologies that would help reduce the\n skew.\nA constraint is considered \"Unsatisfiable\" for an incoming pod if and only if every possible node assignment for that pod would violate \"MaxSkew\" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won't make it *more* imbalanced. It's a required field.\n\nPossible enum values:\n - `\"DoNotSchedule\"` instructs the scheduler not to schedule the pod when constraints are not satisfied.\n - `\"ScheduleAnyway\"` instructs the scheduler to schedule the pod even if constraints are not satisfied.", - "type": "string", - "default": "", - "enum": [ - "DoNotSchedule", - "ScheduleAnyway" - ] } } }, - "io.k8s.api.core.v1.TypedLocalObjectReference": { - "description": "TypedLocalObjectReference contains enough information to let you locate the typed referenced object inside the same namespace.", + "com.github.openshift.api.route.v1.RouteTargetReference": { + "description": "RouteTargetReference specifies the target that resolve into endpoints. Only the 'Service' kind is allowed. Use 'weight' field to emphasize one over others.", "type": "object", "required": [ "kind", "name" ], "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", - "type": "string" - }, "kind": { - "description": "Kind is the type of resource being referenced", + "description": "The kind of target that the route is referring to. Currently, only 'Service' is allowed", "type": "string", "default": "" }, "name": { - "description": "Name is the name of resource being referenced", + "description": "name of the service/target that is being referred to. e.g. name of the service", "type": "string", "default": "" + }, + "weight": { + "description": "weight as an integer between 0 and 256, default 100, that specifies the target's relative weight against other target reference objects. 0 suppresses requests to this backend.", + "type": "integer", + "format": "int32" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "io.k8s.api.core.v1.TypedObjectReference": { - "description": "TypedObjectReference contains enough information to let you locate the typed referenced object", + "com.github.openshift.api.route.v1.RouterShard": { + "description": "RouterShard has information of a routing shard and is used to generate host names and routing table entries when a routing shard is allocated for a specific route. Caveat: This is WIP and will likely undergo modifications when sharding support is added.", "type": "object", "required": [ - "kind", - "name" + "shardName", + "dnsSuffix" ], "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required.", - "type": "string" - }, - "kind": { - "description": "Kind is the type of resource being referenced", + "dnsSuffix": { + "description": "dnsSuffix for the shard ala: shard-1.v3.openshift.com", "type": "string", "default": "" }, - "name": { - "description": "Name is the name of resource being referenced", + "shardName": { + "description": "shardName uniquely identifies a router shard in the \"set\" of routers used for routing traffic to the services.", "type": "string", "default": "" - }, - "namespace": { - "description": "Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.", - "type": "string" } } }, - "io.k8s.api.core.v1.Volume": { - "description": "Volume represents a named volume in a pod that may be accessed by any container in the pod.", + "com.github.openshift.api.route.v1.TLSConfig": { + "description": "TLSConfig defines config used to secure a route and provide termination", "type": "object", "required": [ - "name" + "termination" ], "properties": { - "awsElasticBlockStore": { - "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "$ref": "#/definitions/io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource" - }, - "azureDisk": { - "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver.", - "$ref": "#/definitions/io.k8s.api.core.v1.AzureDiskVolumeSource" - }, - "azureFile": { - "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver.", - "$ref": "#/definitions/io.k8s.api.core.v1.AzureFileVolumeSource" - }, - "cephfs": { - "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.CephFSVolumeSource" - }, - "cinder": { - "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "$ref": "#/definitions/io.k8s.api.core.v1.CinderVolumeSource" - }, - "configMap": { - "description": "configMap represents a configMap that should populate this volume", - "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapVolumeSource" - }, - "csi": { - "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", - "$ref": "#/definitions/io.k8s.api.core.v1.CSIVolumeSource" - }, - "downwardAPI": { - "description": "downwardAPI represents downward API about the pod that should populate this volume", - "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIVolumeSource" - }, - "emptyDir": { - "description": "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "$ref": "#/definitions/io.k8s.api.core.v1.EmptyDirVolumeSource" - }, - "ephemeral": { - "description": "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed.\n\nUse this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information.\n\nA pod can use both types of ephemeral volumes and persistent volumes at the same time.", - "$ref": "#/definitions/io.k8s.api.core.v1.EphemeralVolumeSource" - }, - "fc": { - "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", - "$ref": "#/definitions/io.k8s.api.core.v1.FCVolumeSource" - }, - "flexVolume": { - "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", - "$ref": "#/definitions/io.k8s.api.core.v1.FlexVolumeSource" - }, - "flocker": { - "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.FlockerVolumeSource" - }, - "gcePersistentDisk": { - "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "$ref": "#/definitions/io.k8s.api.core.v1.GCEPersistentDiskVolumeSource" + "caCertificate": { + "description": "caCertificate provides the cert authority certificate contents", + "type": "string" }, - "gitRepo": { - "description": "gitRepo represents a git repository at a particular revision. Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", - "$ref": "#/definitions/io.k8s.api.core.v1.GitRepoVolumeSource" + "certificate": { + "description": "certificate provides certificate contents. This should be a single serving certificate, not a certificate chain. Do not include a CA certificate.", + "type": "string" }, - "glusterfs": { - "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.GlusterfsVolumeSource" + "destinationCACertificate": { + "description": "destinationCACertificate provides the contents of the ca certificate of the final destination. When using reencrypt termination this file should be provided in order to have routers use it for health checks on the secure connection. If this field is not specified, the router may provide its own destination CA and perform hostname validation using the short service name (service.namespace.svc), which allows infrastructure generated certificates to automatically verify.", + "type": "string" }, - "hostPath": { - "description": "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "$ref": "#/definitions/io.k8s.api.core.v1.HostPathVolumeSource" + "externalCertificate": { + "description": "externalCertificate provides certificate contents as a secret reference. This should be a single serving certificate, not a certificate chain. Do not include a CA certificate. The secret referenced should be present in the same namespace as that of the Route. Forbidden when `certificate` is set. The router service account needs to be granted with read-only access to this secret, please refer to openshift docs for additional details.", + "$ref": "#/definitions/com.github.openshift.api.route.v1.LocalObjectReference" }, - "image": { - "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", - "$ref": "#/definitions/io.k8s.api.core.v1.ImageVolumeSource" + "insecureEdgeTerminationPolicy": { + "description": "insecureEdgeTerminationPolicy indicates the desired behavior for insecure connections to a route. While each router may make its own decisions on which ports to expose, this is normally port 80.\n\nIf a route does not specify insecureEdgeTerminationPolicy, then the default behavior is \"None\".\n\n* Allow - traffic is sent to the server on the insecure port (edge/reencrypt terminations only).\n\n* None - no traffic is allowed on the insecure port (default).\n\n* Redirect - clients are redirected to the secure port.", + "type": "string" }, - "iscsi": { - "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi", - "$ref": "#/definitions/io.k8s.api.core.v1.ISCSIVolumeSource" + "key": { + "description": "key provides key file contents", + "type": "string" }, - "name": { - "description": "name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names", + "termination": { + "description": "termination indicates the TLS termination type.\n\n* edge - TLS termination is done by the router and http is used to communicate with the backend (default)\n\n* passthrough - Traffic is sent straight to the destination without the router providing TLS termination\n\n* reencrypt - TLS termination is done by the router and https is used to communicate with the backend\n\nNote: passthrough termination is incompatible with httpHeader actions", "type": "string", "default": "" - }, - "nfs": { - "description": "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "$ref": "#/definitions/io.k8s.api.core.v1.NFSVolumeSource" - }, - "persistentVolumeClaim": { - "description": "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimVolumeSource" - }, - "photonPersistentDisk": { - "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource" - }, - "portworxVolume": { - "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on.", - "$ref": "#/definitions/io.k8s.api.core.v1.PortworxVolumeSource" - }, - "projected": { - "description": "projected items for all in one resources secrets, configmaps, and downward API", - "$ref": "#/definitions/io.k8s.api.core.v1.ProjectedVolumeSource" - }, - "quobyte": { - "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.QuobyteVolumeSource" - }, - "rbd": { - "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.RBDVolumeSource" - }, - "scaleIO": { - "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.ScaleIOVolumeSource" - }, - "secret": { - "description": "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "$ref": "#/definitions/io.k8s.api.core.v1.SecretVolumeSource" - }, - "storageos": { - "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.StorageOSVolumeSource" - }, - "vsphereVolume": { - "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver.", - "$ref": "#/definitions/io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource" } } }, - "io.k8s.api.core.v1.VolumeDevice": { - "description": "volumeDevice describes a mapping of a raw block device within a container.", + "com.github.openshift.api.samples.v1.Config": { + "description": "Config contains the configuration and detailed condition status for the Samples Operator.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "name", - "devicePath" + "metadata", + "spec" ], "properties": { - "devicePath": { - "description": "devicePath is the path inside of the container that the device will be mapped to.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "name": { - "description": "name must match the name of a persistentVolumeClaim in the pod", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.samples.v1.ConfigSpec" + }, + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.samples.v1.ConfigStatus" } } }, - "io.k8s.api.core.v1.VolumeMount": { - "description": "VolumeMount describes a mounting of a Volume within a container.", + "com.github.openshift.api.samples.v1.ConfigCondition": { + "description": "ConfigCondition captures various conditions of the Config as entries are processed.", "type": "object", "required": [ - "name", - "mountPath" + "type", + "status" ], "properties": { - "mountPath": { - "description": "Path within the container at which the volume should be mounted. Must not contain ':'.", - "type": "string", - "default": "" - }, - "mountPropagation": { - "description": "mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified (which defaults to None).\n\nPossible enum values:\n - `\"Bidirectional\"` means that the volume in a container will receive new mounts from the host or other containers, and its own mounts will be propagated from the container to the host or other containers. Note that this mode is recursively applied to all mounts in the volume (\"rshared\" in Linux terminology).\n - `\"HostToContainer\"` means that the volume in a container will receive new mounts from the host or other containers, but filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode is recursively applied to all mounts in the volume (\"rslave\" in Linux terminology).\n - `\"None\"` means that the volume in a container will not receive new mounts from the host or other containers, and filesystems mounted inside the container won't be propagated to the host or other containers. Note that this mode corresponds to \"private\" in Linux terminology.", - "type": "string", - "enum": [ - "Bidirectional", - "HostToContainer", - "None" - ] - }, - "name": { - "description": "This must match the Name of a Volume.", - "type": "string", - "default": "" + "lastTransitionTime": { + "description": "lastTransitionTime is the last time the condition transitioned from one status to another.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "readOnly": { - "description": "Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.", - "type": "boolean" + "lastUpdateTime": { + "description": "lastUpdateTime is the last time this condition was updated.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly specifies whether read-only mounts should be handled recursively.\n\nIf ReadOnly is false, this field has no meaning and must be unspecified.\n\nIf ReadOnly is true, and this field is set to Disabled, the mount is not made recursively read-only. If this field is set to IfPossible, the mount is made recursively read-only, if it is supported by the container runtime. If this field is set to Enabled, the mount is made recursively read-only if it is supported by the container runtime, otherwise the pod will not be started and an error will be generated to indicate the reason.\n\nIf this field is set to IfPossible or Enabled, MountPropagation must be set to None (or be unspecified, which defaults to None).\n\nIf this field is not specified, it is treated as an equivalent of Disabled.", + "message": { + "description": "message is a human readable message indicating details about the transition.", "type": "string" }, - "subPath": { - "description": "Path within the volume from which the container's volume should be mounted. Defaults to \"\" (volume's root).", + "reason": { + "description": "reason is what caused the condition's last transition.", "type": "string" }, - "subPathExpr": { - "description": "Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to \"\" (volume's root). SubPathExpr and SubPath are mutually exclusive.", - "type": "string" - } - } - }, - "io.k8s.api.core.v1.VolumeMountStatus": { - "description": "VolumeMountStatus shows status of volume mounts.", - "type": "object", - "required": [ - "name", - "mountPath" - ], - "properties": { - "mountPath": { - "description": "MountPath corresponds to the original VolumeMount.", + "status": { + "description": "status of the condition, one of True, False, Unknown.", "type": "string", "default": "" }, - "name": { - "description": "Name corresponds to the name of the original VolumeMount.", + "type": { + "description": "type of condition.", "type": "string", "default": "" - }, - "readOnly": { - "description": "ReadOnly corresponds to the original VolumeMount.", - "type": "boolean" - }, - "recursiveReadOnly": { - "description": "RecursiveReadOnly must be set to Disabled, Enabled, or unspecified (for non-readonly mounts). An IfPossible value in the original VolumeMount must be translated to Disabled or Enabled, depending on the mount result.", - "type": "string" } } }, - "io.k8s.api.core.v1.VolumeNodeAffinity": { - "description": "VolumeNodeAffinity defines constraints that limit what nodes this volume can be accessed from.", + "com.github.openshift.api.samples.v1.ConfigList": { + "description": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "metadata", + "items" + ], "properties": { - "required": { - "description": "required specifies hard node constraints that must be met.", - "$ref": "#/definitions/io.k8s.api.core.v1.NodeSelector" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.samples.v1.Config" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.core.v1.VolumeProjection": { - "description": "Projection that may be projected along with other supported volume types. Exactly one of these fields must be set.", + "com.github.openshift.api.samples.v1.ConfigSpec": { + "description": "ConfigSpec contains the desired configuration and state for the Samples Operator, controlling various behavior around the imagestreams and templates it creates/updates in the openshift namespace.", "type": "object", "properties": { - "clusterTrustBundle": { - "description": "ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field of ClusterTrustBundle objects in an auto-updating file.\n\nAlpha, gated by the ClusterTrustBundleProjection feature gate.\n\nClusterTrustBundle objects can either be selected by name, or by the combination of signer name and a label selector.\n\nKubelet performs aggressive normalization of the PEM contents written into the pod filesystem. Esoteric PEM features such as inter-block comments and block headers are stripped. Certificates are deduplicated. The ordering of certificates within the file is arbitrary, and Kubelet may change the order over time.", - "$ref": "#/definitions/io.k8s.api.core.v1.ClusterTrustBundleProjection" - }, - "configMap": { - "description": "configMap information about the configMap data to project", - "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapProjection" + "architectures": { + "description": "architectures determine which hardware architecture(s) to install, where x86_64, ppc64le, and s390x are the only supported choices currently.", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "downwardAPI": { - "description": "downwardAPI information about the downwardAPI data to project", - "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIProjection" + "managementState": { + "description": "managementState is top level on/off type of switch for all operators. When \"Managed\", this operator processes config and manipulates the samples accordingly. When \"Unmanaged\", this operator ignores any updates to the resources it watches. When \"Removed\", it reacts that same wasy as it does if the Config object is deleted, meaning any ImageStreams or Templates it manages (i.e. it honors the skipped lists) and the registry secret are deleted, along with the ConfigMap in the operator's namespace that represents the last config used to manipulate the samples,", + "type": "string" }, - "podCertificate": { - "description": "Projects an auto-rotating credential bundle (private key and certificate chain) that the pod can use either as a TLS client or server.\n\nKubelet generates a private key and uses it to send a PodCertificateRequest to the named signer. Once the signer approves the request and issues a certificate chain, Kubelet writes the key and certificate chain to the pod filesystem. The pod does not start until certificates have been issued for each podCertificate projected volume source in its spec.\n\nKubelet will begin trying to rotate the certificate at the time indicated by the signer using the PodCertificateRequest.Status.BeginRefreshAt timestamp.\n\nKubelet can write a single file, indicated by the credentialBundlePath field, or separate files, indicated by the keyPath and certificateChainPath fields.\n\nThe credential bundle is a single file in PEM format. The first PEM entry is the private key (in PKCS#8 format), and the remaining PEM entries are the certificate chain issued by the signer (typically, signers will return their certificate chain in leaf-to-root order).\n\nPrefer using the credential bundle format, since your application code can read it atomically. If you use keyPath and certificateChainPath, your application must make two separate file reads. If these coincide with a certificate rotation, it is possible that the private key and leaf certificate you read may not correspond to each other. Your application will need to check for this condition, and re-read until they are consistent.\n\nThe named signer controls chooses the format of the certificate it issues; consult the signer implementation's documentation to learn how to use the certificates it issues.", - "$ref": "#/definitions/io.k8s.api.core.v1.PodCertificateProjection" + "samplesRegistry": { + "description": "samplesRegistry allows for the specification of which registry is accessed by the ImageStreams for their image content. Defaults on the content in https://github.com/openshift/library that are pulled into this github repository, but based on our pulling only ocp content it typically defaults to registry.redhat.io.", + "type": "string" }, - "secret": { - "description": "secret information about the secret data to project", - "$ref": "#/definitions/io.k8s.api.core.v1.SecretProjection" + "skippedHelmCharts": { + "description": "skippedHelmCharts specifies names of helm charts that should NOT be managed. Admins can use this to allow them to delete content they don’t want. They will still have to MANUALLY DELETE the content but the operator will not recreate(or update) anything listed here. Few examples of the name of helmcharts which can be skipped are 'redhat-redhat-perl-imagestreams','redhat-redhat-nodejs-imagestreams','redhat-nginx-imagestreams', 'redhat-redhat-ruby-imagestreams','redhat-redhat-python-imagestreams','redhat-redhat-php-imagestreams', 'redhat-httpd-imagestreams','redhat-redhat-dotnet-imagestreams'. Rest of the names can be obtained from openshift console --> helmcharts -->installed helmcharts. This will display the list of all the 12 helmcharts(of imagestreams)being installed by Samples Operator. The skippedHelmCharts must be a valid Kubernetes resource name. May contain only lowercase alphanumeric characters, hyphens and periods, and each period separated segment must begin and end with an alphanumeric character. It must be non-empty and at most 253 characters in length", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "set" }, - "serviceAccountToken": { - "description": "serviceAccountToken is information about the serviceAccountToken data to project", - "$ref": "#/definitions/io.k8s.api.core.v1.ServiceAccountTokenProjection" - } - } - }, - "io.k8s.api.core.v1.VolumeResourceRequirements": { - "description": "VolumeResourceRequirements describes the storage resource requirements for a volume.", - "type": "object", - "properties": { - "limits": { - "description": "Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + "skippedImagestreams": { + "description": "skippedImagestreams specifies names of image streams that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", + "type": "array", + "items": { + "type": "string", + "default": "" } }, - "requests": { - "description": "Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", - "type": "object", - "additionalProperties": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.api.resource.Quantity" + "skippedTemplates": { + "description": "skippedTemplates specifies names of templates that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", + "type": "array", + "items": { + "type": "string", + "default": "" } } } }, - "io.k8s.api.core.v1.VolumeSource": { - "description": "Represents the source of a volume to mount. Only one of its members may be specified.", + "com.github.openshift.api.samples.v1.ConfigStatus": { + "description": "ConfigStatus contains the actual configuration in effect, as well as various details that describe the state of the Samples Operator.", "type": "object", "properties": { - "awsElasticBlockStore": { - "description": "awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: AWSElasticBlockStore is deprecated. All operations for the in-tree awsElasticBlockStore type are redirected to the ebs.csi.aws.com CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore", - "$ref": "#/definitions/io.k8s.api.core.v1.AWSElasticBlockStoreVolumeSource" - }, - "azureDisk": { - "description": "azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. Deprecated: AzureDisk is deprecated. All operations for the in-tree azureDisk type are redirected to the disk.csi.azure.com CSI driver.", - "$ref": "#/definitions/io.k8s.api.core.v1.AzureDiskVolumeSource" - }, - "azureFile": { - "description": "azureFile represents an Azure File Service mount on the host and bind mount to the pod. Deprecated: AzureFile is deprecated. All operations for the in-tree azureFile type are redirected to the file.csi.azure.com CSI driver.", - "$ref": "#/definitions/io.k8s.api.core.v1.AzureFileVolumeSource" - }, - "cephfs": { - "description": "cephFS represents a Ceph FS mount on the host that shares a pod's lifetime. Deprecated: CephFS is deprecated and the in-tree cephfs type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.CephFSVolumeSource" - }, - "cinder": { - "description": "cinder represents a cinder volume attached and mounted on kubelets host machine. Deprecated: Cinder is deprecated. All operations for the in-tree cinder type are redirected to the cinder.csi.openstack.org CSI driver. More info: https://examples.k8s.io/mysql-cinder-pd/README.md", - "$ref": "#/definitions/io.k8s.api.core.v1.CinderVolumeSource" - }, - "configMap": { - "description": "configMap represents a configMap that should populate this volume", - "$ref": "#/definitions/io.k8s.api.core.v1.ConfigMapVolumeSource" - }, - "csi": { - "description": "csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers.", - "$ref": "#/definitions/io.k8s.api.core.v1.CSIVolumeSource" - }, - "downwardAPI": { - "description": "downwardAPI represents downward API about the pod that should populate this volume", - "$ref": "#/definitions/io.k8s.api.core.v1.DownwardAPIVolumeSource" - }, - "emptyDir": { - "description": "emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir", - "$ref": "#/definitions/io.k8s.api.core.v1.EmptyDirVolumeSource" - }, - "ephemeral": { - "description": "ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed.\n\nUse this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity\n tracking are needed,\nc) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through\n a PersistentVolumeClaim (see EphemeralVolumeSource for more\n information on the connection between this volume type\n and PersistentVolumeClaim).\n\nUse PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod.\n\nUse CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information.\n\nA pod can use both types of ephemeral volumes and persistent volumes at the same time.", - "$ref": "#/definitions/io.k8s.api.core.v1.EphemeralVolumeSource" - }, - "fc": { - "description": "fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod.", - "$ref": "#/definitions/io.k8s.api.core.v1.FCVolumeSource" - }, - "flexVolume": { - "description": "flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. Deprecated: FlexVolume is deprecated. Consider using a CSIDriver instead.", - "$ref": "#/definitions/io.k8s.api.core.v1.FlexVolumeSource" - }, - "flocker": { - "description": "flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running. Deprecated: Flocker is deprecated and the in-tree flocker type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.FlockerVolumeSource" - }, - "gcePersistentDisk": { - "description": "gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. Deprecated: GCEPersistentDisk is deprecated. All operations for the in-tree gcePersistentDisk type are redirected to the pd.csi.storage.gke.io CSI driver. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk", - "$ref": "#/definitions/io.k8s.api.core.v1.GCEPersistentDiskVolumeSource" - }, - "gitRepo": { - "description": "gitRepo represents a git repository at a particular revision. Deprecated: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container.", - "$ref": "#/definitions/io.k8s.api.core.v1.GitRepoVolumeSource" - }, - "glusterfs": { - "description": "glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. Deprecated: Glusterfs is deprecated and the in-tree glusterfs type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.GlusterfsVolumeSource" - }, - "hostPath": { - "description": "hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath", - "$ref": "#/definitions/io.k8s.api.core.v1.HostPathVolumeSource" - }, - "image": { - "description": "image represents an OCI object (a container image or artifact) pulled and mounted on the kubelet's host machine. The volume is resolved at pod startup depending on which PullPolicy value is provided:\n\n- Always: the kubelet always attempts to pull the reference. Container creation will fail If the pull fails. - Never: the kubelet never pulls the reference and only uses a local image or artifact. Container creation will fail if the reference isn't present. - IfNotPresent: the kubelet pulls if the reference isn't already present on disk. Container creation will fail if the reference isn't present and the pull fails.\n\nThe volume gets re-resolved if the pod gets deleted and recreated, which means that new remote content will become available on pod recreation. A failure to resolve or pull the image during pod startup will block containers from starting and may add significant latency. Failures will be retried using normal volume backoff and will be reported on the pod reason and message. The types of objects that may be mounted by this volume are defined by the container runtime implementation on a host machine and at minimum must include all valid types supported by the container image field. The OCI object gets mounted in a single directory (spec.containers[*].volumeMounts.mountPath) by merging the manifest layers in the same way as for container images. The volume will be mounted read-only (ro) and non-executable files (noexec). Sub path mounts for containers are not supported (spec.containers[*].volumeMounts.subpath) before 1.33. The field spec.securityContext.fsGroupChangePolicy has no effect on this volume type.", - "$ref": "#/definitions/io.k8s.api.core.v1.ImageVolumeSource" - }, - "iscsi": { - "description": "iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes/#iscsi", - "$ref": "#/definitions/io.k8s.api.core.v1.ISCSIVolumeSource" - }, - "nfs": { - "description": "nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs", - "$ref": "#/definitions/io.k8s.api.core.v1.NFSVolumeSource" - }, - "persistentVolumeClaim": { - "description": "persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims", - "$ref": "#/definitions/io.k8s.api.core.v1.PersistentVolumeClaimVolumeSource" - }, - "photonPersistentDisk": { - "description": "photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine. Deprecated: PhotonPersistentDisk is deprecated and the in-tree photonPersistentDisk type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.PhotonPersistentDiskVolumeSource" - }, - "portworxVolume": { - "description": "portworxVolume represents a portworx volume attached and mounted on kubelets host machine. Deprecated: PortworxVolume is deprecated. All operations for the in-tree portworxVolume type are redirected to the pxd.portworx.com CSI driver when the CSIMigrationPortworx feature-gate is on.", - "$ref": "#/definitions/io.k8s.api.core.v1.PortworxVolumeSource" - }, - "projected": { - "description": "projected items for all in one resources secrets, configmaps, and downward API", - "$ref": "#/definitions/io.k8s.api.core.v1.ProjectedVolumeSource" + "architectures": { + "description": "architectures determine which hardware architecture(s) to install, where x86_64 and ppc64le are the supported choices.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "quobyte": { - "description": "quobyte represents a Quobyte mount on the host that shares a pod's lifetime. Deprecated: Quobyte is deprecated and the in-tree quobyte type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.QuobyteVolumeSource" + "conditions": { + "description": "conditions represents the available maintenance status of the sample imagestreams and templates.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.samples.v1.ConfigCondition" + }, + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "rbd": { - "description": "rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. Deprecated: RBD is deprecated and the in-tree rbd type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.RBDVolumeSource" + "managementState": { + "description": "managementState reflects the current operational status of the on/off switch for the operator. This operator compares the ManagementState as part of determining that we are turning the operator back on (i.e. \"Managed\") when it was previously \"Unmanaged\".", + "type": "string", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "scaleIO": { - "description": "scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. Deprecated: ScaleIO is deprecated and the in-tree scaleIO type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.ScaleIOVolumeSource" + "samplesRegistry": { + "description": "samplesRegistry allows for the specification of which registry is accessed by the ImageStreams for their image content. Defaults on the content in https://github.com/openshift/library that are pulled into this github repository, but based on our pulling only ocp content it typically defaults to registry.redhat.io.", + "type": "string", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "secret": { - "description": "secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret", - "$ref": "#/definitions/io.k8s.api.core.v1.SecretVolumeSource" + "skippedImagestreams": { + "description": "skippedImagestreams specifies names of image streams that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "storageos": { - "description": "storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. Deprecated: StorageOS is deprecated and the in-tree storageos type is no longer supported.", - "$ref": "#/definitions/io.k8s.api.core.v1.StorageOSVolumeSource" + "skippedTemplates": { + "description": "skippedTemplates specifies names of templates that should NOT be created/updated. Admins can use this to allow them to delete content they don’t want. They will still have to manually delete the content but the operator will not recreate(or update) anything listed here.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" }, - "vsphereVolume": { - "description": "vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine. Deprecated: VsphereVolume is deprecated. All operations for the in-tree vsphereVolume type are redirected to the csi.vsphere.vmware.com CSI driver.", - "$ref": "#/definitions/io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource" + "version": { + "description": "version is the value of the operator's payload based version indicator when it was last successfully processed", + "type": "string", + "x-kubernetes-patch-merge-key": "type", + "x-kubernetes-patch-strategy": "merge" } } }, - "io.k8s.api.core.v1.VsphereVirtualDiskVolumeSource": { - "description": "Represents a vSphere volume resource.", + "com.github.openshift.api.security.v1.AllowedFlexVolume": { + "description": "AllowedFlexVolume represents a single Flexvolume that is allowed to be used.", "type": "object", "required": [ - "volumePath" + "driver" ], "properties": { - "fsType": { - "description": "fsType is filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. \"ext4\", \"xfs\", \"ntfs\". Implicitly inferred to be \"ext4\" if unspecified.", - "type": "string" - }, - "storagePolicyID": { - "description": "storagePolicyID is the storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName.", - "type": "string" - }, - "storagePolicyName": { - "description": "storagePolicyName is the storage Policy Based Management (SPBM) profile name.", - "type": "string" - }, - "volumePath": { - "description": "volumePath is the path that identifies vSphere volume vmdk", + "driver": { + "description": "driver is the name of the Flexvolume driver.", "type": "string", "default": "" } } }, - "io.k8s.api.core.v1.WeightedPodAffinityTerm": { - "description": "The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s)", + "com.github.openshift.api.security.v1.FSGroupStrategyOptions": { + "description": "FSGroupStrategyOptions defines the strategy type and options used to create the strategy.", "type": "object", - "required": [ - "weight", - "podAffinityTerm" - ], "properties": { - "podAffinityTerm": { - "description": "Required. A pod affinity term, associated with the corresponding weight.", - "default": {}, - "$ref": "#/definitions/io.k8s.api.core.v1.PodAffinityTerm" + "ranges": { + "description": "ranges are the allowed ranges of fs groups. If you would like to force a single fs group then supply a single range with the same start and end.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.security.v1.IDRange" + }, + "x-kubernetes-list-type": "atomic" }, - "weight": { - "description": "weight associated with matching the corresponding podAffinityTerm, in the range 1-100.", + "type": { + "description": "type is the strategy that will dictate what FSGroup is used in the SecurityContext.", + "type": "string" + } + } + }, + "com.github.openshift.api.security.v1.IDRange": { + "description": "IDRange provides a min/max of an allowed range of IDs.", + "type": "object", + "properties": { + "max": { + "description": "max is the end of the range, inclusive.", "type": "integer", - "format": "int32", - "default": 0 + "format": "int64" + }, + "min": { + "description": "min is the start of the range, inclusive.", + "type": "integer", + "format": "int64" } } }, - "io.k8s.api.core.v1.WindowsSecurityContextOptions": { - "description": "WindowsSecurityContextOptions contain Windows-specific options and credentials.", + "com.github.openshift.api.security.v1.PodSecurityPolicyReview": { + "description": "PodSecurityPolicyReview checks which service accounts (not users, since that would be cluster-wide) can create the `PodTemplateSpec` in question.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "spec" + ], "properties": { - "gmsaCredentialSpec": { - "description": "GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "gmsaCredentialSpecName": { - "description": "GMSACredentialSpecName is the name of the GMSA credential spec to use.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "hostProcess": { - "description": "HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.", - "type": "boolean" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "runAsUserName": { - "description": "The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.", - "type": "string" + "spec": { + "description": "spec is the PodSecurityPolicy to check.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.security.v1.PodSecurityPolicyReviewSpec" + }, + "status": { + "description": "status represents the current information/status for the PodSecurityPolicyReview.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.security.v1.PodSecurityPolicyReviewStatus" } } }, - "io.k8s.api.rbac.v1.AggregationRule": { - "description": "AggregationRule describes how to locate ClusterRoles to aggregate into the ClusterRole", + "com.github.openshift.api.security.v1.PodSecurityPolicyReviewSpec": { + "description": "PodSecurityPolicyReviewSpec defines specification for PodSecurityPolicyReview", "type": "object", + "required": [ + "template" + ], "properties": { - "clusterRoleSelectors": { - "description": "ClusterRoleSelectors holds a list of selectors which will be used to find ClusterRoles and create the rules. If any of the selectors match, then the ClusterRole's permissions will be added", + "serviceAccountNames": { + "description": "serviceAccountNames is an optional set of ServiceAccounts to run the check with. If serviceAccountNames is empty, the template.spec.serviceAccountName is used, unless it's empty, in which case \"default\" is used instead. If serviceAccountNames is specified, template.spec.serviceAccountName is ignored.", + "type": "array", + "items": { + "type": "string", + "default": "" + } + }, + "template": { + "description": "template is the PodTemplateSpec to check. The template.spec.serviceAccountName field is used if serviceAccountNames is empty, unless the template.spec.serviceAccountName is empty, in which case \"default\" is used. If serviceAccountNames is specified, template.spec.serviceAccountName is ignored.", + "default": {}, + "$ref": "#/definitions/PodTemplateSpec.v1.core.api.k8s.io" + } + } + }, + "com.github.openshift.api.security.v1.PodSecurityPolicyReviewStatus": { + "description": "PodSecurityPolicyReviewStatus represents the status of PodSecurityPolicyReview.", + "type": "object", + "properties": { + "allowedServiceAccounts": { + "description": "allowedServiceAccounts returns the list of service accounts in *this* namespace that have the power to create the PodTemplateSpec.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.security.v1.ServiceAccountPodSecurityPolicyReviewStatus" + } } } }, - "io.k8s.api.rbac.v1.ClusterRole": { - "description": "ClusterRole is a cluster level, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding or ClusterRoleBinding.", + "com.github.openshift.api.security.v1.PodSecurityPolicySelfSubjectReview": { + "description": "PodSecurityPolicySelfSubjectReview checks whether this user/SA tuple can create the PodTemplateSpec\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "spec" + ], "properties": { - "aggregationRule": { - "description": "AggregationRule is an optional field that describes how to build the Rules for this ClusterRole. If AggregationRule is set, then the Rules are controller managed and direct changes to Rules will be stomped by the controller.", - "$ref": "#/definitions/io.k8s.api.rbac.v1.AggregationRule" - }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" @@ -50500,26 +51305,41 @@ "type": "string" }, "metadata": { - "description": "Standard object's metadata.", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "rules": { - "description": "Rules holds all the PolicyRules for this ClusterRole", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.rbac.v1.PolicyRule" - }, - "x-kubernetes-list-type": "atomic" + "spec": { + "description": "spec defines specification the PodSecurityPolicySelfSubjectReview.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.security.v1.PodSecurityPolicySelfSubjectReviewSpec" + }, + "status": { + "description": "status represents the current information/status for the PodSecurityPolicySelfSubjectReview.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewStatus" } } }, - "io.k8s.api.rbac.v1.ClusterRoleBinding": { - "description": "ClusterRoleBinding references a ClusterRole, but not contain it. It can reference a ClusterRole in the global namespace, and adds who information via Subject.", + "com.github.openshift.api.security.v1.PodSecurityPolicySelfSubjectReviewSpec": { + "description": "PodSecurityPolicySelfSubjectReviewSpec contains specification for PodSecurityPolicySelfSubjectReview.", "type": "object", "required": [ - "roleRef" + "template" + ], + "properties": { + "template": { + "description": "template is the PodTemplateSpec to check.", + "default": {}, + "$ref": "#/definitions/PodTemplateSpec.v1.core.api.k8s.io" + } + } + }, + "com.github.openshift.api.security.v1.PodSecurityPolicySubjectReview": { + "description": "PodSecurityPolicySubjectReview checks whether a particular user/SA tuple can create the PodTemplateSpec.\n\nCompatibility level 2: Stable within a major release for a minimum of 9 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "spec" ], "properties": { "apiVersion": { @@ -50531,58 +51351,102 @@ "type": "string" }, "metadata": { - "description": "Standard object's metadata.", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "roleRef": { - "description": "RoleRef can only reference a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable.", + "spec": { + "description": "spec defines specification for the PodSecurityPolicySubjectReview.", "default": {}, - "$ref": "#/definitions/io.k8s.api.rbac.v1.RoleRef" + "$ref": "#/definitions/com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewSpec" }, - "subjects": { - "description": "Subjects holds references to the objects the role applies to.", + "status": { + "description": "status represents the current information/status for the PodSecurityPolicySubjectReview.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewStatus" + } + } + }, + "com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewSpec": { + "description": "PodSecurityPolicySubjectReviewSpec defines specification for PodSecurityPolicySubjectReview", + "type": "object", + "required": [ + "template" + ], + "properties": { + "groups": { + "description": "groups is the groups you're testing for.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.rbac.v1.Subject" - }, - "x-kubernetes-list-type": "atomic" + "type": "string", + "default": "" + } + }, + "template": { + "description": "template is the PodTemplateSpec to check. If template.spec.serviceAccountName is empty it will not be defaulted. If its non-empty, it will be checked.", + "default": {}, + "$ref": "#/definitions/PodTemplateSpec.v1.core.api.k8s.io" + }, + "user": { + "description": "user is the user you're testing for. If you specify \"user\" but not \"group\", then is it interpreted as \"What if user were not a member of any groups. If user and groups are empty, then the check is performed using *only* the serviceAccountName in the template.", + "type": "string" } } }, - "io.k8s.api.rbac.v1.ClusterRoleBindingList": { - "description": "ClusterRoleBindingList is a collection of ClusterRoleBindings", + "com.github.openshift.api.security.v1.PodSecurityPolicySubjectReviewStatus": { + "description": "PodSecurityPolicySubjectReviewStatus contains information/status for PodSecurityPolicySubjectReview.", + "type": "object", + "properties": { + "allowedBy": { + "description": "allowedBy is a reference to the rule that allows the PodTemplateSpec. A rule can be a SecurityContextConstraint or a PodSecurityPolicy A `nil`, indicates that it was denied.", + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + }, + "reason": { + "description": "A machine-readable description of why this operation is in the \"Failure\" status. If this value is empty there is no information available.", + "type": "string" + }, + "template": { + "description": "template is the PodTemplateSpec after the defaulting is applied.", + "default": {}, + "$ref": "#/definitions/PodTemplateSpec.v1.core.api.k8s.io" + } + } + }, + "com.github.openshift.api.security.v1.RangeAllocation": { + "description": "RangeAllocation is used so we can easily expose a RangeAllocation typed for security group\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "items" + "range", + "data" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "items": { - "description": "Items is a list of ClusterRoleBindings", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.rbac.v1.ClusterRoleBinding" - } + "data": { + "description": "data is a byte array representing the serialized state of a range allocation. It is a bitmap with each bit set to one to represent a range is taken.", + "type": "string", + "format": "byte" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "Standard object's metadata.", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "range": { + "description": "range is a string representing a unique label for a range of uids, \"1000000000-2000000000/10000\".", + "type": "string", + "default": "" } } }, - "io.k8s.api.rbac.v1.ClusterRoleList": { - "description": "ClusterRoleList is a collection of ClusterRoles", + "com.github.openshift.api.security.v1.RangeAllocationList": { + "description": "RangeAllocationList is a list of RangeAllocations objects\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "items" @@ -50593,11 +51457,11 @@ "type": "string" }, "items": { - "description": "Items is a list of ClusterRoles", + "description": "List of RangeAllocations.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.rbac.v1.ClusterRole" + "$ref": "#/definitions/com.github.openshift.api.security.v1.RangeAllocation" } }, "kind": { @@ -50605,21 +51469,105 @@ "type": "string" }, "metadata": { - "description": "Standard object's metadata.", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.rbac.v1.PolicyRule": { - "description": "PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.", + "com.github.openshift.api.security.v1.RunAsUserStrategyOptions": { + "description": "RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.", + "type": "object", + "properties": { + "type": { + "description": "type is the strategy that will dictate what RunAsUser is used in the SecurityContext.", + "type": "string" + }, + "uid": { + "description": "uid is the user id that containers must run as. Required for the MustRunAs strategy if not using namespace/service account allocated uids.", + "type": "integer", + "format": "int64" + }, + "uidRangeMax": { + "description": "uidRangeMax defines the max value for a strategy that allocates by range.", + "type": "integer", + "format": "int64" + }, + "uidRangeMin": { + "description": "uidRangeMin defines the min value for a strategy that allocates by range.", + "type": "integer", + "format": "int64" + } + } + }, + "com.github.openshift.api.security.v1.SELinuxContextStrategyOptions": { + "description": "SELinuxContextStrategyOptions defines the strategy type and any options used to create the strategy.", + "type": "object", + "properties": { + "seLinuxOptions": { + "description": "seLinuxOptions required to run as; required for MustRunAs", + "$ref": "#/definitions/SELinuxOptions.v1.core.api.k8s.io" + }, + "type": { + "description": "type is the strategy that will dictate what SELinux context is used in the SecurityContext.", + "type": "string" + } + } + }, + "com.github.openshift.api.security.v1.SecurityContextConstraints": { + "description": "SecurityContextConstraints governs the ability to make requests that affect the SecurityContext that will be applied to a container. For historical reasons SCC was exposed under the core Kubernetes API group. That exposure is deprecated and will be removed in a future release - users should instead use the security.openshift.io group to manage SecurityContextConstraints.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "verbs" + "priority", + "allowPrivilegedContainer", + "defaultAddCapabilities", + "requiredDropCapabilities", + "allowedCapabilities", + "allowHostDirVolumePlugin", + "volumes", + "allowHostNetwork", + "allowHostPorts", + "allowHostPID", + "allowHostIPC", + "readOnlyRootFilesystem" ], "properties": { - "apiGroups": { - "description": "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. \"\" represents the core API group and \"*\" represents all API groups.", + "allowHostDirVolumePlugin": { + "description": "allowHostDirVolumePlugin determines if the policy allow containers to use the HostDir volume plugin", + "type": "boolean", + "default": false + }, + "allowHostIPC": { + "description": "allowHostIPC determines if the policy allows host ipc in the containers.", + "type": "boolean", + "default": false + }, + "allowHostNetwork": { + "description": "allowHostNetwork determines if the policy allows the use of HostNetwork in the pod spec.", + "type": "boolean", + "default": false + }, + "allowHostPID": { + "description": "allowHostPID determines if the policy allows host pid in the containers.", + "type": "boolean", + "default": false + }, + "allowHostPorts": { + "description": "allowHostPorts determines if the policy allows host ports in the containers.", + "type": "boolean", + "default": false + }, + "allowPrivilegeEscalation": { + "description": "allowPrivilegeEscalation determines if a pod can request to allow privilege escalation. If unspecified, defaults to true.", + "type": "boolean" + }, + "allowPrivilegedContainer": { + "description": "allowPrivilegedContainer determines if a container can request to be run as privileged.", + "type": "boolean", + "default": false + }, + "allowedCapabilities": { + "description": "allowedCapabilities is a list of capabilities that can be requested to add to the container. Capabilities in this field maybe added at the pod author's discretion. You must not list a capability in both AllowedCapabilities and RequiredDropCapabilities. To allow all capabilities you may use '*'.", "type": "array", "items": { "type": "string", @@ -50627,8 +51575,17 @@ }, "x-kubernetes-list-type": "atomic" }, - "nonResourceURLs": { - "description": "NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as \"pods\" or \"secrets\") or non-resource URL paths (such as \"/api\"), but not both.", + "allowedFlexVolumes": { + "description": "allowedFlexVolumes is a whitelist of allowed Flexvolumes. Empty or nil indicates that all Flexvolumes may be used. This parameter is effective only when the usage of the Flexvolumes is allowed in the \"Volumes\" field.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.security.v1.AllowedFlexVolume" + }, + "x-kubernetes-list-type": "atomic" + }, + "allowedUnsafeSysctls": { + "description": "allowedUnsafeSysctls is a list of explicitly allowed unsafe sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of allowed sysctls. Single * means all unsafe sysctls are allowed. Kubelet has to whitelist all allowed unsafe sysctls explicitly to avoid rejection.\n\nExamples: e.g. \"foo/*\" allows \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" allows \"foo.bar\", \"foo.baz\", etc.", "type": "array", "items": { "type": "string", @@ -50636,8 +51593,12 @@ }, "x-kubernetes-list-type": "atomic" }, - "resourceNames": { - "description": "ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "defaultAddCapabilities": { + "description": "defaultAddCapabilities is the default set of capabilities that will be added to the container unless the pod spec specifically drops the capability. You may not list a capabiility in both DefaultAddCapabilities and RequiredDropCapabilities.", "type": "array", "items": { "type": "string", @@ -50645,8 +51606,12 @@ }, "x-kubernetes-list-type": "atomic" }, - "resources": { - "description": "Resources is a list of resources this rule applies to. '*' represents all resources.", + "defaultAllowPrivilegeEscalation": { + "description": "defaultAllowPrivilegeEscalation controls the default setting for whether a process can gain more privileges than its parent process.", + "type": "boolean" + }, + "forbiddenSysctls": { + "description": "forbiddenSysctls is a list of explicitly forbidden sysctls, defaults to none. Each entry is either a plain sysctl name or ends in \"*\" in which case it is considered as a prefix of forbidden sysctls. Single * means all sysctls are forbidden.\n\nExamples: e.g. \"foo/*\" forbids \"foo/bar\", \"foo/baz\", etc. e.g. \"foo.*\" forbids \"foo.bar\", \"foo.baz\", etc.", "type": "array", "items": { "type": "string", @@ -50654,113 +51619,99 @@ }, "x-kubernetes-list-type": "atomic" }, - "verbs": { - "description": "Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.", + "fsGroup": { + "description": "fsGroup is the strategy that will dictate what fs group is used by the SecurityContext.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.security.v1.FSGroupStrategyOptions" + }, + "groups": { + "description": "The groups that have permission to use this security context constraints", "type": "array", "items": { "type": "string", "default": "" }, "x-kubernetes-list-type": "atomic" - } - } - }, - "io.k8s.api.rbac.v1.Role": { - "description": "Role is a namespaced, logical grouping of PolicyRules that can be referenced as a unit by a RoleBinding.", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "Standard object's metadata.", + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "rules": { - "description": "Rules holds all the PolicyRules for this Role", + "priority": { + "description": "priority influences the sort order of SCCs when evaluating which SCCs to try first for a given pod request based on access in the Users and Groups fields. The higher the int, the higher priority. An unset value is considered a 0 priority. If scores for multiple SCCs are equal they will be sorted from most restrictive to least restrictive. If both priorities and restrictions are equal the SCCs will be sorted by name.", + "type": "integer", + "format": "int32" + }, + "readOnlyRootFilesystem": { + "description": "readOnlyRootFilesystem when set to true will force containers to run with a read only root file system. If the container specifically requests to run with a non-read only root file system the SCC should deny the pod. If set to false the container may run with a read only root file system if it wishes but it will not be forced to.", + "type": "boolean", + "default": false + }, + "requiredDropCapabilities": { + "description": "requiredDropCapabilities are the capabilities that will be dropped from the container. These are required to be dropped and cannot be added.", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.rbac.v1.PolicyRule" + "type": "string", + "default": "" }, "x-kubernetes-list-type": "atomic" - } - } - }, - "io.k8s.api.rbac.v1.RoleBinding": { - "description": "RoleBinding references a role, but does not contain it. It can reference a Role in the same namespace or a ClusterRole in the global namespace. It adds who information via Subjects and namespace information by which namespace it exists in. RoleBindings in a given namespace only have effect in that namespace.", - "type": "object", - "required": [ - "roleRef" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" + "runAsUser": { + "description": "runAsUser is the strategy that will dictate what RunAsUser is used in the SecurityContext.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.security.v1.RunAsUserStrategyOptions" }, - "metadata": { - "description": "Standard object's metadata.", + "seLinuxContext": { + "description": "seLinuxContext is the strategy that will dictate what labels will be set in the SecurityContext.", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + "$ref": "#/definitions/com.github.openshift.api.security.v1.SELinuxContextStrategyOptions" }, - "roleRef": { - "description": "RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. This field is immutable.", + "seccompProfiles": { + "description": "seccompProfiles lists the allowed profiles that may be set for the pod or container's seccomp annotations. An unset (nil) or empty value means that no profiles may be specifid by the pod or container.\tThe wildcard '*' may be used to allow all profiles. When used to generate a value for a pod the first non-wildcard profile will be used as the default.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + }, + "supplementalGroups": { + "description": "supplementalGroups is the strategy that will dictate what supplemental groups are used by the SecurityContext.", "default": {}, - "$ref": "#/definitions/io.k8s.api.rbac.v1.RoleRef" + "$ref": "#/definitions/com.github.openshift.api.security.v1.SupplementalGroupsStrategyOptions" }, - "subjects": { - "description": "Subjects holds references to the objects the role applies to.", + "userNamespaceLevel": { + "description": "userNamespaceLevel determines if the policy allows host users in containers. Valid values are \"AllowHostLevel\", \"RequirePodLevel\", and omitted. When \"AllowHostLevel\" is set, a pod author may set `hostUsers` to either `true` or `false`. When \"RequirePodLevel\" is set, a pod author must set `hostUsers` to `false`. When omitted, the default value is \"AllowHostLevel\".", + "type": "string", + "default": "AllowHostLevel" + }, + "users": { + "description": "The users who have permissions to use this security context constraints", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.rbac.v1.Subject" + "type": "string", + "default": "" }, "x-kubernetes-list-type": "atomic" - } - } - }, - "io.k8s.api.rbac.v1.RoleBindingList": { - "description": "RoleBindingList is a collection of RoleBindings", - "type": "object", - "required": [ - "items" - ], - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" }, - "items": { - "description": "Items is a list of RoleBindings", + "volumes": { + "description": "volumes is a white list of allowed volume plugins. FSType corresponds directly with the field names of a VolumeSource (azureFile, configMap, emptyDir). To allow all volumes you may use \"*\". To allow no volumes, set to [\"none\"].", "type": "array", "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.api.rbac.v1.RoleBinding" - } - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "Standard object's metadata.", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" } } }, - "io.k8s.api.rbac.v1.RoleList": { - "description": "RoleList is a collection of Roles", + "com.github.openshift.api.security.v1.SecurityContextConstraintsList": { + "description": "SecurityContextConstraintsList is a list of SecurityContextConstraints objects\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "items" @@ -50771,11 +51722,11 @@ "type": "string" }, "items": { - "description": "Items is a list of Roles", + "description": "List of security context constraints.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.api.rbac.v1.Role" + "$ref": "#/definitions/com.github.openshift.api.security.v1.SecurityContextConstraints" } }, "kind": { @@ -50783,273 +51734,128 @@ "type": "string" }, "metadata": { - "description": "Standard object's metadata.", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.api.rbac.v1.RoleRef": { - "description": "RoleRef contains information that points to the role being used", - "type": "object", - "required": [ - "apiGroup", - "kind", - "name" - ], - "properties": { - "apiGroup": { - "description": "APIGroup is the group for the resource being referenced", - "type": "string", - "default": "" - }, - "kind": { - "description": "Kind is the type of resource being referenced", - "type": "string", - "default": "" - }, - "name": { - "description": "Name is the name of resource being referenced", - "type": "string", - "default": "" - } - }, - "x-kubernetes-map-type": "atomic" - }, - "io.k8s.api.rbac.v1.Subject": { - "description": "Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names.", + "com.github.openshift.api.security.v1.ServiceAccountPodSecurityPolicyReviewStatus": { + "description": "ServiceAccountPodSecurityPolicyReviewStatus represents ServiceAccount name and related review status", "type": "object", "required": [ - "kind", "name" ], "properties": { - "apiGroup": { - "description": "APIGroup holds the API group of the referenced subject. Defaults to \"\" for ServiceAccount subjects. Defaults to \"rbac.authorization.k8s.io\" for User and Group subjects.", - "type": "string" - }, - "kind": { - "description": "Kind of object being referenced. Values defined by this API group are \"User\", \"Group\", and \"ServiceAccount\". If the Authorizer does not recognized the kind value, the Authorizer should report an error.", - "type": "string", - "default": "" + "allowedBy": { + "description": "allowedBy is a reference to the rule that allows the PodTemplateSpec. A rule can be a SecurityContextConstraint or a PodSecurityPolicy A `nil`, indicates that it was denied.", + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" }, "name": { - "description": "Name of the object being referenced.", + "description": "name contains the allowed and the denied ServiceAccount name", "type": "string", "default": "" }, - "namespace": { - "description": "Namespace of the referenced object. If the object kind is non-namespace, such as \"User\" or \"Group\", and this value is not empty the Authorizer should report an error.", + "reason": { + "description": "A machine-readable description of why this operation is in the \"Failure\" status. If this value is empty there is no information available.", "type": "string" - } - }, - "x-kubernetes-map-type": "atomic" - }, - "io.k8s.apimachinery.pkg.api.resource.Quantity": { - "description": "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n``` ::= \n\n\t(Note that may be empty, from the \"\" case in .)\n\n ::= 0 | 1 | ... | 9 ::= | ::= | . | . | . ::= \"+\" | \"-\" ::= | ::= | | ::= Ki | Mi | Gi | Ti | Pi | Ei\n\n\t(International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\n ::= m | \"\" | k | M | G | T | P | E\n\n\t(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\n ::= \"e\" | \"E\" ```\n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n\n- No precision is lost - No fractional digits will be emitted - The exponent (or suffix) is as large as possible.\n\nThe sign will be omitted unless the number is negative.\n\nExamples:\n\n- 1.5 will be serialized as \"1500m\" - 1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation.", - "type": "string" - }, - "io.k8s.apimachinery.pkg.api.resource.int64Amount": { - "description": "int64Amount represents a fixed precision numerator and arbitrary scale exponent. It is faster than operations on inf.Dec for values that can be represented as int64.", - "type": "object", - "required": [ - "value", - "scale" - ], - "properties": { - "scale": { - "type": "integer", - "format": "int32", - "default": 0 }, - "value": { - "type": "integer", - "format": "int64", - "default": 0 + "template": { + "description": "template is the PodTemplateSpec after the defaulting is applied.", + "default": {}, + "$ref": "#/definitions/PodTemplateSpec.v1.core.api.k8s.io" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.APIGroup": { - "description": "APIGroup contains the name, the supported versions, and the preferred version of a group.", + "com.github.openshift.api.security.v1.SupplementalGroupsStrategyOptions": { + "description": "SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.", "type": "object", - "required": [ - "name", - "versions" - ], "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "name is the name of the group.", - "type": "string", - "default": "" - }, - "preferredVersion": { - "description": "preferredVersion is the version preferred by the API server, which probably is the storage version.", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.GroupVersionForDiscovery" - }, - "serverAddressByClientCIDRs": { - "description": "a map of client CIDR to server address that is serving this group. This is to help clients reach servers in the most network-efficient way possible. Clients can use the appropriate server address as per the CIDR that they match. In case of multiple matches, clients should use the longest matching CIDR. The server returns only those CIDRs that it thinks that the client can match. For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP.", + "ranges": { + "description": "ranges are the allowed ranges of supplemental groups. If you would like to force a single supplemental group then supply a single range with the same start and end.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ServerAddressByClientCIDR" + "$ref": "#/definitions/com.github.openshift.api.security.v1.IDRange" }, "x-kubernetes-list-type": "atomic" }, - "versions": { - "description": "versions are the versions supported in this group.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.GroupVersionForDiscovery" - }, - "x-kubernetes-list-type": "atomic" + "type": { + "description": "type is the strategy that will dictate what supplemental groups is used in the SecurityContext.", + "type": "string" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.APIGroupList": { - "description": "APIGroupList is a list of APIGroup, to allow clients to discover the API at /apis.", + "com.github.openshift.api.securityinternal.v1.RangeAllocation": { + "description": "RangeAllocation is used so we can easily expose a RangeAllocation typed for security group This is an internal API, not intended for external consumption.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "groups" + "range", + "data" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "groups": { - "description": "groups is a list of APIGroup.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIGroup" - }, - "x-kubernetes-list-type": "atomic" + "data": { + "description": "data is a byte array representing the serialized state of a range allocation. It is a bitmap with each bit set to one to represent a range is taken.", + "type": "string", + "format": "byte" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - } - } - }, - "io.k8s.apimachinery.pkg.apis.meta.v1.APIResource": { - "description": "APIResource specifies the name of a resource and whether it is namespaced.", - "type": "object", - "required": [ - "name", - "singularName", - "namespaced", - "kind", - "verbs" - ], - "properties": { - "categories": { - "description": "categories is a list of the grouped resources this resource belongs to (e.g. 'all')", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "group": { - "description": "group is the preferred group of the resource. Empty implies the group of the containing resource list. For subresources, this may have a different value, for example: Scale\".", - "type": "string" - }, - "kind": { - "description": "kind is the kind for the resource (e.g. 'Foo' is the kind for a resource 'foo')", - "type": "string", - "default": "" - }, - "name": { - "description": "name is the plural name of the resource.", - "type": "string", - "default": "" - }, - "namespaced": { - "description": "namespaced indicates if a resource is namespaced or not.", - "type": "boolean", - "default": false }, - "shortNames": { - "description": "shortNames is a list of suggested short names of the resource.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "singularName": { - "description": "singularName is the singular name of the resource. This allows clients to handle plural and singular opaquely. The singularName is more correct for reporting status on a single item and both singular and plural are allowed from the kubectl CLI interface.", + "range": { + "description": "range is a string representing a unique label for a range of uids, \"1000000000-2000000000/10000\".", "type": "string", "default": "" - }, - "storageVersionHash": { - "description": "The hash value of the storage version, the version this resource is converted to when written to the data store. Value must be treated as opaque by clients. Only equality comparison on the value is valid. This is an alpha feature and may change or be removed in the future. The field is populated by the apiserver only if the StorageVersionHash feature gate is enabled. This field will remain optional even if it graduates.", - "type": "string" - }, - "verbs": { - "description": "verbs is a list of supported kube verbs (this includes get, list, watch, create, update, patch, delete, deletecollection, and proxy)", - "type": "array", - "items": { - "type": "string", - "default": "" - } - }, - "version": { - "description": "version is the preferred version of the resource. Empty implies the version of the containing resource list For subresources, this may have a different value, for example: v1 (while inside a v1beta1 version of the core resource's group)\".", - "type": "string" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.APIResourceList": { - "description": "APIResourceList is a list of APIResource, it is used to expose the name of the resources supported in a specific group and version, and if the resource is namespaced.", + "com.github.openshift.api.securityinternal.v1.RangeAllocationList": { + "description": "RangeAllocationList is a list of RangeAllocations objects This is an internal API, not intended for external consumption.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "groupVersion", - "resources" + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "groupVersion": { - "description": "groupVersion is the group and version this APIResourceList is for.", - "type": "string", - "default": "" + "items": { + "description": "List of RangeAllocations.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.securityinternal.v1.RangeAllocation" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "resources": { - "description": "resources contains the name of the resources and if they are namespaced.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.APIResource" - }, - "x-kubernetes-list-type": "atomic" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.APIVersions": { - "description": "APIVersions lists the versions that are available, to allow clients to discover the API at /api, which is the root path of the legacy v1 API.", + "com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfig": { + "description": "ServiceCertSignerOperatorConfig provides information to configure an operator to manage the service cert signing controllers\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "versions", - "serverAddressByClientCIDRs" + "metadata", + "spec", + "status" ], "properties": { "apiVersion": { @@ -51060,428 +51866,395 @@ "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "serverAddressByClientCIDRs": { - "description": "a map of client CIDR to server address that is serving this group. This is to help clients reach servers in the most network-efficient way possible. Clients can use the appropriate server address as per the CIDR that they match. In case of multiple matches, clients should use the longest matching CIDR. The server returns only those CIDRs that it thinks that the client can match. For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ServerAddressByClientCIDR" - }, - "x-kubernetes-list-type": "atomic" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "versions": { - "description": "versions are the api versions that are available.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "spec": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfigSpec" + }, + "status": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfigStatus" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.ApplyOptions": { - "description": "ApplyOptions may be provided when applying an API object. FieldManager is required for apply requests. ApplyOptions is equivalent to PatchOptions. It is provided as a convenience with documentation that speaks specifically to how the options fields relate to apply.", + "com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfigList": { + "description": "ServiceCertSignerOperatorConfigList is a collection of items\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "force", - "fieldManager" + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "dryRun": { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "items": { + "description": "items contains the items", "type": "array", "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "fieldManager": { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required.", - "type": "string", - "default": "" - }, - "force": { - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people.", - "type": "boolean", - "default": false + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfig" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.Condition": { - "description": "Condition contains details for one aspect of the current state of this API Resource.", + "com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfigSpec": { "type": "object", "required": [ - "type", - "status", - "lastTransitionTime", - "reason", - "message" + "managementState" ], "properties": { - "lastTransitionTime": { - "description": "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "logLevel": { + "description": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" }, - "message": { - "description": "message is a human readable message indicating details about the transition. This may be an empty string.", + "managementState": { + "description": "managementState indicates whether and how the operator should manage the component", "type": "string", "default": "" }, - "observedGeneration": { - "description": "observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.", - "type": "integer", - "format": "int64" - }, - "reason": { - "description": "reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.", - "type": "string", - "default": "" + "observedConfig": { + "description": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" }, - "status": { - "description": "status of the condition, one of True, False, Unknown.", - "type": "string", - "default": "" + "operatorLogLevel": { + "description": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", + "type": "string" }, - "type": { - "description": "type of condition in CamelCase or in foo.example.com/CamelCase.", - "type": "string", - "default": "" + "unsupportedConfigOverrides": { + "description": "unsupportedConfigOverrides overrides the final configuration that was computed by the operator. Red Hat does not support the use of this field. Misuse of this field could lead to unexpected behavior or conflict with other configuration options. Seek guidance from the Red Hat support before using this field. Use of this property blocks cluster upgrades, it must be removed before upgrading your cluster.", + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.CreateOptions": { - "description": "CreateOptions may be provided when creating an API object.", + "com.github.openshift.api.servicecertsigner.v1alpha1.ServiceCertSignerOperatorConfigStatus": { "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "conditions": { + "description": "conditions is a list of conditions and their status", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.OperatorCondition" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" }, - "dryRun": { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "generations": { + "description": "generations are used to determine when an item needs to be reconciled or has changed in a way that needs a reaction.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.operator.v1.GenerationStatus" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "group", + "resource", + "namespace", + "name" + ], + "x-kubernetes-list-type": "map" }, - "fieldManager": { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "type": "string" + "latestAvailableRevision": { + "description": "latestAvailableRevision is the deploymentID of the most recent deployment", + "type": "integer", + "format": "int32" }, - "fieldValidation": { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "type": "string" + "observedGeneration": { + "description": "observedGeneration is the last generation change you've dealt with", + "type": "integer", + "format": "int64" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "readyReplicas": { + "description": "readyReplicas indicates how many replicas are ready and at the desired state", + "type": "integer", + "format": "int32", + "default": 0 + }, + "version": { + "description": "version is the level this availability applies to", "type": "string" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.DeleteOptions": { - "description": "DeleteOptions may be provided when deleting an API object.", + "com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMap": { + "description": "SharedConfigMap allows a ConfigMap to be shared across namespaces. Pods can mount the shared ConfigMap by adding a CSI volume to the pod specification using the \"csi.sharedresource.openshift.io\" CSI driver and a reference to the SharedConfigMap in the volume attributes:\n\nspec:\n\n\tvolumes:\n\t- name: shared-configmap\n\t csi:\n\t driver: csi.sharedresource.openshift.io\n\t volumeAttributes:\n\t sharedConfigMap: my-share\n\nFor the mount to be successful, the pod's service account must be granted permission to 'use' the named SharedConfigMap object within its namespace with an appropriate Role and RoleBinding. For compactness, here are example `oc` invocations for creating such Role and RoleBinding objects.\n\n\t`oc create role shared-resource-my-share --verb=use --resource=sharedconfigmaps.sharedresource.openshift.io --resource-name=my-share`\n\t`oc create rolebinding shared-resource-my-share --role=shared-resource-my-share --serviceaccount=my-namespace:default`\n\nShared resource objects, in this case ConfigMaps, have default permissions of list, get, and watch for system authenticated users.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "spec" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "dryRun": { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "gracePeriodSeconds": { - "description": "The duration in seconds before the object should be deleted. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period for the specified type will be used. Defaults to a per object value if not specified. zero means delete immediately.", - "type": "integer", - "format": "int64" - }, - "ignoreStoreReadErrorWithClusterBreakingPotential": { - "description": "if set to true, it will trigger an unsafe deletion of the resource in case the normal deletion flow fails with a corrupt object error. A resource is considered corrupt if it can not be retrieved from the underlying storage successfully because of a) its data can not be transformed e.g. decryption failure, or b) it fails to decode into an object. NOTE: unsafe deletion ignores finalizer constraints, skips precondition checks, and removes the object from the storage. WARNING: This may potentially break the cluster if the workload associated with the resource being unsafe-deleted relies on normal deletion flow. Use only if you REALLY know what you are doing. The default value is false, and the user must opt in to enable it", - "type": "boolean" - }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "orphanDependents": { - "description": "Deprecated: please use the PropagationPolicy, this field will be deprecated in 1.7. Should the dependent objects be orphaned. If true/false, the \"orphan\" finalizer will be added to/removed from the object's finalizers list. Either this field or PropagationPolicy may be set, but not both.", - "type": "boolean" - }, - "preconditions": { - "description": "Must be fulfilled before a deletion is carried out. If not possible, a 409 Conflict status will be returned.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Preconditions" - }, - "propagationPolicy": { - "description": "Whether and how garbage collection will be performed. Either this field or OrphanDependents may be set, but not both. The default policy is decided by the existing finalizer set in the metadata.finalizers and the resource-specific default policy. Acceptable values are: 'Orphan' - orphan the dependents; 'Background' - allow the garbage collector to delete the dependents in the background; 'Foreground' - a cascading policy that deletes all dependents in the foreground.", - "type": "string" - } - } - }, - "io.k8s.apimachinery.pkg.apis.meta.v1.Duration": { - "description": "Duration is a wrapper around time.Duration which supports correct marshaling to YAML and JSON. In particular, it marshals into strings, which can be used as map keys in json.", - "type": "string" - }, - "io.k8s.apimachinery.pkg.apis.meta.v1.FieldSelectorRequirement": { - "description": "FieldSelectorRequirement is a selector that contains values, a key, and an operator that relates the key and values.", - "type": "object", - "required": [ - "key", - "operator" - ], - "properties": { - "key": { - "description": "key is the field selector key that the requirement applies to.", - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. The list of operators may grow in the future.", - "type": "string", - "default": "" + "spec": { + "description": "spec is the specification of the desired shared configmap", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapSpec" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "status": { + "description": "status is the observed status of the shared configmap", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapStatus" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1": { - "description": "FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format.\n\nEach key is either a '.' representing the field itself, and will always map to an empty set, or a string representing a sub-field or item. The string will follow one of these four formats: 'f:', where is the name of a field in a struct, or key in a map 'v:', where is the exact json formatted value of a list item 'i:', where is position of a item in a list 'k:', where is a map of a list item's key fields to their unique values If a key maps to an empty Fields value, the field that key represents is part of the set.\n\nThe exact format is defined in sigs.k8s.io/structured-merge-diff", - "type": "object" - }, - "io.k8s.apimachinery.pkg.apis.meta.v1.GetOptions": { - "description": "GetOptions is the standard query options to the standard REST get call.", + "com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapList": { + "description": "SharedConfigMapList contains a list of SharedConfigMap objects.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support.", "type": "object", + "required": [ + "items" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMap" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "resourceVersion": { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "type": "string" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.GroupKind": { - "description": "GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types", + "com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapReference": { + "description": "SharedConfigMapReference contains information about which ConfigMap to share", "type": "object", "required": [ - "group", - "kind" + "name", + "namespace" ], "properties": { - "group": { + "name": { + "description": "name represents the name of the ConfigMap that is being referenced.", "type": "string", "default": "" }, - "kind": { + "namespace": { + "description": "namespace represents the namespace where the referenced ConfigMap is located.", "type": "string", "default": "" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.GroupResource": { - "description": "GroupResource specifies a Group and a Resource, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types", + "com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapSpec": { + "description": "SharedConfigMapSpec defines the desired state of a SharedConfigMap", "type": "object", "required": [ - "group", - "resource" + "configMapRef" ], "properties": { - "group": { - "type": "string", - "default": "" + "configMapRef": { + "description": "configMapRef is a reference to the ConfigMap to share", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapReference" }, - "resource": { - "type": "string", - "default": "" + "description": { + "description": "description is a user readable explanation of what the backing resource provides.", + "type": "string" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.GroupVersion": { - "description": "GroupVersion contains the \"group\" and the \"version\", which uniquely identifies the API.", + "com.github.openshift.api.sharedresource.v1alpha1.SharedConfigMapStatus": { + "description": "SharedSecretStatus contains the observed status of the shared resource", "type": "object", - "required": [ - "group", - "version" - ], "properties": { - "group": { - "type": "string", - "default": "" - }, - "version": { - "type": "string", - "default": "" + "conditions": { + "description": "conditions represents any observations made on this particular shared resource by the underlying CSI driver or Share controller.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.GroupVersionForDiscovery": { - "description": "GroupVersion contains the \"group/version\" and \"version\" string of a version. It is made a struct to keep extensibility.", + "com.github.openshift.api.sharedresource.v1alpha1.SharedSecret": { + "description": "SharedSecret allows a Secret to be shared across namespaces. Pods can mount the shared Secret by adding a CSI volume to the pod specification using the \"csi.sharedresource.openshift.io\" CSI driver and a reference to the SharedSecret in the volume attributes:\n\nspec:\n\n\tvolumes:\n\t- name: shared-secret\n\t csi:\n\t driver: csi.sharedresource.openshift.io\n\t volumeAttributes:\n\t sharedSecret: my-share\n\nFor the mount to be successful, the pod's service account must be granted permission to 'use' the named SharedSecret object within its namespace with an appropriate Role and RoleBinding. For compactness, here are example `oc` invocations for creating such Role and RoleBinding objects.\n\n\t`oc create role shared-resource-my-share --verb=use --resource=sharedsecrets.sharedresource.openshift.io --resource-name=my-share`\n\t`oc create rolebinding shared-resource-my-share --role=shared-resource-my-share --serviceaccount=my-namespace:default`\n\nShared resource objects, in this case Secrets, have default permissions of list, get, and watch for system authenticated users.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "groupVersion", - "version" + "spec" ], "properties": { - "groupVersion": { - "description": "groupVersion specifies the API group and version in the form \"group/version\"", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "version": { - "description": "version specifies the version in the form of \"version\". This is to save the clients the trouble of splitting the GroupVersion.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec is the specification of the desired shared secret", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedSecretSpec" + }, + "status": { + "description": "status is the observed status of the shared secret", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedSecretStatus" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.GroupVersionKind": { - "description": "GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling", + "com.github.openshift.api.sharedresource.v1alpha1.SharedSecretList": { + "description": "SharedSecretList contains a list of SharedSecret objects.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support.", "type": "object", "required": [ - "group", - "version", - "kind" + "items" ], "properties": { - "group": { - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedSecret" + } }, "kind": { - "type": "string", - "default": "" + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "version": { - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.GroupVersionResource": { - "description": "GroupVersionResource unambiguously identifies a resource. It doesn't anonymously include GroupVersion to avoid automatic coercion. It doesn't use a GroupVersion to avoid custom marshalling", + "com.github.openshift.api.sharedresource.v1alpha1.SharedSecretReference": { + "description": "SharedSecretReference contains information about which Secret to share", "type": "object", "required": [ - "group", - "version", - "resource" + "name", + "namespace" ], "properties": { - "group": { - "type": "string", - "default": "" - }, - "resource": { + "name": { + "description": "name represents the name of the Secret that is being referenced.", "type": "string", "default": "" }, - "version": { + "namespace": { + "description": "namespace represents the namespace where the referenced Secret is located.", "type": "string", "default": "" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.InternalEvent": { - "description": "InternalEvent makes watch.Event versioned", + "com.github.openshift.api.sharedresource.v1alpha1.SharedSecretSpec": { + "description": "SharedSecretSpec defines the desired state of a SharedSecret", "type": "object", "required": [ - "Type", - "Object" + "secretRef" ], "properties": { - "Object": { - "description": "Object is:\n * If Type is Added or Modified: the new state of the object.\n * If Type is Deleted: the state of the object immediately before deletion.\n * If Type is Bookmark: the object (instance of a type being watched) where\n only ResourceVersion field is set. On successful restart of watch from a\n bookmark resourceVersion, client is guaranteed to not get repeat event\n nor miss any events.\n * If Type is Error: *api.Status is recommended; other types may make sense\n depending on context.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.Object" + "description": { + "description": "description is a user readable explanation of what the backing resource provides.", + "type": "string" }, - "Type": { - "type": "string", - "default": "" + "secretRef": { + "description": "secretRef is a reference to the Secret to share", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.sharedresource.v1alpha1.SharedSecretReference" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelector": { - "description": "A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.", + "com.github.openshift.api.sharedresource.v1alpha1.SharedSecretStatus": { + "description": "SharedSecretStatus contains the observed status of the shared resource", "type": "object", "properties": { - "matchExpressions": { - "description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + "conditions": { + "description": "conditions represents any observations made on this particular shared resource by the underlying CSI driver or Share controller.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement" + "$ref": "#/definitions/Condition.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "x-kubernetes-list-type": "atomic" - }, - "matchLabels": { - "description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is \"key\", the operator is \"In\", and the values array contains only \"value\". The requirements are ANDed.", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" - } + "x-kubernetes-list-map-keys": [ + "type" + ], + "x-kubernetes-list-type": "map" } - }, - "x-kubernetes-map-type": "atomic" + } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.LabelSelectorRequirement": { - "description": "A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.", + "com.github.openshift.api.template.v1.BrokerTemplateInstance": { + "description": "BrokerTemplateInstance holds the service broker-related state associated with a TemplateInstance. BrokerTemplateInstance is part of an experimental API.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "key", - "operator" + "spec" ], "properties": { - "key": { - "description": "key is the label key that the selector applies to.", - "type": "string", - "default": "" + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" }, - "operator": { - "description": "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - "type": "string", - "default": "" + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" }, - "values": { - "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - "type": "array", - "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "spec": { + "description": "spec describes the state of this BrokerTemplateInstance.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.template.v1.BrokerTemplateInstanceSpec" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.List": { - "description": "List holds a list of objects, which may not be known by the server.", + "com.github.openshift.api.template.v1.BrokerTemplateInstanceList": { + "description": "BrokerTemplateInstanceList is a list of BrokerTemplateInstance objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "items" @@ -51492,10 +52265,11 @@ "type": "string" }, "items": { - "description": "List of objects", + "description": "items is a list of BrokerTemplateInstances", "type": "array", "items": { - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.template.v1.BrokerTemplateInstance" } }, "kind": { @@ -51503,289 +52277,198 @@ "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta": { - "description": "ListMeta describes metadata that synthetic resources must have, including lists and various status objects. A resource may have only one of {ObjectMeta, ListMeta}.", + "com.github.openshift.api.template.v1.BrokerTemplateInstanceSpec": { + "description": "BrokerTemplateInstanceSpec describes the state of a BrokerTemplateInstance.", "type": "object", + "required": [ + "templateInstance", + "secret" + ], "properties": { - "continue": { - "description": "continue may be set if the user set a limit on the number of items returned, and indicates that the server has more data available. The value is opaque and may be used to issue another request to the endpoint that served this list to retrieve the next set of available objects. Continuing a consistent list may not be possible if the server configuration has changed or more than a few minutes have passed. The resourceVersion field returned when using this continue value will be identical to the value in the first response, unless you have received this token from an error message.", - "type": "string" - }, - "remainingItemCount": { - "description": "remainingItemCount is the number of subsequent items in the list which are not included in this list response. If the list request contained label or field selectors, then the number of remaining items is unknown and the field will be left unset and omitted during serialization. If the list is complete (either because it is not chunking or because this is the last chunk), then there are no more remaining items and this field will be left unset and omitted during serialization. Servers older than v1.15 do not set this field. The intended use of the remainingItemCount is *estimating* the size of a collection. Clients should not rely on the remainingItemCount to be set or to be exact.", - "type": "integer", - "format": "int64" + "bindingIDs": { + "description": "bindingIDs is a list of 'binding_id's provided during successive bind calls to the template service broker.", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, - "resourceVersion": { - "description": "String that identifies the server's internal version of this object that can be used by clients to determine when objects have changed. Value must be treated as opaque by clients and passed unmodified back to the server. Populated by the system. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" + "secret": { + "description": "secret is a reference to a Secret object residing in a namespace, containing the necessary template parameters.", + "default": {}, + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" }, - "selfLink": { - "description": "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.", - "type": "string" + "templateInstance": { + "description": "templateInstance is a reference to a TemplateInstance object residing in a namespace.", + "default": {}, + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.ListOptions": { - "description": "ListOptions is the query options to a standard REST list call.", + "com.github.openshift.api.template.v1.Parameter": { + "description": "Parameter defines a name/value variable that is to be processed during the Template to Config transformation.", "type": "object", + "required": [ + "name" + ], "properties": { - "allowWatchBookmarks": { - "description": "allowWatchBookmarks requests watch events with type \"BOOKMARK\". Servers that do not implement bookmarks may ignore this flag and bookmarks are sent at the server's discretion. Clients should not assume bookmarks are returned at any specific interval, nor may they assume the server will send any BOOKMARK event during a session. If this is not a watch, this field is ignored.", - "type": "boolean" - }, - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "continue": { - "description": "The continue option should be set when retrieving more results from the server. Since this value is server defined, clients may only use the continue value from a previous query result with identical query parameters (except for the value of continue) and the server may reject a continue value it does not recognize. If the specified continue value is no longer valid whether due to expiration (generally five to fifteen minutes) or a configuration change on the server, the server will respond with a 410 ResourceExpired error together with a continue token. If the client needs a consistent list, it must restart their list without the continue field. Otherwise, the client may send another list request with the token received with the 410 error, the server will respond with a list starting from the next key, but from the latest snapshot, which is inconsistent from the previous list results - objects that are created, modified, or deleted after the first list request will be included in the response, as long as their keys are after the \"next key\".\n\nThis field is not supported when watch is true. Clients may start a watch from the last resourceVersion value returned by the server and not miss any modifications.", - "type": "string" - }, - "fieldSelector": { - "description": "A selector to restrict the list of returned objects by their fields. Defaults to everything.", + "description": { + "description": "description of a parameter. Optional.", "type": "string" }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "displayName": { + "description": "Optional: The name that will show in UI instead of parameter 'Name'", "type": "string" }, - "labelSelector": { - "description": "A selector to restrict the list of returned objects by their labels. Defaults to everything.", + "from": { + "description": "from is an input value for the generator. Optional.", "type": "string" }, - "limit": { - "description": "limit is a maximum number of responses to return for a list call. If more items exist, the server will set the `continue` field on the list metadata to a value that can be used with the same initial query to retrieve the next set of results. Setting a limit may return fewer than the requested amount of items (up to zero items) in the event all requested objects are filtered out and clients should only use the presence of the continue field to determine whether more results are available. Servers may choose not to support the limit argument and will return all of the available results. If limit is specified and the continue field is empty, clients may assume that no more results are available. This field is not supported if watch is true.\n\nThe server guarantees that the objects returned when using continue will be identical to issuing a single list call without a limit - that is, no objects created, modified, or deleted after the first request is issued will be included in any subsequent continued requests. This is sometimes referred to as a consistent snapshot, and ensures that a client that is using limit to receive smaller chunks of a very large result can ensure they see all possible objects. If objects are updated during a chunked list the version of the object that was present at the time the first list result was calculated is returned.", - "type": "integer", - "format": "int64" - }, - "resourceVersion": { - "description": "resourceVersion sets a constraint on what resource versions a request may be served from. See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", + "generate": { + "description": "generate specifies the generator to be used to generate random string from an input value specified by From field. The result string is stored into Value field. If empty, no generator is being used, leaving the result Value untouched. Optional.\n\nThe only supported generator is \"expression\", which accepts a \"from\" value in the form of a simple regular expression containing the range expression \"[a-zA-Z0-9]\", and the length expression \"a{length}\".\n\nExamples:\n\nfrom | value ----------------------------- \"test[0-9]{1}x\" | \"test7x\" \"[0-1]{8}\" | \"01001100\" \"0x[A-F0-9]{4}\" | \"0xB3AF\" \"[a-zA-Z0-9]{8}\" | \"hW4yQU5i\"", "type": "string" }, - "resourceVersionMatch": { - "description": "resourceVersionMatch determines how resourceVersion is applied to list calls. It is highly recommended that resourceVersionMatch be set for list calls where resourceVersion is set See https://kubernetes.io/docs/reference/using-api/api-concepts/#resource-versions for details.\n\nDefaults to unset", - "type": "string" + "name": { + "description": "name must be set and it can be referenced in Template Items using ${PARAMETER_NAME}. Required.", + "type": "string", + "default": "" }, - "sendInitialEvents": { - "description": "`sendInitialEvents=true` may be set together with `watch=true`. In that case, the watch stream will begin with synthetic events to produce the current state of objects in the collection. Once all such events have been sent, a synthetic \"Bookmark\" event will be sent. The bookmark will report the ResourceVersion (RV) corresponding to the set of objects, and be marked with `\"k8s.io/initial-events-end\": \"true\"` annotation. Afterwards, the watch stream will proceed as usual, sending watch events corresponding to changes (subsequent to the RV) to objects watched.\n\nWhen `sendInitialEvents` option is set, we require `resourceVersionMatch` option to also be set. The semantic of the watch request is as following: - `resourceVersionMatch` = NotOlderThan\n is interpreted as \"data at least as new as the provided `resourceVersion`\"\n and the bookmark event is send when the state is synced\n to a `resourceVersion` at least as fresh as the one provided by the ListOptions.\n If `resourceVersion` is unset, this is interpreted as \"consistent read\" and the\n bookmark event is send when the state is synced at least to the moment\n when request started being processed.\n- `resourceVersionMatch` set to any other value or unset\n Invalid error is returned.\n\nDefaults to true if `resourceVersion=\"\"` or `resourceVersion=\"0\"` (for backward compatibility reasons) and to false otherwise.", + "required": { + "description": "Optional: Indicates the parameter must have a value. Defaults to false.", "type": "boolean" }, - "timeoutSeconds": { - "description": "Timeout for the list/watch call. This limits the duration of the call, regardless of any activity or inactivity.", - "type": "integer", - "format": "int64" - }, - "watch": { - "description": "Watch for changes to the described resources and return them as a stream of add, update, and remove notifications. Specify resourceVersion.", - "type": "boolean" + "value": { + "description": "value holds the Parameter data. If specified, the generator will be ignored. The value replaces all occurrences of the Parameter ${Name} expression during the Template to Config transformation. Optional.", + "type": "string" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry": { - "description": "ManagedFieldsEntry is a workflow-id, a FieldSet and the group version of the resource that the fieldset applies to.", + "com.github.openshift.api.template.v1.Template": { + "description": "Template contains the inputs needed to produce a Config.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "objects" + ], "properties": { "apiVersion": { - "description": "APIVersion defines the version of this resource that this field set applies to. The format is \"group/version\" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.", - "type": "string" - }, - "fieldsType": { - "description": "FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: \"FieldsV1\"", - "type": "string" - }, - "fieldsV1": { - "description": "FieldsV1 holds the first JSON version format as described in the \"FieldsV1\" type.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.FieldsV1" - }, - "manager": { - "description": "Manager is an identifier of the workflow managing these fields.", - "type": "string" - }, - "operation": { - "description": "Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are 'Apply' and 'Update'.", + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "subresource": { - "description": "Subresource is the name of the subresource used to update that object, or empty string if the object was updated through the main resource. The value of this field is used to distinguish between managers, even if they share the same name. For example, a status update will be distinct from a regular update using the same manager name. Note that the APIVersion field is not related to the Subresource field and it always corresponds to the version of the main resource.", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "time": { - "description": "Time is the timestamp of when the ManagedFields entry was added. The timestamp will also be updated if a field is added, the manager changes any of the owned fields value or removes a field. The timestamp does not update when a field is removed from the entry because another manager took it over.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - } - } - }, - "io.k8s.apimachinery.pkg.apis.meta.v1.MicroTime": { - "description": "MicroTime is version of Time with microsecond level precision.", - "type": "string", - "format": "date-time" - }, - "io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta": { - "description": "ObjectMeta is metadata that all persisted resources must have, which includes all objects users must create.", - "type": "object", - "properties": { - "annotations": { - "description": "Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations", + "labels": { + "description": "labels is a optional set of labels that are applied to every object during the Template to Config transformation.", "type": "object", "additionalProperties": { "type": "string", "default": "" } }, - "creationTimestamp": { - "description": "CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" - }, - "deletionGracePeriodSeconds": { - "description": "Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.", - "type": "integer", - "format": "int64" + "message": { + "description": "message is an optional instructional message that will be displayed when this template is instantiated. This field should inform the user how to utilize the newly created resources. Parameter substitution will be performed on the message before being displayed so that generated credentials and other parameters can be included in the output.", + "type": "string" }, - "deletionTimestamp": { - "description": "DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested.\n\nPopulated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.Time" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "finalizers": { - "description": "Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.", + "objects": { + "description": "objects is an array of resources to include in this template. If a namespace value is hardcoded in the object, it will be removed during template instantiation, however if the namespace value is, or contains, a ${PARAMETER_REFERENCE}, the resolved value after parameter substitution will be respected and the object will be created in that namespace.", "type": "array", "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "set", - "x-kubernetes-patch-strategy": "merge" - }, - "generateName": { - "description": "GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server.\n\nIf this field is specified and the generated name exists, the server will return a 409.\n\nApplied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency", - "type": "string" - }, - "generation": { - "description": "A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.", - "type": "integer", - "format": "int64" - }, - "labels": { - "description": "Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels", - "type": "object", - "additionalProperties": { - "type": "string", - "default": "" + "$ref": "#/definitions/RawExtension.runtime.pkg.apimachinery.k8s.io" } }, - "managedFields": { - "description": "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object.", + "parameters": { + "description": "parameters is an optional array of Parameters used during the Template to Config transformation.", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ManagedFieldsEntry" - }, - "x-kubernetes-list-type": "atomic" - }, - "name": { - "description": "Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names", + "$ref": "#/definitions/com.github.openshift.api.template.v1.Parameter" + } + } + } + }, + "com.github.openshift.api.template.v1.TemplateInstance": { + "description": "TemplateInstance requests and records the instantiation of a Template. TemplateInstance is part of an experimental API.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", + "type": "object", + "required": [ + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "namespace": { - "description": "Namespace defines the space within which each name must be unique. An empty namespace is equivalent to the \"default\" namespace, but \"default\" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty.\n\nMust be a DNS_LABEL. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces", + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "ownerReferences": { - "description": "List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference" - }, - "x-kubernetes-list-map-keys": [ - "uid" - ], - "x-kubernetes-list-type": "map", - "x-kubernetes-patch-merge-key": "uid", - "x-kubernetes-patch-strategy": "merge" - }, - "resourceVersion": { - "description": "An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources.\n\nPopulated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency", - "type": "string" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "selfLink": { - "description": "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.", - "type": "string" + "spec": { + "description": "spec describes the desired state of this TemplateInstance.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.template.v1.TemplateInstanceSpec" }, - "uid": { - "description": "UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations.\n\nPopulated by the system. Read-only. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", - "type": "string" + "status": { + "description": "status describes the current state of this TemplateInstance.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.template.v1.TemplateInstanceStatus" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.OwnerReference": { - "description": "OwnerReference contains enough information to let you identify an owning object. An owning object must be in the same namespace as the dependent, or be cluster-scoped, so there is no namespace field.", + "com.github.openshift.api.template.v1.TemplateInstanceCondition": { + "description": "TemplateInstanceCondition contains condition information for a TemplateInstance.", "type": "object", "required": [ - "apiVersion", - "kind", - "name", - "uid" + "type", + "status", + "lastTransitionTime", + "reason", + "message" ], "properties": { - "apiVersion": { - "description": "API version of the referent.", + "lastTransitionTime": { + "description": "lastTransitionTime is the last time a condition status transitioned from one state to another.", + "$ref": "#/definitions/Time.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "message": { + "description": "message is a human readable description of the details of the last transition, complementing reason.", "type": "string", "default": "" }, - "blockOwnerDeletion": { - "description": "If true, AND if the owner has the \"foregroundDeletion\" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion for how the garbage collector interacts with this field and enforces the foreground deletion. Defaults to false. To set this field, a user needs \"delete\" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.", - "type": "boolean" - }, - "controller": { - "description": "If true, this reference points to the managing controller.", - "type": "boolean" - }, - "kind": { - "description": "Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "reason": { + "description": "reason is a brief machine readable explanation for the condition's last transition.", "type": "string", "default": "" }, - "name": { - "description": "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names", + "status": { + "description": "status of the condition, one of True, False or Unknown.", "type": "string", "default": "" }, - "uid": { - "description": "UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", + "type": { + "description": "type of the condition, currently Ready or InstantiateFailure.", "type": "string", "default": "" } - }, - "x-kubernetes-map-type": "atomic" - }, - "io.k8s.apimachinery.pkg.apis.meta.v1.PartialObjectMetadata": { - "description": "PartialObjectMetadata is a generic representation of any object with ObjectMeta. It allows clients to get access to a particular ObjectMeta schema without knowing the details of the version.", - "type": "object", - "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "metadata": { - "description": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" - } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.PartialObjectMetadataList": { - "description": "PartialObjectMetadataList contains a list of objects containing only their metadata", + "com.github.openshift.api.template.v1.TemplateInstanceList": { + "description": "TemplateInstanceList is a list of TemplateInstance objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ "items" @@ -51796,11 +52479,11 @@ "type": "string" }, "items": { - "description": "items contains each of the included items.", + "description": "items is a list of Templateinstances", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.PartialObjectMetadata" + "$ref": "#/definitions/com.github.openshift.api.template.v1.TemplateInstance" } }, "kind": { @@ -51808,490 +52491,367 @@ "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.Patch": { - "description": "Patch is provided to give a concrete name and type to the Kubernetes PATCH request body.", - "type": "object" + "com.github.openshift.api.template.v1.TemplateInstanceObject": { + "description": "TemplateInstanceObject references an object created by a TemplateInstance.", + "type": "object", + "properties": { + "ref": { + "description": "ref is a reference to the created object. When used under .spec, only name and namespace are used; these can contain references to parameters which will be substituted following the usual rules.", + "default": {}, + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + } + } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.PatchOptions": { - "description": "PatchOptions may be provided when patching an API object. PatchOptions is meant to be a superset of UpdateOptions.", + "com.github.openshift.api.template.v1.TemplateInstanceRequester": { + "description": "TemplateInstanceRequester holds the identity of an agent requesting a template instantiation.", "type": "object", "properties": { - "apiVersion": { - "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", - "type": "string" + "extra": { + "description": "extra holds additional information provided by the authenticator.", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string", + "default": "" + } + } }, - "dryRun": { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "groups": { + "description": "groups represent the groups this user is a part of.", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "fieldManager": { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint. This field is required for apply requests (application/apply-patch) but optional for non-apply patch types (JsonPatch, MergePatch, StrategicMergePatch).", - "type": "string" + } }, - "fieldValidation": { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", + "uid": { + "description": "uid is a unique value that identifies this user across time; if this user is deleted and another user by the same name is added, they will have different UIDs.", "type": "string" }, - "force": { - "description": "Force is going to \"force\" Apply requests. It means user will re-acquire conflicting fields owned by other people. Force flag must be unset for non-apply patch requests.", - "type": "boolean" - }, - "kind": { - "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "username": { + "description": "username uniquely identifies this user among all active users.", "type": "string" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.Preconditions": { - "description": "Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out.", + "com.github.openshift.api.template.v1.TemplateInstanceSpec": { + "description": "TemplateInstanceSpec describes the desired state of a TemplateInstance.", "type": "object", + "required": [ + "template" + ], "properties": { - "resourceVersion": { - "description": "Specifies the target ResourceVersion", - "type": "string" + "requester": { + "description": "requester holds the identity of the agent requesting the template instantiation.", + "$ref": "#/definitions/com.github.openshift.api.template.v1.TemplateInstanceRequester" }, - "uid": { - "description": "Specifies the target UID.", - "type": "string" + "secret": { + "description": "secret is a reference to a Secret object containing the necessary template parameters.", + "$ref": "#/definitions/LocalObjectReference.v1.core.api.k8s.io" + }, + "template": { + "description": "template is a full copy of the template for instantiation.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.template.v1.Template" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.RootPaths": { - "description": "RootPaths lists the paths available at root. For example: \"/healthz\", \"/apis\".", + "com.github.openshift.api.template.v1.TemplateInstanceStatus": { + "description": "TemplateInstanceStatus describes the current state of a TemplateInstance.", "type": "object", - "required": [ - "paths" - ], "properties": { - "paths": { - "description": "paths are the paths available at root.", + "conditions": { + "description": "conditions represent the latest available observations of a TemplateInstance's current state.", "type": "array", "items": { - "type": "string", - "default": "" - }, - "x-kubernetes-list-type": "atomic" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.template.v1.TemplateInstanceCondition" + } + }, + "objects": { + "description": "objects references the objects created by the TemplateInstance.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.template.v1.TemplateInstanceObject" + } } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.ServerAddressByClientCIDR": { - "description": "ServerAddressByClientCIDR helps the client to determine the server address that they should use, depending on the clientCIDR that they match.", + "com.github.openshift.api.template.v1.TemplateList": { + "description": "TemplateList is a list of Template objects.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "clientCIDR", - "serverAddress" + "items" ], - "properties": { - "clientCIDR": { - "description": "The CIDR with which clients can match their IP to figure out the server address that they should use.", - "type": "string", - "default": "" - }, - "serverAddress": { - "description": "Address of this server, suitable for a client that matches the above CIDR. This can be a hostname, hostname:port, IP or IP:port.", - "type": "string", - "default": "" - } - } - }, - "io.k8s.apimachinery.pkg.apis.meta.v1.Status": { - "description": "Status is a return value for calls that don't return other objects.", - "type": "object", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "code": { - "description": "Suggested HTTP return code for this status, 0 if not set.", - "type": "integer", - "format": "int32" - }, - "details": { - "description": "Extended data associated with the reason. Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.StatusDetails", - "x-kubernetes-list-type": "atomic" + "items": { + "description": "items is a list of templates", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.template.v1.Template" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "message": { - "description": "A human-readable description of the status of this operation.", - "type": "string" - }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - }, - "reason": { - "description": "A machine-readable description of why this operation is in the \"Failure\" status. If this value is empty there is no information available. A Reason clarifies an HTTP status code but does not override it.", - "type": "string" - }, - "status": { - "description": "Status of the operation. One of: \"Success\" or \"Failure\". More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status", - "type": "string" - } - } - }, - "io.k8s.apimachinery.pkg.apis.meta.v1.StatusCause": { - "description": "StatusCause provides more information about an api.Status failure, including cases when multiple errors are encountered.", - "type": "object", - "properties": { - "field": { - "description": "The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional.\n\nExamples:\n \"name\" - the field \"name\" on the current resource\n \"items[0].name\" - the field \"name\" on the first array entry in \"items\"", - "type": "string" - }, - "message": { - "description": "A human-readable description of the cause of the error. This field may be presented as-is to a reader.", - "type": "string" - }, - "reason": { - "description": "A machine-readable description of the cause of the error. If this value is empty there is no information available.", - "type": "string" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.StatusDetails": { - "description": "StatusDetails is a set of additional properties that MAY be set by the server to provide additional information about a response. The Reason field of a Status object defines what attributes will be set. Clients must ignore fields that do not match the defined type of each attribute, and should assume that any attribute may be empty, invalid, or under defined.", + "com.github.openshift.api.user.v1.Group": { + "description": "Group represents a referenceable set of Users\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "users" + ], "properties": { - "causes": { - "description": "The Causes array includes more details associated with the StatusReason failure. Not all StatusReasons may provide detailed causes.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.StatusCause" - }, - "x-kubernetes-list-type": "atomic" - }, - "group": { - "description": "The group attribute of the resource associated with the status StatusReason.", + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { - "description": "The kind attribute of the resource associated with the status StatusReason. On some operations may differ from the requested resource Kind. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", - "type": "string" - }, - "name": { - "description": "The name attribute of the resource associated with the status StatusReason (when there is a single name which can be described).", + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, - "retryAfterSeconds": { - "description": "If specified, the time in seconds before the operation should be retried. Some errors may indicate the client must take an alternate action - for those errors this field may indicate how long to wait before taking the alternate action.", - "type": "integer", - "format": "int32" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "uid": { - "description": "UID of the resource. (when there is a single resource which can be described). More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids", - "type": "string" + "users": { + "description": "users is the list of users in this group.", + "type": "array", + "items": { + "type": "string", + "default": "" + } } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.Table": { - "description": "Table is a tabular representation of a set of API resources. The server transforms the object into a set of preferred columns for quickly reviewing the objects.", + "com.github.openshift.api.user.v1.GroupList": { + "description": "GroupList is a collection of Groups\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "columnDefinitions", - "rows" + "items" ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "columnDefinitions": { - "description": "columnDefinitions describes each column in the returned items array. The number of cells per row will always match the number of column definitions.", + "items": { + "description": "items is the list of groups", "type": "array", "items": { "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.TableColumnDefinition" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/com.github.openshift.api.user.v1.Group" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { - "description": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" - }, - "rows": { - "description": "rows is the list of items in the table.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.TableRow" - }, - "x-kubernetes-list-type": "atomic" + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.TableColumnDefinition": { - "description": "TableColumnDefinition contains information about a column returned in the Table.", + "com.github.openshift.api.user.v1.Identity": { + "description": "Identity records a successful authentication of a user with an identity provider. The information about the source of authentication is stored on the identity, and the identity is then associated with a single user object. Multiple identities can reference a single user. Information retrieved from the authentication provider is stored in the extra field using a schema determined by the provider.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "name", - "type", - "format", - "description", - "priority" + "providerName", + "providerUserName", + "user" ], - "properties": { - "description": { - "description": "description is a human readable description of this column.", - "type": "string", - "default": "" - }, - "format": { - "description": "format is an optional OpenAPI type modifier for this column. A format modifies the type and imposes additional rules, like date or time formatting for a string. The 'name' format is applied to the primary identifier column which has type 'string' to assist in clients identifying column is the resource name. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more.", - "type": "string", - "default": "" - }, - "name": { - "description": "name is a human readable name for the column.", - "type": "string", - "default": "" - }, - "priority": { - "description": "priority is an integer defining the relative importance of this column compared to others. Lower numbers are considered higher priority. Columns that may be omitted in limited space scenarios should be given a higher priority.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "type": { - "description": "type is an OpenAPI type definition for this column, such as number, integer, string, or array. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types for more.", - "type": "string", - "default": "" - } - } - }, - "io.k8s.apimachinery.pkg.apis.meta.v1.TableOptions": { - "description": "TableOptions are used when a Table is requested by the caller.", - "type": "object", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "includeObject": { - "description": "includeObject decides whether to include each object along with its columnar information. Specifying \"None\" will return no object, specifying \"Object\" will return the full object contents, and specifying \"Metadata\" (the default) will return the object's metadata in the PartialObjectMetadata kind in version v1beta1 of the meta.k8s.io API group.", - "type": "string" + "extra": { + "description": "extra holds extra information about this identity", + "type": "object", + "additionalProperties": { + "type": "string", + "default": "" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - } - } - }, - "io.k8s.apimachinery.pkg.apis.meta.v1.TableRow": { - "description": "TableRow is an individual row in a table.", - "type": "object", - "required": [ - "cells" - ], - "properties": { - "cells": { - "description": "cells will be as wide as the column definitions array and may contain strings, numbers (float64 or int64), booleans, simple maps, lists, or null. See the type field of the column definition for a more detailed description.", - "type": "array", - "items": { - "type": "object" - }, - "x-kubernetes-list-type": "atomic" - }, - "conditions": { - "description": "conditions describe additional status of a row that are relevant for a human user. These conditions apply to the row, not to the object, and will be specific to table output. The only defined condition type is 'Completed', for a row that indicates a resource that has run to completion and can be given less visual priority.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.TableRowCondition" - }, - "x-kubernetes-list-type": "atomic" - }, - "object": { - "description": "This field contains the requested additional information about each object based on the includeObject policy when requesting the Table. If \"None\", this field is empty, if \"Object\" this will be the default serialization of the object for the current API version, and if \"Metadata\" (the default) will contain the object metadata. Check the returned kind and apiVersion of the object before parsing. The media type of the object will always match the enclosing list - if this as a JSON table, these will be JSON encoded objects.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" - } - } - }, - "io.k8s.apimachinery.pkg.apis.meta.v1.TableRowCondition": { - "description": "TableRowCondition allows a row to be marked with additional information.", - "type": "object", - "required": [ - "type", - "status" - ], - "properties": { - "message": { - "description": "Human readable message indicating details about last transition.", - "type": "string" }, - "reason": { - "description": "(brief) machine readable reason for the condition's last transition.", - "type": "string" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" }, - "status": { - "description": "Status of the condition, one of True, False, Unknown.", + "providerName": { + "description": "providerName is the source of identity information", "type": "string", "default": "" }, - "type": { - "description": "Type of row condition. The only defined value is 'Completed' indicating that the object this row represents has reached a completed state and may be given less visual priority than other rows. Clients are not required to honor any conditions but should be consistent where possible about handling the conditions.", + "providerUserName": { + "description": "providerUserName uniquely represents this identity in the scope of the provider", "type": "string", "default": "" + }, + "user": { + "description": "user is a reference to the user this identity is associated with Both Name and UID must be set", + "default": {}, + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.Time": { - "description": "Time is a wrapper around time.Time which supports correct marshaling to YAML and JSON. Wrappers are provided for many of the factory methods that the time package offers.", - "type": "string", - "format": "date-time" - }, - "io.k8s.apimachinery.pkg.apis.meta.v1.Timestamp": { - "description": "Timestamp is a struct that is equivalent to Time, but intended for protobuf marshalling/unmarshalling. It is generated into a serialization that matches Time. Do not use in Go structs.", + "com.github.openshift.api.user.v1.IdentityList": { + "description": "IdentityList is a collection of Identities\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "seconds", - "nanos" + "items" ], - "properties": { - "nanos": { - "description": "Non-negative fractions of a second at nanosecond resolution. Negative second values with fractions must still have non-negative nanos values that count forward in time. Must be from 0 to 999,999,999 inclusive. This field may be limited in precision depending on context.", - "type": "integer", - "format": "int32", - "default": 0 - }, - "seconds": { - "description": "Represents seconds of UTC time since Unix epoch 1970-01-01T00:00:00Z. Must be from 0001-01-01T00:00:00Z to 9999-12-31T23:59:59Z inclusive.", - "type": "integer", - "format": "int64", - "default": 0 - } - } - }, - "io.k8s.apimachinery.pkg.apis.meta.v1.TypeMeta": { - "description": "TypeMeta describes an individual object in an API response or request with strings representing the type of the object and its API schema version. Structures that are versioned or persisted should inline TypeMeta.", - "type": "object", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "description": "items is the list of identities", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.user.v1.Identity" + } + }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.apimachinery.pkg.apis.meta.v1.UpdateOptions": { - "description": "UpdateOptions may be provided when updating an API object. All fields in UpdateOptions should also be present in PatchOptions.", + "com.github.openshift.api.user.v1.User": { + "description": "Upon log in, every user of the system receives a User and Identity resource. Administrators may directly manipulate the attributes of the users for their own tracking, or set groups via the API. The user name is unique and is chosen based on the value provided by the identity provider - if a user already exists with the incoming name, the user name may have a number appended to it depending on the configuration of the system.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", + "required": [ + "groups" + ], "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, - "dryRun": { - "description": "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", + "fullName": { + "description": "fullName is the full name of user", + "type": "string" + }, + "groups": { + "description": "groups specifies group names this user is a member of. This field is deprecated and will be removed in a future release. Instead, create a Group object containing the name of this User.", "type": "array", "items": { "type": "string", "default": "" - }, - "x-kubernetes-list-type": "atomic" - }, - "fieldManager": { - "description": "fieldManager is a name associated with the actor or entity that is making these changes. The value must be less than or 128 characters long, and only contain printable characters, as defined by https://golang.org/pkg/unicode/#IsPrint.", - "type": "string" + } }, - "fieldValidation": { - "description": "fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered.", - "type": "string" + "identities": { + "description": "identities are the identities associated with this user", + "type": "array", + "items": { + "type": "string", + "default": "" + } }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" - } - } - }, - "io.k8s.apimachinery.pkg.apis.meta.v1.WatchEvent": { - "description": "Event represents a single event to a watched resource.", - "type": "object", - "required": [ - "type", - "object" - ], - "properties": { - "object": { - "description": "Object is:\n * If Type is Added or Modified: the new state of the object.\n * If Type is Deleted: the state of the object immediately before deletion.\n * If Type is Error: *Status is recommended; other types may make sense\n depending on context.", - "$ref": "#/definitions/io.k8s.apimachinery.pkg.runtime.RawExtension" }, - "type": { - "type": "string", - "default": "" + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } }, - "io.k8s.apimachinery.pkg.runtime.RawExtension": { - "description": "RawExtension is used to hold extensions in external versions.\n\nTo use this, make a field which has RawExtension as its type in your external, versioned struct, and Object in your internal struct. You also need to register your various plugin types.\n\n// Internal package:\n\n\ttype MyAPIObject struct {\n\t\truntime.TypeMeta `json:\",inline\"`\n\t\tMyPlugin runtime.Object `json:\"myPlugin\"`\n\t}\n\n\ttype PluginA struct {\n\t\tAOption string `json:\"aOption\"`\n\t}\n\n// External package:\n\n\ttype MyAPIObject struct {\n\t\truntime.TypeMeta `json:\",inline\"`\n\t\tMyPlugin runtime.RawExtension `json:\"myPlugin\"`\n\t}\n\n\ttype PluginA struct {\n\t\tAOption string `json:\"aOption\"`\n\t}\n\n// On the wire, the JSON will look something like this:\n\n\t{\n\t\t\"kind\":\"MyAPIObject\",\n\t\t\"apiVersion\":\"v1\",\n\t\t\"myPlugin\": {\n\t\t\t\"kind\":\"PluginA\",\n\t\t\t\"aOption\":\"foo\",\n\t\t},\n\t}\n\nSo what happens? Decode first uses json or yaml to unmarshal the serialized data into your external MyAPIObject. That causes the raw JSON to be stored, but not unpacked. The next step is to copy (using pkg/conversion) into the internal struct. The runtime package's DefaultScheme has conversion functions installed which will unpack the JSON stored in RawExtension, turning it into the correct object type, and storing it in the Object. (TODO: In the case where the object is of an unknown type, a runtime.Unknown object will be created and stored.)", - "type": "object" - }, - "io.k8s.apimachinery.pkg.runtime.TypeMeta": { - "description": "TypeMeta is shared by all top level objects. The proper way to use it is to inline it in your type, like this:\n\n\ttype MyAwesomeAPIObject struct {\n\t runtime.TypeMeta `json:\",inline\"`\n\t ... // other fields\n\t}\n\nfunc (obj *MyAwesomeAPIObject) SetGroupVersionKind(gvk *metav1.GroupVersionKind) { metav1.UpdateTypeMeta(obj,gvk) }; GroupVersionKind() *GroupVersionKind\n\nTypeMeta is provided here for convenience. You may use it directly from this package or define your own with the same fields.", + "com.github.openshift.api.user.v1.UserIdentityMapping": { + "description": "UserIdentityMapping maps a user to an identity\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "properties": { "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "identity": { + "description": "identity is a reference to an identity", + "default": {}, + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" + }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ObjectMeta.v1.meta.apis.pkg.apimachinery.k8s.io" + }, + "user": { + "description": "user is a reference to a user", + "default": {}, + "$ref": "#/definitions/ObjectReference.v1.core.api.k8s.io" } } }, - "io.k8s.apimachinery.pkg.runtime.Unknown": { - "description": "Unknown allows api objects with unknown types to be passed-through. This can be used to deal with the API objects from a plug-in. Unknown objects still have functioning TypeMeta features-- kind, version, etc. metadata and field mutatation.", + "com.github.openshift.api.user.v1.UserList": { + "description": "UserList is a collection of Users\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", "required": [ - "ContentEncoding", - "ContentType" + "items" ], "properties": { - "ContentEncoding": { - "description": "ContentEncoding is encoding used to encode 'Raw' data. Unspecified means no encoding.", - "type": "string", - "default": "" - }, - "ContentType": { - "description": "ContentType is serialization method used to serialize 'Raw'. Unspecified means ContentTypeJSON.", - "type": "string", - "default": "" - }, "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, + "items": { + "description": "items is the list of users", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.user.v1.User" + } + }, "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/ListMeta.v1.meta.apis.pkg.apimachinery.k8s.io" } } - }, - "io.k8s.apimachinery.pkg.util.intstr.IntOrString": { - "description": "IntOrString is a type that can hold an int32 or a string. When used in JSON or YAML marshalling and unmarshalling, it produces or consumes the inner type. This allows you to have, for example, a JSON field that can accept a name or number.", - "type": "string", - "format": "int-or-string" } } } diff --git a/operator/v1/tests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml b/operator/v1/tests/ingresscontrollers.operator.openshift.io/TLSGroupPreferences.yaml similarity index 91% rename from operator/v1/tests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml rename to operator/v1/tests/ingresscontrollers.operator.openshift.io/TLSGroupPreferences.yaml index 1989779f31b..dde220557ef 100644 --- a/operator/v1/tests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml +++ b/operator/v1/tests/ingresscontrollers.operator.openshift.io/TLSGroupPreferences.yaml @@ -2,10 +2,10 @@ apiVersion: apiextensions.k8s.io/v1 name: "IngressController" crdName: ingresscontrollers.operator.openshift.io featureGates: - - TLSCurvePreferences + - TLSGroupPreferences tests: onCreate: - - name: Should be able to create with Custom TLS profile and curves + - name: Should be able to create with Custom TLS profile and groups initial: | apiVersion: operator.openshift.io/v1 kind: IngressController @@ -20,7 +20,7 @@ tests: ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - curves: + groups: - X25519 - secp256r1 expected: | @@ -40,7 +40,7 @@ tests: ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - curves: + groups: - X25519 - secp256r1 - name: Should be able to create with all supported curves @@ -57,7 +57,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - X25519 - secp256r1 - secp384r1 @@ -79,7 +79,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - X25519 - secp256r1 - secp384r1 @@ -99,9 +99,9 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: [] - expectedError: "spec.tlsSecurityProfile.custom.curves in body should have at least 1 items" - - name: Should be able to create with Custom TLS profile and curves omitted + groups: [] + expectedError: "spec.tlsSecurityProfile.custom.groups in body should have at least 1 items" + - name: Should be able to create with Custom TLS profile and groups omitted initial: | apiVersion: operator.openshift.io/v1 kind: IngressController @@ -131,7 +131,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - - name: Should be able to create with Custom TLS profile VersionTLS10 and curves + - name: Should be able to create with Custom TLS profile VersionTLS10 and groups initial: | apiVersion: operator.openshift.io/v1 kind: IngressController @@ -145,7 +145,7 @@ tests: minTLSVersion: VersionTLS10 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - secp256r1 - secp384r1 expected: | @@ -164,10 +164,10 @@ tests: minTLSVersion: VersionTLS10 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - secp256r1 - secp384r1 - - name: Should be able to create with Custom TLS profile VersionTLS11 and curves + - name: Should be able to create with Custom TLS profile VersionTLS11 and groups initial: | apiVersion: operator.openshift.io/v1 kind: IngressController @@ -181,7 +181,7 @@ tests: minTLSVersion: VersionTLS11 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - secp384r1 expected: | apiVersion: operator.openshift.io/v1 @@ -199,9 +199,9 @@ tests: minTLSVersion: VersionTLS11 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - secp384r1 - - name: Should fail to create with more than 5 curves + - name: Should fail to create with more than 5 groups initial: | apiVersion: operator.openshift.io/v1 kind: IngressController @@ -215,15 +215,15 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - X25519 - secp256r1 - secp384r1 - secp521r1 - X25519MLKEM768 - X25519 - expectedError: "spec.tlsSecurityProfile.custom.curves: Too many: 6: must have at most 5 items" - - name: Should fail to create with invalid curve value + expectedError: "spec.tlsSecurityProfile.custom.groups: Too many: 6: must have at most 5 items" + - name: Should fail to create with invalid group value initial: | apiVersion: operator.openshift.io/v1 kind: IngressController @@ -237,11 +237,11 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - InvalidCurve - expectedError: "spec.tlsSecurityProfile.custom.curves[0]: Unsupported value: \"InvalidCurve\": supported values: \"X25519\", \"secp256r1\", \"secp384r1\", \"secp521r1\", \"X25519MLKEM768\"" + expectedError: "spec.tlsSecurityProfile.custom.groups[0]: Unsupported value: \"InvalidCurve\": supported values: \"X25519\", \"secp256r1\", \"secp384r1\", \"secp521r1\", \"X25519MLKEM768\"" onUpdate: - - name: Should be able to add curves to existing Custom TLS profile + - name: Should be able to add groups to existing Custom TLS profile initial: | apiVersion: operator.openshift.io/v1 kind: IngressController @@ -271,7 +271,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - X25519 - secp256r1 expected: | @@ -290,10 +290,10 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - X25519 - secp256r1 - - name: Should be able to update curves in existing Custom TLS profile + - name: Should be able to update groups in existing Custom TLS profile initial: | apiVersion: operator.openshift.io/v1 kind: IngressController @@ -307,7 +307,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - X25519 updated: | apiVersion: operator.openshift.io/v1 @@ -325,7 +325,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - secp256r1 - secp384r1 expected: | @@ -344,10 +344,10 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - secp256r1 - secp384r1 - - name: Should be able to remove curves field from existing Custom TLS profile + - name: Should be able to remove groups field from existing Custom TLS profile initial: | apiVersion: operator.openshift.io/v1 kind: IngressController @@ -361,7 +361,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - X25519 - secp256r1 updated: | @@ -396,7 +396,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - - name: Should fail to remove all curves from existing Custom TLS profile + - name: Should fail to remove all groups from existing Custom TLS profile initial: | apiVersion: operator.openshift.io/v1 kind: IngressController @@ -410,7 +410,7 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: + groups: - X25519 - secp256r1 updated: | @@ -429,5 +429,5 @@ tests: minTLSVersion: VersionTLS12 ciphers: - TLS_AES_128_GCM_SHA256 - curves: [] - expectedError: "spec.tlsSecurityProfile.custom.curves in body should have at least 1 items" + groups: [] + expectedError: "spec.tlsSecurityProfile.custom.groups in body should have at least 1 items" diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml index 3b63c340eba..ef1629adf4c 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-CustomNoUpgrade.crd.yaml @@ -1995,7 +1995,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -2022,27 +2022,30 @@ spec: type: string type: array x-kubernetes-list-type: atomic - curves: + groups: description: |- - curves is an optional field used to specify the elliptic curves that are used during - the TLS handshake. Operators may remove entries their operands do - not support. + groups is an optional field used to specify the supported groups (formerly known as + elliptic curves) that are used during the TLS handshake. Operators may remove entries + their operands do not support. When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve and each curve must be unique. + libraries they use. If specified, the list must contain at least one and at most 5 groups, + and each group must be unique. For example, to use X25519 and secp256r1 (yaml): - curves: + groups: - X25519 - secp256r1 items: description: |- - TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. - There is a one-to-one mapping between these names and the curve IDs defined - in crypto/tls package based on IANA's "TLS Supported Groups" registry: + TLSGroup is a supported group identifier that can be used in TLSProfile.Groups. + There is a one-to-one mapping between these names and the group IDs defined + in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + Note that X25519MLKEM768 is a post-quantum hybrid group that is not + FIPS-approved and should be ignored by components running in FIPS mode. enum: - X25519 - secp256r1 @@ -2074,7 +2077,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -2095,7 +2098,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -2110,7 +2113,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -2144,10 +2147,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -3328,27 +3337,30 @@ spec: type: string type: array x-kubernetes-list-type: atomic - curves: + groups: description: |- - curves is an optional field used to specify the elliptic curves that are used during - the TLS handshake. Operators may remove entries their operands do - not support. + groups is an optional field used to specify the supported groups (formerly known as + elliptic curves) that are used during the TLS handshake. Operators may remove entries + their operands do not support. When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve and each curve must be unique. + libraries they use. If specified, the list must contain at least one and at most 5 groups, + and each group must be unique. For example, to use X25519 and secp256r1 (yaml): - curves: + groups: - X25519 - secp256r1 items: description: |- - TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. - There is a one-to-one mapping between these names and the curve IDs defined - in crypto/tls package based on IANA's "TLS Supported Groups" registry: + TLSGroup is a supported group identifier that can be used in TLSProfile.Groups. + There is a one-to-one mapping between these names and the group IDs defined + in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + Note that X25519MLKEM768 is a post-quantum hybrid group that is not + FIPS-approved and should be ignored by components running in FIPS mode. enum: - X25519 - secp256r1 diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml index 026d2dcd509..ebc6598c6bb 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-Default.crd.yaml @@ -1995,7 +1995,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -2042,7 +2042,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -2063,7 +2063,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -2078,7 +2078,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -2112,10 +2112,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml index 4ffe3b4603d..d12a83dbbfe 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-DevPreviewNoUpgrade.crd.yaml @@ -1995,7 +1995,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -2022,27 +2022,30 @@ spec: type: string type: array x-kubernetes-list-type: atomic - curves: + groups: description: |- - curves is an optional field used to specify the elliptic curves that are used during - the TLS handshake. Operators may remove entries their operands do - not support. + groups is an optional field used to specify the supported groups (formerly known as + elliptic curves) that are used during the TLS handshake. Operators may remove entries + their operands do not support. When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve and each curve must be unique. + libraries they use. If specified, the list must contain at least one and at most 5 groups, + and each group must be unique. For example, to use X25519 and secp256r1 (yaml): - curves: + groups: - X25519 - secp256r1 items: description: |- - TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. - There is a one-to-one mapping between these names and the curve IDs defined - in crypto/tls package based on IANA's "TLS Supported Groups" registry: + TLSGroup is a supported group identifier that can be used in TLSProfile.Groups. + There is a one-to-one mapping between these names and the group IDs defined + in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + Note that X25519MLKEM768 is a post-quantum hybrid group that is not + FIPS-approved and should be ignored by components running in FIPS mode. enum: - X25519 - secp256r1 @@ -2074,7 +2077,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -2095,7 +2098,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -2110,7 +2113,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -2144,10 +2147,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -3328,27 +3337,30 @@ spec: type: string type: array x-kubernetes-list-type: atomic - curves: + groups: description: |- - curves is an optional field used to specify the elliptic curves that are used during - the TLS handshake. Operators may remove entries their operands do - not support. + groups is an optional field used to specify the supported groups (formerly known as + elliptic curves) that are used during the TLS handshake. Operators may remove entries + their operands do not support. When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve and each curve must be unique. + libraries they use. If specified, the list must contain at least one and at most 5 groups, + and each group must be unique. For example, to use X25519 and secp256r1 (yaml): - curves: + groups: - X25519 - secp256r1 items: description: |- - TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. - There is a one-to-one mapping between these names and the curve IDs defined - in crypto/tls package based on IANA's "TLS Supported Groups" registry: + TLSGroup is a supported group identifier that can be used in TLSProfile.Groups. + There is a one-to-one mapping between these names and the group IDs defined + in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + Note that X25519MLKEM768 is a post-quantum hybrid group that is not + FIPS-approved and should be ignored by components running in FIPS mode. enum: - X25519 - secp256r1 diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml index fca028a1de7..7b4cd838322 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-OKD.crd.yaml @@ -1995,7 +1995,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -2042,7 +2042,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -2063,7 +2063,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -2078,7 +2078,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -2112,10 +2112,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml index 382b4e815ef..aad63596d09 100644 --- a/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml +++ b/operator/v1/zz_generated.crd-manifests/0000_50_ingress_00_ingresscontrollers-TechPreviewNoUpgrade.crd.yaml @@ -1995,7 +1995,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -2022,27 +2022,30 @@ spec: type: string type: array x-kubernetes-list-type: atomic - curves: + groups: description: |- - curves is an optional field used to specify the elliptic curves that are used during - the TLS handshake. Operators may remove entries their operands do - not support. + groups is an optional field used to specify the supported groups (formerly known as + elliptic curves) that are used during the TLS handshake. Operators may remove entries + their operands do not support. When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve and each curve must be unique. + libraries they use. If specified, the list must contain at least one and at most 5 groups, + and each group must be unique. For example, to use X25519 and secp256r1 (yaml): - curves: + groups: - X25519 - secp256r1 items: description: |- - TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. - There is a one-to-one mapping between these names and the curve IDs defined - in crypto/tls package based on IANA's "TLS Supported Groups" registry: + TLSGroup is a supported group identifier that can be used in TLSProfile.Groups. + There is a one-to-one mapping between these names and the group IDs defined + in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + Note that X25519MLKEM768 is a post-quantum hybrid group that is not + FIPS-approved and should be ignored by components running in FIPS mode. enum: - X25519 - secp256r1 @@ -2074,7 +2077,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -2095,7 +2098,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -2110,7 +2113,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -2144,10 +2147,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -3328,27 +3337,30 @@ spec: type: string type: array x-kubernetes-list-type: atomic - curves: + groups: description: |- - curves is an optional field used to specify the elliptic curves that are used during - the TLS handshake. Operators may remove entries their operands do - not support. + groups is an optional field used to specify the supported groups (formerly known as + elliptic curves) that are used during the TLS handshake. Operators may remove entries + their operands do not support. When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve and each curve must be unique. + libraries they use. If specified, the list must contain at least one and at most 5 groups, + and each group must be unique. For example, to use X25519 and secp256r1 (yaml): - curves: + groups: - X25519 - secp256r1 items: description: |- - TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. - There is a one-to-one mapping between these names and the curve IDs defined - in crypto/tls package based on IANA's "TLS Supported Groups" registry: + TLSGroup is a supported group identifier that can be used in TLSProfile.Groups. + There is a one-to-one mapping between these names and the group IDs defined + in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + Note that X25519MLKEM768 is a post-quantum hybrid group that is not + FIPS-approved and should be ignored by components running in FIPS mode. enum: - X25519 - secp256r1 diff --git a/operator/v1/zz_generated.featuregated-crd-manifests.yaml b/operator/v1/zz_generated.featuregated-crd-manifests.yaml index 595040b2c65..29b4d13d025 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests.yaml @@ -178,7 +178,7 @@ ingresscontrollers.operator.openshift.io: Category: "" FeatureGates: - IngressControllerDynamicConfigurationManager - - TLSCurvePreferences + - TLSGroupPreferences FilenameOperatorName: ingress FilenameOperatorOrdering: "00" FilenameRunLevel: "0000_50" diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml index 6d54a080b9a..f0ee79d25bc 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/AAA_ungated.yaml @@ -1988,7 +1988,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -2035,7 +2035,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -2056,7 +2056,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -2071,7 +2071,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -2105,10 +2105,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/IngressControllerDynamicConfigurationManager.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/IngressControllerDynamicConfigurationManager.yaml index 3effd754604..b92f99fe081 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/IngressControllerDynamicConfigurationManager.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/IngressControllerDynamicConfigurationManager.yaml @@ -1988,7 +1988,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -2035,7 +2035,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -2056,7 +2056,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -2071,7 +2071,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -2105,10 +2105,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/TLSGroupPreferences.yaml similarity index 98% rename from operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml rename to operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/TLSGroupPreferences.yaml index e322f9f1aa8..8149ad71dc2 100644 --- a/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/TLSCurvePreferences.yaml +++ b/operator/v1/zz_generated.featuregated-crd-manifests/ingresscontrollers.operator.openshift.io/TLSGroupPreferences.yaml @@ -7,7 +7,7 @@ metadata: api.openshift.io/filename-operator: ingress api.openshift.io/filename-ordering: "00" capability.openshift.io/name: Ingress - feature-gate.release.openshift.io/TLSCurvePreferences: "true" + feature-gate.release.openshift.io/TLSGroupPreferences: "true" name: ingresscontrollers.operator.openshift.io spec: group: operator.openshift.io @@ -1988,7 +1988,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -2015,27 +2015,30 @@ spec: type: string type: array x-kubernetes-list-type: atomic - curves: + groups: description: |- - curves is an optional field used to specify the elliptic curves that are used during - the TLS handshake. Operators may remove entries their operands do - not support. + groups is an optional field used to specify the supported groups (formerly known as + elliptic curves) that are used during the TLS handshake. Operators may remove entries + their operands do not support. When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve and each curve must be unique. + libraries they use. If specified, the list must contain at least one and at most 5 groups, + and each group must be unique. For example, to use X25519 and secp256r1 (yaml): - curves: + groups: - X25519 - secp256r1 items: description: |- - TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. - There is a one-to-one mapping between these names and the curve IDs defined - in crypto/tls package based on IANA's "TLS Supported Groups" registry: + TLSGroup is a supported group identifier that can be used in TLSProfile.Groups. + There is a one-to-one mapping between these names and the group IDs defined + in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + Note that X25519MLKEM768 is a post-quantum hybrid group that is not + FIPS-approved and should be ignored by components running in FIPS mode. enum: - X25519 - secp256r1 @@ -2067,7 +2070,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -2088,7 +2091,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -2103,7 +2106,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -2137,10 +2140,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on @@ -3279,27 +3288,30 @@ spec: type: string type: array x-kubernetes-list-type: atomic - curves: + groups: description: |- - curves is an optional field used to specify the elliptic curves that are used during - the TLS handshake. Operators may remove entries their operands do - not support. + groups is an optional field used to specify the supported groups (formerly known as + elliptic curves) that are used during the TLS handshake. Operators may remove entries + their operands do not support. When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve and each curve must be unique. + libraries they use. If specified, the list must contain at least one and at most 5 groups, + and each group must be unique. For example, to use X25519 and secp256r1 (yaml): - curves: + groups: - X25519 - secp256r1 items: description: |- - TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. - There is a one-to-one mapping between these names and the curve IDs defined - in crypto/tls package based on IANA's "TLS Supported Groups" registry: + TLSGroup is a supported group identifier that can be used in TLSProfile.Groups. + There is a one-to-one mapping between these names and the group IDs defined + in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + Note that X25519MLKEM768 is a post-quantum hybrid group that is not + FIPS-approved and should be ignored by components running in FIPS mode. enum: - X25519 - secp256r1 diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml index c14e3c36855..de240a9a7c7 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml @@ -340,7 +340,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -367,27 +367,30 @@ spec: type: string type: array x-kubernetes-list-type: atomic - curves: + groups: description: |- - curves is an optional field used to specify the elliptic curves that are used during - the TLS handshake. Operators may remove entries their operands do - not support. + groups is an optional field used to specify the supported groups (formerly known as + elliptic curves) that are used during the TLS handshake. Operators may remove entries + their operands do not support. When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve and each curve must be unique. + libraries they use. If specified, the list must contain at least one and at most 5 groups, + and each group must be unique. For example, to use X25519 and secp256r1 (yaml): - curves: + groups: - X25519 - secp256r1 items: description: |- - TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. - There is a one-to-one mapping between these names and the curve IDs defined - in crypto/tls package based on IANA's "TLS Supported Groups" registry: + TLSGroup is a supported group identifier that can be used in TLSProfile.Groups. + There is a one-to-one mapping between these names and the group IDs defined + in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + Note that X25519MLKEM768 is a post-quantum hybrid group that is not + FIPS-approved and should be ignored by components running in FIPS mode. enum: - X25519 - secp256r1 @@ -419,7 +422,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -440,7 +443,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -455,7 +458,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -489,10 +492,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-Default.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-Default.crd.yaml index a85382e5d90..353ccf696b7 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-Default.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-Default.crd.yaml @@ -235,7 +235,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -282,7 +282,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -303,7 +303,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -318,7 +318,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -352,10 +352,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml index 725b2c66f68..df8e29089c6 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml @@ -340,7 +340,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -367,27 +367,30 @@ spec: type: string type: array x-kubernetes-list-type: atomic - curves: + groups: description: |- - curves is an optional field used to specify the elliptic curves that are used during - the TLS handshake. Operators may remove entries their operands do - not support. + groups is an optional field used to specify the supported groups (formerly known as + elliptic curves) that are used during the TLS handshake. Operators may remove entries + their operands do not support. When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve and each curve must be unique. + libraries they use. If specified, the list must contain at least one and at most 5 groups, + and each group must be unique. For example, to use X25519 and secp256r1 (yaml): - curves: + groups: - X25519 - secp256r1 items: description: |- - TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. - There is a one-to-one mapping between these names and the curve IDs defined - in crypto/tls package based on IANA's "TLS Supported Groups" registry: + TLSGroup is a supported group identifier that can be used in TLSProfile.Groups. + There is a one-to-one mapping between these names and the group IDs defined + in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + Note that X25519MLKEM768 is a post-quantum hybrid group that is not + FIPS-approved and should be ignored by components running in FIPS mode. enum: - X25519 - secp256r1 @@ -419,7 +422,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -440,7 +443,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -455,7 +458,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -489,10 +492,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-OKD.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-OKD.crd.yaml index 653497138c1..7ab7d3048ef 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-OKD.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-OKD.crd.yaml @@ -235,7 +235,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -282,7 +282,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -303,7 +303,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -318,7 +318,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -352,10 +352,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml index 33c7fa21e73..b493edb8e12 100644 --- a/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_10_config-operator_01_apiservers-TechPreviewNoUpgrade.crd.yaml @@ -272,7 +272,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -299,27 +299,30 @@ spec: type: string type: array x-kubernetes-list-type: atomic - curves: + groups: description: |- - curves is an optional field used to specify the elliptic curves that are used during - the TLS handshake. Operators may remove entries their operands do - not support. + groups is an optional field used to specify the supported groups (formerly known as + elliptic curves) that are used during the TLS handshake. Operators may remove entries + their operands do not support. When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve and each curve must be unique. + libraries they use. If specified, the list must contain at least one and at most 5 groups, + and each group must be unique. For example, to use X25519 and secp256r1 (yaml): - curves: + groups: - X25519 - secp256r1 items: description: |- - TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. - There is a one-to-one mapping between these names and the curve IDs defined - in crypto/tls package based on IANA's "TLS Supported Groups" registry: + TLSGroup is a supported group identifier that can be used in TLSProfile.Groups. + There is a one-to-one mapping between these names and the group IDs defined + in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + Note that X25519MLKEM768 is a post-quantum hybrid group that is not + FIPS-approved and should be ignored by components running in FIPS mode. enum: - X25519 - secp256r1 @@ -351,7 +354,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -372,7 +375,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -387,7 +390,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -421,10 +424,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml index 38d52fa9233..faac613f6e1 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-CustomNoUpgrade.crd.yaml @@ -134,7 +134,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -161,27 +161,30 @@ spec: type: string type: array x-kubernetes-list-type: atomic - curves: + groups: description: |- - curves is an optional field used to specify the elliptic curves that are used during - the TLS handshake. Operators may remove entries their operands do - not support. + groups is an optional field used to specify the supported groups (formerly known as + elliptic curves) that are used during the TLS handshake. Operators may remove entries + their operands do not support. When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve and each curve must be unique. + libraries they use. If specified, the list must contain at least one and at most 5 groups, + and each group must be unique. For example, to use X25519 and secp256r1 (yaml): - curves: + groups: - X25519 - secp256r1 items: description: |- - TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. - There is a one-to-one mapping between these names and the curve IDs defined - in crypto/tls package based on IANA's "TLS Supported Groups" registry: + TLSGroup is a supported group identifier that can be used in TLSProfile.Groups. + There is a one-to-one mapping between these names and the group IDs defined + in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + Note that X25519MLKEM768 is a post-quantum hybrid group that is not + FIPS-approved and should be ignored by components running in FIPS mode. enum: - X25519 - secp256r1 @@ -213,7 +216,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -234,7 +237,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -249,7 +252,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -283,10 +286,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml index 26c7c533e16..7e3c236bcd9 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-Default.crd.yaml @@ -134,7 +134,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -181,7 +181,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -202,7 +202,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -217,7 +217,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -251,10 +251,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml index ec26eef6462..7a0c49b6850 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-DevPreviewNoUpgrade.crd.yaml @@ -134,7 +134,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -161,27 +161,30 @@ spec: type: string type: array x-kubernetes-list-type: atomic - curves: + groups: description: |- - curves is an optional field used to specify the elliptic curves that are used during - the TLS handshake. Operators may remove entries their operands do - not support. + groups is an optional field used to specify the supported groups (formerly known as + elliptic curves) that are used during the TLS handshake. Operators may remove entries + their operands do not support. When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve and each curve must be unique. + libraries they use. If specified, the list must contain at least one and at most 5 groups, + and each group must be unique. For example, to use X25519 and secp256r1 (yaml): - curves: + groups: - X25519 - secp256r1 items: description: |- - TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. - There is a one-to-one mapping between these names and the curve IDs defined - in crypto/tls package based on IANA's "TLS Supported Groups" registry: + TLSGroup is a supported group identifier that can be used in TLSProfile.Groups. + There is a one-to-one mapping between these names and the group IDs defined + in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + Note that X25519MLKEM768 is a post-quantum hybrid group that is not + FIPS-approved and should be ignored by components running in FIPS mode. enum: - X25519 - secp256r1 @@ -213,7 +216,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -234,7 +237,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -249,7 +252,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -283,10 +286,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml index f061015c4f5..361d67727ef 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-OKD.crd.yaml @@ -134,7 +134,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -181,7 +181,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -202,7 +202,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -217,7 +217,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -251,10 +251,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml index d1a389124fc..5be28e37579 100644 --- a/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml +++ b/payload-manifests/crds/0000_80_machine-config_01_kubeletconfigs-TechPreviewNoUpgrade.crd.yaml @@ -134,7 +134,7 @@ spec: custom is a user-defined TLS security profile. Be extremely careful using a custom profile as invalid configurations can be catastrophic. - The curve list for this profile is empty by default. + The supported groups list for this profile is empty by default. An example custom profile looks like this: @@ -161,27 +161,30 @@ spec: type: string type: array x-kubernetes-list-type: atomic - curves: + groups: description: |- - curves is an optional field used to specify the elliptic curves that are used during - the TLS handshake. Operators may remove entries their operands do - not support. + groups is an optional field used to specify the supported groups (formerly known as + elliptic curves) that are used during the TLS handshake. Operators may remove entries + their operands do not support. When omitted, this means no opinion and the platform is left to choose reasonable defaults which are subject to change over time and may be different per platform component depending on the underlying TLS - libraries they use. If specified, the list must contain at least one curve and each curve must be unique. + libraries they use. If specified, the list must contain at least one and at most 5 groups, + and each group must be unique. For example, to use X25519 and secp256r1 (yaml): - curves: + groups: - X25519 - secp256r1 items: description: |- - TLSCurve is a named curve identifier that can be used in TLSProfile.Curves. - There is a one-to-one mapping between these names and the curve IDs defined - in crypto/tls package based on IANA's "TLS Supported Groups" registry: + TLSGroup is a supported group identifier that can be used in TLSProfile.Groups. + There is a one-to-one mapping between these names and the group IDs defined + in Go's crypto/tls package based on IANA's "TLS Supported Groups" registry: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 + Note that X25519MLKEM768 is a post-quantum hybrid group that is not + FIPS-approved and should be ignored by components running in FIPS mode. enum: - X25519 - secp256r1 @@ -213,7 +216,7 @@ spec: legacy clients and want to remain highly secure while being compatible with most clients currently in use. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -234,7 +237,7 @@ spec: description: |- modern is a TLS security profile for use with clients that support TLS 1.3 and do not need backward compatibility for older clients. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: minTLSVersion: VersionTLS13 @@ -249,7 +252,7 @@ spec: old is a TLS profile for use when services need to be accessed by very old clients or libraries and should be used only as a last resort. - The curve list includes by default the following curves: + The supported groups list includes by default the following groups: X25519, secp256r1, secp384r1, X25519MLKEM768. This profile is equivalent to a Custom profile specified as: @@ -283,10 +286,16 @@ spec: type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. - The profiles are based on version 5.7 of the Mozilla Server Side TLS - configuration guidelines. The cipher lists consist of the configuration's - "ciphersuites" followed by the Go-specific "ciphers" from the guidelines. - See: https://ssl-config.mozilla.org/guidelines/5.7.json + The cipher lists in these profiles are based on version 5.7 of the Mozilla + Server Side TLS configuration guidelines. The cipher lists consist of the + configuration's "ciphersuites" followed by the Go-specific "ciphers" from the + guidelines. See: https://ssl-config.mozilla.org/guidelines/5.7.json + + The groups lists are based on Go's crypto/tls default curve preferences + (Go 1.24+), which include post-quantum hybrid group X25519MLKEM768. + Note that X25519MLKEM768 is not FIPS-approved and should be ignored by + components running in FIPS mode. + See: https://pkg.go.dev/crypto/tls#CurveID The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on diff --git a/payload-manifests/featuregates/featureGate-4-10-Hypershift-Default.yaml b/payload-manifests/featuregates/featureGate-4-10-Hypershift-Default.yaml index e6c281d85dd..2ce27b8df77 100644 --- a/payload-manifests/featuregates/featureGate-4-10-Hypershift-Default.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-Hypershift-Default.yaml @@ -279,7 +279,7 @@ "name": "TLSAdherence" }, { - "name": "TLSCurvePreferences" + "name": "TLSGroupPreferences" }, { "name": "VSphereConfigurableMaxAllowedBlockVolumesPerNode" diff --git a/payload-manifests/featuregates/featureGate-4-10-Hypershift-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-4-10-Hypershift-DevPreviewNoUpgrade.yaml index 124301fa466..123098ef239 100644 --- a/payload-manifests/featuregates/featureGate-4-10-Hypershift-DevPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-Hypershift-DevPreviewNoUpgrade.yaml @@ -349,7 +349,7 @@ "name": "TLSAdherence" }, { - "name": "TLSCurvePreferences" + "name": "TLSGroupPreferences" }, { "name": "UpgradeStatus" diff --git a/payload-manifests/featuregates/featureGate-4-10-Hypershift-OKD.yaml b/payload-manifests/featuregates/featureGate-4-10-Hypershift-OKD.yaml index ee73bc206ba..e53a65307ba 100644 --- a/payload-manifests/featuregates/featureGate-4-10-Hypershift-OKD.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-Hypershift-OKD.yaml @@ -281,7 +281,7 @@ "name": "TLSAdherence" }, { - "name": "TLSCurvePreferences" + "name": "TLSGroupPreferences" }, { "name": "VSphereConfigurableMaxAllowedBlockVolumesPerNode" diff --git a/payload-manifests/featuregates/featureGate-4-10-Hypershift-TechPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-4-10-Hypershift-TechPreviewNoUpgrade.yaml index eba3c4913ac..35e4d54be57 100644 --- a/payload-manifests/featuregates/featureGate-4-10-Hypershift-TechPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-Hypershift-TechPreviewNoUpgrade.yaml @@ -352,7 +352,7 @@ "name": "TLSAdherence" }, { - "name": "TLSCurvePreferences" + "name": "TLSGroupPreferences" }, { "name": "UpgradeStatus" diff --git a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-Default.yaml b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-Default.yaml index e8c320db000..49b7afdebd1 100644 --- a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-Default.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-Default.yaml @@ -273,7 +273,7 @@ "name": "TLSAdherence" }, { - "name": "TLSCurvePreferences" + "name": "TLSGroupPreferences" }, { "name": "VSphereConfigurableMaxAllowedBlockVolumesPerNode" diff --git a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-DevPreviewNoUpgrade.yaml index f5bad134891..679776e6aeb 100644 --- a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-DevPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-DevPreviewNoUpgrade.yaml @@ -349,7 +349,7 @@ "name": "TLSAdherence" }, { - "name": "TLSCurvePreferences" + "name": "TLSGroupPreferences" }, { "name": "UpgradeStatus" diff --git a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-OKD.yaml b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-OKD.yaml index 7152f7a3771..b97b3fba543 100644 --- a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-OKD.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-OKD.yaml @@ -275,7 +275,7 @@ "name": "TLSAdherence" }, { - "name": "TLSCurvePreferences" + "name": "TLSGroupPreferences" }, { "name": "VSphereConfigurableMaxAllowedBlockVolumesPerNode" diff --git a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-TechPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-TechPreviewNoUpgrade.yaml index 1423f0f2279..ffd8e7ecb70 100644 --- a/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-TechPreviewNoUpgrade.yaml +++ b/payload-manifests/featuregates/featureGate-4-10-SelfManagedHA-TechPreviewNoUpgrade.yaml @@ -352,7 +352,7 @@ "name": "TLSAdherence" }, { - "name": "TLSCurvePreferences" + "name": "TLSGroupPreferences" }, { "name": "UpgradeStatus"